Juniper CLI Modes and Hierarchies
The Juniper CLI architecture is indeed really nicely done. No wonder it is the primary method of managing and configuring the Juniper devices. If you are coming from a Cisco background which most of start with then this way of doing things is indeed new, but just spend a few hours and get a GNS3 lab going and it will grow on you in no time.
Here's the architecture at a glance.
Of course this is not what you see when you login into a new JunOS device.
What we see there is the different modes a user can get into and a hierarchical division in which the configuration can be performed.
The two modes are:
This is NOT really a mode and hence I want to get it out of the way quickly.
Since the Juniper kernel is based on FreeBSD, this is the root shell aka the c shell. On a new device, which only has the root user with no password, this is the prompt (shown by the %) the root user is dropped too.
Of course it's never recommended t o use this account for anything but the initial setup.
This mode provides only means to monitoring, troubleshooting and displaying the current status of the device with show commands.
On a new device the root user must use the "cli" command to jump to the operator mode from the c shell. And immediately create admin accounts for the future device configuration.
Any custom user accounts created fall straight to the operator mode prompt which is show my the '>' prompt.
This is the mode where an admin would live and breathe. All configuration and changes to the system are done here. As show below, you must use the "configure" or the "edit" command to jump to this mode. Hence for some admins this is also the "edit mode".
The above figure is a good reference here. Here are some config examples using the edit command and the same config without it.
Here we are setting the host-name for the SRX from the config mode using the set command.
Let's look at one more example with interfaces. This is using the set command in the global hierarchy.
Here's the architecture at a glance.
Of course this is not what you see when you login into a new JunOS device.
What we see there is the different modes a user can get into and a hierarchical division in which the configuration can be performed.
The two modes are:
- The operator mode
- The configuration mode
Unix Shell
This is NOT really a mode and hence I want to get it out of the way quickly.
Since the Juniper kernel is based on FreeBSD, this is the root shell aka the c shell. On a new device, which only has the root user with no password, this is the prompt (shown by the %) the root user is dropped too.
Of course it's never recommended t o use this account for anything but the initial setup.
login as: root
Using keyboard-interactive authentication.
--- JUNOS 12.1X47-D15.4 built 2014-11-12 02:13:59 UTC
root@SRX1%
The Operator Mode
This mode provides only means to monitoring, troubleshooting and displaying the current status of the device with show commands.
On a new device the root user must use the "cli" command to jump to the operator mode from the c shell. And immediately create admin accounts for the future device configuration.
Any custom user accounts created fall straight to the operator mode prompt which is show my the '>' prompt.
login as: admin
Using keyboard-interactive authentication.
Password:
--- JUNOS 12.1X47-D15.4 built 2014-11-12 02:13:59 UTC
admin@SRX1>
The Configuration Mode
This is the mode where an admin would live and breathe. All configuration and changes to the system are done here. As show below, you must use the "configure" or the "edit" command to jump to this mode. Hence for some admins this is also the "edit mode".
login as: adminThe edit command is also a amazing feature which sets JunOS CLI apart from other CLIs. It can be used as an "cd" command (as in windows cmd) to jump across and into the various configuration hierarchies. This really brings the CLI to life giving you a complete view of where and what is to be configured.
Using keyboard-interactive authentication.
Password:
--- JUNOS 12.1X47-D15.4 built 2014-11-12 02:13:59 UTC
admin@SRX1> configure
Entering configuration mode
[edit]
admin@SRX1#
The above figure is a good reference here. Here are some config examples using the edit command and the same config without it.
Here we are setting the host-name for the SRX from the config mode using the set command.
admin@SRX1> configureWe can do the same thing using edit to go under the system hierarchy
Entering configuration mode
admin@SRX1# set system host-name ?
Possible completions:
<host-name> Hostname for this router
[edit]
admin@SRX1# set system host-name SRX2 #press enter to set the name to SRX2
[edit] #this shows us our current level in the hierarchy which is globalAnd when you do a show command here, it only shows you the config under that hierarchy which makes troubleshooting extremely smooth and easy!
admin@SRX1# edit system
#and here we are under the system hierarchy and only have access to those commands
[edit system]
admin@SRX1# set host-name SRX2
[edit system]Similarly we can go into different levels of the hierarchy and configure just those parameters.
admin@SRX1# show
host-name SRX1;
root-authentication {
encrypted-password "$1$mEHemrS1$PZOVox.e6.YpxXFLiWZmA."; ## SECRET-DATA
}
login {
user admin {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$G28me91/$HfoIQrKZBBAMJM3hFfBNE."; ## SECRET-DATA
}
}
}
services {
ssh;
telnet;
web-management {
http {
interface ge-0/0/0.0;
}
https {
system-generated-certificate;
}
}
Let's look at one more example with interfaces. This is using the set command in the global hierarchy.
[edit] #just edit means the global hierarchyAnd the same thing can be done with the edit command. Then you do the show command and see the settings just under that interface.
admin@SRX1# set interfaces ge-0/0/0 unit 0 family inet address 192.168.2.1/24
admin@SRX1# edit interfaces ge-0/0/0Juniper provides a nice document for further reference on the CLI.
[edit interfaces ge-0/0/0] #the interfaces hierarchy
admin@SRX1# show
unit 0 {
family inet {
address 192.168.2.1/24;
}
}
Tags:
Juniper
0 comments