Chinaunix首页 | 论坛 | 博客
  • 博客访问: 2192958
  • 博文数量: 532
  • 博客积分: 8689
  • 博客等级: 中将
  • 技术积分: 7036
  • 用 户 组: 普通用户
  • 注册时间: 2010-11-26 10:00
文章分类

全部博文(532)

文章存档

2024年(1)

2023年(4)

2022年(16)

2014年(90)

2013年(76)

2012年(125)

2011年(184)

2010年(37)

分类:

2012-04-10 14:52:22



Juniper SRX基础配置

SRX基础配置实验:

1.确保电源打开

2.root用户登录,没有密码

3.进入CLI模式

root# cli

root@>

4.进入configuration 模式

configure

[edit]

root@#

5.设置root密码

[edit]

root@# set system root-authentication plain-text-password

New password: password

Retype new password: password

6.配置新用户

[edit]

root@# set system login user admin class super-user authentication plain-text-password

7.确认commit

[edit]

root@# commit

8.用你第六步新创建的账户登录

9.配置设备名称

configure

[edit]

admin@# set system host-name host-name

10.配置数据接口

[edit]

admin@# set interfaces fe-0/0/1 unit 0 family inet 192.168.1.1/24

11.配置默认

[edit]

admin@# set routing-options static route 0.0.0.0/0 {下一条地址}

12.配置安全区域,并且将端口加入

[edit]

admin@# set security zones security-zone untrust interfaces fe-0/0/1

13.配置基本的策略

[edit]

admin@# set security policies from-zone trust to-zone untrust policy policy-name match source-address any destination-address any application any

root@# set security policies from-zone trust to-zone untrust policy policy-name then permit

14.配置NAT

[edit]

admin@# set security nat source rule-set interface-nat from zone trust

admin@# set security nat source rule-set interface-nat to zone untrust

admin@# set security nat source rule-set interface-nat rule rule1 match source-address 0.0.0.0/0 destination-address 0.0.0.0/0

admin@# set security nat source rule-set interface-nat rule rule1 then source-nat interface

Check the configuration for validity.

[edit]

15.效验配置

admin@# commit check

configuration check succeeds

16.提交配置

[edit]

admin@# commit

commit complete

17.显示设备配置

[edit]

user@host# show

system {

host-name devicea;

domain-name lab.device.net;

domain-search [ lab.device.net device.net ];

backup-device 192.168.2.44;

time-zone America/Los_Angeles;

root-authentication {

ssh-rsa "ssh-rsa AAAAB3Nza...D9Y2gXF9ac==root@devicea.lab.device.net";

}

name-server {

10.148.2.32;

}

services {

}

ntp {

server 10.148.2.21;

}

}

interfaces {

fe-0/0/0 {

unit 0 {

family inet {

address 192.168.1.1/24;

}

}

}

lo0 {

unit 0 {

family inet {

address 172.16.1.24/32;

}

}

}

}

18.提交配置

[edit]

admin@# commit

19.Optionally, configure additional properties by adding the necessary configuration statements. Then commit the changes to activate them on the device.

[edit]

admin@host# commit

20.When you have finished configuring the device, exit configuration mode.

[edit]

admin@host# exit

admin@host>







阅读(5235) | 评论(0) | 转发(1) |
给主人留下些什么吧!~~