Академический Документы
Профессиональный Документы
Культура Документы
Lab Guide
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has
no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an
agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and
agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper
Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should
consult the software license for further details.
Document Conventions
CLI and GUI Text
Frequently throughout this course, we refer to text that appears in a command-line interface (CLI) or a graphical user
interface (GUI). To make the language of these documents easier to read, we distinguish GUI and CLI text from standard
text according to the following table.
Style
Description
Usage Example
Franklin Gothic
Normal text.
Courier New
Console text:
Screen captures
Noncommand-related syntax
commit complete
Exiting configuration mode
Description
Usage Example
Normal CLI
No distinguishing variant.
Normal GUI
CLI Input
GUI Input
Description
Usage Example
CLI Variable
policy my-peers
GUI Variable
CLI Undefined
GUI Undefined
www.juniper.net
ping 10.0.x.y
Select File > Save, and type filename in
the Filename field.
Document Conventions v
vi Document Conventions
www.juniper.net
Contents
Lab 0:
Lab 1:
0-2
0-2
0-3
0-7
Lab 2:
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Part 1:SNMP Trap Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 2:SNMP Communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 3:Setting SNMP Contact Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 4:SNMP Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 5:SNMP RMON and Health-Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 6:SNMP Health-Monitoring Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Lab 3:
2-1
2-2
2-3
2-4
2-6
2-8
www.juniper.net
3-2
3-4
3-5
3-7
3-9
www.juniper.net
Lab 0
Introduction to the Juniper Networks Virtual Lab
Overview
Lab 0 describes the basic procedures for accessing the Juniper Networks Virtual Lab (vLab)
environment using a standard Web browser.
The vLabs help partners receive hands-on training through a virtual portal which is available
24 hours a day, 7 days a week. This is not a simulator, but live equipment to promote learning
and development for interested partners in association with the Juniper Networks Partner
Learning Academy.
The vLab exercises assist a student in becoming proficient at installing, configuring, and
troubleshooting Juniper products. The time needed to complete each course track and the
associated virtual lab exercises will vary. You will need your Juniper partner login to access the
virtual lab website.
Once logged in, access is granted on a first come, first served basis. The system will check to
see if the selected vLab has a lab environment available. If a vLab environment for the selected
lab is available, access is granted. If a vLab environment for the selected vLab is not available,
you will be asked to try again later. The vLabs are also available for dedicated instructor-led
courses on an as-needed basis.
Each of the vLab environments is duplicated multiple times, making it more likely that a vLab
environment will be available for you to use.
Note
We recommend that you read through Lab 0 prior to
starting your lab. The guide provides important
information regarding accessing the lab
environment and the lab exercises. Lab 0 is the
same for all vLabs.
Once you have successfully logged in, you will be presented with the Course Management
homepage, which will look similar to the image shown below.
Step 3.1
A RESERVE window which displays the time reserved for you to complete the lab exercises
(SCHEDULE field) will appear. The selected lab name is also displayed (NAME field). The
allotted time (typically 2 or 3 hours) should be more than adequate to complete the exercises,
but you can set the SCHEDULE time to a maximum of 4 hours if needed. The COURSE field
provides a drop down menu in case you want to select a different course.
Click the Reserve button to enter the lab environment for the selected lab.
Step 3.2
The lab environment for the course you selected will be displayed, similar to the image shown
below. The lab environment displays the main devices (represented as tiles) that comprise the
lab. The example below shows two tiles representing the MX Series routers in this particular
lab (mx1 and mx2), along with a virtual router tile (vr-device), and their associated
management IP addresses.
The initial configuration loaded on the devices is a base configuration needed to begin the
particular lab you have selected. Upon first entering the lab environment, a brief setup process
will initiate. The green Active icon on the blue menu bar will change to Setup and then back to
Active to signify the lab is ready to use.
Once you are on this lab environment page and setup is finished, you can begin the lab
exercises available in the lab guide for the selected course (you should begin with Lab 1 and
sequentially work through the lab exercises). A timer in the blue menu bar will show you how
much time you have left in your reservation to complete the lab exercises.
Step 3.3
When you are ready to leave the lab environment, click the END icon located on the right side
of the blue menu bar, as shown in the image below. The environment will go into a Teardown
process. You can leave the lab environment page while the Teardown process is occurring.
Step 3.4
Confirm your intent to leave the lab environment by clicking OK in the pop-up window that
appears.
Step 3.5
Upon clicking OK, the lab environment will begin the configuration teardown/reset process,
your reservation timer will end, and the lab environment you were using will be released.
The Course Management menu in the upper left of the screen provides a drop down menu so
that you can return to the Courses page if you want to start another course, or you can go to
the Reservations page. The Reservations page, shown in the first image below, shows a history
of the vLabs you have accessed.
You can logout of the Virtual Lab site from either the Course Management, Reservations, or lab
environment pages by clicking on your user name in the upper right of the screen and selecting
Logoff from the drop down menu, as shown in the second image below.
STOP
Lab 1
Getting Started
Overview
This lab will demonstrate how to begin the actual setup of your Junos OS device with the
basic settings, including the base system, user accounts, remote access, and interfaces.
By completing this lab, you will perform the following tasks:
www.juniper.net
Step 1.2
A new tab, displaying the CLI for SRX1, will open in the browser. You might have to
press Enter once to display the prompt. Do not close any tabs until instructed to do
so.
Log in as user lab with the password lab123.
login: lab
Password:
--- JUNOS 12.1X44-D35 built 2014-05-19 21:36:43 UTC
lab@srxA-1>
www.juniper.net
Step 2.1
Enter into configuration mode by issuing the configure command.
lab@srxA-1> configure
Entering configuration mode
Step 2.2
Issue the set system ? command to view the system hierarchy completions. Tap
the spacebar to continue the screen display back to the command prompt.
[edit]
lab@srxA-1# set system ?
Possible completions:
> accounting
System accounting configuration
allow-v4mapped-packets Allow processing for packets with V4 mapped address
+ apply-groups
Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> archival
System archival management
> arp
ARP settings
+ authentication-order Order in which authentication methods are invoked
> auto-configuration
> autoinstallation
Autoinstallation configuration
> backup-router
IPv4 router to use while booting
> commit
Configuration commit management
compress-configuration-files Compress the router configuration files
default-address-selection Use system address for locally originated traffic
> diag-port-authentication Authentication for the diagnostic port
domain-name
Domain name for this router
+ domain-search
List of domain names to search
dump-device
Device to record memory snapshots on operating system
failure
> dynamic-profile-options Dynamic profile options
encrypt-configuration-files Encrypt the router configuration files
> extensions
Configuration for extensions to JUNOS
> fips
FIPS configuration
host-name
Hostname for this router
> inet6-backup-router IPv6 router to use while booting
> internet-options
Tunable options for Internet operation
> kernel-replication
Kernel replication
> license
License information for the router
> location
Location of the system, in various forms
> login
Names, login classes, and passwords for users
max-configuration-rollbacks Number of rollback configuration files (0..49)
max-configurations-on-flash Number of configuration files stored on flash
> name-server
DNS name servers
nd-maxmcast-solicit Set Maximum multicast solicit
nd-retrasmit-timer
Set retransmit timer
no-compress-configuration-files Don't compress the router configuration files
no-multicast-echo
Disable ICMP echo on multicast addresses
no-neighbor-learn
Disable neighbor address learning
no-ping-record-route Do not insert IP address in ping replies
no-ping-time-stamp
Do not insert time stamp in ping replies
no-redirects
Disable ICMP redirects
no-saved-core-context Don't save context information for core files
> ntp
Network Time Protocol services
www.juniper.net
>
>
>
>
>
>
>
>
>
>
>
>
>
>
www.juniper.net
lab@srxA-1#
Note
Step 4.2
Issue the run show interfaces lo0 command to check the interface state.
lab@srxA-1# run show interfaces lo0
Physical interface: lo0, Enabled, Physical link is Up
Interface index: 6, SNMP ifIndex: 6
Type: Loopback, MTU: Unlimited
Device flags
: Present Running Loopback
Interface flags: SNMP-Traps
Link flags
: None
Last flapped
: Never
Input packets : 50548
Output packets: 50548
Logical interface lo0.0 (Index 66) (SNMP ifIndex 16)
Flags: SNMP-Traps Encapsulation: Unspecified
Input packets : 0
Output packets: 0
Security: Zone: trust
Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp
ospf ospf3 pgm pim rip ripng router-discovery rsvp sap vrrp dhcp finger ftp
tftp ident-reset http https ike netconf ping reverse-telnet reverse-ssh
rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl
lsping ntp sip dhcpv6 r2cp
Protocol inet, MTU: Unlimited
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Default Is-Primary
Local: 192.168.1.1
Logical interface lo0.16384 (Index 65) (SNMP ifIndex 21)
Flags: SNMP-Traps Encapsulation: Unspecified
Input packets : 0
Output packets: 0
Security: Zone: trust
Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp
ospf ospf3 pgm pim rip ripng router-discovery rsvp sap vrrp dhcp finger ftp
tftp ident-reset http https ike netconf ping reverse-telnet reverse-ssh
rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl
lsping ntp sip dhcpv6 r2cp
Protocol inet, MTU: Unlimited
Flags: None
Addresses
Local: 127.0.0.1
Logical interface lo0.16385 (Index 67) (SNMP ifIndex 22)
Flags: SNMP-Traps Encapsulation: Unspecified
Input packets : 50548
Output packets: 50548
Security: Zone: trust
Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp
ospf ospf3 pgm pim rip ripng router-discovery rsvp sap vrrp dhcp finger ftp
tftp ident-reset http https ike netconf ping reverse-telnet reverse-ssh
rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl
lsping ntp sip dhcpv6 r2cp
Protocol inet, MTU: Unlimited
Lab 16 Getting Started
www.juniper.net
Flags: None
Addresses, Flags: Is-Default Is-Primary
Local: 10.0.0.1
Addresses
Local: 10.0.0.16
Addresses
Local: 128.0.0.1
Addresses
Local: 128.0.0.4
Addresses
Local: 128.0.1.16
Logical interface lo0.32768 (Index 64) (SNMP ifIndex 248)
Flags: Encapsulation: Unspecified
Input packets : 0
Output packets: 0
Security: Zone: null
www.juniper.net
Step 6.1
Issue the exit command to exit from configuration mode into operational mode.
lab@srxA-1# exit
Exiting configuration mode
lab@srxA-1>
www.juniper.net
Step 6.2
Issue the set date command to set the date and time for your Junos device.
Note
Answer: YYYYMMDDhhmm.ss.
Step 7.2
Issue the set interfaces ge-0/0/14 unit 0 family inet address
command to configure the interface address with 172.23.24.100/24 as the
specified IP address.
[edit]
lab@srxA-1# set interfaces ge-0/0/14 unit 0 family inet address 172.23.24.100/24
Step 7.3
Issue the show interfaces ge-0/0/14 command to check validity of the
interface address.
[edit]
lab@srxA-1# show interfaces ge-0/0/14
unit 0 {
family inet {
address 172.23.24.100/24;
}
}
www.juniper.net
Step 7.4
Issue the commit command to set the configuration into memory.
[edit]
lab@srxA-1# commit
commit complete
Issue the show interfaces terse command in operational mode to verify the
interface configuration.
lab@srxA-1> show interfaces terse
Interface
Admin Link
ge-0/0/0
up
up
ge-0/0/0.0
up
up
gr-0/0/0
up
up
ip-0/0/0
up
up
lsq-0/0/0
up
up
lt-0/0/0
up
up
mt-0/0/0
up
up
sp-0/0/0
up
up
sp-0/0/0.0
up
up
sp-0/0/0.16383
up
up
ge-0/0/1
ge-0/0/2
ge-0/0/3
ge-0/0/4
ge-0/0/5
ge-0/0/6
ge-0/0/7
ge-0/0/8
Lab 110 Getting Started
up
up
up
up
up
up
up
up
Proto
Local
inet
10.210.41.131/27
inet
inet
10.0.0.1
10.0.0.6
128.0.0.1
128.0.0.6
Remote
-->
-->
-->
-->
10.0.0.16
0/0
128.0.1.16
0/0
up
up
up
up
down
up
up
up
www.juniper.net
ge-0/0/9
ge-0/0/10
ge-0/0/11
ge-0/0/12
ge-0/0/13
ge-0/0/14
ge-0/0/14.0
ge-0/0/15
fxp2
fxp2.0
gre
ipip
irb
lo0
lo0.16384
lo0.16385
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
down
down
down
down
down
up
up
up
up
up
up
up
up
lo0.32768
lsi
mtun
pimd
pime
pp0
ppd0
ppe0
st0
tap
vlan
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
inet
172.23.24.100/24
tnp
0x1
inet
inet
127.0.0.1
10.0.0.1
10.0.0.16
128.0.0.1
128.0.0.4
128.0.1.16
-->
-->
-->
-->
-->
-->
0/0
0/0
0/0
0/0
0/0
0/0
www.juniper.net
Step 8.2
Issue the edit system login command to create the login.
[edit]
lab@srxA-1# edit system login
Step 8.3
Issue the edit user jadmin command to add a new user with the username
jadmin.
[edit system login]
lab@srxA-1# edit user jadmin
Step 8.4
Issue the set full-name command.
[edit system login user jadmin]
lab@srxA-1# set full-name "Juniper Network Administrator"
Note
Step 8.6
Issue the set class super-user to specify the login class for the user.
[edit system login user jadmin]
lab@srxA-1# set class super-user
www.juniper.net
Step 8.7
Issue the commit command to save your current configuration to memory.
[edit system login user jadmin]
lab@srxA-1# commit
commit complete
Step 9.2
Issue the show system services command to check systems services that
are currently enabled
[edit]
lab@srxA-1# show system services
ssh;
telnet;
Step 9.3
Issue the set system services ftp command to enable ftp on the Junos
system.
[edit]
lab@srxA-1# set system services ftp
Step 9.4
Issue the show system services command to verify that ftp is now listed as
an enabled service.
[edit]
lab@srxA-1# show system services
ftp;
ssh;
telnet;
Step 9.5
Commit the configuration to save your work to memory in the Junos system.
[edit]
lab@srxA-1# commit
commit complete
[edit]
www.juniper.net
lab@srxA-1#
STOP
You have completed Lab 1. Please return to the course and complete
the next section before proceeding to Lab 2.
www.juniper.net
Lab 2
SNMP
Overview
Successful network administrators have the ability and tools to determine where and
when a network failure is occurring. Juniper Networks offers the user the ability to monitor
various facets of system health through the use of the SNMP.
By completing this lab, you will perform the following tasks:
Step 1.2
Issue the set snmp trap-group link-failure categories authentication
chassis link command to create the authentication, chassis, and link
categories.
[edit]
lab@srxA-1# set snmp trap-group link-failure categories authentication chassis
link
www.juniper.net
SNMP Lab 21
11.4R1.6
Step 1.3
Issue the set snmp trap-group link-failure target 172.23.10.100
command to set the target of 172.23.10.100.
[edit]
lab@srxA-1# set snmp trap-group link-failure targets 172.23.10.100
Step 1.4
Issue the show snmp command to verify your work.
[edit]
lab@srxA-1# show snmp
trap-group link-failure {
categories {
authentication;
chassis;
link;
}
targets {
172.23.10.100;
}
}
Step 1.5
Issue the commit command to save the current configuration.
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
www.juniper.net
[edit]
lab@srxA-1# show snmp
community limit-manager {
clients {
1.2.3.4/32;
}
}
trap-group link-failure {
categories {
authentication;
chassis;
link;
}
targets {
172.23.10.100;
}
}
Step 3.3
Issue the set snmp description SRX240 command to set the set the SNMP
description.
[edit]
lab@srxA-1# set snmp description SRX240
Step 3.4
Issue the show snmp command to verify your work.
www.juniper.net
SNMP Lab 23
[edit]
lab@srxA-1# show snmp
description SRX240;
location "ADOC Second Floor Rack 2-B";
contact "Anglos G McGillicudy";
community limit-manager {
clients {
1.2.3.4/32;
}
}
trap-group link-failure {
categories {
authentication;
chassis;
link;
}
targets {
172.23.10.100;
}
}
Lab 24 SNMP
www.juniper.net
[edit]
lab@srxA-1# set snmp view PING-OID oid 1.3.6.1.2.1.80 include
Note
Step 4.3
Issue the show snmp command to verify your work.
[edit]
lab@srxA-1# show snmp
description SRX240;
location "ADOC Second Floor Rack 2-B";
contact "Anglos G McGillicudy";
view PING-OID {
oid 1.3.6.1.2.1.80 include;
}
community limit-manager {
view PING-OID;
clients {
1.2.3.4/32;
}
}
trap-group link-failure {
categories {
authentication;
chassis;
link;
}
targets {
172.23.10.100;
}
}
Step 4.4
Issue the commit command to save the configuration.
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
www.juniper.net
SNMP Lab 25
Step 5.2
Issue the set snmp health-monitor rising-threshold 80 command to set
the rising threshold to 80. This will be used to check monitored objects.
[edit]
lab@srxA-1# set snmp health-monitor rising-threshold 80
Step 5.3
Issue the set snmp health-monitor falling-threshold 70 command to set
the falling threshold to 70. This will be used to check monitored objects.
[edit]
lab@srxA-1# set snmp health-monitor falling-threshold 70
Step 5.4
Issue the show snmp command to verify your work.
[edit]
lab@srxA-1# show snmp
description SRX240;
location "ADOC Second Floor Rack 2-B";
contact "Anglos G McGillicudy";
view PING-OID {
oid 1.3.6.1.2.1.80 include;
}
community limit-manager {
view PING-OID;
clients {
1.2.3.4/32;
}
}
trap-group link-failure {
categories {
authentication;
chassis;
link;
}
targets {
172.23.10.100;
Lab 26 SNMP
www.juniper.net
}
}
health-monitor {
interval 3600;
rising-threshold 80;
falling-threshold 70;
}
Step 5.5
Issue the commit command to save the configuration.
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Step 5.6
Issue the run show snmp health-monitor command to see what objects are
being monitored for health using the new configuration.
[edit]
lab@srxA-1# run show snmp health-monitor
Alarm
Index
Variable description
Value State
26 active
0 active
11 active
0 object not available
58 active
1 active
47504
36612
48492
45912
9848
active
active
active
active
active
SNMP Lab 27
11544 active
9880 active
8244 active
18652 active
8968 active
10800 active
www.juniper.net
[edit]
lab@srxA-1# show snmp
description SRX240;
location "ADOC Second Floor Rack 2-B";
contact "Anglos G McGillicudy";
view PING-OID {
oid 1.3.6.1.2.1.80 include;
}
community limit-manager {
view PING-OID;
clients {
1.2.3.4/32;
}
}
trap-group link-failure {
categories {
authentication;
chassis;
link;
}
targets {
172.23.10.100;
}
}
health-monitor {
interval 3600;
rising-threshold 80;
falling-threshold 70;
}
Step 6.3
Issue the run show snmp health-monitor logs command to see the logs
triggered under show snmp health-monitor logs.
[edit]
lab@srxA-1# run show snmp health-monitor logs
Note
Step 6.5
Issue the set snmp health-monitor falling-threshold 10 command to set
the falling threshold to 10.
www.juniper.net
SNMP Lab 29
[edit]
lab@srxA-1# set snmp health-monitor falling-threshold 10
Step 6.6
Issue the set snmp health-monitor interval 1 to set the heath-monitor
interval to 1.
[edit]
lab@srxA-1# set snmp health-monitor interval 1
Step 6.7
Issue the commit command to save the configuration.
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Step 6.8
Issue the run show snmp health-monitor logs command to see the logs
triggered under show snmp health-monitor logs.
[edit]
lab@srxA-1# run show snmp health-monitor logs
Event Index: 32768
Description: Health Monitor: root file system utilization crossed rising
threshold 20 (value: 26), (variable:
jnxHrStoragePercentUsed.1)
Time: 2012-07-13 13:07:40 UTC
Description: Health Monitor: RE 0 memory utilization crossed rising
threshold 20 (value: 57), (variable:
jnxOperatingBuffer.9.1.0.0)
Time: 2012-07-13 13:07:48 UTC
Description: Health Monitor: jkernel daemon memory usage (IDP policy
daemon) crossed rising threshold 52428 (value: 55384),
(variable: sysApplElmtRunMemory.3.124.1201)
Time: 2012-07-13 13:07:57 UTC
Step 6.9
Issue the run show log messages | match health command to compare the
differences in the system log messages.
[edit]
lab@srxA-1# run show log messages | match health
Jul 13 12:48:21 srxA-1 mgd[7738]: UI_CFG_AUDIT_OTHER: User 'lab' set: [snmp
health-monitor]
Jul 13 12:48:21 srxA-1 mgd[7738]: UI_CFG_AUDIT_SET: User 'lab' set: [snmp
health-monitor interval] <unconfigured> -> "3600"
Jul 13 12:48:21 srxA-1 mgd[7738]: UI_CMDLINE_READ_LINE: User 'lab', command
'set snmp health-monitor interval 3600 '
Jul 13 12:48:31 srxA-1 mgd[7738]: UI_CFG_AUDIT_SET: User 'lab' set: [snmp
health-monitor rising-threshold] <unconfigured> -> "80"
Jul 13 12:48:31 srxA-1 mgd[7738]: UI_CMDLINE_READ_LINE: User 'lab', command
'set snmp health-monitor rising-threshold 80 '
Lab 210 SNMP
www.juniper.net
www.juniper.net
STOP
You have completed Lab 2. Please return to the course and complete
the next section before proceeding to Lab 3.
www.juniper.net
Lab 3
Configuration Commands and Related Shortcuts
Overview
This lab focuses on various techniques that can save Network Administrators time and
effort when configuring and modifying configurations in the command-line interface (CLI).
These techniques provide a way to easily reuse configuration statements set up in other
parts of the configuration and even on other Junos devices. These shortcuts can not only
speed up configuration editing, but can also help to reduce errors associated with
repetitive command entry.
By completing this lab, you will perform the following tasks:
www.juniper.net
Step 1.2
Issue the show interfaces ge-0/0/7 to view complete interface details.
lab@srxA-1# show interfaces ge-0/0/7
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
Step 1.3
Issue the show interfaces ge-0/0/7 | display set command to display
the command used to configure the ge-0/0/7 interface.
[edit]
lab@srxA-1# show interfaces ge-0/0/7 | display set
set interfaces ge-0/0/7 unit 0 family inet address 172.23.11.100/24
Step 1.4
Issue the show interfaces ge-0/0/6 command to show interface settings.
[edit]
lab@srxA-1# show interfaces ge-0/0/6
[edit]
lab@srxA-1#
www.juniper.net
Step 1.6
Issue the show interfaces ge-0/0/6 command to verify that the rename
command worked.
[edit]
lab@srxA-1# show interfaces ge-0/0/6
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
Step 1.8
Issue the show interfaces ge-0/0/4 command to view the ge-0/0/4
interface.
[edit]
lab@srxA-1# show interfaces ge-0/0/4
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
Step 1.9
Issue the replace pattern ge-0/0/4 with ge-0/0/5 command to
replace a pattern of configuration statements from ge-0/0/4 to ge-0/0/5.
[edit]
lab@srxA-1# replace pattern ge-0/0/4 with ge-0/0/5
Step 1.10
Issue the show interfaces ge-0/0/5 command to confirm that the replace
command was successful.
[edit]
lab@srxA-1# show interfaces ge-0/0/5
unit 0 {
family inet {
address 172.23.11.100/24;
www.juniper.net
}
}
Step 2.2
Issue the show command to illustrate that the groups hierarchy level is currently
empty.
[edit groups]
lab@srxA-1# show
Step 2.3
Issue the edit set-speed-and-duplex command to create the
set-speed-and-duplex group.
[edit groups]
lab@srxA-1# edit set-speed-and-duplex
Step 2.4
Issue the set interfaces <ge-0/0/*> link-mode full-duplex
command.
Note
Step 2.5
Issue the set interfaces <ge-0/0/*> speed 100m command.
[edit groups set-speed-and-duplex]
lab@srxA-1# set interfaces <ge-0/0/*> speed 100m
www.juniper.net
Step 2.6
Issue the show command to show the interface and group setup.
[edit groups set-speed-and-duplex]
lab@srxA-1# show
interfaces {
<ge-0/0/*> {
speed 100m;
link-mode full-duplex;
}
}
Step 3.2
Issue the edit interfaces command to enter the edit interfaces hierarchy
level.
[edit]
lab@srxA-1# edit interfaces
Step 3.3
Issue the set apply-groups set-speed-and-duplex command.
[edit interfaces]
lab@srxA-1# set apply-groups set-speed-and-duplex
Step 3.4
Issue the show command.
[edit interfaces]
lab@srxA-1# show
apply-groups set-speed-and-duplex;
ge-0/0/0 {
description "MGMT Interface - DO NOT DELETE";
unit 0 {
family inet {
address 10.210.41.131/27;
}
}
}
ge-0/0/5 {
unit 0 {
family inet {
address 172.23.11.100/24;
www.juniper.net
}
}
}
ge-0/0/6 {
unit 0 {
family inet
address
}
}
}
ge-0/0/14 {
unit 0 {
family inet
address
}
}
}
lo0 {
unit 0 {
family inet
address
}
}
}
{
172.23.11.100/24;
{
172.23.24.100/24;
{
127.0.0.1/32;
Step 3.5
Issue the show | display inheritance command to see what has been
inherited.
[edit interfaces]
lab@srxA-1# show | display inheritance
ge-0/0/0 {
description "MGMT Interface - DO NOT DELETE";
##
## '100m' was inherited from group 'set-speed-and-duplex'
##
speed 100m;
##
## 'full-duplex' was inherited from group 'set-speed-and-duplex'
##
link-mode full-duplex;
unit 0 {
family inet {
address 10.210.41.131/27;
}
}
}
ge-0/0/5 {
##
## '100m' was inherited from group 'set-speed-and-duplex'
##
speed 100m;
##
## 'full-duplex' was inherited from group 'set-speed-and-duplex'
##
Lab 36 Configuration Commands and Related Shortcuts
www.juniper.net
link-mode full-duplex;
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
}
ge-0/0/6 {
##
## '100m' was inherited from group 'set-speed-and-duplex'
##
speed 100m;
##
## 'full-duplex' was inherited from group 'set-speed-and-duplex'
##
link-mode full-duplex;
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
}
ge-0/0/14 {
##
## '100m' was inherited from group 'set-speed-and-d
uplex'
##
speed 100m;
##
## 'full-duplex' was inherited from group 'set-spee
d-and-duplex'
##
link-mode full-duplex;
unit 0 {
family inet {
address 172.23.24.100/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 127.0.0.1/32;
}
}
}
www.juniper.net
Step 4.1
Issue the set ge-0/0/1 description "Exclude Me From Group"
command.
[edit interfaces]
lab@srxA-1# set ge-0/0/1 description "Exclude Me From Group"
Step 4.2
Issue the set ge-0/0/1 unit 0 family ethernet-switching
command.
[edit interfaces]
lab@srxA-1# set ge-0/0/1 unit 0 family ethernet-switching
Step 4.3
Issue the set ge-0/0/1 apply-groups-except
set-speed-and-duplex command.
[edit interfaces]
lab@srxA-1# set ge-0/0/1 apply-groups-except set-speed-and-duplex
Step 4.4
Issue the show command to see the ge-0/0/1 interface notation commands.
[edit interfaces]
lab@srxA-1# show
apply-groups set-speed-and-duplex;
ge-0/0/0 {
description "MGMT Interface - DO NOT DELETE";
unit 0 {
family inet {
address 10.210.41.131/27;
}
}
}
ge-0/0/1 {
apply-groups-except set-speed-and-duplex;
description "Exclude Me From Group";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/5 {
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
}
ge-0/0/6 {
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
Lab 38 Configuration Commands and Related Shortcuts
www.juniper.net
}
ge-0/0/14 {
unit 0 {
family inet
address
}
}
}
lo0 {
unit 0 {
family inet
address
}
}
}
{
172.23.24.100/24;
{
127.0.0.1/32;
Step 5.2
Issue the set interfaces ge-0/0/12 unit 0 family inet address
172.23.22.100/24 command to add the IP address 172.23.22.100/24 to
interface ge-0/0/12.
[edit]
lab@srxA-1# set interfaces ge-0/0/12 unit 0 family inet address 172.23.22.100/24
Step 5.3
Issue the set interfaces ge-0/0/13 unit 0 family inet address
172.23.23.100/24 command to add the IP address 172.23.23.100/24 to
interface ge-0/0/13..
[edit]
lab@srxA-1# set interfaces ge-0/0/13 unit 0 family inet address 172.23.23.100/24
Step 5.4
Issue the show interfaces command to verify the interfaces were successfully
added.
[edit]
lab@srxA-1# show interfaces
apply-groups set-speed-and-duplex;
ge-0/0/0 {
description "MGMT Interface - DO NOT DELETE";
unit 0 {
family inet {
www.juniper.net
address 10.210.41.131/27;
}
}
}
ge-0/0/1 {
apply-groups-except set-speed-and-duplex;
description "Exclude Me From Group";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/5 {
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
}
ge-0/0/6 {
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
}
ge-0/0/12 {
unit 0 {
family inet {
address 172.23.22.100/24;
}
}
}
ge-0/0/13 {
unit 0 {
family inet {
address 172.23.23.100/24;
}
}
}
ge-0/0/14 {
unit 0 {
family inet {
address 172.23.24.100/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 127.0.0.1/32;
}
}
}
www.juniper.net
Step 5.5
Issue the commit command to save the changes to the configuration.
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#
Step 5.6
Issue the save /var/tmp/lab3.config command to archive this
configuration file. The files will be stored in /var/tmp/file name. The file name
that was used in this case is lab3.cfg.
[edit]
lab@srxA-1# save /var/tmp/lab3.config
Wrote 142 lines of configuration to '/var/tmp/lab3.config'
Note
Step 5.8
Issue the commit and-quit command to complete the loading of the new
configuration file.
[edit]
lab@srxA-1# commit and-quit
commit complete
Step 5.9
You can issue the show configuration command from operational mode to
confirm the new interface additions are in the configuration file.
lab@srxA-1> show configuration
## Last commit: 2012-07-13 13:58:23 UTC by lab
version 12.1X44-D35.5;
groups {
set-speed-and-duplex {
interfaces {
<ge-0/0/*> {
speed 100m;
www.juniper.net
link-mode full-duplex;
}
}
}
}
system {
host-name srxA-1;
root-authentication {
encrypted-password "$1$KI99zGk6$MbYFuBbpLffu9tn2.sI7l1"; ## SECRET-DATA
ssh-dsa "ssh-dss
AAAAB3NzaC1kc3MAAACBAMQrfP2bZyBXJ6PC7XXZ+MzErI8Jl6jah5L4/
O8BsfP2hC7EvRfNoX7MqbrtCX/9gUH9gChVuBCB+ERULMdgRvM5uGhC/
gs4UX+4dBbfBgKYYwgmisM8EoT25m7qI8ybpl2YZvHNznvO8h7kr4kpYuQEpKvgsTdH/
Jle4Uqnjv7DAAAAFQDZaqA6QAgbW3O/
zveaLCIDj6p0dwAAAIB1iL+krWrXiD8NPpY+w4dWXEqaV3bnobzPC4eyxQKBUCOr80Q5YBlWXVBH
x9elwBWZwj0SF4hLKHznExnLerVsMuTMA846RbQmSz62vM6kGM13HFonWeQvWia0TDr78+rOEgWF
2KHBSIxL51lmIDW8Gql9hJfD/Dr/
NKP97w3L0wAAAIEAr3FkWU8XbYytQYEKxsIN9P1UQ1ERXB3G40YwqFO484SlyKyYCfaz+yNsaAJu
2C8UebDIR3GieyNcOAKf3inCG8jQwjLvZskuZwrvlsz/xtcxSoAh9axJcdUfSJYMW/
g+mD26JK1Cliw5rwp2nH9kUrJxeI7IReDp4egNkM4i15o= configurator@server1.he"; ##
SECRET-DATA
}
login {
user lab {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$84J5Maes$cni5Hrazbd/IEHr/50oY30"; ##
SECRET-DATA
}
}
}
services {
ssh;
telnet;
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
apply-groups set-speed-and-duplex;
ge-0/0/0 {
description "MGMT Interface - DO NOT DELETE";
unit 0 {
family inet {
Lab 312 Configuration Commands and Related Shortcuts
www.juniper.net
address 10.210.41.131/27;
}
}
}
ge-0/0/1 {
apply-groups-except set-speed-and-duplex;
description "Exclude Me From Group";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/5 {
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
}
ge-0/0/6 {
unit 0 {
family inet {
address 172.23.11.100/24;
}
}
}
ge-0/0/12 {
unit 0 {
family inet {
address 172.23.22.100/24;
}
}
}
ge-0/0/13 {
unit 0 {
family inet {
address 172.23.23.100/24;
}
}
}
}
ge-0/0/14 {
unit 0 {
family inet
address
}
}
}
lo0 {
unit 0 {
family inet
address
}
}
}
}
www.juniper.net
{
172.23.24.100/24;
{
127.0.0.1/32;
snmp {
description SRX240;
location ADOC;
contact "Anglos C";
view PING-OID {
oid 1.3.6.1.2.1.80 include;
}
community limit-manager {
view PING-OID;
clients {
1.2.3.4/32;
}
}
trap-group link-failure {
categories {
authentication;
chassis;
link;
}
targets {
172.23.10.100;
}
}
health-monitor {
interval 1;
rising-threshold 20;
falling-threshold 10;
}
}
security {
forwarding-options {
family {
mpls {
mode packet-based;
}
}
}
}
Step 5.10
You should now close the SRX1 CLI tab and end your reservation for this lab
environment. You may then choose another lab or log off of the Virtual Labs website.
STOP
www.juniper.net