Sie sind auf Seite 1von 34
Juniper Networks Certified Internet Associate- JNCIA JNCIA-ER Lab Manual Developed by M. Irfan Ghauri M.

Juniper Networks Certified Internet Associate-JNCIA

Juniper Networks Certified Internet Associate- JNCIA JNCIA-ER Lab Manual Developed by M. Irfan Ghauri M. Tanzeel

JNCIA-ER Lab Manual

Developed by

M. Irfan Ghauri M. Tanzeel Nasir

Lab Manual Developed by M. Irfan Ghauri M. Tanzeel Nasir C-32/1 Block-5 Gulshan-e-Iqbal, Karachi Ph #0213-6034003

C-32/1 Block-5 Gulshan-e-Iqbal, Karachi Ph #0213-6034003

ESP Press Copyrights 2011

1

LAB.LAB.LAB.LAB.   LABSLABSLABSLABS DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION   PAGEPAGEPAGEPAGE
LAB.LAB.LAB.LAB.   LABSLABSLABSLABS DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION   PAGEPAGEPAGEPAGE
LAB.LAB.LAB.LAB.   LABSLABSLABSLABS DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION   PAGEPAGEPAGEPAGE
LAB.LAB.LAB.LAB.   LABSLABSLABSLABS DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION   PAGEPAGEPAGEPAGE
LAB.LAB.LAB.LAB.   LABSLABSLABSLABS DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION   PAGEPAGEPAGEPAGE
LAB.LAB.LAB.LAB.   LABSLABSLABSLABS DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION   PAGEPAGEPAGEPAGE
LAB.LAB.LAB.LAB.   LABSLABSLABSLABS DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION   PAGEPAGEPAGEPAGE
LAB.LAB.LAB.LAB.   LABSLABSLABSLABS DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION   PAGEPAGEPAGEPAGE
LAB.LAB.LAB.LAB.   LABSLABSLABSLABS DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION   PAGEPAGEPAGEPAGE
LAB.LAB.LAB.LAB.   LABSLABSLABSLABS DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION   PAGEPAGEPAGEPAGE
LAB.LAB.LAB.LAB.   LABSLABSLABSLABS DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION   PAGEPAGEPAGEPAGE
LAB.LAB.LAB.LAB.   LABSLABSLABSLABS DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION   PAGEPAGEPAGEPAGE
LAB.LAB.LAB.LAB.   LABSLABSLABSLABS DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION   PAGEPAGEPAGEPAGE
LAB.LAB.LAB.LAB.   LABSLABSLABSLABS DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION   PAGEPAGEPAGEPAGE

LAB.LAB.LAB.LAB.

 

LABSLABSLABSLABS DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION

 

PAGEPAGEPAGEPAGE NO.NO.NO.NO.

1

Junos Basic and J-web Basics

   

2

2

Accessing the Juniper Router through Telnet/SSH/HTTP

   

11

3

Static Routing

   

12

4

Dynamic Routing

   

1. RIP

   

14

2. OSPF

16

5

Firewall Filtering

   

1. Simple Firewall Filtering

   

18

2. Advance firewall Filtering

20

6

Port Address Translation (PAT)

   

22

7

Implement VRRP

   

24

8

Inter-vlan routing

   

26

9

Configuring dhcp

   

28

10

MLPPP

 

30

11

Password recovery

   

31

12

PPP Authentication

   

33

2

Lab # 1

Junos Basic

Configuration

After connecting your PC to the Console Port.

LOGIN:root

PASSWORD:abc123

Root @%

PC to the Console Port. LOGIN: root PASSWORD: abc123 Root @% To Enter Into Operational Mode

To Enter Into Operational Mode From Unix Shell & Vice- Versa.

Root @% cli Root >

From Unix Shell & Vice- Versa. Root @% cli Root > To Enter Into Configuration Mode.

To Enter Into Configuration Mode.

Root> configure Entering configuration mode

Root #

Jweb equivalent : Configuration

Use Commit command to activate your changes.

Root# commit

To change the Host Name of Router.

Root# set system host-name host Root# commit

3

Jweb equivalent : Configuration > Quick Configuration > setup

Set the System Date & Time on the Router

Root> set date 12:10:8

Root> set date 2009-10-6 (YY-MM-DD) Root# commit

(hh:mm:ss)

Jweb equivalent : Configuration > Quick Configuration > setup

(set time manually)

Verify the System Date & Time on the Router

Root> show system uptime Current time: 2009-08-17 11:55:58 UTC

Jweb equivalent : Monitor> system

Display the Version Information of the Router.

Root>show system software Or Root>show version

Show interface summary

Root> show interfaces terse

Jweb equivalent : Monitor > interfaces

Display the Interface

Root>show interface Root>show interfaces extensive Root>show interface detail

4

Displays per-second real-time statistics for a physical interface

Root> monitor interface se-0/0/2

Command prints packet headers to your terminal screen for information sent or received by the Routing Engine

Root>monitor traffic interface se-0/0/2

Move connection to another port for testing purpose

Root#rename interfaces fe-0/0/0 to fe-0/0/1

(in this example you will move the configuration for fe-0/0/0 to fe-0/0/1)

Ruplicate an existing configuration and change a few components.

Root#copy interfaces fe-0/0/0 to fe-0/0/1

(we are replicating an existing configuration so we can change a few components)

Configuring the Encapsulation on a Physical Interface Root#set interfaces se-0/0/2 encapsulation ppp

Show Active Configuration.

Root>show configuration or Root>show system rollback 0 or Root#show

5

Show Active Configuration in set display Root # Show | display set

Show Active Configuration in xml format Root # Show | display xml

show candidate Configuration.

Root> show system rollback 2

(Temporary Configuration and becomes active when commit it)

Jweb equivalent : Configuration > history

Compare Rollback Configuration.

Root> show system rollback 0 compare 2

Jweb equivalent : Configuration > history > compare

Configure Rollback Configuration.

Root#rollback 2 Root#commit

Deactivate or Activate configuration.

Root#deactivate Anyconfiguration

For example

Root#deactivate interfaces se-0/0/2

Root#show

6

interfaces{ inactive se-0/0/2{

}

Shut down an Interface

Root# set interfaces se-0/0/2 disable

Root# delete interface se-0/0/2 disable

Set Rescue Configuration.

Root> request System configuration rescue save

(Save Active configuration as rescue configuration)

Jweb equivalent : configuration >rescue

Commit Rescue Configuration.

Root> rollback rescue Or (Reset CONFIG button on the front of j-series router will load and commit the rescue configuration )

Jweb equivalent : Configuration > history (Set rescue configuration)

Show Rescue Configuration.

Root> Show System configuration rescue

Jweb equivalent : Configuration > history (View rescue configuration )

To look how many users are logged in junos

Root>show system user

7

To look at files stored in Flash memory

Root>show system storage

To look at used tcp and udp ports

Root>show system connection

To look at system license

Root>show system license

To look at system firmware

Root>show system firmware

Show chassis component and temperature of cpu

Root > show chassis environment

Jweb equivalent : Monitor > chassis

Show chassis hardware

Root > show chassis hardware detail

Jweb equivalent : Monitor > chassis

Set the password of Root in clear text.

Root# set system root-authentication plain-text-password New Password: abc123 Retype new password: abc123

8

Jweb equivalent : Configuration > Quick Configuration > setup

Set the password of Root in encrypted text.

Root# set system root-authentication encrypted-password abc123

Jweb equivalent : Configuration > Quick Configuration > setup

To shutdown and restart the router

Root> request system poweroff Root> request system reboot

Jweb equivalent : Manage > Reboot

To make the router on factory default setting

Root # load factory-default warning: activating factory configuration

[edit] Root # set system root-authentication plain-text-password New password: abc123

Retype new password: abc123

[edit] Root # commit

9

Assign the IP Address on the Ethernet Interface of the Router.

Configuration

Assign the IP Address on the Ethernet Interface of the Router.

Root# set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 Root#edit interface fe-0/0/0 Root#Set description "This is the Ethernet management interface" Root#top Root#commit

Delete the IP Address on the Ethernet Interface of the Router.

Root#delete interface fe-0/0/0 unit 0 family inet address 10.0.0.10/8

Rename the IP Address on the Ethernet Interface of the Router.

Root#rename interface fe-0/0/0 unit 0 family inet address 10.0.0.10/8 to 15.0.0.10/8

Jweb equivalent : Configuration > Quick Configuration > interfaces

Verifying Command Root> show interfaces Root> show interface terse Root>show interface description Root> show interfaces terse | match fe

10

Assign the IP Address on the Serial Interfaces of the Router.

Configuration

Assign the IP Address on the Serial Interface of the Router R1 (DCE).

Root# set interfaces se-0/0/2 unit 0 family inet address 15.0.0.1/8 Root# set interfaces se-0/0/2 serial options clocking-mode dce Root# set interfaces se-0/0/2 serial options clock-rate 64.0khz Root# commit

Jweb equivalent : Configuration > Quick Configuration > interfaces

Assign the IP Address on the Serial Interface of the Router R2.

Root# set interfaces se-0/0/2 unit 0 family inet address 15.0.0.2/8 Root# commit

Jweb equivalent : Configuration > Quick Configuration > interfaces

Verifying Commands

Root> show interfaces Root> show interfaces terse Root> show interfaces terse | match se Root> show interfaces detail se-0/0/2

11

Lab # 2

Accessing Router through Telnet/SSH/HTTP (Telnet/SSH/HTTP between two Routers)

Configuration

Configuring telnet on R1.

Root@R1# set system services telnet Root@R1# set system services ssh Root@R1# set system login user R1 class super-user authentication plain-text- password Enter password: abc123 Retype password: abc123

Configuring telnet on R2.

Root@R2# set system services telnet Root@R2#set system services ssh Root@R1# set system login user R2 class super-user authentication plain-text- password Enter password: abc123 Retype password: abc123

Verifying Commands

Root> show system users Root> show configu ration Root# show system

12

Lab # 3

STATIC Routes

Diagram

IP Address 15.0.0.1

Se-0/0/2

WAN
WAN

IP Address 15.0.0.2

Se-0/0/2

R1
R1
15.0.0.1 Se-0/0/2 WAN IP Address 15.0.0.2 Se-0/0/2 R1 R2 IP Address 10.0.0.10 Fe-0/0/0 IP Address 20.0.0.10
15.0.0.1 Se-0/0/2 WAN IP Address 15.0.0.2 Se-0/0/2 R1 R2 IP Address 10.0.0.10 Fe-0/0/0 IP Address 20.0.0.10
R2
R2
15.0.0.1 Se-0/0/2 WAN IP Address 15.0.0.2 Se-0/0/2 R1 R2 IP Address 10.0.0.10 Fe-0/0/0 IP Address 20.0.0.10
15.0.0.1 Se-0/0/2 WAN IP Address 15.0.0.2 Se-0/0/2 R1 R2 IP Address 10.0.0.10 Fe-0/0/0 IP Address 20.0.0.10

IP Address 10.0.0.10

Fe-0/0/0

15.0.0.2 Se-0/0/2 R1 R2 IP Address 10.0.0.10 Fe-0/0/0 IP Address 20.0.0.10 Fe-0/0/0 Host A IP Address

IP Address 20.0.0.10

Fe-0/0/0

Host A IP Address 10.0.0.1

Host B IP Address 20.0.0.1

Configuration

Configure the Static Route on the Router R1. Root# set routing-options static route 20.0.0.0/8 next-hop 15.0.0.2 Root# commit

Jweb equivalent : Configuration > Quick Configuration > routing and protocols

Configure the Static Route on the Router R2. Root# set routing-options static route 10.0.0.0/8 next-hop 15.0.0.1 Root# commit

13

Jweb equivalent : Configuration > Quick Configuration > routing and protocols

Verifying Command

Root> show route Root>show route protocol static Root> show configuration Root> show interfaces terse

14

Lab # 4 (i)

Routing Protocol- RIP

Diagram

IP Address 15.0.0.1

Se-0/0/2

WAN
WAN

IP Address 15.0.0.2

Se-0/0/2

R1
R1
15.0.0.1 Se-0/0/2 WAN IP Address 15.0.0.2 Se-0/0/2 R1 R2 IP Address 10.0.0.10 Fe-0/0/0 IP Address 20.0.0.10
15.0.0.1 Se-0/0/2 WAN IP Address 15.0.0.2 Se-0/0/2 R1 R2 IP Address 10.0.0.10 Fe-0/0/0 IP Address 20.0.0.10
R2
R2
15.0.0.1 Se-0/0/2 WAN IP Address 15.0.0.2 Se-0/0/2 R1 R2 IP Address 10.0.0.10 Fe-0/0/0 IP Address 20.0.0.10
15.0.0.1 Se-0/0/2 WAN IP Address 15.0.0.2 Se-0/0/2 R1 R2 IP Address 10.0.0.10 Fe-0/0/0 IP Address 20.0.0.10

IP Address 10.0.0.10

Fe-0/0/0

15.0.0.2 Se-0/0/2 R1 R2 IP Address 10.0.0.10 Fe-0/0/0 IP Address 20.0.0.10 Fe-0/0/0 Host A IP Address

IP Address 20.0.0.10

Fe-0/0/0

Host A IP Address 10.0.0.1

Host B IP Address 20.0.0.1

Configuration

Enable the RIP protocol on the Router R1.

root@R1# set protocols rip group NAME export policy1

root@R1# set protocols rip group NAME neighbor se-0/0/2

Defining policy :

root@R1# set policy-options policy-statement policy1 from protocol direct

root@R1#set policy-options policy-statement policy1 then accept

Jweb equivalent : Configuration > Quick Configuration > routing and protocols

15

Enable the RIP protocol on the Router R2. root@R2# set protocols rip group NAME export policy1

root@R2# set protocols rip group NAME neighbor se-0/0/2

Defining policy :

root@R2# set policy-options policy-statement policy1 from protocol direct

root@R2#set policy-options policy-statement policy1 then accept

Jweb equivalent : Configuration > Quick Configuration > routing and protocols

Verifying Command

Root>show route Root> show configuration Root> show interfaces terse Root>show route protocol rip

16

Lab # 4 (ii)

Routing Protocol- OSPF (Area 0)

Diagram

Backbone Area / Area 0 IP Address 15.0.0.1 IP Address 15.0.0.2 Se-0/0/2 Se-0/0/2 WAN IP
Backbone Area / Area 0
IP Address 15.0.0.1
IP Address 15.0.0.2
Se-0/0/2
Se-0/0/2
WAN
IP Address
R1
R2
IP Address
10.0.0.10
20.0.0.10
Fe-0/0/0
Fe-0/0/0
Host A
IP Address 10.0.0.1
Host B
IP Address 20.0.0.1

Configuration

Enable the OSPF protocol on the Router R1.

Root@R1#set protocols ospf area 0.0.0.0 interface Fe-0/0/0 Root@R1#set protocols ospf area 0.0.0.0 interface Se-0/0/2

Or

Root@R1#set protocols ospf area 0.0.0.0 interface all

Jweb equivalent : Configuration > Quick Configuration > routing and protocols

17

Enable the OSPF protocol on the Router R2.

Root@R2#set protocols ospf area 0.0.0.0 interface Fe-0/0/0 Root@R2#set protocols ospf area 0.0.0.0 interface Se-0/0/2

Or

Root@R2#set protocols ospf area 0.0.0.0 interface all

Jweb equivalent : Configuration > Quick Configuration > routing and protocols

Verifying Commands

Root>show route Root>show ospf interface Root>show ospf neighbor Root>show route protocol ospf

18

Lab # 5

Diagram

Firewall Filtering

i.Simple Firewall Filtering

IP Address 15.0.0.1

Serial-0/0/2

i.Simple Firewall Filtering IP Address 15.0.0.1 Serial-0/0/2 IP Address 15.0.0.2 Serial-0/0/2 R1 WAN WEB Server IP

IP Address 15.0.0.2

Serial-0/0/2

R1
R1
WAN WEB Server IP Address 20.0.0.1 Host B IP Address 10.0.0.2
WAN
WEB Server
IP Address
20.0.0.1
Host B
IP Address
10.0.0.2

Host A

IP Address

10.0.0.1

IP Address

20.0.0.10

IP Address

10.0.0.10

Fe-0/0/0

R2 Ft 0Fe-0/0/0

20.0.0.10 IP Address 10.0.0.10 Fe-0/0/0 R2 Ft 0Fe-0/0/0 IP Address 20.0.0.2 FTP Server IP Address 15.0.0.1
IP Address 20.0.0.2
IP Address
20.0.0.2

FTP Server

Fe-0/0/0 R2 Ft 0Fe-0/0/0 IP Address 20.0.0.2 FTP Server IP Address 15.0.0.1 Configuration Make the Firewall
Fe-0/0/0 R2 Ft 0Fe-0/0/0 IP Address 20.0.0.2 FTP Server IP Address 15.0.0.1 Configuration Make the Firewall

IP Address 15.0.0.1

Configuration

Make the Firewall Filter on router R1 such that Host ‘A’ can not be accessing the Web & Ftp Server. Root@R1# set firewall filter FILTER-IN term BLOCK-ALL-PACKETS from source-address 10.0.0.1/32

Root@R1# set firewall filter FILTER-IN term BLOCK-ALL-PACKETS then discard

Root@R1# set firewall filter FILTER-IN term ALLOW-OTHERS then accept

19

Apply the Firewall Filter on router R1’s Serial Interface.

Root@R1#set interface se-0/0/2 unit 0 family inet filter OUTPUT FILTER-IN

Verifying commands

(Now Host A should not be accessing both Web & FTP

servers. However, Host B should be accessing both Web & FTP Servers) root# show firewall filter FILTER-NAME

20

ii. Advanced Firewall Filtering

Diagram

IP Address 15.0.0.1

Serial-0/0/2

WAN
WAN

IP Address 15.0.0.2

Serial-0/0/2

R1
R1
WEB Server IP Address 20.0.0.1 Host B IP Address 10.0.0.2
WEB Server
IP Address
20.0.0.1
Host B
IP Address
10.0.0.2

Host A

IP Address

10.0.0.1

Host B IP Address 10.0.0.2 Host A IP Address 10.0.0.1 IP Address 20.0.0.10 IP Address 10.0.0.10

IP Address

20.0.0.10

IP Address

10.0.0.10

Fe-0/0/0

R2 Ft 0Fe-0/0/0

20.0.0.10 IP Address 10.0.0.10 Fe-0/0/0 R2 Ft 0Fe-0/0/0 IP Address 20.0.0.2 FTP Server Configuration Make the
IP Address 20.0.0.2
IP Address
20.0.0.2

FTP Server

Fe-0/0/0 R2 Ft 0Fe-0/0/0 IP Address 20.0.0.2 FTP Server Configuration Make the Firewall Filtering on router
Fe-0/0/0 R2 Ft 0Fe-0/0/0 IP Address 20.0.0.2 FTP Server Configuration Make the Firewall Filtering on router

Configuration

Make the Firewall Filtering on router R1 such that Host ‘A’ can not be the Web Server.

accessing

Root@R1#set firewall filter protect term DENY-http from source-

address10.0.0.1/32

Root@R1#set firewall filter protect term DENY-http from destination-

address20.0.0.1/32

Root@R1#set firewall filter protect term DENY-http from protocol tcp

Root@R1#set firewall filter protect term DENY-http from destination-port http

Root@R1#set firewall filter protect term DENY-http then discard

21

Make the Firewall Filtering on router R1 such that Host ‘B’ can not be accessing the Ftp Server.

Root@R1#set firewall filter protect term DENY-FTP from source-

address10.0.0.2/32

Root@R1#set firewall filter protect term DENY-FTP from destination-

address20.0.0.2/32

Root@R1#set firewall filter protect term DENY-FTP from protocol tcp

Root@R1#set firewall filter protect term DENY- FTP from destination-port FTP

Root@R1#set firewall filter protect term DENY-FTP then discard

Root@R1#set firewall filter protect term PERMIT-ALL then accept

Apply the Firewall Filtering on router R1’s Ethernet Interface.

Root@R1#set interface fe-0/0/0 unit 0 family inet filter input protect

Verifying commands

(Now Host A should not be accessing Web server & Host B should not be accessing both FTP server).

root# show firewall filter FILTER-NAME

22

Lab # 6

Port Address Translation (PAT)

Diagram

IP Address 15.0.0.1 Serial 0/0/2

WAN
WAN

IP Address 15.0.0.2 Serial 0/0/2

IP Address 10.0.0.10

Fe-0/0/0

R1 R2
R1
R2
15.0.0.2 Serial 0/0/2 IP Address 10.0.0.10 Fe-0/0/0 R1 R2 IP Address 20.0.0.10 Fe-0/0/0 NAT Translation Table

IP Address 20.0.0.10

Fe-0/0/0

10.0.0.10 Fe-0/0/0 R1 R2 IP Address 20.0.0.10 Fe-0/0/0 NAT Translation Table Of R1 10.0.0.1 15.0.0.11
10.0.0.10 Fe-0/0/0 R1 R2 IP Address 20.0.0.10 Fe-0/0/0 NAT Translation Table Of R1 10.0.0.1 15.0.0.11

NAT

Translation Table Of

R1

10.0.0.1

15.0.0.1110.0.0.1

10.0.0.2

15.0.0.1110.0.0.2

WEB Server

10.0.0.1 15.0.0.11 10.0.0.2 15.0.0.11 WEB Server FTP Server Host A IP Address 10.0.0.1 Host B IP

FTP Server

15.0.0.11 10.0.0.2 15.0.0.11 WEB Server FTP Server Host A IP Address 10.0.0.1 Host B IP Address

Host A

IP Address

10.0.0.1

Host B

IP Address

10.0.0.2

IP Address

IP Address

20.0.0.1 20.0.0.2

Configuration

Configuring Sp interface Root#set interfaces sp-0/0/0 unit 0 family inet

Defining Nat Pool

Root#set services nat pool global-out address 15.0.0.11/32 Root#set services nat pool global-out port automatic

Defining Nat rule

Root#set services nat rule nat-out match-direction output Root#set services nat rule nat-out term nat-with-alg from application-sets junos- algs-outbound

23

Root#set services nat rule nat-out term nat-with-alg then translated source-pool global-out

Root#set services nat rule nat-out term nat-with-alg then translated translation-type source dynamic

Create service set

Root#set services service-set nat-ss nat-rules nat-out Root#set services service-set nat-ss interface-service service-interface sp-0/0/0.0

Apply service set to nat interface

Root#set interfaces se-0/0/2 unit 0 family inet service input service-set nat-ss Root#set interfaces se-0/0/2 unit 0 family inet service output service-set nat-ss

Verifying commands

Root>sh services nat pool Root >sh services nat pool detail Root >clear services stateful-firewall flows

24

Lab #7

Configuring VRRP

Virtual

Router

10.0.0.5

10.0.0.10 J2300 VRRP GROUP 1 J2300 10.0.0.20
10.0.0.10
J2300
VRRP
GROUP
1
J2300
10.0.0.20

Host A

IP Address

10.0.0.1

VRRP GROUP 1 J2300 10.0.0.20 Host A IP Address 10.0.0.1 Configuration Configuration of Vrrp on Router

Configuration

Configuration of Vrrp on Router A

L0 15.0.0.1

L0 15.0.0.1

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1 virtual-address 10.0.0.5

25

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1 priority 200

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1 accept-data

Root#set interfaces lo0 unit 0 family inet address 15.0.0.1/32

Configuration of Vrrp on Router B

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.20/8 vrrp-group 1 virtual-address 10.0.0.5

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.20/8 vrrp-group 1 priority 100

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.20/8 vrrp-group 1 accept-data

Root#set interfaces lo0 unit 0 family inet address 15.0.0.1/32

Verifying Commands

Root>show vrrp

Root>show vrrp interface fe-0/0/0

26

Lab # 8

Inter-VLAN Routing

J2300 Fe-0/0/0 Fe-0/0/0.10 Fe-0/0/0.20 10.0.0.10 / 8 20.0.0.10 / 8 Fa 0/24 2950 Fa 0/1
J2300
Fe-0/0/0
Fe-0/0/0.10
Fe-0/0/0.20
10.0.0.10 / 8
20.0.0.10 / 8
Fa 0/24
2950
Fa 0/1
Fa 0/11
Vlan 10
Vlan 20
Host B
Host A
20.0.0.1/8
10.0.0.1/8
20.0.0.10
10.0.0.10

Configuration

Switch

Switch(config)#vlan 10 Switch(config-vlan)#name vlan-10 Switch(config)#vlan 20 Switch(config-vlan)#name vlan-10

27

Switch(config)#interface range fastEthernet 0/1 - 10

Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 10

Switch(config)#interface range fastEthernet 0/11 - 20 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 20

Switch(config)#interface fastEthernet 0/24 Switch(config-if)#switchport mode trunk

Router

Root#set interfaces fe-0/0/0 vlan-tagging Root #set interfaces fe-0/0/0 unit 10 vlan-id 10 Root #set interfaces fe-0/0/0 unit 10 family inet address 10.0.0.10/8 Root #set interfaces fe-0/0/0 unit 20 vlan-id 20 Root #set interfaces fe-0/0/0 unit 20 family inet address 20.0.0.10/8

Verifying Command

root# show interfaces fe-0/0/0 root# show interfaces fe-0/0/0 | display set

28

Lab # 9

Configuring Juniper Router as a Dhcp Server

28 Lab # 9 Configuring Juniper Router as a Dhcp Server Fe-0/0/0 10.0.0.10 J 2 3

Fe-0/0/0

10.0.0.10 J2300

Router as a Dhcp Server Fe-0/0/0 10.0.0.10 J 2 3 0 0 Host B Host A

Host B

Host A
Host A

Configuration

Step 1: On Router Create & Configure Dhcp

Root#set system services dhcp pool 10.0.0.0/8

Root#set system services dhcp pool 10.0.0.0/8 router 10.0.0.10

Root#set system services dhcp pool 10.0.0.0/8 address-range low 10.0.0.1 high

10.0.0.12

29

On Router reserve address (10.0.0.5) by excluding from dhcp pool

Root#set system services dhcp pool 10.0.0.0/8 exclude-address 10.0.0.5

Jweb equivalent : Configuration > Quick Configuration > dhcp

Verifying Commands

Root>show system services dhcp binding

30

Lab #10

IP Address 15.0.0.1

MLPPP

IP Address 15.0.0.2

Ls-0/0/0 Ls-0/0/0 J2300 J2300
Ls-0/0/0
Ls-0/0/0
J2300
J2300

Configuration

Configuration of mlppp on router A.

Root# set interfaces ls-0/0/0 unit 0 family inet add 15.0.0.1/8 Root# set interfaces se-0/0/2 unit 0 family mlppp bundle ls-0/0/0.0 Root# set interfaces se-0/0/3 unit 0 family mlppp bundle ls-0/0/0.0

Configuration of mlppp on router B.

Root# set interfaces ls-0/0/0 unit 0 family inet add 15.0.0.2/8 Root# set interfaces se-0/0/2 unit 0 family mlppp bundle ls-0/0/0.0 Root# set interfaces se-0/0/3 unit 0 family mlppp bundle ls-0/0/0.0

Verifying Command

Root> show interfaces ls-0/0/0

31

Lab #11

Password Recovery

Configuration

First Press Power ON Button reboot your router

when below line appear press space bar

Hit [Enter] to boot immediately, or space bar for command prompt. Booting [kernel] in 1 second

Type boot –s at below prompt

Type '?' for a list of commands, 'help' for more detailed help. Ok boot -s

Type recovery at below prompt Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery

CLI prompt Appear

Starting CLI

root>

Type Configure and Set Root authentication Password

Root>configure

Root#set system root-authentication plain-text-password

New password:*******

Retype new password:*******

32

Type commit to load configuration

Root#commit

Root# exit

Type Exit to reboot the Router

root> exit

Reboot the system? [y/n] yes

33

Lab # 12

PPP AUTHENTICATION- CHAP

Diagram

IP Address 15.0.0.1

Se-0/0/2

WAN
WAN

IP Address 15.0.0.2

Se-0/0/2

Address 15.0.0.1 Se-0/0/2 WAN IP Address 15.0.0.2 Se-0/0/2 R1 R2 Configuration CHAP Authentication Configuration for

R1

R2

Configuration

CHAP Authentication Configuration for Router R1.

Root#set system host-name R1 Root@R1#set system root-authentication encrypted-password abc123 Root@R1#set interfaces se-0/0/2 encapsulation ppp Root@R1#set interfaces se-0/0/2 ppp-options chap default-chap-secret abc123 Root@R1#set interfaces se-0/0/2 ppp-options chap local-name R1

CHAP Authentication Configuration for Router R2.

Root#set system host-name R2 Root@R2#set system root-authentication encrypted-password abc123 Root@R2#set interfaces se-0/0/2 encapsulation ppp Root@R2#set interfaces se-0/0/2 ppp-options chap default-chap-secret abc123 Root@R2#set interfaces se-0/0/2 ppp-options chap local-name R2

Verifing Commands :

Root > show interface terse Root > show interface se-0/0/2