Difference between revisions of "Junos"

From neil.tappsville.com
Jump to navigationJump to search
m
m
(20 intermediate revisions by the same user not shown)
Line 8: Line 8:
 
* [[CLI Commands]]
 
* [[CLI Commands]]
 
* [[Junos RPM]]  RTT, Jitter, Packetloss testing / probing
 
* [[Junos RPM]]  RTT, Jitter, Packetloss testing / probing
 +
* CoS https://saidvandeklundert.net/2015-02-28-juniper-cos-notes/
  
 
Service Requests - What to collect https://kb.juniper.net/InfoCenter/index?page=content&id=KB26990&actp=METADATA
 
Service Requests - What to collect https://kb.juniper.net/InfoCenter/index?page=content&id=KB26990&actp=METADATA
 +
 +
===Bootable USB===
 +
Create a boot USB https://www.juniper.net/documentation/en_US/jsa7.3.1/jsa-installation-guide/topics/concept/concept-jsa-installation-guide-usb-flash-drive-installations.html
 +
 +
https://osxdaily.com/2015/06/05/copy-iso-to-usb-drive-mac-os-x-command/
 +
 +
MACOS
 +
Find the Disk
 +
  mount
 +
Unmount
 +
  sudo diskutil umount /dev/rdisk2s1
 +
Copy  (note the r pre-pended to the device name = raw and rdisk2 (not rdisk2s1!!)
 +
  sudo dd if=/Users/neilt/Software/junos/junos-install-media-usb-mx-x86-64-19.4R3.11.img of=/dev/rdisk2 bs=1m
 +
Eject
 +
  diskutil eject /dev/rdisk2s1
 +
 +
 +
Proxy for NZ to get Juniper images https://juniper.networks.fail/
 +
curl --proxy juniper.networks.fail:3128 -o <filename> https://cdn.juniper.net/blah
 +
 +
===CLI Moving Around===
 +
* Left/Right Arrows or Ctrl-B Back one character and Ctrl-F Forward one character
 +
* Ctrl-A To beginning of line
 +
* Ctrl-E To end of line
 +
 +
 +
* Ctrl-U Delete all characters
 +
* Ctrl-W Delete entire word to left of cursor
 +
 +
 +
* Ctrl-L Redraw the current line
 +
Command History
 +
* Up/Down Arrows or Ctrl-P move backwards through command history and Ctrl-N move forward through command history
 +
 
==Configuration==
 
==Configuration==
 
   
 
   
* Deactivate - configuration is not loaded
+
* Deactivate - configuration is not loaded  
 +
<pre>
 +
deactivate interfaces ae1 unit 2
 +
activate interfaces ae1 unit 2
 +
</pre>
 
* Disable - Configuration is loaded by ignored
 
* Disable - Configuration is loaded by ignored
  
Line 44: Line 83:
 
  ctrl-d
 
  ctrl-d
  
 +
===Quick backup and rollback===
  
 +
Save a full copy of the current config - in conf mode just issue
 +
save /var/tmp/hostname.conf
 +
To restore back to exactly as you left it issue
 +
load override /var/tmp/hostname.conf
  
 
===Mount a USB===
 
===Mount a USB===
Line 68: Line 112:
 
<code>xe-1/2/0.1</code> Vlan tag 1
 
<code>xe-1/2/0.1</code> Vlan tag 1
  
<code>xe-1/2/0:1</code>40Gb interface channelised to operate as individual 10Gb interfaces (since 40Gb = 4 x 10Gb physically anyhow)
+
<code>xe-1/2/0:1</code>40Gb interface channelised to operate as individual 10Gb interfaces (since 40Gb = 4 x 10Gb physically anyhow) PLR4 Optic
 +
N.B <code> set chassis fpc 1 pic 2 port 0 channel-speed 10g</code>
 +
 
 +
===L2 - L3 MTU===
 +
The following sets a 1500 L2 MTU (thus L3 less headers)
 +
<pre>
 +
        interfaces {
 +
            <*> {
 +
                unit <*> {
 +
                    encapsulation ethernet;
 +
                    mtu 1500;
 +
                    family inet {
 +
                        rpf-check;
 +
                        filter {
 +
                            input inet-somefilter-in;
 +
                        }
 +
                    }
 +
                }
 +
            }
 +
        }
 +
</pre>
 +
The following sets a 1500 L3 MTU (no matter how the service arrived at the port - non-tagged, 1 tag or 2 vlan tags)
 +
<pre>
 +
        interfaces {
 +
            <*> {
 +
                unit <*> {
 +
                    encapsulation ethernet;
 +
                    family inet {
 +
                        mtu 1500;
 +
                        rpf-check;
 +
                        filter {
 +
                            input inet-somefilter-in;
 +
                        }
 +
                    }
 +
                }
 +
            }
 +
        }
 +
</pre>
 +
 
  
 
===LAG Issues===
 
===LAG Issues===
 
https://kb.juniper.net/InfoCenter/index?page=content&id=KB19798
 
https://kb.juniper.net/InfoCenter/index?page=content&id=KB19798
 +
 +
 +
Show Lag members:
 +
<pre>
 +
user@router> show lacp interfaces
 +
Aggregated interface: ae1
 +
    LACP state:      Role  Exp  Def  Dist  Col  Syn  Aggr  Timeout  Activity
 +
      xe-0/1/1      Actor    No    No  Yes  Yes  Yes  Yes    Fast    Active
 +
      xe-0/1/1    Partner    No    No  Yes  Yes  Yes  Yes    Fast    Active
 +
      xe-0/1/0      Actor    No    No  Yes  Yes  Yes  Yes    Fast    Active
 +
      xe-0/1/0    Partner    No    No  Yes  Yes  Yes  Yes    Fast    Active
 +
    LACP protocol:        Receive State  Transmit State          Mux State
 +
      xe-0/1/1                  Current  Fast periodic Collecting distributing
 +
      xe-0/1/0                  Current  Fast periodic Collecting distributing
 +
</pre>
 +
 +
Normal config:
 +
set interfaces ae1 description "Ultimate LAG"
 +
set interfaces ae1 flexible-vlan-tagging
 +
set interfaces ae1 mtu 9100
 +
set interfaces ae1 encapsulation flexible-ethernet-services
 +
set interfaces ae1 aggregated-ether-options lacp active
 +
 +
set interfaces xe-0/1/0 description "Im a member of a LAG |  member of ae1"
 +
set interfaces xe-0/1/0 gigether-options 802.3ad ae1
 +
 +
 +
Take an interface out of a lag
 +
deactivate interfaces xe-0/1/0 gigether-options
 +
 +
Put an interface back into a lag
 +
activate interfaces xe-0/1/0 gigether-options
  
 
==Routing==
 
==Routing==
 +
 +
[[BGP]]
 +
 
Display all routes in a routing-instance (cant use auto complete)
 
Display all routes in a routing-instance (cant use auto complete)
 
  show route table <routing-instance_name>
 
  show route table <routing-instance_name>
Line 100: Line 217:
 
set protocols isis interface xe-1/2/4.0 apply-groups AvoidLink
 
set protocols isis interface xe-1/2/4.0 apply-groups AvoidLink
 
</pre>
 
</pre>
 +
 +
===Prefix Limits===
 +
Find the limints at PeeringDB https://www.peeringdb.com/
 +
<pre>
 +
set routing-instances IXname protocols bgp group Bilat-ASname description ASname
 +
set routing-instances IXname protocols bgp group Bilat-ASname peer-as 123456
 +
set routing-instances IXname protocols bgp group Bilat-ASname neighbor [ipv4address] family inet unicast prefix-limit maximum 350
 +
set routing-instances IXname protocols bgp group Bilat-ASname neighbor [ipv6address] family inet6 unicast prefix-limit maximum 350
 +
</pre>
 +
  
 
MTU testing
 
MTU testing
Line 126: Line 253:
  
 
==BNG Subscribers ==
 
==BNG Subscribers ==
 +
 +
PPPoE config and examples https://tgregory.org/tag/juniper-mx-bng/
  
 
Count number of subscribers per pseudo wire
 
Count number of subscribers per pseudo wire
Line 158: Line 287:
 
  jddosd[20065]: DDOS_PROTOCOL_VIOLATION_CLEAR: INFO: Host-bound traffic for protocol/exception Sample:aggregate has returned to normal. Its allowed bandwith was exceeded at fpc 1 for 181 times, from 2017-09-30 12:36:18 NZDT to 2017-09-30 12:36:28 NZDT
 
  jddosd[20065]: DDOS_PROTOCOL_VIOLATION_CLEAR: INFO: Host-bound traffic for protocol/exception Sample:aggregate has returned to normal. Its allowed bandwith was exceeded at fpc 1 for 181 times, from 2017-09-30 12:36:18 NZDT to 2017-09-30 12:36:28 NZDT
  
==Firewalls - IP Spoofing==
+
==Firewalls SRX==
 +
 
 +
===Firewalls - IP Spoofing===
 
  If there is a rule that is meant to allow the flow, most probable that the source address has no route, so the firewall drops the traffic before the rule is attempted.
 
  If there is a rule that is meant to allow the flow, most probable that the source address has no route, so the firewall drops the traffic before the rule is attempted.
  [junos@2636.1.1.1.2.137 attack-name="IP spoofing!" source-address="10.0.0.27" destination-address="10.254.254.10" protocol-id="17" source-zone-name="ZONE_A" interface-name="xe-0/0/17.9" action="drop"]  
+
  [junos@2636.1.1.1.2.137 attack-name="IP spoofing!" source-address="10.0.0.27" destination-address="10.254.254.10" protocol-id="17" source-zone-name="ZONE_A" interface-name="xe-0/0/17.9" action="drop"]
 +
 
 +
===Flows - Debugging===
 +
show security flow session destination-prefix 192.168.1.5/32.
 +
 
 +
clear security flow session interface ge-0/0/1.1 destination-prefix 192.168.1.5/32
 +
 
 +
===Failover===
 +
Login  on console as admin/root (as authentication may not be working)
 +
 
 +
Identify node vs device name - also look at the prompt
 +
<pre>
 +
show chassis routing-engine
 +
node0:
 +
--------------------------------------------------------------------------
 +
Routing Engine status:
 +
    CPU temperature            62 degrees C / 143 degrees F
 +
...
 +
 
 +
node1:
 +
--------------------------------------------------------------------------
 +
Routing Engine status:
 +
    Temperature                38 degrees C / 100 degrees F
 +
    CPU temperature            65 degrees C / 149 degrees F
 +
...
 +
 
 +
{primary:node1}
 +
user@hostname>
 +
</pre>
 +
 
 +
Show Cluster
 +
show chassis cluster status
 +
<pre>
 +
Cluster ID: 3
 +
Node  Priority Status              Preempt Manual  Monitor-failures
 +
 
 +
Redundancy group: 0 , Failover count: 1
 +
node0  0        secondary            no      yes      CF
 +
node1  255      primary              no      yes      None
 +
 
 +
Redundancy group: 1 , Failover count: 1
 +
node0  0        secondary            no      no      IF CS CF
 +
node1  1        primary              no      no      None
 +
 
 +
Redundancy group: 2 , Failover count: 1
 +
node0  0        secondary            no      no      IF CS CF
 +
node1  1        primary              no      no      None
 +
 
 +
</pre>
 +
 
 +
If its already been failed over manually, this will need to be reset:
 +
request chassis cluster failover reset redundancy-group 0
 +
 
 +
Kick over the cluster
 +
<pre>
 +
> request chassis cluster failover redundancy-group 0 node 1
 +
node1:
 +
--------------------------------------------------------------------------
 +
Initiated manual failover for redundancy group 0
 +
</pre>
 +
 
 +
Then reboot the affected side of the cluster
 +
request system reboot node 0
  
 
==Inital Build==
 
==Inital Build==
Line 169: Line 362:
 
=== Root Password recovery ===
 
=== Root Password recovery ===
 
https://kb.juniper.net/InfoCenter/index?page=content&id=KB12167&cat=MANAGEMENT_SW&actp=LIST
 
https://kb.juniper.net/InfoCenter/index?page=content&id=KB12167&cat=MANAGEMENT_SW&actp=LIST
 +
 +
== Login to unresponsive RE ==
 +
request routing-engine login other-routing-engine
 +
request routing-engine login (backup | master | other-routing-engine | re0 | re1)
  
 
==Hardware==
 
==Hardware==
Line 174: Line 371:
 
  show system processes extensive | match chassisd
 
  show system processes extensive | match chassisd
 
  help topic interfaces family
 
  help topic interfaces family
 +
show chassis hardware
 +
show chassis pic fpc-slot 0 pic-slot 0
  
 
* Ifdown <code> set interfaces ge-0/0/7 disable</code>
 
* Ifdown <code> set interfaces ge-0/0/7 disable</code>
Line 187: Line 386:
 
===Copy between cluster nodes===
 
===Copy between cluster nodes===
 
  file copy /var/tmp/abc.log node1:/var/log/
 
  file copy /var/tmp/abc.log node1:/var/log/
 +
 +
==Packet Capture==
 +
monitor traffic interface ps5 size 1600 write-file filename.pcap

Revision as of 00:39, 7 April 2022

Misc

Cisco vs Juniper commands https://networking.ringofsaturn.com/Cisco/ciscojuniper.php

Python on Junos hosts https://www.juniper.net/documentation/en_US/junos/topics/reference/general/junos-python-modules-on-device.html

Service Requests - What to collect https://kb.juniper.net/InfoCenter/index?page=content&id=KB26990&actp=METADATA

Bootable USB

Create a boot USB https://www.juniper.net/documentation/en_US/jsa7.3.1/jsa-installation-guide/topics/concept/concept-jsa-installation-guide-usb-flash-drive-installations.html

https://osxdaily.com/2015/06/05/copy-iso-to-usb-drive-mac-os-x-command/

MACOS

Find the Disk
 mount
Unmount
 sudo diskutil umount /dev/rdisk2s1
Copy  (note the r pre-pended to the device name = raw and rdisk2 (not rdisk2s1!!)
 sudo dd if=/Users/neilt/Software/junos/junos-install-media-usb-mx-x86-64-19.4R3.11.img of=/dev/rdisk2 bs=1m
Eject
 diskutil eject /dev/rdisk2s1


Proxy for NZ to get Juniper images https://juniper.networks.fail/

curl --proxy juniper.networks.fail:3128 -o <filename> https://cdn.juniper.net/blah

CLI Moving Around

  • Left/Right Arrows or Ctrl-B Back one character and Ctrl-F Forward one character
  • Ctrl-A To beginning of line
  • Ctrl-E To end of line


  • Ctrl-U Delete all characters
  • Ctrl-W Delete entire word to left of cursor


  • Ctrl-L Redraw the current line

Command History

  • Up/Down Arrows or Ctrl-P move backwards through command history and Ctrl-N move forward through command history

Configuration

  • Deactivate - configuration is not loaded
deactivate interfaces ae1 unit 2
activate interfaces ae1 unit 2
  • Disable - Configuration is loaded by ignored
  • Trunk - has vlan tags
  • Access - naked ethernet
  • Fx / ex0 = management
show configuration | display inheritance no-comments
show configuration | display inheritance no-comments | display set | match foo

Loading config

configure private
load replace /var/tmp/someconfig.cfg
show | compare
commit check
commit <synchronize> and-quit


Patch / exclude group from leaf

load patch terminal
[edit access profile aaa-profile radius]
-    apply-groups-except BNGRadius;
+    apply-groups-except [ BNGRadius BNGRadiusLab ];
+    authentication-server 10.0.0.1;
+    accounting-server 10.0.0.1;
ctrl-d

Quick backup and rollback

Save a full copy of the current config - in conf mode just issue

save /var/tmp/hostname.conf

To restore back to exactly as you left it issue

load override /var/tmp/hostname.conf

Mount a USB

Connect to the shell with start shell
See a list of existing partitions with ls /dev/da*
Plugin the USB drive; A list of mount information will appear
Run ls /dev/da* again, and see an additional partition is available, such as /dev/da1s1
Create a mount point with mkdir /var/tmp/usb
Mount the partition with mount_msdosfs [partition] /var/tmp/usb
Copy files as required with cp
Unmount the partition with umount /var/tmp/usb
Remove the USB drive

Common MX Interfaces

ge Gbit (Fibre)

xe 10Gb

et 100Gb (some 10Gb, 40Gb, 100GB)

xe-1/2/0.1 Vlan tag 1

xe-1/2/0:140Gb interface channelised to operate as individual 10Gb interfaces (since 40Gb = 4 x 10Gb physically anyhow) PLR4 Optic N.B set chassis fpc 1 pic 2 port 0 channel-speed 10g

L2 - L3 MTU

The following sets a 1500 L2 MTU (thus L3 less headers)

        interfaces {
            <*> {
                unit <*> {
                    encapsulation ethernet;
                    mtu 1500;
                    family inet {
                        rpf-check;
                        filter {
                            input inet-somefilter-in;
                        }
                    }
                }
            }
        }

The following sets a 1500 L3 MTU (no matter how the service arrived at the port - non-tagged, 1 tag or 2 vlan tags)

        interfaces {
            <*> {
                unit <*> {
                    encapsulation ethernet;
                    family inet {
                        mtu 1500;
                        rpf-check;
                        filter {
                            input inet-somefilter-in;
                        }
                    }
                }
            }
        }


LAG Issues

https://kb.juniper.net/InfoCenter/index?page=content&id=KB19798


Show Lag members:

user@router> show lacp interfaces
Aggregated interface: ae1
    LACP state:       Role   Exp   Def  Dist  Col  Syn  Aggr  Timeout  Activity
      xe-0/1/1       Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
      xe-0/1/1     Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
      xe-0/1/0       Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
      xe-0/1/0     Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
    LACP protocol:        Receive State  Transmit State          Mux State
      xe-0/1/1                  Current   Fast periodic Collecting distributing
      xe-0/1/0                  Current   Fast periodic Collecting distributing

Normal config:

set interfaces ae1 description "Ultimate LAG"
set interfaces ae1 flexible-vlan-tagging
set interfaces ae1 mtu 9100
set interfaces ae1 encapsulation flexible-ethernet-services
set interfaces ae1 aggregated-ether-options lacp active
set interfaces xe-0/1/0 description "Im a member of a LAG |  member of ae1"
set interfaces xe-0/1/0 gigether-options 802.3ad ae1


Take an interface out of a lag

deactivate interfaces xe-0/1/0 gigether-options

Put an interface back into a lag

activate interfaces xe-0/1/0 gigether-options

Routing

BGP 

Display all routes in a routing-instance (cant use auto complete)

show route table <routing-instance_name>
show route receive-protocol bgp <neighbour IP>
show route instance <name> detail
deactivate routing-instances <name> protocols bgp group <group name / Domestic> neighbour <IP>


What mpls connections there are

 show bgp summary

get the IPAddress of the connection (looking for advertised prefixes)

show bgp neighbour 123.123.123.123

Find out what the advertised prefixes are

show route advertising-protocol bgp 123.123.123.123


Change isis metric (set it high so traffic will not perfer this interface

set protocols isis interface et-0/0/16.0 level 2 metric 200

Do the same but via a group - remember to do it at both ends!

set groups AvoidLink apply-flags omit
set groups AvoidLink protocols isis interface <*> level 2 metric 500
set protocols isis interface xe-1/2/2.0 apply-groups AvoidLink
set protocols isis interface xe-1/2/4.0 apply-groups AvoidLink

Prefix Limits

Find the limints at PeeringDB https://www.peeringdb.com/

set routing-instances IXname protocols bgp group Bilat-ASname description ASname
set routing-instances IXname protocols bgp group Bilat-ASname peer-as 123456
set routing-instances IXname protocols bgp group Bilat-ASname neighbor [ipv4address] family inet unicast prefix-limit maximum 350
set routing-instances IXname protocols bgp group Bilat-ASname neighbor [ipv6address] family inet6 unicast prefix-limit maximum 350


MTU testing

ping routing-instance <name> <IP> size 1500

Disable an interface carrying MPLS

  • Disable ISIS @ both ends set protocols isis interface [x] level 2 metric 30 disable
  • Wait for tarffic to close /end then shutdown the interface

Reserved Capacity


user@host> show rsvp interface et-0/0/8.0 detail
et-0/0/8.0 Index 564, State Ena/Up
  NoAuthentication, Aggregate, Reliable, LinkProtection
  HelloInterval 9(second)
  Address 10.55.88.8
  ActiveResv 731, PreemptionCnt 0, Update threshold 10%, MaxResvTh 0bps, 0%
  Subscription 100%, StaticBW 100Gbps, AvailableBW 51.7439Gbps, Actual 100%
  ReservedBW [0] 0bps[1] 0bps[2] 0bps[3] 21.6205Gbps[4] 0bps[5] 0bps[6] 26.6356Gbps[7] 0bps

3 is Primary, 6 is Secondary - reserved capacity

CGN

show services nat mappings address-pooling-paired

BNG Subscribers

PPPoE config and examples https://tgregory.org/tag/juniper-mx-bng/

Count number of subscribers per pseudo wire

 show subscribers physical-interface ps13 client-type vlan count


Clearing subscribers, only need to clear the L3 sessions - this automatically clears the L2 sessions (or should):
clear dhcp relay binding routing-instance Customers dual-stack 116.yyy.yyy.yyy
or
clear dhcp relay binding routing-instance Customers ps1.xxxx
clear dhcpv6 relay binding routing-instance Customers ps1.xxxx
clear dhcpv6 relay binding routing-instance Customers ps0.*
clear dhcpv6 relay binding routing-instance Customers ps2.*
clear dhcpv6 relay binding routing-instance Customers ps3.*
clear dhcpv6 relay binding routing-instance Customers ps4.*
  • or PPPoE subs:
clear pppoe sessions pp0.3221225754


  • Clear the VLAN interface
clear auto-configuration interfaces ps6.3221273839

Show the dynamic-profile attributes that are applied and their values to a subscriber session

show dynamic-configuration session information session-id <session-id>

ddos

show ddos-protection protocols dhcpv6 violations
jddosd[20065]: DDOS_PROTOCOL_VIOLATION_CLEAR: INFO: Host-bound traffic for protocol/exception Sample:aggregate has returned to normal. Its allowed bandwith was exceeded at fpc 1 for 181 times, from 2017-09-30 12:36:18 NZDT to 2017-09-30 12:36:28 NZDT

Firewalls SRX

Firewalls - IP Spoofing

If there is a rule that is meant to allow the flow, most probable that the source address has no route, so the firewall drops the traffic before the rule is attempted.
[junos@2636.1.1.1.2.137 attack-name="IP spoofing!" source-address="10.0.0.27" destination-address="10.254.254.10" protocol-id="17" source-zone-name="ZONE_A" interface-name="xe-0/0/17.9" action="drop"]

Flows - Debugging

show security flow session destination-prefix 192.168.1.5/32. 
clear security flow session interface ge-0/0/1.1 destination-prefix 192.168.1.5/32

Failover

Login on console as admin/root (as authentication may not be working)

Identify node vs device name - also look at the prompt

show chassis routing-engine
node0:
--------------------------------------------------------------------------
Routing Engine status:
    CPU temperature             62 degrees C / 143 degrees F
...

node1:
--------------------------------------------------------------------------
Routing Engine status:
    Temperature                 38 degrees C / 100 degrees F
    CPU temperature             65 degrees C / 149 degrees F
...

{primary:node1}
user@hostname>

Show Cluster

show chassis cluster status
Cluster ID: 3
Node   Priority Status               Preempt Manual   Monitor-failures

Redundancy group: 0 , Failover count: 1
node0  0        secondary            no      yes      CF
node1  255      primary              no      yes      None

Redundancy group: 1 , Failover count: 1
node0  0        secondary            no      no       IF CS CF
node1  1        primary              no      no       None

Redundancy group: 2 , Failover count: 1
node0  0        secondary            no      no       IF CS CF
node1  1        primary              no      no       None

If its already been failed over manually, this will need to be reset:

request chassis cluster failover reset redundancy-group 0

Kick over the cluster

> request chassis cluster failover redundancy-group 0 node 1
node1:
--------------------------------------------------------------------------
Initiated manual failover for redundancy group 0

Then reboot the affected side of the cluster

request system reboot node 0

Inital Build

request system configuration rescue save
request system autorecovery state save
request system snapshow slice alternative

Root Password recovery

https://kb.juniper.net/InfoCenter/index?page=content&id=KB12167&cat=MANAGEMENT_SW&actp=LIST

Login to unresponsive RE

request routing-engine login other-routing-engine
request routing-engine login (backup | master | other-routing-engine | re0 | re1)

Hardware

show interfaces diagnostics optics xe-1/0/0
show system processes extensive | match chassisd
help topic interfaces family
show chassis hardware
show chassis pic fpc-slot 0 pic-slot 0
  • Ifdown set interfaces ge-0/0/7 disable
  • Ifup delete set interfaces ge-0/0/7 disable

Monitor

Will only the traffic to/from the bng loopback

monitor traffic interface ps1.0

How packet stats in realtime

monitor interface ps4.12345

Copy between cluster nodes

file copy /var/tmp/abc.log node1:/var/log/

Packet Capture

monitor traffic interface ps5 size 1600 write-file filename.pcap