Friday, December 18, 2020

Navigating the Juniper Networks CLI

The Junos OS routing process architecture is handled by two components:

* Routing Engine (RE)
* Packet Forwarding Engine (PFE)

Routing Engine (RE)

The Routing Engine (RE) controls the routing updates and the system management. The Routing Engine consists of routing protocol software processes running inside a protected memory environment on a general-purpose computer platform. The Routing Engine handles all of the routing protocol processes and other software processes that control the routers’ interfaces, some of the chassis components, system management, and user access to the router. These routers and software processes run on top of a kernel that interacts with the Packet Forwarding Engine.


Packet Forwarding Engine (PFE)

The Packet Forwarding Engine (PFE) uses application-specific integrated circuits (ASICs) to perform Layer 2 and Layer 3 packet switching, route lookups, and packet forwarding. The Packet Forwarding Engine forwards packets between input and output interfaces.


Below are some useful commands when navigating the Junos command line interface (CLI).

jadmin@JR-1> start shell

%    // UNIX SHELL MODE

 

% ps ?

ps: illegal option -- q

usage: ps [-aCcefHhjlmrSTuvwXxZ] [-O fmt | -o fmt] [-G gid[,gid...]]

          [-M core] [-N system]

          [-p pid[,pid...]] [-t tty[,tty...]] [-U user[,user...]]

       ps [-L]

       ps [-Jp]

% ps -aux   // VIEW CPU AND MEMORY USAGE

USER     PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND

root      11 88.9  0.0     0    12  ??  RL    5:30PM  23:03.40 [idle]

root      12  6.2  0.0     0    12  ??  WL    5:30PM   0:32.20 [swi7: clock sio

root    1327  0.0  1.1 11456  5676  ??  S     5:30PM   0:04.32 /usr/sbin/l2ald

root       0  0.0  0.0     0     0  ??  WLs   5:30PM   0:00.00 [swapper]

root       1  0.0  0.1  1400   728  ??  ILs   5:30PM   0:00.05 /packages/mnt/jb

root       2  0.0  0.0     0    12  ??  DL    5:30PM   0:00.93 [g_event]

root       3  0.0  0.0     0    12  ??  DL    5:30PM   0:01.20 [g_up]

root       4  0.0  0.0     0    12  ??  DL    5:30PM   0:01.36 [g_down]

root       5  0.0  0.0     0    12  ??  DL    5:30PM   0:00.00 [thread taskq]

root       6  0.0  0.0     0    12  ??  DL    5:30PM   0:00.00 [kqueue taskq]

root       7  0.0  0.0     0    12  ??  DL    5:30PM   0:00.03 [pagedaemon]

root       8  0.0  0.0     0    12  ??  DL    5:30PM   0:00.00 [vmdaemon]

root       9  0.0  0.0     0    12  ??  DL    5:30PM   0:00.15 [pagezero]

root      10  0.0  0.0     0    12  ??  DL    5:30PM   0:00.00 [ktrace]

root      13  0.0  0.0     0    12  ??  WL    5:30PM   0:00.00 [swi6: vm]

root      14  0.0  0.0     0    12  ??  WL    5:30PM   0:00.04 [swi2: netisr 0]

root      15  0.0  0.0     0    12  ??  DL    5:30PM   0:01.04 [yarrow]

root      16  0.0  0.0     0    12  ??  WL    5:30PM   0:00.00 [swi9: +]

root      17  0.0  0.0     0    12  ??  WL    5:30PM   0:00.00 [swi8: +]

root      18  0.0  0.0     0    12  ??  WL    5:30PM   0:00.00 [swi5: cambio]

root      19  0.0  0.0     0    12  ??  WL    5:30PM   0:00.00 [swi9: task queu

root      20  0.0  0.0     0    12  ??  WL    5:30PM   0:00.07 [irq14: ata0]

root      21  0.0  0.0     0    12  ??  WL    5:30PM   0:00.00 [irq15: ata1]

root      22  0.0  0.0     0    12  ??  WL    5:30PM   0:00.13 [irq9: em0]

root      23  0.0  0.0     0    12  ??  WL    5:30PM   0:00.01 [irq1: atkbd0]

root      24  0.0  0.0     0    12  ??  WL    5:30PM   0:00.00 [irq12: psm0]

root      25  0.0  0.0     0    12  ??  WL    5:30PM   0:00.00 [swi0: sio]

root      26  0.0  0.0     0    12  ??  WL    5:30PM   0:00.00 [swi3: ip6opt ip

root      27  0.0  0.0     0    12  ??  WL    5:30PM   0:00.00 [swi4: ip6mismat

root      28  0.0  0.0     0    12  ??  WL    5:30PM   0:00.00 [swi1: ipfwd]

root      29  0.0  0.0     0    12  ??  DL    5:30PM   0:00.11 [bufdaemon]

root      30  0.0  0.0     0    12  ??  DL    5:30PM   0:00.14 [syncer]

root      31  0.0  0.0     0    12  ??  DL    5:30PM   0:00.12 [vnlru]

root      32  0.0  0.0     0    12  ??  DL    5:30PM   0:00.06 [vnlru_mem]

root      33  0.0  0.0     0    12  ??  DL    5:30PM   0:00.09 [softdepflush]

root      34  0.0  0.0     0    12  ??  DL    5:30PM   0:00.00 [netdaemon]

root      35  0.0  0.0     0    12  ??  DL    5:30PM   0:00.00 [if_pfe_listen]

root      36  0.0  0.0     0    12  ??  IL    5:30PM   0:00.00 [kern_dump_proc]

root      37  0.0  0.0     0    12  ??  DL    5:30PM   0:00.00 [if_pic_listen0]

root      38  0.0  0.0     0    12  ??  DL    5:30PM   0:00.00 [cb_poll]

root      39  0.0  0.0     0    12  ??  DL    5:30PM   0:00.00 [kern_pir_proc]

root      40  0.0  0.0     0    12  ??  DL    5:30PM   0:00.07 [vmuncachedaemon

root      41  0.0  0.0     0    12  ??  DL    5:30PM   0:00.10 [vmkmemdaemon]

root      42  0.0  0.0     0    12  ??  DL    5:30PM   0:00.00 [scs_housekeepin

root      43  0.0  0.0     0    12  ??  IL    5:30PM   0:00.00 [nfsiod 0]

root      44  0.0  0.0     0    12  ??  IL    5:30PM   0:00.00 [nfsiod 1]

root      45  0.0  0.0     0    12  ??  IL    5:30PM   0:00.00 [nfsiod 2]

root      46  0.0  0.0     0    12  ??  IL    5:30PM   0:00.00 [nfsiod 3]

root      47  0.0  0.0     0    12  ??  DL    5:30PM   0:00.12 [schedcpu]

root      48  0.0  0.0     0    12  ??  DL    5:30PM   0:00.46 [md0]

root      78  0.0  0.0     0    12  ??  DL    5:30PM   0:00.02 [md1]

root      98  0.0  0.0     0    12  ??  DL    5:30PM   0:00.00 [md2]

root     114  0.0  0.0     0    12  ??  DL    5:30PM   0:00.10 [md3]

root     134  0.0  0.0     0    12  ??  DL    5:30PM   0:01.75 [md4]

root     154  0.0  0.0     0    12  ??  DL    5:30PM   0:00.33 [md5]

root     174  0.0  0.0     0    12  ??  DL    5:30PM   0:00.00 [md6]

root     190  0.0  0.0     0    12  ??  DL    5:30PM   0:04.97 [md7]

root     230  0.0  0.0     0    12  ??  DL    5:30PM   0:00.01 [md8]

root     242  0.0  0.0     0    12  ??  DL    5:30PM   0:00.01 [md9]

root    1254  0.0  0.0     0    12  ??  DL    5:30PM   0:00.00 [kresrsv]

root    1259  0.0  0.2  1684  1260  ??  Is    5:30PM   0:00.01 /usr/sbin/cron

root    1315  0.0  0.2  1560   780  ??  S     5:30PM   0:00.01 /sbin/watchdog -

root    1316  0.0  0.2  1772  1168  ??  S     5:30PM   0:02.44 /usr/libexec/bsl

root    1317  0.0  0.2  1720  1132  ??  I     5:30PM   0:00.00 /usr/sbin/tnetd

root    1318  0.0  1.0 28376  5028  ??  S     5:30PM   0:00.80 /sbin/dcd -N

root    1319  0.0  1.2 111760  6212  ??  S     5:30PM   0:00.13 /usr/sbin/chassi

root    1320  0.0  0.5  6604  2596  ??  S     5:30PM   0:01.33 /usr/sbin/alarmd

root    1322  0.0  0.4  2328  2244  ??  S     5:30PM   0:00.17 /usr/sbin/xntpd

root    1323  0.0  4.0 27312 20488  ??  I     5:30PM   0:00.09 /usr/sbin/mgd -N

root    1324  0.0  1.6 12188  8300  ??  S     5:30PM   0:00.27 /usr/sbin/snmpd

root    1325  0.0  1.4 16556  7108  ??  S     5:30PM   0:04.11 /usr/sbin/mib2d

root    1326  0.0  2.1 42536 10736  ??  S     5:30PM   0:00.56 /usr/sbin/rpd -N

root    1328  0.0  0.3  3068  1496  ??  I     5:30PM   0:00.00 /usr/sbin/inetd

root    1329  0.0  0.6  6632  3312  ??  S<    5:30PM   0:00.09 /usr/sbin/apsd -

root    1330  0.0  0.2  1836  1144  ??  I     5:30PM   0:00.00 /usr/sbin/tnp.sn

root    1331  0.0  0.9 10256  4644  ??  S     5:30PM   0:00.90 /usr/sbin/pfed -

root    1332  0.0  0.8  7520  3988  ??  S     5:30PM   0:00.09 /usr/sbin/rmopd

root    1333  0.0  1.0 10676  5144  ??  S     5:30PM   0:00.09 /usr/sbin/cosd

root    1334  0.0  0.6  5700  3300  ??  S     5:30PM   0:00.05 /usr/sbin/ppmd -

root    1335  0.0  0.5  4532  2616  ??  I     5:30PM   0:00.00 /usr/sbin/lmpd

root    1336  0.0  0.2  1780  1220  ??  I     5:30PM   0:00.00 /usr/sbin/smartd

root    1337  0.0  1.0 14792  5144  ??  S     5:30PM   0:00.03 /usr/sbin/dfwd -

root    1338  0.0  0.5  4464  2644  ??  S     5:30PM   0:00.96 /usr/sbin/irsd -

root    1339  0.0  0.3  3288  1560  ??  I     5:30PM   0:00.00 /usr/sbin/rtspd

root    1340  0.0  0.5  4404  2576  ??  I     5:30PM   0:00.01 /usr/sbin/fsad -

root    1341  0.0  0.7  7284  3688  ??  S     5:30PM   0:00.11 /usr/sbin/bfdd -

root    1342  0.0  0.6  6620  2852  ??  I     5:30PM   0:00.01 /usr/sbin/rdd -N

root    1343  0.0  0.5  4712  2732  ??  I     5:30PM   0:00.01 /usr/sbin/pppd -

root    1344  0.0  1.5 12900  7508  ??  S     5:30PM   0:00.13 /usr/sbin/dfcd -

root    1345  0.0  0.5  4476  2492  ??  I     5:30PM   0:00.00 /usr/sbin/oamd -

root    1346  0.0  0.5  4624  2712  ??  S     5:30PM   0:00.24 /usr/sbin/lfmd -

root    1347  0.0  0.4  4432  2260  ??  I     5:30PM   0:00.00 /usr/sbin/mplsoa

root    1348  0.0  0.6  5964  3096  ??  I     5:30PM   0:00.00 /usr/sbin/sendd

root    1349  0.0  0.5  6164  2400  ??  S     5:30PM   0:00.05 /usr/sbin/smid -

root    1350  0.0  0.5  4320  2360  ??  I     5:30PM   0:00.00 /usr/sbin/relayd

root    1351  0.0  0.5  7396  2472  ??  I     5:30PM   0:05.27 /usr/sbin/jddosd

root    1352  0.0  0.5 11420  2788  ??  S     5:30PM   0:03.76 /usr/sbin/shm-rt

root    1353  0.0  0.8  7612  3884  ??  S     5:30PM   0:00.75 /usr/sbin/pkid -

root    1354  0.0  0.5  4344  2436  ??  I     5:30PM   0:00.00 /usr/sbin/mspd -

root    1355  0.0  0.7  8100  3460  ??  S     5:30PM   0:00.09 /usr/sbin/smihel

root    1480  0.0  4.1 27376 20812  ??  Is    5:30PM   0:00.00 mgd: (mgd) (jadm

root    1483  0.0  0.3  1956  1388  ??  Ss    5:30PM   0:00.02 telnetd

root    1486  0.0  0.8 27376  3976  ??  Is    5:30PM   0:00.00 mgd: (mgd) (jadm

root    1356  0.0  0.3  1984  1464  v0  Is+   5:30PM   0:00.01 login [pam] (log

jadmin  1479  0.0  2.5 18184 12576  v0  S+    5:30PM   0:00.06 -cli (cli)

root    1073  0.0  0.5  4652  2760  d0- S     5:30PM   0:00.06 /usr/sbin/eventd

root    1357  0.0  0.2  1772  1180  d0  Is+   5:30PM   0:00.00 /usr/libexec/get

root    1484  0.0  0.3  1988  1584  p0  Is    5:30PM   0:00.01 login [pam] (log

jadmin  1485  0.0  2.5 18184 12672  p0  I     5:30PM   0:00.09 -cli (cli)

jadmin  1506  0.0  0.3  2064  1332  p0  I     5:53PM   0:00.00 sh -c /bin/csh

jadmin  1507  0.0  0.5  3852  2652  p0  S     5:53PM   0:00.01 /bin/csh

jadmin  1509  0.0  0.2  1888  1216  p0  R+    5:54PM   0:00.00 ps -aux

% exit    // TYPE exit OR cli TO RETRUN TO OPERATIONAL MODE

exit

 

% cli

jadmin@JR-1>   // OPERATIONAL MODE

 

jadmin@JR1> configure   // TYPE configure OR edit TO ENTER CONFIGURATION/EDIT MODE

Entering configuration mode

The configuration has been changed but not committed

 

[edit]

jadmin@JR1#        // CONFIGURATION MODE

 

jadmin@JR-1> edit

Entering configuration mode

 

[edit]

jadmin@JR-1#

 

 

 

jadmin@JR1> ?   // TYPE ? FOR CLI CONTEXT-SENSITIVE HELP

Possible completions:

  clear                Clear information in the system

  configure            Manipulate software configuration information

  file                 Perform file operations

  help                 Provide help information

  monitor              Show real-time debugging information

  mtrace               Trace multicast path from source to receiver

  op                   Invoke an operation script

  ping                 Ping remote target

  quit                 Exit the management session

  request              Make system-level requests

  restart              Restart software process

  set                  Set CLI properties, date/time, craft interface message

  show                 Show system information

  ssh                  Start secure shell on another host

  start                Start shell

  telnet               Telnet to another host

  test                 Perform diagnostic debugging

  traceroute           Trace route to remote host

 

 

jadmin@JR1> help topic interfaces address   // USE help topic FOR COMMAND USAGE GUIDE

                       Configuring the Interface Address

 

   You assign an address to an interface by specifying the address when

   configuring the protocol family. For the inet or inet6 family, configure

   the interface IP address. For the iso family, configure one or more

   addresses for the loopback interface. For the ccc, ethernet-switching,

   tcc, mpls, tnp, and vpls families, you never configure an address.

 

   +------------------------------------------------------------------------+

   |       | The point-to-point (PPP) address is taken from the loopback    |

   | Note: | interface address that has the primary attribute. When the     |

   |       | loopback interface is configured as an unnumbered interface,   |

   |       | it takes the primary address from the donor interface.         |

   +------------------------------------------------------------------------+

 

   To assign an address to an interface, include the address statement:

     address address {

         broadcast address;

         destination address;

         destination-profile name;

         eui-64;

         preferred;

         primary;

     }

   You can include these statements at the following hierarchy levels:

     * [edit interfaces interface-name unit logical-unit-number family

       family]

     * [edit logical-systems logical-system-name interfaces interface-name

       unit logical-unit-number family family]

   In the address statement, specify the network address of the interface.

   For each address, you can optionally configure one or more of the

   following:

     * Broadcast address for the interface subnet-Specify this in the

       broadcast statement; this applies only to Ethernet interfaces, such as

       the management interface fxp0, em0, or me0 the Fast Ethernet

       interface, and the Gigabit Ethernet interface.

     * Address of the remote side of the connection (for point-to-point

       interfaces only)-Specify this in the destination statement.

     * PPP properties to the remote end-Specify this in the

       destination-profile statement. You define the profile at the [edit

       access group-profile name ppp] hierarchy level (for point-to-point

       interfaces only).

     * Whether the router or switch automatically generates the host number

       portion of interface addresses-The eui-64 statement applies only to

       interfaces that carry IPv6 traffic, in which the prefix length of the

       address is 64 bits or less, and the low-order 64 bits of the address

       are zero. This option does not apply to the loopback interface (lo0)

       because IPv6 addresses configured on the loopback interface must have

       a 128-bit prefix length.

 

       +-------------------------------------------------------------+

       | Note: | IPv6 is not currently supported for the QFX Series. |

       +-------------------------------------------------------------+

 

     * Whether this address is the preferred address-Each subnet on an

       interface has a preferred local address. If you configure more than

       one address on the same subnet, the preferred local address is chosen

       by default as the source address when you originate packets to

       destinations on the subnet.

 

       By default, the preferred address is the lowest-numbered address on

       the subnet. To override the default and explicitly configure the

       preferred address, include the preferred statement when configuring

       the address.

 

     * Whether this address is the primary address-Each interface has a

       primary local address. If an interface has more than one address, the

       primary local address is used by default as the source address when

       you send packets from an interface where the destination provides no

       information about the subnet (for example, some ping commands).

   By default, the primary address on an interface is the lowest-numbered

   non-127 (in other words, non-loopback) preferred address on the interface.

   To override the default and explicitly configure the preferred address,

   include the primary statement when configuring the address.

     * Configuring Interface IPv4 Addresses

     * Configuring Interface IPv6 Addresses

 

  Related-Topics

 

        * Configuring IPCP Options

        * Configuring Default, Primary, and Preferred Addresses and

          Interfaces

 

 

jadmin@JR1> help reference interfaces address   // USE help reference FOR COMMAND SYNTAX INFO

address

 

  Syntax

 

     address address {

         arp ip-address (mac | multicast-mac) mac-address <publish>;

         broadcast address;

         destination address;

         destination-profile name;

         eui-64;

         master-only;

         multipoint-destination address dlci dlci-identifier;

         multipoint-destination address {

             epd-threshold cells;

             inverse-arp;

             oam-liveness {

                 up-count cells;

                 down-count cells;

             }

             oam-period (disable | seconds);

             shaping {

                 (cbr rate | rtvbr peak rate sustained rate burst length |

     vbr peak rate sustained rate burst length);

                 queue-length number;

             }

             vci vpi-identifier.vci-identifier;

         }

         primary;

         preferred;

         (vrrp-group | vrrp-inet6-group) group-number {

             (accept-data | no-accept-data);

             advertise-interval seconds;

             authentication-type authentication;

             authentication-key key;

             fast-interval milliseconds;

             (preempt | no-preempt) {

                 hold-time seconds;

             }

             priority-number number;

             track {

                 priority-cost seconds;

                 priority-hold-time interface-name {

                     interface priority;

                     bandwidth-threshold bits-per-second {

                         priority;

                     }

                 }

                 route ip-address/mask routing-instance instance-name

     priority-cost cost;

             }

             virtual-address [ addresses ];

         }

     }

 

  Hierarchy Level

 

     [edit interfaces interface-name unit logical-unit-number family family],

     [edit logical-systems logical-system-name interfaces interface-name unit

     logical-unit-number family family]

 

  Release Information

 

     Statement introduced before Junos OS Release 7.4.

     Statement introduced in Junos OS Release 9.0 for EX Series switches.

     Statement introduced in Junos OS Release 11.1 for QFX Series switches.

 

  Description

 

     Configure the interface address.

 

     +----------------------------------------------------------------------+

     | Note: | The vrrp High Availability functionality is not available    |

     |       | for the QFX Series switches                                  |

     +----------------------------------------------------------------------+

 

  Options

 

     address-Address of the interface.

 

     The remaining statements are explained separately.

 

     +----------------------------------------------------------------------+

     | Note: | The edit logical-systems hierarchy is not available on       |

     |       | QFabric switches.                                            |

     +----------------------------------------------------------------------+

 

  Required Privilege Level

 

     interface-To view this statement in the configuration.

     interface-control-To add this statement to the configuration.

 

  Related-Topics

 

        * Configuring the Protocol Family

        * negotiate-address

        * unnumbered-address (Ethernet)

        * Junos OS System Basics Configuration Guide

 

 

jadmin@JR1> help apropos interfaces    // USE help apropos TO DISPLAY CONTEXT RELEVANT TO THE CONFIG HIERARCH

monitor interface traffic

    Show traffic data for busiest interfaces

clear auto-configuration interfaces

    Clear interfaces

clear dhcp relay binding <interfaces-wildcard>

    Interfaces to clear bindings on (can be '*' wildcard)

clear dhcp relay binding <interfaces-vlan>

    Interface VLAN-ID/SVLAN-ID on which to clear bindings

clear dhcp server binding <interfaces-wildcard>

    Interfaces to clear bindings on (can be '*' wildcard)

clear dhcp server binding <interfaces-vlan>

    Interface VLAN-ID/SVLAN-ID on which to clear bindings

clear dhcpv6 relay binding <interfaces-wildcard>

    Interfaces to clear bindings on (can be '*' wildcard)

clear dhcpv6 relay binding <interfaces-vlan>

    Interface VLAN-ID/SVLAN-ID on which to clear bindings

clear dhcpv6 server binding <interfaces-wildcard>

    Interfaces to clear bindings on (can be '*' wildcard)

clear dhcpv6 server binding <interfaces-vlan>

    Interface VLAN-ID/SVLAN-ID on which to clear bindings

clear lacp statistics interfaces

    Clear LACP interface statistics

clear interfaces

    Clear interface information

clear interfaces statistics all

    Clear statistics for all interfaces

clear interfaces interface-set statistics all

    Clear statistics for all interfaces

clear interfaces mac-database statistics all

    Clear mac level statistics for all interfaces

clear pppoe lockout

    Clear lockout timers on all interfaces

clear pppoe lockout underlying-interfaces <underlying-interfaces>

    Name of PPPoE underlying logical interface

clear pppoe sessions

    Clear sessions on all interfaces

clear pppoe statistics

    Clear sum of statistics of all interfaces

clear pppoe statistics interfaces

    Clear interface information

show interfaces

    Show interface information

show mpls interface

    Show MPLS interfaces

  

 

jadmin@JR1# edit system login

 

[edit system login]

jadmin@JR1# set user ?

Possible completions:

  <user-name>          User name (login)

  jadmin               User name (login)

[edit system login]

jadmin@JR1# set user jadmin2 ?

Possible completions:

+ apply-groups         Groups from which to inherit configuration data

+ apply-groups-except  Don't inherit configuration data from these groups

> authentication       Authentication method

  class                Login class

  full-name            Full name

  uid                  User identifier (uid) (100..64000)

[edit system login]

jadmin@JR1# set user jadmin2 class ?

Possible completions:

  <class>              Login class

  juniper

  operator             permissions [ clear network reset trace view ]

  read-only            permissions [ view ]

  read-only-local

  super-user           permissions [ all ]

  unauthorized         permissions [ none ]

[edit system login]

jadmin@JR1# set user jadmin2 class super-user ?

Possible completions:

  <[Enter]>            Execute this command

+ apply-groups         Groups from which to inherit configuration data

+ apply-groups-except  Don't inherit configuration data from these groups

> authentication       Authentication method

  full-name            Full name

  uid                  User identifier (uid) (100..64000)

  |                    Pipe through a command

[edit system login]

jadmin@JR1# set user jadmin2 class super-user

 

jadmin@JR1# show

message "Juniper VM Lab";

class juniper {

    permissions [ reset view view-configuration ];

}

class read-only-local {

    permissions clear;

}

user jadmin {

    uid 2000;

    class super-user;

    authentication {

        encrypted-password "$1$fpL79wTL$N5K0n6DSzJIGNn0lJ0NDW/"; ## SECRET-DATA

    }

}

user jadmin2 {

    uid 2001;

    class super-user;

}

 

jadmin@JR1# edit user ?

Possible completions:

  <user-name>          User name (login)

  jadmin               User name (login)

  jadmin2              User name (login)

[edit system login]

jadmin@JR1# edit user jadmin2 ?

Possible completions:

  <[Enter]>            Execute this command

> authentication       Authentication method

  |                    Pipe through a command

[edit system login]

 

jadmin@JR1# set ?

Possible completions:

+ apply-groups         Groups from which to inherit configuration data

+ apply-groups-except  Don't inherit configuration data from these groups

  encrypted-password   Encrypted password string

  load-key-file        File (URL) containing one or more ssh keys

  plain-text-password  Prompt for plain text password (autoencrypted)

> ssh-dsa              Secure shell (ssh) DSA public key string

> ssh-rsa              Secure shell (ssh) RSA public key string

[edit system login user jadmin2 authentication]

jadmin@JR1# set plain-text-password

New password:

Retype new password:

 

[edit system login user jadmin2 authentication]

 

 

jadmin@JR1> configure   // ENTER CONFIGURATION MODE; IT WILL ALSO INDICATE IF ANOTHER USER IS LOGGED IN AND WHAT PORTION IN THE CONFIG HIERARCHY

Entering configuration mode

Users currently editing the configuration:

  jadmin2 terminal p2 (pid 8444) on since 2020-10-13 03:09:03 UTC

      [edit system login]

 

[edit]

 

 

jadmin@JR1> configure ?

Possible completions:

  <[Enter]>            Execute this command

  batch                Work in batch mode (commit happens in batch)

  dynamic              Work in dynamic database

  exclusive            Obtain exclusive lock (other users cannot make changes)

  private              Work in private database (other's changes do not show)

  |                    Pipe through a command

jadmin@JR1> configure exclusive   // ALLOW ONLY A SINGLE USER TO EDIT CONFIGURATION

warning: uncommitted changes will be discarded on exit

Entering configuration mode

Users currently editing the configuration:

  jadmin2 terminal p2 (pid 8444) on since 2020-10-13 03:09:03 UTC, idle 00:02:04

      [edit system login]

 

[edit]

 

 

jadmin@JR1# set services telnet connection-limit 3

 

jadmin@JR1# show

host-name JR1;

authentication-order radius;

location {

    building SG_DC;

    floor 6;

 

<SNIP>

 

services {    // HIERARCHICAL CONFIGURATION FILE

    ssh {

        root-login allow;

    }

    telnet {   

        connection-limit 3;

 

 

jadmin@JR1# edit system login   // MOVE DOWN THE CONFIGURATION HIERARCHY

 

 

[edit system]

jadmin@JR1# up   // MOVE UP ONE LEVEL IN THE HIERARCHICAL POSITION

 

 

[edit]

jadmin@JR-1# edit protocols

 

[edit protocols]

jadmin@JR-1# edit ospf

 

[edit protocols ospf]

jadmin@JR-1# up ?

Possible completions:

  <[Enter]>            Execute this command

  <number>             Numeric argument

  |                    Pipe through a command

[edit protocols ospf]

jadmin@JR-1# up 2    // MOVE UP TO THE SPECIFIED NUMBER OF HIERARCHY LEVELS

 

[edit]

 

 

 

[edit interfaces interface-set em0]

jadmin@JR1# top  // QUICKLY MOVE TO THE TOP MOST OF THE CONFIGURATION HIERARCHY

 

[edit]

 

 

[edit interfaces interface-set em0]

jadmin@JR1# top edit system   // YOU CAN COMOBINE top WITH edit and show COMMANDS

 

[edit system]

 

 

[edit interfaces interface-set em0]

jadmin@JR1# top show system services

ssh {

    root-login allow;

}

telnet {

    connection-limit 3;

}

 

 

[edit system login]

jadmin@JR1# exit   // MOVE TO THE PREVIOUS HIGHER LEVEL IN THE CONFIGURATION HIERARCHY

 

[edit]

 

 

jadmin@JR1# exit configuration-mode   // EXIT AND RETURN TO OPERATIONAL MODE

The configuration has been changed but not committed

Exiting configuration mode

 

jadmin@JR1>

 

 

jadmin@JR1# edit system services

 

[edit system services]

jadmin@JR1# show

ssh {

    root-login allow;

}

telnet {

    connection-limit 3;

}

 

[edit system services]

jadmin@JR1# set ftp    // ADD COMMAND

 

[edit system services]

jadmin@JR1# show

ftp;

ssh {

    root-login allow;

}

telnet {

    connection-limit 3;

}

 

[edit system services]

jadmin@JR1# delete ftp   // REMOVE COMMAND

 

[edit system services]

jadmin@JR1# show

ssh {

    root-login allow;

}

telnet {

    connection-limit 3;

}

 

[edit system services]

 

 

jadmin@JR1# edit interfaces

 

[edit interfaces]

jadmin@JR1# set em0 disable   // DISABLE OR SHUTDOWN INTERFACE

 

[edit interfaces]

jadmin@JR1# delete em0 disable   // ENABLE OR UNSHUT INTERFACE

 

 

jadmin@JR1> show interfaces terse   // DISPLAY INTERFACE STATUS AND IP ADDRESS; SIMILAR TO CISCO show ip interface brief

Interface               Admin Link Proto    Local                 Remote

cbp0                    up    up

demux0                  up    up

dsc                     up    up

em0                     up    up

em0.0                   up    up   inet     10.1.1.1/24

gre                     up    up

ipip                    up    up

irb                     up    up

lo0                     up    up

lo0.0                   up    up   inet     192.168.1.1         --> 0/0

                                            192.168.100.1/30

lo0.16384               up    up   inet     127.0.0.1           --> 0/0

lo0.16385               up    up   inet     128.0.0.4           --> 0/0

                                   inet6    fe80::a00:270f:fca6:33e8

lsi                     up    up

mtun                    up    up

pimd                    up    up

pime                    up    up

pip0                    up    up

pp0                     up    up

tap                     up    up

 

jadmin@JR1> configure

Entering configuration mode

Users currently editing the configuration:

  jadmin terminal p1 (pid 7967) on since 2020-10-13 03:41:32 UTC, idle 01:43:03

      [edit interfaces]

The configuration has been changed but not committed

 

jadmin@JR1# edit interfaces

 

jadmin@JR1# deactivate lo0 unit 0   // IGNORE CONFIGURATION STATEMENT

 

[edit interfaces]

jadmin@JR1# commit

commit complete

 

[edit interfaces]

jadmin@JR1# run show interfaces terse   // ISSUE A run <SHOW COMMAND> TO EXECUTE OPERATIONAL MODE COMMAND WITHOUT EXITING THE CURRENT CONFIG HIERARCHY; SIMILAR TO CISCO do COMMAND

Interface               Admin Link Proto    Local                 Remote

cbp0                    up    up

demux0                  up    up

dsc                     up    up

em0                     up    up

em0.0                   up    up   inet     10.1.1.1/24

gre                     up    up

ipip                    up    up

irb                     up    up

lo0                     up    up

lo0.16384               up    up   inet     127.0.0.1           --> 0/0

lo0.16385               up    up   inet     128.0.0.4           --> 0/0

                                   inet6    fe80::a00:270f:fca6:33e8

lsi                     up    up

mtun                    up    up

pimd                    up    up

pime                    up    up

pip0                    up    up

pp0                     up    up

tap                     up    up

 

[edit interfaces]

 

 

jadmin@JR1# activate lo0 unit 0

 

[edit interfaces]

jadmin@JR1# commit

commit complete

 

[edit interfaces]

jadmin@JR1# run show interfaces terse

Interface               Admin Link Proto    Local                 Remote

cbp0                    up    up

demux0                  up    up

dsc                     up    up

em0                     up    up

em0.0                   up    up   inet     10.1.1.1/24

gre                     up    up

ipip                    up    up

irb                     up    up

lo0                     up    up

lo0.0                   up    up   inet     192.168.1.1         --> 0/0

                                            192.168.100.1/30

lo0.16384               up    up   inet     127.0.0.1           --> 0/0

lo0.16385               up    up   inet     128.0.0.4           --> 0/0

                                   inet6    fe80::a00:270f:fca6:33e8

lsi                     up    up

mtun                    up    up

pimd                    up    up

pime                    up    up

pip0                    up    up

pp0                     up    up

tap                     up    up

 

[edit interfaces]

 

 

jadmin@JR1# edit system

 

[edit system]

jadmin@JR1# annotate name-server "Google Public DNS"   // ADD A COMMENT

 

[edit system]

jadmin@JR1# show

host-name JR1;

authentication-order radius;

location {

    building SG_DC;

    floor 6;

}

root-authentication {

    encrypted-password "$1$QV3m4eVt$WwDUS8SlWGXmL4XKEY4.F1"; ## SECRET-DATA

}

/* Google Public DNS */

name-server {

    8.8.8.8;

 

<OUTPUT TRUNCATED>

 

 

[edit]

jadmin@JR1# show system services   // DISPLAY THE  PORTION OF THE OUTPUT THAT YOU'RE CONCERN FROM THE ROOT HIERARCHY

ssh {

    root-login allow;

}

telnet {

    connection-limit 3;

}

 

 

jadmin@JR1# edit system services   // EDIT AT A SPECIFIC CONFIG HIERARCHY

 

[edit system services]

jadmin@JR1# show   // DISPLAY OUTPUT AT THE CURRENT CONFIG HIERARCHY

ssh {

    root-login allow;

}

telnet {

    connection-limit 3;

}

 

 

 

[edit]

jadmin@JR1# show system services | display set   // DISPLAY ONLY set COMMANDS; SIMILAR TO CISCO show <COMMAND> | include <REGEX>

set system services ssh root-login allow

set system services telnet connection-limit 3

 

 

jadmin@JR1# set system host-name JR-1

 

[edit]

jadmin@JR1# commit ?

Possible completions:

  <[Enter]>            Execute this command

  and-quit             Quit configuration mode if commit succeeds

  at                   Time at which to activate configuration changes

  check                Check correctness of syntax; do not apply changes

  comment              Message to write to commit log

  confirmed            Automatically rollback if not confirmed

  |                    Pipe through a command

[edit]

jadmin@JR1# commit confirmed   // USE IF CONFIGURING REMOTELY

commit confirmed will be automatically rolled back in 10 minutes unless confirmed

commit complete

 

# commit confirmed will be rolled back in 10 minutes   // DEFAULT ROLL BACK TIMER

[edit]

 

jadmin@JR-1# commit   // ISSUE A SECOND commit TO DISABLE AUTO CONFIG ROLL BACK

commit complete

 

  

[edit]

jadmin@JR-1# set system host-name JR1

 

[edit]

jadmin@JR-1# commit ?

Possible completions:

  <[Enter]>            Execute this command

  and-quit             Quit configuration mode if commit succeeds

  at                   Time at which to activate configuration changes

  check                Check correctness of syntax; do not apply changes

  comment              Message to write to commit log

  confirmed            Automatically rollback if not confirmed

  |                    Pipe through a command

[edit]

jadmin@JR-1# commit at ?

Possible completions:

  <at>                 Time at which to activate configuration changes

[edit]

 

jadmin@JR-1# run show system uptime

Current time: 2020-10-13 05:54:43 UTC

System booted: 2020-10-10 12:23:01 UTC (2d 17:31 ago)

Protocols started: 2020-10-10 14:20:26 UTC (2d 15:34 ago)

Last configured: 2020-10-13 05:51:06 UTC (00:03:37 ago) by jadmin

 5:54AM  up 2 days, 17:32, 2 users, load averages: 0.00, 0.00, 0.00

 

[edit]

jadmin@JR-1# commit at 05:55

error: must schedule at least 1 minute in future

error: current time is 2020-10-13 05:55:02 UTC

 

 

[edit]

jadmin@JR-1# commit at 05:57   // SCHEDULE A COMMIT AT A SPECIFIC TIME; ENSURE ROUTER NTP IS SYNC'D

configuration check succeeds

commit at will be executed at 2020-10-13 05:57:00 UTC

The configuration has been changed but not committed

Exiting configuration mode

 

 

jadmin@JR-1> show system commit   // VIEW PENDING COMMIT

0   2020-10-13 05:57:06 UTC by jadmin via cli commit at

1   2020-10-13 05:51:06 UTC by jadmin via cli

2   2020-10-13 05:50:04 UTC by jadmin via cli commit confirmed, rollback in 10mins

3   2020-10-13 05:36:31 UTC by jadmin via cli

4   2020-10-13 05:34:05 UTC by jadmin via cli

5   2020-10-13 05:28:55 UTC by jadmin via cli

 

 

jadmin@JR-1> clear system commit   // CLEAR PENDING COMMIT

Pending commit cleared

 

 

[edit]

jadmin@JR-1# commit comment "Change Device Hostname"   // ADD COMMENT TO COMMIT

commit complete

 

 

jadmin@JR-1# commit and-quit   // COMMIT AND GO BACK TO OPERATIONAL MODE

commit complete

Exiting configuration mode

 

jadmin@JR-1>

 

 

[edit]

jadmin@JR-1# edit system

 

[edit system]

jadmin@JR-1# set host-name JR1

jadmin@JR-1# show | compare     // COMPARES ACTIVE VS CANDIDATE CONFIG; VIEW COMMAND LINES THAT WILL BE CHANGED

[edit system]

- host-name JR-1;

+ host-name JR1;

 

[edit system]

 

 

jadmin@JR-1> show configuration | compare rollback 5   // COMPARES ACTIVE CONFIG VS ROLLBACK <NUMBER> CONFIG; rollback 0 IS ACTIVE CONFIG; JUNOS CAN STORE UP TO 49 ROLLBACK CONFIG FILES

[edit system]

-  host-name JR-1;

+  host-name JR1;

 

 

jadmin@JR-1> configure

Entering configuration mode

The configuration has been changed but not committed

 

[edit]

jadmin@JR-1# rollback ?

Possible completions:

  <[Enter]>            Execute this command

  0                    2020-10-13 06:12:37 UTC by jadmin via cli

  1                    2020-10-13 06:04:53 UTC by jadmin via cli

  2                    2020-10-13 06:04:05 UTC by jadmin via cli

  3                    2020-10-13 06:00:04 UTC by jadmin via cli

  4                    2020-10-13 05:59:33 UTC by jadmin via cli

  5                    2020-10-13 05:57:06 UTC by jadmin via cli commit at

  6                    2020-10-13 05:51:06 UTC by jadmin via cli

  7                    2020-10-13 05:50:04 UTC by jadmin via cli commit confirmed, rollback in 10mins

  8                    2020-10-13 05:36:31 UTC by jadmin via cli

  9                    2020-10-13 05:34:05 UTC by jadmin via cli

  10                   2020-10-13 05:28:55 UTC by jadmin via cli

  11                   2020-10-13 03:19:40 UTC by jadmin via cli

  12                   2020-10-13 03:19:16 UTC by jadmin2 via cli

  13                   2020-10-13 03:07:14 UTC by jadmin via cli

  14                   2020-10-12 00:50:58 UTC by root via cli

  15                   2020-10-11 14:34:38 UTC by root via cli

  16                   2020-10-11 12:30:26 UTC by root via cli

  17                   2020-10-11 02:18:10 UTC by root via cli

  18                   2020-10-10 23:58:42 UTC by root via cli

  19                   2020-10-10 21:47:25 UTC by root via cli

  20                   2020-10-10 21:27:40 UTC by root via cli

  21                   2020-10-10 21:26:07 UTC by root via cli

  22                   2020-10-10 13:03:49 UTC by root via cli

  23                   2020-10-10 13:03:12 UTC by root via cli

  24                   2020-10-10 12:49:29 UTC by root via cli

  25                   2020-10-10 12:39:37 UTC by root via cli

  26                   2012-05-11 11:54:23 UTC by root via other

  27                   2012-05-09 13:28:27 UTC by root via cli

  28                   2012-05-09 11:53:15 UTC by root via cli

  29                   2012-05-09 11:52:47 UTC by root via cli

  30                   2012-05-09 11:28:28 UTC by root via other

  31                   2012-05-09 09:54:05 UTC by root via cli

  32                   2011-04-12 13:11:13 UTC by root via other

  33                   2011-04-12 12:43:39 UTC by root via other

  |                    Pipe through a command

[edit]

jadmin@JR-1# rollback 3   // LOADS A PREVIOUS ROLLBACK VERSION NUMBER

load complete

 

[edit]

jadmin@JR-1# commit   // ALWAYS ISSUE A commit TO APPLY CHANGES

commit complete

 

[edit]

jadmin@JR1#

 

 

jadmin@JR1# save config123   // SAVE CANDIDATE CONFIG INCLUDING UNCOMMITTED CHANGE TO AN ASCII FILE

Wrote 215 lines of configuration to 'config123'

 

 

jadmin@JR1# load ?

Possible completions:

  factory-default      Override existing configuration with factory default

  merge                Merge contents with existing configuration

  override             Override existing configuration

  patch                Load patch file into configuration

  replace              Replace configuration data

  set                  Execute set of commands on existing configuration

  update               Update existing configuration

[edit]

jadmin@JR1# load override ?

Possible completions:

  <filename>           Filename (URL, local, remote, or floppy)

  config123            Size: 5295, Last changed: Oct 13 07:06:06

  ftp                  Size: 5295, Last changed: Oct 13 07:09:08

  q                    Size: 1379, Last changed: Oct 13 05:35:53

  terminal             Use login terminal

[edit]

jadmin@JR1# load override config123   // OVERWRITES CURRENT CONFIG WITH THE LOADED CONFIG; MUST PERFROM AT THE ROOT HIERARCHY

load complete

 

[edit]

jadmin@JR1# commit   // ACTIVATE THE CHANGES

commit complete

 

 

jadmin@JR-1# show system | display set   // VIEW SET COMMAND LINES

set system host-name JR-1

set system time-zone Asia/Singapore

set system root-authentication encrypted-password "$1$tWCJIMHp$uDNH0qSb6uVUbDFEx5N8x1"

set system login message "Juniper VM Lab"

set system login user jadmin uid 2002

set system login user jadmin class super-user

set system login user jadmin authentication encrypted-password "$1$GV2Yds7K$1UWyPvsNzTW/C4FjYJVaU0"

set system login user jadmin2 uid 2003

set system login user jadmin2 class super-user

set system login user jadmin2 authentication encrypted-password "$1$3ATAJNcI$fKjYSgcC4mwxXOoFl/Uvr0"

set system services ssh root-login allow

set system services telnet

set system syslog user * any emergency

set system syslog file messages any notice

set system syslog file messages authorization info

set system syslog file interactive-commands interactive-commands any

set system archival configuration transfer-on-commit

set system archival configuration archive-sites "ftp://user@192.168.1.100:/archive" password "$9$iHPQF39pOR6987VYZG69Atu1RhSlvWIR"

set system archival configuration archive-sites "scp://user@192.168.2.100:/archive" password "$9$ICxRyKMWxdwgLxqfz6u0LxN-VYaZUqP5Dj"

set system ntp boot-server 10.1.1.10

set system ntp server 10.1.1.10

 

[edit]

 

 

jadmin@JR-1# edit system

 

[edit system]

jadmin@JR-1# set host-name JR1

 

[edit system]

jadmin@JR-1# commit ?

Possible completions:

  <[Enter]>            Execute this command

  and-quit             Quit configuration mode if commit succeeds

  at                   Time at which to activate configuration changes

  check                Check correctness of syntax; do not apply changes

  comment              Message to write to commit log

  confirmed            Automatically rollback if not confirmed

  |                    Pipe through a command

[edit system]

jadmin@JR-1# commit check   // A HANDY COMMAND TO CHECK FOR COMMAND SYNTAX/ERRORS BEFORE A COMMIT

configuration check succeeds

 

[edit system]

 

 

jadmin@JR1> configure

Entering configuration mode

Users currently editing the configuration:

  jadmin terminal p0 (pid 1517) on since 2020-10-20 18:02:47 SGT, idle 00:37:52

      [edit interfaces ae0]

  jadmin terminal p1 (pid 1686) on since 2020-10-20 19:36:30 SGT, idle 00:10:50

      [edit system]

 

[edit]

jadmin@JR1# edit system services

 

[edit system services]

jadmin@JR1# set web-management ?

Possible completions:

+ apply-groups         Groups from which to inherit configuration data

+ apply-groups-except  Don't inherit configuration data from these groups

> control              Control of the web management process

> http                 Unencrypted HTTP connection settings

> https                Encrypted HTTPS connections

  management-url       URL path for web management access

> session              Session parameters

[edit system services]

jadmin@JR1# set web-management https    // ENABLE HTTP OR HTTPS FOR REMOTE ACCESS USING J-WEB GUI; LOCAL CERTIFICATE (SELF-SIGNED) IS AUTOMATICALLY CREATED

 

[edit system services]


No comments:

Post a Comment