IJOS Lab Guide

Lab 1:
The JU N O S CLI
In this activity, you you will perform the following tasks:

Part 1: Logging In Using the CLI.

Part 2: Experimenting with the CLIs Operational and Configuration Modes.

Page 1

IJOS Lab Guide

Part 1: Logging In Using the CLI

Step 1.1
One pod will be assigned to you before you start the lab exercise. Check with your
instructor if you are unsure. Verify the IP address and default gateway of each host and
make sure they match the address listed on the network diagram.
Note: P is your pod number.
Host Name
INSIDE-PA
INSIDE-PB
DMZ-P
REMOTE-P

IP Address
10.0.P.10 /24
10.0.P.11 /24
172.16.P.10 /24
172.26.26.P /24

Default Gateway
10.0.P.1
10.0.P.1
172.16.P.1
172.26.26.150

Step 1.2
To access the IJOS Lab from the web:
1. Access to the TP Lab Portal / SSL VPN.
2. login using the username / password provided by your instructor.
3. Select the assigned pod number to access your device.

Step 1.3
To access the CLI of SRX device, log in to SRX with root account and access the
command line interface by using CLI command.
Amnesiac (ttyu0)
login: root
Password: ( without password or juniper123)
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
root@% cli
root>

Step 1.4
Enter the configuration mode of SRX device.
root> configure
Page 2

IJOS Lab Guide

Entering configuration mode

[edit]
root# delete
This will delete the entire configuration
Delete everything under this level? [yes,no] (no) yes

Step 1.5
Setup a password for root account, use password: juniper123
Note: without password for root account, you will not be able to commit any
configuration.
[edit]
root# set system root-authentication plain-text-password
New password: juniper123
(Do not use other password!)
Retype new password: juniper123
(Do not use other password!)

Step 1.6
Create a new admin account. Use username: admin and password: juniper123. This
user should belong to default super-user login class.
Do not use other password!
[edit]
root# set system login user admin class super-user authentication plain-text-password
New password: juniper123
(Do not use other password!)
Retype new password: juniper123
(Do not use other password!)

Step 1.7
Disable the firewall function of your SRX. This command will leave your SRX as a routing
device only.
[edit]
root# set security forwarding-options family mpls mode packet-based
[edit]
root# commit and-quit
warning: You have changed mpls flow mode.
You have to reboot the system for your change to take effect.
If you have deployed a cluster, be sure to reboot all nodes.
commit complete
Page 3

IJOS Lab Guide

Exiting configuration mode

Step 1.8
Reboot your SRX device for the mpls packet mode to take effect.
root> request system reboot
Reboot the system ? [yes,no] (no) yes
Shutdown NOW!
[pid 1669]
root>
*** FINAL System shutdown message from root@ ***
System going down IMMEDIATELY

Part 2: Experimenting with the CLIs Operational and Configuration

Modes
Step 2.1
Login to your SRX device using the account created in previous step.
Amnesiac (ttyu0)
login: admin
Password: juniper123
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
admin>

Step 2.2
Determine what system information you can clear from the operational mode command
prompt.
admin> clear ?
Page 4

IJOS Lab Guide

Possible completions:
amt
arp
auto-configuration
bfd
bgp
bridge
chassis
database-replication
dhcpv6
dot1x
esis
ethernet-switching
firewall
gvrp
helper
igmp
igmp-snooping
interfaces
ipv6
isdn
isis
l2-learning
lacp
ldp
lldp
log
mld
mpls
msdp
multicast
network-access
ospf
ospf3
passive-monitoring
pfe
pgm
pim
ppp
pppoe
r2cp
rip
ripng
rsvp
security

Show AMT Protocol information

Clear address resolution information
Clear auto-configuration action
Clear Bidirectional Forwarding Detection information
Clear Border Gateway Protocol information
Clear learned Layer 2 MAC address information
Clear chassis information
Clear database replication information
Clear DHCPv6 information
Clear 802.1X session
Clear end system-to-intermediate system information
Clear ethernet switching information
Clear firewall counters
Clears Generic VLAN Registration Protocol information
Clear port-forwarding helper information
Clear Internet Group Management Protocol information
Clear IGMP snooping information
Clear interface information
Clear IP version 6 information
Clear Integrated Services Digital Network information
Clear Intermediate System-to-Intermediate System information
Clear learned Layer 2 MAC address information
Clear Link Aggregation Control Protocol information
Clear Label Distribution Protocol information
Clear Link Layer Discovery Protocol information
Clear contents of log file
Clear multicast listener discovery information
Clear mpls information
Clear Multicast Source Discovery Protocol information
Clear multicast information
Clear network-access related information
Clear Open Shortest Path First information
Clear Open Shortest Path First version 3 information
Clear passive monitoring statistics
Clear Packet Forwarding Engine information
Clear Pragmatic Generalized Multicast information
Clear Protocol Independent Multicast information
Clear PPP information
Clear PPP over Ethernet information
Clear Radio-to-Router Protocol information
Clear Routing Information Protocol information
Clear Routing Information Protocol for IPv6 information
Clear Resource Reservation Protocol information
Clear security information
Page 5

IJOS Lab Guide

services
snmp
spanning-tree
system
vpls
vrrp
wlan

Clear
Clear
Clear
Clear
Clear
Clear
Clear

services
Simple Network Management Protocol information
Spanning Tree Protocol information
system information
learned Layer 2 MAC address information
Virtual Router Redundancy Protocol statistics
Wireless LAN information

Question:

Which command do you use to clear the contents of a system log (syslog) file?
____________________________________________________________________________

Answer:

Use the clear log log-filename command to clear the contents of a particular
syslog file.

Step 2.3
Experiment with command completion by entering show i<space>.
admin> show i
^
'i' is ambiguous.
Possible completions:
iccp
igmp
igmp-snooping
ingress-replication
interfaces
ipv6
isdn
isis

Show
Show
Show
Show
Show
Show
Show
Show

Inter Chassis Control Protocol information

Internet Group Management Protocol information
IGMP snooping information
Ingress-Replication tunnel information
interface information
IP version 6 information
Integrated Services Digital Network information
Intermediate System-to-Intermediate System information

Step 2.4
Add characters to disambiguate your command so that you can display interfacerelated information; use the Spacebar or Tab key for automatic command completion.
Note: You can return to the command prompt without scrolling through all of the
generated output from a command. Enter the Ctrl+c key sequence to abort the operation
and return to the command prompt.
admin> show int<space>erfaces
Physical interface: ge-0/0/0, Enabled, Physical link is Down
Interface index: 134, SNMP ifIndex: 507
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps,
Page 6

IJOS Lab Guide

BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,

Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled,
Remote fault: Online
Device flags : Present Running Down
Interface flags: Hardware-Down SNMP-Traps Internal: 0x0
Link flags
: None
CoS queues
: 8 supported, 8 maximum usable queues
Current address: 00:26:88:e1:60:00, Hardware address: 00:26:88:e1:60:00
Last flapped : 2012-05-05 09:50:21 UTC (00:01:36 ago)
Input rate
: 0 bps (0 pps)
Output rate
: 0 bps (0 pps)
Active alarms : LINK
Active defects : LINK
Interface transmit statistics: Disabled
Physical interface: gr-0/0/0, Enabled, Physical link is Up
Interface index: 151, SNMP ifIndex: 525
Type: GRE, Link-level type: GRE, MTU: Unlimited, Speed: 800mbps
Link flags
: Scheduler Keepalives DTE
Device flags : Present Running
Interface flags: Point-To-Point
Input rate
: 0 bps (0 pps)
Output rate
: 0 bps (0 pps)
<Output Omitted>

Step 2.5
Try to clear SNMP statistics by entering the clear snmp command.
admin> clear snmp
^
syntax error, expecting <command>.
Question:

What do you think the resulting display means?

____________________________________________________________________________

Answer:

The display indicates that the command was incomplete as entered. The
caret symbol (^) indicates the area of the problem, and the error message
tells you that the system expects additional command input.

Step 2.6

Page 7

IJOS Lab Guide

Verify that the CLI does not let you complete invalid commands by trying to enter the
command show ip interface brief.
admin> show ip<space>
admin> show ipv6
admin> show ipinterfacebrief
^
syntax error, expecting <command>.
Question:

What happens when you try to enter this command?

____________________________________________________________________________

Answer:

The systems command completion feature completes a show ipv6

command in this case because ipv6 is the only valid completion. If you
attempt to continue with invalid syntax, the system informs you of your
error. Unlike some CLI implementations, the Junos OS will not let you waste
time typing in an illegitimate command!

Step 2.7
Enter a show system users followed by a show system license command. You are
entering these commands to demonstrate command history recall. When finished, enter
the keyboard sequences indicated to answer the related questions.
admin> show system users
9:54AM up 7 mins, 1 user, load averages: 0.13, 1.21, 0.84
USER
TTY
FROM
LOGIN@ IDLE WHAT
admin
u0
9:49AM
- -cli (cli)
admin> show system license
License usage:
Feature name
av_key_kaspersky_engine
anti_spam_key_sbl
wf_key_surfcontrol_cpa
idp-sig
dynamic-vpn
ax411-wlan-ap
logical-system

Licenses
used
0
0
0
0
0
0
0

Licenses
installed
1
1
1
1
50
2
1

Licenses installed:
Page 8

Licenses
needed
0
0
0
0
0
0
0

Expiry
2015-04-10
2015-04-10
2015-04-10
2015-04-10
permanent
permanent
permanent

00:00:00
00:00:00
00:00:00
00:00:00

UTC
UTC
UTC
UTC

IJOS Lab Guide

License identifier: JUNOS345637

License version: 2
Valid for device: AG3809AA0008
Features:
av_key_kaspersky_engine - Kaspersky AV
date-based, 2011-10-13 00:00:00 UTC - 2011-12-12 00:00:00 UTC
<Output Omitted>

Question:

What happens when you press Ctrl+p twice?

____________________________________________________________________________

Answer:

The system recalls the show system users command and displays it at the
prompt.

Question:

What happens when you press Ctrl+n ?

____________________________________________________________________________

Answer:

The system recalls the next command in the buffer, which is a show system
license command in this example.

Question:

What happens when you use the Up Arrow and Down Arrow keys?
____________________________________________________________________________

Answer:

The Up Arrow and Down Arrow keys function as substitutes for the Ctrl+p and
Ctrl+n sequences as long as the system is configured for VT100-type emulation,
which is the default.

Step 2.8
In many cases, the output of a command might exceed one full screen. For example, the
show interfaces interface-name extensive command displays a lot of information
about the specified interface. Enter this command now for your systems ge-0/0/0
interface, and answer the following questions. Use the h key as needed to obtain help
when CLI output is paused at the ---(more)--- prompt.
admin> show interfaces ge-0/0/0 extensive
Physical interface: ge-0/0/0, Enabled, Physical link is Down
Interface index: 134, SNMP ifIndex: 507, Generation: 137
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
Page 9

IJOS Lab Guide

Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled,

Remote fault: Online
Device flags : Present Running Down
Interface flags: Hardware-Down SNMP-Traps Internal: 0x0
Link flags
: None
CoS queues
: 8 supported, 8 maximum usable queues
Hold-times
: Up 0 ms, Down 0 ms
Current address: 00:26:88:e1:60:00, Hardware address: 00:26:88:e1:60:00
Last flapped : 2012-05-05 09:50:21 UTC (00:06:27 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes :
0
0 bps
Output bytes :
0
0 bps
Input packets:
0
0 pps
Output packets:
0
0 pps
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0,
L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0,
FIFO errors: 0, Resource errors: 0
---(more)---

Question:

What effect does pressing the Spacebar have?

____________________________________________________________________________

Answer:

The Spacebar causes the display to scroll forward to display the next screen of
output.

Question:

What effect does pressing the Enter key have on the paused output?
____________________________________________________________________________

Answer:

The Enter key causes the display to scroll forward by one line.

Question:

What effect does pressing the b key have?

____________________________________________________________________________

Answer:

Pressing the b key causes the display to scroll backwards by one full screen, up
to the point where the first full screen of information displays.

Question:

What effect does pressing the u key have?

____________________________________________________________________________

Page 10

IJOS Lab Guide

Answer:

Pressing the u key causes the display to scroll backwards by one half of a
screen, up to the point where the first screen displays.

Question:

Which key would you press to search forward through a display that consists
of multiple screens of output?
____________________________________________________________________________

Answer:

To search forward, press the forward slash (/) character followed by the
search pattern.

Step 2.9
Use the pipe ( | ) and match functions of the Junos CLI to list all interfaces that are
physically down.
admin> show interfaces | match down
Physical interface: ge-0/0/0, Enabled, Physical link is Down
Device flags : Present Running Down
Interface flags: Hardware-Down SNMP-Traps Internal: 0x0
Physical interface: ge-0/0/4, Enabled, Physical link is Down
Device flags : Present Running Down
Interface flags: Hardware-Down SNMP-Traps Internal: 0x0
Physical interface: ge-0/0/6, Enabled, Physical link is Down
Device flags : Present Running Down
Interface flags: Hardware-Down SNMP-Traps Internal: 0x0

Question:

Are any of your interfaces listed as Down?

____________________________________________________________________________

Answer:

In this example, the answer is yes; several interfaces show as Down. The
interfaces shown might vary depending on your lab environment.

Question:

Can you think of a way to have the Junos OS count the number of interfaces
that are physically down? (Hint: Remember that you can use the results of one
pipe as input to another pipe operation.)
____________________________________________________________________________

Answer:

To count the number of down interfaces, pipe the results of the previous
command to the CLI count function. In this example, we included an extra
match function to ensure that the software does not count interfaces that are
down both logically and physically more than once:
Page 11

IJOS Lab Guide

admin> show interfaces | match down | match Physical | count

Count: 3 lines

Step 2.10
A large portion of the Junos OS documentation is available directly from the CLI. You
can retrieve high-level topics using the help topic command, whereas you can obtain
detailed configuration-related information with the help reference command.
Use the help reference command along with the CLI question-mark operator (?) to find
detailed information about configuring a system hostname.
Question:

Which CLI command displays reference information about configuration of the

systems hostname?
____________________________________________________________________________

Answer:

The help reference system host-name command displays information

regarding system hostnames:

admin> help reference system host-name

host-name
Syntax
host-name hostname;
Hierarchy Level
[edit system]
Release Information
Statement introduced before JUNOS Release 7.4.
Statement introduced in JUNOS Release 9.0 for EX Series switches.
Description
Set the hostname of the router or switch.
Options
hostname--Name of the router or switch.
Required Privilege Level
system--To view this statement in the configuration.
system-control--To add this statement to the configuration.
Related Topics
* Configuring the Hostname of the Router

Step 2.11
Enter configuration mode.
Page 12

IJOS Lab Guide

admin> configure
Entering configuration mode
[edit]
admin#

Question:

What happens to your prompt?

____________________________________________________________________________

Answer:

A pound sign (#) replaces the angle bracket (>), and a configuration hierarchy
banner displays.

Question:

According to the prompt, what is your position in the configuration hierarchy?

____________________________________________________________________________

Answer:

The display indicates that you are now at the [edit] hierarchy, which is the root
of the configuration tree:

Step 2.12
Display the interfaces portion of the candidate configuration.
[edit]
admin# show interfaces
[edit]
admin#
Note: You will not see any configuration under the interfaces hierarchy, since you have
deleted all configuration in previous step.

Step 2.13
Position yourself at the [edit interfaces] configuration hierarchy.
[edit]
admin# edit interfaces
[edit interfaces]
admin#

Page 13

IJOS Lab Guide

Question:

What happens to the banner?

____________________________________________________________________________

Answer:

The banner now correctly shows that the user is at the [edit interfaces]
portion of the configuration hierarchy.

Question:

What is the result of a show command now?

____________________________________________________________________________

Answer:

A show command displays information pertaining only to configuration

statements at and below the current hierarchy. In this case, you will not see any
configuration under the interfaces hierarchy, since you have deleted all
configuration in previous step:

Step 2.14
Move to the [edit protocols ospf] portion of the hierarchy. This step requires that you
first visit the root of the hierarchy, as you cannot jump directly between branches. You
can perform this step with a single command in the form of top edit protocols ospf,
however.
[edit interfaces]
admin# top edit protocols ospf
[edit protocols ospf]
admin#

Question:

Which commands can you now enter to reposition yourself at the [edit]
portion of the hierarchy? Return to the [edit] hierarchy level now.
____________________________________________________________________________

Answer:

You can issue an up command twice, or an up 2 command. You can also issue
an exit command or a top command.

[edit protocols ospf]

admin# top
[edit]
admin#
Note: If you have not already done so, return to the [edit] hierarchy level using one of the
available methods.
Page 14

IJOS Lab Guide

Step 2.15
Try to display the status of chassis hardware with a show chassis hardware operational
command while in configuration mode.
[edit interfaces]
admin# top edit protocols ospf
[edit protocols ospf]
admin# show chassis
^
syntax error.

Question:

Why do you think you received an error? What can you do to execute
operational mode commands while in configuration mode? Try that now.
____________________________________________________________________________

Answer:

The command issued is not valid in configuration mode. Precede operational

mode commands with the keyword run to execute them while in configuration
mode:

[edit protocols ospf]

admin# run show chassis hardware
Hardware inventory:
Item
Version Part number Serial number
Chassis
AG3809AA0008
Routing Engine REV 36 750-021793 AAAL3327
FPC 0
PIC 0
Power Supply 0

Description
SRX240H
RE-SRX240H
FPC
16x GE Base PIC

Step 2.16
Try to return to operational mode by entering an exit command.
[edit protocols ospf]
admin# top
[edit]
admin# exit
The configuration has been changed but not committed
Exit with uncommitted changes? [yes,no] (yes) no
Page 15

IJOS Lab Guide

Question:

What happens when you execute the exit command?

____________________________________________________________________________

Answer:

You should see a message indicating that uncommitted changes exist. This
message results from the creation of an empty [edit protocols ospf] stanza.
This empty stanza causes the configuration database to believe that the
configuration actually changed.

Question:

Which CLI command can you use to display differences between the candidate
and active configuration file? Enter no at the current prompt and issue the
required command to view the differences between the candidate and active
configurations.
____________________________________________________________________________

Answer:

Use the show command with the results piped to compare rollback number. In
this example, you should not see any actual configuration changes, as shown in
the following sample capture:

[edit]
admin# show | compare rollback 0
[edit]
admin#

Question:

Considering that nothing changed, which command can you enter to allow an
exit from configuration mode without being warned of uncommitted changes?
Issue that command now?
____________________________________________________________________________

Answer:

Issue a rollback 0 command to replace the candidate configuration with a new

copy of the active configuration. You can now exit configuration mode without
being warned of uncommitted changes:

[edit]
admin# rollback 0
load complete
[edit]
admin# exit
Exiting configuration mode
Page 16

IJOS Lab Guide

admin>

Step 2.17
Save the current configuration to admins home directory.
admin> file list
/cf/var/home/admin/:
.ssh/
admin> configure
Entering configuration mode
[edit]
admin# save IJOS.LAB1
Wrote 25 lines of configuration to 'IJOS.LAB1'
[edit]
[edit]
admin# run file list
/cf/var/home/admin/:
.ssh/
IJOS.LAB1

By saving your current configuration, you are able to rollback at anytime.

For Example:
[edit]
admin# load override IJOS.LAB1
load complete
[edit]
admin# commit
commit complete

Tell your instructor that you have completed this lab.

Page 17