JNCIA Refresher #3 - Operational Monitoring and Maintenance
Table of Contents
Show Commands⌗
For the JNCIA level, we will need to know how to check our devices and with Junos these are done using show commands from Operational Mode.
Show Commands⌗
root@Top_SRX> show ?
Possible completions:
accounting Show accounting profiles and records
arp Show system Address Resolution Protocol table entries
as-path Show table of known autonomous system paths
authentication-whitelist Show 802.1X White List MAC addresses
bfd Show Bidirectional Forwarding Detection information
bgp Show Border Gateway Protocol information
bridge Show bridging information
chassis Show chassis information
class-of-service Show class-of-service (CoS) information
cli Show command-line interface settings
configuration Show current configuration
connections Show circuit cross-connect connections
database-replication Show database replication information
dhcp Show Dynamic Host Configuration Protocol information
dhcpv6 Show Dynamic Host Configuration Protocol v6 information
dialer Show dialer information
dot1x Show 802.1X information
dvmrp Show Distance Vector Multicast Routing Protocol information
dynamic-tunnels Show dynamic tunnel information information
esis Show end system-to-intermediate system information
ethernet-switching Show Ethernet-switching information
event-options Show event-options information
firewall Show firewall information
forwarding-options Show forwarding-options information
gvrp Show Generic VLAN Registration Protocol information
helper Show port-forwarding helper information
host Show hostname information from domain name server
iccp Show Inter Chassis Control Protocol information
igmp Show Internet Group Management Protocol information
igmp-snooping Show IGMP snooping information
ingress-replication Show Ingress-Replication tunnel information
interfaces Show interface information
ipv6 Show IP version 6 information
isdn Show Integrated Services Digital Network information
isis Show Intermediate System-to-Intermediate System information
l2-learning Show l2 learning information
l2circuit Show Layer 2 circuit information
l2vpn Show Layer 2 VPN information
lacp Show Link Aggregation Control Protocol information
ldp Show Label Distribution Protocol information
lldp Show Link Layer Discovery Protocol information
log Show contents of log file
mld Show multicast listener discovery information
mld-snooping Show MLD snooping information
mpls Show mpls information
msdp Show Multicast Source Discovery Protocol information
multicast Show multicast information
mvpn Show Multicast Virtual Private Network (MVPN) information
network-access Show network-access related information
ntp Show Network Time Protocol information
oam Show OAM-related information
ospf Show Open Shortest Path First information
ospf3 Show Open Shortest Path First version 3 information
pfe Show Packet Forwarding Engine information
pgm Show Pragmatic Generalized Multicast information
pim Show Protocol Independent Multicast information
policer Show interface policer counters and information
policy Show policy information
ppp Show PPP process information
pppoe Show PPP over Ethernet information
protection-group Show protection group information
r2cp Show Radio-to-Router Protocol information
rip Show Routing Information Protocol information
ripng Show Routing Information Protocol for IPv6 information
route Show routing table information
rsvp Show Resource Reservation Protocol information
sap Show Session Announcement Protocol information
schedulers Show the information on one or more schedulers
security Show security information
services Show services
smtp Show Simple Mail Transfer Protocol information
snmp Show Simple Network Management Protocol information
spanning-tree Show Spanning Tree Protocol information
subscribers Show subscriber information
system Show system information
task Show routing protocol per-task information
ted Show Traffic Engineering Database information
version Show software process revision levels
vlans Show VLAN information
vpls Show VPLS information
vrrp Show Virtual Router Redundancy Protocol information
wireless-wan Show wireless WAN information
wlan Show wireless LAN information
As shown above, we have plenty of options available! But for the important ones for this level will be show system, show chassis and show interface each of these options have their own sub-sections that can be seen using ?
Show System⌗
Under the show system option as shown below, we have a lot of different options available. These command provide any operational issues and/or check that you would what to do on your device.
root@Top_SRX> show system ?
Possible completions:
alarms Show system alarm status
audit Show file system MD5 hash and permissions
auto-snapshot Show auto-snapshot status when system booted from alternate slice
autoinstallation Show autoinstallation information
autorecovery Show autorecovery information
boot-messages Show boot time messages
buffers Show buffer statistics
certificate Show installed X509 certificates
commit Show pending commit requests (if any) and commit history
configuration Show configuration information
connections Show system connection activity
core-dumps Show system core files
directory-usage Show local directory information
download Show status of downloads
firmware Show all firmware version information
health Show online diagnostic status
license Show feature licenses information
login Show system login state
memory Show system memory usage
processes Show system process table
queues Show queue statistics
reboot Show any pending halt or reboot requests
resource-cleanup Show resource cleanup information
rollback Show rolled back configuration
services Show service applications information
snapshot Show snapshot information
software Show loaded JUNOS extensions
statistics Show statistics for protocol
storage Show local storage data
subscriber-management Show Subscriber management information
threads Show system threads table
uptime Show time since system and processes started
users Show users who are currently logged in
virtual-memory Show kernel dynamic memory usage
The important one for JNCIA will be the alarms. As this will show any software based alarms that are currently on the device, they are either Minor or Major. I have two Minor alarms but as this is in the lab I don’t care however if this was production do something about it!
root@Top_SRX> show system alarms
2 alarms currently active
Alarm time Class Description
2015-04-30 17:23:40 UTC Minor Autorecovery information needs to be saved
2015-04-30 17:23:40 UTC Minor Rescue configuration is not set
To fix this issue you will need to run
request system autorecovery state save. This will need to run command once you have configuration that you know working and if in an emergency, you would be happy to recover to!
root@Top\_SRX> request system autorecovery state save
Saving config recovery information
Saving license recovery information
Saving BSD label recovery information
root@Top\_SRX> show system alarms
No alarms currently active
Show Chassis⌗
Under the show chassis option as shown below, we have a lot of different options available. These command provide information on hardware/physical status of the device.
Show Chassis options⌗
root@Top\_SRX> show chassis ?
Possible completions:
alarms Show alarm status
cluster Show chassis cluster information
craft-interface Show craft interface status
environment Show component status and temperature, cooling system speeds
fan Show fan and fan tray information
firmware Show firmware and operating system version for components
forwarding Show forwarding process (fwdd) status
fpc Show Flexible PIC Concentrator status
hardware Show installed hardware components
location Show physical location of chassis
mac-addresses Show media access control addresses
pic Show Physical Interface Card state, type, and uptime
routing-engine Show Routing Engine status
temperature-thresholds Show chassis temperature threshold settings
usb Show chassis USB status
From my experience the key commands that you will use mostly would be alarms, hardware and environment. All are pretty self explanatory from when you look at the output of the commands
Show Chassis Alarms⌗
root@Top\_SRX> show chassis alarms
No alarms currently active
Show Chassis Hardware⌗
root@Top\_SRX> show chassis hardware
Hardware inventory:
Item Version Part number Serial number Description
Chassis CF4713AK0219 SRX220H2
Routing Engine REV 04 750-048778 ACKS2263 RE-SRX220H2
FPC 0 FPC
PIC 0 8x GE Base PIC
Power Supply 0
Show Chassis Environment⌗
root@Top\_SRX> show chassis environment
Class Item Status Measurement
Temp Routing Engine OK 47 degrees C / 116 degrees F
Routing Engine CPU Absent
Fans SRX220 Chassis fan 0 OK Spinning at normal speed
SRX220 Chassis fan 1 OK Spinning at normal speed
Power Power Supply 0 OK
Monitor commands/Real-time performance monitoring (RPM)⌗
If we wanted to do some monitoring checks we will be will be able to do, real time monitor on a single interface or on all the interface by using the monitor interface {interface|traffic}. Using the monitor interface traffic we will see the traffic passing through every physical and logical interface. If you want a specific interface you will just need enter the interface number, for my example I used ge-/0/0/6 (my management interface)
Monitor Interface Traffic⌗
root@Top\_SRX> monitor interface traffic
Top\_SRX Seconds: 10 Time: 22:24:29
Interface Link Input packets (pps) Output packets (pps)
ge-0/0/0 Up 185692 (0) 185742 (0)
gr-0/0/0 Up 0 (0) 0 (0)
ip-0/0/0 Up 0 (0) 0 (0)
lsq-0/0/0 Up 0 (0) 0 (0)
lt-0/0/0 Up 0 (0) 0 (0)
mt-0/0/0 Up 0 (0) 0 (0)
sp-0/0/0 Up 0 (0) 0 (0)
ge-0/0/1 Up 0 (0) 78439 (0)
ge-0/0/2 Up 0 (0) 0 (0)
ge-0/0/3 Up 0 (0) 0 (0)
ge-0/0/4 Down 0 (0) 0 (0)
ge-0/0/5 Down 0 (0) 0 (0)
ge-0/0/6 Up 1281474 (3) 31748 (1)
ge-0/0/7 Down 0 (0) 0 (0)
fxp2 Up 0 622845
gre Up 0 0
ipip Up 0 0
irb Up 0 0
lo0 Up 2153221 2153221
lsi Up 0 0
mtun Up 0 0
pimd Up 0 0
pime Up 0 0
pp0 Up 0 (0) 0 (0)
ppd0 Up 0 (0) 0 (0)
Bytes=b, Clear=c, Delta=d, Packets=p, Quit=q or ESC, Rate=r, Up=^U, Down=^D
Monitor Interface⌗
root@Top\_SRX> monitor interface ge-0/0/6
Top\_SRX Seconds: 9 Time: 22:25:34
Delay: 4/0/4
Interface: ge-0/0/6, Enabled, Link is Up
Encapsulation: Ethernet, Speed: 1000mbps
Traffic statistics: Current delta
Input bytes: 83186459 (1576 bps) \[3193\]
Output bytes: 6025770 (2544 bps) \[9050\]
Input packets: 1281671 (3 pps) \[50\]
Output packets: 31828 (1 pps) \[25\]
Error statistics:
Input errors: 0 \[0\]
Input drops: 0 \[0\]
Input framing errors: 0 \[0\]
Policed discards: 0 \[0\]
L3 incompletes: 0 \[0\]
L2 channel errors: 0 \[0\]
L2 mismatch timeouts: 0 \[0\]
Carrier transitions: 1 \[0\]
Output errors: 0 \[0\]
Output drops: 0 \[0\]
Aged packets: 0 \[0\]
Active alarms : None
Active defects: NoneInput MAC/Filter statistics: Unicast \[28\]
Next='n', Quit='q' or ESC, Freeze='f', Thaw='t', Clear='c', Interface='i'
Interface statistics and Errors⌗
With the show interface command, you can get a lot of information about the interface. You will get important information about errors, flags or alarms that could affect the switch port or the physical cable that is connected to the port.
If you use the terse option, you will see if the link is up or down and what the local IP address on that device is. It will also show the physical and logical interfaces you have available
If you use the extensive option you will see everything that could affect the physical port from Input/Output details, CoS, SNMP-traps etc. If you were to get any question during your JNCIA about checking an interface, using the extensive option would give everything but you would need to search! If you check the outputs below, you will see where I’m going with it all :)
Show interface outputs⌗
Show Interfaces Terse⌗
root@Top\_SRX> show interfaces terse
Interface Admin Link Proto Local Remote
ge-0/0/0 up up
ge-0/0/0.0 up up inet 172.31.100.3/31
gr-0/0/0 up up
ip-0/0/0 up up
lsq-0/0/0 up up
lt-0/0/0 up up
mt-0/0/0 up up
sp-0/0/0 up up
sp-0/0/0.0 up up inet
sp-0/0/0.16383 up up inet 10.0.0.1 --> 10.0.0.16
10.0.0.6 --> 0/0
128.0.0.1 --> 128.0.1.16
128.0.0.6 --> 0/0
ge-0/0/1 up up
ge-0/0/2 up up
ge-0/0/3 up up
ge-0/0/4 up down
ge-0/0/5 up down
ge-0/0/6 up up
ge-0/0/6.0 up up inet 10.1.0.201/24
ge-0/0/7 up down
fxp2 up up
fxp2.0 up up tnp 0x1
gre up up
ipip up up
irb up up
lo0 up up
lo0.16384 up up inet 127.0.0.1 --> 0/0
lo0.16385 up up inet 10.0.0.1 --> 0/0
10.0.0.16 --> 0/0
128.0.0.1 --> 0/0
128.0.0.4 --> 0/0
128.0.1.16 --> 0/0
lo0.32768 up up
lsi up up
mtun up up
pimd up up
pime up up
pp0 up up
ppd0 up up
ppe0 up up
st0 up up
tap up up
vlan up up
Show Interfaces⌗
root@Top\_SRX> show interfaces ge-0/0/6
Physical interface: ge-0/0/6, Enabled, Physical link is Up
Interface index: 140, SNMP ifIndex: 516
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None,
Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Current address: 10:0e:7e:4e:0f:86, Hardware address: 10:0e:7e:4e:0f:86
Last flapped : 2015-04-30 17:24:26 UTC (1w0d 03:54 ago)
Input rate : 1448 bps (2 pps)
Output rate : 1544 bps (0 pps)
Active alarms : None
Active defects : None
Interface transmit statistics: Disabled
Logical interface ge-0/0/6.0 (Index 76) (SNMP ifIndex 528)
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Input packets : 374622
Output packets: 12463
Security: Zone: Null
Protocol inet, MTU: 1500
Flags: Sendbcast-pkt-to-re, Is-Primary
Addresses, Flags: Is-Default Is-Preferred Is-Primary
Destination: 10.1.0/24, Local: 10.1.0.201, Broadcast: 10.1.0.255
Show Interfaces Extensive⌗
root@Top\_SRX> show interfaces ge-0/0/6 extensive
Physical interface: ge-0/0/6, Enabled, Physical link is Up
Interface index: 140, SNMP ifIndex: 516, Generation: 143
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None,
Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Hold-times : Up 0 ms, Down 0 ms
Current address: 10:0e:7e:4e:0f:86, Hardware address: 10:0e:7e:4e:0f:86
Last flapped : 2015-04-30 17:24:26 UTC (1w0d 03:55 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 82627263 4968 bps
Output bytes : 5838121 5048 bps
Input packets: 1273025 8 pps
Output packets: 30984 3 pps
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0,
L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0
Output errors:
Carrier transitions: 1, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0,
Resource errors: 0
Egress queues: 8 supported, 4 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 9215 9215 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 21769 21769 0
Queue number: Mapped forwarding classes
0 best-effort
1 expedited-forwarding
2 assured-forwarding
3 network-control
Active alarms : None
Active defects : None
MAC statistics: Receive Transmit
Total octets 93421178 5639424
Total packets 1288676 30983
Unicast packets 17785 8706
Broadcast packets 919434 508
Multicast packets 351457 21769
CRC/Align errors 0 0
FIFO errors 0 0
MAC control frames 0 0
MAC pause frames 0 0
Oversized frames 0
Jabber frames 0
Fragment frames 0
VLAN tagged frames 0
Code violations 0
Filter statistics:
Input packet count 0
Input packet rejects 0
Input DA rejects 0
Input SA rejects 0
Output packet count 0
Output packet pad count 0
Output packet error count 0
CAM destination filters: 2, CAM source filters: 0
Autonegotiation information:
Negotiation status: Complete
Link partner:
Link mode: Full-duplex, Flow control: None, Remote fault: OK, Link partner Speed: 1000 Mbps
Local resolution:
Flow control: None, Remote fault: Link OK
Packet Forwarding Engine configuration:
Destination slot: 0
CoS information:
Direction : Output
CoS transmit queue Bandwidth Buffer Priority Limit
% bps % usec
0 best-effort 95 950000000 95 0 low none
3 network-control 5 50000000 5 0 low none
Interface transmit statistics: Disabled
Logical interface ge-0/0/6.0 (Index 76) (SNMP ifIndex 528) (Generation 142)
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Traffic statistics:
Input bytes : 24369749
Output bytes : 2236064
Input packets: 374912
Output packets: 12563
Local statistics:
Input bytes : 24343129
Output bytes : 2236064
Input packets: 374115
Output packets: 12563
Transit statistics:
Input bytes : 26620 0 bps
Output bytes : 0 0 bps
Input packets: 797 0 pps
Output packets: 0 0 pps
Security: Zone: Null
Flow Statistics :
Flow Input statistics :
Self packets : 0
ICMP packets : 0
VPN packets : 0
Multicast packets : 0
Bytes permitted by policy : 0
Connections established : 0
Flow Output statistics:
Multicast packets : 0
Bytes permitted by policy : 0
Flow error statistics (Packets dropped due to):
Address spoofing: 0
Authentication failed: 0
Incoming NAT errors: 0
Invalid zone received packet: 0
Multiple user authentications: 0
Multiple incoming NAT: 0
No parent for a gate: 0
No one interested in self packets: 0
No minor session: 0
No more sessions: 0
No NAT gate: 0
No route present: 0
No SA for incoming SPI: 0
No tunnel found: 0
No session for a gate: 0
No zone or NULL zone binding 0
Policy denied: 0
Security association not active: 0
TCP sequence number out of window: 0
Syn-attack protection: 0
User authentication errors: 0
Protocol inet, MTU: 1500, Generation: 159, Route table: 0
Flags: Sendbcast-pkt-to-re, Is-Primary
Addresses, Flags: Is-Default Is-Preferred Is-Primary
Destination: 10.1.0/24, Local: 10.1.0.201, Broadcast: 10.1.0.255, Generation: 160
Network Tools⌗
We are able to use a number network tools to help with troubleshooting and end-to-end connectivity. We will mostly use the ping, traceroute, ssh and telnet commands. We would use ping to check end-to-end connectivity testing and we would use traceroute to check the path that we are using to get from one device to another, whether that is on our internal LAN or across the internet. With Junos if we are using a DNS name (i.e. google.co.uk), it will by default use IPv6 AAAA record to try and get find the host in question. If you don’t have IPv6 configured on your network this is no help at all!
Ping⌗
root@Single\_SRX> ping google.co.uk
PING6(56=40+8+8 bytes) :: --> 2a00:1450:4009:80c::2003
ping: sendmsg: No route to host
ping6: wrote google.co.uk 16 chars, ret=-1
ping: sendmsg: No route to host
ping6: wrote google.co.uk 16 chars, ret=-1
^C
--- google.co.uk ping6 statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
Traceroute⌗
root@Single\_SRX> traceroute google.co.uk
traceroute: connect: No route to host
We can around this by doing adding the option inet we will be able to force the ping or traceroute to use an IPv4 A record to the destination.
Ping inet⌗
root@Single\_SRX> ping inet google.co.uk
PING google.co.uk (216.58.210.3): 56 data bytes
64 bytes from 216.58.210.3: icmp\_seq=0 ttl=56 time=2.923 ms
64 bytes from 216.58.210.3: icmp\_seq=1 ttl=56 time=3.154 ms
^C
--- google.co.uk ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.923/3.038/3.154/0.115 ms
Traceroute inet⌗
root@Single\_SRX> traceroute inet google.co.uk
traceroute to google.co.uk (216.58.210.3), 30 hops max, 40 byte packets
1 10.1.0.1 (10.1.0.1) 2.420 ms 2.186 ms 2.095 ms
2 ge1-0-4.er01.bc.bbc.co.uk (132.185.254.173) 2.595 ms 3.739 ms 3.656 ms
3 \* \* \*
4 \* \* \*
5 ae0.pr01.thdow.bbc.co.uk (132.185.254.77) 3.952 ms ae1.pr01.thdow.bbc.co.uk (132.185.254.81) 3.657 ms 3.429 ms
6 125-126-245-83.packetexchange.net (83.245.126.125) 3.757 ms 3.993 ms 3.374 ms
7 209.85.246.244 (209.85.246.244) 3.864 ms 3.507 ms 3.772 ms
8 209.85.250.169 (209.85.250.169) 4.200 ms 3.486 ms 3.338 ms
9 lhr08s06-in-f3.1e100.net (216.58.210.3) 4.054 ms 3.689 ms 4.188 ms
Traceroute uses UDP and sends out 3 probes (why you see 3 responses) whereas ping uses TCP. This is only if we are using DNS names, if we are using the IP address then the above doesn’t apply
With both ping and traceroute, you have additional options be more in-depth or specific on how you would like to testing
Additional Ping and Traceroute Option⌗
Traceroute options⌗
root@Single\_SRX> traceroute inet google.co.uk ?
Possible completions:
<\[Enter\]> Execute this command
as-number-lookup Look up AS numbers for each hop
bypass-routing Bypass routing table, use specified interface
gateway Address of router gateway to route through
inet6 Force traceroute to IPv6 destination
interface Name of interface to use for outgoing traffic
no-resolve Don't attempt to print addresses symbolically
propagate-ttl Enable propagate-ttl for locally sourced RE traffic
routing-instance Name of routing instance for traceroute attempt
source Source address to use in outgoing traceroute packets
tos IP type-of-service field (IPv4) (0..255)
ttl IP maximum time-to-live value (or IPv6 maximum hop-limit value)
wait Number of seconds to wait for response (seconds)
| Pipe through a command
Ping options⌗
root@Single\_SRX> ping inet google.co.uk ?
Possible completions:
<\[Enter\]> Execute this command
bypass-routing Bypass routing table, use specified interface
count Number of ping requests to send (1..2000000000 packets)
detail Display incoming interface of received packet
do-not-fragment Don't fragment echo request packets (IPv4)
inet6 Force ping to IPv6 destination
interface Source interface (multicast, all-ones, unrouted packets)
interval Delay between ping requests (seconds)
+ loose-source Intermediate loose source route entry (IPv4)
mac-address MAC address of the nexthop in xx:xx:xx:xx:xx:xx format
no-resolve Don't attempt to print addresses symbolically
pattern Hexadecimal fill pattern
rapid Send requests rapidly (default count of 5)
record-route Record and report packet's path (IPv4)
routing-instance Routing instance for ping attempt
size Size of request packets (0..61580 bytes)
source Source address of echo request
strict Use strict source route option (IPv4)
+ strict-source Intermediate strict source route entry (IPv4)
tos IP type-of-service value (0..255)
ttl IP time-to-live value (IPv6 hop-limit value) (1..255 hops)
verbose Display detailed output
wait Maximum wait time after sending final packet (seconds)
| Pipe through a command
Junos OS installation/Software upgrades⌗
For Junos OS installations and Software upgrades, I have already done a post on how do a software upgrade :) You can take a look on here
Powering on and shutting down Junos devices⌗
With Juniper devices, you have different methods of remotely rebooting and shutting down a device. request system reboot is self explained.
We see that there two ways we could shutdown our juniper device remotely. We can either halt or power-off. The differences between the two is that, if you do a system halt it is basically as graceful shutdown of the device, where we have the option to reboot, the device, back up if necessary.
Request System Halt⌗
root@Single\_SRX> request system halt
Halt the system ? \[yes,no\] (no) yes
Shutdown NOW!
\[pid 1404\]
root@Single\_SRX>
\*\*\* FINAL System shutdown message from root@Single\_SRX \*\*\*
System going down IMMEDIATELY
MWaiting (max 60 seconds) for system process \`vnlru' to stop...done
Waiting (max 60 seconds) for system process \`vnlru\_mem' to stop...done
Waiting (max 60 seconds) for system process \`bufdaemon' to stop...done
Waiting (max 60 seconds) for system process \`syncer' to stop...
Syncing disks, vnodes remaining...0 0 0 done
syncing disks... All buffers synced.
Uptime: 1h8m28s
The operating system has halted.
Please press any key to reboot.
You will need to have a console connection to reboot, as you will get kicked off, if you have a ssh or telnet session
Whereas the system power-off would just turn off the device completely and you will to physically go to the device and remove and replug the PSU to power-on the device, request system power-off
Additionally, we have extra options, if we wanted to sequence a reboot or shutdown. If you hit the ?, after your command, you can see the extra options available:
root@Single\_SRX> request system reboot ?
Possible completions:
<\[Enter\]> Execute this command
at Time at which to perform the operation
in Number of minutes to delay before operation
media Boot media for next boot
message Message to display to all users
| Pipe through a command
Root password recovery⌗
If you have forgotten your password onto your Junos device, you are able to recover it by using the recovery password process. Note: with this method you will need to have console access onto the device and this will be request a few reboots, so if its in a lab it doesn’t matter, if its production you will need to do this in an outage window or you can take do the reboot and explain how and why you managed to forget an important password :D
When doing the reboot you will need to watch the reboot process, as you will need to check for a particular point in the process to break. Once the autoboot been completed:
Autoboot process⌗
PCI Status: PCI 32-bit
PCI BAR 0: 0xf8000000, PCI BAR 1: Memory 0x00000000 PCI 0x00000000
Warning!!!Last reboot reason 0x0 abnormal
Boot Media: usb internal-compact-flash
Net: octeth0
ide 0: Model: CF 2GB Firm: 20100924 Ser#: 2013C 0000093572
Type: Removable Disk
Capacity: 2000.7 MB = 1.9 GB (4097520 x 512)
POST Passed
Press SPACE to abort autoboot in 1 seconds
ELF file is 32 bit
You will need to hit spacebar to break the boot process and you will enter into the boot loader
FreeBSD/MIPS U-Boot bootstrap loader, Revision 2.5
([email protected], Tue Apr 2 12:36:46 PDT 2013)
Memory: 2048MB
\[0\]Booting from internal-compact-flash slice 2
Un-Protected 1 sectors
writing to flash...
Protected 1 sectors
Loading /boot/defaults/loader.conf
/kernel data=0xb05a8c+0x134484 syms=\[0x4+0x8aaa0+0x4+0xc903f\]
Hit \[Enter\] to boot immediately, or space bar for command prompt.
Type '?' for a list of commands, 'help' for more detailed help.
loader>
Once in the boot loader you will need to end the single user mode by entering _boot -s_
loader> boot -s
The device will boot into single user mode and you will need to enter _recovery_ to start the root password recovery
Mounted junos package on /dev/md0...
Booting single-user
\*\* /dev/ad0s2a
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 247818 free (42 frags, 30972 blocks, 0.0% fragmentation)
System watchdog timer disabled
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: **recovery**
You are given instructions on what you will need to do to change the root password on the device
NOTE: Once in the CLI, you will need to enter configuration mode using
NOTE: the 'configure' command to make any required changes. For example,
NOTE: to reset the root password, type:
NOTE: configure
NOTE: set system root-authentication plain-text-password
NOTE: (enter the new password when asked)
NOTE: commit
NOTE: exit
NOTE: exit
NOTE: When you exit the CLI, you will be asked if you want to reboot
NOTE: the system
Re-set password⌗
Starting CLI ...
root@Single\_SRX> edit
[edit]
root@Single\_SRX# set system root-authentication plain-text-password
New password: lab123
Retype new password:
root@Single\_SRX# commit and-quit
Once you’re back in Operational mode, you will need to reboot the device and then you’re done!
root@Single\_SRX> request system reboot
Reboot the system ? \[yes,no\] (no) y
Read other posts