180 likes | 197 Views
Prepare for the JNCIE-SP exam by mastering crucial topics like high availability features, aggregated Ethernet interfaces, VRRP considerations, user account configuration, and commit scripts.
E N D
Device Infrastructure Topics for the JNCIE-SP Exam • High availability features of the Junos OS • Be familiar with graceful restart, GRES, NSR, and VRRP • Aggregated Ethernet interfaces • Understand how LACP and the minimum-links command function • Securing and monitoring Junos devices • Be familiar with firewall filters, syslogging, and user accounts • Basic automation implementation and monitoring • Understand how to configure the router to use scripts
Aggregated Ethernet Considerations • When configuring aggregated Ethernet interfaces • Aggregated device count • Must be greater than the largest configured Aggregate Ethernet interface number • LACP • Active or passive mode • minimum-links statement • Must be set on both sides • Defaults to a value of 1 • Always test Layer 3 connectivity • LACP might show Layer 2 connectivity but this does not guarantee Layer 3 functionality
VRRP Considerations • When configuring VRRP • VRRP default behaviors • Higher priority member always preempts • Virtual IP address does not respond to requests • Interface tracking values must not be greater than the current priority value • The virtual IP address must be within the same subnet of the interface address in which it resides
Configuring User Accounts • When configuring user accounts • User templates • If the RADIUS server is unreachable, configure a local user with the user template for the user class to test the template • Regular expressions • Use to specify which commands to allow or deny • authentication-order • [ radius password ]versus radius • Useful commands • show cli authorization • load merge terminal relative
Firewall Filter Considerations • When configuring firewall filters • Break down the list of tasks • Individual smaller tasks are easier to handle • Use of syslog versus log • Use the log statement to troubleshoot and verify • prefix-list and apply-path can be used to help simplify tasks • Use port names instead of port numbers • port sshinstead of port 22 • Control plane protection • Apply firewall filter to the loopback interface • Implicit deny statement
Commit Script Considerations • When configuring commit scripts • Specify script name • file script-name • Script name must also be specified in the sourcestatement • Remote script retrieval • HTTP, FTP, or SCP can be used • Syntax: source “protocol://username@host:/location/script-name” • refresh command • Globally for all commit scripts, or on a per commit script basis • Configuration mode command that acts like an operational mode command • Must be performed before a commit is issued
Task and Topology • Task • High availability is required for the C1 router connected to R1 and R2. Configure a VRRP group in which R1 is the master for the 10.30.40.0/24 range. R2 must acquire mastership if two out of three of R1’s internal interfaces fail. The virtual IP address of 10.30.40.100, that belongs to the VRRP group, must not respond to any ping requests. R1 ge-0/0/1 .1 ge-0/0/4 C1 ge-0/0/2 .3 ge-0/0/3 ge-0/0/9 .2 R2
What Now? • VRRP must be configured on R1 and R2 • VRRP group number is not specified—it is up to you to choose one • Interfaces involved are ge-0/0/4 for R1 and ge-0/0/9 for R2 • Address range to work with is 10.30.40.0/24 • Virtual IP address is 10.30.40.100 • R1 is the master and R2 is the backup • Interface tracking on R1’s three internal interfaces is required • If two of R1’s internal interfaces go down, the interface tracking values must reduce R1’s priority lower than R2’s priority • The virtual IP address cannot respond to ping requests—the accept-data statement must not be configured • What are the required components?
Task Completion (1 of 3) • Initial verification • Verify interface state lab@R1> show interfaces terse ge-0/0/4 Interface Admin Link Proto Local Remote ge-0/0/4 up up ge-0/0/4.0 up up inet 10.30.40.1/24 lab@R2> show interfaces terse ge-0/0/9 Interface Admin Link Proto Local Remote ge-0/0/9 up up ge-0/0/9.0 up up inet 10.30.40.2/24
Task Completion (2 of 3) • VRRP configuration—R1 [edit interfaces ge-0/0/4] lab@R1# show unit 0 { family inet { address 10.30.40.1/24 { vrrp-group 1 { virtual-address 10.30.40.100; priority 149; track { interface ge-0/0/1 { priority-cost 25; } interface ge-0/0/2 { priority-cost 25; } interface ge-0/0/3 { priority-cost 25; } } } } } }
Task Completion (3 of 3) • VRRP configuration—R2 [edit interfaces ge-0/0/9] lab@R2# show unit 0 { family inet { address 10.30.40.2/24 { vrrp-group 1 { virtual-address 10.30.40.100; priority 100; } } } }
Task Verification (1 of 5) • VRRP verification—R1 [edit interfaces ge-0/0/4] lab@R1# run show vrrp detail Physical interface: ge-0/0/4, Unit: 0, Address: 10.30.40.1/24 Index: 70, SNMP ifIndex: 519, VRRP-Traps: disabled Interface state: up, Group: 1, State: master, VRRP Mode: Active Priority: 149, Advertisement interval: 1, Authentication type: none Delay threshold: 100, Computed send rate: 0 Preempt: yes, Accept-data mode: no, VIP count: 1, VIP: 10.30.40.100 Advertisement Timer: 0.856s, Master router: 10.30.40.1 Virtual router uptime: 00:03:02, Master router uptime: 00:01:36 Virtual Mac: 00:00:5e:00:01:01 Tracking: enabled Current priority: 149, Configured priority: 149 Priority hold time: disabled Interface tracking: enabled, Interface count: 3 Interface Int state Int speed Incurred priority cost ge-0/0/1.0 up 1g 0 ge-0/0/2.0 up 1g 0 ge-0/0/3.0 up 1g 0 Route tracking: disabled
Task Verification (2 of 5) • VRRP verification—R2 [edit interfaces ge-0/0/9] lab@R2# run show vrrp detail Physical interface: ge-0/0/9, Unit: 0, Address: 10.30.40.2/24 Index: 70, SNMP ifIndex: 531, VRRP-Traps: disabled Interface state: up, Group: 1, State: backup, VRRP Mode: Active Priority: 100, Advertisement interval: 1, Authentication type: none Delay threshold: 100, Computed send rate: 0 Preempt: yes, Accept-data mode: no, VIP count: 1, VIP: 10.30.40.100 Dead timer: 3.547s, Master priority: 149, Master router: 10.30.40.1 Virtual router uptime: 00:05:02 Tracking: disabled
Task Verification (3 of 5) • VRRP verification—R1 [edit interfaces ge-0/0/4] lab@R1# up 1 set ge-0/0/1 disable [edit interfaces ge-0/0/4] lab@R1# up 1 set ge-0/0/2 disable [edit interfaces ge-0/0/4] lab@R1# commit commit complete [edit interfaces ge-0/0/4] lab@R1# run show vrrp detail Physical interface: ge-0/0/4, Unit: 0, Address: 10.30.40.1/24 Interface state: up, Group: 1, State: backup, VRRP Mode: Active … Tracking: enabled Current priority: 99, Configured priority: 149 Priority hold time: disabled Interface tracking: enabled, Interface count: 3 Interface Int state Int speed Incurred priority cost ge-0/0/1.0 down 0 25 ge-0/0/2.0 down 0 25 ge-0/0/3.0 up 1g 0
Task Verification (4 of 5) • VRRP verification—R2 [edit interfaces ge-0/0/9] lab@R2# run show vrrp detail Physical interface: ge-0/0/9, Unit: 0, Address: 10.30.40.2/24 Index: 70, SNMP ifIndex: 531, VRRP-Traps: disabled Interface state: up, Group: 1, State: master, VRRP Mode: Active Priority: 100, Advertisement interval: 1, Authentication type: none Delay threshold: 100, Computed send rate: 0 Preempt: yes, Accept-data mode: no, VIP count: 1, VIP: 10.30.40.100 Advertisement Timer: 0.386s, Master router: 10.30.40.2 Virtual router uptime: 16:26:10, Master router uptime: 16:00:36 Virtual Mac: 00:00:5e:00:01:01 Tracking: disabled
Task Verification (5 of 5) • VRRP verification—R1 [edit interfaces ge-0/0/4] lab@R1# up 1 delete ge-0/0/1 disable [edit interfaces ge-0/0/4] lab@R1# up 1 delete ge-0/0/2 disable [edit interfaces ge-0/0/4] lab@R1# commit commit complete [edit interfaces ge-0/0/4] lab@R1# run show vrrp detail Physical interface: ge-0/0/4, Unit: 0, Address: 172.20.20.3/24 Interface state: up, Group: 1, State: master, VRRP Mode: Active … Tracking: enabled Current priority: 149, Configured priority: 149 Priority hold time: disabled Interface tracking: enabled, Interface count: 3 Interface Int state Int speed Incurred priority cost ge-0/0/1.0 up 1g 0 ge-0/0/2.0 up 1g 0 ge-0/0/3.0 up 1g 0