A New Device
Like most good networking equipment, we can connect a console cable to any Juniper device.
This can be a traditional serial console cable or a USB console cable.
Sometimes the root password is lost, and needs to be recovered. To do this:
- Reboot the switch
- Interrupt boot to enter the interactive bootloader menu
- Enter single-user mode with ‘boot -s’
- Run the ‘recovery’ script
- Set the root password
There are two different ways to factory reset a device. One is to load the factory config, which erases configuration but leaves everything else intact.
The other is to ‘zeroize’ the system, which erases everything. This is very destructive.
If the hostname is amnesiac, then the device has started up with the default configuration. In this case, you’re probably logged into the shell. You can start the Junos CLI with the cli command.
The first thing you should do is set a root password. In fact, Junos will not allow you to commit any config unless the root account has a password.
If you’re updating Junos, consider using a version recommended by JTAC. These versions are known to be very stable. The recommended version will vary according to the platform.
To download an update you need a valid support contract and a login to Juniper’s site.
The versioning convention is m.nZb.s:
- m – major release
- n – minor release
- Z – Release type
- b – Major build
- s – Minor build (spin)
The release type follows this convention (generally R and S are the only ones you need to worry about:
- R – First Revenue Ship (FRS) or maintenance release
- F – Feature velocity release
- B – Beta release
- I – Internal release
- S – Service release
- X – Exception release
Most Junos devices will have recovery partitions. These are used if the primary partition is corrupt for any reason (unexpected power outages can cause this).
So, when we update Junos on a device, we should also update the recovery partition as well.
In a case when the primary partition is corrupt, the device will boot from the recovery partition. We can then use that to rebuild the primary partition.
Once a device has been configured, we can access it with the console port, SSH, Telnet, jWeb console, or some type of automation (through REST or NETCONF).
By default, only the console port is enabled. If you want to use these other methods, you will need to configure them.
In addition to rolling back, there’s also a rescue config. This is a known good config that’s used if the main config can’t be loaded. The rescue config is named rescue.conf.gz.
Optionally, you can export your configuration, so you can use it as a template for other devices.
This can be in the form of the native config hierarchy, or we can export a series of set commands.
Set commands are simple to use, as we can simply take them and paste them into the CLI.
Config hierarchy needs to be loaded in with the load command:
- Update – Like override, but more gentle; Can be anywhere in the hierarchy, Junos notified only the processes that are affected by the config change
- Override – overwrites the current config with the one you provide (top of the hierarchy only)
- Patch – adds/deletes variables in the configuration
- Replace – looks for replace tags in the config, and replaces sections in the current config with the same name
Set – lets us load using set commands
By default, a password needs to be six characters or more long, and either have a mix of upper and lower case characters, or use regular and special characters.
|Enter single-user mode from the boot loader
|Single User mode
|From single-user mode, enter recovery mode
|set system root-authentication plain-text-password
|Set the root password
|Loads the default config; requires a commit
|request system zeroize
|Begins a full factory reset
|Enter the Junos CLI
|show system information
|Get the model number
|show chassis hardware
|Get the model number
|See the current version of Junos
|request system storage clean-up
|Copy a file
|request system software add
|Install an update
|request system reboot
|Reboot the device
|request system software rollback
|Rollback an update
|show system snapshot media internal
|See the recovery snapshot (old command)
|show system snapshot
|See the recovery snapshot (new command)
|request system recover
|Roll back to a snapshot
|request system snapshot media internal slice alternate
|Create a new recovery snapshot (old command)
|request system snapshot recovery
|Create a new recovery snapshot (new command)
|set system auto-snapshot
|Automatically recover the primary partition if it is corrupt
|set system name-server
|Configure a DNS server
|set date YYYYMMDDHHMM.ss
|Set the date
|set system ntp server
|Set the NTP server
|set snmp community
|Set an SNMP community
|set snmp trap-group
|Configure SNMP traps
|set system services ssh
|set system services web-management https system-generated-certificate
|Enable JWeb over HTTPS, using a self-signed certificate
|request system configuration rescue
|Create or delete a rescue configuration
|show system configuration rescue
|Show the rescue config
|Rollback to the rescue config; Needs to be committed
|show chassis alarms
|See if there are any alarms raise by Junos
|load merge terminal
|Load some structured (hierarchical) config
|show configuration | display set
|Display the config as set commands
|show configuration | display set | save
|Export the config as set commands to a file
Recovering the root password on EX Series switches
Junos Software Versions – Suggested Releases to Consider and Evaluate
Software Installation and Upgrade Overview
Switch boots from backup root partition after file system corruption occurred on the primary root partition