Secondary Configuration

After completing the initial configuration via either the CLI or EZSetup, you will likely need additional configuration, such as:

  • Non-root-user accounts and privileges

  • OoB management

  • Additional remote access functionality

  • Dynamic Host Configuration Protocol (DHCP) services

Customized User Accounts, Authentication, and Authorization

There are two types of users on a Juniper Networks system: non-root users and the root user. All users must be authenticated before they can access the switch, and when desired, various levels of authorization are possible to limit the scope of actions or commands available to users in each class. Recall that the root user is the only predefined user, and that root can log in only via the console port until SSH access is configured; the root user is not permitted to remotely access the router via Telnet for security reasons.


Non-root users can telnet to the router and su to root when authorized if the SSH service is not running. This is not recommended, as Telnet sends in plain text.

You must set a root password before the switch will allow you to commit a modified factory-default configuration. As we showed previously, to set up a root password, issue the set root-authentication statement under the [edit system] level. There are several options:

root@Tequila# set system root-authentication ? Possible completions: + apply-groups Groups from which to inherit configuration data + apply-groups-except Don't inherit configuration data from ...

Get JUNOS Enterprise Switching now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.