Junos Config
From Juniper JSRX Wiki
Contents |
Overview
JunOS uses XML for its configuration. A good way to think about it is many containers. If you want to configure an IP address on an interface, you would open up the box containing all the interfaces and in that box you will find another one for the specific interface and then inside of that box is boxes for all the different protocols it is using (i.e. IPv4, IPv6, and MPLS) and then you would put the address in that box. The boxes in the XML configuration are shown by indentation. Here is a sample configuration
system {
host-name CommanderSpringvale;
root-authentication {
encrypted-password "$1$iW071u1Z$VnoweWgzTpM6zJP9NYfwq0"; ## SECRET-DATA
}
login {
message "/**** Please reload /var/tmp/default.conf for basic config ****/ ";
user lab {
uid 2000;
class superuser;
authentication {
encrypted-password "$1$Y7A5lhIu$K6ivfoJj86BYFMph1Mwr.1"; ## SECRET-DATA
}
}
}
services {
ftp;
ssh;
telnet;
web-management {
http {
interface [ fe-0/0/0.0 ];
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
fe-0/0/0 {
unit 0 {
family inet {
address 172.18.66.89/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 {
next-hop 192.168.51.1;
no-readvertise;
}
}
}
security {
zones {
security-zone default {
interfaces {
all {
host-inbound-traffic {
system-services {
all;
}
}
}
}
}
}
policies {
from-zone default to-zone default {
policy accept-all {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
}
There are 29 top level configuration trees. Here is a list and a brief explanation of what they are
[edit] metacortex@CommanderSpringvale# set ? Possible completions: > access Network access configuration > access-profile Access profile for this instance > accounting-options Accounting data configuration > applications Define applications by protocol characteristics + apply-groups Groups from which to inherit configuration data > chassis Chassis configuration > class-of-service Class-of-service configuration > demux > diameter Diameter protocol layer > ethernet-switching-options Ethernet-switching configuration options > event-options Event processing configuration > firewall Define a firewall configuration > forwarding-options Configure options to control packet forwarding > groups Configuration groups > interfaces Interface configuration > jsrc JSRC partition configuration > jsrc-partition JSRC partition configuration > multicast-snooping-options Multicast snooping option configuration > policy-options Routing policy option configuration > protocols Routing protocol configuration > routing-instances Routing instance configuration > routing-options Protocol-independent routing option configuration > schedulers Security scheduler > security Security configuration > services Service PIC applications settings > smtp Simple Mail Transfer Protocol service configuration > snmp Simple Network Management Protocol configuration > system System parameters > vlans VLAN configuration
Factory Default
You can tell that a JunOS device that has the Factory Default Settings on it by only being able to log into it with the root account with no password and the system hostname will be Amnesiac. To restore a device to its factory default settings, you can run the following command
[edit] metacortex@CommanderSpringvale# load factory-default warning: activating factory configuration [edit] metacortex@CommanderSpringvale# set system root-authentication plain-text-password New password: Retype new password: [edit] metacortex@CommanderSpringvale# commit commit complete
- NOTE: JunOS will not allow you to commit any changes when the root password is blank
Configuration Modification
JunOS uses a batch commit style of making configuration changes as opposed to Cisco. On a Cisco device, when you type a command into it and hit enter, that change takes effect immediately. On JunOS devices, you can make all the configuration changes you want but they do not take effect until you commit them. Here is the process of making a change to the configuration.
Candidate Configuration
When you enter configuration mode, JunOS gives you a copy of the current running config. This copy is called a Candidate Configuration because making changes to it does not effect the current operation of the device. To make a candidate configuration the current running configuration you issue to command commit. Whenever you are in configuration mode, you are making changes to the Candidate Configuration.
Running Configuration
When you commit a Candidate Configuration, it becomes the Running Configuration. This is the configuration that the devices is using to process transit traffic and exception traffic. You can always reference the running configuration as "rollback 0". For instance, if you want to completly erase all the changes you made to a candidate configuration and want to start from the configuration that the device is currently running you issue a "rollback 0" command.
Previously Commited Configurations
Most JunOS devices keep 49 of the last committed configurations (some of the smaller SRX boxes default to 5 but this is configurable). These configurations are stored in chronological order were 0 is the current running config, 1 is the one the device was using before the last commit and so on. If you ever need to make a previous configuration active again you would rollback to it and then commit. These previous configurations are used primarily with commit confirm (where if you commit and you are not able to confirm it after a certain amount of time, it will then rollback 1 and then commit on its own) and showing configuration changes using the "show | compare rollback x" command.
