Juniper OS4.2R1.3 路由器配置操作手册.doc
收藏
编号:60392815
类型:共享资源
大小:112.50KB
格式:DOC
上传时间:2020-03-22
上传人:清****
认证信息
个人认证
肖**(实名认证)
河南
IP属地:河南
12
积分
- 关 键 词:
-
Juniper
OS4.2R1.3
路由器配置操作手册
OS4
R1
路由器
配置
操作手册
- 资源描述:
-
Juniper OS 4.2R1.3 路由器配置操作手册
1 系统配置 2
1.1 系统信息基本配置 2
1.2 系统用户信息 2
1.3 系统服务配置 3
2 端口配置 4
2.1 juniper端口介绍 4
2.2 端口配置 4
3 SNMP配置 6
4 Routing-options配置 7
4.1 静态路由配置 7
4.2 route-id&as 7
4.3 bgp聚合配置 7
5 Route protocal配置 8
5.1 Ospf配置 8
5.2 Bgp 配置 9
6 Policy 配置 9
7 Firewall 配置 12
8 Juniper与Cisco互连端口参数调整 12
9 Juniper备份结构与Cisco不同 14
9.1 console root登录 14
9.2 telnet登录 14
Juniper所有配置,均在配置状态下进行。分为由console进入和远程telnet进入。
由console进入JUNOS系统命令操作(由FreeBSD的简化系统)
%cli 进入下面的用户操作
hostname>edit 进入下面的用户配置
hostname# 配置操作
由远程telnet直接进入用户操作
hostname>edit 进入下面的用户配置
hostname# 配置操作
1 系统配置
1.1 系统信息基本配置
#edit system 进入system配置菜单
#set host-name axi580-a-hz1
#set domain-name
#set time-zone Asia/Shanghai
# set system root-authentication plain-text-password (console登录,root口令缺省为空,虚设新口令)
New password:******
Retype new password:******
#show 查看配置
#commit 配置生效 OR
#commit confirmed 配置生效测试,5分钟后系统自动会滚,恢复原来配置。
1.2 系统用户息
1.2.1 用户组的配置
#set login class high idle-timeout 30 permissions all
“high” 是组名;”all” 用户将拥有该router的全部权限。
#set login class medium idle-timeout 30 permissions clear
#set login class medium idle-timeout 30 permissions configure
#set login class medium idle-timeout 30 permissions interface-control
#set login class medium idle-timeout 30 permissions network
#set login class medium idle-timeout 30 permissions maintenance
“medium”具有多个权限,” clear configure interface-control network
view maintenance”
#set login class low idle-timeout 30 permissions view
配置了high、medium、low三个权限组,将在用户配置时用到。
权限设置如下:
admin Can view user accounts
admin-control Can modify user accounts
all All permission bits turned on
clear Can clear learned network information
configure Can enter configuration mode
control Can modify any configuration values
edit Can edit full files
field Special for field (debug) support
firewall Can view firewall config
firewall-control Can modify firewall config
floppy Can read and write the floppy drive
interface Can view interface config
interface-control Can modify interface config
maintenance Can perform system maintenance (as wheel)
network Can access the network
reset Can reset and restart interfaces and processes
rollback Can rollback for depth greater than zero
routing Can view routing config
routing-control Can modify routing config
secret Can view secret config
secret-control Can modify secret config
shell Can start a local shell
snmp Can view SNMP config
snmp-control Can modify SNMP config
system Can view system config
system-control Can modify system config
trace Can view trace file settings
trace-control Can modify trace file settings
view Can view current values and statistics
1.2.2 用户配置
#set login user admin full-name newwork-admin uid 2001 class high plain-text-password
New password:******
Retype new password:******
Username 为admin;user id 为2001;组为high
#set login user manager full-name newwork-manager uid 2002 class midium
plain-text-password
New password:******
Retype new password:******
#set login user viewer full-name newwork-viwer uid 2003 class low plain-text-password
New password:******
Retype new password:******
#commit 配置生效 OR
#commit confirmed 配置生效测试,5分钟后系统自动会滚,恢复原来配置。
1.3 系统服务配置
1.3.1 telnet服务配置
# set system services telnet 配置启用telnet服务 OR
# set system services telnet connection-limit 5 限制telnet的最大连接数
#commit 配置生效 OR
#commit confirmed 配置生效测试,5分钟后系统自动会滚,恢复原来配置。
1.3.2 syslog 服务配置
#set system syslog user * any emergency
#set system syslog host 3 any any 所有syslog信息都写到远程主机
#set system syslog file messages any notice 所有notice,authorization信息写在本地
#set system syslog file messages authorization info
1.3.3 ntp 服务配置
ntp client 配置
#set system ntp server 7
ntp server 配置
#set system ntp boot-server 7 此处只能写ip不能为主机名
#commit 配置生效 OR
#commit confirmed 配置生效测试,5分钟后系统自动会滚,恢复原来配置。
检查ntp状态
# run show ntp status
# run show ntp associations
2 端口配置
2.1 juniper端口介绍
在juniper的配置中,所有端口皆为逻辑端口,在初始配置中没有任何端口信息,如不能准确知道所要配置的端口名称,可用命令来确认。
>show chassis fpc pic-status OR
#run show chassis fpc pic-status (example)
Slot 1 Online
PIC 0 1x OC-48 SONET, SMSR 为 so-1/0/0
PIC 1 1x OC-48 SONET, SMSR
PIC 2 1x OC-48 SONET, SMSR 为 so-1/2/0
Slot 6 Online
PIC 0 2x OC-3 ATM, SMIR 为 at-6/0/0; at-6/0/1
PIC 1 1x G/E, 1000 BASE-SX 为 ge-6/1/0
PIC 2 1x G/E, 1000 BASE-SX
2.2 端口配置
# edit interfaces
v sonet端口配置
# set so-1/0/0 unit 0 description "HZ to NB 2.5Gb SDH" family inet address /30
#show 检查配置
so-1/0/0 {
description HZ to NB 2.5Gb SDH;
unit 0 {
family inet {
address /30;
}
}
}
v atm端口配置
#set at-6/0/0 clocking external
#set at-6/0/0 atm-options vpi 1 maximum-vcs 100
#set at-6/0/0 atm-options vpi 10 maximum-vcs 200
#set at-6/0/0 unit 0 description HuZhou-HangZhou-ATM vci 10.40 family inet address 0/30
#set at-6/0/0 unit 1 description HuZhou-NingBo-ATM vci 1.51 family inet address 50/30
vci 号为pvc号
#show
at-6/0/0 {
clocking external;
atm-options {
vpi 1 maximum-vcs 100;
vpi 10 maximum-vcs 200;
}
unit 0 {
description HuZhou-HangZhou-ATM;
vci 10.40;
family inet {
address 0/30;
}
}
unit 1 {
description HuZhou-NingBo-ATM;
vci 1.51;
family inet {
address 50/30;
}
}
}
v ge端口配置
#set ge-6/1/0 unit 0 description “To Catalysta6509 g1/0” family inet address
93/30
#show
ge-6/1/0 {
unit 0 {
description To Catalysta6509 g1/0;
family inet {
address 93/30;
}
}
}
v fe端口配置
#set fe-6/2/0 unit 0 description “To 2948 g1/0” family inet address
/24
#show
fe-6/2/0 {
unit 0 {
description To 2948 1/0;
family inet {
address /24;
}
}
}
v loopback配置
#set lo0 unit 0 family inet address address 81/32
#show
lo0 {
unit 0 {
family inet {
filter {
input popme;
}将firewall在该端口上生效,要使其他端口生效,必须在短配置。
address 81/32;
}
}
}
#commit 配置生效 OR
#commit confirmed 配置生效测试,5分钟后系统自动会滚,恢复原来配置。
3 SNMP配置
#top 返回顶级菜单
#set snmp community keepalive authorization read-only
keepalive 为community strings
#show
snmp {
community keepalive {
authorization read-only;
}
}
4 Routing-options配置
这里只介绍浙江工程中用到的静态、聚合、route-id三点,其他以后在补充。
4.1 静态路由配置
#top
#edit routing-options
#set static route /24 next-hop 2
#set static route /24 next-hop 3
……
#show
static {
route /24 next-hop 2;
route /24 next-hop 3;
route /26 next-hop 1;
route 4/26 next-hop 9;
route /21 next-hop 94;
}
4.2 route-id&as
#set route-id 2 建议设为本机的loopback
#set autonomous-system 64740 根据实际分配设定
4.3 bgp聚合配置
#set aggregate route /18
#set aggregate route /18
#set aggregate route /18
#set aggregate route /18
#set aggregate route /17
#set aggregate route /17 discard
……
在juniper上BGP对外广播所有聚合,条件是在本地路由表里有此路由或比聚合更细的路由,当未启用的ip段或不能产生本地路由的网段需要对外广播时,可采用discard属性。
#show
aggregate {
route /18;
route /18;
route /18;
route /18;
route /17;
route /17 discard;
……
}
5 Route protocal配置
这里只介绍ospf、bgp的配置
#top
#edit protocols 进入路由协议配置菜单
5.1 Ospf配置
#set ospf export ebgp_default_to_ospf 将由ebgp收到的缺省路由广播到ospf路由表中
#set ospf area interface so-1/1/0.0
#set ospf area interface so-1/0/0.0 metric 20 根据实际情况调整metric
#set ospf area interface at-6/1/0.0 metric 20
#set ospf area interface at-6/1/0.3 metric 20
……
#show
ospf {
export ebgp_default_to_ospf; 需要在路由政策里定义
area {
interface so-1/1/0.0;
interface so-1/0/0.0{
metric 20;
}
interface at-6/1/0.0 {
metric 20;
}
}
area {
interface at-6/1/0.3 {
metric 20;
}
}
}
5.2 Bgp 配置
#set bgp export aggregate_to_bgp 在policy里定义,将本地聚合向ibgp、ebgp广播
#edit bgp group ibgp 定义ibgp组名
#set type internal
#set export ebgp-aggregate-ibgp 在policy里定义,向ibgp广播从ebgp收到的路由
#set peer-as 64740 根据实际情况配置
#set neighbor 50
#set neighbor 06
#exit
##edit bgp group ebgp 定义ebgp组名
#set type external
#set import change-preference 在policy里定义,改变收到的bgp local-preference
#set export outbound-control-hz1 在policy里定义,调整对ebgp广播的路由特性
#set export from-zj-as1 在policy里定义,将所有本地聚合对外广播,禁止从4134收到的路由广播出去。
#set peer-as 4134
#set neighbor
bgp {
export aggregate_to_bgp;
group ibgp {
type internal;
export ebgp-aggregate-ibgp;
peer-as 64740;
neighbor 50;
neighbor 06;
}
group ebgp {
type external;
import change-preference;
export [ outbound-control-hz1 from-zj-as1 ];
peer-as 4134;
neighbor ;
}
}
6 Policy 配置
具体配置命令请参照前面格式操作。
policy-options {
prefix-list telnet-list { 定义firewall里的telnet 列表
/25;
/27;
2/27;
4/27;
/24;
2/27;
}
policy-statement outbound-control-hz1 {
term term1 {
from {
protocol aggregate;
route-filter 28/25 exact;
route-filter /18 exact;
route-filter /18 exact;
route-filter /18 exact;
route-filter /18 exact;
route-filter /22 exact;
route-filter /22 exact;
}
then {
community add 169comm; 将聚合里的169网段,bgp广播时添加附加串
next term;
}
}
term term6 {
from protocol ospf; 通过ospf收到路由不对外广播
then reject;
}
term term3 {
from protocol local; 本地路由不对外广播
then reject;
}
term term5 {
from protocol static; 静态路由不对外广播
then reject;
}
term term4 {
from protocol direct; 直连路由不对外广播
then reject;
}
}
policy-statement from-zj-as1 {
term term1 {
from {
protocol bgp;
as-path zj-as1; 从4134过来的路由不对外广播
}
then reject;
}
term term2 {
then accept;
}
}
policy-statement change-preference {
from {
protocol bgp;
neighbor ;
}
then {
local-preference 200; 将由收到的路由作调整。
as-path-prepend "4134 4134";
}
}
policy-statement aggregate_to_bgp {
from protocol aggregate; 定义对外广播本地聚合
then accept;
}
policy-statement ebgp_default_to_ospf {
from { 向ospf广播bgp的default
protocol bgp;
neighbor ;
route-filter /0 exact;
}
then {
external {
type 1;
}
accept;
}
}
policy-statement ebgp-aggregate-ibgp {
term term1 {
from {
protocol bgp;
neighbor ;
}
then next term;
}
term term2 {
from protocol aggregate;
then accept;
}
}
community 169comm members 4134:10;
as-path zj-as1 "4134 .*";
}
7 Firewall 配置
具体配置命令请参照前面格式操作。
firewall {
filter popme { 定义filter
term term1 {
from {
prefix-list {
telnet-list; 在policy-options 定义
}
protocol tcp;
port telnet;
}
then accept;
}
term term2 {
from {
protocol tcp;
port telnet;
}
then {
reject; 拒绝非list地址telnet
}
}
term term3 {
then accept;
}
}
8 Juniper与Cisco互连端口参数调整
Cisco conf
interface ATM1/0.11 point-to-point
description TO jiaxing Atm 4/0.1
bandwidth 20000
ip address 5 52
no ip directed-broadcast
ip ospf network broadcast
atm pvc 10 10 43 aal5snap
no atm enable-ilmi-trap
!
Cisco- Cisco
ospf
interface ATM1/0.13 point-to-point
description to NingBo
bandwidth 60000
ip address 52
no ip directed-broadcast
atm pvc 11 10 52 aal5snap
no atm enable-ilmi-trap
Cisco(route)- Juniper
ospf
interface Vlan6
description web-1
ip address 7 24
no ip directed-broadcast
Cisco(switch)- Cisco(route)
ospf
interface Vlan6
description web-1
ip address 7 24
ip directed-broadcast(或者没有此配置)
Cisco(switch)- Juniper
ospf
interface POS10/0(与cisco互连)
ip address 52
no ip directed-broadcast
crc 32
clock source internal
pos scramble-atm
pos flag c2 22
改为:
interface POS10/0(与juniper互连)
ip address 52
no ip directed-broadcast
crc 16
Sdh
bgp
so-2/1/0 {
keepalives;
encapsulation ppp;
sonet-options {
fcs 16;
no-payload-scrambler;
}
unit 0 {
description "580 HZ-DaQu-GSR 2.5G";
family inet {
address /30;
}
}
9 Juniper备份结构与Cisco不同
Cisco route 在保存配置时会自动更新slave ,但juniper不是这样的设计的(现在没有),他有两种方式同步配置:
9.1 console root登录
root>edit
root#save re1:/config/juniper.conf
9.2 telnet登录
user>start shell
user%su – root
passwd:
root%cli
root>request routing-engine login re1
root%cli
root>edit
root>load re0:/config/juniper.conf
root>commit
- 内容简介:
-
-
- 温馨提示:
1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
2: 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
3.本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
人人文库网所有资源均是用户自行上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作他用。
川公网安备: 51019002004831号