Section |
Page |
Table of Contents |
7 |
About This Guide |
69 |
How to Use This Guide |
69 |
Downloading Software |
70 |
Documentation Conventions |
70 |
Repair and Warranty |
71 |
Requesting Technical Support |
71 |
Part 1: Junos OS for J-EX Series Switches Product Overview |
73 |
Chapter 1: Software Overview |
75 |
J-EX Series Switch Software Features Overview |
75 |
Layer 3 Protocols Supported on J-EX Series Switches |
85 |
Layer 3 Protocols Not Supported on J-EX Series Switches |
86 |
Security Features for J-EX Series Switches Overview |
88 |
High Availability Features for J-EX Series Switches Overview |
90 |
VRRP |
90 |
Graceful Protocol Restart |
91 |
Redundant Routing Engines |
91 |
Graceful Routing Engine Switchover |
92 |
Virtual Chassis Software Upgrade and Failover Features |
92 |
Link Aggregation |
92 |
Understanding Software Infrastructure and Processes |
94 |
Routing Engine and Packet Forwarding Engine |
94 |
Junos OS Processes |
95 |
Chapter 2: Supported Hardware |
97 |
J-EX4200 Switches Hardware Overview |
97 |
J-EX4200 Switches |
97 |
Uplink Modules |
98 |
Power over Ethernet (PoE) Ports |
98 |
J-EX4200 Switch Models |
98 |
J-EX8208 Switch Hardware Overview |
99 |
Software |
99 |
Chassis Physical Specifications |
99 |
Routing Engines and Switch Fabric |
100 |
Line Cards |
101 |
Cooling System |
101 |
Power Supplies |
101 |
J-EX8216 Switch Hardware Overview |
102 |
Software |
102 |
Chassis Physical Specifications, LCD Panel, and Midplane |
102 |
Routing Engines and Switch Fabric |
104 |
Line Cards |
105 |
Cooling System |
105 |
Power Supplies |
106 |
Part 2: Complete Software Configuration Statement Hierarchy |
107 |
Chapter 3: Complete Software Configuration Statement Hierarchy |
109 |
[edit access] Configuration Statement Hierarchy |
109 |
[edit chassis] Configuration Statement Hierarchy |
110 |
[edit class-of-service] Configuration Statement Hierarchy |
110 |
[edit ethernet-switching-options] Configuration Statement Hierarchy |
112 |
[edit firewall] Configuration Statement Hierarchy |
114 |
[edit forwarding-options] Configuration Statement Hierarchy |
115 |
[edit interfaces] Configuration Statement Hierarchy |
116 |
[edit poe] Configuration Statement Hierarchy |
120 |
[edit protocols] Configuration Statement Hierarchy |
120 |
[edit routing-instances] Configuration Hierarchy |
127 |
[edit snmp] Configuration Statement Hierarchy |
127 |
[edit virtual-chassis] Configuration Statement Hierarchy |
127 |
[edit vlans] Configuration Statement Hierarchy |
128 |
Part 3: Software Installation |
131 |
Chapter 4: Software Installation Overview |
133 |
Installation Overview |
133 |
Understanding Software Installation on J-EX Series Switches |
133 |
Overview of the Software Installation Process |
133 |
Software Package Security |
134 |
Installing Software on a Virtual Chassis |
134 |
Installing Software on J-EX8200 Switches with Redundant Routing Engines |
134 |
Installing Software Using Automatic Software Download |
135 |
Troubleshooting Software Installation |
135 |
Junos OS Package Names |
135 |
Understanding System Snapshot on J-EX Series Switches |
136 |
Licenses Overview |
137 |
Understanding Software Licenses for the J-EX Series Switch |
137 |
Features Requiring a License |
137 |
License Warning Messages |
138 |
License Key Components for the J-EX Series Switch |
138 |
Chapter 5: Installing Junos OS |
141 |
Downloading Software Packages |
141 |
Installing Software on a J-EX Series Switch with a Single Routing Engine (CLI Procedure) |
142 |
Installing Software on a J-EX8200 Switch with Redundant Routing Engines (CLI Procedure) |
143 |
Preparing the Switch for the Software Installation |
144 |
Installing Software on the Backup Routing Engine |
145 |
Installing Software on the Default Master Routing Engine |
146 |
Returning Routing Control to the Default Master Routing Engine (Optional) |
147 |
Installing Software on J-EX Series Switches (J-Web Procedure) |
147 |
Installing Software Upgrades from a Server |
148 |
Installing Software Upgrades by Uploading Files |
149 |
Rebooting or Halting the J-EX Series Switch (J-Web Procedure) |
149 |
Chapter 6: Booting the Switch, Upgrading Software, and Managing Licenses |
151 |
Booting the Switch |
151 |
Booting a J-EX Series Switch Using a Software Package Stored on a USB Flash Drive |
151 |
Creating a Snapshot and Using It to Boot a J-EX Series Switch |
152 |
Creating a Snapshot on a USB Flash Drive and Using It to Boot the Switch |
152 |
Creating a Snapshot on an Internal Flash Drive and Using it to Boot the Switch |
153 |
Upgrading Software |
154 |
Upgrading Software Using Automatic Software Download on J-EX Series Switches |
154 |
Managing Licenses |
155 |
Managing Licenses for the J-EX Series Switch (CLI Procedure) |
155 |
Adding New Licenses |
155 |
Deleting Licenses |
156 |
Saving License Keys |
156 |
Managing Licenses for the J-EX Series Switch (J-Web Procedure) |
156 |
Adding New Licenses |
157 |
Deleting Licenses |
157 |
Displaying License Keys |
158 |
Downloading Licenses |
158 |
Chapter 7: Verifying Software Installation |
159 |
Routine Monitoring |
159 |
Verifying That Automatic Software Download Is Working Correctly |
159 |
Verifying That a System Snapshot Was Created on a J-EX Series Switch |
160 |
Monitoring Licenses |
160 |
Monitoring Licenses for the J-EX Series Switch |
160 |
Displaying Installed Licenses and License Usage Details |
161 |
Displaying Installed License Keys |
162 |
Chapter 8: Troubleshooting Software Installation |
163 |
Troubleshooting Software Installation |
163 |
Recovering from a Failed Software Upgrade on a J-EX Series Switch |
163 |
Rebooting from the Inactive Partition |
164 |
Chapter 9: Configuration Statements for Software Installation |
167 |
[edit chassis] Configuration Statement Hierarchy |
167 |
auto-image-upgrade |
168 |
Chapter 10: Operational Mode Commands for Software Installation |
169 |
request system license add |
170 |
request system license delete |
171 |
request system license save |
172 |
request system reboot |
173 |
request system reboot |
176 |
request system snapshot |
178 |
request system software add |
180 |
request system software delete |
183 |
request system software rollback |
185 |
request system software validate |
187 |
show system autoinstallation status |
189 |
show system boot-messages |
190 |
show system license |
191 |
show system snapshot |
194 |
Part 4: User Interfaces |
197 |
Chapter 11: User Interfaces Overview |
199 |
User Interfaces—Overview |
199 |
CLI User Interface Overview |
199 |
CLI Overview |
199 |
CLI Help and Command Completion |
199 |
CLI Command Modes |
200 |
J-Web User Interface for J-EX Series Switches Overview |
201 |
Understanding J-Web Configuration Tools |
203 |
Understanding J-Web User Interface Sessions |
205 |
Chapter 12: Using the Configuration Tools |
207 |
Using the CLI Terminal |
207 |
Starting the J-Web Interface |
208 |
Chapter 13: Operational Mode Commands for User Interfaces |
209 |
set cli complete-on-space |
210 |
set cli directory |
211 |
set cli idle-timeout |
212 |
set cli prompt |
213 |
set cli restart-on-upgrade |
214 |
set cli screen-length |
215 |
set cli screen-width |
216 |
set cli terminal |
217 |
set cli timestamp |
218 |
show cli |
219 |
show cli authorization |
221 |
show cli directory |
224 |
show cli history |
225 |
start shell |
226 |
Part 5: Junos OS for J-EX Series Switches System Setup |
227 |
Chapter 14: System Setup Overview |
229 |
Junos OS—Overview |
229 |
J-EX Series Switch Software Features Overview |
229 |
Understanding Software Infrastructure and Processes |
230 |
Routing Engine and Packet Forwarding Engine |
230 |
Junos OS Processes |
230 |
Chapter 15: Initial Configuration |
233 |
Connecting and Configuring a J-EX Series Switch (CLI Procedure) |
233 |
Connecting and Configuring a J-EX Series Switch (J-Web Procedure) |
235 |
Configuring the LCD Panel on J-EX Series Switches (CLI Procedure) |
238 |
Disabling or Enabling Menus and Menu Options on the LCD Panel |
238 |
Configuring a Custom Display Message |
239 |
Configuring Date and Time for the J-EX Series Switch (J-Web Procedure) |
239 |
Configuring System Identity for a J-EX Series Switch (J-Web Procedure) |
240 |
Chapter 16: Configuration Statements for System Setup |
243 |
arp |
243 |
authentication-key |
244 |
auxiliary |
245 |
boot-server (NTP) |
245 |
broadcast |
246 |
broadcast-client |
247 |
console (Physical Port) |
248 |
default-address-selection |
249 |
domain-name (Router) |
249 |
gre-path-mtu-discovery |
250 |
host-name |
250 |
icmpv4-rate-limit |
251 |
icmpv6-rate-limit |
252 |
inet6-backup-router |
253 |
internet-options |
254 |
ipip-path-mtu-discovery |
255 |
ipv6-duplicate-addr-detection-transmits |
255 |
ipv6-path-mtu-discovery |
256 |
ipv6-path-mtu-discovery-timeout |
256 |
ipv6-reject-zero-hop-limit |
257 |
lcd-menu |
258 |
location |
259 |
menu-item |
260 |
multicast-client |
261 |
no-multicast-echo |
262 |
no-ping-record-route |
262 |
no-ping-time-stamp |
263 |
no-redirects |
263 |
no-tcp-rfc1323 |
264 |
no-tcp-rfc1323-paws |
264 |
ntp |
265 |
path-mtu-discovery |
265 |
peer |
266 |
ports |
267 |
processes |
268 |
server (NTP) |
269 |
tcp-drop-synfin-set |
269 |
traceoptions (SBC Configuration Process) |
270 |
trusted-key |
272 |
Chapter 17: Operational Mode Commands for System Setup |
273 |
clear chassis display message |
274 |
clear system reboot |
276 |
configure |
278 |
op |
279 |
request chassis pic |
281 |
request chassis routing-engine master |
282 |
request system halt |
284 |
request system logout |
287 |
request system power-off |
288 |
request system reboot |
290 |
request system reboot |
293 |
request system scripts convert |
295 |
request system scripts refresh-from commit |
296 |
request system scripts refresh-from event |
297 |
request system scripts refresh-from op |
298 |
request system storage cleanup |
299 |
restart |
301 |
set chassis display message |
305 |
set date |
307 |
show chassis firmware |
308 |
show chassis lcd |
310 |
show configuration |
316 |
show host |
319 |
show ntp associations |
320 |
show ntp status |
322 |
show system firmware |
323 |
show system reboot |
324 |
show system snapshot |
326 |
show system software |
328 |
show system storage |
330 |
show system switchover |
332 |
show system uptime |
334 |
show system users |
336 |
show system virtual-memory |
338 |
show task replication |
367 |
show version |
368 |
Part 6: Junos OS for J-EX Series Switches Power Management |
371 |
Chapter 18: Power Management Overview |
373 |
Junos OS—Overview |
373 |
J-EX Series Switch Software Features Overview |
373 |
Power Management |
374 |
Understanding Power Management on J-EX Series Switches |
374 |
Power Priority of Line Cards |
375 |
Power Supply Redundancy |
376 |
Chapter 19: Initial Configuration |
379 |
Configuring Power Supply Redundancy (CLI Procedure) |
379 |
Configuring the Power Priority of Line Cards (CLI Procedure) |
380 |
Chapter 20: Verifying Power Management |
381 |
Verifying Power Configuration and Use |
381 |
Chapter 21: Configuration Statements for Power Management |
383 |
fpc |
384 |
n-plus-n |
385 |
power-budget-priority |
385 |
psu |
386 |
redundancy |
386 |
Chapter 22: Operational Mode Commands for Power Management |
387 |
show chassis power-budget-statistics |
388 |
Part 7: Junos OS for J-EX Series Switches Configuration Management |
391 |
Chapter 23: Configuration Management Overview |
393 |
Configuration Files—Overview |
393 |
Understanding Configuration Files for J-EX Series Switches |
393 |
Configuration Files Terms |
394 |
Understanding Automatic Refreshing of Scripts on J-EX Series Switches |
395 |
Understanding Autoinstallation of Configuration Files on J-EX Series Switches |
395 |
Typical Uses for Autoinstallation |
395 |
Autoinstallation Configuration Files and IP Addresses |
396 |
Typical Autoinstallation Process on a New Switch |
396 |
J-EX Series Switches Default Configuration |
397 |
J-EX4200 Default Configuration |
397 |
J-EX8200 Switch Default Configuration |
401 |
Chapter 24: Managing Junos OS Configuration |
403 |
Using the Configuration Tools in J-Web |
403 |
Using the CLI Viewer in the J-Web Interface to View Configuration Text |
403 |
Using the CLI Editor in the J-Web Interface to Edit Configuration Text |
403 |
Using the Point and Click CLI Tool in the J-Web Interface to Edit Configuration Text |
404 |
Using the Commit Options to Commit Configuration Changes (J-Web Procedure) |
406 |
Managing Junos OS Configuration |
407 |
Uploading a Configuration File (CLI Procedure) |
408 |
Uploading a Configuration File (J-Web Procedure) |
409 |
Managing Configuration Files Through the Configuration History (J-Web Procedure) |
410 |
Displaying Configuration History |
410 |
Displaying Users Editing the Configuration |
411 |
Comparing Configuration Files with the J-Web Interface |
411 |
Downloading a Configuration File with the J-Web Interface |
412 |
Loading a Previous Configuration File with the J-Web Interface |
412 |
Loading a Previous Configuration File (CLI Procedure) |
412 |
Reverting to the Default Factory Configuration for the J-EX Series Switch |
413 |
Reverting to the Default Factory Configuration by Using the LCD Panel |
414 |
Reverting to the Default Factory Configuration by Using the Load Factory Default Command |
414 |
Reverting to the Rescue Configuration for the J-EX Series Switch |
415 |
Setting or Deleting the Rescue Configuration (CLI Procedure) |
416 |
Setting or Deleting the Rescue Configuration (J-Web Procedure) |
417 |
Configuring Autoinstallation of Configuration Files (CLI Procedure) |
417 |
Chapter 25: Verifying Configuration |
421 |
Verifying Autoinstallation Status on a J-EX Series Switch |
421 |
Chapter 26: Configuration Statements for Configuration Management |
423 |
archival |
423 |
archive-sites (Configuration File) |
424 |
autoinstallation |
425 |
commit synchronize |
426 |
configuration |
427 |
configuration-servers |
428 |
interfaces |
429 |
transfer-interval (Configuration) |
430 |
transfer-on-commit |
430 |
Chapter 27: Operational Mode Commands for Configuration Management |
431 |
clear log |
432 |
clear system commit |
433 |
file archive |
434 |
file checksum md5 |
436 |
file checksum sha1 |
437 |
file checksum sha-256 |
438 |
file compare |
439 |
file copy |
442 |
file delete |
443 |
file list |
444 |
file rename |
445 |
file show |
447 |
request system configuration rescue delete |
448 |
request system configuration rescue save |
449 |
request system scripts refresh-from commit |
450 |
request system scripts refresh-from event |
451 |
request system scripts refresh-from op |
452 |
show system commit |
453 |
show system configuration archival |
455 |
show system configuration rescue |
456 |
show system rollback |
457 |
test configuration |
459 |
Part 8: User and Access Management on J-EX Series Switches |
461 |
Chapter 28: User and Access Management on J-EX Series Switches Overview |
463 |
J-EX Series Switch Software Features Overview |
463 |
Understanding Software Infrastructure and Processes |
464 |
Routing Engine and Packet Forwarding Engine |
464 |
Junos OS Processes |
464 |
Chapter 29: User Access Management Configuration |
467 |
Configuring Management Access for the J-EX Series Switch (J-Web Procedure) |
467 |
Generating SSL Certificates to Be Used for Secure Web Access |
470 |
Configuring MS-CHAPv2 to Provide Password-Change Support (CLI Procedure) |
471 |
Chapter 30: Monitoring Users |
473 |
Managing Users (J-Web Procedure) |
473 |
Chapter 31: Troubleshooting User Access Management |
477 |
Troubleshooting Loss of the Root Password |
477 |
Chapter 32: Configuration Statements for User and Access Management |
481 |
allow-commands |
481 |
allow-configuration |
482 |
announcement |
482 |
authentication (Login) |
483 |
authentication-order |
484 |
change-type |
485 |
class (Assigning a Class to an Individual User) |
485 |
class (Defining Login Classes) |
486 |
deny-commands |
487 |
deny-configuration |
488 |
format |
489 |
full-name |
489 |
idle-timeout |
490 |
login |
491 |
login-alarms |
492 |
login-tip |
492 |
maximum-length |
493 |
message |
493 |
minimum-changes |
494 |
minimum-length |
495 |
password (Login) |
495 |
permissions |
496 |
radius-options |
496 |
retry-options |
497 |
root-authentication |
498 |
root-login |
499 |
tacplus-options |
500 |
tacplus-server |
501 |
traceoptions (Address-Assignment Pool) |
502 |
uid |
503 |
user (Access) |
504 |
Chapter 33: Operational Mode Commands for User and Access Management |
505 |
request message |
506 |
show subscribers |
507 |
Part 9: Junos OS for J-EX Series Switches System Services |
515 |
Chapter 34: System Services Overview |
517 |
DHCP Overview |
517 |
DHCP Services for J-EX Series Switches Overview |
517 |
DHCP/BOOTP Relay for J-EX Series Switches Overview |
518 |
Chapter 35: System Services Configuration |
519 |
Configuring DHCP Services (J-Web Procedure) |
519 |
Configuring a DHCP SIP Server (CLI Procedure) |
522 |
Chapter 36: Monitoring System Services |
523 |
Monitoring DHCP Services |
523 |
Chapter 37: Configuration Statements for System Services |
527 |
boot-file |
527 |
boot-server (DHCP) |
528 |
bootp |
529 |
ca-name |
530 |
cache-size |
530 |
cache-timeout-negative |
531 |
certificates |
532 |
certification-authority |
533 |
client-identifier |
533 |
connection-limit |
534 |
crl (Encryption Interface) |
535 |
default-lease-time |
535 |
description |
536 |
dhcp |
537 |
domain |
538 |
domain-name (DHCP) |
538 |
domain-search |
539 |
encoding |
539 |
enrollment-retry |
540 |
enrollment-url |
540 |
file |
541 |
ftp |
541 |
helpers |
542 |
http |
544 |
https |
545 |
interface (BOOTP) |
546 |
interface (DNS and TFTP Packet Forwarding or Relay Agent) |
547 |
ldap-url |
547 |
load-key-file |
548 |
local |
549 |
local-certificate |
550 |
maximum-certificates |
550 |
maximum-hop-count |
551 |
maximum-lease-time |
551 |
minimum-wait-time |
552 |
name-server |
552 |
no-listen |
553 |
outbound-ssh |
554 |
path-length |
556 |
pool |
557 |
port (HTTP/HTTPS) |
558 |
port (SRC Server) |
558 |
protocol-version |
559 |
rate-limit |
559 |
server (DHCP and BOOTP Relay Agent) |
560 |
server (DNS and TFTP Service) |
561 |
server-identifier |
562 |
servers |
563 |
service-deployment |
563 |
services |
564 |
session |
566 |
sip-server |
567 |
source-address (SRC Software) |
567 |
source-address-giaddr |
568 |
ssh |
568 |
static-binding |
569 |
telnet |
570 |
tftp |
570 |
traceoptions |
571 |
traceoptions (DHCP Server) |
573 |
traceoptions (DNS and TFTP Packet Forwarding) |
576 |
web-management |
578 |
wins-server |
579 |
Chapter 38: Operational Mode Commands for System Services |
581 |
clear system services dhcp binding |
582 |
clear system services dhcp conflict |
583 |
clear system services dhcp statistics |
584 |
request ipsec switch |
585 |
request security certificate (signed) |
586 |
request security key-pair |
587 |
request security certificate (unsigned) |
588 |
show system services dhcp binding |
589 |
show system services dhcp conflict |
591 |
show system services dhcp global |
592 |
show system services dhcp pool |
594 |
show system services dhcp statistics |
596 |
show system services service-deployment |
598 |
ssh |
599 |
telnet |
601 |
Part 10: Junos OS for J-EX Series Switches System Monitoring |
603 |
Chapter 39: System Monitoring Overview |
605 |
Understanding Alarm Types and Severity Levels on J-EX Series Switches |
605 |
Dashboard for J-EX Series Switches |
606 |
System Information Panel |
607 |
Health Status Panel |
607 |
Capacity Utilization Panel |
608 |
Alarms Panel |
608 |
Chassis Viewer |
609 |
Chapter 40: Administering and Monitoring System Functions |
613 |
Monitoring System Log Messages |
613 |
Checking Active Alarms with the J-Web Interface |
616 |
Monitoring Chassis Alarms for a J-EX8200 Switch |
617 |
Monitoring Switch Control Traffic |
620 |
Monitoring System Properties |
622 |
Monitoring Chassis Information |
624 |
Monitoring System Process Information |
626 |
Managing Log, Temporary, and Crash Files on the Switch (J-Web Procedure) |
627 |
Cleaning Up Files |
627 |
Downloading Files |
628 |
Deleting Files |
628 |
Chapter 41: Configuration Statements for System Monitoring |
631 |
archive (All System Log Files) |
632 |
archive-sites |
633 |
arguments |
633 |
attributes-match |
634 |
commands |
635 |
console (System Logging) |
636 |
destination |
637 |
destinations |
638 |
equals |
638 |
event-options |
639 |
events (Associating Events with a Policy) |
641 |
events (Correlating Events with Each Other) |
641 |
event-script |
642 |
event-script |
643 |
execute-commands |
644 |
explicit-priority |
644 |
facility-override |
645 |
file |
646 |
file (System Logging) |
647 |
files |
648 |
generate-event |
649 |
host |
650 |
ignore |
651 |
interface (Accounting or Sampling) |
651 |
log-prefix |
652 |
match |
652 |
not |
653 |
output-filename |
653 |
output-format |
654 |
policy |
655 |
raise-trap |
656 |
refresh |
657 |
refresh-from |
657 |
remote-execution |
658 |
retry-count |
659 |
size |
660 |
source |
661 |
structured-data |
662 |
syslog |
663 |
then |
665 |
time-format |
666 |
time-interval |
667 |
time-of-day |
667 |
time-zone |
668 |
traceoptions |
670 |
traceoptions |
672 |
traceoptions (Commit and Op Scripts) |
674 |
transfer-delay |
676 |
trigger |
677 |
upload |
678 |
user (System Logging) |
679 |
user-name |
680 |
within |
680 |
world-readable |
681 |
Chapter 42: Operational Mode Commands for System Monitoring |
683 |
clear log |
684 |
file archive |
685 |
file checksum md5 |
687 |
file checksum sha1 |
688 |
file checksum sha-256 |
689 |
file compare |
690 |
file copy |
693 |
file delete |
694 |
file list |
695 |
file rename |
696 |
file show |
697 |
monitor list |
698 |
monitor start |
699 |
monitor stop |
700 |
request system configuration rescue delete |
701 |
request system configuration rescue save |
702 |
request system scripts refresh-from commit |
703 |
request system scripts refresh-from event |
704 |
request system scripts refresh-from op |
705 |
show chassis alarms |
706 |
show chassis environment |
707 |
show chassis environment fpc |
709 |
show chassis environment routing-engine |
710 |
show chassis fpc |
711 |
show chassis hardware |
715 |
show chassis led |
718 |
show chassis location |
721 |
show chassis pic |
722 |
show chassis routing-engine |
725 |
show chassis temperature-thresholds |
727 |
show log |
729 |
show pfe next-hop |
731 |
show pfe route |
733 |
show pfe statistics ip |
735 |
show pfe statistics ip6 |
738 |
show pfe terse |
741 |
show system alarms |
742 |
show system audit |
743 |
show system buffers |
745 |
show system connections |
747 |
show system core-dumps |
751 |
show system directory-usage |
753 |
show system processes |
754 |
Part 11: Virtual Chassis |
761 |
Chapter 43: Virtual Chassis—Overview, Components, and Configurations |
763 |
Virtual Chassis Overview |
763 |
Basic Configuration of a Virtual Chassis with Master and Backup Switches |
764 |
Expanding Configurations—Within a Single Wiring Closet and Across Wiring Closets |
764 |
Global Management of Member Switches in a Virtual Chassis |
765 |
High Availability Through Redundant Routing Engines |
765 |
Adaptability as an Access Switch or Distribution Switch |
765 |
Understanding Virtual Chassis Components |
766 |
Virtual Chassis Ports (VCPs) |
766 |
Master Role |
766 |
Backup Role |
767 |
Linecard Role |
767 |
Member Switch and Member ID |
768 |
Mastership Priority |
768 |
Virtual Chassis Identifier (VCID) |
769 |
Understanding How the Master in a Virtual Chassis Configuration Is Elected |
770 |
Understanding Software Upgrade in a Virtual Chassis Configuration |
770 |
Understanding Global Management of a Virtual Chassis Configuration |
771 |
Understanding Nonvolatile Storage in a Virtual Chassis Configuration |
774 |
Nonvolatile Memory Features |
774 |
Understanding the High-Speed Interconnection of the Virtual Chassis Members |
774 |
Understanding Virtual Chassis Configurations and Link Aggregation |
774 |
Understanding Virtual Chassis Configuration |
776 |
Understanding Virtual Chassis J-EX4200 Switch Version Compatibility |
777 |
Understanding Fast Failover in a Virtual Chassis Configuration |
778 |
Supported Topologies for Fast Failover |
778 |
How Fast Failover Works |
778 |
Fast Failover in a Ring Topology using Dedicated VCPs |
778 |
Fast Failover in a Ring Topology Using Uplink Module VCPs |
780 |
Fast Failover in a Virtual Chassis Configuration Using Multiple Ring Topologies |
782 |
Effects of Topology Changes on a Fast Failover Configuration |
783 |
Understanding Split and Merge in a Virtual Chassis Configuration |
784 |
What Happens When a Virtual Chassis Configuration Splits |
784 |
Merging Virtual Chassis Configurations |
785 |
Understanding Automatic Software Update on Virtual Chassis Member Switches |
787 |
Chapter 44: Virtual Chassis—Configuration Examples |
789 |
Example: Configuring a Virtual Chassis with a Master and Backup in a Single Wiring Closet |
789 |
Requirements |
790 |
Overview and Topology |
790 |
Configuration |
792 |
Verification |
792 |
Verifying That the Mastership Priority Is Assigned Appropriately |
792 |
Verifying That the VCPs Are Operational |
793 |
Troubleshooting the Virtual Chassis |
793 |
Example: Expanding a Virtual Chassis Configuration in a Single Wiring Closet |
794 |
Requirements |
794 |
Overview and Topology |
795 |
Configuration |
796 |
Verification |
797 |
Verifying That the New Switch Has Been Added as a Linecard |
797 |
Verifying That the VCPs Are Operational |
798 |
Troubleshooting |
798 |
Example: Setting Up a Multimember Virtual Chassis Access Switch with a Default Configuration |
799 |
Requirements |
800 |
Overview and Topology |
800 |
Configuration |
801 |
Verification |
802 |
Verifying the Member IDs and Roles of the Member Switches |
802 |
Verifying That the VCPs Are Operational |
803 |
Troubleshooting |
804 |
Example: Configuring a Virtual Chassis Interconnected Across Multiple Wiring Closets |
805 |
Requirements |
805 |
Overview and Topology |
806 |
Configuration |
808 |
Verification |
810 |
Verifying the Member IDs and Roles of the Member Switches |
810 |
Verifying that the Dedicated VCPs and Uplink VCPs Are Operational |
811 |
Troubleshooting |
812 |
Example: Configuring Aggregated Ethernet High-Speed Uplinks Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch |
812 |
Requirements |
813 |
Overview and Topology |
813 |
Configuration |
815 |
Verification |
817 |
Verifying That LAG ae0 Has Been Created |
817 |
Verifying That LAG ae1 Has Been Created |
818 |
Troubleshooting |
818 |
Example: Configuring Aggregated Ethernet High-Speed Uplinks with LACP Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch |
818 |
Requirements |
819 |
Overview and Topology |
819 |
Configuring LACP for the LAGs on the Virtual Chassis Access Switch |
820 |
Configuring LACP for the LAGs on the Virtual Chassis Distribution Switch |
820 |
Verification |
821 |
Verifying the LACP Settings |
821 |
Verifying That the LACP Packets Are Being Exchanged |
822 |
Troubleshooting |
822 |
Example: Configuring a Virtual Chassis Using a Preprovisioned Configuration File |
824 |
Requirements |
824 |
Overview and Topology |
825 |
Configuration |
829 |
Verification |
832 |
Verifying the Member IDs and Roles of the Member Switches |
832 |
Verifying That the Dedicated VCPs and Uplink VCPs Are Operational |
833 |
Troubleshooting |
835 |
Example: Configuring Fast Failover on Uplink Module VCPs to Reroute Traffic When a Virtual Chassis Member Switch or Intermember Link Fails |
835 |
Requirements |
836 |
Overview and Topology |
836 |
Configuration |
837 |
Verification |
838 |
Verifying That Fast Failover Is Enabled |
838 |
Example: Assigning the Virtual Chassis ID to Determine Precedence During a Virtual Chassis Merge |
839 |
Requirements |
839 |
Overview and Topology |
839 |
Configuration |
840 |
Verification |
840 |
Verifying That the Virtual Chassis ID Is Assigned |
840 |
Example: Configuring Link Aggregation Groups Using Uplink Virtual Chassis Ports |
841 |
Requirements |
841 |
Overview and Topology |
842 |
Configuration |
843 |
Verification |
846 |
Verifying the Member IDs and Roles of the Member Switches |
846 |
Verifying That the VCPs Are Operational |
847 |
Troubleshooting |
849 |
Example: Configuring Automatic Software Update on Virtual Chassis Member Switches |
849 |
Requirements |
850 |
Overview and Topology |
850 |
Configuration |
850 |
Verification |
851 |
Verifying That the Software Version Is Updated |
851 |
Chapter 45: Configuring Virtual Chassis |
853 |
Configuring a Virtual Chassis (CLI Procedure) |
853 |
Configuring a Virtual Chassis with a Preprovisioned Configuration File |
854 |
Configuring a Virtual Chassis with a Nonprovisioned Configuration File |
855 |
Configuring a Virtual Chassis (J-Web Procedure) |
856 |
Adding a New Switch to an Existing Virtual Chassis Configuration (CLI Procedure) |
858 |
Adding a New Switch to an Existing Virtual Chassis Configuration Within the Same Wiring Closet |
858 |
Adding a New Switch from a Different Wiring Closet to an Existing Virtual Chassis Configuration |
859 |
Adding a New Switch to an Existing Preprovisioned Virtual Chassis Configuration Using Autoprovisioning |
861 |
Configuring Mastership of the Virtual Chassis (CLI Procedure) |
862 |
Configuring Mastership Using a Preprovisioned Configuration File |
863 |
Configuring Mastership Using a Configuration File That Is Not Preprovisioned |
864 |
Setting an Uplink Module Port as a Virtual Chassis Port (CLI Procedure) |
864 |
Setting an Uplink VCP Between Two Member Switches |
866 |
Setting an Uplink VCP on a Standalone Switch |
866 |
Setting an Uplink Module Port or a J-EX4200-24F Network Port as a Virtual Chassis Port Using the LCD Panel |
867 |
Configuring the Virtual Management Ethernet Interface for Global Management of a Virtual Chassis (CLI Procedure) |
869 |
Configuring the Timer for the Backup Member to Start Using Its Own MAC Address, as Master of Virtual Chassis (CLI Procedure) |
869 |
Configuring Fast Failover in a Virtual Chassis Configuration |
870 |
Disabling Fast Failover in a Virtual Chassis Configuration |
871 |
Disabling Split and Merge in a Virtual Chassis Configuration (CLI Procedure) |
871 |
Assigning the Virtual Chassis ID to Determine Precedence During a Virtual Chassis Merge (CLI Procedure) |
872 |
Configuring Automatic Software Update on Virtual Chassis Member Switches (CLI Procedure) |
872 |
Configuring Graceful Routing Engine Switchover in a Virtual Chassis (CLI Procedure) |
873 |
Chapter 46: Verifying Virtual Chassis Configuration |
875 |
Command Forwarding Usage with a Virtual Chassis Configuration |
875 |
Verifying the Member ID, Role, and Neighbor Member Connections of a Virtual Chassis Member |
879 |
Verifying That the Virtual Chassis Ports Are Operational |
880 |
Monitoring Virtual Chassis Configuration Status and Statistics |
881 |
Replacing a Member Switch of a Virtual Chassis Configuration (CLI Procedure) |
883 |
Remove, Repair, and Reinstall the Same Switch |
883 |
Remove a Member Switch, Replace with a Different Switch, and Reapply the Old Configuration |
884 |
Remove a Member Switch and Make Its Member ID Available for Reassignment to a Different Switch |
884 |
Verifying That Graceful Routing Engine Switchover Is Working in the Virtual Chassis Configuration |
885 |
Chapter 47: Troubleshooting Virtual Chassis |
887 |
Troubleshooting a Virtual Chassis Configuration |
887 |
Clear Virtual Chassis NotPrsnt Status and Make Member ID Available for Reassignment |
887 |
Load Factory Default Does Not Commit on a Multimember Virtual Chassis |
887 |
Member ID Persists When a Member Switch Is Disconnected From a Virtual Chassis |
887 |
Chapter 48: Configuration Statements for Virtual Chassis |
889 |
[edit virtual-chassis] Configuration Statement Hierarchy |
889 |
auto-sw-update |
890 |
fast-failover |
891 |
graceful-switchover |
892 |
id |
892 |
mac-persistence-timer |
893 |
mastership-priority |
894 |
member |
895 |
no-management-vlan |
896 |
no-split-detection |
897 |
package-name |
898 |
preprovisioned |
899 |
redundancy (Graceful Switchover) |
900 |
role |
901 |
serial-number |
903 |
traceoptions |
904 |
virtual-chassis |
906 |
Chapter 49: Operational Mode Commands for Virtual Chassis |
907 |
clear virtual-chassis vc-port statistics |
908 |
request session member |
909 |
request virtual-chassis recycle |
910 |
request virtual-chassis renumber |
911 |
request virtual-chassis vc-port |
912 |
request virtual-chassis vc-port |
913 |
show system uptime |
914 |
show virtual-chassis active topology |
916 |
show virtual-chassis fast-failover |
918 |
show virtual-chassis status |
919 |
show virtual-chassis vc-path |
921 |
show virtual-chassis vc-port |
923 |
show virtual-chassis vc-port statistics |
926 |
Part 12: Interfaces on J-EX Series Switches |
933 |
Chapter 50: Interfaces—Overview |
935 |
J-EX Series Switches Interfaces Overview |
935 |
Network Interfaces |
935 |
Special Interfaces |
936 |
Understanding Interface Naming Conventions on J-EX Series Switches |
937 |
Physical Part of an Interface Name |
937 |
Logical Part of an Interface Name |
938 |
Wildcard Characters in Interface Names |
939 |
Understanding Aggregated Ethernet Interfaces and LACP |
939 |
Link Aggregation Group (LAG) |
939 |
Link Aggregation Control Protocol (LACP) |
940 |
Understanding Interface Ranges on J-EX Series Switches |
941 |
Understanding Layer 3 Subinterfaces |
943 |
Understanding Unicast RPF for J-EX Series Switches |
944 |
Unicast RPF for J-EX Series Switches Overview |
944 |
Unicast RPF Implementation for J-EX Series Switches |
945 |
Unicast RPF Packet Filtering |
945 |
Bootstrap Protocol (BOOTP) and DHCP Requests |
945 |
Default Route Handling |
945 |
When to Enable Unicast RPF |
945 |
When Not to Enable Unicast RPF |
946 |
Limitations of the Unicast RPF Implementation on J-EX4200 Switches |
947 |
Understanding IP Directed Broadcast for J-EX Series Switches |
948 |
IP Directed Broadcast for J-EX Series Switches Overview |
948 |
IP Directed Broadcast Implementation for J-EX Series Switches |
948 |
When to Enable IP Directed Broadcast |
949 |
When Not to Enable IP Directed Broadcast |
949 |
High Availability Features for J-EX Series Switches Overview |
949 |
VRRP |
950 |
Graceful Protocol Restart |
950 |
Redundant Routing Engines |
950 |
Graceful Routing Engine Switchover |
951 |
Virtual Chassis Software Upgrade and Failover Features |
951 |
Link Aggregation |
952 |
Chapter 51: Examples: Interfaces Configuration |
953 |
Example: Configuring Aggregated Ethernet High-Speed Uplinks Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch |
953 |
Requirements |
953 |
Overview and Topology |
954 |
Configuration |
956 |
Verification |
958 |
Verifying That LAG ae0 Has Been Created |
958 |
Verifying That LAG ae1 Has Been Created |
958 |
Troubleshooting |
959 |
Example: Configuring Aggregated Ethernet High-Speed Uplinks with LACP Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch |
959 |
Requirements |
960 |
Overview and Topology |
960 |
Configuring LACP for the LAGs on the Virtual Chassis Access Switch |
961 |
Configuring LACP for the LAGs on the Virtual Chassis Distribution Switch |
961 |
Verification |
962 |
Verifying the LACP Settings |
962 |
Verifying That the LACP Packets Are Being Exchanged |
963 |
Troubleshooting |
963 |
Example: Configuring Layer 3 Subinterfaces for a Distribution Switch and an Access Switch |
965 |
Requirements |
965 |
Overview and Topology |
965 |
Configuring the Access Switch Subinterfaces |
966 |
Configuring the Distribution Switch Subinterfaces |
968 |
Verification |
970 |
Verifying That Subinterfaces Were Created |
970 |
Verifying That Traffic Passes Between VLANs |
970 |
Example: Configuring Unicast RPF on a J-EX Series Switch |
972 |
Requirements |
972 |
Overview and Topology |
973 |
Configuration |
973 |
Verification |
974 |
Verifying That Unicast RPF Is Enabled on the Switch |
974 |
Example: Configuring IP Directed Broadcast on a J-EX Series Switch |
976 |
Requirements |
976 |
Overview and Topology |
977 |
Configuration |
977 |
Chapter 52: Configuring Interfaces |
981 |
Configuring Gigabit Ethernet Interfaces (J-Web Procedure) |
981 |
Port Role Configuration with the J-Web Interface (with CLI References) |
987 |
Configuring Gigabit Ethernet Interfaces (CLI Procedure) |
991 |
Configuring VLAN Options and Port Mode |
991 |
Configuring the Link Settings |
991 |
Configuring the IP Options |
992 |
Setting the Mode on an SFP+ Uplink Module (CLI Procedure) |
993 |
Configuring Aggregated Ethernet Interfaces (CLI Procedure) |
994 |
Configuring Aggregated Ethernet Interfaces (J-Web Procedure) |
995 |
Configuring Aggregated Ethernet LACP (CLI Procedure) |
998 |
Configuring Unicast RPF (CLI Procedure) |
999 |
Disabling Unicast RPF (CLI Procedure) |
1000 |
Configuring IP Directed Broadcast (CLI Procedure) |
1001 |
Configuring a Layer 3 Subinterface (CLI Procedure) |
1002 |
Chapter 53: Verifying Interfaces |
1003 |
Monitoring Interface Status and Traffic |
1003 |
Verifying the Status of a LAG Interface |
1004 |
Verifying That LACP Is Configured Correctly and Bundle Members Are Exchanging LACP Protocol Packets |
1005 |
Verifying the LACP Setup |
1005 |
Verifying That the LACP Packets Are Being Exchanged |
1005 |
Verifying That Layer 3 Subinterfaces Are Working |
1006 |
Verifying Unicast RPF Status |
1007 |
Verifying IP Directed Broadcast Status |
1009 |
Chapter 54: Troubleshooting Interfaces |
1011 |
Troubleshooting Network Interfaces on J-EX4200 Switches |
1011 |
The interface on the port in which an SFP or SFP+ transceiver is installed in an SFP+ uplink module is down |
1011 |
Troubleshooting an Aggregated Ethernet Interface |
1012 |
Troubleshooting Interface Configuration and Cable Faults |
1012 |
Interface Configuration or Connectivity Is Not Working |
1012 |
Troubleshooting Unicast RPF |
1013 |
Legitimate Packets Are Discarded |
1013 |
Troubleshooting Uplink Module Installation or Replacement on J-EX4200 Switches |
1014 |
Virtual Chassis port (VCP) connection does not work |
1014 |
Chapter 55: Configuration Statements for Interfaces |
1015 |
[edit chassis] Configuration Statement Hierarchy |
1015 |
[edit interfaces] Configuration Statement Hierarchy |
1015 |
802.3ad |
1020 |
aggregated-devices |
1021 |
aggregated-ether-options |
1022 |
auto-negotiation |
1023 |
chassis |
1024 |
description |
1025 |
device-count |
1026 |
ether-options |
1027 |
ethernet |
1028 |
family (for J-EX Series switches) |
1029 |
filter |
1032 |
flow-control |
1033 |
force-up |
1033 |
interface-range |
1034 |
interfaces (for J-EX Series switches) |
1035 |
lacp |
1040 |
lacp (802.3ad) |
1041 |
link-mode |
1042 |
link-speed |
1043 |
member |
1044 |
members |
1045 |
member-range |
1046 |
minimum-links |
1046 |
mtu |
1047 |
native-vlan-id |
1048 |
periodic |
1049 |
pic |
1050 |
pic-mode |
1050 |
port-mode |
1051 |
rpf-check |
1052 |
sfpplus |
1053 |
speed |
1054 |
targeted-broadcast |
1055 |
unit |
1056 |
vlan |
1057 |
vlan-id |
1058 |
vlan-tagging |
1059 |
Chapter 56: Operational Mode Commands for Interfaces |
1061 |
clear ipv6 neighbors |
1062 |
monitor interface |
1063 |
show ethernet-switching interfaces |
1069 |
show interfaces diagnostics optics |
1072 |
show interfaces ge- |
1077 |
show interfaces queue |
1088 |
show interfaces xe- |
1091 |
show ipv6 neighbors |
1103 |
show lacp interfaces |
1105 |
test interface restart-auto-negotiation |
1109 |
Part 13: Layer 2 Bridging and VLANs |
1111 |
Chapter 57: Bridging and VLANs—Overview |
1113 |
Understanding Bridging and VLANs on J-EX Series Switches |
1113 |
Ethernet LANs, Transparent Bridging, and VLANs |
1113 |
How Bridging Works |
1114 |
Types of Switch Ports |
1116 |
IEEE 802.1Q Encapsulation and Tags |
1116 |
Assignment of Traffic to VLANs |
1116 |
Ethernet Switching Tables |
1117 |
Layer 2 and Layer 3 Forwarding of VLAN Traffic |
1117 |
GVRP and MVRP |
1117 |
Routed VLAN Interface |
1118 |
Understanding Private VLANs on J-EX Series Switches |
1119 |
Understanding Virtual Routing Instances on J-EX Series Switches |
1120 |
Understanding Redundant Trunk Links on J-EX Series Switches |
1121 |
Understanding Q-in-Q Tunneling on J-EX Series Switches |
1123 |
How Q-in-Q Tunneling Works |
1123 |
Disabling MAC Address Learning |
1124 |
Mapping C-VLANs to S-VLANs |
1124 |
All-in-One Bundling |
1125 |
Many-to-One Bundling |
1125 |
Mapping a Specific Interface |
1125 |
Routed VLAN Interfaces on Q-in-Q VLANs |
1125 |
Limitations for Q-in-Q Tunneling |
1126 |
Understanding Multiple VLAN Registration Protocol (MVRP) on J-EX Series Switches |
1126 |
How MVRP Works on J-EX Series Switches |
1126 |
Basics of MVRP on J-EX Series Switches |
1127 |
MVRP Registration Modes |
1127 |
MRP Timers |
1127 |
MRP VLAN Messages |
1128 |
Understanding Layer 2 Protocol Tunneling on J-EX Series Switches |
1128 |
Layer 2 Protocols Supported by L2PT on J-EX Series Switches |
1129 |
How L2PT Works |
1129 |
L2PT Basics on J-EX Series Switches |
1130 |
Understanding Proxy ARP on EX Series Switches |
1131 |
What Is ARP? |
1131 |
Proxy ARP Overview |
1131 |
Best Practices for Proxy ARP on J-EX Series Switches |
1132 |
Understanding MAC Notification on J-EX Series Switches |
1132 |
Chapter 58: Examples: Bridging and VLAN Configuration |
1135 |
Example: Setting Up Basic Bridging and a VLAN for a J-EX Series Switch |
1135 |
Requirements |
1135 |
Overview and Topology |
1136 |
Configuration |
1137 |
Verification |
1141 |
Verifying That the VLAN Has Been Created |
1141 |
Verifying That Interfaces Are Associated with the Proper VLANs |
1141 |
Example: Setting Up Bridging with Multiple VLANs for J-EX Series Switches |
1142 |
Requirements |
1143 |
Overview and Topology |
1143 |
Configuration |
1144 |
Verification |
1148 |
Verifying That the VLANs Have Been Created and Associated to the Correct Interfaces |
1148 |
Verifying That Traffic Is Being Routed Between the Two VLANs |
1149 |
Verifying That Traffic Is Being Switched Between the Two VLANs |
1149 |
Example: Connecting an Access Switch to a Distribution Switch |
1150 |
Requirements |
1150 |
Overview and Topology |
1150 |
Configuring the Access Switch |
1152 |
Configuring the Distribution Switch |
1156 |
Verification |
1158 |
Verifying the VLAN Members and Interfaces on the Access Switch |
1158 |
Verifying the VLAN Members and Interfaces on the Distribution Switch |
1159 |
Example: Configure Automatic VLAN Administration Using GVRP |
1159 |
Requirements |
1160 |
Overview and Topology |
1160 |
Configuring VLANs and GVRP on Access Switch A |
1162 |
Configuring VLANs and GVRP on Access Switch B |
1165 |
Configuring VLANS and GVRP on the Distribution Switch |
1168 |
Verification |
1171 |
Verifying That GVRP Is Enabled on Access Switch A |
1171 |
Verifying That GVRP Is Updating VLAN Membership on Switch A |
1171 |
Verifying That GVRP Is Enabled on Access Switch B |
1172 |
Verifying That GVRP Is Updating VLAN Membership on Switch B |
1172 |
Verifying That GVRP Is Enabled on the Distribution Switch |
1172 |
Verifying That GVRP Is Updating VLAN Membership on the Distribution Switch |
1173 |
Example: Configuring Redundant Trunk Links for Faster Recovery |
1173 |
Requirements |
1174 |
Overview and Topology |
1174 |
Configuration |
1175 |
Verification |
1176 |
Verifying That the Redundant Group Has Been Created |
1176 |
Example: Setting Up Q-in-Q Tunneling on J-EX Series Switches |
1177 |
Requirements |
1177 |
Overview and Topology |
1177 |
Configuration |
1178 |
Verification |
1179 |
Verifying That Q-in-Q Tunneling Was Enabled |
1179 |
Example: Configuring a Private VLAN on a J-EX Series Switch |
1179 |
Requirements |
1180 |
Overview and Topology |
1180 |
Configuration |
1180 |
Verification |
1182 |
Verifying the Private VLAN and Secondary VLANs Were Created |
1183 |
Example: Using Virtual Routing Instances to Route Among VLANs on J-EX Series Switches |
1184 |
Requirements |
1184 |
Overview and Topology |
1184 |
Configuration |
1185 |
Verification |
1186 |
Verifying That the Routing Instances Were Created |
1186 |
Example: Configuring Automatic VLAN Administration Using MVRP on J-EX Series Switches |
1187 |
Requirements |
1187 |
Overview and Topology |
1187 |
Configuring VLANs and MVRP on Access Switch A |
1190 |
Configuring VLANs and MVRP on Access Switch B |
1192 |
Configuring VLANS and MVRP on Distribution Switch C |
1194 |
Verification |
1195 |
Verifying That MVRP Is Enabled on Access Switch A |
1196 |
Verifying That MVRP Is Updating VLAN Membership on Access Switch A |
1196 |
Verifying That MVRP Is Enabled on Access Switch B |
1196 |
Verifying That MVRP Is Updating VLAN Membership on Access Switch B |
1197 |
Verifying That MVRP Is Enabled on Distribution Switch C |
1197 |
Verifying That MVRP Is Updating VLAN Membership on Distribution Switch C |
1198 |
Example: Configuring Layer 2 Protocol Tunneling on J-EX Series Switches |
1198 |
Requirements |
1199 |
Overview and Topology |
1199 |
Configuration |
1201 |
Verification |
1202 |
Verify That L2PT Is Working Correctly |
1202 |
Chapter 59: Configuring Bridging and VLANs |
1205 |
Configuring VLANs for J-EX Series Switches (J-Web Procedure) |
1205 |
Configuring VLANs for J-EX Series Switches (CLI Procedure) |
1208 |
Configuring Routed VLAN Interfaces (CLI Procedure) |
1209 |
Configuring MAC Table Aging (CLI Procedure) |
1210 |
Configuring the Native VLAN Identifier (CLI Procedure) |
1211 |
Creating a Series of Tagged VLANs (CLI Procedure) |
1212 |
Configuring Virtual Routing Instances (CLI Procedure) |
1214 |
Creating a Private VLAN (CLI Procedure) |
1215 |
Configuring Q-in-Q Tunneling (CLI Procedure) |
1216 |
Configuring GVRP (J-Web Procedure) |
1216 |
Configuring Redundant Trunk Groups (J-Web Procedure) |
1218 |
Configuring Multiple VLAN Registration Protocol (MVRP) (CLI Procedure) |
1219 |
Enabling MVRP |
1219 |
Disabling MVRP |
1219 |
Disabling Dynamic VLANs |
1220 |
Configuring Timer Values |
1220 |
Configuring MVRP Registration Mode |
1221 |
Configuring Layer 2 Protocol Tunneling on J-EX Series Switches (CLI Procedure) |
1222 |
Configuring MAC Notification (CLI Procedure) |
1223 |
Enabling MAC Notification |
1224 |
Disabling MAC Notification |
1224 |
Setting the MAC Notification Interval |
1224 |
Configuring Proxy ARP (CLI Procedure) |
1225 |
Chapter 60: Verifying Bridging and VLAN Configuration |
1227 |
Verifying That a Series of Tagged VLANs Has Been Created |
1227 |
Verifying That Virtual Routing Instances Are Working |
1229 |
Verifying That Q-in-Q Tunneling Is Working |
1230 |
Verifying That a Private VLAN Is Working |
1231 |
Monitoring Ethernet Switching |
1232 |
Monitoring GVRP |
1233 |
Verifying That MVRP Is Working Correctly |
1234 |
Verifying That MAC Notification Is Working Properly |
1235 |
Verifying That Proxy ARP Is Working Correctly |
1236 |
Chapter 61: Troubleshooting Bridging and VLAN Configuration |
1237 |
Troubleshooting Ethernet Switching |
1237 |
MAC Address in the Switch’s Ethernet Switching Table Is Not Updated After a MAC Address Move |
1237 |
Chapter 62: Configuration Statements for Bridging and VLANs |
1239 |
[edit ethernet-switching-options] Configuration Statement Hierarchy |
1239 |
[edit interfaces] Configuration Statement Hierarchy |
1241 |
[edit protocols] Configuration Statement Hierarchy |
1245 |
[edit routing-instances] Configuration Hierarchy |
1252 |
[edit vlans] Configuration Statement Hierarchy |
1252 |
arp |
1253 |
bridge-priority |
1254 |
customer-vlans |
1255 |
description |
1256 |
disable |
1256 |
disable (MVRP) |
1257 |
dot1q-tunneling (Ethernet Switching) |
1257 |
dot1q-tunneling (VLANs) |
1258 |
drop-threshold |
1259 |
ether-type |
1260 |
ethernet-switching-options |
1261 |
filter |
1264 |
group-name |
1265 |
gvrp |
1266 |
instance-type |
1267 |
interface |
1267 |
interface (MVRP) |
1268 |
interface |
1269 |
interface |
1269 |
interface |
1270 |
interfaces |
1270 |
join-timer |
1271 |
join-timer (MVRP) |
1272 |
l3-interface |
1273 |
layer2-protocol-tunneling |
1274 |
leave-timer |
1275 |
leave-timer (MVRP) |
1276 |
leaveall-timer |
1277 |
leaveall-timer (MVRP) |
1278 |
mac-limit |
1279 |
mac-notification |
1280 |
mac-table-aging-time |
1281 |
mapping |
1282 |
members |
1283 |
mvrp |
1284 |
native-vlan-id |
1285 |
no-dynamic-vlan |
1286 |
no-local-switching |
1286 |
no-mac-learning |
1287 |
no-mac-learning |
1287 |
notification-interval |
1288 |
port-mode |
1289 |
primary-vlan |
1290 |
redundant-trunk-group |
1290 |
registration |
1291 |
routing-instances |
1291 |
shutdown-threshold |
1292 |
vlan |
1293 |
vlan-id |
1293 |
vlan-range |
1294 |
vlans |
1295 |
Chapter 63: Operational Mode Commands for Bridging and VLANs |
1297 |
clear ethernet-switching layer2-protocol-tunneling error |
1298 |
clear ethernet-switching layer2-protocol-tunneling statistics |
1299 |
clear ethernet-switching table |
1300 |
clear gvrp statistics |
1301 |
clear mvrp statistics |
1302 |
show ethernet-switching interfaces |
1303 |
show ethernet-switching layer2-protocol-tunneling interface |
1306 |
show ethernet-switching layer2-protocol-tunneling statistics |
1308 |
show ethernet-switching layer2-protocol-tunneling vlan |
1311 |
show ethernet-switching mac-learning-log |
1313 |
show ethernet-switching mac-notification |
1315 |
show ethernet-switching statistics aging |
1316 |
show ethernet-switching statistics mac-learning |
1318 |
show ethernet-switching table |
1321 |
show gvrp |
1325 |
show gvrp statistics |
1327 |
show mvrp |
1329 |
show mvrp dynamic-vlan-memberships |
1331 |
show mvrp statistics |
1332 |
show redundant-trunk-group |
1334 |
show vlans |
1335 |
Part 14: Spanning-Tree Protocols |
1345 |
Chapter 64: Spanning-Tree Protocols—Overview |
1347 |
Understanding STP for J-EX Series Switches |
1347 |
Understanding RSTP for J-EX Series Switches |
1348 |
Understanding MSTP for J-EX Series Switches |
1349 |
Understanding BPDU Protection for STP, RSTP, and MSTP on J-EX Series Switches |
1350 |
Understanding Loop Protection for STP, RSTP, VSTP, and MSTP on J-EX Series Switches |
1351 |
Understanding Root Protection for STP, RSTP, VSTP, and MSTP on J-EX Series Switches |
1352 |
Understanding VSTP for J-EX Series Switches |
1353 |
Chapter 65: Examples of Spanning-Tree Protocols Configuration |
1355 |
Example: Configuring Faster Convergence and Improving Network Stability with RSTP on J-EX Series Switches |
1355 |
Requirements |
1356 |
Overview and Topology |
1356 |
Configuring RSTP on Switch 1 |
1358 |
Configuring RSTP on Switch 2 |
1360 |
Configuring RSTP on Switch 3 |
1362 |
Configuring RSTP on Switch 4 |
1365 |
Verification |
1367 |
Verifying RSTP Configuration on Switch 1 |
1367 |
Verifying RSTP Configuration on Switch 2 |
1367 |
Verifying RSTP Configuration on Switch 3 |
1368 |
Verifying RSTP Configuration on Switch 4 |
1368 |
Example: Configuring Network Regions for VLANs with MSTP on J-EX Series Switches |
1369 |
Requirements |
1369 |
Overview and Topology |
1369 |
Configuring MSTP on Switch 1 |
1372 |
Configuring MSTP on Switch 2 |
1375 |
Configuring MSTP on Switch 3 |
1377 |
Configuring MSTP on Switch 4 |
1380 |
Verification |
1383 |
Verifying MSTP Configuration on Switch 1 |
1383 |
Verifying MSTP Configuration on Switch 2 |
1384 |
Verifying MSTP Configuration on Switch 3 |
1386 |
Verifying MSTP Configuration on Switch 4 |
1387 |
Example: Configuring BPDU Protection on STP Interfaces to Prevent STP Miscalculations on J-EX Series Switches |
1389 |
Requirements |
1389 |
Overview and Topology |
1389 |
Configuration |
1390 |
Verification |
1391 |
Displaying the Interface State Before BPDU Protection Is Triggered |
1391 |
Verifying That BPDU Protection is Working Correctly |
1392 |
Example: Configuring BPDU Protection on non-STP Interfaces to Prevent STP Miscalculations on J-EX Series Switches |
1393 |
Requirements |
1393 |
Overview and Topology |
1393 |
Configuration |
1395 |
Verification |
1395 |
Displaying the Interface State Before BPDU Protection Is Triggered |
1395 |
Verifying That BPDU Protection Is Working Correctly |
1396 |
Example: Configuring Loop Protection to Prevent Interfaces from Transitioning from Blocking to Forwarding in a Spanning Tree on J-EX Series Switches |
1397 |
Requirements |
1397 |
Overview and Topology |
1397 |
Configuration |
1399 |
Verification |
1399 |
Displaying the Interface State Before Loop Protection Is Triggered |
1399 |
Verifying That Loop Protection Is Working on an Interface |
1400 |
Example: Configuring Root Protection to Enforce Root Bridge Placement in Spanning Trees on J-EX Series Switches |
1401 |
Requirements |
1401 |
Overview and Topology |
1401 |
Configuration |
1403 |
Verification |
1404 |
Displaying the Interface State Before Root Protection Is Triggered |
1404 |
Verifying That Root Protection Is Working on the Interface |
1404 |
Chapter 66: Configuring Spanning-Tree Protocols |
1407 |
Unblocking an Interface That Receives BPDUs in Error (CLI Procedure) |
1407 |
Configuring STP (CLI Procedure) |
1408 |
Configuring Spanning-Tree Protocols (J-Web Procedure) |
1408 |
Configuring VLAN Spanning Tree Protocol (CLI Procedure) |
1412 |
Chapter 67: Verifying Spanning Tree Protocols |
1415 |
Monitoring Spanning-Tree Protocols |
1415 |
Chapter 68: Configuration Statements for Spanning-Tree Protocols |
1419 |
[edit protocols] Configuration Statement Hierarchy |
1419 |
alarm |
1426 |
block |
1427 |
bpdu-block |
1428 |
bpdu-block-on-edge |
1429 |
bpdu-timeout-action |
1430 |
bridge-priority |
1431 |
configuration-name |
1432 |
cost |
1433 |
disable |
1434 |
disable-timeout |
1435 |
edge |
1436 |
force-version |
1437 |
forward-delay |
1438 |
hello-time |
1439 |
interface |
1440 |
interface |
1441 |
max-age |
1442 |
max-hops |
1443 |
mode |
1444 |
msti |
1445 |
mstp |
1446 |
no-root-port |
1447 |
priority |
1448 |
revision-level |
1449 |
rstp |
1450 |
stp |
1452 |
traceoptions |
1453 |
vlan |
1456 |
vlan (VSTP) |
1458 |
vstp |
1459 |
Chapter 69: Operational Mode Commands for Spanning-Tree Protocols |
1461 |
clear ethernet-switching bpdu-error |
1462 |
clear spanning-tree statistics |
1463 |
clear spanning-tree statistics |
1464 |
show spanning-tree bridge |
1465 |
show spanning-tree bridge |
1470 |
show spanning-tree interface |
1474 |
show spanning-tree interface |
1479 |
show spanning-tree mstp configuration |
1483 |
show spanning-tree mstp configuration |
1485 |
show spanning-tree statistics |
1486 |
show spanning-tree statistics |
1488 |
Part 15: Layer 3 Protocols |
1491 |
Chapter 70: Layer 3 Protocols—Overview |
1493 |
Layer 3 Protocols Supported on J-EX Series Switches |
1493 |
Layer 3 Protocols Not Supported on J-EX Series Switches |
1494 |
Understanding Distributed Periodic Packet Management on J-EX Series Switches |
1496 |
Understanding VRRP on J-EX Series Switches |
1497 |
Overview of VRRP on J-EX Series Switches |
1497 |
Examples of VRRP Topologies |
1498 |
Understanding IPsec Authentication for OSPF Packets on J-EX Series Switches |
1500 |
Authentication Algorithms |
1500 |
Encryption Algorithms |
1501 |
IPsec Protocols |
1501 |
Security Associations |
1501 |
IPsec Modes |
1502 |
Chapter 71: Configuring Layer 3 Protocols |
1503 |
Configuring BGP Sessions (J-Web Procedure) |
1503 |
Configuring an OSPF Network (J-Web Procedure) |
1507 |
Configuring a RIP Network (J-Web Procedure) |
1511 |
Configuring Static Routing (CLI Procedure) |
1516 |
Configuring Static Routing (J-Web Procedure) |
1516 |
Configuring Routing Policies (J-Web Procedure) |
1518 |
Configuring Distributed Periodic Packet Management on a J-EX Series Switch (CLI Procedure) |
1523 |
Disabling or Enabling Distributed Periodic Packet Management Globally |
1523 |
Disabling or Enabling Distributed Periodic Packet Management for Link Aggregation Control Protocol (LACP) Packets |
1524 |
Configuring VRRP for IPv6 (CLI Procedure) |
1524 |
Using IPsec to Secure OSPFv3 Networks (CLI Procedure) |
1525 |
Configuring Security Associations |
1525 |
Securing OPSFv3 Networks |
1526 |
Chapter 72: Verifying Layer 3 Protocols Configuration |
1527 |
Monitoring BGP Routing Information |
1527 |
Monitoring OSPF Routing Information |
1529 |
Monitoring RIP Routing Information |
1532 |
Monitoring Routing Information |
1533 |
Chapter 73: Configuration Statements for Layer 3 Protocols |
1537 |
accept-remote-nexthop |
1537 |
active |
1538 |
advertise-external |
1539 |
advertise-inactive |
1540 |
advertise-peer-as |
1541 |
aggregate |
1542 |
aggregate-label |
1543 |
allow |
1544 |
any-sender |
1545 |
area |
1546 |
area-range |
1547 |
as-override |
1548 |
as-path |
1549 |
asm-override-ssm |
1550 |
authentication-algorithm |
1551 |
authentication-key |
1552 |
authentication-key |
1553 |
authentication-key |
1554 |
authentication-key-chain |
1555 |
authentication-key-chains |
1556 |
authentication-type |
1557 |
authentication-type |
1558 |
autonomous-system |
1559 |
backup-pe-group |
1560 |
backups |
1561 |
bandwidth |
1562 |
bandwidth-based-metrics |
1563 |
bfd-liveness-detection |
1565 |
bfd-liveness-detection |
1568 |
bfd-liveness-detection |
1570 |
bfd-liveness-detection |
1573 |
bfd-liveness-detection |
1575 |
bgp |
1578 |
bgp-orf-cisco-mode |
1579 |
bmp |
1580 |
brief |
1581 |
centralized |
1582 |
check-zero |
1583 |
checksum |
1584 |
cluster |
1585 |
community |
1586 |
confederation |
1587 |
csnp-interval |
1588 |
damping |
1589 |
dead-interval |
1590 |
default-lsa |
1591 |
default-metric |
1592 |
description |
1593 |
disable |
1594 |
disable (IS-IS) |
1595 |
disable (OSPF) |
1596 |
disable |
1597 |
discard |
1598 |
domain-id |
1599 |
domain-vpn-tag |
1599 |
explicit-null |
1600 |
export |
1601 |
export |
1602 |
export |
1603 |
export |
1604 |
export |
1604 |
export |
1605 |
export-rib |
1605 |
external-preference |
1606 |
external-preference |
1607 |
family |
1608 |
fate-sharing |
1611 |
flow |
1612 |
flow-map |
1613 |
forwarding-cache (Flow Maps) |
1613 |
forwarding-cache (Multicast) |
1614 |
forwarding-table |
1614 |
generate |
1615 |
graceful-restart |
1616 |
graceful-restart |
1617 |
graceful-restart |
1618 |
graceful-restart |
1619 |
graceful-restart |
1620 |
graceful-restart |
1621 |
group |
1622 |
group |
1625 |
group |
1627 |
hello-authentication-key |
1628 |
hello-authentication-type |
1629 |
hello-interval |
1630 |
hello-interval |
1631 |
hello-padding |
1632 |
holddown |
1633 |
holddown |
1633 |
hold-time |
1634 |
hold-time |
1635 |
hold-time (IS-IS) |
1636 |
idle-after-switch-over |
1637 |
ignore-attached-bit |
1638 |
ignore-lsp-metrics |
1638 |
import |
1639 |
import |
1640 |
import |
1641 |
import |
1642 |
import |
1643 |
import-policy |
1643 |
import-rib |
1644 |
include-mp-next-hop |
1645 |
indirect-next-hop |
1645 |
inet6-advertise-interval |
1646 |
install |
1647 |
instance-export |
1648 |
instance-import |
1648 |
inter-area-prefix-export |
1649 |
inter-area-prefix-import |
1650 |
interface |
1651 |
interface |
1653 |
interface (Routing Options) |
1655 |
interface (Multicast via Static Routes) |
1656 |
interface-routes |
1657 |
interface-type |
1658 |
ipv4-multicast |
1659 |
ipv4-multicast-metric |
1659 |
ipv6-multicast |
1660 |
ipv6-multicast-metric |
1660 |
ipv6-unicast |
1661 |
ipv6-unicast-metric |
1661 |
isis |
1662 |
keep |
1663 |
labeled-unicast |
1664 |
level (Global IS-IS) |
1665 |
link-protection |
1666 |
local-address |
1667 |
local-address |
1668 |
local-as |
1669 |
local-interface |
1670 |
local-preference |
1671 |
log-updown |
1672 |
loose-authentication-check |
1673 |
lsp-interval |
1673 |
lsp-lifetime |
1674 |
lsp-metric-into-summary |
1674 |
martians |
1675 |
max-areas |
1676 |
maximum-bandwidth |
1676 |
maximum-paths |
1677 |
maximum-prefixes |
1678 |
med-igp-update-interval |
1679 |
mesh-group |
1680 |
message-size |
1681 |
metric |
1682 |
metric |
1683 |
metric (Aggregate, Generated, or Static Route) |
1684 |
metric-in |
1685 |
metric-in |
1686 |
metric-out |
1687 |
metric-out |
1689 |
metric-out |
1690 |
metric-type |
1691 |
mtu-discovery |
1692 |
multicast |
1693 |
multihop |
1694 |
multipath |
1695 |
neighbor |
1696 |
neighbor |
1699 |
neighbor |
1700 |
no-adjacency-holddown |
1701 |
no-aggregator-id |
1702 |
no-authentication-check |
1703 |
no-client-reflect |
1704 |
no-csnp-authentication |
1705 |
no-eligible-backup |
1705 |
no-hello-authentication |
1706 |
no-ipv4-multicast |
1706 |
no-ipv4-routing |
1707 |
no-ipv6-multicast |
1707 |
no-ipv6-routing |
1708 |
no-ipv6-unicast |
1708 |
no-nssa-abr |
1709 |
no-psnp-authentication |
1709 |
no-qos-adjust |
1710 |
no-rfc-1583 |
1711 |
no-unicast-topology |
1712 |
no-validate |
1712 |
node-link-protection |
1713 |
nssa |
1714 |
options |
1715 |
ospf |
1716 |
ospf3 |
1716 |
out-delay |
1717 |
outbound-route-filter |
1718 |
overload |
1719 |
overload |
1720 |
passive |
1721 |
passive |
1722 |
passive |
1723 |
peer-as |
1724 |
pim-to-igmp-proxy |
1725 |
pim-to-mld-proxy |
1726 |
point-to-point |
1726 |
policy |
1727 |
policy (Flow Maps) |
1728 |
policy (SSM Maps) |
1728 |
ppm |
1729 |
ppm |
1730 |
preempt |
1731 |
preference |
1732 |
preference |
1733 |
preference |
1734 |
preference |
1735 |
preference |
1735 |
preference |
1736 |
prefix |
1737 |
prefix-export-limit |
1737 |
prefix-export-limit |
1738 |
prefix-limit |
1739 |
priority |
1740 |
priority |
1741 |
priority |
1742 |
qualified-next-hop |
1743 |
readvertise |
1744 |
realm |
1745 |
receive |
1746 |
receive |
1747 |
redundant-sources |
1748 |
reference-bandwidth |
1748 |
reference-bandwidth |
1749 |
remove-private |
1750 |
resolution |
1751 |
resolution-ribs |
1751 |
resolve |
1752 |
restart-duration |
1753 |
retain |
1754 |
retransmit-interval |
1755 |
reverse-oif-mapping |
1756 |
rib (General) |
1757 |
rib (Route Resolution) |
1758 |
rib-group |
1759 |
rib-group |
1760 |
rib-group |
1761 |
rib-group |
1762 |
rib-group |
1763 |
rib-groups |
1764 |
rip |
1765 |
ripng |
1765 |
route-distinguisher-id |
1766 |
route-record |
1766 |
route-timeout |
1767 |
route-timeout |
1768 |
route-type-community |
1768 |
router-id |
1769 |
routing-options |
1769 |
rpf-check-policy |
1770 |
scope |
1770 |
scope-policy |
1771 |
send |
1772 |
send |
1773 |
shortcuts |
1774 |
source |
1774 |
source-routing |
1775 |
spf-options |
1776 |
spf-options |
1777 |
ssm-groups |
1778 |
ssm-map |
1779 |
static |
1780 |
stub |
1782 |
subscriber-leave-timer |
1783 |
summaries |
1784 |
tag |
1785 |
tcp-mss |
1786 |
threshold |
1787 |
timeout (Flow Maps) |
1788 |
timeout (Multicast) |
1788 |
topologies |
1789 |
traceoptions (BGP) |
1790 |
traceoptions (IS-IS) |
1793 |
traceoptions (OSPF) |
1796 |
traceoptions (RIP) |
1799 |
traceoptions (RIPng) |
1802 |
traceoptions (All Routing Protocols) |
1805 |
traffic-engineering (OSPF) |
1807 |
transit-delay |
1808 |
type |
1809 |
type-7 |
1810 |
update-interval |
1811 |
update-interval |
1811 |
upstream-interface |
1812 |
virtual-inet6-address |
1813 |
virtual-link |
1814 |
virtual-link-local-address |
1815 |
vrrp-inet6-group |
1816 |
wide-metrics-only |
1817 |
Chapter 74: Operational Commands for Layer 3 Protocols |
1819 |
clear (ospf | ospf3) database |
1820 |
clear (ospf | ospf3) io-statistics |
1823 |
clear (ospf | ospf3) neighbor |
1824 |
clear (ospf | ospf3) statistics |
1825 |
clear bgp damping |
1827 |
clear bgp neighbor |
1828 |
clear bgp table |
1830 |
clear ipv6 neighbors |
1831 |
clear isis adjacency |
1832 |
clear isis database |
1834 |
clear isis overload |
1836 |
clear isis statistics |
1838 |
clear ospf overload |
1840 |
clear rip general-statistics |
1841 |
clear rip statistics |
1842 |
clear ripng general-statistics |
1843 |
clear ripng statistics |
1844 |
show (ospf | ospf3) interface |
1845 |
show (ospf | ospf3) io-statistics |
1850 |
show (ospf | ospf3) log |
1851 |
show (ospf | ospf3) neighbor |
1854 |
show (ospf | ospf3) overview |
1859 |
show (ospf | ospf3) route |
1863 |
show (ospf | ospf3) statistics |
1868 |
show as-path |
1870 |
show as-path domain |
1874 |
show as-path summary |
1876 |
show bgp bmp |
1877 |
show bgp group |
1878 |
show bgp neighbor |
1884 |
show bgp summary |
1896 |
show ipv6 neighbors |
1900 |
show isis adjacency |
1902 |
show isis authentication |
1906 |
show isis backup coverage |
1908 |
show isis backup label-switched-path |
1910 |
show isis backup spf results |
1912 |
show isis database |
1915 |
show isis hostname |
1922 |
show isis interface |
1923 |
show isis overview |
1927 |
show isis route |
1930 |
show isis spf |
1933 |
show isis statistics |
1938 |
show ospf3 database |
1940 |
show ospf database |
1950 |
show policy damping |
1958 |
show rip general-statistics |
1960 |
show rip neighbor |
1961 |
show rip statistics |
1963 |
show ripng general-statistics |
1966 |
show ripng neighbor |
1967 |
show ripng statistics |
1969 |
show route |
1971 |
show route active-path |
1975 |
show route all |
1980 |
show route aspath-regex |
1982 |
show route best |
1984 |
show route brief |
1988 |
show route community |
1990 |
show route community-name |
1992 |
show route damping |
1994 |
show route detail |
1999 |
show route exact |
2013 |
show route export |
2016 |
show route extensive |
2018 |
show route flow validation |
2030 |
show route inactive-path |
2032 |
show route inactive-prefix |
2035 |
show route instance |
2037 |
show route label |
2044 |
show route label-switched-path |
2046 |
show route martians |
2048 |
show route next-hop |
2050 |
show route no-community |
2056 |
show route protocol |
2059 |
show route range |
2068 |
show route receive-protocol |
2072 |
show route resolution |
2079 |
show route snooping |
2082 |
show route source-gateway |
2090 |
show route summary |
2096 |
show route table |
2098 |
show route terse |
2105 |
show vrrp |
2108 |
Part 16: IGMP Snooping and Multicast |
2117 |
Chapter 75: Understanding IGMP Snooping and Multicast |
2119 |
IGMP Snooping on J-EX Series Switches Overview |
2119 |
How IGMP Snooping Works |
2119 |
How IGMP Snooping Works with Routed VLAN Interfaces |
2120 |
How Hosts Join and Leave Multicast Groups |
2123 |
IGMP Snooping Support for IGMPv3 |
2123 |
Understanding Multicast VLAN Registration on J-EX Series Switches |
2124 |
How MVR Works |
2124 |
MVR Modes |
2125 |
MVR Transparent Mode |
2125 |
MVR Proxy Mode |
2125 |
Chapter 76: Examples: IGMP Snooping and Multicast Configuration |
2127 |
Example: Configuring IGMP Snooping on J-EX Series Switches |
2127 |
Requirements |
2127 |
Overview and Topology |
2128 |
Configuration |
2128 |
Example: Configuring Multicast VLAN Registration on J-EX Series Switches |
2130 |
Requirements |
2130 |
Overview and Topology |
2130 |
Configuration |
2133 |
Chapter 77: Configuring IGMP Snooping and Multicast |
2135 |
Configuring IGMP Snooping (CLI Procedure) |
2135 |
Configuring IGMP Snooping (J-Web Procedure) |
2136 |
Changing the IGMP Snooping Group Query Membership Timeout Value (CLI Procedure) |
2139 |
Configuring Multicast VLAN Registration (CLI Procedure) |
2140 |
Chapter 78: Verifying IGMP Snooping and Multicast |
2141 |
Monitoring IGMP Snooping |
2141 |
Verifying That the IGMP Snooping Group Query Timeout Value Has Been Changed Correctly |
2142 |
Chapter 79: Configuration Statements for IGMP Snooping and Multicast |
2145 |
[edit protocols] Configuration Statement Hierarchy |
2145 |
accounting (Per Interface) |
2152 |
accounting (Protocol) |
2152 |
address (Anycast RPs) |
2153 |
address (Local RPs) |
2153 |
anycast-pim |
2154 |
assert-timeout |
2155 |
auto-rp |
2156 |
bootstrap |
2157 |
bootstrap-export |
2157 |
bootstrap-import |
2158 |
bootstrap-priority |
2158 |
data-forwarding |
2159 |
dense-groups |
2160 |
disable |
2160 |
disable (PIM) |
2161 |
disable |
2161 |
dr-election-on-p2p |
2162 |
dr-register-policy |
2162 |
embedded-rp |
2163 |
export (Bootstrap) |
2163 |
family (Bootstrap) |
2164 |
family (Local RP) |
2165 |
graceful-restart |
2166 |
group |
2166 |
group |
2167 |
group-limit |
2168 |
group-ranges |
2169 |
groups |
2170 |
hello-interval |
2170 |
hold-time |
2171 |
igmp-snooping |
2172 |
immediate-leave |
2173 |
immediate-leave |
2174 |
import (Bootstrap) |
2175 |
import (PIM) |
2175 |
infinity |
2176 |
install |
2176 |
interface |
2177 |
interface |
2178 |
interface |
2179 |
join-load-balance |
2180 |
local |
2181 |
local-address |
2182 |
mapping-agent-election |
2183 |
maximum-rps |
2183 |
mode |
2184 |
multicast-router-interface |
2184 |
neighbor-policy |
2185 |
pim |
2186 |
priority (Bootstrap) |
2188 |
priority (PIM Interfaces) |
2189 |
priority (PIM RPs) |
2190 |
promiscuous-mode |
2190 |
proxy |
2191 |
query-interval |
2191 |
query-last-member-interval |
2192 |
query-response-interval |
2192 |
receiver |
2193 |
restart-duration |
2193 |
rib-group |
2194 |
robust-count |
2194 |
robust-count |
2195 |
rp |
2196 |
rp-register-policy |
2197 |
rp-set |
2198 |
source |
2198 |
source |
2199 |
source-vlans |
2199 |
spt-threshold |
2200 |
ssm-map |
2200 |
static |
2201 |
static (IGMP Snooping) |
2202 |
static |
2202 |
traceoptions |
2203 |
traceoptions |
2206 |
traceoptions |
2208 |
version |
2210 |
version (PIM) |
2211 |
vlan |
2212 |
Chapter 80: Operational Mode Commands for IGMP Snooping and Multicast |
2215 |
clear igmp membership |
2216 |
clear igmp statistics |
2220 |
clear igmp-snooping membership |
2222 |
clear igmp-snooping statistics |
2223 |
clear multicast bandwidth-admission |
2224 |
clear multicast scope |
2226 |
clear multicast sessions |
2227 |
clear multicast statistics |
2228 |
clear pim join |
2229 |
clear pim register |
2230 |
clear pim statistics |
2231 |
mtrace |
2233 |
mtrace from-source |
2235 |
mtrace monitor |
2238 |
mtrace to-gateway |
2240 |
show igmp group |
2243 |
show igmp interface |
2247 |
show igmp statistics |
2250 |
show igmp-snooping membership |
2253 |
show igmp-snooping route |
2255 |
show igmp-snooping statistics |
2257 |
show igmp-snooping vlans |
2259 |
show multicast flow-map |
2261 |
show multicast interface |
2263 |
show multicast mrinfo |
2265 |
show multicast next-hops |
2267 |
show multicast pim-to-igmp-proxy |
2269 |
show multicast pim-to-mld-proxy |
2270 |
show multicast route |
2271 |
show multicast rpf |
2275 |
show multicast scope |
2279 |
show multicast sessions |
2281 |
show multicast usage |
2283 |
show pim bootstrap |
2286 |
show pim interfaces |
2288 |
show pim join |
2291 |
show pim neighbors |
2296 |
show pim rps |
2300 |
show pim source |
2305 |
show pim statistics |
2307 |
Part 17: Access Control |
2315 |
Chapter 81: 802.1X and MAC RADIUS Authentication Overview |
2317 |
Security Features for J-EX Series Switches Overview |
2317 |
Understanding Authentication on J-EX Series Switches |
2320 |
A Basic Authentication Topology |
2320 |
802.1X Authentication |
2322 |
MAC RADIUS Authentication |
2322 |
Captive Portal Authentication |
2323 |
Static MAC Bypass of Authentication |
2324 |
Fallback of Authentication Methods |
2324 |
802.1X for J-EX Series Switches Overview |
2325 |
How 802.1X Authentication Works |
2325 |
802.1X Features Overview |
2326 |
Supported Features Related to 802.1X Authentication |
2326 |
Authentication Process Flow for EX Series Switches |
2327 |
Understanding Server Fail Fallback and Authentication on J-EX Series Switches |
2330 |
Understanding Dynamic VLANs for 802.1X on J-EX Series Switches |
2331 |
Understanding Guest VLANs for 802.1X on J-EX Series Switches |
2331 |
Understanding 802.1X and RADIUS Accounting on J-EX Series Switches |
2332 |
Understanding 802.1X and LLDP and LLDP-MED on J-EX Series Switches |
2333 |
Understanding 802.1X and VoIP on J-EX Series Switches |
2335 |
Understanding 802.1X and VSAs on J-EX Series Switches |
2338 |
Chapter 82: Examples: Access Control Configuration |
2339 |
Example: Connecting a RADIUS Server for 802.1X to a J-EX Series Switch |
2339 |
Requirements |
2340 |
Overview and Topology |
2340 |
Configuration |
2342 |
Verification |
2343 |
Verify That the Switch and RADIUS Server are Properly Connected |
2343 |
Example: Configuring 802.1X Authentication Options When the RADIUS Server is Unavailable to a J-EX Series Switch |
2343 |
Requirements |
2344 |
Overview and Topology |
2344 |
Configuration |
2346 |
Verification |
2347 |
Verifying That the Supplicants Are Moved to an Alternative VLAN During a RADIUS Timeout |
2347 |
Example: Setting Up 802.1X in Conference Rooms to Provide Internet Access to Corporate Visitors on a J-EX Series Switch |
2348 |
Requirements |
2348 |
Overview and Topology |
2349 |
Configuration of a Guest VLAN That Includes 802.1X Authentication |
2351 |
Verification |
2352 |
Verifying That the Guest VLAN is Configured |
2352 |
Example: Configuring Static MAC Bypass of Authentication on a J-EX Series Switch |
2353 |
Requirements |
2353 |
Overview and Topology |
2354 |
Configuration |
2356 |
Verification |
2357 |
Verifying Static MAC Bypass of Authentication |
2357 |
Example: Configuring MAC RADIUS Authentication on a J-EX Series Switch |
2358 |
Requirements |
2358 |
Overview and Topology |
2358 |
Configuration |
2360 |
Verification |
2361 |
Verifying That the Supplicants Are Authenticated |
2361 |
Example: Setting Up 802.1X for Single Supplicant or Multiple Supplicant Configurations on a J-EX Series Switch |
2362 |
Requirements |
2363 |
Overview and Topology |
2363 |
Configuration of 802.1X to Support Multiple Supplicant Modes |
2365 |
Verification |
2366 |
Verifying the 802.1X Configuration |
2366 |
Example: Applying a Firewall Filter to 802.1X-Authenticated Supplicants Using RADIUS Server Attributes on a J-EX Series Switch |
2368 |
Requirements |
2368 |
Overview and Topology |
2369 |
Configuring the Port Firewall Filter and Counters |
2371 |
Applying the Port Firewall Filter to the Supplicant User Profiles on the RADIUS Server |
2372 |
Verification |
2373 |
Verifying That the Filter Has Been Applied to the Supplicants |
2373 |
Example: Setting Up VoIP with 802.1X and LLDP-MED on a J-EX Series Switch |
2374 |
Requirements |
2374 |
Overview and Topology |
2375 |
Configuration |
2377 |
Verification |
2379 |
Verifying LLDP-MED Configuration |
2379 |
Verifying 802.1X Authentication for IP Phone and Desktop PC |
2380 |
Verifying the VLAN Association with the Interface |
2381 |
Example: Configuring VoIP on a J-EX Series Switch Without Including 802.1X Authentication |
2381 |
Requirements |
2382 |
Overview |
2382 |
Configuration |
2382 |
Verification |
2385 |
Verifying LLDP-MED Configuration |
2385 |
Verifying Authentication for the Desktop PC |
2386 |
Verifying the VLAN Association with the Interface |
2386 |
Example: Configuring VoIP on a J-EX Series Switch Without Including LLDP-MED Support |
2387 |
Requirements |
2387 |
Overview |
2388 |
Configuration |
2388 |
Verification |
2389 |
Verifying the VLAN Association With the Interface |
2390 |
Example: Applying Firewall Filters to Multiple Supplicants on Interfaces Enabled for 802.1X or MAC RADIUS Authentication |
2390 |
Requirements |
2391 |
Overview and Topology |
2391 |
Configuration |
2393 |
Configuring Firewall Filters on Interfaces with Multiple Supplicants |
2393 |
Verification |
2394 |
Verifying Firewall Filters on Interfaces with Multiple Supplicants |
2394 |
Example: Setting Up Captive Portal Authentication on a J-EX Series Switch |
2395 |
Requirements |
2396 |
Overview and Topology |
2396 |
Configuration |
2396 |
Verification |
2398 |
Verifying That Captive Portal Is Enabled on the Interface |
2398 |
Verify That Captive Portal Is Working Correctly |
2398 |
Troubleshooting |
2399 |
Chapter 83: Configuring Access Control |
2401 |
Specifying RADIUS Server Connections on a J-EX Series Switch (CLI Procedure) |
2402 |
Configuring 802.1X Interface Settings (CLI Procedure) |
2403 |
Configuring 802.1X Authentication (J-Web Procedure) |
2404 |
Configuring Static MAC Bypass of Authentication (CLI Procedure) |
2406 |
Configuring MAC RADIUS Authentication (CLI Procedure) |
2407 |
Configuring Server Fail Fallback (CLI Procedure) |
2409 |
Configuring 802.1X RADIUS Accounting (CLI Procedure) |
2411 |
Filtering 802.1X Supplicants Using RADIUS Server Attributes |
2412 |
Configuring Match Statements on the RADIUS Server |
2413 |
Applying a Port Firewall Filter from the RADIUS Server |
2415 |
Configuring LLDP (CLI Procedure) |
2416 |
Enabling LLDP on Interfaces |
2416 |
Configuring for Fast Start |
2416 |
Adjusting LLDP Advertisement Settings |
2416 |
Adjusting SNMP Notification Settings of LLDP Changes |
2417 |
Specifying a Management Address for the LLDP Management TLV |
2417 |
Configuring LLDP (J-Web Procedure) |
2417 |
Configuring LLDP-MED (CLI Procedure) |
2418 |
Enabling LLDP-MED on Interfaces |
2419 |
Configuring Location Information Advertised by the Switch |
2419 |
Configuring for Fast Start |
2419 |
VSA Match Conditions and Actions for J-EX Series Switches |
2420 |
Configuring Captive Portal Authentication (CLI Procedure) |
2422 |
Configuring Secure Access for Captive Portal |
2422 |
Enabling an Interface for Captive Portal |
2423 |
Configuring Bypass of Captive Portal Authentication |
2423 |
Designing a Captive Portal Authentication Login Page on a J-EX Series Switch |
2423 |
Chapter 84: Verifying 802.1X and MAC RADIUS Authentication |
2427 |
Monitoring 802.1X Authentication |
2427 |
Verifying 802.1X Authentication |
2428 |
Chapter 85: Configuration Statements for Access Control |
2431 |
[edit access] Configuration Statement Hierarchy |
2431 |
[edit ethernet-switching-options] Configuration Statement Hierarchy |
2431 |
[edit protocols] Configuration Statement Hierarchy |
2434 |
access |
2441 |
accounting |
2442 |
accounting (Access Profile) |
2443 |
accounting |
2444 |
accounting-port |
2445 |
accounting-server |
2445 |
accounting-session-id-format |
2446 |
accounting-stop-on-access-deny |
2446 |
accounting-stop-on-access-deny |
2447 |
accounting-stop-on-failure |
2447 |
accounting-stop-on-failure |
2448 |
address |
2448 |
address-pool |
2449 |
address-range |
2449 |
advertisement-interval |
2450 |
attributes |
2451 |
authentication-order |
2452 |
authentication-order |
2453 |
authentication-profile-name |
2454 |
authentication-server |
2455 |
authentication-whitelist |
2455 |
authenticator |
2456 |
captive-portal |
2457 |
ca-type |
2458 |
ca-value |
2459 |
civic-based |
2460 |
country-code |
2461 |
custom-options |
2462 |
destination |
2464 |
disable |
2465 |
disable |
2466 |
disable |
2466 |
dot1x |
2467 |
elin |
2468 |
ethernet-port-type-virtual |
2469 |
ethernet-switching-options |
2470 |
events |
2472 |
exclude |
2473 |
fast-start |
2475 |
forwarding-class |
2476 |
guest-vlan |
2477 |
hold-multiplier |
2478 |
ignore |
2479 |
immediate-update |
2479 |
interface |
2480 |
interface-description-format |
2481 |
interface (Captive Portal) |
2482 |
interface |
2483 |
interface |
2484 |
interface |
2485 |
interface |
2486 |
lldp |
2487 |
lldp-configuration-notification-interval |
2488 |
lldp-med |
2489 |
location |
2490 |
mac-radius |
2491 |
management-address |
2492 |
maximum-requests |
2492 |
nas-identifier |
2493 |
nas-port-extended-format |
2494 |
no-reauthentication |
2495 |
options |
2496 |
order |
2497 |
order |
2497 |
port |
2498 |
port (RADIUS Server) |
2498 |
port (TACACS+ Server) |
2499 |
profile |
2500 |
ptopo-configuration-maximum-hold-time |
2501 |
ptopo-configuration-trap-interval |
2501 |
quiet-period |
2502 |
quiet-period (Captive Portal) |
2502 |
radius |
2503 |
radius (Access Profile) |
2504 |
radius |
2505 |
radius-server |
2506 |
reauthentication |
2507 |
retries |
2508 |
retries (Captive Portal) |
2508 |
retry |
2509 |
retry |
2510 |
revert-interval |
2510 |
routing-instance |
2511 |
secret |
2511 |
secret |
2512 |
secure-authentication |
2512 |
server (RADIUS Accounting) |
2513 |
server (TACACS+ Accounting) |
2513 |
server-fail |
2514 |
server-reject-vlan |
2515 |
server-timeout |
2516 |
server-timeout (Captive Portal) |
2517 |
session-expiry |
2517 |
single-connection |
2518 |
source-address |
2518 |
source-address (NTP, RADIUS, System Logging, or TACACS+) |
2519 |
static |
2520 |
statistics |
2521 |
supplicant |
2522 |
supplicant-timeout |
2523 |
tacplus |
2524 |
timeout |
2525 |
timeout (RADIUS) |
2526 |
traceoptions |
2527 |
traceoptions |
2529 |
transmit-delay |
2530 |
transmit-period |
2531 |
update-interval |
2531 |
vlan-assignment |
2532 |
vlan-nas-port-stacked-format |
2532 |
vlan |
2533 |
voip |
2534 |
what |
2535 |
Chapter 86: Operational Commands for 802.1X |
2537 |
clear captive-portal |
2538 |
clear dot1x |
2540 |
clear lldp neighbors |
2541 |
clear lldp statistics |
2542 |
show captive-portal authentication-failed-users |
2543 |
show captive-portal firewall |
2544 |
show captive-portal interface |
2546 |
show dot1x |
2549 |
show dot1x authentication-failed-users |
2554 |
show dot1x firewall |
2555 |
show dot1x static-mac-address |
2556 |
show ethernet-switching interfaces |
2558 |
show lldp |
2561 |
show lldp local-information |
2565 |
show lldp neighbors |
2567 |
show lldp remote-global-statistics |
2573 |
show lldp statistics |
2575 |
show network-access aaa statistics accounting |
2577 |
show network-access aaa statistics authentication |
2578 |
show network-access aaa statistics dynamic-requests |
2579 |
Part 18: Rate Limiting |
2581 |
Chapter 87: Rate Limiting Overview |
2583 |
Understanding Storm Control on J-EX Series Switches |
2583 |
Understanding Unknown Unicast Forwarding on J-EX Series Switches |
2584 |
Chapter 88: Example: Rate Limiting Configuration |
2585 |
Example: Configuring Storm Control to Prevent Network Outages on J-EX Series Switches |
2585 |
Requirements |
2585 |
Overview and Topology |
2585 |
Configuration |
2586 |
Chapter 89: Configuring Rate Limiting |
2587 |
Configuring Unknown Unicast Forwarding (CLI Procedure) |
2587 |
Configuring Autorecovery From the Disabled State on Secure or Storm Control Interfaces (CLI Procedure) |
2588 |
Chapter 90: Verifying Rate Limiting Configuration |
2589 |
Verifying That Unknown Unicast Packets Are Forwarded to a Trunk Interface |
2589 |
Verifying That the Port Error Disable Setting Is Working Correctly |
2590 |
Chapter 91: Configuration Statements for Rate Limiting |
2591 |
[edit ethernet-switching-options] Configuration Statement Hierarchy |
2591 |
action-shutdown |
2594 |
bandwidth |
2595 |
disable-timeout |
2596 |
ethernet-switching-options |
2597 |
interface |
2600 |
interface |
2601 |
no-broadcast |
2601 |
no-unknown-unicast |
2602 |
port-error-disable |
2603 |
storm-control |
2604 |
unknown-unicast-forwarding |
2605 |
vlan |
2606 |
Chapter 92: Operational Mode Commands for Rate Limiting |
2607 |
show ethernet-switching interfaces |
2608 |
show ethernet-switching table |
2611 |
Part 19: Port Security |
2615 |
Chapter 93: Port Security Overview |
2617 |
Port Security for J-EX Series Switches Overview |
2617 |
Understanding How to Protect Access Ports on J-EX Series Switches from Common Attacks |
2618 |
Mitigation of Ethernet Switching Table Overflow Attacks |
2619 |
Mitigation of Rogue DHCP Server Attacks |
2619 |
Protection Against ARP Spoofing Attacks |
2620 |
Protection Against DHCP Snooping Database Alteration Attacks |
2620 |
Protection Against DHCP Starvation Attacks |
2620 |
Understanding DHCP Snooping for Port Security on J-EX Series Switches |
2621 |
DHCP Snooping Basics |
2621 |
DHCP Snooping Process |
2622 |
DHCP Server Access |
2623 |
Switch, DHCP Clients, and DHCP Server Are All on the Same VLAN |
2623 |
Switch Acts as DHCP Server |
2625 |
Switch Acts as Relay Agent |
2625 |
DHCP Snooping Table |
2626 |
Static IP Address Additions to the DHCP Snooping Database |
2626 |
Snooping DHCP Packets That Have Invalid IP Addresses |
2626 |
Understanding DAI for Port Security on J-EX Series Switches |
2627 |
Address Resolution Protocol |
2628 |
ARP Spoofing |
2628 |
DAI on J-EX Series Switches |
2628 |
Understanding MAC Limiting and MAC Move Limiting for Port Security on J-EX Series Switches |
2629 |
MAC Limiting |
2629 |
MAC Move Limiting |
2630 |
Actions for MAC Limiting and MAC Move Limiting |
2630 |
MAC Addresses That Exceed the MAC Limit or MAC Move Limit |
2631 |
Understanding Trusted DHCP Servers for Port Security on J-EX Series Switches |
2631 |
Understanding DHCP Option 82 for Port Security on J-EX Series Switches |
2632 |
DHCP Option 82 Processing |
2632 |
Suboption Components of Option 82 |
2633 |
Configurations of the J-EX Series Switch That Support Option 82 |
2633 |
Switch and Clients Are on Same VLAN as DHCP Server |
2633 |
Switch Acts as Relay Agent |
2634 |
Understanding IP Source Guard for Port Security on J-EX Series Switches |
2635 |
IP Address Spoofing |
2636 |
How IP Source Guard Works |
2636 |
The IP Source Guard Database |
2636 |
Typical Uses of Other Junos OS Features with IP Source Guard |
2637 |
Understanding Proxy ARP on J-EX Series Switches |
2638 |
What Is ARP? |
2638 |
Proxy ARP Overview |
2638 |
Best Practices for Proxy ARP on J-EX Series Switches |
2639 |
Chapter 94: Examples: Port Security Configuration |
2641 |
Example: Configuring Port Security, with DHCP Snooping, DAI, MAC Limiting, and MAC Move Limiting, on a J-EX Series Switch |
2641 |
Requirements |
2642 |
Overview and Topology |
2642 |
Configuration |
2644 |
Verification |
2645 |
Verifying That DHCP Snooping Is Working Correctly on the Switch |
2645 |
Verifying That DAI Is Working Correctly on the Switch |
2646 |
Verifying That MAC Limiting and MAC Move Limiting Are Working Correctly on the Switch |
2646 |
Verifying That Allowed MAC Addresses Are Working Correctly on the Switch |
2647 |
Example: Configuring MAC Limiting, Including Dynamic and Allowed MAC Addresses, to Protect the Switch from Ethernet Switching Table Overflow Attacks |
2648 |
Requirements |
2648 |
Overview and Topology |
2649 |
Configuration |
2650 |
Verification |
2651 |
Verifying That MAC Limiting Is Working Correctly on the Switch |
2651 |
Example: Configuring a DHCP Server Interface as Untrusted to Protect the Switch from Rogue DHCP Server Attacks |
2651 |
Requirements |
2652 |
Overview and Topology |
2652 |
Configuration |
2654 |
Verification |
2654 |
Verifying That the DHCP Server Interface Is Untrusted |
2654 |
Example: Configuring MAC Limiting to Protect the Switch from DHCP Starvation Attacks |
2655 |
Requirements |
2655 |
Overview and Topology |
2655 |
Configuration |
2656 |
Verification |
2657 |
Verifying That MAC Limiting Is Working Correctly on the Switch |
2657 |
Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks |
2658 |
Requirements |
2658 |
Overview and Topology |
2659 |
Configuration |
2660 |
Verification |
2661 |
Verifying That DHCP Snooping Is Working Correctly on the Switch |
2661 |
Verifying That DAI Is Working Correctly on the Switch |
2661 |
Example: Configuring Allowed MAC Addresses to Protect the Switch from DHCP Snooping Database Alteration Attacks |
2662 |
Requirements |
2662 |
Overview and Topology |
2663 |
Configuration |
2664 |
Verification |
2664 |
Verifying That Allowed MAC Addresses Are Working Correctly on the Switch |
2664 |
Example: Configuring DHCP Snooping, DAI , and MAC Limiting on a J-EX Series Switch with Access to a DHCP Server Through a Second Switch |
2665 |
Requirements |
2666 |
Overview and Topology |
2666 |
Configuring a VLAN, Interfaces, and Port Security Features on Switch 1 |
2668 |
Configuring a VLAN and Interfaces on Switch 2 |
2670 |
Verification |
2671 |
Verifying That DHCP Snooping Is Working Correctly on Switch 1 |
2671 |
Verifying That DAI Is Working Correctly on Switch 1 |
2671 |
Verifying That MAC Limiting Is Working Correctly on Switch 1 |
2672 |
Example: Configuring IP Source Guard with Other J-EX Series Switch Features to Mitigate Address-Spoofing Attacks on Untrusted Access Interfaces |
2672 |
Requirements |
2673 |
Overview and Topology |
2673 |
Configuring IP Source Guard with 802.1X Authentication, DHCP Snooping, and Dynamic ARP Inspection |
2674 |
Configuring IP Source Guard on a Guest VLAN |
2676 |
Verification |
2679 |
Verifying That 802.1X User Authentication Is Working on the Interface |
2679 |
Verifying the VLAN Association with the Interface |
2679 |
Verifying That DHCP Snooping and IP Source Guard Are Working on the VLAN |
2679 |
Example: Configuring IP Source Guard on a Data VLAN That Shares an Interface with a Voice VLAN |
2680 |
Requirements |
2681 |
Overview and Topology |
2681 |
Configuration |
2682 |
Verification |
2684 |
Verifying That 802.1X User Authentication Is Working on the Interface |
2684 |
Verifying the VLAN Association with the Interface |
2685 |
Verifying That DHCP Snooping and IP Source Guard Are Working on the Data VLAN |
2685 |
Example: Setting Up DHCP Option 82 with a J-EX Series Switch as Relay Agent Between Clients and a DHCP Server |
2687 |
Requirements |
2687 |
Overview and Topology |
2687 |
Configuration |
2688 |
Example: Setting Up DHCP Option 82 on a J-EX Series Switch with No Relay Agent Between Clients and DHCP Server |
2689 |
Requirements |
2690 |
Overview and Topology |
2690 |
Configuration |
2691 |
Example: Configuring Proxy ARP on a J-EX Series Switch |
2693 |
Requirements |
2693 |
Overview and Topology |
2693 |
Configuration |
2693 |
Verification |
2694 |
Verifying That the Switch Is Sending Proxy ARP Messages |
2694 |
Chapter 95: Configuring Port Security |
2697 |
Configuring Port Security (CLI Procedure) |
2698 |
Configuring Port Security (J-Web Procedure) |
2699 |
Enabling DHCP Snooping (CLI Procedure) |
2702 |
Enabling DHCP Snooping (J-Web Procedure) |
2703 |
Enabling a Trusted DHCP Server (CLI Procedure) |
2704 |
Enabling a Trusted DHCP Server (J-Web Procedure) |
2704 |
Enabling Dynamic ARP Inspection (CLI Procedure) |
2705 |
Enabling Dynamic ARP Inspection (J-Web Procedure) |
2706 |
Configuring MAC Limiting (CLI Procedure) |
2707 |
Configuring MAC Limiting (J-Web Procedure) |
2709 |
Configuring MAC Move Limiting (CLI Procedure) |
2711 |
Configuring MAC Move Limiting (J-Web Procedure) |
2713 |
Setting the none Action on an Interface to Override a MAC Limit Applied to All Interfaces (CLI Procedure) |
2714 |
Configuring IP Source Guard (CLI Procedure) |
2715 |
Configuring Static IP Addresses for DHCP Bindings on Access Ports (CLI Procedure) |
2717 |
Setting Up DHCP Option 82 with the Switch as a Relay Agent Between Clients and DHCP Server (CLI Procedure) |
2718 |
Setting Up DHCP Option 82 on the Switch with No Relay Agent Between Clients and DHCP Server (CLI Procedure) |
2721 |
Configuring Proxy ARP (CLI Procedure) |
2723 |
Configuring Autorecovery From the Disabled State on Secure or Storm Control Interfaces (CLI Procedure) |
2724 |
Chapter 96: Verifying Port Security |
2725 |
Monitoring Port Security |
2725 |
Verifying That DHCP Snooping Is Working Correctly |
2726 |
Verifying That a Trusted DHCP Server Is Working Correctly |
2727 |
Verifying That DAI Is Working Correctly |
2728 |
Verifying That MAC Limiting Is Working Correctly |
2729 |
Verifying That MAC Limiting for Dynamic MAC Addresses Is Working Correctly |
2729 |
Verifying That Allowed MAC Addresses Are Working Correctly |
2730 |
Verifying Results of Various Action Settings When the MAC Limit Is Exceeded |
2730 |
Customizing the Ethernet Switching Table Display to View Information for a Specific Interface |
2732 |
Verifying That MAC Move Limiting Is Working Correctly |
2733 |
Verifying That IP Source Guard Is Working Correctly |
2734 |
Verifying That Proxy ARP Is Working Correctly |
2734 |
Verifying That the Port Error Disable Setting Is Working Correctly |
2735 |
Chapter 97: Troubleshooting Port Security |
2737 |
Troubleshooting Port Security |
2737 |
MAC Addresses That Exceed the MAC Limit or MAC Move Limit Are Not Listed in the Ethernet Switching Table |
2737 |
Multiple DHCP Server Packets Have Been Received on Untrusted Interfaces |
2737 |
Chapter 98: Configuration Statements for Port Security |
2739 |
[edit ethernet-switching-options] Configuration Statement Hierarchy |
2739 |
[edit forwarding-options] Configuration Statement Hierarchy |
2741 |
allowed-mac |
2743 |
arp-inspection |
2744 |
circuit-id |
2745 |
dhcp-option82 |
2746 |
dhcp-snooping-file |
2747 |
dhcp-trusted |
2748 |
disable-timeout |
2749 |
ethernet-switching-options |
2750 |
examine-dhcp |
2753 |
interface |
2754 |
ip-source-guard |
2755 |
mac |
2755 |
mac-limit |
2756 |
mac-move-limit |
2757 |
no-allowed-mac-log |
2758 |
no-gratuitous-arp-request |
2759 |
port-error-disable |
2760 |
prefix |
2761 |
prefix |
2762 |
proxy-arp |
2763 |
remote-id |
2764 |
secure-access-port |
2765 |
static-ip |
2766 |
timeout |
2767 |
traceoptions |
2768 |
use-interface-description |
2770 |
use-string |
2771 |
use-vlan-id |
2772 |
vendor-id |
2773 |
vlan |
2774 |
vlan |
2775 |
write-interval |
2776 |
Chapter 99: Operational Mode Commands for Port Security |
2777 |
clear arp inspection statistics |
2778 |
clear dhcp snooping binding |
2779 |
clear dhcp snooping statistics |
2780 |
show arp inspection statistics |
2781 |
show dhcp snooping binding |
2782 |
show dhcp snooping statistics |
2783 |
show ethernet-switching table |
2784 |
show ip-source-guard |
2788 |
show system statistics arp |
2790 |
Part 20: Routing Policy and Packet Filtering (Firewall Filters) |
2791 |
Chapter 100: Firewall Filters—Overview |
2793 |
Firewall Filters for J-EX Series Switches Overview |
2793 |
Firewall Filter Types |
2793 |
Firewall Filter Components |
2794 |
Firewall Filter Processing |
2795 |
Understanding Planning of Firewall Filters |
2796 |
Understanding Firewall Filter Processing Points for Bridged and Routed Packets on J-EX Series Switches |
2798 |
Understanding How Firewall Filters Control Packet Flows |
2799 |
Firewall Filter Match Conditions and Actions for J-EX Series Switches |
2800 |
Understanding How Firewall Filters Are Evaluated |
2818 |
Understanding Firewall Filter Match Conditions |
2820 |
Filter Match Conditions |
2820 |
Numeric Filter Match Conditions |
2820 |
Interface Filter Match Conditions |
2821 |
IP Address Filter Match Conditions |
2821 |
MAC Address Filter Match Conditions |
2822 |
Bit-Field Filter Match Conditions |
2822 |
Understanding How Firewall Filters Test a Packet's Protocol |
2824 |
Understanding the Use of Policers in Firewall Filters |
2824 |
Understanding Filter-Based Forwarding for J-EX Series Switches |
2825 |
Chapter 101: Examples of Firewall Filters Configuration |
2827 |
Example: Configuring Firewall Filters for Port, VLAN, and Router Traffic on J-EX Series Switches |
2827 |
Requirements |
2827 |
Overview |
2828 |
Network Topology |
2829 |
Configuring an Ingress Port Firewall Filter to Prioritize Voice Traffic and Rate-Limit TCP and ICMP Traffic |
2831 |
Configuring a VLAN Ingress Firewall Filter to Prevent Rogue Devices from Disrupting VoIP Traffic |
2836 |
Configuring a VLAN Firewall Filter to Count, Monitor, and Analyze Egress Traffic on the Employee VLAN |
2838 |
Configuring a VLAN Firewall Filter to Restrict Guest-to-Employee Traffic and Peer-to-Peer Applications on the Guest VLAN |
2840 |
Configuring a Router Firewall Filter to Give Priority to Egress Traffic Destined for the Corporate Subnet |
2842 |
Verification |
2843 |
Verifying that Firewall Filters and Policers are Operational |
2843 |
Verifying that Schedulers and Scheduler-Maps are Operational |
2844 |
Example: Using Filter-Based Forwarding to Route Application Traffic to a Security Device on J-EX Series Switches |
2845 |
Requirements |
2845 |
Overview and Topology |
2846 |
Configuration |
2846 |
Verification |
2848 |
Verifying That Filter-Based Forwarding Was Configured |
2848 |
Chapter 102: Configuring Firewall Filters |
2851 |
Configuring Firewall Filters (CLI Procedure) |
2851 |
Configuring a Firewall Filter |
2851 |
Applying a Firewall Filter to a Port on a Switch |
2854 |
Applying a Firewall Filter to a VLAN on a Network |
2854 |
Applying a Firewall Filter to a Layer 3 (Routed) Interface |
2855 |
Configuring Firewall Filters (J-Web Procedure) |
2856 |
Configuring Policers to Control Traffic Rates (CLI Procedure) |
2860 |
Configuring Policers |
2861 |
Specifying Policers in a Firewall Filter Configuration |
2862 |
Applying a Firewall Filter That Is Configured with a Policer |
2862 |
Assigning Multifield Classifiers in Firewall Filters to Specify Packet-Forwarding Behavior (CLI Procedure) |
2863 |
Configuring Routing Policies (J-Web Procedure) |
2864 |
Chapter 103: Verifying Firewall Filter Configuration |
2871 |
Verifying That Firewall Filters Are Operational |
2871 |
Verifying That Policers Are Operational |
2872 |
Monitoring Firewall Filter Traffic |
2872 |
Monitoring Traffic for All Firewall Filters and Policers That Are Configured on the Switch |
2873 |
Monitoring Traffic for a Specific Firewall Filter |
2873 |
Monitoring Traffic for a Specific Policer |
2873 |
Chapter 104: Troubleshooting Firewall Filters |
2875 |
Troubleshooting Firewall Filters |
2875 |
Firewall Filter Configuration Returns a No Space Available in TCAM Message |
2875 |
Chapter 105: Configuration Statements for Firewall Filters |
2877 |
[edit firewall] Configuration Statement Hierarchy |
2877 |
Firewall Filter Configuration Statements Supported by the Junos OS for J-EX Series Switches |
2878 |
apply-path |
2881 |
as-path |
2881 |
as-path-group |
2882 |
bandwidth-limit |
2883 |
burst-size-limit |
2884 |
community |
2885 |
condition |
2887 |
damping |
2888 |
dynamic-db |
2889 |
family |
2890 |
filter |
2891 |
filter |
2892 |
filter |
2893 |
filter-specific |
2893 |
firewall |
2894 |
from |
2895 |
if-exceeding |
2896 |
interface-specific |
2897 |
policer |
2898 |
policy-statement |
2899 |
prefix-list |
2901 |
routing-instance |
2902 |
term |
2903 |
then |
2904 |
then |
2905 |
Chapter 106: Operational Mode Commands for Firewall Filters |
2907 |
clear firewall |
2908 |
clear firewall |
2909 |
show firewall |
2910 |
show firewall |
2913 |
show firewall log |
2916 |
show interfaces filters |
2918 |
show interfaces policers |
2920 |
show policer |
2922 |
show policy |
2924 |
show policy conditions |
2926 |
test policy |
2928 |
Part 21: Class of Service |
2929 |
Chapter 107: Class of Service (CoS)—Overview |
2931 |
Junos OS CoS for J-EX Series Switches Overview |
2932 |
How Junos OS CoS Works |
2932 |
Default CoS Behavior on J-EX Series Switches |
2933 |
Understanding Junos OS CoS Components for J-EX Series Switches |
2934 |
Code-Point Aliases |
2934 |
Policers |
2934 |
Classifiers |
2934 |
Forwarding Classes |
2935 |
Tail Drop Profiles |
2935 |
Schedulers |
2935 |
Rewrite Rules |
2935 |
Understanding CoS Code-Point Aliases |
2936 |
Default Code-Point Aliases |
2936 |
Understanding CoS Classifiers |
2939 |
Behavior Aggregate Classifiers |
2939 |
Default Behavior Aggregate Classification |
2940 |
Multifield Classifiers |
2941 |
Understanding CoS Forwarding Classes |
2942 |
Default Forwarding Classes |
2942 |
Understanding CoS Tail Drop Profiles |
2944 |
Understanding CoS Schedulers |
2945 |
Default Schedulers |
2945 |
Transmission Rate |
2946 |
Scheduler Buffer Size |
2946 |
Priority Scheduling |
2946 |
Scheduler Drop-Profile Maps |
2947 |
Scheduler Maps |
2947 |
Understanding CoS Two-Color Marking |
2948 |
Understanding CoS Rewrite Rules |
2948 |
How Rewrite Rules Work |
2948 |
Default Rewrite Rule |
2949 |
Understanding Port Shaping and Queue Shaping for CoS on J-EX Series Switches |
2950 |
Port Shaping |
2950 |
Queue Shaping |
2950 |
Understanding Junos OS EZQoS for CoS Configurations on J-EX Series Switches |
2951 |
Understanding Using CoS with MPLS Networks on J-EX Series Switches |
2952 |
Guidelines for Using CoS Classifiers on CCCs |
2952 |
Using CoS Classifiers with IP over MPLS |
2953 |
Default Classifiers and Default Rewrite Rules |
2953 |
EXP Rewrite Rules |
2953 |
Policer |
2954 |
Schedulers |
2954 |
Chapter 108: Examples: CoS Configuration |
2955 |
Example: Configuring CoS on J-EX Series Switches |
2955 |
Requirements |
2955 |
Overview and Topology |
2955 |
|
2958 |
Configuration |
2958 |
Verification |
2968 |
Verifying That the Defined Forwarding Classes Exist and Are Mapped to Queues |
2968 |
Verifying That the Forwarding Classes Have Been Assigned to Schedulers |
2969 |
Verifying That the Scheduler Map Has Been Applied to the Interface |
2970 |
Example: Combining CoS with MPLS on J-EX Series Switches |
2970 |
Requirements |
2971 |
Overview and Topology |
2971 |
Configuring the Local PE Switch |
2973 |
Configuring the Remote PE Switch |
2975 |
Configuring the Provider Switch |
2976 |
Verification |
2977 |
Verifying That the Policer Firewall Filter Is Operational |
2977 |
Verifying That the CoS Classifiers Are Going to the Right Queue |
2977 |
Verifying the CoS Forwarding Table Mapping |
2980 |
Verifying the Rewrite Rules |
2981 |
Chapter 109: Configuring CoS |
2983 |
Configuring CoS (J-Web Procedure) |
2983 |
Defining CoS Code-Point Aliases (J-Web Procedure) |
2984 |
Defining CoS Code-Point Aliases (CLI Procedure) |
2986 |
Defining CoS Classifiers (CLI Procedure) |
2986 |
Defining CoS Classifiers (J-Web Procedure) |
2988 |
Defining CoS Forwarding Classes (CLI Procedure) |
2990 |
Defining CoS Forwarding Classes (J-Web Procedure) |
2990 |
Defining CoS Schedulers (CLI Procedure) |
2992 |
Defining CoS Schedulers (J-Web Procedure) |
2992 |
Defining CoS Scheduler Maps (J-Web Procedure) |
2995 |
Defining CoS Drop Profiles (J-Web Procedure) |
2995 |
Configuring CoS Tail Drop Profiles (CLI Procedure) |
2997 |
Defining CoS Rewrite Rules (CLI Procedure) |
2997 |
Defining CoS Rewrite Rules (J-Web Procedure) |
2998 |
Assigning CoS Components to Interfaces (CLI Procedure) |
3000 |
Assigning CoS Components to Interfaces (J-Web Procedure) |
3000 |
Configuring Junos OS EZQoS for CoS (CLI Procedure) |
3002 |
Configuring CoS on MPLS Provider Edge Switch Using IP Over MPLS (CLI Procedure) |
3003 |
Configuring CoS on MPLS Provider Edge Switch Using Circuit Cross-Connect (CLI Procedure) |
3004 |
Chapter 110: Verifying CoS Configuration |
3007 |
Monitoring CoS Classifiers |
3007 |
Monitoring CoS Forwarding Classes |
3008 |
Monitoring Interfaces That Have CoS Components |
3009 |
Monitoring CoS Rewrite Rules |
3010 |
Monitoring CoS Scheduler Maps |
3011 |
Monitoring CoS Value Aliases |
3012 |
Monitoring CoS Drop Profiles |
3013 |
Chapter 111: Configuration Statements for CoS |
3015 |
[edit class-of-service] Configuration Statement Hierarchy |
3015 |
broadcast |
3017 |
buffer-size |
3018 |
class |
3019 |
class-of-service |
3020 |
classifiers |
3022 |
code-point-aliases |
3023 |
code-points |
3023 |
drop-profile-map |
3024 |
dscp |
3025 |
dscp-ipv6 |
3026 |
ethernet |
3027 |
exp |
3028 |
family |
3029 |
forwarding-class |
3030 |
forwarding-classes |
3031 |
ieee-802.1 |
3032 |
import |
3033 |
inet |
3034 |
inet-precedence |
3035 |
interfaces |
3036 |
loss-priority |
3037 |
multi-destination |
3038 |
policing |
3039 |
priority |
3040 |
protocol |
3040 |
rewrite-rules |
3041 |
scheduler-map |
3042 |
scheduler-maps |
3043 |
schedulers |
3044 |
shaping-rate |
3045 |
shared-buffer |
3046 |
transmit-rate |
3047 |
unit |
3048 |
Chapter 112: Operational Mode Commands for CoS |
3049 |
show class-of-service |
3050 |
show class-of-service classifier |
3055 |
show class-of-service code-point-aliases |
3057 |
show class-of-service drop-profile |
3059 |
show class-of-service forwarding-class |
3061 |
show class-of-service interface |
3063 |
show pfe statistics traffic |
3066 |
show pfe statistics traffic cpu |
3069 |
show pfe statistics traffic egress-queues |
3073 |
show pfe statistics traffic multicast |
3075 |
Part 22: Power over Ethernet |
3079 |
Chapter 113: Power over Ethernet (PoE)—Overview |
3081 |
PoE and J-EX Series Switches Overview |
3081 |
PoE |
3081 |
PoE Power Management |
3081 |
PoE Power Budget |
3081 |
Power Management Mode |
3082 |
PoE Interface Power Priority |
3083 |
PoE Configuration and Monitoring |
3083 |
Chapter 114: Examples: PoE Configuration |
3085 |
Example: Configuring PoE Interfaces on a J-EX Series Switch |
3085 |
Requirements |
3085 |
Overview and Topology |
3085 |
Configuration |
3086 |
Verification |
3086 |
Verifying That the PoE Interfaces Have Been Created |
3086 |
Example: Configuring PoE Interfaces with Different Priorities on a J-EX Series Switch |
3087 |
Requirements |
3087 |
Overview and Topology |
3088 |
Configuration |
3088 |
Verification |
3091 |
Verifying That the PoE Interfaces Have Been Created with the Correct Priorities |
3091 |
Chapter 115: Configuring PoE |
3093 |
Configuring PoE (CLI Procedure) |
3093 |
Configuring PoE (J-Web Procedure) |
3095 |
Chapter 116: Verifying PoE Configuration |
3097 |
Monitoring PoE |
3097 |
Monitoring PoE Power Consumption (CLI Procedure) |
3098 |
PoE Power Consumption for the Switch |
3098 |
Current Power Consumption for PoE Interfaces |
3098 |
Power Consumption for PoE Interfaces over Time |
3099 |
Verifying PoE Configuration and Status (CLI Procedure) |
3100 |
Number of PoE Ports on the Switch |
3100 |
PoE Controller Configuration and Status |
3100 |
PoE Interface Configuration and Status |
3101 |
PoE SNMP Trap Generation Status |
3101 |
Chapter 117: Troubleshooting PoE Configuration |
3103 |
Troubleshooting PoE Interfaces |
3103 |
Chapter 118: Configuration Statements for PoE |
3105 |
[edit poe] Configuration Statement Hierarchy |
3105 |
disable |
3106 |
duration |
3107 |
fpc |
3108 |
guard-band |
3109 |
interface |
3110 |
interval |
3111 |
management |
3112 |
maximum-power |
3113 |
notification-control |
3114 |
priority |
3115 |
telemetries |
3116 |
Chapter 119: Operational Mode Commands for PoE |
3117 |
show poe controller |
3118 |
show poe interface |
3120 |
show poe notification-control |
3122 |
show poe telemetries interface |
3124 |
Part 23: MPLS |
3127 |
Chapter 120: MPLS—Overview |
3129 |
Junos OS MPLS for J-EX Series Switches Overview |
3129 |
Benefits of MPLS |
3129 |
Additional Benefits of MPLS and Traffic Engineering |
3130 |
Understanding Junos OS MPLS Components for J-EX Series Switches |
3131 |
Provider Edge Switches |
3131 |
MPLS Protocol and Label Switched Paths |
3131 |
Circuit Cross-Connect for Customer-Edge Interfaces |
3131 |
IP over MPLS For Customer-Edge Interfaces |
3132 |
Provider Switch |
3132 |
Components Required for All Switches in the MPLS Network |
3132 |
Routing Protocol |
3133 |
Traffic Engineering |
3133 |
MPLS Protocol |
3133 |
RSVP |
3133 |
Family MPLS |
3134 |
Understanding MPLS and Path Protection on J-EX Series Switches |
3135 |
Understanding Using CoS with MPLS Networks on J-EX Series Switches |
3136 |
Guidelines for Using CoS Classifiers on CCCs |
3136 |
Using CoS Classifiers with IP over MPLS |
3137 |
Default Classifiers and Default Rewrite Rules |
3137 |
EXP Rewrite Rules |
3137 |
Policer |
3138 |
Schedulers |
3138 |
Understanding MPLS Label Operations on J-EX Series Switches |
3139 |
MPLS Label Switched Paths and MPLS Labels on J-EX Series Switches |
3139 |
Reserved Labels |
3140 |
MPLS Label Operations on J-EX Series Switches |
3140 |
Ultimate and Penultimate Hop Popping |
3141 |
Chapter 121: Example of MPLS Configuration |
3143 |
Example: Configuring MPLS on J-EX Series Switches |
3143 |
Requirements |
3143 |
Overview and Topology |
3144 |
Configuring the Local PE Switch |
3147 |
Configuring the Remote PE Switch |
3150 |
Configuring the Provider Switch |
3152 |
Verification |
3154 |
Verifying the Physical Layer on the Switches |
3155 |
Verifying the Routing Protocol |
3155 |
Verifying the Core Interfaces Being Used for the MPLS Traffic |
3155 |
Verifying RSVP |
3156 |
Verifying the Assignment of Interfaces for MPLS Label Operations |
3156 |
Verifying the Status of the CCC |
3156 |
Example: Combining CoS with MPLS on J-EX Series Switches |
3157 |
Requirements |
3158 |
Overview and Topology |
3158 |
Configuring the Local PE Switch |
3160 |
Configuring the Remote PE Switch |
3162 |
Configuring the Provider Switch |
3163 |
Verification |
3164 |
Verifying That the Policer Firewall Filter Is Operational |
3164 |
Verifying That the CoS Classifiers Are Going to the Right Queue |
3164 |
Verifying the CoS Forwarding Table Mapping |
3167 |
Verifying the Rewrite Rules |
3167 |
Chapter 122: Configuring MPLS |
3169 |
Configuring Path Protection in an MPLS Network (CLI Procedure) |
3169 |
Configuring the Primary Path |
3171 |
Configuring the Secondary Path |
3171 |
Configuring the Revert Timer |
3172 |
Configuring MPLS on Provider Switches (CLI Procedure) |
3174 |
Configuring CoS on MPLS Provider Edge Switch Using IP Over MPLS (CLI Procedure) |
3176 |
Configuring CoS on MPLS Provider Edge Switch Using Circuit Cross-Connect (CLI Procedure) |
3177 |
Configuring CoS on Provider Switches of an MPLS Network (CLI Procedure) |
3178 |
Configuring MPLS on Provider Edge Switches Using IP Over MPLS (CLI Procedure) |
3179 |
Configuring the Ingress PE Switch |
3180 |
Configuring the Egress PE Switch |
3181 |
Configuring MPLS on Provider Edge Switches Using Circuit Cross-Connect (CLI Procedure) |
3183 |
Chapter 123: Verifying MPLS |
3187 |
Verifying That MPLS Is Working Correctly |
3187 |
Verifying the Physical Layer on the Switches |
3187 |
Verifying the Routing Protocol |
3188 |
Verifying the Core Interfaces Being Used for the MPLS Traffic |
3188 |
Verifying RSVP |
3188 |
Verifying the Assignment of Interfaces for MPLS Label Operations |
3189 |
Verifying the Status of the CCC |
3189 |
Verifying Path Protection in an MPLS Network |
3190 |
Verifying the Primary Path |
3190 |
Verifying the RSVP-Enabled Interfaces |
3191 |
Verifying a Secondary Path |
3191 |
Chapter 124: Configuration Statements for MPLS |
3193 |
[edit protocols] Configuration Statement Hierarchy |
3193 |
connections |
3200 |
exp |
3201 |
interface |
3202 |
label-switched-path |
3203 |
mpls |
3204 |
path |
3205 |
policing |
3206 |
primary |
3206 |
remote-interface-switch |
3207 |
revert-timer |
3208 |
rsvp |
3209 |
secondary |
3209 |
standby |
3210 |
traffic-engineering |
3210 |
Chapter 125: Operational Mode Commands for MPLS |
3211 |
clear mpls lsp |
3212 |
clear rsvp session |
3214 |
clear rsvp statistics |
3216 |
ping mpls l2circuit |
3217 |
ping mpls l2vpn |
3219 |
ping mpls l3vpn |
3221 |
ping mpls ldp |
3223 |
ping mpls lsp-end-point |
3225 |
ping mpls rsvp |
3227 |
request mpls lsp adjust-autobandwidth |
3232 |
show connections |
3233 |
show connections |
3236 |
show link-management |
3240 |
show link-management peer |
3243 |
show link-management routing |
3245 |
show link-management statistics |
3248 |
show link-management te-link |
3250 |
show mpls admin-groups |
3252 |
show mpls call-admission-control |
3253 |
show mpls cspf |
3255 |
show mpls diffserv-te |
3257 |
show mpls interface |
3259 |
show mpls interface |
3260 |
show mpls lsp |
3261 |
show mpls path |
3270 |
show route forwarding-table |
3271 |
show rsvp interface |
3278 |
show rsvp neighbor |
3283 |
show rsvp session |
3288 |
show rsvp session |
3293 |
show rsvp statistics |
3301 |
show rsvp version |
3305 |
show ted database |
3307 |
show ted link |
3311 |
show ted protocol |
3313 |
Part 24: Network Management and Monitoring |
3315 |
Chapter 126: Port Mirroring |
3317 |
Port Mirroring—Overview |
3317 |
Understanding Port Mirroring on J-EX Series Switches |
3317 |
Port Mirroring Overview |
3317 |
Limitations of Port Mirroring |
3319 |
Port Mirroring Terminology |
3319 |
Examples: Port Mirroring Configuration |
3321 |
Example: Configuring Port Mirroring for Local Monitoring of Employee Resource Use on J-EX Series Switches |
3321 |
Requirements |
3322 |
Overview and Topology |
3322 |
Network Topology |
3322 |
Mirroring All Employee Traffic for Local Analysis |
3323 |
Mirroring Employee-to-Web Traffic for Local Analysis |
3323 |
Verification |
3325 |
Verifying That the Analyzer Has Been Correctly Created |
3326 |
Example: Configuring Port Mirroring for Remote Monitoring of Employee Resource Use on J-EX Series Switches |
3326 |
Requirements |
3327 |
Overview and Topology |
3327 |
Mirroring All Employee Traffic for Remote Analysis |
3328 |
Mirroring Employee-to-Web Traffic for Remote Analysis |
3329 |
Verification |
3331 |
Verifying That the Analyzer Has Been Correctly Created |
3331 |
Configuring Port Mirroring |
3332 |
Configuring Port Mirroring to Analyze Traffic (CLI Procedure) |
3332 |
Configuring Port Mirroring for Local Traffic Analysis |
3333 |
Configuring Port Mirroring for Remote Traffic Analysis |
3333 |
Filtering the Traffic Entering an Analyzer |
3334 |
Configuring Port Mirroring to Analyze Traffic (J-Web Procedure) |
3335 |
Verifying Port Mirroring Configuration |
3337 |
Verifying Input and Output for Port Mirroring Analyzers on J-EX Series Switches |
3337 |
Configuration Statements for Port Mirroring |
3338 |
[edit ethernet-switching-options] Configuration Statement Hierarchy |
3339 |
analyzer |
3342 |
egress |
3343 |
ethernet-switching-options |
3344 |
ingress |
3347 |
input |
3348 |
interface |
3349 |
loss-priority |
3350 |
output |
3351 |
ratio |
3352 |
vlan |
3352 |
Operational Mode Commands for Port Mirroring |
3352 |
show analyzer |
3353 |
Chapter 127: sFlow Monitoring Technology |
3355 |
sFlow Technology—Overview |
3355 |
Understanding How to Use sFlow Technology for Network Monitoring on a J-EX Series Switch |
3355 |
Sampling Mechanism and Architecture of sFlow Technology on J-EX Series Switches |
3355 |
Adaptive Sampling |
3356 |
sFlow Agent Address Assignment |
3357 |
Example: sFlow Technology Configuration |
3357 |
Example: Configuring sFlow Technology to Monitor Network Traffic on J-EX Series Switches |
3357 |
Requirements |
3358 |
Overview and Topology |
3358 |
Configuration |
3359 |
Verification |
3361 |
Verifying That sFlow Technology Has Been Configured Properly |
3361 |
Verifying That sFlow Technology Is Enabled on the Intended Interface |
3361 |
Verifying the sFlow Collector Configuration |
3362 |
Configuring sFlow Technology |
3362 |
Configuring sFlow Technology for Network Monitoring (CLI Procedure) |
3362 |
Configuration Statements for sFlow Technology |
3363 |
[edit protocols] Configuration Statement Hierarchy |
3364 |
collector |
3371 |
disable |
3371 |
interfaces |
3372 |
polling-interval |
3373 |
sample-rate |
3374 |
sflow |
3375 |
udp-port |
3376 |
Operational Mode Commands for sFlow Technology |
3376 |
show sflow |
3377 |
show sflow collector |
3379 |
show sflow interface |
3380 |
Chapter 128: SNMP |
3381 |
Configuring SNMP |
3381 |
Configuring SNMP (J-Web Procedure) |
3381 |
Configuration Statements for SNMP |
3384 |
[edit snmp] Configuration Statement Hierarchy |
3384 |
address |
3385 |
address-mask |
3385 |
agent-address |
3386 |
alarm |
3387 |
authorization |
3388 |
bucket-size |
3388 |
categories |
3389 |
client-list |
3389 |
client-list-name |
3390 |
clients |
3390 |
commit-delay |
3391 |
community |
3392 |
community |
3393 |
community-name |
3394 |
contact |
3395 |
description |
3395 |
description |
3396 |
destination-port |
3396 |
engine-id |
3397 |
event |
3398 |
falling-event-index |
3398 |
falling-threshold |
3399 |
falling-threshold |
3400 |
falling-threshold-interval |
3400 |
filter-duplicates |
3401 |
filter-interfaces |
3401 |
group (Configuring Group Name) |
3402 |
group (Defining Access Privileges for an SNMPv3 Group) |
3402 |
health-monitor |
3403 |
history |
3404 |
interface |
3405 |
interface |
3405 |
interval |
3406 |
interval |
3406 |
interval |
3407 |
location |
3407 |
logical-system |
3408 |
message-processing-model |
3408 |
name |
3409 |
nonvolatile |
3409 |
notify |
3410 |
notify-filter (Configuring the Profile Name) |
3410 |
notify-filter (Applying to the Management Target) |
3411 |
notify-view |
3411 |
oid |
3412 |
oid |
3412 |
owner |
3413 |
parameters |
3413 |
port |
3414 |
read-view |
3414 |
request-type |
3415 |
rising-event-index |
3415 |
rising-threshold |
3416 |
rising-threshold |
3417 |
rmon |
3417 |
rmon |
3418 |
routing-instance |
3419 |
routing-instance |
3420 |
sample-type |
3420 |
security-level (Generating SNMP Notifications) |
3421 |
security-level (Defining Access Privileges) |
3421 |
security-model (Access Privileges) |
3422 |
security-model (Group) |
3422 |
security-model (SNMP Notifications) |
3423 |
security-name (Security Group) |
3423 |
security-name (Community String) |
3424 |
security-name (SNMP Notifications) |
3425 |
security-to-group |
3425 |
snmp |
3426 |
snmp |
3426 |
snmp-community |
3427 |
source-address |
3427 |
startup-alarm |
3428 |
syslog-subtag |
3428 |
tag |
3429 |
tag-list |
3429 |
target-address |
3430 |
target-parameters |
3431 |
targets |
3431 |
traceoptions |
3432 |
trap-group |
3434 |
trap-options |
3435 |
type |
3435 |
type |
3436 |
v3 |
3437 |
vacm |
3439 |
variable |
3440 |
version |
3440 |
view (Configuring a MIB View) |
3441 |
view (Associating a MIB View with a Community) |
3442 |
write-view |
3442 |
Operational Mode Commands for SNMP |
3442 |
clear snmp rmon history |
3443 |
clear snmp statistics |
3444 |
request snmp spoof-trap |
3446 |
show snmp health-monitor |
3452 |
show snmp inform-statistics |
3459 |
show snmp rmon |
3460 |
show snmp rmon history |
3464 |
show snmp statistics |
3467 |
show snmp v3 |
3471 |
Chapter 129: Real-Time Performance Monitoring (RPM) |
3475 |
RPM—Overview |
3475 |
Understanding Real-Time Performance Monitoring on J-EX Series Switches |
3476 |
RPM Packet Collection |
3476 |
Tests and Probe Types |
3476 |
Hardware Timestamps |
3477 |
Limitations of RPM |
3479 |
Configuring Real-Time Performance Monitoring (RPM) |
3479 |
Configuring Real-Time Performance Monitoring (J-Web Procedure) |
3479 |
Configuring the Interface for RPM Timestamping for Client/Server on a J-EX Series Switch (CLI Procedure) |
3486 |
Verifying Real-Time Performance Monitoring |
3488 |
Viewing Real-Time Performance Monitoring Information |
3488 |
Operational Mode Commands for Real-Time Performance Monitoring |
3488 |
show services rpm active-servers |
3489 |
show services rpm history-results |
3490 |
show services rpm probe-results |
3493 |
Chapter 130: Ethernet OAM Link Fault Management |
3499 |
Ethernet OAM Link Fault Management—Overview |
3499 |
Understanding Ethernet OAM Link Fault Management for a J-EX Series Switch |
3499 |
Example of Ethernet OAM Link Fault Management Configuration |
3500 |
Example: Configuring Ethernet OAM Link Fault Management on J-EX Series Switches |
3500 |
Requirements |
3501 |
Overview and Topology |
3501 |
Configuring Ethernet OAM Link Fault Management on Switch 1 |
3501 |
Configuring Ethernet OAM Link Fault Management on Switch 2 |
3502 |
Verification |
3503 |
Verifying That OAM LFM Has Been Configured Properly |
3503 |
Configuring Ethernet OAM Link Fault Management |
3503 |
Configuring Ethernet OAM Link Fault Management (CLI Procedure) |
3503 |
Configuration Statements for Ethernet OAM Link Fault Management |
3506 |
[edit protocols] Configuration Statement Hierarchy |
3506 |
action |
3512 |
action-profile |
3513 |
allow-remote-loopback |
3514 |
ethernet |
3515 |
event |
3517 |
event-thresholds |
3517 |
frame-error |
3518 |
frame-period |
3518 |
frame-period-summary |
3519 |
interface |
3520 |
link-adjacency-loss |
3521 |
link-discovery |
3521 |
link-down |
3522 |
link-event-rate |
3522 |
link-fault-management |
3523 |
negotiation-options |
3524 |
no-allow-link-events |
3524 |
oam |
3525 |
pdu-interval |
3527 |
pdu-threshold |
3527 |
remote-loopback |
3528 |
symbol-period |
3528 |
syslog |
3529 |
Operational Mode Commands for Ethernet OAM Link Fault Management |
3529 |
show oam ethernet link-fault-management |
3530 |
Chapter 131: Ethernet OAM Connectivity Fault Management |
3535 |
Ethernet OAM Connectivity Fault Management—Overview |
3535 |
Understanding Ethernet OAM Connectivity Fault Management for a J-EX Series Switch |
3535 |
Example of Ethernet OAM Connectivity Fault Management Configuration |
3536 |
Example: Configuring Ethernet OAM Connectivity Fault Management on J-EX Series Switches |
3537 |
Requirements |
3537 |
Overview and Topology |
3537 |
Configuring Ethernet OAM Connectivity Fault Management on Switch 1 |
3537 |
Configuring Ethernet OAM Connectivity Fault Management on Switch 2 |
3538 |
Verification |
3539 |
Verifying That OAM CFM Has Been Configured Properly |
3539 |
Configuring Ethernet OAM Connectivity Fault Management |
3540 |
Configuring Ethernet OAM Connectivity Fault Management (CLI Procedure) |
3540 |
Creating the Maintenance Domain |
3541 |
Configuring the Maintenance Domain MIP Half Function |
3541 |
Creating a Maintenance Association |
3542 |
Configuring the Continuity Check Protocol |
3542 |
Configuring a Maintenance Association End Point |
3542 |
Configuring a Connectivity Fault Management Action Profile |
3543 |
Configuring the Linktrace Protocol |
3544 |
Configuration Statements for Ethernet OAM Connectivity Fault Management |
3544 |
[edit protocols] Configuration Statement Hierarchy |
3544 |
action-profile (Applying to OAM CFM, for J-EX Series Switch Only) |
3551 |
age (J-EX Series Switch Only) |
3552 |
auto-discovery (J-EX Series Switch Only) |
3552 |
connectivity-fault-management (J-EX Series Switch Only) |
3553 |
continuity-check (J-EX Series Switch Only) |
3554 |
direction (J-EX Series Switch Only) |
3554 |
hold-interval (OAM CFM, for J-EX Series Switch Only) |
3555 |
interface (OAM CFM, for J-EX Series Switch Only) |
3555 |
interval (J-EX Series Switch Only) |
3556 |
level (J-EX Series Switch Only) |
3557 |
linktrace (J-EX Series Switch Only) |
3557 |
loss-threshold (J-EX Series Switch Only) |
3558 |
maintenance-association (J-EX Series Switch Only) |
3559 |
maintenance-domain (J-EX Series Switch Only) |
3560 |
mep (J-EX Series Switch Only) |
3561 |
mip-half-function (J-EX Series Switch Only) |
3562 |
name-format (J-EX Series Switch Only) |
3563 |
path-database-size (J-EX Series Switch Only) |
3563 |
remote-mep (J-EX Series Switch Only) |
3564 |
Operational Mode Commands for Ethernet OAM Connectivity Fault Management |
3564 |
clear oam ethernet connectivity-fault-management statistics |
3565 |
show oam ethernet connectivity-fault-management forwarding-state |
3566 |
show oam ethernet connectivity-fault-management interfaces |
3570 |
show oam ethernet connectivity-fault-management linktrace path-database |
3576 |
show oam ethernet connectivity-fault-management mep-database |
3578 |
show oam ethernet connectivity-fault-management mip |
3584 |
Chapter 132: Monitoring General Network Traffic and Hosts |
3585 |
Monitoring Hosts Using the J-Web Ping Host Tool |
3585 |
Monitoring Network Traffic Using Traceroute |
3587 |
Chapter 133: Configuration Statements for General Network Management and Monitoring |
3589 |
archive-sites |
3589 |
class-usage-profile |
3590 |
counters |
3591 |
destination-classes |
3591 |
fields (for Interface Profiles) |
3592 |
file (Associating with a Profile) |
3593 |
file (Configuring a Log File) |
3594 |
files |
3594 |
filter-profile |
3595 |
interface-profile |
3596 |
interval |
3597 |
mib-profile |
3598 |
object-names |
3598 |
operation |
3599 |
routing-engine-profile |
3599 |
size |
3600 |
source-classes |
3600 |
start-time |
3601 |
transfer-interval |
3601 |
Chapter 134: Operational Mode Commands for General Network Management and Monitoring |
3603 |
monitor traffic |
3604 |
ping |
3611 |
show snmp mib |
3614 |
traceroute |
3616 |
Part 25: Index |
3619 |
Index |
3621 |
Symbols |
3621 |
A |
3621 |
B |
3623 |
C |
3624 |
D |
3627 |
E |
3629 |
F |
3630 |
G |
3631 |
H |
3632 |
I |
3633 |
J |
3635 |
K |
3636 |
L |
3636 |
M |
3637 |
N |
3640 |
O |
3641 |
P |
3642 |
Q |
3645 |
R |
3645 |
S |
3649 |
T |
3654 |
U |
3657 |
V |
3657 |
W |
3658 |
X |
3659 |