Re: [j-nsp] Re-use of PIC cards
Dears, i think no limitation. the limitation is only the box capacity as we know that M160 is capable to handle traffic up to 160G full duplex. Best Regards, --- Eng. : Mohamed Attia From: evangell...@btinternet.com To: juniper-nsp@puck.nether.net Date: Thu, 28 Jan 2010 03:17:14 + Subject: [j-nsp] Re-use of PIC cards what are the limitations on re-using M160 PIC cards, there is a mixture of SONET from OC3 thru OC48 and ethernet 1000 cards. Any thoughts Evan Beware of any enterprise that requires new clothes. HENRY DAVID THOREAU ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _ Hotmail: Trusted email with powerful SPAM protection. http://clk.atdmt.com/GBL/go/196390707/direct/01/ ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] arp logs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Maybe you're looking for this: no-gratuitous-arp-reply no-gratuitous-arp-request in an interface context. This may prevent some scenarios using HA though. sven03 On 1/28/10 8:51 AM, mohamed attia wrote: Dear All, hope you are doing well. last week i received the below log from juniper box M320 could you help me to prevent my box feom this log kernel: KERN_ARP_ADDR_CHANGE: arp info overwritten for 95.100.26.214 from 00:30:48:b9:60:77 to 00:30:48:b9:b2:1f _ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/196390710/direct/01/ ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (Darwin) iEYEARECAAYFAkthRfMACgkQnEU7erAt4TIqMgCfbYLUGLx+jKAyi/HJNR+FK5iA aG0AnRUiUx70vEtK+288fn1VS7PgdQU3 =sO2o -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Re-use of PIC cards
Note that M160 PICs that were EOL when a new platform (M120..) was announced are not supported by the new platform. Example: fixed optics OC48 PIC ///Markus ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] arp logs
Hi Seven, thanks for your attention, but if its possible could you keep me updated with more details Best Regards, --- Eng. : Mohamed Attia Tel: +2 010 2039799 Date: Thu, 28 Jan 2010 09:08:19 +0100 From: s.juergen...@kielnet.de CC: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] arp logs -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Maybe you're looking for this: no-gratuitous-arp-reply no-gratuitous-arp-request in an interface context. This may prevent some scenarios using HA though. sven03 On 1/28/10 8:51 AM, mohamed attia wrote: Dear All, hope you are doing well. last week i received the below log from juniper box M320 could you help me to prevent my box feom this log kernel: KERN_ARP_ADDR_CHANGE: arp info overwritten for 95.100.26.214 from 00:30:48:b9:60:77 to 00:30:48:b9:b2:1f _ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/196390710/direct/01/ ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (Darwin) iEYEARECAAYFAkthRfMACgkQnEU7erAt4TIqMgCfbYLUGLx+jKAyi/HJNR+FK5iA aG0AnRUiUx70vEtK+288fn1VS7PgdQU3 =sO2o -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. http://clk.atdmt.com/GBL/go/196390709/direct/01/ ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] regd RE
On Thursday 28 January 2010 01:18:16 pm chandrasekaran iyer wrote: Can anyone point me to a link or document, that states which RE models can go with the router platforms like M320,m160,m20,t1600 etc. What is RE's memory capacity,CPU speed etc. How many maximum routes each model can hold. http://tinyurl.com/yczsb6l http://tinyurl.com/yh5doy3 http://tinyurl.com/yb6m2xn http://tinyurl.com/ydzny54 http://tinyurl.com/ycmpqwb The information is all there. Please do take the time to study it. One thing you will notice, though, is that you currently can't get larger than 4GB DRAM on the largest RE. That goes back to the fact that JUNOS is riding on top of a 32-bit FreeBSD kernel. When they do go 64-bit, we should see greater memory support. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] arp logs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, given the amount of information about your configs, network etc, it's hard make any relevant calls. The issue could be a duplicate IP address, a HA-setup fubaring your router, VRRP playing tricks like giving you unsolicited/gratuitous arps and the like. Are the MAC-adresses part of that one box? Is that interface directed towards your own infrastructure or externally? Any VRRP configured? Are servers using redundant setups connected to that segment? Shrug, Sven On 1/28/10 9:23 AM, mohamed attia wrote: Hi Seven, thanks for your attention, but if its possible could you keep me updated with more details Best Regards, --- Eng. : Mohamed Attia mailto:mohamed.at...@tedata.net Tel: +2 010 2039799 Date: Thu, 28 Jan 2010 09:08:19 +0100 From: s.juergen...@kielnet.de CC: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] arp logs Maybe you're looking for this: no-gratuitous-arp-reply no-gratuitous-arp-request in an interface context. This may prevent some scenarios using HA though. sven03 On 1/28/10 8:51 AM, mohamed attia wrote: Dear All, hope you are doing well. last week i received the below log from juniper box M320 could you help me to prevent my box feom this log kernel: KERN_ARP_ADDR_CHANGE: arp info overwritten for 95.100.26.214 from 00:30:48:b9:60:77 to 00:30:48:b9:b2:1f _ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/196390710/direct/01/ ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp Mit freundlichen Gruessen, i. A. Sven Juergensen ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now.http://clk.atdmt.com/GBL/go/196390709/direct/01/ Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (Darwin) iEYEARECAAYFAkthfc4ACgkQnEU7erAt4TKc3QCg9YED0IIpJwrZS7iNdTqBMf5n seYAnjA/7kOX5ruodpfp4W9fAc38Bvn7 =j/GI -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] telnet access
Hi Team, 1) in case of juniper, telnet access restriction can only be configured on loopback 0 unit 0 ? 2) does that mean, no one can telnet by default on any other phsyical interface or any other loopbacks units ? -- Taqdir Singh Network Engineering (+91) 991-170-9496 | (+91) 801-041-5988 One who asks is a fool for a moment, one who doesn't ask remains fool for ever ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] telnet access
Correct. This is a little different than how you think of security in Cisco ACL's, but think of it as that any services that run on the router itself enter the router's management IP stack on lo0. The folks over at CYRMU have some nice docs on Juniper security such as: http://www.cymru.com/gillsr/documents/junos-template.htm -Scott -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Taqdir Singh Sent: Thursday, January 28, 2010 7:54 AM To: juniper-nsp@puck.nether.net Subject: [j-nsp] telnet access Hi Team, 1) in case of juniper, telnet access restriction can only be configured on loopback 0 unit 0 ? 2) does that mean, no one can telnet by default on any other phsyical interface or any other loopbacks units ? -- Taqdir Singh Network Engineering (+91) 991-170-9496 | (+91) 801-041-5988 One who asks is a fool for a moment, one who doesn't ask remains fool for ever ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] telnet access
-Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp- boun...@puck.nether.net] On Behalf Of Taqdir Singh Sent: Thursday, January 28, 2010 7:54 AM To: juniper-nsp@puck.nether.net Subject: [j-nsp] telnet access Hi Team, 1) in case of juniper, telnet access restriction can only be configured on loopback 0 unit 0 ? There are no such restrictions. 2) does that mean, no one can telnet by default on any other phsyical interface or any other loopbacks units ? In packet mode JUNOS the default is to allow telnet to any interface on the box. If you're running SRX or J-Series (with secure flow mode) the default is to deny telnet on any interfaces. You would need to configure host-inbound-services under the respective zone or interface to allow telnet access on those interfaces. Stefan Fouant, CISSP, JNCIE-M/T www.shortestpathfirst.net GPG Key ID: 0xB5E3803D ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] telnet access
Telnet can be enabled on any/all IP interfaces. Simply add telnet as a services
under the [edit system services] stanza.
system {
services {
telnet {
connection-limit 5;
rate-limit 5;
}
}
}
This will allow telnet on every interface.
You might want to also enable the connection limit and rate limit variables,
to prevent people from brute-forcing password attempts on your device.
The example you may have been looking at, involves how to prevent The
Internet from telnetting to your router; by placing a filter on lo0 to
restrict who can make a telnet connection to your device; which involves
placing a [firewall filter] against interface lo0 unit 0. Interface lo0
represents the management of the device from the perspective of the transit
interfaces (i.e. every IP interface but fxp0).
By default, if you enable telnet in the [edit system services] stanza, anyone
can telnet to any of the IP addresses on your device. (ge-x/x/x.x interfaces,
lo0.x loopback interfaces, and the like).
I highly recommend disabling telnet and using ssh instead:
system {
services {
ssh {
root-login deny;
connection-limit 3;
rate-limit 5;
}
}
}
For more information on how to protect your router's in-band management from
being hacked, Team CYMRU has a nice document to assist you.
the document can be found here:
http://www.cymru.com/gillsr/documents/junos-template.pdf
Regards,
- Chris.
juniperdude at gmail.com
On 2010-01-28, at 5:54 AM, Taqdir Singh wrote:
Hi Team,
1) in case of juniper, telnet access restriction can only be configured on
loopback 0 unit 0 ?
2) does that mean, no one can telnet by default on any other phsyical
interface or any other loopbacks units ?
--
Taqdir Singh
Network Engineering
(+91) 991-170-9496 | (+91) 801-041-5988
One who asks is a fool for a moment, one who doesn't ask remains fool for
ever
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Strange Errormessage - jtag0 incorrect pn, 0x2400
Hi colleagues, i had some strange messages in my log after booting - Jan 28 17:05:10 lab-router1 feb CM: Error requesting SBR SET BOOLEAN, illegal setting 33 Jan 28 17:05:10 lab-router1 feb CM: Error requesting SBR SET BOOLEAN, illegal setting 33 Jan 28 17:05:26 lab-router1 feb GE(1/0): jtag0 incorrect pn, 0x2400 Jan 28 17:05:26 lab-router1 feb GE(1/0): jtag1 incorrect manufacturer, 0x5561 JunOS 8.5S5 on a M10 with RE-3.0 Any ideas what it means? Regards, Joerg ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] M20 password recovery procedure
M20 running Junos5.7 and we've attempted to follow the password recovery procedure from single user but are getting disk read errors when invoking /usr/libexec/ui/recovery-mode; the fsck to repair these eventually fails. The issue is that `/usr/libexec/ui/recovery-mode` needs to run fsck, the fsck fails, and the CLI from which you can set the root password is never invoked. We're attempting to unpack and edit the configuration files directly because password data is not handled in the traditional UNIX way. Ie., there is no `passwd` command or /etc/passwd /etc/shadow Please advise. ~.~ Best regards, Larry E. Stites Northern California Networks, Inc. Nevada City, Calif. 95959 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Strange Errormessage - jtag0 incorrect pn, 0x2400
Sounds like a hardware failure or a counterfeit board if that exists for Juniper. -Scott -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Joerg Staedele Sent: Thursday, January 28, 2010 12:41 PM To: juniper-nsp@puck.nether.net Subject: [j-nsp] Strange Errormessage - jtag0 incorrect pn, 0x2400 Hi colleagues, i had some strange messages in my log after booting - Jan 28 17:05:10 lab-router1 feb CM: Error requesting SBR SET BOOLEAN, illegal setting 33 Jan 28 17:05:10 lab-router1 feb CM: Error requesting SBR SET BOOLEAN, illegal setting 33 Jan 28 17:05:26 lab-router1 feb GE(1/0): jtag0 incorrect pn, 0x2400 Jan 28 17:05:26 lab-router1 feb GE(1/0): jtag1 incorrect manufacturer, 0x5561 JunOS 8.5S5 on a M10 with RE-3.0 Any ideas what it means? Regards, Joerg ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Recommendations for Denver Juniper training facility ?
Completely non-technical, but if anyone has had any training at the Denver, CO, USA training centre and has recommendations for/against accomodations near the centre (it's on Arapahoe, I think), could you pass them my way privately? Thanks. David ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
