Resetting the Configuration of a SRX220

I’m trying to do only the minimal amount via Minicom to get the SRX220 up and running. The goal is to then do the remainder of the work via Ansible.  These are my notes on resetting the device back to an initial configuration.

Following the guide here:

To start with, I powered on an logged in with the machine in its old configuration. I pressed and held the config-reset buttong for 15 seconds until I got the message:

Broadcast Message from root@arceus
(no tty) at 17:26 UTC...

Config button pressed

Committing factory default configuration

And then I pressed and held the power button for 15 seconds to reboot the machine. At the end of the boot process is see:

Amnesiac (ttyu0)                                                                

Which indicates the hostname has been reset. A good sign. Accordign to the docs I can sign in with root and no password:

But, it seems my old password is still set, and I can log in as the admin account.  I log in as admin, and see if the current configuration is valid.


admin> configure shared 
Entering configuration mode 
The configuration has been changed but not committed 
admin# commit 
Missing mandatory statement: 'root-authentication' 
error: commit failed: (missing statements) 

So it seems it does not like what I have:  let me try resetting the admin account:

Set that:

admin# set system root-authentication plain-text-password 
New password: 
Retype new password: 
admin# commit

And that fails with an error I expect:

[edit interfaces] 
HA management port cannot be configured 
error: configuration check-out failed 

In its default set up, it is looking for clustering support on the last two interfaces:  ge-0/0/6 and 7.

Delete the two ge interfaces:

admin# delete interfaces ge-0/0/6
admin# delete interfaces ge-0/0/7

And then commit.  And it works.  But this seems suboptimal.  I wonder if I can recreate them.  Power cycle the machine to check the state:

I can now log in as root with the password I set above.  So my changes “took.”

set system host-name
set system login user admin class super-user authentication plain-text-password
set system login user admin class super-user authentication ssh-rsa "ssh-rsa {key}"
set system login user ansible class super-user authentication ssh-rsa "ssh-rsa {key}"
set system services netconf ssh

For communication between the router and the jump host, I am going to use the default subnet:

The cable that connects my Jump Host to the SRX 220 is on Port 0/0/1 (numbering starts at 0 on the left). Running:

show config | match "set system services" | display set


set system services ssh
set system services telnet
set system services xnm-clear-text
set system services web-management http interface vlan.0
set system services web-management https system-generated-certificate
set system services web-management https interface vlan.0
set system services dhcp router
set system services dhcp pool address-range low
set system services dhcp pool address-range high
set system services dhcp propagate-settings ge-0/0/0.0

I have to manually set the IP address for the Jump Host Interface:

$ cat /etc/sysconfig/network-scripts/ifcfg-enp3s0 

And I can now ping the machine.

To SSH to the machine:

[ayoung@dialga aj]$ ssh -i ~/keys/id_rsa admin@ 
--- JUNOS 12.1X46-D55.3 built 2016-07-08 18:46:54 UTC

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.