Junos OS

last person joined: 5 days ago 

Ask questions and share experiences about Junos OS.

  • 1.  Searching for a solution on this migration from Cisco!

    Posted 08-11-2020 07:18

    So, I'm migrating from Cisco to Juniper, but a couple of things in the Cisco conf I can't seem to find in Juniper.

     

    Cisco has the remote-as ASNUMBER in it's BGP conf, but I can only find peer-as in Juniper during the setup of BGP.

     

    Cisco has the ip access-group GROUPNAME in, for inter VLAN, but I can't find that either. What's the solution for that in Juniper?

     

    Cheers

     



  • 2.  RE: Searching for a solution on this migration from Cisco!
    Best Answer

    Posted 08-11-2020 07:33

    Hello,

     

    @Tideman wrote:

     

    Cisco has the remote-as ASNUMBER in it's BGP conf, but I can only find peer-as in Juniper during the setup of BGP.

     

     

     

    CSCO "remote-as" knob is the same as JUNOS "peer-as"

     

     

    @Tideman wrote:

    Cisco has the ip access-group GROUPNAME in, for inter VLAN, but I can't find that either. What's the solution for that in Juniper?

     

     

     

    Depends on where this access-group is applied. If on the subinterface, then JUNOS equivalent is

     

     

    set interfaces xe-X/Y/Z unit W family inet filter input GROUPNAME

     

     

     

    And You need to create this filter separately, of course.

     

    HTH

    Thx

    Alex

     



  • 3.  RE: Searching for a solution on this migration from Cisco!

    Posted 08-12-2020 04:15

    Found one more line I can't find a solution for...

     

    permit udp addrgroup GROUPNAME any portgroup PORTGROUP

     

    This is for the firewall part.



  • 4.  RE: Searching for a solution on this migration from Cisco!

    Posted 08-12-2020 04:28

    Hello,

     

    @Tideman wrote:

    Found one more line I can't find a solution for...

     

    permit udp addrgroup GROUPNAME any portgroup PORTGROUP

     

    This is for the firewall part.

     

    Please try this one:

     

     

    set firewall family inet filter F1 term t1 from source-prefix-list GROUPNAME
set firewall family inet filter F1 term t1 from protocol udp
set firewall family inet filter F1 term t1 from destination-port [ BLaH1 BLAh2 ...] # You have to list all ports separately, JUNOS does not have a "portgroup" equivalent
    set firewall family inet filter F1 term t1 then accept

     

    And You have to create a prefix-list GROUPNAME separately, of course.

    HTH

    Thx

    Alex

     

     

     



  • 5.  RE: Searching for a solution on this migration from Cisco!

    Posted 08-12-2020 05:46

    Yeah, I found the solution for prefix-list during the time since I wrote this.

    Cheers



  • 6.  RE: Searching for a solution on this migration from Cisco!

    Posted 08-11-2020 14:17

    If you're coming from Cisco (I did too), you'd be familiar with using ACLs and route-maps to apply additional settings.

     

    The same concepts apply in Juniper of course, but the way they're implemented is different.

    On a Junos router, you have a firewall filter (like an ACL) and route policies (like route-maps)

     

    Firewall filters match 'interesting' traffic using conditions like src/dst IP, port, protocol, and others.

    They are then used in the routing policy to achieve your goals (like AS-Path prepending, changing local preference, etc).

     

    Here is what I recommend. Go to https://jlabs.juniper.net/vlabs/ and log in. Choose a suitable topology, and start it up.

    Then, start configuring BGP, firewall filters, and route policies. There is more information in these links:

     

    https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/routing-protocol-bgp-security-configuring.html

    https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/firewall-filter-ex-series-cli.html

    https://www.juniper.net/documentation/partners/ibm/junos11.4-oemlitedocs/config-guide-routing-policy.pdf