The Juniper operating system is known as Junos. The Juniper CLI is an application that is used to manage, monitor and configure Juniper devices. The CLI is full of great features to make managing them easier. This is a quick reference guide and not an exhaustive list of features. Seek the links section at the bottom of the post for more detailed references.

CLI Modes

Junos has a number of CLI modes which can be identified by the current prompt.

Operational Mode

Operational mode provides commands to monitor, manage and maintain Juniper devices.


Configuration Mode

Device configuration


Unix Shell

Junos is built on top of BSD and the unix shell is available.


Junos commands are case sensitive.

show version # valid command
Show VERSION # not a valid command

Getting Help

Junos has a number of on board help options.

Question Mark

Question mark ? provides context sensitive Help

show ?

Tab Completion

the Tab key completes keywords or shows possible completions for ambiguous commands.

vagrant@vsrx> s <Tab>
's' is ambiguous.
Possible completions:
  save                 Save information to file
  set                  Set CLI properties, date/time, craft interface message
  show                 Show system information
  ssh                  Start secure shell on another host
  start                Start shell

Space Completion

By default the Space key auto-completes commands in a similar way to Tab completion. This behaviour can be set as follows.

set cli complete-on-space (off | on)

Onboard Documentation

Junos also has built in documentation.

The help reference commands provide documentation similar to Unix MAN pages.

help reference ospf area

The help apropos is used to search all keywords in the documentation or command descriptions.

help apropos users # show all commands with 'users' statements or 'users' in the description

Displaying Output

There are a number of ways to alter the output of Junos commands

Pipe Operator

The Pipe | operator can be used to filter command outputs. Filters can also be chained together.

show config | display set | match security

Working With Files

The file command is used to manage files.

file show <location>

Copying Files

file copy /source-url/filename /destination/filename

file copy test.txt


Processes in Junos run in protected memory space called Daemons. Its possible to restart a misbehaving or failed process such as lldp. Processors are restarted from operational mode with the restart command.

restart lldpd-service <gracefully|immediately|soft>

Requesting Things

The request command is used to restart modules or the device, upgrade software, cleanup storage, etc...

request system software add <package-name>
request system reboot


Log files are stored in the /var/log/ folder. Logs can be viewed with the show log command.

show log messages

The log files can be very long, view the last N number of messages by '|' piping to last <number of messages>.

show log messages | last 10

Configuration Mode

Junos has 3 configuration modes

Standard Mode

  • All users share the same candidate configuration.
  • Entered with the configure or edit commands.
  • Non committed changes are preserved on exit of configuration mode.

Exclusive Mode

  • Creates and exclusive lock on the candidate configuration and no other users can edit it.
  • Entered with the configure exclusive command.
  • Non committed changes are discarded on exit.

Private Mode

  • Creates a private candidate configuration space where the changes are only visible to the user.
  • Entered with the configure private command.
  • Only the changes in the private config are applied avoiding conflicts withing any other users that are editing the config.
  • Non committed changes are discarded on exit.


Best practice is to use either the configure exclusive or private modes for editing the configuration.

Configuration Syntax

There are two types of configuration syntax: Set and Stanza

Set Syntax

set protocols lldp interface all

Stanza Syntax

protocols {
    lldp {
        interface all;

Set commands can be pasted directly into configuration mode.

Stanza syntax needs to be entered using the load command. There are different methods of loading a stanza config.

  • merge Merge contents with existing configuration
  • override Override existing configuration
  • patch Load patch file into configuration
  • replace Replace configuration data
  • update Update existing configuration

Navigating The Config Hierarchy

When you first enter configuration mode you are at the top of the configuration hierarchy.

The prompt identifies which level of the hierarchy you are currently at.

[edit] # top of configuration hierarchy
vagrant@vsrx# edit interfaces ge-0/0/2

[edit interfaces ge-0/0/2] # interfaces > ge-0/0/2 configuration

Move up one level with the up command.

[edit interfaces ge-0/0/2] # interfaces > ge-0/0/2 configuration level
vagrant@vsrx# up

[edit interfaces] # interfaces configuration level

Move back to the top with the top command.

[edit interfaces ge-0/0/2] # interfaces > ge-0/0/2 configuration level
vagrant@vsrx# top

[edit] # top configuration level

Candidate Configuration

Changes made to the configuration are placed in a staging area called a candidate configuration. Changes need to be committed to the running configuration before they take effect.

Checking Configuration

Junos has a built in syntax and configuration validator. Use the commit check command to validate all required commands are present and the syntax is correct.

The show | compare command will output a unix style diff outlining the changes that will be made to the running config if the candidate config is applied.

Applying Configuration

Candidate configuration is applied to the running config with the commit command.

An automatic rollback timer can be enabled using the commit confirmed <time-in-minutes> command. If the change is not confirmed within the time limit the config will be automatically rolled back to the previous config revision. This is very handy when applying changes on remote devices.

Comments can also be added to a commit using the commit comment command.


Best practice is the perform a show | compare and commit check prior to committing a candidate config to the running config.

Configuration Rollback

The rollback command can be used to discard the current candidate config.

By default the last 50 configuration changes are stored on box. The show system commit command can be used to view them.

vagrant@vsrx> show system commit
0   2018-04-09 11:05:11 UTC by root via cli
1   2018-04-09 11:01:21 UTC by root via cli
2   2015-03-27 06:16:06 UTC by root via cli
3   2015-03-27 06:11:54 UTC by root via other

Rollback to a previous version of config with the rollback <revision-number> command. When rolling back to a previous configuration, it becomes the current candidate configuration and needs to be committed to be applied to the running configuration.


Configuration revision 0 is the current running config.

Rescue Config

If the active config gets corrupted for some reason a file named rescue.gz in the /config/ directory will be loaded.

vagrant@vsrx> file copy /config/juniper.conf.gz /config/rescue.gz


Best practice is to keep a known good config as the rescue config.

Copying Config

The copy command can be used to copy a section of config.

copy interfaces ge-0/0/0 to ge-0/0/1

Rename Config

The rename command can be used to change a section of config.

rename interfaces ge-0/0/0 to ge-0/0/1

Configuration Comments

The annotate command can be used to add comments to the running configuration.

Configuration Groups

Configuration groups allow you to apply common configurations to many places. For example access port share many common config elements, a config group can be used to apply the common elements to all access ports.

Where a group is applied in the configuration hierarchy matters, for example.

  • set apply-group SOME-GROUP applies to the entire config.
  • set interfaces apply-group SOME-GROUP applies to the interfaces hierarchy.

set groups SOME-GROUP some-configuration
set some-config-hierarchy SOME-GROUP


Junos is a very well thought out and operator friendly CLI. It has great features to make working with the CLI not so much of a chore as some other network products. Juniper also has a couple of great Day One books dedicated to operating the Juniper CLI which are well worth reading (and free) check out the links below to find them.


Published: 2018-11-17