Skip to main content

From IOS to Junos - Day 1

Notes from the day


I am just going to dump my text notes for the day, you have no idea how long it would take to format this stuff, and hell I do it to share, not to make profit.
cli
configure system
set root-authentication plain-text-password

set host-name Junos1
set domain-name jlab.com

commit

====== Lets get ip connectivity up and running

top
edit interfaces

set em0 unit 0 family inet address 192.168.1.70/24

**note unit 0 is logical and not physical but a bit like cisco default pysical interface
makes more sense in Junos

commit
***exit into operational mode >
ping 192.168.1.11 ---- working yippee

SSH and Telnet access
just check that I cannot telnet to ssh to routers

configure services

**should be in configure system

**tried configure system but could not jump to there, had to go to top then

configure system

set services telnet
set services ssh

**LOL - was trying to connect and still got "connection refused" have forgot to commit

commit

**Got connected with SSH - used root
**The server has disconnected with an error. Server message reads:
**A protocol error occurred. Change of username or service not allowed: (Junos3,ssh-connection) -> (root,ssh-connection)
**looks like I need to setup a user
**I setup a user admin, but still got the same problem ???

edit system login

set user admin class super-user authentication plain-text-password

**ok it was someting to do with my SSH client SecureCRT , I update the login username in the properties tabe.
**now I have ssh I will no longer use the console in VMWARE.

**NTP
**I can cut and paste from SSH session now

[edit system]
root@Junos1# set time-zone Europe/London

commit

**back in operation mode
root@Junos1> set date ntp 192.168.1.11
2 Oct 22:02:23 ntpdate[2768]: step time server 192.168.1.11 offset -29177.966741 sec

**Time seems ok, but get the following errors

root@Junos1% date
Sun Oct 2 22:10:07 BST 2011
root@Junos1% cli
root@Junos1> show ntp associations
localhost: timed out, nothing received
***Request timed out

root@Junos1> show ntp status
localhost: timed out, nothing received
***Request timed out

**lets setup loop10 then call it a night
**aahh looks like loop 0 is the only loopback on junos, need to update diagram

[edit interfaces]
root@Junos1# set lo0 unit 0 family inet address 10.254.200.1/32

[edit interfaces]
root@Junos1# commit
commit complete

C:\Users\JohnMcManus>ping 10.254.200.1

Pinging 10.254.200.1 with 32 bytes of data:
Reply from 10.254.200.1: bytes=32 time=3ms TTL=64
Reply from 10.254.200.1: bytes=32 time=1ms TTL=64
Reply from 10.254.200.1: bytes=32 time=1ms TTL=64
Reply from 10.254.200.1: bytes=32 time=1ms TTL=64

Ping statistics for 10.254.200.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 3ms, Average = 1ms

C:\Users\JohnMcManus>

**I setup my local gateway to route traffic to 10.254.200/24 via 192.168.1.70

 

 

What I achieved



  • Setup IP address

  • Setup users

  • Setup SSH/Telnet

  • Setup NTP -- Still to confirm fully

  • Setup Loopback interface


 

 

Noteworth thoughts


Loopback 0 is the only loopback interface  ? need to investigate more about getting different IP address into different routing protocols and vrf etc.

I don't really have a feel for jumping about the configuration hierarchy, not sure if this is because I am so uses to the flat system from IOS.

Also I tried a few help commands but not really finding it too intuitive at the moment

While looking for some help with NTP I cam across http://answers.oreilly.com/topic/2008-how-to-configure-a-junos-device/ which seems quite useful.

Feeling ok about jumping between operational mode and configuration mode

> or # and remembering to commit changes.

 

 

Comments

Popular posts from this blog

VMWARE ESXi 5.0 Command line quickies

Hi, It has been a long time since my last posts, but recently I have been working on my home ESXi lab so I thought I would share. I switched over to using Apple Mac just over a year ago, so I don't have a windows machine running by default to run the vSphere client software and generally all I want to do is startup VMs and switch off the ESXi server when I am done. I did some searching and found that I could use vmware vim-cmd if I SSHed into the ESXi server. This need to be enabled at the console, then you can use putty or your tool of choice to connect. Anyway there are several commands the following to me are most useful. List all Virtual Machines vim-cmd vmsvc/getallvms Get a Virtual Machines state (on/off etc) vim-cmd  vmsvc/power.getstate Power on a virtual machine vim-cmd vmsvc/power.on Combining command to a one liner you can find out the power on state of all Virtual Machines vim-cmd vmsvc/getallvms && for x in `vim-cmd vmsvc/getallvms|

Break the Network Emulators out of the Cloud

Cisco IOU and JunoSphere Recently both Cisco and Juniper have announced the availability of online resources to provide hands on training over the internet. They have built software emulators in the cloud that can be accessed remotely for a cost. These solutions are based purely around the certification programs and therefore are pretty rigid in the topology that are provided, not to mention the re-occurring cost. http://www.juniper.net/us/en/company/press-center/press-releases/2011/pr_2011_05_16-03_01.html https://learningnetworkstore.cisco.com/market/prod/listSubCatLearnLab.se.work?TRGT=85&/nxt/rcrs/=2559 Rack Rentals There are training providers such as Internetwork Expert (http://www.ine.com/) and IPexpert (http://www.ipexpert.com/) who provide rack rentals based on their training materials. These guy cannot possibly compete going forward. To keep these sustainable they will need to reduce the overhead of building physical racks, providing power and space for the racks. Using e

Where are all the AAA and PKI solutions gone for Dot1x

More Question than answers (This series will be based on an enterprise with >20,000 dot1x devices) I have been looking into dot1x authentication for Wired and Wireless devices based on device identity using x.509 Certificates. While I understand PKI, AAA, PEAP and sorts I had never really had the opertunity to bring these technologies together. I quickly found out that despite this stuff being around for years,  it was difficult to answer the following questions: Which PKI solution should I use? Which AAA solution should I use? How to setup the PKI solution? Does the PKI server need to be part of AD? What if the clients are not in AD e.g. Wireless Tablets? How do I issue certificates for devices? How to configure the devices (wired and wireless)? What AAA server do I use? How do configure the rules and policies and identify clients?   What are the answers? I am going to kick off a series here at networking-guru.net that tries to address the question above; I have l