I recently read Junos Security book and Junos Security course materials, so I pretty confident in my knowledge of basic SRX security functions. For configuration examples use Security Zones and Interfaces Feature Guide and Security Policies Feature Guide. Complete SRX Security zones configuration hierarchy: security { zones { functional-zone { management { description text; …
This Day One Book provides a good coverage of Control plane protection firewall filters. Or you can use Juniper MX Series book – same material there. Also take a look at QFX Security Feature Guide, Firewall Filters Configuration Guide and User and Access Management Feature Guide. All of this are not the core topics of JNCIE-DC lab, so I don’t expect any really complex tasks in this chapter – just basic stuff. Just ensure you have basic understanding how to configure and apply CoPP…
Next topic – Layer 3 Underlay – Clos IP fabric. Please refer to Juniper QFX5100 Series book and this whitepaper. Pretty basic stuff if you already have some experience with BGP and policies. Make sure you know the differences between various IBGP and EBGP design options, although there is only EBGP option stated explicitly in JNCIE-DC lab exam topics. Learn different schemas of AS numbers assignment. BGP configuration example: bgp { log-updown; import bgp-clos-in; export bgp-clos-out; …
If you look for a comprehensive explanation of MC-LAG technology – Juniper MX Series book is the best choice. For all configuration details refer to MC-LAG Feature Guide. MC-LAG configuration can be broken up into four important pieces: Inter Chassis Control Protocol (ICCP), Inter Chassis Link (ICL), MC-LAG interface and IRB interface. So let’s start with ICCP: user@switch2 > show configuration protocols iccp local-ip-addr 10.2.2.2; peer 10.1.1.1 { session-establishment-hold-time 50; redundancy-group-id-list 1; backup-liveness-detection { …
To configure a block of 40-Gigabit Ethernet (et) ports on QFX3500, QFX3600, QFX5100, EX4600 switches to operate as 10-Gigabit Ethernet ports, specify a port range and channel speed: [edit chassis fpc fpc-slot pic pic-slot] user@switch# set port-range port–range-low port-range-high channel-speed speed For example, to configure ports 0 through 3 on PIC 1 to operate as 10-Gigabit Ethernet ports: [edit chassis fpc 0 pic 1] user@switch# set port-range 0 3 channel-speed 10g To configure just one single port to…
Juniper QFX5100 Series book has pretty good coverage of VCF related topics, but I think VCF feature guide is better suited for lab preparation. Unfortunately I don’t have real QFX5100 gear, so my VCF study would be completely theoretical. But the good news are that all that complexity of VCF has nothing to do with end user, and to just configure it is a pretty simple task. Definitely no rocket science… VCF can be configured in two different ways: autoprovisioned and…
ZTP process is well explained in the Data Center Swithing cource (DCX) – read about it there if you can find this material. Especially the lab module for ZTP. Also there is fine free ZTP Day One book. The core part of ZTP process is the configuration of DHCP server, that looks something like this: set vendor-string = option vendor-class-identifier; option space ZTPDEMO; option ZTPDEMO.image-file-name code 0 = text; option ZTPDEMO.config-file-name code 1 = text; option ZTPDEMO.image-file-type code 2 = text;…
During my preparation for JNCIE-DC lab exam, I’ll post here my notes about exam topics. Firstly there will be just theory (excerpts from books and config/feature guides), and later on I plan to practice most important topics in my virtual lab. First topic – On-box Scripting. I don’t believe that there will be some complex tasks on this topic in the lab exam – I expect just really basic stuff. Definitely no hard programming skills required. So I think it wolud…
In this post I tried to collect all useful links to technical documentation that I plan to use during my study for JNCIE-DC lab attempt. This materials will be used primarily for repetition and more focused, deep-dive study of lab topics – should be used only after studying Juniper DC base materials from previous post. So, the complete JNCIE-DC exam blueprint: Management On-box Scripts –>…
Once again I’m convinced by my own experience that Juniper tests a lot more interesting and practical than Cisco ones (I’m recently passed CCIE R&S written to update my cert – such a horrible experience that I don’t want to even look at Cisco for another two years). Not so long ago I passed JNCIP-DC and would like to save some notes about this exam. First of all, materials from recommended courses – Data Center Switching (DCX) and Advanced Data Center…