JUNOS Cheat-Sheet

Quick Reference – www.cciezone.com

r.conf.gz
/config/junipe
Active Stored in
.conf.n.gz
n = 1-3 /config/juniper in
St or ed
f.n.gz
Rollbacks fig/juniper.con
n = 4-49 /config/db/con
.conf.gz
/config/rescue
Rescue Disable S IO
sy cleanup interf
ed in /var/tmp for ea ace <n
Should be stor shutdo ame>
JUNOS Enable wn JUNOS
interf
Images ace <n
ame>
set in
terfac
no shu e <name>
tdown disabl
delete e
interf
ace <n
ame> disabl
e

help t
opic
Genera
help r l topics
efere nce
Syntax
help s
yslog
(all are Lookup
operati syslog m
onal-m sg s
Upgrad o de com
e reque m ands)
s t sys
Reboo tem
t softw
a re ad
reque d
Shutdo st sy –
nfig
wn ste m reb
reque oot
c o
scue
s t sys
t re eate it!
tem power
-off
a ul
ef r
is no d et to c
re rg
The don’t fo

Create
request syst
em configur
ation rescue
[edit] save
Rollback rollback re
(apply/restore) scue
OR
Press the conf
Login as root, run ezsetup ig button for les
s than 5 seconds
OR
Connect to ge-0/0/0, use DHCP and
access 192.168.1.1 (web or telnet/SSH)
OR
Choose Enter Ezsetup from LCD screen
OR
Connect to me0 and access 192.168.2.1
(EX-series)
Set Root
me set system root-authentication plain-text-password
pt
i password
u
em
st
sy te ne Enable SSH
w da zo
set system services ssh
s ho t e-
se m
ti >
em < IP
ow st p s Disable Telnet delete system services telnet
sy nt on
Sh e t t e ia
ti
t s a c
Se t
d
as
so Set Hostname set system host-name <name>
t se
Se one nt
p
ez ) ho
w
Tim (NTP ) s
t P
Se NT
ow(
Sh
 Juniper EX-series Cheat Sheet

er!
erv
Ps
Quick Reference – www.cciezone.com

NT
an
be
can

rted
tances are suppo
s
rie

p and
Up to 64 MSTP ins hierarchy (stp, rst
-se

- dit protocols]
EX

gur e un der [e
- All ports are family ethernet-switching - Confi
e
Th

- PoE is enabled on all PoE-capable ports mstp)

over/
- LLDP and RSTP enabled Gs) to have a fail
Trunk Groups (RT
- Virtual chassis system ID is 0 (zero) - Use Redundant use of ST P
out the
- mastership-priority of 128 secondary link with supported per swi
tch
hing-optio
ns]
Up to 16 RTGs are rnet-switc
[edit ethe p {
trunk-grou
Reset back redundant- 0 {
to default
load factory-default
-t re e br idge group rtg1 ge-0/0/3.0
;
ng interface
show spanni in terface .0;
ow sp an ning -t ree
ti cs in terf ac e
in terf ace ge-0/0/4
sh atis
ng-tree st ation
show spanni tp configur }
ow sp an ni ng-tree ms
sh }

ant-tr unk-group
with a show redund
200 comes
Each EX 4 CB
½-meter V
Up to 1
0(
can be s ten) EX 4200
tacked
into a V s
d by CS
e nable wins
is iority
tion r
r e -emp ghest p the bac
kplane
P , hi rts – form cts
ul t is P o terconne
def a Ps
Virtual C
hass
B ac kp lane ca
bles – in
S
VC hassis V C
Virtual C s into a er to
switche uses fib
VCB te n der Ports – s
- Up to 8 interfac
x h e
hassis E ote switc module - es in a single
LAG
Virtual C ect rem k Max # LAGs:
interconn n 10Gbps uplin EX 3200 = 32
ort e d o to LAGs per sw
VCEP s u pp – used
Only s rotocol EX 4200 = 64 itch
sis C ontrol P ry m e ssages VCS = 128 LA
LAGs per sw
itch
has cove
Virtual C SA-based dis S
Gs per VCS
ge L in a VC
exchan n PFEs sed to - Trunks do no
VCCP b e tw ee
t in te rf ace – u t have to have
a native VLAN
t Ether ne
en tack
anagem switch s
Virtual M administer the
a rd in g Engine
V ME Packet
Forw 2 PFEs
0s have
EX 420 have 3 PFEs
24-port 0 0s
EX 42
PF E 48-port port s
et
vc-
assis
ual-ch port <#>
t virt #>
reques ot <
pic-sl 1. Se
ME t th
ure a V set
cha e numbe
Config
If me0 isn’t configured as a L3 ethe ssis ag r of ae in
rnet gr ter
interface, it is automatically devi egated- faces
ce-c d
ount evices
assigned to the mgmt VLAN <#>
2. Bin
d the
phys
set ical in
- show chassis hardware inte inter terface
face to th
default
- show virtual-chassis status opti r fa e ae
ons ces <n
- show virtual-chassis active-topology
a t a ll ports by 802.
3ad
ame>
ethe
er th s <ae_
Rememb re access port
- show virtual-chassis interfaces r
int> -
- show virtual-chassis member-config a 3. Se
- show virtual-chassis protocol t the
ae in
(phy te
sical rface pr
and o
logic perties
al)
1. Set the port mode to trunk
set interfaces <name> unit <#>
. family ethernet-switching port-
routing
VLAN mode trunk
rov ide s inter- n IO S.
P SVI o
Like an
The VLAN

] 2. Set the VLAN membership on the trunk

faces
inter
best-practice

[edit set interfaces <name> unit <#>

match the V ommend it

{
vlan 200 { net { 4
family ethernet-switching vlan
unit y i 1.1/2 members <name(s)>
famil ress 10.1.
unit doesn’t

add ng
tchi
s rec
LAN ID –

} : et -swi
3. Set the native VLAN (optional) n be ther
n
} Ports ca ly e
set interfaces <name> unit <#> fami
have to

L2 gu r e
} family ethernet-switching Confi inet
] native-vlan-id <name> mily
vlans L3 u r e fa
[edit Confi
g
t { 0;
tes id 20 .200;
vlan- rface vlan
t e
l3-in
}
 Juniper EX-series Cheat Sheet
Quick Reference – www.cciezone.com

d
’s route
o n ly used if it N
is
This the VLA
outside of
MA
On C Lim
ly a i
Ingress /
Port VLAN Router VLAN
Egress / llow ting p
Firewall Firewall Firewall Firewall Lim s s rote
Received Transmit its tat cts
Filter Filter Filter Filter the OR ically the C
Packet Packet num -de
(PACL) (VACL) (RACL) (VACL) MA ber fine AM:
sh C Lim of d dM
AC
ut
dr do iting yna
mic add
op wn act res
lo ( d (b ion ally ses
g
( rop lock s: -lea
no
ne does s the s dat rne
dM
(do not pac a tr AC
not dro k af
Co do p et a fic & add
n
[e figu any pack nd ge gen res
ses
di r atio t h et , bu eran e rate
se t n in g t s
cu e
re ther Exa
) t ge es s
Mitigate -a n m ner a s y
y ste
m
rogue D in c e
te cess t-sw le:
p ate s
s a tem l log e
servers HCP
rf -p it sys og e ntr
a
} al ce g ort chin tem nt y)
! in
lo
we e -
d- 0/0/
{ g -o
pt log ry)
te
rf ma io ent
ac c 0 .0 ns
]
ry)
} } m ac e [ {
-l ge-0 00
im :0
sted it /0/1 0:
sts: = untru 00
Port Tru port 2 .0 :0
ed 0:
Default
ac
Access rt = trust ti
on
{ 00
:0
1
po sh ];
Trunk ut
do
wn
;
le: ns]
Examp ching-optio
uration
Config thernet-swit {
e t
[edit ss-por /0/0.0 {
-acce -0 Ex
secure rface ge ed;
inte -t ru st to a m i n
dhcp vie e
{ w s
0/1.0 Us th e h o w
} ge-0/ M A et
i nte rface -trusted; in cle h
cp C
n o- dh te ea ta b e r n
rf r le. et-
} { Lo a ce th e sw
test
vlan e-dhc
p; Li m ok at <n ern it
ch
examin itin sh am et in
g v ow e> -s g
} i ol t o wi ta
a ti l o g cle tc
a hi bl
on r e
} me m e s vio ng
l at
s s sag ion t a
ag e s. b l
es s e
. fo r
MA
show dhcp snooping binding C
clear dhcp snooping binding

s in the DHCP
mining entrie ooping
- Relies on exa requires DHCP Sn
tab le, so sts
Snooping lt er ho
led on all VL ANs by defau all oth
- Disab
on a per-VLA
N basis ated,
It is enabled d entic are
- red as a truste is au
th
others
that is configu o setup as a s: host t, all
- Any interface Sn ooping is als o rt mode only first n t) u p plican nt
interface for DH CP
es ARP inspe
ction) X p lt –
802.1 e (defau first supp its a sing
lic a le s pplica
erface (bypass ch su
DAI trusted int l
sing ack on th (only pe
e rm li ca nt, ea
p p
-b
piggy e-secur
e le su
Example: multip
Configuration t-switching-options] sing )
l s for
it s a cces
it etherne d
denie ple (perm dividually
)
[ed
ss-port { mmands:
secure-acce Monitoring Co ndings i in seco
nds
ge-0/0/0.0
{
snnoping bi mult enticated 36 00
interface show dhcp atistics th ns
dhcp-trusted
;
show arp inspection st is au & Optio od:
ters eri onds
rame tication P
} X Pa n 5 s ec en:
vlan test
{ 802.1 Reauthe 1 to 65,53 d wh
arp-inspect
ion; u lt e : is use
DHCP traceoptions are logged to Defa Rang a n d
-dhcp; gured lican
t)
exami ne
confi s upp
an be ils ve a osts.
/var/log/fud by default } L AN c tication fa pond (ha .1X h
} G u es t V
a u th en s n ’t re s
r n o n-802
A n doe ss fo
W he lient bypa evice.
nac ation
W he u th entic y on the d
an a ll
List is loca
tored
Static are s
] g h MAC ddresses
cp hi a
ple
: dh .1 MAC
xam ices 0 .0
E er v 10
.
on
i m s 4 { ow
ra t Configuration Example:
gu yste .0/2 ge l
nfi 0 n Configur
Co dit s0.0. s-ra s
{ [edit
at ion Exam
ple:
[edit protocols dot1x authenticator]
[e 1 s e es 0; forwar interface {
ol ddr 0; addr ; 40 descri ding-o
ptions
po a 0
e- .1 86 00; ption ge-0/0/0.0 {
.2 me 864 server “Main he
DHCP re lpers bootp]
0 .0 lud .0.0 i 10.0.4 lay”; guest-vlan test-guest-vlan;
10
.
ex
c
10 -t me maximu 0.2;
se i m-hop- reauthentication 3600;
ea e-t minimu count
-l s m-wait 4; supplicant single-secure;
} m um lea { interf -time
1;
axi lt- er 10; ace { }
m u v
fa er 0. vlan.2 ge-0/0/3.0 {
de e-s .0.1 {
m no-lis no-reauthentication;
na 10 ; ct ten;
54 li } }
{ .2 ? nf }
} er .0 cp co }
out 0.0 : dh cp
r 1 ds es dh Static {
an vic es
mm er vic
00:00:00:00:00:01 {
}
l Co tem s ser interface ge-0/0/0.0;
efu s m
} Us w sysyste }
o 00:00:00:00:00:02;
sh ar
l e }
c
Monitoring Commands:
show dot1x interface
Show dot1x static-mac-address
show dot1x authentication-failed-users
 Juniper EX-series Cheat Sheet
Quick Reference – www.cciezone.com

default :
to class 0 by ple
are assigned xam
- All switch ports power pool
E {
Modes: ed from total tion /0
- po we r for port is deduct f igura e] -0/0 h; .4;
Static – ma x n o e i g 15
class 0) matches Co t p e g h r
(only supports tal power pool di ac ty we
– po we r bu dgeted from to [e erf or i m-po s { ;
t i
Dynam ic i n p r m u ie l 5
consumed from the total xi tr
ma eme erv on 1
a ;
actual power r cla ss budg et is deducted te
l t
in a ti
we
Class – max po du
r
power pool usage for each {
s pr ov id e historical power /0
/1
rie
- PoE Telemet } -0
ge es
{
e (PD)
powered devic
e i
ac etr le;
fault f m b
Disabled by de 5 minutes (1 to 30 mins)
} r
te ele isa
al is in t d
Default interv to 24 hrs)
n is 1 hour (1
Default duratio }
s : war e
nd
} m ma hardler
o s ol
ef ul C ssi tr ce
a n fa
Us o w c h o e c o n t e r
sh p i
ow oe
sh w p
o
sh

- Fully in
te
4200 s rchangeable
eries s
- 320W, witche between EX
600W s 3200 a
and 93 nd - Configu
0W ca re CoS
pacitie - Use vo b
s are a
vailable - ice VLA efore enabling
Use LL N vo
DP-ME on ports with IP ice VLAN
to IP ph D to sig phone
nal voic
one e VLAN s
Configu ID and
ration E 802.1p
x value
[edit
ether a m ple:
voip { net-s
witch
ing-op
inter tions]
face
ge-0/0
vlan /0 {
LLD test-
P Mul }
forwa
rding
voice;
ticas }
-class
voice-
t Addr ep;
ess:
01-8 Useful
0 -C2 C o
mmand
- 00-0 show v
lans s:
0 -0E detail
<name>

bled
P is ena
se n t w hen LLD bled by default
s are en a
DP TLV TLVs are
atory LL P-MED
- All mand l LLDP and LLD
na
- All optio

xample:
ration E
Configu otocols]
[edit pr l 30;
nterva
lldp { rtisement-i
adve ier 2;
ultipl
hold-m erval 30;
n t
msgTxI d 4;
ol
msgTxH Assessment
s:
} ommand
lldp-m
ed; Useful C p statistics
ld
show l p detail
ld
show l p neighbors
ld o
show l p local-inf
ld
show l

Maintenance Design and

Implementation
 Juniper EX-series Cheat Sheet
Quick Reference – www.cciezone.com

- 24 to 48-ports
Basic model has 8 PoE ports
Up to 48 PoE ports are supported
- Does not support VCS
- Intended for access layer usage
- Supports redundant power supplies (one internal, one via RPS port)
- Field-replaceable PS and fan tray
- Uplink modules:
4 x 1Gbps Ethernet (SFP)
2 x 10Gbps Ethernet (XFP)
- Line-rate switching (non-blocking)

- 24 to 48-ports
Basic model has 8 PoE ports
Up to 48 PoE ports are supported
- Supports VCS (up to 10 switches in a VCS)
- Intended for distribution and access layer usage
- Redundant (both internal), hot-swappable PS
- Field-replaceable fan tray (3 fans – one can fail & not affect operations)
- Uplink modules:
4 x 1Gbps Ethernet (SFP)
2 x 10Gbps Ethernet (XFP)
- Line-rate switching (non-blocking)

Routing Engine (RE)

Bridging Routing Fwding

Table Table Table
(BT) (RT) (FT)

JUNOS Software
Control Plane

Forwarding Plane
Packet Forwarding Engine (PFE)

Packet Flow Bridging Fwding Packet Flow

Table Table
(BT) (FT)