IJOS Lab Guide

Lab 4:
O p e r a t i o n a l M o n i to r i n g a n d
M a i n te n a n c e
In this activity, you you will perform the following tasks:
Part 1: Monitor chassis, system, and interface operation.
Part 2: Use network utilities.
Part 3: Recover the root password.

Page 1

IJOS Lab Guide

Part 1: Monitoring System and Chassis Operation

Step 1.1
Issue the show system processes extensive command to check the status of the routing
protocol daemon (rpd). Alternatively, issue the show system processes extensive |
match "pid | rpd" command to parse the output. The use of two pipes (|) in this
command allows. you to make multiple matches. In this case it matches rpd for the
routing protocol process as well as PID to view the column headers.
SRXP (ttyu0)
login: admin
Password: juniper123
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
admin@SRXP> show system processes extensive | match "pid | rpd"
PID USERNAME THR PRI NICE SIZE
RES STATE C TIME WCPU COMMAND
3664 root
1 4
0 49392K 22192K kqread 0 0:02 0.00% rpd

Question:

What is the weighted CPU usage of rpd?

____________________________________________________________________________

Answer:

The answer can vary. In the sample output taken from SRXP, the weighted
CPU usage is 0%. The weighted CPU column represents the CPU usage over a
period of time.

Step 1.2
Issue the show system statistics command to view protocol statistics related to your
SRX device.
admin@SRXP> show system statistics
Tcp:
2111 packets sent
393 data packets (27298 bytes)
0 data packets retransmitted (0 bytes)
0 resends initiated by MTU discovery
174 ack only packets (135 packets delayed)
0 URG only packets
0 window probe packets
Page 2

IJOS Lab Guide

2 window update packets

3258 control packets
3943 packets received
416 acks(for 27326 bytes)
13 duplicate acks
0 acks for unsent data
428 packets received in-sequence(9905 bytes)
1 completely duplicate packets(0 bytes)
0 old duplicate packets
0 packets with some duplicate data(0 bytes duped)
0 out-of-order packets(0 bytes)
0 packets of data after window(0 bytes)
0 window probes
3 window update packets
0 packets received after close
---(more)---

Question:

How many TCP packets did your assigned device send since the last clearing of
the system statistics?
____________________________________________________________________________

Answer:

The answer can vary. In the previous example taken from SRXP, the device sent
2111 TCP packets.

Step 1.3
Issue the show system storage command to view information regarding the device
storage space.
admin@SRXP> show system storage
Filesystem
Size
Used
/dev/da0s1a
292M
156M
devfs
1.0K
1.0K
/dev/md0
431M
431M
/cf
292M
156M
devfs
1.0K
1.0K
procfs
4.0K
4.0K
/dev/bo0s3e
24M
44K
/dev/bo0s3f
342M
6.7M
/dev/md1
168M
17M
/cf/var/jail
342M
6.7M
/cf/var/log
342M
6.7M
devfs
1.0K
1.0K
/dev/md2
39M
4.0K

Avail Capacity Mounted on

113M
58% /
0B
100% /dev
0B
100% /junos
113M
58% /junos/cf
0B
100% /junos/dev/
0B
100% /proc
22M
0% /config
308M
2% /cf/var
137M
11% /mfs
308M
2% /jail/var
308M
2% /jail/var/log
0B
100% /jail/dev
36M
0% /mfs/var/run/utm
Page 3

IJOS Lab Guide

/dev/md3

1.8M

4.0K

1.7M

0% /jail/mfs

Question:

How much free space is available on your device?

____________________________________________________________________________

Answer:

The answer can vary. In the sample output taken from SRXP, 113 Megabytes
are available.

Step 1.4
Issue the show system uptime command to view the current system time.
admin@SRXP> show system uptime
Current time: 2012-05-05 20:05:31 CST
System booted: 2012-05-05 17:47:34 CST (02:17:57 ago)
Protocols started: 2012-05-05 18:54:33 CST (01:10:58 ago)
Last configured: 2012-05-05 19:47:07 CST (00:18:24 ago) by admin
8:05PM up 2:18, 2 users, load averages: 0.03, 0.06, 0.07

Question:

When was your teams device last booted?

____________________________________________________________________________

Answer:

The answer will vary. In the example taken from SRXP, you can see that the
system booted 2 hours and 18 minutes ago

Step 1.5
Access to your INSIDE-PA, open another terminal window and use Telnet to access your
INSIDE IP address(10.0.P.1). If needed, refer to the diagram. Log in with the username
walter and the password walter123.

Page 4

IJOS Lab Guide

Step 1.6
Return to the console session and issue the show system users command to view
information about users logged in to your teams device.
admin@SRXP> show system users
8:14PM up 2:27, 2 users, load averages: 0.09, 0.04, 0.06
USER
TTY
FROM
LOGIN@ IDLE WHAT
admin
u0
7:52PM
- -cli (cli)
walter p0
10.0.P.10
8:14PM
- -cli (cli)

Question:

What is the source IP address of the Telnet session established by the user
walter?
____________________________________________________________________________

Answer:

The answer will vary. In the following example taken from SRXP, the source IP
address of the telnet session established by the user walter is 10.0.P.10.

Step 1.7
Issue the request system logout user walter command to force a log out for the user
walter. Next, issue the show system users command to verify
that the user session for walter was terminated.
admin@SRXP> request system logout user walter
logout-user: done
admin@SRXP> show system users
8:18PM up 2:31, 1 user, load averages: 0.16, 0.11, 0.08
USER
TTY
FROM
LOGIN@ IDLE WHAT
admin
u0
7:52PM
- -cli (cli)

Question:

Was the user Telnet session for walter properly closed?

____________________________________________________________________________
Page 5

IJOS Lab Guide

Answer:

As shown in the sample output, the Telnet session for the user walter should
now be closed.

Step 1.8
Check the environmental status of your teams device by issuing the show chassis
environment command.
admin@SRXP> show chassis environment
Class Item
Status
Measurement
Temp Routing Engine
OK
49 degrees C / 120
Routing Engine CPU
OK
49 degrees C / 120
Fans SRX240 PowerSupply fan 1
OK
Spinning at normal
SRX240 PowerSupply fan 2
OK
Spinning at normal
SRX240 CPU fan 1
OK
Spinning at normal
SRX240 CPU fan 2
OK
Spinning at normal
SRX240 IO fan 1
OK
Spinning at normal
SRX240 IO fan 2
OK
Spinning at normal
Power Power Supply 0
OK

degrees F
degrees F
speed
speed
speed
speed
speed
speed

Question:

What is the temperature and status of the Routing Engine (RE)?

____________________________________________________________________________

Answer:

Your details might vary. The sample capture shows a temperature of 49

degrees Celsius and a status of OK.

Question:

Name another show chassis command that displays the RE temperature.

(Hint: Use the ?.)
____________________________________________________________________________

Answer:

As the following capture shows, the show chassis routing-engine command

displays the RE temperature as well as other RE-specific details.

admin@SRXP> show chassis routing-engine

Routing Engine status:
Temperature
49 degrees C / 120 degrees F
CPU temperature
48 degrees C / 118 degrees F
Total memory
1024 MB Max 655 MB used ( 64 percent)
Control plane memory
560 MB Max 370 MB used ( 66 percent)
Data plane memory
464 MB Max 283 MB used ( 61 percent)
CPU utilization:
Page 6

IJOS Lab Guide

User
Background
Kernel
Interrupt
Idle
Model
Serial ID
Start time
Uptime
Last reboot reason
Load averages:

5
0
1
0
94

percent
percent
percent
percent
percent
RE-SRX240H
AAAL3327
2012-05-05 17:47:27 CST
2 hours, 36 minutes, 8 seconds
0x200:normal shutdown
1 minute 5 minute 15 minute
0.21
0.13
0.09

Step 1.9
Issue the show chassis temperature-thresholds command
admin@SRXP> show chassis temperature-thresholds
Fan speed
Yellow alarm
Red alarm
Fire Shutdown
(degrees C)
(degrees C)
(degrees C)
(degrees C)
Item
Normal High Normal Bad fan Normal Bad fan
Normal
Chassis default
35
45
50
40
75
65
100
Routing Engine
35
45
50
40
75
65
10

Question:

At what temperature is a red alarm generated for the RE?

____________________________________________________________________________

Answer:

Assuming the fans are operational, the system raises a red alarm when the RE
reaches 75 degrees Celsius. These threshold values can vary between different
Junos devices.

Step 1.10
View details about your systems hardware components using the show chassis
hardware command.
admin@SRXP> show chassis hardware
Hardware inventory:
Item
Version Part number Serial number
Chassis
AG3809AA0008
Routing Engine REV 36 750-021793 AAAL3327
FPC 0
PIC 0
Page 7

Description
SRX240H
RE-SRX240H
FPC
16x GE Base PIC

IJOS Lab Guide

Power Supply 0

Question:

What is the chassis serial number for your SRX device??

____________________________________________________________________________

Answer:

The answer will vary depending on your assigned device. In the example, the
chassis serial number is AG3809AA0008

Step 1.11
Issue the show interface terse command to quickly verify the administrative and link
state for your devices interfaces.
admin@SRXP> show interfaces terse
Interface
Admin Link Proto
Local
ge-0/0/0
up
down
gr-0/0/0
up
up
ip-0/0/0
up
up
lsq-0/0/0
up
up
lt-0/0/0
up
up
mt-0/0/0
up
up
sp-0/0/0
up
up
sp-0/0/0.0
up
up inet
sp-0/0/0.16383
up
up inet
10.0.0.1
10.0.0.6
128.0.0.1
128.0.0.6
ge-0/0/1
up
up
ge-0/0/2
up
up
ge-0/0/2.0
up
up inet
192.168.P.2/24
ge-0/0/3
up
up
ge-0/0/3.0
up
up inet
172.16.P.1/24
ge-0/0/4
up
down
ge-0/0/5
up
up
ge-0/0/5.0
up
up inet
10.0.P.1/24
ge-0/0/6
up
down
ge-0/0/7
up
up
ge-0/0/8
up
up
ge-0/0/9
up
up
ge-0/0/10
up
up
ge-0/0/11
up
up
ge-0/0/12
up
up
ge-0/0/13
up
up
ge-0/0/14
up
up
Page 8

Remote

-->
-->
-->
-->

10.0.0.16
0/0
128.0.1.16
0/0

IJOS Lab Guide

ge-0/0/15
fxp2
fxp2.0
gre
ipip
irb
lo0
lo0.16384
lo0.16385

up
up
up
up
up
up
up
up
up

up
up
up
up
up
up
up
up
up

lo0.32768
lsi
mtun
pimd
pime
pp0
ppd0
ppe0
st0
tap
vlan

up
up
up
up
up
up
up
up
up
up
up

up
up
up
up
up
up
up
up
up
up
up

tnp

0x1

inet
inet

127.0.0.1
10.0.0.1
10.0.0.16
128.0.0.1
128.0.0.4
128.0.1.16

-->
-->
-->
-->
-->
-->

0/0
0/0
0/0
0/0
0/0
0/0

Question:

What are the Admin and Link states for all configured interfaces?
____________________________________________________________________________

Answer:

All configured interfaces should show Admin and Link states of up. If your
output shows otherwise, please contact your instructor.

Step 1.12
Issue the show interfaces ge-0/0/5 extensive command and answer the questions that
follow:
admin@SRXP> show interfaces ge-0/0/5 extensive
Physical interface: ge-0/0/5, Enabled, Physical link is Up
Interface index: 139, SNMP ifIndex: 512, Generation: 142
Description: INSIDE INTERFACE
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 100mbps,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled,
Remote fault: Online
Page 9

IJOS Lab Guide

Device flags : Present Running

Interface flags: SNMP-Traps Internal: 0x0
Link flags
: None
CoS queues
: 8 supported, 8 maximum usable queues
Hold-times
: Up 0 ms, Down 0 ms
Current address: 00:26:88:e1:60:05, Hardware address: 00:26:88:e1:60:05
Last flapped : 2012-05-05 17:50:22 CST (02:45:31 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes :
329585
232 bps
Output bytes :
93202
0 bps
Input packets:
4840
0 pps
Output packets:
857
0 pps
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0,
L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0,
FIFO errors: 0, Resource errors: 0
Output errors:
Carrier transitions: 1, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0,
FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0
Egress queues: 8 supported, 4 in use
Queue counters:
Queued packets Transmitted packets
Dropped packets
0 best-effort
595
595
0
1 expedited-fo
0
0
0
2 assured-forw
0
0
0
3 network-cont
257
257
0
Queue number:
Mapped forwarding classes
0
best-effort
1
expedited-forwarding
2
assured-forwarding
3
network-control
Active alarms : None
Active defects : None
<Output Omitted>
Logical interface ge-0/0/5.0 (Index 82) (SNMP ifIndex 542) (Generation 147)
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Traffic statistics:
Input bytes :
662042
Output bytes :
75242
Input packets:
4840
Output packets:
857
<Output Omitted>

Page 10

IJOS Lab Guide

Question:

What is the SNMP ifIndex for ge-0/0/5? What about for ge-0/0/5.0?
____________________________________________________________________________

Answer:

The SNMP ifIndex values vary between student devices. In the example, the
SNMP ifIndex for ge-0/0/5 and ge-0/0/5.0 are 512 and 542, respectively.

Question:

What is the current hardware address for the ge-0/0/5 interface?

____________________________________________________________________________

Answer:

The current hardware address for the ge-0/0/5 interface varies between
student devices. In the example, the current hardware address is
00:26:88:e1:60:05.

Question:

Does the ge-0/0/5 interface show any input errors?

____________________________________________________________________________

Answer:

Although it is possible that input errors exist, the answer to this question
should typically be no.

Question:

Does the ge-0/0/5 interface show input and output traffic statistics? How are
those statistics counted?
____________________________________________________________________________

Answer:

The interface should show input and output traffic statistics. The system counts
traffic statistics as both bytes and packets as shown in the sample capture.

Step 1.13
Issue the clear interfaces statistics ge-0/0/5 command followed by the show
interfaces ge-0/0/5 extensive | find "traffic" command.
admin@SRXP> clear interfaces statistics ge-0/0/5
admin@SRXP> show interfaces ge-0/0/5 extensive | find "traffic"
Traffic statistics:
Input bytes :
0
0 bps
Output bytes :
0
0 bps
Page 11

IJOS Lab Guide

Input packets:
0
0 pps
Output packets:
0
0 pps
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0,
L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0,
FIFO errors: 0, Resource errors: 0
Output errors:
Carrier transitions: 0, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0,
FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0
Egress queues: 8 supported, 4 in use
Queue counters:
Queued packets Transmitted packets
Dropped packets
0 best-effort
0
0
0
1 expedited-fo
0
0
0
2 assured-forw
0
0
0
3 network-cont
0
0
0
Queue number:
Mapped forwarding classes
0
best-effort
1
expedited-forwarding
2
assured-forwarding
3
network-control
---(more)---

Question:

Were the statistics for the ge-0/0/5 interface successfully cleared?

____________________________________________________________________________

Answer:

Although your statistics might not show all zeros, as the sample capture does,
the interface statistics should clear

Part 2: Using Network Utilities and Monitoring Traffic.

Step 2.1
From your SRX device ping the REMOTE-P server(172.26.26.P), specify a data size of
500 bytes. Ensure that the ping is continuous.
Note: If you are not receiving ICMP echo replies from the REMOTE-P server, notify your
instructor.
admin@SRXP> ping 172.26.26.P size 500
PING 172.26.26.P (172.26.26.P): 500 data bytes
Page 12

IJOS Lab Guide

508
508
508
508
508
508
508
508

bytes
bytes
bytes
bytes
bytes
bytes
bytes
bytes

from
from
from
from
from
from
from
from

172.26.26.P:
172.26.26.P:
172.26.26.P:
172.26.26.P:
172.26.26.P:
172.26.26.P:
172.26.26.P:
172.26.26.P:

icmp_seq=0
icmp_seq=1
icmp_seq=2
icmp_seq=3
icmp_seq=4
icmp_seq=5
icmp_seq=6
icmp_seq=7

ttl=127
ttl=127
ttl=127
ttl=127
ttl=127
ttl=127
ttl=127
ttl=127

time=4.105
time=2.182
time=2.064
time=1.781
time=2.030
time=1.886
time=1.924
time=1.895

ms
ms
ms
ms
ms
ms
ms
ms

<Output Omitted>

Question:

Which command option do you use to make the ping continuous?

____________________________________________________________________________

Answer:

As shown in the sample output, you do not need an extra command option to
make the ping continuous. Echo requests send continuously by default. You
can use the count option to send a defined amount of packets.

Note: You can stop the ping operation by using the Ctrl+c keystroke combination. You
should, however, let the ping operation continue at this time for the subsequent
monitoring step.

From INSIDE-PA PC, open a new terminal session to your SRX device. Use Telnet to access
the INSIDE IP address(10.0.P.1), log in with the admin user. You will use this separate terminal
session to monitor ping traffic generation.

Step 2.2
Use the monitor traffic interface ge-0/0/2 command to begin monitoring the ge0/0/2 INSIDE interface.
Note: You can stop the monitoring operation by using the Ctrl+c keystroke combination.
You can also increase the capture size using the size option to avoid truncated packets

Page 13

IJOS Lab Guide

Question:

Does the capture display ICMP traffic?

____________________________________________________________________________

Answer:

Yes, you should see ICMP echoes and replies from your ping operation,
amongst other traffic .

Question:

How can you filter the output to show only the ICMP traffic?
____________________________________________________________________________

Answer:

Use the matching option to filter by header information in the output .

Page 14

IJOS Lab Guide

Question:

What command option allows you to view source and destination MAC
addresses for the captured packets?
____________________________________________________________________________

Answer:

Include the layer2-headers option to view Layer 2 header information,

including the source and destination MAC addresses as shown.

Note: The monitor traffic command captures only packets that are local to the device. It does
Page 15

IJOS Lab Guide

not capture transit packets.

Step 2.3
In preparation for the next lab part, stop both the ping and monitor operations using
the Ctrl+c keystroke combination, and close the extra terminal session that you
opened

Part 3: Recovery the Root Password.

Step 3.1
Using a terminal session connected to the console port, reboot the system. Enter yes to
authorize the reboot. Watch for the following message and press the Spacebar when
prompted
admin@SRXP> request system reboot
Reboot the system ? [yes,no] (no) yes
Shutdown NOW!
[pid 6414]
admin@SRXP>
*** FINAL System shutdown message from admin@SRXP ***
System going down IMMEDIATELY

MWaiting (max 60 seconds) for system process `vnlru' to

Waiting (max 60 seconds) for system process `vnlru_mem'
Waiting (max 60 seconds) for system process `bufdaemon'
Waiting (max 60 seconds) for system process `syncer' to
Syncing disks, vnodes remaining...0 0 0 done
syncing disks... All buffers synced.
Uptime: 3h41m1s
Rebooting...
cpu_reset: Stopping other CPUs

Page 16

stop...done
to stop...done
to stop...done
stop...

IJOS Lab Guide

U-Boot 1.1.6-JNPR-2.1 (Build time: Jul 4 2011 - 03:55:46)

SRX_240_HIGHMEM board revision major:0, minor:36, serial #: AAAL3327
OCTEON CN5230R-SCP pass 2.0, Core clock: 600 MHz, DDR clock: 333 MHz (666 Mhz data rate)
DRAM: 1024 MB
Starting Memory POST...
Checking datalines... OK
Checking address lines... OK
Checking 512K memory for U-Boot... OK.
Running U-Boot CRC Test... OK.
Flash: 4 MB
USB: scanning bus for devices...
Root Hub 0: 3 USB Device(s) found
Root Hub 1: 1 USB Device(s) found
scanning bus for storage devices... 1 Storage Device(s) found
Clearing DRAM........ done
BIST check passed.
1:00:00.0 Vendor/Device ID = 0x811210b5
1:01:07.0 Vendor/Device ID = 0xc72414e4
Boot Media: nand-flash usb
Net: octeth0
POST Passed
Press SPACE to abort autoboot in 1 seconds
ELF file is 32 bit
Loading .text @ 0x8f000078 (245596 bytes)
Loading .rodata @ 0x8f03bfd4 (13940 bytes)
Loading .rodata.str1.4 @ 0x8f03f648 (16648 bytes)
Loading set_Xcommand_set @ 0x8f043750 (100 bytes)
Loading .rodata.cst4 @ 0x8f0437b4 (20 bytes)
Loading .data @ 0x8f044000 (5608 bytes)
Loading .data.rel.ro @ 0x8f0455e8 (120 bytes)
Loading .data.rel @ 0x8f045660 (136 bytes)
Clearing .bss @ 0x8f0456e8 (11656 bytes)
## Starting application at 0x8f000078 ...
Consoles: U-Boot console
Found compatible API, ver. 2.1
FreeBSD/MIPS U-Boot bootstrap loader, Revision 2.1
(builder@chamuth.juniper.net, Mon Jul 4 03:14:10 UTC 2011)
Memory: 1024MB
[0]Booting from nand-flash slice 1
Un-Protected 1 sectors
writing to flash...
Protected 1 sectors
Page 17

IJOS Lab Guide

Loading /boot/defaults/loader.conf
/kernel data=0xae0e24+0x133964 syms=[0x4+0x89cb0+0x4+0xc7a56]

Hit [Enter] to boot immediately, or space bar for command prompt.

Type '?' for a list of commands, 'help' for more detailed help.
loader>

Step 3.2
At the prompt, first disable the watchdog process by using the watchdog disable
command. Secondly, type boot -s and press Enter to boot the Junos OS in single-user
mode.
loader> watchdog disable
loader> boot -s
Kernel entry at 0x801000d8 ...
init regular console
Primary ICache: Sets 64 Size 128 Asso 4
Primary DCache: Sets 1 Size 128 Asso 64
Secondary DCache: Sets 512 Size 128 Asso 8
GDB: debug ports: uart
GDB: current port: uart
KDB: debugger backends: ddb gdb
KDB: current backend: ddb
Copyright (c) 1996-2012, Juniper Networks, Inc.
All rights reserved.
Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
<Output Omitted>
Trying to mount root from ufs:/dev/da0s1a
Attaching /cf/packages/junos via /dev/mdctl...
Mounted junos package on /dev/md0...
Booting single-user
** /dev/da0s1a
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 69624 free (40 frags, 8698 blocks, 0.0% fragmentation)
System watchdog timer disabled
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh:
Page 18

IJOS Lab Guide

Step 3.3
When prompted to enter a pathname for shell or recovery for root password recovery,
type recovery and press Enter.
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh:
recovery
Performing system setup ...
Checking integrity of BSD labels:
s1: Passed
s2: Passed
s3: Passed
s4: Passed
** /dev/bo0s3e
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 12416 free (16 frags, 1550 blocks, 0.1% fragmentation)
** /dev/bo0s3f
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 171911 free (151 frags, 21470 blocks, 0.1% fragmentation)
Checking integrity of licenses:
JUNOS345637.lic: No recovery data
JUNOS345638.lic: No recovery data
JUNOS345639.lic: No recovery data
JUNOS345640.lic: No recovery data
JUNOS387415.lic: No recovery data
JUNOS387416.lic: No recovery data
JUNOS387417.lic: No recovery data
JUNOS387418.lic: No recovery data
JUNOS387419.lic: No recovery data
Checking integrity of configuration:
rescue.conf.gz: No recovery data
Loading configuration ...
mgd: commit complete
Setting initial options: .
Starting optional daemons: usbd.
Doing initial network setup:.
Initial interface configuration:
additional daemons: eventd.
Additional routing options:kern.module_path: /boot//kernel;/boot/modules ->
/boot/modules;/modules/ifpfe_drv;kldload: Unsupported file type
/modules;
kld netpfe drv: ifpfed_dialer.
Doing additional network setup: ntpdate.
Starting final network daemons:.
Page 19

IJOS Lab Guide

setting ldconfig path: /usr/lib /opt/lib

starting standard daemons: cron.
Initial rc.mips initialization:.
Local package initialization:.
starting local daemons:.
Creating JAIL MFS partition...
JAIL MFS partition created
boot.upgrade.uboot="0xBFC00000"
boot.upgrade.loader="0xBFE00000"
Boot media /dev/da0 has dual root support
** /dev/da0s2a
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 70193 free (9 frags, 8773 blocks, 0.0% fragmentation)
Sat May 5 21:35:28 CST 2012
Running recovery script ...
machdep.bootsuccess: 1 -> 1
Performing initialization of management services ...
Performing checkout of management services ...
NOTE:
NOTE:
NOTE:
NOTE:
NOTE:
NOTE:
NOTE:
NOTE:
NOTE:
NOTE:
NOTE:

Once in the CLI, you will need to enter configuration mode using
the 'configure' command to make any required changes. For example,
to reset the root password, type:
configure
set system root-authentication plain-text-password
(enter the new password when asked)
commit
exit
exit
When you exit the CLI, you will be asked if you want to reboot
the system

Starting CLI ...

root@SRXP>

Step 3.4
Once the prompt is available, enter configuration mode and set a new root password of
juniper123. Commit the configuration. After you exit out of configuration mode and
exit out of operational mode, the software prompts you about rebooting. Type y and
press Enter to reboot the system.
root@SRXP> configure
Page 20

IJOS Lab Guide

Entering configuration mode

[edit]
root@SRXP# set system root-authentication plain-text-password
New password: juniper123
Retype new password: juniper123
[edit]
root@SRXP# commit
commit complete
[edit]
root@SRXP# exit
Exiting configuration mode
root@SRXP> exit
Reboot the system? [y/n] y
Terminated
Waiting (max 60 seconds) for system
Waiting (max 60 seconds) for system
Waiting (max 60 seconds) for system
Waiting (max 60 seconds) for system
Syncing disks, vnodes remaining...0

process `vnlru' to stop...done

process `vnlru_mem' to stop...done
process `bufdaemon' to stop...done
process `syncer' to stop...
0 0 done

<Output Omitted>
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 70193 free (9 frags, 8773 blocks, 0.0% fragmentation)
Sat May 5 21:43:01 CST 2012
SRXP (ttyu0)
login:

Step 3.5
Once the system boots, verify the root password recovery by logging in with the new
root password.
SRXP (ttyu0)
login: root
Password: juniper123
Page 21

IJOS Lab Guide

--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC

root@SRXP%

Question:

Were you successfully authenticated using the new root password?

____________________________________________________________________________

Answer:

You should now be successfully authenticated as root using the new root
password. This successful authentication verifies that the access recovery
process worked.

Step 3.6
Log out and Log in as admin user..
root@SRXP% exit
logout
SRXP (ttyu0)
login: admin
Password: juniper123
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
admin@SRXP>

Step 3.7
Save the current configuration to admins home directory.
admin@SRXP> file list
/cf/var/home/admin/:
.ssh/
IJOS.LAB1
IJOS.LAB2
IJOS.LAB3
admin@SRXP> configure
Entering configuration mode
[edit]
Page 22

IJOS Lab Guide

admin@SRXP# save IJOS.LAB4

Wrote 146 lines of configuration to 'IJOS.LAB4'
[edit]
admin@SRXP# run file list
/cf/var/home/admin/:
.ssh/
IJOS.LAB1
IJOS.LAB2
IJOS.LAB3
IJOS.LAB4

By saving your current configuration, you are able to rollback at anytime.

For Example:
[edit]
admin@SRXP# load override IJOS.LAB4
load complete
[edit]
admin@SRXP# commit
commit complete

Tell your instructor that you have completed this lab.

Page 23