Junos CLI provide ping and traceroute network troubleshooting commands. It also allows <b>mtr</b> to be run to monitor network path. Run <b>traceroute monitor</b> to acomplish a MTR traceroute to a destination host/ip.










admin@Juniper-vSRXA> traceroute monitor 10.1.1.51

Juniper-vSRXA (0.0.0.0)(tos=0x0 psize=64 bitpattern=0x00) Tue Mar 17 16:01:59 2015
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. 172.30.1.30 0.0% 221 56.4 57.7 56.3 76.8 1.6
2. ...

Juniper devices configuration is saved in files named "juniper.conf.gz" and historical configuratio is saved as "juniper.conf.X.gz" where X is the number of backup configurations saved (max-configuration-rollbacks). Another important configuration role is the rescue configuration which is contained in /config/rescue.conf.gz.

The SRX devices also have a feature called "Reset configuration" which is triggred by the "Reset config" button on front panel. If pressed and released, this button loads the a rescue configuration, a configuration snapshot chosen ...

A common mistake when configuring Junos to authenticate from a radius server is to configure radius server, authentication-order, but not to define a "remtoe" account local to Junos. This "remote" user is used for Junos to map radius successfully authenticated users. Without it, the following logs appear in /var/log/messages:
Jan 26 15:57:25 R1 sshd[12941]: Connection closed by 10.1.1.54 [preauth]
Jan 26 15:57:25 R1 inetd[1175]: /usr/sbin/sshd[12941]: exited, status 255
Jan 26 15:57:27 R1 sshd[12950]: User 'remote' ...

Junos: How to list routing instance IDs

Some SRX or MX debugs may refer to routing instance as routing table ID. Example is the SRX ike debugs shown below:

[Jan 15 19:40:08][1.1.1.1 <-> 3.3.3.3] ike_send_packet: Start, send SA = { ad30d893 8225cb50 - 414e8319 944abd60}, nego = 0, dst = 3.3.3.3:500, routing table id = 4
[Jan 15 19:40:08][1.1.1.1 <-> 3.3.3.3] ike_send_packet: Start, send SA = { 6885acfe 77eda4bf - ae964ea7 7c63fda6}, nego = ...

How to search junos configuration option within cli

To quickly find a JUNOS configuration option always use "help apropos" operational command. It can be used even if the full junos syntax is not known.

"help apropos" will return a list of configuration mode commands containing the keyword argument.

Here is how to search how to change tcp MSS for all tcp sessions globally in Juniper SRX:

user@srx-junos> help apropos mss
help topic ...

Junos system configuration archival over scp does not work if following conditions are not met:
1. the password and username for remote scp server are not correct.
2. the destination directory on destination server is not owned by the scp user or if the scp user does not have appropriate write + execute permissions.

This is easily solved by doing a "chown junos-configs /destination/directory" where "junos-configs" is the user used in junos scp command.

3. ...

http://forums.juniper.net/t5/SRX-Servic ... 396#M19772

Junos max-configurations-on-flash and max-configuration-rollbacks

[edit]
root@junos# run show system commit
0 2014-11-05 12:49:07 UTC by root via cli
1 2014-11-04 10:56:06 UTC by root via cli
2 2014-11-04 10:50:21 UTC by root via cli
3 2014-11-04 09:13:07 UTC by root via cli
4 2014-11-03 11:45:16 UTC by root via cli
5 2014-11-03 11:44:09 UTC by root via cli
rescue 2014-07-17 07:51:04 UTC by root via cli ...

The following routing instance related error is not a bug, but a configuration mistake:

Here is a routing instance that commits into configuration:
# show RI_0
instance-type virtual-router;
interface ge-0/0/7.770;
interface st0.0;
routing-options {
static {
route 0.0.0.0/0 next-hop st0.0;
}
}
# run show route table RI_0.inet.0

RI_0.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[Static/5] 00:01:33
> via ...

Unlike other vendors CLI, Junos offers the possibility to enter multiple changes / commands and commit at the end, assuming all command are valid.

To check what has been changed, but uncommited in Junos configuration, go to cli top to be sure you inspect the whole hierarchy and do "show | compare". This will show the candidate configuration (I will discuss this later) and compare it to current commited configuration.

Example:
[edit security screen ids-option ...

The operational "> file archive" Junos command will archive files and compress them optionally.

Although the output of following command shows the current working directory for the user:


The actual command does not use the same directory. Example:
user@srx-220> file archive compress source COS-config.conf destination COS-config.conf.tgz
/usr/bin/tar: COS-config.conf: Cannot stat: No such ...