JunOS Config Snippets - Interfaces
I purchased a Juniper SRX a few months back. I definitely like JunOS overall so far. Some aspects are a little more verbose (I like Cisco style ACL configurations better…it seems like they are a little easier to quick look through). But overall the consistency of the JunOS configuration and the flexibility of their CLI make it pretty straightforward to use for most things. You can definitely feel that Cisco’s CLI in IOS has grown rather “organically” over the years. Cisco’s NX-OS is a little better, but JunOS feels much cleaner and more well planned.
Also, even their lower end devices have a ton of advanced functionality. Take BFD (bidirectional forwarding detection - which basically gives you faster failure detection for dynamic routing protocols) for example - my low end SRX supports this, yet Cisco’s support for BFD is still rather limited to their higher end carrier systems. As I’ve been learning more about JunOS, I’ve included some configuration snippets in my notes.
I’ll use this post to document what some of the basic configuration components for JunOS look like. These are based on my Juniper SRX 210…I know the way of configuring some of these items is different on other platforms, like the MX series. I’ll try to post additional configuration snippets as time permits.
Switched VLAN Trunk
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
# VLAN names or numbers can be used here
members [ transit-vlan default ];
}
native-vlan-id 1;
}
}
}
}
Switched Access Port
interfaces {
ge-0/0/1 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
# VLAN names or numbers can be used here
members [ user-vlan ];
}
}
}
}
}
Routed 802.1q Subinterfaces
interfaces {
ge-0/0/0 {
# Enable VLAN tagging on the interface
vlan-tagging;
# Separate unit for each subinterface, with a VLAN tag
unit 0 {
vlan-id 1000;
family inet {
address 192.168.31.2/24;
}
}
unit 100 {
vlan-id 100;
family inet {
address 192.168.32.2/24;
}
}
}
}
Routed VLAN Interface (SVI)
interfaces {
vlan {
# Each SVI configured as separate unit under VLAN interface
unit 500 {
family inet {
address 192.168.35.1/24;
}
}
}
}
vlans {
VL500_INTERNAL1 {
vlan-id 500;
# VLAN's mapped to SVI with l3-interface
l3-interface vlan.500;
}
}
LACP Port Channel
# Had to configure the number of aggregate ethernet devices to support first
chassis {
aggregated-devices {
ethernet {
device-count 5;
}
}
}
interfaces {
fe-0/0/3 {
# Physical interface mapped to the "aggregated ethernet" if
fastether-options {
802.3ad ae3;
}
}
fe-0/0/4 {
# Physical interface mapped to the "aggregated ethernet" if
fastether-options {
802.3ad ae3;
}
}
ae3 {
vlan-tagging;
# LACP specific options
aggregated-ether-options {
lacp {
active;
}
}
# Using a 1q subinterface in this case
unit 101 {
vlan-id 101;
family inet {
filter {
input cust-1mbps-filter;
}
address 192.168.37.1/24;
}
}
}
}
GRE Tunnel
interfaces {
gr-0/0/0 {
description "GRE Tunnel";
unit 0 {
tunnel {
# Source and destination of the GRE tunnel
source 192.168.32.2;
destination 192.168.32.1;
}
# IP address on tunnel interface itself
family inet {
address 192.168.33.2/24;
}
}
}
}