Skip to main content

Juniper Cli

Display

Show Display configuration

show configuration | display set

Show display detail configuration

show configuration | display detail

show arp macs

show ethernet-switching table

File

To navigate the file system you can do

file list /?

Backup

Backup configuration in homedir

save router-config-name

Backup active configuration in homedir

run show configuration | save backup-name

Create a rescue configuration

If the active configuration is corrupted, the device will automatically load the filenamed rescue.gz in the /config directory as the active configuration:

file copy /config/juniper.conf.gz /config/rescue.gz

Completely replace the current candidate configuration with a previously stored file.

load override /var/tmp/router-config
commit

Check configuration before a commit:

commit check

Rollback

Show rollabcks

rollback ?

Compare active config with rollback X

show | compare rollback X

Compare candidate config with active configuration

show  | compare

rollback 0 references the active configuration, so the following command is equivalent to the previous one

rollback X

Replace candidate configuration with rollback X:

We start by loading rollback X

rollback X

Checking everything is fine

show
show | compare

If everything is fine:

commit

Commit version during X minutes

You need to confirm with a commit, or modification will be rollback after X minutes.

commit confirmed X

Show pending auto commits (and commits history):

show system commit

Auto commit at a particular time:

commit at 02:00:00
show system commit

Adding a Vlan

set vlans VLAN444 vlan-id 444

You will then need to add the vlan to an uplink, in this example the uplink is aggregated

set interfaces ae48 unit 0 family ethernet-switching vlan members 444

Vlan Switching 

For Ex33 switches, auto-negotiation is not required.

Setting port to access on a vlan

delete interfaces xe-0/0/0
set interfaces xe-0/0/0 ether-options auto-negotiation
set interfaces xe-0/0/0 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 4082
set interfaces xe-0/0/0 unit 0 family ethernet-switching recovery-timeout 300

Setting port to aggregated 

delete interfaces xe-0/0/0
set interfaces xe-0/0/0 description member-ae0
set interfaces xe-0/0/0 ether-options auto-negotiation
set interfaces xe-0/0/0 ether-options 802.3ad ae0

Configuring the LACP on the aggregated link

set interfaces ae0 description "aggregate-link"
set interfaces ae0 aggregated-ether-options link-speed 10g
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members 4040
set interfaces ae0 unit 0 family ethernet-switching vlan members 4041
set interfaces ae0 unit 0 family ethernet-switching storm-control default
set interfaces ae0 unit 0 family ethernet-switching recovery-timeout 300
delete protocols rstp interface xe-0/0/0
delete protocols rstp interface xe-1/0/0
set protocols rstp interface ae0 edge
set protocols rstp interface ae0 no-root-port

Firewall Rules

set interfaces vlan unit [VAN_ID] family inet filter input INBOUND-TRAFFIC
set firewall family inet filter INBOUND-TRAFFIC term name-of-rule from source-address [IP]/32
set firewall family inet filter INBOUND-TRAFFIC term name-of-rule from destination-address [IP]/32
set firewall family inet filter INBOUND-TRAFFIC term name-of-rule from destination-port 22
set firewall family inet filter INBOUND-TRAFFIC term name-of-rule then accept

 

 

Back to top