ネットワーク装置メモ(alaxala/Juniper/Cisco)

L2

FIBを見る

show mac-address-table port 0/1

cisco XE

L3

RIBを見る

show ip route vrf MGMT

特定のVRFのBGP RIBを見る

show bgp vrf MGMT all summary

bgp をclearしたい

clear ip bgp all 65000

cisco XR

L2

VPLSのFIBを見たい

show l2vpn forwarding bridge-domain mac-address location 0/0/CPU0
show l2vpn forwarding bridge-domain VPLS:<name> mac-address location 0/0/CPU0

L3

exactな経路表を見たい

show route ipv6 2001:200::/32

BGPpeerを見る

show bgp ipv4 unicast summary
show bgp ipv6 unicast summary

BGPのadv/recv経路を見たい

 show bgp ipv4 unicast neighbors 192.168.0.1 advertised-routes
 show bgp ipv6 unicast neighbors 2001:db8::1 received routes

juniper

L1

光(一般ポート)

 show interfaces diagnostics optics | match "Physical|dBm" | except threshold
 Physical interface: ge-0/2/3
 Laser output power                        :  0.3160 mW / -5.00 dBm
 Receiver signal average optical power     :  0.2804 mW / -5.52 dBm
 Physical interface: ge-2/2/3
 Laser output power                        :  0.3160 mW / -5.00 dBm
 Receiver signal average optical power     :  0.3309 mW / -4.80 dBm

光(VCポート)

request virtual-chassis vc-port diagnostics optics
show virtual-chassis vc-port diagnostics optics | match "fpc|Virtual chassis port|Receiver signal average optical power"

L2

FIB

show ethernet-switching table
show ethernet-switching table vlan-id 40
show ethernet-switching table interface ge-1/1/0.0

L3

BGPのadv/recvを見たい

show bgp summary
> neighbor情報
show route receive-protocol bgp 192.168.0.1
> 受信経路
show route advertising-protocol bgp 192.168.0.1
> 送信経路

BGP経路の確認

 show route advertising-protocol bgp 192.168.0.1 terse
 show route receive-protocol bgp 192.168.0.1 terse
 show route receive-protocol bgp 192.168.0.1 hidden terse
 show route source-gateway 192.168.0.1 terse aspath-regex "65000"

OSPF 基本

 show ospf neighbor
 show ospf3 neighbor

mgmt関係

configの過去との比較

 show | compare rollback 0
 show configuration | compare rollback 45

JSRP時の他のノードの操作(SRXとか)

  request routing-engine login node 1

logical-systems組んでる場合(MXとか)

  set cli logical-system [system-name]

virtual-chassisしている場合(EXとか)

 show virtual-chassis status
 request session member 0
 show chassis routing-engine

core-dump見たい(ファイルの位置)

 show system core-dumps

PoE

https://www.juniper.net/documentation/en_US/junos/topics/task/verification/poe-ex-series-cli.html

複数台関係

Virtual Chassis

 show virtual-chassis status
 Member ID  Status   Serial No    Model          prio  Role      Mode  Mode ID  Interface
 0 (FPC 0)  Prsnt    XXXXXXXXXXXX ex3400-48p     255   Master*      N  VC   1  vcp-255/2/1
                                                                            2  vcp-255/2/2
 1 (FPC 1)  Prsnt    XXXXXXXXXXXX ex3400-48p       0   Linecard     N  VC   3  vcp-255/2/1
                                                                            0  vcp-255/2/2

configセーブ

 show configuration |display set | save 20130515
 configure
 load override
 load set
  factory-default      Override existing configuration with factory default
 > 初期化
  merge                Merge contents with existing configuration
 > confrict検知
  override             Override existing configuration
 > 上書き
  patch                Load patch file into configuration
 > 調べる
  replace              Replace configuration data
 > 入れ替え
  set                  Execute set of commands on existing configuration
 > display setの結果を
  update               Update existing configuration
 > ???

rootでshell

 start shell user root

IFカウンタ系

 show interfaces ge-0/0/0 extensive
 monitor interface ge-0/0/0
 > エラーカウンタとか見れる

ターミナルの幅を広げる

 set cli screen-width 1024

一次的にcliのコマンド毎にタイムスタンプを表示

 set cli timestamp

replace

 rename protocols bgp group AS65000 to group AS65000
 edit protocols bgp group AS65001
 replace pattern AS65000 with AS65001
 top
 > AS番号を 変える

BGPポートのフィルタの書き方 apply-path

 set policy-options prefix-list bgp-peers apply-path "protocols bgp group <*> neighbor <*>";
 set firewall family inet filter bgp-access term bgp-permit from prefix-list bgp-peers
 set firewall family inet filter bgp-access term bgp-permit from protocol bgp
 set firewall family inet filter bgp-access term bgp-permit from port 179
 set firewall family inet filter bgp-access term bgp-permit then accept
 set firewall family inet filter bgp-access term bgp-deny from protocol bgp
 set firewall family inet filter bgp-access term bgp-deny from port 179
 set firewall family inet filter bgp-access term bgp-deny then discard

firewall

「今」処理しているフローが見たい

show security flow session destination-prefix 192.168.0.0/24

ポリシーの中身を見る

show security policies from-zone Untrust to-zone Trust policy-name drop-dos detail

ポリシーがヒットしているか見たい

show security policies hit-count from-zone Untrust to-zone Trust | match drop-dos