設備初始化
1.1 初始登錄設備
#默認賬號和密碼:root/空
login: root
Password:
root@% cli //進入操作模式
root>
root> configure //進入配置模式(默認share)
1.2 基礎配置
#設置root用戶口令,首次登錄修改,方便后續操作
root@SRX# set system root-authentication plain-text-password
New password:
Retype new password:
root@SRX#show system root-authentication
#設置主機名
root@SRX#set system host-name SRX
#設置時間
root@SRX#set system time-zone Asia/Shanghai
root@SRX# run set date 201808251200.00
#設置DNS
root@SRX#set system name-server 114.114.114.114
#設置SNMP
root@SRX#set snmp client-list snmp_list 192.168.1.0/24
root@SRX#set snmp community juniper client-list-name snmp_list authorization read-only
----------------------遠程登錄管理----------------------
#超級用戶
root# set system login user admin class super‐user authentication plain‐text‐password //創建一個超級用戶admin
New password:
Retype new password:
#開啟telnet/ssh/web/ping服務
#全局服務
set system services ssh
set system services telnet
set system services web-management http interface ge-0/0/0.0
set system services web-management https interface ge-0/0/0.0
set system services web-management https system-generated-certificate
#放開內網telnet/ssh/web/ping服務
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services telnet
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services http
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services https
#或者放開所有服務
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services all
----------------------接口初始化配置----------------------
#傳統set接口配置
root# set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.111/24
#Edit配置
root# edit interfaces ge-0/0/0 unit 0 //進入接口GE-0/0/0
root# set family inet address 192.168.1.111/24
root#commit #保存配置
#SVI配置
root@SRX#set protocols l2-learning global-mode transparent-bridge //切換為透明牆需要重啟才能生效
root@SRXset vlans vlan10 vlan-id 10 //創建vlan
root@SRXset vlans vlan10 l3-interface irb.10 //創建三層vlan
root@SRXset interfaces irb unit 10 family inet address 192.168.10.254/24
root@SRXset interfaces ge-0/0/0 unit 0 family ethernet-switching interface-mode access //配置成acces模式
root@SRXset interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan10 //接口划入vlan10
#子接口配置
root@SRX# set interfaces ge-0/0/0 vlan-tagging
root@SRX# set interfaces ge-0/0/0 unit 10 vlan-id 10 family inet address 192.168.10.254/24
root@SRX# set security zones security-zone trust interfaces ge-0/0/0.10
#trunk接口配置
root@SRX# set interfaces ge-0/0/0 unit 10 family ethernet-switching port-mode trunk vlan members 10
root@SRX# set vlans vlan10 vlan-id 10 l3-interface vlan.10
root@SRX# set security zones security-zone trust interfaces ge-0/0/0.10
1.3 密碼恢復
#設備掉電重啟,看到如下提示按“空格”鍵:
Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [/kernel]...
#進入單用戶模式
loader>
loader>boot -s
#執行密碼恢復
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh:recovery
#刪除root密碼后重新設置root密碼,並保存配置重啟
root# delete system root-authentication
root# set system root-authentication plain-text-password
root# commit
root#exit
root> request system reboot
1.4 維護命令
-------------------------show命令----------------------------------
root@SRX> show configuration | display set | no-more //顯示set格式的當前配置
root@SRX> request system license add terminal //增加license key(Ctrl+D 結束)
root@SRX> show system license //查看license
root@SRX> show system license keys
root@SRX> show system processes extensive //查看進程
root@SRX# restart chassis-control gracefully //重啟進程
root@SRX# set cli screen-length 0 //不分屏
root@SRX> show system uptime //查看系統運行時間
root@SRX> show version //查看系統版本
root@SRX> show chassis routing-engine //查看引擎信息
root@SRX> show chassis environment //查看運行環境
root@SRX> show ntp status //查看NTP狀態
root@SRX> show ntp associations
root@SRX> show ospf neighbor //查看OSPF鄰居
root@SRX> show vrrp brief //查看VRRP狀態
root@SRX> show system alarms //查看系統告警
---------------------------快捷命令-------------------------------
root@SRX# load override 20180717.bak
root@SRX# exit //返回上一級
root@SRX#up //返回上一級
root@SRX#top //返回最高級
root@SRX# copy interfaces ge-0/0/2 to ge-0/0/3 //復制配置
root@SRX# delete interfaces ge-0/0/2 unit 0 //刪除某個接口配置
root@SRX# delete interfaces //刪除所有接口配置
root@SRX# delete vlan //刪除所有vlan配置
root@SRX# delete security //刪除所有security配置
root@SRX# wildcard delete interfaces ge-0/0/* //批量刪除
root@SRX# edit security nat source //刪除源NAT配置
root@SRX# rename rule-set trust-to-untrust to rule-set //重命名 inside-to-outside
root@SRX# replace pattern ge-0/0/2 with ge-0/0/3 //替換配置 //把ge-0/0/2替換成ge-0/0/3root@SRX# load override 20180717.bak
root@SRX# exit //返回上一級
root#up //返回上一級
root#top //返回最上級
root# copy interfaces ge-0/0/2 to ge-0/0/3 //復制配置
root# delete interfaces ge-0/0/2 unit 0 //刪除某個接口配置
root# delete interfaces //刪除所有接口配置
root# delete vlan //刪除所有vlan配置
root# delete security //刪除所有security配置
root# wildcard delete interfaces ge-0/0/* //批量刪除
root# edit security nat source //刪除源NAT配置
root# rename rule-set trust-to-untrust to rule-set //重命名 inside-to-outside
root# replace pattern ge-0/0/2 with ge-0/0/3 //替換配置 //把ge-0/0/2替換成ge-0/0/3
--------------------------回退命令---------------------------------
root# commit at "2018-6-24 12:30" //定義某個時間點提交配置
root> clear system commit //清除未被提交的配置
root# commit comment "Clear system config" //保存配置,自定義標簽
root# run show system commit
root# rollback 0 //回滾配置
root# commit confirmed //10分鍾之內需commit,否則回滾上一個配置
root# commit //確認提交
root@SRX# save 20180717.bak //保存配置
root@SRX# load override 20180717.bak //加載配置
root@SRX# load factory-default //恢復出廠設置(重啟后需設置root密碼)
------------------------系統相關命令------------------------------
root@SRX> request system reboot //重啟系統
root@SRX> request system power-off //關閉系統
root@SRX> request system license add terminal //增加license key(Ctrl+D 結束)
root@SRX> request support information | no-more //收集tech信息
------------------------功能模塊關閉-------------------------------
root@SRX# deactivate security policies //關閉安全策略模塊
root@SRX# deactivate security nat //關閉NAT模塊作者:點滴技術
鏈接:https://www.jianshu.com/u/0d9516fb4027
來源:簡書
著作權歸作者所有。商業轉載請聯系作者獲得授權,非商業轉載請注明出處。