HON95-wiki/config/network/juniper-junos-switches.md

---

title: Juniper EX Series Switches breadcrumbs:

• title: Configuration
• title: Network --- {% include header.md %}

TODO Clean up, reorganize and add remaining stuff.

Related Pages

{:.no_toc}

• Juniper Hardware
• Juniper Junos General

Using

{:.no_toc}

• EX3300 w/ Junos 15.1R7

Resources

• Juniper EX3300 Fan Mod

Initial Setup

1. Connect to the switch using serial:
   • RS-232 w/ RJ45, baud 9600, 8 data bits, no parity, 1 stop bits, no flow control.
2. Login:
   • Username root and no password.
   • Logging in as root will always start the shell. Run cli to enter the operational CLI.
3. (Optional) Disable default virtual chassis ports (VCPs) if not used:
   1. Enter op mode.
   2. Show VCPs: show virtual-chassis vc-port
   3. Remove VCPs: request virtual-chassis vc-port delete pic-slot <pic-slot> port <port-number>
   4. Show again to make sure they disappear. This may take a few seconds.
4. Enter configuration mode:
   • Enter: configure
   • Exit: exit
5. Set host name:
   • set system host-name <host-name>
   • set system domain-name <domain-name>
6. Enable auto snapshotting and restoration on corruption:
   • set system auto-snapshot
7. Disable DHCP auto image upgrade:
   • delete chassis auto-image-upgrade
8. Set new root password:
   • set system root-authentication plain-text-password (prompts for password)
9. Setup a non-root user:
   • set system login user <user> [full-name <full-name>] class super-user authentication plain-text-password (prompts for password)
10. Setup SSH:
    • Enable server: set system services ssh
    • Disable root login from SSH: set system services ssh root-login deny
11. Set loopback addresses:
    1. set interfaces lo0.0 family inet address 127.0.0.1/32
    2. set interfaces lo0.0 family inet6 address ::1/128
12. Set DNS servers:
    • set system name-server <addr> (once for each address)
13. Set time:
    1. (Optional) Set time locally: set date <YYYYMMDDhhmm.ss>
    2. Set server to use while booting: set system ntp boot-server <address>
    3. Set server to use periodically: set system ntp server <address>
    4. Set time zone: set system time-zone Europe/Oslo (example)
    5. Note: After committing, use show ntp associations to verify NTP.
14. Delete default interfaces configs:
    • wildcard range delete interface ge-0/0/[0-47] (example, repeat for all FPCs/PICs)
15. Disable unused interfaces:
    • wildcard range set interface ge-0/0/[0-47] disable (example, repeat for all FPCs/PICs)
16. Disable dedicated management port and alarm:
    1. Disable: set int me0 disable
    2. Delete logical interface: delete int me0.0
    3. Disable link-down alarm: set chassis alarm management-ethernet link-down ignore
17. Disable default VLAN:
    1. Delete logical interface (before disabling): delete vlan.0
    2. Disable logical interface: set vlan.0 disable
18. Create VLANs (not interfaces):
    • set vlans <name> vlan-id <VID>
19. Setup port-ranges:
    • Declare range: edit interfaces interface-range <name>
    • Add member ports: member-range <begin-if> to <end-if>
    • Configure it as a normal interface, which will be applied to all members.
20. Setup LACP:
    1. Note: Make sure you allocate enough LACP interfaces and that the interface numbers are below 512 (empirically discovered on EX3300).
    2. Set number of available LACP interfaces: set chassis aggregated-devices ethernet device-count <0-64>
    3. Add individual Ethernet interfaces (not using interface range):
       1. Delete logical units (or the whole interfaces): wildcard range delete interfaces ge-0/0/[0-1] unit 0 (example)
       2. Set as members: wildcard range set ge-0/0/[0-1] ether-options 802.3ad ae<n> (for LACP interface ae<n>)
    4. Enter LACP interface: edit interface ae<n>
    5. Set description: desc <desc>
    6. Set LACP options: set aggregated-ether-options lacp active
    7. Setup default logical unit: edit unit 0
    8. Setup VLAN/address/etc.
21. Setup VLAN interfaces:
    1. Setup trunk ports:
       1. Enter unit 0 and family ethernet-switching of the physical/LACP interface.
       2. Set mode: set port-mode trunk
       3. Set non-native VLANs: set vlan members <vlan-name> [members <VLAN-name>] (once per VLAN or repeated syntax)
       4. (Optional) Set native VLAN: set native-vlan-id <VID>
    2. Setup access ports:
       1. Enter unit 0 and family ethernet-switching of the physical/LACP interface.
       2. Set access VLAN: set vlan members <VLAN-name>
22. Setup L3 interfaces:
    1. (VLAN) Set L3-interface: set vlans <name> l3-interface vlan.<VID>
    2. Enter unit 0 of physical/LACP interface or vlan.<VID> for VLAN interfaces.
    3. Set IPv4 address: set family inet address <address>/<prefix-length>
    4. Set IPv6 address: set family inet6 address <address>/<prefix-length>
23. Setup static IP routes:
    1. IPv4 default gateway: set routing-options rib inet.0 static route 0.0.0.0/0 next-hop <next-hop>
    2. IPv6 default gateway: set routing-options rib inet6.0 static route ::0/0 next-hop <next-hop>
24. Enable Ethernet flow control:
    • TODO
25. Enable EEE:
    • TODO
26. Configure RSTP:
    • RSTP is the default STP variant for Junos.
27. Configure SNMP:
    • Note: SNMP is extremely slow on the Juniper switches I've tested it on.
    • Enable public RO access: set snmp community public authorization read-only
28. Configure sFlow:
    • TODO
29. Commit configuration: commit [confirmed]
30. Backup config to rescue config: request system configuration rescue save

Commands

Interfaces

• Disable interface or unit: set disable
• Perform operation on multiple interfaces: wildcard range set int ge-0/0/[0-47] unit 0 family ethernet-switching (example)

Virtual Chassis

(Although other series also support some form of virtual chassis, this section is targetet at EX switches.)

Info

• Virtual Chassis (VC) is a simple way of connecting multiple close or distant switches into a ring topology and managing them as a single logical device. It simplifies loop prevention (otherwise using STP) and improves fault tolerance.
• Roles: A VC has one switch as master routing engine, one switch as backup routing engine and the remaining switches as linecards.
• Primary-role election: The master is elected based on (in order) highest mastership priority, which member was master last time, which switch has been a member the longest, and which member has the lowest MAC address. When using a preprovisioned config, the mastership priority is automatically assigned based on the selected role.
• LEDs: The "MST" LED will be solid green on the master, blinking green on the backup and off on the linecards.
• Alarms: Alarms for a specific device will only show on the master and the actual device.
• FPCs: Each switch will show as separate FPCs (Flexible PIC (Physical Interface Cards) Concentrators).
• Split-and-merge: In case the VC gets partitioned, having all partitions elect a new master while running the same configuration would cause logical resource conflicts and inconsistencies in the network. The split and merge is a quorum-like mechanism where only the "largest" (according to certain specific rules) partition continues to function and the other partitions become inactive (all their switches aquire the line-card role). A VC partition becomes active if it contains both the stable (pre-split) primary and backup; if it contains the stable backup and at least half the VC size; or if it contains the stable primary and more than half the VC size. This "merge" part of the feature allows the partitions to merge back together when the partitioning is resolved (if the configurations adhere to certain specific rules). For VCs of size two where both switches would become inactive if a partition were to happen (since none of the rules are satisfied), use no-split-detection to disable split-and-merge such that both switches may become primaries (although, one would likely be dead and avoid causing inconsistencies).

Best Practices

• Always zeroize before merging.
• Use no-split-detection if using exactly two devices.
• When removing a device, recycle its old ID in the VC.
• If not preprovisioning the VC, explicitly set the mastership priority to 255 for the devices which should be routing engines.
• Enable synchronized commit to ensure commits are always applied to all members.

Commands and Configuration

• Show status:
  • Show overview and nodes: show virtual-chassis
  • Show utilization of nodes: show chassis fpc
• Configuration changes:
  • Commit on both routing engines (always recommended for committing on VC): commit synchronize
  • Enable synchronized commit as default commit: set system commit synchronize
• Virtual chassis ports (VCPs):
  • Show: show virtual-chassis vc-port
  • Remove: request virtual-chassis vc-port delete pic-slot <pic-slot> port <port-number>
• Change assigned member ID: request virtual-chassis renumber
• Recycle an old member ID: request virtual-chassis recycle

Setup

1. (Optional) Prepare preprovisioned setup:
   1. Only accept preprovisioned members: set virtual-chassis preprovisioned
   2. Add members:
      1. set member 0 serial-number xxx role routing-engine
      2. set member 1 serial-number xxx role routing-engine
      3. set member 2 serial-number xxx role line-card
2. If using only two devices, disable split and merge: set virtual-chassis no-split-detection
3. Enable implicit synchronized commit to all devices: set system commit synchronize
4. Enable graceful routing engine switchover: set chassis redundancy graceful-switchover

Virtual Chassis Fabric

Virtual Chassis Fabric (VCF) evolves VC into a spine-and-leaf architecture. While VC focuses on simplified management, VCF focuses on improved data center connectivity. Only certain switches (like the QFX5100) support this feature.

Miscellanea

• Serial:
  • RS-232 w/ RJ45 (Cisco-like).
  • Baud 9600 (default).
  • 8 data bits, no parity, 1 stop bits, no flow control.

{% include footer.md %}