Pass Juniper JNCIA-Junos Certification Exam in First Attempt Guaranteed!
Get 100% Latest Exam Questions, Accurate & Verified Answers to Pass the Actual Exam!
30 Days Free Updates, Instant Download!
JN0-103 Premium Bundle
- Premium File 96 Questions & Answers. Last update: Dec 12, 2024
- Training Course 67 Video Lectures
JN0-103 Premium Bundle
- Premium File 96 Questions & Answers
Last update: Dec 12, 2024 - Training Course 67 Video Lectures
Purchase Individually
Premium File
Training Course
JN0-103 Exam - Junos, Associate (JNCIA-Junos)
Download Free JN0-103 Exam Questions |
---|
Juniper JNCIA-Junos Certification Practice Test Questions and Answers, Juniper JNCIA-Junos Certification Exam Dumps
All Juniper JNCIA-Junos certification exam dumps, study guide, training courses are prepared by industry experts. Juniper JNCIA-Junos certification practice test questions and answers, exam dumps, study guide and training courses help candidates to study and pass hassle-free!
Junos Configuration Basics
1. Initial Configuration
Hello and welcome back! In this lecture, we are going to start with Section 4, and in the first lecture of Section 4, we are going to start with initial configuration. If you're ready, let's begin. So in this first lecture of Section 4, we are going to start with some basic initial setup of your Junos device. We'll see how we can set up root authentication.
We'll then talk about system services for remote access. We already discussed this in the last section, but we'll discuss it one more time. We'll then talk about setting a host name. We'll then see how we can set the system time and the time zone. We'll see how we can set a login message and how we can configure the command-line interface idle timeout value. Let's begin. Alright, so as you can see, I've logged into a terminal. First of all, I'm going to go into configuration mode. Now, the first thing that we need to set up is the root authentication password. When you are configuring a brand new Juneau device, it is shipped with a factory default configuration. It has no password on it, and you can log in with the username root.
Also, you'll be connecting to the console port. In other words, you'll be using the out-of-band method to connect with the device. Now, right now, I have a Junos device, which has some basic configuration on it, which means the root authentication password has already been configured. But I'm going to show you how to do it one more time. By the way, if you have a brand new device, before you can make any configuration changes on the device, you have to set a route authentication password. Let's see how we can do that. So I'm in configuration mode. I'm going to say set system root authentication. Let's do a question mark, and we are looking at this option over here, the plaintext password. You can also provide an encrypted password if you have one. Or you could also provide your password along with a file using a URL. You could do that. But right now I'm going to use this option called "plain text password." So the command would be "setsystem root authentication, plain text password."
Let's do a question mark, and we can actually hit enter right now. So I'm going to do that, and we have to provide the password on Juno's device. The password must be at least six characters long, with a change of case digits or punctuation. So I'm going to put my new password over here, type it one more time, and it's done. So that's how you would set the root authentication password. Remember, this is the first thing that you must do if you're configuring a brand new Juniper device. Next, we'll see how we can set up system services for remote access. To do this, we're going to navigate to editsystem services, and I'm going to do a show. Now, you should already know this command by now because we spoke about how to connect to a Juniper device. In the previous section, when I hit Enter, you could see that SSH and telnet had been enabled for remote access. Some people don't like to have telnet on there because that's not a secure protocol to connect. To connect to your device remotely, SSH is a good option.
If you want to enable access to JWeb, then in the web management section you need to enable the protocol and then the interface through which you will be making the connection. For example, over here I have enabled the HTTPS protocol and I have three interfaces enabled: VLAN 0, Fe 10, and PP 0. You'll also notice that I'm using a system-generated certificate, which means when I try to connect to the device, my browser will give me a warning saying the certificate is not recognized. Following that, we'll look at how to set the hostname system time and time zone. All of these should look familiar to you because we've already seen examples of them in previous lectures. But let's do it one more time. I'm going to go back to the terminal, and I'm going to go to the top of the configuration mode to set the hostname. The command would be set. System Hostname and I'm going to type in my hostname.
I'm going to call this one Myjunos. You can put in whatever hostname you like. I'm just going to say my Junos and hit enter. As you now know, the host name will not take effect until you type in the commit command. Before we issue the commit command, let's also see how we can change the time zone so we can do it this way. Set the system timezone, hit a question mark, and you'll have all the time zones listed over here. Now I'm in India, and I'm looking for the Indian time zone. So I'm going to hit the space bar, and that's the one that I'm looking for, Asia Calcutta. So I'm going to do a CTRL C, and I'm going to write it this way. Asia Calcutta, hit Tab, and it should autocomplete. Hit Enter, and it works well on a brand new journalist device. The default time zone is UTC, or Coordinated Universal Time.
Now I'm going to do a commit check just to make sure that there are no errors in my configuration. Looks good. I'm going to issue a commit command. All right, that's done. And now you can see the hostname has taken effect, right? The next thing is to configure the system time, or the time of the device. Now that happens in operational mode. So I'm going to do an exit and come out of the configuration mode to set the time and the date. "Set space date, question mark" would be the command. Now, as you can see, you can type in the date manually in the format, which looks like this. Or you could also sync up with an NTP server. But right now, we're going to set that manually. So I'm going to say 20 117.The month is number seven. February 2, 2004 is the date. The hour is 14. The time is 19:00. You have a dot, and then the seconds would be 30. It enter and that works fine. So that's how you set the date. Don't forget, the time zone happens in the configuration mode, but the date and time happen in the operational mode.
Let's go back to the slides. All right, next we'll understand how to configure a login message and how to configure the idle timeout value. The login message is useful when you have many administrators managing the device. Typically, this happens in enterprises where you'd like to display a warning message to prevent unauthorised people from logging in. How do we do that? Let's see that on the terminal. To set the login message, we have to go back to configuration mode. So I'm going to edit. The login message is under the edit system hierarchy. So I'm going to say set system, login message, hit a question mark, and you can start typing in your message. I'm going to start with double quotes. All logins are monitored. Close the double quotes and hit enter. That works well. I'm going to do a commit to save my changes. All right. Now to verify if this works well, I'll have to log out and log into the device again.
So I'm going to exit once more, then try to login once more, and then hit Enter. And as you can see over here, the login message that we configured is now displayed. So this is a nice option to display a message to all users who are trying to connect to your device. Now I'm going to log in. All right, the last option that we're going to see is the command-line interface timeout. The timeout value for the command line interface is configured in operational mode. The command for that would be "set CLI." Let's do a question mark first. And this is the option that we're looking at for an idle timeout. So I'm going to say ID and hit a tab that fills in for me and do a question mark. So you can give a value between zero and 1000. If you're giving a value of zero, that means you're disabling the timeout value. Now I'm going to set a timeout value of 60 minutes, or in other words, 1 hour, hit Enter, and that is done. All right, so that's all the topics for this lecture called "initial configuration." In the next lecture, we are going to look at some very interesting topics. We're going to look at how to configure user accounts and login classes. Now, login classes are basically user roles that you can attach to the user accounts.
And then finally, we'll talk about user authentication methods. That's all for this lecture. Guys, I'd like to thank you for watching, and I'll catch you in the next lecture. Thank you. ]
2. User Account and Login Classes
Welcome back. In the last lecture, we spoke about initial configuration. In this lecture, we're going to talk about user accounts and login classes. Let's begin. We'll start by talking about login classes. So the first question is: what is a login class? Well, a login class is a named container that groups together a set of one or more permissions. In simple words, a login class is a configuration that contains one or more permissions. All users who log into a Juno's device must be associated with a login class. Now, you can create custom login classes, but Juni's devices have four predefined login classes. The predefined login classes are superuser, operator, read-only, and unauthorized.
The login class called "Superuser" gives you all permissions. The login class called "Operator" gives you clear network, reset, trace, and view permissions. The read-only login class gives you view permissions, and the unauthorised login class does not have any permissions. Let's take a look at this on the device. All right, I'm back at the terminal, and as you can see, I've logged in already. I'm going to edit to enter configuration mode. Now, first of all, I'm going to show you how to start creating a user account. So I'm going to say "set system login." Let's do a question mark first. I'm looking at this one user, and I'll do a question mark. Now, first of all, we have to provide a username. So I'm just going to type this username, hit a question mark, and notice you have the option to select a class over here.
So I'm going to say "class question mark." And you will see all four classes: operator (read only), super, user, and unauthorized. These are the four login classes that are predefined. However, we can define our own class as well. If you wanted to do that, you could do it this way. I'm just going to erase the command and I'm going to say "set system," "login," and "question mark." We can define a login class. so elegant question mark We can begin by giving it a name, such as "test class" or "question mark." Now you can see that we can provide a bunch of options over here for a specific login class. We can define the start time for access and the end time for access, which means if the user is associated with this login class, he can only log in at certain times of the day, which is interesting. You can also provide allow commands, allow configuration-allowed days on which you can login, deny commands, deny configuration, idle timeout, login alarms, login scripts, anything that you may want to execute when the user logs in, a login tip, security role permissions, and so on.
As you can see, we can completely customise the login class to suit our requirements. All right, let's go back to the slides. The next topic is user accounts. And this topic should look a little familiar, at least because you guys have been seeing me login to the Junos device with a user account. So what's a user account? Well, a user account provides a way for users to access the Junos device. Users can access the device even if they do not have an account if Radius or Tag Hacks Plus servers have been configured. Now, if you've never heard about Radius or TAChack servers, I'll just give you a brief overview. When you want to configure user accounts, you have two options.
For starters, you can create user accounts on the devices locally. If you have a small number of devices, let's say three, four, or five devices, maybe this is not a problem. You can create the same user accounts on all the devices. But imagine if you are an enterprise with hundreds or thousands of network devices. In this case, it will definitely not be feasible to create user accounts on all the devices. It's going to take a lot of time. Instead, we can use a centralised user management device. Those devices are known as "radius" or "Tacx Plus" servers. These are devices on which you can create your user accounts.
So whenever somebody tries to authenticate into the device, you can send the authentication request to the Radius or Takax servers and have users authenticate that way. These devices can not only authenticate, but they can also perform authorization and accounting. So what we need to remember is that you can have users locally configured on Juno's device, or you can use a centralised user management device like Radius or Takx servers.
Whenever you create a new user account, Junio creates a home directory for that user on the device. For every user account that you create, the following can be defined: Number one, username. The username is a unique string that can be up to 64 characters in length, but it must not have spaces, colons, or commas. You can also provide a user identifier, which is a numeric identifier associated with the username. Optionally, it may also contain a full name. You must provide the login class. And finally, you must also provide the authentication method.
Let's try to create a user account and see all of this on the device. All right, back at the terminal now, I'm going to try and create a new user account. So I'm going to say "set system login." Let's start with a question mark. We're going to start with "user" and let's do a question mark. So we need to provide the username over here. I'm going to refer to this one as CLI admin Western Mark. Optionally, we can provide the full name as well.
So I'm going to refer to her by her full name, Sham. If you do not have spaces, you can just do it without double quotes. But if you do, make sure that you add a space like this or a double quote like this. So I'm just going to leave it the way it is. Now, I'm not going to configure the UID manually. It will happen automatically. You could obviously do it manually as well. I'm going to give the class the role of superuser, and I'm going to set the authentication to a plaintext password. Now, you could also provide an encrypted password.
You could load the password from a file, or you could also provide SSH key strings as passwords. For the time being, I'll just type "plain text password" and press enter. I'm going to type in the password two times. And there you go. The user has been created, right? So that's how you create a user account. We can show you that if you want. Show systemlogin user, press the question mark, and let's get started with CLI administration. And there you go. The full name is displayed. You have the class, and you have the authentication section, which contains the encrypted password. And when I try to look at "show system loginuser," my own user account, which is shyam, I hit enter.
Over here, you will see that it has a UID, or a user identification. Now you will see this for every user account, even for this one, once I commit my configuration, right? As a result, the user identification can be entered manually or generated automatically by the Dunes device. All right, so that's about the topics for this lecture. We looked at user accounts and login classes. In the next lecture, we're going to talk about user authorization. That's all for this lecture, guys. I'd like to thank you for watching, and I'll catch you in the next lecture. Thank you.
3. Interfaces
Welcome back to this lecture on Juno's interfaces. Let's begin. What are interfaces? Interfaces are primarily used to connect a device to a network. However, some interfaces are used to provide a service or a specific function for the system on which they operate.
We have multiple types of interfaces. We have management interfaces, internal interfaces, network interfaces, service interfaces, and loopback interfaces. Let's go over them one by one. So first up, we have the management interface. It is used to connect the device running Junos to a management network. The actual designation of this interface is platform-specific. Examples would be FXP zero and ME zero. We actually spoke about the management interface in one of the earlier lectures. We discussed that when you have a brand new Junos device and you want to start configuring it, you can use the management interface. Internal interfaces are used to connect the control and forwarding planes.
Remember the lecture where we discussed routing engines and packet forwarding engines? We understood that there is a connection between the routing engine and the packet forwarding engine, and that connection is provided by the internal interface. The actual designation of this interface is also platform-specific. Examples include FXP 1 and EM 0. You then have the network interface, which is used to provide media-specific network connectivity. This is the interface that we use to connect the device to a host, a switch, or a router. Examples include Ethernet, Sonet in asynchronous transfer mode, and ATM interfaces. There are two interfaces available: T1 and DS3. Moving on, we have the service interface, which is used to provide one or more user-configurable services such as encryption, tunneling, and link services.
Service interfaces can be provided through a physical card or through software, which essentially means that you may have a dedicated physical card to provide the service, or it may be provided through a software interface. The Es interface, which is the encryption interface, and the Gr interface, which is the generic routing encapsulation tunnel interface, are two examples. IP, which is IP over IP encapsulation tunnel interface; LS, which is the link services interface; and VT, which is a virtual loopback tunnel interface. Finally, you have the loopback interfaces. These are used to provide a constant and dependable hardware-independent interface. It is a virtual interface created on your device, and it uses the Lozero designation on all platforms running Juno. So it's a consistent naming convention for loopback interfaces.
Loopback interfaces are used in conjunction with routing protocols to facilitate routing in a redundant environment that is independent of the individual physical links. This statement essentially tries to tell you that loopback interfaces are primarily used for routing protocols because they are not dependent on the hardware. They provide you with an independent interface that routing protocols can use. And we'll talk more about loopback interfaces as we proceed in this course. Now, let's talk about interface naming conventions. Junos uses a standard naming convention. Most of the interfaces are named Type and FPC.
Then there's a forward slash, pic, forward slash, and port. FPC stands for "flexible pick concentrator," or, in simple words, it is the line card slot number. PIC stands for Physical Interface Card, or, in simple words, it's the interface card slot number, and Port indicates the port number. I have an example on the screen. Geph indicates the type of interface, which is gigabit ethernet. FPC is one in this case, PIC is zero, and port is one. Now, if you're looking at this for the first time, it's not going to make any sense to you. You might be thinking, "What is FPC?" What is PIC? I have a diagram that should make it easier for you to understand. This diagram shows you the back panel of your Junos device. Observe the diagram carefully, and you'll notice there are two sections. one on top here, one on the bottom here, and one on the top here. This is now referred to as FPC. This panel over here is FPC zero, and this panel over here is FPC one. The FPC is divided into smaller sections known as "pic." So FPC 1 in this diagram is divided into four sections, or PICs. You have to pick zero, pick one, pick two, and pick three. In every pick, we have multiple port numbers. For example, in FPC, one picks zero. We have twelve port numbers.
Zero through eleven are a total of twelve port numbers. So if we talk about the previous example, which was Gephen 10, that was gigabit ethernet, FPCone, pick zero, and interface number one. One thing that we should remember is that port numbers always start with zero. So when we are saying Geph one, the one at the end of the port number actually indicates the second port because the port number starts at zero. One is the second port over there. So quickly, one more time, you have the FPCs over here: FPC zero and FPC one. The FPC is divided into smaller sections called "pics." We have four PICs over here, zero through three, and inside every PIC we have multiple port numbers starting from zero. We also have some interfaces that do not follow the standard naming convention.
The most popular example would be Lozero, which is the loopback interface. We also have Ae, which is the aggregated Ethernet interface. We also have a combined Sauna interface. And then we have VLAN, which is the VLAN interface. Juno also creates some internal interfaces that cannot be configured by the user. Examples would be GRE, MTUN, IPIP Tap, and so on. All right, so that's all the topics for this lecture. We are not done with interfaces yet. We have a few more topics to discuss, like physical properties, logical properties, and so on. We're going to keep that for Part 2 of Interfaces. That's all for this lecture, guys. I'd like to thank you for watching, and I'll catch you in the next lecture. Thank you.
4. Interfaces - Part 2
Welcome back. Part two of Junos Interfaces. In this lecture, we are going to continue where we left off in the previous lecture. Let's begin. Juno's interfaces have two different properties. They have logical properties as well as physical properties. In fact, Juno's interfaces have two portions, or two sections. You have the physical portion of the interface, and you have the logical portion of the interface. Every physical interface has at least one virtual interface associated with it.
Under the physical interface, you would configure the physical properties. Under the logical interface, you would configure the logical properties. Physical properties include things like mode, which can be half-duplex or full-duplex. For Ethernet interfaces, you can configure speed, which is the link speed. You can configure the maximum transmission unit, which varies between 256 and 9192 bytes. You can configure clocking, which is essentially the clock source for the interface. You can also configure a frame-check sequence to check the integrity of the frame. These are not the only physical properties.
In fact, we have a bunch of them, but we are only trying to see the most common ones. By the way, we don't have to remember these from the examination perspective. Talking about logical properties, you can configure things like the protocol family, which can be inet six ISO, MPLS, or Ethernet switching. You can configure addresses, which are nothing but IP addresses. So IP addresses are actually logical properties of the interface. You can configure bandwidth; you can also configure virtual circuits, and so on. Let's go to the console to take a look at the physical and logical properties. As you can see, I've already logged in. I'm going to enter configuration mode, and I'm going to go to edit interfaces. And let's try it again by pressing Enter over here.
I can configure the physical properties because I've not navigated to the logical section. So when I do a set-space question mark, you can see the physical properties that we can configure. For example, we can set a description, we can disable this interface, we can set the encapsulation, we can set the Mac address, we can set the maximum transmission unit, we can set the speed, and so on. Now, if I wanted to configure the logical properties, I would enter the logical interface. So I'd say edit the unit. Unit is the keyword to enter the logical portion. When I do a question mark, you can see that I already have zero configured, but I can put my own interface number. Right now I'm going to say "edit unit zero" and hit Enter. Now, when I do a set-space question mark, you can see the logical properties that we can configure. For example, we can configure the bandwidth, we can configure a description, we can configure an encapsulation protocol family, a VLAN, an ID, and so on.
Let's go back to the slides. So the physical properties can be configured under the physical interface name, while the logical properties can be configured under the logical section, which is the unit number. Let's now talk about multiple addresses. And this is a very important concept on Juno devices. You can have one interface and more than one IP address. So Junos devices can have more than one address on a single logical interface. For example, let's say the interface already has an IP address, and you try to change that address by issuing a second set command that would not actually overwrite the previous IP address.
In fact, it would add an additional IP address under the same logical unit. So the right way to do it would be to use the rename command, not the set command. I'll show this to you on the terminal, and it will start to make sense back over here under the same configuration hierarchy, which is edit interfaces, fee unit zero. Let's try to set an IP address. So I'm going to say "set address." In fact, I have to do this. I have to get into the protocol family. So I'm going to add this edit family to it. Now it looks good. Edit interfaces cost two units and have no family inet. Now I'm going to try to add an IP address. So set the address; let's do this. Ten 1124. And when I do a show command, I have that IP address configured over here. Assume I want to change this IP address to 101 1224. If I tried something like this, I would set the address to 1024, hit enter, and do a show. You'll notice something interesting. It has now configured two addresses under the same logical unit. If you have previously worked with other vendor devices, this concept may appear strange. Juno's devices can have multiple IP addresses under the same logical interface. So this is not the right way of doing things.
You should be using the rename command. Let me show you how to do that. Now, first of all, I'm going to delete the second IP address that we added. Ten to one. Remove address 101 from the list of 1224. When I do a show, I only have one IP address left out. Now let's say I wanted to change that to ten one one two. The right way to do that would be to rename address ten 1124.The keyword would then be "two-question mark address," which is 1011 224. Hit enter, and let's try a show now. Now, that works fine. So 10 11 24 has now been changed to 10 1 224. Interesting, isn't it? All right, now let's go back to the slides. Alright, now let's talk about two important concepts known as "preferred address" and "primary address." Let's first talk about preferred addresses. The preferred option can be used when you have multiple IP addresses belonging to the same subnet on the same interface. This option allows you to select which address will be used as the source address for packets sent out by the local system to hosts on the directly connected subnet. Now, essentially, this means you have two IP addresses from the same subnet on the same interface.
When you try to send out a packet to the directly connected subnet, which IP address should be used as the source of that packet? The IP address that has been marked as preferred will be the source address of that packet. I'll give you an example. I'm back at the terminal. I'm first going to go to the top of the configuration, and I'm going to go to edit interfaces lo 0, which is lowpack zero, and hit Enter.
And then I'll type editunit zero family inet and press Enter. When I perform a show, there is no configuration. Now I'm going to add a couple of IP addresses to this logical unit. I'm going to say set address 10 1124, and I'm going to say set address 10 1224. I can do a show to verify that both addresses have been configured on the interface. Using this interface, when I send packets to the directly connected subnet, if I want the address 1001-1224 to be used as the source address of that packet, I can mark that as the preferred address. The way to do that would be I'm first going to enter that address, edit address 10 1 1224, and I'm going to set that as preferred, hit Enter to show, and you can see that configuration.
Or we can also do this, go one level up, and try a show. Now we can see that 10-1-1224 has been marked as the preferred address. If I did not do that, by default the numerically lowest IP address would be chosen as the preferred address. In this case, it would have been ten and 1124. Now we also have this concept of primary address. The primary address on an interface is the address that is used as the local address by default for broadcast and multicast packets that are sourced locally and sent out the interface. So this is mainly for broadcast and multicast packets. For example, consider the commanding interface Fe 1025-525-525-5255. This command is trying to send broadcast traffic with the source interface as Fe 10.
On this interface, if I had multiple addresses, which address should be used as the source of that traffic? That is what the keyword primary decides. For example, I'm going to go to the top of the configuration mode and I'm going to go to edit interfaces, Fe 20, and I'm going to do a show. I have one IP address over here. I'm going to add one more. So I'll start with editfamilyinitset address 10 1124, five away show. I now have two addresses.
Now I'm going to set 10 1 dot 2 slash 24 as the primary address. So I'm going to say, "Set address to 101,024; hit question mark; and I'm going to set this one as primary; hit Enter." Now when I do a show, I can see that the address has been configured as primary. I'll go to the top of the configuration mode and perform a commit check to ensure that everything is in order. All right, so the configuration check succeeds. I'm just going to follow that up with a commit command. Once the commit has been completed, I'm going to exit the configuration mode and try this ping interface. Hit the question mark so we can actually specify the source interface for this traffic.
I'm going to say Fe 0020, and the destination address is going to be 255-25-5255 dot two five five. Now, I'm not going to hit Enter because there is nothing connected to this interface. The point I'm trying to make is: when you run this command, which IP address should be used as the source of the traffic? because we have two IP addresses configured over here. Now, in this case, since I was assigned 10.1.1.244 as the primary address that will be used as the source of the traffic, if we did not do that, by default the numerically lowest local address configured on the interface is selected as the primary address. That's all the discussion for interfaces. In the next lecture, we're going to start with system logging. If you have any questions, feel free to let me know. That's all for this lecture, guys. Thank you for watching, and I'm going to catch you in the next lecture. Thank you.
JNCIA-Junos certification practice test questions and answers, training course, study guide are uploaded in ETE files format by real users. Study and pass Juniper JNCIA-Junos certification exam dumps & practice test questions and answers are the best available resource to help students pass at the first attempt.