I just want to talk about briefly how you can configure a simple virtual router in Junos. For this I have drawn a physical and a logical view of my simple topology. In physical view, you can see that there is only one SRX but logically there are actually one virtual router connected from interface
Read More »
If you have two multiple equal cost paths to the same destination, JunOS behavior is to pick up one of the next-hops and use that one. For example in the following scenario, Junos keeps sending the packets via the ge-0/0/0.41 interface. root@R4> show route 172.16.1.0 inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0
Read More »
MRU (Maximum Receive Unit) has a close relation to MTU but as far as I can see it has different effects in various active devices. For example setting an MTU value of 1000 on an Ethernet interface of a Linux machine or an SRX box doesn’t prevent the larger packet from being accepted. However if
Read More »
I would like to talk about couple of things in this post about MTU on JunOS; Why do we have two different MTU settings i.e at interface and logical level? What is the meaning of path mtu discovery on a junos box How MTU is important for OSPF? Actually all started with my OSPF tests
Read More »
I will configure GRE (Generic Routing Encapsulation) between two Juniper SRX firewal devices. If you want to learn more about the protocol see RFC2784. I will just demonstrate how two networks can be connected to each other via a tunnel. I will also show how SRX security policy should be configured in order to pass
Read More »
I will briefly write about Branch SRX alarm led and reset button in this post. 1) Alarm led Today when I deleted my rescue configuration via; > request system configuration rescue delete command, then minutes later I noticed that alarm led on the front panel turned to amber. First I couldn’t guess that alarm is
Read More »
If you want to capture some icmp traffic destined for a Junos router by using “monitor traffic“, you must re-think what you are doing. For example you issued the following command and you started ping from another host towards this Junos router. admin@host> monitor traffic interface ge-0/0/1 matching "icmp or tcp" verbose output suppressed, use
Read More »
There is a very handy feature in junos which you may find very useful if you have lots of junos devices. JunOS can send your active configuration after every commit to a configured remote destination server by using scp,http or ftp protocols. A small configuration is sufficient to achieve this. For example with the configuration
Read More »
When I was looking at one of my earlier posts, I noticed that sometimes I do repeat cli commands manually instead of scripting. Life is short! If you can’t find any other shell, junos has also C shell and following is a simple loop which generates several commands following a similar pattern. For example I
Read More »
If you want to prevent root user being used in ssh logins, one command is sufficient to accomplish this. After commit, root user will be rejected and you can login with any other super-user. #set system services ssh root-login deny