Below is compiled list of common commands used in support of the Juniper routers. Some of the commands are usable in both 5GT and SSG5, while other commands may vary between the device models. Behind each command will show what model routers the commands may be used in, and if usable in only one of the two models will show the equivalent command for the other model.
Get commands used to gather information, but not affect services or make any changes on the router.
get interface – (5GT or SSG5) – shows a brief overview of the interfaces
get interface eth0/0 – (SSG5) – shows a more detailed view of the specific interface (Example get int eth0/0 or get int eth0/1)
get interface untrust – (5GT) - shows a more detailed view of the specific interface (Example get int untrust or get int trust port phy)
get counter statistics interface – (5GT or SSG5) – displays the counter information of all interfaces, you can specify a single interface as well (example: get counter statistics interface untrust)
get sa active – (5GT or SSG5) – Shows active Tunnels
get arp – (5GT or SSG5) – shows the arp table
get sys – (5GT or SSG5) – Displays the device serial number, uptime, model o route….
set console timeout 0 – (5GT or SSG5) – removes the timeout from 30 minutes to 0 (Unlimited)
get int serial0/0 modem – (SSG5) – Displays the dialup interface to show if there is an active call, how long the call has been established or how long the dialer has been at idle.
Get modem – (5GT) – Displays the dialup interface to show if there is an active call, how long the call has been established or how long the dialer has been at idle.
get performance cpu – (5GT or SSG5) – Displays a brief view of the processor usage of the router
get performance cpu detail – (5GT or SSG5) – Displays a detailed view of the processor usage of the router
get config – (5GT or SSG5) – displays the configuration file of the Juniper
get clock – (5GT or SSG5) – shows date and time on router
get events – (5GT or SSG5) – shows the event logs of router
get debug – (5GT or SSG5) - shows all debugging that is currently enabled
Set console page 0 – Removes the page interrupt displaying the results without having to press a key to go from page to page
Interrupt command from CLI – If you start a ping or trace route and is only getting time outs on the entire event, you can press the “CTRL, C” to interrupt the command.
Commands that may or may not cause service impact or interruptions. Service impacting commands, may be brief or extended and we do not want to create more impact so use with discretion:
The clear counters should not cause any interruption but clears all tracked values of bytes, packets, errors… on interfaces.
clear counter interface - clear interface counters of all interfaces (Useful when checking on interfaces to see if errors or resets are incrementing)
Clear counter
Ping – Runs a ping from the router to a destination. Values may be modified such as packet count, size, sourced interface, pattern, and sweep range.
Trace–route – runs a trace route from the router to a specified destination. Values may be modified such as source timeout, probe count, and port.
The clear crypto commands will briefly interrupt tunnels, tunnels should rebuilt in a couple seconds at most if no problems.
Clear ike-cookie all – Flushes the IKE cookie to force the tunnels to renegotiate
Reset command will restart the router, This will create a service interruption until the router restart is completed if no altercation are experienced
Reset – Restarts the router
To be used only when on dialup and sites provisioned with DHCP service (Not Static or PPPoE). These commands will normally will cause a service interruption if used on the active interface.
clear dhcp client untrust ip – If on dialup, and the Wan is not leasing an IP, you can try to flush the old IP to obtain a new IP (5GT)
clear dhcp client eth0/0 ip – If on dialup, and the Wan is not leasing an IP, you can try to flush the old IP to obtain a new IP (SSG5)
exec dhcp client untrust renew – If on dialup, executes a renew command on the wan interface if configured for DHCP service (5GT)
exec dhcp client eth0/0 renew – If on dialup, executes a renew command on the wan interface if configured for DHCP service (SSG5)
Changing a port’s physical status will interrupt service and may take an interface down if the other end of the Ethernet connection does not match up. These are best to be preformed when you are not logged into the router using the specific interface so changes can be reverted if needed.
set interface eth0/0 phy full 100mb – Set the Wan port to 100/Full
set interface eth0/0 phy half 10mb – Set the Wan port to 10/half
set interface eth0/0 phy auto – Set the Wan port to auto negotiate
Disable / Re-enable a port
set interface eth0/0 phy link-down – Disabled the physical interface
unset interface eth0/0 phy link-down – Enables the physical interface
debug all – Enables all debugging commands, Not recommended as you will get so much information you will not be able to find what is relevant. (Never to be used on a head end as it will cause to much overhead)
debug dhcp client – Enables debugging on the DHCP client for obtaining the Wan IP (Note, There is a debug DHCP server, which debug’s on the DHCP controlled on the Juniper for the lan)
debug sa-mon all – Enables debugging on the SA (tunnels)
debug dialer events – Enables debugging for dial backup
debug pppoe all – Enables debugs on the PPPoE events which may be usfull when troubleshooting why PPPoE is not working (If the DSL modem has sync and bridged)
undebug all – disables all active debug’s
Juniper doesn’t have a configuration mode like Cisco’s. Making changes to the router typically are controlled by the set or unset command. Like Cisco do not make any changes from the deployment design until specified by a Sr. Engineer, TAM, or IPass management.
The post Basic Netscreen / Juniper Commands appeared first on Beyond web Logs.