Cisco Catalyst to Juniper EX - Config Migration - Step 5: Trunks, uplinks, and leftovers

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and welcome back to the video series i am so sorry it's taken me so long to get to this point between the holidays and then a number of new technology trainings and one certification that i had to get in the new year we keep acquiring companies and i keep having to learn about them i just haven't had a chance to get to this now my demo pool's asking for the ex hardware that i'm using back so i gotta knock these out and lucky me it's president's day most people have the day off i technically do but i'm gonna use this to catch up on all these videos and hopefully close them out so let's just jump right into it pause the video so that you can see what we're going to be doing here above me if you want i can scroll that down just a bit basic final tasks i'm not going to go through it line by line and we're just going to tear into it the first note that i have here is to check to make sure our poe is enabled i think my son might have walked into the room in the last video and i didn't get a chance to do that pretty straightforward you can just do a show p-o-e you can see oh i'm sorry here show configuration p-o-e uh we can see where it's configured it says interface all and if we do show hang on here show p-o-e interface i think we can do all can do all here oh we can just hit enter it'll tell us if we're actually doing any power draw i don't actually have anything plugged into this is going to draw power so i'm not going to scroll all the way through but those are the two configuration two commands one for configuration one for operational mode that you can use to verify that since we're going to be doing our cut over today we need to set up our lacp connection to our upstream gateway in this case an srx firewall i'm going to do this a little bit out of order because i want to show you one of the considerations when you're building a lacp bundle on an ex okay so i'm going to splice in the photo here and you're going to notice on that lcd panel on the front that it has some alarms and i'll show you here we'll say clear alarms there are some alarms you're going to get until you add some configuration in you might not need to but i'll show you what those alarms are and how you can disable that and it has to do with the management out-of-band management interface that you're using on the back so in it's zero and one you saw from the photo tricky with the this ex because that is a line card that i have installed there are 40 gig ports on the back so conventionally if you're looking at the front you might think that that first grouping of ports 48 ports it's going to be the slot zero so it's zero slash zero and then the net the cards would be zero slash one but since it's a card and since we have 40 gig ports on the back it's zero slash two now you can always verify this by doing a run show chassis or just show chassis from operational mode hardware and here we can see fpc 0 and we can see pick 0 is 48 pick one is by 4 by 40 and pick 2 if i have it installed is my 4 by 1 gig 10 gig uplink so now we know the convention that we'll be using for the ports that i'm going to be uplinking to my firewall so let's start there edit is it 10 gig i think so xc020 we'll do a dot zero because we can do that instead of typing in the word unit actually we don't do that i'm sorry we're doing lacp so we need to go here and all we do for the configuration on these two interfaces is we do a set gig ether options 802.3ad which is the ieee standard for lacp and we marry it to an interface we're about to create in this case ae 0 and we'll go up and we can actually just copy to 0 2 xe dash 0 to 1. so now we actually have to edit that ae interface so edit ae 0. now we're going to set our black p ether options first aggregate either options and we need to do what are we doing here active p active periodic slow check your manufacturer recommendation the ex is perfectly capable of running fast periodic i'd have to be using i think an ex 2300 maybe the 3400 recommends slow it just has to do with the amount of control signaling and just the horsepower under the hood the srx300 i'm using we definitely recommend running periodic slow on if i had a bigger srx it wouldn't be a problem but that's why i'm doing this configuration that's all we need for the aggregate configuration now we can get into the unit so a edit unit zero and we just do a set family ethernet switching interface mode trunk vlan member and we'll just so do all go up one we can see the complete configuration here that we've added let's go right ahead and top commit and quit and then we'll look for our interfaces and we won't see them and that's why i've done it this way i've left out a very important part because if you're new to junos this is something that might happen to you or you'll create this interface configuration and then you'll do a show interfaces terse and scroll through a bunch of stuff here but you can go all the way down and it should be here at the bottom and you'll see that it is not we're looking for an ae interface and we do not see it the reason we don't see it it actually has to do with the show command we just used specifically when you run that show command it'll show you all the physical hardware interfaces that are on the device including these ones down here at the bottom that are used internally for the most part we don't see the ae interface here because if we were to show the ae interfaces that this device supports it supports like 128 you'll be scrolling forever so what we have is a mechanism for controlling the number of available ae interfaces not for scale reasons but so that you don't get into a scroll disaster so what i need to do is go back into the configuration and go into chassis and you do set aggregated devices ethernet device count and i recommend giving yourself a number here that will naturally be more than you think you'll need during the production lifetime of this device nobody needs to go in here and type 100 usually not on the switch anyway i'm just going to put three i only need one i know this is a lab three to five is usually normal for these types of devices while we're in chassis we're also going to hit this alarms thing run show card system alarms you can see i've got output failure not okay this is just because i've been pulling power in and out of these things it's really this management ethernet linking down and rescue configuration is not set since i'm in chassis i can do a set alarm management ethernet link down ignore i'm not using the out-of-band management interface on this box and if you're not using it either you'll have to put this configuration in and then the rescue configuration here we can just do actually i guess at the end right now we can see right here that i've got the ae now it is not linked yet because i haven't moved the cables i'll do that here in a moment it's either there and let's just do a request system configuration rescue safe now show system alarms and this is just complaining because i do not have the second power supply actually plugged in right now so it's detecting output failure not okay it's just complaining down to plugged in now we got to set up our interface for our management so that means we're going to add a an irb or an svi for coming from ios for our management vlam show vlans don't remember all the time ahead so we just need to create an irb and we also need to make it sticky to that management vlan so we make it sticky by doing set vlans management and then we add this in l3 interface and irb dot you don't have to match the number of the vlan id do it or it'll drive you nuts uh 10 30. that irb does not exist yet so we're going to have to go create it irb i want fingers kind of cold in the basement office today 30. great and we're already in the unit so at this point we just set the family now since this is an irb you cannot set family ethernet switching you have to do set family inet or inet 6 or some other routed type interface and then we'll just do dhcp because i am going to be getting a dhcp address from my gateway if i wasn't i could set this manually here and then i could do a static route static route is on the list here i'll show you where to do that in a moment but we're just going to try to get a dhcp address from the device and i should get a default gateway at this point in our process it's time to patch our gateway into our ex4300 as you can see here i'm just pulling the fiber out of the cisco switch and moving the cables down to the ex i would point out that when i do this in production i generally plug the fiber into the transceiver before pushing it into the box just preference that way i'm actually not putting my thumb on the exposed end of the connector when i'm patching it in you check for link light ready to go let's see if that lacp interface came up let's just do a show interfaces terse ae zero to see if we're in an upstate oh we're not so hey let's troubleshoot it could be that these are gig interfaces and not 10 gig in fact that's plausible so if that's the case it's been a while so forgive me for kicking the rust off uh we should just be able to copy those over so we can actually even use the rename command or even better let's be sneaky since we only have the two that are configured the xe interfaces the 10 gigs i can do replace pattern xe dash with ge dash and top show pair you'll see that i've kind of elegantly renamed the 10 gig to one gig now these configurations could actually coexist at the same time and the hardware is just going to pick up whichever one is actually relevant but in this case i'm just i'm betting farm on it being that these are not 10 gig interfaces so we'll see if that works ah there we go [Music] pretty straightforward i got onto the gateway and i can see that at some point i deactivated the specific interface that i need giving out dhcp so we'll go ahead and activate that there we are great from this switch now i should be able to ping to the public internet and indeed i can now i mentioned earlier a static route i obviously don't need it right now because i'm getting that from my dhcp server but if you needed to configure one you would do it here under routing options and you do a set static route if it was a default static you could just do zero slash zero and then a next hop and from here put in whatever that gateway happened to be what's left spanning tree ah it's an easy one show protocols we can see what we have enabled rstp's enabled if you're coming over from cisco you might have been running pvst plus i'm not going to cover interop but just know that pvst plus is proprietary there are multiple spanning tree domains that can be defined the default domain uses the standard multicast address for announcement messages but all of the non-default realms for spanning tree do not they use proprietary signaling which means they won't work so we have interrupt guides out there if you need one ask me in the comments or it's on our website uh but just no that's a caveat validation so we've got some pies here let's just make sure that they've got ip addresses as well so vnc into those we'll jump into pi 3. hopefully this works because i was using these for a lab i have a secondary connection that i connected these with so if this isn't working it's not because they're not connected to the switch it's because i need to unwind what i was doing in my lab before for the sd-wan clock that i was participating in that's when we can log into we can see here that we have our ip address this is what in e0 okay so if config e0 there we go 10.20.0.2 perfect that is our guest network i know i said that that was going to do this management interface over here but i just did it via dhcp so we know that this handed out the dot 2 address and we'll just point that out i can ssh to this box we'll deal with that in the next oh yeah we'll deal with that in the next video where we do some hardening but right now this uh this box is wide open to all the networks that are connected to it so we can connect it we can ping i think that wraps us up oh but we've got to do our ntp so i'm not going to test across all these i do know they work and i obviously have to fix one of the pies so that i can actually get back to it on my management network internally i'll sort that out between now in the next video we need to set our ntp server so set system ntp and i am going to use pool.ntp.org which will just resolve to whatever name server happens to it happens to spit back there's that server right uh pool.ntp.org it automatically resolves that so if i go back and i look at show ntp you'll see that that ip address is here this is a pool so it can be different depending on time of day and whenever the command or run it multiple times at the same you know in a row sometimes we'll spit back different addresses which is why you need to have not only internet reachability but dns as well show mtp status we can see that we're connected you can also do show ntp associations and you'll see if you've actually got an association so we're looking good that's this video we've only got a couple more left you can see that i've got two hardening and then we'll do the virtual chassis and then i'm going to switch over to doing mist where we're going to import this brownfield virtual chassis into the miss platform and then i don't know probably nuke it and then recreate the configuration in a green field deployment till the next video which hopefully will be very soon i'll talk to you later any questions comments down below i like to respond with videos that's how i generate my content see in the next one

Info

Channel: 5 Minute Junos

Views: 266

Rating: 5 out of 5

Keywords:

Id: fg0fWwfz33A

Channel Id: undefined

Length: 14min 21sec (861 seconds)

Published: Mon Feb 15 2021