Junos CLI Demo v4.5

JUNOS CLI Demo
John Jacobs
[email protected]
http://www.juniper.net
Agenda
CLI intro
T640 architecture
(Live on T640 lab routers or external)
Firewall Filters (ACLs; basics and configuration)
(presentation)
Routing configuration (OSPF, BGP, RSVP, LDP)
(presentation with Q&A)

Includes IOS to JUNOS
Policy (basics and configuration)
Juniper Networks, Inc. Copyright
JUNOS CLI Demo
This Demo is meant to establish a basic

understanding of the JUNOS operating
system Command Line Interface (CLI)
Similarities exist between JUNOS and IOS
Modular structure takes JUNOS to the next
level for ease of configuration
Additional features implemented for
configuration verification
Juniper Conventions
JUNOS always uses CIDR notation
255.0.0.0 = /8
255.255.0.0 = /16
255.255.255.0 = /24
255.255.255.128 = /25
255.255.255.252 = /30
255.255.255.255 = /32
Juniper Interfaces
Each router has three permanent interfaces:

fxp0
out-of-band management interface
fxp1
fxp0
Internal Ethernet interface.

Connects the route engine to the PFE
Do not configure on a real router
fxp0
fxp2
RE0
fxp1
RE1
fxp2 fxp2
Internal Ethernet interface.

Connects the route engine to the PFE
Do not configure on a real router
CB0
Switch
CB1
Switch
fxp1
Juniper Interfaces
Loopback Interface
lo0
Loopback zero
On the router, you can configure one physical

loopback interface, lo0, and one or more
addresses on the interface.
Interface Names
Physical
interfaces
have standard names
Type
FPC
slot
PIC slot
Port number
so-5/2/3
An interface must NOT be present in the router to be configured!
Juniper Interface Naming
type-fpc/pic/port.logical
Type - The interface name, which defines the

media type
FPC - The slot in which the FPC is located
PIC - The location on the FPC in which the PIC is
installed
The PIC port
The interfaces channel and logical unit numbers
0-16384 (optional)
so-0/0/1.0
POS interface on FPC 0, PIC 0, port 1

Unit 0
Logical Interface Settings
Each physical interface has one or more

logical interfaces
Like a Cisco sub-interface
Logical interface separates configuration

information for each ATM virtual circuit,
Frame Relay DLCI, or VLAN
Some physical interface encapsulations
allow only one possible logical interface
PPP
HDLC
Logical interface
descriptors
Logical interfaces are used to set up

Frame Relay DLCIs, ATM virtual circuits,
or VLANs
so-5/2/3.43
Logical interface number (unit) is

separate in meaning from the actual
DLCI, ATM VC, or VLAN and can be any
arbitrary value
Suggested convention is to keep them
the same whenever possible
10
Juniper Interface Naming
ae - Aggregated Ethernet interface.

as - Aggregated SONET/SDH interface.
at - ATM interface.
ds - DS-0 interface (configured on either Channelized DS-3 to DS-0 PIC or
Channelized E1 PIC).
e1 - E1 interface (including Channelized STM-1 to E1 interfaces).
e3 - E3 interface.
es - Encryption interface.
fe - Fast Ethernet interface.
fxp - Management and internal Ethernet interfaces.
ge - Gigabit Ethernet interface.
gr - Generic Route Encapsulation tunnel interface.
ip - IP-over-IP encapsulation tunnel interface.
lo - Loopback interface.
ml - Multilink interface.
so - SONET/SDH interface.
t1 - T1 interface (including Channelized DS-3 and Channelized OC-3 to T1
interfaces).
t3 - T3 interface (including Channelized OC-12 interfaces).
11
We always number from zero
Juniper routers always start numbering at zero.
so-0/0/0
so-7/0/0
First FPC
First PIC
First port
Eight FPC
First PIC
First port
so-31/0/0
FPC #32 (we see this in the TX only)

First PIC
First port
12
Ways to access the router
Console/Aux Port
telnet
ssh1/ssh2
For security reasons, no remote access to the router is

enabled by default. You must configure the router
explicitly so that users on remote systems can access
it.
Authentication using TACACS+ or RADIUS
Separate login, authentication, and permissions

for each user can also be administered locally
13
Operational Mode
CLI - Like Cisco enable mode
The CLI is indicated by the presence of the

">" prompt
It is preceded by a string that defaults to
the name of the user and the name of the
router.
For example: user@host>
14
Command line completion
Use Space or tab
show version
show ver [press space or tab]
<TAB> will auto-complete user-defined

policies, firewall filters, etc.
15
Get Help
Type ? anywhere on command line

Help depends on where you are
Beginning of line
Shows
End of command
Shows
help for top level of hierarchy

help for next level in hierarchy
Middle of command
Shows
list of matching commands at current level in

hierarchy
The
question mark is your friend!
16
Get Help with ?
>
>
>
#
?
show ?
show system ?
set protocols ?
17
Juniper documentation set

(less pictures) is online
help topic ?
help reference ?
Configuration Guide
Command reference
help syslog <tag>
System log (syslog) error messages

show messages
Help syslog
18
Juniper documentation set

(less pictures) is online
juniper@R16> help syslog RPD_OS_MEMHIGH
Name:
RPD_OS_MEMHIGH
Message:
Using <kilobytes-used> KB of memory, <percentage-used> percent of available
Help:
rpd memory use is excessive
Description:
The routing protocol process (rpd) is using the indicated amount and percentage
of Routing Engine memory, which is considered excessive.
Type:
Event: This message reports an event, not an error
Severity:
error
Cause:
Either rpd is leaking memory or the use of system resources is excessive,
perhaps because routing filters are
misconfigured or the configured network topology is very complex.
Action:
Increase the amount of RAM in the Routing Engine.
19
Command History
Command history for CLI and configure

mode
Up / Down arrow (VT100)

(Ctrl-P / Ctrl-N)
show cli history (CLI mode only)
Default is to show last 100 commands

<count> Maximum number of commands to
display
20
Edit Line Commands
Based on Unix Emacs Editor

Exactly Like Cisco
Ctrl-U
Erase Line
Ctrl-W Erase word
Ctrl-A / Ctrl-E Goto Beginning/End of line
Ctrl-F
Forward
Ctrl-B
Backwards
delete/backspace Delete char before cursor
Crtl-L
Redraw line
21
Unix less (more) output
All output in Junos is Unix less
just like more but with additional options
Output does not scroll off the screen

/ string search
n repeat search
q quit
b previous screen
space next screen
s filename
(saves in user default directory /var/home/user)
Enter line
h help
N full listing
G End of file
Example:
show interfaces
/ lo0
22
Overview
Command hierarchy
Less Specific
clear configure monitor set
show
bgp chassis interfaces isis ospf route version
brief
exact
protocol
table
terse
More Specific
23
show cli / set cli
show cli
juniper@R1> show cli

CLI complete-on-space set to on
CLI idle-timeout disabled
CLI restart-on-upgrade set to on
CLI screen-length set to 24
CLI screen-width set to 80
CLI terminal is 'unknown'
CLI is operating in enhanced mode
set cli
Change any of the cli parameters
24
show cli / set cli
> set cli terminal vt100
25
Interface Commands
show interface
show interface terse
show interface terse so*
Summary view of all Sonet interfaces
show interface extensive

show interface fxp1 detail
(like Ciscos show ip interface brief)
What will this command do?
show interface fxp1 extensive
26
Interface Commands
show
interfaces statistics
Display
statistics and detailed information
clear
interfaces statistics <interfacename>

Zero
clear
interface statistics
interfaces statistics all
Zero
statistics on all interfaces
27
Misc Commands
request
support information
(like
Ciscos show tech)

Use your Unix more options
Try
using your more options
28
Misc Commands
show version
show system software
Show loaded JUNOS extensions
show system boot-messages
Software process that are running on the system
Show boot time messages
show system processes

Show the process table
Like Cisco sh proc cpu
show system storage
Display statistics about the amount of free disk space in the routers
file systems.
show system ?
show chassis?
29
Misc Commands
juniper@Yoda> show chassis hardware
Hardware inventory:
Item
Version Part number
Chassis
Midplane
REV 03
710-001950
Power supply A
Rev 04
740-002497
Display
REV 04
710-001995
Host
FEB
REV 12
710-001948
FPC 0
PIC 0
REV 04
750-002992
PIC 1
REV 03
750-003037
PIC 3
REV 01
750-002982
FPC 1
PIC 0
REV 03
750-003037
PIC 2
REV 01
750-002982
PIC 3
REV 01
750-002982
Serial number
58922
HF0581
MC10675
HE8128
b2000007c86cdf01
HA4462
Description
M10
HE1751
HD0421
HF2513
4x F/E, 100 BASE-TX

4x T1, RJ48
1x Tunnel
HD0445
AJ2936
AK4006
4x T1, RJ48
1x Tunnel
1x Tunnel
AC
Present
Internet Processor II
30
Date/Time Commands
set date 200105170947.00
show system uptime
(YYYYMMDDhhmm.ss)
Display the current time and information about how long the
router, router software, and routing protocols have been running.
set date ntp

Use an NTP server to synchronize the current date and time
setting on the router from the CLI.
set date ntp 132.163.4.101
Set from specific server (NIST Clock)

http://www.boulder.nist.gov/timefreq/service/time-servers.html
set date ntp
Use the NTP servers from the configuration
31
User Commands
show system users
request system logout user username
Show users currently logged into the system

show user also works
Force a user out of CLI
request message all
Send a text message to all other users
32
Cool Commands
monitor interface <interface>
monitor interface traffic
Display real-time statistics about a physical interface
Display real-time traffic data for all active interfaces
May need to set terminal type
set cli terminal vt100
33
Command Pipes
>show interfaces | ?
>show interfaces | count
>show interfaces | match fxp1
>show interfaces | find fxp1
>show interfaces | save filename
>show log bgp.log | match open
>show log bgp.log | no-more
>file show Demo | find fxp1
34
Configuration Mode
Configure - Like Cisco config t
Configure the JUNOS software with

configuration statements
The configure is indicated by the presence of

the #" prompt
it is preceded by a string that defaults to the
name of the user and the name of the router.
For example: user@host#
35
Configuration Mode Overview
You edit a copy of current configuration called the

candidate configuration
Changes you make are visible to other CLI users
Changes they make might conflict with your changes
Changes do not take effect until you commit them
When committed, candidate configuration

becomes active and a new candidate is created
36
Candidate configuration
Initially a copy of the current active

configuration
Changes do not take effect until commit
command
Commit
Candidate
Configuration
rollback n
Active
Configuration
0
/config/juniper.conf.n (n=0-3)
/var/db/config/juniper.conf.n (n=4-49)
37
49
Configuration Mode 10,000

Foot View
Move around statement hierarchy using

edit command
Like UNIX cd command
Alter configuration using set & delete

command
Activate configuration using commit

command
38
configure command
enter configuration mode

configure the JUNOS software with
user@host> configure
Entering configuration mode
[edit]
user@host#
39
exit command
exit at the top level exits configuration

mode and puts you back into operational
mode
quit is the same as exit
40
set command
Use the set command to add or change

set command creates configuration statements, or

changes them if they already exist
#set system host-name Denver

#set interface fxp2 unit 0 family inet address 1.1.1.1/24
#set routing-options router-id 2.2.2.2
41
show command
You can view the candidate configuration

within config mode.
In config mode:
show interfaces
Shows the interfaces section of the config
In CLI mode:
show interfaces
Shows the the state of the interfaces on the
router
42
show command
Use the show command to see the candidate

configuration
Begins at current hierarchy level
#show
You can specify starting level
#show system
#show interfaces
#show interfaces fxp1
#show routing-options
#show protocols
43
delete command
Remove configuration statements

#edit interfaces fxp1 unit 0
#show
#set family inet address 1.1.1.1/24
#show
#delete family inet address 1.1.1.1/24
#show
#top
#delete protocol ospf
#delete protocol bgp
44
Move around the Hierarchy
Configuration statements organized as a tree
Similar to UNIX/Windowsstyle directories
Less Specific
top
chassis firewall interfaces protocols system more
alarm
atm
clock
e3
fpc
ethernet
sonet
t3
More Specific
45
Move around the Hierarchy
Use the edit command to focus your attention on a

particular part of the hierarchy
top
chassis firewall interfaces protocols system more
alarm
atm
clock
e3
fpc
ethernet
sonet
t3
user@host# edit chassis alarm ethernet

[edit chassis alarm ethernet]
46
edit command
Edit is like doing a cd in Unix or DOS
You move down the directory level

With Edit you move down the command hierachy
Example:
#top
#show
#edit interfaces
#show
#top
Edit ?
47
top
top level moves to top of edit hierarchy

Like a unix cd /
Example:
#edit interfaces
#show
#top
#show
48
up
move up one level in edit hierarchy

Like a unix cd ..
Example:
#edit system login

#show
#up
#show
#up
#show
49
More on the exit command
Use the exit command to move back to

where you just were
exit at the top level exits configuration mode and

puts you back into operational mode
exit configuration-mode exits no matter where
you are
Example:
#edit system login
#show
#exit
#show
50
commit command
Activate configuration changes using the commit

command
commit - checks configuration syntax and activates it
commit check - Syntax check only, do not apply

changes
commit and-quit - Quit configuration mode if commit

succeeds
commit confirmed next page
51
commit confirmed option
commit confirmed - Automatically rollback if not

confirmed.
By default, the configuration runs for 10 minutes before

the rollback.
You can change the time by specifying the number of

minutes at the end of the command.
If you do not want the rollback to occur, issue a second

commit command before the rollback occurs.
Current config is juniper.conf (/config on flash)

Saved configs are juniper.conf.1, juniper.conf.2,
,juniper.conf.9
52
commit synchronize option
Redundant route engine config

synchronization
method of ensuring that the configurations

on the master and backup routing engines
remain identical.
causes the commit to fail unless the

configuration is successfully committed on
both routing engines
53
Back out Changes
Use the rollback command to restore one of the last

50 previously committed configurations
rollback or rollback 0 resets the candidate

configuration to the currently running configuration,
which is the last version committed.
rollback 1 loads the configuration before that
and so on
54
Configure Example
>configure
#show
#set system host-name Dallas
#show
#show system
#commit
#exit
55
Configure Example
>configure
#edit system
#show
#set host-name LA
#show
#up
#show
#commit
#show
#rollback 1
#show
#commit
#exit
56
status command
Display other users configuring router
Multiple users can edit the same candidate

configuration, and the configuration changes are
visible to everyone.
If another user is in the configuration mode at the

same time, this information is displayed when you
enter the configuration mode
>configure exclusive
>configure private
57
save command
save filename
saves the configuration to an ASCII file on
hard drive, floppy drive, ftp site,
Default directory is your user directory

/var/home/username
saves from current level and below

#top
#save filename
Note: only commit activates and saves all

your changes to flash (/config).
58
show configuration command
Use the show configuration command from the CLI to

see the running config
>show configuration
>show conf
Just like Ciscos show running
You can also specify starting level
>show
>show
>show
>show
configuration
configuration
configuration
configuration
system
interfaces
routing-options
protocols
59
Configuration File Differences
Show differences between candidate

configuration file and
Active configuration
Rollback configuration
Any saved configuration file
# show | compare rollback number

# show | compare filename
Configuration mode only

Like Unix diff
60
Load a Configuration File
Configuration information can come from an ASCII

file prepared offline
Syntax
load (replace | merge | override) filename
Changes candidate configuration only

You must commit to activate
Use the load command to
Override an existing configuration
To replace an entire configuration, specify the override option.
merge new statements into existing configuration

replace existing statement in current configuration
(using replace: tags in a file)
61
Cut and Paste

load
can take input from the terminal
load (replace | merge | override) terminal
Copy
your config to Windows buffer

Enter JUNOS config mode
load override terminal
Paste from Windows buffer
Press ctrl-d to tell JUNOS you are
done
62
Save and Load

Configuration Files
commit
Candidate
configuration
Active
configuration
0
load
save
rollback n
...
63
Delete entire config

>configure
#save demo
#delete
#show
#load replace ?
#load replace demo
#show
OR
>configure
#delete
#show
#rollback
#show
64
run command
Execute CLI commands from configuration

mode with the run command
#run show interface fxp0

#run show bgp sum
65
rename command
When modifying a configuration, you can

rename an identifier that is already in the
configuration.
You can do this either by deleting the

identifier (using the delete command) and
then adding the renamed identifier (using
the set and edit commands),
or you can rename the identifier using the

rename configuration mode command
66
rename command
[edit]
juniper@R16# show interfaces
so-1/2/3 {
unit 0 {
family inet {
address 1.1.1.1/24;
}
}
}
[edit]
juniper@R16# rename interfaces so-1/2/3 to so-2/2/3
[edit]
juniper@R16# show interfaces
so-2/2/3 {
unit 0 {
family inet {
address 1.1.1.1/24;
}
}
}
67
Configuration
Command Summary
Add and modify configuration statements
Display current configuration
rollback command
Remove configuration statements
commit command
Return to previously saved configuration
show command
Save, validate, and activate a complete configuration
edit, set, rename, and insert commands
delete command
Display other users configuring router
status command
68
Directories on the Router

/config (flash)
juniper.conf, juniper.conf.1, juniper.conf.2, and juniper.conf.3
/var (disk)
/var/home - users home directories
/var/db/config - juniper.conf.4 through juniper.conf.49
/var/log - Contains system log and tracing files
/var/tmp - core files, temp directory for new software
/var/crash - dump files
/altroot (disk)
request system snapshot command
the root file system (/) is backed up to /altroot
/altconfig (disk)
request system snapshot command
/config directory is backed up to /altconfig.
69
Filenames
In some CLI commands and configuration

statements you can include a filename.
Including: file copy, load, save, set system login user

user-name authentication load-key-file, and request
system software add.
70
Filenames
You can specify a filename in one of the following ways:

filename
path/filename
File on an scp/ssh client. You can also specify hostname as

username@hostname or username:password@hostname.
ftp://hostname/path/filename
File on local removable media. Can be in MS-DOS or UNIX (UFS) format.
hostname/path/filename or scp://hostname/path/filename
File on the local hard disk.
a:filename or a:path/filename
File on the local flash disk.
/var/filename or /var/path/filename
File in the users home directory on the local hard disk. This is the default.
File on an FTP server. You can also specify hostname as username@hostname

or username:password@hostname.
http://hostname/path/filename
File on an HTTP server.
71
File Commands
file ?
file list
List of files
(remember, default is your home directory)
file show filename
Display the contents of a file
file delete filename

file copy
file copy demo ftp://nick:[email protected]/demo
Can use wild cards *
show system storage
72
File Commands
file copy /tmp/dir1/* /tmp/dir2/

file delete /tmp/200206*
file list /tmp/fo*
file copy /tmp/stats/20020615* a:/stats/
file rename /tmp/fo* /tmp/goo
File copy does not support wildcarding for FTP
operations
73
ftp
You can also use ftp from the CLI prompt
ftp 10.1.1.101
bi
hash
lcd
/var/tmp
get JUNOSfilename
Note: This is a hidden command
74
Periodic Configuration
Uploads
Automatic uploads of configuration files ( config/juniper.conf or

/config/juniper.conf.gz)
Uses ftp
Destination file name is
<router-name>_juniper.conf[.gz]_YYYYMMDD_HHMMSS.conf
Configuration:
system {
archival {
configuration {
transfer-interval <minutes>;
transfer-on-commit;
archive-sites {
ftp://dump:[email protected]/pub/incoming/config;
ftp://no:[email protected]/pub/blah
}
}
}
}
75
System Logging and Tracing
76
Syslog Options Example

syslog {
file filename {
facility level;
archive {
files number;
size size;
(world-readable | no-world-readable);
}
}
host hostname {
facility level;
}
user (username | *) {
facility level;
}
console {
facility level;
}
archive {
files number;
size size;
}
}
77
Syslog Facilities
Specify the class (facility) of messages to

log and the minimum severity level of the
message
Facilities
anyAny facility
authorizationAuthorization system
cronCron daemon
daemonVarious system daemons
interactive-commandsCLI commands
kernelMessages generated by the JUNOS kernel
userMessages from random user processes
78
Syslog Levels
Severity levels, in order of decreasing severity
emergencyPanic or other conditions that make the

system unusable
alertConditions that should be corrected
immediately, such as a corrupted system database
criticalCritical conditions, such as hard drive errors
errorStandard error conditions
warningSystem warning messages
noticeConditions that are not error conditions, but
that might warrant special handling
infoInformational messages (the default)
anySoftware debugging messages
79
Syslog Levels
Setting a severity level causes router to log all

messages at that level and more severe
For example
Logging at the critical level also causes alert and

emergency messages to appear
emergency alert critical error warning notice info any
More severe
80
Syslog Options
Writing to a file
By default, files are placed in /var/log on the routers

hard disk
file filename {
facility level;
archive {
files number;
size size;
}
}
81
Types of Syslog
Write to a host
Write to a user
host hostname {
facility level;
}
user (username | *) {
facility level;
}
Write to the console
console {
facility level;
}
82
Syslog Example
syslog {
/* send all security-related information to file "security" (/var/log/security) */
file security {
authorization info;
interactive-commands info;
}
/* send generic messages (authorization at level notice and above,
the rest at level warning and above) to file "messages" */
file messages {
authorization notice;
any warning;
}
/* send any critical messages to alex if he is logged in */
user alex {
any critical;
}
/* send all daemon, level info and above, or anything, warning and above, to
hot-dog.juniper.net */
host hot-dog.juniper.net {
daemon info;
any warning;
}
/* send any error messages, or higher, to the system console */
console {
any error;
}
}
83
Types of Tracing
You can enable tracing for
Global tracing operations

Define
Protocol-specific tracing operations

Define
tracing for all routing protocols

tracing for a specific routing protocol
Tracing operations within individual routing

protocol entities
Define
more granular tracing operations for some

protocols
Interface tracing operations

Define
tracing operations for individual router

interfaces and for the interface process itself
84
General Tracing
Tracing for each software feature shares

similar configuration
[edit feature-name]
user@host# show
traceoptions {
file filename [replace] [size size] [files number]
flag flag [flag-modifier] [disable];
}
[no-stamp];
Each feature allows tracing to only one file
You can trace multiple options (flags) to each

file
85
Trace Options
set traceoptions file filename
files (default 10)

size (default 128k)
world-readable
set traceoptions flag
What do you want to look at?

Various options that are different based on where
you are in the hierarchy
86
OSPF Trace Options
Example:
#edit protocols ospf
#set traceoptions file ospf.log
#set traceoptions flag ?
Possible completions:
all
database-description
error
event
flooding
general
hello
lsa-ack
lsa-request
lsa-update
normal
packet-dump
packets
policy
route
spf
state
task
timer
Trace everything
Trace database description packets
Trace errored packets
Trace OSPF state machine events
Trace LSA flooding
Trace general events
Trace hello packets
Trace LSA acknowledgement packets
Trace LSA request packets
Trace LSA update packets
Trace normal events
Dump the contents of selected packet types
Trace all OSPF packets
Trace policy processing
Trace routing information
Trace SPF calculations
Trace state transitions
Trace routing protocol task processing
Trace routing protocol timer processing#set traceoptions flag all
#commit and-quit
>monitor start ospf.log
Watch for messages
>monitor stop
87
IS-IS Trace Options
Example:
#edit protocols isis
#set traceoptions file isis.log
all
csn
error
general
hello
lsp
lsp-generation
normal
packets
policy
psn
route
spf
state
task
timer
Trace
Trace
Trace
Trace
Trace
Trace
Trace
Trace
Trace
Trace
Trace
Trace
Trace
Trace
Trace
Trace
everything
Complete Sequence Number packets
errored packets
general events
Hello packets
Link State packets
LSP generation
normal events
IS-IS packets
policy processing
Partial Sequence Number packets
routing information
SPF events
state transitions
routing protocol task processing
routing protocol timer processing#commit and-quit
#commit and-quit
>monitor start isis.log
Watch for messages
>monitor stop
88
BGP Trace Options
Example:
#edit protocols bgp
#set traceoptions file bgp.log
all
aspath
damping
general
keepalive
normal
open
packets
policy
route
state
task
timer
update
Trace everything
Trace general events

Trace
Trace
Trace
Trace
Trace
Trace
Trace
Trace
Trace
normal events
BGP open packets
all BGP protocol packets
policy processing
routing information
state transitions
routing protocol timer processing
BGP update packets#commit and-quit
#commit and-quit
>monitor start bgp.log
Watch for messages
>monitor stop
89
Interface Trace Options
Example:
#edit interfaces
#set traceoptions file interface.log
all
Enable all interface trace flags
event
Trace interface events
ipc
Trace interface IPC messages
media
Trace interface media changes
#commit and-quit
>monitor start interface.log
Watch for messages
>monitor stop
(can also enable different flags per specific interfaces)
90
Routing-options Trace Options
Example:
#edit protocols routing-options
#set traceoptions file generalrouting.log
all
config-internal
general
normal
parse
policy
regex-parse
route
state
task
timer
Trace
Trace
Trace
Trace
Trace
Trace
Trace
Trace
Trace
Trace
Trace everything
configuration internals
general events
normal events
configuration parsing
policy processing
regular-expression parsing
routing information
state transitions
routing protocol timer processing#commit and-quit
#commit and-quit
>monitor start generalrouting.log
Watch for messages
>monitor stop
91
Syslog and Traceoptions Files
By default, trace files are stored in /var/log
Viewing stored log files
>show log
list of log files in /var/log
View a specific log
>show log filename

more the filename
92
Monitor Options
Use the monitor CLI command to view realtime log information

user@host> monitor (start | stop) filenames
Shows new entries in monitored files until

canceled
93
Monitor Options
>monitor start filename

like Unix tail f
multiple people can view log files at same time
>monitor stop filename
Stop monitoring a log file
>monitor stop
Stop monitoring all log files
Like Cisco no debug all
>monitor list
Display status of monitored files
94
Log Files
System keeps all log files in /var/log
>show log
list of log files in /var/log
>show log filename
more filename
>monitor start filename
like Unix tail f
messages file contains running commentary about

system operation (Syslog)
Can be tuned to provide minimal to extensive logging
>show log messages
95
JUNOS Software
96
JUNOS Software
Juniper has one software package that runs on all of our

platforms!
Arrives preinstalled from factory onto
Can boot from alternate copy
Flash drive
Hard drive (alternate copy)
PCMCIA flash card (use as a last resort)
If flash drive fails, router can still boot from hard drive or
removable media
Upgradable
Upgrade packages available through the Internet or on

removable media
97
Boot Sequence
Hardware controlled
Software notifies hardware when boot completes
Removable
media
Success?
Done
Solid-state
flash disk
Rotating
disk
Success?
Done
Halt
Success?
Done
98
JUNOS Software Version?
CLI commands to display installed packages
show system software

show version
99
JUNOS Software
Each JUNOS software release consists of the

base operating system (jbase) and software
packages:
jkernel - Operating system package

jbaseAdditions to the operating system
jroute - Software that runs on the Routing Engine
jpfe - Software that runs on the routers Packet
Forwarding Engine
jdocs - Documentation for the software
jcryptoEncryption software (in domestic software
only)
The four packages are also grouped together in

a bundle, which is called jbundle.
100
jbundle vs jinstall
jinstall contains all packages plus jkernel

and jbase; you can always use it to upgrade
Jbundle only contains the packages
Check release notes to make sure you are
allowed to upgrade using jbundle
If in doubt, upgrade using jinstall
101
JUNOS Package Naming

Convention
Software packages have standard names
Package-m.nZnumber.tgz
m.n is the major version
Z is a single uppercase letter

A-
Alpha
B- Beta
R Release
I Internal Test or Experimental
Number is the release number
102
JUNOS Package Naming

Convention
jinstall-7.3R1.2-domestic.tgz
Software version 7.3

Released software
Release 1
Build 2
Domestic export restricted version
103
>request system snapshot
Back up the currently running and active file

system so that you can recover to a known,
stable environment in case something goes
wrong with an upgrade
/altroot
the root file system (/) is backed up to /altroot
/altconfig
/config directory is backed up to /altconfig.
Use >request system software rollback to

recover
Do this before you load new software.
104
Software Upgrade Process
Download the software packages you need

from the Juniper Networks Support Web
page
http://www.juniper.net/support/
Back up the currently running and active file

system so that you can recover to a known,
stable environment in case something goes
wrong with the upgrade
request system snapshot
105
Software Upgrade
Copy the jbundle|jinstall software package

to the router you are going to upgrade.
We recommend that you copy it to the

/var/tmp directory, which is on the hard disk
and is a large file system.
file copy ftp://userid:password@ftp-server-address/JUNOSfilename /var/tmp/JUNOSfilename
One big command

uses FTP, SCP, or SFTP(not TFTP)
Example:
file copy ftp://juniper:[email protected]/jbundle-7.3R1.2-domestic-signed.tgz /var/tmp/jbundle-7.3R1.2-domesticsigned.tgz
106
Software Upgrade
You can also use ftp from the Cli prompt
ftp 10.1.1.101
bi
hash
lcd
/var/tmp
get JUNOSfilename
107
Software Upgrade
Add the new package
>request system software add filename
Filename could be:

/var/tmp/jbundle-5.3R1.2-domestic-signed.tgz
ftp://168.1.2.3/jbundle
7.3R1.2-domestic-signed.tgz
uses FTP, SFTP, or SCP (not TFTP)
If JTAC or software requests, reboot router
root@lab2> request system reboot
108
Software Upgrade
After you have upgraded or downgraded the

software and are satisfied that the new
software is successfully running, issue the
request system snapshot command to back
up the new software
request system snapshot
109
Initial system configuration
110
Basic system start up and

shut down
Powerup
Turn on power supply
Power down
>request system halt
Reboot
>request system reboot
111
The first time you login
Start the CLI manually

lab2 (ttyd0)
login: root
Password:
Last login: Fri Feb 18 19:23:16 on ttyd0
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California.
---JUNOS 4.1R1 built 2000-07-24 09:29:44 UTC
% cli
root@lab2>
root@lab2> quit
% logout
lab2 (ttyd0)
login:
112
root login
Root password
Root password not set at factory
Special treatment for root login
Can only log in as root from console port

Unless
root-login is specifically enabled
Must create additional user with superuser

privileges to log in via network ports
Be sure to review security implications
113
Initial Configuration
Root password
Root password not set at factory

Must use console to configure root password
Router name
Management interface (fxp0) IP address and
prefix length
Default route
DNS server IP address
Turn on ssh or telnet or ftp
114
Enter configuration mode

root@> configure
[edit]
root@#
Set root password
Plain text known

root@# set system root-authentication plain-text-password
115
Set router name

[edit]
root@# set system host-name Denver
Set router domain name

[edit]
root@# set system domain-name juniper.net
116
Set management Ethernet IP address and

prefix
[edit]
root@lab2# set interfaces fxp0 unit 0 family inet address ipaddress/prefix-length
Set default route

[edit]
root@lab2# set system backup-router gateway-address
root@lab2# set routing-options static route default nexthop gatewayaddress retain
Set name server address

[edit]
root@lab2# set system name-server ns-address
117
Commit changes so far

[edit]
root@# commit
commit complete
[edit]
root@Denver#
118

configure
set system
set system
set system
set system
host-name Denver
domain name juniper.net
services telnet
services ftp
set system root-authentication plain-text-password

set system login user juniper authentication plain-text-password
set system login user juniper class superuser
set syslog file filename interactive-commands info
set interfaces fxp0 unit 0 family inet 1.1.1.1/24
set system backup-router gateway-address
set routing-options static route default nexthop gateway-address
commit
119
>set date
From the cli
120
References
http://www.juniper.net/products/
http://www.juniper.net/solutions/
Juniper Products
White papers, Application Notes, Brochures, Solution

Briefs,
http://www.juniper.net/company/presscenter/imagelibrary/library.h
tml
Image Library
PPT Icons, Visio Stencils, JPEG, GIF, BMP, etc
121
References
Configuration guide:
Installation and system management
www.juniper.net/support
www.juniper.net/techpubs
Software upgrades, support related info
Electronic versions of all documentation

HTML, PDF, Tar, Palm Pilot, CD-ROM TAR, eBook
www.juniper.net/techpubs/qrc/
Technical Documentation Quick Reference Cards in PDF

Hardware, Installation, Command-Line Interface, Interfaces,
Routing Protocols
122
www.juniper.net
Get access to restricted areas of Juniper.net
Support and software downloads
http://www.juniper.net/gainaccess.htm
123
JTAC Resources
JTAC
Contact Information
Email
support: [email protected]
Phone support for U.S. customers and
Partners: 888-314-JTAC (5822)
Phone support for international
customers: 408-745-2121
Juniper.net Case Manager: (
http://www.juniper.net/support/)
124
Juniper Networks Technical

Certification Program (JNTCP)
Technical Certification Program

Overview
Exam Registration
Resources
Recertification Requirements
FAQs
Technical Education
Certification Statistics
http://www.juniper.net/training/certification/
125
Thank you!
John Jacobs
[email protected]
http://www.juniper.net

Junos CLI Demo v4.5

Uploaded by

Copyright:

Available Formats

Junos CLI Demo v4.5

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Junos CLI Demo v4.5

Uploaded by

Copyright:

Available Formats

JUNOS CLI Demo

(Live on T640 lab routers or external)

Firewall Filters (ACLs; basics and configuration)

Routing configuration (OSPF, BGP, RSVP, LDP)

(presentation with Q&A)

(Live on T640 lab routers or external)

Policy (basics and configuration)

(Live on T640 lab routers or external)

Juniper Networks, Inc. Copyright

JUNOS CLI Demo

This Demo is meant to establish a basic

Juniper Networks, Inc. Copyright

JUNOS always uses CIDR notation

Juniper Networks, Inc. Copyright

Each router has three permanent interfaces:

out-of-band management interface

Internal Ethernet interface.

Internal Ethernet interface.

Juniper Networks, Inc. Copyright

On the router, you can configure one physical

Juniper Networks, Inc. Copyright

Juniper Networks, Inc. Copyright

Juniper Interface Naming

Type - The interface name, which defines the

POS interface on FPC 0, PIC 0, port 1

Juniper Networks, Inc. Copyright

Logical Interface Settings

Each physical interface has one or more

Like a Cisco sub-interface

Logical interface separates configuration

Juniper Networks, Inc. Copyright

Logical interfaces are used to set up

Logical interface number (unit) is

Juniper Networks, Inc. Copyright

Juniper Interface Naming

ae - Aggregated Ethernet interface.

Juniper Networks, Inc. Copyright

We always number from zero

Juniper routers always start numbering at zero.

FPC #32 (we see this in the TX only)

Juniper Networks, Inc. Copyright

Ways to access the router

For security reasons, no remote access to the router is

Authentication using TACACS+ or RADIUS

Separate login, authentication, and permissions

Juniper Networks, Inc. Copyright

CLI - Like Cisco enable mode

The CLI is indicated by the presence of the

For example: user@host>

Juniper Networks, Inc. Copyright

Command line completion

Use Space or tab

<TAB> will auto-complete user-defined

Juniper Networks, Inc. Copyright

Type ? anywhere on command line

help for top level of hierarchy

list of matching commands at current level in

question mark is your friend!

Juniper Networks, Inc. Copyright

Get Help with ?