As promised here’s the current template I’m using to configure the Juniper EX4300 series switches in my environment. Please feel free to provide corrections or updates based on your own experiences.

We’ll touch on the following configuration topics; OSPF, VLANs, DHCP relay, DHCP snooping, MAC limiting, rate limiting, BFD, TACACS+, SYSLOG, SNMP, RSTP, and BPDU filtering(blocking).

Let’s start by setting the hostname of the switch and the timezone.

set system host-name B99-SW01-EAST
set system time-zone America/New_York

Let’s set the root password, we’ll also add an ‘admin’ user later.

set system root-authentication plain-text-password 
{enter local root password}
{confirm local root password}

In this case I’m using TAC_PLUS so let’s configure TACACS+ authentication. In the example below X.X.X.X is the IP address of your our TACACS+ server and Y.Y.Y.Y is the management IP address of loopback address of the switch itself.

set system tacplus-server X.X.X.X
set system tacplus-server X.X.X.X secret tac_plus_shared_secret_here
set system tacplus-server X.X.X.X single-connection
set system tacplus-server X.X.X.X source-address Y.Y.Y.Y

Let’s change the order of the authentication sources, making TACACS+ the first choice.

Continue reading