I was offered the opportunity to share this blog article which contains the typical “Junos 101 tips” that I give to new recruits/trainees in my company, so here we go!
This article is a quick resume of "what to remember absolutely", and is the first step to go JNCIA-JUNOS certified.
About me: Network and Security Engineer in France, Juniper Elite Partner.
I love cats, Junos and motorcycles, find me on twitter @VincNuts
Shell: prompt %, OS access, with "root" user.
Operational mode: accessed by typing “cli” from shell - prompt > - used to issue “show commands” mainly, this is to verify status and results of configuration statements (show interfaces, show routes, show chassis…)
Configure mode: accessed by typing “edit” or “configure” from operational mode - prompt “#” - used to modify configuration. You can use “run” to call an operational command from there (run show interfaces).
Ctrl-U: erase line (set interfaces > nothing)
Ctrl-W: erase word (set interfaces > set)
Ctrl-A and Ctrl-E: go to beginning or end of line
Interface naming in Junos:
Numbering always starts at 0, and is 3 levels wide.
Type: ge for 1G, xe for 10G depending of the media
Slot: member ID in the Virtual Chassis or Chassis Cluster
Pic: 0 for fixed interfaces, 1+ for expansion slots (that is, uplink modules on EX for example)
Port: port number, 0 to 23, 47, 95 depending on the series
ge-0/0/47 -> 1G interface, last port of EXXX-48T for example
ge-9/1/0 -> 1G interface, first port of the 10th member of VC, on the uplink module
xe-5/1/1 -> 10G interface, on the 5th member (that is, the 6th in the stack) of the VC, second port of first expansion module
vme: floating management interface for VC, active on Master Routing-Engine
VCEP port: vcp-255/1/X used internally to connect VC members, autoconfigured
Ae: aggregated interface
Set/Delete: create or delete a configuration statement. Easy!
Show: verify and display configuration statement or status (configure mode/operational mode)
Clear: reset (clear error counters on a port for example)
?: help and auto-completion information (set ?, set routing-options ?)
|: powerful chaining command with example:
show route | match 192.168 | except 192.168.1 will display all 192.168 routes, except those containing 192.168.1XX
Replace pattern: use carefully depending on the level of CLI you are in!
Replace pattern 192.168 with 172.16 will replace all IPs with 192.168 pattern in your configuration at top level in the cli! So you can navigate in CLI with “edit” and go to “edit routing-options” and replace only routes, not device IPs
Commit: save and apply candidate configuration to the running configuration
The best: commit options!
commit confirmed 5 will automatically rollback to previous configuration if not confirmed under 5 minutes. That is, if you screw up on a remote device, just wait 5 minutes and it will come back online!
commit at 21:00:00 will deploy changes when the “on call” colleague is on duty while you peacefully watch the game. Let’s just hope he reads this post, and knows how to rollback if needed.
Rollback 1-49 will reload one of the previous 49 configurations.
Rollback 0 will reload running configuration on your candidate copy.
Show | compare rollback 1 to compare your configuration with one of the previous 49, trying to understand what your colleague changed in the configuration that he implemented at 21:00:00
TAB: auto-completion of a configuration statement
Load factory default to start fresh. All interfaces will be ethernet-switching on an EX.
Services: set system services ssh/web-management
set system root-authentication plain-text-password to define a root password, this is the mandatory step to commit for the first time
<configure interfaces and vlans>
Example 1: L2 vlan
Set vlan users vlan-id 172 interface ge-0/0/0
Set vlan users vlan-id 172 + set interfaces ge-0/0/0 unit 0 port-mode access vlan member users
Example 2: Routed Vlan Interface (RVI)
Example 1 +
set vlan users l3-interface vlan.172
set interfaces vlans unit 172 family inet address 172.16.1.254/24
Set routing-options static route 0/0 next-hop 172.16.1.1 to define a default gateway.
Request system configuration rescue save to create a rescue configuration, in case that something goes really bad and you need to restart on a fresh and validated configuration.
Verify the state with show commands: show interfaces / detail / extensive / brief
Access (default): access port, to connect a standard workstation for example
Trunk: tagged link, mostly for uplinks carrying several VLANs
Native-Vlan: to carry a untagged Vlan on a trunk link
Voip-vlan: to tag on a access port, used in the classic scenario where the users’ workstation (untag) is connected to the switch through the VOIP phone port (tagged)
You are now ready to get your hands on your first Junos device, and this is only the beginning!
For more information about getting started with Junos and then getting your first Juniper certification, I recommend using: