Juniper SSG5 忘記登錄密碼!恢復出廠設置!



Juniper SSG5 忘記登錄密碼!恢復出廠設置


Juniper SSG5Juniper SRX系列或是CISCO的網路設備,在密碼管理方面不太一樣,當您忘記密碼時,並沒有所謂的密碼恢復程序來讓您能夠恢復密碼,您唯一能做的事就是恢復出廠設置(常用的說法有出廠組態、出廠設定等)!
而一旦恢復了出廠設置,Juniper SSG5就會清空設備內的組態(設定)
所以千萬要養成每次更改設定後,就立刻儲存成備份設定檔的好習慣,以防萬一。
過程中需要連線Juniper SSG5 console主控台,請參考此連結:

要恢復SSG5 出廠設置有兩個方法:
1.Hardwarw Reset
SSG5的後面有一個Reset的針孔,您必須配合它的燈號,第一次差大約6秒不動,然後燈號變成一紅一綠,在將針拔出然後間隔約2秒之後,再將針插入約6秒,如此才能完成Reset動作。
按設備reset鍵恢復出廠設置
Reset鍵在設備背面USB插頭附近。




 首先按住用牙籤按住reset 6秒左右,console畫面顯示以下資訊
login:
Configuration Erasure Process has been initiated.
Waiting for 2nd confirmation.
直到電源燈閃爍綠色,再按住reset2-3秒,顯示以下資訊
2nd push has been confirmed.
Configuration Erase sequence accepted, unit reset.
直到狀態燈變成琥珀色長亮1.5秒,然後回到綠色閃爍狀態,這個時候設備已經被重置到出廠設置狀態了。
接著console畫面顯示以下資訊:
Juniper Networks SSG5 Boot Loader Version 1.3.2 (Checksum: A1EAB858)
Copyright (c) 1997-2006 Juniper Networks, Inc.

Total physical memory: 128MB
    Test - Pass
    Initialization - Done

Hit any key to run loader
Hit any key to run loader
。。。。。。。。。。。。。
 總之,要完成以上步驟還是需要點程序的。


2.Console Reset

Unset all
reset


From the CLI, enter unset all; press ENTER.

When prompted for Erase all system config, are you sure y/[n]; press y.
Enter reset; press ENTER
When prompted for Configuration Modifies, save; press n
When prompted for System Reset, Are you sure; press y.

Upon the system reboot, the configuration will be reverted to the factory default.
The default IP address of the NetScreen device is 192.168.1.1, the admin name is netscreen and the password is netscreen.
 


或者:

Login: 序號
Password:序號

查看序號:
ssg5-serial-> get system
Product Name: SSG5-Serial
Serial Number: 0162032012000759, Control Number: 00000000
Hardware Version: 0710(0)-(00), FPGA checksum: 00000000, VLAN1 IP (0.0.0.0)


可以直接用序列號登陸。用戶名和密碼都輸入產品序列號。
用設備序列號恢復出廠設置
 console線連接到netscreen防火牆,然後輸入設備序列號(serial number),serial number在設備背板面上。




login: 0162032012000759
password: 0162032012000759
!!! Lost Password Reset !!! You have initiated a command to reset the device to factory defaults, clearing all current configuration and settings. Would you like to continue? y/[n] Y
恢復出廠設置,將刪除當前所有的配置,按“Y”
!! Reconfirm Lost Password Reset !! If you continue, the entire configuration of the device will be erased. In addition, a permanent counter will be incremented to signify that this device has been reset. This is your last chance to cancel this command. If you proceed, the device will return to factory default configuration, which is: System IP: 192.168.1.1; username: netscreen, password: netscreen. Would you like to continue? y/[n] Y  “Y”
In reset ...

Juniper Networks SSG5 Boot Loader Version 1.3.2 (Checksum: A1EAB858)
Copyright (c) 1997-2006 Juniper Networks, Inc.
 Total physical memory: 128MB
    Test - Pass
    Initialization - Done
 Hit any key to run loader
Hit any key to run loader
Hit any key to run loader
Hit any key to run loader
 Loading default system image from on-board flash disk...
Done! (size = 15,171,584 bytes)
 Image authenticated!
 Start loading...
.................................................................
..........................................
Done.
Juniper Networks, Inc
SSG5/SSG20 System Software
Copyright, 1997-2008
Version 6.2.0r3.0
Load Manufacture Information ... Done
Initialize FBTL 0........ Done
Load NVRAM Information ... (6.2.0)Done
Install module init vectors
Install modules (01128800,0209f5c0) ...
PPP IP-POOL initiated, 256 pools
Initializing DI 1.1.0-ns
w3g_cfg_init
*********************************************************
System time: 22July2010:15:29:44
If this is the initial device startup,
use the "set clock" command to set the system clock.
*********************************************************
system init done..
login: System change state to Active(1)

現在可以用出廠默認帳號密碼(netscreen)登陸
login: netscreen
password:
ssg5-serial-> get interface 查詢一下i介面資訊,確定已經重置了
A - Active, I - Inactive, U - Up, D - Down, R - Ready
Interfaces in vsys Root:
Name           IP Address                        Zone        MAC            VLAN State VSD     
serial0/0      0.0.0.0/0                         Null        N/A               -   D   - 
eth0/0         0.0.0.0/0                         Untrust     0023.9c2a.1500    -   D   - 
eth0/1         0.0.0.0/0                         DMZ         0023.9c2a.1505    -   D   - 
bgroup0        192.168.1.1/24                    Trust       0023.9c2a.150b    -   D   - 
 eth0/2       N/A                               N/A         N/A               -   D   -
 eth0/3       N/A                               N/A         N/A               -   D   -
 eth0/4       N/A                               N/A         N/A               -   D   -
 eth0/5       N/A                               N/A         N/A               -   D   -
 eth0/6       N/A                               N/A         N/A               -   D   -
bgroup1        0.0.0.0/0                         Null        0023.9c2a.150c    -   D   - 
bgroup2        0.0.0.0/0                         Null        0023.9c2a.150d    -   D   - 
bgroup3        0.0.0.0/0                         Null        0023.9c2a.150e    -   D   - 
vlan1          0.0.0.0/0                         VLAN        0023.9c2a.150f    1   D   - 
null           0.0.0.0/0                         Null        N/A               -   U   0 
注意:在您每次更改系統配置後,應該及時備份新的配置。這將使您在恢復系統密碼的時候能迅速恢復以前的配置。
注意:設備恢復出廠設置功能是開放的。您可以在命令行下輸入:unset admin device-reset關閉這個功能。

恢復出廠配置(組態)後的設定檔內容:
此配置乃是恢復出廠後,第一次用流覽器登入J-Web(在網址列輸入192.168.1.1),在 Rapid Deployment Wizard 快速部署精靈 畫面中,選擇 No, skip the Wizard and go straight to the WebUI management session instead. 選項後,系統所自動產生的內容。
set clock timezone 0
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set alg appleichat enable
unset alg appleichat re-assembly enable
set alg sctp enable
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "netscreen"
set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
set admin auth web timeout 10
set admin auth dial-in timeout 3
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "DMZ" tcp-rst
set zone "VLAN" block
unset zone "VLAN" tcp-rst
set interface "ethernet0/0" zone "Untrust"
set interface "ethernet0/1" zone "DMZ"
set interface "bgroup0" zone "Trust"
set interface bgroup0 port ethernet0/2
set interface bgroup0 port ethernet0/3
set interface bgroup0 port ethernet0/4
set interface bgroup0 port ethernet0/5
set interface bgroup0 port ethernet0/6
unset interface vlan1 ip
set interface bgroup0 ip 192.168.1.1/24
set interface bgroup0 nat
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface bgroup0 ip manageable
set interface bgroup0 dhcp server service
set interface bgroup0 dhcp server auto
set interface bgroup0 dhcp server option gateway 192.168.1.1
set interface bgroup0 dhcp server option netmask 255.255.255.0
set interface bgroup0 dhcp server ip 192.168.1.33 to 192.168.1.126
unset interface bgroup0 dhcp server config next-server-ip
set flow tcp-mss
unset flow no-tcp-seq-check
set flow tcp-syn-check
unset flow tcp-syn-bit-check
set flow reverse-route clear-text prefer
set flow reverse-route tunnel always
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
set url protocol websense
exit
set policy id 1 from "Trust" to "Untrust"  "Any" "Any" "ANY" permit
set policy id 1
exit
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
unset license-key auto-update
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit



這個網誌中的熱門文章

如何測試網路連線--網路斷線了怎麼辦?

筆記電腦刷BIOS失敗無法開機—用CH341A編程器重刷BIOS教學!

查理王的電腦部落格-首頁