The Junos OS routing process architecture is handled by two components:
* Routing Engine (RE)
* Packet Forwarding Engine (PFE)
Routing Engine (RE)
The Routing Engine (RE) controls the routing updates and the system management. The Routing Engine consists of routing protocol software processes running inside a protected memory environment on a general-purpose computer platform. The Routing Engine handles all of the routing protocol processes and other software processes that control the routers’ interfaces, some of the chassis components, system management, and user access to the router. These routers and software processes run on top of a kernel that interacts with the Packet Forwarding Engine.
Packet Forwarding Engine (PFE)
The Packet Forwarding Engine (PFE) uses application-specific integrated circuits (ASICs) to perform Layer 2 and Layer 3 packet switching, route lookups, and packet forwarding. The Packet Forwarding Engine forwards packets between input and output interfaces.
Below are some useful commands when navigating the Junos command line interface (CLI).
jadmin@JR-1> start shell
% // UNIX SHELL MODE
% ps ?
ps: illegal option -- q
usage: ps [-aCcefHhjlmrSTuvwXxZ] [-O fmt | -o fmt] [-G gid[,gid...]]
[-M core] [-N system]
[-p pid[,pid...]] [-t tty[,tty...]] [-U user[,user...]]
ps [-L]
ps [-Jp]
% ps -aux // VIEW CPU AND MEMORY USAGE
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 11 88.9 0.0 0 12 ?? RL 5:30PM 23:03.40 [idle]
root 12 6.2 0.0 0 12 ?? WL 5:30PM 0:32.20 [swi7: clock sio
root 1327 0.0 1.1 11456 5676 ?? S 5:30PM 0:04.32 /usr/sbin/l2ald
root 0 0.0 0.0 0 0 ?? WLs 5:30PM 0:00.00 [swapper]
root 1 0.0 0.1 1400 728 ?? ILs 5:30PM 0:00.05 /packages/mnt/jb
root 2 0.0 0.0 0 12 ?? DL 5:30PM 0:00.93 [g_event]
root 3 0.0 0.0 0 12 ?? DL 5:30PM 0:01.20 [g_up]
root 4 0.0 0.0 0 12 ?? DL 5:30PM 0:01.36 [g_down]
root 5 0.0 0.0 0 12 ?? DL 5:30PM 0:00.00 [thread taskq]
root 6 0.0 0.0 0 12 ?? DL 5:30PM 0:00.00 [kqueue taskq]
root 7 0.0 0.0 0 12 ?? DL 5:30PM 0:00.03 [pagedaemon]
root 8 0.0 0.0 0 12 ?? DL 5:30PM 0:00.00 [vmdaemon]
root 9 0.0 0.0 0 12 ?? DL 5:30PM 0:00.15 [pagezero]
root 10 0.0 0.0 0 12 ?? DL 5:30PM 0:00.00 [ktrace]
root 13 0.0 0.0 0 12 ?? WL 5:30PM 0:00.00 [swi6: vm]
root 14 0.0 0.0 0 12 ?? WL 5:30PM 0:00.04 [swi2: netisr 0]
root 15 0.0 0.0 0 12 ?? DL 5:30PM 0:01.04 [yarrow]
root 16 0.0 0.0 0 12 ?? WL 5:30PM 0:00.00 [swi9: +]
root 17 0.0 0.0 0 12 ?? WL 5:30PM 0:00.00 [swi8: +]
root 18 0.0 0.0 0 12 ?? WL 5:30PM 0:00.00 [swi5: cambio]
root 19 0.0 0.0 0 12 ?? WL 5:30PM 0:00.00 [swi9: task queu
root 20 0.0 0.0 0 12 ?? WL 5:30PM 0:00.07 [irq14: ata0]
root 21 0.0 0.0 0 12 ?? WL 5:30PM 0:00.00 [irq15: ata1]
root 22 0.0 0.0 0 12 ?? WL 5:30PM 0:00.13 [irq9: em0]
root 23 0.0 0.0 0 12 ?? WL 5:30PM 0:00.01 [irq1: atkbd0]
root 24 0.0 0.0 0 12 ?? WL 5:30PM 0:00.00 [irq12: psm0]
root 25 0.0 0.0 0 12 ?? WL 5:30PM 0:00.00 [swi0: sio]
root 26 0.0 0.0 0 12 ?? WL 5:30PM 0:00.00 [swi3: ip6opt ip
root 27 0.0 0.0 0 12 ?? WL 5:30PM 0:00.00 [swi4: ip6mismat
root 28 0.0 0.0 0 12 ?? WL 5:30PM 0:00.00 [swi1: ipfwd]
root 29 0.0 0.0 0 12 ?? DL 5:30PM 0:00.11 [bufdaemon]
root 30 0.0 0.0 0 12 ?? DL 5:30PM 0:00.14 [syncer]
root 31 0.0 0.0 0 12 ?? DL 5:30PM 0:00.12 [vnlru]
root 32 0.0 0.0 0 12 ?? DL 5:30PM 0:00.06 [vnlru_mem]
root 33 0.0 0.0 0 12 ?? DL 5:30PM 0:00.09 [softdepflush]
root 34 0.0 0.0 0 12 ?? DL 5:30PM 0:00.00 [netdaemon]
root 35 0.0 0.0 0 12 ?? DL 5:30PM 0:00.00 [if_pfe_listen]
root 36 0.0 0.0 0 12 ?? IL 5:30PM 0:00.00 [kern_dump_proc]
root 37 0.0 0.0 0 12 ?? DL 5:30PM 0:00.00 [if_pic_listen0]
root 38 0.0 0.0 0 12 ?? DL 5:30PM 0:00.00 [cb_poll]
root 39 0.0 0.0 0 12 ?? DL 5:30PM 0:00.00 [kern_pir_proc]
root 40 0.0 0.0 0 12 ?? DL 5:30PM 0:00.07 [vmuncachedaemon
root 41 0.0 0.0 0 12 ?? DL 5:30PM 0:00.10 [vmkmemdaemon]
root 42 0.0 0.0 0 12 ?? DL 5:30PM 0:00.00 [scs_housekeepin
root 43 0.0 0.0 0 12 ?? IL 5:30PM 0:00.00 [nfsiod 0]
root 44 0.0 0.0 0 12 ?? IL 5:30PM 0:00.00 [nfsiod 1]
root 45 0.0 0.0 0 12 ?? IL 5:30PM 0:00.00 [nfsiod 2]
root 46 0.0 0.0 0 12 ?? IL 5:30PM 0:00.00 [nfsiod 3]
root 47 0.0 0.0 0 12 ?? DL 5:30PM 0:00.12 [schedcpu]
root 48 0.0 0.0 0 12 ?? DL 5:30PM 0:00.46 [md0]
root 78 0.0 0.0 0 12 ?? DL 5:30PM 0:00.02 [md1]
root 98 0.0 0.0 0 12 ?? DL 5:30PM 0:00.00 [md2]
root 114 0.0 0.0 0 12 ?? DL 5:30PM 0:00.10 [md3]
root 134 0.0 0.0 0 12 ?? DL 5:30PM 0:01.75 [md4]
root 154 0.0 0.0 0 12 ?? DL 5:30PM 0:00.33 [md5]
root 174 0.0 0.0 0 12 ?? DL 5:30PM 0:00.00 [md6]
root 190 0.0 0.0 0 12 ?? DL 5:30PM 0:04.97 [md7]
root 230 0.0 0.0 0 12 ?? DL 5:30PM 0:00.01 [md8]
root 242 0.0 0.0 0 12 ?? DL 5:30PM 0:00.01 [md9]
root 1254 0.0 0.0 0 12 ?? DL 5:30PM 0:00.00 [kresrsv]
root 1259 0.0 0.2 1684 1260 ?? Is 5:30PM 0:00.01 /usr/sbin/cron
root 1315 0.0 0.2 1560 780 ?? S 5:30PM 0:00.01 /sbin/watchdog -
root 1316 0.0 0.2 1772 1168 ?? S 5:30PM 0:02.44 /usr/libexec/bsl
root 1317 0.0 0.2 1720 1132 ?? I 5:30PM 0:00.00 /usr/sbin/tnetd
root 1318 0.0 1.0 28376 5028 ?? S 5:30PM 0:00.80 /sbin/dcd -N
root 1319 0.0 1.2 111760 6212 ?? S 5:30PM 0:00.13 /usr/sbin/chassi
root 1320 0.0 0.5 6604 2596 ?? S 5:30PM 0:01.33 /usr/sbin/alarmd
root 1322 0.0 0.4 2328 2244 ?? S 5:30PM 0:00.17 /usr/sbin/xntpd
root 1323 0.0 4.0 27312 20488 ?? I 5:30PM 0:00.09 /usr/sbin/mgd -N
root 1324 0.0 1.6 12188 8300 ?? S 5:30PM 0:00.27 /usr/sbin/snmpd
root 1325 0.0 1.4 16556 7108 ?? S 5:30PM 0:04.11 /usr/sbin/mib2d
root 1326 0.0 2.1 42536 10736 ?? S 5:30PM 0:00.56 /usr/sbin/rpd -N
root 1328 0.0 0.3 3068 1496 ?? I 5:30PM 0:00.00 /usr/sbin/inetd
root 1329 0.0 0.6 6632 3312 ?? S< 5:30PM 0:00.09 /usr/sbin/apsd -
root 1330 0.0 0.2 1836 1144 ?? I 5:30PM 0:00.00 /usr/sbin/tnp.sn
root 1331 0.0 0.9 10256 4644 ?? S 5:30PM 0:00.90 /usr/sbin/pfed -
root 1332 0.0 0.8 7520 3988 ?? S 5:30PM 0:00.09 /usr/sbin/rmopd
root 1333 0.0 1.0 10676 5144 ?? S 5:30PM 0:00.09 /usr/sbin/cosd
root 1334 0.0 0.6 5700 3300 ?? S 5:30PM 0:00.05 /usr/sbin/ppmd -
root 1335 0.0 0.5 4532 2616 ?? I 5:30PM 0:00.00 /usr/sbin/lmpd
root 1336 0.0 0.2 1780 1220 ?? I 5:30PM 0:00.00 /usr/sbin/smartd
root 1337 0.0 1.0 14792 5144 ?? S 5:30PM 0:00.03 /usr/sbin/dfwd -
root 1338 0.0 0.5 4464 2644 ?? S 5:30PM 0:00.96 /usr/sbin/irsd -
root 1339 0.0 0.3 3288 1560 ?? I 5:30PM 0:00.00 /usr/sbin/rtspd
root 1340 0.0 0.5 4404 2576 ?? I 5:30PM 0:00.01 /usr/sbin/fsad -
root 1341 0.0 0.7 7284 3688 ?? S 5:30PM 0:00.11 /usr/sbin/bfdd -
root 1342 0.0 0.6 6620 2852 ?? I 5:30PM 0:00.01 /usr/sbin/rdd -N
root 1343 0.0 0.5 4712 2732 ?? I 5:30PM 0:00.01 /usr/sbin/pppd -
root 1344 0.0 1.5 12900 7508 ?? S 5:30PM 0:00.13 /usr/sbin/dfcd -
root 1345 0.0 0.5 4476 2492 ?? I 5:30PM 0:00.00 /usr/sbin/oamd -
root 1346 0.0 0.5 4624 2712 ?? S 5:30PM 0:00.24 /usr/sbin/lfmd -
root 1347 0.0 0.4 4432 2260 ?? I 5:30PM 0:00.00 /usr/sbin/mplsoa
root 1348 0.0 0.6 5964 3096 ?? I 5:30PM 0:00.00 /usr/sbin/sendd
root 1349 0.0 0.5 6164 2400 ?? S 5:30PM 0:00.05 /usr/sbin/smid -
root 1350 0.0 0.5 4320 2360 ?? I 5:30PM 0:00.00 /usr/sbin/relayd
root 1351 0.0 0.5 7396 2472 ?? I 5:30PM 0:05.27 /usr/sbin/jddosd
root 1352 0.0 0.5 11420 2788 ?? S 5:30PM 0:03.76 /usr/sbin/shm-rt
root 1353 0.0 0.8 7612 3884 ?? S 5:30PM 0:00.75 /usr/sbin/pkid -
root 1354 0.0 0.5 4344 2436 ?? I 5:30PM 0:00.00 /usr/sbin/mspd -
root 1355 0.0 0.7 8100 3460 ?? S 5:30PM 0:00.09 /usr/sbin/smihel
root 1480 0.0 4.1 27376 20812 ?? Is 5:30PM 0:00.00 mgd: (mgd) (jadm
root 1483 0.0 0.3 1956 1388 ?? Ss 5:30PM 0:00.02 telnetd
root 1486 0.0 0.8 27376 3976 ?? Is 5:30PM 0:00.00 mgd: (mgd) (jadm
root 1356 0.0 0.3 1984 1464 v0 Is+ 5:30PM 0:00.01 login [pam] (log
jadmin 1479 0.0 2.5 18184 12576 v0 S+ 5:30PM 0:00.06 -cli (cli)
root 1073 0.0 0.5 4652 2760 d0- S 5:30PM 0:00.06 /usr/sbin/eventd
root 1357 0.0 0.2 1772 1180 d0 Is+ 5:30PM 0:00.00 /usr/libexec/get
root 1484 0.0 0.3 1988 1584 p0 Is 5:30PM 0:00.01 login [pam] (log
jadmin 1485 0.0 2.5 18184 12672 p0 I 5:30PM 0:00.09 -cli (cli)
jadmin 1506 0.0 0.3 2064 1332 p0 I 5:53PM 0:00.00 sh -c /bin/csh
jadmin 1507 0.0 0.5 3852 2652 p0 S 5:53PM 0:00.01 /bin/csh
jadmin 1509 0.0 0.2 1888 1216 p0 R+ 5:54PM 0:00.00 ps -aux
% exit // TYPE exit OR cli TO RETRUN TO OPERATIONAL MODE
exit
% cli
jadmin@JR-1> // OPERATIONAL MODE
jadmin@JR1> configure // TYPE configure OR edit TO ENTER CONFIGURATION/EDIT MODE
Entering configuration mode
The configuration has been changed but not committed
[edit]
jadmin@JR1# // CONFIGURATION MODE
jadmin@JR-1> edit
Entering configuration mode
[edit]
jadmin@JR-1#
jadmin@JR1> ? // TYPE ? FOR CLI CONTEXT-SENSITIVE HELP
Possible completions:
clear Clear information in the system
configure Manipulate software configuration information
file Perform file operations
help Provide help information
monitor Show real-time debugging information
mtrace Trace multicast path from source to receiver
op Invoke an operation script
ping Ping remote target
quit Exit the management session
request Make system-level requests
restart Restart software process
set Set CLI properties, date/time, craft interface message
show Show system information
ssh Start secure shell on another host
start Start shell
telnet Telnet to another host
test Perform diagnostic debugging
traceroute Trace route to remote host
jadmin@JR1> help topic interfaces address // USE help topic FOR COMMAND USAGE GUIDE
Configuring the Interface Address
You assign an address to an interface by specifying the address when
configuring the protocol family. For the inet or inet6 family, configure
the interface IP address. For the iso family, configure one or more
addresses for the loopback interface. For the ccc, ethernet-switching,
tcc, mpls, tnp, and vpls families, you never configure an address.
+------------------------------------------------------------------------+
| | The point-to-point (PPP) address is taken from the loopback |
| Note: | interface address that has the primary attribute. When the |
| | loopback interface is configured as an unnumbered interface, |
| | it takes the primary address from the donor interface. |
+------------------------------------------------------------------------+
To assign an address to an interface, include the address statement:
address address {
broadcast address;
destination address;
destination-profile name;
eui-64;
preferred;
primary;
}
You can include these statements at the following hierarchy levels:
* [edit interfaces interface-name unit logical-unit-number family
family]
* [edit logical-systems logical-system-name interfaces interface-name
unit logical-unit-number family family]
In the address statement, specify the network address of the interface.
For each address, you can optionally configure one or more of the
following:
* Broadcast address for the interface subnet-Specify this in the
broadcast statement; this applies only to Ethernet interfaces, such as
the management interface fxp0, em0, or me0 the Fast Ethernet
interface, and the Gigabit Ethernet interface.
* Address of the remote side of the connection (for point-to-point
interfaces only)-Specify this in the destination statement.
* PPP properties to the remote end-Specify this in the
destination-profile statement. You define the profile at the [edit
access group-profile name ppp] hierarchy level (for point-to-point
interfaces only).
* Whether the router or switch automatically generates the host number
portion of interface addresses-The eui-64 statement applies only to
interfaces that carry IPv6 traffic, in which the prefix length of the
address is 64 bits or less, and the low-order 64 bits of the address
are zero. This option does not apply to the loopback interface (lo0)
because IPv6 addresses configured on the loopback interface must have
a 128-bit prefix length.
+-------------------------------------------------------------+
| Note: | IPv6 is not currently supported for the QFX Series. |
+-------------------------------------------------------------+
* Whether this address is the preferred address-Each subnet on an
interface has a preferred local address. If you configure more than
one address on the same subnet, the preferred local address is chosen
by default as the source address when you originate packets to
destinations on the subnet.
By default, the preferred address is the lowest-numbered address on
the subnet. To override the default and explicitly configure the
preferred address, include the preferred statement when configuring
the address.
* Whether this address is the primary address-Each interface has a
primary local address. If an interface has more than one address, the
primary local address is used by default as the source address when
you send packets from an interface where the destination provides no
information about the subnet (for example, some ping commands).
By default, the primary address on an interface is the lowest-numbered
non-127 (in other words, non-loopback) preferred address on the interface.
To override the default and explicitly configure the preferred address,
include the primary statement when configuring the address.
* Configuring Interface IPv4 Addresses
* Configuring Interface IPv6 Addresses
Related-Topics
* Configuring IPCP Options
* Configuring Default, Primary, and Preferred Addresses and
Interfaces
jadmin@JR1> help reference interfaces address // USE help reference FOR COMMAND SYNTAX INFO
address
Syntax
address address {
arp ip-address (mac | multicast-mac) mac-address <publish>;
broadcast address;
destination address;
destination-profile name;
eui-64;
master-only;
multipoint-destination address dlci dlci-identifier;
multipoint-destination address {
epd-threshold cells;
inverse-arp;
oam-liveness {
up-count cells;
down-count cells;
}
oam-period (disable | seconds);
shaping {
(cbr rate | rtvbr peak rate sustained rate burst length |
vbr peak rate sustained rate burst length);
queue-length number;
}
vci vpi-identifier.vci-identifier;
}
primary;
preferred;
(vrrp-group | vrrp-inet6-group) group-number {
(accept-data | no-accept-data);
advertise-interval seconds;
authentication-type authentication;
authentication-key key;
fast-interval milliseconds;
(preempt | no-preempt) {
hold-time seconds;
}
priority-number number;
track {
priority-cost seconds;
priority-hold-time interface-name {
interface priority;
bandwidth-threshold bits-per-second {
priority;
}
}
route ip-address/mask routing-instance instance-name
priority-cost cost;
}
virtual-address [ addresses ];
}
}
Hierarchy Level
[edit interfaces interface-name unit logical-unit-number family family],
[edit logical-systems logical-system-name interfaces interface-name unit
logical-unit-number family family]
Release Information
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for QFX Series switches.
Description
Configure the interface address.
+----------------------------------------------------------------------+
| Note: | The vrrp High Availability functionality is not available |
| | for the QFX Series switches |
+----------------------------------------------------------------------+
Options
address-Address of the interface.
The remaining statements are explained separately.
+----------------------------------------------------------------------+
| Note: | The edit logical-systems hierarchy is not available on |
| | QFabric switches. |
+----------------------------------------------------------------------+
Required Privilege Level
interface-To view this statement in the configuration.
interface-control-To add this statement to the configuration.
Related-Topics
* Configuring the Protocol Family
* negotiate-address
* unnumbered-address (Ethernet)
* Junos OS System Basics Configuration Guide
jadmin@JR1> help apropos interfaces // USE help apropos TO DISPLAY CONTEXT RELEVANT TO THE CONFIG HIERARCH
monitor interface traffic
Show traffic data for busiest interfaces
clear auto-configuration interfaces
Clear interfaces
clear dhcp relay binding <interfaces-wildcard>
Interfaces to clear bindings on (can be '*' wildcard)
clear dhcp relay binding <interfaces-vlan>
Interface VLAN-ID/SVLAN-ID on which to clear bindings
clear dhcp server binding <interfaces-wildcard>
Interfaces to clear bindings on (can be '*' wildcard)
clear dhcp server binding <interfaces-vlan>
Interface VLAN-ID/SVLAN-ID on which to clear bindings
clear dhcpv6 relay binding <interfaces-wildcard>
Interfaces to clear bindings on (can be '*' wildcard)
clear dhcpv6 relay binding <interfaces-vlan>
Interface VLAN-ID/SVLAN-ID on which to clear bindings
clear dhcpv6 server binding <interfaces-wildcard>
Interfaces to clear bindings on (can be '*' wildcard)
clear dhcpv6 server binding <interfaces-vlan>
Interface VLAN-ID/SVLAN-ID on which to clear bindings
clear lacp statistics interfaces
Clear LACP interface statistics
clear interfaces
Clear interface information
clear interfaces statistics all
Clear statistics for all interfaces
clear interfaces interface-set statistics all
Clear statistics for all interfaces
clear interfaces mac-database statistics all
Clear mac level statistics for all interfaces
clear pppoe lockout
Clear lockout timers on all interfaces
clear pppoe lockout underlying-interfaces <underlying-interfaces>
Name of PPPoE underlying logical interface
clear pppoe sessions
Clear sessions on all interfaces
clear pppoe statistics
Clear sum of statistics of all interfaces
clear pppoe statistics interfaces
Clear interface information
show interfaces
Show interface information
show mpls interface
Show MPLS interfaces
jadmin@JR1# edit system login
[edit system login]
jadmin@JR1# set user ?
Possible completions:
<user-name> User name (login)
jadmin User name (login)
[edit system login]
jadmin@JR1# set user jadmin2 ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> authentication Authentication method
class Login class
full-name Full name
uid User identifier (uid) (100..64000)
[edit system login]
jadmin@JR1# set user jadmin2 class ?
Possible completions:
<class> Login class
juniper
operator permissions [ clear network reset trace view ]
read-only permissions [ view ]
read-only-local
super-user permissions [ all ]
unauthorized permissions [ none ]
[edit system login]
jadmin@JR1# set user jadmin2 class super-user ?
Possible completions:
<[Enter]> Execute this command
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> authentication Authentication method
full-name Full name
uid User identifier (uid) (100..64000)
| Pipe through a command
[edit system login]
jadmin@JR1# set user jadmin2 class super-user
jadmin@JR1# show
message "Juniper VM Lab";
class juniper {
permissions [ reset view view-configuration ];
}
class read-only-local {
permissions clear;
}
user jadmin {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$fpL79wTL$N5K0n6DSzJIGNn0lJ0NDW/"; ## SECRET-DATA
}
}
user jadmin2 {
uid 2001;
class super-user;
}
jadmin@JR1# edit user ?
Possible completions:
<user-name> User name (login)
jadmin User name (login)
jadmin2 User name (login)
[edit system login]
jadmin@JR1# edit user jadmin2 ?
Possible completions:
<[Enter]> Execute this command
> authentication Authentication method
| Pipe through a command
[edit system login]
jadmin@JR1# set ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
encrypted-password Encrypted password string
load-key-file File (URL) containing one or more ssh keys
plain-text-password Prompt for plain text password (autoencrypted)
> ssh-dsa Secure shell (ssh) DSA public key string
> ssh-rsa Secure shell (ssh) RSA public key string
[edit system login user jadmin2 authentication]
jadmin@JR1# set plain-text-password
New password:
Retype new password:
[edit system login user jadmin2 authentication]
jadmin@JR1>
configure // ENTER CONFIGURATION MODE;
IT WILL ALSO INDICATE IF ANOTHER USER IS LOGGED IN AND WHAT PORTION IN THE CONFIG HIERARCHY
Entering configuration mode
Users currently editing the configuration:
jadmin2 terminal p2 (pid 8444) on since 2020-10-13 03:09:03 UTC
[edit system login]
[edit]
jadmin@JR1> configure ?
Possible completions:
<[Enter]> Execute this command
batch Work in batch mode (commit happens in batch)
dynamic Work in dynamic database
exclusive Obtain exclusive lock (other users cannot make changes)
private Work in private database (other's changes do not show)
| Pipe through a command
jadmin@JR1> configure exclusive // ALLOW ONLY A SINGLE USER TO EDIT CONFIGURATION
warning: uncommitted changes will be discarded on exit
Entering configuration mode
Users currently editing the configuration:
jadmin2 terminal p2 (pid 8444) on since 2020-10-13 03:09:03 UTC, idle 00:02:04
[edit system login]
[edit]
jadmin@JR1# set services telnet connection-limit 3
jadmin@JR1# show
host-name JR1;
authentication-order radius;
location {
building SG_DC;
floor 6;
<SNIP>
services { // HIERARCHICAL CONFIGURATION FILE
ssh {
root-login allow;
}
telnet {
connection-limit 3;
jadmin@JR1# edit system login // MOVE DOWN THE CONFIGURATION HIERARCHY
[edit system]
jadmin@JR1# up // MOVE UP ONE LEVEL IN THE HIERARCHICAL POSITION
[edit]
jadmin@JR-1# edit protocols
[edit protocols]
jadmin@JR-1# edit ospf
[edit protocols ospf]
jadmin@JR-1# up ?
Possible completions:
<[Enter]> Execute this command
<number> Numeric argument
| Pipe through a command
[edit protocols ospf]
jadmin@JR-1# up 2 // MOVE UP TO THE SPECIFIED NUMBER OF HIERARCHY LEVELS
[edit]
[edit interfaces interface-set em0]
jadmin@JR1# top // QUICKLY MOVE TO THE TOP MOST OF THE CONFIGURATION HIERARCHY
[edit]
[edit interfaces interface-set em0]
jadmin@JR1# top edit system // YOU CAN COMOBINE top WITH edit and show COMMANDS
[edit system]
[edit interfaces interface-set em0]
jadmin@JR1# top show system services
ssh {
root-login allow;
}
telnet {
connection-limit 3;
}
[edit system login]
jadmin@JR1# exit // MOVE TO THE PREVIOUS HIGHER LEVEL IN THE CONFIGURATION HIERARCHY
[edit]
jadmin@JR1# exit configuration-mode // EXIT AND RETURN TO OPERATIONAL MODE
The configuration has been changed but not committed
Exiting configuration mode
jadmin@JR1>
jadmin@JR1# edit system services
[edit system services]
jadmin@JR1# show
ssh {
root-login allow;
}
telnet {
connection-limit 3;
}
[edit system services]
jadmin@JR1# set ftp // ADD COMMAND
[edit system services]
jadmin@JR1# show
ftp;
ssh {
root-login allow;
}
telnet {
connection-limit 3;
}
[edit system services]
jadmin@JR1# delete ftp // REMOVE COMMAND
[edit system services]
jadmin@JR1# show
ssh {
root-login allow;
}
telnet {
connection-limit 3;
}
[edit system services]
jadmin@JR1# edit interfaces
[edit interfaces]
jadmin@JR1# set em0 disable // DISABLE OR SHUTDOWN INTERFACE
[edit interfaces]
jadmin@JR1#
delete em0 disable // ENABLE OR UNSHUT INTERFACE
jadmin@JR1> show interfaces terse // DISPLAY INTERFACE STATUS AND IP ADDRESS; SIMILAR TO CISCO show ip interface brief
Interface Admin Link Proto Local Remote
cbp0 up up
demux0 up up
dsc up up
em0 up up
em0.0 up up inet 10.1.1.1/24
gre up up
ipip up up
irb up up
lo0 up up
lo0.0 up up inet 192.168.1.1 --> 0/0
192.168.100.1/30
lo0.16384 up up inet 127.0.0.1 --> 0/0
lo0.16385 up up inet 128.0.0.4 --> 0/0
inet6 fe80::a00:270f:fca6:33e8
lsi up up
mtun up up
pimd up up
pime up up
pip0 up up
pp0 up up
tap up up
jadmin@JR1> configure
Entering configuration mode
Users currently editing the configuration:
jadmin terminal p1 (pid 7967) on since 2020-10-13 03:41:32 UTC, idle 01:43:03
[edit interfaces]
The configuration has been changed but not committed
jadmin@JR1# edit interfaces
jadmin@JR1# deactivate lo0 unit 0 // IGNORE CONFIGURATION STATEMENT
[edit interfaces]
jadmin@JR1# commit
commit complete
[edit interfaces]
jadmin@JR1# run show interfaces terse // ISSUE A run <SHOW COMMAND> TO EXECUTE OPERATIONAL MODE COMMAND WITHOUT EXITING THE CURRENT CONFIG HIERARCHY; SIMILAR TO CISCO do COMMAND
Interface Admin Link Proto Local Remote
cbp0 up up
demux0 up up
dsc up up
em0 up up
em0.0 up up inet 10.1.1.1/24
gre up up
ipip up up
irb up up
lo0 up up
lo0.16384 up up inet 127.0.0.1 --> 0/0
lo0.16385 up up inet 128.0.0.4 --> 0/0
inet6 fe80::a00:270f:fca6:33e8
lsi up up
mtun up up
pimd up up
pime up up
pip0 up up
pp0 up up
tap up up
[edit interfaces]
jadmin@JR1# activate lo0 unit 0
[edit interfaces]
jadmin@JR1# commit
commit complete
[edit interfaces]
jadmin@JR1# run show interfaces terse
Interface Admin Link Proto Local Remote
cbp0 up up
demux0 up up
dsc up up
em0 up up
em0.0 up up inet 10.1.1.1/24
gre up up
ipip up up
irb up up
lo0 up up
lo0.0 up up inet 192.168.1.1 --> 0/0
192.168.100.1/30
lo0.16384 up up inet 127.0.0.1 --> 0/0
lo0.16385 up up inet 128.0.0.4 --> 0/0
inet6 fe80::a00:270f:fca6:33e8
lsi up up
mtun up up
pimd up up
pime up up
pip0 up up
pp0 up up
tap up up
[edit interfaces]
jadmin@JR1# edit system
[edit system]
jadmin@JR1# annotate name-server "Google Public DNS" // ADD A COMMENT
[edit system]
jadmin@JR1# show
host-name JR1;
authentication-order radius;
location {
building SG_DC;
floor 6;
}
root-authentication {
encrypted-password "$1$QV3m4eVt$WwDUS8SlWGXmL4XKEY4.F1"; ## SECRET-DATA
}
/* Google Public DNS */
name-server {
8.8.8.8;
<OUTPUT TRUNCATED>
[edit]
jadmin@JR1# show system services // DISPLAY THE PORTION OF THE OUTPUT THAT YOU'RE CONCERN FROM THE ROOT HIERARCHY
ssh {
root-login allow;
}
telnet {
connection-limit 3;
}
jadmin@JR1# edit system services // EDIT AT A SPECIFIC CONFIG HIERARCHY
[edit system services]
jadmin@JR1# show // DISPLAY OUTPUT AT THE CURRENT CONFIG HIERARCHY
ssh {
root-login allow;
}
telnet {
connection-limit 3;
}
[edit]
jadmin@JR1# show system services | display set // DISPLAY ONLY set COMMANDS; SIMILAR TO CISCO show <COMMAND> | include <REGEX>
set system services ssh root-login allow
set
system services telnet connection-limit 3
jadmin@JR1# set system host-name JR-1
[edit]
jadmin@JR1# commit ?
Possible completions:
<[Enter]> Execute this command
and-quit Quit configuration mode if commit succeeds
at Time at which to activate configuration changes
check Check correctness of syntax; do not apply changes
comment Message to write to commit log
confirmed Automatically rollback if not confirmed
| Pipe through a command
[edit]
jadmin@JR1# commit confirmed // USE IF CONFIGURING REMOTELY
commit confirmed will be automatically rolled back in 10 minutes unless confirmed
commit complete
# commit confirmed will be rolled back in 10 minutes // DEFAULT ROLL BACK TIMER
[edit]
jadmin@JR-1# commit // ISSUE A SECOND commit TO DISABLE AUTO CONFIG ROLL BACK
commit complete
[edit]
jadmin@JR-1# set system host-name JR1
[edit]
jadmin@JR-1# commit ?
Possible completions:
<[Enter]> Execute this command
and-quit Quit configuration mode if commit succeeds
at Time at which to activate configuration changes
check Check correctness of syntax; do not apply changes
comment Message to write to commit log
confirmed Automatically rollback if not confirmed
| Pipe through a command
[edit]
jadmin@JR-1# commit at ?
Possible completions:
<at> Time at which to activate configuration changes
[edit]
jadmin@JR-1# run show system uptime
Current time: 2020-10-13 05:54:43 UTC
System booted: 2020-10-10 12:23:01 UTC (2d 17:31 ago)
Protocols started: 2020-10-10 14:20:26 UTC (2d 15:34 ago)
Last configured: 2020-10-13 05:51:06 UTC (00:03:37 ago) by jadmin
5:54AM up 2 days, 17:32, 2 users, load averages: 0.00, 0.00, 0.00
[edit]
jadmin@JR-1# commit at 05:55
error: must schedule at least 1 minute in future
error: current time is 2020-10-13 05:55:02 UTC
[edit]
jadmin@JR-1# commit at 05:57 // SCHEDULE A COMMIT AT A SPECIFIC TIME; ENSURE ROUTER NTP IS SYNC'D
configuration check succeeds
commit at will be executed at 2020-10-13 05:57:00 UTC
The configuration has been changed but not committed
Exiting configuration mode
jadmin@JR-1> show system commit // VIEW PENDING COMMIT
0 2020-10-13 05:57:06 UTC by jadmin via cli commit at
1 2020-10-13 05:51:06 UTC by jadmin via cli
2 2020-10-13 05:50:04 UTC by jadmin via cli commit confirmed, rollback in 10mins
3 2020-10-13 05:36:31 UTC by jadmin via cli
4 2020-10-13 05:34:05 UTC by jadmin via cli
5 2020-10-13 05:28:55 UTC by jadmin via cli
jadmin@JR-1> clear system commit // CLEAR PENDING COMMIT
Pending commit cleared
[edit]
jadmin@JR-1# commit comment "Change Device Hostname" // ADD COMMENT TO COMMIT
commit complete
jadmin@JR-1# commit and-quit // COMMIT AND GO BACK TO OPERATIONAL MODE
commit complete
Exiting configuration mode
jadmin@JR-1>
[edit]
jadmin@JR-1# edit system
[edit system]
jadmin@JR-1# set host-name JR1
jadmin@JR-1# show | compare // COMPARES ACTIVE VS CANDIDATE CONFIG; VIEW COMMAND LINES THAT WILL BE CHANGED
[edit system]
- host-name JR-1;
+ host-name JR1;
[edit system]
jadmin@JR-1> show configuration | compare rollback 5 // COMPARES ACTIVE CONFIG VS ROLLBACK <NUMBER> CONFIG; rollback 0 IS ACTIVE CONFIG; JUNOS CAN STORE UP TO 49 ROLLBACK CONFIG FILES
[edit system]
- host-name JR-1;
+ host-name JR1;
jadmin@JR-1> configure
Entering configuration mode
The configuration has been changed but not committed
[edit]
jadmin@JR-1# rollback ?
Possible completions:
<[Enter]> Execute this command
0 2020-10-13 06:12:37 UTC by jadmin via cli
1 2020-10-13 06:04:53 UTC by jadmin via cli
2 2020-10-13 06:04:05 UTC by jadmin via cli
3 2020-10-13 06:00:04 UTC by jadmin via cli
4 2020-10-13 05:59:33 UTC by jadmin via cli
5 2020-10-13 05:57:06 UTC by jadmin via cli commit at
6 2020-10-13 05:51:06 UTC by jadmin via cli
7 2020-10-13 05:50:04 UTC by jadmin via cli commit confirmed, rollback in 10mins
8 2020-10-13 05:36:31 UTC by jadmin via cli
9 2020-10-13 05:34:05 UTC by jadmin via cli
10 2020-10-13 05:28:55 UTC by jadmin via cli
11 2020-10-13 03:19:40 UTC by jadmin via cli
12 2020-10-13 03:19:16 UTC by jadmin2 via cli
13 2020-10-13 03:07:14 UTC by jadmin via cli
14 2020-10-12 00:50:58 UTC by root via cli
15 2020-10-11 14:34:38 UTC by root via cli
16 2020-10-11 12:30:26 UTC by root via cli
17 2020-10-11 02:18:10 UTC by root via cli
18 2020-10-10 23:58:42 UTC by root via cli
19 2020-10-10 21:47:25 UTC by root via cli
20 2020-10-10 21:27:40 UTC by root via cli
21 2020-10-10 21:26:07 UTC by root via cli
22 2020-10-10 13:03:49 UTC by root via cli
23 2020-10-10 13:03:12 UTC by root via cli
24 2020-10-10 12:49:29 UTC by root via cli
25 2020-10-10 12:39:37 UTC by root via cli
26 2012-05-11 11:54:23 UTC by root via other
27 2012-05-09 13:28:27 UTC by root via cli
28 2012-05-09 11:53:15 UTC by root via cli
29 2012-05-09 11:52:47 UTC by root via cli
30 2012-05-09 11:28:28 UTC by root via other
31 2012-05-09 09:54:05 UTC by root via cli
32 2011-04-12 13:11:13 UTC by root via other
33 2011-04-12 12:43:39 UTC by root via other
| Pipe through a command
[edit]
jadmin@JR-1# rollback 3 // LOADS A PREVIOUS ROLLBACK VERSION NUMBER
load complete
[edit]
jadmin@JR-1#
commit // ALWAYS ISSUE A
commit TO APPLY CHANGES
commit complete
[edit]
jadmin@JR1#
jadmin@JR1# save config123 // SAVE CANDIDATE CONFIG INCLUDING UNCOMMITTED CHANGE TO AN ASCII FILE
Wrote 215 lines of configuration to 'config123'
jadmin@JR1# load ?
Possible completions:
factory-default Override existing configuration with factory default
merge Merge contents with existing configuration
override Override existing configuration
patch Load patch file into configuration
replace Replace configuration data
set Execute set of commands on existing configuration
update Update existing configuration
[edit]
jadmin@JR1# load override ?
Possible completions:
<filename> Filename (URL, local, remote, or floppy)
config123 Size: 5295, Last changed: Oct 13 07:06:06
ftp Size: 5295, Last changed: Oct 13 07:09:08
q Size: 1379, Last changed: Oct 13 05:35:53
terminal Use login terminal
[edit]
jadmin@JR1# load override config123 // OVERWRITES CURRENT CONFIG WITH THE LOADED CONFIG; MUST PERFROM AT THE ROOT HIERARCHY
load complete
[edit]
jadmin@JR1# commit // ACTIVATE THE CHANGES
commit complete
jadmin@JR-1# show system | display set // VIEW SET COMMAND LINES
set system host-name JR-1
set system time-zone Asia/Singapore
set system root-authentication encrypted-password "$1$tWCJIMHp$uDNH0qSb6uVUbDFEx5N8x1"
set system login message "Juniper VM Lab"
set system login user jadmin uid 2002
set system login user jadmin class super-user
set system login user jadmin authentication encrypted-password "$1$GV2Yds7K$1UWyPvsNzTW/C4FjYJVaU0"
set system login user jadmin2 uid 2003
set system login user jadmin2 class super-user
set system login user jadmin2 authentication encrypted-password "$1$3ATAJNcI$fKjYSgcC4mwxXOoFl/Uvr0"
set system services ssh root-login allow
set system services telnet
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system archival configuration transfer-on-commit
set system archival configuration archive-sites "ftp://user@192.168.1.100:/archive" password "$9$iHPQF39pOR6987VYZG69Atu1RhSlvWIR"
set system archival configuration archive-sites "scp://user@192.168.2.100:/archive" password "$9$ICxRyKMWxdwgLxqfz6u0LxN-VYaZUqP5Dj"
set system ntp boot-server 10.1.1.10
set system ntp server 10.1.1.10
[edit]
jadmin@JR-1# edit system
[edit system]
jadmin@JR-1# set host-name JR1
[edit system]
jadmin@JR-1# commit ?
Possible completions:
<[Enter]> Execute this command
and-quit Quit configuration mode if commit succeeds
at Time at which to activate configuration changes
check Check correctness of syntax; do not apply changes
comment Message to write to commit log
confirmed Automatically rollback if not confirmed
| Pipe through a command
[edit system]
jadmin@JR-1# commit check // A HANDY COMMAND TO CHECK FOR COMMAND SYNTAX/ERRORS BEFORE A COMMIT
configuration check succeeds
[edit system]
jadmin@JR1> configure
Entering configuration mode
Users currently editing the configuration:
jadmin terminal p0 (pid 1517) on since 2020-10-20 18:02:47 SGT, idle 00:37:52
[edit interfaces ae0]
jadmin terminal p1 (pid 1686) on since 2020-10-20 19:36:30 SGT, idle 00:10:50
[edit system]
[edit]
jadmin@JR1# edit system services
[edit system services]
jadmin@JR1# set web-management ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> control Control of the web management process
> http Unencrypted HTTP connection settings
> https Encrypted HTTPS connections
management-url URL path for web management access
> session Session parameters
[edit system services]
jadmin@JR1# set web-management https // ENABLE HTTP OR HTTPS FOR REMOTE ACCESS USING J-WEB GUI; LOCAL CERTIFICATE (SELF-SIGNED) IS AUTOMATICALLY CREATED
[edit system services]
No comments:
Post a Comment