EXPANSION MODULE NOT RECOGNISED:\\ show chassis fpc pic-status # If this shows the expansion modules offline. request chassis system-mode flexi-pic-mode all-members # do this and reboot CHANNELIZATION - BREAK OUT CABLES (fiber break-out):\\ * [[https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/qfx3500-3600-standalone-channel-configuring.html]] * a colon is used to signify the four separate channels. Like xe-0/1/2:0, xe-0/1/2:1, xe-0/1/2:2, and xe-0/1/2:3 [edit chassis fpc 0 pic 1] set port-range 0 3 channel-speed 10g set port 3 channel-speed 10g # for one et port (4 10G channelized) ---- **MC-LAG**\\ [[https://jira.mycompany2datacloud.com/browse/SYS-5112]] * Configuration with examples: [[https://www.juniper.net/documentation/en_US/release-independent/nce/information-products/pathway-pages/nce/nce-mc-lag-qfx-series.pdf|External Link]] * Static arp in vrrp (l3) mc-lag: [[https://forums.juniper.net/t5/Routing/QFX-mc-lag-and-family-inet-interfaces/td-p/328866|External Link]] * ICCP & ICL-PL in different links: [[https://forums.juniper.net/t5/Routing/QFX-mc-lag-and-family-inet-interfaces/td-p/328866|External Link]] * Inter-chassis Control Protocol (ICCP): It uses TCP as a transport protocol and requires Bidirectional Forwarding Detection (BFD) for fast convergence * Interchassis link-protection link (ICL-PL) : Each ICL can learn up to 512K MAC addresses. * *Consistency tools* (require 'set multi-chassis mc-lag consistency-check') [[https://www.juniper.net/documentation/us/en/software/junos/mc-lag/topics/topic-map/examples-mc-lag.html|LINK]] [[https://docs.google.com/document/d/1-mI2lDzbom1_NZXiDIQYGfo1QtH_G13a1GRIrnqwSLc/edit#bookmark=id.ja7nul40ksf9|External Link]]\\ [[https://www.juniper.net/documentation/en_US/release-independent/nce/topics/concept/mc-lag-on-core-understanding.html]] * To configure mc-lag: * Active-active : [[https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/interfaces-configuring-multi-chassis-link-aggregation.html|External Link]] * Active-standby: [[http://networkarch.blogspot.co.uk/2012/10/juniper-mc-lag-active-standby.html|External Link]] * To see status of mc-lag link [[https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-intefaces-mc-ae.html|External Link]]: show iccp detail show bfd session detail show interfaces mc-ae Paramaters to configure mc-lag, from [[https://www.safaribooksonline.com/library/view/juniper-mx-series/9781491932711/ch09.html]]: {{:network_stuff:juniper:screenshot_20181122_233210.png?900|}} \\ LINKS: \\ * [[https://www.youtube.com/watch?v=1byapa89L9w]] * [[http://jncie.tech/2017/07/10/mc-lag/]] * [[https://www.juniper.net/documentation/en_US/junos/topics/concept/mc-lag-feature-summary-best-practices.html]] * [[https://www.juniper.net/documentation/en_US/junos/information-products/pathway-pages/mc-lag/multichassis-link-aggregation-groups.pdf]] * [[http://www.hiphop-resistance.com/juniperdayone/DO_Ambassadors_2014.pdf]] * STATIC ARP AND VRRP: [[https://forums.juniper.net/t5/Routing/QFX-mc-lag-and-family-inet-interfaces/td-p/328866|External Link]] MC-LAG IN VQFX:\\ * [[https://forums.juniper.net/t5/Ethernet-Switching/vQFX-MC-LAG-not-working/td-p/313907]] ---- FOR TSHOOT:\\ set interfaces irb arp-l2-validate #turns on validation of ARP and MAC table entries, automatically applying updates if they become out of sync. Workaround when the network is experiencing other issues that also cause loss of ARP and MAC synchronization. Ddisable it during normal operation because this option might impact performance in scale configurations. show iccp show interfaces mc-ae show lacp interfaces show l2-learning redundancy-groups remote-macs show ethernet-switching table show ethernet-switching redundancy-groups remote-macs ---- **OSPF PROTOCOL**\\ To see the lsa we need to use 'detail' flag: \\ show ospf database router lsa-id 148.64.56.250 detail show ospf database external lsa-id 0.0.0.0 detail ---- PORT MIRRORING:\\ For **local** mirroring, the output interface needs to have an IP in the **switch physical interface itself**!!! Traffic will be coming encapsulated from that IP. So I really need a standalone monitoring station #B05 (ae5 is connected to dmc02) set forwarding-options analyzer employee-monitor input ingress vlan 510 set forwarding-options analyzer employee-monitor output interface ae5.0 set interfaces ae5.0 family inet address 192.1.1.1/24 ---- PERFORM A FORMAT INSTALLATION (USB REQUIRED):\\ **See this link [[https://panda314159.duckdns.org/doku.php?id=network_stuff:juniper:qfx:fortmatreinstall]]** * [[https://kb.juniper.net/InfoCenter/index?page=content&id=KB34749]] FORMAT INSTALL: * First be surewe have a copy of the configuration * [[https://kb.juniper.net/InfoCenter/index?page=content&id=KB20643]] ---- SNMP CONFIGURATION STANDARD FOR EX4600 AND ABOVE: set snmp location HERE set snmp contact ME set snmp v3 usm local-engine user ODC authentication-sha authentication-password set snmp v3 usm local-engine user ODC privacy-aes128 privacy-password set snmp v3 vacm security-to-group security-model usm security-name ODC group SNMPV3GROUP set snmp v3 vacm access group SNMPV3GROUP default-context-prefix security-model usm security-level privacy read-view SNMPVIEW set snmp v3 vacm access group SNMPV3GROUP default-context-prefix security-model usm security-level privacy notify-view SNMPVIEW set snmp view SNMPVIEW oid .1 include \\ **If snmpv3 fails in EX4600 (after an upgrade or NMS change, try this):** del snmp v3 set snmp engine-id local 88e64b801438 # iface mac address commit restart snmp gracefully all-members set snmp location Coresite-LA1 set snmp contact "sysadmin@mycompany1.co.uk" set snmp v3 usm local-engine user ODC authentication-sha authentication-password "XXXXXXXXX" set snmp v3 usm local-engine user ODC privacy-aes128 privacy-password "YYYYYYYYYYY" set snmp v3 vacm security-to-group security-model usm security-name ODC group SNMPV3GROUP set snmp v3 vacm access group SNMPV3GROUP default-context-prefix security-model usm security-level privacy read-view SNMPVIEW set snmp v3 vacm access group SNMPV3GROUP default-context-prefix security-model usm security-level privacy notify-view SNMPVIEW set snmp view SNMPVIEW oid .1 include restart snmp gracefully all-members MERAKI:\\ So we can monitor snmp through the meraki public IP, we do the following (example): Meraki > Firewall > forwarding rules csw3-snmp 1613 > 10.20.3.42 161 (restrict sourc NMS:\\ Multiple devices with the same IP (the meraki public IP), then we configure observium with the different forwarded ports (eg: 1613) cat /etc/hosts 67.212.55.69 csw2.mydomain.com 67.212.55.69 csw3.mydomain.com 67.212.55.69 csw4.mydomain.com This is to enable non standard ports for certain devices: [rancid@nms]$ cat .cloginrc add password fw0* {} {} add user * rancid add password * password add identity * /var/rancid/.ssh/rancid_rsa add method csw3.la1.mycompany1.co.uk {ssh:1023} add method csw4.la1.mycompany1.co.uk {ssh:1024} add method {ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no} add method {ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no} add method * ssh add noenable fw0* {0} add cyphertype fw0*.dc.mycompany1.co.uk aes256-cbc ---- __AIRFLOW / FANS__ \\ * AFI (AIR FLOW IN) - Port-side intake (PI) - refers to the airflow direction where the air is drawn from the **front** (fan side) and exhausted out the **back** (ports side). * AFO (AIR FLOW OUT) - Port-side exhaust (PE) - refers to the airflow direction where the air is drawn from the **back** of the device (ports side) and exhausted out the **front** (fan side). {{:network_stuff:juniper:airflow.png?400|}}