IJOS Lab Guide -Lab4.Ready

7/23/2019 IJOS Lab Guide -Lab4.Ready

http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 1/23

IJOS Lab Guide

Page 1

In this activity, you you will perform the following tasks:

Part 1: Monitor chassis, system, and interface operation.

Part 2: Use network utilities.

Part 3: Recover the root password.

LLaabb 44::

OOppeerraattiioonnaall MMoonniittoorriinngg aanndd

MMaaiinntteennaannccee



IJOS Lab Guide

Page 2

Part 1: Monitoring System and Chassis Operation

Step 1.1Issue the show system processes extensive command to check the status of the routing

protocol daemon (rpd). Alternatively, issue the show system processes extensive |

match "pid | rpd" command to parse the output. The use of two pipes ( | ) in this

command allows. you to make multiple matches. In this case it matches rpd for the

routing protocol process as well as PID to view the column headers.

SRXP (ttyu0)

login: admin

Password: juniper123

--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC

admin@SRXP> show system processes extensive | match "pid | rpd" PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND

3664 root 1 4 0 49392K 22192K kqread 0 0:02 0.00% rpd

Question: What is the weighted CPU usage of rpd?

____________________________________________________________________________

Answer: The answer can vary. In the sample output taken from SRXP, the weightedCPU usage is 0%. The weighted CPU column represents the CPU usage over a

period of time.

Step 1.2Issue the show system statistics command to view protocol statistics related to your

SRX device.

admin@SRXP> show system statistics

Tcp: 2111 packets sent

393 data packets (27298 bytes)

0 data packets retransmitted (0 bytes)

0 resends initiated by MTU discovery

174 ack only packets (135 packets delayed)

0 URG only packets

0 window probe packets



IJOS Lab Guide

Page 3

2 window update packets

3258 control packets

3943 packets received

416 acks(for 27326 bytes)

13 duplicate acks

0 acks for unsent data

428 packets received in-sequence(9905 bytes)1 completely duplicate packets(0 bytes)

0 old duplicate packets

0 packets with some duplicate data(0 bytes duped)

0 out-of-order packets(0 bytes)

0 packets of data after window(0 bytes)

0 window probes

3 window update packets

0 packets received after close

---(more)---

Question: How many TCP packets did your assigned device send since the last clearing of

the system statistics?

____________________________________________________________________________

Answer: The answer can vary. In the previous example taken from SRXP, the device sent

2111 TCP packets.

Step 1.3Issue the show system storage command to view information regarding the device

storage space.

admin@SRXP> show system storage Filesystem Size Used Avail Capacity Mounted on

/dev/da0s1a 292M 156M 113M 58% /

devfs 1.0K 1.0K 0B 100% /dev

/dev/md0 431M 431M 0B 100% /junos

/cf 292M 156M 113M 58% /junos/cf

devfs 1.0K 1.0K 0B 100% /junos/dev/

procfs 4.0K 4.0K 0B 100% /proc/dev/bo0s3e 24M 44K 22M 0% /config

/dev/bo0s3f 342M 6.7M 308M 2% /cf/var

/dev/md1 168M 17M 137M 11% /mfs

/cf/var/jail 342M 6.7M 308M 2% /jail/var

/cf/var/log 342M 6.7M 308M 2% /jail/var/log

devfs 1.0K 1.0K 0B 100% /jail/dev

/dev/md2 39M 4.0K 36M 0% /mfs/var/run/utm



IJOS Lab Guide

Page 4

/dev/md3 1.8M 4.0K 1.7M 0% /jail/mfs

Question: How much free space is available on your device?

____________________________________________________________________________

Answer: The answer can vary. In the sample output taken from SRXP, 113 Megabytes

are available.

Step 1.4Issue the show system uptime command to view the current system time.

admin@SRXP> show system uptime Current time: 2012-05-05 20:05:31 CST

System booted: 2012-05-05 17:47:34 CST (02:17:57 ago)

Protocols started: 2012-05-05 18:54:33 CST (01:10:58 ago)Last configured: 2012-05-05 19:47:07 CST (00:18:24 ago) by admin

8:05PM up 2:18, 2 users, load averages: 0.03, 0.06, 0.07

Question: When was your team¡¦s device last booted?

____________________________________________________________________________

Answer: The answer will vary. In the example taken from SRXP, you can see that the

system booted 2 hours and 18 minutes ago

Step 1.5 Access to your INSIDE-PA , open another terminal window and use Telnet to access your

INSIDE IP address(10.0.P.1). If needed, refer to the diagram. Log in with the username

walter and the password walter123.



IJOS Lab Guide

Page 5

Step 1.6Return to the console session and issue the show system users command to view

information about users logged in to your team’s device.

admin@SRXP> show system users 8:14PM up 2:27, 2 users, load averages: 0.09, 0.04, 0.06

USER TTY FROM LOGIN@ IDLE WHAT

admin u0 - 7:52PM - -cli (cli)walter p0 10.0.P.10 8:14PM - -cli (cli)

Question: What is the source IP address of the Telnet session established by the user

walter?

____________________________________________________________________________

Answer: The answer will vary. In the following example taken from SRXP, the source IP

address of the telnet session established by the user walter is 10.0.P.10.

Step 1.7Issue the request system logout user walter command to force a log out for the user

walter. Next, issue the show system users command to verify

that the user session for walter was terminated.

admin@SRXP> request system logout user walter

logout-user: done

admin@SRXP> show system users 8:18PM up 2:31, 1 user, load averages: 0.16, 0.11, 0.08

USER TTY FROM LOGIN@ IDLE WHAT

admin u0 - 7:52PM - -cli (cli)

Question: Was the user Telnet session for walter properly closed?

____________________________________________________________________________



IJOS Lab Guide

Page 6

Answer: As shown in the sample output, the Telnet session for the user walter should

now be closed.

Step 1.8Check the environmental status of your team’s device by issuing the show chassis

environment command.

admin@SRXP> show chassis environment Class Item Status Measurement

Temp Routing Engine OK 49 degrees C / 120 degrees F

Routing Engine CPU OK 49 degrees C / 120 degrees F

Fans SRX240 PowerSupply fan 1 OK Spinning at normal speed

SRX240 PowerSupply fan 2 OK Spinning at normal speed

SRX240 CPU fan 1 OK Spinning at normal speed

SRX240 CPU fan 2 OK Spinning at normal speedSRX240 IO fan 1 OK Spinning at normal speed

SRX240 IO fan 2 OK Spinning at normal speed

Power Power Supply 0 OK

Question: What is the temperature and status of the Routing Engine (RE)?

____________________________________________________________________________

Answer: Your details might vary. The sample capture shows a temperature of 49

degrees Celsius and a status of OK.

Question: Name another show chassis command that displays the RE temperature.

(Hint: Use the ?.)

____________________________________________________________________________

Answer: As the following capture shows, the show chassis routing-engine command

displays the RE temperature as well as other RE-specific details.

admin@SRXP> show chassis routing-engine

Routing Engine status:Temperature 49 degrees C / 120 degrees F

CPU temperature 48 degrees C / 118 degrees F

Total memory 1024 MB Max 655 MB used ( 64 percent)

Control plane memory 560 MB Max 370 MB used ( 66 percent)

Data plane memory 464 MB Max 283 MB used ( 61 percent)

CPU utilization:



IJOS Lab Guide

Page 7

User 5 percent

Background 0 percent

Kernel 1 percent

Interrupt 0 percent

Idle 94 percent

Model RE-SRX240H

Serial ID AAAL3327Start time 2012-05-05 17:47:27 CST

Uptime 2 hours, 36 minutes, 8 seconds

Last reboot reason 0x200:normal shutdown

Load averages: 1 minute 5 minute 15 minute

0.21 0.13 0.09

Step 1.9Issue the show chassis temperature-thresholds command

admin@SRXP> show chassis temperature-thresholds Fan speed Yellow alarm Red alarm Fire Shutdown

(degrees C) (degrees C) (degrees C) (degrees C)

Item Normal High Normal Bad fan Normal Bad fan Normal

Chassis default 35 45 50 40 75 65 100

Routing Engine 35 45 50 40 75 65 10

Question: At what temperature is a red alarm generated for the RE?

____________________________________________________________________________

Answer: Assuming the fans are operational, the system raises a red alarm when the RE

reaches 75 degrees Celsius. These threshold values can vary between different

Junos devices.

Step 1.10View details about your system’ s hardware components using the show chassis

hardware command.

admin@SRXP> show chassis hardware Hardware inventory:

Item Version Part number Serial number Description

Chassis AG3809AA0008 SRX240H

Routing Engine REV 36 750-021793 AAAL3327 RE-SRX240H

FPC 0 FPC

PIC 0 16x GE Base PIC



IJOS Lab Guide

Page 8

Power Supply 0

Question: What is the chassis serial number for your SRX device??

____________________________________________________________________________

Answer: The answer will vary depending on your assigned device. In the example, the

chassis serial number is AG3809AA0008

Step 1.11Issue the show interface terse command to quickly verify the administrative and link

state for your device’s interfaces.

admin@SRXP> show interfaces terse Interface Admin Link Proto Local Remote

ge-0/0/0 up down

gr-0/0/0 up up

ip-0/0/0 up up

lsq-0/0/0 up up

lt-0/0/0 up up

mt-0/0/0 up up

sp-0/0/0 up up

sp-0/0/0.0 up up inet

sp-0/0/0.16383 up up inet 10.0.0.1 --> 10.0.0.16

10.0.0.6 --> 0/0

128.0.0.1 --> 128.0.1.16128.0.0.6 --> 0/0

ge-0/0/1 up up

ge-0/0/2 up up

ge-0/0/2.0 up up inet 192.168.P.2/24

ge-0/0/3 up up

ge-0/0/3.0 up up inet 172.16.P.1/24

ge-0/0/4 up down

ge-0/0/5 up up

ge-0/0/5.0 up up inet 10.0.P.1/24

ge-0/0/6 up down

ge-0/0/7 up upge-0/0/8 up up

ge-0/0/9 up up

ge-0/0/10 up up

ge-0/0/11 up up

ge-0/0/12 up up

ge-0/0/13 up up

ge-0/0/14 up up



IJOS Lab Guide

Page 9

ge-0/0/15 up up

fxp2 up up

fxp2.0 up up tnp 0x1

gre up up

ipip up up

irb up up

lo0 up uplo0.16384 up up inet 127.0.0.1 --> 0/0

lo0.16385 up up inet 10.0.0.1 --> 0/0

10.0.0.16 --> 0/0

128.0.0.1 --> 0/0

128.0.0.4 --> 0/0

128.0.1.16 --> 0/0

lo0.32768 up up

lsi up up

mtun up up

pimd up up

pime up up

pp0 up up

ppd0 up up

ppe0 up up

st0 up up

tap up up

vlan up up

Question: What are the Admin and Link states for all configured interfaces?

____________________________________________________________________________

Answer: All configured interfaces should show Admin and Link states of up. If your

output shows otherwise, please contact your instructor.

Step 1.12Issue the show interfaces ge-0/0/5 extensive command and answer the questions that

follow:

admin@SRXP> show interfaces ge-0/0/5 extensive Physical interface: ge-0/0/5, Enabled, Physical link is Up

Interface index: 139, SNMP ifIndex: 512, Generation: 142

Description: INSIDE INTERFACE

Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 100mbps,

BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,

Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled,

Remote fault: Online



IJOS Lab Guide

Page 10

Device flags : Present Running

Interface flags: SNMP-Traps Internal: 0x0

Link flags : None

CoS queues : 8 supported, 8 maximum usable queues

Hold-times : Up 0 ms, Down 0 ms

Current address: 00:26:88:e1:60:05, Hardware address: 00:26:88:e1:60:05

Last flapped : 2012-05-05 17:50:22 CST (02:45:31 ago)Statistics last cleared: Never

Traffic statistics:

Input bytes : 329585 232 bps

Output bytes : 93202 0 bps

Input packets: 4840 0 pps

Output packets: 857 0 pps

Input errors:

Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0,

L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0,

FIFO errors: 0, Resource errors: 0

Output errors:

Carrier transitions: 1, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0,

FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0

Egress queues: 8 supported, 4 in use

Queue counters: Queued packets Transmitted packets Dropped packets

0 best-effort 595 595 0

1 expedited-fo 0 0 0

2 assured-forw 0 0 0

3 network-cont 257 257 0

Queue number: Mapped forwarding classes

0 best-effort1 expedited-forwarding

2 assured-forwarding

3 network-control

Active alarms : None

Active defects : None

<Output Omitted>

Logical interface ge-0/0/5.0 (Index 82) (SNMP ifIndex 542) (Generation 147)

Flags: SNMP-Traps 0x0 Encapsulation: ENET2

Traffic statistics:Input bytes : 662042

Output bytes : 75242

Input packets: 4840

Output packets: 857

<Output Omitted>



IJOS Lab Guide

Page 11

Question: What is the SNMP ifIndex for ge-0/0/5? What about for ge-0/0/5.0?

____________________________________________________________________________

Answer: The SNMP ifIndex values vary between student devices. In the example, the

SNMP ifIndex for ge-0/0/5 and ge-0/0/5.0 are 512 and 542, respectively.

Question: What is the current hardware address for the ge-0/0/5 interface?

____________________________________________________________________________

Answer: The current hardware address for the ge-0/0/5 interface varies between

student devices. In the example, the current hardware address is

00:26:88:e1:60:05.

Question: Does the ge-0/0/5 interface show any input errors?

____________________________________________________________________________

Answer: Although it is possible that input errors exist, the answer to this question

should typically be no.

Question: Does the ge-0/0/5 interface show input and output traffic statistics? How are

those statistics counted?

____________________________________________________________________________

Answer: The interface should show input and output traffic statistics. The system counts

traffic statistics as both bytes and packets as shown in the sample capture.

Step 1.13Issue the clear interfaces statistics ge-0/0/5 command followed by the show

interfaces ge-0/0/5 extensive | find "traffic" command.

admin@SRXP> clear interfaces statistics ge-0/0/5

admin@SRXP> show interfaces ge-0/0/5 extensive | find "traffic" Traffic statistics:

Input bytes : 0 0 bps

Output bytes : 0 0 bps



IJOS Lab Guide

Page 12

Input packets: 0 0 pps

Output packets: 0 0 pps

Input errors:

Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0,

L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0,

FIFO errors: 0, Resource errors: 0

Output errors:Carrier transitions: 0, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0,

FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0

Egress queues: 8 supported, 4 in use

Queue counters: Queued packets Transmitted packets Dropped packets

0 best-effort 0 0 0

1 expedited-fo 0 0 0

2 assured-forw 0 0 0

3 network-cont 0 0 0

Queue number: Mapped forwarding classes

0 best-effort

1 expedited-forwarding

2 assured-forwarding

3 network-control

---(more)---

Question: Were the statistics for the ge-0/0/5 interface successfully cleared?

____________________________________________________________________________

Answer: Although your statistics might not show all zeros, as the sample capture does,

the interface statistics should clear

Part 2: Using Network Utilities and Monitoring Traffic.

Step 2.1From your SRX device ping the REMOTE-P server( 172.26.26.P ), specify a data size of

500 bytes. Ensure that the ping is continuous.

Note: If you are not receiving ICMP echo replies from the REMOTE-P server, notify your

instructor.

admin@SRXP> ping 172.26.26.P size 500 PING 172.26.26.P (172.26.26.P): 500 data bytes



IJOS Lab Guide

Page 13

508 bytes from 172.26.26.P: icmp_seq=0 ttl=127 time=4.105 ms






508 bytes from 172.26.26.P: icmp_seq=6 ttl=127 time=1.924 ms508 bytes from 172.26.26.P: icmp_seq=7 ttl=127 time=1.895 ms

<Output Omitted>

Question: Which command option do you use to make the ping continuous?

____________________________________________________________________________

Answer: As shown in the sample output, you do not need an extra command option to

make the ping continuous. Echo requests send continuously by default. Youcan use the count option to send a defined amount of packets.

Note: You can stop the ping operation by using the Ctrl+c keystroke combination. You

should, however, let the ping operation continue at this time for the subsequent

monitoring step.

From INSIDE-PA PC, open a new terminal session to your SRX device. Use Telnet to access

the INSIDE IP address(10.0.P.1), log in with the admin user. You will use this separate terminal

session to monitor ping traffic generation.

Step 2.2Use the monitor traffic interface ge-0/0/2 command to begin monitoring the ge-

0/0/2 INSIDE interface.

Note: You can stop the monitoring operation by using the Ctrl+c keystroke combination.

You can also increase the capture size using the size option to avoid truncated packets



IJOS Lab Guide

Page 14

Question: Does the capture display ICMP traffic?

____________________________________________________________________________

Answer: Yes, you should see ICMP echoes and replies from your ping operation,

amongst other traffic .

Question: How can you filter the output to show only the ICMP traffic?

____________________________________________________________________________

Answer: Use the matching option to filter by header information in the output .



IJOS Lab Guide

Page 15

Question: What command option allows you to view source and destination MAC

addresses for the captured packets?

____________________________________________________________________________

Answer: Include the layer2-headers option to view Layer 2 header information,

including the source and destination MAC addresses as shown.

Note: The monitor traffic command captures only packets that are local to the device. It does



IJOS Lab Guide

Page 16

not capture transit packets.

Step 2.3In preparation for the next lab part, stop both the ping and monitor operations using

the Ctrl+c keystroke combination, and close the extra terminal session that youopened

Part 3: Recovery the Root Password.

Step 3.1Using a terminal session connected to the console port, reboot the system. Enter yes to

authorize the reboot. Watch for the following message and press the Spacebar when

prompted

admin@SRXP> request system reboot

Reboot the system ? [yes,no] (no) yes

Shutdown NOW!

[pid 6414]

admin@SRXP>

*** FINAL System shutdown message from admin@SRXP ***

System going down IMMEDIATELY

MWaiting (max 60 seconds) for system process `vnlru' to stop...done

Waiting (max 60 seconds) for system process `vnlru_mem' to stop...done

Waiting (max 60 seconds) for system process `bufdaemon' to stop...done

Waiting (max 60 seconds) for system process `syncer' to stop...

Syncing disks, vnodes remaining...0 0 0 done

syncing disks... All buffers synced.

Uptime: 3h41m1s

Rebooting...

cpu_reset: Stopping other CPUs



IJOS Lab Guide

Page 17

U-Boot 1.1.6-JNPR-2.1 (Build time: Jul 4 2011 - 03:55:46)

SRX_240_HIGHMEM board revision major:0, minor:36, serial #: AAAL3327

OCTEON CN5230R-SCP pass 2.0, Core clock: 600 MHz, DDR clock: 333 MHz (666 Mhz data rate)

DRAM: 1024 MB

Starting Memory POST...Checking datalines... OK

Checking address lines... OK

Checking 512K memory for U-Boot... OK.

Running U-Boot CRC Test... OK.

Flash: 4 MB

USB: scanning bus for devices...

Root Hub 0: 3 USB Device(s) found

Root Hub 1: 1 USB Device(s) found

scanning bus for storage devices... 1 Storage Device(s) found

Clearing DRAM........ done

BIST check passed.

1:00:00.0 Vendor/Device ID = 0x811210b5

1:01:07.0 Vendor/Device ID = 0xc72414e4

Boot Media: nand-flash usb

Net: octeth0

POST Passed

Press SPACE to abort autoboot in 1 seconds

ELF file is 32 bit

Loading .text @ 0x8f000078 (245596 bytes)

Loading .rodata @ 0x8f03bfd4 (13940 bytes)

Loading .rodata.str1.4 @ 0x8f03f648 (16648 bytes)Loading set_Xcommand_set @ 0x8f043750 (100 bytes)

Loading .rodata.cst4 @ 0x8f0437b4 (20 bytes)

Loading .data @ 0x8f044000 (5608 bytes)

Loading .data.rel.ro @ 0x8f0455e8 (120 bytes)

Loading .data.rel @ 0x8f045660 (136 bytes)

Clearing .bss @ 0x8f0456e8 (11656 bytes)

## Starting application at 0x8f000078 ...

Consoles: U-Boot console

Found compatible API, ver. 2.1

FreeBSD/MIPS U-Boot bootstrap loader, Revision 2.1([email protected], Mon Jul 4 03:14:10 UTC 2011)

Memory: 1024MB

[0]Booting from nand-flash slice 1

Un-Protected 1 sectors

writing to flash...

Protected 1 sectors



IJOS Lab Guide

Page 18

Loading /boot/defaults/loader.conf

/kernel data=0xae0e24+0x133964 syms=[0x4+0x89cb0+0x4+0xc7a56]

Hit [Enter] to boot immediately or space bar for command prompt.

Type '?' for a list of commands, 'help' for more detailed help.

loader>

Step 3.2 At the prompt, first disable the watchdog process by using the watchdog disable

command. Secondly, type boot -s and press Enter to boot the Junos OS in single-user

mode.

loader> watchdog disable

loader> boot -s Kernel entry at 0x801000d8 ...

init regular console

Primary ICache: Sets 64 Size 128 Asso 4

Primary DCache: Sets 1 Size 128 Asso 64

Secondary DCache: Sets 512 Size 128 Asso 8

GDB: debug ports: uart

GDB: current port: uart

KDB: debugger backends: ddb gdb

KDB: current backend: ddbCopyright (c) 1996-2012, Juniper Networks, Inc.

All rights reserved.

Copyright (c) 1992-2006 The FreeBSD Project.

Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994

The Regents of the University of California. All rights reserved.

<Output Omitted>

Trying to mount root from ufs:/dev/da0s1a

Attaching /cf/packages/junos via /dev/mdctl...

Mounted junos package on /dev/md0...Booting single-user

** /dev/da0s1a

FILE SYSTEM CLEAN; SKIPPING CHECKS

clean, 69624 free (40 frags, 8698 blocks, 0.0% fragmentation)

System watchdog timer disabled

Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh:



IJOS Lab Guide

Page 19

Step 3.3When prompted to enter a pathname for shell or ‘ recovery ’ for root password recovery,

type recovery and press Enter.

Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh:

recovery Performing system setup ...

Checking integrity of BSD labels:

s1: Passed

s2: Passed

s3: Passed

s4: Passed

** /dev/bo0s3e


clean, 12416 free (16 frags, 1550 blocks, 0.1% fragmentation)** /dev/bo0s3f



Checking integrity of licenses:

JUNOS345637.lic: No recovery data









Checking integrity of configuration:

rescue.conf.gz: No recovery data

Loading configuration ...

mgd: commit complete

Setting initial options: .

Starting optional daemons: usbd.

Doing initial network setup:.

Initial interface configuration:additional daemons: eventd.

Additional routing options:kern.module_path: /boot//kernel;/boot/modules ->

/boot/modules;/modules/ifpfe_drv;kldload: Unsupported file type

/modules;

kld netpfe drv: ifpfed_dialer.

Doing additional network setup: ntpdate.

Starting final network daemons:.



IJOS Lab Guide

Page 20

setting ldconfig path: /usr/lib /opt/lib

starting standard daemons: cron.

Initial rc.mips initialization:.

Local package initialization:.

starting local daemons:.

Creating JAIL MFS partition...

JAIL MFS partition createdboot.upgrade.uboot="0xBFC00000"

boot.upgrade.loader="0xBFE00000"

Boot media /dev/da0 has dual root support

** /dev/da0s2a



Sat May 5 21:35:28 CST 2012

Running recovery script ...

machdep.bootsuccess: 1 -> 1

Performing initialization of management services ...

Performing checkout of management services ...

NOTE: Once in the CLI, you will need to enter configuration mode using

NOTE: the 'configure' command to make any required changes. For example,

NOTE: to reset the root password, type:

NOTE: configure

NOTE: set system root-authentication plain-text-password

NOTE: (enter the new password when asked)

NOTE: commitNOTE: exit

NOTE: exit

NOTE: When you exit the CLI, you will be asked if you want to reboot

NOTE: the system

Starting CLI ...

root@SRXP>

Step 3.4Once the prompt is available, enter configuration mode and set a new root password of

juniper123. Commit the configuration. After you exit out of configuration mode and

exit out of operational mode, the software prompts you about rebooting. Type y and

press Enter to reboot the system.

root@SRXP> configure



IJOS Lab Guide

Page 21

Entering configuration mode

[edit]

root@SRXP# set system root-authentication plain-text-password

New password: juniper123

Retype new password: juniper123

[edit]

root@SRXP# commit

commit complete

[edit]

root@SRXP# exit

Exiting configuration mode

root@SRXP> exit

Reboot the system? [y/n] y Terminated

Waiting (max 60 seconds) for system process `vnlru' to stop...done

Waiting (max 60 seconds) for system process `vnlru_mem' to stop...done

Waiting (max 60 seconds) for system process `bufdaemon' to stop...done

Waiting (max 60 seconds) for system process `syncer' to stop...

Syncing disks, vnodes remaining...0 0 0 done

<Output Omitted>



Sat May 5 21:43:01 CST 2012

SRXP (ttyu0)

login:

Step 3.5

Once the system boots, verify the root password recovery by logging in with the newroot password.

SRXP (ttyu0)

login: root




IJOS Lab Guide

Page 22

--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC

root@SRXP%

Question: Were you successfully authenticated using the new root password?

____________________________________________________________________________

Answer: You should now be successfully authenticated as root using the new root

password. This successful authentication verifies that the access recovery

process worked.

Step 3.6Log out and Log in as admin user..

root@SRXP% exit

logout

SRXP (ttyu0)

login: admin


--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC

admin@SRXP>

Step 3.7Save the current configuration to admin’ s home directory.

admin@SRXP> file list

/cf/var/home/admin/:

.ssh/

IJOS.LAB1IJOS.LAB2

IJOS.LAB3

admin@SRXP> configure

Entering configuration mode

[edit]



IJOS Lab Guide

Page 23

admin@SRXP# save IJOS.LAB4

Wrote 146 lines of configuration to 'IJOS.LAB4'

[edit]

admin@SRXP# run file list

/cf/var/home/admin/:

.ssh/

IJOS.LAB1

IJOS.LAB2

IJOS.LAB3

IJOS.LAB4

By saving your current configuration, you are able to rollback at anytime.

For Example:

[edit]

admin@SRXP# load override IJOS.LAB4

load complete

[edit]

admin@SRXP# commit

commit complete

Tell your instructor that you have completed this lab.

Documents

IJOS Lab Guide -Lab4.Ready