3.3 Initial Configuration & Interfaces

Key Takeaways

  • Initial setup always requires a root password via `set system root-authentication`; named user accounts are then created under `[edit system login]` with a username, login class, and authentication.
  • `set system host-name` names the device and `set system services` enables management protocols such as SSH and (legacy, insecure) Telnet.
  • The dedicated out-of-band management interface on most platforms is `fxp0` or `me0`, configured under `interfaces` with an address that is kept separate from transit interface logic.
  • Junos interface names follow `type-fpc/pic/port` (for example `ge-0/0/0`), and a logical `unit` carries protocol families such as `family inet` (IPv4) and `family inet6` (IPv6).
  • Verify interfaces with `show interfaces terse`, `show interfaces` *name* `extensive`, and `show configuration interfaces`, all from operational mode after commit.
Last updated: May 2026

Why This Topic Matters

Initial configuration and interface basics sit at the heart of the Configuration Basics objective, the largest area on JNCIA-Junos. The exam consistently tests the mandatory first steps after factory default, the difference between root and named accounts, how management services are enabled, and how to read a Junos interface name. These are also the first tasks you perform on any real Junos device.

Root and User Accounts

The root account is the built-in superuser. On a factory-default device it has no password, and as covered earlier Junos will not commit until a root password is set.

[edit]
user@host# set system root-authentication plain-text-password
New password:
Retype new password:

After the root password, create named user accounts so individuals do not share root. Each account needs a class (login class) and an authentication method.

[edit system login]
user@host# set user nadia class super-user
user@host# set user nadia authentication plain-text-password
New password:
ElementPurpose
root-authenticationPassword (or SSH key) for the built-in root user
login user nameCreates a named account
classMaps the account to a login class (permissions)
authenticationLocal password or SSH key for the account

For stronger security you can configure ssh-rsa / ssh-ed25519 public keys instead of plain-text passwords, and centralized authentication such as RADIUS or TACACS+ with a local fallback.

Host Name and Management Services

Host Name

The device name appears in the CLI prompt and in logs.

[edit]
user@host# set system host-name core-rtr-01

After commit, the prompt becomes user@core-rtr-01>.

System Services

Management access protocols are enabled under [edit system services]. Junos disables most remote access by default, so you explicitly turn on what you need.

Service statementEffectNotes
set system services sshEnables SSHRecommended; encrypted
set system services telnetEnables TelnetLegacy and unencrypted - avoid in production
set system services web-management httpsEnables J-Web over HTTPSNeeded before J-Web can be used
set system services web-management httpEnables J-Web over HTTPUnencrypted; HTTPS preferred
set system services netconf sshEnables NETCONF over SSHProgrammatic/automation access

A minimal secure baseline typically enables only SSH:

[edit]
user@host# set system services ssh
user@host# commit

The exam often contrasts SSH with Telnet: both provide remote CLI access, but Telnet sends credentials and data in clear text, so SSH is the correct choice for secure management.

The Management Interface

Most Junos platforms include a dedicated out-of-band (OOB) management interface, separate from the revenue/transit ports. It is named fxp0 on many routers and me0 on many switches. Because it is out-of-band, its address is reachable for management even when transit routing is broken, and it is kept logically separate from production traffic.

[edit]
user@host# set interfaces fxp0 unit 0 family inet address 10.10.10.2/24
user@host# set routing-options static route 0.0.0.0/0 next-hop 10.10.10.1
user@host# commit

Key points for the exam:

  • The management interface is configured like any other interface but is intended only for device management, not for forwarding user traffic.
  • It commonly uses a static route or a dedicated management routing instance so management traffic does not mix with the main routing table.

Junos Interface Naming

Junos interface names are highly structured. Understanding the parts lets you decode any name on the exam.

The general form is:

type-fpc/pic/port.unit

For example, in ge-0/0/5.0:

PartValueMeaning
typegeMedia type - Gigabit Ethernet
fpc0Flexible PIC Concentrator (slot)
pic0Physical Interface Card position
port5Port number on the PIC
unit0Logical unit (after the dot)

Common media-type prefixes:

PrefixInterface type
geGigabit Ethernet
xe10-Gigabit Ethernet
et40/100-Gigabit Ethernet
aeAggregated Ethernet (link bundle)
lo0Loopback (always-up logical interface)
fxp0 / me0Out-of-band management

Physical vs. Logical (Units)

A physical interface such as ge-0/0/0 carries one or more logical units. The unit holds protocol family configuration and addressing. Every interface that carries traffic needs at least one unit (commonly unit 0), and a family such as inet for IPv4 or inet6 for IPv6 must be configured on that unit.

Basic Interface Configuration

A typical IPv4 plus IPv6 interface configuration sets a description, a unit, and address families.

[edit interfaces]
user@host# set ge-0/0/0 description "Link to core-rtr-02"
user@host# set ge-0/0/0 unit 0 family inet address 192.0.2.1/30
user@host# set ge-0/0/0 unit 0 family inet6 address 2001:db8:0:1::1/64
user@host# top
user@host# commit

The loopback interface lo0 is special: it is always up as long as the device is running, so it is the preferred source for management, routing protocol IDs, and stable addressing.

[edit interfaces]
user@host# set lo0 unit 0 family inet address 10.255.0.1/32

Verifying Interfaces

After commit, verify from operational mode. These commands appear frequently on the exam.

CommandUse
show interfaces terseCompact list: every interface, admin/link state, and address
show interfaces ge-0/0/0Detailed status for one interface
show interfaces ge-0/0/0 extensiveFull statistics, errors, and counters
show configuration interfacesThe committed interface configuration
monitor interface ge-0/0/0Live, refreshing traffic counters

Example terse output:

user@host> show interfaces terse
Interface               Admin Link Proto    Local                 Remote
ge-0/0/0                up    up
ge-0/0/0.0              up    up   inet     192.0.2.1/30
                                   inet6    2001:db8:0:1::1/64
lo0                     up    up
lo0.0                   up    up   inet     10.255.0.1/32

Two states matter: Admin is whether the interface is administratively enabled (an interface set with disable shows down), and Link is the physical/operational state. Both must be up for the interface to pass traffic. An interface that is Admin up but Link down usually indicates a cabling, speed, or far-end problem rather than a configuration error.

Test Your Knowledge

On a factory-default Junos device, which configuration step is mandatory before the first commit will succeed?

A
B
C
D
Test Your Knowledge

In the interface name xe-1/0/3.0, what does the xe prefix indicate?

A
B
C
D
Test Your Knowledge

A network administrator must enable secure remote CLI access on a new Junos router. Which is the best choice?

A
B
C
D
Test Your Knowledge

show interfaces terse shows ge-0/0/0 as Admin up but Link down. What is the most likely cause?

A
B
C
D