Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Understanding Unattended Mode for U-Boot on EX Series Switches

Unattended mode for U-Boot can be configured to prevent unauthorized access to the switch that can occur during the boot process. After the CPU has been reset, there are several known methods of accessing the system before the JUNOS OS login prompt appears that do not require the user to enter authorization credentials. By gaining unauthorized access, the user can view, modify, or corrupt the switch configuration, or make the switch unavailable on the network.

When unattended mode is configured, the user can access the CLI during the boot process only by pressing <Ctrl+c> and entering the correct password, which is known as the boot-loader password. The boot-loader password must have been previously configured on the switch. Entering the correct boot-loader password will place the user in the U-Boot CLI. If the password is incorrect, or if no password is entered within one minute, access to the U-Boot CLI is blocked and the boot process continues automatically.

Access to the bootstrap loader command prompt (loader>) is blocked in unattended mode, which prevents the use of the following recovery mechanisms: root password recovery by using single-user mode, and booting the switch by using a software package stored on a USB flash drive.

Note: If the root password is lost while the switch is in unattended mode, the switch must be reset to the factory default configuration using the LCD panel. For more information see Reverting to the Default Factory Configuration for the EX Series Switch.

If unattended mode is not configured, but a boot-loader password has been configured, the user must enter the correct password to access the U-Boot CLI. If a boot-loader password has not been configured, the user can access the U-Boot CLI without entering a password. In either case, the user can access the bootstrap loader command prompt, which enables root password recovery by using single-user mode as well as booting from a USB flash drive.

Unattended mode is not enabled by default. When configured, unattended mode is turned on and will block unauthorized access to the switch. Table 1 summarizes the behaviors for U-Boot mode.

Table 1: Unattended Mode Behavior

Unattended Mode

Boot-loader password

Behavior

On

Set

  • Access to U-Boot CLI is allowed only after entering correct password.
  • Access to loader command prompt is blocked.
  • Booting from USB is blocked.
  • Root password recovery by using single-user mode is blocked.

On

Not Set

  • Access to U-Boot CLI is blocked.
  • Access to loader command prompt is blocked.
  • Booting from USB is blocked.
  • Root password recovery by using single-user mode is blocked.

Off

Set

  • Access to U-Boot CLI is allowed only after entering correct password.
  • Access to loader command prompt is allowed.
  • Booting from USB is allowed.
  • Root password recovery by using single-user mode is allowed.

Off

Not Set

  • Access to U-Boot CLI is allowed.
  • Access to loader command prompt is allowed.
  • Booting from USB is allowed.
  • Root password recovery by using single-user mode is allowed.
 

Related Documentation

 

Published: 2014-05-30

Previous Page Next Page