Junos CLI basic

The root user must start the CLI from the shell.

user@router>    (the > character identifies operational mode which is to monitor and troubleshoot the device)
user@router#    (the # character identifies configuration mode which is to configure all properties of the Junos OS)

Press Spacebar to complete a command. Press Tab to complete system commands and user-defined variables.

Use configure exclusive to exclude other users from editing the configuration.Any uncommitted changes are discarded when the user exits. In contrast, uncommitted changes are retained when you use standard configure command.

Use configure private to allow multiple users to edit the configuration while committing only their private changes. If a private users issue a rollback 0 command, the software discards only their changes.

Moving between levels is like changing directories. Use up, up 2, top, exit commands.

Viewing differences

Using show | compare displays differences between the candidate config and active configuration also known as rollback 0.

Remember- the rollback command modifies only the candidate configuration. To activate the changes loaded through the rollback operation, issue the commit command.

Run command

The run command allows you to execute operational mode commands while in configuration mode. It is similar to the do command. 

OSPF Basic

OSPF LSA types
LSA Type 1 (Router LSA)
Generated by all routers in an area to describe their directly attached links (Intra-area routes).These do not leave the area.

LSA Type 2 (Network LSA)
Generated by the DR of a broadcast or Nonbroadcast segment to describe the neighbors connected to the segment.These do not leave the area.

LSA Type 3 (Network Summary LSA)
Generated by ABR to describe/advertise a route to neighbors outside the area. (Inter-area routes)

LSA Type 4 (ASBR Summary LSA)
Generated by ABR to advertise a route for/to an ASBR to neighbors outside the area

LSA Type 5 (External LSA)
Generated by ASBR to describe routes redistributed into the OSPF area.These routes appeared as E1 or E2.E2(default) uses a static cost throughout OSPF domain as it only takes the cost into account that is reported at redistribution.E1 uses a cumulative cost of the cost reported into OSPF domain at redribution plus the local cost to the ASBR.

LSA Type 6 (Multicast LSA)
Not supported on Cisco routers.
---------------------------

Unlike EIRGRP, OSPF does not support route summarization anywhere everywhere. It only supports in Area Border Router (ABR). - external route advertisement.

Stub area blocks route updates coming from any external network (redistribution). It only accepts route updates from Area 0, Area 1, so on. ABR generates a default route to this area.

Totally stubby area block external route advertisement and route advertisements from other Areas. It only knows about routes in its own area. ABR generates a default route to this area.

BGP Theory and basic config

Basics
Neighbors are manually configured.
Stage: IDLE, ACTIVE, Open Sent, Open Confirmed, Established

Hello sent every 60 seconds with a hold-down of 180 seconds.
Capable of MD5 authentication

Rule of Synchronization
Routes learnt via iBGP must be validated by the interior routing table before they can be advertised to remote peers - eBGP. Sync can be off/on at bgp router connected to remote ebgp peer.

Rule of Split-Horizon
Routes learnt via IBGP will never be sent to another IBGP peer
Route reflector to overcome this issue.


Attributes (Mandatory, Well-known Optional - transitive/non-transitive)
AS-Path, Next-Hop, Origin (IGP,EGP,Unknown?)
Local Preference(higher better), weight(local router, higher better) = select Exit point
Atomic Aggregate = this route is summarized
MED - used to suggest an entry point into your AS (lower is better)
Aggregator = designates IP addr of the router who performed summarization,
Community = used for route tagging

Basic Configuration
ip address of neighbors must be reachable(eg. via Internal routing protocol); exact subnet mask;
router bgp AS number
neighbor x.x.x.x remote-as 666
network 10.1.0.0 mask 255.255.0.0
neighbor 3.3.3.3 ebgp-multihop 2 -- if interfaces are not directly connected to each other
neighbor 3.3.3.3 update-source loopback 0 - to use if router's bgp address is loopback or not directly connected to neigbor
no auto summary

no synchronization -- turn of rule of synchronization
neighbor 2.2.2.2 next-hop-self -- when ebgp route is advertised back to ibgp

Troubleshooting
debug ip bgp updates

Multicast Routing (half way, basic)

Multicast Basic
Technology allowing a host to send a Single Stream of traffic to reach Any number of destination hosts. Broadcast is one to everybody. Unicast is one to one.

Multicast addresses are from Class D Range (224-239). 224.0.0.1 to 224.0.0.255 is reserved for local network protocol use. Has TTL=1

Distribution Method: Source Trees
good for small organizations

Distribution Method: Shared Trees
Rendezvous Point (RP)

IP Access List

Access-Lists

Facts:
1. Implicit Deny All at the end of every list
2. Read from Top to Bottom, Stops reading when match is found
3. New lines are added to the end of list
4. An Undefined Access-List will permit all traffic
5. Deleting an Access-List after applying to an interface causes a Deny Any for all traffic

Creating Standard Access-List
You are permitted or denied based on who you are
access-list <1-99>
Router(config)#access-list 50 deny 150.100.0.0 0.0.255.255 

Router(config)#access-list 50 permit any
Router(config-if)#ip access-group 50 <in or out from router perception>

Creating an extended Access-List
access-list <100-199>
Router(config)#access-list 150 deny tcp host 192.168.1.100 150.100.0.0 0.0.255.255 eq 80
Router(config)#access-list 150 permit ip any any
Router(config-if)#ip access-group 50 <in or out from router perception>

Creating named Access-List
flexible. can edit or insert in the middle of existing list
Router(config-ext-nacl)#permit ip 150.100.0.0 0.0.255.255 any
Router(config-ext-nacl)#permit ip any any

Router#sho ip access-lists
Extended IP access list DEMO
    10 permit ip 150.100.0.0 0.0.255.255 any
    20 permit ip any any
    30 deny ip host 150.100.1.50 any

Router#


Dynamic Access-list (Lock and Key)
Time-based Access-list


Verification
sh ip access-list number

Easy way to calculate wildcard mask

Easy way to calculate wildcard mask
255.255.255.255 - subnet mask
e.g. for 192.168.0.0/16   wildcard is 0.0.255.255
      for 192.168.5.0/30   wildcard is 0.0.0.3 (255-252)

Cisco Router NAT

Dynamic NAT
1. Create access-list describing inside host
2. Configure outside pool
3. Map inside to outside
     (config)#ip nat inside source list 50 pool outside pool_name
4. Mark Interfaces
    (config-if)#ip nat inside or ip nat outside


Dynamic NAT Overloading
1. Create access-list describing inside host
2. Configure outside pool
3. Map inside to outside

    (config)#ip nat inside source list 40 interface f0/1 overload

4. Mark Interfaces
    (config-if)#ip nat inside or ip nat outside

Static NAT

      (config)#ip nat inside source static tcp 192.168.1.10 3389 interface f0/1 3389

Verification

show ip nat translation

show run

debug ip nat

For IP phone or other special service

(config)#ip nat service skinny tcp port 2001 

Useful words

Useful words

adept - very skilled; proficient; expert; adept in competing against; small firms are proving adept at using..
impeccable - faultless; flawless; impeccable manner, impeccable credentials
accustomed - customary; usual; habitual; 
leverage - n,v - power or ability to act or to influence people, events, decisions, etc.; sway: Being the only industry intown gave the company considerable leverage in its union negotiations. Synonyms: advantage, strength,weight; clout, pull

substantial
sustain, sustainable
sophisticated
confound
normative
lavish - using or giving in great amount; lavish praise
consensus - majority of opinion
demise - death or decease;termination of existence or operation
autonomy - independence or freedom, as of the will or one's actions
autonomous - self-governing;
deteriorate - to make or become worse or inferior in character, quality or value, etc. serious deterioration in performance
culminate - to reach the highest point, summit; to end or arrive at a final stage.
fret - v - to feel or express worry, annoyance, discontent, or the like: Fretting about the lost ring isn't going to help.
affiliate - v,n - to bring into close association or connection: The research center is affiliated with the university.
Unbridled - adj - not controlled or restrained: Unbridled enthusiasm 
pervade - v - to become spread throughout all parts of: Spring pervaded the air.
absolve - tv - to free from guilt or blame or their consequences;to set free or release, as from some duty, obligation, or responsibility
superfluous - being more than is sufficient or required; excessive;unnecessary or needless;
pledge - n,v - a solemn promise or agreement to do or refrain from doing something: