設定の初期化方法( SRX / M / MX ルータ編)

結論を先に言ってしまうとJunos 10.0よりサポートされた” request system zeroize “というコマンドを使用します

SRX100で検証してみました

まずはこんな設定が入っています

Juniper@SRX100# show | no-more
## Last changed: 2010-02-11 22:24:34 UTC
version 10.0R1.8;
system {
    host-name SRX100;
    root-authentication {
        encrypted-password “$1$qKWBf6OG$vEy6IBtUaTlBEc49Y8fGR.”; ## SECRET-DATA
    }
    login {
        user Juniper {
            uid 2000;
            class super-user;
            authentication {
                encrypted-password “$1$9yFBZHMp$rGI0KXGZ5.h5DTp3QNg071″; ## SECRET-DATA
            }
        }
    }
    max-configurations-on-flash 5;
    max-configuration-rollbacks 5;
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
}

「 request system zeroize 」コマンドを実施すると
「 Erase all data, including configuration and log files? [yes,no] (no) 」
と聞かれるので”yes”を入力します
すると /config/ 以下のファイルが削除され自動的にリブートが行われます

では、早速やってみましょう

Juniper@SRX100> request system zeroize
warning: System will be rebooted and may not boot without configuration
Erase all data, including configuration and log files? [yes,no] (no) yes

error: Unrecognized command
warning: zeroizing re0

Juniper@SRX100> Waiting (max 60 seconds) for system process `vnlru’ to stop…done
Waiting (max 60 seconds) for system process `vnlru_mem’ to stop…done
Waiting (max 60 seconds) for system process `bufdaemon’ to stop…done
Waiting (max 60 seconds) for system process `syncer’ to stop…
Syncing disks, vnodes remaining…1 1 1 1 1 1 1 0 0 0 done

syncing disks… All buffers synced.
Uptime: 17m5s
Rebooting…
cpu_reset: Stopping other CPUs

U-Boot 1.1.6 (Build time: Nov 19 2009 – 07:52:31)

SRX_100_LOWMEM board revision major:0, minor:0, serial #: AT4409AF0276
OCTEON CN5020-SCP pass 1.1, Core clock: 500 MHz, DDR clock: 266 MHz (532 Mhz data rate)
DRAM:  512 MB

~~~ 以下、略 ~~~

ルータが起動してきたら設定が初期設定に戻っているか確認をしてみましょう

root# show | no-more
## Last changed: 2010-02-11 22:31:54 UTC
version 10.0R1.8;
system {
    autoinstallation {
        delete-upon-commit; ## Deletes [system autoinstallation] upon change/commit
        traceoptions {
            level verbose;
            flag {
                all;
            }
        }
        interfaces {
            fe-0/0/0 {
                bootp;
            }
        }
    }
    name-server {
        208.67.222.222;
        208.67.220.220;
    }
    services {
        ssh;
        telnet;
        web-management {
            http {
                interface vlan.0;
            }
            https {
                system-generated-certificate;
                interface vlan.0;
            }
        }
        dhcp {
            router {
                192.168.1.1;
            }
            pool 192.168.1.0/24 {
                address-range low 192.168.1.2 high 192.168.1.254;
            }
            propagate-settings fe-0/0/0.0;
        }
    }
    syslog {
        archive size 100k files 3;
        user * {
            any emergency;
        }
        file messages {
            any critical;
            authorization info;
        }
        file interactive-commands {
            interactive-commands error;
        }
    }
    max-configurations-on-flash 5;
    max-configuration-rollbacks 5;
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
    ## Warning: missing mandatory statement(s): ‘root-authentication’
}
interfaces {
    interface-range interfaces-trust {
        member fe-0/0/1;
        member fe-0/0/2;
        member fe-0/0/3;
        member fe-0/0/4;
        member fe-0/0/5;
        member fe-0/0/6;
        member fe-0/0/7;
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/0 {
        unit 0;
    }
    vlan {
        unit 0 {
            family inet {
                address 192.168.1.1/24;
            }
        }
    }
}
security {
    nat {
        source {
            rule-set trust-to-untrust {
                from zone trust;
                to zone untrust;
                rule source-nat-rule {
                    match {
                        source-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }
        }
    }
    screen {
     
   ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {
                source-route-option;
                tear-drop;
            }
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    timeout 20;
                }
                land;
            }
        }
    }
    zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                vlan.0;
            }
        }
        security-zone untrust {
            screen untrust-screen;
            interfaces {
                fe-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            dhcp;
                            tftp;
                        }
                    }
                }
            }
        }
    }
    policies {
        from-zone trust to-zone untrust {
            policy trust-to-untrust {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
}
vlans {
    vlan-trust {
        vlan-id 3;
        l3-interface vlan.0;
    }
}

ちゃんとSRXの初期設定に戻っていることが確認できました

久しぶりに技術的なブログとなりました めでたしめでたし

(2010/5/3追記)
Junos10.1よりこのコマンドが使用できなくなっています
従来どおりRESETボタン等を使用するなどしてconfigの初期化を行うようにしてください

このエントリーを含むはてなブックマーク Buzzurlにブックマーク livedoorクリップ Yahoo!ブックマークに登録

タグ

トラックバック&コメント

この投稿のトラックバックURL:

コメントをどうぞ

このページの先頭へ