Home > Cisco, FreeBSD, Juniper, SRX210 > Juniper Junos SRX SRX100 SRX210 SRX240 cheat sheet cheat code cheat book cheat list

Juniper Junos SRX SRX100 SRX210 SRX240 cheat sheet cheat code cheat book cheat list

Cheat Sheet for the CLI Commands – Baseline Operations Guide

How to connect?

[sun@example ~]$ ssh root@
root@'s password:
--- JUNOS 10.0R3.10 built 2010-04-16 08:47:35 UTC
Juniper has Unix? (FreeBSD/CentOS fashion), play it 
root@srx210% uname -a
JUNOS srx210 10.0R3.10 JUNOS 10.0R3.10 #0: 2010-04-16 08:47:35 UTC     
root@srx210% ifconfig -a | grep fe-0/0/2
fe-0/0/2:       encaps: ether; framing: ether
fe-0/0/2.0:     flags=0x8000 <UP|MULTICAST>

How the network language concept works? See follow tree:

parent {

parent_child1 {   parent_grand_children { }           }

parent_child2 {   parent_grand_children { }           }


Crack it: set parent parent_child1 parent_grand_children XYZ [press tab] [finally press enter]

How to reset or recover the passwrod:

1. boot 2. press s  OR try to press once the reset button for couple of longer seconds until the led shows red.

How to save my settings as backup?

$ save backup1.txt
$ load override backup1.txt

rollback 4

How can i monitor traffic real time?

$ monitor traffic matches “host”


root@srx210> monitor traffic interface ge-0/0/0
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on ge-0/0/0, capture size 96 bytes

Reverse lookup for failed (check DNS reachability).
Other reverse lookup failures will not be reported.
Use <no-resolve> to avoid reverse lookups on IP addresses.

09:56:20.849081  In IP 94-224-195-xx.access.telenet.be.17500 > UDP, length 109
09:56:20.849352  In IP 94-224-195-xx.access.telenet.be.17500 > UDP, length 109
^CReverse lookup was interrupted (check DNS reachability).
Use <no-resolve> to avoid reverse lookups on IP addresses.

4 packets received by filter
0 packets dropped by kernel


How can i delete a settings?

$ delete security nat

Advanced commands:

Table 9: CLI Configuration Mode Commands




Remove the inactive: tag from a statement, effectively reading the statement or identifier to the configuration. Statements or identifiers that have been activated take effect when you next issue the commit command.

Syntax: activate (statement-path | identifier)


Add comments to a configuration.

Syntax: annotate < statement-path> comment-string


Commit the set of changes to the database and cause the changes to take operational effect.

Syntax: commit <and-quit> <check> <confirmed < minutes >> <synchronize>


Make a copy of an existing statement in the configuration.

Syntax: copy < statement-path> identifier 1 to identifier 2


Add the inactive: tag to a statement, effectively commenting out the statement or identifier from the configuration. Statements or identifiers marked as inactive do not take effect when you issue the commit command.

Syntax: deactivate ( statement-path | identifier ?)


Delete a statement or identifier. All subordinate statements and identifiers contained within the specified statement path are deleted with it.

Syntax: delete ( statement-path | identifier)


Move inside the specified statement hierarchy. If the statement does not exist, it is created.

Syntax: edit < statement-path>


Exit the current level of the statement hierarchy, returning to the level prior to the last edit command, or exit from configuration mode. The quit and exit commands are synonyms.

Syntax: exit <configuration-mode>


Display help about available configuration statements.

Syntax: help (apropos | reference | syslog | topic ) < string ??>


Insert an identifier into an existing hierarchy.

Syntax: insert < statement-pathidentifier1 (before | after) identifier2


Load a configuration from an ASCII configuration file or from terminal input. Your current location in the configuration hierarchy is ignored when the load operation occurs.

Syntax: load (merge | override | replace ) ( filename | terminal)


Exit the current level of the statement hierarchy, returning to the level prior to the last edit command, or exit from configuration mode. The quit and exit commands are synonyms.

Syntax: quit <configuration-mode>


Rename an existing configuration statement or identifier.

Syntax: rename < statement-pathidentifier1 to identifier2


Return to a previously committed configuration. The software saves the last 10 committed configurations, including the rollback number, date, time, and name of the user who issued the commit configuration command. rollback 0 erases any configuration changes made to the current candidate configuration.

The currently operational JUNOS software configuration is stored in the file juniper.conf, and the last three committed configurations are stored in the filesjuniper.conf.1.gz, juniper.conf.2.gz, and juniper.conf.3.gz. These four files are located in the directory /config/, which is on the router’s flash drive. The remaining six previous committed configurations, the files juniper.conf.4.gz through juniper.conf.9.gz, are stored in the directory /var/db/config/, which is on the router’s hard disk.

Syntax: rollback < number>


Run an operational mode CLI command without exiting from configuration mode.

Syntax: run < operation-command>


Save the configuration to an ASCII file in the user’s home directory (by default) or to the user’s terminal session. The statement hierarchy and the contents of the current level of the statement hierarchy (and below) are saved. This allows a section of the configuration to be saved, while fully specifying the statement hierarchy.

Syntax: save filename terminal


Create a statement hierarchy and set identifier values. This is similar to the edit command except that your current level in the hierarchy does not change, and you can set identifier values, while the edit command only allows access to a statement path.

Syntax: set ( statement-path | identifier )


Display the current configuration.

Syntax: show ( statement-path | identifier)


Display the users currently editing the configuration.

Syntax: status


Return to the top level of configuration command mode, indicated by the [edit] banner, or execute a command from the top level of the configuration.

Syntax: top < configuration-command>


Move up one level in the statement hierarchy.

Syntax: up < number>


Update a private database. For more information on the update command, see the JUNOS System Basics and Services Command Reference.

Syntax: update

Basic commands:




Clear statistics and protocol database information.

Syntax: clear (arp | bgp | firewall | helper | igmp | ike | ilmi | interfaces | ipsec | ipv6 | isis | ldp | log | mpls | msdp | multicast |ospf | pim | rip | ripng | route | rsvp | snmp | system | vrrp)


Enter CLI configuration mode.

Alternative commands: configure <exclusive> <private>


Perform file manipulation operations, such as copy, delete, list, rename, and show.

Syntax: file (compare | copy | delete | list | rename | show)


Provide help information.

Syntax: help (reference | syslog | topic)


Monitor a log file or interface traffic in real time.

Syntax: monitor (interface | list | start | stop | traffic)


Display trace information about a multicast path from a source to a receiver.

Syntax: mtrace (from-source | monitor | to-gateway)


Verify IP connectivity to another IP host or Asynchronous Transfer Mode (ATM) connectivity (ping ATM) using Operation Administration and Maintenance (OAM) cells to an ATM endstation.

Syntax: ping host <interface source-interface > <bypass-routing> <count requests > <do-not-fragment> <interval seconds > <patternstring > <record-route> <routing-instance routing-instance-name > <size bytes > <strict> <tos type-of-service > <ttl  value > <via route > <rapid | detail>

Syntax: ping atm interface interface <count count > <end-to-end | segment> <interval interval> <sequence-number sequence-number > <vci vci > <brief>

Syntax: ping vpn-interface vpn-interface host <local echo-address>


Filter the output of an operational mode or configuration mode command.

Syntax: | (compare | count | display <detail | inheritance | xml> | except pattern | find pattern | last lines | match pattern | no-more |resolve <file-names> | save filename | trim columns)


Log out from the CLI process.

Syntax: quit


Make system-level requests, such as halt or reboot the router, load software packages, and back up the router’s file systems.

Syntax: request system (halt | reboot | snapshot | software)


Restart the router hardware or software processes.

Syntax: restart (fpc | class-of-service | gracefully | immediately | interface-control | mib-process | network-access-service | remote-operations | routing | sampling | sfm | snmp | soft)


Set CLI properties, the router’s date and time, and the craft interface display text.

Syntax: set (chassis | cli | date)


Show information about all aspects of the software, including interfaces and routing protocols.

Syntax: show (accounting | aps | arp | as-path | bgp | chassis | cli | configuration | connections | dvmrp | firewall | helper | host | igmp | ike | ilmi | interfaces | ipsec | ipv6 | isis | l2circuit | l2vpn | ldp | link-management | log | mpls | msdp | multicast | ntp | ospf | pfe | pim | policer | policy | rip | ripng | route | rsvp | sap | snmp | system | task | ted | version | vrrp)


Open a secure shell to another host.

Syntax: ssh host <bypass-routing> <routing-instance routing-instance-name > <source address > <vpn-interface vpn-interface > <v1 | v2>


Start a software process.

Syntax: start shell


Start a telnet session to another host.

Syntax: telnet host <8bit> <bypass-routing> <inet | inet6> <noresolve> <port port > <interface interface-name> <routing-instancerouting-instance-name > <source address > <vpn-interface vpn-interface>


Run various diagnostic debugging commands.

Syntax: test (configuration | interface | msdp | policy)


Trace the route to a remote host.

Syntax: traceroute host <as-number-lookup> <bypass-routing> <gateway address > <inet | inet6> <noresolve> <routing-instancerouting-instance-name><source address > <tos value > <ttl value > <vpn-interface vpn-interface > <wait seconds>

And all extra included as following:

  • JUNOS/Juniper EX-series Cheat Sheet
  • JUNOS Cheat-Sheet PDF pdf
  • Juniper NetScreen Policy Configuration Cheat Sheet
  • JUNOS Juniper EX Cheat Sheet
Categories: Cisco, FreeBSD, Juniper, SRX210
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

%d bloggers like this: