JUNOS Cheat-Sheet

Quick Reference www.cciezone.com

r.conf.gz /config/junipe Stored in .conf.n.gz /config/juniper in ed or St f.n.gz fig/juniper.con /config/db/con .conf.gz /config/rescue sy cleanup /var/tmp for ea
Disable Enable S interf ace <n ame> shutdo wn interf ace <n ame> no shu tdown IO JUNOS
<name> disabl e disabl e

Active n = 1-3 Rollbacks Rescue JUNOS Images n = 4-49

ed in Should be stor

set in terfac e delete interf

ace <n ame>

help t opic help r efere help s yslog nce

Genera l topics Syntax Lookup syslog m sg s

Upgrad e Reboo t Shutdo wn

(all are operati onal-m o

reque s t sys tem reque reque s

de com m

ands)

softw a

st sy ste

re ad d

t sys tem

m reb oot -off

power

nfig o c scue t re eate it! l u a r ef no d et to c s i g r re The dont fo

Create Rollback (apply/restore)
request syst em configur ation rescue save [edit] rollback re scue

Login as root, run ezsetup OR Connect to ge-0/0/0, use DHCP and access 192.168.1.1 (web or telnet/SSH) OR Choose Enter Ezsetup from LCD screen OR Connect to me0 and access 192.168.2.1 (EX-series)
i pt me ne >

OR Press the conf ig button for les s than

5 seconds

w ho

sy

st

em

Set Root password

zo

set system root-authentication plain-text-password

t se

da em

te m ti e-

Enable SSH Disable Telnet Set Hostname

set system services ssh delete system services telnet set system host-name <name>

< s st p ow on sy nt ti Sh t e e t ia s a t c d so Se t as se t p Se one nt w ez ) ho Tim (NTP ) s t P Se NT w( o Sh

IP

NT Ps erv er!

Juniper EX-series Cheat Sheet

Quick Reference www.cciezone.com
rted tances are suppo p and hierarchy (stp, rst Up to 64 MSTP ins dit protocols] [e der un e gur Confi mstp) over/ Gs) to have a fail Trunk Groups (RT Use Redundant P ST of use out the ns] tch secondary link with hing-optio supported per swi rnet-switc Up to 16 RTGs are [edit ethe { p trunk-grou redundant0 { ; group rtg1 idge br e re -t ge-0/0/3.0 ng interface show spanni terface .0; in e e re ac -t rf ng e ge-0/0/4 te ni ac in an rf sp te cs in ti ow sh atis ng-tree st ation show spanni } tp configur ng-tree ms ni an sp ow sh }

EX -se

rie s
All ports are family ethernet-switching PoE is enabled on all PoE-capable ports LLDP and RSTP enabled Virtual chassis system ID is 0 (zero) mastership-priority of 128 load factory-default

Th e

can
Reset back to default

be

an

d by able wins n e is iority tion r -emp ghest p e r P , hi ul t def a

with a 200 comes Each EX 4 CB -meter V Up to 1 0( can be s ten) EX 4200 tacked into a V s CS

ant-tr show redund

unk-group

kplane the bac cts rts form o P is terconne hass bles in Virtual C lane ca kp ac s S B P C V VC hassis s into a er to Virtual C switche uses fib Ports er d n s VCB te e x h hassis E ote switc module ect rem Virtual C k interconn n 10Gbps uplin o d e rt o to pp s u used VCEP Only s rotocol ssages ontrol P e C m s si ry has cove Virtual C SA-based dis S in a VC ge L exchan n PFEs sed to ee tw e b ace u rf te in VCCP t ne er th E t en tack anagem switch s Virtual M administer the Engine g in rd a Forw V ME 2 PFEs Packet 0s have EX 420 have 3 PFEs 24-port 0s 0 EX 42 et 48-port PF E port s ure a V Config ME
reques vcassis ual-ch port <#> t virt #> < ot pic-sl

Up to 8 interfac es in a single LAG Max # LAGs: EX 3200 = 32 LAGs per sw itch EX 4200 = 64 LAGs per sw itch VCS = 128 LA Gs per VCS Trunks do no t have to have a native VLAN

If me0 isnt configured as a L3 interface, it is automatically assigned to the mgmt VLAN

show show show show show show

chassis hardware virtual-chassis status virtual-chassis active-topology virtual-chassis interfaces virtual-chassis member-config virtual-chassis protocol

default ports by l l a t a s er th Rememb re access port a

1. Se t th set cha e numbe ethe ssis ag r of ae in gr rnet ter devi egated- faces d ce-c ount evices <#> 2. Bin d the phys ical in set inter terface inte face to th r f opti a e ae ons ces <n ame> 802. 3ad ethe <ae_ r int> 3. Se t the ae in te (phy sical rface pr o and logic perties al)

. routing VLAN s interS. e id IO v n ro o P SVI Like an

1. Set the port mode to trunk set interfaces <name> unit <#> family ethernet-switching portmode trunk

have to unit doesnt The VLAN LAN ID match the V ommend it s rec best-practice

] faces inter [edit { vlan 200 { net { 4 unit 1.1/2 y i famil ress 10.1. add } } } ] vlans [edit { t 0; tes .200; id 20 vlan- rface vlan e t l3-in }

2. Set the VLAN membership on the trunk set interfaces <name> unit <#> family ethernet-switching vlan members <name(s)>
ng tchi -swi t e n ther ly e Por fami e r L2 u g Confi inet mily e fa r L3 u g Confi : n be ts ca

3. Set the native VLAN (optional) set interfaces <name> unit <#> family ethernet-switching native-vlan-id <name>

Juniper EX-series Cheat Sheet

Quick Reference www.cciezone.com

s route used if it N ly n o is This the VLA outside of

Ingress / Received Packet Port Firewall Filter (PACL) VLAN Firewall Filter (VACL)

d
MA On C Lim ly a i llow ting p s s rote Lim tat cts its the OR ically the C -de num MA fine AM: ber dM sh C Lim of d AC ut yna do iting add dr mic wn act op res ion ally lo ( ses ( b d g rop lock s: -lea ( no rne ne does s the s dat dM pac a tr (do not AC af k not dro add Co p et a fic & do n res any pack nd ge gen [e figu ses e e n di t r t r h atio , bu era ate i t n se g t s n e t ge es ) cu s y re ther Exa a ste ner -a s m n y m e ate s c p in te cess t-sw le: s a tem l log e rf it -p sys og e ntr a y) tem al ce g ort chin nt } lo g { e -o log ry) we in pt d- 0/0/ ent te io ma rf 0 ry) ns .0 c ac ] [ e { m
ac 00 -l ge-0 :0 im 0: it /0/1 00 :0 .0 2 0: ac { 00 ti :0 on 1 sh ]; ut do wn ;

Router Firewall Filter (RACL)

VLAN Firewall Filter (VACL)

Egress / Transmit Packet

Mitigate rogue D servers HCP !

} }

sts: Port Tru port Default Access rt po Trunk

sted = untru ed = trust

ns] le: Examp ching-optio uration Config thernet-swit { e t [edit ss-por /0/0.0 { -acce -0 secure rface ge ed; st inte ru -t dhcp { 0/1.0 } ge-0/ rface -trusted; te n i cp dh on } { test p; vlan e-dhc examin } }

show dhcp snooping binding clear dhcp snooping binding

Ex to a m i n vie e s w th e h o w Us M A et e in cl h C te ea ta b e r n rf r le. eta e Lo ce th sw it <n ern Li m ok at ch am et itin sh in e> -s g g v ow wi t o ta i ol cle tc a ti l o g bl hi a on e r vio ng me m e s l at t s s sag a ion b ag e l s. e es s . fo r MA C

s in the DHCP mining entrie ooping Relies on exa uires DHCP Sn req so le, tab lt Snooping ANs by defau VL all on led Disab N basis on a per-VLA d It is enabled red as a truste that is configu o setup as a Any interface ooping is als Sn CP DH ction) interface for es ARP inspe erface (bypass DAI trusted int mmands:

Example: Configuration t-switching-options] it etherne

[ed ss-port { { secure-acce ge-0/0/0.0 interface ; dhcp-trusted } { vlan test ion; arp-inspect -dhcp; ne mi exa } }

Monitoring Co

ndings snnoping bi show dhcp atistics pection st ins arp show

DHCP traceoptions are logged to /var/log/fud by default

i m s 4 { ow ra t gu yste .0/2 ge l nfi n 0 { Co dit s0.0. s-ra s s 1 e es

[

g cp : hi dh ple .1 .0 am ices x 0 . v E er 10 on

are th is au others s: host t, all mode only first plican rt t) p nt o n u p a s c X li le lt pplica 802.1 e (defau first supp its a sing ch su e l rm nt, ea a c li sing ack on th (only pe p p -b e le su piggy e-secur multip l s for sing ) cces a s it d ) denie ple (perm dividually nds i in seco mult enticated 36 00 ns th Optio od: is au & ters eri onds rame tication P 5 s ec X Pa n en: 802.1 Reauthe 1 to 65,53 d wh lt : is use u e d n a Defa Rang t) gured lican confi s upp ils ve a an be osts. AN c tication fa pond (ha .1X h L V t s es n-802 en re u o t th n G n u r s a A n doe ss fo W he lient bypa evice. nac ation W he entic y on the d th u a ll an loca List is tored are s Static MAC ddresses a MAC

ated, entic

all oth

er ho

sts

e 0; ol ddr 0; addr ; 40 0 a po 86 00; .1 e.2 me 864 .0 lud .0.0 i 0 c . -t me 10 ex 10 i se ea e-t s -l um lea { m } xi lt- er 10; a v u m 0. er fa de e-s .0.1 m 10 na ct ; li 54 ? { nf .2 co cp .0 er } dh cp ut 0.0 : o h 1 r d es ds an vic es mm er vic } Co tem s ser l m efu s Us w sysyste } o sh ar e l c

ion Exam [edit ple: forwar ding-o descri ptions ption he Main server DHCP re lpers bootp] 10.0.4 lay; 0.2; maximu m-hopcount minimu 4; m-wait -time interf 1; ace { vlan.2 { no-lis ten; }

Configur at

Configuration Example:
[edit protocols dot1x authenticator] interface { ge-0/0/0.0 { guest-vlan test-guest-vlan; reauthentication 3600; supplicant single-secure; } ge-0/0/3.0 { no-reauthentication; } } Static { 00:00:00:00:00:01 { interface ge-0/0/0.0; } 00:00:00:00:00:02; }

Monitoring Commands:
show dot1x interface Show dot1x static-mac-address show dot1x authentication-failed-users

Juniper EX-series Cheat Sheet

Quick Reference www.cciezone.com

default to class 0 by are assigned All switch ports power pool ed from total Modes: r port is deduct fo r we po x Static ma matches class 0) tal power pool (only supports dgeted from to bu r we po ic Dynam from the total consumed actual power et is deducted dg bu ss cla r we Class max po usage for each power pool torical power his e id ov pr s rie PoE Telemet e (PD) powered devic fault Disabled by de 5 minutes (1 to 30 mins) al is Default interv to 24 hrs) n is 1 hour (1 Default duratio

: ple xam E { tion /0 ura e] -0/0 h; .4; g i f g e o n 15 i Co t p e g h r

we ty ac di [e erf or i m-po s { ; i t u r n ie l 5 m p i ; a tr xi ma eme erv on 1 t l in a ti te r du }

/1 /0 { -0 ge es i e ac etr le; f b m r } te ele isa d t in } }

n a ef fa Us o w c h o e c o n t e r i p sh oe ow sh w p o sh

s : war nd ma hardler m o s ol ul C ssi tr ce

Fully in te 4200 s rchangeable eries s witche between EX 320W, s 3200 a 600W nd and 93 0W ca pacitie s are a vailable

LLD P

Mul

ticas t

Addr

ess:

net-s voip { witch ing-op tions] inter face ge-0/0 /0 { vlan testvoice; forwa rding } -class } voiceep;

Configu re CoS b Use vo ice VLA efore enabling N vo Use LL DP-ME on ports with IP ice VLAN D to sig to IP ph phone nal voic one e VLAN s ID and Configu 802.1p ration E value [edit x a m ple: ether

01-8 0

-C2 -

00-0 0

-0E

mmand show v s: lans detail <name>

Useful C

bled P is ena hen LLD bled by default w t n e s a en s are DP TLV TLVs are atory LL P-MED All mand l LLDP and LLD na All optio xample: ration E Configu otocols] dit pr

[e l 30; nterva lldp { rtisement-i adve ier 2; ultipl hold-m erval 30; t n msgTxI d 4; ol msgTxH } ed; lldp-m

s: ommand Useful C p statistics

Assessment

ld show l p detail ld show l p neighbors ld o show l p local-inf ld show l

Maintenance

Design and Implementation

Juniper EX-series Cheat Sheet

Quick Reference www.cciezone.com

24 to 48-ports Basic model has 8 PoE ports Up to 48 PoE ports are supported Does not support VCS Intended for access layer usage Supports redundant power supplies (one internal, one via RPS port) Field-replaceable PS and fan tray Uplink modules: 4 x 1Gbps Ethernet (SFP) 2 x 10Gbps Ethernet (XFP) Line-rate switching (non-blocking)

24 to 48-ports Basic model has 8 PoE ports Up to 48 PoE ports are supported Supports VCS (up to 10 switches in a VCS) Intended for distribution and access layer usage Redundant (both internal), hot-swappable PS Field-replaceable fan tray (3 fans one can fail & not affect operations) Uplink modules: 4 x 1Gbps Ethernet (SFP) 2 x 10Gbps Ethernet (XFP) Line-rate switching (non-blocking)

Routing Engine (RE) Bridging Table (BT) Routing Table (RT) JUNOS Software Fwding Table (FT)

Control Plane Forwarding Plane

Packet Forwarding Engine (PFE)

Packet Flow

Bridging Table (BT)

Fwding Table (FT)

Packet Flow