SRX一些配置命令
设备初始化
1.1 初始登录设备
#默认账号和密码:root/空
login: root
Password:
root@% cli //进入操作模式
root>
root> configure //进入配置模式(默认share)
1.2 基础配置
#设置root用户口令,首次登录修改,方便后续操作
root@SRX# set system root-authentication plain-text-password
New password:
Retype new password:
root@SRX#show system root-authentication
#设置主机名
root@SRX#set system host-name SRX
#设置时间
root@SRX#set system time-zone Asia/Shanghai
root@SRX# run set date 201808251200.00
#设置DNS
root@SRX#set system name-server 114.114.114.114
#设置SNMP
root@SRX#set snmp client-list snmp_list 192.168.1.0/24
root@SRX#set snmp community juniper client-list-name snmp_list authorization read-only
----------------------远程登录管理----------------------
#超级用户
root# set system login user admin class super‐user authentication plain‐text‐password //创建一个超级用户admin
New password:
Retype new password:
#开启telnet/ssh/web/ping服务
#全局服务
set system services ssh
set system services telnet
set system services web-management http interface ge-0/0/0.0
set system services web-management https interface ge-0/0/0.0
set system services web-management https system-generated-certificate
#放开内网telnet/ssh/web/ping服务
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services telnet
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services http
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services https
#或者放开所有服务
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services all
----------------------接口初始化配置----------------------
#传统set接口配置
root# set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.111/24
#Edit配置
root# edit interfaces ge-0/0/0 unit 0 //进入接口GE-0/0/0
root# set family inet address 192.168.1.111/24
root#commit #保存配置
#SVI配置
root@SRX#set protocols l2-learning global-mode transparent-bridge //切换为透明墙需要重启才能生效
root@SRXset vlans vlan10 vlan-id 10 //创建vlan
root@SRXset vlans vlan10 l3-interface irb.10 //创建三层vlan
root@SRXset interfaces irb unit 10 family inet address 192.168.10.254/24
root@SRXset interfaces ge-0/0/0 unit 0 family ethernet-switching interface-mode access //配置成acces模式
root@SRXset interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan10 //接口划入vlan10
#子接口配置
root@SRX# set interfaces ge-0/0/0 vlan-tagging
root@SRX# set interfaces ge-0/0/0 unit 10 vlan-id 10 family inet address 192.168.10.254/24
root@SRX# set security zones security-zone trust interfaces ge-0/0/0.10
#trunk接口配置
root@SRX# set interfaces ge-0/0/0 unit 10 family ethernet-switching port-mode trunk vlan members 10
root@SRX# set vlans vlan10 vlan-id 10 l3-interface vlan.10
root@SRX# set security zones security-zone trust interfaces ge-0/0/0.10
1.3 密码恢复
#设备掉电重启,看到如下提示按“空格”键:
Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [/kernel]...
#进入单用户模式
loader>
loader>boot -s
#执行密码恢复
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh:recovery
#删除root密码后重新设置root密码,并保存配置重启
root# delete system root-authentication
root# set system root-authentication plain-text-password
root# commit
root#exit
root> request system reboot
1.4 维护命令
-------------------------show命令----------------------------------
root@SRX> show configuration | display set | no-more //显示set格式的当前配置
root@SRX> request system license add terminal //增加license key(Ctrl+D 结束)
root@SRX> show system license //查看license
root@SRX> show system license keys
root@SRX> show system processes extensive //查看进程
root@SRX# restart chassis-control gracefully //重启进程
root@SRX# set cli screen-length 0 //不分屏
root@SRX> show system uptime //查看系统运行时间
root@SRX> show version //查看系统版本
root@SRX> show chassis routing-engine //查看引擎信息
root@SRX> show chassis environment //查看运行环境
root@SRX> show ntp status //查看NTP状态
root@SRX> show ntp associations
root@SRX> show ospf neighbor //查看OSPF邻居
root@SRX> show vrrp brief //查看VRRP状态
root@SRX> show system alarms //查看系统告警
---------------------------快捷命令-------------------------------
root@SRX# load override 20180717.bak
root@SRX# exit //返回上一级
root@SRX#up //返回上一级
root@SRX#top //返回最高级
root@SRX# copy interfaces ge-0/0/2 to ge-0/0/3 //复制配置
root@SRX# delete interfaces ge-0/0/2 unit 0 //删除某个接口配置
root@SRX# delete interfaces //删除所有接口配置
root@SRX# delete vlan //删除所有vlan配置
root@SRX# delete security //删除所有security配置
root@SRX# wildcard delete interfaces ge-0/0/* //批量删除
root@SRX# edit security nat source //删除源NAT配置
root@SRX# rename rule-set trust-to-untrust to rule-set //重命名 inside-to-outside
root@SRX# replace pattern ge-0/0/2 with ge-0/0/3 //替换配置 //把ge-0/0/2替换成ge-0/0/3root@SRX# load override 20180717.bak
root@SRX# exit //返回上一级
root#up //返回上一级
root#top //返回最上级
root# copy interfaces ge-0/0/2 to ge-0/0/3 //复制配置
root# delete interfaces ge-0/0/2 unit 0 //删除某个接口配置
root# delete interfaces //删除所有接口配置
root# delete vlan //删除所有vlan配置
root# delete security //删除所有security配置
root# wildcard delete interfaces ge-0/0/* //批量删除
root# edit security nat source //删除源NAT配置
root# rename rule-set trust-to-untrust to rule-set //重命名 inside-to-outside
root# replace pattern ge-0/0/2 with ge-0/0/3 //替换配置 //把ge-0/0/2替换成ge-0/0/3
--------------------------回退命令---------------------------------
root# commit at "2018-6-24 12:30" //定义某个时间点提交配置
root> clear system commit //清除未被提交的配置
root# commit comment "Clear system config" //保存配置,自定义标签
root# run show system commit
root# rollback 0 //回滚配置
root# commit confirmed //10分钟之内需commit,否则回滚上一个配置
root# commit //确认提交
root@SRX# save 20180717.bak //保存配置
root@SRX# load override 20180717.bak //加载配置
root@SRX# load factory-default //恢复出厂设置(重启后需设置root密码)
------------------------系统相关命令------------------------------
root@SRX> request system reboot //重启系统
root@SRX> request system power-off //关闭系统
root@SRX> request system license add terminal //增加license key(Ctrl+D 结束)
root@SRX> request support information | no-more //收集tech信息
------------------------功能模块关闭-------------------------------
root@SRX# deactivate security policies //关闭安全策略模块
root@SRX# deactivate security nat //关闭NAT模块
作者:点滴技术
链接:https://www.jianshu.com/u/0d9516fb4027
来源:简书
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。