Module 6: System Administration: E-Series Routing Protocols

E-series Routing Protocols
Module 6: System Administration
Copyright © 2003, Juniper Networks, Inc. ERP-5.a.5.1.0

Module Objectives
 After successfully completing this module, you will
be able to:
– List and describe the different reload options for the
E-series router
– Describe the process to upgrade software on the router
– Describe different options to downgrade software on the
router
– Describe the router's backup boot configuration
capabilities
– Describe the process to recover from a corrupted flash
– Identify and describe the function of the SRP reset buttons
– Describe the Privileged Exec mode password removal
process
– Describe the process of enabling and using FTP server
functionality
Copyright © 2003, Juniper Networks, Inc.

Agenda: System Administration
 Reboot and Reload Options
 Upgrading and Downgrading Software
 Copying Partial System Releases
 Backup Boot Configuration and Slot Configuration
 Boot Challenges
– Recovering from Problems
– Reboot History File
– Hard Reset Bottom on SRP
– Password Removal
 Accessing the CLI

Agenda: Reboot and Reload Options
 Reboot and Reload Options
 Boot Challenges

Rebooting Review
 E-series router needs two things to boot or reload:
– Configuration file
 System configuration
 By default, a file stored on the flash called running-configuration
– Operating system
 Software release
– Stored on the flash
 To view current boot configuration:
ERX1#show boot
System Release: erx_4-0-0p1-7.rel
System Configuration: running-configuration
Note: This system is not configured with backup settings.
ERX1#

E-series Router Reload Options
 Options:
– Reload the E-series router immediately:
erx2#reload
– Scheduled reload at a specified time:
erx2#reload at 03:20 feb 27 Gary upgraded to sw 4.0.2
Reload scheduled for THU FEB 27 2003 03:20:00 UTC
Reload reason: Gary upgraded to sw 4.0.2
WARNING: This command will cause the system to reboot.
Proceed with reload? [confirm]
erx2#show last
time of reset: THU FEB 27 2003 03:20:03 UTC
run state: primary
image type: application
reset type: user reboot, task "systemRebootTime", reason "Gary
upgraded to sw
4.0.2"
– Reload in a specific amount of time:
erx2#reload in 00:05
– Reload a specific slot:
erx2#reload slot 2
– Verify reload configuration:
erx2#show reload
Reload scheduled for THU FEB 27 2003 03:20:00 UTC
Reload reason: Gary upgraded to sw 4.0.2
Agenda: Upgrading and
Downgrading Software
 Upgrading and Downgrading Software
 Boot Challenges

Upgrading Software: Step 1
E-series Router Flash
erx_4-0-0p1-7.rel !
erx_4-0-2.rel E-series Router
Internet
Juniper Networks
FTP Server FTP Server
10.1.7.100
 Copy new software release to the router

– Copy new release (erx_4-0-2.rel) to your FTP server
– Configure the router with the remote FTP server’s address and
protocol using the following command:
ERX1(config)#host pc 10.1.7.100 ftp erx1 mypassword
– Copy the new release from your FTP server to the router:
ERX1#copy pc:4-0-2/erx_4-0-2.rel erx_4-0-2.rel

erx_4-0-0p1-7.rel !
E-series Router
erx_4-0-2.rel
erx_4-0-0p1-7.cnf Internet
erx_4-0-0p1-7.scr
FTP Server
10.1.7.100
 Back up the current working configuration

– On the router, copy the running-configuration to a file on
the flash:
ERX1#copy running-configuration erx_4-0-0p1-7.cnf
– Copy the old configuration file to your PC for backup
purposes:
ERX1#copy erx_4-0-0p1-7.cnf pc:erx_4-0-0p1-7.cnf
OR
ERX1#copy running-configuration pc:erx_4-0-0p1-7.cnf
– Perform the show configuration command and create a
script file from the results:
ERX1#show configuration > erx_4-0-0p1-7.scr
Script file on PC: erx_4-0-0p1-7.scr
erx_4-0-0p1-7.rel !
erx_4-0-2.rel ! E-series Router
erx_4-0-0p1-7.cnf
Internet
erx_4-0-0p1-7.scr
10.1.7.100
 Change the software release configuration and
reload the router
– Configure the router to use the new software release:
ERX1(config)#boot system erx_4-0-2.rel
WARNING: It is recommended that you copy the current running-configuration
to a file prior to running with a different release of software.
– Verify the boot settings:
ERX1#show boot
System Release: erx_4-0-2.rel
Note: This system is not configured with backup settings.
– Reload the router
– Verify and test the new software release
Upgrading Software: A Special Case
 Upgrading to a significantly different software release:
– Create a configuration script of the current configuration
 Store a copy on the flash
 Store a copy on the workstation
– Configure the router to boot from a factory default
configuration
– Configure the router to use the new software release
– Verify the boot settings
– Verify that all line modules are online
– Configure the router using the configuration script
– Verify and test the new software release

Downgrading the E-series Router
 Option 1:
– Configure the router to use the old configuration file only
once:
ERX1(config)#boot config erx_4-0-0p1-7.cnf once
– Configure the router to use the old software release:
ERX1(config)#boot system erx_4-0-0p1-7.rel
ERX1#show boot
System Release: erx_4-0-0p1-7.rel
System Configuration: erx_4-0-0p1-7.cnf once
Note: This system is not configured with backup
settings.
ERX1#
– Reload the router:
ERX1#reload

Downgrading…Another Option
 Option 2:
– Use the factory default configuration settings on the router:
ERX1(config)#boot config factory-defaults
– Configure the router to use the old release or system image:
ERX1(config)#boot system erx_4-0-0p1-7.rel
ERX1#show boot
– Verify that all line modules are online:
ERX1#show version
– Configure the router using the configuration script on the
flash:
ERX1#config file erx_4-0-0p1-7.scr show-progress

Agenda: Copying Partial System Releases

 Copying Partial System Releases
 Boot Challenges

System Release Files

Copying Partial Software Releases
 Steps:
– Only include required subsystems in software release on flash
 Speeds up copy time and saves flash space
– Configure the router to not copy specific subsystems when a
software release is copied from an FTP server:
erx1(config)#exclude-subsystem coc12
erx1(config)#exclude-subsystem oc12p
erx1(config)#exclude-subsystem oc12a
erx1(config)#exclude-subsystem oc12s
erx1(config)#exclude-subsystem ge
erx1(config)#exclude-subsystem ut3f
erx1(config)#exclude-subsystem dpfe
erx1(config)#exclude-subsystem ct1
– Verify subsystems to be included/excluded:
erx1#show configuration
 Indicates subsystems excluded
– Copy new partial release to the router:
erx1#copy pc:images/4-0-2/erx_4-0-2.rel small.rel
Using Partial Software Releases
 Steps:
– Verify subsystems included/excluded in the software release:
erx1#show subsystem file small.rel
Required: 19330638 bytes
Included Subsystems: 14541614 bytes
oc3
ct3
ut3a
Excluded Subsystems: 30049125 bytes
coc12
oc12p
oc12a
oc12s
ge
ct1
ut3f
dpfe
– Boot the router using partial release
– Verify operation:
 show version command: indicates partial release
 show configuration command: indicates subsystems excluded
– Note: If a required subsystem is missing, the line module will
not boot
Agenda: Backup Boot Configuration and
Slot Configuration
 Backup Boot Configuration and Slot Configuration
 Boot Challenges

E-series Router Backup Boot
Configuration (1 of 3)
 Situation:
– Upgraded E-series router to new software release
– The router resets too many times in a given time period
 Solution:
– Prior to an upgrade, configure the router with backup boot
settings
– Router switches to use backup software release and
configuration file based on information in the reboot.hty
file
– Configurable boot revert tolerance
 An SRP will tolerate x reboots (count) in y seconds (time)
 If x+1 reboots occur within y seconds, the backup boot
configuration takes effect (per SRP)
– Backup boot configuration steps:
ERX1(config)#boot backup erx_4-0-0p1-7.rel erx_4-0-0p1-7.cnf
ERX1(config)#boot revert-tolerance 2 300

 To view the current boot configuration:
ERX1#show boot
System Release: bad.rel
Backup System Release: erx_4-0-0p1-7.rel

Backup System Configuration: erx_4-0-0p1-7.cnf
This system is currently configured to boot with its

primary (non-backup) settings.
Backup mode thresholds - count: 2 , time: 300
 To force the E-series router to use the backup boot
settings:
ERX1(config)#boot force-backup
 To temporarily disable the backup boot settings:
ERX1(config)#boot revert-tolerance never

 E-series router booted with backup configuration:
ERX1#show boot
System Release: bad.rel
Backup System Release: erx_4-0-0p1-7.rel

Backup System Configuration: erx_4-0-0p1-7.cnf
This system is currently configured to boot with

its backup settings.
Backup mode thresholds - count: 2 , time: 300
 To revert to primary boot configuration:
ERX1(config)#no boot force-backup
ERX1(config)#exit
ERX1#rename reboot.hty oldreboot.hty

Changing Slot Configurations
 Situation:
– Slot 1 used to have a UT3A line module installed and
configured―this card was removed, but remains in the
configuration
– Install a different type of line module
 show version indicates the slot is disabled due to a slot mismatch
 Solution:
– Remove existing slot configuration:
ERX1(config)#slot erase 1
 Always deletes slot configuration, even if no board mismatch
 Easy bulk deletion
OR
ERX1(config)#slot accept 1
 If the slot is empty or there is a board mismatch, deletes slot
configuration
 If there is no board mismatch, do nothing
– New line module boots and comes online

Agenda: Boot Challenges
 Boot Challenges

Reserved Key Sequences
 Reserved key sequences during the boot countdown
sequence:
– Typing the MB key sequence interrupts the boot sequence
and enters boot mode
– Typing the @ sign saves 7 seconds
 User Exec or Privileged Exec mode control keys:
– Control S
 Suspends console display
– Control Q
 Resumes console display
– Control X
 Provides the ability to interrupt processing and reboot the router
 Only available from the console―not Telnet/SSH
 To enable, use the service ctrl-x-reboot command
 To disable, use the no service ctrl-x-reboot command
Halting in Boot Mode
 Situation:
– The E-series router does not boot properly―it keeps
halting at the boot## prompt
 The router could have a corrupted flash or an invalid software
release
 Possible solutions:
– Option 1: Type reload at the boot## prompt
– Option 2: If the flash is accessible, configure the router to
boot using a system release on the flash card and the
factory-default configuration file:
:boot##boot system erx_4-0-2.rel
:boot##boot config factory-default
:boot##reload

Copy New Software to the Flash Card
 Option 3:
– If the flash is accessible but the system release is not
valid, copy a valid system release and backup
configuration file to the flash card, configure the boot
settings, and reload the router:
:boot##ip address 10.1.7.1 255.255.0.0
:boot##host myftpserver 10.1.7.100 ftp
:boot##ip gateway 10.1.0.1
– Verify that you can ping the router from the FTP server
:boot##copy myftpserver:erx_4-0-2.rel erx_4—0-2.rel
:boot##copy myftpserver:erx_4-0-2.cnf erx_4-0-2.cnf
:boot##boot config erx_4-0-2.cnf
:boot##reload

Rebuilding the Flash Card
 Option 4:
– Replace the flash card with a backup flash card, if
available
 Option 5:
– Contact JTAC, who might walk you through the following
procedure:
 Format the flash card, load the software and necessary files, and
reload the router:
:boot##flash-disk initialize
:boot##ip address 10.1.7.1 255.255.0.0
:boot##host myftpserver 10.1.7.100 ftp
:boot##ip gateway 10.1.0.1
 Verify that you can ping the router from the FTP server
:boot##copy myftpserver:erx_4-0-2.rel erx_4—0-2.rel
:boot##copy myftpserver:erx_4-0-2.cnf erx_4-0-2.cnf
:boot##boot config erx_4-0-2.cnf
:boot##reload
Duplicating Flash Cards
 Duplicating flash cards
– Copy the contents of the primary flash card onto a spare
flash card
– Reload the router and type mb during the countdown to
halt it at the boot## prompt
– Initiate the flash-disk duplicate command
ERX1#reload
WARNING: This command will cause the system to reboot.
Proceed with reload? [confirm] y
Reload operation commencing, please wait...
mb
:boot##flash-disk duplicate

Flash Card Synchronization and Validation
 synchronize manually forces the redundant SRP to

synchronize it’s flash card with the primary SRP’s flash
card
 flash-disk compare detects differences between the
redundant and primary flash cards
ERX1#flash-disk compare all
ERX1#flash-disk compare configuration
 synch low-level-check validates files that failed the
flash-disk compare
ERX1#synchronize low-level-check all
ERX1#synchronize low-level-check configuration

The reboot.hty File
 Accessing the reboot.hty file
– Primary SRP
ERX1#show reboot-history
– Standby SRP
ERX1#copy standby:reboot.hty temp.hty
ERX1#show reboot-history temp.hty
*** Entry 1 ***
time of reset: TUE FEB 11 2003 22:27:51 UTC
run state: unknown
image type: diagnostics
location: slot (8)
build date: 0x3df863a7 THU DEC 12 2002 10:23:35 UTC
reset type: control bus reset
*** Entry 2 ***
time of reset: TUE FEB 11 2003 22:25:09 UTC
run state: unknown
image type: boot
location: slot (8)
SRP Reset Buttons
 SRP has 2 reset buttons
– Top = Reset
– Bottom = NMI
 What happens if I push
the reset button on the
SRP?
– The router runs
hardware diagnostics
Board
and reloads Reset
– Power cycle Button
 What happens if I push NMI
the bottom NMI button?

– The router reloads
without running
hardware diagnostics
– Simple reload
Privileged Exec Mode Password Removal
 Situation:
– The Privileged Exec mode password was changed to an
unknown value or was forgotten
 Solution:
– Remove the Privileged Exec mode password:
ERX1>erase secret 60
Push bottom button on the SRP ONCE)
Please wait....
ERX1>

Agenda: Accessing the CLI
 Boot Challenges
 Accessing the CLI

Access to the E-series
Router―Console/Telnet/SSH
Enable
Console
User Password Privileged
Password
Exec Exec
Username
Username Password
Password
gary miata
diane piano
RADIUS/TACACS+

Configuring RADIUS/TACACS+
Authentication for CLI Access
 Steps:
– Add the users into the RADIUS or TACACS+ database
– Configure the E-series router for RADIUS or TACACS+
authentication:
ERX1(config)# aaa new-model
– Configure the RADIUS or TACACS+ authentication server on the
router:
ERX1(config)# radius authentication server 10.1.7.55
ERX1(config-radius)# udp-port 1645
ERX1(config-radius)# key training
or
ERX1(config)#tacacs-server host 10.1.7.55 port 10 key training
– Configure the source IP address of RADIUS or TACACS+ packets
originated on the router:
ERX1(config)# radius update-source-addr 10.1.7.6
or
ERX1(config)#tacacs-server source-address 10.1.7.6

Configuring Console Access
 Steps:
– Configure the router authentication scheme used for console
sessions:
ERX1(config)# aaa authentication login loginlist radius
tacacs line none
– Configure the console line to use the authentication scheme
defined above, and configure a console password:
ERX1(config)# line console 0
ERX1(config-line)# login authentication loginlist
ERX1(config-line)# password consolepass

Configuring Telnet Access
 Steps:
– Configure the appropriate RADIUS components
– Configure the router authentication scheme used for
Telnet sessions (this authentication scheme could be
same one used for the console):
ERX1(config)# aaa authentication login telnetlist
radius line
– Configure the virtual or Telnet lines to use the
authentication scheme defined above, and configure a
Telnet password:
ERX1(config)# line vty 0 4
ERX1(config-line)# login authentication telnetlist
ERX1(config-line)# password telnetpass

Restricting User Access using
Command Access Levels
Enable
Password User Password Privileged
Exec Exec
RADIUS
Username Username Password Level Level 1 5 10 15

Password gary miata 1 0
diane piano 10
 Access levels and available commands

– Level 0: Disable, enable, exit and help
– Level 1: Level 0 + all other User Exec commands
– Level 5: Level 1 + all Privileged Exec show commands
– Level 10: Level 5 + all other commands except support mode
– Level 15: Level 10 + support mode
Restricting User Access Using Enable
Passwords per Level
Enable
Exec Exec
ERX1>enable 10
RADIUS
Username Username Password Level Level 1 5 10 15

Password gary miata 1 0
diane piano 10
 Enable passwords:
– Can be configured per level
– Stored locally on the E-series router

Restricting User Access to a Virtual Router
Enable
Exec Exec
RADIUS E-series Router
Username Username Password Level All VR VR

VR1
gary miata 1 disable vr1
Password
diane piano 10 enable
 Controlling virtual router access Default

– Juniper-Allow-All-VR-access (enable or disable)
– Juniper-Virtual-Router
– Juniper-Alt-CLI-Virtual-Router-Name
 Users restricted to a specific virtual router have a limited
command set
– Simple show commands only
– No halt, reload, configuration, etc.
Console Password Removal
 Situation:
– The console password was changed to an unknown value
or forgotten
– Will this solution work?
ERX1>erase secret 60
Push bottom button on the SRP ONCE)
Please wait....
ERX1>
 Solution:
– Access the boot## prompt
 Reset button on SRP
 Control X at console login prompt
 Power cycle the router (last resort)
 For all, type mb during countdown
– Disable console authentication and reload router:
:boot##disable console authentication
:boot##reload

The E-series Router as an FTP Server
FTP Client FTP Server
192.168.1.1/24 192.168.1.2/24
1
Configure the FTP server host record:
client(config)# host server 192.168.1.2 ftp
2 FTP the file from the server to the
Client using the copy command:
client#copy server:/outgoing/start.scr start.scr
1 Configure the E-series router to be an FTP server:
server(config)#ftp-server enable
2 You must copy the file your system space to

user space (incoming or outgoing directories):
Server#copy start.scr /outgoing/start.scr
FTP Server-Related Functions
 Useful commands:
– View the E-series router’s nonvolatile file system with FTP
server functionality:
ERX6#dir
Please wait...
unshared in
file size size date (UTC) use
------------------- -------- -------- ------------------- ---
/incoming <DIR> 0 11/07/2001 16:03:36
/outgoing <DIR> 7168 11/07/2001 16:03:36
good.cnf 71894 71894 10/16/2001 14:25:22
start.cnf 77449 77449 11/27/2001 13:01:02
reboot.hty 28416 28416 11/28/2001 12:19:52
system.log 675 675 08/30/2001 10:22:20
erx_4-0-2.rel 69806959 69806959 10/31/2001 11:00:46 !
erx_4-0-0p1-7.rel 65132167 65132167 08/03/2001 08:59:50
Capacity = 220200960, Bytes Free = 45648291, Reserved = 36700160
– To delete files in user space:

ERX6#delete /incoming/test.scr
– To view the contents of a subdirectory in user space:
ERX6#dir /outgoing
Review Questions
1. How would you describe the different reload options
on the E-series router?
2. What is the process to upgrade software?
3. How would you describe different options to
downgrade software?
4. How would you describe the router's backup boot
configuration capabilities?
5. What is the process to recover from a corrupted flash?
6. How would you identify and describe the function of
the SRP reset buttons?
7. How would you describe the Privileged Exec mode
password removal process?
8. How would you describe the process of enabling and
using FTP server functionality?

Module 6: System Administration: E-Series Routing Protocols

Uploaded by

Copyright:

Available Formats

Module 6: System Administration: E-Series Routing Protocols

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Module 6: System Administration: E-Series Routing Protocols

Uploaded by

Copyright:

Available Formats

E-series Routing Protocols

Module 6: System Administration

Copyright © 2003, Juniper Networks, Inc. ERP-5.a.5.1.0

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

 Copy new software release to the router

Copyright © 2003, Juniper Networks, Inc.

 Back up the current working configuration

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

 Reboot and Reload Options

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

Backup System Release: erx_4-0-0p1-7.rel

This system is currently configured to boot with its

Copyright © 2003, Juniper Networks, Inc.

Backup System Release: erx_4-0-0p1-7.rel

This system is currently configured to boot with

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

 synchronize manually forces the redundant SRP to

Copyright © 2003, Juniper Networks, Inc.

 What happens if I push NMI

the bottom NMI button?

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

Copyright © 2003, Juniper Networks, Inc.

Username Username Password Level Level 1 5 10 15

 Access levels and available commands

Username Username Password Level Level 1 5 10 15

Copyright © 2003, Juniper Networks, Inc.

RADIUS E-series Router

Username Username Password Level All VR VR

 Controlling virtual router access Default

Copyright © 2003, Juniper Networks, Inc.

2 You must copy the file your system space to

– To delete files in user space:

You might also like