Sei sulla pagina 1di 66

Module 3: The JUNOS Software CLI 3-1

Module 3: The J UNOS Software CLI


Operation & Troubleshooting Juniper
Networks Routers
Module 3: The JUNOS Software CLI 3-2
Module Objectives
l After successfully completing this module, you will be
able to:
Login to a Juniper Networks router
Issue operational mode commands
Enter the configuration mode
Navigate the candidate configuration
Modify the candidate configuration
Commit a new active configuration
Describe the JUNOS interface naming convention
This Module Discusses:
Logging in to a Juniper Networks router;
Operational mode commands;
Navigating the configuration hierarchy;
Committing a new configuration; and
Interface naming convention.
Module 3: The JUNOS Software CLI 3-3
Gaining Access to the CLI
l Where we are going
Accessing the routers management ports
User authentication
Logging in
Gaining Access to the CLI
Below is a list of the steps necessary to gain access to the command-line interface
(CLI). The following pages discuss these steps in detail.
Accessing the router: You can access the router via three management
portsconsole, auxiliary, or fxp0.
User authentication: You can be authenticated via a local password,
RADIUS, or TACACS.
Logging in: When a router is first received, you must log in first as root to
start the CLI and then create user-specific accounts.
Module 3: The JUNOS Software CLI 3-4
Access Routers Management Ports
l Console
Db9 EIA-232 @ 9600 Bps, 8/N/1-pre-configured
l Management port, using Telnet, SSH
Requires configuration
NC
C
NO
NC
C
NO
ACO/LT AUX/MODEM MGMT CONSOLE
OFFLINE ONLINE MASTER
OFFLINE ONLINE MASTER
RE0
RE1
FPC0
FPC1
FPC2
FPC3
FAIL OK
FAIL OK
FAIL OK
FAIL OK
Console Port
The console Port is the only pre-configured port on the router. You use the console
port to access the CLI.
The JUNOS Internet software CLI is the interface to the software that you use
whenever you access the router, either from the console or through a remote network
connection. The CLI starts automatically when you log in as a non-root user and
provides commands to perform various tasks, including configuring the JUNOS
software, and monitoring and troubleshooting the software, network connectivity, and
the router hardware.
The CLI is a straightforward command interface. You type a command on a single line,
and the command is executed when you press the Enter key.
Alternative Access
You can also access the CLI via the management port (fxp0) or auxiliary port. This
access requires configuration, however. Also, Telnet and SSH access is available.
Module 3: The JUNOS Software CLI 3-5
User Authentication
l Local
Name and password
Individual accounts and home directories
Per-user command class permissions
l RADIUS/TACACS+
TACACS+ (authentication only)
RADIUS allows authentication and per-class command
authorization
l Fall back to local authentication when
RADIUS/TACACS+ fails
lab2 (ttyd0)
login: Doug
Password:
Local
With local password authentication, you can configure a password for each user to log
into the router. After successfully logging in, the router displays the CLI prompt (>),
which is preceded by the name of the user and the name of the router.
RADIUS/TACACS
RADIUS and TACACS+ are authentication methods used for validating users who
attempt to access the router. They are both distributed client-server systems. The
RADIUS and TACACS+ clients run on the Juniper Networks router; the server runs on
a host connected to a remote network.
Authentication Order
You configure the router to be both a RADIUS and TACACS+ client, and you can
prioritize the order in which the software tries the different authentication methods
when verifying that a user can access the router. For each login attempt, the JUNOS
software tries the authentication methods in order, until the password matches.
Module 3: The JUNOS Software CLI 3-6
Logging In
HongKong (ttyp1)
login: Doug
Password:
--- JUNOS 5.0R1.4 built 2001-08-14 23:14:13 UTC
Doug@HongKong>
l When logging in:
Non-Root users are placed into CLI automatically
Root must start CLI from shell
Logging In
JUNOS software requires a user name and password for access. The router
administrator creates user accounts and assigns permissions. A new Juniper
Networks router has only the root user configured by default without any password.
You must start the CLI by typing cli from the shell.
Module 3: The JUNOS Software CLI 3-7
CLI Modes and Feature Overview
l Where we are going
CLI operational mode
Editing command lines
Command completion/history
Context-sensitive and documentation-based help
Unix style pipes
CLI configuration mode
Object-oriented hierarchy
Configuration groups
Jumping between levels
Candidate configuration with sanity checking
Automatic rollback capability
Showing portions of configuration while configuring
Running operational mode commands from within configuration
Saving, loading, and deleting configuration files
CLI Modes and Features
The visual shows some of the operational mode and configuration mode features.
Module 3: The JUNOS Software CLI 3-8
CLI Modes
l Operational mode
Monitor and troubleshoot the software, network connectivity,
and router hardware
l Configuration mode
Configure the router, including interfaces, general routing
information, routing protocols, user access, and system
hardware properties
Doug@lab2>
Doug@lab2#
[edit]
Operational Mode
In operational mode, you use the CLI to monitor and troubleshoot the router. The
monitor, ping, show, test, and traceroute commands let you display
information and statistics about the software running on the router, such as routing
table entries, and let you test network connectivity.
Configuration Mode
You configure the JUNOS software by entering configuration mode and creating a
hierarchy of configuration statements. You can configure all properties of the JUNOS
software, including interfaces, general routing information, routing protocols, and user
access, as well as several system hardware properties.
Module 3: The JUNOS Software CLI 3-9
CLI Operational Mode
Command hierarchy
brief
exact
protocol
table
terse
bgp
chassis
interfaces
isis
ospf
route
version
clear
configure
monitor
set
show
Command Hierarchy
CLI commands use a command option from a specific list, and a specific option can
use an additional option from that commands specific list. For example, use the show
command to display information about the system and the system software. One of the
possible options for the show command is route, which displays information about
routing tables.
Module 3: The JUNOS Software CLI 3-10
Operational Mode Commands
l Executed (mainly) from default CLI level (user@host>)
show
request
restart
ping
traceroute
clear
monitor
file
test
telnet
set
ssh
start
quit
Operational Mode Commands Summary
Below is a list of several kinds of operational mode commands.
Destructive
Non-destructive
Entering configuration mode
Controlling the CLI environment
Exiting the CLI
Monitoring and troubleshooting
clear
monitor
ping
show
test
traceroute
Connecting to other network systems
Copying files
Restarting software processes
Performing system-level operations
Module 3: The JUNOS Software CLI 3-11
Using | (pipe)
Used to filter command output
| compare
| count
| display
| except
| find
| hold
| match
| no-more
| resolve
| save
| trim
The Pipe Commands
For operational and configuration commands that display output, such as the show
commands, the output can be filtered. When help is displayed for these commands,
one of the options listed is |, called a pipe, which allows the command output to be
filtered. To filter the output of an operational mode or a configuration mode command,
add a pipe and option to the end of the command. The options are listed below.
compare ( filename | rollback n): Available in configuration mode
only using the show command. Compares configuration changes with
another configuration file.
count: Displays the number of lines in the output.
display detail: Available in configuration mode only. Displays
additional information about the contents of the configuration.
except regular-expression: Ignores a text matching a regular
expression when searching the output. If the regular expression contains
spaces, operators, or wildcard characters, you must enclose it in quotation
marks.
find regular-expression: Displays the output starting at the first
occurrence of text matching a regular expression. If the regular expression
contains spaces, operators, or wildcard characters, you must enclose it in
quotation marks.
hold: Holds text without exiting the -(more)-- prompt.
Continued on next page.
Module 3: The JUNOS Software CLI 3-12
The Pipe Commands (contd.)
match regular-expression: Searches for text matching a regular
expression. If the regular expression contains spaces, operators, or wildcard
characters, you must enclose it in quotation marks.
no-more: Displays output all at once rather than one screen at a time.
resolve: Converts IP addresses to DNS names. Truncates to fit original
size unless full-names is specified.
save filename: Saves the output to a file or URL.
trim: Trims specified number of columns from the start line.
Module 3: The JUNOS Software CLI 3-13
Controlling the CLI Environment
l Use the set cli command to set:
Screen length (lines)
Screen width (columns)
Idle timeout (minutes)
Prompt (string)
Terminal (terminal type)
Setting Environment
When you log into the router using SSH, or log in from the console when its terminal
type is already configured, your terminal type, screen length, and screen width are
already set. Occasionally, these parameters might need to be changed based on
differing terminal types or user operations. To configure the CLI environment, use the
operational mode CLI set command as shown below.
user@host> set cli ?
Possible completions:
complete-on-space Toggle word completion on space
idle-timeout Set the cli maximum idle time
prompt Set the cli command prompt string
restart-on-upgrade Set cli to prompt for restart after a
software
upgrade
screen-length Set number of lines on screen
screen-width Set number of characters on a line
terminal Set terminal type
Module 3: The JUNOS Software CLI 3-14
Editing Command Lines
lab@omaha> show interfaces
Ctrl-b
lab@omaha> show interfaces
Ctrl-a
lab@omaha> show interfaces
Ctrl-f
lab@omaha> show interfaces
Ctrl-e
lab@omaha> show interfaces
Configuring VT-100 terminal type enables use of arrow
keys in addition to these EMACS-based control
sequences
EMACS-Style Control Keys
The CLI provides keyboard sequences that allow you to move around on a command
line and delete specific characters or words.
Keystroke
Ctrl-B Moves cursor left one character
Ctrl-A Moves cursor to the beginning of the command line
Ctrl-F Moves cursor right one character
Ctrl-E Moves cursor to the end of the command line
Delete/BS Deletes character before cursor
Ctrl-D Deletes character over the cursor
Ctrl-K Deletes from cursor to end of line
Ctrl-U Deletes all characters
Ctrl-W Deletes entire word to left of cursor
Ctrl-L Redraws the current line
Module 3: The JUNOS Software CLI 3-15
Command Completion
l Space bar completes a command
root@lab2> sh<space>ow i<space>
'i' is ambiguous.
Possible completions:
igmp Show information about IGMP
interfaces Show interface information
isis Show information about IS-IS
root@lab2> show i
l Tab key completes a variable
Space Completion
The CLI provides a completion function. Therefore, it is not always necessary to type
the full command or command option name for the CLI to recognize it.
To complete a command or option that you have typed partially, press the Space bar.
If the partially typed letters begin a string that uniquely identifies a command, the CLI
displays the complete command name. Otherwise, the CLI beeps to indicate that you
have entered an ambiguous command, and it displays the possible completions.
The command completion option is on by default, but it can be turned off.
Tab Completion
You can also use the Tab key to complete variables. Examples of variables include
policy names, AS paths, community names, and IP addresses.
Module 3: The JUNOS Software CLI 3-16
Context-Sensitive Help
Type <?> anywhere on command line
lab@omaha> ?
Possible completions:
clear Clear information in the system
configure Manipulate software configuration information
file Perform file operations
help Provide help information

lab@omaha> show ?
Possible completions:
aps Show APS information
arp Show system ARP table entries
as-path Show table of known AS paths

Need Help?
The CLI provides context-sensitive help at any point in a command line. Help tells you
which options are acceptable at the current point in the command and provides a brief
description of each command or command option.
To get help at any time while in the Juniper Networks CLI, type a question mark. You
do not need to press Enter. If you type the question mark at the command-line prompt,
the CLI lists the available commands and options. If you type the question mark after
entering the complete name of a command or an option, the CLI lists the available
commands and options, then redisplays the command name and options that you
typed. If you type the question mark in the middle of a command name, the CLI lists
possible command completions that match the letters you have entered so far, then
redisplays the letters that you typed.
Module 3: The JUNOS Software CLI 3-17
Help topic provides information on general concepts
lab@host> help topic icmp ?
Possible completions:
address IP addresses to include in router advertisements
lifetime How long addresses in advertisements are valid
min-advertisement-interval Time between router advertisement s
traceoptions Trace options for ICMP
lab@host> help topic icmp lifetime
Modify the Router Advertisement Lifetime
The lifetime field in router advertisement messages indicates how long
a host should consider the advertised address to be valid. If this
amount of time passes and the host has not received a router
advertisement from the server, the route marks the advertised.
Help Topic
Help on General Concepts
There are various ways to use the help command. The help topic command
displays usage guidelines for the statement. In this example, we are getting
information on ICMP lifetime.
Module 3: The JUNOS Software CLI 3-18
Help reference provides JUNOS software configuration-
related information
lab@host> help reference icmp lifetime
lifetime
Syntax
lifetime seconds;
Hierarchy Level
[edit protocols router-discovery interface interface-name]
Description
How long the addresses sent by the server in its router advertisement
packets are valid. This time must be long enough so that another
. . . .
Options
seconds--Lifetime value. A value of 0 indicates that one or more
addresses are no longer valid.
Range: 0, max-advertisement-interval value through 2 hours, 30
minutes (9000 seconds), specified in seconds
Default: 1800 seconds (30 minutes; three times the default
Help Reference
Help on JUNOS Software Configuration
The help reference displays summary information for the statement. In other words, it
contains JUNOS software-specific, configuration-related information. In this example,
once again we are using the help command for information on ICMP lifetime. Notice
the difference between the help reference command shown here and the help
topic command from the previous slide.
Module 3: The JUNOS Software CLI 3-19
Configuration Mode
l Where we are going
Entering configuration
Moving between levels in the configuration hierarchy
Viewing the candidate configuration
Configuration groups
Activating the candidate configuration
Configuring interfaces
Naming
Permanent interfaces
Configuring interfaces (physical properties and logical properties)
Configuration Mode
Below is a list of the tasks you can perform in configuration mode, which are covered
in the following pages.
Entering configuration: Type configure to enter configuration mode.
Moving within the configuration hierarchy: Use the edit, up, top and exit
commands to move between levels.
Viewing the candidate configuration: Use show commands while in
configuration mode.
Creating configuration groups: Create groups to ease configuration.
Activating the candidate configuration: Use the commit command to
activate the configuration.
Configuring interfaces: Configure interface names, permanent interfaces,
and interface properties.
Module 3: The JUNOS Software CLI 3-20
Entering Configuration Mode
l Type configure or edit at the CLI operational mode prompt
root@lab2> configure
Entering configuration mode
[edit]
root@lab2#
l To allow a single user to edit the configuration, type configure
exclusive
l configure private allows the user to edit a private copy of the
candidate configuration
Multiple users can edit private candidate configurations
simultaneously
At commit time, the users private changes are merged back into the
global configuration
Starting Configuration Mode
You enter configuration mode by issuing the configure command or the edit
command from the CLI operational mode. If, when you enter configuration mode,
another user is also in configuration mode, a message indicates who the user is and
what portion of the configuration the user is viewing or editing.
In configuration mode, the prompt changes from the angle bracket (>) of operational
mode to the pound sign (#), preceded by the name of the user and the name of the
router.
The portion of the prompt in brackets, such as [edit], is a banner indicating that you
are in configuration mode and specifying your location within the statement hierarchy.
Exclusive Configuration
By default, multiple users can enter configuration mode and commit changes. To allow
only a single user to edit the configuration, use the configure exclusive
command.
Private Configuration
Starting in JUNOS software Release 5.3, entering configuration mode using
configure private allows multiple users to edit the configuration while only
committing their private changes. (commit must be done at top level) Also, if a user
does a rollback only their changes are discarded. If two users are in private mode and
try to make the same change (user 1 changes hostname to foo, user 2 to earth) then
the commit will fail to avoid configuration conflicts. Also, if a user is in private mode
other users must enter private mode or use configure exclusive to become the
master.
Module 3: The JUNOS Software CLI 3-21
Software Configuration Overview
l Create a hierarchy of configuration statements
Enter commands in CLI configuration mode
root@lab2# set chassis alarm sonet lol red
ASCII text file and display
chassis {
alarm {
sonet {
lol red;
}
}
}
Enter Commands and Display
To configure the Juniper Networks router, including the routing protocols, the router
interfaces, network management, and user access, you enter CLI commands in
configuration mode. In configuration mode, the CLI provides commands that let you
configure the system, load an ASCII text file that contains the system configuration,
activate a configuration, and save the configuration to a text file.
Module 3: The JUNOS Software CLI 3-22
Statement Hierarchy
atm e3 sonet t3
clock fpc
firewall interfaces protocols system more
ethernet
alarm
chassis
Less Specific
More Specific
top
Statement Hierarchy
In configuration mode, you enter commands that affect the statement hierarchy. The
statement hierarchy stores configuration information and is independent of the CLI
operational mode command hierarchy. The commands available in configuration mode
are also independent of the commands available in operational mode. For example,
CLI operational mode includes a show command to display specific information, while
CLI configuration mode provides a show command to display the statement hierarchy.
The two commands are independent of each other.
The statement hierarchy is organized in a tree structure similar to Windows folders or
UNIX directories, grouping related information into a particular branch of the tree.
Module 3: The JUNOS Software CLI 3-23
l Moving between levels of the statement hierarchy
Edit functions like a change directory (CD) command
[edit]
user@host# edit chassis alarm ethernet
[edit chassis alarm ethernet]
Moving Between Levels (1 of 2)
atm e3 sonet t3
clock fpc
firewall interfaces protocols system more
ethernet
alarm
chassis
top
Changing Directories
To move down through an existing configuration statement hierarchy, or to create a
hierarchy and move down to that level, use the edit command, specifying your
desired hierarchy level. After you issue an edit command, the configuration mode
banner changes to indicate your current level in the hierarchy.
Module 3: The JUNOS Software CLI 3-24
Moving Between Levels (2 of 2)
user@host# up
[edit chassis alarm]
user@host# top
[edit]
atm e3 sonet t3
clock fpc
firewall interfaces protocols system more
ethernet
alarm
chassis
top
top
up
Level Navigation
To return to your previous location in the statement hierarchy, use the exit
command. This command is, in effect, the opposite of the edit command. Entering
exit at the top level of the hierarchy exits configuration mode.
To move up in the configuration statement hierarchy one level at a time, use the up
command. To move to the top of the statement hierarchy from any location, use the
top command.
Module 3: The JUNOS Software CLI 3-25
CLI Enhancements (1 of 2)
l Relative configuration commands
New arguments to top command
Commands can be run from the top of the hierarchy or from
higher up in the hierarchy
[edit interfaces so-5/1/0 unit 0 family inet]
root@router# top show system login
class superuser-local {
permissions all;
}
[edit interfaces so-5/1/0 unit 0 family inet]
root@router# top edit protocols ospf
[edit protocols ospf]
root@router#
Top Enhancement
From JUNOS software Release 5.3 and upwards you can enter commands from any
level in the hierarchy by issuing the top command. As seen on the slide, the use of
this command allows you to view every portion of the configuration, regardless of in
which directory you are located. It also allows you to change directories without having
to jump to the top of the directory. Thus, in the example on the slide, the user went
from the [edit interfaces] hierarchy to the [protocols ospf] hierarchy by
simply issuing a single command.
Module 3: The JUNOS Software CLI 3-26
CLI Enhancements (2 of 2)
show configuration command now takes a
configuration path
root@router> show configuration system login
class superuser-local {
permissions all;
}
root@router> show configuration protocols bgp
export [ next-hop-self unicast-multicast ];
peer-as 10458;
group internal {
type internal;
neighbor 207.17.136.192;
}
group fred {
allow 0.0.0.0/0;
}
root@router>
Viewing the Configuration Enhancement
Starting in JUNOS software Release 5.3 and above the show configuration
command takes a configuration path. Thus, instead of viewing the entire configuration,
you can view a portion of the configuration by specifying the configuration hierarchy
(previous to Release 5.3, similar functionality could be achieved using pipe
commands). We see this feature on the above slide, where user root is viewing only
the system login configuration in example 1 and the BGP configuration in example 2.
Module 3: The JUNOS Software CLI 3-27
Displaying Candidate Configuration
[edit]
user@host# show chassis alarm
sonet {
lol red;
pll yellow;
}
[edit]
user@host# edit chassis alarm
[edit chassis alarm]
user@host# show
sonet {
lol red;
pll yellow;
}
[edit chassis alarm]
Displaying the Configuration
To display the candidate configuration, use the configuration mode show command.
This command displays the configuration at the current hierarchy level or at the
specified level below the current location.
The show command has the following syntax: show st at ement - pat h. When
displaying the configuration, the CLI indents each subordinate hierarchy level, inserts
braces to indicate the beginning and end of each hierarchy level, and places a
semicolon at the end of statements that are at the lowest level of the hierarchy. The
display format is the same format you use when creating an ASCII configuration file,
and it is also the same format that the CLI uses when saving a configuration to an
ASCII file.
In cases where an empty statement leads to an invalid configuration because it is
incomplete or meaningless, the show command does not display any of the statement
path.
Module 3: The JUNOS Software CLI 3-28
Identify Configuration File Differences
l Change an active configuration
user@host# set alarm sonet lol red
user@host# delete alarm sonet pll yellow
l Show the differences between the candidate and active
configurations
[edit chassis]
user@host# show | compare
alarm {
sonet {
+ lol red
los red;
- pll yellow;
}
}
l Other command options
user@host# show | compare f i l ename
user@host# show | compare rollback number
Set Parameters
This example first sets a loss of light (LOL) SONET/SDH alarm and removes the
phase-locked loop (PLL) alarm that was in the previous configuration.
Viewing Differences
Piping the show command to compare shows differences between candidate
configuration file and the active configuration.
Viewing Differences in Other Files
You can also view difference in the rollback configuration or any saved configuration
file.
Module 3: The JUNOS Software CLI 3-29
Configuration Differences Update
l Configuration comparison is now patch-like
Can save and load patches
Rollback feature rolls back your changes only
root@router# show | compare
[edit interfaces]
+ so-1/1/1 {
+ description "My new interface";
+ unit 0 {
+ family inet {
+ address 10.0.0.1/8;
+ }
+ }
+ }
[edit]
root@router# show | compare | save /var/tmp/patch.cfg
Wrote 9 lines of output to '/var/tmp/patch.cfg'
[edit]
root@router# load patch /var/tmp/patch.cfg
load complete
Patch Comparison
From JUNOS software Release 5.3 and upwards, configuration comparison is now
patch-like. Thus, instead of showing the entire configuration and where changes were
made, only the actual changes are shown (that is, additions or deletions). This method
allows you to save the the configuration to a patch file. Once you save this file, you can
then issue a load patch command and merge only the changes into the
configuration.
Module 3: The JUNOS Software CLI 3-30
Removing Statements
[edit]
user@host# edit chassis alarm sonet
[edit chassis alarm sonet]
user@host# delete lol
[edit chassis alarm sonet]
user@host# delete los
[edit chassis alarm sonet]
user@host#
Removing Configuration
To delete a statement or identifier from the configuration, use the configuration mode
delete command. This command deletes the statement and all its subordinate
statements and identifiers. Deleting a statement or an identifier effectively
unconfigures the functionality associated with that statement or identifier, returning that
functionality to its default condition.
Module 3: The JUNOS Software CLI 3-31
Configuration Groups
l Groups of statements that can be applied to different
sections of a configuration
Shortcut method of applying the same parameters to many
parts of a configuration
Group together statements that are repeated many places in
the configuration
l Target area of configuration inherits information from
source of configuration data
groups {
group-name {
configuration-data;
}
}
Creating a Group
Configuration groups are configuration statements that can be used to direct the
inheritance of that group's statements in the rest of the configuration. The same group
can be applied to different sections of the configuration and different sections of one
group's configuration statements can be inherited in different places in the
configuration.
Configuration groups create smaller, more logically constructed configuration files,
making it easier to configure and maintain the JUNOS software. For example,
statements can be grouped together that are repeated in many places in the
configuration, such as when configuring interfaces, and thereby limiting updates to just
the group. You also can use wildcards in a configuration group to allow configuration
data to be inherited by any object that matches a wildcard expression.
The configuration group mechanism is separate from the grouping mechanisms used
elsewhere in the configuration, such as BGP groups. Configuration groups provide a
generic mechanism that can be used throughout the configuration, but that are known
only to the JUNOS software. The individual software processes that perform the
actions directed by the configuration receive the expanded form of the configuration;
they do not have any knowledge of configuration groups.
Continued on next page.
Module 3: The JUNOS Software CLI 3-32
Group Inheritance
Configuration groups use true inheritance, which involves a dynamic, ongoing
relationship between the source of the configuration data and the target of that data.
The target automatically inherits data values changed in the configuration group. The
target need not contain the inherited information, although the inherited values can be
overridden in the target without affecting the source from which they were inherited.
To have a configuration inherit the statements in a configuration group, include the
apply-groups statement: set apply-groups gr oup- names;.
Module 3: The JUNOS Software CLI 3-33
Configuration Group Example
[edit]
lab@SanJose-re0# show groups re0
re0 {
system {
host-name SanJose-re0;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 192.168.200.51/24;
}
}
}
}
}
[edit]
lab@SanJose-re0# show groups re1
re1 {
system {
host-name SanJose-re1;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 192.168.200.52/24;
}
}
}
}
}
[edit]
lab@SanJose-re0# show
apply-groups [ re0 re1 ];
Predefined Groups
You can use two special configuration group names in a chassis with redundant
Routing Engines. When defined, you can use groups re0 and re1 to apply Routing
Engine-specific configuration data for the active Routing Engine. For example, you can
use these groups to define a unique system name and/or a unique fxp0 IP address for
each Routing Engine.
For this specific example, note that both group names are applied at the global
configuration level.
Module 3: The JUNOS Software CLI 3-34
Interface Group Example
[edit]
lab@SanJose# show interfaces
at-0/0/1
at-0/0/1 {
apply-groups all-atm;
unit 100 {
family inet {
address 1.1.1.1/24;
}
[edit]
lab@SanJose# show groups
all-atm {
interfaces {
<at-*> {
encapsulation atm-pvc;
atm-options {
vpi 0 maximum-vcs 200;
}
unit 100 {
point-to-point;
vci 0.100;
}
}
}
}
[edit]
lab@SanJose# set interfaces at-
0/0/1 apply-groups all-atm
User-Defined Group
In this example, we are setting up a group called all-atm, which sets certain
parameters, such as the encapsulation. We then apply this group to interface at-0/0/1.
Notice when looking at the interface configuration, we only see the group applied and
not the attributes from that group. How do we see these attributes?
Module 3: The JUNOS Software CLI 3-35
Displaying Configuration Groups
[edit]
lab@SanJose# show interfaces |
display inheritance
at-0/0/1 {
##
## 'atm-pvc' was inherited from
group 'all-atm'
##
encapsulation atm-pvc;
##
## 'atm-options' was inherited
from group 'all-atm'
##
atm-options {
##
## '0' was inherited from
group 'all-atm'
## '200' was inherited from
group 'all-atm
##
vpi 0 maximum-vcs 200;
[edit]
lab@SanJose# show interfaces |
display inheritance | except ##
at-0/0/1 {
encapsulation atm-pvc;
atm-options {
vpi 0 maximum-vcs 200;
}
unit 100 {
point-to-point;
vci 0.100;
family inet {
address 1.1.1.1/24;
}
}
}
Viewing Inheritance
How we do see the inheritance? We simply use the pipe command and display
inheriting. This will display all inheritance associated with this group for that interface.
Notice the ## characters. In order to view the configuration as you would see it
normally without groups, add another pipe command, removing the ## characters.
Module 3: The JUNOS Software CLI 3-36
Activating a Configuration
commit
rollback n
Candidate
Configuration
Active
Configuration
1 2 ...
0
Rollback files stored in
/config/juniper.conf.n (n=1-3)
/var/db/config/juniper.conf.n (n=4-9)
Rollback files stored in
/config/juniper.conf.n (n=1-3)
/var/db/config/juniper.conf.n (n=4-9)
Active versus Candidate Configuration
When you edit a configuration, you work in a copy of the current configuration to create
a candidate configuration. The changes you make to the candidate configuration are
visible in the CLI immediately, so if multiple users are editing the configuration at the
same time, all users can see all changes.
To have a candidate configuration take effect, you commit the changes. At this time,
the candidate file is checked for proper syntax, activated, and marked as the current,
operational software configuration file. If multiple users are editing the configuration,
when you commit the candidate configuration, all changes made by all the users take
effect.
The commit command causes the candidate configuration to be checked and copied
into the active configuration. The old, active configuration is saved and becomes
available in /config/juniper.conf.1. It can be recovered with the rollback 1
command. Each existing backup is renumbered and pushed further out, storing the
oldest copy as number 9.
JUNOS software stores a maximum of nine previous configurations. The first three are
stored in /config, which resides on the solid-state flash disk. The final six are stored
in /var/db/config, which resides on the hard disk.
Module 3: The JUNOS Software CLI 3-37
Activating a Configuration (Contd.)
l Remote configuration changes require caution
Might disrupt connectivity to router
Might disrupt remote connection
l Avoid disadvantages by using commit confirmed
Activates configuration for a few minutes (default is 10
minutes)
If configuration is not confirmed, router returns to previous
configuration automatically
Confirm configuration by issuing a second commit
Commit Process
To save software configuration changes to the configuration database and activate the
configuration on the router, use the CLI configuration commit command.
As part of the commit process, JUNOS software checks the configuration for syntax
errors. If the syntax is correct, JUNOS software activates the configuration and marks
it as the current, operational software configuration file. Then, the software processes
running on the systemincluding the routing protocol, interfaces, Simple Network
Management Protocol (SNMP), and chassis processesread the new configuration
information and change their operations to match the new configuration.
If the syntax is not correct, an error message indicates the location of the error and
none of the configuration is activated. You must correct the errors before recommitting
the configuration.
When you commit a configuration (which you can do from any hierarchy level), you
commit the entire configuration in its current form. If more than one user is modifying
the configuration, committing it saves and activates the changes of all the users.
Avoid Commit Pitfalls
The system never commits a candidate configuration on its own. When you load or
merge a configuration file, you must commit the results of the load operation for it to
take effect. The system does, however, automatically restore a configuration and
commits it when you use the commit confirmed command. The restoration occurs
using the rollback process.
Module 3: The JUNOS Software CLI 3-38
Backing Out of Configuration Changes
l Use the rollback command to restore one of the
last nine previously committed configurations
l Use rollback (or rollback 0 ) to reset the
candidate configuration to the configuration currently
running (which is the last version committed)
rollback 1 loads the configuration before that
rollback n loads n configurations before that
Backing Out of Changes
The software saves the last nine committed versions of the configuration. To return to
one of these versions previously committed and load it into configuration mode without
activating it, use the CLI configuration rollback command. By default, the system
returns to the most recently committed configuration.
[edit]
user@host# rollback
load complete
To activate the configuration that you loaded, issue the commit command, as shown
below.
[edit]
user@host# commit
Specifying Rollback Files
To return to a version prior to the configuration most recently committed, include the
version number in the rollback command, as shown below.
[edit]
user@host# rollback ver si on
load complete
[edit]
user@host#
The version argument can be a number in the range 0 through 9. The most recently
saved configuration is version 0 (which is the default configuration to which the system
returns), and the oldest saved configuration is version 9.
Module 3: The JUNOS Software CLI 3-39
Exiting Configuration Mode
l Exiting levels
Use exit from top level
Use exit configuration-mode from any level
Operational
Mode
[edit]
[edit chassis]
[edit chassis
alarm]
top
exit/up
exit configuration-mode
exit
edit/configure
edit chassis
edit alarm
Exiting Levels
To exit CLI configuration mode and return to CLI operational mode, enter the exit
command at the top level, or enter the exit configuration-mode command at
any level. The slide illustrates the various methods of moving within the statement
hierarchy. Note that up moves you up one level in the hierarchy while exit returns
you to your previous location in the hierarchy.
Module 3: The JUNOS Software CLI 3-40
Saving Configuration Files
l Current candidate configuration from current
hierarchy level and below can be saved to ASCII file
by using save command
[edit]
cli# save f i l ename
[edit]
cli#
l File is saved to users home directory unless full
pathname is specified
l Filename can be:
URL
Target on redundant Routing Engine
SSH user@host:filename notation
Saving Flies
The software configuration from your current configuration session can be saved to an
ASCII file. Doing this saves the configuration in its current form, including any
uncommitted changes. If more than one user is modifying the configuration, saving it
saves the changes made by all the users.
Note that only configuration statements at the current hierarchy level and below are
saved. To save the entire candidate configuration, you must be at the top level of the
configuration hierarchy.
Default Directory
By default, the CLI saves the configuration to the specified file in your home directory.
For example, user Doug would store files in /var/home/Doug. You can change this
default my specifying a path name.
Continued on next page.
Module 3: The JUNOS Software CLI 3-41
Specifying File Names
You can specify a filename in one of the ways listed below.
ftp://user@host/path/filename: Puts file in location explicitly
described by this URL.
re0:/filename or re1:/filename: Puts file on redundant Routing
Engine 0 or Routing Engine 1, if present.
system:filename, system:path/filename,
username@system:filename, or username@system:path/filename:
Puts file on a remote system using the SSH protocol. The default path is the
users home directory on the remote system.
a:filename or a:path/filename (M40 only): Puts file on the routers
LS-120 floppy drive. The default path is / (the root-level directory). The floppy
can be in either MS-DOS or UNIX (UFS) format.
Module 3: The JUNOS Software CLI 3-42
Loading a Configuration File
l Configuration information can come from an ASCII file
prepared elsewhere
l The load command
Overrides an existing configuration
load override f i l ename
Merges new statements into existing configuration
load merge f i l ename
Replaces existing statements in current configuration
load replace f i l ename
Changes candidate configuration only
You must commit to activate
Can take input from the terminal
load (replace | merge | override) terminal
l show system uptime displays date/time of last active
configuration change and who committed it
Configuration Information
A configuration file can be created on another network system and then copied to the
local router. Then, using the CLI load command, the configuration file can be loaded
into the local system. After the file is loaded, you must commit to activate the
configuration on the router, or the configuration can be edited interactively using the
CLI and committed it at a later time.
Load Options
merge: Combines the configuration that is currently shown in the CLI and
the configuration in filename.
override: Discards the entire configuration that is currently shown in the
CLI and loads the entire configuration in filename.
replace: Looks for a replace: tag in filename, deletes the existing
statement of the same name, and replaces it with the configuration in
filename.
terminal: Uses the text you type at the terminal as input to the
configuration. Type Ctrl-D to end terminal input.
Viewing Configuration Changes
With JUNOS software 5.0 and above, you can view the time of the last configuration
and the user who committed it with the show system uptime command.
Module 3: The JUNOS Software CLI 3-43
Configuring Interfaces
l Where we are going
Standard interfaces
Interface names
Permanent interfaces
Physical properties
Logical properties
Configuring Interfaces
Below is a list of the items covered in the following pages.
Standard interfaces: Juniper Networks Routers carry the full range of
standard interfaces.
Interface names: Interfaces are named by type and location in the chassis.
Permanent interfaces: Two permanent interfaces, fxp0 and fxp1, exist on
Juniper Networks routers.
Interface properties: You can configure both physical and logical properties
in a given interface.
Module 3: The JUNOS Software CLI 3-44
Standard Interfaces
l Where the interfaces are:
Interface contained on PIC
PIC plugs into FPC
FPC has room for four PICs
FPC plugs into chassis
Physical Physical
I nterface I nterface
Card Card
PIC PIC
PIC PIC
PIC PIC
FPC
Standard Interfaces
Each FPC can have installed in it up to four PICs, which provide the actual physical
interfaces to the network. These physical interfaces are the routers transient
interfaces. They are referred to as transient because you can hot-swap an FPC, along
with its PICs, at any time, removing it from or inserting it into the router. From the point
of view of the Packet Forwarding Engine, you can place any FPC into any slot, and
you can generally place any combination of PICs in any location on an FPC. You are
limited by the total FPC bandwidth, which cannot exceed 12.8 Gbps on the M160, or
3.2 Gbps on all other Juniper Networks routers. From the point of view of the Routing
Engine, you must configure each of the transient interfaces based on in which slot the
FPC is installed, in which location in the FPC the PIC is installed, and to which port
you are connecting.
Module 3: The JUNOS Software CLI 3-45
Standard Interface Nomenclature
l Names are consistent for all transit interfaces and are
based on:
Interface media type
FPC slot number
PIC slot number within FPC
PIC port number
Interface Naming
JUNOS software uses a standard naming convention when naming interfaces. You
must configure each of the standard interfaces based on the slot in which the FPC is
installed, the location in which the PIC is installed, and for some PICs, the port to
which you are connecting. For example, so-1/2/3 is a SONET/SDH interface in FPC
slot 1, PIC slot 2, and PIC port 3.
Module 3: The JUNOS Software CLI 3-46
Interface Media Type
l Media types:
atATM over SONET/SDH ports
e1E1 ports
e3E3 ports
feFast Ethernet ports
soSONET/SDH ports
t1T1 ports
t3DS-3 ports
geGigabit Ethernet ports
aeAggregated Ethernet ports
Interface Media Types
The visual shows the list of interface media types.
Module 3: The JUNOS Software CLI 3-47
FPC Slot Numbers
M40
3
2
1
0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
M160
M20
1
0
M10
FPC Counting
The above diagram shows how the FPC slot numbers are assigned on each of the
Juniper Networks routers. The M20 and M10 have a rotated chassis compared to the
M40 and M160.
Module 3: The JUNOS Software CLI 3-48
PIC Slot Numbers
0
1
3
2
l PIC slot positioning:
M40 and M160
Top to bottom
All others
Right to left 0 1 3 2
PIC Slots
The above diagram shows how the PIC slot numbers are assigned on each of the
Juniper Networks routers. Remember the rotated chassis from the previous slide.
Module 3: The JUNOS Software CLI 3-49
Port Numbers
0
1
2
3
l Port number positioning:
M40 and M160
Top to bottom
Right to left
All others
Right to left
Bottom to top
0 1
2 3
Port Numbering
The number of ports varies depending on the PIC. The ports are numbered from top to
bottom and, generally, from right to left. Confused? Do not worry, the port numbers
are printed on the PIC.
Module 3: The JUNOS Software CLI 3-50
Interface Names (1 of 2)
l Physical interfaces have
standard names
Type
FPC slot
PIC slot
Port number
so-5/ 2/ 3
Physical Interface Names
For the interfaces on a Juniper Networks router to function, you must configure them,
specifying properties such as the interface location (that is, in which slot the FPC is
installed and in which location on the FPC the PIC is installed), the interface type
(such as SONET/SDH or ATM), encapsulation, and interface-specific properties. You
can configure the interfaces currently present in the router, and you also can configure
interfaces not currently present but that you might be adding in the future. When a
configured interface appears, the JUNOS software detects its presence and applies
the appropriate configuration to it.
When you configure an interface, you are effectively specifying the properties for a
physical interface descriptor. Each physical interface descriptor corresponds to a
single physical device and is identified by an interface name, which defines the media
type, the slot in which the FPC is located, the location on the FPC in which the PIC is
installed, and the PIC port. This physical interface descriptor also can define the
interfaces channel and logical unit numbers.
Module 3: The JUNOS Software CLI 3-51
Interface Names (2 of 2)
l Logical interfaces are used to set up Frame
Relay DLCIs or ATM virtual circuits
l Interface number is separate in meaning from
the actual DLCI or ATM VC and can be any
arbitrary value
l Suggested convention is to keep them the
same whenever possible
so-5/ 2/ 3.43
Logical Interfaces
Each physical interface descriptor can contain one or more logical interface
descriptors. These allow you to map one or more logical (sometimes called virtual)
interfaces to a single physical device. Creating multiple logical interfaces is useful for
ATM and Frame Relay networks, in which you can associate multiple virtual circuits or
Data Link Layer connections with a single physical interface.
Circuit Identifier versus Unit Number
The unit number and the circuit identifier are different in meaning. The circuit identifier
is used to identify the logical tunnel or circuit while the unit is used to identify the
partition of the physical interface.
Best Practice
Although not required, we suggest keeping the unit number and circuit identifier the
same. This practice can aid greatly in troubleshooting when you have many logical
circuits.
Module 3: The JUNOS Software CLI 3-52
Permanent Interfaces
l Router has two permanent interfaces
Out-of-band management interface is called fxp0
Internal Routing Engine to Packet Forwarding Engine
connection is called fxp1
fxp1 requires no configuration, and should not be configured by
the operator
Permanent Interfaces
Each Juniper Networks router has two permanent interfaces. Onethe management
Ethernet interfaceprovides an out-of-band method for connecting to the router. You
can connect to the management interface over the network using utilities such as SSH
and Telnet, and SNMP can also use the management interface to gather statistics
from the router.
The second permanent interface is the internal Ethernet interface, which connects the
Routing Engine (the portion of the router running the JUNOS Internet software) to the
Packet Forwarding Engine.
Module 3: The JUNOS Software CLI 3-53
Interface Properties
l Physical properties
Clocking
Scrambling
Frame check sequence (FCS)
Maximum transmission unit (MTU)
Data Link Layer protocol, Keepalives
Diagnostic characteristics
Local, remote, and facility loopback
BERT
l Logical properties
Protocol family (Internet, ISO, MPLS)
Addresses (IP address, ISO NET address)
Virtual circuits (VCI/VPI, DLCI)
Other characteristics
Physical Properties
Clocking: Refers to the interface clock source, either internal or external.
Scrambling: Refers to payload scrambling, which can be on or off.
Frame check sequence (FCS): You can modify to 32-bit mode (the default is
16-bit mode).
Maximum transmission unit (MTU): You can vary the size from 256 to 9192
bytes.
Data Link Layer protocol, Keepalives: You can change the Data Link Layer
protocol for the particular media type (for example, PPP to Cisco HDLC),
and you can turn Keepalives on or off.
Diagnostic characteristics: You can enable local or remote loopbacks or set
up at BERT test (see module 5).
Logical Properties
Protocol family: Refers to the protocol family you would like to use, such
family ISO, Inet, or MPLS.
Addresses: Refers to the address associated with the particular family (for
example, IP address using family Inet).
Virtual circuits: Refers to the virtual circuit identifier, such as a DLCI,
VPI/VCI, or VLAN tag
Other characteristics: Some other configurable options include Inverse ARP,
traps, and accounting profiles.
Module 3: The JUNOS Software CLI 3-54
Generic Interface Configuration
Standard configuration statement hierarchy
interfaces {
interface-name {
physical-properties;
[]
unit unit-number {
logical-properties;
[]
}
}
}
Statement Hierarchy
All interfaces have the same configuration hierarchy organization. JUNOS software
considers all properties defined directly under the interface name to be the physical
properties of that interface. The unit number represents a particular logical interface or
sub-interface. JUNOS software considers all properties defined directly under the unit
number to be the logical properties of each particular sub-interface.
Module 3: The JUNOS Software CLI 3-55
Configuring Physical Properties
l Configure physical properties of the interface using the
set command:
set interface so-1/0/3 no-keepalives
l Or park yourself in the interfaces section of the
hierarchy and set many options
lab@omaha> configure
[edit]
lab@omaha# edit interfaces so-1/0/3
[edit interfaces so-1/0/3]
lab@omaha# set no-keepalives
lab@omaha# commit
Setting at the Top
In the above example, we are setting no Keepalives on the SONET/SDH interface.
Notice that we execute this command at the top, or root, level.
Or, Park Yourself
Alternately, you can accomplish the same goal by navigating into the [edit
interfaces] directory. In the case, we are parking ourselves in the[edit
interfaces so-1/0/3] directory and then issuing the set command. Both
examples accomplish the same goal of setting no Keepalives on that interface.
Module 3: The JUNOS Software CLI 3-56
Logical Interfaces
l Each physical interface has one or more logical
interfaces
Similar to a subinterface
l Logical interface separates configuration information
for each ATM virtual circuit, Frame Relay DLCI, or
VLAN
l Some physical interface encapsulations allow only one
possible logical interface
PPP
HDLC
Logical Interfaces
A logical interface, represented as a unit number in a configuration, can be thought of
as a subinterface.
Uses of Logical Interfaces
A logical interface is where you define ATM and Frame Relay virtual circuits as well as
VLAN IDs.
Logical Interfaces Caveats
PPP and HDLC encapsulations only allow for one possible logical interface. You
should use unit 0 in this case.
Module 3: The JUNOS Software CLI 3-57
Logical Interface Settings
l Logical settings
Protocol family (Internet, ISO, MPLS)
Protocol MTU
Protocol addressing
Other protocol options
Virtual circuit identifiers (VPI/VCI, DLCI)
Other properties according to circuit characteristics
Logical Settings
For a physical interface device to function, you must configure at least one logical
interface on that device. For each logical interface, you must specify, at a minimum,
the protocol family that the interface supports. You also can configure other logical
interface properties. These properties vary by PIC and encapsulation type but include
the IP address of the interface, even if the interface does not support multicast traffic,
DLCIs, VCIs and VPIs, and traffic shaping.
Module 3: The JUNOS Software CLI 3-58
Logical Interface Bandwidth
l Annotating interface speed
New bandwidth statement in logical unit configuration allows
configuration of available bandwidth on the logical interface
Informational onlydoes not affect actual bandwidth on the
interface
Externalized via ifSpeed MIB object
interface so-1/1/1 {
unit 0 {
bandwidth 30m;
}
}
Annotating Interface Speed
In JUNOS software Release 5.3 and above you can configure the bandwidth of the
interface under the logical interface. This bandwidth configuration is informational only
and does not affect the actual speed of the interface. This configuration can be useful
for troubleshooting when there are multiple virtual circuits on a single interface.
Module 3: The JUNOS Software CLI 3-59
Unit Numbers
l Each logical interface has a unit number
Number can be arbitrary
Typically, the unit number is the same as the VC or DLCI number
l Some physical interfaces have only one possible
logical interface, and one unit number only, which must
be configured as unit zero
l Multiple protocol addresses are supported on a single
logical unit
Typing in additional addresses does not override previous
address
Watch for multiple addresses when correcting addressing mistakes
IGP adjacencies can form over all logical subnets, even when
they share the same logical unit
Unit Numbers
Each logical interface must have a logical unit number. The logical unit number
corresponds to the logical unit part of the interface name.
Point-to-Point Encapsulations
PPP and Cisco HDLC encapsulations support only a single logical interface, and its
logical unit number must be zero. Frame Relay and ATM encapsulations support
multiple logical interfaces, so you can configure one or more logical unit numbers.
Addressing Issues
A Juniper Networks router can have more than one address on a single logical
interface. Issuing a second set command does not overwrite the previous address but
simply adds to that address. Thus, be careful as IGP interfaces form over logical
subnets.
Module 3: The JUNOS Software CLI 3-60
Configuring Logical Interfaces
l Use the set command to configure a logical interface,
using the unit number
For example, set interface so-1/0/3 unit 40 dlci 40
l Or park yourself at the unit level
lab@omaha> configure
[edit]
lab@omaha# edit interfaces so-1/0/3 unit 40
[edit interfaces so-1/0/3 unit 40]
lab@omaha# set dlci 40
lab@omaha# commit
Configuration of Logical Interfaces Method 1
Use the set command at the top of the configuration tree. You must specify logical
properties after the unit number.
Configuration of Logical Interfaces Method 2
You also can park yourself under that logical unit and configure properties using the
normal set commands.
Module 3: The JUNOS Software CLI 3-61
Configuring Protocol Families
l Each major protocol is called a family
Multiple families can live on the same logical interface
Family encompasses entire protocol suite
Internet protocol has TCP, UDP, and ICMP as family members
l Supported protocol families are:
Internet (inet)
IPV6 (inet6)
International Standards Organization (iso)
Traffic engineering (mpls)
One Happy Family
You can specify more than one family on a logical interface. Specifying a family
encompasses the entire protocol suit. For example when you enable family inet on
an interface, this family enables TCP, UDP, and ICMP to run.
Supported Protocol Families
inet (Internet Protocol): You must configure this protocol family for the
logical interface to support IP protocol traffic, including OSPF, BGP, and
ICMP.
inet6 (Internet Protocol version 6): You must configure this protocol family
for the logical interface to support ipv6 traffic.
iso (International Standards Organization): You must configure this
protocol family for the logical interface to support IS-IS traffic.
mpls (Multiprotocol Label Switching): You must configure this protocol
family for the logical interface to participate in an MPLS path.
Module 3: The JUNOS Software CLI 3-62
Internet Protocol Family (inet)
l Allows you to set:
IP address: address A. B. C. D/ pr ef i x_l engt h
Remote address on point-to-point links: destination
A. B. C. D
Broadcast address: broadcast A. B. C. D
Primary address: primary
Preferred address: preferred
MTU size: mtu byt es
ICMP redirect control: no-redirects
Multicasts only: multicast-only
Family inet Options
Listed below are the details of the options shown on the visual.
Interface address: This address is defined as the interface
address/destination prefix.
Address of the remote side of the connection (for point-to-point interfaces
only): Specify this in the destination statement.
Broadcast address for the interfaces subnet: Specify this in the broadcast
statement.
Primary address: Each interface has a primary local address. If an interface
has more than one address, the primary local address is used by default as
the source address when you originate packets out the interface where the
destination gives no hint about the subnet (for example, some ping
commands). By default, the primary address on an interface is the lowest
numbered non-127 preferred address on the interface. To override the
default and explicitly configure the preferred address, include the primary
statement when configuring the address.
Preferred address: Each subnet on an interface has a preferred local
address. If you configure more than one address on the same subnet, the
preferred local address is chosen by default as the source address when
you originate packets to destinations on the subnet. By default, the preferred
address is the lowest numbered address on the subnet. To override the
default and explicitly configure the preferred address, include the
preferred statement when configuring the address.
Continued on next page.
Module 3: The JUNOS Software CLI 3-63
Family inet Options (contd.)
MTU size: For each interface, you can configure an interface-specify MTU. If
you increase the size of the protocol MTU, you must ensure that the size of
the media MTU is equal to or greater than the sum of the protocol MTU and
the encapsulation overhead.
ICMP redirect control: Do not send protocol redirect messages on the
interface. To disable the sending of Protocol Redirect messages for the
entire router, include the no-redirects statement at the [edit system]
hierarchy level.
Multicast only: Configure the unit and family so that it can transmit and
receive multicast traffic only. You can configure this property on the IP
family only.
Module 3: The JUNOS Software CLI 3-64
Configuring Protocol Families
l Minimal sample configuration:
lab@omaha> configure
[edit]
lab@omaha# edit interfaces so-1/0/3
[edit interfaces so-1/0/3]
lab@omaha# set unit 0 family inet address 10.0.20.1/24
lab@omaha# commit
l Displayed as:
interfaces {
so-1/0/3 {
unit 0 {
family inet {
address 10.0.20.1/24;
}
}
}
}
Sample Configuration
This slide shows an example of configuring a family inet address.
Show Interface
When viewing the configuration, you see that the protocol family and address is a
logical property configured after the unit number.
Module 3: The JUNOS Software CLI 3-65
Disabling and Deactivating
l Add the inactive: tag to a statement, effectively
commenting out the statement or identifier from the
configuration
user@host# deactivate at-5/2/0
[edit interfaces]
user@host# show
inactive: at-5/2/0
l Disable an interface or a logical unit, effectively
unconfiguring it
user@host# set so-1/1/0 disable
[edit interfaces]
user@host# show so-1/1/0
so-1/1/0 {
disable; # Interface is marked as disabled
mtu 8000;
clocking internal;

Deactivating an Interface
In a configuration, you can deactivate statements and identifiers so that they do not
take effect when you issue the commit command. Any deactivated statements and
identifiers are marked with the inactive: tag. They remain in the configuration but
are not activated when you issue a commit command.
To deactivate a statement or identifier, use the deactivate configuration mode
command: deactivate(st at ement | i dent i f i er ). To reactivate a statement
or identifier, use the activate configuration mode command: activate
(st at ement | i dent i f i er ). In both commands, the statement or identifier you
specify must be at the current hierarchy level.
Disable versus Deactivate
In some portions of the configuration hierarchy, you can include a disable statement
to disable functionality. One example is disabling an interface by including the
disable statement at the [edit interface interface-name] hierarchy level.
When you deactivate a statement, JUNOS software completely ignores that specific
object or property and does not apply it at all when you issue a commit command.
When you disable a functionality, it is activated when you issue a commit command
but is treated as being down or administratively disabled.
Module 3: The JUNOS Software CLI 3-66
Review Questions
1. What are the two types of CLI modes?
2. What are the interface types and names?
3. What are the two permanent interfaces?
4. What are the two basic interface characteristics?
5. What are some examples of physical interface settings?
6. What are some examples of logical interface settings?
This Module Discussed:
Logging in to a Juniper Networks router;
Operational mode commands;
Configuration mode commands;
Navigating the configuration hierarchy;
Committing a new configuration; and
Interface naming convention.