Just need to unload one SRX at a decent profit, and pick up a second EX switch with the proceeds. Might spring for a 3200 or 4200 if one comes along cheap enough.
a network engineering education Illustrated
Showing posts with label MEF-CECP. Show all posts
Showing posts with label MEF-CECP. Show all posts
Thursday, January 9, 2014
Monday, November 11, 2013
initial VRF configuration for the MPLS VPN training
Continuing on the MPLS studying with the addition of the VRF on the PE routers:
Saturday, November 9, 2013
MPLS VPN OSPF BGP configuration practice
With my work being mostly based in MPLS, but from a mainly GUI use standpoint, I'm trying to gain a better overall understanding of MPLS configuration.
I don't have the Alcatel Gear to play with here, nor CLI config rights yet at work, so I'm working with the next best thing, practicing on what I do have, Cisco Gear.
I'm using Levent Okvur's walkthrough on YouTube:
So here is the simple MPLS setup I'm using:
Three 1841's, one as Provider Core, and two as Provider edge devices.
Four 1720's as the CE devices.
Config on one of the PE routers:
I don't have the Alcatel Gear to play with here, nor CLI config rights yet at work, so I'm working with the next best thing, practicing on what I do have, Cisco Gear.
I'm using Levent Okvur's walkthrough on YouTube:
So here is the simple MPLS setup I'm using:
Three 1841's, one as Provider Core, and two as Provider edge devices.
Four 1720's as the CE devices.
Config on one of the PE routers:
Sunday, October 20, 2013
Need another SRX
Looks like the EX2200's don't have the layer 3 capabilities I'd need to have it be set up with provider bridging functions. I wasn't sure, but now know.
So... I'll be needing to pick up another SRX sooner than later, as the SRX does.
Need to be able to run this configuration to emulate the MX commands:
So... I'll be needing to pick up another SRX sooner than later, as the SRX does.
Need to be able to run this configuration to emulate the MX commands:
user@beb1> show configurationrouting-instances {pbn-1-for-eline {instance-type virtual-switch;interface ge-2/0/0.1;interface pip0.0;bridge-domains {bd1 {vlan-id 10;}eline-svlans {vlan-id-list [ 2100 ];}}pbb-options {peer-instance pbbn-1;}service-groups {eline1 {service-type eline;pbb-service-options {isid 10100 interface ge-2/0/0.1;}}}}}
Thursday, October 17, 2013
Sunday, October 13, 2013
SFP interchangeability
Well, the ADVA 850mm SFP's that apparently weren't compatible with the Cisco 3560,
DO WORK in a Juniper EX2200. This is a HUGE savings, as I picked up 6 ADVA SFP's for $35.00, and the cheapest Juniper compatible SFP's I could find were $45.00 a piece.
root@Juniper# run show chassis pic pic-slot 1 fpc-slot 0
FPC slot 0, PIC slot 1 information:
Type 4x GE SFP
State Online
Uptime 44 minutes, 19 seconds
PIC port information:
Fiber Xcvr vendor
Port Cable type type Xcvr vendor part number Wavelength
3 GIGE 1000SX MM FINISAR CORP. FTLF8519P2BNL-AD 850 nm
Obviously, ADVA branded, but actually, a Finisar product...
root@Juniper# run show interfaces diagnostics optics ge-0/1/3
Physical interface: ge-0/1/3
Laser bias current : 6.844 mA
Laser output power : 0.3450 mW / -4.62 dBm
Module temperature : 35 degrees C / 95 degrees F
Module voltage : 3.2430 V
Receiver signal average optical power : 0.3637 mW / -4.39 dBm
DO WORK in a Juniper EX2200. This is a HUGE savings, as I picked up 6 ADVA SFP's for $35.00, and the cheapest Juniper compatible SFP's I could find were $45.00 a piece.
FPC slot 0, PIC slot 1 information:
Type 4x GE SFP
State Online
Uptime 44 minutes, 19 seconds
PIC port information:
Fiber Xcvr vendor
Port Cable type type Xcvr vendor part number Wavelength
3 GIGE 1000SX MM FINISAR CORP. FTLF8519P2BNL-AD 850 nm
Obviously, ADVA branded, but actually, a Finisar product...
root@Juniper# run show interfaces diagnostics optics ge-0/1/3
Physical interface: ge-0/1/3
Laser bias current : 6.844 mA
Laser output power : 0.3450 mW / -4.62 dBm
Module temperature : 35 degrees C / 95 degrees F
Module voltage : 3.2430 V
Receiver signal average optical power : 0.3637 mW / -4.39 dBm
Saturday, October 12, 2013
EX2200 in the rack...
came last night, but had to get caught up in my Python class. Still need to password restore it.
Pics or it didn't happen...
Pics or it didn't happen...
Tuesday, October 8, 2013
Juniper EX2200 on the way
Barring any of the occasional EBay/Paypal issues, I should have an EX2200 added to the Carrier Ethernet rack within the week possibly. Surely by next week.
I have the devices partially set up now, and am working on an E-line configuration through the SRX210 from the ADVA 825.
Once the EX2200 comes in it will be run (Rack Server)HOST A -(1gig copper)- ADVA825 -(1gig copper)- SRX210 (1gig copper)- EX2200 -(1 gig MM fiber)- ADVA 206v -(1gig fiber)- HOST B(Cisco 3560)
I have the devices partially set up now, and am working on an E-line configuration through the SRX210 from the ADVA 825.
Once the EX2200 comes in it will be run (Rack Server)HOST A -(1gig copper)- ADVA825 -(1gig copper)- SRX210 (1gig copper)- EX2200 -(1 gig MM fiber)- ADVA 206v -(1gig fiber)- HOST B(Cisco 3560)
Monday, September 30, 2013
Juniper SRX210 configuration for JNCIA-SP study
Since, out of the box, the SRX210 is for all intents and purposes, a firewall, some adjustments have to be made to make it work for Service provider study. Bear with me, I'm in a bit over my head still and clawing my way out.
This came from Jeremy Merideth's blog, which it doesn't appear that he is currently maintaining, but great info in here and a thanks to him. How to get an SRX out of default Juniper config:
http://runningsecure.blogspot.com/2011/06/screenos-background.html
For the purpose of this blog I will be configuring an SRX100.
When either taking an SRX out of the box or entering the following commands, you will get the Juniper default configuration.
root@host# load factory-default
root@host# set system root-authentication plain-text-password
root@host# commit and-quit
root@host> request system reboot
Personally I prefer to work from a blank canvas, so the following commands removes all Juniper applied config, adds a few tweaks and gives us a starting point to build up our configurations.
Remove the interface Ethernet Switching
root@host# delete interfaces fe-0/0/1 unit 0 family ethernet-switching
"Repeat for interfaces range 1-7"
root@host# delete interfaces vlan unit 0 family inet address 192.168.1.1/24
root@host# delete interfaces vlan unit 0 family inet
Remove the fe0/0/0.0 interface from Security Zone
root@host# delete security zones security-zone untrust interfaces fe-0/0/0.0
Remove the Zone Interfaces and Policies
root@host# delete security zones security-zone trust host-inbound-traffic
root@host# delete security zones security-zone trust interfaces vlan.0
Remove Default Policies
root@host# delete security policies from-zone trust to-zone untrust
Remove Default Web Management
root@host# delete system services web-management http interface vlan.0
root@host# delete system services web-management https interface vlan.0
Remove NAT rule
root@host# delete security nat source rule-set trust-to-untrust
Remove Screening on Untrust Zone
root@host# delete security zones security-zone untrust screen
Remove Existing Name Servers and add Google ones
root@host# delete system name-server 208.67.222.222
root@host# delete system name-server 208.67.220.220
root@host# set system name-server 8.8.8.8
root@host# set system name-server 8.8.4.4
root@host# delete system services dhcp
Remove Default Security Zones
root@host# delete security zones security-zone untrust
root@host# delete security zones security-zone trust
root# run show configuration | display set
set version 11.1R2.3
set system root-authentication encrypted-password "$1$sF9Tjm/m$zu6xvdjAUIqeeHSP69Vfm0"
set system name-server 8.8.8.8
set system name-server 8.8.4.4
set system services ssh
set system services telnet
set system services xnm-clear-text
set system services web-management http
set system services web-management https system-generated-certificate
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set interfaces fe-0/0/0 unit 0
set interfaces fe-0/0/1 unit 0
set interfaces fe-0/0/2 unit 0
set interfaces fe-0/0/3 unit 0
set interfaces fe-0/0/4 unit 0
set interfaces fe-0/0/5 unit 0
set interfaces fe-0/0/6 unit 0
set interfaces fe-0/0/7 unit 0
set interfaces vlan unit 0
set protocols stp
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security policies
set vlans vlan-trust vlan-id 3
And then how to set it up to more closely emulate an MX series SP switch from the Juniper Forums:
Cleaned up the rack some, and added some cable management. The second ADVA (GE206V) is just waiting for some MM fiber jumpers to arrive. (quite literally, possibly, on a slow boat from china)
Need to sell a couple more racks and I'll have enough to pull the trigger on a Juniper EX2200 to more fully simulate the types of circuits we'll be performing break/fix on.
This came from Jeremy Merideth's blog, which it doesn't appear that he is currently maintaining, but great info in here and a thanks to him. How to get an SRX out of default Juniper config:
http://runningsecure.blogspot.com/2011/06/screenos-background.html
SRX Default Config
For the purpose of this blog I will be configuring an SRX100.
When either taking an SRX out of the box or entering the following commands, you will get the Juniper default configuration.
root@host# load factory-default
root@host# set system root-authentication plain-text-password
root@host# commit and-quit
root@host> request system reboot
Personally I prefer to work from a blank canvas, so the following commands removes all Juniper applied config, adds a few tweaks and gives us a starting point to build up our configurations.
Remove the interface Ethernet Switching
root@host# delete interfaces fe-0/0/1 unit 0 family ethernet-switching
"Repeat for interfaces range 1-7"
root@host# delete interfaces vlan unit 0 family inet address 192.168.1.1/24
root@host# delete interfaces vlan unit 0 family inet
Remove the fe0/0/0.0 interface from Security Zone
root@host# delete security zones security-zone untrust interfaces fe-0/0/0.0
Remove the Zone Interfaces and Policies
root@host# delete security zones security-zone trust host-inbound-traffic
root@host# delete security zones security-zone trust interfaces vlan.0
Remove Default Policies
root@host# delete security policies from-zone trust to-zone untrust
Remove Default Web Management
root@host# delete system services web-management http interface vlan.0
root@host# delete system services web-management https interface vlan.0
Remove NAT rule
root@host# delete security nat source rule-set trust-to-untrust
Remove Screening on Untrust Zone
root@host# delete security zones security-zone untrust screen
Remove Existing Name Servers and add Google ones
root@host# delete system name-server 208.67.222.222
root@host# delete system name-server 208.67.220.220
root@host# set system name-server 8.8.8.8
root@host# set system name-server 8.8.4.4
root@host# delete system services dhcp
Remove Default Security Zones
root@host# delete security zones security-zone untrust
root@host# delete security zones security-zone trust
set version 11.1R2.3
set system root-authentication encrypted-password "$1$sF9Tjm/m$zu6xvdjAUIqeeHSP69Vfm0"
set system name-server 8.8.8.8
set system name-server 8.8.4.4
set system services ssh
set system services telnet
set system services xnm-clear-text
set system services web-management http
set system services web-management https system-generated-certificate
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set interfaces fe-0/0/0 unit 0
set interfaces fe-0/0/1 unit 0
set interfaces fe-0/0/2 unit 0
set interfaces fe-0/0/3 unit 0
set interfaces fe-0/0/4 unit 0
set interfaces fe-0/0/5 unit 0
set interfaces fe-0/0/6 unit 0
set interfaces fe-0/0/7 unit 0
set interfaces vlan unit 0
set protocols stp
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security policies
set vlans vlan-trust vlan-id 3
set vlans vlan-trust l3-interface vlan.0
And then how to set it up to more closely emulate an MX series SP switch from the Juniper Forums:
Cleaned up the rack some, and added some cable management. The second ADVA (GE206V) is just waiting for some MM fiber jumpers to arrive. (quite literally, possibly, on a slow boat from china)
Need to sell a couple more racks and I'll have enough to pull the trigger on a Juniper EX2200 to more fully simulate the types of circuits we'll be performing break/fix on.
Thursday, September 12, 2013
Carrier Ethernet rack coming along... Working on Radius Authentication to become a part of Packetlife.net's LabKeeper.net beta testing.
Picked up my second ADVA to almost complete my Carrier Ethernet NID acquisitions. I'll probably try to pick up a Cisco ME3400 as well, but those end up costing nearly as much as the Junipers do.
I should be able to do some simulations and practice what we preach at work soon.
The one on top is an FSPCCf-825 with 4 x 10/100 copper access ports, 1 x gig copper access port, 1 x gig fiber access port, and two copper and two fiber network ports.
The one on the bottom is an FSP 150CC ge-206 and is all fiber with six access and two network ports.
ADVA's are made in Germany, and the quality shows.
I should be able to do some simulations and practice what we preach at work soon.
The one on top is an FSPCCf-825 with 4 x 10/100 copper access ports, 1 x gig copper access port, 1 x gig fiber access port, and two copper and two fiber network ports.
The one on the bottom is an FSP 150CC ge-206 and is all fiber with six access and two network ports.
ADVA's are made in Germany, and the quality shows.
Working hard on CCNP switch study to hopefully test for SWITCH by the end of the month.
I'm working on getting at least one lab live on the labkeeper.net system that Packetlife.net Author, Jeremy Stretch has put together. It's an amazing bit of work he's done, and should allow us to get racks out to people to use much easier. Might kill my business, but I was never really in this to make a killing, just help pay for my own racks. Hopefully, soon, I'll be a busy network engineer and have no time for the business anyway.
Sunday, August 25, 2013
New equipment trickling in... and another Juniper acquisition
After selling 5 systems over about a week and a half, my entire CCNA rack was bare, and ALL of my access servers went to good Cisco studying homes, I had to reload.
So I now have here, or on the way:
Cisco:
10 x 2960-TTL
2 x 2610xm 128/32
3 x 2611xm
3 x 2610 64/32
1 x 2620
1 x 2509rj access server
Term Servers:
2 x Avocent Cyclades TS-3000
Juniper:
J2300 Router
ADVA:
FSP-150CC - GE206V Carrier Ethernet Access switch
So my own study rack will be getting much more interesting and fiber based, in line with some coming changes at work in which my job will becoming much more Juniper (and Cisco) based again soon.
I'm replacing the rental racks access servers with the Avocent Cyclades TS-3000
These support SSH, GUI based management, and by-port authentication, which will result in a more seamless studying experience, allowing use of more effective tabbed terminal emulation which the menu-based setup I had didn't really accomplish well. The fact that I picked up two of them for half the price of a single cisco 2511 didn't hurt either. Hopefully they will work.
The start of the Juniper lab is exciting as well. I'll have to integrate it into the CCNP lab for now, with another SRX 210, and a couple EX2200 or 3200's still needed to build the stand-alone lab.
So I now have here, or on the way:
Cisco:
10 x 2960-TTL
2 x 2610xm 128/32
3 x 2611xm
3 x 2610 64/32
1 x 2620
1 x 2509rj access server
Term Servers:
2 x Avocent Cyclades TS-3000
Juniper:
J2300 Router
SRX 210b Service Access switch (a 3:30am ebay auction win for $200 !)
ADVA:
FSP-150CC - GE206V Carrier Ethernet Access switch
So my own study rack will be getting much more interesting and fiber based, in line with some coming changes at work in which my job will becoming much more Juniper (and Cisco) based again soon.
I'm replacing the rental racks access servers with the Avocent Cyclades TS-3000
These support SSH, GUI based management, and by-port authentication, which will result in a more seamless studying experience, allowing use of more effective tabbed terminal emulation which the menu-based setup I had didn't really accomplish well. The fact that I picked up two of them for half the price of a single cisco 2511 didn't hurt either. Hopefully they will work.
The start of the Juniper lab is exciting as well. I'll have to integrate it into the CCNP lab for now, with another SRX 210, and a couple EX2200 or 3200's still needed to build the stand-alone lab.
Tuesday, August 20, 2013
Changing direction a little bit
I still have one CCNA rack, and the CCNP R&S rack built, but I've started to make a few purchases to diversify training.
I picked up a Juniper 2300 rtr today, NIB for $100. Not even sure if that was a good deal or not. It appears to be.
Also picked up an ADVA FSP150CCF-GE206V , CARRIER ETHERNET ACCESS switch.
The ADVA may only interest those that I work with in Carrier transport. I'm going to build a carrier access network with mixed Juniper and Adva to enhance my ethernet skills, hopefully the SFP purchases won't break the bank.
I'll have a bid out shortly for a couple Juniper EX3200's as well. The SRX210's will probably have to wait a bit.
I picked up a Juniper 2300 rtr today, NIB for $100. Not even sure if that was a good deal or not. It appears to be.
Also picked up an ADVA FSP150CCF-GE206V , CARRIER ETHERNET ACCESS switch.
The ADVA may only interest those that I work with in Carrier transport. I'm going to build a carrier access network with mixed Juniper and Adva to enhance my ethernet skills, hopefully the SFP purchases won't break the bank.
I'll have a bid out shortly for a couple Juniper EX3200's as well. The SRX210's will probably have to wait a bit.
Subscribe to:
Posts (Atom)