<load-configuration format="xml">
<configuration>
    <interfaces>
        <interface>
            <name>et-0/0/0</name>
            <unit>
                <name>0</name>
                <family>
                    <inet>
                        <filter>
                            <input>
                                <filter-name>fw_filter</filter-name>
                            </input>
                        </filter>
                    </inet>
                </family>
            </unit>
        </interface>
<interface>
            <name>et-0/0/10</name>
            <unit>
                <name>0</name>
                <family>
                    <inet>
                        <filter>
                            <input>
                                <filter-name>fw_filter</filter-name>
                            </input>
                        </filter>
                    </inet>
                </family>
            </unit>
        </interface>
        <interface>
            <name>et-0/0/20</name>
            <unit>
                <name>0</name>
                <family>
                    <inet>
                        <filter>
                            <input>
                                <filter-name>fw_filter</filter-name>
                            </input>
                        </filter>
                    </inet>
                </family>
            </unit>
        </interface>
    </interfaces>
    <forwarding-options>
        <port-mirroring>
            <instance>
                <name>tcp80</name>
                <family>
                    <inet>
                        <output>
                            <interface>
                                <name>et-0/0/30.0</name>
                                <next-hop>
                                    <name>200.0.10.2</name>
                                </next-hop>
                            </interface>
                        </output>
                    </inet>
                </family>
            </instance>
            <instance>
                <name>tcp443</name>
                <family>
                    <inet>
                        <output>
                            <interface>
                                <name>et-0/0/30.0</name>
                                <next-hop>
                                    <name>200.0.10.2</name>
                                </next-hop>
                            </interface>
                        </output>
                    </inet>
                </family>
            </instance>
            <instance>
                <name>udp123</name>
                <family>
                    <inet>
                        <output>
                            <interface>
                                <name>et-0/0/30.0</name>
                                <next-hop>
                                    <name>200.0.10.2</name>
                                </next-hop>
                            </interface>
                        </output>
                    </inet>
                </family>
            </instance>
        </port-mirroring>
    </forwarding-options>
    <firewall>
        <family>
            <inet>
                <filter>
                    <name>fw_filter</name>
                    <term>
                        <name>tcp80</name>
                        <from>
                            <destination-address>
                                <name>1.1.1.1/32</name>
                            </destination-address>
                            <protocol>tcp</protocol>
                            <destination-port>80</destination-port>
                        </from>
                        <then>
                            <port-mirror-instance>tcp80</port-mirror-instance>
                            <discard>
                            </discard>
                        </then>
                    </term>
                    <term>
                        <name>tcp443</name>
                        <from>
                            <destination-address>
                                <name>2.2.2.2/32</name>
                            </destination-address>
                            <protocol>tcp</protocol>
                            <destination-port>443</destination-port>
                        </from>
                        <then>
                            <port-mirror-instance>tcp443</port-mirror-instance>
                            <discard>
                            </discard>
                        </then>
                    </term>
                    <term>
                        <name>udp123</name>
                        <from>
                            <source-address>
                                <name>3.3.3.3/32</name>
                            </source-address>
                            <protocol>udp</protocol>
                            <source-port>123</source-port>
                        </from>
                        <then>
                            <port-mirror-instance>udp123</port-mirror-instance>
                            <discard>
                            </discard>
                        </then>
                    </term>
                    <term>
                        <name>default</name>
                        <then>
                            <accept/>
                        </then>
                    </term>
                </filter>
            </inet>
        </family>
    </firewall>
</configuration>
</load-configuration>
<commit/>

https://www.juniper.net/documentation/us/en/software/junos/high-availability/topics/example/VRRP-qfx-series-load-sharing.html

Example: Configuring VRRP for Load Sharing

date_range17-Feb-21

Product and Release Support

arrow_backward arrow_forward

If you do not want to dedicate a switch to be a VRRP backup (and therefore leave it idle unless the primary fails), you can create a load-sharing configuration in which each participating switch simultaneously acts as a primary and a backup.

One reason to use a load-sharing (active-active) configuration is that you are more likely to actively monitor and maintain both switches and notice if a problem occurs on either of them. If you use a configuration in which one switch is only a backup (an active-backup configuration), you might be less likely to pay attention to the backup switch while it is idle. In the worst case, this could lead to the backup switch developing an undetected problem and not being able to perform adequately when a failover occurs.

Requirements

This example uses the following hardware and software components:

• Two switches
• Junos OS Release 11.3 or later
• Static routing or a dynamic routing protocol enabled on both switches.

Overview and Topology

This example uses two VRRP groups, each of which has its own virtual IP address. Devices on the LAN use one of these virtual IP addresses as their default gateway. If one of the switches fails, the other switch takes over for it. In the topology shown in Figure 1, for example, Switch A is the primary for VRRP group 100. If Switch A fails, Switch B takes over and forwards traffic that the end devices send to the default gateway address 10.1.1.1.

Figure 1: VRRP Load-Sharing Configuration

This example shows a simple configuration to illustrate the basic steps for configuring two switches running VRRP to back each other up.Table 1 lists VRRP settings for each switch.

Topology

Table 1: Settings for VRRP Load-Sharing ExampleSwitch ASwitch B

In addition to configuring the two switches as shown, you must configure your end devices so that some of them use one of the virtual IP addresses as their default gateway and the remaining end devices use the other virtual IP address as their default gateway.

Note that if a failover occurs, the remaining switch might be unable to handle all of the traffic, depending on the demand.

Configuring VRRP on Both Switches

Procedure

• CLI Quick Configuration
• Step-by-Step Procedure
• Step-by-Step Procedure
• Results

CLI Quick Configuration

Enter the following on Switch A:

content_copy zoom_out_map

[edit] set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 100 virtual-address 10.1.1.1 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 100 priority 250 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 200 virtual-address 10.1.1.2 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 200 priority 200

Enter the following on Switch B:

content_copy zoom_out_map

[edit] set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 100 virtual-address 10.1.1.1 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 100 priority 200 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 200 virtual-address 10.1.1.2 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 200 priority 250

Step-by-Step Procedure

Configure the VRRP groups and priorities on Switch A:

1. Create VRRP group 100 on Switch A and configure the virtual IP address for the group:
2. content_copy zoom_out_map
3. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 100 virtual-address 10.1.1.1
4. Assign the VRRP priority for this interface in this group:
5. content_copy zoom_out_map
6. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 100 priority 250
7. Create VRRP group 200 on Switch A and configure the virtual IP address for the group:
8. content_copy zoom_out_map
9. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 200 virtual-address 10.1.1.2
10. Assign the VRRP priority for this interface in this group:
11. content_copy zoom_out_map
12. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 100 priority 200

Step-by-Step Procedure

Configure the VRRP groups and priorities on Switch B:

1. Create VRRP group 100 on Switch B and configure the virtual IP address for the group:
2. content_copy zoom_out_map
3. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 100 virtual-address 10.1.1.1
4. Assign the VRRP priority for this interface in this group:Switch A remains the primary for group 100 because it has the highest priority for this group.
5. content_copy zoom_out_map
6. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 100 priority 200
7. Create VRRP group 200 on Switch A and configure the virtual IP address for the group:
8. content_copy zoom_out_map
9. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 200 virtual-address 10.1.1.2
10. Assign the VRRP priority for this interface in this group:Switch B becomes the primary for group 200 because it has the highest priority for this group.
11. content_copy zoom_out_map
12. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 100 priority 250

Results

Display the results of the configuration on Switch A:

content_copy zoom_out_map

user@switch> show configuration interfaces { xe-0/0/0 { unit 0 { family inet { address 10.1.1.251 { vrrp-group 100 { virtual address 10.1.1.1 priority 250 } vrrp-group 200 { virtual address 10.1.1.2 priority 200 } } } } } }

Display the results of the configuration on Switch B:

content_copy zoom_out_map

user@switch> show configuration interfaces { xe-0/0/0 { unit 0 { family inet { address 10.1.1.252 { vrrp-group 100 { virtual address 10.1.1.1 priority 200 } vrrp-group 200 { virtual address 10.1.1.2 priority 250 } } } } } }

Verification

• Verifying that VRRP Is Working on Switch A
• Verifying that VRRP Is Working on Switch B

Verifying that VRRP Is Working on Switch A

• Purpose
• Action
• Meaning

Purpose

Verify that VRRP is active on Switch A and that the primary and backup roles are correct.

Action

Use the following command to verify that VRRP is active on Switch A and that the switch is primary for group 100 and backup for group 200.

content_copy zoom_out_map

user@switch> show vrrp Interface State Group VR state Timer Type Address xe-0/0/0.0 up 100 master A .0327 lcl 10.1.1.251 vip 10.1.1.1 xe-0/0/0.0 up 200 backup A .0327 lcl 10.1.1.251 vip 10.1.1.2

Meaning

The show vrrp command displays fundamental information about the VRRP configuration. This output shows that both VRRP groups are active and that this switch has assumed the correct primary and backup roles. The lcl address is the physical address of the interface and the vip address is the virtual address shared by both switches. The Timer value (A .0327) indicates the remaining time (in seconds) in which this switch expects to receive a VRRP advertisement from the other switch. If an advertisement for group 200 does not arrive before the timer expires, Switch A asserts itself as the primary for this group.

Verifying that VRRP Is Working on Switch B

• Purpose
• Action
• Meaning

Purpose

Verify that VRRP is active on Switch B and that the primary and backup roles are correct.

Action

Use the following command to verify that VRRP is active on Switch B and that the switch is backup for group 100 and primary for group 200.

content_copy zoom_out_map

user@switch> show vrrp Interface State Group VR state Timer Type Address xe-0/0/0.0 up 100 backup A .0327 lcl 10.1.1.252 vip 10.1.1.1 xe-0/0/0.0 up 200 master A .0327 lcl 10.1.1.252 vip 10.1.1.2

Meaning

The show vrrp command displays fundamental information about the VRRP configuration. This output shows that both VRRP groups are active and that this switch has assumed the correct primary and backup roles. The lcl address is the physical address of the interface and the vip address is the virtual address shared by both switches. The Timer value (A .0327) indicates the remaining time (in seconds) in which this switch expects to receive a VRRP advertisement from the other switch. If an advertisement for group 100 does not arrive before the timer expires, Switch B asserts itself as the primary for this group.

Juniper SRX request chassis cluster failover redundancy-group

date_range22-Feb-21

arrow_backward arrow_forward

Syntax

content_copy zoom_out_map

request chassis cluster failover node node-number redundancy-group redundancy-group-number

Description

For chassis cluster configurations, initiate manual failover in a redundancy group from one node to the other, which becomes the primary node, and automatically reset the priority of the group to 255. The failover stays in effect until the new primary node becomes unavailable, the threshold of the redundancy group reaches 0, or you use the request chassis cluster failover reset command.

After a manual failover, you must use the request chassis cluster failover reset command before initiating another failover.

Options

• node node-number—Number of the chassis cluster node to which the redundancy group fails over.
• Range: 0 or 1
• redundancy-group group-number—Number of the redundancy group on which to initiate manual failover. Redundancy group 0 is a special group consisting of the two Routing Engines in the chassis cluster.
• Range: 0 through 255

Required Privilege Level

maintenance

Output Fields

When you enter this command, you are provided feedback on the status of your request.

Sample Output

request chassis cluster failover redundancy-group

content_copy zoom_out_map

user@host> request chassis cluster failover redundancy-group 0 node 1 {primary:node0} user@host> request chassis cluster failover redundancy-group 0 node 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Initiated manual failover for redundancy group 0

Release Information

Command introduced in Junos OS Release 9.0.

RELATED DOCUMENTATION

• Initiating a Chassis Cluster Manual Redundancy Group Failover
• Verifying Chassis Cluster Failover Status

Juniper show command (RSI : request support information)

request support information | no-more
request support information | save RSI_20210208

show system uptime no-forwarding
show version detail no-forwarding
show system core-dumps no-forwarding
show chassis alarms no-forwarding
show chassis hardware detail no-forwarding
show system processes extensive no-forwarding
show pfe statistics error
show pfe statistics traffic
show chassis routing-engine no-forwarding
show chassis environment no-forwarding
show chassis firmware no-forwarding
show chassis fpc detail
show system boot-messages no-forwarding
show system storage no-forwarding
show system virtual-memory no-forwarding
show system buffer no-forwarding
show system queues no-forwarding
show system statistics no-forwarding
show configuration | except SECRET-DATA | display omit
show interfaces extensive no-forwarding
show chassis hardware extensive no-forwarding
show krt queue
show krt state
show route summary
show arp no-resolve
show pfe statistics bridge
show ethernet-switching table
show ethernet-switching interfaces detail
show ethernet-switching mac-learning-log
show vlans extensive
show spanning-tree bridge detail
show spanning-tree interface
show redundant-trunk-group
show lldp neighbors
show dhcp snooping binding
show arp no-resolve
show arp inspection statistics
show dot1x interface
show dot1x interface detail
show pfe statistics bridge
show system services dhcp binding detail
show system services dhcp statistics
show lldp neighbors
show vrrp summary
show chassis firmware
show route forwarding-table
show ipv6 neighbors
show lacp interfaces
show lacp statistics interfaces
show services unified-access-control status
show services unified-access-control authentication-table
show services unified-access-control policies
file show /var/run/dmesg.boot.detail
show virtual-chassis protocol statistics
show virtual-chassis vc-port statistics extensive
show virtual-chassis status
show virtual-chassis vc-port
show virtual-chassis active-topology
show virtual-chassis protocol adjacency
show virtual-chassis protocol database extensive
show virtual-chassis protocol route
show virtual-chassis protocol statistics
show vrrp summary
show virtual-chassis vc-port statistics extensive
show chassis pic-mode
show protection-group ethernet-ring configuration
show protection-group ethernet-ring aps
show protection-group ethernet-ring interface
show protection-group ethernet-ring node-state
show protection-group ethernet-ring statistics detail
show chassis fpc pfe-version
show captive-portal interface
show captive-portal authentication-failed-users

Juniper Troubleshooting Commands

Managing configuration

configure exclusive – to prevent others modifying the while in configuration mode

status – show users currently logged in

compare (filename | rollback n)

#commit | display detail – debug commit
#commit check
#commit comment
#commit confirmed
#commit at [tt:mm | yyyy-mm-dd hh:mm | reboot], to cancel:

clear system [commit | reboot ] - to cancel scheduled state:

show system commit
show configuration ….

#load {set} {merge | replace | override } {relative} [terminal | file] – paste - Ctrl+D to end

show | # compare (filename | rollback n)

show | display set

show | display changed

show | display detail

show | display omit statement

Configuration modification commands:
#annotate “xxxxx” – annotate part of configuration
#activate/deactivate
#copy / delete / rename – works with wildcards, e.g. delete fe*
#rename – string in configuration
#replace pattern
#protect / unprotect a statement

#exit configuration-mode
#quit

show system rollback 10
show system rollback compare 10 12
show system commit

System:

show version {detail}
request system reboot | power-off

file [copy | list | delete | show | rename ]
show system storage

show chassis hardware detail
show chassis alarms
show chassis environment
show chassis craft-interface – show router LED alarms

show configuration | display detail
show system users – who is logged in to the system
request system logout use username – forcefully logout a user
request message all message “log out now”

show system boot-messages – boot log

Interfaces/Hardware:

Display information about memory, CPU temperature, load and uptime:

show chassis routing engine

To viw hardware and SFPs installed in a slot:

General hardware overview

show chassis hardware

Which fpc are in use

show chassis fpc

To display what details of pic intstalled in a slot:

show chassis pic pic-slot 0 fpc-slot 0

To see light levels for fibre interface:

show interfaces diagnostics optics

Logging

#set system syslog file messages any info – to save all log messages to file “messages”

show log messages | match LOGIN | match “Mar 16”
file list detail /var/log = ls –al (to see permitions, etc.)
clear log messages - to clear the contents of the messages file

monitor start messages - live monitoring of messages file
monitor list
monitor stop – to stop all

For more detailed information about a process, under the process level:
#set traceoptions file filenamefil world-readable
#set traceoptions flag all

help syslog – to show information about syslog messages

Security Policies
View security policy:

show security policies from-zone Proxy-DMZ to-zone Inside details

To check if traffic will pass through the security policies (useful when not able to generate traffic):

show security match-policies from-zone Outside to-zone Inside protocol xxx source-ip xxx source-port xxx destination-ip xxx destination-port xxxx

General Monitoring and troubleshooting

monitor traffic interface ge-0/0/0
monitor interface ge-0/0/0

monitor traffic interface ge-0/2/3 matching "proto 89" write-file ospf.cap - matches proto 89 and writes it in ospf.cap
show security flow session ... options
show system statistics – all packet types statistics for a device

test policy

Routing

show route
show route terse - nice concise output with the following information: A-active, Destination, P-protocol, Prf-preference, Metric1,2 Next-hop, AS Patch)
show route protocol [static|direct|ospf]

show route forwarding-table to see active routes in the forwarding table

Troubleshoot OSPF

show route forwarding-table to see active routes in the forwarding table

show route protocol ospf

show ospf overview
show ospf interaces
show ospf neighbor
show ospf dataset detail

show ospf neighbor [extensive]
clear ospf neighbor [192.168.254.225]

show ospf statistics

show ospf interface [extensive]

show ospf route [abr|asbr|extern]

show route protocol ospf

show ospf database [summary|brief]
show ospf database [router|network|netsummary|asbrsummary|extern|nssa]
show ospf database router advertising-router 10.0.3.3 detail
show ospf database router area 0 extensive
show ospf database area 0 lsa-id extensive
clear ospf database purge

show ospf log

show bgp summary
show bgp neighbor 1.1.1.1
show route advertising protocol bgp
show route receiving protocol bgp

To find a range of prefixes in the routing table:

show route 200.10/18

show route terse - better routing output

Troubleshoot NAT

Source

show security nat source summary
show security nat source rule
show security nat source pool

Static

show security nat static rule

Destination

show security nat destination summary
show security nat destination pool
show security nat destination rule

show security flow session

Set Firewall filter to count packtes (see further down)

Firewall

show firewall
show firewall log
clear firewall [all|filter-name|counter-name]
show interfaces filters
show interfaces policers
show policer

Set Firewall Filter to count packets through the SRX:

show interfaces ge-0/0/0

ge-0/0/0 {
unit 0 {
family inet {
filter {
input icmp-filter;
}
address 1.1.1.1/30; ## This address was already set on the interface
}
}
}

show firewall family inet filter icmp-filter

icmp-filter {
term 1 { ## This is the main term which will count the packets.
from {
source-address 3.3.3.3;
destination-address 1.1.1.1;
protocol icmp;
}
then {
count icmp-counter; ## The icmp-counter will show the bytes/packets incrementing
accept; ## This will accept the packets if you don't want them to be dropped. You can use - "drop" or "reject" and/or "log" here.
}
}

Then the Firewall Filter stats can be checked with the
show firewall filter icmp-filter
q
Counter Bytes Packets
icmp-counter 84 1
.
term default { ## This term will ensure that the other traffic is not affected.
accept;
}

}

Packet Flow

Monitor traffic targeting the interface (useful for ping, ssh, etc.)

monitor traffic interface ge-0/0/0 [extensive]

Display live sessions:

show security flow session [destination-port|destination-prefix|source-port|source-prefix] [extensive|brief|summary]

Create packet filter and capture packets:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB11709

forwarding-options {

/* Filename and file properties  */
packet-capture {
    file filename test_capture;
    maximum-capture-size 1000;
}

}
firewall {
/* Capture filter with action sample /
filter CAPTURE_PCAP {
term 1 {
from {
source-address {
1.1.1.1/32;
}
destination-address {
2.2.2.2/32;
}
destination-port 22;
}
then {
sample;
accept;
}
}
term Allow_All {
then accept;
}
}
}
interfaces {
/ Apply the firewall filter on the desired interface for the input and output direction: */
ge-0/0/0
unit 0 {
family inet {
filter {
output CAPTURE_PCAP;
}
address 172.16.46.121/24;
}
}
}
}

File can be found in /var/tmp and opened with Wireshark

file list /var/tmp/ | match test_capture*

On EX Switches Mirror port traffic to remote capture server:

set analyzer employee-monitor input ingress interface ge-0/0/0.0

/* optional sampling ration - 1 of every 200 packets will be forwared */

set analyzer employee-monitor ratio 200

set analyzer employee-monitor output interface ge-0/0/10.0

Alternatively the output can be a vlin. Vlan needs to be specified under VLANs:

set vlans remote-analyzer vlan-id 999

Operational mode flow session monitoring (requires junos 12.1)

monitor security flow file tmp_test [files 2 size 100k match pattern ]
monitor security flow filter source-prefix 10.52.20.0/24 destination->prefix 10.75.0.1 destination-port 389 protocol tcp source-port 12354 temp_test_filter

show monitor security flow

monitor security flow start
monitor security flow stop

clear monitor security flow filter temp_test_filter

file delete /var/log/tmp_test

Tips

set cli timestamp
#set chassis alarm management-ethernet link-down ignore
show interfaces | match "(^Physical.* ge-)|(^Physical.*Up$)"
show version and haiku
Ctrl+R: search history of previous command
use # for the rest of the line in a script to be ignored
Use the save CLI pipe to save output to a local or remote file.
Type 'b' at the more prompt to go backwards one page.
Type '/' at the more prompt to search for a string in the rest of the output.
In configuration mode, type rollback ? to see when previous configurations were committed, and by whom.
In configuration mode, the status command displays who is editing the configuration and where in the hierarchy they are working.
In configuration mode, the delete command with no arguments will delete the entire configuration hierarchy under the current location.
show cli history
help tip cli
To move interface configuration: replace pattern ge-0/0/0 with ge-0/1/0

wildcard delete interfaces ge-0/0/[2-3]

Junos software contains default configurations in a hidden group named junos-defaults. To see them, use the show configuration groups junos-defaults command

test policy policy_name 1.1.1.1/12 – run a router through a policy

To see changes from a particular commit at the past:

show system commit - identify the change you wan to see (e.g. 2), and then
show system rollback compare 3 4

To see the default Junos preconfigure applications:

user@host> show configuration groups junos-defaults applications

패킷을 떠서 확인하는 방법.
명령어는 monitor traffic interface irb.1 write-file ICMP.pcap 입니다.
“write-file”은 hidden command라 ? 키 입력이나 tap 키로 확인되지는 않으나 직접 입력하시면 적용됩니다.

request chassis cluster failover redundancy-group

request chassis cluster failover node node-number redundancy-group redundancy-group-number
Release Information
Command introduced in Junos OS Release 9.0.

Description
For chassis cluster configurations, initiate manual failover in a redundancy group from one node to the other, which becomes the primary node, and automatically reset the priority of the group to 255. The failover stays in effect until the new primary node becomes unavailable, the threshold of the redundancy group reaches 0, or you use the request chassis cluster failover reset command.

After a manual failover, you must use the request chassis cluster failover reset command before initiating another failover.

Options
node node-number—Number of the chassis cluster node to which the redundancy group fails over.

Range: 0 or 1

redundancy-group group-number—Number of the redundancy group on which to initiate manual failover. Redundancy group 0 is a special group consisting of the two Routing Engines in the chassis cluster.

Range: 0 through 255

Required Privilege Level
maintenance

RELATED DOCUMENTATION
Initiating a Chassis Cluster Manual Redundancy Group Failover

Verifying Chassis Cluster Failover Status

List of Sample Output
request chassis cluster failover redundancy-group
Output Fields
When you enter this command, you are provided feedback on the status of your request.

Sample Output
request chassis cluster failover redundancy-group

user@host> request chassis cluster failover redundancy-group 0 node 1
content_copy zoom_out_map
{primary:node0}

user@host> request chassis cluster failover redundancy-group 0 node 1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Initiated manual failover for redundancy group 0

Juniper EX4200 VLAN Configuration

http://www.juniper.net/techpubs/en_US/junos11.4/topics/task/configuration/bridging-vlans-ex-series-cli.html

Configuring VLANs for EX Series Switches (CLI Procedure)
EX Series switches use VLANs to make logical groupings of network nodes with their own broadcast domains. VLANs limit the traffic flowing across the entire LAN and reduce collisions and packet retransmissions.
Why Create a VLAN?Create a VLAN Using the Minimum ProcedureCreate a VLAN Using All of the OptionsConfiguration Guidelines for VLANs
Why Create a VLAN?
Some reasons to create VLANs are:
A LAN has more than 200 devices.A LAN has a lot of broadcast traffic.A group of clients requires that a higher-than-average level of security be applied to traffic entering or exiting the group's devices.A group of clients requires that the group's devices receive less broadcast traffic than they are currently receiving, so that data speed across the group is increased.
Create a VLAN Using the Minimum Procedure
Two steps are required to create a VLAN:
Uniquely identify the VLAN. You do this by assigning either a name or an ID (or both) to the VLAN. When you assign just a VLAN name, an ID is generated by Junos OS.Assign at least one switch port interface to the VLAN for communication. All interfaces in a single VLAN are in a single broadcast domain, even if the interfaces are on different switches. You can assign traffic on any switch to a particular VLAN by referencing either the interface sending traffic or the MAC addresses of devices sending traffic.
The following example creates a VLAN using only the two required steps. The VLAN is created with the name employee-vlan. Then, three interfaces are assigned to that VLAN so that the traffic is transmitted among these interfaces.

Note: In this example, you could alternatively assign an ID number to the VLAN. The requirement is that the VLAN have a unique ID.
[edit]
set vlans employee-vlan
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members employee-vlan
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members employee-vlan
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members employee-vlan
In the example, all users connected to the interfaces ge-0/0/1, ge-0/0/2, and ge-0/0/3 can communicate with each other, but not with users on other interfaces in this network. To configure communication between VLANs, you must configure a routed VLAN interface (RVI). See Configuring Routed VLAN Interfaces (CLI Procedure).
Create a VLAN Using All of the Options
To configure a VLAN, follow these steps:
In configuration mode, create the VLAN by setting the unique VLAN name:
[edit]
user@switch# set vlans vlan-nameConfigure the VLAN tag ID or VLAN ID range for the VLAN. (If you assigned a VLAN name, you do not have to do this, because a VLAN ID is assigned automatically, thereby associating the name of the VLAN to an ID number. However, if you want to control the ID numbers, you can assign both a name and an ID.)
[edit]
user@switch# set vlans vlan-name vlan-id vlan-id-number
or
[edit]
user@switch# set vlans vlan-name vlan-range (vlan-id-low) - (vlan-id-high)Assign at least one interface to the VLAN:
[edit]
user@switch# set vlans vlan-name interface interface-name

Note: You can also specify that a trunk interface is a member of all the VLANs that are configured on this switch. When a new VLAN is configured on the switch, this trunk interface automatically becomes a member of the VLAN.(Optional) Create a subnet for the VLAN because all computers that belong to a subnet are addressed with a common, identical, most-significant-bit group in their IP address. This makes it easy to identify VLAN members by their IP addresses. To create the subnet for the VLAN:
[edit interfaces]
user@switch# set vlan unit logical-unit-number family inet address ip-address(Optional) Specify the description of the VLAN:
[edit]
user@switch# set vlans vlan-name description text-description(Optional) To avoid exceeding the maximum number of members allowed in a VLAN, specify the maximum time that an entry can remain in the forwarding table before it ages out:
[edit]
user@switch# set vlans vlan-name mac-table-aging-time time(Optional) For security purposes, specify a VLAN firewall filter to be applied to incoming or outgoing packets:
[edit]
user@switch# set vlans vlan-name filter input-or-output filter-name(Optional) For accounting purposes, enable a counter to track the number of times this VLAN is accessed:
[edit]
user@switch# set vlans vlan-name l3-interface ingress-counting l3-interface-nameConfiguration Guidelines for VLANs
Two steps are required to create a VLAN. You must uniquely identify the VLAN and you must assign at least one switch port interface to the VLAN for communication.
After creating a VLAN, all users all users connected to the interfaces assigned to the VLAN can communicate with each other but not with users on other interfaces in the network. To configure communication between VLANs, you must configure a routed VLAN interface (RVI). See Configuring Routed VLAN Interfaces (CLI Procedure) to create an RVI.
The number of VLANs supported per switch varies for each switch type. Use the command set vlans id vlan-id ? to discover the maximum number of VLANs allowed on a switch. You cannot exceed this VLAN limit because each VLAN is assigned an ID number when it is created. You can, however, exceed the recommended VLAN member maximum . To determine the maximum number of VLAN members allowed on a switch, multiply the VLAN maximum obtained using set vlans id vlan-id ? times 8.
If a switch configuration exceeds the recommended VLAN member maximum, you see a warning message when you commit the configuration. If you ignore the warning and commit such a configuration, the configuration succeeds but you run the risk of crashing the Ethernet switching process (eswd) due to memory allocation failure.
Published: 2011-11-04