SRX Services Gateway
Highlighted
SRX Services Gateway

Re: Junos Hidden Commands

‎03-15-2013 09:37 AM

Just to add a little bit more detail.

Let say somehow you dont have the root login and still you want to capture output on PFE withough going to vty mode.

Here is the way.

 

 

admin@SRX210H>request pfe execute target fwdd command "show usp threads"<<<<Just add pfe commands in colun" ".

Highlighted
SRX Services Gateway

Re: Junos Hidden Commands

‎07-18-2013 03:24 PM

I know this is an SRX thread, but I find this one useful all the time on an EX VC: 

 

operate@Ray-20# run request rou                            
                               ^
syntax error.
operate@Ray-20# run request routing-engine ?                 
Possible completions:
  login                Allow login to one Routing Engine
{master:0}[edit]
operate@Ray-20# run request routing-engine login ?
Possible completions:
  all-members          Log in to all virtual chassis members
  backup               Log in to backup RE
  local                Log in to local virtual chassis member
  master               Log in to master RE
  member               Log in to specific virtual chassis member (0..9)
  other-routing-engine  Log in to the other Routing Engine
  re0                  Log in to RE0
  re1                  Log in to RE1
{master:0}[edit]
operate@Ray-20#                             

 

 

 

Nathan Printz,
------------------
JNCIE-ENT #453

https://github.com/nprintz

Jaide tool for manipulating many Junos devices:
On Github - https://github.com/NetworkAutomation/jaide
Forum post - http://forums.juniper.net/t5/Junos-Automation-Scripting/Junos-Aide-Jaide-A-tool-for-manipulating-Junos-devices/td-p/254501

Junos config syntax highlight package for Sublime Text:
https://sublime.wbond.net/packages/Junos
Highlighted
SRX Services Gateway

Re: Junos Hidden Commands

‎09-06-2013 03:46 AM
 

Junos contains default configurations in a hidden group named junos-defaults. To see them:

 

user@srx>show configuration groups junos-defaults

user@srx>show configuration groups junos-defaults applications

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Highlighted
SRX Services Gateway

Re: Junos Hidden Commands

[ Edited ]
‎02-25-2014 11:05 PM

 

summarry file 

 

until 2014/02/26

================================
Hugo Sun

CCNA、CCNP、CCIE-RS
JNCIA-JUNOS JNICS-ENT JNCIS-SEC
E-mail:heinrich38008@qq.com
================================

Attachments

Highlighted
SRX Services Gateway

Re: Junos Hidden Commands

‎09-04-2014 03:57 AM

Hi, different question:

is there a hidden command to accept and work with "normal" SFP+ SR even if the module officially supports only SFP+ SR ET (extended temperature)?

Module would be: SRX-MIG-10XG-SFPP in SRX5800

According to page 9 of http://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/topic-collectio...

only EX-SFPP-10GE-SR-ET or EX-SFPP-10GE-LR are supported.

 

But the temperature inside the SFP always is way below 73 degree celsius so normal SFP+-SR could be sufficient.

Regards

--Stefan

Highlighted
SRX Services Gateway

Re: Junos Hidden Commands

‎09-04-2014 06:10 AM

Hi, a few hidden commands that oneday have helped me:

1) ike gateway ... local-address ... - when the gateway iface from another side has a 2-nd ip, and you set a VPN with it

2) protocols ospf no-active-backbone - when there is only 1 router in area 0 and you need to send a default route to stub area

Highlighted
SRX Services Gateway

Re: Junos Hidden Commands

‎12-05-2014 05:35 AM

Hi All,

 

"set apply-flags omit" is a useful one, expetialy in big configs.

 

lab@A# set apply-?        
Possible completions:
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups


[edit firewall]
lab@A# set apply-flags omit    


lab@A# show
...
firewall { /* OMITTED */ };
...

 

 

PS can be used in any hierarchy, for example for lo0.0 input CoPP filters.

Highlighted
SRX Services Gateway

Re: Junos Hidden Commands

‎12-05-2014 01:44 PM

request routing-engine login node  is not valid for high end SRX i guess it only works on Branch Devices.

Highlighted
SRX Services Gateway

Re: Junos Hidden Commands

‎02-03-2015 02:23 AM

To login to other High-End node:

 

{primary:node1}
user@SRX-node1> start shell
% rlogin -Jk -T node0

--- JUNOS 12.1X44-D40.2 built 2014-08-28 12:48:56 UTC
{secondary:node0}
user@SRX-node0>

Highlighted
SRX Services Gateway

Re: Junos Hidden Commands

‎02-23-2015 10:44 AM

I'm surprised nobody listed:

 

request pfe execute target fwdd command "sh usp ipsec sa"
restart ipsec-key-management

 

Highlighted
SRX Services Gateway

Re: Junos Hidden Commands

‎04-16-2015 02:15 AM

Hi mflyger,

 

These are not hidden.

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Highlighted
SRX Services Gateway

Re: Junos Hidden Commands

‎04-25-2015 11:44 AM
shows interfaces and indexes (not snmp!)

 

mmalik@FW1> show pfe ?

Possible completions:

  data                 Show Packet Forwarding Engine data

  fpc                  Show Flexible PIC Concentrator status and statistics

  fwdd                 Show forwarding process status and statistics

  next-hop             Show Packet Forwarding Engine next-hop information

  pfem                 Show pfem information

  route                Show Packet Forwarding Engine routing table

  statistics           Show Packet Forwarding Engine statistics

  terse                Show list of Packet Forwarding Engine components

  version              Show pfe version

mmalik@FW1> show pfe interfaces

================ master ================

 

Index  Name                 Type         Flags  Slot   State

-----  -------------------- -----------  ------ -----  ------

    0  .local.              Local        0x0000000000000010 local  Up

49155  .pfe                 Software     0x0000000000000040 local  Up

    5  dsc                  Unspecified  0x0000000000000000 local  Up

  134  ge-0/0/0             Ethernet     0x0000000000008000     0  Up

  135  ge-0/0/1             Ethernet     0x0000000000008000     0  Up

  137  gr-0/0/0             Unspecified  0x0000000000000000     0  Up

   10  gre                  Unspecified  0x0000000000000000 local  Up

  138  ip-0/0/0             Unspecified  0x0000000000000000     0  Up

   11  ipip                 Unspecified  0x0000000000000000 local  Up

  129  irb                  Unspecified  0x0000000000000000 local  Up

    6  lo0                  Unspecified  0x0000000000000000 local  Up

    4  lsi                  Unspecified  0x0000000000000000 local  Up

  139  lsq-0/0/0            Unspecified  0x0000000000008000     0  Up

  141  lt-0/0/0             Unspecified  0x0000000000008000     0  Up

  140  mt-0/0/0             Unspecified  0x0000000000008000     0  Up

   64  mtun                 Unspecified  0x0000000000000000 local  Up

   26  pimd                 Unspecified  0x0000000000000000 local  Up

   25  pime                 Unspecified  0x0000000000000000 local  Up

  128  pp0                  Unspecified  0x0000000000008000 local  Up

  131  ppd0                 Unspecified  0x0000000000008000 local  Up

  132  ppe0                 Unspecified  0x0000000000008000 local  Up

  136  sp-0/0/0             Unspecified  0x0000000000008000     0  Up

  130  st0                  Secure-Tunnel 0x0000000000000040 local  Up

   12  tap                  Unspecified  0x0000000000000000 local  Up

  133  vlan                 Unspecified  0x0000000000000001 local  Harddown

 

Index  Name                 Type           Encapsulation   Flags

-----  -------------------- -------------  --------------  ------

    0  .local..0            Unspecified    Unspecified     0x0000000000000010     0

    1  .local..1            Unspecified    Unspecified     0x0000000000000052     0

    2  .local..2            Unspecified    Unspecified     0x0000000000000052     0

   67  .local..3            Unspecified    Unspecified     0x0000000000000052     0

   68  .local..4            Unspecified    Unspecified     0x0000000000000052     0

131075  .pfe.0              Unspecified    Unspecified     0x0000000000000040     0

   69  ge-0/0/0.0           Ethernet       Ethernet        0x000000000000c000     0

   65  lo0.16384            Unspecified    Unspecified     0x0000000000008052     0

   64  lo0.32768            Unspecified    Unspecified     0x0000000000000052     0

   66  lo0.16385            Unspecified    Unspecified     0x0000000000008052     0

   70  sp-0/0/0.0           Services       Services        0x0000000000008010     0

   71  sp-0/0/0.16383       Services       Services        0x0000000000008010     0

 

mmalik@FW1> show pfe interfaces statistics

================ master ================

 

Index  Name                    Input Packets       Output Packets  State

-----  ---------------- -------------------- --------------------  -----

  134  ge-0/0/0                         2454                   41  Up

  135  ge-0/0/1                            0                    0  Up

  137  gr-0/0/0                            0                    0  Up

  138  ip-0/0/0                            0                    0  Up

  129  irb                                 0                    0  Up

  139  lsq-0/0/0                           0                    0  Up

  141  lt-0/0/0                            0                    0  Up

  140  mt-0/0/0                            0                    0  Up

  128  pp0                                 0                    0  Up

  131  ppd0                                0                    0  Up

  132  ppe0                                0                    0  Up

  136  sp-0/0/0                            0                    0  Up

  130  st0                                 0                    0  Up

  133  vlan                                0                    0  Harddown

 

 

show tnp addresses

 

mmalik@FW1> show tnp addresses

   Name                TNPaddr   MAC address    IF     MTU E H R

master                   0x1 00:00:00:00:00:00 lo0    1500 0 0 3

 

show chassis cluster information

 

 

_
Regards
Malik
JNCIEx4, CCIE, HCIE, VCIX-DCV, VCIX-NV, CISSP, PMP

[If it helped to solve your problem, please mark it "Accept as solution"; Kudos are always Appreciated]
Highlighted
SRX Services Gateway

Re: Junos Hidden Commands

‎10-14-2015 01:10 AM

Hi All

 

There is also an automated way to search for hidden commands (at least in op mode) with a script. Here is a link

https://github.com/pklimai/junos_hidden_commands

 

Best Regards,
PK

Juniper Ambassador, Juniper Networks Certified Instructor,
JNCIE-SEC #98, JNCIE-ENT #393, JNCIE-SP #2253
Twitter: @JuniperTrain
GitHub: https://github.com/pklimai
[Juniper Authorized Education & Support in Russia]
Highlighted
SRX Services Gateway

Re: Junos Hidden Commands

‎02-28-2016 09:07 PM

Comand to convert HA from Active-Active[default mode] to Active-backup.

 

set chassis cluster redundancy-mode active-backup

 

Yes, this is a hidden command but is very handy in releasing NAT resources.

Catch1: Command once set in config requires reboot of both the nodes.

Catch2: Customer would only be able to run RG-1 for data.[i.e. only 1 Rg for data]

 

Regards,

 

Rahul

CFTS-SRX

Regards,
Rahul
Highlighted
SRX Services Gateway

Re: Junos Hidden Commands

‎03-26-2016 09:13 PM

Hidden command to login into the PFE from a non-root account, applicable only on SRX Branch series. Other wise login to the PFE can be done using root account or one need to run tyhe command in the below manner to get the output

user@SRX-3> request pfe execute target fwdd command "show usp ipsec sa"

 

So a hidden command is present using which you may login into SRX without a non-root account.

 

user@SRX-3> start shell pfe network fwdd 


BSD platform (VMWare virtual processor, 1536MB memory, 16384KB flash)

FLOWD_VSRX(SRX-3 vty)#

Highlighted
SRX Services Gateway

Re: Junos Hidden Commands

[ Edited ]
‎06-15-2017 09:35 AM

Thank you for sharing, 

 

few I know might be helpful

 

request pfe execute command “show sfp list” target fpc0

request pfe execute command “show nvram” target fpc0

request pfe execute command “show syslog messages” target fpc0

JNCIA JNCIS-Sec JNCIP-Sec
JNCIS-DevOps
Highlighted
SRX Services Gateway

Re: Junos Hidden Commands

‎06-27-2017 10:04 PM

 

Heres one for you:  show security pki statistics

 

hidden statistics for the pkid deamon!

 

 

root@vsrx> show security pki ?
Possible completions:
  ca-certificate       Show certificate-authority certificate information
  certificate-request  Show PKCS-10 certificate request information
  crl                  Show certificate revocation list information
  local-certificate    Show router certificate information

root@vsrx> show security pki statistics 

Statistic Name                 Value
--------------                 -----
iked_msgs_inv:                   0              
iked_msgs_rxd:                   935            
iked_msgs_txd:                   951            
cc_kp_req:                       2              
cc_kp_success:                   2              
cc_kp_fail:                      0              
cc_id_ip:                        0              
cc_id_dn:                        1              
cc_id_fqdn:                      0              
cc_id_user_fqdn:                 0              
cc_verify_req:                   1              
cc_verify_success:               1              
cc_verify_fail:                  0              
cc_inv_ids:                      0              
cc_inv_cert_count:               0              
ocsp_requests_duplicate:         0              
ocsp_requests_sent:              0              
ocsp_resp_success:               0              
ocsp_resp_timeout:               0              
ocsp_resp_malformed_req:         0              
ocsp_resp_internal_error:        0              
ocsp_this_update_failed:         0              
ocsp_next_update_failed:         0              
ocsp_resp_try_later:             0              
ocsp_resp_sign_required:         0              
ocsp_sign_verify_failed:         0              
ocsp_http_parse_error:           0              
ocsp_missing_cert_id:            0              
ocsp_resp_unauthorized:          0              
ocsp_rev_status_success:         0              
ocsp_rev_status_revoked:         0              
ocsp_rev_status_unknown:         0              
ocsp_nonce_check_failed:         0              
ca_config_req_received:          474            
ca_config_resp_sent:             474            
crl_download_req_received:       458            
crl_download_resp_sent:          474            
mem_alloc_type_invalid:          0              
mem_free_type_invalid:           0              
mem_free_alloc_external:         0              
Feedback