I’m trying to do only the minimal amount via Minicom to get the SRX220 up and running. The goal is to then do the remainder of the work via Ansible. These are my notes on resetting the device back to an initial configuration.
Following the guide here: https://www.juniper.net/documentation/en_US/release-independent/junos/topics/task/configuration/services-gateway-srx220-configuring-with-cli.html
To start with, I powered on an logged in with the machine in its old configuration. I pressed and held the config-reset buttong for 15 seconds until I got the message:
Broadcast Message from root@arceus (no tty) at 17:26 UTC... Config button pressed Committing factory default configuration
And then I pressed and held the power button for 15 seconds to reboot the machine. At the end of the boot process is see:
Amnesiac (ttyu0)
login:
Which indicates the hostname has been reset. A good sign. Accordign to the docs I can sign in with root and no password:
But, it seems my old password is still set, and I can log in as the admin account. I log in as admin, and see if the current configuration is valid.
admin> configure shared Entering configuration mode The configuration has been changed but not committed {hold:node0}[edit] admin# commit [edit] 'system' Missing mandatory statement: 'root-authentication' error: commit failed: (missing statements) {hold:node0}[edit] admin# |
So it seems it does not like what I have:Â let me try resetting the admin account:
Set that:
admin# set system root-authentication plain-text-password New password: Retype new password: {hold:node0}[edit] admin# commit |
And that fails with an error I expect:
[edit interfaces] 'ge-0/0/6' HA management port cannot be configured error: configuration check-out failed {hold:node0}[edit] |
In its default set up, it is looking for clustering support on the last two interfaces:Â ge-0/0/6 and 7.
Delete the two ge interfaces:
{hold:node0}[edit] admin# delete interfaces ge-0/0/6 {hold:node0}[edit] admin# delete interfaces ge-0/0/7 |
And then commit. And it works. But this seems suboptimal. I wonder if I can recreate them. Power cycle the machine to check the state:
I can now log in as root with the password I set above. So my changes “took.”
set system host-name arceus.home.younglogic.net set system login user admin class super-user authentication plain-text-password set system login user admin class super-user authentication ssh-rsa "ssh-rsa {key}" set system login user ansible class super-user authentication ssh-rsa "ssh-rsa {key}" set system services netconf ssh |
For communication between the router and the jump host, I am going to use the default subnet:
192.168.1.0/24 |
The cable that connects my Jump Host to the SRX 220 is on Port 0/0/1 (numbering starts at 0 on the left). Running:
show config | match "set system services" | display set |
returns
set system services ssh set system services telnet set system services xnm-clear-text set system services web-management http interface vlan.0 set system services web-management https system-generated-certificate set system services web-management https interface vlan.0 set system services dhcp router 192.168.1.1 set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2 set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.254 set system services dhcp propagate-settings ge-0/0/0.0 |
I have to manually set the IP address for the Jump Host Interface:
$ cat /etc/sysconfig/network-scripts/ifcfg-enp3s0 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no #BOOTPROTO=dhcp BOOTPROTO=static IPADDR=192.168.1.10 PREFIX=24 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=enp3s0 UUID=81d49a60-6c61-4764-83c7-c46a5ddc3c8c DEVICE=enp3s0 ONBOOT=yes |
And I can now ping the machine.
To SSH to the machine:
[ayoung@dialga aj]$ ssh -i ~/keys/id_rsa admin@192.168.1.1 --- JUNOS 12.1X46-D55.3 built 2016-07-08 18:46:54 UTC {primary:node0} |