Thursday, 25 October 2012

Junos : How to recover root password for Junos

  1. Reboot the system
  2. From console, interrupt the boot routine:
            Hit [Enter] to boot immediately, or any other key for command prompt.
        Booting [kernel] in 9 seconds...
 
        < Press the space bar at this point >
  3. Enter into single-user mode: 
            Type '?' for a list of commands, 'help' for more detailed help.
        ok  boot -s
  4. If you have the following system output, enter recovery, hit enter and skip to step 8.

    Otherwise continue with next step.
            System watchdog timer disabled
        Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery
  5. Enter the shell: 
            System watchdog timer disabled
        Jan  1 00:36:47 init: /etc/spwd.db: No such file or directory
        Enter full pathname of shell or RETURN for /bin/sh:
  6. Mount the virtual file systems. (Note that it is not necessary to mount the jbase package; however the other packages still need to be mounted): 
            NOTE: to go to multi-user operation, exit the single-user shell (with ^D)
        # cd /packages
        # ./mount.jbase
        Mounted jbase package on /dev/vn1...
        # ./mount.jkernel
        Mounted jkernel package on /dev/vn2...
        # ./mount.jroute
        Mounted jroute package on /dev/vn3...
  7. Enter recovery mode: 
            # /usr/libexec/ui/recovery-mode
  8. Enter configuration mode and change the root authentication password:
            root> configure 
        Entering configuration mode
 
        [edit]
        root# set system root-authentication plain-text-password    
        New password:
        Retype new password:
  9. Commit the changes, and exit configuration mode 
            [edit]
        root # commit 
        commit complete
 
        [edit]
        root@router# exit 
        Exiting configuration mode
 
        root@router> exit
  10. Exit recovery mode and enter 'y' when prompted to reboot the system: 
            Reboot the system? [y/n] y
        Terminated
    The system now reboots and changes made to root authentication are activated.
at No comments:

Saturday, 20 October 2012

Junos: Basic Command

Version and Version Detail

show version: Lists which version of Junos OS is running on your device. It also shows the hostname of the device and the Juniper model number.
show version detail: Shows the version of all Junos processes running on the device.

Chassis Hardware and Chassis Hardware Detail

show chassis hardware: Displays hardware inventory of the device and components installed in the device. Shows version, Juniper part number, serial number, and description of each component.
show chassis hardware detail: Displays version, part number, and serial number for all memory installed on device components.

Configuration

configure: Accesses configuration mode.
show configuration: Displays the configuration currently running (active) on the device.
commit confirmed: Activates configuration changes, but returns to previous configuration automatically if you don’t actively accept the new configuration. Use: When you’re committing a configuration that you think may lock you out of the device or otherwise disrupt access to the device, use this command to guarantee that you’ll be able to log in to the device.

Back Up and Roll Back

request system snapshot: Backs up the device’s file systems, including configurations.
rollback: Returns to the previously active device configuration.
file list detail /config and file list detail /var/db/config: Lists the backup configuration files on the device.

Interfaces

show interfaces terse: Lists all interfaces (network cards) present in the box and shows whether they’re operational (up or down) and lists IP addresses of each interface. This command shows one interface per line, so it’s easily scannable.
show interfaces: Multiline output per interface lists properties of the physical (hardware) interface, including MAC address and hardware MTU, and of the logical (unit or subinterface) interface, including protocol MTU configured protocol addresses.
show interfaces interface-name: Multiline output for a single physical interface. Shows both physical and logical interface information.
show interfaces detail, show interfaces detail interface-name, show interfaces extensive, and show interfaces extensive interface-name: Show increasingly more detailed information about all interfaces or about a specific interface. The detail version adds interface statistics, and the extensive version adds error counters. Output is long, so you generally specify an interface name.

Routing

show route: Lists the entries in all the device’s routing tables. Variants include the following:
  • show route inet.0: Lists all IPv4 routes.
  • show route inet.6l: Lists all IPv6 routes.
  • show route detail: Adds route preference, next hop, and other information.
  • show route protocol: Lists all routes learned by the specified routing protocol.
  • show route forwarding-table: Lists the entries in all the device’s forwarding tables. Use:Lets you check which active routes are actually being used to forward traffic from the device toward network destinations.
show rip neighbor: Lists the RIP routers (neighbors) in the network.
show isis interface: Lists the device’s interfaces running IS-IS.
show isis adjacency: Lists the IS-IS routers (adjacencies) in the network.
show ospf interface: Lists the device interfaces running OSPF.
show ospf neighbor: Lists the IS-IS routers (neighbors) in the network.
show bgp neighbor: Lists the BGP routers to which this device is connected.
show bgp summary: Lists BGP group, peer, and session state information.
show route protocol bgp: Lists the routes learned from BGP.

Switching

show Ethernet-switching interfaces: Lists information about the switched Ethernet interfaces.
show vlans: Lists the configured VLANs.
show virtual-chassis status: Lists the role and member ID assignments in a virtual-chassis configuration.
show spanning-tree bridge: Lists configured or calculated Spanning Tree Protocol parameters.
show spanning-tree interface: Lists configured or calculated interface-level Spanning Tree Protocol (STP) parameters.

Maintenance

show log messages: Lists the system log messages in the default syslog file messages. The syslog family monitors all system-wide operations on the device and records them to syslog files. This command displays time-stamped entries so that you can see what has occurred on the device and when it occurred. Useful for tracking down device, network, and traffic flow problems.
show system uptime: Lists how long a device has been up and running. Shows you the last time that the device was powered on, restarted, or rebooted.
at No comments:

Sunday, 14 October 2012

Junos : JTAC Recommended Junos Software Versions



SRX Series Services Gateways
Platform
JTAC Recommended Junos Software by Platform
Release Type
Last updated
SRX100
JUNOS 11.4R5.5
Standard
27 September 2012
SRX110
JUNOS 11.4R5.5
Standard
27 September 2012
SRX210 (*1)
JUNOS 11.4R5.5
Standard
27 September 2012
SRX220
JUNOS 11.4R5.5
Standard
27 September 2012
SRX240
JUNOS 11.4R5.5
Standard
27 September 2012
SRX550
JUNOS 12.1R3.5
Standard
27 September 2012
SRX650
JUNOS 11.4R5.5
Standard
27 September 2012
SRX1400 (*2)
JUNOS 10.4R11.4
Standard
27 September 2012
SRX3400
JUNOS 10.4R11.4
Standard
27 September 2012
SRX3600
JUNOS 10.4R11.4
Standard
27 September 2012
SRX5600
JUNOS 10.4R11.4
Standard
27 September 2012
SRX5800
JUNOS 10.4R11.4
Standard
27 September 2012
(*1) SRX210 recommendation includes old SRX210-B/H/H-POE platforms and new SRX210-BE/HE-HE-POE platforms.
(*2) SRX 1400 deployment as a Chassis Cluster requires version Junos 11.1 and above.
at No comments:

Thursday, 11 October 2012

Junos: RPD crash while performing PIM stress testing


Products Affected:
This issue can affect all Junos routers running Junos OS 11.1R1 or later, configured to utilize the PIM protocol.

Platforms Affected :

  • JUNOS 12.x
  • Security
  • JUNOS 11.x
  • SIRT Security Advisory 



    • PSN Issue :
    During extended stress testing of the PIM protocol, a malformed PIM Hello message triggered an RPD crash. While the crash was caused by a malformed PIM message, simply replaying the crafted packet alone does not lead to the crash. This issue affects both IPv4 PIM and IPv6 PIM.

    Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

    No other Juniper Networks products or platforms are affected by this issue.

    Solution:
    All Junos OS software releases built on or after 2012-10-05 have fixed this specific issue. Releases containing the fix specifically include: 11.4R5, 12.1R3-S2, 12.2R1-S1, and all subsequent releases (i.e. all releases built after 12.2R1-S1).

    Customers can confirm the build date of any Junos OS release by issuing the command 'show version detail'.

    This issue is being tracked as PR 792334 and is visible on the Customer Support website.

    KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.

    Workarounds
    Use access lists or firewall filters to limit access to the router via PIM only from trusted hosts.

    Solution Implementation:
    How to obtain fixed software:

    Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request. 

    While fixes were checked into all non-EOE releases, the root cause of this issue only exists in Junos OS 11.1 and later.
     
    at No comments:

    Wednesday, 10 October 2012

    Junos : Junos-Space



    Junos Space is an open, secure, and scalable software platform that allows customers, partners, and developers to build and deploy simple, smart applications that manage and analyze network element data and optimize network infrastructure and operations management.
    The Junos Space Platform allows customers to maximize their network value and scale solutions while reducing complexity. Provided with the platform is a set of robust, out-of-the-box applications that are easy to use and provide business solutions for security, mobility, the data center, and more. In addition, Junos Space offers a developer SDK for companies that want to build customized applications specific to their needs. Junos Space is the platform of choice for companies that want to extract maximum value from their network and deliver solutions that fulfill their business needs.
    Junos Space benefits include:
    • Network-wide visibility and control
    • Quick Scaling of Services
    • Insights for Extending the Platform
    • Reduced OPEX
    • Rapid Deployment of Switch, Router, and Security Infrastructure
    • Reduced time for problem identification and resolution
    Applications
    Junos Space includes applications for network infrastructure automation. Today these include: Ethernet Design, Security Design, Service Now, Service Insight, Network Activate, QoS Design and Transport Activate.
    Platform
    The Junos Platform is a layered software platform to run the network and enable applications to interact with the network from the client to cloud. Service providers and enterprises can look beyond building networks made up of individual, disparate boxes toward a unified system for designing and deploying new services in software. The Junos Platform includes the Junos Operating System, Junos Space network application platform, and the Junos Pulse integrated network client.
    at 4 comments:
    Subscribe to: Posts (Atom)
    loading...