35. Junos Configuration Files
Let’s talk about Junos configuration files. So in this video, we’ll talk about some of the file operations that we can perform, or in other words, we’ll look at some of the file commands that are available on a Junos device. So on a Junos device, we can use the command, save and then provide a file name to save the configuration. The files are saved to the/v r/home/user name directory. And we’ve spoken about this command earlier.
We can use the command show pipe, compare to compare the candidate configuration with a configuration file. So we could do show pipe compare and we could provide a file name. And this command is performed from the configuration mode. So you would be essentially comparing the candidate configuration with a configuration file. If we wanted to compare the active configuration with a configuration file, we can use the operational mode, command show configuration pipe, compare file name and that would compare the active configuration with a specific file.
It is also possible to compare two files against each other, and that command is file. Compare files. Those are the three keywords file, compare files. And then you would provide file name one and file name to. Let’s try these commands from the terminal. All right, I’m here at the Junos terminal. I’ll first enter the operational mode with the CLI command and then enter the configuration mode with the edit command. Now, we know that right now we are editing the candidate configuration, right? Because when we enter the configuration mode, Junos creates a copy of the active configuration, which is known as the candidate configuration. Now, let’s say we make some changes and then we want to compare the candidate configuration against a file. We could do show pipe compare.
Now, if we just did this much show pipe compare, we would be comparing the candidate configuration against the active configuration. But let’s say we want to compare the candidate configuration against a file name. In that case, we can do short pipe compared question mark and then provide a file name. Now, since I’m the root user, I can also see files that belong to other users. So if I wanted to compare against a file that’s stored under this user’s directory, I could do that as well. But if I tried the same command as a non router user, I would only see my files. So let’s give that a try. I’m here on this window where I’m logged in as a non-root user and I’ll enter the configuration mode and try the command show pipe compare. Question mark and you’ll notice that now I can only see my files. So this is comparing the candidate configuration with a specific file. If we wanted to compare the active configuration, we would have to perform this command from the operational mode.
So that would be show configuration and then pipe it and say compare with a file name. So depending on where you’re trying the command from, either the operational mode or the configuration mode, you would be comparing the active or the candidate configuration with a specific file. I’ll navigate back to this window here. Here is this command. Go back to the operational mode and then go back to the Shell Board from the Shell Board. You can try all of the file system commands that you would normally try on a UNIX device.
So, for example, if I wanted to see the directory that I’m accessing, I could Dupee WD, which is the present working directory. And I can see that directly that I’m viewing right now. We could also try commands like less. Right. And we could also navigate into a specific users directory using the C D command. So now, if I did P WD, you can see that I, I a specific users directory. So from the Shell vote, you can try all of these file system commands. Now let’s go back to the operational mode using this year like men. And let’s take a look at some of the file operations that we can perform. So the keyword is file. And let’s start with a question mark. And there is quite a few operations that we can perform.
We’re not going to look at each one of them, but we’ll focus on the most important ones. This one here is very important. Compare, file, compare question mark. And the keyword is files. And now we can compare any two files. So let’s do file compare files, config 0 one, and let’s compare this to config 0 to. So essentially, this command is going to compare the first file against the second file. I’ll press enter here. And let’s take a look at the output. So this is the command that we tried, the first thing you will notice is that you have some output that looks like this. That is essentially telling you what changes were found. Remember, we are trying to compare the files and the comparison is always done on the first file against the second file, not the other way around. So we are comparing file number one against file number two. The first marker here says one C. One. There are three possible letters that you can see. You have C, which means there is a change. You have D. That means there is a deletion. And you could also see a which means addition.
The number on the left of that marker indicates the level at which the first file has been affected and the number after that marker indicates the level at which the second file has been affected. So this here represents a change in the file at level one, on file number one and level one on file number two. And the change is here. So anything that has a left angular bracket corresponds to the first file and anything that has a right angle of bracket corresponds to the second file. So this is the left dangler bracket. And the last configuration change timestamp for the first file can be seen here. And the last configuration timestamp. For the second file can be seen here because this has a right angular bracket.
OK, now let’s look at the next change. This one here has the letter D. That means something has been deleted. Once again, remember, we’re comparing file one against file to so on file one, if we applied delete, we would get filed too. But where do we apply the delete between levels one 0 six and one thirty one? So this is what has been deleted from file one. And the way I know that is because it has a left angular bracket left us for file one, right. It’s for file, too. So on file one, starting at this level, these items have been deleted to get file to. In the beginning, this sounds a bit confusing, but if you follow along, you will be able to understand. Let’s reverse this now. So we’ll change this to file two and will change us to file one. So we’re saying file compare files can fake to against config one. Technically, this is file one being compared against file two. All right, let’s do enter. And you’ll notice the first part is still the same one. See one, which is a change has happened at level one. On file one. And at level one. On file two. But if you notice here, the D is now changed to a. Which means on file one, which is config 0 two. If you apply addition. You will get this file once again. So on this file, which is called confect to. At this level, if you add these commands. You will get fired, too.
So these commands actually belong to file, too. And that’s because I can see the right angular bracket. I hope I haven’t confused you here. So it stands for additions that this operation needs to be applied on the first file to get the second file. So that’s how you would use these commands? The important thing to remember is that always file one is compared against file two. Now, there’s a couple of more options that we can use here. So I’m gonna hit the Aperol file, compare files, config one to confect to feed you a question mark here. We can view the output in a context style. Let’s give that a try context and press enter. And essentially, it’s the same output, but it’s a different style of presentation. So here anything that has the exclamation mark is the change. Anything that has a minus is deletion. Anything that has a plus is addition, but otherwise it remains the same. So let’s look at this.
On file number one. Which is config hyphen 01. If you remove these commands. You will get fired, too. Which is config 0 to. The level at which the change is applied is here. So this is the level for file one where the change is applied. And this is the level for file to where the change is applied. If we reverse this, let’s do this. Let’s change this to 0 two and let’s change this to 0 one. And instead of minus, you will now see plus. Because on file, too, when you add these commands. You will get fired one. So file one is the bigger file or file one is the file that has more configuration compared to file two, which is why we are saying on file two, if we add these files or these commands will get filed one. OK, now let’s take a look at the last one. So hit the apparel a couple of times and the last style of viewing this output is unified. It’s, again, pretty much the same with some small differences. So anything that you see here as minus is removal or deletion. Anything that you see as plus is additions. And again, here, the output style remains pretty much the same.
The only difference is that the levels are shown side by side. So on file one. The change is at this level and on file to the changes at this level. And if I can explain this to you one last time without confusing you, we know that file one is the bigger file. You know it because I’m saying it file one is the one that has more configuration and file two is the one that has less configuration and that can be validated here. On file one, if you remove these lines, the ones that have minus on them, you will get filed to. Let’s look at some more file commands. So file space question mark. If we want to calculate the checksum or the hash of a specific file, you could do file check some question mark. And you can decide which algorithm you want to use to compute the checksum. So let’s do, for example, MDG five. Question mark. And let’s say I want to check the checksum of config high from 0 one, and I can see that is the checksum. Now, you might be thinking, what is the use case for this? So let’s say I copy this file from here to another device. Maybe I have an archival server where I want to archive this configuration. Now, when I’ve copied the file over to the archival server, I will recompute the hash, the empty five hash on the destination and I should get the same hash if I get the same hash.
That means the file has not been corrupted in transit or while being transferred. So it is a mechanism to check the integrity of the file. If I get the same hash value on another device or on the archival server, I know that the file has not been tampered with or I know that the file has not been corrupted. Let’s try some more commands, file space question mark. We can do file copy. So let’s do file copy here. Let’s say I want to copy config hyphen 0 two and I need to provide a destination, file them. I’m going to call this as 0 two hyphen temp. That’s done. So if I now do file space list, I can see you can fix you are too. And I can also see the file that has been copied over. Let’s try a few of the commands. We could do file delete as well. So file delete. And let’s try to delete the file that we copied right now. And if I do file list again, I should see that the file is now deleted. Another command that we can use is file archive. Which can be used to archive the file to a archival server so we can provide the destination, you are all of the archival server or we can also choose to compress the archive file. Or we can also choose to provide the source of another file that needs to be archived. The last command that we’re going to talk about is file rename question mark. So let’s say I want to rename config 0 one two, config one 0. All right. Press enter here. And if I do find list, I can see that the file has now been renamed.
36. Junos Load Command
Let’s talk about the Junos load command, the Junos Lord Command is used to load configuration from a saved file. There are multiple variations of this command. So we can try load, override, load, merge, load, replace, load, set and load patch. Let’s talk about load override. When the load override command is used, it discards the current candidate configuration and load configuration from the file. The current candidate configuration is completely replaced. So here’s an example. This is the current configuration. Make a note that the current configuration has configuration for two interfaces, F is 0.0.0and F is 0 0 one. Now we are using a file whose contents look like this. So in the file, we only have configuration for Effie’s 0 0 one. We do not have configuration for Effie’s 0 0 0. When we perform the load override operation, remember, it will discard the current candidate configuration and replace it completely with the contents of the file. So when the load override operation is performed, the new configuration looks like this.
The configuration for F is 0.0.0has been completely discarded and the configuration for Effie’s 0 0 one has changed as well. Here, Effie’s 0 0 one had the IP address, 10 one one one. The file content had the configuration as one seven two 16 one . one. The new configuration will have one seven two 16 one . one, because with load override, the file contents will completely replace the current candidate configuration. So the file contents have become the new configuration. Let’s not talk about the lowered March command, the lowered March command will merge. The configuration from the saved file with the existing candidate configuration. But what happens if the saved file and the candidate configuration have conflicting configuration statements? If the existing configuration and the same configuration file contain conflicting statements, the statements in the saved configuration file will override those in the existing candidate configuration. So the preference is for the contents of the safe configuration file. Let’s look at an example. So here’s the current configuration. Again, it has configuration for two interfaces, Effie’s 0.0.0and Effie’s your 0 one.
Here’s the file contents, which only has configuration for F e0 0 one. We’re now going to perform a load merge operation. And this is what the new configuration will look like. So Effie’s 0.0.0is unchanged. It had 192.168.one, not one as the IP address. And that’s unchanged. But take a look at Effie’s 0 0 one on the current candidate configuration. The IP address was 10 one one one. The file content had the IP address configured as one seven two 16 one, not one. And the new configuration has two IP addresses on the same interface. I know we haven’t spoken about interface IP addressing yet, but just to give you a preview, interfaces on Junos devices can have multiple IP addresses. So the load merge command will combine the contents of the current configuration and the contents of the saved file. As a result, the interface Effie’s 0 0 one will have two IP addresses. So Lord March can be used to combine the configuration or merge the configuration. The next one is load replace.
The load replays, command looks for replays, tags in the loaded file and replaces parts of the candidate configuration with whatever is specified after the tag. The file that you’re loading must include replace tags. This is useful when you want more control over exactly what is being changed, because you can place the tags at exactly the places where you want the changes to be applied. Let’s look at an example. So here’s the current configuration. Again, no change over here. We have configuration for two interfaces, Effie’s 0.0.0and Effy 0 0 one. Here’s the file content and the file content has a replace tag here just before Effie’s your 0 one. So when we perform the load replace operation, the new configuration will only replace the configuration of Effie’s 0 0 one. So Effie’s 0.0.0remains unchanged. It has the same IP address, but Effie’s 0 0 one will now have this IP address because we have used the replace tag. So that portion of the configuration will be replaced. So with the load replays operation, the Junos software will look for the replays, tag and delete any configuration after that replays tag.
In the current configuration file and replace that with the new configuration. But what if the current configuration does not have that portion? Let’s say the current configuration does not have a configuration for Effie’s. You’re 0 one and the file content has a replace tag and configuration for Effie’s yours or one. If that happens again, we’ll get the same output. So if there is an existing configuration, it will be replaced. If there is no existing configuration, the replace tag will cause the configuration to be added. Let’s now talk about the next one, which is lowed patch. This is slightly different from the other ones that we’ve seen before. So on a Junos device that has configuration changes, you start by using the command show pipe. Compare this will show you the differences that are going to be applied when you commit to configuration. You then use the load patch command to load the differences on another device. Now stay with me for a minute. If it doesn’t make sense to you, we’ll look at an example. So here’s the configuration or I should say, here’s the current configuration.
Make a note that we only have configuration for one interface, Effie’s 0 0 0. Here’s the file content. Now, the file content has output from the show pipe. Compare command. Remember the show pipe. Compare command is used to see the changes that will be applied on the device. When the commit operation is performed. So it shows you these are the changes that are going to be applied. These configuration statements are going to be added to the configuration of the device. So this output is from show pipe compare. And when you perform load patch operation, this change will be applied on the current configuration. And this is how the new config will look like. So existing config is unchanged because the file content has nothing for Effie’s 0.0.0and all the configuration statements with plus on them have been added as the new configuration. They use case for this is let’s say you have a configuration that needs to be applied on several devices so you can first applied on one device. Use the show pipe, compare command, copy the output, and then use the load patch command.
Along with that output on all the rest of the devices. That way, you can quickly apply the changes on all the other devices. I know what you must be thinking here, that we could do the same thing with the lowered Mirch command. All right. We could put that configuration here as a file content and perform the load merge operation. The answer is yes, we could do that to. The last command that we’re going to look at is lowed set a fairly simple command. This will load a configuration from a file that contains set commands. We’ve already spoken about in one of the earlier videos, we’ve already understood how we can save the set commands to a file. So if you have a file that contains set commands and you want to loaded onto a device, you would use the load set command. The low set command executes the configuration instructions line by line as they are stored in the file. The instructions can contain any configuration mode command, such as edit, exit and top. Let’s try this on the Junos terminal. All right, I’m here at the Junos terminal. I’ll first enter the configuration mode with the edit command and to view the set commands. I’m going to do show display set. Let’s first look at the output. So here we can see that the entire output is in the form of set commands. Now we need to save this into a file. So we’ll do show pipe display set. Pipe it again. And this time we’ll use the save command. So save. Let’s do a question mark first and let’s give this a name.
Let’s call this as set commence press enter. And now let’s go back to the operational mode and let’s do file show. Or I should say fly list. And here we can see the file that we saved right now, if we want to view the contents. We can do file show set commands. So here’s the content. If we want to load this on a Junos device, we would use the load set command. Now, I’m going to show you on the same device how to load the configuration. So I’m just going to use the same file to load the configuration back on the same device. All right. So edit and the command is load will do, Load said. And we are going to use this file over here. So load set, set commands. And that’s the file name. Press enter. And now the configuration has been loaded on the device. We need to follow it up with a commitment. The load commands are very important from the examination perspective. You can expect a few questions that will test you in different ways about the different load commands. So very important from the examination perspective.
37. J-Web
Let’s now talk about J-Webb. J-Webb is the graphical user interface, also known as goofy of the Junos device. It allows you to monitor, configure, troubleshoot and manage the Junos device using a Web browser that’s enabled with HTP or HDD. P.S. All of the configuration statements that you perform from the command line interface are supported on the J-Web. J-Webb is a function of the routing engine. In fact, both J-Webb and the see a line of functions of the routing engine. Before we access the Web, let’s understand how to configure this from the command line interface. All right, so I’m here at the command line interface. I’ll first enter the configuration mode with the edit command and the configuration for J-Webb can be found under show system services, web management. I’ll press enter. So right now we can see that only the HTP. S protocol is allowed. So let’s do this first. Let’s enter edit systems services, web management. So now we are under that hierarchy, added system services, web management. And if we do a show from here, we can see that right now only HTP s is allowed. So let’s start with the set command set space question mark note. Notice you have the option to allow HTP as well. So we can allow HTP or ETP. Yes, but as a best practice you should only allow HTP.
Yes. Because that’s an encrypted connection. So right now, I have ETP as enabled and for ETP, yes, we need a certificate, right. So this device is configured to use a system generated certificate. That means when you try to connect with a device using J-Web or the graphical user interface. This certificate will be presented. It’s a system generated certificate. So your browser will give you a warning message because it will not be able to verify the certificate. It’s a system generated certificate. We have some other options that we can configure here. For example, if you wanted to configure the session parameters, you can say set session. Question mark. And here you have the option to configure the idle time out and the session limit, which is the maximum number of sessions you want to allow. So you want to make sure that HTP or ETP s is configured under Web management. And if that is configured, the device is ready to be accessed using the graphical user interface allows switch to a browser window, which is over here. And I’m going to paste the IP address of my Junos device and change that to HTP. Yes, because that’s the only protocol that’s allowed in the configuration. So HTP. Yes. Call an IP address of the Junos device press enter. All right. So that’s how the console looks like. I did not get a warning message when I connect it to the device. And that’s because I already connected to this device in the past. And when I connected for the first time, I was given a warning message saying the certificate cannot be verified. I know that I’m connecting to the right device, so I accepted the risk and moved forward with the connection.
But if you’re trying to connect for the first time, do not be surprised if your browser gives you a warning message that the certificate cannot be verified. You’ll also notice here it says the connection is not secure. And that’s because the site or the certificate is invalid. It’s a self generated certificate. So I’m going to enter the username and the password to log in while this is loading. I do want to add here that some of the components of the Geo Web require you to have Adobe Flash Player plugin enabled on your browser. And I recommend using the Google Chrome browser to access J-Web. So this is what the console looks like. Let’s start with the dashboard. So here we have a dashboard that shows you some widgets. Here’s the Chessie view of the device. Here we have got some widgets like alarms, log In Session’s file usage applications, etc.. And here we can see some device ID like serial number, hostname software version, sys time system uptime, some resource utilization graphs over here and over here. We have options to monitor the device.
And you can see here, it says click here to enable Adobe Flash Player to allow that for now. So you want to make sure that that is allowed. The Adobe Flash Player plugin is allowed. Otherwise, you won’t be able to see those widgets. All right, so the device has now loaded. And here we can see some widgets. Right now, there’s not much happening on this device. So you can see the statistics. The counters are all pretty much close to 0. We can monitor everything from here. We can monitor VPN sessions, authentication, network address, translation, DHCP routing user, et cetera. We can also configure the device from the panel here. We can choose configure and it pretty much everything that you configure from the command line interface can be configured from here. So you can configure network settings, users, security objects securely, services like NAT and VPN. All of that stuff can be configured from here. Over here under the administration section, we can perform some tasks like rebooting the device, managing the licenses, cleaning up the files. We also have access to the command line interface terminal from here. So if we go down here to tools and see ALLAI terminal, you can actually load a C Allai terminal within the browser window. It says some of the changes here are pending commit, which is why that button is glowing here. But coming back over here, we could do pretty much everything that we can do from the command line interface, like paying Traceroute. All of that stuff. From personal experience, I can say that most administrators prefer to configure the Junos device from the command line interface. It feels more flexible. It feels much faster than using the deep web. But if you are comfortable with the deep web, the option is there. You can configure the device completely from the browser or using deep web. So the key thing to remember is that before you can access the Web, you need to add the required protocol, which is HTP or SCDP s under the edit system services, web management, ARCHEY on the command line interface.
