This page contains some “hidden” commands that are either not documented or hard to find for Juniper devices. This is not an exhaustive list, these are commands that I have come across while troubleshooting various issues. If you come across any others please leave a comment or contact me and I would be happy to add to this list.
These commands may not be officially supported by Juniper and may result in unexpected behavior, use with caution!
Interfaces
These are all interface related commands.
Soft reset SFP/QSFP interfaces
This is assuming the interface to reset is xe-0/0/39:
start shell pfe network fpc0 set cmqfx xcvr remove pic 0 port 39 set cmqfx xcvr insert pic 0 port 39
Source: Juniper KB – [QFX] How to perform a soft reset on a SFP/QSFP
SFP List
Show a list of SFP’s and some general information:
start shell pfe network fpc0 show sfp list
Example output (from an EX4600):
{master:0}
me@device> start shell pfe network fpc0
TOR platform (1500 Mhz Pentium processor, 511MB memory, 0KB flash)
TFXPC0(device vty)# show sfp list
SFP Toolkit summary:
wakeup count: 42974823, debug: 0, periodic enabled: 1, diagnostics enabled: 1
thread: 0x21bf5fe0, itable: 0x21be3880, itable iterator: 0, sem: 0x21c75db0
polling interval delay: 1000 ms, polling max cpu: 100 ms
poll for diags every 3 wakeups , SFPs polled for diags last time: 0
last periodic CPU time: 1 ms, maximum periodic CPU time: 4756 ms
max SFPs to poll per interval: 8
SFP Toolkit syslog throttling parameters:
period: 120 samples , disable threshold: 10, enable threshold 0
SFP periodic diagnostics polling count: 8
diag
Index Name Presence ID Eprom PNO SNO calibr Toxic
----- -------------- ---------- -------- ---------- ----------- ------- -------
1 sfp-0/0/0(0) Present Complete 740-031981 F17AJU06313 int Unknown
2 sfp-0/0/1(1) Present Complete 740-031981 F17AJU06312 int Unknown
3 sfp-0/0/2(2) Present Complete 740-031981 F17AJU06311 int Unknown
4 sfp-0/0/3(3) Present Complete 740-031981 F17AJU06306 int Unknown
5 sfp-0/0/4(4) Present Complete 740-031981 F17CCO05675 int Unknown
6 sfp-0/0/5(5) Present Complete 740-031981 F17AJU06305 int Unknown
7 sfp-0/0/6(6) Present Complete 740-031981 F17AJU06309 int Unknown
8 sfp-0/0/7(7) Present Complete 740-031981 F17AJU06278 int Unknown
9 sfp-0/0/8(8) Present Complete 740-031981 F17AJU06308 int Unknown
10 sfp-0/0/9(9) Present Complete 740-031981 F17AJU06262 int Unknown
11 sfp-0/0/10(10) Present Complete 740-031981 F17AJU06307 int Unknown
12 sfp-0/0/11(11) Present Complete 740-031981 F17AJU06263 int Unknown
13 sfp-0/0/12(12) Present Complete 740-031981 V2841100032 int Unknown
14 sfp-0/0/13(13) Present Complete 740-031981 V2841100038 int Unknown
15 sfp-0/0/14(14) Present Complete 740-031981 F17CCO06223 int Unknown
16 sfp-0/0/15(15) Present Complete 740-031981 F17CCO06226 int Unknown
17 sfp-0/0/16(16) Present Complete 740-031981 F17CCO05676 int Unknown
18 sfp-0/0/17(17) Present Complete 740-031981 F17CCO06222 int Unknown
19 sfp-0/0/18(18) Present Complete 740-031981 F17CCO06225 int Unknown
20 sfp-0/0/19(19) Present Complete 740-031981 F17CCO06224 int Unknown
21 sfp-0/0/20(20) Present Complete 740-031981 F17CCO06221 int Unknown
22 sfp-0/0/21(21) Present Complete 740-031981 F17CCO05674 int Unknown
23 sfp-0/0/22(22) Present Complete 740-031981 F175IN00363 int Unknown
24 sfp-0/0/23(23) Present Complete NON-JNPR F2011011210 int Unknown
I2C Acceleration table
Index Name Presence ID Eprom Reg ID I2C Master I2C Group
----- -------------- ---------- -------- -------- ------------ -------
TFXPC0(device vty)#Source: Juniper KB – [MX] How to check whether an SFP+ is NEBS compliant or not
Show SFP Information
Similar to above, to get specific information for a SFP interface (SFP 1 in this case):
start shell pfe network fpc0 show sfp 1 info
Example output:
{master:0}
me@device> start shell pfe network fpc0
TOR platform (1500 Mhz Pentium processor, 511MB memory, 0KB flash)
TFXPC0(device vty)# show sfp 1 info
index: 0x01
sfp name: sfp-0/0/0
pic context: 0x22a35af8
id mem scanned: true
linkstate: Up
sfp_present: true
sfp_changed: false
i2c failure count: 0x0
diag polling count: 0x3F77
no diag polling from RE:0x0
run_periodic: falseSource: Juniper KB – [MX] How to check whether an SFP+ is NEBS compliant or not
SRX
These commands are for vSRX/SRX devices.
Show PFE IPSEC Security Associations
Show the IPSEC security associations:
request pfe execute target fwdd command "sh usp ipsec sa"
Example output:
me@device> request pfe execute target fwdd command "sh usp ipsec sa" ================ tnp_0x1000080 ================ SENT: Ukern command: sh usp ipsec sa Tunnel | Crypto/Hash | | |Auto|Dyna|Anti|VPN |Bind ifp/| Bytes | Bytes | Local | Remote |Thd | id | Algo | Proto | Status |Key | EP |Rply|Mon |Policy id| In | Out | Address| Address|ID | --------+-----------------+-------+---------+----+----+----+----|---------|-------------|-------------|--------+--------|----| 67108975|AES256-G/NULL |ESP |Active |Auto|Disa|Coun|VD |st0.17 | 7220| 11176|192.0.2.1 |192.0.2.3|7| 67108980|AES256-G/NULL |ESP |Active |Auto|Disa|Coun|VD |st0.21 | 201284| 284632|192.0.2.1 |192.0.2.4|12| 67108969|AES256-G/NULL |ESP |Active |Auto|Disa|Coun|VD |st0.1 | 878527| 1317556|192.0.2.1 |192.0.2.5|12| 67108974|AES256-G/NULL |ESP |Active |Auto|Disa|Coun|VD |st0.16 | 180937| 265352|192.0.2.1 |192.0.2.6|6| 67108968|AES256-G/NULL |ESP |Active |Auto|Disa|Coun|VD |st0.3 | 1074089| 1630380|192.0.2.1 |192.0.2.8|9| 67108973| AES256/SHA256 |ESP |Active |Auto|Disa|Coun|VD |st0.19 | 790463| 1351588|192.0.2.1 |192.0.2.9|4| 67108978|AES256-G/NULL |ESP |Active |Auto|Disa|Coun|VD |st0.7 | 243903| 401580|192.0.2.1 |192.0.2.10|10| ...
BGP/Policies
AS Path/Community Memory
To view information about the memory used for matching AS path’s and communities in policies:
show policy community-match show policy as-path-match
Example output:
me@device> show policy community-match Match cache com Number of entries: 0 Memory usage: 9148152 bytes Default memory limit: 2097152 bytes Effective memory limit: 2097152 bytes Update job: not running Iterators: 1 Locked: no Configuration - Debug: False Maximum expr index: 1 Update pending: no Statistics: Times stats cleared : 0 Get result calls : 828150589 Result requested for null args : 71 No expression index in lookup : 825955619 Lookup locked : 0 Number of lookups : 2194899 Result found : 1587758 Evaluations : 826562831 Hit ratio : 0.723 Number of opens : 150 Number of closes : 150 Times configured : 132 Malloc failures : 0 Entries created : 607141 Entries destroyed : 607141 Mem limit hit : 603660 Expression create calls : 552 Expression not cacheable : 543 Indexes allocated : 9 Indexes reused : 0 Expression delete calls : 8 Expression delete nops : 0 Input delete calls : 1725779341 Input delete nops : 1725776290 Update jobs started : 150 Update jobs completed : 150 Update job mem limit suspends : 0 Update job walk suspends : 0 Update job walks completed : 9 Bit vectors truncated : 0 Iterators adjusted : 0 me@device> show policy as-path-match Match cache as-path Number of entries: 163327 Memory usage: 9147704 bytes Default memory limit: 10485760 bytes Effective memory limit: 10485760 bytes Update job: not running Iterators: 1 Locked: no Configuration - Debug: False Maximum expr index: 1 Update pending: no Statistics: Times stats cleared : 0 Get result calls : 2244116288 Result requested for null args : 0 No expression index in lookup : 22194238 Lookup locked : 4267 Number of lookups : 2221917783 Result found : 1924726714 Evaluations : 319389574 Hit ratio : 0.866 Number of opens : 150 Number of closes : 150 Times configured : 132 Malloc failures : 0 Entries created : 295797131 Entries destroyed : 295633804 Mem limit hit : 2222 Expression create calls : 10 Expression not cacheable : 0 Indexes allocated : 10 Indexes reused : 0 Expression delete calls : 9 Expression delete nops : 0 Input delete calls : 2185512012 Input delete nops : 1889880430 Update jobs started : 150 Update jobs completed : 150 Update job mem limit suspends : 0 Update job walk suspends : 0 Update job walks completed : 10 Bit vectors truncated : 0 Iterators adjusted : 0
If the limits need to be adjusted they can be done with the memory-limit hidden configuration option. As an example to raise the limit from the default 2m to 16m:
set policy-options as-path-match memory-limit 16m set policy-options community-match memory-limit 16m