JNCIA-Junos Introduction and Lab Preparation is the topic of this section. Juniper Junos Associate course or JNCIA-Junos is a prerequisite for all other Juniper courses like CCNA in Cisco courses. In this course we will learn how to work with Junos, i.e. OS of juniper devices, especially through the CLI interface.
2. Junos CLI modes
Junos CLI modes is the start of the topic where we learn how to work with Junos CLI user interface. This section introduces Junos CLI modes including shell mode, operational mode, and configuration mode where you can configure, monitor, and troubleshoot your configurations.
3. Junos Output Level and Filtering
Junos output level and filtering allow us to control and filter the output of Junos show commands. This allows you to control how much detailed information is displayed. And only show the part of the output that is more important to us.
4. Juniper Junos Configuration types and “configure” commands
Juniper Junos configuration types and configure commands are what we will discuss and demonstrate in this section. we have two types of Junos configuration, active configuration in which is live and candidate configuration which includes also some changes which will be active after commit command.
If there are multiple Juniper admins on the network, what happens if they configure at the same time and some configurations conflict? We will see the difference between “configure”, “configure private” and “configure exclusive” in this regard.
Junos CLI Navigation is the topic of this section. in other words how to navigate command hierarchy and how it helps us to configure juniper devices
6. Junos commit and rollback commands
Junos “commit” command apply configuration changes to active configuration. Up to 50 configuration changes are stored in juniper devices. “rollback” command restore and apply the configuration of any of these 50 stored committed versions.
We know both commit and rollback commands from the previous sections, but this section will add some handy and useful tips about these two commands.
Junos save and load commands are to save and load the entire or part of the configuration or output of any show commands, locally on the device or on a remote server. this is what we will discuss in this section.
We will also learn how to configure custom automatic backup policy.
Junos rescue configuration file is helpful in the situation that your device’s configuration file has been misconfigured or lost. It allows you to define a known or healthy configuration as a rescue configuration that you can roll back to at any time.
9. juniper initial configuration
The initial configuration of Juniper devices is the first step after purchasing a Juniper device. Initial configuration typically means enabling root authentication which is required, configuring a hostname and management IP address, and enabling SSH or Telnet remote access. It can also be a good idea to configure domain names, name servers, time zones and NTP servers.
We will also learn how to revert back to the default factory configuration or erase all configuration and data files to reconfigure the juniper device from scratch.
Junos SSH public key authentication is the feature that allows administrators to log in to the Juniper devices without a password. It is attractive and secure at the same time. It is not only useful in normal SSH connection but particularly useful in network automation.
11. Junos interface types and naming convention
Junos interface types and naming conventions introduces different type of physical and logical interfaces and how they are named and numbered in juniper devices. This is what you need to know as a network engineer and is the topic of this section.
12. Junos Primary and Preferred Address
Junos Interface Initial Configuration includes configuring both physical properties and logical properties. IP address configuration is part of interface logical configuration.
When you configure multiple IP addresses in Juniper devices, opposite to cisco devices, they are not replaced but all addresses will be added to the device.
Now the question is which address will be used as the source address when packets are originated from that interface. Junos Primary and Preferred address is the answer to this question.
Junos syslog configuration allows us to be informed in real-time about important changes in the network, for example when an interface goes down, a BGP neighborship goes down, or a new command is configured on the network device.
Syslog configuration is critical to be activated not only on network devices, but also on all servers and services running in the enterprise.
Junos traceoptions is the same as the debugging tools from Cisco and many other vendors. You can use the traceoptions feature to monitor the device background process and traffic to and from the Juniper device.
Traceoptions is a critical tool in troubleshooting, but it takes up a lot of disk space and needs to be enabled when needed and disabled after troubleshooting is complete.
Junos SNMPV3 configuration is the discussion of this section. With the SNMP protocol, we can monitor network devices and servers remotely. SNMP is the most common monitoring protocol used in the networks.
SNMPv2c is the most widely used version of SNMP, which will be discussed first. SNMPv3 is the most secure version of SNMP, which is discussed next.
Junos routing is the main topic of the next sections. In order to better understand the concepts related to the routing, in this section we prepare a simple lab based on vSRX that will be used in the next sections to practically configure various concepts.
17. Juniper Static Routing Fundamental
In this section we will talk about static routing and specifically juniper static routing concepts. First, we’ll go through some routing concepts as a whole, and then pay attention to some concepts and terminologies specific to Juniper devices.
This section is dedicated to the theoretical concepts of static routing, and in the next section we will start to implement these concepts in juniper devices.
juniper qualified-next-hop, route preference, default route and longest-prefix-match rule are the topics related to juniper static routing concept that we have discussed in the previous section and we will configure in this section.
we will also see the difference between juniper routing table and forwarding table in this section
Juniper Dynamic Routing enables network devices to learn and update routing information dynamically, which is very important and critical in large networks.
In this section, we will learn about the architecture of dynamic routing protocols and implement a simple OSPF routing protocol as an example in vSRX devices.
Juniper Routing Instance has the same concept of VRF in Cisco routers, which allows us to use a single physical router as multiple logical routers.
All logical routers in control plane and data plane are completely separate, so it can be assumed that there are actually multiple physical routers. The only difference is that the management plane is shared between routing instances (logical routers).
Junos routing policy allows us to allow, deny, or manipulate the routes when they are imported from a routing protocol to the routing table or exported from the routing table to a routing protocol.
This section discusses the concept of routing policy. In the next section, we configure a real routing policy in SRX devices.
Juniper routing policy configuration example helps us better understand what we discussed in theory in the previous section.
We will configure a simple routing policy scenario to advertise the default route over OSPF routing protocol with both prefix-list and route-filter
Juniper firewall filter is a Junos security solution to filter or control traffic at the data plane as they enter or exit an interface. It is exactly the same as access control list in Cisco devices.
The firewall filter is stateless, so it differs from the stateful Juniper security policy which is stateful. In other words, in firewall filter each packet must be inspected individually to determine whether it is permitted to be transmitted or it must be filtered.
Juniper Traffic Policing is another application of Firewall Filter that allows you to rate limit the traffic instead of just accepting or dropping it.
25. Juniper Unicast Reverse-Path-Forwarding
Juniper Unicast Reverse-Path-Forwarding (unicast RPF) feature is used to prevent spoofing attacks in which intruder spoof the source IP address in a way to seem that it comes from a legitimate address and it is usually used in DoS attacks.
26. Junos Packet Capture Configuration Example
Junos Packet Capture is an excellent utility for capturing real-time traffic over Juniper devices. It helps us analyze network traffic and is especially useful for network troubleshooting.
In this section, I will show you how to implement the packet capture feature in a Juniper SRX device.
Juniper Monitor Traffic Command is another troubleshooting and analysis tool for capturing traffic, but only traffic to or from the Juniper device routing engine (RE) are captured. Transit traffic are not captured by the “monitor traffic” command.