Junos-defaults group

Have you ever tried to to configure a user’s password that is shorter than 6 characters during the initial configuration and found out that you cannot do this?

If you did, you should have seen this:

 

{master:0}[edit]
root@qfx5100# set system login user test authentication plain-text-password
New password:
error: minimum password length is 6

{master:0}[edit]
root@qfx5100#

 

The minimum-length knob for a password is configured like this:

 

{master:0}[edit]
root@qfx5100# set system login password minimum-length ?
Possible completions:
  <minimum-length>     Minimum password length for all users (6..20)
{master:0}[edit]
root@qfx5100#

 

However, if you would check the configuration, you will not find anything mentioning that you need to use at least 6 characters:

 

{master:0}[edit]
root@qfx5100# show system login
user lab {
    uid 2000;
    class super-user;
    authentication {
        encrypted-password "$1$e6SB6WQT$.sXMJaecb9PqzBzagh6Gt1"; ## SECRET-DATA
    }
}

{master:0}[edit]
root@qfx5100#

 

What is happening is that the Junos OS comes with a default, hidden configuration group that is automatically applied to the configuration of the device. The group is called “junos-defaults“.

The group contains preconfigured statements that have predefined values.

Some of the statements must be referenced to take effect.

The default configuration values can be overridden, but they cannot be deleted or changed.

NOTE: the group is not the same on all platforms, which is a very important thing to remember. There actually might be differences between different releases of the same platform.

Let’s see how you can check the content of the default configuration group and see the content of the group on two different QFX platforms: QFX5100 and QFX10002.

This is the QFX5100:

 

{master:0}[edit]
root@qfx5100# run show version
fpc0:
--------------------------------------------------------------------------
Hostname: qfx5100
Model: qfx5100-24q-2p
Junos: 14.1X53-D30.3
JUNOS Base OS Software Suite [14.1X53-D30.3]
JUNOS Base OS boot [14.1X53-D30.3]
JUNOS Crypto Software Suite [14.1X53-D30.3]
JUNOS Online Documentation [14.1X53-D30.3]
JUNOS Kernel Software Suite [14.1X53-D30.3]
JUNOS Packet Forwarding Engine Support (qfx-ex-x86-32) [14.1X53-D30.3]
JUNOS Routing Software Suite [14.1X53-D30.3]
JUNOS SDN Software Suite [14.1X53-D30.3]
JUNOS Enterprise Software Suite [14.1X53-D30.3]
JUNOS Web Management Platform Package [14.1X53-D30.3]
JUNOS py-base-i386 [14.1X53-D30.3]
JUNOS Host Software [13.2X51-D30_vjunos.]

{master:0}[edit]
root@qfx5100#

 

And the group is this:

 

{master:0}[edit]
root@qfx5100# show groups junos-defaults
system {
    ports {
        console type vt100;
    }
    login {
        password {
            minimum-length 6;
            change-type set-transitions;
            minimum-changes 1;
            format md5;
        }
    }
    syslog {
        archive size 256k;
        file default-log-messages {
            structured-data;
        }
    }
    compress-configuration-files;
}
snmp {
    engine-id {
        use-mac-address;
    }
}
routing-options {
    ppm {
        redistribution-timer 100;
    }
    forwarding-table {
        ecmp-fast-reroute;
    }
}

{master:0}[edit]
root@qfx5100#

 

And this is the QFX10002:

 

{master:0}[edit]
root@qfx10002# run show version
re0:
--------------------------------------------------------------------------
Hostname: qfx10002
Model: qfx10002-72q
Junos: 15.1X53-D10.7
JUNOS Base OS boot [15.1X53-D10.7]
JUNOS Base OS Software Suite [15.1X53-D10.7]
JUNOS Online Documentation [15.1X53-D10.7]
JUNOS Crypto Software Suite [15.1X53-D10.7]
JUNOS Kernel Software Suite [15.1X53-D10.7]
JUNOS Packet Forwarding Engine Support (qfx-ex-x86-32) [15.1X53-D10.7]
JUNOS Routing Software Suite [15.1X53-D10.7]
JUNOS Enterprise Software Suite [15.1X53-D10.7]
JUNOS py-base-i386 [15.1X53-D10.7]
JUNOS Host Software [3.10.55-ltsi-WR6.0.0.15_standard:2.0.0]
JUNOS Host qfx-10-f platform package [15.1X53-D10.7]
JUNOS Host qfx-10-f base package [15.1X53-D10.7]
JUNOS Host qfx-10-f data-plane package [15.1X53-D10.7]
JUNOS Host qfx-10-f control-plane flex package [15.1X53-D10.7]
Junos for Automation Enhancement

{master:0}[edit]
root@qfx10002#

 

And as you can see, it’s different than the one from QFX5100:

 

{master:0}[edit]
root@qfx10002# show groups junos-defaults
system {
    ports {
        console type vt100;
    }
    login {
        password {
            minimum-length 6;
            change-type set-transitions;
            minimum-changes 1;
            format md5;
        }
    }
    syslog {
        archive size 256k;
        file default-log-messages {
            structured-data;
        }
    }
    compress-configuration-files;
}
interfaces {
    lo0 {
        unit 0 {
            family inet;
            family inet6;
        }
    }
}
snmp {
    engine-id {
        use-mac-address;
    }
}
routing-options {
    ppm {
        redistribution-timer 100;
    }
    chained-multi-family-lookup;
    forwarding-table {
        ecmp-fast-reroute;
        transit-lsp-statistics-from-route;
        chained-composite-next-hop {
            ingress {
                l2vpn;
                l2ckt;
                fec129-vpws;
            }
            transit {
                l2vpn;
                l3vpn;
                labeled-bgp;
                static;
                rsvp;
                rsvp-p2mp;
                ldp;
                ldp-p2mp;
            }
        }
    }
}

{master:0}[edit]
root@qfx10002#

 

As you could see, for our example, the minimum-length knob is configured with a value of 6 in the junos-defaults group, hence the restriction of not being able to set a password shorter than 6 characters.

I hope you found this post informative and now you should know from where some default configuration on Juniper devices comes from.

 

The following two tabs change content below.

Paris ARAU

Paris ARAU is a networking professional with strong background on routing and switching technologies. He is a holder of CCIE R&S and dual JNCIE(SP and ENT). The day to day work allows him to dive deeply in networking technologies. Part of the continuously training, he is focusing on Software Defined Network and cloud computing.

Comments

This post currently has one response

Leave a Reply

Your email address will not be published. Required fields are marked *

Sidebar



%d bloggers like this: