Skip to main content

Juniper Switching CLI & J-Web - A Collection

This page is for the Juniper Switching CLI or J-Web interfaces which don't all need separate pages. You can search for them with Ctrl + F or click the "Search" at the top.

The terminology used in this documentation is listed below:
•    Run – Run the command and press enter. No other interaction needed. No output will appear.
•    Type – Type a word, most of the time being Boolean (yes/no, true/false).

Configuring Virtual Chassis EX Series

Taken from: https://www.juniper.net/documentation/us/en/software/junos/virtual-chassis-qfx/topics/concept/virtual-chassis-ex4200-overview.html#understanding-ex-series-virtual-chassis__d2126e1405

Sadly, this takes you to a PDF and you need to use Wayback machine to get the snapshot of: 
https://web.archive.org/web/20231201042147/https://www.juniper.net/documentation/us/en/software/junos/virtual-chassis-ex-4200-4500/topics/task/virtual-chassis-ex4200-cli.html 

Enabling J-Web Interface

Connect the COM cable or use the IP address of the system and SSH to it. Login as normal.

Run cli
Run edit
Run delete interfaces
Run set interfaces vlan.0 family inet address 192.192.0.x
(replacing x with the end IP for the management interface)
Run commit
Wait for synchronization to complete.

Description: We have removed all interfaces and configured the vlan.0 interface to 192.192.0.x, x being the end of the switches management IP address temporarily. Without this being set, the switch will complain that no interfaces have been configured for vlan.0.

Taken from: https://supportportal.juniper.net/s/article/Interface-must-already-be-defined-under-edit-interfaces-commit-error?language=en_US 

Run set interfaces vme unit 0 family inet address 192.168.0.x/<subnet>
(replacing x with the IP for management interface, the vme IP)

Run set system services ssh root-login allow
Run set system services web-management management-url 192.168.0.x/root
(replacing x with the IP for management interface web portal, same as the vme IP set earlier)

Run set system services web-management http interface vme
Run set system services web-management https port 443
Run set system services web-management https system-generated-certificate
Run set system services web-management https interface vme
Run commit
Wait for synchronization to complete.

Description: We have updated the management interface, J-Web, to show the webpage instead of “Connection Refused”. This is believed to be happening because of it binding the interface to me0, not vme, which is the virtual chassis interface. Citation Needed.

Switching Between Primary Master & Backup Switches

Connect the COM cable or use the IP address of the system and SSH to it. Login as normal.
Taken from: https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/command/request-chassis-routing-engine-master.html 

Run cli
Run request chassis routing-engine master switch
Type yes

You will be disconnected after about 1-2 seconds on the switch you are connected on (either master or backup) and you will need to wait around 5 minutes before issuing this command again.

Save Time With Making Synchronize Default

This section allows you to set the command commit to always run commit synchronize without you needing to write that word afterwards.
Connect the COM cable or use the IP address of the system and SSH to it. Login as normal.

Run cli
Run edit
Run set system commit synchronize
Run commit synchronize

On next command run of commit, it will run commit synchronize. This should be visibly apparent that it worked as you will see fpc0 and fpc1 sync along the left when committing between them when in virtual-chassis mode.

Switching ROM On Switch

Connect the COM cable to the switch you wish to switch ROM on. This is good for getting to a different firmware version if it decided to downgrade due to not being the same, configuration resync or getting back from Linecard to Master/Backup due to version issue.

Note: Due to the command request session member X, a COM cable isn’t required.

Run request system reboot slice alternate media internal
Type yes

Wait for switch to restart. This will countdown on 60 seconds, 30 seconds and immediately, respectively.

Syncing Current ROM With Redundant ROM

SSH or connect the COM cable and run the command below to sync the current system configuration and OS version to the redundant ROM AND between both the fpc0 and fpc1.

Run cli
Run edit
Run run request system snapshot slice alternate

Get Full System Info From Both Switches (Virtual Chassis)

Obtain the system information from both switches such as the state, temperature, memory and CPU usage, model, serial number and last reboot reason. 

Run cli
Run show chassis routing-engine

Login To Alternative Switch In CLI Mode For Logs/Configuration

To get into an additional member of the virtual chassis, you can run the below command to access it instead of running the switch routing-engine command. For example, member 0 is top switch, member 1 is bottom switch if running in a 2 system virtual-chassis. Replace X with the switch member number. For locating the number, you can Run show virtual-chassis to view member numbers.

Run cli
Run request session member x

Enabling SNMP v3 on Juniper 4200/4500 switches
set snmp v3 vacm security-to-group security-model usm security-name <USERNAME> group read-only-group
set snmp v3 vacm access group read-only-group default-context-prefix security-model usm security-level privacy read-view read-only-view
commit comment "Preparation For SNMPv3"

set snmp v3 usm local-engine user <USERNAME> authentication-sha authentication-password "<CRYPTO_PASSWORD>"
set snmp v3 usm local-engine user <USERNAME> privacy-aes128 privacy-password "<PASSWORD>"
set snmp view read-only-view oid .1 include
show snmp
commit comment "Setup SNMPv3 For <APPLICATION>"

For TenantOS, the settings to select are below:


Setup Syslog to an endpoint IP listening for Syslog data
set system syslog host <IP> any any
set system syslog file messages any any
commit comment "Activate Syslog Data Collection"
Installing LLDPD to get data from the port connected and query the switch

Using this will tell you all the connection information from the switch, such as what port, what the switch name is, vlans it's providing to you, etc.

apt install lldpd -y && /
lldpctl

Need to rename a VLAN on the switch and need to find out which members are in that VLAN so you can delete it safely?

This can also be used to prepare who has duplicate VLAN names such as "ClientVlan" and "Vlan.3" basically meaning, it has the named version of vlan 3 and the numerical version. Running this command helps you clear out those "named vlan" problems which originate by making the vlans on the JWeb interface before being comfortable with CLI. This will then give you the chance to rename a vlan later on with rename vlan command, etc.

cli -c "show configuration interfaces | display set" | grep "family ethernet-switching vlan members <VLAN>" | awk '{print "delete", $2, $3, $4, $5, $6, $7, "vlan members <VLAN>"}' > /var/tmp/<VLAN>.conf


Back to top