JUNOSe 9.1.x System Basics Configuration Guide > Command-Line Interface > Accessing the CLI

Accessing the CLI

This section describes logging in to and exiting from the router.

Logging In

The system supports a local console session and up to 30 virtual terminal (vty) sessions simultaneously. A virtual terminal session can be a Telnet session, Secure Shell Server (SSH) protocol session, or File Transfer Protocol (FTP) server session.

NOTE: The vty session factory default is 5. Use the line command to configure up to a maximum of 30 vtys. The configured vtys are shared among all types of connections; for example, if you configure 7 vtys, then no more than a total of 7 SSH plus FTP plus Telnet sessions can simultaneously exist on the router.

To access the system through a local console, attach a terminal to the system console port. To access the system through Telnet, Telnet client software must be installed on your host system. To access the system through SSH, SSH version 2.0 client software must be installed on your host system. To access the system through FTP, FTP client software must be installed on your host system.

You can configure Telnet to validate login requests. See Vty Line Authentication and Authorization in Chapter 9, Passwords and Security, for more information. Once Telnet is running on your host system, type in the E-series router name or its IP address and press Enter. To use a name, your network must have a name server.

For example, for Microsoft Windows NT enter:

telnet 192.168.1.13

or

telnet westford2

You are connected to your E-series router when the following prompt appears:

Logging in.

host1>

 NOTE: At this point, you have access only to User Exec commands.



 

To connect through SSH, refer to your SSH client documentation.

Privileged-Level Access

You access the CLI Privileged Exec commands using the enable command.

Defining CLI Levels of Privilege

The CLI has the ability to map any command to one of 16 levels of command privilege (0 to 15). When you access the Privileged Exec mode, you have access to those commands that map to your access level or below. In other words, if you access the Privileged Exec mode at access level 10 (the default), you have access to all commands with an access level setting of 10 or lower.

In general, command privileges fall within one of the following levels:

• 0—Allows you to execute the help, enable, disable, and exit commands
• 1—Allows you to execute commands in User Exec mode plus commands at level 0
• 5—Allows you to execute Privileged Exec show commands plus the commands at levels 1 and 0
• 10—Allows you to execute all commands except support commands, which may be provided by Juniper Networks Customer Service, or the privilege command to assign privileges to commands
• 15—Allows you to execute support commands and assign privileges to commands

For information about how to set individual command levels, see CLI Command Privileges.

Accessing the Privileged Exec Level

You can access the Privileged Exec commands using one of 16 levels of command privilege. If you do not enter a privilege level and you are not accessing the router through a RADIUS authentication account, the default CLI access level is 10.

To access the default Privileged Exec mode:

1. At the prompt, type enable and press Enter.

host1>enable

Password:

 NOTE: You will be prompted for a password only if your system has been configured with one. Refer to the enable secret and enable password Global Configuration commands described in Chapter 9, Passwords and Security.



 

2. Type your password and press Enter.

Password:******<Enter>

host1#

You can tell that you have access to Privileged Exec mode when the command prompt changes from a > character to a # character.

enable

• Use to move from User Exec to Privileged Exec mode.
• Privileged Exec mode allows you to access all other user interface modes. From here you can configure, monitor, and manage all aspects of the router.
• You can access the Privileged Exec commands using one of 16 levels of command privilege. If you do not enter a privilege level and you are not accessing the router through a RADIUS authentication account, the default CLI access level is 10.
• Set a password for this mode by using either the enable password or the enable secret command in Global Configuration mode. This protects the system from any unauthorized use.
• Once a password is set, anyone trying to use Privileged Exec mode will be asked to provide the password.
• Example 1 (accessing Privileged Exec mode at the default level [10])

host1>enable

password:*******

host1#

• Example 2 (accessing Privileged Exec mode at the highest level [15]; a password is not set for this example)

host1>enable 15

host1#

• There is no no version.

Moving from Privileged Exec to User Exec Mode

To move from the Privileged Exec mode to the User Exec mode, enter the disable command. For example:

host1#disable

host1>

 NOTE: Using the exit command from either the Privileged Exec or User Exec mode logs out of the CLI.



 

To move to a lower Privileged Exec mode, follow the disable command with an access level value. For example:

host1#show privilege

Privilege level is 10

host1#disable 5

host1#show privilege

Privilege level is 5

disable

• Use to exit Privileged Exec mode and return to User Exec mode.
• Use to shift to a lower Privilege Exec mode level without returning to User Exec mode. Specifying a privilege level after the disable command changes the Privileged Exec mode to the lower level that you specify; you do not return to User Exec mode.
• Example 1

host1#disable

host1>

• Example 2

host1#show privilege

Privilege level is 10

host1#disable 5

host1#show privilege

Privilege level is 5

• There is no no version.

Logging Out

You can log out of the CLI from either the User Exec and Privileged Exec modes by entering the exit command. For example:

host1>exit

logging out.

or

host1#exit    

logging out.