Essential Juniper EX Series Switch Commands: Configuration and Troubleshooting

Posted on Sep 3, 2024 in Computers

General Juniper EX Series Switch Commands

Basic Commands

Show MAC Address Table

show ethernet-switching table brief

Show Directly Connected Switches

show lldp neighbors

Configure VLAN

set vlans  Floor_Users vlan-id 90
set vlans Floor_Users l3-interface vlan.90
set interfaces vlan unit 90 family inet address 10.10.10.254/24

Assign VLAN to Port

set interfaces  unit 0 family ethernet-switching vlan members

Upgrade Juniper EX Series Switch

(May be needed – set system services ftp, when upgrading 8200 need to upgrade both Route Engines)

request system software add ftp://a:123456@10.10.10.81/jinstall-ex-3200-9.6R1.13-domestic-signed.tgz

Enable SSH

set system services ssh

Show IP Addresses

show interfaces terse

Show All Ports Information

show interfaces extensive

Load Factory Default Configuration

load factory-default

Show Rollback Configuration (e.g., 10th rollback)

file show /var/db/config/juniper.conf.10.gz

Show Interface Statistics in Real Time

run monitor interface ge-0/0/0

Monitor Traffic on an Interface (like tcpdump)

run monitor traffic interface ge-0/0/0

Add Configuration from Notepad

load update terminal

Configure Static Route

set routing-options static route 192.168.16/24 next-hop 1.1.1.1

Start Terminal Monitor

monitor start /var/log/messages

Stop Terminal Monitor

monitor stop

Check Configuration Changes Before Commit

show | compare

Show System Uptime

show system uptime

Show Modules/Hardware Information

show chassis hardware

Show OSPF Interfaces

show ospf interface

Advanced Configurations

OSPF Redistribution (Static Routes)

set protocols ospf export redistribute-into-OSPF
set policy-options policy-statement redistribute-into-OSPF term static from protocol static
set policy-options policy-statement redistribute-into-OSPF term static then accept

LACP (Link Aggregation Control Protocol) – Switches

set chassis aggregated-devices ethernet device-count 5
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ge-0/0/0 ether-options 802.3ad ae0
set interfaces ge-0/0/1 ether-options 802.3ad ae0
set interfaces ae0 unit 0 family inet address 10.10.0.254/24

LACP – Juniper Routers

set chassis aggregated-devices ethernet device-count 5
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ge-0/0/0 gigether-options 802.3ad ae0
set interfaces ge-0/0/1 gigether-options 802.3ad ae0
set interfaces ae0 unit 0 family inet address 10.10.0.254/24

Password Recovery

  1. Reload the switch.
  2. Stop the boot by pressing the “space bar”.
  3. Choose ‘recovery’.
  4. Type the following command: boot -s

NTP (Network Time Protocol)

set system ntp server 1.1.1.1
exit
set date ntp

Create Rescue Configuration

request system configuration rescue save

Set Management IP on a Stack

set interfaces vme unit 0 family inet address 10.10.10.235/24

Connect to a Specific Switch in a Stack

request session member

Install Image from USB

  1. Put the new code (desired version of JUNOS) on a USB which is formatted under FAT32 and insert it into the back of the switch where you can find the USB slot.
  2. Reboot the device and when it says loading press spacebar to take us to loader prompt (loader>).
  3. Type the following command to reinstall JUNOS from this prompt: loader> install --format file:///filename.tgz (where filename is like e.g., jinstall-ex-9.2R1.5-domestic-signed.tgz)

Copy Log Files from Specific Unit

request session member 5
start shell user root
! -Password-
tar -zcvf varlog-mem5.tar.gz /var/log/
mv varlog-mem5.tar.gz /var/tmp/
exit
file copy fpc5:/var/tmp/varlog-mem5.tar.gz fpc0:/var/tmp 
! Then open with web - Maintain --> Files --> temp

Show Alarms (Check Why the Alarm LED is Red)

show system alarms

VRRP (Virtual Router Redundancy Protocol)

set interfaces vlan unit   family inet address x.x.x.x /24 vrrp-group  virtual-address x.x.x.x  priority <priority>

VRRP – Backup Master (Allow Backup Router to Process Packets)

ip vrrp 22 accept-data

ECMP (Equal Cost Multi-Path)

set policy-options policy-statement load-balancing-policy then load-balance per-packet
set routing-options forwarding-table export load-balancing-policy

Allow NSM (Network and Security Manager) to Connect to the Switch

set system services netconf ssh

DHCP Snooping

set ethernet-switching-options secure-access-port vlan all examine-dhcp

BPDU (Bridge Protocol Data Unit) Guard

set protocols rstp bpdu-block-on-edge
set protocols rstp interface all edge

Port Mirroring

set ethernet-switching analyzer analyzer1 input ingress interface ge-0/0/0
set ethernet-switching analyzer analyzer1 input egress interface ge-0/0/0
set ethernet-switching analyzer analyzer1  output interface ge-0/0/2

LLDP-MED (Link Layer Discovery Protocol – Media Endpoint Discovery)

(The switch tells the IP phone what the voice VLAN is)

set vlans  description voice-vlan
set vlans  interface ge-0/0/2.0
set interfaces  unit 0 family ethernet-switching vlan members 
set interfaces   unit 0 family ethernet-switching port-mode access
set ethernet-switching-options voip interface  .0 vlan 
set ethernet-switching-options voip interface  .0 forwarding-class assured-forwarding
set protocols lldp-med interface

TACACS+ (Terminal Access Controller Access-Control System Plus)

(Use “load merge terminal” to load this format of config)

system {
    time-zone Asia/Jerusalem;
    authentication-order tacplus;
    root-authentication{
        encrypted-password "$1$gzwtefgipDYmub7XcCTEU4/"; ## SECRET-DATA
    }
    tacplus-server {
          secret "$9$y45645XxjqfT9CRhSyMX-dsYgJ"; 
         secret "$9$vD4574745dV.5Fnu0ylKvxdsYoaZj"; 
    }

    accounting {
        events [ login change-log interactive-commands ];
        destination {
            tacplus;
        }
    }
}

VoIP QoS Marking

class-of-service{
    classifiers {
        dscp juniper_dscp_classifier {
            import default;
            forwarding-class voice {
                loss-priority low code-points 101110;
            }
        }
        ieee-802.1 juniper_ieee_classifier {
            import default;
            forwarding-class voice {
                loss-priority low code-points 011;
            }
        }
    }
    forwarding-classes {
        class voice queue-num 7;
        class expedited-forwarding queue-num 5;
        class assured-forwarding queue-num 1;
        class best-effort queue-num 0;
    }
    interfaces {
        vlan {
            unit 12 {
                classifiers {
                    dscp juniper_dscp_classifier;
                }
            }
        }
    }
}

Access Lists for IP Addresses Allowed to Access the Switch

(Use “load merge terminal” to load this format of config)

interfaces{
    lo0 {
        unit 0 {
            family inet {
                filter {
                    input Telnet-access-filter;
    }
           }
        }
    }
}
firewall {
  family inet {
    filter Telnet-access-filter {
        term team_X {
            from {
                source-address {
                    x.x.x.x/32;
                    x.x.x.x/32;
                  }
                protocol tcp;
            }
            then accept;
        }
        term team_Y {
            from {
                source-address {
                    y.y.y.y/32;
                    y.y.y.y/32;
                }
                protocol tcp;
            }
            then accept;
        }
        term Access_from_forbidden_addresses {
            from {
                source-address {
                    127.0.0.0/8;
                }
                protocol tcp;
            }
            then discard;
        }
        term OSPF {
            from {
                protocol ospf;
            }
            then accept;
        }
        term icmp {
            from {
                protocol icmp;
            }
            then accept;
        }
        term accept_DHCP {
            from {
                protocol udp;
            }
            then accept;
        }
    }
  }
}