Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Join Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions as they discuss ongoing efforts to support digital transformation.
Register to attend
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Join us for an enlightening webinar with Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; retail guru Jack Stratten of Insider Trends; and Christian Gilby, Director of Product Marketing at Juniper Networks, as they discuss the future of in-store technologies.
Reserve my spot

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS CLI User Guide for Junos OS Using Configuration Statements to Configure a Device

CLI User Guide for Junos OS

Junos OS Junos OS Evolved
keyboard_arrow_up
close
keyboard_arrow_left
CLI User Guide for Junos OS
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

CLI Configuration Mode Overview

date_range 22-Nov-23
arrow_backward
arrow_forward

The configuration mode of the Junos OS CLI enables you to configure a device, using configuration statements to set, manage, and monitor device properties.

Understanding CLI Configuration Mode

You can configure all Junos OS properties, including interfaces, general routing information, routing protocols, and user access, as well as several system hardware properties.

As Understanding the Junos OS CLI Modes, Commands, and Statement Hierarchies describes, a device configuration is stored as a hierarchy of statements. In configuration mode, you create a set of configuration statements to use. When you finish entering the configuration statements and are certain they are complete and correct, you commit them, which activates the configuration on the device.

You can create the configuration interactively, or you can create an ASCII text file containing the configuration, load it on the device, and commit it.

Configuration Mode Commands

The following table summarizes each CLI configuration mode command. The commands are organized alphabetically.

Table 1: Summary of Configuration Mode Commands

Command

Description

activate

Remove the inactive: tag from a statement. Statements or identifiers that have been activated take effect when you next issue the commit command.

annotate

Add comments to a configuration. You can add comments only at the current hierarchy level.

commit

Commit the set of changes to the database and cause the changes to take operational effect.

copy

Make a copy of an existing statement in the configuration.

deactivate

Add the inactive: tag to a statement, effectively commenting out the statement or identifier from the configuration. Statements or identifiers marked as inactive are ignored when you issue the commit command.

delete

Delete a statement or identifier. All subordinate statements and identifiers contained within the specified statement path are deleted with it.

edit

Move inside the specified statement hierarchy. If the statement does not exist, it is created.

exit

Exit the current level of the statement hierarchy, returning to the level before the last edit command, or exit from configuration mode. The quit and exit commands are equivalent.

extension

Manage configurations that SDK application packages contribute. Manage them by either displaying or deleting user-defined configurations that the named SDK application package contributed. A configuration defined in any native Junos OS package is never deleted by the extension command.

help

Display help about available configuration statements.

insert

Insert an identifier into an existing hierarchy.

load

Load a configuration from an ASCII configuration file or from terminal input. Your current location in the configuration hierarchy is ignored when the load operation occurs.

quit

Exit the current level of the statement hierarchy, returning to the level before the last edit command, or exit from configuration mode. The quit and exit commands are equivalent.

rename

Rename an existing configuration statement or identifier.

replace

Replace identifiers or values in a configuration.

rollback

Return to a previously committed configuration. The software saves the last 10 committed configurations, including the rollback number, date, time, and name of the user who issued the commit configuration command.

run

Run a CLI command without exiting from configuration mode.

save

Save the configuration to an ASCII file. The configuration statements up to and including the current level of the statement hierarchy are saved, along with the statement hierarchy containing it. This action allows a section of the configuration to be saved, while fully specifying the statement hierarchy.

set

Create a statement hierarchy and set identifier values. This command is similar to edit, except that your current level in the hierarchy does not change.

show

Display the current configuration.

status

Display the users currently editing the configuration.

top

Return to the top level of configuration command mode, which is indicated by the [edit] banner.

up

Move up one level in the statement hierarchy.

update

Update a private database.

wildcard delete

Delete a statement or identifier. All subordinate statements and identifiers contained within the specified statement path are deleted with it. You can use regular expressions to specify a pattern. Based on this pattern, the operating system searches for items that contain these patterns and deletes them.

Configuration Statements and Identifiers

You can configure device properties by including the corresponding statements in the configuration. Typically, a statement consists of a system-defined keyword, which is fixed text, and an optional identifier. An identifier is an identifying name that you can define, such as the name of an interface or a username, which enables you and the CLI to differentiate among a collection of statements.

Table 2 lists top-level configuration statements. See CLI Explorer for information about each configuration statement.

Table 2: Configuration Mode Top-Level Statements

Statement

Description

access

Configure the Challenge Handshake Authentication Protocol (CHAP).

accounting-options

Configure accounting statistics data collection for interfaces and firewall filters.

chassis

Configure properties of the router chassis, including conditions that activate alarms and SONET/SDH framing and concatenation properties.

class-of-service

Configure class-of-service parameters.

firewall

Configure filters that select packets based on their contents.

forwarding-options

Configure forwarding options, including traffic sampling options.

groups

Configure configuration groups.

interfaces

Configure interface information, such as encapsulation, interfaces, virtual channel identifiers (VCIs), and data-link connection identifiers (DLCIs).

policy-options

Configure routing policies, which enable you to filter and set properties in incoming and outgoing routes.

protocols

Configure routing protocols, including BGP, IS-IS, LDP, MPLS, OSPF, RIP, and RSVP.

routing-instances

Configure one or more routing instances.

routing-options

Configure protocol-independent routing options, such as static routes, autonomous system numbers, confederation members, and global tracing (debugging) operations to log.

security

Configure IP Security (IPsec) services.

snmp

Configure SNMP community strings, interfaces, traps, and notifications.

system

Configure systemwide properties, including the hostname, domain name, Domain Name System (DNS) server, user logins and permissions, mappings between hostnames and addresses, and software processes.

Configuration Statement Hierarchy

The Junos OS configuration consists of a hierarchy of statements. There are two types of statements:

  • Container statements, which are branches that can contain other statements (including additional container statements or leaf statements). Container statements at the top of the hierarchy are considered to be the trunk of the hierarchy tree.

  • Leaf statements (contained by container statements), which do not contain other statements.

The container and leaf statements form the configuration hierarchy. Each statement at the top level of the configuration hierarchy resides at the trunk of a hierarchy tree. These top-level statements are container statements, containing other statements that form the tree branches. The leaf statements are the leaves of the hierarchy tree. An individual hierarchy of statements, which starts at the trunk of the hierarchy tree, is called a statement path.

The following illustration shows the hierarchy tree, illustrating a statement path for the part of the protocol configuration hierarchy responsible for configuring the hello-interval statement on an interface in an OSPF area.

Figure 1: Configuration Mode Hierarchy of Statements Configuration Mode Hierarchy of Statements

The protocols statement is a top-level statement at the trunk of the configuration tree. The ospf, area, and interface statements are all subordinate container statements of a higher statement (they are branches of the hierarchy tree). The hello-interval statement is a leaf on the tree, which in this case contains a data value, namely the length of the hello-interval, in seconds.

The following configuration example illustrates the statement hierarchy as shown in Figure 1:

[edit protocols ospf area area-number interface interface-name]

The command displays the configuration as follows:

content_copy zoom_out_map
protocols {
    ospf {
        area 0.0.0.0 {
            interface so-0/0/0 {
                hello-interval 5; 
            }
            interface so-0/0/1 {
                hello-interval 5;
            }
        }
    }
}

The CLI indents each level in the hierarchy to indicate each statement’s relative position in the hierarchy. Additionally, in general, it sets off each level with braces, using an open brace at the beginning of each hierarchy level and a closing brace at the end. If the statement at a hierarchy level is empty, the braces are not printed.

Each leaf statement ends with a semicolon. If the hierarchy does not extend as far as a leaf statement, the last statement in the hierarchy ends with a semicolon.

The configuration hierarchy can also contain “oneliners” at the lowest level in the hierarchy. Oneliners remove one level of braces in the syntax and display the container statement, its identifiers, the child or leaf statement, and its attributes all on one line.

For example, dynamic-profile dynamic-profile-name aggregate-clients; is a oneliner because the dynamic-profile statement, its identifier dynamic-profile-name, and leaf statement aggregate-clients all appear on one line when you run the show command in configuration mode:

content_copy zoom_out_map
[edit forwarding-options]
user@host# show 
dhcp-relay {
    dynamic-profile dynamic-profile-name aggregate-clients;
}

Enter and Exit CLI Configuration Mode

You configure Junos OS by entering configuration mode and creating a hierarchy of configuration mode statements.

  • To enter configuration mode, use the configure command.

    When you enter configuration mode, the following configuration mode commands are available:

    content_copy zoom_out_map
    user@host>configure
entering configuration mode 
[edit] 
user@host#?
possible completions:
  <[Enter]>            Execute this command
  activate             Remove the inactive tag from a statement
  annotate             Annotate the statement with a comment
  commit               Commit current set of changes
  copy                 Copy a statement
  deactivate           Add the inactive tag to a statement
  delete               Delete a data element
  edit                 Edit a sub-element
  exit                 Exit from this level
  help                 Provide help information
  insert               Insert a new ordered data element
  load                 Load configuration from ASCII file
  quit                 Quit from this level
  rename               Rename a statement
  replace              Replace character string in configuration
  rollback             Roll back to previous committed configuration
  run                  Run an operational-mode command
  save                 Save configuration to ASCII file
  set                  Set a parameter
  show                 Show a parameter
  status               Show users currently editing configuration
  top                  Exit to top level of configuration
  up                   Exit one level of configuration
  wildcard             Wildcard operations
[edit]
user@host>
    Note:

    When making configuration changes, commit them before you exit. If you exit configuration mode without committing configuration changes, you lose the intended changes.

    You must have configure permission to view and use the configure command. When in configuration mode, you can view and modify only those statements for which you have access privileges.

  • If you enter configuration mode and another user is also in configuration mode, a message shows the user’s name and the part of the configuration the other user is viewing or editing:

    content_copy zoom_out_map
    user@host> configure 
Entering configuration mode
Users currently editing the configuration:
  root terminal d0 (pid 4137) on since 2008-04-09 23:03:07 PDT, idle 7w6d 08:22
  [edit]
The configuration has been changed but not committed

[edit]
user@host#

    Up to 32 users can be in configuration mode simultaneously, and they all can make changes to the configuration at the same time.

  • To exit configuration mode, use the exit configuration-mode configuration mode command from any level, or use the exit command from the top level. For example:

    content_copy zoom_out_map
    [edit protocols ospf area 0.0.0.0 interface so-0/0/0]
user@host# exit configuration-mode 
exiting configuration mode
user@host>
    content_copy zoom_out_map
    [edit]
user@host# exit 
exiting configuration mode
user@host>

    If you try to exit fconfiguration mode using the exit command and the configuration contains changes that you have not committed, you see the following message and prompt:

    content_copy zoom_out_map
    [edit]
user@host# exit
The configuration has been changed but not committed
Exit with uncommitted changes? [yes,no] yes 
Exiting configuration mode
user@host>

  • To exit with uncommitted changes without having to respond to a prompt, use the exit configuration-mode command. This command is useful when you are using scripts to perform remote configuration.

    content_copy zoom_out_map
    [edit]
user@host# exit configuration-mode
The configuration has been changed but not committed
Exiting configuration mode
user@host>

See Also

Relative Configuration Mode Commands

The top or up command followed by another configuration command—such as edit, insert, delete, deactivate, annotate, or show—enables you to quickly move to the top of the hierarchy or to a level above the area you are configuring.

To issue configuration mode commands from the top of the hierarchy, use the top command and specify a configuration command. For example:

content_copy zoom_out_map
[edit interfaces fxp0 unit 0 family inet]
user@host# top edit system login 
[edit system login]
user@host#

To issue configuration mode commands from a location higher up in the hierarchy, use the up configuration mode command. Specify the number of levels you want to move up in the hierarchy, and then specify a configuration command. For example:

content_copy zoom_out_map
[edit protocols bgp]
user@host# up 2 activate system

See Also

Command Completion in Configuration Mode

This topic shows you how to access command help and to use basic command completion in CLI configuration mode. In each case, you access help by using the question mark (?) character, either alone or with a partial command or configuration statement.

To list the configuration mode commands, use the ? command alone:

content_copy zoom_out_map
[edit]
user@host# ?
  <[Enter]>            Execute this command
  activate             Remove the inactive tag from a statement
  annotate             Annotate the statement with a comment
  commit               Commit current set of changes
  copy                 Copy a statement
  deactivate           Add the inactive tag to a statement
  delete               Delete a data element
  edit                 Edit a sub-element
  exit                 Exit from this level
  extension            Extension operations
  help                 Provide help information
  insert               Insert a new ordered data element
  load                 Load configuration from ASCII file
  quit                 Quit from this level
  rename               Rename a statement
  replace              Replace character string in configuration
  rollback             Roll back to previous committed configuration
  run                  Run an operational-mode command
  save                 Save configuration to ASCII file
  set                  Set a parameter
  show                 Show a parameter
  status               Show users currently editing configuration
  top                  Exit to top level of configuration
  up                   Exit one level of configuration
  wildcard             Wildcard operations
[edit]user@host#

To list all the statements available at a particular hierarchy level, use ? after the name of the hierarchy level you wish to view. In this example, see the edit and edit protocols hierarchies:

content_copy zoom_out_map
[edit]
user@host# edit ?
Possible completions:
> accounting-options  Accounting data configuration
> chassis             Chassis configuration
> class-of-service    Class-of-service configuration
> firewall            Define a firewall configuration
> forwarding-options  Configure options to control packet sampling 
> groups              Configuration groups
> interfaces          Interface configuration
> policy-options      Routing policy option configuration
> protocols           Routing protocol configuration
> routing-instances   Routing instance configuration
> routing-options     Protocol-independent routing option configuration
> snmp                Simple Network Management Protocol
> system              System parameters
user@host# edit protocols ?
Possible completions:
<[Enter]>          Execute this command
> bgp              BGP options
> connections      Circuit cross-connect configuration
> dvmrp            DVMRP options
> igmp             IGMP options
> isis             IS-IS options
> ldp              LDP options
> mpls             Multiprotocol Label Switching options
> msdp             MSDP options
> ospf             OSPF configuration
> pim              PIM options
> rip              RIP options
> router-discovery ICMP router discovery options
> rsvp             RSVP options
> sapSession       Advertisement Protocol options
> vrrp             VRRP options
|                  Pipe through a command

To list all commands that start with a particular string or letter, enter the string, letter, or both, and then enter the ? character. This example shows all the routing-options commands starting with the letter “a”:

content_copy zoom_out_map
user@host# edit routing-options a?
Possible completions:
> aggregate           Coalesced routes
> autonomous-system   Autonomous system number

This example shows all configured xe- interfaces. You can display these interfaces by using the first two letters of the abbreviation (ex) and the ? character:

content_copy zoom_out_map
 user@host# edit interfaces ex?
<interface_name>     Interface name
  ex-0/2/0             Interface name
  ex-0/2/1             Interface name
[edit]

You can also show a list of all configured policy statements:

content_copy zoom_out_map
user@host# show policy-options policy-statement ?
user@host# show policy-options policy-statement
<policy_name>        Name to identify a policy filter
lo0only-v4           Name to identify a policy filter
lo0only-v6           Name to identify a policy filter
lo2bgp               Name to identify a policy filter

See Also

Notational Conventions Used in Configuration Hierarchies

When you are working in CLI configuration mode, the banner on the line preceding the prompt indicates the current hierarchy level. In the following example, the level is [edit protocols ospf]:

content_copy zoom_out_map
[edit protocols ospf]
user@host#
Note:

Junos OS documentation uses user@host# as the standard configuration mode prompt. In a CLI session, the prompt shows your user ID and the configured name of the Juniper Networks device you are working on.

Use the set ? command to display the statements that you can include in the configuration at the current level. The help apropos command is also context-sensitive, displaying matching statements only at the current command hierarchy level and below.

Statements are listed alphabetically within each hierarchy and subhierarchy. An exception occurs if a subhierarchy is so long that it might be difficult to determine where it ends and its next peer statement begins. In case of a very long subhierarchy, the subhierarchy appears at the end of its parent hierarchy instead of in alphabetical order. In this exception scenario, a placeholder appears in the alphabetical position where the subhierarchy would have been listed.

For example, at the [edit interfaces interface-name unit logical-unit-number] hierarchy level, the family family-name subhierarchy has more than 20 child statements, including several subhierarchies with child statements of their own. The full family family-name hierarchy appears at the end of its parent hierarchy ([edit interfaces interface-name unit logical-unit-number]), and the following placeholder appears at its alphabetical position:

content_copy zoom_out_map
family family-name {
    ... the family subhierarchy appears after the main [edit interfaces interface-name unit logical-unit-number] hierarchy ...
}

Another exception to alphabetical order is that the disable statement always appears first in any hierarchy that includes it.

arrow_backward PREVIOUS CLI Environment Settings
NEXT arrow_forward Overview of the Configure Command
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top