ex configs all

Complete Software Guide for JUNOS for EX-series Software, Release 9.0

Juniper Networks, Inc.1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000

www.juniper.netPart Number: , Revision R1

This product includes the Envoy SNMP Engine, developed by Epilogue Technology, an Integrated Systems Company. Copyright 1986-1997, Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part of them is in the public domain. This product includes memory allocation software developed by Mark Moraes, copyright 1988, 1989, 1993, University of Toronto. This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation and software included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California. Copyright 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved. GateD software copyright 1995, the Regents of the University. All rights reserved. Gate Daemon was originated and developed through release 3.0 by Cornell University and its collaborators. Gated is based on Kirtons EGP, UC Berkeleys routing daemon (routed), and DCNs HELLO routing protocol. Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD software copyright 1988, Regents of the University of California. All rights reserved. Portions of the GateD software copyright 1991, D. L. S. Associates. This product includes software developed by Maker Communications, Inc., copyright 1996, 1997, Maker Communications, Inc. Juniper Networks, the Juniper Networks logo, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOS and JUNOSe are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785. JUNOS for EX-series Software Complete Software Guide for JUNOS for EX-series Software, Release 9.0 Copyright 2008, Juniper Networks, Inc. All rights reserved. Printed in USA. Writing: Appumon Joseph, Aviva Garrett, Bhargava Y.P, Brian Deutscher, Hareesh Kumar K N, Janet Bein, Keldyn West, Regina Roman, Vinita Kurup Editing: Cindy Martin Illustration: Faith Bradford Brown Cover Design: Christine Nay Revision History 15 March 2008Revision R1 The information in this document is current as of the date listed in the revision history. YEAR 2000 NOTICE Juniper Networks hardware and software products are Year 2000 compliant. The JUNOS software has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036. SOFTWARE LICENSE The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or, to the extent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks. By using this software, you indicate that you understand and agree to be bound by those terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the software and may contain prohibitions against certain uses. The software license may state conditions under which the license is automatically terminated. You should consult the license for further details. For complete product documentation, please see the Juniper Networks Web site at www.juniper.net/techpubs.

ii

End User License AgreementREAD THIS END USER LICENSE AGREEMENT (AGREEMENT) BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE. BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER) CONSENT TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT OR CANNOT AGREE TO THE TERMS CONTAINED HEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS. 1. The Parties. The parties to this Agreement are Juniper Networks, Inc. and its subsidiaries (collectively Juniper), and the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable license(s) for use of the Software (Customer) (collectively, the Parties). 2. The Software. In this Agreement, Software means the program modules and features of the Juniper or Juniper-supplied software, and updates and releases of such software, for which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller. Embedded Software means Software which Juniper has embedded in the Juniper equipment. 3. License Grant. Subject to payment of the applicable fees and the limitations and restrictions set forth herein, Juniper grants to Customer a non-exclusive and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to the following use restrictions: a. Customer shall use the Embedded Software solely as embedded in, and for execution on, Juniper equipment originally purchased by Customer from Juniper or an authorized Juniper reseller. b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units for which Customer has paid the applicable license fees; provided, however, with respect to the Steel-Belted Radius or Odyssey Access Client software only, Customer shall use such Software on a single computer containing a single physical random access memory space and containing any number of processors. Use of the Steel-Belted Radius software on multiple computers requires multiple licenses, regardless of whether such computers are physically contained on a single chassis. c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer may specify limits to Customers use of the Software. Such limits may restrict use to a maximum number of seats, registered endpoints, concurrent users, sessions, calls, connections, subscribers, clusters, nodes, realms, devices, links, ports or transactions, or require the purchase of separate licenses to use particular features, functionalities, services, applications, operations, or capabilities, or provide throughput, performance, configuration, bandwidth, interface, processing, temporal, or geographical limits. In addition, such limits may restrict the use of the Software to managing certain kinds of networks or require the Software to be used only in conjunction with other specific Software. Customers use of the Software shall be subject to all such limitations and purchase of all applicable licenses. d. For any trial copy of the Software, Customers right to use the Software expires 30 days after download, installation or use of the Software. Customer may operate the Software after the 30-day trial period only if Customer pays for a license to do so. Customer may not extend or create an additional trial period by re-installing the Software after the 30-day trial period. e. The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customers enterprise network. Specifically, service provider customers are expressly prohibited from using the Global Enterprise Edition of the Steel-Belted Radius software to support any commercial network access services. The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase the applicable license(s) for the Software from Juniper or an authorized Juniper reseller. 4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees not to and shall not: (a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorized copies of the Software (except as necessary for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of the Software, in any form, to any third party; (d) remove any proprietary notices, labels, or marks on or in any copy of the Software or any product in which the Software is embedded; (e) distribute any copy of the Software to any third party, including as may be embedded in Juniper equipment sold in the secondhand market; (f) use any locked or key-restricted feature, function, service, application, operation, or capability without first purchasing the applicable license(s) and obtaining a valid key from Juniper, even if such feature, function, service, application, operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to any third party; (h) use the Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper reseller; (i) use the Embedded Software on non-Juniper equipment; (j) use the Software (or make it available for use) on Juniper equipment that the Customer did not originally purchase from Juniper or an authorized Juniper reseller; (k) disclose the results of testing or benchmarking of the Software to any third party without the prior written consent of Juniper; or (l) use the Software in any manner other than as expressly provided herein. 5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper, Customer shall furnish such records to Juniper and certify its compliance with this Agreement. 6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper. As such, Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence, which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Software for Customers internal business purposes.

iii

7. Ownership. Juniper and Juniper's licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to the Software, associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance of any right, title, or interest in the Software or associated documentation, or a sale of the Software, associated documentation, or copies of the Software. 8. Warranty, Limitation of Liability, Disclaimer of Warranty. The warranty applicable to the Software shall be as set forth in the warranty statement that accompanies the Software (the Warranty Statement). Nothing in this Agreement shall give rise to any obligation to support the Software. Support services may be purchased separately. Any such support shall be governed by a separate, written support services agreement. TO THE MAXIMUM EXTENT PERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR COSTS OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, THE SOFTWARE, OR ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. IN NO EVENT SHALL JUNIPER BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY LAW, JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE), INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOES JUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT ERROR OR INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Junipers or its suppliers or licensors liability to Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid by Customer for the Software that gave rise to the claim, or if the Software is embedded in another Juniper product, the price paid by Customer for such other product. Customer acknowledges and agrees that Juniper has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same reflect an allocation of risk between the Parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss), and that the same form an essential basis of the bargain between the Parties. 9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customers possession or control. 10. Taxes. All license fees for the Software are exclusive of taxes, withholdings, duties, or levies (collectively Taxes). Customer shall be responsible for paying Taxes arising from the purchase of the license, or importation or use of the Software. 11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such restrictions, laws or regulations, or without all necessary approvals. Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customers ability to export the Software without an export license. 12. Commercial Computer Software. The Software is commercial computer software and is provided with restricted rights. Use, duplication, or disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS 227.7201 through 227.7202-4, FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable. 13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customer with the interface information needed to achieve interoperability between the Software and another independently created program, on payment of applicable fee, if any. Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any applicable terms and conditions upon which Juniper makes such information available. 14. Third Party Software. Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose products or technology are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement, and such licensor or vendor shall have the right to enforce this Agreement in its own name as if it were Juniper. In addition, certain third party software may be provided with the Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extent portions of the Software are distributed under and subject to open source licenses obligating Juniper to make the source code for such portions publicly available (such as the GNU General Public License (GPL) or the GNU Library General Public License (LGPL)), Juniper will make such source code portions (including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA 94089, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and a copy of the LGPL at http://www.gnu.org/licenses/lgpl.html. 15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles. The provisions of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputes arising under this Agreement, the Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal courts within Santa Clara County, California. This Agreement constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software, and supersedes all prior and contemporaneous agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writing by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validity of the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and the Parties agree that the English version will govern. (For Canada: Les parties aux prsents confirment leur volont que cette convention de mme que tous les documents y compris tout avis qui s'y rattach, soient redigs en langue anglaise. (Translation: The parties confirm that this Agreement and all related documentation is and will be in the English language)).

iv

Table of ContentsAbout This Topic Collection xxxv How To Use This Guide ..............................................................................xxxv List of EX-series Guides for JUNOS 9.0 .......................................................xxxv Downloading Software ..............................................................................xxxvi Documentation Symbols Key ...................................................................xxxvii Documentation Feedback .......................................................................xxxviii Getting Support .......................................................................................xxxviii

Part 1Chapter 1

JUNOS for EX-series Product OverviewProduct Overview 3

Software Overview ..........................................................................................3 Features in JUNOS Software for EX-series Switches, Release 9.0 ..............3 Hardware ..................................................................................................3 Layer 2 Protocols ......................................................................................4 Layer 3 Protocols ......................................................................................5 Access Control and Port Security ..............................................................5 Firewall Filters ..........................................................................................6 CoS ...........................................................................................................6 Port Mirroring ...........................................................................................6 High Availability ........................................................................................6 Management and RMON ..........................................................................6 Security Features for EX-series Switches Overview ...................................7 High Availability Features for EX-series Switches Overview ......................9 VRRP ........................................................................................................9 Graceful Protocol Restart ........................................................................11 EX 4200 Redundant Routing Engines .....................................................11 EX 4200 GRES ........................................................................................12 Link Aggregation .....................................................................................12 Additional High Availability Features of EX-series Switches ....................12 Understanding Software Infrastructure and Processes ............................13 Routing Engine and Packet Forwarding Engine .......................................13 JUNOS Software Processes ......................................................................14 Supported Hardware .....................................................................................15 EX-series Switch Hardware Overview .....................................................15 EX-series Switch Types ...........................................................................15 EX 3200 Switches ...................................................................................16 EX 4200 Switches ...................................................................................16

Table of Contents

v


Uplink Modules .......................................................................................17 Power over Ethernet (PoE) Ports .............................................................17 EX 3200 Switch Models ..........................................................................17 EX 4200 Switch Models ..........................................................................18

Part 2

Complete Software Configuration Statement Hierarchy and Operational Mode CommandsComplete Software Configuration Statement Hierarchy 23

Chapter 2

[edit access] Configuration Statement Hierarchy ...........................................23 [edit chassis] Configuration Statement Hierarchy ..........................................24 [edit class-of-service] Configuration Statement Hierarchy ..............................24 [edit ethernet-switching-options] Configuration Statement Hierarchy ............25 [edit firewall] Configuration Statement Hierarchy .........................................26 [edit interfaces] Configuration Statement Hierarchy ......................................27 [edit poe] Configuration Statement Hierarchy ...............................................28 [edit protocols] Configuration Statement Hierarchy .......................................29 [edit snmp] Configuration Statement Hierarchy ............................................32 [edit virtual-chassis] Configuration Statement Hierarchy ...............................32 [edit vlans] Configuration Statement Hierarchy .............................................32

Part 3Chapter 3

Software User InterfacesCommand-Line Interface 37

CLI ................................................................................................................37 CLI User Interface Overview ...................................................................37 CLI Overview ..........................................................................................37 CLI Help and Command Completion ......................................................38 CLI Command Modes .............................................................................38 CLI ................................................................................................................39 CLI User Interface Overview ...................................................................39 CLI Overview ..........................................................................................39 CLI Help and Command Completion ......................................................40 CLI Command Modes .............................................................................40 Chapter 4 J-Web Graphical User Interface 43

J-Web Interface .............................................................................................43 J-Web User Interface for EX-series Switches Overview ............................43 Using the CLI Viewer in the J-Web Interface to View Configuration Text ..................................................................................................45 Using the Point and Click CLI Tool in the J-Web Interface to Edit Configuration Text ............................................................................45

vi

Table of Contents

Table of Contents

Using the CLI Editor in the J-Web Interface to Edit Configuration Text ..................................................................................................47 Using the CLI Terminal ...........................................................................48 Understanding J-Web Configuration Tools ..............................................48 Starting the J-Web Interface ....................................................................50 Understanding J-Web User Interface Sessions .........................................51

Part 4Chapter 5

Software Installation, Upgrades, and Initial ConfigurationSoftware Installation and Initial Configuration 55

Software Installation ......................................................................................55 Understanding Software Installation on EX-series Switches ....................55 Overview of the Software Installation Process ........................................56 Installing Software on a Virtual Chassis ...................................................56 Software Package Security ......................................................................56 Troubleshooting Software Installation .....................................................56 Software Installation Package Names ......................................................57 Downloading Software Packages from Juniper Networks ........................57 Installing Software on EX-series Switches with the CLI ...........................58 Installing Software on EX-series Switches with the J-Web Interface ........59 Installing Software Upgrades from a Server with the J-Web Interface .....59 Installing Software Upgrades by Uploading Files with the J-Web Interface ...........................................................................................60 Connecting and Configuring the EX-series Switch (CLI Procedure) ..........61 Connecting and Configuring the EX-series Switch (J-Web Procedure) ......62 Recovering from a Failed Software Upgrade on an EX-series Switch .......65 EX 3200 and EX 4200 Default Configuration ..........................................66 Understanding Configuration Files for EX-series Switches .......................70 Configuration Files Terms .......................................................................71 Uploading a Configuration File (CLI Procedure) .......................................71 Upload a Configuration File with the J-Web Interface ..............................73

Part 5Chapter 6

System BasicsUnderstanding Basic System Concepts 77

Understanding Alarm Types and Severity Levels on EX-series Switches ........77 Chapter 7 Configuring Basic System Functions 79

Configuring Management Access for the EX-series Switch (J-Web Procedure) ..............................................................................................79 Configuring Date and Time for the EX-series Switch (J-Web Procedure) ........81 Generating SSL Certificates to Be Used for Secure Web Access .....................82

Table of Contents

vii


Chapter 8

Administering and Monitoring Basic System Functions

85

Monitoring Hosts Using the J-Web Ping Host Tool .........................................85 Monitoring Switch Control Traffic ..................................................................87 Monitoring Network Traffic Using Traceroute ................................................89 Monitoring System Properties .......................................................................91 Monitoring System Process Information ........................................................92 Rebooting or Halting the EX-series Switch (J-Web Procedure) .......................93 Managing Users (J-Web Procedure) ................................................................94 Managing Log, Temporary, and Crash Files on the Switch (J-Web Procedure) ..............................................................................................96 Cleaning Up Files ...........................................................................................96 Downloading Files .........................................................................................97 Deleting Files .................................................................................................97 Setting or Deleting the Rescue Configuration (CLI Procedure) .......................98 Setting or Deleting the Rescue Configuration (J-Web Procedure) ...................99 Loading a Previous Configuration File (CLI Procedure) ..................................99 Checking Active Alarms with the J-Web Interface ........................................100 Monitoring System Log Messages ................................................................101 Chapter 9 Troubleshooting Basic System Functions 105

Troubleshooting Loss of the Root Password ................................................105 Chapter 10 Operational Mode Commands for 109

clear snmp rmon history ...........................................................................1020 show snmp rmon history ..........................................................................1020

Part 6Chapter 11

Virtual ChassisUnderstanding Virtual Chassis 117

Virtual Chassis Concepts .............................................................................117 Virtual Chassis Overview ......................................................................117 Basic Configuration of a Virtual Chassis with Master and Backup Switches .........................................................................................118 Expanding ConfigurationsWithin a Single Wiring Closet and Across Wiring Closets ................................................................................118 Global Management of Member Switches in a Virtual Chassis ...............118 High Availability Through Redundant Routing Engines .........................119 Adaptability as an Access Switch or Distribution Switch .......................119 Understanding Virtual Chassis Components ..........................................119 Virtual Chassis Ports (VCPs) ..................................................................120 Master Role ...........................................................................................120 Backup Role ..........................................................................................121 Linecard Role ........................................................................................121

viii

Table of Contents

Table of Contents

Member Switch and Member ID ...........................................................122 Mastership Priority ................................................................................122 Virtual Chassis Identifier (VCID) ............................................................123 Understanding How the Master in a Virtual Chassis Is Elected ..............124 Understanding Software Upgrade in a Virtual Chassis ...........................124 Understanding Global Management of a Virtual Chassis .......................125 Understanding Nonvolatile Storage in a Virtual Chassis ........................127 Nonvolatile Memory Features ...............................................................127 Understanding the High-Speed Interconnection of the Virtual Chassis Members ........................................................................................127 Understanding Virtual Chassis and Link Aggregation ............................128 Understanding Virtual Chassis Configuration ........................................129 Understanding Virtual Chassis EX 4200 Switch Version Compatibility ..................................................................................130 Chapter 12 Examples of Configuring Virtual Chassis 131

Virtual Chassis Configuration Examples ......................................................131 Example: Configuring a Virtual Chassis with a Master and Backup in a Single Wiring Closet .......................................................................131 Example: Expanding a Virtual Chassis in a Single Wiring Closet ...........136 Example: Setting Up a Multimember Virtual Chassis Access Switch with a Default Configuration ..................................................................142 Example: Configuring a Virtual Chassis Interconnected Across Multiple Wiring Closets ................................................................................147 Example: Configuring Aggregated Ethernet High-Speed Uplinks Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch ............................................................................................156 Example: Configuring Aggregated Ethernet High-Speed Uplinks with LACP Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch .........................................................................163 Example: Configuring a Virtual Chassis with a Preprovisioned Configuration File ...........................................................................169

Table of Contents

ix


Chapter 13

Configuring Virtual Chassis

181

Virtual Chassis Configuration Tasks .............................................................181 Configuring a Virtual Chassis (J-Web Procedure) ...................................181 Adding a New Switch to an Existing Virtual Chassis (CLI Procedure) .....182 Adding a New Switch to an Existing Virtual Chassis Within the Same Wiring Closet ..................................................................................183 Adding a New Switch from a Different Wiring Closet to an Existing Virtual Chassis ...........................................................................................184 Configuring Mastership of the Virtual Chassis (CLI Procedure) ..............185 Configuring Mastership Using a Preprovisioned Configuration File .......186 Configuring Mastership Using a Nonprovisioned Configuration File ......186 Setting an Uplink Port as a Virtual Chassis Port (CLI Procedure) ............187 Setting an Uplink VCP on the Master or on an Existing Member ...........188 Setting an Uplink VCP on a Standalone Switch .....................................189 Configuring the Virtual Management Ethernet Interface for Global Management of a Virtual Chassis (CLI Procedure) ...........................190 Configuring the Timer for the Backup Member to Start Using Its Own MAC Address, as Master of Virtual Chassis (CLI Procedure) ............191 Chapter 14 Verifying Virtual Chassis 193

Virtual Chassis Verification Tasks ................................................................193 Verifying the Member ID, Role, and Neighbor Member Connections of a Virtual Chassis Member ...............................................................193 Verifying That the Virtual Chassis Ports Are Operational .......................194 Monitoring Virtual Chassis Status and Statistics ....................................195 Command Forwarding Usage with Virtual Chassis ................................196 Replacing a Member Switch of a Virtual Chassis (CLI Procedure) ..........199 Remove, Repair, and Reinstall the Same Switch ...................................200 Remove a Member Switch, Replace with a Different Switch, and Reapply the Old Configuration .....................................................................200 Remove a Member Switch and Make Its Member ID Available for Reassignment to a Different Switch ................................................201 Chapter 15 Troubleshooting Virtual Chassis 203

Troubleshooting a Virtual Chassis ................................................................203 Clear Virtual Chassis NotPrsnt Status and Make Member ID Available for Reassignment .......................................................................................203 Load Factory Default Does Not Commit on a Multi-Member Virtual Chassis ..................................................................................................203 Member ID Persists When Member Switch is Disconnected From Virtual Chassis ..................................................................................................204

x

Table of Contents

Table of Contents

Chapter 16

Configuration Statements for Virtual Chassis

205

Virtual Chassis Configuration Statement Hierarchy .....................................205 [edit chassis] Configuration Statement Hierarchy .................................205 [edit virtual-chassis] Configuration Statement Hierarchy .......................205 Individual Virtual Chassis Configuration Statements ....................................206 mac-persistence-timer ........................................................................1027 mastership-priority .............................................................................1027 member ..............................................................................................1027 no-management-vlan ..........................................................................1027 pre-provisioned ...................................................................................1027 role .....................................................................................................1027 serial-number .....................................................................................1027 traceoptions ........................................................................................1027 virtual-chassis .....................................................................................1027 Chapter 17 Operational Mode Commands for Virtual Chassis 217

Virtual Chassis Commands ..........................................................................217 clear virtual-chassis vc-port statistics .....................................................218 request session member .......................................................................219 request virtual-chassis recycle .............................................................1020 request virtual-chassis vc-port .............................................................1020 request virtual-chassis vc-port .............................................................1020 request virtual-chassis renumber ..........................................................225 show system uptime .............................................................................226 show virtual-chassis active topology .....................................................228 show virtual-chassis status ....................................................................230 show virtual-chassis vc-port ..................................................................232 show virtual-chassis vc-port statistics ....................................................235

Part 7Chapter 18

InterfacesUnderstanding Interfaces 239

EX-series Switches Interfaces Overview ......................................................239 Network Interfaces ......................................................................................239 Special Interfaces ........................................................................................240 Understanding Interface Naming Conventions on EX-series Switches .........241 Physical Part of an Interface Name .............................................................241 Logical Part of an Interface Name ...............................................................242 Wildcard Characters in Interface Names .....................................................243 Understanding Aggregated Ethernet Interfaces and LACP ...........................243 Link Aggregation Group (LAG) .....................................................................243 Link Aggregation Control Protocol (LACP) ...................................................244

Table of Contents

xi


Chapter 19

Examples of Configuring Interfaces

245

Example: Configuring Aggregated Ethernet High-Speed Uplinks Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch ...................................................................................................245 Example: Configuring Aggregated Ethernet High-Speed Uplinks with LACP Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch ...................................................................................................252 Chapter 20 Configuring Interfaces 257

Configuring Gigabit Ethernet Interfaces (J-Web Procedure) ..........................257 Configuring Gigabit Ethernet Interfaces on EX-series Switches (CLI Procedure) ............................................................................................261 Configuring VLAN Options and Port Mode ..................................................261 Configuring the Link Settings .......................................................................261 Configuring the IP Options ..........................................................................262 Configuring Aggregated Ethernet Interfaces on EX-series Switches (CLI Procedure) ............................................................................................263 Configuring Link Aggregation (J-Web Procedure) .........................................264 Configuring Aggregated Ethernet LACP on EX-series Switches (CLI Procedure) ............................................................................................266 Chapter 21 Verifying Interfaces 267

Monitoring Interface Status and Traffic .......................................................267 Verifying the Status of a LAG Interface ........................................................268 Verifying That LACP Is Configured Correctly and Bundle Members Are Exchanging LACP Protocol Packets .......................................................268 Verifying the LACP Setup ............................................................................268 Verifying That the LACP Packets are Being Exchanged ................................269 Chapter 22 Troubleshooting Interfaces 271

Troubleshooting an Aggregated Ethernet Interface ......................................271 Troubleshooting Disabled or Down Interfaces .............................................271 Disabled ports on EX 3200 switches with a 4-port Gigabit Ethernet uplink module (EX-UM-4SFP) installed .............................................................271 Port Role Configuration with the J-Web InterfaceCLI Reference ...............272 Chapter 23 Configuration Statements for Interfaces 277

Interface Configuration Statement Hierarchy ..............................................277 [edit interfaces] Configuration Statement Hierarchy .............................277 Individual Interface Configuration Statements .............................................278 802.3ad ..............................................................................................1027 auto-negotiation ..................................................................................1027 description ..........................................................................................1027

xii

Table of Contents

Table of Contents

ether-options ......................................................................................1027 family .................................................................................................1027 filter ....................................................................................................1027 flow-control ........................................................................................1027 l3-interface ..........................................................................................1027 lacp .....................................................................................................1027 link-mode ...........................................................................................1027 members ............................................................................................1027 mtu .......................................................................................................287 native-vlan-id ......................................................................................1027 periodic ..............................................................................................1027 port-mode ...........................................................................................1027 speed ..................................................................................................1027 translate ..............................................................................................1027 unit .....................................................................................................1027 vlan .....................................................................................................1027 Chapter 24 Operational Mode Commands for Interfaces 295

show interfaces ...........................................................................................296 show interfaces ...........................................................................................306 show interfaces diagnostics optics ...............................................................317

Part 8Chapter 25

Layer 2 Bridging, VLANs, and Spanning TreesUnderstanding Layer 2 Bridging, VLANs, and GVRP 323

Understanding Bridging and VLANs on EX-series Switches ..........................323 Ethernet LANs, Transparent Bridging, and VLANs .......................................323 How Bridging Works ...................................................................................324 Types of Switch Ports ..................................................................................326 IEEE 802.1Q Encapsulation and Tags ..........................................................326 Assignment of Traffic to VLANs ...................................................................326 Bridge Tables ...............................................................................................327 Layer 2 and Layer 3 Forwarding of VLAN Traffic .........................................327 GVRP ...........................................................................................................327 Routed VLAN Interface ................................................................................327 Chapter 26 Examples of Configuring Layer 2 Bridging, VLANs, and GVRP 329

Example: Setting Up Basic Bridging and a VLAN for an EX-series Switch ....329 Example: Setting Up Bridging with Multiple VLANs for EX-series Switches ...............................................................................................336 Example: Connecting an Access Switch to a Distribution Switch .................345 Example: Configure Automatic VLAN Administration Using GVRP ..............355

Table of Contents

xiii


Chapter 27

Configuring Layer 2 Bridging, VLANs, and GVRP

365

Configuring VLANs for EX-Series Switches (J-Web Procedure) .....................365 Configuring Routed VLAN Interfaces for EX-series Switches (CLI Procedure) ............................................................................................367 Configuring MAC Table Aging on EX-series Switches (CLI Procedure) ..........368 Chapter 28 Understanding Spanning Trees 369

Understanding RSTP for EX-series Switches ................................................369 Understanding MSTP for EX-series Switches ...............................................370 Understanding STP for EX-series Switches ..................................................371 Chapter 29 Examples of Configuring Spanning Trees 373

Example: Configuring Faster Convergence and Improving Network Stability with RSTP on EX-series Switches ..........................................................373 Example: Configuring Network Regions for VLANs with MSTP on EX-series Switches ...............................................................................................381 Chapter 30 Configuration Statements for Bridging, VLANs, and Spanning Trees

405

[edit vlans] Configuration Statement Hierarchy ...........................................405 [edit interfaces] Configuration Statement Hierarchy ....................................405 [edit protocols] Configuration Statement Hierarchy .....................................406 bridge-priority .............................................................................................410 cost .............................................................................................................411 description ..................................................................................................412 disable .........................................................................................................412 disable .........................................................................................................428 edge ............................................................................................................414 ethernet-switching-options ........................................................................1011 filter ..........................................................................................................1027 forward-delay ..............................................................................................417 group-name .................................................................................................514 gvrp .............................................................................................................419 hello-time ....................................................................................................420 interface ......................................................................................................421 interface ......................................................................................................515 interface ......................................................................................................423 join-timer ....................................................................................................424 l3-interface ................................................................................................1027 leaveall-timer ...............................................................................................425 leave-timer ..................................................................................................426 mac-table-aging-time .................................................................................1027 max-age ......................................................................................................428 members ...................................................................................................1027 mode ...........................................................................................................430

xiv

Table of Contents

Table of Contents

mstp ............................................................................................................431 native-vlan-id .............................................................................................1027 port-mode .................................................................................................1027 priority ........................................................................................................434 redundant-trunk-group ................................................................................516 rstp ..............................................................................................................436 stp ...............................................................................................................437 translate ....................................................................................................1027 vlan ...........................................................................................................1027 vlan-id .......................................................................................................1027 vlans .........................................................................................................1027 Chapter 31 Operational Mode Commands for Bridging, VLANs, and Spanning Trees

443

clear gvrp statistics ......................................................................................444 clear spanning-tree statistics .......................................................................445 show ethernet-switching interfaces .............................................................446 show ethernet-switching mac-learning-log ...................................................449 show ethernet-switching table .....................................................................451 show gvrp ...................................................................................................456 show gvrp statistics .....................................................................................458 show redundant-trunk-group .......................................................................518 show spanning-tree bridge ..........................................................................461 show spanning-tree interface ......................................................................464 show spanning-tree mstp configuration .......................................................468 show spanning-tree statistics .......................................................................469 show vlans ..................................................................................................470

Part 9Chapter 32

Layer 3 ProtocolsUnderstanding Layer 3 Protocols 477

DHCP Services for EX-series Switches Overview .........................................477 Chapter 33 Configuring Layer 3 Protocols 479

Configuring BGP Sessions (J-Web Procedure) ...............................................479 Configuring DHCP Services (J-Web Procedure) ............................................480 Configuring an OSPF Network (J-Web Procedure) ........................................483 Configuring a RIP Network (J-Web Procedure) .............................................484 Configuring SNMP (J-Web Procedure) ..........................................................485 Configuring Static Routing (CLI Procedure) ..................................................488 Configuring Static Routes (J-Web Procedure) ...............................................488

Table of Contents

xv


Chapter 34

Verifying Layer 3 Protocols Monitoring Monitoring Monitoring Monitoring Monitoring

491

BGP Routing Information ..........................................................491 DHCP Services ..........................................................................493 OSPF Routing Information ........................................................494 RIP Routing Information ...........................................................497 Routing Information ..................................................................498

Part 10Chapter 35

Redundant Trunk GroupsUnderstanding Redundant Trunk Groups 503

Understanding Redundant Trunk Links on EX-series Switches ....................503 Chapter 36 Examples of Configuring Redundant Trunk Groups 507

Example: Configuring Redundant Trunk Links for Faster Recovery .............507 Chapter 37 Configuration Statements for Redundant Trunk Groups 513

[edit ethernet-switching-options] Configuration Statement Hierarchy ..........513 group-name .................................................................................................514 interface ......................................................................................................515 redundant-trunk-group ................................................................................516 Chapter 38 Operational Mode Commands for Redundant Trunk Groups 517

show redundant-trunk-group .......................................................................518

Part 11Chapter 39

802.1X, Port Security, and VoIPUnderstanding 802.1X, Port Security, and VoIP 521

802.1X for EX-series Switches Overview .....................................................521 Understanding 802.1X Authentication on EX-series Switches ......................523 Understanding Guest VLANs for 802.1X on EX-series Switches ...................527 Understanding 802.1X and LLDP and LLDP-MED on EX-series Switches .....528 Understanding 802.1X and VoIP on EX-series Switches ..............................530 Understanding 802.1X and VSAs on EX-series Switches ..............................533 Understanding Dynamic VLANs for 802.1X on EX-series Switches ..............535 Port Security with DHCP Snooping, DAI, MAC Limiting, and MAC Move Limiting for EX-series Switches Overview .............................................536

xvi

Table of Contents

Table of Contents

Understanding How to Protect Access Ports on EX-series Switches from Common Attacks ..................................................................................537 Mitigation of Ethernet Switching Table Overflow Attacks ............................537 Mitigation of Rogue DHCP Server Attacks ...................................................538 Protection Against ARP Spoofing Attacks ....................................................538 Protection Against DHCP Snooping Database Alteration Attacks .................538 Protection Against DHCP Starvation Attacks ................................................539 Understanding DHCP Snooping for Port Security on EX-series Switches .....539 DHCP Snooping Basics ................................................................................539 DHCP Snooping Process ..............................................................................540 DHCP Server Access ....................................................................................541 DHCP Snooping Table .................................................................................542 Understanding DAI for Port Security on EX-series Switches ........................543 Address Resolution Protocol ........................................................................543 ARP Spoofing ..............................................................................................544 DAI on EX-series Switches ...........................................................................544 Understanding MAC Limiting and MAC Move Limiting for Port Security on EX-series Switches ................................................................................545 MAC Limiting ..............................................................................................545 MAC Move Limiting .....................................................................................546 Actions for MAC Limiting and MAC Move Limiting ......................................546 MAC Addresses That Exceed the MAC Limit or MAC Move Limit .................546 Understanding Trusted DHCP Servers for Port Security on EX-series Switches ...............................................................................................547 Chapter 40 Examples of Configuring 802.1X, Port Security, and VoIP 549

Example: Connecting a RADIUS Server for 802.1X to an EX-series Switch ...................................................................................................549 Example: Setting Up 802.1X in Conference Rooms to Provide Internet Access to Corporate Visitors on an EX-series Switch .........................................554 Example: Setting Up 802.1X for Single Supplicant or Multiple Supplicant Configurations on an EX-series Switch ..................................................559 Example: Setting Up VoIP with 802.1X and LLDP-MED on an EX-series Switch ...................................................................................................564 Example: Setting Up 802.1X for Nonresponsive Hosts on an EX-series Switch ...................................................................................................571 Example: Configuring Port Security, with DHCP Snooping, DAI, MAC Limiting, and MAC Move Limiting, on an EX-series Switch ..................................576 Example: Configuring MAC Limiting, Including Dynamic and Allowed MAC Addresses, to Protect the Switch from Ethernet Switching Table Overflow Attacks ..................................................................................................584 Example: Configuring a DHCP Server Interface as Untrusted to Protect the Switch from Rogue DHCP Server Attacks ..............................................588 Example: Configuring MAC Limiting to Protect the Switch from DHCP Starvation Attacks .................................................................................591 Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks ...........................................................................595

Table of Contents

xvii


Example: Configuring Allowed MAC Addresses to Protect the Switch from DHCP Snooping Database Alteration Attacks ........................................599 Example: Configuring DHCP Snooping, DAI , and MAC Limiting on an EX-series Switch with Access to a DHCP Server Through a Second Switch ...................................................................................................603 Chapter 41 Configuring 802.1X, Port Security, and VoIP 613

Configuring 802.1X Authentication on EX-series Switches (CLI Procedure) ............................................................................................614 Configuring the RADIUS Server ...................................................................614 Configuring the 802.1X Exclusion List .........................................................615 Configuring 802.1X Port Settings ................................................................615 Configuring 802.1X Authentication (J-Web Procedure) ................................616 Configuring 802.1X RADIUS Accounting (CLI Procedure) ............................619 Filtering 802.1X Supplicants Using Vendor-Specific Attributes (CLI Procedure) ............................................................................................620 Load the Juniper Dictionary .........................................................................621 Configuring Match Conditions and Actions ..................................................622 Combining a Filter-ID with a VSA ................................................................622 Filtering 802.1X Supplicants Using Vendor-Specific Attributes (CLI Procedure) ............................................................................................623 Load the Juniper Dictionary .........................................................................623 Configuring Match Conditions and Actions ..................................................624 Combining a Filter-ID with a VSA ................................................................624 Configuring LLDP on EX-series Switches (CLI Procedure) ............................625 Configuring LLDP (J-Web Procedure) ...........................................................626 Configuring LLDP-MED on EX-series Switches (CLI Procedure) ....................627 Configuring VoIP on EX-series Switches (CLI Procedure) .............................629 Configuring Port Security (CLI Procedure) ...................................................630 Configuring Port Security (J-Web Procedure) ...............................................632 Enabling DHCP Snooping on a VLAN (CLI Procedure) .................................634 Enabling DHCP Snooping on a VLAN (J-Web Procedure) .............................635 Enabling a Trusted DHCP Server on an Interface (CLI Procedure) ...............636 Enabling a Trusted DHCP Server on an Interface (J-Web Procedure) ...........636 Enabling DAI on a VLAN (CLI Procedure) .....................................................638 Enabling DAI on a VLAN (J-Web Procedure) ................................................639 Configuring MAC Limiting, Including Dynamic and Allowed MAC Addresses, on an Interface (CLI Procedure) ............................................................640 Configuring MAC Limiting, Including Dynamic and Allowed MAC Addresses, on an Interface (J-Web Procedure) ........................................................641 Configuring MAC Move Limiting on a VLAN (CLI Procedure) .......................643 Configuring MAC Move Limiting on a VLAN (J-Web Procedure) ...................643 Setting the none Action on an Interface to Override a MAC Limit Applied to All Interfaces .........................................................................................644 Chapter 42 Verifying 802.1X, Port Security, and VoIP 647

Monitoring 802.1X Authentication ..............................................................647 Monitoring Port Security .............................................................................648

xviii

Table of Contents

Table of Contents

Verifying That DHCP Snooping Is Working Correctly ...................................649 Verifying That a Trusted DHCP Server Is Working Correctly ........................650 Verifying That DAI Is Working Correctly ......................................................651 Verifying That MAC Limiting Is Working Correctly ......................................652 Verifying That MAC Limiting for Dynamic MAC Addresses Is Working Correctly ...............................................................................................652 Verifying That Allowed MAC Addresses Are Working Correctly ...................653 Verifying Results of Various Action Settings When the MAC Limit Is Exceeded ..............................................................................................653 Customizing the Ethernet Switching Table Display to View Information for a Specific Interface ...............................................................................655 Verifying That MAC Move Limiting Is Working Correctly .............................656 Chapter 43 Configuration Statements for 802.1X, Port Security, and VoIP 659

[edit access] Configuration Statement Hierarchy .........................................659 [edit protocols] Configuration Statement Hierarchy .....................................659 [edit ethernet-switching-options] Configuration Statement Hierarchy ..........662 access ..........................................................................................................664 accounting-server ........................................................................................665 advertisement-interval ................................................................................666 allowed-mac ..............................................................................................1027 arp-inspection ...........................................................................................1027 authentication-order ....................................................................................669 authenticator .............................................................................................1027 authenticator-profile-name ..........................................................................671 authentication-server ...................................................................................672 ca-type ........................................................................................................673 ca-value .......................................................................................................674 civic-based ..................................................................................................681 country-code ...............................................................................................676 dhcp-trusted ..............................................................................................1027 disable .......................................................................................................1027 disable .......................................................................................................1027 disable .......................................................................................................1027 dot1x ...........................................................................................................680 elin ..............................................................................................................681 ethernet-switching-options ........................................................................1011 examine-dhcp ...........................................................................................1027 fast-start ....................................................................................................1027 fast-start ......................................................................................................684 forwarding-class ..........................................................................................685 guest-vlan ....................................................................................................686 hold-multiplier .............................................................................................687 interface ....................................................................................................1027 interface ......................................................................................................689 interface ......................................................................................................690 lldp ..............................................................................................................691 lldp-med ......................................................................................................692 location .....................................................................................................1027

Table of Contents

xix


mac-limit ...................................................................................................1027 mac-move-limit .........................................................................................1027 maximum-requests .....................................................................................696 no-reauthentication .....................................................................................696 profile ..........................................................................................................697 quiet-period .................................................................................................698 radius ..........................................................................................................699 reauthentication ..........................................................................................700 retries ..........................................................................................................701 secure-access-port .....................................................................................1027 server-timeout .............................................................................................703 static ...........................................................................................................704 stop-on-access-deny ....................................................................................705 stop-on-failure .............................................................................................705 supplicant ....................................................................................................706 supplicant-timeout .......................................................................................707 traceoptions ..............................................................................................1027 traceoptions ..............................................................................................1027 transmit-delay ...........................................................................................1027 transmit-period ...........................................................................................712 vlan ...........................................................................................................1027 vlan-assignment ..........................................................................................714 voip .............................................................................................................715 what ............................................................................................................716 Chapter 44 Operational Mode Commands for 802.1X, Port Security, and VoIP

717

clear arp inspection statistics .......................................................................718 clear dhcp snooping binding .......................................................................719 clear dot1x ..................................................................................................720 clear lldp neighbors .....................................................................................721 clear lldp statistics .......................................................................................722 show arp inspection statistics ......................................................................723 show dhcp snooping binding .......................................................................724 show dot1x .................................................................................................725 show dot1x static-mac-address ...................................................................728 show lldp .....................................................................................................729 show lldp local-info .....................................................................................734 show lldp neighbors ....................................................................................736 show lldp statistics ......................................................................................739 show network-access aaa statistics accounting ............................................741 show network-access aaa statistics authentication ......................................743 show network-access aaa statistics dynamic-requests .................................743

xx

Table of Contents

Table of Contents

Part 12Chapter 45

Packet FilteringUnderstanding Packet Filtering 747

Firewall Filters for EX-series Switches Overview ..........................................747 Firewall Filter Types ....................................................................................747 Firewall Filter Components .........................................................................748 Firewall Filter Processing .............................................................................748 Understanding Planning of Firewall Filters ..................................................749 Understanding Firewall Filter Processing Points for Bridged and Routed Packets on EX-series Switches ..............................................................751 Understanding How Firewall Filters Control Packet Flows ...........................753 Firewall Filter Match Conditions and Actions for EX-series Switches ...........754 Understanding How Firewall Filters Are Evaluated ......................................764 Understanding Firewall Filter Match Conditions ..........................................766 Filter Match Conditions ...............................................................................766 Numeric Filter Match Conditions .................................................................766 Interface Filter Match Conditions ................................................................767 IP Address Filter Match Conditions ..............................................................767 MAC Address Filter Match Conditions .........................................................768 Bit-Field Filter Match Conditions ..................................................................768 Understanding How Firewall Filters Test a Packet's Protocol .......................770 Understanding the Use of Policers in Firewall Filters ...................................771 Chapter 46 Examples of Configuring Packet Filtering 773

Example: Configuring Firewall Filters for Port, VLAN, and Router Traffic on EX-series Switches ................................................................................773 Chapter 47 Configuring Packet Filtering 795

Configuring Firewall Filters (CLI Procedure) .................................................795 Configuring a Firewall Filter ........................................................................795 Applying a Firewall Filter to a Port on a Switch ...........................................798 Applying a Firewall Filter to a VLAN on a Network ......................................799 Applying a Firewall Filter to a Layer 3 (Routed) Interface ............................799 Configuring Firewall Filters (J-Web Procedure) ............................................800 Configuring Policers to Control Traffic Rates (CLI Procedure) ......................804 Configuring Policers ....................................................................................805 Specifying Policers in a Firewall Filter Configuration ...................................806 Applying a Firewall Filter That Is Configured with a Policer .........................806 Assigning Multifield Classifiers in Firewall Filters to Specify Packet-Forwarding Behavior (CLI Procedure) ......................................................................807

Table of Contents

xxi


Chapter 48

Verifying Packet Filtering

809

Verifying That Firewall Filters Are Operational ............................................809 Verifying That Policers Are Operational .......................................................810 Monitoring Firewall Filter Traffic .................................................................811 Monitoring Traffic for All Firewall Filters and Policers That Are Configured on the Switch ........................................................................................811 Monitoring Traffic for a Specific Firewall Filter ............................................811 Monitoring Traffic for a Specific Policer .......................................................812 Chapter 49 Troubleshooting Packet Filtering 813

Troubleshooting Firewall Filters ...................................................................813 Firewall Filter Configuration Returns a No Space Available in TCAM Message ................................................................................................813 Chapter 50 Configuration Statements for Packet Filtering 817

[edit firewall] Configuration Statement Hierarchy .......................................817 Firewall Filter Configuration Statements Supported by JUNOS Software for EX-series Switches ................................................................................818 bandwidth-limit .........................................................................................1027 burst-size-limit ...........................................................................................1027 family ........................................................................................................1027 filter ..........................................................................................................1027 filter ..........................................................................................................1027 from ..........................................................................................................1027 if-exceeding ...............................................................................................1027 policer .......................................................................................................1027 term ..........................................................................................................1027 then ...........................................................................................................1027 then ...........................................................................................................1027 Chapter 51 Operational Mode Commands for Packet Filtering 833

clear firewall ..............................................................................................1020 show firewall .............................................................................................1020 show interfaces filters ...............................................................................1020 show interfaces policers ............................................................................1020 show policer ..............................................................................................1020

xxii

Table of Contents

Table of Contents

Part 13Chapter 52

CoSUnderstanding CoS 845

JUNOS CoS for EX-series Switches Overview ...............................................845 How JUNOS CoS Works ...............................................................................846 Default CoS Behavior on EX-series Switches ................................................846 Understanding JUNOS CoS Components for EX-series Switches ..................847 Code-Point Aliases .......................................................................................847 Policers .......................................................................................................847 Classifiers ....................................................................................................847 Forwarding Classes .....................................................................................848 Tail Drop Profiles .........................................................................................848 Schedulers ...................................................................................................848 Rewrite Rules ..............................................................................................849 Understanding CoS Code-Point Aliases ........................................................850 Default Code-Point Aliases ...........................................................................850 Understanding CoS Classifiers .....................................................................852 Behavior Aggregate Classifiers .....................................................................853 Default Behavior Aggregate Classification .............................................853 Multifield Classifiers ....................................................................................854 Understanding CoS Forwarding Classes .......................................................854 Default Forwarding Classes .........................................................................855 Understanding CoS Tail Drop Profiles ..........................................................856 Default Drop Profile ....................................................................................856 Understanding CoS Schedulers ....................................................................857 Default Schedulers .......................................................................................857 Transmission Rate .......................................................................................857 Scheduler Buffer Size ...................................................................................858 Priority Scheduling ......................................................................................858 Scheduler Drop-Profile Maps .......................................................................859 Scheduler Maps ...........................................................................................859 Understanding CoS Two-Color Marking .......................................................859 Understanding CoS Rewrite Rules ...............................................................860 Default Rewrite Rule ...................................................................................860 Chapter 53 Examples of Configuring CoS 863

Example: Configuring CoS on EX-series Switches ........................................863 Chapter 54 Configuring CoS 881

Configuring CoS (J-Web Procedure) .............................................................881 Defining CoS Value Aliases (J-Web Procedure) .............................................882 Configuring CoS Code-Point Aliases (CLI Procedure) ....................................884 Configuring CoS Classifiers (CLI Procedure) .................................................885 Defining Classifiers (J-Web Procedure) ........................................................886 Configuring CoS Forwarding Classes (CLI Procedure) ..................................889 Defining Forwarding Classes (J-Web Procedure) ..........................................889

Table of Contents

xxiii


Configuring CoS Schedulers (CLI Procedure) ................................................891 Defining Schedulers (J-Web Procedure) .......................................................891 Configuring CoS Tail Drop Profiles (CLI Procedure) .....................................894 Configuring CoS Rewrite Rules (CLI Procedure) ...........................................895 Defining Rewrite Rules (J-Web Procedure) ...................................................896 Assigning CoS Components to Interfaces (CLI Procedure) ...........................898 Assigning CoS Components to Interfaces (J-Web Procedure) .......................898 Chapter 55 Verifying CoS Monitoring Monitoring Monitoring Monitoring Monitoring Monitoring Chapter 56 901

CoS Classifiers ...........................................................................901 CoS Forwarding Classes ............................................................902 Interfaces That Have CoS Components .....................................903 CoS Rewrite Rules .....................................................................904 CoS Scheduler Maps ..................................................................905 CoS Value Aliases ......................................................................907 909

Conf

ex configs all

Documents

gated software copyright

juniper networks logo

freebsd software

notice juniper networks

university of california

memory allocation software

cornell university

university of toronto