Some general questions about contents of JNCIA

Hi all,

I've recently started my studies on Juniper devices (I usually work on Cisco stuff) and I've got a few general questions regarding JUNOS:
1- I don't really understand the 'through' specificity keyword for routing policy/firewall filter matching prefixes. I looked through the study guide, but I can't really figure out what it means, any inputs?
2- The certification guide mentions that in order to have management access (via Telnet, SSH, etc.), a static route must be configured and a backup router can be optionally configured. I understand that if I wish to access a device remotely, there must be connectivity between both (using the static route), but what about the backup router? Why do I need it for management access?
3- So maybe I haven't gone through this deep enough, but what is the difference between a 'interface vlan unit 2' vs. 'vlan TWO vlan-id 2' + 'l3interface vlan.2'?

Regards,
Angela

Find more posts tagged with

Comments

rakem

1 - The 'through' keyword in a route-filter will match on the initial prefix and mask length exactly, and also the ending prefix and mask length exactly. it will also match the contiguous set of routes between the two points.

its a bit confusing - this links explains it

JUNOS Enterprise Routing: A ... - Doug Marschke, Harry Reynolds - Google Books

2 - A backup router is configured so your management interface has a route incase there is an issue. For example we have some SRXs in a cluster. We use the FXP inteface for management. The FXP is in the inet.0 routing table. So like anything - to access the FXP from outside the subnet it is on the FXP need to know how to get there. Here is how we do it:

> show configuration groups node0
system {
    backup-router 10.150.7.1 destination 10.0.0.0/8;

> show configuration groups node1
system {
    backup-router 10.150.7.1 destination 10.0.0.0/8;

> show route table inet.0

inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both

10.0.0.0/8         *[Static/5] 23w5d 01:24:41
                    > to 10.150.7.1 via fxp0.0

3. 'interface vlan unit 2' creates the VLAN interface and this is where you would assign the IP to the interface.
'vlan TWO vlan-id 2' + 'l3interface vlan.2'? is where you create the VLAN, assign the VLAN tag and link the layer 3 interface with the VLAN. Juniper to it a bit different to cisco, you need to link the Layer 3 interface with the VLAN. Again, here is some of our config (using display-set for simplicity)

 >show configuration interfaces vlan unit 64 | display set
set interfaces vlan unit 64 family inet address 10.150.64.3/24 

> show configuration vlans VMK-MGT | display set
set vlans VMK-MGT vlan-id 64                                 <--VMK-MGT is the name of the VLAN, this creates vlan 64
set vlans VMK-MGT l3-interface vlan.64                    <-- This assigns the L3 interface to the VLAN

Hope this helped