Operational

Monitoring and
Maintenance

4-1
Copyright 2005 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

EX-series Front Panel LEDs (1 of 2)

Visual Indicators summarize platform status
Front Panel LEDs

ALM
(Alarm)
SYS
(System)
MST
(Master)

On Steadily

If the LED is lit red, an

alarm is present.

Blinking

Not ApplicableIf ALM LED

is unlit, no alarm is
present.

If the SYS LED is lit steadily If the SYS LED is blinking

green, JUNOS software is
green, the switch is
loaded on the switch.
booting JUNOS software.
If the MST LED is lit steadily
green, the switch is the
master of the Virtual
Chassis configuration. (This
LED is always lit steadily on
EX 3200 models).

2008 Juniper Networks, Inc. All rights reserved.

If the MST LED is blinking

green, the switch is the
backup of the Virtual
Chassis configuration. MST
LED remains unlit on
member (line card)
switches.

EX-series Front Panel LEDs (2 of 2)

Network and uplink port LEDs indicate status
Network and uplink ports have two LEDs
LED 1 indicates link activity
LED 2 indicates admin status, duplex mode, PoE, and
link speed
LED 2 is toggled using the LCD menu

LED 1

LED 2

2008 Juniper Networks, Inc. All rights reserved.

EX-series LCD Menu

The LCD menu provides a quick method of
checking chassis alarms and system status
Default idle mode shows system status
LCD switches to alarm mode automatically when
alarms occur

Menu
Button (No)
Enter
Button
(Yes)
2008 Juniper Networks, Inc. All rights reserved.

Monitoring System-Level Operation (1 of

3)
View the Dashboard tab:

2008 Juniper Networks, Inc. All rights reserved.

Monitoring System-Level Operation (2 of

3)
System monitoring is also available under
Monitor > System View > System
Information CPU
Monitoring

Storage
Details
Logged-in
User
Details

2008 Juniper Networks, Inc. All rights reserved.

Monitoring System-Level Operation (3 of

3)
Using the CLI, issue show system commands:
user@switch> show system ?
Possible completions:
alarms
Show
audit
Show
boot-messages
Show
buffers
Show
certificate
Show
commit
Show
configuration
Show
connections
Show
core-dumps
Show
directory-usage
Show
initialsetup
Show
license
Show
processes
Show
reboot
Show
rollback
Show
...

2008 Juniper Networks, Inc. All rights reserved.

system alarm status

file system MD5 hash and permissions
boot time messages
buffer statistics
installed X509 certificates
pending commit requests (if any) and commit history
configuration information
system connection activity
system core files
local directory information
initialsetup information
feature licenses information
system process table
any pending halt or reboot requests
rolled back configuration

Monitoring the Chassis

Monitor the chassis status using the Monitor >
System View > Chassis Information J-Web page
Or use CLI show chassis commands:
user@switch> show chassis
Possible completions:
alarms
Show
environment
Show
fpc
Show
hardware
Show
lcd
Show
location
Show
mac-addresses
Show
pic
Show
routing-engine
Show
temperature-thresholds

2008 Juniper Networks, Inc. All rights reserved.

?
alarm status
component status and temperature, cooling system speeds
Flexible PIC Concentrator status
installed hardware components
LCD display
physical location of chassis
media access control addresses
Physical Interface Card state, type, and uptime
Routing Engine status
Show chassis temperature threshold settings

Network Utilities: Part 1

Use the CLI ping and traceroute commands
Use Ctrl+c to stop the CLI ping and traceroute

user@switch> ping 10.210.14.173

PING 10.210.14.173 (10.210.14.173): 56 data bytes
64 bytes from 10.210.14.173: icmp_seq=0 ttl=64 time=0.345 ms
64 bytes from 10.210.14.173: icmp_seq=1 ttl=64 time=0.292 ms
^C
--- 10.210.14.173 ping statistics --2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.218/0.281/0.345/0.046 ms
user@switch> traceroute 10.210.14.173
traceroute to 10.210.14.173 (10.210.14.173), 30 hops max, 40 byte pkts
1 10.210.14.173 (10.210.14.173) 2.872 ms 0.203 ms 0.150 ms

Alternatively, access the Ping Host and

Traceroute tools under the J-Web Troubleshoot
tab
2008 Juniper Networks, Inc. All rights reserved.

Network Utilities: Part 2

Use the CLI monitor traffic command to
decode packets, or access the packet capture
utility under the J-Web Troubleshoot tab

Displays traffic only originating or terminating on the

switch
Use the interface interface-name option to capture local
traffic from a specific interface
The best way to perform analysis of Layer 2 header information
in JUNOS software is using the layer2-headers option
Use the no-resolve knob to avoid DNS reverse-lookup delays
Use matching option to filter packets
Packet capture can be saved for packet analysis (hidden writefile and read-file options)

user@switch> monitor traffic interface ge-0/0/0 layer2-headers no-resolve

2008 Juniper Networks, Inc. All rights reserved.

10

CLI: Packet Capture Example

Use the detail or extensive option for complete decod

user@switch> monitor traffic interface ge-0/0/2 layer2-headers no-resolve
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is OFF.
Listening on ge-0/0/2, capture size 96 bytes
06:19:35.121217 In 0:1b:c0:5e:53:a2 > 0:19:e2:50:3f:e3, ethertype IPv4 (0x0800),
length 98: 10.100.200.1 > 10.100.200.2: ICMP echo request, id 5153, seq 222, length
64
06:19:35.121269 Out 0:19:e2:50:3f:e3 > 0:1b:c0:5e:53:a2, ethertype IPv4 (0x0800),
length 98: 10.100.200.2 > 10.100.200.1: ICMP echo reply, id 5153, seq 222, length 64
^C
10 packets received by filter
0 packets dropped by kernel

Ctrl+c key sequence exits listening mode

2008 Juniper Networks, Inc. All rights reserved.

11

Network Utilities: Part 3

Access Telnet, SSH, and FTP client commands
from the CLI
user@switch> telnet ?
Possible completions:
<host>
8bit
bypass-routing
inet
inet6
interface
logical-router
no-resolve
port
routing-instance
source

Hostname or address or remote host

Use 8-bit data path
Bypass routing table, use specified interface
Force telnet to IPv4 destination
Force telnet to IPv6 destination
Name of interface for outgoing traffic
Name of logical router
Don't attempt to print addresses symbolically
Port number or service name on remote host
Name of routing instance for telnet session
Source address to use in telnet connection

user@switch> telnet 127.0.0.1

Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
switch (ttyp0)
login: user
Password:
. . .
2008 Juniper Networks, Inc. All rights reserved.

12

EX-series Software Packaging

Software packaging:
Packages are signed using the Secure Hash
Algorithm 1 (SHA-1) and hashed with MessageDigest 5 (MD5) cryptographic hashing to ensure
file integrity

JUNOS software executes signed binaries

only
No removable media packages
CLI commands for use with the USB device are
coming in a future JUNOS software release

2008 Juniper Networks, Inc. All rights reserved.

13

EX-series Package Naming Convention

JUNOS software packages for EX-series
switches are named as follows:
jinstall-ex-m.nZnumber-region.tgz
m.n is the major version number
Z is a single uppercase letter
A:
B:
R:
I:

Alpha
Beta
Release
Internal

number is the release number; might include the

build number for that release
region is either domestic or export
Currently, only domestic images are available

Example: jinstall-ex-9.1R2.10-domestic.tgz
2008 Juniper Networks, Inc. All rights reserved.

14

Upgrading JUNOS Software

Download and install a new package
Use the J-Web Maintain > Software page
Or use the CLI request system software add
command
Keep locally stored packages in /var/tmp for easy
cleanup

Watch for problems relating to low storage space

File system
cleanup is
covered in a
subsequent
section
Software
Manageme
nt
2008 Juniper Networks, Inc. All rights reserved.

15

Upgrade Example (1 of 2)
Use the J-Web Maintain > Software >
Install Package page to install a package
from a remote host
An FTP-based URL is shown in this example:

A reboot is required to activate new

software
2008 Juniper Networks, Inc. All rights reserved.

16

Upgrade Example (2 of 2)
You are presented with status indications as
the upgrade process executes
Watch for any error messages during the upgrade

2008 Juniper Networks, Inc. All rights reserved.

17

EX-series File System Overview

Key directory and file locations include:
/: The root file systemlocated on the boot device
/config: The location for the active configuration
(juniper.conf.gz), the first 3 rollbacks, and the
rescue configuration
/config/db/config: Location of rollback indexes 449

/var: User directories, log files, and temporary storage

/var/home: Nonroot user home directories
/var/log: Location of system log (and trace) files
/var/tmp: Location of various temporary files, such as core
dumps, and the recommended storage area for JUNOS
software packages

NOTE: The /var directory is cleaned out upon

upgrades!

2008 Juniper Networks, Inc. All rights reserved.

18

File System Cleanup

Compact-flash space is limited
Automated cleanup of the /var with software
upgrades

Use the J-Web Maintain > Files page to free

space
Or use the CLI file delete command
Clean
up
wizar
d
Manu
al
cleanu
p

2008 Juniper Networks, Inc. All rights reserved.

19

Password Recovery Process

Must have a console connection
Steps:
Reboot the switch
Press the Spacebar when prompted
Boot to single user mode:
loader> boot s

Enter recovery mode:

Enter full pathname of shell or 'recovery' for
root password recovery or RETURN for /bin/sh:
recovery

Set root password

Commit the change!
Exit configuration mode and reboot when prompted
2008 Juniper Networks, Inc. All rights reserved.

20