Category: <span>Juniper</span>

Here are sample static route configuration on Juniper routers such as MX and QFX series. 1.Configure IPv4 default route to next hop 192.168.10.3 set routing-options static route 0.0.0.0/0 next-hop 192.168.10.3   2.Configure IPv4 default route to next hop 192.168.10.3 via management port set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 192.168.10.3   3. Configure IPv4 for 192.168.0.0/16 range to Null interface (e.g. for BGP advertisement) set routing-options static route 192.168.0.0/16 discard   4. .Configure IPv6 default route to next hop…

Juniper

These are the some commands being used when performing network change or maintenance, depending on the features or services being run in the network. Typically, this is very useful in verification, troubleshooting and comparison between before and after the change. #Log Time set cli timestamp set cli screen-width 200 show ntp associations no-resolve | no-more show ntp status no-resolve | no-more ## Hardware Status show chassis hardware | no-more show chassis hardware clei-models | no-more show chassis hardware detail |…

Juniper

It is recommended to implement the separation of management and data/customer traffic in your Juniper devices (e.g. QFX Series Switches, MX Series).  Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization and Accounting (AAA) -preferably to setup centralized TACACS+ to manage all your devices, implement central network management that can impose security protocol to…

Juniper

As mentioned from the previous post, Bogon prefixes or routes should never appear in the Internet routing table. Network Engineers should implement “Best Practices” in their network, that includes filtering of bogons as it maybe used in DDoS attacks or Spams. Refer to https://freenetworktutorials.com/ipv4-and-ipv6-bogon-address-list  for more info. “Martians” bogons may changed occasionally so at least make sure private address mentioned in https://freenetworktutorials.com/ipv4-classful-and-reserved-addresses are filtered so it wont leak out into the Internet. Here is sample steps and configuration. (This is the equivalent configuration…

Juniper

Here’s the Cisco IOS-XR commands vs Juniper OS commands Cisco IOS-XR Juniper OS BASIC show show     | include | match ..formal |       display set    configure        configure/edit shutdown      disable   no shutdown  delete interface <interface> disable     no        delete   clear  clear show running-config show configuration  show version show version    show tech-support request support information  show configuration (after change) show | compare (after change) clear counters <interface>  clear interface…

Cisco Juniper Networking

Static Route Configuration Examples in Juniper for BGP aggregated prefix advertisements In order to advertise the aggregated routes (and default routes) via BGP, it should exists in the routing table, that’s the #1 rule. If these summarized routes (/16) are not existing and only smaller subnets are learned via the IGP(e.g. OSPF,IS-IS), then configure static route and next hop e.g. Null0. Configuration: routing-options { graceful-restart; rib inet6.0 { static { route fd41:c8be:2153:f400::/64 discard; route ::0/0 { discard; no-install; static {…

Juniper

Originating BGP advertisement can be configured to any iBGP peer router. Here’s the sample configuration of originating BGP routes and community tagging in Juniper. Assuming these are the summarized prefixes that you want to advertise via BGP. 111.111.0.0/16 222.222.0.0/16 Configuration: routing-options { graceful-restart; router-id 1.1.1.1; autonomous-system 11111; protocols { bgp { group RR-IBGP { type internal; description RR-IPv4; local-address 192.168.100.6; family inet { unicast; } authentication-key “$1$N3tBioBwfdFsFVwgoGDh.3C0oL”; ## SECRET-DATA export bgp-statement; neighbor 192.168.100.5 { description iBGP to Route Reflector; }…

Juniper

Checking TX / RX optical power for Juniper Routers For checking transmission links, it is good to know how to find out the optical power for troubleshooting and making sure the desired or optimal range is meet. Here is the sample command for checking the TX/RX optical power   darwin@JUNOS-RE0$ show interfaces diagnostics optics xe-0/0/0 Physical interface: xe-0/0/0 Laser bias current                        :  85.674 mA Laser output power     …

Juniper

Here’s some Best practices that you can implement in Juniper devices in securing your SSH. 1.Remote access should be via SSH and telnet is disabled delete system services telnet   2. SSH should be version 2 or higher. Do not run v1 set system services ssh protocol-version v2   3. Configure Login Banner set system login message “\n*************************************************************************\n       UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED\n\nYou must have explicit, authorized permission to access or configure this \ndevice.Unauthorized attempts and…

Juniper

The “traceoptions” statement in Juniper let you debug BGP protocol issues. If cannot connect BGP peering, you can set the “traceoptions” to understand further about the issue. 1. Configure “traceoptions” and name the log as debug-bgp set protocols bgp group BGP-GROUP1 traceoptions file debug-bgp set protocols bgp group BGP-GROUP1traceoptions file size 1m set protocols bgp group BGP-GROUP1 traceoptions file files 2 set protocols bgp group BGP-GROUP1 traceoptions flag all commit where: max trace file size = 1m max trace files…

Juniper