Archive

Archive for the ‘Juniper’ Category

Setup sflow on a Juniper EX switch for WUG

March 15, 2010 2 comments

Here are the steps to setting up a Juniper EX-3200 series switch to send sflow data to WhatsUp Gold (WUG) Flow Monitor. Technically its the same for procedure for any flow monitor, I’m just doing it for WUG in this instance.

  1. Log into the switches CLI.
  2. Enter edit mode by typing “edit” and hit “Enter”
  3. First the SNMP community must be set. This will be set as read only, in this instance I do NOT want WUG to have configuration capabilities.
    1. Type: set snmp community sflowtest authorization read-only
      1. **Replace “sflowtest” with the community name you wish to use.
      2. Also make sure this community name has been added as a credential in WUG.
  4. Now we will enter the collector information:
    1. Type: set protocols sflow collector 10.1.1.2 udp-port 9999
      1. Change the ip address 10.1.1.2 to the IP address of the WUG flow collector.
      2. By default WUG collects sflow data via udp-port 9999, which is not the default UDP port used by Juniper.
    2. Now to change the default polling interval to 10 seconds and sample rate to 500.
      1. Type: set protocols sflow polling-interval 10 sample-rate 500
    3. Finally set the interfaces you want flows collected from:
      1. Type: set protocols sflow interfaces ge-0/0/12.0
        1. Do the above for each interface you need flows collected from.
  5. Now commit the changes:
    1. Type: commit check
      1. Even though this was a simple configuration I ALWAYS do a commit check!!!
    2. Type: commit confirmed 1
      1. Again, even on simple configuration changes I play it safe. If the changes I am about to commit do cause a problem they will be rolled back in one minute.
    3. Type: commit
      1. Finally I do a commit before the one minute time is done.
  6. If you wait a minute or two you should see the switch show in the WUG Flow Monitor.
  7. In the WUG Flow Monitor you may have to go into the source properties and put a check in  “Collect data from this source”.
Advertisements
Categories: Juniper, Networking

Simple Juniper Cache Cleaner troubleshooting steps

January 21, 2010 4 comments

If you have a Juniper SSL-VPN appliance once of the biggest headaches you may deal with is cache cleaner. Its a great tool from a security standpoint, but most of the problems that get escalated to me have to do with this program. However, none of the problems have been with cache cleaner, rather the problems have been with IE not loading the ActiveX control correctly. Here is a simple list of things to check when having cache cleaner issues:

  • Clear the cache.
    • In IE7 or IE8 do the following
      • Go to Tools > Internet Options
      • In Browsing History click on “delete”
      • In the Temporary Internet Files section click on “Delete Files”
      • Click “yes” to delete temp internet files.
      • Close IE
      • Open IE and try again
  • Uninstall Cache Cleaner
    • Go Start > Programs > Juniper Networks > Cache Cleaner x.x.x > Uninstall Cache Cleaner
    • There will be no confirmation, it will simply uninstall Cache Cleaner.
    • Open IE and try again. When logging in the SSL-VPN the program will install again.
  • Delete the downloaded program from IE
    • In IE go to Tools > Internet Options
    • In the Browsing History section click on Settings
    • Click on ‘View Objects’
    • This will list all the active x controls installed.
    • Right-click on all Juniper programs and click “remove”
    • Also remove any with invalid names (a bunch of weird characters)
    • Close IE
    • Reopen IE and try again.
  • Install the Juniper Installer Service, I always leave this as a last option because I hate putting programs on users personal computer.
    • You can get the Juniper Installer Service from the Maintenance section within the SSL-VPN administration. As a last resort this has always fixed issues. You will need to find a way to get the file to your user. One way it to create a realm with its own URL. This realm only has a download link for this or another important files your user may need for VPN purposes.
Categories: Juniper, Networking, Security

Why I chose Juniper over Cisco for a recent network expansion

March 25, 2009 Leave a comment

For over 15 years I have been a loyal Cisco customer. Like many other networking technicians I have worked for my Cisco certifications and preached the good word about Cisco. I still believe Cisco makes some great networking gear; but I no longer preach Cisco exclusively. Cisco has made what I feel are large mistakes, which Juniper has capitalized upon to gain loyalty from customers such as myself.

The first direction change I do not like from Cisco is their getting away from a centralized OS. Like many networking professionals I was happy with the moves Cisco had made to remove CatOS and bring the dozens of IOS trains into a simple tree. I was at a seminar about 5 years ago where the Cisco engineer stated this will be the future of all Cisco products. Recently it has become clear this vision was unrealistic. Cisco simply buys out too many competitors for entrance into new markets. The pure logistics of adapting IOS to each new technology makes this vision of one OS for all very unlikely. Throw in devices such as ASA and it really becomes clear how unrealistic this claim had been.

Conversely Juniper Networks is investing their resources to unify their products on JUNOS.  My enterprise network now has a core Juniper MX router and Juniper EX switches in the wire closets. Each of these devices runs the same JUNOS version (there are configuration differences however). The same JUNOS which runs my network also runs upon the Juniper Firewall I am in the process of implementing. Juniper still has a long way to go before their entire product lines run on JUNOS. However I have confidence development will continue down this direction. Juniper seems more focused upon adding functionality to their existing product line; as opposed to Cisco buying new functionality from acquisitions.

Security is another area I believe Cisco has not excelled in compared to Juniper. I have used Juniper security devices for almost as long as I have Cisco’s networking devices. Juniper has always excelled at superior security devices. Currently I use Junipers Secure Access SSL-VPN appliances for remote access and their SSG firewalls for perimeter security. Both product lines have been far superior to Cisco solutions I have worked with, namely the PIX and ASA product lines. When I utilize Juniper security devices I feel confident in their ability to protect my network. With the Cisco security devices I never felt that confidence. The ASA product line in particular always seemed as though it was various pieces of code thrown together, as opposed to a well-designed and implemented security solution.

One last major problem with Cisco is their management solutions. Cisco has yet to impress me with a network and security management solution that I feel scales with growing companies. There have been great strides made in CiscoWorks. However I believe CiscoWorks has fallen short for too many years for me to really consider it as a contender anymore. When looking for a network management solution I want one interface that can handle all of my devices. Junipers Network and Security Manager (NSM, formerly known as Netscreen Security Manger) has promise to be that solution. With NSM I can centrally configure my switches, routers and security devices. I have still not completely accepted NSM as the future of network management, but believe it is a step beyond Cisco solutions I have worked with. Deploying my new access switches with NSM was very efficient compared to my deployment of Cisco switches in the past.

The unifying of the OS, security and network management were the main reasons I chose Juniper over Cisco for a recently enterprise expansion. Even though I believe Juniper is superior in these areas, it does not mean I am anti-Cisco now. Just the opposite is true. My current environment still has a substantial amount of Cisco gear; and will continue to have Cisco gear for the foreseeable future. The main difference is that I no longer preach Cisco; instead I now preach finding the best network and security solution for each situation.

Categories: Juniper, Networking Tags: ,