您好,欢迎访问三七文档
当前位置:首页 > 商业/管理/HR > 信息化管理 > Juniper_SRX1400_产品配置维护手册
Copyright©2005JuniperNetworks,Inc.ProprietaryandConfidential产品配置维护培训©2009JuniperNetworks,Inc.Allrightsreserved.2目录一、SRX1400产品介绍二、JUNOS基本命令介绍三、SRX1400配置介绍及演示四、SRX1400日常维护©2009JuniperNetworks,Inc.Allrightsreserved.3目录一、SRX1400产品介绍二、JUNOS基本命令介绍三、SRX1400配置介绍及演示四、SRX1400日常维护©2009JuniperNetworks,Inc.Allrightsreserved.4SRX1400机箱式设计(3U)–4个插槽–最大1块IOC;1块NSPC;1块RE;1块SYSIOC(GEorXGE)固定接口(SYSIOC)–GE型号6-10/100/1000,6SFP–XGE型号6-10/100/1000,3SFP,3SFP+模块化接口–16-10/100/1000;16-SFP;2-XFP多核架构2电源冗余(1+1)性能–防火墙吞吐率(大包)–10Gbps–并发连接数–1.5Million*最少需配1NSPC或1SPC+1NPC©2009JuniperNetworks,Inc.Allrightsreserved.6目录一、SRX1400产品介绍二、JUNOS基本命令介绍(演示)三、SRX1400配置介绍及演示四、SRX1400组网讨论©2009JuniperNetworks,Inc.Allrightsreserved.7内容JUNOS基础知识基本命令介绍基本配置©2009JuniperNetworks,Inc.Allrightsreserved.8操作模式shell模式$用户模式配置模式#cli/exitstartshellconfigure/editexit©2009JuniperNetworks,Inc.Allrightsreserved.9配置模式配置模式提示符号是“#“在模式下键入config进入配置模式#提示符还由用户名和主机名共同组成•如:user@host#©2009JuniperNetworks,Inc.Allrightsreserved.10配置模式你编辑的配置文件叫candidate配置文件配置修改不是马上生效,必须通过commit命令提交之后才生效commit提交之后,candidate配置变成active配置文件,然后新的candidate会被再次创建©2009JuniperNetworks,Inc.Allrightsreserved.11基本命令-show使用show命令来查看candidate配置文件•在哪一层就显示哪一层的配置•在最外层就显示所有配置可以在最外层直接指定需要显示的层次#showsystem#showinterfaces#showinterfacesfxp1#showrouting-options#showprotocols©2009JuniperNetworks,Inc.Allrightsreserved.12set命令使用set增加或者改变配置•set参数有些是增加,有些是覆盖#setsystemhost-nameDenver覆盖#setinterfacefxp0unit0familyinetaddress1.1.1.1/24增加#setrouting-optionsrouter-id2.2.2.2覆盖set用法有两种:(1)一种是用edit进入参数层进行修改(2)一种是在最外层直接写完所有层次参数如下面的例子:©2009JuniperNetworks,Inc.Allrightsreserved.13set命令方法一:ab@SRX#editsystem[editsystem]lab@SRX#editlogin[editsystemlogin]lab@SRX#edituserlab[editsystemloginuserlab]lab@SRX#setuid2002[editsystemloginuserlab]lab@SRX#方法一配置繁琐,但是简单明了不容易出错,适合入门者使用方法二:setsystemloginuserlabuid2002方法二操作简单,命令输入量少,并且可以直接粘贴,适合熟练者使用©2009JuniperNetworks,Inc.Allrightsreserved.14基本命令-commit使用commit命令来使修改后的内容生效commit-检查配置语法并且激活修改后的内容commitcheck-仅仅进行语法检查,不真正激活配置commitand-quit–如果提交成功就退出commitconfirmed–nextpage…©2009JuniperNetworks,Inc.Allrightsreserved.15基本命令-rollback使用rollback命令来恢复commit以前的配置rollback只是将配置恢复到Candidat配置erollback或者rollback0恢复上次commit之前的配置rollback1上两次commit之前的配置总共可以恢复49份配置,rollback后面可以0-49rollback?可以显示每次commit的时间,确定恢复那份配置runfileshow/config/juniper.conf.n.gz•n为1-3,可以查看需要恢复配置的内容,对应于rollback1-3•runfileshow/config/juniper.conf.gz对应rollback0runfileshow/var/db/config/juniper.conf.n.gz•n为4-49,可以查看需要恢复配置的内容,对应于rollback4-49©2009JuniperNetworks,Inc.Allrightsreserved.16配置文件比较Showdifferencesbetweencandidateconfigurationfileand•Activeconfiguration•“Rollback”configuration•Anysavedconfigurationfile#show|comparerollbacknumber#show|comparefilename•Configurationmodeonly•LikeUnixdiff©2009JuniperNetworks,Inc.Allrightsreserved.17加载配置文件ConfigurationinformationcancomefromanASCIIfilepreparedoffline•Syntax•load(replace|merge|override)filename只改变candidate配置需要commit来生效Usetheloadcommandto•Override覆盖已经存在的配置•要覆盖整个配置,使用override选项•merge新的配置语句合并到已经存在的配置文件中•replace用新的配置替代已经存在的配置©2009JuniperNetworks,Inc.Allrightsreserved.18JUNOSSoftwareVersion?CLIcommandstodisplayinstalledpackages•showversion©2009JuniperNetworks,Inc.Allrightsreserved.19目录一、SRX1400产品介绍二、JUNOS基本命令介绍三、SRX1400配置介绍及演示ZoneSecurityPoliciesNetworkAddressTranslationHighAvailabilityClustering四、SRX1400日常维护Copyright©2005JuniperNetworks,Inc.ProprietaryandConfidential©2009JuniperNetworks,Inc.Allrightsreserved.21JuniperNetworksDeviceRoutingInstance1RoutingInstance2RoutingInstanceF.T.F.T.ForwardingTableZoneAZoneBZoneCZoneDZonesInterfacesInterfaces、zones、routinginstances之间的关系示意图©2009JuniperNetworks,Inc.Allrightsreserved.22ZoneTypesZoneTypesUser-Defined(canbeconfigured)System-Defined(cannotbeconfigured)SecurityFunctionaljunos-globalNull©2009JuniperNetworks,Inc.Allrightsreserved.23ZoneConfigurationProcedureSteps:•Defineasecurityorafunctionalzone•Addlogicalinterfacestothezone•Optionally,addservicesandprotocolsthatmustbepermittedintotheservicesgatewaythroughtheinterfacebelongingtothezone•Ifthisstepisomitted,notrafficdestinedfortheservicesgatewayispermittedCopyright©2005JuniperNetworks,Inc.ProprietaryandConfidential©2009JuniperNetworks,Inc.Allrightsreserved.25SecurityPolicyDefinedWhatisasecuritypolicy?•定义策略组合用于SRX,使其能根据策略来决定zone之间的数据传输WhatshouldIdoifapacketcomesinmatchingCriterionA?©2009JuniperNetworks,Inc.Allrightsreserved.26TransitTrafficExaminationSRX设备会根据securitypolicies来判断数据传输的转发Doesasecuritypolicymatchthetraffic?ApplydefaultpolicynoPacketinApplypolicyactionsyes©2009JuniperNetworks,Inc.Allrightsreserved.27DefaultSecurityPoliciesSystem-defaultsecuritypolicy:denyalltrafficthroughtheSRX-seriesservicesgateway•YoucanchangethedefaultpolicytopermitalltrafficFactory-defaultconfigurationhasthreesecuritypolicies:•Trusttotrust:permitall•Trusttountrust:permitall•Untrusttotrust:denyallX123System-defaultsecuritypoliciesbehaviorDenyALLtransittrafficFactory-defaultsecuritypoliciesbeha
本文标题:Juniper_SRX1400_产品配置维护手册
链接地址:https://www.777doc.com/doc-463777 .html