文章目录
JUNIPER设备
华为,思科是两种配置(运行配置+保存配置)
Juniper是三种配置(运行配置+保存配置1-49号+编辑中的配置)
#shell模式
start shell
#对比配置,回退操作
#status //查看登录用户,进程号,当前状态等
#show system users //查看当前登录的用户
#show configure | dis detail //显示配置文件,这种会有描述的哦,教你怎么解读配置
#show | compare //查看当前修改的那些配置
#show | compare rollback 2 //比较当前和历史哪个配置
#show configuration | compare rollback 2
#rollback //恢复最近运行的配置
#rollback 2 //恢复历史指定配置
save /var/tmp/20190617.txt //将配置保存在
>configure //进入配置模式
>configure private //进入私有配置模式,与其他用户不干扰,除非修改了同一文件,
#update //当有人修改了配置,我们也要修改保存,可以使用update先更新,再保存
#commit confirmed //提交配置并生效10分钟,10分钟后需再次确认,否则自动还原之前配置自动还原,若确认没问题,再次手动commit即可
#commit check //提交命令前检查命令是否正确
#commit and-quit //提交配置,并退出到>操作模式
#commit at 22:10 //在22:10分的时候,进行提交,这是一个时间计划任务,一旦指定,不能更改其他任何配置,只能清除clear
>clear system commit //清除提交配置的计划任务
#commit comment "this is down bgp" //提交配置时,记录一个描述日志,以便查询
#接口类型
ge-0/0/7 //接口类型-母版位置-子卡位置-模块位置
fxp0 //带外管理口
fxp1 //路由平面与转发平面互联接口,它不能被配置,但是它可以被配置
物理口配置IP,必须使用unit0 而且只能配置一个unit,同一个unit支持多个IP,并且不会被覆盖
#查看运行配置(count统计,find 从什么开始,match 包含,except 排除)
show configuration system login
show configuration protocols bgp
show configuration | display set | count | match ospf //查看ospf配置有多少行
show configuration | display set | except ospf //排除ospf配置
deactivate interface ge-0/0/6 unit 1 //注释某条命令,使其不生效
activate interface ge-0/0/6 unit 1 //取消注释,让命令生效
up //返回上一级
top //返回到顶层
copy interface ge-0/0/6 to ge-0/0/7 //将6口的配置复制到7口
load set terminal //批量粘贴录入配置,按Ctrl+D结束
#替换配置replace(进入em2的逻辑接口,将192.168.1.1/24替换成172.16.1.1/24)
edit interfaces em2 unit 0
replace pattern 192.168.1.1/24 with 172.16.1.1/24
#重命名rename(将em1改成em2)
rename interfaces em1 to em2
#范围wildcard(删除8-11接口,将0-5还有7网口设置为全双工模式,)
#wildcard delete interfaces em[8-11]
#wildcard range set interfaces em[0-5,7] link-mode full-duplex
#配置root密码
以明文的形式()
set system root-authentication plain-test-password
以密文的形式(加密后的密文,要注意哦)
set system root-authentiaction encrypted-password "sadasdsdffsd"
#用户管理
新增用户,设置安全级别,设置权限
set system login user fnk class super-user
set system login user fnk authentiaction plain-test-password
查看用户登陆配置
show system login | display set
用户安全级别组、
set system login user fnk class ?
注意:Junios可以在不插模块的情况下进行配置,不会出错,但是无法通过show configuration inter terse 进行查看到
提示:Junios中ospf宣告的是接口,而不是地址.
#查看光功率
show interfaces diagnostics optics xe-7/0/0
#查看vlanif的配置
show interfaces irb.3301
#使用特定vrf进行ping测试
ping 1.1.1.1 routing-instance VRF-CN
#查看哪个peer发布了哪些网段
show route protocol bgp advertising-protocol bgp 23.119.64.225
#查看那个peer接收了哪些网段
show route protocol bgp receive-protocol bgp 23.119.64.225
show route protocol bgp receive-protocol bgp 38.21.225.63 all #查看未过滤的条目
#查看bgp路由,包含起源as号
show route protocol bgp 9.9.9.9
#MX960上写静态路由
set routing-instances VRF-Highbandwith routing-options static route 211.37.191.26/32 next-hop 23.19.4.225
#SJ优化段添加网关
+++++++
10008-1
set groups Gateway interfaces irb unit "<29??>" family inet address 45.1.230.125/25 virtual-gateway-address 45.1.230.1
set groups Gateway interfaces irb unit "<29??>" family inet address 45.1.230.253/25 virtual-gateway-address 45.1.230.129
set interfaces irb unit 2901 family inet address 45.1.230.125/25 virtual-gateway-address 45.61.230.1
set interfaces irb unit 2901 family inet address 45.1.230.253/25 virtual-gateway-address 45.61.230.129
set routing-instances aggToMX960 routing-options static route 45.1.230.0/25 discard
set routing-instances aggToMX960 routing-options static route 45.1.230.0/25 tag 65002
set routing-instances aggToMX960 routing-options static route 45.1.230.128/25 discard
set routing-instances aggToMX960 routing-options static route 45.1.230.128/25 tag 65002
10008-2
set groups Gateway interfaces irb unit "<29??>" family inet address 45.1.230.126/25 virtual-gateway-address 45.1.230.1
set groups Gateway interfaces irb unit "<29??>" family inet address 45.1.230.254/25 virtual-gateway-address 45.1.230.129
set interfaces irb unit 2901 family inet address 45.1.230.126/25 virtual-gateway-address 45.1.230.1
set interfaces irb unit 2901 family inet address 45.1.230.254/25 virtual-gateway-address 45.1.230.129
set routing-instances aggToMX960 routing-options static route 45.1.230.0/25 discard
set routing-instances aggToMX960 routing-options static route 45.1.230.0/25 tag 65002
set routing-instances aggToMX960 routing-options static route 45.1.230.128/25 discard
set routing-instances aggToMX960 routing-options static route 45.1.230.128/25 tag 65002
#SJ-10008上写32路由
set routing-instances aggToMX960 routing-options static route 3.21.28.89/32 next-table CNCommunity.inet.0
#SJ接入交换机接口学不到mac,就这样操作
delete interfaces ge-1/0/41 unit 0 family ethernet-switching vlan members CN
commit
set interfaces ge-1/0/41 disable
commit
set interfaces ge-1/0/41 unit 0 family ethernet-switching vlan members CN
delete interfaces ge-1/0/41 disable
commit
#SJ10008上监控vlanfi 2层数据统计
monitor traffic interface irb.3301 no-resolve layer2-headers
#查看限速模板
show configuration firewall
#查看接口是否存在丢包等
show interfaces ge-1/0/6 extensive
#配置限速模板
set firewall family ethernet-switching filter P350M interface-specific
set firewall family ethernet-switching filter P350M term all then policer P350M
set firewall policer P350M if-exceeding bandwidth-limit 350m
set firewall policer P350M if-exceeding burst-size-limit 35m
set firewall policer P350M then discard
#接口应用限速模板
set interfaces xe-0/0/5 unit 0 family ethernet-switching filter input P350M
set interfaces xe-0/0/5 unit 0 family ethernet-switching filter output P350M
juniper查询路由信息
#显示某条 BGP 路由的详细信息
show route protocol bgp 4.0.0.0/8 exact
show route protocol bgp 45.61.230.0 exact detail
#查看向某 BGP 邻居宣告的路由
show route advertising-protocol bgp 59.43.0.2 | match 58.30
#查看从某 BGP 邻居接收的路由,经过策略过滤的
show route receive-protocol bgp 59.43.0.2 | match 64.114
#查看从某 BGP 邻居接收的路由,未经过策略过滤的
show route receive-protocol bgp 59.43.0.2 all | match 64.114
#用 AS PATH 正则表达式来匹配察看 BGP 路由(以 AS-PATH 64523 开头的 BGP 路由)
show route protocol bgp aspath-regex "^64523"
juniper限速模板
show configuration firewall
show interfaces ge-1/0/6 extensive
带宽限速模板
set firewall family ethernet-switching filter P350M interface-specific #这个表示独享模式,若不配这一句,那么所有应用这个策略的端口共享350Mbit/s
set firewall family ethernet-switching filter P350M term all then policer P350M
set firewall policer P350M if-exceeding bandwidth-limit 350m
set firewall policer P350M if-exceeding burst-size-limit 10m #这是实打实的10MB,若是这样配置,突发带宽为 350mbit/s+10MB*8=430Mbit/s
set firewall policer P350M then discard
接口下应用
set interfaces xe-0/0/5 unit 0 family ethernet-switching filter input P350M
set interfaces xe-0/0/5 unit 0 family ethernet-switching filter output P350M
juniper 5200交换机如何做本地端口镜像
这里争对聚合口ae13的子接口ae13.3501的in,out方向数据,镜像到 xe-1/0/4:2.0口子
set interfaces ae13 flexible-vlan-tagging
set interfaces ae13 unit 3501 vlan-id 3501
set interfaces ae13 unit 3501 family inet address 10.60.220.5/30
set interfaces xe-1/0/4:2 unit 0 family ethernet-switching
#关键是下面两行
set forwarding-options analyzer mirror-mactest input egress interface ae13.3501
set forwarding-options analyzer mirror-mactest output interface xe-1/0/4:2.0
vyatta基本操作
#查看操作的命令历史
show history
#查看当前生效命令
show configuration commands
#黑洞系统查询
sh configuration commands | match bl
#写一条黑洞
conf
set protocols static route 23.252.1.90/32 'blackhole'
commit #保存
#删除黑洞
delete protocols static route 1.1.1.1/32 blackhole
#BGP相关操作
show ip bgp sum #查看BGP邻居
reset ip bgp all #重置BGP邻居
sh ip bgp neighbors 123.123.123.123 advertised-routes #查看向某个peer发布了什么路由
大河SDN设备查看流表
#指定协议为openflow13 以及端口为eth-0-2
ovs-ofctl dump-flows br0 -O openflow13 in_port=2
如果文章对你有帮助,欢迎点击上方按钮打赏作者
暂无评论