Posts tagged juniper

Juniper: bonding / LACP switchconfig

posted on 2015-12-01 08:28:56

This is a rough copy-paste howto, after having accessed the switch and having changed into configure mode via edit:

activate LACP

set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp periodic fast

create the virtual bonding interface aeX

set interfaces ae1 unit 0 description <SERVER-NAME>
set interfaces ae1 unit 0 family ethernet-switching vlan members <VLAN-NAME>

unset via delete first, else just map physical nic to virtual interface

# for port 14 / 15
set interfaces ge-0/0/14 ether-options 802.3ad ae1
set interfaces ge-0/0/15 ether-options 802.3ad ae1

This assumes that the only existing ae / "aggregated ethernet" interface was ae0 prior. Thus ae1 was chosen.

amount of aggregated devices

Check how many are already configured:

admin@switch-01# show chassis 
aggregated-devices {
    ethernet {
        device-count 1;
alarm {
    management-ethernet {
        link-down ignore;


There you can see that only one ae interface existed prior.

Increase this counter:

set chassis aggregated-devices ethernet device-count 2

This should be everything, commit and-quit and your config is live.

Don't forget to put the VLAN onto your uplink (ae0?) interface, too, so it can get handed to your core.

Configuring vlan ports on a juniper EX 2200 switch via SSH

posted on 2014-05-05 18:38:13

This will serve as a quick reminder since I don't do that too often.


Over a physical NIC there can run an arbitrary amount of VLAN's. Only requirements are the switch port and your NIC being attached to it being able running VLAN's, and being properly configured. Else only one VLAN can run at once on one port.

Trunking is the possibility to 'tag' packets. If this cannot be done (switch just has not got the functionality), you need a dedicated cable running from switch to switch for EACH VLAN. Via trunk mode the switching cannot be done on just port level, but even across switches, utilizing only a single interconnect.

switchport schemata and config access

ge-X/Y/ZZ.A is a dummy for the following:

X   = the switch number
Y   = backplane number
ZZ  = port number
A   = Unit

Switch number (X) is clear, backplane number (Y) not so. Sometimes you came across switches that are extendable. I.e., you can insert a second panel with a second set of ports into the existing switch. Port number (ZZ) should be clear again. A Unit (A) is a logical NIC. This is needed for layer-3-switching.

If a VLAN is created which spans several subnets, the port has to have logical adresses in both subnets. These are differentiated via the Unit. I.e. the first IP from the first subnet gets Unit '0', the second IP from the second subnet gets '1'... You get the idea. More on this here.


Here all that is ever done happens on layer 2. No layer-3-switching/routing is done, which is why setup is simpler and only Unit 0 is put to use.

After ssh'ing onto the machine with user 'admin', these are your first helpers:

> ?
> help
> help ?

Whenever you do not know what to do, use ?, or append a ? to the line you are typing currently.

> show vlans
> show interfaces
> show interfaces terse
> show interfaces | display set
> show interfaces ge-X/Y/ZZ
> show interfaces ge-X/Y/ZZ.A
> show interfaces ge-X/Y/ZZ terse
> show interfaces ge-X/Y/ZZ unit A family ethernet-switching vlan members 
> show interfaces ge-X/Y/ZZ unit A | display set
> show chassis

From edit / configure` mode:

> run show interfaces descriptions

Some of these commands can be run in regular (non-edit) mode only, some only in edit mode. To get around this restriction, prefix the command in question with run or set, IIRC.

Show who else is editing what and where:

> status

Then the modes for making changes:

> configure
> edit

> configure exclusive
> edit exclusive

Change to the proper position of the directory tree:

> edit interfaces ge-X/Y/ZZ unit A family ethernet-switching
> up
> top

In general, you can hop around the data tree via edit <path>. This serves readability and will save you quite some typing.

Making changes:

> set port-mode 
> set vlan members 
> delete port-mode

Otherwise, you can use the output of show interfaces | display set directly via copy/paste, if changed accordingly. This is also rather helpful, once you got used to it.


> quit

If you want to throwaway your changes prior to committing:

> rollback

This will load the last committed configuration and clear all pending commits.

Check if your changes worked, and apply them:

> show | compare
> commit check
> commit
> commit at
> commit and-quit

That should be about it.

copying setting


show interfaces | display set

And just copy paste the shown configuration lines.


show log ?
show log <logname>

temperature and load

show chassis routing-engine 


By the way, backspace works.
Delete will not, but CTRL-D will.
CTRL-C will not, but CTRL-U and CTRL-K will.


If you really desire a shell: start shell
And you will get into a cozy... /usr/sbin/cli?

sh and (t)csh are also available.

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, 16.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, PS1, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apache2.4, apachebench, apple, applet, arcconf, arch, architecture, areca, arping, asa, asdm, autoconf, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blockdev, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, cmd, coleslaw, colorscheme, common lisp, configuration management, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fakeroot, fbsd, fdisk, fedora, file, files, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, gitbucket, github, gitolite, global, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, make-jpkg, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pct, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plasma, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pveam, pvecm, pvesm, pvresize, python, python3, qemu, qemu-img, qm, qmrestore, quicklisp, quickshare, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, ubuntu16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x11vnc, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh

Unless otherwise credited all material Creative Commons License by sjas