网络设备常用排障命令——Juniper & vyatta & 大河SDN

JUNIPER设备

华为,思科是两种配置(运行配置+保存配置)
Juniper是三种配置(运行配置+保存配置1-49号+编辑中的配置)

juniper 设备BGP设备

#shell模式
    start shell

#对比配置,回退操作
    #status             //查看登录用户,进程号,当前状态等
    #show system users      //查看当前登录的用户
    #show configure | dis detail    //显示配置文件,这种会有描述的哦,教你怎么解读配置
    #show | compare         //查看当前修改的那些配置
    #show | compare rollback 2  //比较当前和历史哪个配置
    #show configuration | compare rollback 2
    #rollback           //恢复最近运行的配置
    #rollback 2         //恢复历史指定配置
    save /var/tmp/20190617.txt  //将配置保存在
>configure      //进入配置模式
>configure private  //进入私有配置模式,与其他用户不干扰,除非修改了同一文件,
#update         //当有人修改了配置,我们也要修改保存,可以使用update先更新,再保存

#commit confirmed   //提交配置并生效10分钟,10分钟后需再次确认,否则自动还原之前配置自动还原,若确认没问题,再次手动commit即可
#commit check       //提交命令前检查命令是否正确
#commit and-quit    //提交配置,并退出到>操作模式
#commit at 22:10    //在22:10分的时候,进行提交,这是一个时间计划任务,一旦指定,不能更改其他任何配置,只能清除clear
>clear system commit    //清除提交配置的计划任务
#commit comment "this is down bgp"  //提交配置时,记录一个描述日志,以便查询
#接口类型
    ge-0/0/7    //接口类型-母版位置-子卡位置-模块位置
    fxp0        //带外管理口
    fxp1        //路由平面与转发平面互联接口,它不能被配置,但是它可以被配置
    物理口配置IP,必须使用unit0 而且只能配置一个unit,同一个unit支持多个IP,并且不会被覆盖

#查看运行配置(count统计,find 从什么开始,match 包含,except 排除)
    show configuration system login
    show configuration protocols bgp
    show configuration | display set | count | match ospf   //查看ospf配置有多少行
    show configuration | display set | except ospf          //排除ospf配置
    deactivate interface ge-0/0/6 unit 1        //注释某条命令,使其不生效
    activate interface ge-0/0/6 unit 1          //取消注释,让命令生效
    up      //返回上一级
    top     //返回到顶层
    copy interface ge-0/0/6 to ge-0/0/7     //将6口的配置复制到7口
    load set terminal               //批量粘贴录入配置,按Ctrl+D结束

#替换配置replace(进入em2的逻辑接口,将192.168.1.1/24替换成172.16.1.1/24)
    edit interfaces em2 unit 0
    replace pattern 192.168.1.1/24 with 172.16.1.1/24

#重命名rename(将em1改成em2)
    rename interfaces em1 to em2

#范围wildcard(删除8-11接口,将0-5还有7网口设置为全双工模式,)
    #wildcard delete interfaces em[8-11]
    #wildcard range set interfaces em[0-5,7] link-mode full-duplex

#配置root密码
    以明文的形式()
    set system root-authentication plain-test-password
    以密文的形式(加密后的密文,要注意哦)
    set system root-authentiaction encrypted-password "sadasdsdffsd"

#用户管理
    新增用户,设置安全级别,设置权限
    set system login user fnk class super-user
    set system login user fnk authentiaction plain-test-password
    查看用户登陆配置
    show system login | display set
    用户安全级别组、
    set system login user fnk class ?

注意:Junios可以在不插模块的情况下进行配置,不会出错,但是无法通过show configuration inter terse 进行查看到
提示:Junios中ospf宣告的是接口,而不是地址.

#查看光功率
    show interfaces diagnostics optics xe-7/0/0

#查看vlanif的配置
    show interfaces irb.3301

#使用特定vrf进行ping测试
    ping 1.1.1.1 routing-instance VRF-CN

#查看哪个peer发布了哪些网段
    show route protocol bgp advertising-protocol bgp 23.119.64.225

#查看那个peer接收了哪些网段
    show route protocol bgp receive-protocol bgp 23.119.64.225
    show route protocol bgp receive-protocol bgp 38.21.225.63 all       #查看未过滤的条目

#查看bgp路由,包含起源as号
    show route protocol bgp 9.9.9.9

#MX960上写静态路由
set routing-instances VRF-Highbandwith routing-options static route 211.37.191.26/32 next-hop 23.19.4.225

#SJ优化段添加网关
+++++++
10008-1

set groups Gateway interfaces irb unit "<29??>" family inet address 45.1.230.125/25 virtual-gateway-address 45.1.230.1
set groups Gateway interfaces irb unit "<29??>" family inet address 45.1.230.253/25 virtual-gateway-address 45.1.230.129
set interfaces irb unit 2901 family inet address 45.1.230.125/25 virtual-gateway-address 45.61.230.1
set interfaces irb unit 2901 family inet address 45.1.230.253/25 virtual-gateway-address 45.61.230.129
set routing-instances aggToMX960 routing-options static route 45.1.230.0/25 discard
set routing-instances aggToMX960 routing-options static route 45.1.230.0/25 tag 65002
set routing-instances aggToMX960 routing-options static route 45.1.230.128/25 discard
set routing-instances aggToMX960 routing-options static route 45.1.230.128/25 tag 65002

10008-2
set groups Gateway interfaces irb unit "<29??>" family inet address 45.1.230.126/25 virtual-gateway-address 45.1.230.1
set groups Gateway interfaces irb unit "<29??>" family inet address 45.1.230.254/25 virtual-gateway-address 45.1.230.129
set interfaces irb unit 2901 family inet address 45.1.230.126/25 virtual-gateway-address 45.1.230.1
set interfaces irb unit 2901 family inet address 45.1.230.254/25 virtual-gateway-address 45.1.230.129
set routing-instances aggToMX960 routing-options static route 45.1.230.0/25 discard
set routing-instances aggToMX960 routing-options static route 45.1.230.0/25 tag 65002
set routing-instances aggToMX960 routing-options static route 45.1.230.128/25 discard
set routing-instances aggToMX960 routing-options static route 45.1.230.128/25 tag 65002

#SJ-10008上写32路由
    set routing-instances aggToMX960 routing-options static route 3.21.28.89/32 next-table CNCommunity.inet.0
#SJ接入交换机接口学不到mac,就这样操作
    delete interfaces ge-1/0/41 unit 0 family ethernet-switching vlan members CN
    commit
    set interfaces ge-1/0/41 disable
    commit
    set interfaces ge-1/0/41 unit 0 family ethernet-switching vlan members CN
    delete interfaces ge-1/0/41 disable
    commit

#SJ10008上监控vlanfi 2层数据统计
    monitor traffic interface irb.3301 no-resolve layer2-headers

#查看限速模板
    show configuration firewall

#查看接口是否存在丢包等
    show interfaces ge-1/0/6 extensive

#配置限速模板
    set firewall family ethernet-switching filter P350M interface-specific
    set firewall family ethernet-switching filter P350M term all then policer P350M

    set firewall policer P350M if-exceeding bandwidth-limit 350m
    set firewall policer P350M if-exceeding burst-size-limit 35m
    set firewall policer P350M then discard

#接口应用限速模板
    set interfaces xe-0/0/5 unit 0 family ethernet-switching filter input P350M
    set interfaces xe-0/0/5 unit 0 family ethernet-switching filter output P350M

juniper查询路由信息

#显示某条 BGP 路由的详细信息
    show route protocol bgp 4.0.0.0/8 exact
    show route protocol bgp 45.61.230.0 exact detail

#查看向某 BGP 邻居宣告的路由
    show route advertising-protocol bgp 59.43.0.2 | match 58.30

#查看从某 BGP 邻居接收的路由,经过策略过滤的
    show route receive-protocol bgp 59.43.0.2 | match 64.114

#查看从某 BGP 邻居接收的路由,未经过策略过滤的
    show route receive-protocol bgp 59.43.0.2 all | match 64.114

#用 AS PATH 正则表达式来匹配察看 BGP 路由(以 AS-PATH 64523 开头的 BGP 路由)
    show route protocol bgp aspath-regex "^64523"

juniper 5200交换机如何做本地端口镜像

这里争对聚合口ae13的子接口ae13.3501的in,out方向数据,镜像到 xe-1/0/4:2.0口子
    set interfaces ae13 flexible-vlan-tagging
    set interfaces ae13 unit 3501 vlan-id 3501
    set interfaces ae13 unit 3501 family inet address 10.60.220.5/30
    set interfaces xe-1/0/4:2 unit 0 family ethernet-switching
    #关键是下面两行
    set forwarding-options analyzer mirror-mactest input egress interface ae13.3501
    set forwarding-options analyzer mirror-mactest output interface xe-1/0/4:2.0

vyatta基本操作

#查看操作的命令历史
    show history

#查看当前生效命令
    show configuration commands

#黑洞系统查询
    sh configuration commands | match bl

#写一条黑洞
    conf
    set protocols static route 23.252.1.90/32 'blackhole'
    commit    #保存

#删除黑洞
    delete protocols static route 1.1.1.1/32 blackhole

#BGP相关操作
    show ip bgp sum    #查看BGP邻居
    reset ip bgp all   #重置BGP邻居
    sh ip bgp neighbors 123.123.123.123 advertised-routes   #查看向某个peer发布了什么路由

大河SDN设备查看流表

#指定协议为openflow13  以及端口为eth-0-2
    ovs-ofctl dump-flows br0 -O openflow13 in_port=2
微信打赏微信打赏

如果文章对你有帮助,欢迎点击上方按钮打赏作者

最后编辑于:2022/11/21作者: 辣条①号

现在在做什么? 接下来打算做什么? 你的目标什么? 期限还有多少? 进度如何? 不负遇见,不谈亏欠!

暂无评论

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注

arrow grin ! ? cool roll eek evil razz mrgreen smile oops lol mad twisted wink idea cry shock neutral sad ???