Skip to main content

Juniper Notes

Vlan Switching 

For Ex33 switches, auto-negotiation is not required.

delete interfaces xe-0/0/0
set interfaces xe-0/0/0 ether-options auto-negotiation
set interfaces xe-0/0/0 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 4082
set interfaces xe-0/0/0 unit 0 family ethernet-switching recovery-timeout 300
delete interfaces xe-0/0/0
set interfaces xe-0/0/0 description member-ae0
set interfaces xe-0/0/0 ether-options auto-negotiation
set interfaces xe-0/0/0 ether-options 802.3ad ae0

lacp aggregated switches

set interfaces ae0 description CST:6349
set interfaces ae0 aggregated-ether-options link-speed 10g
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members 4040
set interfaces ae0 unit 0 family ethernet-switching vlan members 4041
set interfaces ae0 unit 0 family ethernet-switching storm-control default
set interfaces ae0 unit 0 family ethernet-switching recovery-timeout 300

Firewall Rules

set interfaces vlan unit [VAN_ID] family inet filter input INBOUND-TRAFFIC
set firewall family inet filter INBOUND-TRAFFIC term name-of-rule from source-address IP/[IP]/32
set firewall family inet filter INBOUND-TRAFFIC term name-of-rule from destination-address IP/[IP]/32
set firewall family inet filter INBOUND-TRAFFIC term name-of-rule from destination-port 22
set firewall family inet filter INBOUND-TRAFFIC term name-of-rule then accept