cmdref.net - Cheat Sheet and Example

cmdref.net is command references/cheat sheets/examples for system engineers.

User Tools

Site Tools


Sidebar









Etc


Reference














.

hardware:junos:index.html



Juniper Junos CLI Commands(SRX/QFX/EX)

Corporate Site

Juniper Junos Commands

System Management

Basic Operation login
% cli
> configure
#

> start shell
%
Check > show system uptime
>show system storage
> pint x.x.x.x
> traceroute x.x.x.x interface ge-0/0/0
> telnet x.x.x.x port 23
Configuration > configure
> show configuration | display set | no-more
# show | display set |no-more
> show configuration | display set | match XXXX
# show | display set |match XXXX
> show configuration | display set | save USER@192.168.0.5:/home/config/test00-fw/tes00-fw_20120714.txt
Basic Setting hostname
NTP
SNMP
Logging
(system syslog)
(security log)
> show log messages?
> show log messages | last 10
> show log /var/log/messages | last
Time > show system uptime
Account
Hardware > show chassis hardware ← Check Serial Number, SFP
> show system alarms
> show chassis cluster status
> request system reboot
> request system power-off
Virtual Chassis > ping x.x.x.x routing-instance XXXX
SRX Chassis Cluster > show chassis cluter status
> show chassis cluter interfaces

LAN Switching

Interface > show interface terse
>show interfaces ge-0/0/1 media ← Check Duplex and Speed
Mac address > show arp
VLAN > show vlan brief
Link Aggregation
(AE = Aggreated Ethernet)
ae is Aggregated Ethernet interface.
> show interfaces terse | match ae
Static Route > show route terse

IP Routing

Policy > show security zones
#show | display set | no-more | match policy
NAT Source NAT Server/Office –> Internet
> show security nat source rule all
Static NAT Internet –> Server
> show security nat static rule all
Destination NAT Internet –> Server
> show security nat destination rule all
Check > traceroute source 10.0.0.3 10.0.0.5
IPsec VPN Phase1
>show security ike security-associations
>show security ike security-associations detail
#run show security ike security-associations
Phase2
>show security ipsec security-associations
>show security ipsec security-associations detail
#run show security ipsec security-associations
Multicast
QoS

TIPS

Traffic Monitor(tcpdump)
Traffic Log
> monitor interface traffic ← check all interface traffic summary
> monitor traffic interface vlan.10
> monitor traffic interface vlan.10 matching “host 192.168.0.1 && udp && port 9997”

> start shell user root
% tcpdump -n host 192.168.0.1

SSH Host key verification fail

Error
> ssh user01@x.x.x.x
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
86:10:55:0f:94:34:07:15:d8:1a:df:22:a5:4c:49:7e.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /root/.ssh/known_hosts:1
RSA host key for 100.1.1.1 has changed and you have requested strict checking.
Host key verification failed.
Solution
1. Run the following command to locate the file which contains the RSA finger print values for the all known hosts:
root@240-2> file list /cf/root/.ssh
/cf/root/.ssh:
known_hosts

2. Delete the known host file from the database, so SRX can install the new RSA finger print value for the remote host.
root@240-2> file delete /cf/root/.ssh/known_hosts

* If you are not root user, check /var/home/user01/.ssh/known_hosts .




References




hardware/junos/index.html.txt · Last modified: 2022/04/05 by admin

Page Tools