Could you please advise how can I check the mac address table of a Juniper router? For example SRX100,200 or 300 series.
I am asking because the main article I find here is about checking mac on switches (and all commands bring no results or give errors) however I just want to see all mac entries learned on a router which doesn't perform switching funcions between multiple vlans and is used for example for internet access or VPN.
> show ethernet-switching table
warning: ethernet-switching subsystem not running - not needed by configuration.
"sh arp" is useless because it works on layer 3 and I need to acquire layer 2 information.
show bridge ... - all sub-commands return zero mac addresses even tho the service is working and having traffic!
For comparison if it's a Cisco 'sh mac address-table' or 'sh mac-address-table' (depending on platform) always returns the needed information.
MAC learning is a switching function. If your srx is not configured for ethernet switching you will not have a MAC table. You will have an ARP table that performs MAC<->IP mapping.
Below is an example of an SRX in switching mode that does have a MAC table.
test@test> show chassis hardware
Item Version Part number Serial number Description
Chassis xxxxxxxxxxx SRX1500
test@test> show ethernet-switching table
Ethernet switching table : 1 entries, 1 learned
Routing instance : default-switch
Vlan MAC MAC Age Logical NH RTR
name address flags interface Index ID
100 00:0c:bd:01:81:1f D - ge-0/0/8.0 0 0
test@test> show configuration | snipped
set protocols l2-learning global-mode switching
set interfaces ge-0/0/8 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members 100
set vlans vlan100 vlan-id 100
set vlans vlan100 l3-interface irb.100
Thanks for the explanation however I am still confused about something.
In order to troubleshoot a simple layer 2 issue on a Juniper do I always have to enable ether-channel on the interface?
For example if I want to prove that there is issue with my service provider I need to show them that I am not learning any mac addresses on the WAN interface so I will have to change it's configuration.
Since the Juniper is performing layer 3 functions I would expect it to also store the mac addresses in a table (not arp table!) somewhere in it's memory.
For that situation you would just use the interface level command
show arp interface ge-0/0/0.0
This shows the arp entries associated with that layer 3 interface and update in real time as changes occur. We use this all the time as a service provider to verify we see the connected mac addresses of client connected routers of firewalls.
If your interface is configured as layer 3, your device will not maintain a list of MAC addresses outside of your subnet and you will not populate an ethernet table, even if one exists. The only reason your router cares about MAC addresses in a layer 3 context is so it knows where to send either routed (to next-hop) or same-subnet packets to. These are stored in the ARP table. If there is a ip mismatch between you and your carrier then their IP and MAC will not show up in your ARP table.
Therefore: If you want to analyze traffic that you are receiving from your carrier in an effort to troubleshoot then you should either:
1. Mirror that port and capture traffic with wireshark, or
2. Configure interface-level packet-capturing (https://www.juniper.net/documentation/en_US/junos/topics/concept/security-packet-capture-overview.html) and look at the capture offline
3. As you mentioned, configure your interface as layer 2 to see if your carrier's MAC address shows up. This requires that your device supports ethernet switching and that they are actively sending traffic.
Your Cisco router will also not have a mac table unless it has a switching module. Perhaps you are thinking of a layer 3 switch. It's certainly possible that Cisco will helpfully add ARP entries to the MAC table but Juniper does not do this.
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.0(1)M6, RELEASE SOFTWARE (fc1)
Router#sho interfaces gi0/0
GigabitEthernet0/0 is down, line protocol is up
Hardware is CN Gigabit Ethernet, address is 0007.1124.f200 (bia 0007.1124.f200)
Internet address is 192.168.0.1/24
login Display Secure Login Configurations and State management Display the management applications
mdf Show the names of configured EMM menus
memory Memory statistics
microcode show configured microcode for downloadable hardware
modemcap Show Modem Capabilities database
monitor Monitoring different system events
network-clocks Network clocks information