JUNOS基础知识.ppt

JUNOS基础 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 2 内容 JUNOS基础知识基本命令介绍开局配置基本排错 第一章JUNOS基础 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 4 路由器端口 每个路由器有两个固定的端口 fxp0带外网管接口fxp1内部Ethernet端口 连接路由引擎routeengine和包转发引擎PFE JuniperNetworks Inc Copyright 2000 Proprietary Confidential 5 Loopback端口lo0Loopback0在路由器上 你可以配置一个物理loopback端口lo0 可以在这个端口上配置一个或者多个IP地址 路由器端口 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 6 端口命名 type fpc pic port logicalType 端口名字 定义了端口的物理类型FPC FPC所在的槽PIC PIC在FPC里面的槽位号端口号逻辑端口号0 16384 可选 so 0 0 1 0POSinterfaceonFPC0 PIC0 port1Unit0 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 7 端口命名 物理端口都有标准的端口名称Type类型FPCslotFPC槽位PICslotPIC槽位Portnumber端口号 ge 5 2 3 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 8 端口命名 so 0 3 0 ge 1 3 1 ge 1 3 3 fxp0 e1 0 1 1 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 9 路由器配置 Console第一次配置智能通过consoletelnetssh1 ssh2默认情况下不允许远程访问路由器 你需要配置用户名和密码并且打开telnet或者ssh服务才能远程访问路由器认证可以采用TACACS 或者RADIUS每个用户单独的login authentication permissions可以在本地控制 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 10 JUNOS结构 结构层次化 clear configure monitor set show brief exact protocol table terse bgp chassis interfaces isis ospf route version LessSpecific MoreSpecific JuniperNetworks Inc Copyright 2000 Proprietary Confidential 11 JUNOS结构 配置文件格式 Lastchanged 2007 07 1003 02 03UTCversion8 3R1 5 system login userlab uid2000 classsuper user authentication encrypted password 1 YMSYkh5o XTF7tb5yomh9wyLQ4teXe SECRET DATA services ftp telnet interfaces ge 0 0 0 vlan tagging link modefull duplex gigether options no auto negotiation routing options static route10 111 0 7 32next hop10 111 0 22 protocols ospf export static ChinaMobile TDCS SG area0 0 0 0 interfacege 0 0 0 201 interface typep2p hello interval1 dead interval4 interfacege 0 2 0 1001 passive policy options policy statementstatic ChinaMobile TDCS SG fromprotocolstatic thenaccept JuniperNetworks Inc Copyright 2000 Proprietary Confidential 12 JUNOS结构 配置文件格式 setversion8 2R1 7setsystemhost nameR2setsystemroot authenticationencrypted password 1 gxRqk0EX rlIPzJ v lH3lqrGeNF0V0 setsystemloginuserlabuid2000setsystemloginuserlabclasssuper usersetsystemloginuserlabauthenticationencrypted password 1 Oy LG59E osnIHkektw7Ar0V7Y2KCg0 setsystemservicesftpsetsystemservicestelnetsetsystemservicesweb managementhttpinterfacege 0 0 0 0setsystemservicesweb managementhttpinterfacege 0 0 1 0setsystemservicesweb managementhttpinterfacege 0 0 2 0setsystemservicesweb managementhttpinterfacege 0 0 3 0setsystemsysloguser anyemergencysetsystemsyslogfilemessagesanyanysetsystemsyslogfilemessagesauthorizationinfosetsystemsyslogfileinteractive commandsinteractive commandsanysetinterfacesge 0 0 0unit0familyinetaddress192 200 8 253 24 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 13 JUNOS结构 配置文件格式 hostnameZXR10 port statuscheckon usernamelabpasswordlab123 user authentication typelocal snmp serverpacketSize1400snmp serverengine id830900020300010289d64401snmp serverviewDefaultViewsystemincludedsnmp serverviewAllViewinternetincluded loggingonloggingbuffer200loggingmodefullcycleloggingconsolenotificationslogginglevelnotifications lineconsoleidle timeout120lineconsoleabsolute timeout1440linetelnetidle timeout120 interfacevlan15ipaddress172 16 1 1255 255 255 252 interfacevlan30ipaddress10 10 10 9255 255 0 0 interfacegei 2 24negotiationautoswitchportaccessvlan1switchportqinqnormal routerospf1network130 0 49 90 0 0 0area0 0 0 0network131 0 49 100 0 0 0area0 0 0 0network132 0 49 100 0 0 0area0 0 0 0redistributestaticredistributeconnected iproute2 2 2 2255 255 255 25510 10 10 10 Cisco或者中兴路由器配置格式 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 14 操作模式 Shell模式提示符号 可以执行一些linux命令 不建议在这个模式下进行操作用户模式提示符 可以查看系统一些信息配置模式提示符 可以进行配置提示符是用户名加上路由器名例如 user host 配置模式和用户模式是两套不同命令 在配置模式下要执行用户模式下的命令 需要在命令前加runlab M7i runshowinterfacesterse 第一次配置路由器 初始用户名root 密码为空 进入的是shell模式 输入cli命令输入用户模式 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 15 操作模式 shell模式 用户模式模式 配置模式 cli exit startshell configure edit exit JuniperNetworks Inc Copyright 2000 Proprietary Confidential 16 TAB和空格键 使用空格键或者tab键showversionshowver pressspaceortab usedforuserdefinedpolicies firewallfilters etc JuniperNetworks Inc Copyright 2000 Proprietary Confidential 17 获取帮助 可以在命令行中任何地方输入 来获取命令帮助帮助内容取决于你在哪里输入 命令行开始处输入 显示最上层的帮助命令最后输入 显示下一层次的帮助如root hostname show 显示命令show命令下一层可带参数命令中间输入 显示当前层次匹配的命令root hostname s 显示set show ssh start 就是你最好的朋友 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 18 使用 帮助 show showsystem setprotocols JuniperNetworks Inc Copyright 2000 Proprietary Confidential 19 在线帮助 helptopic 配置方法指南helpreference 命令参考说明helpsyslog系统日志错误信息帮助helpsyslogCHASSISD ANTICF PIM CHECK FAILED JuniperNetworks Inc Copyright 2000 Proprietary Confidential 20 在线帮助 juniper R16 helpsyslogRPD OS MEMHIGHName RPD OS MEMHIGHMessage UsingKBofmemory percentofavailableHelp rpdmemoryuseisexcessiveDescription Theroutingprotocolprocess rpd isusingtheindicatedamountandpercentageofRoutingEnginememory whichisconsideredexcessive Type Event Thismessagereportsanevent notanerrorSeverity errorCause Eitherrpdisleakingmemoryortheuseofsystemresourcesisexcessive perhapsbecauseroutingfiltersaremisconfiguredortheconfigurednetworktopologyisverycomplex Action IncreasetheamountofRAMintheRoutingEngine JuniperNetworks Inc Copyright 2000 Proprietary Confidential 21 历史命令 用户模式和配置模式下都可以使用历史命令上 下箭头键 VT100 Ctrl P Ctrl N showclihistory CLImodeonly 默认可以显示最后100条操作命令最多显示count条记录 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 22 命令行编辑 基于UNIX的Emacs编辑器与Cisco非常相似Ctrl U删除一行Ctrl W删除一个单词Ctrl A Ctrl E转到行的最前 最后Ctrl F右移光标 相当于右箭头Ctrl B左移光标 相当于左箭头delete backspace删除光标前的一个字符 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 23 showcli setcli showclijuniper R1 showcliCLIcomplete on spacesettoonCLIidle timeoutdisabledCLIrestart on upgradesettoonCLIscreen lengthsetto24CLIscreen widthsetto80CLIterminalis unknown CLIisoperatinginenhancedmodesetcli改变cli参数在用户模式下执行该命令 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 24 showcli setcli setcliterminalvt100 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 25 Date TimeCommands setdate200707170947 00设置时间 YYYYMMDDhhmm ss showsystemuptime显示当前时间 以及路由器运行时间 路由进程运行时间等信息setdatentp设置ntp服务器来同步当前日期和时间setdatentp132 163 4 101Setfromspecificserver NISTClock http www boulder nist gov timefreq service time servers htmlsetdatentpUsetheNTPserversfromtheconfiguration JuniperNetworks Inc Copyright 2000 Proprietary Confidential 26 管道符 showinterfaces showinterfaces count统计输出行数 showinterfaces matchfxp1包含fxp1的输出行 showinterfaces findfxp1从包含fxp1行以后的内容 showinterfaces savefilename保存到文件lab M7i GZ showinterfaces save var tmp in txtWrote859linesofoutputto var tmp in txt showlogbgp log no more不分页 一次输出完 fileshowDemo findfxp1 showinterfaces displayxml以xml格式显示输出 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 27 配置模式 Configure 类似 configt 利用配置表达式来配置JUNOS软件配置模式提示符号是 提示符还有用户名和主机名共同组成如 user host JuniperNetworks Inc Copyright 2000 Proprietary Confidential 28 配置模式 你编辑的配置文件叫candidate配置文件Cisco修改的配置文件就是running configure你的修改对其它用户可见两个人同时修改配置可能会产生冲突配置修改不是马上生效 必须通过commit命令提交之后才生效Cisco是回车之后马上生效commit提交之后 candidate配置变成active配置文件 然后新的candidate会被再次创建 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 29 ConfigurationIntextfile 50previousconfigurations CandidateConfiguration InitiallyacopyoftheactiveconfigurationChangestocandidateconfigurationdonottakeeffectuntilsuccessfulcommitorcommitconfirmed配置有50个备份 CandidateConfiguration InterimConfiguration load copy save CommitConfirmed Commit x minutesWithoutCommitting Rollback config juniper conf n n 0 3 var db config juniper conf n n 4 49 ActiveConfiguration JuniperNetworks Inc Copyright 2000 Proprietary Confidential 30 命令配置基础 配置结构有点象一棵树类似于UNIX windows的目录结构 top atm e3 sonet t3 clock fpc firewall interfaces protocols system more LessSpecific MoreSpecific ethernet alarm chassis JuniperNetworks Inc Copyright 2000 Proprietary Confidential 31 命令配置基础 使用edit来进入配置的层次有点象UNIX的cd命令使用up来返回上一层配置层次有点象UNIX的cd 命令使用set delete命令来改变配置使用commit命令来使修改的内容生效 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 32 命令配置基础 使用edit来进入你想修改的那层user host editchassisalarmethernet editchassisalarmethernet top atm e3 sonet t3 clock fpc firewall interfaces protocols system more ethernet alarm chassis edit JuniperNetworks Inc Copyright 2000 Proprietary Confidential 33 基本命令 top top返回最上层象unix的 cd lab R1 J2300 editsystemloginuserlab lab R1 J2300 top edit lab R1 J2300 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 34 基本命令 exit exit如果在最上层 则退回到用户模式exit如果在配置层 则退回到上一次edit进入之前层次lab R1 J2300 editsystemlogin editsystemlogin lab R1 J2300 exit edit lab R1 J2300 quitisthesameasexit JuniperNetworks Inc Copyright 2000 Proprietary Confidential 35 基本命令 up 返回上一层edit状态类似unix的 cd Example editsystemlogin show up show up show JuniperNetworks Inc Copyright 2000 Proprietary Confidential 36 基本命令 exit exit如果在最上层 则退回到用户模式exit如果在配置层 则退回到上一次edit进入之前层次lab R1 J2300 editsystemlogin editsystemlogin lab R1 J2300 exit edit lab R1 J2300 quitisthesameasexit JuniperNetworks Inc Copyright 2000 Proprietary Confidential 37 edit配置例子 lab R1 J2300 configureEnteringconfigurationmode edit lab R1 J2300 editsystem editsystem lab R1 J2300 lab R1 J2300 editlogin editsystemlogin lab R1 J2300 edituser syntaxerror expecting editsystemlogin lab R1 J2300 edituserlab editsystemloginuserlab lab R1 J2300 setuid2001 editsystemloginuserlab lab R1 J2300 lab R1 J2300 up editsystemlogin lab R1 J2300 up editsystem lab R1 J2300 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 38 基本命令 set 使用set增加或者改变配置set参数有些是增加 有些是覆盖 setsystemhost nameDenver覆盖 setinterfacefxp2unit0familyinetaddress1 1 1 1 24增加 setrouting optionsrouter id2 2 2 2覆盖set用法有两种 1 一种是用edit进入参数层进行修改 2 一种是在最外层直接写完所有层次参数如下面的例子 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 39 set命令 使用set增加或者改变配置set参数有些是增加 有些是覆盖 setsystemhost nameDenver覆盖 setinterfacefxp2unit0familyinetaddress1 1 1 1 24增加 setrouting optionsrouter id2 2 2 2覆盖set用法有两种 1 一种是用edit进入参数层进行修改 2 一种是在最外层直接写完所有层次参数如下面的例子 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 40 set命令 方法一 ab R1 J2300 editsystem editsystem lab R1 J2300 editlogin editsystemlogin lab R1 J2300 edituserlab editsystemloginuserlab lab R1 J2300 setuid2002 editsystemloginuserlab lab R1 J2300 方法一配置繁琐 但是简单明了不容易出错 适合入门者使用方法二 setsystemloginuserlabuid2002方法二操作简单 命令输入量少 并且可以直接粘贴 适合熟练者使用 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 41 基本命令 commit 使用commit命令来使修改后的内容生效commit 检查配置语法并且激活修改后的内容commitcheck 仅仅进行语法检查 不真正激活配置commitand quit 如果提交成功就退出commitconfirmed nextpage JuniperNetworks Inc Copyright 2000 Proprietary Confidential 42 基本命令 show 使用show命令来查看candidate配置文件在哪一层就显示哪一层的配置在最外层就显示所有配置lab R1 J2300 editsystem lab R1 J2300 editsyslog editsystemsyslog lab R1 J2300 show只显示systemsyslog的配置user anyemergency filemessages anyany authorizationinfo fileinteractive commands interactive commandsany filesyslog anyany editsystemsyslog lab R1 J2300 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 43 基本命令 show 可以在最外层直接指定需要显示的层次 showsystem showinterfaces showinterfacesfxp1 showrouting options showprotocols JuniperNetworks Inc Copyright 2000 Proprietary Confidential 44 基本命令 show 用户模式的show显示相关参数配置模式的show显示相关配置内容 lab M7i GZ showinterfaces用户模式显示的是interface参数Physicalinterface fe 1 3 0 Enabled PhysicallinkisUpInterfaceindex 142 SNMPifIndex 31Link leveltype Ethernet MTU 1518 Speed 100mbps Loopback Disabled Sourcefiltering Disabled Flowcontrol EnabledDeviceflags PresentRunningInterfaceflags SNMP TrapsInternal 0 x4000CoSqueues 4supported 4maximumusablequeuesCurrentaddress 00 05 85 dc cc db Hardwareaddress 00 05 85 dc cc dbLastflapped 2007 06 2920 37 17HKT 2w5d13 57ago Inputrate 2344bps 3pps Outputrate 1688bps 2pps Activealarms NoneActivedefects NoneLogicalinterfacefe 1 3 0 0 Index83 SNMPifIndex71 Flags SNMP Traps0 x4000VLAN Tag 0 x8100 33 Encapsulation ENET2Inputpackets 0Outputpackets 0Protocolinet MTU 1500Flags None JuniperNetworks Inc Copyright 2000 Proprietary Confidential 45 show命令 配置模式的show显示相关配置内容 lab M7i GZ showinterfaces配置模式显示的是interface配置内容fe 1 3 0 accounting profiletest vlan tagging unit0 vlan id33 familyinet fe 1 3 1 vlan tagging unit0 vlan id44 familyinet edit lab M7i GZ JuniperNetworks Inc Copyright 2000 Proprietary Confidential 46 show命令 用户模式的show显示相关参数配置模式的show显示相关配置内容 lab M7i GZ showinterfaces配置模式显示的是interface配置内容fe 1 3 0 accounting profiletest vlan tagging unit0 vlan id33 familyinet fe 1 3 1 vlan tagging unit0 vlan id44 familyinet edit lab M7i GZ JuniperNetworks Inc Copyright 2000 Proprietary Confidential 47 基本命令 status 显示当前在修改配置的用户可以多个用户同时修改candidate配置文件 并且修改是对所有用户都可以见 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 48 基本命令 rollback 使用rollback命令来恢复commit以前的配置rollback只是将配置恢复到Candidat配置erollback或者rollback0恢复上次commit之前的配置rollback1上两次commit之前的配置总共可以恢复49份配置 rollback后面可以0 49rollback 可以显示每次commit的时间 确定恢复那份配置runfileshow config juniper conf n gzn为1 3 可以查看需要恢复配置的内容 对应于rollback1 3runfileshow config juniper conf gz对应rollback0runfileshow var db config juniper conf n gzn为4 49 可以查看需要恢复配置的内容 对应于rollback4 49 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 49 配置文件比较 ShowdifferencesbetweencandidateconfigurationfileandActiveconfiguration Rollback configurationAnysavedconfigurationfile show comparerollbacknumber show comparefilenameConfigurationmodeonlyLikeUnixdiff JuniperNetworks Inc Copyright 2000 Proprietary Confidential 50 加载配置文件 ConfigurationinformationcancomefromanASCIIfilepreparedofflineSyntaxload replace merge override filename只改变candidate配置需要commit来生效UsetheloadcommandtoOverride覆盖已经存在的配置要覆盖整个配置 使用override选项merge新的配置语句合并到已经存在的配置文件中replace用新的配置替代已经存在的配置 JuniperNetworks Inc Copyright 2000 Proprietary Confidential 51 Cut和Paste loadcantakeinputfromtheterminalload replace merge override terminalCopyyourconfigtoWindowsbufferEnterJUNOSconfigmodeloadoverrideterminalPastefromWindowsbufferPressctrl dtotellJUNOSyouaredone JuniperNetworks Inc Copyright 2000 Proprietary Confidential 52 runcommand ExecuteCLIcommandsfromconfigurationmodewiththeruncommand runshowinterfacefxp0 runshowbgpsum JuniperNetworks Inc Copyright 2000 Proprietary Confidential 53 路由器目录 config flash juniper conf juniper conf 1 juniper conf 2 andjuniper conf 3 var disk var home users homedirectories var db config juniper conf 4throughjuniper conf 9 var log Containssystemlogandtracingfiles var tmp corefiles tempdirectoryfornewsoftware var crash dumpfiles altroot disk requestsystemsnapshotcommandtherootfilesystem isbackedupto altroot altconfig disk requestsystemsnapshotcommand configdirectoryisbackedupto altconfig JuniperNetworks Inc Copyright 2