Previously Owned Juniper EX3300 Initial Setup

I decided to purchase a Juniper EX3300 switch because of its 4 x 10GB SFP+ ports, and some POE functionality. I was also looking for a switch that could be easily modified to be much quieter then the switch I had before (sounded like a jet plan was parked in the office). Here are a few things I put together to help with a previously owned Juniper EX3300 initial setup. It took me a while to find all the information I needed as I have never worked with a Juniper switch before. This information should make the initial setup process a lot easier.

Wipe

With a previously owned Juniper EX3300 Initial Setup, first thing you want to do is wipe the configuration from the previous owner.

1. Go to the screen and press the Menu button.
2. Keep pressing until you see Maintenance Menu
3. then press the enter button
4. now you want to press the menu button until you see Factory Default, then press Enter button twice
5. The unit will start to reset to factory settings.
6. Once its done go back to the Maintenance menu.
7. Now look for EZSetup, then press enter twice.
8. Plug your laptop into port zero once the display says to do so.
9. The units IP should be set to 192.168.1.1 and DHCP on the unit will assign an IP address to your laptop.
10. Open a browser and type the IP address of the switch (192.168.1.1)
11. Follow the wizard prompts. Set configuration as needed in your infrastructure. I left everything default and made adjustments later.
12. Reboot after making changes at least during setup, to make sure changes take affect.
13. Log back in to the switch to verify changes, and you’re done.

Major Management Ethernet Link Down Ignore

If you do not want to use the management port and you don’t want the red alert light in the front of the unit to stay on, you can just tell the unit to ignore the alert. Here’s how.

Connect to the unit using Putty or something similar.

• There is no password for the ROOT account from the factory
• ROOT@HOST-NAME:RE0% prompt, type CLI for Command Line Interface
• ROOT@HOST-NAME> prompt, type CONFIG to get into the configuration mode
• “Major Management Ethernet Link Down” alarm can be cleared with SET CHASSIS ALARM MANAGEMENT-ETHERNET LINK DOWN IGNORE and then typing in COMMIT .

Recovering System Booted From Backup JUNOS Image

I had trouble with another alert. The unit alerted me that it was booting from a backup. Not good. I would need to repair the primary image so that the unit could boot up correctly.

1. Problem

EX switches and SRX firewalls running Junos Release 10.4R3, or later, have added resiliency based on the “resilient dual-root partition”, which if the switch detects a corruption on the primary root file system, it boots from the alternate root partition.

When this occurs, you are notified in two ways: Alarm and Warning Banner

1.1. Alarm

The following alarm message is generated:

user@switch> show chassis alarms
1 alarms currently active
Alarm time Class Description
2011-02-17 05:48:49 PST Minor Host 0 Boot from backup root

1.2. Warning

***********************************************************************
**                                                                   **
**  WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE      **
**                                                                   **
**  It is possible that the primary copy of JUNOS failed to boot up  **
**  properly, and so this device has booted from the backup copy.    **
**                                                                   **
**  Please re-install JUNOS to recover the primary copy in case      **
**  it has been corrupted.                                           **
**                                                                   **
***********************************************************************

2. Cause & Solution

It is likely that the file system became corrupted due to a sudden power loss, or ungraceful shutdown of the system.

Repairing the primary partition when it is corrupted:

• When the primary partition detects a corrupt, the device boots from the backup partition; which then becomes the active partition. Remember that after every successive reboot, the system will try to reboot from the current active partition.
• You can repair the primary partition, without any downtime. No reboot is required after running the following commands.  However the Alarm and Banner will be displayed.

_{Note: As long as both of the partitions are healthy, there is no issue with running the switch on either of them. You only have to ensure that both the partitions are healthy, so that fail over can be done transparently between the two partitions, in case of any file corruption.}

2.1. Verification

To verify if the primary partition is rebuilt, run one of the following show commands. The same commands also inform about which partition is the current active partition.

show system storage partitions

Sample output:

root> show system storage partitions 
fpc0:
--------------------------------------------------------------------------
Boot Media: internal (da0)
Active Partition: da0s1a
Backup Partition: da0s2a <-- this is the backup slice 
Currently booted from: backup (da0s2a) <-- shows booted from that slice
Partitions information:
Partition Size Mountpoint
s1a 184M altroot 
s2a 184M / 
s3d 369M /var/tmp 
s3e 123M /var 
s4d 62M /config 
s4e unused (backup config)

3. Recovery Procedure

3.1. Copy JUNOS Image from Backup

Copy the Junos image from the backup partition to the primary partition, by using the following snapshot command:

For EX Switches:

request system snapshot media internal slice alternate

For SRX Routers:

request system snapshot slice alternate

You will see the following message as the media is copied over:

Formatting alternate root (/dev/da0s2a)...
Copying '/dev/da0s1a' to '/dev/da0s2a' .. (this may take a few minutes)
The following filesystems were archived: /

_{Note: This step ensures that you have consistent images on both the primary and backup partitions. This operation can take 5 to 10 minutes to complete.}

3.2. Verify Partitions

The above command ensures that the alternate partition is repaired, without requiring a reboot. You can verify both the partitions by using the following command:

show system snapshot media internal

This will show the time/date stamp for both partitions, which should show the current date/time on the (primary) partition which has been restored.  See sample output below:

For EX Switches:

root@ex> show system snapshot media internal
fpc0:
--------------------------------------------------------------------------
Information for snapshot on       internal (/dev/da0s1a) (backup)
Creation date: Dec 17 16:58:29 2015 <-- Displays current date/time of operation in step 3.1
JUNOS version on snapshot:
  jbase  : ex-12.3R11.2
  jkernel-ex-2200: 12.3R11.2
  jcrypto-ex: 12.3R11.2
  jdocs-ex: 12.3R11.2
  jswitch-ex: 12.3R11.2
  jpfe-ex22x: 12.3R11.2
  jroute-ex: 12.3R11.2
  jweb-ex: 12.3R11.2
  fips-mode-arm: 12.3R11.2
Information for snapshot on       internal (/dev/da0s2a) (primary)
Creation date: Dec 16 17:13:15 2015
JUNOS version on snapshot:
  jbase  : ex-12.3R11.2
  jkernel-ex-2200: 12.3R11.2
  jcrypto-ex: 12.3R11.2
  jdocs-ex: 12.3R11.2
  jswitch-ex: 12.3R11.2
  jpfe-ex22x: 12.3R11.2
  jroute-ex: 12.3R11.2
  jweb-ex: 12.3R11.2
  fips-mode-arm: 12.3R11.2

For SRX Routers:

root@srx> show system snapshot media internal
Information for snapshot on       internal (/dev/da0s1a) (primary)
Creation date: Jan 22 23:48:47 2016 <-- Displays current date/time of operation in step 3.1
JUNOS version on snapshot:
  junos  : 12.1X44-D15.5-domestic
Information for snapshot on       internal (/dev/da0s2a) (backup)
Creation date: Jan 1 06:08:27 2000
JUNOS version on snapshot:
  junos  : 12.1X44-D15.5-domestic

4. Reboot

In order to get rid of the alarm and ensure the partition has been repaired successfully, the system must be rebooted. There are 2 options to reboot given the environment the system is deployed in.

4.1. Reboot Now

If there is no risk to the network or customer, the system can be rebooted immediately. To get rid of the above alarm, use the following command to ensure that the switch boots from the primary partition:

For EX Switches:

request system reboot slice alternate media internal

For SRX Routers:

request system reboot

The system, after the above command is executed, will reboot from the primary partition. The alarm or the warning message will no longer be displayed.

4.2. Reboot Later

If the system needs to be rebooted after-hours, contact the customer and schedule the maintenance window. You may use the following command to schedule the reboot after X amount of minutes:

For EX Switches:

request system reboot slice alternate media internal in 480

For SRX Routers:

request system reboot in 480

Change the value after “in” to be the amount of minutes to reach the maintenance window scheduled with the customer.  In this scenario, the system would reboot in 8 hours from the time the command is issued (60 minutes x 8 hours = 480)

5. Verify

Once the system has rebooted, run the following commands to ensure the system has booted back to the primary partition by going back to Step 2.1.  Then run the following command to ensure the alarm is cleared:

show chassis alarms

You should no longer see the following alarm:

user@switch> show chassis alarms
1 alarms currently active
Alarm time Class Description
2011-02-17 05:48:49 PST Minor Host 0 Boot from backup root

Useful Information

• Reboot after every change at least during setup, to make sure changes take affect.