Skip to main content

JunOS Tips and Tricks

Intro

When you spend a lot of time googling or reading documentation  trying to find a solution for some unexpected task and, at the end, it's startworking, you says "WOW! Now then I will use it next time!" But after few months you get the same task and... start from scratch. So I started writing  Tips and Tricks for every Network OS (Juniper, Cisco , Huawei etc.) in my notes.  After few years I decided to start publish my own collection. Hope it will help me and may be someone else to solve a problem in the future.

Some of them are from Day One collection, some from my  everyday tasks.  Enjoy.


CLI

To start Juniper OS Command Line Interface just type cli in the BSD shell.

'cli' - enable CLI  😉 ( BTW, I have to call my friend then I first logged to Juniper device by root account and get shell prompt instead of expected  junOS cli prompt> )

You could just type ‘configure‘ on the CLI and dive into making changes, but that would probably be a mistake. 

'configure' - Go to configuration mode. I highly discourage everyone from using plain old ‘configure‘. 

Reject
Why? - you may ask me. Because you start your configuration in, so called, shared mode, so someone can "help" you or you can "help"  someone. Not good to mess your device.  
Here’s a couple configuration modes that will help you step up your Juniper game:
'configure private' - Private mode basically forks the configuration for each user making changes. Allows multiple engineers to make changes simultaneously. Discards all uncommitted changes when you exit.
'configure exclusive' - Exclusive mode allows only one person to make changes at a time by locking everyone else out until they exit.


 

'show cli' - Check current CLI setting.
'set cli screen-lenght' - set screen length
'set cli screen-length 0' - disable pagination 

Idle timeout is disable by default. If you want the users to disconnect after some time, configure idle timeout according to your requirements using the following command:
'set cli idle-timeout 1' - set CLI idle timeout to 1 minute.

If you want the users to logout on their own and have the changes saved after a reboot, create a custom class and call the idle-timeout in that class

'set system login class <class> idle-timeout <minutes>'
'set system login user <user> class <class> ' 

Pipes 

'show | compare' - When issued from configuration mode, this command sequence shows you exactly what you are about to change.
‘show configuration | compare rollback n‘ from operational mode to see the differences between the current configuration and one of the available rollbacks (“n” indicating which of the 50 config versions to compare).

'show configuration | display set | match <string>' - this command searches the configuration for any string and returns the full “set” statements.

'show interface | display xml' - this command display the output in XML format like in NETCONF RPC Response

'show interface | display xml rpc' - this command display NETCONF RPC you should send to get this information
 
'show bridge domain vlan100  | display xml rpc' - this command display NETCONF RPC to get infromation about bridge-domain vlan100

'show log messages | match <string1> | except <string2>' - Stacking pipes can be helpful to get more granular result

'show log messages | last 10' - Show last 10 messages in log file

'show log user [<username>]' - Show recent user or specified user logins 


To be continued... next time Traffic capturing and monitoring


Labels:

Comments

Post a Comment

Popular posts from this blog

How to replace Supermicro IPMI SSL and TLS Certificate

I decided to replace SSL and TLS Certificates at my Supermicro IPMI (Intelligent Provisioning Management Interface). Warning:     Server will restart after cirtificate update !  There are many options how to create Certificates. Here is two options. One is for Linux and the second is for Windows. Let's start with Linux. To create certificate you need OpenSSL at your Linux installation. It's included in almost all distributives. To check version of OpenSSL use this command: #openssl version OpenSSL 1.0.2g  1 Mar 2016 I suggest to use at least 2048 bit certificate. First we create private 2048 bit RSA key. The filename can be any you wish, in this example I will store private RSA key in pvt.pem. #openssl genrsa -out pvt.pem 2048 or  you can user genpkey option #openssl genpkey -algorithm RSA -out pvt.pem -pkeyopt rsa_keygen_bits:2048 Using this private RSA key I create Certificate Request #openssl req -new -key pvt.pem -out crt.pem Then I use my privat
Post a Comment
Read more

How to configure IPMI from IPMICFG Utility

IPMICFG Overview IPMICFG is a utility for IPMI devices configuration. It is a command line tool providing IPMI commands and Supermicro proprietary OEM commands. It is designed for easy to use and no pre-installation required. Use it for basic IPMI configuration and BMC status reading and monitoring. Features:  Set up IPMI IP Address  Set up IPMI Configuration  Configure IPMI User Management  Configure IPMI FRU  Manage System Event Log (SEL)  Manage IPMI by node management (NM) protocol IPMICFG Linux version will automatically use linux built-in ipmi driver from ipmitool to access BMC. If there is no ipmi driver loaded, IPMICFG will use its internal API to access BMC. However, the performance will be slow. Note:  You should use root permission to launch IPMICFG. Here is a step to load ipmi driver. You should be type these command to activate openIPMI driver: # modprobe ipmi_msghandler # modprobe ipmi_devintf # modprobe ipmi_si  Installing IPMICFG #  un
Post a Comment
Read more

How to Enable Console at EVE-NG

By default EVE-NG disable console access. You can use VNC to get console access to VM. By editing  GRUB_CMDLINE_LINUX  in  /etc/default/grub I've added console=tty0 console=ttyS0,115200 to enable console access using virsh console eve-ng command. GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200 net.ifnames=0 "
Post a Comment
Read more