ii 2011 by Juniper Networks, Inc. All rights reserved. Juniper Networks Juniper Networks Junos NetScreen ScreenOS Juniper Networks, Inc. Junose Junipe

Junos Day One EX 1 EX...5 2...13 3....31 4...43 5 EX...57 URL...79

ii 2011 by Juniper Networks, Inc. All rights reserved. Juniper Networks Juniper Networks Junos NetScreen ScreenOS Juniper Networks, Inc. Junose Juniper Networks, Inc. 1 5,473,599 5,905,725 5,909,440 6,192,051 6,333,650 6,359,479 6,406,312 6,429,706 6,459,579 6,493,347 6,538,518 6,538,899 6,552,918 6,567,902 6,578,186 6,590,785 Juniper Networks Books Junos Spirent Communications Cisco Systems Day One www.juniper.net/dayone dayone@juniper.net Twitter Day One @Day1Junos ISBN 978-1-936779-14-7 Vervante Corporation ISBN 978-1-936779-15-4 3 2011 1 4 5 6 7 8 9 10 #7100127

iii Junos Junos www.junper.net/dayone Day One www.juniper.net/ books Junos www.juniper.net TCP/IP Junos EX EX

iv EX Junos CLI EX LAG 2 3 IP VLAN L2 DHCP Dynamic ARP Inspection 2 OAM MVRP EZQOS- Voice EX EX Junos EX EX EX

1 EX EX4200...6 EX...9

6 Day One EX EX EX Junos EX EX EX2200 EX2200-C EX3200 EX3300 EX4200 EX4500 EX4550 10GbE TOR / EX6200 EX8200 EX9200 EX2200 EX2200-C EX3300 EX4200 EX4500 EX4550 EX8200 2 EX4200 EX http:// www.juniper.net/us/en/products-services/switching/exseries/ EX4200 EX4200 1.1 RJ-45 RS-232

1 EX 7 9600 8 1 RJ-45 OOB 10/100/1000BASE-T RJ-45 2 LED IP USB USB EX4200 USB Junos VCP 2 128Gbps EX4200 2 VCP EX4200 Connecting a Virtual Chassis Cable to an EX4200 Switch Guide www.juniper.net/techpubs 温度シャットダウン LED ESD ポイント 保護アース端子 ( 側面パネル ) ファントレイ バーチャルシャーシポート USB ポート 管理イーサネットポート コンソールポート AC 電源 1.1 EX4200

8 Day One EX EX4200 1.2 LCD 48 LCD LCD LCD LED LCD LED [Menu] LCD [Enter] LCD [Enter] LCD www.juniper.net/ techpubs/ EX Switches LCD Panel in EX3200/EX4200 Switches LCD LED EX4200 FRU SFP GbE 4 XFP 10GbE 2 SFP+ 10GbE 2 GbE 4 EX4200 24 48 10/100/1000BASE-T EX4200 100BASE-FX/1000BASE-X SFP 24

1 EX 9 LCD パネル LCD ボタンと LED ネットワークポート アップリンクモジュール 1.2 EX4200-48T EX EX Junos CLI J-Web CLI 2 CLI Day One: Exploring the Junos CLI www.juniper.net/dayone IP

10 Day One EX IP EX Junos Day One Junos www.juniper.net/dayone J-Web J-Web GUI J-Web 1.3 1.4 J-Web CLI CLI CLI CLI Junos CLI GUI

1 EX 11 1.3 J-Web 1.4 EX4200-24F J-Web

12 Day One EX Junos Connecting and Configuring an EX Series Switch J-Web Guide www. juniper.net/techpubs/ EX Junos EX EX EX 1

2... 14... 18...21...25 LAG...27

14 Day One EX EX4200 10 EX4200 EX4200-24F SFP EX4200 1 EX4200 2 1 VCP Virtual Chassis Port 2.1 2.1 VCP

EX 4200 0 2 4 6 8 10 12 14 16 18 2021 22 24 2627 2829 3031 32 3435 3637 3839 4041 42 4445 4647 1 3 5 7 9 11 13 15 17 19 23 25 33 43 EX 4200 0 2 4 6 8 10 12 14 16 18 2021 22 24 2627 2829 3031 32 3435 3637 3839 4041 42 4445 4647 1 3 5 7 9 11 13 15 17 19 23 25 33 43 EX 4200 0 2 4 6 8 10 12 14 16 18 2021 22 24 2627 2829 3031 32 3435 3637 3839 4041 42 4445 4647 1 3 5 7 9 11 13 15 17 19 23 25 33 43 2 15 EX4200-24F SFP GbE 10GbE SFP VCEP Virtual Chassis Extension Port 2.2 ワイヤリングクローゼット A ワイヤリングクローゼット A 背面図 SWA-0 SWA-1 専用バーチャルシャーシポート 正面図 xe-0/1/0 xe-1/1/0 メンバー ID: 0 ロール : マスター アップリンクモジュール メンバー ID: 1 ロール : ラインカード アップリンクモジュール ワイヤリングクローゼット B SWA-2 専用バーチャルシャーシポート ワイヤリングクローゼット B EX 4200 0 2 4 6 8 10 12 14 16 18 2021 22 1 3 5 7 9 11 13 15 17 19 23 xe-0/1/0 メンバー ID: 2 ロール : バックアップ SWA-3 xe-3/1/0 メンバー ID: 3 ロール : ラインカード 2.2 VCEP VCEP

16 Day One EX 2.3 2.3 EX4200 2.4 2

2 17 2.4 EX4200 VCEP VCEP GbE 10GbE EX4200-24F SFP VCEP Junos 9.6 1 GbE 10GbE CLI user@switch> request virtual-chassis vc-port set pic-slot <pic-slot> port <port> member <member-id>

18 Day One EX EX4200 VCP 0 VCP 1 2 VCP 0 VCP 0 VCP 1 x/ y/z x ID y PIC ID PIC 0 PIC 1 z PIC 0/1/3 0 PIC ID 1 4 0 user@switch> show interfaces ge-0/1/3 Physical interface: ge-0/1/3, Enabled, Physical link is Up... CLI Day One:Exploring the Junos CLI www.juniper.net/dayone 1 RE BK

2 19 LC Understanding Virtual Chassis Components Guide www.juniper.net/techpubs/ RE Junos BK Junos

20 Day One EX ID LC Junos PFE EX4200 EX4200 ID ID 0 ID 0 9 ID ID LCD ID 1 0 2 3

2 21 4 ID ID 1 user@switch> request virtual-chassis renumber member-id 4 new-member-id 1 2 1 255 EX4200 128

22 Day One EX 0 255 255 1. CLI user@switch# load factory-default user@switch# set system root-authentication plain-password user@switch# commit 2. LCD [Maintenance Menu] LCD [Menu] [Enter] [Maintenance Menu] [Load Factory] [Menu] [Enter] [Enter]

2 23 ID EX4200 ID 2 2 2 Junos 129 0 128

24 Day One EX IP 1 IP 1 IP VME VME VLAN IP IP CLI user@switch> configure [edit] user@switch# set interfaces vme unit 0 family inet address <ip-address>/<subnet-mask> me0 VME IP CLI user@switch> configure [edit] user@switch# commit synchronize CLI CLI show virtual-chassis status user@switch> show virtual-chassis status Virtual Chassis ID:1234.5678.90ab Mastership Neighbor List Member ID Status Serial No Model priority Role ID Interface 0 (FPC 0) Prsnt ABC012345678 ex4200-24p 250 Master* 1 vcp-0 1 vcp-1 1 (FPC 1) Prsnt ABC012345679 ex4200-24p 200 Backup 0 vcp-0 0 vcp-1 Member ID for next new member:2 (FPC 2)

2 25 Virtual Chassis Technology Best Practices Guide www.juniper.net/techpubs/ LAN LAN 3 LAN WAN 3 LAN 2 Campus LAN Design Guide www.juniper.net/techpubs/

26 Day One EX PC IP PoE Power over Ethernet LAN LAN LAN VLAN VLAN 4 EX4200 10/100/1000BASE-T 24 48 100BASE-FX/1000BASE-X 24 EX4200 1 pay-as-you-grow design 1 EX4200 9 EX4200 EX3200 EX2200 48 EX4200 EX4500 EX8200 EX4500 10GbE 1GbE 40 2 EX8200

2 27 64 8 128 16 10GbE EX4200-24F 100BASE-FX/1000BASE-X 24 10GbE 2 GbE EX4500 EX8200 www.juniper.net/techpubs/ 10GbE EX8200 1 LAG LAG 1 2.9 LAG 1 LAG

28 Day One EX LAG LAG EX LAG LAG 2 3 3 LAG LACP Link Aggregation Control Protocol 2.5 LAG 2 EX EX LAG LAG LAG EX2200 EX2200-C EX3200 EX3300 EX4200 EX4500 EX4550 EX6200 8 EX8200 12 EX2200 EX2200-C EX3200 EX3300 32 LAG EX4200 EX4500 EX4550 EX6200 64 Junos 12.3 111 LAG EX8200 255 LAG LAG LAG LAG

2 29 LACP Link Aggregation Control Protocol LACP 1 IEEE 802.3ad LACP LAG LAG LAG LACP LACP! LACP LAG LACP LACP LAG LAG LACP LACP LAG 1. LAG user@switch# set chassis aggregated-devices ethernet device-count 1 2. ge- 0/0/10 ge-0/0/11 user@switch# delete interfaces ge-0/0/10 user@switch# delete interfaces ge-0/0/11 3. LAG user@switch# set interfaces ge-0/0/10 ether-options 802.3ad ae0 user@switch# set interfaces ge-0/0/11 ether-options 802.3ad ae0 4. LACP user@switch# set interfaces ae0 aggregated-ether-options lacp active periodic fast 5. LAG VLAN 2 4 user@switch# set interfaces ae0 unit 0 family ethernet-switching port-mode trunk vlan members all

30 Day One EX LACP fast fast slow 30 LAG LAG 1. show lacp interfaces ae0 user@switch> show lacp interfaces ae0 Aggregated interface: ae0 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity ge-0/0/10 Actor No No Yes Yes Yes Yes Fast Active ge-0/0/10 Partner No No Yes Yes Yes Yes Fast Active ge-0/0/11 Actor No No Yes Yes Yes Yes Fast Active ge-0/0/11 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State ge-0/0/10 Current Fast periodic Collecting distributing ge-0/0/11 Current Fast periodic Collecting distributing Understanding Aggregated Ethernet Interface and LACP www.juniper.net/techpubs/

3 3...33 2... 35 RTG...40

32 Day One EX 2 OSI 1 EX EX8200 EX9200 / EX8200 EX4500 EX4550 EX6200 EX3300 EX4200 / EX2200 EX3200 EX3300 EX4200 OSI 2 3 EX 2 L2 3.1 L2 3 L3 3 層構造 2 層構造 アクセス アグリゲーション バーチャルシャーシ バーチャルシャーシ バーチャルシャーシ L2 アクセス コア バーチャルシャーシ バーチャルシャーシ バーチャルシャーシ L2 L3 コア EX8200 EX8200 L3 EX8200 EX8200 3.1 2 3

3 33 3 L3 - Campus LAN Reference Architecture Deploying Fixed- Configuration and Chassis-Based EX Series Ethernet Switches in Campus LANs www.juniper.net/ IP IP EX IP T M MX SRX J Junos 3 IPv4 IPv6 EX IPv4 IPv6 IP IPv4 IPv6 IPv4 IPv6 IPv6 AFL Junos 12.3 EX4200 IPv6 Routing Base License IPv4 user@switch# set interfaces ge-0/0/0 unit 0 family inet address x.x.x.x/yy IPv6 user@switch# set interface ge-0/0/0 unit 0 family inet6 address xxxx::xxxx/yy IP RVI Routed VLAN Interface VLAN

34 Day One EX RVI Routed VLAN Interface RVI VLAN L3 RVI 2 RVI IP VLAN IP user@switch# set interfaces vlan unit 1 family inet address x.x.x.x/yy RVI IP RVI VLAN ID 2 RVI VLAN user@switch# set vlans vlan-name l3-interface vlan.1 2 VLAN 2 RVI user@switch# set interfaces vlan unit 1 family inet address 10.0.1.1/24 user@switch# set interfaces vlan unit 2 family inet address 10.0.2.1/24 user@switch# set vlans vlan-1 l3-interface vlan.1 user@switch# set vlans vlan-2 l3-interface vlan.2 IPv6 family inet6 OSPF Junos Junos EX RIP OSPF IS-IS BGP RIP OSPF IS-IS BGP AFL OSPF OSPF OSPF Technical Documentation Software Guide for EX Series Switches www.juniper.net.techpubs/

3 35 OSPF 2 OSPF LSA EX OSPF user@switch# set protocols ospf area 0.0.0.0 interface vlan.1 show ospf neighbor OSPF IP OSPF user@switch> show ospf neighbor Address Interface State ID Pri Dead 172.16.31.2 ge-0/0/23.0 Full 10.0.0.2 128 32 172.16.3.2 vlan.1 Full 10.0.0.3 1 16 OSPF OSPF show ospf route show route user@switch> show ospf route Topology default Route Table: Prefix Path Route NH Metric NextHop Nexthop Type Type Type Interface Address/LSP 1.0.0.1 Intra Area/AS BR IP 2 ge-0/0/0.0 192.168.150.2 1.0.0.2 Intra Area/AS BR IP 2 ge-0/0/0.0 192.168.150.2 172.16.3.2 Intra Router IP 1 vlan.1 172.16.3.2 192.0.0.1 Intra Router IP 1 ge-0/0/0.0 192.168.150.2 10.0.0.1/32 Intra Network IP 0 lo0.0 172.16.3.0/24 Intra Network IP 1 vlan.1 172.16.31.0/24 Intra Network IP 1 ge-0/0/23.0 172.16.81.0/24 Intra Network IP 3 ge-0/0/0.0 192.168.150.2 172.16.82.0/24 Intra Network IP 3 ge-0/0/0.0 192.168.150.2 192.168.150.0/24 Intra Network IP 1 ge-0/0/0.0 2 L2 L2 L2 L2

36 Day One EX MSTI 1 MSTI 2 音声 管理を転送 バーチャルシャーシ 音声 管理をブロック 音声 管理をブロック バーチャルシャーシ 音声 管理を転送 EX8200 EX8200 EX8200 EX8200 コア A MSTI 1 ルート コア B MSTI 1 バックアップ コア A MSTI 2 バックアップ コア B MSTI 2 ルート 3.2 L2 - MSTP 2 2 ID BPDU Bridge Protocol Data Unit ID MAC ID EX 4 802.1D STP 1 2 802.1w RSTP Rapid Spanning Tree Protocol STP / STP 802.1s MSTP Multiple Spanning Tree Protocol MSTP RSTP 2

3 37 MSTP 64 STP/RSTP VSTP VLAN Spanning-Tree Protocol VSTP VLAN VLAN VSTP RSTP/ MSTP EX 253 VLAN Junos RSTP MSTP VSTP Spanning Tree in L2/L3 Environment Implementation Guide Technical Documentation Software Guide for EX Series Switches www.juniper.net RSTP Rapid Spanning Tree Protocol RSTP EX EX RSTP 2 32678 user@switch# set protocols rstp bridge-priority bridge-priority-value 0 65535

38 Day One EX MSTP Multiple Spanning Tree Protocol MSTP RSTP RSTP 1 STP/RSTP 64 VLAN 1 - STP/RSTP - MSTP MSTP MSTI MSTI VLAN MSTP MSTP user@switch# set protocols mstp configuration-name configuration-name user@switch# set protocols mstp revision-level revision-level-number CST Common spanning-tree MSTP MSTI MST Instances MSTI VLAN 1 MSTI VLAN MSTI MSTI MSTI ID VLAN user@switch# set protocols mstp msti msti-number vlan vlan-ids MSTI 1 64 VLAN ID vlan-id 1-100 [1 3 5 7-10]

3 39 MSTI 0 65535 user@switch# set protocols mstp msti msti-number bridge-priority bridge-priority-value VSTP VLAN Spanning-Tree Protocol VSTP VLAN 1 VLAN 1 MSTP RSTP/MSTP RSTP/ MSTP VLAN VLAN VSTP user@switch # set protocols vstp vlan vlan-id VLAN user@switch# set protocols vstp vlan vlan-id bridge-priority bridge-priority-value Junos 10.2 RSTP VSTP Cisco PVST+/R-PVST+ show show spanning-tree bridge ID user@switch> show spanning-tree bridge STP bridge parameters Context ID :0 Enabled protocol :RSTP Root ID :4096.00:19:e2:50:86:60 Hello time :2 seconds Maximum age :20 seconds Forward delay :15 seconds Message age :0 Number of topology changes :10 Time since last topology change :7642 seconds Local parameters Bridge ID :4096.00:19:e2:50:86:60 Extended system ID :0 Internal instance ID :0

40 Day One EX user@switch> show spanning-tree interface show spanning-tree interface Spanning tree interface parameters for instance 0 Interface Port ID Designated Designated Port State Role port ID bridge ID Cost ae0.0 128:1 128:1 4096.0019e2508660 10000 FWD DESG ge-0/0/0.0 128:513 128:513 4096.0019e2508660 20000 FWD DESG ge-0/0/3.0 128:516 128:516 32768.0019e2508660 20000 BLK DIS ge-0/0/4.0 128:517 128:517 32768.0019e2508660 20000 BLK DIS ge-0/0/5.0 128:518 128:518 32768.0019e2508660 20000 BLK DIS MSTP MSTI-VLAN MSTP MSTP user@switch> show spanning-tree mstp configuration MSTP information Context identifier :0 Region name :MST-Region-1 Revision :2 Configuration digest :0x57c9f50482c9c9ae3c404a5d3212715d MSTI Member VLANs 0 0,401-4094 1 1-100 2 101-200 3 201-300 4 301-400 (RTG) RTG EX 1 2 RTG RTG RTG BPDU / 3.3 RTG

3 41 リンク障害なし リンク障害発生 すべての VLAN を転送 バーチャルシャーシ すべての VLAN をブロック リンク障害 バーチャルシャーシ すべての VLAN を転送 EX8200 EX8200 EX8200 EX8200 コア / アグリゲーションスイッチ A コア / アグリゲーションスイッチ B コア / アグリゲーションスイッチ A コア / アグリゲーションスイッチ B 3.3 RTG EX 16 RTG 1 RTG 2 1 1 RTG RTG STP RTG user@switch# delete protocols [stp rstp mstp vstp] user@switch# set protocols [stp rstp mstp vstp] interface interface-name disable 2 2 RTG RTG Junos ethernet-switching-options

42 Day One EX user@switch# set ethernet-switching-options redundant-trunk-group RTG-1 interface ge- 0/1/0.0 user@switch# set ethernet-switching-options redundant-trunk-group RTG-1 interface ge- 0/1/1.0 RTG show redundant-trunk-group 1.0 user@switch> show redundant-trunk-group Group Interface State Time of last flap Flap name count RTG-1 ge-0/1/1.0 Up/Act Never 0 ge-0/1/0.0 Up Never 0 2 / primary primary 2 1 primary 1 RTG user@switch# set ethernet-switching-options redundant-trunk-group group RTG-1 interface ge-0/1/1.0 primary ge-0/1/0.0 Pri primary user@switch# run show redundant-trunk-group Group Interface State Time of last flap Flap name count RTG-1 ge-0/1/0.0 Up/Pri/Act Never 0 ge-0/1/1.0 Up Never 0

4 LAN VLAN...44 LLDP Link-Layer Discovery Protocol....49 VLAN...53... 55

44 Day One EX LAN VLAN ESWD EX 2 L2 Junos MAC VLAN L2 LLDP ESWD Junos CLI ethernet-switching ethernet-switching 2 2 Junos VLAN VLAN Ethernet-switching-options VLAN DHCP Dynamic ARP Inspection L2 5 LAN L2 LAN VLAN L2 LAN 4.1 L2 EX シリーズ 音声用 VLAN 学生用 VLAN 教授用 VLAN 4.1 VLAN EX

4 45 EX 4,094 VLAN VLAN vlan-id VALN null vlan-id user@switch> show vlans Name Tag Interfaces default ge-0/0/0.0*, ge-0/0/3.0, ge-0/0/4.0, ge-0/0/5.0, ge-0/0/6.0, ge-0/0/7.0, ge-0/0/8.0, ge-0/0/9.0, ge-0/0/10.0, ge-0/0/11.0, ge-0/0/12.0, ge-0/0/13.0, ge-0/0/14.0, ge-0/0/15.0, ge-0/0/16.0, ge-0/0/17.0, ge-0/0/18.0, ge-0/0/19.0, ge-0/0/20.0, ge-0/0/21.0, ge-0/0/22.0, ge-0/0/23.0 EX * VLAN VLAN VLAN VLAN user@switch# set vlans faculty VLAN set delete 802.1Q vlan-id 1 4094 vlan-id user@switch# set vlans faculty vlan-id 10 VLAN VLAN 1 VLAN user@switch# set vlans vlan-name vlan-range low-high vlan-range vlan-id vlan-range vlan-range VLAN VLAN Bldg_A VLAN 20 30 VLAN MAC 300 60 vlan-range 20 30 VLAN

46 Day One EX user@switch# show vlans Bldg_A { vlan-range 20-30; mac-table-aging-time 60; } user@switch> show vlans Name Tag Interfaces Bldg_A_20 20 None Bldg_A_21 21 None Bldg_A_22 22 None Bldg_A_23 23 <output truncated> vlan-id vlan-name VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN user@switch# set vlans faculty interface ge-0/0/0.0 interface VLAN user@switch# set interfaces ge-0/0/0.0 family ethernet-switching vlan members faculty user@switch# set interfaces ge-0/0/0.0 family ethernet-switching vlan members 10

4 47 CLI VLAN VLAN VLAN interface VLAN VLAN user@switch# set interfaces ge-0/1/0.0 family ethernet-switching vlan members [1 5 7-100] show vlan show ethernet-swtching interfaces <interface-name> VLAN 802.1Q user@switch> show ethernet-switching interfaces ge-0/1/0 Interface State VLAN members Tag Tagging Blocking ge-0/1/0.0 up default 1 untagged unblocked faculty 10 tagged unblocked student 30 tagged unblocked voice 5 tagged unblocked 4.1 PC PC VLAN AP IDP 3 4.1 +IP IPT

48 Day One EX VLAN L2 user@switch# set interfaces ge-0/0/0.0 family ethernet-switching port-mode access L2 VLAN 1 VLAN user@switch# set interfaces ge-0/1/0.0 family ethernet-switching port-mode trunk IP 2 user@switch# set interfaces ge-0/1/1.0 family inet address 10.1.3.1/30 +IPT VLAN IPT 4.2 VLAN VLAN データ用 VLAN 音声用 VLAN アクセスポート EX シリーズ 4.2 VLAN IP PC

4 49 LLDP Link-Layer Discovery Protocol IEEE 802.1AB LLDP Link-Layer Discovery Protocol LAN EX LAN LLDP LLDPDU Link Layer Discovery Protocol TLV LLDPDU EX4200 LLDP CLI user@switch# set protocols lldp interface all all LLDP user@switch# set protocols lldp interface ge-0/0/0 LLDP TLV LLDP www.juniper.net/techpubs/ LLDP-MED LLDP-MED LLDP-Media Endpoint Discovery LLDP IEEE 802.1AB VoIP LLDP-MED VoIP LLDP-MED LLDP TLV PoE Power over Ethernet

50 Day One EX TLV VLAN VLAN 802.1Q 2 3 DSCP QoS TLV IP PoE TLV PoE PoE IP IP IP ELIN LLDP-MED TLV EX www.juniper.net/techpubs/ EX4200 LLDP-MED user@switch# set protocols lldp-med interface all LLDP all LLDP-MED user@switch# set protocols lldp-med interface ge-0/0/0 fast start LLDP-MED www.juniper.net/techpubs/ LLDP LLDP-MED LLDP LLDP-MED LLDP TLV LLDP-MED TLV LLDP-MED LLDP-MED TLV

4 51 user@switch> show lldp LLDP :Enabled Advertisement interval :30 seconds Transmit delay :2 seconds Hold timer :4 seconds Notification interval :0 Second(s) Config Trap Interval :0 seconds Connection Hold timer :300 seconds EX4200 LLDP show lldp LLDP MED MED fast start count :Enabled :3 Packets Interface Parent Interface LLDP LLDP-MED all - Enabled Enabled LLDP/LLDP-MED show CLI www.juniper.net/techpubs/ LLDP 1 EX4200 show lldp neighbors root> show lldp neighbors Local Interface Parent Interface Chassis Id Port info System Name ge-0/0/0.0-00:11:22:33:44:00 ge-0/0/10.0 L2-Switch ge-0/0/1.0-00:55:66:77:88:00 ge-0/0/5.0 L2-Switch ge-0/0/2.0-00:99:aa:bb:cc:00 ge-0/0/12.0 L2-Switch LLDP user@switch> clear lldp neighbors user@switch> clear lldp neighbors interface ge-0/0/0 show lldp local-information user@switch> show lldp local-information LLDP Local Information details

52 Day One EX Chassis ID :00:11:22:33:44:50 System descr :Juniper Networks, Inc. ex4200-24t, version 10.1R1.8 Build date:2010-xx-xx 01:31:39 UTC System Capabilities Supported Enabled :Bridge Router :Bridge Router Management Information Port Name : me0.0 Port Address :192.168.1.1 Address Type :IPv4 Port ID :34 Port ID Subtype : local(7) Port Subtype : ifindex(1) Interface name Parent Interface Interface ID Interface description Status Tunneling me0.0-34 me0.0 Up Disabled ge-0/0/0.0-502 ge-0/0/0.0 Up Disabled ge-0/0/1.0-504 ge-0/0/1.0 Up Disabled ge-0/0/2.0-526 ge-0/0/2.0 Up Disabled EX4200 statistics user@switch> show lldp statistics Interface Parent Interface Received Unknown TLVs With Errors ge-0/0/0.0-158502 0 0 ge-0/0/1.0-158510 0 0 ge-0/0/2.0-158517 0 0 Discarded TLVs Transmitted Untransmitted 0 158502 1 0 158510 1 0 158517 1 EX4200 LLDP clear user@switch> clear lldp statistics clear lldp neighbors interface ge-0/0/0 CLI

4 53 VLAN VLAN 802.1Q VoIP 1 EX4200 LLDP-MED Link Layer Discovery Protocol Media Endpoint Discovery VLAN-ID QoS VoIP EX4200 LLDP LLDP-MED LLDP-MED VoIP EX4200 LLDP-MED VLAN-ID QoS VLAN VLAN VLAN VLAN voip-vlan vlan-name user@switch# set ethernet-switching-options voip interface ge-0/0/0.0 vlan voip-vlan LLDP-MED QoS LLDP-MED user@switch# set ethernet-switching-options voip interface <interface_name> forwarding-class <forwarding_class_name> QoS BA 5 EZCOS- Voice EX IP Deploying IP Telephony with Juniper Networks EX Series Ethernet Switches http:// www.juniper.net/products-services/switching/ex-series show show interface interface_name

54 Day One EX user@switch> show interfaces ge-0/0/0.0 Logical interface ge-0/0/0.0 (Index 65) (SNMP ifindex 119) Flags:Device-Down SNMP-Traps Encapsulation:ENET2 Input packets :0 Output packets:710 Protocol eth-switch <-- L2 port Flags:Is-Primary <-- no flags, therefore access-port user@switch> show interfaces ge-0/0/0.0 Logical interface ge-0/0/0.0 (Index 65) (SNMP ifindex 119) Flags:Device-Down SNMP-Traps 0x0 Encapsulation:ENET2 Input packets :0 Output packets:710 Protocol eth-switch <-- L2 port Flags:Trunk-Mode <-- trunk port user@switch> show interfaces ge-0/0/0.0 Logical interface ge-0/0/0.0 (Index 65) (SNMP ifindex 119) Flags:Device-Down SNMP-Traps 0x0 Encapsulation:ENET2 Input packets :0 Output packets:711 Protocol inet <-- L3 port Flags:None Addresses, Flags:Dest-route-down Is-Preferred Is-Primary Destination:192.168.32/24, Local:192.168.32.1, Broadcast:192.168.32.255 show ethernet-switching interface <interface_name> detail L2 show L2 VLAN MAC user@switch> show ethernet-switching interfaces ge-0/0/22 detail Interface: ge-0/0/23.0, Index:68, State: up, Port mode:access VLAN membership: student, 802.1Q Tag:30, untagged, msti-id:0, unblocked voip-vlan, 802.1Q Tag:5, tagged, msti-id:0, unblocked Number of MACs learned on IFL:2 user@switch> show ethernet-switching interfaces ge-0/1/0 detail Interface: ge-0/1/0.0, Index:69, State: up, Port mode:trunk VLAN membership: faculty, 802.1Q Tag:10, tagged, msti-id:0, unblocked student, 802.1Q Tag:30, tagged, msti-id:0, unblocked voip-vlan, 802.1Q Tag:5, tagged, msti-id:0, unblocked Number of MACs learned on IFL:1000

4 55 EX EX4200 EX8200 interface user@switch# set interfaces interface-range interface-range-name [member member-range] / member-range member-range ge-0/0/0 to ge-2/0/47; member-range ge-3/0/0 to 3/0/23; * [start-end] member ge-0/0/0; member ge-0/*/*; member ge-0/0/[0-23]; interface-range VLAN user@switch# set interfaces interface-range faculty-ports member ge-0/0/[0-23] user@switch# set interfacss interface-range faculty-ports unit 0 family ethernetswitching vlan members faculty user@switch# set interfaces interface-range student-ports member ge-0/0/[24=47] user@switch# set interfaces interface-range student-ports unit 0 family ethernetswitching vlan members student

56 Day One EX VLAN VLAN 2 1 1 VLAN interface-range user@switch# set interfaces interface-range faculty-ports member ge-0/0/[0-23] user@switch# set interfaces interface-range faculty-ports unit 0 family ethernetswitching user@switch# set interfaces interface-range student-ports member ge-0/0/[24-47] user@switch# set interfaces interface-range student-ports unit 0 family ethernetswitching user@switch# set vlans faculty interface faculty-ports user@switch# set vlans student interface student-ports interface-range ethernet-switching-options OSPF 802.1X Junos CLI interface-range interface-range user@switch# set interfaces interface-range faculty-ports member ge-0/0/[0-23] user@switch# set protocols rstp interface ge-0/0/0 edge

5 EX OAM 802.3ah...58 MVRP 802.1ak...59... 61 EZQOS-Voice...63... 67 PoE Power over Ethernet...73...76

58 Day One EX OAM 802.3ah EX OAM 802.3ah MVRP 802.1ak VLAN EZQOS-Voice CoS DoS LAN PoE Power over Ethernet EX Junos Enterprise Switching O'Reilly Media 2009 Junos http://www.juniper.net/us/en/ community/junos/releases/ IEEE 802.3ah OAM 802.3ah 802.3ah 2 802.3ah 2 OAMPDU OAM Protocol Data Unit

5 EX 59 802.3ah Junos oam OAM user@switch# set protocols oam ethernet link-fault-management action-profile actionprofile-name event link-adjacency-loss user@switch# set protocols oam ethernet link-fault-management action-profile actionprofile-name action link-down 802.3ah user@switch# set protocols oam ethernet link-fault-management interface ge-0/1/0.0 link-discovery active user@switch# set interface ge-0/1/0.0 apply-action-profile action-profile-name 802.3ah show oam ethernet link-fault-management Peer Address MAC Discovery State Send Any OAM root@ex4200-vc1-re0> show oam ethernet link-fault-management Interface: ge-0/0/23.0 Status:Running, Discovery state:send Any Peer address:00:1f:12:38:0f:97 Flags:Remote-Stable Remote-State-Valid Local-Stable 0x50 Remote entity information: Remote MUX action: forwarding, Remote parser action: forwarding Discovery mode: active, Unidirectional mode: unsupported Remote loopback mode: unsupported, Link events: supported Variable requests: unsupported Application profile statistics: Profile Name Invoked Executed down-link 0 0 MVRP 802.1ak MVRP GVRP Generic VLAN Registration Protocol 2 VLAN VLAN MVRP join leave 2 VLAN

60 Day One EX 5.1 join leave mvrp_10 がコアスイッチ上に作成される データ (vlan-id 10) mvrp_10 (vlan-id 10) トランク トランク 5.1 L2 VLAN EX MVRP user@switch# set protocols mvrp interface <interface-name> VLAN VLAN MVRP L2 MVRP VLAN VLAN-id MVRP VLAN mvrp_vlan-id MVRP VLAN MVRP show mvrp dynamic-vlan-memberships show vlan MVRP VLAN user@switch> show mvrp dynamic-vlan-memberships VLAN Name Interfaces -------------- ---------- mvrp_10 ge-0/0/0.0 ge-0/0/1.0 statistics join leave MVRP user@switch> show mvrp statistics interface ge-0/1/0 MVRP statistics Interface name :ge-0/1/0.0 MRPDU received :162 Invalid PDU received :0

5 EX 61 New received :0 Join Empty received :380 Join In received :106 <output truncated> EX EX 3 PIM PIM IP PIM-DM PIM-DM PIM-SM / RP rendezvous point PIM-SSM 1 IGMPv3 Internet Group Management Protocol 3 MLDv2 Multicast Listener Discovery 2 PIM-SM RP rendezvous point Junos PIM RP PIM RP RP RP user@switch# set protocols pim rp local address <ip_address> 0 RP user@switch# set protocols pim rp static address <ip_address>

62 Day One EX RP PIM-SM user@switch# set protocols pim interface <interface_name> mode sparse RP show pim rps RP RP RP user@swtich> show pim rps Instance:PIM.master Address family INET RP address Type Holdtime Timeout Groups Group prefixes 10.1.1.1 static 0 None 1 224.0.0.0/4 PIM show pim neighbors user@switch> show pim neighbors Instance:PIM.master B = Bidirectional Capable, G = Generation Identifier, H = Hello Option Holdtime, L = Hello Option LAN Prune Delay, P = Hello Option DR Priority Interface IP V Mode Option Uptime Neighbor addr ge-1/0/23.0 4 2 HPLG 02:18:42 10.1.2.2 show multicast route user@switch> show multicast route Family:INET Group:224.0.1.39 Source:1.1.1.2/32 Upstream interface: ge-0/1/0.0 Downstream interface list: local ge-1/0/23.0 VLAN IGMP IGMP VLAN L3 IGMP

5 EX 63 IGMP user@switch# set protocols igmp-snooping vlan <vlan_name> interface <interface_name> static group <multicast_ip_group_address> IGMP show igmp-snooping membership VLAN user@switch> show igmp-snooping membership VLAN: v2 225.1.1.1 * 199 secs Interfaces: xe-0/0/1.0, xe-0/0/2.0, xe-0/0/3.0 EZQOS-Voice EX CoS Class of Service EX 8 CoS CoS 5.2 EX CoS CoS QoS QoS 2010 4 John Wiley & Sons QoS-Enabled Networks QoS www. juniper.net/books 分類ポリシングキューイングスケジューリングリマーキング 5.2 EX QoS

64 Day One EX EZQOS-Voice CoS EZQOS-Voice QOS EX CoS EX www. juniper.net/techpub/ 5.1 QoS BA 802.1P DSCP IP Precedence MF L2 L3 / L4 EZQOS-VOICE BA DSCP 5.1 DSCP EZQOS-VOICE DSCP 0 0-23 25 26-33 35-45 46-47 49-55 57-63 SDWRR 4 34 SDWRR 5 46 7 24 26 48 56

5 EX 65 EX 8 4 EZQOS-VOICE EZQOS-VOICE 0 4 5 7 strict-high SDWRR low 2 strict-high SDWRR EX4200 30/70 EX8200 20/50 EZQOS-VOICE /etc/config ezqos-voice.conf EZQOS-VOICE load merge user@switch# load merge /etc/config/ezqos-voip.conf EZQOS-VOICE Junos group ezqos-voip EZQOS-VOICE Junos CoS ezqos-voip EZQOS-VOICE user@switch# set class-of-service apply-groups ezqos-voip

66 Day One EX user@switch# set class-of-service interfaces ge-0/0/0 unit 0 classifier dscp ezqosdscp-classifier user@switch# set class-of-service interfaces ge-0/0/0 scheduler-map ezqos-voip-schedmaps ge xe set class-of-service interfaces ge-* unit 0 classifier dscp ezqos-dscp-classifier Junos CoS show show classof-service show interface <interface-name> extensive find, <Cos Information> show class-of-service interface <interface-name> user@switch> show class-of-service interface ge-0/0/0 Physical interface: ge-0/0/0, Index:129 Queues supported:8, Queues in use:5 Scheduler map: ezqos-voip-sched-maps, Index:37585 Logical interface: ge-0/0/0.0, Index:2684275700 Object Name Type Index Classifier ezqos-dscp-classifier dscp 57624 show user@switch> show class-of-service classifier name classifier-name user@switch> show class-of-service scheduler-map scheduler-map-name show interface interfacename [detail extensive] find <Queue counters> show interface queue <interface-name> user@switch> show interfaces queue ge-0/0/0 Physical interface: ge-0/0/0, Enabled, Physical link is Down Interface index:129, SNMP ifindex:501 Forwarding classes:16 supported, 5 in use Egress queues:8 supported, 5 in use Queue:0, Forwarding classes: ezqos-best-effort Queued:

5 EX 67 Packets :Not Available Bytes :Not Available Packets : 41570904 Bytes : 5320940436 Tail-dropped packets : 0 <output truncated> LAN 5.3 EX EX メールサーバー L2/L3 スイッチ 被害者 攻撃者 5.3

68 Day One EX DHCP DHCP Dynamic Host Configuration Protocol IP DHCP DHCP IP LAN DHCP DHCP DHCP DHCP DHCP DHCP DHCP DHCP MAC DHCP IP VLAN DHCP DHCP IP DHCP DHCP DHCP クライアントネットワークデバイス 1 EX スイッチ 2 3 DHCP サーバー 6 5 4 1. デバイスが IP アドレスを要求する場合は DHCPDISCOVER IP アドレスを受信またはリースする場合は DHCPREQUEST を送信します 2. スイッチがパケットをスヌープします IP-MAC プレースホルダバインディングがデータベースに追加されます 3. スイッチが DHCPDISCOVER または DHCPREQUEST を転送します 4. サーバーが アドレスを提示する場合は DHCPOFFER アドレスをアサインする場合は DHCPACK アドレス要求を拒否する場合は DHCPNAK を送信します 5. スイッチがパケットをスヌープします プレースホルダが存在する場合は DHC- PACK 受信時に IP-MAC バインディングと交換されます 6. スイッチが DHCPOFFER DHCPACK または DHCPNAK を転送します 5.4 DHCP

5 EX 69 DHCP DAI Dynamic ARP Inspection IP EX DHCP 1. 2. discoveries/requests DHCP DHCP DHCP DHCP MAC VLAN IP 3. VLAN VLAN IP DHCP VLAN ID DHCP LAN DHCP DHCP DHCP DHCP DHCP VLAN EX DHCP user@switch# set ethernet-switching-options secure-access-port vlan vlan_name examine-dhcp DHCP untrusted trusted DHCP DHCP

70 Day One EX user@switch# set ethernet-switching-options secure-access-port interface interface_ name dhcp-trusted IP DHCP DHCP user@switch# set ethernet-switching-options secure-access-port interface <interface_ name> static-ip <ip_address mac mac_address vlan vlan_name> IP-MAC DHCP dhcpsnooping-file user@switch> show dhcp snooping binding DHCP DHCP Snooping Information: MAC address IP address Lease (seconds) Type VLAN Interface 00:01:23:45:67:89 192.168.1.10 - static corp-access ge-0/0/10.0 00:01:23:45:67:90 192.168.2.11 653 dynamic corp-access ge-0/0/11.0 00:01:23:45:67:91 192.168.2.12 720 dynamic corp-access ge-0/0/12.0 DAI Dynamic ARP Inspection IP IP 3 MAC 2 ARP Address Resolution Protocol LAN MAC IP ARP ARP ARP DAI Dynamic ARP Inspection ARP ARP DHCP IP-MAC DHCP DHCP

5 EX 71 ARP DHCP ARP ARP /! DAI DHCP DHCP DHCP ARP DAI IP DHCP ARP ARP LAN MAC ARP MAC IP ARP Gratuitous ARP IP ARP ARP LAN Gratuitous ARP MAC 2 Gratuitous ARP LAN ARP ARP ARP IP 2 DAI VLAN EX DAI user@switch# set ethernet-switching-options secure-access-port vlan vlan_name arpinspection

72 Day One EX DAI show user@switch> show arp inspection statistics ARP inspection statistics: Interface Packets received ARP inspection pass ARP inspection failed --------------- --------------- -------------------- --------------------- ge-0/0/10.0 9 9 0 ge-0/0/11.0 30 30 0 ge-0/0/12.0 25 24 1 IP IP LAN IP IP LAN IP DAI Dynamic ARP Inspection ARP IP IP DoS TCP SYN IP IP DHCP EX DHCP IP IP DHCP IP VLAN user@switch# set ethernet-switching-options secure-access-port <vlan_name> ip-sourceguard show ip-source-guard IP user@switch> show ip-source-guard IP source guard information: Interface Tag IP Address MAC Address VLAN ge-0/0/11.0 0 ge-0/0/12.0 0 192.168.2.11 00:01:23:45:67:90 corp-access 192.168.2.12 00:01:23:45:67:91 corp-access

5 EX 73 CLI Port Security on EX Series Switches Guide www. juniper.net/techpubs/ PoE Power over Ethernet PoE Power over Ethernet LAN PoE IEEE 802.3af PSE 15.4 5.5 VoIP IP PD VoIP 電話 無線アクセスポイント 監視カメラ 5.5 EX4200 PD LAN PD EX2200 EX3200 EX3300 EX4200 EX6200 EX8200 PoE PSE EX4200 PoE EX4200-24F PoE 24 48 PoE 8

74 Day One EX PoE EX PoE PD PoE user@switch# set poe interface all PoE CLI EX PoE 2 PD PD PoE 5.2 5.2 PoE PoE PSE 0 15.4 1 4 2 7 3 15.4! PoE EX2200 www.juniper.net/techpubs/ 5.2 PSE PD 3 PoE 15.4 16% PD 12.95 IEEE 802.3af PD 12.95 PoE set poe management class user@switch# set poe management class

5 EX 75 EX PoE show poe interface user@switch> show poe interface Interface Admin status Oper status Max power Priority Power consumption Class ge-0/0/0 Enabled ON 15.4W Low 12.95W 0 ge-0/0/1 Enabled ON 15.4W Low 12.95W 0 ge-0/0/2 Enabled ON 15.4W Low 12.95W 0 ge-0/0/3 Enabled ON 15.4W Low 12.95W 0 ge-0/0/4 Enabled ON 15.4W Low 12.95W 0 ge-0/0/5 Enabled ON 15.4W Low 12.95W 0 ge-0/0/6 Enabled ON 15.4W Low 12.95W 0 ge-0/0/7 Enabled ON 15.4W Low 12.95W 0 user@switch> show poe interface ge-0/0/0 PoE interface status: PoE interface :ge-0/0/0 Administrative status :Enabled Operational status :ON Power limit on the interface :15.4W Priority :Low Power consumed :12.95W Class of power device :0 user@switch> show poe controller Controller Maximum Power Guard band Management index power consumption 0 305 W 0W 0W Static EX PoE EX 19 guard-band user@switch# set poe guard-band 15 PD PoE PoE high low high high low PoE PD high

76 Day One EX PoE CLI user@switch# set poe interface ge-0/0/0 priority high PoE user@switch# set poe interface all telemetries PoE www.juniper. net/techpubs/ EX4200 MAC 2 EX 5.5 VLAN 5.6 送信元 = 従業員のノートパソコン 宛先 = プロトコルアナライザアプリケーションがインストールされたコンピュータ 5.6

5 EX 77 5.7! EX EX EX4200 1 EX8200 7 Understanding Port Mirroring on EX Series Switches (www.juniper.net / VLAN /! STP Spanning Tree Protocol 2 www.juniper.net/techpubs/ 1. user@switch# set ethernet-switching-options analyzer LOCAL-MIRROR input ingress interface ge-0/0/0.0 2. user@switch# set ethernet-switching-options analyzer LOCAL-MIRROR input egress interface ge-0/0/1.0 3. VLAN user@switch# set ethernet-switching-options analyzer LOCAL-MIRROR input ingress vlan Employee_VLAN

78 Day One EX 1. user@switch# set ethernet-switching-options analyzer LOCAL-MIRROR output interface ge-0/0/10.0 1. VLAN user@switch# set ethernet-switching-options analyzer REMOTE-MIRROR output vlan Mirror_VLAN show analyzer user@switch> show analyzer Analyzer name :LOCAL-MIRROR Output interface :ge-0/0/10.0 Mirror ratio :1 Loss priority :Low Ingress monitored interfaces :ge-0/0/0.0 Egress monitored interfaces :ge-0/0/1.0 EX 1:x 1 1:1 2047 2047 1 1 user@switch# set ethernet-switching-options analyzer MIRRORING ratio 1000 low high high user@switch# set ethernet-switching-options analyzer MIRRORING loss-priority high EX www.juniper.net/techpubs/

79 URL www.juniper.net/dayone www.juniper.net/junos http://forums.juniper.net/jnet www.juniper.net/techpubs www.juniper.net/books www.juniper.net/training/fasttrack PDF Day One Junos J-Net Junos SRX Junos Security JNTCP

80 EX Junos Enterprise Switching EX EX ASIC Junos Junos Junos Enterprise Switching EX JNTCP LAN VLAN VLAN DHCP VLAN www. juniper.net/books