of 17 /17
http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved JNCIE-ENT workbook: 1 1 iNET ZERO – JNCIE-ENT Lab preparation workbook version 1.0 iNET ZERO – JNCIE-ENT Lab preparation workbook v1.0 For Juniper Networks ® - JNCIE-ENT Lab exam

INET ZERO - JNCIE-EnT Workbook v1.0 - Sample

Embed Size (px)

DESCRIPTION

INET ZERO - JNCIE-EnT Workbook v1.0 - Sample

Text of INET ZERO - JNCIE-EnT Workbook v1.0 - Sample

  • http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved

    JNCI

    E-EN

    T w

    orkb

    ook:

    1

    1 iNET ZERO JNCIE-ENT Lab preparation workbook version 1.0

    iNET ZERO JNCIE-ENT Lab preparation workbook v1.0 For Juniper Networks - JNCIE-ENT Lab exam

  • http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved

    JNCI

    E-EN

    T w

    orkb

    ook:

    2

    2 iNET ZERO JNCIE-ENT Lab preparation workbook version 1.0

    Copyright information

    This workbook, iNET ZERO's JNCIE-ENT Lab Preparation Workbook, was developed by iNET ZERO.

    All rights reserved. No part of this publication may be reproduced or distributed in any form or by any means without the prior written permission of iNET ZERO.

    This product cannot be used by or transferred to any other person. You are not allowed to rent, lease, loan or sell iNET ZERO training products including this workbook.

    You are not allowed to modify, copy, upload, email or distribute this workbook in any way. This product may only be used and printed for your own personal use and may not be used in any commercial way.

    Juniper (c), Juniper Networks (c), JNCIE, JNCIP, JNCIS, JNCIA, Juniper Networks Certified Internet Expert, are registered trademarks of Juniper Networks, Inc.

  • http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved

    JNCI

    E-EN

    T w

    orkb

    ook:

    3

    3 iNET ZERO JNCIE-ENT Lab preparation workbook version 1.0

    About iNET ZEROs content developers and authors:

    Maxim Frolov

    Maxim lives in Russia and speaks Russian and English. He started his networking career in 1999. Throughout the years Maxim has designed and implemented several large scale networks for enterprise and service provider customers. Over the years he has developed several high quality courseware materials for industry leading networking vendors. Maxim has the following certifications: JNCIE, JNCIP-ENT, JNCIS-SEC, Nortel NNCSS and is a certified Juniper Networks Instructor. For technology Max values efficiency and pragmatic design. When Max is not at work he likes to spend time with his family. Max enjoys being outside in the nature and loves to travel and exploring the world.

    Jrg Buesink

    Jrg lives in the Netherlands near Amsterdam and brings more than 10 years of experience in the IT and networking industry. He has worked for several large ISPs / service providers in the role of technical consultant, designer and network architect. He has extensive experience in network implementation, design and architecture and teached several networking classes. Jrg is triple JNCIE certified (JNCIE-ENT#21, JNCIE-SP#284 and JNCIE-SEC#30) as well as triple CCIE#10532 (Routing/ Switching, Service provider and Security) and Cisco CCDE#20110002 certified.

    Alan Gravett

    Originally from South Africa, Alan spent a long time away from his country of birth, travelling extensively and learning about different peoples and cultures. Alans experience in the IT industry started more than 30 years ago, but had a necessary break for a few years in between. He was also the first South African to be employed by Juniper Networks, which after working at the biggest ISP on the planet at the time UUNET provided the opportunity to really see and understand how the biggest networks on the planet are designed. As an early starter at Juniper, he has had the opportunity to become both JNCIE-SP #24 as well as JNCIE-ENT #9. During his career at Juniper Networks Alan has had the pleasure of sharing much of this knowledge with hundreds of students and also to verify their understanding as the primary EMEA based Certification proctor for the JUNOS Professional and Expert Lab exams. Alans first language is English, but is also fluent in Dutch.

  • http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved

    JNCI

    E-EN

    T w

    orkb

    ook:

    4

    4 iNET ZERO JNCIE-ENT Lab preparation workbook version 1.0

    Alexey Kolmov

    Alexei lives in Moscow and speaks Russian and English. He started his carrier in telecommunication area in 1995 as a technician in S.W.I.F.T. Access Point. Since that time he gained experience as a field, technical support and systems engineer, project manager, technical writer and instructor. He had taken part in many projects for corporate clients and service providers, participated in the creation of networks based on X.25, Frame Relay, ATM, PDH/SDH, TCP/IP and VoIP technologies, learned and implemented solutions from Motorola, Nortel Networks, Tellabs and Acme Packet.

    Since 2006 Alexei has been working with Juniper Networks technologies and products, focusing primarily on security solutions. Alexei becomes energized and determined to stimulate people to move, grow and develop to higher levels of personal effectiveness. Alexei is a certified Juniper Networks Instructor and holds the following certification: JNCIP-M/T, JNCIP-SEC, JNCIS-FW, JNCIS-SSL, JNCIA-EX, JNCI and Acme Packet Certified Instructor

    Richard Pracko

    Richard Pracko comes from the heart of the Europe, from a small but beautiful country Slovakia. Right after finishing his studies at the university with telecommunications as a major, he joined the Siemens Networking department, and focused on the integration of Juniper Networks and Siemens products. There, he gathered a lot of experience and skills in the networking area by taking an active part to numerous projects, and this , all over the world. It was during that time that his teaching career started. In the beginning of 2009, he left Siemens on his own initiative, and became a full time instructor and technical consultant, over a vast geographic area (EMEA and more).

    Richard is an energetic young man, with interests ranging across numerous sport disciplines like tennis, soccer, skiing and others. Richard speaks English, German, Czech and Slovak. Richard is a certified Juniper Networks Instructor and holds the following certifications: JNCIS-FWV, JNCIP-SEC, JNCIS-ENT, JNCIA-EX, JNCI.

  • http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved

    JNCI

    E-EN

    T w

    orkb

    ook:

    5

    5 iNET ZERO JNCIE-ENT Lab preparation workbook version 1.0

    Rack rental service

    Did you know that this workbook can be used in combination with our premium JNCIE rack rental service? Take a look on our website for more information www.inetzero.com

  • http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved

    JNCI

    E-EN

    T w

    orkb

    ook:

    Tab

    le o

    f Con

    tent

    s

    6

    6 iNET ZERO JNCIE-ENT Lab preparation workbook version 1.0

    Table of Contents

    Chapter One: General System Features

    Task 1: Initial System Configuration Task 2: User Authentication and Authorization Task 3: Syslog Configuration Task 4: SNMP Configuration Task 5: Firewall Filters

    Chapter Two: L2 Switching

    Task 1: L2 Switching Network Deployment Task 2: Virtual Chassis Task 3: VLAN Configuration Task 4: MSTP Configuration Task 5: VRRP Configuration Task 6: L2 Switching Security Features

    Chapter Three: IGP Routing

    Task 1: IPv4 Network Deployment Task 2: OSPF Configuration Task 3: RIP Configuration and Redistribution Policies Task 4: Protocol-independent Routing and Routing Policies Task 5: IPv6 Network Deployment Task 6: IPv6 IGP Routing

    Chapter Four: BGP Routing

    Task 1: Base Network Deployment Task 2: BGP Configuration Task 3: IPv4 BGP Routing Policies Task 4: IPv6 BGP Routing Policies

    Chapter Five: Multicast Routing

    Task 1: Base Network Deployment Task 2: Multicast Configuration Task 3: Multicast Verification

    Chapter Six: Class of Service

    Task 1: Base Network Deployment Task 2: SRX Forwarding Classes, Queues, and Schedulers Task 3: EX Forwarding Classes, Queues, and Schedulers Task 4: Network Edge CoS Configuration Task 5: Network Core CoS Configuration Task 6: CoS Verification

    Chapter Seven: A Full Day Lab Challenge

    Task 1: Initial System Configuration Task 2: Building the Network Task 3: L2 Switching Configuration Task 4: IGP Configuration Task 5: BGP Configuration

  • http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved

    JNCI

    E-EN

    T w

    orkb

    ook:

    Tab

    le o

    f Con

    tent

    s

    7

    7 iNET ZERO JNCIE-ENT Lab preparation workbook version 1.0

    Task 6: Multicast Configuration Task 7: Class of Service Configuration

    Appendix - Chapter One: General System Features

    Solution - Task 1: Initial System Configuration Solution - Task 2: User Authentication and Authorization Solution - Task 3: Syslog Configuration Solution - Task 4: SNMP Configuration Solution - Task 5: Firewall Filters

    Appendix - Chapter Two: L2 Switching

    Solution - Task 1: L2 Switching Network Deployment Solution - Task 2: Virtual Chassis Solution - Task 3: VLAN Configuration Solution - Task 4: MSTP Configuration Solution - Task 5: VRRP Configuration Solution - Task 6: L2 Switching Security Features

    Appendix - Chapter Three: IGP Routing

    Solution - Task 1: IPv4 Network Deployment Solution - Task 2: OSPF Configuration Solution - Task 3: RIP Configuration and Redistribution Policies Solution - Task 4: Protocol-independent Routing and Routing Policies Solution - Task 5: IPv6 Network Deployment Solution - Task 6: IPv6 IGP Routing

    Appendix - Chapter Four: BGP Routing

    Solution - Task 1: Base Network Deployment Solution - Task 2: BGP Configuration Solution - Task 3: IPv4 BGP Routing Policies Solution - Task 4: IPv6 BGP Routing Policies

    Appendix - Chapter Five: Multicast Routing

    Solution - Task 1: Base Network Deployment Solution - Task 2: Multicast Configuration Solution - Task 3: Multicast Verification

    Appendix - Chapter Six: Class of Service

    Solution - Task 1: Base Network Deployment Solution - Task 2: SRX Forwarding Classes, Queues, and Schedulers Solution - Task 3: EX Forwarding Classes, Queues, and Schedulers Solution - Task 4: Network Edge CoS Configuration Solution - Task 5: Network Core CoS Configuration Solution - Task 6: CoS Verification

    Appendix - Chapter Seven: A Full Day Lab Challenge

    The D1 configuration listing. The D2 configuration listing. The D3 configuration listing. The D4 configuration listing.

  • http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved

    JNCI

    E-EN

    T w

    orkb

    ook:

    Tab

    le o

    f Con

    tent

    s

    8

    8 iNET ZERO JNCIE-ENT Lab preparation workbook version 1.0

    The D5 configuration listing. The D6 configuration listing. The D7 configuration listing. The D8 configuration listing.

  • http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved

    JNCI

    E-EN

    T w

    orkb

    ook:

    Cha

    pter

    One

    : Gen

    eral

    Sys

    tem

    Fea

    ture

    s

    9

    9 iNET ZERO JNCIE-ENT Lab preparation workbook version 1.0

    Chapter One: General System Features

    TIP: Throughout the workbook before you begin a chapter, we recommend you to read the entire chapter before starting with the first task.

    This chapter will focus on initial system configuration and general system features. You will configure various features, such as host name, root password, management network access, management user authentication and authorization, NTP, SNMP, Syslog and RE protection Firewall Filters. You will be operating 8 devices D1 through D8 referred to as your devices. Topology for chapter one is shown in Figure 1.

    Figure 1

    Task 1: Initial System Configuration In this part you will configure your devices host names, root passwords, the OoB management interfaces including definition of specific services allowed to access the devices, static routing and DNS.

    1) Download the latest initial configurations from our website http://www.inetzero.com in the download section and load them on your devices. Use root password root123 in every device.

    2) Using user name lab and password lab123 log in to the VR-device and load override the Chapter 1 baseline configuration.

    NOTE: You are not allowed to change any of the VR-device settings except that are loaded in the baseline file throughout all chapter tasks.

    3) Configure host names in the devices according to Table 1.

  • http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved

    JNCI

    E-EN

    T w

    orkb

    ook:

    Cha

    pter

    One

    : Gen

    eral

    Sys

    tem

    Fea

    ture

    s

    10

    10 iNET ZERO JNCIE-ENT Lab preparation workbook version 1.0

    Table 1

    Device Device Type Host Name D1 SRX 240 Mercury D2 SRX 240 Venus D3 SRX 240 Earth D4 SRX 240 Mars D5 EX 4200 Jupiter D6 EX 4200 Saturn D7 EX 4200 Uranus D8 EX 4200 Neptune

    4) Configure the OoB management interfaces in each device with the appropriate IP addresses. The devices and their respective IP addresses are listed in Table 2.

    Table 2

    Device OoB Interface Name OoB Interface IP Address

    D1 ge-0/0/0 10.10.1.1/24 D2 ge-0/0/0 10.10.1.2/24 D3 ge-0/0/0 10.10.1.3/24 D4 ge-0/0/0 10.10.1.4/24 D5 me0 10.10.1.11/24 D6 me0 10.10.1.12/24 D7 me0 10.10.1.13/24 D8 me0 10.10.1.14/24

    5) Enable each device to accept management connections for the SSH, Telnet, HTTP, and HTTPS services. Make system to use automatically generated X.509 certificate for HTTPS. Make sure all devices accept HTTP and HTTPS management access only on the OoB management ports.

    6) Configure static route to the management network 10.10.10/24 with the next-hop 10.10.1.254. Make sure the network is never redistributed to any dynamic routing protocol. Ensure the device is reachable while RPD is not running.

    7) Configure the S1 server as the DNS server.

    8) Set the time zone to Europe/Amsterdam on all your devices.

    9) Ensure that all your devices synchronize their time with the NTP server S1. Configure the devices to synchronize time with the S1 at boot time. Ensure that all the NTP exchanges are authenticated using MD5 with password workbook.

    NOTE: The lab uses a dedicated VR-device to emulate external systems interacting with your domain. The device is reachable at 10.10.1.9 IP address.

    NOTE: Server S1 is the dedicated FTP/SNMP/Syslog/RADIUS/DNS proxy server. The server is reachable at 10.10.10.1 IP address.

  • http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved

    JNCI

    E-EN

    T w

    orkb

    ook:

    Cha

    pter

    One

    : Gen

    eral

    Sys

    tem

    Fea

    ture

    s

    11

    11 iNET ZERO JNCIE-ENT Lab preparation workbook version 1.0

    ...

    ...

    DEMO

    ...

    ...

    Task : User Authentication and Authorization In this part you will configure new users allowed to access the devices and define their privileges and permissions.

    1) Configure the authentication method that first tries authenticate users on RADIUS server and then if not successful with local password. Use S2 as the RADIUS server. Configure the RADIUS server with retry attempts 1 and timeout 2 seconds. Use workbook as the RADIUS shared secret.

    2) Create on every device a new user lab, with the password lab123, that will have super user privileges.

    3) Configure additional users on all the devices as defined in Table 3. Note that word any in the Table 3 is used literally, i.e. a user can have any user name.

    TIP: From this point on we recommend you to operate routers using user lab account.

    Table 3

    Username Password Privileges Any - Permissions view and view-configuration. Authenticated on

    the RADIUS server S2 Support noc123 Permissions all. Additionally cannot execute any of the clear,

    configure, edit or start shell commands ...

    ...

    DEMO

    ... ...

  • http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved

    JNCI

    E-EN

    T w

    orkb

    ook:

    Cha

    pter

    One

    : Gen

    eral

    Sys

    tem

    Fea

    ture

    s

    12

    12 iNET ZERO JNCIE-ENT Lab preparation workbook version 1.0

    Task 3: Syslog Configuration Ensure that all the devices have following Syslog configuration:

    5) All emergency messages regardless of facility are displayed on terminals of all currently logged users.

    6) All messages regardless of facility with the severity level of info and higher are sent to the default syslog file.

    7) A file named interactive-commands for command audit tracking receives records about the users and commands they execute.

    8) A separate file named authorization-file is used for authorization messages with the severity info and higher.

    9) All messages with severity level warning and higher regardless of facility are sent to the S1 syslog server. Additionally use explicit priority tag and prefix message JNCIE-ENT.

    The archive size is set to 3 files with 100K size each.

    ...

    ...

    DEMO

    ...

    ...

  • http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved

    JNCI

    E-EN

    T w

    orkb

    ook:

    Cha

    pter

    Tw

    o: L

    2 Sw

    itchi

    ng

    13

    13 iNET ZERO JNCIE-ENT Lab preparation workbook version 1.0

    Chapter Two: L2 Switching

    This chapter focus is on L2 switching applications. In this tasks you will be configuring and monitoring L2 features such as Aggregated Ethernet links, VLANs and PVLANs, VLAN routing interface, VRRP, Virtual chassis, LLDP, Voice VLAN as well as security features 802.1X, MAC RADIUS, Storm control and MAC address limiting. The summarized view of the L2 network that you are going to build is shown in Figure 2.

    Figure 2

    ...

    ...

    DEMO

    ...

    ...

  • http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved

    JNCI

    E-EN

    T w

    orkb

    ook:

    Cha

    pter

    Tw

    o: L

    2 Sw

    itchi

    ng

    14

    14 iNET ZERO JNCIE-ENT Lab preparation workbook version 1.0

    Task 2: Virtual Chassis 1) Set D7 and D8 to have them merged into a Virtual Chassis. Ensure that both backplane VCP

    ports are used to connect the VC members. Ensure that D7 becomes a master RE with member ID 0 and holds the mastership when it is operational.

    NOTE: The VCP ports are already physically connected.

    2) Restore the VC non-master member interfaces configuration appropriately.

    3) Configure the vme.0 VC management interface with the IP address set to the master RE OoB management interface IP address.

    ...

    ...

    DEMO

    ...

    ...

    Task 4: MSTP Configuration In this task you will configure MSTP protocol to provide traffic load balancing across multiple VLANs.

    1) Configure a single MSTP region with two MSTP instances: Instance 1 and Instance 2. Instance 1 must be bound to VLAN A, Instance 2 must be bound to VLANs B and C. Ensure that the Instance 1 Spanning tree is rooted at D5 and the Instance 2 Spanning tree is rooted at D6. Ensure that CIST root is at D1.

    ...

    ...

    DEMO

    ...

    ...

  • http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved

    JNCI

    E-EN

    T w

    orkb

    ook:

    Cha

    pter

    Fou

    r: BG

    P Ro

    utin

    g

    15

    15 iNET ZERO JNCIE-ENT Lab preparation workbook version 1.0

    Chapter Four: BGP Routing

    This chapter focuses on BGP routing. You will configure both IPv4 and IPv6 multi AS BGP network, set up policy based traffic engineering, route redistribution, configure Aggregate routes and BGP over GRE tunnels. The summarized view of the BGP network that you are going to build is shown in Figure 6.

    Figure 3

    ...

    ...

    DEMO

    ...

    ...

    Task 3: IPv4 BGP Routing Policies In this task you are configuring BGP routing policies to control traffic flows among your Autonomous systems and the Internet.

    NOTE: You are not allowed to use static routes in this task.

    1) Configure D7 and D8 to advertise RIP routes to iBGP peers. Configure D7 and D8 to advertise the BGP default route to RIP. Make sure that D7 and D8 use optimal routing to the Internet destinations.

    2) Configure D3 and D4 to advertise a tightest possible summary route representing all your Autonomous Systems internal prefixes including the RIP prefixes to the Internet. No other prefixes are allowed to be advertised at D3 to the Internet.

  • http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved

    JNCI

    E-EN

    T w

    orkb

    ook:

    Cha

    pter

    Fou

    r: BG

    P Ro

    utin

    g

    16

    16 iNET ZERO JNCIE-ENT Lab preparation workbook version 1.0

    ...

    ...

    DEMO

    ...

    ...

  • http://www.inetzero.com - Copyright 2012 iNET ZERO. All rights reserved

    JNCI

    E-EN

    T w

    orkb

    ook:

    Cha

    pter

    Fiv

    e: M

    ultic

    ast R

    outin

    g

    17

    17 iNET ZERO JNCIE-ENT Lab preparation workbook version 1.0

    Chapter Five: Multicast Routing

    In this chapter you will configuring and monitoring Multicast network applications such as: PIM sparse mode multicast distribution for both ASM and SSM models, IGMPv2 and IGMPv3, PIM Bootstrap protocol, MSDP protocol and Anycast RP, and Multicast Scoping. The summarized view of the Multicast enabled network that you are going to build is shown in Figure 8.

    Figure 4

    ...

    ...

    DEMO

    ...

    ...

    ///////Table of ContentsChapter One: General System FeaturesChapter Two: L2 SwitchingChapter Three: IGP RoutingChapter Four: BGP RoutingChapter Five: Multicast RoutingChapter Six: Class of ServiceChapter Seven: A Full Day Lab ChallengeAppendix - Chapter One: General System FeaturesAppendix - Chapter Two: L2 SwitchingAppendix - Chapter Three: IGP RoutingAppendix - Chapter Four: BGP RoutingAppendix - Chapter Five: Multicast RoutingAppendix - Chapter Six: Class of ServiceAppendix - Chapter Seven: A Full Day Lab Challenge

    Chapter One: General System FeaturesTask 1: Initial System ConfigurationTask : User Authentication and Authorization...Task 3: Syslog Configuration

    Chapter Two: L2 SwitchingTask 2: Virtual ChassisTask 4: MSTP Configuration

    Chapter Four: BGP RoutingTask 3: IPv4 BGP Routing Policies

    Chapter Five: Multicast Routing