Archive for January, 2012
Junos Basics – OSPF
Oh, my. Another Junos post. Somebody stop me before I get my JNCIA!
This isn’t hard stuff at all. I’m sure there are a couple of cool tricks I don’t know yet, but let’s try anyway. I”m working on an SRX240 here running 11.1 and some change.
Let’s put interfaces ge-0/0/0.0 and lo0.0 in OSPF area 0. If you know the Junos configuration hierarchy, this will be very easy to you. Even if you don’t, you can stare at the config for a little bit and see what we’re doing.
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 set protocols ospf area 0.0.0.0 interface lo0.0
This is the only OSPF configuration you need, but guess what? It won’t work. Since a Junos device is also a firewall, it will drop OSPF packets as they come into the interface; you have to declare that you do indeed want to accept OSPF packets. You do this by creating a security zone, putting the right interfaces in the right zone, and then enabling OSPF on that zone.
We’ll create a zone called INSIDE for our purposes here. Note that there are about billion more steps (I counted) to fully configure your security zones, but that’s way beyond our scope here.
set security zones security-zone INSIDE
interfaces ge-0/0/0.0
set security zones security-zone INSIDE
interfaces lo0.0
set security zones security-zone INSIDE
host-inbound-traffic protocols ospf
You can also allow OSPF on specific interfaces like this. These commands will also put those interfaces in the right security zone.
set security zones security-zone INSIDE
interfaces ge-0/0/0.0 host-inbound-traffic protocols ospf
set security zones security-zone INSIDE
interfaces lo0.0 host-inbound-traffic protocols ospf
I’m not sure if you need to do this to lo0.0, but it won’t hurt.
Now you can see your OSPF neighbors come up and start exchanging routing information. That is, of course, assuming you did everything else right.
Send any blog deadlines questions my way.
Reviewing Goals from Last Year
The year is finally over. Actually, it sort of snuck up on me. I must be getting really old or something to let that happen.
At the beginning of the year, I posted my goals for 2011. How did I do? Not too well. I batted .500, so feel free to boo me.
- Hurry up and finish CCNA Voice : I finished that on 7 February. Was it worth it? Not really. I haven’t used the knowledge, and voice isn’t my thing. I got it to spice up the resume, but it didn’t really come into play at all. Oh, well. It’ll expire in about 2 years.
- Pass CCIE R&S written exam : I got this one finally. I flunked out at Cisco Live this year, but I redeemed myself on 23 August with a pass. Jody still owes me a drink since I hold the record for lowest passing score.
- Select a CCIE training vendor : Yeah…I never got to that one. When I finally got through the written, my job had completely drained my motivation. I fixed that problem by getting a new job, but that didn’t help free up any time to figure out which vendor I wanted to use. #fail
- Schedule CCIE R&S lab : That obviously didn’t work out, either, since it’s dependent on selecting a training vendor. #fail
What does this hold for this year? Getting some training and scheduling an exam is obviously priority. Since my new job is going all Juniper, going through those certifications would be next. Another super-busy year, I’m sure.
Good luck to everyone in 2012.