Juniper CLI Quick Reference

updated: 21st of January 2019

published: 17th of November 2018

Intro

The Juniper operating system is known as Junos. The Juniper CLI is an application that is used to manage, monitor and configure Juniper devices. The CLI is full of great features to make managing them easier. This is a quick reference guide and not an exhaustive list of features. Seek the links section at the bottom of the post for more detailed references.

CLI Modes

Junos has a number of CLI modes which can be identified by the current prompt.

Operational Mode

Operational mode provides commands to monitor, manage and maintain Juniper devices.

cmd 
vagrant@vsrx>

Configuration Mode

Device configuration

cmd 
vagrant@vsrx#

Unix Shell

Junos is built on top of BSD and the unix shell is available.

cmd 
root@vsrx%

Junos commands are case sensitive.

cmd 
show version # valid command

Show VERSION # not a valid command

Getting Help

Junos has a number of on board help options.

Question Mark

Question mark ? provides context sensitive Help

cmd 
sh?
show ?

Tab Completion

the Tab key completes keywords or shows possible completions for ambiguous commands.

cmd 
vagrant@vsrx> s <Tab>
               ^
's' is ambiguous.
Possible completions:
  save                 Save information to file
  set                  Set CLI properties, date/time, craft interface message
  show                 Show system information
  ssh                  Start secure shell on another host
  start                Start shell

Space Completion

By default the Space key auto-completes commands in a similar way to Tab completion. This behaviour can be set as follows.

cmd 
set cli complete-on-space (off | on)

Onboard Documentation

Junos also has built in documentation.

The help reference commands provide documentation similar to Unix MAN pages.

cmd 
help reference ospf area

The help apropos is used to search all keywords in the documentation or command descriptions.

cmd 
help apropos users # show all commands with 'users' statements or 'users' in the description

Displaying Output

There are a number of ways to alter the output of Junos commands

Pipe Operator

The Pipe | operator can be used to filter command outputs. Filters can also be chained together.

cmd 
show config | display set | match security

Working With Files

The file command is used to manage files.

cmd 
file show <location>

Copying Files

cmd 
file copy /source-url/filename /destination/filename

file copy test.txt ftp://blah:blah@blah.com/some/directory/filename

Daemons

Processes in Junos run in protected memory space called Daemons. Its possible to restart a misbehaving or failed process such as lldp . Processors are restarted from operational mode with the restart command.

cmd 
restart lldpd-service <gracefully|immediately|soft>

Requesting Things

The request command is used to restart modules or the device, upgrade software, cleanup storage, etc...

cmd 
request system software add <package-name>
request system reboot

Logs

Log files are stored in the /var/log/ folder. Logs can be viewed with the show log command.

cmd 
show log messages

The log files can be very long, view the last N number of messages by '|' piping to last <number of messages> .

cmd 
show log messages | last 10

Configuration Mode

Junos has 3 configuration modes

Standard Mode

  • All users share the same candidate configuration.
  • Entered with the configure or edit commands.
  • Non committed changes are preserved on exit of configuration mode.

Exclusive Mode

  • Creates and exclusive lock on the candidate configuration and no other users can edit it.
  • Entered with the configure exclusive command.
  • Non committed changes are discarded on exit.

Private Mode

  • Creates a private candidate configuration space where the changes are only visible to the user.
  • Entered with the configure private command.
  • Only the changes in the private config are applied avoiding conflicts withing any other users that are editing the config.
  • Non committed changes are discarded on exit.
Note
Best practice is to use either the configure exclusive or private modes for editing the configuration.

Configuration Syntax

There are two types of configuration syntax: Set and Stanza

Set Syntax

cmd 
set protocols lldp interface all

Stanza Syntax

config 
protocols {
    lldp {
        interface all;
    }
}

Set commands can be pasted directly into configuration mode.

Stanza syntax needs to be entered using the load command. There are different methods of loading a stanza config.

  • merge Merge contents with existing configuration
  • override Override existing configuration
  • patch Load patch file into configuration
  • replace Replace configuration data
  • update Update existing configuration

Navigating The Config Hierarchy

When you first enter configuration mode you are at the top of the configuration hierarchy.

The prompt identifies which level of the hierarchy you are currently at.

cmd 
[edit] # top of configuration hierarchy

vagrant@vsrx# edit interfaces ge-0/0/2

[edit interfaces ge-0/0/2] # interfaces > ge-0/0/2 configuration

vagrant@vsrx#

Move up one level with the up command.

cmd 
[edit interfaces ge-0/0/2] # interfaces > ge-0/0/2 configuration level

vagrant@vsrx# up

[edit interfaces] # interfaces configuration level

vagrant@vsrx#

Move back to the top with the top command.

cmd 
[edit interfaces ge-0/0/2] # interfaces > ge-0/0/2 configuration level

vagrant@vsrx# top

[edit] # top configuration level

vagrant@vsrx#

Candidate Configuration

Changes made to the configuration are placed in a staging area called a candidate configuration. Changes need to be committed to the running configuration before they take effect.

Checking Configuration

Junos has a built in syntax and configuration validator. Use the commit check command to validate all required commands are present and the syntax is correct.

The show | compare command will output a unix style diff outlining the changes that will be made to the running config if the candidate config is applied.

Applying Configuration

Candidate configuration is applied to the running config with the commit command.

An automatic rollback timer can be enabled using the commit confirmed <time-in-minutes> command. If the change is not confirmed within the time limit the config will be automatically rolled back to the previous config revision. This is very handy when applying changes on remote devices.

Comments can also be added to a commit using the commit comment command.

Note
Best practice is the perform a show | compare and $2 prior to committing a candidate config to the running config.

Config can be committed at a designated time using the commit at <time> command which is usefull for syncronizing commits.

Configuration Rollback

The rollback command can be used to discard the current candidate config.

By default the last 50 configuration changes are stored on box. The show system commit command can be used to view them.

cmd 
vagrant@vsrx> show system commit
0   2018-04-09 11:05:11 UTC by root via cli
1   2018-04-09 11:01:21 UTC by root via cli
2   2015-03-27 06:16:06 UTC by root via cli
3   2015-03-27 06:11:54 UTC by root via other

Rollback to a previous version of config with the rollback <revision-number> command. When rolling back to a previous configuration, it becomes the current candidate configuration and needs to be committed to be applied to the running configuration.

Note
Configuration revision 0 is the current running config.

Rescue Config

If the active config gets corrupted for some reason a file named rescue.gz in the /config/ directory will be loaded.

cmd 
vagrant@vsrx> file copy /config/juniper.conf.gz /config/rescue.gz
Note
Best practice is to keep a known good config as the rescue config.

Delete Config

The delete command can be used to remove a section of config.

cmd 
delete interfaces ge-0/0/0

Deactivate Config

The deactivate command disable a section of config rather than delete it.

cmd 
deactivate interfaces ge-0/0/0

Copying Config

The copy command can be used to copy a section of config.

cmd 
copy interfaces ge-0/0/0 to ge-0/0/1

Rename Config

The rename command can be used to change a section of config.

cmd 
rename interfaces ge-0/0/0 to ge-0/0/1

Insert Config

The insert command can be used to move a section of config to another place in the hierarchy.

cmd 
insert term four before term two

Replace Config

The replace command can be used to override a pattern in the config.

cmd 
replace pattern ge-0/0/0 with ge-0/0/1

Configuration Comments

The annotate command can be used to add comments to the running configuration.

Configuration Groups

Configuration groups allow you to apply common configurations to many places. For example access port share many common config elements, a config group can be used to apply the common elements to all access ports.

Where a group is applied in the configuration hierarchy matters, for example.

  • set apply-group SOME-GROUP applies to the entire config.
  • set interfaces apply-group SOME-GROUP applies to the interfaces hierarchy.
cmd 
set groups SOME-GROUP some-configuration
set some-config-hierarchy SOME-GROUP

Outro

Junos is a very well thought out and operator friendly CLI. It has great features to make working with the CLI not so much of a chore as some other network products. Juniper also has a couple of great Day One books dedicated to operating the Juniper CLI which are well worth reading (and free) check out the links below to find them.

https://www.juniper.net/us/en/training/jnbooks/day-one/fundamentals-series/cli/

https://www.juniper.net/documentation/en_US/junos/information-products/pathway-pages/junos-cli/junos-cli.html

https://apps.juniper.net/cli-explorer/