Junos UI
From Juniper JSRX Wiki
Contents |
Overview
A User Interface (UI) is what you use to interact with a computer. There are 2 main UI's for Junos. The Command Line Interface (CLI) and the Web Based Graphical User Interface (GUI) J-Web.
CLI
The Command Line Interface is what you get when you Telnet, SSH, or use the Console Port of the device. It is very simple and all text based. There are no pretty colors or graphs here. The CLI is the most powerful, flexible, stable, and consistent way to manage a JunOS box.
Loging In
When you log into a box, you will see the following process:
Login: metacortex Password: --- JUNOS 9.5R1.8 built 2009-04-13 20:03:09 UTC metacortex@ArchmageArugal>
If we dissect this:
"Login: metacortex" - This is where you enter the user name to log in as and press enter
- Note: When logging in for the first time, the username is "root" and there is no password
"Password: " - Here you enter the password. Nothing will display on the screen as you type for security reasons.
"--- JUNOS 9.5R1.8 built 2009-04-13 20:03:09 UTC" - This shows you what version of JunOS your running and when it was built
"metacortex@ArchmageArugal>" - This is the prompt. This is where you type commands. It shows you the user your loged in as (metacortex) and the hostname of the box (ArchmageArugal) as well as what mode your in (>)
Modes
There are 3 modes you can be in
Operational Mode
This mode is used for monitoring and troubleshooting of the device. You can monitor all of the hardware components, test network connectivity, and view the current running configuration. You can not make configuration changes in this mode. Operational Mode is the mode you are placed into when initially logging in (except for the root acount). This mode is indicated by the greater than sign at the end of the prompt
metacortex@ArchmageArugal>
Common Operational Mode commands can be found here
Configuration Mode
This mode is used for making configuration changes to JunOS. Configuration would include (but not limited to) interface ip address, routing protocol configuration, and user access/control. When we get into configuration mode, you will see something new added to the top of the prompt and the greater than sign will change to a pound sign to reflect we are in configuration mode.
[edit] metacortex@ArchmageArugal#
The [edit] top of the prompt signifies what section of the XML configuration tree we are currently sitting in. When it displays [edit], we are at the very top of the configuration. Issuing a show will output the entire configuration from that section down. For instance, if we wanted just to see the configuration of the interfaces we would run the following commands
[edit]
metacortex@ArchmageArugal# edit interfaces
[edit interfaces]
metacortex@ArchmageArugal# show
ge-0/0/0 {
unit 0 {
family inet {
address 6.6.6.6/30;
}
}
}
Notice how the [edit] changed to [edit interfaces]? We can also view a specific section of the tree by specifying it in the show command like so
[edit]
metacortex@ArchmageArugal# show interfaces
ge-0/0/0 {
unit 0 {
family inet {
address 6.6.6.6/30;
}
}
}
You can also run any Operational Mode command in Configuration Mode by appending "run" to the beginning of it like so:
[edit] metacortex@ArchmageArugal# run ping 4.2.2.2 rapid count 5 PING 4.2.2.2 (4.2.2.2): 56 data bytes !!!!! --- 4.2.2.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.305/0.519/1.272/0.377 ms
Common Configuration Mode commands can be found here
Using the CLI
Show
This shows everything in the configuration from the current level down
[edit]
metacortex@ArchmageArugal# show
## Last changed: 2009-12-24 03:11:43 UTC
version 9.6R2.11;
system {
host-name ArchmageArugal;
root-authentication {
encrypted-password "$1$iW071u1Z$VnoweWgzTpM6zJP9NYfwq0"; ## SECRET-DATA
}
login {
message "This is my login banner!";
user lab {
uid 2000;
class superuser;
authentication {
encrypted-password "$1$Y7A5lhIu$K6ivfoJj86BYFMph1Mwr.1"; ## SECRET-DATA
}
}
}
services {
ftp;
ssh;
telnet;
outbound-ssh {
client nsm {
device-id 0618AC;
secret "$9$LHc7VYJZj.fzDi.5zFtpIEcylM2gJ"; ## SECRET-DATA
services netconf;
172.18.68.188 port 7804;
}
}
web-management {
http {
interface ge-0/0/0.0;
}
}
}
syslog {
user * {
any emergency;
...
Edit
Edit is used to move around to different sections and levels of the configuration
[edit]
metacortex@ArchmageArugal# edit interface ge-0/0/0
[edit]
metacortex@ArchmageArugal# show
unit 0 {
family inet {
address 6.6.6.6/24;
}
}
[edit interfaces]
metacortex@ArchmageArugal# top edit security nat source
[edit security nat source]
metacortex@ArchmageArugal# show
rule-set INTERFACE-NAT {
from zone trust;
to zone untrust;
rule INSIDE2OUT {
match {
source-address 20.20.20.0/24;
}
then {
source-nat {
interface;
}
}
}
Set
The set command is used to assign a value to something in the configuration. You can set something from anywhere in the configuration
[edit] metacortex@ArchmageArugal# set interface ge-0/0/0 unit 0 family inet address 6.6.6.6/24
[edit interface ge-0/0/0 unit 0 family inet] metacortex@ArchmageArugal# set address 6.6.6.6/24
[edit security nat source] metacortex@ArchmageArugal# top set interface ge-0/0/0 unit 0 family inet address 6.6.6.6/24
Auto-Complete
JunOS has two options for auto complete. First you can use the spacebar to auto complete a command or you can used the tab key to auto complete the command. They do the same thing except for one big difference. The Tab key has the ability to auto complete variables such as custom names where as the space bar can not. It is hard to show an example of auto complete because unlike Cisco, it auto completes without a line break so I will leave it to you to play with.
Question Mark
One of the most used features of the CLI is the question mark (?). Similar to other vendors products, you can use the question mark in any part of the command to show valid completions. Here is an example
[edit] metacortex@ArchmageArugal# ? Possible completions: clear Clear information in the system configure Manipulate software configuration information file Perform file operations help Provide help information ...
[edit] metacortex@ArchmageArugal# clear ? Possible completions: arp Clear address resolution information bfd Clear Bidirectional Forwarding Detection information bgp Clear Boarder Gateway Protocol information dhcp Clear DHCP information ...
[edit] metacortex@ArchmageArugal# clear b? Possible completions: bfd Clear Bidirectional Forwarding Detection information bgp Clear Boarder Gateway Protocol information
Pipe
The pipe (|) is the exact same as you would use it on *nix, screenOS, and IOS. Pipe takes the output of one command and uses it as the input of another command. Here are the options you can used with pipe.
[edit] root@Twix# show | ? Possible completions: compare Compare configuration changes with prior version count Count occurrences display Show additional kinds of information except Show only text that does not match a pattern find Search for first occurrence of pattern hold Hold text without exiting the prompt last Display end of output only match Show only text that matches a pattern no-more Don't paginate output request Make system-level requests resolve Resolve IP addresses save Save output text to file trim Trim specified number of columns from start of line
Help
The help command is very useful if you are looking for some assistance in JunOS
Reference
Help reference will show you everything you need to know about a given command
[edit]
metacortex@ArchmageArugal# help reference interfaces address
address
Syntax
address address {
arp ip-address (mac | multicast-mac) mac-address <publish>;
broadcast address;
destination address;
destination-profile name;
eui-64;
master-only;
multipoint-destination address dlci dlci-identifier;
multipoint-destination address {
epd-threshold cells;
inverse-arp;
oam-liveness {
up-count cells;
down-count cells;
}
...
Apropos
If you remember one or two parts of a command but cant remember the full command, you can use help apropos to help you find that command
[edit]
metacortex@ArchmageArugal# help apropos ssh
set dynamic-profiles <profile-name> routing-instances <instance_name> routing-options flow route <route_name> match port ssh
Secure shell
set dynamic-profiles <profile-name> routing-instances <instance_name> routing-options flow route <route_name> match destination-port ssh
Secure shell
set dynamic-profiles <profile-name> routing-instances <instance_name> routing-options flow route <route_name> match source-port ssh
Secure shell
set dynamic-profiles <profile-name> firewall family inet filter <filter-name> term <rule-name> from source-port ssh
Secure shell
set dynamic-profiles <profile-name> firewall family inet filter <filter-name> term <rule-name> from source-port-except ssh
Secure shell
set dynamic-profiles <profile-name> firewall family inet filter <filter-name> term <rule-name> from destination-port ssh
Secure shell
set dynamic-profiles <profile-name> firewall family inet filter <filter-name> term <rule-name> from destination-port-except ssh
Secure shell
set dynamic-profiles <profile-name> firewall family inet filter <filter-name> term <rule-name> from port ssh
J-Web
The J-Web is a web based GUI for JunOS. The J-Web has been very inconstant and changing consistently so at this time, I will not cover it very much at all.
