JUNOS Cheat-Sheet

Quick Reference www.cciezone.com

Active
n = 1-3
Rollbacks

n = 4-49

Rescue
JUNOS
Images

r.conf.gz
/config/junipe
Stored in
.conf.n.gz
/config/juniper in
ed
or
St
f.n.gz
fig/juniper.con
/config/db/con
.conf.gz
/config/rescue
sy cleanup
/var/tmp for ea

ed in
Should be stor

Disable
Enable

IO

S
interf
ace <n
ame>
shutdo
wn
interf
ace <n
ame>
no shu
tdown

help t
opic
help r
efere
help s
yslog

Upgrad
e
Reboo
t
Shutdo
wn

(all are
operati
onal-m
o
reque
s

t sys
tem

reque
reque
s

de com
m

softw
a

st sy
ste

t sys
tem

re ad
d

-off

Rollback
(apply/restore)

Login as root, run ezsetup

OR
Connect to ge-0/0/0, use DHCP and
access 192.168.1.1 (web or telnet/SSH)
OR
Choose Enter Ezsetup from LCD screen
OR
Connect to me0 and access 192.168.2.1
(EX-series)

w
ho

sy

st

em

t
se

da
em

Set Root
password

me

te
m
ti

e-

zo

ne

IP

interf

<name>

ace <n
ame>

disabl
e
disabl
e

Genera
l topics
Syntax
Lookup

syslog m
sg

nfig
o
c
scue
t re eate it!
l
u
a
r
ef
no d et to c
s
i
g
r
re
The dont fo
Create

i
pt

delete

ands)

m reb
oot

power

nce

JUNOS

set in
terfac
e

request syst
em configur
ation rescue
save
[edit]
rollback re
scue

OR
Press the conf
ig button for les
s than

5 seconds

set system root-authentication plain-text-password

Enable SSH

set system services ssh

Disable Telnet

delete system services telnet

Set Hostname

set system host-name <name>

>

<
s
st
p
ow
on
sy
nt
ti
Sh
t
e
e
t
ia
s
a
t
c
d
so
Se
t
as
se
t
p
Se one
nt
w
ez
)
ho
Tim (NTP ) s
t
P
Se
NT
w(
o
Sh

NT
Ps
erv
er!

Juniper EX-series Cheat Sheet

Th
e

EX
-se

rie
s

can

be

an

Quick Reference www.cciezone.com

All ports are family ethernet-switching

PoE is enabled on all PoE-capable ports
LLDP and RSTP enabled
Virtual chassis system ID is 0 (zero)
mastership-priority of 128

Reset back
to default

load factory-default

rted
tances are suppo
p and
hierarchy (stp, rst
Up to 64 MSTP ins
dit protocols]
[e
der
un
e
gur
Confi
mstp)
over/
Gs) to have a fail
Trunk Groups (RT
Use Redundant
P
ST
of
use
out the
ns]
tch
secondary link with
hing-optio
supported per swi
rnet-switc
Up to 16 RTGs are
[edit ethe
{
p
trunk-grou
redundant0 {
;
group rtg1
idge
br
e
re
-t
ge-0/0/3.0
ng
interface
show spanni
terface
.0;
in
e
e
re
ac
-t
rf
ng
e ge-0/0/4
te
ni
ac
in
an
rf
sp
te
cs
in
ti
ow
sh
atis
ng-tree st
ation
show spanni
}
tp configur
ng-tree ms
ni
an
sp
ow
sh
}

d by
able wins
n
e
is iority
tion
r
-emp ghest p
e
r
P , hi
ul t
def a

kplane
the bac
cts
rts form
o
P
is
terconne
hass
bles in
Virtual C
lane ca
kp
ac
s
S
B
P
C
V
VC
hassis
s into a
er to
Virtual C
switche
uses fib
Ports
er
d
n
s
VCB
te
e
x
h
hassis E
ote switc module
ect rem
Virtual C
k
interconn n 10Gbps uplin
o
d
e
rt
o
to
pp
s
u
used
VCEP
Only s
rotocol
ssages
ontrol P
e
C
m
s
si
ry
has
cove
Virtual C SA-based dis
S
in a VC
ge L
exchan
n PFEs
sed to
ee
tw
e
b
ace u
rf
te
in
VCCP
t
ne
er
th
E
t
en
tack
anagem
switch s
Virtual M administer the
Engine
g
in
rd
a
Forw
V ME
2 PFEs
Packet
0s have
EX 420 have 3 PFEs
24-port
0s
0
EX 42
et
48-port
PF E
port s
ure a V
Config

show
show
show
show
show
show

ME

reques

}
]
vlans
[edit
{
t
0;
tes
.200;
id 20
vlan- rface vlan
e
t
l3-in

default
ports by
l
l
a
t
a
s
er th
Rememb re access port
a

1. Se
t th
set
cha e numbe
ethe ssis ag r of ae in
gr
rnet
ter
devi egated- faces
d
ce-c
ount evices
<#>
2. Bin
d the
phys
ical in
set
inter terface
inte
face
to th
r
f
opti
a
e ae
ons ces <n
ame>
802.
3ad
ethe
<ae_
r
int> 3. Se
t the
ae in
te
(phy
sical rface pr
o
and
logic perties
al)

1. Set the port mode to trunk

set interfaces <name> unit <#>
family ethernet-switching portmode trunk

have to
unit doesnt
The VLAN
LAN ID
match the V ommend it
s rec
best-practice

]
faces
inter
[edit
{
vlan
200 { net {
4
unit
1.1/2
y i
famil ress 10.1.
add
}

unk-group

Up to 8 interfac
es in a single
LAG
Max # LAGs:
EX 3200 = 32
LAGs per sw
itch
EX 4200 = 64
LAGs per sw
itch
VCS = 128 LA
Gs per VCS
Trunks do no
t have to have
a native VLAN

If me0 isnt configured as a L3

interface, it is automatically
assigned to the mgmt VLAN

chassis hardware
virtual-chassis status
virtual-chassis active-topology
virtual-chassis interfaces
virtual-chassis member-config
virtual-chassis protocol

vcassis
ual-ch port <#>
t virt
#>
<
ot
pic-sl

.
routing
VLAN
s interS.
e
id
IO
v
n
ro
o
P
SVI
Like an

ant-tr
show redund

with a
200 comes
Each EX 4
CB
-meter V
Up to 1
0(
can be s ten) EX 4200
tacked
into a V s
CS

2. Set the VLAN membership on the trunk

set interfaces <name> unit <#>
family ethernet-switching vlan
members <name(s)>

3. Set the native VLAN (optional)

set interfaces <name> unit <#>
family ethernet-switching
native-vlan-id <name>

ng
tchi
-swi
t
e
n
ther
ly e
Por
fami
e
r
L2
u
g
Confi
inet
mily
e fa
r
L3
u
g
Confi
:
n be
ts ca

Juniper EX-series Cheat Sheet

Quick Reference www.cciezone.com

s route
used if it N
ly
n
o
is
This
the VLA
outside of
Port
Firewall
Filter
(PACL)

Ingress /
Received
Packet

VLAN
Firewall
Filter
(VACL)

Router
Firewall
Filter
(RACL)

VLAN
Firewall
Filter
(VACL)

Egress /
Transmit
Packet

Mitigate
rogue D
servers HCP
!
}

sted
= untru
ed
= trust

sts:
Port Tru port
Default
Access rt
po
Trunk

ns]
le:
Examp ching-optio
uration
Config thernet-swit {
e
t
[edit
ss-por /0/0.0 {
-acce
-0
secure rface ge ed;
st
inte
ru
-t
dhcp
{
0/1.0
}
ge-0/
rface -trusted;
te
n
i
cp
dh
on

MA
On C Lim
ly a
i
llow ting p
s s rote
Lim
tat
cts
its
the OR ically the C
-de
num
MA
fine AM:
ber
dM
sh C Lim
of d
AC
ut
yna
do iting
add
dr
mic
wn
act
op
res
ion
ally
lo
(
ses
(
b
d
g
rop lock s:
-lea
(
no
rne
ne does s the s dat
dM
pac a tr
(do not
AC
af
k
not dro
add
Co
p et a fic &
do
n
res
any pack nd ge gen
[e figu
ses
e
e
n
di
t
r
t
r
h
atio
, bu era
ate
i
t
n
se
g
t
s
n
e
t ge es
)
cu
s
y
re ther Exa
a
ste
ner
-a
s
m
n
y
m
e
ate
s
c
p
in
te cess t-sw le:
s a tem l log e
rf
it
-p
sys og e ntr
a
y)
tem
al ce g ort chin
nt
}
lo
g
{
e
-o
log ry)
we
in
pt
d- 0/0/
ent
te
io
ma
rf
0
ry)
ns
.0
c
ac
]
[
e
{
m
ac

00
-l ge-0
:0
im
0:
it /0/1
00
:0
.0
2
0:
ac
{
00
ti
:0
on
1
sh
];
ut
do
wn
;

Ex
to a m i n
vie e
s
w
th e h o w
Us
M A et
e
in cl
h
C
te ea
ta b e r n
rf r
le. eta
e
Lo
ce th
sw
it
<n ern
Li m ok at
ch
am et
itin sh
in
e> -s
g
g v ow
wi
t
o
ta
i ol
cle tc
a ti l o g
bl
hi
a
on
e
r
vio ng
me m e s
l at
t
s s sag
a
ion
b
ag
e
l
s.
e
es s
.
fo r
MA
C

}
{
test
p;
vlan
e-dhc
examin
}
}

show dhcp snooping binding

clear dhcp snooping binding

s in the DHCP
mining entrie
ooping
Relies on exa
uires DHCP Sn
req
so
le,
tab
lt
Snooping
ANs by defau
VL
all
on
led
Disab
N basis
on a per-VLA
d
It is enabled
red as a truste
that is configu
o setup as a
Any interface
ooping is als
Sn
CP
DH
ction)
interface for
es ARP inspe
erface (bypass
DAI trusted int

Example:
Configuration t-switching-options]
it etherne
[ed
ss-port {
{
secure-acce
ge-0/0/0.0
interface
;
dhcp-trusted

Monitoring Co

mmands:

ndings
snnoping bi
show dhcp
atistics
pection st
ins
arp
show

}
{
vlan test
ion;
arp-inspect
-dhcp;
ne
mi
exa
}

DHCP traceoptions are logged to

/var/log/fud by default
}

g
cp
:
hi
dh
ple
.1
.0
am ices
x
0
.
v
E er
10
on

i m s 4 { ow
ra t
gu yste .0/2 ge l
nfi
n
0
{
Co dit s0.0. s-ra
s
s
1
e
es
[

e
0;
ol ddr 0; addr ;
40
0
a
po
86 00;
.1
e.2
me 864
.0 lud .0.0
i
0
c
.
-t me
10
ex
10
i
se
ea e-t
s
-l
um lea {
m
}
xi lt- er 10;
a
v
u
m
0.
er
fa
de e-s .0.1
m
10
na
ct
;
li
54
?
{
nf
.2
co
cp
.0
er
}
dh cp
ut 0.0
:
o
h
1
r
d
es
ds
an vic es
mm er vic
}
Co tem s ser
l
m
efu s
Us w sysyste
}
o
sh ar
e
l
c

Configur
at

ion Exam
[edit
ple:
forwar
ding-o
descri
ptions
ption
he
Main
server
DHCP re lpers bootp]
10.0.4
lay;
0.2;
maximu
m-hopcount
minimu
4;
m-wait
-time
interf
1;
ace {
vlan.2
{
no-lis
ten;
}

ated,
entic

all oth

er ho

sts

are
th
is au
others
s:
host
t, all
mode only first
plican
rt
t)
p
nt
o
n
u
p
a
s

c
X
li
le
lt
pplica
802.1 e (defau first supp its a sing
ch su
e
l
rm
nt, ea
a
c
li
sing ack on th (only pe
p
p
-b
e
le su
piggy e-secur
multip
l
s for
sing )
cces
a
s
it
d
)
denie ple (perm dividually
nds
i
in
seco
mult enticated
36 00
ns
th
Optio od:
is au
&
ters
eri
onds
rame tication P
5 s ec
X Pa
n
en:
802.1 Reauthe 1 to 65,53
d wh
lt
:
is use
u
e
d
n
a
Defa
Rang
t)
gured
lican
confi
s upp
ils
ve a
an be
osts.
AN c tication fa pond (ha
.1X h
L
V
t
s
es
n-802
en
re
u
o
t
th
n
G
n
u
r
s
a
A
n
doe
ss fo
W he
lient
bypa evice.
nac
ation
W he
entic y on the d
th
u
a
ll
an
loca
List is
tored
are s
Static
MAC ddresses
a
MAC

Configuration Example:
[edit protocols dot1x authenticator]
interface {
ge-0/0/0.0 {
guest-vlan test-guest-vlan;
reauthentication 3600;
supplicant single-secure;
}
ge-0/0/3.0 {
no-reauthentication;
}
}
Static {
00:00:00:00:00:01 {
interface ge-0/0/0.0;
}
00:00:00:00:00:02;
}

Monitoring Commands:
show dot1x interface
Show dot1x static-mac-address
show dot1x authentication-failed-users

Juniper EX-series Cheat Sheet

Quick Reference www.cciezone.com

default
to class 0 by
are assigned
All switch ports
power pool
ed from total
Modes:
r port is deduct
fo
r
we
po
x
Static ma
matches
class 0)
tal power pool
(only supports
dgeted from to
bu
r
we
po

ic
Dynam
from the total
consumed
actual power
et is deducted
dg
bu
ss
cla
r
we
Class max po
usage for each
power pool
torical power
his
e
id
ov
pr
s
rie
PoE Telemet
e (PD)
powered devic
fault
Disabled by de 5 minutes (1 to 30 mins)
al is
Default interv
to 24 hrs)
n is 1 hour (1
Default duratio

:
ple
xam
E
{
tion
/0
ura e] -0/0 h; .4;
g
i
f
g
e
o
n
15
i
Co t p e g h r
we
ty
ac
di
[e erf or i m-po s { ;
i
t
u
r
n
ie l 5
m
p
i
;
a
tr
xi
ma eme erv on 1
t
l
in a ti
te
r
du

/1
/0
{
-0
ge es
i
e
ac etr le;
f
b
m
r
}
te ele isa
d
t
in

}
}

s : war
nd
ma hardler
m
o
s
ol
ul C ssi tr ce

n
a
ef
fa
Us o w c h o e c o n t e r
i
p
sh
oe
ow
sh w p
o
sh

Fully in
te
4200 s rchangeable
eries s
witche between EX
320W,
s
3200 a
600W
nd
and 93
0W ca
pacitie
s are a
vailable

LLD
P

Mul

ticas
t

Addr

ess:

Configu
re CoS
b
Use vo
ice VLA efore enabling
N
vo
Use LL
DP-ME on ports with IP ice VLAN
D to sig
to IP ph
phone
nal voic
one
e VLAN s
ID and
Configu
802.1p
ration E
value
[edit
x
a
m
ple:
ether

net-s
voip {
witch
ing-op
tions]
inter
face
ge-0/0
/0 {
vlan
testvoice;
forwa
rding
}
-class
}
voiceep;

01-8
0

-C2
-

00-0
0

Useful
C

mmand
show v
s:
lans
detail
<name>

-0E

bled
P is ena
hen LLD bled by default
w
t
n
e
s
a
en
s are
DP TLV
TLVs are
atory LL
P-MED
All mand l LLDP and LLD
na
All optio
xample:
ration E
Configu otocols]
dit pr

[e
l 30;
nterva
lldp { rtisement-i
adve
ier 2;
ultipl
hold-m erval 30;
t
n
msgTxI d 4;
ol
msgTxH
}
ed;
lldp-m

Assessment

s:
ommand
Useful C p statistics

ld
show l p detail
ld
show l p neighbors
ld
o
show l p local-inf
ld
show l

Maintenance

Design and
Implementation

Juniper EX-series Cheat Sheet

Quick Reference www.cciezone.com

24 to 48-ports
Basic model has 8 PoE ports
Up to 48 PoE ports are supported
Does not support VCS
Intended for access layer usage
Supports redundant power supplies (one internal, one via RPS port)
Field-replaceable PS and fan tray
Uplink modules:
4 x 1Gbps Ethernet (SFP)
2 x 10Gbps Ethernet (XFP)
Line-rate switching (non-blocking)

24 to 48-ports
Basic model has 8 PoE ports
Up to 48 PoE ports are supported
Supports VCS (up to 10 switches in a VCS)
Intended for distribution and access layer usage
Redundant (both internal), hot-swappable PS
Field-replaceable fan tray (3 fans one can fail & not affect operations)
Uplink modules:
4 x 1Gbps Ethernet (SFP)
2 x 10Gbps Ethernet (XFP)
Line-rate switching (non-blocking)

Routing Engine (RE)

Bridging
Table
(BT)

Routing
Table
(RT)

Fwding
Table
(FT)

JUNOS Software

Control Plane
Forwarding Plane

Packet Forwarding Engine (PFE)

Packet Flow

Bridging
Table
(BT)

Fwding
Table
(FT)

Packet Flow