JNCIA Refresher #3 – Operational Monitoring and Maintenance

Reading Time: 5 minutes

Show commands
Monitor commands/Real-time performance monitoring (RPM)
Interface statistics and errors
Network tools – ping, traceroute, telnet, SSH, etc.
Junos OS installation/Software upgrades
Powering on and shutting down Junos devices
Root password recovery

Show commands

For the JNCIA level, we will need to know how to check our devices and with Junos these are done using show commands from Operational Mode.

Show Command Options
[email protected]_SRX> show ?
Possible completions:
  accounting           Show accounting profiles and records
  arp                  Show system Address Resolution Protocol table entries
  as-path              Show table of known autonomous system paths
  authentication-whitelist  Show 802.1X White List MAC addresses
  bfd                  Show Bidirectional Forwarding Detection information
  bgp                  Show Border Gateway Protocol information
  bridge               Show bridging information
  chassis              Show chassis information
  class-of-service     Show class-of-service (CoS) information
  cli                  Show command-line interface settings
  configuration        Show current configuration
  connections          Show circuit cross-connect connections
  database-replication  Show database replication information
  dhcp                 Show Dynamic Host Configuration Protocol information
  dhcpv6               Show Dynamic Host Configuration Protocol v6 information
  dialer               Show dialer information
  dot1x                Show 802.1X information
  dvmrp                Show Distance Vector Multicast Routing Protocol information
  dynamic-tunnels      Show dynamic tunnel information information
  esis                 Show end system-to-intermediate system information
  ethernet-switching   Show Ethernet-switching information
  event-options        Show event-options information
  firewall             Show firewall information
  forwarding-options   Show forwarding-options information
  gvrp                 Show Generic VLAN Registration Protocol information
  helper               Show port-forwarding helper information
  host                 Show hostname information from domain name server
  iccp                 Show Inter Chassis Control Protocol information
  igmp                 Show Internet Group Management Protocol information
  igmp-snooping        Show IGMP snooping information
  ingress-replication  Show Ingress-Replication tunnel information
  interfaces           Show interface information
  ipv6                 Show IP version 6 information
  isdn                 Show Integrated Services Digital Network information
  isis                 Show Intermediate System-to-Intermediate System information
  l2-learning          Show l2 learning information
  l2circuit            Show Layer 2 circuit information
  l2vpn                Show Layer 2 VPN information
  lacp                 Show Link Aggregation Control Protocol information
  ldp                  Show Label Distribution Protocol information
  lldp                 Show Link Layer Discovery Protocol information
  log                  Show contents of log file
  mld                  Show multicast listener discovery information
  mld-snooping         Show MLD snooping information
  mpls                 Show mpls information
  msdp                 Show Multicast Source Discovery Protocol information
  multicast            Show multicast information
  mvpn                 Show Multicast Virtual Private Network (MVPN) information
  network-access       Show network-access related information
  ntp                  Show Network Time Protocol information
  oam                  Show OAM-related information
  ospf                 Show Open Shortest Path First information
  ospf3                Show Open Shortest Path First version 3 information
  pfe                  Show Packet Forwarding Engine information
  pgm                  Show Pragmatic Generalized Multicast information
  pim                  Show Protocol Independent Multicast information
  policer              Show interface policer counters and information
  policy               Show policy information
  ppp                  Show PPP process information
  pppoe                Show PPP over Ethernet information
  protection-group     Show protection group information
  r2cp                 Show Radio-to-Router Protocol information
  rip                  Show Routing Information Protocol information
  ripng                Show Routing Information Protocol for IPv6 information
  route                Show routing table information
  rsvp                 Show Resource Reservation Protocol information
  sap                  Show Session Announcement Protocol information
  schedulers           Show the information on one or more schedulers
  security             Show security information
  services             Show services
  smtp                 Show Simple Mail Transfer Protocol information
  snmp                 Show Simple Network Management Protocol information
  spanning-tree        Show Spanning Tree Protocol information
  subscribers          Show subscriber information
  system               Show system information
  task                 Show routing protocol per-task information
  ted                  Show Traffic Engineering Database information
  version              Show software process revision levels
  vlans                Show VLAN information
  vpls                 Show VPLS information
  vrrp                 Show Virtual Router Redundancy Protocol information
  wireless-wan         Show wireless WAN information
  wlan                 Show wireless LAN information

As shown above, we have plenty of options available! But for the important ones for this level will be show system, show chassis and show interface each of these options have their own sub-sections that can be seen using “?”

show system

Under the show system option as shown below, we have a lot of different options available. These command provide any operational issues and/or check that you would what to do on your device.

show system options
[email protected]_SRX> show system ?
Possible completions:
  alarms               Show system alarm status
  audit                Show file system MD5 hash and permissions
  auto-snapshot        Show auto-snapshot status when system booted from alternate slice
  autoinstallation     Show autoinstallation information
  autorecovery         Show autorecovery information
  boot-messages        Show boot time messages
  buffers              Show buffer statistics
  certificate          Show installed X509 certificates
  commit               Show pending commit requests (if any) and commit history
  configuration        Show configuration information
  connections          Show system connection activity
  core-dumps           Show system core files
  directory-usage      Show local directory information
  download             Show status of downloads
  firmware             Show all firmware version information
  health               Show online diagnostic status
  license              Show feature licenses information
  login                Show system login state
  memory               Show system memory usage
  processes            Show system process table
  queues               Show queue statistics
  reboot               Show any pending halt or reboot requests
  resource-cleanup     Show resource cleanup information
  rollback             Show rolled back configuration
  services             Show service applications information
  snapshot             Show snapshot information
  software             Show loaded JUNOS extensions
  statistics           Show statistics for protocol
  storage              Show local storage data
  subscriber-management  Show Subscriber management information
  threads              Show system threads table
  uptime               Show time since system and processes started
  users                Show users who are currently logged in
  virtual-memory       Show kernel dynamic memory usage

The important one for JNCIA will be the alarms. As this will show any software based alarms that are currently on the device, they are either Minor or Major. I have two Minor alarms but as this is in the lab I don’t care however if this was production do something about it!

[email protected]_SRX> show system alarms 
2 alarms currently active
Alarm time               Class  Description
2015-04-30 17:23:40 UTC  Minor  Autorecovery information needs to be saved
2015-04-30 17:23:40 UTC  Minor  Rescue configuration is not set
Fix the above lol
To fix this issue you will need to run request system autorecovery state save. This will need to run command once you have configuration that you know working and if in an emergency, you would be happy to recover to!

[email protected]_SRX> request system autorecovery state save    
Saving config recovery information
Saving license recovery information
Saving BSD label recovery information

[email protected]_SRX> show system alarms 
No alarms currently active

show chassis

Under the show chassis option as shown below, we have a lot of different options available. These command provide information on hardware/physical status of the device.

show chassis options
[email protected]_SRX> show chassis ?
Possible completions:
  alarms               Show alarm status
  cluster              Show chassis cluster information
  craft-interface      Show craft interface status
  environment          Show component status and temperature, cooling system speeds
  fan                  Show fan and fan tray information
  firmware             Show firmware and operating system version for components
  forwarding           Show forwarding process (fwdd) status
  fpc                  Show Flexible PIC Concentrator status
  hardware             Show installed hardware components
  location             Show physical location of chassis
  mac-addresses        Show media access control addresses
  pic                  Show Physical Interface Card state, type, and uptime
  routing-engine       Show Routing Engine status
  temperature-thresholds  Show chassis temperature threshold settings
  usb                  Show chassis USB status

From my experience the key commands that you will use mostly would be alarms, hardware and environment. All are pretty self explanatory from when you look at the output of the commands

show chassis alarmsshow chassis hardwareshow chassis environment
[email protected]_SRX> show chassis alarms 
No alarms currently active
[email protected]_SRX> show chassis hardware  
Hardware inventory:
Item             Version  Part number  Serial number     Description
Chassis                                CF4713AK0219      SRX220H2
Routing Engine   REV 04   750-048778   ACKS2263          RE-SRX220H2
FPC 0                                                    FPC
  PIC 0                                                  8x GE Base PIC
Power Supply 0
[email protected]_SRX> show chassis environment 
Class Item                           Status     Measurement
Temp  Routing Engine                 OK         47 degrees C / 116 degrees F
      Routing Engine CPU             Absent    
Fans  SRX220 Chassis fan 0           OK         Spinning at normal speed
      SRX220 Chassis fan 1           OK         Spinning at normal speed
Power Power Supply 0                 OK

Monitor commands/Real-time performance monitoring (RPM)

If we wanted to do some monitoring checks we will be will be able to do, real time monitor on a single interface or on all the interface by using the monitor interface {interface|traffic}. Using the monitor interface traffic we will see the traffic passing through every physical and logical interface. If you want a specific interface you will just need enter the interface number, for my example I used ge-/0/0/6 (my management interface)

monitor interface trafficmonitor interface ge-0/0/6
[email protected]_SRX> monitor interface traffic    

Top_SRX                           Seconds: 10                  Time: 22:24:29

Interface    Link  Input packets        (pps)     Output packets        (pps)
 ge-0/0/0      Up         185692          (0)           185742          (0)
 gr-0/0/0      Up              0          (0)                0          (0)
 ip-0/0/0      Up              0          (0)                0          (0)
 lsq-0/0/0     Up              0          (0)                0          (0)
 lt-0/0/0      Up              0          (0)                0          (0)
 mt-0/0/0      Up              0          (0)                0          (0)
 sp-0/0/0      Up              0          (0)                0          (0)
 ge-0/0/1      Up              0          (0)            78439          (0)
 ge-0/0/2      Up              0          (0)                0          (0)
 ge-0/0/3      Up              0          (0)                0          (0)
 ge-0/0/4    Down              0          (0)                0          (0)
 ge-0/0/5    Down              0          (0)                0          (0)
 ge-0/0/6      Up        1281474          (3)            31748          (1)
 ge-0/0/7    Down              0          (0)                0          (0)
 fxp2          Up              0                        622845
 gre           Up              0                             0
 ipip          Up              0                             0
 irb           Up              0                             0
 lo0           Up        2153221                       2153221
 lsi           Up              0                             0
 mtun          Up              0                             0
 pimd          Up              0                             0
 pime          Up              0                             0
 pp0           Up              0          (0)                0          (0)
 ppd0          Up              0          (0)                0          (0)

Bytes=b, Clear=c, Delta=d, Packets=p, Quit=q or ESC, Rate=r, Up=^U, Down=^D
[email protected]_SRX> monitor interface ge-0/0/6    

Top_SRX                           Seconds: 9                   Time: 22:25:34
                                                           Delay: 4/0/4
Interface: ge-0/0/6, Enabled, Link is Up
Encapsulation: Ethernet, Speed: 1000mbps
Traffic statistics:                                           Current delta
  Input bytes:                  83186459 (1576 bps)                  [3193]
  Output bytes:                  6025770 (2544 bps)                  [9050]
  Input packets:                 1281671 (3 pps)                       [50]
  Output packets:                  31828 (1 pps)                       [25]
Error statistics:
  Input errors:                        0                                [0]
  Input drops:                         0                                [0]
  Input framing errors:                0                                [0]
  Policed discards:                    0                                [0]
  L3 incompletes:                      0                                [0]
  L2 channel errors:                   0                                [0]
  L2 mismatch timeouts:                0                                [0]
  Carrier transitions:                 1                                [0]
  Output errors:                       0                                [0]
  Output drops:                        0                                [0]
  Aged packets:                        0                                [0]
Active alarms : None
Active defects: NoneInput MAC/Filter statistics:  Unicast              [28]   

Next='n', Quit='q' or ESC, Freeze='f', Thaw='t', Clear='c', Interface='i'

Interface statistics and errors

With the show interface command, you can get a lot of information about the interface. You will get important information about errors, flags or alarms that could affect the switch port or the physical cable that is connected to the port.

If you use the terse option, you will see if the link is up or down and what the local IP address on that device is. It will also show the physical and logical interfaces you have available

If you use the extensive option you will see everything that could affect the physical port from Input/Output details, CoS, SNMP-traps etc. If you were to get any question during your JNCIA about checking an interface, using the extensive option would give everything but you would need to search! If you check the outputs below, you will see where I’m going with it all πŸ™‚

Show interface outputs
show interfaces terseshow interfacesshow interfaces extensive
[email protected]_SRX> show interfaces terse 
Interface               Admin Link Proto    Local                 Remote
ge-0/0/0                up    up  
ge-0/0/0.0              up    up   inet     172.31.100.3/31 
gr-0/0/0                up    up  
ip-0/0/0                up    up  
lsq-0/0/0               up    up  
lt-0/0/0                up    up  
mt-0/0/0                up    up  
sp-0/0/0                up    up  
sp-0/0/0.0              up    up   inet    
sp-0/0/0.16383          up    up   inet     10.0.0.1            --> 10.0.0.16
                                            10.0.0.6            --> 0/0
                                            128.0.0.1           --> 128.0.1.16
                                            128.0.0.6           --> 0/0
ge-0/0/1                up    up  
ge-0/0/2                up    up  
ge-0/0/3                up    up  
ge-0/0/4                up    down
ge-0/0/5                up    down
ge-0/0/6                up    up  
ge-0/0/6.0              up    up   inet     10.1.0.201/24   
ge-0/0/7                up    down
fxp2                    up    up  
fxp2.0                  up    up   tnp      0x1             
gre                     up    up        
ipip                    up    up  
irb                     up    up  
lo0                     up    up  
lo0.16384               up    up   inet     127.0.0.1           --> 0/0
lo0.16385               up    up   inet     10.0.0.1            --> 0/0
                                            10.0.0.16           --> 0/0
                                            128.0.0.1           --> 0/0
                                            128.0.0.4           --> 0/0
                                            128.0.1.16          --> 0/0
lo0.32768               up    up  
lsi                     up    up  
mtun                    up    up  
pimd                    up    up  
pime                    up    up  
pp0                     up    up  
ppd0                    up    up  
ppe0                    up    up  
st0                     up    up  
tap                     up    up  
vlan                    up    up 
[email protected]_SRX> show interfaces ge-0/0/6              
Physical interface: ge-0/0/6, Enabled, Physical link is Up
  Interface index: 140, SNMP ifIndex: 516
  Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None,
  Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x0
  Link flags     : None
  CoS queues     : 8 supported, 8 maximum usable queues
  Current address: 10:0e:7e:4e:0f:86, Hardware address: 10:0e:7e:4e:0f:86
  Last flapped   : 2015-04-30 17:24:26 UTC (1w0d 03:54 ago)
  Input rate     : 1448 bps (2 pps)
  Output rate    : 1544 bps (0 pps)
  Active alarms  : None
  Active defects : None
  Interface transmit statistics: Disabled

  Logical interface ge-0/0/6.0 (Index 76) (SNMP ifIndex 528) 
    Flags: SNMP-Traps 0x0 Encapsulation: ENET2
    Input packets : 374622 
    Output packets: 12463
    Security: Zone: Null
    Protocol inet, MTU: 1500
      Flags: Sendbcast-pkt-to-re, Is-Primary
      Addresses, Flags: Is-Default Is-Preferred Is-Primary
        Destination: 10.1.0/24, Local: 10.1.0.201, Broadcast: 10.1.0.255
[email protected]_SRX> show interfaces ge-0/0/6 extensive 
Physical interface: ge-0/0/6, Enabled, Physical link is Up
  Interface index: 140, SNMP ifIndex: 516, Generation: 143
  Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None,
  Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x0
  Link flags     : None
  CoS queues     : 8 supported, 8 maximum usable queues
  Hold-times     : Up 0 ms, Down 0 ms
  Current address: 10:0e:7e:4e:0f:86, Hardware address: 10:0e:7e:4e:0f:86
  Last flapped   : 2015-04-30 17:24:26 UTC (1w0d 03:55 ago)
  Statistics last cleared: Never
  Traffic statistics:
   Input  bytes  :             82627263                 4968 bps
   Output bytes  :              5838121                 5048 bps
   Input  packets:              1273025                    8 pps
   Output packets:                30984                    3 pps
  Input errors:
    Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0,
    L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0
  Output errors:
    Carrier transitions: 1, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0,
    Resource errors: 0
  Egress queues: 8 supported, 4 in use
  Queue counters:       Queued packets  Transmitted packets      Dropped packets
    0 best-effort                 9215                 9215                    0
    1 expedited-fo                   0                    0                    0
    2 assured-forw                   0                    0                    0
    3 network-cont               21769                21769                    0
  Queue number:         Mapped forwarding classes
    0                   best-effort 
    1                   expedited-forwarding
    2                   assured-forwarding
    3                   network-control
  Active alarms  : None
  Active defects : None
  MAC statistics:                      Receive         Transmit
    Total octets                      93421178          5639424
    Total packets                      1288676            30983
    Unicast packets                      17785             8706
    Broadcast packets                   919434              508
    Multicast packets                   351457            21769
    CRC/Align errors                         0                0
    FIFO errors                              0                0
    MAC control frames                       0                0
    MAC pause frames                         0                0
    Oversized frames                         0
    Jabber frames                            0
    Fragment frames                          0
    VLAN tagged frames                       0
    Code violations                          0
  Filter statistics:
    Input packet count                       0
    Input packet rejects                     0
    Input DA rejects                         0
    Input SA rejects                         0
    Output packet count                                       0
    Output packet pad count                                   0
    Output packet error count                                 0
    CAM destination filters: 2, CAM source filters: 0
  Autonegotiation information:
    Negotiation status: Complete
    Link partner:
        Link mode: Full-duplex, Flow control: None, Remote fault: OK, Link partner Speed: 1000 Mbps
    Local resolution:                   
        Flow control: None, Remote fault: Link OK
  Packet Forwarding Engine configuration:
    Destination slot: 0
  CoS information:
    Direction : Output 
    CoS transmit queue               Bandwidth               Buffer Priority   Limit
                              %            bps     %           usec
    0 best-effort            95      950000000    95              0      low    none
    3 network-control         5       50000000     5              0      low    none
  Interface transmit statistics: Disabled

  Logical interface ge-0/0/6.0 (Index 76) (SNMP ifIndex 528) (Generation 142)
    Flags: SNMP-Traps 0x0 Encapsulation: ENET2
    Traffic statistics:
     Input  bytes  :             24369749
     Output bytes  :              2236064
     Input  packets:               374912
     Output packets:                12563
    Local statistics:
     Input  bytes  :             24343129
     Output bytes  :              2236064
     Input  packets:               374115
     Output packets:                12563
    Transit statistics:
     Input  bytes  :                26620                    0 bps
     Output bytes  :                    0                    0 bps
     Input  packets:                  797                    0 pps
     Output packets:                    0                    0 pps
    Security: Zone: Null
    Flow Statistics :  
    Flow Input statistics :
      Self packets :                     0
      ICMP packets :                     0
      VPN packets :                      0
      Multicast packets :                0
      Bytes permitted by policy :        0
      Connections established :          0 
    Flow Output statistics: 
      Multicast packets :                0
      Bytes permitted by policy :        0 
    Flow error statistics (Packets dropped due to): 
      Address spoofing:                  0
      Authentication failed:             0
      Incoming NAT errors:               0
      Invalid zone received packet:      0
      Multiple user authentications:     0 
      Multiple incoming NAT:             0
      No parent for a gate:              0
      No one interested in self packets: 0       
      No minor session:                  0 
      No more sessions:                  0
      No NAT gate:                       0 
      No route present:                  0 
      No SA for incoming SPI:            0 
      No tunnel found:                   0
      No session for a gate:             0 
      No zone or NULL zone binding       0
      Policy denied:                     0
      Security association not active:   0 
      TCP sequence number out of window: 0
      Syn-attack protection:             0
      User authentication errors:        0
    Protocol inet, MTU: 1500, Generation: 159, Route table: 0
      Flags: Sendbcast-pkt-to-re, Is-Primary
      Addresses, Flags: Is-Default Is-Preferred Is-Primary
        Destination: 10.1.0/24, Local: 10.1.0.201, Broadcast: 10.1.0.255, Generation: 160

Network tools

We are able to use a number network tools to help with troubleshooting and end-to-end connectivity. We will mostly use the ping, traceroute, ssh and telnet commands. We would use ping to check end-to-end connectivity testing and we would use traceroute to check the path that we are using to get from one device to another, whether that is on our internal LAN or across the internet. With Junos if we are using a DNS name (i.e. google.co.uk), it will by default use IPv6 AAAA record to try and get find the host in question. If you don’t have IPv6 configured on your network this is no help at all!

ping inet outputtraceroute inet output
[email protected]_SRX> ping google.co.uk 
PING6(56=40+8+8 bytes) :: --> 2a00:1450:4009:80c::2003
ping: sendmsg: No route to host
ping6: wrote google.co.uk 16 chars, ret=-1
ping: sendmsg: No route to host
ping6: wrote google.co.uk 16 chars, ret=-1
^C
--- google.co.uk ping6 statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
[email protected]_SRX> traceroute google.co.uk  
traceroute: connect: No route to host

We can around this by doing adding the option {ping|traceroute} inet we will be able to force the ping or traceroute to use an IPv4 A record to the destination.

ping inet outputtraceroute inet output
[email protected]_SRX> ping inet google.co.uk 
PING google.co.uk (216.58.210.3): 56 data bytes
64 bytes from 216.58.210.3: icmp_seq=0 ttl=56 time=2.923 ms
64 bytes from 216.58.210.3: icmp_seq=1 ttl=56 time=3.154 ms
^C
--- google.co.uk ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.923/3.038/3.154/0.115 ms
[email protected]_SRX> traceroute inet google.co.uk 
traceroute to google.co.uk (216.58.210.3), 30 hops max, 40 byte packets
 1  10.1.0.1 (10.1.0.1)  2.420 ms  2.186 ms  2.095 ms
 2  ge1-0-4.er01.bc.bbc.co.uk (132.185.254.173)  2.595 ms  3.739 ms  3.656 ms
 3  * * *
 4  * * *
 5  ae0.pr01.thdow.bbc.co.uk (132.185.254.77)  3.952 ms ae1.pr01.thdow.bbc.co.uk (132.185.254.81)  3.657 ms  3.429 ms
 6  125-126-245-83.packetexchange.net (83.245.126.125)  3.757 ms  3.993 ms  3.374 ms
 7  209.85.246.244 (209.85.246.244)  3.864 ms  3.507 ms  3.772 ms
 8  209.85.250.169 (209.85.250.169)  4.200 ms  3.486 ms  3.338 ms
 9  lhr08s06-in-f3.1e100.net (216.58.210.3)  4.054 ms  3.689 ms  4.188 ms

Note: Traceroute uses UDP and sends out 3 probes (why you see 3 responses) whereas ping uses TCP

Note
This is only if we are using DNS names, if we are using the IP address then the above doesn’t apply

With both ping and traceroute, you have additional options be more in-depth or specific on how you would like to testing

Additional Ping and Traceroute Option
traceroute optionsping options
[email protected]_SRX> traceroute inet google.co.uk ?  
Possible completions:
  <[Enter]>            Execute this command
  as-number-lookup     Look up AS numbers for each hop
  bypass-routing       Bypass routing table, use specified interface
  gateway              Address of router gateway to route through
  inet6                Force traceroute to IPv6 destination
  interface            Name of interface to use for outgoing traffic
  no-resolve           Don't attempt to print addresses symbolically
  propagate-ttl        Enable propagate-ttl for locally sourced RE traffic
  routing-instance     Name of routing instance for traceroute attempt
  source               Source address to use in outgoing traceroute packets
  tos                  IP type-of-service field (IPv4) (0..255)
  ttl                  IP maximum time-to-live value (or IPv6 maximum hop-limit value)
  wait                 Number of seconds to wait for response (seconds)
  |                    Pipe through a command
[email protected]_SRX> ping inet google.co.uk ?                                    
Possible completions:
  <[Enter]>            Execute this command
  bypass-routing       Bypass routing table, use specified interface
  count                Number of ping requests to send (1..2000000000 packets)
  detail               Display incoming interface of received packet
  do-not-fragment      Don't fragment echo request packets (IPv4)
  inet6                Force ping to IPv6 destination
  interface            Source interface (multicast, all-ones, unrouted packets)
  interval             Delay between ping requests (seconds)
+ loose-source         Intermediate loose source route entry (IPv4)
  mac-address          MAC address of the nexthop in xx:xx:xx:xx:xx:xx format
  no-resolve           Don't attempt to print addresses symbolically
  pattern              Hexadecimal fill pattern
  rapid                Send requests rapidly (default count of 5)
  record-route         Record and report packet's path (IPv4)
  routing-instance     Routing instance for ping attempt
  size                 Size of request packets (0..61580 bytes)
  source               Source address of echo request
  strict               Use strict source route option (IPv4)
+ strict-source        Intermediate strict source route entry (IPv4)
  tos                  IP type-of-service value (0..255)
  ttl                  IP time-to-live value (IPv6 hop-limit value) (1..255 hops)
  verbose              Display detailed output
  wait                 Maximum wait time after sending final packet (seconds)
  |                    Pipe through a command

Junos OS installation/Software upgrades

For Junos OS installations and Software upgrades, I have already done a post on how do a software upgrade πŸ™‚ You can take a look on here

Powering on and shutting down Junos devices

With Juniper devices, you have different methods of remotely rebooting and shutting down a device.

[email protected]_SRX> request system reboot

We see that there two ways we could shutdown our juniper device remotely. We can either halt or power-off. The differences between the two is that, if you do a system halt it is basically as graceful shutdown of the device, where we have the option to reboot, the device, back up if necessary.

[email protected]_SRX> request system halt
Request System Halt Output
[email protected]_SRX> request system halt             
Halt the system ? [yes,no] (no) yes 

Shutdown NOW!
[pid 1404]

[email protected]_SRX>                                                                                
*** FINAL System shutdown message from [email protected]_SRX ***                   

System going down IMMEDIATELY                                                  

                                                                               
MWaiting (max 60 seconds) for system process `vnlru' to stop...done
Waiting (max 60 seconds) for system process `vnlru_mem' to stop...done
Waiting (max 60 seconds) for system process `bufdaemon' to stop...done
Waiting (max 60 seconds) for system process `syncer' to stop...
Syncing disks, vnodes remaining...0 0 0 done

syncing disks... All buffers synced.
Uptime: 1h8m28s

The operating system has halted.
Please press any key to reboot.

Note: You will need to have a console connection to reboot, as you will get kicked off, if you have a ssh or telnet session

Whereas the system power-off would just turn off the device completely and you will to physically go to the device and remove and replug the PSU to power-on the device.

[email protected]_SRX> request system power-off

Additionally, we have extra options, if we wanted to sequence a reboot or shutdown. If you hit the β€œ?”, after your command, you can see the extra options available:

[email protected]_SRX> request system reboot ?                                    
Possible completions:
  <[Enter]>            Execute this command
  at                   Time at which to perform the operation
  in                   Number of minutes to delay before operation
  media                Boot media for next boot
  message              Message to display to all users
  |                    Pipe through a command

Root password recovery

If you have forgotten your password onto your Junos device, you are able to recover it by using the recovery password process. Note: with this method you will need to have console access onto the device and this will be request a few reboots, so if its in a lab it doesn’t matter, if its production you will need to do this in an outage window or you can take do the reboot and explain how and why you managed to forget an important password πŸ˜€

When doing the reboot you will need to watch the reboot process, as you will need to check for a particular point in the process to break. Once the autoboot been completed:

Autoboot process
PCI Status: PCI 32-bit
PCI BAR 0: 0xf8000000, PCI BAR 1: Memory 0x00000000  PCI 0x00000000
Warning!!!Last reboot reason 0x0 abnormal
Boot Media: usb internal-compact-flash 
Net:   octeth0

  ide 0: Model: CF 2GB Firm: 20100924 Ser#: 2013C     0000093572
            Type: Removable Disk
            Capacity: 2000.7 MB = 1.9 GB (4097520 x 512)
POST Passed
Press SPACE to abort autoboot in 1 seconds
ELF file is 32 bit

You will need to hit spacebar to break the boot process and you will enter into the boot loader

FreeBSD/MIPS U-Boot bootstrap loader, Revision 2.5
([email protected], Tue Apr  2 12:36:46 PDT 2013)
Memory: 2048MB
[0]Booting from internal-compact-flash slice 2
Un-Protected 1 sectors
writing to flash...
Protected 1 sectors
Loading /boot/defaults/loader.conf 
/kernel data=0xb05a8c+0x134484 syms=[0x4+0x8aaa0+0x4+0xc903f]

Hit [Enter] to boot immediately, or space bar for command prompt.

Type '?' for a list of commands, 'help' for more detailed help.
loader>

Once in the boot loader you will need to end the single user mode by entering boot -s

loader> boot -s

The device will boot into single user mode and you will need to enter recovery to start the root password recovery

Mounted junos package on /dev/md0...
Booting single-user
** /dev/ad0s2a
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 247818 free (42 frags, 30972 blocks, 0.0% fragmentation)
System watchdog timer disabled
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery

You are given instructions on what you will need to do to change the root password on the device

NOTE: Once in the CLI, you will need to enter configuration mode using
NOTE: the 'configure' command to make any required changes. For example,
NOTE: to reset the root password, type:
NOTE:    configure
NOTE:    set system root-authentication plain-text-password
NOTE:    (enter the new password when asked)
NOTE:    commit
NOTE:    exit
NOTE:    exit
NOTE: When you exit the CLI, you will be asked if you want to reboot
NOTE: the system
Re-set password commands
Starting CLI ... 
[email protected]_SRX> edit

[edit]
[email protected]_SRX# set system root-authentication plain-text-password 
New password: lab123
Retype new password:

[email protected]_SRX# commit and-quit

Once you’re back in Operational mode, you will need to reboot the device and then you’re done!

[email protected]_SRX> request system reboot 
Reboot the system ? [yes,no] (no) y
The following two tabs change content below.

Keeran Marquis

Network Engineer
Keeran Marquis is a Network Engineer. His main goal is to learn everything within the Networking field, pick up a little bit of scripting, be a poor man sysadmin and share whatever he knows! All Posts are his own views, opinions and experiences, no guarantees they will work for you but point you in the right direction πŸ™‚
Share this:
Share

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.