Some general questions about contents of JNCIA
Hi all,
I've recently started my studies on Juniper devices (I usually work on Cisco stuff) and I've got a few general questions regarding JUNOS:
1- I don't really understand the 'through' specificity keyword for routing policy/firewall filter matching prefixes. I looked through the study guide, but I can't really figure out what it means, any inputs?
2- The certification guide mentions that in order to have management access (via Telnet, SSH, etc.), a static route must be configured and a backup router can be optionally configured. I understand that if I wish to access a device remotely, there must be connectivity between both (using the static route), but what about the backup router? Why do I need it for management access?
3- So maybe I haven't gone through this deep enough, but what is the difference between a 'interface vlan unit 2' vs. 'vlan TWO vlan-id 2' + 'l3interface vlan.2'?
Regards,
Angela
I've recently started my studies on Juniper devices (I usually work on Cisco stuff) and I've got a few general questions regarding JUNOS:
1- I don't really understand the 'through' specificity keyword for routing policy/firewall filter matching prefixes. I looked through the study guide, but I can't really figure out what it means, any inputs?
2- The certification guide mentions that in order to have management access (via Telnet, SSH, etc.), a static route must be configured and a backup router can be optionally configured. I understand that if I wish to access a device remotely, there must be connectivity between both (using the static route), but what about the backup router? Why do I need it for management access?
3- So maybe I haven't gone through this deep enough, but what is the difference between a 'interface vlan unit 2' vs. 'vlan TWO vlan-id 2' + 'l3interface vlan.2'?
Regards,
Angela
Comments
its a bit confusing - this links explains it
JUNOS Enterprise Routing: A ... - Doug Marschke, Harry Reynolds - Google Books
2 - A backup router is configured so your management interface has a route incase there is an issue. For example we have some SRXs in a cluster. We use the FXP inteface for management. The FXP is in the inet.0 routing table. So like anything - to access the FXP from outside the subnet it is on the FXP need to know how to get there. Here is how we do it:
> show configuration groups node0 system { backup-router 10.150.7.1 destination 10.0.0.0/8; > show configuration groups node1 system { backup-router 10.150.7.1 destination 10.0.0.0/8; > show route table inet.0 inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden) Restart Complete + = Active Route, - = Last Active, * = Both 10.0.0.0/8 *[Static/5] 23w5d 01:24:41 > to 10.150.7.1 via fxp0.03. 'interface vlan unit 2' creates the VLAN interface and this is where you would assign the IP to the interface.
'vlan TWO vlan-id 2' + 'l3interface vlan.2'? is where you create the VLAN, assign the VLAN tag and link the layer 3 interface with the VLAN. Juniper to it a bit different to cisco, you need to link the Layer 3 interface with the VLAN. Again, here is some of our config (using display-set for simplicity)
Hope this helped
showroute.net