Tacacs/AAA/ISE Server: 192.168.10.222 Tacacs Password: tacpassword1 Router’s Management IP: 192.168.0.4 (under mgmt_junos routing instance) Assumption: There’s an existing local account e.g. “user1” set system login user user1 class super-user set system login user user1 authentication plain-text-password (passwordhere) 1. Configure the tacacs server IP set system tacplus-server 192.168.10.222 routing-instance mgmt_junos set system tacplus-server 192.168.10.222 secret tacpassword1 set system tacplus-server 192.168.10.222 single-connection set system tacplus-server 192.168.10.222 source-address 192.168.0.4 2. Configure authentication order (if tacacs cannot authenticate, will ask for local access user1) set system…
Free Network Posts
Here are the steps of configuring Equal cost multipath (ECMP) in Juniper routers for Load balancing purposes. Step1:Configure ECMP routing policy set policy-options policy-statement LBPOLICY then load-balance per-packet Step2: Export the policy to forwarding table set routing-options forwarding-table export LBPOLICY Verification: (Use the command “show route forwarding-table”) user1@QFX-re0> show route forwarding-table Routing table: default.inet Internet: Enabled protocols: Bridging, Destination Type RtRef Next hop Type Index NhRef Netif 192.168.200.0/24 user 0 …
Here is the most popular Mnemonic for Border Gateway Protocol (BGP) for Best Path Selection. This helps to easily remember on how BGP choosing its best path instead of memorizing it. “We Love Oranges AS Oranges Mean Pure Refreshment” W Weight (Highest) L LOCAL_PREF (Highest) O Originate (local) routes that are advertise through the “network” command or redistributed from an IGP. AS AS_PATH (shortest) O ORIGIN Code (IGP > EGP > Incomplete) M MED (lowest) P Paths (External > Internal) R RID (lowest)
Here is sample commands in configuring SNMPv2 and SNMPv3 in Cisco IOS-XR devices. It also detailed on how to configure SNMP traps for your Network Monitoring System. SNMPv2c community: snmpcomm123 management IP address: 192.168.10.100 SNMP Polling Server: 192.168.20.199 SNMP Trap Server: 192.168.20.200 SNMPv2c Polling Configuration: ipv4 access-list SNMP-ALLOW 10 permit ipv4 host 192.168.20.199 any snmp-server contact DC-ADMIN snmp-server location Datacentre snmp-server trap-source Loopback0 snmp-server community snmpcomm123 RO SystemOwner IPv4 SNMP-ALLOW SNMPv2c Traps Configuration: configure snmp-server traps snmp-server host 192.168.20.200 traps snmpcomm123 Verify: /usr/bin/snmpwalk -M /usr/local/snmp/mibs -v2c…
Here is sample SNMPv2 and SNMPv3 configuration in Juniper routers. It also detailed on configuring SNMP trap for your Network Monitoring System(NMS). SNMPv2c community: snmpcomm123 management IP address: 192.168.10.100 SNMP Polling Server: 192.168.20.199 SNMP Trap Server: 192.168.20.200 Configuration: set snmp name JUNIPER-SNMP set snmp description “Juniper SNMP” set snmp location Datacentre set snmp community snmp routing-instance mgmt_junos set snmp community snmpcomm123 clients 192.168.10.100/32 Traps Configuration: set snmp trap-options source-address 192.168.10.100 set snmp trap-options agent-address outgoing-interface set snmp trap-group SNMPGROUP version…
In related to configuring management interface in Juniper, NTP traffic should go via the management port and not through the data ports. Pre-requisite configuration can be found here: https://freenetworktutorials.com/configuring-management-interface-in-juniper-routers/ NTP Server1: 192.168.10.101 NTP Server1: 192.168.10.102 Configuration: set system ntp server 192.168.10.101 routing-instance mgmt_junos set system ntp server 192.168.10.102 routing-instance mgmt_junos set system ntp source-address 172.16.0.100 routing-instance mgmt_junos where: 172.16.0.100 is your management (em0) interface IP Sample Firewall configuration: set firewall family inet filter FIREWALL-RE term NTP-PERMIT from source-prefix-list NTP-LIST set…
One of the best security practices in networking is separation of management traffic and data/control traffic. One way to achieve this is to use the management ports of Juniper devices to physically connect it preferably to different network. The management Ethernet interface is usually em0 or fxp0 in Juniper, and provides out-of-band(OOB)management network of the device. Assuming UTP cables are already connected to both management ports of both routing engine (RE) of the Juniper devices, here are the steps to…
As per Cisco official site definition of FPD: An FPD refers to any programmable hardware device on a router, which includes a Field Programmable Gate Array (FPGA) and Read Only Memory Monitor (ROMMON). Cisco IOS® XR routers use a number of FPDs that are crucial for the function of route processors, line cards, shared port adapters (SPAs), SPA Interface Processors (SIPs), and fan trays.Sample of upgrading fpd in ASR9000 running in IOS-XR. Linecard used is 24x10GE Tomahawk linecard.A. Check first…
SSH Configuration Examples in Cisco (IOS,IOS-XE,NX-OS,IOS-XR) Here are the configuration examples: whereas: 192.168.100.100 = Jumphost IP (Allowed IP to SSH into the device)Prerequisites in configuring SSH for Cisco devices include SSH key generation, please refer to Cisco Official Documentation. command: crypto key generate rsaPreferably, RSA key bits at least 2048, else use 1024 for better securityIOS: ip ssh version 2 line vty 0 4 access-class 101 in exec-timeout 5 0 password 7 01234ABC login authentication VTY transport input ssh access-list…
Configuring Cisco to authenticate (also including authorization and accounting) to Tacacs+ server 10.10.10.10 – Tacacs+ AAA server IOS: aaa authentication login VTY group tacacs+ line aaa authentication enable default group tacacs+ enable aaa authorization commands 1 default group tacacs+ none aaa authorization commands 15 default group tacacs+ none aaa accounting exec default start-stop group tacacs+ aaa accounting commands 1 default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ tacacs-server host 10.10.10.10 single-connection tacacs-server key 7 1234567890 ip…
2 Comments