Difference between revisions of "Basic configuration of juniper device"

From Notes_Wiki
m
m
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
<yambe:breadcrumb>Switch_configuration_notes|Switch configuration</yambe:breadcrumb>
[[Main Page|Home]] > [[Switch configuration notes]] > [[Basic configuration of juniper device]]
=Basic configuration of juniper device=


Juniper has very useful beginner tutorials at https://www.juniper.net/dayone in form of "Day One" series.  Readers are encouraged to refer to them (esp "Exploring Junos CLI" and "Configuring Junos Basics") so that they are comfortable with material presented in this page.
Juniper has very useful beginner tutorials at https://www.juniper.net/dayone in form of "Day One" series.  Readers are encouraged to refer to them (esp "Exploring Junos CLI" and "Configuring Junos Basics") so that they are comfortable with material presented in this page.  In general note that:
;configure: It is used to go from operational mode (show) to configure mode (set, delete, edit, etc.).  Only in configure mode we can make changes to device configuration
;set: In configuration mode we can use set to create or replace a value appropriately
;delete: This is used to delete a particular configuration  (Similar to no <command> in other switch OEMs)
;edit: If we want to focus on particular area such as system or interfaces we can use command such as "edit system" or "edit interfaces" to only focus on that particular part of configuration
;up or top: To come one level up or to come to top while in edit mode
;show: To see current configuration in edit mode
;compare: To compare (diff) changes done since last commit
;commit : To commit changes done to device.  Only after commit the new changes take effect.




Line 10: Line 17:
<pre>
<pre>
system {
system {
     host-name VLEAD-EX2200;
     host-name JUN1-DEP1;
     domain-name virtual-labs.ac.in;
     domain-name virtual.sbarjatiya.com;
     domain-search [ virtual-labs.ac.in iiit.ac.in ];
     domain-search [ virtual.sbarjatiya.com example.com ];
     location {
     location {
         country-code 0091;
         country-code 0091;
         building Nilgiri;
         building Building-X;
         floor 2;
         floor 2;
     }
     }
Line 25: Line 32:
     }
     }
     login {
     login {
         announcement "Welcome to VLEAD Juniper switch";
         announcement "Welcome to Department1 Juniper switch";
         message "Unauthorized access is prohibited";
         message "Unauthorized access is prohibited";
         user saurabh {
         user saurabh {
Line 58: Line 65:
     }
     }
     ntp {
     ntp {
         boot-server time.iiit.ac.in;
         boot-server time.google.com;
         server 10.4.8.3;
         server 10.4.8.3;
     }                             
     }                             
Line 76: Line 83:
**All messages from any facility of level notice or above will be logged to file named messages.  Since syslog files are stored in /var/log, file /var/log/messages would receive all these messages.
**All messages from any facility of level notice or above will be logged to file named messages.  Since syslog files are stored in /var/log, file /var/log/messages would receive all these messages.
**All commands typed interactively (console, SSH) will get stored in file interactive-commands.
**All commands typed interactively (console, SSH) will get stored in file interactive-commands.
*Switch will use ntp-server time.iiit.ac.in at boot to synchronize time and will use ntp server at 10.4.8.3 to regularly synchronize time while running
*Switch will use ntp-server time.google.com at boot to synchronize time and will use ntp server at 10.4.8.3 to regularly synchronize time while running




Line 127: Line 134:
}   
}   
</pre>
</pre>
==Configure access ports==
To configure access port use:
<pre>
interfaces {
    ge-0/0/0 {
        unit 0 {
            family ethernet-switching {
                port-mode access;
                vlan {
                    members VLAN_NODE;
                }
            }
        }
    }
    ...
}
...
vlans {
    VLAN_NODE {
        vlan-id 5;
    }
    ...
}
</pre>
==Configure storm control==
To configure storm-control on all ports use:
<pre>
ethernet-switching-options {
    storm-control {
        interface all;
    }
}
</pre>
==Configure trunk port==
To configure trunk port with native-vlan (PVID) 2 and associate a L3-VLAN (vlan.1) with it use:
<pre>
interfaces {
    ...
    ge-0/0/23 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members all;
                }
                native-vlan-id 2;
            }
        }
    }
    ...
    vlan {
        unit 1 {
            family inet {
                address 10.4.4.103/23;
            }
        }
    }
}
vlans {
    VLAN_NODE {
        vlan-id 5;
    }
    vlan2 {
        vlan-id 2;
        l3-interface vlan.1;
    }
    vlan800 {
        vlan-id 800;
    }
}
</pre>
==Set interface speed==
To set interface speed use:
<pre>
set interface <interface-no> ether-options speed <speed>
</pre>
Refer:
* https://www.juniper.net/documentation/us/en/software/junos/interfaces-fundamentals/topics/topic-map/physical-interface-properties.html#id-configuring-the-interface-speed
==Enable sftp-server==
To enable sftp server for sftp / winscp based file transfer use:
<pre>
set system services ssh sftp-server
</pre>
Refer:
* https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/sftp-server-configuration.html




Line 155: Line 265:
| Use telnet, ssh, ping or traceroute clients
| Use telnet, ssh, ping or traceroute clients
|-
|-
| start shell
| start shell sh
| Start a shell inside cli
| Start a shell inside cli.  We can also use "start shell csh".  See https://www.juniper.net/documentation/us/en/software/junos/junos-overview/topics/ref/command/start-shell.html
|-
|-
| monitor start messages
| monitor start messages
Line 167: Line 277:
| To stop monitoring messages file on console
| To stop monitoring messages file on console
|-
|-
| show host
| Resolve hostname to IP address using configured DNS
|-
| set date
| Set system date and time manually or using ntp
|-
| show ntp {associations, status}
| To see ntp association or status information
|-
| show chasis hardware
| See information about various slots, PICs and ports available on current switch
|-
| show chassis pic fpc-slot 0 pic-slot 0
| To see detailed information about first virtual switch (fpc 0) and its slot (0) in terms of transceivers, wavelength (850nm, 1310nm), Type of transfer (SM, MM, etc.) details
|-
| show log messages
| To see messages log channel
|-
| show log messages | last 30
| To see last 30 messages sent to messages channel
|-
| show system connections
| Show current network connection status, similar to netstat
|-
| show virtual chassis
| If the Juniper switches are connected in virtual chassis mode then we can see how many switches are there with details
|-
| show configuration
| To see switch configuration
|-
| show interface terse
| To see interfaces in terse (brief) format with only limited information (IPs, only interfaces which are up, etc.)
|-
| show system license
| To see license information for current system
|-
| show version
| To see current JunoOS and switch model
|-
| request system reboot
| To reboot juniper switch - Refer https://kb.juniper.net/InfoCenter/index?page=content&id=KB11356
|-
|}
|}


Line 185: Line 337:
| show | compare
| show | compare
| Compare candidate configuration with running configuration (ie rollback 0 configuration)
| Compare candidate configuration with running configuration (ie rollback 0 configuration)
|-
| show | display set
| Display current configuration in terms of set commands
|-
| show | display detail
| Display more detailed information about configuration
|-
| show | display xml
| Show configuration in XML format
|-
|-
| commit
| commit
Line 211: Line 372:
|-
|-
|}
|}
==Miscellaneous issues==
===Using out-of-band management interface on EX series switches===
EX series switches come with out of band management interface which can be used using:
<pre>
set interfaces me0 unit 0 family inet address 172.26.27.44/24
</pre>
Note for various other devices management interface is called fxp0
===Configure host for syslog===
To send syslog messages to a host instead of regular file or user console use:
<pre>
set system syslog host loghost any notice
</pre>
In such cases special prefix can be attached to log messages to indicate that they originated from current device using:
<pre>
set system syslog host loghost log-prefix JUNOS
</pre>
Further messages can be configured to have facility and level information using:
<pre>
set explicit-priority
</pre>
configuration option when within [edit system syslog host] or [edit system syslog file]
Finally to send messages with custom facility name to help with separation of logs from multiple devices on log server use:
<pre>
set facility-override local7
</pre>
===Configure vSRX virtual juniper switch for remote access===
To configure vSRX switch for remote access use:
<pre>
set system root-authentication plain-text-password
set system login user admin class super-user authentication plain-text-password
set interfaces fxp0 unit 0 family inet address 172.31.1.153/24
set routing-options static route 0.0.0.0/0 next-hop 172.31.1.1
</pre>
where: 172.31.1.153/24 should be replaced with desired IP address/mask and 172.31.1.1 should be replaced with desired default gateway.
[[Main Page|Home]] > [[Switch configuration notes]] > [[Basic configuration of juniper device]]

Latest revision as of 02:45, 28 March 2022

Home > Switch configuration notes > Basic configuration of juniper device

Juniper has very useful beginner tutorials at https://www.juniper.net/dayone in form of "Day One" series. Readers are encouraged to refer to them (esp "Exploring Junos CLI" and "Configuring Junos Basics") so that they are comfortable with material presented in this page. In general note that:

configure
It is used to go from operational mode (show) to configure mode (set, delete, edit, etc.). Only in configure mode we can make changes to device configuration
set
In configuration mode we can use set to create or replace a value appropriately
delete
This is used to delete a particular configuration (Similar to no <command> in other switch OEMs)
edit
If we want to focus on particular area such as system or interfaces we can use command such as "edit system" or "edit interfaces" to only focus on that particular part of configuration
up or top
To come one level up or to come to top while in edit mode
show
To see current configuration in edit mode
compare
To compare (diff) changes done since last commit
commit
To commit changes done to device. Only after commit the new changes take effect.


Basic system configuration

A sample system configuration is:

system {
    host-name JUN1-DEP1;
    domain-name virtual.sbarjatiya.com;
    domain-search [ virtual.sbarjatiya.com example.com ];
    location {
        country-code 0091;
        building Building-X;
        floor 2;
    }
    root-authentication {
        encrypted-password "<encrypted password>"; ## SECRET-DATA
    }
    name-server {
        10.4.3.222;
    }
    login {
        announcement "Welcome to Department1 Juniper switch";
        message "Unauthorized access is prohibited";
        user saurabh {
            full-name "Saurabh Barjatiya";
            uid 501;
            class super-user;
            authentication {
                encrypted-password "<encrypted password>"; ## SECRET-DATA
            }
        }                               
    }
    services {
        ssh {
            root-login allow;
        }
        telnet;
        web-management {
            http;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    ntp {
        boot-server time.google.com;
        server 10.4.8.3;
    }                             
}

This configuration has following information:

  • System host-name, domain-name and search domains
  • Switch location
  • Root password
  • DNS server(s)
  • Login announcement and message
  • System users with their privilege level and UID
  • SSH, telnet and http services are enabled. Root login is enabled over SSH
  • Following syslog configuration is achieved
    • Message from any facility of level emergency or above will be sent to all logged in users on their terminals
    • All messages from any facility of level notice or above will be logged to file named messages. Since syslog files are stored in /var/log, file /var/log/messages would receive all these messages.
    • All commands typed interactively (console, SSH) will get stored in file interactive-commands.
  • Switch will use ntp-server time.google.com at boot to synchronize time and will use ntp server at 10.4.8.3 to regularly synchronize time while running


Creating VLANs

To create an L2 VLAN use:

vlans {
    Management {
        vlan-id 2;
        interface {
            ge-0/0/0.0;
            ge-0/0/1.0;
            ge-0/0/2.0;
            ge-0/0/3.0;                 
        }
    }
}

This would create a L2-VLAN named Management with four member ports.

To give switch an L3 IP address for the VLAN use:

interfaces {
    vlan {
        unit 0 {
            family inet {
                address 10.4.15.5/22;
            }
        }
    }
}
[edit vlans Management]
l3-interface vlan.0;

to create a L3-VLAN named vlan.0 with switch's IP address 10.4.15.5 and to associate this L3-VLAN with Management vlan.


Configure static routes

A sample configuration which uses static routes is:

routing-options {
    static {
        route 0.0.0.0/0 next-hop 10.4.12.1;
        route 192.168.36.0/25 next-hop 10.4.12.1;
    }
}  


Configure access ports

To configure access port use:

interfaces {
    ge-0/0/0 {
        unit 0 {
            family ethernet-switching {
                port-mode access;
                vlan {
                    members VLAN_NODE;
                }
            }
        }
    }
    ...
}
...
vlans {
    VLAN_NODE {
        vlan-id 5;
    }
    ...
}


Configure storm control

To configure storm-control on all ports use:

ethernet-switching-options {
    storm-control {
        interface all;
    }
}


Configure trunk port

To configure trunk port with native-vlan (PVID) 2 and associate a L3-VLAN (vlan.1) with it use:

interfaces {
    ...
    ge-0/0/23 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members all;
                }
                native-vlan-id 2;
            }
        }
    }
    ...
    vlan {
        unit 1 {
            family inet {
                address 10.4.4.103/23;
            }
        }
    }
}
vlans {
    VLAN_NODE {
        vlan-id 5;
    }
    vlan2 {
        vlan-id 2;
        l3-interface vlan.1;
    }
    vlan800 {
        vlan-id 800;
    }
}


Set interface speed

To set interface speed use:

set interface <interface-no> ether-options speed <speed>

Refer:


Enable sftp-server

To enable sftp server for sftp / winscp based file transfer use:

set system services ssh sftp-server

Refer:


Useful commands

A table containing list of useful operational mode juniper commands is:

"Useful operational mode commands"
Command Description
show system uptime To see current time and system uptime
configure Enter configuration mode
configure private Enter configuration mode where changes done by other users are not visible and similarly changes done are not visible to other users
configure exclusive Enter configuration mode so that only current user can configure the device to avoid race conditions among various administrators
file list, file show, file copy Work with various files from cli. A simpler way could be to ssh to device and use shell
telnet, ssh, ping, traceroute Use telnet, ssh, ping or traceroute clients
start shell sh Start a shell inside cli. We can also use "start shell csh". See https://www.juniper.net/documentation/us/en/software/junos/junos-overview/topics/ref/command/start-shell.html
monitor start messages To display messages sent to messages file on console.
monitor list Obtain ist of channels being monitored
monitor stop messages To stop monitoring messages file on console
show host Resolve hostname to IP address using configured DNS
set date Set system date and time manually or using ntp
show ntp {associations, status} To see ntp association or status information
show chasis hardware See information about various slots, PICs and ports available on current switch
show chassis pic fpc-slot 0 pic-slot 0 To see detailed information about first virtual switch (fpc 0) and its slot (0) in terms of transceivers, wavelength (850nm, 1310nm), Type of transfer (SM, MM, etc.) details
show log messages To see messages log channel
last 30 To see last 30 messages sent to messages channel
show system connections Show current network connection status, similar to netstat
show virtual chassis If the Juniper switches are connected in virtual chassis mode then we can see how many switches are there with details
show configuration To see switch configuration
show interface terse To see interfaces in terse (brief) format with only limited information (IPs, only interfaces which are up, etc.)
show system license To see license information for current system
show version To see current JunoOS and switch model
request system reboot To reboot juniper switch - Refer https://kb.juniper.net/InfoCenter/index?page=content&id=KB11356


A table containing list of useful configuration mode juniper commands is:

"Useful configuration mode commands"
Command Description
annotate Leave comments about a configuration statement
show See current candidate configuration
compare Compare candidate configuration with running configuration (ie rollback 0 configuration)
display set Display current configuration in terms of set commands
display detail Display more detailed information about configuration
display xml Show configuration in XML format
commit Commit candidate configuration as running configuration
commit at Commit candidate configuration as running configuration at given time
commit confirmed Commit configuration and wait for confirmation within next specified number of minutes. If the new configuration is not confirmed thorough another 'commit' command the automatically rollback to previous configuration when time is over
commit check Check configuration through various commit scripts and tests to verify whether it passes various commit checks
edit, set, delete, rename, copy, activate, deactivate Change various configuration values
rollback Restore previous configuration using number. Up to last 49 configuration can be restored using rollback
run Run operational mode command from configuration mode
top, up, exit Move around while editing configuration


Miscellaneous issues

Using out-of-band management interface on EX series switches

EX series switches come with out of band management interface which can be used using:

set interfaces me0 unit 0 family inet address 172.26.27.44/24

Note for various other devices management interface is called fxp0


Configure host for syslog

To send syslog messages to a host instead of regular file or user console use:

set system syslog host loghost any notice

In such cases special prefix can be attached to log messages to indicate that they originated from current device using:

set system syslog host loghost log-prefix JUNOS

Further messages can be configured to have facility and level information using:

set explicit-priority

configuration option when within [edit system syslog host] or [edit system syslog file]

Finally to send messages with custom facility name to help with separation of logs from multiple devices on log server use:

set facility-override local7


Configure vSRX virtual juniper switch for remote access

To configure vSRX switch for remote access use:

set system root-authentication plain-text-password 
set system login user admin class super-user authentication plain-text-password
set interfaces fxp0 unit 0 family inet address 172.31.1.153/24
set routing-options static route 0.0.0.0/0 next-hop 172.31.1.1

where: 172.31.1.153/24 should be replaced with desired IP address/mask and 172.31.1.1 should be replaced with desired default gateway.



Home > Switch configuration notes > Basic configuration of juniper device