To configure the router, including the routing protocols, router interfaces, network management, and user access, you enter a separate mode called configuration mode. Do this by issuing the configure operational mode command. Table 5.7 describes the commands available in configuration mode. In configuration mode, the prompt is a # . The portion of the prompt in braces, [edit] , is a banner that shows your location in the statement hierarchy. When you first enter configuration mode, you always are at the top level of the hierarchy, which is indicated by the [edit] banner. Table 5.7. Configuration Mode Commands
Configuration Statements and IdentifiersYou configure all router properties by including statements in the configuration. A statement consists of a keyword, which is fixed text, and, optionally , an identifier. An identifier is an identifying name that you define, such as the name of an interface or a username, and that allows you and the CLI to discriminate among a collection of statements. Table 5.8 shows the statements available at the top level of configuration mode (that is, the trunk of the hierarchy tree). Table 5.8. Top-Level Configuration Mode Statements
How the Configuration Is StoredWhen you edit a configuration, you work in a copy of the current configuration to create a candidate configuration. The changes you make to the candidate configuration are visible in the CLI immediately, so if multiple users are editing the configuration at the same time, all users can see all changes. To have a candidate configuration take effect, you commit the changes. At this point, the candidate file is checked for proper syntax, activated, and marked as the current, operational software configuration file. If multiple users are editing the configuration, when you commit the candidate configuration, all changes made by all the users take effect. In addition to saving the current configuration, the CLI saves the current operational version and the previous nine versions of committed configurations. The currently operational JUNOS software configuration is stored in the file juniper.conf , and the last three committed configurations are stored in the files juniper.conf.1 , juniper.conf.2 , and juniper.conf.3 . These four files are located in the directory /config , which is on the router's flash drive. The remaining six previous versions of committed configurations are stored in the directory /var/db/config on the hard disk. Figure 5.2 illustrates the various router configuration states and the configuration mode commands you use to load, commit, copy, save, or roll back the configuration. Figure 5.2. Commands for Storing and Modifying the Router Configuration
How the CLI Performs Type-CheckingThe CLI expects to receive specific types of input and performs type-checking to verify that the data you entered is in the correct format. For example, for a statement in which you must specify an IP address, the CLI checks that you entered an address in a valid format. If you have not, an error message indicates what you were expected to type. Table 5.9 lists the data types the CLI checks. Table 5.9. CLI Configuration Input Types
Entering and Exiting Configuration ModeIf many users enter configuration mode at the same time, everyone can make configuration changes and commit all changes. If one user enters configuration mode when another user is also in configuration mode, a message indicates who the user is and what portion of the configuration he or she is viewing or editing: user@host> configure Entering configuration mode Current configuration users: root terminal p3 (pid 1088) on since 1999-05-13 01:03:27 EDT [edit interfaces so-3/0/0 unit 0 family inet] The configuration has been changed but not committed If, when you enter configuration mode, the configuration contains changes that have not been committed, a message appears: user@host> configure Entering configuration mode The configuration has been changed but not committed If, while in configuration mode, you try to make a change while the configuration is locked by another user, a message indicates that the configuration database is locked, who the user is, and what portion of the configuration the user is viewing or editing: user@host# set system host-name ipswitch error: configuration database locked by: user2 terminal d0 (pid 1828) on since 19:47:58 EDT, idle 00:02:11 exclusive [edit protocols] If you enter configuration mode with the configure exclusive command, you lock the candidate configuration for as long as you remain in configuration mode, allowing you to make changes without interference from other users. If another user is also in configuration mode, and has the configuration locked, a message indicates who the user is and what portion of the configuration the user is viewing or editing: user@host> configure exclusive Entering configuration mode Users currently editing the configuration: root terminal p3 (pid 1088) on since 2000-10-30 19:47:58 EDT, idle 00:00:44 exclusive [edit interfaces so-3/0/0 unit 0 family inet] To exit configuration mode, use the exit configuration-mode configuration mode command from any level or use the exit command from the top level. If you try to exit from configuration mode using the exit command and the configuration contains changes that have not been committed, you see a message and prompt: [edit] user@host# exit The configuration has been changed but not committed Exit with uncommitted changes? [yes,no] (yes) <Enter> Exiting configuration mode user@host> To exit with uncommitted changes without having to respond to a prompt, use the exit configuration-mode command. Moving among Levels of the HierarchyTo move down through an existing configuration command hierarchy, or to create a hierarchy and move down to that level, use the edit configuration mode command, specifying the hierarchy level at which you want to be. To move up the hierarchy, use the exit configuration mode command. This command is, in effect, the opposite of the edit command. To move up the hierarchy one level at a time, use the up configuration mode command. To move directly to the top level, use the top configuration mode command. Displaying the Current ConfigurationTo display the configuration at the current hierarchy level or at the specified level, use the show configuration mode command. user@host> show <s tatement-path > The configuration statements appear in a fixed order. The CLI indents each level in the hierarchy to indicate each statement's relative position in the hierarchy and generally sets off each level with braces, using an open brace at the beginning of each hierarchy level and a closing brace at the end. If the statement at a hierarchy level is empty, the braces are not printed. Each leaf statement ends with a semicolon. If the hierarchy does not extend as far as a leaf statement, the last statement in the hierarchy ends with a semicolon. Interfaces appear alphabetically by type, and then in numerical order by slot number, PIC number, and port number. You also can use the CLI operational mode show configuration command to display the last committed current configuration, which is the configuration currently running on the router: user@host> show configuration To display the users currently editing the configuration, use the status configuration mode command: user@host# status Current configuration users: user terminal p0 (pid 518) on since 2002-03-12 18:24:27 PST [edit protocols] The system displays who is editing the configuration ( user ), how the user is logged in ( terminal p0 ), the date and time the user logged in ( 2002-03-12 18:24:27 PST ), and what level of the hierarchy the user is editing ( [edit protocols] ). Creating and Modifying the ConfigurationTo configure the router or to modify an existing router configuration, you add statements to the configuration. For each statement hierarchy, you create the hierarchy starting with a statement at the top level and continuing with statements that move progressively lower in the hierarchy. To create the hierarchy, you use two configuration mode commands:
Removing a StatementTo delete a statement or identifier, use the delete configuration mode command. Deleting a statement or an identifier effectively "unconfigures" the functionality associated with that statement or identifier, returning that functionality to its default condition. When you delete a statement, the statement and all its subordinate statements and identifiers are removed from the configuration. delete < statement-path > < identifier > To delete the entire hierarchy starting at the current hierarchy level, do not specify a statement or an identifier in the delete command: [edit] user@host# delete Delete everything under this level? [yes, no] (no) ? Possible completions: no Don't delete everything under this level yes Delete everything under this level Delete everything under this level? [yes, no] (no) Copying a StatementTo make a copy of an existing statement in the configuration, use the copy configuration mode command. Copying a statement duplicates that statement and the entire hierarchy of statements configured under that statement. copy existing-statement to new-statement Renaming an IdentifierYou can rename an identifier in the configuration either by deleting the identifier (using the delete command) and then adding the renamed identifier (using the set and edit commands) or by using the rename configuration mode command: rename < statement-path > identifier1 to identifier2 Inserting a New IdentifierWhen configuring the router, you can enter most statements and identifiers in any order. However, there are a few cases where the statement order matters because the configuration statements create a sequence that is analyzed in order. For example, in a routing policy or firewall filter, you define terms that are analyzed sequentially. Also, when you create a named path in dynamic Multiprotocol Label Switching (MPLS), you define an ordered list of the transit routers in the path, starting with the first transit router and ending with the last. To modify a portion of the configuration in which the statement order matters, use the insert configuration mode command: insert < statement-path > identifier1 (before after) identifier2 If you do not use the insert command, but instead simply configure the identifier, it is placed at the end of the list of similar identifiers. Deactivating and Reactivating Statements and IdentifiersIn a configuration, you can deactivate statements and identifiers so that they do not take effect when you issue the commit command. Any deactivated statements and identifiers are marked with the inactive: tag. They remain in the configuration, but are not activated when you issue a commit command. To deactivate a statement or identifier, use the deactivate configuration mode command: deactivate ( statement identifier ) To reactivate a statement or identifier, use the activate configuration mode command: activate ( statement identifier ) In some portions of the configuration hierarchy, you can include a disable statement to disable functionality. One example is disabling an interface by including the disable statement at the [edit interface interface-name ] hierarchy level. When you deactivate a statement, that specific object or property is completely ignored and is not applied at all when you issue a commit command. When you disable a functionality, it is activated when you issue a commit command but is treated as though it is down or administratively disabled. Running Operational Mode CLI Commands from Configuration ModeTo display the output of an operational mode show or other command while configuring the software, you can execute a single operational mode command by issuing the run configuration mode command and specifying the operational mode command: [edit] user@host# run operational-mode-command Displaying Configuration Mode Command HistoryTo display a list of the recent commands you issued while in configuration mode, use the run show cli history command. By default, this command displays the last 100 commands issued in the CLI. user@host# run show cli history 12:40:08 -- show 12:40:17 -- edit protocols 12:40:27 -- set isis 12:40:29 -- edit isis 12:40:40 -- run show cli history Verifying and Committing a ConfigurationTo verify that the syntax of a configuration is correct, use the commit check configuration mode command: user@host# commit check configuration check succeeds If there are any errors, a message indicates the location. To save software configuration changes to the configuration database and activate the configuration on the router, use the commit configuration mode command: user@host# commit commit complete
The configuration is checked for syntax errors. If the syntax is correct, the configuration is activated and becomes the current, operational router configuration. If the configuration contains syntax errors, a message indicates the location of the error and the configuration is not activated. You must correct the error before recommitting the configuration. To save software configuration changes, activate the configuration on the router, and exit configuration mode, use the commit and-quit configuration mode command. This command succeeds only if the configuration contains no errors. [edit] user@host# commit and-quit commit complete exiting configuration mode user@host> To commit the current candidate configuration but require an explicit confirmation for the commit to become permanent, use the commit confirmed configuration mode command. This is useful for verifying that a configuration change works correctly and does not prevent management access to the router. user@host# commit confirmed commit complete To keep the new configuration active, enter a commit or commit check command within 10 minutes of the commit confirmed command. If the commit is not confirmed, the JUNOS software automatically rolls back to the previous configuration. Like the commit command, the commit confirmed command verifies the configuration syntax and reports any errors. If there are no errors, the configuration is activated and begins running on the router. Figure 5.3 illustrates how the commit confirmed command works. Figure 5.3. Confirm a Configuration
To change the amount of time before you have to confirm the new configuration, specify the number of minutes when you issue the commit command: [edit] user@host# commit confirmed minutes commit complete Saving a Configuration to a FileTo save the configuration to a text (ASCII) file so that you can edit it with a text editor of your choice, use the save configuration mode command. By default, the configuration is saved to that file in your home directory, which is on the flash disk. [edit] user@host# save filename Loading a ConfigurationTo create a file containing the router configuration, copy it to the local router, and then load it into the CLI. After you have loaded the file, you can commit it to activate the configuration on the router, or you can edit the configuration interactively using the CLI and commit it at a later time. You can also create a configuration while typing at the terminal and then load it. Loading a configuration from the terminal is generally useful when you are cutting existing portions of the configuration and pasting them elsewhere in the configuration. To load an existing configuration file that is located on the router, use the following version of the load configuration mode command: [edit] user@host# load ( replace merge override ) filename To load a configuration from the terminal, use the following version of the load configuration mode command: [edit] user@host# load ( replace merge override ) terminal [Type ^D to end input] To replace an entire configuration, specify the override option. An override operation discards the current candidate configuration and loads the configuration in filename or the one that you type at the terminal. To combine the current configuration and the configuration in filename or the one that you type at the terminal, specify the merge option. If the existing configuration and the incoming configuration contain conflicting statements, the statements in the incoming configuration override those in the existing configuration. To replace portions of a configuration, specify the replace option. For this operation to work, you must include replace: tags in the file or configuration you type at the terminal. The software searches for the replace: tags, deletes the existing statements of the same name, if any, and replaces them with the incoming configuration. If there is no existing statement of the same name, the replace operation adds to the configuration the statements marked with the replace: tag. If, in an override or merge operation, you specify a file or type text that contains replace: tags, the replace: tags are ignored, and the override or merge operation is performed.
If you are performing a replace operation and the file you specify or text you type does not contain any replace: tags, the replace operation is effectively equivalent to a merge operation. This might be useful if you are running automated scripts and cannot know in advance whether the scripts need to perform a replace or a merge operation. The scripts can use the replace operation to cover either case. Figures 5.4, 5.5 and 5.6 compare the effect of the load override , load replace , and load merge commands. Figure 5.4. Load a Configuration from a File Using Load Override
Figure 5.5. Load a Configuration from a File Using Load Replace
Figure 5.6. Load a Configuration from a File Using Load Merge
Returning to a Previously Committed ConfigurationTo return to the most recently committed configuration and load it into configuration mode without activating it, use the rollback configuration mode command: [edit] user@host# rollback load complete To activate the configuration that you loaded, use the commit command: [edit] user@host# rollback load complete [edit] user@host# commit To return to a configuration prior to the most recently committed one, include the number in the rollback command. number can be a number in the range 0 through 9. The most recently saved configuration is number 0 (which is the default configuration to which the system returns), and the oldest saved configuration is number 9. [edit] user@host# rollback number load complete
To display previous configurations, including rollback number, date, time, the name of the user who committed changes, and the method of commit, use the rollback ? command. [edit] user@host# rollback ? Possible completions: <[Enter]> Execute this command <number> Numeric argument 0 2001-02-27 12:52:10 PST by abc via cli 1 2001-02-26 14:47:42 PST by cde via cli 2 2001-02-14 21:55:45 PST by fgh via cli 3 2001-02-10 16:11:30 PST by hij via cli 4 2001-02-10 16:02:35 PST by klm via cli Pipe through a command [edit] Getting HelpIn configuration mode, you can use the help command to display help based on a text string contained in a statement name. This command displays help for statements at the current hierarchy level and below. help string You can also display help based on a text string contained in a statement name using the help topic and help reference commands. The help topic command displays usage guidelines for the statement, whereas the help reference command displays summary information about the statement. help topic string help reference string If you do not type an option for a statement that requires one, a message indicates the type of information expected. In this example, you need to type an area number to complete the command: [edit] user@host# set protocols ospf area<Enter> syntax error, expecting <identifier>. In this example, you need to type a value for the hello interval to complete the command: [edit] user@host# set protocols ospf area 45 interface so-0/0/0 hello-interval<Enter> syntax error, expecting <data> If you have omitted a required statement at a particular hierarchy level, when you attempt to move from that hierarchy level or when you issue the show command in configuration mode, a message indicates which statement is missing. For example: [edit protocols pim interface so-0/0/0] user@host# top Warning: missing mandatory statement: 'mode' [edit] user@host# show protocols { pim { interface so-0/0/0 { priority 4; version 2; # Warning: missing mandatory statement(s): 'mode' } } } Adding Comments in a ConfigurationYou can include comments in a configuration to describe any statement in the configuration. You can add comments interactively in the configuration mode and by editing the text configuration file. When you add comments in configuration mode, they are associated with a statement at the current level. Each statement can have one single-line comment associated with it. Before you can associate a comment with a statement, the statement must exist. The comment is placed on the line preceding the statement. To add comments to a configuration, use the annotate configuration mode command: annotate statement " comment-string " statement is the configuration statement to which you are attaching the comment; it must be at the current hierarchy level. comment-string is the text of the comment. The comment text can be any length, and you must type it on a single line. If the comment contains spaces, you must enclose it in quotation marks. To delete an existing comment, specify an empty comment string: annotate statement "" When you edit the text configuration file to add comments, they can be one or more lines and must precede the statement they are associated with. You can format the comments in the following ways:
If you add comments with the annotate command, you can view them within the configuration by using the show configuration mode command or the show configuration operational mode command. |