Tuesday, March 29, 2011

Juniper: How to reset to factory default a SRX

SRX: different way to reset to factory-default

so, you may know the standard way, the teached way, i mean pushing during 15 secondes the reset micro-button. This method work fine on J-series, but not on somes SRX, not on MX series...

so, i will try to write down somes of the method i used to reset to factory default the juniperdevices.

Factory Default, really ?

First, i need, we need to define what exactly is a factory-default reset. Is it just putting back the configuration to its initial state ? just this ? and what do you do with all the logs files ? the debug files ? the configurations saved ?

It is a security breach to lets everything inside the box, so putting a device back to the factory-default state is not just the configuration, it is mainly everything, even the ssh key: we want to generate a new one, because the old is not trusted anymore.

Lets start.

Loose the root password.
the common process is the boot in single user mode:

at the boot, after the u-boot, when the bootstrap is loaded, you can hit the spacebar:

Hit [Enter] to boot immediately, or space bar for command prompt.
so you should see:

FreeBSD/MIPS U-Boot bootstrap loader, Revision 1.5
(builder@ormonth.juniper.net, Fri Oct  9 10:55:15 UTC 2009)
Memory: 1024MB
[0]Booting from nand-flash slice 2
Un-Protected 1 sectors
writing to flash...
Protected 1 sectors
Loading /boot/defaults/loader.conf
/kernel data=0x97d8ac+0xd70d0 syms=[0x4+0x79c50+0x4+0xadd2e]

Hit [Enter] to boot immediately, or space bar for command prompt.

Loader> watchdog disable
Loader> boot –s
root@host% cli
root@host> edit
root@host# set system root-authentication plain-text-password
New password: juniper1
Retype new password: juniper1
root@host# commit
commit complete
root@host# run request system reboot
Reboot the system ? [yes,no] (no) yes

Root passwd on SRX Platform
on SRX Branch platforms and JUNOS 10.0R1 or later, there is a condition in which the password recovery process does not work. After issuing recovery command, system never reaches the point where root password can be changed. System reboots instead. So we need to apply a specific procedure to recover root password for SRX Branch devices running on Junos version 10.0R1 or later. This involves disabling watchdog functionality to allow for system to properly boot into single-user mode.


Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [kernel] in 9 seconds...
Loader> watchdog disable
Loader> boot –s

change the root passwd, reboot, and don't forget to enable the watchdog, and boot in normal mode


Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [kernel] in 9 seconds...
Loader> watchdog enable
Loader> boot

Damned, HA is enabled

If you're lucky, your device is in master mode, so you can just diasble the HA:

root@titi> set chassis cluster disable reboot
Successfully disabled chassis cluster. Going to reboot now

But if you're not, lucky i mean, your device is on hold, and you're trying to reset the root passwd on single user mode, but you can't:

Starting CLI ...
root> edit
warning: Clustering enabled; using private edit
error: shared configuration database modified

Please temporarily use 'configure shared' to commit
outstanding changes in the shared database, exit,
and return to configuration mode using 'configure'


Ok, so deleting all the interfaces in the configuration seems to allow me to finally commit.

Then reboot and disable the cluster :

root@>set chassis cluster disable

TRUE Factory default

so, to delete all the logs, the dumps, the rollback, the root password in the factory-default config, and even to reset the host ssh key, you need to zeroize the device:

root> request system zeroize
warning: System will be rebooted and may not boot without configuration
Erase all data, including configuration and log files? [yes,no] (no) yes

warning: zeroizing re0


Local package initialization:.
starting local daemons:.
kern.securelevel: -1 -> 1
Creating JAIL MFS partition...
JAIL MFS partition created

Database Initialization Utility
RDM Embedded 7 [04-Aug-2006] http://www.birdstep.com
Copyright (c) 1992-2006 Birdstep Technology, Inc.  All Rights Reserved.

secdb initialized

Database Initialization Utility
RDM Embedded 7 [04-Aug-2006] http://www.birdstep.com
Copyright (c) 1992-2006 Birdstep Technology, Inc.  All Rights Reserved.

dfacache initialized

Boot media /dev/da0 has dual root support
** /dev/da0s2a
clean, 58564 free (44 frags, 7315 blocks, 0.0% fragmentation)
Tue Mar 29 14:41:31 UTC 2011

Amnesiac (ttyu0)

login: root

--- JUNOS 10.2R3.10 built 2010-10-16 20:36:59 UTC


EX series TIPS
sometimes, your switch can be in the linecard state, which means that there is no routing engine running in it. So you first need to enable one.
Example off linecard prompt:
root@:LC:0% cli
To enabled the RE mode:

root> request virtual-chassis reactivate

This member split from a virtual chassis. Please make sure that no active
switch belonging to this virtual chassis has conflicting configuration.

Do you want to continue ? [yes,no] (no) yes

Amnesiac (ttyu0)

Amnesiac (ttyu0)

Amnesiac (ttyu0)


so now you can configure the switch.


MEMBER-ID is not 0
so, if your switch was member of a virtual-chassis, and it member-id was from 1 to 9, you can't let it as is, because all your interfafce configuration that belongs to ge-0/0/0-47 won't be enabled...
So you need to renumber your device:

root> request virtual-chassis renumber new-member-id 0 member-id 1

Note: change 1 with your actual id.

prompt changed:


That's all for the moment.


Anonymous said...

This article was vey helpful to me. It helped me to be informed and more aware. The details were such a blessing, thanks.

online pharmacy

Anonymous said...

found your site on del.icio.us today and really liked it.. i bookmarked it and will be back to check it out some more later

online pharmacy

Anonymous said...

Great work keep it coming, best blog on earth


Anonymous said...

This blog is bookmarked! I really love the stuff you have put here.

cheap nolvadex

Unknown said...

My company purchased two MX80s and neither unit has the internal NAND flash installed on the board.
I have been trying to find out what the part number for these little guys is without any luck.
According to one Juniper site that a co-worker of mine found there is no juniper part number for them. The most that I have been able to find is that the MX80 is suppose to have two 4GB internal NAND flash. So with that said would anyone happen to know what the manufacture's part number is for the internal NAND flash that is suppose to be in MX80s?

Unknown said...

it is very very useful to me , thanks.