Day One+

Junos OS

IN THIS GUIDE

Step 1: Begin | 1

Step 2: Up and Running | 6

Step 3: Keep Going | 8

Step 1: Begin

IN THIS SECTION

Meet Junos OS | 2

Initial Configuration | 2

Back Up the Configuration | 6

Junos OS is the network operating system that powers our broad portfolio of physical and virtual networking and security
products. It comes preinstalled on Juniper devices. In this guide, we show you how to initially configure Junos OS the first
time you power on your device, and how to setup user accounts.

NOTE: Are you interested in getting hands-on experience with the topics and operations covered in this guide?
Visit Juniper Networks Virtual Labs and reserve your free sandbox today! You’ll find the Junos Day One Experience
sandbox in the stand alone category.
 2

Meet Junos OS

Junos OS helps automates network operations and furthers operational efficiency. With the modular architecture of Junos
OS, you can achieve a high level of performance, high availability, security, and device scalability. Generally, Junos OS is
preinstalled on your Juniper Networks device when you receive it from the factory. When you first power on the device,
all software starts automatically. You then configure the software so that the device can participate in your network.

Initial Configuration

Video: Junos OS Initial Configuration

Have the following information ready before you begin your configuration:

• A root password

• The hostname you want to use to identify the device

• The domain name you want to use

• The IP address of a DNS server

• The management interface name for your device

NOTE: To find out the management interface for your router, see Supported Routing Engines by Router. To
find out the management interface for your switch, see Understanding Management Interfaces.

Here’s how to configure Junos OS for the first time starting from the factory default configuration:

1. Connect a laptop or PC to the device's console port.

2. Power on the device and wait for it to boot.

Junos OS boots automatically. You’ll know the boot process is complete when you see the login: prompt on the screen.

3. Log in as the user root.

Initially, you won't need a password for the root user account. When you're the root user, the prompt on the device
shows the username root@#.

4. Type cli to start the Junos OS command-line interface (CLI).

root@# cli
root@>

5. Type configure to access configuration mode:

 3

cli> configure
[edit]
root@#

6. Configure the hostname of the device.

We don’t recommend using spaces in the hostname.

[edit]
root@# set system host-name hostname

7. Configure the device domain name.

[edit]
root@# set system domain-name domain-name

8. Configure the IP address and prefix length for the device management Ethernet interface.

The management Ethernet interface provides a separate out-of-band management network for the device.

[edit]
root@# set interfaces management-interface unit 0 family inet address address/prefix-length

9. Configure a static (default) route for the management interface. In most cases your router will need to reach destinations
that are not local to the management subnet. This route should point to a gateway that is directly reachable over the
management network.

[edit]
root@re0# set routing-options static route 0.0.0.0/0 next-hop address

10. Configure the IP address of a backup or default network device.

The backup device is only used when the routing protocol process (rpd) isn't running. This route is used on the primary
routing engine during initial boot, and on the backup routing engine (which does not run rpd).

For devices with two routing engines, RE1 is the default backup routing engine and RE0 is the default primary routing
engine. RE1 uses the backup device as a default gateway after the device boots. This enables you to access the backup
routing engine. Choose a backup device that's directly connected to your device through the management interface.
The default gateway is commonly used as the default backup device.

[edit]
root@# set system backup-router address
 4

11. Configure the IP address of a Domain Name System (DNS) server.

The DNS server translates hostnames into IP addresses.

[edit]
root@# set system name-server address

12. (Optional) Delete the factory default configuration commit.

Junos OS has a default factory configuration that automatically loads upon system startup. If you've made changes to
the configuration, the default factory configuration will override your changes on system startup. To avoid this issue,
delete the commit factory-settings statement at the [edit system] hierarchy level.

[edit]
root@# delete system commit factory-settings

13. (Optional) Disable automatic software downloads.

By default, Junos OS will automatically download software upgrades using Zero Touch Provisioning (ZTP) when a
device is booted. To disable this feature, delete the auto-image-upgrade statement under the [edit chassis] hierarchy
level.

[edit]
root@# delete chassis auto-image-upgrade

14. Set the root password.

The root password can be a plain-text password that the system will encrypt, a password that is already encrypted, or
an SSH public key string.

• To enter a plain-text password:

[edit]
root@# set system root-authentication plain-text-password
New password: type password
Retype new password: retype password

• To enter a password that is already encrypted:

[edit]
root@# set system root-authentication encrypted-password encrypted-password

• To enter an SSH public key string:

[edit]
root@# set system root-authentication ssh-rsa key
 5

15. Enable remote access using SSH.

By default the root user can only log in on the console port, and that root login is not permitted over Telnet connections.
In this example we enable remote access for the root user using ssh.

[edit]
root@re0# set system services ssh root-login allow

16. (Optional) Display the configuration statements.

[edit]
root@ show
system {
host-name hostname;
domain-name domain.name;
backup-router address;
root-authentication {
(encrypted-password "password" | public-key);
ssh-rsa "public-key";
}
name-server {
address;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address address ;
}
}
}
}
}

On devices that use management Ethernet interface em0, you’ll see em0 in place of fxp0 in the show command output.

17. (Optional) Disable DHCP.

DHCP services automate assigning network-parameters to network devices. The DHCP service process is enabled by
default. To disable this feature, use the dhcp-service disable configuration statement at the [edit system processes]
hierarchy level.

[edit]
root@# set system processes dhcp-service disable

18. Commit the changes to activate the configuration on the device:

 6

[edit]
root@# commit

Once you commit the configuration, you’ll see the hostname you configured after the username in the CLI prompt, for
example, user@hostname#.

The initial configuration is now complete.

19. Exit from CLI configuration mode.

[edit]
root@hostname# exit
root@hostname>

Back Up the Configuration

After you commit the configuration and the new configuration is running successfully, run the request system snapshot
command to back up the new software to the file system on your hard drive. If you don’t run the request system snapshot
command, the configuration on the backup device will be out-of-sync with the configuration on the primary device.
Depending on the device model, you may need to insert a supported USB storage device for the snapshot to succeed.

Step 2: Up and Running

IN THIS SECTION

Configuring User Accounts | 6

Now that the initial configuration of Junos OS is complete, you're ready to configure user accounts. This will let other
people access the device to make changes.

Configuring User Accounts

User accounts allow access to the device. You add new user accounts to the device's local database. For each account,
you define a login name and password for the user, and specify a login class for access privileges. You can define any
number of login classes. The login password must meet the following criteria:
 7

• The password must be at least six characters long.

• You can include most character classes in a password (alphabetic, numeric, and special characters), but not control
characters.

• The password must contain at least one change of case or character class.

In this example, we show you how to create and configure a super-user account with a login class named operator-and
boot.

NOTE: This example requires you to navigate various levels in the configuration hierarchy. For instructions on
how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure user accounts:

1. Set the name of the login class and allow the use of the reboot command.

[edit system login]

root@ hostname# set class operator-and-boot allow-commands “request system reboot”

2. Set the permission bits for the login class.

[edit system login]

root@ hostname# set class operator-and-boot permissions [clear network reset trace view]

3. Define the username, bind the user to the operator-and-boot class, and configure a pre-encrypted password for the
user.

NOTE: In the below step you are entering a pre-encrypted password. You can use the plain-text-password
argument if you prefer to enter a clear text password that will then be encrypted.

[edit system login]

root@ hostname#set user name class operator-and-boot authentication encrypted-password $1$ABC123
 8

From configuration mode, enter the show system login command to confirm your configuration. If the output doesn’t
display the intended configuration, repeat the configuration instructions in this example to correct it.

[edit]
root@ hostname# show system login
class operator-and-boot {
permissions [ clear network reset trace view ];
allow-commands "request system reboot";
}
user name {
class operator-and-boot;
authentication {
encrypted-password "$1$ABC123";
}
}

If you are done configuring the device, enter commit to apply and save the configuration.

J-Web

If you'd prefer to configure and manage your device using a graphical user interface (GUI) rather than a CLI, J-Web is your
ticket. J-Web is a simple GUI that lets you easily visualize and manage the Juniper devices (SRX, EX, and MX Series) on
your network. J-Web uses the same commands as the Junos OS CLI.

For more information about J-Web, see:

• J-Web for SRX Series

• J-Web Platform Package for EX Series

• J-Web Application Package for EX Series

Step 3: Keep Going

IN THIS SECTION

Log Files | 9

Traffic Control | 9

System Recovery and Upgrade | 10

Network Management | 10

General Information | 10

Learn With Videos | 11

 9

Congratulations! You've now completed the initial configuration for Junos OS. Let’s keep going and learn about some
things you might want to do next.

Log Files

If you want to Then

Direct system log messages to a remote machine or to See Directing System Log Messages to a Remote Machine
the other routing engine on a router with two routing or the Other Routing Engine in the Network Management
engines and Monitoring Guide

Set a custom file size for log files so they can hold more See Specifying Log File Size, Number, and Archiving
logging information Properties in the Network Management and Monitoring
Guide

Include priority information in system log messages so See Including Priority Information in System Log Messages
you can see additional information about the facility in the Network Management and Monitoring Guide
and severity level of messages

Send system logs to an external server to ensure they See Directing System Log Messages to a Remote Machine
are backed up in the Network Management and Monitoring Guide

Traffic Control

If you want to Then

Configure a static route to manually save a fixed route in See Configure Static Routes in the Protocol-Independent
the routing table Routing Properties User Guide

Configure firewall filters to control the traffic that can See Example: Configuring a Stateless Firewall Filter to
access your network Accept Traffic from Trusted Sources in the Routing
Policies, Firewall Filters, and Traffic Policers User Guide

Limit management protocol access to only trusted IP See Example: Control Management Access on Juniper
addresses Networking Devices in the User Access and Authentication
Administration Guide

Configure flow detection to help troubleshoot and See Setting Up and Using Flow Detection in the Security
understand traffic flow Services Administration Guide
 10

System Recovery and Upgrade

If you want to Then

Configure a recovery snapshot so you can recover your See Backing Up an Installation Using Snapshots in the
®
files if you need to rollback after software installation Junos OS Software Installation and Upgrade Guide

Configure a rescue configuration to ensure that you can See Rescue and Recovery of Configuration File in the
®
always revert to a working configuration Junos OS Software Installation and Upgrade Guide

Upgrade or reinstall Junos OS See Preparing for Software Installation and Upgrade in
®
the Junos OS Software Installation and Upgrade Guide

Network Management

If you want to Then

Find information about how to implement and configure See the Network Management and Monitoring Guide
the many network management technologies that Junos
OS supports

Configure and optimize SNMP, a networking protocol that See Configuring SNMP in the Network Management and
helps you monitor and administer your network Monitoring Guide

Configure NTP to synchronize the system clocks of devices See Configuring NTP in the Time Management
in your network Administration Guide

General Information

If you want to Then

Download, activate, and manage your Junos OS software See Activate Junos OS Licenses in the Juniper
license Licensing Guide

Learn about new and changed features, limitations, and known Visit the Junos OS Release Notes
and resolved problems in the hardware and software

Find all the Junos OS documentation available to you in our Click Junos OS Documentation
TechLibrary
 11

If you want to Then

Understand the Internet standards supported by Junos OS Go to Standards Reference

Get hands-on experience with the procedures covered in this Visit Juniper Networks Virtual Labs and reserve your
guide free sandbox. You’ll find the Junos Day One
Experience sandbox in the stand alone category.

Learn With Videos

Our video library continues to grow! We’ve created many, many videos that demonstrate how to do everything from
install your hardware to configure advanced Junos OS network features. Here are some great video and training resources
that will help you expand your knowledge of Junos OS.

If you want to Then

Learn about how to connect to a factory-defaulted Junos Watch the Connecting to a Junos Device video
OS device

See how to Log in as Root Watch the Logging in as Root video

Get short and concise tips and instructions that provide See Learning with Juniper on Juniper Networks main
quick answers, clarity, and insight into specific features YouTube page
and functions of Juniper technologies

View a list of the many free technical trainings we offer Visit the Getting Started page on the Juniper Learning
at Juniper Portal

Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the
United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the
property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper
Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Copyright © 2022
Juniper Networks, Inc. All rights reserved. Rev. 03, March 2022.