Knowledge Search


×
 

How to recover the password and configuration for the EX-series Switch Virtual Chassis (VC) setup.

  [KB12487] Show Article Properties


Summary:
This article provides a method for recovering the password and configuration for EX-series Switches that are in a Virtual Chassis (VC) setup.  
Symptoms:
How do I recover the password and configuration on the EX-series Switch in a Virtual Chassis setup?
Solution:

To recover the password and configuration:

  1. Connect a console cable to the Master EX Switch in the Virtual Chassis.
  2. Power Off all members other than the Master.
  3. Reboot the Master from the console or from the LCD panel.  Watch as the system boots, and press the 'spacebar' at the "Loading /boot/defaults/loader.conf" to get a command prompt.  Enter 'boot -s' at the prompt to boot into single-user mode as shown:
    FreeBSD/PowerPC U-Boot bootstrap loader, Revision 2.1
    (marcelm@apg-bbuild01.juniper.net, Wed Feb 6 11:23:55 PST 2008)
    Memory: 1024MB
    Loading /boot/defaults/loader.conf                                   <--------------
    /kernel data=0x9ec818+0x6eb6c syms=[0x4+0x888e0+0x4+0x8f04d]

    Hit [Enter] to boot immediately, or space bar for command prompt.  
      <--------------

    <user presses spacebar>

    loader> boot -s
    Kernel entry at 0xa0000100 ...
    GDB: no debug ports present
    KDB: debugger backends: ddb
    KDB: current backend: ddb
    Copyright (c) 1996-2008, Juniper Networks, Inc.
    All rights reserved.
    Copyright (c) 1992-2006 The FreeBSD Project.
  4. The system performs a single-user boot-up process and prompts the user to run the recovery script, enter a shell pathname or press enter for a default shell.  Press enter at this point.
    Mounted jbase package on /dev/md0...
    System watchdog timer disabled
    Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh:

    <user presses enter>
  5. This will put you at a (#) prompt.  At this point, mount the filesystem.  Create a temporary directory and move the existing configurations to the temporary folder you created.  Type 'exit' to continue the boot process.  The commands are listed below:
    mount -a
    mkdir /config/temp
    mv /config/*.gz /config/temp
    shutdown -r now
  6. Since there are no configuration files in the /config directory the switch boots to a factory default configuration.  At this point you can log in as the root user without a password. Use the 'load override' command to recall your previous configuration. Set the new root password and the system is recovered upon a commit. The commands are listed below:
    Creating initial configuration...mgd: error: Cannot open configuration file: /config/juniper.conf
    mgd: warning: activating factory configuration
    mgd: commit complete
    mgd: ----------------------------------------------------------
    mgd: Please login as 'root'. No password is required.
    mgd: To start Initial Setup, type 'ezsetup' at the JUNOS prompt.
    mgd: To start JUNOS CLI, type 'cli' at the JUNOS prompt.
    mgd: ----------------------------------------------------------
    Setting initial options: debugger_on_panic=NO debugger_on_break=NO.
    Starting optional daemons: .
    Doing initial network setup:.
    Initial interface configuration:
    additional daemons:.
    savecore: could not be determined
    savecore: no dumps found
    Additional routing options: ipsec kld.
    Doing additional network setup:.
    Starting final network daemons:.
    setting ldconfig path: /usr/lib /opt/lib
    starting standard daemons: cron.
    Local package initialization:.
    starting local daemons:.

    Thu Aug 13 09:50:55 UTC 2020

    Narang (ttyu0)
    root@%
    root@% root
    root@%
    root@% OS 9.2R1.10 built 2008-08-07 06:14:51 UTC
    root@%

    root@% cli
    root> show virtual-chassis status

    Virtual Chassis ID: 0019.e255.ed40
    Mastership Neighbor List
    Member ID Status Serial No Model priority Role ID Interface
    0 (FPC 0) NotPrsnt BP0208138054 ex4200-48t
    1 (FPC 1) Prsnt BM0208163001 ex4200-24t 255 Master*
    2 (FPC 2) NotPrsnt BN0208151217 ex4200-24p
    3 (FPC 3) NotPrsnt BR0208233848 ex4200-24f
    4 (FPC 4) NotPrsnt BQ0208138245 ex4200-48p

    Member ID for next new member: 5 (FPC 5)
  7. At this point, this Master remembers the VC configuration and member id of other members.  Below will be the configuration of Master at this point.
    root> edit
    Entering configuration mode
    [edit]

    root# show
    ## Last changed: 2020-08-13 09:50:48 UTC

    version 9.2R1.10;

    system {
    syslog {
    user * {
    any emergency;
    }
    file messages {
    any notice;
    authorization info;
    }
    file interactive-commands {
    interactive-commands any;
    }
    }
    commit {
    factory-settings {
    reset-chassis-lcd-menu;
    reset-virtual-chassis-configuration;
    }
    }
    ## Warning: missing mandatory statement(s): 'root-authentication'
    }
    interfaces {
    ge-0/0/0 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/1 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/2 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/3 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/4 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/5 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/6 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/7 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/8 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/9 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/10 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/11 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/12 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/13 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/14 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/15 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/16 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/17 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/18 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/19 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/20 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/21 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/22 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/0/23 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/1/0 {
    unit 0 {
    family ethernet-switching;
    }
    }
    xe-0/1/0 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/1/1 {
    unit 0 {
    family ethernet-switching;
    }
    }
    xe-0/1/1 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/1/2 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/1/3 {
    unit 0 {
    family ethernet-switching;
    }
    }
    }
    protocols {
    igmp-snooping {
    vlan all;
    }
    lldp {
    interface all;
    }
    lldp-med {
    interface all;
    }
    rstp;
    }
    poe {
    interface all;
    }
  8. At this time, power ON the other members of the VC.
    **NOTE: DO NOT COMMIT at this time, otherwise member id of the Master will become 0**
  9. After Power On the output of 'show virtual-chassis status' will show all other members; see sample below.
    root> show virtual-chassis status

    Virtual Chassis ID: 0019.e255.ed40

    Mastership Neighbor List
    Member ID Status Serial No Model priority Role ID Interface

    0 (FPC 0) Prsnt BP0208138054 ex4200-48t 128 Linecard 1 vcp-0
    4 vcp-1
    1 (FPC 1) Prsnt BM0208163001 ex4200-24t 255 Master* 2 vcp-0
    0 vcp-1
    2 (FPC 2) Prsnt BN0208151217 ex4200-24p 128 Linecard 3 vcp-0
    1 vcp-1
    3 (FPC 3) Prsnt BR0208233848 ex4200-24f 128 Linecard 4 vcp-0
    2 vcp-1
    4 (FPC 4) Prsnt BQ0208138245 ex4200-48p 255 Backup 0 vcp-0
    3 vcp-1
  10. Now you are logged into the VC with default configuration with all members showing in virtual-chassis status.
  11. Use the 'load override' command to recall your previous configuration. Set the new root password and the system is recovered upon a commit. The commands are illustrated here:
    root# load override /config/temp/?

    Possible completions:

    <[Enter]> Execute this command
    <filename> Filename (URL, local, remote, or floppy)
    /config/temp/juniper.conf.1.gz Size: 587, Last changed: Aug 10 15:26:03
    /config/temp/juniper.conf.2.gz Size: 586, Last changed: Aug 10 15:17:54
    /config/temp/juniper.conf.3.gz Size: 586, Last changed: Aug 10 15:12:46
    /config/temp/juniper.conf.gz Size: 587, Last changed: Aug 10 15:56:28

    [edit]

    root# load override /config/temp/juniper.conf.1.gz

    load complete

    [edit]
    root# set system root-authentication plain-text-password
    New password:
    Retype new password:

    [edit]

    root#
  12. Verify the original configuration which you will now commit.
    [edit]
    root# show | compare
    [edit system]
    + host-name Narang;
    + root-authentication {
    + encrypted-password "$1$u4hEGjAa$jMakis73u2zghtP7U/tuC1"; ## SECRET-DATA
    + }
    - commit {
    - factory-settings {
    - reset-chassis-lcd-menu;
    - reset-virtual-chassis-configuration;
    - }
    - }
    [edit interfaces]
    + ge-0/0/24 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/25 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/26 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/27 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/28 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/29 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/30 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/31 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/32 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/33 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/34 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/35 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/36 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/37 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/38 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/39 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/40 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/41 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/42 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/43 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/44 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/45 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/46 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-0/0/47 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }
    + ge-3/0/0 {
    + unit 0 {
    + family ethernet-switching;
    + }
    + }

    [edit]
    + virtual-chassis {
    + member 1 {
    + mastership-priority 255;
    + }
    + member 4 {
    + mastership-priority 255;
    +
  13. Commit the configuration with synchronize option to commit it to all members.
    [edit]
    root@Narang# commit synchronize
    fpc4:
    configuration check succeeds
    fpc0:
    commit complete
    fpc1:
    commit complete
    fpc2:
    commit complete
    fpc3:
    commit complete
    fpc4:
    commit complete

    [edit]

    root@Narang#

    root@Narang% cli


  14. Now you should be back in a normal state with same configuration and new Password.
    root@Narang> show virtual-chassis status

    Virtual Chassis ID: 0019.e255.ed40
    Mastership Neighbor List
    Member ID Status Serial No Model priority Role ID Interface
    0 (FPC 0) Prsnt BP0208138054 ex4200-48t 128 Linecard 1 vcp-0
    4 vcp-1
    1 (FPC 1) Prsnt BM0208163001 ex4200-24t 255 Master* 2 vcp-0
    0 vcp-1
    2 (FPC 2) Prsnt BN0208151217 ex4200-24p 128 Linecard 3 vcp-0
    1 vcp-1
    3 (FPC 3) Prsnt BR0208233848 ex4200-24f 128 Linecard 4 vcp-0
    2 vcp-1
    4 (FPC 4) Prsnt BQ0208138245 ex4200-48p 255 Backup 0 vcp-0
    3 vcp-1

    Member ID for next new member: 5 (FPC 5)
Related Links: