SRX GENCFG failed error message

Regarding to “/kernel: GENCFG: op 2 (USP Blob) failed; err 7 (Doesn’t Exist)”.

This kernel message is generated because kernel does not have a handler for a certain gencfg blob message.

It is harmless message and showing perhaps due to logging level too verbose.

You can modify your syslog level to ‘any critical’ to avoid these messages.

{primary:node1}[edit]
root@Firewall# set groups node1 system syslog file default-log-messages any ?
Possible completions:
alert Conditions that should be corrected immediately
any All levels
critical Critical conditions
emergency Panic conditions
error Error conditions
info Informational messages
none No messages
notice Conditions that should be handled specially
warning Warning messages

Advertisements

Junos commands you might not aware of

So there is a Junos commands you might not aware of which can make your dealing with configuring a Junos device much easy and simple ! Lets take a look at some of them !

  • ‘rename’ command:

lab@ex-1# rename ge-0/0/6 unit 1 to unit 0

while configuring a switch , accidentally you configure unit 1 to an interface and you cannot commit the configuration because there no such a unit 1 with layer 2 interfaces on EX series switches . So instead of rolling back / deleting wrong configuration , you can simply rename the configuration to the correct one .

  • ‘wildcard’ command:

[edit interfaces]

lab@ex-1# wildcard delete ge-*

matched: ge-0/0/6

matched: ge-0/0/7

matched: ge-0/0/8

delete 3 objects? [yes,no] (no) yes

if you need to delete a lot of line that having something in common , like deleting gig interfaces , you can simply use the ‘wildcard’ command

  • pipe match pipe filter command

user@switch> show interfaces terse | match “interface|0/6|0/7″

Interface Admin Link Proto Local Remote
ge-0/0/6 up down
ge-0/0/6.0 up down eth-switch
ge-0/0/7 up up
ge-0/0/7.0 up up eth-switch

showing multiple matching outputs .

  • ‘copy’ commad

[edit interfaces]

# copy ge-0/0/6 to ge-0/0/7

The copy command duplicates an interface including any child statements such as description.

  • ‘replace’ commad

# replace pattern lopbck with loopback

Make global changes to text patterns in the configuration. For example, if you consistently misspell a word common to the description statement for all of the interfaces on your device, you can fix this mistake with a single command.

  • ‘insert’ command

[edit security policies]
# insert from-zone trust to-zone untrust policy 1 before policy 2

You can use the insert (before/after) to re-order policies instead of deleting and configuring again .

  • ‘refresh’ command

admin@FW> show chassis routing-engine | match Idle | refresh 5                                                         
—(refreshed at 2017-05-03 12:12:24 IDT)—
Idle                      14 percent
Idle                      74 percent
—(refreshed at 2017-05-03 12:12:29 IDT)—
Idle                      14 percent
Idle                      74 percent
—(*more 100%)—[abort]

This command will refresh the output ecery <n> seconds .

How to change Junos Space logo welcome page

First you need to do ‘inspect element’ to the page

1

2

[root@space-005056941e6f ~]# find / | grep junos_space_rgb_360x240.png

/usr/local/jboss/domain/tmp/servers/server1/vfs/deployment1c48889875ac1ea/systemService-web.war-9705d0aeabb62272/images/junos_space_rgb_360x240.png

/usr/local/jboss/domain/tmp/servers/server1/vfs/deployment1c48889875ac1ea/cmUI.war-3dcd1c3964e96143/images/junos_space_rgb_360x240.png

find: /proc/27145: No such file or directory

 

[root@space-005056941e6f ~]# cd /usr/local/jboss/domain/tmp/servers/server1/vfs/deployment1c48889875ac1ea/systemService-web.war-9705d0aeabb62272/images/

[root@space-005056941e6f images]# ls

background-aqua-2560×1458.jpg        bgd_gradient_fill.png    junos_space_rgb_1800x1200.png  login_button_62x24.png     preload

background-aqua-2560×1458.png        burst-space-192×180.png  junos_space_rgb_360x240.png    logo_juniper_reversed.png  rounded-blue-100×26-btn.png

background-aqua-login-2560×1458.png  gradient-background.png  login-aqua-2560×1458.png       logo-reversed.png

Login via WinSCP to the junos space machine . And remeber that you need to change the Shell Environment from Default to /bin/bash

9.png

3

Copy the logo to your PC and edit it

4

Don’t forget to backup the one you have on the Junos space machine (just rename it)

5

If you’re having a problem with permissions just run via the CLI those commands

6

[root@space-005056941e6f ~]# cd /usr/local/jboss/domain/tmp/servers/server1/vfs/deployment1c48889875ac1ea/systemService-web.war-9705d0aeabb62272/

[root@space-005056941e6f systemService-web.war-9705d0aeabb62272]# chmod 777 images/

7

8

SFP port not compatible with Transceiver module

So that just happened to me yesterday! let’s talk about it!

We had to connect one EX4200 switch to another EX4200 switch via the SFP port.

Now as you may know, the EX4200 had a 10gig SFP port , and we only had a 1000BASE-LX SFP Transceiver module (FTRJ1319P1BTL) . pluging that transceiver into the SFP port , but the port does not go up , no light , and when showing the interface we receive the following error: ‘device not found’ .

So, the temporary solution was, is to change the operating mode of the SFP port, using the following command:

# set chassis fpc 0 pic 1 sfpplus pic-mode 1g

GBIC

The-End 🙂

Configuring OTP SafeNet access in MAG device

First of all, There should two servers, SafeNet & LDAP/Radius server which is including all usernames and passwords. And SafeNet server should be configured to establish sync with LDAP/Radius server in order to pull out all usernames/password.

Second, check with which ports OTP is listening:

1

Now we should activate the username who’s going to establish the VPN connection via OTP .

2

3

Now we need to type the activation code received by the application:

4 >> 5 >> 6 >> 7

8.png

Now this is how to configure the OTP connection in the MAG:

9

10

  • The shared secret is what you determine in the OTP server settings, e.g SafeNet

13

Now you configure realm with correct authentication methods:

14

And all other roles and page policies …

16

How to view SFP info and properties in JunOS machine

In order to find out info of SFP installed in the Junos machine without taking out the SFP module, do the following commands:

  • Log in to the shell of the relevant FPC. For this example I’ll use fpc4:

master@SW-QFX5100> start shell pfe network fpc4

  • show sfp list

(vty)# show sfp list
SFP Toolkit summary:
wakeup count: 47223201, debug: 0, periodic enabled: 1, diagnostics enabled: 1
thread: 0x03deaa78, itable: 0x03ddd868, itable iterator: 0, sem: 0x03e36fe8
polling interval delay:  1000 ms, polling max cpu:  100 ms
poll for diags every  3 wakeups , SFPs polled for diags last time:  2
last periodic CPU time:    1 ms, maximum periodic CPU time:     82 ms
SFP Toolkit syslog throttling parameters:
period: 120 samples , disable threshold:  10, enable threshold   0

diag
Index   Name             Presence     ID Eprom  PNO         SNO          calibr
—–   ————–   ———-   ——–  ———-  ———– ——-
1   Uplink SFP+ PIC(2)      Present   Complete  740-021333  AB33333         int
2   Uplink SFP+ PIC(3)      Present   Complete  740-021222  AB22222         int

I2C Acceleration table
Index   Name             Presence     ID Eprom     Reg ID    I2C Master    I2C Group
—–   ————–   ———-   ——–    ——–    ————   ——-

(vty)# show sfp 1   ?
<carriage return>     Completes command
alarms                SFP diagnostics alarms
diagnostics           display diagnostic measurements and thresholds
info                  SFP information

  • You can use only “show sfp <index of installed sfp>” and you’ll get those kind of information for example:

2017-02-21_09h49_56

 

Cannot log to Space CLI after installation

First , in order to troubleshoot this issue , you need to be sure that ssh is enabled . How ?

  • power off the machine from VMware workstation or vSphere , or suspend it.
  • power it on
  • after entering user/pass , you’ll be asked to select which mode to enter , check security (5)
  • if appears disable ssh , then ssh is enabled . if not , then enable it .
  • if then is not your problem , then enter the debugging mode (7) and do the following:

write down the command : $ ls -al /etc/ssh/ssh*key

capture

if appears nothing , or zero as it shows in the picture , then you need to re-generate ssh key using the following command:

sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

and then click Enter twice .

This should solve your problem .

If not , back to “secuirty (5)” section , and try disabling firewall .

Note: For more information regarding ssh keys , visit the following site.