23. CLI Functionality
Let’s start by talking about the Junos alive functionality.
There’s a couple of ways by which you can access the Junos CLI. The first method is called out-of-band, and this uses the serial console port or a dedicated management port to connect with the device. A connection like this does not use the traffic port, which is why we call it as an out-of-band connection.
The second way to connect to a Junos device is by using an in-band connection where you will connect on one of the traffic ports. To do this, you will need to configure Telnet or SSH on the Junos device.
You could also connect on the traffic port by using a HTTP or HTTPS.
On the screen now, I have an SRX100 device notice here. We have a port which has been marked as the console port. This is the serial console port. This is usually used when you’re configuring the device for the first time. Because the device does not have any configuration in place, you will not be able to connect on the traffic ports. So, you will connect to the SRX device for the first time using the console port.
The console port is also used in circumstances where you want to reset the device or you want to upgrade the device, or you want to reset the root password of the device. In any of these special circumstances, you would connect to the device using the console port. Connecting via the console port requires access to the device, meaning physical access to the device. It is possible to setup remote access on the console port, but it requires additional configuration and setup.
On the other hand, if you connect on any one of these ports, which are marked as 00, 01 and so on, these are your traffic ports, the connection is an in-band connection because you’re connecting on one of the traffic ports.
Make a note that this device does not have a dedicated management port. So, you would connect on any one of these ports.
Now let’s take a look at another model of SRX. This is SRX1500. And you can see here these ports, that you see, these are the traffic ports. You’ll notice there’s a console port and it also has a dedicated management port. So, you would use this port for managing the device while these ports are your traffic ports.
When you want to connect to your device using the zero console port, you will need a terminal emulation program, such as TeraTerm or PuTTY. When you’re using any one of these programs to connect to your device, make sure you’ve got this configuration correct. The bits per second should be set as 9600, data bits should be 8. No parity. One stop bit. And the flow control should be set as hardware.
Now, let’s understand the difference between logging in as a root user versus a non-root user. When you make a connection to your Junos device, you can use the root user name or you could use a non-root user name. Let’s talk about the differences.
When you have a brand new Junos device, by default, it will have an account for the user root. The root account provides full administrative access to the device and is referred to as the superuser on a new device. The root account has no password. This is very important to keep in mind, especially from the examination perspective, on a brand new SRX device, the default user name is going to be root and by default it does not have a password. The root account cannot be deleted when you log in as a root user. You will be automatically placed into what is known as the shell mode of the device.
Now, let’s talk about non-root users. By default, non-root users do not exist, you will need to configure these. By default, they do not have any permissions. Instead, you have to assign permissions to them before they can perform any operations on the Junos device. When you log in as a non-root user, you will be placed into the operational mode of the device. And non-root users can be deleted.
Junos recommends that in addition to the root user, you also create at least one other local user. This user account can be used for common administrative tasks like managing the device and configuring the device.
Now let’s get to the Junos terminal and see the difference between logging in as a root user versus a non-root user. For this demonstration, I’m going to be using an online lab. This lab provides me access to one Juniper SRX firewall. I’ve already started the lab and here I have my log in credentials.
I’ll first connect to the terminal with the terminal user name and password. And from here, I’ll connect to the SRX device. The command is ssh username, which is root at the IP address. And then the password. Notice that right now we are logging in as a root user, and as you can see here, I’ve been directly put into the shell mode. And the way I can identify that is with the percentage sign. When your prompt ends with a percentage sign, you’re in the shell mode. From here, you can perform shell mode commands, like file system commands. So, when you log in as a root user, you are directly placed in the shell mode. From here we can go to the operational mode by using the command cli. But when you log in for the first time, you are put into the shell mode.
Now let’s try to log in as a non-root user. I’ve already configured a non-root user on this device, so let’s try to log in as a user name at the IP address. And I’ll provide the password for that user. And now I’m logged in and you can see that this time I have a different prompt. The prompt here ends with a greater than symbol. That means you are in the operational mode. So, when you log in as a root user by default, you enter the shell mode versus when you log in as a non-root user, you’re automatically placed into the operational mode. From here, we can invoke the shell mode by using the command start shell. We can press enter here or we can provide the user name that we want to use to enter the shell board. So let’s do start shell user route, for example. And I’ll need to provide the root password. That’s the root password. And we can see that we’ve started to shell mode from here.
It’s not necessary to provide a user name. We could also do start shell, and that will also take us into the shell mode. You can see the percent sign here. The key takeaway here is that when you log in as a root user, you are placed into the shell mode versus when you log in as a non-root user, you’re placed into the operational mode.
Back over here. Let’s talk about the key features of the CLI.
The first interesting feature is consistent command names, since Junos uses the same base operating system across its entire device portfolio. You will notice a consistent command structure and syntax across all of its devices. Commands like set, show and delete have the same syntax and the same structure across all of its devices.
The second key feature is the use of question mark for completion. The question mark feature makes configuring the Junos device very easy. As you are typing the command into the command line interface, if you’re not sure what the next word should be, you can simply type in question mark. Junos will show you a list of all possible completions for that command.
The third key feature is tab and space bar completion. As you’re typing in your commands, you can simply press tab or the space bar key, and Junos will complete that command for you.
And finally, we have UNIX style utilities and keyboard sequences. Since Junos is based on FreeBSD Unix, you will notice a lot of features are same as that of a UNIX or a Linux machine. For example, support for regular expressions, output filtering and keyboard shortcut sequences are exactly the same as you would see on a UNIX or a Linux machine.
If you’re new to the Junos command line interface, I promise you will have a wonderful experience with the Junos operating system. In the past, if you’ve used devices from other vendors, it may take you a little while to get used to the Juno style, but once you get used to it, you’ll agree with me that it’s a wonderful tool.
24. CLI Modes
Let’s talk about the different CLI modes available on a Junos device. There are three CLI modes that can be used.
The first one is called shell mode. On the shell mode, the prompt ends with a percentage sign. This mode is directly available when you log in as a root user. And non-root users can use the command start shell from the operational mode to reach the shell mode.
The second mode is called as the operational mode. And this can be identified with a greater than symbol at the end of the prompt.
The third mode is called as the configuration mode. And this can be identified with a pound symbol at the end of the prompt.
Let’s take a look at this from the command line interface. All right, I’m here at the terminal of a Junos device. I’ve logged in as a root user and I’m directly placed into the shell mode, which can be identified with the percentage sign here. The shell mode is used for file system commands. So, for example, if I want to view the available files, I can do ls and here I can see all the files. And I can use UNIX commands or Linux commands to play with the files.
So, for example, let’s say I want to view the contents of this file. I can use the cat command and the file name. And that will show me the contents of that file.
If I want to copy your file, I can use the cp command and then the file name and the destination file name. And then when I do the ls command, I should be able to see the new file as well.
If I want to delete a file, I can do rm and the file name and now that file should be deleted.
So, the shell mode is primarily used for file system commands. And this is directly available when you log in as a root user.
From the shell mode, if you want to move to the operational mode, you would use the CLI command. And now I’m in the operational mode. This can be identified with a prompt that ends with a greater than symbol. Although a question mark here and I can see all the possible completions, the operational mode is primarily used to view the configuration or to access any of the network utilities, like ping, ssh, telnet, traceroute, etc.
So, for example, let’s say I want to view a configuration, so I would start with show and question mark. And I can use any of these options to view the configuration. For example, let’s do show interfaces. So, ctrl c to exit out, show interfaces. And I don’t have to type the full command if I just type in enough letters to make up a unique combination or a unique completion, I can then press the tab key and it will fill it up for me. So, show interfaces, enter, and I can see my interface configuration and statistics. All right. So ctrl c to exit out.
The operational mode can also be used to reboot the device or to shut down the device. And that’s done using the request command over here.
So, primarily, the operational mode is used to perform show commands and to access the network utilities and to restart or shut down the device. It can also be used to view the log files.
The third more called as the configuration mode can be accessed by typing in two commands. The first one is edit. So, when we type edit, that should take you to the configuration mode. Or another way to do it is using the configure command. And that will also take you to the configuration mode. So, two ways to do it – edit or configure.
The configuration mode can be identified with the pound symbol (#) at the end of the prompt. From the examination perspective, it is important to remember the modes and the symbols at the end of the prompt for each of the modes.
The configure mode is used to set the configuration of the device. So, if I do a question mark here, you will see we have options like set commands. We have the rollback option. We have the commit option, which is used to save the command. We can deactivate a configuration, activate a configuration, delete a configuration. So primarily it is used to make changes to the configuration. So, if I do set space question mark, you will see all the different ways in which I can configure the device. So, if I do set security space question mark, now I can see all possible ways to complete that command.
So, keep in mind the three modes. Shell mode is used for file system commands. The prompt ends with a percentage sign. The operational mode is used for viewing the configuration and for accessing the network utilities. The prompt ends with a greater than symbol, and the configuration mode is used to change the configuration and the prompt ends with a pound symbol.
25. CLI Navigation
Let’s talk about CLI navigation. So in this video, we’ll cover the usage of question mark, spacebar completion, and tab completion. And then we’ll talk about the keyboard shortcut sequences.
I’m here at the Junos terminal. Let’s start by talking about question mark. We’ve already spoken about this earlier, but we’ll take a look at it one more time. So, when you’re at the terminal and when you’re not sure what command you should be typing in or when you don’t know how to complete a command, we can use the question mark and that will show us all possible completions.
So, at the operational mode, these are the commands that I can start with. So, for example, if I did, show space question mark, it would show me all possible completion options. Keep in mind, that right now I cannot execute this command because the first possible completion is not enter. If you can execute the command, you will see the first possible completion is entering.
So, for example, if I did, show space interfaces and then I do a question mark, you will notice that the first possible completion is enter. So, I can enter this or I can complete the command with any one of these options available over here. So, that’s how we can use the question mark to view all possible completions.
You can also use the spacebar or the tab key to complete your commands. So, for example, if I do, show and I’m going to do show sec. And I’ll hit the tab key on my keyboard and that will complete the command for me.
Let’s do a question mark. And let’s say I want to view the policies. So, I’ll do show security pol. And this time I’m going to type the spacebar key. I know you can’t see me, but you have to trust me. So, when I do a spacebar, it automatically completes the command for me.
So, the question is what is the difference between a tab completion and a space completion. There is a critical difference. Let me show you an example. So, we’ll continue this command show security policies question mark. And I’m going to use this keyword here called a policy name. And I’ll do a question mark here. So, these are the possible completions or, I should say, these are the policies configured on this device. I’m gonna type in the first few letters of that policy name and I’ll press the spacebar key. I know you can’t see me, but you have to trust me that I’m pressing the spacebar key. When I press spacebar, it doesn’t complete. I’ll go back and now I’ll press the tab key. And that completes the command.
Did you notice the difference? So, the space key can only be used to complete system-defined commands. But the tab key can be used to complete not only system-defined commands, but also user-defined variables like policy names. That is the key difference between tab completion and space completion. So, tab completion is always going to work for system commands and for user-defined variables.
Personally, I use tab all the time to complete my commands because of the way the tab key is placed on the keyboard. I find it natural to use the tab key as a command completion method. My hand naturally reaches out to the tab key.
Another thing to keep in mind is that all commands must be in lower case. So if I typed show in upper case and if I try a tab or a space, that’s not going to work. All commands have to be in lower case and as a best practice, I recommend that you configure any user-defined variables with upper case. That way when you look at your configuration, every time you see the upper case, you know that that’s not a system-defined keyword, but that’s a user-defined variable.
Let’s now look at the keyboard shortcut sequences. There are four sequences we’re going to talk about. The first one is Ctrl + a. That would move your cursor to the beginning. The next is Ctrl + e. That would move the cursor to the end. Next we have Ctrl + w that erases the word to the left. And then we have Ctrl + u. That erases the entire line. Let’s try this on the terminal.
Back over here. Let me type in a command show security policies and we’ll do policy name and let’s do deny all. So that’s the command. And if I do Ctrl + a, that would move the cursor to the beginning of the line. If I do Ctrl + e, that would move it to the end of the line. If I wanted to delete one word to the left, I would do Ctrl + w. And if I wanted to erase the entire command, I would do Ctrl + u. So, these are some keyboard shortcut sequences that you should keep in mind. They are important from an examination perspective. And they’re also useful when you’re navigating through the CLI. As we start configuring the SRX device, you will notice that these keyboard shortcuts are very useful.