Switching

Hello,

I have problem with configuring out-of-band interface. First of all I`ve never worked with any of Juniper producst before. Also I enherited this infrastructure after previous employees so it was already set-up and configured. Therefore I ask you for patience but I can learn fast 🙂

first of all, we use 3 basic VLANs

VLAN 1    - 192.168.200.0/24 (Native vlan)
VLAN 20  - 172.16.20.0/24 (PC vlan)
VLAN 221 - 192.168.221.0/24 (MGMT vlan)

I had made this cabling set-up -->

Cisco:
interface FastEthernet0/5
description SROSPC-JUNTEST
switchport access vlan 20
switchport mode access

interface FastEthernet0/14
description MGMT MDXKESW06
switchport access vlan 221
switchport mode access

till now we used IP address 172.16.20.254 for managing this switch (cable to MGMT port was not connected). SSH and HTTPS was working but we have dedicated MGMT Vlan so I want to use IP from MGMT subnet. 

I went to webinterface on EX 3300. I found TAB management access, changed it and commited it. But then HTTPS access stopped working, right now I can use CLI but still only via 172.16.20.254

I would like to de-configure 192.168.200.254 and 172.16.20.254 from the switch and use only 192.168.221.16 on MGMT interface for managing this switch.

actual configuration on EX 3300 -->

    me0 {
        unit 0 {
            family inet;
        }
    }
    vlan {
        unit 0 {
            family inet {
                address 172.16.20.254/24;
            }
        }
        unit 1 {
            family inet {
                address 192.168.200.254/24;
            }
        }
    }
    vme {
        unit 0 {
            family inet {
                address 192.168.221.16/24;
            }
        }
    }
}

root@MDXKESW06# run show interfaces terse | match me
bme0                    up    up
bme0.32768              up    up   inet     128.0.0.1/2
me0                     up    up
me0.0                   up    up   inet
pime                    up    up
vme                     up    down
vme.0                   up    down inet     192.168.221.16/24

below is detailed interface configuration...

root@MDXKESW06# run show interfaces me0 detail
Physical interface: me0, Enabled, Physical link is Up
  Interface index: 1, SNMP ifIndex: 33, Generation: 1
  Type: Ethernet, Link-level type: Ethernet, MTU: 1514, Clocking: Unspecified, Speed: 100mbps
  Device flags   : Present Running
  Interface flags: SNMP-Traps
  Link type      : Full-Duplex
  Physical info  : Unspecified
  Hold-times     : Up 0 ms, Down 0 ms
  Current address: 0c:86:10:5a:14:3f, Hardware address: 0c:86:10:5a:14:3f
  Alternate link address: Unspecified
  Last flapped   : 2016-07-27 11:02:38 CEST (06:23:48 ago)
  Statistics last cleared: Never
  Traffic statistics:
   Input  bytes  :              4023164
   Output bytes  :                    0
   Input  packets:                47508
   Output packets:                  830
   IPv6 transit statistics:
    Input  bytes  :                   0
    Output bytes  :                   0
    Input  packets:                   0
    Output packets:                   0

  Logical interface me0.0 (Index 3) (SNMP ifIndex 34) (HW Token 4294967295) (Generation 1)
    Flags: Up SNMP-Traps Encapsulation: ENET2
    Bandwidth: 0
    Traffic statistics:
     Input  bytes  :              4023164
     Output bytes  :               211650
     Input  packets:                47508
     Output packets:                  830
    Local statistics:
     Input  bytes  :              4023164
     Output bytes  :               211650
     Input  packets:                47508
     Output packets:                  830
    Protocol inet, MTU: 1500, Generation: 141, Route table: 0
      Flags: Is-Primary



root@MDXKESW06# run show interfaces me0.0 detail
  Logical interface me0.0 (Index 3) (SNMP ifIndex 34) (HW Token 4294967295) (Generation 1)
    Flags: Up SNMP-Traps Encapsulation: ENET2
    Bandwidth: 0
    Traffic statistics:
     Input  bytes  :              4023662
     Output bytes  :               212160
     Input  packets:                47511
     Output packets:                  832
    Local statistics:
     Input  bytes  :              4023662
     Output bytes  :               212160
     Input  packets:                47511
     Output packets:                  832
    Protocol inet, MTU: 1500, Generation: 141, Route table: 0
      Flags: Is-Primary



root@MDXKESW06# run show interfaces vme detail
Physical interface: vme, Enabled, Physical link is Down
  Interface index: 66, SNMP ifIndex: 35, Generation: 4
  Type: Mgmt-VLAN, Link-level type: Mgmt-VLAN, MTU: 1518, Clocking: Unspecified, Speed: 1000mbps
  Device flags   : Present Running
  Interface flags: Hardware-Down SNMP-Traps
  Link type      : Full-Duplex
  Link flags     : None
  Physical info  : Unspecified
  Hold-times     : Up 0 ms, Down 0 ms
  Current address: 0c:86:10:5a:14:02, Hardware address: 0c:86:10:5a:14:02
  Alternate link address: Unspecified
  Last flapped   : Never
  Statistics last cleared: Never
  Traffic statistics:
   Input  bytes  :                    0
   Output bytes  :                    0
   Input  packets:                    0
   Output packets:                    0
   IPv6 transit statistics:
    Input  bytes  :                   0
    Output bytes  :                   0
    Input  packets:                   0
    Output packets:                   0

  Logical interface vme.0 (Index 5) (SNMP ifIndex 36) (HW Token 65535) (Generation 3)
    Flags: Link-Layer-Down Device-Down SNMP-Traps Encapsulation: ENET2
    Traffic statistics:
     Input  bytes  :                    0
     Output bytes  :                    0
     Input  packets:                    0
     Output packets:                    0
    Local statistics:
     Input  bytes  :                    0
     Output bytes  :                    0
     Input  packets:                    0
     Output packets:                    0
    Protocol inet, MTU: 1500, Generation: 206, Route table: 0
      Flags: None
      Addresses, Flags: Dest-route-down Is-Preferred Is-Primary
        Destination: 192.168.221/24, Local: 192.168.221.16, Broadcast: 192.168.221.255, Generation: 5

I am totally lame and lost with Juniper technologies, please help 🙂  Thanks

Initial thought is that you have to change web-management to listen on me0.0 and remove the vlan.1 interface and change the IP to be bound to the me0.0 instead of vme0.0 (vme0.0 is used in virtual chassis configuration to let the management IP move to the master switch in the virtual chassis).

web-management It's located under the system stanza - example:

services {
    web-management {
        https {
            system-generated-certificate;
            interface ge-0/0/1.10;
        }
    }
}

I hope this is enough guidance to get this working - otherwise, let me know.

Hello Jonas,

thank you very much, this really helps me. My thoughts were similar but I am not so familiar with Juniper yet. Other problem is to dig out proper working commands from internet resources to get this tasks which you have mentioned done.

- I configured vme0.0 because I thought I am configuring me.0.0

- it is only one physical switch so it`s not virtual chassis

- I have OS version JunOS 15.1 R3.6

I checked the services, web-management is bound to me0.0 but any IP is assigned to me0.0

services {
       ssh {
                 protocol-version v2;
       }
       netconf {
              ssh;
       }
       web-management {
                 http {
                        interface me0.0;
                 }
                 https {
                          system-generated-certificate;
                          interface me0.0;

                 }

what about ssh? should I bound it to me0.0 too?

I will try to configure it regarding your advice and let you know the results. 

 Thank you

(post was edited...)

-------------------------

Best regards

Stefan Sroka

Network specialist, Mediworx Software Solutions (Slovakia)

sorry, I am totally lost with the commands.

Could you please advise which command should I use?

I used "set interfaces me0 unit 0 family inet address 192.168.221.26/24" (because .16 is already used on vme) but it didn`t appear in configuration after commit. And if I use this command with me0.0 i got syntax error 😞

I`ve noticed I have also 2 L3 interfaces... 

vlans {
}
MGMT {
description MDX_MGMT;
vlan-id 221;
}
PC {
description MDX_workstations;
vlan-id 20;
l3-interface vlan.0;
}
default {
description MDX_200_old;
vlan-id 1;
l3-interface vlan.1;
}
}

Hi, 

You could run the command to delete vme0:

delete interfaces vme0

Then use the same set command to configure me0. 

I guess if there's config on vme0 and me0, it will result in a conflict.

Cheers, 

Ashvin

You don't need to create the management vlan on the EX3300 as me0.0 is a routed port with no knowledge about which vlan it's plugged into. The same goes for l3-interface on the two vlans as I expect they should only function as switched ports.

Then you can delete the following:

delete vlans MGMT
delete vlans PC l3-interface vlan.0
delete vlans default l3-interface vlan.1

As AshvinO has mentioned you can also delete vme0.0 and assign the IP on me0.0.

ssh don't need to be bound to a specific interface - it listens on all the device IP addresses. If you want to limit access you will need to apply a firewall filter to limit which sources who can access the EX3300.

Hi guys,

thank you for help but I can not delete interface vme. 

root@xxx# delete interfaces vme
warning: statement not found

if I write "delete interfaces ?" I can`t see vme interface in the list... 

regarding L3 interfaces, I think they created them because they were trying to set up IP for management access as they were not able to set-up management port. (they=people before me, I came to company and inherited this device)

regarding applying commands, I am in configuration mode. 

I am starting to be desperate, I was not able to make any real change in configuration by CLI yet 😞

Please paste the entire config in here, then it's easier for us to guide you.

On a side note I would recommend you to look at the Day One library which is a collection of pdf's which gives a very good introduction of the Junos CLI and other relevant subjects.

Hi,

I`ve pasted whole config to .txt file in attachments.

Thanks,

Stefan

Attachment(s)

EX 3300 config.txt   13 KB 1 version

Hi, 

One of the things you could do is view configuration in display set mode and then replace set with delete.

show configuration | display set

 vme would be something like:

set interfaces vme unit 0 family inet address 192.168.221.16/24

You could delete the IP address using:

delete interfaces vme unit 0 family inet address 192.168.221.16/24

Also, I noted the default route is using vlan1 interface:

route 0.0.0.0/0 next-hop 192.168.200.1

If you are performing the changes using in-band management connectivity, you may use "commit confirmed x" to avoid losing management connectivity in case of any wrong config.

Cheers,

Ashvin

Hi,

- I am connected via CLI via IP 172.16.20.254

- I attached whole output of display set (this is really useful)

set interfaces me0 unit 0 family inet
set interfaces vlan unit 0 family inet address 172.16.20.254/24
set interfaces vlan unit 1 family inet address 192.168.200.254/24
set interfaces vme unit 0 family inet address 192.168.221.16/24

should I change then this to next hop 192.168.221.1 ? or completely delete it as it should serve only as L2 switch with MGMT interface 192.168.221.x 

set routing-options static route 0.0.0.0/0 next-hop 192.168.200.1

I also didn`t get this command -->

set system backup-router 192.168.221.1

- I`ve noticed there is mentioned unit 1, but as it is only one physical machine I suppose there is only unit 0 🙂

- commit confirmed x <-- this is exact syntax of the command? 

Thanks

Stefan

Attachment(s)

EX 3300 config display set.txt   12 KB 1 version

first try...

root@xxx# delete interfaces vlan unit 1 family inet address 192.168.200.254/24
warning: statement not found

root@xxx# delete interfaces vme unit 0 family inet address 192.168.221.16/24
warning: statement not found

root@xxx# commit confirmed

error: L3-interface is referenced by at least 2 vlans <default> and <PC>
error: configuration check-out failed

Hi, 

Can you check for:

> show configuration | compare

Is there any other configuration changes pending commit?

The backup-router allows for a MGMT default route to come up when the rpd [routing] process is not running.

http://www.juniper.net/documentation/en_US/junos14.1/topics/task/configuration/backup-router-configuring.html

Cheers,

Ashvin

here it is... 

root@xxx> show configuration | compare

{master:0}
root@xxx>

I don`t know about any other changes pending to commit... 

I found out that we have "product warranty" till january 2017. I will try to open a case then. 

Hi, 

Sorry my bad. Should have asked you to do a "show | compare" when in config/edit mode.

#show | compare

Cheers,

Ashvin

there you go...

root@MDXKESW06# show | compare
[edit interfaces]
-   me0 {
-       unit 0 {
-           family inet;
-       }
-   }
[edit interfaces vlan unit 0 family inet]
        address 172.16.20.254/24 { ... }
+       address 192.168.221.16/24;
[edit interfaces vlan unit 1]
-     family inet {
-         address 192.168.200.254/24;
-     }
[edit interfaces]
-   vme {
-       unit 0 {
-           family inet {
-               address 192.168.221.16/24;
-           }
-       }
-   }
[edit routing-options static route 0.0.0.0/0]
-    next-hop 192.168.200.1;
+    next-hop [ 192.168.200.1 192.168.221.1 ];
[edit vlans default]
-   l3-interface vlan.1;

{master:0}[edit]
root@MDXKESW06#

"show | compare" gives you a diff of pending changes which will be activated during commit

what I will suggest to do is stated below. This rolls the configuration back to the starting point, delete vme0.0, vlan.0 and vlan.1, defines the right IP on me0.0 and changes default route to the right subnet. Finally "commit confirmed" activates the config where you are able to test login via 192.168.221.16 via me0.0.

If you aren't able to log in, then the configuration is rolled back to the starting point regaining access via the old IP.

If you are able to login via 192.168.221.16 after commit confirmed, then go into configuration mode and run "commit" a second time to make the change permanent.

I really would recommend you to look at the day one books to get a starting point of managing your Juniper switch so you are able to debug/manage the device yourself.

rollback

delete interface vme0.0
set interface me0.0 family inet address 192.168.221.16/24
delete interface vlan.0
delete interface vlan.1
delete routing-options static route 0.0.0.0/0 next-hop 192.168.200.1
set routing-options static route 0.0.0.0/0 next-hop 192.168.221.1

delete vlans default l3-interface vlan.1
delete vlans PC l3-interface vlan.0

commit confirmed

Hi, 

warning: statement not found

was because there were pending changes, and the same delete statement was applied again.

I am not sure if all those are changes that you intend to commit. If not, you could reset the pending changes using "rollback 0" and apply the required changes from scratch again:

# rollback 0
# delete interfaces vme
# set interfaces me0 unit 0 family inet address x.x.x.x/x
# delete routing-options static route 0.0.0.0/0 next-hop 192.168.200.1
# set routing-options static route 0.0.0.0/0 next-hop 192.168.221.1

Before commit, you can compare the changes with "show | compare", validate and do a commit confirmed x.

x is the time in mins after which the configuration will revert to the previous if another commit is not applied.

If you're happy with the change and still connected, you can do another commit to confirm the change.

You could do other changes to vlan1 as a next step if you want.

Hope this helps.

Cheers, 

Ashvin

Hi,

I will go for rollback and then start again from the scratch, as my shift is over for today I will continue on tomorrow and let you know the results. 

Thank you

cheers,

Stefan

Hello guys,

finally I moved somewhere,

I have started with rollback 0

then I put following commands --> 

root@xxx# delete interfaces vme
root@xxx# set interfaces me0 unit 0 family inet address 192.168.221.26/24
root@xxx# delete routing-options static route 0.0.0.0/0 next-hop 192.168.200.1
root@xxx# set routing-options static route 0.0.0.0/0 next-hop 192.168.221.1
root@xxx# delete vlans default l3-interface vlan.1

interface is pingable ...

C:\Users\ssroka>ping 192.168.221.26
Pinging 192.168.221.26 with 32 bytes of data:
Reply from 192.168.221.26: bytes=32 time=1ms TTL=64
Reply from 192.168.221.26: bytes=32 time=1ms TTL=64
Reply from 192.168.221.26: bytes=32 time=1ms TTL=64
Reply from 192.168.221.26: bytes=32 time=1ms TTL=64
Ping statistics for 192.168.221.26:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms

 I see changes in configuration

routing-options {
    static {
        route 0.0.0.0/0 next-hop 192.168.221.1;

    me0 {
        unit 0 {
            family inet {
                address 192.168.221.26/24;
            }
        }
    }
    vlan {
        unit 0 {
            family inet {
                address 172.16.20.254/24;
            }
        }
    }
}

    default {
        description MDX_200_old;
        vlan-id 1;
    }
}

but IP 192.168.221.26 is still not reachable by ssh or https...do you think it is because of L3 interface of 172.16.20.254 and I have to get rid of it too too get it working? 

should I proceed with deleting it and then for example "commit 10" and if I will not put "commit confirmed" configuration will revert automatically? and during those 10 minutes I have time to test it?

Do I understood it well? 

I attached full config and output of display set...

Thanks,

Stefan

Attachment(s)

EX 3300 config display set.txt   12 KB 1 version

EX 3300 full config.txt   12 KB 1 version

Hi guys,

we made it 🙂

I used -->

delete vlans PC l3-interface vlan.0
commit confirmed 10

and now it`s working perfectly, both SSH and HTTPS on 192.168.221.26, thank you for your effort to get through this with me. 

all the best,
Stefan