Recently @ Facebook we found that we required IPv6 access to TACACS for auth (AAA) for the majority of our production Network Equipment. Tacacs+ (tac_plus) is an old daemon released by Cisco in the late 90s. It still works (even at our scale) and the config was doing what we required, so it was decided that we [ View Post… ]
IPv6 Tacacs+ Support (tac_plus)
RANCID with Junos Read-Only User
Here is the setting for a Junos device to create a user with read only privileges to allow RANCID to work. [plain] set system login class RANCID permissions access set system login class RANCID permissions admin set system login class RANCID permissions firewall set system login class RANCID permissions flow-tap set system login class RANCID [ View Post… ]
Updating Juniper QFabric
The follow post shows output obtained and the upgrade process performed recently on a clients QFabric system. This output was captured updating from 12.2X30 to 12.2X50 Junos release via a ‘Non Stop Services Upgrade’ (NSSU) method. This method basically is a very conservative approach updating redundant components one at a time. The overall process is: [ View Post… ]
SRX Branch Chassis Cluster Ports
Here is a table of the ports that are used for chassis cluster control link and management ports on Branch SRX devices. The quoted ports are the ‘stand alone’ non clustered port names (not node1’s port names once clustered). In a SRX cluster the PIM slots on node1 start at the last PIM slot of [ View Post… ]
Backup your Junos configs TODAY !
Cooper’s tip of the moment, ALWAYS backup your Junos configurations. Hate when a customer does not, your router does not have raid (unless it has redundant REs, VC or is in a Chassis Cluster :)). It’s a built in feature of Junos so use it! It even allows multiple sites, so if you have DR [ View Post… ]
QFabric Part 1 – Explained and Explored First Hand
I was lucky enough to be one of the first APAC partner engineers to get my hands on Juniper’s new QFabric gigantic scalable switch technology. I have even beat some of Juniper’s own SEs. In general, it rocks, but does have some features and fine tuning, this will come. This post is an introduction to [ View Post… ]
Junos Aggregated Ethernet w/LACP and Cisco Nexus Virtual Port Channel
So when I was googiling around looking for working configurations of Junos (EX in this case) AE working with a Cisco vPC (Virtual Port Channel) I could not find any examples … So I said that I would post one. I will not be covering how to set up a VPC, if you’re interested in [ View Post… ]
Juniper SRX Screens + Dynamic VPNs
Little tip with SRX Dynamic VPNs and ‘security screens’ on the VPN’s ingress zone I stumbled across during my JNCIE-SEC study. UPDATE (20120401): Seems Juniper has addressed and fixed this bug … More info: http://kb.juniper.net/InfoCenter/index?page=content&id=KB21713&actp=RSS It seems you can not have the ‘IP Spoofing’ screen enabled when sending IPSec Dynamic VPN traffic ingressing into the zone with [ View Post… ]
Valentines – Junos Style !
Awesome – This would get the chicks …
Microsoft NPS Server + Juniper JUNOS VSA
A lot of companies run Microsoft’s Active Directory AAA infrastructure. A nice add on to AD (apart from my favorite ‘Services for UNIX’) is the Network and Policy Server (NPS). Using this RADIUS server with any radius speaking client is a nice addon that allows the majority of Network infrastructure to use AD as it’s authoriative [ View Post… ]
Recent Comments