Configuring Juniper Networks Routers

Module 1: JUNOS Software CLI Review

Copyright © 2006, Juniper Networks, Inc. CJNR-M-7.a.7.6.1

 Module Objectives
 After successfully completing this module, you will be
able to:
– Log in to a Juniper Networks J-series, M-series or T-series
router
– Issue operational-mode commands
– Enter the configuration mode
– Navigate the candidate configuration
– Modify the candidate configuration
– Commit a new active configuration
– Compare configuration files
– Save and manipulate configuration files
– Run operational-mode commands while in configuration
mode

Copyright © 2006, Juniper Networks, Inc.

 Agenda: CLI Overview
 Gaining Access to the CLI
 CLI Modes and Feature Overview
 Configuration Mode

Copyright © 2006, Juniper Networks, Inc.

 Access Router’s Management Ports
 Console
– Db9 EIA-232 @ 9600 Bps, 8/N/1 (preconfigured)
 Management port, using Telnet, SSH
– Requires configuration
 J-series, M-series and T-series use same interface

OFFLINE ONLINE MASTER FAIL OK

NC RE0 FPC0
C FAIL OK
NO ACO/LT AUX/MODEM MGMT CONSOLE FPC1
FAIL OK
NC
C FPC2
FAIL OK
NO RE1
OFFLINE ONLINE MASTER FPC3

Copyright © 2006, Juniper Networks, Inc.

 Agenda: CLI Overview
 Gaining Access to the CLI
 CLI Modes and Feature Overview
 Configuration Mode

Copyright © 2006, Juniper Networks, Inc.

 CLI Modes and Feature Overview
 CLI operational mode
– Editing command lines
– Command completion/history
– Context-sensitive and documentation-based help
– UNIX-style pipes
 CLI configuration mode
– Object-oriented hierarchy
– Configuration groups
– Jumping between levels
– Candidate configuration with sanity checking
– Automatic rollback capability
– Showing portions of configuration while configuring
– Running operational-mode commands from within configuration
– Saving, loading, and deleting configuration files
– Wildcard deletes

Copyright © 2006, Juniper Networks, Inc.

 CLI Operational Mode
 Commands are executed (mainly) from the default CLI
level (user@host>)
– Can be executed from configuration mode with the run
command
– Hierarchy of commands

clear bgp brief

configure chassis exact

monitor interfaces protocol

set isis table

show ospf terse

route

version
Copyright © 2006, Juniper Networks, Inc.
 Editing Command Lines
 EMACS-style editing sequences are supported

lab@omaha> show interfaces

 Configure/set a VT-100 terminal type to use arrow keys in addition to EMACS-based control sequences

Keyboard Ctrl-b
sequence lab@omaha> show interfaces

Ctrl-a
lab@omaha> show interfaces
Cursor position
Ctrl-f
lab@omaha> show interfaces

Ctrl-e
lab@omaha> show interfaces

Copyright © 2006, Juniper Networks, Inc.

 Command Completion
Space bar completes a command
lab@HongKong> sh<space>ow i<space>
^'i' is ambiguous.
Possible completions:
igmp Show Internet Group Management Protocol information
ike Show Internet Key Exchange information
ilmi Show interim local management interface information
interfaces Show interface information
ipsec Show IP Security information
ipv6 Show IP version 6 information
isis Show Intermediate System-to-Intermediate System
information
lab@HongKong> show i

Tab key completes a variable

Copyright © 2006, Juniper Networks, Inc.

 CLI Modes
 Operational mode
– Monitor and troubleshoot the software, network connectivity,
and router hardware
The > character identifies
lab@host> operational mode

 Configuration mode
– Configure the router, including interfaces, general routing
information, routing protocols, user access, and system
hardware properties

[edit]
lab@host# The # character identifies
configuration mode

Copyright © 2006, Juniper Networks, Inc.

 Context-Sensitive Help
Type a question mark (?) anywhere on command line
lab@host> ?
Possible completions:
clear Clear information in the system
configure Manipulate software configuration information
file Perform file operations
help Provide help information
. . .
lab@host> clear ?
Possible completions:
arp Clear address resolution information
bfd Clear Bidirectional Forwarding Detection
information
bgp Clear Border Gateway Protocol information
cli Clear command-line interface settings
firewall Clear firewall counters
. . .

Copyright © 2006, Juniper Networks, Inc.

 Topical Help
The help topic command provides information on concepts
lab@Sydney> help topic groups ?
Possible completions:
apply-groups Specify where configuration group is inherited
apply-groups-except Specify where configuration group is not inherited
display-inheritance Show statements inherited from configuration group
examples Overview of configuration group examples
groups Create configuration group
junos-defaults Default junos-defaults configuration group
overview Configuration groups overview
wildcards Wildcard use in configuration groups

lab@host> help topic icmp lifetime

Using Wildcards with Configuration Groups

You can use wildcards to identify names and allow one statement to provide
data for a variety of statements. For example, grouping the configuration
of the sonet-options statement over all SONET/SDH interfaces or the dead
interval for Open Shortest Path First (OSPF) over all Asynchronous
. . .

Copyright © 2006, Juniper Networks, Inc.

 Getting Help on Configuration Syntax
The help reference command provides
configuration-related information
lab@host> help reference groups apply-groups
apply-groups

Syntax

apply-groups [ group-names ];

Hierarchy Level

All hierarchy levels

Release Information

Statement introduced before JUNOS Release 7.4.

Description

Apply a configuration group to a specific hierarchy level in a

configuration, to have a configuration inherit the statements in the
configuration group.

You can specify more than one group name. You must list them in order of
inheritance priority. The configuration data in the first group takes
. . .

Copyright © 2006, Juniper Networks, Inc.

 Using | (Pipe)
 The pipe function is used to filter output
– Available in all modes and context

user@host> show route | ?

Possible completions:
count Count occurrences
display Display additional information
except Show only text that does not match a pattern
find Search for the first occurrence of a pattern
hold Hold text without exiting the --More-- prompt
last Display the last screen of lines in the output
match Show only text that matches a pattern
no-more Don't paginate output
request Make system-level requests
resolve Resolve IP addresses
save Save output text to a file
trim Trim specified number of columns from start of line

Copyright © 2006, Juniper Networks, Inc.

 Key Operational-Mode Commands
 Where we are going…
– Rebooting and shutting down
– Analyzing log and trace files
– Miscellaneous log file commands

Copyright © 2006, Juniper Networks, Inc.

 Rebooting and Shutting Down
 You should always gracefully shut down JUNOS
software before removing power
– Rebooting the system:
user@host> request system reboot ?
Possible completions:
<[Enter]> Execute this command
at Time at which to perform the operation
in Number of minutes to delay before operation
media Boot media for next boot
message Message to display to all users
| Pipe through a command
– Shutting down the system:
lab@San_Jose-3> request system halt ?
Possible completions:
<[Enter]> Execute this command
at Time at which to perform the operation
both-routing-engines Halt both Routing Engines
in Number of minutes to delay before operation
media Boot media for next boot
message Message to display to all users
| Pipe through a command

Copyright © 2006, Juniper Networks, Inc.

 Analyzing Log and Trace Files
 Log and trace files are stored in /var/log
– Use the show log file-name command to display contents
 Hint: Get help on available options at the more prompt by entering an h
 Be sure to make use of the CLI’s pipe functionality!

lab@host> show log messages | match fail

Jan 29 12:40:47 Montreal-3 rpd[2228]: RPD_ISIS_ADJDOWN: IS-IS lost L2
adjacency to Amsterdam-3 on so-0/3/1.0, reason: 3-Way Handshake Failed

– Cascade instances of the CLI’s pipe function to evoke a logical

AND type search:
lab@host> show log messages | match so-0/3/1 | match TRAP
Feb 18 18:51:28 Montreal-3 mib2d[2227]: SNMP_TRAP_LINK_DOWN: ifIndex
34, ifAdminStatus up(1), ifOperStatus down(2), ifName so-0/3/1.0

– Use quotes and the pipe (|) character to evoke a logical OR:
show log messages | match "fpc | sfm | kernel | panic”
show log messages | match "-0|-1|-2|-3|-4"

Search by message priority or keywords

Copyright © 2006, Juniper Networks, Inc.
 Miscellaneous Log File Commands
 Monitor a log/trace in real-time with the CLI’s monitor
command
user@host> monitor start filename
– Shows updates to monitored file(s) asynchronously
– monitor start filename | match pattern filters output
– Use Esc-Q to enable/disable real-time output to screen
– Issue a monitor stop command to cease all monitoring
 To stop a tracing operation, delete a trace flag or the entire
stanza:
[edit protocols bgp traceoptions]
user@host# delete flag open
 Log/trace file manipulation:
– Use the clear command to truncate (clear) log/trace files
user@host> clear log filename
– Use the file delete command to delete log/trace files
user@host> file delete filename

Copyright © 2006, Juniper Networks, Inc.

 Agenda: CLI Overview
 Gaining Access to the CLI
 CLI Modes and Feature Overview
 Configuration Mode

Copyright © 2006, Juniper Networks, Inc.

 Entering Configuration Mode
 Type configure or edit at the CLI operational-mode
prompt
root@lab2> configure
Entering configuration mode
[edit]
root@lab2#

 To allow a single user to edit the configuration, type

configure exclusive
 configure private allows the user to edit a private
copy of the candidate configuration
– Multiple users can edit private candidate configurations
simultaneously
– At commit time, the user’s private changes are merged back
into the global configuration

Copyright © 2006, Juniper Networks, Inc.

 Configuration Hierarchy
 Create a hierarchy of configuration statements
– Enter commands in CLI configuration mode
root@lab2# set chassis alarm sonet lol red

– And the resulting configuration hierarchy is created…

chassis {
alarm {
sonet {
lol red;
}
}
}

Copyright © 2006, Juniper Networks, Inc.

 Statement Hierarchy

top

Less Specific
chassis firewall interfaces protocols system etc.

alarm clock fpc

atm e3 ethernet sonet t3 More Specific

Copyright © 2006, Juniper Networks, Inc.

 Moving between Levels (1 of 2)
 Moving between levels of the statement hierarchy
– edit functions like a change directory (CD) command

[edit]
user@host# edit chassis alarm ethernet
[edit chassis alarm ethernet]
user@host#

top

chassis firewall interfaces protocols system etc.

alarm clock fpc

atm e3 ethernet sonet t3

Copyright © 2006, Juniper Networks, Inc.
 Moving between Levels (2 of 2)
[edit chassis alarm ethernet]
user@host# up

[edit chassis alarm]

user@host# top
[edit]

top

top
chassis firewall interfaces protocols system etc.

alarm clock fpc

up
atm e3 ethernet sonet t3

Copyright © 2006, Juniper Networks, Inc.

 CLI Enhancements
 Relative configuration commands
– Display/edit any portion of the hierarchy

[edit interfaces so-5/1/0 unit 0 family inet]

lab@host# top show system login
class superuser-local {
permissions all;
}Operational-mode show configuration command supports a configuration path

[edit interfaces so-5/1/0 unit 0 family inet]

lab@host# top edit protocols ospf
[edit protocols ospf]
lab@host#

lab@host> show configuration interfaces fxp0

unit 0 {
family inet {
address 10.250.0.134/16;
}
} Copyright © 2006, Juniper Networks, Inc.
Viewing Candidate Configuration
You can display just the portions
[edit]
that concern you from the root of
user@host# show chassis alarm the hierarchy…
sonet {
los red;
pll yellow;
}
[edit]

user@host# edit chassis alarm

[edit chassis alarm]
user@host# show
sonet { …or use edit to park yourself at a
los red; specific sub-hierarchy
pll yellow;
}
[edit chassis alarm]

Copyright © 2006, Juniper Networks, Inc.

Identifying Configuration File Differences
 Change the candidate configuration
[edit chassis]
user@host# set alarm sonet lol red
[edit chassis]
user@host# delete alarm sonet pll

 Display differences between the candidate and

active configurations
[edit chassis]
user@host# show | compare
[edit chassis alarm sonet]
+ lol red;
- pll yellow;

 Compare arbitrary files

user@host> file compare files filename_1 filename_2

user@host> show configuration | compare rollback number

Copyright © 2006, Juniper Networks, Inc.
 Removing Statements
 Statements added with set are removed with the
delete command
– Removes everything from the specified hierarchy down
– Use wildcard deletes to save time

[edit chassis alarm sonet] Note that the final argument (red) is
lab@host# show not specified in the delete statement
los red;

[edit chassis alarm sonet]

lab@host# delete los

 Pop Quiz: You have just disabled an interface with a

set interface interface-name disable
statement. How do you re-enable this interface?

Copyright © 2006, Juniper Networks, Inc.

 Activating a Configuration (1 of 2)

commit

Candidate Active
Configuration Configuration

0
rollback n

1 2 ... 49

Rollback files stored in

/config/juniper.conf.n (n=1–3)
/var/db/config/juniper.conf.n (n=4–49)

Copyright © 2006, Juniper Networks, Inc.

 Activating a Configuration (2 of 2)
 Remote configuration changes require caution
– Might disrupt remote connectivity to router
 Use commit confirmed to temporarily activate a configuration (default is 10
minutes)
 If configuration is not confirmed, router returns to previous configuration
automatically; a second commit confirms the changes
 Use the synchronize switch to mirror the new configuration
to a backup RE
 Support for scheduled and commented commits
– Use the commit at time option (Release 5.5)

[edit]
user@host# commit at 20:01:00
configuration check succeeds
commit at will be executed at 2003-08-08 20:01:00 UTC
The configuration has been changed but not committed
– Comments can be added
Exiting configuration modeto the commits log with the comment
switch (Release 6.1)

Copyright © 2006, Juniper Networks, Inc.

Copyright © 2006, Juniper Networks, Inc.
Backing out of Configuration Changes
 Use the rollback command to restore one of the last
50 previously committed configurations
 Use rollback (or rollback 0 ) to reset the
candidate configuration to the configuration currently
running (which is the last version committed)
– rollback 1 loads the configuration before that
– rollback n loads n configurations before that

Copyright © 2006, Juniper Networks, Inc.

 Exiting Configuration Mode
 Exiting levels
– Use exit from top level
– Use exit configuration-mode from any level
– Use commit and-quit as a time-saver

exit configuration-mode
Operational exit
Mode
top
exit/up
edit/configure [edit]

exit/up
[edit chassis]
edit chassis

edit alarm [edit chassis alarm]

commit and-quit

Copyright © 2006, Juniper Networks, Inc.

 Saving Configuration Files
 Save current candidate configuration using save command
[edit]
user@router# save filename
– File saved to user’s home directory unless full path name is
specified
– Only saves from the current hierarchy down!
 File name can specify:
– A URL
– A target on redundant Routing Engine
– SSH user@host:filename notation
 Additional capabilities:
– terminal option for save commands
 Simplifies load operations from terminal buffers
– Pipe option for display set
 Displays the set statements used to create a configuration
– Periodic saves to a remote host

Copyright © 2006, Juniper Networks, Inc.

 Loading Configuration Files
 Configuration information can come from an ASCII file or
terminal emulation capture buffer
 The load command supports various arguments:
– Override an existing configuration:
 load override filename
– Merge new statements into current configuration:
 load merge filename
– Replace existing statements in current configuration:
 load replace filename
– Take input from terminal capture buffer:
 load (replace | merge | override) terminal
– Load relative to current configuration hierarchy:
 load (replace | merge) (filename | terminal) relative
 Changes candidate configuration only
– You must issue a commit to activate

Copyright © 2006, Juniper Networks, Inc.

 run is Cool
 Use the run command to execute operational-mode CLI
commands from within configuration
– Can be a real time-saver when testing the effect of a recent
change
[edit interfaces so-0/1/1]
lab@Amsterdam# set unit 0 family inet address 10.0.24.2/24

[edit interfaces so-0/1/1]

lab@Amsterdam# commit Test configuration changes without
commit complete leaving configuration mode with run

[edit interfaces so-0/1/1]

lab@Amsterdam# run ping 10.0.24.1 count 1
PING 10.0.24.1 (10.0.24.1): 56 data bytes
64 bytes from 10.0.24.1: icmp_seq=0 ttl=255 time=0.967 ms

--- 10.0.24.1 ping statistics ---

1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.967/0.967/0.967/0.000 ms

Copyright © 2006, Juniper Networks, Inc.

 Review Questions
1. What are the two types of CLI modes?
2. How can you navigate up two levels in the configuration
hierarchy?
3. What is the purpose of using the confirmed switch when
committing changes?
4. What command restores the candidate configuration to
the currently active configuration?
5. How can you display differences between an active and
candidate configuration?
6. When loading configuration files, what is the difference
between the merge, override, and replace arguments?
7. How can you display the status of an interface while in
configuration mode?

Copyright © 2006, Juniper Networks, Inc.

Lab 1: The JUNOS Software CLI

Lab Objective:

Familiarization with the JUNOS software CLI

Copyright © 2006, Juniper Networks, Inc.