Juniper SRX cheat sheet
1 |
root@juniper% — shell OS FreeBSD |
After cli command we can enter to:
1 2 |
root@juniper> — operational mode root@juniper# — configurational mode |
Operational MODE:
1 2 3 4 5 6 |
root@juniper> clear — to clear smth root@juniper> monitor — to monitor smth in real-time mode root@juniper> ping — pong root@juniper> show — show configuration root@juniper> test — to test saved configs and interfaces root@juniper> traceroute — trace |
Interfaces
1 2 3 |
root@juniper> show interface description root@juniper> show interface terse #short root@juniper> show interface detail #detail |
Save rescue config
1 |
root@juniper> request system configuration rescue save |
To get back to rescue config:
1 |
root@juniper# rollback rescue |
Delete uncommitted commands
1 |
root@juniper> clear system commit |
Show CPU, mem, and temperature
1 |
root@juniper> show chassis routing-engine |
Show int traffic
1 2 |
root@juniper> monitor traffic interface ge-0/0/1 root@juniper> monitor interface traffic |
Restart a process
1 |
root@juniper> restart {process} gracefully |
Reboot router
1 |
root@juniper> request system reboot |
Clean UP
1 |
root@juniper> request system storage cleanup |
Configurational MODE:
Turning off smth
1 |
root@juniper# deactivate {interfaces ge-0/0/10} |
Load factory default config
1 |
root@juniper# load factory-default |
Set root pass
1 |
root@juniper# set system root-authentication plain-text-password |
Create new user
1 |
root@juniper# set system login user {username} class {usertype: operator, read-only, super-user} authentication plain-text-password |
Turn on WEB
1 |
root@srx# set system services web-management http interface {vlan.0} {#interfaces#} |
Turn on ssh
1 |
root@srx# set system services ssh |
Change one port to the another
1 |
root@juniper# rename interfaces ge-0/0/0 to ge-0/0/1 |
Change IP address without deleting it:
1 2 |
[edit interfaces] root@juniper# rename ge-0/0/1 unit 0 family inet address 192.168.0.1/28 to address 192.168.0.2/28 |
Copy a part of config to the another branch:
1 |
root@juniper# copy interfaces ge-0/0/0 to ge-0/0/1 |
Go to top level:
1 2 |
[edit interfaces ge-0/0/1] root@juniper# top |
Enter operational commands while editing:
1 |
root@juniper# run {show route} |
Check config without commit:
1 |
root@juniper# commit check |
Commit at the time:
1 |
root@juniper# commit at 12:00 |
Cancel commit at the time:
1 |
root@juniper> clear system commit |
Commit to the rollback in time:
1 |
root@juniper# commit confitmed 100 #minutes |
Rollback:
1 2 |
root@juniper# rollback #last config root@juniper# rollback? #show archive |
To see changes without committing:
1 |
root@juniper# show | compare |
Switching:
Add ports to VLAN:
1 |
root@juniper# set interfaces interface-range interfaces-trust member-range ge-0/0/1 to ge-0/0/7 |
1 |
root@juniper# set interfaces interface-range interfaces-trust unit 0 family ethernet-switching vlan members vlan-trust |
1 2 3 |
root@juniper# set vlans vlan-trust vlan-id 3 root@juniper# set vlans vlan-trust l3-interface vlan.0 root@juniper# set interfaces vlan unit 0 family inet address 192.168.0.1/24 |
Security zones:
Allow all host traffic in trust
1 |
root@juniper# set security zones security-zone trust host-inbound-traffic system-services all |
Allow all host protocols in trust
1 |
root@juniper# set security zones security-zone trust host-inbound-traffic protocols all |
Add interfaces in trust
1 2 3 |
root@juniper# set security zones security-zone trust interfaces vlan.0 root@juniper# set security zones security-zone trust interfaces lo0.0 root@juniper# set security zones security-zone trust interfaces ge-0/0/1.0 |
Create trust-to-trust policy:
1 2 3 4 |
root@juniper# set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any root@juniper# set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any root@juniper# set security policies from-zone trust to-zone trust policy trust-to-trust match application any root@juniper# set security policies from-zone trust to-zone trust policy trust-to-trust then permit |