Monday, 18 November 2013

Junos : Copy/Paste Configuration

Copying and Pasting a Configuration Section to Another Configuration

If you have a section of a configuration that you want include in another configuration, you can use the load merge terminal relative command to copy the configuration section from a file or an application window (for example, a Web browser) and paste the section in the CLI of the terminal window that you are using to configure a device.

To copy and paste a section of a configuration to another configuration:
  1. In the terminal window, navigate to the specific hierarchy where the data will be pasted (in this example, the system hierarchy).

    2. user@host# edit system
    [edit system]

  2. Enter the load merge terminal relative command:

    3. user@host# load merge terminal relative
    [Type ^D at a new line to end input]

  3. Copy the section of the configuration from a file or an application window.

  4. Paste the copied text into the CLI of the terminal window that you are using to configure the device.
    5. user@host# load merge terminal relative
    [Type ^D at a new line to end input]
    location building 2;
    ntp server 78.46.194.186 version 4;
  5. Press Enter once. Make sure that you perform this step before proceeding.

  6. Press Ctrl+d to indicate that the end of the pasted text. You see "load complete" in the terminal window.

  7. To verify the configuration but not activate it, use the show command. You can also use the commit check command to verify the correctness of the syntax for the commands that have been entered.

  8. If the validation is successful, go to the next step. Otherwise, review any error messages and use the CLI to change the configuration and resolve errors.

  9. Commit the configuration to activate it:

    10. user@host# commit
    commit complete
at No comments:

Sunday, 10 November 2013

Junos : Configuring Basic Settings with the CLI

Configuring Basic Settings with the CLI

In CLI configuration mode, you use the set command to enable features, and the delete command to disable them. The commands you enter do not update the active configuration on the router until you use the commit command.
To configure basic settings with the CLI:
  1. From the CLI, enter configuration mode:
      root> configure
      root#
  2. Set the IP addresses of the built-in Ethernet ports. For example:
      root# set interfaces ge-0/0/0 unit 0 family inet address 1.1.2.31/24
      root# set interfaces ge-0/0/1 unit 0 family inet address 1.6.2.1/24
      root# set interfaces ge-0/0/2 unit 0 family inet address 2.8.3.1/24
      root# set interfaces ge-0/0/3 unit 0 family inet address 9.1.4.1/24
    The unit number is the logical interface number. IP addresses are configured on the logical interface. Setting the protocol family to inet specifies the routing table of IPv4 addresses.
  3. Set a default route (default gateway) for IPv4 packets. For example:
      root# set routing-options static route 1.6.2.1/24 next-hop 10.1.1.50
  4. Configure one or more static routes:
      root# set routing-options static route destination-prefix next-hop address
  5. Set the hostname. For example:
      root# set system host-name Chicago
  6. Save your configuration settings and activate them on the Services Router:
      root# commit
at No comments:

Tuesday, 5 November 2013

Junos : ALG

JUNOS Software supports voice-over-IP Application Layer Gateways (VoIP ALGs) and basic data ALGs. (Note that supported ALG types vary depending on which hardware device you are using.)
VoIP ALGs provide stateful Application Layer inspection and Network Address Translation (NAT) capabilities to VoIP signaling and media traffic. The ALG inspects the state of transactions, or calls, and forwards or drops packets based on those states.
JUNOS Software supports the following VoIP ALGs:
  • H.323—The H.323 ALG provides support for the H.323 legacy VoIP protocol. The ALG lets you secure VoIP communication between terminal hosts, such as IP phones and multimedia devices. In such a telephony system, the gatekeeper device manages call registration, admission, and call status for VoIP calls. Gatekeepers can reside in the two different zones or in the same zone.
  • SIP—The SIP ALG provides support for the Session Initiation Protocol (SIP). SIP is an Internet Engineering Task Force (IETF)-standard protocol for initiating, modifying, and terminating multimedia sessions over the Internet. Such sessions might include conferencing, telephony, or multimedia, with features such as instant messaging and application-level mobility in network environments.
  • SCCP—The SCCP ALG provides support for Skinny Client Control Protocol (SCCP). SCCP is a Cisco proprietary protocol for call signaling. Skinny is based on a call-agent-based call-control architecture. The control protocol uses binary-coded frames encoded on TCP frames sent to well-known TCP port number destinations to set up and tear down RTP media sessions.
  • MGCP—The MGCP ALG provides support for Media Gateway Control Protocol (MGCP). MGCP is a text-based Application Layer protocol used for call setup and call control between the media gateway and the media gateway controller (MGC). .
JUNOS Software also supports the following data ALGs:
  • DNS—Provides an ALG for the Domain Name System. The DNS ALG monitors DNS query and reply packets and closes session if the DNS flag indicates the packet is a reply message.
  • FTP—Provides an ALG for the File Transfer Protocol (FTP).The FTP ALG monitors PORT, PASV, and 227 commands. It performs NAT on the IP, port, or both in the message and gate opening on the device as necessary. The FTP ALG supports FTP put and FTP get command blocking. When the FTP_NO_PUT or FTP_NO_GET command is set in the policy, the FTP ALG sends back a blocking command and closes the associated opened gate when the FTP STOR or FTP RETR command is observed.
  • TFTP—Provides an ALG for the Trivial File Transfer Protocol (TFTP). The TFTP ALG processes TFTP packets that initiate the request and opens a gate to allow return packets from the reverse direction to the port that sends the request.
  • PPTP—Provides an ALG for the Point-to-Point Tunneling Protocol (PPTP). The PPTP is a Layer 2 protocol that tunnels PPP data across TCP/IP networks. The PPTP client is freely available on Windows systems and is widely deployed for building Virtual Private Networks (VPNs).
  • REAL—Provides an ALG for the Real-Time Streaming Protocol.
  • MSRPC—Provides an ALG for the Microsoft Remote Procedure Call.
  • SUNRPC—Provides an ALG for the SUN Remote Procedure Call.
  • RSH—Provides an ALG for the Remote Shell (RSH). The RSH ALG handles TCP packets destined for port 514 and processes the RSH port command. The RSH ALG performs NAT on the port in the port command and opens gates as necessary.
  • SQL—Provides an ALG for the Structured Query Language (SQL). The SQLNET ALG processes SQL TNS response frame from the server side. It parses the packet and looks for the (HOST=ipaddress), (PORT=port) pattern and performs NAT and gate opening on the client side for the TCP data channel.
  • TALK—Provides an ALG for the TALK Protocol. The TALK protocol uses UDP port 517 and port 518 for control channel connections. The talk program consists of a server and a client. The server handles client notifications and helps to establish talk sessions. There are two types of talk servers: ntalk and talkd. The TALK ALG processes packets of both ntalk and talkd formats. It also performs NAT and gate opening as necessary.
at 1 comment:

Sunday, 27 October 2013

JUNOS : Configuring Layer 2 Logical Interfaces

J-Web Configuration

To configure a Layer 2 logical interface as a trunk port:
  1. Select Configure>CLI Tools>Point and Click CLI.
  2. Next to Interfaces, click Configure or Edit.
  3. In the Interface name column, select ge-3/0/0.
  4. Under Unit, in the Interface unit number column, click 0.
  5. Next to Family group, select Bridge and then click Configure.
  6. Next to Interface mode, select trunk.
  7. Next to Vlan list, select Vlan id list.
  8. In the Vlan id box, type 1–10.
  9. Click OK to return to the Family page.
  10. Click OK to return to the Unit page.
  11. Click OK to return to the Interface page.
  12. Click OK to return to the Interfaces page.
To configure a VLAN ID for untagged packets received on a physical interface:
  1. Select Configure>CLI Tools>Point and Click CLI.
  2. Next to Interfaces, click Configure or Edit.
  3. In the Interface name column, select ge-3/0/0.
  4. In the Native vlan id box, type 10.
  5. Next to Vlan tag mode, select Vlan tagging.
  6. Click OK to return to the Interfaces page.

CLI Configuration

To configure a Layer 2 logical interface as a trunk port:
user@host# set interfaces ge-3/0/0 unit 0 family bridge interface-mode trunk vlan-id-list 1–10
To configure a VLAN identifier for untagged packets received on a physical interface:
user@host# set interfaces ge-3/0/0 vlan-tagging native-vlan-id 10
at No comments:

Saturday, 19 October 2013

JUNOS: Features and Benefits

JUNOS software helps customers in specific, measurable ways to improve the availability and delivery of services, to reduce operations effort and errors, and to meet new business needs — with a long list of distinct attributes that set it apart from other network operating systems.
JUNOS Software Advantage JUNOS Software Attributes
Continuous Systems
Improve the availability, performance and security of services
  • Fault-tolerant modularity - enhances software stability and uptime with independent operation and restart of modules.
  • Dedicated resources for routing and packet forwarding - provide predictable performance as new services are activated and with a command-line interface (CLI) that doesn't lock-up.
  • High availability features - preserve forwarding and routing operations during device events with non-stop forwarding, Graceful Routing Engine Switchover, non-stop routing, etc.
  • Single release train - enables the development control and extensive regression testing that underlie the software stability.
  • Secure Operating System - protects with secure administration and advanced security features, including Stateful firewall, VPNs, etc. that deliver high throughput with many activated policies.
  • Automated operations (see row below) - prevent human errors and provide proactive measures to reduce the total number, severity and duration of events.
Automated Operations
Reduce operations effort and errors
  • Single implementation of each feature - provides a common user experience regardless of platform to simplify deployment and training.
  • Error-resilient configuration - prevents incomplete or incorrect configurations from becoming active in the network.
  • On-box, custom commit scripts - ensure that configurations are error-free and in compliance to each organization's policies to prevent outages and security vulnerabilities caused by human error.
  • On-box, custom operation (op) scripts and event policies - automate finding and proactively resolving issues from the first, leading indicators to reduce the number, severity and duration of events.
  • Single release train - removes significant risk and effort from network upgrades.
Flexible Innovation
Meet new business needs
  • Session Resource and Control portfolio and Open IP Service Creation Program - extend policy and control to applications and other systems to deliver a rich set of IP services.
  • NETCONF/XML interfaces - support flexible integration to management and operations systems.
  • JUNOScope IP Service Manager 413 KB and J-Web 86 KB provide central and web-based management of JUNOS-based platforms.
  • Systematic development process - predictably provides many new features each quarter to protect investment by meeting new service needs.
at No comments:

Friday, 11 October 2013

Google Malaysia Been Cracked.

Today 11 Oct 2013, 9:00 am Google Malaysia web site ( www.google.com.my) by cracked.

at No comments:

Sunday, 6 October 2013

Junos : Local Web filtering

To configure local Web filtering using the CLI, you must first create your custom objects.
  1. Configure a URL pattern list custom object by creating the list name and adding values to it as follows:
    Note: Because you use URL pattern lists to create custom URL category lists, you must configure URL pattern list custom objects before you configure custom URL category lists. The URL and IP address is added in this example.
    user@host# set security utm custom-objects url-pattern urllist3 value [http://www.juniper.net 1.2.3.4]
    user@host# set security utm custom-objects url-pattern urllist4 value [http://www.acmegizmo.com 1.2.3.4]
    Note: URL pattern wildcard support—The wildcard rule is as follows: \*\.[]\?* and you must precede all wildcard URLs with http://. You can only use “*” if it is at the beginning of the URL and is followed by a “.”. You can only use “?” at the end of the URL.
    The following wildcard syntax is supported: http://*.juniper.net, http://www.juniper.ne?, http://www.juniper.n??. The following wildcard syntax is NOT supported: *.juniper.net , www.juniper.ne?, http://*juniper.net, http://*.
  1. Configure a custom URL category list custom object by using the URL pattern list you created as follows:
    user@host# set security utm custom-objects custom-url-category custurl3 value urllist3
    user@host# set security utm custom-objects custom-url-category custurl4 value urllist4
Now that your custom objects have been created, you can configure the juniper-local Web filtering feature profile.
  1. If you are using included global whitelist and blacklist categories, select those global categories. This is the first filtering category that both integrated, redirect, and local Web filtering use. If no match is made, the configured default fallback action is performed. 
  2. user@host# set security utm feature-profile web-filtering url-blacklist custurl3
    user@host# set security utm feature-profile web-filtering url-whitelist custurl4
  3. Select juniper-local as your Web filtering engine as follows:
    user@host# set security utm feature-profile web-filtering type juniper-local
  4. Create a juniper-local profile by first creating a profile with a default action (permit, log and permit, block) for requests that experience errors as follows:
    user@host# set security utm feature-profile web-filtering juniper–local profile localprofile1 default permit
  5. Enter a custom message to be sent when HTTP requests are blocked.
    user@host# set security utm feature-profile web-filtering juniper-local profile localprofile1 custom-block-message “Access to this site is not permitted”
  6. Select fallback settings (block or log and permit) for this profile. The fallback actions are taken when errors in each configured category occur.
    user@host# set security utm feature-profile web-filtering juniper–local profile localprofile1 fallback-settings default block
    user@host# set security utm feature-profile web-filtering juniper–local profile localprofile1 fallback-settings too-many-requests block
  1. Configure a UTM policy for the Web filtering protocol and attach this policy to a profile. CLI commands for configuring a UTM policy for HTTP Web filtering, and attaching that policy to a profile you created earlier for content filtering are:
    user@host# set security utm utm-policy utmp5 web-filtering http-profile localprofile1
  2. Attach the UTM policy to a firewall security policy.
    user@host# set security policies from-zone trust to-zone untrust policy p5 match source-address any
    user@host# set security policies from-zone trust to-zone untrust policy p5 match destination-address any
    user@host# set security policies from-zone trust to-zone untrust policy p5 match application junos-http
    user@host# set security policies from-zone trust to-zone untrust policy p5 then permit application-services utm-policy utmp5
at 1 comment:
Subscribe to: Posts (Atom)
loading...