Juniper Networks Certified Internet Associate-JNCIA

JNCIA-ER Lab Manual

Developed by

M. Irfan Ghauri
M. Tanzeel Nasir








C-32/1 Block-5 Gulshan-e-Iqbal, Karachi ESP Press
Ph #0213-6034003 Copyrights 2011





1


LAB. LAB. LAB. LAB. LABS DESCRIPTION LABS DESCRIPTION LABS DESCRIPTION LABS DESCRIPTION PAGE NO. PAGE NO. PAGE NO. PAGE NO.

1


Junos Basic and J-web Basics

2
2 Accessing the Juniper Router through Telnet/SSH/HTTP

11
3 Static Routing


12
4 Dynamic Routing
1. RIP
2. OSPF


14
16
5 Firewall Filtering
1. Simple Firewall Filtering
2. Advance firewall Filtering


18
20
6

Port Address Translation (PAT)

22
7

Implement VRRP

24

8 Inter-vlan routing

26
9 Configuring dhcp

28
10 MLPPP 30
11 Password recovery

31
12 PPP Authentication

33








2
Lab # 1
Junos Basic

Configuration

After connecting your PC to the Console Port.

LOGIN:root
PASSWORD:abc123
Root @%

To Enter Into Operational Mode From Unix Shell & Vice- Versa.

Root @% cli
Root >


To Enter Into Configuration Mode.

Root> configure
Entering configuration mode

Root #

Jweb equivalent : Configuration


Use Commit command to activate your changes.

Root# commit


To change the Host Name of Router.

Root# set system host-name host
Root# commit





3
Jweb equivalent : Configuration > Quick Configuration > setup


Set the System Date & Time on the Router

Root> set date 12:10:8 (hh:mm:ss)
Root> set date 2009-10-6 (YY-MM-DD)
Root# commit


Jweb equivalent : Configuration > Quick Configuration > setup
(set time manually)


Verify the System Date & Time on the Router

Root> show system uptime
Current time: 2009-08-17 11:55:58 UTC

Jweb equivalent : Monitor> system


Display the Version Information of the Router.


Root>show system software
Or
Root>show version

Show interface summary

Root> show interfaces terse

Jweb equivalent : Monitor > interfaces


Display the Interface

Root>show interface
Root>show interfaces extensive
Root>show interface detail





4


Displays per-second real-time statistics for a physical interface

Root> monitor interface se-0/0/2


Command prints packet headers to your terminal screen for information sent or
received by the Routing Engine

Root>monitor traffic interface se-0/0/2


Move connection to another port for testing purpose

Root#rename interfaces fe-0/0/0 to fe-0/0/1

(in this example you will move the configuration for fe-0/0/0 to fe-0/0/1)

Ruplicate an existing configuration and change a few components.

Root#copy interfaces fe-0/0/0 to fe-0/0/1

(we are replicating an existing configuration so we can change a few components)


Configuring the Encapsulation on a Physical Interface
Root#set interfaces se-0/0/2 encapsulation ppp


Show Active Configuration.

Root>show configuration
or
Root>show system rollback 0
or
Root#show

Jweb equivalent: Configuration > View and Edit > View Configuration
Text






5


Show Active Configuration in set display
Root # Show | display set


Show Active Configuration in xml format
Root # Show | display xml


show candidate Configuration.

Root> show system rollback 2

(Temporary Configuration and becomes active when commit it)

Jweb equivalent : Configuration > history


Compare Rollback Configuration.

Root> show system rollback 0 compare 2
Jweb equivalent : Configuration > history > compare



Configure Rollback Configuration.

Root#rollback 2
Root#commit


Deactivate or Activate configuration.

Root#deactivate Anyconfiguration

For example

Root#deactivate interfaces se-0/0/2

Root#show




6
interfaces{
inactive se-0/0/2{
}


Shut down an Interface

Root# set interfaces se-0/0/2 disable

Root# delete interface se-0/0/2 disable

Set Rescue Configuration.

Root> request System configuration rescue save

(Save Active configuration as rescue configuration)

Jweb equivalent : configuration >rescue


Commit Rescue Configuration.

Root> rollback rescue
Or
(Reset CONFIG button on the front of j-series router will load and commit the
rescue configuration )

Jweb equivalent : Configuration > history (Set rescue configuration)


Show Rescue Configuration.

Root> Show System configuration rescue

Jweb equivalent : Configuration > history (View rescue configuration )

To look how many users are logged in junos

Root>show system user





7

To look at files stored in Flash memory

Root>show system storage


To look at used tcp and udp ports

Root>show system connection


To look at system license

Root>show system license


To look at system firmware

Root>show system firmware


Show chassis component and temperature of cpu

Root > show chassis environment

Jweb equivalent : Monitor > chassis


Show chassis hardware

Root > show chassis hardware detail

Jweb equivalent : Monitor > chassis


Set the password of Root in clear text.

Root# set system root-authentication plain-text-password
New Password: abc123
Retype new password: abc123





8

Jweb equivalent : Configuration > Quick Configuration > setup


Set the password of Root in encrypted text.

Root# set system root-authentication encrypted-password abc123

Jweb equivalent : Configuration > Quick Configuration > setup


To shutdown and restart the router

Root> request system poweroff
Root> request system reboot

Jweb equivalent : Manage > Reboot


To make the router on factory default setting

Root # load factory-default
warning: activating factory configuration

[edit]
Root # set system root-authentication plain-text-password
New password: abc123

Retype new password: abc123

[edit]
Root # commit










9
Assign the IP Address on the Ethernet Interface of the
Router.


Configuration


Assign the IP Address on the Ethernet Interface of the Router.

Root# set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8
Root#edit interface fe-0/0/0
Root#Set description "This is the Ethernet management interface"
Root#top
Root#commit

Delete the IP Address on the Ethernet Interface of the Router.

Root#delete interface fe-0/0/0 unit 0 family inet address 10.0.0.10/8


Rename the IP Address on the Ethernet Interface of the Router.

Root#rename interface fe-0/0/0 unit 0 family inet address 10.0.0.10/8 to 15.0.0.10/8

Jweb equivalent : Configuration > Quick Configuration > interfaces



Verifying Command
Root> show interfaces
Root> show interface terse
Root>show interface description
Root> show interfaces terse | match fe










10
Assign the IP Address on the Serial Interfaces of the
Router.


Configuration

Assign the IP Address on the Serial Interface of the Router R1 (DCE).

Root# set interfaces se-0/0/2 unit 0 family inet address 15.0.0.1/8
Root# set interfaces se-0/0/2 serial options clocking-mode dce
Root# set interfaces se-0/0/2 serial options clock-rate 64.0khz
Root# commit


Jweb equivalent : Configuration > Quick Configuration > interfaces


Assign the IP Address on the Serial Interface of the Router R2.

Root# set interfaces se-0/0/2 unit 0 family inet address 15.0.0.2/8
Root# commit

Jweb equivalent : Configuration > Quick Configuration > interfaces

Verifying Commands

Root> show interfaces
Root> show interfaces terse
Root> show interfaces terse | match se
Root> show interfaces detail se-0/0/2













11
Lab # 2
Accessing Router through Telnet/SSH/HTTP
(Telnet/SSH/HTTP between two Routers)

Configuration

Configuring telnet on R1.

Root@R1# set system services telnet
Root@R1# set system services ssh
Root@R1# set system login user R1 class super-user authentication plain-text-
password
Enter password: abc123
Retype password: abc123


Configuring telnet on R2.

Root@R2# set system services telnet
Root@R2#set system services ssh
Root@R1# set system login user R2 class super-user authentication plain-text-
password
Enter password: abc123
Retype password: abc123



Verifying Commands

Root> show system users
Root> show configu
ration
Root# show system








12
Lab # 3
STATIC Routes
Diagram



Configuration

Configure the Static Route on the Router R1.
Root# set routing-options static route 20.0.0.0/8 next-hop 15.0.0.2
Root# commit

Jweb equivalent : Configuration > Quick Configuration > routing and
protocols


Configure the Static Route on the Router R2.
Root# set routing-options static route 10.0.0.0/8 next-hop 15.0.0.1
Root# commit




IP Address 15.0.0.1
Se-0/0/2
IP Address 15.0.0.2
Se-0/0/2

R1
WAN
IP Address 10.0.0.10
Fe-0/0/0

IP Address 20.0.0.10
Fe-0/0/0
Host A
IP Address 10.0.0.1
Host B
IP Address 20.0.0.1
R2




13
Jweb equivalent : Configuration > Quick Configuration > routing and
protocols


Verifying Command
Root> show route
Root>show route protocol static
Root> show configuration
Root> show interfaces terse



























14
Lab # 4 (i)
Routing Protocol- RIP
Diagram

Configuration

Enable the RIP protocol on the Router R1.

root@R1# set protocols rip group NAME export policy1

root@R1# set protocols rip group NAME neighbor se-0/0/2

Defining policy :

root@R1# set policy-options policy-statement policy1 from protocol direct

root@R1#set policy-options policy-statement policy1 then accept

Jweb equivalent : Configuration > Quick Configuration > routing and
protocols




IP Address 15.0.0.1
Se-0/0/2
IP Address 15.0.0.2
Se-0/0/2

R1
WAN
IP Address 10.0.0.10
Fe-0/0/0

IP Address 20.0.0.10
Fe-0/0/0

Host A
IP Address 10.0.0.1
Host B
IP Address 20.0.0.1
R2




15




Enable the RIP protocol on the Router R2.
root@R2# set protocols rip group NAME export policy1

root@R2# set protocols rip group NAME neighbor se-0/0/2

Defining policy :

root@R2# set policy-options policy-statement policy1 from protocol direct

root@R2#set policy-options policy-statement policy1 then accept


Jweb equivalent : Configuration > Quick Configuration > routing and
protocols


Verifying Command

Root>show route
Root> show configuration
Root> show interfaces terse
Root>show route protocol rip







16
Lab # 4 (ii)
Routing Protocol- OSPF (Area 0)
Diagram

Configuration

Enable the OSPF protocol on the Router R1.

Root@R1#set protocols ospf area 0.0.0.0 interface Fe-0/0/0
Root@R1#set protocols ospf area 0.0.0.0 interface Se-0/0/2

Or

Root@R1#set protocols ospf area 0.0.0.0 interface all

Jweb equivalent : Configuration > Quick Configuration > routing and
protocols




IP Address 15.0.0.1
Se-0/0/2
IP Address 15.0.0.2
Se-0/0/2

IP Address
20.0.0.10
Fe-0/0/0
IP Address
10.0.0.10
Fe-0/0/0
Host B
IP Address 20.0.0.1
Backbone Area / Area 0
R2 R1
WAN
Host A
IP Address 10.0.0.1




17

Enable the OSPF protocol on the Router R2.

Root@R2#set protocols ospf area 0.0.0.0 interface Fe-0/0/0
Root@R2#set protocols ospf area 0.0.0.0 interface Se-0/0/2

Or

Root@R2#set protocols ospf area 0.0.0.0 interface all

Jweb equivalent : Configuration > Quick Configuration > routing and
protocols




Verifying Commands

Root>show route
Root>show ospf interface
Root>show ospf neighbor
Root>show route protocol ospf
























18
Lab # 5
Firewall Filtering
i.Simple Firewall Filtering
Diagram

IP Address 15.0.0.1


Configuration

Make the Firewall Filter on router R1 such that Host A can not be accessing the
Web & Ftp Server.
Root@R1# set firewall filter FILTER-IN term BLOCK-ALL-PACKETS from
source-address 10.0.0.1/32

Root@R1# set firewall filter FILTER-IN term BLOCK-ALL-PACKETS then
discard

Root@R1# set firewall filter FILTER-IN term ALLOW-OTHERS then accept





Host B
IP Address
10.0.0.2
FTP Server
IP Address
20.0.0.2
IP Address
20.0.0.1
WEB Server
Host A
IP Address
10.0.0.1
IP Address
10.0.0.10
Fe-0/0/0
IP Address
20.0.0.10
Ft 0Fe-0/0/0
IP Address 15.0.0.2
Serial-0/0/2

IP Address 15.0.0.1
Serial-0/0/2


WAN
R1
R2




19

Apply the Firewall Filter on router R1s Serial Interface.

Root@R1#set interface se-0/0/2 unit 0 family inet filter OUTPUT FILTER-IN



Verifying commands (Now Host A should not be accessing both Web & FTP
servers. However, Host B should be accessing both Web & FTP Servers)
root# show firewall filter FILTER-NAME




20
ii. Advanced Firewall Filtering
Diagram


Configuration

Make the Firewall Filtering on router R1 such that Host A can not be accessing
the Web Server.

Root@R1#set firewall filter protect term DENY-http from source-
address10.0.0.1/32

Root@R1#set firewall filter protect term DENY-http from destination-
address20.0.0.1/32

Root@R1#set firewall filter protect term DENY-http from protocol tcp

Root@R1#set firewall filter protect term DENY-http from destination-port http

Root@R1#set firewall filter protect term DENY-http then discard






Host B
IP Address
10.0.0.2
FTP Server
IP Address
20.0.0.2
IP Address
20.0.0.1
WEB Server
Host A
IP Address
10.0.0.1
IP Address
10.0.0.10
Fe-0/0/0
IP Address
20.0.0.10
Ft 0Fe-0/0/0
IP Address 15.0.0.2
Serial-0/0/2

IP Address 15.0.0.1
Serial-0/0/2


WAN
R1
R2




21
Make the Firewall Filtering on router R1 such that Host B can not be accessing the
Ftp Server.


Root@R1#set firewall filter protect term DENY-FTP from source-
address10.0.0.2/32

Root@R1#set firewall filter protect term DENY-FTP from destination-
address20.0.0.2/32

Root@R1#set firewall filter protect term DENY-FTP from protocol tcp

Root@R1#set firewall filter protect term DENY- FTP from destination-port FTP

Root@R1#set firewall filter protect term DENY-FTP then discard

Root@R1#set firewall filter protect term PERMIT-ALL then accept


Apply the Firewall Filtering on router R1s Ethernet Interface.

Root@R1#set interface fe-0/0/0 unit 0 family inet filter input protect


Verifying commands (Now Host A should not be accessing Web server & Host B
should not be accessing both FTP server).

root# show firewall filter FILTER-NAME


















22
Lab # 6
Port Address Translation (PAT)


Diagram


Configuration
Configuring Sp interface
Root#set interfaces sp-0/0/0 unit 0 family inet

Defining Nat Pool

Root#set services nat pool global-out address 15.0.0.11/32
Root#set services nat pool global-out port automatic

Defining Nat rule

Root#set services nat rule nat-out match-direction output
Root#set services nat rule nat-out term nat-with-alg from application-sets junos-
algs-outbound


IP Address 15.0.0.1
Serial 0/0/2
IP Address 15.0.0.2
Serial 0/0/2
R1
WAN
IP Address 10.0.0.10
Fe-0/0/0
IP Address 20.0.0.10
Fe-0/0/0
IP Address
20.0.0.1
Host B
IP Address
10.0.0.2
IP Address
20.0.0.2
FTP Server
WEB Server
NAT
Translation Table Of
R1
10.0.0.1 15.0.0.11
10.0.0.2 15.0.0.11

Host A
IP Address
10.0.0.1
R2




23
Root#set services nat rule nat-out term nat-with-alg then translated source-pool
global-out

Root#set services nat rule nat-out term nat-with-alg then translated translation-type
source dynamic


Create service set

Root#set services service-set nat-ss nat-rules nat-out
Root#set services service-set nat-ss interface-service service-interface sp-0/0/0.0

Apply service set to nat interface

Root#set interfaces se-0/0/2 unit 0 family inet service input service-set nat-ss
Root#set interfaces se-0/0/2 unit 0 family inet service output service-set nat-ss

Verifying commands

Root>sh services nat pool
Root >sh services nat pool detail
Root >clear services stateful-firewall flows

























24
Lab #7
Configuring VRRP




Configuration

Configuration of Vrrp on Router A

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1
virtual-address 10.0.0.5



L0 15.0.0.1
L0 15.0.0.1
Virtual
Router
10.0.0.5

J2300
J2300
10.0.0.20
10.0.0.10
VRRP
GROUP
1
Host A
IP Address
10.0.0.1




25
Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1
priority 200

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1
accept-data

Root#set interfaces lo0 unit 0 family inet address 15.0.0.1/32


Configuration of Vrrp on Router B

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.20/8 vrrp-group 1
virtual-address 10.0.0.5

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.20/8 vrrp-group 1
priority 100

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.20/8 vrrp-group 1
accept-data

Root#set interfaces lo0 unit 0 family inet address 15.0.0.1/32



Verifying Commands

Root>show vrrp

Root>show vrrp interface fe-0/0/0









26
Lab # 8
Inter-VLAN Routing





Configuration
Switch

Switch(config)#vlan 10
Switch(config-vlan)#name vlan-10
Switch(config)#vlan 20
Switch(config-vlan)#name vlan-10
Vlan 10 Vlan 20
Host A
10.0.0.1/8
10.0.0.10
Host B
20.0.0.1/8
20.0.0.10
Fa 0/24
Fa 0/1 Fa 0/11
Fe-0/0/0.10
10.0.0.10 / 8
Fe-0/0/0.20
20.0.0.10 / 8
Fe-0/0/0
J2300
2950




27


Switch(config)#interface range fastEthernet 0/1 - 10

Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10

Switch(config)#interface range fastEthernet 0/11 - 20
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20

Switch(config)#interface fastEthernet 0/24
Switch(config-if)#switchport mode trunk

Router
Root#set interfaces fe-0/0/0 vlan-tagging
Root #set interfaces fe-0/0/0 unit 10 vlan-id 10
Root #set interfaces fe-0/0/0 unit 10 family inet address 10.0.0.10/8
Root #set interfaces fe-0/0/0 unit 20 vlan-id 20
Root #set interfaces fe-0/0/0 unit 20 family inet address 20.0.0.10/8




Verifying Command
root# show interfaces fe-0/0/0
root# show interfaces fe-0/0/0 | display set



















28
Lab # 9
Configuring Juniper Router as a Dhcp
Server




















Configuration

Step 1: On Router Create & Configure Dhcp

Root#set system services dhcp pool 10.0.0.0/8

Root#set system services dhcp pool 10.0.0.0/8 router 10.0.0.10

Root#set system services dhcp pool 10.0.0.0/8 address-range low 10.0.0.1 high
10.0.0.12



Host A

Host B

Fe-0/0/0
10.0.0.10
J2300




29

On Router reserve address (10.0.0.5) by excluding from dhcp pool

Root#set system services dhcp pool 10.0.0.0/8 exclude-address 10.0.0.5


Jweb equivalent : Configuration > Quick Configuration > dhcp

Verifying Commands

Root>show system services dhcp binding


























30
Lab #10
MLPPP








Configuration

Configuration of mlppp on router A.

Root# set interfaces ls-0/0/0 unit 0 family inet add 15.0.0.1/8
Root# set interfaces se-0/0/2 unit 0 family mlppp bundle ls-0/0/0.0
Root# set interfaces se-0/0/3 unit 0 family mlppp bundle ls-0/0/0.0

Configuration of mlppp on router B.

Root# set interfaces ls-0/0/0 unit 0 family inet add 15.0.0.2/8
Root# set interfaces se-0/0/2 unit 0 family mlppp bundle ls-0/0/0.0
Root# set interfaces se-0/0/3 unit 0 family mlppp bundle ls-0/0/0.0

Verifying Command
Root> show interfaces ls-0/0/0







J2300
J2300
IP Address 15.0.0.2
Ls-0/0/0
IP Address 15.0.0.1
Ls-0/0/0




31
Lab #11
Password Recovery

Configuration

First Press Power ON Button reboot your router

when below line appear press space bar

Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [kernel] in 1 second...

Type boot s at below prompt


Type '?' for a list of commands, 'help' for more detailed help.
Ok boot -s


Type recovery at below prompt
Enter full pathname of shell or 'recovery' for root password recovery or RETURN
for /bin/sh: recovery

CLI prompt Appear

Starting CLI ...
root>


Type Configure and Set Root authentication Password

Root>configure
Root#set system root-authentication plain-text-password
New password:*******
Retype new password:*******








32

Type commit to load configuration

Root#commit
Root# exit

Type Exit to reboot the Router

root> exit

Reboot the system? [y/n] yes

































33
Lab # 12

PPP AUTHENTICATION- CHAP
Diagram





Configuration


CHAP Authentication Configuration for Router R1.

Root#set system host-name R1
Root@R1#set system root-authentication encrypted-password abc123
Root@R1#set interfaces se-0/0/2 encapsulation ppp
Root@R1#set interfaces se-0/0/2 ppp-options chap default-chap-secret abc123
Root@R1#set interfaces se-0/0/2 ppp-options chap local-name R1

CHAP Authentication Configuration for Router R2.

Root#set system host-name R2
Root@R2#set system root-authentication encrypted-password abc123
Root@R2#set interfaces se-0/0/2 encapsulation ppp
Root@R2#set interfaces se-0/0/2 ppp-options chap default-chap-secret abc123
Root@R2#set interfaces se-0/0/2 ppp-options chap local-name R2

Verifing Commands :
Root > show interface terse
Root > show interface se-0/0/2


IP Address 15.0.0.1
Se-0/0/2
IP Address 15.0.0.2
Se-0/0/2
R2 R1
WAN