4/03/2015

Basic Juniper Setup with VLAN Routing, OSPF, Display Set

Basic Juniper Setup:

1. From factory default, login as:
    root / no password

login: root
Password:

root@:RE:0%

2. At % prompt type:
    root@:RE:0% cli

3. root> show version

4. root> show interfaces terse

5. root> configure or edit
    root#


6. Set the hostname. For example:

root# set system host-name Chicago

7. Set the IP addresses of the built-in Ethernet ports. For example:

root# set interfaces ge-0/0/0 unit 0 family inet address 1.1.2.31/24
root# set interfaces ge-0/0/1 unit 0 family inet address 1.6.2.1/24
root# set interfaces ge-0/0/2 unit 0 family inet address 2.8.3.1/24

The unit number is the logical interface number. IP addresses are configured on the logical interface. Setting

the protocol family to inet specifies the routing table of IPv4 addresses.

7b. Set a default route (default gateway) for IPv4 packets. For example:
root# set routing-options static route 1.6.2.1/24 next-hop 10.1.1.50

7c. Configure one or more static routes:
root# set routing-options static route destination-prefix next-hop address


8. root# commit

===========


9. set root password / create user acct

set system root-authentication plain-text-password
set system login user BOB class super-user authentication plain-text-password


=== VLAN, VLAN IP Address, and Interface mapping to VLAN: 2 OPTIONS ===

OPTION 1 SET ROOT MODE#:

10.  Create some VLANs.
    a. root# set vlans WIFI vlan-id 1  === assign vlan 1 to WIFI vlan.
    b. root# set vlans v10    vlan-id 10
    c. root# set vlans STUDENT vlan-id 20
   

11. Assign IP Address to the VLAN: Create RVI.

    a. root# set interfaces vlan unit 1 family inet address 192.168.1.2/24  === associates ip address to
(unit 1) the vlan-id 1, which is the WIFI vlan.
   
    b. root# set interfaces vlan unit 10 family inet address 10.16.23.65/26 ==== the unit 10 here associates the vlan-id 10 (v10) to the IP Address.
   
    c. root# set interfaces vlan unit 20 family inet address 10.1.20.1/24


12. Assign interfaces to their respective VLANs.
    a. set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members WIFI
    b. set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members WIFI
    c. set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members WIFI
   
    d. set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members v10
    e. set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members v10
    f. set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members v10

    g. set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members STUDENT
    h. set interfaces ge-0/0/7 unit 0 family ethernet-switching vlan members STUDENT
    i. set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members STUDENT


13. Enable INTER-VLAN routing:
    a. root# set vlans WIFI    l3-interfce vlan.1
    b. root# set vlans v10 l3-interfce vlan.10
    c. root# set vlans STUDENT l3-interfce vlan.20

14. Set Default Route in the Switch:
    a. root# set routing-options static route 0.0.0.0/0 next-hop 10.16.23.10


15. Set management path:
    a. root# set system services web-management http interface vlan.20  === This only allows web management for the switch only from VLAN 20, STUDENT VLAN.

16. Enable Telnet / SSH:
    a. root# set system services telnet
    b. root# set system services ssh

17. Set DHCP forwarding options (in cisco ip helper address).

    a. root# set forwarding-options helpers bootp interface vlan.1 server 10.16.23.10  === DHCP forwarding

for WIFI VLAN, VLAN1.
    b. root# set forwarding-options helpers bootp interface vlan.10 server 10.16.23.68  === DHCP forwarding

for v10 VLAN, VLAN 10.
    c. root# set forwarding-options helpers bootp interface vlan.20 server 10.16.23.99  === DHCP forwarding

for STUDENT VLAN, VLAN 20.   

18. Save the config
    root# commit and-quit

19. root# run show interfaces terse vlan
root> show ethernet-switching interfaces


SHOW:
    show vlans
root# run show interfaces terse vlan
root# run show route 192.168.1/24



OPTION 2 hierarchy mode:
    On EX4200

== VLAN, VLAN IP Address, and Interface mapping to VLAN ===

1. root@:RE:0% cli
2. root> show vlans
3. root> edit
4. root# edit vlans
5. root# set VLAN10     vlan-id 10
6. root# set ENDUSERS     vlan-id 20
7. root# set SERVERS    vlan-id 30
8. root# show

9. Apply the VLANs to interfaces and mode access
    root# top         === exit out of vlan config.
    root# edit interfaces     === enter interfaces hierarchy
    root# edit ge-0/0/1 unit 0 family ethernet-switching
    root# set port-mode access
    root# set vlan members VLAN10 === Map this interface to VLAN10 or ENDUSERS or other VLAN.
    root# up 3         === go up 3 levels in the hierarchy.
    root# edit ge-0/0/2 unit 0 family ethernet-switching
    root# set port-mode access
    root# set vlan members ENDUSERS
    root# up 3
    root# edit ge-0/0/3 unit 0 family ethernet-switching
    root# set port-mode access
    root# set vlan members SERVERS

10. Create TRUNK interface on Juniper switch:
    root# edit interfaces
    root# edit ge-0/0/0 unit 0 family ethernet-switching
    root# set port-mode trunk
    root# set vlan members VLAN10
    root# set vlan members ENDUSERS
    root# set vlan members SERVERS
    root# show

11. commit

12. root# exit
    root> show vlans


====== Juniper Factory Default Config ===

root% cli
root> configure
root# load factory-default
root# set system root-authentication plain-text-password  == Set new root password
root# commit and-quit
root# request system reboot === reload the switch

====================================

==== Enable OSPF in Juniper ====

set interfaces ge-0/2/0 unit 0 family inet address 10.0.0.1
set protocols ospf area 0.0.0.0 interface ge-0/2/0
commit

or

set interfaces ge-0/2/0 unit 0 family inet address 10.0.0.1

edit protocols ospf
    set area 0 interface ge-0/0/1
    set area 0 interface lo0


==== Troubleshoot or Debug OSPF Juniper ====

1. do debug by:  It need to create a file to do a debug in /var/log.
# edit protocols ospf
    edit traceoptions
        set file ospf-trace
        set flag hello detail  ===type of packets to capture.
    commit
2. run monitor start ospf-trace == the file you created.

3. run monitor stop ==== STOPS all debug on the box.  But still be written to the log file.

4. run show log ospf-trace === The filename == See log still increment after monitor stop.

5. To completely disable Debug or trace
    # deactivate traceoptions
    #show === When do show, will see the "inactive" statement. And when commit, Junos will ignore the inactive statement in the config.


=====================================================

# show interfaces
user@host# show protocols ospf
    show ospf interface detail
    show ospf3 interface detail
    show configuration protocols ospf
    show ospf interface
    show ospf nei
    show ospf data


==== Config OSPF Passive Interface Juniper ====

Enabling OSPF on an interface (by including the interface statement), disabling it (by including the disable

statement), and not actually having OSPF run on an interface (by including the passive statement) are mutually

exclusive states.

set protocols ospf area 0.0.0.1 interface ge-0/2/0 passive

user@host# show protocols ospf
area 0.0.0.1 {
interface ge-0/2/0.0 {
passive;
}
}

================== commit / compare ====

To check what has been changed, but UNcommited in Junos configuration, go to cli top and do "show | compare".

This will show the candidate configuration and compare it to current commited configuration.

User@Host# show | compare

sysT3ms@FIFE-DC-EX1> show system commit



====================================================

cisco         vs         juniper

Cisco
conf t
Int Gi1/0/1
shut
no shut


Juniper
config
set interfaces ge-5/0/42 disable
commit

delete interfaces ge-5/0/42 disable
commit

Cacti Backup and Restore Script

Cacti Backup:
    Files will be saved in /home/cacti-backup/
-rw-r--r-- 1 root root  6851095 Mar 31 08:23 /home/cacti-backup/CactiFolder-2015-03-31.tar.gz
-rw-r--r-- 1 root root    25800 Mar 31 08:20 /home/cacti-backup/CLI_files-2015-03-31.tar.gz
-rw-r--r-- 1 root root   845639 Mar 31 08:20 /home/cacti-backup/LOG_files-2015-03-31.tar.gz
-rw-r--r-- 1 root root 65301949 Mar 31 08:20 /home/cacti-backup/RRAXML_files-2015-03-31.tar.gz
-rw-r--r-- 1 root root     5806 Mar 31 08:20 /home/cacti-backup/SCRIPT_files-2015-03-31.tar.gz
-rw-r--r-- 1 root root 2462302 Mar 31 08:23 /home/cacti-backup/Cacti-Database-2015-03-31.sql


Script:
 After run the backup script, enter your mysql password when ask.

[root@localhost backup]# cat cactibackup.sh

##################################################
#!bin/bash
#
# Script for backing up Cacti and all related folders
#
# This function finds all rrd files runs the rrdtool dump feature and deletes the xml file
rrdump ()
{
        for rrd in `find /home/cacti-backup/rra/ -type f -name "*.rrd"`
                do
                        xml=`echo $rrd | sed 's/.rrd//g'`
                        rrdtool dump $rrd > $xml.xml
                        rm $rrd
                done
}
#
# Timestamp in YYYY-MM-DD
TIME_STAMP="$(date +%Y-%m-%d)"
#
# Backup the MySQL database
mysqldump -u root -p  cacti > /home/cacti-backup/Cacti-Database-${TIME_STAMP}.sql
#
# Backup and archive the Cacti folder
tar -cvpzf /home/cacti-backup/CactiFolder-${TIME_STAMP}.tar.gz /usr/share/cacti
#
# Copy the RRA directory to the backup directory
cd /var/lib/cacti
cp -R rra /home/cacti-backup/
#
# Find all files with the extension rrd and run the RRDTOOL DUMP feature
rrdump
#
# Backup and archive the RRA folder
tar -cvpzf /home/cacti-backup/RRAXML_files-${TIME_STAMP}.tar.gz /home/cacti-backup/rra
#
# Remove the RRA folder
cd /home/cacti-backup
rm -rf rra
#
# Backup and archive all other required folders
tar -cvpzf /home/cacti-backup/CLI_files-${TIME_STAMP}.tar.gz /var/lib/cacti/cli
tar -cvpzf /home/cacti-backup/LOG_files-${TIME_STAMP}.tar.gz /var/log/cacti/
tar -cvpzf /home/cacti-backup/SCRIPT_files-${TIME_STAMP}.tar.gz /var/lib/cacti/scripts
##################################################


=============================================

Cacti restore:

cacti@cacti01:~/cacti-backup$ cat restore.sh

##################################################
#!/bin/bash
#
# Script for restoring Cacti and all related folders
#
# This function finds all rrd files runs the rrdtool dump feature and deletes the xml file
rrdrestore ()
{
   for xml in `find . -type f -name "*.xml"`
        do
                rrd=`echo $xml | sed 's/.xml//g'`
                rrdtool restore $xml $rrd.rrd
                rm $xml
        done
}

restore ()
{
   #Restoring Database
   mysql -u root -p cacti < $MySQLDatabase

   #Unpacking RRA files from archive
   tar -xvzf $RRAFiles -C /

   #Restore RRD files using RRDTOOL restore
        rrdrestore

   #Copy RRA folder to /var/lib/cacti
   cd /home/cacti-backup/
   cp -R rra /var/lib/cacti/

   #Delete RRA folder
   cd /home/cacti-backup
   rm -rf rra

   #Change ownership of RRA directory
   chown -R cacti:cacti /var/lib/cacti/rra
   chown cacti:root /var/lib/cacti/rra

   #Restore all other folders
   tar -xvzf $LOGFiles -C /
   tar -xvzf $CLIFiles -C /
   tar -xvzf $SCRIPTFiles -C /
   tar -xvzf $CactiFolder -C /

   #Change ownershipt of log/cacti directory
   chown -R cacti:apache /var/log/cacti

   echo
   echo Restoration Complete. Please restart server.
echo Please note: You may need to rebuild the poller cache once logged into Cacti
}
#
# Requesting information from user - date of backup in format YYYY-MM-DD
echo
echo
echo -n "Please enter the date from which you would like to restore from (YYYY-MM-DD):"
read date
echo
echo
echo Restoring from date $date
echo
echo
#
# Checking files exist
cd /home/cacti-backup/
MySQLDatabase=Cacti-Database-$date.sql
CactiFolder=CactiFolder-$date.tar.gz
RRAFiles=RRAXML_files-$date.tar.gz
LOGFiles=LOG_files-$date.tar.gz
CLIFiles=CLI_files-$date.tar.gz
SCRIPTFiles=SCRIPT_files-$date.tar.gz
#
#
echo Checking if files exist:
echo
echo
if [ -f $MySQLDatabase ]; then
  echo "File $MySQLDatabase exists. SUCCESS!"
else
echo "File $MySQLDatabase does not exist. FAIL!"
fi
#
#
if [ -f $CactiFolder ]; then
  echo "File $CactiFolder exists. SUCCESS!"
else
  echo "File $CactiFolder does not exist. FAIL!"
fi
#
#
if [ -f $RRAFiles ]; then
  echo "File $RRAFiles exists. SUCCESS!"
else
  echo "File $RRAFiles does not exist. FAIL!"
fi
#
#
if [ -f $CLIFiles ]; then
  echo "File $CLIFiles exists. SUCCESS!"
else
  echo "File $CLIFiles does not exist. FAIL!"
fi
#
#
if [ -f $LOGFiles ]; then
  echo "File $LOGFiles exists. SUCCESS!"
else
  echo "File $LOGFiles does not exist. FAIL!"
fi
#
#
if [ -f $SCRIPTFiles ]; then
  echo "File $SCRIPTFiles exists. SUCCESS!"
else
  echo "File $SCRIPTFiles does not exist. FAIL!"
fi
#
echo
echo
#
#Asking user if they want to continue
echo WARNING: IF ANY OF THE FILES ABOVE FAIL, RESTORE MAY.
while true; do
  read -p "DO YOU WANT TO CONTINUE?" yn
  case $yn in
    [Yy]* ) restore; break;;
    [Nn]* ) exit;;
    * ) echo "Please answer yes or no.";;
  esac
done
##################################################

Or if you ONLY want the database restored that contains all your devices and ports monitored just do:
After a fresh reinstall of Cacti:

cacti@cacti01:~/script$  mysql -u root -p cacti < Cacti-Database-2015-03-31.sql