book

JUNOS Cookbook

Name: JUNOS Cookbook
Author: Aviva Garrett
ISBN: 9780596553371

by Aviva Garrett

April 2006

Intermediate to advanced

684 pages

19h 7m

English

O'Reilly Media, Inc.

Read now

Unlock full access

JUNOS Cookbook
Foreword
Preface
OrganizationWhat’s in This BookConventionsComments and QuestionsSafari® EnabledAcknowledgments
1. Router Configuration and File Management
Introduction1.1. Configuring the Router for the First Time1.2. Configuring the Router from the CLI1.3. Getting Exclusive Access to Configure the Router1.4. Displaying the Commands to Recreate a Configuration1.5. Including Comments in the Configuration1.6. Checking the Syntax of the Configuration1.7. Activating the Router Configuration1.8. Debugging a Failed Commit1.9. Exiting Configuration Mode1.10. Keeping a Record of Configuration Changes1.11. Determining What Changes You Have Made to the Configuration1.12. Configuring the Router by Copying a File from a Server1.13. Configuring the Router by Copying Text from a Terminal Window1.14. Backing Up the Router’s Configuration1.15. Scheduling the Activation of a Configuration1.16. Provisionally Activating a Configuration1.17. Loading a Previous Router Configuration1.18. Creating an Emergency Rescue Configuration1.19. Backing Up Filesystems on M-Series and T-Series Routers1.20. Backing Up Filesystems on J-Series Routers1.21. Restoring a Backed-Up Filesystem1.22. Installing a Different Software Release on M-Series and T-Series Routers1.23. Installing a Different Software Release on J-Series Routers1.24. Creating an Emergency Boot Disk1.25. Gathering Software Version Information1.26. Gathering Hardware Inventory Information1.27. Finding Out How Long the Router Has Been Up1.28. Gathering Information Before Contacting Support1.29. Managing Routers with Similar Configurations1.30. Managing Redundant Routing Engines1.31. Using the Second Routing Engine to Upgrade to a New Software Version
2. Basic Router Security and Access Control
Introduction2.1. Allowing Access to the Router2.2. Controlling Root Authentication2.3. Logging In to the Router’s Console2.4. Setting the Login Authentication Methods2.5. Setting Up Login Accounts on the Router2.6. Changing the Format of Plain-Text Passwords2.7. Changing the Plain-Text Password Encryption Method2.8. Creating a Login Account for Remote Authentication2.9. Creating a Group Login Account2.10. Customizing Account Privileges2.11. Creating a Privilege Class that Hides Encrypted Passwords2.12. Setting Up RADIUS User Authentication2.13. Setting Up TACACS+ User Authentication2.14. Restricting Inbound SSH and Telnet Access2.15. Setting the Source Address for Telnet Connections2.16. Creating a Login Banner2.17. Finding Out Who Is Logged In to the Router2.18. Logging Out of the Router2.19. Forcibly Logging a User Out
3. IPSec
Introduction3.1. Configuring IPSec3.2. Configuring IPSec Dynamic SAs3.3. Creating IPSec Dynamic SAs on J-Series Routers or Routers with AS PICs3.4. Using Digital Certificates to Create Dynamic IPSec SAs
4. SNMP
Introduction4.1. Configuring SNMP4.2. Setting Router Information for the MIB-II System Group4.3. Setting Up SNMP Traps4.4. Controlling SNMP Access to the Router4.5. Using a Firewall Filter to Protect SNMP Access4.6. Controlling Access to Router MIBs4.7. Extracting Software Inventory Information with SNMP4.8. Extracting Hardware Inventory Information with SNMP4.9. Collecting Router Operational Information with SNMP4.10. Logging SNMP Access to the Router4.11. Logging Enterprise-Specific Traps4.12. Using RMON Traps to Monitor the Router’s Temperature4.13. Configuring SNMPv34.14. Tracking Router Configuration Changes4.15. Setting Up SNMPv3 Traps
5. Logging
Introduction5.1. Turning On Logging5.2. Limiting the Messages Collected5.3. Including the Facility and Severity in Messages5.4. Changing the Size of a Logging File5.5. Clearing the Router’s Logfiles5.6. Sending Log Messages to Your Screen5.7. Sending Logging Messages to a Log Server5.8. Saving Logging Messages to the Other Routing Engine5.9. Turning Off Logging5.10. Turning On Basic Tracing5.11. Monitoring Interface Traffic
6. NTP
Introduction6.1. Setting the Date and Time on the Router Manually6.2. Setting the Time Zone6.3. Synchronizing Time When the Router Boots6.4. Synchronizing Time Periodically6.5. Authenticating NTP6.6. Checking NTP Status
7. Router Interfaces
Introduction7.1. Viewing Interface Status7.2. Viewing Traffic Statistics on an Interface7.3. Setting an IP Address for the Router7.4. Setting the Router’s Source Address7.5. Configuring an IPv4 Address on an Interface7.6. Configuring an IPv6 Address on an Interface7.7. Configuring an ISO Address on an Interface7.8. Creating an MPLS Protocol Family on a Logical Interface7.9. Configuring an Interface Description7.10. Choosing Primary and Preferred Interface Addresses7.11. Using the Management Interface7.12. Finding Out What IP Addresses Are Used on the Router7.13. Configuring Ethernet Interfaces7.14. Using VRRP on Ethernet Interfaces7.15. Connecting to an Ethernet Switch7.16. Configuring T1 Interfaces7.17. Performing a Loopback Test on a T1 Interface7.18. Setting Up a BERT Test on a T1 Interface7.19. Configuring Frame Relay on a T1 Interface7.20. Configuring a SONET Interface7.21. Using APS to Protect Against SONET Circuit Failures7.22. Configuring an ATM Interface7.23. Dealing with Nonconfigurable Interfaces7.24. Configuring Interfaces Before the PICs Are Installed

8. IP Routing
Introduction8.1. Viewing the Routes in the Routing Table8.2. Viewing Routes to a Particular Prefix8.3. Viewing Routes Learned from a Specific Protocol8.4. Displaying the Routes in the Forwarding Table8.5. Creating Static Routes8.6. Blackholing Routes8.7. Filtering Traffic Using Unicast Reverse-Path Forwarding8.8. Aggregating Routes8.9. Load-Balancing Traffic Flows8.10. Adding Martian Addresses8.11. Changing Route Preferences to Migrate to Another IGP8.12. Configuring Routing Protocols to Restart Without Losing Adjacencies
9. Routing Policy and Firewall Filters
Introduction9.1. Creating a Simple Routing Policy9.2. Changing a Route’s Routing Information9.3. Filtering Routes by IP Address9.4. Filtering Long Prefixes9.5. Filtering Unallocated Prefix Blocks9.6. Creating a Chain of Routing Policies9.7. Making Sure a Routing Policy Is Functioning Properly9.8. Creating a Simple Firewall Filter that Matches Packet Contents9.9. Creating a Firewall Filter that Negates a Match9.10. Reordering Firewall Terms9.11. Filtering Traffic Transiting the Router9.12. Using a Firewall Filter to Count Traffic on an Interface9.13. Logging the Traffic on an Interface9.14. Limiting Traffic on an Interface9.15. Protecting the Local Routing Engine9.16. Rate-Limiting Traffic Flow to the Routing Engine9.17. Using Counters to Determine Whether a Router Is Under Attack
10. RIP
Introduction10.1. Configuring RIP10.2. Having RIP Advertise Its Routes10.3. Configuring RIP for IPv610.4. Enabling RIP Authentication10.5. Routing RIP Traffic over Faster Interfaces10.6. Sending Version 1 Update Messages10.7. Tracing RIP Protocol Traffic
11. IS-IS
Introduction11.1. Configuring IS-IS11.2. Viewing the IS-IS Link-State Database11.3. Viewing Routes Learned by IS-IS11.4. Configuring IS-IS for IPv611.5. Configuring a Level 1–Only Router11.6. Controlling DIS Election11.7. Enabling IS-IS Authentication11.8. Redistributing Static Routes into IS-IS11.9. Leaking IS-IS Level 2 Routes into Level 111.10. Adjusting IS-IS Link Costs11.11. Improving IS-IS Convergence Times11.12. Moving IS-IS Traffic off a Router11.13. Disabling IS-IS on an Interface11.14. Tracing IS-IS Protocol Traffic
12. OSPF
Introduction12.1. Configuring OSPF12.2. Viewing Routes Learned by OSPF12.3. Viewing the OSPF Link-State Database12.4. Configuring OSPF for IPv612.5. Configuring a Multiarea OSPF Network12.6. Setting Up Stub Areas12.7. Creating a Not-So-Stubby Area12.8. Summarizing Routes in OSPF12.9. Enabling OSPF Authentication12.10. Redistributing Static Routes into OSPF12.11. Adjusting OSPF Link Costs12.12. Improving OSPF Convergence Times12.13. Moving OSPF Traffic off a Router12.14. Disabling OSPF on an Interface12.15. Tracing OSPF Protocol Traffic
13. BGP
Introduction13.1. Configuring a BGP Session Between Routers in Two ASs13.2. Configuring BGP on Routers Within an AS13.3. Diagnosing TCP Session Problems13.4. Adjusting the Next-Hop Attribute13.5. Adjusting Local Preference Values13.6. Removing Private AS Numbers from the AS Path13.7. Prepending AS Numbers to the AS Path13.8. Filtering BGP Routes Based on AS Paths13.9. Restricting the Number of Routes Advertised to a BGP Peer13.10. Authenticating BGP Peers13.11. Setting Up Route Reflectors13.12. Mitigating Route Instabilities with Route Flap Damping13.13. Adding a BGP Community to Routes13.14. Load-Balancing BGP Traffic13.15. Tracing BGP Protocol Traffic
14. MPLS
Introduction14.1. Configuring LSPs Using LDP as the Signaling Protocol14.2. Viewing Information and LDP-Signaled LSPs in the Routing Tables14.3. Verifying that an LDP-Signaled LSP Is Carrying Traffic14.4. Enabling LDP Authentication14.5. Tracing LDP Operations14.6. Setting Up RSVP-Signaled LSPs14.7. Viewing Information About RSVP-Signaled LSPs in the Routing Tables14.8. Verifying Packet Labels14.9. Verifying that the RSVP-Signaled LSP Is Carrying Traffic14.10. Configuring RSVP Authentication14.11. Protecting an LSP’s Path14.12. Using Fast Reroute to Reduce Packet Loss Following a Link Failure14.13. Automatically Allocating Bandwidth14.14. Prioritizing LSPs14.15. Allowing IGP Traffic to Use an LSP14.16. Installing LSPs into the Unicast Routing Table14.17. Tracing RSVP Operations
15. VPNs
Introduction15.1. Setting Up a Simple Layer 3 VPN15.2. Viewing the VPN Routing Tables15.3. Adding a VPN for a Second Customer
16. IP Multicast
Introduction16.1. Configuring PIM-SM16.2. Manually Establishing a PIM-SM RP16.3. Using Auto-RP to Dynamically Map RPs16.4. Setting Up a PIM-SM Bootstrap Router16.5. Filtering PIM-SM Bootstrap Messages16.6. Configuring Multiple RPs in a PIM-SM Domain with Anycast RP16.7. Configuring Multiple RPs in a PIM-SM Domain Anycast PIM16.8. Limiting the Group Ranges an RP Services16.9. Viewing Multicast Routes16.10. Checking the Groups for Which a PIM-SM Router Maintains Join State16.11. Manually Configuring IGMP16.12. Using SSM16.13. Connecting PIM-SM Domains Using MSDP and MBGP16.14. Configuring PIM-DM16.15. Tracing PIM Packets
Index
About the Author
Colophon
Copyright

Content preview from JUNOS Cookbook

Chapter 4. SNMP

Introduction

The Simple Network Management Protocol ( SNMP) is an Internet standard protocol for remotely managing routers, switches, servers, workstations, and other devices on an IP network. SNMP was first introduced in the late 1980s and is now widely supported. The first version of SNMP, Version 1 (SNMPv1; RFC 1157), defines the architecture and framework for SNMP.

SNMP Version 2 (SNMPv2) was proposed in 1993 to improve performance, manager-to-manager communications, and security. It was defined in RFCs 1155 and 1213. However, SNMPv2 was not widely accepted because the IETF did not reach consensus on the security features. A revised version, referred to as Community SNMPv2, or SNMPv2c, was later approved by the IETF ( RFCs 1902 and 3416). This version contains all the proposed SNMPv2 enhancements except for the security features, including more detailed error codes, addition of the GetBulk operation for more efficient retrieval of large amounts of data, and support for 64-bit counters. For security, this version supports community strings, which act as text-based passwords for determining how SNMP managers can access the data on SNMP agents. SNMPv2 is currently the most commonly deployed version of SNMP.

The newest version, SNMP Version 3 (SNMPv3), introduced in 1999 ( RFCs 3410 through 3418), defines stronger security features, including authentication for accessing network devices and encryption of SNMP packets. SNMPv3 uses a user-based security model (USM) ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0596100140Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

JUNOS Cookbook

by Aviva Garrett

Chapter 4. SNMP

Introduction

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.