I know a bit about networking – IP addresses, different layers, HTTP, DNS, ethernet cables, default gateway, routers, switches, TCP/UDP and DHCP. However, this is mainly from a home network perspective.
Getting into bigger and more advanced networking – I don’t know my arse from my elbow.
I do know quite a bit of stuff from server to application though and the automating of deploys, continuious integration and continuous delivery. At work they use Juniper MX routers, so I wanted to see what I could do with Juniper:
I found this post…get started with Junos quickly
So you can get a Juniper switch running locally on your pc with vqfx10k-vagrant
So now I have a juniper switch up and running in vagrant on my pc, a virtual instance of the switches below.
The next step is exploring the junOS cli with this Juniper Day One Book
JunOS CLI
The next thing to look at is the Junos CLI.
In operation mode – you are managing and monitoring device operations
Then there is configuration mode – where you configure the device and its interfaces – including access, interfaces, protocols, security services and system hardware.
Logging In
Oftentimes: routers, switches, security devices are on a subnet behind a gateway that prevents unauthorized access to these devices.
telnet gatewayserverthen log into the device
telnet routernameThe operation command prompt is: >
The configuration command prompt is: #
To go into configuration mode, type:configure
Exit configuration mode with exit
Abreviations are autompleted, eg sh int
To view possible commands type: ?
- show `?`
- ping `?`
- traceroute `?`
Use help apropos <command> when you remember some of the command but not the whole thing
You can also pipe commands, example storing support info to a file:
vagrant@vqfx-re> request support information | save support_file.txt
Wrote 6929 lines of output to 'support_file.txt'
To check available commands with a pipe:
vagrant@vqfx-re> show interfaces | ?
Possible completions:
append Append output text to file
count Count occurrences
display Show additional kinds of information
except Show only text that does not match a pattern
find Search for first occurrence of pattern
hold Hold text without exiting the --More-- prompt
last Display end of output only
match Show only text that matches a pattern
no-more Don't paginate output
refresh Refresh a continuous display of the command
request Make system-level requests
resolve Resolve IP addresses
save Save output text to file
tee Write to standard output and file
trim Trim specified number of columns from start of line
Multiple pipes are seen as a logical AND
Remember a C Shell is % and a bournce shell prompt is $
In operation mode you can start a shell with : start shell
In configuration mode you start the shell with: run start shell or run start shell sh
Operational mode:
vagrant@vqfx-re> ?
Possible completions:
clear Clear information in the system
configure Manipulate software configuration information
file Perform file operations
help Provide help information
load Load information from file
monitor Show real-time debugging information
mtrace Trace multicast path from source to receiver
op Invoke an operation script
ping Ping remote target
quit Exit the management session
request Make system-level requests
restart Restart software process
save Save information to file
set Set CLI properties, date/time, craft interface message
show Show system information
ssh Start secure shell on another host
start Start shell
telnet Telnet to another host
test Perform diagnostic debugging
traceroute Trace route to remote host
Showing device status:
vagrant@vqfx-re> show ?
Possible completions:
access-cac Show access cac under enhanced-broadband-edge
access-security Show access security information
accounting Show accounting profiles and records
agent Show SDN agent information
analytics Show Analytics information
app-engine Show App-engine information
arp Show system Address Resolution Protocol table entries
as-path Show table of known autonomous system paths
authentication-whitelist Show 802.1X White List MAC addresses
auto-bandwidth Show auto-bandwidth information
auto-configuration Show auto-configuration
backup-selection Show backup selection policies information
bfd Show Bidirectional Forwarding Detection information
bgp Show Border Gateway Protocol information
captive-portal Show captive portal information
chassis Show chassis information
class-of-service Show class-of-service (CoS) information
cli Show command-line interface settings
configuration Show current configuration
connections Show circuit cross-connect connections
database-replication Show database replication information
dcbx Show DCBX protocol information
ddos-protection Show DDOS information
dhcp Show Dynamic Host Configuration Protocol information
dhcp-security Show DHCP access security information
dhcpv6 Show Dynamic Host Configuration Protocol v6 information
diagnostics Show diagnostics information
diameter Show diameter information
dot1x Show 802.1X information
dynamic-profile Show dynamic profile information
dynamic-tunnels Show dynamic tunnel information information
ephemeral-configuration Show ephemeral configuration
ethernet-switching Show ethernet switching information
event-options Show event-options information
evpn Show EVPN information
extension-service Extension service information
firewall Show firewall information
forwarding-options Show forwarding-options information
helper Show port-forwarding helper information
hfrr Show information related to Host (Direct route) Fast reroute
host Show hostname information from domain name server
iccp Show Inter Chassis Control Protocol information
igmp Show Internet Group Management Protocol information
ike Show Internet Key Exchange information
ilmi Show interim local management interface information
ingress-replication Show Ingress-Replication tunnel information
interfaces Show interface information
ipsec Show IP Security information
ipv6 Show IP version 6 information
isis Show Intermediate System-to-Intermediate System information
jdaf Show JDAF information
l2circuit Show Layer 2 circuit information
l2cpd Show l2cpd information
l2vpn Show Layer 2 VPN information
lacp Show Link Aggregation Control Protocol information
ldp Show Label Distribution Protocol information
link-management Show link management information
lldp Show Link Layer Discovery Protocol information
log Show contents of log file
loop-detect Show loop detect information
mac-refresh Display mac-refresh is enabled on interface or not
mac-rewrite Show layer 2 protocol tunneling information
mld Show multicast listener discovery information
mpls Show mpls information
msdp Show Multicast Source Discovery Protocol information
multi-chassis
multicast Show multicast information
mvpn Show Multicast Virtual Private Network (MVPN) information
mvrp Show MVRP Protocol information
network-access Show network-access related information
nonstop-routing Show nonstop routing information
ntp Show Network Time Protocol information
oam Show OAM-related information
ospf Show Open Shortest Path First information
ospf3 Show Open Shortest Path First version 3 information
ovsdb Show Virtual-Tunnel End-point gateway information
path-computation-client Show Path Computation Client information
performance-monitoring Show performance monitoring statistics
pfe Show Packet Forwarding Engine information
pim Show Protocol Independent Multicast information
policer Show interface policer counters and information
policy Show policy information
programmable-rpd Show RPD Server information
protection-group Show protection group information
ptp Show Precision Time Protocol (IEEE 1588) information
redundant-trunk-group Show redundant trunk group information
rip Show Routing Information Protocol information
ripng Show Routing Information Protocol for IPv6 information
route Show routing table information
rsvp Show Resource Reservation Protocol information
sap Show Session Announcement Protocol information
security Show security information
services Show services information
sflow Show sFlow information
shmlog Show log information
snmp Show Simple Network Management Protocol information
spanning-tree Show Spanning Tree Protocol information
spring-traffic-engineering Show ingress details of SPRING Traffic Engineering
ssl-certificates Show SSL certifcates
subscribers Show subscriber information
system Show system information
task Show routing protocol per-task information
ted Show Traffic Engineering Database information
telemetry-agentd Show agent information
uplink-failure-detection Show uplink failure detection information
v4ov6-tunnels Show information related to V4 over V6 tunnels
validation Show route validation information
version Show software process revision levels
virtual-chassis Show virtual chassis information
vlans Show VLANs information
vpls Show VPLS information
vrrp Show Virtual Router Redundancy Protocol information
Configuration Mode
The 3 basic steps to configure a device are:
- Make changes to the candidate configuration
-
Commit your changes
-
Candidate becomes active
There are 3 config modes: standard, exclusive and private.
You can enter modes with configure private, configure exclusive
Enable Telnet and Disable SSH and Web-management
set system services ftp
set system host-name juniper1
set services telnet
delete services web-managemen
delete services ssh
Test Driven Network Juniper Devices
There is a write up on jsnapy by keeping it classless about using jsnapy to test your juniper configurations.
Here is another post on test driven development for networks using ansible.
I wanted to test jsnapy with vqfx10k-vagrant but I couldn’t manage to access it via standard ssh, so the config file for jsnapy wouldn’t work. I couldn’t even ping the device when I gave it a private network.