Junos: Quick and Dirty Starter

Note: This is not done, nor is it spell/grammar checked, publishing anyways to give my friend some starting material.

Thanks to the kindness of a former coworker of mine, my buddy daemoneye has been graced with some decommissioned Juniper gear. This is a guide to get him started, if you are not him, but benefit from it, great.

I’ll take this moment to state that the new WordPress UI is awful.

Modes of Operation

Junos has two, well maybe three, modes of operation, command, config, and UNIX shell. If you log in as any non-root user, you will be dropped into command mode. Logging in as root drops you directly into the UNIX shell. To gain access to the configuration mode, you type, configure, or edit, either works. Typing exit from configuration mode will return you to command mode, unless you have navigated down into the config hierarchy with the edit command, more on that in a bit. To enter command mode from a UNIX shell, use the cli command. Here are the basic transitions.

Now is as good a time as any to say that you can run any command mode operation from configuration mode by prefacing it with run.

Configuration Hierarchy

While rummaging around in the configuration, you may get tired of typing the full set statements all the time, you can zero in on a particular section of the config with the edit command. This is very much like using cd to navigate a filesystem. Lets create a VLAN trunk port with a few VLANs assigned to it. First, lets create VLAN 5.

Yai, that was an awful lot to type. Adding an additional VLAN will be nearly as long, we can exclude the first description, but it is still pretty heinous.

Lets shorten that a bit for the third VLAN.

When you know you’ll be issuing multiple commands in the same basic area, you can save yourself a bit of typing with this little feature. To escape back to the top of the hierarchy, simply type exit. If you issued multiple edit commands, you will need to use exit for each one.

Interfaces and Families

Junos, like most routers, separates physical and logical interfaces, that is what all this unit stuff is about. fe-0/0/3 is the physical interface, unit 5 is a logical interface, assigned to vlan 5 in our above example. Unit numbers do not have to match vlan ids, but it will drive you insane if you don’t do so. Unit 0 is the only acceptable unit for a port in L2 mode, and is also the only allowed unit for a port that has no vlan tagging defined.

Underneath units is where you define a family, there are many options, most of which are beyond the scope of this document. The two that matter are inet, and ethernet-switching. Okay fine, for all the IPv6 fanatics, I will also briefly mention inet6. On some platforms, some physical interfaces can support logical interfaces in multiple modes. The MX series can, for example, have logical interfaces on the same port in both L3 and L2 modes, but don’t worry about that for now.

To put a port in Layer 3 mode, define at least one logical unit with family inet, just like our example above. To put a port into L2 mode, set unit 0 to family ethernet-switching and define VLAN membership, and behavior.

Note that in later versions of JunOS, port-mode has been changed to interface-mode.

A single port in access mode for one VLAN isn’t all that useful, you will want to define multiple port members, or possibly add some layer 3 services to a VLAN. To make a JunOS device respond on L3 on a VLAN, you must define a virtual vlan interface (later versions of JunOS have changed this to irb), and associate it with a VLAN.

Now is a good time to point out that that vlan.15 is basically shorthand for vlan unit 15, you can use it in set statements interchangeably, and anything in the config that has to reference a logical interface will use this shorthand.

More To Come

Tired of typing, gonna play Skyrim for a while. Final version will get twittered.