juniper配置命令大全
juniper之常用命令
OSPF中路由重发布配置
enable ospf export direct [cost <metric> [ase-type-1 | ase-type-2] {tag <number>} | <route map>]
show ospf
show access-list {<name> | port <portlist>}
show access-list-monitor
show ospf area <area identifier>
show ospf area detail
show ospf ase-summary
13.Access-Lists配置
create access-list icmp destination source
create access-list ip destination source ports
create access-list tcp destination source ports
6.port-channel配置
enable sharing <port> grouping <portlist> {port-based | address-based | round-robin}
show port sharing //查看配置
7.stp配置
enable stpd //启动生成树
show diag
show iparp
Juniper的基本配置
Juniper的基本配置:root# cli#相当于cisco的enroot@>cli> configure#相当于cisco的configure terminal[edit]root@# set system host-name router1#配置路由器的名字为router1root@# set system domain-name #配置路由器所在域为root@# set interfaces fxp0 unit 0 family inet address 192.168.15.1/24#配置fxp0 unit 0的接口地址,fxp0代表管理接口,unit 0代表子接口,inet代表是ipv4地址。
root@# set system backup-router 192.168.15.2#backup-router是本路由器的直连路由器,在路由器启动的时候,#JUNOS路由软件(routing protocol process, RPD)没有立即启动,#路由器将自动生成一条到back-up router的缺省路由,当路由器启动完成后再自动删除这条路由。
root@# set system name-server 192.168.15.3#DNS的地址root@# set system root-authentication plain-text-password#设置明文密码New password:Retype password:#输入并且确认密码,要求字母和数字。
root@# commit#确认配置,在没有确认配置的时候所有配置都是不生效的!root@router1# exitroot@router1>#保存配置用save命令[edit]aviva@router1# save configuration-march02Wrote 433 lines of configuration to configuration-march02#察看保存过的文件用run file list命令aviva@router1# run file list/var/home/aviva:.ssh/configuration-march02#用保存的文件载入配置用load replace命令。
Juniper路由器配置命令介绍
Juniper路由器配置命令介绍Juniper路由器配置命令介绍⒈系统配置命令⑴ `set system hostname`:设置设备的主机名。
⑵ `set system domn-name`:设置设备的域名。
⑶ `set system login user`:设置设备的登录用户信息。
⒉接口配置命令⑴ `set interfaces interface-name unit logical-unit-number family inet address ip-address/subnet-mask`:配置接口的IP地址和子网掩码。
⑵ `set interfaces interface-name unit logical-unit-number family inet6 address ipv6-address/prefix-length`:配置接口的IPv6地址和前缀长度。
⑶ `set interfaces interface-name unit logical-unit-number vlan-id vlan-tagged`:配置接口的VLAN标签。
⒊路由配置命令⑴ `set routing-options static route destination next-hop`:配置静态路由。
⑵ `set protocols ospf area area-id`:配置OSPF路由协议。
⒋安全配置命令⑴ `set security zones security-zone zone-nameinterfaces interface-name`:将接口分配给安全区域。
⑵ `set security policies from-zone source-zone to-zone destination-zone policy policy-name then permit`:配置安全策略以允许数据流动。
⒌ VPN配置命令⑴ `set security ike proposal proposal-name authentication-method pre-shared-keys`:配置IKE提议的预共享密钥认证方法。
Juniper基础配置命令
1、查看设备的硬件及引擎情况引擎数?有哪些板卡?从上信息可以得出:双引擎设备,RE0是主,RE1是备。
2、查看版本从上可看出:re0的版本是【12.3R4.6】re1的版本是【12.3R4.6】3、引擎切换4、查看当前引擎运行状态设备配置管理Juniper的配置存在2个地方:第一个:其中,juniper.conf.gz是当前的配置第二个:可以查看文件的实际配置内容:查看全局配置:或查看接口查看接口匹配信息查看路由协议信息或查看系统方面的信息查看之前的历史配置信息查看运行的文件回滚载入之前的某一个配置文件批量导入配置命令:带外管理口配置:set groups re0 interfaces fxp0 unit 0 family inet address 172.18.18.30/24set system time-zone Asia/Shanghaiset system root-authentication encrypted-password "$5$hmy2W7ar$TR/KP7qIckZ37QbfzSKJWpFW1QS70m1zAPQCsK4jth0" set system login user lab uid 2000set system login user lab class super-userset system login user lab authentication encrypted-password "$5$.Us1Dtb0$dIi5e/6/xp3IAUS/EXkntfTk3fDqESpZBNBLxrWVLHB"set system services ftpset system services sshset system services telnetset system syslog user * any emergencyset system syslog file messages any noticeset system syslog file messages authorization infoset system syslog file interactive-commands interactive-commands anyset logical-systems vr101set logical-systems vr102set interfaces ge-2/0/0 description link_to_Serv1set interfaces ge-2/0/0 unit 0 family inet address 11.1.1.1/24 deactivate interfaces ge-2/0/0 unit 0set interfaces ge-2/0/1 description link_to_Serv2set interfaces ge-2/0/1 unit 0 family inet address 11.1.2.1/24 deactivate interfaces ge-2/0/1 unit 0set routing-options static route 172.0.0.0/8 next-hop 172.18.18.254set routing-options static route 10.0.0.0/8 next-hop 172.18.18.254show configuration | display set |match traceoptionshow bgp summaryshow configuration | display set | match 100.125.154.9set protocols bgp group HZ-OOB2IN75 neighbor 100.125.154.9 export rpFW-ADCN2FW-POPshow bgp neighborshow route forwarding-tableshow configuration interfacesshow configuration policy-optionsshow configuration interfaces gr-0/0/0show configuration protocols bgpping 100.125.154.126 count 100ping 14.143.27.242 rapid count 300show configuration | display set | compare rollback 5 show version detail no-forwardingshow system core-dumps no-forwardingshow chassis alarms no-forwardingshow chassis hardware detail no-forwarding show system processes extensive no-forwarding show pfe statistics errorshow pfe statistics trafficshow chassis routing-engine no-forwarding show chassis environment no-forwarding show chassis firmware no-forwardingshow chassis fpc detailshow system boot-messages no-forwarding show system storage no-forwardingshow system virtual-memory no-forwardingshow system buffer no-forwardingshow system queues no-forwardingshow system statistics no-forwardingshow configuration | except SECRET-DATA | display omit show interfaces extensive no-forwardingshow network-access aaa statistics accountingshow route forwarding-table summaryshow ppp statistics extensiveshow accounting server statisticsshow system resource-monitor summaryshow shm-ipc statisticsshow interfaces diagnostics optics et-0/1/1。
juniper 配置命令
set dynamic-profiles vlan interfaces "$junos-interface-ifd-name" unit "$junos-interfaceunit" no-traps set dynamic-profiles vlan interfaces "$junos-interface-ifd-name" unit "$junos-interfaceunit" vlan-id "$junos-vlan-id" set dynamic-profiles vlan interfaces "$junos-interface-ifd-name" unit "$junos-interfaceunit" family inet policer disable-arp-policer set dynamic-profiles vlan interfaces "$junos-interface-ifd-name" unit "$junos-interfaceunit" family inet6 unnumbered-address lo0.0 set system commit synchronize set system dynamic-profile-options versioning set chassis network-services enhanced-ip set dynamic-profiles pppoe predefined-variable-defaults input-filter 10M set dynamic-profiles pppoe predefined-variable-defaults output-filter 10M set access profile sunrise-test authentication-order none set access profile none authentication-order none set access profile sunrise-test accounting order none set system commit synchronize run request routing-engine login re0 进入低层 可以开ftp 纯交换模式 当交换机用 ssh { + + + root-login deny; protocol-version v2;
juniper命令注解
juniper命令注解netscreen 设备管理配置netscreen 设备管理配置8实例分析:NETSCREEN 现有配置1.1时间设定set clock dst-off /自动调整时间关set clock ntp /设置NTP时间同步set clock timezone 9 /设置时区set vrouter trust-vr sharable /设置虑拟路由器trust-vr可以为其他VSYS系统共享1.2路由导出及自定义服务设定unset vrouter "trust-vr" auto-route-export /禁止路由器trust-vr的路由自动导出set service "CVS" protocol tcp src-port 0-65535 dst-port 2401-2401/自定义CVS服务协议为TCP 源端口为0-65535 目地端口为24011.3认证的设定set auth-server "Local" id 0 /设置认证SERVER为本地认证set auth-server "Local" server-name "Local" /设置本地认证SERVER名为LOCAL set auth default auth server "Local" /设置默认认证服务器为LOCAL1.4管理员的设定set admin name "netscreen" /设置管理员用户名set admin password "XXXXXX" /设置管理员密码set admin user "livedoorcn" password "XXXXXXX" privilege "all"/添加管理员用户livedoorcn及其权限为R-W1.5管理IP的设定set admin manager-ip xxx.174.65.0 255.255.255.0 /设置管理IPset admin manager-ip 10.0.71.136 255.255.255.255 /设置管理IPset admin manager-ip xxx.xxx.xxx.141 255.255.255.192 /设置管理IPset admin manager-ip xxx.xxx.xxx.246 255.255.255.255 /设置管理IPset admin manager-ip 10.0.71.139 255.255.255.255 /设置管理IPset admin manager-ip xxx.xxx.xxx.0 255.255.255.0 /设置管理IP1.6SSH及区域设定set admin scs password disable username netscreen /禁止用户的SSH密码认证set admin scs password disable username livedoorcn /禁止用户的SSH密码认证set admin auth timeout 10 /设置认证时间超时set admin auth server "Local" /设置管理认证服务器set zone "Trust" vrouter "trust-vr" /设置信任区域set zone "Untrust" vrouter "trust-vr" /设置非信任区域set zone "VLAN" vrouter "trust-vr" /设置VLAN区域set zone "Trust" tcp-rst /设置TRUST安全区超时回应RESET信息set zone "Untrust" block /封锁同一安全区中主机之间的信息流unset zone "Untrust" tcp-rst /设置UNTRUST安全区超时不回应RESET信息set zone "MGT" block /封锁同一安全区中主机之间的信息流set zone "VLAN" block /封锁同一安全区中主机之间的信息流set zone "VLAN" tcp-rst /设置TRUST安全区超时回应RESET信息1.7网络攻击保护选项的设定set zone "Trust" screen alarm-without-drop /设置告警但并不丢弃数据包set zone "Trust" screen icmp-flood /设置ICMP泛洪攻击保护set zone "Trust" screen udp-flood /设置UDP泛洪攻击保护set zone "Trust" screen winnuke /设置winnuke攻击保护set zone "Trust" screen port-scan /设置端口扫描攻击保护set zone "Trust" screen ip-sweep /设置IP地址扫描攻击保护set zone "Trust" screen tear-drop /设置tear-drop攻击保护set zone "Trust" screen syn-flood /设置SYN 泛滥攻击保护(DOS)set zone "Trust" screen ip-spoofing /设置IP欺骗攻击保护set zone "Trust" screen ping-death /设置PING-DEATH攻击保护set zone "Trust" screen ip-filter-src /设置禁示使用松散源路由或严格源路由选项set zone "Trust" screen land /设置陆地攻击保护set zone "Trust" screen tcp-no-flag /设置TCP无标志保护set zone "Trust" screen unknown-protocol /设置未知协议保护set zone "Trust" screen ip-bad-option /设置BAD选项保护set zone "Trust" screen ip-record-route /设置记录路由保护set zone "Trust" screen ip-timestamp-opt /设置时间戳保护set zone "Trust" screen ip-security-opt /设置IP安全选项保护(已不用)set zone "Trust" screen ip-loose-src-route /设置松散源路由(记录)set zone "Trust" screen ip-strict-src-route /设置严格源路由(记录)set zone "Trust" screen ip-stream-opt /设置IP选项流ID(费弃选项)set zone "Trust" screen icmp-large /设置icmp大包保护set zone "Trust" screen syn-fin /设置操作系统set zone "Trust" screen fin-no-ack /设置FIN但无ACK标志保护set zone "Trust" screen limit-session source-ip-based /设置源IP会话限制set zone "Trust" screen syn-ack-ack-proxy /设置同步代理泛滥保护set zone "Trust" screen block-frag /设置IP封包的碎片保护set zone "Trust" screen limit-session destination-ip-based /设置目的IP会话限制set zone "Untrust" screen tear-dropset zone "Untrust" screen syn-floodset zone "Untrust" screen ping-deathset zone "Untrust" screen ip-filter-srcset zone "Untrust" screen landset zone "V1-Untrust" screen tear-dropset zone "V1-Untrust" screen syn-floodset zone "V1-Untrust" screen ping-deathset zone "V1-Untrust" screen ip-filter-srcset zone "V1-Untrust" screen landset zone "Trust" screen limit-session destination-ip-based 1280 /设置目的IP会话限制1.8接口的设定set interface "trust" zone "Trust" /将接口trust绑定到trust安全区域set interface "untrust" zone "Untrust" /将接口untrust绑定到untrust安本区域unset interface vlan1 ip /没有设定VLAN IP地址set interface trust ip 10.0.71.1/24 /设置trust接口IP地址set interface trust nat /设置trust接口工作模式set interface untrust ip xxx.xxx.xxx.131/26 /设置untrust接口IP地址set interface untrust route /设置untrust接口工作模式set interface untrust gateway xxx.xxx.xxx.129 /设置untrust接口网关unset interface vlan1 bypass-others-ipsec /阻止NetScreen 设备通过IPSec信息流unset interface vlan1 bypass-non-ip /阻止所有非IP和非ARP 单点传送信息流set interface trust ip manageable /设置trust接口为可管理接口set interface untrust ip manageable /设置untrust接口为可管理接口set interface untrust manage ping /允许untrust接口PINGset interface untrust manage ssh /允许untrust接口可以SSH 管理set interface untrust manage web /允许untrust接口可以WEB 管理1.9MIP地址映射的设定set interface "untrust" mip xxx.xxx.xxx.135 host 10.0.71.135 netmask 255.255.255.255 vrouter "trust-vr" /设置MIP映射地址以下类同:set interface "untrust" mip xxx.xxx.xxx.133 host 10.0.71.133 netmask 255.255.255.255 vrouter "trust-vr"set interface "untrust" mip xxx.xxx.xxx.134 host 10.0.71.134 netmask 255.255.255.255 vrouter "trust-vr"set interface "untrust" mip xxx.xxx.xxx.136 host 10.0.71.136 netmask 255.255.255.255 vrouter "trust-vr"set interface "untrust" mip xxx.xxx.xxx.139 host 10.0.71.139 netmask 255.255.255.255 vrouter "trust-vr"set interface "untrust" mip xxx.xxx.xxx.140 host 10.0.71.140 netmask 255.255.255.255 vrouter "trust-vr"set interface "untrust" mip xxx.xxx.xxx.132 host 10.0.71.132 netmask 255.255.255.255 vrouter "trust-vr"set interface "untrust" mip xxx.xxx.xxx.142 host 10.0.71.142 netmask 255.255.255.255 vrouter "trust-vr"set interface "untrust" mip xxx.xxx.xxx.143 host 10.0.71.143 netmask 255.255.255.255 vrouter "trust-vr"。
Juniper路由器配置命令介绍
Juniper路由器配置命令介绍Juniper路由器配置命令介绍目录1、简介2、配置基础命令2.1 进入操作模式2.2 配置系统参数2.3 设置管理接口2.4 配置路由表3、高级配置命令3.1 OSPF配置3.2 BGP配置3.3 VRF配置3.4 MPLS配置4、安全配置命令4.1 配置防火墙4.2 配置安全策略4.3 配置VPN4.4 配置ACL5、故障排查命令5.1 显示命令5.2 路由故障排查5.3 硬件故障排查5.4 访问控制故障排查6、性能优化命令6.1 接口配置6.2 QoS配置6.3 缓存配置6.4 动态路由配置1、简介Juniper路由器是一种支持多种网络协议的高性能路由器。
本文档介绍了Juniper路由器的配置命令,并根据功能分类进行了细化。
2、配置基础命令2.1 进入操作模式- login:登录路由器- cli:进入命令行操作模式- configure:进入配置操作模式2.2 配置系统参数- set system hostname <hostname>:设置路由器主机名- set system domn-name <domn-name>:设置路由器域名- set system time-zone <time-zone>:设置时区- set system name-server <ip-address>:设置DNS服务器2.3 设置管理接口- set interfaces <interface> unit <unit> family inet address <ip-address/mask>:配置管理接口的IP地质- set interfaces <interface> unit <unit> family inet address dhcp:使用DHCP分配管理接口的IP地质2.4 配置路由表- set routing-options static route <destination> next-hop <next-hop>:配置静态路由- set routing-options router-id <id>:配置路由器ID- set protocols ospf area <area> interface <interface>:配置接口与OSPF区域的关联3、高级配置命令3.1 OSPF配置- set protocols ospf area <area> interface <interface>:配置接口与OSPF区域的关联- show ospf neighbor:显示OSPF邻居信息- show ospf route:显示OSPF路由表3.2 BGP配置- set protocols bgp group <group-name> neighbor<neighbor-address>:配置BGP邻居- set protocols bgp group <group-name> family <family>:配置BGP邻居的地质族- show bgp neighbor:显示BGP邻居信息- show bgp summary:显示BGP邻居摘要信息3.3 VRF配置- set routing-instances <instance-name> interface<interface>:配置接口与VRF的关联- set routing-instances <instance-name> routing-options static route <destination> next-hop <next-hop>:配置静态路由3.4 MPLS配置- set protocols mpls interface <interface>:启用接口的MPLS功能- set protocols mpls label-switched-path <LSP-name> to <destination-address> : 配置LSP的路径4、安全配置命令4.1 配置防火墙- set security policies from-zone <from-zone> to-zone <to-zone> policy <policy-name> match <match-conditions> then permit/deny:配置安全策略4.2 配置安全策略- set security zones security-zone <zone-name> address-book address <address-name> <ip-address>:配置地质对象- set security zones security-zone <zone-name> host-inbound-traffic system-services <services>:配置允许进入防火墙的服务4.3 配置VPN- set security ike proposal <proposal-name> authentication-method <method>:配置IKE提议- set security ike gateway <gateway-name> ike-policy <policy-name>:配置IKE网关- set security ipsec vpn <vpn-name> bind-interface<interface>:绑定VPN到接口4.4 配置ACL- set firewall family inet filter <filter-name> term <term-name> from protocol <protocol>:配置ACL规则- set firewall family inet filter <filter-name> term <term-name> then accept/discard:配置ACL规则动作5、故障排查命令5.1 显示命令- show interfaces <interface> detl:显示接口详细信息- show route <destination> : 显示路由信息- show chassis hardware:显示硬件信息5.2 路由故障排查- show bgp summary:显示BGP邻居摘要信息- show ospf neighbor:显示OSPF邻居信息- show route protocol <protocol>:显示指定协议的路由5.3 硬件故障排查- show chassis hardware:显示硬件信息- show log messages:显示系统日志消息- request support information:收集支持信息文件5.4 访问控制故障排查- show security policies from-zone <from-zone> to-zone <to-zone> policy <policy-name>:显示安全策略信息- show security zones interfaces:显示接口与安全域的关联信息6、性能优化命令6.1 接口配置- set interfaces <interface> mtu <mtu-size>:设置接口MTU大小- set interfaces <interface> description <description>:设置接口描述6.2 QoS配置- set class-of-service interfaces <interface> unit<unit> scheduler-map <map-name>:为接口配置调度器映射- set class-of-service scheduler-maps <map-name> forwarding-class <forwarding-class> scheduler <scheduler-name>:配置调度器映射6.3 缓存配置- set forwarding-options cache hit-cache-size <size>:设置缓存大小- set forwarding-options cache timeout <timeout-value>:设置缓存超时时间6.4 动态路由配置- set protocols ospf area <area> interface <interface> passive:将接口设置为OSPF被动接口- set routing-instances <instance-name> interface <interface> passive:将接口设置为VRF被动接口附件:无法律名词及注释:无。
juniper设备命令
juniper设备命令set system root-authentication plain-text-password 设置root 密码set system login user jianglong class super-user authentication plain-text-password 设置超级用户及密码set system services telnet 开启telnetcommit 提交生效show interfaces diagnostics optics xe-0/0/31 查看端口模块信息show chassis pic fpc-slot 0 pic-slot 0 查看模块信息show system uptime 查看系统时间及设备启动时间show log link-status 查看系统日志show | display set 查看配置show | compare 未保存之前查看做过的配置show chassis hardware 查看模块信息包括SN号show class-of-service 查看端口限速set class-of-service interfaces xe-0/0/5 shaping-rate 2g 端口限速deactivate interfaces xe-1/1/0 unit 3027 (保留端口配置,但使配置失效)activate interfaces xe-1/1/0 unit 3027(使失效的端口配置生效)两台设备之间传输vlan一、设备端口建立相关vlanset interfaces xe-1/1/0 unit 3033 vlan-id 3033 family inet address 118.186.208.141/30 (在xe1/1/0端口建立vlan3033,配IP:118.186.208.141/30)二、建立好在两段设备和传输设备上建立好vlan后在4550交换机上做传输策略show protocols l2circuit (查看传输策略)set protocols l2circuit neighbor 118.186.247.99 interface xe-0/0/24.3033 virtual-circuit-id 13033 encapsulation-typeethernet-vlan (从本端设备的xe0/0/24口将vlan3033传到118.186.247.99这个设备,并定义策略。
juniper交换机配置
juniper交换机配置一、设备启动login: rootPassword:Terminal type? [vt100] yroot%cliroot>二、设备重启user@host> request system reboot三、设置ROOT密码root# set system root-authentication plain-text-password四、将配置转换成set命令lab@EX4200# show protocols ospf | display set五、设置主机名set system host-name EX4200-1 //EX4200-1为主机名六、时间设置set system time-zone Asia/Shanghai //设置时区set date 200810301407.00 //设置时间,在用户模式下配置,YYYYMMDDhhmm.ss格式七、开启远程登录set system services telnet删除命令:delete system services telnet八、创建用户set system login user zte class super-user //添加zte用户为超级用户类别set system login user zte authentication plain-text-password //设置zte密码New password:Retype new password: set system login user zte class read-only //修改zte用户为只读用户set system login user zte class read-only //修改zte用户为只读用户delete system login user zte //删除zte用户九、vlan设置创建一个VLAN,指定VLAN名称和ID号set vlans “zte_vlan” vlan id 10将交换机端口修改为access模式加入到新创建的VLAN中set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode accessset interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 10创建3层VLAN子端口,并且将子端口和VLAN关联:set interfaces vlan unit 10 family inet address 192.168.1.1/24 set vlans vlan l3-interface vlan.10 //vlan子端口和VLAN对应起来十、trunk设置允许vlan id为10和20的VLAN通过Trunkset interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members [10 20]delete interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk允许vlan id为10和20的VLAN通过Trunkset interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members [10 20]禁止VLAN通过:不允许vlan 10通过delete interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 10十一、三层端口修改修改端口为L3模式delete interfaces ge-0/0/1 unit 0 family ethernet-switching //删除端口L2参数set interfaces ge-0/0/1 unit 0 family inet //设置端口为L3模式set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/30 //设置端口IP地址修改端口为L2模式delete interfaces ge-0/0/1 unit 0 family inet //删除端口为L3模式参数set interfaces ge-0/0/15 unit 0 family ethernet-switching //将端口设置为L2模式十二、静态路由设置172.16.1.0/24网段指向下一跳地址192.168.1.253set routing-options static route 172.16.1.0/24 next-hop 192.168.1.253delete routing-options static route 172.16.1.0/24。
juniper 常用配置命令
1.〉模式进入#模式:configure2.配置静态路由:>set route 10.1.10.0/24 int e1 gateway 10.1.1.2543.查看接口的配置:>get interface4.查看静态路由:>get route >get route ip 10.1.10.55.Ping 测试:>ping 10.1.10.56.Traceroute 测试:>trace 10.1.10.57.配置接口的模式(nat和route):>set interface e1 nat8.保存:>save9.配置文件备份:>save config from flash to tftp 1.1.7.250 15june03.cfg10.配置文件恢复:>save config from tftp 1.1.3.250 15june03.cfg to flash11.IOS备份:>save software from flash to tftp 1.1.7.250 ns208image.bin12.IOS升级:>save software from tftp 1.1.7.250 newimage to flash13.透明模式的配置:A.建立2层的安全区(在没有使用缺省安全区的情况下):>set zonename L2-Demo L2 1 // set zone name <name> L2 <vlan_tag>B.分配接口给2层安全区:>set int e3 zone L2-DemoC.为vlan1配置管理地址:>set int vlan1 manage-ip 1.1.7.100/24a.配置IP地址:>set int vlan1 ip 1.1.7.1/24b.选择广播的方法:>set vlan1 broadcast floodc.配置管理服务:(允许所有的管理服务)>set int vlan1 manageD.(可选项)配置每个安全区的管理服务:>set zone v1-dmz manage webE.在不同的安全区之间配置策略:14.透明模式的检查工具:>get int>get arp ,>get mac-learn,>get session15.透明模式是一个非常灵活的防火墙部署解决方案,可以快速实现防火墙和VPN的功能,不需要修改网络结构,建立虚拟地址(NAT),就可以实现访问控制。
JUNIPER路由器中常用命令总结
JUNIPER路由器中常⽤命令总结前些⽇⼦认真看了⼀下Juniper路由器的⼀些命令。
在这⾥总结⼀下。
⽅便以后使⽤Juniper路由器的命令主要分为两个部分,⼀个是operational,主要是复杂查看⽬前⽹络的配置情况(只能查看,不能修改。
感觉权限⽐较低);另⼀个是configuration,主要⽤来查看和修改配置(感觉权限⾼⼀些)。
刚进⼊到Juniper路由器时,默认进⼊的是operation,输⼊edit命令之后,就进⼊到了[edit]⽬录下,也就是进⼊了configuration。
基础配置命令(如未说明则在[edit]⽬录下)1、配置主机名字:set system host-name router12、配置域名: set system domain-name 3、配置fxp0接⼝(以太⽹中通过这个接⼝进⾏路由器的配置)。
Set interfaces fxp0 unit 0 family inet address 192.168.15.1/2 44、配置备份路由器:set system backup-router 192.168.15.25、配置DNS服务器:set system name-server 192.168.15.36、配置root⽤户的密码:set system root-authentication plain-text-password(密码中不可以全是⼤写、全是⼩写、全是数字)7、设置ntp服务器: set system ntp server 192.168.2.28、提交修改:commit9、查看提交是否合法: commit check10、在当天特定时间进⾏提交 commit at 22:4511、在特定⽇期的特定时间提交: commit at “2005-02-26 10:45”12、取消commit的操作 clear system commit13、为了避免提交带来意外的损害采⽤:commit confirmed,会在10分钟以后⾃动回滚14、与14相同,但在⼀分钟以后⾃动回滚:commit confirmed 115、提交信息,并同步到备份路由器上: commit synchronize配置服务:1、设置ssh服务:set system services ssh2、配置ftp服务: set system services ftp3、删除ftp服务: delete system services ftp权限设置:1、设置root⽤户ssh登录的密码:set system root-authentication ssh password2、禁⽌root⽤户使⽤ssh登录:[edit system ] set services ssh root-login deny3、设置密码要求:[edit system login] set password maximun-length 20 set password minimum-length 8 set password mi nimum-changes 24、设置密码加密算法:set system login password formate md55、查看⾃⼰的权限,以及可以设置的权限: show cli authorization进⼊与退出命令:1、Edit2、修改root的配置:configure3、避免多⼈修改导致设置丢失采⽤ configure exclusive4、查看⽬前修改区域有谁在线:[edit]status(只能看见⽐你先登录的⼈,后⾯登录的信息看不见)5、强制要求别⼈下线:request system logout user mike6、进⼊到根⽬录 top7、退出configuration 模块:quit8、退出configuration模块:exit configuration-mode9、提交并退出:commit and-quit10、退出当前⽬录:exit11、进⼊到某⽬录 edit ⽬录名字查看命令:1、查看当前⽬录地下的设置 [edit]show2、查看你设置的命令 show | display set3、查看你新增的命令 show | compare(+表⽰你增加的命令,-表⽰你删除的命令。
juniper交换机配置指南(汇编)
juniper交换机配置指南开机后:login: rootLast login: Fri Jan 17 22:21:55 on ttyd0--- JUNOS 7.2R3.3 built 2002-03-23 02:44:36 UTCTerminal type? [vt100] <enter>root@%注意使用root用户登录的情况下,输入帐号/密码以后,默认是进入shell模式的(而只有root用户帐号有这个现象),要输入cli命令进入用户模式:root@% cliroot>配置模式用户模式下输入configure命令进入配置模式,配置模式下可以对设备进行各种参数的配置root> configure[edit]root#设置root用户密码命令:set system root-authentication plain-text-password路由器初始化root用户是没有密码的,在第一次进行配置的时候必须要配置root密码才能commit成功。
密码采用字母+数字方式。
Example:lab@M7i_GZ# set system root-authentication plain-text-password精品文档New password:Retype new password:添加系统用户命令:set system login user juniper uid 2000 <-设置用户名为juniper用户id为2000set system login user juniper class super-user <-设置juniper用户为超级用户set system login user juniper authentication plain-text-password <-设置juniper用户的密码设置主机名命令:set system host-name M7i_GZ <-设置主机名为M7i_GZ开启系统telnet服务命令:set system services telnet说明:系统默认是没有打开telnet功能的,只有打开telnet服务之后才能从网络上登陆到路由器。
Juniper路由器常用命令表
Juniper路由器常用命令表Juniper路由器常用命令表:1·登录与基本操作1·1 连接与登录1·2 登录后的基本操作1·3 退出登录2·系统操作与管理2·1 系统状态与信息查看2·2 系统配置与修改2·3 系统重启与关机2·4 用户管理3·接口配置3·1 物理接口3·1·1 接口状态查看与设置3·1·2 接口带宽与速率限制设置3·2 逻辑接口3·2·1 VLAN接口配置3·2·2 Loopback接口配置4·路由配置4·1 静态路由配置4·2 动态路由配置4·2·1 OSPF配置4·2·2 BGP配置4·2·3 RIP配置5·安全配置5·1 防火墙配置5·1·1 基本防火墙规则配置5·1·2 会话表与连接追踪配置5·1·3 防火墙日志配置5·2 虚拟专用网络(VPN)配置5·2·1 IPsec VPN配置5·2·2 SSL VPN配置6·网络服务配置6·1 DHCP服务配置6·2 DNS服务配置6·3 NAT配置7·系统诊断与故障处理7·1 接口故障排查7·2 路由故障排查7·3 防火墙故障排查7·4 网络连通性测试7·5 系统日志与告警查看附:本文档涉及附件附件:无注释:本文所涉及的法律名词及注释1·路由器:一种计算机网络设备,用于在局域网或广域网之间转发数据包。
2·VLAN:虚拟局域网,将一组逻辑上的设备或用户分组,形成一个局域网。
Juniper路由器常用命令表
user id为2001;
class为high
设置telnet和ftp服务
Line vty 0 4
#set services telnet
设置telnet服务
ip ftp
# set services ftp
设置ftp服务
#set system services telnet connection-limit 5
client的配置
# set ntp boot-server202.96.103.37
ntp server配置
此处只能写ip不能为主机名
SNMP配置
#set snmp community keepalive authorization read-only
SNMP配置
端口数据设置
Interface
#edit interfaces
限制telnet的最大连接数5
syslog服务配置
# set syslog user * any emergency
#set system syslog host202.96.103.73any any
所有syslog信息都写到远程主机
#set system syslog file messages any notice
>show chassis alarms
查看设备告警信息
sh environment all
>show chassis environment
查看详细的硬件温度及状态信息
# run show chassis fpc pic-status
查看办卡信息
show controller intfc
JUNIPER常用命令
参数时区设置虚拟路由器设置ALG认证和管理员属性ZONE设置接口设置Flow设置HA设置SYSLOGSNMP VPN命令set clock dst-offset clock ntpset clock timezone 8set ntp server x.x.x.xset ntp server backup1 "x.x.x.x"set ntp server backup2 "x.x.x.x"set ntp max-adjustment 0set vrouter trust-vr sharableunset vrouter "trust-vr" auto-route-export unset alg sip enableunset alg mgcp enableunset alg sccp enableunset alg sunrpc enableunset alg msrpc enableunset alg rtsp enableunset alg h323 enableset auth-server "Local" id 0set auth-server "Local" server-name "Local" set auth-server "XXXX" id 1set auth-server "XXXX" server-name "x.x.x.x" set auth-server "XXXX" account-type admin set auth default auth server "Local"set auth-server "XXXX" radius secret "xxxx"set auth-server "ACS" radius port 1646set admin name "ccb"set admin password "xxxxxxxxx"set admin manager-ip x.x.x.x x.x.x.xset admin auth timeout 10set admin auth server "XXXX"set admin auth banner console login "Access is….ly" set admin privilege get-externalset admin format dosset zone "Trust" vrouter "untrust-vr"set zone "Untrust" vrouter "untrust-vr"set zone "DMZ" vrouter "untrust-vr"unset zone "Trust" tcp-rstset zone "Trust" blockunset zone "Untrust" tcp-rstset zone "Untrust" blockset zone "Untrust" screen tear-dropset zone "Untrust" screen syn-floodset zone "Untrust" screen ping-deathset zone "Untrust" screen ip-filter-srcset zone "Untrust" screen landset zone "Untrust" screen alarm-without-dropset interface "ethernet1/1" zone "xxx"set interface ethernet1/1 ip x.x.x.x/xset interface ethernet1/1 routeset interface ethernet1/1 manage-ipset interface ethernet1/1 ip manageableset interface ethernet1/1 manage xxxxunset flow tcp-syn-checkset flow tcp-syn-bit-checkset flow syn-proxy syn-cookieset flow reverse-route clear-text peferset flow reverse-route tunnel alwaysset flow no-tcp-seq-checkset nsrp cluster id 1set nsrp rto-mirror syncset nsrp rto-mirror session ageout-ackunset nsrp rto-mirror session pingset nsrp vsd-group id 0 priority 20set nsrp vsd-group id 0 monitor interface ethernet1/1 set nsrp monitor track-ip ipset nsrp monitor track-ip ip x.x.x.x threshold 10set nsrp vsd-group master-always-existset ntp no-ha-syncset syslog enableset syslog config "x.x.x.x"set syslog config " x.x.x.x " facilities local0 local0set snmp community "xxx" Read-Only Trap-on version v1set snmp host "bbb" y.y.y.y 255.255.255.255 trap v2set snmp name xxxxset snmp port listen 161set snmp port trap 162set pki authority default scep mode "auto"set pki x509 default cert-path partialset ike respond-bad-spi 1unset ike ikeid-enumerationunset ike dos-protectionunset ipsec access-session enableset ipsec access-session maximum 5000set ipsec access-session upper-threshold 0set ipsec access-session lower-threshold 0set ipsec access-session dead-p2-sa-timeout 0unset ipsec access-session log-errorunset ipsec access-session info-exch-connectedunset ipsec access-session use-error-logset interface tunnel.1 zone untrustset interface tunnel.1 ip unnumbered interface ethernet3set ike gateway To_Paris address 2.2.2.2 main outgoing-interface ethernet3 preshare h1p8A24nG5 proposal pre-g2-3des-shaset vpn Tokyo_Paris gateway To_Paris sec-level compatibleset vpn Tokyo_Paris bind interface tunnel.1set vpn Tokyo_Paris proxy-id local-ip 10.1.1.0/24 remote-ip 10.2.2.0/24 anywebConfiguration > Date/Time > Configuration > Date/Time > Configuration > Date/Time > Set Time Zone_hours_minutes from GMT Configuration > Date/Time>Primary Server IP/Name: X.X.X.X Configuration > Date/Time>Backup Server1 IP/Name: X.X.X.X Configuration > Date/Time>Backup Server2 IP/Name: X.X.X.X Configuration >Date/Time>Automatically synchronize with an Internet Time Server (NTP): ( 选择 )Maximum time adjustment seconds:0Network > Routing > Virtual Routers > Edit ( 对于 trust-vr):Shared and accessible by other vsys ( 选择 )Network > Routing > Virtual Router > Edit ( 对于 trust-vr): 取消选择Auto Export Route to Untrust-VR,然后单击 OK。
Juniper路由器配置命令介绍
层级子层级systemrouting-options loopbackPOSGEinterfaceprotocolISISOSPFBGPMPLS-RSVP/LDP MPLS-FRRMPBGPMPLS-VPN COS功能项set system hostname hostnameset system root-authentication plain-text-passwordset system login user lab class super-user authentication plain-text-passwordset system services telnet/ftp/name-ser dns-adds et interface lo0 description descriptionset interface lo0 unit 0 family inet address ip-addressset interface lo0 unit 0 family iso address iso-addressset interface so-slot/pic/port description descriptionset interface so-slot/pic/port mtu mtu-numberset interface so-slot/pic/port hold-time up ms down msset interface so-slot/pic/port encapsultation pppset interface so-slot/pic/port sonet-options fcs [32|16]set interface so-slot/pic/port sonet-options payload-scrambler set interface so-slot/pic/port sonet-options rfc-2615set interface so-slot/pic/port unit 0 family inet address ip-addressset interface so-slot/pic/port unit 0 family isoset interface so-slot/pic/port unit 0 family mplsset interface ge-slot/pic/port description descriptionset interface so-slot/pic/port mtu mtu-numberset interface so-slot/pic/port hold-time up ms down msset interface ge-slot/pic/port unit 0 family inet address ip-addressset interface ge-slot/pic/port unit 0 family isoset interface ge-slot/pic/port unit 0 family mplsset routing-options router-id router-idset routing-options autonomous-system as-numberset routing-options static route network/mask next-hop addressset protocols isis level [ 1 | 2 ] interfaceinterface.logical-numberset protocols isis lsp-lifetime secondsset protocols isis export export-policyset protocols isis spf-delay msset protocols isis rib-group inet rg-nameset protocols isis traffic-engineering shortcutsset protocols isis level [ 1 | 2 ] wide-metrics-onlyset protocols isis level [ 1 | 2 ] preference numberset protocols isis level [ 1 | 2 ] external-preference number set protocols isis level [ 1 | 2 ] disableset protocols isis interface interface-name lsp-interval msset protocols isis interface interface-nam level [ 1 | 2 ] metric numberset protocols isis interface interface-nam level [ 1 | 2 ]hello-interval secondsset protocols isis interface interface-nam level [ 1 | 2 ]hold-time secondsset protocols isis interface interface interface-nam passive set protocols ospf area XX interface interface.logical-number set protocols ospf interface interface.logical-number metric numberset protocols ospf interface interface interface.logical-number passivset protocols ospf traffic-engineeringset protocols bgp interface interface.logical-numberset protocols bgp group group-nameset protocols bgp group group-name type external/internalset protocols bgp group group-name peer-as 1234set protocols bgp group group-name neighbor X.X.X.Xset protocols bgp hold-time secondsset protocols bgp mtu-discoveryset protocols bgp out-delay secondsset protocols bgp log-updownset protocols bgp dampingset protocols bgp group group-name description descriptionet protocols bgp group group-name local-address group-namelocal-address addressset protocols bgp group group-name family inet anyset protocols bgp group group-name neighbor address description descriptionset interfaces interface.logical-number family mplsset protocols mpls interface.logical-numberset protocols ldp interface.logical-numberset protocols rsvp interface.logical-numberset protocols mpls label-switched-path test to 10.0.9.7set protocols mpls label-switched-path test ldp-tunnelingset protocols mpls label-switched-path test link-protectionset protocols rsvp interface so-0/0/3.0 link-protectionset protocols bgp group group-name family [inet|inet-vpn|inet6|inet6-vpn|l2vpn]set routing-instances instance-nameset routing-instances instance-name instance-type VRFset routing-instances instance-name interface interface-number set routing-instances instance-name route-distinguisher xxxx set routing-instances instance-name vrf-target target:xxxx:yyyy set routing-instances instance-name routing-options static route x.x.x.x/z next-hop x.x.x.xset routing-instances instance-name protocols ospf area XX interface interface-name.logical-numberset routing-instances instance-name protocols ospf export bgp-ospfset policy-options policy-statement bgp-ospf term 1 from protocol bgpset policy-options policy-statement bgp-ospf term 1 then accept命令解释备注配置设备名必选 为root帐户设置密码新建用户名为lab的帐户,并设定密码配置路由器Telnet/ftp/dns服务配置端口描述配置IP地址配置ISO地址配置端口描述配置端口MTU配置端口up/down的damping时间配置端口封装为PPP配置端口FCS的位数配置端口打开payload-scrambler配置端口FCS 32,打开payload-scrambler,C2字节为0x16配置IP地址端口允许运行ISIS端口允许运行mpls配置端口描述配置端口MTU配置端口up/down的damping时间配置IP地址端口允许运行ISIS端口允许运行mpls配置路由器Router-ID配置路由器的AS号码配置静态路由配置聚合路由配置ISIS接口并将接口加入到相应的ISIS LEVEL里必选 配置IS-IS的存活时间,LSP的refresh 时间为lsp-lifetime-317秒配置IS-IS的路由分发策略配置IS-IS的SPF的延迟配置IS-IS使用的路由组配置IS-IS使用TE的shortcuts配置IS-IS的Level使用wide-metric---支持TE必选配置IS-IS内部路由的管理距离配置IS-IS外部路由的管理距离配置IS-IS禁止运行Leve 1或者2配置IS-IS端口发送LSP的间隔配置IS-IS端口的Metric值配置IS-IS端口的IIH的间隔时间配置IS-IS端口的Hold时间配置IS-IS端口运行Passive模式配置OSPF接口并将接口加入到相应的OSPF AREA里必选 配置OSPF端口的Metric值配置OSPF端口运行Passive模式配置OSPF支持流量工程(启用OPAQUE LSA)配置o spf端口的IIH的间隔时间配置BGP接口必选 配置BGP组必选 设定BGP组为EBGP或IBGP必选 设定本组内的neighbor的AS号码必选 设定本组内neighbor的session IP地址必选 配置BGP的Hold-timer时间,Hello时间自动调整为Hold-time的1/3配置BGP的TCP进程的MSS为路径的最大值配置BGP的的路由发送延迟配置路由器纪录BGP的邻居up/down的变化配置BGP路由启用Damping算法配置BGP的组的描述配置和BGP的组内的邻居进行通讯的时候使用的本地地址配置BGP的Group内的邻居允许运行unicast 和multicast配置BGP的邻居的描述端口允许运行mpls配置将接口加到MPLS协议组里配置将接口加到LDP协议组里配置将接口加到rsvp协议组里配置名称为test的RSVP signaled LSP, 此LSP终结点为10.0.9.7在LDP TUNNEL的路由器上配置名称为test的RSVPsignaled, LSP使得LDP能够穿越RSVP LSP启用保护的LSP保护选项在RSVP协议里,启用保护选项配置本group下的BGP session的属性,inet是启用IP路由支持,此项为默认启用,inet-vpn是启用l3mbgp-vpn路由支持,启用任意非INET属性,会将inet禁用配置routing-instances配置routing-instances的VRF将逻辑接口加入到routing-instances里配置RD,确认RD在整个routing-instance里是唯一的配置RT,确认RT在整个routing-instance里是唯一的,并且同一个routing-instance里的多个PE上RT要相同配置PE-CE之间的静态路由,这里要注意,在PE-CE之间为以太网连接的情况下,一定要加一个特定的静态路由,目的地址为PE-CE之间的互联的IP子网,下一跳地址为对端CE的接口IP地址配置PE-CE之间的OSPF路由,这里要注意,一定要加一个特定的POLICY,目的是为了将从对端PE学到的VPN路由注入PE-CE之间运行的OSPF协议,使得两端的CE互相能学到对方的路由。
Juniper路由器配置命令介绍
Juniper路由器配置命令介绍本文档是关于Juniper路由器配置命令的介绍,旨在帮助用户快速了解和使用Juniper路由器的各种命令。
以下是文档的详细内容。
第一章:登录和基本配置1.登录Juniper路由器- 进入路由器的命令行界面- 输入用户名和密码进行登录2.基本配置命令- 配置路由器的主机名- 配置管理接口的IP地质- 设置路由器的时钟- 保存配置更改第二章:接口配置1.配置物理接口- 激活和禁用接口- 配置接口IP地质- 配置接口子网掩码- 配置接口速率和双工模式- 配置接口上的ACL(访问控制列表)2.配置逻辑接口- 配置VLAN接口- 配置子接口- 配置隧道接口第三章:路由配置1.配置静态路由- 添加静态路由- 删除静态路由- 配置默认路由- 查看路由表2.配置动态路由- 配置OSPF(开放最短路径优先)协议 - 配置BGP(边界网关协议)协议- 配置RIP(路由信息协议)协议第四章:安全配置1.配置防火墙规则- 添加入站规则- 添加出站规则- 配置地质转换(NAT)2.配置VPN- 配置IPSec VPN- 配置SSL VPN第五章:监控和故障排除1.监控命令- 查看接口状态- 查看路由器 CPU 和内存使用情况 - 查看硬盘使用情况2.故障排除命令- 执行连通性测试- 查看日志信息- 跟踪路由本文档涉及附件:附件1:Juniper路由器配置示例文件(示例配置文件,供参考使用)本文所涉及的法律名词及注释:1.ACL(访问控制列表):用于控制网络流量的一种机制,可以限制特定源IP地质或目的IP地质的访问权限。
2.OSPF(开放最短路径优先):一种用于动态路由选择的内部网关协议,使用最短路径优先算法确定最佳路由。
3.BGP(边界网关协议):一种用于在互联网自治系统之间交换路由信息的外部网关协议。
4.RIP(路由信息协议):一种用于在小型网络中交换路由信息的距离矢量路由协议。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
#---表示翻译不一定准确*---表示常用命令>get ?Address show address book显示地址信息admin show admin information 显示管理员信息alarm show alarm info 显示报警信息alg application layer gateway information 应用层网关信息alg-portnum get ALG port num 获得ALG接口号码alias get alias definitions 得到别名定义arp show ARP entries 显示ARP记录asp aspattack show attacks 显示攻击信息auth show authentication information 显示登陆信息认证信息auth-server authentication server settings 认证服务器设置backu4p backup information 备份信息chassis show chassis information 显示机架信息(机架温度….)clock show system clock 显示系统时钟config show system configuration 显示系统配置信息console show console parameters 显示控制台参数设置counter show counters 显示计数器仪表di get deep inspection parameters 深入检测参数dialer get dialer information 得到拨号器信息dip show all dips in a vsys or root 显示所有dip里的虚拟系统或者根dip-in show incoming dip table info 显示进入DIP表的信息dns show dns info 显示DNS信息domain show domain name 显示域名dot1x display global configuration 显示全局配置driver show driver info 显示驱动信息envar show environment variables 显示环境变量信息event show event messages 显示事件消息file show file information 显示文件信息firewall show firewall protection information 显示防火墙保护信息gate show gate info 阀门信息显示global-pro global-pro settings 全局设置 #group show groups 显示组信息group-expression group expressions details 组的表达方式详细信息hostname show host name 显示主机名igmp IGMPike get IKE info 得到密钥信息infranet Infranet Controller configuration Infranet控制器配置interface show interfaces 显示接口信息ip get ip parameters 获得IP参数ip-classification Show IP classification 显示IP分类ippool get ippool info 得到IP地址池信息ipsec get ipsec information 得到安全协议的信息irdp show IRDP status 显示IRDP的状态地位l2tp get l2tp information 得到L2TP的信息license-key get license key info 得到许可证密钥信息log show log info 显示日志信息mac-learn show mac learning table 透明模式下显示MAC地址信息memory show memory info 显示内存信息mip show all mips in a vsys or root 显示所有MIP的虚拟系统或者根multicast-group-policy multicast group policy 多播组策略nrtp show nrtp information 显示NRTP信息nsmgmt show NSM agent status/configuration 显示NSM代理/配置状态nsrp show nsrp info 显示冗余协议信息ntp get ntp parameters 得到NTP参数os show task information 显示任务信息password-policy password policy 密码策略performance get performance info 获得性能信息pim show global PIM-SM information 显示全球sm信息 #pki show the pki settings 显示pki 设置参数policy show policy 显示策略信息ppp get PPP settings 得到PPP设置参数pppoe how pppoe configuration and statistics 如何配置和统计pppoe # proxy-id vpn proxy-id setting vpn 代理ID的设置信息rm show resource management info 显示资源管理信息route show routes in a vrouter 查看路由信息sa show security association 显示安全协议sa-filter config debug message per SA filter 过滤器 #scheduler show scheduler 显示虚拟机信息scp show SCP status 显示SCP 状态service show service book 显示服务目录session show all sessions 显示所有会话信息snmp show SNMP information 显示简单网络管理协议的信息snmpwalk snmp walk ?socket show socket info 显示插座信息ssh show SSH status 显示SSH 状态ssl show ssl info 显示ssl 信息syslog show syslog information 显示系统日志信息system show system info 显示系统信息tech-support show tech support information 显示技术支持信息timer show timer info 显示时钟计时器信息traffic-shaping show traffic shaping info 显示传输形成信息 #url show url filter information 显示 URL 过滤信息user show user 显示用户信息user-group user group settings 用户组设置vip show virtual IP info 显示虚拟IP信息vpn show vpn session 显示VPN会话信息vpn-group Keyword for showing vpn group setup vpn关键字组的设置vpnmonitor show vpn monitor parameters显示vpn监控参数vrouter show virtual router info 显示虚拟路由器信息webauth webauth settings webauth设置webtrends show webtrends information 显示电子商务信息xauth get xauth information 得到扩展认证的信息xlate show xlate ctx infozone configure zone 配置区域> ?Clear clear dynamic system info 清晰的动态系统信息Delete delete persistent info in flash 删除信息:在flash中持续exec exec system commands 执行系统命令exit exit command console 退出命令控制台get get system information 获得系统信息mtrace multicast traceroute from source to destination 多播traceroute从来源到目的地ping ping other hostreset reset system 重启系统save save command 保存命令set configure system parameters 配置系统参数命令trace-route trace route 跟踪路由到目的地址unset unconfigure system parameters 删除系统配置参数>clear ?admin clear admin information 清除的管理员信息alarm clear alarm infoalg application layer gateway information 应用层网关信息arp clear ARP entries in the current vsys 明确在当前vsys ARP条目auth clear user authentication table 清除用户认证表cluster cluster option 集群选择config clear config related setting 清除相关配置设定counter clear counters 清除接口计数器dbuf clear debug buffer 清除debug 缓冲器dhcp clear dhcp 清除dhcpdip-in clear incoming dip entries 清除进入dip条目dns clear dns cache table 清除dns缓存服务器dot1x clear info 清除信息event clear event messages 清除事件消息igmp IGMPike Clear IKE info 清除 IKE 信息ike-cookie clear ike cookieinterface clear interfaces 清除接口ippool clear ippool info 清除ip地址池信息ipsec get ipsec information 得到网际协议安全信息l2tp clear l2tp 清除 2层隧道协议log clear log info 清除日志信息mac-learn clear mac learning tablemulticast clear multicast informationnrtp clear nrtp resourcesnsrp clear nsrp infopppoe clear pppoe statisticssa clear sa ike valuesa-statistics clear statistics in security associationsession clear session tablesnmp clear snmptraffic-shaping clear traffic shaping paramtersvrouter clear vrouter param> delete ?Cluster cluster option 删除集群选择Crypto delete crypto info 删除密码信息file delete a file 删除一个文件node_secret clear SecurID stored node secret 清除存储节点SecurID秘密nsmgmt delete nsmgmt private/public keys 删除nsmgmt私人和公共钥匙pki delete a PKI object 删除一个PKI对象ssh delete SSH 删除 SSHccie-> exec ?admin exec ADMIN commands 执行管理员命令alg application layer gateway information 执行应用层网关信息attack-db perform attack database update or checking数据库进行更新或攻击的检查auth user authentication actions 用户身份认证的行为backup exec backup command 执行备份命令config config exec command 配置执行命令dhcp exec dhcp command执行dhcp命令dialer exec dialer commands 执行拨号器命令dns refresh all dns entries 刷新所有dns条目igmp IGMPike IKE exec commands 执行密钥命令infranet Infranet Confroller configurationinterface Interface configuration 执行接口配置license-key set feature configuration 设置功能配置log exec log commands 执行日志命令modem exec modem Hayes Command Set 执行的命令集现代海耶斯nsrp exec nsrp commandsntp exec ntp command执行nsrp命令password perform password verification 执行密码验证pki PKI exec commands 执行命令policy policy verify 执行策略验证pppoe maintain pppoe connection 保持pppoe连接proxy-id exec proxy id update command执行代理身份更新命令save save command 保存命令ssh exec SSH commands 执行 SSH 命令switch test switch module 测试交换机模块syslog syslog configuration 执行系统日志配置usb-device exec usb command 执行USB 命令vrouter execute vrouter commands 虚拟路由命令ccie-> exit ?<return><string>> mtrace ?由源向目标跟踪解析组播地址路径destination mtrace to the destination mtrace到目的地source mtrace from source mtrace从源> ping ?<return><string> host name> reset ?<return>no-prompt no confirmation 无法确认save-config save configurations 保存配置> save ?<return>attack-db save attack database 保存攻击数据库config save configurations 保存配置image-key save image key 保存关键图像software save software 保存软件ccie-> set ?address define address book entry 定义通讯录条目admin admin commandalarm set alarm parameters 参数设置闹钟alg attach algalias set alias 设置别名arp set arp entries arp条目集attack set attack 设置攻击auth user authentication settings 用户认证设置auth-server authentication server settings 认证服务器设置clock system clock adjustment 系统时钟调整common-criteria Common Criteria function 普遍的标准功能config set/unset config 设置/删除配置console console parameters 控制台参数dbuf set debug buffer 缓冲设置调试di set deep inspection parameters 深度检测参数设置dialer set dialer parameters 拨号器参数设置dip port-translated dip attribute & dip group configuration dns dns configuration dns配置domain domain name 域名envar set environment variables 设置环境变量ffilter flow filter configuration 流过滤配置fips-mode FIPS mode functionfirewall enable firewall protection 使防火墙保护flow flow configuration 流程配置group define address/ser vice groups 定义地址/ ser副组group-expression group expression details 集团表达细节hostname name of this host 主机名ike config Internet Key Exchange 配置网络匙交换infranet Infranet Controller configuration Infranet控制器配置interface interface command接口命令ip set ip parameters设置IP参数ippool ippool settingsipsec set ipsec access sessionl2tp l2tp configuration l2tp配置license-key license-key 密钥许可证log set log config 配置日志信息mac configure static mac entry into mac learning table 配置静态mac进入MAC 学习表multicast-group-policy multicast group policy 多播组策略nsmgmt set NSM agent configuration NSM代理配置设置nsrp NetScreen Redundancy Protocol command NetScreen冗余协议命令ntp set ntp parameters ntp参数设置password-policy password policy 密码策略pki PKI Configuration PKI配置policy policy configuration 策略配置ppp set PPP settings 设置PPP设置pppoe pppoe configuration pppoe配置proxy-id vpn proxy-id setting vpn proxy-id设置sa-filter config debug message per SA filter 配置调试信息/ SA的过滤器scheduler scheduler parameters 调度参数scp set SCP 集单片机service service configuration 服务配置snmp snmp command snmp(简单网络管理协议)命令ssh set SSHssl set ssl configuration ssl配置设置syslog syslog configuration syslog配置tftp tftp settings 配置设置timer timer configurationtraffic-shaping set traffic shaping infourl Web filtering configuration 网页过滤配置user user database 用户数据库user-group user group settings 用户组设置vip virtual ip configuration虚拟ip配置vpn vpn configuration vpn配置vpn-group Keyword for define vpn group 为定义vpn关键字组vpnmonitor vpn monitor parameters vpn监测参数vrouter configure vrouter 配置vrouterwebauth webauth settings webauth设置webtrends webtrends configurat ionxauth xauth configurationzone configure security zone 配置的安全地带。