Friday, 22 February 2013

Juniper JNCIA-Junos - Class of Service

For this last chapter, you are going to mark some traffic.

Exercise – Marking packets

Your goal is to create a filter that you will apply on JUNOS1′s em4 interface (input). This filter will mark all packets from 10.3.3.0/24 with expedited-forwarding (EF) DSCP.

Solution

firewall {
   family inet {
        filter apply-cos {
            term from-JUNOS3 {
                from {
                    source-address {
                        10.3.3.0/24;
                    }
                }
                then {
                    forwarding-class expedited-forwarding;
                    accept;
                }
            }
            term default {
                then accept;
            }
        }
    }
em4 {
     unit 0 {
         family inet {
             filter {
                 input apply-cos;
             }
             address 172.30.25.9/30;
         }
     }
 }
This is the end of our hands-on exercises, you should now be ready to seat for the
JNCIA-Junos certification. Don’t forget you can obtain 50% off the exam cost by passing the pre-assessment exam on Juniper’s website.

Juniper JNCIA-Junos - Routing Policy and Firewall Filters

We assume you have read chapter 2 of Juniper’s second PDF so that you can practice routing policy and firewall filters. First we are going to start with a simple route redistribution followed by a firewall filter to restrict telnet access.

Exercise 1 – Default route redistribution into OSPF

Create a policy to redistribute the existing default route (0.0.0.0/0) on JunOS1 into OSPF so that other routers can use it.

Solution

[edit]
root@JUNOS1# edit policy-options
[edit policy-options]
root@JUNOS1# set policy-statement default-static term accept-default-static from protocol static
[edit policy-options]
root@JUNOS1# set policy-statement default-static term accept-default-static from route-filter 0.0.0.0/0 exact
[edit policy-options]
root@JUNOS1# set policy-statement default-static term accept-default-static then accept
[edit policy-options]
root@JUNOS1# show
policy-statement default-static {
    term accept-default-static {
        from {
              protocol static;
              route-filter 0.0.0.0/0 exact;
             }
    then accept;
    }
}
[edit policy-options]
root@JUNOS1# top edit protocols ospf
[edit protocols ospf]
root@JUNOS1# set export default-static
[edit]
root@JUNOS1# commit
JUNOS1 advertises the default route in OSPF, check that JUNOS3 can actually see it.
root@JUNOS3# run show route protocol ospf
inet.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0          *[OSPF/150] 00:00:05, metric 0, tag 0
> to 172.30.25.9 via em4.0

Juniper JNCIA-Junos - Routing Fundamentals

Starting with Juniper’s second PDF, we can make a new practice lab for the next 3 chapters. This lab is a bit more advanced than the previous one in order to test the OSPF routing protocol. You will need 3 Juniper routers, here are the connections:
  • JUNOS1, interface em0 <-> JUNOS2, interface em0
  • JUNOS1, interface em1 <-> JUNOS2, interface em1
  • JUNOS1, interface em4 <-> JUNOS3, interface em4
  • JUNOS2, interface em3 <-> JUNOS3, interface em3
Make sure the routers have a factory default configuration (use the load factory-default command if you need to). Then set the host-name, root password and IP addresses for each router, to save time you can copy and paste the following commands (don’t forget to commit):

JUNOS1

set system host-name JUNOS1
set interfaces em0 unit 0 family inet address 172.30.25.2/30
set interfaces em1 unit 0 family inet address 172.30.25.6/30
set interfaces em3 unit 0 family inet address 192.168.1.1/24
set interfaces em4 unit 0 family inet address 172.30.25.9/30
set interfaces lo0 unit 0 family inet address 10.1.1.1/24
set system root-authentication plain-text-password

Juniper JNCIA-Junos - Operational Monitoring and Maintenance

For the last chapter of Juniper’s first PDF, we are going to have a closer look how to get more information about JunOS and also practice the password recovery procedure that will sooner and later be useful for you.

Exercise 1 – boot messages

Do you remember the booting process in chapter 1? Well you have a command to see the messages again (hint: use the show system command).

Solution

root@JUNOS1# run show system boot-messages
Copyright (c) 1996-2010, Juniper Networks, Inc.
...
ad1: 1024MB <QEMU HARDDISK 0.11.0> at ata0-slave WDMA2
Trying to mount root from ufs:/dev/ad0s1a
vn_read_compressed_block: invalid block index 550

Juniper JNCIA-Junos - Secondary System Configuration

Before diving deeper into JunOS configuration you should have read chapter 4 of Juniper’s first PDF. Let’s continue with the same lab as before.

Exercise 1 – Syslog

On JUNOS2, set up a syslog file to record any config changes (hint: system syslog). Commit and quit.

Solution

[edit]
root@JUNOS2# set system syslog file config-changes change-log info
[edit]
root@JUNOS2# commit and-quit
commit complete
Exiting configuration mode
Now go back to configuration mode and change junuser to give operator permissions instead of super-user. Again, commit and-quit. Using the show command, display the log related to your previous commit.

Solution

[edit]
 root@JUNOS2# set system login user junuser class operator
[edit]
root@JUNOS2# commit and-quit
commit complete
Exiting configuration mode
root@JUNOS2> show log config-changes
 Dec 16 05:06:24  JUNOS2 mgd[1392]: UI_CFG_AUDIT_SET: User 'root' set:
[system login user junuser class] "super-user -> "operator"
Use the help syslog command to learn more about the message code (UI_CFG_AUDIT_SET).

Wednesday, 20 February 2013

Juniper JNCIA-Junos - User Interface Options & Initial Configuration


This page is to practice what you learned in Juniper’s PDF (part 1), chapter 2 and 3.  So now it is time to get active and log in as root without any password.
First thing you should notice is that Amnesiac is the default host-name. This indicates that our JunOS is running with the factory-default configuration (you can use the load factory-default command in configuration mode to have a JunOS in this state).
You are logged in as root, you should see the UNIX shell prompt root@% where you can type UNIX commands like ls or ps but this is beyond our scope. What we want is the operational mode prompt root> that is started with the cli command.
Amnesiac (ttyd0)
 login: root
--- JUNOS 10.1R1.8 built 2010-02-12 17:15:05 UTC
 root@% cli
 root>
Type show configuration to display the current factory-default configuration.
root> show configuration
## Last commit: 2011-02-17 00:34:21 UTC by root
version 10.1R1.8;
system {
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    ## Warning: missing mandatory statement(s): 'root-authentication'
}
Note the missing mandatory statement warning, this means you will not be able to commit your changes until you set up a password for root.

Juniper JNCIA-Junos - Operating System Fundamentals

This part is mainly theory and reading chapter 1 of Juniper’s PDF (part 1). It is only what you need for the exam; however, it is interesting to have an overview of how JunOS actually boots up.
First, make your lab in GNS3 by connecting 2 routers back to back using their em0 interface. Keep this lab for all your exercises for chapters of part 1.
Start your Juniper routers in GNS3 and console to them. As you learned in Juniper’s PDF, JunOS is based on FreeBSD, an open source UNIX Operating System. This OS is very reliable and you also get extra tools that you cannot find on Cisco IOS for instance.
The first thing you should see after starting JunOS, are the kernel modules being loaded. The kernel is the core component of the operating system.
/boot/modules/if_bge.ko text=0xa98c data=0x364+0xc syms=[0x4+0xd50+0x4+0xd18]
...
/boot/modules/mac_runasnonroot.ko text=0x7b4 data=0x4d0 syms=[0x4+0x310+0x4+0x39d]
Then, you have a chance to give parameters to the kernel in order to change the default booting process. This can be useful to recover the root password for example, but that’s not the only use. Root is the name given to the super administrator on UNIX.

Thursday, 14 February 2013

How to build a voice lab with GNS3 and VMWare

Is it possible to build a voice lab without actual hardware? The answer is yes and no. You can build a very good lab using GNS3 and VMWare but it is not possible to build a complete lab. The underlying emulation engine for GNS3 (dynamips) does not support digital signal processors (dsps) or voice cards.
Over the next few months, I will show you how to build a very good lab without any hardware. If you want a more complete lab, you will need to obtain at least one router with dsps and voice cards. I have a 2611XM router with DSPs, a vic-2fxs card, a vic-2fxo card and an ATA-186.




watch video
Disclaimer and Due Credit:
This tutorial series is heavily based on by Jayanm of Chicago, IL.  Jaynam has obtained the following Cisco Certifications: CCIE (Voice) – CCVP – CCSP – CCNA – CQS (PIX,VPN,IDS) – VMWare Certified Professional.

I really appreciate the ground breaking research by Jaynam.
Updates and Videos in the series:
I will include future videos in this section as they are created. It is a good idea to bookmark this particular post or subscribe to our RSS Feed if you would like to keep up on all future tutorials.
Hardware
I am using a fairly basic pc with a 3Ghz hyperthreading CPU and 2GB Ram. By today’s standards, it is nothing special.
Update 1/19/09: I have added Dell 750 server with 4GB RAM for virtual servers at the Headquarters location.
Optional Hardware
As I mentioned before, I have a 2611XM router with a couple voice cards and some dsps. This is not manditory but I will include this hardware with the lab series for those that would like to purchase the hardware to follow along.
Emulated Hardware
I will be emulating 3725 routers because they will be seen on the CCIE lab. Although the 3725s call for 256 MB requirements, I have found that they only actually use ~192MB ram on my PC.
Jaynam and others have opted to use 2691′s. You may find this works better for you also.
Software
I have chosen to use Ubuntu Linux for my host operating system due to better performance over XP, stability, availability, ease of use and price.
Host OS: Ubuntu 8.0.4
PC Emulation: VMWare Server v1.0.6 or 2.x
Router Emulation: GNS3 v0.5 / v0.6
IOS: c3725-adventerprisek9_ivs-mz.124-15.T6.bin
What is possible without hardware?
It is possible to test lots of  different Cisco VOIP Technologies. Here is a short list. I am sure I will make mistakes with this list or leave things out. Feel free to email me or make a comment to help me get a more complete list.
Call Manager Features
  • Call Routing – Partitions, CSS, Time of Day routing, Route Groups, Route Lists, Route patterns, Translation Patterns, Line Groups, Hunt Lists, Hunt Pilots, 4 digit dialing
  • Media Resources – Software Based Media Resources only – Music on Hold, Software Conference Bridge
  • IP Phone registration and dialing
  • Redundancy – SRST, AAR
  • Call Admission Control – Locations based and Gatekeeper
  • Unity Integration
  • Extension Mobility
  • Attendant Console
  • IPMA

SIP Trunking
SIP-UA.com offers free SIP trunks for voice labs.

IOS Features
  • Call manager Express
  • Gatekeeper
  • IPIPGW
  • Digit manipulation
  • Auto Attendant
  • TCL Scripts
  • Voicemail Integration from CME to Unity
  • WAN QOS
  • Frame Relay
  • Class of Restriction (COR)
  • SRST
What is not possible without hardware?
  • Xcoder registration and testing
  • Hardware based conference bridges
  • Router based MOH
  • voice port configuration
  • t.37 fax store and forward
  • Fax relay
  • MGCP
  • Anything related to hardware not emulated, VG248, ATA, CAT6500, Catalyst 3550 switch.

watch video

Install Cisco IP Communicator on Win7 in VMware

Cisco IP Communicator (CIPC) requires a sound card be installed on a PC in order to install or open. Under normal circumstances, this completely makes sense. However, in other circumstances (demos/labs), PCs are actually virtual machines … and do not have sound cards. In these situations, the engineers/trainers/etc are more concerned with dialing than actually hearing audio.

In order to use CIPC in a virtual machine, install Virtual Audio Streaming – a virtual sound card tool from ShiningMorning.com prior to installing CIPC. This software will install virtual audio drivers on your VM which allow CIPC to install and have dialing capabilities. Unfortunately, CIPC will still only allow one instance to run at a time…unlike IP Blue. I have tested this with VMWare ESXi but it may also work with other VMWare products.

How to run multiple IP Blue phones on a single PC

In this tutorial, you will learn how to use IPBlue’s VTGO Lite softphone to test skinny phone registration and dialing by running multiple instances of emulated Cisco IP Phones.
This is the fourth tutorial in the Virtual Voice Lab Series for CCIE and CCVP studies.

Disclaimer and Due Credit:
This tutorial series is heavily based on CCIE Voice Home lab with Dynamips/VMware by Jayanm of Chicago, IL. Jaynam has obtained the following Cisco Certifications: CCIE (Voice) – CCVP – CCSP – CCNA – CQS (PIX,VPN,IDS) – VMWare Certified Professional.
I really appreciate the ground breaking research by Jaynam.

PC Preparation

  1. Install IPBlue on your workstation.  This part really shouldn’t require much of an explanation. You will need to download VTGO Lite. Here is the link.
     
  2. If your PC does not have multiple NICs, you can use MS Loopback adapters. (If you do have multiple nics, this part is not necessary.)
    • Go to Start > Control Panel
    • Click ‘Add Hardware’
    • Click ‘Next’
    • Select ‘Yes, I already have a connection’
    • Select ‘Add a new hardware device’
    • Select ‘Install from a list’
    • Click ‘Network Adapters’
    • Select Microsoft Loopback
    • Click ‘Next’
    • Click ‘Next’
    • Click ‘Finish’
    • Double-Click ‘Network Connections’
    • Rename the loopback interface to something descriptive.
     

    Watch the video
  3. Gather the MAC addresses for PC interfaces using the ‘ipconfig /all’ command
     

Basic Phone configs in Call Manager and IP Blue

  1. Configure two ip phones in the CUCM server or turn on auto registration
    • Configure the MAC address
    • Select the default phone button template
    • Select the default device pool
    • Select the default device security profile
    • Add a new dn and give it an extension
     

Run multiple IPBlue Softphones

  1. Create a new IP Blue shortcut with the  ‘/d’ option following the softphone executable.
  2. Open the IP Blue Softphone
  3. Change the phone options
    • Set the TFTP Server to the ip address of your CUCM server
    • Set the MAC Address with the Network interface option
    • Set the Primary Call Manager
    • Select an IP Phone model to emulate
  4. Open the Windows registry editor (Click Start > Run  and type regedit)
  5. Export the Phone settings
    • Navigate to the HKEY_LOCAL_USER\Software\IPBlue branch
    • Right-Click on the IPBlue folder and select ‘Export’
    • Give the registry file a descriptive name and click ‘Save’
  6. Repeat Steps 3-5 for each virtual phone you would like to use.
  7. Double-Click one of the .reg file for one of the softphones saved in steps above.
  8. Open the IP Blue Softphone.
  9. Double-Click another .reg file for one of the softphones saved in steps above.
  10. Open the IP Blue softphone again. (The IPBlue software references the settings in the system registry during startup)
Watch video