JUNOS is spreading rapidly over the world and Juniper has launched the SRX devices.
The more you work on it the more you will love it. It has nice advanced features, which you would love to have in ScreenOS but sadly you don't.
For people who are new to JUNOS here is the Mapping of common troubleshooting commands from ScreenOS to JUNOS.
ScreenOS
|
JUNOS
| |
Session & Interface counters
| ||
get session
|
> show security flow session
| |
get interface
|
> show interface terse
| |
get counter stat
|
> show interface extensive
| |
get counter stat
|
> show interface
| |
clear counter stat
|
> clear interface statistics
| |
Debug & Snoop
| ||
debug flow basic
|
# edit security flow
| |
# set traceoptions flag basic-datapath
| ||
# commit
| ||
set ff
|
# edit security flow
| |
# set traceoptions packet-filter
| ||
get ff
|
> show configuration | match packet-filter | display set
| |
get debug
|
> show configuration | match traceoptions | display set
| |
get db stream
|
View stored log: (recommended option)
| |
> show log
| ||
> show log security-trace (to view 'security flow' debugs)
| ||
> show log kmd (to view 'security ike' debugs)
| ||
View real-time: (use this option with caution)
| ||
> monitor start
| ||
ESC-Q (to pause real-time output to screen)
| ||
clear db
|
> clear log
| |
undebug
|
# edit security flow
| |
# deactivate traceoptions OR # delete traceoptions (at the particular hierarchy)
| ||
# commit
| ||
undebug all
|
Not available. You need to deactivate or delete traceoptions separately.
| |
debug ike detail
|
# edit security ike
| |
# set traceoptions flag ike
| ||
# commit
| ||
snoop (packets THRU the JUNOS device)
|
Use Packet Capture http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-admin-guide/config-pcap-chapter.html#config-pcap-chapter
| |
snoop (packets TO the JUNOS device)
|
> monitor traffic interface
| |
write-file option (hidden)
| ||
read-file (hidden)
| ||
Event Logs
| ||
get event
|
> show log messages
| |
> show log messages | last 20 (helpful cmd because newest log entries are at end of file)
| ||
get event | include
|
> show log messages | match
| |
> show log messages | match “
| ||
Examples:
| ||
> show log messages | match “error | kernel | panic”
| ||
> show log messages | last 20 | find error
| ||
clear event
|
> clear log messages
| |
> show log
| ||
Config & Software upgrade
| ||
get config
|
> show config (program structured format)
| |
> show config | display set (set command format)
| ||
get license
|
> show system license keys
| |
get chassis (serial numbers)
|
> show chassis hardware detail
| |
exec license
|
> request system license [add | delete |save]
| |
unset all
|
load factory-default
| |
set system root-authentication plain-text-passsword
| ||
reset
|
commit and-quit
| |
request system reboot
| ||
load config from tftp
|
> start shell and FTP config to router, i.e. /var/tmp/test.cfg. Then
| |
# load override /var/tmp/test.cfg (or full path of config file)
| ||
load software from tftp
|
> request system software add
| |
Example:
| ||
request system software add ftp:10.10.10.129/jsr/junos-srxsme-9.5R1.8-domestic.tgz reboot
| ||
save
|
# commit OR
| |
# commit and-quit
| ||
reset
|
> request system reboot
| |
Policy
| ||
get policy
|
> show security policies
| |
get policy from
|
> show security policies from
| |
VPN
| ||
get ike cookie
|
> show security ike security-associations
| |
get sa
|
> show security ipsec security-associations
| |
clear ike cookie
|
> clear security ike security-associations
| |
clear sa
|
> clear security ipsec security-associations
| |
NSRP
| ||
get nsrp
|
> show chassis cluster status
| |
> show chassis cluster interfaces
| ||
> show chassis cluster status redundancy-group
| ||
exec nsrp vsd
|
> request chassis cluster failover redundancy-group
| |
> request chassis cluster failover reset redundancy-group
| ||
DHCP
| ||
get dhcp client
|
> show system services dhcp client
| |
exec dhcp client
|
> request system services dhcp renew (or release)
| |
Routing
| ||
get route
|
> show route
| |
get route ip
|
> show route
| |
get vr untrust-vr route
|
> show route instance untrust-vr
| |
get ospf nei
|
> show ospf neighbor
| |
set route 0.0.0.0/0 interface
|
# set routing-options static route 0.0.0.0/0 next-hop
| |
NAT
| ||
get vip
|
> show security nat destination-nat summary
| |
get mip
|
> show security nat static-nat summary
| |
get dip
|
> show security nat source-nat summary
| |
> show security nat source-nat pool
| ||
Other
| ||
get perf cpu
|
> show chassis routing-engine
| |
get net-pak s
|
> show system buffers
| |
get file
|
> show system storage
| |
get alg
|
> show configuration groups junos-defaults applications
| |
get service
|
> show configuration groups junos-defaults applications
| |
get tech
|
> request support information
| |
set console page 0
|
> set cli screen-length 0
| |
> file list
| ||
Example: file list /var/tmp/
| ||
# = configuration mode prompt
| ||
> = operational mode prompt
|
 |
| Leave your comment below |
No comments:
Post a Comment