Juniper Networks Certified Internet Associate-JNCIA
JNCIA-ER Lab Manual
Developed by
M. Irfan Ghauri M. Tanzeel Nasir
C-32/1 Block-5 Gulshan-e-Iqbal, Karachi ESP Press Ph #0213-6034003 Copyrights 2011
1
LAB.LAB.LAB.LAB. LABS DESCRIPTIONLABS DESCRIPTIONLABS DESCRIPTIONLABS DESCRIPTION PAGE NO.PAGE NO.PAGE NO.PAGE NO.
1
Junos Basic and J-web Basics
2
2 Accessing the Juniper Router through Telnet/SSH/HTTP
11
3 Static Routing
12
4 Dynamic Routing 1. RIP 2. OSPF
14 16
5 Firewall Filtering 1. Simple Firewall Filtering 2. Advance firewall Filtering
18 20
6
Port Address Translation (PAT)
22
7
Implement VRRP
24
8 Inter-vlan routing
26
9 Configuring dhcp
28
10 MLPPP 30
11 Password recovery
31
12 PPP Authentication
33
2
Lab # 1
Junos Basic Configuration After connecting your PC to the Console Port. LOGIN:root PASSWORD:abc123 Root @% To Enter Into Operational Mode From Unix Shell & Vice- Versa. Root @% cli Root > To Enter Into Configuration Mode. Root> configure Entering configuration mode Root # Jweb equivalent : Configuration Use Commit command to activate your changes. Root# commit To change the Host Name of Router. Root# set system host-name host Root# commit
3
Jweb equivalent : Configuration > Quick Configuration > setup Set the System Date & Time on the Router Root> set date 12:10:8 (hh:mm:ss) Root> set date 2009-10-6 (YY-MM-DD) Root# commit Jweb equivalent : Configuration > Quick Configuration > setup (set time manually) Verify the System Date & Time on the Router Root> show system uptime Current time: 2009-08-17 11:55:58 UTC Jweb equivalent : Monitor> system Display the Version Information of the Router. Root>show system software Or Root>show version Show interface summary Root> show interfaces terse Jweb equivalent : Monitor > interfaces Display the Interface Root>show interface Root>show interfaces extensive Root>show interface detail
4
Displays per-second real-time statistics for a physical interface Root> monitor interface se-0/0/2 Command prints packet headers to your terminal screen for information sent or received by the Routing Engine Root>monitor traffic interface se-0/0/2 Move connection to another port for testing purpose Root#rename interfaces fe-0/0/0 to fe-0/0/1 (in this example you will move the configuration for fe-0/0/0 to fe-0/0/1) Ruplicate an existing configuration and change a few components. Root#copy interfaces fe-0/0/0 to fe-0/0/1 (we are replicating an existing configuration so we can change a few components) Configuring the Encapsulation on a Physical Interface Root#set interfaces se-0/0/2 encapsulation ppp Show Active Configuration. Root>show configuration or Root>show system rollback 0 or Root#show Jweb equivalent: Configuration > View and Edit > View Configuration Text
5
Show Active Configuration in set display Root # Show | display set Show Active Configuration in xml format Root # Show | display xml show candidate Configuration. Root> show system rollback 2 (Temporary Configuration and becomes active when commit it) Jweb equivalent : Configuration > history Compare Rollback Configuration. Root> show system rollback 0 compare 2 Jweb equivalent : Configuration > history > compare Configure Rollback Configuration. Root#rollback 2 Root#commit Deactivate or Activate configuration. Root#deactivate Anyconfiguration For example Root#deactivate interfaces se-0/0/2 Root#show
6
interfaces{ inactive se-0/0/2{ } Shut down an Interface Root# set interfaces se-0/0/2 disable Root# delete interface se-0/0/2 disable Set Rescue Configuration. Root> request System configuration rescue save (Save Active configuration as rescue configuration) Jweb equivalent : configuration >rescue Commit Rescue Configuration. Root> rollback rescue Or (Reset CONFIG button on the front of j-series router will load and commit the rescue configuration ) Jweb equivalent : Configuration > history (Set rescue configuration) Show Rescue Configuration. Root> Show System configuration rescue Jweb equivalent : Configuration > history (View rescue configuration ) To look how many users are logged in junos Root>show system user
7
To look at files stored in Flash memory Root>show system storage To look at used tcp and udp ports Root>show system connection To look at system license Root>show system license To look at system firmware Root>show system firmware Show chassis component and temperature of cpu Root > show chassis environment Jweb equivalent : Monitor > chassis Show chassis hardware Root > show chassis hardware detail Jweb equivalent : Monitor > chassis Set the password of Root in clear text. Root# set system root-authentication plain-text-password New Password: abc123 Retype new password: abc123
8
Jweb equivalent : Configuration > Quick Configuration > setup Set the password of Root in encrypted text. Root# set system root-authentication encrypted-password abc123 Jweb equivalent : Configuration > Quick Configuration > setup To shutdown and restart the router Root> request system poweroff Root> request system reboot Jweb equivalent : Manage > Reboot To make the router on factory default setting Root # load factory-default warning: activating factory configuration [edit] Root # set system root-authentication plain-text-password New password: abc123 Retype new password: abc123 [edit] Root # commit
9
Assign the IP Address on the Ethernet Interface of the Router.
Configuration Assign the IP Address on the Ethernet Interface of the Router. Root# set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 Root#edit interface fe-0/0/0 Root#Set description "This is the Ethernet management interface" Root#top Root#commit Delete the IP Address on the Ethernet Interface of the Router. Root#delete interface fe-0/0/0 unit 0 family inet address 10.0.0.10/8 Rename the IP Address on the Ethernet Interface of the Router. Root#rename interface fe-0/0/0 unit 0 family inet address 10.0.0.10/8 to 15.0.0.10/8 Jweb equivalent : Configuration > Quick Configuration > interfaces Verifying Command Root> show interfaces Root> show interface terse Root>show interface description Root> show interfaces terse | match fe
10
Assign the IP Address on the Serial Interfaces of the Router.
Configuration Assign the IP Address on the Serial Interface of the Router R1 (DCE). Root# set interfaces se-0/0/2 unit 0 family inet address 15.0.0.1/8 Root# set interfaces se-0/0/2 serial options clocking-mode dce Root# set interfaces se-0/0/2 serial options clock-rate 64.0khz Root# commit Jweb equivalent : Configuration > Quick Configuration > interfaces
Assign the IP Address on the Serial Interface of the Router R2. Root# set interfaces se-0/0/2 unit 0 family inet address 15.0.0.2/8 Root# commit Jweb equivalent : Configuration > Quick Configuration > interfaces Verifying Commands Root> show interfaces Root> show interfaces terse Root> show interfaces terse | match se Root> show interfaces detail se-0/0/2
11
Lab # 2
Accessing Router through Telnet/SSH/HTTP (Telnet/SSH/HTTP between two Routers)
Configuration Configuring telnet on R1. Root@R1# set system services telnet Root@R1# set system services ssh Root@R1# set system login user R1 class super-user authentication plain-text-password Enter password: abc123 Retype password: abc123 Configuring telnet on R2. Root@R2# set system services telnet Root@R2#set system services ssh Root@R1# set system login user R2 class super-user authentication plain-text-password Enter password: abc123 Retype password: abc123 Verifying Commands Root> show system users Root> show configu ration Root# show system
12
Lab # 3
STATIC Routes Diagram
Configuration Configure the Static Route on the Router R1. Root# set routing-options static route 20.0.0.0/8 next-hop 15.0.0.2 Root# commit Jweb equivalent : Configuration > Quick Configuration > routing and protocols Configure the Static Route on the Router R2. Root# set routing-options static route 10.0.0.0/8 next-hop 15.0.0.1 Root# commit
IP Address 15.0.0.1 Se-0/0/2
IP Address 15.0.0.2 Se-0/0/2
R1 WAN IP Address 10.0.0.10
Fe-0/0/0
IP Address 20.0.0.10 Fe-0/0/0
Host A IP Address 10.0.0.1
Host B IP Address 20.0.0.1
R2
13
Jweb equivalent : Configuration > Quick Configuration > routing and protocols Verifying Command Root> show route Root>show route protocol static Root> show configuration Root> show interfaces terse
14
Lab # 4 (i)
Routing Protocol- RIP
Diagram
Configuration Enable the RIP protocol on the Router R1. root@R1# set protocols rip group NAME export policy1 root@R1# set protocols rip group NAME neighbor se-0/0/2 Defining policy : root@R1# set policy-options policy-statement policy1 from protocol direct root@R1#set policy-options policy-statement policy1 then accept Jweb equivalent : Configuration > Quick Configuration > routing and protocols
IP Address 15.0.0.1 Se-0/0/2
IP Address 15.0.0.2 Se-0/0/2
R1 WAN IP Address 10.0.0.10
Fe-0/0/0
IP Address 20.0.0.10 Fe-0/0/0
Host A IP Address 10.0.0.1
Host B IP Address 20.0.0.1
R2
15
Enable the RIP protocol on the Router R2. root@R2# set protocols rip group NAME export policy1 root@R2# set protocols rip group NAME neighbor se-0/0/2 Defining policy : root@R2# set policy-options policy-statement policy1 from protocol direct root@R2#set policy-options policy-statement policy1 then accept Jweb equivalent : Configuration > Quick Configuration > routing and protocols Verifying Command Root>show route Root> show configuration Root> show interfaces terse Root>show route protocol rip
16
Lab # 4 (ii)
Routing Protocol- OSPF (Area 0) Diagram
Configuration Enable the OSPF protocol on the Router R1. Root@R1#set protocols ospf area 0.0.0.0 interface Fe-0/0/0 Root@R1#set protocols ospf area 0.0.0.0 interface Se-0/0/2 Or Root@R1#set protocols ospf area 0.0.0.0 interface all Jweb equivalent : Configuration > Quick Configuration > routing and protocols
IP Address 15.0.0.1 Se-0/0/2
IP Address 15.0.0.2 Se-0/0/2
IP Address 20.0.0.10 Fe-0/0/0
IP Address 10.0.0.10 Fe-0/0/0
Host B IP Address 20.0.0.1
Backbone Area / Area 0
R2 R1 WAN
Host A IP Address 10.0.0.1
17
Enable the OSPF protocol on the Router R2. Root@R2#set protocols ospf area 0.0.0.0 interface Fe-0/0/0 Root@R2#set protocols ospf area 0.0.0.0 interface Se-0/0/2 Or Root@R2#set protocols ospf area 0.0.0.0 interface all Jweb equivalent : Configuration > Quick Configuration > routing and protocols Verifying Commands Root>show route Root>show ospf interface Root>show ospf neighbor Root>show route protocol ospf
18
Lab # 5
Firewall Filtering i.Simple Firewall Filtering
Diagram
IP Address 15.0.0.1
Configuration Make the Firewall Filter on router R1 such that Host ‘A’ can not be accessing the
Web & Ftp Server. Root@R1# set firewall filter FILTER-IN term BLOCK-ALL-PACKETS from source-address 10.0.0.1/32 Root@R1# set firewall filter FILTER-IN term BLOCK-ALL-PACKETS then discard Root@R1# set firewall filter FILTER-IN term ALLOW-OTHERS then accept
Host B IP Address 10.0.0.2
FTP Server
IP Address 20.0.0.2
IP Address 20.0.0.1
WEB Server
Host A IP Address 10.0.0.1
IP Address 10.0.0.10 Fe-0/0/0
IP Address 20.0.0.10
Ft 0Fe-0/0/0
IP Address 15.0.0.2 Serial-0/0/2
IP Address 15.0.0.1 Serial-0/0/2
WAN R1
R2
19
Apply the Firewall Filter on router R1’s Serial Interface. Root@R1#set interface se-0/0/2 unit 0 family inet filter OUTPUT FILTER-IN Verifying commands (Now Host A should not be accessing both Web & FTP
servers. However, Host B should be accessing both Web & FTP Servers) root# show firewall filter FILTER-NAME
20
ii. Advanced Firewall Filtering
Diagram
Configuration Make the Firewall Filtering on router R1 such that Host ‘A’ can not be accessing
the Web Server. Root@R1#set firewall filter protect term DENY-http from source-address10.0.0.1/32 Root@R1#set firewall filter protect term DENY-http from destination-address20.0.0.1/32 Root@R1#set firewall filter protect term DENY-http from protocol tcp Root@R1#set firewall filter protect term DENY-http from destination-port http Root@R1#set firewall filter protect term DENY-http then discard
Host B IP Address 10.0.0.2
FTP Server
IP Address 20.0.0.2
IP Address 20.0.0.1
WEB Server
Host A IP Address 10.0.0.1
IP Address 10.0.0.10 Fe-0/0/0
IP Address 20.0.0.10
Ft 0Fe-0/0/0
IP Address 15.0.0.2 Serial-0/0/2
IP Address 15.0.0.1 Serial-0/0/2
WAN R1
R2
21
Make the Firewall Filtering on router R1 such that Host ‘B’ can not be accessing the Ftp Server. Root@R1#set firewall filter protect term DENY-FTP from source-address10.0.0.2/32 Root@R1#set firewall filter protect term DENY-FTP from destination-address20.0.0.2/32 Root@R1#set firewall filter protect term DENY-FTP from protocol tcp Root@R1#set firewall filter protect term DENY- FTP from destination-port FTP Root@R1#set firewall filter protect term DENY-FTP then discard Root@R1#set firewall filter protect term PERMIT-ALL then accept Apply the Firewall Filtering on router R1’s Ethernet Interface. Root@R1#set interface fe-0/0/0 unit 0 family inet filter input protect Verifying commands (Now Host A should not be accessing Web server & Host B
should not be accessing both FTP server). root# show firewall filter FILTER-NAME
22
Lab # 6
Port Address Translation (PAT)
Diagram
Configuration Configuring Sp interface Root#set interfaces sp-0/0/0 unit 0 family inet Defining Nat Pool Root#set services nat pool global-out address 15.0.0.11/32 Root#set services nat pool global-out port automatic Defining Nat rule Root#set services nat rule nat-out match-direction output Root#set services nat rule nat-out term nat-with-alg from application-sets junos-algs-outbound
IP Address 15.0.0.1 Serial 0/0/2
IP Address 15.0.0.2 Serial 0/0/2
R1 WAN IP Address 10.0.0.10
Fe-0/0/0 IP Address 20.0.0.10 Fe-0/0/0
IP Address 20.0.0.1
Host B IP Address 10.0.0.2
IP Address 20.0.0.2
FTP Server
WEB Server
NAT Translation Table Of
R1 10.0.0.1 15.0.0.11 10.0.0.2 15.0.0.11
Host A IP Address 10.0.0.1
R2
23
Root#set services nat rule nat-out term nat-with-alg then translated source-pool global-out Root#set services nat rule nat-out term nat-with-alg then translated translation-type source dynamic Create service set Root#set services service-set nat-ss nat-rules nat-out Root#set services service-set nat-ss interface-service service-interface sp-0/0/0.0 Apply service set to nat interface Root#set interfaces se-0/0/2 unit 0 family inet service input service-set nat-ss Root#set interfaces se-0/0/2 unit 0 family inet service output service-set nat-ss Verifying commands Root>sh services nat pool Root >sh services nat pool detail Root >clear services stateful-firewall flows
24
Lab #7
Configuring VRRP
Configuration Configuration of Vrrp on Router A Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1 virtual-address 10.0.0.5
L0 15.0.0.1
L0 15.0.0.1
Virtual Router 10.0.0.5
J2300
J2300
10.0.0.20
10.0.0.10
VRRP GROUP
1
Host A IP Address 10.0.0.1
25
Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1 priority 200 Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1 accept-data Root#set interfaces lo0 unit 0 family inet address 15.0.0.1/32
Configuration of Vrrp on Router B
Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.20/8 vrrp-group 1 virtual-address 10.0.0.5 Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.20/8 vrrp-group 1 priority 100 Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.20/8 vrrp-group 1 accept-data Root#set interfaces lo0 unit 0 family inet address 15.0.0.1/32
Verifying Commands Root>show vrrp Root>show vrrp interface fe-0/0/0
26
Lab # 8
Inter-VLAN Routing
Configuration
Switch Switch(config)#vlan 10 Switch(config-vlan)#name vlan-10 Switch(config)#vlan 20 Switch(config-vlan)#name vlan-10
Vlan 10 Vlan 20
Host A 10.0.0.1/8 10.0.0.10
Host B 20.0.0.1/8 20.0.0.10
Fa 0/24
Fa 0/1 Fa 0/11
Fe-0/0/0.10 10.0.0.10 / 8
Fe-0/0/0.20 20.0.0.10 / 8
Fe-0/0/0
J2300
2950
27
Switch(config)#interface range fastEthernet 0/1 - 10 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 10 Switch(config)#interface range fastEthernet 0/11 - 20 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 20 Switch(config)#interface fastEthernet 0/24 Switch(config-if)#switchport mode trunk Router Root#set interfaces fe-0/0/0 vlan-tagging Root #set interfaces fe-0/0/0 unit 10 vlan-id 10 Root #set interfaces fe-0/0/0 unit 10 family inet address 10.0.0.10/8 Root #set interfaces fe-0/0/0 unit 20 vlan-id 20 Root #set interfaces fe-0/0/0 unit 20 family inet address 20.0.0.10/8 Verifying Command root# show interfaces fe-0/0/0 root# show interfaces fe-0/0/0 | display set
28
Lab # 9
Configuring Juniper Router as a Dhcp Server
Configuration Step 1: On Router Create & Configure Dhcp Root#set system services dhcp pool 10.0.0.0/8 Root#set system services dhcp pool 10.0.0.0/8 router 10.0.0.10 Root#set system services dhcp pool 10.0.0.0/8 address-range low 10.0.0.1 high 10.0.0.12
Host A
Host B
Fe-0/0/0 10.0.0.10 J2300
29
On Router reserve address (10.0.0.5) by excluding from dhcp pool Root#set system services dhcp pool 10.0.0.0/8 exclude-address 10.0.0.5 Jweb equivalent : Configuration > Quick Configuration > dhcp Verifying Commands Root>show system services dhcp binding
30
Lab #10
MLPPP
Configuration Configuration of mlppp on router A. Root# set interfaces ls-0/0/0 unit 0 family inet add 15.0.0.1/8 Root# set interfaces se-0/0/2 unit 0 family mlppp bundle ls-0/0/0.0 Root# set interfaces se-0/0/3 unit 0 family mlppp bundle ls-0/0/0.0 Configuration of mlppp on router B. Root# set interfaces ls-0/0/0 unit 0 family inet add 15.0.0.2/8 Root# set interfaces se-0/0/2 unit 0 family mlppp bundle ls-0/0/0.0 Root# set interfaces se-0/0/3 unit 0 family mlppp bundle ls-0/0/0.0
Verifying Command Root> show interfaces ls-0/0/0
J2300 J2300
IP Address 15.0.0.2 Ls-0/0/0
IP Address 15.0.0.1 Ls-0/0/0
31
Lab #11
Password Recovery
Configuration First Press Power ON Button reboot your router when below line appear press space bar Hit [Enter] to boot immediately, or space bar for command prompt. Booting [kernel] in 1 second... Type boot –s at below prompt Type '?' for a list of commands, 'help' for more detailed help. Ok boot -s Type recovery at below prompt Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery CLI prompt Appear Starting CLI ... root> Type Configure and Set Root authentication Password Root>configure Root#set system root-authentication plain-text-password New password:******* Retype new password:*******
32
Type commit to load configuration Root#commit Root# exit Type Exit to reboot the Router root> exit Reboot the system? [y/n] yes
33
Lab # 12
PPP AUTHENTICATION- CHAP Diagram
Configuration CHAP Authentication Configuration for Router R1. Root#set system host-name R1 Root@R1#set system root-authentication encrypted-password abc123 Root@R1#set interfaces se-0/0/2 encapsulation ppp Root@R1#set interfaces se-0/0/2 ppp-options chap default-chap-secret abc123 Root@R1#set interfaces se-0/0/2 ppp-options chap local-name R1 CHAP Authentication Configuration for Router R2. Root#set system host-name R2 Root@R2#set system root-authentication encrypted-password abc123 Root@R2#set interfaces se-0/0/2 encapsulation ppp Root@R2#set interfaces se-0/0/2 ppp-options chap default-chap-secret abc123 Root@R2#set interfaces se-0/0/2 ppp-options chap local-name R2 Verifing Commands : Root > show interface terse Root > show interface se-0/0/2
IP Address 15.0.0.1 Se-0/0/2
IP Address 15.0.0.2 Se-0/0/2
R2 R1
WAN
