Documente Academic
Documente Profesional
Documente Cultură
Version 1.0
CONTENTS:
8. Interface Representation
20.1 Lab Exercise 1 : Configuring Source NAT using Egress interface Address
20.2 Lab Exercise 2 : Configuring Source NAT Translation pool
20.3 Lab Exercise 3 : Configuring Destination NAT pools
20.4 Lab Exercise 4 : Creating Destination NAT rule set
20.5 Lab Exercise 5 : Configuring Static NAT for single address translation
20.6 Lab Exercise 6 : Configuring Source NAT using multiple rules Lab Scenario-1
20.7 Lab Exercise 7 : Configuring Source NAT using multiple rules Lab Scenario-2
20.8 Lab Exercise 8 : Configuring Destination NAT using multiple rules
29.1. Lab Exercise 1 : Configuring guard-band and maximum power on PoE enabled
interface
29.2. Lab Exercise 2 : Configuring power management mode on PoE enabled
interface
29.3. Lab Exercise 3 : Disabling a PoE interface
29.4. Lab Exercise 4 : Setting power priority on all PoE enabled interfaces
31. Appendix
Main products offered by Juniper include T-Series, M-Series, E-Series, MX-Series, J-Series routers,
EX-Series Ethernet switches and SRX-Series Security products. JUNOS is the operating system that
runs on most of the juniper's networking equipment.
The routers are classified in to M-series, J-series, T-series, E-series, and MX-series based on the
functionality. Some frequently used models are given below:
2. Juniper M-Series routers are called Multiservice Edge routers designed for
enterprise and service provider networks.
3. Juniper T-Series routers are a series of core routers designed for high-end
and core networks with throughput from 320 Gbit/s to 25.6 Tbit/s with a max
forwarding rate of 30.7 billion pps.
Note: However, please note that we will be discussing only the J-series and some M-series
routers in this manual. Other products are beyond the scope of this manual.
The central principle of the Juniper Networks platform centers on a separation of the control and
forwarding planes within the router. These are Routing Engine and Packet Forwarding Engine as
shown below.
The Routing Engine is the central location for control of the system in a juniper networks
router and it consists of an Intel-based PCI platform running JUNOS software. The Routing
Engine constructs and maintains one or more routing tables. From the routing tables, the
Routing Engine derives a table of active routes, called the forwarding table, which is then
copied into the Packet Forwarding Engine.
The Packet Forwarding Engine is the central location for data packet forwarding through
the router. The main portions of the Packet Forwarding Engine are the following:
The switching control board contains a PowerPC CPU and 64MB of RAM that
operates the components of the circuit board itself, but doesn't participate in
packet forwarding. The Internet Processor ASIC is located on the control board
and accesses the forwarding table for route lookups.
The Flexible PIC Concentrators on a router house the PICs which connect the
router to network media and its main function is to connect the PICs installed in
it to the other router components.
The Flexible PIC Concentrator (FPC) connects to both the switching control
board and the router's interfaces within the Packet Forwarding Engine.
PIC is an interface card through which network cables carry data transmissions
to and from the network plug. A PIC installs into a FPC.
The Routing Engine consists of various components like Processor, DRAM, EPROM,
Crypto Accelerator Module, Compact Flash.
i. Processor
The processor runs JUNOS software to maintain the router's routing tables and
routing protocols and creates the packet forwarding switch fabric for the router.
ii. DRAM
DRAM buffers incoming packets and provides storage for the routing and
forwarding tables and for other Routing Engine processes
iii. EPROM
v. Compact Flash
J2320 and J2350 router can boot from the following given three devices.
J Series Services Routers running JUNOS Software provide stable, reliable, and efficient IP routing,
WAN and LAN connectivity, and management services for small to medium-sized enterprise networks.
The J-series juniper router runs Junos with MPLS, IP4/6, QOS, multicast, firewall and IPsec VPN.
J-series Services Routers support network interfaces for E1, E3, T1, T3, Fast Ethernet, serial, Point-to-
Point Protocol over Ethernet (PPPoE), and ISDN media.
PIMs provide the physical connection to various network media types. The PIM receives
incoming packets from the network and transmits outgoing packets to the network.
The power button can be used to power the service router on and off. The power LED
located at the upper left of the LED dashboard is green color when on and it can be in two
states. i. On steadily state which means power is functioning correctly ii. Blinking state
which means power button has been pressed and quickly released and the router is shutting
down.
Status LED
Status LED changes from off to blinking green when the system is powered on. It can be in
the following states
Alarm LED
The alarm LED lights can be either yellow or red. If yellow, indicates a minor condition
that requires monitoring or maintenance. If red, indicates major condition that can result in
a system shutdown.
HA LED
The High availability (HA) LED lights when the router starts but otherwise remains unlit
and this is mostly for future use.
This button is used to return the router to either the rescue configuration or the factory
default configuration.
Console Port
Through the console port, a RJ-45 serial cable can be used to connect to the routing engine
and the router can be configured using CLI from the chassis console port.
USB Port
The USB ports on the front panel of the router accept a USB storage device or USB storage
device adapter with a compact flash installed and can act as a secondary boot device if the
internal compact flash fails on startup.
ESD Point
The electrostatic discharge point located at the front of the chassis minimizes the risk of
electrical discharge in potentially hazardous environments.
There are two user interfaces to monitor, configure, troubleshoot and manage a service
router. They are JUNOS CLI and J-web Interface.
JUNOS CLI is a Juniper Networks Command Shell that runs on top of a UNIX-
Based OS Kernel. The CLI provides command help and command completion
and commands are executed when Enter key is pressed.
The CLI has two modes Operational mode and Configuration mode. The CLI
commands are organized hierarchically with commands that perform a similar
function grouped together under the same level.
1. Establish a connection with the services router 2. Log in using username and
password. After log in, enter a UNIX shell 3. Start the CLI
%cli
user@host>
5.4.1 PIM
uPIM is a particular type of PIM, such as the Gigabit Ethernet uPIM, which can
be universally inserted in any slot on a J2320, J2350, J4350, or J6350 Services
Router.
The difference is ePIM slots has PCI and PCI-X bus connection whereas PIM
slots only has PCI bus connection. A uPIM either uses the PCI or the PCI-X
bus depending on what slot the uPIM is installed in. Naturally better
performance is expected with ePIM slots.
ePIM is a particular type of high-speed PIM, such as the Gigabit Ethernet ePIM
or 4-port Fast Ethernet ePIM, which can be inserted only in high-speed slots
(slots 3 and 6 on a J4350 Services Router, or slots 2, 3, 5, and 6 on a J6350
Services Router).
J-Series routers accept PIMs and Avaya VoIP modules in the slots on the front of the
chassis.
Some of the supported PIMs include the following and are explained below
Avaya VoIP modules are controlled by the Avaya Communication Manager (CM) software
rather than the JUNOS software and are installed in the router chassis like PIMs.
Gigabit Ethernet uPIM can be inserted in any slot on J2320, J2350, J4350 and
J6350 service routers. High-speed slots are slots 3 and 6 on the J4350 router,
and slots 2, 3, 5, and 6 on the J6350 router.
1. J2320
The J2320 Services Router is primarily designed for remote and branch offices.
The J2320 routers are entry level service routers which gives up to 600 Mbps
throughput performance, has four built-in Gigabit Ethernet ports. It has three
PIM slots for additional LAN/WAN connectivity, Avaya VoIP Gateway, and
WAN acceleration. They are used for one or two broadband, T1, or E1
interfaces with integrated services.
2. J2350
The J2350 Services Router is primarily designed for branch offices. The J2350
router which has 4built-in Gigabit Ethernet ports gives up to 700 Mbps
performance. It gives five PIM slots. They are usually used for multiple
broadband, T1, or E1 interfaces with multiple integrated services
The J4350 Services Router is designed primarily for regional and branch
offices. The J4350 enterprise router gives up to 1Gbps in performance. They
are usually used for DS3, E3, and Metro Ethernet interfaces with integrated
services. It has six PIM slots. Two of these slots are enhanced-performance
slots that provide additional performance to multiple Gigabit Ethernet
configurations.
4. J6350
The J6350 Services Router is designed primarily for regional and central
offices. The J6350 gives up to 2 Gbps in performance. It has six PIM slots for
additional LAN/WAN connectivity, Avaya VoIP Gateway, and WAN
acceleration. These routers have optional redundant power supplies for high
system availability. The J6350 Services Router is a higher-performance system
than the J4350 Services Router.
The Juniper Networks M Series is a family of high-performance, multiservice edge routers, with
advanced routing features that delivers exceptional flexibility and reliability over a wide range of
connectivity options without compromise.
Designed for high-performance service providers and enterprises, the M7i, M10i, M120, and M320 can
be deployed in the small and medium core, multiservice edge, collapsed POP routing, peering, route
reflector, campus or WAN gateway applications. Speeds range from DS0 up to OC192/STM-64 and 10
GbE.
Advanced routing features supported include MPLS, multicast, QoS, and high availability. Services
PIC
A PIC (Physical Interface Card) is an interface card through which network cables carry
data transmissions to and from the network plug. A PIC installs into a FPC (Flexible PIC
Concentrator). M7i router accommodates four PICs.
FIC
In addition to four PICs, M7i router includes a built-in FIC (Fixed Interface Card) that
provides two fast Ethernet ports or one gigabit Ethernet port depending on which FIC was
ordered. FPC 0 holds PIC slots (0 to 3) and FPC 1 holds fixed interfaces (Two Fast
FIC Receives incoming packets and transmits outgoing packets to the network, displays
alarm status, and takes PICs online and offline.
ESD Point
The ESD Point (Electrostatic discharge point) located at the front of the chassis minimizes
the risk of electrical discharge in potentially hazardous environments.
Routing Engine
Routing Engine maintains the routing tables, manages the routing protocols, controls the
interfaces, controls some chassis components, and provides the interface for system
management and user access.
CFEB
CFEB (Compact Forwarding Engine Board) provides route lookup, management of shared
memory, transfer of outgoing data packets, and transfer of exception and control packets;
includes built-in tunnel interface and optional Adaptive Services PIC.
Power Supplies
1. M7i
The M7i Multiservice Edge Router is 3.5 inches (8.9 cm) in height and supports
7+ Gbps throughput. The M7i is ideal as an IP/MPLS provider edge router in
small PoPs or as an enterprise routing solution for Internet gateway or branch
aggregation.
The M7i router supports various PICs, including ATM, channelized, Ethernet,
IP services, and SONET/SDH interfaces.
2. M10i
The M10i router supports up to eight Physical Interface Cards (PICs). PICs are
interchangeable between the M7i and M10i routers.
3. M40e
PICs are compatible with the M120 and Juniper Networks T320 and T640 Core
Routers.
The M120 delivers support for 128 GE subscriber ports, with 10 GB Ethernet
or OC 192 uplink capability in an affordable, compact form factor
The router is a quarter-rack chassis that supports up to six FPCs. Four slots
accept FPCs of Types 1, 2, and 3 and two slots accept Compact FPCs (CFPCs).
Each FPC can be configured with a variety of network media types, altogether
providing up to 130 physical interface ports per system. The CFPC slots are
identical to the Type 1, 2, and 3 FPC slots, but feature a smaller form factor to
provide higher density 10-Gigabit interfaces.
FPCs supported by M120 router are FPC1, FPC2 and FPC3. PICs are
compatible with M40e, T320, and T640 routers.
5. M320
FPCs supported by M320 router are Enhanced II FPC 1, Enhanced III FPC 1,
Enhanced II FPC 2, Enhanced II FPC 3, Enhanced III FPC 2, Enhanced III FPC
3. PICs are compatible with M40e, M120, T320, and T640 routers
The operating system software that powers the Juniper routers is called JUNOS. The software is
modular and standards based. Another important feature of JUNOS is that the software is platform
independent (within Juniper hardware systems, not to be confused with other vendor hardware), thus
delivering the same scalability and security across several hardware platforms.
JUNOS CLI is a simple to use, text-based command interface. We give various commands on CLI for
configuring, troubleshooting and monitoring the software.
a) Operational Mode
b) Configuration Mode
a) Operational Mode:
When we log in to the router and the CLI starts, we are at the top level of the CLI operational mode. In
this mode, we enter the commands for
Frequently used commands in this mode include ping, show, traceroute, configure, etc.
b) Configuration Mode:
We use the Configuration mode for configuring the JUNOS software by creating a hierarchy of
configuration statements. We enter the configuration mo9+de by using the command "configure" as
shown below:
user@host>configure
Entering configuration mode
[edit]
user@host#
Issuing the commands one at a time using CLI can configure a JUNOS™ router or alternately, we can
configure by creating a text (ASCII) file that contains the statement hierarchy. Remember to activate
the configuration by using the command "commit" on the router.
As shown in the above example, the generic configuration prompt is user@host#. Ofcourse, we can
change the prompt by using appropriate command.
Statement Hierarchy:
We use the above configuration mode commands to create a statement hierarchy, and then configure
the JUNOS software. The term "statement hierarchy" is used to define the sequence of commands used
for configuring a particular feature (or features) of the router. An example statement hierarchy is given
user@host>configure
Entering configuration mode
[edit] ----Top level
user@host#edit protocols ospf
[edit protocols ospf] ----protocols ospf hierarchy level
user@host#
7. Router Interfaces
Juniper Networks platform has primarily two types of interface. These are:
Transient Interfaces are the interfaces that receive user's data packets from the network and
transmit the packets to the network. These interfaces are physically located on a Physical
Interface Card. They can be inserted and removed at any time.
These interface need to be configured before using it. We can also configure the interfaces
that are not in the chassis. When the JUNOS software activates the router's configuration it
finds out the interfaces that are present and activates only those interfaces.
In addition, each router has two serial ports, labeled console and auxiliary. Console port can
be used to connect tty-type terminals to the router. The auxiliary port can connect to a
modem
On the J-series routing platform, when information about an interface is displayed, the
interface type, the slot in which the Physical Interface Module (PIM) is installed, 0, and the
configured port number is specified.
In the physical part of the interface name, a hyphen (-) separates the media type from the
PIM number, and a slash (/) separates the PIM, 0, and port numbers. And the syntax is:
type-pim/0/port
type: is the one that uniquely identifies the type of physical interface. It is a two-character
word and can be one of the following:
pim: Physical Interface Module (PIM) provides the physical connection to various network
media types. It is the slot in which the PIM is installed.
0: it is the pim module number
port: it is the port number to be configured
For example, on a J-series router J2320, assuming that slot 1 is populated with single port
gigabit ethernet card, the interface is uniquely identified as below:
ge-1/0/0
Using JUNOS™ software, a typical interface configuration will have the following syntax:
type-fpc/pic/port
type: is the one that uniquely identifies the type of physical interface. It is a two-character
word as stated above.
fpc: is the physical slot number in the chassis where the interface is located.
pic: is the slot number on the FPC where the interface is located.
port: is the location on the PIC where the interface port (to which the interface is
connected) is located.
For example, M7i router will have one fixed FPC (FPC1) that contains internal ports, and
FPC 0 for external PIC cards. Assuming that FPC0, PIC1 is populated with dual port fast
ethernet card, the ports are uniquely addressed as below:
Note:Some physical interfaces use channel numbers instead if unit numbers. These
numbers are represented using colon instead of period like media_type-fpc/pic/port:channel
Number
On the MX-series routers when information about an interface is displayed, the interface
type, the slot in which the Dense Port Concentrator (DPC) is installed, the slot on the DPC
in which the Physical Interface Card (PIC) is located, and the configured port number are
specified.
In the physical part of the interface name, a hyphen (-) separates the media type from the
DPC number, and a slash (/) separates the DPC, PIC, and port numbers. And the syntax is:
type-dpc/pic/port
type: is the one that uniquely identifies the type of physical interface. It is a two-character
word as stated above.
dpc: is the slot number in which the Dense Port Concentrator (dpc) is installed
pic: is the slot number on the dpc
port: it is the port number to be configured
The following labs can be performed using CertExams.com Juniper network simulator. The software
may be downloaded from the Juniper Junos Simulator product page. Further, please note that the Demo
version will support limited commands. All labs are supported only in the full version of the software.
Description: A basic exercise, that shows how to enter configuration mode, and exit from
the same. Choose R1 from the network diagram, and exit.
Instructions:
user@R1>configure
[edit]
user@R1#exit
user@R1>
Back
Description:Set the router host name. Go to N/W diagram and choose device R1.
Instructions:
user@R1>configure
[edit]
user@R1#edit system
[edit system]
user@R1#set host-name juniper1
[edit system]
user@juniper1#exit
[edit]
user@juniper1#commit
commit complete
[edit]
user@juniper1#show
Back
Description:Set the router domain name. Go to N/W diagram and choose device R1.
Instructions:
user@R1>configure
[edit]
user@R1#edit system
[edit system]
user@R1#set domain-name mydomain.net
[edit system]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
Instructions:
user@R1>configure
[edit]
user@R1#edit system root-authentication
[edit system root-authentication]
user@R1#set encrypted-password 24adr3e
[edit system root-authentication]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Description:For the Router to resolve hostnames into addresses, one or more DNS name
servers have to be configured.
Instructions:
user@R1>configure
[edit]
user@R1#edit system
[edit system]
user@R1#set name-server 196.20.32.15
[edit system]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
Instructions:
user@R1>configure
[edit]
user@R1#edit system
[edit system]
user@R1#set backup-router 196.20.32.15/24
[edit system]
user@R1#exit
[edit]
user@R1#commit
commit complete
Back
Description: In this lab, you configure so-0/0/1 interface under unit 0 and family inet on a
router with specified ip address and subnet mask. Choose R1 in the network diagram and
exit.
Instructions:
user@R1>configure
[edit]
user@R1#edit interfaces so-0/0/1
[edit interfaces so-0/0/1]
user@R1#edit unit 0 family inet
[edit interfaces so-0/0/1 unit 0 family inet]
user@R1#set address 196.20.32.15/24
[edit interfaces so-0/0/1 unit 0 family inet]
user@R1#exit
[edit interfaces so-0/0/1]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
user@R1>show interfaces so-0/0/1
Back
Instructions:
Back
Instructions:
user@R1>configure
[edit]
user@R1#edit interfaces so-0/0/0
[edit interfaces so-0/0/0]
user@R1#set description interface-so-0/0/0
[edit interfaces so-0/0/0]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
Description: The following lab configures the PPP encapsulation on the physical interface
so-0/0/0
Instructions:
user@R1>configure
[edit]
user@R1#edit interfaces so-0/0/0
[edit interfaces so-0/0/0]
user@R1#set encapsulation ppp
[edit interfaces so-0/0/0]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
Instructions:
user@R1>configure
[edit]
user@R1#edit interfaces so-0/0/0
[edit interfaces so-0/0/0]
user@R1#set no-keepalives
[edit interfaces so-0/0/0]
user@R1#set keepalives 40 30 20
[edit interfaces so-0/0/0]
user@R1#exit
[edit]
user@R1#
Back
Instructions:
user@R1>configure
[edit]
user@R1#edit interfaces so-0/0/0
[edit interfaces so-0/0/0]
user@R1#set keepalives 1000 12 12
[edit interfaces so-0/0/0]
user@R1#exit
[edit]
user@R1#
Back
Instructions:
user@R1>configure
[edit]
user@R1#edit interfaces fxp0
[edit interfaces fxp0]
user@R1#set speed 10m
[edit interfaces fxp0]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Instructions:
user@R1>configure
[edit]
user@R1#edit interfaces so-0/0/0
[edit interfaces so-0/0/0]
user@R1#edit unit 0
[edit interfaces so-0/0/0 unit 0]
user@R1#set bandwidth 1000k
[edit interfaces so-0/0/0 unit 0]
user@R1#exit
[edit interfaces so-0/0/0]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
Description: Hold-time value is used to damp interface transitions. When an interface goes
from up to down, it is not advertised to the rest of the system as being down until it has
remained down for the hold-time period. Similarly, an interface is not advertised as being
up until it has remained up for the hold-time period.
Instructions:
user@R1>configure
Back
Description: This lab is used to configure the DTE clock-rate in serial clocking mode.
Instructions:
user@R1>configure
[edit]
user@R1#edit interfaces se-0/0/0 serial-options
[edit interfaces se-0/0/0 serial-options]
user@R1#set clock-rate 2.048mhz
[edit interfaces se-0/0/0 serial-options]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Description : This lab exercise demonstrates configuring the gigabit ethernet interface on a J-
series router and also setting other basic parameters like hostname, domain-name, name-server,
backup router etc. Show command is issued to verify the configuration set on the router.
Instructions
user@R1>configure
[edit]
user@R1#edit system
[edit system]
user@R1#set host-name Router1
[edit system]
user@Router1#set domain-name router.net
[edit system]
user@Router1#set root-authentication encrypted-password vhvc#!
[edit system]
user@Router1#set name-server 10.148.2.32
[edit system]
user@Router1#set backup-router 192.168.2.34/24
[edit system]
user@Router1#exit
[edit]
user@Router1#edit interfaces
[edit interfaces]
user@Router1#set ge-0/0/0 unit 0 family inet address 192.168.1.1/24
[edit interfaces]
Back
Instructions
user@R1>configure
[edit]
user@R1#edit interfaces
[edit interfaces]
user@R1#set so-0/0/0 speed OC48
[edit interfaces]
user@R1#exit
[edit]
user@R1#show
Back
1. Display environmental information about the routing platform chassis, including the
temperature and information about the fans, power supplies, and Routing Engine
2. Displays a list of all Flexible Physical Interface Card Concentrators (FPCs) and PICs installed
in the router chassis, including the hardware version level and serial number.
3. Displays the FIC information, such as the FIC type, ASIC type, operating status, PIC version,
and the amount of time the FIC has been online. The command output also displays port cable
information.
Back
1. For which two functions is the Routing Engine responsible? (Choose two.)
A. packet forwarding
B. queuing functions
C. routing protocol control
D. JUNOS software operation
A. # set ip host-name
B. > set ip host-name
C. # set system host-name
A. 0
B. 2
C. 3
D. 4
A. 2
B. 4
C. 6
D. 8
A. family ip
B. family ip6
C. family inet
D. family inet4
7. Which operational command allows a user to view the exhaust temperatures of a Juniper
device?
8. In which mode are users allowed to configure the device, including interfaces, protocols,
user access, and system hardware properties?
A. priviledged mode
B. configuration mode
C. monitoring mode
D. operational mode
Description: Configure static route 172.16.1.0 mask 255.255.255.0 with next hop address
of 192.16.2.1.
prefix mask: is the ip route prefix and mask for the destination.
address|interface: Use either the next hop router ip or the local router outbound interface
used to reach the destination.
distance: is the administrative distance and an optional parameter.
Instructions:
user@R1>configure
[edit]
user@R1#edit routing-options
[edit routing-options]
user@R1#edit static route 172.16.1.0/24
[edit routing-options static route 172.16.1.0/24]
user@R1#set next-hop 172.16.2.1
[edit routing-options static route 172.16.1.0/24]
user@R1#exit
[edit routing-options]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
Back
Description: The purpose of this lab is to configure IP Address on all the devices and test
for connectivity using ping command. Applicable network diagram is given below
Instructions:
1. Assign the IP address of all the devices as given below and commit the configurations
On R1:
user@R1>configure
[edit]
user@R1#edit interfaces so-0/0/0
[edit interfaces so-0/0/0]
user@R1#edit unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R1#set address 192.168.1.1/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R1#exit
[edit interfaces so-0/0/0]
user@R1#exit
[edit]
user@R1#edit interfaces so-0/0/1
[edit interfaces so-0/0/1]
user@R1#edit unit 0 family inet
[edit interfaces so-0/0/1 unit 0 family inet]
user@R1#set address 192.168.3.2/24
[edit interfaces so-0/0/1 unit 0 family inet]
user@R1#exit
[edit interfaces so-0/0/1]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#
On R2:
user@R2>configure
[edit]
user@R2#edit interfaces so-0/0/0
[edit interfaces so-0/0/0]
user@R2#edit unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R2#set address 192.168.3.1/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R2#exit
[edit interfaces so-0/0/0]
user@R2#exit
[edit]
user@R2#edit interfaces so-0/0/1
[edit interfaces so-0/0/1]
On R3:
user@R3>configure
[edit]
user@R3#edit interfaces so-0/0/0
[edit interfaces so-0/0/0]
user@R3#edit unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R3#set address 192.168.1.2/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R3#exit
[edit interfaces so-0/0/0]
user@R3#exit
[edit]
user@R3#edit interfaces so-0/0/1
[edit interfaces so-0/0/1
user@R3#edit unit 0 family inet
[edit interfaces so-0/0/1 unit 0 family inet]
user@R3#set address 192.168.2.2/24
[edit interfaces so-0/0/1 unit 0 family inet]
user@R3#exit
[edit interfaces so-0/0/1]
user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
user@R3#
On R1:
user@R1>ping 192.168.2.2
user@R1>ping 192.168.2.1
Back
Description: The purpose of this lab is to configure IP Address on all the devices and test
for telnet command. Applicable network diagram is shown below:
Instructions:
1.Assign the IP address of all the devices as given below and commit the configurations
2. From R1 issue a telnet command to R2 and R3 and use quit command to close the telnet
connection
3. Issue show system users command on R2 to view the logged in users on the router
4. Commands to be executed:
On R1:
On R2:
user@R2>configure
[edit]
user@R2#edit interfaces so-0/0/0
[edit interfaces so-0/0/0]
user@R2#edit unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R2#set address 192.168.3.1/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R2#exit
[edit interfaces so-0/0/0]
user@R2#exit
[edit]
user@R2#edit interfaces so-0/0/1
[edit interfaces so-0/0/1]
user@R2#edit unit 0 family inet
[edit interfaces so-0/0/1 unit 0 family inet]
user@R2#set address 192.168.2.1/24
[edit interfaces so-0/0/1 unit 0 family inet]
user@R2#exit
[edit interfaces so-0/0/1]
user@R2#exit
On R3:
user@R3>configure
[edit]
user@R3#edit interfaces so-0/0/0
[edit interfaces so-0/0/0]
user@R3#edit unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R3#set address 192.168.1.2/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R3#exit
[edit interfaces so-0/0/0]
user@R3#exit
[edit]
user@R3#edit interfaces so-0/0/1
[edit interfaces so-0/0/1]
user@R3#edit unit 0 family inet
[edit interfaces so-0/0/1 unit 0 family inet]
user@R3#set address 192.168.2.2/24
[edit interfaces so-0/0/1 unit 0 family inet]
user@R3#exit
[edit interfaces so-0/0/1]
user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
user@R3#
On R1:
user@R1>telnet 192.168.2.2
user@R1>telnet 192.168.2.1
user@R2>show system users
Back
Description: The purpose of this lab is to configure the routers and test for traceroute command.
Commands to be executed:
On R1:
user@R1>configure
[edit]
user@R1#edit interfaces se-0/0/0
[edit interfaces se-0/0/0]
On R2:
user@R2>configure
[edit]
user@R2#edit interfaces se-0/0/0
[edit interfaces se-0/0/0]
user@R2#edit unit 0 family inet
[edit interfaces se-0/0/0 unit 0 family inet]
user@R2#set address 192.168.1.2/24
[edit interfaces se-0/0/0 unit 0 family inet]
user@R2#exit
[edit interfaces se-0/0/0]
user@R2#exit
[edit]
user@R2#edit interfaces se-0/0/1
[edit interfaces se-0/0/1]
user@R2#edit unit 0 family inet
[edit interfaces se-0/0/1 unit 0 family inet]
user@R2#set address 192.168.2.1/24
[edit interfaces se-0/0/1 unit 0 family inet]
user@R2#exit
[edit interfaces se-0/0/1]
user@R2#exit
[edit]
user@R2#commit
commit complete
[edit]
On R3:
user@R3>configure
[edit]
user@R3#edit interfaces se-0/0/0
[edit interfaces se-0/0/0]
user@R3#edit unit 0 family inet
[edit interfaces se-0/0/0 unit 0 family inet]
user@R3#set address 192.168.3.2/24
[edit interfaces se-0/0/0 unit 0 family inet]
user@R3#exit
[edit interfaces se-0/0/0]
user@R3#exit
[edit]
user@R3#edit interfaces se-0/0/1
[edit interfaces se-0/0/1]
user@R3#edit unit 0 family inet
[edit interfaces se-0/0/1 unit 0 family inet]
user@R3#set address 192.168.2.2/24
[edit interfaces se-0/0/1 unit 0 family inet]
user@R3#exit
[edit interfaces se-0/0/1]
user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
user@R3#
On R1:
user@R1>traceroute 192.168.2.2
Back
Description: Lab Exercise explains pinging between router and work station
user@R1>configure
[edit]
user@R1#set interfaces ge-0/0/0 unit 0 family inet address 192.168.100.1/24
user@R1#commit
commit complete
[edit]
user@R1#exit
WS1>ping R1
WS2>ping R1
Back
Description: The lab exercise explains pinging between two work stations
Note : Two workstations or client PC can communicate with each other using a CrossCable. Note
that a straight Ethernet cable is used for connecting a workstation (or a host) to a Switch or Hub,
whereas a cross Ethernet cable is used for connecting a host to host or a switch to switch or
workstation to workstation directly.
Instructions:
1. Click network diagram button and select device WS1 from network diagram.
2. And in WS1 prompt enter 192.168.1.3/24 as ip address and 192.168.1.1 as default-gateway
3. Select device WS2 from network diagram and configure ip address 192.168.1.2/24 and default-
gateway 192.168.1.1
4. Ping WS1 from WS2 and it should be successful for verifying proper configuration.
WS1>ping WS2
WS2>ping WS1
Back
Description: Lab Exercise explains pinging between two work station on different subnets
Note: A layer 2 switch works transparently in a network. There is no need to configure a Layer 2
Switch for performing basic operations of forwarding frames. However, for using advanced
functionality like port security, VLAN configuration, etc. one may need to configure a Switch.
Instructions:
1. Click network diagram button and select device WS1 from network diagram.
2. Configure 192.168.10.1/24 as ip address and default-gateway as 192.168.1.1
3. Select device WS2 from network diagram and configure ip address 192.168.20.1/24 and
default-gateway 192.168.1.1.
4. Ping WS1 from WS2 and you get ping failed message because both work stations are on
different subnets.
WS1>ping WS2
WS2>ping WS1
Back
Description: Lab Exercise explains Tracing route from Work stations to router
Instruction:
1. Connect to R1 and configure the IP address of 192.168.100.1/24 on the ge-0/0/0 interface
2. To assign ip address to WS1 click network diagram button and in network diagram window
click WS1 icon from the diagram. In Ws1 prompt type 192.168.100.2/24 as ip address and
default gateway 192.168.100.1
3. To assign ip address to WS2 click network diagram button and in network diagram window
click WS1 icon from the diagram. In WS2 prompt type 192.168.100.3/24 as ip address and
default gateway 192.168.100.1
4. Traceroute R1 from WS1 and WS2
user@R1>configure
[edit]
user@R1#set interfaces ge-0/0/0 unit 0 family inet address 192.168.100.1/24
user@R1#commit
commit complete
[edit]
user@R1#exit
WS2>traceroute R1
Back
A. 1
B. 5
C. 15
D. 20
2. You want to configure a static default route to the gateway 10.1.1.1. Which set command will
accomplish this task?
3. When you display the routing table by entering the show route command, what does the *
indicate?
A. inet.0
B. inet.1
C. inet.2
D. inet.3
A. The next-hop 172.30.25.1 is selected because the address has the lowest value.
B. The next-hop 172.30.25.1 is selected because it is listed first.
C. The next-hop 172.30.25.1 is selected because it is the lowest protocol preference.
D. The next-hop 172.30.25.5 is selected because it is the lowest protocol preference.
Description: Use this lab to configure the routing policy on router, by specifying the match
condition to accept all rip routes, that is checked against the source address of the route
advertised.
Instructions:
user@R1>configure
[edit]
user@R1#edit policy-options policy-statement riproutes
[edit policy-options policy-statement riproutes]
user@R1#edit term AdvRip
[edit policy-options policy-statement riproutes term AdvRip]
user@R1#edit from
[edit policy-options policy-statement riproutes term AdvRip from]
user@R1#set protocol rip
[edit policy-options policy-statement riproutes term AdvRip from]
user@R1#exit
[edit policy-options policy-statement riproutes term AdvRip]
user@R1#edit then
[edit policy-options policy-statement riproutes term AdvRip then]
user@R1#set accept
[edit policy-options policy-statement riproutes term AdvRip then]
user@R1#exit
[edit policy-options policy-statement riproutes term AdvRip]
user@R1#exit
[edit policy-options policy-statement riproutes]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
Description: Use this lab to configure the routing policy on router, by specifying the match
condition to reject all rip routes, that is checked against the source address of the route
advertised.
user@R1>configure
[edit]
user@R1#edit policy-options policy-statement riproutes
[edit policy-options policy-statement riproutes]
user@R1#edit term AdvRip
[edit policy-options policy-statement riproutes term AdvRip]
user@R1#edit from
[edit policy-options policy-statement riproutes term AdvRip from]
user@R1#set protocol rip
[edit policy-options policy-statement riproutes term AdvRip from]
user@R1#exit
[edit policy-options policy-statement riproutes term AdvRip]
user@R1#edit then
[edit policy-options policy-statement riproutes term AdvRip then]
user@R1#set reject
[edit policy-options policy-statement riproutes term AdvRip then]
user@R1#exit
[edit policy-options policy-statement riproutes term AdvRip]
user@R1#exit
[edit policy-options policy-statement riproutes]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
1 What happens when a route does not match any user configured policies?
2. A routing policy has three terms and the first term of the policy does not contain a
terminating action. What will become of the routes after they have been evaluated by the
first term?
A. Import policies concern routes received and determine which routes get put
into the routing table.
B. Export policies concern routes received and determine which routes get put
into the routing table.
C. Export policies are applied before the routing table.
D. Import polices are applied after the routing table.
4. Which two policy actions are considered flow control actions? (Choose two.)
A. reject
B. community add
C. next term
D. next policy
Description: Use this lab to configure the RIP on router, by applying an export and import
policies at their respective hierarchical levels.
Instructions:
user@R1>configure
[edit]
user@R1#edit protocols rip
[edit protocols rip]
user@R1#edit group neighborRouters
[edit protocols rip group neighborRouters]
user@R1#set export riproutes
[edit protocols rip group neighborRouters]
user@R1#edit neighbor so-0/0/0
[edit protocols rip group neighborRouters neighbor so-0/0/0]
user@R1#set import riproutes
[edit protocols rip group neighborRouters neighbor so-0/0/0]
user@R1#exit
[edit protocols rip group neighborRouters]
user@R1#exit
[edit protocols rip]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
A. 15
B. 16
C. 10
D. 255
3. What two mechanisms does RIP use to prevent routing loops (select 2)?
A. Split-Horizon
B. Link-state database
C. Random routing database checks
D. Poison-reverse
4. Which two statements are correct regarding default protocol preference values? (Choose
two.)
A. OSPF has a single preference value for both internal and external routes.
B. RIP is preferred over OSPF external routes.
C. Direct, local, and static routes have the same preference value.
D. OSPF's preference value is lower than BGP (both IBGP and EBGP).
5. RIP is a distance vector routing protocol that depends on which of the following for
routing distance measurement?
A. Bandwidth
B. Delay
C. Number of Hops
D. Reliability
Description: The purpose of this lab is to configure RIP Routing and other required
commands to advertise these rip routes on all the devices and test for ping command.
Applicable network diagram is given below:
Instructions:
On R1:
user@R1>configure
[edit]
user@R1#edit interfaces so-0/0/0 unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R1#set address 192.168.3.1/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R1#exit
[edit]
user@R1#edit interfaces so-0/0/1 unit 0 family inet
[edit interfaces so-0/0/1 unit 0 family inet]
user@R1#set address 192.168.1.1/24
[edit interfaces so-0/0/1 unit 0 family inet]
user@R1#exit
[edit]
user@R1#edit policy-options policy-statement R1pol term R1term
[edit policy-options policy-statement R1pol term R1term]
user@R1#edit from
[edit policy-options policy-statement R1pol term R1term from]
user@R1#set protocol rip
[edit policy-options policy-statement R1pol term R1term from]
user@R1#exit
[edit policy-options policy-statement R1pol term R1term]
user@R1#edit then
[edit policy-options policy-statement R1pol term R1term then]
user@R1#set accept
[edit policy-options policy-statement R1pol term R1term then]
user@R1#exit
[edit policy-options policy-statement R1pol term R1term]
user@R1#exit
[edit]
user@R1#edit protocols rip group R1grp
[edit protocols rip group R1grp]
user@R1#set export R1pol
[edit protocols rip group R1grp]
user@R1#edit neighbor so-0/0/0
[edit protocols rip group R1grp neighbor so-0/0/0]
user@R1#set import R1pol
[edit protocols rip group R1grp neighbor so-0/0/0]
user@R1#exit
[edit protocols rip group R1grp]
user@R1#edit neighbor so-0/0/1
[edit protocols rip group R1grp neighbor so-0/0/1]
user@R1#set import R1pol
[edit protocols rip group R1grp neighbor so-0/0/1]
user@R1#exit
On R2:
user@R2>configure
[edit]
user@R2#edit interfaces so-0/0/0 unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R2#set address 192.168.1.2/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R2#exit
[edit]
user@R2#edit interfaces so-0/0/1 unit 0 family inet
[edit interfaces so-0/0/1 unit 0 family inet]
user@R2#set address 192.168.2.1/24
[edit interfaces so-0/0/1 unit 0 family inet]
user@R2#exit
[edit]
user@R2#edit policy-options policy-statement R2pol term R2term
[edit policy-options policy-statement R2pol term R2term]
user@R2#edit from
[edit policy-options policy-statement R2pol term R2term from]
user@R2#set protocol rip
[edit policy-options policy-statement R2pol term R2term from]
user@R2#exit
[edit policy-options policy-statement R2pol term R2term]
user@R2#edit then
[edit policy-options policy-statement R2pol term R2term then]
user@R2#set accept
[edit policy-options policy-statement R2pol term R2term then]
user@R2#exit
[edit policy-options policy-statement R2pol term R2term]
user@R2#exit
[edit]
user@R2#edit protocols rip group R2grp
[edit protocols rip group R2grp]
user@R2#set export R2pol
[edit protocols rip group R2grp]
user@R2#edit neighbor so-0/0/0
[edit protocols rip group R2grp neighbor so-0/0/0]
user@R2#set import R2pol
[edit protocols rip group R2grp neighbor so-0/0/0]
user@R2#exit
On R3:
user@R3>configure
[edit]
user@R3#edit interfaces so-0/0/0 unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R3#set address 192.168.3.2/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R3#exit
[edit]
user@R3#edit interfaces so-0/0/1 unit 0 family inet
[edit interfaces so-0/0/1 unit 0 family inet]
user@R3#set address 192.168.2.2/24
[edit interfaces so-0/0/1 unit 0 family inet]
user@R3#exit
[edit]
user@R3#edit policy-options policy-statement R3pol term R3term
[edit policy-options policy-statement R3pol term R3term]
user@R3#edit from
[edit policy-options policy-statement R3pol term R3term from]
user@R3#set protocol rip
[edit policy-options policy-statement R3pol term R3term from]
user@R3#exit
[edit policy-options policy-statement R3pol term R3term]
user@R3#edit then
[edit policy-options policy-statement R3pol term R3term then]
user@R3#set accept
[edit policy-options policy-statement R3pol term R3term then]
user@R3#exit
[edit policy-options policy-statement R3pol term R3term]
user@R3#exit
[edit]
user@R3#edit protocols rip group R3grp
[edit protocols rip group R3grp]
user@R3#set export R3pol
On R1:
user@R1>ping 192.168.2.2
user@R1>ping 192.168.2.1
Back
13.2 : Lab Exercise 2 : Ping test by configuring OSPF with multiple areas
Description: The purpose of this lab is to configure OSPF on all the devices with multiple
areas including backbone (area 0) area and test for ping command. Applicable network
diagram is as given below:
Instructions:
2. Enable OSPF on R1 with So-0/0/0 under area 0 and So-0/0/1 under area 10
3. Enable OSPF on R2 with So-0/0/0 under area 10 and So-0/0/1 under area 20
4. Enable OSPF on R3 with So-0/0/0 under area 0 and So-0/0/1 under area 20
5. From R1 issue a ping command to R2 and R3.
On R1:
user@R1>configure
On R2:
user@R2>configure
[edit]
user@R2#edit interfaces so-0/0/0 unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R2#set address 192.168.1.2/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R2#exit
[edit]
user@R2#edit interfaces so-0/0/1 unit 0 family inet
[edit interfaces so-0/0/1 unit 0 family inet]
user@R2#set address 192.168.2.1/24
[edit interfaces so-0/0/1 unit 0 family inet]
user@R2#exit
[edit]
user@R2#edit protocols ospf area 10 interface so-0/0/0
[edit protocols ospf area 10 interface so-0/0/0]
user@R2#exit
[edit]
user@R2#edit protocols ospf area 20 interface so-0/0/1
[edit protocols ospf area 20 interface so-0/0/1]
user@R2#exit
[edit]
On R3:
user@R3>configure
[edit]
user@R3#edit interfaces so-0/0/0 unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R3#set address 192.168.3.2/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R3#exit
[edit]
user@R3#edit interfaces so-0/0/1 unit 0 family inet
[edit interfaces so-0/0/1 unit 0 family inet]
user@R3#set address 192.168.2.2/24
[edit interfaces so-0/0/1 unit 0 family inet]
user@R3#exit
[edit]
user@R3#edit protocols ospf area 0 interface so-0/0/0
[edit protocols ospf area 0 interface so-0/0/0]
user@R3#exit
[edit]
user@R3#edit protocols ospf area 20 interface so-0/0/1
[edit protocols ospf area 20 interface so-0/0/1]
user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
user@R3#
On R1:
user@R1>ping 192.168.2.2
user@R1>ping 192.168.2.1
Back
Instructions:
Back
Description: Use this lab to configure the OSPF on router with an area 0.
Instructions:
user@R1>configure
[edit]
user@R1#edit protocols ospf
[edit protocols ospf]
user@R1#edit area 0
[edit protocols ospf area 0]
user@R1#edit interface so-0/0/0
[edit protocols ospf area 0 interface so-0/0/0]
user@R1#exit
[edit protocols ospf area 0]
user@R1#edit interface so-0/0/1
[edit protocols ospf area 0 interface so-0/0/1]
user@R1#exit
[edit protocols ospf area 0]
user@R1#exit
[edit protocols ospf]
user@R1#exit
[edit]
user@R1#commit
Back
Description: The purpose of this lab is to configure OSPF on all the devices with an area
of 100 and to verify the configuration using show commands of OSPF.Applicable network
diagram is shown below:
Instructions:
On R1:
user@R1>configure
[edit]
user@R1#edit interfaces so-0/0/0 unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R1#set address 192.168.3.1/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R1#exit
[edit]
user@R1#edit interfaces so-0/0/1 unit 0 family inet
[edit interfaces so-0/0/1 unit 0 family inet]
user@R1#set address 192.168.1.1/24
[edit interfaces so-0/0/1 unit 0 family inet]
user@R1#exit
[edit]
user@R1#edit protocols ospf area 100 interface so-0/0/0
[edit protocols ospf area 100 interface so-0/0/0]
user@R1#exit
[edit]
user@R1#edit protocols ospf area 100 interface so-0/0/1
[edit protocols ospf area 100 interface so-0/0/1]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#
On R2:
user@R2>configure
[edit]
user@R2#edit interfaces so-0/0/0 unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R2#set address 192.168.1.2/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R2#exit
[edit]
user@R2#edit interfaces so-0/0/1 unit 0 family inet
[edit interfaces so-0/0/1 unit 0 family inet]
user@R2#set address 192.168.2.1/24
[edit interfaces so-0/0/1 unit 0 family inet]
user@R2#exit
[edit]
On R3:
user@R3>configure
[edit]
user@R3#edit interfaces so-0/0/0 unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R3#set address 192.168.3.2/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R3#exit
[edit]
user@R3#edit interfaces so-0/0/1 unit 0 family inet
[edit interfaces so-0/0/1 unit 0 family inet]
user@R3#set address 192.168.2.2/24
[edit interfaces so-0/0/1 unit 0 family inet]
user@R3#exit
[edit]
user@R3#edit protocols ospf area 100 interface so-0/0/0
[edit protocols ospf area 100 interface so-0/0/0]
user@R3#exit
[edit]
user@R3#edit protocols ospf area 100 interface so-0/0/1
[edit protocols ospf area 100 interface so-0/0/1]
user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
user@R3#
On R1:
Back
A. 10
B. 15
C. 150
D. 160
4. Which CLI command will show the state of OSPF to other routers?
5. Which CLI command will show the type of networks the router participates in (point-to-point,
BMA etc)?
Note: This Lab is divided in to 7 sections. Please refer the figure above for all the sections
Description: This lab exercises demonstrates the configuring BGP peer sessions
Instructions:
user@E>configure
[edit]
user@E#edit interfaces
[edit interfaces]
user@E#set ge-0/0/0 description to-A
[edit interfaces]
user@E#set ge-0/0/0 unit 0 family inet address 10.10.10.1/24
[edit interfaces]
user@E#set ge-0/0/1 description to-B
[edit interfaces]
Description: The purpose of this lab is to configure the autonomous system number of the local router.
Instructions:
user@E>configure
[edit]
user@E#edit routing-options
[edit routing-options]
user@E# set autonomous-system 17
[edit routing-options]
user@E#exit
[edit]
user@E#
Back
Section III : Create BGP group and add the External neighbor addresses
Description: This lab exercise demonstrates configuring BGP groups and to add the external neighbor
address
Instructions:
1. Enter into configuration mode.
2. Move to protocols hierarchy
3. Set neighbor addresses to 10.10.10.2,10.10.10.6 and 10.10.10.10
4. Exit from the BGP protocols hierarchy
Description: This lab exercise demonstrates configuring the AS number of the peer. Here AS number
is assigned to peer devices A, B, and C
Instructions:
user@E>configure
[edit]
user@E#edit protocols bgp group external-peers
[edit protocols bgp group external-peers]
user@E#set peer-as 22
[edit protocols bgp group external-peers]
user@E#exit
[edit]
user@E#
Back
Section V : Add the peer D and set the AS number at the individual neighbor level.
Description: The purpose of this lab is to add the neighbor device (peer) D and set the AS number at
the individual neighbor level.
Instructions:
user@E>configure
[edit]
user@E#edit protocols bgp group external-peers
[edit protocols bgp group external-peers]
user@E#set neighbor 10.21.7.2 peer-as 79
[edit protocols bgp group external-peers]
user@E#exit
[edit]
user@E#
Back
Description: This lab exercise demonstrates configuring the type name of the BGP device as external.
Instructions:
user@E>configure
[edit]
user@E#edit protocols bgp group external-peers
[edit protocols bgp group external-peers]
user@E#set type external
[edit protocols bgp group external-peers]
user@E#exit
[edit]
user@E#commit
[edit]
user@E#
Back
Description: Purpose of this lab is to set the hold-time of the BGP device and also to issue the
appropriate show commands to check the configuration working properly.
Instructions:
user@E>configure
[edit]
user@E#edit protocols bgp group external-peers
[edit protocols bgp group external-peers]
user@E#set hold-time 190
[edit protocols bgp group external-peers]
user@E#exit
[edit]
user@E#commit
[edit]
user@E#exit
user@E>show bgp group
user@E>show bgp summary
user@E>show bgp neighbor
user@E>show configuration
Back
Note: Please refer to the below network for the exercises 17.1, 17.2, 17.3 given in this section
Description: A basic exercise that shows how to enter configuration mode and exit from the
same. Choose R1 from the network diagram and exit.
Instructions:
user@R1>configure
[edit]
user@R1#edit interfaces ge-0/0/0
[edit interfaces ge-0/0/0]
user@R1#set unit 0 family mpls
[edit interfaces ge-0/0/0]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
Note: For MPLS to be activated, it is necessary to add the MPLS protocol family to the interfaces
that will bear MPLS traffic. MPLS must also be configured under the [edit protocols] level of
hierarchy as shown in the below exercise.
http://juniper.cluepon.net/index.php/MPLS
Description: The lab exercise explains how to configure MPLS protocol on the interface.
Instructions:
user@R1>configure
[edit]
user@R1#edit protocols mpls
[edit protocols mpls]
user@R1#set interface all
[edit protocols mpls]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
user@R1>configure
[edit]
user@R1#edit protocols mpls
[edit protocols mpls]
user@R1#set interface ge-0/0/0
Back
Description: The lab exercise explains how to configure LDP protocol on the interface.
Instructions:
user@R1>configure
user@R1>configure
[edit]
user@R1#edit protocols ldp
[edit protocols ldp]
user@R1#set interface ge-0/0/0
Back
Instructions:
On R1
user@R1>configure
[edit]
user@R1#edit interfaces ge-0/0/0
[edit interfaces ge-0/0/0]
user@R1#set unit 0 family inet address 10.10.10.1/24
[edit interfaces ge-0/0/0]
user@R1#set unit 0 family mpls
[edit interfaces ge-0/0/0]
user@R1#exit
[edit]
user@R1#edit interfaces lo0
[edit interfaces lo0]
user@R1#set unit 0 family inet address 1.1.1.1/24
[edit interfaces lo0]
user@R1#exit
[edit]
user@R1#edit protocols mpls
[edit protocols mpls]
user@R1#set interface ge-0/0/0
[edit protocols mpls]
user@R1#exit
[edit]
user@R1#edit protocols ldp
[edit protocols ldp]
user@R1#set interface ge-0/0/0
[edit protocols ldp]
user@R1#exit
[edit]
user@R1#
On R2
user@R2>configure
[edit]
user@R2#edit interfaces ge-0/0/0
[edit interfaces ge-0/0/0]
user@R2#set unit 0 family inet address 10.10.10.2/24
[edit interfaces ge-0/0/0]
user@R2#set unit 0 family mpls
[edit interfaces ge-0/0/0]
On R3
user@R3>configure
[edit]
user@R3#edit interfaces ge-0/0/0
[edit interfaces ge-0/0/0]
user@R3#set unit 0 family inet address 20.20.20.2/24
[edit interfaces ge-0/0/0]
user@R3#set unit 0 family mpls
[edit interfaces ge-0/0/0]
user@R3#exit
http://www.junos.com/techpubs/en_US/junos12.1x45/topics/example/mpls-security-ldp-
signaled-lsp-configuring.html
Description: This lab exercise explains how ping and traceroute works in MPLS network.
On R1
user@R1>configure
[edit]
user@R1#edit interfaces lo0
[edit interfaces lo0]
user@R1#set unit 0 family inet address 1.1.1.1/24
[edit interfaces lo0]
user@R1#exit
[edit]
user@R1#set interfaces se-0/0/0 unit 0 family inet address 192.168.1.1/24
[edit]
On R2
user@R2>configure
[edit]
user@R2#edit interfaces lo0
[edit interfaces lo0]
user@R2#set unit 0 family inet address 2.2.2.2/24
[edit interfaces lo0]
user@R2#exit
[edit]
user@R2#set interfaces se-0/0/0 unit 0 family inet address 192.168.1.2/24
[edit]
user@R2#set interfaces se-0/0/1 unit 0 family inet address 192.168.2.1/24
[edit]
user@R2#set interfaces se-0/1/0 unit 0 family inet address 192.168.3.1/24
[edit]
user@R2#set interfaces se-0/0/0 unit 0 family mpls
[edit]
user@R2#set interfaces se-0/0/1 unit 0 family mpls
[edit]
user@R2#set interfaces se-0/1/0 unit 0 family mpls
[edit]
user@R2#edit protocols mpls
[edit protocols mpls]
user@R2#set interface se-0/0/0
[edit protocols mpls]
user@R2#set interface se-0/0/1
[edit protocols mpls]
On R3
user@R3>configure
[edit]
user@R3#edit interfaces lo0
[edit interfaces lo0]
user@R3#set unit 0 family inet address 3.3.3.3/24
[edit interfaces lo0]
user@R3#exit
[edit]
user@R3#set interfaces se-0/0/0 unit 0 family inet address 192.168.2.2/24
[edit]
user@R3#set interfaces se-0/0/0 unit 0 family mpls
[edit]
user@R3#edit protocols mpls
[edit protocols mpls]
user@R3#set interface se-0/0/0
[edit protocols mpls]
user@R3#exit
[edit]
user@R3#edit protocols ldp
[edit protocols ldp]
user@R3#set interface se-0/0/0
[edit protocols ldp]
user@R3#exit
[edit]
user@R3#commit
On R4
user@R4>configure
[edit]
user@R4#edit interfaces lo0
[edit interfaces lo0]
user@R4#set unit 0 family inet address 4.4.4.4/24
[edit interfaces lo0]
user@R4#exit
[edit]
user@R4#set interfaces se-0/0/0 unit 0 family inet address 192.168.3.2/24
[edit]
user@R4#set interfaces se-0/0/0 unit 0 family mpls
[edit]
user@R4#edit protocols mpls
[edit protocols mpls]
user@R4#set interface se-0/0/0
[edit protocols mpls]
user@R4#exit
[edit]
user@R4#edit protocols ldp
[edit protocols ldp]
user@R4#set interface se-0/0/0
[edit protocols ldp]
user@R4#exit
[edit]
user@R4#commit
commit complete
[edit]
user@R4#
user@R1>ping 192.168.2.2
user@R1>ping 192.168.3.2
user@R1>traceroute 192.168.2.2
user@R1>traceroute 192.168.3.2
Back
https://www.juniper.net/documentation/en_US/junos12.3/topics/reference/command-
summary/show-route-forwarding-table-mpls-ex-series.html
https://www.juniper.net/techpubs/en_US/junose14.1/information-products/topic-
collections/swconfig-bgp-mpls/index.html?topic-41079.html
Description: In this example network is configured with OSPF as routing protocol. Then run
MPLS over the IP network.
Instructions :
user@R1>configure
[edit]
user@R1#edit interfaces ge-0/0/0
[edit interfaces ge-0/0/0]
user@R1#set unit 0 family inet address 192.168.10.1/24
[edit interfaces ge-0/0/0]
user@R1#set unit 0 family mpls
[edit interfaces ge-0/0/0]
user@R1#exit
[edit]
user@R1#edit protocols mpls
[edit protocols mpls]
user@R1#set interface ge-0/0/0
[edit protocols mpls]
user@R1#exit
[edit]
user@R1#edit protocols ldp
[edit protocols ldp]
user@R1#set interface ge-0/0/0
[edit protocols ldp]
user@R1#exit
[edit]
user@R1#edit protocols ospf area 100 interface ge-0/0/0
[edit protocols ospf area 100 interface ge-0/0/0]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#
On R2
user@R2>configure
[edit]
user@R2#edit interfaces ge-0/0/0
[edit interfaces ge-0/0/0]
user@R2#set unit 0 family inet address 192.168.10.2/24
[edit interfaces ge-0/0/0]
user@R2#set unit 0 family mpls
[edit interfaces ge-0/0/0]
user@R2#exit
[edit]
On R3
user@R3>configure
[edit]
user@R3#edit interfaces ge-0/0/0
[edit interfaces ge-0/0/0]
user@R3#set unit 0 family inet address 192.168.20.2/24
[edit interfaces ge-0/0/0]
user@R3#set unit 0 family mpls
[edit interfaces ge-0/0/0]
user@R3#exit
[edit]
user@R3#edit protocols ldp
[edit protocols ldp]
user@R3#set interface ge-0/0/0
[edit protocols ldp]
user@R3#exit
[edit]
user@R3#edit protocols mpls
[edit protocols mpls]
user@R3#set interface ge-0/0/0
[edit protocols mpls]
user@R3#exit
[edit]
user@R3#edit interfaces ge-0/0/1
[edit interfaces ge-0/0/1]
user@R3#set unit 0 family inet address 192.168.30.1/24
[edit interfaces ge-0/0/1]
user@R3#exit
[edit]
user@R3#edit protocols mpls
[edit protocols mpls]
user@R3#set interface ge-0/0/1
[edit protocols mpls]
user@R3#exit
[edit]
user@R3#edit protocols ldp
[edit protocols ldp]
user@R3#set interface ge-0/0/1
[edit protocols ldp]
user@R3#exit
[edit]
user@R3#edit protocols ospf area 100 interface ge-0/0/0
[edit protocols ospf area 100 interface ge-0/0/0]
user@R3#exit
[edit]
user@R3#edit protocols ospf area 100 interface ge-0/0/1
[edit protocols ospf area 100 interface ge-0/0/1]
On R4
user@R4>configure
[edit]
user@R4#edit interfaces ge-0/0/0
[edit interfaces ge-0/0/0]
user@R4#set unit 0 family inet address 192.168.30.2/24
[edit interfaces ge-0/0/0]
user@R4#set unit 0 family mpls
[edit interfaces ge-0/0/0]
user@R4#exit
[edit]
user@R4#edit protocols mpls
[edit protocols mpls]
user@R4#set interface ge-0/0/0
[edit protocols mpls]
user@R4#exit
[edit]
user@R4#edit protocols ldp
[edit protocols ldp]
user@R4#set interface ge-0/0/0
[edit protocols ldp]
user@R4#exit
[edit]
user@R4#edit protocols ospf area 100 interface ge-0/0/0
[edit protocols ospf area 100 interface ge-0/0/0]
user@R4#exit
[edit]
user@R4#commit
commit complete
[edit]
user@R4#
user@R1>ping 192.168.30.2
Back
a. Static route
b. BGP
c. Layer 2 label
4. On which MPLS plane Label 3 routing protocols and label exchange protocols exist ?
a. Transport plane
b. Control plane
c. Data plane
d. Sarengeti plane
5. Which of the following sends data based on L3 or L2 information and takes care of label
swapping..
a. Transport plane
b. Control plane
c. Data Plane
d. Sarengeti plane
a. 10
b. 16
9. This device adds or strips labels for frames entering or exiting the provider MPLS network.
a. Core route
b. Edge Label Switch Router
c. Edge Switch
a. RIPv2
b. FIB Forwarding Information Base
c. LIB
Note: Please refer to the below network for the exercises 18.1, 18.2, 18.3 given in this section
Enabling IPV6 : In junos ipv6 is enabled as soon as one interface is configured for ipv6
Description: This lab exercise explains configuring ipv6 address on an interface in EUI-64
format
Instructions:
On R1
user@R1>configure
[Edit]
user@R1#edit interfaces so-0/0/0
[edit interfaces so-0/0/0]
user@R1#set unit 0 family inet6 address 3ffb:db8:1::/64 EUI-64
[edit interfaces so-0/0/0]
user@R1#exit
[edit]
user@R1#show
Back
Instructions:
On R1
user@R1>configure
[Edit]
user@R1#edit interfaces so-0/0/0
[edit interfaces so-0/0/0]
user@R1#set unit 0 family inet6 address 2001:cb8:1::1/64
[edit interfaces so-0/0/0]
user@R1#exit
[edit]
user@R1#show
Back
Description:The lab exercise demonstrates some of the IPV6 show commands available.
Instructions:
On R1
user@R1>configure
[edit]
user@R1#edit interfaces so-0/0/0
[edit interfaces so-0/0/0]
user@R1#set unit 0 family inet6 address 4218:fe2:3::1/64
[edit interfaces so-0/0/0]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
Back
Instructions:
On R1
user@R1>configure
[edit]
user@R1#edit interfaces ge-0/0/0
[edit interfaces ge-0/0/0]
user@R1#set unit 0 family inet6 address 2001:100:10:1::1/64
[edit interfaces ge-0/0/0]
user@R1#exit
[edit]
On R2
On R3
user@R3>configure
[edit]
user@R3#edit interfaces ge-0/0/0
[edit interfaces ge-0/0/0]
user@R3#set unit 0 family inet6 address 2001:100:20:1::2/64
[edit interfaces ge-0/0/0]
user@R3#exit
user@R1>configure
[edit]
user@R1#edit routing-options
[edit routing-options]
user@R1#set rib inet6 static route 2001:100:20:1::2/64 next-hop 2001:100:10:1::2
[edit routing-options]
user@R1#exit
[edit]
user@R1#show
user@R3>configure
[edit]
user@R3#edit routing-options
[edit routing-options]
user@R3#set rib inet6 static route 2001:100:10:1::1/64 next-hop 2001:100:20:1::1
[edit routing-options]
user@R3#exit
[edit]
user@R3#show
Back
Description: The purpose of this lab is to configure IPV6 Address on all the devices and test for
connectivity using ping command. Applicable network diagram is given below
Instructions:
1. Assign the ipv6 address to all the devices as per the table below and commit the configuration
2. From R1 issue ping command on R2 and R3
R1 so-0/0/0 2001:db8:3::1/64
so-0/0/1 2001:db8:1::1/64
R2 so-0/0/0 2001:db8:1::2/64
so-0/0/1 2001:db8:2::1/64
so-0/0/1 2001:db8:2::2/64
On R1
user@R1>configure
[edit]
user@R1#edit interfaces so-0/0/0 unit 0 family inet6
[edit interfaces so-0/0/0 unit 0 family inet6]
user@R1#set address 2001:db8:3::1/64
[edit interfaces so-0/0/0 unit 0 family inet6]
user@R1#exit
[edit]
user@R1#edit interfaces so-0/0/1 unit 0 family inet6
[edit interfaces so-0/0/1 unit 0 family inet6]
user@R1#set address 2001:db8:1::1/64
[edit interfaces so-0/0/1 unit 0 family inet6]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#
On R2
user@R2>configure
[edit]
user@R2#edit interfaces so-0/0/0 unit 0 family inet6
[edit interfaces so-0/0/0 unit 0 family inet6]
user@R2#set address 2001:db8:1::2/64
[edit interfaces so-0/0/0 unit 0 family inet6]
user@R2#exit
[edit]
user@R2#edit interfaces so-0/0/1 unit 0 family inet6
[edit interfaces so-0/0/1 unit 0 family inet6]
user@R2#set address 2001:db8:2::1/64
[edit interfaces so-0/0/1 unit 0 family inet6]
user@R2#exit
[edit]
user@R2#commit
commit complete
[edit]
user@R2#
On R3
On R1
user@R1>ping 2001:db8:2::2
user@R1>ping 2001:db8:2::1
Back
Description: The lab helps to configure ipv6 address of the routes and test for traceroute
command.
1. Assign IP address of all the devices as per the table given below
R1 se-0/0/0 2001:db8:3::1/64
se-0/0/1 2001:db8:1::1/64
R2 se-0/0/0 2001:db8:1::2/64
se-0/0/1 2001:db8:2::1/64
R3 se-0/0/0 2001:db8:3::2/64
se-0/0/1 2001:db8:2::2/64
user@R1>configure
[edit]
user@R1#edit interfaces se-0/0/0 unit 0 family inet6
[edit interfaces se-0/0/0 unit 0 family inet6]
user@R1#set address 2001:db8:3::1/64
[edit interfaces se-0/0/0 unit 0 family inet6]
user@R1#exit
[edit]
user@R1#edit interfaces se-0/0/1 unit 0 family inet6
[edit interfaces se-0/0/1 unit 0 family inet6]
user@R1#set address 2001:db8:1::1/64
[edit interfaces so-0/0/1 unit 0 family inet6]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#
On R2
user@R2>configure
[edit]
user@R2#edit interfaces se-0/0/0 unit 0 family inet6
[edit interfaces se-0/0/0 unit 0 family inet6]
user@R2#set address 2001:db8:1::2/64
[edit interfaces se-0/0/0 unit 0 family inet6]
user@R2#exit
[edit]
user@R2#edit interfaces se-0/0/1 unit 0 family inet6
[edit interfaces se-0/0/1 unit 0 family inet6]
user@R2#set address 2001:db8:2::1/64
[edit interfaces se-0/0/1 unit 0 family inet6]
user@R2#exit
[edit]
user@R2#commit
commit complete
[edit]
user@R2#
On R3
user@R3>configure
[edit]
user@R3#edit interfaces se-0/0/0 unit 0 family inet6
[edit interfaces se-0/0/0 unit 0 family inet6]
user@R3#set address 2001:db8:3::2/64
On R1
user@R1>traceroute 2001:db8:2::2
Back
Firewall filters enables to control packets transiting the device to a network destination as well as
packets destined for and sent by the device. You can configure a firewall filter to perform
specified actions on packets of a particular protocol family, including fragmented packets, that
match specified conditions based on Layer3 or Layer4 packet header fields.
A stateless firewall filter, also known as an access control list (ACL), does not statefully inspect
traffic. Instead, it evaluates packet contents statically and does not keep track of the state of
network connections. Stateless firewalls watch network traffic, and restrict or block packets
based on source and destination addresses or other static values. They are not 'aware' of traffic
patterns or data flows. - See more at:
In contrast, a stateful firewall filter uses connection state information derived from other
applications and past communications in the data flow to make dynamic control decisions. tateful
firewalls can watch traffic streams from end to end. They are are aware of communication paths
and can implement various IP Security (IPsec) functions such as tunnels and encryption. In
technical terms, this means that stateful firewalls can tell what stage a TCP connection is in
(open, open sent, synchronized, synchronization acknowledge or established), it can tell if the
MTU has changed, whether packets have fragmented etc.
Stateless firewalls are typically faster and perform better under heavier traffic loads. Stateful
firewalls are better at identifying unauthorized and forged communications.
The command to configure a firewall filter is made at the [edit firewall family inet] hierarchy
level
filter filter-name {
term term-name {
from {
match-conditions;
then {
action;
Note: Please refer to the default network diagram for the exercises 19.1, 19.2, 19.3 given in this
section
Description: The lab exercise helps to get familiar with configuring juniper firewall filter
Instructions:
user@R1>configure
[edit]
user@R1#edit firewall family inet filter filter1
[edit firewall family inet filter filter1]
user@R1#set term term1 from source-address 192.168.10.5/24
[edit firewall family inet filter filter1]
user@R1#set term term1 then accept
[edit firewall family inet filter filter1]
user@R1#set term term2 from source-address 196.145.25.5/24
[edit firewall family inet filter filter1]
user@R1#set term term2 then reject
[edit firewall family inet filter filter1]
user@R1#set term term3 then accept
[edit firewall family inet filter filter1]
user@R1#exit
[edit]
user@R1#show
Back
Description: The lab exercise explains assigning incoming and outgoing traffic to an interface
Instructions:
user@R1>configure
[edit]
user@R1#edit firewall family inet filter filter1
[edit firewall family inet filter filter1]
user@R1#set term term1 then accept
[edit firewall family inet filter filter1]
user@R1#exit
[edit]
user@R1#edit interfaces so-0/0/0 unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R1#set filter input filter1
[edit interfaces so-0/0/0 unit 0 family inet]
user@R1#exit
[edit]
user@R1#show
Back
Description: The Exercise helps to Configure firewall filter based on the instructions and view
ACL or firewall entries entries by using appropriate show command.
Instructions:
On R1
user@R1>configure
[edit]
user@R1#edit firewall family inet filter filter1
[edit firewall family inet filter filter1]
user@R1#set term term1 from source-address 192.168.10.5/24
[edit firewall family inet filter filter1]
user@R1#set term term1 then accept
[edit firewall family inet filter filter1]
user@R1#exit
[edit]
user@R1#show
[edit]
user@R1#commit
Back
Description: The exercise explains configuring and verifying firewall filter based on given set of
instructions.
Instructions:
R1 fe-1/3/0 192.168.1.1/24
so-0/0/0 192.168.2.1/24
R2 fe-1/3/0 192.168.1.2/24
R3 so-0/0/0 192.168.2.2/24
so-0/0/1 192.168.3.1/24
R4 so-0/0/0 192.168.3.2/24
On R1
user@R1>configure
[edit]
user@R1#edit interfaces fe-1/3/0 unit 0 family inet
[edit interfaces fe-1/3/0 unit 0 family inet]
user@R1#set address 192.168.1.1/24
[edit interfaces fe-1/3/0 unit 0 family inet]
user@R1#exit
[edit]
user@R1#edit interfaces so-0/0/0 unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R1#set address 192.168.2.1/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
On R2
user@R2>configure
[edit]
On R3
user@R3>configure
[edit]
user@R3#edit interfaces so-0/0/0 unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R3#set address 192.168.2.2/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R3#exit
[edit]
user@R3#edit interfaces so-0/0/1 unit 0 family inet
[edit interfaces so-0/0/1 unit 0 family inet]
user@R3#set address 192.168.3.1/24
[edit interfaces so-0/0/1 unit 0 family inet]
user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
On R4
user@R4>configure
[edit]
user@R4#edit interfaces so-0/0/0 unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R4#set address 192.168.3.2/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R4#exit
[edit]
user@R4#commit
commit complete
[edit]
Verification
user@R3>ping 192.168.1.2
user@R4>ping 192.168.1.2
on R1
Note: If a term does not contain a from statement, the packet is considered to match and the action in
the term's then statement is taken. If a term does not contain a then statement or if you do not
configure an action in the then statement, and if the packet matches the conditions in the term's from
statement, the packet is accepted.
Verification
user@R3>ping 192.168.1.2
user@R3>telnet 192.168.1.2
user@R4>ping 192.168.1.2
user@R4>telnet 192.168.1.2
Now , try out different cases of applying ACL and test the same as given below. But before that remove
Case1: Allow traffic from ip address 192.168.2.2 block all other traffic
user@R1>configure
[edit]
user@R1#edit firewall family inet filter filter1
[edit firewall family inet filter filter1]
user@R1#set term term1 from source-address 192.168.2.2/24
[edit firewall family inet filter filter1]
user@R1#set term term1 then accept
[edit firewall family inet filter filter1]
user@R1#set term term2 then reject
[edit firewall family inet filter filter1]
Verification
user@R3>ping 192.168.1.2
user@R4>ping 192.168.1.2
Case 2 : Block traffic from ip address 192.168.2.2 and allow all other traffic
user@R1>configure
[edit]
user@R1#edit firewall family inet filter filter1
[edit firewall family inet filter filter1]
user@R1#set term term1 from source-address 192.168.2.2/24
[edit firewall family inet filter filter1]
user@R1#set term term1 then reject
[edit firewall family inet filter filter1]
user@R1#set term term2 then accept
[edit firewall family inet filter filter1]
Verification
user@R3>ping 192.168.1.2
user@R4>ping 192.168.1.2
Back
Description: The lab exercise explains configuring and verifying firewall filter based on given
set of instructions.
Instructions:
On R1
user@R1>configure
[edit]
user@R1#edit interfaces fe-1/3/0 unit 0 family inet
[edit interfaces fe-1/3/0 unit 0 family inet]
user@R1#set address 192.168.1.1/24
[edit interfaces fe-1/3/0 unit 0 family inet]
user@R1#exit
[edit]
user@R1#edit interfaces so-0/0/0 unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R1#set address 192.168.2.1/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R1#exit
[edit]
user@R1#edit interfaces so-0/0/1 unit 0 family inet
[edit interfaces so-0/0/1 unit 0 family inet]
user@R1#set address 192.168.3.1/24
[edit interfaces so-0/0/1 unit 0 family inet]
user@R1#exit
[edit]
On R2
user@R2>configure
[edit]
user@R2#edit interfaces fe-1/3/0 unit 0 family inet
[edit interfaces fe-1/3/0 unit 0 family inet]
user@R2#set address 192.168.1.2/24
[edit interfaces fe-1/3/0 unit 0 family inet]
user@R2#exit
[edit]
On R3
user@R3>configure
[edit]
user@R3#edit interfaces so-0/0/0 unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
On R4
user@R4>configure
[edit]
user@R4#edit interfaces so-0/0/0 unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R4#set address 192.168.3.2/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R4#exit
[edit]
user@R4#edit interfaces so-0/0/1 unit 0 family inet
[edit interfaces so-0/0/1 unit 0 family inet]
user@R4#set address 192.168.4.1/24
[edit interfaces so-0/0/1 unit 0 family inet]
user@R4#exit
[edit]
On R5
user@R5>configure
[edit]
user@R5#edit interfaces so-0/0/0 unit 0 family inet
[edit interfaces so-0/0/0 unit 0 family inet]
user@R5#set address 192.168.4.2/24
[edit interfaces so-0/0/0 unit 0 family inet]
user@R5#exit
[edit]
user@R5#commit
commit complete
[edit]
user@R5#exit
On R1
user@R1>configure
[edit]
user@R1#edit firewall family inet filter filter1
[edit firewall family inet filter filter1]
user@R1#set term term1 from source-address 192.168.4.0/24
[edit firewall family inet filter filter1]
user@R1#set term term1 from destination-address 192.168.1.2/24
[edit firewall family inet filter filter1]
user@R1#set term term1 then accept
Verification
user@R3>ping 192.168.1.2
user@R4>ping 192.168.1.2
user@R5>ping 192.168.1.2
Back
There are 3 kinds of NAT for junos devices. Source NAT,Destination NAT and Static NAT.
1. Source NAT: Changing the source IP address of a packet coming from the trust(inside)
network to the untrust(outside) network.
3. Static NAT:Static NAT defines a one-to-one mapping from one IP subnet to another IP
subnet. The mapping includes destination IP address translation in one direction and source IP
address translation in the reverse direction. From the NAT device , the original destination
address is virtual host ip address while the mapped to address is the real host ip address.
Description:The lab exercise explains Source NAT rule set rs1 with a rule r1 to match any
packet from the trust zone to the untrust zone. For matching packets, the source address is
translated to the IP address of the egress interface.
Instructions:
On R1
user@R1>configure
[edit]
user@R1# edit security nat source rule-set rs1
[edit security nat source rule-set rs1]
user@R1#set from zone trust
[edit security nat source rule-set rs1]
user@R1#set to zone untrust
[edit security nat source rule-set rs1]
user@R1# set rule r1 match source-address 192.168.2.0/24
[edit security nat source rule-set rs1]
user@R1# set rule r1 match destination-address 0.0.0.0/0
[edit security nat source rule-set rs1]
user@R1# set rule r1 then source-nat interface
[edit security nat source rule-set rs1]
user@R1#exit
[edit]
user@R1#show
Back
Description: The lab exercise explains configuring address pools for source NAT.
Instructions:
On R1
user@R1>configure
[edit]
user@R1#edit security nat source
[edit security nat source]
user@R1#set pool pool1 address 200.1.1.10/24 to 200.1.1.30/24
[edit security nat source]
user@R1#set rule-set rs1 from zone trust
[edit security nat source]
user@R1#set rule-set rs1 to zone untrust
[edit security nat source]
user@R1# set rule-set rs1 rule r1 match source-address 192.168.2.0/24
[edit security nat source]
user@R1# set rule-set rs1 rule r1 match destination-address 0.0.0.0/0
[edit security nat source]
user@R1#set rule-set rs1 rule r1 then source-nat pool pool1
[edit security nat source]
user@R1#exit
[edit]
user@R1#show
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
user@R1>show security nat source summary
Back
Description: The lab exercise explains configuring address pools for destination NAT.
Instructions:
On R1
user@R1>configure
user@R1#edit security nat destination
[edit security nat destination]
user@R1#set pool destpool1 address 192.168.1.20/24
[edit security nat destination]
user@R1#exit
[edit]
user@R1#show
[edit]
Back
Description: The lab exercise explains configuring rule set for destination NAT.
Instructions:
10.1.1.1/24 192.168.1.20/24
user@R1>configure
user@R1#edit security nat destination
[edit security nat destination]
user@R1#set pool destpool1 address 192.168.1.20/24
[edit security nat destination]
user@R1#set rule-set rs1 from interface ge-0/0/0
[edit security nat destination]
user@R1#set rule-set rs1 rule r1 match destination-address 10.1.1.1/24
[edit security nat destination]
user@R1#set rule-set rs1 rule r1 then destination-nat pool destpool1
[edit security nat destination]
user@R1#exit
[edit]
user@R1#show
[edit]
Back
20.5 : Lab Exercise 5 : Configuring Static NAT for single address translation
Instructions:
10.10.10.1/24 192.168.1.20/24
On R1
user@R1>configure
user@R1#edit security nat static
[edit security nat static]
user@R1#set rule-set rs1 from interface ge-0/0/0
[edit security nat static]
user@R1#set rule-set rs1 rule r1 match destination-address 10.10.10.1/24
[edit security nat static]
user@R1#set rule-set rs1 rule r1 then static-nat prefix 192.168.1.20/24
20.6 : Lab Exercise 6 : Configuring Source NAT using multiple rules Lab
Scenario-1
Description: The lab exercise explains configuration source NAT based on given set of
instruction.
Instructions:
10.10.1.0/24 192.0.0.0/24-192.0.0.24
On R1
user@R1>configure
[edit]
user@R1#edit security nat source
[edit security nat source]
user@R1#set pool srcnatpool1 address 192.0.0.1/24 to 192.0.0.24 /24
[edit security nat source]
user@R1#set pool srcnatpool2 address 192.0.0.100/24 to 192.0.0.249/24
[edit security nat source]
user@R1#set rule-set rs1 from zone trust
[edit security nat source]
user@R1#set rule-set rs1 to zone untrust
[edit security nat source]
user@R1#set rule-set rs1 rule r1 match source-address 10.10.1.0/24
[edit security nat source]
user@R1#set rule-set rs1 rule r1 match destination-address 0.0.0.0/0
[edit security nat source]
user@R1#set rule-set rs1 rule r1 then source-nat pool srcnatpool1
[edit security nat source]
user@R1#set rule-set rs1 rule r2 match source-address 192.168.1.2/24
[edit security nat source]
user@R1#set rule-set rs1 rule r2 match destination-address 0.0.0.0/0
[edit security nat source]
user@R1#set rule-set rs1 rule r2 then source-nat off
[edit security nat source]
user@R1#set rule-set rs1 rule r3 match source-address 192.168.1.0/24
[edit security nat source]
user@R1#set rule-set rs1 rule r3 match destination-address 0.0.0.0/0
[edit security nat source]
user@R1#set rule-set rs1 rule r3 then source-nat pool srcnatpool2
[edit security nat source]
user@R1#exit
[edit]
Back
20.7 : Lab Exercise 7 : Configuring Source NAT using multiple rules Lab
Scenario-2
Description: The lab exercise explains configuring the source NAT based on given set
instructions.
Instructions:
10.1.2.0/24
192.168.1.0/24
user@R1>configure
[edit]
user@R1#edit security nat source
[edit security nat source]
user@R1#set pool srcnatpool1 address 2.2.2.1/24 to 2.2.2.24/24
[edit security nat source]
user@R1#set pool srcnatpool1 port no-translation
[edit security nat source]
user@R1#set rule-set rs1 from zone trust
[edit security nat source]
user@R1#set rule-set rs1 to zone untrust
[edit security nat source]
user@R1#set rule-set rs1 rule r1 match source-address 0.0.0.0/0
[edit security nat source]
user@R1#set rule-set rs1 rule r1 match destination-address 0.0.0.0/0
[edit security nat source]
user@R1#set rule-set rs1 rule r1 then source-nat pool srcnatpool1
[edit security nat source]
user@R1#exit
[edit]
user@R1#show
Back
Instructions:
1. Create a destination NAT pool destnatpool1 that contains ip address 192.168.1.200 and port
80.
2. Create a destination NAT pool destnatpool2 that contains ip address 192.168.1.220 and port
8000
3. Destination NAT rule set rs1 with rule r1 to match packets received from the untrust zone
with the destination IP address 1.1.1.200 and destination port 80. For matching packets, the
destination address is translated to the address in the destnatpool1 pool.
4. Destination NAT rule set rs1 with rule r2 to match packets received from the untrust zone
with the destination IP address 1.1.1.200 and destination port 8000. For matching packets, the
destination IP address and port are translated to the address and port in the destnatpool2 pool.
5. From operational mode enter the command “show security nat destination summary”
user@R1>configure
Back
Description : This lab exercise demonstrates the required commands for DHCP Server
configuration on a juniper router.
Instructions:
On R1
user@R1>configure
[edit]
user@R1#edit interfaces ge-0/0/0 unit 0 family inet
[edit interfaces ge-0/0/0 unit 0 family inet]
user@R1#set address 192.168.100.1/24
[edit interfaces ge-0/0/0 unit 0 family inet]
user@R1#exit
[edit]
user@R1#edit system services dhcp
[edit system services dhcp]
user@R1#set pool 192.168.100.0/24 address-range low 192.168.100.1
[edit system services dhcp]
user@R1#set pool 192.168.100.0/24 address-range high 192.168.100.50
[edit system services dhcp]
user@R1#set pool 192.168.100.0/24 domain-name xyz.com
Back
Description : This lab exercise demonstrates DHCP client configuration i.e, Configuring
an interface on the router to use DHCP to acquire its IP address.
Instructions:
1. Before proceeding with the DHCP client configuration, make sure that DHCP server is
configured as shown in the previous lab exercise.
2. Enter into configuration mode of device R1
3. For the security zone (for example, untrust) to which the interface is bound, specify
DHCP as a host-inbound service.
4. Enter into configuration mode of R2 and specify the interface ( ge-0/0/0) on which to
enable the DHCP client.
5. On R2 issue “show system services dhcp client” command to view information about
DHCP Client
user@R1>configure
[edit]
user@R1#set security zones security-zone untrust interfaces ge-0/0/0 host-inbound-
traffic system-services dhcp
user@R1#commit
commit complete
user@R1#exit
[edit]
On R2
user@R2>configure
[edit]
user@R2#set interfaces ge-0/0/0 unit 0 family inet dhcp
user@R2#commit
commit complete
user@R2#exit
[edit]
user@R2>show system services dhcp client
Back
Description: This lab exercise demonstrates DHCP server configuration and DHCP client
configuration on two routers and also shows the verification commands both on the server
Instructions:
On R1
user@R1>configure
[edit]
user@R1#edit interfaces ge-0/0/0 unit 0 family inet
[edit interfaces ge-0/0/0 unit 0 family inet]
user@R1#set address 192.168.1.1/24
[edit interfaces ge-0/0/0 unit 0 family inet]
user@R1#exit
[edit]
user@R1#edit interfaces ge-0/0/1 unit 0 family inet
[edit interfaces ge-0/0/0 unit 0 family inet]
user@R1#set address 192.168.1.2/24
user@R1#exit
[edit]
user@R1#edit system services dhcp
[edit system services dhcp]
user@R1#set pool 192.168.1.0/24 address-range low 192.168.1.1
[edit system services dhcp]
user@R1#set pool 192.168.1.0/24 address-range high 192.168.1.100
[edit system services dhcp]
user@R1#set pool 192.168.1.0/24 domain-name sample.com
[edit system services dhcp]
user@R1#set pool 192.168.1.0/24 name-server 192.168.1.2
On R2
user@R2>configure
[edit]
user@R2#edit interfaces ge-0/0/0 unit 0 family inet
[edit interfaces ge-0/0/0 unit 0 family inet]
user@R2#set dhcp
[edit interfaces ge-0/0/0 unit 0 family inet]
user@R2#exit
[edit]
user@R2#commit
commit complete
[edit]
user@R2#exit
user@R2>show system services dhcp client
On R3
user@R3>configure
[edit]
user@R3#edit interfaces ge-0/0/0 unit 0 family inet
[edit interfaces ge-0/0/0 unit 0 family inet]
user@R3#set dhcp
[edit interfaces ge-0/0/0 unit 0 family inet]
user@R3#exit
On R1
Back
Description :The lab exercise explains dynamically assigning ip address to computers via DHCP
server.
Instructions :
1. Connect to R1 and configure the IP address of 192.168.1.1/24 on the ge-0/0/0 interface and
also configure the R1 as DHCP server
2. To assign ip address to PC1 click network diagram button and in network diagram window
click PC1 icon from the diagram and in PC1 prompt type ip dhcp command
user@R1>configure
[edit]
user@R1#set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/24
[edit]
user@R1#edit system services dhcp
[edit system services dhcp]
user@R1#set pool 192.168.1.0/24 address-range low 192.168.1.2
[edit system services dhcp]
user@R1#set pool 192.168.1.0/24 address-range high 192.168.1.100
[edit system services dhcp]
user@R1#set pool 192.168.1.0/24 domain-name xyz.com
[edit system services dhcp]
user@R1#set pool 192.168.1.0/24 name-server 192.168.1.1
[edit system services dhcp]
user@R1#set pool 192.168.1.0/24 router 192.168.1.1
[edit system services dhcp]
user@R1#exit
[edit]
Assign DHCP as an allowed inbound service for the interface ge-0/0/0 to enable DHCP.
user@R1#commit
commit complete
user@R1#exit
user@R1>show system services dhcp pool
PC1>ip dhcp
PC1>show ip
http://www.jpudasaini.com.np/2015/09/juniper-dhcp-server-configuration.html
http://www.jaredlog.com/?p=2085
Back
a. EX Series Ethernet Switches : Deliver high performance, carrier-class solutions built to meet
the needs of today's converged branch office, campus, and data center networks.
Juniper Networks EX2200 Ethernet switches provide connectivity for low-density environments.
EX2200 switches are available in models with either 24 or 48 built-in network ports and four
uplink ports, with Power over Ethernet (PoE) either available in all built-in network ports or not
available in any built-in network port. All models provide network ports that have
10/100/1000Base-T Gigabit Ethernet connectors and four uplink ports. These switches run under
Junos OS for EX Series switches. Each EX2200 switch has four uplink ports that support 1-
gigabit small form-factor pluggable (SFP) transceivers for use with fiber connections and copper
connections. PoE ports provide electrical current to devices through the network cables so that
separate power cords for devices such as IP phones, wireless access points, and security cameras
are unnecessary.
• Mode button
The front panel of an EX2200 switch has two chassis status LEDs labeled SYS and
ALM on the far right side of the panel, above the uplink ports.
The rear panel of the EX2200 switch consists of the following components:
• USB port
• Console port
• ESD point
• Air exhaust
The EX2500 line of ethernet switches delivers a compact, energy efficient ethernet solution for
10 gigabit Ethernet GbE top-of-rack data center access deployments where high performance,
low latency and high availabilty are key requirements.
The EX2500 switch has 24 SFP+ ports, 2 management ports, and 1 console port. (The EX2500
switch contains 24 10-gigabit Small Form-Factor Pluggable Plus (SFP+) ports and 2 1-gigabit
management ports. The 10-gigabit SFP+ ports can accept 10-gigabit optical transceivers or Direct
Attach Cables (DACs). This 1U switch is rack mountable in either the horizontal or vertical
direction, depending on your application.)
Note: SFP+ Ports: 24 Small Form-Factor Pluggable (SFP+) ports are located on the front panel.
These ports accept approved optical SFP+ transceivers or direct access cables (DACs).
The EX3200 line of Ethernet switches offers a simple, cost-effective solution for low-density
branch and regional offices.
Juniper Networks EX4200 Ethernet Switches provide connectivity for medium- and high-density
environments and scalability for growing networks.
EX4200 switches are available in models with 24 or 48 ports and with either all ports equipped
for Power over Ethernet (PoE) or only 8 ports equipped for PoE. All models provide ports that
have 10/100/1000Base-T Gigabit Ethernet connectors and optional 1-gigabit small form-factor
pluggable (SFP) transceivers, 10-gigabit small form-factor pluggable (SFP+) transceivers, or 10-
gigabit small form-factor pluggable (XFP) transceivers for use with fiber connections.
EX4500 switches provide connectivity for high-density 10-Gigabit Ethernet data center top-of-
rack and aggregation deployments. Typically, EX4500 switches are used in data centers where
they can be positioned as the top device in a rack to provide connectivity for all devices in the
rack.
Note: · The FB and BF in the model number indicate the direction of airflow of the chassis:
· The C in the model number indicates the Converged Enhanced Ethernet (CEE) status of switch:
• C—CEE capable
• None—Not CEE capable
· The DC in the model number indicates that the switch model supports DC power supply.
· The VC in the model number indicates that the switch model can be used in a Virtual Chassis
configuration.
The EX8200 line of modular Ethernet switches is a family of high-performance, highly available
platforms for use in high-density 10GbE data centers, campus aggregations and core networks.
Juniper Networks EX8200 Ethernet line cards offer a variety of interfaces for supporting high-
density 100 Mbps, Gigabit and 10 Gigabit Ethernet (GbE) deployments. Four versions of the
EX8200 Ethernet line cards are available, each of which supports a consistent set of features and
capabilities: the EX8200-48T, the EX8200-48F, the EX8200-8XS and the EX8200-40XS.
Three of these cards are available in Extra Scale (ES) configurations—the EX8200-48T-ES, the
EX8200-48F-ES and the EX8200-8XS-ES—which are optimized for large-scale deployments
such as large campuses, global data centers, or cloud-based applications.
Baud Rate—9600
Flow Control—None
Data—8
Parity—None
Stop Bits—1
DCD State—Disregard
To connect and configure the switch from the console using the CLI:
1. Connect the console port to a laptop or PC using the RJ-45 to DB-9 serial port adapter. The RJ-45
cable and RJ-45 to DB-9 serial port adapter are supplied with the switch.
EX2200, EX3200, or EX4200 switch—The console port is located on the rear panel of the
switch.
EX4500 switch—The console port is located on the front panel of the switch.
EX8200 switch—The console port is located on the Switch Fabric and Routing Engine (SRE)
module in slot SRE0 in an EX8208 switch or on the Routing Engine (RE) module in slot RE0
in an EX8216 switch.
2. At the Junos OS shell prompt root%, type ezsetup.
3. Enter the hostname. This is optional.
4. Enter the root password you plan to use for this device. You are prompted to re-enter the root
password.
The device is shipped with no password; simply press the enter key.
Note: For security reasons, create a password for the Root ID.
5. Enter yes to enable services like Telnet and SSH. By default, Telnet is not enabled and SSH is
enabled.
6. Use the Management Options page to select the management scenario:
• Configure in-band management. In this scenario you have the following two options:
• Configure out-of-band management. Specify the IP address and gateway of the management
interface. Use this IP address to connect to the switch.
7. Specify the SNMP Read Community, Location, and Contact to configure SNMP parameters. These
You can now log in with the CLI or the J-Web interface to continue configuring the switch.
The Juniper Networks QFX3500 Switch is a high-speed, multipurpose switch especially designed for next-
generation data centers that provides a total switching capacity and throughput of 640 Gbps.
48 10-Gbps access ports in the switch use small form-factor pluggable plus transceivers (SFP+) and operate
by default as 10-Gigabit Ethernet interfaces. Optionally, you can choose to configure up to 12 of the ports as
2-Gbps, 4-Gbps, or 8-Gbps Fibre Channel (FC) interfaces, and up to 36 of the ports as 1-Gigabit Ethernet
interfaces. 4 40-Gbps uplink ports in the switch use quad, small form-factor pluggable plus (QSFP+)
transceivers.
The QFX3500 switch has 48 access ports (0-47) that support small form-factor pluggable plus (SFP+) and
small form-factor pluggable (SFP) transceivers, as well as SFP+ direct attach copper cables, also known as
Twinax cables.
• Up to 48 of the access ports can be used for SFP+ transceivers or SFP+ direct attach copper cables.
10-Gigabit Ethernet SFP+ transceivers and SFP+ direct attach copper cables can be used in any
access port. 2-Gbps, 4-Gbps, or 8-Gbps Fibre Channel SFP+ transceivers can be used in ports 0
through 5 and ports 42 through 47.
• Up to 36 of the access ports can be used for SFP transceivers. Gigabit Ethernet SFP transceivers can
be used in ports 6 - 41.
The QFX3500 switch has four uplink ports (Q0-Q3) that support up to four 40-Gbps quad small form-factor
pluggable plus (QSFP+) transceivers.
Description: A basic exercise that shows how to enter configuration mode and exit from the
same. Choose SW1 from the network diagram and exit.
Instructions
user@SW1>configure
[edit]
user@SW1#exit
user@SW1>
Back
Description: Set the switch hostname as junipersw. Choose SW1 from the network
diagram.
Instructions
user@SW1>configure
[edit]
user@SW1#edit system
[edit system]
user@SW1#set host-name junipersw
[edit system]
user@junipersw#exit
[edit]
Back
Instructions:
user@SW1>configure
[edit]
user@SW1#edit interfaces ge-0/0/0
[edit interfaces ge-0/0/0]
user@SW1#set description interface-ge-0/0/0
[edit interfaces ge-0/0/0]
user@SW1#exit
[edit]
user@SW1#
Back
user@SW1>configure
[edit]
user@SW1#edit interfaces ge-0/0/0
[edit interfaces ge-0/0/0]
user@SW1#set disable
[edit interfaces ge-0/0/0]
user@SW1#exit
[edit]
user@SW1#
Back
Instructions
user@SW1>show cli
user@SW1>show cli history
user@SW1>show version
Back
Instructions
user@SW1>configure
[edit]
user@SW1#edit interfaces
[edit interfaces]
Back
Instructions
user@SW1>configure
[edit]
user@SW1#edit interfaces ge-0/0/1
[edit interfaces ge-0/0/1]
user@SW1#set ether-options link-mode full-duplex
[edit interfaces ge-0/0/1]
user@SW1#set ether-options speed 10m
[edit interfaces ge-0/0/1]
user@SW1#exit
[edit]
user@SW1#commit
[edit]
user@SW1#show
Back
Instructions
user@SW1>configure
Note: The EX-series switch management interface is a physical or virtual port through which the
switch can be configured and maintained. The JUNOS for EX-series software automatically
creates the switch's management Ethernet interface, me0. The management Ethernet interface
provides an out-of-band method for connecting to the switch. To use me0 as a management port,
you must configure its logical port, me0.0, with a valid IP address.
Back
Description: This exercise demonstrates the commands required to create VLANs on the
switch.
Instructions
1. Create VLAN 10 and 20 by using the command syntax “set vlans <vlan-name> vlan-id <vlan-
id-number>
2.Verify the same using show vlans command
user@SW1>configure
[edit]
user@SW1#set vlans marketing vlan-id 10
[edit]
user@SW1#set vlans support vlan-id 20
[edit]
user@SW1#commit
[edit]
user@SW1#exit
user@SW1>show vlans
Back
Instructions
user@SW1>configure
[edit]
user@SW1#set vlans marketing vlan-id 10
[edit]
user@SW1#set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members
marketing
[edit]
user@SW1#commit
[edit]
user@SW1#exit
user@SW1>show vlans
Instructions
user@SW1>configure
[edit]
user@SW1#set vlans production vlan-id 20
[edit]
user@SW1#set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members
production
[edit]
user@SW1#set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk
[edit]
Back
Instructions
user@SW1>configure
[edit]
user@SW1#edit vlans
[edit vlans]
user@SW1#set sales vlan-id 2
[edit vlans]
user@SW1#set sales mac-table-aging-time 500
[edit vlans]
Back
Description: This exercise explains the commands required to route traffic between two VLANs
on the same switch.
Instructions
1.Create the management and finance department VLANs by configuring the VLAN IDs for
them
2.Configure the interface for the management server in the management VLAN
3.Configure the interface for the management access point in the management VLAN
4.Configure the interface for the finance server in the finance VLAN
user@SW1>configure
[edit]
user@SW1#edit vlans
[edit vlans]
user@SW1#set management vlan-id 10
[edit vlans]
user@SW1#set finance vlan-id 20
[edit vlans]
user@SW1#exit
[edit]
2. Assign an interface to the VLAN by specifying the logical interface (with the unit
statement) and specifying the VLAN name as the member:
[edit]
user@SW1#set interfaces vlan unit 10 family inet address 192.168.1.1/24
[edit]
user@SW1#set interfaces vlan unit 20 family inet address 192.168.2.1/24
[edit]
user@SW1#commit
[edit]
4. Layer 3 interfaces on trunk ports allow the interface to transfer traffic between multiple
VLANs. Within a VLAN, traffic is bridged, while across VLANs, traffic is routed. Bind a
Layer 3 interface with the VLAN
user@SW1#edit vlans
[edit vlans]
user@SW1#set management l3-interface vlan.10
[edit vlans]
user@SW1#set finance l3-interface vlan.20
[edit vlans]
user@SW1#exit
[edit]
user@SW1#commit
[edit]
user@SW1#exit
user@SW1>show configuration
user@SW1>show vlans
Back
Description:DHCP server provides IP addresses to its hosts automatically. You can configure
DHCP server on EX series switches for one or multiple VLANs. Here we will setup DHCP
server for one VLAN.
user@SW1>configure
[edit]
user@SW1#set vlans test1 vlan-id 10
[edit]
user@SW1#set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members test1
[edit]
user@SW1#set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members test1
[edit]
user@SW1#set interfaces vlan unit 10 family inet address 192.168.10.1/24
[edit]
user@SW1#edit system services dhcp
[edit system services dhcp]
user@SW1#set pool 192.168.10.0/24 address-range low 192.168.10.1
[edit system services dhcp]
user@SW1#set pool 192.168.10.0/24 address-range high 192.168.10.50
Obtain ip address automatically from DHCP server for PC1 and PC2
PC1>ip dhcp
PC2>ip dhcp
PC1>show ip
PC2>show ip
http://www.commsolutions.com/2013/12/creating-dhcp-pool-juniper-ex-series-switch/
https://books.google.co.in/books?id=BvGbCgAAQBAJ&pg=PA49&lpg=PA49&dq=pc
%3Eip+dhcp+command+gns3&source=bl&ots=hNlJFTKKHL&sig=jrC9NMjIRQzoSOvFRM-
CbCkbwk8&hl=en&sa=X&ved=0ahUKEwjJ_aO4rZjOAhXEpY8KHVu6BgE4ChDoAQgmMAI
#v=onepage&q&f=false
Back
Description: The lab exercise explains configuring DHCP server for multiple vlans
user@SW1>configure
[edit]
user@SW1#set vlans test1 vlan-id 10
[edit]
user@SW1#set vlans test2 vlan-id 20
[edit]
user@SW1#set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members
test1
[edit]
user@SW1#set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members
test2
[edit]
user@SW1#set interfaces vlan unit 10 family inet address 192.168.10.1/24
Obtain ip address automatically from DHCP server for PC1 and PC2
PC1>ip dhcp
PC1>show ip
PC2>show ip
Back
Description: This lab exercise helps to get familiar with the benefits of a VLAN and also
in understanding the process to configure a router and a switch to support VLANs.
Instructions:
user@R1>configure
[edit]
user@R1#set interfaces ge-0/0/0 unit 0 family inet address 192.168.200.1/24
user@R1#commit
commit complete
[edit]
user@SW1>configure
[edit]
user@SW1#set vlans wrs vlan-id 10
[edit]
user@SW1#set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members
wrs
[edit]
user@SW1#set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members
wrs
[edit]
user@SW1#set interfaces vlan unit 10 family inet address 192.168.200.2/24
[edit]
user@SW1#set vlans wrs l3-interface vlan.10
[edit]
user@SW1#edit system services dhcp
[edit system services dhcp]
user@SW1#set pool 192.168.200.0/24 address-range low 192.168.200.3
[edit system services dhcp]
user@SW1#set pool 192.168.200.0/24 address-range high 192.168.200.254
[edit system services dhcp]
user@SW1#set pool 192.168.200.0/24 domain-name wrs.com
[edit system services dhcp]
user@SW1#set pool 192.168.200.0/24 name-server 192.168.200.3
[edit system services dhcp]
user@SW1#set pool 192.168.200.0/24 router 192.168.200.3
[edit system services dhcp]
user@SW1#exit
[edit]
user@SW1#commit
commit complete
[edit]
user@SW1#exit
user@SW1>show vlans
Obtain ip address automatically from DHCP server for PC1 and PC2
PC2>ip dhcp
PC1>show ip
PC2>show ip
PC1>ping R1
PC1>ping PC2
PC2>ping R1
PC2>ping PC1
user@SW1>configure
[edit]
user@SW1#set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members wrs
[edit]
user@SW1#commit
commit complete
[edit]
user@SW1#
user@PC1>ping R1
user@PC2>ping R1
Back
Description:This lab exercise demonstrates trunk concept in VLANs. i.e with trunk set up
on only one of the the two switches and see that ping fails from R1 to WS1, correct the
configuration by setting up trunk on both the switches and verifying the same.
Instructions:
user@R1>configure
[edit]
user@R1#edit interfaces ge-0/0/0 unit 0 family inet
[edit interfaces ge-0/0/0 unit 0 family inet]
user@R1#set address 192.168.1.1/24
[edit interfaces ge-0/0/0 unit 0 family inet]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#
user@SW1>configure
[edit]
user@SW1#set vlans vlan1 vlan-id 100
[edit]
user@SW1#set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members
vlan1
[edit]
user@SW1#commit
commit complete
[edit]
user@SW1#exit
user@SW1>show vlans
user@R1>ping WS1
user@SW2>configure
[edit]
user@SW2#set vlans vlan1 vlan-id 100
[edit]
user@SW2#commit
commit complete
[edit]
user@SW2#
user@R1>ping WS1
user@WS1>ping R1
user@SW2>configure
[edit]
user@SW2#set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan1
[edit]
user@SW2#commit
commit complete
[edit]
user@SW2#exit
user@SW2>show vlans
user@R1>ping WS1
user@WS1>ping R1
user@SW1>configure
[edit]
user@SW1#set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk
[edit]
user@SW1#commit
commit complete
[edit]
user@SW2>configure
[edit]
user@SW2#set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk
[edit]
user@SW2#commit
commit complete
[edit]
user@SW2#
user@R1>ping WS1
user@WS1>ping R1
Back
Note : Routed VLAN interfaces (RVIs) allow the EX Series switch to recognize packets
that are being sent to local addresses so that they are bridged (switched) whenever possible
and are routed only when necessary. Whenever packets can be switched instead of routed,
several layers of processing are eliminated. An interface named vlan functions as a logical
router on which you can configure a Layer3 logical interface for each virtual LAN
(VLAN). For redundancy, you can combine an RVI with implementations of the Virtual
Router Redundancy Protocol (VRRP) in both bridging and virtual private LAN service
(VPLS) environments.
RVIs route only VLAN traffic. An RVI works by logically dividing a switch into multiple
virtual routing instances, thereby isolating VLAN traffic traveling across the network into
virtual segments. Routed VLAN interfaces allow switches to recognize which packets are
being sent to another VLAN’s MAC addresses—then, packets are bridged (switched)
whenever the destination is within the same VLAN and are only routed through the RVI
when necessary. Whenever packets can be switched instead of routed, several layers of
processing are eliminated. The switches rely on their Layer 3 capabilities to provide this
basic RVI routing between VLANs.
user@SW1>configure
[edit]
user@SW1#set vlans test1 vlan-id 10
[edit]
user@SW1#set vlans test2 vlan-id 20
[edit]
user@SW1#set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members test1
[edit]
user@SW1#set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members test2
[edit]
user@SW1#set interfaces vlan unit 10 family inet address 192.168.10.1/24
[edit]
Obtain ip address automatically via DHCP server for PC1 and PC2
PC1>ip dhcp
PC2>ip dhcp
PC1>ping PC2
PC2>ping PC1
Back
3. Refer to the figure below, hosts on the same VLAN can communicate with each other
but are unable to communicate with hosts on different VLANs. What is needed to allow
communication between VLANs?
Instructions:
user@SW1>configure
[edit]
user@SW1#edit protocols
[edit protocols]
user@SW1#set stp forward-delay 20
[edit protocols]
user@SW1#set stp hello-time 5
[edit protocols]
user@SW1#set stp max-age 30
[edit protocols]
user@SW1#exit
[edit]
user@SW1#commit
Note: i. Hello-Time: Determines how often the switch broadcasts hello messages to other
switches.
ii. Forward-Time: Determines how long each of the listening and learning states last before the
interface begins forwarding.
iii. Max-Age: Determines the amount of time the switch stores protocol information received on
an interface.
Back
Description: This exercise demonstrates the command required to configure switch priority
of a VLAN.
Instructions:
Note: The switch priority can be configured thus making it more likely to be chosen as the root
switch. Priority range is 0 to 61440 in increments of 4096, default is 32768.
Back
Instructions:
user@SW1>configure
user@SW1#edit protocols stp interface ge-0/0/0
[edit protocols stp interface ge-0/0/0]
user@SW1#set priority 160
[edit protocols stp interface ge-0/0/0]
user@SW1#exit
[edit]
user@SW1#commit
[edit]
user@SW1#exit
user@SW1>show configuration
Note: Port-Priority can be between 0 and 240 in the increments of 16, default is 128, the lower
the number, higher is the priority.
Back
Description: This lab exercise demonstrates the various show commands to verify
spanning-tree protocol.
Instructions:
1. Enter into configuration mode and commit on any one of the switch for the spanning tree
protocol algorithm to be saved on the switches.
2. Issue show commands to verify spanning tree protocol: To display the configured or calculated
interface-level STP parameters.
user@SW1>configure
[edit]
user@SW1#commit
[edit]
user@SW1#exit
Back
Description: This lab exercise demonstrates the command required to enable VSTP on all
VLANs.
Instructions
1. Create two valns by name “vlan2” and “vlan3” with vlan-id 2 and 3 respectively
2. Enter into edit protocols hierarchy to enable VLAN Spanning Tree Protocol
3. Issue command “set vstp <all> “ to enable VSTP on all VLANs
user@SW1>configure
[edit]
user@SW1#edit vlans
[edit vlans]
user@SW1#set vlan2 vlan-id 2
[edit vlans]
user@SW1#set vlan3 vlan-id 3
[edit vlans]
user@SW1#exit
[edit]
user@SW1#commit
[edit]
user@SW1#edit protocols
[edit protocols]
user@SW1#set vstp vlan all hello-time 5
Note: Make sure that VLANs are created before VSTP is enabled on a switch.
Back
Description: This lab exercise demonstrates the command required to enable VSTP on a VLAN
using single VLAN-ID.
Instructions
user@SW1>configure
[edit]
user@SW1#edit vlans
[edit vlans]
user@SW1#set support vlan-id 4
[edit vlans]
user@SW1#exit
[edit]
user@SW1#commit
[edit]
user@SW1#edit protocols
[edit protocols]
user@SW1#set vstp vlan 4 bridge-priority 4096
OR
user@SW1#set vstp vlan support bridge-priority 4096
Note: Make sure that VLANs are created before VSTP is enabled on a switch.
Back
2. Which of the following switches becomes the Root Bridge, given the details in the below table
A. SW4
3. What is the maximum number of Root ports that a bridge can have ?
A. Unlimited
B. 2
C. 1
D. Not necessary
4. What happens to a port that is neither a Root port nor a Designated port?
A. It is disabled
B. It can be used to send/receive frames
C. It is put into blocking state
D. It will be put into listening mode
5. Which is the designated port on segment SW1-->SW2. Refer to the exhibit below
A. Port 1 on SW1
B. Port 2 on SW1
C. Port 1 on SW2
D. Port 2 on SW2
6. Which is the designated port on the segment SW2-->SW3. Refer to the exhibit below?
A. Port 1 on SW2
B. Port 2 on SW2
C. Port 1 on SW3
D. Port 2 on SW3
Instructions
1. Enter into PoE hierarchy mode on SW2 that has PoE enabled ports.
2. Guard-band syntax is “Set guard-band <watts>”. Range to be set is 0 through 19 where
default value is 0
3. Maximum power syntax is “Set interface (all | interface-name) maximum-power <watts>”.
Range to be set is 0.0 through 18.6 for EX3200 and EX4200 switches and 0.0 through 30.0 for
EX2200 switches and Default is: 15.4 for EX3200 and EX4200 switches and 30.0 for EX2200
switches
4. Verify using show poe interface command that display status of all PoE ports on the switch.
user@SW2>configure
[edit]
user@SW2#edit poe
[edit poe]
user@SW2#set guard-band 12
[edit poe]
user@SW2#set interface ge-0/0/0 maximum-power 18.6
[edit poe]
user@SW2#exit
[edit]
user@SW2#commit
[edit]
user@SW2#exit
user@SW2>show poe interface
Note:
Guard-band: Reserve a specified amount of power out of the PoE power budget in case of a
spike in PoE consumption.
Maximum-Power: Set the maximum amount of power that the switch can supply to the PoE
port.
Back
Description: This exercise demonstrates the way that the switch's PoE controller allocates
power to the PoE interfaces.
1. Enter into PoE hierarchy mode on SW2 that has PoE enabled ports.
2. The command syntax is: Set management (class | static)
user@SW2>configure
[edit]
user@SW2#edit poe
[edit poe]
user@SW2#set management static
[edit poe]
user@SW2#exit
[edit]
user@SW2#commit
[edit]
user@SW2#show
Mode: class—The amount of power allocated to the interface is determined by the class of the
connected powered device. If no powered device is connected, no power is allocated to the
interface.
Mode: static—The amount of power allocated to the interface is determined by the value of the
maximum-power (Interface) statement, not the class of the connected powered device. This
amount is allocated even when a powered device is not connected to the interface, ensuring that
power is available when needed.
Back
Description: This exercise demonstrates disabling a PoE interface, disable the collection of
power consumption data for a PoE interface.
Instructions
1. Enter into PoE hierarchy mode on SW2 that has PoE enabled ports.
2. The command syntax is: set interface (all | interface-name) disable
3. Verify using show poe interface command
user@SW2>configure
[edit]
user@SW2#edit poe
[edit poe]
user@SW2#set interface ge-0/0/0 disable
Back
Description: This exercise demonstrates the command required to set the power priority value on
all PoE enabled interfaces or an individual interface.
Instructions:
1. Enter into [edit poe] hierarchy level on SW2 that has PoE enabled ports.
2. The command syntax is “set interface (all | interface-name) priority (low|high)”
3. Commit the configurations and verify using show command
user@SW2>configure
[edit]
user@SW2#edit poe
[edit poe]
user@SW2#set interface all priority high
[edit poe]
user@SW2#set interface ge-0/0/0 priority low
[edit poe]
user@SW2#exit
[edit]
user@SW2#commit
[edit]
user@SW2#show
user@SW2#exit
user@SW2>show poe interface
user@SW2>show configuration
Note: Set the power priority for individual interfaces when there is insufficient power for all PoE
interfaces. If the switch needs to shut down powered devices because PoE demand exceeds the
PoE budget, low priority devices are shut down before high priority devices.
Among interfaces that have the same assigned priority, priority is determined by port number,
with lower-numbered ports having higher priority.
Default: low
Back
2. What is the name of the 100MB link between the PFE and the RE?
A. So0/0
B. Eth0
C. Fxp0
D. Fxp1
A. EPROM
B. Zip drive
C. hard drive
D. compact flash
4. If the PFE does not have a route to the destination address of a packet, which action will be
taken?
A. CLI
B. J-Web
C. JUNOScope
D. PCMCIA flash card
8. To troubleshoot interface problems, you can use both the disable command and the deactivate
command. Which two statements are correct?
A. Logical units are used only when a Layer 2 identifier is present such as a VLAN.
B. A logical unit of 0 is required when using a frame-relay DLCI.
C. A logical unit is always required.
D. Logical units are not required unless ATM or 802.1Q VLAN tagging is
configured.
11. Which logical unit number must be configured on an interface using PPP encapsulation?
A. unit 0
B. unit 1
C. unit 100
D. unit 255
12. How can you reset your router or switch to factory defaults?
A. reset configuration
B. load factory-default
C. load override default
D. set default configuration
13. Which three steps are considered part of the initial configuration? (Choose three.)
A. SNMP
14. Which two media types support asynchronous transfer mode? (Choose two.)
A. T3
B. SONET
C. Gigabit-Ethernet
D. EIA/TIA-232 serial
A. [edit protocols]
B. [edit router-options]
C. [edit system]
D. [edit routing-options]
16. Which method loads the configuration which was active before your last commit?
17. Which command will configure an IP address upon fe-0/0/0.0 from the [edit interfaces fe-
0/0/0 unit 0] prompt?
18. You have just issued the command commit confirmed and your network continues to be
operational with no further changes required. You issue a commit and-quit. A short time later,
users start complaining about network problems. Which commands (in order) need to be entered
to resolve this issue?
A. >commit confirmed
B. >configure
#rollback 1
#commit
C. >configure
#commit confirmed and-quit
D. >configure
#confirm and-quit
19. Which command will display the temperature of the Routing Engine's CPU?
20. Which three statements are true of dynamic routing protocols? (Choose three.)
21. Which two statements are correct about routing tables in JUNOS? (Choose two.)
A. There are separate tables for IPv4 and IPv6 called inet.0 and inet6.0 respectively.
B. They only contain the best possible route to each destination.
C. All running protocols can populate the routing tables at the same time.
D. Routes with the highest preference value are placed as active routes in the routing
table.
22. What are three advantages of dynamic routing protocols over static routing protocols?
(Choose three.)
23. Which two commands are needed to create and apply an export policy that advertises static
routes to OSPF neighbors? (Choose two.)
24. Your routing table contains four static routes which you need to redistribute to your OSPF
peers. Which method would accomplish this?
A. Apply an import policy to OSPF; this will import the static routes into OSPF.
B. Apply an export policy to protocol "static"; this will export the routes to other
protocols.
C. Apply an import policy to the forwarding table; this will import the routes,
allowing them to be forwarded to OSPF neighbors.
25. You have used ping command to see whether the remote router is working. You have got a
response "U". What does it mean?
31. Appendix
1. C, D
2. C
3. A
4. D
5. D
6. C
7. D
8. B
9. B
10. C
1. B
2. D
3. B
4. A
5. D
1. D
2. B
3. A
4. C, D
5. B
1. A
2. D
3. A, D
4. B, D
5. C
1. C
2. C
3. C
4. C
5. A
1. c
2. a
3. c
4. b
5. c
7. c
8. a
9. b
10. c
1. B
2. C
3. D
1. B
2. B
3. C
4. C
5. A
6. B
1. A
2. D
3. D
4. B
5. D
6. C, D
7. A, B
9. C
10. C
11. A
12. B
13. B, C, E
14. A, B
15. D
16. C
17. B
18. B
19. B
20. A, C, D
21. A, C
22. A, B, C
23. A, C
24. D
25. C
Disclaimer:
CertExams.com is not associated with Juniper Systems Inc or any other company.
Junos™ is a trade mark of Juniper Systems® Inc. and duly recognized.