Showing posts from 2017

VMware 14.0 Workstation installation on OpenSuse Tumbleweed kernel 4.14.2

Patching vmware 14.0 for kernel headers 4.14.2:

sudo su

cd /tmp

cp /usr/lib/vmware/modules/source/vmmon.tar .

tar xf vmmon.tar

rm vmmon.tar


mv -f hostif.c vmmon-only/linux/hostif.c

tar cf vmmon.tar vmmon-only

rm -fr vmmon-only

mv -f vmmon.tar /usr/lib/vmware/modules/source/vmmon.tar

vmware-modconfig –console –install-all

Quality of Service scenarios and configuration HP Series 2530 Switches

This configuration review written based on official HP Advanced Traffic Management Guide with some scenarios added to clearify topics not fuly covered in the official guide. In this review you can find various configuration scenarios on QoS deployment for HP 2530 Series switches with detailed explanations how to deploy one or another QoS method/technique to achieve required results. This switch software review is intended for network administrators and support personnel who wants to depoly QoS service in low-price HP configurable switches.

Download Full Review  >>GET<< 
Inside this review (one of scenarios):
Let's consider another example when central Core switch connects Edge switches with running services on them. On edge switches SW1, SW2, SW3 we will be prioritizing the services traffic using DSCP policy prioritization and on core switch CoreSW the traffic will be prioritized using QoS VLAN-ID Priority with 802.1p prioritization on tagged (trunk) ports.

So switches…

Mikrotik Router OS CAPsMAN Wifi Controller Simple Configuration

Mikrotik Router OS CAPsMAN Configuration only bridge mode with external DHCP server and NAT service
You can deploy CAPsMAN wireless controller on any Mikrotik RouterOS hardware (for instance Haplite series routers)
1st step is to check our RouterOS image version, it should include wiressless package (check System>Packages). OS version on CAPsman controller should the same as in Access Point. You can upgrade the version manual. Go to the System>Packages, then simply drag and drop your previously downloaded imge. After I would recomend to reboot it from CLI / system reboot and then just run / system routerboard upgrade and again reboot it. Then we can check the version / sys rou print.
2nd step is to create bridge interface which should include our physycal interface or several interfaces, so we create bridging between our physycal interfaces or if it's only one interfaces then it will be put into bridge mode. Let's check our interfaces: /interface print
/interface bridge (this…

HPE MSR series router NAT, DHCP, SSH config

1. NAT Configuration
 1.1. Define Access List
[Router] acl basic 2001  [Router] step 1 [Router] rule 0 permit [Router] rule 10 deny
2. Interfaces Configuration
2.1. External (WAN) interface configuration
[Router] interface GigabitEthernet 0/0/0 [Router] ip address [Router] nat outbound 2001
2.2. Internal (LAN) sub-interfaces configuration
[Router] interface GigabitEthernet 0/0/1.2 [Router] ip address [Router] vlan-type dot1q vid 2
[Router] interface GigabitEthernet 0/0/1.3 [Router] ip address [Router] vlan-type dot1q vid 3
[Router] interface GigabitEthernet 0/0/1.4 [Router] ip address [Router] vlan-type dot1q vid 4
3. DHCP Server Configuration
3.1. Enable DHCP service on router
[Router] dhcp enable
3.2. Define dhcp settings for vlan 2
[Router] dhcp server ip-pool vlan 2 [Router] network mask [Router] dns-list [Router] gateway-list
3.3. Define d…

JNCIA Lab Guide




DHCP Relay Configuration on Juniper SRX 210 using Ubuntu 12.04 DHCP Server


Ubuntu IPSec/L2TP VPN Configuration


How to limit the traffic rate (bandwidth) on Juniper SRX 210 interface acting as switch

> First create a l3-interface to the VLAN you are trying to limit
>This way you will apply rate limit filter on transit traffic going in / out of VLAN e.g.

1) Filter Definition

firewall {
policer 2Mbps {
if-exceeding {
bandwidth-limit 2m;
burst-size-limit 100k;
then discard;
filter Filter-2Mbps {
term a {
from {
source-address {;
then {
policer 2Mbps;

2) Apply on VLAN Interface

interfaces {
vlan {
unit 0 {
family inet {
filter {
output 2Mbps;

How to disable LCD operational menu on Juniper EX 3200 / EX 4200 switches

In order to prevent factory reset on switches with LCD operational menu you can use the following command:

# set chassis lcd fpc 0 maintenance-menu disable

Block ICMP on Juniper SRX 210

Assume you have SRX connected to a VLAN, example SRX has IP in that subnet, like 192.1168.1.1. You have PCs in that same VLAN/subnet and try to block ICMP between those PCs, so you want to effectively block from pinging So is it possible on SRX 210?

Well, you may think that it should be done with some polices like:

match source address my PC
match application [junos-ping, junos-icmp-all.....]

match destiantion address any
then reject

>The result of this policy - you won't be able to ping external hosts (public IPs) but you can ping your local hosts in vlan. This can not be accomplished via policies btw since the PCs are in the same vlan.

Another posibility is to apply firewall filter into vlan confiuration:
set firewall family inet filter icmp term 1 from protocol icmp

set firewall family inet filter icmp term 1 then discard
set firewall family inet filter icmp term 2 then accept
set interfaces vlan unit 2 family inet filter input icmp

The result of…

Steps to configure interface-range on Juniper EX/SRX devies

Configure vlan:
user@juniper# set vlans voip vlan-id 10

Configuring the interface-range "test" to be a part of a vlan (voip):
user@juniper# set interfaces interface-range test unit 0 family ethernet-switching vlan members voip

Adding member interfaces (actual physical interface) to the interface range:user@juniper# set interfaces interface-range test member-range ge-0/0/0.0 to ge-0/0/10 

configuration check succeeds
commit complete

Install Junos with USB

You discover that your Junos EX or SRX device does not complete normal boot up. The image seems to be corrupted for some reason, such as a continuous power failure. If this occurs, don’t worry, you can get it back up within few minutes using the USB port.

Step 1. Get a USB flash drive. Copy the Junos image to the USB drive (without creating folders). Use FAT file format if the USB size is less than 2 GB. Use FAT32 if the USB size is greater than or equal to 4 GB. The example below uses the file image junos-srxsme-10.4R1.9-domestic.tgz.

Step 2. Insert the flash into an EX/SRX USB port.

Step 3. Reboot the device. When Junos boots up, you will see the
message :

Press Space to abort autoboot
Do nothing. A little while later, you will see:
Hit [Enter] to boot immediately, or space bar for command
Press the space bar. You will be at loader mode; the prompt should
be loader>. If the prompt is > , type >boot to make it loader>.

Step 4. Now type the following command:

loader> instal…

DHCP & NAT on Juniper SRX 210 for all interfaces

Assume that we need to distribute the Internet on SRX210 using DHCP, NAT services for all interfaces. Our provider issued us a public IP address (for ex. which we gonna assign to untrust zone on ge-0/0/1 interface. Interfaces fe-0/0/2 through fe-0/0/7 we shall assign to trust zone, include them in routed vlan and configure for dhcp service. Let's see how it will be:

set system services dhcp pool address-range low
set system services dhcp pool address-range high
set system services dhcp pool default-lease-time 3600
set system services dhcp pool domain-name
set system services dhcp pool name-server
set system services dhcp pool router
set interfaces ge-0/0/1 unit 0 family inet address
set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members dhcp
set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan mem…

Interface Rate Limit on Juniper EX switches

1. Configure the policer

root@juniperlab# set firewall policer Policer_2M if-exceeding bandwidth-limit 1M
root@juniperlab# set firewall policer Policer_2M if-exceeding burst-size-limit 2k
root@juniperlab# set firewall policer Policer_2M then discard

2. Configure the firewall filter

root@juniperlab# set firewall family ethernet-switching filter Limit term 1 then accept
root@juniperlab# set firewall family ethernet-switching filter Limit term 1 then policer Poicer_2M

3. Apply filter on interface (can be any interface as required)

root@juniperlab# set interface ge-0/0/24.0 family ethernet-switching filter input Limit

Note: Remember that EX series switches apply rate limit only on ingress.

Implementing QoS in Juniper SRX 210

There are a lot of implementing QOS scenarios and I won't tell you about all. Depending on configuration we can apply different types of classifiers, policing, simple filters and so on. I just wanna show you the config for SRX 210 when it's required to prioritize voice over data traffic and due to configuration there is no possibility to apply MF classifiers, filters, policers.

Forwarding Classes

Step 1: Define egress queues for voice, data, best-effort, network-control:

root# set class-of-service forwarding-classes queue 0 voice-class
root# set class-of-service forwarding-classes queue 1 data-class
root# set class-of-service forwarding-classes queue 2 best-effort
root# set class-of-service forwarding-classes queue 3 network-control
Classification BA Classifiers
Step 1: Enter into COS classifiers hierarchy, and create classification profile based on DSCP:
root# edit class-of-service classifiers dscp traffic_classifiers
Step 2: Import default code-points defined by SRX to avoid defining …

Juniper SRX 210 Voice over Data traffic priority config


1.1 BA Classification

To apply a BA classifier, first define a classifier, a list of code points (values of the DSCP or EXP bit field), and the associated forwarding classes and packet loss priorities. Once the classifier is defined, it can be applied to a logical interface. The loss priority and forwarding class will be determined by querying the classifier table for that interface, using the ingress DSCP/EXP bits of the packet as the index value (the determination of which bits to query is based on the protocol family MPLS, IPv6, or IP).

The classifier defines IP precedense value 101 as voice traffic and 000 as data traffic.
set class-of-service classifiers ine…