Differences between IOS and JUNOS.
1) JUNOS can be managed using the following options:
CLI – Console, SSh and Telnet
J-Web
SNMP
Junoscope
Junos Script API
NETCONF API
SDX Service Deployment System
2) Using pipe show interfaces terse show interfaces terse | match se-3 show interfaces terse | except fe- show interfaces terse | count
3) configuration structure
IOS has some hierarchy but many are global. The opposite is the same for JUNOS.
; – no further sublevels
{} – additional levels
4) JUNOS has an active and candidate configuration. Candidate configuration is a copy of the active configuration. IOS does not have candidate configurations.
configure private command – only the changes that I have made are intergrated into the configuration. Several users can make changes at the same time.
Example: Configure edit command is used to move to lower hierarchy edit interface se-1/0/0 edit unit 0 set family inet address 10.10.10.1/30 show delete family inet address 10.10.10.1/30 delete family inet up - go up one level of the hierarchy top - to the top level set interface se-0/0/0 unit 0 family inet add 10.10.10.1/30
5) Operational-mode
Use the run command in the configuration mode to achieve the same output as the do command in IOS
Example:
run show interfaces terse
6) Ports that are not yet installed can be configured and then activated at a later time.
set neighbour deactivate neighbour activate neighbour
7) Moving configuration from port to port
show interfaces rename interfaces fe-2/0/1 to fe-2/0/0 show interfaces commit run show interfaces terse | match fe-2
8) Replicate an existing command and only make a few changes
copy interfaces fe-2/0/1 to fe-3/0/1 edit int fe-3/0/1 unit 240 family inet rename address 10.10.10.10/30 to address 10.10.10.3/20 top show interfaces fe-3/0/1
9) An interface can have as many addresses as needed. show set unit 240 family inet address 10.14.250.17/28 set unit 240 family inet address 10.14.250.33/28 set unit 240 family inet address 10.14.250.49/28 set unit 240 family inet address 10.14.250.65/28 show
To make an IP address the main IP address: set unit 240 family inet address 10.14.250.33/28 primary
Change an IP address:
rename unit 240 family inet address 10.14.250.65/28 to address 10.14.150.65/28
10) The commit command is used to activate the changes
commit check - check the changes made without commiting them commit at 23:00 - schedule commit for a future time commit confirmed 1 - commits changes immediately commit and-quit - commits and returns to priviledged exec mode
11) Rolling back changes
Undoes changes :
rollback rollback 0 show | compare rollback 2 - compares the candidate config with the second show | compare - difference between the current config and the candidate config
12) Interface Configuration
fe-2/1/0 fpc slot 2 pic in slot 1 port 0
PIC Slots are numbered right to left
FPCs are numbered top to bottom
Special inerfaces:
lo0 – Loopback interface
fxp0 – out of band FE interface for management (only in some series)
All physical interfaces have logical interfaces called units. Layer 3 parameters are made in units.
Layer 2 parameters are configured at the physical interface.
Some configurations can only be done on unit 0
The unit concept is the same as subinterfaces
inet – ipv4 configuration
inet6 – ipv6 configuration
mpls – mpls config
Changing speed and duplex: set speed 100m set link-mode full-duplex
Giga config: set gigether-options auto-negotiation set gigether-options flow-control
Vlan config:
Vlan tags are configured in the unit level
set vlan-tagging -> enable vlan tagging set unit 201 vlan-id 201 set unit 201 family inet add 10.10.10.10/24
EtherChannel Link aggregation steps: * Create aggregated interfaces set ethernet device-count 1 top
* Associate physical interfaces with the aggregated interfaces set interfaces fe-4/0/2 fastether-options 802.3ad ae0 set interfaces fe-4/0/3 fastether-options 802.3ad ae0
* Configure the aggregated ethernet interface set interfaces ae0 aggregated-ether-options lacp active set interfaces ae0 unit 0 family inet address 10.10.10.10/24
Layer 1 Properties: set t1-options line-encoding ami set t1-options framing sf set t1-options line-encoding b8zs set t1-options framing esf
Interface encapsulaton:
HDLC
set encapsulation cisco-hdlc set unit 0 family inet address 10.10.10.10/20
PPP - this is the default set encapsulation ppp set ppp-options compress acfc pfc
FRAMERELAY set unit 0 dlci 511 -----multipoint---- set unit 0 multipoint set address 10.10.10.10/31 multipoint-destination 10.10.5.2 dlci 511 up 2
12) Monitoring interfaces
show interfaces descriptions show interfaces terse (show ip int bri: IOS) show interfaces fe-2/0/1 show interfaces fe-2/0/1 brief show interfaces fe-2/0/1 detail - show interfaces fe-2/0/1 extensive - shows layer 2 errors
13) FIREWALLS
Access List (Firewall filters):
firewall family inet filter sample-filter (name of the filter) term block-bad-subnet (each access list line )
Default is deny (discard – just dropped, rejected – drops and sends a message)
edit filter sample-filter term block-bad-subnet from set source-address 192.168.10.0/24 set source-address 192.168.20.0/24 annotate
14) Routing protocols
show route show ospf show bgp neighbour set static route 10.10.10.10/24 next-hop se-1/0/0.0 set static route default next-hop 10.10.10.10 set qualified-next-hop 10.10.10.10 show route hidden show route 10.10.10.10 show route receive-protocol show route advertising-protocol
OSPF: edit protocols ospf set area 2 interface fe-0/0/0.0 set area 2 interface fe-0/0/0.0 passive set area 2 interface fe-0/0/0.0 metric 200
stub set area 2 stub nssa set area 2 nssa set area 2 stub default-metric 1 set area 2 nssa default-lsa default-metric 1
set area 0 interface fe-0/0/1.0 set export my-export-policy -> inject additional routes into ospf set export static-to-ospf set interface fe-0/0/0.0 authentication md5 1 key testkey show | no-more show ospf database show ospf interface show ospf interface fe-0/01.0 extensive show ospf neighbor show route protocol ospf
BGP:
edit routing-options set autonomous-system 65432 edit protocols bgp edit group ISP-A edit descriprion "All BGP Partners" set peer-as 64512 set neighbor 10.10.10.10 set neighbor 10.20.20.20 set neighbor 10.10.10.10 description "partner A" set neighbor 10.10.10.10 peer-as 65333 up
Import policy – controls which routes the router will accept from a neighbour
Export policy – controls which routes the router will accept from a neighbour
edit policy-options show bgp summary show bgp neighbor show route receive-protocol bgp 10.10.10.10 show route advertising-protocol bgp 10.10.10.10
CyberSecFaith 