The Junos command-line interface (CLI) is the software interface used to access your device. From here you configure the device, monitor its operations, and adjust the configuration as needed.
Introducing the Junos OS Command-Line Interface
The Junos operating system (Junos OS) command-line interface (CLI) is the software interface you use to access a device running Junos OS—whether from the console or through a network connection.
The Junos OS CLI is a Juniper Networks-specific command shell that runs on top of a FreeBSD UNIX-based operating system kernel. Through the use of industry-standard tools and utilities, the CLI provides a powerful set of commands that you can use to monitor and configure devices running Junos OS.
The Junos OS CLI has two modes:
Operational mode—This mode displays the current status of the device. In operational mode, you enter commands to monitor and troubleshoot the Junos OS, devices, and network connectivity.
Configuration mode—This mode enables you to configure the device. A configuration is stored as a hierarchy of configuration statements. In this mode, you enter statements to configure all properties of the device, including interfaces, general routing information, routing protocols, user access, and several system and hardware properties.
When you enter configuration mode, you are actually viewing and changing a file called the candidate configuration. The candidate configuration file enables you to make configuration changes without causing operational changes to the current operating configuration, called the active configuration. The router or switch does not implement the changes you added to the candidate configuration file until you commit them, which activates the configuration on the device. Candidate configurations enable you to alter your configuration without causing potential damage to your current network operations.
Key Features of the CLI
The Junos OS CLI commands and statements follow a hierarchal organization and have a regular syntax. The Junos OS CLI provides the following features to simplify CLI use:
Consistent command names—Commands that provide the same type of function have the same name, regardless of the software on which they are operating. For example, all show commands display software information and statistics, and all clear commands erase various types of system information.
Lists and short descriptions of available commands—Information about available commands is provided at each level of the CLI command hierarchy. If you type a question mark (?) at any level, you see a list of the available commands along with a short description of each. This means that if you already are familiar with the Junos OS or with other routing software, you can use many of the CLI commands without referring to the documentation.
Command completion—Command completion for command names (keywords) and for command options is available at each level of the hierarchy. To complete a command or option that you have partially typed, press the Tab key or the Spacebar. If the partially typed letters begin a string that uniquely identifies a command, the complete command name appears. Otherwise, a beep indicates that you have entered an ambiguous command, and the possible completions are displayed. Completion also applies to other strings, such as filenames, interface names, usernames, and configuration statements.
If you have typed the mandatory arguments for executing a command in the operational or configuration mode the CLI displays <[Enter]> as one of the choices when you type a question mark (?). This indicates that you have entered the mandatory arguments and can execute the command at that level without specifying any further options. Likewise, the CLI also displays <[Enter]> when you have reached a specific hierarchy level in the configuration mode and do not have to enter any more mandatory arguments or statements.
Industry-standard technology—With FreeBSD UNIX as the kernel, a variety of UNIX utilities are available on the Junos OS CLI. For example, you can:
Use regular expression matching to locate and replace values and identifiers in a configuration, filter command output, or examine log file entries.
Use Emacs-based key sequences to move around on a command line and scroll through the recently executed commands and command output.
Store and archive Junos OS device files on a UNIX-based file system.
Use standard UNIX conventions to specify filenames and paths.
Exit from the CLI environment and create a UNIX C shell or Bourne shell to navigate the file system, manage router processes, and so on.
Understanding the Junos OS CLI Modes, Commands, and Statement Hierarchies
The Junos OS command-line interface (CLI) commands and statements are organized under two command modes and various hierarchies. The following sections provide an overview of the Junos OS CLI command modes and commands and statements hierarchies.
Junos OS CLI Command Modes
The Junos OS CLI has two modes:
Operational mode—This mode displays the current status of the device. In operational mode, you enter commands to monitor and troubleshoot the Junos OS, devices, and network connectivity. To enter the operational mode, type the CLI command. The character “>” identifies operational mode. For example, user@router>
Configuration mode—A configuration for a device running on Junos OS is stored as a hierarchy of statements. In configuration mode, you enter these statements to define all properties of the Junos OS, including interfaces, general routing information, routing protocols, user access, and several system and hardware properties. You enter the configuration mode by issuing the configure command from the operational mode. The character “#” identifies configuration mode. For example, user@router#
When you enter configuration mode, you are viewing and changing a file called the candidate configuration. The candidate configuration file enables you to make configuration changes without causing operational changes to the current operating configuration, called the active configuration. The router or switch does not implement the changes you added to the candidate configuration file until you commit them, which activates the configuration on the device. Candidate configurations enable you to alter your configuration without causing potential interruptions in your current network operations.
CLI Command Hierarchy
CLI commands are organized in a hierarchy. Commands that perform a similar function are grouped together under the same level of the hierarchy. For example, all commands that display information about the system and the system software are grouped under the show system command, and all commands that display information about the routing table are grouped under the show route command.
To execute a command, enter the full command name, starting at the top level of the hierarchy. For example, to display a brief view of the routes in the routing table, use the command show route brief.
Configuration Statement Hierarchy
The configuration statement hierarchy has two types of statements: Container statements, which are statements that contain other statements, and leaf statements, which do not contain other statements. All the container and leaf statements together form the configuration hierarchy.
The following illustration shows a part of the hierarchy tree. The protocols statement is a top-level statement at the trunk of the configuration tree. The ospf, area, and interface statements are all subordinate container statements of a higher statement (they are branches of the hierarchy tree), and the hello-interval statement is a leaf on the tree.
Moving Among Hierarchy Levels
The following table shows the CLI commands used to navigate the levels of the configuration statement hierarchy.
Table 1: CLI Configuration Mode Navigation Commands
Moves to an existing configuration statement hierarchy or creates a hierarchy and moves to that level.
Moves up the hierarchy to the previous level where you were working. This command is, in effect, the opposite of the edit command. Alternatively, you can use the quit command. The exit and quit commands are interchangeable.
Moves up the hierarchy one level at a time.
Moves directly to the top level of the hierarchy.
Other Tools to Configure and Monitor Devices Running Junos OS
Apart from the command-line interface, Junos OS also supports the following applications, scripts, and utilities that enable you to configure and monitor devices running Junos OS:
J-Web graphical user interface (GUI)—Available on select Juniper Networks devices, the J-Web GUI allows you to monitor, configure, troubleshoot, and manage the router on a client by means of a Web browser with Hypertext Transfer Protocol (HTTP) or HTTP over Secure Sockets Layer (HTTPS) enabled. For more information, see the J-Web Interface User Guide.
Junos XML management protocol—The Junos XML management protocol allows you to monitor and configure Juniper Networks devices. Juniper Networks provides a Perl module with the API to help you more quickly and easily develop custom Perl scripts for configuring and monitoring routers. For more information, see the Junos XML Management Protocol Developer Guide.
NETCONF Application Programming Interface (API)—You can also use the NETCONF XML management protocol to monitor and configure Juniper Networks routers. For more information, see the NETCONF XML Management Protocol Developer Guide.
Junos OS commit scripts and self-diagnosis features—You can define scripts to enforce custom configuration rules, use commit script macros to provide simplified aliases for frequently used configuration statements, and configure diagnostic event policies and actions associated with each policy. For more information, see the Automation Scripting Feature Guide.
Management Information Bases (MIBs)—You can use enterprise-specific and standard MIBS to retrieve information about the hardware and software components on a Juniper Networks device. For more information about MIBs, see the Network Management and Monitoring Guide.
Configuring Junos OS in a FIPS Environment
Junos-FIPS enables you to configure a network of Juniper Networks devices in a Federal Information Processing Standards (FIPS) 140-2 environment.
The Junos-FIPS software environment requires the installation of FIPS software by a crypto officer. In Junos-FIPS, some Junos OS commands and statements have restrictions and some additional configuration statements are available. For more information, see the following resources:
Common Criteria and FIPS Certifications—Provides links to guidelines for configuring devices running Junos OS so the secure environment complies with the requirements of public sector certifications such as Common Criteria (CC) and FIPS certification.
Compliance Advisor—A Web application that provides regulatory compliance information about Common Criteria, FIPS, Homologation, ROHS2, and USGv6 for Juniper Networks products.