Mondoo
Docs
Network

Query Juniper Junos OS Devices

Query Juniper Networks devices running Junos OS with cnquery

Rely on cnquery to query configuration and operational data from Juniper Networks devices running Junos OS. Discover system information, interfaces, security policies, routing state, and more across your Juniper infrastructure.

Requirements

To analyze and explore your Junos OS devices with cnquery, you must have:

  • cnquery installed on your workstation.
  • Network access to the Junos device management interface (NETCONF over SSH).
  • Valid credentials (username/password or SSH key) for authentication.
API setup instructions

Enable NETCONF over SSH

If NETCONF is not yet enabled, SSH to the device and configure it. For DEVICE_IP, substitute the IP address of the device:

ssh admin@DEVICE_IP

Then enable the NETCONF service:

> configure
# set system services netconf ssh
# commit

Connect to a Junos OS device

To connect to a Juniper device using password authentication:

cnquery shell junos --hostname DEVICE_IP --username admin --ask-pass

To provide the password directly:

cnquery shell junos --hostname DEVICE_IP --username admin --password 'your-password'

To connect using an SSH key:

cnquery shell junos --hostname DEVICE_IP --username admin --identity-file ~/.ssh/id_rsa

Connection options

OptionDescription
--hostnameHostname or IP address of the Junos device
--username, -uUsername for authentication (default: "admin")
--password, -pPassword for authentication
--ask-passPrompt for the password
--identity-file, -iPath to SSH private key
--portNETCONF SSH port (default: 830)

Example queries

Once connected to a Junos OS device, you can query device configuration and state.

This query retrieves system information:

cnquery> junos.system { hostname model version serialNumber }
junos.system: {
  hostname: "vsrx1"
  model: "VSRX"
  version: "22.4R1.10"
  serialNumber: "ABC1234567"
}

This query lists interfaces and their status:

cnquery> junos.interfaces { name adminStatus operStatus speed }
junos.interfaces: [
  0: {
    name: "ge-0/0/0"
    adminStatus: "up"
    operStatus: "up"
    speed: "1000mbps"
  }
  ...
]

This query retrieves security zones:

cnquery> junos.securityZones { name interfaces }
junos.securityZones: [
  0: {
    name: "trust"
    interfaces: ["ge-0/0/0.0"]
  }
  1: {
    name: "untrust"
    interfaces: ["ge-0/0/1.0"]
  }
]

This query checks SSH configuration:

cnquery> junos.sshConfig { rootLogin ciphers macs }
junos.sshConfig: {
  rootLogin: "deny"
  ciphers: ["aes256-ctr", "aes128-ctr"]
  macs: ["hmac-sha2-256", "hmac-sha2-512"]
}

This query lists BGP neighbor sessions:

cnquery> junos.bgpNeighbors { peerAddress peerAs state }
junos.bgpNeighbors: [
  0: {
    peerAddress: "10.0.0.1"
    peerAs: 65001
    state: "Established"
  }
  ...
]

Exit the cnquery shell

To exit the cnquery shell, either press Ctrl + D or type exit.

Learn more

IPMI

Query IPMI interfaces with cnquery

Nmap

Query network information using Nmap with cnquery

On this page

RequirementsEnable NETCONF over SSHConnect to a Junos OS deviceConnection optionsExample queriesExit the cnquery shellLearn more