Presentation is loading. Please wait.

Presentation is loading. Please wait.

Device Infrastructure

Published byTheodora Small Modified over 7 years ago

Similar presentations

Presentation on theme: "Device Infrastructure"— Presentation transcript:

1 Device Infrastructure
3

2 Device Infrastructure Topics for the JNCIE-SP Exam
High availability features of the Junos OS Be familiar with graceful restart, GRES, NSR, and VRRP Aggregated Ethernet interfaces Understand how LACP and the minimum-links command function Securing and monitoring Junos devices Be familiar with firewall filters, syslogging, and user accounts Basic automation implementation and monitoring Understand how to configure the router to use scripts

3 Aggregated Ethernet Considerations
When configuring aggregated Ethernet interfaces Aggregated device count Must be greater than the largest configured Aggregate Ethernet interface number LACP Active or passive mode minimum-links statement Must be set on both sides Defaults to a value of 1 Always test Layer 3 connectivity LACP might show Layer 2 connectivity but this does not guarantee Layer 3 functionality 3

4 VRRP Considerations When configuring VRRP VRRP default behaviors
Higher priority member always preempts Virtual IP address does not respond to requests Interface tracking values must not be greater than the current priority value The virtual IP address must be within the same subnet of the interface address in which it resides 3

5 Configuring User Accounts
When configuring user accounts User templates If the RADIUS server is unreachable, configure a local user with the user template for the user class to test the template Regular expressions Use to specify which commands to allow or deny authentication-order [ radius password ] versus radius Useful commands show cli authorization load merge terminal relative 3

6 Firewall Filter Considerations
When configuring firewall filters Break down the list of tasks Individual smaller tasks are easier to handle Use of syslog versus log Use the log statement to troubleshoot and verify prefix-list and apply-path can be used to help simplify tasks Use port names instead of port numbers port ssh instead of port 22 Control plane protection Apply firewall filter to the loopback interface Implicit deny statement 3

7 Commit Script Considerations
When configuring commit scripts Specify script name file script-name Script name must also be specified in the source statement Remote script retrieval HTTP, FTP, or SCP can be used Syntax: source refresh command Globally for all commit scripts, or on a per commit script basis Configuration mode command that acts like an operational mode command Must be performed before a commit is issued 3

8 Task and Topology R1 ge-0/0/1 .1 ge-0/0/4 C1 ge-0/0/2 .3 ge-0/0/3 ge-0/0/9 .2 Task High availability is required for the C1 router connected to R1 and R2. Configure a VRRP group in which R1 is the master for the /24 range. R2 must acquire mastership if two out of three of R1’s internal interfaces fail. The virtual IP address of , that belongs to the VRRP group, must not respond to any ping requests. R2

9 What Now? What are the required components?
VRRP must be configured on R1 and R2 VRRP group number is not specified—it is up to you to choose one Interfaces involved are ge-0/0/4 for R1 and ge-0/0/9 for R2 Address range to work with is /24 Virtual IP address is R1 is the master and R2 is the backup Interface tracking on R1’s three internal interfaces is required If two of R1’s internal interfaces go down, the interface tracking values must reduce R1’s priority lower than R2’s priority The virtual IP address cannot respond to ping requests—the accept-data statement must not be configured

10 Task Completion (1 of 3) Initial verification Verify interface state
show interfaces terse ge-0/0/4 Interface Admin Link Proto Local Remote ge-0/0/ up up ge-0/0/ up up inet /24 show interfaces terse ge-0/0/9 ge-0/0/ up up ge-0/0/ up up inet /24

11 Task Completion (2 of 3) VRRP configuration—R1
[edit interfaces ge-0/0/4] show unit 0 { family inet { address /24 { vrrp-group 1 { virtual-address ; priority 149; track { interface ge-0/0/1 { priority-cost 25; } interface ge-0/0/2 { interface ge-0/0/3 {

12 Task Completion (3 of 3) VRRP configuration—R2
[edit interfaces ge-0/0/9] show unit 0 { family inet { address /24 { vrrp-group 1 { virtual-address ; priority 100; }

13 Task Verification (1 of 5)
VRRP verification—R1 [edit interfaces ge-0/0/4] run show vrrp detail Physical interface: ge-0/0/4, Unit: 0, Address: /24 Index: 70, SNMP ifIndex: 519, VRRP-Traps: disabled Interface state: up, Group: 1, State: master, VRRP Mode: Active Priority: 149, Advertisement interval: 1, Authentication type: none Delay threshold: 100, Computed send rate: 0 Preempt: yes, Accept-data mode: no, VIP count: 1, VIP: Advertisement Timer: 0.856s, Master router: Virtual router uptime: 00:03:02, Master router uptime: 00:01:36 Virtual Mac: 00:00:5e:00:01:01 Tracking: enabled Current priority: 149, Configured priority: 149 Priority hold time: disabled Interface tracking: enabled, Interface count: 3 Interface Int state Int speed Incurred priority cost ge-0/0/ up g ge-0/0/ up g ge-0/0/ up g Route tracking: disabled

14 Task Verification (2 of 5)
VRRP verification—R2 [edit interfaces ge-0/0/9] run show vrrp detail Physical interface: ge-0/0/9, Unit: 0, Address: /24 Index: 70, SNMP ifIndex: 531, VRRP-Traps: disabled Interface state: up, Group: 1, State: backup, VRRP Mode: Active Priority: 100, Advertisement interval: 1, Authentication type: none Delay threshold: 100, Computed send rate: 0 Preempt: yes, Accept-data mode: no, VIP count: 1, VIP: Dead timer: 3.547s, Master priority: 149, Master router: Virtual router uptime: 00:05:02 Tracking: disabled

15 Task Verification (3 of 5)
VRRP verification—R1 [edit interfaces ge-0/0/4] up 1 set ge-0/0/1 disable up 1 set ge-0/0/2 disable commit commit complete run show vrrp detail Physical interface: ge-0/0/4, Unit: 0, Address: /24 Interface state: up, Group: 1, State: backup, VRRP Mode: Active Tracking: enabled Current priority: 99, Configured priority: 149 Priority hold time: disabled Interface tracking: enabled, Interface count: 3 Interface Int state Int speed Incurred priority cost ge-0/0/ down ge-0/0/ down ge-0/0/ up g

16 Task Verification (4 of 5)
VRRP verification—R2 [edit interfaces ge-0/0/9] run show vrrp detail Physical interface: ge-0/0/9, Unit: 0, Address: /24 Index: 70, SNMP ifIndex: 531, VRRP-Traps: disabled Interface state: up, Group: 1, State: master, VRRP Mode: Active Priority: 100, Advertisement interval: 1, Authentication type: none Delay threshold: 100, Computed send rate: 0 Preempt: yes, Accept-data mode: no, VIP count: 1, VIP: Advertisement Timer: 0.386s, Master router: Virtual router uptime: 16:26:10, Master router uptime: 16:00:36 Virtual Mac: 00:00:5e:00:01:01 Tracking: disabled

17 Task Verification (5 of 5)
VRRP verification—R1 [edit interfaces ge-0/0/4] up 1 delete ge-0/0/1 disable up 1 delete ge-0/0/2 disable commit commit complete run show vrrp detail Physical interface: ge-0/0/4, Unit: 0, Address: /24 Interface state: up, Group: 1, State: master, VRRP Mode: Active Tracking: enabled Current priority: 149, Configured priority: 149 Priority hold time: disabled Interface tracking: enabled, Interface count: 3 Interface Int state Int speed Incurred priority cost ge-0/0/ up g ge-0/0/ up g ge-0/0/ up g

18 3

Download ppt "Device Infrastructure"

Similar presentations

Securing the Router Chris Cunningham.

Securing the Router Chris Cunningham.
 WAN uses Serial ports  Ethernet Ports:  Straight through  Cross over.

 WAN uses Serial ports  Ethernet Ports:  Straight through  Cross over.
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.

CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen

1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
Instructor & Todd Lammle

Instructor & Todd Lammle
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.

Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.

Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.
VLAN Trunking Protocol (VTP) W.lilakiatsakun. VLAN Management Challenge (1) It is not difficult to add new VLAN for a small network.

VLAN Trunking Protocol (VTP) W.lilakiatsakun. VLAN Management Challenge (1) It is not difficult to add new VLAN for a small network.
Training Ethernet and IP Basics Overview OSI Layer Model Ethernet IP ARP IP Routing Higher Layer Protocols VRRP ATM Vision Network Setup Practice.

Training Ethernet and IP Basics Overview OSI Layer Model Ethernet IP ARP IP Routing Higher Layer Protocols VRRP ATM Vision Network Setup Practice.
1 Version 3.1 Module 4 Learning About Other Devices.

1 Version 3.1 Module 4 Learning About Other Devices.
NMS Labs Mikko Suomi LAB1 Choose SNMP device managment software Features: –Gives Nice overview of network –Bandwith monitoring –Multible.

NMS Labs Mikko Suomi LAB1 Choose SNMP device managment software Features: –Gives Nice overview of network –Bandwith monitoring –Multible.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Adjust and Troubleshoot Single- Area OSPF Scaling Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Adjust and Troubleshoot Single- Area OSPF Scaling Networks.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
VLAN V irtual L ocal A rea N etwork VLAN Network performance is a key factor in the productivity of an organization. One of the technologies used to.

VLAN V irtual L ocal A rea N etwork VLAN Network performance is a key factor in the productivity of an organization. One of the technologies used to.
Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1.

Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1.
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)

1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
Junos Intermediate Routing

Junos Intermediate Routing

Similar presentations

Ads by Google