Switching

 View Only
last person joined: 12 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  Lost access to JWeb

    Posted 09-27-2021 18:40
    Edited by emacdermid 09-27-2021 19:33
    Hello, this is my 1st post.  I'm new to Juniper, but have Cisco experience.  I have several spare ex2300-C that I'm trying to put into service.  One was at a JunOS v20.x, and I saw there was v21.3.x was available, so I downloaded the .tgz and used JWeb to initiate a local copy update.  The switch never returned to JWeb and I have never gained access since that failed update. 

    • I have now twice performed a USB install of v21.3 R1, the latest time this afternoon.  I saw the install add "jweb ex"
    • I then manually added "jweb ex app" - request system software add /var/tmp/jweb-ex-app-common-21.3A1.1.tgz
    • I can SSH to the management interface, and I WinSCP'd the JWeb Application "jweb-ex-app-common-21.3A1.1.tgz" to the management interface, but I cannot get access through JWeb. 
    • I have been through many, many iterations of HTTP & HTTPS configs
    • I have restarted web-management, rebooted multiple times, tried multiple browsers, restarted my browsers, etc.   
    • FF and Edge both report "the connection was reset".   
    • There is no firewall between me and the ex2300 - we are both connected to the same Cisco switch - but it is acting like there is a JunOS or base OS firewall rule blocking connections.   
    • The management interface is the only interface connected to the network.
    • I understand that HTTP is not secure, but at this point I just want to gain access and I will make is secure later. 

    My config and some other commands output are below.  Any help appreciated.

    {master:0}
    root> request system software add /var/tmp/jweb-ex-app-common-21.3A1.1.tgz
    Verified jweb-ex-app-common-21.3A1.1 signed by PackageProductionECP256_2021 method ECDSA256+SHA256
    Installing jweb-ex-app package..
    Mounting jweb-ex-app..
    usage: kill [-s signal_name] pid ...
    kill -l [exit_status]
    kill -signal_name pid ...
    kill -signal_number pid ...
    Successfully installed jweb-ex-app.

    {master:0}
    root> restart web-management
    Web management gatekeeper process started, pid 19131

    {master:0}

    root@gmf-sw-foremen-trailer> show version
    fpc0:
    --------------------------------------------------------------------------
    Hostname: gmf-sw-foremen-trailer
    Model: ex2300-c-12p
    Junos: 21.3R1.9
    JUNOS OS Kernel 32-bit [20210828.6e5b1bf_builder_stable_12_213]
    JUNOS OS libs [20210828.6e5b1bf_builder_stable_12_213]
    JUNOS OS runtime [20210828.6e5b1bf_builder_stable_12_213]
    JUNOS OS time zone information [20210828.6e5b1bf_builder_stable_12_213]
    JUNOS py extensions [20210915.190147_builder_junos_213_r1]
    JUNOS py base [20210915.190147_builder_junos_213_r1]
    JUNOS OS crypto [20210828.6e5b1bf_builder_stable_12_213]
    JUNOS OS boot-ve files [20210828.6e5b1bf_builder_stable_12_213]
    JUNOS network stack and utilities [20210915.190147_builder_junos_213_r1]
    JUNOS libs [20210915.190147_builder_junos_213_r1]
    JUNOS runtime [20210915.190147_builder_junos_213_r1]
    JUNOS na telemetry [21.3R1.9]
    JUNOS Web Management Platform Package [20210915.190147_builder_junos_213_r1]
    JUNOS Web Management Application package [21.3A1.1]
    JUNOS ex runtime [20210915.190147_builder_junos_213_r1]
    JUNOS Routing aggregated [20210915.190147_builder_junos_213_r1]
    JUNOS probe utility [20210915.190147_builder_junos_213_r1]
    JUNOS ex platform support [20210915.190147_builder_junos_213_r1]
    JUNOS Openconfig [21.3R1.9]
    JUNOS dcp network modules [20210915.190147_builder_junos_213_r1]
    JUNOS modules [20210915.190147_builder_junos_213_r1]
    JUNOS ex modules [20210915.190147_builder_junos_213_r1]
    JUNOS ex libs [20210915.190147_builder_junos_213_r1]
    JUNOS ex Data Plane Crypto Support [20210915.190147_builder_junos_213_r1]
    JUNOS daemons [20210915.190147_builder_junos_213_r1]
    JUNOS SDN Software Suite [20210915.190147_builder_junos_213_r1]
    JUNOS Extension Toolkit [20210915.190147_builder_junos_213_r1]
    JUNOS Phone-home [20210915.190147_builder_junos_213_r1]
    JUNOS Packet Forwarding Engine Support (EX34XX) [20210915.190147_builder_junos_213_r1]
    JUNOS jdocs ex [20210915.190147_builder_junos_213_r1]
    JUNOS jail runtime [20210828.6e5b1bf_builder_stable_12_213]
    JUNOS FIPS mode utilities [20210915.190147_builder_junos_213_r1]
    JUNOS dsa dsa [21.3R1.9]

    {master:0}
    root@gmf-sw-foremen-trailer> show system software
    fpc0:
    --------------------------------------------------------------------------
    dsa-arm-32-21.3R1.9 -- dsa
    fips-mode-arm-32-20210915.190147_builder_junos_213_r1 -- fips mode
    jail-runtime-arm-32-20210828.6e5b1bf_builder_stable_12_213 -- jail runtime
    jdocs-ex-arm-32-20210915.190147_builder_junos_213_r1 -- jdocs ex
    jpfe-EX34XX-arm-32-20210915.190147_builder_junos_213_r1 -- jpfe EX34XX
    jphone-home-arm-32-20210915.190147_builder_junos_213_r1 -- jphone home
    jsd-arm-32-21.3R1.9-jet-1 -- jsd jet 1
    jsdn-arm-32-21.3R1.9 -- jsdn
    junos-daemons-arm-32-20210915.190147_builder_junos_213_r1 -- junos daemons
    junos-dp-crypto-support-ex-arm-32-20210915.190147_builder_junos_213_r1 -- junos dp crypto support ex
    junos-libs-arm-32-20210915.190147_builder_junos_213_r1 -- junos libs
    junos-libs-ex-arm-32-20210915.190147_builder_junos_213_r1 -- junos libs ex
    junos-modules-arm-32-20210915.190147_builder_junos_213_r1 -- junos modules
    junos-modules-ex-arm-32-20210915.190147_builder_junos_213_r1 -- junos modules ex
    junos-net-dcp-prd-arm-32-20210915.190147_builder_junos_213_r1 -- junos net dcp prd
    junos-openconfig-arm-32-21.3R1.9 -- junos openconfig
    junos-platform-ex-arm-32-20210915.190147_builder_junos_213_r1 -- junos platform ex
    junos-probe-arm-32-20210915.190147_builder_junos_213_r1 -- junos probe
    junos-routing-aggregated-arm-32-20210915.190147_builder_junos_213_r1 -- junos routing aggregated
    junos-runtime-arm-32-20210915.190147_builder_junos_213_r1 -- junos runtime
    junos-runtime-ex-arm-32-20210915.190147_builder_junos_213_r1 -- junos runtime ex
    jweb-ex-arm-32-20210915.190147_builder_junos_213_r1 -- jweb ex
    jweb-ex-app-common-21.3A1.1 -- jweb ex app
    na-telemetry-arm-32-21.3R1.9 -- na telemetry
    junos-net-prd-arm-32-20210915.190147_builder_junos_213_r1 -- junos net prd
    Verified os-boot-junos-ve-arm-32-20210828 signed by PackageProductionECP256_2021 method ECDSA256+SHA256
    os-boot-junos-ve-arm-32-20210828.6e5b1bf_builder_stable_12_213 -- os boot junos ve
    os-crypto-arm-32-20210828.6e5b1bf_builder_stable_12_213 -- os crypto
    os-kernel-prd-arm-32-20210828.6e5b1bf_builder_stable_12_213 -- os kernel prd
    os-libs-12-arm-32-20210828.6e5b1bf_builder_stable_12_213 -- os libs
    os-runtime-arm-32-20210828.6e5b1bf_builder_stable_12_213 -- os runtime
    py-base-arm-32-20210915.190147_builder_junos_213_r1 -- py base
    py-extensions-arm-32-20210915.190147_builder_junos_213_r1 -- py extensions
    os-zoneinfo-20210828.6e5b1bf_builder_stable_12_213 -- os zoneinfo

    {master:0}

    root@gmf-sw-foremen-trailer> show configuration
    ## Last commit: 2021-09-27 21:29:54 UTC by root
    version 21.3R1.9;
    system {
    host-name gmf-sw-foremen-trailer;
    root-authentication {
    encrypted-password "<redacted>"; ## SECRET-DATA
    }
    services {
    ssh {
    root-login allow;
    }
    netconf {
    ssh;
    rfc-compliant;
    yang-compliant;
    }
    web-management {
    http {
    interface all;
    }
    }
    }
    auto-snapshot;
    syslog {
    file interactive-commands {
    interactive-commands any;
    }
    file messages {
    any notice;
    authorization info;
    }
    }
    processes {
    dhcp-service {
    traceoptions {
    file dhcp_logfile size 10m;
    level all;
    flag packet;
    }
    }
    }
    phone-home {
    server https://redirect.juniper.net;
    rfc-compliant;
    }
    }
    chassis {
    redundancy {
    graceful-switchover;
    }
    }
    interfaces {
    ge-0/0/0 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/1 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/2 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/3 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/4 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/5 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/6 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/7 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/8 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/9 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/10 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/11 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/1/0 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    xe-0/1/0 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/1/1 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    xe-0/1/1 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    irb {
    unit 0 {
    family inet {
    dhcp {
    vendor-id Juniper-ex2300-c-12p-HV0218360213;
    }
    }
    family inet6 {
    dhcpv6-client {
    client-type stateful;
    client-ia-type ia-na;
    client-identifier duid-type duid-ll;
    vendor-id Juniper:ex2300-c-12p:HV0218360213;
    }
    }
    }
    }
    vme {
    unit 0 {
    family inet {
    dhcp {
    vendor-id Juniper-ex2300-c-12p-HV0218360213;
    }
    }
    family inet6 {
    dhcpv6-client {
    client-type stateful;
    client-ia-type ia-na;
    client-identifier duid-type duid-ll;
    vendor-id Juniper:ex2300-c-12p:HV<redacted>13;
    }
    }
    }
    }
    }
    forwarding-options {
    storm-control-profiles default {
    all;
    }
    }
    protocols {
    router-advertisement {
    interface vme.0;
    interface irb.0;
    }
    lldp {
    interface all;
    }
    lldp-med {
    interface all;
    }
    igmp-snooping {
    vlan default;
    }
    rstp {
    interface ge-0/0/0;
    interface ge-0/0/1;
    interface ge-0/0/2;
    interface ge-0/0/3;
    interface ge-0/0/4;
    interface ge-0/0/5;
    interface ge-0/0/6;
    interface ge-0/0/7;
    interface ge-0/0/8;
    interface ge-0/0/9;
    interface ge-0/0/10;
    interface ge-0/0/11;
    interface ge-0/1/0;
    interface xe-0/1/0;
    interface ge-0/1/1;
    interface xe-0/1/1;
    }
    }
    poe {
    interface all;
    }
    vlans {
    default {
    vlan-id 1;
    l3-interface irb.0;
    }
    }

    {master:0}
    root@gmf-sw-foremen-trailer>



    ------------------------------
    TIM MADDEN
    ------------------------------


  • 2.  RE: Lost access to JWeb

    Posted 10-04-2021 09:07
    Hi Tim,

    Can you check the system storage status (show system storage or df -h on shell) ?
    You can check if the process start in log messages (show log messages | match (web|http).

    I'm facing an issue which looks close. 
    I identified two points :
    In Factory default configuration, the phone-home feature block the web management access. 
    -> delete system phone-home 

    When i add the web package, the storage is more than full on "/".
    Two situation 
    First : the system say not enough space, you can try a zerois but it doesn't work at each time - or you can try a reinstall from USB/TFTP. 
    Second : you can add the package but storage on "/" display something like 102%. 
    Web management seems to work, you get the login screen but as soon you'r logged.. "your session is expired, click ok..."

    I'm on an EX4300, a Lille bit different from yours. 
    I finaly rollback to 20.2.. 

    Regards 
    Théo


    ------------------------------
    THEO QUENNEHEN
    ------------------------------



  • 3.  RE: Lost access to JWeb

    Posted 10-04-2021 09:07
    Hi Tim,

    Do you try to delete the phone-home section in your configuration ?
    - delete system phone-home 

    You can check if the http process is started ou find some logs which shown that it try but exit on error(1)
    - show log messages | match web

    From my side, I see around five try to start the web process before stop trying - all exited. 
    After deleted the phone-home section, if the jweb don't start at commit, restart the web management.

    Also, you should check the storage status, I get some trouble on too. The "/" section was at 102%.

    Let me know if it works ;)

    Regards,
    Théo





    ------------------------------
    THEO QUENNEHEN
    ------------------------------



  • 4.  RE: Lost access to JWeb

    Posted 10-07-2021 13:27
    Theo

    Executive Summary:  Your suggestions got me back into JWeb - Thank you very much!

    Details:    As soon as I deleted phone-home, committed and restarted web-management, JWeb started working.  This worked for both switches on hand, one at JunOS 21.3R1.9 and the other at JunOS 20.2R1.10.  (Commands below for future reference).

    Follow-up question:  Do you know why this works?

    ---------------------------------------------------------------------------------------------------------------
    {master:0}
    root@gmf-sw-foremen-trailer> show log messages | match web
    <no output>

    root@gmf-sw-foremen-trailer> configure
    Entering configuration mode

    {master:0}[edit]

    root@gmf-sw-foremen-trailer# delete system phone-home

    {master:0}[edit]
    root@gmf-sw-foremen-trailer# commit
    configuration check succeeds
    commit complete

    {master:0}[edit]
    root@gmf-sw-foremen-trailer# exit
    Exiting configuration mode

    {master:0}
    root@gmf-sw-foremen-trailer> restart web-management
    Web management gatekeeper process started, pid 7903

    {master:0}
    root@gmf-sw-foremen-trailer> show log messages | match web
    Oct 6 15:59:00 gmf-sw-foremen-trailer phone-home[7314]: PHCD_TRACE: [CONFIG] phcd_platform_tvp_data_init: support ph_led:0 jweb:0 att:0 ph_supports_vc:0
    Oct 6 16:01:16 gmf-sw-foremen-trailer mgd[7188]: UI_RESTART_EVENT: User 'root' restarting daemon 'Web management gatekeeper process'
    Oct 6 16:01:16 gmf-sw-foremen-trailer jlaunchd[15801]: web-management (PID 21699) exited with status=0 Normal Exit
    Oct 6 16:01:16 gmf-sw-foremen-trailer jlaunchd[15801]: Registered PID 7903(web-management): exec_command
    Oct 6 16:01:16 gmf-sw-foremen-trailer jlaunchd[15801]: web-management (PID 7903) started
    Oct 6 16:01:16 gmf-sw-foremen-trailer jlaunchd[15801]: Registered PID 7903(web-management): new process
    Oct 6 16:01:45 gmf-sw-foremen-trailer checklogin[7927]: WEB_AUTH_SUCCESS: Authenticated httpd client with username root from 172.20.12.129

    {master:0}
    root@gmf-sw-foremen-trailer>
    ---------------------------------------------------------------------------------------------------------------

    ------------------------------
    TIM MADDEN
    ------------------------------



  • 5.  RE: Lost access to JWeb

    Posted 10-08-2021 05:08
    Hello TIM, 

    Glad to hear that it worked. 

    I don't get any explanation from Juniper but i'm thinking that phone-home and Jweb are in conflict as they both use http/https. 
    Jweb service shall test http/https tcp port availability at start and as https is already used by phone-home, it stop. 

    Regards, 
    Théo

    ------------------------------
    THEO QUENNEHEN
    ------------------------------