Skip to main content

From IOS to Junos – Day 4

Not much done tonight, have been really busy.

BGP today :)

Notes from the day
Tried to acccess Junos4 but ssh failed.
Because of rushing yesterday I have not enabled ssh

set system services ssh

Entering configuration mode
Users currently editing the configuration:
root terminal v0 (pid 1364) on since 2011-10-05 19:18:27 UTC, idle 00:00:54

root@Junos4# set interfaces em1 unit 0 family i
'i' is ambiguous.
Possible completions:
> inet IPv4 parameters
> inet6 IPv6 protocol parameters
> iso OSI ISO protocol parameters
root@Junos4# set interfaces em1 unit 0 family inet address

root@Junos4# commit
commit complete


root@Junos4# set routing-options autonomous-system 9999

root@Junos4# edit protocols bgp

[edit protocols bgp]
[edit protocols bgp]
root@Junos4# set group 4to5 peer-as 9998

[edit protocols bgp]
root@Junos4# set group 4to5 type ?
Possible completions:
external EBGP group
internal IBGP group
[edit protocols bgp]
root@Junos4# set group 4to5 type external

[edit protocols bgp]
root@Junos4# set group 4to5 neighbor

[edit protocols bgp]
root@Junos4# commit
commit complete

[edit protocols bgp]

** did opositen on 5
root@Junos5# set routing-options autonomous-system 9999

root@Junos5# edit protocols bgp

[edit protocols bgp]
[edit protocols bgp]
root@Junos5# set group 5to4 peer-as 9999

[edit protocols bgp]
root@Junos5# set group 5to4 type external

[edit protocols bgp]
root@Junos5# set group 5to4 neighbor

[edit protocols bgp]
root@Junos5# commit
commit complete

[edit protocols bgp]

***** BGP is up and running not I just need to advertise routes

root@Junos4> show bgp neighbor
Peer: AS 9998 Local: AS 9999
Type: External State: Established Flags: <ImportEval Sync>
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: None
Options: <Preference PeerAS Refresh>
Holdtime: 90 Preference: 170
Number of flaps: 0
Peer ID: Local ID: Active Holdtime: 90
Keepalive Interval: 30 Peer index: 0
BFD: disabled, down
Local Interface: em1.0
NLRI for restart configured on peer: inet-unicast
NLRI advertised by peer: inet-unicast
NLRI for this session: inet-unicast
Peer supports Refresh capability (2)
Restart time configured on the peer: 120
Stale routes from peer are kept for: 300
Restart time requested by this peer: 120
NLRI that peer supports restart for: inet-unicast
NLRI that restart is negotiated for: inet-unicast
NLRI of received end-of-rib markers: inet-unicast
NLRI of all end-of-rib markers sent: inet-unicast
Peer supports 4 byte AS extension (peer-as 9998)
Peer does not support Addpath
Table inet.0 Bit: 10000
RIB State: BGP restart is complete
Send state: in sync
Active prefixes: 0
Received prefixes: 0
Accepted prefixes: 0
Suppressed due to damping: 0
Advertised prefixes: 0
Last traffic (seconds): Received 9 Sent 20 Checked 10
Input messages: Total 12 Updates 1 Refreshes 0 Octets 272
Output messages: Total 6 Updates 0 Refreshes 0 Octets 177
Output Queue[0]: 0

root@Junos4# set policy-options policy-statement as_4to5_export
missing argument.

root@Junos4# set policy-options policy-statement as_4to5_export term 1 from protocol ospf

What I Achieved

  • BGP Peering seemed pretty straight forward at this basic level

  • OSPF into BGP also good


Noteworth Though

  • BGP into OSPF seem more of a challenge

  • This page might be useful IOS---JUNOS command sheet


Popular posts from this blog

ASR1006 Dual Route Processors Password Recovery - Tip

I recently ran into an issue when trying to perform dual route processors password recovery on a Cisco  ASR1006
After breaking into rommon mode and using confreg to ignore the startup configuration, during the rest the ASR1006 loaded the startup configuration!!!!!!!!
So quick and simple, I pulled one of the RP and preformed password recovery running on a single RP. All went according to the Cisco documentation

After the system running on a single RP was recovered and fully booted I waiting for 5 minutes just to be sure; then I inserted the second RP and allowed everything to sync up.

All was well again :) phew

Note: The system was previously fully functioning with dual RPs; a configuration error was made during Tacacs+ configuration which resulted in lockout.

I hit an issue recovering and ASR with dual RPs, so rather that spending hour researching, I decided very quickly to go …

Where are all the AAA and PKI solutions gone for Dot1x

More Question than answers
(This series will be based on an enterprise with >20,000 dot1x devices)

I have been looking into dot1x authentication for Wired and Wireless devices based on device identity using x.509 Certificates. While I understand PKI, AAA, PEAP and sorts I had never really had the opertunity to bring these technologies together. I quickly found out that despite this stuff being around for years,  it was difficult to answer the following questions:

Which PKI solution should I use?
Which AAA solution should I use?
How to setup the PKI solution?
Does the PKI server need to be part of AD?
What if the clients are not in AD e.g. Wireless Tablets?
How do I issue certificates for devices?
How to configure the devices (wired and wireless)?
What AAA server do I use?
How do configure the rules and policies and identify clients?

What are the answers?
I am going to kick off a series here at that tries to address the question above; I have limited time but hopefully I can …


This is a straightforward no nonsense Subnet Calculator. It does however allow you to pull up the subnet information you have been working on in the iPhone Todays Widget View. This means that the subnet information is just a slide away.

Developed my me. Now Available