Professional Documents
Culture Documents
JUNOS Juniper EX Cheat Sheet
JUNOS Juniper EX Cheat Sheet
ed in Should be stor
de com m
ands)
softw a
st sy ste
re ad d
t sys tem
power
Login as root, run ezsetup OR Connect to ge-0/0/0, use DHCP and access 192.168.1.1 (web or telnet/SSH) OR Choose Enter Ezsetup from LCD screen OR Connect to me0 and access 192.168.2.1 (EX-series)
i pt me ne >
5 seconds
w ho
sy
st
em
t se
da em
te m ti e-
set system services ssh delete system services telnet set system host-name <name>
IP
NT Ps erv er!
EX -se
rie s
All ports are family ethernet-switching PoE is enabled on all PoE-capable ports LLDP and RSTP enabled Virtual chassis system ID is 0 (zero) mastership-priority of 128 load factory-default
Th e
can
Reset back to default
be
an
with a 200 comes Each EX 4 CB -meter V Up to 1 0( can be s ten) EX 4200 tacked into a V s CS
unk-group
lane e backp form th s is Ports rconnect hass es inte Virtual C ne cabl Backpla Ps CS V VC hassis s into a r to Virtual C switche ses fibe orts u VCB tender P switches x hassis E ote le ect rem Virtual C k modu interconn n 10Gbps uplin o d d to s upporte use VCEP Only s rotocol ssages ontrol P assis C very me irtual Ch A-based disco CS V S V in a ge L exchan n PFEs sed to betwee ace u VCCP et interf t Ethern en tack anagem switch s Virtual M administer the ngine arding E PFEs Forw V ME 2 Packet 0s have EX 420 have 3 PFEs 24-port 00s EX 42 et 48-port PF E port s ure a V Config ME
reques vcassis ual-ch port <#> t virt ot <#> pic-sl
Up to 8 interfac es in a single LAG Max # LAGs: EX 3200 = 32 LAGs per sw itch EX 4200 = 64 LAGs per sw itch VCS = 128 LA Gs per VCS Trunks do no t have to have a native VLAN
chassis hardware virtual-chassis status virtual-chassis active-topology virtual-chassis interfaces virtual-chassis member-config virtual-chassis protocol
1. Se t th set cha e numbe ethe ssis ag r of ae in gr rnet ter devi egated- faces d ce-c ount evices <#> 2. Bin d the phys ical in set terfa inte inte ce to rfac rface the a opti es < e ons name 802. > et 3ad her<ae_ int> 3. Se t the ae in te (phy sical rface pr o and logic perties al)
1. Set the port mode to trunk set interfaces <name> unit <#> family ethernet-switching portmode trunk
have to unit doesnt The VLAN LAN ID match the V ommend it s rec best-practice
] faces inter [edit { vlan 200 { net { 4 unit 1.1/2 y i famil ress 10.1. add } } } ] vlans [edit t { 0; tes .200; id 20 vlan- rface vlan te l3-in }
2. Set the VLAN membership on the trunk set interfaces <name> unit <#> family ethernet-switching vlan members <name(s)>
g chin swit nether y et Por amil L2 ure f g net Confi ly i fami L3 gure Confi : n be ts ca
3. Set the native VLAN (optional) set interfaces <name> unit <#> family ethernet-switching native-vlan-id <name>
d
MA On C Lim ly a i llow ting p s s rote Lim tat cts its the OR ically the C -de num MA fine AM: ber dM sh C Lim of d AC ut yna do iting add dr mic wn act op res ally lo (blo ions ses (dr g -lea (do ops t cks : no rne dat ne he es dM pac a tr (do not AC af k not dro add Co p et a fic & do n res any pack nd ge gen [e figu ses di thin et, b ner erat rati t se on ut g ates es s g) e cu ene re ther Exa a s yste -a mp ne rate yst ml c in te cess t-sw le: s a em l og e rf it -p sys og e ntr a y) tem al ce g ort chin nt } lo g{ elog ry) we op in 0/ dti ent te ma 0/0. on rf ry) c s] ac 0 [ e { m
ac 00 -l ge-0 :0 im 0: it /0/1 00 :0 .0 2 0: ac { 00 ti :0 on 1 sh ]; ut do wn ;
ns] le: Examp ching-optio uration Config thernet-swit { e t [edit ss-por /0/0.0 { -acce -0 secure rface ge ed; inte -trust dhcp { /1.0 } e-0/0 ace g rusted; nterf i -t o-dhcp n } { test p; vlan e-dhc examin } }
Ex to a m i n vie e s w th e h o w Us M A et ec in h C te lea ta b e r n rf r le. etac et Lo sw he e it <n rn Li m ok at ch am et itin sh in e> -s g g v ow to w i t ta i ol cle ch a ti l o g bl ar on in e vio g me m e s l at ta s s sag ion bl ag es s. e es . fo r MA C
s in the DHCP mining entrie ooping Relies on exa es DHCP Sn table, so requir Snooping s by default led on all VLAN Disab N basis on a per-VLA d It is enabled red as a truste that is configu as a Any interface g is also setup DHCP Snoopin inspection) interface for passes ARP d interface (by DAI truste mmands:
Monitoring Co
ndings snnoping bi stics show dhcp tion stati arp inspec show
are auth others : ost is t, all odes first h lican nt port m ult only plicant) supp X gle pplica 802.1 e (defa t s up a sin ch su e firs l rmits nt, ea sing ack on th (only pe plica sup -b e ultiple piggy e-secur for m l cess sing ) its ac lly) d denie ple (perm dividua nds i in seco mult enticated 36 00 th tions is au & Op eriod: ters onds rame tication P : 5 s ec X Pa n when 802.1 Reauthe 1 to 65,53 used lt : u e and is Defa Rang t) gured plican confi a s up ts. n be n fails (have N ca X h os t VLA thenticatio t respond -802.1 G ues n au r no n sn A s fo doe W he ypas lient . nac tion b e device W he ntica th authe cally on n t is a tored lo Lis are s Static MAC ddresses a MAC
ated, entic
all oth
er ho
sts
e 0; ol ddr 0; addr ; 40 a po 86 00; 20 e- 0.1 4 e d 0. 86 im 0. clu 0.0. t . e- ime 1 ex 10 t as le sea m{ mu -le } i ax ult ver .10; m 0 er fa de e-s .0.1 m 10 na ct 4; li ? 25 { nf p 0. r co } hc 0. te : es d dhcp ou 10. s c r nd s ma rvi ce om se rvi } l C stem m se u sef sy ste U w sy } o sh ar e cl
ion Exam [edit ple: forwar ding-o descri ptions ption he Main server DHCP re lpers bootp] 10.0.4 lay; 0.2; maximu m-hopcount minimu 4; m-wait -time interf 1; ace { vlan.2 { no-lis ten; }
Configur at
Configuration Example:
[edit protocols dot1x authenticator] interface { ge-0/0/0.0 { guest-vlan test-guest-vlan; reauthentication 3600; supplicant single-secure; } ge-0/0/3.0 { no-reauthentication; } } Static { 00:00:00:00:00:01 { interface ge-0/0/0.0; } 00:00:00:00:00:02; }
Monitoring Commands:
show dot1x interface Show dot1x static-mac-address show dot1x authentication-failed-users
default to class 0 by are assigned All switch ports er pool from total pow Modes: rt is deducted x power for po Static ma matches class 0) tal power pool (only supports dgeted from to ic power bu Dynam m the total consumed is deducted fro actual power r class budget we Class max po age for each power pool rical power us s provide histo rie PoE Telemet e (PD) powered devic fault Disabled by de 5 minutes (1 to 30 mins) al is Default interv to 24 hrs) n is 1 hour (1 Default duratio
n a ef fa Us o w c h o e c o n t e r i p sh oe ow sh w p o sh
Fully in te 4200 s rchangeable eries s witche between EX 320W, s 3200 a 600W nd and 93 0W ca pacitie s are a vailable
LLD P
Mul
ticas t
Addr
ess:
net-s voip { witch ing-op tions] inter face ge-0/0 /0 { vlan testvoice; forwa rding } -class } voiceep;
Configu re CoS b Use vo ice VLA efore enabling N vo Use LL DP-ME on ports with IP ice VLAN D to sig to IP ph phone nal voic one e VLAN s ID and Configu 802.1p ration E value [edit xample ether :
01-8 0
-C2 -
00-0 0
-0E
Useful C
d is enable en LLDP led by default sent wh ab en s are DP TLV TLVs are atory LL P-MED All mand l LLDP and LLD na All optio xample: ration E Configu otocols] dit pr
[e l 30; nterva lldp { rtisement-i adve ier 2; ultipl hold-m erval 30; t n msgTxI d 4; ol msgTxH } ed; lldp-m
Assessment
Maintenance
24 to 48-ports Basic model has 8 PoE ports Up to 48 PoE ports are supported Does not support VCS Intended for access layer usage Supports redundant power supplies (one internal, one via RPS port) Field-replaceable PS and fan tray Uplink modules: 4 x 1Gbps Ethernet (SFP) 2 x 10Gbps Ethernet (XFP) Line-rate switching (non-blocking)
24 to 48-ports Basic model has 8 PoE ports Up to 48 PoE ports are supported Supports VCS (up to 10 switches in a VCS) Intended for distribution and access layer usage Redundant (both internal), hot-swappable PS Field-replaceable fan tray (3 fans one can fail & not affect operations) Uplink modules: 4 x 1Gbps Ethernet (SFP) 2 x 10Gbps Ethernet (XFP) Line-rate switching (non-blocking)
Routing Engine (RE) Bridging Table (BT) Routing Table (RT) JUNOS Software Fwding Table (FT)
Packet Flow
Packet Flow