Difference between revisions of "Basic configuration of juniper device"
m |
m |
||
Line 151: | Line 151: | ||
| file list, file show, file copy | | file list, file show, file copy | ||
| Work with various files from cli. A simpler way could be to ssh to device and use shell | | Work with various files from cli. A simpler way could be to ssh to device and use shell | ||
|- | |||
| telnet, ssh, ping, traceroute | |||
| Use telnet, ssh, ping or traceroute clients | |||
|- | |||
| start shell | |||
| Start a shell inside cli | |||
|- | |||
| monitor start messages | |||
| To display messages sent to messages file on console. | |||
|- | |||
| monitor list | |||
| Obtain ist of channels being monitored | |||
|- | |||
| monitor stop messages | |||
| To stop monitoring messages file on console | |||
|- | |- | ||
|} | |} | ||
Line 195: | Line 210: | ||
| Move around while editing configuration | | Move around while editing configuration | ||
|- | |- | ||
|} | |} |
Revision as of 10:04, 8 March 2013
<yambe:breadcrumb>Switch_configuration_notes|Switch configuration</yambe:breadcrumb>
Basic configuration of juniper device
Juniper has very useful beginner tutorials at https://www.juniper.net/dayone in form of "Day One" series. Readers are encouraged to refer to them (esp "Exploring Junos CLI" and "Configuring Junos Basics") so that they are comfortable with material presented in this page.
Basic system configuration
A sample system configuration is:
system { host-name VLEAD-EX2200; domain-name virtual-labs.ac.in; domain-search [ virtual-labs.ac.in iiit.ac.in ]; location { country-code 0091; building Nilgiri; floor 2; } root-authentication { encrypted-password "<encrypted password>"; ## SECRET-DATA } name-server { 10.4.3.222; } login { announcement "Welcome to VLEAD Juniper switch"; message "Unauthorized access is prohibited"; user saurabh { full-name "Saurabh Barjatiya"; uid 501; class super-user; authentication { encrypted-password "<encrypted password>"; ## SECRET-DATA } } } services { ssh { root-login allow; } telnet; web-management { http; } } syslog { user * { any emergency; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } ntp { boot-server time.iiit.ac.in; server 10.4.8.3; } }
This configuration has following information:
- System host-name, domain-name and search domains
- Switch location
- Root password
- DNS server(s)
- Login announcement and message
- System users with their privilege level and UID
- SSH, telnet and http services are enabled. Root login is enabled over SSH
- Following syslog configuration is achieved
- Message from any facility of level emergency or above will be sent to all logged in users on their terminals
- All messages from any facility of level notice or above will be logged to file named messages. Since syslog files are stored in /var/log, file /var/log/messages would receive all these messages.
- All commands typed interactively (console, SSH) will get stored in file interactive-commands.
- Switch will use ntp-server time.iiit.ac.in at boot to synchronize time and will use ntp server at 10.4.8.3 to regularly synchronize time while running
Creating VLANs
To create an L2 VLAN use:
vlans { Management { vlan-id 2; interface { ge-0/0/0.0; ge-0/0/1.0; ge-0/0/2.0; ge-0/0/3.0; } } }
This would create a L2-VLAN named Management with four member ports.
To give switch an L3 IP address for the VLAN use:
interfaces { vlan { unit 0 { family inet { address 10.4.15.5/22; } } } } [edit vlans Management] l3-interface vlan.0;
to create a L3-VLAN named vlan.0 with switch's IP address 10.4.15.5 and to associate this L3-VLAN with Management vlan.
Configure static routes
A sample configuration which uses static routes is:
routing-options { static { route 0.0.0.0/0 next-hop 10.4.12.1; route 192.168.36.0/25 next-hop 10.4.12.1; } }
Useful commands
A table containing list of useful operational mode juniper commands is:
Command | Description |
show system uptime | To see current time and system uptime |
configure | Enter configuration mode |
configure private | Enter configuration mode where changes done by other users are not visible and similarly changes done are not visible to other users |
configure exclusive | Enter configuration mode so that only current user can configure the device to avoid race conditions among various administrators |
file list, file show, file copy | Work with various files from cli. A simpler way could be to ssh to device and use shell |
telnet, ssh, ping, traceroute | Use telnet, ssh, ping or traceroute clients |
start shell | Start a shell inside cli |
monitor start messages | To display messages sent to messages file on console. |
monitor list | Obtain ist of channels being monitored |
monitor stop messages | To stop monitoring messages file on console |
A table containing list of useful configuration mode juniper commands is:
Command | Description |
annotate | Leave comments about a configuration statement |
show | See current candidate configuration |
compare | Compare candidate configuration with running configuration (ie rollback 0 configuration) |
commit | Commit candidate configuration as running configuration |
commit at | Commit candidate configuration as running configuration at given time |
commit confirmed | Commit configuration and wait for confirmation within next specified number of minutes. If the new configuration is not confirmed thorough another 'commit' command the automatically rollback to previous configuration when time is over |
commit check | Check configuration through various commit scripts and tests to verify whether it passes various commit checks |
edit, set, delete, rename, copy, activate, deactivate | Change various configuration values |
rollback | Restore previous configuration using number. Up to last 49 configuration can be restored using rollback |
run | Run operational mode command from configuration mode |
top, up, exit | Move around while editing configuration |