| Basic Operation | login % cli
> configure # > start shell % |
| Check | > show system uptime >show system storage > pint x.x.x.x > traceroute x.x.x.x interface ge-0/0/0 > telnet x.x.x.x port 23 |
| Configuration | > configure > show configuration | display set | no-more # show | display set |no-more > show configuration | display set | match XXXX # show | display set |match XXXX > show configuration | display set | save USER@192.168.0.5:/home/config/test00-fw/tes00-fw_20120714.txt |
| Basic Setting | hostname NTP SNMP |
| Logging (system syslog) (security log) | > show log messages? > show log messages | last 10 > show log /var/log/messages | last |
| Time | > show system uptime |
| Account | |
| Hardware | > show chassis hardware ← Check Serial Number, SFP > show system alarms > show chassis cluster status > request system reboot > request system power-off |
| Virtual Chassis | > ping x.x.x.x routing-instance XXXX |
| SRX Chassis Cluster | > show chassis cluter status > show chassis cluter interfaces |
| Interface | > show interface terse >show interfaces ge-0/0/1 media ← Check Duplex and Speed |
| Mac address | > show arp |
| VLAN | > show vlan brief |
| Link Aggregation (AE = Aggreated Ethernet) | ae is Aggregated Ethernet interface.> show interfaces terse | match ae |
| Static Route | > show route terse |
| Policy | > show security zones #show | display set | no-more | match policy |
| NAT | Source NAT Server/Office –> Internet > show security nat source rule all Static NAT Internet –> Server > show security nat static rule all Destination NAT Internet –> Server > show security nat destination rule all |
| Check | > traceroute source 10.0.0.3 10.0.0.5 |
| IPsec VPN | Phase1 >show security ike security-associations >show security ike security-associations detail #run show security ike security-associations Phase2 >show security ipsec security-associations >show security ipsec security-associations detail #run show security ipsec security-associations |
| Multicast | |
| QoS |
| Traffic Monitor(tcpdump) Traffic Log | > monitor interface traffic ← check all interface traffic summary > monitor traffic interface vlan.10 > monitor traffic interface vlan.10 matching “host 192.168.0.1 && udp && port 9997” > start shell user root
% tcpdump -n host 192.168.0.1 |
> ssh user01@x.x.x.x @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is 86:10:55:0f:94:34:07:15:d8:1a:df:22:a5:4c:49:7e. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending RSA key in /root/.ssh/known_hosts:1 RSA host key for 100.1.1.1 has changed and you have requested strict checking. Host key verification failed.
1. Run the following command to locate the file which contains the RSA finger print values for the all known hosts: root@240-2> file list /cf/root/.ssh /cf/root/.ssh: known_hosts 2. Delete the known host file from the database, so SRX can install the new RSA finger print value for the remote host. root@240-2> file delete /cf/root/.ssh/known_hosts
* If you are not root user, check /var/home/user01/.ssh/known_hosts .
Juniper Junos CLI Commands(SRX/QFX/EX)