CLI functionality - Junos Tutorial

- [Instructor] Let's start by talking about the Junos CLI Functionality. There's a couple of ways by which you can access the Junos CLI. The first method is called out-of-band, and this uses the serial console port or a dedicated management port to connect with the device. A connection like this does not use the traffic port, which is why we call it as an out-of-band connection. The second way to connect to a Junos device is by using an in-band connection, where you'll connect on one of the traffic ports. To do this, you will need to configure Telnet or SSH on the Junos device. You could also connect on the traffic port by using HTTP or HTTPS. On the screen now, I have an SRX100 device. Notice here, we have a port which has been marked as the console port. This is the serial console port. This is usually used when you're configuring the device for the first time. Because the device does not have any configuration in place, you will not be able to connect on the traffic ports. So you'll connect to the SRX device for the first time using the console port. The console port is also used in circumstances where you want to reset the device or you want to upgrade the device or you want to reset the root password of the device. In any of these special circumstances, you would connect to the device using the console port. Connecting via the console port requires access to the device, meaning physical access to the device. It is possible to set up remote access on the console port, but it requires additional configuration and setup. On the other hand, if you connect on any one of these ports which are marked as zero zero, zero one, and so on, these are your traffic ports, the connection is an in-band connection because you're connecting on one of the traffic ports. Make a note that this device does not have a dedicated management port, so you would connect on any one of these ports. Now, let's take a look at another model of SRX. This is SRX1500, and you can see here, these ports that you see, these are the traffic ports. You will notice there's a console port, and it also has a dedicated management port. So you would use this port for managing the device, while these ports are your traffic ports. When you want to connect to your device using the serial console port, you will need a terminal emulation program such as Tera Term or PuTTY. When you're using any one of these programs to connect to your device, make sure you've got this configuration correct. The bits per second should be set as 9,600, data bits should be eight, no parity, one stop bit, and the flow control should be set as hardware. Now, let's understand the difference between logging in as a root user versus a non root user. When you make a connection to your Junos device, you can use the root username, or you could use a non root username. Let's talk about the differences. When you have a brand new Junos device, by default, it will have an account for the user, root. The root account provides full administrative access to the device and is referred to as the superuser. On a new device, the root account has no password. This is very important to keep in mind, especially from the examination perspective. On a brand new SRX device, the default username is going to be root, and by default, it does not have a password. The root account cannot be deleted. When you login as a root user, you will be automatically placed into what is known as the shell mode of the device. Now let's talk about non root users. By default, non root users do not exist. You will need to configure these. By default, they do not have any permissions. Instead, you have to assign permissions to them before they can perform any operations on the Junos device. When you login as a non root user, you will be placed into the operational mode of the device. And non root users can be deleted. Junos recommends that, in addition to the root user, you also create at least one other local user. This user account can be used for common administrative tasks like managing the device and configuring the device. Now, let's get to the Junos terminal and see the difference between logging in as a root user versus a non root user. For this demonstration, I'm going to be using an online lab. This lab provides me access to one Juniper SRX firewall. I've already started the lab, and here I have my login credentials. I'll first connect to the terminal with the terminal username and password. And from here, I'll connect to the SRX device. The command is SSH username, which is root at the IP address, and then the password. Notice that right now we are logging in as a root user, and as you can see here, I've been directly put into the shell mode, and the way I can identify that is with the percentage sign. When your prompt ends with a percentage sign, you are in the shell mode. From here, you can perform shell mode commands like file system commands, so when you login as a root user, you are directly placed in the shell mode. From here, we can go to the operational mode by using the command CLI, but when you login for the first time, you are put into the shell mode. Now, let's try to log in as a non root user. I've already configured a non root user on this device. So let's try to login. SSH username at the IP address, and I'll provide the password for that user, and now I'm logged in, and you can see that this time, I have a different prompt. The prompt here ends with a greater than symbol. That means you are in the operational mode. So when you login as a root user, by default, you enter the shell mode versus when you login as a non root user, you are automatically placed into the operational mode. From here, we can invoke the shell mode by using the command start shell. We can press enter here, or we can provide the username that we want to use to enter the shell mode. So let's do start shell user root, for example, and I'll need to provide the root password. That's the root password, and we can see that we've started the shell mode from here. It's not necessary to provide a username. We could also do start shell, and that will also take us into the shell mode. You can see the percentage sign here. The key takeaway here is that, when you log in as a root user, you are placed into the shell mode, versus when you login as a non root user, you're placed into the operational mode. Back over here, let's talk about the key features of the CLI. The first interesting feature is consistent command names. Since Junos uses the same base operating system across its entire device portfolio, you will notice a consistent command structure and syntax across all of its devices. Commands like set, show, and delete have the same syntax and the same structure across all of its devices. The second key feature is the usage of question mark for completion. The question mark feature makes configuring the Junos device very easy. As you're typing the command into the command line interface, if you're not sure what the next word should be, you can simply type in question mark. Junos will show you a list of all possible completions for that command. The third key feature is tab and space bar completion. As you're typing in your commands, you can simply press tab or the space bar key, and Junos will complete that command for you. And finally, we have UNIX style utilities and keyboard sequences. Since Junos is based on free BSD UNIX, you will notice a lot of features are same as that of a UNIX or a Linux machine. For example, support for regular expressions, output filtering, and keyboard shortcut sequences are exactly the same as you would see on a UNIX or a Linux machine. If you're new to the Junos command line interface, I promise you, you'll have a wonderful experience with the Junos operating system. In the past, if you've used devices from other vendors, it may take you a little while to get used to the Junos style, but once you get used to it, you'll agree with me that it's a wonderful tool.