4.1 Monitoring with Operational Commands
Key Takeaways
- `show interfaces` reports administrative and physical link state, while `monitor interface` gives a live, refreshing counter view of one interface
- `show route` displays the routing-table view used by the Routing Engine, not the forwarding table programmed into the PFE
- `monitor traffic interface` runs an on-box tcpdump that captures only Routing Engine (host-bound) traffic, not transit traffic
- `ping` and `traceroute` accept a `source` and `routing-instance` option to test reachability from a specific address or VRF
- `show chassis environment` and `show chassis hardware` surface temperature, fan, power, and inventory data for hardware health checks
Why Operational Monitoring Matters on the Exam
The Operational Monitoring and Maintenance objective is roughly 13.5% of JNCIA-Junos. Many questions do not ask you to recall a command name; they show you sample operational output and ask what it means or which command produced it. Building the habit of reading show output carefully is the highest-leverage skill in this domain.
All monitoring commands run from operational mode (the > prompt). You do not need to enter configuration mode to inspect device state. Junos pipes (| match, | count, | display json) work on almost every operational command, which the exam expects you to recognize.
Interface Status: show interfaces and monitor interface
show interfaces is the core command for verifying connectivity. Two state lines matter most:
- Physical link state:
Physical link is UporDown(cable, optics, or remote side) - Admin state:
EnabledorAdministratively down(set by thedisablestatement under the interface)
An interface can be administratively enabled while its physical link is down, so always read both lines.
user@router> show interfaces ge-0/0/1 terse
Interface Admin Link Proto Local Remote
ge-0/0/1 up up
ge-0/0/1.0 up up inet 198.51.100.1/30
Use modifiers to control detail level:
| Command form | What it shows |
|---|---|
show interfaces terse | One-line summary, admin/link state, addresses |
show interfaces ge-0/0/1 | Default detail for one interface |
show interfaces ge-0/0/1 extensive | Full error, queue, and traffic counters |
show interfaces descriptions | Configured interface description text |
show interfaces diagnostics optics | Transceiver (optic) light levels |
monitor interface ge-0/0/1 opens a full-screen, auto-refreshing view of one interface, showing input/output rate and incrementing error counters in real time. monitor interface traffic shows a refreshing summary table for all interfaces. Press q to quit. Use monitor interface when you must watch counters change live; use show interfaces extensive for a static snapshot.
Routing and System State
show route displays the routing table (RIB) maintained by the Routing Engine (RE). This is the protocol/decision view. It is not the same as the forwarding table (FIB) programmed into the Packet Forwarding Engine (PFE); use show route forwarding-table to see what the PFE actually uses to switch packets.
user@router> show route 203.0.113.0/24
inet.0: 14 destinations, 14 routes (14 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
203.0.113.0/24 *[Static/5] 1d 02:14:33
> to 198.51.100.2 via ge-0/0/1.0
The [Static/5] field shows the protocol and its route preference (lower is preferred). The * marks the active route installed into the forwarding table.
Useful system status commands:
show system uptime- time since last reboot and last config commitshow system users- who is logged in and from whereshow system storage- filesystem usage (watch/varand/config)show system processes extensive- per-process CPU and memoryshow system alarmsandshow chassis alarms- active red/yellow alarms
On-Box Capture: monitor traffic
monitor traffic interface ge-0/0/1 runs a built-in packet capture (tcpdump-based). The exam stresses one critical limitation: it captures only traffic that is destined to or sourced from the Routing Engine (host-bound / exception traffic such as ping to the device, OSPF, SSH). It does not see normal transit traffic that the PFE forwards between interfaces. To inspect transit traffic you use firewall filters with sample/log/port-mirror actions instead.
Common options: no-resolve (skip DNS lookups), size <bytes> (capture length), count <n> (stop after n packets), and matching "<expr>" (tcpdump filter). Always exit with Ctrl+C so the capture stops cleanly.
Reachability Tools: ping and traceroute
Both run from operational mode and support options that the exam tests:
| Option | Effect |
|---|---|
count <n> | Send a fixed number of probes (default ping is continuous) |
source <addr> | Use a specific local source address |
routing-instance <name> | Test inside a routing instance / VRF |
rapid | Send probes quickly (ping) |
size <bytes> | Set payload size for MTU testing |
do-not-fragment | Set the DF bit for path-MTU testing |
Stop a continuous ping with Ctrl+C. traceroute reports each hop's address and round-trip time; * * * at a hop usually means ICMP TTL-exceeded replies are filtered, not necessarily a broken path.
Hardware and Environmental Health
For physical health checks, JNCIA-Junos expects familiarity with the show chassis family:
show chassis hardware- inventory: model, serial numbers, FRU (Field-Replaceable Unit) part numbersshow chassis environment- temperature sensors, fan speed/status, and power statusshow chassis routing-engine- RE CPU load, memory, and temperatureshow chassis fpc- status and memory of Flexible PIC Concentrators (line cards)show chassis alarms- active hardware alarms (a yellow alarm is minor; a red alarm is major)
If show chassis environment reports a fan as Failed or a temperature sensor in the danger range, that is a hardware-level alarm condition you would correlate with show chassis alarms output before any maintenance action.
An engineer runs monitor traffic interface ge-0/0/3 but sees no packets even though the link is forwarding heavy user traffic. Why?
Which command shows the routing table maintained by the Routing Engine (the protocol decision view) rather than the table programmed into the PFE?
You need to verify reachability to a remote host but the test must use a loopback address and run inside a customer VRF. Which ping options accomplish this?
An interface shows Physical link is Up but the interface is not passing traffic, and show interfaces terse lists Admin as down. What is the most likely cause?