In this article, I will give an example of configuring ports on a Juniper MX204.
First, let’s look at information about the line card on which the ports are located:
show chassis fpc ?
show chassis fpc
show chassis fpc 0 detail
show chassis pic fpc-slot 0 pic-slot 0
show chassis pic fpc-slot 0 pic-slot 1
show chassis fpc pic-status
Examples of viewing information about ports (network interfaces):
show interfaces
show interfaces ?
show interfaces fxp0
show interfaces et-0/0/1
show interfaces et-0/0/1 extensive
show interfaces terse et*
show interfaces terse | match 10.11.0.2
show interfaces xe-0/1/0 brief
show interfaces xe-0/1/0 media
show interfaces fxp0 ?
show interfaces ?
show interfaces descriptions
In my case, it was necessary to switch ports to 40 Gbit/s (QSFP+):
configure
edit chassis
show
set chassis fpc 0 pic 0 port 0 speed 40g
set chassis fpc 0 pic 0 port 1 speed 40g
set chassis fpc 0 pic 0 port 2 speed 40g
set chassis fpc 0 pic 0 port 3 speed 100g
show
exit
On the MX204, all 4 ports cannot be converted to 40G; available configuration options can be viewed on the official website
apps.juniper.net/port-checker/mx204/
Example of configuring 8 ports on PIC 1:
set chassis fpc 0 pic 1 port 0 speed 10g
set chassis fpc 0 pic 1 port 1 speed 10g
set chassis fpc 0 pic 1 port 2 speed 10g
set chassis fpc 0 pic 1 port 3 speed 10g
set chassis fpc 0 pic 1 port 4 speed 10g
set chassis fpc 0 pic 1 port 5 speed 10g
set chassis fpc 0 pic 1 port 6 speed 10g
set chassis fpc 0 pic 1 port 7 speed 10g
Example of deleting settings:
delete fpc 0 pic 1 port 0 speed 10g
delete fpc 0 pic 1 port 1 speed 10g
delete fpc 0 pic 1 port 2 speed 10g
delete fpc 0 pic 1 port 3 speed 10g
delete fpc 0 pic 1 port 4 speed 10g
delete fpc 0 pic 1 port 5 speed 10g
delete fpc 0 pic 1 port 6 speed 10g
delete fpc 0 pic 1 port 7 speed 10g
You can also disable the second card and set the ports on the first card to 100 Gbit/s (the maximum capacity of the MX204 is 400 Gbps):
set chassis fpc 0 pic 0 pic-mode 100G
set chassis fpc 0 pic 1 number-of-ports 0
set chassis fpc 0 pic 1 power off
After the changes, return to the CLI and restart the card:
exit
exit
request chassis fpc slot 0 offline
show chassis fpc
request chassis fpc slot 0 online
show chassis fpc
request chassis fpc (offline | online | restart | force) slot slot-number
request chassis fpc restart slot 0
After a reboot, Juniper loads first, a little later the card, so the interfaces will not be displayed immediately until the map loads, you need to wait a bit.
After the card starts up, you can proceed to further configure the ports:
configure
edit interfaces
show
Let’s add a description:
set interfaces et-0/0/1 description "UPLINK"
set interfaces et-0/0/2 description "USERS"
Disable flow control:
set et-0/0/1 gigether-options no-flow-control
set et-0/0/2 gigether-options no-flow-control
An example of changing the MTU:
set et-0/0/2 mtu 2000
Let’s allow tagged traffic:
set et-0/0/1 vlan-tagging
Or tagged traffic with one or two VLAN tags:
set et-0/0/1 flexible-vlan-tagging
Either QinQ:
set et-0/0/1 stacked-vlan-tagging
set et-0/0/1 unit 0 vlan-tags outer 222
set et-0/0/1 unit 0 vlan-tags inner 111
If there will be several types of configuration on one port for different VLANs, trunk, bridge, etc. then run the command:
set et-0/0/2 encapsulation flexible-ethernet-services
An example of setting up an L3 interface without a vlan tag (access), for example, to connect a cable from a provider and establish a BGP session with it:
set et-0/0/2 description UPLINK_VLAN_777_IXNFO_COM
set et-0/0/2 gigether-options no-flow-control
set et-0/0/2 unit 0 family inet address 192.168.5.82/30
In order for VLANs to be automatically added and removed on the interface, you can create a profile, for example, with the name Auto-VLAN-Demux and assign it, for example, to the VLAN range 555-777 (if the interface is only users, then you can specify “ranges any”, see an example of creating in my other article at the link below):
set et-0/0/2 auto-configure vlan-ranges dynamic-profile Auto-VLAN-Demux accept dhcp-v4
set et-0/0/2 auto-configure vlan-ranges dynamic-profile Auto-VLAN-Demux ranges 555-777
set et-0/0/2 auto-configure remove-when-no-subscribers
An example of manually configuring VLAN on an interface and assigning an IP address:
set et-0/0/2 unit 500 vlan-id 500
set et-0/0/2 unit 500 family inet address 10.30.40.1/24
set et-0/0/2 unit 501 vlan-id 512
set et-0/0/2 unit 501 family inet address 10.30.41.1/24
Of course, it is more convenient to specify the unit number the same as the vlan-id.
Be sure to specify the previously created limit-mgmt-access filter, which will restrict connections to this IP address, allowing access, for example, via SSH, telnet, etc. only to trusted addresses, similarly, the filter is indicated for other IP addresses that are on the device):
set et-0/0/2 unit 500 family inet filter input limit-mgmt-access
For more details see my article – Restricting access to management on Juniper MX
If it is necessary that the traffic of a certain VLAN can go between different interfaces (ports), then you need to configure the bridge domain, see my article for more details – Bridge Domain Configuration on Juniper MX
After any changes, check and apply the configuration:
commit check
commit
An example of viewing the arp table (some commands will only work if certain port settings are made):
show arp
show arp state
show bridge mac-table
show interfaces mac-database
show ethernet-switching table
See also my articles:
- Bridge Domain Configuration on Juniper MX
- How to disable a port
- Juniper MX204 setup
- How to change MTU on Juniper