JUNOS Juniper EX Cheat Sheet

S
h
o
w
s
h
o
w

s
y
s
t
e
m

u
p
t
i
m
e
S
e
t
s
e
t

d
a
t
e
S
e
t
(
N
T
P
)
s
e
t

d
a
t
e

n
t
p

<
I
P
>
S
h
o
w

(
N
T
P
)
s
h
o
w

n
t
p

a
s
s
o
c
i
a
t
i
o
n
s
S
e
t

T
im
e
z
o
n
e
s
e
t

s
y
s
t
e
m

t
i
m
e
-
z
o
n
e
IO
S
JUNO
S
Disable
interface <name>
shutdown
set interface <name> disable
Enable
interface <name>
no shutdown
delete interface <name> disable
help topic
help reference
General topics
Syntax
help syslog
Lookup syslog m
sgs
JUNOS Cheat-Sheet
Quick Reference www.cciezone.com
n = 1-3
n = 4-49
Stored in
/config/juniper.conf.n.gz
Stored in
/config/db/config/juniper.conf.n.gz
Rollbacks
Active
/config/juniper.conf.gz
JUNOS
Images
Should be stored in /var/tmp for easy cleanup
Rescue
/config/rescue.conf.gz
Upgrade
request system software add
(all are operational-m
ode com
m
ands)
R
eboot
request system reboot
Shutdow
n
request system power-off
request system configuration rescue save
Create
[edit]
rollback rescue
Rollback
(apply/restore)
OR
Press the config button for less than 5 seconds
T
h
e
r
e

is

n
o

d
e
f
a
u
l
t

r
e
s
c
u
e

c
o
n
f
ig

d
o
n
t

f
o
r
g
e
t

t
o

c
r
e
a
t
e

it
!
Login as root, run ezsetup
OR
Connect to ge-0/0/0, use DHCP and
access 192.168.1.1 (web or telnet/SSH)
OR
Choose Enter Ezsetup from LCD screen
OR
Connect to me0 and access 192.168.2.1
(EX-series)
set system root-authentication plain-text-password
Set Root
password
set system services ssh Enable SSH
delete system services telnet Disable Telnet
set system host-name <name> Set Hostname
- All ports are family ethernet-switching
- PoE is enabled on all PoE-capable ports
- LLDP and RSTP enabled
- Virtual chassis system ID is 0 (zero)
- mastership-priority of 128
load factory-default
Reset back
to default
T
h
e

E
X
-
s
e
r
ie
s

c
a
n

b
e

a
n

N
T
P

s
e
r
v
e
r
!
If me0 isnt configured as a L3
interface, it is automatically
assigned to the mgmt VLAN
-
Up to 8 interfaces in a single LAG
-
Max # LAGs:
EX 3200 = 32 LAGs per switch EX 4200 = 64 LAGs per switch VCS = 128 LAGs per VCS
-
Trunks do not have to have a native VLAN
1. S
et the num
ber of ae interfaces
se
t
c
h
as
s
is
a
g
gr
e
ga
t
ed
-
de
vi
c
es

e
t
he
r
ne
t
d
ev
i
ce
-
co
u
nt

<#
>
2. B
ind the physical interface to the ae
interface
se
t
i
n
te
rf
a
ce
s
<
n
am
e
>
et
h
er
-
o
pt
i
on
s
8
02
.
3a
d
<
a
e_
in
t
>
3. S
et the ae interface properties
(physical and logical)
-
Up to 64 MSTP instances are supported
- Configure under [edit protocols] hierarchy (stp, rstp and
mstp)
- Use Redundant Trunk Groups (RTGs) to have a failover/
secondary link without the use of STP
Up to 16 RTGs are supported per switch
1. Set the port mode to trunk
set interfaces <name> unit <#>
family ethernet-switching port-
mode trunk
2. Set the VLAN membership on the trunk
family ethernet-switching vlan
members <name(s)>
R
emember that all ports by default
are access ports
3. Set the native VLAN (optional)
family ethernet-switching
native-vlan-id <name>
VCPs
Virtual Chassis Ports form the backplane
VCB
Virtual Chassis Backplane cables interconnects
switches into a VCS
Each EX 4200 comes with a
-meter VCB
VCEPs
Virtual Chassis Extender Ports uses fiber to
interconnect remote switches
Only supported on 10Gbps uplink module
VCCP
Virtual Chassis Control Protocol used to
exchange LSA-based discovery messages
between PFEs in a VCS
VME
Virtual Management Ethernet interface used to
administer the switch stack
PFE
Packet Forwarding Engine
24-port EX 4200s have 2 PFEs
48-port EX 4200s have 3 PFEs
request virtual-chassis vc-port set
pic-slot <#> port <#>
Configure a VME
- show chassis hardware
- show virtual-chassis status
- show virtual-chassis active-topology
- show virtual-chassis interfaces
- show virtual-chassis member-config
- show virtual-chassis protocol
P
r
e
-
e
m
p
t
io
n

is

e
n
a
b
l
e
d

b
y

d
e
f
a
u
l
t
,

h
ig
h
e
s
t

p
r
io
r
it
y

w
in
s
U
p to 10 (ten) E
X
4200s
can be stacked into a V
C
S
[edit interfaces]
vlan {
unit 200 {
family inet {
address 10.1.1.1/24
}
}
}
[edit vlans]
test {
vlan-id 200;
l3-interface vlan.200;
}
T
h
e

V
L
A
N

u
n
i
t

d
o
e
s
n
t

h
a
v
e

t
o

m
a
t
c
h

t
h
e

V
L
A
N

I
D

b
e
s
t
-
p
r
a
c
t
i
c
e
s

r
e
c
o
m
m
e
n
d

i
t
Provides inter-VLAN routing.
Like an SVI on IOS.
[edit ethernet-switching-options]
redundant-trunk-group {
group rtg10 {
interface ge-0/0/3.0;
}
}
show spanning-tree bridge
show spanning-tree interface
show spanning-tree statistics interface
show spanning-tree mstp configuration
show redundant-trunk-group
P
o
rts can b
e:
L2
C
onfigure fa
m
il
y
e
th
e
rn
e
t-
s
wi
t
ch
in
g
L3
C
onfigure f
am
i
ly

in
et
Juniper EX-series Cheat Sheet
Configuration Example:
[edit forwarding-options helpers bootp]
description Main DHCP relay;
server 10.0.40.2; maximum-hop-count 4;
minimum-wait-time 1;
interface {
vlan.2 {
no-listen; }
}
Port
Firewall
Filter
(PACL)
Ingress /
Received
Packet
VLAN
Firewall
Filter
(VACL)
Router
Firewall
Filter
(RACL)
T
his is only used if its routed
outside of the VLA
N
VLAN
Firewall
Filter
(VACL)
Egress /
Transmit
Packet
M
A
C
L
im
itin
g
p
ro
te
c
ts
th
e
C
A
M
:
O
n
ly
a
llo
w
s
s
ta
tic
a
lly
-d
e
fin
e
d
M
A
C
a
d
d
re
s
s
e
s
O
R
L
im
its
th
e
n
u
m
b
e
r o
f d
y
n
a
m
ic
a
lly
-le
a
rn
e
d
M
A
C
a
d
d
re
s
s
e
s
[
e
d
i
t

e
t
h
e
r
n
e
t
-
s
w
i
t
c
h
i
n
g
-
o
p
t
i
o
n
s
]
s
e
c
u
r
e
-
a
c
c
e
s
s
-
p
o
r
t

{
i
n
t
e
r
f
a
c
e

g
e
-
0
/
0
/
0
.
0

{
a
l
l
o
w
e
d
-
m
a
c

[

0
0
:
0
0
:
0
0
:
0
0
:
0
0
:
0
1

]
;
}
i
n
t
e
r
f
a
c
e

g
e
-
0
/
0
/
1
.
0

{
m
a
c
-
l
i
m
i
t

2

a
c
t
i
o
n

s
h
u
t
d
o
w
n
;
} }
M
A
C
L
im
itin
g
a
c
tio
n
s
:
s
h
u
t
d
o
w
n

(b
lo
c
k
s
d
a
ta
tra
ffic
&
g
e
n
e
ra
te
s
s
y
s
te
m
lo
g
e
n
try
)
d
r
o
p

(d
ro
p
s
th
e
p
a
c
k
e
t a
n
d
g
e
n
e
ra
te
s
a
s
y
s
te
m
lo
g
e
n
try
)
l
o
g

(d
o
e
s
n
o
t d
ro
p
p
a
c
k
e
t, b
u
t g
e
n
e
ra
te
s
a
s
y
s
te
m
lo
g
e
n
try
)
n
o
n
e
(d
o
n
o
t d
o
a
n
y
th
in
g
)
C
o
n
fig
u
ra
tio
n
E
x
a
m
p
le
:
E
x
a
m
in
e
s
h
o
w

e
t
h
e
r
n
e
t
-
s
w
i
t
c
h
i
n
g

t
a
b
l
e

to
v
ie
w
th
e
M
A
C
ta
b
le
.
U
s
e
c
l
e
a
r

e
t
h
e
r
n
e
t
-
s
w
i
t
c
h
i
n
g

t
a
b
l
e

i
n
t
e
r
f
a
c
e

<
n
a
m
e
>
to
c
le
a
r v
io
la
tio
n
s
.
L
o
o
k
a
t s
h
o
w

l
o
g

m
e
s
s
a
g
e
s

fo
r M
A
C

L
im
itin
g
v
io
la
tio
n
m
e
s
s
a
g
e
s
.
show dhcp snooping binding
clear dhcp snooping binding
M
itigate rogue D
HC
P
servers!
Default Port Trusts:
Access port
= untrusted
Trunk port
= trusted
secure-access-port {
interface ge-0/0/0.0 {
dhcp-trusted;
}
no-dhcp-trusted;
}
vlan test {
examine-dhcp;
}
}
802.1X port m
odes:
single (default
only first host is authenticated, all other hosts
piggy-back on the first supplicant)
single-secure (only perm
its a single supplicant, all others are
denied)
multiple (perm
its access for m
ultiple supplicant, each supplicant
is authenticated individually)
802.1X Param
eters & O
ptions
Default Reauthentication Period:
3600 seconds
Range: 1 to 65,535 seconds
A G
uest VLAN
can be configured and is used when:
W
hen authentication fails
W
hen a client doesnt respond (have a supplicant)
M
AC
Static List is an authentication bypass for non-802.1X hosts.
M
AC addresses are stored locally on the device.
[edit protocols dot1x authenticator]
interface {
ge-0/0/0.0 {
guest-vlan test-guest-vlan;
reauthentication 3600;
supplicant single-secure;
}
ge-0/0/3.0 {
no-reauthentication;
}
}
Static {
00:00:00:00:00:01 {
}
00:00:00:00:00:02;
}
Monitoring Commands:
show dot1x interface
Show dot1x static-mac-address
show dot1x authentication-failed-users
C
o
n
fig
u
ra
tio
n
E
x
a
m
p
le
:
[
e
d
i
t

s
y
s
t
e
m

s
e
r
v
i
c
e
s

d
h
c
p
]
p
o
o
l

1
0
.
0
.
0
.
0
/
2
4

{
a
d
d
r
e
s
s
-
r
a
n
g
e

l
o
w

1
0
.
0
.
0
.
1

h
i
g
h

1
0
.
0
.
0
.
2
0
0
;
e
x
c
l
u
d
e
-
a
d
d
r
e
s
s

{
1
0
.
0
.
0
.
1
;
}
m
a
x
i
m
u
m
-
l
e
a
s
e
-
t
i
m
e

8
6
4
0
0
;
d
e
f
a
u
l
t
-
l
e
a
s
e
-
t
i
m
e

8
6
4
0
0
;
n
a
m
e
-
s
e
r
v
e
r

{
1
0
.
0
.
1
0
.
1
0
;
}
r
o
u
t
e
r

{
1
0
.
0
.
0
.
2
5
4
;
}
}
U
s
e
fu
l C
o
m
m
a
n
d
s
:
s
h
o
w

s
y
s
t
e
m

s
e
r
v
i
c
e
s

d
h
c
p

?
c
l
e
a
r

s
y
s
t
e
m

s
e
r
v
i
c
e
s

d
h
c
p

c
o
n
f
l
i
c
t
DHCP traceoptions are logged to
/var/log/fud by default
-
Relies on examining entries in the DHCP
Snooping table, so requires DHCP Snooping
-
Disabled on all VLANs by default
-
It is enabled on a per-VLAN basis
-
Any interface that is configured as a trusted
interface for DHCP Snooping is also setup as a
DAI trusted interface (bypasses ARP inspection)
secure-access-port {
dhcp-trusted;
}
vlan test {
arp-inspection;
examine-dhcp;
}
}
Monitoring Commands:
show dhcp snnoping bindings
show arp inspection statistics
-
Configure CoS before enabling voice VLAN
-
Use voice VLAN on ports with IP phones
-
Use LLDP-M
ED to signal voice VLAN ID and 802.1p value
to IP phone
Configuration Exam
ple:
voip {
interface ge-0/0/0 {
vlan test-voice;
forwarding-class voice-ep;
}
}
Useful Com
m
ands:
show vlans detail <name>
-
Fully interchangeable betw
een EX 3200 and
4200 series sw
itches
-
320W
, 600W
and 930W
capacities are available
C
o
n
f
ig
u
r
a
t
io
n

E
x
a
m
p
le
:
[
e
d
i
t

p
o
e
]
i
n
t
e
r
f
a
c
e

g
e
-
0
/
0
/
0

{
p
r
i
o
r
i
t
y

h
i
g
h
;
m
a
x
i
m
u
m
-
p
o
w
e
r

1
5
.
4
;
t
e
l
e
m
e
t
r
i
e
s

{
i
n
t
e
r
v
a
l

5
;
d
u
r
a
t
i
o
n

1
;
}
}
i
n
t
e
r
f
a
c
e

g
e
-
0
/
0
/
1

{
t
e
l
e
m
e
t
r
i
e
s

{
d
i
s
a
b
l
e
;
}
}
U
s
e
f
u
l
C
o
m
m
a
n
d
s
:
s
h
o
w

c
h
a
s
s
i
s

h
a
r
d
w
a
r
e
s
h
o
w

p
o
e

c
o
n
t
r
o
l
l
e
r
s
h
o
w

p
o
e

i
n
t
e
r
f
a
c
e
-
All switch ports are assigned to class 0 by default
-
Modes:
Static max power for port is deducted from total power pool
(only supports class 0)
Dynamic power budgeted from total power pool matches
actual power consumed
Class max power class budget is deducted from the total
power pool
-
PoE Telemetries provide historical power usage for each
powered device (PD)
Disabled by default
Default interval is 5 minutes (1 to 30 mins)
Default duration is 1 hour (1 to 24 hrs)
L
L
D
P

M
u
l
t
ic
a
s
t

A
d
d
r
e
s
s
:
0
1
-
8
0
-
C
2
-
0
0
-
0
0
-
0
E
Configuration Exam
ple:
[edit protocols]
lldp {
advertisement-interval 30;
hold-multiplier 2;
msgTxInterval 30;
msgTxHold 4;
}
lldp-med;
Useful Com
mands:
show lldp statistics
show lldp detail
show lldp neighbors
show lldp local-info
-
All mandatory LLDP TLVs are sent when LLDP is enabled
-
All optional LLDP and LLDP-M
ED TLVs are enabled by default
Assessment
Design and
Implementation
Maintenance
Packet Forwarding Engine (PFE)
Bridging
Table
(BT)
Fwding
Table
(FT)
Packet Flow Packet Flow
Routing Engine (RE)
JUNOS Software
Bridging
Table
(BT)
Fwding
Table
(FT)
Routing
Table
(RT)
Control Plane
Forwarding Plane
- 24 to 48-ports
Basic model has 8 PoE ports
Up to 48 PoE ports are supported
- Does not support VCS
- Intended for access layer usage
- Supports redundant power supplies (one internal, one via RPS port)
- Field-replaceable PS and fan tray
- Uplink modules:
4 x 1Gbps Ethernet (SFP)
2 x 10Gbps Ethernet (XFP)
- Line-rate switching (non-blocking)
- 24 to 48-ports
Basic model has 8 PoE ports
Up to 48 PoE ports are supported
- Supports VCS (up to 10 switches in a VCS)
- Intended for distribution and access layer usage
- Redundant (both internal), hot-swappable PS
- Field-replaceable fan tray (3 fans one can fail & not affect operations)
- Uplink modules:
4 x 1Gbps Ethernet (SFP)
2 x 10Gbps Ethernet (XFP)
- Line-rate switching (non-blocking)

JUNOS Juniper EX Cheat Sheet

Uploaded by

Copyright:

Available Formats

You might also like

JUNOS Juniper EX Cheat Sheet

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

JUNOS Juniper EX Cheat Sheet

Uploaded by

Copyright:

Available Formats

S

You might also like