CISCO 와는 많이 다르다. (그때 그때 update)
1. u-boot 기반에 linux 기반의 Junos 가 동작하는 것으로 보인다.
2. 기본 ID는 root 이다.
3. interface 는 1 부터가 아니고 0 부터 시작한다. linux의 eth0 처럼.
4. cli 명령으로 cli 모드로 전환해 주어야 한다.
TEST (ttyu0)
login: root
Password:
--- JUNOS 12.3R4.6 built 2013-09-13 02:39:14 UTC
root@TEST:RE:0% cli
root@TEST> configure
Entering configuration mode
[edit]
root@TEST#
5. show configure 명령으로 running 설정을 볼 수 있는데 # mode 에서는 run 명령으로 실행해야 한다.
6. commit check 명령으로 먼저 적용에 문제가 없는지 확인하고 commit 명령으로 적용한다.
문제가 있어 적용되지 않으면 해당 명령을 delete 로 지워 주어야 한다. (cisco 에서 no 를 붙이는 것과 같이)
CISCO 에서는 명령어 실행 즉시 적용되고 error 가 있으면 명령어가 설정되지 않지만 JunOS 에서는 문제된 명령문이 계속 따라 다닌다.
문제의 명령을 delete 하지 않으면 이 후 정상 명령 후 Commit 시 계속 문제가 된다.
7. interface range 는 미리 정의해 놓고 사용해야 한다.
아래 예에서는 total 이 사용자 정의된 interface-rage 이다.
8. ssh service port 변경은 지원하지 않는다. 기본 tcp 22
# untag VLAN 설정 예
root@TEST> show configuration
## Last commit: 2017-07-18 22:47:19 KST by root
version 12.3R4.6;
system {
host-name TEST;
domain-search 192.168.0.2;
time-zone Asia/Seoul;
root-authentication {
encrypted-password "$1$66iHuacu$9oFrLqvyEM9Uax7Sgbste/"; ## SECRET-DATA
}
name-server {
192.168.0.2;
192.168.0.3;
8.8.8.8;
}
services {
ssh {
protocol-version v2;
}
netconf {
ssh;
}
web-management {
http;
}
dhcp {
traceoptions {
file dhcp_logfile;
level all;
flag all;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
ntp {
server 211.233.78.116;
server 211.233.84.186;
server 211.233.78.116;
}
}
chassis {
auto-image-upgrade;
}
interfaces {
interface-range total {
member-range ge-0/0/0 to ge-0/0/47;
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members vlan500;
}
}
}
}
ge-0/0/0 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/12 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/13 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/14 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/15 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/16 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/17 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/18 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/19 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/20 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/21 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/22 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/23 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/24 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/25 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/26 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/27 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/28 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/29 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/30 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/31 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/32 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/33 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/34 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/35 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/36 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/37 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/38 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/39 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/40 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/41 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/42 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/43 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/44 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/45 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/46 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/47 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/48 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/0 {
unit 0 {
family ethernet-switching;
}
}
xe-0/1/0 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/1 {
unit 0 {
family ethernet-switching;
}
}
xe-0/1/1 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/2 {
unit 0 {
family ethernet-switching;
}
}
xe-0/1/2 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/3 {
unit 0 {
family ethernet-switching;
}
}
vlan {
unit 0 {
arp-resp unrestricted;
family inet {
address 192.168.0.66/26;
}
}
}
}
snmp {
location ComRoom;
contact QAHUNI;
community TEST {
authorization read-only;
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.0.65;
}
}
protocols {
igmp-snooping {
vlan all;
}
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
vlan500 {
l3-interface vlan.0;
}
}
poe {
interface all;
}
root@TEST>
9. ntp client 설정
trusted-key 1;
# 기타 (펌)
(https://sclabs.blogspot.kr/2017/05/juniper-junos-basics.html)
==REVERT JunOS to Defualt Config
root% cliSRX-1> configure
SRX-1# load factory-defualt
SRX-1# set system root-authentication plain-text-password
SRX-1# commit
SRX-1# exit
SRX-1> request system reboot
==LOG-IN , AUTH, BASICs
root
root% cli
root% exit
logout
root@SI-JunOS-12.1> show cli
CLI complete-on-space set to on
CLI idle-timeout disabled
CLI restart-on-upgrade set to on
CLI screen-length set to 38
CLI screen-width set to 183
CLI terminal is 'linux'
CLI is operating in enhanced mode
CLI timestamp disabled
CLI working directory is '/root'
=User account
[edit]
edit system login user [user name]
set uid xxx
set class super-user
edit authentication
set plain-text-password
New password; xxxxx
Retype new password; xxxxx
==
set system root-authencrypted plain-text-password
set system root-authencrypted encrypted-password <encrypted>
set system root-authencrypted ssh-rsa <key>
set system host-name <host1>
set system domain-name <host1.test.com>
set system name-server <8.8.8.8>
set system services ssh
set system services telnet
#
set routing-options static route 10.0.0.0/8 next-hop 10.200.1.1 no-readvertise
#time
set system time-zone Asia/Taipei
set date 200906182340
set system ntp server 1.1.1.1
A time difference of less than 128ms between server and client is required to maintain NTP synchronization. The typical accuracy on the Internet ranges from about 5ms to 100ms, possibly varying with network delays. A recent survey[2]suggests that 90% of the NTP servers have network delays below 100ms, and about 99% are synchronized within one second to the synchronization peer.
#loopback
[edit interfaces]
set lo0 unit 0 family inet address 10.0.0.1
commit
== USER AUTH
LOCAL: name/passwd, per-user 'class' permissions (custom groups of permissions)
RADIUS/TACACS
Default Login classes:
- operator : clear, network, reset, trace, view
- read-only: view
- super-user: allow
- un-authorized: none
==RADIUS as auth method
# set system authentication-order radius
# set system radius-server 10.10.10.10 secret <passwd>
==USER add
jc@Junos# set user jc class super-user
jc@Junos# set user jc authentication plain-text-password
==Banner
jc@Junos# set system login message "------\nWARNING: Unauthorized access prohibited. -----\n"
jc@Junos# set system announcement "Network maintenance announcement."
==MODES
Operational mode - monitor and tshoot, commands are executed from this mode
jeff@host>
configure
show version|ospf|isis|interfaces|chassis|bgp
show route terse|table|protocol|exact|brief
show | compare
show config | compare rollback <nr>
set
monitor
clear
request —for performing system-level operations, including stopping and rebooting the router or switch and loading Junos OS images.
request support information
request system reboot (reboot)
request system halt (shutdown)
request system halt both-routing-engines (for redundant RE chassis)
request system snapshot (backup routing soft)
request system software add /var/db/...
start —to exit the CLI and start a UNIX shell.
configure —for entering configuration mode,
quit —to exit the CLI.
copy -copies files from one location on the router or switch to another, from the router or switch to a remote system and back
restart -hierarchy restart the various Junos OS processes, including the routing protocol, interface, and SNMP.
Commands for monitoring and troubleshooting:
clear—Clear statistics and protocol database information.
mtrace—Trace mtrace packets from source to receiver.
monitor—Perform real-time debugging of various software components, including the routing protocols and interfaces.
ping—Determine the reachability of a remote network host.
show—Display the current configuration and information about interfaces, routing protocols, routing tables, routing policy filters, system alarms, and the chassis.
test—Test the configuration and application of policy filters and autonomous system (AS) path regular expressions.
traceroute—Trace the route to a remote network host.
Configuration mode - configure the router
[edit]
jeff@host#
==SHORTCUTS
CTRL+A - the beginning of line
CTRL+E - the end of line
Delete - delete of 1 char before cursor
CTRL+D - delete of 1 char under cursor
CTRL+W - delete 1 word to left of cursor
CTRL+L - redraw
SPACE - completes a command
TAB - completes a variable
? - cpmtext-sens help
| - pipe to filter output
help topic routing-options static - info on general concept
help reference routing-options martians - config-related info
help apropos bfd - config-related history
help tip cli - random tip (recommandation)
==CONFIG
Active config (startup)
Candidate (running)
commit - changes wont apply until this command, config is saved
rollback n - undo commit
edit, set, rename, insert - Add and modify configuration statements
show - see candidate
delete - remove config statement
status - Display other users configuring router
run - execute show commands form config mode (like 'do' in cisco)
==Commit Junos Configuration
Candidate Configuration - You always enter your configuration or changes as a condidate file.
show|compare - see exactly changes you made and look for any last-minute typos.
commit check - The system verifies the logic and completeness of your new configuration entries without activating any changes.
commit confirmed - If you don’t confirm your changes by entering commit within 10 minutes of activation, the device reverts back to the prior configuration.
rollback - lets you restore the rescue or any of the prior 50 configurations. A quick rollback is much easier than undoing one command at a time.
save <file> - saved to ASCII file, File is saved to user’s home directory unless full path name is specified
load <file> - Override an existing configuration, Merge new statements into existing configuration, Replace existing statements in current configuration
load (replace | merge | override) filename, and commit to activate
==CONFIGURATION MODE
> configure - multi user config
> configure exclusive - single user config
> configure private - user edit a private copy of candidate config
top/up - hierarchy navigation
# edit chassis alarm ethernet
==CONFIGURATION GROUPS
statements that you can apply to different sections of config
# show groups re0
interface fxp0 unit0 family inet address 192.168.1.1/24
# show groups re1
interface fxp0 unit0 family inet address 192.168.1.2/24
# set apply-groups [re0 re1]
==LOGS
System keeps log files in /var/log
•messages file contains running commentary about system operation
•Can be tuned to provide minimal to extensive logging
show log <file-name>
show log messages | match fail
show log messages | match "fpc | sfm"
show log messages | match "1/1/3" match TRAP
monitor start <file-name> - View in real time with
==SSH
set system services ssh
root-login (allow | deny | deny-password);
protocol-version [ v1 v2 ];
client-alive-count-max 5;
client-alive-interval 20;
fingerprint-hash (md5 | sha2-256);
set system services telnet
set system services ftp
commit
==Upgrade Junos software
jc@Junos> request system software add jbundle-5.3R2.4-domestic-signed.tgz
jc@Junos> request system software add jbundle-5.3R2.4-domestic-signed.tgz reboot
===BASIC Commands
show version
monitor -Contents of the log files
show log -Log files and their contents and recent user logins
ping
traceroute
> show configuration
# show
# show protocols
# show protocols bgp
file list
file show
show cli history
run show interfaces terse
show interfaces
monitor interfaces em0.0
monitor traffic (tcpdump)
clear interface statistics
show arp
show chassis alarms
show chassis craft-interface
show chassis environment
show chassis hardware
show chassis routing-engine
show system uptime
show route
show route forwarding-table
show isis adjacency
show ospf neighbor
show bgp neighbor
show mpls interface
show mpls lsp
show route label-switched-path
show rsvp interface
show rsvp session
show rsvp statistics
==MGMT interfaces
fxp0 - out-of-band mgmt
fxp1/bcm0 - internal Routing Engine-to Packet Forwd Engine
fxp2 or em0 - internal RE-to-RE (none config neede, do not modify)
Common media types:
at - ATM over SONET/SDH
so - SONET/SDH
fe - Fast Ethernet
ge - Giga Ethernet
xe - 10G Ethernet
ae - Aggregated Ethernet
gr - GRE
lo - loopback
==CONFIGURE INTERFACES
#Protocol families:
inet - ipv4
inet6 - ipv6
iso - ISO for IS-IS
mpls - traffic engineering
# help topic interfaces family
set interface ge-1/0/3 vlan-tagging
set interface ge-1/0/3 unit 40 vlan-id 40
set interface ge-1/0/3 unit 0 family inet address 1.1.1.1/24
set interface ge-1/0/3 disable (ADMINISTRATIVELY DOWN)
deactivate interfaces ge-1/0/3 (ignore this interface)
activate interfaces ge-1/0/3 (reactivate)
==BASIC CONFIGS
# default route
set routing-options static route 0.0.0.0/0 next-hop 1.1.1.1
set routing-options static route default next-hop address
# static route
set routing-options static route 192.168.2.0/24 next-hop 1.1.1.1
==ROUTING POLICY
https://forums.juniper.net/jnet/attachments/jnet/Learning/56/1/DO_Configuring_Junos_Policies_Filters.pdf
Term - group any match conditions and actions together under a common hierarchy in the configuration.
#actions:
Terminating : accept, reject
Flow control: skip to next policy, skipt to next term
Modify: Metric, Preference, Color, Next-hop address
# apply policis:
BGP: Global, peer, peer-group IMPORT/EXPORT
RIP: Default and neighnor IMPORT and group EXPORT
IS-IS/OSPF: Global EXPORT only!
Only MOST specific policies are applied to particular peer:
neighbor policy > group policy > global polcy
# A simple statement such as “the IP prefix 10.10/16 should have a metric of 10”
[edit policy-options]
jack# show
policy-statement some-test-policy {
term plain-english { from { route-filter 10.10.0.0/16 exact; } then { metric 10; accept; }}
final-action;
}
protocols {
isis {export [policy-list];}
bgp {export [policy-list]; import [policy-list];}
}
[edit protocols bgp]
# set export advertise-ospf
====SAMPLE
[edit]
set interfaces fe-0/0/1 unit 0 family inet address 10.0.2.1/30
set interfaces fe-1/1/0 unit 0 family inet address 10.0.8.6/30
set interfaces fe-1/0/0 unit 0 family inet address 10.0.8.9/30
set policy-options policy-statement export-policy term term1 from route-filter 10.0.4.4/30 prefix-length-range /30-/30
set policy-options policy-statement export-policy term term1 then accept
set protocols ospf area 0.0.0.0 interface fe-0/0/1
set protocols ospf area 0.0.0.4 interface fe-0/1/0
set protocols ospf area 0.0.0.4 interface fe-1/0/0
set protocols ospf area 0.0.0.4 network-summary-export export-policy
===ROUTING TABLES
> show route
Junos have 5 default routing tables:
inet.0 - unicast routes
inet.1 - multicast forward cache
inet.2 - MBGP routes for RPF (Reverse PATH Forwarding)
inet.4 - MPLS
mpls.0 - MPLS label switching
Default protocols preferences :
0 Direct
0 LOCAL
5 Static
7 RSVP
9 LDP
10 OSPF
15 IS-IS
100 RIP
130 Aggregated
170 BGP
show route protocol ospf
show ospf route detail
show ospf database brief
BGP route selection:
Can the BGP next-hop be resolved
Prefer the highest local preference value
Prefer shortest AS Path
Prefer the lowest origin value -Describes where first router received the information § i = IGP (0), § E = EGP (1), § ? = Incomplete (2)
Prefer the lowest MED value
Prefer routes learned using EBGP over IBGP
Prefer routes with the lowest IGP metric
-Prefer routes from inet.3 over inet.0
-Prefer routes with a greater number of next hops
-When using route reflectors, prefer the route with shorter cluster list
Prefer routes from the peer with lowest Router ID
Prefer routes from peer with lowest peer ID
'Engineering > [Network]' 카테고리의 다른 글
| [Apache] (0) | 2019.06.27 |
|---|---|
| [Cisco] Config (0) | 2017.07.13 |
| [DNS] 서버 리스트 (0) | 2017.01.18 |
| [Email] Reverse DNS 관계 (0) | 2017.01.18 |
| [OUI] OUI List (0) | 2016.03.03 |