3.1 Junos CLI & J-Web
Key Takeaways
- Junos OS has exactly two top-level modes: operational mode (shows the `>` prompt) for monitoring and troubleshooting, and configuration mode (shows the `#` prompt) for changing the device.
- You enter configuration mode from operational mode with the `configure` command and return to operational mode with `exit` or by typing `top` then `exit`.
- The Junos CLI provides context help with `?`, command completion with the Spacebar or Tab key, and partial-command matching, so you rarely need to type a full command.
- J-Web is the Junos web GUI for the same monitoring and configuration tasks, while the user's login class determines which commands and configuration hierarchies that account may use.
- Operational mode output can be piped with `|` to modifiers such as `match`, `count`, `display set`, and `no-more` to filter and reshape what the CLI prints.
Why This Topic Matters
User Interfaces is one of the two largest JNCIA-Junos objective areas (roughly one-fifth of the exam). Almost every other topic on the test - configuration, monitoring, routing, and policy - is reached through the CLI, so fluency here is the single highest-leverage skill for passing. Expect questions that show a prompt or a command and ask what mode you are in, what the command does, or how to move between modes.
The Two Junos Modes
Junos OS has exactly two top-level user interface modes. Knowing which one you are in - and how to move between them - is fundamental.
| Mode | Prompt | Purpose | Example actions |
|---|---|---|---|
| Operational mode | user@host> | View device state; troubleshoot; run utilities | show interfaces, ping, traceroute, request system reboot |
| Configuration mode | user@host# | Change the device configuration | set, delete, edit, commit |
The trailing character is the fastest way to tell where you are: a greater-than sign (>) means operational mode, and a hash/pound sign (#) means configuration mode.
Moving Between Modes
From operational mode, the configure command enters configuration mode. To leave configuration mode, use exit (which returns you to operational mode when you are at the top of the hierarchy). If you are deep in the hierarchy, type top first to jump to the root, then exit.
user@host> configure
Entering configuration mode
[edit]
user@host# top
[edit]
user@host# exit
Exiting configuration mode
user@host>
The [edit] banner above the prompt in configuration mode shows your current location in the configuration hierarchy. At the top it simply reads [edit]; deeper in it shows the path, for example [edit interfaces ge-0/0/0].
Shells and the CLI
When you log in, Junos normally drops you straight into operational mode (the Junos CLI). Some accounts can reach a UNIX-like shell with the start shell command, and you return to the CLI with exit. For the exam, focus on the CLI: operational and configuration mode are what JNCIA-Junos tests.
CLI Help, Completion, and Navigation
The Junos CLI is designed so you almost never have to type a command in full or memorize exact syntax. Three features do most of the work.
Context-Sensitive Help with ?
Typing a question mark (?) at any point lists what is valid next. It works at the start of a line, after a partial word, and after a complete word.
user@host> sh?
Possible completions:
show Show system information
user@host> show ?
Possible completions:
arp Show system Address Resolution Protocol table
configuration Show current configuration
interfaces Show interface information
route Show routing table information
...
The ? does not need a preceding space when used to complete a partial word, but it does after a completed keyword to show the next options.
Command Completion
Press the Spacebar or Tab key to complete a unique keyword. The Spacebar completes commands and keywords; the Tab key completes those plus user-defined names such as interface or policy names. If the partial text is ambiguous, the CLI lists the possibilities instead of completing.
Editing and History
The CLI supports Emacs-style editing keys, which appear on the exam:
| Keystroke | Action |
|---|---|
Ctrl+a | Move to beginning of the line |
Ctrl+e | Move to end of the line |
Ctrl+w | Delete the word before the cursor |
Ctrl+u | Delete the whole line |
Up arrow / Ctrl+p | Recall the previous command |
Ctrl+l | Redraw the current line |
Filtering Output with the Pipe
Operational and show commands can pass output to a pipe (|) followed by a modifier. This is heavily tested because real devices produce long output.
| Pipe modifier | Effect |
|---|---|
match pattern | Show only lines containing the pattern |
except pattern | Hide lines containing the pattern |
count | Print the number of lines instead of the lines |
find pattern | Start output at the first matching line |
no-more | Print everything without paging |
display set | Show configuration as flat set commands |
save filename | Write the output to a file |
Example: list only the configured physical interfaces as flat commands.
user@host> show configuration interfaces | display set | match "set interfaces ge"
set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.1/30
set interfaces ge-0/0/1 unit 0 family inet address 10.0.1.1/24
J-Web Overview
J-Web is the built-in, browser-based graphical interface for Junos devices. It reaches the same device through HTTPS or HTTP and exposes dashboards, monitoring views, configuration wizards, and maintenance tasks. J-Web is useful for technicians who prefer a GUI or for quick visual checks, but the CLI remains the authoritative interface, and the exam expects CLI knowledge first.
Key points about J-Web for JNCIA-Junos:
- It must be enabled as a system service before it can be used, typically with
set system services web-management https(orhttp). - It performs the same candidate/commit model under the hood as the CLI - changes are still committed to take effect.
- It is optional; many production devices disable the web interface for security and manage purely by CLI.
Login Classes
Every Junos user account is mapped to a login class. The login class defines the user's permissions: which operational commands they may run, which configuration hierarchies they may view or change, idle timeout, and allow/deny command lists. This is how Junos enforces role-based access.
Junos ships four predefined login classes:
| Predefined class | Capability |
|---|---|
super-user | Full access to all commands and configuration |
operator | Can run most operational/clear commands; cannot configure |
read-only | Can view operational state; cannot configure or clear |
unauthorized | Effectively no privileged access |
You can also define custom login classes with specific permission flags, such as view, configure, interface-control, or maintenance, plus allow-commands and deny-commands regular expressions for fine-grained control. The user account ties together a username, a login class, and an authentication method.
[edit system login]
user@host# set class noc-team permissions [ view view-configuration interface-control ]
user@host# set class noc-team idle-timeout 30
user@host# set user jdoe class noc-team
Putting It Together: A Typical Session
A technician logs in (lands in operational mode at the > prompt), runs show commands to inspect the device, types configure to enter configuration mode (the prompt changes to #), makes changes, commits them, and types exit to return to operational mode. Their login class silently governs which of those steps they are even allowed to perform.
A Junos device displays the prompt admin@router>. What does the trailing > indicate?
Which command moves a user from operational mode into configuration mode?
A technician runs show interfaces terse | match ge-0/0/0. What does the pipe modifier do?
What determines which operational and configuration commands a specific Junos user account is permitted to run?