Here are some Huawei switch configuration command and verification command is here.


1. Enter int to the privilege mode
<sw1>system view

2. Create the VLAN
[sw1]vlan 30
[sw1]des fiber

3. Configure interface trunk
[sw1]interface GigabitEthernet 0/0/1
[sw1-GigabitEthernet0/0/1]port link-type trunk

4. Configure interface access
[sw1-GigabitEthernet0/0/3]port link-type access
[sw1-GigabitEthernet0/0/4]port link-type access

5. Assign vlan to that port
[sw1]vlan 30
[sw1-vlan30]port GigabitEthernet 0/0/3
[sw1]vlan 30
[sw1-vlan30]port GigabitEthernet 0/0/4

6. Change port speed and duplex
[sw1]interface GigabitEthernet 0/0/3
[sw1-GigabitEthernet0/0/3]undo negotiation auto
[sw1-GigabitEthernet0/0/3]speed ?
  10                10M port speed mode
  100               100M port speed mode
  1000              1000M port speed mode
  auto-negotiation  Auto negotiation
[sw1-GigabitEthernet0/0/3]speed 100
[sw1]int gi0/0/4
[sw1-GigabitEthernet0/0/4]undo negotiation auto
[sw1-GigabitEthernet0/0/4]speed 100

[sw1-GigabitEthernet0/0/4]duplex ?
  full  Full-Duplex mode
  half  Half-Duplex mode
[sw1-GigabitEthernet0/0/4]duplex full


7. Configure VLAN and add VLAN in trunk port
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan 301 302
Info: This operation may take a few seconds. Please wait for a moment...done.

8. MST Configuration

[sw1]stp region-configuration
Info: Please activate the stp region-configuration after it is modified.
[sw1-mst-region]region-name JP
[sw1-mst-region]instance 1 vlan instance 1 vlan 10 20 30 to 50 600 to 616
[sw1-mst-region]instance 0 vlan 302

9. Create management interface
[sw1]interface Vlanif 25
Error: Can not create this interface because the interface number of this type has reached its maximum.
[sw1]undo interface Vlanif 1
[sw1-Vlanif25]ip add 10.10.10.11 255.255.255.0
[sw1-Vlanif25]ip route-static 0.0.0.0 0.0.0.0 129.102.0.2


10. Configure SSH

[sw1]rsa local-key-pair create
The key name will be: sw1_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       it will take a few minutes.
Input the bits in the modulus[default = 2048]:1024
Generating keys...
.....++++++
..........++++++
.................+++++
...+++++

11. Create local user
[sw1]aaa
[sw1-aaa]local-user jpudasaini password ?
  cipher               User password with cipher text
  irreversible-cipher  User password with irreversible-cipher text
  <cr>

[sw1-aaa]local-user jpudasaini password
Please configure the login password (8-16)
It is recommended that the password consist of at least 2 types of characters, including lowercase letters, uppercase letters, numerals and special characters.
Please enter password:
Please confirm password:
Info: Add a new user.

[sw1-aaa]local-user jpudasaini service-type ssh telnet

12. Configure telnet session
[sw1]stelnet server enable
[sw1]ssh authentication-type default password
[sw1]ssh user jpudasaini
[sw1]ssh user jpudasaini authentication-type password
[sw1]ssh user jpudasaini service-type stelnet


[sw1]user-interface vty 0 4
[sw1-ui-vty0-4]authentication-mode aaa
[sw1-ui-vty0-4]protocol inbound ssh



[sw1-aaa]local-user jpudasaini privilege level 15
[sw1-aaa]local-user jpudasaini service-type ssh
[sw1]ssh authentication-type default password

13. DHCP Snooping enable
[huawei-sw1]dhcp enable
[huawei-sw1]dhcp snooping enable ipv4
[huawei-sw1]dhcp server detect

[huawei-sw1]dhcp snooping check dhcp-rate enable
<huawei-sw1>display dhcp snooping
[huawei-sw1]dhcp snooping check dhcp-rate 50

14. Apply to VLAN
[huawei-sw1]vlan 301
[huawei-sw1-vlan301]dhcp snooping enable

15. Apply to Interface
[huawei-sw1-GigabitEthernet0/0/3]dhcp snooping enable
[huawei-sw1-GigabitEthernet0/0/3]dhcp snooping check dhcp-rate enable


16. Apply to Trunk port
[huawei-sw1-GigabitEthernet0/0/4]dhcp snooping trusted


17. Verify Command
[huawei-sw1]display dhcp snooping configuration    
#
dhcp snooping enable
dhcp snooping check dhcp-rate enable
dhcp snooping check dhcp-rate 50
dhcp server detect
#
vlan 301
 dhcp snooping enable
#
interface GigabitEthernet0/0/3
 dhcp snooping enable
 dhcp snooping check dhcp-rate enable
#
interface GigabitEthernet0/0/4
 dhcp snooping trusted

Hi, recently when I'm trying to install some linux daemon in CentOS 7 I have encountered a PERL issue, indicating that some module are missing e.g.

Can't locate sys/syslog.pm in @INC

It means it can't find the pear-sys-syslog. So I have to install this daemon to continue my installation. In my case its syslog.pm but you may encounter different than this. I mean the module name is different, but the error code is same. You need to search that package and install it. In my case I have just used this module

root@localhost#yum install -y perl-sys-syslog

Now the installation has been working. 

Here are some useful command in day to day life while troubleshooting the juniper switch. 

1. show mac add of specific vlan
  root@jpudasaini#show ethernet-switching table vlan 608

2. compare configure before commit
  root@jpudasaini#show | compare

3. check mac add
  root@jpudasaini#show ethernet-switching table brief

4. show perticular Mac in Juniper
  root@jpudasaini#show ethernet-switching table | match d4ca.6dea.d420

5. show port description/status
  root@jpudasaini#show interfaces descriptions statistics

6. Show configuration in configuration mode
  root@jpudasaini#show configuration | display set

7. show correctness of the command before commit
  root@jpudasaini#commit check

8. Show Link Layer detection Protocol 
  root@jpudasaini#show protocols lldp 

9. Show vlan in configuration mode
root@jpudasaini#show vlans | display set

Recently I encounter following problem while installing PEAR in Ubuntu 14.04 server, after long search I found that, it is a bug already reported a long before. Solution at bottom of the page.

root@dns:~# pear install DB
WARNING: "pear/DB" is deprecated in favor of "pear/MDB2"
WARNING: "pear/Console_Getopt" is deprecated in favor of "pear/Console_GetoptPlus"
downloading DB-1.8.2.tgz ...
Starting to download DB-1.8.2.tgz (131,693 bytes)
.............................done: 131,693 bytes
could not extract the package.xml file from "/build/buildd/php5-5.5.9+dfsg/pear-build-download/DB-1.8.2.tgz"
Download of "pear/DB" succeeded, but it is not a valid package archive
Error: cannot download "pear/DB"
downloading PEAR-1.9.5.tgz ...
Starting to download PEAR-1.9.5.tgz (290,006 bytes)
...done: 290,006 bytes
could not extract the package.xml file from "/build/buildd/php5-5.5.9+dfsg/pear-build-download/PEAR-1.9.5.tgz"
Download of "pear/PEAR" succeeded, but it is not a valid package archive
Error: cannot download "pear/PEAR"
downloading Archive_Tar-1.3.16.tgz ...
Starting to download Archive_Tar-1.3.16.tgz (20,024 bytes)
...done: 20,024 bytes
could not extract the package.xml file from "/build/buildd/php5-5.5.9+dfsg/pear-build-download/Archive_Tar-1.3.16.tgz"
Download of "pear/Archive_Tar" succeeded, but it is not a valid package archive
Error: cannot download "pear/Archive_Tar"
downloading Console_Getopt-1.4.0.tgz ...
Starting to download Console_Getopt-1.4.0.tgz (4,534 bytes)
...done: 4,534 bytes
could not extract the package.xml file from "/build/buildd/php5-5.5.9+dfsg/pear-build-download/Console_Getopt-1.4.0.tgz"
Download of "pear/Console_Getopt" succeeded, but it is not a valid package archive
Error: cannot download "pear/Console_Getopt"
downloading XML_Util-1.2.3.tgz ...
Starting to download XML_Util-1.2.3.tgz (17,134 bytes)
...done: 17,134 bytes
could not extract the package.xml file from "/build/buildd/php5-5.5.9+dfsg/pear-build-download/XML_Util-1.2.3.tgz"
Download of "pear/XML_Util" succeeded, but it is not a valid package archive
Error: cannot download "pear/XML_Util"
Download failed
install failed

Solution: Edit /usr/share/php/Archive/Tar.php find and replace the following 'gzopen' with gzopen64' and 'gzseek' with gzseek64' 

Hello fellow blog reader, after long gap I'm going to write this thread regarding the basic Juniper command and configuration. I try to include as much as troubleshooting/configuration command during day to day work.
I would like to thank to Srijan pointing the error on LACP command.

1. Set username for login
root@jpudasaini#set system root-authentication encrypted-password
New password:
Retype new password:

root@jpudasaini#set system login user jay full-name jaypudasaini uid 400 class super-user authentication encrypted-password


2. Hostname configuration.
root@switch#set system host-name jpudasaini
root@jpudasaini#

3. Set Tacplus authentication for juniper switch.
root@jpudasaini# set system authentication-order tacplus
root@jpudasaini# set system authentication-order password
root@jpudasaini# set system root-authentication encrypted-password "you password here"
root@jpudasaini# set system tacplus-server 10.10.10.10(your tacplus server IP) secret "your server password here"
root@jpudasaini#set system tacplus-options service-name test

4. Configuration VLAN(Group)
root@jpudasaini#set vlans Cust-Fiber vlan-id 500-550
root@jpudasaini#set vlans Cust-Wireless vlan-id 551-575
    single vlan
root@jpudasaini#set vlans Cust-A vland-id 25

5. Trunk Port Configuration
root@jpudasaini#set interfaces ge-0/0/9 description connect-to-sw2
root@jpudasaini#set interfaces ge-0/0/9 unit 0 family ethernet-switching port-mode trunk
root@jpudasaini#set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan members Cust-Fiber

6. Access Port Configuration
root@jpudasaini#set interfaces ge-0/0/0 description Link-to-sw3
root@jpudasaini#set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access
root@jpudasaini#set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members 25

7. Port Channel Configuration
root@jpudasaini#set chassis aggregated-devices ethernet device-count 10
root@jpudasaini#set interfaces ae0 description TR-2-Jpudasaini-Sw2
root@jpudasaini#set interfaces ae0 aggregated-ether-options lacp active
root@jpudasaini#set interfaces ae0 unit 0 family ethernet-switching port-mode trunk
root@jpudasaini#set interfaces ae0 unit 0 family ethernet-switching vlan members Cust-Fiber
root@jpudasaini#set interfaces ae0 unit 0 family ethernet-switching vlan members Cust-Wireless

8. Port Channel Assign to the Physical Port
root@jpudasaini#set interfaces ge-0/0/16 description test-sw1
root@jpudasaini#set interfaces ge-0/0/16 ether-options 802.3ad ae0
root@jpudasaini#set interfaces ge-0/0/17 description test-sw1
root@jpudasaini#set interfaces ge-0/0/17 ether-options 802.3ad ae0

9. Configuration management IP for switch.
root@jpudasaini#set interfaces vlan unit 20 family inet address 10.10.10.11/24

10. Configuration snmp.
root@jpudasaini#set snmp name Test-SNMP
root@jpudasaini#set snmp description test-sw2
root@jpudasaini#set snmp location "Jpudasaini-NOC"
root@jpudasaini#set snmp contact "system@jpudasaini.com.np"
root@jpudasaini#set snmp client-list list0 10.10.10.0/24
root@jpudasaini#set snmp community ax3R5vgW authorization read-only
root@jpudasaini#set snmp community ax3R5vgW client-list-name jpudasaini

11. Enable LLDP
root@jpudasaini# set protocols lldp interface all
root@jpudasaini#set protocols lldp-med interface all

12. Configure port as L3
root@jpudasaini#set interface ge-0/0/23 unit 0 family ethernet-switching port-mode trunk
root@jpudasaini#set interface ge-0/0/23 unit 0 family ethernet-switching vlan member 25
root@jpudasaini#set vlan Mgmt vlan-id 25
root@jpudasaini#set vlan Mgmt l3-interface vlan.25
root@jpudasaini#set interface vlan.250 family inet address xxx.xxx.xxx.xxx

13.Rate Limit
 Configure the policer

root@jpudasaini# set firewall policer Policer_2M if-exceeding bandwidth-limit 1M
root@jpudasaini# set firewall policer Policer_2M if-exceeding burst-size-limit 2k
root@jpudasaini# set firewall policer Policer_2M then discard

Configure the firewall filter

root@jpudasaini# set firewall family ethernet-switching filter Limit term 1 then accept
root@jpudasaini# set firewall family ethernet-switching filter Limit term 1 then policer Poicer_2M

Apply filter on interface (can be any interface as required)

root@jpudasaini# set interface ge-0/0/24.0 family ethernet-switching filter input Limit

Note: Remember that EX series switches apply rate limit only on ingress. 

Command:
interface fa0/2
switchchport mode access
switchport access vlan 30
switchport protected

Sometime I need to analyze network traffic from remote switch. Thus RSPAN is life saver. Go to the site and capturing the packets and analyze the packets is very time consuming. So here a small tutorial which explain how to configure packets with RSPAN.

SW1(This is the remote switch, Which is the source for our packets.)

sw1(config)#vlan 444
sw1(config-vlan)#remote-span
sw1(config)#monitor session 1 source interface Fa1/0/1 - 16
sw1(config)#monitor session 1 destination remote vlan 444



SW2(The destination switch where you going sniff the packets send my remote switch on case sw1.)
sw2(config)#vlan 444
sw2(config-vlan)#name RSPAN_VLAN
sw2(config-vlan)#remote-span

sw2(config)#monitor session 1 destination interface Gi0/17
sw2(config)#monitor session 1 source remote vlan 444

Now you can capture remote packets in port 17.

All these tutorial tested on cisco 3750 switch.