Aruba Wireless Controller User Debug by MAC Address

controller (config) # logging level debugging user-debug <mac-address>

controller # show log user-debug all

Junos Restoring a Saved Backup Configuration

Once the saved configuration file is copied to the router, you load and commit the file:

Start the CLI configuration mode.

user@routername> configure
Entering configuration mode
 
[edit]
user@host#

Load the file into the current configuration. You should override the existing file.

user@host# load override /var/tmp/filename
load complete

Commit the file.

user@host# commit
commit complete

DHCPv6 and Router Advertisements in Junos

Even if you intend to use DHCPv6 instead of SLAAC in your environment, you still need RA messages to function on the local LAN.  The RAs provide the default gateway information to an end node and, with the M-bit, inform the nodes that the LAN uses stateful DHCPv6

The RA contains several flags that are set that the nodes watch for and use.

• A-bit – Autonomous Address Autoconfiguration Flag tells the node it should perform stateless address assignment (SLAAC RFC 4862)

• L-bit – On-Link Flag tells the node that the prefix listed in the RA is the local IPv6 address

• M-bit – Managed Address Config Flag tells the host if it should use stateful DHCPv6 (RFC 3315) to acquire its address and other DHCPv6 options

• O-bit – Other Config Flag tells the host that there is other information the router can provide (such as DNS information defined in Stateless DHCPv6 (RFC 3736))

Junos RA config that is required for the DHCPv6 enabled infrastructure

set protocols router-advertisement interface <interface name> managed-configuration
set protocols router-advertisement interface <interface name> prefix <IPv6 Prefix> no-autonomous
set protocols router-advertisement interface <interface name> prefix <IPv6 Prefix> on-link

If the "on-link" option is not set for a prefix. Any host on that network sends all packets destined for the hosts on the same network to its default gateway. DHCPv6 does not send the prefix information to the client. When "on-link" is set the router informs the clients with the directly connected prefixes.

Junos Firewall pre-defined apllications list hidden command

show configuration groups junos-defaults

Basic Unix Commands

Ten ESSENTIAL UNIX Commands

These are ten commands that you really need to know in order to get started with UNIX. They are probably similar to commands you already know for another operating system. 

Command	Example	Description
1.     ls	ls ls -alF	Lists files in current directory List in long format
2.     cd	cd tempdir cd .. cd ~dhyatt/web-docs	Change directory to tempdir Move back one directory Move into dhyatt's web-docs directory
3.     mkdir	mkdir graphics	Make a directory called graphics
4.     rmdir	rmdir emptydir	Remove directory (must be empty)
5.     cp	cp file1 web-docs cp file1 file1.bak	Copy file into directory Make backup of file1
6.     rm	rm file1.bak rm *.tmp	Remove or delete file Remove all file
7.     mv	mv old.html new.html	Move or rename files
8.     more	more index.html	Look at file, one page at a time
9.     lpr	lpr index.html	Send file to printer
10.   man	man ls	Online manual (help) about command

Ten VALUABLE UNIX Commands

Once you have mastered the basic UNIX commands, these will be quite valuable in managing your own account. 

Command	Example	Description
1.     grep <str><files>	grep "bad word" *	Find which files contain a certain word
2.     chmod <opt> <file>	chmod 644 *.html chmod 755 file.exe	Change file permissions read only Change file permissions to executable
3.     passwd	passwd	Change passwd
4.     ps <opt>	ps aux ps aux   |   grep dhyatt	List all running processes by #ID List process #ID's running by dhyatt
5.     kill <opt> <ID>	kill -9 8453	Kill process with ID #8453
6.     gcc (g++) <source>	gcc file.c -o file g++ fil2.cpp -o fil2	Compile a program written in C Compile a program written in C++
7.     gzip <file>	gzip bigfile gunzip bigfile.gz	Compress file Uncompress file
8.     mail         (pine)	mail me@tjhsst.edu < file1 pine	Send file1 by email to someone Read mail using pine
9.     telnet <host>         ssh <host>	telnet vortex.tjhsst.edu ssh -l dhyatt jazz.tjhsst.edu	Open a connection to vortex Open a secure connection to jazz as user dhyatt
10.   ftp <host> ncftp <host/directory>	ftp station1.tjhsst.edu ncftp metalab.unc.edu	Upload or Download files to station1 Connect to archives at UNC

Ten FUN UNIX Commands

These are ten commands that you might find interesting or amusing. They are actually quite helpful at times, and should not be considered idle entertainment. 

Command	Example	Description
1.     who	who	Lists who is logged on your machine
2.     finger	finger	Lists who is on computers in the lab
3.     ytalk <user@place>	ytalk dhyatt@threat	Talk online with dhyatt who is on threat
4.     history	history	Lists commands you've done recently
5.     fortune	fortune	Print random humerous message
6.     date	date	Print out current date
7.     cal <mo> <yr>	cal 9 2000	Print calendar for September 2000
8.     xeyes	xeyes &	Keep track of cursor (in "background")
9.     xcalc	xcalc &	Calculator ("background" process)
10.   mpage <opt> <file>	mpage -8 file1   |  lpr	Print 8 pages on a single sheet and send to printer (the font will be small!)

Ten HELPFUL UNIX Commands

These ten commands are very helpful, especially with graphics and word processing type applications. 

Command	Example	Description
1.     netscape	netscape &	Run Netscape browser
2.     xv	xv &	Run graphics file converter
3.     xfig / xpaint	xfig & (xpaint &)	Run drawing program
4.     gimp	gimp &	Run photoshop type program
5.     ispell <fname>	ispell file1	Spell check file1
6.     latex <fname>	latex file.tex	Run LaTeX, a scientific document tool
7.     xemacs / pico	xemacs (or pico)	Different editors
8.     soffice	soffice &	Run StarOffice, a full word processor
9.     m-tools (mdir, mcopy,         mdel, mformat, etc. )	mdir a: mcopy file1   a:	DOS commands from UNIX (dir A:) Copy file1 to A:
10.   gnuplot	gnuplot	Plot data graphically

Ten USEFUL UNIX Commands:

These ten commands are useful for monitoring system access, or simplifying your own environment. 

Command	Example	Description
1.     df	df	See how much free disk space
2.     du	du -b subdir	Estimate disk usage of directory in Bytes
3.     alias	alias lls="ls -alF"	Create new command "lls" for long format of ls
4.     xhost	xhost + threat.tjhsst.edu xhost -	Permit window to display from x-window program from threat Allow no x-window access from other systems
5.     fold	fold -s file1   |   lpr	Fold or break long lines at 60 characters and send to printer
6.     tar	tar -cf subdir.tar subdir tar -xvf subdir.tar	Create an archive called subdir.tar of a directory Extract files from an archive file
7.     ghostview (gv)	gv filename.ps	View a Postscript file
8.     ping    (traceroute)	ping threat.tjhsst.edu traceroute www.yahoo.com	See if machine is alive Print data path to a machine
9.     top	top	Print system usage and top resource hogs
10.   logout (exit)	logout or exit	How to quit a UNIX shell.

Junos Copy files from USB Stick to Juniper Switch/Router

The following procedure allow users to mount a USB device on EX/J/SRX/MX devices.  This can be helpful if network connectivity is unavailable and you need to copy files to or from the device. 

1. Enter the shell as root:

   user@switch> start shell user root
   Password:
   root@switch% 
   

2. Before inserting the USB device, perform the following:

   root@% ls /dev/da*
   /dev/da0 /dev/da0s1c /dev/da0s2a /dev/da0s3 /dev/da0s3e
   /dev/da0s1 /dev/da0s1f /dev/da0s2c /dev/da0s3c
   /dev/da0s1a /dev/da0s2 /dev/da0s2f /dev/da0s3d
   

3. Insert the USB drive in the USB port. The following output will be displayed:

   root@% umass1: TOSHIBA TransMemory, rev 2.00/1.00, addr 3
   da2 at umass-sim1 bus 1 target 0 lun 0
   da2: <TOSHIBA TransMemory 5.00> Removable Direct Access SCSI-0 device 
   da2: 40.000MB/s transfers
   da2: 983MB (2013184 512 byte sectors: 64H 32S/T 983C)
   
   root@% ls /dev/da*
   /dev/da0 /dev/da0s1c /dev/da0s2a /dev/da0s3 /dev/da0s3e
   /dev/da0s1 /dev/da0s1f /dev/da0s2c /dev/da0s3c /dev/da2
   /dev/da0s1a /dev/da0s2 /dev/da0s2f /dev/da0s3d /dev/da2s1
   

   Note: '/dev/da2s1' is the USB drive.


4. Create a directory for the USB drive to mount to:

   root@% mkdir /var/tmp/usb

5. Mount the USB drive to the /var/tmp/usb directory:

   root@% mount_msdosfs /dev/da2s1 /var/tmp/usb
   root@% ls /var/tmp/usb
   images.tgz
   

   Note: 'ls /var/tmp/usb' will show all the files in the USB drive.


6. Copy any of the USB files to the /var/tmp/usb directory:

   root@% cp /var/tmp/usb/images.tgz /var/tmp
   root@% ls /var/tmp
   images.tgz

   The images.tgz file from the USB is successfully copied to the /var/tmp directory.


7. Now unmount the USB drive after the file is completely copied:

   root@% umount /var/tmp/usb
   root@% umass1: at uhub0 port 1 (addr 3) disconnected
   (da1:umass-sim1:1:0:0): lost device
   (da1:umass-sim1:1:0:0): removing device entry
   umass1: detached

Juniper Virtual Chassis Non-Stop Software Upgrade

request system software nonstop-upgrade <package-name>

<force-host>

<no-copy>

<no-old-master-upgrade>

<reboot>

<unlink>

The following requirements apply to Virtual Chassis or mixed Virtual Chassis:

• All Virtual Chassis or mixed Virtual Chassis members and all Routing Engines must be running the same Junos OS release.
• Graceful Routing Engine switchover (GRES) must be enabled.
• For minimal traffic disruption, you must define link aggregation groups (LAGs) such that the member links reside on different Virtual Chassis or mixed Virtual Chassis members or on different line cards.

The following are requirements for Virtual Chassis or mixed Virtual Chassis members:

• The Virtual Chassis or mixed Virtual Chassis members must be connected in a ring topology so that no member is isolated as a result of another member being rebooted. This topology prevents the Virtual Chassis from splitting during an NSSU.
• The Virtual Chassis or mixed Virtual Chassis master and backup must be adjacent to each other in the ring topology. Adjacency permits the master and backup to always be in sync, even when the switches in linecard roles are rebooting.
• The Virtual Chassis or mixed Virtual Chassis must be preprovisioned so that the linecard role has been explicitly assigned to member switches acting in a linecard role. During an NSSU, the Virtual Chassis and mixed Virtual Chassis members must maintain their roles—the master and backup must maintain their master and backup roles (although mastership will change), and the remaining switches must maintain their linecard roles.
• A two-member Virtual Chassis or mixed Virtual Chassis must have no-split-detection configured so that the Virtual Chassis or mixed Virtual Chassis does not split when an NSSU upgrades a member.

How an NSSU Works

When you request an NSSU on an a Virtual Chassis or mixed Virtual Chassis:

1. The Virtual Chassis or mixed Virtual Chassis master verifies that:
   • The backup is online and running the same software version.
   • Graceful Routing Engine switchover (GRES) is enabled.
   • The Virtual Chassis or mixed Virtual Chassis member has a preprovisioned configuration.
2. The master installs the new software image on the backup and reboots it.
3. The master resynchronizes the backup.
4. The master installs the new software image on member switches that are in the line card role and reboots them, one at a time. The master waits for each member to become online and active before starting the software upgrade on the next member.
5. When all members that are in the line card role have been upgraded, the master performs a graceful Routing Engine switchover, and the upgraded backup becomes the master.
6. The software on the original master is upgraded and the original master is automatically rebooted. After the original master has rejoined the Virtual Chassis, you can optionally return control to it by requesting a graceful Routing Engine switchover.

Juniper EX4600 and QFX Series Switch Host Software Upgrade

request system software add <package name> force-host no-copy validate

"force-host" option is used to upgrade the Host Software package of the Juniper Switch as well. Otherwise you will end up with old Host Software Version and new Junos OS Version. This option is available on EX4600 and QFX Series Juniper Switches.

DHCP Relay IP Address Renewal Packets Dropped by Juniper Switch

If a client assigns an IP Address via a DHCP Relay all initial DISCOVERY, OFFER, REQUEST and ACK udp packets are broadcast between the Client and the DHCP Relay, and unicast between the DHCP Relay and the DHCP Server. But half the lease time the client asks to extend the Lease time to the DHCP Server. This renewal REQUEST is unicast from the Client to the DHCP Server. The DHCP Relay is not involved.

If DHCP Relay option is configured for any instance on a Juniper SW/RTR, The DHCP Snooping is automatically enabled. Any Juniper Switch on the path from the client to the DHCP Server with DHCP Snooping activated, would drop these unicast udp DHCP renewal packets that pass through if forwarding options are not configured properly.


To figure out this issue we have collected the logs for a dhcp packet on Juniper during the issue.

> show configuration system processes dhcp-service
traceoptions {
    file dhcp_logfile size 10m files 5;
    level all;
    flag all;
}

You can find the logs at the end of this post.

The unicast packets from the Client to the DHCP Server were definitely entering the Switch, were being processed by the DHCP Snooping mechanism (Can be seen in the logs), but no packets were coming out from the switch.

The unicast packets were being dropped by DHCP Snooping on the Juniper Switch..

SOLUTION:

To let packets not to be dropped we enabled forwarding of snooped packets on all interfaces.

> show configuration routing-instances <instance> forwarding-options
dhcp-relay {
    forward-snooped-clients all-interfaces;
    overrides {
        allow-snooped-clients;
    }
}

Related Links:
http://www.juniper.net/techpubs/en_US/junos15.1/topics/concept/dhcp-extended-snooped-packets.html
http://www.juniper.net/documentation/en_US/junos15.1/topics/task/configuration/dhcp-subscriber-access-dhcp-relay-snooped-clients-forwarding.html


DHCP-Service Logs on the Juniper Switch

Aug 18 09:35:24.404067 [INFO]  jdhcpd_io_l2ng_pfe_reader: jdhcpd_pfe_pkt_hdr_t: len 141850860 L3ifindex = 328, L2ifindex = 586, dpi_rtbl=561
Aug 18 09:35:24.404106 [INFO] [irb.1] jdhcpd_io_get_ifs: The L3 interface is 586 and L2 interface is 561, using the L3 interface
Aug 18 09:35:24.404123 [DEBUG] rc_entry_sus_find_ipaddr: rc_entry_sus_find_ipaddr: TYPE 0 for IP ADDR 100.100.100.1 in routing context LR default/RI <inst>
Aug 18 09:35:24.404143 [INFO] [default:<inst>][RLY][INET][irb.1] jdhcpd_io_pfe_packet: SNOOP : recv sa 10.30.17.72 da 100.100.100.1, src_port 68, dst_port 67 if name irb.1 len 300
Aug 18 09:35:24.404158 [ERROR] jdhcpd_security_packet_handle: Interface >ae48.0< packet_flags:204
Aug 18 09:35:24.404169 security-packet-handle sus_l2:ae48.0
Aug 18 09:35:24.404180 [INFO]  jdhcpd_security_packet_handle: security-packet-handle sus_l3:irb.1
Aug 18 09:35:24.404191 [INFO]  jdhcpd_security_packet_handle: security-packet-handle input bd srv
Aug 18 09:35:24.404200 security-packet-handle default/default-switch/srv dhcp-security not configured
Aug 18 09:35:24.404262 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP   from == 10.30.17.72, port == 68 ]--
Aug 18 09:35:24.404284 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP   size == 300, op == 1 ]--
Aug 18 09:35:24.404298 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP  flags == 0 ]--
Aug 18 09:35:24.404311 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP  htype == 1, hlen == 6 ]--
Aug 18 09:35:24.404323 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP   hops == 0, xid == de401a3c ]--
Aug 18 09:35:24.404336 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP   secs == 0, flags == 0000 ]--
Aug 18 09:35:24.404350 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP ciaddr == 10.30.17.72 ]--
Aug 18 09:35:24.404364 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP yiaddr == 0.0.0.0 ]--
Aug 18 09:35:24.404378 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP siaddr == 0.0.0.0 ]--
Aug 18 09:35:24.404391 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP giaddr == 0.0.0.0 ]--
Aug 18 09:35:24.404411 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP chaddr == 00 cd fe e1 92 28 00 00 00 00 00 00 00 00 00 00 ]--
Aug 18 09:35:24.404424 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP  sname ==  ]--
Aug 18 09:35:24.404436 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP   file ==  ]--
Aug 18 09:35:24.404450 [INFO] [default:<inst>][RLY][INET][irb.1] --[ OPTION code  53, len   1, data DHCP-REQUEST ]--
Aug 18 09:35:24.404467 [INFO] [default:<inst>][RLY][INET][irb.1] --[ OPTION code  55, len   7, data 01 79 03 06 0f 77 fc ]--
Aug 18 09:35:24.404481 [INFO] [default:<inst>][RLY][INET][irb.1] --[ OPTION code  57, len   2, data 05 dc ]--
Aug 18 09:35:24.404498 [INFO] [default:<inst>][RLY][INET][irb.1] --[ OPTION code  61, len   7, data 01 00 cd fe e1 92 28 ]--
Aug 18 09:35:24.404512 [INFO] [default:<inst>][RLY][INET][irb.1] --[ OPTION code  51, len   4, data 00 76 a7 00 ]--
Aug 18 09:35:24.404531 [INFO] [default:<inst>][RLY][INET][irb.1] --[ OPTION code  12, len  14, data 52 61 63 68 65 6c 73 2d 69 50 68 6f 6e 65 ]--
Aug 18 09:35:24.404545 [INFO] [default:<inst>][RLY][INET][irb.1] --[ OPTION code 255, len   0 ]--
Aug 18 09:35:24.404560 [NOTE] [default:<inst>][RLY][INET][irb.1] jdhcpd_packet_handle: BOOTPREQUEST arrived on unconfigured interface irb.1, flags 3