Netscreen防火墙如何忘记密码可以通过软/硬方式恢复到出厂配置默认账号密码,有一点比较讨厌就是,这个过程将删除netscreen防火墙的所有配置,cisco 交换机是可以在不删除配置文件的情况修改密码。可惜了。所以日常一定养成备份配置文件用于处理紧急事故。
用设备序列号恢复出厂设置
用console线连接到netscreen防火墙,然后输入设备序列号(serial number),serial number在设备背板面上。
login: 0162012009900812
password:
!!! Lost Password Reset !!! You have initiated a command to reset the device to factory defaults, clearing all current configuration and settings. Would you like to continue? y/[n]
Y
恢复出厂设置,将删除当前所有的配置,按“Y”
!! Reconfirm Lost Password Reset !! If you continue, the entire configuration of the device will be erased. In addition, a permanent counter will be incremented to signify that this device has been reset. This is your last chance to cancel this command. If you proceed, the device will return to factory default configuration, which is:
System IP: 192.168.1.1; username: netscreen, password: netscreen. Would you like to continue? y/[n] Y
恢复出厂设置,默认System IP: 192.168.1.1; username: netscreen, password: netscreen,按“Y”
In reset ...
Juniper Networks SSG5 Boot Loader Version 1.3.2 (Checksum: A1EAB858)
Copyright (c) 1997-2006 Juniper Networks, Inc.
Total physical memory: 128MB
Test - Pass
Initialization - Done
Hit any key to run loader
Hit any key to run loader
Hit any key to run loader
Hit any key to run loader
Loading default system image from on-board flash disk...
Done! (size = 15,171,584 bytes)
Image authenticated!
Start loading...
.................................................................
..........................................
Done.
Juniper Networks, Inc
SSG5/SSG20 System Software
Copyright, 1997-2008
Version 6.2.0r3.0
Load Manufacture Information ... Done
Initialize FBTL 0........ Done
Load NVRAM Information ... (6.2.0)Done
Install module init vectors
Install modules (01128800,0209f5c0) ...
PPP IP-POOL initiated, 256 pools
Initializing DI 1.1.0-ns
w3g_cfg_init
*********************************************************
System time: 22July2010:15:29:44
If this is the initial device startup,
use the "set clock" command to set the system clock.
*********************************************************
system init done..
login: System change state to Active(1)
现在可以用出厂默认账号密码(netscreen)登陆
login: netscreen
password:
ssg5-serial->
get interface 查询一下i接口信息,确定已经重置了
A - Active, I - Inactive, U - Up, D - Down, R - Ready
Interfaces in vsys Root:
Name
IP Address Zone MAC VLAN State VSD
serial0/0
0.0.0.0/0 Null N/A - D -
eth0/0
0.0.0.0/0 Untrust 0023.9c2a.1500 - D -
eth0/1
0.0.0.0/0 DMZ 0023.9c2a.1505 - D -
bgroup0 192.168.1.1/24 Trust 0023.9c2a.150b - D -
eth0/2
N/A N/A N/A - D -
eth0/3
N/A N/A N/A - D -
eth0/4
N/A N/A N/A - D -
eth0/5
N/A N/A N/A - D -
eth0/6
N/A N/A N/A - D -
bgroup1
0.0.0.0/0 Null 0023.9c2a.150c - D -
bgroup2
0.0.0.0/0 Null 0023.9c2a.150d - D -
bgroup3
0.0.0.0/0 Null 0023.9c2a.150e - D -
vlan1
0.0.0.0/0 VLAN 0023.9c2a.150f 1 D -
null
0.0.0.0/0 Null N/A - U 0
注意:在重置设备后,应该及时备份新的配置。这将使你在恢复系统口令的时候能迅速恢复以前的配置。
注意:设备恢复出厂设置功能是开放的。你可以在命令行下输入:unset admin device-reset关闭这个功能。
按设备reset键恢复出厂设置
Reset键在设备电源接头附近
首先按住用牙签按住reset 键4秒左右,显示以下信息
login:
Configuration Erasure Process has been initiated.
Waiting for 2nd confirmation.
直到电源灯闪烁绿色,再按住reset键2-3秒,显示以下信息
2nd push has been confirmed.
Configuration Erase sequence accepted, unit reset.
直到状态灯变成琥珀色长亮1.5秒,然后回到绿色闪烁状态,这个时候设备已经被重置到出厂设置状态了。
接着显示以下信息
Juniper Networks SSG5 Boot Loader Version 1.3.2 (Checksum: A1EAB858)
Copyright (c) 1997-2006 Juniper Networks, Inc.
Total physical memory: 128MB
Test - Pass
Initialization - Done
Hit any key to run loader
Hit any key to run loader
。。。。。。。。。。。。。省略
总结,
完全以上步骤还是需要点小技巧的。
附件:http://down.51cto.com/data/2356367
本文转自viong 51CTO博客,原文链接:http://blog.51cto.com/viong/355231,如需转载请自行联系原作者
