Junos output level and filtering allow us to control and filter the output of Junos show commands. This allows you to control how much detailed information is displayed. And only show the part of the output that is more important to us.

Management of Junos show command output

You can control and filter the output of Junos Show commands as to how much detail and what part of the output is more important to you to display on the screen.

Junos show command output manageent
Junos show command output manageent

In terms of level of detail, “terse” shows the minimal amount of information shown in the output of show commands, typically used with the ‘show Interface terse” command.

Keyword “brief” shows more information than “terse”.  “details” show the most of information and “extensive” shows all information.

Show command output filtering lets you control which part of the output is more important to you to display on the screen.

A brief description before touching the commands, with “display” you can control which version of the output, “set” version, “XML” version or “JSON” version of the output is displayed. These types of outputs are mainly used in automation.

With “match”, only lines with specific keyword are displayed, like what with do with “grep” in shell commands. in Junos, it is also possible to use grep command instead of match command.

With “except”, all lines except lines with specific keyword are displayed.

With “find”, lines beginning with specific keyword is displayed.

With “last”, the last page of the output is displayed.

With “save”, you can save the output in specific file.

With “compare” which is very practical, you can compare two version of output.

The most important application of “compare” command is to compare the current active configuration with the latest versions of configurations to see what changes has been made. Also you can compare the current active version of the configuration with what will be active after commit command.

To get a better feeling of these commands, let touch them together.

Junos output levels

Let’s start with Junos show command output level.

To see an example, let’s run the “show interface” command with different output levels to show different levels of detail.

The command “show interface terse”, shows the minimum and most important information regarding interfaces.

rayka@vSRX> show interfaces terse 
Interface               Admin Link Proto    Local                 Remote
ge-0/0/0                up    up
gr-0/0/0                up    up
ip-0/0/0                up    up
lsq-0/0/0               up    up
lt-0/0/0                up    up
mt-0/0/0                up    up
sp-0/0/0                up    up
sp-0/0/0.0              up    up   inet    
                                   inet6   
sp-0/0/0.16383          up    up   inet    
ge-0/0/1                up    up
dsc                     up    up
em0                     up    up
em0.0                   up    up   inet     128.0.0.1/2     
em1                     up    up
em1.32768               up    up   inet     192.168.1.2/24  
em2                     up    down
fti0                    up    up
fxp0                    up    up
fxp0.0                  up    up   inet     192.168.200.100/24
gre                     up    up
ipip                    up    up
irb                     up    up
lo0                     up    up
lo0.16384               up    up   inet     127.0.0.1           --> 0/0
lo0.16385               up    up   inet     10.0.0.1            --> 0/0
                                            10.0.0.16           --> 0/0
                                            128.0.0.1           --> 0/0
                                            128.0.0.4           --> 0/0
                                            128.0.1.16          --> 0/0
lo0.32768               up    up  
lsi                     up    up
mtun                    up    up
pimd                    up    up
pime                    up    up
pp0                     up    up
ppd0                    up    up
ppe0                    up    up
st0                     up    up
tap                     up    up
vlan                    up    down
vtep                    up    up

It shows physical and line protocol status of interfaces and also the IP address assigned to the interfaces.

Most of the times you do not need to see all interfaces. You can filter it with regular expression. As an example, “show interfaces terse | grep “ge|fxp0“, shows interfaces including “ge” like gigabit Ethernet interfaces and also fxp0 which is management interface.

rayka@vSRX> show interfaces terse | grep "ge|fxp0"
ge-0/0/0                up    up
ge-0/0/1                up    up
fxp0                    up    up
fxp0.0                  up    up   inet     192.168.200.100/24

Brief version of show interface command, “show interface brief”, shows more information in addition to status and IP address of interfaces, like MTU and speed of interfaces.

rayka@vSRX> show interfaces brief                    
Physical interface: ge-0/0/0, Enabled, Physical link is Up
  Link-level type: Ethernet, MTU: 1514, MRU: 1522, LAN-PHY mode, Speed: 10Gbps, Loopback: Disabled, Source filtering: Disabled,
  Flow control: Enabled
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x4000
  Link flags     : None
...

Detail version of show interface command, “show interface detail”, shows the most information. in addition to status, IP address, MTU and speed of interfaces, it shows also traffic statistics.

rayka@vSRX> show interfaces detail 
Physical interface: ge-0/0/0, Enabled, Physical link is Up
  Interface index: 136, SNMP ifIndex: 510, Generation: 139
  Link-level type: Ethernet, MTU: 1514, MRU: 1522, LAN-PHY mode, Link-mode: Full-duplex, Speed: 10Gbps, BPDU Error: None,
  Loop Detect PDU Error: None, Ethernet-Switching Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled,
  Flow control: Enabled
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x4000
  Link flags     : None
  CoS queues     : 8 supported, 8 maximum usable queues
  Hold-times     : Up 0 ms, Down 0 ms
  Current address: 00:0c:29:bb:b0:24, Hardware address: 00:0c:29:bb:b0:24
  Last flapped   : 2022-04-23 18:04:45 UTC (4d 01:27 ago)
  Statistics last cleared: Never
  Traffic statistics:
   Input  bytes  :                    0                    0 bps
   Output bytes  :                    0                    0 bps
   Input  packets:                    0                    0 pps
   Output packets:                    0                    0 pps
  Active alarms  : None
  Active defects : None
  PCS statistics                      Seconds
    Bit errors                             0
    Errored blocks                         0
  Ethernet FEC statistics              Errors
    FEC Corrected Errors                    0
    FEC Uncorrected Errors                  0
    FEC Corrected Errors Rate               0
    FEC Uncorrected Errors Rate             0
  Interface transmit statistics: Disabled

Physical interface: gr-0/0/0, Enabled, Physical link is Up
...

And finally, extensive version of show interface command, “show interface extensive”, shows all information. in addition to information displayed in detail version, it also shows also error statistics.

rayka@vSRX> show interfaces extensive       
Physical interface: ge-0/0/0, Enabled, Physical link is Up
  Interface index: 136, SNMP ifIndex: 510, Generation: 139
  Link-level type: Ethernet, MTU: 1514, MRU: 1522, LAN-PHY mode, Link-mode: Full-duplex, Speed: 10Gbps, BPDU Error: None,
  Loop Detect PDU Error: None, Ethernet-Switching Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled,
  Flow control: Enabled
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x4000
  Link flags     : None
  CoS queues     : 8 supported, 8 maximum usable queues
  Hold-times     : Up 0 ms, Down 0 ms
  Current address: 00:0c:29:bb:b0:24, Hardware address: 00:0c:29:bb:b0:24
  Last flapped   : 2022-04-23 18:04:45 UTC (4d 01:30 ago)
  Statistics last cleared: Never
  Traffic statistics:
   Input  bytes  :                    0                    0 bps
   Output bytes  :                    0                    0 bps
   Input  packets:                    0                    0 pps
   Output packets:                    0                    0 pps
  Input errors:
    Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0,
    FIFO errors: 0, Resource errors: 0
  Output errors:
    Carrier transitions: 2, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0,
    Resource errors: 0
  Active alarms  : None
  Active defects : None
  PCS statistics                      Seconds
    Bit errors                             0
    Errored blocks                         0
  Ethernet FEC statistics              Errors
    FEC Corrected Errors                    0
    FEC Uncorrected Errors                  0
    FEC Corrected Errors Rate               0
    FEC Uncorrected Errors Rate             0
  MAC statistics:                      Receive         Transmit
    Total octets                      36711982                0
    Total packets                       504505                0
    Unicast packets                          0                0
    Broadcast packets                        0                0
    Multicast packets                        0                0
    CRC/Align errors                         0                0
    FIFO errors                             14                0
    MAC control frames                       0                0
    MAC pause frames                         0                0
    Oversized frames                         0
    Jabber frames                            0
    Fragment frames                          0
    VLAN tagged frames                       0
    Code violations                          0
  Filter statistics:
    Input packet count                       0
    Input packet rejects                     0
    Input DA rejects                         0
    Input SA rejects                         0
    Output packet count                                       0
    Output packet pad count                                   0
    Output packet error count                                 0
    CAM destination filters: 1, CAM source filters: 0
  Autonegotiation information:
    Negotiation status: Complete
    Link partner:
        Link mode: Full-duplex, Flow control: None, Remote fault: OK
  Packet Forwarding Engine configuration:
    Destination slot: 0 (0x00)
  CoS information:
    Direction : Output
    CoS transmit queue               Bandwidth               Buffer Priority   Limit
                              %            bps     %           usec
    0 best-effort            95     9500000000    95              0      low    none
    3 network-control         5      500000000     5              0      low    none
  Interface transmit statistics: Disabled

Physical interface: gr-0/0/0, Enabled, Physical link is Up
...

Junos output filtering

Now we continue with output command filtering or formatting to show only a part of configuration or in the format that we are interested in.

The command “show configuration | display set” is very handy and, is used to show the “set” version of the configuration which not only is easier to read, but also to copy or use in automation. XML or JSON version of the configuration can also be shown with display command. XML and JSON are mostly used in automation.

rayka@vSRX> show configuration | display set 
set version 22.1R1.10
set system host-name vSRX
set system root-authentication encrypted-password "$6$Mm42nQEW$FBVpHM3HM3jTMOhBsS4pbQ8ZnmhmMsx4cQEz05/z0tIED/lF83D45Y8jvgPiCosReDYg.z/Ww4izkNsvS0KrB1"
set system login user rayka uid 2000
set system login user rayka class super-user
set system login user rayka authentication encrypted-password "$6$q3IzG30w$9C9wXWadnG3bhg.GqSJXREB1YqiPWZ/3Y3aVf3.YKSCBN4rxONm5Czpi4JHrQ8OoeJCk0DZqr3k2rFf8r0g../"
set system services ssh root-login allow
set system services telnet
...
rayka@vSRX> show configuration | display xml    
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/22.1R0/junos">
    <configuration junos:commit-seconds="1651081620" junos:commit-localtime="2022-04-27 17:47:00 UTC" junos:commit-user="rayka">
            <version>22.1R1.10</version>
            <system>
                <host-name>vSRX</host-name>
                <root-authentication>
                    <encrypted-password>$6$Mm42nQEW$FBVpHM3HM3jTMOhBsS4pbQ8ZnmhmMsx4cQEz05/z0tIED/lF83D45Y8jvgPiCosReDYg.z/Ww4izkNsvS0KrB1</encrypted-password>
                </root-authentication>
                <login>
                    <user>
                        <name>rayka</name>
                        <uid>2000</uid>
                        <class>super-user</class>
                        <authentication>
                            <encrypted-password>$6$q3IzG30w$9C9wXWadnG3bhg.GqSJXREB1YqiPWZ/3Y3aVf3.YKSCBN4rxONm5Czpi4JHrQ8OoeJCk0DZqr3k2rFf8r0g../</encrypted-password>
                        </authentication>
                    </user>
                </login>
                <services>
...
rayka@vSRX> show configuration | display json   
{
    "configuration" : {
        "@" : {
            "junos:commit-seconds" : "1651081620", 
            "junos:commit-localtime" : "2022-04-27 17:47:00 UTC", 
            "junos:commit-user" : "rayka"
        }, 
        "version" : "22.1R1.10", 
        "system" : {
            "host-name" : "vSRX", 
            "root-authentication" : {
                "encrypted-password" : "$6$Mm42nQEW$FBVpHM3HM3jTMOhBsS4pbQ8ZnmhmMsx4cQEz05/z0tIED/lF83D45Y8jvgPiCosReDYg.z/Ww4izkNsvS0KrB1"
            }, 
            "login" : {
                "user" : [
                {
                    "name" : "rayka", 
                    "uid" : 2000, 
                    "class" : "super-user", 
                    "authentication" : {
                        "encrypted-password" : "$6$q3IzG30w$9C9wXWadnG3bhg.GqSJXREB1YqiPWZ/3Y3aVf3.YKSCBN4rxONm5Czpi4JHrQ8OoeJCk0DZqr3k2rFf8r0g../"
                    }
                }
                ]
            }, 
            "services" : {
...

With command “match” or “grep”, we can show only lines matching with specific keyword. This command is also very handy to use in monitoring and troubleshooting.

As example we can use it with “show configuration | display set” command.

like “show configuration | display set | match policies”, show set version of the configuration but only lines matching “policies” keyword.

rayka@vSRX> show configuration | display set | match policies 
set security policies from-zone trust to-zone trust policy default-permit match source-address any
set security policies from-zone trust to-zone trust policy default-permit match destination-address any
set security policies from-zone trust to-zone trust policy default-permit match application any
set security policies from-zone trust to-zone trust policy default-permit then permit
set security policies from-zone trust to-zone untrust policy default-permit match source-address any
set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
set security policies from-zone trust to-zone untrust policy default-permit match application any
set security policies from-zone trust to-zone untrust policy default-permit then permit
set security policies pre-id-default-policy then log session-close

The command parameter “except” is opposite to “match”. It shows only lines not matching specific “keyword”.

For example, “show configuration | display set | except security”, shows only lines not matching “security” keyword.

rayka@vSRX> show configuration | display set | except security   
set version 22.1R1.10
set system host-name vSRX
set system root-authentication encrypted-password "$6$Mm42nQEW$FBVpHM3HM3jTMOhBsS4pbQ8ZnmhmMsx4cQEz05/z0tIED/lF83D45Y8jvgPiCosReDYg.z/Ww4izkNsvS0KrB1"
set system login user rayka uid 2000
set system login user rayka class super-user
set system login user rayka authentication encrypted-password "$6$q3IzG30w$9C9wXWadnG3bhg.GqSJXREB1YqiPWZ/3Y3aVf3.YKSCBN4rxONm5Czpi4JHrQ8OoeJCk0DZqr3k2rFf8r0g../"
set system services ssh root-login allow
set system services telnet
set system services web-management http interface fxp0.0
set system syslog file interactive-commands interactive-commands any
set system syslog file messages any any
set system syslog file messages authorization info
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set interfaces fxp0 unit 0 family inet address 192.168.200.100/24

The command parameter “find”, shows the output but beginning from the line matching specific “keyword”.  

The command, “show configuration | display set | find policies”, shows the configuration beginning from the line matching “policies” keyword.  

rayka@vSRX> show configuration | display set | find policies   
set security policies from-zone trust to-zone trust policy default-permit match source-address any
set security policies from-zone trust to-zone trust policy default-permit match destination-address any
set security policies from-zone trust to-zone trust policy default-permit match application any
set security policies from-zone trust to-zone trust policy default-permit then permit
set security policies from-zone trust to-zone untrust policy default-permit match source-address any
set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
set security policies from-zone trust to-zone untrust policy default-permit match application any
set security policies from-zone trust to-zone untrust policy default-permit then permit
set security policies pre-id-default-policy then log session-close
set security zones security-zone trust tcp-rst
set security zones security-zone untrust screen untrust-screen
set interfaces fxp0 unit 0 family inet address 192.168.200.100/24

The command parameter “last”, shows the last page of the output.  

The command, “show configuration | display set | last”, shows the last page of the configuration. our configuration is only one page.

rayka@vSRX> show configuration | display set | last    
set version 22.1R1.10
set system host-name vSRX
set system root-authentication encrypted-password "$6$Mm42nQEW$FBVpHM3HM3jTMOhBsS4pbQ8ZnmhmMsx4cQEz05/z0tIED/lF83D45Y8jvgPiCosReDYg.z/Ww4izkNsvS0KrB1"
set system login user rayka uid 2000
set system login user rayka class super-user
set system login user rayka authentication encrypted-password "$6$q3IzG30w$9C9wXWadnG3bhg.GqSJXREB1YqiPWZ/3Y3aVf3.YKSCBN4rxONm5Czpi4JHrQ8OoeJCk0DZqr3k2rFf8r0g../"
set system services ssh root-login allow
set system services telnet
set system services web-management http interface fxp0.0
set system syslog file interactive-commands interactive-commands any
set system syslog file messages any any
set system syslog file messages authorization info
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set security log mode stream
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop

The command parameter “compare” is very practical and useful. With it we can compare two versions of configuration.

For example, the command “show configuration | compare rollback 1”, compare the current configuration with the previous version.

rayka@vSRX> show configuration | compare rollback 1    
[edit system]
+  host-name vSRX;

The difference of the current configuration and previous version shows that in the last changes, we have configured the host-name to vSRX.

The command, “show configuration | compare rollback 2” ”, compare the current configuration with two previous version.

rayka@vSRX> show configuration | compare rollback 2    
[edit system]
-  host-name vSRX1;
+  host-name vSRX;

rayka@vSRX> 

The difference of the current configuration and two previous version shows that, we have changed host-name from vSRX1 to vSRX.

The most important usage of  “compare” command parameter is to compare the current configuration with the changes that have not yet been applied.

Usually before committing the new configuration we use “show | compare” command in configuration mode to review the changes.

As example, we change the hostname again. But before committing the changes, you can review the changes with “show | compare” command.

rayka@vSRX# set system host-name vSRX2 

[edit]
rayka@vSRX# show | compare 
[edit system]
-  host-name vSRX;
+  host-name vSRX2;

[edit]
rayka@vSRX# 

And if it is not what you wish, then you can easily discard it with “rollback 0” command. and if it is as your wish, you can just deploy it with “commit” command.

rayka@vSRX# rollback 0 
load complete

[edit]
rayka@vSRX# show | compare 

[edit]
rayka@vSRX# 

And finally with “save” command parameter, for example “show configuration | save config20220430”, you can save the output of show command.

Then you can the list the saved file with “file list” command and also see the content of the file with “file show” command.

rayka@vSRX> show configuration | save config20220430 
Wrote 119 lines of output to 'config20220430'

rayka@vSRX> file list 

/var/home/rayka/:
config20220430

rayka@vSRX> 
rayka@vSRX> file show config20220430 
## Last commit: 2022-04-27 17:47:00 UTC by rayka
version 22.1R1.10;
system {
    host-name vSRX;
    root-authentication {
        encrypted-password "$6$Mm42nQEW$FBVpHM3HM3jTMOhBsS4pbQ8ZnmhmMsx4cQEz05/z0tIED/lF83D45Y8jvgPiCosReDYg.z/Ww4izkNsvS0KrB1"; ## SECRET-DATA
    }
    login {
        user rayka {
            uid 2000;
            class super-user;
            authentication {
                encrypted-password "$6$q3IzG30w$9C9wXWadnG3bhg.GqSJXREB1YqiPWZ/3Y3aVf3.YKSCBN4rxONm5Czpi4JHrQ8OoeJCk0DZqr3k2rFf8r0g../"; ## SECRET-DATA
            }
        }
    }
    services {
        ssh {
......
Back to: Juniper Junos Associate version 22.1R1.10 (JNCIA-Junos) > Junos User Interfaces

Leave a Reply

Your email address will not be published. Required fields are marked *


Post comment