Juniper - Base JunOS config
Base system:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# Set individual device settings
set system host-name <hostname>
set system domain-name <ISP router domain>
set system time-zone UTC
# General system
delete system autoinstallation
# Setup general login parameters
set system login retry-options tries-before-disconnect 3
set system login retry-options backoff-threshold 1
set system login retry-options backoff-factor 5
set system login retry-options minimum-time 30
set system login retry-options maximum-time 120
set system login retry-options lockout-period 10
# Setup remote access
set system services ssh root-login deny
set system services ssh protocol-version v2
set system services ssh max-sessions-per-connection 5
set system services ssh client-alive-count-max 6
set system services ssh client-alive-interval 10
set system services ssh connection-limit 25
set system services ssh rate-limit 10
# General Internet settings
set system no-redirects
set system no-redirects-ipv6
set system no-ping-record-route
set system no-ping-time-stamp
set system internet-options icmpv4-rate-limit packet-rate 1000
set system internet-options icmpv6-rate-limit packet-rate 1000
set system internet-options no-source-quench
set system internet-options no-tcp-reset drop-all-tcp
#
set system backup-router 172.18.2.1
set system backup-router destination 172.16.0.0/16
set system default-address-selection
set system name-server 9.9.9.9
set system name-server 131.72.76.0
#
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file User-Auth authorization any
set system syslog file audit interactive-commands any
set system syslog file processes daemon any
set system syslog time-format year
set system syslog time-format millisecond
set system syslog source-address 23.164.224.255
#
set system extensions
set system commit synchronize
set system ntp server 98.191.213.2</code></pre>
Config management
1
2
3
4
5
set system max-configuration-rollbacks 49
# Backup of config
set system archival configuration transfer-on-commit
set system archival configuration archive-sites "scp://juniper@<config-host>.noc.<operator>.co:2222/<site>/<host>"
Load balancing / Aggregated Ethernet (aeX)
1
set forwarding-options load-balance indexed-load-balance
Common Routing options:
router-id and ASN
1
2
3
4
routing-options {
router-id $LOOPBACKIP$;
autonomous-system 6653;
}
To Add:
- uRPF
- https://www.juniper.net/documentation/en_US/junos/topics/example/unicast-rpf-ex-series.html
- https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/interfaces-configuring-unicast-rpf.html
- MC-LAG
- LLDP
- DNS
- NTP
- SNMP
- Syslog
- time-format millisecond year
- source-address
- netconf
- protect-re filter:
- https://jncie.eu/how-to-deploy-vmx-with-multiple-res-and-multiple-fpcs-in-eve-ng-kvm/
- system accounting events
- login
- change-log
- interactive-commands
- logic class tier 3
- idle-timeout 30
- login-alarms
- permissions all
- Routing policies:
- Blackholes
- ASN for communities:
- 16 vs 32 bit ASNs.
- ASN for communities:
- Blackholes
- vMX:
- Docker:
- https://community.juniper.net/browse/blogs/blogviewer?blogkey=cb2ba379-a181-43d5-ae3d-8ec3832f087f
- Docker:
This post is licensed under CC BY 4.0 by the author.