Go Configure!

Upgrade JunOS – A Step-by-Step Guide

6 min read

Unless there is a security vulnerability that needs to be patched or a new feature that we’d like to make use of, the software on our devices is rarely given too much thought. Let’s face it, upgrading a perfectly functioning business critical device for the sake of it is usually time that could be better spent and frankly, it’s asking for trouble.

However, when the time does come to upgrade, the process has more than likely been squeezed out of your cerebral trapdoor to make room for more frequently accessed information. So here’s a step-by-step guide to help you upgrade JunOS without racking your brain.

Proper preparation…

We need to make sure we have all the tools of the trade ready to go like a hypothetical TV chef throwing together a 15-minute meal, let’s call our imaginary TV chef Jamie. 

  1. Research the software we wish to use, and obtain it. This is typically a .tgz file that begins with the “jinstall…” prefix.

Any company worth its salt will have a service contract with Juniper where this process is as easy as logging in to their portal with your company account, and downloading the software. If you cannot find the software you want, raise a ticket with support for assistance.

Setting up the connection

If your device is in production already then you can safely ignore this section on how to set up your device for basic network connectivity. Please do ensure that you take a configuration backup for good measure, even though the upgrade process should retain it, its better to be safe than sorry! Go to step 5 – Enabling remote access services.

Now those lot have gone, we’re here because our router is brand new with no configuration.

  1. Connect to your device via console. 
  2. Set up an IP on the management interface (fxp0) and a route, so that it is reachable from the network. Below is an example, IP addresses will be different for you.

The below configuration does the following:
Sets the management IP to, configures a static route for the subnet, pointing to my next hop of
It also sets the static route to persist in the routing table, tells it not be advertised into any other routing protocols.

set interfaces fxp0 unit 0 family inet address
set routing-options static route next-hop
set routing-options static route retain
set routing-options static route no-readvertise

Create a user

  1. If you haven’t already created a login, now is the time to do so.

We will create a user called “Jamie” assign him to the “super-user” group and set a password.

set system login user jamie
set system login user jamie class super-user
set system login user jamie authentication plain-text-password

After hitting enter on the final command you’ll be prompted for your new password, and then be asked to retype to confirm.

Enabling remote access services

Now we have a user, we need to be able to log in.

There are two methods that can be used to access the device; telnet and SSH. Telnet is not a secure protocol, so it should only be used where there is no other option.

First lets specify a hostname and domain name, these parameters are used when generating SSH cryptographic keys. It is not required to have an actual domain set up, this can be an made-up value.

  1. Set the hostname.

set system host-name RouterA

  1. Set the domain name.

set system domain-name fakedomain.uttercrap.net

  1. Enable SSH

set system services ssh
set system services ssh protocol-version v2 connection-limit 10 rate-limit 5

If you receive error: “Cannot find sshd daemon” This means that a non-cryptographic version of JunOS is currently installed.

A “domestic” version of the software is required to use SSH.
We can instead use telnet and FTP to upgrade JunOS by enabling with the following commands:

set system services telnet
set system services ftp

  1. Test remote connectivity.

Attempt to SSH/Telnet to the device using putty. If you are unable to do so, troubleshoot these connectivity issues before proceeding.

Download file transfer software

To get the software across to the router we need file transfer software.

This will vary depending on the method you configured to connect in step 7:

For those that used SSH – download WinSCP and install on your computer.

If you got the error in Step 7 and had to use Telnet then download and install FileZilla.

Transfer window

  1. Inside WinSCP or FileZilla, connect to your device on its management IP.

Connect to your device using the IP address you set in step 3. If your device already had a management IP pre-configured, then use that to connect instead. You will need to use the login created in step 4, or another user account with super-user admin rights.

  1. Navigate to the /var/tmp/ directory and copy the .tgz file over.

Inside WinSCP or FileZilla, in the right hand pane – navigate to /var/tmp/ and copy the software over by dragging the file from the left window to the right window. Wait until the file transfer is complete before moving on.

Upgrade JunOS

It has finally come to the point where we can actually install the software on the device. Your configuration should be retained throughout the process.

  1. Go back to SSH or telnet session and run the following command to upgrade:

request system software add /var/tmp/yourFileNameHere.tgz

The upgrade process takes around 10 minutes and then you will be reverted back to the command prompt.

  1. Reboot the device for changes to take effect.

Use the following command to reboot, it can take 10-15 minutes before becoming available again.

request system reboot


Now the upgrade is complete, we need to make sure that the change had the desired effect.

  1. Verify the upgrade succeeded by checking the version with the command:

show version

The new version number will be displayed, check that this is the correct new version that you installed.

In summary

This 13-step guide showed you how to prepare for, install and verify the upgrade JunOS, the Juniper operating system.

Whether this is the first time upgrading the JunOS software, or whether you forget the easily forgettable, I hope this helped.