Skip to main content

Juniper switch Basic Configuration Commands

Hello fellow blog reader, after long gap I'm going to write this thread regarding the basic Juniper command and configuration. I try to include as much as troubleshooting/configuration command during day to day work.
I would like to thank to Srijan pointing the error on LACP command.

1. Set username for login
root@jpudasaini#set system root-authentication encrypted-password
New password:
Retype new password:

root@jpudasaini#set system login user jay full-name jaypudasaini uid 400 class super-user authentication encrypted-password


2. Hostname configuration.
root@switch#set system host-name jpudasaini
root@jpudasaini#

3. Set Tacplus authentication for juniper switch.
root@jpudasaini# set system authentication-order tacplus
root@jpudasaini# set system authentication-order password
root@jpudasaini# set system root-authentication encrypted-password "you password here"
root@jpudasaini# set system tacplus-server 10.10.10.10(your tacplus server IP) secret "your server password here"
root@jpudasaini#set system tacplus-options service-name test

4. Configuration VLAN(Group)
root@jpudasaini#set vlans Cust-Fiber vlan-id 500-550
root@jpudasaini#set vlans Cust-Wireless vlan-id 551-575
    single vlan
root@jpudasaini#set vlans Cust-A vland-id 25

5. Trunk Port Configuration
root@jpudasaini#set interfaces ge-0/0/9 description connect-to-sw2
root@jpudasaini#set interfaces ge-0/0/9 unit 0 family ethernet-switching port-mode trunk
root@jpudasaini#set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan members Cust-Fiber

6. Access Port Configuration
root@jpudasaini#set interfaces ge-0/0/0 description Link-to-sw3
root@jpudasaini#set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access
root@jpudasaini#set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members 25

7. Port Channel Configuration
root@jpudasaini#set chassis aggregated-devices ethernet device-count 10
root@jpudasaini#set interfaces ae0 description TR-2-Jpudasaini-Sw2
root@jpudasaini#set interfaces ae0 aggregated-ether-options lacp active
root@jpudasaini#set interfaces ae0 unit 0 family ethernet-switching port-mode trunk
root@jpudasaini#set interfaces ae0 unit 0 family ethernet-switching vlan members Cust-Fiber
root@jpudasaini#set interfaces ae0 unit 0 family ethernet-switching vlan members Cust-Wireless

8. Port Channel Assign to the Physical Port
root@jpudasaini#set interfaces ge-0/0/16 description test-sw1
root@jpudasaini#set interfaces ge-0/0/16 ether-options 802.3ad ae0
root@jpudasaini#set interfaces ge-0/0/17 description test-sw1
root@jpudasaini#set interfaces ge-0/0/17 ether-options 802.3ad ae0

9. Configuration management IP for switch.
root@jpudasaini#set interfaces vlan unit 20 family inet address 10.10.10.11/24

10. Configuration snmp.
root@jpudasaini#set snmp name Test-SNMP
root@jpudasaini#set snmp description test-sw2
root@jpudasaini#set snmp location "Jpudasaini-NOC"
root@jpudasaini#set snmp contact "system@jpudasaini.com.np"
root@jpudasaini#set snmp client-list list0 10.10.10.0/24
root@jpudasaini#set snmp community ax3R5vgW authorization read-only
root@jpudasaini#set snmp community ax3R5vgW client-list-name jpudasaini

11. Enable LLDP
root@jpudasaini# set protocols lldp interface all
root@jpudasaini#set protocols lldp-med interface all

12. Configure port as L3
root@jpudasaini#set interface ge-0/0/23 unit 0 family ethernet-switching port-mode trunk
root@jpudasaini#set interface ge-0/0/23 unit 0 family ethernet-switching vlan member 25
root@jpudasaini#set vlan Mgmt vlan-id 25
root@jpudasaini#set vlan Mgmt l3-interface vlan.25
root@jpudasaini#set interface vlan.250 family inet address xxx.xxx.xxx.xxx

13.Rate Limit
 Configure the policer

root@jpudasaini# set firewall policer Policer_2M if-exceeding bandwidth-limit 1M
root@jpudasaini# set firewall policer Policer_2M if-exceeding burst-size-limit 2k
root@jpudasaini# set firewall policer Policer_2M then discard

Configure the firewall filter

root@jpudasaini# set firewall family ethernet-switching filter Limit term 1 then accept
root@jpudasaini# set firewall family ethernet-switching filter Limit term 1 then policer Poicer_2M

Apply filter on interface (can be any interface as required)

root@jpudasaini# set interface ge-0/0/24.0 family ethernet-switching filter input Limit

Note: Remember that EX series switches apply rate limit only on ingress. 

Comments

  1. you should set number of aggregate ether-channel before creating LACP links with CMD.
    " set chassis aggregated-devices ethernet device-count 10".

    ReplyDelete

Post a Comment

Popular posts from this blog

Unable to open kernel device . global vmx86 windows 7

Suddenly I encounter a weird problem with VMware 9 version. I install different OS for my education and testing purposed. Like MAC os, Ubuntu, CentOS, BT, WinXP, Win-server 2003. When I tried to run one of this OS a error message appear. unable to open kernel device "\\.Global\vmx86": The system cannot find the file specified. Did you reboot after installing VMware Workstation? Failed to initialize monitor device. Click ok you can see this window After googling I found one solution in developer forum but thread starter never use that method. So I tried it and here is my finding. Go to the directory of vmware installed  (In my case I run it as Administrator) C:\Program Files (x86)\VMware\VMware Workstation>   ( I've 32-bit apps on 64-bit OS, your may be different) Run this command vnetlib -- uninstall vmx86  reboot Go to the same directory and check net start command - this time it should say "service name  is invalid&quo

Simple Failover Mikrotik

Simple fail-over Mikrotik router configuration. Most of the user wants backup link (Fiber link with Wireless backup), in case fiber down wireless link auto up. No downtime for the user. Here is simple setting on Mikrotik for fail-over. I'm very great full to Anton to point out the mistake in src-address. It has been corrected now. ****default routes for new outgoing traffic.**** /ip route add dst-address=0.0.0.0/0 gateway=ISP-GW-ADDR-1 distance=1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=ISP-GW-ADDR-2 distance=2 ++masquerade both WAN connections++ /ip firewall nat add chain=srcnat src-address=192.168.0.0/24 out-interface=WAN-1 action=masquerade add chain=srcnat src-address=192.168.0.0/24 out-interface=WAN-2 action=masquerade Thats it.

Mikrotik SXT 5nD r2 setup in bridge mode

How to connect two Mikrotik RouterBoard SXT 5nD r2 devices together in Bridge Mode Upgrading you SXT's to the Latest version of RouterOS Doing a Bandwidth Test between two RouterBoard SXT-5nD's Mikrotik routerboard default IP is 192.168.88.1 You can connect with routerboard by WinBox through IP and MAC address. You need to download WinBox from mikrotik website. By default routerboard have Admin as username and blank password. If you want to connect with device through IP then don't forget to add same network address into your pc NIC, otherwise connection isn't established. Else you can connect through MAC so choose MAC address from Elipsis next to " connect " field. When you login, "RouterOS Default configuration" screen is popup. click okay. Do same for other device to login to routerOS If you followed the process then you already open both device. Now you can set a HostName for those devices. Click on the system button o