1、日常show操作

# show 查看所有配置 # show | display set 查看set格式的所有配置 # show system | display set 查看set格式的system層級(jí)配置 # show system login | display set 查看set格式的system層級(jí)下的login層級(jí)配置# run show version # run show route 1.1.1.1 # run ping 1.1.1.1 在配置模式下運(yùn)行操作模式命令，前面加run,類似思科do> show configuration | display set 在操作模式下查看正在運(yùn)行的配置> show chassis hardware 查看硬件組件信息 > show chassis environment 查看硬件組件狀態(tài) > show chassis routing-engine 查看路由引擎狀態(tài) > show chassis fpc pic-status 查看板卡online狀態(tài) > show chassis fpc detail 查看板卡詳細(xì)狀態(tài) > show chassis fan 查看風(fēng)扇狀態(tài) > show system alarms 查看設(shè)備告警信息 > show system uptime 查看系統(tǒng)當(dāng)前時(shí)間 > show version 查看軟件版本 > show interfaces terse 查看所有接口簡(jiǎn)要狀態(tài) > show interfaces terse ge-0/0/0 查看指定接口簡(jiǎn)要狀態(tài) > show interfaces xe-0/0/0 查看指定接口信息 > show interfaces extensive 查看所有接口詳細(xì)信息(包含接口error、隊(duì)列、速率、物理狀態(tài)等) > show interfaces extensive xe-0/0/0 查看指定接口詳細(xì)信息 > show interfaces diagnostics optics 查看光接口功率 > show chassis pic fpc-slot * pic-slot * 查看光模塊廠商、波長(zhǎng)、類型 > show chassis hardware 查看設(shè)備硬件信息，PIC插槽下各接口模塊的類型、SN號(hào) > show vlans 查看vlan信息 > show route 查看路由表 > show route 1.1.1.1 查看指定路由 > show system storage 查看存儲(chǔ)空間使用情況 > show system process extensive 查看系統(tǒng)進(jìn)程 > show lldp neighbor 查看lldp鄰居 > show log messages 查看messages log > show log chassisd 查看chassisd log###防火墻專用 > show security flow session 查看當(dāng)前所有會(huì)話信息 > show security flow session summary 查看當(dāng)前并發(fā)會(huì)話總數(shù) > show security policies hit-count 查看所有策略歷史命中數(shù) > show security monitoring fpc 0 查看轉(zhuǎn)發(fā)層面cpu、memory、并發(fā)會(huì)話、每秒新建等信息 > show chassis cluster status 查看集群狀態(tài) > show chassis cluster interfaces 查看集群接口狀態(tài)

2、簡(jiǎn)單運(yùn)維命令

1、恢復(fù)出廠配置

root> request system zeroize media *media這個(gè)參數(shù)在模擬器上是沒有辦法配置的。 這條命令會(huì)清空除了系統(tǒng)os以外的所有配置，（包括日志，許可等等）一臺(tái)新的機(jī)器或者一臺(tái)恢復(fù)了出廠設(shè)置的設(shè)備，默認(rèn)用戶名為root，沒有密碼。

2、加載出廠配置

root# load factory-default 注意模式變換：讀取出廠配置，不會(huì)刪除日志、許可、本地文件等等，但會(huì)重置root。

3、配置ROOT密碼

第一種：root# set system root-authentication plain-text-password 這是交互式配置，你試一下就知道了 第二種：root# set system root-authentication encrypted-password ? Possible completions: Encrypted password string 看我打問號(hào)顯示的內(nèi)容 這里后面需要加一個(gè)參數(shù)，一個(gè)已經(jīng)加密的密碼，什么意思？ 這里后面需要跟的是已經(jīng)經(jīng)過MD5加密的密文（復(fù)制黏貼配置用，他不用交互）

4、覆蓋當(dāng)前修改的配置副本，到運(yùn)行中的配置

root# commit 我之前有一句話提到，配置模式下修改的是副本，這代表，你做的一切配置都不一定會(huì)生效，commit就是把副本覆蓋到當(dāng)前配置的命令，順便說一下，srx會(huì)自動(dòng)保存這些配置，并且進(jìn)行編號(hào)，編號(hào)從0開始，越小時(shí)間越近

5、設(shè)置主機(jī)名

root@SRX1# set system host-name SRX1

6、查看版本

root@SRX1> show version

7、刪除當(dāng)前級(jí)別下所有的配置

root@SRX1# delete

8、配置tacas認(rèn)證

set system authentication-order tacplus set system authentication-order password set system root-authentication plain-text-password（這是交互式配置，你試一下就知道了） 輸入密碼： 確認(rèn)密碼： set system tacplus-server 10.21.100.101 secret "$9$eoUKWxdbs4oGXx.5Q3tp0BIclMY2aZUHdVYoGif5uO1" set system tacplus-server 10.21.100.101 single-connection set system tacplus-server 10.21.100.101 source-address 10.150.119.38 set system accounting events login set system accounting events change-log set system accounting events interactive-commands set system accounting destination tacplus server 10.21.100.101 secret "$9$UnDHmTz39Cu.mhreMN-VwYoGin6Ap0ITQnCu1yrdbs" set system login class read idle-timeout 3 set system login class read login-alarms set system login class read permissions view set system login class read permissions view-configuration set system login class read allow-commands "(show configuration)|(ping)|(ssh)|(traceroute)" set system login class read deny-commands set set system login user supermi uid 2000 set system login user supermi class super-user set system login user supermi authentication encrypted-password "$5$.wDHyvZZ$IU/wsBzYyhh20JE.1rxK8g/qxl69TbdSOnStJfl43i/" set system login user xiaomi uid 2003 set system login user xiaomi class super-user set system login user xiaomi authentication encrypted-password "$5$x8iFB5RK$Urd3HoQGJuinOivi6Kek6foZBk02Ro5YSOSvvhaDzz1"

9、配置AAA認(rèn)證，創(chuàng)建用戶

set system login user AAA uid 2001 set system login user AAA class super-user set system login user AAA authentication plain-text-password “111JjTpAOWR$Qdo4LZbv6vIH.9Lfrnmtp1”----這一段就是密文，也就是上面第二種秘密配置方法里要填的東西 這個(gè)大家自己看下，太簡(jiǎn)單了 ------------------------------------------第一段嘗試--------------------------------------------------- 上面這些如果大家實(shí)驗(yàn)過，就會(huì)慢慢上手了，這里我總結(jié)一下 set是配置命令，后面后面跟的是配置內(nèi)容set system login user AAA uid 2001 set system login user AAA class super-user set system login user AAA authentication plain-text-password 這里我們就會(huì)發(fā)現(xiàn)前面“system login user AAA”這一段是重復(fù)的 這里可以使用edit [edit] root@SRX1# edit system login user AAA [edit system login user AAA]發(fā)現(xiàn)沒有，上面那個(gè)中括號(hào)，這個(gè)其實(shí)是當(dāng)前路徑，而edit可以配置的同時(shí)進(jìn)入該路徑，然后就可以在當(dāng)前路徑下的配置參數(shù)，這個(gè)就是junos的層級(jí)配置，試試就知道了。

10、開啟ssh

set system services ssh protocol-version v2 set system services ssh rate-limit 3 set system services netconf ssh port 830

11、配置syslog

set system syslog host 10.108.20.28 any any set system syslog host 10.108.20.28 source-address 10.150.119.38 set system syslog host 10.152.64.2 any any set system syslog host 10.152.64.2 source-address 10.150.119.38 set system syslog host 10.44.4.170 any any set system syslog host 10.44.4.170 source-address 10.150.119.38 set system syslog file messages any notice

12、配置NTP

set system ntp server 10.108.6.6 set system ntp source-address 10.150.119.38

13、配置聚合口，聚合口子接口，dot1p的vlan id，子接口ip地址，loopback口地址、替換ip

set interfaces ae0 vlan-tagging set interfaces ae0 unit 912 description UPLINK_xxx set interfaces ae0 unit 912 vlan-id 912 set interfaces ae0 unit 912 family inet address 10.108.253.98/30set interfaces lo0 unit 0 family inet address 10.150.119.38/32替換IP [edit] root@SRX1# edit interfaces ge-0/0/0 [edit interfaces ge-0/0/0] root@SRX1# replace pattern 1.1.1.2/24 with 1.1.1.3/24

注意幾點(diǎn)：

• 1、unit就類似與子接口，srx是不允許直接在接口上配ip的；
• 2、如果一個(gè)接口ip代表這個(gè)物理接口的ip，必須是unit 0；

14、配置snmp

et snmp community sa.net.xiaomi.com authorization read-only set snmp trap-options source-address lo0

15、浮動(dòng)靜態(tài)路由配置方法

配置整體的路由preference： set routing-options static route 192.168.47.5 next-hop 10.10.10.10 preference 7 其中在整體內(nèi)配置其他優(yōu)先生效的靜態(tài)路由，需要使用qualified-next-hop： set routing-options static route 192.168.47.5 qualified-next-hop 10.10.10.7 preference 6

16、ospf配置

set routing-options router-id [router-id] set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface [接口] interface-type p2p set protocols ospf area 0.0.0.0 interface [接口] interface-type p2p set protocols ospf area 0.0.0.0 interface [接口] hello-interval 1 set protocols ospf area 0.0.0.0 interface [接口] dead-interval 4

17、開啟lldp

set protocols lldp interface all

18、不啟用（配置不生效）、啟用

deactivate interfaces ge-0/0/0 ？

• 可以多種多樣，自己嘗試下就會(huì)知道

啟用

active interfaces ge-0/0/0

19、對(duì)一個(gè)端口范圍內(nèi)進(jìn)行操作

配置：

刪除多個(gè)：

[edit] root@SRX1#wildcard delete interfaces ge-0/0/[0,3] ?

20、查看登錄情況

root@SRX1# run show system users 7:00AM up 4:04, 1 user, load averages: 0.02, 0.02, 0.00 USER TTY FROM LOGIN@ IDLE WHAT root d0 - 2:59AM - cli

21、查看誰在配置

root@SRX1# status Users currently editing the configuration: root terminal d0 (pid 1291) on since 2017-07-04 03:35:02 UTC [edit]

22、回滾

root@SRX1#rollback ? Possible completions: <[Enter]> Execute this command 0 2017-07-04 06:34:34 UTC by root via cli 1 2017-07-04 05:48:28 UTC by root via cli 2 2017-07-04 03:37:11 UTC by root via cli 3 2017-07-04 03:32:07 UTC by root via cli 4 2017-07-04 03:29:17 UTC by root via cli 5 2017-07-04 03:27:59 UTC by root via cli 6 2017-07-04 03:25:04 UTC by root via cli 7 2017-07-04 02:56:05 UTC by root via other

23、提交檢查（不生效）

commit check 基本就是檢查語法

24、給提交的配置打上標(biāo)記

root@SRX1# commit comment TEST1

25、查看rollback

root@SRX1# run show system commit 0 2017-07-04 08:09:03 UTC by root via cli TEST1 1 2017-07-04 06:34:34 UTC by root via cli 2 2017-07-04 05:48:28 UTC by root via cli 3 2017-07-04 03:37:11 UTC by root via cli 4 2017-07-04 03:32:07 UTC by root via cli 5 2017-07-04 03:29:17 UTC by root via cli 6 2017-07-04 03:27:59 UTC by root via cli 7 2017-07-04 03:25:04 UTC by root via cli 8 2017-07-04 02:56:05 UTC by root via other 可以看到標(biāo)記

26、設(shè)置rollback數(shù)量

root@SRX1# set system max-configurations-on-rollbacks 50 root@SRX1# set system max-configurations-on-flash 100 Value 100 is not within range (0…49) at ‘100’

• 可以發(fā)現(xiàn)最多一共可以存50個(gè)
• 這兩條命令，其實(shí)只配第一條也是可以的，他是用來確認(rèn)rollback的數(shù)量的，第二條on-flush是用來設(shè)置你有多少個(gè)配置保存在設(shè)備的config文件所屬的文件夾下，但是并不是說剩下的配置他不保存，不保存的話你怎么恢復(fù)呢？剩下的其實(shí)是保存再var的一個(gè)目錄下，可以去官網(wǎng)查一下，我看有人也提問這個(gè)問題，回復(fù)的還是很準(zhǔn)確的。

27、查看設(shè)備時(shí)間

root@SRX1# run show system uptime

28、默認(rèn)回退（后悔機(jī)制）

root@SRX1# commit confirmed commit confirmed will be automatically rolled back in 10 minutes unless confirmed commit complete

• 默認(rèn)是10分鐘，如果在10分鐘內(nèi)沒有再commit，他就會(huì)自動(dòng)回滾

29、重啟

root@SRX1> request system reboot

30、關(guān)機(jī)

root@SRX1> request system power-off

31、查看已配置信息

root>show configuration | display set

32、查看最近一次運(yùn)行命令

root>show | compare

33、提交檢查不生效

root> commit check

34、配置BGP

1. Create a routing options. [edit] user@host# edit routing-options 2. Set the AS number. [edit routing-options] user@host# set autonomous-system 17 3. Configure BGP. [edit] user@host# edit protocols bgp 4. Create the BGP group and add the external neighbor address. [edit protocols bgp] user@host# set group external-peers neighbor 10.10.10.10 5. Set the AS number at the group level. [edit protocols bgp] user@host# set group external-peers peer-as 22 6. Set the AS number at the individual neighbor level. [edit protocols bgp group external-peers] user@host# set neighbor 10.21.7.2 peer-as 79 7. Set the group type. [edit protocols bgp group external-peers] user@host# set type external

總結(jié)

以上是生活随笔為你收集整理的juniper设备日常操作指南的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。