0 évaluation0% ont trouvé ce document utile (0 vote)
29 vues89 pages
This course is for first-time users of The J unos operating system and J uniper Networks products. The practical format offers straightforward explanations, step-by-step instructions, and lots of examples. If you'd prefer to use a web GUI, take a look at J -Web, the powerful web-based management interface.
This course is for first-time users of The J unos operating system and J uniper Networks products. The practical format offers straightforward explanations, step-by-step instructions, and lots of examples. If you'd prefer to use a web GUI, take a look at J -Web, the powerful web-based management interface.
This course is for first-time users of The J unos operating system and J uniper Networks products. The practical format offers straightforward explanations, step-by-step instructions, and lots of examples. If you'd prefer to use a web GUI, take a look at J -Web, the powerful web-based management interface.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 2
Slide 1
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI The new network is here. J uniper Networks Sales Education
Start using the J unos CLI today. In this course, youre just a few hours away from modifying, saving, and loading configuration files on your J unos device.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 3
Slide 2
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential Exploring the J unos CLI Welcome!
Welcome to J uniper Networks Exploring the J unos CLI eLearning module.
This course is for first-time users of the J unos operating system and J uniper Networks products, but it is written so that it might also serve as a reference or refresher for more experienced J unos administrators. It not only lays the foundation for learning J unos, it also facilitates understanding of subsequent courses that appear in this series.
The J unos CLI provides you with new tools, shortcuts, and safeguards. Learn about these new features and save yourself hours at the keyboard. The practical format offers straightforward explanations, step-by-step instructions, and lots of examples. The virtual labs (or vlabs) let you practice what you learned.
If youd prefer to use a web GUI rather than the CLI, take a look at J -Web, the powerful web-based management interface available on J unos devices. J -Web lets you perform the same actions available in the command-line interface. It provides practical tools to monitor, configure, troubleshoot, and manage your device. J -Web isnt covered in this course, but you can find technical documentation for your device at www.juniper.net/techpubs/.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 4
Slide 3
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI 3
Throughout this module, you will find slides with valuable detailed information. You can stop any slide with the Pause button to study the details. You can also read the notes by using the Notes tab. You can click the Feedback link at anytime to submit suggestions or corrections directly to the J uniper Networks eLearning team.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 5
Slide 4
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Course Objectives After successfully completing this course, you will be able to: Navigate the CLIs operational mode and configuration mode on any device run by the J unos operating system Understand the hierarchies that underlie each mode Get onboard help and use keyboard shortcuts to speed up your work Show device status, alarms, and other helpful information in operational mode Modify, save, and load configuration files with minimal risk to operations Use basic configuration mode commands such as show, set, and delete Capitalize on the safety features of the J unos OS commit model Prepare system changes in advance Use the shortcuts and tips of experienced users and avoid common problems 4
After successfully completing this course, you will be able to: Navigate the CLIs operational mode and configuration mode on any device run by the J unos operating system. Understand the hierarchies that underlie each mode. Get onboard help and use keyboard shortcuts to speed up your work. Show device status, alarms, and other helpful information in operational mode. Modify, save, and load configuration files with minimal risk to operations. Use basic configuration mode commands such as show, set, and delete. Capitalize on the safety features of the J unos OS commit model. Prepare system changes in advance, and Use the shortcuts and tips of experienced users and avoid common problems.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 6
Slide 5
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Agenda: Exploring the J unos CLI Introducing the CLI Getting Started Understanding Operational Mode Discovering Configuration Mode Resources 5
This course consists of 5 sections. The 5 main sections are as follows: Introducing the CLI Getting Started Understanding Operational Mode Discovering Configuration Mode, and Resources
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 7
Slide 6
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential Introducing the CLI Exploring the J unos CLI
This section will be your introduction to the CLI. The command-line interface (or CLI) is the software interface used to access your device. From here you configure the platform, monitor its operations, and adjust the configuration as needed.
If youve operated other networking devices, the J unos CLI should seem familiar, but you will also quickly notice that there are some new and different commands. No need to fret. These changes provide a rich set of new tools and safeguards that help you efficiently manage your network and maintain high uptime.
The command-line interface includes lots of shortcuts and commands to get help. Master these shortcuts and commands, and youll spend much less time pounding away on your keyboard. With just a little effort, youll soon learn why so many people say that J unos saves them time (often lots of it), reduces repetitive tasks, and helps them to avoid mistakes.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 8
Slide 7
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Section Objectives After successfully completing this section, you will be able to: Outline the two command modes Explain operational command hierarchies Explain configuration statement hierarchies 7
After successfully completing this section, you will be able to: Outline the two command modes Explain Operational Command Hierarchies, and Explain Configuration Statement Hierarchies
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 9
Slide 8
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Outlining the Command Modes Operational mode Configuration mode Hierarchical structure of the J unos CLI modes ... ... ... ... Top Level Node ... ... ... 2nd Level Nodes 3rd Level Nodes ... ... ... ... ... ... ... ... 8
The first step to exploring the J unos CLI is to understand its two command modes.
Operational mode is used to manage and monitor device operations. For example, monitor the status of the device interfaces, check chassis alarms, and upgrade and downgrade the devices operating system.
Configuration mode is used to configure the device and its interfaces. These include user access, interfaces, protocols, security services, and system hardware properties.
The J unos CLI structures the activities of each mode into hierarchies, as illustrated in this slide. The hierarchy of each mode is made up of cascading branches of related functions commonly used together. The structured hierarchy of the command-line interface is one of the many distinctive aspects of the J unos CLI preferred by users. By logically grouping activities, the J unos CLI provides a regular, consistent syntax helpful for knowing where you are, finding what you want, moving around the interface, and entering commands.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 10
Slide 9
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Understanding Operational Command Hierarchies Top of the operational mode tree 9
When you first log in to the CLI, the command-line interface is at the top level of the CLIs operational mode. This slide provides a view of the CLIs tree structure from the top of the operational mode, with an example of its cascading hierarchy through the show command. For example, the show configuration hierarchy includes access, chassis, firewall, groups, etc. The structured grouping of commands makes it easy to move quickly up and down the hierarchical path or to a specific function anywhere in the CLI.
The top level of each hierarchy is much like the top of the UNIX file system backslash, and both the operational mode and configuration mode hierarchies are similar to the directory structure on UNIX systems, PCs, and Macs. Youll learn more about the operational mode later in this course.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 11
Slide 10
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Understanding Configuration Statement Hierarchies Top of the configuration mode tree Container statements Leaf statements 10
Configuration mode has a hierarchical structure logically grouping related configuration statements. This structure eases configuration setup, review, and modification by allowing you to more readily find and view related statements. The figure in this slide illustrates a portion of the configuration tree, with nodes such as system and interfaces at the second level of the hierarchy.
The configuration statement hierarchy includes two types of statements: Container statements contain other statements; that is, they have subordinate configuration levels. And Leaf statements do not contain other statements; they are at the end of a particular hierarchical path.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 12
Slide 11
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Configuration Syntax [ edi t ] syst em{ ser vi ces { f t p; } } [ edi t ] indicates the start of the hierarchy level Each subordinate level is indented { } denote container statements Leaf statements indicated by a semicolon (; ) 11
The command-line interface displays the hierarchy of the configuration mode through specific syntax. The example shown here highlights what you need to know to read a J unos CLI configuration listing.
The [edit] banner indicates the starting hierarchy level of the listing.
The CLI shows the hierarchy of the configuration by indenting each subordinate level.
The CLI indicates container statements with open and closed curly braces. In the example shown here, system and services are cascading container statements.
The CLI indicates leaf statements with a semicolon. In this example, ftp; is a leaf statement.
Although the organizational structure within the configuration is similar to C or other programming languages, you do not need to understand programming to understand the configuration file. It simply is an outline view (remember English class) of the configuration. Once you understand how the outline view works, you will find that the configuration is very easy to read and navigate.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 13
Slide 12
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Section Summary In this section, we: Outline the two command modes Explain the operational command hierarchies Explain the configuration statement hierarchies 12
After successfully completing this section, you should now be able to: Outline the two command modes Explain Operational Command Hierarchies, and Explain Configuration Statement Hierarchies
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 14
Slide 13
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI At what level of the hierarchy is the command-line interface when you first log in to the CLIs operational mode? Submit Submit Clear Clear Learning Activity 1: Question 1 13 A) Bottom B) Root C) Top D) Leaf
Learning Activity 1: Question 1
At what level of the hierarchy is the command-line interface when you first log in to the CLIs operational mode?
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 15
Slide 14
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential Getting Started Exploring the J unos CLI
Now, we will get started using the CLI. Its fast, its easy, and you cant get lost, because youre using J unos.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 16
Slide 15
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Section Objectives After successfully completing this section, you will be able to: Log into a J unos device using the CLI Switch between operational and configuration modes Use keystroke shortcuts to save typing Access on-board help through a variety of ways Filter output with the pipe command and more prompt Use shells to navigate the system Log out of the CLI when finished 15
After successfully completing this section, you will be able to: Log into a J unos device using the CLI Switch between operational and configuration modes Use keystroke shortcuts to save typing Access on-board help through a variety of ways Filter output with the pipe command and more prompt Use shells to navigate the system, and Log out of the CLI when finished
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 17
Slide 16
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Logging In to the CLI (1 of 2) You can login through the console port or the management port Two examples of accessing the management port from a networked device command window: t el net gateway server name user : username passwor d: password t el net router name user : username passwor d: password 16
To access the J unos CLI, you must first have access to the device itself, either through the out-of- band console port or the in-band management port. If necessary, log in to the gateway server with direct access to the J unos device. Oftentimes, the routers, switches, and security devices are on a subnet behind a gateway router that prevents unauthorized access to these devices. If the devices IP address is managed by a DNS server, you can simply log in using the designated domain name. Otherwise, you can log in using the unique IP address of the management port.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 18
Slide 17
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Logging In to the CLI (2 of 2) Connect to the device Log in to the device host ( t t yd0) l ogi n: root passwor d: Enter the CLI r oot @Amnesi ac%cli Explore! Enter a questions mark (?) show i? configure ? 17
If you would like to try this for yourself, you can jump ahead to your own path of discovery on your new J unos device (in the factory default configuration) by using these four steps:
-Connect your management PC to the console port of your new J uniper device using a null- modem or rollover cable, turn on the PC and start its terminal emulation program, and then power up the J uniper box.
-At the login prompt, enter root and at the password prompt press Enter, as in the example shown here.
-After you are authenticated, you enter the UNIX shell, the prompt will have a percentage symbol. To get to the CLI from the prompt, enter cli.
-Youre now in the operational mode of the command-line interface. Enter a question mark anywhere in the command hierarchy, and youll see a list of possible entries. Go ahead and try it, enter a question mark. You should see a list of the valid commands at the top of the operational mode hierarchy. You can also use the question mark to find out the valid possibilities to complete a command. For example type show i and a question mark (show i?) at the command prompt. This displays all the possible show commands that start with the letter i. Look around ... see what else you can discover. What happens when you enter configure and a question mark? ( configure ?)
Slide 18
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 19
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Switching Between Operational and Configuration Modes Operational mode: mi ke@j uni per 1> Configuration mode: mi ke@j uni per 1# mi ke@j uni per 1> configure mi ke@j unper 1# exit 18
As you monitor and configure a device, you need to switch between the operational mode and the configuration mode. When you change to configuration mode, the command prompt also changes. The operational mode prompt is a right angle bracket (>). The configuration mode prompt is a pound sign (#).
To switch from operational mode to configuration mode, issue the configure command.
When issuing the configure command, simply type co. Since no other command starts with those two letters, the CLI will recognize the command and auto-fill the rest of the command for you.
To exit back to operational mode, issue the exit configuration-mode command, or even shorter, the exit command.
Keep in mind that if you made configuration changes, you must commit these changes before exiting configuration mode for them to take effect, this will be covered in a later section.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 20
Slide 19
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Using Keystroke Shortcuts (1 of 2) Keyboard sequence Command completion The CLI stores every entered command in its command history. Keyboard sequence examples: Go to next in command history - Down arrow or Ctrl+n Go to previous in command history - Up arrow or Ctrl+p Go to beginning of line - Ctrl+a Go to end of line - Ctrl+e 19
The J unos CLI offers numerous ways to save keystrokes when using the command line, including keyboard sequences and command completion. All standard UNIX keyboard shortcuts are available to you when you are logged in to the J unos device. This is true whether you are in one of the shells, or in the CLI. These shortcuts offer options to shorten keystrokes. It may take a few days for shortened keystrokes to become second nature; however, once you have the muscle memory, these shortcuts can save you lots of typing time.
The CLI stores every entered command in its command history. At any command prompt, the up and down arrow keys let you scroll through this history (on a VT100 terminal type). You can reuse commands that you previously entered, or modify them as needed. Keyboard sequences can save you much time, for example, when you are configuring similar items on the device, or you are repeating operational commands, such as when you are debugging an issue.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 21
Slide 20
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Using Keystroke Shortcuts (2 of 2) The CLI provides command completion to further speed your typing in both modes Command completion examples: sh<space>ow r o<space>ut e sh<space>ow ch<space>assi s h<space>ar dwar e sh<space>ow conf <space>i gur at i on cl <space>ear r i p s<space>t ast i cs r es<space>t ar t r o<space>ut i ng g<space>r acef ul l y 20
The CLI provides command completion to further speed your typing in both modes. Command completion automatically finishes partially typed commands, filenames, and user names, so you dont need to recall the exact syntax of the desired input string. Command completion is a big help to new users, easing their transition to the new command-line interface.
The spacebar completes most CLI commands. The tab key not only completes CLI commands, but also filenames and user-defined variables such as policy names, community names, and IP addresses. When the completion of the command or argument is ambiguous, pressing the spacebar or tab key lists the possible completions as shown in this example.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 22
Slide 21
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Getting Help (1 of 5) Context-sensitive help using the question mark - ? [ edi t syst em] mi ke@j uni per 1# set s? Possi bl e compl et i ons: saved- cor e- cont ext Save cont ext i nf or mat i on f or cor e f i l es saved- cor e- f i l es Number of saved cor e f i l es per execut abl e( 1. . 64) > ser vi ces Syst emser vi ces > st at i c- host - mappi ng St at i c host name dat abase mappi ng > sysl og Syst eml oggi ng f aci l i t y 21
The J unos CLI includes several options for getting help any time youre not sure what to do, or if you just want to double-check your memory. Everyone uses the CLIs comprehensive system of online help, even the experts whove been working with J uniper devices for years. Query the command line with the question mark (?) character at any level of the operational or configuration hierarchies for a list of available commands and a short description of each. Typing a partial command and the question mark provides a list of all the valid ways to complete your command. Using the question mark in either of these ways is known as context-sensitive help in J unos lingo.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 23
Slide 22
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Getting Help (2 of 5) The question mark can list the files in the working directory mi ke@j uni per 1> request system license add ? Possi bl e compl et i ons: <f i l ename> Fi l ename ( URL, l ocal , r emot e, or f l oppy) f i l e1 Si ze: 19701, Last changed: Feb 23 21: 56: 52 f i l e2 Si ze: 1835, Last changed: Apr 09 09: 51: 57 l og1 Si ze: 1215, Last changed: Feb 16 13: 07: 49 l og2 Si ze: 1135, Last changed: Apr 09 11: 05: 16 t er mi nal Use l ogi n t er mi nal 22
For commands that require a filename as an argument, the question mark lists the files in the working directory, as in this example.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 24
Slide 23
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Getting Help (3 of 5) Specifying a path lists the files in that directory mi ke@j unper 1> request system license add /cf/ ? Possi bl e compl et i ons: <[ Ent er ] > Execut e t hi s command <f i l ename> Fi l ename ( URL, l ocal , r emot e, or f l oppy) / cf / boot / Last changed: Apr 16 11: 08: 56 / cf / dev/ Last changed: Apr 08 2004 / cf / et c/ Last changed: Apr 30 08: 40: 09 / cf / ker nel Si ze: 32797835, Last changed: Apr 15 / cf / ker nel . ol d Si ze: 32715591, Last changed: Nov 09 / cf / opt / Last changed: Nov 09 02: 08: 43 / cf / packages/ Last changed: Apr 16 11: 08: 57 / cf / r oot / Last changed: Apr 16 11: 08: 56 / cf / sbi n/ Last changed: Apr 16 11: 08: 56 / cf / usr / Last changed: Nov 09 02: 11: 23 / cf / var / Last changed: Nov 09 02: 11: 23 23
Or, specifying a path lists the files in that directory, as in this example.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 25
Slide 24
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Getting Help (4 of 5) On-board documentation You can access these files in both operational and configuration modes hel p apr opos hel p r ef er ence hel p sysl og hel p t i p hel p t opi c 24
When you want more information than what is provided by context-sensitive help, turn to the J unos technical documentation on your device through the help commands. J uniper loads documentation on new devices and includes it as a part of new upgrade builds.
The help files are divided into five major categories. You can access these files in both operational and configuration modes.
The help apropos command is useful whenever you remember a portion of a command but not the full statement. The command looks for all matches in statement or command names as well as help strings that are displayed for these.
After learning about what a certain command does and when to use it, you can view the actual syntax and possible options using the help reference command.
To displays information on specific syslog events use the help syslog command.
Help tip provides random tips for using the CLI.
Use the help topic command to learn about the usage guidelines for a specific configuration statement.
Slide 25
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 26
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Getting Help (5 of 5) The J unos OS checks syntax word-by-word Syntax help example: [ edi t ] mi ke@j uni per 1# show pr ot ocol s { pi m{ i nt er f ace so- 0/ 0/ 0 { pr i or i t y 4; ver si on 2; # War ni ng: mi ssi ng mandat or y st at ement ( s) : ' mode' } } } 25
Rather than waiting until you hit return at the end of a configuration statement, the J unos OS checks syntax word-by-word. Every time you enter a word into a line and press the spacebar, the CLI determines if each term is a valid command component and whether it is being used properly. If it finds a mistake, the CLI requests correction.
Additionally, J unos checks for omitted statements required at a particular hierarchy level whenever you attempt to move from that hierarchy level or when you issue the show command in configuration mode.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 27
Slide 26
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Filtering Output with the Pipe Command and the More Prompt (1 of 3) | is the pipe command symbol Example: mi ke@j uni per 1> show route | ? Will display possible completions for this command Saving output to a file mi ke@j uni per 1> request support information | save filename Wr ot e 1143 l i nes of out put t o f i l ename 26
You can change how the CLI displays output with the pipe command and the more prompt.
The pipe command lets you filter output in both operational and configuration modes. Pipe makes it possible to display specific information in a single command step, sending the output of one command as input to another, or redirecting the output to a file. The output of the command to the left of the pipe symbol serves as input to the command or file to the right of the pipe. You can query the CLI to find valid ways to pipe a command, as shown in the first example above.
The pipe symbol and save command along with a filename filters command output to a file.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 28
Slide 27
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Filtering Output with the Pipe Command and the More Prompt (2 of 3) Some other pipe commands: | count | di spl ay det ai l | di spl ay xml | hol d | mat ch | except | f i nd | l ast When using find or match, you must enclose spaces, operators, or wildcard characters that are a part of the search term in quotation marks 27
The following examples further demonstrate ways that pipe can help you to fine-tune commands: Pipe count: gives the number of lines in the output. Pipe display detail: provides additional information about the contents of the configuration. This command can only be used in configuration mode. Pipe display xml: shows the output in XML format. Its useful to display output in XML when exchanging configuration and state information with other systems. The XML output is formatted in the standard Remote Procedure Call (or RPC) format. Pipe hold: retains the output in the buffer until cleared. The most common way to use the pipe symbol is to constrain the output. Pipe match: specify exactly what information you want to display. Pipe except: displays output that ignores a specific string Pipe find: displays the output starting at the first occurrence of the matching text Pipe last: provides only the last screen of the listing When using find or match, you must enclose spaces, operators, or wildcard characters that are a part of the search term in quotation marks.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 29
Slide 28
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Filtering Output with the Pipe Command and the More Prompt (3 of 3) Multiple pipes example mi ke@j uni per 1> show interfaces terse | match fe- | count Count : 12 l i nes The <more> prompt mi ke@j uni per 1> show ethernet-switching interfaces detail I nt er f ace: ge- 0/ 0/ 0. 0 I ndex: 64 St at e: down VLANs: def aul t unt agged bl ocked - bl ocked by STP *// Data Deleted From Example //* I nt er f ace: ge- 0/ 0/ 12. 0 I ndex: 76 St at e: down VLANs: def aul t unt agged bl ocked - bl ocked by STP - - - <mor e>- - - 28
The J unos OS sees multiple pipes as a logical AND, only displaying the output that matches all entered pipes. You can enter different pipe commands, as well as the same pipe command, multiple times. This example shows how to count how many fast Ethernet interfaces are configured within the active configuration.
The command-line interface automatically paginates output. The CLI settings determine the length for your user account, with the typical setting at 24 lines. When the device stops at a page break, the command-line interface displays the <more> prompt and shows the amount of displayed output as a percentage of all the content available for display. You can press the h key at any <more> prompt to see a list of display options, such as moving forward and backward in the output, searching, and saving.
The set cli screen-length command modifies the number of displayed lines. Alternatively, you can display the entire output by adding the pipe | no-more as part of your command.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 30
Slide 29
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Working with Shells J unos OS is based on FreeBSD Different shells can be accessed J unos places non-root users into the CLI operational mode To log in to the CLI interface, issue the cli command at any shell prompt: % cli The CLI always opens in operational mode To enter other shells see the System Basics and Services Command Reference at: www.juniper.net/techpubs/ 29
The kernel of the J unos operating system is based upon FreeBSD and thereby inherits many capabilities from its UNIX roots, including the keyboard shortcuts, pipes, and expression matching discussed previously in this section. Another inherited functionality is the option to enter different shells. When any non-root user logs into a J unos device, J unos places them in the CLI operational mode. The J unos CLI provides access to all system management functions needed to run your system. The other shells are available if you want to navigate the file system or for advanced recovery procedures executed by the root user, often with the assistances of J TAC. You should use the CLI for operating the device as anything outside of the CLI bypasses normal system management.
To learn how to enter other shells (such as the C shell or Bourne shell) see the online System Basics and Services Command Reference at URL onscreen.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 31
Slide 30
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Logging Out You must log out of each shell you have opened When completely logged out you will receive the message : Connect i on cl osed by f or ei gn host . mi ke@j unper 1> exit Logout Connect i on cl osed by f or ei gn host . $ [ edi t pr ot ocol s ospf ] mi ke@j uni per 1# exit configuration-mode Exi t i ng conf i gur at i on mode mi ke@j uni per 1> exit l ogout Connect i on cl osed by f or ei gn host . $ 30
When logging out, you must log out of each shell you have opened before you can log out completely from the device. Thus if you log in to the device and are placed in the CLI operational mode and then you enter the CLI configuration mode, you need to exit out of both shells. When you are completely logged out of the device, you will receive the message: Connection closed by foreign host.
If youre in configuration mode and want to log out, exit your configuration session to enter operational mode, then exit operational mode as show here in the second example.
Protect the security of your device by logging out if you have no reason to be logged in or when you are away from your terminal, even for a few minutes. This prevents someone else from sitting down at your workstation and inadvertently (or deliberately) accessing the device.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 32
Slide 31
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Section Summary After successfully completing this section, you should now be able to: Log into a J unos device using the CLI Switch between operational and configuration modes Use keystroke shortcuts to save typing Access on-board help through a variety of ways Filter output with the pipe command and more prompt Use shells to navigate the system Log out of the CLI when finished 31
After successfully completing this section, you should now be able to: Log into a J unos device using the CLI Switch between operational and configuration modes Use keystroke shortcuts to save typing Access on-board help through a variety of ways Filter output with the pipe command and more prompt Use shells to navigate the system, and Log out of the CLI when finished
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 33
Slide 32
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Operational mode is represented by what symbol at the command prompt? Submit Submit Clear Clear Learning Activity 2: Question 1 32 A) Right angle bracket (>) B) Question mark (?) C) Percent symbol (%) D) Pound sign (#)
Learning Activity 2: Question 1
Operational mode is represented by what symbol at the command prompt?
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 34
Slide 33
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Which two of the following keyboard keys can you use to complete most CLI commands to save typing the full command? (Select two.) Submit Submit Clear Clear Learning Activity 2: Question 2 33 A) Tab B) Shift C) Spacebar D) Alt
Learning Activity 2: Question 2
Which two of the following keyboard keys can you use to complete most CLI commands to save typing the full command? (Select two.)
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 35
Slide 34
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Lab 1- Getting Started Logging in Help Commands Operational Mode & Configuration Mode Pipe Commands Keystroke Shortcuts Logging Out https://virtuallabs.juniper.net/ 34
Lab 1- Getting Started
In this lab, you will
Log In to the J unos Device Using the CLI Switching Between Operational Mode and Configuration Mode Use Keystroke Shortcuts to Save Typing Filter Output with the Pipe Command and the More Prompt Learn a Variety of Ways to Access On-board Help, and Log Out of the J unos CLI
To get the lab instructions, click on the attachments icon in the lower right corner of the course window,
To enter the Virtual Lab, click the link onscreen.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 36
Slide 35
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential Understanding Operational Mode Exploring the J unos CLI
In this section we will explore Operational Mode. Operational mode provides commands for monitoring, managing, and maintaining your device. You can find out the status of your device, administer diagnostics, and perform other operational tasks, as well as manage the software running the device.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 37
Slide 36
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Section Objectives After successfully completing this section, you will be able to: Describe the operational mode Show device status using operational mode Manage basic operations on the device Use the file commands to alter command output Manage the operating system software 36
After successfully completing this section, you will be able to: Describe the operational mode Show device status using operational mode Manage basic operations on the device Use the file commands to alter command output, and Manage the operating system software
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 38
Slide 37
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Understanding Operational Mode Key operational mode capabilities include: Monitoring and troubleshooting the device Connecting to other network systems Restarting software processes Entering configuration mode Displaying the configuration Controlling the CLI environment Performing system-level operations such as stopping and rebooting the device and loading J unos software images 37
The J unos OS provides an extensive set of on-board instrumentation capabilities for gathering critical operational status, statistics, and other information. These tools deliver advance notification of issues and speed problem solving during events.
As part of your configuration setup you can specify the types of events to track, the event severity, and the files in which to store the data, among other options. J uniper devices come with sufficient processing power to collect and store critical operational data, including SNMP management, system logging, and traceoptions that help you to understand how the box operates in normal conditions and where, when, and why changes occur.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 39
Slide 38
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Understanding Operational Mode Commonly used commands: mi ke@j uni per 1> ? Possi bl e compl et i ons: cl ear Cl ear i nf or mat i on i n t he syst em conf i gur e Mani pul at e sof t war e conf i gur at i on i nf or mat i on f i l e Per f or mf i l e oper at i ons hel p Pr ovi de hel p i nf or mat i on moni t or Show r eal - t i me debuggi ng i nf or mat i on pi ng Pi ng r emot e t ar get qui t Exi t t he management sessi on r equest Make syst em- l evel r equest s r est ar t Rest ar t sof t war e pr ocess set Set CLI pr oper t i es, dat e/ t i me, cr af t i nt er f ace message show Show syst emi nf or mat i on ssh St ar t secur e shel l on anot her host st ar t St ar t shel l *// Data Deleted From Example //* 38
Explore operational mode from the top level of its hierarchy. Heres a truncated listing of its most commonly used commands.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 40
Slide 39
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Showing Device Status (1 of 3) Possible show command completions: mi ke@j uni per 1> show? Possi bl e compl et i ons: account i ng Show account i ng pr of i l es and r ecor ds aps Show Aut omat i c Pr ot ect i on Swi t chi ng i nf or mat i on ar p Show syst emAddr ess Resol ut i on Pr ot ocol t abl e ent r i es as- pat h Show t abl e of known aut onomous syst empat hs bf d Show Bi di r ect i onal For war di ng Det ect i on i nf or mat i on bgp Show Bor der Gat eway Pr ot ocol i nf or mat i on chassi s Show chassi s i nf or mat i on cl ass- of - ser vi ce Show cl ass- of - ser vi ce ( CoS) i nf or mat i on cl i Show command- l i ne i nt er f ace set t i ngs conf i gur at i on Show cur r ent conf i gur at i on *// Data Deleted From Example //* 39
Operational mode provides a large group of show commands to display status and statistics for just about everything on the device. A truncated example is shown here. For the reader with experience using Cisco IOS software, a basic difference of the J unos OS is that it does not use the keyword IP. So, many of the show commands you already know work if you drop this part of the command. For example, the IOS command show ip route simply becomes show route in J unos.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 41
Slide 40
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Showing Device Status (2 of 3) Show interfaces completion examples: mi ke@j uni per 1> show interfaces fe-1/1/1 ? Possi bl e compl et i ons: <[ Ent er ] > Execut e t hi s command br i ef Di spl ay br i ef out put descr i pt i ons Di spl ay i nt er f ace descr i pt i on st r i ngs det ai l Di spl ay det ai l ed out put ext ensi ve Di spl ay ext ensi ve out put medi a Di spl ay medi a i nf or mat i on snmp- i ndex SNMP i ndex of i nt er f ace st at i st i cs Di spl ay st at i st i cs and det ai l ed out put t er se Di spl ay t er se out put *// Data Deleted From Example //* 40
The show command includes other arguments to modify the output. For example, shown here are the available arguments for the show interfaces command for the fe-1/1/1 Fast Ethernet interface. You can add these options to adjust the output listings to what you need.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 42
Slide 41
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Showing Device Status (3 of 3) Using brief and terse with the show command: mi ke@j uni per 1> show interfaces fe-1/1/1 brief Physi cal i nt er f ace: f e- 1/ 1/ 1 Enabl ed, Physi c l i nk i s Down Li nk- l evel t ype: Et her net , MTU: 1514, Spped: 100mbps, Loopback: Di sabl ed, Sour ce f i l t er i ng: Di sabl ed Fl ow cont r ol : Enabl ed Devi ce f l ags : Pr esent Runni ng Down I nt er f ace f l ags : Har dwar e- Down SNMP- Tr aps I nt er nal : Ox4000 Li nk f l ags : None mi ke@j uni per 1> show interfaces fe-1/1/1 terse I nt er f ace Admi n Li nk Pr ot o Local Remot e f e- 1/ 1/ 1 up up at - 1/ 3/ 0. 0 up up i net 1. 0. 0. 1 - - > 1. 0. 0. 2 i so 41
Here is the output from the same example when adding brief and terse to the command. Notice the different output. As an added note, the clear commands let you reset the devices statistics to zero.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 43
Slide 42
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Managing Basic Operations Fundamental management commands: pi ng: this standard IP command tests whether other devices, interface cards, or nodes are reachable on the network. t r acer out e: this network utility reports the path taken by packets from your device to a destination on an IP network. ssh: this standard UNIX secure shell program opens a user shell on another device or host on the network. t el net : this management protocol opens a terminal connection to another device or host on the network. 42
J unos supports standard network utilities and remote access for management. You may recognize a few of these fundamental commands from UNIX and other operating systems.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 44
Slide 43
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Using the File Commands (1 of 2) Saving and loading configuration files on the device are helpful for: Archiving and backing up configurations Sharing configuration files across devices Saving and loading parts of configuration files that might be common across many devices within a network (route filters, for instance). To view a file use the file show command: mi ke@j uni per 1> file show filename 43
The file commands let you view and copy files from one location of your device to another, from your device to a remote system, such as a server, or from a remote system to the device. Saving and loading configuration files on the device are helpful for archiving and backing up configurations, sharing configuration files across devices, or saving and loading parts of configuration files that might be common across many devices within a network (route filters, for instance). To view a file, use the file show command as illustrated in this example.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 45
Slide 44
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Using the File Commands (2 of 2) Command syntax for file copy: f i l e copy / t ar get - di r ect or y/ t ar get - f i l ename / dest i nat i on- di r ect or y/ dest i nat i on- f i l ename Examples: mi ke@j uni per 1> file copy /config/juniper.conf.gz/var/home/user/backup.gz mi ke@j uni per 1> file copy config/juniper.conf.gz/var/home/user/juniper.conf.gz- 20090123 Using the file list command: mi ke@j uni per 1> file list / var / home/ user / : . ssh/ j uni per . conf . gz- 20090123 44
You can manually archive files with the file copy command which uses the same syntax as the standard UNIX cp command. For instance, in the first example here were copying the current active configuration file (/config/juniper.conf.gz) as backup.gz to the devices /var/home/user directory. As a best practice, you should create a rescue configuration of a known working configuration. If the active configuration is corrupted, the device will automatically load the file named rescue.gz in the /config directory as the active configuration.
Also, after copying the configuration file to a new location, always rename it so that you dont accidentally overwrite it later when copying an updated version of the file. The same command lets you move the configuration file from the server back to the devices home directory as shown in the second example. Use the file list command to verify that the file arrived in your home directory.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 46
Slide 45
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Managing the Operating System Software The restart command Used to stop and then restart most individual operating system daemons (processes) The request command Performs system-wide functions such as rebooting, upgrading, shutting down the device, and more mi ke@j uni per1>request chassis fpc slot 0 restart Restart i ni ti ated, use "showchassi s f pc" to veri f y user@host>show chassis fpc Temp CPU Uti l i zati on(%) Memory Uti l i zati on (%) Sl ot State (C) Total I nterrupt DRAM(MB) Heap Buf f er 0 Starti ng 32 0 0 0 0 0 1 Onl i ne 30 0 0 8 11 14 2 Empty 3 Empty 45
Operational mode provides commands for managing the operating system software, including upgrading and rebooting the device, as well as for restarting and resetting individual processes. J unos is a modular operating system whereby independent processes run in their own protected memory space. As such, these processes (called daemons) can be independently managed.
You can restart most J unos processes from the operational mode (with a few daemons requiring that you must exit to a shell). Use restart when you need to stop and then restart individual operating system daemons. Although each process is fully independent, take special care when using the restart command. A restart of the SNMP process is only disruptive to SNMP, but a restart of routing could have drastic consequences in your network! To restart a specific routing protocol, such as OSPF, you can deactivate and then reactivate it in configuration mode. When a problem exists with only one protocol, this is a better approach than restarting the entire routing daemon of J unos, which would affect all the routing protocols. The request commands perform system-wide functions such as rebooting, upgrading, and shutting down the device. This command group also provides the ability to online, offline, and restart individual components without having to reboot the entire device.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 47
Slide 46
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Section Summary After successfully completing this section, you should now be able to: Describe the operational mode Show device status using operational mode Manage basic operations on the device Use the file commands to alter command output Manage the operating system software 46
After successfully completing this section, you should now be able to: Describe the operational mode Show device status using operational mode Manage basic operations on the device Use the file commands to alter command output, and Manage the operating system software
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 48
Slide 47
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI As a best practice against file corruption or loss, it is recommended you create what type of configuration? Submit Submit Clear Clear Learning Activity 3: Question 1 47 A) restore B) request C) restart D) rescue
Learning Activity 3: Question 1
As a best practice against file corruption or loss, it is recommended you create what type of configuration?
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 49
Slide 48
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Which of the following commands would you use to reset the devices statistics to zero? Submit Submit Clear Clear Learning Activity 3: Question 2 48 A) restore B) clear C) reset D) zero-out
Learning Activity 3: Question 2
Which of the following commands would you use to reset the devices statistics to zero?
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 50
Slide 49
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Lab 2- Understanding Operational Mode Show Device Status Using Operational Mode https://virtuallabs.juniper.net/ Manage Basic Operations on the Device Manage the Operating System Software 49
Lab 2 Understanding Operational Mode
In this lab, you will
Show Device Status Using Operational Mode Manage Basic Operations on the Device, and Manage the Operating System Software
To get the lab instructions, click on the attachments icon in the lower right corner of the course window,
To enter the Virtual Lab, click the link onscreen.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 51
Slide 50
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential Discovering Configuration Mode Exploring the J unos CLI
In this section, we will take a look at the configuration mode. In configuration mode, as the name implies, you define the configuration of your device. This includes configuring the management console with its network settings, setting up user accounts for access to the device, specifying the security measures used to protect the device and the network, and setting up routing and switching protocols. Each statement configures different functions of the device, specifying its particular properties in your network.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 52
Slide 51
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Section Objectives After successfully completing this section, you will be able to: Explain the J unos configuration process Enter the configuration mode in a number of ways Understand configuration mode basics to view and navigate the configuration Edit the configuration by adding, removing and changing configuration statements Commit the candidate configuration and catch errors Automate everyday tasks to optimize your time Roll back the configuration to a previous working configuration Prepare system changes in advance Use configuration shortcuts to make changes quickly 51
After successfully completing this section, you will be able to: Explain the J unos configuration process Enter the configuration mode in a number of ways Understand configuration mode basics to view and navigate the configuration Edit the configuration by adding, removing and changing configuration statements Commit the candidate configuration and catch errors Automate everyday tasks to optimize your time Roll back the configuration to a previous working configuration Prepare system changes in advance, and Use configuration shortcuts to make changes quickly
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 53
Slide 52
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Introducing the Configuration Process (1 of 2) J unos captures all changes in a candidate configuration This approach substantially contrasts with other systems that use line-by-line entry and instant activation of configuration changes The J unos CLI protects you from configuration headaches The candidate configuration is held in system memory 52
The J unos CLI is thoughtfully designed to consider configuration as a process. Thus, safeguards have been introduced that allow you to set up and check a new configuration before it goes live. For example, J unos captures all changes in a candidate configuration that when completed can be committed, and only then can become the active configuration file.
This approach substantially contrasts with other systems that use line-by-line entry and instant activation of configuration changes. Have you ever had to make line-by-line changes in other systems, knowing that you were creating intermediate risks, such as removing a firewall on an interface? Perhaps you have entered a single-line change that created unwanted or unexpected results that you could not easily revert. The J unos CLI protects you from these configuration headaches. With the help of early customers, the J uniper engineers purposefully designed a multi-stage configuration process. This process provides various methods of averting difficulties caused by unexpected mistakes and other common challenges in device configuration.
Although it is easy to think of configurations as files, actually there is no file associated with the candidate configuration. The configuration is held in system memory.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 54
Slide 53
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Introducing Configuration Process (2 of 2) There are three basic steps to configure a device run by the J unos OS Make changes to the candidate configuration Commit your changes Candidate becomes active J unos saves 49 previous active configurations Commit Confirmed Candidate Configuration Commit Validations Commit Commit Scripts Validated Configuration Active Configuration R o l l b a c k 1 2 3 53
This illustration outlines the three basic steps to configure a device run by the J unos OS.
The first is to make changes to the candidate configuration. The candidate configuration is a copy of the active configuration. You can enter configuration changes to the candidate through the CLI, J -web interface or by automated means. J unos also includes commands to review your candidate changes, including comparing the candidate to the active (running) file.
Next, you commit your changes. To move the candidate to become the active configuration, enter the commit or commit confirmed commands. Before finalizing the changeover, the software checks for certain statements within the candidate and performs other context validations. If the device includes preloaded commit scripts, these scripts will also check and possibly correct errors within the candidate configuration.
Finally, the candidate becomes active after passing through all the validation checks. The candidate configuration becomes the active configuration, saved as /config/juniper.conf.gz. The device renames the previous j uni per . conf . gz file to juniper.conf.1.gz The J unos device saves up to 49 previous active configurations. You can roll back to any one of these backup configurations by issuing the rollback [0 - 49] command, discussed later in this section.
Slide 54
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 55
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Entering Configuration Mode (1 of 2) J unos offers three option for entering configuration mode Standard Exclusive Private 54
In devices where different user accounts can make configuration changes, the flexibility to manage who is making changes and when they make them is essential. The J unos OS thus offers three options for entering configuration mode.
Standard allows any number of users to edit the candidate configuration simultaneously, and changes made by a single user are visibly shared so that they can be seen by all users.
Exclusive locks all other users out of configuration mode until the exclusive user closes the exclusive state.
Private provides a private configuration, whereby the device keeps a separate candidate copy holding only the changes by the private user.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 56
Slide 55
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Entering Configuration Mode (2 of 2 ) The configure command mi ke@j uni per 1> configure Ent er i ng conf i gur at i on mode The conf i gur at i on has been changed but not commi t t ed mi ke@j uni per 1# exit The conf i gur at i on has been changed but not commi t t ed Exi t wi t h uncommi t t ed changes? [ yes, no] The configure exclusive command mi ke@j uni per 1> configure exclusive war ni ng: uncommi t t ed changes wi l l be di scar ded on exi t Ent er i ng conf i gur at i on mode The configure private command mi ke@j uni per 1> configure private war ni ng: uncommi t t ed changes wi l l be di scar ded on exi t Ent er i ng conf i gur at i on mode 55
To enter standard configuration mode, issue the configure command. When you exit from the standard configuration mode, all the uncommitted changes you have made during your session remain in the candidate, unless you explicitly delete them or issue a rollback 0 command to reload the active configuration as the candidate. The users do get warning messages when logging in and out. To lock the candidate configuration from other users, add the exclusive switch to the configure command. In configure exclusive mode, the device discards all non-committed changes to the configuration once you exit the session. You can create your own private candidate configuration by adding the private switch to the configure command.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 57
Slide 56
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Understanding Configuration Mode Basics (1 of 5) From top of configuration hierarchy [ edi t ] mi ke@j uni per 1# show ver si on 9. 2R1. 3; gr oups { r e0 { syst em{ host - name j uni per 1; } } } <sni p> Deeper in the hierarchy [ edi t i nt er f aces ge- 5/ 0/ 0] mi ke@j uni per 1# show gi get her - opt i ons { f l ow- cont r ol ; aut o- negot i at i on; } uni t 0 { f ami l y i net { addr ess 1. 2. 3. 4/ 28; } } Viewing the candidate configuration 56
Configuration mode offers several options to view and navigate the candidate configuration. The show command displays the candidate configuration of the device. When this command is entered from the top of the configuration hierarchy, the CLI displays the entire candidate configuration. The example on the left illustrates an abbreviated listing for a configured device. If you havent made any configuration changes, then the candidate configuration is the same as the active (running) configuration of the device.
Deeper in the hierarchy, the show command displays the configuration from the current configuration hierarchy level and below, as shown in the example on the right.
You may have noticed that the configuration mode uses the show command in a different way from operational mode. The commands of each mode are independent of each other, and so the show command represents different actions in each mode.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 58
Slide 57
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Understanding Configuration Mode Basics (2 of 5) Navigating the configuration [ edi t ] mi ke@j uni per 1# set system services finger mi ke@j uni per 1# set system services ftp mi ke@j uni per 1# set system services ssh mi ke@j uni per 1# set system services telnet [ edi t syst emser vi ces] mi ke@j uni per 1# set finger mi ke@j uni per 1# set ftp mi ke@j uni per 1# set ssh mi ke@j uni per 1# set telnet [ edi t ] syst em{ ser vi ces { f i nger ; f t p; ssh; t el net ; } } In either case, the example shown below will be added to the candidate configuration Example 1: Example 2: 57
Although you can edit the configuration from the root of the hierarchy, it is often easier to navigate to the area within the configuration you are changing before adding and removing commands. For example, if you were planning to add new services to the configuration, you could issue the set commands shown in the example on the left. However, it is easier to navigate to the system services directory and then issue the commands as shown in the example on the right.
In either case, when you have edited the configuration, the lines shown at the bottom of this slide are added to the candidate configuration. The CLI provides four commands for navigation in configuration mode: edit, up, top, and exit. Lets examine these commands next.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 59
Slide 58
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Understanding Configuration Mode Basics (3 of 5) The banner changes based on your location when using edit [ edi t ] mi ke@j uni per 1# edit system services [ edi t syst emser vi ces] mi ke@j uni per 1# To navigate to system syslog host log you could use issue a single command or a succession of commands: [edi t ] mi ke@j uni per 1# edit system syslog host log [ edi t syst emsysl og host l og] mi ke@j uni per 1# [ edi t ] mi ke@j uni per 1# edit system [ edi t syst em] mi ke@j uni per 1# edit syslog [ edi t syst emsysl og] mi ke@j uni per 1# edit host log [ edi t syst emsysl og host l og] mi ke@j uni per 1# The edit commands functions like the change directory (cd) command in UNIX Your new location! 58
Use the edit command to jump to a specific location within the candidate configuration. The configuration mode banner changes to indicate your new location in the hierarchy. You do not have to issue the edit command from the top level directory. For example, to navigate to the system syslog host log hierarchy, you could issue a single command from the top level of the hierarchy, as shown on the left. Or, you could also navigate to the same hierarchy by issuing a succession of edit commands.
When issuing the edit command from the hierarchy, issue the relative path based on your location in the hierarchy. Note that the edit command functions like the UNIX change directory (or cd) command, moving you to an exact location in the hierarchy tree. If you navigate to a hierarchy location that doesnt yet exist in your configuration, the CLI will create the hierarchy level. However, explicitly adding hierarchy levels using the set command (discussed later in this course) helps you to know exactly what you have created.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 60
Slide 59
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Understanding Configuration Mode Basics (4 of 5 ) The up command allows you to move up levels: [ edi t i nt er f aces f e- 1/ 3/ 1 uni t 0 f ami l y i net addr ess 10. 0. 10. 1] mi ke@j uni per 1# up [ edi t i nt er f aces f e- 1/ 3/ 1 uni t 0 f ami l y i net ] mi ke@j uni per 1# As seen from the top of the configuration hierarchy: [ edi t ] i nt er f aces { f e- 1/ 3/ 1 { uni t 0 { f ami l y i net { addr ess 10. 0. 10. 1; } } } } 59
The up command allows you to move up levels in the hierarchy. By default, you move one level. You can add a number after the command to specify how many levels to move up. In the example shown here, interfaces, fe-1/3/1, unit 0, family inet, and address 10.0.10.1 each represent one level within the hierarchy. The second example shows what this looks like from the top of the configuration hierarchy.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 61
Slide 60
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Understanding Configuration Mode Basics (5 of 5) The top command allows you to move to the first hierarchy level The exit command returns you to the highest hierarchy location from which you previously entered an edit command [ edi t pr ot ocol s ospf ar ea] mi ke@j uni per 1# top edit system login [ edi t syst eml ogi n] mi ke@j uni per 1# [ edi t pr ot ocol s ospf ar ea] mi ke@j uni per 1# top show system services web- management { ht t p { por t 8080; } } 60
The top command allows you to move to the first hierarchy level.
The exit command returns you to the highest hierarchy location from which you previously entered an edit command. If you issue this command from the top level of the configuration hierarchy, you exit configuration mode.
You can combine navigation commands together to move through the hierarchy. For example, you can use top and edit together to move quickly to a different part of the configuration hierarchy as shown in the example on the left. Use top with show to display a portion of the configuration from another section of the hierarchy as shown in the example on the right.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 62
Slide 61
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Editing the Configuration (1 of 3) The set command inserts a statement and values into the candidate configuration Example 1: [ edi t ] mi ke@j uni per 1# set system services ftp The following lines will be added to the configuration file: syst em{ ser vi ces { f t p; } } You also use the set command to add statement values when required Example 2: [ edi t ] mi ke@devi cename # set system host-name juniper1 The following lines will be added to the configuration file: syst em{ host - name j uni per 1; } 61
Create or change the candidate configuration by entering a series of commands, including commands to add and remove configuration statements. The set command inserts a statement and values into the candidate configuration. For example, if you want to add the FTP service to your device, from the top of the hierarchy you issue the set command as shown in the first example.
You also use the set command to add statement values when required. For example, to set the device name to juniper1, you enter the set command shown here in the second example.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 63
Slide 62
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Editing the Configuration (2 of 3) The delete command removes statements from your candidate configuration Use caution with this command The delete command removes all subordinate statements and identifiers Example: [ edi t ] mi ke@j uni per 1# delete protocols For info on using wildcards with delete refer to the J unos CLI User Guide - Advanced Features section in www.juniper.net/techpubs 62
The delete command removes statements from your candidate configuration. Deleting a statement effectively returns the affected device, protocol, or service to an un-configured state. Deleting a container statement removes everything under that level of the hierarchy. You need to use caution with this command. The delete command removes all subordinate statements and identifiers. For example, the simple line shown here would remove all the protocol configuration data in your candidate. Know where you are in the hierarchy and everything that your command will remove when you issue a delete statement! By always checking the [edit] banner to determine your current hierarchy location, you can be sure your command affects only the portion of the configuration that you want to change. If a configuration statement is empty after you delete the configuration element(s), the CLI removes that configuration statement from the candidate configuration.
When you need to remove large common pieces of the configuration from the device, wildcards can save you time. The device can search through the entire candidate configuration looking for a string and delete every line that contains that string. To learn more about wildcards, go to the online J unos CLI User Guide at the URL onscreen and refer to the section on Advanced Features.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 64
Slide 63
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Editing the Configuration (3 of 3) The annotate command can be used when you want to leave comments about the configuration Example 1: [ edi t ] mi ke@j uni per 1# annotate system this device is for training new Junos users To delete a comment, use annotate with an empty string Example 2: [ edi t ] mi ke@j uni per 1# annotate system "" 63
The J unos CLI lets you leave comments about the configuration as a part of its listing. The comments can be quite handy when you or other team members are trying to troubleshoot a problem or need to make configuration changes. Issue the annotate command followed by your note when you want to include comments. This example from the top of the configuration mode posts the comment at the [edit system] level of the configuration hierarchy. When you add comments in configuration mode, they are associated with a statement at the indicated level. Each statement can have one single-line comment associated with it.
To delete a comment, use the annotate command with an empty string as shown here in the second example.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 65
Slide 64
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Committing the Candidate Configuration (1 of 7) J unos configuration file management 64
The J unos CLI provides multiple features that help users to catch and correct typos, omissions, and other errors before they become a problem. In addition to candidate configurations, these features include providing file comparisons, checking candidate syntax and context, enabling fast rollback, and restoring working configurations on systems that become isolated after activation of a new configuration.
This slide provides a detailed view of the file management of the device configuration. The active (or running) configuration is the operational file of the device. It is also the configuration that the device loads during a boot sequence. The candidate configuration is the working copy storing configuration updates. The commit commands cause the following transitions by the device (for candidates which pass the validation checks). It copies the candidate configuration to the active configuration. At this point, the active and the candidate configurations are identical. It then decrements all rollback configuration files by one and saves the active configuration as rollback 0. The active (or running) configuration file and the last three rollback configuration files are saved in the /config directory. The device saves the remainder of the archived configuration files in the /var/db/config directory. The active configuration file is named juniper.conf.gz, and the rollback configuration files are named from juniper.conf.1.gz to juniper.conf.49.gz (providing on-box access to a total of 50 active configurations).
Slide 65
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 66
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Committing the Candidate Configuration (2 of 7 ) Use compare to display the configured differences between two configurations Example: [edi t syst em] mi ke@j uni per 1# set services telnet [ edi t syst em] mi ke@j uni per 1# delete services web- management [ edi t syst em] mi ke@j uni per 1# delete services ssh [ edi t syst emser vi ces] mi ke@j uni per 1# show | compare - ssh; + t el net ; - web- management { - ht t p { - por t 8080; - } - } Shortcut: you can perform the operational mode command show configuration, in configuration mode by adding the keyword run [ edi t ] mi ke@j uni per 1# run show configuration 65
Configuration mode conveniently provides a way to display the configured differences between two configurations with the show pipe compare command. The example on the left modifies a candidate configuration by enabling Telnet access and removing SSH and J -Web access. The example on the right displays the resulting changes in the candidate compared to the active configuration.
The command interface indicates new lines in the candidate with a plus (+) sign and those removed with a minus (-) sign. The operational mode command show configuration displays the current active (running) configuration. You can perform this command in configuration mode by adding the keyword run.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 67
Slide 66
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Committing the Candidate Configuration (3 of 7) The commit check command validates the logic and completeness of the candidate without activating any changes. If the system finds a problem in the candidate configuration, it lets you know: [ edi t ] mi ke@j uni per 1# commit check [ edi t i nt er f aces l o0 uni t 0 f ami l y i net ] ' addr ess 192. 168. 69. 1/ 24' Loopback addr esses' pr ef i x must be 32 bi t s er r or : conf i gur at i on check- out f ai l ed 66
The CLI also provides a command to check that the system can process your candidate configuration. The commit check command validates the logic and completeness of the candidate without activating any changes. These are the same validations that run when you commit a candidate. If the system finds a problem in the candidate configuration, it lets you know, as shown in the example on this slide.
As a best practice, before activating a candidate as the running configuration, always check your work. Use the show pipe compare command to ensure all of the expected configuration elements and parameters are a part of the candidate. Enter the commit check command to have the system validate your candidate configuration without activating the changes.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 68
Slide 67
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Committing the Candidate Configuration (4 of 7) To activate the candidate configuration, enter the commit command. [ edi t ] mi ke@j uni per 1# commit commi t compl et e If any syntax or semantic problems are found, the commit command returns an error [ edi t ] mi ke@j uni per 1# commit er r or : Pol i cy er r or : Pol i cy my- pol i cy r ef er enced but not def i ned er r or : BGP: expor t l i st not appl i ed er r or : conf i gur at i on check- out f ai l ed 67
The candidate file is only the proposed configuration, and your device does not use any of this configuration until you issue a commit command. After you have entered all desired changes and you have double-checked your work, you are ready to activate your candidate as the active (or running) configuration. To activate the candidate configuration, enter the commit command. Before actually activating the candidate configuration, J unos checks basic syntax and semantics. For example, the software makes sure that a policy has been defined before it is referenced. If any syntax or semantic problems are found, the commit command returns an error.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 69
Slide 68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Committing the Candidate Configuration (5 of 7) The commit complete message tells you that the new configuration is up and running on the device. [ edi t ] mi ke@j uni per 1# commit commi t compl et e By default, if more than one user is modifying the configuration, committing the configuration saves and activates the changes of all users Unless a user is in configure private mode 68
You must fix all mistakes before the candidate (or any part of the candidate) can become active. The commit complete message tells you that the new configuration is up and running on the device. By default, if more than one user is modifying the configuration, committing the configuration saves and activates the changes of all users (unless a user is in configure private mode as we learned earlier in this course).
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 70
Slide 69
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Committing the Candidate Configuration(6 of 7) The commit confirmed command can prevent costly configuration mistakes by automatically rolling back problematic configurations [ edi t ] mi ke@j uni per 1# commit confirmed commi t conf i r med wi l l be aut omat i cal l y r ol l ed back i n 10 mi nut es unl ess conf i r med commi t compl et e If everything looks good, then you need to commit the new configuration a second time for the configuration to become permanent [ edi t ] mi ke@j uni per 1# commit commi t compl et e 69
Are you among those of us who have made the mistake of adding security to a remote box, only to discover the new firewall locked you out of the very interface that you were using to access the device? Do you have a story about the time you accidentally isolated a remote box and then had to jump in the car and drive for four hours in the middle of the night just to reset it? The commit confirmed command can prevent costly configuration mistakes by automatically rolling back problematic configurations. The commit confirmed command commits a candidate configuration for 10 minutes. If you dont then follow up with a second commit command, the device automatically rolls back to the previous configuration. You can use the commit confirmed command anytime you want a safety net against potential configuration problems. If everything looks good, then you need to commit the new configuration a second time for the configuration to become permanent
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 71
Slide 70
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Committing the Candidate Configuration (7 of 7) If you do not confirm the configuration by entering a second commit command, the CLI will roll back the device to the previous active configuration at the end of the 10 minutes Br oadcast Message f r omr oot @j uni per 1 ( no t t y) at 08: 10: 17 UTC Commi t was not conf i r med; aut omat i c r ol l back compl et e. You can alter the time that the device waits before rolling back by adding a wait- time (in minutes) to the command [ edi t ] mi ke@j uni per 1# commit confirmed 2 commi t conf i r mwi l l be aut omat i cal l y r ol l ed back i n 2 mi nut es unl ess conf i r med commi t compl et e 70
If you do not confirm the configuration by entering a second commit command, the CLI will roll back the device to the previous active configuration at the end of the 10 minutes. In this way, if you have accidently isolated the device, you simply need to wait for the rollback instead of agonizing over how you are going to otherwise undo your mistake. After the device rolls back, check for errors in the candidate configuration, and then try the commit command again. You can alter the time that the device waits before rolling back by adding a wait-time (in minutes) to the command. As a best practice, when you are configuring remote devices, always use the commit confirmed command to activate your candidate configuration. Even the most experienced J unos users want the insurance policy it provides to their work, and many have a story to tell about the day it saved them from their own mistake and lots of extra work.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 72
Slide 71
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Automating Everyday Tasks J unoscriptlets you automate, in your own way, both configuration and operational CLI commands Commit scripts Op and event scripts For instructions on implementing scripts, see the Configuration and Diagnostic Automation Guide at www.juniper.net/techpubs/ 71
You can optimize your work by adding automated scripting to your repertoire. J unoscript lets you automate, in your own way, both configuration and operational CLI commands. Using automated scripting can not only save you time, but can also reduce downtime by preventing configuration errors and speeding problem resolution and restoration. Commit scripts enable customized checks of configurations to ensure that they are in compliance with your network standards and policies. Op and event scripts can receive command output, inspect it, and determine the next appropriate actionrepeating the process until a problems source has been found. For instructions on implementing scripts, see the Configuration and Diagnostic Automation Guide at the URL onscreen.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 73
Slide 72
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Rolling Back the Configuration (1 of 2) Each device can store up to 49 of the most recently active versions [ edi t ] mi ke@j uni per 1# rollback 1 l oad compl et e 72
Whenever you commit the candidate configuration as the new active configuration, J unos automatically saves a copy of the replaced active file. As you store each newly replaced configuration, all the prior configuration files move back one version number further in the configuration archive. Each device can store up to 49 of the most recently active versions along with the current active configuration (also known as rollback 0). You can access this configuration archive using the rollback command, including the number of versions you want to go back. Return to the most recent previous configuration file using the rollback 1 command. The rollback command loads the requested archive as the candidate file. If you want to use it immediately, first make sure its what you want by using the show command, and then activate it with the commit command. This automatic backup mechanism lets you return quickly to a previous configuration for immediate use or for fast updates. Dont forget its necessary to commit the candidate file to actually activate the selected rollback file as the running configuration.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 74
Slide 73
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Rolling Back the Configuration (2 of 2) [ edi t i nt er f aces] mi ke@j uni per 1# show | compare rollback 2 [ edi t i nt er f aces] - f e- 3/ 0/ 1 { - vl an- t aggi ng; - uni t 240 { - vl an- i d 240; - f ami l y i net { - addr ess 10. 14. 250. 1/ 28; - addr ess 10. 14. 250. 17/ 28 { - pr ef er r ed; - } - addr ess 10. 14. 250. 33/ 28; - addr ess 10. 14. 250. 49/ 28; - addr ess 10. 14. 250. 65/ 28; - } - } - } [ edi t ] mi ke@j uni per 1# rollback ? Possi bl e compl et i ons: <[ Ent er ] > Execut e t hi s command 0 2009- 01- 31 04: 34: 56 UTC by mi ke vi a cl i 1 2009- 01- 31 04: 30: 03 UTC by mi ke vi a cl i 2 2009- 01- 30 06: 23: 44 UTC by mi ke vi a cl i *// Data Deleted FromExample //* 48 2008- 11- 03 08: 00: 03 UTC by mi ke vi a cl i 49 2008- 11- 03 07: 45: 21 UTC by mi ke vi a cl i | Pi pe t hr ough a command 73
If you arent sure what differences exist between the active (or running) configuration and a rollback file, investigate with the show | compare command as shown in the example on the left of this slide. Use the question mark with the rollback command to list the full archive. A truncated version of the output is shown in the example on the right. To reset the candidate configuration to the currently active configuration use the rollback (or rollback 0) command.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 75
Slide 74
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Preparing System Changes in Advance (1 of 3) Pre-configuration of new hardware. [ edi t ] mi ke@j uni per 1# edit interfaces fe-3/0/0 unit 0 [ edi t i nt er f aces f e- 3/ 0/ 0 uni t 0] mi ke@j uni per 1# set family inet address 192.168.1.254/24 [ edi t i nt er f aces f e- 3/ 0/ 0 uni t 0] mi ke@j uni per 1# commit commi t compl et e The commit at command [ edi t ] mi ke@j uni per 1# commit at 02:00:00 commi t check succeeds commi t wi l l be execut ed at 2009- 02- 02 02: 00: 00 UTC Exi t i ng conf i gur at i on mode mi ke@j uni per 1> 74
Unlike other systems, the J unos operating system lets you prepare for an installation before actually installing the hardware. The software simply ignores any parts of the running configuration that are irrelevant to the existing hardware installation. Whenever the hardware becomes available, the newly added section of the configuration then becomes active. The option to set up a configuration before hardware installation is quite useful, especially when the person installing the hardware is different from the person configuring the device, a common occurrence for remote boxes. Shown in the first example of this slide is a configuration for fe-3/0/0, which could, for example, be installed tomorrow. Sometimes you want to prepare configuration changes for activation at a specific time, such as during a maintenance window. The commit at command provides this option. To display any pending commit operations (and the commit history), enter the show system commit command. You can cancel a pending commit operation with the clear system commit command.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 76
Slide 75
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Preparing System Changes in Advance (2 of 3 ) The deactivate command [ edi t ] mi ke@j uni per 1# edit protocols bgp group internal [ edi t pr ot ocol s bgp gr oup i nt er nal ] mi ke@j uni per 1# set neighbor 192.168.1.1 [ edi t pr ot ocol s bgp gr oup i nt er nal ] mi ke@j uni per 1# deactivate neighbor 192.168.1.1 [ edi t pr ot ocol s bgp gr oup i nt er nal ] mi ke@j uni per 1# show t ype i nt er nal ; l ocal - addr ess 10. 14. 243. 255; expor t [ nhs accept - aggr egat es ] ; nei ghbor 10. 14. 243. 254; i nact i ve: nei ghbor 192. 168. 1. 1; [ edi t pr ot ocol s bgp gr oup i nt er nal ] mi ke@j uni per 1# commit commi t compl et e 75
You can also make configuration changes and mark them as inactive until you are ready to use them. The device ignores these portions of the configuration as though they were not even defined. In this example, a new BGP neighbor at 192.168.1.1 is configured but left deactivated until the session is ready to be introduced.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 77
Slide 76
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Preparing System Changes in Advance (3 of 3) The activate command [ edi t pr ot ocol s bgp gr oup i nt er nal ] mi ke@j uni per 1# activate neighbor 192.168.1.1 [ edi t pr ot ocol s bgp gr oup i nt er nal ] mi ke@j uni per 1# commit commi t compl et e Deactivate any portion of the configuration hierarchy [ edi t pr ot ocol s bgp gr oup i nt er nal ] mi ke@j uni per 1# up [ edi t pr ot ocol s bgp] mi ke@j uni per 1# deactivate group internal 76
As you can see in the first example on this slide, when youre ready to make the change, you just activate and commit that portion of the configuration, and the device will begin using it. You can deactivate any portion of the configuration hierarchy, and the device ignores everything underneath it. As illustrated in the second example, you can deactivate the entire group of BGP neighbors called internal.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 78
Slide 77
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Using Configuration Shortcuts (1 of 3 ) The copy command [ edi t i nt er f aces] mi ke@j uni per 1# show se- 0/ 0/ 2 { ser i al - opt i ons { cl ocki ng- mode dce; cl ock- r at e 125. 0khz; } uni t 0 { poi nt - t o- poi nt ; f ami l y i net { addr ess 10. 0. 22. 1/ 24; } } } [ edi t i nt er f aces] mi ke@j uni per 1# copy se-0/0/2 to se-0/0/1 [ edi t i nt er f aces] mi ke@j uni per 1# delete se-0/0/1 unit 0 family inet address 10.0.22.1/24 [ edi t i nt er f aces] mi ke@j uni per 1# set se-0/0/1 unit 0 family inet address 10.0.36.2/24 77
A typical configuration includes many similar elements named and defined by the user, such as interface names, policy statements, and firewall filters. The J unos CLI includes commands to duplicate and quickly change the configurations of these user-defined elements.
The copy command duplicates a configuration statement along with all the subordinate statements configured underneath it. In using the command, you copy the configuration associated with one user-defined element to a new, similarly configured element. You then modify that second element with any needed changes. The sample configuration on the left of this slide shows a configured serial interface se-0/0/2. As shown at the top of the example on the right. you can use the copy command to set up a new interface se-0/0/1. The duplicated interface has exactly the same parameters as the original. You can then make any needed changes in the configuration of the newly created interface se-0/0/1; for example, you can change its address. Continuing with the example on the right, you can delete the copied address and then replace it with the correct address for the new interface.
Very quickly, the new se-0/0/1 interface has been created, keeping most of the same properties as the se-0/0/2 interface. Before committing the candidate file, be sure to check your edits when changing the configuration with the copy command. Check that you made all the modifications needed in all the duplicated statements. Remember, the configuration might not be valid immediately after you have copied a portion of the configuration. You must check the validity of the new configuration and, if necessary, make modifications for the configuration to be valid. Slide 78
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 79
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Using Configuration Shortcuts (2 of 3) The rename command [ edi t i nt er f aces] mi ke@j uni per 1# show f e- 4/ 0/ 2 { uni t 0 { f ami l y i net { addr ess 10. 73. 24. 103/ 24; } } } [ edi t i nt er f aces] mi ke@j uni per 1# rename fe-4/0/2 unit 0 family inet address 10.73.24.103/24 to address 10.73.24.143/24 [ edi t i nt er f aces] mi ke@j uni per 1# show f e- 4/ 0/ 2 { uni t 0 { f ami l y i net { addr ess 10. 73. 24. 143/ 24; } } } 78
The rename command is a convenient shortcut when you need to alter the value of a user-defined variablesuch as policy names, filter names, or IP addressesor to change the name of a user- defined element. In the next example, the address of the Fast Ethernet fe-4/0/2 interface has been incorrectly set to 10.73.24.103/24. Lets use the rename command to change the value to 10.73.24.143/24 as shown at the top of the example on the right. Then, check to see that the change is completed using the show command again. Alternatively, instead of using rename, you can use the delete command to remove the statement and then use the set command to add the new value.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 80
Slide 79
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Using Configuration Shortcuts (3 of 3) [ edi t ] mi ke@j uni per 1# show interfaces f e- 0/ 0/ 0 { descr i pt i on MGMT I NTERFACE DO NOT DELETE; uni t 0 { f ami l y i net { addr ess 10. 210. 9. 177/ 28; } } } f e- 2/ 0/ 1 { vl an- t aggi ng; uni t 240 { vl an- i d 240; f ami l y i net { addr ess 10. 14. 243. 238/ 28; } } } [ edi t ] mi ke@j uni per . net # show interfaces f e- 0/ 0/ 0 { descr i pt i on MGMT I NTERFACE - DO NOT DELETE; uni t 0 { f ami l y i net { addr ess 10. 210. 9. 177/ 28; } } } f e- 2/ 0/ 0 { vl an- t aggi ng; uni t 240 { vl an- i d 240; f ami l y i net { addr ess 10. 14. 243. 238/ 28; } } } [ edi t ] mi ke@j uni per 1# rename interfaces fe-2/0/1 to fe-2/0/0 79
As a final example, here is a useful configuration tip for switching ports. How many times have you had to temporarily move a connection to another port just to test it? In J unos, the process is simple. Follow this example, as the configuration is moved from fe-2/0/1 to fe-2/0/0. Begin by looking at the existing interface configuration shown on the left of this slide. Using the rename interfaces command as shown in the example at the top moves the port in the candidate file. The candidate configuration now shows this move as we can see in the example on the right where we ran the show interfaces command again.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 81
Slide 80
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Section Summary After successfully completing this section, you should now be able to: Explain the J unos configuration process Enter the configuration mode in a number of ways Uncover configuration mode basics to view and navigate the configuration Edit the configuration by adding, removing and changing configuration statements Commit the candidate configuration and catch errors Automate everyday tasks to optimize your time Roll back the configuration to a previous working configuration Prepare system changes in advance Use configuration shortcuts to make changes quickly 80
After successfully completing this section, you should now be able to: Explain the J unos configuration process Enter the configuration mode in a number of ways Uncover configuration mode basics to view and navigate the configuration Edit the configuration by adding, removing and changing configuration statements Commit the candidate configuration and catch errors Automate everyday tasks to optimize your time Roll back the configuration to a previous working configuration Prepare system changes in advance, and Use configuration shortcuts to make changes quickly
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 82
Slide 81
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI By default, the commit confirmed command commits a configuration for how many minutes? Submit Submit Clear Clear Learning Activity 4: Question 1 81 A) 4 B) 8 C) 12 D) 10
Learning Activity 4: Question 1
By default, the commit confirmed command commits a configuration for how many minutes?
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 83
Slide 82
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI What message does the CLI display to tell you that the new configuration is up and running on the device? Submit Submit Clear Clear Learning Activity 4: Question 2 82 A) commit complete B) commit check C) committed D) commit confirmed
Learning Activity 4: Question 2
What message does the CLI display to tell you that the new configuration is up and running on the device?
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 84
Slide 83
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Lab 3 - Discovering Configuration Mode Enter Configuration Mode https://virtuallabs.juniper.net/ View and Navigate the Configuration Edit the Configuration Commit the Configuration Rollback the Configuration 83
Lab 3 Discovering Configuration Mode
In this lab, you will
Enter Configuration Mode View and Navigate the Current Configuration Edit Configuration by Adding and Changing Configuration Statements Commit the Candidate Configuration and Check for Errors, and Rollback the Configuration to a Previous Working Configuration .
To get the lab instructions, click on the attachments icon in the lower right corner of the course window,
To enter the Virtual Lab, click the link onscreen.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 85
Slide 84
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Course Summary After successfully completing this course, you will be able to: Navigate the CLIs operational mode and configuration mode on any device run by the J unos operating system Understand the hierarchies that underlie each mode Get onboard help and use keyboard shortcuts to speed up your work Show device status, alarms, and other helpful information in operational mode Modify, save, and load configuration files with minimal risk to operations Use basic configuration mode commands such as show, set, and delete Capitalize on the safety features of the J unos OS commit model Prepare system changes in advance Use the shortcuts and tips of experienced users and avoid common problems 84
After successfully completing this course, you should now be able to: Navigate the CLIs operational mode and configuration mode on any device run by the J unos operating system. Understand the hierarchies that underlie each mode. Get onboard help and use keyboard shortcuts to speed up your work. Show device status, alarms, and other helpful information in operational mode. Modify, save, and load configuration files with minimal risk to operations. Use basic configuration mode commands such as show, set, and delete. Capitalize on the safety features of the J unos OS commit model. Prepare system changes in advance, and Use the shortcuts and tips of experienced users and avoid common problems.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 86
Slide 85
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Additional Resources Education Services training classes http://www.juniper.net/training/technical_education/ J uniper Networks Certification Program Web site www.juniper.net/certification J uniper Networks documentation and white papers www.juniper.net/techpubs To submit errata or for general questions elearning@juniper.net 85
For additional resources or to contact the J uniper Networks eLearning team, click the links on the screen.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 87
Slide 86
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI Evaluation and Survey You have reached the end of this J uniper Networks eLearning module You should now return to your J uniper Learning Center to take the assessment and the student survey After successfully completing the assessment, you will earn credits that will be recognized through certificates and non-monetary rewards The survey will allow you to give feedback on the quality and usefulness of the course 86
You have reached the end of this J uniper Networks eLearning module. You should now return to your J uniper Learning Center to take the assessment and the student survey. After successfully completing the assessment, you will earn credits that will be recognized through certificates and non-monetary rewards. The survey will allow you to give feedback on the quality and usefulness of the course.
Exploring the J unos CLI PRT-EXPLORE-J UNOS-CLI-B J uniper Networks, Inc. 88
Slide 87
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | CONFIDENTIAL PRT-EXPLORE-JUNOS-CLI 2011 J uniper Networks, Inc. J uniper Networks, J unos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of J uniper Networks, Inc. in the United States and other countries. The J uniper Networks Logo, the J unos logo, and J unosE are trademarks of J uniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. J uniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 87
J uniper Networks, Inc. All rights reserved. J uniper Networks, the J uniper Networks logo, J unos, NetScreen and ScreenOS are registered trademarks of J uniper Networks, Inc. in the United States and other countries. J unosE is a trademark of J uniper Networks, Inc. All other trademarks, service marks, registered trademarks or registered service marks are the property of their respective owners. J uniper Networks reserves the right to change, modify, transfer or otherwise revise this publication without notice.
Corporate and Sales Headquarters J uniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA Phone: 888.J UNIPER (888.586.4737) or 408.745.2000 Fax: 408.745.2100 www.juniper.net APAC Headquarters J uniper Networks (Hong Kong) 26/ F, Cityplaza One 1111Kings Road Taikoo Shing, Hong Kong Phone: 852.2332.3636 Fax: 852.2574.7803 EMEA Headquarters J uniper Networks Ireland Airside Business Park Swords, County Dublin, Ireland Phone: 35.31.8903.600 EMEA Sales: 00800.4586.4737 Fax: 35.31.8903.601 Copyright 2010 J uniper Networks, Inc. All rights reserved. J uniper Networks, the J uniper Networks logo, J unos, NetScreen, and ScreenOS are registered trademarks of J uniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. J uniper Networks assumes no responsibility for any inaccuracies in this document. J uniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. education services courseware