Professional Documents
Culture Documents
10.b
This document is produced by Juniper Networks, Inc. This document or any part thereof may not be reproduced or transmitted in any form under penalty of law, without the prior written permission of Juniper Networks Education Services. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Advanced Junos Enterprise Switching High-Level Lab Guide, Revision 10.b Copyright 2011 Juniper Networks, Inc. All rights reserved. Printed in USA. Revision History: Revision 10.aApril 2011 Revision 10.bJune 2011 The information in this document is current as of the date listed above. The information in this document has been carefully verified and is believed to be accurate for software Release 10.4R3.4. Juniper Networks assumes no responsibilities for any inaccuracies that may appear in this document. In no event will Juniper Networks be liable for direct, indirect, special, exemplary, incidental, or consequential damages resulting from any defect or omission in this document, even if advised of the possibility of such damages.
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. YEAR 2000 NOTICE Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036. SOFTWARE LICENSE The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should consult the software license for further details.
Contents
Lab 1: Advanced Ethernet Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Part 1: Logging In Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Part 2: Configuring and Monitoring Filter-Based VLAN Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Part 3: Configuring and Monitoring a PVLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Part 4: Configuring and Monitoring MVRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Part 5: Configuring and Monitoring Q-in-Q Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 1-3 1-4 1-7 1-8
Lab 2:
Lab 3:
Lab 4:
Lab 5:
Lab 6:
www.juniper.net
Contents iii
iv Contents
www.juniper.net
Course Overview
This two-day course provides detailed coverage of virtual LAN (VLAN) operations, Multiple Spanning Tree Protocol (MSTP) and VLAN Spanning Tree Protocol (VSTP), authentication and access control for Layer 2 networks, IP telephony features, class of service (CoS) and monitoring and troubleshooting tools and features supported on the EX Series Ethernet Switches. Through demonstrations and hands-on labs, students will gain experience in configuring and monitoring the Junos operating system and in monitoring device and protocol operations.
Objectives
After successfully completing this course, you should be able to: Implement filter-based VLAN assignments. Restrict traffic flow within a VLAN. Manage dynamic VLAN registration. Tunnel Layer 2 traffic through Ethernet networks. Review the purpose and operations of a spanning tree. Implement multiple spanning tree instances in a network. Implement one or more spanning tree instances for a VLAN. List the benefits of implementing end-user authentication. Explain the operations of various access control features. Configure and monitor various access control features. Describe processing considerations when multiple authentication and access control features are enabled. Describe some common IP telephony deployment scenarios. Describe features that facilitate IP telephony deployments. Configure and monitor features used in IP telephony deployments. Explain the purpose and basic operations of class of service. Describe class of service features used in Layer 2 networks. Configure and monitor class of service in a Layer 2 network. Describe a basic troubleshooting method. List common issues that disrupt network operations. Identify tools used in network troubleshooting. Use available tools to resolve network issues.
Intended Audience
This course benefits individuals responsible for configuring and monitoring EX Series switches.
Course Level
Advanced Junos Enterprise Switching is an advanced-level course.
Prerequisites
Students should have an intermediate-level of networking knowledge and an understanding of the Open Systems Interconnection (OSI) reference model and the TCP/IP protocol suite. Students should also attend the Introduction to the Junos Operating System (IJOS), the Junos Routing Essentials (JRE), and the Junos Enterprise Switching (JEX) courses prior to attending this class.
www.juniper.net
Course Overview v
Course Agenda
Day 1
Chapter 1: Course Introduction Chapter 2: Advanced Ethernet Switching Lab 1: Advanced Ethernet Switching Chapter 3: Advanced Spanning Tree Lab 2: Implementing MSTP and VSTP Chapter 4: Authentication and Access Control Lab 3: Authentication and Access Control
Day 2
Chapter 5: Deploying IP Telephony Features Lab 4: Deploying IP Telephony Features Chapter 6: Class of Service Lab 5: Class of Service Chapter 7: Monitoring and Troubleshooting Lab 6: Monitoring and Troubleshooting Layer 2 Networks
vi Course Agenda
www.juniper.net
Document Conventions
CLI and GUI Text
Frequently throughout this course, we refer to text that appears in a command-line interface (CLI) or a graphical user interface (GUI). To make the language of these documents easier to read, we distinguish GUI and CLI text from chapter text according to the following table. Style Franklin Gothic Courier New Description Normal text. Console text: Screen captures Noncommand-related syntax commit complete Exiting configuration mode Usage Example Most of what you read in the Lab Guide and Student Guide.
Select File > Open, and then click Configuration.conf in the Filename text box.
GUI Undefined
www.juniper.net
Additional Information
Education Services Offerings
You can obtain information on the latest Education Services offerings, course dates, and class locations from the World Wide Web by pointing your Web browser to: http://www.juniper.net/training/education/.
Technical Publications
You can print technical manuals and release notes directly from the Internet in a variety of formats: Go to http://www.juniper.net/techpubs/. Locate the specific software or hardware release and title you need, and choose the format in which you want to view or print the document.
Documentation sets and CDs are available through your local Juniper Networks sales office or account representative.
www.juniper.net
Lab 1
Advanced Ethernet Switching
Overview
In this lab, you familiarize yourself with the starting configuration and the lab environment. You will also use the command-line interface (CLI) to configure and monitor various Ethernet switching features covered in the corresponding lecture. The lab is available in two formats: a high-level format designed to make you think through each step and a detailed format that offers step-by-step instructions complete with sample output from most commands. By completing this lab you will perform the following tasks: Familiarize yourself with the lab environment. Configure and monitor filter-based VLAN assignments. Configure and monitor a private VLAN (PVLAN). Configure and monitor the Multiple VLAN Registration Protocol (MVRP). Configure and monitor Q-in-Q tunneling.
www.juniper.net
The lab equipment used in this class is likely to be remote from your physical location. The instructor will provide access details to get you logged in to your assigned device. Step 1.1 Ensure that you know to which switch you have been assigned. Check with your instructor if you are not certain. Consult the Management Network Diagram to determine your switchs management address. Question: What is the management address assigned to your switch?
Step 1.2 Access the CLI for your switch using either the console, Telnet, or SSH as directed by your instructor. Refer to the Management Network Diagram for the IP address associated with your teams station. The following example uses Telnet and the SecureCRT program:
Step 1.3 Log in as user lab with the password supplied by your instructor.
www.juniper.net
Step 2.2 Use the show vlans command to ensure ge-0/0/7.0 and ge-0/0/8.0 are associated with the v11 and v12 VLANs respectively. Use the same command to ensure ge-0/0/12.0 is associated with both v11 and v12. Question: Are the referenced interfaces associated with the correct VLANs?
Question: What operational mode command can you issue to determine the port modes currently assigned with the referenced interfaces?
Step 2.3 Enter configuration mode and navigate to the [edit firewall family ethernet-switching] hierarchy. Create a firewall filter named fbva that matches any source IP address in the 172.23.15.0/24 subnet and associates the related traffic with VLAN v15. Ensure that all other traffic is permitted. Step 2.4 Navigate to the [edit interfaces] hierarchy and associate the newly defined filter with ge-0/0/7.0 as an input filter.
www.juniper.net
Step 2.5 Navigate to the [edit vlans] hierarchy and define VLAN v15 to use VLAN ID 15. Associate ge-0/0/12.0 and ge-0/0/7.0 with this VLAN. Note that to correctly associate ge-0/0/7.0 with the newly defined VLAN, you must use the mapping policy statement. Activate the changes using commit. Step 2.6 Issue the run show vlans v15 detail command and verify the designated access port and trunk port are associated with VLAN v15. Question: Are the expected interfaces now associated with VLAN v15?
Question: Based on the current configuration, with which VLAN would traffic entering ge-0/0/7.0 with an IP source address of 172.23.16.100 be associated?
Step 2.7 Issue the top save /var/home/lab/ajex/lab1part2.conf command to save the entire configuration. Note that you will need to reload this configuration at a later time so ensure the entire configuration is saved.
STOP
Before proceeding ensure that the remote team is done with Part 2.
Step 3.3 Configure a primary VLAN named pvlan-50 with a VLAN ID of 50. Associate the ge-0/0/12 interface with this newly defined VLAN. Configure ge-0/0/12 to function as a PVLAN trunk port. Step 3.4 Use the details shown on the network diagram for this lab and configure two community VLANs: one named finance and the other named sales. Ensure that ge-0/0/7.0 and ge-0/0/8.0 are associated with their respective community VLANs and that both community VLANs are linked to the primary VLAN (pvlan-50). Step 3.5 Attempt to activate the changes using the commit command. Question: Does the commit operation succeed? If not can you explain why not?
Step 3.6 Remove the vlan members all statement from the ge-0/0/12.0 interface configuration and attempt the commit operation once again. Question: Does the commit operation succeed now?
Step 3.7 Issue the run show vlans pvlan-50 extensive command to determine the current PVLAN designations for the associated interfaces and community VLANs. Question: Are the expected access and trunk ports listed in the output?
Question: Based on the output, is the ge-0/0/12.0 properly enabled as a PVLAN trunk port?
www.juniper.net
You will now log in to your assigned SRX device. The gateway is configured with multiple virtual routers (VRs), which are logical devices created on your assigned gateway. Most of the configuration required for the SRX device has already been defined. You will, however, be required to modify the existing configuration throughout the labs. Refer to the Management Network Diagram for the IP address of your assigned SRX device. If needed, work with your instructor to obtain the required information. Step 3.8 Open a separate session to your assigned gateway. Note you can connect to your gateway using the console connection through the terminal server or through a Telnet or SSH session using the SRX devices management IP address. Consult with your instructor if you have questions.
Step 3.9 Log in to your assigned SRX device using the lab user account and the password provided by your instructor. Step 3.10 From both of the VRs attached to your assigned EX Series switch, attempt to ping the other VR attached to your assigned EX Series switch, as well as the two VRs attached to the remote student EX Series switch. Refer to the network diagram for the instance names and the IP addresses assigned to the various VRs and do not forget to reference the correct routing instance.
www.juniper.net
Question: Do the ping tests between the VRs associated with the same community VLANs succeed?
STOP
Before proceeding ensure that the remote team is done with Part 3.
Step 4.5 Enable MVRP on the ge-0/0/12.0 interface. Activate the change using the commit command.
www.juniper.net
Before proceeding, ensure that the remote team in your pod finishes the previous step. Step 4.6 Issue the run show vlans command once again to determine whether the ge-0/0/12.0 interface is now associated with the defined VLANs. Question: Is the ge-0/0/12.0 interface now associated with the defined VLANs?
Step 4.7 Issue the run show mvrp statistics command to display MVRP statistics. Question: Does the output show non-zero counters for the MRPDU received and MRPDU transmitted lines?
STOP
Before proceeding ensure that the remote team is done with Part 4.
www.juniper.net
From the VR attached to your assigned EX Series switch that represents the customer bridge and attached network, attempt to ping the IP address of the remote VR performing the same function for the remote team. Refer to the network diagram for the instance names and the IP address information. Do not forget to reference the correct routing instance when performing this operation. Question: Does the ping operation succeed? Can you explain why?
Step 5.4 Return to the session opened for your EX Series switch. Enable Q-in-Q tunneling for all defined VLANs. Ensure that all Layer 2 protocol traffic is permitted through the Q-in-Q tunnel for traffic associated with the cust-1 VLAN. Activate the changes and return to operational mode using the commit and-quit command. Step 5.5 Issue the show vlans cust-1 detail command. Question: Based on the output, are Q-in-Q tunneling and L2PT now enabled?
Step 5.6 Return to the session opened for your SRX device. Use the ping utility once again and verify reachability between customer sites. Refer to the network diagram for the instance names and the IP address information. Do not forget to reference the correct routing instance when performing this operation. Question: Does the ping operation succeed now?
STOP
www.juniper.net
www.juniper.net
Lab 2
Implementing MSTP and VSTP
Overview
In this lab, you will use the command-line interface (CLI) to configure and monitor the Multiple Spanning Tree Protocol (MSTP) and VLAN STP (VSTP). The lab is available in two formats: a high-level format designed to make you think through each step and a detailed format that offers step-by-step instructions complete with sample output from most commands. By completing this lab you will perform the following tasks: Modify the existing configuration. Configure and monitor MSTP. Configure and monitor VSTP.
www.juniper.net
Question: What limitation exists with the current spanning-tree implementation? What options exist that overcome this limitation?
www.juniper.net
Step 2.3 Return to the session opened for your assigned SRX device. If needed, open a new session and log in using the credentials provided by your instructor. Enter configuration mode and navigate to [edit protocols] hierarchy. Step 2.4 Delete the existing RSTP configuration on your assigned SRX device. Step 2.5 Configure MSTP to include two MSTIs (MSTI 1 and MSTI 2). Associate MSTI 1 with VLAN IDs 1 through 199 and MSTI 2 with VLAN IDs 200 through 399. Name the MSTP configuration my-mstp-config. Step 2.6 Question: Configure a non-default bridge priority for each MSTI. If you are assigned srxX-1, specify a bridge priority of 4k for MSTI 1 and 8k for MSTI 2. If you are assigned srxX-2, specify a bridge priority of 8k for MSTI 1 and 4k for MSTI 2. Activate the changes using the commit command. Based on the current configurations, what forwarding paths would you expect for traffic associated with the various VLANs currently in use?
Note
Before proceeding, ensure that the remote team in your pod finishes the previous step. Step 2.7 Return to the session opened for your EX Series switch. Issue the run show spanning-tree bridge command and answer the questions that follow. Question: Are the expected devices elected root bridges for MSTI 1 and MSTI 2?
Question: Which device has been elected as the root bridge for the Common and Internal Spanning Tree (CIST)?
www.juniper.net
Question: What configuration change can you make to ensure srxX-1 is always the root bridge as long as it is available?
Step 2.8 On your assigned EX Series switch, issue the run show spanning-tree mstp configuration command. Question: Does the output display the expected VLAN to MSTI mapping information?
Question: Which three components in the displayed output must match for switches participating in the same MST region?
Step 2.9 Issue the top save /var/home/lab/ajex/mstp.conf command to save the current configuration on your EX Series switch to the /var/tmp directory. Step 2.10 Change the revision level to test the effects of mismatched settings that are required to match on switches participating in the same MST region. If you are assigned exX-1, set your revision number to 1. If you are assigned exX-2, set your revision number to 2. Issue commit to activate the configuration change. Step 2.11 Issue the run show spanning-tree mstp configuration command to verify the change. Next issue the run show spanning-tree bridge command to verify the current state of the MSTP topology and root bridge election details. Question: What impact did changing the revision level have on the MSTP topology and root bridge election for MSTI 1 and MSTI 2?
www.juniper.net
Step 3.2 Delete MSTP and attempt the commit operation once again. Step 3.3 Delete the ge-0/0/9 and ge-0/0/10 interface references from under the [edit interfaces] and [edit vlans] hierarchy levels. Step 3.4 Configure VSTP to support the currently defined VLANs independently. Refer to the following table for the bridge-priority values. Activate the changes using the commit command.
exX-2 8k 8k 4k 4k
Note
Before proceeding, ensure that the remote team in your pod finishes the previous step. Step 3.5 Issue the run show spanning-tree bridge command to determine the current root bridge designations for each VLAN.
www.juniper.net
Question: Based on the configuration, are the correct root bridges currently elected? Can you explain why?
Step 3.6 Manually associate the ge-0/0/12.0 interface with all currently defined VLANs. Activate the configuration changes using the commit command.
Note
Before proceeding, ensure that the remote team in your pod finishes the previous step. Step 3.7 Issue the run show spanning-tree bridge command once again to determine the current root bridge designations for each VLAN. Question: Are the correct root bridges now elected?
Step 3.8 Use the load override command to restore the mstp.conf configuration file saved in the /var/home/lab/ajex/ directory. Activate the changes and return to operational mode using the commit and-quit command.
STOP
www.juniper.net
Lab 3
Authentication and Access Control
Overview
In this lab, you will use the command-line interface (CLI) to configure and monitor various authentication and access control features supported on EX Series switches. The lab is available in two formats: a high-level format designed to make you think through each step and a detailed format that offers step-by-step instructions complete with sample output from most commands. By completing this lab you will perform the following tasks: Modify the existing configuration. Configure and monitor 802.1X. Configure and monitor other authentication and access features.
www.juniper.net
Changing the Ethernet-type to 0x8100 allows trunk ports to support VLANs configured for Q-in-Q tunneling as well as standard 802.1Q VLANs at the same time. In production environments, ensure the Ethernet-type is set consistently on all devices within a given forwarding path. Step 1.5 Return to the session opened for your assigned SRX device. If needed, open a new session and log in using the credentials provided by your instructor. Use the ping utility and attempt to verify access to and reachability through the Layer 2 network. Use the virtual routers (VRs) associated with your assigned SRX device as the source devices for these tests. Use the corresponding VR connected to the remote teams EX Series switch as the destination. Refer to the network diagram for the instance names and the IP addresses assigned to the various VRs. Do not forget to reference the correct routing instance. Question: Did the ping operations succeed? Can you explain why?
Step 1.6 On your assigned SRX device, enter configuration mode, navigate to the [edit vlans] hierarchy, and delete the v15 VLAN.
Lab 32 Authentication and Access Control www.juniper.net
Step 1.7 Delete the dot1q-tunneling statement from the v11 and v12 VLANs. Step 1.8 Navigate to the [edit ethernet-switching] hierarchy and set the Ethernet-type for the switch to 0x8100. Activate the changes and return to operational mode using the commit and-quit command. Step 1.9 Use the ping utility and attempt to verify access to and reachability through the Layer 2 network. Use the VRs associated with your assigned SRX device as the source devices for these tests. Use the corresponding VR connected to the remote teams EX Series switch as the destination. Refer to the network diagram for the instance names and the IP addresses assigned to the various VRs. Do not forget to reference the correct routing instance. Question: Do the ping operations succeed?
Step 2.2 Enter configuration mode and navigate to the [edit access] hierarchy level. Define a RADIUS server using the IP address of the server located in the management network and a secret of Juniper. Refer to the Management Network Diagram or consult with your instructor as needed. Step 2.3 Create an authentication profile named my-profile. Define an authentication order of RADIUS only and use the IP address of the RADIUS defined in the previous step as the authentication server.
www.juniper.net
Step 2.4 Navigate to the [edit protocols dot1x] hierarchy and configure your switch as an 802.1X authenticator. Use the authentication profile defined in the previous step and enable 802.1X authentication for the ge-0/0/7.0 and ge-0/0/8.0 interfaces. Activate the configuration changes using the commit command. Step 2.5 Issue the run show dot1x interface detail command and answer the questions that follow. Question: What is the current supplicant mode enabled for the listed interfaces?
Question: If an 802.1X client authenticated through the ge-0/0/7.0 or ge-0/0/8.0 interfaces, would that client be forced to reauthenticate after a period of time? If so, after what period of time?
Step 2.6 Set the supplicant mode for the ge-0/0/7.0 and ge-0/0/8.0 interfaces to the single-secure supplicant mode. Disable reauthentication on the ge-0/0/7.0 interface and double the reauthentication interval on the ge-0/0/8.0 interface to 7200 seconds (2 hours). Step 2.7 Activate the configuration changes using the commit command. Next, issue the run show dot1x interface detail command and answer the questions that follow. Question: Have the recent changes taken effect?
Step 2.8 Return to the session opened for your assigned SRX device. Use the ping utility and attempt to verify access to and reachability through the Layer 2 network. Use the VRs associated with your assigned SRX device as the source devices for these tests. Use the corresponding VR connected to the remote teams EX Series switch as the destination. Refer to the network diagram for the instance names and the IP addresses assigned to the various VRs. Do not forget to reference the correct routing instance. Question: Can the VRs access the Layer 2 network through your assigned EX Series switch?
www.juniper.net
Step 2.9 Return to the session opened for your assigned EX Series switch. Configure the static MAC bypass option to always permit the MAC addresses shown on the network diagram. Associate the illustrated MAC addresses with their corresponding access ports. Refer to the network diagram for this lab as needed. Activate the changes using the commit command. Question: Did the commit operation succeed? If not, why not?
Step 2.10 Change the supplicant mode on the ge-0/0/7.0 and ge-0/0/8.0 interfaces to the multiple supplicant mode. Issue the commit command to activate the changes.
Note
Before proceeding, ensure that the remote team in your pod finishes the previous step. Step 2.11 Return to the session opened for your assigned SRX device. Use the ping utility and attempt to verify access to and reachability through the Layer 2 network. Use the VRs associated with your assigned SRX device as the source devices for these tests. Use the corresponding VR connected to the remote teams EX Series switch as the destination. Refer to the network diagram for the instance names and the IP addresses assigned to the various VRs. Do not forget to reference the correct routing instance. Question: Can the VRs access the Layer 2 network through your assigned EX Series switch?
www.juniper.net
Question: Based on the current configuration, will traffic from the VRs, representing hosts without the 802.1X client, be permitted through the switch?
Step 3.2 Configure MAC RADIUS on the ge-0/0/7.0 and ge-0/0/8.0 interfaces. Use the restrict option for both interfaces to ensure that no Extensible Authentication Protocol over LAN (EAPoL) traffic is sent from your switch. Issue the commit command to activate the changes. Step 3.3 Issue the run show dot1x interface ge-0/0/7.0 detail command to verify the settings associated with MAC RADIUS on the ge-0/0/7.0 interface. Question: Is MAC RADIUS currently enabled? Will EAPoL traffic be sent out the ge-0/0/7.0 interface?
Step 3.4 Issue the run show dot1x interface to determine the current state of the ge-0/0/7.0 and ge-0/0/8.0 interfaces. Question: What is the state of these interfaces? What does this state indicate?
Step 3.5 Return to the session opened for your assigned SRX device. Use the ping utility to test access into the Layer 2 network. Use the VRs associated with your assigned SRX device as the source devices for these tests. Use the corresponding VR connected to the remote teams EX Series switch as the destination. Refer to the network diagram for the instance names and the IP addresses assigned to the various VRs. Do not forget to reference the correct routing instance. Question: Do the ping tests succeed? If not, what might be the cause of this failure?
Step 3.6 Return to the session opened for your assigned EX Series switch. Configure the server fail fallback option for the ge-0/0/7.0 and ge-0/0/8.0 interfaces. Use the permit action for this feature on both access ports.
Lab 36 Authentication and Access Control www.juniper.net
Step 3.7 Change the IP address of the RADIUS server to 1.1.1.1 to ensure that your switch does not receive an access-reject message when an authentication request is made to the RADIUS server. Use the replace pattern command to simplify this task. Use the commit and-quit command to activate the configuration changes and return to operational mode.
Note
Before proceeding, ensure that the remote team in your pod finishes the previous step. Step 3.8 Return to the session opened for your assigned SRX device. Use the ping utility to send traffic from the VRs attached to your assigned EX Series switch. Use the corresponding VR connected to the remote teams EX Series switch as the destination. Note that these ping tests should initially fail until the MAC RADIUS authentication attempts timeout and the server fail fallback feature authenticates the required ports. Work with the remote team as needed. Question: Do the ping tests eventually succeed?
STOP
www.juniper.net
www.juniper.net
Lab 4
Deploying IP Telephony Features
Overview
In this lab, you implement various features that are commonly used in IP telephony deployments. Specifically you will use the command-line interface (CLI) to configure and monitor Power over Ethernet (PoE), the Link Layer Discovery Protocol (LLDP) and LLDP Media Endpoint Discovery (LLDP-MED), and the voice VLAN feature. The lab is available in two formats: a high-level format designed to make you think through each step and a detailed format that offers step-by-step instructions complete with sample output from most commands. By completing this lab you will perform the following tasks: Modify the existing configurations. Configure and monitor PoE. Configure and monitor LLDP and LLDP-MED. Configure and monitor a voice VLAN.
www.juniper.net
Step 2.2 Issue the run show poe interface command to determine the current state of all PoE interfaces.
www.juniper.net
Question: Based on the output, what interfaces support PoE on your assigned switch? What is the current administrative and operational state of these interfaces?
Step 2.3 Navigate to the [edit poe] hierarchy. Enable PoE on all supported interfaces. Activate the configuration change using the commit command. Step 2.4 Issue the run show poe controller command to determine how much power is available and how much power is being used. Question: How much power is currently available for the PoE controller to budget? How much power is currently consumed?
Step 2.5 Issue the run show poe interface command to determine the current state of all PoE interfaces. Question: What is the current administrative and operational state of the PoE interfaces? What do these states indicate?
Step 2.6 Configure the ge-0/0/6 and ge-0/0/7 interfaces with a PoE priority level of high. Issue the commit command to activate the changes.
www.juniper.net Deploying IP Telephony Features Lab 43
Step 2.7 Issue the run show poe interface command again to ensure the priority level has been adjusted properly for the ge-0/0/6 and ge-0/0/7 PoE interfaces. Question: What is the current PoE priority level for the ge-0/0/6 and ge-0/0/7 interfaces?
LLDP and LLDP-MED have been preconfigured on the SRX devices. Step 3.2 Issue the run show lldp local-information command to view information about your assigned EX Series switch that will be communicated to attached neighbors. Question: Based on the output, what is the chassis ID assigned to your switch?
Question: Based on the output, what are the system capabilities of your switch?
Question: Based on the output, what are the descriptions for the ge-0/0/6.0 and ge-0/0/7.0 interfaces?
www.juniper.net
Step 3.3 Configure descriptions of v10 access port and v11 access port for the ge-0/0/6.0 and ge-0/0/7.0 interfaces respectively. Issue the commit command to activate the change. Step 3.4 Issue the run show lldp local-information command to verify the interface descriptions for LLDP have been updated. Question: Have the interface descriptions been updated?
Step 3.5 Disable LLDP and LLDP-MED on the me0.0 interface. Activate the change using the commit command. Note you typically would not disable LLDP or LLDP-MED on internal interfaces, including the me0.0 interface. You disable the me0.0 interface in this task for verification purposes only. Step 3.6 Issue the run show lldp detail command to view detailed LLDP and LLDP-MED information. Question: Based on the output, what is the current LLDP and LLDP-MED status of the me0.0 interface? What is the status of the other configured interfaces?
Question: Based on the output, what are the supported LLDP MED TLVs?
Question: Based on the output, how many neighbors has your switch detected?
Note
Before proceeding, ensure that the remote team in your pod finishes the previous step.
www.juniper.net
Step 3.7 Issue the run show lldp neighbors command to view the attached LLDP neighbors. Question: Does your switch show a neighbor for all configured access and trunk ports?
Step 3.8 Issue the run show lldp statistics command to view LLDP statistics. Question: Is your switch sending and receiving LLDP packets?
STOP
Do NOT continue to the next lab part until both teams within your assigned pod have reached this point.
www.juniper.net
Step 4.3 Navigate to the [edit ethernet-switching-options] hierarchy. Configure the voice VLAN feature to support all access ports. Step 4.4 Before activating the voice VLAN feature, use the run monitor traffic interface ge-0/0/6 detail print-ascii no-resolve command to monitor LLDP-MED packets for the ge-0/0/6 interface. Once an outgoing LLDP frame has been sent (within 30 seconds or less), issue the Ctrl + c key sequence to stop the monitoring process. Question: Did your sample capture include at least one outgoing LLDP packet?
Question: What is the name of the VLAN currently being sent through LLDP-MED?
Step 4.5 Activate the changes and return to operational mode by issuing the commit and-quit command. Step 4.6 Use the monitor traffic interface ge-0/0/6 detail print-ascii no-resolve command to monitor LLDP-MED packets for the ge-0/0/6 interface. Once an outgoing LLDP frame has been sent (within 30 seconds or less), issue the Ctrl + c key sequence to stop the monitoring process. Question: What VLAN values are currently being sent and received through LLDP MED?
Step 4.7 Issue the show vlans command to verify the current VLAN assignments. Question: To which VLANs are the ge-0/0/6.0 and ge-0/0/7.0 access ports assigned?
www.juniper.net
Step 4.8 Return to the session opened for your assigned SRX device. Use the ping utility and verify traffic with a VLAN tag of 25 can pass through the ge-0/0/6.0 and ge-0/0/7.0 access ports. Note that the interfaces on the SRX devices are configured for 802.1Q operations with a VLAN ID of 25. Refer to the network diagram for the instance names and the IP addresses assigned to the various VRs. Do not forget to reference the correct routing instance. Question: Did the ping tests succeed?
STOP
www.juniper.net
Lab 5
Class of Service
Overview
In this lab, you will use the command-line interface (CLI) to configure and monitor class of service (CoS) on EX Series switches. The lab is available in two formats: a high-level format designed to make you think through each step and a detailed format that offers step-by-step instructions complete with sample output from most commands. By completing this lab you will perform the following tasks: Explore the default CoS configuration. Configure and monitor CoS components. Implement CoS using the EZQoS template.
www.juniper.net
Step 1.2 Issue the show class-of-service classifier name ieee8021p-untrust command to determine the code point to forwarding class for the default ieee8021p-untrust classifier. Question: Based on this default classifier, to which forwarding class will traffic entering the ge-0/0/6interface with the 802.1P CoS bits 111 be assigned?
Step 1.3 Issue the show class-of-service interface ge-0/0/12 command to determine the default classifier assigned to the ge-0/0/12interface. Question: What classifier is assigned to the ge-0/0/12interface?
www.juniper.net
Question: Why are default classifiers assigned to the ge-0/0/12 and ge-0/0/6 interfaces different?
Step 1.4 Issue the show class-of-service classifier name ieee8021p-default command to determine the code point to forwarding class for the default ieee8021p-default classifier. Question: Based on this default classifier, to which forwarding class will traffic entering the ge-0/0/12interface with the 802.1P CoS bits 111 be assigned?
Step 1.5 Issue the show class-of-service classifier type ? command to determine which types of classifiers are supported on EX Series switches. Question: What classifier types are supported on your EX Series switch?
Question: Which type of classifier is typically used when classifying voice over IP (VoIP) traffic?
Step 1.6 Issue the show class-of-service classifier type dscp command. Question: Which two forwarding classes are used by the dscp-default classifier?
www.juniper.net
Question: To which forwarding class would traffic with the DSCP code point value 000000 be assigned? What about traffic with the DSCP code point value 111111?
Question: Based on the output, what loss priority value is assigned, by default, to traffic with the various code point values?
Step 1.7 Issue the show class-of-service forwarding-class command to determine the default forwarding classes and their assigned queues. Question: What are the default forwarding classes and their corresponding queues?
Step 1.8 Issue the show interfaces ge-0/0/6 extensive | find "Egress queues" command to view queue and scheduler details for the ge-0/0/6 interface. Question: Which queues currently show non-zero counters? Can you explain why the other queues do not show non-zero counters?
Question: Which queues are currently being serviced by the default scheduler map? What percentage of the available bandwidth and buffer is allocated to each queue being serviced?
Step 2.1 On your assigned EX Series switch, enter configuration mode and navigate to the [edit class-of-service] hierarchy. Step 2.2 Create four custom forwarding classes named my-be, my-ef, my-af, and my-nc. Associate these forwarding classes with queues 0, 5, 1, and 7 respectively. Step 2.3 Use the commit command to activate the changes. Next, issue the run show interfaces ge-0/0/6 extensive | find "Queue counters" command to view the current forwarding class information for the ge-0/0/6 interface. Question: Are the custom forwarding classes now in effect and associated with the ge-0/0/6 interface?
Question: Which queues are currently being serviced by the default scheduler map?
Step 2.4 Create a custom DSCP classifier named my-dscp-classifier. Associate code-point alias ef (101110) with the my-ef forwarding class, code-point alias af41 (100010) with the my-af forwarding class, and code-point aliases cs3 (011000) and af31 (011010) with the my-nc forwarding class. Ensure that this custom classifier inherits all default code point aliases not specified in these custom definitions. Ensure that these custom definitions use the low loss priority level. Step 2.5 For the my-be forwarding class, change the default loss priority level of low to high for the code-point alias be (000000). Step 2.6 Associate this newly defined DSCP classifier with all logical Gigabit Ethernet interfaces. Use the commit command to activate the recent changes.
Note
The attached SRX devices have been pre-configured with a similar CoS configuration.
www.juniper.net
Step 2.7 Issue the run show class-of-service interface ge-0/0/6 command to verify that the new custom DSCP classifier is now associated with the ge-0/0/6 interface.
Question: Is the custom DSCP classifier now associated with the ge-0/0/6.0 interface?
Step 2.8 Issue the run show class-of-service classifier name my-dscp-classifier command to verify that the recent changes have taken effect. Question: Are the correct code-point to forwarding class mappings and loss priority levels now active for the custom DSCP classifier?
Step 2.9 Create a new scheduler for each queue defined earlier. Use the following table for configuration details for each scheduler.
Scheduler Configuration Details Name my-be-sched my-af-sched my-ef-sched my-nc-sched Step 2.10 Create a scheduler map named my-scheduler-map that maps the recently defined schedulers with their corresponding forwarding classes and queues. Step 2.11 Associate the newly defined scheduler map with all physical Gigabit Ethernet interfaces. Issue the commit command to activate the configuration changes. Transmit rate 30% 70% N/A N/A Buffer size 50% 20% 20% 10% Priority Low Low Strict High Strict High
www.juniper.net
The attached SRX devices have been pre-configured with a similar CoS configuration. Step 2.12 Issue the run show class-of-service interface ge-0/0/10 command to verify that the newly defined and applied scheduler map has been associated with the ge-0/0/10 interface. Question: Is the custom scheduler map associated with the ge-0/0/10 interface?
Step 2.13 Issue the run show interfaces ge-0/0/10 extensive | find "Queue counters" command to view current scheduler details and statistics for the ge-0/0/10 interface. Question: Which queues currently show non-zero counters for the ge-0/0/10 interface?
Step 2.14 Associate the default DSCP rewrite rule with all logical Gigabit Ethernet interfaces. Activate the change using the commit command.
Note
The attached SRX devices have been pre-configured with a similar CoS configuration. Step 2.15 Issue the run show class-of-service interface ge-0/0/10 command to ensure that the default DSCP rewrite rule has been applied to the ge-0/0/10.0 interface. Question: Is the default DSCP rewrite rule now associated with the ge-0/0/10.0 interface?
www.juniper.net
Step 2.16 Return to the session opened for your assigned SRX device. If needed, open a new session and log in using the credentials provided by your instructor. Use the ping utility to send traffic from your assigned vrx0 virtual router (VR) to your assigned vry1 VR, where y is either 1 or 2 depending on your assigned devices. As the destination IP address, use the IP address from the 172.23.25.0/24 subnet assigned to your vry1 VR. To test proper classification, use the tos option with values 0, 96, 104, 136, and 184 when performing your ping tests. Refer to the network diagram for the instance names and the IP addresses assigned to your VRs. Do not forget to reference the correct routing instance. Step 2.17 Return to the session opened for your assigned EX Series switch. Issue the run show interfaces queue ge-0/0/7 command to verify that all queues for the ge-0/0/7 interface show a non-zero counter value for egress traffic. Question: Do all queues for the ge-0/0/7 interface show a non-zero counter value for egress traffic?
Note
You can perform similar tests with traffic destined to the remote VRs.
STOP
Before proceeding ensure that the remote team is done with Part 2.
Step 3.4 Associate the ezqos-dscp-classifier with all logical Gigabit Ethernet interfaces. Step 3.5 Associate the ezqos-voip-sched-maps with all physical Gigabit Ethernet interfaces. Step 3.6 Issue the commit command to activate the configuration changes. Next, issue the
run show class-of-service interface ge-0/0/6 command to verify the
current CoS components associated with the ge-0/0/6 interface. Question: Are the CoS components defined within the template now associated with the ge-0/0/6 interface?
Question: How many queues are currently in use? Can you explain why ?
Step 3.7 Associate the default DSCP rewrite rule with all logical Gigabit Ethernet interfaces. Activate this configuration change using the commit command. Step 3.8 Issue the run show class-of-service interface ge-0/0/6 command to verify that the default DSCP rewrite rule is now associated with the ge-0/0/6 interface. Question: Is the default DSCP rewrite rule now associated with the ge-0/0/6.0 interface?
Step 3.9 Add the ezqos-voice-fc forwarding class as the designated forwarding class for the voice VLAN defined in a previous lab. Activate the configuration change and return to operational mode using the commit and-quit command.
www.juniper.net
If time permits, you can perform verification tests using the ping utility on your assigned SRX device as you did toward the end of Part 2 of this lab.
STOP
www.juniper.net
Lab 6
Monitoring and Troubleshooting Layer 2 Networks
Overview
In this lab, you will first load a configuration file that will introduce problems that you will troubleshoot and fix. You will then examine hardware components and system processes. Next you will examine Ethernet switching functionality, the Multiple Spanning Tree Protocol (MSTP), and interface functionality. Finally you will configure port mirroring and the sFlow feature for monitoring purposes. As you identify problems throughout this lab, you will take corrective actions to fix them. The lab is available in two formats: a high-level format designed to make you think through each step and a detailed format that offers step-by-step instructions complete with sample output from most commands. By completing this lab you will perform the following tasks: Examine hardware components. Examine and troubleshoot system processes. Examine and troubleshoot Ethernet switching functionality. Examine and troubleshoot MSTP. Examine and troubleshoot Aggregated Ethernet interfaces. Configure and monitor port mirroring. Configure and monitor sFlow.
www.juniper.net
www.juniper.net
Question: What criteria will determine if the network has returned to a functioning state?
Step 3.2 Issue the run show chassis alarms and run show system alarms commands. Question: Are any problems detected?
Step 3.3 Issue the run show interfaces terse ge* command. Question: What does this output reveal?
www.juniper.net
Step 3.4 Issue the run show system processes extensive command. Question: Is the daemon that controls the Ethernet switching functions running?
Question: Does the absence of the eswd daemon affect traffic flows between the VR devices?
Step 3.5 To determine why the eswd daemon is not running, examine the log messages file on your assigned EX Series switch. Use the | match eswd option to narrow your search. Question: What does this output reveal?
Step 3.6 Restart the eswd daemon by issuing the run restart ethernet-switching command. Question: What is the result of attempting to restart the eswd daemon?
Step 3.7 Navigate to the [edit system processes] hierarchy level and remove the configuration that is disabling the eswd daemon. Activate the changes using the commit command. Step 3.8 Check the status of the eswd daemon by issuing the run show system processes extensive | match eswd command. Question: Is the eswd daemon running?
www.juniper.net
STOP
Before proceeding, ensure that the remote student team in your pod finishes the previous steps.
Return to your assigned SRX device, use the ping utility and verify communication between the vr10 and the vr20 devices. Refer to the network diagram for the instance names and the IP addresses assigned to the various VRs. Do not forget to reference the correct routing instance.
Step 3.9
Step 3.10 On your assigned SRX device, use the ping utility and verify communication between the vr11 and the vr21 devices. Refer to the network diagram for the instance names and the IP addresses assigned to the various VRs. Do not forget to reference the correct routing instance. Question: What do the ping tests reveal?
Step 4.2 Return to the session opened for your assigned EX Series switch. On your assigned EX Series switch, display the Ethernet switching table and determine whether the MAC address associated with the remote teams vry0 device is present. Question: Is the MAC address for the remote teams vry0 device present?
www.juniper.net
Question: Can you find any problems with the MAC address entry?
Step 4.3 Remove any static MAC address entries configured on your assigned EX Series switch. Activate the changes using the commit command. Step 4.4 Examine the Ethernet switching table. Question: Is the static MAC address entry present?
STOP
Before proceeding, ensure that the remote student team in your pod finishes the previous steps.
Return to the session opened for your assigned SRX device. Use the ping utility and verify communication between the vr10 and the vr20 devices. Refer to the network diagram for the instance names and the IP addresses assigned to the various VRs. Do not forget to reference the correct routing instance.
Step 4.5
Step 4.6 On your assigned SRX device, use the ping utility and verify communication between the vr11 and the vr21 devices. Refer to the network diagram for the instance names and the IP addresses assigned to the various VRs. Do not forget to reference the correct routing instance. Question: What do the ping tests reveal?
Step 4.7 Return to the session opened for your assigned EX Series switch. On your assigned EX Series switch, examine the Ethernet switching interface information.
www.juniper.net
Question: Why do the ge-0/0/6 and ge-0/0/7 interfaces show a value of untagged in the Tagging field?
Question: Can having these two interfaces configured as access ports cause problems with your setup? Why?
Step 4.8 Configure the ge-0/0/6 and ge-0/0/7 interfaces to receive and send 802.1Q frames. Activate the changes using the commit command. Step 4.9 Examine the Ethernet switching interface information again. Question: Will the ge-0/0/6 and ge-0/0/7 interfaces receive and send 802.1Q tagged frames?
STOP
Before proceeding, ensure that the remote student team in your pod finishes the previous steps.
Return to your assigned SRX device, use the ping utility and verify communication between the vr10 and the vr20 devices. Refer to the network diagram for the instance names and the IP addresses assigned to the various VRs. Do not forget to reference the correct routing instance.
Step 4.10
www.juniper.net
Step 4.11 On your assigned SRX device, use the ping utility and verify communication between the vr11 and the vr21 devices. Refer to the network diagram for the instance names and the IP addresses assigned to the various VRs. Do not forget to reference the correct routing instance. Question: What do the ping tests reveal?
Step 4.12 On your assigned SRX device, use the ping utility to generate a constant stream of traffic between the vr10 and vr20 devices. Issue the command ping routing-instance vry0 172.23.10.10z rapid count 10000000.
Note
The value of y is 1 if your assigned SRX device is SRX1. The value of y is 2 if your assigned SRX device is SRX2. The value of z is 2 if your assigned SRX device is SRX1. The value of z is 1 if your assigned SRX device is SRX2. Step 4.13 Return to the session opened for your assigned EX Series switch. On your assigned EX Series switch, examine which interfaces are being used for this traffic by issuing the command run monitor interface traffic. Press the Ctrl + d or Ctrl + u key combinations to scroll down or up. Press the q key when you are finished examining the output. Question: What interfaces are being used for the ping traffic?
www.juniper.net
Step 4.14 Traffic flows exceeding 1 Gbps is expected from the VR devices connected to your assigned EX Series switch. The traffic flows must traverse the aggregate Ethernet links in the switched topology to accommodate this requirement. The Gigabit Ethernet links are only to be used if an aggregate Ethernet link fails. Collect spanning-tree protocol information by issuing the command run show spanning-tree bridge. Question: What spanning-tree protocol is in use?
Step 4.15 Return to your assigned SRX device, stop the ping test by pressing the Ctrl + c key combination, and collect spanning-tree protocol information by issuing the command show spanning-tree bridge. Question: What is the regional root bridge ID for MSTI 1?
Question: All devices in the network should be using the same regional root bridge for MSTI 1. What can cause two regional root bridges to appear?
Step 4.16 On your assigned SRX device, examine the configuration digest by issuing the command show spanning-tree mstp configuration. Step 4.17 On your assigned EX Series switch, examine the configuration digest by issuing the command run show spanning-tree mstp configuration. Question: Does a configuration digest mismatch exist? Why?
www.juniper.net
Step 4.18 Navigate to the [edit protocols mstp] hierarchy level and add VLAN 10 to MSTI 1. Activate the changes using the commit command.
STOP
Before proceeding, ensure that the remote student team in your pod finishes the previous steps.
On your assigned EX Series switch, issue the command run show spanning-tree bridge.
Step 4.19
Step 4.20 Return to your assigned SRX device and issue the command show spanning-tree bridge. Question: Do both of your assigned devices now show the same regional root bridge for MSTI 1?
Step 4.21 On your assigned SRX device, use the ping utility to generate a constant stream of traffic between the vr10 and vr20 devices. Issue the command ping routing-instance vry0 172.23.10.10z rapid count 10000000.
Note
The value of y is 1 if your assigned SRX device is SRX1. The value of y is 2 if your assigned SRX device is SRX2. The value of z is 2 if your assigned SRX device is SRX1. The value of z is 1 if your assigned SRX device is SRX2.
Note
If the ping operation is not successful, work with the remote team in your pod and verify that all student devices show the same regional root bridge for MSTI 1. Do not proceed until the continuous ping operation shows success. If needed, work with your instructor.
Lab 610 Monitoring and Troubleshooting Layer 2 Networks www.juniper.net
Step 4.22 Return to your assigned EX Series switch and examine the traffic flow using the run monitor interface traffic command. Press the Ctrl + d or Ctrl + u key combinations to scroll down or up. Press the q key when you are finished examining the output. Question: Which interfaces are being used for the traffic flow?
Question: Do you currently have enough information to determine why the traffic is not using the ae0 interface?
Step 4.23 Exit the current output by pressing the q key. Examine the status of the ae0 interface by issuing the command run show interface terse | match ae0. Question: Can you determine the problem from this output?
Step 4.24 Examine the Ethernet switching table. Question: What can you determine from this output?
Step 4.25 Examine the interface statuses of MSTI 1 by issuing the command run show spanning-tree interface msti 1. Question: What can you determine from this output?
www.juniper.net
Step 4.26 Examine the traffic entering and exiting the ae0 interface by issuing the command run monitor traffic interface ae0. Press the Ctrl + c key combination when you are finished. Question: What can you determine from this output?
Step 4.27 Examine the traffic entering and exiting the ge-0/0/9 interface, which is a child interface of the ae0 interface. Issue the command run monitor traffic interface ge-0/0/9. Press the Ctrl + c key combination when you are finished. Question: What can you determine from this output?
Step 4.28 Examine all the interfaces that have LACP configured by issuing the command run show lacp interfaces. Question: What can you determine from this output?
Step 4.29 Configure LACP to actively attempt to configure its remote partner on the ae0 interface. Activate the change using the commit command. Step 4.30 Issue the command run show lacp interfaces. Question: What can you determine from this output?
STOP
Before proceeding, ensure that the remote student team in your pod finishes the previous steps.
www.juniper.net
Step 4.31 On your assigned SRX device, use the ping utility to generate a constant stream of traffic between the vr10 and vr20 devices. Issue the command ping routing-instance vry0 172.23.10.10z rapid count 10000000.
Note
The value of y is 1 if your assigned SRX device is SRX1. The value of y is 2 if your assigned SRX device is SRX2. The value of z is 2 if your assigned SRX device is SRX1. The value of z is 1 if your assigned SRX device is SRX2.
Note
If the ping operation is not successful, you might need to wait for a moment for MSTP changes to occur on all participating devices. Do not proceed until the continuous ping operation shows success. If needed, work with your instructor. Step 4.32 Return to your assigned EX Series switch and examine the traffic flow using the run monitor interface traffic command. Press the Ctrl + d or Ctrl + u key combinations to scroll down or up. Press the q key when you are finished examining the output. Question: Which interfaces is the traffic using?
www.juniper.net
Step 5.2 Navigate to the [edit ethernet-switching-options] hierarchy level. Configure the analyzer monitor-vr to copy 1 out of every 5 frames that enters your assigned EX Series switch on the ge-0/0/6 interface. Then configure the monitor-vr analyzer to send these frames to the analyzer device located off the ge-0/0/13 interface. Activate the changes using the commit command. Step 5.3 Verify that the analyzer has been correctly created by issuing the command run show analyzer. Question: Has the analyzer been configured correctly?
Step 5.4 On your assigned SRX device, use the ping utility to generate a constant stream of traffic between the vr10 and vr20 devices. Issue the command ping routing-instance vry0 172.23.10.10z rapid count 10000000.
Note
The value of y is 1 if your assigned SRX device is SRX1. The value of y is 2 if your assigned SRX device is SRX2. The value of z is 2 if your assigned SRX device is SRX1. The value of z is 1 if your assigned SRX device is SRX2. Step 5.5 Return to your assigned EX Series switch and examine the traffic flow using the run monitor interface traffic command. Press the Ctrl + d or Ctrl + u key combinations to scroll down or up. Press the q key when you are finished examining the output. Question: Is traffic being mirrored out the ge-0/0/13 interface?
Step 5.6 Navigate to the [edit protocols sflow] hierarchy level. Configure the collector with the address of the local server located in your management network. Refer to the Management Network Diagram for this address.
www.juniper.net
Step 5.7 Enable sFlow on the child interfaces of the ae0 interface. Next, set the sFlow agent to collect interface statistics every second. Then sample every 100 frames that egress the interfaces.
Note
The sFlow collection cannot be configured on an aggregate Ethernet interface. It must be configured on its child interfaces instead. Step 5.8 Verify that sFlow has been configured correctly by issuing the command run show sflow. Question: Has the sFlow collection been configured correctly?
Step 5.9 Verify the sFlow collector is working correctly by issuing the command run show sflow collector. Question: Is traffic being sampled and sent to the sFlow collector?
Step 5.10 Return to the sessions opened for your assigned SRX device and your assigned EX Series switch. On both of your assigned devices, enter configuration mode and load the reset configuration files by issuing the load override /var/home/lab/ajex/ reset.conf command. Activate the reset configuration files and return to operational mode using the commit and-quit command.
STOP
www.juniper.net
www.juniper.net
A2 Lab Diagrams
www.juniper.net
www.juniper.net
Lab Diagrams A3
A4 Lab Diagrams
www.juniper.net