Juniper JunOS Basics


M - Multi-Service Edge Router for Enterprise and SP Applications
M7 M10 M20 M40e M120(10g) M320(10g)

T - Core routing and peering
T320 T640(40g) TX(40g) T1600(40g)

MX - Carrier Ethernet
MX240(10g) MX480(10g) MX960(10g)

JNCIA-Junos - Juniper Networks Certified Associate - Junos (Exam code: JN0-102)

==Routing Engine And Packet Forwarding Engine
RE (Routing Engine)
PFE (Packet Forwarding Engine)
PIC (PPhysical Interface Card)
FPC (Flexible PIC Concentrator)
SCB (Switching Control Board)

==Boot Sequence

==REVERT JunOS to Defualt Config
root% cli
SRX-1> configure
SRX-1# load factory-defualt
SRX-1# set system root-authentication plain-text-password
SRX-1# commit
SRX-1# exit
SRX-1> request system reboot

root% cli
root% exit

root@SI-JunOS-12.1> show cli 
CLI complete-on-space set to on
CLI idle-timeout disabled
CLI restart-on-upgrade set to on
CLI screen-length set to 38
CLI screen-width set to 183
CLI terminal is 'linux'
CLI is operating in enhanced mode
CLI timestamp disabled
CLI working directory is '/root'

=User account
edit system login user [user name]
set uid xxx
set class super-user
edit authentication
set plain-text-password

New password; xxxxx
Retype new password; xxxxx

set system root-authencrypted plain-text-password
set system root-authencrypted encrypted-password <encrypted>
set system root-authencrypted ssh-rsa <key>

set system host-name <host1>
set system domain-name <>
set system name-server <>
set system services ssh
set system services telnet

set routing-options static route next-hop no-readvertise

set system time-zone Asia/Taipei
set date 200906182340
set system ntp server

A time difference of less than 128ms between server and client is required to maintain NTP synchronization. The typical accuracy on the Internet ranges from about 5ms to 100ms, possibly varying with network delays. A recent survey[2]suggests that 90% of  the NTP servers have network delays below 100ms, and about 99% are synchronized within one second to the synchronization peer.

[edit interfaces]
set lo0 unit 0 family inet address


LOCAL: name/passwd, per-user 'class' permissions (custom groups of permissions)

Default Login classes:
 - operator : clear, network, reset, trace, view
 - read-only: view
 - super-user: allow
 - un-authorized: none

==RADIUS as auth method
# set system authentication-order radius
# set system radius-server secret <passwd>

==USER add
jc@Junos# set user jc class super-user
jc@Junos# set user jc authentication plain-text-password

jc@Junos# set system login message "------\nWARNING: Unauthorized access prohibited. -----\n"
jc@Junos# set system announcement "Network maintenance announcement."

Operational mode - monitor and tshoot, commands are executed from this mode
show version|ospf|isis|interfaces|chassis|bgp
show route terse|table|protocol|exact|brief
show | compare
show config | compare rollback <nr>

request —for performing system-level operations, including stopping and rebooting the router or switch and loading Junos OS images.
request support information
request system reboot (reboot)
request system halt  (shutdown)
request system halt both-routing-engines (for redundant RE chassis)
request system snapshot  (backup routing soft)
request system software add /var/db/...

start —to exit the CLI and start a UNIX shell.
configure —for entering configuration mode,
quit —to exit the CLI.
copy -copies files from one location on the router or switch to another, from the router or switch to a remote system and back
restart -hierarchy restart the various Junos OS processes, including the routing protocol, interface, and SNMP.

Commands for monitoring and troubleshooting:
clear—Clear statistics and protocol database information.
mtrace—Trace mtrace packets from source to receiver.
monitor—Perform real-time debugging of various software components, including the routing protocols and interfaces.
ping—Determine the reachability of a remote network host.
show—Display the current configuration and information about interfaces, routing protocols, routing tables, routing policy filters, system alarms, and the chassis.
test—Test the configuration and application of policy filters and autonomous system (AS) path regular expressions.
traceroute—Trace the route to a remote network host.

Configuration mode - configure the router

CTRL+A - the beginning of line
CTRL+E - the end of line
Delete - delete of 1 char before cursor
CTRL+D - delete of 1 char under cursor
CTRL+W - delete 1 word to left of cursor
CTRL+L - redraw

SPACE - completes a command
TAB - completes a variable
? - cpmtext-sens help
| - pipe to filter output

help topic routing-options static - info on general concept
help reference routing-options martians  - config-related info
help apropos bfd - config-related history
help tip cli - random tip (recommandation)

Active config (startup)
Candidate (running)
commit - changes wont apply until this command, config is saved
rollback n - undo commit
edit, set, rename, insert - Add and modify configuration statements
show - see candidate
delete - remove config statement
status - Display other users configuring router
run - execute show commands form config mode (like 'do' in cisco)

==Commit Junos Configuration
Candidate Configuration - You always enter your configuration or changes as a condidate file.
show|compare - see exactly changes you made and look for any last-minute typos.
commit check - The system verifies the logic and completeness of your new configuration entries without activating any changes.
commit confirmed - If you don’t confirm your changes by entering commit within 10 minutes of activation, the device reverts back to the prior configuration.
rollback - lets you restore the rescue or any of the prior 50 configurations. A quick rollback is much easier than undoing one command at a time.

save <file> - saved to ASCII file, File is saved to user’s home directory unless full path name is specified
load <file> - Override an existing configuration, Merge new statements into existing configuration, Replace existing statements in current configuration
load (replace | merge | override) filename, and commit to activate

> configure - multi user config
> configure exclusive - single user config
> configure private - user edit a private copy of candidate config

top/up - hierarchy navigation
# edit chassis alarm ethernet

statements that you can apply to different sections of config
# show groups re0
interface fxp0 unit0 family inet  address
# show groups re1
interface fxp0 unit0 family inet  address

# set apply-groups [re0 re1]

System keeps log files in /var/log
 •messages file contains running commentary  about system operation
 •Can be tuned to provide minimal to extensive logging
show log <file-name>
show log messages | match fail
show log messages | match "fpc | sfm"
show log messages | match "1/1/3" match TRAP
monitor start <file-name> - View in real time with

 set system services ssh
root-login (allow | deny | deny-password);
protocol-version [ v1 v2 ];
client-alive-count-max 5;
client-alive-interval 20;
fingerprint-hash (md5 | sha2-256);
 set system services telnet
 set system services ftp

==Upgrade Junos software
jc@Junos> request system software add jbundle-5.3R2.4-domestic-signed.tgz
jc@Junos> request system software add jbundle-5.3R2.4-domestic-signed.tgz reboot

===BASIC Commands
show version
monitor -Contents of the log files
show log -Log files and their contents and recent user logins


> show configuration

# show
# show protocols
# show protocols bgp

file list
file show
show cli history

run show interfaces terse
show interfaces
monitor interfaces em0.0
monitor traffic  (tcpdump)
clear interface statistics
show arp

show chassis alarms
show chassis craft-interface
show chassis environment
show chassis hardware
show chassis routing-engine
show system uptime

show route
show route forwarding-table
show isis adjacency
show ospf neighbor
show bgp neighbor
show mpls interface
show mpls lsp
show route label-switched-path
show rsvp interface
show rsvp session
show rsvp statistics

==MGMT interfaces
fxp0 - out-of-band mgmt
fxp1/bcm0 - internal Routing Engine-to Packet Forwd Engine
fxp2 or em0 - internal RE-to-RE (none config neede, do not modify)

Common media types:
at - ATM over SONET/SDH
fe - Fast Ethernet
ge - Giga Ethernet
xe - 10G Ethernet
ae - Aggregated Ethernet
gr - GRE
lo - loopback

#Protocol families:
inet - ipv4
inet6 - ipv6
iso - ISO for IS-IS
mpls - traffic engineering

# help topic interfaces family   

set interface ge-1/0/3 vlan-tagging
set interface ge-1/0/3 unit 40 vlan-id 40
set interface ge-1/0/3 unit 0 family inet address
set interface ge-1/0/3 disable (ADMINISTRATIVELY DOWN)
deactivate interfaces ge-1/0/3 (ignore this interface)
activate interfaces ge-1/0/3 (reactivate)

# default route
set routing-options static route next-hop
set routing-options static route default next-hop address
# static route
set routing-options static route next-hop

Term - group any match conditions and actions together under a common hierarchy in the configuration.

Terminating : accept, reject
Flow control: skip to next policy, skipt to next term
Modify: Metric, Preference, Color, Next-hop address

# apply policis:
BGP: Global, peer, peer-group IMPORT/EXPORT
RIP: Default and neighnor IMPORT and group EXPORT
IS-IS/OSPF: Global EXPORT only!

Only MOST specific policies are applied to particular peer:
neighbor policy > group policy > global polcy

# A simple statement such as “the IP prefix 10.10/16 should have a metric of 10”
[edit policy-options]
jack# show
policy-statement some-test-policy {
term plain-english {   from { route-filter exact; }  then { metric 10; accept; }}

protocols {
isis {export [policy-list];}
bgp {export [policy-list]; import [policy-list];}

[edit protocols bgp]
# set export advertise-ospf

set interfaces fe-0/0/1 unit 0 family inet address
set interfaces fe-1/1/0 unit 0 family inet address
set interfaces fe-1/0/0 unit 0 family inet address
set policy-options policy-statement export-policy term term1 from route-filter prefix-length-range /30-/30
set policy-options policy-statement export-policy term term1 then accept
set protocols ospf area interface fe-0/0/1
set protocols ospf area interface fe-0/1/0
set protocols ospf area interface fe-1/0/0
set protocols ospf area network-summary-export export-policy

> show route

Junos have 5 default routing tables:
inet.0 - unicast routes
inet.1 - multicast forward cache
inet.2 - MBGP routes for RPF (Reverse PATH Forwarding)
inet.4 - MPLS
mpls.0 - MPLS label switching

Default protocols preferences :
0 Direct
5 Static
15 IS-IS
100 RIP
130 Aggregated
170 BGP

show route protocol ospf
show ospf route detail
show ospf database brief

BGP route selection:
Can the BGP next-hop be resolved
Prefer the highest local preference value
Prefer shortest AS Path
Prefer the lowest origin value -Describes where first router received the information § i = IGP (0), § E = EGP (1), § ? = Incomplete (2)
Prefer the lowest MED value
Prefer routes learned using EBGP over IBGP
Prefer routes with the lowest IGP metric
 -Prefer routes from inet.3 over inet.0
 -Prefer routes with a greater number of next hops
 -When using route reflectors, prefer the route with shorter cluster list
Prefer routes from the peer with lowest Router ID
Prefer routes from peer with lowest peer ID