# 802.1 Etherner Switches
## Hardware list
New Juniper EX3300:
- jex1.asozial - SpaceMkII network-rack PoE switch
- jex2.asozial - SpaceMkII network-rack switch (sometimes off)
## Vendor docs
Juniper (JunOS) docs cover all or most of their products in one document but there are CLI differences across different product categories and software versions (pre/post ELS) so it can be difficult to find exactly the docs page or incantation you need for a particular product. Reading carefully or if all else fails Google is your friend here.
- 802.1 L2, VLAN, ARP, Multicast
<https://www.juniper.net/documentation/us/en/software/junos/multicast-l2>
- L3 Per-port IP addressing, VLAN tagging config, negotiation etc.:
<https://www.juniper.net/documentation/us/en/software/junos/interfaces-ethernet-switches/index.html>
- Static IP routing:
<https://www.juniper.net/documentation/us/en/software/junos/static-routing/index.html>
- OS Snapshot, Recovery and Boot-from-USB
<https://www.juniper.net/documentation/us/en/software/junos/junos-install-upgrade/topics/topic-map/backing-up-install-using-snapshot.html>
## Management Access
- `jex1.asozial.it-syndikat.org` -- fe80::7e81
- `jex2.asozial.it-syndikat.org` -- fe80::7e82
SSH just works as you'd expect. Password is in Vault, same for both.
------
## Command quick reference
Show config
- `show configuration` (for hierarchical format)
- `show configuration | display set` (for line-based `set` commands)
- In `edit` mode it's just `show`.
Config Manipulation
- `delete` -- remove subtree. think: `rm -r`
- `replace` -- string/pattern substitution
- `deactivate`/`activate` -- "comment out" subtree
- `annotate` -- add comment
CLI
- Disable paging: ` show inter terse | no-more`
Interface convention
- `ge-0/0/0 unit 1` is equivalent to `ge-0/0/0.1` but only the latter is allowed sometimes
### Paste hierarchical config snippet
```
root@jun1> edit
Entering configuration mode
{master:0}[edit]
root@jun1# load merge terminal
[Type ^D at a new line to end input]
system {
host-name jex2;
}
load complete
```
### Logging in/out and diffing/saving/rollback config
[Juniper Day One: Exploring the CLI (pdf)](https://www.juniper.net/documentation/en_US/day-one-books/ExploreJunosCLI_2ndEd.pdf) and
[Juniper Day One: Beginner's guide to JunOS (pdf)](https://www.juniper.net/documentation/en_US/day-one-books/junos-beginners-guide.pdf)
$ ssh root@jex1.asozial.it-syndikat.org
--- JUNOS 15.1R7-S2 built 2018-09-15 07:29:34 UTC
root@jex1:RE:0% id # demonstrate we have a unix shell with root
uid=0(root) gid=0(wheel) groups=0(wheel), 5(operator), 10(field), 31(guest), 73(config)
root@jex1:RE:0% cli # run "cli" to get to the JunOS CLI, duh
{master:0}
root@jex1> conf # this is the junos shell in read-only mode,
# now switch to edit mode
{master:0} # "cd" to a path in the config hierarchy. Yes the
root@jex1# edit system # config is not flat like in Brocade land yey
{master:0}[edit system]
root@jex1# set host-name jex1
{master:0}[edit system]
root@jex1# show host-name # read back config item (think: "ls"), works
# without an arg too
host-name jex1;
{master:0}[edit system]
root@jex1# show | compare # diff against running config.
# Where have you been all my life.
[edit system]
- host-name amnesiac;
+ host-name jex1;
{master:0}[edit system] # Actually reload, apply and save. None of this
root@jex1# commit # apply immediately garbage here.
{master:0}[edit system]
root@jex1# commit
{master:0}[edit system]
root@jex1# rollback 0 # Alternatively forget uncommitted changes
{master:0}[edit system]
root@jex1# exit
{master:0}[edit]
root@jex1# exit
root@jex1> exit
root@jex1:RE:0% exit
logout
Yeah there sure are a lot of exits. FYI emacs/bash-style command line
editing works across the board here. So Ctrl-A/-E, Cltr-K and -Y
away. Resp: Begining/end of line and kill/yank (copy/paste).
There's also TAB completion everywhere. Use it.
### Confirmed Commit (auto rollback)
Sometimes a well meaning config change can kill remote access to the switch itself. To prevent that situation we should prefer to use `commit confirmed`. It will rollback changes after a while (10min by default) if the timer is not explicitly cancelled using `conmit check`.
### Switch VLANs
[Understanding Bridging and VLANs on EX Switches (multicast-l2 JunOS docs)](https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/topics/topic-map/bridging-and-vlans.html)
Example VLAN Declarations:
```
vlans {
default;
lan {
vlan-id 1;
l3-interface vlan.1; #< optional routing interface
interface ge-0/0/0.0; #< optional alternative to `vlan member lan`
```
Note the difference: `vlans` is where the name<>id mapping is, `vlan.*` is the name for L3 interfaces that are part of a VLAN.
Example L2 switched interface in VLAN:
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members lan;
With interface `port-mode access` (the default) only one VLAN is allowed in `vlan members` (which defaults to `default`) and frames must ingress/egress untagged. We can set `port-mode trunk` to allow multiple tagged VLANs or `port-mode tagged-access` to additionally allow one untagged VLAN which is set using `native-vlan-id <vlan>`. Here a defined name or int is allowed, name is recommended.
**WARNING**: `vlan members` and `native-vlan-id` *MUST NOT* overlap if you want to keep your sanity as `members` will override `native-vlan-id` resulting in only tagged egress on the port.
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode tagged-access;
vlan {
members [ mgmt ];
}
native-vlan-id lan;
### MAC Address Table
To find a host's port:
root@jex2> show ethernet-switching table brief | match 6c:4b:90:92:1b:b3
default 6c:4b:90:92:1b:b3 Learn 0 ge-0/0/46.0