Juniper Lab Guide

LAB MANUAL FOR JNCIA
Version 1.0
CONTENTS:
1. About Juniper Routers
2. Classification of Juniper Routers
2.1. Difference between J, M, T, E and MX series of juniper routers
3. Juniper Router Architecture
3.1. Routing Engine

3.2. Packet Forwarding Engine
3.2.1. Switching Control Board

3.2.2. FPC
3.2.3. PIC
3.3. Routing Engine Hardware Components

3.4. Router Boot Methods
4. J-Series Router Overview
4.1. J2320 Router Front Panel and its components

4.2. Rear Panel of J2320 router
4.3. J-Series Router Configuration
4.4. PIM Modules for J-Series
4.5. PIM and VOIP Module Overview
4.5.1. Gigabit Ethernet uPIMs

4.5.2. Dual-Port Serial PIM
4.5.3. Dual-Port T1 or E1 PIM
4.6. Brief Overview of J2320, J2350, J4350, J6350 Routers
5. M-Series Router Overview
5.1. M7i Front Panel and its Components

5.2. M7i Rear Panel
5.3. Brief Overview of M7i, M10i, M40e, M120 and M320 Routers
6. JUNOS Command Line Interface
Version 1.0 Copyright © 2002 – 2017 CertExams.com 1

7. Router Interfaces
7.1. Permanent Interfaces

7.2. Transient Interfaces
8. Interface Representation
8.1. On J-Series Routers

8.2. On M-Series and T-Series Routers
8.3. On MX-Series Routers
9. Routing Fundamental Labs
9.1. Lab Exercise 1 : Entering configuration mode on a router and exit

9.2. Lab Exercise 2 : Setting host name
9.3. Lab Exercise 3 : Setting routers domain name
9.4. Lab Exercise 4 : Configure the root password (Encrypted Password)
9.5. Lab Exercise 5 : Configure a DNS name server
9.6. Lab Exercise 6 : Configure a backup router
9.7. Lab Exercise 7 : Router interface address configuration
9.8. Lab Exercise 8 : Shut down an interface
9.9. Lab Exercise 9 : Set interface description
9.10. Lab Exercise 10 : Configuring encapsulation on a physical interface
9.11. Lab Exercise 11 : Configuring keepalives
9.12. Lab Exercise 12 : Set keepalive timers
9.13. Lab Exercise 13 : Configuring management ethernet interface(fxp0)
9.14. Lab Exercise 14 : Setting bandwidth on an interface
9.15. Lab Exercise 15 : Setting the hold-time value on a physical interface
9.16. Lab Exercise 16 : Setting the DTE clock rate
9.17. Lab Exercise 17 : Basic gigabit ethernet configuration on a J-series router
9.18. Lab Exercise 18 : Configuring speed on sonet interface
9.19. Lab Exercise 19 : Show chassis commands on J and M series routers
9.20. Objective Test 1
10. Static Routing Labs
10.1. Lab Exercise 1 : Configuring static routes

10.2. Lab Exercise 2 : Ping Test
10.3. Lab Exercise 3 : Telnet
10.4. Lab Exercise 4 : Traceroute
10.5 Lab Exercise 5 : Connectivity check between Router and workstations
10.6 Lab Exercise 6 : Pinging between two workstations
10.7 Lab Exercise 7 : Pinging between two workstations on different subnet
10.8 Lab Exercise 8 : Tracing route from workstation to router
11. Policies Configuration Labs
11.1. Lab Exercise 1 : Routing policy lab 1

11.2. Lab Exercise 2 : Routing policy lab 2

12. RIP Configuration Labs
12.1. Lab Exercise 1 : RIP configuration

13. Dynamic Routing Labs
13.1. Lab Exercise 1 : Ping test by configuring RIP

13.2. Lab Exercise 2 : Ping test by configuring OSPF with multiple areas
14. Show Commands Labs
14.1. Lab Exercise 1 : Show commands lab
15. OSPF Labs
15.1. Lab Exercise 1 : OSPF configuration

15.2. Lab Exercise 2 : OSPF configuration and verification
16. BGP Labs
16.1 Lab Exercise : BGP configuration
17. MPLS Labs
17.1 Lab Exercise 1 : Enabling MPLS family on the interface

17.2 Lab Exercise 2 : Enabling MPLS protocol on the interface
17.3 Lab Exercise 3 : Enabling LDP protocol on the interface
17.4 Lab Exercise 4 : MPLS show commands
17.5 Lab Exercise 5 : MPLS ping and traceroute
17.6 Lab Exercise 6 : Configuring MPLS using OSPF
17.7 Objective test 6
18. IPV6 Labs
18.1 Lab Exercise 1 : Configuring IPv6 address on an interface in EUI-format

18.2 Lab Exercise 2 : Configuring IPv6 address on an interface in general form
18.3 Lab Exercise 3 : Ipv6 show commands
18.4 Lab Exercise 4 : Configuring IPV6 static routes
18.5 Lab Exercise 5 : Ping Test using IPV6
18.6 Lab Exercise 6 : Traceroute on IPV6
19. Firewall Filter (ACL) Labs
19.1 Lab Exercise 1 : Creating a Firewall filter

19.2 Lab Exercise 2 : Applying firewall filter to an interface

19.3 Lab Exercise 3 : View Firewall filter entries
19.4 Lab Exercise 4 : Configuring and Verifying firewall filter Lab Scenario-1
19.5 Lab Exercise 5 : Configuring and Verifying firewall filter Lab Scenario-2
20. Network Address Translation Labs
20.1 Lab Exercise 1 : Configuring Source NAT using Egress interface Address
20.2 Lab Exercise 2 : Configuring Source NAT Translation pool
20.3 Lab Exercise 3 : Configuring Destination NAT pools
20.4 Lab Exercise 4 : Creating Destination NAT rule set
20.5 Lab Exercise 5 : Configuring Static NAT for single address translation
20.6 Lab Exercise 6 : Configuring Source NAT using multiple rules Lab Scenario-1
20.7 Lab Exercise 7 : Configuring Source NAT using multiple rules Lab Scenario-2
20.8 Lab Exercise 8 : Configuring Destination NAT using multiple rules
21. Exercises on DHCP
21.1 Lab Exercise 1 : Configuring juniper router as a DHCP Server

21.2 Lab Exercise 2 : DHCP client configuration
21.3 Lab Exercise 3 : Configuring two DHCP clients and DHCP verification commands
21.4 Lab Exercise 4 : Assigning ip address to PC(computer) from DHCP server
22 Juniper Switch Models
23. EX Series Switches Overview
23.1. EX2200 Switch
23.1.1. EX2200 Front Panel

23.1.2. Chassis LEDs
23.1.3. EX2200 Rear Panel
23.2. EX2500 Switch

23.3. EX3200 Switch
23.4. EX4200 Switch
23.5. EX4500 Switch
23.6. EX8200 Switch
24. QFX Series Switch - QFX3500 Switch Overview
26. Basic Switch Labs
26.1. Lab Exercise 1 : Entering configuration mode on a switch and exit

26.2. Lab Exercise 2 : Setting Hostname
26.3. Lab Exercise 3 : Set interface description
26.4. Lab Exercise 4 : Shutdown an interface
26.5. Lab Exercise 5 : Basic CLI commands

26.6. Lab Exercise 6 : Configure bandwidth on an interface
26.7. Lab Exercise 7 : Configuring ether-options on the gigabit ethernet switch
interface
26.8. Lab Exercise 8 : Configuring the management IP address on EX series switch
27. Lab Exercises on VLAN
27.1. Lab Exercise 1 : Define VLANs

27.2. Lab Exercise 2 : Configure a port for membership in that VLAN
27.3. Lab Exercise 3 : Configuring an interface as a trunk port
27.4. Lab Exercise 4 : Configuring VLANs on EX series switch
27.5. Lab Exercise 5 : Configuring Routed VLAN interface (Inter-VLAN routing) on
a switch
27.6. Creating DHCP pool on EX series switches
27.7. Configure DHCP Server for multiple vlans in EX series switches
27.8. Vlan Scenario
27.9. Troubleshooting Lab with trunk functionality
27.10. Routing between vlans and ping test
28. Lab Exercises on Spanning tree protocol and VSTP
28.1. Lab Exercise 1 : Configuring STP Timers

28.2. Lab Exercise 2 : Setting bridge priority on switch
28.3. Lab Exercise 3 : Configuring port priority
28.4. Lab Exercise 4 : Verifying STP
28.5. Lab Exercise 5 : Enabling VSTP on all VLANs
28.6. Lab Exercise 6 : Enabling VSTP on a VLAN using a single VLAN-ID / VLAN-
Name
29. Lab Exercises on PoE
29.1. Lab Exercise 1 : Configuring guard-band and maximum power on PoE enabled
interface
29.2. Lab Exercise 2 : Configuring power management mode on PoE enabled
interface
29.3. Lab Exercise 3 : Disabling a PoE interface
29.4. Lab Exercise 4 : Setting power priority on all PoE enabled interfaces
30. Final Exam
30.1. Objective Test Final Exam
31. Appendix
31.1. Answer keys for objective test 1


31.9. Answer keys for objective test final exam
1. About Juniper Routers
Main products offered by Juniper include T-Series, M-Series, E-Series, MX-Series, J-Series routers,
EX-Series Ethernet switches and SRX-Series Security products. JUNOS is the operating system that
runs on most of the juniper's networking equipment.
2. Classification of Juniper Routers:
The routers are classified in to M-series, J-series, T-series, E-series, and MX-series based on the
functionality. Some frequently used models are given below:
M-Series: M7i, M10i, M40e, M120, M320

J-Series: J2320, J2350, J4350, J6350
T-Series: T320, T640, T1600, TX Matrix, TX Matrix Plus
E-Series: E120, E320, ERX310, ERX705, ERX710, ERX1410, ERX1440
MX-Series: MX80, MX240, MX480, MX960
2.1 Differences between different series of juniper routers are
1. Juniper J-Series routers are a series of enterprise routers called as modular

routers for enterprises running desktops, servers, VoIP etc applications and
these kind of routers are typically deployed at remote offices or branch
locations.
2. Juniper M-Series routers are called Multiservice Edge routers designed for
enterprise and service provider networks.
3. Juniper T-Series routers are a series of core routers designed for high-end
and core networks with throughput from 320 Gbit/s to 25.6 Tbit/s with a max
forwarding rate of 30.7 billion pps.
4. Juniper E-Series routers are a series of broadband services routers or edge

routers which provides multiple services including broadband remote access
server, broadband video services, security services, NAT etc on a single
platform.
5. Juniper MX-Series routers are a family of high-performance Ethernet

Services routers with powerful switching features and are designed for high-
performance service providers and enterprises.
Note: However, please note that we will be discussing only the J-series and some M-series
routers in this manual. Other products are beyond the scope of this manual.
3. Juniper Routers Architecture
The central principle of the Juniper Networks platform centers on a separation of the control and
forwarding planes within the router. These are Routing Engine and Packet Forwarding Engine as
shown below.
3.1. Routing Engine
The Routing Engine is the central location for control of the system in a juniper networks
router and it consists of an Intel-based PCI platform running JUNOS software. The Routing
Engine constructs and maintains one or more routing tables. From the routing tables, the
Routing Engine derives a table of active routes, called the forwarding table, which is then
copied into the Packet Forwarding Engine.
Functions of the routing engine include the following
• Handling of routing protocol packets

• Management Interface
• Configuration Management
• Accounting and alarms
• Modular Software
• Scalability
3.2. Packet Forwarding Engine
The Packet Forwarding Engine is the central location for data packet forwarding through
the router. The main portions of the Packet Forwarding Engine are the following:
• Switching control board.

• Flexible PIC Concentrator, and

• Physical Interface Card
3.2.1 Switching Control Board
The switching control board contains a PowerPC CPU and 64MB of RAM that
operates the components of the circuit board itself, but doesn't participate in
packet forwarding. The Internet Processor ASIC is located on the control board
and accesses the forwarding table for route lookups.
3.2.2. Flexible PIC Concentrator (FPC)
The Flexible PIC Concentrators on a router house the PICs which connect the
router to network media and its main function is to connect the PICs installed in
it to the other router components.
The Flexible PIC Concentrator (FPC) connects to both the switching control
board and the router's interfaces within the Packet Forwarding Engine.
3.2.3. Physical Interface Card (PIC)
PIC is an interface card through which network cables carry data transmissions
to and from the network plug. A PIC installs into a FPC.
3.3. Routing Engine Hardware Components
The Routing Engine consists of various components like Processor, DRAM, EPROM,
Crypto Accelerator Module, Compact Flash.
i. Processor
The processor runs JUNOS software to maintain the router's routing tables and
routing protocols and creates the packet forwarding switch fabric for the router.
ii. DRAM
DRAM buffers incoming packets and provides storage for the routing and
forwarding tables and for other Routing Engine processes
iii. EPROM
EPROM stores the serial number of the Routing Engine.
iv. Crypto Accelerator Module
Crypto Accelerator Module is a processor card that enhances performance of

cryptographic algorithms used in IP security (IPSec) services.
The cryptographic algorithms supported include Advanced Encryption Standard

(AES), Data Encryption Standard (DES), triple DES (3DES), Hashed Message

Authentication Code-Message Digest 5 (HMAC-MD5), and HMAC-Secure
Hash Algorithm 1 (SHA-1).
v. Compact Flash
Compact Flash component provides primary storage for software images,

configuration files, and microcode. J-series routers have a primary or internal
compact flash located on the system board.
3.4. Router Boot Methods
J2320 and J2350 router can boot from the following given three devices.
i. Internal Compact Flash

ii. External Compact Flash
iii. USB Storage Device
J4350 and J6350 can boot from two devices namely
i. Compact Flash disk

ii. USB Storage Device
4. J-Series Router Overview
J Series Services Routers running JUNOS Software provide stable, reliable, and efficient IP routing,
WAN and LAN connectivity, and management services for small to medium-sized enterprise networks.
The J-series juniper router runs Junos with MPLS, IP4/6, QOS, multicast, firewall and IPsec VPN.
J-series Services Routers support network interfaces for E1, E3, T1, T3, Fast Ethernet, serial, Point-to-
Point Protocol over Ethernet (PPPoE), and ISDN media.
Slot numbering for J2320 router
Slot numbering for J2350 router

4.1. J2320 Router Front Panel and its Components
The front panel of the J2320 router is as shown below
The cross section as indicated by AA is provided in an enlarged scale below:

The components are explained below:
Physical Interface Module (PIM)
PIMs provide the physical connection to various network media types. The PIM receives
incoming packets from the network and transmits outgoing packets to the network.
Power Button and Power LED
The power button can be used to power the service router on and off. The power LED
located at the upper left of the LED dashboard is green color when on and it can be in two
states. i. On steadily state which means power is functioning correctly ii. Blinking state
which means power button has been pressed and quickly released and the router is shutting
down.
Status LED
Status LED changes from off to blinking green when the system is powered on. It can be in
the following states
Color State Description

Blinking Router is starting up or
performing diagnostics
Green
On steadily Router is operating normal
Red Blinking Error has been detected
Alarm LED
The alarm LED lights can be either yellow or red. If yellow, indicates a minor condition
that requires monitoring or maintenance. If red, indicates major condition that can result in
a system shutdown.
HA LED
The High availability (HA) LED lights when the router starts but otherwise remains unlit
and this is mostly for future use.
Reset Config Button
This button is used to return the router to either the rescue configuration or the factory
default configuration.
Console Port
Through the console port, a RJ-45 serial cable can be used to connect to the routing engine
and the router can be configured using CLI from the chassis console port.
USB Port
The USB ports on the front panel of the router accept a USB storage device or USB storage
device adapter with a compact flash installed and can act as a secondary boot device if the
internal compact flash fails on startup.
ESD Point
The electrostatic discharge point located at the front of the chassis minimizes the risk of
electrical discharge in potentially hazardous environments.
4.2. Rear Panel of J2320 router

4.3. J-Series Router Configuration
There are two user interfaces to monitor, configure, troubleshoot and manage a service
router. They are JUNOS CLI and J-web Interface.
5.3.1 JUNOS Command Line Interface
JUNOS CLI is a Juniper Networks Command Shell that runs on top of a UNIX-
Based OS Kernel. The CLI provides command help and command completion
and commands are executed when Enter key is pressed.
The CLI has two modes Operational mode and Configuration mode. The CLI
commands are organized hierarchically with commands that perform a similar
function grouped together under the same level.
Steps for starting the CLI
1. Establish a connection with the services router 2. Log in using username and
password. After log in, enter a UNIX shell 3. Start the CLI
%cli
user@host>
The prompt ">" indicates that the CLI has started.
5.3.2. J-Web Interface

J-Web is a web-based GUI that allows operating a router without commands. It
allows to monitor, configure, troubleshoot, and manage the router on a client by
means of a web browser with HTTP (Hyper Test Transfer Protocol) or HTTPS
(HTTP over Secure Sockets Layer) enabled. Quick configuration wizards
simplify basic configuration and minimizes the risk of error.
4.4. PIM Modules for J-Series
PIMs supported for J-Series are categorized into uPIM, ePIM.
5.4.1 PIM
PIM (Physical Interface Module) is a network interface card that is installed on

a J-series Services Router, to provide physical connections to a LAN or a WAN
5.4.2 uPIM (Universal Switching PIM)
uPIM is a particular type of PIM, such as the Gigabit Ethernet uPIM, which can
be universally inserted in any slot on a J2320, J2350, J4350, or J6350 Services
Router.
The difference is ePIM slots has PCI and PCI-X bus connection whereas PIM
slots only has PCI bus connection. A uPIM either uses the PCI or the PCI-X
bus depending on what slot the uPIM is installed in. Naturally better
performance is expected with ePIM slots.
5.4.3 ePIM (Enhanced PIM)
ePIM is a particular type of high-speed PIM, such as the Gigabit Ethernet ePIM
or 4-port Fast Ethernet ePIM, which can be inserted only in high-speed slots
(slots 3 and 6 on a J4350 Services Router, or slots 2, 3, 5, and 6 on a J6350
Services Router).
4.5. PIM and VoIP Module Overview
J-Series routers accept PIMs and Avaya VoIP modules in the slots on the front of the
chassis.
Some of the supported PIMs include the following and are explained below
• 1-Port, 6-Port, 8-Port and 16-Port Gigabit Ethernet uPIMs

• Dual-Port Serial PIM
• Dual-Port T1 or E1 PIM
Avaya VoIP modules are controlled by the Avaya Communication Manager (CM) software
rather than the JUNOS software and are installed in the router chassis like PIMs.
5.5.1. Gigabit Ethernet uPIMs

Gigabit Ethernet uPIMs are available in four versions i.e, 1-Port, 4-Port, 8-Port,
16-Port and are supported on J2320, J2350, J4350 and J6350 service routers.
1-Port Gigabit Ethernet uPIM
These have small form-factor pluggable (SFP) transceivers which allows

different connectors. SFP is as shown in the figure below
A 1-port Gigabit Ethernet uPIM is as shown
Gigabit Ethernet uPIM can be inserted in any slot on J2320, J2350, J4350 and
J6350 service routers. High-speed slots are slots 3 and 6 on the J4350 router,
and slots 2, 3, 5, and 6 on the J6350 router.
Gigabit Ethernet uPIMs features are
• The multiport uPIMs can be used as switches in the access layer

• Link speed for 8-port and 16-port Gigabit Ethernet uPIMs is
configurable to 10, 100, or 1000 Mbps, and transmission mode is
configurable to half or full duplex. The 1-port and 6-port SFP Gigabit
Ethernet uPIMs cannot be manually configured-they are set at 1000
Mbps and full duplex.

• 1-port and 6-port Gigabit Ethernet uPIMs use SFP transceivers to allow
different connectors to be used on uPIM ports. These SFP Gigabit
Ethernet uPIMs support 1000Base-SX, 1000Base-LX, and 1000Base-T
SFPs. They do not support 1000Base-LH SFPs.
• 8-port and 16-port Gigabit Ethernet uPIMs-and SFPs on the 1-port and
6-port uPIMs-support 1000Base-T RJ-45 connectors. The limitations are
that Gigabit Ethernet uPIMs do not support SNMP and the interfaces
can be configured up to a max MTU size of 9014 bytes.
5.5.2. Dual-Port Serial PIM
The Dual-Port Serial PIM provides a physical connection to serial network

media types through two serial interface ports.
The key features of dual-port serial PIM are
• Onboard network processor

• Auto selection of operation modes based on data terminal equipment
(DTE) or data communication equipment (DCE) cables
• Local and remote loopback diagnostics
• Configurable clock rate for the transmit (Tx) clock and receive (Rx)
clock
5.5.3. Dual-Port T1 or E1 PIM
The Dual-Port T1 PIM and Dual-Port E1 PIM provide a physical connection to

T1 or E1 network media types. Each PIM has two physical T1 or E1 ports with
an integrated channel service unit (CSU) or data service unit (DSU).
Dual-port T1 PIM is shown below

Dual-port E1 PIM is shown below
Their key features include
• Onboard network processor

• Integrated CSU/DSU-Eliminates the need for a separate external device
• 56-Kbps and 64-Kbps modes
• ANSI T1.102, T1.107, and T1.403 standards compliance
• G.703, G.704, and G.706 E1 standards compliance
• Independent internal and external clocking system
• Loopback, bit error rate test (BERT), T1 facilities data link (FDL), and
long buildout diagnostics
4.6. Brief Overview of J2320, J2350, J4350, J6350 Routers
1. J2320
The J2320 Services Router is primarily designed for remote and branch offices.
The J2320 routers are entry level service routers which gives up to 600 Mbps
throughput performance, has four built-in Gigabit Ethernet ports. It has three
PIM slots for additional LAN/WAN connectivity, Avaya VoIP Gateway, and
WAN acceleration. They are used for one or two broadband, T1, or E1
interfaces with integrated services.
Fixed Interfaces: 4 Gigabit Ethernet ports

No of pim slots: 3
2. J2350
The J2350 Services Router is primarily designed for branch offices. The J2350
router which has 4built-in Gigabit Ethernet ports gives up to 700 Mbps
performance. It gives five PIM slots. They are usually used for multiple
broadband, T1, or E1 interfaces with multiple integrated services

No of pim slots: 5

3. J4350
The J4350 Services Router is designed primarily for regional and branch
offices. The J4350 enterprise router gives up to 1Gbps in performance. They
are usually used for DS3, E3, and Metro Ethernet interfaces with integrated
services. It has six PIM slots. Two of these slots are enhanced-performance
slots that provide additional performance to multiple Gigabit Ethernet
configurations.

No of pim slots: 6
4. J6350
The J6350 Services Router is designed primarily for regional and central
offices. The J6350 gives up to 2 Gbps in performance. It has six PIM slots for
additional LAN/WAN connectivity, Avaya VoIP Gateway, and WAN
acceleration. These routers have optional redundant power supplies for high
system availability. The J6350 Services Router is a higher-performance system
than the J4350 Services Router.

No of pim slots: 6
5. M-Series Routers Overview
The Juniper Networks M Series is a family of high-performance, multiservice edge routers, with
advanced routing features that delivers exceptional flexibility and reliability over a wide range of
connectivity options without compromise.
Designed for high-performance service providers and enterprises, the M7i, M10i, M120, and M320 can
be deployed in the small and medium core, multiservice edge, collapsed POP routing, peering, route
reflector, campus or WAN gateway applications. Speeds range from DS0 up to OC192/STM-64 and 10
GbE.
Advanced routing features supported include MPLS, multicast, QoS, and high availability. Services

supported include a broad array of VPNs, network-based security, real-time voice and video,
bandwidth on demand, rich multicast of premium content, IPv6 services, granular accounting and much
more.
5.1 M7i Front Panel and its Components
The components are explained below
PIC
A PIC (Physical Interface Card) is an interface card through which network cables carry
data transmissions to and from the network plug. A PIC installs into a FPC (Flexible PIC
Concentrator). M7i router accommodates four PICs.
FIC
In addition to four PICs, M7i router includes a built-in FIC (Fixed Interface Card) that
provides two fast Ethernet ports or one gigabit Ethernet port depending on which FIC was
ordered. FPC 0 holds PIC slots (0 to 3) and FPC 1 holds fixed interfaces (Two Fast

Ethernet or One Gigabit Ethernet).
FIC Receives incoming packets and transmits outgoing packets to the network, displays
alarm status, and takes PICs online and offline.
ESD Point
The ESD Point (Electrostatic discharge point) located at the front of the chassis minimizes
the risk of electrical discharge in potentially hazardous environments.
Routing Engine
Routing Engine maintains the routing tables, manages the routing protocols, controls the
interfaces, controls some chassis components, and provides the interface for system
management and user access.
5.2 M7i Rear Panel
Some of the components are explained below
CFEB
CFEB (Compact Forwarding Engine Board) provides route lookup, management of shared
memory, transfer of outgoing data packets, and transfer of exception and control packets;
includes built-in tunnel interface and optional Adaptive Services PIC.
Power Supplies
Power Supplies distributes needed voltages to components.

5.3 Brief overview of M7i, M10i, M40e, M120 and M320 Routers
1. M7i
The M7i Multiservice Edge Router is 3.5 inches (8.9 cm) in height and supports
7+ Gbps throughput. The M7i is ideal as an IP/MPLS provider edge router in
small PoPs or as an enterprise routing solution for Internet gateway or branch
aggregation.
The M7i router supports various PICs, including ATM, channelized, Ethernet,
IP services, and SONET/SDH interfaces.
The router accommodates up to four Physical Interface Cards (PICs). In

addition to the PICs, the Fixed Interface Card (FIC) provides two Fast Ethernet
ports or one Gigabit Ethernet port, depending on your configuration.
PICs are interchangeable between the M7i and M10i routers.
2. M10i
The M10i Multiservice Edge Router is cost-effective fully redundant M Series

edge router, combined with Junos OS reliability features, the M10i router is the
product of choice for enabling reliable and secure services in small and medium
PoPs.
The router supports up to eight PICs, including ATM, Channelized, Gigabit

Ethernet, IP Services, and SONET/SDH interfaces
The M10i router supports up to eight Physical Interface Cards (PICs). PICs are
interchangeable between the M7i and M10i routers.
3. M40e
The M40e Multiservice Edge Router provides a dense, highly redundant

platform primarily targeted for dense dedicated access aggregation and provider
edge services in medium and large PoPs.
PICs are available in supported media types, including Asynchronous Transfer

Mode (ATM), Channelized DS3, E1, E3, T1, Ethernet, SONET/SDH, and IP
services.
The router accommodates up to eight Flexible PIC Concentrators (FPCs) (FPC

0 to FPC 7), which can each be configured with a variety of network media
types, altogether providing up to 32 OC12/STM4, 32 Gigabit Ethernet, or eight
OC48/STM16 ports per system. FPCs supported by M40e router are FPC,
Enhanced Plus FPC1, Enhanced Plus FPC2
PICs are compatible with the M120 and Juniper Networks T320 and T640 Core
Routers.

4. M120
M120 router is the newest addition to M-Series, capable of supporting MPLS

services at Layers 2 and 3, including Layer 3 VPNs, the M120 is designed to
deliver superior redundancy and facilitate the transport of legacy Frame Relay
and ATM traffic over high-bandwidth Ethernet links.
The router supports various PICs, including ATM, Channelized, Gigabit

Ethernet, IP services, and SONET/SDH interfaces.
The M120 delivers support for 128 GE subscriber ports, with 10 GB Ethernet
or OC 192 uplink capability in an affordable, compact form factor
The router is a quarter-rack chassis that supports up to six FPCs. Four slots
accept FPCs of Types 1, 2, and 3 and two slots accept Compact FPCs (CFPCs).
Each FPC can be configured with a variety of network media types, altogether
providing up to 130 physical interface ports per system. The CFPC slots are
identical to the Type 1, 2, and 3 FPC slots, but feature a smaller form factor to
provide higher density 10-Gigabit interfaces.
FPCs supported by M120 router are FPC1, FPC2 and FPC3. PICs are
compatible with M40e, T320, and T640 routers.
5. M320
The M320 Multiservice Edge Router is a high performance, 10 Gbps-capable,

distributed architecture edge router ideal for medium-size backbone cores
requiring predictable performance for feature-rich infrastructures.
The router supports up to eight FPCs providing SONET/SDH OC-48/STM16,

SONET/SDH OC192/STM64, and 160-Gigabit Ethernet media.
The router is a half-rack chassis that supports up to eight Flexible PIC

Concentrators (FPCs) providing up to 64 SONET/SDH OC48/STM16, 16
SONET/SDH OC192/STM64, or 160 Gigabit Ethernet ports for the router.
FPCs supported by M320 router are Enhanced II FPC 1, Enhanced III FPC 1,
Enhanced II FPC 2, Enhanced II FPC 3, Enhanced III FPC 2, Enhanced III FPC
3. PICs are compatible with M40e, M120, T320, and T640 routers

6. JUNOS Command Line Interface
The operating system software that powers the Juniper routers is called JUNOS. The software is
modular and standards based. Another important feature of JUNOS is that the software is platform
independent (within Juniper hardware systems, not to be confused with other vendor hardware), thus
delivering the same scalability and security across several hardware platforms.
JUNOS CLI is a simple to use, text-based command interface. We give various commands on CLI for
configuring, troubleshooting and monitoring the software.
JUNOS primarily supports two types of command modes.
a) Operational Mode
b) Configuration Mode
a) Operational Mode:
When we log in to the router and the CLI starts, we are at the top level of the CLI operational mode. In
this mode, we enter the commands for
1. Controlling the CLI environment, and

2. Monitor and troubleshoot network connectivity, and
3. Initiating the Configuration Mode.
Frequently used commands in this mode include ping, show, traceroute, configure, etc.
b) Configuration Mode:
We use the Configuration mode for configuring the JUNOS software by creating a hierarchy of
configuration statements. We enter the configuration mo9+de by using the command "configure" as
shown below:
user@host>configure
Entering configuration mode
[edit]
user@host#
Issuing the commands one at a time using CLI can configure a JUNOS™ router or alternately, we can
configure by creating a text (ASCII) file that contains the statement hierarchy. Remember to activate
the configuration by using the command "commit" on the router.
As shown in the above example, the generic configuration prompt is user@host#. Ofcourse, we can
change the prompt by using appropriate command.
Statement Hierarchy:
We use the above configuration mode commands to create a statement hierarchy, and then configure
the JUNOS software. The term "statement hierarchy" is used to define the sequence of commands used
for configuring a particular feature (or features) of the router. An example statement hierarchy is given

below:
user@host>configure
Entering configuration mode
[edit] ----Top level
user@host#edit protocols ospf
[edit protocols ospf] ----protocols ospf hierarchy level
user@host#
"set" commands are used to configure specific leaf statements.
Ex: user@host#set hello-interval 14
7. Router Interfaces
Juniper Networks platform has primarily two types of interface. These are:
Permanent interfaces, these are always present in the router and

Transient interfaces, these can be inserted or removed from the router by user.
7.1. Permanent Interfaces:
Each router has two permanent interfaces. These are:
a. Management Ethernet interface: This interface enables us to access the

router using ssh, and telnet. The interface uses out-of-band connectivity, and
does not provide packet forwarding capabilities for the transit data packets.
b. Internal Ethernet interface: Connects the Routing Engine (running the

JUNOS Internet software) to the Packet Forwarding Engine. The router uses
this interface as the main communications link between the JUNOS software
and the components of the Packet Forwarding Engine. The Internal Ethernet
interface is configured automatically when the JUNOS software boots.
7.2. Transient Interfaces:
Transient Interfaces are the interfaces that receive user's data packets from the network and
transmit the packets to the network. These interfaces are physically located on a Physical
Interface Card. They can be inserted and removed at any time.
These interface need to be configured before using it. We can also configure the interfaces
that are not in the chassis. When the JUNOS software activates the router's configuration it
finds out the interfaces that are present and activates only those interfaces.
In addition, each router has two serial ports, labeled console and auxiliary. Console port can
be used to connect tty-type terminals to the router. The auxiliary port can connect to a
modem

8. Interface Representation
8.1. On J-Series routers
On the J-series routing platform, when information about an interface is displayed, the
interface type, the slot in which the Physical Interface Module (PIM) is installed, 0, and the
configured port number is specified.
In the physical part of the interface name, a hyphen (-) separates the media type from the
PIM number, and a slash (/) separates the PIM, 0, and port numbers. And the syntax is:
type-pim/0/port
Each of the terms are explained below:
type: is the one that uniquely identifies the type of physical interface. It is a two-character
word and can be one of the following:
ae-Aggregated Ethernet interface

at-ATM interface
e1-E1 interface (including channelized STM-1 interfaces)
e3-E3 interface
fe-Fast Ethernet interface
fxp-Management and internal Ethernet interfaces
ge-Gigabit Ethernet interface
gr-Generic Route Encapsulation tunnel interface
ip-IP-over-IP encapsulation tunnel interface
lo-Loopback interface
ml-Multilink interface
so-SONET/SDH interface
t1-T1 interface (including channelized DS-3 and OC-3 interfaces)
t3-T3 interface (including channelized OC-12 interfaces
se-Serial interface
pim: Physical Interface Module (PIM) provides the physical connection to various network
media types. It is the slot in which the PIM is installed.
0: it is the pim module number
port: it is the port number to be configured
For example, on a J-series router J2320, assuming that slot 1 is populated with single port
gigabit ethernet card, the interface is uniquely identified as below:
ge-1/0/0
8.2. On M-Series routers and T-Series routers
Using JUNOS™ software, a typical interface configuration will have the following syntax:
type-fpc/pic/port

Each of the terms are explained below:
word as stated above.
fpc: is the physical slot number in the chassis where the interface is located.
pic: is the slot number on the FPC where the interface is located.
port: is the location on the PIC where the interface port (to which the interface is
connected) is located.
For example, M7i router will have one fixed FPC (FPC1) that contains internal ports, and
FPC 0 for external PIC cards. Assuming that FPC0, PIC1 is populated with dual port fast
ethernet card, the ports are uniquely addressed as below:
fe-0/1/0 for the first fast ethernet port, and

fe-0/1/1 for the second fast ethernet port.
Note:Some physical interfaces use channel numbers instead if unit numbers. These
numbers are represented using colon instead of period like media_type-fpc/pic/port:channel
Number
8.3. On MX-Series routers
On the MX-series routers when information about an interface is displayed, the interface
type, the slot in which the Dense Port Concentrator (DPC) is installed, the slot on the DPC
in which the Physical Interface Card (PIC) is located, and the configured port number are
specified.
In the physical part of the interface name, a hyphen (-) separates the media type from the
DPC number, and a slash (/) separates the DPC, PIC, and port numbers. And the syntax is:
type-dpc/pic/port
word as stated above.
dpc: is the slot number in which the Dense Port Concentrator (dpc) is installed
pic: is the slot number on the dpc
port: it is the port number to be configured

9. ROUTING FUNDAMENTAL LABS
The following labs can be performed using CertExams.com Juniper network simulator. The software
may be downloaded from the Juniper Junos Simulator product page. Further, please note that the Demo
version will support limited commands. All labs are supported only in the full version of the software.
9.1 : Lab Exercise 1 : Entering configuration mode on a Router, and exit
Description: A basic exercise, that shows how to enter configuration mode, and exit from
the same. Choose R1 from the network diagram, and exit.
Instructions:
1. Enter into configuration mode

2. Get back to the operational mode
user@R1>configure
[edit]
user@R1#exit
user@R1>
Back
9.2 :Lab Exercise 2 : Setting Host Name
Description:Set the router host name. Go to N/W diagram and choose device R1.
Instructions:

2. Set hostname as juniper1
user@R1>configure
[edit]
user@R1#edit system
[edit system]
user@R1#set host-name juniper1
[edit system]
user@juniper1#exit
[edit]
user@juniper1#commit
commit complete
[edit]
user@juniper1#show
Back

9.3 : Lab Exercise 3 : Setting Routers Domain Name
Description:Set the router domain name. Go to N/W diagram and choose device R1.
Instructions:

2. Set domain name as mydomain.net.
user@R1>configure
[edit]
user@R1#edit system
[edit system]
user@R1#set domain-name mydomain.net
[edit system]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
9.4 : Lab Exercise 4 : Configure the Root Password (Encrypted

Password)
Description: This lab demonstrates configuring encrypted password on the router.
Instructions:

2. Move to the root-authentication hierarchy
3. Set the encrypted password as 24adr3e
user@R1>configure
[edit]
user@R1#edit system root-authentication
[edit system root-authentication]
user@R1#set encrypted-password 24adr3e
[edit system root-authentication]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show

Back
9.5 : Lab Exercise 5 : Configure a DNS Name Server
Description:For the Router to resolve hostnames into addresses, one or more DNS name
servers have to be configured.
Instructions:

2. Set the DNS name server as 196.20.32.15
user@R1>configure
[edit]
user@R1#edit system
[edit system]
user@R1#set name-server 196.20.32.15
[edit system]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
9.6 : Lab Exercise 6 : Configure a Backup Router
Description: This exercise demonstrates configuring a backup router.
Instructions:

2. Configure the backup router with an address of 196.20.32.15/24
user@R1>configure
[edit]
user@R1#edit system
[edit system]
user@R1#set backup-router 196.20.32.15/24
[edit system]
user@R1#exit
[edit]
user@R1#commit
commit complete

[edit]
user@R1#show
Back
9.7 : Lab Exercise 7 : Router Interface Address Configuration
Description: In this lab, you configure so-0/0/1 interface under unit 0 and family inet on a
router with specified ip address and subnet mask. Choose R1 in the network diagram and
exit.
Instructions:

2. Set ip address of so-0/0/1 as 196.20.32.15 and subnet mask as 24
3. Issue show interfaces command to verify the configuration
user@R1>configure
[edit]
user@R1#edit interfaces so-0/0/1
[edit interfaces so-0/0/1]
user@R1#edit unit 0 family inet
[edit interfaces so-0/0/1 unit 0 family inet]
user@R1#set address 196.20.32.15/24
user@R1#exit
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
user@R1>show interfaces so-0/0/1
Back
9.8 : Lab Exercise 8 : Shut down an Interface
Description: By default, an interface will be in up state. We need to issue disable

command to bring-down the interface.
Instructions:
1. View the information about interface serial 0

2. Bring serial 0 to no shutdown state
3. Now view the state of the interface serial 0

user@R1>configure
[edit]
user@R1#set disable
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
9.9 : Lab Exercise 9 : Set Interface Description
Description: In this exercise, description to an interface is set by using set description

command.
Instructions:
1. Enter into configuration mode.

2. Set the description of interface so-0/0/0 as "interface-so-0/0/0" .
user@R1>configure
[edit]
user@R1#set description interface-so-0/0/0
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
9.10 : Lab Exercise 10 : Configuring the Encapsulation on a Physical

Interface
Description: The following lab configures the PPP encapsulation on the physical interface
so-0/0/0
Instructions:

2. Set the encapsulation of interface so-0/0/0 as ppp.
user@R1>configure
[edit]
user@R1#set encapsulation ppp
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
9.11 : Lab Exercise 11 : Configuring Keepalives
Description: By default, physical interfaces configured with Cisco HDLC or PPP

encapsulation send keepalive packets at 10-second intervals, use this lab to disable the
sending of keepalives and then enable it back on interface so-0/0/0.
Instructions:

2. Disable the sending of keepalives on so-0/0/0.
3. Enable the sending of keepalives on so-0/0/0 with an interval of 40 seconds, down-count
as 30 and up-count as 20 seconds.
user@R1>configure
[edit]
user@R1#set no-keepalives
user@R1#set keepalives 40 30 20
user@R1#exit
[edit]
user@R1#
Back

9.12 : Lab Exercise 12 : Set Keepalive Timers
Description: This exercise demonstrates setting keepalive timers on the router.
Instructions:

2. Set keepalive interval as 1000, down count as 12 and up count as 12 of interface so-
0/0/0.
user@R1>configure
[edit]
user@R1#set keepalives 1000 12 12
user@R1#exit
[edit]
user@R1#
Back
9.13 : Lab Exercise 13 : Configuring the Management Ethernet interface

(fxp0)
Description: By default, the management Ethernet interface (fxp0) autonegotiates whether

to operate at 10 megabits per second (Mbps) or 100 Mbps. All other interfaces
automatically choose the correct speed based on the PIC type and whether the PIC is
configured to operate in multiplexed mode. This lab is used to configure the management
Ethernet interface speed.This statement applies only to the management Ethernet interface
(fxp0) and to the Fast Ethernet 12-port and 48-port PICs.
Instructions:

2. Set the management Ethernet interface (fxp0) speed to 10 Mbps
user@R1>configure
[edit]
user@R1#edit interfaces fxp0
[edit interfaces fxp0]
user@R1#set speed 10m
[edit interfaces fxp0]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show

Back
9.14 : Lab Exercise 14 : Setting Bandwidth on an interface
Description: This exercise demonstrates setting bandwidth on an interface.
Instructions:

2. Set bandwidth of so-0/0/0 unit 0 as 1000k
user@R1>configure
[edit]
user@R1#edit unit 0
[edit interfaces so-0/0/0 unit 0]
user@R1#set bandwidth 1000k
[edit interfaces so-0/0/0 unit 0]
user@R1#exit
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
9.15 :Lab Exercise 15 : Configuring the hold-time value on a physical

interface to damp interface transitions
Description: Hold-time value is used to damp interface transitions. When an interface goes
from up to down, it is not advertised to the rest of the system as being down until it has
remained down for the hold-time period. Similarly, an interface is not advertised as being
up until it has remained up for the hold-time period.
Instructions:

2. Set the holdtime value of 200 milliseconds to use when an interface transitions from
down to up and holdtime value of 200 milliseconds to use when an interface transitions
from up to down .
user@R1>configure

[edit]
user@R1#set hold-time up 200 down 200
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
user@R1#exit
user@R1>show configuration
Back
9.16 : Lab Exercise 16 : Configuring the DTE Clock Rate
Description: This lab is used to configure the DTE clock-rate in serial clocking mode.
Instructions:

2. Configure the clock rate of 2.048mhz on se-0/0/0.
user@R1>configure
[edit]
user@R1#edit interfaces se-0/0/0 serial-options
[edit interfaces se-0/0/0 serial-options]
user@R1#set clock-rate 2.048mhz
[edit interfaces se-0/0/0 serial-options]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show

Back
9.17 : Lab Exercise 17 : Basic gigabit ethernet configuration on a J -series

router
Description : This lab exercise demonstrates configuring the gigabit ethernet interface on a J-
series router and also setting other basic parameters like hostname, domain-name, name-server,
backup router etc. Show command is issued to verify the configuration set on the router.
Instructions
1. Enter into system hierarchy on R1

2. Set the router hostname as Router1, domain-name as router.net, root-authentication as vhvc#!,
name-server as 10.148.2.32, backup-router as 192.168.2.34/24
3. Exit from system hierarchy and enter into interfaces hierarchy
4. Set the IP address on all the four fixed Gigabit Ethernet ports of J-Series router
5. Commit the configuration
6. Issue show configuration to verify the configuration set on the router.
7. Issue show interfaces brief command to display brief information about all interfaces configured on
the router.
8. Issue show interfaces terse command to display summary information about interfaces.
user@R1>configure
[edit]
user@R1#edit system
[edit system]
user@R1#set host-name Router1
[edit system]
user@Router1#set domain-name router.net
[edit system]
user@Router1#set root-authentication encrypted-password vhvc#!
[edit system]
user@Router1#set name-server 10.148.2.32
[edit system]
user@Router1#set backup-router 192.168.2.34/24
[edit system]
user@Router1#exit
[edit]
user@Router1#edit interfaces
[edit interfaces]
user@Router1#set ge-0/0/0 unit 0 family inet address 192.168.1.1/24
[edit interfaces]

[edit interfaces]
[edit interfaces]
[edit interfaces]
user@Router1#exit
[edit]
user@Router1#commit
commit complete
[edit]
user@Router1#exit
user@Router1>show configuration
user@Router1>show interfaces brief
user@Router1>show interfaces terse
Back
9.18 : Lab Exercise 18 : Configuring speed on sonet interface
Description : This lab exercise demonstrates configuring sonet interface speed.
Instructions
1. Enter into interfaces hierarchy on R1

2. Set the sonet interface speed to OC48
user@R1>configure
[edit]
user@R1#edit interfaces
[edit interfaces]
user@R1#set so-0/0/0 speed OC48
[edit interfaces]
user@R1#exit
[edit]
user@R1#show
Back
9.19 : Lab Exercise 19 : Show chassis commands on J and M-series routers
Description: This lab demonstrates the show chassis commands.

Instructions
1. Display environmental information about the routing platform chassis, including the
temperature and information about the fans, power supplies, and Routing Engine
2. Displays a list of all Flexible Physical Interface Card Concentrators (FPCs) and PICs installed
in the router chassis, including the hardware version level and serial number.
3. Displays the FIC information, such as the FIC type, ASIC type, operating status, PIC version,
and the amount of time the FIC has been online. The command output also displays port cable
information.
user@R1>show chassis environment

user@R2>show chassis hardware
user@R3>show chassis pic pic-slot 3 fpc-slot 1
Back
9.20 : Objective Test 1 : Answer the following questions
1. For which two functions is the Routing Engine responsible? (Choose two.)
A. packet forwarding
B. queuing functions
C. routing protocol control
D. JUNOS software operation
2. Which command would correctly define a router's host-name?
A. # set ip host-name
B. > set ip host-name
C. # set system host-name

D. > set system host-name
3. The interface ge-0/2/3 is located in which flexible PIC concentrator slot?
A. 0
B. 2
C. 3
D. 4
4. How many FPC slots are there on M40 router?
A. 2
B. 4
C. 6
D. 8
5. Which command configures an address of 192.168.1.1 with a mask of 255.255.255.0 on

interface ge-0/0/0?
A. set ip interface ge-0/0/0 address 192.168.1.1 255.255.255.0

B. set ip interface ge-0/0/0 address 192.168.1.1/24
C. set interface ge-0/0/0 ip4 address 192.168.1.1 mask 255.255.255.0
D. set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/24
6. Which protocol family is required prior to assigning an IP address to an interface?
A. family ip
B. family ip6
C. family inet
D. family inet4
7. Which operational command allows a user to view the exhaust temperatures of a Juniper
device?
A. show chassis state

B. file list alarm
C. show chassis alarms
D. show chassis environment
8. In which mode are users allowed to configure the device, including interfaces, protocols,
user access, and system hardware properties?
A. priviledged mode
B. configuration mode
C. monitoring mode
D. operational mode
9. Which command is used to retrieve the serial numbers of a Juniper device?

A. show version
B. show chassis hardware
C. show hardware detail
D. view hardware database
10. What are the primary responsibilities of the RE?
A. Control routing protocol traffic, perform route look-ups

B. Forward data traffic, perform route filtering
C. Maintain routing protocols, control software processes
D. Manage interfaces, reassemble packets from shared memory
10. STATIC ROUTING LABS
10.1 : Lab Exercise 1 : Configuring Static Routes
Description: Configure static route 172.16.1.0 mask 255.255.255.0 with next hop address
of 192.16.2.1.
syntax: ip route prefix mask {address|interface} [distance]
prefix mask: is the ip route prefix and mask for the destination.
address|interface: Use either the next hop router ip or the local router outbound interface
used to reach the destination.
distance: is the administrative distance and an optional parameter.
Instructions:
1. Enter into Global Configuration Mode

2. Configure a static route to a destination sub-network (172.16.1.0) with 24-bit subnet
mask and next hop IP address of 172.16.2.1.
user@R1>configure
[edit]
user@R1#edit routing-options
[edit routing-options]
user@R1#edit static route 172.16.1.0/24
[edit routing-options static route 172.16.1.0/24]
user@R1#set next-hop 172.16.2.1
[edit routing-options static route 172.16.1.0/24]
user@R1#exit
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]

user@R1#show
user@R1#exit
user@R1>show routing-options static route
Back
10.2 : Lab Exercise 2 : Ping test
Description: The purpose of this lab is to configure IP Address on all the devices and test
for connectivity using ping command. Applicable network diagram is given below
Instructions:
1. Assign the IP address of all the devices as given below and commit the configurations
Device Interface IP Address Mask
So-0/0/0 192.168.1.1 255.255.255.0

R1
So-0/0/1 192.168.3.2 255.255.255.0
So-0/0/0 192.168.3.1 255.255.255.0

R2
So-0/0/1 192.168.2.1 255.255.255.0
So-0/0/0 192.168.1.2 255.255.255.0

R3
So-0/0/1 192.168.2.2 255.255.255.0

2. From R1 issue a ping command to R2 and R3
3. Commands to be executed:
On R1:
user@R1>configure
[edit]
user@R1#exit
user@R1#exit
[edit]
user@R1#exit
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#
On R2:
user@R2>configure
[edit]
user@R2#exit
user@R2#exit
[edit]

user@R2#exit
user@R2#exit
[edit]
user@R2#commit
commit complete
[edit]
user@R2#
On R3:
user@R3>configure
[edit]
user@R3#exit
user@R3#exit
[edit]
[edit interfaces so-0/0/1
user@R3#exit
user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
user@R3#
On R1:
user@R1>ping 192.168.2.2
user@R1>ping 192.168.2.1
Back

10.3 : Lab Exercise 3 : Telnet
Description: The purpose of this lab is to configure IP Address on all the devices and test
for telnet command. Applicable network diagram is shown below:
Instructions:
1.Assign the IP address of all the devices as given below and commit the configurations
So-0/0/0 192.168.1.1 255.255.255.0

R1
So-0/0/1 192.168.3.2 255.255.255.0
So-0/0/0 192.168.3.1 255.255.255.0

R2
So-0/0/1 192.168.2.1 255.255.255.0
So-0/0/0 192.168.1.2 255.255.255.0

R3
So-0/0/1 192.168.2.2 255.255.255.0
2. From R1 issue a telnet command to R2 and R3 and use quit command to close the telnet
connection
3. Issue show system users command on R2 to view the logged in users on the router
4. Commands to be executed:
On R1:

user@R1>configure
[edit]
user@R1#exit
user@R1#exit
[edit]
user@R1#exit
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#
On R2:
user@R2>configure
[edit]
user@R2#exit
user@R2#exit
[edit]
user@R2#exit
user@R2#exit

[edit]
user@R2#commit
commit complete
[edit]
user@R2#
On R3:
user@R3>configure
[edit]
user@R3#exit
user@R3#exit
[edit]
user@R3#exit
user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
user@R3#
On R1:
user@R1>telnet 192.168.2.2
user@R2>show system users
Back
10.4 : Lab Exercise 4 : Traceroute
Description: The purpose of this lab is to configure the routers and test for traceroute command.

Instructions:
1. Assign the IP address of all the devices as given below
R1 se-0/0/0 192.168.3.1 255.255.255.0

se-0/0/1 192.168.1.1 255.255.255.0
R2 se-0/0/0 192.168.1.2 255.255.255.0

se-0/0/1 192.168.2.1 255.255.255.0
R3 se-0/0/0 192.168.3.2 255.255.255.0

se-0/0/1 192.168.2.2 255.255.255.0
2. From R1 issue a traceroute command to R3
Commands to be executed:
On R1:
user@R1>configure
[edit]
user@R1#edit interfaces se-0/0/0
[edit interfaces se-0/0/0]

[edit interfaces se-0/0/0 unit 0 family inet]
user@R1#exit
user@R1#exit
[edit]
user@R1#exit
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#
On R2:
user@R2>configure
[edit]
user@R2#exit
user@R2#exit
[edit]
user@R2#exit
user@R2#exit
[edit]
user@R2#commit
commit complete
[edit]

user@R2#
On R3:
user@R3>configure
[edit]
user@R3#exit
user@R3#exit
[edit]
user@R3#exit
user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
user@R3#
On R1:
user@R1>traceroute 192.168.2.2
Back
10.5 : Lab Exercise 5 : Connectivity check between Router and workstations
Description: Lab Exercise explains pinging between router and work station

Instruction:
1. Connect to R1 and configure the IP address of 192.168.100.1/24 on the ge-0/0/0 interface

2. To assign ip address to WS1 click network diagram button and in network diagram window
click WS1 icon from the diagram. And configure 192.168.100.2/24 as ip address and default-
gateway 192.168.100.1
click WS2 icon from the diagram and configure 192.168.100.3 as ip address and default-gateway
as 192.168.100.1
4. Now ping ping R1 from WS1 and WS2 and check the connectivity.
user@R1>configure
[edit]
user@R1#set interfaces ge-0/0/0 unit 0 family inet address 192.168.100.1/24
user@R1#commit
commit complete
[edit]
user@R1#exit
WS1>ip 192.168.100.2/24 192.168.100.1
WS2>ip 192.168.100.3/24 192.168.100.1
WS1>ping R1
WS2>ping R1
Back

10.6 : Lab Exercise 6 : Pinging between two workstations
Description: The lab exercise explains pinging between two work stations
Note : Two workstations or client PC can communicate with each other using a CrossCable. Note
that a straight Ethernet cable is used for connecting a workstation (or a host) to a Switch or Hub,
whereas a cross Ethernet cable is used for connecting a host to host or a switch to switch or
workstation to workstation directly.
Instructions:
1. Click network diagram button and select device WS1 from network diagram.
2. And in WS1 prompt enter 192.168.1.3/24 as ip address and 192.168.1.1 as default-gateway
3. Select device WS2 from network diagram and configure ip address 192.168.1.2/24 and default-
gateway 192.168.1.1
4. Ping WS1 from WS2 and it should be successful for verifying proper configuration.
WS1>ip 192.168.1.3/24 192.168.1.1
WS2>ip 192.168.1.2/24 192.168.1.1
WS1>ping WS2
WS2>ping WS1
Back

10.7 : Lab Exercise 7 : Pinging between two workstations on different subnet
Description: Lab Exercise explains pinging between two work station on different subnets
Note: A layer 2 switch works transparently in a network. There is no need to configure a Layer 2
Switch for performing basic operations of forwarding frames. However, for using advanced
functionality like port security, VLAN configuration, etc. one may need to configure a Switch.
Instructions:
1. Click network diagram button and select device WS1 from network diagram.
2. Configure 192.168.10.1/24 as ip address and default-gateway as 192.168.1.1
3. Select device WS2 from network diagram and configure ip address 192.168.20.1/24 and
default-gateway 192.168.1.1.
4. Ping WS1 from WS2 and you get ping failed message because both work stations are on
different subnets.
WS1>ip 192.168.10.1/24 192.168.1.1

WS2>ip 192.168.20.1/24 192.168.1.1
WS1>ping WS2
WS2>ping WS1
Back

10.8 : Lab Exercise 8 : Tracing route from workstation to router
Description: Lab Exercise explains Tracing route from Work stations to router
Instruction:
click WS1 icon from the diagram. In Ws1 prompt type 192.168.100.2/24 as ip address and
default gateway 192.168.100.1
click WS1 icon from the diagram. In WS2 prompt type 192.168.100.3/24 as ip address and
default gateway 192.168.100.1
4. Traceroute R1 from WS1 and WS2
user@R1>configure
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
WS1>ip 192.168.100.2/24 192.168.100.1
WS2>ip 192.168.100.3/24 192.168.100.1

WS1>traceroute R1
WS2>traceroute R1
Back
1. What is the route preference of a static route?
A. 1
B. 5
C. 15
D. 20
2. You want to configure a static default route to the gateway 10.1.1.1. Which set command will
accomplish this task?
A. Set routes static route 0.0.0.0/0 gateway 10.1.1.1

B. Set protocols static route 0.0.0.0/0 next-hop 10.1.1.1
C. Set family inet static route 0.0.0.0/0 next-hop 10.1.1.1
D. Set routing-options static route 0.0.0.0/0 next-hop 10.1.1.1
3. When you display the routing table by entering the show route command, what does the *
indicate?
A. The route is a direct route.

B. The route was selected as active.
C. The route is a default route.
D. The route was learned using a dynamic routing protocol.
4. In which table are static routes installed?
A. inet.0
B. inet.1
C. inet.2
D. inet.3
5. What is correct regarding the configuration shown below?

static route 0.0.0.0/0 qualified-next-hop 172.30.25.1 preference 7 next-hop 172.30.25.5
A. The next-hop 172.30.25.1 is selected because the address has the lowest value.
B. The next-hop 172.30.25.1 is selected because it is listed first.
C. The next-hop 172.30.25.1 is selected because it is the lowest protocol preference.
D. The next-hop 172.30.25.5 is selected because it is the lowest protocol preference.

11. POLICIES CONFIGURATION LABS
11.1 : Lab Exercise 1 : Routing Policy Lab 1
Description: Use this lab to configure the routing policy on router, by specifying the match
condition to accept all rip routes, that is checked against the source address of the route
advertised.
Instructions:

2. Create a policy statement by name as same as riproutes.
3. Create a term under the policy created above by the name as AdvRip.
4. Create a match condition and specify to accept rip routes under the above term.
user@R1>configure
[edit]
user@R1#edit policy-options policy-statement riproutes
[edit policy-options policy-statement riproutes]
user@R1#edit term AdvRip
[edit policy-options policy-statement riproutes term AdvRip]
user@R1#edit from
[edit policy-options policy-statement riproutes term AdvRip from]
user@R1#set protocol rip
user@R1#exit
user@R1#edit then
[edit policy-options policy-statement riproutes term AdvRip then]
user@R1#set accept
user@R1#exit
user@R1#exit
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
11.2 : Lab Exercise 2 : Routing Policy Lab 2
Description: Use this lab to configure the routing policy on router, by specifying the match
condition to reject all rip routes, that is checked against the source address of the route
advertised.

Instructions:

2. Create a policy statement by name as same as riproutes.
3. Create a term under the policy created above by the name as AdvRip.
4. Create a match condition and specify to reject rip routes under the above term.
user@R1>configure
[edit]
user@R1#edit policy-options policy-statement riproutes
user@R1#edit term AdvRip
user@R1#edit from
user@R1#exit
user@R1#edit then
user@R1#set reject
user@R1#exit
user@R1#exit
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
1 What happens when a route does not match any user configured policies?
A. The route is rejected.

B. The route is accepted.
C. The route is given a lower priority.
D. The route is sent to the default policy.
2. A routing policy has three terms and the first term of the policy does not contain a
terminating action. What will become of the routes after they have been evaluated by the
first term?

A. In the absence of a terminating action, all routes are accepted.
B. The route will be evaluated by the second term in the policy.
C. The default action will be applied.
D. In the absence of a termination action, all routes are rejected.
3. Which statement is true about import and export routing policies?
A. Import policies concern routes received and determine which routes get put
into the routing table.
B. Export policies concern routes received and determine which routes get put
into the routing table.
C. Export policies are applied before the routing table.
D. Import polices are applied after the routing table.
4. Which two policy actions are considered flow control actions? (Choose two.)
A. reject
B. community add
C. next term
D. next policy
5. Which statement is correct about a Routing Policy term?
A. A term must contain a "from" statement.

B. A term acts like "if" and "then" statements.
C. The most specific term has precedence.
D. Terms can be written in any order to achieve the same behavior.

12. RIP CONFIGURATION LAB
12.1 : Lab Exercise 1 : RIP Configuration
Description: Use this lab to configure the RIP on router, by applying an export and import
policies at their respective hierarchical levels.
Instructions:

2. Enable RIP routing on the router.
3. Create a group called neighborRouters apply an export policy riproutes to this group.
4. Specify the neighbor interface as so-0/0/0 under the above created group and apply an
import policy riproutes to this neighbor.
user@R1>configure
[edit]
user@R1#edit protocols rip
[edit protocols rip]
user@R1#edit group neighborRouters
[edit protocols rip group neighborRouters]
user@R1#set export riproutes
user@R1#edit neighbor so-0/0/0
[edit protocols rip group neighborRouters neighbor so-0/0/0]
user@R1#set import riproutes
[edit protocols rip group neighborRouters neighbor so-0/0/0]
user@R1#exit
user@R1#exit
[edit protocols rip]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
1. What is the max hop count for a reachable RIP route?
A. 15
B. 16
C. 10
D. 255

2. How do you send static routes to a RIP neighbor?
A. By default, RIP automatically sends static routes.

B. Configure the static route with a next hop of the RIP neighbor.
C. Configure redistribute static under [edit protocols rip].
D. Apply an export policy within RIP that matches on the routes, and accepts it.
3. What two mechanisms does RIP use to prevent routing loops (select 2)?
A. Split-Horizon
B. Link-state database
C. Random routing database checks
D. Poison-reverse
4. Which two statements are correct regarding default protocol preference values? (Choose
two.)
A. OSPF has a single preference value for both internal and external routes.
B. RIP is preferred over OSPF external routes.
C. Direct, local, and static routes have the same preference value.
D. OSPF's preference value is lower than BGP (both IBGP and EBGP).
5. RIP is a distance vector routing protocol that depends on which of the following for
routing distance measurement?
A. Bandwidth
B. Delay
C. Number of Hops
D. Reliability

13. DYNAMIC ROUTING LABS
13.1 : Lab Exercise 1 : Ping test by configuring RIP
Description: The purpose of this lab is to configure RIP Routing and other required
commands to advertise these rip routes on all the devices and test for ping command.
Applicable network diagram is given below:
Instructions:
So-0/0/0 192.168.3.1 255.255.255.0

R1
So-0/0/1 192.168.1.1 255.255.255.0
So-0/0/0 192.168.1.2 255.255.255.0

R2
So-0/0/1 192.168.2.1 255.255.255.0
So-0/0/0 192.168.3.2 255.255.255.0

R3
So-0/0/1 192.168.2.2 255.255.255.0
2. Enable RIP routing on all the devices

3. Specify the policy to accept the rip routes on all the devices
4. Apply an import policy and an export policy (policy created above) on all the devices.

5. Issue show rip neighbor command on all the devices to view its neighbor information
6. From R1 issue a ping command to R2 and R3
On R1:
user@R1>configure
[edit]
user@R1#edit interfaces so-0/0/0 unit 0 family inet
user@R1#exit
[edit]
user@R1#exit
[edit]
user@R1#edit policy-options policy-statement R1pol term R1term
[edit policy-options policy-statement R1pol term R1term]
user@R1#edit from
[edit policy-options policy-statement R1pol term R1term from]
user@R1#exit
user@R1#edit then
[edit policy-options policy-statement R1pol term R1term then]
user@R1#set accept
user@R1#exit
user@R1#exit
[edit]
user@R1#edit protocols rip group R1grp
[edit protocols rip group R1grp]
user@R1#set export R1pol
[edit protocols rip group R1grp neighbor so-0/0/0]
user@R1#set import R1pol
user@R1#exit
user@R1#exit

user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
user@R1>show rip neighbor
On R2:
user@R2>configure
[edit]
user@R2#exit
[edit]
user@R2#exit
[edit]
user@R2#edit from
user@R2#exit
user@R2#edit then
user@R2#set accept
user@R2#exit
user@R2#exit
[edit]
user@R2#exit

user@R2#exit
user@R2#exit
[edit]
user@R2#commit
commit complete
[edit]
user@R2#exit
On R3:
user@R3>configure
[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#edit from
user@R3#exit
user@R3#edit then
user@R3#set accept
user@R3#exit
user@R3#exit
[edit]

user@R3#exit
user@R3#exit
user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
user@R3#exit
On R1:
user@R1>ping 192.168.2.2
user@R1>ping 192.168.2.1
Back
13.2 : Lab Exercise 2 : Ping test by configuring OSPF with multiple areas
Description: The purpose of this lab is to configure OSPF on all the devices with multiple
areas including backbone (area 0) area and test for ping command. Applicable network
diagram is as given below:

Note: .1 on router 1 So refers to 192.168.1.1. Similarly other IP addresses to be interpreted.
Instructions:
So-0/0/0 192.168.3.1 255.255.255.0

R1
So-0/0/1 192.168.1.1 255.255.255.0
So-0/0/0 192.168.1.2 255.255.255.0

R2
So-0/0/1 192.168.2.1 255.255.255.0
So-0/0/0 192.168.3.2 255.255.255.0

R3
So-0/0/1 192.168.2.2 255.255.255.0
2. Enable OSPF on R1 with So-0/0/0 under area 0 and So-0/0/1 under area 10
5. From R1 issue a ping command to R2 and R3.
On R1:
user@R1>configure

[edit]
user@R1#exit
[edit]
user@R1#exit
[edit]
user@R1#edit protocols ospf area 0 interface so-0/0/0
[edit protocols ospf area 0 interface so-0/0/0]
user@R1#exit
[edit]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#
On R2:
user@R2>configure
[edit]
user@R2#exit
[edit]
user@R2#exit
[edit]
user@R2#exit
[edit]
user@R2#exit
[edit]

user@R2#commit
commit complete
[edit]
user@R2#
On R3:
user@R3>configure
[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
user@R3#
On R1:
user@R1>ping 192.168.2.2
user@R1>ping 192.168.2.1
Back

14. SHOW COMMAND LAB
14.1 : Lab Exercise 1 : Show Commands
Description: This exercise demonstrates various basic show commands available.
Instructions:
1. Issue show version brief command.

2. Issue show cli command.
3. Issue show cli historycommand.
user@R1>show version brief

user@R1>show cli
user@R1>show cli history
Back
15. OSPF LABS
15.1 : Lab Exercise 1 : OSPF Configuration
Description: Use this lab to configure the OSPF on router with an area 0.
Instructions:

2. Enable OSPF routing on the router.
3. Put the interfaces so-0/0/0 and so-0/0/1 under area 0.
user@R1>configure
[edit]
user@R1#edit protocols ospf
[edit protocols ospf]
user@R1#edit area 0
[edit protocols ospf area 0]
user@R1#edit interface so-0/0/0
user@R1#exit
user@R1#edit interface so-0/0/1
user@R1#exit
user@R1#exit
[edit protocols ospf]
user@R1#exit
[edit]
user@R1#commit

commit complete
[edit]
user@R1#show
Back
15.2 : Lab Exercise 2 : OSPF configuration and verification
Description: The purpose of this lab is to configure OSPF on all the devices with an area
of 100 and to verify the configuration using show commands of OSPF.Applicable network
diagram is shown below:
Instructions:
So-0/0/0 192.168.3.1 255.255.255.0

R1
So-0/0/1 192.168.1.1 255.255.255.0
So-0/0/0 192.168.1.2 255.255.255.0

R2
So-0/0/1 192.168.2.1 255.255.255.0
So-0/0/0 192.168.3.2 255.255.255.0

R3
So-0/0/1 192.168.2.2 255.255.255.0

2. Enable OSPF (use area number as 100) on all the interfaces of all the devices
3. Issue show ospf interface on R1
4. Issue show ospf neighbor on R1.
5. Issue show ospf database on R1.
On R1:
user@R1>configure
[edit]
user@R1#exit
[edit]
user@R1#exit
[edit]
user@R1#exit
[edit]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#
On R2:
user@R2>configure
[edit]
user@R2#exit
[edit]
user@R2#exit
[edit]

user@R2#exit
[edit]
user@R2#exit
[edit]
user@R2#commit
commit complete
[edit]
user@R2#
On R3:
user@R3>configure
[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
user@R3#
On R1:
user@R1>show ospf interface

user@R1>show ospf neighbor
user@R1>show ospf database
Back

1. What is the default protocol preference for OSPF external routes?
A. 10
B. 15
C. 150
D. 160
2. Which command allows viewing of only OSPF routes?
A. show ip ospf route

B. show ip route protocol ospf
C. show route protocol ospf
D. show ospf table
3. What is the default OSPF timer values?
A. 20 sec hello-time and 20 sec dead-time

B. 10 sec hello-time and 60 sec dead-time
C. 10 sec hello-time and 40 sec dead-time
D. 20 sec hello-time and 40 sec dead-time
4. Which CLI command will show the state of OSPF to other routers?
A. show ospf interface

B. show ospf adjacency
C. show ospf neighbor
D. show ospf detail
5. Which CLI command will show the type of networks the router participates in (point-to-point,
BMA etc)?
A. show ospf interface

B. show ospf adjacency
C. show ospf neighbor
D. show ospf detail

16. BGP Labs
16.1 : Lab Exercise 1 :BGP Configuration
Note: This Lab is divided in to 7 sections. Please refer the figure above for all the sections
Section I : To configure the BGP peer sessions.
Description: This lab exercises demonstrates the configuring BGP peer sessions
Instructions:
1. Enter into configuration mode of device E

2. Move to interfaces hierarchy
3. Configure the interfaces to Peers A, B, C, and D
4. Exit from the interfaces hierarchy
user@E>configure
[edit]
user@E#edit interfaces
[edit interfaces]
user@E#set ge-0/0/0 description to-A
[edit interfaces]
user@E#set ge-0/0/0 unit 0 family inet address 10.10.10.1/24
[edit interfaces]
user@E#set ge-0/0/1 description to-B
[edit interfaces]

[edit interfaces]
user@E#set ge-0/0/2 description to-C
[edit interfaces]
[edit interfaces]
user@E#set ge-0/0/3 description to-D
[edit interfaces]
[edit interfaces]
user@E#exit
[edit]
user@E#
Back
Section II : Setting the AS number
Description: The purpose of this lab is to configure the autonomous system number of the local router.
Instructions:
1. Enter into Configuration mode

2. Move to routing-options hierarchy
3. Set the autonomous system number of the local router to 17
4. Exit from the routing-options hierarchy
user@E>configure
[edit]
user@E#edit routing-options
user@E# set autonomous-system 17
user@E#exit
[edit]
user@E#
Back
Section III : Create BGP group and add the External neighbor addresses
Description: This lab exercise demonstrates configuring BGP groups and to add the external neighbor
address
Instructions:
2. Move to protocols hierarchy
3. Set neighbor addresses to 10.10.10.2,10.10.10.6 and 10.10.10.10
4. Exit from the BGP protocols hierarchy

user@E>configure
[edit]
user@E#edit protocols bgp group external-peers
[edit protocols bgp group external-peers]
user@E#set neighbor 10.10.10.2
user@E# set neighbor 10.10.10.6
user@E#set neighbor 10.10.10.10
user@E#exit
[edit]
user@E#
Back
Section IV : Specify the AS number of the external AS.
Description: This lab exercise demonstrates configuring the AS number of the peer. Here AS number
is assigned to peer devices A, B, and C
Instructions:

2. Move BGP protocols hierarchy
3. Set the AS number of the peer to 22
4. Exit from the BGP protocols hierarchy
user@E>configure
[edit]
user@E#set peer-as 22
user@E#exit
[edit]
user@E#
Back
Section V : Add the peer D and set the AS number at the individual neighbor level.
Description: The purpose of this lab is to add the neighbor device (peer) D and set the AS number at
the individual neighbor level.
Instructions:

2. Move to BGP protocols hierarchy mode
3. Add the peer D with address 10.21.7.2 and AS number as 79

4. Exit from the BGP Protocols hierarchy
user@E>configure
[edit]
user@E#set neighbor 10.21.7.2 peer-as 79
user@E#exit
[edit]
user@E#
Back
Section VI : Set the peer type to external BGP (EBGP)
Description: This lab exercise demonstrates configuring the type name of the BGP device as external.
Instructions:

2. Move to BGP protocols hierarchy
3. Set the type-name to external
4. Exit from BGP protocols hierarchy
user@E>configure
[edit]
user@E#set type external
user@E#exit
[edit]
user@E#commit
[edit]
user@E#
Back
Section VII : Setting the bgp hold-time
Description: Purpose of this lab is to set the hold-time of the BGP device and also to issue the
appropriate show commands to check the configuration working properly.
Instructions:

2. Move BGP protocols hierarchy
3. Set the BGP hold-time to 190
4. Exit from BGP protocols hierarchy
6. Confirm that the configuration is working properly
· Verifying BGP neighbors by issuing show bgp neighbor command
· Verifying BGP groups by issuing show bgp group command
· Verifying BGP summary information by issuing show bgp summary command.
user@E>configure
[edit]
user@E#set hold-time 190
user@E#exit
[edit]
user@E#commit
[edit]
user@E#exit
user@E>show bgp group
user@E>show bgp summary
user@E>show bgp neighbor
user@E>show configuration
Back

17. MPLS labs
Note: Please refer to the below network for the exercises 17.1, 17.2, 17.3 given in this section
17.1 : Lab Exercise 1 : Enabling MPLS family on the interface
Description: A basic exercise that shows how to enter configuration mode and exit from the
same. Choose R1 from the network diagram and exit.
Instructions:

2. Enter the [edit interfaces] mode to configure MPLS.
3.Confirm the configuration by entering the show command from configuration mode
user@R1>configure
[edit]
user@R1#edit interfaces ge-0/0/0
[edit interfaces ge-0/0/0]
user@R1#set unit 0 family mpls
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
Back
Note: For MPLS to be activated, it is necessary to add the MPLS protocol family to the interfaces
that will bear MPLS traffic. MPLS must also be configured under the [edit protocols] level of
hierarchy as shown in the below exercise.
http://juniper.cluepon.net/index.php/MPLS

17.2 : Lab Exercise 2 : Enabling MPLS protocol on the interface
Description: The lab exercise explains how to configure MPLS protocol on the interface.
Instructions:

2. Move to the protocols hierarchy
3. Enable the MPLS protocol on all or particular interface
4. Exit from the protocol hierarchy.
5. Confirm the configuration by entering the show command from configuration mode
user@R1>configure
[edit]
user@R1#edit protocols mpls
[edit protocols mpls]
user@R1#set interface all
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
To enable the MPLS protocol on particular interface following command is used.
user@R1>configure
[edit]
user@R1#set interface ge-0/0/0
Back
17.3 : Lab Exercise 3 : Enabling LDP protocol on the interface
Description: The lab exercise explains how to configure LDP protocol on the interface.
Instructions:

2. Move to the protocols hierarchy
3. Enable the LDP protocol on all or particular interface
4. Exit from the protocol hierarchy.
user@R1>configure

[edit]
user@R1#edit protocols ldp
[edit protocols ldp]
user@R1#set interface all
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#show
To enable the LDP protocol on particular interface following command is used.
user@R1>configure
[edit]
Back
17.4 : Lab Exercise 4 : MPLS show commands
Description: This lab exercise demonstrates various MPLS show commands
Instructions:

1.Enter into configuration mode
2.Enable MPLS family on the all the devices.
3.Enable MPLS and LDP protocol all the devices
4.Assign IP address to all the devices
5.Issue “show mpls interface” command to check MPLS enabled interfaces
6.Issue “show ldp neighbor” command to display LDP neighbor information.
On R1
user@R1>configure
[edit]
user@R1#set unit 0 family inet address 10.10.10.1/24
user@R1#exit
[edit]
user@R1#edit interfaces lo0
[edit interfaces lo0]
user@R1#exit
[edit]
user@R1#exit
[edit]
user@R1#exit
[edit]
user@R1#
On R2
user@R2>configure
[edit]

user@R2#exit
[edit]
user@R2#exit
[edit]
user@R2#exit
[edit]
user@R2#exit
[edit]
user@R2#exit
[edit]
user@R2#
On R3
user@R3>configure
[edit]
user@R3#exit

[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
user@R3#
user@R2>show mpls interface

user@R2>show ldp neighbor
Back
http://www.junos.com/techpubs/en_US/junos12.1x45/topics/example/mpls-security-ldp-
signaled-lsp-configuring.html
17.5 : Lab exercise -5 MPLS ping and traceroute
Description: This lab exercise explains how ping and traceroute works in MPLS network.

Instructions:
1.Assign the IP addresses to all the devices

2.Enable MPLS family on the interfaces
3.Enable MPLS and LDP protocol on the interfaces
4.Issue “show route forwarding-table” to display routes in the forwarding table
5.Issue ping and trace route command to check the connectivity
On R1
user@R1>configure
[edit]
user@R1#exit
[edit]
user@R1#set interfaces se-0/0/0 unit 0 family inet address 192.168.1.1/24
[edit]

user@R1#set interfaces se-0/0/0 unit 0 family mpls
[edit]
user@R1#set interface se-0/0/0
user@R1#exit
[edit]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#
On R2
user@R2>configure
[edit]
user@R2#exit
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]

user@R2#exit
[edit]
user@R2#exit
[edit]
user@R2#commit
commit complete
[edit]
user@R2#
On R3
user@R3>configure
[edit]
user@R3#exit
[edit]
[edit]
[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#commit

commit complete
[edit]
user@R3#
On R4
user@R4>configure
[edit]
user@R4#exit
[edit]
[edit]
[edit]
user@R4#exit
[edit]
user@R4#exit
[edit]
user@R4#commit
commit complete
[edit]
user@R4#
user@R1>show route forwarding-table
user@R1>ping 192.168.2.2
user@R1>ping 192.168.3.2
user@R1>ping mpls ip 192.168.2.2


user@R1>traceroute mpls ip 192.168.2.2
user@R1>traceroute mpls ip 192.168.3.2
Back
https://www.juniper.net/documentation/en_US/junos12.3/topics/reference/command-
summary/show-route-forwarding-table-mpls-ex-series.html
https://www.juniper.net/techpubs/en_US/junose14.1/information-products/topic-
collections/swconfig-bgp-mpls/index.html?topic-41079.html
17.6 : Lab exercise - 6 Configuring MPLS using OSPF
Description: In this example network is configured with OSPF as routing protocol. Then run
MPLS over the IP network.
Instructions :
1. Assign the IP addresses to all the devices

2. Enable MPLS family on the interfaces
3. Enable MPLS and LDP protocol on the interfaces
4. Enable OSPF (use area number as 100) on all the interfaces of all the devices
5.Issue ping and trace route command to check the connectivity

On R1
user@R1>configure
[edit]
user@R1#exit
[edit]
user@R1#exit
[edit]
user@R1#exit
[edit]
user@R1#edit protocols ospf area 100 interface ge-0/0/0
[edit protocols ospf area 100 interface ge-0/0/0]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#
On R2
user@R2>configure
[edit]
user@R2#exit
[edit]

user@R2#exit
[edit]
user@R2#exit
[edit]
user@R2#exit
[edit]
user@R2#exit
[edit]
user@R2#exit
[edit]
user@R2#exit
[edit]
user@R2#exit
[edit]
user@R2#commit
commit complete
[edit]
user@R2#exit
[edit]
user@R2#commit
commit complete
[edit]

user@R2#
On R3
user@R3>configure
[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]

user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
user@R3#
On R4
user@R4>configure
[edit]
user@R4#exit
[edit]
user@R4#exit
[edit]
user@R4#exit
[edit]
user@R4#exit
[edit]
user@R4#commit
commit complete
[edit]
user@R4#
user@R1>ping 192.168.30.2

Back
1. In MPLS how forwarding decisions are made ?
a. Static route
b. BGP
c. Layer 2 label
2. What ISP router adds labels to routes learned by say BGP?
a. LSR Label Switching Router

b. FIB Forwarding Information Base router
c. LDP Label Discovery Protocol router
3. Adding and removing labels in MPLS is called ?
a. plug and play

b. wipe on wipe off
c. push and pop
4. On which MPLS plane Label 3 routing protocols and label exchange protocols exist ?
a. Transport plane
b. Control plane
c. Data plane
d. Sarengeti plane
5. Which of the following sends data based on L3 or L2 information and takes care of label
swapping..
a. Transport plane
b. Control plane
c. Data Plane
d. Sarengeti plane
6. Where does the MPLS label live in a data frame?
a. Between IP and Data

b. Between IP and MAC
c. Within the IP layer
7. How many bits an MPLS label ?
a. 10
b. 16

c. 20
8. What are the four portions of MPLS info in a data frame?
a. Label, Experimental, BS (last label in stack), TTL

b. Label, TTL, Checksum
c. Label, Experimental, TTL
9. This device adds or strips labels for frames entering or exiting the provider MPLS network.
a. Core route
b. Edge Label Switch Router
c. Edge Switch
10. Which is official routing protocol of MPLS ?
a. RIPv2
b. FIB Forwarding Information Base
c. LIB

18. IPV6 labs
Note: Please refer to the below network for the exercises 18.1, 18.2, 18.3 given in this section
Enabling IPV6 : In junos ipv6 is enabled as soon as one interface is configured for ipv6
18.1 : Lab Exercise 1 : Configuring IPv6 address on an interface in EUI-

format
Description: This lab exercise explains configuring ipv6 address on an interface in EUI-64
format
Instructions:

2. Enter the [edit interfaces] mode to configure the ipv6 address of so-0/0/0 interface of R1.
On R1
user@R1>configure
[Edit]
user@R1#set unit 0 family inet6 address 3ffb:db8:1::/64 EUI-64
user@R1#exit
[edit]
user@R1#show
Back
18.2: Lab Exercise 2 : Configuring IPv6 address on an interface in general

form

Description: This lab exercise explains steps required configure ipv6 address on an interface in
general form.
Instructions:
1.Enter into configuration mode

On R1
user@R1>configure
[Edit]
user@R1#set unit 0 family inet6 address 2001:cb8:1::1/64
user@R1#exit
[edit]
user@R1#show
Back
18.3: Lab Exercise 3 : IPV6 show commands
Description:The lab exercise demonstrates some of the IPV6 show commands available.
Instructions:

3. Issue “show ipv6 neighbors”
4. Issue “show interfaces terse”
5. Issue “show interfaces so-0/0/0 terse”
On R1
user@R1>configure
[edit]
user@R1#set unit 0 family inet6 address 4218:fe2:3::1/64
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]

user@R1#exit
user@R1>show ipv6 neighbors
user@R1>show interfaces terse
user@R1>show interfaces so-0/0/0 terse
Back
18.4: Lab Exercise 4 : Configuring ipv6 static routes
Description: The lab exercise demonstrates configuring static routes on ipv6
Instructions:

2. Assign ipv6 addresses to all the devices as per the diagram.
3. On device R1 create a static route to device R3 and set the next-hop ip address
4. On device R3 create a static route to device R1 and set the next-hop ip address
On R1
user@R1>configure
[edit]
user@R1#set unit 0 family inet6 address 2001:100:10:1::1/64
user@R1#exit
[edit]
On R2

user@R2>configure
[edit]
user@R2#exit
[edit]
user@R2#exit
On R3
user@R3>configure
[edit]
user@R3#exit
Adding static route on device R1 and R3
user@R1>configure
[edit]
user@R1#set rib inet6 static route 2001:100:20:1::2/64 next-hop 2001:100:10:1::2
user@R1#exit
[edit]
user@R1#show
user@R3>configure
[edit]
user@R3#set rib inet6 static route 2001:100:10:1::1/64 next-hop 2001:100:20:1::1
user@R3#exit
[edit]
user@R3#show
Back

18.5 : Lab Exercise 5 : Ping Test using IPV6
Description: The purpose of this lab is to configure IPV6 Address on all the devices and test for
connectivity using ping command. Applicable network diagram is given below
Instructions:
1. Assign the ipv6 address to all the devices as per the table below and commit the configuration
2. From R1 issue ping command on R2 and R3
Device Interface IP Address and Mask
R1 so-0/0/0 2001:db8:3::1/64
so-0/0/1 2001:db8:1::1/64
R2 so-0/0/0 2001:db8:1::2/64
so-0/0/1 2001:db8:2::1/64

R3 so-0/0/0 2001:db8:3::2/64
so-0/0/1 2001:db8:2::2/64
On R1
user@R1>configure
[edit]
user@R1#edit interfaces so-0/0/0 unit 0 family inet6
[edit interfaces so-0/0/0 unit 0 family inet6]
user@R1#set address 2001:db8:3::1/64
user@R1#exit
[edit]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#
On R2
user@R2>configure
[edit]
user@R2#exit
[edit]
user@R2#exit
[edit]
user@R2#commit
commit complete
[edit]
user@R2#
On R3

user@R3>configure
[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
user@R3#
On R1
user@R1>ping 2001:db8:2::2
user@R1>ping 2001:db8:2::1
Back
18.6 : Lab Exercise 6 : Traceroute on IPV6
Description: The lab helps to configure ipv6 address of the routes and test for traceroute
command.

Instructions:
1. Assign IP address of all the devices as per the table given below
Device Interface IP address and Mask
R1 se-0/0/0 2001:db8:3::1/64
se-0/0/1 2001:db8:1::1/64
R2 se-0/0/0 2001:db8:1::2/64
se-0/0/1 2001:db8:2::1/64
R3 se-0/0/0 2001:db8:3::2/64
se-0/0/1 2001:db8:2::2/64
2. From R1 issue traceroute command to R3

On R1
user@R1>configure
[edit]
user@R1#edit interfaces se-0/0/0 unit 0 family inet6
[edit interfaces se-0/0/0 unit 0 family inet6]
user@R1#exit
[edit]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#
On R2
user@R2>configure
[edit]
user@R2#exit
[edit]
user@R2#exit
[edit]
user@R2#commit
commit complete
[edit]
user@R2#
On R3
user@R3>configure
[edit]

user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
user@R3#commit
commit complete
[edit]
user@R3#
On R1
user@R1>traceroute 2001:db8:2::2
Back

19. Firewall Filter (ACL) Labs
Firewall filters enables to control packets transiting the device to a network destination as well as
packets destined for and sent by the device. You can configure a firewall filter to perform
specified actions on packets of a particular protocol family, including fragmented packets, that
match specified conditions based on Layer3 or Layer4 packet header fields.
Stateless and Stateful Firewall Filters
A stateless firewall filter, also known as an access control list (ACL), does not statefully inspect
traffic. Instead, it evaluates packet contents statically and does not keep track of the state of
network connections. Stateless firewalls watch network traffic, and restrict or block packets
based on source and destination addresses or other static values. They are not 'aware' of traffic
patterns or data flows. - See more at:
In contrast, a stateful firewall filter uses connection state information derived from other
applications and past communications in the data flow to make dynamic control decisions. tateful
firewalls can watch traffic streams from end to end. They are are aware of communication paths
and can implement various IP Security (IPsec) functions such as tunnels and encryption. In
technical terms, this means that stateful firewalls can tell what stage a TCP connection is in
(open, open sent, synchronized, synchronization acknowledge or established), it can tell if the
MTU has changed, whether packets have fragmented etc.
Stateless firewalls are typically faster and perform better under heavier traffic loads. Stateful
firewalls are better at identifying unauthorized and forged communications.
The command to configure a firewall filter is made at the [edit firewall family inet] hierarchy
level
filter filter-name {
term term-name {
from {
match-conditions;
then {
action;

where filter-name is the name of the filter, term-name is the name of the filter term, match-
conditions is the condition that the incoming packets must match for the action to be applied, and
action is the steps to take for packets that match the filter condition.
Note: Please refer to the default network diagram for the exercises 19.1, 19.2, 19.3 given in this
section
19.1 : Lab Exercise 1 : Creating a Firewall filter
Description: The lab exercise helps to get familiar with configuring juniper firewall filter
Instructions:

2. Enter into firewall filter mode by creating a filter with name filter1
3. Configure the match-condition that permit traffic from address 192.168.10.5, and block all
other traffic by creating a term by name term1.
4. Create term by name term2 that blocks only the single IP address 196.145.25.5
5. Create a term by name term3 that allows traffic from any ip address.
user@R1>configure
[edit]
user@R1#edit firewall family inet filter filter1
[edit firewall family inet filter filter1]
user@R1#set term term1 from source-address 192.168.10.5/24
user@R1#set term term1 then accept
user@R1#set term term2 then reject
user@R1#exit
[edit]
user@R1#show
Back
19.2 : Lab Exercise 2 : Applying firewall filter to an interface
Description: The lab exercise explains assigning incoming and outgoing traffic to an interface
Instructions:

2. Create firewall filter filter1
3. Apply the match condition that permit traffic from any source to any destination

4. Exit from filter mode
5. Enter into interface mode and apply the filter to so-0/0/0 interface of R1
user@R1>configure
[edit]
user@R1#exit
[edit]
user@R1#set filter input filter1
user@R1#exit
[edit]
user@R1#show
Back
19.3 : Lab Exercise 3 : View Firewall filter entries
Description: The Exercise helps to Configure firewall filter based on the instructions and view
ACL or firewall entries entries by using appropriate show command.
Instructions:
1. Enter into Configuration Mode

2. Enter into firewall filter mode by creating a filter with name filter1
3. Apply the match-condition that permit ip 192.168.10.5
4. Use the show command to see the ACL
On R1
user@R1>configure
[edit]
user@R1#exit
[edit]
user@R1#show
[edit]
user@R1#commit

commit complete
[edit]
user@R1#exit
user@R1>show configuration
Back
19.4 : Lab Exercise 4 : Configuring and Verifying firewall filter

Lab Scenario-1
Description: The exercise explains configuring and verifying firewall filter based on given set of
instructions.
Instructions:

2. Enter the interface mode of the devices and assign the ip address as per the table
3. Ping R2 from both R3 and R4 and see that it is successful
4. Configure ACL on R1 that allows telnet traffic from R3 (192.168.2.2) and allow icmp traffic
from R4 (192.168.3.2) and block all other traffic
5. Apply this access-list to R1’s Sonet interface inbound traffic
6. Commit your configuration.
7. Verify the ACL applied on R1 by pinging and telnetting R2 from R3 and R4(R3(192.168.2.2))

should not be able to ping R2 but should be able to telnet to R2 and R4 (192.168.3.2) should
be able to ping R2 but not telnet to it)
Device Interface IP Address and Mask
R1 fe-1/3/0 192.168.1.1/24
so-0/0/0 192.168.2.1/24
R2 fe-1/3/0 192.168.1.2/24
R3 so-0/0/0 192.168.2.2/24
so-0/0/1 192.168.3.1/24
R4 so-0/0/0 192.168.3.2/24
On R1
user@R1>configure
[edit]
user@R1#edit interfaces fe-1/3/0 unit 0 family inet
[edit interfaces fe-1/3/0 unit 0 family inet]
user@R1#exit
[edit]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
On R2
user@R2>configure
[edit]

user@R2#exit
[edit]
user@R2#commit
commit complete
[edit]
On R3
user@R3>configure
[edit]
user@R3#exit
[edit]
user@R3#exit
[edit]
user@R3#commit
commit complete
[edit]
On R4
user@R4>configure
[edit]
user@R4#exit
[edit]
user@R4#commit
commit complete
[edit]
Verification
user@R3>ping 192.168.1.2
user@R4>ping 192.168.1.2
on R1

user@R1>configure
[edit]
user@R1#set term term1 from protocol tcp
user@R1#set term term1 from port telnet
user@R1#set term term2 from protocol icmp
user@R1#exit
[edit]

user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
Note: If a term does not contain a from statement, the packet is considered to match and the action in
the term's then statement is taken. If a term does not contain a then statement or if you do not
configure an action in the then statement, and if the packet matches the conditions in the term's from
statement, the packet is accepted.
Verification
user@R3>ping 192.168.1.2
user@R4>ping 192.168.1.2
You can try with different cases as shown below
Now , try out different cases of applying ACL and test the same as given below. But before that remove

the previously configured ACL on R1 by issuing clear firewall filter command in operational mode.
user@R1>clear firewall filter filter1
Case1: Allow traffic from ip address 192.168.2.2 block all other traffic
user@R1>configure
[edit]
Apply the firewall filter to router interface

user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
Verification
user@R3>ping 192.168.1.2
user@R4>ping 192.168.1.2
Case 2 : Block traffic from ip address 192.168.2.2 and allow all other traffic
user@R1>clear firewall filter filter1
user@R1>configure
[edit]

Apply the firewall filter to router interface

user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
Verification
user@R3>ping 192.168.1.2
user@R4>ping 192.168.1.2
Back
19.5 : Lab Exercise 5 : Configuring and Verifying firewall filter

Lab Scenario-2
Description: The lab exercise explains configuring and verifying firewall filter based on given
set of instructions.
Instructions:

2. Enter the interface mode of the devices and assign the ip address a per the table
3. Apply the Firewall filter condition on R1 which allows traffic from 192.168.4.0 network to
destination 192.168.1.2 and block all other traffic
4. Apply the firewall filter to R1's so-0/0/0 interface.
5. After configuring the device and Firewall filter configuration commit your configuration.
6. Issue ping command from R3 to R2 see that ping fails
7. Issue ping command from R4 and R5 to R2 and see that ping is successful
On R1
user@R1>configure
[edit]
user@R1#exit
[edit]
user@R1#exit
[edit]
user@R1#exit
[edit]
On R2
user@R2>configure
[edit]
user@R2#exit
[edit]
On R3
user@R3>configure
[edit]

user@R3#exit
[edit]
On R4
user@R4>configure
[edit]
user@R4#exit
[edit]
user@R4#exit
[edit]
On R5
user@R5>configure
[edit]
user@R5#exit
[edit]
user@R5#commit
commit complete
[edit]
user@R5#exit
On R1
user@R1>configure
[edit]
user@R1#set term term1 from destination-address 192.168.1.2/24

user@R1#exit
[edit]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
Verification
user@R3>ping 192.168.1.2
user@R4>ping 192.168.1.2
user@R5>ping 192.168.1.2
Back

20. Network Address Translation Labs
There are 3 kinds of NAT for junos devices. Source NAT,Destination NAT and Static NAT.
1. Source NAT: Changing the source IP address of a packet coming from the trust(inside)
network to the untrust(outside) network.
2. Destination NAT: Changing the destination ip address of a packets coming from

untrust(outside) network to trust(inside) network.
3. Static NAT:Static NAT defines a one-to-one mapping from one IP subnet to another IP
subnet. The mapping includes destination IP address translation in one direction and source IP
address translation in the reverse direction. From the NAT device , the original destination
address is virtual host ip address while the mapped to address is the real host ip address.
20.1 : Lab Exercise 1 : Configuring Source NAT using Egress interface

Address
Description:The lab exercise explains Source NAT rule set rs1 with a rule r1 to match any
packet from the trust zone to the untrust zone. For matching packets, the source address is
translated to the IP address of the egress interface.
Instructions:

2. Enter into source NAT hierarchy mode
3. Create Source NAT rule set rs1 with a rule r1 to match any packet from the trust zone to the
untrust zone. For matching packets, the source address is translated to the IP address of the
egress interface. That is ge-0/0/0 interface ip address
Original Source IP Translated Source IP

192.168.2.0/24 20.1.1.60/24(Interface IP)
On R1
user@R1>configure
[edit]
user@R1# edit security nat source rule-set rs1
[edit security nat source rule-set rs1]
user@R1#set from zone trust
user@R1#set to zone untrust
user@R1# set rule r1 match source-address 192.168.2.0/24
user@R1# set rule r1 match destination-address 0.0.0.0/0
user@R1# set rule r1 then source-nat interface
user@R1#exit
[edit]
user@R1#show
Back
20.2 : Lab Exercise 2 : Configuring Source NAT Translation pool
Description: The lab exercise explains configuring address pools for source NAT.
Instructions:

2. Create a source NAT pool with name pool1
3. Configure a rule that matches packets and translates the source address to an address in the
source NAT pool. That is all traffic from trust zone to untrust zone is translated to the source
ip pool pool1
4. Issue “show security nat source summary” command to view the source nat summary details
192.168.2.10 to 192.168.2.30 200.1.1.10 to 200.1.1.30
On R1
user@R1>configure
[edit]
user@R1#edit security nat source
[edit security nat source]
user@R1#set pool pool1 address 200.1.1.10/24 to 200.1.1.30/24
user@R1#set rule-set rs1 from zone trust
user@R1#set rule-set rs1 to zone untrust
user@R1# set rule-set rs1 rule r1 match source-address 192.168.2.0/24
user@R1# set rule-set rs1 rule r1 match destination-address 0.0.0.0/0
user@R1#set rule-set rs1 rule r1 then source-nat pool pool1
user@R1#exit
[edit]
user@R1#show
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
user@R1>show security nat source summary
Back

20.3 : Lab Exercise 3 : Configuring Destination NAT pools
Description: The lab exercise explains configuring address pools for destination NAT.
Instructions:

2. Enter into destination NAT hierarchy mode
3. Create a destination NAT address pool with name destpool1
On R1
user@R1>configure
user@R1#edit security nat destination
[edit security nat destination]
user@R1#set pool destpool1 address 192.168.1.20/24
user@R1#exit
[edit]
user@R1#show
[edit]
Back

20.4 : Lab Exercise 4 : Creating Destination NAT rule set
Description: The lab exercise explains configuring rule set for destination NAT.
Instructions:

2. Enter into destination NAT hierarchy mode
3. Create destination NAT rule set rs1 with rule r1 to match packets received from the ge-0/0/0.0
interface with the destination IP address 10.1.1.1/24 For matching packets, the destination
address is translated to the address in the destpool1 pool.
4. Issue “show security nat destination summary” command to view destination nat summary
details.
Original Destination IP Translated destination IP
10.1.1.1/24 192.168.1.20/24
user@R1>configure
user@R1#set pool destpool1 address 192.168.1.20/24
user@R1#set rule-set rs1 from interface ge-0/0/0
user@R1#set rule-set rs1 rule r1 match destination-address 10.1.1.1/24
user@R1#set rule-set rs1 rule r1 then destination-nat pool destpool1
user@R1#exit
[edit]
user@R1#show
[edit]

user@R1#commit
commit complete
[edit]
user@R1#exit
user@R1>show security nat destination summary
Back
20.5 : Lab Exercise 5 : Configuring Static NAT for single address translation
Description: The lab exercise explains configuration of static NAT
Instructions:

2. Enter into static NAT hierarchy mode
3. Create a static NAT rule set rs1 with rule r1 to match packets from the untrust zone with the
destination address 10.10.10.1/24. For matching packets, the destination IP address is translated
to the private address 192.168.1.20/24.
4. Issue show security nat static rule all command to check the applied rules
Original Destination IP Translated Destination IP
10.10.10.1/24 192.168.1.20/24
On R1
user@R1>configure
user@R1#edit security nat static
[edit security nat static]
user@R1#set rule-set rs1 from interface ge-0/0/0
user@R1#set rule-set rs1 rule r1 then static-nat prefix 192.168.1.20/24

user@R1#exit
[edit]
user@R1#show
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
user@R1>show security nat static rule all
Back
20.6 : Lab Exercise 6 : Configuring Source NAT using multiple rules Lab
Scenario-1
Description: The lab exercise explains configuration source NAT based on given set of
instruction.
Instructions:
1. Create a source NAT pool srcnatpool1

2. Create a source NAT pool srcnatpool2
3. Create source NAT rule set rs1 with rule r1 to match packets with a source IP address in
the 10.10.1.0/24 subnets. For matching packets, the source address is translated to an IP address
in the srcnatpool1 pool.
4. Apply rule r2 to match packets with a source IP address of 192.168.1.2/24. For matching
packets, there is no NAT translation performed.
5. Rule r3 to match packets with a source IP address in the 192.168.1.0/24 subnet. For matching

packets, the source address is translated to an IP address in the srcnatpool2 pool.
6. From operational mode enter show security nat source summary.
10.10.1.0/24 192.0.0.0/24-192.0.0.24
192.168.1.0/24 192.0.0.100-192.0.0.249 (no port

translation)
192.168.1.2/24 no source NAT translation)
On R1
user@R1>configure
[edit]
user@R1#set pool srcnatpool1 address 192.0.0.1/24 to 192.0.0.24 /24
user@R1#set pool srcnatpool2 address 192.0.0.100/24 to 192.0.0.249/24
user@R1#set rule-set rs1 rule r1 match source-address 10.10.1.0/24
user@R1#set rule-set rs1 rule r1 then source-nat pool srcnatpool1
user@R1#set rule-set rs1 rule r2 then source-nat off
user@R1#exit
[edit]

user@R1#show
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
user@R1>show security nat source summary
Back
20.7 : Lab Exercise 7 : Configuring Source NAT using multiple rules Lab
Scenario-2
Description: The lab exercise explains configuring the source NAT based on given set
instructions.
Instructions:

2. Create source nat pool srcnatpool1 with no port address translations
3. Create source NAT rule set rs1 to match all the packets from trust zone to untrust zone.
4. Create a rule r1 that matches packets and translates source address to an address in the pool.

10.1.1.0/24 2.2.2.1/24 (no port address translation)
10.1.2.0/24
192.168.1.0/24
user@R1>configure
[edit]
user@R1#set pool srcnatpool1 address 2.2.2.1/24 to 2.2.2.24/24
user@R1#set pool srcnatpool1 port no-translation
user@R1#exit
[edit]
user@R1#show
Back
20.8 : Lab Exercise 8 : Configuring Destination NAT using multiple rules

Description: The lab exercise explains configuring destination NAT based on given set of
instructions.
Instructions:
1. Create a destination NAT pool destnatpool1 that contains ip address 192.168.1.200 and port
80.
2. Create a destination NAT pool destnatpool2 that contains ip address 192.168.1.220 and port
8000
3. Destination NAT rule set rs1 with rule r1 to match packets received from the untrust zone
with the destination IP address 1.1.1.200 and destination port 80. For matching packets, the
destination address is translated to the address in the destnatpool1 pool.
4. Destination NAT rule set rs1 with rule r2 to match packets received from the untrust zone
with the destination IP address 1.1.1.200 and destination port 8000. For matching packets, the
destination IP address and port are translated to the address and port in the destnatpool2 pool.
5. From operational mode enter the command “show security nat destination summary”
Original Destination IP Translated Destination IP
1.1.1.200 port 80 192.168.1.200 port 80
1.1.1.200 port 8000 192.168.1.220 port 8000
user@R1>configure

[edit]
user@R1# set pool destnatpool1 address 192.168.1.200/24 port 80
user@R1# set pool destnatpool2 address 192.168.1.220/24 port 8000
user@R1# set rule-set rs1 from zone untrust
user@R1# set rule-set rs1 rule r1 match destination-port 80
user@R1#set rule-set rs1 rule r1 then destination-nat pool destnatpool1
user@R1# set rule-set rs1 rule r2 match destination-port 8000
user@R1# set rule-set rs1 rule r2 then destination-nat pool destnatpool2
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
user@R1>show security nat destination summary
Back

21. Exercises on DHCP
21.1 : Lab Exercise 1 : Configuring juniper router as a DHCP Server
Description : This lab exercise demonstrates the required commands for DHCP Server
configuration on a juniper router.
Instructions:
1. Enter into configuration mode of device R1

2. Assign the IP address of ge-0/0/0 interface as 192.168.100.1/24
3. Configure the dhcp server
4. Specify the low and high ip address pool range
5. Configure default and maximum lease-time
6. Configure the domain-name used by client
7. Configure DNS Server IP address
8. Configure the default-router address
On R1
user@R1>configure
[edit]
user@R1#edit interfaces ge-0/0/0 unit 0 family inet
[edit interfaces ge-0/0/0 unit 0 family inet]
user@R1#exit
[edit]
user@R1#edit system services dhcp
[edit system services dhcp]
user@R1#set pool 192.168.100.0/24 address-range low 192.168.100.1
user@R1#set pool 192.168.100.0/24 address-range high 192.168.100.50
user@R1#set pool 192.168.100.0/24 domain-name xyz.com

user@R1#set pool 192.168.100.0/24 name-server 192.168.100.2
user@R1#set pool 192.168.100.0/24 router 192.168.100.1
user@R1#set pool 192.168.100.0/24 default-lease-time 1309300
user@R1#set pool 192.168.100.0/24 maximum-lease-time 2429300
user@R1#exit
[edit]
user@R1#show
Back
21.2 : Lab Exercise 2 : DHCP client configuration
Description : This lab exercise demonstrates DHCP client configuration i.e, Configuring
an interface on the router to use DHCP to acquire its IP address.
Instructions:
1. Before proceeding with the DHCP client configuration, make sure that DHCP server is
configured as shown in the previous lab exercise.
3. For the security zone (for example, untrust) to which the interface is bound, specify
DHCP as a host-inbound service.
4. Enter into configuration mode of R2 and specify the interface ( ge-0/0/0) on which to
enable the DHCP client.
5. On R2 issue “show system services dhcp client” command to view information about
DHCP Client

On R1
user@R1>configure
[edit]
user@R1#set security zones security-zone untrust interfaces ge-0/0/0 host-inbound-
traffic system-services dhcp
user@R1#commit
commit complete
user@R1#exit
[edit]
On R2
user@R2>configure
[edit]
user@R2#set interfaces ge-0/0/0 unit 0 family inet dhcp
user@R2#commit
commit complete
user@R2#exit
[edit]
user@R2>show system services dhcp client
Back
21.3 : Lab Exercise 3 : Configuring two DHCP clients and DHCP

verification commands
Description: This lab exercise demonstrates DHCP server configuration and DHCP client
configuration on two routers and also shows the verification commands both on the server

and the client.
Instructions:

2. Assign ipaddress of ge-0/0/0 interface as 192.168.1.1/24 and ge-0/0/1 interface as
192.168.1.2/24
3. Configure the dhcp server
4. Specify the low and high ip address pool range
5. Configure default and maximum lease-time
6. Configure the domain-name used by client
7. Configure DNS Server IP address
8. Configure the default-router address
10. For the security zone (for example, untrust) to which the interface is bound, specify DHCP as
a host-inbound service.(ge-0/0/0 and ge-0/0/1)
11. Enter into configuration mode of R2 and specify the interface ( ge-0/0/0) on which to enable
the DHCP client.
12. Enter into configuration mode of R3 and specify the interface ( ge-0/0/0) on which to enable
the DHCP client.
13. On R1 issue “show system service dhcp binding” command to view the addresses allocated to
clients
14. Issue “show system service dhcp pool” command on R1 to view server ip address pool
15. On R2 and R3 issue “show system service dhcp client” command to view information about
DHCP client
On R1
user@R1>configure
[edit]
user@R1#exit
[edit]
user@R1#exit
[edit]
user@R1#set pool 192.168.1.0/24 domain-name sample.com

user@R1#set pool 192.168.1.0/24 default-lease-time 1428700
user@R1#set pool 192.168.1.0/24 maximum-lease-time 2356210
user@R1#set pool 192.168.1.0/24 server-identifier 192.168.1.1
user@R1#exit
[edit]
user@R1#set security zones security-zone untrust interfaces ge-0/0/0 host-inbound-traffic
system-services dhcp
[edit]
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
user@R1>show system services dhcp pool
On R2
user@R2>configure
[edit]
user@R2#set dhcp
user@R2#exit
[edit]
user@R2#commit
commit complete
[edit]
user@R2#exit
On R3
user@R3>configure
[edit]
user@R3#set dhcp
user@R3#exit

[edit]
user@R3#commit
commit complete
[edit]
user@R3#exit
On R1
user@R1>show system services dhcp binding
Back
21.4 : Lab Exercise 4 : Assigning ip address to PC(computer) from DHCP server
Description :The lab exercise explains dynamically assigning ip address to computers via DHCP
server.
Instructions :
1. Connect to R1 and configure the IP address of 192.168.1.1/24 on the ge-0/0/0 interface and
also configure the R1 as DHCP server
2. To assign ip address to PC1 click network diagram button and in network diagram window
click PC1 icon from the diagram and in PC1 prompt type ip dhcp command

3. To check the client gets ip address from server type show ip command on PC1 prompt
user@R1>configure
[edit]
[edit]
user@R1#set pool 192.168.1.0/24 domain-name xyz.com
user@R1#exit
[edit]
Assign DHCP as an allowed inbound service for the interface ge-0/0/0 to enable DHCP.

user@R1#commit
commit complete
user@R1#exit
user@R1>show system services dhcp pool
Obtain ip address automatically from DHCP server for PC1
PC1>ip dhcp
PC1>show ip
http://www.jpudasaini.com.np/2015/09/juniper-dhcp-server-configuration.html
http://www.jaredlog.com/?p=2085
Back

22. Juniper Switch Models
Juniper switches are available in two series
a. EX Series Ethernet Switches : Deliver high performance, carrier-class solutions built to meet
the needs of today's converged branch office, campus, and data center networks.
b. QFX Series : High-performance devices deliver Juniper's unique QFabric architecture,

supporting thousands of ports within a single-tier data center or cloud network with ultra-low
latency, high resiliency, and the simplicity of a single switch.
23. EX Series Switches Overview
23.1. EX2200 Switch
Juniper Networks EX2200 Ethernet switches provide connectivity for low-density environments.
EX2200 switches are available in models with either 24 or 48 built-in network ports and four
uplink ports, with Power over Ethernet (PoE) either available in all built-in network ports or not
available in any built-in network port. All models provide network ports that have
10/100/1000Base-T Gigabit Ethernet connectors and four uplink ports. These switches run under
Junos OS for EX Series switches. Each EX2200 switch has four uplink ports that support 1-
gigabit small form-factor pluggable (SFP) transceivers for use with fiber connections and copper
connections. PoE ports provide electrical current to devices through the network cables so that
separate power cords for devices such as IP phones, wireless access points, and security cameras
are unnecessary.
Model Number Access Ports PoE Enabled Ports
EX2200-24T-4G 24 Gigabit Ethernet -
EX2200-24P-4G 24 Gigabit Ethernet All 24 ports
EX2200-48T-4G 48 Gigabit Ethernet -
EX2200-48P-4G 48 Gigabit Ethernet All 48 ports
22.1.1. EX2200 Front Panel
The front panel of an EX2200 switch consists of the following components:
• Network ports—depending on the switch model, either of:
 24 or 48 10/100/1000Base-T Gigabit Ethernet ports, with Power over

Ethernet (PoE) not available in EX2200-24T and EX2200-48T

 24 or 48 10/100/1000Base-T Gigabit Ethernet ports, with Power over
Ethernet (PoE) available in EX2200-24P and EX2200-48P
• 4 built-in SFP uplink ports
• 2 chassis status LEDs
• 4 port status mode LEDs
• Mode button
23.1.2. Chassis LEDs
The front panel of an EX2200 switch has two chassis status LEDs labeled SYS and
ALM on the far right side of the panel, above the uplink ports.

LED Label Color State and Decription
ALM Unlit There is no alarm
Amber There is a minor alarm
Red There is a major alarm
SYS Green On steadily : The switch is

functioning normally
Blinking : The switch is

booting
Off : The switch is off
23.1.3. EX2200 Rear Panel
The rear panel of the EX2200 switch consists of the following components:
• Management Ethernet port
• USB port
• Console port
• Protective earthing terminal
• ESD point
• Air exhaust
• Serial number ID label
• AC power cord inlet

23.2. EX2500 Switch
The EX2500 line of ethernet switches delivers a compact, energy efficient ethernet solution for
10 gigabit Ethernet GbE top-of-rack data center access deployments where high performance,
low latency and high availabilty are key requirements.
The EX2500 switch has 24 SFP+ ports, 2 management ports, and 1 console port. (The EX2500
switch contains 24 10-gigabit Small Form-Factor Pluggable Plus (SFP+) ports and 2 1-gigabit
management ports. The 10-gigabit SFP+ ports can accept 10-gigabit optical transceivers or Direct
Attach Cables (DACs). This 1U switch is rack mountable in either the horizontal or vertical
direction, depending on your application.)
Model Number Description
EX2500-24F-FB 24-port Gigabit Ethernet/10-Gigabit Ethernet

SFP
EX2500-24F-BF 24-port Gigabit Ethernet/10-Gigabit Ethernet

SFP
Note: SFP+ Ports: 24 Small Form-Factor Pluggable (SFP+) ports are located on the front panel.
These ports accept approved optical SFP+ transceivers or direct access cables (DACs).
23.3. EX3200 Switch
The EX3200 line of Ethernet switches offers a simple, cost-effective solution for low-density
branch and regional offices.

EX3200 switches are available in models with either 24 or 48 ports and with either all ports
equipped for Power over Ethernet (PoE) or only 8 ports equipped for PoE. EX3200 switches with
a DC power supply installed do not provide PoE. All models provide ports that have
10/100/1000Base-T Gigabit Ethernet connectors and optional 1-gigabit small form-factor
pluggable (SFP) transceivers, 10-gigabit small form-factor pluggable (SFP+) transceivers, or 10-
gigabit small form-factor pluggable (XFP) transceivers for use with fiber connections.
Model Access Ports No of PoE enabled ports
EX3200-24T 24 Gigabit Ethernet First 8 ports
EX3200-24P 24 Gigabit Ethernet All 24 ports
EX3200-24T-DC 24 Gigabit Ethernet -
EX3200-48T-DC 48 Gigabit Ethernet -
23.4. EX4200 Switch
Juniper Networks EX4200 Ethernet Switches provide connectivity for medium- and high-density
environments and scalability for growing networks.
EX4200 switches are available in models with 24 or 48 ports and with either all ports equipped
for Power over Ethernet (PoE) or only 8 ports equipped for PoE. All models provide ports that
have 10/100/1000Base-T Gigabit Ethernet connectors and optional 1-gigabit small form-factor
pluggable (SFP) transceivers, 10-gigabit small form-factor pluggable (SFP+) transceivers, or 10-
gigabit small form-factor pluggable (XFP) transceivers for use with fiber connections.
Additionally, a 24-port model provides 100Base-FX/1000Base-X SFP ports. This model is

typically used as a small distribution switch.
Model Ports PoE enabled ports

EX4200-24F 24 Gigabit Ethernet
EX4200-24T-DC 24 Gigabit Ethernet
EX4200-48T-DC 48 Gigabit Ethernet
EX4200-24F-DC 24 Gigabit Ethernet
23.5. EX4500 Switch
EX4500 switches provide connectivity for high-density 10-Gigabit Ethernet data center top-of-
rack and aggregation deployments. Typically, EX4500 switches are used in data centers where
they can be positioned as the top device in a rack to provide connectivity for all devices in the
rack.
Model Access Port Configuration
EX4500-40F-FB 40-port GbE/10GbE SFP/SFP+
EX4500-40F-BF 40-port GbE/10GbE SFP/SFP+
EX4500-40F-FB-C 40-port GbE/10GbE SFP/SFP+
EX4500-40F-BF-C 40-port GbE/10GbE SFP/SFP+
EX4500-40F-DC-C 40-port GbE/10GbE SFP/SFP+
EX4500-40F-VC1-FB 40-port GbE/10GbE SFP/SFP+
EX4500-40F-VC1-BF 40-port GbE/10GbE SFP/SFP+
EX4500-40F-VC1-DC 40-port GbE/10GbE SFP/SFP+
Note: · The FB and BF in the model number indicate the direction of airflow of the chassis:

• FB—Front-to-back airflow
• BF—Back-to-front airflow
· The C in the model number indicates the Converged Enhanced Ethernet (CEE) status of switch:
• C—CEE capable
• None—Not CEE capable
· The DC in the model number indicates that the switch model supports DC power supply.
· The VC in the model number indicates that the switch model can be used in a Virtual Chassis
configuration.
23.6. EX8200 Switch
The EX8200 line of modular Ethernet switches is a family of high-performance, highly available
platforms for use in high-density 10GbE data centers, campus aggregations and core networks.
Juniper Networks EX8200 Ethernet line cards offer a variety of interfaces for supporting high-
density 100 Mbps, Gigabit and 10 Gigabit Ethernet (GbE) deployments. Four versions of the
EX8200 Ethernet line cards are available, each of which supports a consistent set of features and
capabilities: the EX8200-48T, the EX8200-48F, the EX8200-8XS and the EX8200-40XS.
Three of these cards are available in Extra Scale (ES) configurations—the EX8200-48T-ES, the
EX8200-48F-ES and the EX8200-8XS-ES—which are optimized for large-scale deployments
such as large campuses, global data centers, or cloud-based applications.
Ethernet Line Card Specifications
EX8200- EX8200- EX8200- EX8200-40XS EX8200- EX8200-2XS-

48T/EX8200- 48F/EX8200- 8XS/EX8200- 48PL/EX8200 4OP/EX8200-
48T-ES 48F-ES 8XS-ES -48TL 2XS-4OT
Port 48 RJ-45 48 SFP 8 SFP+ 40 SFP/SFP+ 48 RJ-45 40 RJ-45 / 4 SFP

quantity /2 SFP+
and type
PoE/PoE 0 0 0 0 48/12 (48PL 40/12 (40P only)

+ ports only)
Port 10/100/1000 100/1000 Mbps 10 Gbps 1 Gbps/10 Gbps 10/100/1000 10/100/1000

speed Mbps Mbps Mbps; 100/1000
Mbps; 10 Gbps

24. Connecting and Configuring an EX Series Switch (CLI Procedure)
Set the following parameter values in the console server or PC:
 Baud Rate—9600
 Flow Control—None
 Data—8
 Parity—None
 Stop Bits—1
 DCD State—Disregard
To connect and configure the switch from the console using the CLI:
1. Connect the console port to a laptop or PC using the RJ-45 to DB-9 serial port adapter. The RJ-45
cable and RJ-45 to DB-9 serial port adapter are supplied with the switch.
 EX2200, EX3200, or EX4200 switch—The console port is located on the rear panel of the
switch.
 EX4500 switch—The console port is located on the front panel of the switch.
 EX8200 switch—The console port is located on the Switch Fabric and Routing Engine (SRE)
module in slot SRE0 in an EX8208 switch or on the Routing Engine (RE) module in slot RE0
in an EX8216 switch.
2. At the Junos OS shell prompt root%, type ezsetup.
3. Enter the hostname. This is optional.
4. Enter the root password you plan to use for this device. You are prompted to re-enter the root
password.
Note: The initial login name and password on EX-series switches:

login: root
password: <no password>
The device is shipped with no password; simply press the enter key.
Note: For security reasons, create a password for the Root ID.
5. Enter yes to enable services like Telnet and SSH. By default, Telnet is not enabled and SSH is
enabled.
6. Use the Management Options page to select the management scenario:
• Configure in-band management. In this scenario you have the following two options:
 Use the default VLAN.

 Create a new VLAN—If you select this option, you are prompted to specify the VLAN name,
VLAN ID, management IP address, and default gateway. Select the ports that must be part of
this VLAN.
• Configure out-of-band management. Specify the IP address and gateway of the management
interface. Use this IP address to connect to the switch.
7. Specify the SNMP Read Community, Location, and Contact to configure SNMP parameters. These

parameters are optional.
8. Specify the system date and time. Select the time zone from the list. These options are optional.
9. The configured parameters are displayed. Enter yes to commit the configuration. The configuration is
committed as the active configuration for the switch.
10.(For EX4500 switches only) Enter the request chassis pic-mode intraconnect operational mode
command to set the PIC mode to intraconnect.
You can now log in with the CLI or the J-Web interface to continue configuring the switch.
The Juniper Networks QFX3500 Switch is a high-speed, multipurpose switch especially designed for next-
generation data centers that provides a total switching capacity and throughput of 640 Gbps.
48 10-Gbps access ports in the switch use small form-factor pluggable plus transceivers (SFP+) and operate
by default as 10-Gigabit Ethernet interfaces. Optionally, you can choose to configure up to 12 of the ports as
2-Gbps, 4-Gbps, or 8-Gbps Fibre Channel (FC) interfaces, and up to 36 of the ports as 1-Gigabit Ethernet
interfaces. 4 40-Gbps uplink ports in the switch use quad, small form-factor pluggable plus (QSFP+)
transceivers.
SFP+ Access Ports
The QFX3500 switch has 48 access ports (0-47) that support small form-factor pluggable plus (SFP+) and
small form-factor pluggable (SFP) transceivers, as well as SFP+ direct attach copper cables, also known as
Twinax cables.
• Up to 48 of the access ports can be used for SFP+ transceivers or SFP+ direct attach copper cables.
10-Gigabit Ethernet SFP+ transceivers and SFP+ direct attach copper cables can be used in any
access port. 2-Gbps, 4-Gbps, or 8-Gbps Fibre Channel SFP+ transceivers can be used in ports 0
through 5 and ports 42 through 47.
• Up to 36 of the access ports can be used for SFP transceivers. Gigabit Ethernet SFP transceivers can
be used in ports 6 - 41.
QSFP+ Uplink Ports
The QFX3500 switch has four uplink ports (Q0-Q3) that support up to four 40-Gbps quad small form-factor
pluggable plus (QSFP+) transceivers.

Note: Please refer to the below network diagram for the switch exercises given in the next sections.
26. Basic Switch Labs
26.1 : Lab Exercise 1 : Entering configuration mode on a switch and exit
Description: A basic exercise that shows how to enter configuration mode and exit from the
same. Choose SW1 from the network diagram and exit.
Instructions

2. Get back to the operational mode
user@SW1>configure
[edit]
user@SW1#exit
user@SW1>
Back

26.2 : Lab Exercise 2 : Setting Hostname
Description: Set the switch hostname as junipersw. Choose SW1 from the network
diagram.
Instructions

2. Set hostname as “junipersw”
user@SW1>configure
[edit]
user@SW1#edit system
[edit system]
user@SW1#set host-name junipersw
[edit system]
user@junipersw#exit
[edit]
Back
26.3 : Lab Exercise 3 : Set interface description
Description: In this exercise, description to an interface is set by using set description

command.
Instructions:

2. Set the description of interface ge-0/0/0 as "interface-ge-0/0/0"
user@SW1>configure
[edit]
user@SW1#edit interfaces ge-0/0/0
user@SW1#set description interface-ge-0/0/0
user@SW1#exit
[edit]
user@SW1#
Back
26.4 : Lab Exercise 4 : Shutdown an interface
Description: By default, an interface will be in up state. We need to issue disable

command to bring-down the interface.

Instructions
1. Enter into interfaces hierarchy mode

2. Shutdown the interface ge-0/0/0 using disable command
user@SW1>configure
[edit]
user@SW1#set disable
user@SW1#exit
[edit]
user@SW1#
Back
26.5 : Lab Exercise 5 : Basic CLI commands
Description: This exercise demonstrates various basic show commands available.
Instructions
1. Issue show cli command

2. Issue show cli history command
3. Issue show version command
user@SW1>show cli
user@SW1>show cli history
user@SW1>show version
Back
26.6 : Lab Exercise 6 : Configure bandwidth on an interface
Description: This exercise demonstrates setting bandwidth on an interface.
Instructions

2. Set bandwidth of ge-0/0/0 unit 0 as 100m
user@SW1>configure
[edit]
user@SW1#edit interfaces
[edit interfaces]

user@SW1#set ge-0/0/0 unit 0 bandwidth 100m
Note: 100m sets bandwidth as 100Mbps.
Back
26.7 : Lab Exercise 7 : Configuring ether-options on the gigabit ethernet

switch interface
Description: This lab exercise demonstrates configuring ether-options like link-mode,

speed on a switch interface.
Instructions
1. Enter into gigabit ethernet interface mode

2.Set the link-mode to full-duplex
3.Set the interface speed to 10m
4.Verify the configuration using show command
user@SW1>configure
[edit]
user@SW1#set ether-options link-mode full-duplex
user@SW1#set ether-options speed 10m
user@SW1#exit
[edit]
user@SW1#commit
[edit]
user@SW1#show
Back
26.8 : Lab Exercise 8 : Configuring the management IP address on EX

series switch
Description: This exercise demonstrates configuring management IP address on a EX-Series

Switch.
Instructions

2. Set the management interface i.e, me0 address as 10.93.15.246/21
3. Verify using show command
user@SW1>configure

[edit]
user@SW1#edit interfaces
[edit interfaces]
user@SW1#set me0 unit 0 family inet address 10.93.15.246/21
[edit interfaces]
user@SW1#exit
[edit]
user@SW1#commit
[edit]
user@SW1#show
Note: The EX-series switch management interface is a physical or virtual port through which the
switch can be configured and maintained. The JUNOS for EX-series software automatically
creates the switch's management Ethernet interface, me0. The management Ethernet interface
provides an out-of-band method for connecting to the switch. To use me0 as a management port,
you must configure its logical port, me0.0, with a valid IP address.
Back

27. Lab Exercises on VLAN
27.1 : Lab Exercise 1 : DefineVLANs
Description: This exercise demonstrates the commands required to create VLANs on the
switch.
Instructions
1. Create VLAN 10 and 20 by using the command syntax “set vlans <vlan-name> vlan-id <vlan-
id-number>
2.Verify the same using show vlans command
user@SW1>configure
[edit]
user@SW1#set vlans marketing vlan-id 10
[edit]
user@SW1#set vlans support vlan-id 20
[edit]
user@SW1#commit
[edit]
user@SW1#exit
user@SW1>show vlans
Back
27.2 : Lab Exercise 2 : Configure a port for membership in that VLAN
Description: This exercise demonstrates the commands required to configure a port as a

member of the VLAN.
Instructions
1. Create VLAN by configuring the VLAN

2. Configure the interface port to be a member of the created VLAN
3. Verify using show command
user@SW1>configure
[edit]
user@SW1#set vlans marketing vlan-id 10
[edit]
user@SW1#set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members
marketing
[edit]
user@SW1#commit
[edit]
user@SW1#exit
user@SW1>show vlans

Back
27.3 : Lab Exercise 3 : Configuring an interface as a trunk port
Description: This exercise demonstrates the commands required to configure a port as

trunk.
Instructions
1. Create VLAN by configuring the VLAN

2. Configure the interface to be a part of the created VLAN
3. Set the appropriate port as trunk port. Note that the port is access port by default.
user@SW1>configure
[edit]
user@SW1#set vlans production vlan-id 20
[edit]
production
[edit]
user@SW1#set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk
[edit]
Back
27.4 : Lab Exercise 4 : Configuring VLANs on EX series switch
Description: This exercise demonstrates VLAN configuration commands on EX-Series

switches in general. EX-series switches use VLANs to make logical groupings of network
nodes with their own broadcast domains. For each endpoint on the VLAN, configure the
VLAN parameters on the corresponding interface.
Instructions
1.Configure the VLAN tag ID with vlan-name as sales

2.Specify the maximum time that an entry can remain in the forwarding table before it ages out
3.Configure the port ge-0/0/0 to be a member of the VLAN sales
4.Create the subnet for the VLAN
5. Commit the configuration before verifying using show configuration command.
user@SW1>configure
[edit]
user@SW1#edit vlans
[edit vlans]
user@SW1#set sales vlan-id 2
[edit vlans]
user@SW1#set sales mac-table-aging-time 500
[edit vlans]

user@SW1#exit
[edit]
user@SW1#edit interfaces ge-0/0/0 unit 0
[edit interfaces ge-0/0/0 unit 0]
user@SW1#set family ethernet-switching vlan members sales
user@SW1#exit
[edit]
user@SW1#set interfaces vlan unit 2 family inet address 192.168.2.1/24
[edit interfaces]
user@SW1#commit
[edit]
user@SW1#exit
user@SW1>show configuration
Back
27.5 : Lab Exercise 5 : Configuring Routed VLAN interface (Inter-VLAN

routing) on a switch
Description: This exercise explains the commands required to route traffic between two VLANs
on the same switch.
Instructions
1.Create the management and finance department VLANs by configuring the VLAN IDs for
them
2.Configure the interface for the management server in the management VLAN
3.Configure the interface for the management access point in the management VLAN
4.Configure the interface for the finance server in the finance VLAN

5.Configure the interface for the finance access point in the finance VLAN
6.Create the interface named vlan with a logical unit in the management broadcast domain
(management VLAN)
7. Add a logical unit in the finance broadcast domain (finance VLAN) to the vlan interface
8.Complete the RVI configuration by binding the management and finance VLANs (Layer 2)
with the appropriate logical units of the vlan interface (Layer 3)
9. Verify using show commands
1. Create the VLAN by assigning it a name and a VLAN ID:
user@SW1>configure
[edit]
user@SW1#edit vlans
[edit vlans]
user@SW1#set management vlan-id 10
[edit vlans]
user@SW1#set finance vlan-id 20
[edit vlans]
user@SW1#exit
[edit]
2. Assign an interface to the VLAN by specifying the logical interface (with the unit
statement) and specifying the VLAN name as the member:

user@SW1#set description Managementdepartmentport
user@SW1#set family ethernet-switching vlan members management
user@SW1#exit

user@SW1#set description Managementaccesspointport
user@SW1#set family ethernet-switching vlan members management
user@SW1#exit

user@SW1#set description financedepartmentport
user@SW1#set family ethernet-switching vlan members finance
user@SW1#exit


user@SW1#set description financeaccesspointport
user@SW1#set family ethernet-switching vlan members finance
user@SW1#exit
3. Create the subnet for the VLAN’s broadcast domain
[edit]
[edit]
[edit]
user@SW1#commit
[edit]
4. Layer 3 interfaces on trunk ports allow the interface to transfer traffic between multiple
VLANs. Within a VLAN, traffic is bridged, while across VLANs, traffic is routed. Bind a
Layer 3 interface with the VLAN
user@SW1#edit vlans
[edit vlans]
user@SW1#set management l3-interface vlan.10
[edit vlans]
user@SW1#set finance l3-interface vlan.20
[edit vlans]
user@SW1#exit
[edit]
user@SW1#commit
[edit]
user@SW1#exit
user@SW1>show vlans
Back
27.6 : Lab Exercise 6 : Creating DHCP pool on EX series switches
Description:DHCP server provides IP addresses to its hosts automatically. You can configure
DHCP server on EX series switches for one or multiple VLANs. Here we will setup DHCP
server for one VLAN.

Instructions:
1. Choose device SW1 from network diagram and exit

2. Enter into configuration mode of SW1
3. Create vlan by name test1 with vlan id 10
4. Make the interfaces ge-0/0/0 and ge-0/0/1 members of created vlan
5. Create layer 3 interface for vlan and assign ip address for the vlan interface
6. Create DHCP services on the EX switch by creating a DHCP pool
7. Associate Layer 3 interface for created vlan
8.To assign ip address to PC1 click network diagram button and in network diagram window
click PC1 icon from the diagram and type ip dhcp command to obtain ip address automatically
from dhcp server
9. To assign ip address to PC2 click network diagram button and in network diagram window
click PC2 icon from the diagram and type ip dhcp command to obtain ip address automatically
from dhcp server
user@SW1>configure
[edit]
user@SW1#set vlans test1 vlan-id 10
[edit]
user@SW1#set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members test1
[edit]
[edit]
[edit]
user@SW1#edit system services dhcp
user@SW1#set pool 192.168.10.0/24 address-range low 192.168.10.1
user@SW1#set pool 192.168.10.0/24 address-range high 192.168.10.50

user@SW1#set pool 192.168.10.0/24 domain-name sample.com
user@SW1#set pool 192.168.10.0/24 name-server 192.168.10.1
user@SW1#set pool 192.168.10.0/24 router 192.168.10.1
user@SW1#set pool 192.168.10.0/24 default-lease-time 12345
user@SW1#exit
[edit]
user@SW1#set vlans test1 l3-interface vlan.10
[edit]
user@SW1#commit
commit complete
[edit]
Obtain ip address automatically from DHCP server for PC1 and PC2
PC1>ip dhcp
PC2>ip dhcp
PC1>show ip
PC2>show ip
user@SW1>show system services dhcp binding

user@SW1>show system services dhcp pool
http://www.commsolutions.com/2013/12/creating-dhcp-pool-juniper-ex-series-switch/
https://books.google.co.in/books?id=BvGbCgAAQBAJ&pg=PA49&lpg=PA49&dq=pc
%3Eip+dhcp+command+gns3&source=bl&ots=hNlJFTKKHL&sig=jrC9NMjIRQzoSOvFRM-
CbCkbwk8&hl=en&sa=X&ved=0ahUKEwjJ_aO4rZjOAhXEpY8KHVu6BgE4ChDoAQgmMAI
#v=onepage&q&f=false
Back
27.7 : Lab Exercise 7 : Configure DHCP Server for multiple vlans in EX

series switches
Description: The lab exercise explains configuring DHCP server for multiple vlans

Instructions:

3. Create two vlans by name test1 and test2 with vlan id 10 and vlan id 20 respectively
4. Make the interfaces ge-0/0/0 as member of test1
5. Make the interface ge-0/0/1 as member of test2
6. Configure layer 3 interface and assign ip address for each vlan interface
7. Create DHCP services on the EX switch by creating a DHCP pool for vlan 10 first
8. Associate l3 interface for created vlan 10
9. Create DHCP services on the EX switch by creating a DHCP pool for vlan 20
11.To assign ip address to PC1 click network diagram button and in network diagram
window click PC1 icon from the diagram and type ip dhcp command to obtain ip address
automatically from dhcp server
12. To assign ip address to PC2 click network diagram button and in network diagram
automatically from dhcp server
user@SW1>configure
[edit]
[edit]
[edit]
test1
[edit]
test2
[edit]

[edit]
[edit]
user@SW1#commit
commit complete
[edit]
user@SW1#exit
[edit]
[edit]
user@SW1#set pool 192.168.20.0/24 domain-name xyz.com
user@SW1#exit
[edit]
[edit]
user@SW1#commit
commit complete
[edit]
user@SW1#exit
PC1>ip dhcp

PC2>ip dhcp
PC1>show ip
PC2>show ip

Back
27.8 : Lab Exercise 8 : Vlan Scenario
Description: This lab exercise helps to get familiar with the benefits of a VLAN and also
in understanding the process to configure a router and a switch to support VLANs.
Instructions:
1. Connect to R1 and configure the IP address of 192.168.200.1/24 on the ge-0/0/0

interface
2. Select device SW1 from network diagram and exit
4. Create vlan by name wrs with vlan id 10
5. Make the interfaces ge-0/0/1 and ge-0/0/2 member of vlan wrs
6. Create layer 3 interface for the created vlan
8. Create a virtual interface for the created vlan that l3 interface for vlan 10
window click PC1 icon from the diagram. Type ip dhcp command on PC1 command
prompt.
window click PC2 icon from the diagram. Type ip dhcp command on PC1 command
prompt.
11. Now ping PC1 from PC2 see that ping is successful and try to ping R1 from PC1 and

PC2 ping fails(This is because on the switch,VLAN 10 is set to cover only port 1 and port2
that is ge-0/0/1 and ge-0/0/2)
12. Connect to Switch SW1 , assign ge-0/0/0 to VLAN 10 . This would allow to ping all of
the devices
13. Issue pings from R1 to PC1 and PC2 and from PC1 and PC2 to R1 and check the
connectivity
user@R1>configure
[edit]
user@R1#commit
commit complete
[edit]
user@SW1>configure
[edit]
user@SW1#set vlans wrs vlan-id 10
[edit]
wrs
[edit]
wrs
[edit]
[edit]
user@SW1#set vlans wrs l3-interface vlan.10
[edit]
user@SW1#set pool 192.168.200.0/24 domain-name wrs.com
user@SW1#exit
[edit]
user@SW1#commit
commit complete
[edit]
user@SW1#exit
user@SW1>show vlans

PC1>ip dhcp
PC2>ip dhcp
PC1>show ip
PC2>show ip
PC1>ping R1
PC1>ping PC2
PC2>ping R1
PC2>ping PC1
Configuring the interface ge-0/0/0 to the member of vlan 10
user@SW1>configure
[edit]
user@SW1#set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members wrs
[edit]
user@SW1#commit
commit complete
[edit]
user@SW1#
user@PC1>ping R1
user@PC2>ping R1
Back
27.9 : Lab Exercise 9 : Troubleshooting Lab with trunk functionality
Description:This lab exercise demonstrates trunk concept in VLANs. i.e with trunk set up
on only one of the the two switches and see that ping fails from R1 to WS1, correct the
configuration by setting up trunk on both the switches and verifying the same.
Note : Configuration of VLANs in Juniper switches is different from Cisco switches.

VLAN (Virtual Local Area Network) is a logical LAN that have separate broadcast
domain. VLAN is often called LAN virtualization. VLAN groups ports of the switch and
each group are given different VLAN-ID and VLAN name. The groups acts like different
switch logically. You can extend the VLAN capability of one switch by interconnecting
two or more switches via trunk ports. Trunk ports are type of ports that pass multiple
VLAN traffic between switches. Trunk ports are also called tagged ports and operates IEEE
802.1Q protocol. Configuring VLANs in JunOS can be difficult if you are configuring it
for the first time.
In Juniper switches, there is no VTP (VLAN Trunking Protocol) or DTP (Dynamic

Trunking Protocol) protocols. For managing VLANs GVRP(GARP VLAN Registration

Protocol) is used in Juniper switches. If you are connecting Cisco switches with Juniper
switches then disable VTP in Cisco switch. The VTP mode in Cisco switch must be
transparent (which means disabled).
Instructions:

2. To assign ip address to WS1 click network diagram button and in network diagram
window click WS1icon from the diagram. And in WS1 prompt enter 192.168.1.2/24 ip
address and default gateway 192.168.1.1.
3. Select device SW1 from network diagram
4. Enter configuration mode of SW1
5. Create a vlan named vlan1 with vlan-id of 100
6. Make the interface ge-0/0/0 member of the vlan1
7. Select device SW2 from network diagram
8. Also create a vlan named vlan1 with vlan-id of 100
9. Make the interface ge-0/0/0 member of vlan1
10. Issue “show vlans” command to view VLANs and its member interfaces on both
switches
11. Now ping from WS1 to R1 and see that it fails as there is no trunk line enabled to carry
traffic on any VLAN
12. Configure the trunk on ge-0/0/1 port of SW1 and now ping from WS1 to R1 and see
that it fails because trunk is to be configured on both the switches to carry traffic.
13. Now configure trunk on ge-0/0/1 port of SW2 and issue appropriate show commands to
check the same
14. Ping from WS1 to R1 and see that ping is now successful
user@R1>configure
[edit]
user@R1#exit
[edit]
user@R1#commit
commit complete
[edit]
user@R1#
WS1>ip 192.168.1.2/24 192.168.1.1

user@WS1>ping R1
user@R1>ping WS1
user@SW1>configure
[edit]
user@SW1#set vlans vlan1 vlan-id 100
[edit]
vlan1
[edit]
user@SW1#commit
commit complete
[edit]
user@SW1#exit
user@SW1>show vlans
user@R1>ping WS1
user@SW2>configure
[edit]
user@SW2#set vlans vlan1 vlan-id 100
[edit]
user@SW2#commit
commit complete
[edit]
user@SW2#
user@R1>ping WS1
user@WS1>ping R1
user@SW2>configure
[edit]
user@SW2#set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan1
[edit]
user@SW2#commit
commit complete
[edit]
user@SW2#exit
user@SW2>show vlans
user@R1>ping WS1
user@WS1>ping R1
user@SW1>configure
[edit]
[edit]
user@SW1#commit
commit complete
[edit]

user@R1>ping WS1
user@WS1>ping R1
user@SW2>configure
[edit]
[edit]
user@SW2#commit
commit complete
[edit]
user@SW2#
user@R1>ping WS1
user@WS1>ping R1
Back
27.10 : Lab Exercise 10 : Routing between vlans and ping test
Description: Lab Exercise explains routing between multiple vlans
Note : Routed VLAN interfaces (RVIs) allow the EX Series switch to recognize packets
that are being sent to local addresses so that they are bridged (switched) whenever possible
and are routed only when necessary. Whenever packets can be switched instead of routed,
several layers of processing are eliminated. An interface named vlan functions as a logical
router on which you can configure a Layer3 logical interface for each virtual LAN
(VLAN). For redundancy, you can combine an RVI with implementations of the Virtual
Router Redundancy Protocol (VRRP) in both bridging and virtual private LAN service
(VPLS) environments.
RVIs route only VLAN traffic. An RVI works by logically dividing a switch into multiple
virtual routing instances, thereby isolating VLAN traffic traveling across the network into
virtual segments. Routed VLAN interfaces allow switches to recognize which packets are
being sent to another VLAN’s MAC addresses—then, packets are bridged (switched)
whenever the destination is within the same VLAN and are only routed through the RVI
when necessary. Whenever packets can be switched instead of routed, several layers of
processing are eliminated. The switches rely on their Layer 3 capabilities to provide this
basic RVI routing between VLANs.

Instructions:

3. Create two vlans by name test1 and test2 with vlan id 10 and vlan id 20 respectively
4. Make the interfaces ge-0/0/0 as member of test1
5. Make the interface ge-0/0/1 as member of test2
6. Configure layer 3 interface and assign ip address for each vlan interface
7. Create DHCP services on the EX switch by creating a DHCP pool for vlan 10 first
via dhcp server
via dhcp server
13. Now ping PC2 from PC1 or PC1 from PC2 and see that it is successful.
user@SW1>configure
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]

[edit]
user@SW1#exit
[edit]
[edit]
user@SW1#commit
commit complete
[edit]
user@SW1#set pool 192.168.20.0/24 domain-name xyz.com
user@SW1#exit
[edit]
[edit]
user@SW1#commit
commit complete
[edit]
Obtain ip address automatically via DHCP server for PC1 and PC2
PC1>ip dhcp
PC2>ip dhcp

PC1>show ip
PC2>show ip

PC1>ping PC2
PC2>ping PC1
Back
1. Which of the following is true of a Switch?
A. Switches forward packets based on IP address.

B. Switches forward packets based on MAC address.
C. Switches forward packets based on IPX address.
D. Switches forward packets based on Layer 3 protocol.
2. Which is true regarding VLANs?
A. VLAN technology uses VLAN switches (layer 2) which is a substitute for

routing technology which uses routers.
B. A VLAN has same collision domain
C. A VLAN has same broadcast domain
D. VLANs are less secure with respect to simple switch or Hub networks.
3. Refer to the figure below, hosts on the same VLAN can communicate with each other
but are unable to communicate with hosts on different VLANs. What is needed to allow
communication between VLANs?

A. a switch with a trunk link that is configured between the switches
B. a router with an IP address on the physical interface that is connected to the
switch
C. a switch with an access link that is configured between the switches
D. an l3 interface binding the vlans

28. Lab Exercises on Spanning tree protocol and VSTP
28.1 : Lab Exercise 1 : Configuring STP Timers
Description: This lab exercise demonstrates configuring spanning-tree protocol timers.
Instructions:
1. Enter into configuration mode on SW1

2. Use the command “set stp hello-time/forward-time/max-age <value>” to configure the various
STP timers on the switch
3. Verify the configuration using show configuration command.
user@SW1>configure
[edit]
user@SW1#edit protocols
[edit protocols]
user@SW1#set stp forward-delay 20
[edit protocols]
user@SW1#set stp hello-time 5
[edit protocols]
user@SW1#set stp max-age 30
[edit protocols]
user@SW1#exit
[edit]
user@SW1#commit

[edit]
user@SW1#exit
Note: i. Hello-Time: Determines how often the switch broadcasts hello messages to other
switches.
ii. Forward-Time: Determines how long each of the listening and learning states last before the
interface begins forwarding.
iii. Max-Age: Determines the amount of time the switch stores protocol information received on
an interface.
Back
28.2 : Lab Exercise 2 : Setting bridge priority on switch
Description: This exercise demonstrates the command required to configure switch priority
of a VLAN.
Instructions:
1. Enter into configuration mode on SW1

2. Issue the command "bridge-priority <priority-value> to configure the switch priority of a
VLAN.
user@SW1>show spanning-tree interface

user@SW1>configure
[edit]
[edit protocols]
user@SW1#set stp bridge-priority 12288
[edit protocols]
user@SW1#exit
[edit]
user@SW1#show
[edit]
Note: The switch priority can be configured thus making it more likely to be chosen as the root
switch. Priority range is 0 to 61440 in increments of 4096, default is 32768.
Back
28.3 : Lab Exercise 3 : Configuring port priority
Description: This lab exercise demonstrates configuring port-priority for an interface on a

switch.
Instructions:

1. Enter into interface configuration mode on SW1
2. Issue the command "priority <priority-value> to configure port-priority on the specified
interface and verify using show command.
user@SW1>configure
user@SW1#edit protocols stp interface ge-0/0/0
[edit protocols stp interface ge-0/0/0]
user@SW1#set priority 160
[edit protocols stp interface ge-0/0/0]
user@SW1#exit
[edit]
user@SW1#commit
[edit]
user@SW1#exit
Note: Port-Priority can be between 0 and 240 in the increments of 16, default is 128, the lower
the number, higher is the priority.
Back
28.4 : Lab Exercise 4 : Verifying STP
Description: This lab exercise demonstrates the various show commands to verify
spanning-tree protocol.
Instructions:
1. Enter into configuration mode and commit on any one of the switch for the spanning tree
protocol algorithm to be saved on the switches.
2. Issue show commands to verify spanning tree protocol: To display the configured or calculated
interface-level STP parameters.
show spanning-tree interface—Display brief STP interface information.

brief | detail— Display the specified level of output.
user@SW1>configure
[edit]
user@SW1#commit
[edit]
user@SW1#exit

user@SW1>show spanning-tree interface detail


Back
28.5 : Lab Exercise 5 : Enabling VSTP on all VLANs
Description: This lab exercise demonstrates the command required to enable VSTP on all
VLANs.
Instructions
1. Create two valns by name “vlan2” and “vlan3” with vlan-id 2 and 3 respectively
2. Enter into edit protocols hierarchy to enable VLAN Spanning Tree Protocol
3. Issue command “set vstp <all> “ to enable VSTP on all VLANs
user@SW1>configure
[edit]
user@SW1#edit vlans
[edit vlans]
user@SW1#set vlan2 vlan-id 2
[edit vlans]
user@SW1#set vlan3 vlan-id 3
[edit vlans]
user@SW1#exit
[edit]
user@SW1#commit
[edit]
[edit protocols]
user@SW1#set vstp vlan all hello-time 5
Note: Make sure that VLANs are created before VSTP is enabled on a switch.
Back
28.6 : Lab Exercise 6 : Enabling VSTP on a VLAN using a single VLAN-

ID / VLAN-Name
Description: This lab exercise demonstrates the command required to enable VSTP on a VLAN
using single VLAN-ID.
Instructions
1. Create valn by name “support” with vlan-id 4

2. Enter into edit protocols hierarchy to enable VLAN Spanning Tree Protocol
3. Issue command “set vstp vlan <vlan-id-number> “ to enable VSTP on the specified VLAN or

“set vstp vlan <vlan-name>”
user@SW1>configure
[edit]
user@SW1#edit vlans
[edit vlans]
user@SW1#set support vlan-id 4
[edit vlans]
user@SW1#exit
[edit]
user@SW1#commit
[edit]
[edit protocols]
user@SW1#set vstp vlan 4 bridge-priority 4096
OR
user@SW1#set vstp vlan support bridge-priority 4096
Note: Make sure that VLANs are created before VSTP is enabled on a switch.
Back
1. Which is the default spanning-tree protocol that runs on juniper switches?
A. VLAN Spanning Tree protocol

B. Rapid Spanning Tree Protocol
C. Multiple Spanning Tree protocol
D. Spanning Tree Protocol
2. Which of the following switches becomes the Root Bridge, given the details in the below table
Switch Name Bridge Priority MAC Address Port Costs
SW1 32768 00d0-1034-26a0 All are 19
SW2 32768 00d0-1034-27a0 All are 4
SW3 32768 00d0-1034-26a1 All are 19
SW4 32768 00d0-1034-28a0 All are 19
A. SW4

B. SW2
C. SW3
D. SW1
3. What is the maximum number of Root ports that a bridge can have ?
A. Unlimited
B. 2
C. 1
D. Not necessary
4. What happens to a port that is neither a Root port nor a Designated port?
A. It is disabled
B. It can be used to send/receive frames
C. It is put into blocking state
D. It will be put into listening mode
5. Which is the designated port on segment SW1-->SW2. Refer to the exhibit below
A. Port 1 on SW1
B. Port 2 on SW1
C. Port 1 on SW2
D. Port 2 on SW2
6. Which is the designated port on the segment SW2-->SW3. Refer to the exhibit below?
A. Port 1 on SW2
B. Port 2 on SW2
C. Port 1 on SW3
D. Port 2 on SW3

29. Lab Exercises on PoE
29.1: Lab Exercise 1 : Configuring guard-band and maximum power on

PoE enabled interface
Description: This exercise demonstrates the commands required to configure parameters

like guard-band and max power on a PoE enabled interface.
Instructions
1. Enter into PoE hierarchy mode on SW2 that has PoE enabled ports.
2. Guard-band syntax is “Set guard-band <watts>”. Range to be set is 0 through 19 where
default value is 0
3. Maximum power syntax is “Set interface (all | interface-name) maximum-power <watts>”.
Range to be set is 0.0 through 18.6 for EX3200 and EX4200 switches and 0.0 through 30.0 for
EX2200 switches and Default is: 15.4 for EX3200 and EX4200 switches and 30.0 for EX2200
switches
4. Verify using show poe interface command that display status of all PoE ports on the switch.
user@SW2>configure
[edit]
user@SW2#edit poe
[edit poe]
user@SW2#set guard-band 12
[edit poe]
user@SW2#set interface ge-0/0/0 maximum-power 18.6
[edit poe]
user@SW2#exit
[edit]
user@SW2#commit
[edit]
user@SW2#exit
user@SW2>show poe interface
Note:
Guard-band: Reserve a specified amount of power out of the PoE power budget in case of a
spike in PoE consumption.
Maximum-Power: Set the maximum amount of power that the switch can supply to the PoE
port.
Back
29.2 : Lab Exercise 2 : Configuring power management mode on PoE

enabled interface
Description: This exercise demonstrates the way that the switch's PoE controller allocates
power to the PoE interfaces.

Instructions
2. The command syntax is: Set management (class | static)
user@SW2>configure
[edit]
user@SW2#edit poe
[edit poe]
user@SW2#set management static
[edit poe]
user@SW2#exit
[edit]
user@SW2#commit
[edit]
user@SW2#show
Note: Default: class
Mode: class—The amount of power allocated to the interface is determined by the class of the
connected powered device. If no powered device is connected, no power is allocated to the
interface.
Mode: static—The amount of power allocated to the interface is determined by the value of the
maximum-power (Interface) statement, not the class of the connected powered device. This
amount is allocated even when a powered device is not connected to the interface, ensuring that
power is available when needed.
Back
29.3 : Lab Exercise 3 : Disabling a PoE interface
Description: This exercise demonstrates disabling a PoE interface, disable the collection of
power consumption data for a PoE interface.
Instructions
2. The command syntax is: set interface (all | interface-name) disable
3. Verify using show poe interface command
user@SW2>configure
[edit]
user@SW2#edit poe
[edit poe]
user@SW2#set interface ge-0/0/0 disable

[edit poe]
user@SW2#exit
[edit]
user@SW2#commit
[edit]
user@SW2#exit
Back
29.4 : Lab Exercise 4 : Setting power priority on all PoE enabled

interfaces
Description: This exercise demonstrates the command required to set the power priority value on
all PoE enabled interfaces or an individual interface.
Instructions:
1. Enter into [edit poe] hierarchy level on SW2 that has PoE enabled ports.
2. The command syntax is “set interface (all | interface-name) priority (low|high)”
3. Commit the configurations and verify using show command
user@SW2>configure
[edit]
user@SW2#edit poe
[edit poe]
user@SW2#set interface all priority high
[edit poe]
user@SW2#set interface ge-0/0/0 priority low
[edit poe]
user@SW2#exit
[edit]
user@SW2#commit
[edit]
user@SW2#show
user@SW2#exit
Note: Set the power priority for individual interfaces when there is insufficient power for all PoE
interfaces. If the switch needs to shut down powered devices because PoE demand exceeds the
PoE budget, low priority devices are shut down before high priority devices.
Among interfaces that have the same assigned priority, priority is determined by port number,
with lower-numbered ports having higher priority.
Default: low
Back

30. FINAL EXAM
30.1 : Objective Test Final Exam : Answer the following questions
1. What is the standard boot sequence for JUNOS?
A. PCMCIA flash, compact flash, hard-drive, network

B. Compact flash, PCMCIA flash, network, hard-drive
C. Hard-Drive, compact flash, network, PCMCIA flash
D. PCMCIA flash, compact flash, network, hard-drive
2. What is the name of the 100MB link between the PFE and the RE?
A. So0/0
B. Eth0
C. Fxp0
D. Fxp1
3. On a Juniper Router, where is the JUNOS software located?
A. EPROM
B. Zip drive
C. hard drive
D. compact flash
4. If the PFE does not have a route to the destination address of a packet, which action will be
taken?
A. The PFE floods the packet out of all interfaces.

B. The PFE drops the packet and sends a destination unreachable notification back to
source device.
C. The PFE forwards the packet to the routing engine for further processing.
D. The PFE queues the packet and sends a request for a layer 3 lookup to the routing
engine.
5. Which user authentication methods are available in JUNOS?
A. MD5 and SHA

B. RADIUS and TACACS only
C. Local User Database
D. Local user Database, RADIUS, and TACACS+
6. Which two statements regarding JUNOS architecture are correct? (Choosetwo.)
A. The Routing Engine handles all exception traffic.

B. The Routing Engine synchronizes the route table with the PFE.
C. The Routing Engine is hot-pluggable.
D. The Routing Engine controls the PFE.

7. What are two valid initial configuration methods supported on Juniper routers? (Choose two)
A. CLI
B. J-Web
C. JUNOScope
D. PCMCIA flash card
8. To troubleshoot interface problems, you can use both the disable command and the deactivate
command. Which two statements are correct?
A. If the interface is disabled, the logical unit will administratively shutdown.

B. If the interface is deactivated, the physical interface will administratively
shutdown.
C. If the interface is deactivated, the interface configuration is ignored during
commit.
D. If the interface is disabled, the logical unit configuration is ignored during commit.
9. Which statement is correct about logical units on Juniper Router interfaces?
A. Logical units are used only when a Layer 2 identifier is present such as a VLAN.
B. A logical unit of 0 is required when using a frame-relay DLCI.
C. A logical unit is always required.
D. Logical units are not required unless ATM or 802.1Q VLAN tagging is
configured.
10. How many IP addresses can be configured in a given interface?
A. one primary and one secondary IP address

B. one IP address
C. as many IP addresses as you want
D. one primary and multiple secondary IP addresses
11. Which logical unit number must be configured on an interface using PPP encapsulation?
A. unit 0
B. unit 1
C. unit 100
D. unit 255
12. How can you reset your router or switch to factory defaults?
A. reset configuration
B. load factory-default
C. load override default
D. set default configuration
13. Which three steps are considered part of the initial configuration? (Choose three.)
A. SNMP

B. hostname
C. root password
D. user password
E. management access interface
14. Which two media types support asynchronous transfer mode? (Choose two.)
A. T3
B. SONET
C. Gigabit-Ethernet
D. EIA/TIA-232 serial
15. RouterID is set under which of the configuration level?
A. [edit protocols]
B. [edit router-options]
C. [edit system]
D. [edit routing-options]
16. Which method loads the configuration which was active before your last commit?
A. load replace last-active

B. load rollback 1
C. rollback 1
D. rollback last-active
17. Which command will configure an IP address upon fe-0/0/0.0 from the [edit interfaces fe-
0/0/0 unit 0] prompt?
A. set address 10.45.123.32/30

B. set family inet address 10.45.123.32/30
C. set address family inet 10.45.123.32/30
D. set inet family address 10.45.123.32/30
18. You have just issued the command commit confirmed and your network continues to be
operational with no further changes required. You issue a commit and-quit. A short time later,
users start complaining about network problems. Which commands (in order) need to be entered
to resolve this issue?
A. >commit confirmed
B. >configure
#rollback 1
#commit
C. >configure
#commit confirmed and-quit
D. >configure
#confirm and-quit
19. Which command will display the temperature of the Routing Engine's CPU?

A. show chassis environment
B. show chassis routing-engine
C. show chassis temperatures
D. show chassis status
20. Which three statements are true of dynamic routing protocols? (Choose three.)
A. They are scalable.

B. They are Dijkstra based.
C. They share network layer reachability information among neighbors.
D. They automate next hop decisions..
E. They are tolerant of configuration errors.
21. Which two statements are correct about routing tables in JUNOS? (Choose two.)
A. There are separate tables for IPv4 and IPv6 called inet.0 and inet6.0 respectively.
B. They only contain the best possible route to each destination.
C. All running protocols can populate the routing tables at the same time.
D. Routes with the highest preference value are placed as active routes in the routing
table.
22. What are three advantages of dynamic routing protocols over static routing protocols?
(Choose three.)
A. lower administrative overhead

B. increased network availability
C. greater network scalability
D. easier to implement qualified next hops
E. easier ECMP route implement
23. Which two commands are needed to create and apply an export policy that advertises static
routes to OSPF neighbors? (Choose two.)
A. edit policy-options policy-statement policy-name

set term 1 from protocol static
set term 1 then accept
B. edit ospf policy
set from protocol static
set 1 then accept
C. set protocols OSPF export policy-name
D. set protocols OSPF policy policy-name
24. Your routing table contains four static routes which you need to redistribute to your OSPF
peers. Which method would accomplish this?
A. Apply an import policy to OSPF; this will import the static routes into OSPF.
B. Apply an export policy to protocol "static"; this will export the routes to other
protocols.
C. Apply an import policy to the forwarding table; this will import the routes,
allowing them to be forwarded to OSPF neighbors.

D. Apply an export policy to OSPF; this will export the static routes to your OSPF
neighbors.
25. You have used ping command to see whether the remote router is working. You have got a
response "U". What does it mean?
A. Successful receipt of echo reply

B. Packet experienced Congestion
C. Destination Unreachable
D. Packet time to live exceeded
31. Appendix
1. C, D
2. C
3. A
4. D
5. D
6. C
7. D
8. B
9. B
10. C
1. B
2. D
3. B
4. A
5. D

1. D
2. B
3. A
4. C, D
5. B
1. A
2. D
3. A, D
4. B, D
5. C
1. C
2. C
3. C
4. C
5. A
1. c
2. a
3. c
4. b
5. c

6. b
7. c
8. a
9. b
10. c
1. B
2. C
3. D
1. B
2. B
3. C
4. C
5. A
6. B
31.9. Answer keys for final exam
1. A
2. D
3. D
4. B
5. D
6. C, D
7. A, B

8. B, C
9. C
10. C
11. A
12. B
13. B, C, E
14. A, B
15. D
16. C
17. B
18. B
19. B
20. A, C, D
21. A, C
22. A, B, C
23. A, C
24. D
25. C
Disclaimer:
CertExams.com is not associated with Juniper Systems Inc or any other company.
Junos™ is a trade mark of Juniper Systems® Inc. and duly recognized.

Juniper Lab Guide

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Juniper Lab Guide

Încărcat de

Drepturi de autor:

Formate disponibile

LAB MANUAL FOR JNCIA

1. About Juniper Routers

2. Classification of Juniper Routers

2.1. Difference between J, M, T, E and MX series of juniper routers

3. Juniper Router Architecture

3.1. Routing Engine

3.2.1. Switching Control Board

3.3. Routing Engine Hardware Components

4. J-Series Router Overview

4.1. J2320 Router Front Panel and its components

4.5.1. Gigabit Ethernet uPIMs

4.6. Brief Overview of J2320, J2350, J4350, J6350 Routers

5. M-Series Router Overview

5.1. M7i Front Panel and its Components

6. JUNOS Command Line Interface

Version 1.0 Copyright © 2002 – 2017 CertExams.com 1

7.1. Permanent Interfaces

8.1. On J-Series Routers

9. Routing Fundamental Labs

9.1. Lab Exercise 1 : Entering configuration mode on a router and exit

10. Static Routing Labs

10.1. Lab Exercise 1 : Configuring static routes

11. Policies Configuration Labs

11.1. Lab Exercise 1 : Routing policy lab 1

Version 1.0 Copyright © 2002 – 2017 CertExams.com 2

12. RIP Configuration Labs

12.1. Lab Exercise 1 : RIP configuration

13. Dynamic Routing Labs

13.1. Lab Exercise 1 : Ping test by configuring RIP

14. Show Commands Labs

14.1. Lab Exercise 1 : Show commands lab

15. OSPF Labs

15.1. Lab Exercise 1 : OSPF configuration

16. BGP Labs

16.1 Lab Exercise : BGP configuration

17. MPLS Labs

17.1 Lab Exercise 1 : Enabling MPLS family on the interface

18. IPV6 Labs

18.1 Lab Exercise 1 : Configuring IPv6 address on an interface in EUI-format

19. Firewall Filter (ACL) Labs

19.1 Lab Exercise 1 : Creating a Firewall filter

Version 1.0 Copyright © 2002 – 2017 CertExams.com 3

20. Network Address Translation Labs

21. Exercises on DHCP

21.1 Lab Exercise 1 : Configuring juniper router as a DHCP Server

22 Juniper Switch Models

23. EX Series Switches Overview

23.1. EX2200 Switch

23.1.1. EX2200 Front Panel

23.2. EX2500 Switch

24. QFX Series Switch - QFX3500 Switch Overview

25. QFX Series Switch - QFX3500 Switch Overview

26. Basic Switch Labs

26.1. Lab Exercise 1 : Entering configuration mode on a switch and exit

Version 1.0 Copyright © 2002 – 2017 CertExams.com 4

27. Lab Exercises on VLAN

27.1. Lab Exercise 1 : Define VLANs

28. Lab Exercises on Spanning tree protocol and VSTP

28.1. Lab Exercise 1 : Configuring STP Timers

29. Lab Exercises on PoE

30. Final Exam

30.1. Objective Test Final Exam

31.1. Answer keys for objective test 1