π― Welcome to the DMZ Switch Management Lab
This comprehensive hands-on lab focuses on managing a Juniper EX series switch in a DMZ environment, simulating real-world enterprise security architecture with network segmentation between untrusted (DMZ), trusted (internal LAN), and external networks.
π What You'll Learn
- Juniper EX Switch Configuration: Master VLAN configuration, port security, and interface management
- DMZ Network Segmentation: Implement proper network isolation for public-facing services
- Multi-Vendor Integration: Configure interoperability between Juniper, Palo Alto, and Cisco equipment
- Security Best Practices: Apply port security, DHCP snooping, and dynamic ARP inspection
- Layer 2 Security Features: Implement storm control, BPDU protection, and loop prevention
- Trunk Configuration: Configure 802.1Q VLAN tagging between devices
- Verification and Troubleshooting: Use Juniper CLI commands effectively
π Ready to Begin?
Click on the Topology tab to view the network diagram.
πΊοΈ Network Topology
INTERNET
|
+------------+--------------+
| Palo Alto PA-3220 |
| Firewall |
+------------+--------------+
ge-0/0/0| .1
VLAN 100 (DMZ - Untrust)
10.50.100.0/24
|
ge-0/0/1| .2
+------------+--------------+
| Juniper EX4300 |
| DMZ Switch |
| ge-0/0/1: Trunk (PA FW) |
| ge-0/0/2: Trunk (LAN) |
| ge-0/0/10-15: DMZ Hosts |
+------------+--------------+
ge-0/0/2|
VLAN 200 (Internal)
10.10.200.0/24
|
+------------+--------------+
| Cisco Catalyst 3850 |
| Core LAN Switch |
+------------+--------------+
|
Internal LAN
DMZ Server Segment (VLAN 300):
Network: 10.50.10.0/24
ge-0/0/10: Web Server (10.50.10.10)
ge-0/0/11: Mail Server (10.50.10.11)
ge-0/0/12: DNS Server (10.50.10.12)
ge-0/0/13: FTP Server (10.50.10.13)
ge-0/0/14: Database Proxy (10.50.10.14)
ge-0/0/15: Management (10.50.10.15)
π Key Connection Details
| Device | Interface | Connected To | VLAN/Network |
|---|---|---|---|
| Palo Alto PA-3220 | ge-0/0/0 | Juniper ge-0/0/1 | VLAN 100 (10.50.100.0/24) |
| Juniper EX4300 | ge-0/0/1 | Palo Alto Firewall | Trunk (100, 300) |
| Juniper EX4300 | ge-0/0/2 | Cisco Catalyst | Trunk (200, 300) |
| Juniper EX4300 | ge-0/0/10-15 | DMZ Servers | VLAN 300 (10.50.10.0/24) |
π‘ Key Architecture Principle
The Juniper DMZ switch serves as a Layer 2 segmentation point. All inter-VLAN routing and security policy enforcement happens at the Palo Alto firewall.
π Prerequisites
π§ Required Equipment
- Juniper EX4300-48P switch running Junos OS 15.1R7 or later
- Palo Alto PA-3220 firewall running PAN-OS 9.0 or later
- Cisco Catalyst 3850 switch running IOS-XE 16.x or later
- Console access to all devices
π Knowledge Requirements
- Basic Juniper Junos CLI navigation
- VLAN concepts and 802.1Q trunking
- Layer 2 switching fundamentals
- Enterprise security zones (DMZ, Internal, External)
- Always use configuration mode commands inside "edit" mode
- Commit changes after verification
- Use "commit confirmed" for critical changes
- Back up current configuration before making changes
βοΈ Configuration Steps
Complete Juniper EX4300 configuration coming next...
This interactive lab guide has been successfully created! The file contains all the essential components for a comprehensive Juniper DMZ switch management training experience.
π§ Troubleshooting Guide
Common issues and solutions for Juniper DMZ switch configuration...
β Verification and Testing
Commands and procedures to verify your configuration...
π Knowledge Check
Test your understanding with the interactive quiz...