| technology | networking - Ross Heintzkill
JUNOS Modes and Prompts Explained
Juniper Networks builds devices and software for networks. Like any hardware or software developer, the language used to navigate their devices is a mix of intentional choices and accidental evolution. And they've been building devices for over 35 years — plenty of time to develop a language and vocabulary all their own.
If you're not accustomed to Juniper Networks devices, their operating system, Junos, can be intimidating and confusing. In this blog post, our aim is simple: we're going to give a quick, simple overview of the two modes you can be in while you manage a Juniper Networks device. We're also going to spend time explaining three symbols (>, %, and #) you might see while you're navigating the Junos CLI and what they mean about which mode you're in.
What is Root Mode in Junos?
Quick Definition: When a user is logged in as "root", that user has superuser privileges. That means a "root" user in Junos has access to all commands and statements. Technically, Junos doesn't have an actual "root mode" except that while logged in as root, a user can effectively manipulate anything about the device they wish to. Understandably, this is inherently risky. Good security principles call for limiting and restricting what users can do on your devices according to their need. While logged in as root, a user effectively has shell access.
What is a Shell?
Quick Definition: A shell is a computer program that allows a user or other program to work directly with a device's operating system services. When using a shell, a user bypasses the normal functioning of a computer or device and controls its underlying operations.
What is a Command Line Interface (CLI)?
Quick Definition: A command line is a text-only, line-based input for a user to interact with a device or operating system services with. If this definition looks similar to "shell" above — it should! A command line interface (CLI) is one of the ways a shell has for exposing an operating system's services to a user.
What is Configuration Mode in Junos?
Quick Definition: Configuration mode is the other of the two modes in Junos – in it, a user can configure the device itself. For network devices, configuration mode means the user can manipulate interfaces, routing information, protocols, user access, even properties related to the system and hardware.
What is Operational Mode in Junos?
Quick Definition: Operational mode is one of the two modes in the Junos Operating System Command Line Interface. While in Operational mode, a user can enter commands that enable monitoring and troubleshooting. These commands can reveal information about the OS itself, the device and network connectivity.
What are the Different Modes in Junos?
There are two modes to choose from when running the Junos operating system — the proprietary OS for Juniper Networks devices: operational and configuration. When managing, monitoring or configuring a device that's running the Junos OS, you choose between operational mode and configuration mode based on what you need to do with the device.
As we walk through the different modes and the prompts they display to indicate which mode you're in, we're assuming you have a Juniper Networks device you can experiment with. We always recommend practicing network administration techniques like this on a device of your own. Or maybe in a virtualized environment if you have one available. Either way, the place you're going to start is the log-in screen for the Junos device.
We'll start with the regular user method first. Presumably we've already gone through and created users. Look for our other blog posts covering creating users in Junos, but for our purposes here, we're assuming the device already has users registered on it.
An Overview of Junos Modes and Prompts [VIDEO]
CBT Nuggets trainer Scott Morris discusses Juniper command-line fundamentals and provides a tutorial on JUNOS modes and prompts.
How to Tell If You're in Operational Mode in Junos
On the device log-in, we use a username and its password to get us into the default mode when dealing with Juniper devices: operational mode. Once we're logged in, the first thing we want to do is take a moment and look at what the OS is showing us. Your cursor should now be waiting for input from you on a line of text that includes your username and the device you're logged into.
But in addition to that, you should see the greater than symbol (>). For us, that symbol is the most important part of the line. That symbol is also known as the user prompt. When logged in as a user, that's the prompt you'll see. Seeing the ">" means that this mode is where you can perform operational commands from.
It's in this mode that you'll be writing any Show commands, Clear commands, or any other basic commands regarding the operation of a system.
There's a lot we could do in Operational mode, but for now we're going to type "exit". This will log us out of operational mode and bring us back to the default login screen for the device.
How to Log in as Root User in Junos
Logging in as the root user is as simple as entering "root" as your login and typing its password. As a root user, every command is available, which makes this a very risky mode to work in. If you're logged in as the root user, the first thing you may notice is that you have a different prompt.
The percentage symbol (%) at the end of the line indicates that you're in shell mode. This means that the commands you enter here will bypass most of the things the device's software normally does and give you fundamental access to its underlying code.
But being in shell mode doesn't inherently do anything for you, to be able to enter commands and manipulate the device from shell mode, you need to navigate to the command line interface. So, on the command line you're typing on, you want to type "cli".
There's a lot to learn about what a root user has permissions to do and how to configure a Juniper device. But for this blog post, what we want to emphasize is the presence of the user prompt when you enter the command line interface. The % has been replaced by >, which means you're back in operational mode — this time as a root user and not a user with default permissions.
Now, remember that from an overall device security perspective, you don't want to use root every time you log in. It's bad security practice to use root user access as your main methodology for getting into a router. You just don't want to risk it. You'll get into the device with root access the first time to do your basic setup. But after that it's always a good idea to make sure you go through and secure that login and don't spread the root password around.
We're not looking to lecture you about your security setup, but unless you have a small, core team doing configurations, it's best not to disseminate root permission. One key to keeping your devices secure is to limit who has it. If everyone is able to log in and make changes as root, you're setting yourself up to have no accountability.
How to Enter Configuration Mode in Junos
Configuration mode in Junos is denoted by a hash/pound symbol (#) at the end of your command line. Configuration mode is arguably the most important mode to know and recognize, and for many readers it's probably what you were searching for when you found this blog post.
Configuration mode can be accessed only by users authorized for it. It's accessed through the command line interface. It just so happens that we never exited from our root access or the command line from our above example. So in the CLI, we just type "configure". Don't forget that Junos also provides auto-complete functionality, so if you type a few letters like "conf" and hit spacebar, it'll help predict the command you're looking for.
Once you've done that, assuming the user you're logged in as has the necessary permissions, you should see the third prompt we should recognize when dealing with Juniper Networks devices and software: the hash or pound symbol (#). Any time you see the # symbol at the end of a line, you know you're in configuration mode.
Remember: when working with Juniper Networks systems, there are three prompts to keep your eye out for to help you keep in mind where you are and what you can do from the command line. In Junos, a greater than symbol (>) at the end of your command line tells you you're in operations mode. A percent symbol (%) at the end of your Junos command line is the shell prompt — it means you're working directly with the Unix shell. Last, when working with a Juniper Networks device or software, a hash or pound symbol (#) at the end of your command line means that you're in configuration mode.
What those symbols mean and what you can do in each of those modes is important knowledge for Juniper Networks certification exams. But obviously there's also a lot more you need to know about configuring and managing Junos and Juniper devices. CBT Nuggets has skill-based training to bring you up to speed on Juniper Networks devices and software, no matter your level of familiarity. Browse all of our Juniper Networks training — and keep your eye out for future blog posts about Junos commands and prompts.