Hello all...
I'm new to using ansible in our Juniper environment and have begun chipping away. At this point, I'm just looking to simply filter (cut down) the output returned from a show command.
For example, I'm using the junipernetworks.junos.junos_command module to run a 'show version' - I would like a more concise single line output. Pipes do not work with this module it seems , so (| match "string") is not useful.
Some older documentation indicated ,for example, your uptime.stdout_lines can be appended with brackets and a number indicating the line you want to display - ie uptime.stdout_lines[4] - this causes an undefined variable error when running the playbook...and no output is displayed. (see below)
What is the preferred way to get this done? - are there other modules that are more favorable to filtering? Any help and examples...
How can you filter Ansible output from Junos show command(s)?
↧
↧
Arp-Proxy isssue
I am having an issue with arp-proxy on an SRX320 (19.4)
set security nat destination rule-set rule_set_1 rule RDS1 match source-address 0.0.0.0/0
set security nat destination rule-set rule_set_1 rule RDS1 match destination-address aaa.aaa.aaa.aaa/32
set security nat destination rule-set rule_set_1 rule RDS1 match destination-port 3389
set security nat destination rule-set rule_set_1 rule RDS1 then destination-nat pool RDS1_3389
set security nat destination rule-set rule_set_1 rule RDS2 match source-address 0.0.0.0/0
set security nat destination rule-set rule_set_1 rule RDS2 match destination-address bbb.bbb.bbb.bbb/32
set security nat destination rule-set rule_set_1 rule RDS2 match destination-port 3389
set security nat destination rule-set rule_set_1 rule RDS2 then destination-nat pool RDS2_3389
set security nat proxy-arp interface...
↧
CISCO Multicast filter on interface
Hello,
One of my customers have some sites with TV studios. All of them have Juniper EX4200 switches for Multicast traffic for encoders, and we have applied some filters that match multicast IP of each encoder like example below:
ge-0/0/14 {
description SERVER-IN;
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members STR-Master;
}
filter {
output FF-14-OUT;
filter FF-14-OUT {
term ALLOW {
from {
destination-address {
233.33.33.145/32;
233.33.33.146/32;
233.33.33.147/32;
233.33.33.148/32;
233.33.33.140/32;
233.33.33.20/32;
233.33.33.41/32;
233.33.33.42/32;
233.33.33.43/32;
233.33.33.44/32;
233.33.33.45/32;
...
↧
Assign Juniper Switch IP Address
Hello,
I am completely new to the world of Juniper and JUNOS. I am just trying to get a few things configured and one of the easiest in the Ruckus/Brocade world is assigning an IP address to the switch itself.
It is basically: ip address 10.x.x.x 255.255.255.0
I can't figure out how to do something similar on JUNOS. I am sure it is something simple that I am just not finding but any help would be much appreciated.
Thanks,
↧
Juniper SRX: I keep getting unknown IKE requests
I keep getting unknown IKE requests from some random public IP addresses as seen in the logs of the Juniper SRX. Is there a way to prevent this or block all these unknown requests?
Thanks
↧
↧
How to use a Juniper VCF as a simple patch panel extension
We have 8 switches spread around the building configured as a VC riding 40GeB MMF. Someone came up with the idea to use a grouping of ports on each of the switches to act like a wired patch panel. Example ports 35-39 on switch 4 would mirror ports 35-39 on switch 8 and ports 40-44 on switch 1 would mirror ports 40-44 on switch 6. Simple VLAN configuration, but...
The devices attached to the first grouping have the same IP addresses as the devices attached to the second grouping.as well as the same multicast group IP's.
Tried disabling mac-learning on the VLANs so that the switch would just flood the traffic to all the members of the VLAN, that didn't work.
Tried static ICMP membership joins to forward the multicast, that didn't work.
Literally just need the ports on the different switches to act like a straight through wire.
The cabling...
↧
Juniper SRX 340- Need to configure Multiple Networks using single VLAN
I need to configure SRX 340 for Multiple Networks using single VLAN. I have five sets of Ip addresses 192.168.10.X/ 192.168.20.X/ 192.168.30.X/192.168.40.X/192.168.50.X. I need to establish the communication of all these networks with 192.168.60.X (PC) through firewall.
The network formed as ring and connected with 2 firewall(SRX-340) and VLAN 16 used for all.
Since, I have only one physical connection to firewall, am confused how to configure.
Kindly support.
↧
Juniper Firewall SSG 550 VPN Tunnel
Hi there, my network scenario with three branch offices connected to head office firewall SSG-550 via L2-VPN. The communication between the branches and head office is working fine, but now my server is relocating to a new location. At the new location, I have an SSG 140 firewall. I have two options for uplink:
1:VPN L2 link
2: VSAT
Now iam wondering what configuration i will need to route all my branch traffic to the server firewall using the VPN link.
below is the configuration of existing networkscenario
set interface "ethernet0/0" zone "Trust"
set interface "ethernet0/1" zone "DMZ"
set interface "ethernet0/2" zone "Untrust"
set interface "tunnel.1" zone "Untrust"
set interface "tunnel.2" zone "Untrust"
set interface "tunnel.3" zone "Untrust"
set interface ethernet0/0 ip 192.168.1.1/24
set interface ethernet0/0 nat
unset interface vlan1 ip...
↧
Juniper STP
Hello again,
I am trying to learn JUNOS and configure a Juniper Switch to mirror one of my Brocades. I am close to having it ready to deploy but one of the things I need clarification on is the STP setup. To be fair, I just am not that experienced with STP and its different options so I will post how my Brocade is setup to see if there is something similar in JUNOS.
The config on the Brocade I am trying to "mirror"
In the global config we have:
spanning-tree single
Then all of the VLANs have spanning-tree
vlan 42 name WIFIguest by port
tagged ethe 1/1/1 to 1/1/2 ethe 1/1/5 ethe 1/2/1 to 1/2/4
spanning-tree
Then another global setting:
spanning-tree single 802-1w ----Which I know is RSTP
Then every access port has:
spanning-tree 802-1w admin-edge-port
And finally the fiber Uplink to our CORE has:
spanning-tree 802-w1 admin-pt2pt-mac
Any help is...
↧
↧
How to connect and setup juniper srx 320 to access internet
I'm a newbie to setup juniper srx 320 and once i connect the ethernet cable im not able to get any ip details. i would like to know how i would setup the juniper device how i access the cli or web or usb because even im not able to find the usb drivers on internet and when I try to contact support until spending a week im still not able to get registered by juniper to get any support.
So i need assistance in this regard.
↧
LACP between Aruba 7220 and EX4600 not working
Hi,
I have a big problem with an LACP between Aruba WiFi controller 7220 and Juniper EX4600.
We have already build a virtual chassis from eight nodes (ex4600) and we want to connect the controller 7220 via LACP (4x10G). However, after setting up, the connection does not work.
Aruba does not have many configuration options. Always runs in active mode and periods fast. All options work automatically and we cannot change them.
On Juniper's side, we set up:
- LACP as passive mode
set interfaces ae0 aggregated-ether-options lacp active
- LACP periodic fast - this options not working, because Juniper still sending lacp frames in periods 30s.
set interfaces ae0 aggregated-ether-options lacp periodic fast
admin@ex4600> show configuration interfaces ae0
description "ae0 Aruba WiFi";
aggregated-ether-options {
lacp {
passive;
periodic fast;
}
}
unit...
↧
EX4400 with 920W PS
Hey.
We have some EX3400 w/ 920W PSs, and we want to replace some of them with EX4400s. Can the 920W PSs be used in the EX4400s to avoid buying new ones?
Thanks!
↧
Total amount of time a switch has been powered on?
Is there any command that JUNOS has that would show the total amount of time a switch has been in operation? Similar to an hour meter on a riding mower or boat?
I am not looking for uptime since last reboot but total running time of a switch.
Thanks!
↧
↧
Juniper commands
hello. im first time using juniper switch.
Im using from EVE-NG lab practice.
Im trying to create vlan access port on a interface ge-0/0/1
and trunk port on the interface ge-0/0/0
ive studies and research that the commands are
root@JUNIPER# set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members
and
root@JUNIPER# set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk
however i think the Juniper in my EVE-NG might be a different or old OS model.
i cannot find the command ethernet-switching after FAMILY.
↧
Juniper SRX240 Name Resolution for Azure resource
Hey everyone, I am trying to punch an Azure resource through my SRX using the URL since the IPs change so frequently and looking for the best/most secure way to set this up.
I have created a policy element and added it to a known working policy and I have discovered that my SRX is NOT resolving the URL or doing any kind of name resolution.
I do not need DNS for internal clients and would prefer to not expose my internal DNS servers. I only need name resolution for the incoming Azure resource. Is there a way to configure this for only the DMZ zone and use external DNS servers?
↧
Setup DHCP-Relay on QFX5k on multiple IRBs with MistAI
Hey Community,
at the moment I am configuring switch templates for one of our sites.
I want to relay DHCP Requests on different IRBs using the RoleBased Template configuration. (on all switches tagged "core")
Without MistAI the configuration would be something like:
Text
edit forwarding-options edit dhcp-relay set server-group DHCP_SERVER 10.250.0.4 10.250.0.5 set group DHCP active-server-group DHCP_SERVER set group DHCP interface irb.10 In MistAI there is a InfoBox for the "Additional CLI Commands":
My question is:
Will those configuration be applied if I paste it like that into the "Additional CLI Commands" field or do I need some other syntax?
Thank you in advance
↧
allowing customer reach our server having IP conflict
Hi All.
i have a customer having: PCs & firewall (on the right side of diagram, yellow colored), that asks to connect to our web server UI (orange colored left side diagram). issue is that customers PCs having a conflicting IPs with our web server.
customer asked me to change my IPs (to a different network range). I prefer not to change my servers IPs.
our TOR switch is L3 (juniper QFX5110-48S ).
what are all my options here?
many thanks in advance,
↧
↧
Juniper Transceivers
Can someone tell me the difference of these transceivers? They all seem to be the correct one. Is there a chart that shows what the different letters mean?
CTP-SFP-1GE-SX
EX-SFP-1GE-SX
SFP-1GE-SX-IT
I am just looking for a 1G SFP for an EX4200-48px that will uplink with a Brocade 1GE SX SFP (33210-100)
Thank you!
↧
Port forwarding not working Juniper
Hi all,
I have a device inside my network that is accessed by a company on the outside via a specific port, it was working well until recently when I created a VLAN on juniper switch and moved that inside that VLAN and now it isn't accessible. Before this change it was just a flat network. I do have a FortiGate firewall that I made the necessary changes on as well.
I'm not sure what else I need to do and it's a bit weird as it was working before the VLAN implementation.
↧
Juniper Security Zones and Policy Statements
SRX340
set security policies from-zone trust to-zone trust policy WANTRUST match source-address NYC1
set security policies from-zone trust to-zone trust policy WANTRUST match source-address NYC2
set security policies from-zone trust to-zone trust policy WANTRUST match source-address NYC3
set security policies from-zone trust to-zone trust policy WANTRUST match destination-address HOU1
set security policies from-zone trust to-zone trust policy WANTRUST match destination-address WAS1
set security policies from-zone trust to-zone trust policy WANTRUST match destination-address MON1
set security policies from-zone trust to-zone trust policy WANTRUST match destination-address ONT1
set security policies from-zone trust to-zone trust policy WANTRUST match destination-address NYC1
set security policies from-zone trust to-zone trust policy...
↧
