JRam

Juniper switch Basic Configuration Commands

j December 31, 2014

Hello fellow blog reader, after long gap I'm going to write this thread regarding the basic Juniper command and configuration. I try to include as much as troubleshooting/configuration command during day to day work.
I would like to thank to Srijan pointing the error on LACP command.

1. Set username for login
root@jpudasaini#set system root-authentication encrypted-password
New password:
Retype new password:

root@jpudasaini#set system login user jay full-name jaypudasaini uid 400 class super-user authentication encrypted-password

2. Hostname configuration.
root@switch#set system host-name jpudasaini
root@jpudasaini#

3. Set Tacplus authentication for juniper switch.
root@jpudasaini# set system authentication-order tacplus
root@jpudasaini# set system authentication-order password
root@jpudasaini# set system root-authentication encrypted-password "you password here"
root@jpudasaini# set system tacplus-server 10.10.10.10(your tacplus server IP) secret "your server password here"
root@jpudasaini#set system tacplus-options service-name test

4. Configuration VLAN(Group)
root@jpudasaini#set vlans Cust-Fiber vlan-id 500-550
root@jpudasaini#set vlans Cust-Wireless vlan-id 551-575
single vlan
root@jpudasaini#set vlans Cust-A vland-id 25

5. Trunk Port Configuration
root@jpudasaini#set interfaces ge-0/0/9 description connect-to-sw2
root@jpudasaini#set interfaces ge-0/0/9 unit 0 family ethernet-switching port-mode trunk
root@jpudasaini#set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan members Cust-Fiber

6. Access Port Configuration
root@jpudasaini#set interfaces ge-0/0/0 description Link-to-sw3
root@jpudasaini#set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access
root@jpudasaini#set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members 25

7. Port Channel Configuration
root@jpudasaini#set chassis aggregated-devices ethernet device-count 10
root@jpudasaini#set interfaces ae0 description TR-2-Jpudasaini-Sw2
root@jpudasaini#set interfaces ae0 aggregated-ether-options lacp active
root@jpudasaini#set interfaces ae0 unit 0 family ethernet-switching port-mode trunk
root@jpudasaini#set interfaces ae0 unit 0 family ethernet-switching vlan members Cust-Fiber
root@jpudasaini#set interfaces ae0 unit 0 family ethernet-switching vlan members Cust-Wireless

8. Port Channel Assign to the Physical Port
root@jpudasaini#set interfaces ge-0/0/16 description test-sw1
root@jpudasaini#set interfaces ge-0/0/16 ether-options 802.3ad ae0
root@jpudasaini#set interfaces ge-0/0/17 description test-sw1
root@jpudasaini#set interfaces ge-0/0/17 ether-options 802.3ad ae0

9. Configuration management IP for switch.
root@jpudasaini#set interfaces vlan unit 20 family inet address 10.10.10.11/24

10. Configuration snmp.
root@jpudasaini#set snmp name Test-SNMP
root@jpudasaini#set snmp description test-sw2
root@jpudasaini#set snmp location "Jpudasaini-NOC"
root@jpudasaini#set snmp contact "system@jpudasaini.com.np"
root@jpudasaini#set snmp client-list list0 10.10.10.0/24
root@jpudasaini#set snmp community ax3R5vgW authorization read-only
root@jpudasaini#set snmp community ax3R5vgW client-list-name jpudasaini

11. Enable LLDP
root@jpudasaini# set protocols lldp interface all
root@jpudasaini#set protocols lldp-med interface all

12. Configure port as L3
root@jpudasaini#set interface ge-0/0/23 unit 0 family ethernet-switching port-mode trunk
root@jpudasaini#set interface ge-0/0/23 unit 0 family ethernet-switching vlan member 25
root@jpudasaini#set vlan Mgmt vlan-id 25
root@jpudasaini#set vlan Mgmt l3-interface vlan.25
root@jpudasaini#set interface vlan.250 family inet address xxx.xxx.xxx.xxx

13.Rate Limit
Configure the policer

root@jpudasaini# set firewall policer Policer_2M if-exceeding bandwidth-limit 1M
root@jpudasaini# set firewall policer Policer_2M if-exceeding burst-size-limit 2k
root@jpudasaini# set firewall policer Policer_2M then discard

Configure the firewall filter

root@jpudasaini# set firewall family ethernet-switching filter Limit term 1 then accept
root@jpudasaini# set firewall family ethernet-switching filter Limit term 1 then policer Poicer_2M

Apply filter on interface (can be any interface as required)

root@jpudasaini# set interface ge-0/0/24.0 family ethernet-switching filter input Limit

Note: Remember that EX series switches apply rate limit only on ingress.

Tags # Juniper # network Continue Reading

Cisco Protected Port

j October 29, 2014

I can see in my network any customer can communicate to any one on the same VLAN. Basically when ever any unknown packets ingress into the switch. Switch found no record in CAM table, so that frame flood every port of the respected VLAN, except the frame received port. Such a communication can very dangerous for the service provider and its customer. Because any one can sniff or send information to other customer in same VLAN.

Broadcast packet also flooded into the network that can bottleneck our network. The way to protect such a bottleneck of the network we can configure switch port as protected port thus no port can directly communicated in a same broadcast domain.

Command:
interface fa0/2
switchchport mode access
switchport access vlan 30
switchport protected

This way we can protect the user in same VLAN. Protected port only be configured in edge port not the trunk port or L3 connected port. Now the protected port prevent any unicast, broadcast or multicast packet entering to the same switch interface. But traffic forwarded to same domain can be communicated through L3 device like router.

Tags # cisco # hack # network Continue Reading

How To Configure RSPAN on Cisco Switch

j October 08, 2014

Sometime I need to analyze network traffic from remote switch. Thus RSPAN is life saver. Go to the site and capturing the packets and analyze the packets is very time consuming. So here a small tutorial which explain how to configure packets with RSPAN.

SW1(This is the remote switch, Which is the source for our packets.)

sw1(config)#vlan 444
sw1(config-vlan)#remote-span
sw1(config)#monitor session 1 source interface Fa1/0/1 - 16
sw1(config)#monitor session 1 destination remote vlan 444

SW2(The destination switch where you going sniff the packets send my remote switch on case sw1.)
sw2(config)#vlan 444
sw2(config-vlan)#name RSPAN_VLAN
sw2(config-vlan)#remote-span

sw2(config)#monitor session 1 destination interface Gi0/17
sw2(config)#monitor session 1 source remote vlan 444

Now you can capture remote packets in port 17.

All these tutorial tested on cisco 3750 switch.

Tags # cisco # network Continue Reading

Cisco IOS Upgrade

j September 30, 2014

All these tasks have been done in production environment. I upgraded almost 50 switch IOS in production environment. In my case I don't removed working IOS from the 2950 switch. You may encounter low flash memory during the up-gradation of the new IOS. If that happen do see at the bottom of this tutorial where I had mention how to recover some more space for IOS up-gradation.

Step1:
Fist of all create tftp server in one of the updated IOS switch.
sw2(config)#tftp-server c2950-i6k2l2q4-mz.121-22.EA14.bin

Step2:
Then go to the remote switch where you want to upgrade IOS with new version.

sw1#copy tftp: flash:
Address or name of remote host [100.100.255.47]?
Source filename [100.100.255.47]? c2950-i6k2l2q4-mz.121-22.EA14.bin
Destination filename [c2950-i6k2l2q4-mz.121-22.EA14.bin]?
Accessing tftp://100.100.255.47/c2950-i6k2l2q4-mz.121-22.EA14.bin...
Loading c2950-i6k2l2q4-mz.121-22.EA14.bin from 100.100.255.47 (via Vlan2): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 3722814 bytes]

3722814 bytes copied in 143.124 secs (26011 bytes/sec)

Step3.
Check your copied IOS in the switch.

sw1(config)#do dir flash:
Directory of flash:/

2 -rwx 864 Mar 01 1993 05:45:31 +05:45 vlan.dat
3 -rwx 13499 Sep 23 2014 22:17:39 +05:45 config.text
4 -rwx 1952 Sep 23 2014 22:17:39 +05:45 private-config.text
5 -rwx 3722112 Mar 01 1993 07:33:24 +05:45 c2950-i6k2l2q4-mz.121-22.EA12
6 -rwx 5871 Mar 01 1993 06:18:00 +05:45 sw1-config
7 -rwx 43 Mar 01 1993 07:37:36 +05:45 env_vars
8 -rwx 3722814 Sep 24 2014 12:30:41 +05:45 c2950-i6k2l2q4-mz.121-22.EA14.bin
305 -rwx 5168 Mar 01 1993 08:37:25 +05:45 running-config1
306 -rwx 1048 Sep 23 2014 22:17:39 +05:45 multiple-fs

7741440 bytes total (263680 bytes free)

Step5.
Verify the IOS if corrupted while copying form remote system to the destination system.

sw1#verify /md5 flash:c2950-i6k2l2q4-mz.121-22.EA14.bin
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Done!
verify /md5 (flash:c2950-i6k2l2q4-mz.121-22.EA14.bin) = 8d3250ee253b81b7fe2762e281773fbc

Step6.
Now boot system

sw1(config)#boot system c2950-i6k2l2q4-mz.121-22.EA14.bin

Step7.
Write into the memory, otherwise your system may not boot from the new IOS or if you removed working IOS you system may not found any IOS.

sw1#wr memory
Building configuration...
[OK]

sw1#reload
System configuration has been modified. Save? [yes/no]: y
Building configuration...
[OK]

Step8.
Now check your system boot from new IOS

sw1#sh ver | inc image
System image file is "flash:/c2950-i6k2l2q4-mz.121-22.EA14"
Proceed with reload? [confirm]

How to recover extra space in 2950 switch.

In case you may have little space in switch, your new IOS have "3722814" size and switch only left "2220544" bytes free, in my case I don't need html file so I delete it form the switch.
sw1#dir flash:
Directory of flash:/

2 -rwx 3722112 Apr 08 2013 11:13:12 +05:45 c2950-i6k2l2q4-mz.121-22.EA12
3 -rwx 796 Mar 01 1993 05:45:28 +05:45 vlan.dat
4 drwx 4224 Mar 14 2008 11:52:14 +05:45 html
79 -rwx 1048 Sep 23 2014 17:05:12 +05:45 multiple-fs
81 -rwx 12534 Sep 23 2014 17:05:12 +05:45 config.text
83 -rwx 1958 Sep 23 2014 17:05:12 +05:45 private-config.text

7741440 bytes total (2220544 bytes free)

sw1#delete /f /r flash:html
Delete filename [html]?

Tags # cisco # network Continue Reading

Mikrotik Hotspot Redirect After Login

j August 22, 2014

This tutorial assumed you already create Hotspot in your router. If you don't know how to create a hotspot in Mikrotik router, click here and create the Hotspot. .

After successfully creating the hotspot server go to "Files" Menu of the main Window of Mikrotik router Copy "hotspot" folder into your PC.

Open "alogin" file with text editor

Replace "link-redirect" text with your desire URL

Now you're done! After successfully logging into the Hotspot server your client automatically redirects to your external link.

Don't forget to copy this folder into Mikrotik Router "Files" Menu. You can also drag and drop this folder into "Files" menu.

Tags # mikrotik # network Continue Reading

Recover password Cisco Catalyst Switch 2950/2970

j August 21, 2014

Power of the switch. Hold down the mode button located on the left side of the front panel, reconnect the power cable to the switch. After few seconds you can see switch: prompt: then release the Mode button when the Status (STAT) LED goes out. (When you release the Mode button, the SYST LED blinks amber).

1. The following instructions appear:
The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:
flash_init
load_helper
boot
switch:

2. Now follow the following command

switch: flash_init
switch: dir flash
switch: rename flash:config.text flash:config.old
switch: boot

3. Enter "n" at the prompt to start the setup program

--- System Configuration Dialog ---
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Continue with configuration dialog? [yes/no]: n

!--- Press Return or Enter.

Switch>

!--- The Switch> prompt is displayed.

switch>en
switch#

4. Type rename flash:config.old flash:config.text to rename the configuration file with its original name.

Switch#rename flash:config.old flash:config.text
Destination filename [config.text]
Switch#

5. Copy the configuration file into memory

Switch#copy flash:config.text system:running-config

6. Change the password

Switch#configure terminal
Switch(config)#no enable secret
Switch(config)#enable secret Cisco
Switch(config)#end

7. Write the into the memory.

Switch#write memory
Building configuration...
[OK]
Switch#

Tags # cisco # network Continue Reading

Reset password Cisco Catalyst Switch 2950/2970

j August 21, 2014

To reset password of 2970 Switch, power off the switch and press MODE button then power it on, take a look at the SYS led when it glows green leave the mode button. To recover the password click here.

Now your are in switch: prompt mode.
switch: flash_init
switch: dir flash: