コンフィグ
- Active コンフィグの表示
> show configuration | no-more> show configuration | display set | no-more
- Candidate コンフィグの表示
# show | no-more# show | display set | no-more
- 設定変更差分の表示
# show | compare
システム関連
型番・バージョン確認
show version
root@SRX> show version
Hostname: SRX
Model: srx100h2
JUNOS Software Release [12.1X44-D45.2]show system firmware
root@SRX> show system firmware
Part Type Tag Current Available Status
version version
Routing Engine 0 RE BIOS 0 2.7 2.7 OK
Routing Engine 0 RE BIOS Backup 1 2.7 2.7 OKライセンス確認
show system license
root@SRX> show system license
License usage:
Licenses Licenses Licenses Expiry
Feature name used installed needed
dynamic-vpn 0 2 0 permanent
ax411-wlan-ap 0 2 0 permanent
Licenses installed: noneメモリ使用状況
show system memory
root@SRX> show system memory
System memory usage distribution:
Total memory: 2097152 Kbytes (100%)
Reserved memory: 1027836 Kbytes ( 49%)
Wired memory: 1024560 Kbytes ( 48%)
Active memory: 155484 Kbytes ( 7%)
Inactive memory: 91940 Kbytes ( 4%)
Cache memory: 151876 Kbytes ( 7%)
Free memory: 595376 Kbytes ( 28%)
Memory disk resident memory: 24396 Kbytes
VM-Kbytes( % ) Resident( % ) Map-name
472676(45.07) 115668(00.00) kernel
Pid VM-Kbytes( % ) Resident( % ) Process-name
1735 5764(01.09) 1284(00.00) /sbin/pmap
1450 278816(53.17) 21084(00.00) mgd: (mgd) (root)/dev/ttyu0
1449 49228(02.34) 16444(00.00) cli
...メモリ・CPU 使用率、シリアル No. 等
show chassis routing-engine
root@SRX> show chassis routing-engine
Routing Engine status:
Temperature 49 degrees C / 120 degrees F
Total memory 2048 MB Max 901 MB used ( 44 percent)
Control plane memory 1104 MB Max 375 MB used ( 34 percent)
Data plane memory 944 MB Max 529 MB used ( 56 percent)
CPU utilization:
User 2 percent
Background 0 percent
Kernel 7 percent
Interrupt 0 percent
Idle 91 percent
Model RE-SRX100H2
Serial ID BZ3615XXXXXXX
Start time 2022-03-26 11:31:16 JST
Uptime 6 hours, 6 minutes, 30 seconds
Last reboot reason 0x1:power cycle/failure
Load averages: 1 minute 5 minute 15 minute
0.05 0.01 0.00NTP サーバ同期状態確認
show ntp associations
root@SRX> show ntp associations
remote refid st t when poll reach delay offset jitter
==============================================================================
*10.1.10.1 208.91.114.23 3 - 36 64 1 3.604 26.089 0.786
+ntp-a3.nict.go. .NICT. 1 - 35 64 1 53.004 41.941 5.566
show ntp status
root@SRX> show ntp status
status=0694 leap_none, sync_ntp, 9 events, event_peer/strat_chg,
version="ntpd 4.2.0-a Mon Jan 12 15:40:54 UTC 2015 (1)",
processor="octeon", system="JUNOS12.1X44-D45.2", leap=00, stratum=4,
precision=-17, rootdelay=193.575, rootdispersion=1.890, peer=10892,
refid=10.1.10.1,
reftime=e3780cb0.73131618 Mon, Dec 7 2020 11:06:40.449, poll=6,
clock=e3780cd9.5fb657eb Mon, Dec 7 2020 11:07:21.373, state=3,
offset=0.000, frequency=0.000, jitter=0.748, stability=0.000現在時刻確認
show system uptime
root@SRX> show system uptime
Current time: 2020-12-07 11:10:30 JST
System booted: 2020-12-07 08:20:04 JST (02:50:26 ago)
Protocols started: 2020-12-07 08:23:04 JST (02:47:26 ago)
Last configured: 2020-12-07 11:05:11 JST (00:05:19 ago) by root
11:10AM up 2:50, 1 user, load averages: 0.10, 0.12, 0.05ハードウェア関連
温度・電源状態
show chassis environment
root@SRX> show chassis environment
Class Item Status Measurement
Temp Routing Engine OK 49 degrees C / 120 degrees F
Routing Engine CPU Absent
Power Power Supply 0 OKハードウェア情報
show chassis hardware detail
root@SRX> show chassis hardware detail
Hardware inventory:
Item Version Part number Serial number Description
Chassis BZ3615XXXXXX SRX100H2
Routing Engine REV 05 650-048781 BZ3615XXXXXX RE-SRX100H2
da0 1992 MB ST72682 Nand Flash
usb0 (addr 1) DWC OTG root hub 0 vendor 0x0000 uhub0
usb0 (addr 2) product 0x005a 90 vendor 0x0409 uhub1
usb0 (addr 3) ST72682 High Speed Mode 64218 STMicroelectronics umass0
FPC 0 FPC
PIC 0 8x FE Base PIC
Power Supply 0インターフェース関連
show interfaces terse- 物理/論理 IF 一覧の表示
root@SRX> show interfaces terse
Interface Admin Link Proto Local Remote
fe-0/0/0 up up
fe-0/0/0.0 up up inet 10.1.10.8/24
gr-0/0/0 up up
ip-0/0/0 up up
lt-0/0/0 up up
mt-0/0/0 up up
sp-0/0/0 up up
sp-0/0/0.0 up up inet
sp-0/0/0.16383 up up inet 10.0.0.1 --> 10.0.0.16
10.0.0.6 --> 0/0
128.0.0.1 --> 128.0.1.16
128.0.0.6 --> 0/0
fe-0/0/1 up down
fe-0/0/1.0 up down eth-switch
fe-0/0/2 up down
fe-0/0/2.0 up down eth-switch
fe-0/0/3 up down
fe-0/0/3.0 up down eth-switch
fe-0/0/4 up down
fe-0/0/4.0 up down eth-switch
fe-0/0/5 up down
fe-0/0/5.0 up down eth-switch
fe-0/0/6 up down
fe-0/0/6.0 up down eth-switch
fe-0/0/7 up down
fe-0/0/7.0 up down inet 10.20.30.10/24
gre up up
ipip up up
irb up up
lo0 up up
lo0.16384 up up inet 127.0.0.1 --> 0/0
lo0.16385 up up inet 10.0.0.1 --> 0/0
10.0.0.16 --> 0/0
128.0.0.1 --> 0/0
128.0.0.4 --> 0/0
128.0.1.16 --> 0/0
lo0.32768 up up
lsi up up
mtun up up
pimd up up
pime up up
pp0 up up
ppd0 up up
ppe0 up up
st0 up up
tap up up
vlan up up
vlan.0 up down inet 192.168.1.1/24
show interfaces- IF 情報を表示
root@SRX> show interfaces fe-0/0/0
Physical interface: fe-0/0/0, Enabled, Physical link is Up
Interface index: 134, SNMP ifIndex: 508
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 100mbps,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
Source filtering: Disabled, Flow control: Enabled
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
CoS queues : 8 supported, 8 maximum usable queues
Current address: 88:a2:5e:0c:33:40, Hardware address: 88:a2:5e:0c:33:40
Last flapped : 2020-12-07 10:44:51 JST (03:03:18 ago)
Input rate : 0 bps (0 pps)
Output rate : 0 bps (0 pps)
Active alarms : None
Active defects : None
Interface transmit statistics: Disabled
Logical interface fe-0/0/0.0 (Index 70) (SNMP ifIndex 511)
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Input packets : 3119
Output packets: 639
Security: Zone: untrust
Allowed host-inbound traffic : dhcp tftp
Protocol inet, MTU: 1500
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Preferred Is-Primary
Destination: 10.1.10/24, Local: 10.1.10.8, Broadcast: 10.1.10.255show interfaces brief- IF 情報を簡易表示
root@SRX> show interfaces brief fe-0/0/0
Physical interface: fe-0/0/0, Enabled, Physical link is Up
Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, Loopback: Disabled,
Source filtering: Disabled, Flow control: Enabled
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Logical interface fe-0/0/0.0
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Security: Zone: untrust
Allowed host-inbound traffic : dhcp tftp
inet 10.1.10.8/24
show interfaces detail- IF 詳細情報を表示
VLAN
root@SRX> show vlans ?
Possible completions:
<[Enter]> Execute this command
Show information for a particular VLAN
brief Display brief output
default
detail Display detailed output
extensive Display extensive output
sort-by Specify display order
summary Display summary output
| Pipe through a command ログ表示
show log <ログファイル名>show log messages
root@SRX> show log messages
Dec 6 23:45:00 newsyslog[1476]: logfile turned over due to size>100K
Dec 7 00:29:13 SRX sshd[2080]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Dec 7 00:29:18 SRX sshd[2080]: Accepted password for root from 192.168.1.2 port 51048 ssh2
Dec 7 00:29:22 SRX sshd[2080]: Received disconnect from 192.168.1.2: 11: disconnected by server request
Dec 7 00:38:22 SRX sshd[2383]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Dec 7 00:38:26 SRX sshd: SSHD_LOGIN_FAILED: Login failed for user 'root' from host '192.168.1.2'
...セッションテーブル表示
show security flow session
NAT されたセッション
show security flow session nat
root@SRX> show security flow session nat
Session ID: 9560, Policy name: trust-to-untrust/4, Timeout: 2, Valid
In: 192.168.1.2/7625 --> 192.168.1.200/1;icmp, If: fe-0/0/7.0, Pkts: 1, Bytes: 60
Out: 10.1.10.1/1 --> 10.1.10.10/2630;icmp, If: fe-0/0/0.0, Pkts: 1, Bytes: 60
Session ID: 9561, Policy name: trust-to-untrust/4, Timeout: 4, Valid
In: 192.168.1.2/7626 --> 192.168.1.200/1;icmp, If: fe-0/0/7.0, Pkts: 1, Bytes: 60
Out: 10.1.10.1/1 --> 10.1.10.10/25871;icmp, If: fe-0/0/0.0, Pkts: 1, Bytes: 60
Session ID: 9562, Policy name: trust-to-untrust/4, Timeout: 4, Valid
In: 192.168.1.2/7628 --> 192.168.1.200/1;icmp, If: fe-0/0/7.0, Pkts: 1, Bytes: 60
Out: 10.1.10.1/1 --> 10.1.10.10/32214;icmp, If: fe-0/0/0.0, Pkts: 1, Bytes: 60
Total sessions: 3ルーティング
ルーティングテーブル
show route- ルート情報の表示
root@SRX> show route
inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 00:00:54
> to 10.1.10.1 via fe-0/0/0.0
[Access-internal/12] 08:13:52
> to 10.1.10.6 via fe-0/0/0.0
10.1.10.0/24 *[Direct/0] 08:13:52
> via fe-0/0/0.0
10.1.10.8/32 *[Local/0] 08:13:52
Local via fe-0/0/0.0
10.1.20.0/24 *[Static/5] 00:00:06
> to 10.1.10.1 via fe-0/0/0.0
192.168.1.0/24 *[Direct/0] 08:16:00
> via fe-0/0/7.0
192.168.1.99/32 *[Local/0] 08:16:10
Local via fe-0/0/7.0
show route detail- ルートの詳細情報の表示
root@SRX> show route detail
inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
0.0.0.0/0 (2 entries, 1 announced)
*Static Preference: 5
Next hop type: Router, Next hop index: 559
Address: 0x15c0438
Next-hop reference count: 7
Next hop: 10.1.10.1 via fe-0/0/0.0, selected
State: <Active Int Ext>
Age: 11:40
Task: RT
Announcement bits (2): 0-KRT 1-Resolve tree 1
AS path: I
Access-internal Preference: 12
Next hop type: Router, Next hop index: 558
Address: 0x15c03ec
Next-hop reference count: 1
Next hop: 10.1.10.6 via fe-0/0/0.0, selected
State: <Int>
Inactive reason: Route Preference
Age: 8:24:38
Task: RPD Unix Domain Server./var/run/rpd_serv.local
AS path: I
10.1.10.0/24 (1 entry, 1 announced)
...ARP テーブル
show arp
クラスタ関連
root@SRX> show chassis cluster ?
Possible completions:
control-plane Display control-plane information
data-plane Display data-plane information
ethernet-switching Display chassis cluster ethernet switching details
interfaces Display chassis cluster interfaces
ip-monitoring Display IP monitoring related information
statistics Display chassis cluster statistics
status Display chassis cluster statusshow chassis cluster information- 各ノードの各冗長グループのステータスと状態変化ログを表示
show chassis cluster ip-monitoring status- IP モニタリング状態を表示
参考資料
Monitoring Chassis Cluster Interfaces | Junos OS | Juniper Networks
Interface monitoring monitors the state of an interface by checking if the interface is in an up or down state. When one or more monitored interfaces fail, the ...
www.juniper.net
