JNCIA JunOs and JNCIS:SEC

Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
What would you guys suggest (lab hardware wise) for these two exams? Do you think that an olive or something running in GNS3 would be enough to get through these exams?

Comments

  • lrblrb Member Posts: 526
    The JNCIA-Junos is most definately doable using olives. I used a olives with M series running 11.1 and there's was pretty much nothing I couldn't do except for a few of the show commands which require a PFE.

    As for the JNCIS-SEC you are going to need some SRXs to do all the Junos security stuff like zones, policies, UTM etc. Not sure if you can do this with olives. If you have any test gear at work that's probably the most economical study method.

    Also I can't recommend enough the fast track material on the juniper website :)
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Do you have any suggestions for srx version or models?
  • lrblrb Member Posts: 526
    I have an SRX210H but an SRX100H I'm pretty sure will do pretty much everything you want for the JCNIS-SEC and JNCIP-SEC.
  • zoidbergzoidberg Member Posts: 365 ■■■■□□□□□□
    Look for the high memory versions, like lrb suggested (they have the H in the model number), so you can run IPS and UTM. I believe IPS requires the high memory, and I think UTM might as well. Of course, you will still require licenses to run most of those features , and you might be able to get a 1-month demo license for free at juniper.net. Otherwise, you should be able to configure the features, just not run them. Which in that case, it may not matter if you're running the base or high memory version.

    Also, I believe the 100 CPU runs slightly faster giving you better commit and boot times over the 210, unless you can find the 210 model with the enhanced CPU, 210HE (E for enhanced). As long as you're not too impatient, it should matter. I'm impatient though, and used to playing on SRX5800s, so I find the SRX210 commits brutally slow ;)
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Do you think one would be enough to get through the JNCIA and JNCIS?

    Yea we don't run any Juniper Kit in production but a few of our customers do.


    Oh congrats Zoidberg on the JNCIE
  • zoidbergzoidberg Member Posts: 365 ■■■■□□□□□□
    Thanks :)

    One is definitely a good start. I think the 100 and 210 supports 5 virtual routers (that's a guess, don't see the value on a datasheet right now), so you could use those to configure routing protocols and still be able to peer up and test those without additional equipment. I think by now we should be able to support policy based and route based IPSec VPNs terminating in a virtual router, so you could probably test out VPNs with just the one box as well.

    If you got two matching SRXs then you can also test out clustering. SRXs must match for that.

    Or, if you have other equipment from other vendors, could you configure routing or IPSec between the SRX and the other device.


    I think the JNCIA-JUNOS was more of a get to know Junos type of exam? It's been a long time. I think it focuses on basic Junos and configuration, so playing around in the cli with one SRX may work, especially if they do support the virtual routers like I was thinking. Might be enough for the JNCIS-SEC as well if you can find a way to practice the IPSec VPN stuff and UTM. I believe the JNCIS-SEC was light on routing. Most of the security stuff can be configured and tested using just a single SRX and passing traffic through it.
  • zoidbergzoidberg Member Posts: 365 ■■■■□□□□□□
    Pulled out the data sheet...
    3 VRs, 10 zones, 16 vlans on the SRX1x0.
    10 VRs, 12 zones, 64 vlans on the SRX210.

    UTM is not supported on the base model and requires the high memory model.
  • lrblrb Member Posts: 526
    zoidberg wrote: »
    I think the JNCIA-JUNOS was more of a get to know Junos type of exam? It's been a long time. I think it focuses on basic Junos and configuration, so playing around in the cli with one SRX may work, especially if they do support the virtual routers like I was thinking.

    Yep, the JNCIA-Junos exam is all about getting you familiar with Junos rather than being in depth on any one particular topic. I'd say 60% of the topics could be done on 1 device and the other 40% would be doable on 1 device but it would be ideal to have 2 devices to test the config out (e.g. route filters, CoS). As I said earlier though, pretty much everything can be done with olives for this exam.
  • nethackernethacker Senior Member Member Posts: 184 ■■■□□□□□□□
    lrb wrote: »
    Yep, the JNCIA-Junos exam is all about getting you familiar with Junos rather than being in depth on any one particular topic. I'd say 60% of the topics could be done on 1 device and the other 40% would be doable on 1 device but it would be ideal to have 2 devices to test the config out (e.g. route filters, CoS). As I said earlier though, pretty much everything can be done with olives for this exam.
    I have my CCNP and currently work for an MSP/ISP.There are a lot of projects coming up that will involve using juniper gears. I don't have experience configuring juniper gears but i have the theoretical knowledge of Junos. Is JNCIA a good place to start? Do anyone here have a material that explain more about the switching aspect?
    JNCIE | CCIE | GCED
  • TurgonTurgon Banned Posts: 6,308 ■■■■■■■■■□
    What would you guys suggest (lab hardware wise) for these two exams? Do you think that an olive or something running in GNS3 would be enough to get through these exams?


    I thought you were concentrating on Cisco at the moment? As for the question about Juniper, I haven't played with them myself but I imagine the answer is yes with Olive!
  • lrblrb Member Posts: 526
    nethacker wrote: »
    I have my CCNP and currently work for an MSP/ISP.There are a lot of projects coming up that will involve using juniper gears. I don't have experience configuring juniper gears but i have the theoretical knowledge of Junos. Is JNCIA a good place to start? Do anyone here have a material that explain more about the switching aspect?

    The JNCIA-Junos is the best place to start as theres lots of Junos CLI stuff which you might not have seen before and which will really help later on for your upcoming projects. The JNCIx-ENT focuses on routing and switching and the fast track material is available for the JNCIS-ENT exam which will have what you are looking for in terms of switching.
  • nethackernethacker Senior Member Member Posts: 184 ■■■□□□□□□□
    lrb wrote: »
    The JNCIA-Junos is the best place to start as theres lots of Junos CLI stuff which you might not have seen before and which will really help later on for your upcoming projects. The JNCIx-ENT focuses on routing and switching and the fast track material is available for the JNCIS-ENT exam which will have what you are looking for in terms of switching.
    thanks mate
    JNCIE | CCIE | GCED
  • lrblrb Member Posts: 526
    No worries mate - I think you'll find the Junos materials quite refreshing coming from a Cisco background (going by your cert list).
  • nethackernethacker Senior Member Member Posts: 184 ■■■□□□□□□□
    lrb wrote: »
    No worries mate - I think you'll find the Junos materials quite refreshing coming from a Cisco background (going by your cert list).
    I was able to lay my hands on CBT nuggets for JunOS 101 and to my surprise it's not as hard as I was thinking. I was able to learn and understand the command structure and also interpret output information from the "show config" command on operational mode. Now reading the JunOS enterprise routing materials. It's been good so far with my cisco background.
    JNCIE | CCIE | GCED
Sign In or Register to comment.