Upload
aloneye
View
230
Download
1
Embed Size (px)
Citation preview
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 1/23
IJOS Lab Guide
Page 1
In this activity, you you will perform the following tasks:
Part 1: Monitor chassis, system, and interface operation.
Part 2: Use network utilities.
Part 3: Recover the root password.
LLaabb 44::
OOppeerraattiioonnaall MMoonniittoorriinngg aanndd
MMaaiinntteennaannccee
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 2/23
IJOS Lab Guide
Page 2
Part 1: Monitoring System and Chassis Operation
Step 1.1Issue the show system processes extensive command to check the status of the routing
protocol daemon (rpd). Alternatively, issue the show system processes extensive |
match "pid | rpd" command to parse the output. The use of two pipes ( | ) in this
command allows. you to make multiple matches. In this case it matches rpd for the
routing protocol process as well as PID to view the column headers.
SRXP (ttyu0)
login: admin
Password: juniper123
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
admin@SRXP> show system processes extensive | match "pid | rpd" PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
3664 root 1 4 0 49392K 22192K kqread 0 0:02 0.00% rpd
Question: What is the weighted CPU usage of rpd?
____________________________________________________________________________
Answer: The answer can vary. In the sample output taken from SRXP, the weightedCPU usage is 0%. The weighted CPU column represents the CPU usage over a
period of time.
Step 1.2Issue the show system statistics command to view protocol statistics related to your
SRX device.
admin@SRXP> show system statistics
Tcp: 2111 packets sent
393 data packets (27298 bytes)
0 data packets retransmitted (0 bytes)
0 resends initiated by MTU discovery
174 ack only packets (135 packets delayed)
0 URG only packets
0 window probe packets
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 3/23
IJOS Lab Guide
Page 3
2 window update packets
3258 control packets
3943 packets received
416 acks(for 27326 bytes)
13 duplicate acks
0 acks for unsent data
428 packets received in-sequence(9905 bytes)1 completely duplicate packets(0 bytes)
0 old duplicate packets
0 packets with some duplicate data(0 bytes duped)
0 out-of-order packets(0 bytes)
0 packets of data after window(0 bytes)
0 window probes
3 window update packets
0 packets received after close
---(more)---
Question: How many TCP packets did your assigned device send since the last clearing of
the system statistics?
____________________________________________________________________________
Answer: The answer can vary. In the previous example taken from SRXP, the device sent
2111 TCP packets.
Step 1.3Issue the show system storage command to view information regarding the device
storage space.
admin@SRXP> show system storage Filesystem Size Used Avail Capacity Mounted on
/dev/da0s1a 292M 156M 113M 58% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/md0 431M 431M 0B 100% /junos
/cf 292M 156M 113M 58% /junos/cf
devfs 1.0K 1.0K 0B 100% /junos/dev/
procfs 4.0K 4.0K 0B 100% /proc/dev/bo0s3e 24M 44K 22M 0% /config
/dev/bo0s3f 342M 6.7M 308M 2% /cf/var
/dev/md1 168M 17M 137M 11% /mfs
/cf/var/jail 342M 6.7M 308M 2% /jail/var
/cf/var/log 342M 6.7M 308M 2% /jail/var/log
devfs 1.0K 1.0K 0B 100% /jail/dev
/dev/md2 39M 4.0K 36M 0% /mfs/var/run/utm
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 4/23
IJOS Lab Guide
Page 4
/dev/md3 1.8M 4.0K 1.7M 0% /jail/mfs
Question: How much free space is available on your device?
____________________________________________________________________________
Answer: The answer can vary. In the sample output taken from SRXP, 113 Megabytes
are available.
Step 1.4Issue the show system uptime command to view the current system time.
admin@SRXP> show system uptime Current time: 2012-05-05 20:05:31 CST
System booted: 2012-05-05 17:47:34 CST (02:17:57 ago)
Protocols started: 2012-05-05 18:54:33 CST (01:10:58 ago)Last configured: 2012-05-05 19:47:07 CST (00:18:24 ago) by admin
8:05PM up 2:18, 2 users, load averages: 0.03, 0.06, 0.07
Question: When was your team¡¦s device last booted?
____________________________________________________________________________
Answer: The answer will vary. In the example taken from SRXP, you can see that the
system booted 2 hours and 18 minutes ago
Step 1.5 Access to your INSIDE-PA , open another terminal window and use Telnet to access your
INSIDE IP address(10.0.P.1). If needed, refer to the diagram. Log in with the username
walter and the password walter123.
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 5/23
IJOS Lab Guide
Page 5
Step 1.6Return to the console session and issue the show system users command to view
information about users logged in to your team’s device.
admin@SRXP> show system users 8:14PM up 2:27, 2 users, load averages: 0.09, 0.04, 0.06
USER TTY FROM LOGIN@ IDLE WHAT
admin u0 - 7:52PM - -cli (cli)walter p0 10.0.P.10 8:14PM - -cli (cli)
Question: What is the source IP address of the Telnet session established by the user
walter?
____________________________________________________________________________
Answer: The answer will vary. In the following example taken from SRXP, the source IP
address of the telnet session established by the user walter is 10.0.P.10.
Step 1.7Issue the request system logout user walter command to force a log out for the user
walter. Next, issue the show system users command to verify
that the user session for walter was terminated.
admin@SRXP> request system logout user walter
logout-user: done
admin@SRXP> show system users 8:18PM up 2:31, 1 user, load averages: 0.16, 0.11, 0.08
USER TTY FROM LOGIN@ IDLE WHAT
admin u0 - 7:52PM - -cli (cli)
Question: Was the user Telnet session for walter properly closed?
____________________________________________________________________________
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 6/23
IJOS Lab Guide
Page 6
Answer: As shown in the sample output, the Telnet session for the user walter should
now be closed.
Step 1.8Check the environmental status of your team’s device by issuing the show chassis
environment command.
admin@SRXP> show chassis environment Class Item Status Measurement
Temp Routing Engine OK 49 degrees C / 120 degrees F
Routing Engine CPU OK 49 degrees C / 120 degrees F
Fans SRX240 PowerSupply fan 1 OK Spinning at normal speed
SRX240 PowerSupply fan 2 OK Spinning at normal speed
SRX240 CPU fan 1 OK Spinning at normal speed
SRX240 CPU fan 2 OK Spinning at normal speedSRX240 IO fan 1 OK Spinning at normal speed
SRX240 IO fan 2 OK Spinning at normal speed
Power Power Supply 0 OK
Question: What is the temperature and status of the Routing Engine (RE)?
____________________________________________________________________________
Answer: Your details might vary. The sample capture shows a temperature of 49
degrees Celsius and a status of OK.
Question: Name another show chassis command that displays the RE temperature.
(Hint: Use the ?.)
____________________________________________________________________________
Answer: As the following capture shows, the show chassis routing-engine command
displays the RE temperature as well as other RE-specific details.
admin@SRXP> show chassis routing-engine
Routing Engine status:Temperature 49 degrees C / 120 degrees F
CPU temperature 48 degrees C / 118 degrees F
Total memory 1024 MB Max 655 MB used ( 64 percent)
Control plane memory 560 MB Max 370 MB used ( 66 percent)
Data plane memory 464 MB Max 283 MB used ( 61 percent)
CPU utilization:
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 7/23
IJOS Lab Guide
Page 7
User 5 percent
Background 0 percent
Kernel 1 percent
Interrupt 0 percent
Idle 94 percent
Model RE-SRX240H
Serial ID AAAL3327Start time 2012-05-05 17:47:27 CST
Uptime 2 hours, 36 minutes, 8 seconds
Last reboot reason 0x200:normal shutdown
Load averages: 1 minute 5 minute 15 minute
0.21 0.13 0.09
Step 1.9Issue the show chassis temperature-thresholds command
admin@SRXP> show chassis temperature-thresholds Fan speed Yellow alarm Red alarm Fire Shutdown
(degrees C) (degrees C) (degrees C) (degrees C)
Item Normal High Normal Bad fan Normal Bad fan Normal
Chassis default 35 45 50 40 75 65 100
Routing Engine 35 45 50 40 75 65 10
Question: At what temperature is a red alarm generated for the RE?
____________________________________________________________________________
Answer: Assuming the fans are operational, the system raises a red alarm when the RE
reaches 75 degrees Celsius. These threshold values can vary between different
Junos devices.
Step 1.10View details about your system’ s hardware components using the show chassis
hardware command.
admin@SRXP> show chassis hardware Hardware inventory:
Item Version Part number Serial number Description
Chassis AG3809AA0008 SRX240H
Routing Engine REV 36 750-021793 AAAL3327 RE-SRX240H
FPC 0 FPC
PIC 0 16x GE Base PIC
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 8/23
IJOS Lab Guide
Page 8
Power Supply 0
Question: What is the chassis serial number for your SRX device??
____________________________________________________________________________
Answer: The answer will vary depending on your assigned device. In the example, the
chassis serial number is AG3809AA0008
Step 1.11Issue the show interface terse command to quickly verify the administrative and link
state for your device’s interfaces.
admin@SRXP> show interfaces terse Interface Admin Link Proto Local Remote
ge-0/0/0 up down
gr-0/0/0 up up
ip-0/0/0 up up
lsq-0/0/0 up up
lt-0/0/0 up up
mt-0/0/0 up up
sp-0/0/0 up up
sp-0/0/0.0 up up inet
sp-0/0/0.16383 up up inet 10.0.0.1 --> 10.0.0.16
10.0.0.6 --> 0/0
128.0.0.1 --> 128.0.1.16128.0.0.6 --> 0/0
ge-0/0/1 up up
ge-0/0/2 up up
ge-0/0/2.0 up up inet 192.168.P.2/24
ge-0/0/3 up up
ge-0/0/3.0 up up inet 172.16.P.1/24
ge-0/0/4 up down
ge-0/0/5 up up
ge-0/0/5.0 up up inet 10.0.P.1/24
ge-0/0/6 up down
ge-0/0/7 up upge-0/0/8 up up
ge-0/0/9 up up
ge-0/0/10 up up
ge-0/0/11 up up
ge-0/0/12 up up
ge-0/0/13 up up
ge-0/0/14 up up
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 9/23
IJOS Lab Guide
Page 9
ge-0/0/15 up up
fxp2 up up
fxp2.0 up up tnp 0x1
gre up up
ipip up up
irb up up
lo0 up uplo0.16384 up up inet 127.0.0.1 --> 0/0
lo0.16385 up up inet 10.0.0.1 --> 0/0
10.0.0.16 --> 0/0
128.0.0.1 --> 0/0
128.0.0.4 --> 0/0
128.0.1.16 --> 0/0
lo0.32768 up up
lsi up up
mtun up up
pimd up up
pime up up
pp0 up up
ppd0 up up
ppe0 up up
st0 up up
tap up up
vlan up up
Question: What are the Admin and Link states for all configured interfaces?
____________________________________________________________________________
Answer: All configured interfaces should show Admin and Link states of up. If your
output shows otherwise, please contact your instructor.
Step 1.12Issue the show interfaces ge-0/0/5 extensive command and answer the questions that
follow:
admin@SRXP> show interfaces ge-0/0/5 extensive Physical interface: ge-0/0/5, Enabled, Physical link is Up
Interface index: 139, SNMP ifIndex: 512, Generation: 142
Description: INSIDE INTERFACE
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 100mbps,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled,
Remote fault: Online
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 10/23
IJOS Lab Guide
Page 10
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Hold-times : Up 0 ms, Down 0 ms
Current address: 00:26:88:e1:60:05, Hardware address: 00:26:88:e1:60:05
Last flapped : 2012-05-05 17:50:22 CST (02:45:31 ago)Statistics last cleared: Never
Traffic statistics:
Input bytes : 329585 232 bps
Output bytes : 93202 0 bps
Input packets: 4840 0 pps
Output packets: 857 0 pps
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0,
L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0,
FIFO errors: 0, Resource errors: 0
Output errors:
Carrier transitions: 1, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0,
FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0
Egress queues: 8 supported, 4 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 595 595 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 257 257 0
Queue number: Mapped forwarding classes
0 best-effort1 expedited-forwarding
2 assured-forwarding
3 network-control
Active alarms : None
Active defects : None
<Output Omitted>
Logical interface ge-0/0/5.0 (Index 82) (SNMP ifIndex 542) (Generation 147)
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Traffic statistics:Input bytes : 662042
Output bytes : 75242
Input packets: 4840
Output packets: 857
<Output Omitted>
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 11/23
IJOS Lab Guide
Page 11
Question: What is the SNMP ifIndex for ge-0/0/5? What about for ge-0/0/5.0?
____________________________________________________________________________
Answer: The SNMP ifIndex values vary between student devices. In the example, the
SNMP ifIndex for ge-0/0/5 and ge-0/0/5.0 are 512 and 542, respectively.
Question: What is the current hardware address for the ge-0/0/5 interface?
____________________________________________________________________________
Answer: The current hardware address for the ge-0/0/5 interface varies between
student devices. In the example, the current hardware address is
00:26:88:e1:60:05.
Question: Does the ge-0/0/5 interface show any input errors?
____________________________________________________________________________
Answer: Although it is possible that input errors exist, the answer to this question
should typically be no.
Question: Does the ge-0/0/5 interface show input and output traffic statistics? How are
those statistics counted?
____________________________________________________________________________
Answer: The interface should show input and output traffic statistics. The system counts
traffic statistics as both bytes and packets as shown in the sample capture.
Step 1.13Issue the clear interfaces statistics ge-0/0/5 command followed by the show
interfaces ge-0/0/5 extensive | find "traffic" command.
admin@SRXP> clear interfaces statistics ge-0/0/5
admin@SRXP> show interfaces ge-0/0/5 extensive | find "traffic" Traffic statistics:
Input bytes : 0 0 bps
Output bytes : 0 0 bps
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 12/23
IJOS Lab Guide
Page 12
Input packets: 0 0 pps
Output packets: 0 0 pps
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0,
L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0,
FIFO errors: 0, Resource errors: 0
Output errors:Carrier transitions: 0, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0,
FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0
Egress queues: 8 supported, 4 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 0 0 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 0 0 0
Queue number: Mapped forwarding classes
0 best-effort
1 expedited-forwarding
2 assured-forwarding
3 network-control
---(more)---
Question: Were the statistics for the ge-0/0/5 interface successfully cleared?
____________________________________________________________________________
Answer: Although your statistics might not show all zeros, as the sample capture does,
the interface statistics should clear
Part 2: Using Network Utilities and Monitoring Traffic.
Step 2.1From your SRX device ping the REMOTE-P server( 172.26.26.P ), specify a data size of
500 bytes. Ensure that the ping is continuous.
Note: If you are not receiving ICMP echo replies from the REMOTE-P server, notify your
instructor.
admin@SRXP> ping 172.26.26.P size 500 PING 172.26.26.P (172.26.26.P): 500 data bytes
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 13/23
IJOS Lab Guide
Page 13
508 bytes from 172.26.26.P: icmp_seq=0 ttl=127 time=4.105 ms
508 bytes from 172.26.26.P: icmp_seq=1 ttl=127 time=2.182 ms
508 bytes from 172.26.26.P: icmp_seq=2 ttl=127 time=2.064 ms
508 bytes from 172.26.26.P: icmp_seq=3 ttl=127 time=1.781 ms
508 bytes from 172.26.26.P: icmp_seq=4 ttl=127 time=2.030 ms
508 bytes from 172.26.26.P: icmp_seq=5 ttl=127 time=1.886 ms
508 bytes from 172.26.26.P: icmp_seq=6 ttl=127 time=1.924 ms508 bytes from 172.26.26.P: icmp_seq=7 ttl=127 time=1.895 ms
<Output Omitted>
Question: Which command option do you use to make the ping continuous?
____________________________________________________________________________
Answer: As shown in the sample output, you do not need an extra command option to
make the ping continuous. Echo requests send continuously by default. Youcan use the count option to send a defined amount of packets.
Note: You can stop the ping operation by using the Ctrl+c keystroke combination. You
should, however, let the ping operation continue at this time for the subsequent
monitoring step.
From INSIDE-PA PC, open a new terminal session to your SRX device. Use Telnet to access
the INSIDE IP address(10.0.P.1), log in with the admin user. You will use this separate terminal
session to monitor ping traffic generation.
Step 2.2Use the monitor traffic interface ge-0/0/2 command to begin monitoring the ge-
0/0/2 INSIDE interface.
Note: You can stop the monitoring operation by using the Ctrl+c keystroke combination.
You can also increase the capture size using the size option to avoid truncated packets
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 14/23
IJOS Lab Guide
Page 14
Question: Does the capture display ICMP traffic?
____________________________________________________________________________
Answer: Yes, you should see ICMP echoes and replies from your ping operation,
amongst other traffic .
Question: How can you filter the output to show only the ICMP traffic?
____________________________________________________________________________
Answer: Use the matching option to filter by header information in the output .
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 15/23
IJOS Lab Guide
Page 15
Question: What command option allows you to view source and destination MAC
addresses for the captured packets?
____________________________________________________________________________
Answer: Include the layer2-headers option to view Layer 2 header information,
including the source and destination MAC addresses as shown.
Note: The monitor traffic command captures only packets that are local to the device. It does
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 16/23
IJOS Lab Guide
Page 16
not capture transit packets.
Step 2.3In preparation for the next lab part, stop both the ping and monitor operations using
the Ctrl+c keystroke combination, and close the extra terminal session that youopened
Part 3: Recovery the Root Password.
Step 3.1Using a terminal session connected to the console port, reboot the system. Enter yes to
authorize the reboot. Watch for the following message and press the Spacebar when
prompted
admin@SRXP> request system reboot
Reboot the system ? [yes,no] (no) yes
Shutdown NOW!
[pid 6414]
admin@SRXP>
*** FINAL System shutdown message from admin@SRXP ***
System going down IMMEDIATELY
MWaiting (max 60 seconds) for system process `vnlru' to stop...done
Waiting (max 60 seconds) for system process `vnlru_mem' to stop...done
Waiting (max 60 seconds) for system process `bufdaemon' to stop...done
Waiting (max 60 seconds) for system process `syncer' to stop...
Syncing disks, vnodes remaining...0 0 0 done
syncing disks... All buffers synced.
Uptime: 3h41m1s
Rebooting...
cpu_reset: Stopping other CPUs
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 17/23
IJOS Lab Guide
Page 17
U-Boot 1.1.6-JNPR-2.1 (Build time: Jul 4 2011 - 03:55:46)
SRX_240_HIGHMEM board revision major:0, minor:36, serial #: AAAL3327
OCTEON CN5230R-SCP pass 2.0, Core clock: 600 MHz, DDR clock: 333 MHz (666 Mhz data rate)
DRAM: 1024 MB
Starting Memory POST...Checking datalines... OK
Checking address lines... OK
Checking 512K memory for U-Boot... OK.
Running U-Boot CRC Test... OK.
Flash: 4 MB
USB: scanning bus for devices...
Root Hub 0: 3 USB Device(s) found
Root Hub 1: 1 USB Device(s) found
scanning bus for storage devices... 1 Storage Device(s) found
Clearing DRAM........ done
BIST check passed.
1:00:00.0 Vendor/Device ID = 0x811210b5
1:01:07.0 Vendor/Device ID = 0xc72414e4
Boot Media: nand-flash usb
Net: octeth0
POST Passed
Press SPACE to abort autoboot in 1 seconds
ELF file is 32 bit
Loading .text @ 0x8f000078 (245596 bytes)
Loading .rodata @ 0x8f03bfd4 (13940 bytes)
Loading .rodata.str1.4 @ 0x8f03f648 (16648 bytes)Loading set_Xcommand_set @ 0x8f043750 (100 bytes)
Loading .rodata.cst4 @ 0x8f0437b4 (20 bytes)
Loading .data @ 0x8f044000 (5608 bytes)
Loading .data.rel.ro @ 0x8f0455e8 (120 bytes)
Loading .data.rel @ 0x8f045660 (136 bytes)
Clearing .bss @ 0x8f0456e8 (11656 bytes)
## Starting application at 0x8f000078 ...
Consoles: U-Boot console
Found compatible API, ver. 2.1
FreeBSD/MIPS U-Boot bootstrap loader, Revision 2.1([email protected], Mon Jul 4 03:14:10 UTC 2011)
Memory: 1024MB
[0]Booting from nand-flash slice 1
Un-Protected 1 sectors
writing to flash...
Protected 1 sectors
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 18/23
IJOS Lab Guide
Page 18
Loading /boot/defaults/loader.conf
/kernel data=0xae0e24+0x133964 syms=[0x4+0x89cb0+0x4+0xc7a56]
Hit [Enter] to boot immediately or space bar for command prompt.
Type '?' for a list of commands, 'help' for more detailed help.
loader>
Step 3.2 At the prompt, first disable the watchdog process by using the watchdog disable
command. Secondly, type boot -s and press Enter to boot the Junos OS in single-user
mode.
loader> watchdog disable
loader> boot -s Kernel entry at 0x801000d8 ...
init regular console
Primary ICache: Sets 64 Size 128 Asso 4
Primary DCache: Sets 1 Size 128 Asso 64
Secondary DCache: Sets 512 Size 128 Asso 8
GDB: debug ports: uart
GDB: current port: uart
KDB: debugger backends: ddb gdb
KDB: current backend: ddbCopyright (c) 1996-2012, Juniper Networks, Inc.
All rights reserved.
Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
<Output Omitted>
Trying to mount root from ufs:/dev/da0s1a
Attaching /cf/packages/junos via /dev/mdctl...
Mounted junos package on /dev/md0...Booting single-user
** /dev/da0s1a
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 69624 free (40 frags, 8698 blocks, 0.0% fragmentation)
System watchdog timer disabled
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh:
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 19/23
IJOS Lab Guide
Page 19
Step 3.3When prompted to enter a pathname for shell or ‘ recovery ’ for root password recovery,
type recovery and press Enter.
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh:
recovery Performing system setup ...
Checking integrity of BSD labels:
s1: Passed
s2: Passed
s3: Passed
s4: Passed
** /dev/bo0s3e
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 12416 free (16 frags, 1550 blocks, 0.1% fragmentation)** /dev/bo0s3f
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 171911 free (151 frags, 21470 blocks, 0.1% fragmentation)
Checking integrity of licenses:
JUNOS345637.lic: No recovery data
JUNOS345638.lic: No recovery data
JUNOS345639.lic: No recovery data
JUNOS345640.lic: No recovery data
JUNOS387415.lic: No recovery data
JUNOS387416.lic: No recovery data
JUNOS387417.lic: No recovery data
JUNOS387418.lic: No recovery data
JUNOS387419.lic: No recovery data
Checking integrity of configuration:
rescue.conf.gz: No recovery data
Loading configuration ...
mgd: commit complete
Setting initial options: .
Starting optional daemons: usbd.
Doing initial network setup:.
Initial interface configuration:additional daemons: eventd.
Additional routing options:kern.module_path: /boot//kernel;/boot/modules ->
/boot/modules;/modules/ifpfe_drv;kldload: Unsupported file type
/modules;
kld netpfe drv: ifpfed_dialer.
Doing additional network setup: ntpdate.
Starting final network daemons:.
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 20/23
IJOS Lab Guide
Page 20
setting ldconfig path: /usr/lib /opt/lib
starting standard daemons: cron.
Initial rc.mips initialization:.
Local package initialization:.
starting local daemons:.
Creating JAIL MFS partition...
JAIL MFS partition createdboot.upgrade.uboot="0xBFC00000"
boot.upgrade.loader="0xBFE00000"
Boot media /dev/da0 has dual root support
** /dev/da0s2a
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 70193 free (9 frags, 8773 blocks, 0.0% fragmentation)
Sat May 5 21:35:28 CST 2012
Running recovery script ...
machdep.bootsuccess: 1 -> 1
Performing initialization of management services ...
Performing checkout of management services ...
NOTE: Once in the CLI, you will need to enter configuration mode using
NOTE: the 'configure' command to make any required changes. For example,
NOTE: to reset the root password, type:
NOTE: configure
NOTE: set system root-authentication plain-text-password
NOTE: (enter the new password when asked)
NOTE: commitNOTE: exit
NOTE: exit
NOTE: When you exit the CLI, you will be asked if you want to reboot
NOTE: the system
Starting CLI ...
root@SRXP>
Step 3.4Once the prompt is available, enter configuration mode and set a new root password of
juniper123. Commit the configuration. After you exit out of configuration mode and
exit out of operational mode, the software prompts you about rebooting. Type y and
press Enter to reboot the system.
root@SRXP> configure
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 21/23
IJOS Lab Guide
Page 21
Entering configuration mode
[edit]
root@SRXP# set system root-authentication plain-text-password
New password: juniper123
Retype new password: juniper123
[edit]
root@SRXP# commit
commit complete
[edit]
root@SRXP# exit
Exiting configuration mode
root@SRXP> exit
Reboot the system? [y/n] y Terminated
Waiting (max 60 seconds) for system process `vnlru' to stop...done
Waiting (max 60 seconds) for system process `vnlru_mem' to stop...done
Waiting (max 60 seconds) for system process `bufdaemon' to stop...done
Waiting (max 60 seconds) for system process `syncer' to stop...
Syncing disks, vnodes remaining...0 0 0 done
<Output Omitted>
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 70193 free (9 frags, 8773 blocks, 0.0% fragmentation)
Sat May 5 21:43:01 CST 2012
SRXP (ttyu0)
login:
Step 3.5
Once the system boots, verify the root password recovery by logging in with the newroot password.
SRXP (ttyu0)
login: root
Password: juniper123
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 22/23
IJOS Lab Guide
Page 22
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
root@SRXP%
Question: Were you successfully authenticated using the new root password?
____________________________________________________________________________
Answer: You should now be successfully authenticated as root using the new root
password. This successful authentication verifies that the access recovery
process worked.
Step 3.6Log out and Log in as admin user..
root@SRXP% exit
logout
SRXP (ttyu0)
login: admin
Password: juniper123
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
admin@SRXP>
Step 3.7Save the current configuration to admin’ s home directory.
admin@SRXP> file list
/cf/var/home/admin/:
.ssh/
IJOS.LAB1IJOS.LAB2
IJOS.LAB3
admin@SRXP> configure
Entering configuration mode
[edit]
7/23/2019 IJOS Lab Guide -Lab4.Ready
http://slidepdf.com/reader/full/ijos-lab-guide-lab4ready 23/23
IJOS Lab Guide
Page 23
admin@SRXP# save IJOS.LAB4
Wrote 146 lines of configuration to 'IJOS.LAB4'
[edit]
admin@SRXP# run file list
/cf/var/home/admin/:
.ssh/
IJOS.LAB1
IJOS.LAB2
IJOS.LAB3
IJOS.LAB4
By saving your current configuration, you are able to rollback at anytime.
For Example:
[edit]
admin@SRXP# load override IJOS.LAB4
load complete
[edit]
admin@SRXP# commit
commit complete
Tell your instructor that you have completed this lab.