Completing all three courses in the series will help prepare you to pass the related 65-question certification exam, JN0-102.
- Configuration with the CLI
- Using J-Web
- Configuring user accounts
- Configuring logging
- Configuring SNMP and NTP
- Interface monitoring
- Upgrading Junos
Skill Level Intermediate
- [Instructor] Hello and welcome back. In the last section, we looked at the Junos architecture. We understood the differences between the control plane and the forwarding plane and we also talked about traffic processing, we understood the differences between transit traffic and exception traffic. This is section three. In this section, we are going to understand the Junos user interface. And in lecture one of section three, we are going to start by understanding the CLI functionality or in other words, the command line interface functionality.
If you're ready, let's begin. First up, let's start by talking about the ways to access the command line interface. And essentially, there are two ways to access the command line interface. The first one is known as out-of-band and the second one is known as in-band. The first method which is known as out-of-band uses the serial console port of the device to connect. Now this port is dedicated for management purposes.
And I'll show you the device that we are going to be using for the demonstration. The device that you see on the screen right now is exactly what we're going to connect with. I'm having an SRX100 which we are going to use for the demonstration and for the rest of the exercises in this course. Notice carefully, there's a port that has been marked as console. That is the out-of-band console port. Why do we call it out of band? Because it is a port that is dedicated for the management purposes.
You cannot pass your production traffic on that port. The second method which we called as in-band is using the rest of the ports towards the right-hand side. Those are the production ports. We may use those ports as well for managing the device. So we have two methods. Number one is known as out-of-band using the console port and number two is known as in-band using one of the production ports. If you are going to be using a program like hyper terminal or any terminal emulation program, it is gonna ask you for certain settings when you try to connect to a device.
The settings that you need to use is what I've shown you on the screen. Bits per second should be set as 9600. The database should be eight. No parity. One stop bit and the flow control should be set as hardware when you are trying to connect to the device via a serial port. Alright, now let's take a look at how to connect. First up, we're gonna try the first method known as out-of-band and for that I'm gonna take you into my virtual machine. For some reason, I'm having trouble connecting out-of-band with my Mac computer so I am going to use the virtual Windows machine to connect to the console port.
Let's begin. Alright, so I've logged into a virtual Windows device and I'm going to be using this program known as Tera Term. It's a really good program. You may try this on your Windows computers as well. It's a free program that allows you to connect to your devices. Just gonna open that up and you notice down over here, there's a specific option that allows you to connect to the serial port. I'm going to use that and click on okay.
And right now, I've logged in. I can see the prompt when I hit the enter key on my keyboard. There you go. I'm just gonna change the look and feel of the window. There you go. This looks much better. So what I've done right now is I've used a program called Tera Term to connect to the console port of the device. And I can login here as well. My username is root and I'm gonna enter my password.
And that takes me into the device. So this is how you connect via the console port. We'll try the second method as well. We'll just do connect with the telnet or SSH protocol. For that, I'm going to open a terminal program on my Mac computer. Just gonna close this. I open up a terminal program and let's try to SSH. SSH shyan and 192.168.1.1.
And I'm gonna enter my password. And there you go. I've logged in. So these are two different ways in which you can log in. From the console port, which is dedicated for management traffic, or using telnet or SSH on one of the production port numbers. There are two types of users on Junos device. You have the root users and you have the non root users. When you have a brand new Junos device, by default, there's a root account already configured on that device.
So when you boot up a brand new Junos device, you can log in with the username root without any password. But when you make any configuration changes for the first time, you also have to set a password for the root account. On the other hand, you can also create additional user accounts but these are gonna be non root accounts. Now there's a difference when you log in as a root account and when you log in as a non root account. If you log in as a root user, you're automatically gonna be placed into the shell mode of the device while if you log in as a non root account, you're going to be placed in the operational mode and I'll show you what I mean.
Let's go back to the terminal and I'm gonna maximize this. Let me exit out and let's try to do it one more time. I'm gonna say SSH root at 192.168.1.1. So right now I'm logging in as a root account. It's asking me for my password. Alright, I've logged in. You can see at the bottom of my screen I have the console.
Now I want you to notice something. Notice the prompt actually ends with a percentage sign. That is an indication that I've logged into the shell mode. I can navigate to the operational mode from here by invoking the command CLI and that takes me to the operational mode which has the greater than sign at the end of the prompt. Now let's try to log in as a non root account so I'm going to exit out of this, exit one more time, and I'm gonna log in as a non root account.
Alright, I've logged in. Notice the prompt now ends with a greater than sign which means when I logged in as a non root account, I get directly placed into the operational mode. And from here, I can invoke the shell mode as well using the command start shell and that will take me into the shell mode. But there's a difference when you login as a root account and a non root account. Very important. Please remember this. Next, let's talk about the CLI modes.
There are three modes in the command line interface. Number one is the shell mode. Number two is the operational mode. And number three is the configuration mode. The shell mode can be identified with the percentage sign at the end of the prompt which is what we just saw right now and the shell mode is directly available when you login as a root user. The operational mode is available when you login as a non root user. It has a greater than sign at the end of the command prompt. The operational mode is used for operational mode functionalities like taking a look at the configuration, ping, trace rob, rebooting the device, and all that.
Anything that is not to do with configuring the device can be done from the operational mode. We're gonna spend a lot of time in the operational mode so we'll reserve the demonstration for that. Just come back over here. I'll show you a couple of commands that you can do from the operational mode. So for example, I can do ping 192.168.1.50. Woops, the IP address is wrong.
Yeah, so you can do ping from the operational mode. You can also SSH into the operational mode or you can SSH from the operational mode. So these are some of the commands that are supported in the operational mode. The third mode is the configuration mode we'll just use to configure the device and the configuration mode can be identified with the hash or the pound symbol at the end of the command prompt. So from the operational mode, you can hit the command configure to move into the configuration mode.
And you see the prompt now actually ends with a prompt symbol indicating that you're actually in the configuration mode. So remember, we have three modes, shell mode, operational mode, and configuration mode. Configuration mode is to perform configurations. Operational mode is for commands like viewing the configuration or troubleshooting commands. All that is available in the operational mode. And the shell mode is used mainly for accessing the system level files and things like that.
Typically, we'll not be using the shell mode. Okay now let's talk about CLI navigation. I want to talk about three important types over here. Number one is the question mark. Number two is the spacebar completion and number three is tab completion. Let's go back to the terminal. So notice I'm in the configuration mode right now and when I hit the question mark, it shows we all possible completions. It shows me all the commands that I can actually type in here.
Let's try one of the commands, okay. We'll try with set and let's say I don't know what I can write after the set command. I can hit a question mark one more time and it shows me all possible completions. Let's say I'm saying set system and question mark. It now shows me all possible completions at the set system level. So the question mark is a really handy tool, especially when you do not remember the commands, question mark can be very useful.
It is used to view all the possible completions. Next you have the spacebar completion. The spacebar can be used to complete any incomplete command. For example, I am saying set system and let's say I say root. I want to do this one, the root authentication. Instead of typing the entire command, I can just type in a few letters and I can hit the spacebar and that is going to complete the command for me. It's really hand and a very quick way to do things.
For example, let's just say I'm typing in the letter R and then I hit a spacebar. It would actually show me all possible completions because it says R is ambiguous. We have three different commands that start with the letter R so it says after R, there are three possible completions. You have to type in enough characters to uniquely identify the command. If I try RAD and I hit the spacebar, it stops at radius and then there are two options.
Options and server so it waits for you to give a unique completion. I'm gonna say S and I hit the spacebar and now it completes the command for me. And the third one that we talked about is tab completion. Now tab is also used to complete your incomplete commands. However, there is a difference between spacebar completion and tab completion. What's the difference? Let's take a look at it. I'm gonna go back to my terminal and I'm going to erase this command.
I'm gonna say set security zones, security zone, and I know I've configured a security zone known as trust. Before I started this lecture, I did a little bit of configuration. Right now, you do not have to worry about remembering these commands. We are going to discuss all these commands in detail in the lecture dedicated for that. Right now, I'm just trying to show you the difference between spacebar and tab completion. I already know there's a zone configured as trust so I want to type in TR and when I hit the spacebar, notice what? It does not complete that for me even though I have a zone called as trust.
Now, I'm gonna go back and I'm gonna hit the tab key and you have to believe me that I'm hitting the tab key. I know you cannot see it but you have to believe me. I'm going to hit the tab key now and notice it completes that for me. Did you notice the difference? The spacebar does not complete it. However, the tab completes it. Why do we see this difference? Because the spacebar can only complete system-defined commands. User-defined variables can only be completed using the tab key.
The word trust is the name of the zone that I have configured. It's a user-defined variable so for that, I need to use the tab key. The spacebar would not complete it. So I hope you get the difference. Spacebar completes all the commands except user-defined variables. The tab completes everything including the user-defined variables. Now personally, I never use the spacebar. I always use the tab because it's comfortable where the key is placed on the keyboard, your hand automatically reaches out to the tab key.
Alright, now let's talk about some keyboard shortcut sequences and these can be very handy, especially when you are writing long configuration commands. It can really help you move back and forth in the command line. The first one is control plus A. It allows you to move to the beginning of the command. The next one is control plus E which allows you to move to the end of the command and let's take a look at it. Let's go back to the terminal. Now I'm gonna do control plus A.
Control plus A and you notice the prompt actually moved to the beginning of the command. Now I'm gonna do control plus E and you'll notice the prompt moves to the end of the command. So this is really interesting. Control plus A is to the beginning of the command. Control plus E is to the end of the command. Now there's two more. Control plus W erases the word on the left while control plus U erases the entire line.
Let's try that. I'm gonna try control plus W and you notice it takes off the word on the left. Let's try one more time. It again takes off the word on the left. So control plus W is to remove the entire word on the left. Let's try control plus U. And that takes off the entire line. So these are some interesting shortcut sequences that you may want to remember. It can help you play around and quickly configure on the command line.
If you are already from a Unix background, probably you already know these shortcut sequences. Alright now let's talk about some help commands. There are three important help commands and all of them are really useful. They are very helpful. In my opinion, the help commands is one of those things that significantly differentiates Junos from other benders. These commands are so useful, especially when you are starting out with a Junos device. You know, you don't remember the commands very well.
The help commands can really be a savior and let's take a look at them. Let's go back to the terminal. I'm gonna exit out of the configuration mode. So right now, I'm in the operational mode. And probably, I may just want to resize the terminal window. This looks better. Okay, let's try the help command. And I'm gonna hit a question mark. There are different items but we are going to focus on apropos, reference, and topic.
Let's try help topic and I'm gonna hit a question mark to see what comes up. It gives you all possible completions which means if you are not aware of any specific completion or any specific topic, you can type in that. So I'm gonna say help topic system host name. I want to understand what this command can do for me. So I'm gonna say help topic host name, enter. So it says this is useful in configuring the host name of the router or the switch and it also tells you the IR key and which you need to be typing in the command the IR key and the actual command that you should be typing in.
It gives you some more information like it should be less that 256 characters and then it also shows you some related topics. Right? So help topic is a useful command when you want to know about a specific topic. Let's try the next one which is help reference. So I'm gonna say help reference and let's hit a question mark first. It has the same possible completions. Let's give it a try.
So I'm gonna say help reference system host name, enter. And this time, I have some more information. First of all, it gives me the syntax. It tells me what hierarchy I should be configuring that command under. It gives you some really useful information and this is interesting. It tells you when was the command first released. It tells you some description, some options, the required privilege level, and so on.
So the help reference command gives us some more information than what the help topic gives us. Let's try the last one which is help apropos. So I'm gonna say help apropos. Let's try a question mark first and it says you have to give the topic name. So let's call it host name, enter. So it gives you all possible commands which can give you more information about host name.
So these are the three different help commands that you may want to remember. Help topic is useful when you want to know about a specific topic. It gives you brief information. Help reference gives you some more information compared to what help topic gives you. And help apropos gives you all possible commands that can give you more information on that topic. Okay so we've discussed the help commands and that's all the topics that I wanted to cover with you in this lecture.
That's all for this lecture. Please let me know if you have any questions. If not, I'd like to thank you for watching and I'll catch you in the next lecture. Thank you.