The JNCIA-Junos (JN0-105) is Juniper Networks' associate-level certification for the Junos operating system — the OS powering Juniper's routers (MX series), switches (EX and QFX series), and security platforms (SRX series). If your organisation runs Juniper equipment, JNCIA-Junos is the foundation. Junos is known for its clean CLI, consistent behaviour across platforms, and commitment to open standards — once you understand Junos, it works the same on every Juniper device.
Practice this topic
Junos is built on FreeBSD and separates the control plane (Routing Engine — RE) from the forwarding plane (Packet Forwarding Engine — PFE). This separation means a CLI crash or software issue does not interrupt packet forwarding — a key reliability advantage. RE runs the routing protocols, management plane, and produces the forwarding table (FIB) that is pushed to the PFE. CLI modes: Operational mode (prompt ends with >) — show and diagnose commands, monitor traffic; Configuration mode (prompt ends with #) — edit the candidate configuration. Enter with 'configure' or 'configure exclusive' (prevent others from editing simultaneously). The candidate configuration: Junos uses a two-stage commit model — you edit the candidate configuration (staging area), then commit to apply to the active configuration. Rollback: Junos automatically saves the last 50 committed configurations — rollback 1 reverts to the previous commit. This is a safety net that Cisco IOS does not have. Key operational commands: show interfaces, show route, show bgp summary, show ospf neighbor, show chassis hardware, request system reboot.
Junos configurations are hierarchical — organised into stanzas with brackets. The root stanza contains: system (hostname, login, NTP, syslog), interfaces (all physical and logical interface config), routing-options (static routes, router-id, autonomous-system), protocols (OSPF, BGP, IS-IS, MPLS), policy-options (routing policies and community definitions), firewall (stateless packet filters). Interface configuration: set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/24 — ge-0/0/0 is the physical interface, unit 0 is the logical unit (analogous to Cisco's subinterface), family inet is IPv4, family inet6 is IPv6. Routing policy: Junos uses a match-then action model — policy terms match routes based on prefix, community, AS path, or other attributes, then apply actions (accept, reject, modify attributes). Export policies control what routes are advertised; import policies control what routes are accepted. Default routing policy: OSPF and IS-IS accept all routes learned by default; BGP rejects all routes by default (must have an explicit export policy to advertise routes in BGP).
Junos supports OSPF, IS-IS, BGP, and RIP. OSPF configuration in Junos: set protocols ospf area 0 interface ge-0/0/0.0 — interfaces are added to OSPF areas explicitly. OSPF passive interface: set protocols ospf area 0 interface lo0.0 passive — announces the loopback but does not form adjacency. Verify: show ospf neighbor (adjacency states), show ospf database (LSDB). BGP: set protocols bgp group external type external neighbor 10.0.0.1 peer-as 65001 — group model groups peers with common attributes (type, local-as, export/import policies). BGP groups reduce configuration repetition for large numbers of peers. Route redistribution: export policy at the protocol level — create a policy that matches connected routes or static routes, then apply as export policy to OSPF or BGP. Static routes: set routing-options static route 0.0.0.0/0 next-hop 10.0.0.1 — qualified next-hop allows floating static routes (different preferences). Junos preference (administrative distance): direct 0, OSPF internal 10, IS-IS L1 15, IS-IS L2 18, OSPF external 150, BGP 170.
Security basics for JNCIA level. Firewall filters (stateless access control lists in Junos — applied to interfaces, not policies like SRX security policies). Filter structure: term > from (match conditions: source-address, destination-address, protocol, destination-port) > then (action: accept, reject, discard, count, log). Apply to interface as input (traffic coming in) or output (traffic leaving). Prefix lists and route filters in routing policies. Junos SRX security zones: the SRX series uses a zone-based security model — interfaces are assigned to security zones (trust, untrust, DMZ), security policies control traffic between zones. Default zone-to-zone policy is implicit deny. High availability: Juniper Virtual Chassis (EX switches — stack up to 10 switches as one logical device, single management plane, split-plane redundancy), Juniper Virtual Chassis Fabric (VCF — spine-leaf topology for data centres). Chassis Cluster (SRX — active/passive or active/active HA for firewalls, synchronised sessions, configuration, and routes through dedicated HA link and fabric link).
Junos CLI is like Cisco IOS with different commands
Junos and IOS have fundamentally different architectures. Junos uses a hierarchical configuration with a candidate/commit model, separation of RE and PFE, consistent syntax across all platform types, and a rollback feature. The underlying concepts differ, not just the syntax.
Committing configuration in Junos applies changes immediately without risk
Junos commit replaces the active configuration — test changes with 'commit confirmed N' which automatically rolls back after N minutes unless confirmed. Use 'commit check' first to validate syntax without applying.
Junos routing policies are like access control lists
Routing policies in Junos control which routes are accepted or advertised and how their attributes are modified. Firewall filters are Junos's equivalent of ACLs for packet filtering. They are separate constructs with different syntax and application points.
Try free Juniper JNCIA-Junos practice questions with explanations, topic links and progress tracking.