Ima Bum
asked on
Juniper ex4200
Hi All,
I'm configuring some Juniper ex4200 48PoE+ switches and I can't see to get my configurations to stick.
Here's an example of the setup template that I'm using:
Equipment Refresh switch build process
1. Record and add system serial numbers to inventory sheet
a. switch serial
2. Build system
a. switch
b. uplink module
c. power supplies
d. optics
3. Power system both PSUs
4. Level set software level
a. root@ex-4200:RE:0% mount_msdosfs /dev/da1s1 /mnt
b. cli
c. request system software add /mnt/jinstall-ex-4200-11.4
d. request system reboot
e. answer yes to reload
Mind you these configs take about 10-15 mins. each to load all of this info. so it's a heart-breaking when they don't stick at the end.
I'm thinking that I need to enter the commit command somewhere in here prior to restarting? If so, where where would the commit command go, perhaps after line c:
or before I perform d: request the system reboot?
Thanks All,
R
I'm configuring some Juniper ex4200 48PoE+ switches and I can't see to get my configurations to stick.
Here's an example of the setup template that I'm using:
Equipment Refresh switch build process
1. Record and add system serial numbers to inventory sheet
a. switch serial
2. Build system
a. switch
b. uplink module
c. power supplies
d. optics
3. Power system both PSUs
4. Level set software level
a. root@ex-4200:RE:0% mount_msdosfs /dev/da1s1 /mnt
b. cli
c. request system software add /mnt/jinstall-ex-4200-11.4
d. request system reboot
e. answer yes to reload
Mind you these configs take about 10-15 mins. each to load all of this info. so it's a heart-breaking when they don't stick at the end.
I'm thinking that I need to enter the commit command somewhere in here prior to restarting? If so, where where would the commit command go, perhaps after line c:
or before I perform d: request the system reboot?
Thanks All,
R
ASKER
Thank you deimark. I see what you're saying. These are brand new switches, so being a Cisco guy they just handed me the project and said figure it out. Junos is totally different than IOS or even Nexus OS I've noticed. HUGE difference... not sure if better or worse, not yet at least.
So, I'm just loading up the new version of Junos with those steps previously mentioned. Now I see. I'm 100% a cisco guy and struggling with the commands. So, after I load up the aforementioned, then I need to configure my switches? right? At that point, I can just enter in my config file that I have separately?
From what I've read thus far I do the following, please pardon my learning curve.
1.> I logon to the EX4200 as: root
2.> go into cli
3> copy my configure file like so, I changed the IP addresses so, you can ignore those if you want.
copy and paste the following (i changed the RSA key stuff with all AAA), so please ignore that.
set system host-name KungFu
set system time-zone America/Los_Angeles
set system root-authentication encrypted-password "$1$3tlvls1z$PyrQPEIiAxMPQ
set system name-server 10.10.10.10
set system name-server 10.10.10.20
set system login user brucelee uid 2000
set system login user brucelee class superuser
set system login user brucelee authentication encrypted-password "$1$S3E45Tyu$om7CdXtLEkBXd
set system services ftp
set system services ssh
set system services web-management https local-certificate mycert.pem
set system syslog user * any emergency
set system syslog host 10.10.11.10 any any
set system syslog host 10.10.11.10 source-address 10.10.12.10
set system syslog host 10.10.13.10 any any
set system syslog host 10.10.13.10 source-address 10.10.12.10
set system syslog host 10.10.14.10 any any
set system syslog host 10.10.14.10 source-address 10.10.12.10
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system ntp boot-server 10.10.15.10
set system ntp server 10.10.10.10
set system ntp server 10.10.10.20
set chassis fpc 0 pic 1 sfpplus pic-mode 1g
set interfaces vlan unit 1 family inet address 10.10.12.10/24
set routing-options static route 0.0.0.0/0 next-hop 10.10.12.9
set protocols igmp-snooping vlan all
set protocols rstp
set protocols lldp interface all
set protocols lldp-med interface all
set security certificates local mycert.pem "-----BEGIN RSA PRIVATE KEY-----\AAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAA
=\n-----END CERTIFICATE-----\n"
set firewall family inet filter management-l3-access term 1 from source-address 10.10.0.0/16
set firewall family inet filter management-l3-access term 1 from source-address 10.20.0.0/16
set firewall family inet filter management-l3-access term 1 from source-address 10.10.17.0/17
set firewall family inet filter management-l3-access term 1 from destination-port ssh
set firewall family inet filter management-l3-access term 1 from destination-port https
set firewall family inet filter management-l3-access term 1 then accept
set firewall family inet filter management-l3-access term 2 from destination-port ssh
set firewall family inet filter management-l3-access term 2 from destination-port https
set firewall family inet filter management-l3-access term 2 then discard
set firewall family inet filter management-l3-access term 3 then accept
set ethernet-switching-options
set vlans localnet vlan-id 1
set vlans localnet l3-interface vlan.1
set poe interface all
4.> type in the command: commit
Thanks,
RP
So, I'm just loading up the new version of Junos with those steps previously mentioned. Now I see. I'm 100% a cisco guy and struggling with the commands. So, after I load up the aforementioned, then I need to configure my switches? right? At that point, I can just enter in my config file that I have separately?
From what I've read thus far I do the following, please pardon my learning curve.
1.> I logon to the EX4200 as: root
2.> go into cli
3> copy my configure file like so, I changed the IP addresses so, you can ignore those if you want.
copy and paste the following (i changed the RSA key stuff with all AAA), so please ignore that.
set system host-name KungFu
set system time-zone America/Los_Angeles
set system root-authentication encrypted-password "$1$3tlvls1z$PyrQPEIiAxMPQ
set system name-server 10.10.10.10
set system name-server 10.10.10.20
set system login user brucelee uid 2000
set system login user brucelee class superuser
set system login user brucelee authentication encrypted-password "$1$S3E45Tyu$om7CdXtLEkBXd
set system services ftp
set system services ssh
set system services web-management https local-certificate mycert.pem
set system syslog user * any emergency
set system syslog host 10.10.11.10 any any
set system syslog host 10.10.11.10 source-address 10.10.12.10
set system syslog host 10.10.13.10 any any
set system syslog host 10.10.13.10 source-address 10.10.12.10
set system syslog host 10.10.14.10 any any
set system syslog host 10.10.14.10 source-address 10.10.12.10
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system ntp boot-server 10.10.15.10
set system ntp server 10.10.10.10
set system ntp server 10.10.10.20
set chassis fpc 0 pic 1 sfpplus pic-mode 1g
set interfaces vlan unit 1 family inet address 10.10.12.10/24
set routing-options static route 0.0.0.0/0 next-hop 10.10.12.9
set protocols igmp-snooping vlan all
set protocols rstp
set protocols lldp interface all
set protocols lldp-med interface all
set security certificates local mycert.pem "-----BEGIN RSA PRIVATE KEY-----\AAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAA
=\n-----END CERTIFICATE-----\n"
set firewall family inet filter management-l3-access term 1 from source-address 10.10.0.0/16
set firewall family inet filter management-l3-access term 1 from source-address 10.20.0.0/16
set firewall family inet filter management-l3-access term 1 from source-address 10.10.17.0/17
set firewall family inet filter management-l3-access term 1 from destination-port ssh
set firewall family inet filter management-l3-access term 1 from destination-port https
set firewall family inet filter management-l3-access term 1 then accept
set firewall family inet filter management-l3-access term 2 from destination-port ssh
set firewall family inet filter management-l3-access term 2 from destination-port https
set firewall family inet filter management-l3-access term 2 then discard
set firewall family inet filter management-l3-access term 3 then accept
set ethernet-switching-options
set vlans localnet vlan-id 1
set vlans localnet l3-interface vlan.1
set poe interface all
4.> type in the command: commit
Thanks,
RP
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No, but what you said earlier made me realize I was making a stupid mistake and I think now I have figured out the "correct" way to execute this process thanks to your guidance.
I am sure I will have some more Junos re: questions later today or in the next few days, so keeps your eyes open deimark if you're interested in taking a look.
Thanks for your feedback and guidance!,
R
I am sure I will have some more Junos re: questions later today or in the next few days, so keeps your eyes open deimark if you're interested in taking a look.
Thanks for your feedback and guidance!,
R
Glad I could help bud. ;)
What kind of config do you want to add?
Bear in mind that the factory default config on an EX4200 is to put all interfaces into access mode and enable ethernet-switching, for anything extra, like configure the mgmt port me0, you will need extra config.
What is it you are trying to achieve at the end of the prep? Just software upgrade or software upgrade and IP ready?