Juniper – CheatSheet

I always forget how to do curtain stuff on juniper equipment, the more I do in the CLI the better I become. Many of below commands and settings will be obvious for most, but I am still learning, so bear with me. As time goes I will add more commands and tips and tricks in this post.

LLDP – Showing other LLDP or CDP enabled neighbours that are on the other end of the wire. I used the enable on specific interface, thinking strict is better. So that I know where its uses LLDP.

- To configure LLDP on all interfaces:
[edit protocols lldp]
user@srx# set interface all

- To configure LLDP on a specific interface:
[edit protocols lldp]
user@srx# set interface interface-name

- show lldp neighbors
user@srx> show lldp neighbors

Configuring access/trunk interface – my SRX delivered the native vlan on a accessport over to the switch, I wanted it to be a trunk port because I added more vlan to be routed in the SRX. Could not get it to work. Thanks to the “commit confirmed” feature is could easily try gain. Fix was to have the native vlan with as a member in the trunk configuration….

- Access port
user@srx> set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access vlan members 10

- Trunk port with native vlan, remember to add the native vlan to member of trunk, else you cut your self off.
user@srx> set interfaces ge-0/0/1 native-vlan-id 3
user@srx> set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode trunk
user@srx> set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan-trust

Juniper have a great feature when having to change config, you do you configuration change and then you commit it all. The commit command can also be chained with confirmed. If there is something in the config that cut your off management or if has some other flaw you can tell it to rollback if you haven’t confirmed the change after a specified time of commit.

- Save changes with commit and tell it to rollback unless you confirm the change. The last number is the number of minuts before the srx does auto rollback.
user@srx# commit confirmed 2

- Confim the config after it all went well
user@srx# commit check

- An other nice paremeter to commit is comment. Here you can write what your config change does, and maybe even what change request number is an behalf of. 
user@srx# commit comment "This adds vlan trunk to uplink switch on port ge-0/0/1."

- Just another nice parameter. Prepare the config and make it active on other schedule or when the service windows is open. just nice.
user@srx# commit prepare

-- When its time you can active it.
user@srx# commit activate

- If you are interested in what's happening in the commit process, then you can monitor it.
user@srx# commit | display detail

DHCP – When you Junos device is doing DHCP its nice to know the IP it handed out to took for that matter

- Showing the DHCP leases that it handed out
user@srx> show dhcp server binding

- Showing the DHCP leases that it took with its own DHCP client.
user@srx> show dhcp client binding

Rollback and compare, another nice feature to help you see what have been happening on the device. You can compare older with newer or current configs.

- Give you a compare of the config that was 3 revisions back with current config. 
user@srx> show system rollback 3 compare 0

NTP – settings up NTP.

- Add NTP servers and Junos will change over to use NTP instead of local time setting. Setting 5 servers from 0.dk.pool.ntp.org.
user@srx# set system ntp server 212.237.100.250
user@srx# set system ntp server 93.162.41.228
user@srx# set system ntp server 193.104.228.123
user@srx# set system ntp server 5.103.128.88

- Verify NTP servers
user@srx> show ntp associations

Configure DNS

- Add DNS server for lookups
user@srx# set system name-server 192.168.2.253

- Verify from configuration
user@srx> show configuration system name-server

Add user and insert ssh key for quick access. Feel free to add my public key 😉

set system login user jvradm class super-user authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/VPq30qzyJHr8v6qh1vF1CVY8R9U09iCkqnIs9H6d9hBOeDu/e52rPj2BOQUfHwBmGRPVqZUyuOO20hDgT/BzP0QxISv9l2OpFariz8AmHu9m4kUwAdrBDvplw8fFeafppUwQF/aFsIF+t1PtFluz0Bp3N/sp3NQGWfkez7myctGc9X3eMc6oUAYrPPJeDZz1x5JoGdwdH/w6wjr3uK03kRx6TX1kNqxSypIQQ/8lYg1TG7yAuF5DhX4fJrPjpiLau1H6z0vChVpqY1q8oMntzHHtYtByFMrNtWFfAvG94BT27h/Lkmz5JM5d41TbL0YdZT8zCTrXzUG87wdEaRiB5ZeKy9LENgfxKO66scSU2gjiXwpyJTrHKZYz9g5EERH/41w+qMT90HAM3ArSIvk7pROoKhZy0IeOwfWbmMlQvKQFjS7OtKnFEeVUYRqnLvi3XeUiFbLxmW3ID8IqQy3iDNuESiVNRcp/PoN7lxL9cfGJdXBuJ3PBcaQZx/vQpePRqW9eBSmhhS1beIUlLV0UOFdRGTMMMjOlp7m7jaw5EnvztbInfPOdMPoUuSL9iGut7M0SVMgEzo0MiJDHNdLQYK0EKO8qrWMz76UHhpdnhOQNdi3/wtVVzxVUR/D9zBa1q2oL8ml7jKVubVbBd6Vm0lEEquDEN3I9Dan/Ev0j9w== jr@mbp"

0

Rescuing a Juniper SRX550


Notthing more greate than getting a call from HQ 30 minutes after closing hours. Never the less i decided to take the call. Network problem onsite at customer…. After getting green light from women in charge, i got in the car an when on to the customer.

Connection with the USB cable to the SRX console port i got a weird boot sequence. Just like the following:

Either the Junos partition was corrupt or the disk inside of the unit was fried. Decided to try and install Junos again just see if that would help. Went to juniper.net and downloaded the oldest Junos version available, junos-srxsme-12.3X48-D10.3-domestic.tgz. Found a USB drive and put the .tgz file on it and plugged it in the SRX. From the console i broke the bootloader while its was trying to find kernel and issued the following command.

I began to install Junos, but when it tried to create partitions on the card, it died with DMA errors. Great!

Since a SRX550 is not something you find everyday and spareparts a hard to get (support was also expired) i decided to take the srx apart. happily to find a CF card inside and luckily i found a kingstone CF card in my bag (I knew that would come in handy someday). Swapped the card and put it together again.

Power on and issued the install command again. This time with success.

The install of Junos take sometime, a long time 20 minutes. But then you also get a very nice login prompt. logged in with root and no password. Went into cli configuration mode and did a “delete” to wipe the factory config. then loaded the backup configuration with

Pasted the 55kb JSON config into the console and finished with a ctrl+d followed by a commit. commit success and all network was suddenly alive again.

just to make all the LEDs green on the SRX i did wrote the config to rescue config. This is in operational mode.

A happy consumer and hopefully a new Juniper SRX1500 firewall on its way to relive the SRX550 off its duties.