Skip to main content

From IOS to Junos – Day 4

Not much done tonight, have been really busy.

BGP today :)

Notes from the day
Tried to acccess Junos4 10.254.200.4 but ssh failed.
Because of rushing yesterday I have not enabled ssh

configure
set system services ssh
commit

Entering configuration mode
Users currently editing the configuration:
root terminal v0 (pid 1364) on since 2011-10-05 19:18:27 UTC, idle 00:00:54
[edit]

[edit]
root@Junos4# set interfaces em1 unit 0 family i
^
'i' is ambiguous.
Possible completions:
> inet IPv4 parameters
> inet6 IPv6 protocol parameters
> iso OSI ISO protocol parameters
[edit]
root@Junos4# set interfaces em1 unit 0 family inet address 10.254.253.1/30

[edit]
root@Junos4# commit
commit complete

[edit]
root@Junos4#

root@Junos4# set routing-options autonomous-system 9999

[edit]
root@Junos4# edit protocols bgp

[edit protocols bgp]
[edit protocols bgp]
root@Junos4# set group 4to5 peer-as 9998

[edit protocols bgp]
root@Junos4# set group 4to5 type ?
Possible completions:
external EBGP group
internal IBGP group
[edit protocols bgp]
root@Junos4# set group 4to5 type external

[edit protocols bgp]
root@Junos4# set group 4to5 neighbor 10.254.253.2

[edit protocols bgp]
root@Junos4# commit
commit complete

[edit protocols bgp]
root@Junos4#

** did opositen on 5
root@Junos5# set routing-options autonomous-system 9999

[edit]
root@Junos5# edit protocols bgp

[edit protocols bgp]
[edit protocols bgp]
root@Junos5# set group 5to4 peer-as 9999

[edit protocols bgp]
root@Junos5# set group 5to4 type external

[edit protocols bgp]
root@Junos5# set group 5to4 neighbor 10.254.253.1

[edit protocols bgp]
root@Junos5# commit
commit complete

[edit protocols bgp]
root@Junos5#

***** BGP is up and running not I just need to advertise routes


root@Junos4> show bgp neighbor
Peer: 10.254.253.2+54064 AS 9998 Local: 10.254.253.1+179 AS 9999
Type: External State: Established Flags: <ImportEval Sync>
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: None
Options: <Preference PeerAS Refresh>
Holdtime: 90 Preference: 170
Number of flaps: 0
Peer ID: 10.254.200.5 Local ID: 10.254.200.4 Active Holdtime: 90
Keepalive Interval: 30 Peer index: 0
BFD: disabled, down
Local Interface: em1.0
NLRI for restart configured on peer: inet-unicast
NLRI advertised by peer: inet-unicast
NLRI for this session: inet-unicast
Peer supports Refresh capability (2)
Restart time configured on the peer: 120
Stale routes from peer are kept for: 300
Restart time requested by this peer: 120
NLRI that peer supports restart for: inet-unicast
NLRI that restart is negotiated for: inet-unicast
NLRI of received end-of-rib markers: inet-unicast
NLRI of all end-of-rib markers sent: inet-unicast
Peer supports 4 byte AS extension (peer-as 9998)
Peer does not support Addpath
Table inet.0 Bit: 10000
RIB State: BGP restart is complete
Send state: in sync
Active prefixes: 0
Received prefixes: 0
Accepted prefixes: 0
Suppressed due to damping: 0
Advertised prefixes: 0
Last traffic (seconds): Received 9 Sent 20 Checked 10
Input messages: Total 12 Updates 1 Refreshes 0 Octets 272
Output messages: Total 6 Updates 0 Refreshes 0 Octets 177
Output Queue[0]: 0

[edit]
root@Junos4# set policy-options policy-statement as_4to5_export
^
missing argument.

[edit]
root@Junos4# set policy-options policy-statement as_4to5_export term 1 from protocol ospf

What I Achieved



  • BGP Peering seemed pretty straight forward at this basic level

  • OSPF into BGP also good


 

Noteworth Though



  • BGP into OSPF seem more of a challenge

  • This page might be useful http://www.net-gyver.com/?page_id=1166 IOS---JUNOS command sheet




Comments

Popular posts from this blog

Break the Network Emulators out of the Cloud

Cisco IOU and JunoSphere Recently both Cisco and Juniper have announced the availability of online resources to provide hands on training over the internet. They have built software emulators in the cloud that can be accessed remotely for a cost. These solutions are based purely around the certification programs and therefore are pretty rigid in the topology that are provided, not to mention the re-occurring cost. http://www.juniper.net/us/en/company/press-center/press-releases/2011/pr_2011_05_16-03_01.html https://learningnetworkstore.cisco.com/market/prod/listSubCatLearnLab.se.work?TRGT=85&/nxt/rcrs/=2559 Rack Rentals There are training providers such as Internetwork Expert (http://www.ine.com/) and IPexpert (http://www.ipexpert.com/) who provide rack rentals based on their training materials. These guy cannot possibly compete going forward. To keep these sustainable they will need to reduce the overhead of building physical racks, providing power and space for the racks. Using e

VMWARE ESXi 5.0 Command line quickies

Hi, It has been a long time since my last posts, but recently I have been working on my home ESXi lab so I thought I would share. I switched over to using Apple Mac just over a year ago, so I don't have a windows machine running by default to run the vSphere client software and generally all I want to do is startup VMs and switch off the ESXi server when I am done. I did some searching and found that I could use vmware vim-cmd if I SSHed into the ESXi server. This need to be enabled at the console, then you can use putty or your tool of choice to connect. Anyway there are several commands the following to me are most useful. List all Virtual Machines vim-cmd vmsvc/getallvms Get a Virtual Machines state (on/off etc) vim-cmd  vmsvc/power.getstate Power on a virtual machine vim-cmd vmsvc/power.on Combining command to a one liner you can find out the power on state of all Virtual Machines vim-cmd vmsvc/getallvms && for x in `vim-cmd vmsvc/getallvms|

Where are all the AAA and PKI solutions gone for Dot1x

More Question than answers (This series will be based on an enterprise with >20,000 dot1x devices) I have been looking into dot1x authentication for Wired and Wireless devices based on device identity using x.509 Certificates. While I understand PKI, AAA, PEAP and sorts I had never really had the opertunity to bring these technologies together. I quickly found out that despite this stuff being around for years,  it was difficult to answer the following questions: Which PKI solution should I use? Which AAA solution should I use? How to setup the PKI solution? Does the PKI server need to be part of AD? What if the clients are not in AD e.g. Wireless Tablets? How do I issue certificates for devices? How to configure the devices (wired and wireless)? What AAA server do I use? How do configure the rules and policies and identify clients?   What are the answers? I am going to kick off a series here at networking-guru.net that tries to address the question above; I have l