Professional Documents
Culture Documents
Troubleshooting
Library
Compilation
of
Juniper
SRX
Troubleshooting
Configurations
and
Commands
Ben
Boyd
Network
Engineer
www.sinatranetwork.com
Table
of
Contents
Copyright
...........................................................................................................................................................
5
Acknowledgements
and
Thanks
...............................................................................................................
5
Configuration
Mode
.......................................................................................................................................
6
Verify
the
Last
Committed
Configuration
...........................................................................................................
6
show
configuration
......................................................................................................................................................................
6
show
system
commit
..................................................................................................................................................................
6
show
configuration
|
compare
rollback
x
..........................................................................................................................
7
show
configuration
|
display
set
............................................................................................................................................
7
Verify
Logs
Are
Built
..................................................................................................................................................
8
messages
log
configuration
......................................................................................................................................................
8
interactive-commands
log
configuration
...........................................................................................................................
8
blocked-traffic
log
configuration
...........................................................................................................................................
8
security
log
configuration
.........................................................................................................................................................
9
Verify
Traceoptions
Are
Built
..............................................................................................................................
10
security
flow
traceoptions
......................................................................................................................................................
10
ospf
traceoptions
........................................................................................................................................................................
10
Operational
Mode
.........................................................................................................................................
11
Log
Commands
..........................................................................................................................................................
11
show
log
messages
.....................................................................................................................................................................
11
show
log
interactive-commands
..........................................................................................................................................
11
show
log
jsrpd
..............................................................................................................................................................................
12
show
log
chassisd
.......................................................................................................................................................................
12
show
system
boot-messages
.................................................................................................................................................
12
monitor
(start|stop)
xyz
..........................................................................................................................................................
13
clear
log
xyz
..................................................................................................................................................................................
13
show
log
examples
.....................................................................................................................................................................
13
Alarm
Commands
....................................................................................................................................................
14
show
chassis
alarms
..................................................................................................................................................................
14
show
system
alarms
..................................................................................................................................................................
14
show
system
core-dumps
.......................................................................................................................................................
14
Hardware
Commands
.............................................................................................................................................
15
show
chassis
hardware
detail
...............................................................................................................................................
15
show
chassis
environment
.....................................................................................................................................................
15
show
chassis
fan
.........................................................................................................................................................................
16
Software
&
Firmware
Commands
......................................................................................................................
17
show
version
................................................................................................................................................................................
17
show
chassis
firmware
.............................................................................................................................................................
17
show
system
software
detail
.................................................................................................................................................
17
Usage
Statistics
Commands
..................................................................................................................................
19
show
chassis
routing-engine
.................................................................................................................................................
19
show
system
uptime
.................................................................................................................................................................
19
show
system
buffers
.................................................................................................................................................................
20
SRX
Troubleshooting
Library
Page 2
Page 3
Page 4
Copyright
This
document
is
free
for
everyone.
I
just
ask
that
you
give
credit
where
credit
is
due!
Page 5
Configuration
Mode
Troubleshooting
begins
with
configuration.
The
most
common
mistake
when
troubleshooting
is
not
verifying
the
configuration
is
correct
before
racing
to
diagnose
the
issue.
Operational
mode
commands
are
fantastic
in
helping
diagnose
and
pinpoint
problems,
but
in
the
end
a
configuration
change
will
most
likely
fix
the
issue.
show
configuration
This
operational-mode
command
will
show
you
the
current
running
configuration
as
well
as
who
committed
this
configuration.
##
Last
commit:
2010-09-09
08:26:46
UTC
by
ben
version
10.0R3.10;
system
{
host-name
olive100;
root-authentication
{
encrypted-password
"$1$oafr8h7n$8h2yOCgqdtl7AIZHjloOh1";
##
SECRET-DATA
}
name-server
{
208.67.222.222;
}
Page 6
Page 7
Page 8
Page 9
ospf
traceoptions
If
OSPF
is
flapping
or
not
exactly
working
right
and
you
want
more
information
than
what
is
shown
in
the
messages
log
(OSPF
is
down),
then
create
a
ospf
specific
traceoptions
that
captures
the
details
of
the
OSPF
operation.
ben@olive100>
show
configuration
protocols
ospf
traceoptions
file
ospf_trace
size
3m
files
10
world-readable;
flag
all;
flag
state;
flag
spf;
flag
timer;
flag
task;
Page 10
Operational
Mode
Getting
into
the
meat
of
troubleshooting
and
delving
deep
into
JUNOS
configuration,
architecture,
and
processing
is
done
through
operational
mode
commands.
Some
of
these
commands
are
based
on
configurations
weve
built
and
some
are
built
into
JUNOS
as
a
default.
This
library
doesnt
include
every
command,
but
it
does
include
the
bulk
of
operational
troubleshooting
commands
youll
need
when
encountering
issues
in
your
network.
As
with
most
network
operating
systems,
navigating
commands
with
the
?
key
is
extremely
helpful.
Log
Commands
JUNOS
logs
are
very
helpful
if
they
are
configured
correctly
(see
Configurations
section
above).
This
section
shows
how
to
view
each
of
the
relevant
logs
when
dealing
with
issues
within
an
SRX.
Page 11
Page 12
Page 13
Alarm
Commands
JUNOS
creates
alarms
when
the
environment
is
not
operating
as
manufactured/configured.
Below
are
the
commands
to
view
those
alarms.
Page 14
Hardware
Commands
If
you
are
troubleshooting
what
you
believe
to
be
hardware
issues,
the
following
commands
will
be
useful
in
determining
the
hardware
environment
of
the
SRX.
Page 15
Page 16
show
version
This
command
shows
the
version
of
JUNOS
loaded
on
the
SRX.
ben@olive100>
show
version
Hostname:
olive100
Model:
j4300
JUNOS
Software
Release
[10.0R3.10]
Page 17
juniper@cascrmdinet50rd-f1>
show
system
software
detail
node0:
--------------------------------------------------------------------------
Information
for
junos:
Comment:
JUNOS
Software
Release
[10.2R3.10]
Depends
on:
Description:
JUNOS
Software
Release
Copyright
(c)
1996-2010,
Juniper
Networks,
Inc.
All
rights
reserved.
Software
version:
10.2R3.10
This
package
contains
OS
components.
Page 18
Page 19
Page 20
Page 21
Page 22
Cluster
Commands
When
troubleshooting
issues
in
an
SRX
environment,
one
of
the
first
areas
youll
need
to
verify
as
operational
is
the
clustering
of
2
physical
nodes
into
1
logical
node.
If
the
cluster
is
built
or
performing
correctly
many
other
system
and
network
issues
can
creep
up
as
a
result.
Page 23
reth2
Up
1
Interface
Monitoring:
Interface
Weight
Status
Redundancy-group
ge-13/0/14
255
Up
1
Page 24
Heartbeat
packet
errors:
0
Control
link
1:
Heartbeat
packets
sent:
0
Heartbeat
packets
received:
0
Heartbeat
packet
errors:
0
Fabric
link
statistics:
Probes
sent:
1474291
Probes
received:
1272362
Probe
errors:
0
Services
Synchronized:
Service
name
RTOs
sent
RTOs
received
Translation
context
0
0
Incoming
NAT
0
0
Resource
manager
0
0
Session
create
0
181353670
Page 25
Interface
Commands
show
interfaces
terse
|
match
reth
This
command
shows
all
interfaces
associated
with
reth
interfaces
and
their
up/down
admin
and
physical
status
juniper@cascrmdinet50rd-f1>
show
interfaces
terse
|
match
reth
ge-1/0/0.0
up
up
aenet
-->
reth1.0
ge-13/0/0.0
up
up
aenet
-->
reth1.0
reth0
up
down
reth1
up
up
reth1.0
up
up
inet
10.255.51.183/28
Page 26
Link-level
type:
Ethernet,
MTU:
1514,
Speed:
1Gbps,
BPDU
Error:
None,
MAC-REWRITE
Error:
None,
Loopback:
Disabled,
Source
filtering:
Disabled,
Flow
control:
Disabled,
Minimum
links
needed:
1,
Minimum
bandwidth
needed:
0
Device
flags
:
Present
Running
Interface
flags:
SNMP-Traps
Internal:
0x4000
Current
address:
00:10:db:ff:10:01,
Hardware
address:
00:10:db:ff:10:01
Last
flapped
:
2010-12-12
22:00:41
GMT
(1w2d
00:53
ago)
Statistics
last
cleared:
Never
Traffic
statistics:
Input
bytes
:
787970088269
8851872
bps
Output
bytes
:
8881734839165
95182056
bps
Input
packets:
4921133214
7158
pps
Output
packets:
7887317751
10800
pps
Input
errors:
Errors:
0,
Drops:
0,
Framing
errors:
0,
Runts:
0,
Giants:
0,
Policed
discards:
0,
Resource
errors:
0
Output
errors:
Carrier
transitions:
0,
Errors:
0,
Drops:
0,
MTU
errors:
0,
Resource
errors:
0
Security:
Zone:
red
Allowed
host-inbound
traffic
:
ospf
Flow
Statistics
:
Flow
Input
statistics
:
Bytes
permitted
by
policy
:
629022590737
Connections
established
:
181147640
Flow
Output
statistics:
Multicast
packets
:
0
Bytes
permitted
by
policy
:
8640720901899
Flow
error
statistics
(Packets
dropped
due
to):
No
zone
or
NULL
zone
binding
0
Policy
denied:
420979
Security
association
not
active:
0
TCP
sequence
number
out
of
window:
311511
Protocol
inet,
MTU:
1500,
Generation:
153,
Route
table:
6
Addresses,
Flags:
Is-Default
Is-Preferred
Is-Primary
Destination:
10.255.51.176/28,
Local:
10.255.51.183,
Broadcast:
10.255.51.191,
Generation:
140
Protocol
multiservice,
MTU:
Unlimited,
Generation:
154,
Route
table:
6
Page 27
Page 28
Page 29
Routing
Commands
show
ospf
neighbor
(instance
xyz)
This
command
shows
the
OSPF
neighbors
for
a
specific
routing-instance
juniper@cascrmdinet50rd-f1>
show
ospf
neighbor
instance
prod-vr
Address
Interface
State
ID
Pri
Dead
10.255.51.178
reth1.0
Full
10.255.63.5
10
38
10.255.51.179
reth1.0
Full
10.255.63.6
5
33
10.255.51.162
reth2.0
Full
10.255.63.11
10
37
10.255.51.163
reth2.0
Full
10.255.63.12
5
31
Page 30
show
ospf
statistics
(instance
xyz)
This
command
shows
counters
for
OSPF
related
traffic.
This
is
useful
in
in
determining
if
routes
are
leaving
the
OSPF
process
and
reaching
the
routing-engine.
juniper@cascrmdinet50rd-f1>
show
ospf
statistics
instance
prod-vr
Packet
type
Total
Last
5
seconds
Sent
Received
Sent
Received
Hello
337689
605605
2
1
DbD
3995
3960
0
0
LSReq
125
2
0
0
LSUpdate
393445
1033018
0
0
Page 31
0.0.0.0/0
*[Static/5]
2w3d
02:33:03
>
to
162.115.8.1
via
fxp0.0
162.115.9.31/32
*[Static/5]
2w3d
02:33:03
to
table
logging.inet.0
162.115.9.36/32
*[Static/5]
2w3d
02:33:03
to
table
logging.inet.0
162.115.9.221/32
*[Static/5]
2w3d
02:33:03
to
table
logging.inet.0
logging.inet.0:
3
destinations,
3
routes
(3
active,
0
holddown,
0
hidden)
+
=
Active
Route,
-
=
Last
Active,
*
=
Both
0.0.0.0/0
*[Static/5]
1w2d
01:25:59
>
to
162.115.8.1
via
reth10.0
prod-vr.inet.0:
2077
destinations,
2077
routes
(2077
active,
0
holddown,
0
hidden)
+
=
Active
Route,
-
=
Last
Active,
*
=
Both
162.115.40.1/32
*[Static/5]
1w2d
01:26:00
>
to
10.255.51.178
via
reth1.0
Page 32
Security
Commands
show
security
zones
detail
This
command
shows
all
of
the
configured
security
zones
on
the
SRX
and
the
interfaces
associated
with
them.
juniper@cascrmdinet50rd-f1>
show
security
zones
detail
node0:
--------------------------------------------------------------------------
Security
zone:
logging
Send
reset
for
non-SYN
session
TCP
packets:
Off
Policy
configurable:
Yes
Interfaces
bound:
1
Interfaces:
reth10.0
Security
zone:
red
Send
reset
for
non-SYN
session
TCP
packets:
Off
Policy
configurable:
Yes
Interfaces
bound:
1
Interfaces:
reth1.0
Security
zone:
yellow
Send
reset
for
non-SYN
session
TCP
packets:
Off
Policy
configurable:
Yes
Interfaces
bound:
1
Interfaces:
reth2.0
Page 33
Flow
Statistics
Summary:
System
total
valid
sessions:
21005
Packets
forwarded:
0
Packets
dropped:
439358642
Fragment
packets:
0
Page 34
Page 35
Page 36
Page 37
Page 38
Action
Commands
These
commands
can
be
used
during
the
troubleshooting
process,
but
be
careful
when
you
request
anything
from
JUNOS,
it
typically
involves
downtime
of
some
sort.
Page 39