読者です 読者をやめる 読者になる 読者になる

labunix's blog

labunixのラボUnix

2台目のSSG5をシリアル接続で遊ぶ

2台目のSSG5をシリアル接続で遊ぶ

 「bgroup0にIP設定したら、Webでつなげれば良いのでは?」と
 思った人はそうした方が良いです。

 今日のメニュー。

 ※初期化作業があるので、オモチャ用です。

 3種類のバージョン、S/N情報を収集
 Debian Wheezyにatftpdサーバを構築
 工場出荷状態までリセット
 SSG5のbgroup0のデフォルトIPを変更
 「config」をシリアルコンソール上に流して取得
 「config」の保存(flash -> tftp server)
 「config」の初期化
 「config」のリストアと再起動(tftp -> flash)
 tftpでDebian Wheezyにsoftwareの保存(flash -> tftp server)

 ※tftpからのアップデートがあるので、文鎮になっても良いオモチャ用です。

 BOOT LOADER
 ScreenOS
 imagekey.cer

■SSG5の設定やバックアップ等はWebコンソールで簡単に設定出来ます。
 通常は下記のマニュアルで充分です。

 はじめてのSSG5
 http://www.juniper.net/jp/jp/local/pdf/others/fsssg5-jp.pdf

 SSG5 マニュアル
 http://www.juniper.net/support/downloads/?p=ssg5#docs

 NetScreen/SSGの設定
 http://www.viva-netscreen.net/

■3種類のバージョン、S/N情報を収集。

 Boot Loader Version ,1.3.2
 ScreenOS Version   , 5.4.0.1.0.0.0.0
 Slot 0 S/N          , XXXXXXXXXXXXXXXX

Juniper Networks SSG5-ISDN Boot Loader Version 1.3.2 (Checksum: XXXXXXXX)
Copyright (c) 1997-2006 Juniper Networks, Inc.
...

login:netscreen
Password:
ssg5-isdn->
ssg5-isdn-> get system version | include version
Version: 5.4.0.1.0.0.0.0
DM Version: 1
ssg5-isdn-> 
sg5-isdn-> get chassis 
Slot      Name                              S/N                   HW Rev    Status  
 0        Built-in: 7-10/100 ports          XXXXXXXXXXXXXXXX      0710      Online
sg5-isdn-> get envar 
last_reset=2008-05-15 14:35:04 by netscreen
default_image=screenos_image

■Debian Wheezyにatftpdサーバを構築。

$ sudo apt-get install -y atftpd tftp
$ sed s/" \-"/"\n&"/g /etc/default/atftpd
USE_INETD=true
OPTIONS="--tftpd-timeout 300
 --retry-timeout 5
 --mcast-port 1758
 --mcast-addr 239.239.239.0-255
 --mcast-ttl 1
 --maxthread 100
 --verbose=5 /srv/tftp"
$ netstat -an | grep :69
udp        0      0 0.0.0.0:69              0.0.0.0:*
$ ls /srv/tftp/
$ tftp localhost
tftp> status
Connected to localhost.
Mode: netascii Verbose: off Tracing: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp> quit

■工場出荷状態までリセット。
 「get chassis」で調べたマザーボードのS/Nを使ってAsset Recovery

ssg5-isdn-> exit
Configuration modified, save? [y]/n n
login: XXXXXXXXXXXXXXXX
password: 
!!! Lost Password Reset !!! You have initiated a command to reset the device to 
factory defaults, clearing all current configuration and settings. Would you lik
e to continue?  y/[n] y

!! Reconfirm Lost Password Reset !! If you continue, the entire configuration of
 the device will be erased. In addition, a permanent counter will be incremented
 to signify that this device has been reset. This is your last chance to cancel 
this command. If you proceed, the device will return to factory default configur
ation, which is: System IP: 192.168.1.1; username: netscreen, password: netscree
n. Would you like to continue?  y/[n] y
In reset ...

■工場出荷状態リセット時に「Hit any key to run loader」を押した場合

Juniper Networks SSG5-ISDN Boot Loader Version 1.3.2 (Checksum: XXXXXXXX)
Copyright (c) 1997-2006 Juniper Networks, Inc.

Total physical memory: 256MB
    Test - Pass
    Initialization - Done

Hit any key to run loader
Hit any key to run loader

Serial Number [XXXXXXXXXXXXXXXX]: READ ONLY
HW Version Number [0710]: READ ONLY
Self MAC Address [XXXX-XXXX-XXXX]: READ ONLY
Boot File Name [screenos_image]: flash:/$NSBOOT$.BIN
Loading system image "/$NSBOOT$.BIN" from on-board flash disk...
Done! (size = 11,485,184 bytes)

■SSG5のbgroup0のデフォルトIPを変更

ssg5-isdn-> get config | include 192
set interface bgroup0 ip 192.168.1.1/24
set interface bgroup0 dhcp server option gateway 192.168.1.1 
set interface bgroup0 dhcp server ip 192.168.1.33 to 192.168.1.126 
ssg5-isdn-> get config | include manage
set interface bgroup0 ip manageable
ssg5-isdn-> 
ssg5-isdn-> unset interface bgroup0 dhcp server option gateway
ssg5-isdn-> unset interface bgroup0 dhcp server ip all
ssg5-isdn-> unset interface bgroup0 dhcp server service
ssg5-isdn-> set interface bgroup0 ip 172.16.16.201/24
ssg5-isdn-> get config | include 192
ssg5-isdn->
ssg5-isdn-> get config | include dhcp                  
ssg5-isdn-> 
ssg5-isdn-> get config | include 172
set interface bgroup0 ip 172.16.16.201/32
ssg5-isdn-> 
ssg5-isdn-> get interface | include " U "
A - Active, I - Inactive, U - Up, D - Down, R - Ready 
bgroup0        172.16.16.201/32   Trust       001b.c0cc.4b8b    -   U   -  
  eth0/6       N/A                N/A         N/A               -   U   -
null           0.0.0.0/0          Null        N/A               -   U   0  
ssg5-isdn-> 
ssg5-isdn-> ping 172.16.16.201 from bgroup0
Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 172.16.16.201, timeout is 1 seconds 
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=2/2/4 ms
ssg5-isdn-> 
ssg5-isdn-> set vrouter trust-vr route 0.0.0.0/0 interface bgroup0 gateway 172.16.16.200
ssg5-isdn-> 
ssg5-isdn-> ping 172.16.16.200
Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 172.16.16.200, timeout is 1 seconds 
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=2/7/25 ms
ssg5-isdn-> 
ssg5-isdn-> save 
Save System Configuration  ... 
Done
ssg5-isdn-> 

■「config」をシリアルコンソール上に流して取得
 flash -> script log
 Ciscoの「terminal length 0」相当のコマンドと実行
 「script」のログに流し込み用の設定のバックアップが出来る。
 「set console page 0」は設定として残るので、unsetしておく。

# script log
# screen /dev/ttyS0
ssg5-isdn-> set console page 0
ssg5-isdn-> get config | include console
set console page 0
ssg5-isdn-> get config
...
ssg5-isdn-> unset console page
ssg5-isdn-> get config | include console
ssg5-isdn-> 
[Ctrl]+[A]+[K]

■「config」の保存
 flash -> tftp server

ssg5-isdn-> save config from flash to tftp 172.16.16.200 backup.cfg
Read config from flash.
 System config (992 bytes) loaded
.
Done.
Save configurations (3212 bytes) to backup.cfg on TFTP server 172.16.16.200.
!!!!!!!!!!!!!!!!
tftp transferred records = 7
tftp success!

TFTP Succeeded
ssg5-isdn-> 

■「config」の初期化
 bgroup0の設定も削除される。

ssg5-isdn-> unset all
Erase all system config, are you sure y/[n] ? y

, errno=2
, errno=2
ssg5-isdn-> 
ssg5-isdn-> reset
Configuration modified, save? [y]/n n
System reset, are you sure? y/[n] y
In reset ...

ssg5-isdn-> get config | include 192
set interface bgroup0 ip 192.168.1.1/24
set interface bgroup0 dhcp server option gateway 192.168.1.1
set interface bgroup0 dhcp server ip 192.168.1.33 to 192.168.1.126

■「config」のリストアと再起動
 tftp -> flash

ssg5-isdn-> save config from tftp 172.16.16.200 backup.cfg
Load config from 172.16.16.200/backup.cfg .
!!!!!!!!!!!!!!!
tftp received octets = 3404
tftp success!

TFTP Succeeded
Save config ...  Done
ssg5-isdn-> 
ssg5-isdn-> reset
Configuration modified, save? [y]/n y
Save System Configuration  ... 
Done
System reset, are you sure? y/[n] y
In reset ...

ssg5-isdn-> ping 172.16.16.200
Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 172.16.16.200, timeout is 1 seconds 
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=1/1/2 ms
ssg5-isdn-> 

■SSG5の通常起動時の動作を確認
 「Hit any key to run loader」のタイムアウトでデフォルト起動。

Juniper Networks SSG5-ISDN Boot Loader Version 1.3.2 (Checksum: XXXXXXXX)
Copyright (c) 1997-2006 Juniper Networks, Inc.

Total physical memory: 256MB
    Test - Pass
    Initialization - Done

Hit any key to run loader
Hit any key to run loader
Hit any key to run loader
Hit any key to run loader

Loading default system image from on-board flash disk...
Done! (size = 11,485,184 bytes)

Ignore image authentication!

Start loading...

■softwareとは、ScreenOSである「flash:/$NSBOOT$.bin」のこと。

ssg5-isdn-> debug file all
ssg5-isdn-> get file
    flash:/crashdump.dmp                16384
    flash:/burnin_log1                  20480
    flash:/burnin_log0                  20480
    flash:/prngseed.bin                    32
    flash:/envar.rec                       74
    flash:/ns_sys_config                  989
    flash:/dhcpservl.txt                    8
    flash:/cli-log                      49952
    flash:/dnstb.rec                      126
ssg5-isdn-> get dbuf stream | include bin
## 2014-04-29 23:02:26 : openning file ent 020d1f60 name flash:/$NSBOOT$.BIN fflag=0x0
## 2014-04-29 23:02:26 : File flash:/$NSBOOT$.BIN open successfully: id 4, size 11485184, task id 26
## 2014-04-29 23:02:26 : closing file ent 020d1f60 id 4 name flash:/$NSBOOT$.BIN
## 2014-04-29 23:02:26 : openning file ent 020d1f60 name flash:/prngseed.bin fflag=0x0
## 2014-04-29 23:02:26 : File flash:/prngseed.bin open successfully: id 4, size 32, task id 26
## 2014-04-29 23:02:26 : closing file ent 020d1f60 id 4 name flash:/prngseed.bin
ssg5-isdn-> 
ssg5-isdn-> get dbuf info 
count: 3715, last index: 3715, cur index: 0, size: 32768
start: 0, pause: 0
ssg5-isdn-> clear dbuf
ssg5-isdn-> get dbuf info   
count: 3715, last index: 3715, cur index: 0, size: 32768
start: 0, pause: 0
ssg5-isdn-> clear dbuf
ssg5-isdn-> get dbuf info   
count: 0, last index: 0, cur index: 0, size: 32768
start: 0, pause: 0
ssg5-isdn-> get file flash:/$NSBOOT$.BIN
    flash:/$NSBOOT$.BIN       11485184
file is hidden
sg5-isdn->  get dbuf stream | include bin
## 2014-04-30 02:55:16 : openning file ent 020d1f60 name flash:/$NSBOOT$.BIN fflag=0x0
## 2014-04-30 02:55:16 : File flash:/$NSBOOT$.BIN open successfully: id 3, size 11485184, task id 26
## 2014-04-30 02:55:16 : closing file ent 020d1f60 id 3 name flash:/$NSBOOT$.BIN
ssg5-isdn-> 

■tftpでDebian Wheezyにsoftwareの保存
 flash -> tftp server

ssg5-isdn-> get system | include software
Software Version: 5.4.0r6.0, Type: Firewall+VPN
ssg5-isdn-> 
ssg5-isdn-> save software from flash to tftp  172.16.16.200 ssg5ssg20.5.4.0r6.0.run
Load image from flash.
Save software to TFTP 172.16.16.200 (file: ssg5ssg20.5.4.0r6.0.run). It may take a few minutes ...
Type escape sequence to abort
!!!!!!!!!!!!!!!!!!!
tftp transferred records = 22433
tftp success!
TFTP Succeeded
ssg5-isdn-> 

■BOOT LOADRとimagekey.cerのtftpへの保存方法は不明。
 隠しファイルとしてflashにあるだけなので、ここから先は要注意

 BOOT LOADER OK ... Boot Loader Version: 1.3.3
 BOOT LOADER NG ... Boot Loader Version: 1.3.2

 ScreenOS OK    ... 6.3.0r6.0
 ScreenOS NG    ... 5.4.0r6.0

 imagekey OK   ... Image authenticated!
 imagekey NG   ... Ignore image authentication

■tftpサーバにBOOT LOADERを展開

# unzip Loadssg5ssg20v133.d.zip 
Archive:  Loadssg5ssg20v133.d.zip
  inflating: Loadssg5ssg20v133.d     
# chown -R nobody:nogroup *
# ls -l Loadssg5ssg20v133.d
-rw-r--r-- 1 nobody nogroup 408395  94  2009 Loadssg5ssg20v133.d

# strings Loadssg5ssg20v133.d  | grep BOOT
    *               SSG5/SSG20 BOOT LOADER UPDATE UTILITY            *
    *        *** DON'T POWER OFF DURING BOOT LOADER UPDATE ***       *
$NSBOOT$BIN
■既存のBOOT LOADERを削除後にアップデートされるので要注意
 作業中は電源を切らないこと。

sg5-isdn-> reset
System reset, are you sure? y/[n] y
In reset ...

Boot File Name [screenos_image]:Loadssg5ssg20v133.d

Loaded Successfully! (size = 408,395 bytes)

Ignore image authentication!

Save to on-board flash disk? (y/[n]/m) Yes!

Please input multiple system image file name [loadssg5.d]:
Saving system image to on-board flash disk...
Done! (size = 408,395 bytes)
Run downloaded system image? ([y]/n) Yes!

    ******************************************************************
    *                                                                *
    *               SSG5/SSG20 BOOT LOADER UPDATE UTILITY            *
    *         ==============================================         *
    *               (c)1997-2006 Juniper Networks, Inc.              *
    *                      All Rights Reserved                       *
    *                                                                *
    *         ----------------------------------------------         *
    *         Boot Loader Version: 1.3.3                             *
    *         Date               : 05/26/2006                        *
    *                                                                *
    *         !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!         *
    *         !                                            !         *
    *         ! Please don't power off during update.      !         *
    *         ! Otherwise, the system can not boot again.  !         *
    *         !                                            !         *
    *         !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!         *
    *                                                                *
    *        *** DON'T POWER OFF DURING BOOT LOADER UPDATE ***       *
    *        *** DON'T POWER OFF DURING BOOT LOADER UPDATE ***       *
    *        *** DON'T POWER OFF DURING BOOT LOADER UPDATE ***       *
    *                                                                *
    ******************************************************************
Check on-board Boot Loader... Update needed!

Are you sure you want to update Boot Loader? (y/n) 
Read product information of on-board boot flash device:
    Manufacturer ID      = 1f
    Device ID            = 13
    Additional Device ID = 10

Boot flash device is XXXXXXXX

Erase on-board boot flash device.......... Done

Update Boot Loader.....................................................
Done

Verify Boot Loader... Done

Boot Loader has been updated successfully!

Please hit any key to reboot the system...

Juniper Networks SSG5-ISDN Boot Loader Version 1.3.3 (Checksum: XXXXXXXX)
Copyright (c) 1997-2006 Juniper Networks, Inc.

ssg5-isdn-> debug file all
ssg5-isdn->  get file
    flash:/crashdump.dmp                16384
    flash:/burnin_log1                  20480
    flash:/burnin_log0                  20480
    flash:/prngseed.bin                    32
    flash:/envar.rec                       74
    flash:/ns_sys_config                  947
    flash:/dhcpservl.txt                    0
    flash:/cli-log                      49952
    flash:/dnstb.rec                       83
ssg5-isdn->  get dbuf stream | include Load
## 2014-04-30 04:03:10 : openning file ent 020d1f60 name flash:/LOADSSG5.D fflag=0x0
## 2014-04-30 04:03:10 : File flash:/LOADSSG5.D open successfully: id 4, size 408395, task id 26
## 2014-04-30 04:03:10 : closing file ent 020d1f60 id 4 name flash:/LOADSSG5.D
ssg5-isdn-> get file flash:/LOADSSG5.D
    flash:/LOADSSG5.D         408395
file is hidden

■ScreenOSをtftpサーバに配置

$ cd /srv/tftp
$ unzip ssg5ssg20.6.3.0r6.0.zip 
Archive:  ssg5ssg20.6.3.0r6.0.zip
  inflating: ssg5ssg20.6.3.0r6.0     
$ sudo chown -R nobody:nogroup ssg5ssg20.6.3.0r6.0

■ScreenOSのアップグレード
 tftp -> flash

ssg5-isdn-> reset
System reset, are you sure? y/[n] y
In reset ...

Boot File Name [Loadssg5ssg20v133.d]: ssg5ssg20.6.3.0r6.0

atatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatata

Loaded Successfully! (size = 13,295,019 bytes)

Ignore image authentiggcation!

Save to on-board flash disk? (y/[n]/m) Yes!

Please input multiple system image file name [ssg5ssg2.0]:

Saving system image to on-board flash disk...
Done! (size = 13,295,019 bytes)

Run downloaded system image? ([y]/n) Yes!
sg5-isdn-> debug file all
ssg5-isdn-> get file
    flash:/crashdump.dmp                32768
    flash:/burnin_log1                  20480
    flash:/burnin_log0                  20480
    flash:/prngseed.bin                    32
    flash:/envar.rec                       85
    flash:/ns_sys_config                  947
    flash:/dhcpservl.txt                    0
    flash:/cli-log                      49952
    flash:/dnstb.rec                       83
    flash:/pkidatabase.digest              20
sg5-isdn-> get dbuf stream | include ssg5ssg2.0
## 2014-04-30 04:17:08 : openning file ent 029b28c0 name flash:/SSG5SSG2.0 fflag=0x0
## 2014-04-30 04:17:08 : File flash:/SSG5SSG2.0 open successfully: id 4, size 13295019, task id 26
## 2014-04-30 04:17:08 : closing file ent 029b28c0 id 4 name flash:/SSG5SSG2.0
ssg5-isdn-> get system version
Encoding: 1
Version: 6.3.0.1.0.0.0.0
DM Version: 1
ssg5-isdn-> 

■「Ignore image authentiggcation!」は証明書の更新が必要なので、
 tftpサーバに展開。PDFのmd5と一致することを確認

$ unzip image_key.zip 
Archive:  image_key.zip
  inflating: imagekey.cer            
  inflating: image_key_readme.pdf    

$ md5sum imagekey.cer 
ccfcd027e20c9cc38b5d8dac17c7199f  imagekey.cer

■証明書のアップデート
 tftp -> flash

ssg5-isdn-> save image-key tftp 172.16.16.200 imagekey.cer
Load file  from TFTP 172.16.16.200 (file: imagekey.cer).
!!!!!
tftp received octets = 865
tftp success!
Done

TFTP Succeeded
ssg5-isdn-> 
ssg5-isdn-> exec pki test skey
exec pki test <skey>.
Flash base = 0x51000000, Flash end = 0x0, sector size= 0x4000

KEY1  N/A len =432
 308201ac02010002818100fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b651     magic1 = f7e9294b magic2=0
 
KEY2  N/A len =432
 308201ac02010002818100fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b651     magic1 = f7e9294b magic2=0
 
KEY3  N/A len =432
 308201ac02010002818100fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b651     magic1 = f7e9294b magic2=0
 ssg5-isdn-> 

■flashから何も考えずに新しいBOOT LOADERとScreenで起動することを確認

ssg5-isdn-> reset
System reset, are you sure? y/[n] y
In reset ...

Loading default system image from on-board flash disk...
Done! (size = 13,295,019 bytes)

■「Unsupported command」のような旧バージョンにしかない設定をリセット

Unsupported command - set zone "VLAN" block 

ssg5-isdn-> unset all
Erase all system config, are you sure y/[n] ? y
ssg5-isdn-> reset
Configuration modified, save? [y]/n n
System reset, are you sure? y/[n] y
In reset ...

ssg5-isdn-> get config | include VLAN
set zone "VLAN" vrouter "trust-vr"
unset zone "VLAN" tcp-rst 
unset interface vlan1 ip
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip

# grep -i vlan backup_config 
set zone "VLAN" vrouter "trust-vr"
set zone "VLAN" block 
unset zone "VLAN" tcp-rst 
unset interface vlan1 ip
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip

■この状態で工場出荷時にリセットしても以下となる。

 Boot Loader Version 1.3.3
 Image authenticated!
 Version 6.3.0r6.0