• 8 December 2024

Juniper usefull command reference

MAC Limiting
configuring accept macset interfaces ge-0/0/0.0 accept-source-mac mac-address 00:11:22:33:44:55:66:77
configuring mac limit under switch-optiosset switch-options interface ge-0/0/0.0 interface-mac-limit 2 packet-action [log drop shutdown drop-and-log]
configuring mac limit under vlansset vlans VLAN_3 switch-options interface-mac-limit 10 packet-action drop-and-log
configuring mac move limit (in a second)set vlans VLAN_10 switch-options mac-move-limit 1 packet-action shutdown
manually restoreclear ethernet-switching recovery-timeout
manually restore for an interfaceclear ethernet-switching recovery-timeout interface ge-0/0/0
automatically restoreset interfaces ge-0/0/0.0 family ethernet-switching recovery-timeout 30
showing logsshow log messages | match L2ALD
showing flagsshow ethernet-switching interface ge-0/0/0
Persistent MAC Learning
configuring persistent mac learningset switch-options interface ge-0/0/0.0 persistent-learining
showing persistent P flagshow ethernet-switching table
clearing learned persistent macsclear ethernet-switching table persistent-learning
DHCP Snooping
configuring DHCP snoopingset vlans VLAN_10 forwarding-options dhcp-security group TRUSTED interface ge-0/0/0
allowing DHCP server traffic such as DHCP offer, ack, nakset vlans VLAN_10 forwarding-options dhcp-security group TRUSTED overrides trusted
set vlans VLAN_10 forwarding-options dhcp-security group UNTRUSTED interface ge-0/0/1
set vlans VLAN_10 forwarding-options dhcp-security group UNTRUSTED interface ge-0/0/2
specifiying dhcp snooping dbset system processes dhcp-service dhcp-snooping file file_name
showing binding tableshow dhcp-security binding
clearing bindingclear dhcp-security binding [ all vlan interface ip-address ]
adding static entriesset vlans VLAN_10 forwarding-options dhcp-security group UNTRUSTED interface ge-0/0/1 static-ip 10.10.20.20 mac 11:11:22:22:33:33
Dynamic ARP Inspeciton
configuring DAIset vlans VLAN_10 forwarding-options dhcp-security arp-inspection
showing binding tableshow dhcp-security binding
showing arp inspection statisticsshow dhcp-security arp inspection statistics
showing logsshow log messages | match DAI
IP Source Guard
configuring ip source guardset vlans VLAN_10 forwarding-options dhcp-security ip-source-guard
showing binding tableshow dhcp-security binding
MACsec
configuring macsecedit security macsec connectivity-association outdoor_sw
set security-mode static-cak
set pre-shared-key ckn hex_1
set pre-shared-key cak hex_2
up set interfaces uplink_to_outdoor_sw connectivity-association outdoor_sw
show macsec connectionsshow security macsec connections
Ethernet-switching
Configure Global MAC Table Aging Timeset protocols l2-learning global-mac-table-aging-time seconds
showing forwarding tableshow route forwarding-table family ethernet-switching
insert static mac entryset vlans data switch-options interface ge-0/0/7.0 static-mac 00:11:22:33:44:55:66
???restart interface-control
Spannig tree
BPDU protection when STP enabledset protocols rstp interface ge-0/0/7.0 edge
set protocols rstp bpdu-block-on-edge
BPDU protection when STP not enabledset protocols layer2-control bpdu-block interface ge-0/0/07
Identify if BPDU errorshow interfaces ge-0/0/7 | match “BPDU error”
clearing BPDU errorclear error bpdu interface ge-0/0/7.0
Automatically disable bpdu block timeoutset protocols layer2-protocol bpdu-block disable-timeout
Enabling Loop Protection (enable on all P2P links for non root bridge devices)set protocols rstp interface ge-0/0/0.0 bpdu-timeout-action block
set protocols rstp interface ge-0/0/1.0 bpdu-timeout-action block
showing loop on interfacesshow spanning-tree interface | match “loop”
showing loop on logsshow log messages | match “loop|protect”
Enabling Root Protection (enable on all P2P links for root bridge device and backup root bridge)set protocols rstp interface ge-0/0/0.0 no-root-port
set protocols rstp interface ge-0/0/1.0 no-root-port
showing root protection on interfacesshow spanning-tree interface | match “root”
Storm Control
Limiting total broadcast, multicast and unknown unicast traffic in % 80 for an interface, drops the remainsset interfaces ge-0/0/7.0 family ethernet-switching storm-control default
set forwarding-options storm-control-profiles default all
Changing the default behavior to shutdown , when the traffic exceeds.set forwarding-options storm-control-profiles default action-shutdown
If an interface is shutdown due to storm control
we need to re-enable it
clear ethernet-switching recovery-timeout
Or, we can configure automatic recovery timeout.set interfaces ge-0/0/7.0 family ethernet-swtiching recovery-timeout [ 10 – 3600 seconds ]
showing violationshow ethernet-switching interface ge-0/0/7 | match SCTL
showing it in the log messagesshow log messages | match L2ALD_ST_CTL
Firewall Filters
Creating ethernet-switching firewall filteredit firewall family ethernet-switching filter MY_FILTER
set term T1 from destination-mac-address 01:80:c2:00:00:00
set term T1 then discard
set term T2 then discard
Applying to an interfaceset interface ge-0/0/07.0 family input filter MY_FILTER
Applying to a VLANset vlan VLAN_X forwarding-options filter input MY_FILTER
Virtual Chassis
access to specific memberrequest session member member-id
Changing member IDrequest virtual-chassis renumber member-id old-id new-member-id new-id
manual software upgraderequest system software add member member-id
auto software upgradeset virtual-chassis auto-sw-upgrade package-name /var/tmp/jinstall-abc.tgz
request virtual-chassis vc-port set pic-slot pic-id port port-id
show virtual-chassis vc-port
when we have 2 switch, it is recommendedset virtual-chassis no-split-detection
NSSU upgraderequest system software nonstop-upgrade /var/tmp/junos.tgz
NSSU upgrade with mixed platformsrequest system software nonstop-upgrade set [ /var/tmp/junos1.tgz /var/tmp/junos2.tgz]
GRES
configuring GRESset chassis redundancy graceful-switchover
this is available only on the backup deviceshow system switchover
manually change master and backup staterequest chassis routing-engine master [acquire release switch]
NSR
Configuring NSR( first enable GRES)set routing-options nonstop-routing
set system commit synchronize
on the master deviceshow task replication
on the backup deviceshow ospf neighbor
show bgp summary
show route
NSB
Configuring NSB (first enable GRES)set protocols layer2-control nonstop-bridging
verifying NSBshow spanning-tree bridge