4-3 Configuring Routes on Juniper Routers
4-4 Configuring Route Redistribution on Juniper Routers
• Understand and identify the difference between the operational and configuration modes
• Understand the basic steps for working in the operational mode
• Understand the steps for configuring the router’s interface
• Explain how to configure static, RIP, OSPF, and IS-IS routing
• Understand the steps for route redistribution
set protocols ospf area area interface interface hello-interval seconds dead-interval seconds
set protocols isis interface interface
The basic commands used in the operational mode of the JUNOS command-line interface (CLI) are presented in Section 4-1. In this chapter, you learn about the {master} prompt and the >, indicating you are now in the operational mode. You also learn about the re0 { and re1 { .. notations that are used to identify the system configuration for the routing engines 0 and 1. In Section 4-2, the steps for configuring the router interface are examined. In addition, the commands for displaying the router interface, configuring the hostname, and assigning an IP address to an interface are examined. Section 4-3 introduces route configuration featuring static, RIP, OSPF, and IS-IS. Section 4-4 examines route redistribution. Juniper takes a different approach when it comes to route redistribution. In the JUNOS software, there is no redistribute command. Unlike Cisco where a route distribution is done in a routing process, Juniper uses its routing policy to inject routing protocols.
The operational mode is the first mode encountered after logging in to the Juniper router. This mode allows for the following:
1. Monitoring network connectivity (for example, using the ping command)
2. Troubleshooting the router interface and network connections
3. Entry point for router configuration
The following examples demonstrate the basic commands used in the operational mode of the JUNOS command-line interface (CLI). The connection to the Juniper router demonstrated in this section is being made via an SSH session (secure telnet); however, a console serial connection can also be made directly with the Juniper router, and this connection is used to make the initial router interface configurations.
The first prompt displayed after connecting to the router is the request for a password. After you correctly enter the password, you enter the router’s {master} mode and the router> prompt is displayed, indicating that you are in the operational mode. The text preceding the > lists the name of the user and the router. In this example, the username is net-admin and the router name is noc. Juniper routers use the {master} prompt to indicate that you are in the master routing engine mode. This prompt appears only when the Juniper router is equipped with two routing engines, and the two engines are running in a graceful switchover redundancy mode.
{master}
The prompt indicating you are in the master routing engine mode on a Juniper router.
The following shows an example of the prompts displayed after establishing the router connection. In this example, the connection is made by net-admin, and this user has superuser privileges. A superuser has root access with full access to all configuration modes. Notice that prompt is >, indicating you are now in operational mode.
Password:
{master}
net-admin@noc>
The question mark (?) is used for the universal help command in JUNOS (operating system). For example, the ? can be entered to see what options are available. It is not necessary to press Enter after typing the question mark. The following is a list of the available commands available at the > prompt:
net-admin@noc> ?
Possible completions:
clear Clear information in the system
configure Manipulate software configuration information
file Perform file operations
help Provide help information
mtrace Trace mtrace packets from source to receiver.
monitor Real-time debugging
ping Ping a remote target
quit Exit the management session
request Make system-level requests
restart Restart a software process
set Set CLI properties, date, time, craft display text
show Show information about the system
ssh Open a secure shell to another host
start Start a software process
telnet Telnet to another host
test Diagnostic debugging commands
traceroute Trace the route to a remote host
net-admin@noc>
The question mark can also be added after part of a command is entered. For example, the following is a partial listing of the options with the show ? command:
{master}
net-admin@noc> show ?
Possible completions:
Accounting Show accounting profiles and records
aps Show Automatic Protection Switching information
arp Show system Address Resolution Protocol table
entries
as-path Show table of known autonomous system paths
bfd Show Bidirectional Forwarding Detection
information
bgp Show Border Gateway Protocol information
chassis Show chassis information
class-of-service Show class-of-service (CoS) information
cli Show command-line interface settings
configuration Show current configuration
connections Show circuit cross-connect connections
.
.
.
The JUNOS operating system has another option that enables the user to enter only part of a command. With this feature, the incomplete command will be completed by JUNOS if the user is still in the operational mode, indicated by the > prompt. This means the user doesn’t have to remember the full command. JUNOS will fill in the expected text given the information obtained from the entered keystrokes. This is accomplished by entering a partial command and then pressing the spacebar or the tab key. For example, entering show in <spacebar> lists the remaining text of a possible matching command, terfaces. Press Enter to accept the displayed text. The following is an example:
net-admin@noc>show in <spacebar>terfaces <Enter>
Physical interface: at-0/1/0, Enabled, Physical link is Up
Interface index: 11, SNMP ifIndex: 65
Link-level type: ATM-PVC, MTU: 4482, Clocking: Internal, SONET mode
Speed: OC12, Loopback: None, Payload scrambler: Enabled
Device flags : Present Running
Link flags : 0x01
[...Output truncated...]
The following shows another example of entering an incomplete command where an ambiguous result can occur. For example, entering show c <spacebar> results in an ambiguous result, because there are many possible matching commands. In this case, the user must type more characters for JUNOS to recognize the desired command, or the user must type the complete command:
net-admin@noc> show c<Space>
'c' is ambiguous.
Possible completions:
chassis Show chassis information
class-of-service Show class-of-service (CoS) information
cli Show command-line interface settings
configuration Show current configuration
connections Show circuit cross-connect connections
The next example demonstrates the results of entering the show version at the > prompt. This command can be used to show which version of the Juniper software is running on the router, and it also lists all the software suites installed on the router:
--- JUNOS 7.6R2.6 built 2006-07-08 09:43:10 UTC
{master}
net-admin@noc> show version
Hostname: noc
Model: m10i
JUNOS Base OS boot [7.6R2.6]
JUNOS Base OS Software Suite [7.6R2.6]
JUNOS Kernel Software Suite [7.6R2.6]
JUNOS Packet Forwarding Engine Support (M7i/M10i) [7.6R2.6]
JUNOS Routing Software Suite [7.6R2.6]
JUNOS Online Documentation [7.6R2.6]
JUNOS Crypto Software Suite [7.6R2.6]
In this case, the router is running the Model: m10i software. The Juniper system is based on the UNIX OS platform. It has a Free BSD UNIX-based kernel with different software systems handling different functions. For example, this listing shows that there is a JUNOS routing software suite, a packet forwarding engine, a crypto software suite, and other software. This individual software suite setup allows one feature to be updated (for example, router updates) without having to update the entire router box.
The next example uses the show configuration command to display the Juniper router current configuration. This is analogous to entering the show running-config command on a Cisco router.
{master}
net-admin@noc>show configuration
version 7.6R2.6;
groups {
re0 {
system {
host-name checs-atm-re0;
backup-router 10.10.20.250 destination 10.10.10.5/24;
}
interfaces {
fxp0 {
description "Out of Band Management interface re0";
unit 0 {
family inet;
}
}
}
}
re1 {
system {
.
.
.
The re0 { and re1 { .. notations identify the system configuration for the routing engines 0 and 1. (The location of the routing engines on a Juniper router is shown in Figure 4-1.) The statement Out of Band Management indicates that the FastEthernet0 (fxp0) interface is an additional interface that can be used to connect to the router if the main network is down. The term in band refers to the primary network connection.
Figure 4-1. The physical interfaces on a Juniper router
The Juniper router, shown in Figure 4-1, shows several types of physical interface cards (PIC). Each interface plus its name are listed. The ge interfaces are gigabit Ethernet. The multi-services card enables expanded services, such as stateful firewall protection, Network Address Translation, and other functions. The t3/ds3 card provides for a 44.736-Mbps data rate connection. The at is for Asynchronous Transmission Mode (ATM), and this example also shows oc-3 (155.52 Mbps) and oc-12 (622.08 Mbps) connections. This router also has two routing engines; the duplicate engines are for redundancy.
re0 { and re1 { ...
This identifies the system configuration for the routing engines 0 and 1.
Out of Band Management
Indicates that an additional interface can be used to connect to the router if the main network is down.
PIC
Physical interface card.
Multi-Services Card
Enables expanded services, such as stateful firewall protection and Network Address Translation.
t3/ds3 card
Provides for a 44.736-Mbps data rate connection.
at
Asynchronous Transmission Mode (ATM).
oc-3
155.52 Mbps.
oc-12
622.08 Mbps.
Network connectivity with other networking devices can be verified with the Juniper router by using the ping command, as shown next. This command is being issued in the operational mode, the > prompt.
{master}
net-admin@noc> ping 192.168.32.5
{master}
net-admin@noc-atm-re1> ping 172.16.83.3
PING 172.16.83.3 (172.16.83.3): 56 data bytes
64 bytes from 172.16.83.3: icmp_seq=0 ttl=62 time=1.493 ms
64 bytes from 172.16.83.3: icmp_seq=1 ttl=62 time=1.000 ms
64 bytes from 172.16.83.3: icmp_seq=2 ttl=62 time=1.096 ms
64 bytes from 172.16.83.3: icmp_seq=3 ttl=62 time=1.082 ms
64 bytes from 172.16.83.3: icmp_seq=4 ttl=62 time=1.417 ms
64 bytes from 172.16.83.3: icmp_seq=5 ttl=62 time=1.159 ms
^C
--- 172.16.83.3 ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.000/1.208/1.493/0.182 ms
Table 4-1 provides a summary of the commands and prompts discussed in this section.
Table 4-1. Section 4-2 Command/Prompt Summary
Command/Prompt |
Description |
{master} |
Indicates you are in the master routing engine mode on a Juniper router. |
> |
Prompt for the operational mode. |
username@router-name> |
Structure preceding the > prompt. |
? |
Universal help command. |
show version |
Shows the version of the Juniper software running on the router, and it lists all the software suites installed on the router. |
show configuration |
Used to display the Juniper router current configuration. |
re0 { and re1 { ... |
Identifies the system configuration for the routing engines 0 and 1. |
There are two types of interfaces for the Juniper routers: permanent and transient. Two types of permanent interfaces exist:
• Management Ethernet Interface: This interface enables the router to establish both ssh and telnet connections.
• Internal Ethernet interface: This interface is the main communications link between the JUNOS software and the router’s packet forwarding engines.
Transient interfaces receive and transmit the data packets to and from the network. They are located on the physical interface card and can be inserted and removed at any time. These interfaces must be configured before they can be used.
Permanent Interfaces
Defined to be either Management or Internal Ethernet interfaces.
Management Ethernet Interfaces
Enable the router to establish both SSH and Telnet connections.
Internal Ethernet Interfaces
The main communications link between the JUNOS software and the router’s packet forwarding engines.
Transient Interfaces
These interfaces both receive and transmit data to/from the network.
The Juniper routers also have both a console and auxiliary serial port. The console port is used to establish a serial terminal connection and is used for the initial router configuration. The auxiliary port is used to connect to a modem and for remote access when there is a failure with the regular network connection.
The command for displaying the router interfaces and their status is show interfaces brief. The following shows an example of using this command. Notice that the command is issued at the > operational mode prompt, and the {master} prompt indicates the Juniper router is equipped with two routing engines.
{master}
net-admin@noc> show interfaces brief
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Description: Feed to Network-Backup
Link-level type: Ethernet, MTU: 1514, Speed: 1000mbps, Loopback:
Disabled,
Source filtering: Disabled, Flow control: Enabled, Auto-negotiation:
Enabled,
Remote fault: Online
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x4000
Link flags : None
Logical interface ge-0/0/0.0
Description: Feed to Network-Backup
Flags: SNMP-Traps Encapsulation: ENET2
inet 172.16.35.12/30
Physical interface: ge-0/1/0, Enabled, Physical link is Down
Link-level type: Ethernet, MTU: 1514, Speed: 1000mbps, Loopback:
Disabled,
Source filtering: Disabled, Flow control: Enabled, Auto-negotiation:
Enabled,
Remote fault: Online
Device flags : Present Running Down
Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000
Link flags : None
Logical interface ge-0/1/0.0
Description: Feed to Network-Backup
Flags: SNMP-Traps Encapsulation: ENET2
inet 192.168.12.7/30
.
.
.
The ge-0/0/0 physical interface shows that it is enabled and the physical link is up. This indicates that the link can pass data packets. The ge-0/1/0 physical interface shows that it is down and the interface is disabled. This listing also shows logical interfaces for ge-0/0/0.0 and 0/1/0.0, which are defined by the IP addresses (inet) set for each interface. Notice that each of the two gigabit Ethernet interfaces (ge-0/1/0 and ge-0/0/0) has both a physical and a logical interface setting. The ge-#/#/# notation for the physical interfaces is defined as follows:
• Media type: ge (gigabit Ethernet). Other options for media type are Sonet (so), ATM (at), FastEthernet(fxp)
• Slot number: 0
• Slot number on the interface: 0
• Port: 0
inet
IP address.
The notation for the logical interface lists the media type, slot number, slot number for the interface, and port. It also shows a description, the IP address, and the interface flags. Flags give information like the state or the status of the interface.
The hostname on a Juniper router can be changed by entering the configuration mode. This can be done by entering the configure command, which places you in the [edit] mode. Notice that the prompt now has a # after it, indicating that you are in the configuration mode. Next, enter edit system, which places you in the [edit system] mode. The hostname of the router is changed by entering the set host-name name command. The following is an example where the hostname of the router is changed from noc to Juniper. (Note: This change will not be implemented until the configuration is saved using the commit command.)
commit
Command used to save changes.
net-admin@noc> configure
[edit]
net-admin@noc>#edit system
[edit system]
net-admin@noc># set host-name Juniper
[edit system]
net-admin@noc>#commit
[edit system]
net-admin@Juniper>#
The next example shows how an IP address is assigned to an interface. In this case, the interface is ge-0/0/0. The command configure places you in the edit mode. The ge-0/0/0 interface is specified by using the edit interfaces ge-0/0/0 command. The prompt displays [edit interfaces ge-0/0/0] to indicate that you are configuring the ge-0/0/0 interface. The interface ge-0/0/0 is a physical interface. Next, the logical unit of the physical interface has to be configured. The logical unit 0 is chosen and the command edit unit 0 is entered.
The notation of the physical interface and the logical unit is ge-0/0/0.0, and this is referred to as logical interface. This is similar to Cisco’s way of creating a virtual subinterface. Once this is complete, the IP address can be configured using the set address command. In order to configure the IP address, the family protocol will need to be specified. The family inet is a family protocol that supports all the IP traffic. As a matter of fact, inet denotes the IP address in UNIX-based systems. The prompt now changes to [edit interfaces ge-0/0/0 unit 0 family inet]:
net-admin@noc> configure
[edit]
net-admin@noc>#edit interfaces ge-0/0/0
[edit interfaces ge-0/0/0]
net-admin@noc>#edit unit 0
[edit interfaces ge-0/0/0 unit 0]
net-admin@noc>#edit family inet
[edit interfaces ge-0/0/0 unit 0 family inet]
net-admin@noc>#set address 192.168.1.1/24
[edit interfaces ge-0/0/0 unit 0 family inet]
net-admin@noc>#
In the previous chapter, an example of how to configure a secondary IP address on a Cisco router was shown. When the keyword secondary is used after the IP address statement in Cisco, it signifies this is a secondary IP address. On a Juniper router, the same concept exists, but the configuration is done in reverse. The primary IP address is specified with a keyword, but the secondary IP address is not. In this case, we can specify the IP address 192.168.1.1/24 as the primary by issuing the command set address 192.168.1.1/24 preferred, then configure the secondary IP addresses without the keyword preferred. The following is the configuration of the primary IP address and secondary IP address on a Juniper router:
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.1.1/24 {
preferred;
}
address 192.168.2.1/24;
}
}
}
preferred
Used after the ip address statement to signify the primary IP address.
This section has demonstrated steps for hostname configuration and assigning an IP address to the interface. Although the command sequence is similar to Cisco routers, there are some distinct differences. Table 4-2 provides a summary of the commands and prompts discussed in this section.
Table 4-2. Section 4-2 Command/Prompt Summary
username@router-name configure |
Command used to enter the configuration mode |
{master} [edit] |
Places you in the [edit] mode |
net-admin@noc> show interfaces brief |
The command for displaying the router interfaces and their status |
username@router-name># |
The # indicates you are in the configuration mode |
username@router-name>#edit system |
Places you in the [edit system] mode |
[edit system] net-admin@noc># set host-name Juniper |
Sets the hostname of the router to Juniper |
[edit system] net-admin@noc>#commit |
Command used to save changes |
This section examines the steps for configuring routes on a Juniper router. The steps for configuring static routes, RIP routing, OSPF, and IS-IS are demonstrated. You might ask what about EIGRP routes? Remember, EIGRP is proprietary to Cisco and is only available on Cisco routers.
You can configure a static route on a Juniper router by entering the configuration mode. The {master}[edit] prompts should be displayed after you enter this mode, and the # symbol should be displayed. The command edit routing-options static places you in the mode to configure the static route. The prompt changes to {master}[edit routing-options static]. The following shows an example:
{master}[edit]
net-admin@noc# edit routing-options static
{master}[edit routing-options static]
net-admin@noc#
edit routing-options static
Places you in the mode to configure the static route.
The next step is to configure the static router. This simply requires you to enter the destination IP address / {subnet – CIDR} and next-hop address. The following shows an example:
{master}[edit routing-options static]
net-admin@noc# set route 172.16.32.0/24 next-hop 172.16.64.1
{master}[edit routing-options static]
net-admin@noc#
To verify the result, the command show route is used to display the routing table. To display only the static routes, the command show route protocol static is used:
net-admin@noc# show route protocol static
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.30.0/24 *[Static/5] 14w1d 22:09:22
> to 172.16.65.1 via ge-0/0/0.0
172.16.31.0/24 *[Static/5] 20w3d 15:07:25
> to 172.16.64.1 via ge-0/0/1.0
172.16.32.0/24 *[Static/5] 14w1d 22:09:22
> to 172.16.64.1 via ge-0/0/1.0
The command for adding a default route or default gateway is very similar to adding a normal static route. The following is an example of adding a default route or a default gateway. The command set route 0.0.0.0/0 next-hop IP address is entered. The all zeroes indicate that the destination and subnet mask are not known and send the packet to the default gateway:
{master}[edit routing-options static]
net-admin@noc# set route 0.0.0.0/0 next-hop 172.16.1.1
To remove the static route, the command is del for delete followed by the route that you want to delete. The following shows an example:
{master}[edit routing-options static]
net-admin@noc# del route 172.16.32.0/24 next-hop 172.16.64.1
Juniper also offers similar null routes as in Cisco, where packets destined to a matching route will get dropped; however, Juniper provides two different options to drop packets. One is discard, which will silently drop any packet that matches a route. Another one is reject, which will drop the packet and will generate an ICMP error message “the destination is unreachable” to the source. The following shows an example of using the reject and discard feature:
{master}[edit routing-options static]
net-admin@noc# set route 172.16.0.0/16 reject
net-admin@noc# set route 172.16.0.0/16 discard
This section demonstrates how to configure RIP on a Juniper router. The first step is to enter the configure command. Notice that this places you in configuration mode, and the # prompt is displayed. Next, enter the command edit protocols rip, which places you in the mode to configure RIP routing. Unlike static route configuration, RIP configuration is programmed under the protocols section, not the routing-options section. The prompt changes to {master}[edit protocols rip]. The following shows an example:
{master}[edit]
net-admin@noc# edit protocols rip
{master}[edit protocols rip]
net-admin@noc#
edit protocols rip
Places you in the mode to configure RIP routing.
The next step is to define a RIP group and place the interfaces that will be participating in RIP routing in the group. These interfaces will be connecting to other RIP devices, and they will be RIP neighbors. The following shows an example of joining the interface ge-0/0/0 to the group rip_group1. The show command entered at the prompt displays the configuration under the section. Recall that the protocol family inet is configured at the logical interface level, so the RIP protocol will be configured on the logical interface of ge0/0/0, which is ge-0/0/0.0:
{master}[edit protocols rip]
net-admin@noc# # set group rip_group1 neighbor ge-0/0/0.0
{master}[edit protocols rip]
net-admin@noc#show
group rip_group{
neighbor ge-0/0/0.0;
}
When configuring RIP on a Juniper, there is no option to specify the RIP version. This is because JUNOS will automatically configure both versions of RIP. So, it can be connected to either a RIP version 1 device or a RIP version 2 device. The command show rip neighbor can be used to display its neighbors.
show rip neighbor
Command used to display RIP neighbors.
net-admin@noc# # show rip neighbor
Neighbor State Source Destination Send Receive In
Address Address Mode Mode Met
-------- ----- ------- ----------- -- -- ----
ge-0/0/0.0 Up 172.16.10.1 224.0.0.9 mcast both 1
The result shows that the router the RIP neighbors via the interface ge-0/0/0.0 is up. The destination of RIP updates is a multicast address of 224.0.0.9, which indicates this is using RIPv2. The receive mode is set to receive both RIPv1 and RIPv2. At this point, a Juniper router is equipped with a minimum configuration to receive all RIP routing information from its neighbor. By default, JUNOS does not advertise any RIP routes, unless it is specified in the routing policy. To enable RIP advertisement to its neighbor in a Juniper router, a routing policy to advertise RIP routes has to be created, and then it must be applied to the RIP group. The routing policy is entered under the policy options as follows:
{master}[edit policy-options]
net-admin@noc# # set policy-statement advertise_rip term 1 from
protocol rip then accept
The show command displays the configuration under the policy-options:
{master}[edit policy-options]
net-admin@noc# # show
policy-statement advertise_rip{
term 1{
from protocol rip;
then accept;
}
}
The policy is created, but it is not yet applied. The policy must be applied to the RIP group by the key command export. To configure that, we must be out of the policy-options section. The command top takes the user out of the current configuration section and back to the top of the configuration mode:
net-admin@noc# # top
{master}[edit]
net-admin@noc# # set protocol rip group rip_group1 export advertise_
rip
The commit command is used to save software configuration changes to the configuration database, and it also activates the configuration on the router. Changes to the configuration are not saved unless you issue the commit command.
net-admin@noc# commit
commit complete
Or you can issue the commit and –quit command to commit the configuration and exit the configuration mode:
commit and- quit
The command used to save the configuration and exit the configuration mode.
[edit]
net-admin@noc# commit and- quit
commit complete
exiting configuration mode
net-admin@noc>
When the configuration is saved and applied, the routing table information can be verified via the command show route, or the command show route protocol rip can be used to display only the RIP routes:
show route
Command used to display all routes.
show route protocol rip
Command used to display only RIP routes.
net-admin@noc# # show route protocol rip
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0
hidden)
+ = Active Route, - = Last Active, * = Both
172.16.1.0/24 [RIP/100] 00:03:03, metric 2
> via ge-0/0/0.0
172.16.20.0/24 [RIP/100] 00:03:38, metric 2
> via ge-0/0/0.0
192.168.2.1/32 [RIP/100] 00:03:19, metric 1
> via ge-0/0/0.0
The next example examines configuring the OSPF routing protocol for the Juniper router using a script. In this case, the current system configuration file is edited with the required information. The commands in the following OSPF script are set off with brackets { }. There is an open bracket at the beginning of each command level and a closing brace at the end for each open brace. The following is an example of how to configure an OSPF backbone that has two gigabit Ethernet interfaces. You must be in the [edit] mode, which requires the entry of the configure command. You enter the script after entering the configure mode, which has the [edit] prompt displayed:
net-admin@noc> configure
[edit]
protocols {
ospf {
area 0.0.0.0 {
interface ge-0/0/0.0 {
hello-interval 5;
dead-interval 20;
}
interface ge-0/0/1.0 {
hello-interval 5;
dead-interval 20;
}
}
}
}
This configuration is for the backbone (area 0.0.0.0). The two gigabit interfaces are ge-0/0/0 and ge-0/0/1. The “Hello” interval is being set to 5 seconds and the dead interval is being set to 20 seconds. The “Hello” interval is how often OSPF “Hello” packets are sent to other routers in the same area, and the dead interval is how much time can expire before the other routers in the area assume the router is dead or the link has failed.
set protocols ospf area area interface interface hello-interval seconds dead-interval seconds
The command for setting the protocol to OSPF.
Another way to configure the same information for OSPF is shown next. This example produces the same result as previously presented for the OSPF routing, except everything is entered at the command line. The first step is to enter the [edit] mode using the configure command. Next, enter the set protocols command followed by the desired settings for the interface. The set protocols command and desired settings must be repeated for each interface. Enter the command sequence commit and- quit to save the configuration and exit the configuration mode.
net-admin@noc> configure
[edit]
user@host# set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 hello-
interval 5 dead-interval 20
[edit]
user@host# set protocols ospf area 0.0.0.0 interface ge-0/0/1.0 hello-
interval 5 dead-interval 20
[edit]
net-admin@noc# commit and- quit
commit complete
exiting configuration mode
net-admin@noc>
Similar to Cisco’s command show ip ospf neighbor, JUNOS has the command show ospf neighbor, which displays the following: Interface Address, Interface, State, Router ID, Router Priority, and Dead Timer. An example of using the command is as follows:
net-admin@noc> show ospf neighbor
Address Interface State ID Pri Dead
172.16.64.1 ge-0/0/0.0 Full 10.206.155.171 1 36
172.16.65.1 ge-0/0/1.0 Full 10.206.155.172 1 32
The only information missing from the show ospf neighbor command output is the information of the DR (designated router) and BDR (backup designated router). This information can be retrieved from the command show ospf interface. Also, the command shows the OSPF area of which the interfaces are connected:
net-admin@noc> show ospf interface
Interface State Area DR ID BDR ID Nbrs
ge-0/0/0.0 DR 0.0.0.0 10.206.155.171 10.206.155.173 1
ge-0/0/1.0 BDR 0.0.0.0 10.206.155.172 10.206.155.171 1
The command to display the OSPF routing table is show route protocol ospf. Note the * indicates that the route is active and valid. It is the best route and will be placed in the router’s forwarding table. Some of the routes may be in the routing table, but might not be used because they are not the best routes:
net-admin@noc> show route protcol ospf
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.1.0/24 *[OSPF/30] 9w6d 11:15:25, metric 2
> to 172.16.64.1 via ge-0/0/0.0
172.16.20.0/24 *[OSPF/30] 9w6d 11:15:25, metric 2
> to 172.16.64.1 via ge-0/0/0.0
192.168.2.1/32 *[OSPF/30] 9w6d 11:15:25, metric 2
> to 172.16.64.1 via ge-0/0/0.0
As we learned earlier of how to adjust the OSPF interface cost on a Cisco router, there is also a way on a Juniper router to manually adjust or assign a cost or metric to a particular interface or a path segment to control the flow of the traffic. This is accomplished by way of setting a metric using the set metric value command, as demonstrated in the following example. In this case, the metric is being set to 5:
net-admin@noc> configure
[edit]
net-admin@noc# edit protocols ospf area 0.0.0.0 interface ge-0/0/0.0
[edit protocols ospf area 0.0.0.0 interface ge0/0/0.0]
net-admin@noc# set metric 5
set metric value
The command for setting the metric value in OSPF.
The same caution still applies when adjusting the routing metric manually in that one must understand the topology of the network before making any changes. For example, a route could be preferred via a path with hop counts. One must be careful and verify all the routing associated with the change.
The next example examines configuring the IS-IS routing protocol for the Juniper router that has two gigabit Ethernet interfaces. You must be in the [edit] mode, so enter the configure command. The IS-IS routing is configured under the protocols section.
By default, all interfaces specified as IS-IS interfaces on Juniper routers are both Level 1 and Level 2. To enforce the level, a non-desired level can be disabled on the interface. The following script is an example of configuring the IS-IS routing protocol on interface ge-0/0/0.0 and interface ge-0/0/1.0, where only IS-IS level 1 is enforced. Therefore, IS-IS level 2 is disabled:
net-admin@noc> configure
[edit]
protocols {
isis {
interface ge-0/0/0.0 {
}
interface ge-0/0/1.0 {
level 2 disable;
}
}
}
set protocols isis interface interface
The command for setting the protocol to IS-IS.
Another way to configure the same information for IS-IS is shown next. This example produces the same result as previously presented, except everything is entered at the command line. Enter the [edit] mode by using the configure command. Next, enter the set protocols isis interface command followed by the desired settings for the interface. In this case, the desired settings are isis interface ge-0/0/0.0. The set protocols command and desired settings must be repeated for each interface:
net-admin@noc> configure
[edit]
user@host# set protocols isis interface ge-0/0/0.0
[edit]
user@host# set protocols isis interface ge-0/0/1.0 level 2 disable
The next step is to enable the ISO protocol family on the physical interfaces. ISO must be enabled on all interfaces that will run IS-IS. This is configured under the section interfaces. The following is the configuration script to enable ISO on the interfaces ge-0/0/0.0 and ge-0/0/1.0:
net-admin@noc> configure
[edit]
interfaces {
ge-0/0/0 {
unit 0 {
family iso;
}
}
ge-0/0/1 {
unit 0 {
family iso;
}
}
}
The following is the example of how to enable the ISO protocol family via the CLI interface. This same result can be obtained by entering the following set of commands via the CLI interface:
net-admin@noc> configure
[edit]
user@host# set interfaces ge-0/0/0 unit 0 family iso
[edit]
user@host# set interfaces ge-0/0/1 unit 0 family iso
The last step is to assign the NET address to one of the router’s interfaces. Usually, a loopback interface is used. The NET address is part of the family ISO configuration. The following is the command set that will assign a NET address to the loopback 0 interface. The show interfaces lo0 command displays the configuration that was entered:
net-admin@noc> configure
[edit]
user@host# set interfaces lo0 unit 0 family iso address 49.0001.
c190.00e8.0000.00
[edit]
user@host# show interfaces lo0
unit 0 {
family inet {
address 172.16.0.1/32;
}
family iso{
address 49.0001.c190.00e8.0000.00;
}
}
The configuration will need to be committed before it takes effect. Enter the command sequence commit and- quit to save the configuration and exit the configuration mode:
[edit]
net-admin@noc# commit and- quit
commit complete
exiting configuration mode
net-admin@noc>
To view the IS-IS adjancency status and its connected IS-IS adjacent routers, use the show isis adjancency command. The command shows the adjacent routers via their names and their IS-IS level. This command is analogous to the show ospf neighbor in Cisco:
net-admin@noc> show isis adjancency
IS-IS adjancency database:
Interface System L State Hold (secs) SNPA
ge-0/0/0.0 RouterX 2 Up 18 0:a:24:b1:21:11
ge-0/0/1.0 RouterY 1 Up 10 0:a:24:b1:22:11
show isis adjancency
The command used to view the IS-IS adjacency status and its connected IS-IS adjacent routers.
The command to display the IS-IS routing table is show route protocol isis:
net-admin@noc> show route protcol isis
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.1.0/24 *[IS-IS/18] 9w6d 11:15:25, metric 20
> to 172.16.64.1 via ge-0/0/0.0
172.16.20.0/24 *[IS-IS/18] 9w6d 11:15:25, metric 20
> to 172.16.64.1 via ge-0/0/0.0
192.168.2.1/32 *[IS-IS/18] 9w6d 11:15:25, metric 10
> to 172.16.64.1 via ge-0/0/0.0
Table 4-3 provides a summary of the commands and prompts discussed in this section.
Table 4-3. Section 4-3 Command/Prompt Summary
Command |
Description |
net-admin@noc# edit routing-options static |
This command places you in the mode to configure the static route. |
net-admin@noc# # set route 172.16.32.0/24 next-hop 172.16.64.1 |
This command specifies the destination IP address / {subnet – CIDR} and next-hop address. |
net-admin@noc# # show route protocol static |
This command only displays the static routes. |
del |
The command used to delete a route. |
{master}[edit] net-admin@noc# edit protocols rip |
Places you in the mode to configure RIP. |
{master}[edit protocols rip] net-admin@noc# # set group rip_group1 neighbor ge-0/0/0.0 |
Defines the RIP group and places the interfaces that will be participating in RIP routing in the group. |
net-admin@noc# # show rip neighbor |
Command used to display RIP neighbors. |
{master}[edit policy-options] |
The prompt for entering routing policies. |
set protocols ospf area area interface interface hello-interval seconds dead-interval seconds |
Command used to place the router in the mode to configure OSPF. |
set protocols isis interface (interface) |
Command used to place the router in the mode to configure IS-IS. |
Juniper takes a different approach when it comes to route redistribution. There is no redistribute command in the JUNOS software. Unlike Cisco, where a route distribution is done in a routing process, Juniper uses its routing policy to inject routing protocols. This procedure is the same for any of the routing protocols supported by JUNOS. Juniper’s routing policy can be used to control or filter routes, and this is a straightforward process.
The first step in this process is to configure a routing policy to accept a routing protocol that will be injected or redistributed. Next, the routing policy is applied to a routing protocol as an export. JUNOS uses these same steps when a Juniper router is configured to advertise RIP routes. To allow static route injection, a routing policy has to be created to advertise static routes.
The following example shows steps on how to configure a routing policy to accept static routes. The first step is to enter the configuration mode and the edit mode on the router. The command edit policy-options is entered and the prompt changes to [edit policy-options]. The policy is next entered using the set policy-statement command. A policy can have more than one “term.” Each term defines a matched condition and an action. This way, a single policy with multiple matched conditions and actions can be implemented. In this case, the policy name is advertise_static, and it contains one term called 1. The term 1 is to accept any network that comes from static protocol. The show command lists the values assigned by the set-policy-statement. The changes are then saved using the command commit and- quit.
{master}[edit]
net-admin@noc# configure
Entering configuration mode
{master}[edit]
net-admin@noc# edit policy-options
{master}[edit policy-options]
net-admin@noc# set policy-statement advertise_static term 1 from
protocol then accept
{master}[edit policy-options]
net-admin@noc# show
policy-statement advertise_static{
term 1{
from protocol static;
then accept;
}
}
{master}[edit policy-options]
net-admin@noc# commit and- quit
commit complete
exiting configuration mode
edit policy-options
The command used to enter the mode so the set policy statement can be entered.
set policy-statement
The command for setting a routing policy.
Now, a routing policy to advertise static routes is ready. The other routing protocols can be configured in a similar manner. Before we proceed, let’s look at the routing policies for redistributing other routing protocols. The following are scripts that are used to set the policy statements for ISIS, OSPF, RIP, and static routing. Similar to the advertise_static policy, a policy called advertise_connected is created with a single term called 1. The term is to accept any network that is directly connected. Similarly, a policy called advertise_isis is also created with a single term to accept any network learned from IS-IS protocol. With OSPF, a policy is called advertise_ospf. It contains a single term called 1, which is used to accept any network that is learned via the OSPF backbone area 0. The last policy is advertise_rip, which was used in the RIP routing section.
{master}[edit policy-options]
net-admin@noc# # show
policy-statement advertise_connected{
term 1{
from protocol direct;
then accept;
}
}
policy-statement advertise_isis{
term 1{
from protocol isis;
then accept;
}
}
policy-statement advertise_ospf{
term 1{RIP
from {
protocol ospf;
area 0.0.0.0;
}
then accept;
}
}
policy-statement advertise_rip{
term 1{
from protocol rip;
then accept;
}
}
The next step is to apply a routing policy to a routing protocol. The following example demonstrates how to apply the policy statement advertise_static to the OSPF routing protocol. The command top takes the user out of the current configuration section and back to the top of the configuration mode. The policy is then applied with the command export under the protocol ospf section. The command set ospf export advertise_static is issued from the configuration mode to apply the policy. The show command is used to verify the configuration under the protocol ospf section. Note the entry under ospf{ lists export advertise_static.
net-admin@noc# # top
{master}[edit]
net-admin@noc# # edit protocol
{master}[edit protocol]
net-admin@noc# # set ospf export advertise_static
{master}[edit protocol]
net-admin@noc# # show
ospf {
export advertise_static
area 0.0.0.0 {
interface ge-0/0/0.0;
interface ge-0/1/0.0;
}
}
top
Takes the user out of the current configuration section and back to the top of the configuration mode.
export
The command used to apply a policy.
The following are static routes on Router noc. These are the routes that are injected into OSPF area 0, as shown in the preceding OSPF configuration. Its neighboring OSPF routers will be receiving these routes. In this example, its OSPF neighbor is Router boc:
net-admin@noc# # show route protocol static
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.30.0/24 *[Static/5] 14w1d 22:09:22
> to 172.16.65.1 via ge-0/0/0.0
172.16.31.0/24 *[Static/5] 20w3d 15:07:25
> to 172.16.64.1 via ge-0/0/1.0
To verify the redistributed static routes, the command show route 172.16/16 is issued on Router boc to verify all the routes for network CIDR 172.16.0.0/16.
net-admin@boc> show route 172.16/16
inet.0: 28 destinations, 30 routes (28 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.30.0/24 *[OSPF /150] 00:01:00, metric 2, tag 0
> to 10.0.10.2 via ge-0/1/0.0
192.168.31.0/24 *[OSPF/150] 00:01:00, metric 2, tag 0
> to 10.0.10.2 via ge-0/1/0.0
Indeed, these routes are shown in Router boc’s routing table as OSPF routes. These routes now have the preference value of 150, which is a value for OSPF external route. Note that there are no special configurations needed at Router boc. It is just another OSPF router in the backbone area 0. All the configurations are done at Router noc, because it is the redistribution point of other routing protocol into the OSPF backbone.
Table 4-4 provides a summary of the commands and prompts discussed in this section.
Table 4-4. Section 4-4 Command/Prompt Summary
Command |
Description |
set policy-statement parameters |
The command for setting a routing policy. |
set ospf export advertise_static |
This command is used to apply the policy. |
edit policy-options |
The command used to enter the mode so the set policy statement can be entered. |
set policy-statement |
The command for setting a routing policy. |
top |
Takes the user out of the current configuration section and back to the top of the configuration mode. |
export |
The command used to apply a policy. |
This chapter presented an overview of using the JUNOS operating system to configure Juniper routers. Although there are some similarities to Cisco routers, there are also distinct differences. The concepts the student should understand include the following:
• Understand and identify the difference between the operational and configuration modes
• Understand the basic steps for working in the operational mode
• Understand the steps for configuring the router’s interface
• Explain how to configure static, RIP, OSPF, and IS-IS routing
• Understand the steps for route redistribution
1. What is the first mode encountered after logging in to the Juniper router?
2. What does the {master} prompt indicate in JUNOS?
3. What does the net-admin@noc> prompt indicate in JUNOS?
4. What is the help command in JUNOS?
5. What is the command used to display the Juniper router current configuration?
Show the proper prompt for the command.
6. The following is displayed after entering the show configuration command.
{master}
net-admin@noc>show configuration
version 7.6R2.6;
groups {
re0 {
system {
host-name checs-atm-re0;
backup-router 10.10.20.250 destination 10.10.10.5/24;
}
}
}
What does re0 { represent?
7. What command displays the router’s current configuration?
8. What command lists the software suites installed on a Juniper router?
9. The command show configuration is issued on a Juniper router. The following is part of the information displayed.
interfaces {
fxp1 {
description "Out of Band Management interface
re0";
unit 0 {
family inet;
What does the statement, “Out of Band Management” indicate?
10. What is a management Ethernet interface?
11. What is an internal Ethernet interface?
12. What are transient interfaces?
13. What is the command for displaying the router interfaces and their status?
14. What is the command sequence to change the hostname on a Juniper router to Piyasat?
15. Can the following command sequence be used to change the IP address on a Juniper router interface?
net-admin@noc> configure
[edit]
net-admin@noc>#edit interfaces ge-0/0/0
[edit interfaces ge-0/0/0]
net-admin@noc>#edit unit 0
[edit interfaces ge-0/0/0 unit 0]
net-admin@noc>#edit family inet
[edit interfaces ge-0/0/0 unit 0 family inet]
net-admin@noc>#set address 192.168.1.1/24
[edit interfaces ge-0/0/0 unit 0 family inet]
net-admin@noc>#
16. A Juniper router has been assigned the IP address 192.168.12.1 to its ge-0/0/1 interface. This is to be the preferred IP address. An IP address of 192.168.22.1 is to be the secondary IP address. List the command sequence to configure the preferred route off the ge-0/0/1.
17. The hostname for a Juniper router has been entered. What is the command that is used to save the changes? List the command, the prompt, and the mode.
18. The show interfaces command is entered. What does the following mean?
Physical interface: ge-0/0/0, Enabled, Physical link is Up
19. What is the meaning of the ge-#/#/# notation for the physical interfaces on a juniper router?
20. What prompts are displayed after entering the edit mode on a Juniper router?
21. What command places you in the mode to configure the static route?
22. What prompts are displayed after entering the edit routing-options static command?
23. You are configuring a static route on a Juniper router. The destination network is 192.168.12.0, the subnet mask is 255.255.255.192, and the next hop address is 10.10.200.2. Specify the command for configuring the static route.
24. What is the command for setting the default gateway to 10.10.200.2?
25. List the command used to delete or remove the static route to the destination network 192.168.12.0, the subnet mask is 255.255.255.192, and the next hop address is 10.10.200.2.
26. The following command is entered:
net-admin@noc# # set route 192.168.10.0/24 reject
What does this do?
27. List the command used to enter the mode to configure RIP routing. Indicate the mode and prompt along with the command.
28. What is the command that joins the interface ge-0/0/0 to the rip_group1?
29. What is the command for configuring the Juniper router to run RIPv2?
30. List the command used to save the configuration file in JUNOS.
31. List the command used to save the configuration file and quit.
32. The following information is entered on a Juniper router. What does this mean?
33. List the script entry for setting the dead interval for OSPF to 40 seconds.
34. List the command used at the command-line interface for setting OSPF to run on the ge-0.0.1.0 interface.
Use an area of 0.0.0.0, a hello interval of 10, and a dead interval of 40.
35. List the command and the prompt for displaying the Interface Address, Interface, State, Router ID, Router priority, and Dead Timer in OSPF.
36. What command can be used to display the backup designated router in OSPF? List the command and the prompt.
37. What command can be used to display the designated router in OSPF? List the command and the prompt.
38. What level are interfaces in IS-IS on a Juniper router?
39. List the command-line sequence to enable the IS-IS protocol on the ge-0/0/0 interface.
40. List the command-line sequence to set the NET address to one of the router’s interfaces to
49.0002.d111.00e3.0000.00.
41. List the prompt and the command to display the IS-IS routing table.
42. List the prompt and the command to view the IS-IS adjacency status and its connected IS-IS adjacent routers.
43. How does Juniper establish route redistribution on a router?
44. What is the purpose of the following command?
net-admin@noc# set policy-statement advertise_static term 1 from
protocol then accept
45. Create a script that will define a policy that advertises connected with the single-term “2.” List the script.
46. What command in JUNOS takes the user out of the current configuration section and back to the top of the configuration mode?
47. A Juniper router is running OSPF. List the command that is used to apply a static policy.
48. What does the following script do?
policy-statement advertise_ospf{
term 1{RIP
from {
protocol ospf;
area 0.0.0.0;
}
then accept;
}
}
49. What does the following script do?
policy-statement advertise_rip{
term 1{
from protocol rip;
then accept;
}
}
50. What command is used to apply a policy in JUNOS?
51. The following information is displayed. What do metric 4, metric 2, and metric 1 mean?
net-admin@noc# # show route protocol rip
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0
hidden)
+ = Active Route, - = Last Active, * = Both
172.16.1.0/24 [RIP/100] 00:03:03, metric 2
> via ge-0/0/0.0
172.16.20.0/24 [RIP/100] 00:03:38, metric 2
> via ge-0/0/0.0
192.168.2.0/24 [RIP/100] 00:04:27, metric 4
> via ge-0/0/0.1
224.0.0.9/32 [RIP/100] 00:03:19, metric 1
> MultiRecv
52. Issue the command to set OSPF to run on the ge-0.0.0.0 interface. Use an area of 0.0.0.0 and a metric of 10. List the command and the prompt.
53. List the script to disable the level 2 interface on the ge-0/0/0.0 interface.
54. The following information is displayed after entering the show interfaces command. Describe what information is displayed.
net-admin@noc>show interfaces
Physical interface: at-0/1/0, Enabled, Physical link is Up
Interface index: 11, SNMP ifIndex: 65
Link-level type: ATM-PVC, MTU: 4482, Clocking: Internal, SONET
mode
Speed: OC12, Loopback: None, Payload scrambler: Enabled
Device flags : Present Running
Link flags : 0x01
55. Provide the OSPF configuration for RouterJuniper and RouterCisco in order to connect them to the OSPF backbone 0. The following are their interfaces configuration:
RouterJuniper:
interfaces {
ge-0/0/0 {
description "Connection to RouterCisco";
unit 0 {
family inet {
address 192.168.145.45/30;
}
}
}
ge-0/1/0 {
description "Network 10";
unit 0 {
family inet {
address 10.206.0.1/16;
}
}
}
}
RouterCisco:
!
interface GigabitEthernet0/1/1
description Connection to RouterJuniper
ip address 192.168.145.46 255.255.255.252
negotiation auto
!
!
interface GigabitEthernet0/1/2
description Network 172
ip address 172.16.0.1 255.255.252.0
negotiation auto
!