JunOS basics

First time login


When you login with “root” you will be in “shell mode” which is similar to linux.
You can switch to “operational mode” with the “cli” command.



It is not necessary to repeat these steps when you already have a user.

To switch to the last mode use the “configure” command:

Entering configuration mode




%  – shell mode
>  – operational mode
#  – configuration mode

Checking interfaces

Similarly to Cisco there are multiple options to gather information regarding the interfaces:

show interface terse
show interface brief
show interface 

In addition you get more information using the “detailed” or “extensive” keywords.

Checking configuration

show configuration

When you are in configuration mode, the “show” command displays a specific part of the configuration.
Example: #show interfaces ge-0/0
This command is equal with Cisco’s “show run int gi0/0”

You can put a comment into any part of the configuration with the “annotate” command.


Modifying the configuration

To modify any part of the configuration use the “edit” command and the name of the structure you that you would like to modify.
Example: #edit interfaces

root# edit interfaces

[edit interfaces]

Notice that the “edit” part in the brackets has been extended with “interfaces”.

If you want to do same real changes you must use the “set” command.
Example: #edit interfaces em0 unit 0 family inet

In case you would like to go back to another section you can use the “up” command which will take you one level back. You can also add a number to specify how many levels would you like to go back: up 2
Or you can use “top” to go back to the top of the configuration.


Unlike Cisco, Juniper has quite advanced help system. You have multiple options to get more information regarding JunOS or a simple protocol:

help topic – Gives some detailed descriptions in context of a particular topic.
help reference – Gives more information regarding the command structure.
help apropos – Helps to find a command that relates to a topic.


>help topic interfaces address
>help reference interfaces address

#This command will list all of the commands that have some relevance with "snooping"
>help apropos snooping



show interfaces terse | match “lo0”
lo0 up up
lo0.16384 up up inet –> 0/0
lo0.16385 up up inet –> 0/0

>show interfaces terse | match “lo0” | count
Count: 3 lines

The pipe plus match command is similar to Cisco’s “show run | include”
However we can use additional filtering for this like “count“. This way the JunOS will count the number of lines that match to “lo0”.
Some useful filters:

  • find – similar to Cisco’s “show run | begin “
  • match – similar to Cisco’s “show run | include “
  • count – counts the lines of an output
  • last – shows the last 20 lines of the output (You can specify the number ie.: last 40)

By default a chained filtering is using AND. If you would like to use OR relation you can do it this way:

root> show log messages | find "Aug 17" | find "CPU" | count
Count: 191 lines

# OR
root> show log messages | find "Aug 17 | CPU" | count
Count: 3471 lines


Manipulating configuration

There are 2 type of configurations in JunOS:
Active and Candidate

When you are in edit mode you are modifying a copy of the live configuration (Candidate) but not the live configuration itself.


You can compare your Candidate config with the Active one using the “show | compare” command:


Activating Candidate

You can activate the candidate config using the “commit” command. In addition the command have multiple options:

  • and-quit  – Quits configuration mode if commit succeeds.
  • at – You can specify a time when the JunOS should commit
  • check – Check correctness of syntax. Do NOT apply changes
  • comment – Puts a comment into the commit log and ACTIVATES the candidate config.
  • confirmed – First it applies the config. JunOS will automatically roll back if not confirmed in time. (You can confirm simply using “commit“)


root# commit check
configuration check succeeds

root# commit comment "First commit"
commit complete



You have the opportunity to rollback at any time:

root# rollback ?
Possible completions:
 <[Enter]> Execute this command
 0 2017-08-18 10:56:15 UTC by root via cli
 1 2017-08-18 10:56:09 UTC by root via cli commit confirmed, rollback in 10mins
 2 2017-08-18 10:55:11 UTC by root via cli commit confirmed, rollback in 10mins
 3 2017-08-18 10:54:07 UTC by root via cli commit confirmed, rollback in 10mins
 4 2017-08-17 11:31:48 UTC by root via cli
 5 2012-05-11 11:54:23 UTC by root via other
 6 2012-05-09 13:28:27 UTC by root via cli
 7 2012-05-09 11:53:15 UTC by root via cli
 8 2012-05-09 11:52:47 UTC by root via cli
 9 2012-05-09 11:28:28 UTC by root via other
 10 2012-05-09 09:54:05 UTC by root via cli
 11 2011-04-12 13:11:13 UTC by root via other
 12 2011-04-12 12:43:39 UTC by root via other
 | Pipe through a command

You can also check the differences between the active configuration and one of the rollbacks:

root# show | compare rollback 4
[edit interfaces em0 unit 0 family inet]
- address;


Loading config files

You can load the configuration from files using the “load” global config command:

  • factory-default – Override existing config with factory default
  • merge – Merge contents with existing configuration
  • replace – Replaces existing config


Rescue configuration

You can save one of your configuration as a special “rescue” config. This is helpful in case you have multiple saved configs (rollbacks) but none of them is correct anymore. In such case you can load a fix rescue config.

#Saving actual config as rescue configuration
root> request system configuration rescue save

root> configure
Entering configuration mode

#Loading rescue config
root# rollback rescue
load complete



You can verify the actual rescue configuration this way: file show /config/rescue.conf.gz


User management

By default there is no password configured for the “root” user.



Juniper – Architecture


  • EX Series Ethernet Switches (13.2 Tbps)


  • E Series Broadband Services Routers
  • T Series Core Routers (25 Tbps)
  • M Series Multiservice Edge Routers (320 Gbps)
  • MX Series 3D Universal Edge Routers (80 Tbps)


  • SRX Series (200 Gbps)

Create a free website or blog at WordPress.com.

Up ↑