CLI Configuration Mode Overview
The configuration mode of the Junos OS CLI enables you to configure a device, using configuration statements to set, manage, and monitor device properties.
Understanding CLI Configuration Mode
You can configure all Junos OS properties, including interfaces, general routing information, routing protocols, and user access, as well as several system hardware properties.
As Understanding the Junos OS CLI Modes, Commands, and Statement Hierarchies describes, a device configuration is stored as a hierarchy of statements. In configuration mode, you create a set of configuration statements to use. When you finish entering the configuration statements and are certain they are complete and correct, you commit them, which activates the configuration on the device.
You can create the configuration interactively, or you can create an ASCII text file containing the configuration, load it on the device, and commit it.
- Configuration Mode Commands
- Configuration Statements and Identifiers
- Configuration Statement Hierarchy
Configuration Mode Commands
The following table summarizes each CLI configuration mode command. The commands are organized alphabetically.
|
Command |
Description |
|---|---|
|
|
Remove the |
|
|
Add comments to a configuration. You can add comments only at the current hierarchy level. |
|
|
Commit the set of changes to the database and cause the changes to take operational effect. |
|
|
Make a copy of an existing statement in the configuration. |
|
|
Add the |
|
|
Delete a statement or identifier. All subordinate statements and identifiers contained within the specified statement path are deleted with it. |
|
|
Move inside the specified statement hierarchy. If the statement does not exist, it is created. |
|
|
Exit the current level of the statement hierarchy, returning to
the level before the last edit command, or exit from
configuration mode. The |
|
|
Manage configurations that SDK application packages contribute. Manage them by either displaying or deleting user-defined configurations that the named SDK application package contributed. A configuration defined in any native Junos OS package is never deleted by the extension command. |
|
|
Display help about available configuration statements. |
|
|
Insert an identifier into an existing hierarchy. |
|
|
Load a configuration from an ASCII configuration file or from terminal input. Your current location in the configuration hierarchy is ignored when the load operation occurs. |
|
|
Exit the current level of the statement hierarchy, returning to
the level before the last edit command, or exit from
configuration mode. The |
|
|
Rename an existing configuration statement or identifier. |
|
|
Replace identifiers or values in a configuration. |
|
|
Return to a previously committed configuration. The software
saves the last 10 committed configurations, including the
rollback number, date, time, and name of the user who issued the
|
|
|
Run a CLI command without exiting from configuration mode. |
|
|
Save the configuration to an ASCII file. The configuration statements up to and including the current level of the statement hierarchy are saved, along with the statement hierarchy containing it. This action allows a section of the configuration to be saved, while fully specifying the statement hierarchy. |
|
|
Create a statement hierarchy and set identifier values. This
command is similar to |
|
|
Display the current configuration. |
|
|
Display the users currently editing the configuration. |
|
|
Return to the top level of configuration command mode, which is
indicated by the |
|
|
Move up one level in the statement hierarchy. |
|
|
Update a private database. |
|
|
Delete a statement or identifier. All subordinate statements and identifiers contained within the specified statement path are deleted with it. You can use regular expressions to specify a pattern. Based on this pattern, the operating system searches for items that contain these patterns and deletes them. |
Configuration Statements and Identifiers
You can configure device properties by including the corresponding statements in the configuration. Typically, a statement consists of a system-defined keyword, which is fixed text, and an optional identifier. An identifier is an identifying name that you can define, such as the name of an interface or a username, which enables you and the CLI to differentiate among a collection of statements.
Table 2 lists top-level configuration statements. See CLI Explorer for information about each configuration statement.
|
Statement |
Description |
|---|---|
|
|
Configure the Challenge Handshake Authentication Protocol (CHAP). |
|
|
Configure accounting statistics data collection for interfaces and firewall filters. |
|
|
Configure properties of the router chassis, including conditions that activate alarms and SONET/SDH framing and concatenation properties. |
|
|
Configure class-of-service parameters. |
|
|
Configure filters that select packets based on their contents. |
|
|
Configure forwarding options, including traffic sampling options. |
|
|
Configure configuration groups. |
|
|
Configure interface information, such as encapsulation, interfaces, virtual channel identifiers (VCIs), and data-link connection identifiers (DLCIs). |
|
|
Configure routing policies, which enable you to filter and set properties in incoming and outgoing routes. |
|
|
Configure routing protocols, including BGP, IS-IS, LDP, MPLS, OSPF, RIP, and RSVP. |
|
|
Configure one or more routing instances. |
|
|
Configure protocol-independent routing options, such as static routes, autonomous system numbers, confederation members, and global tracing (debugging) operations to log. |
|
|
Configure IP Security (IPsec) services. |
|
|
Configure SNMP community strings, interfaces, traps, and notifications. |
|
|
Configure systemwide properties, including the hostname, domain name, Domain Name System (DNS) server, user logins and permissions, mappings between hostnames and addresses, and software processes. |
Configuration Statement Hierarchy
The Junos OS configuration consists of a hierarchy of statements. There are two types of statements:
-
Container statements, which are branches that can contain other statements (including additional container statements or leaf statements). Container statements at the top of the hierarchy are considered to be the trunk of the hierarchy tree.
-
Leaf statements (contained by container statements), which do not contain other statements.
The container and leaf statements form the configuration hierarchy. Each statement at the top level of the configuration hierarchy resides at the trunk of a hierarchy tree. These top-level statements are container statements, containing other statements that form the tree branches. The leaf statements are the leaves of the hierarchy tree. An individual hierarchy of statements, which starts at the trunk of the hierarchy tree, is called a statement path.
The following illustration shows the hierarchy tree, illustrating a statement path
for the part of the protocol configuration hierarchy responsible for configuring the
hello-interval statement on an interface in an OSPF area.
The protocols statement is a top-level statement at the trunk of the
configuration tree. The ospf, area, and
interface statements are all subordinate container statements
of a higher statement (they are branches of the hierarchy tree). The
hello-interval statement is a leaf on the tree, which in this
case contains a data value, namely the length of the
hello-interval, in seconds.
The following configuration example illustrates the statement hierarchy as shown in Figure 1:
[edit protocols ospf area area-number interface
interface-name]
The command displays the configuration as follows:
protocols {
ospf {
area 0.0.0.0 {
interface so-0/0/0 {
hello-interval 5;
}
interface so-0/0/1 {
hello-interval 5;
}
}
}
}
The CLI indents each level in the hierarchy to indicate each statement’s relative position in the hierarchy. Additionally, in general, it sets off each level with braces, using an open brace at the beginning of each hierarchy level and a closing brace at the end. If the statement at a hierarchy level is empty, the braces are not printed.
Each leaf statement ends with a semicolon. If the hierarchy does not extend as far as a leaf statement, the last statement in the hierarchy ends with a semicolon.
The configuration hierarchy can also contain “oneliners” at the lowest level in the hierarchy. Oneliners remove one level of braces in the syntax and display the container statement, its identifiers, the child or leaf statement, and its attributes all on one line.
For example, dynamic-profile dynamic-profile-name
aggregate-clients; is a oneliner because the
dynamic-profile statement, its identifier
dynamic-profile-name, and leaf statement
aggregate-clients all appear on one line when you run the
show command in configuration mode:
[edit forwarding-options]
user@host# show
dhcp-relay {
dynamic-profile dynamic-profile-name aggregate-clients;
}
Enter and Exit CLI Configuration Mode
You configure Junos OS by entering configuration mode and creating a hierarchy of configuration mode statements.
To enter configuration mode, use the
configurecommand.When you enter configuration mode, the following configuration mode commands are available:
user@host>
configureentering configuration mode [edit] user@host#?possible completions: <[Enter]> Execute this command activate Remove the inactive tag from a statement annotate Annotate the statement with a comment commit Commit current set of changes copy Copy a statement deactivate Add the inactive tag to a statement delete Delete a data element edit Edit a sub-element exit Exit from this level help Provide help information insert Insert a new ordered data element load Load configuration from ASCII file quit Quit from this level rename Rename a statement replace Replace character string in configuration rollback Roll back to previous committed configuration run Run an operational-mode command save Save configuration to ASCII file set Set a parameter show Show a parameter status Show users currently editing configuration top Exit to top level of configuration up Exit one level of configuration wildcard Wildcard operations [edit] user@host>Note:When making configuration changes, commit them before you exit. If you exit configuration mode without committing configuration changes, you lose the intended changes.
You must have configure permission to view and use the
configurecommand. When in configuration mode, you can view and modify only those statements for which you have access privileges.If you enter configuration mode and another user is also in configuration mode, a message shows the user’s name and the part of the configuration the other user is viewing or editing:
user@host>
configureEntering configuration mode Users currently editing the configuration: root terminal d0 (pid 4137) on since 2008-04-09 23:03:07 PDT, idle 7w6d 08:22 [edit] The configuration has been changed but not committed [edit] user@host#Up to 32 users can be in configuration mode simultaneously, and they all can make changes to the configuration at the same time.
To exit configuration mode, use the
exit configuration-modeconfiguration mode command from any level, or use theexitcommand from the top level. For example:[edit protocols ospf area 0.0.0.0 interface so-0/0/0] user@host#
exit configuration-modeexiting configuration mode user@host>[edit] user@host#
exitexiting configuration mode user@host>If you try to exit fconfiguration mode using the
exitcommand and the configuration contains changes that you have not committed, you see the following message and prompt:[edit] user@host#
exitThe configuration has been changed but not committed Exit with uncommitted changes? [yes,no]yesExiting configuration mode user@host>To exit with uncommitted changes without having to respond to a prompt, use the
exit configuration-modecommand. This command is useful when you are using scripts to perform remote configuration.[edit] user@host#
exit configuration-modeThe configuration has been changed but not committed Exiting configuration mode user@host>
See Also
Relative Configuration Mode Commands
The top or up command followed
by another configuration command—such as edit, insert, delete, deactivate, annotate, or show—enables you to quickly move to the top
of the hierarchy or to a level above the area you are configuring.
To issue configuration mode commands from the top
of the hierarchy, use the top command and specify a configuration
command. For example:
[edit interfaces fxp0 unit 0 family inet]
user@host# top edit system login
[edit system login]
user@host#
To issue configuration mode commands from a location higher up in the hierarchy, use the
up configuration mode command. Specify the number of levels you
want to move up in the hierarchy, and then specify a configuration command. For
example:
[edit protocols bgp]
user@host# up 2 activate system
See Also
Command Completion in Configuration Mode
This topic shows you how to access command help and to use basic command completion in CLI
configuration mode. In each case, you access help by using the question mark
(?) character, either alone or with a partial command or configuration
statement.
To list the configuration mode commands, use the ? command alone:
[edit]
user@host# ?
<[Enter]> Execute this command
activate Remove the inactive tag from a statement
annotate Annotate the statement with a comment
commit Commit current set of changes
copy Copy a statement
deactivate Add the inactive tag to a statement
delete Delete a data element
edit Edit a sub-element
exit Exit from this level
extension Extension operations
help Provide help information
insert Insert a new ordered data element
load Load configuration from ASCII file
quit Quit from this level
rename Rename a statement
replace Replace character string in configuration
rollback Roll back to previous committed configuration
run Run an operational-mode command
save Save configuration to ASCII file
set Set a parameter
show Show a parameter
status Show users currently editing configuration
top Exit to top level of configuration
up Exit one level of configuration
wildcard Wildcard operations
[edit]user@host#To list all the statements available at a particular hierarchy level, use ?
after the name of the hierarchy level you wish to view. In this example, see the
edit and edit protocols hierarchies:
[edit] user@host#edit ?Possible completions: > accounting-options Accounting data configuration > chassis Chassis configuration > class-of-service Class-of-service configuration > firewall Define a firewall configuration > forwarding-options Configure options to control packet sampling > groups Configuration groups > interfaces Interface configuration > policy-options Routing policy option configuration > protocols Routing protocol configuration > routing-instances Routing instance configuration > routing-options Protocol-independent routing option configuration > snmp Simple Network Management Protocol > system System parameters user@host#edit protocols ?Possible completions: <[Enter]> Execute this command > bgp BGP options > connections Circuit cross-connect configuration > dvmrp DVMRP options > igmp IGMP options > isis IS-IS options > ldp LDP options > mpls Multiprotocol Label Switching options > msdp MSDP options > ospf OSPF configuration > pim PIM options > rip RIP options > router-discovery ICMP router discovery options > rsvp RSVP options > sapSession Advertisement Protocol options > vrrp VRRP options | Pipe through a command
To list all commands that start with a particular string or letter, enter the string, letter, or
both, and then enter the ? character. This example shows all the
routing-options commands starting with the letter “a”:
user@host# edit routing-options a?
Possible completions:
> aggregate Coalesced routes
> autonomous-system Autonomous system numberThis example shows all configured xe- interfaces. You can display these
interfaces by using the first two letters of the abbreviation (ex) and the ?
character:
user@host# edit interfaces ex?
<interface_name> Interface name
ex-0/2/0 Interface name
ex-0/2/1 Interface name
[edit]
You can also show a list of all configured policy statements:
user@host# show policy-options policy-statement ?
user@host# show policy-options policy-statement
<policy_name> Name to identify a policy filter
lo0only-v4 Name to identify a policy filter
lo0only-v6 Name to identify a policy filter
lo2bgp Name to identify a policy filter
See Also
Notational Conventions Used in Configuration Hierarchies
When you are working in CLI configuration mode, the banner on the line preceding the prompt
indicates the current hierarchy level. In the following example, the level is
[edit protocols ospf]:
[edit protocols ospf] user@host#
Junos OS documentation uses user@host# as the standard
configuration mode prompt. In a CLI session, the prompt shows your user ID and the
configured name of the Juniper Networks device you are working on.
Use the set ? command to display the statements
that you can include in the configuration at the current level. The help apropos command is also context-sensitive, displaying
matching statements only at the current command hierarchy level and
below.
Statements are listed alphabetically within each hierarchy and subhierarchy. An exception occurs if a subhierarchy is so long that it might be difficult to determine where it ends and its next peer statement begins. In case of a very long subhierarchy, the subhierarchy appears at the end of its parent hierarchy instead of in alphabetical order. In this exception scenario, a placeholder appears in the alphabetical position where the subhierarchy would have been listed.
For example, at the [edit interfaces interface-name
unit logical-unit-number] hierarchy level, the
family family-name subhierarchy has more
than 20 child statements, including several subhierarchies with child statements of
their own. The full family family-name hierarchy
appears at the end of its parent hierarchy ([edit
interfaces interface-name
unit logical-unit-number]), and the following
placeholder appears at its alphabetical position:
family family-name {
... the family subhierarchy appears after the main [edit interfaces interface-name unit logical-unit-number] hierarchy ...
}
Another exception to alphabetical order is that the disable statement always
appears first in any hierarchy that includes it.