Difference between revisions of "Juniper"

From WTFwiki
Jump to navigation Jump to search
(add some firewalling links)
Line 63: Line 63:
 
</nowiki></pre>
 
</nowiki></pre>
  
= VLANs =
+
== Firewall / Packet Filtering ==
== Generic Info ==
+
* [http://www.juniper.net/techpubs/en_US/junos10.1/topics/concept/firewall-filter-ex-series-overview.html#jd0e30 TechDoc: Firewall Filters for EX Series Switches Overview]
 +
* [https://www.juniper.net/techpubs/en_US/junos10.1/topics/reference/general/firewall-filter-ex-series-statements-supported.html TechDoc: Firewall Filter Configuration Statements Supported by JUNOS Software for EX Series Switches]
 +
* [https://www.juniper.net/techpubs/en_US/junos10.1/topics/example/firewall-filter-ex-series-configuring.html TechDoc: Example: Configuring Firewall Filters for Port, VLAN, and Router Traffic on EX Series Switches]
 +
 
 +
== VLANs ==
 +
=== Generic Info ===
 
* [http://www.juniper.net/techpubs/en_US/junos10.0/topics/concept/bridging-ex-series-understanding.html TechDoc: Understanding Bridging and VLANs on EX Series Switches]
 
* [http://www.juniper.net/techpubs/en_US/junos10.0/topics/concept/bridging-ex-series-understanding.html TechDoc: Understanding Bridging and VLANs on EX Series Switches]
  
== Tag Swapping (VLAN Translation) ==
+
=== Tag Swapping (VLAN Translation) ===
 
* [http://kb.juniper.net/InfoCenter/index?page=content&id=KB16755&cat=JUNOS_EX&actp=LIST KB article: VLAN Translation on EX3200/EX4200]
 
* [http://kb.juniper.net/InfoCenter/index?page=content&id=KB16755&cat=JUNOS_EX&actp=LIST KB article: VLAN Translation on EX3200/EX4200]
 
* [http://www.juniper.net/techpubs/en_US/junos10.0/topics/reference/configuration-statement/mapping-bridging-ex-series.html TechDoc: "mapping"]
 
* [http://www.juniper.net/techpubs/en_US/junos10.0/topics/reference/configuration-statement/mapping-bridging-ex-series.html TechDoc: "mapping"]
  
== QinQ / Stacked Tags ==
+
=== QinQ / Stacked Tags ===
 
* [http://www.juniper.net/techpubs/en_US/junos10.0/topics/concept/qinq-tunneling-ex-series.html TechDoc: Understanding Q-in-Q Tunneling on EX Series Switches]
 
* [http://www.juniper.net/techpubs/en_US/junos10.0/topics/concept/qinq-tunneling-ex-series.html TechDoc: Understanding Q-in-Q Tunneling on EX Series Switches]
 
* [http://www.juniper.net/techpubs/en_US/junos10.0/topics/example/qinq-tunneling-ex-series.html TechDoc: Example: Setting Up Q-in-Q Tunneling on EX Series Switches]
 
* [http://www.juniper.net/techpubs/en_US/junos10.0/topics/example/qinq-tunneling-ex-series.html TechDoc: Example: Setting Up Q-in-Q Tunneling on EX Series Switches]
 
* [http://www.juniper.net/techpubs/en_US/junos10.0/topics/task/configuration/qinq-tunneling-ex-series-cli.html TechDoc: Configuring Q-in-Q Tunneling (CLI Procedure)]
 
* [http://www.juniper.net/techpubs/en_US/junos10.0/topics/task/configuration/qinq-tunneling-ex-series-cli.html TechDoc: Configuring Q-in-Q Tunneling (CLI Procedure)]
 
* [http://www.juniper.net/techpubs/en_US/junos10.0/topics/task/verification/qinq-tunneling-status-ex-series.html TechDoc: Verifying That Q-in-Q Tunneling Is Working]
 
* [http://www.juniper.net/techpubs/en_US/junos10.0/topics/task/verification/qinq-tunneling-status-ex-series.html TechDoc: Verifying That Q-in-Q Tunneling Is Working]

Revision as of 09:37, 12 December 2010

EX Switches

Helpful shell commands

ifmon

Time-elapsing interface counters: i/o bytes, i/o packets, errors, etc.
Pass the interface name when calling the command.

Usage: ifmon [-v] [-JL <lrname>] [interface]

What do the other flags do..?

iftop

Time-elapsing overview of interface counters: for all interfaces
Gives each port's rate in pps or bps, etc.

Usage: iftop [-v] [-d]

  • -v : shows version
  • -d : same as running without arguments, but adds interface descriptions

mtr

Yes.. Juniper actually includes mtr: pass it a hostname, watch a time-lapse
traceroute occur. Lookup the details online; widely available tool.

tcpdump

Juniper includes a modified version of tcpdump; again, look it up elsewhere.

Semi-hidden debug interfaces

lcdd: Line Card Daemon

"lcdd" from a shell (not the cli) connects you to various other parts of the switch,
including the software forwarding infrastructure (sfid), chassis manager (chassism),
and the virtual chassis system (vccpd). You don't need to be root to get into these.
The general idea is:

 > lcdd 0 <area>

Where area is one of the above/below items. The digit (0) is the FPC slot number. EX switches only have FPC0.

sfid: Software Forwarding Infrastructure

chassism: Chassis Manager

vccpd: Virtual Chassis'

vty: Shell out to other parts of the system

"vty fpc0": connect to PFE


root@3200-24t:RE:0% vty fpc0


BSD platform (MPC 8544 processor, 48MB memory, 0KB flash)

PFEM0(vty)# show version

Juniper Embedded Microkernel Version 10.1R1.8
Built by builder on 2010-02-12 17:42:57 UTC
Copyright (C) 1998-2010, Juniper Networks, Inc.
All rights reserved.


BSD platform (MPC 8544 processor, 48MB memory, 0KB flash)
Current time   : Fri Nov 19 14:36:37 2010

Elapsed time   :      15+01:46:39

Firewall / Packet Filtering

VLANs

Generic Info

Tag Swapping (VLAN Translation)

QinQ / Stacked Tags