Junos Config

From Juniper JSRX Wiki

Jump to: navigation, search



JunOS uses XML for its configuration. A good way to think about it is many containers. If you want to configure an IP address on an interface, you would open up the box containing all the interfaces and in that box you will find another one for the specific interface and then inside of that box is boxes for all the different protocols it is using (i.e. IPv4, IPv6, and MPLS) and then you would put the address in that box. The boxes in the XML configuration are shown by indentation. Here is a sample configuration

system {
    host-name CommanderSpringvale;
    root-authentication {
        encrypted-password "$1$iW071u1Z$VnoweWgzTpM6zJP9NYfwq0"; ## SECRET-DATA
    login {
        message "/**** Please reload /var/tmp/default.conf for basic config ****/ ";
        user lab {
            uid 2000;
            class superuser;
            authentication {
                encrypted-password "$1$Y7A5lhIu$K6ivfoJj86BYFMph1Mwr.1"; ## SECRET-DATA
    services {
        web-management {
            http {
                interface [ fe-0/0/0.0 ];
    syslog {
        user * {
            any emergency;
        file messages {
            any any;
            authorization info;
        file interactive-commands {
            interactive-commands any;
interfaces {
    fe-0/0/0 {
        unit 0 {
            family inet {
routing-options {
    static {
        route {
security {
    zones {
        security-zone default {
            interfaces {
                all {
                    host-inbound-traffic {
                        system-services {
    policies {
        from-zone default to-zone default {
            policy accept-all {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                then {

There are 29 top level configuration trees. Here is a list and a brief explanation of what they are

metacortex@CommanderSpringvale# set ?
Possible completions:
> access                      Network access configuration
> access-profile              Access profile for this instance
> accounting-options          Accounting data configuration
> applications                Define applications by protocol characteristics
+ apply-groups                Groups from which to inherit configuration data
> chassis                     Chassis configuration
> class-of-service            Class-of-service configuration
> demux                
> diameter                    Diameter protocol layer
> ethernet-switching-options  Ethernet-switching configuration options
> event-options               Event processing configuration
> firewall                    Define a firewall configuration
> forwarding-options          Configure options to control packet forwarding
> groups                      Configuration groups
> interfaces                  Interface configuration
> jsrc                        JSRC partition configuration
> jsrc-partition              JSRC partition configuration
> multicast-snooping-options  Multicast snooping option configuration
> policy-options              Routing policy option configuration
> protocols                   Routing protocol configuration
> routing-instances           Routing instance configuration
> routing-options             Protocol-independent routing option configuration
> schedulers                  Security scheduler
> security                    Security configuration
> services                    Service PIC applications settings
> smtp                        Simple Mail Transfer Protocol service configuration
> snmp                        Simple Network Management Protocol configuration
> system                      System parameters
> vlans                       VLAN configuration

Factory Default

You can tell that a JunOS device that has the Factory Default Settings on it by only being able to log into it with the root account with no password and the system hostname will be Amnesiac. To restore a device to its factory default settings, you can run the following command

metacortex@CommanderSpringvale# load factory-default
warning: activating factory configuration

metacortex@CommanderSpringvale# set system root-authentication plain-text-password
New password:
Retype new password:

metacortex@CommanderSpringvale# commit
commit complete
  • NOTE: JunOS will not allow you to commit any changes when the root password is blank

Configuration Modification

JunOS uses a batch commit style of making configuration changes as opposed to Cisco. On a Cisco device, when you type a command into it and hit enter, that change takes effect immediately. On JunOS devices, you can make all the configuration changes you want but they do not take effect until you commit them. Here is the process of making a change to the configuration.

Candidate Configuration

When you enter configuration mode, JunOS gives you a copy of the current running config. This copy is called a Candidate Configuration because making changes to it does not effect the current operation of the device. To make a candidate configuration the current running configuration you issue to command commit. Whenever you are in configuration mode, you are making changes to the Candidate Configuration.

Running Configuration

When you commit a Candidate Configuration, it becomes the Running Configuration. This is the configuration that the devices is using to process transit traffic and exception traffic. You can always reference the running configuration as "rollback 0". For instance, if you want to completly erase all the changes you made to a candidate configuration and want to start from the configuration that the device is currently running you issue a "rollback 0" command.

Previously Commited Configurations

Most JunOS devices keep 49 of the last committed configurations (some of the smaller SRX boxes default to 5 but this is configurable). These configurations are stored in chronological order were 0 is the current running config, 1 is the one the device was using before the last commit and so on. If you ever need to make a previous configuration active again you would rollback to it and then commit. These previous configurations are used primarily with commit confirm (where if you commit and you are not able to confirm it after a certain amount of time, it will then rollback 1 and then commit on its own) and showing configuration changes using the "show | compare rollback x" command.

Personal tools