Juniper Switching

Card Set Information

Author:
drew1976
ID:
174992
Filename:
Juniper Switching
Updated:
2012-10-02 15:57:17
Tags:
JNCIE ENT juniper
Folders:

Description:
Juniper switching basic course for JNCIE-ENT
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user drew1976 on FreezingBlue Flashcards. What would you like to do?


  1. Five states of a switch port
    Learning, forwarding, flooding, filtering, aging
  2. Default aging time of a learned mac entry on Junos
    300 seconds
  3. How to configure interface range
    • [edit interfaces]
    • #show
    • interface-range JUNOS {
    •     member-range ge-0/0/1 to ge-0/0/11;
    •     unit 0 {
    •         family ethernet-switching {
    •             port-mode trunk;
    •         }
    •     }
    • }


    OR

    • [edit interfaces]
    • #show
    • interface-range JUNOS {
    •     member ge-0/0/1; 
    •     member ge-0/0/2;
    •     member ge-0/0/5;
    •     unit 0 {
    •         family ethernet-switching {
    •             port-mode trunk;
    •         }
    •     }
    • }
  4. How to configure a static MAC
    • [edit ethernet-switching-options]
    • #show
    • static {
    •     vlan default {
    •         mac 00:01:02:03:04:05 next-hop ge-0/0/1.0;
    •     }
    • }
  5. Juniper EX default VLAN config - which interfaces, what VLAN? Can it be changed?
    default config - every interface is in default VLAN, VLAN is untagged.

    can be changed via "set vlans default vlan-id 100"
  6. Minimal config for an access port with a VLAN
    • vlans {
    •     v10 { 
    •         vlan-id 10;
    •     }
    • }
    • interfaces {
    •     ge-0/0/1 { 
    •         unit 0 {
    •             family ethernet-switching;
    •             port-mode access;
    •             vlan {
    •                 members v10;
    •              }
    •          }
    •      }
    • }
  7. Trunk port config
    • interface ge-0/0/9 {
    •     unit 0 {
    •         family ethernet-switching {
    •         vlan {
    •             members [v10 v20]
    •         }
    •     }
    • }
  8. How to verify VLANs
    >show vlans (asterisk = active interface aka up up)
  9. What does the voice vlan do?
    Allows an access port to accept both untagged for data traffic and tagged for voice.  
  10. How to configure the voice vlan?
    • ethernet-switching-options {
    •     voip {
    •         interface ge-0/0/8.0 {
    •             vlan voice;
    •             forwarding-class assured-forwarding;
    •         }
    •     }
    • }

    • vlans {
    •     data {
    •         vlan-id 10;
    •      }
    •      voice {
    •          vlan-id 20;
    •      }
    • }

    • interfaces ge-0/0/8 {
    •    unit 0 {
    •         family ethernet-switching {
    •              port-mode access;
    •              vlan {
    •                  members data;
    •              }
    •          }
    •     }
    • }

    Make sure to put the voice and data on the trunked interface

    • interfaces ge-0/0/9 {
    •    unit 0 {
    •         family ethernet-switching {
    •              port-mode trunk;
    •              vlan {
    •                  members [data voice];
    •              }
    •         }
    •     }
    • }
  11. What is the native vlan and how do you configure it?
    Trunk ports by default only carry vlan tagged traffic.  "native-vlan-id" allows untagged traffic on trunked ports.  

    • config:
    • interfaces ge-0/0/9 {
    •    unit 0 {
    •         family ethernet-switching {
    •              port-mode trunk;
    •              vlan {
    •                  members [data voice];
    •              }
    •              native-vlan-id default;
    •         }
    •     }
    • }
  12. What is an RVI?  How do you configure?
    Routed VLAN interface.   Can route IP traffic between VLANs on the same switch.

    Typically on aggregation and access levels

    • interfaces {
    •     vlan {
    •         unit 14 {
    •             family inet {
    •                 address 10.1.1.1/24;
    •             }
    •         }
    •     }
    • }

    • vlans {
    •     vlan-id 14;
    •     interface {
    •         ge-0/0/6.0;
    •         ge-0/0/7.0;
    •     }
    •     l3-interface vlan.14;
    • }
  13. Spanning Tree Protocol - what does it do?
    Prevents layer2 loops for ethernet broadcast storms.  STP is facilitated through the use of BPDUs where ports are blocked based on path to root.
  14. Bridge ID
    Unique identifier for each switch
  15. Root bridge
    Switch with the LOWEST bridge ID
  16. Root port
    Port on each bridge closest to the root bridge
  17. Root path cost
    Bridge's calculated cost to get from itself to root bridge
  18. port cost
    • every interface has assigned port cost value (1-200,000,000)
    • GbE default = 20,000
  19. Four states of a port within STP
    Blocking, listening, learning, forwarding
  20. BPDU types
    Configuration BPDUs - used to build the spanning tree topology

    TCN BPDUs - reports topology changes
  21. BPDUs and root bridge election
    BPDUs not flooded, each bridge generates its own BPDUs for neighbors

    Root bridge elected - lowest priority.   If all the same priority, lowest MAC address is root bridge
  22. least path calculation to root bridge
    • 1.  all ports on root bridges become designated/forwarding
    • 2. root ports on switches -> forwarding, root bridge has no root
    • 3.  designated ports on designated bridges -> forwarding state
    • 4.  all other ports are in the blocking state
  23. RSTP improvements
    • -point to point link designation
    • -edge port designation (no other bridges attached)
    • -rapid recovery from failure
    • -alternate port - alternate to the root
    • -backup port  - redundant path to the segment
    • - config BPDUs every 2 seconds, with 3 missed keepalives interface down (6 seconds)
  24. RSTP states
    Discarding, Learning, forwarding

    discarding covers blocking and listening.
  25. RSTP Topology changes
    • - ports transitioning to discarding state, no TCN ACK
    • - switches do not flush MAC from edge
    • - switches do not flush MAC on port receiving TCN
  26. BPDU protection, what is it and how to configure?
    prevents rogue switches from connecting to the network and causing undesired L2 topology change

    "set protocols rstp bpdu-block-on-edge"

    "set protocols rstp interface ge-0/0/6.0 edge"
  27. RSTP monitoring commands
    • show spanning-tree interface ge-0/0/6.0
    • show ethernet-switching interface ge-0/0/6.0
  28. loop protection
    unidirectional link failures can cause loops

    set protocols rstp interface bdpu-timeout-action block
  29. root protection
    Superior BPDU cannot take over for root protection.

    set protocols rstp interface all no-root-port
  30. EX Port Security
    • MAC limiting
    • DHCP Snooping
    • Dynamic ARP Inspection
    • IP Source Guard
  31. MAC Limiting
    By default, you can have an unlimited # of MAC addresses.  

    • [edit ethernet-switching-options]
    • secure-access-port {
    •     interface ge-0/0/0.0 {
    •         mac-limit 1 action none;
    •     }
    •     interface ge-0/0/1.0 {
    •         mac-limit 1 action shutdown;
    •     }
    •     interface ge-0/0/4.0 {
    •         mac-move-limit 1 action <shutdown OR none>;
    •     }
    • }
  32. How to see and clear mac-limiting
    "show log messages"

    "clear ethernet-switching port-error interface ge-0/0/0.0"
  33. DHCP snooping
    Makes sure the right people are answering DHCP requests.

    Maintains a database of valid IP mappings

    Trunk = trusted, access = untrusted.   
  34. DHCP configuration
    • [edit ethernet-switching-options]
    • secure-access-port {
    •     interface ge-0/0/0.0 {
    •         no-dhcp-trusted;
    •     }
    •     interface ge-0/0/1.0 {
    •         dhcp-trusted;
    •     }
    •     vlan-default {
    •         examine-dhcp;
    •      }
    • }
  35. monitoring DHCP snooping
    "show dhcp snooping binding"

    "clear dhcp 

What would you like to do?

Home > Flashcards > Print Preview