- Page 4 and 5: Other resources from O’Reilly Rel
- Page 6 and 7: JUNOS Cookbook by Aviva Garrett Co
- Page 8 and 9: 1.20 Backing Up Filesystems on J-Se
- Page 10 and 11: 6. NTP . . . . . . . . . . . . . .
- Page 12 and 13: 11. IS-IS . . . . . . . . . . . . .
- Page 14 and 15: 16. IP Multicast . . . . . . . . .
- Page 16 and 17: was enormous pressure on the ASIC t
- Page 18 and 19: ecently, somewhere after 7.x. Now s
- Page 20 and 21: Powerful configuration editor and b
- Page 22 and 23: Chapter 6, NTP Explains how to prop
- Page 24 and 25: Acknowledgments I have been a profe
- Page 26 and 27: the CLI (on the router) or by using
- Page 28 and 29: Configuration mode has two basic co
- Page 30 and 31: 0.0.0.0/0 *[Static/5] 07:36:18 Disc
- Page 32 and 33: For example, in operational mode, y
- Page 34 and 35: about a configuration statement, yo
- Page 36 and 37: the configuration statement hierarc
- Page 38 and 39: manage all M-series and T-series ro
- Page 40 and 41: While the configuration shown in th
- Page 42 and 43: Solution Use the following version
- Page 44 and 45: } } } se-0/0/2 { unit 0 { family in
- Page 46 and 47: This is a mistake because a RIP nei
- Page 48 and 49: 1.8 Debugging a Failed Commit Probl
- Page 50 and 51: Here’s an example sequence of edi
- Page 52 and 53:
configuration hierarchy with the to
- Page 54 and 55:
Including the override option with
- Page 56 and 57:
1.13 Configuring the Router by Copy
- Page 58 and 59:
Here, the first line of the error s
- Page 60 and 61:
Notice that the CLI inserts the rep
- Page 62 and 63:
The time is in 24-hour (military) f
- Page 64 and 65:
Solution Use the following command
- Page 66 and 67:
1.18 Creating an Emergency Rescue C
- Page 68 and 69:
contains the JUNOS software (everyt
- Page 70 and 71:
If the router boots from the hard d
- Page 72 and 73:
See Also Recipe 1.19 1.21 Restoring
- Page 74 and 75:
You can reboot directly as part of
- Page 76 and 77:
You can also copy the software to t
- Page 78 and 79:
1.25 Gathering Software Version Inf
- Page 80 and 81:
Online documenation Online document
- Page 82 and 83:
If you suspect that an installed so
- Page 84 and 85:
FPC 0 REV 03 710-003308 BD8455 E-FP
- Page 86 and 87:
Solution Define the common informat
- Page 88 and 89:
## 'ntp' was inherited from group '
- Page 90 and 91:
1.30 Managing Redundant Routing Eng
- Page 92 and 93:
Start time 2005-04-26 22:31:45 UTC
- Page 94 and 95:
By default, when you reboot the rou
- Page 96 and 97:
Chapter CHAPTER 2 2 Basic Router Se
- Page 98 and 99:
All JUNOS passwords are encrypted,
- Page 100 and 101:
2.1 Allowing Access to the Router P
- Page 102 and 103:
ssh-rsa "1024 35 972763820408425105
- Page 104 and 105:
2.4 Setting the Login Authenticatio
- Page 106 and 107:
performed on the router. As with Un
- Page 108 and 109:
press Enter. The software then prom
- Page 110 and 111:
Solution Use the following command
- Page 112 and 113:
Solution Create a group account on
- Page 114 and 115:
Table 2-1. Login class permissions
- Page 116 and 117:
eset -- Can reset/restart interface
- Page 118 and 119:
192.168.15.2; } ## ## login: Names,
- Page 120 and 121:
Password and secret settings are, o
- Page 122 and 123:
See Also RFC 2865, Remote Authentic
- Page 124 and 125:
filter. For operations that are les
- Page 126 and 127:
It may seem rather trivial to set a
- Page 128 and 129:
aviva@router1# exit aviva@router1>
- Page 130 and 131:
Chapter CHAPTER 3 3 IPSec 3 3.0 Int
- Page 132 and 133:
3.1 Configuring IPSec Problem You n
- Page 134 and 135:
64 bytes from 10.0.97.2: icmp_seq=2
- Page 136 and 137:
Then, associate the policy with the
- Page 138 and 139:
As the last step, associate the dyn
- Page 140 and 141:
} } } filter { input traffic-out-of
- Page 142 and 143:
Next, define a rule for the IKE SA.
- Page 144 and 145:
Again, it’s worthwhile showing al
- Page 146 and 147:
Generated certificate request -----
- Page 148 and 149:
After you have committed the CA pro
- Page 150 and 151:
Use the following command to displa
- Page 152 and 153:
} remote-gateway 10.1.15.2; #
- Page 154 and 155:
This chapter discusses how to confi
- Page 156 and 157:
such as GetNext and GetBulk), or as
- Page 158 and 159:
snmp { community public { authoriza
- Page 160 and 161:
sysLocation.0 = JUNOS cookbook kitc
- Page 162 and 163:
The second is to limit the router i
- Page 164 and 165:
[edit firewall filter outgoing-from
- Page 166 and 167:
Discussion The SNMP standard Host R
- Page 168 and 169:
Discussion In the Juniper Networks
- Page 170 and 171:
Discussion The jnxOperatingTable ta
- Page 172 and 173:
Apr 27 12:04:34 snmpd[1370dced]
- Page 174 and 175:
Solution Create an RMON trap that w
- Page 176 and 177:
To verify that the RMON alarm is se
- Page 178 and 179:
To protect the SNMP message payload
- Page 180 and 181:
4.14 Tracking Router Configuration
- Page 182 and 183:
Solution For the chassis events, fi
- Page 184 and 185:
Check the configuration using the s
- Page 186 and 187:
Chapter CHAPTER 5 5 Logging 5 5.0 I
- Page 188 and 189:
Depending on how you configure syst
- Page 190 and 191:
Mar 16 11:00:54 router1 login: LOGI
- Page 192 and 193:
aviva@router1> show log messages |
- Page 194 and 195:
dev/ad0s1a 77M 39M 32M 55% / /dev/a
- Page 196 and 197:
of the system logging files that yo
- Page 198 and 199:
aviva@router1# set host 172.17.12.3
- Page 200 and 201:
can use to store system logfiles. H
- Page 202 and 203:
The advantage of deactivating rathe
- Page 204 and 205:
Solution Use the monitor traffic co
- Page 206 and 207:
You should not confuse the NTP stra
- Page 208 and 209:
You can see that the time zone has
- Page 210 and 211:
From a network-wide perspective, yo
- Page 212 and 213:
Solution Set up NTP authentication:
- Page 214 and 215:
of general interest. The value sync
- Page 216 and 217:
Table 7-1. Some interface media nam
- Page 218 and 219:
When you configure an IGP to run ov
- Page 220 and 221:
Output rate : 0 bps (0 pps) Active
- Page 222 and 223:
The output shows that the PIC has b
- Page 224 and 225:
Input packet count 3763 Input packe
- Page 226 and 227:
Discussion Most of the IP addresses
- Page 228 and 229:
7.4 Setting the Router’s Source A
- Page 230 and 231:
you just want to ping Bellagio, it
- Page 232 and 233:
7.7 Configuring an ISO Address on a
- Page 234 and 235:
You can use the show interfaces des
- Page 236 and 237:
Destination: 192.168.220.0/24, Loca
- Page 238 and 239:
The output shows that this is a 100
- Page 240 and 241:
lo0 up up lo0.0 up up inet 192.168.
- Page 242 and 243:
With this configuration, the show i
- Page 244 and 245:
Both the physical and logical inter
- Page 246 and 247:
The show vrrp extensive command dis
- Page 248 and 249:
Current address: 00:05:85:02:a7:f0,
- Page 250 and 251:
This output shows some of the defau
- Page 252 and 253:
Link-level type: Cisco-HDLC, MTU: 1
- Page 254 and 255:
Device flags : Present Running Inte
- Page 256 and 257:
Use the show interfaces command to
- Page 258 and 259:
CoS queues : 8 supported Last flapp
- Page 260 and 261:
7.21 Using APS to Protect Against S
- Page 262 and 263:
The ADM must also be in revertive m
- Page 264 and 265:
EPD threshold: 4259, Transmit weigh
- Page 266 and 267:
fe-0/0/1.0 up up inet 10.0.15.2/24
- Page 268 and 269:
unit 0 { family inet { address 172.
- Page 270 and 271:
Chapter CHAPTER 8 8 IP Routing 8 8.
- Page 272 and 273:
talking with other routers and adve
- Page 274 and 275:
Selecting Active Routes For each de
- Page 276 and 277:
*[Direct/0] 00:01:08 > via lo0.0 fe
- Page 278 and 279:
For a quickly skimmable view of the
- Page 280 and 281:
To find out why the route is unusab
- Page 282 and 283:
The output in this recipe is straig
- Page 284 and 285:
Solution Use the show route forward
- Page 286 and 287:
JUNOS routing table. The output in
- Page 288 and 289:
the address of the interface to whi
- Page 290 and 291:
8.7 Filtering Traffic Using Unicast
- Page 292 and 293:
configured on interfaces that the d
- Page 294 and 295:
via fe-0/0/0.0 172.19.121.117/32 *[
- Page 296 and 297:
Even though the JUNOS CLI uses per-
- Page 298 and 299:
As the IANA allocations change, you
- Page 300 and 301:
Unlike OSPF, for which the JUNOS so
- Page 302 and 303:
stops running or a network link goe
- Page 304 and 305:
The second command is show route in
- Page 306 and 307:
Chapter CHAPTER 9 9 Routing Policy
- Page 308 and 309:
If the route or packet does not mat
- Page 310 and 311:
Table 9-1. Default routing-policy a
- Page 312 and 313:
Table 9-3. General actions to take
- Page 314 and 315:
9.2 Changing a Route’s Routing In
- Page 316 and 317:
Then create a policy that reference
- Page 318 and 319:
the longer option to match all pref
- Page 320 and 321:
and 192.168.0.0/16. Malware, which
- Page 322 and 323:
Let’s take a look at the three ro
- Page 324 and 325:
aviva@router1# set term 1 then next
- Page 326 and 327:
9.8 Creating a Simple Firewall Filt
- Page 328 and 329:
number of interfaces. Another optio
- Page 330 and 331:
Table 9-5. Header match conditions
- Page 332 and 333:
See Also The firewall match conditi
- Page 334 and 335:
+ protocol Match IP protocol type +
- Page 336 and 337:
Solution Create a firewall filter f
- Page 338 and 339:
then accept; } term bgp-peers { fro
- Page 340 and 341:
As with routing policy, you define
- Page 342 and 343:
You can also save the activity reco
- Page 344 and 345:
A disadvantage of this method is th
- Page 346 and 347:
Two terms accept traffic from the n
- Page 348 and 349:
var/etc/filters/dfwc.out to see the
- Page 350 and 351:
then accept; } term allow-ntp { fro
- Page 352 and 353:
aviva@RouterF# set term utility the
- Page 354 and 355:
To have the counter take effect, ap
- Page 356 and 357:
Chapter CHAPTER 10 10 RIP 10 10.0 I
- Page 358 and 359:
Solution You configure basic RIP fu
- Page 360 and 361:
To find out what the problem is, fi
- Page 362 and 363:
See Also Recipes 7.5 and 8.1 10.2 H
- Page 364 and 365:
Solution The configuration for the
- Page 366 and 367:
10.4 Enabling RIP Authentication Pr
- Page 368 and 369:
and RouterF. If you do not change t
- Page 370 and 371:
RIPv2 Updates Ignored 0 0 0 Authent
- Page 372 and 373:
packets policy request route state
- Page 374 and 375:
Because IS-IS was developed as part
- Page 376 and 377:
node between areas 20 and 30, you n
- Page 378 and 379:
cencies. The State column shows tha
- Page 380 and 381:
TLVs: Area address: 49.0020 (3) ...
- Page 382 and 383:
TLVs: Area address: 49.0030 (3) Spe
- Page 384 and 385:
You can find out which routes the r
- Page 386 and 387:
Discussion Because IS-IS runs direc
- Page 388 and 389:
Then check that the default route i
- Page 390 and 391:
Level Adjacencies Priority Metric H
- Page 392 and 393:
If the same authentication type and
- Page 394 and 395:
IP router id: 192.168.19.1 IP addre
- Page 396 and 397:
aviva@RouterJ# set to protocol isis
- Page 398 and 399:
Solution Increase the cost on one o
- Page 400 and 401:
Solution Have IS-IS perform the SPF
- Page 402 and 403:
Discussion To remove an interface f
- Page 404 and 405:
The second error shows that the adj
- Page 406 and 407:
Chapter CHAPTER 12 12 OSPF 12 12.0
- Page 408 and 409:
default summary from an ABR to reac
- Page 410 and 411:
To check that OSPF is running on th
- Page 412 and 413:
Solution Use the show ospf route co
- Page 414 and 415:
12.3 Viewing the OSPF Link-State Da
- Page 416 and 417:
Discussion JUNOS OSPFv3 configurati
- Page 418 and 419:
Discussion To create additional are
- Page 420 and 421:
10.0.0.0/24 Intra Network IP 1 fe-1
- Page 422 and 423:
Area 0.0.0.1 Area 0.0.0.3 (Stub Are
- Page 424 and 425:
Summary *10.0.0.1 192.168.17.1 0x80
- Page 426 and 427:
Router 192.168.18.1 192.168.18.1 0x
- Page 428 and 429:
When you are looking at the configu
- Page 430 and 431:
As an ISP, you might use static rou
- Page 432 and 433:
The interfaces in this recipe are a
- Page 434 and 435:
timers on all interfaces, OSPF cann
- Page 436 and 437:
elieving that it is overloaded and
- Page 438 and 439:
Some things you see in the logfile
- Page 440 and 441:
oute spf state task timer Trace rou
- Page 442 and 443:
Chapter CHAPTER 13 13 BGP 13 13.0 I
- Page 444 and 445:
way, a policy applied to a group ov
- Page 446 and 447:
AGGREGATOR (optional, transitive) I
- Page 448 and 449:
Within a group, you need to configu
- Page 450 and 451:
This command also shows other infor
- Page 452 and 453:
When the State column shows three n
- Page 454 and 455:
The AS path line lists all AS paths
- Page 456 and 457:
AS 65500 RouterF 192.168.16.1 Route
- Page 458 and 459:
outer, and 192.168.11.1 and 192.168
- Page 460 and 461:
The first group is the external gro
- Page 462 and 463:
tt: 200130618 srtt: 301 rttv: 12 rt
- Page 464 and 465:
13.5 Adjusting Local Preference Val
- Page 466 and 467:
Discussion When BGP advertises pref
- Page 468 and 469:
to 10.0.31.2 via t1-0/0/3.0 10.0.13
- Page 470 and 471:
Table 13-1. AS path regular express
- Page 472 and 473:
aviva@RouterF# set term accept-null
- Page 474 and 475:
Under extreme conditions, you might
- Page 476 and 477:
To hide the keys when you are looki
- Page 478 and 479:
Here’s the complete IBGP group co
- Page 480 and 481:
This recipe illustrates a simple ro
- Page 482 and 483:
Solution Route flap damping is a wa
- Page 484 and 485:
Using the default reuse threshold o
- Page 486 and 487:
0/0/0 192.168.17.1 65500 501 515 0
- Page 488 and 489:
inet.0: 173319 destinations, 153343
- Page 490 and 491:
In the community identifier, you ca
- Page 492 and 493:
This configuration assumes that you
- Page 494 and 495:
As of this writing, the bogon list
- Page 496 and 497:
Discussion Multihomed connections f
- Page 498 and 499:
Task: BGP_65505.192.168.1.1+3718 An
- Page 500 and 501:
You can also deactivate the stateme
- Page 502 and 503:
You can configure BGP traceoptions
- Page 504 and 505:
(RSVP), originally designed as a ge
- Page 506 and 507:
10,000 through 99,999 For manually
- Page 508 and 509:
LDP discovers neighbors by sending
- Page 510 and 511:
[edit interfaces] aviva@RouterG# se
- Page 512 and 513:
If you are configuring MPLS on all
- Page 514 and 515:
Once LDP is turned on on all the ro
- Page 516 and 517:
3 192.168.16.1/32 100000 192.168.17
- Page 518 and 519:
100064 *[LDP/9] 1d 23:02:36, metric
- Page 520 and 521:
Receive 100064 *[LDP/9] 5d 01:00:51
- Page 522 and 523:
aviva@RouterJ> show ldp traffic-sta
- Page 524 and 525:
Keepalive interval: 10, Connect ret
- Page 526 and 527:
See Also Recipe 5.10 14.6 Setting U
- Page 528 and 529:
} fxp0 { unit 0 { family inet { add
- Page 530 and 531:
the set rsvp interface command to c
- Page 532 and 533:
Transit LSP: 0 sessions Total 0 dis
- Page 534 and 535:
The extensive version of this comma
- Page 536 and 537:
The ingress router now has two RSVP
- Page 538 and 539:
State: *RSVP Preference: 7 Next-ho
- Page 540 and 541:
1 user 0 recv 27 3 2 user 0 recv 27
- Page 542 and 543:
On R1, the router’s outgoing labe
- Page 544 and 545:
Discussion It is a good security me
- Page 546 and 547:
Router R3 10.0.0.3 so-0/0/2 10.1.13
- Page 548 and 549:
Bandwidth: 50Mbps SmartOptimizeTime
- Page 550 and 551:
From: 10.0.0.1, State: Up, ActiveRo
- Page 552 and 553:
*Primary primary-path-R1-to-R5 Stat
- Page 554 and 555:
To check that fast reroute is confi
- Page 556 and 557:
Router R3’s record route for the
- Page 558 and 559:
Lines 10 through 17 log the reoptim
- Page 560 and 561:
The second step is to configure aut
- Page 562 and 563:
Solution Configure the more importa
- Page 564 and 565:
Next, configure the higher-priority
- Page 566 and 567:
Use the show mpls lsp ingress exten
- Page 568 and 569:
14.15 Allowing IGP Traffic to Use a
- Page 570 and 571:
14.16 Installing LSPs into the Unic
- Page 572 and 573:
[IS-IS/18] 00:00:05, metric 20 > to
- Page 574 and 575:
Nov 4 16:47:47 Filter7 Len 12 10.0.
- Page 576 and 577:
Chapter CHAPTER 15 15 VPNs 15 15.0
- Page 578 and 579:
determine the VPN to which they bel
- Page 580 and 581:
As a first step, set up the routing
- Page 582 and 583:
For PE RouterG, these commands conf
- Page 584 and 585:
NLRI for this session: inet-vpn-uni
- Page 586 and 587:
aviva@RouterG# set term 1 then comm
- Page 588 and 589:
10.0.0.1/32 *[Local/0] 3d 02:40:27
- Page 590 and 591:
192.168.13.1/32 *[Static/5] 01:06:4
- Page 592 and 593:
This output shows two labels to the
- Page 594 and 595:
must use a different route distingu
- Page 596 and 597:
Now check the routing tables on the
- Page 598 and 599:
*[BGP/170] 00:07:20, localpref 100,
- Page 600 and 601:
Chapter CHAPTER 16 16 IP Multicast
- Page 602 and 603:
The second way to build distributio
- Page 604 and 605:
to be a DR or RP, it must have a se
- Page 606 and 607:
Interface: se-0/0/3.0 Querier: 10.0
- Page 608 and 609:
Discussion PIM-SM uses the RP as th
- Page 610 and 611:
Finally, configure auto-RP on each
- Page 612 and 613:
Address family INET RP address Type
- Page 614 and 615:
The PIM bootstrap protocol sets up
- Page 616 and 617:
[edit protocols pim] aviva@RouterB#
- Page 618 and 619:
} family inet { address 192.168.13.
- Page 620 and 621:
16.7 Configuring Multiple RPs in a
- Page 622 and 623:
When you use the show pim rps comma
- Page 624 and 625:
Another way to get information abou
- Page 626 and 627:
Solution Look at the Join messages
- Page 628 and 629:
The information these two commands
- Page 630 and 631:
ASM. This configuration mechanism i
- Page 632 and 633:
Configure an EBGP session, enabling
- Page 634 and 635:
AS 65500 RouterB 192.168.12.1 10.0.
- Page 636 and 637:
For the EBGP connection, in additio
- Page 638 and 639:
directly connected to this router (
- Page 640 and 641:
Continuing toward the multicast sou
- Page 642 and 643:
Solution Set up PIM-DM on the domai
- Page 644 and 645:
Solution Enable PIM packet tracing:
- Page 647 and 648:
Index Symbols " (quotation marks),
- Page 649 and 650:
filtering routes based on, 445 prep
- Page 651 and 652:
clicommand, 13 client peers, 453 cl
- Page 653 and 654:
D daemon facility, 163 DAEMON facil
- Page 655 and 656:
equals sign (=), 174 ERO (Explicit
- Page 657 and 658:
OSPF and, 408 PIC installation and,
- Page 659 and 660:
disabling OSPF, 412, 413 Ethernet,
- Page 661 and 662:
ISO/IEC 10589, 349 ISPs (Internet s
- Page 663 and 664:
inactive interfaces and, 244 IS-IS
- Page 665 and 666:
determining software versions, 54-5
- Page 667 and 668:
pause frames, 197 PDUs (protocol da
- Page 669 and 670:
PSNPs (partial sequence number PDUs
- Page 671 and 672:
emergency rescue, 42 exclusive acce
- Page 673 and 674:
security parameter index (SPI), 107
- Page 675 and 676:
show command configuration group st
- Page 677 and 678:
snd_una parameter (TCB), 438 snd_wn
- Page 679 and 680:
TCP address spoofing, 266 authentic
- Page 681:
unnumbered interfaces, 207 up arrow