juniper基本配置命令 自用
以下命令留着自己用 都是从yeslab现任明教教主那看的。。。恢复系统默认配置
load factory-default
升级os
request system software add validate reboot ftp://1.1.1.1/jinstall-10.0r4.7-export-signed
重启系统
run request system reboot
查看借口状态
run show interfaces terse
进入shell
run start shell
使用管道符匹配特定关键字
>show interfaces detail | match fe-0/0/0
帮组信息
>help reference security policy-security
搜索命令
>help apropos security
#help apropos security
传统set配置
set interfaces fe-0/0/0.1 family inet address 1.1.1.1/24
show interfaces fe-0/0/0.1 family inet
address 1.1.1.1/24
edit配置:
edit interfaces fe-0/0/0.1 family inet
set address 1.1.1.2/24
层次切换
edit interfaces fe-0/0/0
up
查看set格式的配置
show | display set
查看代交与当前配置差别
show | compare
查看恢复配置
rollback ?
清楚未被提交的配置
clear system commit
为接口fe-0/0/0.0配置ip地址
edit interfaces fe-0/0/0.0
set family inet address 202.100.1.10/24
为接口fe-0/0/0.0放入outside zone
edit security zones security-zone outside
set interfaces fe-0/0/0.0
commit
run ping 202.100.1.10
把接口fe-0/0/1.0放入vlan3
edit interfaces fe-0/0/1.0
set ethernet-switching vlan members 3
为vlan3的svi接口vlan.3配置接口地址
edit interfaces vlan.3
set family inet address 202.100.2.10、24
把vlan.3放入outside zone
edit security zones security-zone outside
set interfaces vlan.3
查看统计利用率
show system processes extensive
重启系统进程
restart chassis-control gracefully
修改密码
set system root-authentication plain-text-password
配置静态路由
edit routing-options static
set route 202.100.100.0/24 next-hop 202.100.1.1
查看路由表
show route
配置默认路由
edit routing-options static
set static route 0/0 next-hop 202.100.1.1
配置security policy放行inside1到outside的所有流量
edit security policies from-zone inside1 to-zone outside
edit policy permit-all
set match source-address any
set match destination-address any
set match application any
set then permit
exit
commit
配置outside区域address-book
edit security zones security-zone outside
set address-book address sp1-router 202.100.1.1/32
set address-book address sp2-router 202.100.2.1/32
在security policy调用address-book
edit security policies from-zone inside1 to-zone outside
delete policy permit-all
edit policy permit-all-use-address-book
set match source-address inside1-network
set match destination-address sp-routers
set match application any
set then permit
applications配置
edit applications application tcp-3032
set protocol tcp destination-port 3032
配置applications application-set
edit applications application-set yeslab-app-set
set application tcp-3032
securitypolicy调用application
edit security policies from-zone inside1 to-zone outside
delete policy permit-all-use-address-book
edit policy permit-inside1-to-outside
set match source-address inside1-network
set match destination-address sp-routers
set match application yeslab-app-set
set then permit
查看策略
show security policies
show security policies detail
show security policies from-zone inside1 to-zone outside
查看flow session
show flow session
页:
[1]