如何分析juniper交换机ex2200配置及简单命令
qnqy-dpf-jrex2200-01# show | display set
set version 12.3R11.2
set system host-name qnqy-dpf-jrex2200-01
set system time-zone Asia/Shanghai
set system root-authentication encrypted-password "$1$7RMyTyeG$tLGAToBggMFhcOw85Ts.EP/"
set system login user admin uid 2000
set system login user admin class super-user
set system login user admin authentication encrypted-password "$1$m5Fp3PtY$cenAvv5Yq6VKsAlA317C2E/"
set system services ftp
set system services ssh
set system services telnet
set system services web-management https system-generated-certificate
set system services web-management https interface all
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system ntp boot-server 192.168.16.45
set system ntp server 192.168.16.45
set chassis alarm management-ethernet link-down ignore
set chassis auto-image-upgrade
set interfaces interface-range allport member-range ge-0/0/0 to ge-0/0/20
set interfaces interface-range allport unit 0 family ethernet-switching port-mode access
set interfaces interface-range allport unit 0 family ethernet-switching vlan members vlan_54
set interfaces interface-range allport unit 0 family ethernet-switching filter input 54
deactivate interfaces interface-range allport unit 0 family ethernet-switching filter
set interfaces ge-0/0/0 unit 0 family ethernet-switching
set interfaces ge-0/0/1 unit 0 family ethernet-switching
set interfaces ge-0/0/2 unit 0 family ethernet-switching
set interfaces ge-0/0/3 unit 0 family ethernet-switching
set interfaces ge-0/0/4 unit 0 family ethernet-switching
set interfaces ge-0/0/5 unit 0 family ethernet-switching
set interfaces ge-0/0/6 unit 0 family ethernet-switching
set interfaces ge-0/0/7 unit 0 family ethernet-switching
set interfaces ge-0/0/8 unit 0 family ethernet-switching
set interfaces ge-0/0/9 unit 0 family ethernet-switching
set interfaces ge-0/0/10 unit 0 family ethernet-switching
set interfaces ge-0/0/11 unit 0 family ethernet-switching
set interfaces ge-0/0/12 unit 0 family ethernet-switching
set interfaces ge-0/0/13 unit 0 family ethernet-switching
set interfaces ge-0/0/14 unit 0 family ethernet-switching
set interfaces ge-0/0/15 unit 0 family ethernet-switching
set interfaces ge-0/0/16 unit 0 family ethernet-switching
set interfaces ge-0/0/17 unit 0 family ethernet-switching
set interfaces ge-0/0/18 unit 0 family ethernet-switching
set interfaces ge-0/0/19 unit 0 family ethernet-switching
set interfaces ge-0/0/20 unit 0 family ethernet-switching
set interfaces ge-0/0/21 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/21 unit 0 family ethernet-switching vlan members 917
set interfaces ge-0/0/22 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/22 unit 0 family ethernet-switching vlan members vlan_54
set interfaces ge-0/0/23 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members all
set interfaces ge-0/1/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/1/0 unit 0 family ethernet-switching vlan members all
set interfaces ge-0/1/2 unit 0 family ethernet-switching
set interfaces ge-0/1/3 unit 0 family ethernet-switching
set interfaces vlan unit 0
set interfaces vlan unit 502 family inet address 192.168.13.171/24
set snmp community public authorization read-only
set routing-options static route 0.0.0.0/0 next-hop 192.168.13.254
set protocols igmp-snooping vlan all
set protocols rstp bridge-priority 60k
set protocols rstp interface allport edge
set protocols vstp vlan vlan_502
set protocols vstp vlan vlan_54
set protocols lldp interface all
set protocols lldp-med interface all
set firewall family inet filter RE_Filter term 1 from source-address 192.168.16.0/24
set firewall family inet filter RE_Filter term 1 from protocol tcp
set firewall family inet filter RE_Filter term 1 from destination-port telnet
set firewall family inet filter RE_Filter term 1 from destination-port ssh
set firewall family inet filter RE_Filter term 1 from destination-port http
set firewall family inet filter RE_Filter term 1 from destination-port ftp
set firewall family inet filter RE_Filter term 1 from destination-port https
set firewall family inet filter RE_Filter term 1 then accept
set firewall family inet filter RE_Filter term 2 from protocol tcp
set firewall family inet filter RE_Filter term 2 from destination-port telnet
set firewall family inet filter RE_Filter term 2 from destination-port ssh
set firewall family inet filter RE_Filter term 2 from destination-port http
set firewall family inet filter RE_Filter term 2 from destination-port ftp
set firewall family inet filter RE_Filter term 2 from destination-port https
set firewall family inet filter RE_Filter term 2 then discard
set firewall family inet filter RE_Filter term icmp from source-address 192.168.16.0/24
set firewall family inet filter RE_Filter term icmp from protocol icmp
set firewall family inet filter RE_Filter term icmp then accept
set firewall family inet filter RE_Filter term icmp-other from protocol icmp
set firewall family inet filter RE_Filter term icmp-other then discard
set firewall family inet filter RE_Filter term NTP from source-address 192.168.16.45/32
set firewall family inet filter RE_Filter term NTP from protocol tcp
set firewall family inet filter RE_Filter term NTP from protocol udp
set firewall family inet filter RE_Filter term NTP from source-port ntp
set firewall family inet filter RE_Filter term NTP-Other from protocol tcp
set firewall family inet filter RE_Filter term NTP-Other from protocol udp
set firewall family inet filter RE_Filter term NTP-Other from source-port ntp
set firewall family inet filter RE_Filter term NTP-Other then discard
set firewall family inet filter RE_Filter term Other then accept
set firewall family ethernet-switching filter 54 term 1 from protocol udp
set firewall family ethernet-switching filter 54 term 1 from destination-port 1434
set firewall family ethernet-switching filter 54 term 1 from destination-port 1433
set firewall family ethernet-switching filter 54 term 1 from destination-port netbios-ns
set firewall family ethernet-switching filter 54 term 1 from destination-port netbios-dgm
set firewall family ethernet-switching filter 54 term 1 from destination-port 139
set firewall family ethernet-switching filter 54 term 1 from destination-port netbios-ssn
set firewall family ethernet-switching filter 54 term 1 then discard
set firewall family ethernet-switching filter 54 term 2 from protocol tcp
set firewall family ethernet-switching filter 54 term 2 from destination-port 135
set firewall family ethernet-switching filter 54 term 2 from destination-port 139
set firewall family ethernet-switching filter 54 term 2 from destination-port 445
set firewall family ethernet-switching filter 54 term 2 then discard
set firewall family ethernet-switching filter 54 term Other-Permit then accept
set ethernet-switching-options secure-access-port interface ge-0/0/23.0 dhcp-trusted
set ethernet-switching-options secure-access-port interface ge-0/1/0.0 dhcp-trusted
set ethernet-switching-options secure-access-port interface allport mac-limit 10
set ethernet-switching-options secure-access-port interface allport mac-limit action shutdown
set ethernet-switching-options secure-access-port interface allport vlan 54 mac-limit 10
set ethernet-switching-options secure-access-port interface allport vlan 54 mac-limit action drop
set ethernet-switching-options secure-access-port interface allport no-dhcp-trusted
set ethernet-switching-options secure-access-port vlan vlan_54 arp-inspection
set ethernet-switching-options secure-access-port vlan vlan_54 examine-dhcp
set ethernet-switching-options secure-access-port vlan vlan_54 ip-source-guard
set ethernet-switching-options port-error-disable disable-timeout 600
set ethernet-switching-options storm-control interface all
set ethernet-switching-options bpdu-block interface allport
set vlans default l3-interface vlan.0
set vlans vlan917 vlan-id 917
set vlans vlan_502 vlan-id 502
set vlans vlan_502 l3-interface vlan.502
set vlans vlan_506 vlan-id 506
set vlans vlan_54 vlan-id 54
set vlans vlan_924 description guanli-vlan
set vlans vlan_924 vlan-id 924
简单命令
login: root
password :
登录后 输入 cli ;config;show | disp set 查看和配置
root@qnqy-dpf-jrex2200-01:RE:0% cli
{master:0}
root@qnqy-dpf-jrex2200-01> configure
Entering configuration mode
{master:0}[edit]
root@qnqy-dpf-jrex2200-01# show | display set
set version 12.3R11.2
set system host-name qnqy-dpf-jrex2200-01
set system time-zone Asia/Shanghai
set system root-authentication encrypted-password ""
set system login user admin uid 2000
set system login user admin class super-user
set system login user admin
………………
把ge0/0/0 从vlan809设置成vlan917
root@qnqy-dpf-jrex2200-01#et interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access
{master:0}[edit]
root@qnqy-dpf-jrex2200-01# delete interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members 809
{master:0}[edit]
root@qnqy-dpf-jrex2200-01# set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members 917
如果要删除vlan,要注意要先清除其中所属端口,然后再删除,所有改完后,要提交commit才生效
configuration check succeeds
commit complete
配置管理地址,接口vlan,要进入端口模式,设置vlan502接口管理地址192.168.13.171
root@qnqy-dpf-jrex2200-01# edit interfaces
{master:0}[edit interfaces]
root@qnqy-dpf-jrex2200-01#set vlan unit 502 family inet address 192.168.13.171/24
top回到全局 绑定vlan 3层接口
root@qnqy-dpf-jrex2200-01#set vlans vlan_502 l3-interface vlan.502
重启
root> request system reboot
查看序列号和光口硬件信息
root> show chassis hardware
ping命令
root >ping 192.168.127.254
查看告警信息和温度
root>show chassis alarms
root>show chassis environment