Welcome to weblogs.com.pk Sign in | Join | Help
Suppose, you have multiple following circuits that need to be removed from the configurations, and then have them disabled and marked as an [AVAILABLE]:

et-1/0/0 to et-1/0/10

With traditional approach the configlet would be pretty lengthy, however with wildcard command it's pretty damn short:

jahil# wildcard range delete interfaces et-1/0/[0-10,13,21]
jahil# wildcard range set interfaces et-1/0/[0-10,13,21] description "[AVAILABLE]"
jahil# wildcard range set interfaces et-1/0/[0-10,13,21] disable

wildcard can can also be used at other hierarchical levels. However please be careful and treat it with care, as this can be dangerous when using with regex :-)
Filed under: ,

Very, very cool Internet visualization application for Android and Iphones, they are using data from the folks at CAIDA.


Filed under:
When buying or upgrading a Juniper device, there are always questions that come to mind (Is “this” feature supported on “that” platform, and if so “which” version did it come out?)

As of July 1st, Juniper have released the Pathfinder tool: http://pathfinder.juniper.net

This tool is comprised of two features - Feature Explorer and Content Explorer

Feature Explorer gives you a list of every feature available on a product and what version of code is became available. 
Content Explorer allows you to explore Juniper Networks technical documentation for Junos OS-based products by product, task and software release and also download technical documentation PDFs by product and release.
Filed under: , ,

Earned my JNCIP-SP certification on May 20, 2011 (A completely new certification by Juniper Networks ). 


I hope to finish JNCIE-SP within next 3-4 week. Wish me all the luck :)

Filed under: , ,

Here's just a quick and handy tip for anyone who is after how to calculate CAR rate-limit.

normal burst = configured rate * (1 byte)/(8 bits) * 1.5 seconds

extended burst = 2 * normal burst 

Filed under: ,
At ICANN IPv6 News Conference, they officially announced, no more IPv4 left. 
Filed under: ,

Just in case if you want to simulate a fiber cut, you can enter a command from the FPC shell that cuts the power to the laser of an interface

start shell pfe network fpcX

test xfp <index> laser off

You can find the XFP index by doing "show xfp list" from the shell prompt.  I haven't seen a method that works for SFP interfaces.

For sonet interfaces, this hidden configuration is also an option:

set interfaces so-x/y/z sonet-options insert-los
Filed under: ,

If you are familiar with Cisco switches, and using Cisco switches fairly well, this post will help you to boost your confidence as a Juniper network engineer.

 If you can configure a Cisco switch, then you also can configure a JUNOS based switch :)  here you go.. 



(vlan)#vlan 5 name Internet

(vlan)#vlan 6 name Intranet



set vlan Internet vlan-id 5

set vlan Intranet vlan-id 6


Assign an IP addressto a VLAN:


(config)#interface vlan 5

(config-if)#ip address



set interfaces vlan unit 5 family inet address

set vlan Internet l3-interface vlan.5


Assigning a port to aVLAN (Access):


(config)#interface fastEthernet 2/2

(config-if)#switchport mode access

(config-if)#switchport access vlan 5



set interfaces fe-2/0/2 unit 0 family ethernet-switching port-mode access

set interfaces fe-2/0/2 unit 0 family ethernet-switching vlan members Intranet


Assigning a port to aVLAN (6 Trunked with 5 Native)


(config)#interface fastEthernet 2/2

(config-if)#switchport mode trunk

(config-if)#switchport trunk encapsulation dot1q

(config-if)#switchport trunk native vlan 5

(config-if)#switchport trunk allowed vlan 5,6



set interfaces fe-2/0/2 unit 0 family ethernet-switching port mode trunk

set interfaces fe-2/0/2 unit 0 family ethernet-switching native-vlan-id 5

set interfaces fe-2/0/2 unit 0 family ethernet-switching vlan members 6


Filed under: , ,

A firewall filters provide rules that define whether to permit or deny packets that are transiting an interface on a switch or router from a source address to a destination address. They can be applied to ports, VLANs, or layer 3 interfaces.


The following firewall filter types are supported for EX-series switches:
  • Port (Layer 2) firewall filter—Port firewall filters apply to Layer 2 switch ports. You can apply port firewall filters only in the ingress direction on a physical port.

    ge-0/0/0 {
    description "voice priority and tcp and icmp traffic rate-limiting filter at ingress port";
    unit 0 {
        family ethernet-switching {
            filter {
                input ingress-port-voip-class-limit-tcp-icmp;

  • VLAN firewall filter—VLAN firewall filters provide access control for packets that enter a VLAN, are bridged within a LAN, and leave a VLAN. You can apply VLAN firewall filters in both ingress and egress directions on a VLAN. VLAN firewall filters are applied to all packets that are forwarded to or forwarded from the VLAN.

    vlans {
        guest-vlan {
            description "restrict guest-to-employee traffic and peer-to-peer applications on guest VLAN";
            filter {
                input ingress-vlan-limit-guest;

  • Router (Layer 3) firewall filter—You can apply a router firewall filter in both ingress and egress directions on Layer 3 (routed) interfaces.

    ge-0/1/0 {
        unit 0 {
            description "filter at egress router interface to expedite employee traffic destined for corporate network";
            family inet {
                filter {
                output egress-router-corp-class;

Filed under: ,

You may have used traceroute in a Micrsoft OS or in Unix.  It’s quite simple and can tell you a few things about the connection between you and any other device on the internet.
So what if the problem were intermittent, or traceroute did not show any problems because perhaps the choke point is experiencing intermittent bursts of data?  Enter MTR, the big brother to traceroute.  MTR (or My Trace Route) can show you a constant display of each link and how it’s holding up.

Since JUNOS 8.0 there is a new option which allows to run traceroute in a 'MTR-like' mode:

jahil@R1> traceroute monitor

where is an IP or domain-name of the target host.

You can do a more intensive version of this through the JUNOS shell. Requires root access

jahil@R1> start shell
 % su
jahil@R1% mtr -i 0.02

Filed under: ,

Would you like to see JUNOS defaults configuration. To view certain JUNOS default settings for dynamic profiles/system/services/applications, you must type the full command:

jahil@voyager# show configuration groups junos-defaults

Note: TAB/SPACE autocomplete does not work here :)

Filed under: ,

Cisco released IOS 15.0. This is the next major release after 12.4. It’s been over 4 years since Cisco has delivered a major release of IOS code.
The new features listed in the documentation include: 

•BGP Event Based VPN Import;
•BGP Per Neighbor Graceful Restart Configuration;
•BGP RT Changes Without PE-CE Neighbor Impact;
•BGP local convergence in MPLS VPN networks (the feature has already been available in 12.2 SRC, now it’s available on more platforms);
•Full BFD support, including static routes, BFD-in-VRF and BFD-over-Frame Relay (next step: test it on a 2800-series router);
•DHCP authentication;
•DMVPN tunnel health monitoring;
•EEM 3.1 (whatever that is, the EEM documentation hasn’t been updated yet);
•Interaction between IS-IS and LDP;
•OSPF graceful shutdown and OSPF TTL security check features are available on more platforms;
•Intra-zone traffic inspection in zone-based firewall;
•VRF Aware RSVP Agent and Gateway;
•WCCP: VRF Support;

nd many more http://www.cisco.com/en/US/docs/ios/15_0/15_0_1_m/15_0_1_m_newfeatlist.html#wp1055140 Good job; finally we have something new to play with :)

Filed under: ,

The JUNOS command completion feature saves you lots of time and energy, and it provides syntax checking as you type. Gone are the days when you type a command on a line and after you press Enter the command is either invalid or not supported on that version of software. Any error or ambiguity will be detected early, and the router/switch will present a list of valid completions for the current command.

You can disable command completion on a per-login basis by modifying the CLI environment with an operational mode set cli command:

jahil@R1> set cli ?
Possible completions:
complete-on-space Set whether typing space completes current word

But a good reason to do so has not yet been noted.

You can evoke command completion by using either the space bar or the Tab key. Note that the Tab key also completes user-assigned variables such as interface names, IP addresses, firewall filters, and filenames.

Note: The most confusing thing about command completion is when to use space and when to use tab. The space bar is used until a variable is reached, at which time the Tab key is used to auto-complete the user variable for the filter name of test_JUNOS-JAHIL-FILTER.

Filed under: ,

Remember Juniper's JUNOS is heavily influenced by Unix, afterall it does sit on top of FreeBSD. You can use EMACS commands for cursor movement, which include:

Ctrl-a  Moves the cursor to the beginning of the command line, back to the prompt
Ctrl-e Moves the cursor to the end of the command line
Ctrl-b Moves the cursor back one character
Ctrl-k Delete everything from the current cursor position to the end of the line
Ctrl-x Delete the entrie line.
Ctrl-l Bring back the current line
Ctrl-p Scroll back through command history (analogous to up arrow)
Ctrl-n Scroll forward through command history (analogous to down arrow)
Ctrl-r Search command history for a string

Just like in GNU less you can

say you run a show, this has been pageanated, that is split into pages if the output of the command shows more than one screen. You can go all the way to end by hitting
similarly you can return to the first of the output by typing

You can also search for a string in the page by
/(your search string)

Filed under: ,

Aggregated ethernet interface increases bandwidth, provides graceful degradation as failure occurs, and of course increases availability.

To configure an aggregated ethernet interface on Juniper's boxes, you can use the link aggregation feature to aggregate one or more links to form a virtual link.The client will treat this virtual link as if it were a single link.

To configure aggregated ethernet interfaces, using the JUNOS CLI:

1.Specify the number of aggregated ethernet interfaces to be created:

[edit chassis]
jahil@Voyager#set aggregated-devices device-count 2

2.Specify the minimum number of links for the aggregated Ethernet interface (aex):, that is, the defined bundle, to be labeled “up”: 

[edit interfaces]
jahil@Voyager#set ae0 aggregated-ether-options minimum-links 2

3.Specify the link speed for the aggregated ethernet bundle:

[edit interfaces]
jahil@Voyager#set ae0 aggregated-ether-options link-speed 1g

4.Specify the members to be included within the aggregated ethernet bundle:

[edit interfaces]
jahil@Voyager#set ge-0/1/0 ether-options 802.ad ae0
jahil@Voyager#set ge-1/1/0 ether-options 802.ad ae0

5.Specify an interface family for the aggregated ethernet bundle:

[edit interfaces]
jahil@Voyager#set ae0 unit 0 family inet address

Note: An interface with an already configured IP address cannot form part of the aggregation group.

Filed under: ,
More Posts Next page »