chrono-it.net

A System Engineers Blog

Category: Networking

Juniper Troubleshooting – Light Levels

July 25, 2025 / / 0 Comments

When looking at your overall setup it’s important to look at light levels of your optics as they can be a sign of fiber/optic/distance issues with your setup. 

show interface diagnostic optic et-0/0/1 | match dbm$ | except thresh

This allows you to easily see what your current light levels are without the noise.

Encrypted DNS

May 21, 2025 / / 0 Comments

I recently began looking into encrypting dns traffic for general security reasons. Thankfully I wasn’t the first person to look into this and there is a very robust ecosystem already in place.

https://github.com/paulmillr/encrypted-dns

I chose to use the cloudflare resolvers but Paul has put together a great list of other providers that provide access to both general as well resolvers who provider dns filtering to protect against known malicious sites.

Cloudflare talks about the different methodologies in detail but it falls into 3 categories:

DNS over TLS (DoT): https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-tls

DNS over HTTPS (DoH): https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/

Oblivious DNS over HTTPS: https://developers.cloudflare.com/1.1.1.1/encryption/oblivious-dns-over-https/

I personally would recommend DoH as it provides both security and slightly obscured network traffic while not requiring additional third party services.

Juniper Tips [EX/QFX/MX]: How to utilize wildcard, interface-range, and apply-groups to mass manage port configs

October 2, 2023 / / 0 Comments

There are many ways to apply config changes to large numbers of interfaces. Below are three methodologies I’ve used over the years.

Wildcard Changes

One of my personal preferences is to add individual configurations for each port so that when I look at a port configuration I’m seeing it’s entire configuration easily. This can make making mass changes difficult if it weren’t for Junipers built in wildcard functionality.

In the example below we are making changes to a two member virtual chassis cluster (member 0 and 1) on ports 0-47 of PIC 0

wildcard range set interfaces xe-[0,1]/0/[0-47].0 family ethernet-switching vlan members vl999

This changes something that would 96 standard set statements into a convenient one liner. There are many variations of this based on your use cases.

Original Reference: https://www.juniper.net/documentation/us/en/software/junos/cli/topics/topic-map/modifying-configuration.html

Interface ranges

Some device types and circumstances could lead to large configurations that increase commit time and cause problems for backup config parsers. In that case you may want to switch to utilizing interface ranges to control groups of ports.

set interfaces interface-range vmware-servers member-range xe-0/0/47 to xe-1/0/47
set interfaces interface-range vmware-servers mtu 9216
set interfaces interface-range vmware-servers unit 0 family ethernet-switching interface-mode trunk
set interfaces interface-range vmware-servers unit 0 family ethernet-switching vlan members [ vl998 vl999 ]

Note: aggregated ethernet interfaces are not supported in interface-ranges

Original Reference: https://www.juniper.net/documentation/us/en/software/junos/interfaces-ethernet-switches/topics/topic-map/switches-interface-range.html

apply-groups

Apply groups is the most feature complete way of applying configs en-masse .

set groups vmware-servers interfaces xe-[0,1]/0/[0-47] mtu 9216
set groups vmware-servers interfaces xe-[0,1]/0/[0-47] unit 0 family ethernet-switching interface-mode trunk
set groups vmware-servers interfaces xe-[0,1]/0/[0-47] unit 0 family ethernet-switching vlan members vl999
set groups vmware-servers interfaces xe-[0,1]/0/[0-47] unit 0 family ethernet-switching vlan members vl998

set interfaces apply-groups vmware-servers

admin@homelab01# show interfaces | display inheritance 
ge-0/0/0 {
    unit 0 {
        family inet {
            dhcp;
        }
    }
}
xe-0/0/0 {
    ##
    ## '9192' was inherited from group 'vmware-servers'
    ##
    mtu 9192;
    unit 0 {
        ##
        ## 'ethernet-switching' was inherited from group 'vmware-servers'
        ##
        family ethernet-switching {
            ##
            ## 'trunk' was inherited from group 'vmware-servers'
            ##
            interface-mode trunk;
            ##
            ## 'vlan' was inherited from group 'vmware-servers'
            ##
            vlan {
                ##
                ## 'vl999' was inherited from group 'vmware-servers'
                ## 'vl998' was inherited from group 'vmware-servers'
                ## 'vl1000' was inherited from group 'vmware-servers'
                ##
                members [ vl999 vl998 vl1000 ];
            }
        }
    }
}

Note: Interfaces must already exist in the config to have configs applied to them. Just use “set interfaces ge-0/0/0.0 for each interface you want created.”
Note: aggregated ethernet interfaces are supported using apply-groups.

Original Reference: https://www.juniper.net/documentation/us/en/software/junos/cli/topics/topic-map/configuration-groups-usage.html

© 2026 chrono-it.net

Theme by Anders NorenUp ↑