Juniper Network Switch Configuration Hints

Juniper-Switches.md

Juniper Network Switches

Common Configuration Snippets

System Time

• set system time-zone America/New_York
• Automatically Set Clock with NTP
  • set system ntp server 1.2.3.4
  • Repeat for additional servers
• Manually Set Clock in Operation Mode
  • set date "yyyyMMddhhmm.ss"
  • You can ignore the error message
• VIEW SYSTEM TIME (newer software will display in UTC)
  • show system uptime

General Configuration Items

• set system host-name YOUR-HOST-NAME
• set system services ssh protocol-version v2
  • Newer software will block root login unless "root-login" command is set under ssh config
• set system services netconf ssh
• set chassis aggregated-devices ethernet device-count 2
  • Select the number of Link Aggregation Groups (LAG) that you want (LACP/802.3ad)
• set chassis alarm management-ethernet link-down ignore
  • Turn off this alarm if you don't use the out-of-band management port
• set interfaces YOUR-IF-NUM unit 0 family ethernet-switching vlan members VNUM
  • assign normal port to vlan (untagged)
• set interfaces YOUR-IF-NUM unit 0 family ethernet-switching port-mode trunk
• set interfaces YOUR-IF-NUM unit 0 family ethernet-switching native-vlan-id VNUM
  • REMOVE vlan from members if it is set as native-vlan-id on trunk port (for untagged)
• set interfaces YOUR-IF-NUM unit 0 family ethernet-switching vlan members VNUM
  • Trunk Interface can have One Untagged Vlan (native) and Many Tagged Vlan's assigned
• set interfaces YOUR-IF-NUM description "Describe Port Usage or Name Here"
• set interfaces YOUR-IF-NUM ether-options 802.3ad ae#
  • Add port to ae# (aggregated-devices ethernet, starting with 0)
  • 802.3ad is LACP link aggregation protocol
  • Must delete unit 0 from ae# interfaces before commit will be allowed
• set interfaces ae# aggregated-ether-options lacp active
• set interfaces ae# unit 0 family ethernet-switching port-mode trunk
  • NEWER SOFTWARE might use command "interface-mode" rather than port-mode!!
• set interfaces ae# unit 0 family ethernet-switching vlan members VNUM
  • Assign vlan number to LACP (ae) trunk. Repeat for additional vlan's
• set poe interface all disable
  • Disable one or all interfaces for Power over Ethernet delivery
• set vlans VLAN-NAME vlan-id VNUM
  • Assign Vlan Number to Vlan Name
• set vlans VLAN-NAME l3-interface vlan.UNIT-NUM
  • Assign Layer-Three (IP) Sub-Interface to Vlan Name
  • Recommend Unit number to match vlan id
  • NEWER SOFTWARE uses l3-interface irb.UNIT-NUM rather than vlan.UNIT-NUM
  • irb = Integrated Routing and Bridging
• set interfaces vlan unit UNIT-NUM description "Purpose of Vlan IP Interface"
  • Unit number must match value devined for VLAN-NAME l3-interface under set vlans
  • NEWER SOFTWARE uses l3-interface irb.UNIT-NUM rather than vlan.UNIT-NUM
• set interfaces vlan unit UNIT-NUM family inet dhcp
  • Use DHCP for IP Assignment to switch Vlan IP Interface (or configure manually)

Important Concepts

• commit
  • Always Commit your configuration changes!! Unlike Cisco, changes are not live until committed.
• show configuration | display set | no-more
  • Like "show running-config" from Cisco
• show vlans
• run SOME-COMMAND
  • Same as "do" from Cisco configuration mode. Helps use "show" commands from edit mode.
• wildcard range set interfaces ge-0/0/[0-4,10,15-20] unit 0 ...
  • Change more than one interface at the same time!!!

Automatic Speed and Duplex

The EX4500 Series 10G Base-T Switch Ports default configuration will not auto-negotiate 1G port speeds. Here are some hints to change that if needed.

• set interfaces xe-0/0/30 ether-options auto-negotiation
• set interfaces xe-0/0/30 ether-options link-mode automatic
• set interfaces xe-0/0/30 ether-options speed auto-negotiation
  • The "auto-negotiation" setting is required for this config to work.

Safe Shutdown

Keep the switch connected to an UPS battery backup to avoid issues during short power interruptions. To safely power-off the switch, check the current procedure from Juniper. Here are some hints.

• request system halt
• request system power-off
  • Most switch models to the same thing regardless of whether you use the halt or power-off command (still need to remove power cords)
• WAIT for a while (5 to 10 minutes) for the switch to complete the shutdown sequence
• AFTER WAITING, you can remove power. If you want to be sure, use a serial console to request system halt and then wait for the "system has halted" message before removing power.

View Backup Partition Status

The backup partition should contain an identical copy (snapshot) of the active partition. This might be created automatically, or you can manually update the snapshot using "request system snapshot slice alternate". I believe this is a copy of JunOS, and NOT a copy of the configuration which must be saved for recovery separately.

• show system snapshot media internal
• show system storage partitions

Save a Rescue Configuration

If the system is in a known-good state, you should Save a Rescue Configuration. There is usually an alarm on the system until a rescue configuration has been saved.

• request system configuration rescue save
  • REPEAT this step periodically to save NEWER KNOWN GOOD configurations for rescue
• show system configuration rescue
  • View the saved rescue configuration including date & time stamp
• show chassis alarms

For Native VLAN Untagged on Trunk, see https://kb.juniper.net/InfoCenter/index?page=content&id=KB17419