JUNOS Cheat-Sheet
advertisement
JUNOS Cheat-Sheet
Quick Reference – www.cciezone.com
Active
n = 1-3
Rollbacks
n = 4-49
Rescue
JUNOS
Images
r.conf.gz
/config/junipe
Stored in
.conf.n.gz
/config/juniper in
ed
or
St
f.n.gz
fig/juniper.con
/config/db/con
.conf.gz
/config/rescue
sy cleanup
/var/tmp for ea
ed in
Should be stor
Disable
Enable
IO
S
interf
ace <n
ame>
shutdo
wn
interf
ace <n
ame>
no shu
tdown
help t
opic
help r
efere
help s
yslog
Upgrad
e
Reboo
t
Shutdo
wn
(all are
operati
onal-m
o
reque
s
t sys
tem
reque
reque
s
de com
m
softw
a
st sy
ste
t sys
tem
re ad
d
-off
Rollback
(apply/restore)
Login as root, run ezsetup
OR
Connect to ge-0/0/0, use DHCP and
access 192.168.1.1 (web or telnet/SSH)
OR
Choose Enter Ezsetup from LCD screen
OR
Connect to me0 and access 192.168.2.1
(EX-series)
s
w
ho
sy
st
em
t
se
u
da
em
Set Root
password
me
te
m
ti
e-
zo
ne
IP
interf
<name>
ace <n
ame>
disabl
e
disabl
e
Genera
l topics
Syntax
Lookup
syslog m
sg
s
–
nfig
o
c
scue
t re eate it!
l
u
a
r
ef
no d et to c
s
i
g
r
re
The don’t fo
Create
i
pt
delete
ands)
m reb
oot
power
nce
JUNOS
set in
terfac
e
request syst
em configur
ation rescue
save
[edit]
rollback re
scue
OR
Press the conf
ig button for les
s than
5 seconds
set system root-authentication plain-text-password
Enable SSH
set system services ssh
Disable Telnet
delete system services telnet
Set Hostname
set system host-name <name>
>
<
s
st
p
ow
on
sy
nt
ti
Sh
t
e
e
t
ia
s
a
t
c
d
so
Se
t
as
se
t
p
Se one
nt
w
ez
)
ho
Tim (NTP ) s
t
P
Se
NT
w(
o
Sh
NT
Ps
erv
er!
Juniper EX-series Cheat Sheet
Th
e
EX
-se
rie
s
can
be
an
Quick Reference – www.cciezone.com
-
All ports are family ethernet-switching
PoE is enabled on all PoE-capable ports
LLDP and RSTP enabled
Virtual chassis system ID is 0 (zero)
mastership-priority of 128
Reset back
to default
load factory-default
rted
tances are suppo
p and
hierarchy (stp, rst
Up to 64 MSTP ins
dit protocols]
[e
der
un
e
gur
Confi
mstp)
over/
Gs) to have a fail
Trunk Groups (RT
Use Redundant
P
ST
of
use
out the
ns]
tch
secondary link with
hing-optio
supported per swi
rnet-switc
Up to 16 RTGs are
[edit ethe
{
p
trunk-grou
redundant0 {
;
group rtg1
idge
br
e
re
-t
ge-0/0/3.0
ng
interface
show spanni
terface
.0;
in
e
e
re
ac
-t
rf
ng
e ge-0/0/4
te
ni
ac
in
an
rf
sp
te
cs
in
ti
ow
sh
atis
ng-tree st
ation
show spanni
}
tp configur
ng-tree ms
ni
an
sp
ow
sh
}
-
d by
able wins
n
e
is iority
tion
r
-emp ghest p
e
r
P , hi
ul t
def a
kplane
the bac
cts
rts – form
o
P
is
terconne
hass
bles – in
Virtual C
lane ca
kp
ac
s
S
B
P
C
V
VC
hassis
s into a
er to
Virtual C
switche
uses fib
Ports –
er
d
n
s
VCB
te
e
x
h
hassis E
ote switc module
ect rem
Virtual C
k
interconn n 10Gbps uplin
o
d
e
rt
o
to
pp
s
u
– used
VCEP
Only s
rotocol
ssages
ontrol P
e
C
m
s
si
ry
has
cove
Virtual C SA-based dis
S
in a VC
ge L
exchan
n PFEs
sed to
ee
tw
e
b
ace – u
rf
te
in
VCCP
t
ne
er
th
E
t
en
tack
anagem
switch s
Virtual M administer the
Engine
g
in
rd
a
Forw
V ME
2 PFEs
Packet
0s have
EX 420 have 3 PFEs
24-port
0s
0
EX 42
et
48-port
PF E
port s
ure a V
Config
-
show
show
show
show
show
show
ME
reques
}
]
vlans
[edit
{
t
0;
tes
.200;
id 20
vlan- rface vlan
e
t
l3-in
default
ports by
l
l
a
t
a
s
er th
Rememb re access port
a
1. Se
t th
set
cha e numbe
ethe ssis ag r of ae in
gr
rnet
ter
devi egated- faces
d
ce-c
ount evices
<#>
2. Bin
d the
phys
ical in
set
inter terface
inte
face
to th
r
f
opti
a
e ae
ons ces <n
ame>
802.
3ad
ethe
<ae_
r
int> 3. Se
t the
ae in
te
(phy
sical rface pr
o
and
logic perties
al)
1. Set the port mode to trunk
set interfaces <name> unit <#>
family ethernet-switching portmode trunk
have to
unit doesn’t
The VLAN
LAN ID –
match the V ommend it
s rec
best-practice
]
faces
inter
[edit
{
vlan
200 { net {
4
unit
1.1/2
y i
famil ress 10.1.
add
}
-
unk-group
Up to 8 interfac
es in a single
LAG
Max # LAGs:
EX 3200 = 32
LAGs per sw
itch
EX 4200 = 64
LAGs per sw
itch
VCS = 128 LA
Gs per VCS
Trunks do no
t have to have
a native VLAN
If me0 isn’t configured as a L3
interface, it is automatically
assigned to the mgmt VLAN
chassis hardware
virtual-chassis status
virtual-chassis active-topology
virtual-chassis interfaces
virtual-chassis member-config
virtual-chassis protocol
}
-
vcassis
ual-ch port <#>
t virt
#>
<
ot
pic-sl
.
routing
VLAN
s interS.
e
id
IO
v
n
ro
o
P
SVI
Like an
}
ant-tr
show redund
with a
200 comes
Each EX 4
CB
½-meter V
Up to 1
0(
can be s ten) EX 4200
tacked
into a V s
CS
2. Set the VLAN membership on the trunk
set interfaces <name> unit <#>
family ethernet-switching vlan
members <name(s)>
3. Set the native VLAN (optional)
set interfaces <name> unit <#>
family ethernet-switching
native-vlan-id <name>
ng
tchi
-swi
t
e
n
ther
ly e
Por
fami
e
r
L2
u
g
Confi
inet
mily
e fa
r
L3
u
g
Confi
:
n be
ts ca
Juniper EX-series Cheat Sheet
Quick Reference – www.cciezone.com
’s route
used if it N
ly
n
o
is
This
the VLA
outside of
Port
Firewall
Filter
(PACL)
Ingress /
Received
Packet
VLAN
Firewall
Filter
(VACL)
d
Router
Firewall
Filter
(RACL)
VLAN
Firewall
Filter
(VACL)
Egress /
Transmit
Packet
Mitigate
rogue D
servers HCP
!
}
sted
= untru
ed
= trust
sts:
Port Tru port
Default
Access rt
po
Trunk
ns]
le:
Examp ching-optio
uration
Config thernet-swit {
e
t
[edit
ss-por /0/0.0 {
-acce
-0
secure rface ge ed;
st
inte
ru
-t
dhcp
{
0/1.0
}
ge-0/
rface -trusted;
te
n
i
cp
dh
on
}
MA
On C Lim
ly a
i
llow ting p
s s rote
Lim
tat
cts
its
the OR ically the C
-de
num
MA
fine AM:
ber
dM
sh C Lim
of d
AC
ut
yna
do iting
add
dr
mic
wn
act
op
res
ion
ally
lo
(
ses
(
b
d
g
rop lock s:
-lea
(
no
rne
ne does s the s dat
dM
pac a tr
(do not
AC
af
k
not dro
add
Co
p et a fic &
do
n
res
any pack nd ge gen
[e figu
ses
e
e
n
di
t
r
t
r
h
atio
, bu era
ate
i
t
n
se
g
t
s
n
e
t ge es
)
cu
s
y
re ther Exa
a
ste
ner
-a
s
m
n
y
m
e
ate
s
c
p
in
te cess t-sw le:
s a tem l log e
rf
it
-p
sys og e ntr
a
y)
tem
al ce g ort chin
nt
}
lo
g
{
e
-o
log ry)
we
in
pt
d- 0/0/
ent
te
io
ma
rf
0
ry)
ns
.0
c
ac
]
[
e
{
m
ac
00
-l ge-0
:0
im
0:
it /0/1
00
:0
.0
2
0:
ac
{
00
ti
:0
on
1
sh
];
ut
do
wn
;
Ex
to a m i n
vie e
s
w
th e h o w
Us
M A et
e
in cl
h
C
te ea
ta b e r n
rf r
le. eta
e
Lo
ce th
sw
it
<n ern
Li m ok at
ch
am et
itin sh
in
e> -s
g
g v ow
wi
t
o
ta
i ol
cle tc
a ti l o g
bl
hi
a
on
e
r
vio ng
me m e s
l at
t
s s sag
a
ion
b
ag
e
l
s.
e
es s
.
fo r
MA
C
}
{
test
p;
vlan
e-dhc
examin
}
}
show dhcp snooping binding
clear dhcp snooping binding
-
s in the DHCP
mining entrie
ooping
Relies on exa
uires DHCP Sn
req
so
le,
tab
lt
Snooping
ANs by defau
VL
all
on
led
Disab
N basis
on a per-VLA
d
It is enabled
red as a truste
that is configu
o setup as a
Any interface
ooping is als
Sn
CP
DH
ction)
interface for
es ARP inspe
erface (bypass
DAI trusted int
Example:
Configuration t-switching-options]
it etherne
[ed
ss-port {
{
secure-acce
ge-0/0/0.0
interface
;
dhcp-trusted
Monitoring Co
mmands:
ndings
snnoping bi
show dhcp
atistics
pection st
ins
arp
show
}
{
vlan test
ion;
arp-inspect
-dhcp;
ne
mi
exa
}
DHCP traceoptions are logged to
/var/log/fud by default
}
]
g
cp
:
hi
dh
ple
.1
.0
am ices
x
0
.
v
E er
10
on
h
i m s 4 { ow
ra t
gu yste .0/2 ge l
nfi
n
0
{
Co dit s0.0. s-ra
s
s
1
e
es
[
e
0;
ol ddr 0; addr ;
40
0
a
po
86 00;
.1
e.2
me 864
.0 lud .0.0
i
0
c
.
-t me
10
ex
10
i
se
ea e-t
s
-l
um lea {
m
}
xi lt- er 10;
a
v
u
m
0.
er
fa
de e-s .0.1
m
10
na
ct
;
li
54
?
{
nf
.2
co
cp
.0
er
}
dh cp
ut 0.0
:
o
h
1
r
d
es
ds
an vic es
mm er vic
}
Co tem s ser
l
m
efu s
Us w sysyste
}
o
sh ar
e
l
c
Configur
at
}
ion Exam
[edit
ple:
forwar
ding-o
descri
ptions
ption
he
“Main
server
DHCP re lpers bootp]
10.0.4
lay”;
0.2;
maximu
m-hopcount
minimu
4;
m-wait
-time
interf
1;
ace {
vlan.2
{
no-lis
ten;
}
ated,
entic
all oth
er ho
sts
are
th
is au
others
s:
host
t, all
mode only first
plican
rt
t)
p
nt
o
n
u
p
a
s
–
c
X
li
le
lt
pplica
802.1 e (defau first supp its a sing
ch su
e
l
rm
nt, ea
a
c
li
sing ack on th (only pe
p
p
-b
e
le su
piggy e-secur
multip
l
s for
sing )
cces
a
s
it
d
)
denie ple (perm dividually
nds
i
in
seco
mult enticated
36 00
ns
th
Optio od:
is au
&
ters
eri
onds
rame tication P
5 s ec
X Pa
n
en:
802.1 Reauthe 1 to 65,53
d wh
lt
:
is use
u
e
d
n
a
Defa
Rang
t)
gured
lican
confi
s upp
ils
ve a
an be
osts.
AN c tication fa pond (ha
.1X h
L
V
t
s
es
n-802
en
re
u
o
’t
th
n
G
n
u
r
s
a
A
n
doe
ss fo
W he
lient
bypa evice.
nac
ation
W he
entic y on the d
th
u
a
ll
an
loca
List is
tored
are s
Static
MAC ddresses
a
MAC
Configuration Example:
[edit protocols dot1x authenticator]
interface {
ge-0/0/0.0 {
guest-vlan test-guest-vlan;
reauthentication 3600;
supplicant single-secure;
}
ge-0/0/3.0 {
no-reauthentication;
}
}
Static {
00:00:00:00:00:01 {
interface ge-0/0/0.0;
}
00:00:00:00:00:02;
}
Monitoring Commands:
show dot1x interface
Show dot1x static-mac-address
show dot1x authentication-failed-users
Juniper EX-series Cheat Sheet
Quick Reference – www.cciezone.com
default
to class 0 by
are assigned
All switch ports
power pool
ed from total
Modes:
r port is deduct
fo
r
we
po
x
Static – ma
matches
class 0)
tal power pool
(only supports
dgeted from to
bu
r
we
po
–
ic
Dynam
from the total
consumed
actual power
et is deducted
dg
bu
ss
cla
r
we
Class – max po
usage for each
power pool
torical power
his
e
id
ov
pr
s
rie
PoE Telemet
e (PD)
powered devic
fault
Disabled by de 5 minutes (1 to 30 mins)
al is
Default interv
to 24 hrs)
n is 1 hour (1
Default duratio
-
-
:
ple
xam
E
{
tion
/0
ura e] -0/0 h; .4;
g
i
f
g
e
o
n
15
i
Co t p e g h r
we
ty
ac
di
[e erf or i m-po s { ;
i
t
u
r
n
ie l 5
m
p
i
;
a
tr
xi
ma eme erv on 1
t
l
in a ti
te
r
du
/1
/0
{
-0
ge es
i
e
ac etr le;
f
b
m
r
}
te ele isa
d
t
in
{
}
}
}
s : war
nd
ma hardler
m
o
s
ol
ul C ssi tr ce
e
n
a
ef
fa
Us o w c h o e c o n t e r
i
p
sh
oe
ow
sh w p
o
sh
-
Fully in
te
4200 s rchangeable
eries s
witche between EX
320W,
s
3200 a
600W
nd
and 93
0W ca
pacitie
s are a
vailable
LLD
P
-
Mul
ticas
t
Addr
ess:
-
Configu
re CoS
b
Use vo
ice VLA efore enabling
N
vo
Use LL
DP-ME on ports with IP ice VLAN
D to sig
to IP ph
phone
nal voic
one
e VLAN s
ID and
Configu
802.1p
ration E
value
[edit
x
a
m
ple:
ether
net-s
voip {
witch
ing-op
tions]
inter
face
ge-0/0
/0 {
vlan
testvoice;
forwa
rding
}
-class
}
voiceep;
01-8
0
-C2
-
00-0
0
Useful
C
o
mmand
show v
s:
lans
detail
<name>
-0E
bled
P is ena
hen LLD bled by default
w
t
n
e
s
a
en
s are
DP TLV
TLVs are
atory LL
P-MED
All mand l LLDP and LLD
na
All optio
xample:
ration E
Configu otocols]
dit pr
[e
l 30;
nterva
lldp { rtisement-i
adve
ier 2;
ultipl
hold-m erval 30;
t
n
msgTxI d 4;
ol
msgTxH
}
ed;
lldp-m
Assessment
s:
ommand
Useful C p statistics
ld
show l p detail
ld
show l p neighbors
ld
o
show l p local-inf
ld
show l
Maintenance
Design and
Implementation
Juniper EX-series Cheat Sheet
Quick Reference – www.cciezone.com
-
-
-
24 to 48-ports
Basic model has 8 PoE ports
Up to 48 PoE ports are supported
Does not support VCS
Intended for access layer usage
Supports redundant power supplies (one internal, one via RPS port)
Field-replaceable PS and fan tray
Uplink modules:
4 x 1Gbps Ethernet (SFP)
2 x 10Gbps Ethernet (XFP)
Line-rate switching (non-blocking)
-
-
-
24 to 48-ports
Basic model has 8 PoE ports
Up to 48 PoE ports are supported
Supports VCS (up to 10 switches in a VCS)
Intended for distribution and access layer usage
Redundant (both internal), hot-swappable PS
Field-replaceable fan tray (3 fans – one can fail & not affect operations)
Uplink modules:
4 x 1Gbps Ethernet (SFP)
2 x 10Gbps Ethernet (XFP)
Line-rate switching (non-blocking)
Routing Engine (RE)
Bridging
Table
(BT)
Routing
Table
(RT)
Fwding
Table
(FT)
JUNOS Software
Control Plane
Forwarding Plane
Packet Forwarding Engine (PFE)
Packet Flow
Bridging
Table
(BT)
Fwding
Table
(FT)
Packet Flow
