====== Junos OS Notizzettel ======
===== Links =====
* CLI DOC: https://www.juniper.net/documentation/us/en/software/junos/cli-reference/index.html
===== Hinweise =====
* Konfigurationsmodus wechseln:
==== Hinweis (configure Modus) ====
* Jede Änderung mit "commit" bestätigen
* Jede Änderungen kann geprüft werden: # commit check
* Einträge löschen startet mit: # delete
* Einträge umbennen startet mit: # rename
* Einträge anzeigen startet mit: # show
* Einträge ändern startet mit: # set
* Einträge bearbeiten startet mit: # edit
===== Systemeinstellungen (cli > configure) =====
* Hostname setzen
# set system host-name switch1
* Domainname setzen
# set system domain-name mgmt.siningsoft.home
* Zeitzone
# set system time-zone Europe/Berlin
===== Nutzer (cli > configure) =====
* Root-Kennwort ändern
# set system root-authentication plain-text-password
* Nutzer anlegen
# edit system login user $(Username)
# set class super-user
===== Interfaces (cli > configure) =====
* Interface abschalten Beispiel: Interface=ae0
# set interfaces ae0 disable
* Interface anschalten, wenn abgeschaltet
# delete interfaces ae0 disable
* Interface-Ranges anlegen Name=FirewallIF member ge-0/0/0 - 1
# set interface interface-range FirewallIF member-range ge-0/0/0 to ge-0/0/1
* LACP Interface anlegen und Ports angliedern, Informationen zu diesem Vorgehen: https://notthenetwork.me/blog/2013/07/29/junos-basics-aggregated-ethernet-interfaces-lacp/
# set chassis aggregated-devices ethernet device-count 1
# delete interfaces ge-0/0/0 unit 0
# delete interfaces ge-0/0/1 unit 0
# set interfaces ge-0/0/0 ether-options 802.3ad ae0
# set interfaces ge-0/0/1 ether-options 802.3ad ae0
# set interfaces ae0 aggregated-ether-options lacp active periodic fast
* Interface bearbeiten
# edit interfaces ge-0/0/17
# set description "Fahrradhaus"
# set unit 0 family ethernet-switching port-mode access
# set unit 0 family ethernet-switching vlan members Kamera
Spanning-Tree (https://www.juniper.net/documentation/us/en/software/junos/stp-l2/topics/topic-map/spanning-tree-overview.html)
rstp einschalten und bearbeiten
# edit protocols rstp
Bridge Priorität festlegen (niedrigste Prio = root-bridge)
{master:0}[edit protocols rstp]
# set bridge-priority 0
RSTP Interface != edge festlegen
{master:0}[edit protocols rstp]
# edit interface ae0.0
{master:0}[edit protocols rstp interface ae0.0]
# set priority 0
{master:0}[edit protocols rstp interface ae0.0]
# set mode shared
RSTP Interface = edge festlegen
{master:0}[edit protocols rstp]
# edit interface RSTPp2p
# set mode p2p
# set edge
PoE Einstellungen (cli > configure)
PoE für alle Ports abschalten
# set poe interface all disable
VLAN Einstellung (cli > configure)
VLAN anlegen, Beispiel: Name=Management ID=26
# set vlans Management vlan-id 26
VLAN umbennen wie das umbennen eines jeden Elements, siehe oben. Beispiel umbennen WLAN-CAM zu Kamera
# rename vlans WLAN-CAM to Kamera
Interface Mode trunk/access
# set interfaces ae0 unit 0 family ethernet-switching port-mode trunk
Interface VLAN Member Beispiel Interface=ae0 VLAN=Management
# set interfaces ae0 unit 0 family ethernet-switching vlan members Management
Interface VLAN Member Beispiel Interface=ge-0/0/2 VLAN=all
# set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members all
Interface native-VLAN-id
# set interfaces ae0 unit 0 family ethernet-switching native-vlan-id $VLAN-ID
IP Settings (cli > configure)
IPv4 Management Port (me0)
IP Adresse setzen
# set interface me0 unit 0 family inet address 10.26.1.5/28
Default Route setzen
# set routing-options static route 0.0.0.0/0 next-hop 10.26.1.1
DNS spezifisches
Domainsuchliste setzen
# set system domain-search mgmt.siningsoft.home domain-search siningsoft.home
DNS Server setzen
# set system name-server 10.26.1.1
NTP spezifisches
Boot-Server
# set system ntp boot-server 10.26.1.1
Sserver
# set system ntp server 10.26.1.1
Services konfigurieren
SSH
# set system services ssh key-exchange group-exchange-sha2
# set system services ssh hostkey-algorithm ssh-rsa
# set system services ssh macs hmac-sha2-512
# set system services ssh no-tcp-forwarding
# set system services ssh protocol-version v2
# set system services ssh root-login deny
Telnet ausschalten
# delete system services telnet
FTP ausschalten
# delete system services ftp
WebManagement
Anzahl Threads
# set system services web-management control max-threads 2
# set system services web-management session session-limit 2
URL
# set system services web-management management-url switch1.mgmt.siningsoft.home
Session Limit
# set system services web-management session session-limit 2
Idle Timeout
# set system services web-management session idle-timeout 15
HTTP WebInterface
Auf einem bestimmten Interface nur erlauben
# set system services web-management http interface me0
Auf den gewünschten Port konfigurieren
# set system services web-management http port 80
HTTPS WebInterface
Auf einem bestimmten Interface nur erlauben
# set system services web-management https interface me0
Auf den gewünschten Port konfigurieren
# set system services web-management https port 443
Auf ein self-signed Zertifikat konfigurieren
# set system services web-management https system-generated-certificate
Status abfragen (cli)
Alle interfaces samt Vlan und mode
> show ethernet-switching interfaces
Alle logmeldungen (geht auch mit alt-logs und gepackten
> show log messages