Netscreen System

(From NS5gt, similar to all Netscreen models as the Screen OS is same on all platforms)

Default access 

Console: 9600, 8bits, no parity, 1 stop bit, no flow control

Webui: http:// 192.168.1.1

Username: netscreen, Password: netscreen

Save configuration thru TFTP

abe-> save config from flash to tftp 10.1.1.10 abehome.cfg

ns5gt-> save config to last-known-good  (for roll backs)

Save System Configuration to Last-Known-Good (saved to flash).

Force roolback:  exec config rollback

Load config to the unit

save config from tftp 10.1.1.10 abehome.cfg to flash

save config from tftp 10.1.1.10 abehome.cfg merge (merges with current file in ram and save to flash, careful as conflicting file will take precedence)

reset (to make it active)

Image back up

ns5gt-> save software from flash to tftp 192.168.1.10 imagebackdec11.bin

Image upgrade

ns5gt-> save software from tftp 192.168.1.10 newimage.bin to flash

Image Recovery

A corrupted ScreenOs image in flash can be overwritten with an image from a TFTP server using “Boot mode”. 

Interrupt boot sequence by pressing any key in 60 seconds.

NetScreen NS-5GT Boot Loader Version 2.1.0 (Checksum: 61D07DA5)

Copyright (c) 1997-2003 NetScreen Technologies, Inc.

Total physical memory: 128MB

    Test - Pass

    Initialization.... Done

Hit any key to run loader

Hit any key to run loader

Hit any key to run loader

Provide boot file name, self IP address (applied to trust interface), tftp IP address.  This starts the data transfer. 

Once the transfer is complete, admin agree to write the image to flash and will reset again. 

Config file will remain intact.

Set to Factory defaults

Three methods depending on situation

1. If you know the admin password, can erase all current config and boot with default config

-----------------------------------------------------

abe-> unset all

Erase all system config, are you sure y/[n] ? y

abe-> reset

Configuration modified, save? [y]/n n

System reset, are you sure? y/[n] y

In reset ...

Note: Issuing the unset all CLI command does not affect the port mode setting on the NetScreen device

2. Asset Recovery: login with your serial number as username and password

-----------------------------------------------------------

login: 0064102004002636

password:

!!! Lost Password Reset !!! You have initiated a command to reset the device to

factory defaults, clearing all current configuration and settings. Would you lik

e to continue?  y/[n] y!! Reconfirm Lost Password Reset !! If you continue, the entire configuration of

 the device will be erased. In addition, a permanent counter will be incremented

 to signify that this device has been reset. This is your last chance to cancel

this command. If you proceed, the device will return to factory default configur

ation, which is: System IP: 192.168.1.1; username: netscreen, password: netscree

n. Would you like to continue?  y/[n]: y

3. Use pin hole on the exterior of the device.

----------------------------------------------------------------

Press until flashing light changes to red

Wait until flashing red turns to flashing green

Press again

Helpful Commands

1. get system

-         serial number

-         software version

-         system mode, layer 2 or 3

-         interface status

-         interface address

-         management address

2. get tech-support 

-         command to get information for technical support

-         To get output without break: set console page 0,   unset console page

3. get config all

      - displays all configuration information

4. get chassis

-         get temperature, alarm etc

5. get interface

-         get all interfaces info

6. get interface trust

-         view each interface configuration

7. save config to last-known-good

-         to create rollback file

8. exec config rollback

-         to force rollback

9. get route

-         to get routing tables

10. get session

-         can verify nat

11. get policy

      - shows all policy, use get policy < id > to get individual policy information

12. get ike cookie

-         verify phase 1 of vpn tunnels, no cookie will be created if there is a problem

13. get sa active

-         verify successful completion of phase 2: under status, A indicates tunnel is active and I indicates inactive

14. get event

-  display or clear event log messages

15. get active-user

-         to display information of all users that initiated a service request through the device, incudes IP address, incoming and outgoing sessions.