設(shè)備初始化

1.1 初始登錄設(shè)備

#默認賬號和密碼：root/空
login: root         
Password:
root@% cli          //進入操作模式
root>
root> configure     //進入配置模式（默認share）

1.2 基礎(chǔ)配置

#設(shè)置root用戶口令,首次登錄修改，方便后續(xù)操作
root@SRX# set system root-authentication plain-text-password    
New password:
Retype new password:
root@SRX#show system root-authentication

#設(shè)置主機名
root@SRX#set system host-name SRX

#設(shè)置時間
root@SRX#set system time-zone Asia/Shanghai
root@SRX# run set date 201808251200.00

#設(shè)置DNS
root@SRX#set system name-server 114.114.114.114

#設(shè)置SNMP
root@SRX#set snmp client-list snmp_list 192.168.1.0/24
root@SRX#set snmp community juniper client-list-name snmp_list authorization read-only
----------------------遠程登錄管理----------------------
#超級用戶
root# set system login user admin class super‐user authentication plain‐text‐password     //創(chuàng)建一個超級用戶admin
New password:
Retype new password:

#開啟telnet/ssh/web/ping服務(wù)
#全局服務(wù)
set system services ssh
set system services telnet
set system services web-management http interface ge-0/0/0.0
set system services web-management https interface ge-0/0/0.0
set system services web-management https system-generated-certificate
#放開內(nèi)網(wǎng)telnet/ssh/web/ping服務(wù)
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services telnet
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services http
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services https
#或者放開所有服務(wù)
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services all

----------------------接口初始化配置----------------------
#傳統(tǒng)set接口配置
root# set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.111/24
#Edit配置
root# edit interfaces ge-0/0/0 unit 0        //進入接口GE-0/0/0
root# set family inet address 192.168.1.111/24
root#commit     #保存配置

#SVI配置
root@SRX#set protocols l2-learning global-mode transparent-bridge  //切換為透明墻需要重啟才能生效
root@SRXset vlans vlan10 vlan-id 10  //創(chuàng)建vlan
root@SRXset vlans vlan10 l3-interface irb.10  //創(chuàng)建三層vlan
root@SRXset interfaces irb unit 10 family inet address 192.168.10.254/24
root@SRXset interfaces ge-0/0/0 unit 0 family ethernet-switching interface-mode access  //配置成acces模式
root@SRXset interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan10  //接口劃入vlan10

#子接口配置
root@SRX# set interfaces ge-0/0/0 vlan-tagging
root@SRX# set interfaces ge-0/0/0 unit 10 vlan-id 10 family inet address 192.168.10.254/24
root@SRX# set security zones security-zone trust interfaces ge-0/0/0.10

#trunk接口配置
root@SRX# set interfaces ge-0/0/0 unit 10 family ethernet-switching port-mode trunk vlan members 10
root@SRX# set vlans vlan10 vlan-id 10 l3-interface vlan.10
root@SRX# set security zones security-zone trust interfaces ge-0/0/0.10 

1.3 密碼恢復(fù)

#設(shè)備掉電重啟损合，看到如下提示按“空格”鍵：
Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [/kernel]...

#進入單用戶模式
loader>
loader>boot -s

#執(zhí)行密碼恢復(fù)
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh：recovery

#刪除root密碼后重新設(shè)置root密碼省艳，并保存配置重啟
root# delete system root-authentication
root# set system root-authentication plain-text-password
root# commit
root#exit
root> request system reboot

1.4 維護命令

-------------------------show命令----------------------------------
root@SRX> show configuration | display set | no-more                   //顯示set格式的當前配置
root@SRX> request system license add terminal   //增加license key（Ctrl+D 結(jié)束）
root@SRX> show system license                       //查看license
root@SRX> show system license keys
root@SRX> show system processes extensive       //查看進程
root@SRX# restart chassis-control gracefully    //重啟進程
root@SRX# set cli screen-length 0               //不分屏
root@SRX> show system uptime                    //查看系統(tǒng)運行時間
root@SRX> show version                          //查看系統(tǒng)版本
root@SRX> show chassis routing-engine           //查看引擎信息
root@SRX> show chassis environment              //查看運行環(huán)境
root@SRX> show ntp status                       //查看NTP狀態(tài)
root@SRX> show ntp associations
root@SRX> show ospf neighbor                    //查看OSPF鄰居
root@SRX> show vrrp brief                       //查看VRRP狀態(tài)
root@SRX> show system alarms                    //查看系統(tǒng)告警
---------------------------快捷命令-------------------------------
root@SRX# load override 20180717.bak
root@SRX# exit   //返回上一級
root@SRX#up    //返回上一級
root@SRX#top    //返回最高級
root@SRX# copy interfaces ge-0/0/2 to ge-0/0/3   //復(fù)制配置
root@SRX# delete interfaces ge-0/0/2 unit 0  //刪除某個接口配置
root@SRX# delete interfaces                 //刪除所有接口配置
root@SRX# delete vlan                       //刪除所有vlan配置
root@SRX# delete security                   //刪除所有security配置
root@SRX# wildcard delete interfaces ge-0/0/*    //批量刪除
root@SRX# edit security nat source              //刪除源NAT配置
root@SRX# rename rule-set trust-to-untrust to rule-set  //重命名 inside-to-outside 
root@SRX# replace pattern ge-0/0/2 with ge-0/0/3  //替換配置 //把ge-0/0/2替換成ge-0/0/3root@SRX# load override 20180717.bak
root@SRX# exit   //返回上一級
root#up    //返回上一級
root#top    //返回最上級
root# copy interfaces ge-0/0/2 to ge-0/0/3   //復(fù)制配置
root# delete interfaces ge-0/0/2 unit 0  //刪除某個接口配置
root# delete interfaces                 //刪除所有接口配置
root# delete vlan                       //刪除所有vlan配置
root# delete security                   //刪除所有security配置
root# wildcard delete interfaces ge-0/0/*    //批量刪除
root# edit security nat source              //刪除源NAT配置
root# rename rule-set trust-to-untrust to rule-set  //重命名 inside-to-outside 
root# replace pattern ge-0/0/2 with ge-0/0/3  //替換配置 //把ge-0/0/2替換成ge-0/0/3
--------------------------回退命令---------------------------------
root# commit at "2018-6-24 12:30"   //定義某個時間點提交配置
root> clear system commit           //清除未被提交的配置
root# commit comment "Clear system config"  //保存配置，自定義標簽
root# run show system commit
root# rollback 0                    //回滾配置
root# commit confirmed             //10分鐘之內(nèi)需commit嫁审，否則回滾上一個配置
root# commit                       //確認提交
root@SRX# save 20180717.bak        //保存配置
root@SRX# load override 20180717.bak   //加載配置
root@SRX# load factory-default  //恢復(fù)出廠設(shè)置（重啟后需設(shè)置root密碼）
------------------------系統(tǒng)相關(guān)命令------------------------------
root@SRX> request system reboot  //重啟系統(tǒng)
root@SRX> request system power-off  //關(guān)閉系統(tǒng)
root@SRX> request system license add terminal   //增加license key（Ctrl+D 結(jié)束）
root@SRX> request support information | no-more         //收集tech信息
------------------------功能模塊關(guān)閉-------------------------------
root@SRX# deactivate security policies  //關(guān)閉安全策略模塊
root@SRX# deactivate security nat       //關(guān)閉NAT模塊