Solved

Juniper ex4200

Posted on 2012-12-21
5
1,255 Views
Last Modified: 2012-12-22
Hi All,
I'm configuring some Juniper ex4200 48PoE+ switches and I can't see to get my configurations to stick.

Here's an example of the setup template that I'm using:
Equipment Refresh switch build process
1.      Record and add system serial numbers to inventory sheet
a.      switch serial
2.      Build system
a.      switch
b.      uplink module
c.      power supplies
d.      optics
3.      Power system both PSUs
4.      Level set software level
a.      root@ex-4200:RE:0% mount_msdosfs /dev/da1s1 /mnt
b.      cli
c.      request system software add /mnt/jinstall-ex-4200-11.4R5.5-domestic-signed.tgz
d.      request system reboot
e.      answer yes to reload

Mind you these configs take about 10-15 mins. each to load all of this info. so it's a heart-breaking when they don't stick at the end.  

I'm thinking that I need to enter the commit command somewhere in here prior to restarting?   If so, where where would the commit command go, perhaps after line c:
or before I perform d: request the system reboot?  

Thanks All,
R
0
Comment
Question by:rotarypwr
  • 3
  • 2
5 Comments
 
LVL 18

Expert Comment

by:deimark
ID: 38715492
The above only really installs the hardware and then installs to a version of junos.

What kind of config do you want to add?

Bear in mind that the factory default config on an EX4200 is to put all interfaces into access mode and enable ethernet-switching, for anything extra, like configure the mgmt port me0, you will need extra config.

What is it you are trying to achieve at the end of the prep?  Just software upgrade or software upgrade and IP ready?
0
 

Author Comment

by:rotarypwr
ID: 38715866
Thank you  deimark.  I see what you're saying.  These are brand new switches, so being a Cisco guy they just handed me the project and said figure it out.  Junos is totally different than IOS or even Nexus OS I've noticed.  HUGE difference... not sure if better or worse, not yet at least.  

So, I'm just loading up the new version of Junos with those steps previously mentioned.  Now I see.  I'm 100% a cisco guy and struggling with the commands.  So, after I load up the aforementioned, then I need to configure my switches? right?  At that point, I can just enter in my config file that I have separately?


 
From what I've read thus far I do the following, please pardon my learning curve.
1.>  I logon to the EX4200 as: root
2.> go into cli
3> copy my configure file like so, I changed the IP addresses so, you can ignore those if you want.  

copy and paste the following (i changed the RSA key stuff with all AAA), so please ignore that.

set system host-name KungFu
set system time-zone America/Los_Angeles
set system root-authentication encrypted-password "$1$3tlvls1z$PyrQPEIiAxMPQpxij1auz0"
set system name-server 10.10.10.10
set system name-server 10.10.10.20
set system login user brucelee uid 2000
set system login user brucelee class superuser
set system login user brucelee authentication encrypted-password "$1$S3E45Tyu$om7CdXtLEkBXdAfK3cSDS/"
set system services ftp
set system services ssh
set system services web-management https local-certificate mycert.pem
set system syslog user * any emergency
set system syslog host 10.10.11.10 any any
set system syslog host 10.10.11.10 source-address 10.10.12.10
set system syslog host 10.10.13.10 any any
set system syslog host 10.10.13.10 source-address 10.10.12.10
set system syslog host 10.10.14.10 any any
set system syslog host 10.10.14.10 source-address 10.10.12.10
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system ntp boot-server 10.10.15.10
set system ntp server 10.10.10.10    
set system ntp server 10.10.10.20
set chassis fpc 0 pic 1 sfpplus pic-mode 1g

set interfaces vlan unit 1 family inet address 10.10.12.10/24

set routing-options static route 0.0.0.0/0 next-hop 10.10.12.9

set protocols igmp-snooping vlan all
set protocols rstp
set protocols lldp interface all
set protocols lldp-med interface all
set security certificates local mycert.pem "-----BEGIN RSA PRIVATE KEY-----\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
=\n-----END CERTIFICATE-----\n"
set firewall family inet filter management-l3-access term 1 from source-address 10.10.0.0/16
set firewall family inet filter management-l3-access term 1 from source-address 10.20.0.0/16
set firewall family inet filter management-l3-access term 1 from source-address 10.10.17.0/17
set firewall family inet filter management-l3-access term 1 from destination-port ssh
set firewall family inet filter management-l3-access term 1 from destination-port https
set firewall family inet filter management-l3-access term 1 then accept
set firewall family inet filter management-l3-access term 2 from destination-port ssh
set firewall family inet filter management-l3-access term 2 from destination-port https
set firewall family inet filter management-l3-access term 2 then discard
set firewall family inet filter management-l3-access term 3 then accept
set ethernet-switching-options storm-control interface all
set vlans localnet vlan-id 1
set vlans localnet l3-interface vlan.1
set poe interface all

4.> type in the command:  commit

Thanks,
RP
0
 
LVL 18

Accepted Solution

by:
deimark earned 500 total points
ID: 38715909
Do you get any errors when you commit?  Everything seems to be there to get it working.

When you commit on junos you should get errors if the config is hooky and it will normally tell you where the error is.
0
 

Author Comment

by:rotarypwr
ID: 38715917
No, but what you said earlier made me realize I was making a stupid mistake and I think now I have figured out the "correct" way to execute this process thanks to your guidance.  

I am sure I will have some more Junos re: questions later today or in the next few days, so keeps your eyes open deimark if you're interested in taking a look.  

Thanks for your feedback and guidance!,
R
0
 
LVL 18

Expert Comment

by:deimark
ID: 38716085
Glad I could help bud. ;)
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now