JNCIA Summary

Description
This page gives a summary of information contained in the JNCIA study guides for JN0-101 .
I used these guides to study for the JN0-102 exam which is basically JN0-101 minus CoS but with some basic IPv6.

JNCIA Study Guide Part I  Commands
Summary of the commands in the JNCIA Study guide part 1

> configure [ exclusive private ]

# status
# set system name-server 8.8.8.8
# edit system
# annotate name-server "google dns"
# top
# show | display set
# set system services web-management http port 8080
# set system services web-management http interface ge-0/0/1

> show system [ commit alarms boot-messages connections storage ... ]

# commit comment "Changed Config"
# commit and-quit
# commit [ synchronize check confirmed at ]

> clear system commit

# show | compare
# save saved-conf

> show configuration | compare rollback 1
> show configuration | compare saved-conf
> file compare files saved.conf factory-default.conf

# set system max-configurations-on-flash 40
# save scp://root@10.32.25.166
# load replace saved.conf
# load [ merge override patch replace ] terminal relative
# load factory-default
> request system reboot
request system halt [ both-routing-engines all-members ]

# show system syslog
# set system host-name srx
# set system time-zone Europe/Brussels

> set cli idle-timeout 60
> set cli idle-timeout 0
> set cli complete-on-space [ off on ]
> set cli directory directory

# set system login message "Login Massage"
# set interfaces ge-0/0/3 unit 0 family inet address 10.1.10.1/28
# set routing-options static route 10.0.1.0/29 next-hop 10.1.10.2 [ no-readvertise ]
# set system backup-router 10.32.25.1 destination 10.32.25.0/24

> request system configuration rescue delete
> request system configuration rescue save

# rollback rescue
# set interfaces ge-0/0/3 unit 0 family inet address 10.1.1.2/28 [primary preferred]
# delete interfaces ge-0/0/1 disable
# rename interfaces ge-0/0/1 to ge-0/0/2
# copy interfaces ge-0/0/6 to ge-0/0/8
# deactivate interfaces ge-0/0/2
# activate interfaces ge-0/0/2
# protect interfaces ge-0/0/0
# unprotect interfaces ge-0/0/0
# set chassis aggregated-devices ethernet device-count 1
# set interfaces ae0 aggregated-ether-options lacp passive
# set groups all-ge interfaces <ge-*> mtu 1500
# set interfaces apply-groups all-ge
# show interfaces | display inheritance | except #

> show interfaces [ terse extensive ]
> ping 10.32.25.1 interface ge-0/0/0.0 bypass-routing rapid
> traceroute 8.8.8.8
monitor traffic interface ge-0/0/0 matching "port 22"
> monitor traffic interface ge-0/0/0 layer2-headers no-resolve

# set system authentication-order password
# set system authentication-order [ radius  tacplus ]
# set system radius-server 10.0.0.1 secret secret
# set system login user lab class [ operator read-only super-user unauthorized ]
# set system login user lab authentication [ plain-text-password encrypted-password load-key-file ssh-dsa ssh-rsa ]
# set system login class cls [ allow-commands permissions security-role ... ]
# set system syslog host 10.32.25.50 any any
# set system syslog file critlog any critical
# set system syslog archive [ files size world-readable ... ]

> help syslog UI_AUTH_EVENT
help topic groups apply-groups

# set interfaces traceoptions file iftrace size 512k files 10 no-world-readable
# set interfaces traceoptions flag all

> monitor start messages
> monitor stop messages
> clear log messages
> file [ archive compare copy list delete rename show ]

# set system ntp boot-server 10.32.25.65
# set system ntp server pool.ntp.org
# commit

> set date ntp pool.ntp.org
> show ntp associations

# set system archival configuration transfer-on-commit
# set system archival configuration archive-sites "scp://root@10.32.25.65" password "SecretPass"

# set snmp trap-group mytrapgroup version v2
# set snmp trap-group mytrapgroup targets 10.32.25.65
set snmp trap-group mytrapgroup categories link
# set snmp community public

> show snmp mib walk jnxOperatingDescr
> show version
> show chassis [ alarms environment hardware routing-engine craft-interface ]
> request system software [ add rollback ] [ reboot ]
> request system storage cleanup [ dry-run ]

# set system ports console insecure

JNCIA Study Guide Part I — Cram
Concepts to know by heart

Platforms
  • M : multiservice router
  • T : core router
  • J : secure service router
  • MX : ethernet services router
  • EX : switches
  • SRX: secure service gateway
Processes
  • rpd: Routing Protocol Daemon – Controls protocol messages, routing updates and routing policies
  • dcd: Device Control Daemon – Configuration and maintenance of both the physical and logical properties of router interfaces
  • mgd: Management Daemon – Controls user access
  • chassisd: Chassis Daemon – Controls properties of the router itself
  • pfed: Packet Forwarding Engine Daemon – Controls communication between the PFE and RE
Interfaces
  • management interfaces : fxp0, me0
  • internal interfaces : fxp1, me0
  • network interfaces : ge,so,at,ae,as,vlan,lo
  • internal nonconfigurable network interfaces: gre, mtun,ipip,tap
  • services interfaces: es,gr,ip,ls,ml,mo,mt,sp,vt
    ge-x/y/z {
        physical-properties;
        [...]
        unit N {
            logical-properties;
            [...]
        }
    }
    • physical properties: dlp, keepalives, link mode, speed, mtu, clocking, scrambling, frame check
    • logical unit properties : circuit id, address, protocol-family, inverse arp, traps, accounting
    ge,fe: vlan-tagging
    se: encapsulation frame-relay
    so: encapsulation ppp
    at: atm options 

    Predefined Login Parameters
    • Classes: super-user, operator, read-only, unauthorized
    • Permissions: acces, addmin, all, configure, interface, rollback, network, system, view ...
    [edit system login]
    root@srx# show
    class admin {
        permissions [ network view ];
        allow-commands "configure private";
        deny-commands file;
        allow-configuration firewall;
        deny-configuration groups;
    }

    ISSU 
    • GRES : generic RE switchover
    • NSR : Nonstop active routing
    • > request system software in-service-upgrade
    Password Reset 
    • press space bar during boot
    • boot -s
    • > recovery
    • # set system root-authentication plain-text-password
    Configuration Groups - Example
    # show groups
    groups {
        <group-name>{
            <configuration-statements>{
                }
            }
        }
    [edit stanza]
    # show
    apply-groups group-name 

    JNCIA Study Guide Part II — Routing & Firewall Filters
    Summary of the JNCIA Study guide part 2

    root@srx> show route 10.10.9.9 [ exact ]

    inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    10.10.9.9/32       *[OSPF/150] 3d 21:47:01, metric 0, tag 0
                        > to 10.32.25.167 via ge-0/0/0.0

    > show route protocol [ direct static ospf bgp isis ]
    > show route forwarding-table

    Forwarding entry route types
    • dest : directly reachable through an interface
    • intf : result of interface configuration
    • perm : Routes installed by the kernel when the routing table initializes
    • user : Routes installed by the routing protocol process or as a result of the configuration.
    Forwarding entry next-hop types
    • bcast, dscd, hold locl, mcst, mdsc, recv, rjct, ucst, ulst
    Types of Routing Tables
    • inet.0: Used for IPv4 unicast routes;
    • inet.1: Used for the multicast forwarding cache;
    • inet.2: Used for Multicast Border Gateway Protocol (MBGP) routes to provide reverse path forwarding (RPF) checks;
    • inet.3: Used for MPLS path information;
    • inet.4: Used for Multicast Source Discovery Protocol (MSDP) route entries;
    • inet6.0: Used for IPv6 unicast routes; and
    • mpls.0: Used for MPLS next hops
    Routing instance components : routing tables - interfaces - routing protocol parameters

    > show route instance
    > show route table inet.0

    Types of routing instances
    • forwarding: filter-based forwarding
    • l2vpn: Layer 2 VPN
    • no-forwarding: separate large networks
    • virtual-router: virtualization
    • vpls: VPN lan
    • vrf : Layer 3 VPN
    Default Route Preferences
    • Direct 0
    • Local  0
    • Static 5
    • SNMP 50
    • OSPF Internal 10
    • IS-IS L1 Internal 15
    • IS-IS L2 Internal 18
    • RIP 100 
    • OSPF AS External 150
    • IS-IS L1 External 160
    • IS-IS L2 External 165
    • BGP 170
    qualified-next-hop option allows independent preferences for static routes to the same destination

    Routing by Example - OSPF

    > show ospf [ statistics neighbor ]

    root@srx# show protocols ospf
    export redist;
    area 0.0.0.0 {
        interface ge-0/0/0.0;
        interface ge-0/0/1.0 {
            passive;
        }
    }

    root@srx# show policy-options
    prefix-list nodist {
        192.168.0.0/24;
    }
    policy-statement redist {
        from {
            route-filter 0.0.0.0/0 orlonger;
            prefix-list-filter nodist orlonger reject;
        }
        then accept;
    }
    policy-statement redist-all {
        term accept-all {
            from {
                route-filter 0.0.0.0/0 orlonger;
            }
            then accept;
        }
    }

    Match Types: exact, orlonger, longer, upto, prefix-length-range, through

    Default Routing Policies for OSPF, ISIS, BGP, RIP

    > test policy

    Firewall Filters
    • Terminating - accept, resject, discard
    • Flow control - next, term
    • Modifiers      - count, log, syslog, policer, forwarding-class, loss-priority
    root@srx# show firewall
    filter block-udp {
        term udp-rjct {
            from {
                protocol udp;
            }
            then {
                count udp-rjct;
                reject;
            }
        }
        term defacult-accept {
            then accept;
        }
    }

    set interfaces ge-0/0/0 unit 0 family inet filter input block-udp
    show firewall log
    show firewall counter filter block-udp udp-rjct

    [edit routing-options forwarding-table]
    root@srx# set unicast-reverse-path [ feasible-paths active-paths ]
    set interfaces ge-0/0/0 unit 0 family inet rpf-check [ fail-filter rpf-dhcp ]


    Review Questions
    • Junos Genius App
    • http://www.juniper.net/us/en/training/certification/junosintro_track.html practice test
    • http://www.cram.com/flashcards/jncia-junos-2391281
    • http://www.aiotestking.com/juniper/category/juniper-networks-certified-internet-associate-junos/
    Comments