O'Reilly logo

JUNOS Enterprise Routing by Harry Reynolds, Doug Marschke

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CLI Review

The tool that will most often be used to configure and troubleshoot the router is the CLI. The JUNOS software CLI is one of the most user-friendly and feature-rich in the industry. Most users spend years attempting to master other router vendors’ CLIs, whereas JUNOS software can be mastered in just a few hours. Other configuration methods do exist, such as a web GUI called Jweb (see Figure 1-4), which is often used on the J-series routers. Note that the operation of Jweb is beyond the scope of this book, so all configuration examples will be shown via CLI commands instead.

Jweb

Figure 1-4. Jweb

General CLI Features

The CLI has two modes: operational and configuration. Operational mode is where you can troubleshoot and monitor the software, router, and network. Configuration mode is where the actual statements for interfaces, routing protocols, and others are placed.

Tip

Every command that can be run in operational mode can also be used in configuration mode with the additional keyword run. For example, if the command show route is issued in operational mode, it can be issued as run show route in configuration mode.

When a user first enters the router via Telnet, Secure Shell (SSH), or direct console access, the user will see a login prompt. After entering the correct username and password, the user will be placed directly into operational mode. Operational mode will be designated by the > (chevron) character at the router prompt of . As shown here, user doug logs into a router called Hops:

Hops (ttyd0)

login:doug
Password:

--- JUNOS 8.0R1.9 built 2006-08-11 16:25:40 UTC
doug@Hops>

An exception to being automatically placed into operational mode occurs when you log in as user root. In this case, the user will actually be placed into the shell (designated by the percent sign) and will have to start the CLI process manually:

Hops (ttyd0)

login:root
Password:

--- JUNOS 8.0R2.8 built 2006-09-29 09:22:36 UTC
root@Hops% cli
root@Hops>

Most of the commands that you will run in operational mode are show commands, which allow you to gather information about the routing protocols, interfaces, router’s software, and router’s hardware. Ping, traceroute, telnet, and ssh can also be performed from this mode. Finally, some very JUNOS-specific commands, such as request, restart, and test, may be issued. Request commands perform system-wide functions such as rebooting, upgrading, and shutting down the router. Restart commands are similar to the Unix-style kill commands, which allow you to restart certain software processes. Test commands allow verifications for save configuration files, proactive testing of policies, and interface testing such as BERT (bit error rate testing) and FEAC (far-end alarm and control) loopbacks.

Tip

You should use the restart command with great caution! Depending on the software process being restarted, the consequences could be severe. Restarting the SNMP process would probably get you a slap on the wrist, but restarting the routing process could be a reason to go into hiding on a remote island!

There are a few general JUNOS software CLI features worth mentioning, including command completion, EMACs-style keys, and pipe commands.

Command completion

The command completion feature will save you lots of time and energy, as it provides syntax checking as you type. Gone are the days when a command is typed on a line and, after pressing Enter, the command is either invalid or not supported on that version of software. Any error or ambiguity will be detected early, and the router will present a list of possible valid completions. Command completion is accomplished by using either the Space bar or the Tab key. Either one will complete a command for you, but the Tab key can also complete variables such as interface names, IP addresses, filter names, and filenames. For example, to view the configuration of a certain ATM interface, you would type the following:

doug@Hops>sh<space>ow conf<space>iguration int<space>erfaces
at<tab>−0/2/1<enter>

Notice that the Space bar is used until a variable is reached and the interface name is used when the Tab key must be used (as the Space bar completes only commands and not variables).

Tip

For the reader with experience using Cisco’s IOS, command completion makes for an easy transition. First, forget about the word IP, as the IOS command show ip route simply becomes show route in JUNOS. Also, common IOS abbreviations such as sh int will still work in JUNOS if you type doug@hops> sh<space>ow int<enter>.

In the previous example, the syntax checker went word by word each time the Space bar or Tab key was pressed, and the minimum characters were typed to avoid ambiguity. What would happen if the syntax checker noticed an error or incomplete word? It would state this ambiguity and list the possible completions:

user@host>show ip<space>
                   ^
'ip' is ambiguous.
Possible completions:
  ipsec                Show IP Security information
  ipv6                 Show IP version 6 information

EMACs

Another useful JUNOS feature set in the router itself is the use of EMACs-style keystrokes when in vt100 mode. This allows you to move the cursor around the command line or to edit the command line. Some useful EMACs keystrokes are:

Ctrl-b

Move the cursor back one character.

Ctrl-a

Move the cursor to the beginning of the command line.

Ctrl-e

Move the cursor to the end of the command line.

Ctrl-k

Delete all words from the cursor to the end of the line.

Ctrl-x

Delete or clear the entire line.

Ctrl-l

Redraw the current line.

Ctrl-p

Scroll backward through the previously typed commands. You also can use the Up arrow for this purpose.

Ctrl-n

Scroll forward through the previously typed commands. You also can use the Down arrow for this purpose.

Ctrl-r

Search the previous CLI history for a search string.

Pipe commands

The last important feature to call out in the JUNOS software CLI is the use of pipe commands to control the output of any command. For example, when a command such as show is issued, the data is placed into a buffer and is displayed when the Enter key is pressed. A pipe command allows the display buffer to be altered. Many pipe commands can be used on the router, but let’s examine the most common applications and pipe commands:

count

Count the lines in the output:

doug@Hops>show interfaces terse | count
Count: 29 lines
display

Show additional data; for example, XML tags or set commands:

doug@Hops>show configuration | display set
set version 8.0R2.9
set system host-name Hops
set system backup-router 10.210.8.30
set system backup-router destination 0.0.0.0/0
set system ports console type vt100
set system root-authentication encrypted-password "$1$G/
pd5odz$eYJi89TZkRxDWitUBB3of0"
set system login class view-only permissions view
set system login user doug uid 2019
set system login user doug class super-user
set system login user doug authentication encrypted-password "$1$sr.a1nvE$K573iU.
bHSZkLiW9SMWwg."
set system login user lab uid 2021
set system login user lab class super-user
set system login user lab authentication encrypted-password "$1$/
z4qeiUp$ocnPhXAbz1xzDoTUKRhgm."
set system login user restricted uid 2022
set system login user restricted class view-only
set system login user restricted authentication encrypted-password "$1$tYpOu.
Hv$tpeT0xf.3pIrlsOZEPNls0"
set system services ftp
set system services ssh
set system services telnet
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file cli-commands interactive-commands any
set system syslog file cli-commands archive size 1m
set system syslog file cli-commands archive files 10
set system syslog file config-changes change-log any
set system compress-configuration-files
set interfaces lo0 unit 0 family inet address 192.168.16.1/32
set routing-options static route 0.0.0.0/0 next-hop 10.210.8.30
set routing-options static route 0.0.0.0/0 retain
set routing-options static route 0.0.0.0/0 no-readvertise
except

Omit lines from the output:

doug@Hops>show interfaces terse | except fe
Interface               Admin Link Proto    Local           Remote
at-0/2/0                up    up
at-0/2/0.100            up    up   inet     10.0.16.1/24
at-0/2/1                up    up
at-0/2/1.100            up    up   inet     10.0.15.2/24
dsc                     up    up
fxp0                    up    up
fxp0.0                  up    up   inet     10.210.8.1/27
fxp1                    up    up
fxp1.0                  up    up   inet     10.0.0.4/8
                                   tnp      4
gre                     up    up
ipip                    up    up
lo0                     up    up
lo0.0                   up    up   inet     192.168.16.1    --> 0/0
lo0.16385               up    up   inet
lsi                     up    up
mtun                    up    up
pimd                    up    up
pime                    up    up
tap                     up    up
find

Begin the output at the specified string:

Doug@Hops>show interfaces fe-0/0/2 extensive | find traffic
  Traffic statistics:
   Input  bytes  :                 8574                    0 bps
   Output bytes  :                11923                    0 bps
   Input  packets:                   88                    0 pps
   Output packets:                  127                    0 pps
  Input errors:
    Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed
    discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch
    timeouts: 0, FIFO errors: 0, Resource errors: 0
  Output errors:
    Carrier transitions: 1, Errors: 0, Drops: 0, Collisions: 0, Aged
    packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0,
    Resource errors: 0
  Active alarms  : None
  Active defects : None
hold

Retain the output in the buffer until cleared:

doug@Hops>show route | hold

inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 03:47:27
                    > to 10.210.8.30 via fxp0.0
10.0.15.0/24       *[Direct/0] 03:02:54
                    > via at-0/2/1.100
10.0.15.2/32       *[Local/0] 03:02:54
                      Local via at-0/2/1.100
10.0.16.0/24       *[Direct/0] 03:05:15
                    > via at-0/2/0.100
10.0.16.1/32       *[Local/0] 03:05:15
                      Local via at-0/2/0.100
10.0.21.0/24       *[Direct/0] 03:14:56
                    > via fe-0/0/2.0
10.0.21.1/32       *[Local/0] 03:14:56
                      Local via fe-0/0/2.0
10.210.8.0/27      *[Direct/0] 03:47:27
                    > via fxp0.0
10.210.8.1/32      *[Local/0] 03:47:27
                      Local via fxp0.0
192.168.16.1/32    *[Direct/0] 03:14:56
                    > via lo0.0

_ _juniper_private1_ _.inet.0: 2 destinations, 2 routes (2 active,
0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.0.0/8         *[Direct/0] 08:39:21
                    > via fxp1.0
10.0.0.4/32        *[Local/0] 08:39:21
                      Local via fxp1.0

_ _juniper_private1_ _.inet6.0: 5 destinations, 5 routes (5 active,
0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

fe80::/64          *[Direct/0] 08:39:21
                    > via fxp1.0
fe80::200:ff:fe00:4/128
                   *[Local/0] 08:39:21
                      Local via fxp1.0
fe80::2a0:a5ff:fe12:2775/128
                   *[Direct/0] 08:39:21
                    > via lo0.16385
fec0::/64          *[Direct/0] 08:39:21
                    > via fxp1.0
fec0::10:0:0:4/128 *[Local/0] 08:39:21
                      Local via fxp1.0
---(more 100%)---
match

Display only lines with the specified string:

doug@Hops>show log messages | match "jun  4"
Jun  4 09:04:13  HongKong login: LOGIN_PAM_AUTHENTICATION_ERROR: PAM
authentication error for user lab
Jun  4 09:04:13  HongKong login: LOGIN_FAILED: Login failed for user
lab from host
Jun  4 09:04:16  HongKong login: LOGIN_INFORMATION: User lab logged
in from host [unknown] on device ttyd0
Jun  4 09:07:04  HongKong sshd[3685]: Accepted publickey for root from
10.210.8.28 port 58349 ssh2
Jun  4 09:07:08  HongKong sshd[3690]: Accepted publickey for root from
10.210.8.28 port 62534 ssh2
Jun  4 10:50:45  HongKong mgd[3681]: UI_RESTART_EVENT: User 'lab'
restarting daemon 'Routing protocol daemon'
Jun  4 10:50:45  HongKong rpd[3083]: RPD_SIGNAL_TERMINATE: first
termination signal received
Jun  4 10:50:45  HongKong snmpd[3108]: SNMPD_CLOSE_SA_IPC:
ipc_free_local: closed IPC socket /var/run/rpd_s
no-more

Do not paginate the output:

doug@Hops>show system statistics arp | no-more
arp:
        3429 datagrams received
        32 ARP requests received
        243 ARP replys received
        17 resolution requests received
        0 unrestricted proxy requests
        0 received proxy requests
        0 proxy requests not proxied
        0 with bogus interface
        0 with incorrect length
        0 for non-IP protocol
        0 with unsupported op code
        0 with bad protocol address length
        0 with bad hardware address length
        0 with multicast source address
        0 with multicast target address
        0 with my own hardware address
        3 for an address not on the interface
        0 with a broadcast source address
        0 with source address duplicate to mine
        3151 which were not for me
        10 packets discarded waiting for resolution
        16 packets sent after waiting for resolution
        269 ARP requests sent
        32 ARP replys sent
        0 requests for memory denied
        0 requests dropped on entry
        0 requests dropped during retry
save

Save the output to a file to the user home directory:

doug@Hops>show interfaces | save interface_hops
Wrote 272 lines of output to 'interface_hops'

Multiple pipe commands are treated as a logical AND, meaning the output must match both of the commands listed. This could come in the form of different pipe commands in the command list or as the same pipe command listed multiple times. To count how many /27 masks are in your route table, issue this command:

doug@Hops>show route | match /27 | count
Count: 1 lines

In comparison, use the same pipe command on a single line to show all /32 routes that start with a 10.0 prefix:

doug@Hops>show route | match /32 | match 10.0
10.0.15.2/32       *[Local/0] 03:18:28
10.0.16.1/32       *[Local/0] 03:20:49
10.0.21.1/32       *[Local/0] 03:30:30
10.0.0.4/32        *[Local/0] 08:54:55

Pipe commands are not limited to a logical AND, however, as a logical OR operation can also be performed. Do this by wrapping the string in quotation marks and using the OR operator:

doug@Hops>show route | match "/32|10.0"
10.0.15.0/24       *[Direct/0] 03:22:46
10.0.15.2/32       *[Local/0] 03:22:46
10.0.16.0/24       *[Direct/0] 03:25:07
10.0.16.1/32       *[Local/0] 03:25:07
10.0.21.0/24       *[Direct/0] 03:34:48
10.0.21.1/32       *[Local/0] 03:34:48
10.210.8.1/32      *[Local/0] 04:07:19
192.168.16.1/32    *[Direct/0] 03:34:48
10.0.0.0/8         *[Direct/0] 08:59:13
10.0.0.4/32        *[Local/0] 08:59:13
fec0::10:0:0:4/128 *[Local/0] 08:59:13

Configuration Mode

To actually configure the router, enter configuration mode by typing the word configure in operational mode. The router prompt will change to the octothorpe (#) symbol:

doug@Hops>configure
Entering configuration mode

[edit]
doug@Hops#

By default, when entering configuration mode, multiple users can enter the router and make changes at the same time. To avoid any issues that may arise, you can use the configure exclusive or configure private command. The former command allows only a single user to configure the router, whereas the latter command allows multiple users to configure different pieces of the configuration. If you use configure exclusive, no other users can make changes to the configuration besides the single user that entered exclusively. Using private mode, each user will get a copy of the current configuration and only changes that they make will be applied. If two users attempt to make the same change, such as adding an IP address to the same interface, the change will be rejected and both users will exit configuration mode to resolve their conflict.

In configuration mode, you can add configuration by using a set command. For example, to enable the Telnet server application on the router, issue this command:

doug@Hops# set system services telnet

The CLI is actually composed of many directories and subdirectories, which will eventually contain the command that is input. You can think of this as you would a PC, where the hard drive is normally named C:\ and it is partitioned into directories such as Windows, program files, drivers, and so on. These directories may contain subdirectories, which will eventually contain files or applications.

C:\>dir/w
 Volume in drive C has no label.
 Volume SerialNumber is 7806-197A

 Directory of C:\

AUTOEXEC.BAT                 [Backup]
bi-admin.dat                 Catalog.LiveSubscribe
[Config.Msi]                 CONFIG.SYS
[dell]                       [Dell962]
dlbx.log                     dlbxscan.log
[Documents and Settings]     [drivers]
DVDPATH.TXT                  [ERDNT]
[f403a5940e14ba07a40a99897c] [HP LJ1160-LJ1320]
HuskyInstallerLog.txt        [i386]
INFCACHE.1                   [ipv0011]
[ipv0021]                    [My Downloads]
[nslabs]                     [Program Files]
[reg_backup]                 statusclient.log
tmuninst.ini                 ut.bat
ut9x.bat                     [WINDOWS]
[Xitami]                     YServer.txt
              14 File(s)      4,055,509 bytes
              18 Dir(s)  26,173,308,928 bytes free

In JUNOS software, the top level, or C:\, is named edit, with multiple directories partitioned below it. You can view these directories by using the set ? command:

[edit]
doug@Hops# set ?
Possible completions:
> access             Network access configuration
> accounting-options Accounting data configuration
> applications       Define applications by protocol characteristics
+ apply-groups       Groups from which to inherit configuration data
> chassis            Chassis configuration
> class-of-service   Class-of-service configuration
> event-options      Event processing configuration
> firewall           Define a firewall configuration
> forwarding-options Configure options to control packet sampling
> groups             Configuration groups
> interfaces         Interface configuration
> policy-options     Routing policy option configuration
> protocols          Routing protocol configuration
> routing-instances  Routing instance configuration
> routing-options    Protocol-independent routing option configuration
> security           Security configuration
> services           Service PIC applications settings
> snmp               Simple Network Management Protocol configuration
> system             System parameters

So, when you issue the command set system services telnet, the system directory is accessed, followed by the subdirectory services and ending in the command telnet to enable the Telnet service. Figure 1-5 shows a partial directory tree to illustrate this process. Thankfully, you do not need to memorize the entire hierarchical tree structure, but it is important to understand the hierarchical structure and how it relates to configuration mode commands.

Subsection of JUNOS configuration tree

Figure 1-5. Subsection of JUNOS configuration tree

The opposite of the set command to remove configuration from the router is the delete command. Usually this command is used to remove a single line, but you also can use it to remove an entire hierarchy. In the simplest case, for example, to remove the Telnet service from the router, change the previous set command to a delete command:

doug@Hops#delete system services telnet

Warning

Be careful when issuing a delete command without noting any specific command, as this could remove an entire directory and have less than desirable consequences.

You can issue configuration commands such as set and delete from the top root level or from inside a subdirectory. To navigate to a subdirectory, issue an edit command, which is essentially a change directory command. If the Telnet service needed to be enabled, you could use an alternative method of moving into the subdirectory system services and then issuing a short set command:

[edit]
doug@Hops#edit system services

[edit system services]
doug@Hops#set telnet

Using the edit command is not necessary, but it allows the user to issue shorter set commands when compared to the top level. Just like choosing a color for a new car, you can choose how you want to configure the router as long as the desired result is achieved. Once in a certain directory, there are multiple ways to navigate the directory tree using commands such as up, top, and even exit. The up command will move you up one level in the directory tree or multiple levels if a numerical value is given after the up command:

[edit system services]
doug@Hops#up

[edit system]
doug@Hops# edit services

[edit system services]
doug@Hops# up 2

[edit]
doug@Hops#

From any hierarchy, you can issue the top command to move you up to the root level of the configuration tree. It has the added functionality of allowing multiple configuration statements after issuing the command, such as top edit or top set:

[edit system services]
doug@Hopstop

[edit]
doug@Hops# edit system services

[edit system services]
doug@Hops# top edit protocols ospf

[edit protocols ospf]
doug@Hops#

Another nice feature of configuration mode allows you to view the configuration that was just completed by issuing a show command. For instance, to view the configuration of the system services, issue this command:

[edit]
doug@Hops#show system services
ftp;
ssh;
telnet;

Or try yet another way to view the system services, by issuing the show command inside the subdirectory in question. A show command with no additional arguments shows the configuration from that hierarchy and below:

[edit]
doug@Hops#edit system services

[edit system services]
doug@Hops# show
ftp;
ssh;
telnet;

After issuing a plethora of set and delete commands, the keen user will notice that no changes have actually occurred in the router! To apply the changes, a special word—one that is often difficult to say in the real world—must be used: commit. To understand what is occurring when issuing the commit command, it’s best to examine the different types of configurations that occur in the JUNOS router.

A Juniper Networks router has two configuration files that are always present: the candidate configuration and the active configuration. The active configuration is the current running configuration in the router, whereas the candidate configuration is the temporary text file that is being modified while in configuration mode. When the commit command is issued, the candidate configuration becomes the active configuration if no syntax errors are detected. In addition, the old active configuration is archived into a file called a rollback 1. So, if a mistake is made, you can easily recover the old active configuration by issuing a rollback 1. This causes the candidate configuration to be replaced by the old active configuration. A commit command must then be issued to activate this rollback file. JUNOS saves not only this last active configuration, but also the previous 49 configurations. Each time a commit is issued, the archived file shifts down the list of 49. The first commit creates a rollback 1, the second commit (the old active) becomes rollback 1, the old rollback 1 becomes rollback 2, and so on, down the line. Figure 1-6 illustrates this rollback process.

Configuration and rollback

Figure 1-6. Configuration and rollback

Another important rollback command that can be useful is a rollback 0, which copies the active configuration to the candidate configuration. As an example, imagine that user doug logs into a router and issues a command to change the hostname of the router to a less desirable name, but does not actually activate the change.

doug@Hops>configure
Entering configuration mode

[edit]
doug@Hops# set system host-name yousmell

[edit]
doug@Hops# exit
The configuration has been changed but not committed
Exit with uncommitted changes? [yes,no] (yes) yes

Exiting configuration mode

doug@Hops>exit

A new user logs into the router, enters configuration mode, and observes that changes have occurred:

doug@Hops>configure
Entering configuration mode
The configuration has been changed but not committed

[edit]
lab@Hops#

It would seem at first glance that the new user is in between a rock and a hard place, but JUNOS has a very useful pipe command you can use—the compare command. This command allows any two files, including rollback files, active files, and candidate files, to be compared and the differences displayed. In this example, the candidate and active configurations will be compared:

[edit]
doug@Hops#show | compare
[edit system]
-  host-name Hops;
+  host-name yousmell;

It appears that user doug has been up to his old pranks again, attempting to change the hostname of the router. If a commit is issued, the hostname Hops will be removed and the hostname yousmell will be added. To wipe out these statements, a rollback 0 could be issued to stop doug and his mischievous ways:

doug@Hops#rollback 0
load complete

[edit]
lab@Hops#show | compare

One last key point of the two configuration types is that any operational mode command can be issued in configuration mode as long as the keyword run is issued before the command. For instance:

lab@Hops#ping
          ^
unknown command.

[edit]
dougHops# run ping 10.210.8.2
PING 10.210.8.2 (10.210.8.2): 56 data bytes
64 bytes from 10.210.8.2: icmp_seq=0 ttl=64 time=0.387 ms
64 bytes from 10.210.8.2: icmp_seq=1 ttl=64 time=0.296 ms
^C
--- 10.210.8.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.296/0.342/0.387/0.045 ms

Loading and Saving Configurations

To save the candidate configuration to the user’s home directory, you must issue the save command while in configuration mode.

Tip

To save an active configuration, issue a show configuration command and pipe to save.

It is important to realize which configuration directory you are located in when issuing the save command, as the command saves from the current hierarchy. To save the entire candidate configuration, issue the save command from the top of the directory tree:

[edit]
doug@Hops#save junos_is_cool
Wrote 413 lines of configuration to 'junos_is_cool'

Sometimes it is not desirable to save the entire configuration, so to save a portion, simply navigate into the desired directory to be saved. For instance, if every router in your network has the same system login information, you may want to save only that portion to load into other routers later:

[edit system login]
doug@Hops#save only_system_login
Wrote 31 lines of configuration to 'only_system_login'

It would be fantastic to eliminate the need to issue manual saves, so system archival allows for the automatic saving of configurations when issuing a commit or at a set time interval:

doug@Hops#set archival configuration ?
Possible completions:
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
> archive-sites
  transfer-interval    Frequency at which file transfer happens (minutes)
  transfer-on-commit   Transfer after each commit

These files can be FTP’d or scp’d off to a server under the archivel-sites configuration. In the example that follows, every time a commit is issued, the configuration file is sent to an FTP server with user doug, password okemos123, and IP address 66.17.3.254, and then into the /config/junos directory:

archival {
    configuration {
        transfer-on-commit;
        archive-sites {
            "ftp://doug:okemos123@66.17.3.254/config/junos";
        }

The opposite of saving a configuration is loading a configuration, which you can accomplish by the load command. There are several variations of the load command:

doug@Hops# load ?
Possible completions:
 factory-default Override existing configuration with factory default
 merge           Merge contents with existing configuration
 override        Override existing configuration
 patch           Load patch file into configuration
 replace         Replace configuration data
 set             Execute set of commands on existing configuration
 update          Update existing configuration

Although each type of load command has its advantages, we will examine only the most common command variations here. One of the most common loads is the override command, which replaces the current candidate configuration with the specified file:

[edit]
doug@Hops#load override junos_is_cool
load complete

The merge switch will also be used often when just a small piece of configuration needs to be added to the candidate configuration. For instance, you can issue the following command to add the system login configuration saved previously:

[edit]
doug@Hops#load merge only_system_login
load complete

Since it is highly likely that more than one router will exist in a network, cutting and pasting configurations can give you a few more hours of free time in your life. There are several ways to cut and paste configurations into the router, including using variations of the load command, or copying set commands directly into the router. The oldest JUNOS software method is to use the load command with the terminal option, which opens a terminal buffer, allowing full or partial configurations to be pasted in:

doug@Hops#load merge terminal
[Type ^D at a new line to end input]
system {
services {
        ftp;
        ssh;
        telnet;
    }
}
load complete

Cutting and pasting using this method definitely takes some practice, as the proper number of levels and braces must always be present. The terminal command always assumes that the entire top-level hierarchy is known. If the upper-level directories are not included, errors will occur and the relative keyword could become very useful:

[edit]
doug@Hops#load merge terminal
[Type ^D at a new line to end input]
services {
    ftp;
  terminal:2:(7) syntax error: ftp
   [edit services]
    'ftp;'
      syntax error
 ssh;
    telnet;
}
[edit]
  'services'
    warning: statement has no contents; ignored
load complete (1 errors)

Since the pasting started at the services level and not at the system level, the pasting causes errors and does not complete. One solution is to navigate to the system directory and indicate that the configuration will be loaded relative to that directory:

[edit]
doug@Hops#edit system

[edit system]
doug@Hops# load merge terminal relative
[Type ^D at a new line to end input]
services {
    ftp;
    ssh;
    telnet;
}
load complete

Or perhaps a simpler method would be to load set commands directly into the router by simply pasting a carriage return after each set command or by using the load set command:

doug@Hopsload set terminal
[Type ^D at a new line to end input]
set system services ftp
set system services ssh
set system services telnet
load complete

S.O.S., I Need Help!

If the router is causing you problems, simply ask it for help. You can accomplish this in a few ways. The first is with a question mark (?) to display possible command completions:

doug@Hops#set system login ?
Possible completions:
  announcement         System announcement message (displayed after
login)
+ apply-groups         Groups from which to inherit configuration
data
+ apply-groups-except  Don't inherit configuration data from these
groups
> class                Login class
  message              System login message
> password
> user                 Username

The > character indicates a directory that contains subdirectories, + indicates a command that takes multiple arguments, and no symbol means the command takes a single argument or is in fact the end statement of a command.

The help command is a secret resource of which few are aware. This displays the same technical documentation that can also be located online. Sometimes a small piece of a command is remembered but not the full statement; help can aid in finding that full command by searching through the JUNOS software configuration tree for a particular string:

doug@Hops#help apropos host-name
set system host-name <host-name>
    Hostname for this router
set system static-host-mapping <host-name>
    Fully qualified name of system
set system services dhcp static-binding <mac-address> host-name
<host-name>
    Hostname for this client
set system syslog host
    Host to be notified
set interfaces <interface_name> services-options syslog host
<host-name>
    Name of host to notify
set accounting-options routing-engine-profile <profile-name> fields
host-name
    Hostname for this router
set services l2tp tunnel-group <name> syslog host <host-name>
    Name of host to notify
set services service-set <service-set-name> syslog host <host-name>
    Name of host to notify

If you encounter a command in the router that needs clarification, you can obtain more information by issuing the help topic or help reference command. The former will display general usage guidelines for that command:

doug@Hops#help topic ospf hello-interval
 Modifying the Hello Interval

  Routers send hello packets at a fixed interval on all interfaces,
  including virtual links, to establish and maintain neighbor
  relationships. This interval, which must be the same on all routers
  on a shared network, is advertised in the hello interval field in
  the hello packet. By default, the router sends hello packets every
  10 seconds.

  To modify how often the router sends hello packets out of an
  interface, include the hello-interval statement:
    hello-interval seconds;

  For a list of hierarchy levels at which you can configure this
  statement, see the statement summary section for this statement.

  On nonbroadcast networks, the router sends hello packets every 120
  seconds until active neighbors are detected by default. This
  interval is long enough to minimize the bandwidth required on slow
  WAN links. To modify this interval, include the poll-interval
  statement: poll-interval seconds;

+-------------------------------------------------------------+
|NOTE:  The poll-interval statement is valid for OSPFv2 only. |
+-------------------------------------------------------------+

   For a list of hierarchy levels at which you can configure this
   statement, see the statement summary section for this statement.
   Once the router detects an active neighbor, the hello packet
   interval changes from the time specified in the poll-interval time
   statement to the specified in the hello-interval statement.

After you’ve learned what a certain command accomplishes and when you should use it, you can view the actual syntax and possible options using the help reference command. It’s similar to the manual command seen on other operating systems:

[edit]
doug@Hops#help reference ospf hello-interval
hello-interval

      Syntax

   hello-interval seconds;

      Hierarchy Level

   [edit logical-routers logical-router-name protocols ospf area area-id
   peer-interface
       interface-name],
   [edit logical-routers logical-router-name protocols (ospf | ospf3) area
   area-id
       interface interface-name],
   [edit logical-routers logical-router-name protocols (ospf | ospf3) area
   area-id virtual-link],
   [edit logical-routers logical-router-name routing-instances
   routing-instance-name
       protocols (ospf | ospf3) area area-id interface interface-name],
   [edit logical-routers logical-router-name routing-instances
   routing-instance-name
       protocols (ospf | ospf3) area area-id virtual-link],
   [edit protocols ospf area area-id peer-interface interface-name],
   [edit protocols (ospf | ospf3) area area-id interface interface-name],
   [edit protocols (ospf | ospf3) area area-id virtual-link],
   [edit routing-instances routing-instance-name protocols (ospf | ospf3)
   area area-id
       interface interface-name],
   [edit routing-instances routing-instance-name protocols (ospf | ospf3)
   area area-id
       virtual-link]

      Release Information

   Statement introduced before JUNOS Release 7.4.

      Description

   Specify how often the router sends hello packets out the interface.
   The hello interval must be the same for all routers on a shared
   logical IP network.

      Options
   seconds--Time between hello packets, in seconds.
   Range: 1 through 255 seconds
   Default: 10 seconds; 120 seconds (nonbroadcast networks)

      Usage Guidelines

   See "Modifying the Hello Interval".

      Required Privilege Level

   routing--To view this statement in the configuration.
   routing-control--To add this statement to the configuration.

      See Also

   dead-interval

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required