JNCIA Refresher #1 - User Interface
Table of Contents
Decided to get my act in gear and get started with my journey on becoming a JNCIE engineer, I’ve worked with Junos for a couple years now (using it properly over last 12 months!), I would like to think I know a few bits about it, but when it comes to exams its always good to go over the “basics”
Before getting into it, I’ve taken a look on the Juniper JNCIA Track page to check the topics that exam takers will be expected to know:
Networking Fundamentals Junos OS Fundamentals User Interfaces Junos Configuration Basics Operational Monitoring and Maintenance Routing Fundamentals Routing Policy and Firewall Filters
Having a quick look over these topics, although they are pretty straightforward for me, I always been told, never time to little of a problem! With this in mind, ill be making series a posts to refresh myself in the basic understanding of Junos and Juniper devices. Although I use Junos everyday at work, I’ve said to myself doing a bit of studying will be useful as:
- I may learn something new
- I’ll (definitely) remember something I’ve forgotten
- Most importantly, how things work in the real world and how things are in an exam are COMPLETELY different, so exam techniques are always needed!
As I was going through the different topics, there were a few things I just looked over, as I was confident enough with! So i wont be going over thing in these posts
With that being said, let begin :D
User Interface⌗
CLI modes and navigation⌗
With Junos, there are 3 different levels of access available. The prompt signs show these:
root@Top_SRX% The % prompt shows that we are on the Unix kernal level. As Junos is a based on FreeBSD the overall archietecture is Linux based, so you will be able to do a number of linux commands. You can into this Unix kernal level either by logging into your device as root or if you are in Operational mode, you will need to use the command start shell
root@Top_SRX> The > prompt shows that we are on the Operational level. This is where we will be able checks (via show commands), troubleshoot and make system requests. You will enter this mode automatically if you are logged in with a created user. If you are log in as root, to get Operation mode from kernal level, you will need to run the command cli
Operational Mode Commands⌗
Most used commands from this level would be:
root@Top\_SRX> ?
Possible completions:
clear Clear information in the system
**configure Manipulate software configuration information**
file Perform file operations
help Provide help information
load Load information from file
monitor Show real-time debugging information
mtrace Trace multicast path from source to receiver
op Invoke an operation script
ping Ping remote target
quit Exit the management session
**request Make system-level requests**
restart Restart software process
save Save information to file
**set Set CLI properties, date/time, craft interface message**
**show Show system information**
ssh Start secure shell on another host
start Start shell
telnet Telnet to another host
test Perform diagnostic debugging
traceroute Trace route to remote host
root@Top_SRX# the # prompt shows we are in configuration level. This is where we can make configure changes on the device. To get the configuration, you will need to be Operational mode and you will need to either run the command configure or edit
Configuration Mode⌗
Most used commands from this level:
root@Top\_SRX# ?
Possible completions:
<\[Enter\]> Execute this command
activate Remove the inactive tag from a statement
annotate Annotate the statement with a comment
**commit Commit current set of changes**
copy Copy a statement
deactivate Add the inactive tag to a statement
**delete Delete a data element**
**edit Edit a sub-element**
**exit Exit from this level**
extension Extension operations
help Provide help information
insert Insert a new ordered data element
load Load configuration from ASCII file
prompt Prompt for an input
protect Protect the statement
**quit Quit from this level**
rename Rename a statement
replace Replace character string in configuration
**rollback Roll back to previous committed configuration**
**run Run an operational-mode command**
save Save configuration to ASCII file
**set Set a parameter**
**show Show a parameter**
status Show users currently editing configuration
**top Exit to top level of configuration**
unprotect Unprotect the statement
**up Exit one level of configuration**
wildcard Wildcard operations
Junos is organized in a hierarchy model. When we enter configuration mode we see that we are at the top of the edit hierarchy by the edit
[edit]
root@Top_SRX#
From here we are able to drill down into the different hierarchical levels and make changes that will affect that particular level. For an example, if we wanted to configure the interface ge-0/0/3 with the IP address 10.1.10.100/24. We have the ability to drill down the interface hierarchy to make the change, we will use the ’edit’ command to change levels . It is important to know as well, the different hierarchical levels will have specific commands exclusive for that particular hierarchical level
Top level⌗
root@Top\_SRX# edit ?
Possible completions:
> access Network access configuration
> access-profile Access profile for this instance
> accounting-options Accounting data configuration
> applications Define applications by protocol characteristics
> bridge-domains Bridge domain configuration
> chassis Chassis configuration
> class-of-service Class-of-service configuration
> ethernet-switching-options Ethernet-switching configuration options
> event-options Event processing configuration
> firewall Define a firewall configuration
> forwarding-options Configure options to control packet forwarding
> groups Configuration groups
_**> interfaces Interface configuration**_
> multi-chassis
> policy-options Policy option configuration
> protocols Routing protocol configuration
> routing-instances Routing instance configuration
> routing-options Protocol-independent routing option configuration
> schedulers Security scheduler
> security Security configuration
> services Set services parameters
> smtp Simple Mail Transfer Protocol service configuration
> snmp Simple Network Management Protocol configuration
> switch-options Options for default routing-instance of type virtual-switch
> system System parameters
> vlans VLAN configuration
> wlan Wireless access point configuration
Interface level⌗
[edit interfaces]
root@Top\_SRX# set ?
Possible completions:
Interface name
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
ge-0/0/0 Interface name
ge-0/0/3 Test
ge-0/0/6 Interface name
> interface-range Interface ranges configuration
> interface-set Logical interface set configuration
> traceoptions Interface trace options
Physical Port level⌗
[edit interfaces ge-0/0/3]
root@Top_SRX# set ?
Possible completions:
accounting-profile Accounting profile name
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
description Text description of interface
disable Disable this interface
encapsulation Physical link-layer encapsulation
flexible-vlan-tagging Support for no tagging, or single and double 802.1q VLAN tagging
> gigether-options Gigabit Ethernet interface-specific options
gratuitous-arp-reply Enable gratuitous ARP reply
> hold-time Hold time for link up and link down
link-mode Link operational mode
mac Hardware MAC address
mtu Maximum transmit packet size (256..9192)
native-vlan-id Virtual LAN identifier for untagged frames (0..4094)
no-gratuitous-arp-reply Don't enable gratuitous ARP reply
no-gratuitous-arp-request Ignore gratuitous ARP request
no-per-unit-scheduler Don't enable subunit queuing on Frame Relay or VLAN IQ interface
no-traps Don't enable SNMP notifications on state changes
passive-monitor-mode Use interface to tap packets from another router
per-unit-scheduler Enable subunit queuing on Frame Relay or VLAN IQ interface
promiscuous-mode Enable promiscuous mode for L3 interface
speed Link speed
stacked-vlan-tagging Stacked 802.1q VLAN tagging support
> switch-options Front end ports configuration
> traceoptions Interface trace options
traps Enable SNMP notifications on state changes
> unit Logical interface
vlan-tagging 802.1q VLAN tagging support
With hierarchical levels you have the option of either drilling down to the bottom of the hierarchy to make change or you can set the full command from the top or any hierarchical level.
SET Commands⌗
Within interface hierarchy level
[edit interfaces ge-0/0/3]
root@Top_SRX# set unit 0 family inet address 10.1.100.100/24
From top level
[edit]
root@Top_SRX# set interface ge-0/0/3 unit 0 family inet address 10.1.100.100/24
Hierarchy Commands⌗
edit= Moves you down to the level you needup= Moves you one level up from the current hierarchical leveltop= Moves you to the top of the configuration hierarchy
CLI Help⌗
One very useful (that I just learnt myself!) is the help command. This command shows you the inbuilt documentation that is on all juniper devices. The command that will be most likely used the Reference, Apropos and Topic.
root@Top_SRX# help ?
Possible completions:
<\[Enter\]> Execute this command
**apropos Find help information about a topic**
**reference Reference material**
syslog System log error messages
tip Tip for the day
**topic Help for high level topics**
| Pipe through a command
The topic option will give you detail, description and context about particular topic on the device
Help Topic Example⌗
root@Top\_SRX# help topic interfaces address
Configuring the Interface Address
You assign an address to an interface by specifying the address when
configuring the protocol family. For the inet or inet6 family, configure
the interface IP address. For the iso family, configure one or more
addresses for the loopback interface. For the ccc, ethernet-switching,
tcc, mpls, tnp, and vpls families, you never configure an address.
+------------------------------------------------------------------------+
| | The point-to-point (PPP) address is taken from the loopback |
| Note: | interface address that has the primary attribute. When the |
| | loopback interface is configured as an unnumbered interface, |
| | it takes the primary address from the donor interface. |
+------------------------------------------------------------------------+
To assign an address to an interface, include the address statement:
address address {
broadcast address;
destination address;
destination-profile name;
eui-64;
preferred;
primary;
}
You can include these statements at the following hierarchy levels:
\* \[edit interfaces interface-name unit logical-unit-number family
family\]
\* \[edit logical-systems logical-system-name interfaces interface-name
unit logical-unit-number family family\]
In the address statement, specify the network address of the interface.
For each address, you can optionally configure one or more of the
following:
\* Broadcast address for the interface subnet-Specify this in the
broadcast statement; this applies only to Ethernet interfaces, such as
the management interface fxp0, em0, or me0 the Fast Ethernet
interface, and the Gigabit Ethernet interface.
\* Address of the remote side of the connection (for point-to-point
interfaces only)-Specify this in the destination statement.
\* PPP properties to the remote end-Specify this in the
destination-profile statement. You define the profile at the \[edit
access group-profile name ppp\] hierarchy level (for point-to-point
interfaces only).
\* Whether the router or switch automatically generates the host number
portion of interface addresses-The eui-64 statement applies only to
interfaces that carry IPv6 traffic, in which the prefix length of the
address is 64 bits or less, and the low-order 64 bits of the address
are zero. This option does not apply to the loopback interface (lo0)
because IPv6 addresses configured on the loopback interface must have
a 128-bit prefix length.
+-------------------------------------------------------------+
| Note: | IPv6 is not currently supported for the QFX Series. |
+-------------------------------------------------------------+
\* Whether this address is the preferred address-Each subnet on an
interface has a preferred local address. If you configure more than
one address on the same subnet, the preferred local address is chosen
by default as the source address when you originate packets to
destinations on the subnet.
By default, the preferred address is the lowest-numbered address on
the subnet. To override the default and explicitly configure the
preferred address, include the preferred statement when configuring
the address.
\* Whether this address is the primary address-Each interface has a
primary local address. If an interface has more than one address, the
primary local address is used by default as the source address when
you send packets from an interface where the destination provides no
information about the subnet (for example, some ping commands).
By default, the primary address on an interface is the lowest-numbered
non-127 (in other words, non-loopback) preferred address on the interface.
To override the default and explicitly configure the preferred address,
include the primary statement when configuring the address.
\* Configuring Interface IPv4 Addresses
\* Configuring Interface IPv6 Addresses
Related-Topics
\* Configuring IPCP Options
\* Configuring Default, Primary, and Preferred Addresses and
Interfaces
Help Reference⌗
The Reference option is command structure, it is a type of configuration assistances. As it provides all the possible configuration syntax that’s available for that topic
Help Reference Example⌗
root@Top\_SRX# help reference interfaces address
address
Syntax
address address {
arp ip-address (mac | multicast-mac) mac-address ;
broadcast address;
destination address;
destination-profile name;
eui-64;
master-only;
multipoint-destination address dlci dlci-identifier;
multipoint-destination address {
epd-threshold cells;
inverse-arp;
oam-liveness {
up-count cells;
down-count cells;
}
oam-period (disable | seconds);
shaping {
(cbr rate | rtvbr peak rate sustained rate burst length |
vbr peak rate sustained rate burst length);
queue-length number;
}
vci vpi-identifier.vci-identifier;
}
primary;
preferred;
(vrrp-group | vrrp-inet6-group) group-number {
(accept-data | no-accept-data);
advertise-interval seconds;
authentication-type authentication;
authentication-key key;
fast-interval milliseconds;
(preempt | no-preempt) {
hold-time seconds;
}
priority-number number;
track {
priority-cost seconds;
priority-hold-time interface-name {
interface priority;
bandwidth-threshold bits-per-second {
priority;
}
}
route ip-address/mask routing-instance instance-name
priority-cost cost;
}
virtual-address \[ addresses \];
}
}
Hierarchy Level
\[edit interfaces interface-name unit logical-unit-number family family\],
\[edit logical-systems logical-system-name interfaces interface-name unit
logical-unit-number family family\]
Release Information
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for QFX Series switches.
Description
Configure the interface address.
+----------------------------------------------------------------------+
| Note: | The vrrp High Availability functionality is not available |
| | for the QFX Series switches |
+----------------------------------------------------------------------+
Options
address-Address of the interface.
The remaining statements are explained separately.
+----------------------------------------------------------------------+
| Note: | The edit logical-systems hierarchy is not available on |
| | QFabric switches. |
+----------------------------------------------------------------------+
Required Privilege Level
interface-To view this statement in the configuration.
interface-control-To add this statement to the configuration.
Related-Topics
\* Configuring the Protocol Family
\* negotiate-address
\* unnumbered-address (Ethernet)
\* Junos OS System Basics Configuration Guide
Help Apropos⌗
The Apropos option gives you all the commands that have particular word you are looking for. This will include clear, show and help commands if in Operational Mode and the set commands if you’re in Configuration Mode.
Help Apropos Example⌗
root@Top\_SRX# help apropos lldp
set logical-systems protocols lldp
Link Layer Detection Protocol
set logical-systems protocols lldp disable
Disable LLDP
set logical-systems protocols lldp traceoptions
Trace options for LLDP
set logical-systems protocols lldp management-address
LLDP management address
set logical-systems protocols lldp advertisement-interval
Transmit interval for LLDP messages
set logical-systems protocols lldp transmit-delay
Transmit delay time interval for LLDP messages
set logical-systems protocols lldp hold-multiplier
Hold timer interval for LLDP messages
set logical-systems protocols lldp lldp-configuration-notification-interval
Time interval for LLDP notification
set logical-systems protocols lldp interface disable
Disable LLDP
set logical-systems protocols lldp-med
LLDP Media Endpoint Discovery
set logical-systems protocols lldp-med disable
Disable LLDP
set logical-systems protocols lldp-med interface disable
Disable LLDP
set logical-systems protocols dot1x authenticator interface lldp-med-bypass
Bypass dot1x authentication, use lldp-med based authentication
set protocols lldp
Link Layer Detection Protocol
set protocols lldp disable
Disable LLDP
set protocols lldp traceoptions
Trace options for LLDP
set protocols lldp management-address
LLDP management address
set protocols lldp advertisement-interval
Transmit interval for LLDP messages
set protocols lldp transmit-delay
Transmit delay time interval for LLDP messages
set protocols lldp hold-multiplier
Hold timer interval for LLDP messages
set protocols lldp lldp-configuration-notification-interval
Time interval for LLDP notification
set protocols lldp interface disable
Disable LLDP
set protocols lldp-med
LLDP Media Endpoint Discovery
set protocols lldp-med disable
Disable LLDP
set protocols lldp-med interface disable
Disable LLDP
set protocols dot1x authenticator interface lldp-med-bypass
Bypass dot1x authentication, use lldp-med based authentication
set vlans dot1q-tunneling layer2-protocol-tunneling lldp
Tunnel LLDP PDUs
Keyboard shortcuts are useful to know as you will be able to get configure command quicker and have less time looking at the screen (which is always nice :D)
Keyboard Shortcuts⌗
ctrl + b = moves the cursor one to the left (backward)
ctrl + f = moves the cursor one to the right (forward)
ctrl + a = moves the cursor to the beginning of the line
ctrl + e = moves the cursor to the end of the line
ctrl + d = deletes the character that the cursor is on
ctrl + w = deletes the word left of the cursor
ctrl + k = deletes everything on the right of the cursor
ctrl + u = deletes the whole line\[/su\_spoiler\]