Thursday, September 2, 2010

Mapping of common troubleshooting commands from ScreenOS to JUNOS

JUNOS is spreading rapidly over the world and Juniper has launched the SRX devices.

The more you work on it the more you will love it. It has nice advanced features, which you would love to have in ScreenOS but sadly you don't.

For people who are new to JUNOS here is the Mapping of common troubleshooting commands from ScreenOS to JUNOS.

Session & Interface counters

get session
> show security flow session
get interface
> show interface terse
get counter stat 
> show interface extensive
get counter stat
> show interface extensive
clear counter stat
> clear interface statistics
Debug & Snoop

debug flow basic
# edit security flow
# set traceoptions flag basic-datapath
# commit
set ff
# edit security flow
# set traceoptions packet-filter
get ff
> show configuration | match packet-filter | display set
get debug
> show configuration | match traceoptions | display set
get db stream
View stored log: (recommended option)
> show log (enter to see help options)
> show log security-trace (to view 'security flow' debugs)
> show log kmd (to view 'security ike' debugs)

View real-time: (use this option with caution)
> monitor start
ESC-Q (to pause real-time output to screen)
clear db
> clear log (clears contents of file)
undebug (stops collecting debugs)
# edit security flow
# deactivate traceoptions OR # delete traceoptions (at the particular hierarchy)
# commit
undebug all
Not available. You need to deactivate or delete traceoptions separately.
debug ike detail
# edit security ike
# set traceoptions flag ike
# commit
snoop (packets THRU the JUNOS device)
Use Packet Capture
snoop (packets TO the JUNOS device)
> monitor traffic interface layer2-headers
write-file option (hidden)
read-file (hidden)
Event Logs

get event
> show log messages
> show log messages | last 20 (helpful cmd because newest log entries are at end of file)
get event | include
> show log messages | match
> show log messages | match “ | |
> show log messages | match “error | kernel | panic”
> show log messages | last 20 | find error
clear event
> clear log messages

> show log
Config & Software upgrade

get config
> show config (program structured format)
> show config | display set (set command format)
get license
> show system license keys
get chassis (serial numbers)
> show chassis hardware detail
exec license
> request system license [add | delete |save]
unset all
load factory-default

set system root-authentication plain-text-passsword
commit and-quit

request system reboot
load config from tftp
> start shell and FTP config to router, i.e. /var/tmp/test.cfg. Then
# load override /var/tmp/test.cfg (or full path of config file)
load software from tftp to flash
> request system software add
request system software add ftp: reboot
# commit OR
# commit and-quit
> request system reboot

get policy
> show security policies
get policy from to
> show security policies from to

get ike cookie
> show security ike security-associations
get sa
> show security ipsec security-associations
clear ike cookie
> clear security ike security-associations
clear sa
> clear security ipsec security-associations

get nsrp
> show chassis cluster status
> show chassis cluster interfaces
> show chassis cluster status redundancy-group
exec nsrp vsd mode backup (on master) see KB5885
> request chassis cluster failover redundancy-group node

> request chassis cluster failover reset redundancy-group

get dhcp client
> show system services dhcp client
exec dhcp client renew
> request system services dhcp renew (or release)

get route
> show route
get route ip
> show route
get vr untrust-vr route
> show route instance untrust-vr
get ospf nei
> show ospf neighbor
set route interface gateway
# set routing-options static route next-hop

get vip
> show security nat destination-nat summary
get mip
> show security nat static-nat summary
get dip
> show security nat source-nat summary
> show security nat source-nat pool

get perf cpu
> show chassis routing-engine
get net-pak s
> show system buffers
get file
> show system storage
get alg
> show configuration groups junos-defaults applications
get service
> show configuration groups junos-defaults applications
get tech
> request support information
set console page 0

> set cli screen-length 0

> file list
Example: file list /var/tmp/

#  =  configuration mode prompt
>  =  operational mode prompt

Leave your comment below

No comments:

Post a Comment