Router Configurations

Creating a user:
# set system login user <username>

Assigning password for the user:
# set system login user <username> authentication plain-text-password
Password: <input password>

Class: Class in Junos defines the permission of the users.

# set system login user <username> class <type>

In operational mode, we can control the Junos CLI environment. By default, an individual CLI session never times out after extended times, unless the 'idle-timeout' statement has been included in the user's login class configuration. The timeout can be 0 - 100,000 minutes. Setting the timeout to '0' disables the timeout.
user@router> set cli idle-timeout 60
Idle timeout set to 60 minutes
user@router> set cli idle-timeout 0
Idle timeout disabled

The CLI provides a method to display a  login message to users and is displayed when a user connects to the host using Telnet or SSH.
[edit system]
user@router# set system login message “Insert login message here...”
[edit system]
user@router# commit and-quit
commit complete
Insert login message here...
router (ttyp2)
login:
login: user
Password:********
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
user@router>

Forcefully logout a user:
Someone is logged in to the router who shouldn't be and you need to log them out.
user@router>request system logout user <username>

We can view the users who are logged in to the router:
user@router> show system users

We can also send the user a message beforehand using a command:
user@router> request message user <username> message "message goes here"

Authentication Options:
If we have a RADIUS for user authentication in our network and we want our Junos box to authenticate the users against the RADIUS server, we can configure the router.

[edit system]
 user@router# set system radius-server 192.168.63.10 secret $1991poppI
 user@router# show system radius-server
 radius-server {
     192.168.63.10 secret "$9$90m6AO1EcyKWLhcYgaZji"; ## SECRET-DATA
 } 

We can apply different password protocols for RADIUS server:
user@router# set system radius-options password-protocol <mschap-v2>
user@router# commit and-quit

We can also set different options for RADIUS server such as retry, timeout, etc.

Login Authentication Methods:
If we want to use a RADIUS or TACACS+ server to authenticate user logins to the router, and we want to specify a backup login authentication method in case the primary method is unavailable.

user@router# set system authentication-order [ radius password ]
user@router# commit and-quit

The above command will check the RADIUS server for user authentication, if it is not found. The router will look forward it's own users database for username and password.

Deleting a User:
We can delete a user from the router's database:
user@router# delete system login user <username>

Viewing Different Statistics and Logs:
The command is without '[ ]'
For SNMP stats:
user@router> show snmp [ statistics/ v3/ rmon ]

For NTP status:
user@router> show ntp [ status/ associations ]

For log messages:
user@router> show log messages

Initial Configuration

All the platforms running the Junos OS are shipped with a factory-default configuration. All factory-default configurations allow access using the root account. The root account does not include a password by default. Setting a root password is required before activating any changes to the configuration file. All factory-default configurations also includes system logging, which tracks system events and writes those events to predefined log files. Every Junos devices are designed for specific roles within a network environment and their factory-default configurations are created with those specific roles in mind.

Under certain conditions, you might want to return a device running the Junos OS to its factory-default configuration. We can overwrite the candidate configuration while in configuration mode using the 'load factory-default' configuration and do not forget to issue a 'commit' to activate your changes.

System Halt:
The Junos OS is a multitasking environment. To ensure file system integrity, we should always gracefully shutdown Junos OS. The 'request system halt' command is used to do the task. It also provides options that allows us to schedule the shutdown in a specified number of minutes or at an exact time, to specify the media for which the next boot up operation will use.

Initial Configuration Checklist:
When we receive  a device running the Junos OS from the factory, the Junos OS is pre-installed. Once we power on the device, it is ready to be configured. Junos OS recommends to configure the following items:

• System root-authentication,
• Hostname,
• System services for remote access (Telnet, SSH), and
• Management interfaces and static route for management traffic.

The Junos OS enforces password restrictions. All passwords are required to be no less than six characters and must include a change of case, digits or punctuation.

Working on Configuration Mode - II

Double Negative Syntax: If we issue a command 'set interface <interface-name> disable' statement, the result of the syntax will delete the disable statement placed into effect with the reference 'set' command.

Using Configuration Mode Efficiently1
rename: To rename a configuration statement. Eg. #rename interfaces ge-0/0/10 to ge-0/0/11
replace: To replace the pattern of configuration statements. Eg. #replace pattern ge-0/0/10 with ge-0/0/11
copy: To copy a configuration statement to another statement. Eg. #copy interfaces ge-0/0/10 to ge-0/0/11
P.S. Please do not forget to issue the commit command to activate the changes.

Using Configuration Mode Efficiently2
deactivate: To ignore or deactivate a configuration statement. Eg. #deactivate interfaces ge-0/0/10
insert: To insert a configuration statement in another location. Eg. #insert term three before term two
annotate: To comment to a configuration statement. Eg. #annotate name-server "adding new name servers"

[edit]
user@router# deactivate interfaces ge-0/0/0
[edit]
user@router# commit
commit complete
[edit]
user@router# show interfaces ge-0/0/0
##
## inactive: interfaces ge-0/0/0
##
unit 0 {
family inet {
address 10.210.11.177/28;
}
family inet6;
}
[edit]
user@router# activate interfaces ge-0/0/0
[edit]
user@router# commit
commit complete
[edit]
user@router# show interfaces ge-0/0/0
unit 0 {
family inet {
address 10.210.11.177/28;
}
family inet6;
}
[edit system]
user@router# annotate name-server "added new name servers"
[edit system name-server]
user@router# show
/* added new name servers */
JNCIA-Junos Study Guide—Part 1
Chapter 2–20 • User Interface Options © 2012 Juniper Networks, Inc. All rights reserved.
205.152.144.23;
205.152.132.23;

Viewing the Candidate Configuration
We can display the portions that concern us from the root of the hierarchy or use edit command to go to a specific sub-hierarchy.

Another time-saving command is 'run' command, which allows us to issue an operational command from within configuration mode. For example, the 'run show route' command from configuration mode is the same as the 'show route' command from operational mode. 

Saving Configuration File:

Loading Configuration File:
The 'load' command is used to load a configuration file. It can be used to load a complete or partial configuration from a local file, from a file on a remote machine, or from a terminal emulation program's capture buffer. It provides a list of arguments to the load command:

• factory-default: Replaces the full current configuration with the factory-default configuration.
• merge: Combines the current configuration with the configuration you load.
• override: Completely overwrites the current configuration with the configuration you load. You must perform override operations at the root of the configuration hierarchy.

A 'commit' command must be issued to activate the changes made to the configuration after the load operation is complete.

Working on Configuration Mode

Hierarchical Configuration:
The 'set' or 'edit' command in the CLI configuration mode is used to modify the candidate configuration and 'show' command is used to display the candidate configuration. We use 'edit' command to move to the portion of the configuration we want to modify (similar to using the Unix 'cd' command to move to a different directory) and use 'set' command to configure a specific item.

Configuration files use curly brackets ({}) and indentation to visually display the hierarchical structure of the configuration. Terminating-or leaf-statements in the configuration hierarchy are displayed with a trailing semicolon (;). We can enter either the curly brackets nor the semicolons as part of the set command.

Moving Between Levels:
To move down through an existing configuration statement hierarchy or to create a hierarchy and move down to that level, we use edit command, specifying our desired hierarchy level. After we issue the command, the configuration mode banner changes to indicate our current level in the hierarchy.

To move up one level from the current position in the hierarchy, we use 'up' command. It is just like 'cd ..' command in Linux.
To move up more than one level from the current position in the hierarchy, supply an optional count to the up command. The software moves you up to the specified number of levels or to the top of the hierarchy if there are fewer levels than specified. Such as 'up n', where 'n' defines the number of upper levels in hierarchy.

The 'top' command is used to quickly go to the top of hierarchy. We can combine top with edit to move quickly to a different hierarchy or with show to display the configuration details for a different hierarchy, as in the following.
[edit protocols ospf area 0.0.0.0 interface ge-0/0/0.0]
user@router# top edit system login
[edit system login]
user@router# top show system services
ftp;
ssh;

The 'exit' command is used to return the user to the most recent, higher level of the hierarchy. Entering 'exit' at the top level of the hierarchy exits configuration mode such as:
[edit]
user@router# exit
Exiting configuration mode
user@router>

Adding Configuration Statements:
To add a service (statement), 'set' command in the CLI configuration mode is used.

Removing Configuration Statements:
To remove statements we use 'delete' command in configuration mode. It deletes the statement and all its subordinate statements and identifiers. Deleting a statement or an identifier effectively unconfigures the functionality associated with that statement or identifier, returning that functionality to its default condition. We can use 'wildcard' for delete command such as:
[edit]
user@router# wildcard delete interfaces ge-1/*
matched: ge-1/0/0
matched: ge-1/0/1
Delete 2 objects? [yes,no] (no) yes
[edit]
user@router#

Configuration Mode

When we enter configuration mode, the prompt changes from user@router> to user@router#, and a [edit] line is shown before the prompt. The [edit] line also indicates that you are at the top of the configuration hierarchy, which is similar to being at the top of a Unix file system (/). A synonym for configure command is edit command. edit  is a hidden command, so we won't see it in the possible completions.
The configuration mode has to basic components:
Command: It perform actions within the router's configuration
Statement: Actual keywords that define the configuration
To create or modify the router's configuration, use the commands that are available in configuration mode to add statements to the configuration that define the behavior of the router.

Exclusive Configuration:
In Junos OS, multiple users can enter configuration mode and commit changes, by default. The 'configure exclusive' command is used to allow only a single user to edit the configuration. Uncommitted changes are always discarded when you use the 'configure exclusive' command when users exit. In contrast, uncommitted changes are retained when you use the standard configure command.

Private Configuration:
Entering configuration mode using the 'configure private' command allows multiple users to edit the configuration while committing only their private changes. a 'commit' command is used in the hierarchy to save the configurations. If a private users issues a 'rollback 0' command, the software discards only their changes.

When a user is in private mode, other users must enter private mode or use configure exclusive command to become the master, or they cannot modify the candidate configuration. Exiting private configuration without committing changes results in the loss of any modifications made to the private candidate configuration.
If two users are in private mode and make the same change with different values (Eg. User1 = hostname apple, User2 = hostname orange), the second commit will fail with an error message to avoid configuration conflicts. If the second user issues a second commit command, then the second user's changes into effect.
The 'configure private' command is automatically during chassis clustering is in effect. In some cases, we might want to require users to use only 'configure private' command only. When creating users, we can configure the limit of commands available to the users with the help of assigned properties. If a user is in configuration mode and has altered the candidate configuration, other uses cannot enter configuration mode using the 'exclusive' or 'private' options. The changes made by the first user must be committed or cancelled prior to any other users entering configuration mode with the 'exclusive' or 'private' options.

Statement Hierarchy:
We enter commands in configuration mode, that effect the statement hierarchy. The statement hierarchy stores configuration information and is independent of the CLI operational mode command hierarchy. The commands available in configuration mode are also independent of the commands available in operational mode. Eg. The CLI operational mode includes a 'show' command to display specific operational information, while the CLI configuration mode provides a 'show' command to display the statement hierarchy so, the two commands are independent of each other.

Junos OS organizes the statement hierarchy in a tree structure similar to windows folders or UNIX directories, grouping related information into a particular branch of the tree.

Working on Junos OS

Operational Mode:
The operational mode CLI commands are used to monitor and control the operation of a device running the Junos OS. The operational mode commands exist in a hierarchical structure, as shown in the graphic. Eg. the show command displays various types of information about the system and its environment. One of the possible options for the show command is ospf, which displays information about the Open Shortest Path First (OSPF) protocol. Specifying the interface option, as in the show ospf interface command, outputs information on OSPF interfaces.

Another flexibility of Junos OS is issuing operational mode commands while in configuration mode. It is done with the help of 'run' command. Will be discussed later.

Batch Configuration:
Configuration changes made in Junos OS does not take effect immediately. This design feature allows you to group together and supply multiple configuration changes  to the running configuration as a single unit.

Active Configuration:
The active configuration is the configuration currently operational on the system and is the configuration the system loads during the boot sequence. It is also known as running configuration and startup configuration in other software vendors.

Candidate Configuration:
The candidate configuration is a temporary configuration that might possibly become the active configuration. When you configure a device running the Junos OS, the software creates a candidate configuration and initially populates it with the active configuration running on the device. We then modify the candidate configuration, once satisfied with modifications we can commit the changes. This action causes the candidate configuration to become the active configuration.

The 'configure' command is used to make some changes on active configuration and populated with the contents of the active configuration. After the change is made, 'commit' command is used to save the configuration and make it active. You can easily recover previous configurations by using a 'rollback n' command. The Junos OS maintains a configuration history by storing previously active configurations. The software saves a maximum of 50 configurations. this number indicates the current active configuration, which is also known as rollback 0, and upto 49 previously active configurations.

Junos OS Basics

When we log in as the root user, the software places us at the UNIX shell. a 'cli' command is used to switch us to the CLI mode. When we exit the CLI, we return to the UNIX shell. 'exit' command is used to log out of the shell. Different Modes:

1. Operational Mode: In this mode, we use the CLI to monitor and troubleshoot the device. Different commands such as monitor, ping, show, test and traceroute are used in this mode. They let us to display information and test the connectivity of our network. The character '>' identifies the operational mode. E.g. user@router>
2. Configuration Mode: In configuration mode, we can configure all the properties of the Junos OS. It includes, interfaces, protocols, user access as well as several system hardware properties. 'edit' command is used to switch to configuration mode from operational mode. The '#' character identifies the configuration mode. E.g. user@router#

Basic Helpful Commands: 

• The Junos CLI provides context-sensitive help at any point in a command line. It tells us which options are acceptable at the current point in the command provides a brief description of each command or options. '?' is a universal help command in Junos OS. So, we can get help at any time, we just type '?' mark. 
  
• A spacebar in Junos CLI is used for the completion for commands. So, that we are not always required to type the full command or the command option name for the CLI to recognize it. To complete a command or option that you have partially typed, press the spacebar. If the partially typed letters begin a string that uniquely identifies a command, the CLI displays the complete command name. Otherwise, the CLI beeps to indicate that you have entered an ambiguous command, and it displays the possible completions also. The command completion option is 'on' by default and can be turned 'off'. 'set cli complete-on-space off' command is used to disable the command.
  
• 'Tab' Key can be used to complete system commands and user-deficed variables. Examples of variables include policy names, AS paths, community names and IP addresses. Tab key also offers a list of possible completions if multiple, ambiguous options exists.  It helps to save time and reduce keystrocks and prevent errors.
  
• Emacs-Style Control Keys: The CLI supports Emacs-style keyboard sequences that allows us to move the cursor on a command line and delete specific characters or words.
  
• Use of Pipe (|): As in UNIX pipe is used to filter the give out desired output. The help (?) can be added after the (|) which displays the possible completions for output.
  

Chapter 2: User Interface

There are two interfaces of Junos OS from where we can configure Junons devices.

1. The Junos CLI (Command Line Interface): The Junos CLI is a text-based command shell. Accessing the CLI is done with the help of out-of-band (OoB) serial console connection. The console port settings are predefined and are not user configurable. Second option is with the help of accessing the CLI is over the network (in band) using access protocols such as Telnet or SSH. Unlike the console connection, these access options require configuration for a network port and the access protocol.

   

   Junos OS CLI interface

2. J-Web Interface: It is a Web-based graphical user interface (GUI) that you access by using either HTTP or HTTPS protocols. It provides quick configuration wizards to simplify the most common configuration tasks. For more complicated configurations, the J-Web GUI allows you rto directly edit the system's text configuration file. It is installed and enabled by default on Junos OS. 

   

   Junos OS GUI

Junos OS access, requires login username and password. 'root' user is the super user or administrator in Junos OS. Nonroot users are placed into the CLI automatically. The root or administrator creates user accounts and assigns permissions. The root user must start the CLI from the shell.

CLI and Shell

Overview: Junos Devices

According to the deployment scenario, requirement and network design, Junos OS comes in different shapes and sizes. The platforms running the Junos OS span switching, routing and security and are well suited for a variety of network environments.
Following are some of the routing devices that runs Junos OS:

1. ACX Series: These products deliver simplified end-to-end provisioning and support Layer 2 and Layer 3 functionality with IP/MPLS traffic engineering.
2. LN Series: It provides high-performance network routing, firewall and intrusion detection services (IDS) for harsh environments, including terrestrial, air and sea vehicles and remote data aggregation points.
3. M Series: It is a multiservice routers providing upto 320 Gbps of aggregate half-duplex throughput. It can be deployed in both high-end enterprise and service-provider environments. M Series are used by large enterprises for a number of different roles such as internet gateway router, WAN connectivity router, campus core operates predominantly as a multiservice edge router. It can also be deployed in small and medium cores for peering, route reflector, multicast, mobile and data-center applications.
4. MX Series Ethernet: It provides upto 960 Gbps of aggregate half-duplex throughput. The MX series family is targeted for dense dedicated access aggregation and provider edge services in medium and large point of presence.
5. PTX Series: It is a packet transport switch which is capable of providing up to 16 Tbps of throughput in a single chassis. The PTX Series family is ideal for the service provider super-core and can readily adapt to today's rapidly changing traffic patterns for video, mobility and cloud-based services.
6. T Series core routers: It provides up to 25.6 Tbps of throughput. The T Series family is ideal for service provider environments and is deployed within the core of those networks.
7. Other devices such as the J Series and SRX Series also provides routing functions.

Following are the Junos Switching Devices:

1. EX Series: Ethernet switch which provides up to 6.2 Tbps of full duplex throughput. The EX Series switches are designed for access, aggregation, and core deployments and are well suited for low-density to high-density enterprise and data center environments.
2. QFX Series switches: It provides a high-performance, ultra-low latency, feature-rich L2/L3 device with a wire-speed 10 GbE throughput and standards-based Fibre Channel I/O convergence. For use in data center environments, it provides a ready solution for Juniper's QFabric system.

Following are the Junos Security Devices:

1. J Series: The J series services routers provides up to 2 Gbps of throughput. They are deployed at branch and remote locations in the network to provide all-in-one secure WAN connectivity, IP telephony, and connection to local PCs and servers through integrated Ethernet switching.
2. SRX Series: It is a gateway providing up to 120 Gbps of full duplex throughput. The SRX series family is designed to meet the network and security requirements for consolidated data centers, managed services deployments and aggregation of security services in both enterprise and service provider environments.

JunOS Functionality

Robust, Modular and Scalable:
Junos operating system is based on the FreeBSD UNIX operating system, which is an open-source software system. An advantage to which is the Unix-like environment and Unix executable commands. It functions as a composition of different software processes, which is responsible to handle a completely different portion of the device's functionality. The memory space is allocated to each processes where they run so that a process does not interfere with another. Junos also minimizes the risk of failure of the whole system when one process fails. It is a trusted, secure network operating system powering the high-performance network infrastructure offered by Juniper Networks.

Different Processes

Single Source Code Base:
The software source code base for all the platforms running the Junos operating system is the same. Due to this design, the core features work in a consistent manner across all the platforms running Junos OS. Many features and services are configured and managed the same way, the setup tasks and ongoing maintenance and operation within your network are simplified.
It is platform independed within Juniper hardware systems. After Juniper Networks acquired NetScreen, it also integrated ScreenOS security functions into its own JunOS operating system so that it offers routing and security functions in a single device.

Seperate Control and Forward Planes:
JunOS has two primary software processing components.

• Routing Engine and
• Packet Forwarding Engine

Control Plane and Forwarding Plane

Because of the separation of different planes, the processes that control routing and switching protocols are cleanly separated from the processes that forwards frames, packets or both through device running JunOS. This architecture tunes each process for maximum performance and reliability. This modularity of JunOS is the main reason to support many different platforms from a common code base.
The above picture shows the architecture of Junos. There are two different planes separated by the dashed line. The routing engine above the dashed line is responsible for performing protocol updates and system management. It runs various protocol and management software that reside inside a protected memory environment. The RE maintains the routing tables, bridging table and primary forwarding table and connects to the Packet Frowarding Engine (PFE) through an internal link.
The packet forwarding engine below the dashed line on the above picture, usually runs on separate hardware and is responsible for forwarding transit traffic through the device. In many platforms running the Junos OS, the PFE uses application-specific integrated circuits (ASICs) for increased performance. Because this architecture separates control operations-such as protocol updates and system management-from forwarding operations.It receives the forwarding table from the RE by means of an internal link. FT updatates are a high priority for the Junos OS kernal and are performed incrementally.

Chapter 1: Juniper Network

Juniper Network is a company dedicated to develop network devices. Junos is an network operating system which is used in Juniper Networks Hardware Systems. It is a reliable, high-performance network operating system for routing, switching, and security.  It reduces the time necessary to deploy new services and decreases network operation costs.
Running Junos in a network improves the reliability, performance, and security of existing applications. It automates network operations on a streamlined system, allowing more time to focus on deploying new applications and services. And it's scalable both up and down—providing a consistent, reliable, stable system for developers and operators. Which, in turn, means a more cost-effective solution for your business.