JunOS

Ju JunOS J OS
[email protected]

Software Version
Juniper SRX100 Microsoft Internet Explorer
Version 6.0 Service Pack V i 60S i P k3 Version 10.0R1.8

User Interface Options

J-Web interface:
A Web-based GUI AW b b d The J-Web service using HTTP is enabled by default on J-series routers

JUNOS software CLI:

Available from console interface
RJ 45 RS-232 RJ-45 RS 232 @ 9600 bps, 8/1/N (not configurable)

Available by using Telnet and SSH Requires network interface and related service configuration

Dedicated Ethernet management port on M series M-series routers

All J-series network ports support management access and transit traffic

Agenda

System Booting y g Mode Switching Configuration Hierarchy g Configuration Operating Starting J-Web

System Booting 1
U-Boot 1.1.6 (Build time: Nov 19 2009 - 07:52:31) SRX_100_LOWMEM SRX 100 LOWMEM board revision major:0 minor:0 serial #: AT4409AF0075 major:0, minor:0, OCTEON CN5020-SCP pass 1.1, Core clock: 500 MHz, DDR clock: 266 MHz (532 Mhz data rate) DRAM: 512 MB Starting Memory POST... Checking datalines datalines... OK Checking address lines... OK Checking 512K memory for U-Boot... OK. Running U-Boot CRC Test... OK. Flash: 4 MB USB: scanning bus for devices devices... 3 USB Device(s) found scanning bus for storage devices... 1 Storage Device(s) found Clearing DRAM....... done BIST check passed. Net: pic init done (err = 0)octeth0 POST Passed Press SPACE to abort autoboot in 1 seconds ELF file is 32 bit Loading .text @ 0x8f000078 (241008 bytes) Loading .rodata @ 0x8f03ade8 (13908 bytes) Loading .rodata.str1.4 @ 0x8f03e43c (15972 bytes) rodata str1 4 Loading set_Xcommand_set @ 0x8f0422a0 (96 bytes) Loading .rodata.cst4 @ 0x8f042300 (20 bytes) Loading .data @ 0x8f043000 (5572 bytes) Loading .data.rel.ro @ 0x8f0445c4 (120 bytes) Loading .data.rel @ 0x8f04463c (136 bytes) data rel Clearing .bss @ 0x8f0446c8 (8304 bytes) ## Starting application at 0x8f000078 ... Consoles: U-Boot console

System Booting 2
Found compatible API, ver. 1.6 FreeBSD/MIPS U Boot bootstrap loader Revision 1 6 U-Boot loader, 1.6 ([email protected], Thu Nov 19 07:07:59 UTC 2009) Memory: 512MB [0]Booting from nand-flash slice 1 Un-Protected 1 sectors writing to flash flash... Protected 1 sectors Loading /boot/defaults/loader.conf /kernel data=0x90a784+0xc6a78 syms=[0x4+0x74120+0x4+0xa4230] Hit [Enter] to boot immediately, or space bar for command prompt. Booting [/kernel]... Kernel entry at 0x801000d8 ... getbootinfo: magic 0x0 md 0x80beb000 memsize 0x0 getbootinfo: boothowto 0x1000 kernend 0x80c00000 memsize 512MB i2cid 0x530 kernelname /kernel Platform Starting init regular console Initializing octeon watchdog GDB: debug ports: uart GDB: current port: uart KDB: debugger backends: ddb gdb KDB: current backend: ddb getmemsize: msgbufp[size=32768] = 0x8000cfe4 Copyright (c) 1996-2009, Juniper Networks, Inc. All rights reserved. Copyright (c) 1992-2006 The FreeBSD Project.

System Booting 3
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. JUNOS 10 0R1 8 #0: 2009 11 03 10:06:39 UTC 10.0R1.8 2009-11-03 [email protected]:/volume/build/junos/10.0/release/10.0R1.8/objocteon/bsd/sys/compile/JSRXNLE JUNOS 10.0R1.8 #0: 2009-11-03 10:06:39 UTC [email protected]:/volume/build/junos/10.0/release/10.0R1.8/objocteon/bsd/sys/compile/JSRXNLE real memory = 536870912 (512MB) avail memory = 317927424 (303MB) cpuid: 0, btlb_cpumap:0xffffffff FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs Initializing watchdog interupt Loading RT Fifo module..... Loaded RT Fifo module pmap_helper loaded (interface version 6, syscall 210) cpu0 on motherboard : CAVIUM's Octeon CPU Rev. 0.1 with no FPU implemented L1 Cache: I size 32kb(128 line), D size 8kb(128 line), sixty four way. L2 Cache: Size 128kb, ? way obio0 on motherboard uart0: <Octeon-16550 channel 0> on obio0 uart0: console (9600,n,8,1) twsi0 on obio0 dwc0: <Synopsis DWC OTG Controller Driver> on obio0 usb0: DWC OTG Controller Using DMA mode Init: Port Power? op_state=1 Init: Power Port (0) usb0: <USB Bus for DWC OTG Controller> on dwc0

System Booting 4
usb0: USB revision 2.0 uhub0: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1 uhub0: 1 port with 1 removable self powered removable, uhub1: vendor 0x0409 product 0x005a, class 9/0, rev 2.00/1.00, addr 2 uhub1: single transaction translator uhub1: 2 ports with 1 removable, self powered umass0: STMicroelectronics ST72682 High Speed Mode, rev 2.00/2.10, addr 3 pcib0: <Cavium on chip PCI bridge> on obio0 on-chip Disabling Octeon big bar support PCI Status: PCI 32-bit: 0xc041b pcib0: Initialized controller pci0: <PCI bus> on pcib0 pci0: <serial bus, USB> at device 2.0 (no driver attached) bus 2 0 pci0: <serial bus, USB> at device 2.1 (no driver attached) pci0: <serial bus, USB> at device 2.2 (no driver attached) cpld0 on obio0 gblmem0 on obio0 octpkt0: <Octeon RGMII> on obio0 cfi0: <AMD/Fujitsu - 4MB> on obio0 platform_cookie_read not implemented Timecounter "mips" frequency 500000000 Hz quality 0 Timecounters tick every 1.000 msec Loading the NETPFE ethernet module Loading E1/T1/J1 driver Loading the DS1/E1 Media Layer; Attaching to media services layer Loading common multilink module. Loading the NETPFE PPPoE module Loading the netpfe services driver Loading the XDSL Media Layer; Attaching to media services layer Loading the IPSec driver Loading the PTM driver

System Booting 5
Loading the DIALER driver Loading Link Services PICs module. module IPsec: Initialized Security Association Processing. SMP: AP CPU #1 Launched! da0 at umass-sim0 bus 0 target 0 lun 0 da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device da0: 40 000MB/s transfers 40.000MB/s da0: 1000MB (2048000 512 byte sectors: 64H 32S/T 1000C) if_pfe_open: listener socket opened, listening on ... Trying to create bootdev, rootpartition da0s1a Trying to mount root from ufs:/dev/da0s1a Attaching /cf/packages/junos via /dev/mdctl... /dev/mdctl Mounted junos package on /dev/md0... Automatic reboot in progress... ** /dev/da0s1a FILE SYSTEM CLEAN; SKIPPING CHECKS clean, 59162 free (42 frags, 7390 blocks, 0.0% fragmentation) Verified junos signed by PackageProduction_10_0_0 Verified jboot signed by PackageProduction_10_0_0 Verified junos-10.0R1.8-domestic signed by PackageProduction_10_0_0 ** /dev/bo0s3e FILE SYSTEM CLEAN; SKIPPING CHECKS clean, 12498 free (26 frags, 1559 blocks, 0.2% fragmentation) ** /dev/bo0s3f FILE SYSTEM CLEAN; SKIPPING CHECKS clean, clean 145000 free (184 frags 18102 blocks 0 1% fragmentation) frags, blocks, 0.1% Loading configuration ... mgd: error: Cannot open configuration file: /config/juniper.conf mgd: warning: activating factory configuration

System Booting 6
mgd: commit complete Setting initial options: debugger_on_panic=NO debugger_on_break=NO. Starting optional daemons: usbd usbd. Doing initial network setup: . Initial interface configuration: additional daemons: eventd. savecore: /dev/bo0s1b: No such file or directory savecore: Reboot reason(s): 0x1: power cycle/failure savecore: no dumps found Additional routing options:kern.module_path: /boot//kernel;/boot/modules -> /boot//kernel;/boot/modules;/modules grat_arp_delay=${grat_arp_delay}: net.link.ether.inet.grat_arp_delay: grat arp delay=${grat arp delay}: net link ether inet grat arp delay: 0 -> 0 > . Doing additional network setup:. Starting final network daemons:. setting ldconfig path: /usr/lib /opt/lib starting standard daemons: cron cron. Initial rc.mips initialization:. Local package initialization:. starting local daemons:. kern.securelevel: -1 -> 1 debug.kdb.stop_cpus: debug kdb stop cpus: 1 -> 2 Creating JAIL MFS partition... JAIL MFS partition created machdep.nextbootdev: nand-flash -> nand-flash Boot media /dev/da0 has dual root support hw.re.dual_root_media: hw re dual root media: 0 -> 1 Active Root: /dev/da0s1a Booting from: /dev/da0s1a Alternate Root: /dev/da0s2a

System Booting 7
** /dev/da0s2a FILE SYSTEM CLEAN; SKIPPING CHECKS clean, clean 45976 free (24 frags 5744 blocks 0 0% fragmentation) frags, blocks, 0.0% Fri Oct 8 13:37:07 UTC 2010 Amnesiac (ttyu0) login: root --- JUNOS 10.0R1.8 built 2009-11-03 10:06:39 UTC root@%

Display Hardware
user@host> show chassis hardware detail Hardware inventory: Item Version Part number Serial number Description Chassis AT4409AF0075 SRX100-lm Routing Engine REV 08 750-021773 AT4409AF0075 RE-SRX100-LM usb0 (addr 1) DWC OTG root hub 0 vendor 0x0000 uhub0 usb0 (addr 2) product 0x005a 90 vendor 0x0409 uhub1 usb0 (addr 3) ST72682 High Speed Mode 64218 STMicroelectronics umass0 FPC 0 FPC PIC 0 8x FE Base PIC Power Supply 0 user@host> user@host> show version Model: srx100-lm JUNOS Software Release [10.0R1.8] user@host>

Agenda

System Booting g Mode Switching Configuration Hierarchy g Configuration Operating Starting J-Web

Mode Switching 1

Default Login account and empty password Amnesiac (ttyu0) Enter operational mode

login: root Enter E t configuration mode fi ti d --- JUNOS 10.0R1.8 built 2009-11-03 10:06:39 UTC root@% cli root> configure Entering configuration mode The configuration has been changed but not committed [edit] root#

Mode Switching 2

Exit configuration mode root# exit The configuration has been changed but not committed Exit with uncommitted changes? [yes no] (yes) [yes,no] Exiting configuration mode root> quit root@% exit logout Amnesiac (ttyu0) Login: Exit operational mode Logout

Agenda

System Booting g Mode Switching g Configuration Hierarchy Configuration Operating Starting J-Web

Configuration Statement Hierarchy

[edit] user@host# edit protocols ospf area 51 stub [edit protocols ospf area 0.0.0.51 stub] user@host#

top

chassis

interfaces

protocols

services

systems

etc. etc

bgp

isis

mpls

ospf

pim

rip

rsvp

vrrp

etc.

area area-id

graceful-restart

overload

traffic engineering

etc.

area-range area_range

interface

nssa

stub

etc.

Configuration File is Hierarchy

CLI commands are entered without curly brackets
[edit [ dit system] t ] user@host# set services web-management http port 8080

The result is a hierarchical configuration file, complete with curly brackets b k t

[edit system] user@host# show services web-management { http { port 8080; } } [edit system] user@host#

Moving Between Levels 1

edit functions like a change directory (CD) command
[edit] [ dit] user@host# edit protocols ospf area 51 stub [edit protocols ospf area 0.0.0.51 stub] user@host#

top

chassis

interfaces

protocols

services

systems

etc. etc

bgp

isis

mpls

ospf

pim

rip

rsvp

vrrp

etc.

area area-id

graceful-restart

overload

traffic engineering

etc.

area-range area_range

interface

nssa

stub

etc.

Moving Between Levels 2

up moves up one level in the hierarchy
[edit [ dit protocols ospf area 0 0 0 51 stub] t l f 0.0.0.51 t b] user@host# up [edit protocols ospf area 0.0.0.51] user@host#

top

chassis

interfaces

protocols

services

systems

etc. etc

bgp

isis

mpls

ospf

pim

rip

rsvp

vrrp

etc.

area area-id

graceful-restart

overload

traffic engineering

etc.

area-range area_range

interface

nssa

stub

etc.

Moving Between Levels 3

up n moves up n levels
[edit [ dit protocols ospf area 0 0 0 51] t l f 0.0.0.51] user@host# up 2 [edit protocols] user@host#

top

chassis

interfaces

protocols

services

systems

etc. etc

bgp

isis

mpls

ospf

pim

rip

rsvp

vrrp

etc.

area area-id

graceful-restart

overload

traffic engineering

etc.

area-range area_range

interface

nssa

stub

etc.

Moving Between Levels 4

top moves to the top of the hierarchy
[edit [ dit protocols ospf area 0 0 0 51 stub] t l f 0.0.0.51 t b] user@host# top [edit] user@host#

top

chassis

interfaces

protocols

services

systems

etc. etc

bgp

isis

mpls

ospf

pim

rip

rsvp

vrrp

etc.

area area-id

graceful-restart

overload

traffic engineering

etc.

area-range area_range

interface

nssa

stub

etc.

Moving Between Levels 5

exit moves to the previous higher level in the Hierarchy
[edit protocols ospf area 0.0.0.51 stub] user@host# exit [edit [ di protocols ospf] l f] user@host#

top

chassis

interfaces

protocols

services

systems

etc. etc

bgp

isis

mpls

ospf

pim

rip

rsvp

vrrp

etc.

area area-id

graceful-restart

overload

traffic engineering

etc.

area-range area_range

interface

nssa

stub

etc.

Moving Between Levels 6

Summary of moving between levels:
edit functions like a CD command up moves up one level up n moves up n levels top moves to the top of the hierarchy exit moves to the previous higher level in the hierarchy or exits configuration mode if at the top level of the hierarchy
[edit] user@host# exit The configuration has been changed but not committed Exit with uncommitted changes? [yes,no] (yes) Exiting configuration mode user@host>

Agenda

System Booting g Mode Switching Configuration Hierarchy g Configuration Operating Starting J-Web

Configuration History
Commit
Candidate Configuration Active Configuration

Configure

rollback n

1 Active configuration stored in /config/juniper.conf.gz gj p g Rollback files stored in /config/juniper.conf.n.gz (n=13) /var/db/config/juniper.conf.n.gz (n=449)

49

Configuration Manipulation

Commit Confirmed

Interim Configuration

Configuration in text file

load copy save

Candidate Configuration

Commit

Active Configuration

Rollback

Previous Configuration

Viewing Candidate Configuration

[edit] user@host# show system services ssh; web-management { http { port 8080; } }

You can display just the portions that concern you from the root of the hierarchy

[edit] user@host# edit system services [edit system services] user@host# show ssh; web-management { http { port 8080; } }

or use edit to park yourself at a specific subhierarchy

File Differences 1
Change the candidate configuration
[edit] [ dit] user@host# user@host# user@host# user@host# user@host# user@host# user@host# user@host# delete system services telnet set system services ssh set system services web-management http commit delete system services web-management delete system services ssh set system services telnet commit

Display differences between the candidate and active configurations

[edit] user@host# show | compare [edit system services] ssh; + telnet; web-management { http { port 8080; } } [edit] user@host#

File Differences 2
Compare active and historical configurations
user@host> show configuration | compare rollback number user@host> show configuration | compare filename

Compare arbitrar files arbitrary

user@host> file compare files filename1 filename2

Removing Statements 1
Statements added with set are removed with the delete command
Removes everything from the specified hierarchy down Use wildcard delete to save time
user@host# show system services ssh; web-management { eb a age e t http { port 8080; } } [edit system] user@host# delete system services web-management [edit system] @ # y user@host# show system services ssh;

The entire web-management hi h i b hierarchy is h i removed by the delete statement

Removing Statements 2
Pop quiz: You have just disabled an interface with a set interface interface-name disable statement. How do you re-enable this interface?
[edit] user@host# set interface fe-0/0/1 disable user@host# commit and-quit p commit complete Exiting configuration mode user@host> show interface terse Interface Admin Link Proto Local / / up p down fe-0/0/0 fe-0/0/0.0 up down gr-0/0/0 up up ip-0/0/0 up up lt-0/0/0 up up p up p mt-0/0/0 up pd-0/0/0 up up pe-0/0/0 up up fe-0/0/1 down up fe-0/0/1.0 up down eth-switch ... Remote

Committing a Configuration 1
Configuration changes must be committed to take effect
user@host# commit commit complete [edit] user@host#

Use commit check to confirm syntax

user@host# commit check [edit interfaces lo0 unit 0 family inet] 'address 192.168.69.1/24' Loopback addresses' prefix must be 32 bits error: configuration check-out failed

Use U commit confirmed t temporarily activate i fi d to t il ti t

user@host# commit confirmed commit confirmed will be automatically rolled back in 10 minutes u ess confirmed unless co ed commit complete # commit confirmed will be rolled back in 10 minutes [ [edit] ] user@host#

Committing a Configuration 2
Schedule a future commit with commit at
[edit] user@host# commit at 21:00:00 configuration check succeeds commit at will be executed at 2005-05-25 21:00:00 UTC Exiting configuration mode user@host> clear system commit

Use commit and-quit to save time and quit

[edit] user@host# commit and-quit commit complete Exiting configuration mode user@host>

Committing a Configuration 3
Add comments with commit comment
[edit] user@host# commit comment "Changed OSPF configuration" commit complete [edit] user@host# run show system commit 0 2010 10 12 20:28:33 UTC by root 2010-10-12 Changed OSPF configuration 1 2010-10-12 20:17:27 UTC by root 2 2010-10-12 20:12:18 UTC by root 3 2010 10 12 20:10:15 UTC by root 2010-10-12 4 2010-10-12 20:07:04 UTC by root 5 2010-10-12 19:53:16 UTC by root [edit] user@host#

via cli via via via via via cli commit confirmed, rollback in 10mins cli commit confirmed, rollback in 10mins cli commit confirmed rollback in 10mins confirmed, cli cli

Backing out of Configuration Changes

Use the rollback command to restore one of the last 50 previously committed configurations
[edit] user@host# rollback load complete

Use rollback (or rollback 0 ) to reset the candidate configuration to the currently active configuration (which is the last version committed)
rollback 1 loads the configuration before that rollback n loads n configurations before that

Using rollback only modifies the candidate configuration

Dont forget to commit the changes!

Saving Configuration Files

Save current candidate configuration using the save command
[edit] user@host# save filename

File saved to users home directory unless full path name i Fil dt h di t l f ll th is specified Only saves from the current hierarchy down

Filename can specify:

A path and filename on the local routers file system A URL (FTP and SCP)

Miscellaneous features:
terminal option for save commands
Simplifies load Si lifi l d operations f ti from t terminal b ff i l buffers

Pipe option for display set

Displays the set statements used to create a configuration

Periodic P i di saves t a remote h t to t host

Loading Configuration Files

Configuration information can come from an ASCII file or terminal emulation capture buffer The load command supports various arguments:
Override an existing configuration:
load override filename load merge fil l d filename

Merge new statements into current configuration: Replace existing statements in current configuration:
load replace filename

Take input f from terminal capture buffer: ff

load (replace | merge | override) terminal load (replace | merge) (filename | terminal)

Load relative to current configuration hierarchy:

Changes candidate configuration only

You must issue a commit to activate

run Is Cool
Use the run command to execute operational-mode CLI commands from within configuration
Can be a real time-saver when testing the effect of a recent change
[edit interfaces fe-0/0/0] user@host# set unit 0 family inet address 10.250.0.141/16 user@host# commit @h t# it user@host# run ping 10.250.0.149 count 1 PING 10.250.0.149 (10.250.0.149): 56 data bytes 64 bytes from 10.250.0.149: icmp_seq=0 ttl=128 time=0.967 ms --- 10.250.0.149 ping statistics --1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.967/0.967/0.967/0.000 ms [edit] user@host#

Agenda

System Booting g Mode Switching Configuration Hierarchy g Configuration Operating Starting J-Web

Configure
Confirm J-Web service is opened Client connected to trust and get IP address automatic
[edit] user@host# set system services web-management http user@host# set system login user john class super-user user@host# set system login user john authentication plain-text-password New password: Retype new password: john123 j h [edit] user@host# commit

john123

Starting J-Web 1

https://<ip address>/

Starting J-Web 2

JunOS

Thanks Th k