Friday, March 19, 2021

Enable Secure Copy (SCP) in a Cisco Router

I needed to transfer an image file from a Linux server to a Cisco ISR 4K router via a Secure Copy (SCP) protocol. SCP is secure than FTP and it's faster compared to a TFTP file transfer. I received an error Administratively disabled and found out I needed to enable SCP on the router.

[jl@linux ~]$ scp isr4300-universalk9.16.09.06.SPA.bin jl@192.168.1.57:bootflash:/isr4300-universalk9.16.09.06.SPA.bin

 

Password: <TACACS PW>

Administratively disabled.

[linux ~]$ Connection to 192.168.1.57 closed by remote host.

 

 

There are some prerequisite to make SCP work such as SSH and AAA, which were already configured on the router. I just needed to apply the ip scp server enable command. Note not all Cisco router can support SCP (especially using older IOS).

 

Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#ip scp server enable

Router(config)#end

Router#exit

 

 

After enabling the said command, I was able to successfully perform an SCP file transfer.


[jl@linux ~]$ scp isr4300-universalk9.16.09.06.SPA.bin jl@192.168.1.57:bootflash:/isr4300-universalk9.16.09.06.SPA.bin

 

Password: <TACACS PW>

isr4300-universalk9.16.09.06.SPA.bin                                                                    2%   17MB 771.1KB/s   12:03 ETA


Friday, March 5, 2021

Juniper Networks Monitoring and System Maintenance

Juniper delivers advanced security requirements with the SRX Series Services Gateways. These next-generation firewalls adapt as new threats emerge. They use information from the Juniper Advanced Threat Prevention cloud-based service and third-party GeoIP feeds to block malicious activities as they enter or traverse the network.


Monitoring System Operation

 

You can monitor most system related information using the show system <ARGUMENT> commands.

 

jadmin@JR-1> show system ?

Possible completions:

  alarms               Show system alarm status

  audit                Show file system MD5 hash and permissions

  boot-messages        Show boot time messages

  buffers              Show buffer statistics

  certificate          Show installed X509 certificates

  commit               Show pending commit requests (if any) and commit history

  configuration        Show configuration information

  connections          Show system connection activity

  core-dumps           Show system core files

  directory-usage      Show local directory information

  login                Show system login state

  memory               Show system memory usage

  processes            Show system process table

  queues               Show queue statistics

  reboot               Show any pending halt or reboot requests

  resource-cleanup     Show resource cleanup information

  rollback             Show rolled back configuration

  services             Show service applications information

  snapshot             Show snapshot information

  software             Show loaded JUNOS extensions

  statistics           Show statistics for protocol

  storage              Show local storage data

  subscriber-management  Show Subscriber management information

  uptime               Show time since system and processes started

  users                Show users who are currently logged in

  virtual-memory       Show kernel dynamic memory usage

jadmin@JR-1> show system alarms

No alarms currently active

 

 

jadmin@JR-1> show system boot-messages

Copyright (c) 1996-2012, Juniper Networks, Inc.

All rights reserved.

Copyright (c) 1992-2006 The FreeBSD Project.

Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994

        The Regents of the University of California. All rights reserved.

JUNOS 12.1R1.9 #0: 2012-03-24 12:52:33 UTC

    builder@greteth:/volume/build/junos/12.1/release/12.1R1.9/obj-i386/junos/bsd

/kernels/JUNIPER/kernel

Timecounter "i8254" frequency 1193182 Hz quality 0

CPU: Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz (2813.63-MHz 686-class CPU)

  Origin = "GenuineIntel"  Id = 0x406e3  Stepping = 3

  Features=0x1783fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,C

MOV,PAT,PSE36,MMX,FXSR,SSE,SSE2,HTT>

  Features2=0x56da220b<SSE3,<b1>,MON,SSSE3,CX16,<b17>,SSE4.1,SSE4.2,MOVBE,POPCNT

,<b25>,XSAVE,<b28>,<b30>>

  AMD Features=0x28100800<SYSCALL,NX,RDTSCP,LM>

  AMD Features2=0x121<LAHF,ABM,Prefetch>

real memory  = 536805376 (511 MB)

avail memory = 511856640 (488 MB)

pnpbios: Bad PnP BIOS data checksum

Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)

Security policy loaded: JUNOS MAC/pcap (mac_pcap)

Initializing M/T platform properties ..

cpu0 on motherboard

pcib0: <Host to PCI bridge> pcibus 0 on motherboard

pir0: <PCI Interrupt Routing Table: 30 Entries> on motherboard

pci0: <PCI bus> on pcib0

Correcting Natoma config for non-SMP

isab0: <PCI-ISA bridge> at device 1.0 on pci0

isa0: <ISA bus> on isab0

atapci0: <Intel PIIX4 UDMA33 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x37

6,0xd000-0xd00f at device 1.1 on pci0

ata0: <ATA channel 0> on atapci0

ata1: <ATA channel 1> on atapci0

pci0: <display, VGA> at device 2.0 (no driver attached)

em0: <Intel(R) PRO/1000 Network Connection Version - 3.2.18> port 0xd010-0xd017

mem 0xf0000000-0xf001ffff irq 9 at device 3.0 on pci0

em0: Memory Access and/or Bus Master bits were not set!

pci0: <base peripheral> at device 4.0 (no driver attached)

pci0: <multimedia, audio> at device 5.0 (no driver attached)

smb0: <Intel 82371AB SMB controller> irq 9 at device 7.0 on pci0

orm0: <ISA Option ROM> at iomem 0xc0000-0xc7fff on isa0

atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0

atkbd0: <AT Keyboard> irq 1 on atkbdc0

kbd0 at atkbd0

psm0: <PS/2 Mouse> irq 12 on atkbdc0

psm0: model IntelliMouse Explorer, device ID 4

vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0

sc0: <System console> at flags 0x100 on isa0

sc0: VGA <16 virtual consoles, flags=0x100>

sio0 at port 0x3f8-0x3ff irq 4 flags 0x90 on isa0

sio0: type 16550A, console

sio1: configured irq 5 not in bitmap of probed irqs 0

sio1: port may not be enabled

sio2: configured irq 3 not in bitmap of probed irqs 0

sio2: port may not be enabled

sio3: configured irq 7 not in bitmap of probed irqs 0

sio3: port may not be enabled

Initializing product: 1 ..

Setting up M/T interface operations and attributes

bmeb: bmeb_lib_init done 0xc273c800, addr 0xc0dc5b00

em0: bus=0, device=3, func=0, Ethernet address 08:00:27:a6:33:e8

Timecounter "TSC" frequency 2813628674 Hz quality 800

###PCB Group initialized for udppcbgroup

###PCB Group initialized for tcppcbgroup

ad0: Device does not support APM

ad0: 5120MB <VBOX HARDDISK 1.0> at ata0-master UDMA33

Trying to mount root from ufs:/dev/ad0s1a

 

 

jadmin@JR-1> show system connections

Active Internet connections (including servers)

Proto Recv-Q Send-Q  Local Address                                 Foreign Addr

ss                               (state)

tcp4       0      3  10.1.1.1.23                                   10.1.1.10.23

74                               ESTABLISHED

tcp4       0      0  10.1.1.1.23                                   10.1.1.10.33

29                               ESTABLISHED

tcp4       0      0  10.1.1.1.23                                   10.1.1.10.63

14                               ESTABLISHED

tcp4       0      0  *.23                                          *.*

                                 LISTEN

tcp4       0      0  *.22                                          *.*

                                 LISTEN

tcp4       0      0  *.6156                                        *.*

                                 LISTEN

tcp4       0      0  *.666                                         *.*

                                 LISTEN

tcp4       0      0  128.0.0.4.9000                                128.0.0.4.52

79                               ESTABLISHED

tcp4       0      0  128.0.0.4.52679                               128.0.0.4.90

0                                ESTABLISHED

tcp4       0      0  *.6161                                        *.*

                                 LISTEN

tcp4       0      0  *.38                                          *.*

                                 LISTEN

tcp4       0      0  *.7000                                        *.*

                                 LISTEN

tcp4       0      0  *.6151                                        *.*

                                 LISTEN

tcp4       0      0  *.31343                                       *.*

                                 LISTEN

tcp4       0      0  *.31341                                       *.*

                                 LISTEN

tcp4       0      0  *.51627                                       *.*

                                 LISTEN

tcp4       0      0  *.9000                                        *.*

                                 LISTEN

tcp4       0      0  *.6152                                        *.*

                                 LISTEN

tcp4       0      0  *.32003                                       *.*

                                 LISTEN

tcp4       0      0  *.514                                         *.*

                                 LISTEN

tcp4       0      0  *.513                                         *.*

                                 LISTEN

tcp4       0      0  *.10798                                       *.*

                                 LISTEN

tcp4       0      0  *.6234                                        *.*

                                 LISTEN

udp4       0      0  *.123                                         *.*

udp46      0      0  *.514                                         *.*

udp4       0      0  *.514                                         *.*

udp4       0      0  *.31340                                       *.*

udp4       0      0  *.31340                                       *.*

udp46      0      0  *.49152                                       *.*

udp46      0      0  *.4784                                        *.*

udp46      0      0  *.3784                                        *.*

udp4       0      0  *.49152                                       *.*

udp4       0      0  *.4784                                        *.*

udp4       0      0  *.3784                                        *.*

udp4       0      0  *.49153                                       *.*

udp4       0      0  *.3503                                        *.*

udp4       0      0  *.31342                                       *.*

udp46      0      0  *.65350                                       *.*

udp4       0      0  *.61859                                       *.*

udp4       0      0  *.6333                                        *.*

ip4        0      0  *.*                                           *.*

ip4        0      0  *.*                                           *.*

ip4        0      0  *.*                                           *.*

 

 

jadmin@JR-1> show system statistics

Tcp:

         23578 packets sent

                 22234 data packets (1296515 bytes)

                 38 data packets retransmitted (2444 bytes)

                 0 resends initiated by MTU discovery

                 1288 ack only packets (1120 packets delayed)

                 0 URG only packets

                 0 window probe packets

                 0 window update packets

                 65 control packets

         30799 packets received

                 22100 acks(for 1296344 bytes)

                 193 duplicate acks

                 0 acks for unsent data

                 21455  packets received in-sequence(58994 bytes)

                 81 completely duplicate packets(0 bytes)

                 0 old duplicate packets

                 0 packets with some duplicate data(0 bytes duped)

                 0 out-of-order packets(0 bytes)

                 0 packets of data after window(0 bytes)

                 0 window probes

                 1 window update packets

                 0 packets received after close

                 0 discarded for bad checksums

                 0 discarded for bad header offset fields

                 0 discarded because packet too short

         9 connection requests

         49 connection accepts

         0 bad connection attempts

         0 listen queue overflows

         51 connections established (including accepts)

         93 connections closed (including 20 drops)

                 43 connections updated cached RTT on close

                 43 connections updated cached RTT variance on close

                 6 connections updated cached ssthresh on close

         0 embryonic connections dropped

         22041 segments updated rtt(of 22053 attempts)

         48 retransmit timeouts

                 4 connections dropped by retransmit timeout

         0 persist timeouts

                 0 connections dropped by persist timeout

         232 keepalive timeouts

                 216 keepalive probes sent

                 16 connections dropped by keepalive

         4197 correct ACK header predictions

         8425 correct data packet header predictions

         49 syncache entries added

                 0 retransmitted

                 0 dupsyn

                 0 dropped

                 49 completed

                 0 bucket overflow

                 0 cache overflow

                 0 reset

                 0 stale

                 0 aborted

                 0 badack

                 0 unreach

                 0 zone failures

         0 cookies sent

         0 cookies received

         0 SACK recovery episodes

         0 segment retransmits in SACK recovery episodes

         0 byte retransmits in SACK recovery episodes

         0 SACK options (SACK blocks) received

         0 SACK options (SACK blocks) sent

         0 SACK scoreboard overflow

         0 ACKs sent in response to in-window but not exact RSTs

         0 ACKs sent in response to in-window SYNs on established connections

         0 rcv packets dropped by TCP due to bad address

         0 out-of-sequence segment drops due to insufficient memory

         47 RST packets

         0 ICMP packets ignored by TCP

         0 send packets dropped by TCP due to auth errors

         0 rcv packets dropped by TCP due to auth errors

         0 outgoing segments dropped due to policing

udp:

         48792 datagrams received

         0 with incomplete header

         0 with bad data length field

         0 with bad checksum

         48778 dropped due to no socket

         48776 broadcast/multicast datagrams dropped due to no socket

         0 dropped due to full socket buffers

         0 not for hashed pcb

         4294918534 delivered

         436 datagrams output

ip:

         80584 total packets received

         0 bad header checksums

         0 with size smaller than minimum

         0 with data size < data length

         0 with header length < data size

         0 with data length < header length

         0 with incorrect version number

         0 packets destined to dead next hop

---(more 19%)---

 

<OUTPUT TRUNCATED>

 

 

jadmin@JR-1> show system storage

Filesystem              Size       Used      Avail  Capacity   Mounted on

/dev/ad0s1a            1008M       256M       671M       28%  /

devfs                   1.0K       1.0K         0B      100%  /dev

/dev/md0                 41M        41M         0B      100%  /packages/mnt/jbas

e

/dev/md1                 18M        18M         0B      100%  /packages/mnt/jker

nel-12.1R1.9

/dev/md2                 16M        16M         0B      100%  /packages/mnt/jpfe

-M40-12.1R1.9

/dev/md3                5.0M       5.0M         0B      100%  /packages/mnt/jdoc

s-12.1R1.9

/dev/md4                 78M        78M         0B      100%  /packages/mnt/jrou

te-12.1R1.9

/dev/md5                 28M        28M         0B      100%  /packages/mnt/jcry

pto-12.1R1.9

/dev/md6                 46M        46M         0B      100%  /packages/mnt/jpfe

-common-12.1R1.9

/dev/md7                388M       388M         0B      100%  /packages/mnt/jrun

time-12.1R1.9

/dev/md8               1007M      10.0K       926M        0%  /tmp

/dev/md9               1007M       508K       926M        0%  /mfs

/dev/ad0s1e             197M        12K       181M        0%  /config

procfs                  4.0K       4.0K         0B      100%  /proc

/dev/ad0s1f             2.8G        36M       2.5G        1%  /var

 

 

 

Monitoring the Chassis

 

You can monitor the chassis related info using the show chassis <ARGUMENT> commands.

 

jadmin@JR-1> show chassis ?

Possible completions:

  alarms               Show alarm status

  craft-interface      Show craft interface status

  environment          Show component status and temperature, cooling system speeds

  firmware             Show firmware and operating system version for components

  fpc                  Show Flexible PIC Concentrator status

  hardware             Show installed hardware components

  location             Show physical location of chassis

  mac-addresses        Show media access control addresses

  pic                  Show Physical Interface Card state, type, and uptime

  routing-engine       Show Routing Engine status

  temperature-thresholds  Show chassis temperature threshold settings

jadmin@JR-1> show chassis alarms

No alarms currently active

 

 

 

Monitoring the Interface

 

You can use the show interfaces command to verify details and status on an interface. Use the specific interface-name (i.e ge, lo, etc) to filter output in the specified interface.

 

jadmin@JR-1> show interfaces ?

Possible completions:

  <[Enter]>            Execute this command

  <interface-name>     Name of physical or logical interface

  cbp0

  demux0

  dsc

  em0

  em0.0

  gre

  ipip

  irb

  lo0

  lo0.16384

  lo0.16385

  lsi

  mtun

  pimd

  pime

  pip0

  pp0

  tap

  brief                Display brief output

  controller           Show controller information

  descriptions         Display interface description strings

  destination-class    Show statistics for destination class

  detail               Display detailed output

  diagnostics          Show interface diagnostics information

  extensive            Display extensive output

  far-end-interval     Show far end interval statistics

  filters              Show interface filters information

  interface-set        Show interface set information

  interval             Show interval statistics

  load-balancing       Show load-balancing status

  mac-database         Show media access control database information

  mc-ae                Show MC-AE configured interface information

  media                Display media information

  policers             Show interface policers information

  queue                Show queue statistics for this interface

  redundancy           Show redundancy status

  routing              Show routing status

  routing-instance     Name of routing instance

  snmp-index           SNMP index of interface

  source-class         Show statistics for source class

  statistics           Display statistics and detailed output

  terse                Display terse output

  |                    Pipe through a command

jadmin@JR-1> show interfaces em0

Physical interface: em0, Enabled, Physical link is Up

  Interface index: 8, SNMP ifIndex: 17

  Type: Ethernet, Link-level type: Ethernet, MTU: 1514, Speed: 1000mbps

  Device flags   : Present Running

  Interface flags: SNMP-Traps

  Link type      : Full-Duplex

  Current address: 08:00:27:a6:33:e8, Hardware address: 08:00:27:a6:33:e8

  Last flapped   : 2020-10-18 08:01:54 SGT (00:16:06 ago)

    Input packets : 54721

    Output packets: 18948

 

  Logical interface em0.0 (Index 69) (SNMP ifIndex 18)

    Flags: SNMP-Traps Encapsulation: ENET2

    Input packets : 27187

    Output packets: 11386

    Protocol inet, MTU: 1500

      Flags: Sendbcast-pkt-to-re, Is-Primary

      Addresses, Flags: Is-Default Is-Preferred Is-Primary

        Destination: 10.1.1/24, Local: 10.1.1.1, Broadcast: 10.1.1.255

 

 

You can use the show interfaces terse command to quickly verify the physical (Admin) and Logical (Link) state of all installed interfaces as well as the Protocol (inet for IPv4 and inet6 for IPv6) and Local address. This is similar to Cisco's show ip interface brief command.

 

jadmin@JR-1> show interfaces terse

Interface               Admin Link Proto    Local                 Remote

cbp0                    up    up

demux0                  up    up

dsc                     up    up

em0                     up    up

em0.0                   up    up   inet     10.1.1.1/24

gre                     up    up

ipip                    up    up

irb                     up    up

lo0                     up    up

lo0.16384               up    up   inet     127.0.0.1           --> 0/0

lo0.16385               up    up   inet     128.0.0.4           --> 0/0

                                   inet6    fe80::a00:270f:fca6:33e8

lsi                     up    up

mtun                    up    up

pimd                    up    up

pime                    up    up

pip0                    up    up

pp0                     up    up

tap                     up    up

 

 

 

You can use the show interfaces <INTERFACE-NAME> extensive command to view detailed info of a specific interface, which includes interface statistics and errors.

 

jadmin@JR-1> show interfaces em0 extensive

Physical interface: em0, Enabled, Physical link is Up

  Interface index: 8, SNMP ifIndex: 17, Generation: 129

  Type: Ethernet, Link-level type: Ethernet, MTU: 1514, Clocking: Unspecified,

  Speed: 1000mbps

  Device flags   : Present Running

  Interface flags: SNMP-Traps

  Link type      : Full-Duplex

  Physical info  : Unspecified

  Hold-times     : Up 0 ms, Down 0 ms

  Current address: 08:00:27:a6:33:e8, Hardware address: 08:00:27:a6:33:e8

  Alternate link address: Unspecified

  Last flapped   : 2020-10-18 08:01:54 SGT (00:21:58 ago)

  Statistics last cleared: 2020-10-12 18:02:52 SGT (5d 14:21 ago)

  Traffic statistics:

   Input  bytes  :              4573369

   Output bytes  :              2042507

   Input  packets:                54889

   Output packets:                19004

   IPv6 transit statistics:

    Input  bytes  :                   0

    Output bytes  :                   0

    Input  packets:                   0

    Output packets:                   0

  Input errors:

    Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0,

    Policed discards: 0, Resource errors: 0

  Output errors:

    Carrier transitions: 0, Errors: 0, Drops: 0, MTU errors: 0,

    Resource errors: 0

 

  Logical interface em0.0 (Index 69) (SNMP ifIndex 18) (Generation 137)

    Flags: SNMP-Traps Encapsulation: ENET2

    Traffic statistics:

     Input  bytes  :              2082264

     Output bytes  :              1511350

     Input  packets:                27355

     Output packets:                11442

    Local statistics:

     Input  bytes  :              2082264

     Output bytes  :              1511350

     Input  packets:                27355

     Output packets:                11442

    Protocol inet, MTU: 1500, Generation: 147, Route table: 0

      Flags: Sendbcast-pkt-to-re, Is-Primary

      Addresses, Flags: Is-Default Is-Preferred Is-Primary

        Destination: 10.1.1/24, Local: 10.1.1.1, Broadcast: 10.1.1.255,

        Generation: 146

 

 

You can use the monitor interface <INTERFACE-NAME> command to view real-time traffic counters and display errors or alarm conditions.

 

jadmin@JR-1> monitor interface em0

 

JR-1                              Seconds: 4                   Time: 08:27:17

                                                           Delay: 0/0/0

Interface: em0, Enabled, Link is Up

Encapsulation: Ethernet, Speed: 1000mbps

Traffic statistics:                                           Current delta

  Input bytes:                   4582256                              [384]

  Output bytes:                  2051424                             [4630]

  Input packets:                   54995                                [6]

  Output packets:                  19039                                [6]

Error statistics:

  Input errors:                        0                                [0]

  Input drops:                         0                                [0]

  Input framing errors:                0                                [0]

  Carrier transitions:                 0                                [0]

  Output errors:                       0                                [0]

  Output drops:                        0                                [0]

 

 

Next='n', Quit='q' or ESC, Freeze='f', Thaw='t', Clear='c', Interface='i'

 

 

 

Ping and Traceroute Utilities

 

The Junos OS sends continuous pings by default and you can stop the operation with a Ctrl+c keys. You can specify the number of ICMP echo request using the count keyword.

 

jadmin@JR-1> ping 10.1.1.10

PING 10.1.1.10 (10.1.1.10): 56 data bytes

64 bytes from 10.1.1.10: icmp_seq=0 ttl=128 time=2.204 ms

64 bytes from 10.1.1.10: icmp_seq=1 ttl=128 time=1.641 ms

64 bytes from 10.1.1.10: icmp_seq=2 ttl=128 time=2.052 ms

64 bytes from 10.1.1.10: icmp_seq=3 ttl=128 time=1.473 ms

64 bytes from 10.1.1.10: icmp_seq=4 ttl=128 time=0.045 ms

64 bytes from 10.1.1.10: icmp_seq=5 ttl=128 time=1.578 ms

^C

--- 10.1.1.10 ping statistics ---

6 packets transmitted, 6 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.045/1.499/2.204/0.700 ms

 

jadmin@JR-1> ping 10.1.1.10 ?

Possible completions:

  <[Enter]>            Execute this command

  bypass-routing       Bypass routing table, use specified interface

  count                Number of ping requests to send (1..2000000000 packets)

  detail               Display incoming interface of received packet

  do-not-fragment      Don't fragment echo request packets (IPv4)

  inet                 Force ping to IPv4 destination

  inet6                Force ping to IPv6 destination

  interface            Source interface (multicast, all-ones, unrouted packets)

  interval             Delay between ping requests (seconds)

  logical-system       Name of logical system

+ loose-source         Intermediate loose source route entry (IPv4)

  mac-address          MAC address of the nexthop in xx:xx:xx:xx:xx:xx format

  no-resolve           Don't attempt to print addresses symbolically

  pattern              Hexadecimal fill pattern

  rapid                Send requests rapidly (default count of 5)

  record-route         Record and report packet's path (IPv4)

  routing-instance     Routing instance for ping attempt

  size                 Size of request packets (0..65468 bytes)

  source               Source address of echo request

  strict               Use strict source route option (IPv4)

+ strict-source        Intermediate strict source route entry (IPv4)

  tos                  IP type-of-service value (0..255)

  ttl                  IP time-to-live value (IPv6 hop-limit value) (hops)

  verbose              Display detailed output

  wait                 Maximum wait time after sending final packet (seconds)

  |                    Pipe through a command

jadmin@JR-1> ping 10.1.1.10 count 5 rapid   // USING THE rapid KEYWORD WILL NOT WAIT FOR THE USUAL 500 ms DELAY FOR A PING RESPONSE/TIMEOUT (A DOT OUTPUT);

PING 10.1.1.10 (10.1.1.10): 56 data bytes

!!!!!

--- 10.1.1.10 ping statistics ---

5 packets transmitted, 5 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.721/0.947/1.493/0.283 ms

 

 

Packet Capture

 

The Junos OS monitor traffic command allows packet capture using the tcpdump utility. It monitores traffic to or from the local Routing Engine (RE). The management interface is chosen and monitored if there's no interface specified. Use the Ctrl+c keys to stop the capture.

 

jadmin@JR-1> monitor ?

Possible completions:

  interface            Show interface traffic

  label-switched-path  Show label-switched-path traffic

  list                 Show status of monitored files

  start                Start showing log file in real time

  static-lsp           Show static label-switched-path traffic

  stop                 Stop showing log file in real time

  traffic              Show real-time network traffic information

jadmin@JR-1> monitor traffic ?

Possible completions:

  <[Enter]>            Execute this command

  absolute-sequence    Display absolute TCP sequence numbers

  brief                Display brief output

  count                Number of packets to receive (0..1000000 packets)

  detail               Display detailed output

  extensive            Display extensive output

  interface            Name of interface

  layer2-headers       Display link-level header on each dump line

  matching             Expression for headers of receive packets to match

  no-domain-names      Don't display domain portion of hostnames

  no-promiscuous       Don't put interface into promiscuous mode

  no-resolve           Don't attempt to print addresses symbolically

  no-timestamp         Don't print timestamp on each dump line

  print-ascii          Display packets in ASCII when displaying in hexadecimal f

ormat

  print-hex            Display packets in hexadecimal format

  resolve-timeout      Period of time to wait for each name resolution (seconds)

  size                 Amount of each packet to receive (bytes)

  |                    Pipe through a command

jadmin@JR-1> monitor traffic interface ?

Possible completions:

  <interface>          Name of interface

  cbp0

  demux0

  dsc

  em0

  em0.0

  gre

  ipip

  irb

  lo0

  lo0.16384

  lo0.16385

  lsi

  mtun

  pimd

  pime

  pip0

  pp0

  tap

jadmin@JR-1> monitor traffic interface em0 ?

Possible completions:

  <[Enter]>            Execute this command

  absolute-sequence    Display absolute TCP sequence numbers

  brief                Display brief output

  count                Number of packets to receive (0..1000000 packets)

  detail               Display detailed output

  extensive            Display extensive output

  layer2-headers       Display link-level header on each dump line

  matching             Expression for headers of receive packets to match

  no-domain-names      Don't display domain portion of hostnames

  no-promiscuous       Don't put interface into promiscuous mode

  no-resolve           Don't attempt to print addresses symbolically

  no-timestamp         Don't print timestamp on each dump line

  print-ascii          Display packets in ASCII when displaying in hexadecimal f

ormat

  print-hex            Display packets in hexadecimal format

  resolve-timeout      Period of time to wait for each name resolution (seconds)

  size                 Amount of each packet to receive (bytes)

  |                    Pipe through a command

jadmin@JR-1> monitor traffic interface em0 no-resolve

verbose output suppressed, use <detail> or <extensive> for full protocol decode

Address resolution is OFF.

Listening on em0, capture size 96 bytes

 

08:48:19.744871  In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 1234129195 win 4279

08:48:19.745205 Out IP truncated-ip - 132 bytes missing! 10.1.1.1.23 > 10.1.1.10

.52492: P 1:153(152) ack 0 win 32850

08:48:19.898578  In IP truncated-ip - 18 bytes missing! 10.1.1.10.137 > 10.1.1.2

55.137: UDP, length 50

08:48:19.944223  In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 153 win 4241

08:48:20.550511 Out IP truncated-ip - 357 bytes missing! 10.1.1.1.23 > 10.1.1.10

.52492: P 153:530(377) ack 0 win 32850

08:48:20.748385  In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 530 win 4147

08:48:21.549747 Out IP truncated-ip - 174 bytes missing! 10.1.1.1.23 > 10.1.1.10

.52492: P 530:724(194) ack 0 win 32850

08:48:21.749074  In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 724 win 4098

08:48:22.430570  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 4271236410:4271236413(3)

 ack 2049240940 win 4197

08:48:22.430958 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 1:2(1) ack 3 win 32850

08:48:22.547353 Out IP truncated-ip - 360 bytes missing! 10.1.1.1.23 > 10.1.1.10

.52492: P 724:1104(380) ack 0 win 32850

08:48:22.630952  In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 2 win 4196

08:48:22.744278  In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 1104 win 4380

08:48:23.216412  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 3:6(3) ack 2 win 4196

08:48:23.216502 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 2:3(1) ack 6 win 32850

08:48:23.410299  In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 3 win 4196

08:48:23.545856 Out IP truncated-ip - 479 bytes missing! 10.1.1.1.23 > 10.1.1.10

.52492: P 1104:1603(499) ack 0 win 32850

08:48:23.742187  In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 1603 win 4255

08:48:24.402846  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 6:7(1) ack 3 win 4196

08:48:24.404127 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 3:4(1) ack 7 win 32850

08:48:24.543010 Out IP truncated-ip - 336 bytes missing! 10.1.1.1.23 > 10.1.1.10

.52492: P 1603:1959(356) ack 0 win 32850

08:48:24.604023  In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 4 win 4196

08:48:24.614413  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 7:8(1) ack 4 win 4196

08:48:24.615634 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 4:5(1) ack 8 win 32850

08:48:24.642649  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 8:9(1) ack 5 win 4196

08:48:24.642649 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 5:6(1) ack 9 win 32850

08:48:24.721790  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 9:10(1) ack 6 win 4195

08:48:24.722075 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 6:7(1) ack 10 win 32850

08:48:24.742450  In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 1959 win 4166

08:48:24.803654  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 10:11(1) ack 7 win 4195

08:48:24.804400 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 7:8(1) ack 11 win 32850

08:48:25.003152  In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 8 win 4195

08:48:25.114581  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 11:12(1) ack 8 win 4195

08:48:25.114845 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 8:9(1) ack 12 win 32850

08:48:25.312660  In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 9 win 4195

08:48:25.405403  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 12:13(1) ack 9 win 4195

08:48:25.406270 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 9:10(1) ack 13 win 32850

08:48:25.542069 Out IP truncated-ip - 1003 bytes missing! 10.1.1.1.23 > 10.1.1.1

0.52492: P 1959:2982(1023) ack 0 win 32850

08:48:25.611550  In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 10 win 4194

08:48:25.623454  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 13:14(1) ack 10 win 4194

08:48:25.623886 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 10:11(1) ack 14 win 32850

08:48:25.738031  In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 2982 win 4380

08:48:25.738277 Out IP truncated-ip - 336 bytes missing! 10.1.1.1.23 > 10.1.1.10

.52492: P 2982:3338(356) ack 0 win 32850

08:48:25.770068  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 14:15(1) ack 11 win 4194

08:48:25.770211 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 11:12(1) ack 15 win 32850

08:48:25.854344  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 15:16(1) ack 12 win 4194

08:48:25.854889 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 12:13(1) ack 16 win 32850

08:48:25.937218  In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 3338 win 4291

08:48:25.970551  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 16:17(1) ack 13 win 4194

08:48:25.970647 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 13:14(1) ack 17 win 32850

08:48:26.059451  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 17:18(1) ack 14 win 4193

08:48:26.059586 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 14:15(1) ack 18 win 32850

08:48:26.160443  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 18:19(1) ack 15 win 4193

08:48:26.160621 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 15:16(1) ack 19 win 32850

08:48:26.329003  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 19:20(1) ack 16 win 4193

08:48:26.329542 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 16:17(1) ack 20 win 32850

08:48:26.531626  In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 17 win 4193

08:48:26.539866 Out IP truncated-ip - 1003 bytes missing! 10.1.1.1.23 > 10.1.1.1

0.52492: P 3338:4361(1023) ack 0 win 32850

08:48:26.661487  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 20:22(2) ack 17 win 4193

08:48:26.662166 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 17:18(1) ack 22 win 32850

08:48:26.665537 Out IP truncated-ip - 24 bytes missing! 10.1.1.1 > 10.1.1.10: IC

MP echo request, id 55872, seq 0, length 64

08:48:26.666071  In IP truncated-ip - 24 bytes missing! 10.1.1.10 > 10.1.1.1: ICMP echo reply, id 55872, seq 0, length 64

08:48:26.738878  In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 4361 win 4035

08:48:26.738945 Out IP truncated-ip - 654 bytes missing! 10.1.1.1.23 > 10.1.1.10.52492: P 4361:5035(674) ack 0 win 32850

08:48:26.860751  In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 18 win 4192

08:48:26.860990 Out IP truncated-ip - 84 bytes missing! 10.1.1.1.23 > 10.1.1.10.

41695: P 18:122(104) ack 22 win 32850

08:48:26.938477  In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 5035 win 4380

08:48:27.060477  In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 122 win 4166

08:48:27.539748 Out IP truncated-ip - 1003 bytes missing! 10.1.1.1.23 > 10.1.1.1

0.52492: P 5035:6058(1023) ack 0 win 32850

08:48:27.666579 Out IP truncated-ip - 24 bytes missing! 10.1.1.1 > 10.1.1.10: ICMP echo request, id 55872, seq 1, length 64

08:48:27.666942  In IP truncated-ip - 24 bytes missing! 10.1.1.10 > 10.1.1.1: ICMP echo reply, id 55872, seq 1, length 64

08:48:27.667044 Out IP truncated-ip - 39 bytes missing! 10.1.1.1.23 > 10.1.1.10.41695: P 122:181(59) ack 22 win 32850

08:48:27.734482  In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 6058 win 4124

08:48:27.734822 Out IP truncated-ip - 32 bytes missing! 10.1.1.1.23 > 10.1.1.10.

52492: P 6058:6110(52) ack 0 win 32850

08:48:27.863095  In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 181 win 4152

08:48:27.935312  In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 6110 win 4111

08:48:28.537666 Out IP truncated-ip - 815 bytes missing! 10.1.1.1.23 > 10.1.1.10.52492: P 6110:6945(835) ack 0 win 32850

08:48:28.665213 Out IP truncated-ip - 24 bytes missing! 10.1.1.1 > 10.1.1.10: ICMP echo request, id 55872, seq 2, length 64

08:48:28.666430  In IP truncated-ip - 24 bytes missing! 10.1.1.10 > 10.1.1.1: ICMP echo reply, id 55872, seq 2, length 64

08:48:28.666693 Out IP truncated-ip - 39 bytes missing! 10.1.1.1.23 > 10.1.1.10.41695: P 181:240(59) ack 22 win 32850

08:48:28.733717  In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 6945 win 4380

08:48:28.866415  In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 240 win 4137

08:48:29.305837  In IP 10.1.1.10.41695 > 10.1.1.1.23: P 22:23(1) ack 240 win 4137

08:48:29.307282 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 240:242(2) ack 23 win 32850

08:48:29.507021  In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 242 win 4136

08:48:29.507499 Out IP truncated-ip - 154 bytes missing! 10.1.1.1.23 > 10.1.1.10.41695: P 242:416(174) ack 23 win 32850

08:48:29.536520 Out IP truncated-ip - 981 bytes missing! 10.1.1.1.23 > 10.1.1.10.52492: P 6945:7946(1001) ack 0 win 32850

08:48:29.707314  In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 416 win 4093

08:48:29.730133  In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 7946 win 4129

^C

92 packets received by filter

0 packets dropped by kernel

 

 

Network Utilities

 

The Junos OS supports Telnet, SSH and FTP clients.

 

jadmin@JR-1> telnet 10.1.1.10 ?

Possible completions:

  <[Enter]>            Execute this command

  8bit                 Use 8-bit data path

  bypass-routing       Bypass routing table, use specified interface

  inet                 Force telnet to IPv4 destination

  inet6                Force telnet to IPv6 destination

  interface            Name of interface for outgoing traffic

  logical-system       Name of logical system

  no-resolve           Don't attempt to print addresses symbolically

  port                 Port number or service name on remote host

  routing-instance     Name of routing instance for telnet session

  source               Source address to use in telnet connection

  |                    Pipe through a command

jadmin@JR-1> telnet 10.1.1.10 port 21

Trying 10.1.1.10...

Connected to 10.1.1.10.

Escape character is '^]'.

220 3Com 3CDaemon FTP Server Version 2.0

 

 

Welcome to Microsoft Telnet Client

 

Escape Character is 'CTRL+]'   // JUNOS BREAK SEQUENCE IS CTRL+]

 

 

Microsoft Telnet>

Microsoft Telnet> quit

 

C:\Windows\System32>

 

 

I wasn't able to transfer files using the file copy command so I initiated FTP via the FreeBSD shell prompt.

 

jadmin@JR-1> file copy ftp://ftp@10.1.1.10/test123.txt /var/tmp/test123.txt...

fetch-secure: ftp://ftp@10.1.1.10/test123.txt: Not logged in

error: file-fetch failed

error: could not fetch local copy of file

 

jadmin@JR-1> start shell

% ftp 10.1.1.10

Connected to 10.1.1.10.

220 3Com 3CDaemon FTP Server Version 2.0

Name (10.1.1.10:jadmin): ftp

331 User name ok, need password

Password:

230 User logged in

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> get test123.txt

local: test123.txt remote: test123.txt

200 PORT command successful.

150 File status OK ; about to open data connection

100% |**************************************************|    10       00:00 ETA

226 Closing data connection; File transfer successful.

10 bytes received in 0.10 seconds (0.10 KB/s)

ftp> quit

221 Service closing control connection

% exit

exit

jadmin@JR-1> file list test123.txt

/var/home/jadmin/test123.txt

 

jadmin@JR-1> file list /var/home/jadmin

 

/var/home/jadmin:

.ssh/

config123

ftp

q

test123.txt

 

jadmin@JR-1> file delete /var/home/jadmin/test123.txt

 

jadmin@JR-1> file list /var/home/jadmin

 

/var/home/jadmin:

.ssh/

config123

ftp

q

 


Determine the Junos OS Release

 

You can verify the Junos OS Release using the show version command.

 

The following are some common Junos OS packages:

  • jkernel - The kernel and network tools package. This package contains the basic OS files.
  • jroute - The Routing Engine (RE) package. This package contains the RE software.
  • jpfe - The Packet Forwarding Engine (PFE) package. This package contains the PFE software.
  • jdocs  - The documentation package. This package contains the documentation (manual) set for the software.
  • jcrypto - The encryption package. This package contains the domestic security software.

 

 

jadmin@JR-1> show version

Hostname: JR-1

Model: olive

JUNOS Base OS boot [12.1R1.9]

JUNOS Base OS Software Suite [12.1R1.9]

JUNOS Kernel Software Suite [12.1R1.9]

JUNOS Crypto Software Suite [12.1R1.9]

JUNOS Packet Forwarding Engine Support (M/T Common) [12.1R1.9]

JUNOS Packet Forwarding Engine Support (M20/M40) [12.1R1.9]

JUNOS Online Documentation [12.1R1.9]

JUNOS Voice Services Container package [12.1R1.9]

JUNOS Border Gateway Function package [12.1R1.9]

JUNOS Services AACL Container package [12.1R1.9]

JUNOS Services LL-PDF Container package [12.1R1.9]

JUNOS Services PTSP Container package [12.1R1.9]

JUNOS Services Stateful Firewall [12.1R1.9]

JUNOS Services NAT [12.1R1.9]

JUNOS Services Application Level Gateways [12.1R1.9]

JUNOS Services Captive Portal and Content Delivery Container package [12.1R1.9]

JUNOS Services RPM [12.1R1.9]

JUNOS Services HTTP Content Management package [12.1R1.9]

JUNOS AppId Services [12.1R1.9]

JUNOS IDP Services [12.1R1.9]

JUNOS Services Crypto [12.1R1.9]

JUNOS Services SSL [12.1R1.9]

JUNOS Services IPSec [12.1R1.9]

JUNOS Runtime Software Suite [12.1R1.9]

JUNOS Routing Software Suite [12.1R1.9]

 

 

You can include the detail option to view the software packages and processes included in the Junos OS Release.

 

jadmin@JR-1> show version ?

Possible completions:

  <[Enter]>            Execute this command

  brief                Display brief output

  detail               Display detailed output

  |                    Pipe through a command

jadmin@JR-1> show version detail

Hostname: JR-1

Model: olive

JUNOS Base OS boot [12.1R1.9]

JUNOS Base OS Software Suite [12.1R1.9]

JUNOS Kernel Software Suite [12.1R1.9]

JUNOS Crypto Software Suite [12.1R1.9]

JUNOS Packet Forwarding Engine Support (M/T Common) [12.1R1.9]

JUNOS Packet Forwarding Engine Support (M20/M40) [12.1R1.9]

JUNOS Online Documentation [12.1R1.9]

JUNOS Voice Services Container package [12.1R1.9]

JUNOS Border Gateway Function package [12.1R1.9]

JUNOS Services AACL Container package [12.1R1.9]

JUNOS Services LL-PDF Container package [12.1R1.9]

JUNOS Services PTSP Container package [12.1R1.9]

JUNOS Services Stateful Firewall [12.1R1.9]

JUNOS Services NAT [12.1R1.9]

JUNOS Services Application Level Gateways [12.1R1.9]

JUNOS Services Captive Portal and Content Delivery Container package [12.1R1.9]

JUNOS Services RPM [12.1R1.9]

JUNOS Services HTTP Content Management package [12.1R1.9]

JUNOS AppId Services [12.1R1.9]

JUNOS IDP Services [12.1R1.9]

JUNOS Services Crypto [12.1R1.9]

JUNOS Services SSL [12.1R1.9]

JUNOS Services IPSec [12.1R1.9]

JUNOS Runtime Software Suite [12.1R1.9]

JUNOS Routing Software Suite [12.1R1.9]

KERNEL 12.1R1.9 #0 built by builder on 2012-03-24 12:52:33 UTC

MGD release 12.1R1.9 built by builder on 2012-03-24 12:36:25 UTC

CLI release 12.1R1.9 built by builder on 2012-03-24 08:36:49 UTC

RPD release 12.1R1.9 built by builder on 2012-03-24 12:56:44 UTC

CHASSISD release 12.1R1.9 built by builder on 2012-03-24 12:56:47 UTC

KMD release 12.1R1.9 built by builder on 2012-03-24 12:22:48 UTC

PKID release 12.1R1.9 built by builder on 2012-03-24 12:23:37 UTC

SENDD release 12.1R1.9 built by builder on 2012-03-24 12:10:29 UTC

DFWD release 12.1R1.9 built by builder on 2012-03-24 12:26:56 UTC

DCD release 12.1R1.9 built by builder on 2012-03-24 12:15:22 UTC

SNMPD release 12.1R1.9 built by builder on 2012-03-24 12:29:27 UTC

MIB2D release 12.1R1.9 built by builder on 2012-03-24 12:49:01 UTC

APSD release 12.1R1.9 built by builder on 2012-03-24 12:20:19 UTC

VRRPD release 12.1R1.9 built by builder on 2012-03-24 12:28:15 UTC

ALARMD release 12.1R1.9 built by builder on 2012-03-24 12:24:08 UTC

PFED release 12.1R1.9 built by builder on 2012-03-24 12:26:50 UTC

CRAFTD release 12.1R1.9 built by builder on 2012-03-24 12:24:16 UTC

SAMPLED release 12.1R1.9 built by builder on 2012-03-24 12:19:14 UTC

ILMID release 12.1R1.9 built by builder on 2012-03-24 12:20:28 UTC

RMOPD release 12.1R1.9 built by builder on 2012-03-24 12:23:52 UTC

COSD release 12.1R1.9 built by builder on 2012-03-24 12:26:22 UTC

FSAD release 12.1R1.9 built by builder on 2012-03-24 12:17:15 UTC

IRSD release 12.1R1.9 built by builder on 2012-03-24 12:13:26 UTC

FUD release 12.1R1.9 built by builder on 2012-03-24 12:43:01 UTC

RTSPD release 12.1R1.9 built by builder on 2012-03-24 08:31:22 UTC

SMARTD release 12.1R1.9 built by builder on 2012-03-24 07:40:18 UTC

SPD release 12.1R1.9 built by builder on 2012-03-24 12:22:47 UTC

JPPPOED release 12.1R1.9 built by builder on 2012-03-24 12:22:18 UTC

RDD release 12.1R1.9 built by builder on 2012-03-24 11:23:09 UTC

PPPD release 12.1R1.9 built by builder on 2012-03-24 12:19:15 UTC

DFCD release 12.1R1.9 built by builder on 2012-03-24 12:25:44 UTC

LACPD release 12.1R1.9 built by builder on 2012-03-24 12:25:53 UTC

LFMD release 12.1R1.9 built by builder on 2012-03-24 11:15:13 UTC

OAMD release 12.1R1.9 built by builder on 2012-03-24 12:13:41 UTC

CFMD release 12.1R1.9 built by builder on 2012-03-24 12:12:22 UTC

JDHCPD release 12.1R1.9 built by builder on 2012-03-24 12:27:48 UTC

PGCPD release 12.1R1.9 built by builder on 2012-03-24 12:56:34 UTC

PSSD release 12.1R1.9 built by builder on 2012-03-24 12:13:53 UTC

SSD release 12.1R1.9 built by builder on 2012-03-24 12:14:23 UTC

MSPD release 12.1R1.9 built by builder on 2012-03-24 11:20:35 UTC

AUTHD release 12.1R1.9 built by builder on 2012-03-24 12:28:24 UTC

PMOND release 12.1R1.9 built by builder on 2012-03-24 12:13:49 UTC

AUTOCONFD release 12.1R1.9 built by builder on 2012-03-24 11:09:11 UTC

JDIAMETERD release 12.1R1.9 built by builder on 2012-03-24 12:17:03 UTC

BDBREPD release 12.1R1.9 built by builder on 2012-03-24 12:11:20 UTC

RES-CLEANUPD release 12.1R1.9 built by builder on 2012-03-24 12:14:09 UTC

SBCCONFD release 12.1R1.9 built by builder on 2012-03-24 12:56:44 UTC

JPPPD release 12.1R1.9 built by builder on 2012-03-24 12:31:08 UTC

SHM-RTSDBD release 12.1R1.9 built by builder on 2012-03-24 12:44:16 UTC

DATAPATH-TRACED release 12.1R1.9 built by builder on 2012-03-24 12:12:11 UTC

SMID release 12.1R1.9 built by builder on 2012-03-24 12:14:23 UTC

SMIHELPERD release 12.1R1.9 built by builder on 2012-03-24 12:26:53 UTC

RELAYD release 12.1R1.9 built by builder on 2012-03-24 12:14:04 UTC

PPMD release 12.1R1.9 built by builder on 2012-03-24 12:14:33 UTC

LMPD release 12.1R1.9 built by builder on 2012-03-24 11:15:35 UTC

LRMUXD release 12.1R1.9 built by builder on 2012-03-24 11:54:53 UTC

PGMD release 12.1R1.9 built by builder on 2012-03-24 12:13:41 UTC

BFDD release 12.1R1.9 built by builder on 2012-03-24 12:37:17 UTC

SDXD release 12.1R1.9 built by builder on 2012-03-24 12:09:56 UTC

AUDITD release 12.1R1.9 built by builder on 2012-03-24 12:10:42 UTC

L2ALD release 12.1R1.9 built by builder on 2012-03-24 12:27:40 UTC

EVENTD release 12.1R1.9 built by builder on 2012-03-24 12:24:53 UTC

MPLSOAMD release 12.1R1.9 built by builder on 2012-03-24 12:18:31 UTC

jroute-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:54 UTC

jkernel-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:15 UTC

ancpd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:08 UTC

appsecure-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:10 UTC

aprobe-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:12 UTC

apsd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:14 UTC

cfm-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:17 UTC

clksyncd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:21 UTC

collector-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:25 UTC

demuxd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:27 UTC

dyn-sess-prof-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:29 UTC

elmi-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:31 UTC

fsad-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:33 UTC

gres-test-point-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:34 UTC

ilmid-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:36 UTC

jappid-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:38 UTC

jcrypto-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:41 UTC

jcrypto_junos-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:43 UTC

jddosd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:30:05 UTC

jdiameterd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:57 UTC

jidpd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:30:20 UTC

jkernel_junos-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:30:54 UTC

jpppd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:30:58 UTC

l2ald-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:36 UTC

lldp-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:38 UTC

mcsnoop-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:40 UTC

mipd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:46 UTC

mo-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:48 UTC

pppd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:50 UTC

pppoed-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:52 UTC

r2cpd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:55 UTC

rdd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:55 UTC

services-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:32:10 UTC

stp-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:32:12 UTC

subinfo-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:32:12 UTC

jdocs-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:18:19 UTC

jswitch-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:28:53 UTC

 

 

The Junos OS naming convention format is <package>-<release>-<edition>

  • package - is the description of the software contents. Ensure to download and install the appropriate image for your device/platform.

jinstall is used on M, T and MX series

jinstall-ex is used on EX series

junos-jsr is used on J series

junos-srx is used on SRX series

 

  • release - describes the Junos OS Release. It includes two integers: major and minor release numbers.

R stands for released software

B stands for beta-level or testing software

I stands for internal, test or experimental software

S is reserved for service release

 

  • edition - either domestic or export. Domestic version support strong encryption while export do not.

 

 

Upgrading the Junos OS

 

It's good practice to initially check the device storage capacity using the show system storage command before downloading the new Junos OS image . You store the new Junos OS image in the /var/tmp directory.

 

jadmin@JR-1> show system storage

Filesystem              Size       Used      Avail  Capacity   Mounted on

/dev/ad0s1a            1008M       256M       671M       28%  /

devfs                   1.0K       1.0K         0B      100%  /dev

/dev/md0                 41M        41M         0B      100%  /packages/mnt/jbas

e

/dev/md1                 18M        18M         0B      100%  /packages/mnt/jker

nel-12.1R1.9

/dev/md2                 16M        16M         0B      100%  /packages/mnt/jpfe

-M40-12.1R1.9

/dev/md3                5.0M       5.0M         0B      100%  /packages/mnt/jdoc

s-12.1R1.9

/dev/md4                 78M        78M         0B      100%  /packages/mnt/jrou

te-12.1R1.9

/dev/md5                 28M        28M         0B      100%  /packages/mnt/jcry

pto-12.1R1.9

/dev/md6                 46M        46M         0B      100%  /packages/mnt/jpfe

-common-12.1R1.9

/dev/md7                388M       388M         0B      100%  /packages/mnt/jrun

time-12.1R1.9

/dev/md8               1007M      10.0K       926M        0%  /tmp

/dev/md9               1007M       516K       926M        0%  /mfs

/dev/ad0s1e             197M        12K       181M        0%  /config

procfs                  4.0K       4.0K         0B      100%  /proc

/dev/ad0s1f             2.8G        36M       2.5G        1%  /var

 

 

You ucan se the request system software add <path/image-name> command to perform the Junos OS upgrade. You must reboot the system for the new software to take effect using the request system reboot as a separate step or adding the reboot option at the end of the request system software add <path/image-name> command.

 

It's recommended to monitor the upgrade process and watch for errors via the console.

 

jadmin@JR-1> request system ?

Possible completions:

  certificate          Manage X509 certificates

  commit               Perform commit related operations

  configuration        Request operation on system configuration

  halt                 Halt the system

  logout               Forcibly end user's CLI login session

  partition            Partition storage media

  power-off            Power off the system

  reboot               Reboot the system

  scripts              Manage scripts (commit, op, event)

  snapshot             Archive data and executable areas

  software             Perform system software extension or upgrade

  storage              Request operation on system storage

  zeroize              Erase all data, including configuration and log files

jadmin@JR-1> request system software ?

Possible completions:

  abort                Abort software upgrade

  add                  Add extension or upgrade package

  delete               Remove extension or upgrade package

  rollback             Attempt to roll back to previous set of packages

  validate             Verify package compatibility with current configuration

jadmin@JR-1> request system software add ?

Possible completions:

  <package-name>       URL or pathname of package

  best-effort-load     Load succeeds if at least one statement is valid

  config123            Size: 5295, Last changed: Oct 13 15:06:06

  delay-restart        Don't restart processes

  force                Force addition of package (ignore warnings)

  ftp                  Size: 5295, Last changed: Oct 18 08:59:48

  no-copy              Don't save copies of package files

  no-validate          Don't check compatibility with current configuration

  q                    Size: 1379, Last changed: Oct 13 13:35:53

  reboot               Reboot system after adding package

  test123.txt          Size: 10, Last changed: Sep 18 19:05:31

  unlink               Remove the package after successful installation

  validate             Check compatibility with current configuration

jadmin@JR-1> request system software add /var/tmp/junos-12.1R1.9-domestic ?

Possible completions:

  <[Enter]>            Execute this command

  best-effort-load     Load succeeds if at least one statement is valid

  delay-restart        Don't restart processes

  force                Force addition of package (ignore warnings)

  no-copy              Don't save copies of package files

  no-validate          Don't check compatibility with current configuration

  reboot               Reboot system after adding package

  unlink               Remove the package after successful installation

  validate             Check compatibility with current configuration

  |                    Pipe through a command

jadmin@JR-1> request system software add /var/tmp/junos-12.1R1.9-domestic reboot

 

 

You can delete the Junos OS images stored in the /var/tmp directory when you perform the file system cleanup using the request system storage cleanup command. You can proactively check which files will be cleaned up using the request system storage cleanup dry-run command.

 

jadmin@JR-1> request system storage ?

Possible completions:

  cleanup              Clean up temporary files and rotate logs

jadmin@JR-1> request system storage cleanup ?

Possible completions:

  <[Enter]>            Execute this command

  dry-run              Only list the cleanup candidates, do not remove them

  |                    Pipe through a command

jadmin@JR-1> request system storage cleanup dry-run

 

List of files to delete:

 

         Size Date         Name

  41.9K Oct 18 12:42 /var/log/interactive-commands.0.gz

  8409B Oct 11 01:14 /var/log/interactive-commands.1.gz

  50.2K Oct 18 12:42 /var/log/messages.0.gz

  23.4K Oct 11 01:14 /var/log/messages.1.gz

   133B Oct 18 12:42 /var/log/smartd.trace.0.gz

   564B Oct 11 01:14 /var/log/smartd.trace.1.gz

   877B Oct 18 12:23 /var/log/wtmp.0.gz

   170B Oct 11 00:55 /var/log/wtmp.1.gz

   143B Oct 10 20:23 /var/log/wtmp.2.gz

   341B Mar 26  2013 /var/log/wtmp.3.gz

   119B May  9  2012 /var/log/wtmp.4.gz

   695B Oct 18 07:23 /var/tmp/acc_transfer_link_16422_err

   695B Oct 18 07:23 /var/tmp/acc_transfer_link_16970_err

   695B Oct 18 07:23 /var/tmp/acc_transfer_link_17313_err

 124.0K Mar 27  2013 /var/tmp/gres-tp/env.dat

     0B May  9  2012 /var/tmp/gres-tp/lock

   155B Oct 10 22:20 /var/tmp/krt_gencfg_filter.txt

     0B Oct 10 20:23 /var/tmp/rtsdb/if-rtsdb

 

 

Unified In-Service Software Upgrade (ISSU)

 

The Unified In-Service Software Upgrade (ISSU) feature allows you to upgrade a Junos OS in a dual Routing Engine (RE) with no disruption on the control plane. The Graceful Routing Engine Switchover (GRES) and Nonstop Active Routing (NSR) must be both enabled. The Master RE and Backup RE must run the same software before performing a unified ISSU. You can't take out any Physical Interface Card (PIC) online or offline when performing a unified ISSU.

 

The following are the steps in performing a Unified ISSU:

 

  1. Enable GRES and NSR and verify the Master RE, Backup RE and protocols are synchronized.
  2. Download and transfer the new software package to the router.
  3. Issue the request system software in-service-upgrade command on the Master RE.

 

 

Password Recovery

 

You can only perform a system password (root) only at the console port.

 

The following are the steps in performing a password recovery:

 

  1. Reboot the system > press space bar when prompted > type boot -s to access single user mode
  2. Enter recovery when prompted for recovery mode
  3. Type configure > set system root-authentication plain-text-password > type the new root password
  4. commit the change > exit and reboot the system