Windows LiveWindows Live
 
 
Farhan's profileFarhan's spaceBlogListsNetwork Tools Help

Farhan's space

Profile

Farhan Anwar

Occupation
IT Infrastructure Architect
Location
United Arab Emirates
Interests
Jet Skiing Driving Hiking Swimming
View profile details

Managed Favorites List
Related to Cisco Only.

Blog
September 10

Penetration Testing IPsec VPNs

Found a good link for testing and scanning of IPSec Based VPN Connections.
 
 
 
11:29 AM | Add a comment | Permalink | Blog it
August 26

Firewall Filters in JunOS

 

Introduction to Firewall Filters in JunOS

 

 

·         Firewall Filters are same as Access Control Lists in Cisco.

·         Firewall Filters are stateless firewall filters just like ACLs in Cisco.

 

·         Firewall Filter has:

o    Discard: Packet gets dropped without notifying the sender

o    Reject: Packet gets dropped with notification

 

·         All ACLs are configured in Firewall Hierarchy

·         All Firewall Filters have Names

Every Term has:

From Clauses ( Matches )

Then Clauses ( Actions )

Every Term can have a Number or a Name

The ANNOTATE Command can be used to write Comments against the filter terms

 

Show firewall policy-options

 

·         JunOS always compiles Firewall Filters.

·         JunOS Firewall Filters are performed always in Hardware using the Internet 2 Processor from IBM which gives Line Rate Packet Filtering Speed.

·         For APPLYING a firewall filter list over an interface:

o    Set interface fe-3/0/0 unit 0 family inet filter input-list block-bad-addresses

o    Set interface fe-3/0/1 unit 0 family inet filter output-list block-bad-addresses

·         Firewall Filters are applied with the perspective of a Router, if a Packet comes in through FE-3/0/0 and after re-routing it goes out from FE-3/0/1 then the input ACL will be at FE-3/0/0 and the output ACL will be at FE-3/0/1 

12:09 AM | Add a comment | Read comments (1) | Permalink | Blog it

JunOS Interface Configuration

 

JunOS Interface configuration

 

 

Interface configuration is done via INTERFACE Configuration Mode.

 

VLAN Configuration could also be done.

JunOS Supports 802.1q VLANs.

Multiple Logical Units can be configured just like IOS Sub interfaces.

 

Aggregation of Ethernet Ports ( Port Aggregation - Ether Channel )

JunOS Supports 802.3ad Aggregation Protocol

JunOS Supports LACP Options

 

Examples:

o    Set chassis aggregated-devices Ethernet device-count 1

o    Set interfaces fe-4/0/2 fastether-options 802.3ad ae0

o    Set interfaces fe-4/0/3 fastether-options 802.3ad ae0

o    Set interfaces ae0 unit 0 family inet address 192.168.1.1/24

 

Proxy ARP

Default: Proxy ARP is disabled.

Set interfaces fe-0/0/0 unit 0 proxy-arp

 

Serial Interface configurations:

Serial-

E1-

T1-

ATM1-

 

By default the router ignores Loopback Requests.

The Command used to enable loopback mode testing in T1:

Set t1-options remote-loopback-respond

 

Payload-scrambler is disabled in JunOS

JunOS uses a 16 Bit FCS for t1/e1/t3 and Sonet Lines, we can also configure a 32 bit fcs.

 

JunOS uses PPP Encaps by default. It supports Cisco HDLC, Frame Relay and PPP

 

JunOS Supports Frame Relay Point to Point and Multipoint Interfaces.

By Default Point to Point is used.

Set interface e1 unit 0 dlci 511;

Set interface e1 unit 0 family inet address xxx

 

For Multipoint Interfaces:

Set interface e1 unit 0 family inet address 10.1.1.1/31 multipoint-destination 10.1.1.2 dlci 600

 

For Multipoint Interfaces, can have multiple ip address with multiple Frame Relay MAP statements

 

JunOS Interface Monitoring:

Show interface descriptions

Show interface terse

Monitoring Serial Links:

For Detailed Link Information:

Show interface se-1 detail

 

For Layer 2 Errors:

Show interface se-1 extensive

 

12:07 AM | Add a comment | Permalink | Blog it