Juniper Junos
Description
The Juniper Junos connector connects to Junos OS devices via NETCONF over SSH (RFC 6241) and issues a <get-configuration> RPC to retrieve the system/login configuration stanza. It enumerates local user accounts and their assigned login classes, classifying super-user and super-user-local class assignments as privileged.
System Type Classification
| Field | Value |
|---|---|
| System Type | Infrastructure |
| Default Scan Priority | 200 |
Version Support
| OrbisID Edition | Supported |
|---|---|
| Community | No |
| Pro | Yes |
| Enterprise | Yes |
Supported Protocol
| Protocol | Port | Notes |
|---|---|---|
| NETCONF over SSH | 830 TCP | RFC 6241; SSH subsystem netconf |
What OrbisID Discovers
| Data | Source |
|---|---|
| Local user accounts | <user> elements under <configuration><system><login> |
| Login class assignments | <class> child of each <user> element |
| Privilege classification | super-user / super-user-local class → privileged |
| Memberships | User-to-login-class associations |
Connection Requirements
Required Permissions
The scanning credential must belong to a Junos user with NETCONF access and read access to the system login configuration.
Minimum permissions:
- Junos login class with
view-configurationor higher permissions - NETCONF access enabled (
set system services netconf ssh)
Credential Mapping
| OrbisID Field | Value |
|---|---|
credential.username | Junos local username |
credential.password | Junos password |
system.hostname | Device management IP or hostname |
system.port | NETCONF SSH port (default 830) |
Network Requirements
The OrbisID server must have TCP access to the Juniper device on port 830.
Configuration Steps
- Enable NETCONF on the device:
set system services netconf ssh
commit - Create a dedicated read-only scanner account:
set system login user orbisid-scanner class read-only
set system login user orbisid-scanner authentication plain-text-password
commit - Create a Credential in OrbisID:
- Username:
orbisid-scanner - Password: Junos password
- Username:
- Navigate to Systems → Add System
- Fill in the fields:
| Field | Value |
|---|---|
| Name | Descriptive name (e.g., Juniper MX – Core Router) |
| OS Type | JuniperJunos |
| System Type | Infrastructure |
| Hostname | Device management IP or hostname |
| Port | 830 |
| Credential | The scanning credential |
- Click Test Connection
- Click Save
Troubleshooting
| Symptom | Likely Cause | Resolution |
|---|---|---|
Connection refused on port 830 | NETCONF not enabled | Run set system services netconf ssh and commit |
Authentication failed | Invalid credentials | Verify the Junos user and password |
| No users in response | Login class restricts show configuration | Use a class with view-configuration permission |
| XML parse error | Device returned error RPC-reply | Check the NETCONF response for <rpc-error> elements |