Errata

Errata for JUNOS Cookbook

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released.

The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.

Color Key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version	Location	Description	Submitted by
Printed	Page 16 the example for basic setup the second to last command	In the example for basic setup the second to last command should be: set system login user aviva authentication plain-text-password It says: set system log .....	Anonymous
Printed	Page 69 Fourth Paragraph, first sentence	This is incorrect: "With graceful switchover, the backup Routing Engine regularly synchronizes its configuration and state with the master Routing Engine." JUNOS does not automatically sync its config between RE's. You must either issue commit synchronize or configure automatic synchronization under the "edit system commit" hierarchy.	Anonymous
Printed	Page 88 2nd paragraph of the DISCUSSION section	I have read the demo chapter provided on the JUNIPER website and I have found an error. On the solution part of point 2.9 (Creating a Group Login Account) a noc user is defined. But on the comments of the Discusion section you can read "This second command, set user remote full-name, provides a description of the account". It should say "This second command, set user noc full-name, provides a description of the account"	Anonymous
Printed	Page 94 22 line from the top	(is) # set class operator-plus-read-config permissions idle-timeout 5 (should be) # set class operator-plus-read-config idle-timeout 5	Anonymous
Printed	Page 117 top of page third line	the command is [edit protocols ospf area 0.0.0.0 ] set interface sp-1/2/1 to set the IGP to use the IPSec tunnel interface. on the previous page the interfaces are set as sp-1/2/0.1 service-domain inside sp-1/2/0.2 service-domain outside I believe that the interface should have been [edit protocols ospf area 0.0.0.0 ] set interface sp-1/2/0.1	Anonymous
Printed	Page 283 line 3, 10, 18 from end	In the commands example, all of the "edit policy-options" term should be "edit firewall".	Anonymous
Printed	Page 284 line 6	From JUNOS 8.0R, apply multiple firewall filters on an input/output interface is allowed.	Anonymous
Printed	Page 287 line 2 from the end	In the statement "Here, the action is to accept the packet (set then accept).", the word packet should be changed to route to match the recipe example. The example is a policy-statement and would be applied on routes only.	Anonymous
Printed	Page 288 line 1 (exclude Table 9-3)	In the statement "..., if the packet matches all the .....", the word "packet" should be "route" to match the recipe example.	Anonymous
Printed	Page 294 line 12 from the end	In the statement "set from route-filter 0.0.0.0/0 or longer", no space should be exist betweeb "or" and "longer".	Anonymous
Printed	Page 310 line 17 from the end	Although there are lots of restrictions, we can apply more than only one filter on single interface since JUNOS 8.0R.	Anonymous
Printed	Page 312 line 6	In the recipe, the statement "[edit firewall incoming-to-me]" should be "[edit firewall filter incoming-to-me]".	Anonymous
Printed	Page 312 line 17 ~ 20	After comparing the discussion on page.313, all the "ICMP/icmp" word here should be "OSPF/ospf". BTW, this recipe is an example for an eBGP border router, add a term to permit ospf packets is unnecessary.	Anonymous
Printed	Page 315 line 14	The term "final-accept" here should be "reject-addresses".	Anonymous
Printed	Page 317 line 13	For the statement "You can log accepted and rejected packets but not discarded ones.", as same with in page.306 Table 9-6. Here is a piece of filter on our border router: (The address was changed to private address) filter peer_in { interface-specific; term ddos_filter { from { destination-address { /* ddos filtering for customer */ 192.168.157.186/32; } } then { log; discard; } } } I use this term to discard packets flow to my customer, and actually I could use "show firewall log" to view the discard packets log. In JUNOS configuration guide, is says "Discarded packets cannot be logged or sampled." before JUNOS 7.5. Since JUNOS7.6, the statement was removed. We use JUNOS version 7.4R2.6 on our border router. It confused me.	Anonymous
Printed	Page 321 line 13 to 10 from the end	A command statement "set from destination-port 3221" is necessary to exactly match xnm traffic.	Anonymous
Printed	Page 412 6th line from the bottom	aviva@RouterG> show route table inet.0 show route table inet.0 192.168.18.1 "show route table inet.0" is printed twice. Should be: aviva@RouterG> show route table inet.0 192.168.18.1	Anonymous
Printed	Page 554 line 24	In the statement "The local PE router pops the VPN label.....", the word "pops" should be "pushes". Because local PE router have to add a VPN label on packet for remote PE router to resolve the correct VRF.	Anonymous
Printed	Page 561 line 13 from end	In the statement "when sending routes to local PE router", the word "local" should be "remote" to match the meaning followed the statement.	Anonymous
Printed	Page 568 line 13~11 from end	I do not know what JUNOS version that the author used, but the command "routing-options" here is unnecessary.	Anonymous
Printed	Page 574 line 6 from end	In the statement "between the remote PE router and the remote PE.....", one of the two "PE router" should be "CE router".	Anonymous