Category: <span>Juniper</span>

Here’s sample firewall configuration in protecting the box and its services. ICMP: ICMP message types are essential for network administration and troubleshooting. There are quite a number of ICMP parameters, you can refer to IANA ICMP Parameters for the list or if you want to learn more details about ICMP can refer to RFC792. Here’s the 4 types I consider useful for troubleshooting and need to be allowed.Type 0 — Echo Reply –> response from target to host Type 8 — Echo Request–>…

Juniper

These are the steps in upgrading Juniper Routers. This was tested using the JunOS SRX router. Assumption: JunOS is downloaded and stored in an FTP server. Step1: Download the necessary image from the FTP server. Save it in the /var/tmp folder. user1@SRX-Router1> file copy ftp://user1@172.25.11.254/junos-vsrx-x86-64-19.2R1.8.tgz /var/tmp/  Password for user1@172.25.11.254: /var/home/user1/…transferring.file………ush100% of 1127 MB 5426 kBps 00m00s Step2: Verify the software package user1@SRX-Router1> file list /var/tmp | match junos  junos-vsrx-x86-64-19.2R1.8.tgz user1@SRX-Router1> file list detail /var/tmp | match junos  -rw-r–r–  1 user1 …

Juniper

Objective: To configure port-channel and associate it to vlan. Servers will use Juniper-Router as their gateway and uplink to Internet. Server-switch have Layer 2 (access mode) connectivity to Juniper-Router. (see Fig.1)  Fig.1 1. Configure the Vlan (interface vlan will be the server’s gateway) Juniper-Router# configure set vlans VLAN-8 description Server-Farm set vlans VLAN-8 vlan-id 8 set vlans VLAN-8 l3-interface irb.8 set interfaces irb unit 8 description “Server Farm Vlan” set interfaces irb unit 8 family inet address 192.168.8.1/24 2. Configure…

Juniper

By default in Juniper, LACP timer is fast which is 1 sec, while in Cisco the default setting is slow which is 30 secs. If connecting Juniper devices to non-Juniper routers or switches, the LACP timer will have mismatch thus it can cause LACP timing out due to not receiving PDU packets in a timely manner. show log messages | match lacp Sample error logs: user1@QFX-Router1-re0> show log messages | match lacp Sep 6 08:23:10.002 2020 QFX-Router1-re0 lacpd[7292]: %DAEMON-5-LACPD_TIMEOUT: xe-0/0/0:…

Juniper

Tacacs/AAA/ISE Server: 192.168.10.222 Tacacs Password: tacpassword1 Router’s Management IP: 192.168.0.4 (under mgmt_junos routing instance) Assumption: There’s an existing local account e.g. “user1” set system login user user1 class super-user set system login user user1 authentication plain-text-password (passwordhere) 1. Configure the tacacs server IP set system tacplus-server 192.168.10.222 routing-instance mgmt_junos  set system tacplus-server 192.168.10.222 secret tacpassword1 set system tacplus-server 192.168.10.222 single-connection set system tacplus-server 192.168.10.222 source-address 192.168.0.4 2. Configure authentication order (if tacacs cannot authenticate, will ask for local access user1) set system…

Juniper

Here are the steps of configuring Equal cost multipath (ECMP) in Juniper routers for Load balancing purposes. Step1:Configure ECMP routing policy set policy-options policy-statement LBPOLICY then load-balance per-packet Step2: Export the policy to forwarding table set routing-options forwarding-table export LBPOLICY  Verification: (Use the command “show route forwarding-table”) user1@QFX-re0> show route forwarding-table Routing table: default.inet Internet: Enabled protocols: Bridging, Destination        Type RtRef Next hop           Type Index    NhRef Netif 192.168.200.0/24    user     0 …

Juniper

Here is sample SNMPv2 and SNMPv3 configuration in Juniper routers. It also detailed on configuring SNMP trap for your Network Monitoring System(NMS). SNMPv2c community: snmpcomm123 management IP address: 192.168.10.100 SNMP Polling Server: 192.168.20.199 SNMP Trap Server: 192.168.20.200 Configuration: set snmp name JUNIPER-SNMP set snmp description “Juniper SNMP” set snmp location Datacentre set snmp community snmp routing-instance mgmt_junos set snmp community snmpcomm123  clients 192.168.10.100/32 Traps Configuration: set snmp trap-options source-address 192.168.10.100 set snmp trap-options agent-address outgoing-interface set snmp trap-group SNMPGROUP version…

Juniper

In related to configuring management interface in Juniper, NTP traffic should go via the management port and not through the data ports. Pre-requisite configuration can be found here: https://freenetworktutorials.com/configuring-management-interface-in-juniper-routers/ NTP Server1: 192.168.10.101 NTP Server1: 192.168.10.102 Configuration: set system ntp server 192.168.10.101 routing-instance mgmt_junos set system ntp server 192.168.10.102 routing-instance mgmt_junos set system ntp source-address 172.16.0.100 routing-instance mgmt_junos where: 172.16.0.100 is your management (em0) interface IP Sample Firewall configuration: set firewall family inet filter FIREWALL-RE term NTP-PERMIT from source-prefix-list NTP-LIST set…

Juniper

One of the best security practices in networking is separation of management traffic and data/control traffic. One way to achieve this is to use the management ports of Juniper devices to physically connect it preferably to different network. The management Ethernet interface is usually em0 or fxp0 in Juniper, and provides out-of-band(OOB)management network of the device. Assuming UTP cables are already connected to both management ports of both routing engine (RE) of the Juniper devices, here are the steps to…

Juniper

As per Cisco official site definition of FPD: An FPD refers to any programmable hardware device on a router, which includes a Field Programmable Gate Array (FPGA) and Read Only Memory Monitor (ROMMON). Cisco IOS® XR routers use a number of FPDs that are crucial for the function of route processors, line cards, shared port adapters (SPAs), SPA Interface Processors (SIPs), and fan trays.Sample of upgrading fpd in ASR9000 running in IOS-XR. Linecard used is 24x10GE Tomahawk linecard.A. Check first…

Cisco Juniper