I know a bit about networking - IP addresses, different layers, HTTP, DNS, ethernet cables, default gateway, routers, switches, TCP/UDP and DHCP. However, this is mainly from a home network perspective.
Getting into bigger and more advanced networking - I don't know my arse from my elbow.
I do know quite a bit of stuff from server to application though and the automating of deploys, continuious integration and continuous delivery. At work they use Juniper MX routers, so I wanted to see what I could do with Juniper:
I found this post...get started with Junos quickly
So you can get a Juniper switch running locally on your pc with vqfx10k-vagrant
So now I have a juniper switch up and running in vagrant on my pc, a virtual instance of the switches below.
The next step is exploring the junOS cli with this Juniper Day One Book
The next thing to look at is the Junos CLI.
In operation mode - you are managing and monitoring device operations
Then there is configuration mode - where you configure the device and its interfaces - including access, interfaces, protocols, security services and system hardware.
Oftentimes: routers, switches, security devices are on a subnet behind a gateway that prevents unauthorized access to these devices.
then log into the device
The operation command prompt is: >
The configuration command prompt is: #
To go into configuration mode, type:
Exit configuration mode with
Abreviations are autompleted, eg
To view possible commands type:
- show `?`
- ping `?`
- traceroute `?`
help apropos <command> when you remember some of the command but not the whole thing
You can also pipe commands, example storing support info to a file:
vagrant@vqfx-re> request support information | save support_file.txt Wrote 6929 lines of output to 'support_file.txt'
To check available commands with a pipe:
vagrant@vqfx-re> show interfaces | ? Possible completions: append Append output text to file count Count occurrences display Show additional kinds of information except Show only text that does not match a pattern find Search for first occurrence of pattern hold Hold text without exiting the --More-- prompt last Display end of output only match Show only text that matches a pattern no-more Don't paginate output refresh Refresh a continuous display of the command request Make system-level requests resolve Resolve IP addresses save Save output text to file tee Write to standard output and file trim Trim specified number of columns from start of line
Multiple pipes are seen as a logical
Remember a C Shell is
% and a bournce shell prompt is
In operation mode you can start a shell with :
In configuration mode you start the shell with:
run start shell or
run start shell sh
vagrant@vqfx-re> ? Possible completions: clear Clear information in the system configure Manipulate software configuration information file Perform file operations help Provide help information load Load information from file monitor Show real-time debugging information mtrace Trace multicast path from source to receiver op Invoke an operation script ping Ping remote target quit Exit the management session request Make system-level requests restart Restart software process save Save information to file set Set CLI properties, date/time, craft interface message show Show system information ssh Start secure shell on another host start Start shell telnet Telnet to another host test Perform diagnostic debugging traceroute Trace route to remote host
Showing device status:
vagrant@vqfx-re> show ? Possible completions: access-cac Show access cac under enhanced-broadband-edge access-security Show access security information accounting Show accounting profiles and records agent Show SDN agent information analytics Show Analytics information app-engine Show App-engine information arp Show system Address Resolution Protocol table entries as-path Show table of known autonomous system paths authentication-whitelist Show 802.1X White List MAC addresses auto-bandwidth Show auto-bandwidth information auto-configuration Show auto-configuration backup-selection Show backup selection policies information bfd Show Bidirectional Forwarding Detection information bgp Show Border Gateway Protocol information captive-portal Show captive portal information chassis Show chassis information class-of-service Show class-of-service (CoS) information cli Show command-line interface settings configuration Show current configuration connections Show circuit cross-connect connections database-replication Show database replication information dcbx Show DCBX protocol information ddos-protection Show DDOS information dhcp Show Dynamic Host Configuration Protocol information dhcp-security Show DHCP access security information dhcpv6 Show Dynamic Host Configuration Protocol v6 information diagnostics Show diagnostics information diameter Show diameter information dot1x Show 802.1X information dynamic-profile Show dynamic profile information dynamic-tunnels Show dynamic tunnel information information ephemeral-configuration Show ephemeral configuration ethernet-switching Show ethernet switching information event-options Show event-options information evpn Show EVPN information extension-service Extension service information firewall Show firewall information forwarding-options Show forwarding-options information helper Show port-forwarding helper information hfrr Show information related to Host (Direct route) Fast reroute host Show hostname information from domain name server iccp Show Inter Chassis Control Protocol information igmp Show Internet Group Management Protocol information ike Show Internet Key Exchange information ilmi Show interim local management interface information ingress-replication Show Ingress-Replication tunnel information interfaces Show interface information ipsec Show IP Security information ipv6 Show IP version 6 information isis Show Intermediate System-to-Intermediate System information jdaf Show JDAF information l2circuit Show Layer 2 circuit information l2cpd Show l2cpd information l2vpn Show Layer 2 VPN information lacp Show Link Aggregation Control Protocol information ldp Show Label Distribution Protocol information link-management Show link management information lldp Show Link Layer Discovery Protocol information log Show contents of log file loop-detect Show loop detect information mac-refresh Display mac-refresh is enabled on interface or not mac-rewrite Show layer 2 protocol tunneling information mld Show multicast listener discovery information mpls Show mpls information msdp Show Multicast Source Discovery Protocol information multi-chassis multicast Show multicast information mvpn Show Multicast Virtual Private Network (MVPN) information mvrp Show MVRP Protocol information network-access Show network-access related information nonstop-routing Show nonstop routing information ntp Show Network Time Protocol information oam Show OAM-related information ospf Show Open Shortest Path First information ospf3 Show Open Shortest Path First version 3 information ovsdb Show Virtual-Tunnel End-point gateway information path-computation-client Show Path Computation Client information performance-monitoring Show performance monitoring statistics pfe Show Packet Forwarding Engine information pim Show Protocol Independent Multicast information policer Show interface policer counters and information policy Show policy information programmable-rpd Show RPD Server information protection-group Show protection group information ptp Show Precision Time Protocol (IEEE 1588) information redundant-trunk-group Show redundant trunk group information rip Show Routing Information Protocol information ripng Show Routing Information Protocol for IPv6 information route Show routing table information rsvp Show Resource Reservation Protocol information sap Show Session Announcement Protocol information security Show security information services Show services information sflow Show sFlow information shmlog Show log information snmp Show Simple Network Management Protocol information spanning-tree Show Spanning Tree Protocol information spring-traffic-engineering Show ingress details of SPRING Traffic Engineering ssl-certificates Show SSL certifcates subscribers Show subscriber information system Show system information task Show routing protocol per-task information ted Show Traffic Engineering Database information telemetry-agentd Show agent information uplink-failure-detection Show uplink failure detection information v4ov6-tunnels Show information related to V4 over V6 tunnels validation Show route validation information version Show software process revision levels virtual-chassis Show virtual chassis information vlans Show VLANs information vpls Show VPLS information vrrp Show Virtual Router Redundancy Protocol information
The 3 basic steps to configure a device are:
- Make changes to the candidate configuration
Commit your changes
Candidate becomes active
There are 3 config modes: standard, exclusive and private.
You can enter modes with
Enable Telnet and Disable SSH and Web-management
set system services ftp set system host-name juniper1 set services telnet delete services web-managemen delete services ssh
Test Driven Network Juniper Devices
There is a write up on jsnapy by keeping it classless about using jsnapy to test your juniper configurations.
Here is another post on test driven development for networks using ansible.
I wanted to test jsnapy with vqfx10k-vagrant but I couldn't manage to access it via standard ssh, so the config file for jsnapy wouldn't work. I couldn't even ping the device when I gave it a private network.