Resetting the Configuration of a SRX220

I’m trying to do only the minimal amount via Minicom to get the SRX220 up and running. The goal is to then do the remainder of the work via Ansible.  These are my notes on resetting the device back to an initial configuration.

Following the guide here: https://www.juniper.net/documentation/en_US/release-independent/junos/topics/task/configuration/services-gateway-srx220-configuring-with-cli.html

To start with, I powered on an logged in with the machine in its old configuration. I pressed and held the config-reset buttong for 15 seconds until I got the message:

Broadcast Message from root@arceus
(no tty) at 17:26 UTC...

Config button pressed

Committing factory default configuration

And then I pressed and held the power button for 15 seconds to reboot the machine. At the end of the boot process is see:

Amnesiac (ttyu0)                                                                
                                                                                
login: 

Which indicates the hostname has been reset. A good sign. Accordign to the docs I can sign in with root and no password:

But, it seems my old password is still set, and I can log in as the admin account.  I log in as admin, and see if the current configuration is valid.

 

admin> configure shared 
Entering configuration mode 
The configuration has been changed but not committed 
 
{hold:node0}[edit] 
admin# commit 
[edit] 
'system' 
Missing mandatory statement: 'root-authentication' 
error: commit failed: (missing statements) 
 
{hold:node0}[edit] 
admin#

So it seems it does not like what I have:  let me try resetting the admin account:

Set that:

admin# set system root-authentication plain-text-password 
New password: 
Retype new password: 
 
{hold:node0}[edit] 
admin# commit

And that fails with an error I expect:

[edit interfaces] 
'ge-0/0/6' 
HA management port cannot be configured 
error: configuration check-out failed 
 
{hold:node0}[edit]

In its default set up, it is looking for clustering support on the last two interfaces:  ge-0/0/6 and 7.

Delete the two ge interfaces:

{hold:node0}[edit]
admin# delete interfaces ge-0/0/6
 
{hold:node0}[edit]
admin# delete interfaces ge-0/0/7

And then commit.  And it works.  But this seems suboptimal.  I wonder if I can recreate them.  Power cycle the machine to check the state:

I can now log in as root with the password I set above.  So my changes “took.”

set system host-name arceus.home.younglogic.net
 
set system login user admin class super-user authentication plain-text-password
 
set system login user admin class super-user authentication ssh-rsa "ssh-rsa {key}"
 
set system login user ansible class super-user authentication ssh-rsa "ssh-rsa {key}"
 
set system services netconf ssh

For communication between the router and the jump host, I am going to use the default subnet:

192.168.1.0/24

The cable that connects my Jump Host to the SRX 220 is on Port 0/0/1 (numbering starts at 0 on the left). Running:

show config | match "set system services" | display set

returns

set system services ssh
set system services telnet
set system services xnm-clear-text
set system services web-management http interface vlan.0
set system services web-management https system-generated-certificate
set system services web-management https interface vlan.0
set system services dhcp router 192.168.1.1
set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2
set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.254
set system services dhcp propagate-settings ge-0/0/0.0

I have to manually set the IP address for the Jump Host Interface:

$ cat /etc/sysconfig/network-scripts/ifcfg-enp3s0 
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
#BOOTPROTO=dhcp
BOOTPROTO=static
IPADDR=192.168.1.10
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp3s0
UUID=81d49a60-6c61-4764-83c7-c46a5ddc3c8c
DEVICE=enp3s0
ONBOOT=yes

And I can now ping the machine.

To SSH to the machine:

[ayoung@dialga aj]$ ssh -i ~/keys/id_rsa admin@192.168.1.1 
--- JUNOS 12.1X46-D55.3 built 2016-07-08 18:46:54 UTC
{primary:node0}

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.