juniper交换机配置示例
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
VLAN:
set vlans vlan4 vlan-id 4093
set vlans vlan4 l3-interface vlan.4093
set interfaces vlan unit 4093 family inet address 10.1.0.42/24
set vlans vlan4092 vlan-id 4092
set vlans vlan4092 l3-interface vlan.4092
set interfaces vlan unit 4092 family inet address 11.1.0.254/24
set interfaces ge-0/0/46 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/46 unit 0 family ethernet-switching vlan members 4092
set interfaces ge-0/0/47 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/47 unit 0 family ethernet-switching vlan members 4093
配置ACL:
set firewall family inet filter testacl term rule1 from source-address 10.1.0.0/24
set firewall family inet filter testacl term rule1 from destination-address 0.0.0.0/0
set firewall family inet filter testacl term rule1 from protocol tcp
set firewall family inet filter testacl term rule1 from destination-port 22
set firewall family inet filter testacl term rule1 from destination-port 80
set firewall family inet filter testacl term rule1 from destination-port 23
set firewall family inet filter testacl term rule1 then accept
set firewall family inet filter testacl term rule2 from source-address 10.1.0.0/24
set firewall family inet filter testacl term rule2 from destination-address 0.0.0.0/0
set firewall family inet filter testacl term rule2 from protocol icmp
set firewall family inet filter testacl term rule2 from icmp-type echo-request
set firewall family inet filter testacl term rule2 from icmp-type echo-reply
set firewall family inet filter testacl term rule2 then accept
set firewall family inet filter testacl term rule100 then discard
接口应用ACL:
set interfaces vlan unit 4093 family inet filter input testacl
插入acl:
admin# insert firewall family inet filter testacl term rule3 before term rule1
snmp:
set snmp community xiangyun authorization read-write //设置团体为读和写
set snmp community xiangyun clients 10.1.0.20/32 //设置可以通过snmp连接的主机
set snmp community xiangyun clients 10.1.0.95/32
set snmp trap-options source-address 10.1.0.20 //可选,配置trap
静态路由:
set routing-options static route 0.0.0.0/0 next-hop 10.1.0.254
set routing-options static route 192.168.1.0/24 next-hop 10.1.0.254
设置本地账号:
set system root-authentication encrypted-password "$1$hFYCCb1p$LKqjMiSS1HBW5O58zeNDJ0" //设置root密码
set system login class super idle-timeout 20 //设置超时断开连接
set system login class super permissions all //设置账号权限
set system login user admin uid 2004 //设置admin账号
set system login user admin class super //设置admin所属组
set system login user admin authentication encrypted-password "$1$xxrdBJNU$zDAK3qIxYqvzp.zdEggnS1" //设置admin账号密码
开启s
sh连接方式:
set system services ssh
检查命令:
commit check
命令保存:
commit
使用上一级命令:
命令前添加run 如:run show route
查看全局配置:
admin# show |display set
重启:
admin> request system reboot
查看系统时间:
admin> show system uptime
配置系统时间:
admin> set date YYYYMMDDhhmm.ss
查看端口状态:
show interfaces terse