juniper(接入层配置)

最新推荐文章于 2024-06-27 15:45:38 发布
最新推荐文章于 2024-06-27 15:45:38 发布
阅读量1.9k 收藏 2
点赞数 1
文章标签: 数据库 服务器 运维
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_37200978/article/details/128326766
版权

关闭自动更新:delete chassis auto-image-upgrade

eve的juniper修改密码不顶用的,我这里是添加admin的密码之后,commit报错,再添加root密码,才能够正确修改。操作如下:

set system login idle-timeout 5
set system login user admin uid 2004
set system login user admin class super-user
set system login user admin authentication encrypted-password admin.123

set system root-authentication encrypted-password

注意的地方:

进入配置模式尽量要configure private 命令进去,这个视图下配置的命令只有你commit才会生效,而edit进入的配置是所有人commit都会生效,如果多人登录设备,你在配置。别人commit会存在风险。

允许远程执行Python op脚本

set groups phcd_user_script system scripts op allow-url-for-python
set groups phcd_user_script system scripts language python
set apply-groups phcd_user_script

设置系统提交同步:set system commit synchronize 

添加用户

set system login idle-timeout 5
set system login user admin uid 2004
set system login user admin class super-user
set system login user admin authentication encrypted-password admin.123

允许rootssh登录:set system services ssh root-login allow
启用telnet服务:set system services telnet
设置用户名:set system host-name juniper-6666
设置时区:set system time-zone Aisa/地点

设置系统syslog用户*任何紧急情况:set system syslog user * any emergency

设置系统syslog文件消息任何通知:set system syslog file messages any notice
设置系统syslog文件消息授权信息:set system syslog file messages authorization info
设置系统syslog文件交互命令交互命令任意:set system syslog file interactive-commands interactive-commands any

设置DHCP服务启用:set system processes dhcp-service enable
set system processes dhcp-service traceoptions file dhcp_logfile
set system processes dhcp-service traceoptions file size 10m
set system processes dhcp-service traceoptions level all
set system processes dhcp-service traceoptions flag all

配置二层接口、带宽限速
set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 1100
set interfaces ge-0/0/1 unit 0 family ethernet-switching filter input ge-0/0/1_input
set interfaces ge-0/0/1 unit 0 family ethernet-switching filter output ge-0/0/1_output
set interfaces ge-0/0/1 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/1 speed 1g

set firewall family ethernet-switching filter ge-0/0/1_input interface-specific
set firewall family ethernet-switching filter ge-0/0/1_input term ge-0/0/1_input then policer ge-0/0/1_input
set firewall family ethernet-switching filter ge-0/0/1_output interface-specific
set firewall family ethernet-switching filter ge-0/0/1_output term ge-0/0/1_output then policer ge-0/0/1_output

set firewall policer ge-0/0/1_input if-exceeding bandwidth-limit 30m
set firewall policer ge-0/0/1_input if-exceeding burst-size-limit 128k
set firewall policer ge-0/0/1_input then discard
set firewall policer ge-0/0/1_output if-exceeding bandwidth-limit 100m
set firewall policer ge-0/0/1_output if-exceeding burst-size-limit 128k
set firewall policer ge-0/0/1_output then discard

配置互联接口set interfaces ge-0/2/3 unit 0 family inet address 172.16.1.1/30

配置网关地址
set interfaces irb unit 1100 family inet address 100.110.32.30/27
set interfaces irb unit 1100 family inet address 100.110.32.30/27
set interfaces irb unit 1100 family inet address 100.110.32.30/27

配置loop0口和dhcp配置,snmp配置、ssh、telnet配置
set interfaces lo0 unit 0 family inet filter input local_Filter
set interfaces lo0 unit 0 family inet address 172.16.1.1/32
set interfaces vme unit 0 family inet dhcp
set firewall family inet filter local_Filter term dhcp-client-accept from source-address 0.0.0.0/0
set firewall family inet filter local_Filter term dhcp-client-accept from destination-address 255.255.255.255/32
set firewall family inet filter local_Filter term dhcp-client-accept from protocol udp
set firewall family inet filter local_Filter term dhcp-client-accept from source-port 68
set firewall family inet filter local_Filter term dhcp-client-accept from destination-port 67
set firewall family inet filter local_Filter term dhcp-client-accept then count dhcp-client-accept
set firewall family inet filter local_Filter term dhcp-client-accept then accept
set firewall family inet filter local_Filter term dhcp-server-accept from protocol udp
set firewall family inet filter local_Filter term dhcp-server-accept from source-port 67
set firewall family inet filter local_Filter term dhcp-server-accept from source-port 68
set firewall family inet filter local_Filter term dhcp-server-accept from destination-port 67
set firewall family inet filter local_Filter term dhcp-server-accept from destination-port 68
set firewall family inet filter local_Filter term dhcp-server-accept then count dhcp-server-accept
set firewall family inet filter local_Filter term dhcp-server-accept then accept
set firewall family inet filter local_Filter term snmp_permit from source-address 10.10.10.10/32
set firewall family inet filter local_Filter term snmp_permit from protocol udp
set firewall family inet filter local_Filter term snmp_permit from port snmp
set firewall family inet filter local_Filter term snmp_permit then count snmp_permit
set firewall family inet filter local_Filter term snmp_permit then accept
set firewall family inet filter local_Filter term snmp_block from protocol udp
set firewall family inet filter local_Filter term snmp_block from port snmp
set firewall family inet filter local_Filter term snmp_block then count snmp_permit
set firewall family inet filter local_Filter term snmp_block then discard
set firewall family inet filter local_Filter term allow-telnet from source-address 10.10.0.0/16
set firewall family inet filter local_Filter term allow-telnet from source-address 15.15.15.0/24
set firewall family inet filter local_Filter term allow-telnet from protocol tcp
set firewall family inet filter local_Filter term allow-telnet from port telnet
set firewall family inet filter local_Filter term allow-telnet from port ssh
set firewall family inet filter local_Filter term allow-telnet then log
set firewall family inet filter local_Filter term allow-telnet then accept
set firewall family inet filter local_Filter term block-telnet from protocol tcp
set firewall family inet filter local_Filter term block-telnet from port telnet
set firewall family inet filter local_Filter term block-telnet from port ssh
set firewall family inet filter local_Filter term block-telnet then log
set firewall family inet filter local_Filter term block-telnet then discard
set firewall family inet filter local_Filter term default_accept then accept

snmp配置
set snmp v3 usm local-engine user snmpuser authentication-md5 authentication-key "xxxxxxxx"
set snmp v3 usm local-engine user snmpuser privacy-none
set snmp v3 vacm security-to-group security-model v2c security-name snmpuser group snmpuser
set snmp v3 vacm security-to-group security-model usm security-name snmpuser group snmpuser
set snmp v3 vacm access group snmpuser default-context-prefix security-model any security-level authentication read-view all
set snmp v3 snmp-community snmpuser community-name "xxx"
set snmp v3 snmp-community snmpuser security-name snmpuser
set snmp community public_32 authorization read-only

设置转发选项风暴控制配置文件默认所有
set forwarding-options storm-control-profiles default all

DHCP配置
set forwarding-options dhcp-relay overrides bootp-support
set forwarding-options dhcp-relay forward-only
set forwarding-options dhcp-relay server-group idc 101.1.1.1
set forwarding-options dhcp-relay server-group idc 101.1.1.2
set forwarding-options dhcp-relay server-group idc 101.1.1.3
set forwarding-options dhcp-relay active-server-group idc
set forwarding-options dhcp-relay group idc overrides
set forwarding-options dhcp-relay group idc forward-only
set forwarding-options dhcp-relay group idc interface irb.1100
set forwarding-options dhcp-relay group idc interface irb.1101
set forwarding-options dhcp-relay group idc interface irb.1102

静态路由
set routing-options static route 0.0.0.0/0 next-hop 172.10.1.1

LLDP配置
set protocols lldp interface all
set protocols lldp-med interface all

igmp和rstp配置
set protocols igmp-snooping vlan default
set protocols rstp interface all

创建二层vlan、三层vlan
set vlans L2_1100 vlan-id 1100
set vlans L2_1100 l3-interface irb.1100
set vlans L2_1101 vlan-id 1101
set vlans L2_1101 l3-interface irb.1101
set vlans L2_1102 vlan-id 1102
set vlans L2_1102 l3-interface irb.1102

配置默认vlan和mgt vlan
set vlans default vlan-id 1
set vlans default l3-interface irb.0
set vlans mgt vlan-id 3000
set vlans mgt l3-interface irb.3000
 

橙子配
关注
Juniper路由器配置手册
09-04
Juniper 路由器配置手册,包含很多高级特性,网络协议,QOS等
JUNIPER 最基本的配置图解
08-17
JUNIPER防火墙的最基本的配置图解,高深的没有,只是基础的,针对第一次接触juniper的人员
juniper防火墙配置内网接口配置dhcp
最新发布
qq_40789059的博客
06-27 336
juniper dhcp分配
Juniper交换机配置命令_学习笔记
热门推荐
xiaomai_baby的博客
06-09 1万+
conf 进入配置模式 show configuration |display set 查看全部配置 show lldp neighbors 查看LLDP邻居 show chassis alarms 查看机箱告警 show sytem alarms 查看系统告警 show vlans 查看vlan show int terse 查看接口状态 show eth table 查看端口及mac地址 show eth table | mach mac后可加IP地址或mac地址 set
juniper EX系列交换机VLAN配置操作
it知识分享 free for nothing..
12-04 1842
juniper EX系列交换机VLAN配置操作
junipervlan配置
春风得意,马蹄仍急;少年豪情,一笑难回。
03-04 4832
1:set vlans changzhoudaxuevlan vlan-id 1801 2:set interfaces xe-1/0/2 unit 0 family ethernet-switching port-mode trunk 3:set interfaces xe-1/0/2 unit 0 family ethernet-switching vlan members changzh
Juniper基础系列之——vlan的建立
玩物
04-11 9579
VLAN是交换机最重要的一个功能。EX交换机关于VLAN配置的菜单有三,首先是vlans菜单次,在vlans(通过edit vlans可以进入vlans菜单里面)里面可以创建vlan,而创建vlan的时候可以指定名字和vlan id。 在EX端口下面,可以指定该端口属于哪个VLAN。 EX交换机支持三功能,如果要在交换机上配置VLAN 网关,需要先创建一个vlan interfac
juniper srx 100如何进入配置界面
weixin_34187862的博客
07-21 389
最近公司连接集团的MPLS×××的CE出现故障,ce是采用juniper SRX100配置的,但是原来配置的人跑了,有没有留下配置相关信息,只好花钱请了一个高人过来解决.于是乎下了个SRX的模拟机来练练,虚拟机装好了之后呢怎么进入配置界面呢?1、首先输入UN,PW好像属什么东西都认不到哦2、输入:cli进入命令行界面3、输入:configure就可以进入配置界面了哦 ...
Juniper交换机基本的VLAN划分及路由设置[收集].pdf
10-11
Juniper交换机基本的VLAN划分及路由设置[收集].pdf
A07-第三方操作系统-设备接入SIP配置指导.pdf
09-24
A07-第三方操作系统-设备接入SIP配置指导 本文档旨在指导第三方操作系统设备如何接入SIP(Session Initiation Protocol,会话初始协议)网络,实现设备之间的通信和信息交换。下面将详细介绍SIP协议、设备接入配置...
Juniper MX接口栈介绍.pdf
10-11
Juniper MX系列路由器中,接口栈是网络设备配置和管理接入用户的关键组成部分。本文将深入探讨接口栈的概念,以及不同类型的接口如何协同工作来提供服务。为了简化讲解,我们不涉及诸如接口过滤器、QoS(服务质量...
juniper产品介绍-juniper ex3300交换机快速入门.pdf
07-11
Juniper EX3300 是一款高性能的以太网交换机,专为数据中心和企业网络设计,提供高密度的接入功能。它支持多种网络技术,如PoE(Power over Ethernet)和虚拟化技术,能够满足不同环境的网络需求。 **二、安装...
juniper ex交换机 vlan qos配置
weixin_33882443的博客
11-15 451
set firewall policer connection-policer if-exceeding bandwidth-limit 100m set firewall policer connection-policer if-exceeding burst-size-limit 128k set firewall policer connecti...
juniper交换机配置
weixin_30583563的博客
08-22 703
1.链接串口配置: minicom -s ```bash Serial port setup A - Serial Device : /dev/ttyS1 |这个根据实际情况定 | B - Lockfile Location : /var/lock ...
juniper】EX2200交换机配置案例
u014022865的博客
02-03 1250
juniper EX交换机配置案例
Juniper SRX300系列 —— 防火墙基础配置详解
茉清语
08-17 2290
本文详解了juniper srx系列防火墙配置手册,内容清晰简要,对于不太了解juniper设备的同僚会有很大的帮助,请不要忘记点个赞哦
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值