[Contents] [Prev] [Next] [Index] [Report an Error]

Monitoring the Current Configuration

Use the commands described in this section to monitor the current (running) configuration of the system.

You can use the show configuration command to display information when the router is in Automatic Commit mode. In Automatic Commit mode, the system automatically saves any change to the system configuration to nonvolatile storage (NVS).

You can use the show running-configuration command to display information when the router is in Manual Commit mode. In Manual Commit mode, any configuration change affects only the current (running) system configuration.

For more information about saving the current configuration in Automatic Commit mode or Manual Commit mode, see Saving the Current Configuration.

Defining the Configuration Output Format

The JUNOSe show configuration command displays the entire system configuration. For very large configurations, the show configuration report can take a long time to generate and display.

The service show-config format command enables you to run the show configuration command using one of two formats—original format (format 1; the default) and a format that provides a much faster output (format 2). Using format 2 can significantly reduce the amount of time it takes to generate and display configurations that contain three or more virtual routers and a large number of interfaces.

The primary difference between format 1 and format 2 output is the way in which each displays layer 2 and layer 3 interface configurations. Table 29 indicates where layer 2 and layer 3 interface configurations appear within the show configuration command output when the system is using format 1 or format 2.

Table 29: Output Locations for Layer 2 and Layer 3 Interface Configurations

Format	Layer 2 Only Interfaces	Layer 3 Only Interfaces	Layer 2 and Layer 3 Combination Interfaces
Format 1	Entire configuration appears in the default router output	Entire configuration appears in the layer 3 virtual router output	Layer 2 configuration appears in the default router the layer 3 virtual router output
Format 2	Entire configuration appears in the default router output	Entire configuration appears in the layer 3 virtual router output	Layer 2 configuration appears in the default router output; layer 3 configuration appears in the layer 3 virtual router output

The following examples show the differences between format 1 and format 2 output:

Example 1

Format 1 output

virtual-router default
…
interface null 0
interface loopback 0
 ip address 127.0.0.1 255.0.0.0
! 
interface ip shAtm50126
 ip share-interface atm 5/0.126
! 
interface ip MikeShare2
 ip share-interface atm 5/1.1
! 
interface atm 5/0
interface atm 5/0.100 point-to-point
 atm pvc 100 0 100 aal5snap 0 0 0
 encapsulation pppoe
 pppoe sessions 1
! 
interface atm 5/0.100.1
 encapsulation ppp
 ppp authentication chap
 ip address 102.0.1.1 255.255.255.0
! 
interface atm 5/0.102 multipoint
 atm pvc 1021 0 1021 aal5snap 0 0 0
 atm pvc 1022 0 1022 aal5snap 0 0 0
 atm pvc 1023 0 1023 aal5snap 0 0 0
 ip address 102.0.2.1 255.255.255.0
! 
interface atm 5/0.103 point-to-point
 atm pvc 103 0 103 aal5snap 0 0 0
 encapsulation bridge1483
 ip address 100.0.0.1 255.255.255.0
 pppoe
! 
pppoe subinterface atm 5/0.103.1
 encapsulation ppp
 ppp authentication pap
 ip address 100.0.1.1 255.255.255.0
!         
interface atm 5/0.104 point-to-point
 atm pvc 104 0 104 aal5snap 0 0 0
 ip address 150.0.1.1 255.255.255.0
 ipv6 address 2000:0:17::1/60
! 
interface atm 5/0.126 point-to-point
! 
interface atm 5/1
interface atm 5/1.1 point-to-point
interface atm 5/1.100 point-to-point
 atm pvc 100 0 100 aal5snap 0 0 0
 encapsulation pppoe
 pppoe sessions 1
! 
interface atm 5/1.100.1
 encapsulation ppp
 ppp authentication chap
! 
interface atm 5/1.102 multipoint
 atm pvc 1021 0 1021 aal5snap 0 0 0
 atm pvc 1022 0 1022 aal5snap 0 0 0
 atm pvc 1023 0 1023 aal5snap 0 0 0
! 
interface atm 5/1.103 point-to-point
 atm pvc 103 0 103 aal5snap 0 0 0
 encapsulation bridge1483
 pppoe
! 
pppoe subinterface atm 5/1.103.1
 encapsulation ppp
 ppp authentication pap
! 
interface atm 5/1.104 point-to-point
 atm pvc 104 0 104 aal5snap 0 0 0
! 
interface atm 5/1.125 point-to-point
! 
interface fastEthernet 0/0
 ip address 10.13.5.196 255.255.128.0
! 
interface mlppp joe
! 
ip route 0.0.0.0 0.0.0.0 10.13.5.1
ip route 40.0.0.0 255.0.0.0 atm5/0.104
ip route 172.28.32.70 255.255.255.255 10.13.5.1
no ip source-route
! 
! 
ipv6
!         
! ============================================================================
virtual-router foo
…
interface null 0
interface loopback 0
 ip address 127.0.0.2 255.0.0.0
! 
interface atm 5/1.100.1
 ip address 102.0.1.2 255.255.255.0
! 
interface atm 5/1.102
 ip address 102.0.2.2 255.255.255.0
! 
interface atm 5/1.103
 ip address 100.0.0.2 255.255.255.0
!         
interface atm 5/1.103.1
 ip address 100.0.1.2 255.255.255.0
! 
interface atm 5/1.104
 ip address 150.0.1.2 255.255.255.0
 ipv6 address 2000:0:17::2/60
! 
ip route 30.0.0.0 255.0.0.0 atm5/1.104
no ip source-route
! 
! 
ipv6

Example 2

Format 2 output

service show-config format 2
…
virtual-router default
…
interface atm 5/0
interface atm 5/0.100 point-to-point
 atm pvc 100 0 100 aal5snap 0 0 0
 encapsulation pppoe
 pppoe sessions 1
! 
interface atm 5/0.100.1
 encapsulation ppp
 ppp authentication chap
!         
interface atm 5/0.102 multipoint
 atm pvc 1021 0 1021 aal5snap 0 0 0
 atm pvc 1022 0 1022 aal5snap 0 0 0
 atm pvc 1023 0 1023 aal5snap 0 0 0
! 
interface atm 5/0.103 point-to-point
 atm pvc 103 0 103 aal5snap 0 0 0
 encapsulation bridge1483
 pppoe
! 
pppoe subinterface atm 5/0.103.1
 encapsulation ppp
 ppp authentication pap
! 
interface atm 5/0.104 point-to-point
 atm pvc 104 0 104 aal5snap 0 0 0
! 
interface atm 5/0.126 point-to-point
! 
interface atm 5/1
interface atm 5/1.1 point-to-point
interface atm 5/1.100 point-to-point
 atm pvc 100 0 100 aal5snap 0 0 0
 encapsulation pppoe
 pppoe sessions 1
!         
interface atm 5/1.100.1
 encapsulation ppp
 ppp authentication chap
! 
interface atm 5/1.102 multipoint
 atm pvc 1021 0 1021 aal5snap 0 0 0
 atm pvc 1022 0 1022 aal5snap 0 0 0
 atm pvc 1023 0 1023 aal5snap 0 0 0
! 
interface atm 5/1.103 point-to-point
 atm pvc 103 0 103 aal5snap 0 0 0
 encapsulation bridge1483
 pppoe
! 
pppoe subinterface atm 5/1.103.1
 encapsulation ppp
 ppp authentication pap
! 
interface atm 5/1.104 point-to-point
 atm pvc 104 0 104 aal5snap 0 0 0
! 
interface atm 5/1.125 point-to-point
! 
interface fastEthernet 0/0
interface null 0
interface loopback 0
 ip address 127.0.0.1 255.0.0.0
! 
interface ip shAtm50126
 ip share-interface atm 5/0.126
! 
interface ip MikeShare2
 ip share-interface atm 5/1.1
! 
interface mlppp joe
interface fastEthernet 0/0
 ip address 10.13.5.196 255.255.128.0
! 
interface atm 5/0.100.1
 ip address 102.0.1.1 255.255.255.0
! 
interface atm 5/0.102
 ip address 102.0.2.1 255.255.255.0
! 
interface atm 5/0.103
 ip address 100.0.0.1 255.255.255.0
! 
interface atm 5/0.103.1
 ip address 100.0.1.1 255.255.255.0
!         
interface atm 5/0.104
 ip address 150.0.1.1 255.255.255.0
 ipv6 address 2000:0:17::1/60
! 
ip route 0.0.0.0 0.0.0.0 10.13.5.1
ip route 40.0.0.0 255.0.0.0 atm5/0.104
ip route 172.28.32.70 255.255.255.255 10.13.5.1
no ip source-route
! 
! 
ipv6
! 
! ============================================================================
virtual-router foo
…
interface null 0
interface loopback 0
 ip address 127.0.0.2 255.0.0.0
! 
interface atm 5/1.100.1
 ip address 102.0.1.2 255.255.255.0
! 
interface atm 5/1.102
 ip address 102.0.2.2 255.255.255.0
! 
interface atm 5/1.103
 ip address 100.0.0.2 255.255.255.0
! 
interface atm 5/1.103.1
 ip address 100.0.1.2 255.255.255.0
! 
interface atm 5/1.104
 ip address 150.0.1.2 255.255.255.0
 ipv6 address 2000:0:17::2/60
! 
ip route 30.0.0.0 255.0.0.0 atm5/1.104
no ip source-route
!

Customizing the Configuration Output

You can customize the configuration information by including or excluding lines of output based on the keywords described in this section.

Using a keyword with the show configuration command might be more effective than using show configuration | begin. When show configuration is used with a specific keyword, the current configuration is quickly determined and displayed for only that specified keyword. Executing show configuration | begin causes all output of show configuration to be generated, but the output is not displayed until the begin criterion is met.

Use the virtual-router keyword to display the current configuration of a specified virtual router. You can combine the virtual-router keyword with the category keyword to display the current configuration of specific settings for a virtual router.

Use the interface keyword to display the current configuration of a particular interface. Use the type keyword to target specific interface types. You can exclude information about particular types of interfaces using the exclude-category interface keyword.You can exclude information about particular types of interfaces using the exclude-category interface keyword.

Use the category keyword to display the current configuration of a specific group of router settings. The settings are organized in categories by function.

Use the tag-group keyword with the category interfaces keywords to tag interfaces as belonging to a specific group and display all interfaces within a group.

Use the tag-group command to configure an interface tag group. Any number of interfaces can be in a tag group. The following interface types cannot be added to tag groups: tunnel, lag, mlppp, and mlframe-relay. An interface can be in only one tag group.

Table 30 describes the categories of router settings and the type of information displayed for each category.

Table 30: Categories of Router Settings

Category	Configuration Displayed
aaa	Authentication, authorization, and accounting (AAA) settings, such as the default authentication protocol and the RADIUS accounting server
address-assignment	Address assignment settings for Dynamic Host Configuration Protocol (DHCP) and the local address server
flow-management	Flow management settings, such as firewalls, Network Address Translation (NAT), and IP flow statistics
interfaces	Physical interfaces (types and specifiers); this is the only category that displays information about interfaces
ip-protocols	Internet protocols, such as Border Gateway Protocol (BGP) and Open Shortest Path First (OSPF)
link-layer-forwarding	Link-layer settings, such as bridged interfaces and link-layer interface types
management	Router management settings, such as the CLI, bulk statistics, and Telnet
physical-layer-protocols	Physical layer protocols, such as DS1, DS3, and SONET/SDH
policy	Policy settings, such as policy lists, classifier groups, and rate-limit profiles
qos	Quality of service (QoS) settings, such as traffic class, drop profile, and scheduler profile
system	System-level settings, such as timing, logging, and redundancy
tunneling	Tunneling protocols, such as IP Security (IPSec), Multiprotocol Label Switching (MPLS), and Layer Two Tunneling Protocol (L2TP)

Many of the categories described in Table 30 contain subcategories of router settings. For example, you can specify show configuration category management cli to display only the configuration for the CLI. To display the names of subcategories that you can specify for each category, issue the show configuration category categoryName ? command.

You can combine the category keyword with the virtual-router keyword to display the current configuration of specific settings for a virtual router.

Note: When you specify categories with the show configuration command, the output might display additional configuration data that is not explicitly associated with the categories that you specified.

service show-config

Use to define the show configuration command display output.
Specify format 1 to display the show configuration command output in its original format.
Specify format 2 to significantly reduce the amount of time it takes to generate and display output for configurations that contain three or more virtual routers and a large number of interfaces.
Examplehost1#service show-config format 2
Use the no version to revert the show configuration command output format to its default (format 1).
See service show-config.

show configuration

Use to display the current configuration of the system, a specified virtual router, a specified interface, or a specified category of router settings.
This command was formerly documented as show config; that abbreviation is still supported.
You can create a configuration script from the output by saving it as a file with the .scr extension.
This command provides configuration information based on the privilege level of the session (user). The output does not display any configuration data for commands that have privilege levels higher than that of the session. For example, if the session is enabled at level 5, issuing the show configuration command displays only output for commands at level 5 and below. For more information, see CLI Command Privileges.
You can use the output filtering feature of the show command to include or exclude lines of output based on a text string you specify. See Command-Line Interface, for details.

Example

host1# show configuration
! Configuration script being generated on TUE JAN 29 200X 00:31:12 UTC! Juniper Networks Edge Routing Switch ERX-700
! Version: x.y.z (January 18, 200X 15:01)
! Copyright (c) 1999-200X Juniper Networks, Inc. All rights reserved.
Commands displayed are limited to those available at privilege level 10
! Juniper Networks Edge Routing Switch ERX-700
boot config running-configuration
boot system erx_x-y-z.rel
no boot backup
no boot subsystem
no boot backup subsystem
no boot force-backup
!
! Note: The following commands are here to ensure that all virtual routers and
! vrfs are created before other commands that may need to reference them.
! These commands will be repeated further on as each virtual router and vrf
! has its configuration presented.
!
virtual-router default
virtual-router boston
!
ip vrf vpna
virtual-router vrA
!
hostname host1
exception protocol ftp anonymous null
!
controller t1 6/0
channel-group 2 timeslots 1,3-8,10 speed 64
.
.
.
!
virtual-router vrA
aaa authentication ppp default radius
aaa accounting ppp default radius
!
ip address-pool local
interface null 0
ip bgp-community new-format
no ip source-route
!
snmp-server
!
! End of generated configuration script.
Example using interface keyword:
host1# show configuration interface serial 4/0
interface atm 4/0
atm vc-per-vp 1024
atm uni-version 3.0
!
interface atm 4/0.1 point-to-point
profile pppoe myProfile
qos-profile myQosProfile
!
interface atm 4/0.2 point-to-point
qos-profile myQosProfile
ip description TestIP
!
interface atm 4/0.3 point-to-point
Example using category keyword:
host1# show configuration category system file-system
boot config running-configuration
boot system m.rel
no boot backup
no boot subsystem
no boot backup subsystem

See show configuration.

show running-configuration

Use to display the configuration currently running on the router, a specified virtual router, a specified interface, or a specified category of router settings.
Examplehost1#show running-configuration
Example 2host1#show running-configuration interface serial 4/0
Example 3host1#show running-configuration category system file-system
See show running-configuration.

tag-group

Use to configure an interface tag group.
Any number of interfaces can be in a tag group.
Interface types tunnel, lag, mlppp, and mlframe-relay cannot be added to tag groups.
An interface can be in only one tag group.
Examplehost1(config-if)#tag-group red
Use the no version to remove the tag group.
See tag-group.

Detecting Corrupt File Configurations

You can detect corruption of running configuration files and CNF files on both the primary and the standby SRP when the corruption is due to a fatal duplicate key error. CNF files must be present on the active file system to monitor them; you cannot monitor CNF files that reside alone on the standby SRP.

You can use the service check-configcommand to control the mode of detection for corruption detection of the running configuration. Auto mode provides a background monitoring task that periodically checks the validity of running configurations. The service config-monitor-periodictycommand enables you to set the time for background monitoring of the active and standby SRP. By default, background monitoring is not running. Manual mode is the default detection mode. For corruption detection of the CNF files, you must use manual mode.

A critical message to take further corrective action is logged in all the cases of corruption detection to ensure that an SRP reset does not occur and that the system recovers with the last known good configuration.

When duplicate key corruption is detected in either the active or standby SRP:

File synchronization between the active and standby SRP occurs when HA is enabled. Configuration files are not synchronized to the standby SRP. You can restart file synchronization of configuration files only when you reinitialize the flash file system on the corrupted SRP.
If HA is disabled, you cannot enable HA until you reinitialize the flash file system on the corrupted system. HA is disabled because of the redundancy corruption criteria. HA cannot be reenabled until the flash file system is reinitialized on the corrupted system.
You cannot initialize unified ISSU until you reinitialize the flash file system on the corrupted system. If the corruption is detected after unified ISSU is initialized, HA is disabled, which then sets a redundancy criteria for corruption that prevents unified ISSU from starting.
If monitoring is configured to run in auto mode when unified ISSU starts, monitoring reverts back to manual mode to prevent monitoring during a unified ISSU upgrade. After a successful unified ISSU upgrade, monitoring switches back to the originally configured mode on both SRPs.

File synchronization and monitoring the file system are separate operations. Depending on the wake up time of the monitoring task, there is a period of time when corruption can occur and the file systems are synchronized. We recommend that you run the manual command to check the file system before you enable HA or perform any unified ISSU-related operations

service check-config

Use to detect corruption of running configuration files and CNF files on the primary SRP and the standby SRP when it is due to a fatal duplicate key error. You cannot monitor CNF files on the standby SRP.
Auto mode checks the running configuration at regular intervals; auto mode cannot be used for CNF files.
Use the default version to restore the default setting, manual detection.
Examplehost1(config)#service config-check auto
Use the no version to restore the default action, manual detection.
See service check-config.

service config-monitor-periodicity

Use to set the time for background monitoring of the active and standby SRP. By default, background monitoring is not running. For corruption detection of the CNF files, you must use manual mode.
Auto mode checks the running configuration at regular intervals; auto mode cannot be used for CNF files.
Use the default version to restore the default setting, manual detection.
Examplehost1(config)#service config-monitor-periodicity 2000
There is nono version.
See service config-monitor-periodicity.

show service config-monitor-periodicity

Use to display the time of the monitoring task for detecting corruption of a running configuration on both the primary SRP and the standby SRP.

Example

host1#show service config-monitor-periodicity
config-monitor-periodicity = 2000

See show service config-monitor-periodicity.

[Contents] [Prev] [Next] [Index] [Report an Error]