Junos Configuration Basics

When you get a Junos device straight out the box it is in it’s factory default configuration. Different devices have different default configurations.
Some setup is consistent across all devices such as syslog settings, no root password configured and no Telnet/SSH access.

Default Config:

MX series (Routers) – nothing is set and it will need to be configured.

EX series (Switches) – There is a default untagged vlan, RSTP (spanning tree) is enabled and IG-MP snooping is enabled. Could be used out the box as an unmanaged device.

SRX (Firewall) – Out the box devices are divided into zones, some trusted some not (specifically ge-0/0/0). Again an untagged vlan.

Login and initial configuration:

When you first connect to an end device you will do so with a console connection, and when set up correctly you’ll be greeted with a login option. Hostname will be Amnesiac.

You start by logging in (root) and if it’s factory reset there will be no password set. Once signed in you will enter the shell environment. (Not the juniper environment, it’s linux terminal)
You enter the Juniper CLI environment from the shell with the command cli .

Enter configure to enter config mode and you’re ready to go.

Set root password: set system root-authentication plain-text-password
Then enter your new password in (for the sake of this password123).
From here you can confirm it’s in the config by running: show system root-authentication and it should be displayed (or at least the hash of it should be).

Password set and hash displayed on VM

Setting System Services:

From the configuration mode you can set system services that you want to enable, as there will be very few enabled by default on a fresh Junos install.

List of system services that can be configured on MX Device

Actually activating most of the services just requires them to be called, so for SSH it would be set system services ssh.

SSH being enabled on MX Device

There are lots of other settings that can be configured that aren’t under the services umbrella, for example timezone (set system time-zone Europe/London)

Timezone being set to London

If you want to view all the config currently set on a Juniper device, from the configuration CLI you can enter show system and it’ll list all the setup for the configuration you’re editing:

Partial output from show system command (configuration from Juniper Labs)

If you change your mind while editing your candidate configuration, you can roll back your configuration to the current active config with the rollback 0 command and that will throw away any changes you’ve made.

Resetting a device to factory settings:

There is something of a nuclear option: request system zeroize which will erase all local data, config and logs. This doesn’t just set you back to factory default it absolutely nukes it.

A gentler option is to enter config mode with the config command, run the command load factory-default, which pulls the default config for the device. Assuming you have a root user configured you will then be able to run the commit command.

User Authentication: TBC