tag:blogger.com,1999:blog-62318321456660406042024-02-06T21:06:41.457-08:00networkingSome interesting things about networksJozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.comBlogger17125tag:blogger.com,1999:blog-6231832145666040604.post-40363491120446862012013-08-31T13:47:00.000-07:002013-08-31T13:47:17.911-07:00Upgrade Junos 10.0 to 12.3. Activating NSR, NSB<div dir="ltr" style="text-align: justify;">
Junos 10.0 is not recommended and supported anymore. Latest releases add some interresting features on pure/non-mixed EX 4200 virtual-chassis like nonstop active routing, nonstop bridging and ISSU. Best choice is to upgrade to newest release during one maintenance window.</div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
</div>
<div dir="ltr" style="text-align: justify;">
</div>
<div dir="ltr" style="text-align: justify;">
<a href="http://kb.juniper.net/InfoCenter/index?page=content&id=KB21476">Link to JTAC Recommended Junos Software Versions </a> </div>
<div class="separator" style="clear: both; text-align: justify;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhUqtT1WnpG5ZxhIBAiOgmQ_5GZlfezTFMIjcITGTaOz7TFDG1kSpS6Lfqz97CV1sUIKeODo1PWkIk5dIg9pXgB7Vt_v0DtvbmDRN5CrpdcgVHiYJBlB3lRQHbWG6A9-y_0NL2M3loywc/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="390" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhUqtT1WnpG5ZxhIBAiOgmQ_5GZlfezTFMIjcITGTaOz7TFDG1kSpS6Lfqz97CV1sUIKeODo1PWkIk5dIg9pXgB7Vt_v0DtvbmDRN5CrpdcgVHiYJBlB3lRQHbWG6A9-y_0NL2M3loywc/s640/1.png" width="640" /></a></div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
<a href="http://www.juniper.net/support/downloads/?p=ex4200#sw">Link to EX4200 - Download Software</a></div>
<div dir="ltr" style="text-align: justify;">
They upgraded download page, so it directly leads you to recommended version. You need priviledges to download Junos.</div>
<div class="separator" style="clear: both; text-align: justify;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicjlOobFgRBSKlX7abU0hYUWkEI_1sM-5aGs166UBcfjnv3FBXN7_BpmX4Jq2zIQzoPOcUnx0Q_rUl2K22YClW5L0NloIQb7W9RO9BmI3jDMYbmKXa9kBiDBJ2e35qnIJ2pjL69zv_uGA/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="156" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicjlOobFgRBSKlX7abU0hYUWkEI_1sM-5aGs166UBcfjnv3FBXN7_BpmX4Jq2zIQzoPOcUnx0Q_rUl2K22YClW5L0NloIQb7W9RO9BmI3jDMYbmKXa9kBiDBJ2e35qnIJ2pjL69zv_uGA/s640/2.png" width="640" /></a></div>
<div dir="ltr" style="text-align: justify;">
There is a little notice when you want to download Junos 10.4R3+. for EX 4200. I am going to incorporate content of this notice later in this blog. We need to click on text TSB15524 to download jloader file. <a href="http://kb.juniper.net/InfoCenter/index?page=content&id=TSB15524&smlogin=true">Link to jloader files.</a></div>
<div class="separator" style="clear: both; text-align: justify;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgc-0MIsy3Cs-q5frZSE4eS5Zi4q1eGQ5jNDHrxjz0JCrk-bkRR5Sf3OMkF4beJ5SocbVhcxn-XgXPC4e75yoy01Gdq2m3B1ibauha1a7U8IFFmlocufGb5L71obHvYv_aj_MovcO9wW5s/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="206" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgc-0MIsy3Cs-q5frZSE4eS5Zi4q1eGQ5jNDHrxjz0JCrk-bkRR5Sf3OMkF4beJ5SocbVhcxn-XgXPC4e75yoy01Gdq2m3B1ibauha1a7U8IFFmlocufGb5L71obHvYv_aj_MovcO9wW5s/s400/3.png" width="400" /></a></div>
<div dir="ltr" style="text-align: justify;">
Notice that there has been some problem with newer hardware revisions. As mentioned on TSB15524, links are changed to right jloader files. <a href="http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16191&actp=SUBSCRIPTION">Link to more info about this problem</a>.</div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
You should have read release notes for version that you are going to upgrade to. So please read 12.3 release notes. <a href="http://www.juniper.net/techpubs/en_US/junos12.3/information-products/topic-collections/release-notes/12.3/index.html">Link to Junos Software Release Notes 12.3</a>. You should also have to download additional files like MIBs, Documentation, Radius Dictionary, etc.</div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
Read this from <a href="http://www.juniper.net/techpubs/en_US/junos12.3/information-products/topic-collections/release-notes/12.3/index.html">Relase notes 12.3</a>. On left click <i>Junos OS Release Notes for EX Series Switches</i> and then <i>Upgrade and Downgrade Instructions for Junos OS Release 12.3
for EX Series Switches.</i> This is the same direct link: <a href="http://www.juniper.net/techpubs/en_US/junos12.3/information-products/topic-collections/release-notes/12.3/topic-69605.html#rn-junos-ex-upgrade-downgrade">Upgrade and Downgrade Instructions for Junos OS Release 12.3
for EX Series Switches.</a> </div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
You cannot directly upgrade to 12.3:</div>
<blockquote class="tr_bq">
<h2 class="Head2" id="pre-resilient-dual-root-upgrade-ex">
Upgrading from Junos OS Release 10.4R2 or Earlier</h2>
<div class="Para1">
To upgrade to Junos OS Release 12.3 from Junos OS Release 10.4R2
or earlier, first upgrade to Junos OS Release 11.4 by following the
instructions in the Junos OS Release 11.4 release notes. See <i>Upgrading from Junos OS Release 10.4R2 or Earlier</i> or <i>Upgrading from Junos OS Release 10.4R3 or Later</i> in the <a href="http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/release-notes/11.4/junos-release-notes-11.4.pdf">Junos OS 11.4 Release Notes</a> <img alt="PDF Document" src="http://www.juniper.net/shared/img/global/icon-pdf.gif" />.</div>
</blockquote>
<div dir="ltr" style="text-align: justify;">
So download latest 11.4 and jloader. <a href="http://kb.juniper.net/InfoCenter/index?page=content&id=TSB15524&smlogin=true">Link to jloader files</a> was mentioned before. Download Junos OS 11.4 Release Notes.</div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
<b>So the process looks like this:</b></div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
download jloader, Junos 11.4, 12.3 -></div>
<div dir="ltr" style="text-align: justify;">
-> upgrade jloader -> upgrade to 11.4 and reboot -> check VC -> upgrade to 12.3 and reboot -> check VC -></div>
<div dir="ltr" style="text-align: justify;">
-> if not configured, configure commit synchronize, graceful switchover-></div>
<div dir="ltr" style="text-align: justify;">
-> if VC consists of two switches, configure no-split-detection -></div>
<div dir="ltr" style="text-align: justify;">
-> deactivate GRES (graceful-restart) -> activate NSB -> activate NSR -> check NSR, NSB</div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<h3 dir="ltr" style="text-align: justify;">
<b>Install jloader and Junos 11.4 from USB</b> </h3>
<div dir="ltr" style="text-align: justify;">
<b>Copy these files to an USB with FAT32. </b></div>
<div dir="ltr" style="text-align: justify;">
<b> </b></div>
<div dir="ltr" style="text-align: justify;">
<b>Log to virtual-chassis (I recommend via Console)</b></div>
<div dir="ltr" style="text-align: justify;">
<b>Plug it to a Master switch. </b>(MST led is green on or <span style="font-family: "Courier New",Courier,monospace;">> show virtual-chassis</span>) </div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
<b>Login as root and start shell</b></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;">> start shell user root</span></div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
<b>Create new directory </b></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;">% mkdir /var/tmp/usb</span><b> </b></div>
<div dir="ltr" style="text-align: justify;">
<b><br /></b></div>
<div dir="ltr" style="text-align: justify;">
<b>Mount usb</b></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;">% mount -t msdosfs /dev/da1s1 /var/tmp/usb</span></div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
<b>Add jloader </b></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;">% cli</span></span></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;">> request system software add /var/tmp/usb/<code>jloader-ex-3242-XX.X<i>build</i>-signed.tgz</code></span></span></div>
<div dir="ltr" style="text-align: justify;">
<code> </code> </div>
<div dir="ltr" style="text-align: justify;">
<b>Add software and automatically reboot. <span style="color: red;">Content of usb will be erased.</span></b> All members of VC will be upgraded,</div>
<div dir="ltr" style="text-align: justify;">
</div>
<div dir="ltr" style="text-align: justify;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;">> request system software add /var/tmp/usb/<code>jinstall.... reboot</code></span></span></div>
<code></code><div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
After boot. Check system status of VC. Copy new 12.3 junos to usb, plug it in master switch, mount it and upgrade to 12.3</div>
<div dir="ltr" style="text-align: justify;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;">> request system software add /var/tmp/usb/<code>jinstall.... reboot</code></span></span></div>
<code></code><div dir="ltr" style="text-align: justify;">
</div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
<u></u></div>
<div dir="ltr" style="text-align: justify;">
<b>How to enable NSR & NSB?</b></div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
<b>configure commit synchronize, graceful switchover (GRES)</b></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;">> configure</span><b><br /></b></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;"># set system commit synchronize<br /># set chassis redundancy graceful-switchover</span></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;"># commit<br /></span></div>
<div dir="ltr" style="text-align: justify;">
<b>if VC consists of two switches, configure no-split-detection</b></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;"># set virtual-chassis no-split-deteciton</span></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;"># commit</span></div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
<b>GR and NSR cannot be enabled on the same device. Please read this link to overview what is GR and NSR.<a href="http://kb.juniper.net/InfoCenter/index?page=content&id=KB27474">[Subscriber Management] GRES & NSR Configuration Quick Summary</a> </b></div>
<div dir="ltr" style="text-align: justify;">
<b> </b></div>
<div dir="ltr" style="text-align: justify;">
<b>deactivate graceful restart (GR)</b></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;"># delete routing-options greceful-restart </span><b></b></div>
<br /><div dir="ltr" style="text-align: justify;">
<b>GR could be enabled under protocols like bgp. Show where GR is configured</b></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;"># show | display set | match graceful-restart</span></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;"><i><span style="font-family: "Courier New",Courier,monospace;"># set protocols bgp graceful-restart</span> </i></span></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;"># delete protocols bgp graceful-restart</span></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;"># commit </span></div>
<div dir="ltr" style="text-align: justify;">
<br /><b>activate NSB, activate NSR</b></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;"># set routing-options nonstop-routing<br /># commit </span></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;"># set ethernet-switching-options nonstop-routing</span></div>
<div dir="ltr" style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;"># commit</span></div>
<div dir="ltr" style="text-align: justify;">
<a href="http://kb.juniper.net/InfoCenter/index?page=content&id=KB27474"></a></div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
<b>ISSU</b> </div>
<div dir="ltr" style="text-align: justify;">
Just read following link. There is a lot to do. ISSU is basically a technology that upgrades VC members one after another to minimalize downtime. Best achieved if your links are aggregated trunks spanning through multiple members.</div>
<div dir="ltr" style="text-align: justify;">
<a href="http://www.juniper.net/techpubs/en_US/junos12.3/topics/concept/nssu-ex-series.html">Link to Understanding Nonstop Software Upgrade on EX Series Switches</a></div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
<b>check NSR, NSB</b></div>
<div dir="ltr" style="text-align: justify;">
Check this link on how to check NSR and NSB. <b><a href="http://kb.juniper.net/InfoCenter/index?page=content&id=KB27474">[Subscriber Management] GRES & NSR Configuration Quick Summary</a></b></div>
<div dir="ltr" style="text-align: justify;">
<br /></div>
<div dir="ltr" style="text-align: justify;">
That is all<b>.</b></div>
Jozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.com1tag:blogger.com,1999:blog-6231832145666040604.post-78779768799542823302013-08-31T12:22:00.003-07:002013-08-31T12:25:09.476-07:00How to move some system directory to another diskThis blog post is not much networking related and it is a modified sequence that proposed by my chef. There could be errors. Feel free to correct me in comments.<br />
<br />
In this tutorial I am going to move /usr directory to a new physical disk. Reason of moving this directory is because there is no much space left on /dev/sda1. System used is Ubuntu Server 10.4.<br />
<br />
<b>Login as root:</b><br />
<span style="font-family: "Courier New",Courier,monospace;">$ sudo su -</span><br />
<span style="font-family: "Courier New",Courier,monospace;"><br /></span>
<b>Command to check how to see how much space do left on /dev/sda1 (root directory: /)</b><br />
<span style="font-family: "Courier New",Courier,monospace;">$ df -H</span><br />
<br />
<b>Format disk sdb1 with ext3. Same as is sda1. Partitions should have been created on sdb [1]</b><br />
<pre><span style="font-family: "Courier New",Courier,monospace;"><span style="font-size: small;">$ mkfs -t ext3 /dev/sdb1</span></span></pre>
<br />
<b>Stop as much proccesses as you can. </b>So copying files is more "safe".<br />
<span style="font-family: "Courier New",Courier,monospace;">$ ps aux | more</span><br />
<span style="font-family: "Courier New",Courier,monospace;">$ netstat -tulpn | more</span><br />
<span style="font-family: "Courier New",Courier,monospace;">$ killall <processname> </span><br />
<span style="font-family: "Courier New",Courier,monospace;">$ kill <processid></span><br />
<br />
<b>Make new directory on a root directory </b><br />
<span style="font-family: "Courier New",Courier,monospace;">$ mkdir /usrtmp</span><br />
<br />
<b>get disk UUID [2]</b><br />
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-size: small;">$ ls -l /dev/disk/by-uuid<span style="font-family: "Courier New",Courier,monospace;"><code class="jscript plain"></code></span></span></span><br />
<b>or</b><br />
<span style="font-family: "Courier New",Courier,monospace;">$ blkid</span><b></b><br />
<b><br /></b>
<b>modify /etc/fstab. Add line like this [3]</b><br />
<pre><span style="font-family: "Courier New",Courier,monospace;">UUID=aabbccdd-eeff-1234-5678-abcdef01234 <b>/usrtmp</b> ext3 relatime,errors=remount-ro 0 1
<span class="anchor" id="line-8"></span></span></pre>
<b> <b> </b></b><br />
<b><b>mount disk to directory /usrtmp.</b></b><br />
<span style="font-family: "Courier New",Courier,monospace;">$ mount /dev/sdb1 /usrtmp</span><br />
<b><b> </b> </b><br />
<b>copy files from /usr to /usrtmp </b>(for example via Midnight Commander - mc) and <u>preserve Attributes</u> or<u><br /></u><br />
<span style="font-family: "Courier New",Courier,monospace;">$ copy -pR /usr/ /usrtmp/</span><br />
<br />
<b>erase content of original /usr </b>(via mc) or<br />
<span style="font-family: "Courier New",Courier,monospace;">$ rm -rf /usr</span><br />
<br />
<b>umount new disk</b><br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">$ umount /usrtmp</span><b> </b><br />
<br />
<br />
<br />
<b>change /etc/fstab</b><br />
<br />
<pre><span style="font-family: "Courier New",Courier,monospace;">UUID=aabbccdd-eeff-1234-5678-abcdef01234 <b>/usr </b>ext3 relatime,errors=remount-ro 0 1</span></pre>
<br />
<b><b>remount it to /usr</b> </b><br />
<span style="font-family: "Courier New",Courier,monospace;">$ mount /dev/sdb1 /usr</span><b><br /></b><br />
<br />
<br />
<br />
<b>References:</b><br />
[1] <a href="https://help.ubuntu.com/community/InstallingANewHardDrive#Partition_The_Disk">https://help.ubuntu.com/community/InstallingANewHardDrive#Partition_The_Disk</a><br />
[2] <a href="http://liquidat.wordpress.com/2007/10/15/short-tip-get-uuid-of-hard-disks/">http://liquidat.wordpress.com/2007/10/15/short-tip-get-uuid-of-hard-disks/</a><br />
[3] <a href="https://help.ubuntu.com/community/Fstab">https://help.ubuntu.com/community/Fstab</a><br />
Jozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.com0tag:blogger.com,1999:blog-6231832145666040604.post-10058825638007783852013-06-19T16:45:00.000-07:002013-06-19T16:45:04.037-07:00Juniper EX mac-based VLANs<h2>
Juniper EX mac-based VLANs</h2>
Hi All,<br />
<br />
<div style="text-align: justify;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs28OetOfubfDu6sgyUbeD7QVFlpmtmB2pK7BYwuMbGEeIYhQttLS9w366kxJmmHrw3S4fXlr_HHWJovnBLFLOdK9aXuF2WDVD3UrWhQORV_RdZDr2MjIqYTv5riUXE11JBguMJlWBuSw/s1600/mac-based-vlan.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="319" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs28OetOfubfDu6sgyUbeD7QVFlpmtmB2pK7BYwuMbGEeIYhQttLS9w366kxJmmHrw3S4fXlr_HHWJovnBLFLOdK9aXuF2WDVD3UrWhQORV_RdZDr2MjIqYTv5riUXE11JBguMJlWBuSw/s1600/mac-based-vlan.png" width="320" /></a>Imagine that you have to assign a VLAN to a device that is not capable of sending a tagged frames. You can assign VLAN based on a MAC address or a MAC address OUI (first 3 octets), or mask. An example could be a VoIP phone or a set-top-box. Yes, for VoIP, you have a great functionality called <a href="http://kb.juniper.net/InfoCenter/index?page=content&id=KB11062">Voice VLAN</a> that could suits your scenario. But for my scenario it was not an option.</div>
<div style="text-align: justify;">
On a picture you can see three devices connected to unmanaged switch that send untagged frames. Unmanaged switch is connected to EX2200. On EX2200 you have a configuration that assign particular VLAN to specific frames:</div>
<br />
<br />
<br />
<br />
<span style="font-family: "Courier New", Courier, monospace;">interfaces {<br /> ge-0/0/0 {<br /> unit 0 {<br /> family ethernet-switching {<br /> port-mode access;<br /> vlan {<br /> members 10;<br /> }<br /> }<br /> }<br /> }<br />}</span><br />
<span style="font-family: "Courier New", Courier, monospace;">protocols {<br /> dot1x {<br /> authenticator {<br /> static {<br /> 00:15:c5:f5:d1:d1/48 {<br /> vlan-assignment 11;<br /> }<br /> 00:1c:c4:00:00:00/24 {<br /> vlan-assignment 78;<br /> }<br /> }</span><br />
<span style="font-family: Courier New;"> interface {<br /> ge-0/0/0.0 {<br /> supplicant multiple;<br /> }</span><span style="font-family: "Courier New", Courier, monospace;"> }<br /> }<br /> }<br />}<br />vlans {<br /> v11 {<br /> description "PHONE";<br /> vlan-id 11;<br /> v78 {<br /> description "VIDEO";<br /> vlan-id 78;<br /> }<br />}</span><br />
<span style="font-family: Courier New;"></span><br />
This will "set" vlan 11 to a device with MAC <span style="font-family: Courier New;">00:15:c5:f5:d1:d1<span style="font-family: inherit;"> </span><span style="font-family: inherit;">and vlan 78 to addresses</span> 00:1c:c4:00:00:00/24. <span style="font-family: inherit;">Interface is configured for mode access so PC is automatically taged to default vlan 10. Uplink port configuration is not included. To show a vlan assigment use </span></span><span style="font-family: "Courier New", Courier, monospace;">show vlans, </span><span style="font-family: "Courier New", Courier, monospace;">show dot1x interface</span><br />
<br />
<br />
Here are some references.<br />
<ul>
<li>My older forum post: <a href="http://forums.juniper.net/t5/Ethernet-Switching/mac-based-vlans/td-p/78548">http://forums.juniper.net/t5/Ethernet-Switching/mac-based-vlans/td-p/78548</a>.</li>
<li>Junos static mac-based vlan assigment <a href="http://www.juniper.net/techpubs/en_US/junos12.2/topics/task/configuration/authentication-static-mac-bypass-ex-series-cli.html">http://www.juniper.net/techpubs/en_US/junos12.2/topics/task/configuration/authentication-static-mac-bypass-ex-series-cli.html</a></li>
<li>Vlan could be set via <strong>Radius</strong>. I googled and found this <a href="http://daemonkeeper.net/638/configure-mac-based-vlan-assignment-with-freeradius-and-junos/">http://daemonkeeper.net/638/configure-mac-based-vlan-assignment-with-freeradius-and-junos/</a>. Search for <strong>Configure MAC-Auth and EX Configuration</strong> and this: <strong>Junos reference </strong><a href="http://www.juniper.net/techpubs/en_US/junos9.4/topics/concept/802-1x-pnac-guest-vlan-understanding.html">http://www.juniper.net/techpubs/en_US/junos9.4/topics/concept/802-1x-pnac-guest-vlan-understanding.html</a><strong> and </strong><a href="https://kb.juniper.net/InfoCenter/index?page=content&id=KB12688&cat=EX8216_1&actp=LIST&showDraft=false">https://kb.juniper.net/InfoCenter/index?page=content&id=KB12688&cat=EX8216_1&actp=LIST&showDraft=false</a></li>
</ul>
<br />
End notes:<br />
<ul>
<li>I was not successful with setting bidirectional untagged vlan on port for particular mac-address with firewall filters. (on EX2200).</li>
<li>Mac-based vlans are compatible with other features like multicast-igmp snooping and QoS-per queue (VLAN) shaping</li>
<li>This should works on some devices. I didn't tested it: ... vlan mapping policy + firewall filter <a href="http://forums.juniper.net/t5/Ethernet-Switching/quot-filter-based-VLANs-quot/td-p/141799">http://forums.juniper.net/t5/Ethernet-Switching/quot-filter-based-VLANs-quot/td-p/141799</a></li>
<li>There is a new functionality on 11.1. I didn't tested it: <a href="http://juniper.tw/techpubs/en_US/junos12.2/topics/reference/configuration-statement/next-hop-edit-ethernet-switching-options-static.html">http://juniper.tw/techpubs/en_US/junos12.2/topics/reference/configuration-statement/next-hop-edit-ethernet-switching-options-static.html</a></li>
</ul>
<br />Jozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.com0tag:blogger.com,1999:blog-6231832145666040604.post-13637279327191992092013-04-08T12:11:00.002-07:002013-08-31T11:57:14.045-07:00Testing how much routes a device could handle with QuaggaHi,<br />
<br />
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
I wanted to stress-test multilayer switch Juniper EX 4200 and its routing engine. Somehow. I wanted to simulate a number of BGP routes and how will switch react. Importing and filtering BGP routes to Adj-RIB-In table and then to routing table could be stressfull for device and this could lead to 100% cpu usage and for example OSPF adjacency flapping. Most of work in this blog is done by a route generator script. You could also use a spreadsheet editor (Excel) and then edit exported text to create routes in Quagga configuration file.</div>
<br />
<b>What do you need? </b><br />
<ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwOADlerdy-ANIURaGO1hE03BY9mExlJrRKCiINwcUcPd-1cPvpAOcZizy9ZaOa1_7mCd6qggBLG2NF-pcLSBW-_w0zEXmQGY6LROKN8tF6wH5B436BScnK4nLgmYzVqIEZfhNuHFuYZw/s1600/quagga-bgp.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="104" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwOADlerdy-ANIURaGO1hE03BY9mExlJrRKCiINwcUcPd-1cPvpAOcZizy9ZaOa1_7mCd6qggBLG2NF-pcLSBW-_w0zEXmQGY6LROKN8tF6wH5B436BScnK4nLgmYzVqIEZfhNuHFuYZw/s1600/quagga-bgp.png" width="320" /></a></div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-5X16ZVWbQ9YXAUvr-z-7Qc04ugYr4syR5LevlQvPzY0-sC1G7UXK-cRInWxvU6EUCvxkSYuAh7Z89asRtdLC47dg1QdmljEy-iBIdETGMoSJ_yzKmHjxIb-tTjnAyOmTr9UB-YsSJn8/s1600/quagga-bgp.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a>
<li style="text-align: justify;">router (EX4200 with a advanced license. But don't worry. BGP on EX4200 should work even without license. At least it used to work on older releases. It yelds message to console during commit and regularry to syslog)</li>
<li style="text-align: justify;">standard Linux or Ubuntu PC with NIC and Quagga </li>
<li style="text-align: justify;">ethernet cable :-)</li>
</ul>
<br />
<b>Juniper EX 4200 specifications <a href="http://www.juniper.net/us/en/products-services/switching/ex-series/ex4200/#specifications">[2]</a></b><br />
<br />
IPv4 Unicast routes: 16,000 <br />
<br />
<b>Install and configure Quagga on a Ubuntu PC</b><br />
<span style="font-family: "Courier New",Courier,monospace;"># apt-get install quagga</span><br />
<span style="font-family: "Courier New",Courier,monospace;"></span><br />
<b>Change Ubuntu IP addresses</b><br />
<span style="font-family: "Courier New",Courier,monospace;"># ifconfig eth0 192.0.2.1/24
</span><br />
<br />
<b> Edit Quagga configuration file ...</b><br />
<span style="font-family: "Courier New",Courier,monospace;"># nano /etc/quagga/daemons</span><br />
<br />
<b>... and you should run at least these two Quagga daemons</b><br />
<span style="font-family: "Courier New",Courier,monospace;">zebra=yes</span><br />
<span style="font-family: "Courier New",Courier,monospace;">bgp=yes</span><br />
<br />
<b>How to generate many routes</b><br />
I used script from this site V. Glinsky<a href="http://blog.glinskiy.com/2009/10/how-to-generate-lots-of-bgp-routes.html">[1]</a> blog.<a href="http://blog.glinskiy.com/2009/10/how-to-generate-lots-of-bgp-routes.html"></a><br />
Change these two lines in that script:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">my $router_id="192.0.2.1"; #bgp router-id</span><br />
<span style="font-family: "Courier New",Courier,monospace;">my $remote_ip="192.0.2.2"; #BGP neighbor ip address</span><br />
<pre></pre>
<br />
<span style="font-family: inherit;"><span style="font-size: small;">Leave other<span style="font-size: small;"> valu<span style="font-size: small;">es u<span style="font-size: small;">nchanged. It is going to generate 300<span style="font-size: small;">,000 routes. Much more<span style="font-size: small;"> than 16<span style="font-size: small;">,000. Let's say we are all ri<span style="font-size: small;">ght with AS numbers<span style="font-size: small;">. <span style="font-size: small;">Ubuntu <span style="font-size: small;">AS65099, Juniper AS65001. Actually I generated <span style="font-size: small;">599999 routes in <span style="font-size: small;">my example.</span></span></span></span></span></span></span></span></span></span></span></span></span></span><br />
<pre><span style="font-family: Times,"Times New Roman",serif;"> </span></pre>
<span style="font-family: Times,"Times New Roman",serif;">Copy generated bgpd.conf file to a directory /etc/quagga/.</span><br />
<br />
<b><span style="font-family: Times,"Times New Roman",serif;">Here is how bgpd.conf should look</span></b><br />
<span style="font-family: Times,"Times New Roman",serif;"><span style="font-family: "Courier New",Courier,monospace;">hostname quagga-host<br />password zebra<br />enable password zebra<br />line vty <br />router bgp 65099<br /> bgp router-id 192.0.2.1<br /> neighbor 192.<span style="font-family: Times,"Times New Roman",serif;">0.2.2</span> remote-as 65001<br /> network 70.0.0.0/24<br /> network 70.0.1.0/24<br /> network 70.0.2.0/24<br /> network 70.0.3.0/24 </span></span><br />
<br />
<b>Run Quagga</b><br />
<span style="font-family: "Courier New", Courier, monospace;"># /etc/init.d/quagga restart</span><br />
<h4>
<span style="color: blue;"></span>
</h4>
<b><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: inherit;">Configure Juniper BGP protocol and interface</span></span></b><br />
<span style="font-family: "Courier New",Courier,monospace;">root@ex4200> show configuration protocols bgp </span><br />
<span style="font-family: "Courier New",Courier,monospace;">local-as 65001; </span><br />
<span style="font-family: "Courier New",Courier,monospace;">group bgp-test {<br /> type external;</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> peer-as 65099;<br /> neighbor 192.0.2.1;</span><br />
<span style="font-family: "Courier New",Courier,monospace;">} </span><br />
<span style="font-family: "Courier New",Courier,monospace;"><br /></span> <br />
<span style="font-family: "Courier New",Courier,monospace;">root@ex4200> show configuration interfaces ge-0/0/0 </span><br />
<span style="font-family: "Courier New",Courier,monospace;">unit 0 {</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> family inet {</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> address 192.0.2.2/24;<br />}</span><br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">root@ex4200> show configuration routing-options <br />router-id 192.0.2.2;<br />autonomous-system 65001; </span><br />
<br />
There is a warning during commit. You should have a license. Don't worry, it's OK for now. It will work even without it.<br />
<span style="font-family: "Courier New",Courier,monospace;">{master:0}[edit]<br />root@ex4200# commit <br />[edit protocols]<br /> 'bgp'<br /> warning: requires 'bgp' license<br />configuration check succeeds<br />commit complete </span> <br />
<h4>
</h4>
<h4>
</h4>
<b>
Connect two devices with ethernet cable and observe results</b><br />
<b>
Juniper EX 4200:</b><br />
<br />
<span style="font-weight: normal;"><span style="font-family: "Courier New",Courier,monospace;">root@ex4200> show bgp summary <br />Groups: 1 Peers: 1 Down peers: 0<br />Table Tot Paths Act Paths Suppressed History Damp State Pending<br />inet.0 <br /> 16372 16372 0 0 0 0<br />Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...<br />192.0.2.1 65099 299 4 0 0 28 16372/16372/<b>16372</b>/0 0/0/0/0</span></span><br />
<span style="font-weight: normal;"><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: Times,"Times New Roman",serif;">BGP neighbor adjacency status is Established. Highlighted is number of accepted routes in a Adj-Rib-In table. </span></span></span><span style="font-weight: normal;"><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: Times,"Times New Roman",serif;"><span style="font-weight: normal;"><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: Times,"Times New Roman",serif;">We don't use any import policy.</span></span></span></span></span></span><br />
<h4>
<span style="font-weight: normal;"><span style="font-family: "Courier New",Courier,monospace;"></span></span></h4>
<h4>
<span style="font-family: inherit;"><span style="font-weight: normal;"></span></span></h4>
<h4>
<span style="font-weight: normal;"><span style="font-family: "Courier New",Courier,monospace;"></span></span></h4>
<span style="font-weight: normal;"><span style="font-family: "Courier New",Courier,monospace;">root@ex4200> show route <br /><br />inet.0: 16384 destinations, 16384 routes (<b>16384 </b>active, 0 holddown, 0 hidden)<br />+ = Active Route, - = Last Active, * = Both<br /><br />2.0.0.0/24 *[BGP/170] 00:00:39, MED 0, localpref 100<br /> AS path: 65099 I, validation-state: unverified<br /> > to 192.0.2.1 via ge-0/0/0.0<br />2.0.1.0/24 *[BGP/170] 00:00:39, MED 0, localpref 100<br /> AS path: 65099 I, validation-state: unverified<br /> > to 192.0.2.1 via ge-0/0/0.0<br />2.0.2.0/24 *[BGP/170] 00:00:39, MED 0, localpref 100<br /> AS path: 65099 I, validation-state: unverified<br /> > to 192.0.2.1 via ge-0/0/0.0<br />2.0.3.0/24 *[BGP/170] 00:00:39, MED 0, localpref 100<br /> AS path: 65099 I, validation-state: unverified<br /> > to 192.0.2.1 via ge-0/0/0.0<br />2.0.4.0/24 *[BGP/170] 00:00:39, MED 0, localpref 100<br /> AS path: 65099 I, validation-state: unverified<br /> > to 192.0.2.1 via ge-0/0/0.0<br />2.0.5.0/24 *[BGP/170] 00:00:39, MED 0, localpref 100<br /> AS path: 65099 I, validation-state: unverified<br /> > to 192.0.2.1 via ge-0/0/0.0<br />2.0.6.0/24 *[BGP/170] 00:00:39, MED 0, localpref 100<br />---(more)---</span></span><br />
<br />
<span style="font-family: inherit;"><span style="font-weight: normal;">Highlighted number is number of active routes in routing table.</span></span><br />
<span style="font-family: inherit;"><span style="font-weight: normal;"> </span></span><span style="font-family: inherit;"><span style="font-weight: normal;"> </span></span><br />
<h4>
<span style="font-weight: normal;"><span style="font-family: "Courier New",Courier,monospace;"></span></span></h4>
<span style="font-weight: normal;"><span style="font-family: "Courier New",Courier,monospace;">root@ex4200> show chassis routing-engine <br />Routing Engine status:<br /> Slot 0:<br /> Current state Master<br /> Temperature 34 degrees C / 93 degrees F<br /> CPU temperature 34 degrees C / 93 degrees F<br /> DRAM 1024 MB<br /> Memory utilization 44 percent<br /> CPU utilization:<br /> User <b>23 </b>percent<br /> Background 0 percent<br /> Kernel 34 percent<br /> Interrupt 0 percent<br /> Idle 42 percent<br /> Model EX4200-24F<br /> Serial ID BR0210217636<br /> Start time 2013-01-19 19:28:27 UTC<br /> Uptime 31 minutes, 9 seconds<br /> Last reboot reason 0x2:watchdog <br /> Load averages: 1 minute 5 minute 15 minute<br /> 0.45 0.15 0.10 </span></span><br />
CPU utilization is a bit higher right after establishing adjacency and receiving routes.<br />
<br />
You could also use command<span style="font-family: "Courier New",Courier,monospace;"></span><br />
<span style="font-family: "Courier New",Courier,monospace;">> show system processes extended</span><br />
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: Times,"Times New Roman",serif;">to see how rpd process is using CPU <a href="http://www.juniper.net/techpubs/en_US/junos9.6/information-products/topic-collections/nog-baseline/routing-engine--memory-introduction.html">[3]</a>.</span></span><br />
<br />
<b>
Connect to Quagga and show bgp config</b><br />
<span style="font-family: "Courier New",Courier,monospace;">root@bt:~# telnet localhost 2605<br />Trying ::1...<br />Trying 127.0.0.1...<br />Connected to localhost.<br />Escape character is '^]'.<br /><br />Hello, this is Quagga (version 0.99.15).<br />Copyright 1996-2005 Kunihiro Ishiguro, et al.<br /><br /><br />User Access Verification<br /> </span><br />
<span style="font-family: "Courier New",Courier,monospace;">Password: (password is zebra or quagga)<br />quagga-host> <br />quagga-host> show ip bgp summary <br />BGP router identifier 192.0.2.1, local AS number 65099<br />RIB entries <b>599999</b>, using 37 MiB of memory<br />Peers 1, using 2520 bytes of memory<br /><br />Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd<br />192.0.2.2 4 65001 5 304 0 0 0 00:02:00 0<br /><br />Total number of neighbors 1<br /> </span><br />
<span style="font-family: "Courier New",Courier,monospace;">quagga-host> show ip bgp neighbors <br />BGP neighbor is 192.0.2.2, remote AS 65001, local AS 65099, external link<br /> BGP version 4, remote router ID 192.0.2.2<br /> BGP state = <b>Established</b>, up for 00:02:05<br /> Last read 00:00:19, hold time is 90, keepalive interval is 30 seconds<br /> Neighbor capabilities:<br /> 4 Byte AS: advertised and received<br /> Route refresh: advertised and received(old & new)<br /> Address family IPv4 Unicast: advertised and received<br /> Graceful Restart Capabilty: received<br /> Remote Restart timer is 120 seconds<br /> Address families by peer:<br /> none<br /> Graceful restart informations:<br /> End-of-RIB send: IPv4 Unicast<br /> End-of-RIB received: <br /> Message statistics:<br /> Inq depth is 0<br /> Outq depth is 0<br /> Sent Rcvd<br /> Opens: 1 0<br /> Notifications: 0 0<br /> Updates: 298 0<br /> Keepalives: 6 5<br /> Route Refresh: 0 0<br /> Capability: 0 0<br /> Total: 305 5<br /> Minimum time between advertisement runs is 30 seconds<br /><br /> For address family: IPv4 Unicast<br /> Community attribute sent to this neighbor(both)<br /> 0 accepted prefixes<br /><br /> Connections established 1; dropped 0<br /> Last reset never<br />Local host: 192.0.2.1, Local port: 179<br />Foreign host: 192.0.2.2, Foreign port: 60656<br />Nexthop: 192.0.2.1<br />Nexthop global: ::<br />Nexthop local: ::<br />BGP connection: non shared network<br />Read thread: on Write thread: off </span><br />
<br />
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: Times,"Times New Roman",serif;">Session is established. 599999 routes loaded from config file.</span></span><br />
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: Times,"Times New Roman",serif;"> </span> </span><br />
<b>Other ways to BGP routes generation</b><br />
Nice guide on how to generate routes from real world bgp routes dump:<br />
<a href="http://evilrouters.net/2009/08/21/getting-bgp-routes-into-dynamips-with-video/">http://evilrouters.net/2009/08/21/getting-bgp-routes-into-dynamips-with-video/ </a><br />
<br />
<b>How to mitigate this 'attack'? </b><br />
There is a command <complete id="goog_157501847">to change behavior after certain number of routes are received.</complete><br />
<complete id="goog_157501847"><a href="http://www.juniper.net/techpubs/en_US/junos12.3/topics/reference/configuration-statement/accepted-prefix-limit-edit-protocols-bgp.html">http://www.juniper.net/techpubs/en_US/junos12.3/topics/reference/configuration-statement/accepted-prefix-limit-edit-protocols-bgp.html</a></complete><br />
<br />
References:<br />
[1] <a href="http://blog.glinskiy.com/2009/10/how-to-generate-lots-of-bgp-routes.html">http://blog.glinskiy.com/2009/10/how-to-generate-lots-of-bgp-routes.html</a><br />
[2] <a href="http://www.juniper.net/us/en/products-services/switching/ex-series/ex4200/#specifications">http://www.juniper.net/us/en/products-services/switching/ex-series/ex4200/#specifications</a><br />
[3] <a href="http://www.juniper.net/techpubs/en_US/junos9.6/information-products/topic-collections/nog-baseline/routing-engine--memory-introduction.html">http://www.juniper.net/techpubs/en_US/junos9.6/information-products/topic-collections/nog-baseline/routing-engine--memory-introduction.html</a> Jozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.com0tag:blogger.com,1999:blog-6231832145666040604.post-47531328954384879822013-04-02T14:29:00.002-07:002013-04-02T14:29:46.603-07:00Juniper EX simple multicast router (PIM & IGMPv2)<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
In next few lines I will show you how to set Juniper EX4200 switch with Junos version 12.2 to act as PIM dense-mode router. Dense mode is configured because it is simpler to configure as sparse-mode. </div>
<div style="text-align: justify;">
</div>
<h3 style="text-align: justify;">
Background</h3>
<div style="text-align: justify;">
I am currently testing some L2 access switches for 3play services. Some of feature I test is a multicast service handling by switch. Especially IGMP snooping. Because of that, I need IGMP querier - a device that listens and sends IGMP packets. Simple running VLC server will not automatically listens and respond to IGMP packets from client so DUT switch will not hear and investigate IGMP snooping packets exept these from receivers (and that is not enough). You should have two-way communication to get IGMP snooping operational. I use BackTrack 5 or Ubuntu with VLC as video stream server/source and receivers. I use tagged interfaces on both devices EX 4200 ge-0/0/0, ge-0/0/1 and also on multicast stream server. DUT could be any manageable L2 switch with IGMP snooping (with or without IGMP proxy). IGMP snooping feature: <a href="http://en.wikipedia.org/wiki/IGMP_snooping">http://en.wikipedia.org/wiki/IGMP_snooping</a>. I am not going to provide IGMP snooping test here, but shortly, this feature helps reduce multicast traffic on LAN segment (VLAN), so that multicast stream is received only on interface/port/MC stream receiver that wants it, not on all ports. Switch with this feature listens to IGMP (Query, Report, Leave) packets and behave according it. Try read this <a href="http://www.juniper.net/techpubs/en_US/junos9.4/topics/concept/igmp-snooping-ex-series-overview.html">http://www.juniper.net/techpubs/en_US/junos9.4/topics/concept/igmp-snooping-ex-series-overview.html</a> or this <a href="http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/IGMPSnooping.html">http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/IGMPSnooping.html</a>. There is also other technology for cope somehow with multicast streams - MVR, IGMP Proxy, IGMP querier configured on switch.</div>
<div style="text-align: justify;">
<br /></div>
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwHfC7bcFfYHvWrra7pQSKwBlvuj0Lp7riAmoo-RQOC9fBfb8n7RUlshnuwFy-98T5m8g2pi0459fUkrWTFYV2xLsuyuOQifj7gDbN2NRLTd1B0t-I5Fhi8ZAXiJIRY0tCDS5BfgpCkrU/s1600/multicast-test.png" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img alt="Topology" border="0" height="373" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwHfC7bcFfYHvWrra7pQSKwBlvuj0Lp7riAmoo-RQOC9fBfb8n7RUlshnuwFy-98T5m8g2pi0459fUkrWTFYV2xLsuyuOQifj7gDbN2NRLTd1B0t-I5Fhi8ZAXiJIRY0tCDS5BfgpCkrU/s400/multicast-test.png" title="" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Topology</td></tr>
</tbody></table>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Setting up a multicast stream server </h3>
<div style="text-align: justify;">
All commands are run under root. You don't have to run vlc under root on Ubuntu. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>(optional) install VLC</b></div>
<div style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;">apt-get install vlc</span></div>
<div style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;"> </span> </div>
<div style="text-align: justify;">
<b>(Backtrack 5) allow run VLC under root</b></div>
<div style="text-align: justify;">
<a href="http://www.backtrack-linux.org/forums/showthread.php?t=44590">http://www.backtrack-linux.org/forums/showthread.php?t=44590</a> - change file /usr/bin/vlc ... 'u should open it with an hex editor and find in file for "geteuid._libc_start_main" without quotes! when u find it change it to "getppid._libc_start_main" without quotes!'</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Next five lines is a setup of vlan tagged interface on interface eth0.</div>
<div style="text-align: justify;">
<b>Add IP address, change routing </b></div>
<div style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;">apt-get install vconfig</span><b><br /></b></div>
<div style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;">modprobe 8021q</span></div>
<div style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;">vconfig add eth0 130</span></div>
<div style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;">ifconfig eth0.130 130.0.0.10/24</span></div>
<div style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;">route add 224.0.0.0/4 via 130.0.0.1 dev eth0.130</span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>run VLC</b> stream server video</div>
<div style="text-align: left;">
<span style="font-family: "Courier New", Courier, monospace;">cvlc /root/Videos/MPEG-2.mpg --sout '#udp{mux=ts,dst=238.1.1.30:1234}' --ttl=4 --repeat </span></div>
<div style="text-align: justify;">
<br />
<h3 style="text-align: justify;">
<b>Juniper EX4200 configuration</b></h3>
<span style="font-family: "Courier New",Courier,monospace;">## Last commit: 2013-03-28 09:55:20 UTC by root<br />version 12.2R2.5;<br />interfaces {<br /> ge-0/0/0 {<br /> unit 0 {<br /> family ethernet-switching {<br /> port-mode trunk;<br /> vlan {<br /> members [ 30 ];</span><br />
<span style="font-family: "Courier New",Courier,monospace;"><br /> }<br /> }<br /> }<br /> }<br /> ge-0/0/1 {<br /> unit 0 {<br /> family ethernet-switching {<br /> port-mode trunk;<br /> vlan {<br /> members [ 130 ];<br /> }<br /> }<br /> }<br /> }<br /> vlan {<br /> mtu 9216;<br /> unit 30 {<br /> family inet {<br /> mtu 1500;<br /> address 30.0.0.1/24;<br /> }<br /> }<br /> unit 130 {<br /> family inet {<br /> mtu 1500;<br /> address 130.0.0.1/24;<br /> }<br /> }<br /> }<br />}<br />protocols {</span><br />
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"># you don't have to set igmp when pim is enabled on interface. This will automatically enable IGMPv2.</span> </span><br />
<span style="font-family: "Courier New",Courier,monospace;"> igmp {<br /> interface vlan.30; <br /> interface vlan.130;<br /> }<br /> pim {<br /> interface vlan.30 {<br /> mode dense;<br /> }<br /> interface vlan.130 {<br /> mode dense;<br /> }<br /> }<br /> igmp-snooping {<br /> vlan all {<br /> version 2;<br /> }<br /> }<br />}<br />vlans {<br /> v130 {<br /> vlan-id 130;<br /> l3-interface vlan.130;<br /> v30 {<br /> vlan-id 30;<br /> l3-interface vlan.30;<br /> }<br />}</span><br />
<span style="font-family: "Courier New",Courier,monospace;"><br /></span>
<br />
<h3>
<span style="font-family: Times,"Times New Roman",serif;">Setting up a DUT switch</span></h3>
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: inherit;"><span style="font-family: Times, "Times New Roman", serif;">Sorry, you should have to set it by yourself. You only have to set one uplink - tagged port with vlan 30 and one downlink client port - untagged port with vlan 30 (port vlan id 30, untagged frames will be tagged to vlan 30. And also you could also set up IGMP snooping on vlan 30 with router port (uplink port) to test it.</span></span></span></div>
<h3 style="text-align: justify;">
Setting up a multicast receiver</h3>
<div style="text-align: justify;">
<b>Forcing IGMP version 2 on a receiver. Default version today is IGMPv3. </b></div>
<div style="text-align: justify;">
<a href="http://www.advenage.com/topics/change-IGMP-version-on-debian-linux.php">http://www.advenage.com/topics/change-IGMP-version-on-debian-linux.php</a> </div>
<div style="text-align: justify;">
<span style="font-size: small;"><code class="comments">echo "2" > /proc/sys/net/ipv4/conf/eth0/force_igmp_version</code></span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Add ip address on untagged port on receiver connected to DUT switch, vlan 30:</b></div>
<div style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;">ifconfig eth0 30.0.0.123/24</span></div>
<div style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;">route add 224.0.0.0/4 via 30.0.0.1 dev eth0</span></div>
<div style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;">apt-get install vlc</span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Run VLC and open stream on a receiver</b></div>
<div style="text-align: justify;">
menu Applicaton -> Sound & Video -> VLC media player</div>
<div style="text-align: justify;">
press CTRL+N (File -> Open Network Stream)</div>
<div style="text-align: justify;">
select protocol: UDP</div>
<div style="text-align: justify;">
<span style="font-family: inherit;">set multicast address: udp://@238.1.1.30:1234</span></div>
<div style="text-align: justify;">
<br /></div>
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: inherit;">You should be able to ping Juniper from stream receiver. Run ping 30.0.0.1. They are L2-connected with vlan 30. And you also should be able to see your video.</span></span><br />
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: inherit;"><br /></span></span>
<br />
<h3>
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: inherit;">A simple troubleshooting guide</span></span></h3>
<ul>
<li><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: inherit;">Check cabling</span></span></li>
<li><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: inherit;">observe blinking LEDs on switches and NICs</span></span></li>
<li><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: inherit;">try to connect receiver directly to Juniper. Change Juniper config to be untagged interface or add vlan tagged interface to receiver.</span></span></li>
<li><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: inherit;">use tcpdump on receiver and on streamer. Check for vlan tag (<span style="font-family: "Courier New",Courier,monospace;">tcpdump -ni eth0 -e</span>), destination and source IP and MAC</span></span></li>
<li><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: inherit;">check IGMP snooping on DUT and Juniper</span></span></li>
<li><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: inherit;">check IGMP packets on receiver: <span style="font-family: "Courier New",Courier,monospace;">tcpdump -ni eth0 igmp</span></span></span></li>
</ul>
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: inherit;"><span style="font-family: "Courier New",Courier,monospace;"> </span></span></span><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: inherit;"><br /></span></span>Jozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.com0tag:blogger.com,1999:blog-6231832145666040604.post-7221834742163988892013-02-13T06:11:00.000-08:002013-03-25T12:52:24.801-07:00LAB: Avaya Ethernet Routing Switch 5600 6.2.4 -> 6.2.5 upgrade<br />
Please read documentation before upgrading your system.<br />
We decided to upgrade from software version 6.2.4 to 6.2.5. It is going to be done with console access.<br />
It is easy to upgrade, but you must know what to do with command download.<br />
<br />
Firstly, you need a new software, an USB 2.0 flash with software on it or a TFTP server (tftp32, atftpd, ...). Then you have to realize that you have a correct version already running on your stacks:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;"># show boot</span><br />
<span style="font-family: "Courier New",Courier,monospace;"><br /></span>
<span style="font-family: "Courier New",Courier,monospace;"># show system verbose</span><br />
<br />
<br />
So we have diagnostic image 6.0.0.15 which is already newest in time of writing this (2013-02-05). Switch runs firmware from primary 6.2.4. Firmware version 6.1.7 is set as secondary (there is a lot of difference between 6.1.7 and 6.2.4). Note - switch always boots primary. But you direct it to boot secondary with command <span style="font-family: "Courier New",Courier,monospace;">"boot secondary".</span><br />
<br />
Our situation is simplified, because we have two pure (not mixed with 5500) stacks forming a cluster.<br />
<br />
We are going to "upgrade" secondary boot image first.<br />
<blockquote class="tr_bq">
<span style="font-family: "Courier New",Courier,monospace;"># download address 10.255.253.3 <u><b>primary </b></u>image 5xxx_625027s.img no-res</span></blockquote>
<br />
<br />
Then. You can check status of upgrade observing switch port LEDs. Duration download and saving firmware to two-switch stack is between 4 and 5 minutes. Please read documentation for more information. After that you can see with # show boot, that there is no secondary image on primary Switch #1. This should be fine.<br />
<br />
After booting new image<br />
<blockquote class="tr_bq">
<span style="font-family: "Courier New",Courier,monospace;"># boot</span></blockquote>
or<br />
<blockquote class="tr_bq">
<span style="font-family: "Courier New",Courier,monospace;"># reload force minutes-to-wait 1</span></blockquote>
new image will boot. But you have a problem. Secondary is still 6.1.7 and you want 6.2.4.<br />
<br />
Here I noticed some kind of bug. Command:<span style="font-family: "Courier New",Courier,monospace;"></span><br />
<blockquote class="tr_bq">
<span style="font-family: "Courier New",Courier,monospace;"># download address 10.255.253.3 <b><u>secondary</u></b> image 5xxx_624011s.img no-res</span></blockquote>
<b><u><span style="font-family: "Courier New",Courier,monospace;"></span>did not upgrade secondary image but primary</u></b>. So I have again 6.2.4 as primary and 6.1.7 as secondary. (I tried this scenario multiple times with same starting situation even with restart after doing upgrade of secondary. )<br />
<br />
After I put command <span style="font-family: "Courier New",Courier,monospace;"> </span><br />
<blockquote class="tr_bq">
<span style="font-family: "Courier New",Courier,monospace;"># download address 10.255.253.3 <b><u>secondary</u></b> image 5xxx_624011s.img</span> </blockquote>
again (2nd time) it fortunately upgraded secondary. So for now we have 6.2.4 and 6.2.4. Now you can upgrade primary with new software<br />
<blockquote class="tr_bq">
<span style="font-family: "Courier New",Courier,monospace;"># download address 10.255.253.3 <u><b>primary</b></u> image 5xxx_625027s.img no-res</span></blockquote>
Here you should have 6.2.5 and 6.2.4 on primary and secondary installed. <br />
<br />
I find some kind of helpful this command:<br />
<blockquote class="tr_bq">
<span style="font-family: "Courier New",Courier,monospace;"># toggle-next-boot-image</span></blockquote>
and<br />
<blockquote class="tr_bq">
<span style="font-family: "Courier New",Courier,monospace;"># boot secondary</span> </blockquote>
<br />
End Note: <br />
Boot image = software = firmware<br />
Sometimes a diagnostic image is named firmware.<br />
<br />
<blockquote class="tr_bq">
<span style="font-family: "Courier New",Courier,monospace;">toggle-next-boot-image</span><br />
Use this procedure to toggle the next boot image.</blockquote>
<blockquote class="tr_bq">
<span style="font-family: "Courier New",Courier,monospace;">boot secondary</span><br />
Use this procedure to use the secondary boot image.</blockquote>
<br />
<br />
Documentation: google for NN47200-500_06.02 or NN47200-500 Configuration System<br />
<br />
<br />
<br />Jozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.com0tag:blogger.com,1999:blog-6231832145666040604.post-52266356724559679072012-11-09T14:43:00.000-08:002012-11-15T01:32:23.693-08:00MIUI HTC Desire Z continuous restarting after start<b>MIUI HTC Desire Z problems</b><br />
<br />
<b>Read last note for quick resolution. </b><br />
<br />
This is not very networking related blog. I installed custom ROM - MIUI czech - slovak version on my HTC Desire Z. You can search for official walkthrough.<br />
After a week it was restarting continuously. Right after start. I tried remove sd card and also sim card. It was weird because it works only with both unplugged.<br />
So I searched for something and found that this could be sd card related problem. I went to recovery mode - Turn off phone. Hold Power + Volume DOWN. FACTORY DEFAULT (Volume down, volume down middle button under your screen to go to clockworkmode). And than I tried factory reset, wipe data, wipe da..., wipe cache. And so on. Nothing helps. Maybe 10 restarts :-D.<br />
<br />
<br />
<b>What did NOT help?: </b>In clockwork mode, go to advanced (scroll/swipe middle button and press it) and format sd card. I did 4gigs and 0 swap. And after restart, card was mounted and phone works. But it has only 4 G memory sd card, I restarted again to clockworkmod, mount usb cable. Format via windows to fat32 to 8gb. There are methods to format it as ext3 or ext4. There are some limitations with fat32. One of them is file size limit 4gb. But its ok for me.<br />
<br />
<b>What DID HELP? </b><br />
<b>The only thing that works was returing to stock HTC. Download file from <a href="http://shipped-roms.com/index.php?category=android&model=Vision">http://shipped-roms.com/index.php?category=android&model=Vision</a></b><br />
<b></b><br />
<b>I am from Slovakia so I used this one.</b><br /><a href="http://shipped-roms.com/download.php?category=android&model=Vision&file=RUU_Vision_Gingerbread_S_HTC_WWE_2.42.405.3_Radio_12.56.60.25_26.10.04.03_M_release_224299_signed.exe" title="Download">RUU_Vision_Gingerbread_S_HTC_WWE_2.42.405.3_Radio_12.56.60.25_26.10.04.03_M_release_224299_signed.exe</a><br />
It is an easy walkthrough installation. Consider turning off antivirus during installation.<br />
<br />
<br />
resoucrces:<br />
http://forum.xda-developers.com/ <br />
http://shipped-roms.comJozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.com0tag:blogger.com,1999:blog-6231832145666040604.post-78926497210829663852012-04-24T00:54:00.002-07:002013-03-25T13:17:27.293-07:00Mirroring from multiple physical interfaces to one interface<div>
<h2>
How to port mirror from multiple physical interfaces (on multiple devices) to a server with single ethernet interface? </h2>
(updated 25th March 2013) <br />
How to differentiate between port mirroring source? You can choose netflow or sflow for switches, but not all devices can handle as much as every packet - 1:1 packet rate. In my example, I have an SRX 210. Mirrored ports are trunk ports with native vlan configured. You may know it as hybrid port. Incoming packet with no vlan tag is assigned to particular vlan (vlan 10). Other packet must have particluar vlan tag (vlan 5, vlan 6) that is configured on switch port. I did not tested port mirror on Juniper EX switches but rather Avaya switches 5000 series. Juniper EX port mirror configuration is added.<br />
<br />
<h4>
<b>Configuration of Juniper EX switch for this type of port</b></h4>
<span style="font-family: "Courier New",Courier,monospace;"># show interfaces </span><br />
<div style="font-family: "Courier New",Courier,monospace;">
ge-0/0/0 {<br />
unit 0 {<br />
family ethernet-switching {<br />
port-mode trunk;<br />
vlan {<br />
members [ 5 6 ];<br />
}<br />
native-vlan-id 10;<br />
}<br />
}<br />
} </div>
<br />
<h4>
<b>Port mirroring of TX and RX traffic on Juniper EX switch </b></h4>
<span style="font-family: "Courier New",Courier,monospace;"># show ethernet-switching-options </span><br />
<span style="font-family: "Courier New",Courier,monospace;">analyzer myportmirror {</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> loss-priority high;</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> input {</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> ingress {</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> interface ge-0/0/20.0;</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> }</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> egress {</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> interface ge-0/0/20.0;</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> }</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> }</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> output {</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> interface {</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> ge-0/0/0.0;</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> }</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> }</span><br />
<span style="font-family: "Courier New",Courier,monospace;">}</span><br />
<br />
<br />
<h4>
Avaya ERS 5600 with firmware 6.2.x</h4>
<span style="font-family: "Courier New",Courier,monospace;">port-mirroring mode Xrx monitor-port 1 mirror-port-X 2 </span><br />
<br style="font-family: "Courier New",Courier,monospace;" />
<span style="font-family: "Courier New",Courier,monospace;">vlan create 5-6,10 type port 1</span><br />
<span style="font-family: "Courier New",Courier,monospace;">vlan configcontrol flexible</span><br />
<span style="font-family: "Courier New",Courier,monospace;">vlan members 1 NONE</span><br />
<span style="font-family: "Courier New",Courier,monospace;">vlan members 5-6,10 2</span><br />
<span style="font-family: "Courier New",Courier,monospace;">vlan ports 2 pvid 10</span><br />
<span style="font-family: "Courier New",Courier,monospace;">vlan configcontrol strict </span><br />
<br />
<h3>
<b>Scenario</b></h3>
We want to mirror traffic from two devices, for example switches, but have server with single interface for pcap. <br />
1. Turn on port mirroring on two devices.<br />
2. Connect SRX 210 port ge-0/0/1 to server and ports from that two devices devices to port fe-0/0/4 and fe-0/0/5. <br />
3. Configure <a href="http://en.wikipedia.org/wiki/Q-in-Q">802.1ad</a> (QinQ) on SRX so ge-0/0/1 trunk port is facing a backbone and fe-0/0/4, fe-0/0/5 is facing CE. Each port connected to switch has its own S-vlan. All tagged and untagged (C-vlan) packets will now have additional L2 header (S-vlan).<br />
<br />
<br />
<br />
<h4>
<b>Diagram</b></h4>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgL_kLcpwMVdqAo_-p4T56KCm0-GWmEEaoEM5nwPTEOdnGREkbvAuo08ypOJU45sQdSNvR2kpkJrWVTvc-U6ob9olHqHRQplNAjw6c_IYssnhbh4hnzsBBpMvqbOyHHgbNNNP5fjLxCY5k/s1600/blog-qinq-mirroring.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="246" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgL_kLcpwMVdqAo_-p4T56KCm0-GWmEEaoEM5nwPTEOdnGREkbvAuo08ypOJU45sQdSNvR2kpkJrWVTvc-U6ob9olHqHRQplNAjw6c_IYssnhbh4hnzsBBpMvqbOyHHgbNNNP5fjLxCY5k/s400/blog-qinq-mirroring.png" width="400" /></a></div>
<br />
<br />
<br />
<br />
<h4>
SRX 210 Configuration </h4>
<div style="font-family: "Courier New",Courier,monospace;">
interfaces {</div>
<div style="font-family: "Courier New",Courier,monospace;">
ge-0/0/1 {<br />
description "port mirror";<br />
unit 0 {<br />
family ethernet-switching {<br />
port-mode trunk;<br />
vlan {<br />
members [ port1 port2 ];<br />
}<br />
}<br />
}<br />
}</div>
<div style="font-family: "Courier New",Courier,monospace;">
fe-0/0/4 {<br />
description "Mirror 1";<br />
unit 0 {<br />
family ethernet-switching {<br />
port-mode access;<br />
vlan {<br />
members port1;<br />
}<br />
}<br />
}<br />
}<br />
fe-0/0/5 {<br />
description "Mirror 2";<br />
unit 0 {<br />
family ethernet-switching {<br />
port-mode access;<br />
vlan {<br />
members port2;<br />
}<br />
}<br />
}<br />
} </div>
<div style="font-family: "Courier New",Courier,monospace;">
}</div>
<br />
<span style="font-family: "Courier New",Courier,monospace;"># show vlans</span><br />
<span style="font-family: "Courier New",Courier,monospace;">port1 {</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> vlan-id 1004;</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> dot1q-tunneling;</span><br />
<span style="font-family: "Courier New",Courier,monospace;">}</span><br />
<span style="font-family: "Courier New",Courier,monospace;">port2 {</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> vlan-id 1005;</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> dot1q-tunneling;</span><br />
<span style="font-family: "Courier New",Courier,monospace;">}</span><br />
<br />
<br />
<h4>
To conserve MAC address table on SRX 210, disable MAC address learning on port, or vlans</h4>
<div style="font-family: "Courier New",Courier,monospace;">
ethernet-switching-options {<br />
interfaces {<br />
ge-0/0/1.0 {<br />
no-mac-learning;<br />
}<br />
fe-0/0/4.0 {<br />
no-mac-learning;<br />
}<br />
fe-0/0/5.0 {<br />
no-mac-learning;<br />
}<br />
}<br />
}</div>
<div style="font-family: "Courier New",Courier,monospace;">
<br /></div>
<br />
<br />
<span style="font-family: inherit;">
I don't see a possibility to create firewall filter that drops incoming packet on </span>port configured with family ethernet-switching.<br />
<h4>
</h4>
<h3>
Observing results. PC with Wireshark is connected to port ge-0/0/1. Please notice text under pictures.</h3>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1WuNCqdAVxHtAw33ZDnR6Ov2XnEnyJKRQ5ub1XzyEecI0Nwcm4_wtvaYQQqPgupUYN5xTaSmr8oZE_EC4WqmGzsNvrM-mB8eOEZ6S73DSijecjZmak64xav4Kp0DEGxc_gvqetHt0pC8/s1600/Screenshot-eth0+-+Wireshark-1.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1WuNCqdAVxHtAw33ZDnR6Ov2XnEnyJKRQ5ub1XzyEecI0Nwcm4_wtvaYQQqPgupUYN5xTaSmr8oZE_EC4WqmGzsNvrM-mB8eOEZ6S73DSijecjZmak64xav4Kp0DEGxc_gvqetHt0pC8/s1600/Screenshot-eth0+-+Wireshark-1.png" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Packet from fe-0/0/4, tagged to vlan 1004, packet was received untagged on fe-0/0/4.</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhTfO51nxkQ6-4fgbKDyYZDpC8O4UA2na-nEqmkWnuwNAzG2tdofiD9AE7fwXEJIUs0PVqLhjBsC2JcYZbW8oUEiZTvzgUtcQtTlmVc0S81TtBZT2K4SdZL8OTvCJXHwQGDUIRYDIxwc4/s1600/Screenshot-eth0+-+Wireshark-2.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhTfO51nxkQ6-4fgbKDyYZDpC8O4UA2na-nEqmkWnuwNAzG2tdofiD9AE7fwXEJIUs0PVqLhjBsC2JcYZbW8oUEiZTvzgUtcQtTlmVc0S81TtBZT2K4SdZL8OTvCJXHwQGDUIRYDIxwc4/s1600/Screenshot-eth0+-+Wireshark-2.png" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Packet from fe-0/0/4, double tagged with additional vlan 1004, and original vlan 5.</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0WR1JvMZyubTlKSDFCf0KUvIfItQAnsEy9KpOZW1YiqUZBvGOMrTzN0zNGOmP3mr-QCjEK9wKhyVu-W-wtBWuoerh3cWTRCea0Cj_pIitNK5p8w7JpBsu0bTxRWgXUrhlERkmKXM2GwI/s1600/Screenshot-eth0+-+Wireshark-3.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0WR1JvMZyubTlKSDFCf0KUvIfItQAnsEy9KpOZW1YiqUZBvGOMrTzN0zNGOmP3mr-QCjEK9wKhyVu-W-wtBWuoerh3cWTRCea0Cj_pIitNK5p8w7JpBsu0bTxRWgXUrhlERkmKXM2GwI/s1600/Screenshot-eth0+-+Wireshark-3.png" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Packet from fe-0/0/4, double tagged with additional vlan 1004, and original vlan 6. Difference between this and previous picture is vlan 6.</td></tr>
</tbody></table>
<h4>
Mirrored port fe-0/0/5</h4>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJSsU_JKTFJsLWr-UjWJigqY2jlmz-eFlL2wMdLPgTwUxHOYPQ_fawdZP2x-stPCmkLdYRiliultWJwynlP-gU7QBHW01VoHWGBXKAwN6hW7AO4WJuy9endgC4fLJyHAicyZNw-u3u5uA/s1600/Screenshot-eth0+-+Wireshark-4.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJSsU_JKTFJsLWr-UjWJigqY2jlmz-eFlL2wMdLPgTwUxHOYPQ_fawdZP2x-stPCmkLdYRiliultWJwynlP-gU7QBHW01VoHWGBXKAwN6hW7AO4WJuy9endgC4fLJyHAicyZNw-u3u5uA/s1600/Screenshot-eth0+-+Wireshark-4.png" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Packet from fe-0/0/5, double tagged with additional vlan 1005, and original vlan 5.</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOGI9fi0uPg9_4IC2aPdRAdSfyoKTz05cSrygTo12-IR74psGphMi_HH3itsep_ZzHBvMVOxKE5ftvoyN5sSnUHm9dhOSFljqRO0-ECQlapPZJB6wBD5_owctWOBt9JC5_g1Oy4pIS_G4/s1600/Screenshot-eth0+-+Wireshark-5.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOGI9fi0uPg9_4IC2aPdRAdSfyoKTz05cSrygTo12-IR74psGphMi_HH3itsep_ZzHBvMVOxKE5ftvoyN5sSnUHm9dhOSFljqRO0-ECQlapPZJB6wBD5_owctWOBt9JC5_g1Oy4pIS_G4/s1600/Screenshot-eth0+-+Wireshark-5.png" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Packet from fe-0/0/4, double tagged with additional vlan 1004, and original vlan 5.</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5dwUdZS5Z4jFjdVmtOYolsbPG3bJw8SUQCKiHClDjSURiQfdT96rnZvKWt6C6i5hbXHahkC8kHiJyxyCLdj9tiMmXDwIfUjy01Oet53YwkPNdx-GnMCTRmSUfzVj8X6usv17V5STgwL4/s1600/Screenshot-eth0+-+Wireshark.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5dwUdZS5Z4jFjdVmtOYolsbPG3bJw8SUQCKiHClDjSURiQfdT96rnZvKWt6C6i5hbXHahkC8kHiJyxyCLdj9tiMmXDwIfUjy01Oet53YwkPNdx-GnMCTRmSUfzVj8X6usv17V5STgwL4/s1600/Screenshot-eth0+-+Wireshark.png" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Packet from fe-0/0/5, double tagged with additional vlan 1004, and
original vlan 6. Difference between this and previous picture is vlan 6.</td></tr>
</tbody></table>
<br />
Note: You can see packets tagged with S-vlan as configured. Each port has its own S-vlan.<br />
<br />
Bear in mind that packets received on server could be in wrong order because of SRX internal processing.<br />
<br />
Jozef Klacko <br />
<br />
<h3>
References</h3>
Application note: <a href="http://www.juniper.net/us/en/local/pdf/app-notes/3500196-en.pdf">J Series and branch SRX series ethernet switching configuration guide (pdf)</a><br />
Avaya support documentation webpage: <a href="http://support.avaya.com/downloads/">http://support.avaya.com/downloads/</a><br />
<br /></div>
Jozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.com3tag:blogger.com,1999:blog-6231832145666040604.post-9819089525366889302012-04-07T06:14:00.001-07:002013-03-25T12:53:23.368-07:00Interface-range - IOS Vs JunosTo edit multiple interfaces at once. In config mode - IOS "(config)#", Junos "#"<br />
<table border="1">
<tbody>
<tr>
<td><b>Purpose</b></td>
<td><b>IOS</b></td>
<td><b>Junos</b></td>
</tr>
<tr>
<td> go to multiple interfaces configuration (define range)</td>
<td>interface range fastethernet0/1 – 9</td>
<td>set interfaces interface-range myshutdown-ed member ge-0/0/0<br />
set interfaces interface-range myshutdown-ed member ge-0/0/1<br />
... or<br />
set interfaces interface-range myshutdown-ed member-range ge-0/0/0 to ge-0/0/9<br />
... or<br />
set interfaces interface-range myshutdown-ed member ge-0/0/[0-9]</td>
</tr>
<tr>
<td>apply some (e.g . shutdown) command to interface range</td>
<td>shutdown</td>
<td>set interfaces interface-range myshutdown-ed disable</td>
</tr>
</tbody>
</table>
<br />
<b>showing configuration</b><br />
use show or show interfaces interface-range myshutdown-ed<b><br /></b><br />
<pre>interfaces {
interface-range myshutdown-ed {
member "ge-0/0/0";
member "ge-0/0/1";
...
disable;
}
... or
interfaces {
interface-range myshutdown-ed {
member-range ge-0/0/0 to ge-0/0/9;
disable;
}
... or
interfaces {
interface-range myshutdown-ed {
member "ge-0/0/[0-9]";
disable;
}</pre>
<br />
<b>How the configuration is actually applied</b><br />
<pre>show interfaces | display inheritance | except #
ge-0/0/0 {
disable;
}
ge-0/0/1 {
disable;
}
...
ge-0/0/9 {
disable;
}
or you can see from what is configuration applied (e.g. from interface-range or even from apply-groups
show interfaces | display inheritance
ge-0/0/0 {
##
## 'disable' was expanded from interface-range 'shutdown-ed'
##
disable;
}
...</pre>
<br />
Junos: Don't forget to commit.<br />
<br />
This contribution is also listed in forums.juniper.net - <a href="http://forums.juniper.net/t5/IOS-to-Junos-I2J-Tips-Contest/bd-p/I2JTips">IOS to Junos (I2J) Tips Contest</a><br />
<a href="http://forums.juniper.net/t5/IOS-to-Junos-I2J-Tips-Contest/Interface-range-IOS-Vs-Junos/td-p/130513">Interface range - IOS Vs Junos</a>Jozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.com0tag:blogger.com,1999:blog-6231832145666040604.post-85767492044771598062012-04-07T06:11:00.002-07:002013-03-25T12:54:10.202-07:00Cisco Flex Links vs. Juniper Redundant Trunk Group (RTG)Hi,<br />
<br />
Flex Links are much same as RTG (Redundant Trunk Group). It is mostly used when you want to avoid using Spanning Tree and on access switches connecting to two aggregation switches.<br />
See a picture on page <a href="http://www.juniper.net/techpubs/en_US/junos12.1/topics/concept/cfm-redundant-trunk-groups-understanding.html" target="_self">http://www.juniper.net/techpubs/en_US/junos12.1/topics/concept/cfm-redundant-trunk-groups-understanding.html</a><br />
<br />
<b>Requirements:</b><br />
<ul>
<li>Juniper EX series switch with Junos 10.4 or later</li>
<li>Ports configured with family ethernet-switching</li>
</ul>
RTG ports could be "simple ports" like ge-0/0/0 or it could be also aggregated ingerfaces (ae0) with family ethernet-switching Primary and backup need not to be of same type. By setting aggregated interfaces "set interfaces ae0 aggregated-ethernet-options minimum-links X" you could specify when is aggregated interface treated like not working.<br />
<br />
<br />
Go to configuration mode<br />
cisco >configure terminal "Switch(conf)#<br />
Juniper >configure "user@switch#"<br />
<table border="1">
<tbody>
<tr>
<td><b>Purpose</b></td>
<td><b>IOS</b></td>
<td><b>Junos</b></td>
</tr>
<tr>
<td>disable spanning tree on port</td>
<td>Spanning tree is turned off automatically on flex links</td>
<td><span style="color: silver;">user@host#</span> set protocols rstp interfaces ge-0/0/5 disable<br />
<span style="color: silver;">user@host#</span> set protocols rstp interfaces ge-0/0/6 disable</td>
</tr>
<tr>
<td>Set Flex Links / RTG</td>
<td><span style="color: silver;">Switch(conf)#</span> interface gigabitethernet0/1<br />
<span style="color: silver;">Switch(conf-if)#</span> switchport backup interface gigabitethernet0/2</td>
<td><span style="color: silver;">user@host#</span> set ethernet-switching-options redundant-trunk-group group rtg1 interface ge-0/0/5.0 primary<br />
<span style="color: silver;">user@host#</span> set ethernet-switching-options redundant-trunk-group group rtg1 interface ge-0/0/6.0</td>
</tr>
<tr>
<td>Configure preemption (optional)</td>
<td>"preemption modes: forced, bandwidth, off. For preempion to work, set forced or bandwidth."
<br />
<span style="color: silver;">Switch(conf-if)#</span> switchport backup interface gigabitethernet0/2 preemption mode [forced | bandwidth ]<br />
<span style="color: silver;">Switch(conf-if)#</span> switchport backup interface gigabitethernet0/2 preemption delay 60</td>
<td>"Change the length of time (from the default 120 seconds) that a re-enabled primary link waits to take over for an active secondary link."<br />
<span style="color: silver;">user@host#</span> set redundant-trunk-group group tg1 preempt-cutover-timer 60</td>
</tr>
<tr>
<td>Show Flex Link/RTG status</td>
<td><span style="color: silver;">Switch(conf-if)# </span>exit<br />
<span style="color: silver;">Switch(conf)# </span>exit<br />
<span style="color: silver;">Switch#</span> show interface switchport backup<br />
<span style="color: silver;">Switch# </span>show interface switchport backup detail</td>
<td><span style="color: silver;">user@host#</span> run show redundant-trunk-group</td>
</tr>
<tr>
<td>Save configuration / apply and save configuration</td>
<td><span style="color: silver;">Switch# </span>copy running-config startup-config</td>
<td><span style="color: silver;">user@host#</span> commit</td>
</tr>
</tbody>
</table>
<br />
This contribution is also listed in forums.juniper.net - <a href="http://forums.juniper.net/t5/IOS-to-Junos-I2J-Tips-Contest/bd-p/I2JTips">IOS to Junos (I2J) Tips Contest</a><br />
<a href="http://forums.juniper.net/t5/IOS-to-Junos-I2J-Tips-Contest/Flex-Links-vs-RTG/td-p/137169">Flex Links vs RTG</a>Jozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.com0tag:blogger.com,1999:blog-6231832145666040604.post-24415914934907299222011-12-27T15:43:00.000-08:002011-12-27T15:44:01.126-08:00Networking software<b><span style="font-size: large;">1. ntop</span></b><br />
<a href="http://www.ntop.org/">ntop</a><br />
configuration of sflow, Interface address <br />
<a href="http://www.aboutdebian.com/monitor.htm">http://www.aboutdebian.com/monitor.htm</a><br />
<br />Jozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.com0tag:blogger.com,1999:blog-6231832145666040604.post-49025206942214508342011-12-09T06:19:00.001-08:002013-03-25T12:55:02.790-07:00Juniper CLI - make your work faster<span style="font-size: small;">In this next lines you are going to read about some commands that can make your work with Junos easier</span><br />
<span style="font-size: small;">(Simple RegExp and Junos examples) </span><br />
<span style="font-size: small;">This list is mainly for thought memorizing. </span><br />
<br />
<b>1. show interfaces in two lines list with MTU</b><br />
<blockquote class="tr_bq" style="font-family: "Courier New",Courier,monospace;">
<b>show interfaces | match "mtu|interface:" |trim 19</b></blockquote>
<b> 2. show interfaces without second line with logical interface with family</b><br />
before:<br />
<span style="font-family: "Courier New",Courier,monospace;">[edit]</span><br />
<span style="font-family: "Courier New",Courier,monospace;">user@switch</span><span style="font-family: "Courier New",Courier,monospace;">#<b> </b>run<b> show interfaces terse </b> </span><br />
<span style="font-family: "Courier New",Courier,monospace;">Interface Admin Link Proto Local Remote</span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/0 up up </span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/0.0 up up eth-switch</span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/1 up up </span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/1.0 up up eth-switch</span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/2 up down</span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/2.0 up down eth-switch</span><br />
... output truncated<br />
<br />
after: <br />
<span style="font-family: "Courier New",Courier,monospace;">[edit]</span><br />
<span style="font-family: "Courier New",Courier,monospace;">user@switch</span><span style="font-family: "Courier New",Courier,monospace;">#</span><b><span style="font-family: "Courier New",Courier,monospace;"> </span></b><span style="font-family: "Courier New",Courier,monospace;">run</span><b><span style="font-family: "Courier New",Courier,monospace;"> show interfaces terse |except "\." </span></b><br />
<span style="font-family: "Courier New",Courier,monospace;">Interface Admin Link Proto Local Remote</span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/0 up up </span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/1 up up </span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/2 up down</span><br />
... output truncated<br />
<br />
<br />
<b>3. show ipv4 address on your switch or router, show only interfaces:</b><br />
<span style="font-family: "Courier New",Courier,monospace;">{master:2}</span><br />
<span style="font-family: "Courier New",Courier,monospace;">user@switch> <b>show interfaces terse |match "inet " </b></span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/12.3212 up up inet 10.32.1.41/30 </span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/13.3200 up up inet 10.32.1.245/30 </span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/13.3202 up up inet 10.32.1.1/30 </span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-1/0/1.107 up up inet xx.yyy.zz.1/30 </span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-1/0/13.3201 up up inet 10.32.1.249/30 </span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-1/0/13.3203 up up inet 10.32.1.5/30 </span><br />
...<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">{master:2}</span><br />
<span style="font-family: "Courier New",Courier,monospace;">user@switch</span><span style="font-family: "Courier New",Courier,monospace;">> <b>show interfaces terse |match "inet " |trim 44</b></span><br />
<span style="font-family: "Courier New",Courier,monospace;">10.32.1.41/30 </span><br />
<span style="font-family: "Courier New",Courier,monospace;">10.32.1.245/30 </span><br />
<span style="font-family: "Courier New",Courier,monospace;">10.32.1.1/30 </span><br />
<span style="font-family: "Courier New",Courier,monospace;">xx.yyy.zz.1/30 </span><br />
<span style="font-family: "Courier New",Courier,monospace;">10.32.1.249/30 </span><br />
<span style="font-family: "Courier New",Courier,monospace;">10.32.1.5/30 </span><br />
...<br />
<br />
You could then save it to text file (add | save filename ad the end of command<br />
<span style="font-family: "Courier New",Courier,monospace;">show interfaces terse |match "inet " |trim 44 | save ipv4.txt<b><br /></b></span><br />
) and transfer your linux.Then do some things with it. For example calculate subnet address from ip address with ipcalc i.e.<br />
<div style="font-family: "Courier New",Courier,monospace;">
ipcalc 10.32.1.41/30 | grep Network</div>
...<br />
<br />
So. I did a batch file<br />
from file like this: <br />
<span style="font-family: "Courier New",Courier,monospace;">10.32.1.41/30 </span><br />
<span style="font-family: "Courier New",Courier,monospace;">10.32.1.245/30 </span><br />
<span style="font-family: "Courier New",Courier,monospace;"></span><span style="font-family: "Courier New",Courier,monospace;"></span><br />
<br />
to file like this:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">ipcalc 10.32.1.41/30 | grep Network >> networks.out</span><br />
<span style="font-family: "Courier New",Courier,monospace;">ipcalc 10.32.1.245/30 | grep Network >> networks.out</span><br />
<br />
with this two commands:<br />
<span style="font-family: "Courier New",Courier,monospace;">sed -e 's/^/ipcalc /' ipv4.txt > networks.sed1</span><br />
<span style="font-family: "Courier New",Courier,monospace;">sed -e 's/$/| grep Network >> networks.out/' networks.sed1 > networks.sed2</span><br />
<span style="font-family: "Courier New",Courier,monospace;"><br /></span>
<span style="font-family: "Courier New",Courier,monospace;">chmod a+x networks.sed1</span><br />
<span style="font-family: "Courier New",Courier,monospace;">bash networks.sed1</span><br />
hopefuly gives you<br />
<div style="font-family: "Courier New",Courier,monospace;">
10.32.1.40/30</div>
<span style="font-family: "Courier New",Courier,monospace;">10.32.1.244/30</span><br />
<br />
<br />
<b>4. just another tidily output for sflow interfaces (EX4200 Junos 10.0S10)</b><br />
<b><span style="font-family: "Courier New",Courier,monospace;">show interfaces terse |match "eth-switch|aenet" | match "ge|xe" | no-more </span></b><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/0.0 up up eth-switch</span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/1.0 up up eth-switch</span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/2.0 up up eth-switch</span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/3.0 up up eth-switch</span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/4.0 up up eth-switch</span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/5.0 up up eth-switch</span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/6.0 up up eth-switch</span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/8.0 up up aenet --> ae6.0</span><br />
<span style="font-family: "Courier New",Courier,monospace;">ge-0/0/10.0 up up eth-switch</span><b><br /></b>... And you need to throw it edit it with spreadsheet or via bash or something else.<br />
Remove text after space, then add string to beginning of line.<br />
<span style="font-family: "Courier New",Courier,monospace;">sed 's/ .*//;s/, .*//' sflow01.txt | sed s/^/"set protocols sflow interfaces "/</span><br />
<br />
<span style="font-family: "Courier New",Courier,monospace;"></span><br />
<span style="font-family: "Courier New",Courier,monospace;"></span>Jozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.com0tag:blogger.com,1999:blog-6231832145666040604.post-73235165689812384322011-11-30T01:44:00.000-08:002011-11-30T01:50:22.886-08:00How to install xerox workcentre 3210 on ubuntu 11.10You have two possibilities<br />
A) run shell script from extracted WC 3210 Linux Driver or longer manual method. Manual method doesn't install -for me- unnecessary files, icons, applications.<br />
<br />
1. Download WC 3210 Linux Driver from <a href="http://www.support.xerox.com/support/workcentre-3210-3220/downloads/enus.html?operatingSystem=linux&fileLanguage=en">this webpage</a>.<br />
2. Extract downloaded file to your desktop.<br />
3. find these two extracted files wc3210.ppd (/home/jozef/Desktop/Linux/noarch/at_opt/share/ppd/wc3210.ppd) and rastertosamsungspl (/home/jozef/Desktop/Linux/i386/at_root/usr/lib/cups/filter/rastertosamsungspl)<br />
4. try to install new printer from menu<br />
4a. run (X)ubuntu menu -> System -> Printing)<br />
4b. add printer - Network Printer - select your xerox 3210<br />
4c. from window Choose Driver select "Provide PPD file" and select wc3210.ppd<br />
5. your ubuntu screams this: <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizQKDnQdq2luSa0Cs4OuT0KVR8D11lzFbyO74CK28fTxhHo62Qe3-KxMc2MEL-wRLY3rbMUG1SXnSXXS5GuwI5JZ2vTh_A8jC_RHVpyl-iSbaspvFVdPRWA9NMRKAnCH_0ZKg725sSyeQ/s1600/Screenshot+-+30.11.2011+-+10%253A40%253A46.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="134" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizQKDnQdq2luSa0Cs4OuT0KVR8D11lzFbyO74CK28fTxhHo62Qe3-KxMc2MEL-wRLY3rbMUG1SXnSXXS5GuwI5JZ2vTh_A8jC_RHVpyl-iSbaspvFVdPRWA9NMRKAnCH_0ZKg725sSyeQ/s320/Screenshot+-+30.11.2011+-+10%253A40%253A46.png" width="320" /></a></div>
<br />
and you will go to next step<br />
6. Run terminal (Ctrl+Alt+T)<br />
7. copy file rastertosamsungspl from step 3 to /usr/lib/cups/filter/ as root:<br />
sudo cp /home/jozef/Desktop/Linux/i386/at_root/usr/lib/cups/filter/rastertosamsungspl /usr/lib/cups/filter/<br />
<br />
That's all<br />
<br />Jozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.com4tag:blogger.com,1999:blog-6231832145666040604.post-39606977734043853232011-10-19T03:24:00.000-07:002013-04-05T13:12:40.674-07:00Why I like Junos CLI<span style="font-size: large;">Why I like Junos CLI</span><br />
<br />
<b> hierarchical configuration</b> to make it easier to read configurations<a href="http://www.juniper.net/techpubs/software/junos/junos93/swconfig-cli/understanding-the-JUNOS-CLI-command-modes.html#id-10184964">http://www.juniper.net/techpubs/software/junos/junos93/swconfig-cli/understanding-the-JUNOS-CLI-command-modes.html#id-10184964</a><br />
<br />
<br />
<b>load .. </b>to load yours configuration (load merge <url-file,www,...>, load merge terminal relative, <br />
<a href="http://juniper.tw/techpubs/en_US/junos11.1/topics/example/junos-software-config-file-loading.html#id-10728250">http://juniper.tw/techpubs/en_US/junos11.1/topics/example/junos-software-config-file-loading.html#id-10728250</a><br />
... or just use bunch of set just like any other OS<br />
to see it like that ^ from configuration mode use <i>show | display set</i><br />
<b><br /></b>
<b>commiting configuration</b> to apply it at right time and avoid late night drive to work (candidate configuration, rollback, <i>commit confirmed</i>, ...)<br />
<a href="http://kb.juniper.net/InfoCenter/index?page=content&id=KB1572">http://kb.juniper.net/InfoCenter/index?page=content&id=KB1572</a><br />
<br />
<b>annotations </b>to comment your configuration<br />
<a href="http://www.juniper.net/techpubs/en_US/junos11.1/topics/reference/command-summary/annotate.html">http://www.juniper.net/techpubs/en_US/junos11.1/topics/reference/command-summary/annotate.html</a><br />
<br />
<b>configuration groups</b>, <b>interface-ranges</b><b></b> to inherit your configuration <br />
<a href="http://www.juniper.net/techpubs/en_US/junos9.5/information-products/topic-collections/swconfig-cli/id-11182486.html">http://www.juniper.net/techpubs/en_US/junos9.5/information-products/topic-collections/swconfig-cli/id-11182486.html</a><br />
<a href="http://kb.juniper.net/InfoCenter/index?page=content&id=KB16354&actp=RSS">http://kb.juniper.net/InfoCenter/index?page=content&id=KB16354&actp=RSS</a><br />
<br />
<b>pipe</b> to make configuration easier to read and do other stuff<br />
<a href="http://www.juniper.net/techpubs/software/junos/junos94/swconfig-cli/pipe-filter-functions-in-JUNOS-CLI.html">http://www.juniper.net/techpubs/software/junos/junos94/swconfig-cli/pipe-filter-functions-in-JUNOS-CLI.html</a><br />
<br />
<b>junoscript, junos automation </b>to make network management easier<br />
<a href="http://www.juniper.net/in/en/community/junos/script-automation/">http://www.juniper.net/in/en/community/junos/script-automation/</a> and <a href="http://www.juniper.net/us/en/community/junos/training-certification/day-one/automation-series/">http://www.juniper.net/us/en/community/junos/training-certification/day-one/automation-series/</a><br />
I am using only basic scripts.<br />
<br />
<b>netconf</b> to configure and manage it remotely, possibly through your own web management<br />
<br />
<a href="http://www.juniper.net/support/products/netconf/">http://www.juniper.net/support/products/netconf/</a><br />
<br />Jozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.com0tag:blogger.com,1999:blog-6231832145666040604.post-5147315579034904492011-10-14T01:10:00.000-07:002011-10-14T01:10:10.565-07:00juniper ex8200 and bgp full table, :-( [j-nsp] TCAM full on EX8200?I created three scenarios for customer. One of that was ex8208 with acting also like bgp full view router. But after reading this I am going to consider it<br />
<a href="http://www.gossamer-threads.com/lists/nsp/juniper/31959?nohighlight=1#31959">http://www.gossamer-threads.com/lists/nsp/juniper/31959?nohighlight=1#31959</a><br />
Ex8208 has may have some problem with full routing table. :-(Jozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.com0tag:blogger.com,1999:blog-6231832145666040604.post-25835592256196789252011-10-11T22:53:00.000-07:002011-10-11T22:53:00.503-07:00New ubuntu 11.10 - tomorrow 13. oct 2011<span class="anchor" id="line-4"></span><span class="anchor" id="line-5"></span><div class="line867"><a class="http" href="http://www.markshuttleworth.com/archives/646">"Oneiric Ocelot"</a> is the code name for Ubuntu 11.10, scheduled for release on 13 October 2011. See the <a href="https://wiki.ubuntu.com/OneiricReleaseSchedule">Oneiric release schedule</a>. </div><div class="line867"><br />
</div><div class="line867"><a href="https://wiki.ubuntu.com/OneiricOcelot">source: https://wiki.ubuntu.com/OneiricOcelot</a></div>Jozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.com0tag:blogger.com,1999:blog-6231832145666040604.post-78178143273993204892011-10-11T03:03:00.000-07:002013-03-25T12:55:42.815-07:00[j-nsp] JUNOS and 128.0.0.0 martian (JFYI), IANAINANA allocated new addresses. These are martians for Juniper.<br />
for example<br />
<a href="https://apps.db.ripe.net/whois/lookup/ripe/inetnum/128.0.0.0-128.0.7.255.html">https://apps.db.ripe.net/whois/lookup/ripe/inetnum/128.0.0.0-128.0.7.255.html</a><br />
Take a look at RFC5735 which obsoletes RFC3330. <br />
<br />
<br />
So if you have it as martians, you possibly cannot route to that remote subnets. Also transit ISPs should change this if they dont route them.<br />
<br />
<b>Workaround - Deleting Martian Addresses:</b><br />
<a href="http://www.juniper.net/techpubs/en_US/junos10.2/topics/usage-guidelines/routing-configuring-martian-addresses.html#id-10349412">http://www.juniper.net/techpubs/en_US/junos10.2/topics/usage-guidelines/routing-configuring-martian-addresses.html#id-10349412</a><br />
<br />
source: <a href="http://puck.nether.net/lists/juniper-nsp/0319.html">http://puck.nether.net/lists/juniper-nsp/0319.html</a><br />
<br />
<br />
UPDATE!!!:<br />
<blockquote>
<br />
> https://apps.db.ripe.net/whois/lookup/ripe/inetnum/128.0.0.0-128.0.7.255.html<br />
<br />
<br />
skip<br />
<br />
<br />
> p.s. set routing-options martians 128.0.0.0/16 orlonger allow<br />
> fixes it.<br />
<br />
<br />
<br />
Couple updates about it.<br />
<br />
martians are per table in Junos, so if you run internet in vrf (yes, <br />
there are such people!) you need to use that command per routing instance.<br />
<br />
RIPE NCC was awared about this issue and now reallocate blocks to those <br />
who got addrs from 128.0.0.0/16</blockquote>
<br />
<a href="https://apps.db.ripe.net/whois/lookup/ripe/inetnum/128.0.0.0-128.0.7.255.html">https://apps.db.ripe.net/whois/lookup/ripe/inetnum/128.0.0.0-128.0.7.255.html</a><br />
IANA changed it. there was mail.ru now there is nothingJozef Klačkohttp://www.blogger.com/profile/09824279673838312237noreply@blogger.com0