PRT Explore Junos Cli B PDF

education services courseware
EXPLORI NG THE J UNOS CLI

St udent Gui de

Exploring the J unos CLI
PRT-EXPLORE-J UNOS-CLI-B
J uniper Networks, Inc. 2

Slide 1

2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI
The new network is
here.
J uniper Networks Sales Education

Start using the J unos CLI today. In this course, youre just a few hours away from modifying,
saving, and loading configuration files on your J unos device.


Slide 2

2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Welcome!

Welcome to J uniper Networks Exploring the J unos CLI eLearning module.

This course is for first-time users of the J unos operating system and J uniper Networks products,
but it is written so that it might also serve as a reference or refresher for more experienced J unos
administrators. It not only lays the foundation for learning J unos, it also facilitates understanding of
subsequent courses that appear in this series.

The J unos CLI provides you with new tools, shortcuts, and safeguards. Learn about these new
features and save yourself hours at the keyboard. The practical format offers straightforward
explanations, step-by-step instructions, and lots of examples. The virtual labs (or vlabs) let you
practice what you learned.

If youd prefer to use a web GUI rather than the CLI, take a look at J -Web, the powerful web-based
management interface available on J unos devices. J -Web lets you perform the same actions
available in the command-line interface. It provides practical tools to monitor, configure,
troubleshoot, and manage your device. J -Web isnt covered in this course, but you can find
technical documentation for your device at www.juniper.net/techpubs/.


Slide 3

2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI 3

Throughout this module, you will find slides with valuable detailed information. You can stop any
slide with the Pause button to study the details. You can also read the notes by using the Notes
tab. You can click the Feedback link at anytime to submit suggestions or corrections directly to the
J uniper Networks eLearning team.


Slide 4

Course Objectives
After successfully completing this course, you will be able to:
Navigate the CLIs operational mode and configuration mode on any device run
by the J unos operating system
Understand the hierarchies that underlie each mode
Get onboard help and use keyboard shortcuts to speed up your work
Show device status, alarms, and other helpful information in operational mode
Modify, save, and load configuration files with minimal risk to operations
Use basic configuration mode commands such as show, set, and delete
Capitalize on the safety features of the J unos OS commit model
Prepare system changes in advance
Use the shortcuts and tips of experienced users and avoid common problems
4

Navigate the CLIs operational mode and configuration mode on any device run by the J unos
operating system.
Understand the hierarchies that underlie each mode.
Get onboard help and use keyboard shortcuts to speed up your work.
Show device status, alarms, and other helpful information in operational mode.
Modify, save, and load configuration files with minimal risk to operations.
Use basic configuration mode commands such as show, set, and delete.
Capitalize on the safety features of the J unos OS commit model.
Prepare system changes in advance, and
Use the shortcuts and tips of experienced users and avoid common problems.


Slide 5

Agenda: Exploring the J unos CLI
Introducing the CLI
Getting Started
Understanding Operational Mode
Discovering Configuration Mode
Resources
5

This course consists of 5 sections. The 5 main sections are as follows:
Introducing the CLI
Getting Started
Discovering Configuration Mode, and
Resources


Slide 6

Introducing the CLI

This section will be your introduction to the CLI. The command-line interface (or CLI) is the
software interface used to access your device. From here you configure the platform, monitor its
operations, and adjust the configuration as needed.

If youve operated other networking devices, the J unos CLI should seem familiar, but you will also
quickly notice that there are some new and different commands. No need to fret. These changes
provide a rich set of new tools and safeguards that help you efficiently manage your network and
maintain high uptime.

The command-line interface includes lots of shortcuts and commands to get help. Master these
shortcuts and commands, and youll spend much less time pounding away on your keyboard. With
just a little effort, youll soon learn why so many people say that J unos saves them time (often lots
of it), reduces repetitive tasks, and helps them to avoid mistakes.


Slide 7

Section Objectives
After successfully completing this section, you will be able to:
Outline the two command modes
Explain operational command hierarchies
Explain configuration statement hierarchies
7

Explain Operational Command Hierarchies, and
Explain Configuration Statement Hierarchies


Slide 8

Outlining the Command Modes
Operational mode
Configuration mode
Hierarchical structure of the J unos CLI modes
... ... ... ...
Top Level
Node
... ... ...
2nd Level
Nodes
3rd Level
Nodes
... ... ... ...
... ... ... ...
8

The first step to exploring the J unos CLI is to understand its two command modes.

Operational mode is used to manage and monitor device operations. For example, monitor the
status of the device interfaces, check chassis alarms, and upgrade and downgrade the devices
operating system.

Configuration mode is used to configure the device and its interfaces. These include user access,
interfaces, protocols, security services, and system hardware properties.

The J unos CLI structures the activities of each mode into hierarchies, as illustrated in this slide.
The hierarchy of each mode is made up of cascading branches of related functions commonly
used together. The structured hierarchy of the command-line interface is one of the many
distinctive aspects of the J unos CLI preferred by users. By logically grouping activities, the J unos
CLI provides a regular, consistent syntax helpful for knowing where you are, finding what you
want, moving around the interface, and entering commands.


Slide 9

Understanding Operational Command Hierarchies
Top of the operational mode tree
9

When you first log in to the CLI, the command-line interface is at the top level of the CLIs
operational mode. This slide provides a view of the CLIs tree structure from the top of the
operational mode, with an example of its cascading hierarchy through the show command. For
example, the show configuration hierarchy includes access, chassis, firewall,
groups, etc. The structured grouping of commands makes it easy to move quickly up and down
the hierarchical path or to a specific function anywhere in the CLI.

The top level of each hierarchy is much like the top of the UNIX file system backslash, and both
the operational mode and configuration mode hierarchies are similar to the directory structure on
UNIX systems, PCs, and Macs. Youll learn more about the operational mode later in this course.


Slide 10

Understanding Configuration Statement Hierarchies
Top of the configuration mode tree
Container statements
Leaf statements
10

Configuration mode has a hierarchical structure logically grouping related configuration
statements. This structure eases configuration setup, review, and modification by allowing you to
more readily find and view related statements. The figure in this slide illustrates a portion of the
configuration tree, with nodes such as system and interfaces at the second level of the
hierarchy.

The configuration statement hierarchy includes two types of statements:
Container statements contain other statements; that is, they have subordinate configuration levels.
And Leaf statements do not contain other statements; they are at the end of a particular
hierarchical path.


Slide 11

Configuration Syntax
[ edi t ]
syst em{
ser vi ces {
f t p;
}
}
[ edi t ] indicates the start of the hierarchy level
Each subordinate level is indented
{ } denote container statements
Leaf statements indicated by a semicolon (; )
11

The command-line interface displays the hierarchy of the configuration mode through specific
syntax. The example shown here highlights what you need to know to read a J unos CLI
configuration listing.

The [edit] banner indicates the starting hierarchy level of the listing.

The CLI shows the hierarchy of the configuration by indenting each subordinate level.

The CLI indicates container statements with open and closed curly braces. In the example shown
here, system and services are cascading container statements.

The CLI indicates leaf statements with a semicolon. In this example, ftp; is a leaf statement.

Although the organizational structure within the configuration is similar to C or other programming
languages, you do not need to understand programming to understand the configuration file. It
simply is an outline view (remember English class) of the configuration. Once you understand how
the outline view works, you will find that the configuration is very easy to read and navigate.


Slide 12

Section Summary
In this section, we:
Explain the operational command hierarchies
Explain the configuration statement hierarchies
12

After successfully completing this section, you should now be able to:
Explain Operational Command Hierarchies, and
Explain Configuration Statement Hierarchies


Slide 13

At what level of the hierarchy is the command-line interface when you first log in to
the CLIs operational mode?
Submit Submit Clear Clear
Learning Activity 1: Question 1
13
A) Bottom
B) Root
C) Top
D) Leaf


At what level of the hierarchy is the command-line interface when you first log in to the CLIs
operational mode?


Slide 14

Getting Started

Now, we will get started using the CLI. Its fast, its easy, and you cant get lost, because youre
using J unos.


Slide 15

Section Objectives
Log into a J unos device using the CLI
Switch between operational and configuration modes
Use keystroke shortcuts to save typing
Access on-board help through a variety of ways
Filter output with the pipe command and more prompt
Use shells to navigate the system
Log out of the CLI when finished
15

Use shells to navigate the system, and


Slide 16

Logging In to the CLI (1 of 2)
You can login through the console port or the management port
Two examples of accessing the management port from a networked device
command window:
t el net gateway server name
user : username
passwor d: password
t el net router name
user : username
passwor d: password
16

To access the J unos CLI, you must first have access to the device itself, either through the out-of-
band console port or the in-band management port.
If necessary, log in to the gateway server with direct access to the J unos device. Oftentimes, the
routers, switches, and security devices are on a subnet behind a gateway router that prevents
unauthorized access to these devices. If the devices IP address is managed by a DNS server, you
can simply log in using the designated domain name. Otherwise, you can log in using the unique
IP address of the management port.


Slide 17

Logging In to the CLI (2 of 2)
Connect to the device
Log in to the device
host ( t t yd0)
l ogi n: root
passwor d:
Enter the CLI
r oot @Amnesi ac%cli
Explore!
Enter a questions mark (?)
show i?
configure ?
17

If you would like to try this for yourself, you can jump ahead to your own path of discovery on your
new J unos device (in the factory default configuration) by using these four steps:

-Connect your management PC to the console port of your new J uniper device using a null-
modem or rollover cable, turn on the PC and start its terminal emulation program, and then power
up the J uniper box.

-At the login prompt, enter root and at the password prompt press Enter, as in the example
shown here.

-After you are authenticated, you enter the UNIX shell, the prompt will have a percentage symbol.
To get to the CLI from the prompt, enter cli.

-Youre now in the operational mode of the command-line interface. Enter a question mark
anywhere in the command hierarchy, and youll see a list of possible entries. Go ahead and try it,
enter a question mark. You should see a list of the valid commands at the top of the operational
mode hierarchy. You can also use the question mark to find out the valid possibilities to complete a
command. For example type show i and a question mark (show i?) at the command prompt.
This displays all the possible show commands that start with the letter i. Look around ... see what
else you can discover. What happens when you enter configure and a question mark?
( configure ?)

Slide 18


Switching Between Operational and Configuration Modes
Operational mode: mi ke@j uni per 1>
Configuration mode: mi ke@j uni per 1#
mi ke@j uni per 1> configure
mi ke@j unper 1# exit
18

As you monitor and configure a device, you need to switch between the operational mode and the
configuration mode. When you change to configuration mode, the command prompt also changes.
The operational mode prompt is a right angle bracket (>). The configuration mode prompt is a
pound sign (#).

To switch from operational mode to configuration mode, issue the configure command.

When issuing the configure command, simply type co. Since no other command starts with those
two letters, the CLI will recognize the command and auto-fill the rest of the command for you.

To exit back to operational mode, issue the exit configuration-mode command, or even
shorter, the exit command.

Keep in mind that if you made configuration changes, you must commit these changes before
exiting configuration mode for them to take effect, this will be covered in a later section.


Slide 19

Using Keystroke Shortcuts (1 of 2)
Keyboard sequence
Command completion
The CLI stores every entered command in its command history.
Keyboard sequence examples:
Go to next in command history - Down arrow or Ctrl+n
Go to previous in command history - Up arrow or Ctrl+p
Go to beginning of line - Ctrl+a
Go to end of line - Ctrl+e
19

The J unos CLI offers numerous ways to save keystrokes when using the command line, including
keyboard sequences and command completion. All standard UNIX keyboard shortcuts are
available to you when you are logged in to the J unos device. This is true whether you are in one of
the shells, or in the CLI. These shortcuts offer options to shorten keystrokes. It may take a few
days for shortened keystrokes to become second nature; however, once you have the muscle
memory, these shortcuts can save you lots of typing time.

The CLI stores every entered command in its command history. At any command prompt, the up
and down arrow keys let you scroll through this history (on a VT100 terminal type). You can reuse
commands that you previously entered, or modify them as needed. Keyboard sequences can save
you much time, for example, when you are configuring similar items on the device, or you are
repeating operational commands, such as when you are debugging an issue.


Slide 20

Using Keystroke Shortcuts (2 of 2)
The CLI provides command completion to further speed your typing in both
modes
Command completion examples:
sh<space>ow r o<space>ut e
sh<space>ow ch<space>assi s h<space>ar dwar e
sh<space>ow conf <space>i gur at i on
cl <space>ear r i p s<space>t ast i cs
r es<space>t ar t r o<space>ut i ng g<space>r acef ul l y
20

The CLI provides command completion to further speed your typing in both modes. Command
completion automatically finishes partially typed commands, filenames, and user names, so you
dont need to recall the exact syntax of the desired input string. Command completion is a big help
to new users, easing their transition to the new command-line interface.

The spacebar completes most CLI commands. The tab key not only completes CLI commands,
but also filenames and user-defined variables such as policy names, community names, and IP
addresses. When the completion of the command or argument is ambiguous, pressing the
spacebar or tab key lists the possible completions as shown in this example.


Slide 21

Getting Help (1 of 5)
Context-sensitive help using the question mark - ?
[ edi t syst em]
mi ke@j uni per 1# set s?
Possi bl e compl et i ons:
saved- cor e- cont ext Save cont ext i nf or mat i on f or cor e
f i l es
saved- cor e- f i l es Number of saved cor e f i l es per
execut abl e( 1. . 64)
> ser vi ces Syst emser vi ces
> st at i c- host - mappi ng St at i c host name dat abase mappi ng
> sysl og Syst eml oggi ng f aci l i t y
21

The J unos CLI includes several options for getting help any time youre not sure what to do, or if
you just want to double-check your memory. Everyone uses the CLIs comprehensive system of
online help, even the experts whove been working with J uniper devices for years.
Query the command line with the question mark (?) character at any level of the operational or
configuration hierarchies for a list of available commands and a short description of each. Typing a
partial command and the question mark provides a list of all the valid ways to complete your
command. Using the question mark in either of these ways is known as context-sensitive help in
J unos lingo.


Slide 22

The question mark can list the files in the working directory
mi ke@j uni per 1> request system license add ?
<f i l ename> Fi l ename ( URL, l ocal , r emot e, or f l oppy)
f i l e1 Si ze: 19701, Last changed: Feb 23 21: 56: 52
f i l e2 Si ze: 1835, Last changed: Apr 09 09: 51: 57
l og1 Si ze: 1215, Last changed: Feb 16 13: 07: 49
l og2 Si ze: 1135, Last changed: Apr 09 11: 05: 16
t er mi nal Use l ogi n t er mi nal
22

For commands that require a filename as an argument, the question mark lists the files in the
working directory, as in this example.


Slide 23

Specifying a path lists the files in that directory
mi ke@j unper 1> request system license add /cf/ ?
<[ Ent er ] > Execut e t hi s command
<f i l ename> Fi l ename ( URL, l ocal , r emot e, or f l oppy)
/ cf / boot / Last changed: Apr 16 11: 08: 56
/ cf / dev/ Last changed: Apr 08 2004
/ cf / et c/ Last changed: Apr 30 08: 40: 09
/ cf / ker nel Si ze: 32797835, Last changed: Apr 15
/ cf / ker nel . ol d Si ze: 32715591, Last changed: Nov 09
/ cf / opt / Last changed: Nov 09 02: 08: 43
/ cf / packages/ Last changed: Apr 16 11: 08: 57
/ cf / r oot / Last changed: Apr 16 11: 08: 56
/ cf / sbi n/ Last changed: Apr 16 11: 08: 56
/ cf / usr / Last changed: Nov 09 02: 11: 23
/ cf / var / Last changed: Nov 09 02: 11: 23
23

Or, specifying a path lists the files in that directory, as in this example.


Slide 24

On-board documentation
You can access these files in both operational and configuration modes
hel p apr opos
hel p r ef er ence
hel p sysl og
hel p t i p
hel p t opi c
24

When you want more information than what is provided by context-sensitive help, turn to the
J unos technical documentation on your device through the help commands. J uniper loads
documentation on new devices and includes it as a part of new upgrade builds.

The help files are divided into five major categories. You can access these files in both operational
and configuration modes.

The help apropos command is useful whenever you remember a portion of a command but not
the full statement. The command looks for all matches in statement or command names as well as
help strings that are displayed for these.

After learning about what a certain command does and when to use it, you can view the actual
syntax and possible options using the help reference command.

To displays information on specific syslog events use the help syslog command.

Help tip provides random tips for using the CLI.

Use the help topic command to learn about the usage guidelines for a specific configuration
statement.

Slide 25


The J unos OS checks syntax word-by-word
Syntax help example:
[ edi t ]
mi ke@j uni per 1# show
pr ot ocol s {
pi m{
i nt er f ace so- 0/ 0/ 0 {
pr i or i t y 4;
ver si on 2;
# War ni ng: mi ssi ng mandat or y
st at ement ( s) : ' mode'
}
}
}
25

Rather than waiting until you hit return at the end of a configuration statement, the J unos OS
checks syntax word-by-word. Every time you enter a word into a line and press the spacebar, the
CLI determines if each term is a valid command component and whether it is being used properly.
If it finds a mistake, the CLI requests correction.

Additionally, J unos checks for omitted statements required at a particular hierarchy level whenever
you attempt to move from that hierarchy level or when you issue the show command in
configuration mode.


Slide 26

Filtering Output with the Pipe Command and the More
Prompt (1 of 3)
| is the pipe command symbol
Example: mi ke@j uni per 1> show route | ?
Will display possible completions for this command
Saving output to a file
mi ke@j uni per 1> request support information | save filename
Wr ot e 1143 l i nes of out put t o f i l ename
26

You can change how the CLI displays output with the pipe command and the more prompt.

The pipe command lets you filter output in both operational and configuration modes. Pipe makes
it possible to display specific information in a single command step, sending the output of one
command as input to another, or redirecting the output to a file. The output of the command to the
left of the pipe symbol serves as input to the command or file to the right of the pipe. You can
query the CLI to find valid ways to pipe a command, as shown in the first example above.

The pipe symbol and save command along with a filename filters command output to a file.


Slide 27

Prompt (2 of 3)
Some other pipe commands:
| count
| di spl ay det ai l
| di spl ay xml
| hol d
| mat ch
| except
| f i nd
| l ast
When using find or match, you must enclose spaces, operators, or wildcard
characters that are a part of the search term in quotation marks
27

The following examples further demonstrate ways that pipe can help you to fine-tune commands:
Pipe count: gives the number of lines in the output.
Pipe display detail: provides additional information about the contents of the configuration.
This command can only be used in configuration mode.
Pipe display xml: shows the output in XML format. Its useful to display output in XML when
exchanging configuration and state information with other systems. The XML output is formatted in
the standard Remote Procedure Call (or RPC) format.
Pipe hold: retains the output in the buffer until cleared.
The most common way to use the pipe symbol is to constrain the output.
Pipe match: specify exactly what information you want to display.
Pipe except: displays output that ignores a specific string
Pipe find: displays the output starting at the first occurrence of the matching text
Pipe last: provides only the last screen of the listing
When using find or match, you must enclose spaces, operators, or wildcard characters that are
a part of the search term in quotation marks.


Slide 28

Prompt (3 of 3)
Multiple pipes example
mi ke@j uni per 1> show interfaces terse | match fe- | count
Count : 12 l i nes
The <more> prompt
mi ke@j uni per 1> show ethernet-switching interfaces detail
I nt er f ace: ge- 0/ 0/ 0. 0 I ndex: 64
St at e: down
VLANs:
def aul t unt agged bl ocked - bl ocked by STP
*// Data Deleted From Example //*
I nt er f ace: ge- 0/ 0/ 12. 0 I ndex: 76
St at e: down
VLANs:
def aul t unt agged bl ocked - bl ocked by STP
- - - <mor e>- - -
28

The J unos OS sees multiple pipes as a logical AND, only displaying the output that matches all
entered pipes. You can enter different pipe commands, as well as the same pipe command,
multiple times. This example shows how to count how many fast Ethernet interfaces are
configured within the active configuration.

The command-line interface automatically paginates output. The CLI settings determine the length
for your user account, with the typical setting at 24 lines. When the device stops at a page break,
the command-line interface displays the <more> prompt and shows the amount of displayed
output as a percentage of all the content available for display. You can press the h key at any
<more> prompt to see a list of display options, such as moving forward and backward in the
output, searching, and saving.

The set cli screen-length command modifies the number of displayed lines. Alternatively,
you can display the entire output by adding the pipe | no-more as part of your command.


Slide 29

Working with Shells
J unos OS is based on FreeBSD
Different shells can be accessed
J unos places non-root users into the CLI operational mode
To log in to the CLI interface, issue the cli command at any shell prompt:
% cli
The CLI always opens in operational mode
To enter other shells see the System Basics and Services Command Reference
at: www.juniper.net/techpubs/
29

The kernel of the J unos operating system is based upon FreeBSD and thereby inherits many
capabilities from its UNIX roots, including the keyboard shortcuts, pipes, and expression matching
discussed previously in this section. Another inherited functionality is the option to enter different
shells. When any non-root user logs into a J unos device, J unos places them in the CLI operational
mode. The J unos CLI provides access to all system management functions needed to run your
system. The other shells are available if you want to navigate the file system or for advanced
recovery procedures executed by the root user, often with the assistances of J TAC. You should
use the CLI for operating the device as anything outside of the CLI bypasses normal system
management.

To learn how to enter other shells (such as the C shell or Bourne shell) see the online System
Basics and Services Command Reference at URL onscreen.


Slide 30

Logging Out
You must log out of each shell you have opened
When completely logged out you will receive the message : Connect i on
cl osed by f or ei gn host .
mi ke@j unper 1> exit
Logout
Connect i on cl osed by f or ei gn host .
$
[ edi t pr ot ocol s ospf ]
mi ke@j uni per 1# exit configuration-mode
Exi t i ng conf i gur at i on mode
mi ke@j uni per 1> exit
l ogout
Connect i on cl osed by f or ei gn host .
$
30

When logging out, you must log out of each shell you have opened before you can log out
completely from the device. Thus if you log in to the device and are placed in the CLI operational
mode and then you enter the CLI configuration mode, you need to exit out of both shells. When
you are completely logged out of the device, you will receive the message: Connection
closed by foreign host.

If youre in configuration mode and want to log out, exit your configuration session to enter
operational mode, then exit operational mode as show here in the second example.

Protect the security of your device by logging out if you have no reason to be logged in or when
you are away from your terminal, even for a few minutes. This prevents someone else from sitting
down at your workstation and inadvertently (or deliberately) accessing the device.


Slide 31

Section Summary
Use shells to navigate the system
31

Use shells to navigate the system, and


Slide 32

Operational mode is represented by what symbol at the command prompt?
32
A) Right angle bracket (>)
B) Question mark (?)
C) Percent symbol (%)
D) Pound sign (#)


Operational mode is represented by what symbol at the command prompt?


Slide 33

Which two of the following keyboard keys can you use to complete most CLI
commands to save typing the full command? (Select two.)
33
A) Tab
B) Shift
C) Spacebar
D) Alt


Which two of the following keyboard keys can you use to complete most CLI commands to save
typing the full command? (Select two.)


Slide 34

Lab 1- Getting Started
Logging in
Help Commands
Operational Mode & Configuration Mode
Pipe Commands
Keystroke Shortcuts
Logging Out
https://virtuallabs.juniper.net/
34

Lab 1- Getting Started

In this lab, you will

Log In to the J unos Device Using the CLI
Switching Between Operational Mode and Configuration Mode
Use Keystroke Shortcuts to Save Typing
Filter Output with the Pipe Command and the More Prompt
Learn a Variety of Ways to Access On-board Help, and
Log Out of the J unos CLI

To get the lab instructions, click on the attachments icon in the lower right corner of the course
window,

To enter the Virtual Lab, click the link onscreen.


Slide 35


In this section we will explore Operational Mode.
Operational mode provides commands for monitoring, managing, and maintaining your device.
You can find out the status of your device, administer diagnostics, and perform other operational
tasks, as well as manage the software running the device.


Slide 36

Section Objectives
Describe the operational mode
Show device status using operational mode
Manage basic operations on the device
Use the file commands to alter command output
Manage the operating system software
36

Use the file commands to alter command output, and


Slide 37

Key operational mode capabilities include:
Monitoring and troubleshooting the device
Connecting to other network systems
Restarting software processes
Entering configuration mode
Displaying the configuration
Controlling the CLI environment
Performing system-level operations such as stopping and rebooting the device
and loading J unos software images
37

The J unos OS provides an extensive set of on-board instrumentation capabilities for gathering
critical operational status, statistics, and other information. These tools deliver advance notification
of issues and speed problem solving during events.

As part of your configuration setup you can specify the types of events to track, the event severity,
and the files in which to store the data, among other options. J uniper devices come with sufficient
processing power to collect and store critical operational data, including SNMP management,
system logging, and traceoptions that help you to understand how the box operates in normal
conditions and where, when, and why changes occur.


Slide 38

Commonly used commands:
mi ke@j uni per 1> ?
cl ear Cl ear i nf or mat i on i n t he syst em
conf i gur e Mani pul at e sof t war e conf i gur at i on i nf or mat i on
f i l e Per f or mf i l e oper at i ons
hel p Pr ovi de hel p i nf or mat i on
moni t or Show r eal - t i me debuggi ng i nf or mat i on
pi ng Pi ng r emot e t ar get
qui t Exi t t he management sessi on
r equest Make syst em- l evel r equest s
r est ar t Rest ar t sof t war e pr ocess
set Set CLI pr oper t i es, dat e/ t i me, cr af t i nt er f ace message
show Show syst emi nf or mat i on
ssh St ar t secur e shel l on anot her host
st ar t St ar t shel l
38

Explore operational mode from the top level of its hierarchy. Heres a truncated listing of its most
commonly used commands.


Slide 39

Showing Device Status (1 of 3)
Possible show command completions:
mi ke@j uni per 1> show?
account i ng Show account i ng pr of i l es and r ecor ds
aps Show Aut omat i c Pr ot ect i on Swi t chi ng i nf or mat i on
ar p Show syst emAddr ess Resol ut i on Pr ot ocol t abl e ent r i es
as- pat h Show t abl e of known aut onomous syst empat hs
bf d Show Bi di r ect i onal For war di ng Det ect i on i nf or mat i on
bgp Show Bor der Gat eway Pr ot ocol i nf or mat i on
chassi s Show chassi s i nf or mat i on
cl ass- of - ser vi ce Show cl ass- of - ser vi ce ( CoS) i nf or mat i on
cl i Show command- l i ne i nt er f ace set t i ngs
conf i gur at i on Show cur r ent conf i gur at i on
39

Operational mode provides a large group of show commands to display status and statistics for
just about everything on the device. A truncated example is shown here.
For the reader with experience using Cisco IOS software, a basic difference of the J unos OS is
that it does not use the keyword IP. So, many of the show commands you already know work if
you drop this part of the command. For example, the IOS command show ip route simply
becomes show route in J unos.


Slide 40

Show interfaces completion examples:
mi ke@j uni per 1> show interfaces fe-1/1/1 ?
br i ef Di spl ay br i ef out put
descr i pt i ons Di spl ay i nt er f ace descr i pt i on st r i ngs
det ai l Di spl ay det ai l ed out put
ext ensi ve Di spl ay ext ensi ve out put
medi a Di spl ay medi a i nf or mat i on
snmp- i ndex SNMP i ndex of i nt er f ace
st at i st i cs Di spl ay st at i st i cs and det ai l ed out put
t er se Di spl ay t er se out put
40

The show command includes other arguments to modify the output. For example, shown here are
the available arguments for the show interfaces command for the fe-1/1/1 Fast Ethernet
interface.
You can add these options to adjust the output listings to what you need.


Slide 41

Using brief and terse with the show command:
mi ke@j uni per 1> show interfaces fe-1/1/1 brief
Physi cal i nt er f ace: f e- 1/ 1/ 1 Enabl ed, Physi c l i nk i s Down
Li nk- l evel t ype: Et her net , MTU: 1514, Spped: 100mbps, Loopback:
Di sabl ed, Sour ce f i l t er i ng: Di sabl ed
Fl ow cont r ol : Enabl ed
Devi ce f l ags : Pr esent Runni ng Down
I nt er f ace f l ags : Har dwar e- Down SNMP- Tr aps I nt er nal : Ox4000
Li nk f l ags : None
mi ke@j uni per 1> show interfaces fe-1/1/1 terse
I nt er f ace Admi n Li nk Pr ot o Local Remot e
f e- 1/ 1/ 1 up up
at - 1/ 3/ 0. 0 up up i net 1. 0. 0. 1 - - > 1. 0. 0. 2
i so
41

Here is the output from the same example when adding brief and terse to the command.
Notice the different output.
As an added note, the clear commands let you reset the devices statistics to zero.


Slide 42

Managing Basic Operations
Fundamental management commands:
pi ng: this standard IP command tests whether other devices,
interface cards, or nodes are reachable on the network.
t r acer out e: this network utility reports the path taken by packets
from your device to a destination on an IP network.
ssh: this standard UNIX secure shell program opens a user shell
on another device or host on the network.
t el net : this management protocol opens a terminal connection to
another device or host on the network.
42

J unos supports standard network utilities and remote access for management. You may recognize
a few of these fundamental commands from UNIX and other operating systems.


Slide 43

Using the File Commands (1 of 2)
Saving and loading configuration files on the device are helpful for:
Archiving and backing up configurations
Sharing configuration files across devices
Saving and loading parts of configuration files that might be common across many
devices within a network (route filters, for instance).
To view a file use the file show command:
mi ke@j uni per 1> file show filename
43

The file commands let you view and copy files from one location of your device to another, from
your device to a remote system, such as a server, or from a remote system to the device.
Saving and loading configuration files on the device are helpful for archiving and backing up
configurations, sharing configuration files across devices, or saving and loading parts of
configuration files that might be common across many devices within a network (route filters, for
instance).
To view a file, use the file show command as illustrated in this example.


Slide 44

Using the File Commands (2 of 2)
Command syntax for file copy:
f i l e copy / t ar get - di r ect or y/ t ar get - f i l ename / dest i nat i on-
di r ect or y/ dest i nat i on- f i l ename
Examples:
mi ke@j uni per 1> file copy /config/juniper.conf.gz/var/home/user/backup.gz
mi ke@j uni per 1> file copy config/juniper.conf.gz/var/home/user/juniper.conf.gz-
20090123
Using the file list command:
mi ke@j uni per 1> file list
/ var / home/ user / :
. ssh/
j uni per . conf . gz- 20090123
44

You can manually archive files with the file copy command which uses the same syntax as the
standard UNIX cp command. For instance, in the first example here were copying the current
active configuration file (/config/juniper.conf.gz) as backup.gz to the devices
/var/home/user directory.
As a best practice, you should create a rescue configuration of a known working configuration. If
the active configuration is corrupted, the device will automatically load the file named rescue.gz
in the /config directory as the active configuration.

Also, after copying the configuration file to a new location, always rename it so that you dont
accidentally overwrite it later when copying an updated version of the file. The same command lets
you move the configuration file from the server back to the devices home directory as shown in
the second example. Use the file list command to verify that the file arrived in your home
directory.


Slide 45

Managing the Operating System Software
The restart command
Used to stop and then restart most individual operating system daemons (processes)
The request command
Performs system-wide functions such as rebooting, upgrading, shutting down the
device, and more
mi ke@j uni per1>request chassis fpc slot 0 restart
Restart i ni ti ated, use "showchassi s f pc" to veri f y
user@host>show chassis fpc
Temp CPU Uti l i zati on(%) Memory Uti l i zati on (%)
Sl ot State (C) Total I nterrupt DRAM(MB) Heap Buf f er
0 Starti ng 32 0 0 0 0 0
1 Onl i ne 30 0 0 8 11 14
2 Empty
3 Empty
45

Operational mode provides commands for managing the operating system software, including
upgrading and rebooting the device, as well as for restarting and resetting individual processes.
J unos is a modular operating system whereby independent processes run in their own protected
memory space. As such, these processes (called daemons) can be independently managed.

You can restart most J unos processes from the operational mode (with a few daemons requiring
that you must exit to a shell). Use restart when you need to stop and then restart individual
operating system daemons. Although each process is fully independent, take special care when
using the restart command. A restart of the SNMP process is only disruptive to SNMP, but a
restart of routing could have drastic consequences in your network!
To restart a specific routing protocol, such as OSPF, you can deactivate and then reactivate it in
configuration mode. When a problem exists with only one protocol, this is a better approach than
restarting the entire routing daemon of J unos, which would affect all the routing protocols.
The request commands perform system-wide functions such as rebooting, upgrading, and
shutting down the device. This command group also provides the ability to online, offline, and
restart individual components without having to reboot the entire device.


Slide 46

Section Summary
Use the file commands to alter command output
46

Use the file commands to alter command output, and


Slide 47

As a best practice against file corruption or loss, it is recommended you create
what type of configuration?
47
A) restore
B) request
C) restart
D) rescue


As a best practice against file corruption or loss, it is recommended you create what type of
configuration?


Slide 48

Which of the following commands would you use to reset the devices statistics to
zero?
48
A)
restore
B) clear
C) reset
D) zero-out


Which of the following commands would you use to reset the devices statistics to zero?


Slide 49

Lab 2- Understanding Operational Mode
Show Device Status Using Operational Mode
Manage Basic Operations on the Device
Manage the Operating System Software
49

Lab 2 Understanding Operational Mode


Show Device Status Using Operational Mode
Manage Basic Operations on the Device, and
Manage the Operating System Software

window,



Slide 50

Discovering Configuration Mode

In this section, we will take a look at the configuration mode. In configuration mode, as the name
implies, you define the configuration of your device. This includes configuring the management
console with its network settings, setting up user accounts for access to the device, specifying the
security measures used to protect the device and the network, and setting up routing and
switching protocols. Each statement configures different functions of the device, specifying its
particular properties in your network.


Slide 51

Section Objectives
Explain the J unos configuration process
Enter the configuration mode in a number of ways
Understand configuration mode basics to view and navigate the configuration
Edit the configuration by adding, removing and changing configuration statements
Commit the candidate configuration and catch errors
Automate everyday tasks to optimize your time
Roll back the configuration to a previous working configuration
Use configuration shortcuts to make changes quickly
51

Understand configuration mode basics to view and navigate the configuration


Slide 52

Introducing the Configuration Process (1 of 2)
J unos captures all changes in a candidate configuration
This approach substantially contrasts with other systems that use line-by-line
entry and instant activation of configuration changes
The J unos CLI protects you from configuration headaches
The candidate configuration is held in system memory
52

The J unos CLI is thoughtfully designed to consider configuration as a process. Thus, safeguards
have been introduced that allow you to set up and check a new configuration before it goes live.
For example, J unos captures all changes in a candidate configuration that when completed can
be committed, and only then can become the active configuration file.

This approach substantially contrasts with other systems that use line-by-line entry and instant
activation of configuration changes. Have you ever had to make line-by-line changes in other
systems, knowing that you were creating intermediate risks, such as removing a firewall on an
interface? Perhaps you have entered a single-line change that created unwanted or unexpected
results that you could not easily revert.
The J unos CLI protects you from these configuration headaches. With the help of early
customers, the J uniper engineers purposefully designed a multi-stage configuration process. This
process provides various methods of averting difficulties caused by unexpected mistakes and
other common challenges in device configuration.

Although it is easy to think of configurations as files, actually there is no file associated with the
candidate configuration. The configuration is held in system memory.


Slide 53

Introducing Configuration Process (2 of 2)
There are three basic steps to configure a device run by the J unos OS
Make changes to the candidate configuration
Commit your changes
Candidate becomes active
J unos saves 49 previous active configurations
Commit
Confirmed
Candidate
Configuration
Commit
Validations
Commit
Commit
Scripts
Validated
Configuration
Active
Configuration
R
o
l
l
b
a
c
k
1 2 3
53

This illustration outlines the three basic steps to configure a device run by the J unos OS.

The first is to make changes to the candidate configuration. The candidate configuration is a copy
of the active configuration. You can enter configuration changes to the candidate through the CLI,
J -web interface or by automated means. J unos also includes commands to review your candidate
changes, including comparing the candidate to the active (running) file.

Next, you commit your changes. To move the candidate to become the active configuration, enter
the commit or commit confirmed commands. Before finalizing the changeover, the software
checks for certain statements within the candidate and performs other context validations. If the
device includes preloaded commit scripts, these scripts will also check and possibly correct errors
within the candidate configuration.

Finally, the candidate becomes active after passing through all the validation checks. The
candidate configuration becomes the active configuration, saved as
/config/juniper.conf.gz. The device renames the previous j uni per . conf . gz file to
juniper.conf.1.gz
The J unos device saves up to 49 previous active configurations. You can roll back to any one of
these backup configurations by issuing the rollback [0 - 49] command, discussed later in
this section.

Slide 54


Entering Configuration Mode (1 of 2)
J unos offers three option for entering configuration mode
Standard
Exclusive
Private
54

In devices where different user accounts can make configuration changes, the flexibility to manage
who is making changes and when they make them is essential. The J unos OS thus offers three
options for entering configuration mode.

Standard allows any number of users to edit the candidate configuration simultaneously, and
changes made by a single user are visibly shared so that they can be seen by all users.

Exclusive locks all other users out of configuration mode until the exclusive user closes the
exclusive state.

Private provides a private configuration, whereby the device keeps a separate candidate copy
holding only the changes by the private user.


Slide 55

Entering Configuration Mode (2 of 2 )
The configure command
mi ke@j uni per 1> configure
Ent er i ng conf i gur at i on mode
The conf i gur at i on has been changed but not commi t t ed
mi ke@j uni per 1# exit
The conf i gur at i on has been changed but not commi t t ed
Exi t wi t h uncommi t t ed changes? [ yes, no]
The configure exclusive command
mi ke@j uni per 1> configure exclusive
war ni ng: uncommi t t ed changes wi l l be di scar ded on exi t
The configure private command
mi ke@j uni per 1> configure private
war ni ng: uncommi t t ed changes wi l l be di scar ded on exi t
55

To enter standard configuration mode, issue the configure command.
When you exit from the standard configuration mode, all the uncommitted changes you have
made during your session remain in the candidate, unless you explicitly delete them or issue a
rollback 0 command to reload the active configuration as the candidate. The users do get
warning messages when logging in and out.
To lock the candidate configuration from other users, add the exclusive switch to the
configure command. In configure exclusive mode, the device discards all non-committed
changes to the configuration once you exit the session.
You can create your own private candidate configuration by adding the private switch to the
configure command.


Slide 56

Understanding Configuration Mode Basics (1 of 5)
From top of configuration hierarchy
[ edi t ]
ver si on 9. 2R1. 3;
gr oups
{
r e0 {
syst em{
host - name j uni per 1;
}
}
}
<sni p>
Deeper in the hierarchy
[ edi t i nt er f aces ge- 5/ 0/ 0]
gi get her - opt i ons {
f l ow- cont r ol ;
aut o- negot i at i on;
}
uni t 0 {
f ami l y i net {
addr ess 1. 2. 3. 4/ 28;
}
}
Viewing the candidate configuration
56

Configuration mode offers several options to view and navigate the candidate configuration. The
show command displays the candidate configuration of the device. When this command is entered
from the top of the configuration hierarchy, the CLI displays the entire candidate configuration. The
example on the left illustrates an abbreviated listing for a configured device. If you havent made
any configuration changes, then the candidate configuration is the same as the active (running)
configuration of the device.

Deeper in the hierarchy, the show command displays the configuration from the current
configuration hierarchy level and below, as shown in the example on the right.

You may have noticed that the configuration mode uses the show command in a different way
from operational mode. The commands of each mode are independent of each other, and so the
show command represents different actions in each mode.


Slide 57

Navigating the configuration
[ edi t ]
mi ke@j uni per 1# set system services finger
mi ke@j uni per 1# set system services ftp
mi ke@j uni per 1# set system services ssh
mi ke@j uni per 1# set system services telnet
[ edi t syst emser vi ces]
mi ke@j uni per 1# set finger
mi ke@j uni per 1# set ftp
mi ke@j uni per 1# set ssh
mi ke@j uni per 1# set telnet
[ edi t ]
syst em{
ser vi ces {
f i nger ;
f t p;
ssh;
t el net ;
}
}
In either case, the example shown below will be added to the candidate
configuration
Example 1: Example 2:
57

Although you can edit the configuration from the root of the hierarchy, it is often easier to navigate
to the area within the configuration you are changing before adding and removing commands. For
example, if you were planning to add new services to the configuration, you could issue the set
commands shown in the example on the left. However, it is easier to navigate to the system
services directory and then issue the commands as shown in the example on the right.

In either case, when you have edited the configuration, the lines shown at the bottom of this slide
are added to the candidate configuration.
The CLI provides four commands for navigation in configuration mode: edit, up, top, and
exit. Lets examine these commands next.


Slide 58

The banner changes based on your location when using edit
[ edi t ]
mi ke@j uni per 1# edit system services
mi ke@j uni per 1#
To navigate to system syslog host log you could use issue a single
command or a succession of commands:
[edi t ]
mi ke@j uni per 1# edit system syslog host log
[ edi t syst emsysl og host l og]
mi ke@j uni per 1#
[ edi t ]
mi ke@j uni per 1# edit system
[ edi t syst em]
mi ke@j uni per 1# edit syslog
[ edi t syst emsysl og]
mi ke@j uni per 1# edit host log
[ edi t syst emsysl og host l og]
mi ke@j uni per 1#
The edit commands functions like the change directory (cd) command in UNIX
Your new location!
58

Use the edit command to jump to a specific location within the candidate configuration. The
configuration mode banner changes to indicate your new location in the hierarchy. You do not
have to issue the edit command from the top level directory. For example, to navigate to the
system syslog host log hierarchy, you could issue a single command from the top level of
the hierarchy, as shown on the left. Or, you could also navigate to the same hierarchy by issuing a
succession of edit commands.

When issuing the edit command from the hierarchy, issue the relative path based on your
location in the hierarchy. Note that the edit command functions like the UNIX change directory
(or cd) command, moving you to an exact location in the hierarchy tree.
If you navigate to a hierarchy location that doesnt yet exist in your configuration, the CLI will
create the hierarchy level. However, explicitly adding hierarchy levels using the set command
(discussed later in this course) helps you to know exactly what you have created.


Slide 59

Understanding Configuration Mode Basics (4 of 5 )
The up command allows you to move up levels:
[ edi t i nt er f aces f e- 1/ 3/ 1 uni t 0 f ami l y i net addr ess 10. 0. 10. 1]
mi ke@j uni per 1# up
[ edi t i nt er f aces f e- 1/ 3/ 1 uni t 0 f ami l y i net ]
mi ke@j uni per 1#
As seen from the top of the configuration hierarchy:
[ edi t ]
i nt er f aces {
f e- 1/ 3/ 1 {
uni t 0 {
f ami l y i net {
addr ess 10. 0. 10. 1;
}
}
}
}
59

The up command allows you to move up levels in the hierarchy. By default, you move one level.
You can add a number after the command to specify how many levels to move up. In the example
shown here, interfaces, fe-1/3/1, unit 0, family inet, and address
10.0.10.1 each represent one level within the hierarchy. The second example shows what this
looks like from the top of the configuration hierarchy.


Slide 60

The top command allows you to move to the first hierarchy level
The exit command returns you to the highest hierarchy location from which
you previously entered an edit command
[ edi t pr ot ocol s ospf ar ea]
mi ke@j uni per 1# top edit system login
[ edi t syst eml ogi n]
mi ke@j uni per 1#
[ edi t pr ot ocol s ospf ar ea]
mi ke@j uni per 1# top show system services
web- management {
ht t p {
por t 8080;
}
}
60

The top command allows you to move to the first hierarchy level.

The exit command returns you to the highest hierarchy location from which you previously
entered an edit command. If you issue this command from the top level of the configuration
hierarchy, you exit configuration mode.

You can combine navigation commands together to move through the hierarchy. For example, you
can use top and edit together to move quickly to a different part of the configuration hierarchy
as shown in the example on the left. Use top with show to display a portion of the configuration
from another section of the hierarchy as shown in the example on the right.


Slide 61

Editing the Configuration (1 of 3)
The set command inserts a statement and values into the candidate
configuration
Example 1:
[ edi t ]
mi ke@j uni per 1# set system services ftp
The following lines will be added to the
configuration file:
syst em{
ser vi ces {
f t p;
}
}
You also use the set command to add statement values when required
Example 2:
[ edi t ]
mi ke@devi cename # set system host-name
juniper1
The following lines will be added to the
configuration file:
syst em{
host - name j uni per 1;
}
61

Create or change the candidate configuration by entering a series of commands, including
commands to add and remove configuration statements.
The set command inserts a statement and values into the candidate configuration. For example,
if you want to add the FTP service to your device, from the top of the hierarchy you issue the set
command as shown in the first example.

You also use the set command to add statement values when required. For example, to set the
device name to juniper1, you enter the set command shown here in the second example.


Slide 62

The delete command removes statements from your candidate configuration
Use caution with this command
The delete command removes all subordinate statements and identifiers
Example:
[ edi t ]
mi ke@j uni per 1# delete protocols
For info on using wildcards with delete refer to the J unos CLI User Guide -
Advanced Features section in www.juniper.net/techpubs
62

The delete command removes statements from your candidate configuration. Deleting a
statement effectively returns the affected device, protocol, or service to an un-configured state.
Deleting a container statement removes everything under that level of the hierarchy. You need to
use caution with this command. The delete command removes all subordinate statements and
identifiers. For example, the simple line shown here would remove all the protocol configuration
data in your candidate. Know where you are in the hierarchy and everything that your command
will remove when you issue a delete statement! By always checking the [edit] banner to
determine your current hierarchy location, you can be sure your command affects only the portion
of the configuration that you want to change. If a configuration statement is empty after you delete
the configuration element(s), the CLI removes that configuration statement from the candidate
configuration.

When you need to remove large common pieces of the configuration from the device, wildcards
can save you time. The device can search through the entire candidate configuration looking for a
string and delete every line that contains that string. To learn more about wildcards, go to the
online J unos CLI User Guide at the URL onscreen and refer to the section on Advanced Features.


Slide 63

The annotate command can be used when you want to leave comments
about the configuration
Example 1:
[ edi t ]
mi ke@j uni per 1# annotate system this device is for training new Junos users
To delete a comment, use annotate with an empty string
Example 2:
[ edi t ]
mi ke@j uni per 1# annotate system ""
63

The J unos CLI lets you leave comments about the configuration as a part of its listing. The
comments can be quite handy when you or other team members are trying to troubleshoot a
problem or need to make configuration changes. Issue the annotate command followed by your
note when you want to include comments. This example from the top of the configuration mode
posts the comment at the [edit system] level of the configuration hierarchy.
When you add comments in configuration mode, they are associated with a statement at the
indicated level. Each statement can have one single-line comment associated with it.

To delete a comment, use the annotate command with an empty string as shown here in the
second example.


Slide 64

Committing the Candidate Configuration (1 of 7)
J unos configuration file management
64

The J unos CLI provides multiple features that help users to catch and correct typos, omissions,
and other errors before they become a problem. In addition to candidate configurations, these
features include providing file comparisons, checking candidate syntax and context, enabling fast
rollback, and restoring working configurations on systems that become isolated after activation of
a new configuration.

This slide provides a detailed view of the file management of the device configuration. The active
(or running) configuration is the operational file of the device. It is also the configuration that the
device loads during a boot sequence. The candidate configuration is the working copy storing
configuration updates. The commit commands cause the following transitions by the device (for
candidates which pass the validation checks). It copies the candidate configuration to the active
configuration. At this point, the active and the candidate configurations are identical. It then
decrements all rollback configuration files by one and saves the active configuration as rollback 0.
The active (or running) configuration file and the last three rollback configuration files are saved in
the /config directory. The device saves the remainder of the archived configuration files in the
/var/db/config directory. The active configuration file is named juniper.conf.gz, and the
rollback configuration files are named from juniper.conf.1.gz to juniper.conf.49.gz
(providing on-box access to a total of 50 active configurations).

Slide 65


Committing the Candidate Configuration (2 of 7 )
Use compare to display the configured differences between two configurations
Example:
[edi t syst em]
mi ke@j uni per 1# set services telnet
[ edi t syst em]
mi ke@j uni per 1# delete services web-
management
[ edi t syst em]
mi ke@j uni per 1# delete services ssh
mi ke@j uni per 1# show | compare
- ssh;
+ t el net ;
- web- management {
- ht t p {
- por t 8080;
- }
- }
Shortcut: you can perform the operational mode command show
configuration, in configuration mode by adding the keyword run
[ edi t ]
mi ke@j uni per 1# run show configuration
65

Configuration mode conveniently provides a way to display the configured differences between
two configurations with the show pipe compare command. The example on the left modifies a
candidate configuration by enabling Telnet access and removing SSH and J -Web access. The
example on the right displays the resulting changes in the candidate compared to the active
configuration.

The command interface indicates new lines in the candidate with a plus (+) sign and those
removed with a minus (-) sign.
The operational mode command show configuration displays the current active (running)
configuration. You can perform this command in configuration mode by adding the keyword run.


Slide 66

The commit check command validates the logic and completeness of the
candidate without activating any changes.
If the system finds a problem in the candidate configuration, it lets you know:
[ edi t ]
mi ke@j uni per 1# commit check
[ edi t i nt er f aces l o0 uni t 0 f ami l y i net ]
' addr ess 192. 168. 69. 1/ 24'
Loopback addr esses' pr ef i x must be 32 bi t s
er r or : conf i gur at i on check- out f ai l ed
66

The CLI also provides a command to check that the system can process your candidate
configuration. The commit check command validates the logic and completeness of the
candidate without activating any changes. These are the same validations that run when you
commit a candidate. If the system finds a problem in the candidate configuration, it lets you know,
as shown in the example on this slide.

As a best practice, before activating a candidate as the running configuration, always check your
work. Use the show pipe compare command to ensure all of the expected configuration
elements and parameters are a part of the candidate. Enter the commit check command to
have the system validate your candidate configuration without activating the changes.


Slide 67

To activate the candidate configuration, enter the commit command.
[ edi t ]
mi ke@j uni per 1# commit
commi t compl et e
If any syntax or semantic problems are found, the commit command returns an
error
[ edi t ]
er r or : Pol i cy er r or : Pol i cy my- pol i cy r ef er enced but not def i ned
er r or : BGP: expor t l i st not appl i ed
er r or : conf i gur at i on check- out f ai l ed
67

The candidate file is only the proposed configuration, and your device does not use any of this
configuration until you issue a commit command. After you have entered all desired changes and
you have double-checked your work, you are ready to activate your candidate as the active (or
running) configuration.
To activate the candidate configuration, enter the commit command.
Before actually activating the candidate configuration, J unos checks basic syntax and semantics.
For example, the software makes sure that a policy has been defined before it is referenced. If any
syntax or semantic problems are found, the commit command returns an error.


Slide 68

The commit complete message tells you that the new configuration is up
and running on the device.
[ edi t ]
commi t compl et e
By default, if more than one user is modifying the configuration, committing the
configuration saves and activates the changes of all users
Unless a user is in configure private mode
68

You must fix all mistakes before the candidate (or any part of the candidate) can become active.
The commit complete message tells you that the new configuration is up and running on the
device.
By default, if more than one user is modifying the configuration, committing the configuration
saves and activates the changes of all users (unless a user is in configure private mode as we
learned earlier in this course).


Slide 69

Committing the Candidate Configuration(6 of 7)
The commit confirmed command can prevent costly configuration mistakes
by automatically rolling back problematic configurations
[ edi t ]
mi ke@j uni per 1# commit confirmed
commi t conf i r med wi l l be aut omat i cal l y r ol l ed back i n 10 mi nut es
unl ess conf i r med
commi t compl et e
If everything looks good, then you need to commit the new configuration a
second time for the configuration to become permanent
[ edi t ]
commi t compl et e
69

Are you among those of us who have made the mistake of adding security to a remote box, only to
discover the new firewall locked you out of the very interface that you were using to access the
device? Do you have a story about the time you accidentally isolated a remote box and then had
to jump in the car and drive for four hours in the middle of the night just to reset it? The commit
confirmed command can prevent costly configuration mistakes by automatically rolling back
problematic configurations.
The commit confirmed command commits a candidate configuration for 10 minutes. If you
dont then follow up with a second commit command, the device automatically rolls back to the
previous configuration. You can use the commit confirmed command anytime you want a
safety net against potential configuration problems.
If everything looks good, then you need to commit the new configuration a second time for the
configuration to become permanent


Slide 70

If you do not confirm the configuration by entering a second commit command,
the CLI will roll back the device to the previous active configuration at the end of
the 10 minutes
Br oadcast Message f r omr oot @j uni per 1
( no t t y) at 08: 10: 17 UTC
Commi t was not conf i r med; aut omat i c r ol l back compl et e.
You can alter the time that the device waits before rolling back by adding a wait-
time (in minutes) to the command
[ edi t ]
mi ke@j uni per 1# commit confirmed 2
commi t conf i r mwi l l be aut omat i cal l y r ol l ed back i n 2 mi nut es
unl ess conf i r med commi t compl et e
70

If you do not confirm the configuration by entering a second commit command, the CLI will roll
back the device to the previous active configuration at the end of the 10 minutes. In this way, if you
have accidently isolated the device, you simply need to wait for the rollback instead of agonizing
over how you are going to otherwise undo your mistake.
After the device rolls back, check for errors in the candidate configuration, and then try the
commit command again. You can alter the time that the device waits before rolling back by adding
a wait-time (in minutes) to the command.
As a best practice, when you are configuring remote devices, always use the commit
confirmed command to activate your candidate configuration. Even the most experienced
J unos users want the insurance policy it provides to their work, and many have a story to tell about
the day it saved them from their own mistake and lots of extra work.


Slide 71

Automating Everyday Tasks
J unoscriptlets you automate, in your own way, both configuration and
operational CLI commands
Commit scripts
Op and event scripts
For instructions on implementing scripts, see the Configuration and Diagnostic
Automation Guide at www.juniper.net/techpubs/
71

You can optimize your work by adding automated scripting to your repertoire. J unoscript lets you
automate, in your own way, both configuration and operational CLI commands. Using automated
scripting can not only save you time, but can also reduce downtime by preventing configuration
errors and speeding problem resolution and restoration.
Commit scripts enable customized checks of configurations to ensure that they are in compliance
with your network standards and policies. Op and event scripts can receive command output,
inspect it, and determine the next appropriate actionrepeating the process until a problems
source has been found.
For instructions on implementing scripts, see the Configuration and Diagnostic Automation Guide
at the URL onscreen.


Slide 72

Rolling Back the Configuration (1 of 2)
Each device can store up to 49 of the most recently active versions
[ edi t ]
mi ke@j uni per 1# rollback 1
l oad compl et e
72

Whenever you commit the candidate configuration as the new active configuration, J unos
automatically saves a copy of the replaced active file. As you store each newly replaced
configuration, all the prior configuration files move back one version number further in the
configuration archive. Each device can store up to 49 of the most recently active versions along
with the current active configuration (also known as rollback 0).
You can access this configuration archive using the rollback command, including the number of
versions you want to go back. Return to the most recent previous configuration file using the
rollback 1 command. The rollback command loads the requested archive as the candidate
file. If you want to use it immediately, first make sure its what you want by using the show
command, and then activate it with the commit command. This automatic backup mechanism lets
you return quickly to a previous configuration for immediate use or for fast updates. Dont forget its
necessary to commit the candidate file to actually activate the selected rollback file as the running
configuration.


Slide 73

Rolling Back the Configuration (2 of 2)
[ edi t i nt er f aces]
mi ke@j uni per 1# show | compare rollback 2
- f e- 3/ 0/ 1 {
- vl an- t aggi ng;
- uni t 240 {
- vl an- i d 240;
- f ami l y i net {
- addr ess 10. 14. 250. 1/ 28;
- addr ess 10. 14. 250. 17/ 28 {
- pr ef er r ed;
- }
- addr ess 10. 14. 250. 33/ 28;
- addr ess 10. 14. 250. 49/ 28;
- addr ess 10. 14. 250. 65/ 28;
- }
- }
- }
[ edi t ]
mi ke@j uni per 1# rollback ?
0 2009- 01- 31 04: 34: 56 UTC by mi ke vi a cl i
*// Data Deleted FromExample //*
| Pi pe t hr ough a command
73

If you arent sure what differences exist between the active (or running) configuration and a
rollback file, investigate with the show | compare command as shown in the example on the
left of this slide.
Use the question mark with the rollback command to list the full archive. A truncated version of
the output is shown in the example on the right.
To reset the candidate configuration to the currently active configuration use the rollback (or
rollback 0) command.


Slide 74

Preparing System Changes in Advance (1 of 3)
Pre-configuration of new hardware.
[ edi t ]
mi ke@j uni per 1# edit interfaces fe-3/0/0 unit 0
[ edi t i nt er f aces f e- 3/ 0/ 0 uni t 0]
mi ke@j uni per 1# set family inet address 192.168.1.254/24
[ edi t i nt er f aces f e- 3/ 0/ 0 uni t 0]
commi t compl et e
The commit at command
[ edi t ]
mi ke@j uni per 1# commit at 02:00:00
commi t check succeeds
commi t wi l l be execut ed at 2009- 02- 02 02: 00: 00 UTC
Exi t i ng conf i gur at i on mode
mi ke@j uni per 1>
74

Unlike other systems, the J unos operating system lets you prepare for an installation before
actually installing the hardware. The software simply ignores any parts of the running configuration
that are irrelevant to the existing hardware installation. Whenever the hardware becomes
available, the newly added section of the configuration then becomes active.
The option to set up a configuration before hardware installation is quite useful, especially when
the person installing the hardware is different from the person configuring the device, a common
occurrence for remote boxes. Shown in the first example of this slide is a configuration for fe-3/0/0,
which could, for example, be installed tomorrow.
Sometimes you want to prepare configuration changes for activation at a specific time, such as
during a maintenance window. The commit at command provides this option.
To display any pending commit operations (and the commit history), enter the show system
commit command. You can cancel a pending commit operation with the clear system
commit command.


Slide 75

Preparing System Changes in Advance (2 of 3 )
The deactivate command
[ edi t ]
mi ke@j uni per 1# edit protocols bgp group internal
[ edi t pr ot ocol s bgp gr oup i nt er nal ]
mi ke@j uni per 1# set neighbor 192.168.1.1
mi ke@j uni per 1# deactivate neighbor 192.168.1.1
t ype i nt er nal ;
l ocal - addr ess 10. 14. 243. 255;
expor t [ nhs accept - aggr egat es ] ;
nei ghbor 10. 14. 243. 254;
i nact i ve: nei ghbor 192. 168. 1. 1;
commi t compl et e
75

You can also make configuration changes and mark them as inactive until you are ready to use
them. The device ignores these portions of the configuration as though they were not even
defined. In this example, a new BGP neighbor at 192.168.1.1 is configured but left deactivated
until the session is ready to be introduced.


Slide 76

Preparing System Changes in Advance (3 of 3)
The activate command
mi ke@j uni per 1# activate neighbor 192.168.1.1
commi t compl et e
Deactivate any portion of the configuration hierarchy
mi ke@j uni per 1# up
[ edi t pr ot ocol s bgp]
mi ke@j uni per 1# deactivate group internal
76

As you can see in the first example on this slide, when youre ready to make the change, you just
activate and commit that portion of the configuration, and the device will begin using it.
You can deactivate any portion of the configuration hierarchy, and the device ignores everything
underneath it. As illustrated in the second example, you can deactivate the entire group of BGP
neighbors called internal.


Slide 77

Using Configuration Shortcuts (1 of 3 )
The copy command
se- 0/ 0/ 2 {
ser i al - opt i ons {
cl ocki ng- mode dce;
cl ock- r at e 125. 0khz;
}
uni t 0 {
poi nt - t o- poi nt ;
f ami l y i net {
addr ess 10. 0. 22. 1/ 24;
}
}
}
mi ke@j uni per 1# copy se-0/0/2 to se-0/0/1
mi ke@j uni per 1# delete se-0/0/1 unit 0
family inet address
10.0.22.1/24
mi ke@j uni per 1# set se-0/0/1 unit 0
family inet address
10.0.36.2/24
77

A typical configuration includes many similar elements named and defined by the user, such as
interface names, policy statements, and firewall filters. The J unos CLI includes commands to
duplicate and quickly change the configurations of these user-defined elements.

The copy command duplicates a configuration statement along with all the subordinate
statements configured underneath it. In using the command, you copy the configuration
associated with one user-defined element to a new, similarly configured element. You then modify
that second element with any needed changes. The sample configuration on the left of this slide
shows a configured serial interface se-0/0/2. As shown at the top of the example on the right. you
can use the copy command to set up a new interface se-0/0/1. The duplicated interface has
exactly the same parameters as the original. You can then make any needed changes in the
configuration of the newly created interface se-0/0/1; for example, you can change its address.
Continuing with the example on the right, you can delete the copied address and then replace it
with the correct address for the new interface.

Very quickly, the new se-0/0/1 interface has been created, keeping most of the same properties as
the se-0/0/2 interface. Before committing the candidate file, be sure to check your edits when
changing the configuration with the copy command. Check that you made all the modifications
needed in all the duplicated statements. Remember, the configuration might not be valid
immediately after you have copied a portion of the configuration. You must check the validity of the
new configuration and, if necessary, make modifications for the configuration to be valid.
Slide 78


Using Configuration Shortcuts (2 of 3)
The rename command
f e- 4/ 0/ 2 {
uni t 0 {
f ami l y i net {
addr ess 10. 73. 24. 103/ 24;
}
}
}
mi ke@j uni per 1# rename fe-4/0/2 unit 0
family inet address
10.73.24.103/24 to address 10.73.24.143/24
f e- 4/ 0/ 2 {
uni t 0 {
f ami l y i net {
addr ess 10. 73. 24. 143/ 24;
}
}
}
78

The rename command is a convenient shortcut when you need to alter the value of a user-defined
variablesuch as policy names, filter names, or IP addressesor to change the name of a user-
defined element. In the next example, the address of the Fast Ethernet fe-4/0/2 interface has been
incorrectly set to 10.73.24.103/24. Lets use the rename command to change the value to
10.73.24.143/24 as shown at the top of the example on the right. Then, check to see that the
change is completed using the show command again.
Alternatively, instead of using rename, you can use the delete command to remove the
statement and then use the set command to add the new value.


Slide 79

Using Configuration Shortcuts (3 of 3)
[ edi t ]
mi ke@j uni per 1# show interfaces
f e- 0/ 0/ 0 {
descr i pt i on MGMT I NTERFACE DO NOT DELETE;
uni t 0 {
f ami l y i net {
addr ess 10. 210. 9. 177/ 28;
}
}
}
f e- 2/ 0/ 1 {
vl an- t aggi ng;
uni t 240 {
vl an- i d 240;
f ami l y i net {
addr ess 10. 14. 243. 238/ 28;
}
}
}
[ edi t ]
mi ke@j uni per . net # show interfaces
f e- 0/ 0/ 0 {
descr i pt i on MGMT I NTERFACE - DO NOT DELETE;
uni t 0 {
f ami l y i net {
addr ess 10. 210. 9. 177/ 28;
}
}
}
f e- 2/ 0/ 0 {
vl an- t aggi ng;
uni t 240 {
vl an- i d 240;
f ami l y i net {
addr ess 10. 14. 243. 238/ 28;
}
}
}
[ edi t ]
mi ke@j uni per 1# rename interfaces fe-2/0/1 to fe-2/0/0
79

As a final example, here is a useful configuration tip for switching ports. How many times have you
had to temporarily move a connection to another port just to test it? In J unos, the process is
simple. Follow this example, as the configuration is moved from fe-2/0/1 to fe-2/0/0. Begin by
looking at the existing interface configuration shown on the left of this slide.
Using the rename interfaces command as shown in the example at the top moves the port
in the candidate file. The candidate configuration now shows this move as we can see in the
example on the right where we ran the show interfaces command again.


Slide 80

Section Summary
Uncover configuration mode basics to view and navigate the configuration
80

Uncover configuration mode basics to view and navigate the configuration


Slide 81

By default, the commit confirmed command commits a configuration for how many
minutes?
81
A) 4
B) 8
C) 12
D) 10


By default, the commit confirmed command commits a configuration for how many minutes?


Slide 82

What message does the CLI display to tell you that the new configuration is up and
running on the device?
82
A) commit complete
B) commit check
C) committed
D) commit confirmed


What message does the CLI display to tell you that the new configuration is up and running on the
device?


Slide 83

Lab 3 - Discovering Configuration Mode
Enter Configuration Mode
View and Navigate the Configuration
Edit the Configuration Commit the Configuration Rollback the Configuration
83

Lab 3 Discovering Configuration Mode


Enter Configuration Mode
View and Navigate the Current Configuration
Edit Configuration by Adding and Changing Configuration Statements
Commit the Candidate Configuration and Check for Errors, and
Rollback the Configuration to a Previous Working Configuration .

window,



Slide 84

Course Summary
Navigate the CLIs operational mode and configuration mode on any device run
by the J unos operating system
Understand the hierarchies that underlie each mode
Get onboard help and use keyboard shortcuts to speed up your work
Show device status, alarms, and other helpful information in operational mode
Modify, save, and load configuration files with minimal risk to operations
Use basic configuration mode commands such as show, set, and delete
Capitalize on the safety features of the J unos OS commit model
Use the shortcuts and tips of experienced users and avoid common problems
84

After successfully completing this course, you should now be able to:
Navigate the CLIs operational mode and configuration mode on any device run by the J unos
operating system.
Understand the hierarchies that underlie each mode.
Get onboard help and use keyboard shortcuts to speed up your work.
Show device status, alarms, and other helpful information in operational mode.
Modify, save, and load configuration files with minimal risk to operations.
Use basic configuration mode commands such as show, set, and delete.
Capitalize on the safety features of the J unos OS commit model.
Use the shortcuts and tips of experienced users and avoid common problems.


Slide 85

Additional Resources
Education Services training classes
http://www.juniper.net/training/technical_education/
J uniper Networks Certification Program Web site
www.juniper.net/certification
J uniper Networks documentation and white papers
www.juniper.net/techpubs
To submit errata or for general questions
elearning@juniper.net
85

For additional resources or to contact the J uniper Networks eLearning team, click the links on the
screen.


Slide 86

Evaluation and Survey
You have reached the end of this J uniper Networks eLearning module
You should now return to your J uniper Learning Center to take the assessment
and the student survey
After successfully completing the assessment, you will earn credits that will be
recognized through certificates and non-monetary rewards
The survey will allow you to give feedback on the quality and usefulness of the course
86

You have reached the end of this J uniper Networks eLearning module. You should now return to
your J uniper Learning Center to take the assessment and the student survey. After successfully
completing the assessment, you will earn credits that will be recognized through certificates and
non-monetary rewards. The survey will allow you to give feedback on the quality and usefulness of
the course.


Slide 87

2011 J uniper Networks, Inc.
J uniper Networks, J unos, Steel-Belted Radius, NetScreen, and
ScreenOS are registered trademarks of J uniper Networks, Inc. in
the United States and other countries. The J uniper Networks
Logo, the J unos logo, and J unosE are trademarks of J uniper
Networks, Inc. All other trademarks, service marks, registered
trademarks, or registered service marks are the property of their
respective owners. J uniper Networks reserves the right to change,
modify, transfer, or otherwise revise this publication without notice.
87

J uniper Networks, Inc. All rights reserved. J uniper Networks, the J uniper Networks logo, J unos,
NetScreen and ScreenOS are registered trademarks of J uniper Networks, Inc. in the United States
and other countries. J unosE is a trademark of J uniper Networks, Inc. All other trademarks, service
marks, registered trademarks or registered service marks are the property of their respective
owners. J uniper Networks reserves the right to change, modify, transfer or otherwise revise this
publication without notice.

Corporate and Sales Headquarters
J uniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089 USA
Phone: 888.J UNIPER
(888.586.4737)
or 408.745.2000
Fax: 408.745.2100
www.juniper.net
APAC Headquarters
J uniper Networks (Hong Kong)
26/ F, Cityplaza One
1111Kings Road
Taikoo Shing, Hong Kong
Phone: 852.2332.3636
Fax: 852.2574.7803
EMEA Headquarters
J uniper Networks Ireland
Airside Business Park
Swords, County Dublin, Ireland
Phone: 35.31.8903.600
EMEA Sales: 00800.4586.4737
Fax: 35.31.8903.601
Copyright 2010 J uniper Networks, Inc.
All rights reserved. J uniper Networks,
the J uniper Networks logo, J unos,
NetScreen, and ScreenOS are registered
trademarks of J uniper Networks, Inc. in
the United States and other countries.
All other trademarks, service marks,
registered marks, or registered service
marks are the property of their
respective owners. J uniper Networks
assumes no responsibility for any
inaccuracies in this document. J uniper
Networks reserves the right to change,
modify, transfer, or otherwise revise this
publication without notice.
education services courseware

PRT Explore Junos Cli B PDF

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

PRT Explore Junos Cli B PDF

Transféré par

Droits d'auteur :

Formats disponibles

education services courseware

EXPLORI NG THE J UNOS CLI

Vous aimerez peut-être aussi