SRX基本配置知识分享

合集下载

1、下载文档前请自行甄别文档内容的完整性，平台不提供额外的编辑、内容补充、找答案等附加服务。
2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
3、如文档侵犯您的权益，请联系客服反馈,我们会尽快为您处理(人工客服工作时间：9:00-18:30)。

SRX 基本配置
环境介绍
设备ge-0/0/0 口为外网口，即第一个口，地址172.16.65.203/24,下一跳地址172.16.65.1
设备ge-0/0/2 口为内网口即第三个口，地址192.168.2.1/24,内网口作为PC网
关来用，设置DHCP，DHCP设置参数如下：地址段192.168.2.29-192.168.2.39
网关192.168.1.1
DNS 202.103.24.68 8.8.8.8
设置源NAT，用172.16.65.250 172.16.65.251两个地址做转换NAT地址
设置策略允许内网上网
创建超级用户root密码TS••….
具体步骤
用串口线连接设备con sole 口，设置参数如下：
这台设备是有配置的，所以要先清空设备配置，清空完设备配置，需要直接设备初始超级用户的密码，然后保存，才可以完成恢复出厂设置
[edit]
wangjia n# set security policies from-zone trust to-zone untrust policy wangjian match
source-address any
[edit] 配置策略源地址
wan gjia n# set security policies from-z one trust to-z one un trust policy wan gjia n match dest in atio n-address any配置策略目的地址
[edit]
wan gjia n# set security policies from-z one trust to-z one un trust policy wan gjia n match 即plication any 配置策略应用
[edit]
wan gjia n# set security policies from-z one trust to-z one un trust policy wan gjia n the n permit 配置策略动作
[edit]
wan gjia n# set security policies from-z one trust to-z one un trust policy wan gjia n the n log session-init开启策略日志一会话开始
[edit]
wan gjia n# set security policies from-z one trust to-z one un trust policy wan gjia n the n log sessi on-close 开启策略日志一会话结束
[edit]
wan gjia n# delete system services dhcp
[edit] 删除系统默认dhcp
wan gjia n# set system services dhcp router 192.168.1.1
[edit] DHCP参数默认网关
wan gjia n# set system services dhcp pool 192.168.2.0/24 address-ra nge low 192.168.2.29 DHCP参数地址池开始地址
[edit]
wan gjia n# set system services dhcp pool 192.168.2.0/24 address-ra nge high 192.168.2.39 DHCP参数地址池结束地址
[edit]
wan gjia n# set system services dhcp maximum-lease-time 4294967295
[edit] DHCP参数分配地址租约时间
wan gjia n# set system services dhcp n ame-server 202.106.0.20
[edit] DHCP参数DNS服务器
wan gjia n# set system services dhcp n ame-server 8.8.8.8
[edit] DHCP参数DNS服务器
wan gjia n# set system services dhcp propagate-sett ings ge-0/0/2.0
[edit] 设置DHCP信号发散端口
fxp2 up up
fxp2.0 up up tnp 0x1
gre up up
ipip up up
irb up up
lo0 up up
Io0.16384 up up inet 127.0.0.1 --> 0/0
Io0.16385 up up inet 10.0.0.1 --> 0/0
10.0.0.16 --> 0/0
128.0.0.1 --> 0/0
128.0.0.4 --> 0/0
128.0.1.16 --> 0/0
lo0.32768 up up
Isi up up
mtu n up up
pimd up up
pime up up
pp0 up up
ppd0 up up
ppe0 up up
st0 up up
tap up up
vla n up up
[edit]
wangjian# show | compare 跟上次commit前对比敲过的命令[edit security zones security-z one un trust in terfaces]
ge-0/0/0.0 { ... }
+ ge-0/0/1.0;
[edit]
wangjian# rollback 0 返回上次commit时的配置
load complete
[edit]。