Juniper JNCIA JN0-103 – Junos Configuration Basics Part 3
- Network Time Protocol
Welcome back. In this lecture, we’ll talk about network time protocol. Let’s begin. The first question is what is network time protocol? Network Time Protocol, also known as NTP, is a very widely used protocol which is used to synchronize the clocks of routers and other hardware devices on the Internet. Net debugging and troubleshooting becomes easier when timestamps in the log files of all devices are synchronized. Because events that span the network can be correlated with synchronous entries in multiple logs.
Devices running Juno’s can be configured to act as an NTP client, a secondary NTP server, or a primary NTP server. What do we mean by primary and secondary NTP servers? Let’s talk about that. What’s a primary NTP server. Primary NTP servers are synchronized to a reference clock that is directly traceable to Universal Coordinated Time or UTC. These servers redistribute this time data downstream to other secondary NTP servers and also to NTP clients.
What is a secondary NTP server? Secondary NTP servers are synchronized to a primary or other secondary NTP servers. These servers then redistribute the time data downstream to other secondary NTP servers or NTP clients. What is an NTP client? NTP clients are synchronized to a primary or secondary NTP server. Clients do not redistribute this time data to other devices. I have a diagram on the screen which will further explain what a reference clock is, what primary and secondary NTP servers are, and what is an NTP client.
As you can see, the reference clocks is the main source of time data. This time data is then passed on to primary time servers, which then redistribute the data to secondary servers, and secondary servers then redistribute the data to NTP clients. Each device on the network can be configured to run in one or more of the following NTP modes. First, one is broadcast mode. In this mode, one or more devices is set up to transmit time information to a specified broadcast or multicast address. Other devices listen for time sync packets on these addresses.
This mode is less accurate than client server mode. With the client server mode, devices are organized hierarchically across the network. In client server relationships, we then have symmetric active peer mode. With this, two or more devices are configured as NTP server peers to provide redundancy. Two machines can synchronize only when their current clocks are relatively close. By default, if the time difference between the local devices clock and the NTP servers clock is more than 128 milliseconds, the clocks are slowly stepped into synchronization.
However, if the difference is more than 1000 seconds, the clocks are considered to be not synchronized. A boot server is used to set the system clock at boot time. This ensures that it is close enough so that later on we can synchronize to the configured time server. Let’s go to the terminal and understand how can we configure the NTP server. All right, I’m at the terminal. I’m going to first enter configuration mode to set the NTP server, we first need to navigate into Edit System NTP. I’m going to start with Set and we’ll do a question mark first. To set the NTP server, we’ll use the keyword called Server, and we’ll do a question mark. We need to type the host name or the IP address of the NTP server. There are many NTP servers available on the Internet which you can synchronize with. For example, I’m going to do set server. Cool NTP. org this is a group of NTP servers that you can use. I’m going to hit enter. It is also recommended that you set the boot server. Like we know already, the boot server is used to set the system clock at boot time so that later on we can synchronize with the NTP server. So I’m going to say set boot server.
And I’m going to provide a local IP address for this. 192168 110. I’ll do a show. Looks good. Now we can do a commit. As you can see over here, the hostname pool NTP. org has already been resolved to the IP address of an NTP server. All right, the commit operation is now completed. I’m going to exit out of configuration mode and to check if we have got any NTP associations. We can do show NTP associations. Hit Enter. And as you can see over here, I’ve already synchronized with an NTP server.
We can also use the command Show NTP Status to take a look at some more variables. There you go. With these two commands, we can verify if we have actually synchronized with an NTP server or not. By the way, we can also configure multiple NTP servers. For example, I’ll enter configuration mode one more time and I’ll say edit system NTP. Just do a show. You see that we have a server right now.
I’m going to set one more server. Set Server. This time I’m going to do Time NIST Gov, which is a very popular entity server, hit Enter, and I’m going to do a show first. You can see that also has a result. So I’m going to do a commit and quit while the commit is happening. I also want to point out that we can also use authentication with NTP to make sure that we are always synchronizing with a reliable and trusted NTP server. But at the JNCIA level, we don’t need to dive so much into details. The commit has now finished. Let’s do show NTP associations. Hit Enter.
And there we have it. We have a couple of NTP servers. And this is the one that is being used right now because that has the Asterisk on top of it, right? So that’s how we configure NTP. And that’s the little topic that we had to cover in this lecture. In the next lecture, we’re going to talk about factory default, configuration, rescue configuration, and backups. I’d like to thank you for watching. And I’m going to catch you in the next lecture. Thank you.
- Default Config, Rescue Config & Backups
Welcome back. This is a short lecture on default config, rescue config and backups. Let’s begin. Let’s start by talking about factory default configuration. Factory default configurations can vary from one platform family to another, or even between the different models within the same platform family. All platform platforms running the Junos operating system are designed for specific roles within a network environment, and their factory default configurations are created with those specific roles in mind. For example, the Ex series switches are designed to operate as layer two switches right out of the box to meet this default operational requirement. The associated factory default configurations have all interfaces configured as layer two interfaces, and they also include protocols such as Rapid, spanning three protocol and Link layer discovery protocol.
How do you load the factory default configuration on the device? This can be achieved by using the command called as load factory default command. This command must be followed up with set system root authentication. Plaintext password to set a new root password. We already talked about this command in one of the earlier lectures, one of those initial configuration lectures. We understood how this command can be used to set a root password.
After that, you must follow it up with a commit command to activate the changes. So, if you wanted to activate the factory default configuration from the command line interface, there’s three steps. Number one, use the Load factory default command. Number two, set the new root password. And number three, commit your changes on some Juno’s devices such as SRX and the J series devices. You have a reset config button on the front panel which can be used to reset to factory default configuration.
I have a picture on the screen of an SRX 210 device. On the left hand side, you can see there’s a little button which is the reset config button. You press and hold that button for a few seconds and your device restores back to the factory default configuration. One very important thing to remember when your device boots with the factory default configuration, the prompt will show the word initiac. As you can see, on the top left hand side, you have a word called Innisiac. That word indicates that the device is now running the factory default configuration.
I want you guys to remember this and not forget it. This could help you in the exam, right? So the word innisiac is indicative of the fact that the device is running a factory default configuration. All right. Now let’s talk about rescue configuration. A rescue configuration is a user defined known good configuration that is designed to restore connectivity in the event of configuration problems. It is recommended that the rescue configuration contain the minimum elements necessary to restore network connectivity.
We can use the request system Configuration Rescue Save Command to save a rescue configuration. At the time of executing this command, if a rescue configuration already exists, the file is replaced with the contents of the active configuration, and I’ll show this to you on the device, how to do it. All right, I’m back at the terminal. The rescue configuration can be saved from the operational mode.
So let’s do request system configuration, and the keyword is rescue. Let’s do a question mark. We can click on Save hit Enter and that saves the rescue configuration. If I wanted to delete the rescue configuration, I could use the Delete command in the event of a problem. How do I restore my device to a rescue configuration? The answer is very simple and something that we already know. I’m going to go to the Edit configuration mode. If I wanted to restore back to a rescue configuration, I can say, Roll back. When I hit question mark over here, you see that we can roll back to a rescue configuration.
You hit Enter and finally we have to finish off with the commit statement to roll back to a rescue configuration. Let’s go back to the slides. All right, now let’s talk about backups. The Juno’s device can be configured to backup the current configuration using FTP or SCP periodically or after each commit. If you specify more than one archive site, the system attempts to transfer the configuration file to the first archive site in the list, moving to the next site only if the transfer fails. Once the configuration file is transferred to the remote storage device, his system log message is generated, confirming success or failure of the transfer. Let’s check this on the device back over here. Just going to erase this command. The way to set up automated backups is to get into Edit system archival hit Enter. I’m going to do a show first because I already have this configured, as you can see over here. In fact, I’m just going to do this show display set. You can see the command that I’ve used.
Set system archival configuration transfer on commit. Now this command means every time I commit my configuration, junos will attempt to back up that configuration into an archive site. The archive site has been set over here. It has been configured to transfer on FTP, my username, the IP address of that FTP device, and then you have the password to log into the FTP device. We could also do something like this set space question mark configuration. We could also do transfer interval, where we can set the frequency at which file transfer happens. For example, we can say transfer interval, and we can set the number of minutes after which the configuration will be transferred to an archival site. Right now I’m just going to leave it the way it is.
I’m going to do a CTRL U to erase everything and do a commit just to make sure everything is okay. Okay, now I’m going to go back to the operational mode. How do I verify if transfers are happening or not? It’s actually very easy. I can do show log messages. We already know about this file because we discussed about logging in one of the earlier lectures. So let’s do show log messages and I’m going to try and match the word transfer. Hit enter and you can see that over here there are some log messages which actually match that.
Now you’ll notice over here that it is actually having some problem uploading that file to the archive site. And that’s because my FTP site is not actually working, which is why it is enabled to upload the configuration into the backup site. On the other hand, if it was working, you should see success messages when you run this command. All right, so that’s all for this lecture. I’d like to thank you for watching and I’m going to catch you in the next lecture. Thank you.