last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
Expand all | Collapse all

Junos Hidden Commands


Erdem07-17-2012 10:25


Erdem07-17-2012 20:04

  • 1.  Junos Hidden Commands

    Posted 07-17-2012 08:46


    This was talked about before and was supposed to be a sticky at the top of the forum for everyone to participate in.  Thought I'd start it off. 


    Something I like for VPN debugging, which enables logging to the KMD log by default without the need to commit!


    user@srx>request security ike debug-enable local <ip-address> remote <ip-address> level <level>

     and to turn off:


    user@srx>request security ike debug-disable


  • 2.  RE: Junos Hidden Commands

    Posted 07-17-2012 10:25

    I floated the topic


  • 3.  RE: Junos Hidden Commands

    Posted 07-17-2012 20:04
    thanks for sharing

  • 4.  RE: Junos Hidden Commands

    Posted 07-18-2012 00:03
    The request security ike debug-enable is all good for branch, but for high-end, it's a lot more tedious.

  • 5.  RE: Junos Hidden Commands

    Posted 07-18-2012 02:16

    Another usefull one for taking a tcpdump of an interface to analyze with Wireshark or similar.


    user@srx>monitor traffic interface ge-0/0/1.0 write-file test.pcap

     Can be viewed on the SRX also:


    user@srx>monitor traffic read-file test.pcap




  • 6.  RE: Junos Hidden Commands

    Posted 07-18-2012 03:47



    Some more hidden commands:


    To see default config settings


    lab@srx240# show groups junos-defaults

     To see some system limits (not really hidden, but anyway):


    show log nsd_chk_only


    To see currently working Junos applications definitions


    request pfe execute command "show usp app-def tcp" target fwdd
    request pfe execute command "show usp app-def udp" target fwdd

     And last but not the least,


    lab@srx240# commit full

     to make all daemons re-read the configuration.



  • 7.  RE: Junos Hidden Commands

    Posted 08-16-2012 01:19

    May be not so useful, but there are some hidden aliases for comands, e.g. you can use


    lab@srx> show security ike sa           
    lab@srx> show security ipsec sa


    (sa instead of security-associations).

  • 8.  RE: Junos Hidden Commands

    Posted 02-06-2013 22:35

    Nice. also to add to it,

    if your commit is taking a long time and you want to see where it is taking time, you can try:


    # commit |display detail


    (again , this is not a hidden command but still useful )


  • 9.  RE: Junos Hidden Commands

    Posted 02-17-2013 23:13


    Another good one is:


    root@SRX210H> start shell pfe network fwdd                              
    BSD platform (OCTEON processor, 416MB memory, 8192KB flash)
    FLOWD_OCTEON(SRX210H vty)# ?
        clear                 clear commands
        connect               connect to a remote TNP endpoint
        debug                 Debug commands
        diagnostic            diagnostic commands
        eth                   eth commands
        jsflib                jsf lib information
        pconnect              connect to a remote PIP endpoint
        peekbyte              display memory in bytes
        peeklong              display memory in 32bit longs
        peekword              display memory in 16bit words
        plugin                plugin information
        pty                   open a pty to a PIC
        quit                  quit TTY environment
        reboot                reboot hardware
        set                   set system parameters
        show                  show system information
        sleep                 pause for a few seconds
        test                  test commands
        undebug               Undebug commands
        vty                   open a vty to a remote TNP endpoint
    FLOWD_OCTEON(SRX210H vty)#    
    FLOWD_OCTEON(SRX210H vty)# show threads    
    PID PR State     Name                   Stack Use  Time (Last/Max/Total) cpu
    --- -- -------   ---------------------  ---------  ---------------------
      1 H  asleep    Maintenance           1320/73824  0/8/792 ms  0%
      2 L  running   Idle                  1600/73824  0/15/2839688 ms  0%
      3 H  asleep    Timer Services        1256/73824  0/8/33463 ms  0%
      5 L  asleep    Ukern Syslog           856/73824  0/0/0 ms  0%
      6 L  asleep    Sheaf Background      1120/73824  0/8/1360 ms  0%
      7 M  asleep    mac_db                 856/73824  0/0/0 ms  0%
      8 M  asleep    Docsis                1072/73824  0/8/17890 ms  0%
      9 M  asleep    ATMX                  1312/73824  0/8/46704 ms  0%
     10 M  asleep    XDSL                  1392/73824  0/15/2119765 ms  0%
     11 M  asleep    DSX50ms               1648/73824  0/8/209140 ms  0%
     12 M  asleep    DSXonesec             1264/73824  0/8/20366 ms  0%
     13 M  asleep    SFP                   1216/73824  0/8/32989 ms  0%
     14 M  asleep    Ethernet              2264/73824  0/16/6458174 ms  1%
     15 M  asleep    RSMON syslog thread    896/73824  0/8/227 ms  0%
     16 L  asleep    Syslog                1264/73824  0/8/192 ms  0%
    FLOWD_OCTEON(SRX210H vty)# show threads 1971
    PID PR State     Name                   Stack Use  Time (Last/Max/Total) cpu
    --- -- -------   ---------------------  ---------  ---------------------
    1971 L  asleep    Cattle-Prod Daemon    3288/73824  0/0/0 ms  0%
          Type  ID  Enabled  Pending   Context
     Semaphore  00       No       No  0x489ab1e8
         Timer  00       No       No  0x489ab998
        Socket  00      Yes       No  0x4a33aa80
    Frame 00: sp = 0x4a336ba8, pc = 0x08014cb0
    Frame 01: sp = 0x4a336c20, pc = 0x0801b9b4
    Frame 02: sp = 0x4a336c58, pc = 0x08047db4
    Frame 03: sp = 0x4a336c88, pc = 0x08046cc0
    Frame 04: sp = 0x4a336ca8, pc = 0x08722374
    Frame 05: sp = 0x4a337130, pc = 0x0802b8ec
    Frame 06: sp = 0x4a337158, pc = 0x00002000
    FLOWD_OCTEON(SRX210H vty)# 



  • 10.  RE: Junos Hidden Commands

    Posted 02-20-2013 21:48

    Ideally, you should never see terms like 'ifd' and 'ifl' in the logs but if you do see them in logs which look something like:

    COSD_GENCFG_WRITE_FAILED: GENCFG write failed for Classifier to IFL 10. Reason: File exists

    (ifd refers to physical interface and ifl refers to logical interfaces. One ifd can have multiple ifls under it. )

    and you want to know which interface it is referring to, you can use the following hidden commands:


    cli> show interfaces ifl-index 10


    #In case it says ifd, you can use:

    cli> show interfaces ifd-index 10

  • 11.  RE: Junos Hidden Commands

    Posted 02-23-2013 12:13

    A command to log in to other node of SRX cluster


    lab@E1> request routing-engine login ?
    Possible completions:
      <[Enter]>            Execute this command
      |                    Pipe through a command
    lab@E1> request routing-engine login node 1 
    --- JUNOS 12.1R3.5 built 2012-08-09 07:05:23 UTC


  • 12.  RE: Junos Hidden Commands

    Posted 02-27-2013 02:55

    commit full 

  • 13.  RE: Junos Hidden Commands

    Posted 03-15-2013 09:37

    Just to add a little bit more detail.

    Let say somehow you dont have the root login and still you want to capture output on PFE withough going to vty mode.

    Here is the way.



    admin@SRX210H>request pfe execute target fwdd command "show usp threads"<<<<Just add pfe commands in colun" ".

  • 14.  RE: Junos Hidden Commands

    Posted 07-18-2013 15:24

    I know this is an SRX thread, but I find this one useful all the time on an EX VC: 


    operate@Ray-20# run request rou                            
    syntax error.
    operate@Ray-20# run request routing-engine ?                 
    Possible completions:
      login                Allow login to one Routing Engine
    operate@Ray-20# run request routing-engine login ?
    Possible completions:
      all-members          Log in to all virtual chassis members
      backup               Log in to backup RE
      local                Log in to local virtual chassis member
      master               Log in to master RE
      member               Log in to specific virtual chassis member (0..9)
      other-routing-engine  Log in to the other Routing Engine
      re0                  Log in to RE0
      re1                  Log in to RE1




  • 15.  RE: Junos Hidden Commands

    Posted 09-06-2013 03:47

    Junos contains default configurations in a hidden group named junos-defaults. To see them:


    user@srx>show configuration groups junos-defaults

    user@srx>show configuration groups junos-defaults applications

  • 16.  RE: Junos Hidden Commands