Until now, all what we have seen on Juniper was with the root user. The root user is consider the highest privilege on Juniper – it is a super-user level. By default, the root user comes wit no password, so be careful that you put a password on it before you start doing any configuration on the router otherwise the Juniper router will refuse to save the configuration. The root user cannot be deleted, and everytime that you log in to the root user you enter first to the shell mode.

As for the non-root users, they normally do not exist in the Juniper router by default, meaning that you need to create them and give them a permission/privilege so you can user them to log in.

Everytime you log in to the non-root user, you go to the operational mode. The non-root users can be deleted on the Juniper router.

These are the main differences between the root and non-root users. Let’s apply a LAB to check all what I have already discussed:

Let’s 1^st log in using the root user and see on which mode I will enter to:

Indeed, I did not have to put a password (the router was reset to factory-default) and I directly entered to the Shell mode.

Let’s now create a non-root user and see if it will work.

First, I need to go to the Configuration mode from the root user so I can create the non-root user:

Once I am in the Configuration mode, I can now create the non-root user. I will create a user called Maher and give it a password of Juniper123:

This is the command that you need to write then the user has been created.

Creating a user only is not enough – we need to give it a permission of what this user can do. I will give to Maher a permission of a super-user and then I will save my configuration:

I am just showing you what privilege you can provide to the user (in Juniper is called class). In my case, I will give Maher user the class of super-user where he has all permissions.

This has been assigned properly, but when I tried to save I got an error that the root doesn’t have a password and it is mandatory to give a password for the root so you can commit.

I will do that now then will commit the configuration:

After I have set a password for the root, I could commit the configuration – that’s great.

Let’s try now if the user Maher, that we have created, can log in to the router. First I need to exist back to the router login:

Excellent, I am out to the login. I will put the user Maher with its password and see if I can log in to the router:

I could log in without any problem. Also please see on which mode it came; the operational mode.

So, it is working as I have explained that all non-root users will login to the operational mode which the root user always log in first to the shell mode.

The last thing I want to do in this LAB is to go to the root user again and try to delete Maher user.

Let’s log in to the root user now:

As we previously have logged in into the user Maher, that’s for sure that it is saved on the router’s configuration. However, I am going to show you how you can see what users you have in your router then how you can delete a chosen user(s).

First let’s see how we can know how many users we have on our Juniper router:

I can see clearly that I have only 1 user which is Maher.

Let’s delete it now:

It has been deleted, and don’t forget to commit your configuration. Now if I repeat the show command to see if this router has any user, we shall see that it does not:

Also, this is a prove that a non-root user can be deleted as I have explained beginning of this lesson.

This is all what I wanted to show you about root and non-root users, hope you enjoyed it and let’s see what is the next lesson to be.