CLI Configuration Mode


To configure the router, including the routing protocols, router interfaces, network management, and user access, you enter a separate mode called configuration mode. Do this by issuing the configure operational mode command. Table 5.7 describes the commands available in configuration mode.

In configuration mode, the prompt is a # . The portion of the prompt in braces, [edit] , is a banner that shows your location in the statement hierarchy. When you first enter configuration mode, you always are at the top level of the hierarchy, which is indicated by the [edit] banner.

Table 5.7. Configuration Mode Commands
Command Description
activate Remove the inactive: tag from a statement, effectively adding the statement or identifier back to the configuration. Statements or identifiers that have been activated take effect when you next issue the commit command.
annotate Add comments to a configuration. You can add comments only at the current hierarchy level.
commit Commit the set of changes to the database and cause the changes to take operational effect.
copy Make a copy of an existing statement in the configuration.
deactivate Add the inactive: tag to a statement, effectively commenting out the statement or identifier from the configuration. Statements or identifiers marked as inactive do not take effect when you issue the commit command.
delete Delete a statement or identifier. All subordinate statements and identifiers contained within the specified statement path are deleted with it.
edit Move inside the specified statement hierarchy. If the statement does not exist, it is created.
exit Exit the current level of the statement hierarchy, returning to the level prior to the last edit command, or exit from configuration mode. The quit and exit commands are synonyms.
help Display help about available configuration statements.
insert Insert an identifier into an existing hierarchy.
load Load a configuration from an ASCII configuration file or from terminal input.
quit Exit the current level of the statement hierarchy, returning to the level prior to the last edit command, or exit from configuration mode. The quit and exit commands are synonyms.
rename Rename an existing configuration statement or identifier.
rollback Return to a previously committed configuration.
run Run a CLI operational mode command without exiting from configuration mode.
save Save the configuration to an ASCII file.
set Create a statement hierarchy and set identifier values. This is similar to edit except that your current level in the hierarchy does not change.
show Display the current configuration.
status Display the users currently editing the configuration.
top Return to the top level of configuration command mode, which is indicated by the [edit] banner.
up Move up one level in the statement hierarchy.

Configuration Statements and Identifiers

You configure all router properties by including statements in the configuration. A statement consists of a keyword, which is fixed text, and, optionally , an identifier. An identifier is an identifying name that you define, such as the name of an interface or a username, and that allows you and the CLI to discriminate among a collection of statements. Table 5.8 shows the statements available at the top level of configuration mode (that is, the trunk of the hierarchy tree).

Table 5.8. Top-Level Configuration Mode Statements
Statement Configures
accounting-options Accounting statistics data collection for interfaces and firewall filters
chassis Properties of the router chassis, including the clock source, conditions that activate alarms, and SONET/SDH framing and concatenation properties
class-of-service Class-of-service parameters
firewall Filters that select packets based on their contents.
forwarding-options Forwarding options, including traffic sampling options
groups Configuration groups
interfaces Interface information, such as encapsulation, interfaces, virtual channel identifiers (VCIs), and data link channel identifiers (DLCIs)
policy-options Routing policies, which allow you to filter and set properties in incoming and outgoing routes
protocols Routing protocols, including BGP, IS-IS, OSPF, RIP, MPLS, LDP, and RSVP
routing-instances Multiple routing instances
routing-options Protocol-independent routing options, such as static routes, autonomous system numbers , confederation members , and global tracing (debugging) operations to log
snmp SNMP community strings, interfaces, traps, and notifications
system Systemwide properties, including the host name, domain name, DNS server, user logins and permissions, mappings between host names and addresses, and software processes

How the Configuration Is Stored

When you edit a configuration, you work in a copy of the current configuration to create a candidate configuration. The changes you make to the candidate configuration are visible in the CLI immediately, so if multiple users are editing the configuration at the same time, all users can see all changes.

To have a candidate configuration take effect, you commit the changes. At this point, the candidate file is checked for proper syntax, activated, and marked as the current, operational software configuration file. If multiple users are editing the configuration, when you commit the candidate configuration, all changes made by all the users take effect.

In addition to saving the current configuration, the CLI saves the current operational version and the previous nine versions of committed configurations. The currently operational JUNOS software configuration is stored in the file juniper.conf , and the last three committed configurations are stored in the files juniper.conf.1 , juniper.conf.2 , and juniper.conf.3 . These four files are located in the directory /config , which is on the router's flash drive. The remaining six previous versions of committed configurations are stored in the directory /var/db/config on the hard disk.

Figure 5.2 illustrates the various router configuration states and the configuration mode commands you use to load, commit, copy, save, or roll back the configuration.

Figure 5.2. Commands for Storing and Modifying the Router Configuration

graphics/05fig02.gif

How the CLI Performs Type-Checking

The CLI expects to receive specific types of input and performs type-checking to verify that the data you entered is in the correct format. For example, for a statement in which you must specify an IP address, the CLI checks that you entered an address in a valid format. If you have not, an error message indicates what you were expected to type. Table 5.9 lists the data types the CLI checks.

Table 5.9. CLI Configuration Input Types
Data Type Format Examples
Physical interface name (used in the [edit interfaces] hierarchy) type-fpc/pic/port

Correct: so-0/0/1

Incorrect: so-0

Full interface name type-fpc/pic/port<:channel>.logical

Correct: so-0/0/1.0

Incorrect: so-0/0/1

Full or abbreviated interface name (used in places other than the [edit interfaces] hierarchy) type-<fpc</pic/port>><<:channel>.logical > Correct: so, so-1, so-1/2/3:4.5
IP address 0x hex-bytesoctet <. octet <. octet .< octet >>>

Correct: 1.2.3.4 , 0x01020304 , 128.8.1 , 128.8

Sample translations: 1.2.3 becomes 1.2.3.00x01020304 becomes 1.2.3.40x010203 becomes 0.1.2.3

IP address (destination prefix) and prefix length 0x hex-bytes < /length > octet <. octet <. octet .< octet >>>< /length >

Correct: 10/8, 128.8/16, 1.2.3.4/32, 1.2.3.4

Sample translations: 1.2.3 becomes 1.2.3.0/320x01020304 becomes 1.2.3.4/320x010203 becomes 0.1.2.3/32default becomes 0.0.0.0/0

ISO address hex-nibble < hex-nibble ...>

Correct: 47.1234.2345.3456.00, 47123423453456.00, 47.12.34.23.45.34.56.00

Sample translations: 47123456 becomes 47.1234.5647.12.34.56 becomes 47.1234.564712.3456 becomes 47.1234.56

OSPF area identifier (ID) 0x hex-bytesoctet <. octet <. octet .< octet >>>d ecimal-number

Correct: 54, 0.0.0.54, 0x01020304, 1.2.3.4

Sample translations: 54 becomes 0.0.0.54257 becomes 0.0.1.1128.8 becomes 128.8.0.00x010203 becomes 0.1.2.3

Entering and Exiting Configuration Mode

If many users enter configuration mode at the same time, everyone can make configuration changes and commit all changes. If one user enters configuration mode when another user is also in configuration mode, a message indicates who the user is and what portion of the configuration he or she is viewing or editing:

 user@host>  configure  Entering configuration mode Current configuration users:   root terminal p3 (pid 1088) on since 1999-05-13 01:03:27 EDT     [edit interfaces so-3/0/0 unit 0 family inet] The configuration has been changed but not committed 

If, when you enter configuration mode, the configuration contains changes that have not been committed, a message appears:

 user@host>  configure  Entering configuration mode The configuration has been changed but not committed 

If, while in configuration mode, you try to make a change while the configuration is locked by another user, a message indicates that the configuration database is locked, who the user is, and what portion of the configuration the user is viewing or editing:

 user@host#  set system host-name ipswitch  error: configuration database locked by:   user2 terminal d0 (pid 1828) on since 19:47:58 EDT, idle 00:02:11     exclusive [edit protocols] 

If you enter configuration mode with the configure exclusive command, you lock the candidate configuration for as long as you remain in configuration mode, allowing you to make changes without interference from other users. If another user is also in configuration mode, and has the configuration locked, a message indicates who the user is and what portion of the configuration the user is viewing or editing:

 user@host>  configure exclusive  Entering configuration mode Users currently editing the configuration:   root terminal p3 (pid 1088) on since 2000-10-30 19:47:58 EDT, idle 00:00:44   exclusive [edit interfaces so-3/0/0 unit 0 family inet] 

To exit configuration mode, use the exit configuration-mode configuration mode command from any level or use the exit command from the top level. If you try to exit from configuration mode using the exit command and the configuration contains changes that have not been committed, you see a message and prompt:

 [edit]  user@host#  exit  The configuration has been changed but not committed Exit with uncommitted changes? [yes,no] (yes)  <Enter>  Exiting configuration mode user@host> 

To exit with uncommitted changes without having to respond to a prompt, use the exit configuration-mode command.

Moving among Levels of the Hierarchy

To move down through an existing configuration command hierarchy, or to create a hierarchy and move down to that level, use the edit configuration mode command, specifying the hierarchy level at which you want to be. To move up the hierarchy, use the exit configuration mode command. This command is, in effect, the opposite of the edit command.

To move up the hierarchy one level at a time, use the up configuration mode command.

To move directly to the top level, use the top configuration mode command.

Displaying the Current Configuration

To display the configuration at the current hierarchy level or at the specified level, use the show configuration mode command.

 user@host> show <s  tatement-path  > 

The configuration statements appear in a fixed order. The CLI indents each level in the hierarchy to indicate each statement's relative position in the hierarchy and generally sets off each level with braces, using an open brace at the beginning of each hierarchy level and a closing brace at the end. If the statement at a hierarchy level is empty, the braces are not printed. Each leaf statement ends with a semicolon. If the hierarchy does not extend as far as a leaf statement, the last statement in the hierarchy ends with a semicolon. Interfaces appear alphabetically by type, and then in numerical order by slot number, PIC number, and port number.

You also can use the CLI operational mode show configuration command to display the last committed current configuration, which is the configuration currently running on the router:

 user@host>  show configuration  

To display the users currently editing the configuration, use the status configuration mode command:

 user@host#  status  Current configuration users:   user terminal p0 (pid 518) on since 2002-03-12 18:24:27 PST       [edit protocols] 

The system displays who is editing the configuration ( user ), how the user is logged in ( terminal p0 ), the date and time the user logged in ( 2002-03-12 18:24:27 PST ), and what level of the hierarchy the user is editing ( [edit protocols] ).

Creating and Modifying the Configuration

To configure the router or to modify an existing router configuration, you add statements to the configuration. For each statement hierarchy, you create the hierarchy starting with a statement at the top level and continuing with statements that move progressively lower in the hierarchy.

To create the hierarchy, you use two configuration mode commands:

  • set ” Creates a statement hierarchy and sets identifier values. After you issue a set command, you remain at the same level in the hierarchy. The set command has the following syntax:

     set <  statement-path  >  statement  <  identifier  > 

    statement-path is the hierarchy to the configuration statement and the statement itself. If you have already moved to the statement's hierarchy level, you omit this. statement is the configuration statement itself. identifier is a string that identifies an instance of a statement.

  • edit ” Moves to a particular hierarchy level. If that hierarchy level does not exist, the edit command creates it and then moves to it. The edit command has the following syntax:

     edit <  statement-path  >  statement  <  identifier  > 
Removing a Statement

To delete a statement or identifier, use the delete configuration mode command. Deleting a statement or an identifier effectively "unconfigures" the functionality associated with that statement or identifier, returning that functionality to its default condition. When you delete a statement, the statement and all its subordinate statements and identifiers are removed from the configuration.

 delete <  statement-path  > <  identifier  > 

To delete the entire hierarchy starting at the current hierarchy level, do not specify a statement or an identifier in the delete command:

 [edit]  user@host#  delete  Delete everything under this level? [yes, no] (no)  ?  Possible completions:     no    Don't delete everything under this level     yes   Delete everything under this level Delete everything under this level? [yes, no] (no) 
Copying a Statement

To make a copy of an existing statement in the configuration, use the copy configuration mode command. Copying a statement duplicates that statement and the entire hierarchy of statements configured under that statement.

 copy  existing-statement  to  new-statement  
Renaming an Identifier

You can rename an identifier in the configuration either by deleting the identifier (using the delete command) and then adding the renamed identifier (using the set and edit commands) or by using the rename configuration mode command:

 rename <  statement-path  >  identifier1  to  identifier2  
Inserting a New Identifier

When configuring the router, you can enter most statements and identifiers in any order. However, there are a few cases where the statement order matters because the configuration statements create a sequence that is analyzed in order. For example, in a routing policy or firewall filter, you define terms that are analyzed sequentially. Also, when you create a named path in dynamic Multiprotocol Label Switching (MPLS), you define an ordered list of the transit routers in the path, starting with the first transit router and ending with the last.

To modify a portion of the configuration in which the statement order matters, use the insert configuration mode command:

 insert <  statement-path  >  identifier1  (before  after)  identifier2  

If you do not use the insert command, but instead simply configure the identifier, it is placed at the end of the list of similar identifiers.

Deactivating and Reactivating Statements and Identifiers

In a configuration, you can deactivate statements and identifiers so that they do not take effect when you issue the commit command. Any deactivated statements and identifiers are marked with the inactive: tag. They remain in the configuration, but are not activated when you issue a commit command.

To deactivate a statement or identifier, use the deactivate configuration mode command:

 deactivate (  statement   identifier  ) 

To reactivate a statement or identifier, use the activate configuration mode command:

 activate (  statement   identifier  ) 

In some portions of the configuration hierarchy, you can include a disable statement to disable functionality. One example is disabling an interface by including the disable statement at the [edit interface interface-name ] hierarchy level. When you deactivate a statement, that specific object or property is completely ignored and is not applied at all when you issue a commit command. When you disable a functionality, it is activated when you issue a commit command but is treated as though it is down or administratively disabled.

Running Operational Mode CLI Commands from Configuration Mode

To display the output of an operational mode show or other command while configuring the software, you can execute a single operational mode command by issuing the run configuration mode command and specifying the operational mode command:

 [edit]  user@host#  run   operational-mode-command  

Displaying Configuration Mode Command History

To display a list of the recent commands you issued while in configuration mode, use the run show cli history command. By default, this command displays the last 100 commands issued in the CLI.

 user@host#  run show cli history  12:40:08 -- show   12:40:17 -- edit protocols   12:40:27 -- set isis   12:40:29 -- edit isis   12:40:40 -- run show cli history 

Verifying and Committing a Configuration

To verify that the syntax of a configuration is correct, use the commit check configuration mode command:

 user@host#  commit check  configuration check succeeds 

If there are any errors, a message indicates the location.

To save software configuration changes to the configuration database and activate the configuration on the router, use the commit configuration mode command:

 user@host#  commit  commit complete 

You can issue the commit command from any hierarchy level.

The configuration is checked for syntax errors. If the syntax is correct, the configuration is activated and becomes the current, operational router configuration. If the configuration contains syntax errors, a message indicates the location of the error and the configuration is not activated. You must correct the error before recommitting the configuration.

To save software configuration changes, activate the configuration on the router, and exit configuration mode, use the commit and-quit configuration mode command. This command succeeds only if the configuration contains no errors.

 [edit]  user@host#  commit and-quit  commit complete exiting configuration mode user@host> 

To commit the current candidate configuration but require an explicit confirmation for the commit to become permanent, use the commit confirmed configuration mode command. This is useful for verifying that a configuration change works correctly and does not prevent management access to the router.

 user@host#  commit confirmed  commit complete 

To keep the new configuration active, enter a commit or commit check command within 10 minutes of the commit confirmed command. If the commit is not confirmed, the JUNOS software automatically rolls back to the previous configuration.

Like the commit command, the commit confirmed command verifies the configuration syntax and reports any errors. If there are no errors, the configuration is activated and begins running on the router. Figure 5.3 illustrates how the commit confirmed command works.

Figure 5.3. Confirm a Configuration

graphics/05fig03.gif

To change the amount of time before you have to confirm the new configuration, specify the number of minutes when you issue the commit command:

 [edit]  user@host#  commit confirmed minutes  commit complete 

Saving a Configuration to a File

To save the configuration to a text (ASCII) file so that you can edit it with a text editor of your choice, use the save configuration mode command. By default, the configuration is saved to that file in your home directory, which is on the flash disk.

 [edit]  user@host#  save filename  

Loading a Configuration

To create a file containing the router configuration, copy it to the local router, and then load it into the CLI. After you have loaded the file, you can commit it to activate the configuration on the router, or you can edit the configuration interactively using the CLI and commit it at a later time.

You can also create a configuration while typing at the terminal and then load it. Loading a configuration from the terminal is generally useful when you are cutting existing portions of the configuration and pasting them elsewhere in the configuration.

To load an existing configuration file that is located on the router, use the following version of the load configuration mode command:

 [edit]  user@host#  load  (  replace   merge   override  )  filename  

To load a configuration from the terminal, use the following version of the load configuration mode command:

 [edit]  user@host#  load  (  replace   merge   override  )  terminal  [Type ^D to end input] 

To replace an entire configuration, specify the override option. An override operation discards the current candidate configuration and loads the configuration in filename or the one that you type at the terminal.

To combine the current configuration and the configuration in filename or the one that you type at the terminal, specify the merge option. If the existing configuration and the incoming configuration contain conflicting statements, the statements in the incoming configuration override those in the existing configuration.

To replace portions of a configuration, specify the replace option. For this operation to work, you must include replace: tags in the file or configuration you type at the terminal. The software searches for the replace: tags, deletes the existing statements of the same name, if any, and replaces them with the incoming configuration. If there is no existing statement of the same name, the replace operation adds to the configuration the statements marked with the replace: tag.

If, in an override or merge operation, you specify a file or type text that contains replace: tags, the replace: tags are ignored, and the override or merge operation is performed.

To copy a configuration file from another network system to the local router, you can use the ssh and telnet commands.

If you are performing a replace operation and the file you specify or text you type does not contain any replace: tags, the replace operation is effectively equivalent to a merge operation. This might be useful if you are running automated scripts and cannot know in advance whether the scripts need to perform a replace or a merge operation. The scripts can use the replace operation to cover either case.

Figures 5.4, 5.5 and 5.6 compare the effect of the load override , load replace , and load merge commands.

Figure 5.4. Load a Configuration from a File Using Load Override

graphics/05fig04.gif

Figure 5.5. Load a Configuration from a File Using Load Replace

graphics/05fig05.gif

Figure 5.6. Load a Configuration from a File Using Load Merge

graphics/05fig06.gif

Returning to a Previously Committed Configuration

To return to the most recently committed configuration and load it into configuration mode without activating it, use the rollback configuration mode command:

 [edit]  user@host#  rollback  load complete 

To activate the configuration that you loaded, use the commit command:

 [edit]  user@host#  rollback  load complete [edit] user@host#  commit  

To return to a configuration prior to the most recently committed one, include the number in the rollback command. number can be a number in the range 0 through 9. The most recently saved configuration is number 0 (which is the default configuration to which the system returns), and the oldest saved configuration is number 9.

 [edit]  user@host#  rollback number  load complete 

For more information about configuration versions, see "Configuration Statements and Identifiers" on page 155.

To display previous configurations, including rollback number, date, time, the name of the user who committed changes, and the method of commit, use the rollback ? command.

 [edit]  user@host#  rollback ?  Possible completions: <[Enter]> Execute this command <number> Numeric argument 0 2001-02-27 12:52:10 PST by abc via cli 1 2001-02-26 14:47:42 PST by cde via cli 2 2001-02-14 21:55:45 PST by fgh via cli 3 2001-02-10 16:11:30 PST by hij via cli 4 2001-02-10 16:02:35 PST by klm via cli   Pipe through a command [edit] 

Getting Help

In configuration mode, you can use the help command to display help based on a text string contained in a statement name. This command displays help for statements at the current hierarchy level and below.

 help  string  

You can also display help based on a text string contained in a statement name using the help topic and help reference commands. The help topic command displays usage guidelines for the statement, whereas the help reference command displays summary information about the statement.

 help topic  string  help reference  string  

If you do not type an option for a statement that requires one, a message indicates the type of information expected. In this example, you need to type an area number to complete the command:

 [edit]  user@host#  set protocols ospf area<Enter>  syntax error, expecting <identifier>. 

In this example, you need to type a value for the hello interval to complete the command:

 [edit]  user@host#  set protocols ospf area 45 interface so-0/0/0   hello-interval<Enter>  syntax error, expecting <data> 

If you have omitted a required statement at a particular hierarchy level, when you attempt to move from that hierarchy level or when you issue the show command in configuration mode, a message indicates which statement is missing. For example:

 [edit protocols pim interface so-0/0/0]  user@host#  top  Warning: missing mandatory statement: 'mode' [edit] user@host#  show  protocols {   pim {     interface so-0/0/0 {       priority 4;       version 2;       # Warning: missing mandatory statement(s): 'mode'     }   } } 

Adding Comments in a Configuration

You can include comments in a configuration to describe any statement in the configuration. You can add comments interactively in the configuration mode and by editing the text configuration file. When you add comments in configuration mode, they are associated with a statement at the current level. Each statement can have one single-line comment associated with it. Before you can associate a comment with a statement, the statement must exist. The comment is placed on the line preceding the statement.

To add comments to a configuration, use the annotate configuration mode command:

 annotate  statement  "  comment-string  " 

statement is the configuration statement to which you are attaching the comment; it must be at the current hierarchy level. comment-string is the text of the comment. The comment text can be any length, and you must type it on a single line. If the comment contains spaces, you must enclose it in quotation marks.

To delete an existing comment, specify an empty comment string:

 annotate  statement  "" 

When you edit the text configuration file to add comments, they can be one or more lines and must precede the statement they are associated with. You can format the comments in the following ways:

  • Start the comment with a /* and end it with a */ . The comment text can be on a single line or can span multiple lines.

  • Start the comment with a # and end it with a new line ( carriage return).

If you add comments with the annotate command, you can view them within the configuration by using the show configuration mode command or the show configuration operational mode command.



Juniper Networks Field Guide and Reference
Juniper Networks Field Guide and Reference
ISBN: 0321122445
EAN: 2147483647
Year: 2002
Pages: 185

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net