Junos OS Reference

Free reference guide: Junos OS Reference

26 results

About Junos OS Reference

The Junos OS Reference is a comprehensive, searchable cheat sheet for network engineers working with Juniper Networks devices running Junos OS. It covers the six most important operational areas for day-to-day network engineering: Basic Commands (cli mode entry, configure mode, show configuration, commit, commit confirmed, and rollback), Interface (show interfaces terse/extensive, set interfaces with IP address and description, disable/delete, and aggregated-ethernet LAG with LACP), Routing (static routes, OSPF with area and router-ID, BGP with autonomous-system and neighbor, and show route), Firewall (firewall filters as ACLs with term/from/then structure, traffic policers with bandwidth and burst limits, show firewall statistics, IPv4 family filters, and prefix-list/policy-statement routing policy), NAT (source NAT with zone-based rule sets, destination NAT with pool mapping, static 1:1 NAT, and show security nat/flow session), and MPLS (MPLS interface enablement, LDP for label distribution, RSVP-TE for traffic-engineered LSPs, and show mpls lsp/ldp neighbor).

This reference is targeted at network engineers, network operations center (NOC) staff, and network automation engineers who work with Juniper MX, EX, SRX, and QFX series devices. The set-format command examples (using the "set" prefix) reflect the most common way commands are entered in Junos configure mode, and are directly pasteable into a terminal session. The show commands cover the most common verification steps after making configuration changes.

The commit/rollback workflow is central to Junos and is treated carefully in this reference: commit applies changes, rollback N restores a previous configuration from the rollback buffer, and commit confirmed N applies changes with an automatic rollback if not confirmed within N minutes — a safety net for remote session changes. The firewall section emphasizes the term-based filter structure with from (match criteria), then (action), and the policer rate-limiting pattern used for DDoS protection.

Key Features

Junos CLI operational mode vs configure mode entry with prompt examples
commit, commit confirmed with timeout, and rollback N configuration management
Interface configuration: IP address assignment, description, disable, delete, and LAG with LACP
Static routing, OSPF area configuration with passive loopback, and EBGP neighbor setup
Firewall filter (ACL) term structure: from protocol/port, then accept/discard with default deny term
Traffic policer with bandwidth-limit and burst-size-limit for rate limiting and DDoS protection
Source NAT, destination NAT with pool, and static 1:1 NAT for security zone-based translation
MPLS enablement, LDP label distribution, RSVP-TE LSP with bandwidth reservation, and show mpls lsp

Frequently Asked Questions

What is the difference between Junos operational mode and configure mode?

Operational mode (prompt: router>) is used for monitoring and troubleshooting commands like show, ping, and traceroute. Configure mode (prompt: router#) is entered with the configure command and is used for making configuration changes with set and delete commands. Changes in configure mode are staged and not active until you run commit.

What does commit confirmed do in Junos?

commit confirmed N applies the candidate configuration changes but schedules an automatic rollback after N minutes if you do not run another commit before the timer expires. This is a safety mechanism for making changes over a remote session: if the change breaks connectivity and you lose your session, Junos automatically reverts the change.

How does rollback work in Junos?

Junos keeps a history of the last 50 committed configurations in a rollback buffer. rollback 0 shows the current active configuration, rollback 1 is the previous, and so on. After running rollback N, the staged configuration is restored to that version. You must still run commit to activate the rolled-back configuration.

How do Junos firewall filters differ from traditional ACLs?

Junos firewall filters use a term-based structure with three parts: a term name, a from clause (match criteria like protocol, source/destination address, port), and a then clause (action like accept, discard, or reject). Multiple terms are evaluated in order. A filter must be applied to an interface with family inet filter input or output to take effect.

What is a traffic policer and how is it used?

A policer enforces rate limits on traffic matching a firewall filter term. You define bandwidth-limit and burst-size-limit in the policer, then reference it in a firewall filter term's then clause with policer POLICER-NAME. This is commonly used for protecting the routing engine (PROTECT-RE filters) and for per-subscriber rate limiting.

What is the difference between source NAT and destination NAT in Junos?

Source NAT translates the source IP of packets leaving the device, typically used for outbound internet access from a private subnet (overloading to an interface address). Destination NAT translates the destination IP of incoming packets, typically used for port forwarding or mapping a public IP to an internal server. Both require rule-sets associated with security zones.

How do I set up OSPF in Junos?

Enable OSPF with set protocols ospf area AREA-ID interface INTERFACE-NAME. Set a router-ID with set routing-options router-id X.X.X.X. Mark the loopback interface as passive (set protocols ospf area AREA-ID interface lo0.0 passive) to advertise it without forming adjacencies. Use show ospf neighbor and show ospf database to verify.

What is the difference between LDP and RSVP-TE in MPLS?

LDP (Label Distribution Protocol) is a simple, hop-by-hop label distribution protocol that follows the IGP routing table — no explicit path control. RSVP-TE (Resource Reservation Protocol with Traffic Engineering) creates explicit label-switched paths with bandwidth reservations and strict/loose routing constraints. Use LDP for simple MPLS connectivity and RSVP-TE when traffic engineering or bandwidth guarantees are required.