# Juniper Cli ### Display Show Display configuration ``` show configuration | display set ``` Show display detail configuration ``` show configuration | display detail ``` show arp macs ``` show ethernet-switching table ``` ### File To navigate the file system you can do ``` file list /? ``` ### Backup Backup configuration in homedir ``` save router-config-name ``` Backup active configuration in homedir ``` run show configuration | save backup-name ``` Create a rescue configuration

If the active configuration is corrupted, the device will automatically load the filenamed rescue.gz in the `/config` directory as the active configuration:

``` file copy /config/juniper.conf.gz /config/rescue.gz ``` Completely replace the current candidate configuration with a previously stored file. ``` load override /var/tmp/router-config commit ``` Check configuration before a commit: ``` commit check ``` ### Rollback Show rollabcks ``` rollback ? ``` Compare active config with rollback X ``` show | compare rollback X ``` Compare candidate config with active configuration ``` show | compare ``` rollback 0 references the active configuration, so the following command is equivalent to the previous one ``` rollback X ```

Replace candidate configuration with rollback X:

We start by loading rollback X ``` rollback X ``` Checking everything is fine ``` show show | compare ``` If everything is fine: ``` commit ``` ### Commit version during X minutes You need to confirm with a commit, or modification will be rollback after X minutes. ``` commit confirmed X ``` Show pending auto commits (and commits history): ``` show system commit ``` Auto commit at a particular time: ``` commit at 02:00:00 show system commit ``` ### Adding a Vlan ``` set vlans VLAN444 vlan-id 444 ```

You will then need to add the vlan to an uplink, in this example the uplink is aggregated

``` set interfaces ae48 unit 0 family ethernet-switching vlan members 444 ``` ### Vlan Switching

For Ex33 switches, auto-negotiation is not required.

Setting port to access on a vlan ```shell delete interfaces xe-0/0/0 set interfaces xe-0/0/0 ether-options auto-negotiation set interfaces xe-0/0/0 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 4082 set interfaces xe-0/0/0 unit 0 family ethernet-switching recovery-timeout 300 ``` Setting port to aggregated ```shell delete interfaces xe-0/0/0 set interfaces xe-0/0/0 description member-ae0 set interfaces xe-0/0/0 ether-options auto-negotiation set interfaces xe-0/0/0 ether-options 802.3ad ae0 ``` Configuring the LACP on the aggregated link ``` set interfaces ae0 description "aggregate-link" set interfaces ae0 aggregated-ether-options link-speed 10g set interfaces ae0 aggregated-ether-options lacp active set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk set interfaces ae0 unit 0 family ethernet-switching vlan members 4040 set interfaces ae0 unit 0 family ethernet-switching vlan members 4041 set interfaces ae0 unit 0 family ethernet-switching storm-control default set interfaces ae0 unit 0 family ethernet-switching recovery-timeout 300 ``` ``` delete protocols rstp interface xe-0/0/0 delete protocols rstp interface xe-1/0/0 set protocols rstp interface ae0 edge set protocols rstp interface ae0 no-root-port ``` ### Firewall Rules ``` set interfaces vlan unit [VAN_ID] family inet filter input INBOUND-TRAFFIC set firewall family inet filter INBOUND-TRAFFIC term name-of-rule from source-address [IP]/32 set firewall family inet filter INBOUND-TRAFFIC term name-of-rule from destination-address [IP]/32 set firewall family inet filter INBOUND-TRAFFIC term name-of-rule from destination-port 22 set firewall family inet filter INBOUND-TRAFFIC term name-of-rule then accept ```