3.1 Junos CLI & J-Web

Key Takeaways

  • Junos OS has exactly two top-level modes: operational mode (shows the `>` prompt) for monitoring and troubleshooting, and configuration mode (shows the `#` prompt) for changing the device.
  • You enter configuration mode from operational mode with the `configure` command and return to operational mode with `exit` or by typing `top` then `exit`.
  • The Junos CLI provides context help with `?`, command completion with the Spacebar or Tab key, and partial-command matching, so you rarely need to type a full command.
  • J-Web is the Junos web GUI for the same monitoring and configuration tasks, while the user's login class determines which commands and configuration hierarchies that account may use.
  • Operational mode output can be piped with `|` to modifiers such as `match`, `count`, `display set`, and `no-more` to filter and reshape what the CLI prints.
Last updated: May 2026

Why This Topic Matters

User Interfaces is one of the two largest JNCIA-Junos objective areas (roughly one-fifth of the exam). Almost every other topic on the test - configuration, monitoring, routing, and policy - is reached through the CLI, so fluency here is the single highest-leverage skill for passing. Expect questions that show a prompt or a command and ask what mode you are in, what the command does, or how to move between modes.

The Two Junos Modes

Junos OS has exactly two top-level user interface modes. Knowing which one you are in - and how to move between them - is fundamental.

ModePromptPurposeExample actions
Operational modeuser@host>View device state; troubleshoot; run utilitiesshow interfaces, ping, traceroute, request system reboot
Configuration modeuser@host#Change the device configurationset, delete, edit, commit

The trailing character is the fastest way to tell where you are: a greater-than sign (>) means operational mode, and a hash/pound sign (#) means configuration mode.

Moving Between Modes

From operational mode, the configure command enters configuration mode. To leave configuration mode, use exit (which returns you to operational mode when you are at the top of the hierarchy). If you are deep in the hierarchy, type top first to jump to the root, then exit.

user@host> configure
Entering configuration mode

[edit]
user@host# top

[edit]
user@host# exit
Exiting configuration mode

user@host>

The [edit] banner above the prompt in configuration mode shows your current location in the configuration hierarchy. At the top it simply reads [edit]; deeper in it shows the path, for example [edit interfaces ge-0/0/0].

Shells and the CLI

When you log in, Junos normally drops you straight into operational mode (the Junos CLI). Some accounts can reach a UNIX-like shell with the start shell command, and you return to the CLI with exit. For the exam, focus on the CLI: operational and configuration mode are what JNCIA-Junos tests.

Loading diagram...
Moving Between Junos CLI Modes

CLI Help, Completion, and Navigation

The Junos CLI is designed so you almost never have to type a command in full or memorize exact syntax. Three features do most of the work.

Context-Sensitive Help with ?

Typing a question mark (?) at any point lists what is valid next. It works at the start of a line, after a partial word, and after a complete word.

user@host> sh?
Possible completions:
  show                 Show system information

user@host> show ?
Possible completions:
  arp                  Show system Address Resolution Protocol table
  configuration        Show current configuration
  interfaces           Show interface information
  route                Show routing table information
  ...

The ? does not need a preceding space when used to complete a partial word, but it does after a completed keyword to show the next options.

Command Completion

Press the Spacebar or Tab key to complete a unique keyword. The Spacebar completes commands and keywords; the Tab key completes those plus user-defined names such as interface or policy names. If the partial text is ambiguous, the CLI lists the possibilities instead of completing.

Editing and History

The CLI supports Emacs-style editing keys, which appear on the exam:

KeystrokeAction
Ctrl+aMove to beginning of the line
Ctrl+eMove to end of the line
Ctrl+wDelete the word before the cursor
Ctrl+uDelete the whole line
Up arrow / Ctrl+pRecall the previous command
Ctrl+lRedraw the current line

Filtering Output with the Pipe

Operational and show commands can pass output to a pipe (|) followed by a modifier. This is heavily tested because real devices produce long output.

Pipe modifierEffect
match patternShow only lines containing the pattern
except patternHide lines containing the pattern
countPrint the number of lines instead of the lines
find patternStart output at the first matching line
no-morePrint everything without paging
display setShow configuration as flat set commands
save filenameWrite the output to a file

Example: list only the configured physical interfaces as flat commands.

user@host> show configuration interfaces | display set | match "set interfaces ge"
set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.1/30
set interfaces ge-0/0/1 unit 0 family inet address 10.0.1.1/24

J-Web Overview

J-Web is the built-in, browser-based graphical interface for Junos devices. It reaches the same device through HTTPS or HTTP and exposes dashboards, monitoring views, configuration wizards, and maintenance tasks. J-Web is useful for technicians who prefer a GUI or for quick visual checks, but the CLI remains the authoritative interface, and the exam expects CLI knowledge first.

Key points about J-Web for JNCIA-Junos:

  • It must be enabled as a system service before it can be used, typically with set system services web-management https (or http).
  • It performs the same candidate/commit model under the hood as the CLI - changes are still committed to take effect.
  • It is optional; many production devices disable the web interface for security and manage purely by CLI.

Login Classes

Every Junos user account is mapped to a login class. The login class defines the user's permissions: which operational commands they may run, which configuration hierarchies they may view or change, idle timeout, and allow/deny command lists. This is how Junos enforces role-based access.

Junos ships four predefined login classes:

Predefined classCapability
super-userFull access to all commands and configuration
operatorCan run most operational/clear commands; cannot configure
read-onlyCan view operational state; cannot configure or clear
unauthorizedEffectively no privileged access

You can also define custom login classes with specific permission flags, such as view, configure, interface-control, or maintenance, plus allow-commands and deny-commands regular expressions for fine-grained control. The user account ties together a username, a login class, and an authentication method.

[edit system login]
user@host# set class noc-team permissions [ view view-configuration interface-control ]
user@host# set class noc-team idle-timeout 30
user@host# set user jdoe class noc-team

Putting It Together: A Typical Session

A technician logs in (lands in operational mode at the > prompt), runs show commands to inspect the device, types configure to enter configuration mode (the prompt changes to #), makes changes, commits them, and types exit to return to operational mode. Their login class silently governs which of those steps they are even allowed to perform.

Test Your Knowledge

A Junos device displays the prompt admin@router>. What does the trailing > indicate?

A
B
C
D
Test Your Knowledge

Which command moves a user from operational mode into configuration mode?

A
B
C
D
Test Your Knowledge

A technician runs show interfaces terse | match ge-0/0/0. What does the pipe modifier do?

A
B
C
D
Test Your Knowledge

What determines which operational and configuration commands a specific Junos user account is permitted to run?

A
B
C
D