Skip to main content

Juniper

Notes from a previous life looking after Juniper switches and baby SRX firewalls. Before this I came from mostly working with Dell and HP switches, and Netscreen-ScreenOS firewalls.

In general, I have listed the entire from-root set commands rather than show the edit commands that would save a bunch of typing. I do this for two reasons:

  • doing so this way makes it absolutely clear what command is for what; and
  • this is how I did it in my notes, which I'm basically transcribing here.

You should be able to work out what the typing-saving shortcuts are.

EX2200, EX4200, EX4300, EX4550

Change Root Password

(20 August 2012) --- JUNOS 10.4R5.5 built 2011-06-14 02:01:48 UTC root@sa3-41:RE:0% cli root@sa3-...

Could Not Format Alternate Root

(2021-01-26) Problem rancid@s-reserve> request system snapshot slice alternate fpc0: ------------...

Deleting a vc-port

(2016-02-24) Problem By default, the 40Gb interfaces on the back are defined as vc-ports for Virt...

error: remote side unexpectedly closed connection

(2014-02-21) Problem Brand new switch, can't configure because the CLI console keeps saying: erro...

Factory Defaults

Problem Return to factory defaults. Solution For JunOS 11.1 or higher: lab@EX2200> request system...

filter-define.conf log message

(2021-10-27) Problem "cmd='ls -i /var/etc/filters/filter-define.conf'" log message generated ever...

Format Install via TFTP

(2022-06-19) Problem EX device is complaining about errors which boil down to it complaining abou...

JUNOS versions running on dual partitions are not same

(2016-05-25) Problem Boot media /dev/da0 has dual root support WARNING: JUNOS versions running on...

LAG and LACP

(27 June 2012) on JunOS 10.4r5.5 Simple LAG Creation Tell the switch how many aggregated ethernet...

Logging Out Stale Sessions

(2016-09-07) Problem There's an edit session, that you are not connected to, that you want to clo...

Maximum Spanning Tree Diameter

(2019-07-11) What is the maximum diameter of a spanning tree? By default, the maximum number of l...

Non-Stop Software Upgrade (NSSU) Is Dicey

(2019-01-02) Non-Stop Software Upgrade Is Dicey We have attempted to upgrade a EX4300 virtual cha...

OS Shell

(2021-10-27) Problem I want shell on the switch. Solution > start shell sh

Port VLAN Gotcha

(2013-11-15) Problem I have a VLAN with ports defined as so: set vlans MyLAN interface ge-0/0/16....

Port Vlan Mirror Analyzer

(2022-05-26) Port or VLAN Source Mirror Port examples: show | display set | match forwarding-op s...

Port Vlan Mirror Analyzer

(2022-05-26) Port or VLAN Source Mirror Port examples: show | display set | match forwarding-op s...

QOS

(2016-03-07) Quick QOS Setup for Voice This is valid for JunOS 12.3R3.4 set class-of-service clas...

Remote Admin Authentication Via Radius

(2013-04-05) On The Switch This grants all members of an appropriate group super-user level acces...

Rescue Configuration

(25 June 2012) Problem I have an amber Alarm LED but both the web interface and the CLI alarm com...

Reverting Configurations

Rolling Back Commits Every time you make a change through the web UI it counts as a "commit". Som...

Sample First-Boot Config

(2013-07-19) This is how I configure my EX2200 when I first get them. New EX2200 Initial Setup We...

Show Uncommitted Configuration Changes

List uncommitted configuration changes show | compare rollback 0 eg: root@router# show | compare...

SNMP port-to-interface

(Note to Googlers: I'm more than a little surprised to get so many hits on this page so soon. To ...

Snmp query: Requested table is empty or does not exist

(7 September 2012) Problem When you run switchwalk, it complains that a table is empty or missing...

SSH PubKey Login

(2018-12-19) Problem Want SSH Pubkey authentication for my AD-backed administrative user. Specifi...

Storm Control

(7 June 2012) Problem: Jun 7 12:16:55 sa2-40.gridwayit.local eswd[940]: ESWD_ST_CTL_ERROR_IN_EFF...

Switch Forwarding Table

Switching Table Look at the current forwarding table: root@sa4-39> show ethernet-switching table ...

This device has booted from the backup JunOS Image

(2017-01-25) Problem WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE It is possible t...

Upgrade bank is empty or corrupted for FPC 0, please do standard upgrade sequence

(31 December 2012) Problem After a JunOS upgrade (in our case from 10.5R5.5 to 11.4R6.5), the swi...

Useful Commands

Notes for Juniper EX4200 JunOS 10.1 Showing the config in "set" commands rather than brace-format...

Virtual Chassis FPC Replacement

(2015-04-16) Problem One of my FPC units in my virtual chassis is dead and I need to insert a rep...

Virtual Chassis Setup

(2014-08-13) These notes are for JunOS 12.3R3.4. You do not need an enhanced license to use Virtu...

VLAN IP Interface

(2023-01-19) IP address on a VLAN # show | display set | match Test set vlans Test-2500 descripti...

vlan-id(32768) to bd-id mapping doesn't exist in itable

(2021-10-27) Problem Syslog noise: vlan-id(32768) to bd-id mapping doesn't exist in itable Solut...

Rancid

SRX

Application Timeout Values

(2013 March 7) Application Timeout Values To check: root@sentry> request pfe execute target fwdd ...

CIFS

(23 March 2012) Define CIFS for JunOS 10 edit applications application CIFS set term CIFS-1 proto...

Cluster Failover

(17 January 2012) TL/DR: different parts of the cluster can be on different nodes. It doesn't loo...

fxp0 Addressing

(17 January 2012) Incomplete, work in progress. I probably don't understand this fully yet. When ...

Getting Policies In The Order You Want Them

You can do this through the CLI: insert security policies from-zone trust to-zone untrust policy ...

IKE Identity Failure

(2015-03-26) Problem Phase 1 connects then drops seconds later. In the trace options, you see the...

List DHCP Address

(2015-02-11) Problem My SRX has been assigned an IP address and I don't know what it is. I have a...

Loading A Configuration From The Terminal

(2017-08-22) Loading Configuration From The Terminal To replace the current configuration with a ...

Multiple Networks on Trust Interface

(2013 March 7) If you have an interface defined with two IP addresses on it: vlan { unit...

PXE Boot Server

(2014-02-12) Problem Send PXE boot options from a SRX DHCP server. Solution set system services d...

snmp on SRX

(2013-07-24) To enable basic snmp on an SRX: set snmp description Firewall set snmp location "Loc...

Source Interface NAT

(2015-03-10) If traffic is going from trust to the vpn zone, and that traffic matches the rule su...

SRX240 Clustering

Just following the cook book at Juniper KB15504 is incomplete in some key areas. The main problem...

System Alarm autorecovery information needs to be saved

(2017-08-05) Problem System alarm: autorecovery information needs to be saved Solution root@gatew...

TFTP Install Firmware From Loader

(2017-08-22) TFTP Installing Firmware From The Loader connect a console reboot the device interr...

VIP

(2 April 2012) Problem I want to create a ScreenOS-type VIP (aka a port forward) where one port o...

VPN Associations

(2014-08-21) List phase 1 associations: > show security ike security-associations List phase 2 a...

VPN Detailed Logs

(2014-08-19) Detailed logging about VPN traffic: set security ike traceoptions flag all set secur...

VPN Phase 1 Connects Then Drops

(2015-03-26) Problem Phase 1 connects then drops seconds later. In the trace options, you see the...

VPNs

(10 February 2012) Background: I'm a Netscreen ScreenOS administrator and I'm coming to grips wit...