Juniper delivers advanced security requirements with the SRX Series Services Gateways. These next-generation firewalls adapt as new threats emerge. They use information from the Juniper Advanced Threat Prevention cloud-based service and third-party GeoIP feeds to block malicious activities as they enter or traverse the network.
Monitoring System Operation
You can monitor most system related information using the show system <ARGUMENT> commands.
jadmin@JR-1> show system ?
Possible completions:
alarms Show system alarm status
audit Show file system MD5 hash and permissions
boot-messages Show boot time messages
buffers Show buffer statistics
certificate Show installed X509 certificates
commit Show pending commit requests (if any) and commit history
configuration Show configuration information
connections Show system connection activity
core-dumps Show system core files
directory-usage Show local directory information
login Show system login state
memory Show system memory usage
processes Show system process table
queues Show queue statistics
reboot Show any pending halt or reboot requests
resource-cleanup Show resource cleanup information
rollback Show rolled back configuration
services Show service applications information
snapshot Show snapshot information
software Show loaded JUNOS extensions
statistics Show statistics for protocol
storage Show local storage data
subscriber-management Show Subscriber management information
uptime Show time since system and processes started
users Show users who are currently logged in
virtual-memory Show kernel dynamic memory usage
jadmin@JR-1> show system alarms
No alarms currently active
jadmin@JR-1> show system boot-messages
Copyright (c) 1996-2012, Juniper Networks, Inc.
All rights reserved.
Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
JUNOS 12.1R1.9 #0: 2012-03-24 12:52:33 UTC
builder@greteth:/volume/build/junos/12.1/release/12.1R1.9/obj-i386/junos/bsd
/kernels/JUNIPER/kernel
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz (2813.63-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x406e3 Stepping = 3
Features=0x1783fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,C
MOV,PAT,PSE36,MMX,FXSR,SSE,SSE2,HTT>
Features2=0x56da220b<SSE3,<b1>,MON,SSSE3,CX16,<b17>,SSE4.1,SSE4.2,MOVBE,POPCNT
,<b25>,XSAVE,<b28>,<b30>>
AMD Features=0x28100800<SYSCALL,NX,RDTSCP,LM>
AMD Features2=0x121<LAHF,ABM,Prefetch>
real memory = 536805376 (511 MB)
avail memory = 511856640 (488 MB)
pnpbios: Bad PnP BIOS data checksum
Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
Security policy loaded: JUNOS MAC/pcap (mac_pcap)
Initializing M/T platform properties ..
cpu0 on motherboard
pcib0: <Host to PCI bridge> pcibus 0 on motherboard
pir0: <PCI Interrupt Routing Table: 30 Entries> on motherboard
pci0: <PCI bus> on pcib0
Correcting Natoma config for non-SMP
isab0: <PCI-ISA bridge> at device 1.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX4 UDMA33 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x37
6,0xd000-0xd00f at device 1.1 on pci0
ata0: <ATA channel 0> on atapci0
ata1: <ATA channel 1> on atapci0
pci0: <display, VGA> at device 2.0 (no driver attached)
em0: <Intel(R) PRO/1000 Network Connection Version - 3.2.18> port 0xd010-0xd017
mem 0xf0000000-0xf001ffff irq 9 at device 3.0 on pci0
em0: Memory Access and/or Bus Master bits were not set!
pci0: <base peripheral> at device 4.0 (no driver attached)
pci0: <multimedia, audio> at device 5.0 (no driver attached)
smb0: <Intel 82371AB SMB controller> irq 9 at device 7.0 on pci0
orm0: <ISA Option ROM> at iomem 0xc0000-0xc7fff on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: model IntelliMouse Explorer, device ID 4
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x100>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x90 on isa0
sio0: type 16550A, console
sio1: configured irq 5 not in bitmap of probed irqs 0
sio1: port may not be enabled
sio2: configured irq 3 not in bitmap of probed irqs 0
sio2: port may not be enabled
sio3: configured irq 7 not in bitmap of probed irqs 0
sio3: port may not be enabled
Initializing product: 1 ..
Setting up M/T interface operations and attributes
bmeb: bmeb_lib_init done 0xc273c800, addr 0xc0dc5b00
em0: bus=0, device=3, func=0, Ethernet address 08:00:27:a6:33:e8
Timecounter "TSC" frequency 2813628674 Hz quality 800
###PCB Group initialized for udppcbgroup
###PCB Group initialized for tcppcbgroup
ad0: Device does not support APM
ad0: 5120MB <VBOX HARDDISK 1.0> at ata0-master UDMA33
Trying to mount root from ufs:/dev/ad0s1a
jadmin@JR-1> show system connections
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Addr
ss (state)
tcp4 0 3 10.1.1.1.23 10.1.1.10.23
74 ESTABLISHED
tcp4 0 0 10.1.1.1.23 10.1.1.10.33
29 ESTABLISHED
tcp4 0 0 10.1.1.1.23 10.1.1.10.63
14 ESTABLISHED
tcp4 0 0 *.23 *.*
LISTEN
tcp4 0 0 *.22 *.*
LISTEN
tcp4 0 0 *.6156 *.*
LISTEN
tcp4 0 0 *.666 *.*
LISTEN
tcp4 0 0 128.0.0.4.9000 128.0.0.4.52
79 ESTABLISHED
tcp4 0 0 128.0.0.4.52679 128.0.0.4.90
0 ESTABLISHED
tcp4 0 0 *.6161 *.*
LISTEN
tcp4 0 0 *.38 *.*
LISTEN
tcp4 0 0 *.7000 *.*
LISTEN
tcp4 0 0 *.6151 *.*
LISTEN
tcp4 0 0 *.31343 *.*
LISTEN
tcp4 0 0 *.31341 *.*
LISTEN
tcp4 0 0 *.51627 *.*
LISTEN
tcp4 0 0 *.9000 *.*
LISTEN
tcp4 0 0 *.6152 *.*
LISTEN
tcp4 0 0 *.32003 *.*
LISTEN
tcp4 0 0 *.514 *.*
LISTEN
tcp4 0 0 *.513 *.*
LISTEN
tcp4 0 0 *.10798 *.*
LISTEN
tcp4 0 0 *.6234 *.*
LISTEN
udp4 0 0 *.123 *.*
udp46 0 0 *.514 *.*
udp4 0 0 *.514 *.*
udp4 0 0 *.31340 *.*
udp4 0 0 *.31340 *.*
udp46 0 0 *.49152 *.*
udp46 0 0 *.4784 *.*
udp46 0 0 *.3784 *.*
udp4 0 0 *.49152 *.*
udp4 0 0 *.4784 *.*
udp4 0 0 *.3784 *.*
udp4 0 0 *.49153 *.*
udp4 0 0 *.3503 *.*
udp4 0 0 *.31342 *.*
udp46 0 0 *.65350 *.*
udp4 0 0 *.61859 *.*
udp4 0 0 *.6333 *.*
ip4 0 0 *.* *.*
ip4 0 0 *.* *.*
ip4 0 0 *.* *.*
jadmin@JR-1> show system statistics
Tcp:
23578 packets sent
22234 data packets (1296515 bytes)
38 data packets retransmitted (2444 bytes)
0 resends initiated by MTU discovery
1288 ack only packets (1120 packets delayed)
0 URG only packets
0 window probe packets
0 window update packets
65 control packets
30799 packets received
22100 acks(for 1296344 bytes)
193 duplicate acks
0 acks for unsent data
21455 packets received in-sequence(58994 bytes)
81 completely duplicate packets(0 bytes)
0 old duplicate packets
0 packets with some duplicate data(0 bytes duped)
0 out-of-order packets(0 bytes)
0 packets of data after window(0 bytes)
0 window probes
1 window update packets
0 packets received after close
0 discarded for bad checksums
0 discarded for bad header offset fields
0 discarded because packet too short
9 connection requests
49 connection accepts
0 bad connection attempts
0 listen queue overflows
51 connections established (including accepts)
93 connections closed (including 20 drops)
43 connections updated cached RTT on close
43 connections updated cached RTT variance on close
6 connections updated cached ssthresh on close
0 embryonic connections dropped
22041 segments updated rtt(of 22053 attempts)
48 retransmit timeouts
4 connections dropped by retransmit timeout
0 persist timeouts
0 connections dropped by persist timeout
232 keepalive timeouts
216 keepalive probes sent
16 connections dropped by keepalive
4197 correct ACK header predictions
8425 correct data packet header predictions
49 syncache entries added
0 retransmitted
0 dupsyn
0 dropped
49 completed
0 bucket overflow
0 cache overflow
0 reset
0 stale
0 aborted
0 badack
0 unreach
0 zone failures
0 cookies sent
0 cookies received
0 SACK recovery episodes
0 segment retransmits in SACK recovery episodes
0 byte retransmits in SACK recovery episodes
0 SACK options (SACK blocks) received
0 SACK options (SACK blocks) sent
0 SACK scoreboard overflow
0 ACKs sent in response to in-window but not exact RSTs
0 ACKs sent in response to in-window SYNs on established connections
0 rcv packets dropped by TCP due to bad address
0 out-of-sequence segment drops due to insufficient memory
47 RST packets
0 ICMP packets ignored by TCP
0 send packets dropped by TCP due to auth errors
0 rcv packets dropped by TCP due to auth errors
0 outgoing segments dropped due to policing
udp:
48792 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
48778 dropped due to no socket
48776 broadcast/multicast datagrams dropped due to no socket
0 dropped due to full socket buffers
0 not for hashed pcb
4294918534 delivered
436 datagrams output
ip:
80584 total packets received
0 bad header checksums
0 with size smaller than minimum
0 with data size < data length
0 with header length < data size
0 with data length < header length
0 with incorrect version number
0 packets destined to dead next hop
---(more 19%)---
<OUTPUT TRUNCATED>
jadmin@JR-1> show system storage
Filesystem Size Used Avail Capacity Mounted on
/dev/ad0s1a 1008M 256M 671M 28% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/md0 41M 41M 0B 100% /packages/mnt/jbas
e
/dev/md1 18M 18M 0B 100% /packages/mnt/jker
nel-12.1R1.9
/dev/md2 16M 16M 0B 100% /packages/mnt/jpfe
-M40-12.1R1.9
/dev/md3 5.0M 5.0M 0B 100% /packages/mnt/jdoc
s-12.1R1.9
/dev/md4 78M 78M 0B 100% /packages/mnt/jrou
te-12.1R1.9
/dev/md5 28M 28M 0B 100% /packages/mnt/jcry
pto-12.1R1.9
/dev/md6 46M 46M 0B 100% /packages/mnt/jpfe
-common-12.1R1.9
/dev/md7 388M 388M 0B 100% /packages/mnt/jrun
time-12.1R1.9
/dev/md8 1007M 10.0K 926M 0% /tmp
/dev/md9 1007M 508K 926M 0% /mfs
/dev/ad0s1e 197M 12K 181M 0% /config
procfs 4.0K 4.0K 0B 100% /proc
/dev/ad0s1f 2.8G 36M 2.5G 1% /var
Monitoring the Chassis
You can monitor the chassis related info using the show chassis <ARGUMENT> commands.
jadmin@JR-1> show chassis ?
Possible completions:
alarms Show alarm status
craft-interface Show craft interface status
environment Show component status and temperature, cooling system speeds
firmware Show firmware and operating system version for components
fpc Show Flexible PIC Concentrator status
hardware Show installed hardware components
location Show physical location of chassis
mac-addresses Show media access control addresses
pic Show Physical Interface Card state, type, and uptime
routing-engine Show Routing Engine status
temperature-thresholds Show chassis temperature threshold settings
jadmin@JR-1> show chassis alarms
No alarms currently active
Monitoring the Interface
You can use the show interfaces command to verify details and status on an interface. Use the specific interface-name (i.e ge, lo, etc) to filter output in the specified interface.
jadmin@JR-1> show interfaces ?
Possible completions:
<[Enter]> Execute this command
<interface-name> Name of physical or logical interface
cbp0
demux0
dsc
em0
em0.0
gre
ipip
irb
lo0
lo0.16384
lo0.16385
lsi
mtun
pimd
pime
pip0
pp0
tap
brief Display brief output
controller Show controller information
descriptions Display interface description strings
destination-class Show statistics for destination class
detail Display detailed output
diagnostics Show interface diagnostics information
extensive Display extensive output
far-end-interval Show far end interval statistics
filters Show interface filters information
interface-set Show interface set information
interval Show interval statistics
load-balancing Show load-balancing status
mac-database Show media access control database information
mc-ae Show MC-AE configured interface information
media Display media information
policers Show interface policers information
queue Show queue statistics for this interface
redundancy Show redundancy status
routing Show routing status
routing-instance Name of routing instance
snmp-index SNMP index of interface
source-class Show statistics for source class
statistics Display statistics and detailed output
terse Display terse output
| Pipe through a command
jadmin@JR-1> show interfaces em0
Physical interface: em0, Enabled, Physical link is Up
Interface index: 8, SNMP ifIndex: 17
Type: Ethernet, Link-level type: Ethernet, MTU: 1514, Speed: 1000mbps
Device flags : Present Running
Interface flags: SNMP-Traps
Link type : Full-Duplex
Current address: 08:00:27:a6:33:e8, Hardware address: 08:00:27:a6:33:e8
Last flapped : 2020-10-18 08:01:54 SGT (00:16:06 ago)
Input packets : 54721
Output packets: 18948
Logical interface em0.0 (Index 69) (SNMP ifIndex 18)
Flags: SNMP-Traps Encapsulation: ENET2
Input packets : 27187
Output packets: 11386
Protocol inet, MTU: 1500
Flags: Sendbcast-pkt-to-re, Is-Primary
Addresses, Flags: Is-Default Is-Preferred Is-Primary
Destination: 10.1.1/24, Local: 10.1.1.1, Broadcast: 10.1.1.255
You can use the show interfaces terse command to quickly verify the physical (Admin) and Logical (Link) state of all installed interfaces as well as the Protocol (inet for IPv4 and inet6 for IPv6) and Local address. This is similar to Cisco's show ip interface brief command.
jadmin@JR-1> show interfaces terse
Interface Admin Link Proto Local Remote
cbp0 up up
demux0 up up
dsc up up
em0 up up
em0.0 up up inet 10.1.1.1/24
gre up up
ipip up up
irb up up
lo0 up up
lo0.16384 up up inet 127.0.0.1 --> 0/0
lo0.16385 up up inet 128.0.0.4 --> 0/0
inet6 fe80::a00:270f:fca6:33e8
lsi up up
mtun up up
pimd up up
pime up up
pip0 up up
pp0 up up
tap up up
You can use the show interfaces <INTERFACE-NAME> extensive command to view detailed info of a specific interface, which includes interface statistics and errors.
jadmin@JR-1> show interfaces em0 extensive
Physical interface: em0, Enabled, Physical link is Up
Interface index: 8, SNMP ifIndex: 17, Generation: 129
Type: Ethernet, Link-level type: Ethernet, MTU: 1514, Clocking: Unspecified,
Speed: 1000mbps
Device flags : Present Running
Interface flags: SNMP-Traps
Link type : Full-Duplex
Physical info : Unspecified
Hold-times : Up 0 ms, Down 0 ms
Current address: 08:00:27:a6:33:e8, Hardware address: 08:00:27:a6:33:e8
Alternate link address: Unspecified
Last flapped : 2020-10-18 08:01:54 SGT (00:21:58 ago)
Statistics last cleared: 2020-10-12 18:02:52 SGT (5d 14:21 ago)
Traffic statistics:
Input bytes : 4573369
Output bytes : 2042507
Input packets: 54889
Output packets: 19004
IPv6 transit statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0,
Policed discards: 0, Resource errors: 0
Output errors:
Carrier transitions: 0, Errors: 0, Drops: 0, MTU errors: 0,
Resource errors: 0
Logical interface em0.0 (Index 69) (SNMP ifIndex 18) (Generation 137)
Flags: SNMP-Traps Encapsulation: ENET2
Traffic statistics:
Input bytes : 2082264
Output bytes : 1511350
Input packets: 27355
Output packets: 11442
Local statistics:
Input bytes : 2082264
Output bytes : 1511350
Input packets: 27355
Output packets: 11442
Protocol inet, MTU: 1500, Generation: 147, Route table: 0
Flags: Sendbcast-pkt-to-re, Is-Primary
Addresses, Flags: Is-Default Is-Preferred Is-Primary
Destination: 10.1.1/24, Local: 10.1.1.1, Broadcast: 10.1.1.255,
Generation: 146
You can use the monitor interface <INTERFACE-NAME> command to view real-time traffic counters and display errors or alarm conditions.
jadmin@JR-1> monitor interface em0
JR-1 Seconds: 4 Time: 08:27:17
Delay: 0/0/0
Interface: em0, Enabled, Link is Up
Encapsulation: Ethernet, Speed: 1000mbps
Traffic statistics: Current delta
Input bytes: 4582256 [384]
Output bytes: 2051424 [4630]
Input packets: 54995 [6]
Output packets: 19039 [6]
Error statistics:
Input errors: 0 [0]
Input drops: 0 [0]
Input framing errors: 0 [0]
Carrier transitions: 0 [0]
Output errors: 0 [0]
Output drops: 0 [0]
Next='n', Quit='q' or ESC, Freeze='f', Thaw='t', Clear='c', Interface='i'
Ping and Traceroute Utilities
The Junos OS sends continuous pings by default and you can stop the operation with a Ctrl+c keys. You can specify the number of ICMP echo request using the count keyword.
jadmin@JR-1> ping 10.1.1.10
PING 10.1.1.10 (10.1.1.10): 56 data bytes
64 bytes from 10.1.1.10: icmp_seq=0 ttl=128 time=2.204 ms
64 bytes from 10.1.1.10: icmp_seq=1 ttl=128 time=1.641 ms
64 bytes from 10.1.1.10: icmp_seq=2 ttl=128 time=2.052 ms
64 bytes from 10.1.1.10: icmp_seq=3 ttl=128 time=1.473 ms
64 bytes from 10.1.1.10: icmp_seq=4 ttl=128 time=0.045 ms
64 bytes from 10.1.1.10: icmp_seq=5 ttl=128 time=1.578 ms
^C
--- 10.1.1.10 ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.045/1.499/2.204/0.700 ms
jadmin@JR-1> ping 10.1.1.10 ?
Possible completions:
<[Enter]> Execute this command
bypass-routing Bypass routing table, use specified interface
count Number of ping requests to send (1..2000000000 packets)
detail Display incoming interface of received packet
do-not-fragment Don't fragment echo request packets (IPv4)
inet Force ping to IPv4 destination
inet6 Force ping to IPv6 destination
interface Source interface (multicast, all-ones, unrouted packets)
interval Delay between ping requests (seconds)
logical-system Name of logical system
+ loose-source Intermediate loose source route entry (IPv4)
mac-address MAC address of the nexthop in xx:xx:xx:xx:xx:xx format
no-resolve Don't attempt to print addresses symbolically
pattern Hexadecimal fill pattern
rapid Send requests rapidly (default count of 5)
record-route Record and report packet's path (IPv4)
routing-instance Routing instance for ping attempt
size Size of request packets (0..65468 bytes)
source Source address of echo request
strict Use strict source route option (IPv4)
+ strict-source Intermediate strict source route entry (IPv4)
tos IP type-of-service value (0..255)
ttl IP time-to-live value (IPv6 hop-limit value) (hops)
verbose Display detailed output
wait Maximum wait time after sending final packet (seconds)
| Pipe through a command
jadmin@JR-1> ping 10.1.1.10 count 5 rapid // USING THE rapid KEYWORD WILL NOT WAIT FOR THE USUAL 500 ms DELAY FOR A PING RESPONSE/TIMEOUT (A DOT OUTPUT);
PING 10.1.1.10 (10.1.1.10): 56 data bytes
!!!!!
--- 10.1.1.10 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.721/0.947/1.493/0.283 ms
Packet Capture
The Junos OS monitor traffic command allows packet capture using the tcpdump utility. It monitores traffic to or from the local Routing Engine (RE). The management interface is chosen and monitored if there's no interface specified. Use the Ctrl+c keys to stop the capture.
jadmin@JR-1> monitor ?
Possible completions:
interface Show interface traffic
label-switched-path Show label-switched-path traffic
list Show status of monitored files
start Start showing log file in real time
static-lsp Show static label-switched-path traffic
stop Stop showing log file in real time
traffic Show real-time network traffic information
jadmin@JR-1> monitor traffic ?
Possible completions:
<[Enter]> Execute this command
absolute-sequence Display absolute TCP sequence numbers
brief Display brief output
count Number of packets to receive (0..1000000 packets)
detail Display detailed output
extensive Display extensive output
interface Name of interface
layer2-headers Display link-level header on each dump line
matching Expression for headers of receive packets to match
no-domain-names Don't display domain portion of hostnames
no-promiscuous Don't put interface into promiscuous mode
no-resolve Don't attempt to print addresses symbolically
no-timestamp Don't print timestamp on each dump line
print-ascii Display packets in ASCII when displaying in hexadecimal f
ormat
print-hex Display packets in hexadecimal format
resolve-timeout Period of time to wait for each name resolution (seconds)
size Amount of each packet to receive (bytes)
| Pipe through a command
jadmin@JR-1> monitor traffic interface ?
Possible completions:
<interface> Name of interface
cbp0
demux0
dsc
em0
em0.0
gre
ipip
irb
lo0
lo0.16384
lo0.16385
lsi
mtun
pimd
pime
pip0
pp0
tap
jadmin@JR-1> monitor traffic interface em0 ?
Possible completions:
<[Enter]> Execute this command
absolute-sequence Display absolute TCP sequence numbers
brief Display brief output
count Number of packets to receive (0..1000000 packets)
detail Display detailed output
extensive Display extensive output
layer2-headers Display link-level header on each dump line
matching Expression for headers of receive packets to match
no-domain-names Don't display domain portion of hostnames
no-promiscuous Don't put interface into promiscuous mode
no-resolve Don't attempt to print addresses symbolically
no-timestamp Don't print timestamp on each dump line
print-ascii Display packets in ASCII when displaying in hexadecimal f
ormat
print-hex Display packets in hexadecimal format
resolve-timeout Period of time to wait for each name resolution (seconds)
size Amount of each packet to receive (bytes)
| Pipe through a command
jadmin@JR-1> monitor traffic interface em0 no-resolve
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is OFF.
Listening on em0, capture size 96 bytes
08:48:19.744871 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 1234129195 win 4279
08:48:19.745205 Out IP truncated-ip - 132 bytes missing! 10.1.1.1.23 > 10.1.1.10
.52492: P 1:153(152) ack 0 win 32850
08:48:19.898578 In IP truncated-ip - 18 bytes missing! 10.1.1.10.137 > 10.1.1.2
55.137: UDP, length 50
08:48:19.944223 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 153 win 4241
08:48:20.550511 Out IP truncated-ip - 357 bytes missing! 10.1.1.1.23 > 10.1.1.10
.52492: P 153:530(377) ack 0 win 32850
08:48:20.748385 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 530 win 4147
08:48:21.549747 Out IP truncated-ip - 174 bytes missing! 10.1.1.1.23 > 10.1.1.10
.52492: P 530:724(194) ack 0 win 32850
08:48:21.749074 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 724 win 4098
08:48:22.430570 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 4271236410:4271236413(3)
ack 2049240940 win 4197
08:48:22.430958 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 1:2(1) ack 3 win 32850
08:48:22.547353 Out IP truncated-ip - 360 bytes missing! 10.1.1.1.23 > 10.1.1.10
.52492: P 724:1104(380) ack 0 win 32850
08:48:22.630952 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 2 win 4196
08:48:22.744278 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 1104 win 4380
08:48:23.216412 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 3:6(3) ack 2 win 4196
08:48:23.216502 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 2:3(1) ack 6 win 32850
08:48:23.410299 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 3 win 4196
08:48:23.545856 Out IP truncated-ip - 479 bytes missing! 10.1.1.1.23 > 10.1.1.10
.52492: P 1104:1603(499) ack 0 win 32850
08:48:23.742187 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 1603 win 4255
08:48:24.402846 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 6:7(1) ack 3 win 4196
08:48:24.404127 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 3:4(1) ack 7 win 32850
08:48:24.543010 Out IP truncated-ip - 336 bytes missing! 10.1.1.1.23 > 10.1.1.10
.52492: P 1603:1959(356) ack 0 win 32850
08:48:24.604023 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 4 win 4196
08:48:24.614413 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 7:8(1) ack 4 win 4196
08:48:24.615634 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 4:5(1) ack 8 win 32850
08:48:24.642649 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 8:9(1) ack 5 win 4196
08:48:24.642649 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 5:6(1) ack 9 win 32850
08:48:24.721790 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 9:10(1) ack 6 win 4195
08:48:24.722075 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 6:7(1) ack 10 win 32850
08:48:24.742450 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 1959 win 4166
08:48:24.803654 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 10:11(1) ack 7 win 4195
08:48:24.804400 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 7:8(1) ack 11 win 32850
08:48:25.003152 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 8 win 4195
08:48:25.114581 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 11:12(1) ack 8 win 4195
08:48:25.114845 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 8:9(1) ack 12 win 32850
08:48:25.312660 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 9 win 4195
08:48:25.405403 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 12:13(1) ack 9 win 4195
08:48:25.406270 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 9:10(1) ack 13 win 32850
08:48:25.542069 Out IP truncated-ip - 1003 bytes missing! 10.1.1.1.23 > 10.1.1.1
0.52492: P 1959:2982(1023) ack 0 win 32850
08:48:25.611550 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 10 win 4194
08:48:25.623454 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 13:14(1) ack 10 win 4194
08:48:25.623886 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 10:11(1) ack 14 win 32850
08:48:25.738031 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 2982 win 4380
08:48:25.738277 Out IP truncated-ip - 336 bytes missing! 10.1.1.1.23 > 10.1.1.10
.52492: P 2982:3338(356) ack 0 win 32850
08:48:25.770068 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 14:15(1) ack 11 win 4194
08:48:25.770211 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 11:12(1) ack 15 win 32850
08:48:25.854344 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 15:16(1) ack 12 win 4194
08:48:25.854889 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 12:13(1) ack 16 win 32850
08:48:25.937218 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 3338 win 4291
08:48:25.970551 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 16:17(1) ack 13 win 4194
08:48:25.970647 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 13:14(1) ack 17 win 32850
08:48:26.059451 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 17:18(1) ack 14 win 4193
08:48:26.059586 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 14:15(1) ack 18 win 32850
08:48:26.160443 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 18:19(1) ack 15 win 4193
08:48:26.160621 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 15:16(1) ack 19 win 32850
08:48:26.329003 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 19:20(1) ack 16 win 4193
08:48:26.329542 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 16:17(1) ack 20 win 32850
08:48:26.531626 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 17 win 4193
08:48:26.539866 Out IP truncated-ip - 1003 bytes missing! 10.1.1.1.23 > 10.1.1.1
0.52492: P 3338:4361(1023) ack 0 win 32850
08:48:26.661487 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 20:22(2) ack 17 win 4193
08:48:26.662166 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 17:18(1) ack 22 win 32850
08:48:26.665537 Out IP truncated-ip - 24 bytes missing! 10.1.1.1 > 10.1.1.10: IC
MP echo request, id 55872, seq 0, length 64
08:48:26.666071 In IP truncated-ip - 24 bytes missing! 10.1.1.10 > 10.1.1.1: ICMP echo reply, id 55872, seq 0, length 64
08:48:26.738878 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 4361 win 4035
08:48:26.738945 Out IP truncated-ip - 654 bytes missing! 10.1.1.1.23 > 10.1.1.10.52492: P 4361:5035(674) ack 0 win 32850
08:48:26.860751 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 18 win 4192
08:48:26.860990 Out IP truncated-ip - 84 bytes missing! 10.1.1.1.23 > 10.1.1.10.
41695: P 18:122(104) ack 22 win 32850
08:48:26.938477 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 5035 win 4380
08:48:27.060477 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 122 win 4166
08:48:27.539748 Out IP truncated-ip - 1003 bytes missing! 10.1.1.1.23 > 10.1.1.1
0.52492: P 5035:6058(1023) ack 0 win 32850
08:48:27.666579 Out IP truncated-ip - 24 bytes missing! 10.1.1.1 > 10.1.1.10: ICMP echo request, id 55872, seq 1, length 64
08:48:27.666942 In IP truncated-ip - 24 bytes missing! 10.1.1.10 > 10.1.1.1: ICMP echo reply, id 55872, seq 1, length 64
08:48:27.667044 Out IP truncated-ip - 39 bytes missing! 10.1.1.1.23 > 10.1.1.10.41695: P 122:181(59) ack 22 win 32850
08:48:27.734482 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 6058 win 4124
08:48:27.734822 Out IP truncated-ip - 32 bytes missing! 10.1.1.1.23 > 10.1.1.10.
52492: P 6058:6110(52) ack 0 win 32850
08:48:27.863095 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 181 win 4152
08:48:27.935312 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 6110 win 4111
08:48:28.537666 Out IP truncated-ip - 815 bytes missing! 10.1.1.1.23 > 10.1.1.10.52492: P 6110:6945(835) ack 0 win 32850
08:48:28.665213 Out IP truncated-ip - 24 bytes missing! 10.1.1.1 > 10.1.1.10: ICMP echo request, id 55872, seq 2, length 64
08:48:28.666430 In IP truncated-ip - 24 bytes missing! 10.1.1.10 > 10.1.1.1: ICMP echo reply, id 55872, seq 2, length 64
08:48:28.666693 Out IP truncated-ip - 39 bytes missing! 10.1.1.1.23 > 10.1.1.10.41695: P 181:240(59) ack 22 win 32850
08:48:28.733717 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 6945 win 4380
08:48:28.866415 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 240 win 4137
08:48:29.305837 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 22:23(1) ack 240 win 4137
08:48:29.307282 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 240:242(2) ack 23 win 32850
08:48:29.507021 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 242 win 4136
08:48:29.507499 Out IP truncated-ip - 154 bytes missing! 10.1.1.1.23 > 10.1.1.10.41695: P 242:416(174) ack 23 win 32850
08:48:29.536520 Out IP truncated-ip - 981 bytes missing! 10.1.1.1.23 > 10.1.1.10.52492: P 6945:7946(1001) ack 0 win 32850
08:48:29.707314 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 416 win 4093
08:48:29.730133 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 7946 win 4129
^C
92 packets received by filter
0 packets dropped by kernel
Network Utilities
The Junos OS supports Telnet, SSH and FTP clients.
jadmin@JR-1> telnet 10.1.1.10 ?
Possible completions:
<[Enter]> Execute this command
8bit Use 8-bit data path
bypass-routing Bypass routing table, use specified interface
inet Force telnet to IPv4 destination
inet6 Force telnet to IPv6 destination
interface Name of interface for outgoing traffic
logical-system Name of logical system
no-resolve Don't attempt to print addresses symbolically
port Port number or service name on remote host
routing-instance Name of routing instance for telnet session
source Source address to use in telnet connection
| Pipe through a command
jadmin@JR-1> telnet 10.1.1.10 port 21
Trying 10.1.1.10...
Connected to 10.1.1.10.
Escape character is '^]'.
220 3Com 3CDaemon FTP Server Version 2.0
Welcome to Microsoft Telnet Client
Escape Character is 'CTRL+]' // JUNOS BREAK SEQUENCE IS CTRL+]
Microsoft Telnet>
Microsoft Telnet> quit
C:\Windows\System32>
I wasn't able to transfer files using the file copy command so I initiated FTP via the FreeBSD shell prompt.
jadmin@JR-1> file copy ftp://ftp@10.1.1.10/test123.txt /var/tmp/test123.txt...
fetch-secure: ftp://ftp@10.1.1.10/test123.txt: Not logged in
error: file-fetch failed
error: could not fetch local copy of file
jadmin@JR-1> start shell
% ftp 10.1.1.10
Connected to 10.1.1.10.
220 3Com 3CDaemon FTP Server Version 2.0
Name (10.1.1.10:jadmin): ftp
331 User name ok, need password
Password:
230 User logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> get test123.txt
local: test123.txt remote: test123.txt
200 PORT command successful.
150 File status OK ; about to open data connection
100% |**************************************************| 10 00:00 ETA
226 Closing data connection; File transfer successful.
10 bytes received in 0.10 seconds (0.10 KB/s)
ftp> quit
221 Service closing control connection
% exit
exit
jadmin@JR-1> file list test123.txt
/var/home/jadmin/test123.txt
jadmin@JR-1> file list /var/home/jadmin
/var/home/jadmin:
.ssh/
config123
ftp
q
test123.txt
jadmin@JR-1> file delete /var/home/jadmin/test123.txt
jadmin@JR-1> file list /var/home/jadmin
/var/home/jadmin:
.ssh/
config123
ftp
q
Determine the Junos OS Release
You can verify the Junos OS Release using the show version command.
The following are some common Junos OS packages:
- jkernel - The kernel and network tools package. This package contains the basic OS files.
- jroute - The Routing Engine (RE) package. This package contains the RE software.
- jpfe - The Packet Forwarding Engine (PFE) package. This package contains the PFE software.
- jdocs - The documentation package. This package contains the documentation (manual) set for the software.
- jcrypto - The encryption package. This package contains the domestic security software.
jadmin@JR-1> show version
Hostname: JR-1
Model: olive
JUNOS Base OS boot [12.1R1.9]
JUNOS Base OS Software Suite [12.1R1.9]
JUNOS Kernel Software Suite [12.1R1.9]
JUNOS Crypto Software Suite [12.1R1.9]
JUNOS Packet Forwarding Engine Support (M/T Common) [12.1R1.9]
JUNOS Packet Forwarding Engine Support (M20/M40) [12.1R1.9]
JUNOS Online Documentation [12.1R1.9]
JUNOS Voice Services Container package [12.1R1.9]
JUNOS Border Gateway Function package [12.1R1.9]
JUNOS Services AACL Container package [12.1R1.9]
JUNOS Services LL-PDF Container package [12.1R1.9]
JUNOS Services PTSP Container package [12.1R1.9]
JUNOS Services Stateful Firewall [12.1R1.9]
JUNOS Services NAT [12.1R1.9]
JUNOS Services Application Level Gateways [12.1R1.9]
JUNOS Services Captive Portal and Content Delivery Container package [12.1R1.9]
JUNOS Services RPM [12.1R1.9]
JUNOS Services HTTP Content Management package [12.1R1.9]
JUNOS AppId Services [12.1R1.9]
JUNOS IDP Services [12.1R1.9]
JUNOS Services Crypto [12.1R1.9]
JUNOS Services SSL [12.1R1.9]
JUNOS Services IPSec [12.1R1.9]
JUNOS Runtime Software Suite [12.1R1.9]
JUNOS Routing Software Suite [12.1R1.9]
You can include the detail option to view the software packages and processes included in the Junos OS Release.
jadmin@JR-1> show version ?
Possible completions:
<[Enter]> Execute this command
brief Display brief output
detail Display detailed output
| Pipe through a command
jadmin@JR-1> show version detail
Hostname: JR-1
Model: olive
JUNOS Base OS boot [12.1R1.9]
JUNOS Base OS Software Suite [12.1R1.9]
JUNOS Kernel Software Suite [12.1R1.9]
JUNOS Crypto Software Suite [12.1R1.9]
JUNOS Packet Forwarding Engine Support (M/T Common) [12.1R1.9]
JUNOS Packet Forwarding Engine Support (M20/M40) [12.1R1.9]
JUNOS Online Documentation [12.1R1.9]
JUNOS Voice Services Container package [12.1R1.9]
JUNOS Border Gateway Function package [12.1R1.9]
JUNOS Services AACL Container package [12.1R1.9]
JUNOS Services LL-PDF Container package [12.1R1.9]
JUNOS Services PTSP Container package [12.1R1.9]
JUNOS Services Stateful Firewall [12.1R1.9]
JUNOS Services NAT [12.1R1.9]
JUNOS Services Application Level Gateways [12.1R1.9]
JUNOS Services Captive Portal and Content Delivery Container package [12.1R1.9]
JUNOS Services RPM [12.1R1.9]
JUNOS Services HTTP Content Management package [12.1R1.9]
JUNOS AppId Services [12.1R1.9]
JUNOS IDP Services [12.1R1.9]
JUNOS Services Crypto [12.1R1.9]
JUNOS Services SSL [12.1R1.9]
JUNOS Services IPSec [12.1R1.9]
JUNOS Runtime Software Suite [12.1R1.9]
JUNOS Routing Software Suite [12.1R1.9]
KERNEL 12.1R1.9 #0 built by builder on 2012-03-24 12:52:33 UTC
MGD release 12.1R1.9 built by builder on 2012-03-24 12:36:25 UTC
CLI release 12.1R1.9 built by builder on 2012-03-24 08:36:49 UTC
RPD release 12.1R1.9 built by builder on 2012-03-24 12:56:44 UTC
CHASSISD release 12.1R1.9 built by builder on 2012-03-24 12:56:47 UTC
KMD release 12.1R1.9 built by builder on 2012-03-24 12:22:48 UTC
PKID release 12.1R1.9 built by builder on 2012-03-24 12:23:37 UTC
SENDD release 12.1R1.9 built by builder on 2012-03-24 12:10:29 UTC
DFWD release 12.1R1.9 built by builder on 2012-03-24 12:26:56 UTC
DCD release 12.1R1.9 built by builder on 2012-03-24 12:15:22 UTC
SNMPD release 12.1R1.9 built by builder on 2012-03-24 12:29:27 UTC
MIB2D release 12.1R1.9 built by builder on 2012-03-24 12:49:01 UTC
APSD release 12.1R1.9 built by builder on 2012-03-24 12:20:19 UTC
VRRPD release 12.1R1.9 built by builder on 2012-03-24 12:28:15 UTC
ALARMD release 12.1R1.9 built by builder on 2012-03-24 12:24:08 UTC
PFED release 12.1R1.9 built by builder on 2012-03-24 12:26:50 UTC
CRAFTD release 12.1R1.9 built by builder on 2012-03-24 12:24:16 UTC
SAMPLED release 12.1R1.9 built by builder on 2012-03-24 12:19:14 UTC
ILMID release 12.1R1.9 built by builder on 2012-03-24 12:20:28 UTC
RMOPD release 12.1R1.9 built by builder on 2012-03-24 12:23:52 UTC
COSD release 12.1R1.9 built by builder on 2012-03-24 12:26:22 UTC
FSAD release 12.1R1.9 built by builder on 2012-03-24 12:17:15 UTC
IRSD release 12.1R1.9 built by builder on 2012-03-24 12:13:26 UTC
FUD release 12.1R1.9 built by builder on 2012-03-24 12:43:01 UTC
RTSPD release 12.1R1.9 built by builder on 2012-03-24 08:31:22 UTC
SMARTD release 12.1R1.9 built by builder on 2012-03-24 07:40:18 UTC
SPD release 12.1R1.9 built by builder on 2012-03-24 12:22:47 UTC
JPPPOED release 12.1R1.9 built by builder on 2012-03-24 12:22:18 UTC
RDD release 12.1R1.9 built by builder on 2012-03-24 11:23:09 UTC
PPPD release 12.1R1.9 built by builder on 2012-03-24 12:19:15 UTC
DFCD release 12.1R1.9 built by builder on 2012-03-24 12:25:44 UTC
LACPD release 12.1R1.9 built by builder on 2012-03-24 12:25:53 UTC
LFMD release 12.1R1.9 built by builder on 2012-03-24 11:15:13 UTC
OAMD release 12.1R1.9 built by builder on 2012-03-24 12:13:41 UTC
CFMD release 12.1R1.9 built by builder on 2012-03-24 12:12:22 UTC
JDHCPD release 12.1R1.9 built by builder on 2012-03-24 12:27:48 UTC
PGCPD release 12.1R1.9 built by builder on 2012-03-24 12:56:34 UTC
PSSD release 12.1R1.9 built by builder on 2012-03-24 12:13:53 UTC
SSD release 12.1R1.9 built by builder on 2012-03-24 12:14:23 UTC
MSPD release 12.1R1.9 built by builder on 2012-03-24 11:20:35 UTC
AUTHD release 12.1R1.9 built by builder on 2012-03-24 12:28:24 UTC
PMOND release 12.1R1.9 built by builder on 2012-03-24 12:13:49 UTC
AUTOCONFD release 12.1R1.9 built by builder on 2012-03-24 11:09:11 UTC
JDIAMETERD release 12.1R1.9 built by builder on 2012-03-24 12:17:03 UTC
BDBREPD release 12.1R1.9 built by builder on 2012-03-24 12:11:20 UTC
RES-CLEANUPD release 12.1R1.9 built by builder on 2012-03-24 12:14:09 UTC
SBCCONFD release 12.1R1.9 built by builder on 2012-03-24 12:56:44 UTC
JPPPD release 12.1R1.9 built by builder on 2012-03-24 12:31:08 UTC
SHM-RTSDBD release 12.1R1.9 built by builder on 2012-03-24 12:44:16 UTC
DATAPATH-TRACED release 12.1R1.9 built by builder on 2012-03-24 12:12:11 UTC
SMID release 12.1R1.9 built by builder on 2012-03-24 12:14:23 UTC
SMIHELPERD release 12.1R1.9 built by builder on 2012-03-24 12:26:53 UTC
RELAYD release 12.1R1.9 built by builder on 2012-03-24 12:14:04 UTC
PPMD release 12.1R1.9 built by builder on 2012-03-24 12:14:33 UTC
LMPD release 12.1R1.9 built by builder on 2012-03-24 11:15:35 UTC
LRMUXD release 12.1R1.9 built by builder on 2012-03-24 11:54:53 UTC
PGMD release 12.1R1.9 built by builder on 2012-03-24 12:13:41 UTC
BFDD release 12.1R1.9 built by builder on 2012-03-24 12:37:17 UTC
SDXD release 12.1R1.9 built by builder on 2012-03-24 12:09:56 UTC
AUDITD release 12.1R1.9 built by builder on 2012-03-24 12:10:42 UTC
L2ALD release 12.1R1.9 built by builder on 2012-03-24 12:27:40 UTC
EVENTD release 12.1R1.9 built by builder on 2012-03-24 12:24:53 UTC
MPLSOAMD release 12.1R1.9 built by builder on 2012-03-24 12:18:31 UTC
jroute-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:54 UTC
jkernel-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:15 UTC
ancpd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:08 UTC
appsecure-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:10 UTC
aprobe-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:12 UTC
apsd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:14 UTC
cfm-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:17 UTC
clksyncd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:21 UTC
collector-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:25 UTC
demuxd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:27 UTC
dyn-sess-prof-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:29 UTC
elmi-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:31 UTC
fsad-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:33 UTC
gres-test-point-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:34 UTC
ilmid-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:36 UTC
jappid-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:38 UTC
jcrypto-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:41 UTC
jcrypto_junos-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:43 UTC
jddosd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:30:05 UTC
jdiameterd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:57 UTC
jidpd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:30:20 UTC
jkernel_junos-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:30:54 UTC
jpppd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:30:58 UTC
l2ald-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:36 UTC
lldp-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:38 UTC
mcsnoop-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:40 UTC
mipd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:46 UTC
mo-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:48 UTC
pppd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:50 UTC
pppoed-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:52 UTC
r2cpd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:55 UTC
rdd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:55 UTC
services-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:32:10 UTC
stp-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:32:12 UTC
subinfo-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:32:12 UTC
jdocs-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:18:19 UTC
jswitch-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:28:53 UTC
The Junos OS naming convention format is <package>-<release>-<edition>
- package - is the description of the software contents. Ensure to download and install the appropriate image for your device/platform.
jinstall is used on M, T and MX series
jinstall-ex is used on EX series
junos-jsr is used on J series
junos-srx is used on SRX series
- release - describes the Junos OS Release. It includes two integers: major and minor release numbers.
R stands for released software
B stands for beta-level or testing software
I stands for internal, test or experimental software
S is reserved for service release
- edition - either domestic or export. Domestic version support strong encryption while export do not.
Upgrading the Junos OS
It's good practice to initially check the device storage capacity using the show system storage command before downloading the new Junos OS image . You store the new Junos OS image in the /var/tmp directory.
jadmin@JR-1> show system storage
Filesystem Size Used Avail Capacity Mounted on
/dev/ad0s1a 1008M 256M 671M 28% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/md0 41M 41M 0B 100% /packages/mnt/jbas
e
/dev/md1 18M 18M 0B 100% /packages/mnt/jker
nel-12.1R1.9
/dev/md2 16M 16M 0B 100% /packages/mnt/jpfe
-M40-12.1R1.9
/dev/md3 5.0M 5.0M 0B 100% /packages/mnt/jdoc
s-12.1R1.9
/dev/md4 78M 78M 0B 100% /packages/mnt/jrou
te-12.1R1.9
/dev/md5 28M 28M 0B 100% /packages/mnt/jcry
pto-12.1R1.9
/dev/md6 46M 46M 0B 100% /packages/mnt/jpfe
-common-12.1R1.9
/dev/md7 388M 388M 0B 100% /packages/mnt/jrun
time-12.1R1.9
/dev/md8 1007M 10.0K 926M 0% /tmp
/dev/md9 1007M 516K 926M 0% /mfs
/dev/ad0s1e 197M 12K 181M 0% /config
procfs 4.0K 4.0K 0B 100% /proc
/dev/ad0s1f 2.8G 36M 2.5G 1% /var
You ucan se the request system software add <path/image-name> command to perform the Junos OS upgrade. You must reboot the system for the new software to take effect using the request system reboot as a separate step or adding the reboot option at the end of the request system software add <path/image-name> command.
It's recommended to monitor the upgrade process and watch for errors via the console.
jadmin@JR-1> request system ?
Possible completions:
certificate Manage X509 certificates
commit Perform commit related operations
configuration Request operation on system configuration
halt Halt the system
logout Forcibly end user's CLI login session
partition Partition storage media
power-off Power off the system
reboot Reboot the system
scripts Manage scripts (commit, op, event)
snapshot Archive data and executable areas
software Perform system software extension or upgrade
storage Request operation on system storage
zeroize Erase all data, including configuration and log files
jadmin@JR-1> request system software ?
Possible completions:
abort Abort software upgrade
add Add extension or upgrade package
delete Remove extension or upgrade package
rollback Attempt to roll back to previous set of packages
validate Verify package compatibility with current configuration
jadmin@JR-1> request system software add ?
Possible completions:
<package-name> URL or pathname of package
best-effort-load Load succeeds if at least one statement is valid
config123 Size: 5295, Last changed: Oct 13 15:06:06
delay-restart Don't restart processes
force Force addition of package (ignore warnings)
ftp Size: 5295, Last changed: Oct 18 08:59:48
no-copy Don't save copies of package files
no-validate Don't check compatibility with current configuration
q Size: 1379, Last changed: Oct 13 13:35:53
reboot Reboot system after adding package
test123.txt Size: 10, Last changed: Sep 18 19:05:31
unlink Remove the package after successful installation
validate Check compatibility with current configuration
jadmin@JR-1> request system software add /var/tmp/junos-12.1R1.9-domestic ?
Possible completions:
<[Enter]> Execute this command
best-effort-load Load succeeds if at least one statement is valid
delay-restart Don't restart processes
force Force addition of package (ignore warnings)
no-copy Don't save copies of package files
no-validate Don't check compatibility with current configuration
reboot Reboot system after adding package
unlink Remove the package after successful installation
validate Check compatibility with current configuration
| Pipe through a command
jadmin@JR-1> request system software add /var/tmp/junos-12.1R1.9-domestic reboot
You can delete the Junos OS images stored in the /var/tmp directory when you perform the file system cleanup using the request system storage cleanup command. You can proactively check which files will be cleaned up using the request system storage cleanup dry-run command.
jadmin@JR-1> request system storage ?
Possible completions:
cleanup Clean up temporary files and rotate logs
jadmin@JR-1> request system storage cleanup ?
Possible completions:
<[Enter]> Execute this command
dry-run Only list the cleanup candidates, do not remove them
| Pipe through a command
jadmin@JR-1> request system storage cleanup dry-run
List of files to delete:
Size Date Name
41.9K Oct 18 12:42 /var/log/interactive-commands.0.gz
8409B Oct 11 01:14 /var/log/interactive-commands.1.gz
50.2K Oct 18 12:42 /var/log/messages.0.gz
23.4K Oct 11 01:14 /var/log/messages.1.gz
133B Oct 18 12:42 /var/log/smartd.trace.0.gz
564B Oct 11 01:14 /var/log/smartd.trace.1.gz
877B Oct 18 12:23 /var/log/wtmp.0.gz
170B Oct 11 00:55 /var/log/wtmp.1.gz
143B Oct 10 20:23 /var/log/wtmp.2.gz
341B Mar 26 2013 /var/log/wtmp.3.gz
119B May 9 2012 /var/log/wtmp.4.gz
695B Oct 18 07:23 /var/tmp/acc_transfer_link_16422_err
695B Oct 18 07:23 /var/tmp/acc_transfer_link_16970_err
695B Oct 18 07:23 /var/tmp/acc_transfer_link_17313_err
124.0K Mar 27 2013 /var/tmp/gres-tp/env.dat
0B May 9 2012 /var/tmp/gres-tp/lock
155B Oct 10 22:20 /var/tmp/krt_gencfg_filter.txt
0B Oct 10 20:23 /var/tmp/rtsdb/if-rtsdb
Unified In-Service Software Upgrade (ISSU)
The Unified In-Service Software Upgrade (ISSU) feature allows you to upgrade a Junos OS in a dual Routing Engine (RE) with no disruption on the control plane. The Graceful Routing Engine Switchover (GRES) and Nonstop Active Routing (NSR) must be both enabled. The Master RE and Backup RE must run the same software before performing a unified ISSU. You can't take out any Physical Interface Card (PIC) online or offline when performing a unified ISSU.
The following are the steps in performing a Unified ISSU:
- Enable GRES and NSR and verify the Master RE, Backup RE and protocols are synchronized.
- Download and transfer the new software package to the router.
- Issue the request system software in-service-upgrade command on the Master RE.
Password Recovery
You can only perform a system password (root) only at the console port.
The following are the steps in performing a password recovery:
- Reboot the system > press space bar when prompted > type boot -s to access single user mode
- Enter recovery when prompted for recovery mode
- Type configure > set system root-authentication plain-text-password > type the new root password
- commit the change > exit and reboot the system
No comments:
Post a Comment