Ways to access CLI
- Out-Of-Band - Using serial console port or management port.
- In-band - Using Telnet or SSH.
- In our terminal emulation program like putty or similar ones, we need to make sure that we have proper configuration in place.
- Bits per second: 9600
- Data bits: 8
- Pairty: None
- Stop bits: 1
- Flow control: Hardware
- In a brand new Junos device, by default it have an root user account with username as root and with no password by default.
- This root account cannot be deleted and it will have shell mode.
- % - says it’s a shell mode. We can go to operational mode by the command
Non Root Users.
- There is no non root users by default, we need to create them.
- There is no default permissions, we have to allocate to them.
- With non root user we will be placed in operational mode.
- > - says it’s a operational mode and can be accessible by the command
- These users can be deleted.
start shell user user-name - starts shell session with that user after prompting for password.
start shell - starts the default shell session with root.
cli to access operational mode
- prompt ends with %
- directly available to root user
- non-root user can enter by
start shell command from the operational mode.
To view configurations or to use network utilities like ssh, ping, telnet, traceroute, etc… It’s also used to Shutdown the device and view log files.
prompt ends with >
show interfaces to view all interfaces information and stats.
- Used to set configuration of device.
- prompt ends with #
- accessible by
- You can use ? to get all possible commands available at current combination.
- if you see a entry like
<[Enter]> it means the command is executable at current combination, else it needs more arguement(s).
- Both Tab and Space auto completes commands after matching a unique combination
- The key difference is, tab completion works for all while the space completion only auto completes the system commands.
- for example: In
show security policy policy-name command, upto
show security policy space completion as well as tab completion works fine.
- But the
policy-name arguement is something the user would have defined which is not available in the system by default.
- So space won’t work on user defined variables or stuffs.
- It’s good practice to make all the user defined stuffs in full caps seperated with hyphens.
ctrl + a - Moves to the beginning.
ctrl + e - Moves to the end.
ctrl + w - Erases word to the left.
ctrl + u - Erases entire line.
help topic - Usage guidelines for the statement. eg:
help topic interfaces family
help reference - Shows summary information about the statement. eg:
help reference security dns
help apropos - lists all commands and help text that contain a particular string. eg:
help apropos snmp the generic syntax is
help apropos <topic>
help syslog - info about system log messages. eg:
help syslog RT_FLOW_SESSION_CREATE gives meaning of the syslog message.
help tip cli - gives a random tip identified by a integer. eg:
help tip cli 4
show interfaces fe-0/0/* shows all interfaces with the wildcard-combo.
terse - displays least amount of information in a list format. eg:
show interfaces terse
brief - displays additional information about each element.
detail - displays most of the information about each element.
extensive - displays all information about each element.
- Use pipe to concat outputs and perform filtering on them
- the configuration that is currently active on the device.
- also the config that is loaded when the device is rebooted.
- A copy of the active config is created while editing.
- upon comitting or saving it, it becomes the active config.
// Enter configuration mode
# set system host-name SRX-ARJ
// changes the host-name.
- Shared configuration mode.
- Multiple users can edit simultaneously.
- When we commit, all changes made by all users are committed.
- While editing, it warns with list of peeps editing it at what hierarchy.
- Only one user is allowed to enter the exclusive config mode.
- Only the one with exclusive configuration rights can save changes.
- Multiple users can enter the mode, but each one has seperate candidate config for them to edit and work on.
- When committed, changes made by the private user is alone saved.
- When there is a conflicting configuration changes like both parties trying to edit same thing, the first commit takes precedence.
edit navigates to specific heirachy, eg:
edit security policies gives
[edit security policies from-zone trust to-zone untrust] hierarchy
up command takes us one level above the hierarchy.
up 2 can move up for 2 levels.
top comes up all the way to top of the hierarchy
exit configuration-mode takes you back to the operational mode.
From top of the configuration hierarchy
root@srx# set security policy from-zone trust to-zone untrust policy PERMIT-ALL match source-address any
root@srx# set security policy from-zone trust to-zone untrust policy PERMIT-ALL match destination-address any
It’s a very lengthy command which you have to use again and again by the up arrow and edit the last to complete a entire configuration or you can go with…
Item specific configuration hierarchy
root@srx# edit security policy from-zone trust to-zone untrust policy ALLOW-ALL
[edit security policy from-zone trust to-zone untrust policy ALLOW-ALL]
root@srx# set match source-address any
root@srx# set match destination-address any
Now the edit takes place in the specific hierarchy. The hierarchy can be noticed in the square braces
 Note: that we used
edit command to navigate into the hierarchy
Key benefits are:
- Reduces length of commands.
- Only commands specific to the hierarchy are shown.
- Output is reducded to only items under hierarchy.
commit command saves the candidate configuration as the active configuration.
- Before comitting, Junos performs a commit check to look for syntax errors.
- To manually run a check you can use
commit check command.
show | compare to view changes before committing.
- You can schedule a commit using
commit at "YYYY-MM-DD 15:00" command
- To clear pending commit,
clear system commit in operational mode.
commit confirmed command to commit changes termprorily (10 Minutes) and then require confirmation before making changes permanent. If not the commit will be rolled back automatically.
commit confirmed 2 will stay for 2 minutes. You can choose from 1-65535
commit and-quit to commit changes and return to operational mode.
commit comment leaves a message in the commit history, just to keep good track of commits and their purpose.
show system commit shows commit history in the operational mode.
- Stores upto 50 committed versions of the configurations - these can be used to rollback
- The version numbers ranges from 0-49 where 0 is the most recent configuration - the active configuration. So if you did something wrong in the commit, you can
rollback 0 to save yourself lol.
- After rollback, we should follow it up with a
- We can set no. of rollback by
set system max-configuration-rollback 8 fixes to 8 configs (0-7).
- comapre two rollbacks like
show system rollback comapre 5 9 comapres rollback versions 5 and 9.
Junos Configuration Files
save filename to save the configuration, by default to the
file compare files filename1 filename2 to compare any two saved configs. filename1 is compared to filename2 not vice versa.
- As a root user, you can compare your configs with other user’s configs too which is not possible as a non-root user.
1c1 indicates there is a level 1 Changes in both File1 and File2
106,131d105 deletion is denoted by character d and addition is represented by a
- Left angular bracket corresponds to the 1st file <
- Right angular bracket corresponds to the 2nd file >
- Observe how the output changed in reverse if we swap the filename1 and filename2.
- You can use
file compare files file1 file2 context to get a contexual output like: deletion means minus sign (-), addition is (+) and (!) exclamation for change.
- To check integrity you can use
file checksum md5 filename. Useful when you are transferring other places or archiving the config files, you can recompute and check for corruption.
- You can rename files with
file rename file1 file01
- You can create a archive with
file archive command either locally to the filename or remotely to a URL.
Used to load configuration from a saved file
load override - discards the current candidate config and loads config from the file.
load merge - merges configs from the saved file with the existing candidate config. In case of conflicts, The statements in the saved configuration file will override those in the existing candidate config
load replace - looks for the replace tags in the loaded file, and replaces parts of the candidate config with whatever is specified after the tag. Deletes anything after the replace tag and replaces it.
- If there is no portion like fe-0/0/1, the stuffs will just be simply added and results in same output.
load set - loads a configuration that contains “Set” commands. This executes the config instruction line by line as they are stored in the file. Use
commit command to commit the changes after loading.
load patch - imagine you have a config to be applied in several machines, apply on one device then use
show | compare to get the File Contents and copy it. use
load patch in all other devices with the output.
- GUI of the Junos device.
- Monitor, configurem troubleshoot and manage the device using a web browser that supports HTTP and HTTPS.
- All configuration statements that works on CLI are supported.
- Provided by the Routing Engine, infact both CLI and GUI.