Difference between revisions of "Basic configuration of juniper device"

From Notes_Wiki
m
m
Line 151: Line 151:
| file list, file show, file copy
| file list, file show, file copy
| Work with various files from cli.  A simpler way could be to ssh to device and use shell
| Work with various files from cli.  A simpler way could be to ssh to device and use shell
|-
| telnet, ssh, ping, traceroute
| Use telnet, ssh, ping or traceroute clients
|-
| start shell
| Start a shell inside cli
|-
| monitor start messages
| To display messages sent to messages file on console. 
|-
| monitor list
| Obtain ist of channels being monitored
|-
| monitor stop messages
| To stop monitoring messages file on console
|-
|-
|}
|}
Line 195: Line 210:
| Move around while editing configuration
| Move around while editing configuration
|-
|-
|}
|}
|}

Revision as of 10:04, 8 March 2013

<yambe:breadcrumb>Switch_configuration_notes|Switch configuration</yambe:breadcrumb>

Basic configuration of juniper device

Juniper has very useful beginner tutorials at https://www.juniper.net/dayone in form of "Day One" series. Readers are encouraged to refer to them (esp "Exploring Junos CLI" and "Configuring Junos Basics") so that they are comfortable with material presented in this page.


Basic system configuration

A sample system configuration is:

system {
    host-name VLEAD-EX2200;
    domain-name virtual-labs.ac.in;
    domain-search [ virtual-labs.ac.in iiit.ac.in ];
    location {
        country-code 0091;
        building Nilgiri;
        floor 2;
    }
    root-authentication {
        encrypted-password "<encrypted password>"; ## SECRET-DATA
    }
    name-server {
        10.4.3.222;
    }
    login {
        announcement "Welcome to VLEAD Juniper switch";
        message "Unauthorized access is prohibited";
        user saurabh {
            full-name "Saurabh Barjatiya";
            uid 501;
            class super-user;
            authentication {
                encrypted-password "<encrypted password>"; ## SECRET-DATA
            }
        }                               
    }
    services {
        ssh {
            root-login allow;
        }
        telnet;
        web-management {
            http;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    ntp {
        boot-server time.iiit.ac.in;
        server 10.4.8.3;
    }                             
}

This configuration has following information:

  • System host-name, domain-name and search domains
  • Switch location
  • Root password
  • DNS server(s)
  • Login announcement and message
  • System users with their privilege level and UID
  • SSH, telnet and http services are enabled. Root login is enabled over SSH
  • Following syslog configuration is achieved
    • Message from any facility of level emergency or above will be sent to all logged in users on their terminals
    • All messages from any facility of level notice or above will be logged to file named messages. Since syslog files are stored in /var/log, file /var/log/messages would receive all these messages.
    • All commands typed interactively (console, SSH) will get stored in file interactive-commands.
  • Switch will use ntp-server time.iiit.ac.in at boot to synchronize time and will use ntp server at 10.4.8.3 to regularly synchronize time while running


Creating VLANs

To create an L2 VLAN use:

vlans {
    Management {
        vlan-id 2;
        interface {
            ge-0/0/0.0;
            ge-0/0/1.0;
            ge-0/0/2.0;
            ge-0/0/3.0;                 
        }
    }
}

This would create a L2-VLAN named Management with four member ports.

To give switch an L3 IP address for the VLAN use:

interfaces {
    vlan {
        unit 0 {
            family inet {
                address 10.4.15.5/22;
            }
        }
    }
}
[edit vlans Management]
l3-interface vlan.0;

to create a L3-VLAN named vlan.0 with switch's IP address 10.4.15.5 and to associate this L3-VLAN with Management vlan.


Configure static routes

A sample configuration which uses static routes is:

routing-options {
    static {
        route 0.0.0.0/0 next-hop 10.4.12.1;
        route 192.168.36.0/25 next-hop 10.4.12.1;
    }
}  


Useful commands

A table containing list of useful operational mode juniper commands is:

"Useful operational mode commands"
Command Description
show system uptime To see current time and system uptime
configure Enter configuration mode
configure private Enter configuration mode where changes done by other users are not visible and similarly changes done are not visible to other users
configure exclusive Enter configuration mode so that only current user can configure the device to avoid race conditions among various administrators
file list, file show, file copy Work with various files from cli. A simpler way could be to ssh to device and use shell
telnet, ssh, ping, traceroute Use telnet, ssh, ping or traceroute clients
start shell Start a shell inside cli
monitor start messages To display messages sent to messages file on console.
monitor list Obtain ist of channels being monitored
monitor stop messages To stop monitoring messages file on console


A table containing list of useful configuration mode juniper commands is:

"Useful configuration mode commands"
Command Description
annotate Leave comments about a configuration statement
show See current candidate configuration
compare Compare candidate configuration with running configuration (ie rollback 0 configuration)
commit Commit candidate configuration as running configuration
commit at Commit candidate configuration as running configuration at given time
commit confirmed Commit configuration and wait for confirmation within next specified number of minutes. If the new configuration is not confirmed thorough another 'commit' command the automatically rollback to previous configuration when time is over
commit check Check configuration through various commit scripts and tests to verify whether it passes various commit checks
edit, set, delete, rename, copy, activate, deactivate Change various configuration values
rollback Restore previous configuration using number. Up to last 49 configuration can be restored using rollback
run Run operational mode command from configuration mode
top, up, exit Move around while editing configuration