1.1.主机名配置
groups { re0 { system { host-name ××××; // 配置设备主引擎名字 } } re1 { system { host-name ×××××; // 配置设备备引擎名字 } } apply-groups [ re0 re1 ]; //提交配置组 |
1.2.双引擎可靠性配置
chassis { redundancy { failover on-loss-of-keepalives; //2s内未收到keepalive触发主备引擎切换 failover on-disk-failure; // 硬盘故障触发主备引擎切换 graceful-switchover; // 开启主备引擎平滑切换 } } |
1.3.管理员配置
system { root-authentication { //配置根用户密码 encrypted-password "!@#¥%……&×()"; ## SECRET-DATA } login { user lab { //添加管理用户admin class super-user; authentication { encrypted-password "!@#¥%……&×()"; ## SECRET-DATA } } } } |
1.4.Radius用户认证
system { authentication-order [ radius password ]; //采用RADIUS优先方式验证,RADIUS不可达使用本地认证 radius-server { // radius-server地址为10.0.0.3,并配置通信密钥 10.0.0.3 secret "!@#¥%……&×()"; ## SECRET-DATA } |
1.5.SSH配置
system { services { ssh; //开启SSH服务 } } |
1.6.Syslog配置
syslog { archive size 1m files 5; user * { any emergency; } file messages { //本地log文件messages any notice; //抓取任意通告信息 authorization info; //授权信息 } file interactive-commands { //抓取任意交换式命令 interactive-commands any; } host 10.1.1.1 { //syslog server地址 any notice; } file messages { authorization info; } source-address sourc_addr; //发送log的源地址,推荐LOOPBACK地址 |
1.7.设置NTP服务器
system { time-zone Asia/Shanghai; //设置所在时区 ntp { server 10.128.1.251 prefer; //优选的NTP-SERVER server 10.128.1.250; } } |
1.8.SNMP配置
snmp { community " 1234567 " { authorization read-only; //添加只读字符串1234567 } community "1234567" { //添加读写字符串1234567 authorization read-write; } }
|
1.9.安全加固配置
firewall { filter manage { //定义名字为manage的filter term 1 { from { source-address { addr/msk; //允许访问的地址段 } then accept; } } lo0 { unit 0 { family inet { filter { input manage; //在lo0.0调用filter } } }
system { ports { console log-out-on-disconnect; //拔出CONSOLE线后,操作用户自动登出 } login { retry-options { tries-before-disconnect 3; //限制密码重试次数为3,超出后需重新连接 } } |