Juniper Networks Certified Internet Associate-JNCIA

JNCIA-ER Lab Manual

Developed by

M. Irfan Ghauri
M. Tanzeel Nasir

C-32/1 Block-5 Gulshan-e-Iqbal, Karachi

Ph #021-6034003

ESP Press
Copyrights 2009

JNCIA-ER Lab Manual

LAB.

LABS DESCRIPTION

PAGE
NO.

Junos Basic and J-web Basics

Accessing the Juniper Router through Telnet/SSH/HTTP

Static Routing

Dynamic Routing
1. RIP
2. OSPF

14
16

Firewall Filtering
1. Simple Firewall Filtering
2. Advance firewall Filtering

18
20

Port Address Translation (PAT)

22

Implement VRRP

24

Inter-vlan routing

26

Configuring dhcp

28

10

Password recovery

30

11

PPP Authentication

32

2
11
12

JNCIA-ER Lab Manual

Lab # 1

Junos Basic
Configuration
After connecting your PC to the Console Port.
LOGIN:root
PASSWORD:abc123
Root @%
To Enter Into Operational Mode From Unix Shell & Vice- Versa.
Root @% cli
Root >
To Enter Into Configuration Mode.
Root> configure
Entering configuration mode
Root #

Jweb equivalent : Configuration

Use Commit command to activate your changes.
Root# commit
To change the Host Name of Router.
Root# set system host-name host
Root# commit

JNCIA-ER Lab Manual

Jweb equivalent : Configuration > Quick Configuration > setup

Set the System Date & Time on the Router
Root> set date 12:10:8
(hh:mm:ss)
Root> set date 2009-10-6 (YY-MM-DD)
Root# commit

Jweb equivalent : Configuration > Quick Configuration > setup

(set time manually)
Verify the System Date & Time on the Router
Root> show system uptime
Current time: 2009-08-17 11:55:58 UTC

Jweb equivalent : Monitor> system

Display the Version Information of the Router.
Root>show system software
Or
Root>show version
Show interface summary
Root> show interfaces terse

Jweb equivalent : Monitor > interfaces

Display the Interface
Root>show interface
Root>show interfaces extensive
Root>show interface detail

JNCIA-ER Lab Manual

Displays per-second real-time statistics for a physical interface

Root> monitor interface se-0/0/2
Command prints packet headers to your terminal screen for information sent or
received by the Routing Engine
Root>monitor traffic interface se-0/0/2
Move connection to another port for testing purpose
Root#rename interfaces fe-0/0/0 to fe-0/0/1
(in this example you will move the configuration for fe-0/0/0 to fe-0/0/1)
Ruplicate an existing configuration and change a few components.
Root#copy interfaces fe-0/0/0 to fe-0/0/1
(we are replicating an existing configuration so we can change a few components)
Configuring the Encapsulation on a Physical Interface
Root#set interfaces se-0/0/2 encapsulation ppp
Show Active Configuration.
Root>show configuration
or
Root>show system rollback 0
or
Root#show

Jweb equivalent: Configuration > View and Edit > View Configuration
Text

JNCIA-ER Lab Manual

Show Active Configuration in set display

Root # Show | display set
Show Active Configuration in xml format
Root # Show | display xml

show candidate

Configuration.

Root> show system rollback 2

(Temporary Configuration and becomes active when commit it)

Jweb equivalent : Configuration > history

Compare Rollback Configuration.
Root> show system rollback 0 compare 2

Jweb equivalent : Configuration > history > compare

Configure Rollback Configuration.

Root#rollback 2
Root#commit

Deactivate or Activate configuration.

Root#deactivate Anyconfiguration
For example
Root#deactivate interfaces se-0/0/2

JNCIA-ER Lab Manual

Root#show
interfaces{
inactive se-0/0/2{
}

Shut down an Interface

Root# set interfaces se-0/0/2 disable
Root# delete interface se-0/0/2 disable
Set Rescue Configuration.
Root> request System configuration rescue save
(Save Active configuration as rescue configuration)

Jweb equivalent : configuration >rescue

Commit Rescue Configuration.
Root> rollback rescue
Or
(Reset CONFIG button on the front of j-series router will load and commit the
rescue configuration )

Jweb equivalent : Configuration > history (Set rescue configuration)

Show Rescue Configuration.
Root> Show System configuration rescue

Jweb equivalent : Configuration > history (View rescue configuration )

To look how many users are logged in junos
Root>show system user

JNCIA-ER Lab Manual

To look at files stored in Flash memory

Root>show system storage
To look at used tcp and udp ports
Root>show system connection
To look at system license
Root>show system license
To look at system firmware
Root>show system firmware
Show chassis component and temperature of cpu
Root > show chassis environment

Jweb equivalent : Monitor > chassis

Show chassis hardware
Root > show chassis hardware detail

Jweb equivalent : Monitor > chassis

Set the password of Root in clear text.
Root# set system root-authentication plain-text-password
New Password: abc123
Retype new password: abc123

JNCIA-ER Lab Manual

Jweb equivalent : Configuration > Quick Configuration > setup

Set the password of Root in encrypted text.
Root# set system root-authentication encrypted-password abc123

Jweb equivalent : Configuration > Quick Configuration > setup

To shutdown and restart the router
Root> request system poweroff
Root> request system reboot

Jweb equivalent : Manage > Reboot

To make the router on factory default setting
Root # load factory-default
warning: activating factory configuration
[edit]
Root # set system root-authentication plain-text-password
New password: abc123
Retype new password: abc123
[edit]
Root # commit

JNCIA-ER Lab Manual

Assign the IP Address on the Ethernet Interface of the

Router.
Configuration
Assign the IP Address on the Ethernet Interface of the Router.
Root# set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8
Root#edit interface fe-0/0/0
Root#Set description "This is the Ethernet management interface"
Root#top
Root#commit
Delete the IP Address on the Ethernet Interface of the Router.
Root#delete interface fe-0/0/0 unit 0 family inet address 10.0.0.10/8
Rename the IP Address on the Ethernet Interface of the Router.
Root#rename interface fe-0/0/0 unit 0 family inet address 10.0.0.10/8 to 15.0.0.10/8

Jweb equivalent : Configuration > Quick Configuration > interfaces

Verifying Command
Root> show interfaces
Root> show interface terse
Root>show interface description
Root> show interfaces terse | match fe

JNCIA-ER Lab Manual

Assign the IP Address on the Serial Interfaces of the

Router.
Configuration
Assign the IP Address on the Serial Interface of the Router R1 (DCE).
Root# set interfaces se-0/0/2 unit 0 family inet address 15.0.0.1/8
Root# set interfaces se-0/0/2 serial options clocking-mode dce
Root# set interfaces se-0/0/2 serial options clock-rate 64.0khz
Root# commit

Jweb equivalent : Configuration > Quick Configuration > interfaces

Assign the IP Address on the Serial Interface of the Router R2.
Root# set interfaces se-0/0/2 unit 0 family inet address 15.0.0.2/8
Root# commit

Jweb equivalent : Configuration > Quick Configuration > interfaces

Verifying Commands
Root> show interfaces
Root> show interfaces terse
Root> show interfaces terse | match se
Root> show interfaces detail se-0/0/2

10

JNCIA-ER Lab Manual

Lab # 2
Accessing Router through Telnet/SSH/HTTP
(Telnet/SSH/HTTP between two Routers)
Configuration
Configuring telnet on R1.
Root@R1# set system services telnet
Root@R1# set system services ssh
Root@R1# set system login user R1 class super-user authentication plain-textpassword
Enter password: abc123
Retype password: abc123

Configuring telnet on R2.

Root@R2# set system services telnet
Root@R2#set system services ssh
Root@R1# set system login user R2 class super-user authentication plain-textpassword
Enter password: abc123
Retype password: abc123

Verifying Commands
Root> show system users
Root> show configuration
Root# show system

11

12

JNCIA-ER Lab Manual

Lab # 3

STATIC Routes
Diagram
IP Address 15.0.0.2
Se-0/0/2

IP Address 15.0.0.1
Se-0/0/2
IP Address 10.0.0.10
Fe-0/0/0

WAN
R1

Host A
IP Address 10.0.0.1

R2

IP Address 20.0.0.10
Fe-0/0/0

Host B
IP Address 20.0.0.1

Configuration
Configure the Static Route on the Router R1.
Root# set routing-options static route 20.0.0.0/8 next-hop 15.0.0.2
Root# commit

Jweb equivalent : Configuration > Quick Configuration > routing and

protocols
Configure the Static Route on the Router R2.
Root# set routing-options static route 10.0.0.0/8 next-hop 15.0.0.1
Root# commit

JNCIA-ER Lab Manual

Jweb equivalent : Configuration > Quick Configuration > routing and

protocols
Verifying Command
Root> show route
Root>show route protocol static
Root> show configuration
Root> show interfaces terse

13

14

JNCIA-ER Lab Manual

Lab # 4 (i)

Routing Protocol- RIP

Diagram
IP Address 15.0.0.2
Se-0/0/2

IP Address 15.0.0.1
Se-0/0/2
IP Address 10.0.0.10
Fe-0/0/0

R1

WAN

Host A
IP Address 10.0.0.1

R2

IP Address 20.0.0.10
Fe-0/0/0

Host B
IP Address 20.0.0.1

Configuration
Enable the RIP protocol on the Router R1.
root@R1# set protocols rip group NAME export policy1
root@R1# set protocols rip group NAME neighbor se-0/0/2
Defining policy :
root@R1# set policy-options policy-statement policy1 from protocol direct
root@R1#set policy-options policy-statement policy1 then accept

Jweb equivalent : Configuration > Quick Configuration > routing and

protocols

JNCIA-ER Lab Manual

Enable the RIP protocol on the Router R2.

root@R2# set protocols rip group NAME export policy1
root@R2# set protocols rip group NAME neighbor se-0/0/2
Defining policy :
root@R2# set policy-options policy-statement policy1 from protocol direct
root@R2#set policy-options policy-statement policy1 then accept

Jweb equivalent : Configuration > Quick Configuration > routing and

protocols
Verifying Command
Root>show route
Root> show configuration
Root> show interfaces terse
Root>show route protocol rip

15

16

JNCIA-ER Lab Manual

Lab # 4 (ii)

Routing Protocol- OSPF (Area 0)

Diagram
Backbone Area / Area 0
IP Address 15.0.0.1
Se-0/0/2

IP Address
10.0.0.10
Fe-0/0/0

IP Address 15.0.0.2
Se-0/0/2

WAN
R1

R2

Host A
IP Address 10.0.0.1

IP Address
20.0.0.10
Fe-0/0/0

Host B
IP Address 20.0.0.1

Configuration
Enable the OSPF protocol on the Router R1.
Root@R1#set protocols ospf area 0.0.0.0 interface Fe-0/0/0
Root@R1#set protocols ospf area 0.0.0.0 interface Se-0/0/2
Or
Root@R1#set protocols ospf area 0.0.0.0 interface all

Jweb equivalent : Configuration > Quick Configuration > routing and

protocols

JNCIA-ER Lab Manual

Enable the OSPF protocol on the Router R2.

Root@R2#set protocols ospf area 0.0.0.0 interface Fe-0/0/0
Root@R2#set protocols ospf area 0.0.0.0 interface Se-0/0/2
Or
Root@R2#set protocols ospf area 0.0.0.0 interface all

Jweb equivalent : Configuration > Quick Configuration > routing and

protocols

Verifying Commands
Root>show route
Root>show ospf interface
Root>show ospf neighbor
Root>show route protocol ospf

17

18

JNCIA-ER Lab Manual

Lab # 5

Firewall Filtering
i.Simple Firewall Filtering
Diagram
IP Address 15.0.0.1
Serial-0/0/2

IP Address 15.0.0.2
Serial-0/0/2

WAN

IP Address
20.0.0.10
R2Ft 0Fe-0/0/0

R1
IP Address
10.0.0.10
Fe-0/0/0

FTP Server
WEB Server

IP Address
20.0.0.2

IP Address
20.0.0.1

Host A
IP Address
10.0.0.1

Host B
IP Address
10.0.0.2
IP Address 15.0.0.1

Configuration
Make the Standard ACL on router R1 such that Host A can not be
accessing
the Web & Ftp Server.
Root@R1# set firewall filter FILTER-IN term BLOCK-ALL-PACKETS from
source-address 10.0.0.1/32
Root@R1# set firewall filter FILTER-IN term BLOCK-ALL-PACKETS then
discard
Root@R1# set firewall filter FILTER-IN term ALLOW-OTHERS then accept

JNCIA-ER Lab Manual

19

Apply the Standard ACL on router R1s Serial Interface.

Root@R1#set interface se-0/0/2 unit 0 family inet filter OUTPUT FILTER-IN

Verifying commands (Now Host A should not be accessing both Web & FTP
servers. However, Host B should be accessing both Web & FTP Servers)
root# show firewall filter FILTER-NAME

20

JNCIA-ER Lab Manual

ii. Advanced Firewall Filtering

Diagram
IP Address 15.0.0.1
Serial-0/0/2

IP Address 15.0.0.2
Serial-0/0/2

WAN

IP Address
20.0.0.10
R2Ft 0Fe-0/0/0

R1
IP Address
10.0.0.10
Fe-0/0/0

FTP Server
WEB Server

IP Address
20.0.0.2

IP Address
20.0.0.1

Host A
IP Address
10.0.0.1

Host B
IP Address
10.0.0.2

Configuration
Make the Firewall Filtering on router R1 such that Host A can not be
the Web Server.

accessing

Root@R1#set firewall filter protect term DENY-http from sourceaddress10.0.0.1/32

Root@R1#set firewall filter protect term DENY-http from destinationaddress20.0.0.1/32
Root@R1#set firewall filter protect term DENY-http from protocol tcp
Root@R1#set firewall filter protect term DENY-http from destination-port http
Root@R1#set firewall filter protect term DENY-http then discard

21

JNCIA-ER Lab Manual

Make the Firewall Filtering on router R1 such that Host B can not be accessing the
Ftp Server.
Root@R1#set firewall filter protect term DENY-FTP from sourceaddress10.0.0.2/32
Root@R1#set firewall filter protect term DENY-FTP from destinationaddress20.0.0.2/32
Root@R1#set firewall filter protect term DENY-FTP from protocol tcp
Root@R1#set firewall filter protect term DENY- FTP from destination-port FTP
Root@R1#set firewall filter protect term DENY-FTP then discard
Root@R1#set firewall filter protect term PERMIT-ALL then accept

Apply the Firewall Filtering on router R1s Ethernet Interface.

Root@R1#set interface fe-0/0/0 unit 0 family inet filter input protect

Verifying commands

(Now Host A should not be accessing Web server & Host B

should not be accessing both FTP server).

root# show firewall filter FILTER-NAME

22

JNCIA-ER Lab Manual

Lab # 6

Port Address Translation (PAT)

Diagram
Inside Global

Outside Global

Inside Local

Outside Local
IP Address 15.0.0.1
Serial 0

IP Address 10.0.0.10
Ethernet 0

IP Address 15.0.0.2
Serial 0

WAN
R1

R2

IP Address 20.0.0.10
Ethernet 0

NAT
Translation Table Of
R1
10.0.0.1
15.0.0.11
10.0.0.2
15.0.0.12

FTP Server

WEB Server
Host A
IP Address
10.0.0.1

Host B
IP Address
10.0.0.2

IP Address
20.0.0.1

IP Address
20.0.0.2

Configuration
Configuring Sp interface
Root#set interfaces sp-0/0/0 unit 0 family inet
Defining Nat Pool
Root#set services nat pool global-out address 15.0.0.11/32
Root#set services nat pool global-out port automatic
Defining Nat rule
Root#set services nat rule nat-out match-direction output
Root#set services nat rule nat-out term nat-with-alg from application-sets junosalgs-outbound

JNCIA-ER Lab Manual

23

Root#set services nat rule nat-out term nat-with-alg then translated source-pool
global-out
Root#set services nat rule nat-out term nat-with-alg then translated translation-type
source dynamic
Create service set
Root#set services service-set nat-ss nat-rules nat-out
Root#set services service-set nat-ss interface-service service-interface sp-0/0/0.0
Apply service set to nat interface
Root#set interfaces se-0/0/2 unit 0 family inet service input service-set nat-ss
Root#set interfaces se-0/0/2 unit 0 family inet service output service-set nat-ss

Verifying commands
Root>sh services nat pool
Root >sh services nat pool detail
Root >clear services stateful-firewall flows

24

JNCIA-ER Lab Manual

Lab #7

Configuring VRRP
Virtual
Router
10.0.0.5
10.0.0.10

L0 15.0.0.1
J2300
VRRP
GROUP
1

10.0.0.20

J2300

L0 15.0.0.1

Host A
IP Address
10.0.0.1

Configuration
Configuration of Vrrp on Router A
Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1
virtual-address 10.0.0.5

JNCIA-ER Lab Manual

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1

priority 200
Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1
accept-data
Root#set interfaces lo0 unit 0 family inet address 15.0.0.2/32

Configuration of Vrrp on Router B

Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.20/8 vrrp-group 1
virtual-address 10.0.0.5
Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1
priority 100
Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1
accept-data
Root#set interfaces lo0 unit 0 family inet address 15.0.0.2/32

Verifying Commands
Root>show vrrp
Root>show vrrp interface fe-0/0/0

25

26

JNCIA-ER Lab Manual

Lab # 8

Inter-VLAN Routing

J2300
Fe-0/0/0
Fe-0/0/0.10
10.0.0.10 / 8

Fe-0/0/0.20
20.0.0.10 / 8
Fa 0/24

2950
Fa 0/1

Vlan 10

Host A
10.0.0.1/8
10.0.0.10

Switch
Switch(config)#vlan 10
Switch(config-vlan)#name vlan-10

Fa 0/11

Vlan 20

Host B
20.0.0.1/8
20.0.0.10

JNCIA-ER Lab Manual

Switch(config)#vlan 20
Switch(config-vlan)#name vlan-10
Switch(config)#interface range fastEthernet 0/1 - 10
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config)#interface range fastEthernet 0/11 - 20
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Switch(config)#interface fastEthernet 0/24
Switch(config-if)#switchport mode trunk

Router
Root#set interfaces fe-0/0/0 vlan-tagging
Root #set interfaces fe-0/0/0 unit 10 vlan-id 10
Root #set interfaces fe-0/0/0 unit 10 family inet address 10.0.0.10/8
Root #set interfaces fe-0/0/0 unit 20 vlan-id 20
Root #set interfaces fe-0/0/0 unit 20 family inet address 20.0.0.10/8

Verifying Command
root# show interfaces fe-0/0/0
root# show interfaces fe-0/0/0 | display set

27

28

JNCIA-ER Lab Manual

Lab # 9

Configuring Juniper Router as a Dhcp

Server
Fe-0/0/0
10.0.0.10J2300

Host A

Host B

Step 1: On Router Create & Configure Dhcp

Root#set system services dhcp pool 10.0.0.0/8
Root#set system services dhcp pool 10.0.0.0/8 router 10.0.0.10
Root#set system services dhcp pool 10.0.0.0/8 address-range low 10.0.0.1 high
10.0.0.12

JNCIA-ER Lab Manual

On Router reserve address (10.0.0.5) by excluding from dhcp pool

Root#set system services dhcp pool 10.0.0.0/8 exclude-address 10.0.0.5
Jweb equivalent : Configuration > Quick Configuration > dhcp
Verifying Commands
Root>show system services dhcp binding

29

30

JNCIA-ER Lab Manual

Lab #10

Password Recovery
Configuration
First Press Power ON Button reboot your router
when below line appear press space bar
Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [kernel] in 1 second...
Type boot s at below prompt
Type '?' for a list of commands, 'help' for more detailed help.
Ok boot -s
Type recovery at below prompt
Enter full pathname of shell or 'recovery' for root password recovery or RETURN
for /bin/sh: recovery
CLI prompt Appear
Starting CLI ...
root>
Type Configure and Set Root authentication Password
Root>configure
Root#set system root-authentication plain-text-password
New password:*******
Retype new password:*******

JNCIA-ER Lab Manual

Type commit to load configuration

Root#commit
Root# exit
Type Exit to reboot the Router
root> exit
Reboot the system? [y/n] yes

31

32

JNCIA-ER Lab Manual

Lab # 11

PPP AUTHENTICATION- CHAP

Diagram

IP Address 15.0.0.1
Se-0/0/2

IP Address 15.0.0.2
Se-0/0/2

WAN
R1

R2

Configuration
CHAP Authentication Configuration for Router R1.
Root#set system host-name R1
Root@R1#set system root-authentication encrypted-password abc123
Root@R1#set interfaces se-0/0/2 encapsulation ppp
Root@R1#set interfaces se-0/0/2 ppp-options chap default-chap-secret abc123
Root@R1#set interfaces se-0/0/2 ppp-options chap local-name R1
CHAP Authentication Configuration for Router R2.
Root#set system host-name R2
Root@R2#set system root-authentication encrypted-password abc123
Root@R2#set interfaces se-0/0/2 encapsulation ppp
Root@R2#set interfaces se-0/0/2 ppp-options chap default-chap-secret abc123
Root@R2#set interfaces se-0/0/2 ppp-options chap local-name R2