Juniper SRX 使用Reset Config重置組態按鈕

Juniper SRX 使用Reset Config重置組態按鈕

如果配置失敗或拒絕對服務閘道(Service Gateway)的管理訪問, 則可以使用 "重置配置Reset Config " 按鈕將設備恢復到出廠預設配置(factory-default configuration)搶救配置(rescue configuration)。例如, 如果有人無意中提交了拒絕管理訪問服務閘道的配置, 則可以通過按下 "重定配置Reset Config " 按鈕來刪除無效配置並將其替換為 " rescue搶救"
救援配置rescue configuration是以前提交的、有效的配置。您以前必須通過 J Web 介面或 CLI 設置了救援配置。
user@srx> request system configuration rescue save   ##設定當前運行中之設定檔為補救設定檔
user@srx> rollback rescue   ##命令會載入補救設定檔
要按重定配置按鈕, 請在前面板的針孔上插入一個小探頭 (如拉直的迴紋針)
預設情況下, 按下並快速釋放重定配置按鈕將載入通過 J Web 介面或 CLI 提交的救援配置。此時, 狀態指示燈呈穩定琥珀色solid amber
預設情況下, 按住 "重定配置" 按鈕15秒鐘或更短-直到狀態指示燈呈穩定琥珀色-將刪除設備上的所有配置, 包括備份配置和救援配置, 及載入並提交(commit)出廠預設配置。

更改 SRX100 服務閘道上的重置配置Reset Config按鈕行為
要防止 "重定配置Reset Config " 按鈕作用時,除了將設備設置成為出廠預設配置外, 並一起刪除所有其他配置,可執行以下命令:
user@srx# set chassis config-button no-clear
您仍然可以按下並快速釋放該按鈕, 將其重置為救援配置。
要防止 "重定配置Reset Config " 按鈕將設備設置成為 "搶救" 配置,可執行以下命令:
user@srx# set chassis config-button no-rescue
您仍然可以按住按鈕15秒鐘或更多, 以將閘道重置為出廠預設配置。
要禁用該按鈕並防止設備重置為任一配置,可執行以下命令:
user@srx# set chassis config-button no-clear no-rescue
no-clear 選項可防止 "重定配置Reset Config " 按鈕刪除 "服務" 閘道上的所有配置。no-rescue 選項可防止 "重定配置Reset Config " 按鈕載入 " rescue " 設置。
若要將 "重定配置" 按鈕的函數返回到其預設行為, 請從設備配置中刪除配置按鈕語句。





設備恢復出廠介紹

進入到配置模式,執行下列命令:
root@srx100# load factory-default
warning: activating factory configuration    /***系統啟動出廠配置***/
恢復出廠後,必須立刻設置ROOT 帳號密碼<默認密碼至少6 位數:必須包含字母加數字>
root@srx100# set system root-authentication plain-text-password  /***一定要執行此命令,不然無法commit***/
New password:
Retype new password:  
當設置完ROOT 帳號密碼以後,進行提交(commit)以保存並實行配置
root@srx100# commit
commit complete

load factory-default的效果等同以下的動作:
預設情況下,在SRX100/210設備的前面板上,按住 "重設組態Reset Config" 按鈕15秒鐘或更短-直到狀態指示燈呈穩定琥珀色-這將刪除設備上的所有配置,包括備份配置和救援配置,及載入並提交(commit)出廠預設配置。

此時console會顯示以下訊息:
Broadcast Message from root@srx100
        (no tty) at 23:57 CST...
Config button pressed
Committing factory default configuration

若您此時從WebUI來登入srx設備,會看到以下Setup Wizard畫面:


而關於其詳細設定內容請您參考以下之連結:

若您此時在CLI命令列輸入show | no-more則可以看到出廠預設之配置如下:
root@srx100# show | no-more
system {
    autoinstallation {
        delete-upon-commit; ## Deletes [system autoinstallation] upon change/commit
        traceoptions {
            level verbose;
            flag {
                all;
            }
        }
        interfaces {
            fe-0/0/0 {
                bootp;
            }
        }
    }
    name-server {
        208.67.222.222;
        208.67.220.220;
    }
    services {
        ssh;
        telnet;
        xnm-clear-text;
        web-management {
            http {
                interface vlan.0;
            }
            https {
                system-generated-certificate;
                interface vlan.0;
            }
        }
        dhcp {
            router {
                192.168.1.1;
            }
            pool 192.168.1.0/24 {
                address-range low 192.168.1.2 high 192.168.1.254;
            }
            propagate-settings fe-0/0/0.0;
        }
    }
    syslog {
        archive size 100k files 3;
        user * {
            any emergency;
        }
        file messages {
            any critical;
            authorization info;
        }
        file interactive-commands {
            interactive-commands error;
        }
    }
    max-configurations-on-flash 5;
    max-configuration-rollbacks 5;
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
    ## Warning: missing mandatory statement(s): 'root-authentication'
}
interfaces {
    fe-0/0/0 {
        unit 0;
    }
    fe-0/0/1 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/2 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/3 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/4 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/5 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/6 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/7 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    vlan {
        unit 0 {
            family inet {
                address 192.168.1.1/24;
            }
        }
    }
}
protocols {
    stp;
}
security {
    screen {
        ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {
                source-route-option;
                tear-drop;
            }
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    timeout 20;
                }
                land;
            }
        }
    }
    nat {
        source {
            rule-set trust-to-untrust {
                from zone trust;
                to zone untrust;
                rule source-nat-rule {
                    match {
                        source-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }
        }
    }
    policies {
        from-zone trust to-zone untrust {
            policy trust-to-untrust {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
    zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                vlan.0;
            }
        }
        security-zone untrust {
            screen untrust-screen;
            interfaces {
                fe-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            dhcp;
                            tftp;
                        }
                    }
                }
            }
        }
    }
}
vlans {
    vlan-trust {
        vlan-id 3;
        l3-interface vlan.0;
    }
}


這個網誌中的熱門文章

如何測試網路連線--網路斷線了怎麼辦?

筆記電腦刷BIOS失敗無法開機—用CH341A編程器重刷BIOS教學!

查理王的電腦部落格-首頁