lab@srxA-1> show route ctrl+p

inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both
10.210.14.128/27 *[Direct/0] 02:12:04
> via ge-0/0/0.0
10.210.14.131/32 *[Local/0] 02:12:10
Local via ge-0/0/0.0

lab@srxA-1> show system users ctrl+n

5:12AM up 2 days, 3:14, 1 user, load averages: 0.04, 0.10, 0.07
USER TTY FROM LOGIN@ IDLE WHAT
lab u0 - 4:43AM - -cli (cli)

lab@srxA-1> show interfaces ge-0/0/0 extensive

Lots of information about interface

show interfaces | match down | match Physical | count

Junos OS documentation is available directly from the CLI

help topic

whereas you can obtain detailed configuration-related information with the

help reference

Display the interfaces portion of the candidate configuration.

[edit]
lab@srxA-1# show interfacesLab 1–14 • The Junos CLI (Detailed) www.juniper.net
ge-0/0/0 {
description "MGMT Interface - DO NOT DELETE";
unit 0 {
family inet {
address 10.210.14.131/27;
}
}
}

lab@srxA-1> configure
Entering configuration mode
[edit]
lab@srxA-1# load factory-default
warning: activating factory configuration

set plain-text-password command. When prompted to enter a new

password, type apples.
[edit]
lab@srxA-1# edit system root-authentication
[edit system root-authentication]
lab@srxA-1# set plain-text-password
New password:
error: require change of case, digits or punctuation
[edit system root-authentication]
lab@srxA-1#

Define the system’s hostname. Use the hostname specified on the management
network diagram provided by your instructor.
[edit]
root@srxA-1# set system host-name hostname

Configure the time zone and system time using the local time zone and current date
and time as input values.
[edit]
root@srxA-1# set system time-zone time-zone

[edit]
root@srxA-1# run set date date/time
Wed April 25 04:19:00 PDT 2012

Remove the DHCP, interface, security, protocols and vlan sections from the
factory-default configuration, as this is not necessary in this lab environment.
[edit]
root@srxA-1# delete system services dhcp
[edit]
root@srxA-1# delete interfaces
[edit]
root@srxA-1# delete security
[edit]
root@srxA-1# delete protocols
[edit]
root@srxA-1# delete vlans

Configure the ge-0/0/0 interface

[edit]
root@srxA-1# edit interfaces
[edit interfaces]
root@srxA-1# set ge-0/0/0 unit 0 family inet address management IP address
[edit interfaces]
root@srxA-1# set ge-0/0/0 description "MGMT Interface - DO NOT DELETE"
[edit interfaces]
root@srxA-1#

Navigate to [edit routing-options] and define a static route for the

10.210.0.0/16 destination prefix to allow for reachability beyond the local
management subnet. Use the gateway address,
[edit interfaces]
root@srxA-1# top edit routing-options
[edit routing-options]
root@srxA-1# set static route 10.210.0.0/16 next-hop gateway address
[edit routing-options]
root@srxA-1# commit and-quit
commit complete
Exiting configuration mode
root@srxA-1>

Save the active configuration as the rescue configuration.

lab@srxA-1> request system configuration rescue save

Display the contents of the recently saved rescue configuration.

lab@srxA-1> file show /config/rescue.conf.gz

Configuring Interfaces and Verifying Operational State

[edit]
lab@srxA-1# edit interfaces
[edit interfaces]
lab@srxA-1# set ge-0/0/3 unit 0 family inet address address/30
[edit interfaces]
lab@srxA-1# set ge-0/0/2 unit 0 family inet address address/30
[edit interfaces]
lab@srxA-1# set ge-0/0/1 unit 0 family inet address address/30
[edit interfaces]
lab@srxA-1# set lo0 unit 0 family inet address address/32
[edit interfaces]
lab@srxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@srxA-1

show interfaces terse

verify the state of the

configured interfaces.

Navigate to [edit system login] and define a custom login class named
juniper with the following permissions:
• view
• view-configuration
• reset
[edit]
lab@srxA-1# edit system login
[edit system login]
lab@srxA-1# set class juniper permissions [view view-configuration reset]
error: invalid value: ]

Next, define two new user accounts using the information from the following table:
[edit system login]
lab@srxA-1# set user walter class juniper
[edit system login]
lab@srxA-1# set user walter authentication plain-text-password
New password:
Retype new password:
[edit system login]
lab@srxA-1# set user nancy class read-only
[edit system login]
lab@srxA-1# set user nancy authentication plain-text-password
New password:
Retype new password:

Restart the routing process using the restart routing command. This
command restarts the routing protocol daemon (rpd), which can be useful when
troubleshooting routing problems.
walter@srxA-1> restart routing
Routing protocols process started, pid 9777

From the session opened to the lab user attempt to add the clear permission to
the default read-only login class. Issue the show command to view the system
login hierarchy.
[edit system login]
lab@srxA-1# set class read-only permissions clear
warning: 'read-only' is a predefined class name; changing to 'read-only-local'

configure a RADIUS server for

use with user authentication. Refer to your management network diagram for the
server address. The RADIUS secret should be Juniper. Configure the
authentication order so that user login attempts use only local password
authentication if the RADIUS server is unreachable. Use commit to activate the
changes.
[edit system login]
lab@srxA-1# top
[edit]
lab@srxA-1# set system radius-server RADIUS server secret Juniper
[edit]
lab@srxA-1# set system authentication-order radius
[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1#

From the session opened to the lab user and change the IP address of the RADIUS
server to 10.1.1.1. You can use the rename command for this change. Do not forget
to issue commit to activate the change.
[edit]
lab@srxA-1# rename system radius-server RADIUS server to 10.1.1.1
[edit]
lab@srxA-1# commit
commit complete

configure a new syslog `SA1`

file named config-changes. Specify a facility of change-log and a severity of

info. Also, set the severity level for the default messages file to any.
[edit]
lab@srxA-1# edit system syslog
[edit system syslog]
lab@srxA-1# set file config-changes change-log info
[edit system syslog]
lab@srxA-1# set file messages any any
[edit system syslog]
lab@srxA-1#

Choose the correct facility that logs access attempts on the

system. (Hint: The current messages log file is already using this facility.) Use a
severity level of info. Commit your changes when complete.
[edit system syslog]
lab@srxA-1# set host server address authorization info
[edit system syslog]
lab@srxA-1# commit
commit complete

Configure the system to synchronize its clock with an NTP server. Refer to the
management network diagram for the server’s IP address.
[edit system syslog]
lab@srxA-1# top
[edit]
lab@srxA-1# set system ntp server server address

[edit]
lab@srxA-1# set system ntp boot-server server address
[edit]
lab@srxA-1# commit and-quit
 commit complete

Manually force synchronization with the NTP server by issuing the set date ntp
operational mode command.
lab@srxA-1> set date ntp
22 Apr 19:04:24 ntpdate[3080]: step time server 10.210.14.130 offset -0.000025
sec

NTP server by using the command

show ntp associations

configure the system to allow SNMP access using

a community value of junos.

lab@srxA-1> configure
Entering configuration mode
[edit]
lab@srxA-1# set snmp community junos clients server address
[edit]
lab@srxA-1#

Configure an SNMP trap group to send traps to the NMS server. The SNMP trap
group should send traps whenever an interface transitions to a down state. Name
the trap group interfaces.
[edit]
lab@srxA-1# set snmp trap-group interfaces targets server address
[edit]
lab@srxA-1# set snmp trap-group interfaces categories link

To test your SNMP configuration, temporarily disable the ge-0/0/0 interface using
the set interfaces ge-0/0/0 disable command.

lab@srxA-1# set interfaces ge-0/0/0 disable

[edit]
lab@srxA-1# commit
commit complete
[edit]
lab@srxA-1# run show interfaces ge-0/0/0 terse
Interface Admin Link Proto Local Remote
ge-0/0/0 down down
ge-0/0/0.0 up down inet 10.210.14.131/27
[edit]
lab@srxA-1# delete interfaces ge-0/0/0 disable
[edit]
lab@srxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@srxA-1>

Perform an SNMP MIB walk with the Junos CLI using the show snmp mib walk
jnxOperatingDescr command. Note that the resolved object identifier (OID) of
jnxOperatingDescr is case sensitive. The OID is variable; we are simply using
this OID as an example.
lab@srxA-1> show snmp mib walk jnxOperatingDescr
jnxOperatingDescr.1.1.0.0 = midplane
jnxOperatingDescr.2.1.0.0 = PEM 0
jnxOperatingDescr.4.1.0.0 = SRX240 PowerSupply fan 1
jnxOperatingDescr.4.2.0.0 = SRX240 PowerSupply fan 2
jnxOperatingDescr.4.3.0.0 = SRX240 CPU fan 1
jnxOperatingDescr.4.4.0.0 = SRX240 CPU fan 2
jnxOperatingDescr.4.5.0.0 = SRX240 IO fan 1
jnxOperatingDescr.4.6.0.0 = SRX240 IO fan 2
jnxOperatingDescr.7.1.0.0 = FPC: FPC @ 0/*/*
jnxOperatingDescr.7.2.0.0 = FPC: FPC @ 1/*/*
jnxOperatingDescr.8.1.1.0 = PIC: 16x GE Base PIC @ 0/0/*
jnxOperatingDescr.8.2.1.0 = PIC: 1x Serial mPIM @ 1/0/*
jnxOperatingDescr.9.1.0.0 = Routing Engine
jnxOperatingDescr.9.1.1.0 = USB Hub

configure your system to archive its configuration to a

remote FTP server whenever a commit operation occurs. You should configure the
archive-sites as “ftp://ftp@server address:/archive” including
the quotation marks. Refer to the management network diagram for the server’s IP
address. You should configure the password as ftp.

lab@srxA-1> configure
Entering configuration mode
[edit]
lab@srxA-1# edit system archival configuration
[edit system archival configuration]
lab@srxA-1# set archive-sites "ftp://192.168.101.1/archive" password ftp
[edit system archival configuration]
lab@srxA-1# set transfer-on-commit
[edit system archival configuration]
lab@srxA-1# commit and-quit
commit complete
Exiting configuration mode
Issue the show system processes extensive command to check the status
of the routing protocol daemon (rpd). Alternatively, issue the show system
processes extensive | match "pid | rpd"

lab@srxA-1> show system processes extensive

last pid: 5976; load averages: 0.08, 0.14, 0.07 up 1+21:08:16 07:32:28
124 processes: 18 running, 95 sleeping, 11 waiting
Mem: 143M Active, 98M Inact, 535M Wired, 159M Cache, 112M Buf, 34M Free
Swap:
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
1234 root 7 76 0 511M 61524K select 0 140.4H 282.62%
flowd_octeon_hm
22 root 1 171 52 0K 16K RUN 0 39.0H 87.94% idle: cpu0
23 root 1 -20 -139 0K 16K RUN 0 16:54 0.00% swi7: clock
1256 root 1 76 0 10896K 4104K select 0 5:14 0.00% license-check
5 root 1 -16 0 0K 16K rtfifo 0 5:12 0.00% rtfifo_kern_recv
1223 root 1 76 0 26180K 9224K select 0 4:03 0.00% mib2d
1225 root 1 76 0 18768K 7252K select 0 3:41 0.00% l2ald
1244 root 1 76 0 15588K 3464K select 0 2:48 0.00% shm-rtsdbd
1218 root 1 76 0 113M 16796K select 0 1:49 0.00% chassisd
19 root 1 171 52 0K 16K RUN 3 1:44 0.00% idle: cpu3
20 root 1 171 52 0K 16K RUN 2 1:44 0.00% idle: cpu2
21 root 1 171 52 0K 16K RUN 1 1:43 0.00% idle: cpu1
1227 root 2 76 0 22948K 7616K select 0 1:40 0.00% pfed
1222 root 1 76 0 18932K 11360K select 0 1:33 0.00% snmpd
1252 root 1 76 0 16684K 7916K select 0 1:28 0.00% utmd
50 root 1 -16 0 0K 16K psleep 0 1:14 0.00% vmkmemdaemon
25 root 1 -40 -159 0K 16K WAIT 0 1:13 0.00% swi2: netisr 0
1215 root 1 76 0 3288K 1376K select 0 1:10 0.00% bslockd
1219 root 1 76 0 11132K 3324K select 0 1:10 0.00% alarmd
1685 root 1 4 0 49392K 22156K kqread 0 0:40 0.00% rpd
...TRIMMED...Introduction to the Junos Operating System
Lab 4–4 • Operational Monitoring and Maintenance (Detailed) www.juniper.net
lab@srxA-1> show system processes extensive | match "pid | rpd"
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
1685 root 1 4 0 49392K 22156K kqread 0 0:40 0.00% rpd

Issue the show system statistics command to view protocol statistics

related to your team’s device.
lab@srxA-1> show system statistics
tcp:
466 packets sent
340 data packets (16474 bytes)
0 data packets (0 bytes) retransmitted
0 resends initiated by MTU discovery
116 ack-only packets (91 delayed)
0 URG only packets
2 window probe packets
0 window update packets
10 control packets

Issue the show system storage command to view information regarding the
device storage space.
lab@srxA-1> show system storage
Filesystem Size Used Avail Capacity Mounted on
/dev/da0s1a 898M 497M 330M 60% /
devfs 1.0K 1.0K 0B 100% /dev
devfs 1.0K 1.0K 0B 100% /dev/
/dev/md0 477M 477M 0B 100% /junos
/cf 898M 497M 330M 60% /junos/cf
devfs 1.0K 1.0K 0B 100% /junos/dev/

Issue the show system uptime command to view the current system time.
lab@srxA-1> show system uptime
Current time: 2012-04-20 08:01:50 PDT
System booted: 2012-04-18 10:24:42 PDT (1d 21:37 ago)
Protocols started: 2012-04-18 12:27:26 PDT (1d 19:34 ago)
Last configured: 2012-04-20 07:52:13 PDT (00:09:37 ago) by lab
8:01AM up 1 day, 21:37, 2 users, load averages: 0.07, 0.05, 0.03

Return to the original session logged in as lab and issue the show system users
command to view information about users logged in to your team’s device.
lab@srxA-1> show system users
12:41PM up 46 mins, 2 users, load averages: 0.03, 0.08, 0.12
USER TTY FROM LOGIN@ IDLE WHAT
lab u0 - 2:33PM - -cli (cli)
walter p0 10.210.14.129 3:07PM 1 -cli (cli)

Issue the request system logout user walter command to force a log
out for the user walter. Next, issue the show system users command to verify
that the user session for walter was terminated.
lab@srxA-1> request system logout user walter
logout-user: done
lab@srxA-1> show system users
12:46PM up 51 mins, 1 user, load averages: 0.06, 0.12, 0.12
USER TTY FROM LOGIN@ IDLE WHAT
lab u0 - 12:29PM - -cli (cli)

Check the environmental status of your team’s device by issuing the show
chassis environment command.
lab@srxA-1> show chassis environment
Class Item Status Measurement
Temp Routing Engine OK 37 degrees C / 98 degrees F
Routing Engine CPU OK 36 degrees C / 96 degrees F
Fans SRX240 PowerSupply fan 1 OK Spinning at high speed
SRX240 PowerSupply fan 2 OK Spinning at high speed
SRX240 CPU fan 1 OK Spinning at high speed
SRX240 CPU fan 2 OK Spinning at high speed
SRX240 IO fan 1 OK Spinning at high speed
SRX240 IO fan 2 OK Spinning at high speed
Power Power Supply 0 OK

lab@srxA-1> show chassis routing-engine

Routing Engine status:
Temperature 37 degrees C / 98 degrees F
CPU temperature 36 degrees C / 96 degrees F
Total memory 1024 MB Max 635 MB used ( 62 percent)
Control plane memory 560 MB Max 330 MB used ( 59 percent)
Data plane memory 464 MB Max 306 MB used ( 66 percent)
CPU utilization:
User 5 percent
Background 0 percent
Kernel 4 percent
Interrupt 0 percent
Idle 92 percent

Issue the show chassis temperature-thresholds command.

lab@srxA-1> show chassis temperature-thresholds
Fan speed Yellow alarm Red alarm Fire
(degrees C) (degrees C) (degrees C) (degrees C)
Item Normal High Normal Bad fan Normal Bad fan
Normal
Chassis default 35 45 50 40 75 65 100
Routing Engine 35 45 50 40 75 65 100

View details about your system’s hardware components using the show chassis
hardware command.
lab@srxA-1> show chassis hardware
Hardware inventory:
Item Version Part number Serial number Description
Chassis AH2909AA0041 SRX240-poe
Routing Engine REV 31 750-021794 AAAK4071 RE-SRX240-POE
FPC 0 FPC
PIC 0 16x GE Base PIC
Power Supply 0

Issue the show interface terse command to quickly verify the administrative
and link state for your device’s interfaces.
lab@srxA-1> show interfaces terse
Interface Admin Link Proto Local Remote
ge-0/0/0 up up
ge-0/0/0.0 up up inet 10.210.14.131/27
Issue the show interfaces ge-0/0/0 extensive command and answer
the questions that follow:
lab@srxA-1> show interfaces ge-0/0/0 extensive
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Interface index: 131, SNMP ifIndex: 117, Generation: 134
Description: MGMT Interface - DO NOT DELETE
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled,
Remote fault: Online
Device flags : Present Running

Issue the clear interfaces statistics ge-0/0/0 command followed by

the show interfaces ge-0/0/0 extensive | find "traffic"
command.
lab@srxA-1> clear interfaces statistics ge-0/0/0
lab@srxA-1> show interfaces ge-0/0/0 extensive | find "traffic"
Traffic statistics:
Input bytes : 0 0 bps
Output bytes : 0 0 bps
Input packets: 0 0 pps
Output packets: 0 0 pps

lab@srxA-1> monitor traffic interface ge-0/0/0

verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on ge-0/0/0, capture size 96 bytes

lab@srxA-1> monitor traffic interface ge-0/0/0 matching icmp

verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on ge-0/0/0, capture size 96 bytes
Reverse lookup for 10.210.14.131 failed

lab@srxA-1> monitor traffic interface ge-0/0/0 matching icmp layer2-headers

verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on ge-0/0/0, capture size 96 bytes
Recovering the Root Password

lab@srxA-1> request system reboot

Hit [Enter] to boot immediately, or space bar for command prompt.

Booting [/kernel] in 1 second...
Type '?' for a list of commands, 'help' for more detailed help.
loader>
loader> watchdog disable
loader> boot -s
Enter full pathname of shell or 'recovery' for root password recovery or RETURN
for /bin/sh: recovery