以下配置理论支持Juniper EX系列,可能因具体硬件、固件版本不一致存在差异。

1.日常维护

no copy
unlink
va校验
add

查看硬件 show chassis hardware
软件版本 show version
查看CPU show chassis routing-engine
ping命令 ping 192.168.1.254 rapid
告警信息 show chassis alarms
温度及状态 show chassis environment
CASE需要 request support information
看序列号 show chassis hardware
显示锁定用户 show system login
显示arp表 show ethernet-switching table
清除arp表 clear ethernet-switching table
显示端口 show interfaces terse
重启 **>** request system reboot in/at
关闭 request system halt
设置DNS服务器 set system name-server 192.168.1.1
del system name-server 192.168.1.1
已输入未提交的配置 show | compare
加号是新增配置,减号是删掉的配置
临时提交 commit confirmed
正式commit之前,可以临时生效几分钟
恢复出厂设置 >load factory-default
设置root密码
提交commit
>重启
只是恢复配置,不能解决一些底层文件的问题
重置操作系统 >request system zeroize
重置系统,最后的解决办法,时间比较久。
管理口配置IP set interfaces me0 unit 0 family inet address 192.168.1.1/24
存储空间清理 >request system storage cleanup
和清理垃圾文件一个道理,无需重启
生成树协议 show spanning-tree interface
查看状态
deactivate protocols rstp
禁用协议
采集RSI和日志 request support information | no-more
使用SecureCRT记录会话
日志收集
 file archive compress source /var/log/* destination /var/tmp/Logs20210831.tgz
收集的压缩包在/var/tmp
开启USB调试接口 set system ports auxiliary port-type mini-usb
自动升级镜像 set chassis auto-image-upgrade
FTP定期导出配置
commit是导出		 set system archival configuration transfer-on-commit
set system archival configuration archive-sites “ftp://xxx@x.x.x.x:21/子目录” password “xxx”
查看导出配置文件积压情况 show system configuration archival
如有文件积压会看到积压的文件。
文件积压会耗尽磁盘空间,导致业务异常。
image.png

2.时钟设置

当前时间 > show system uptime
设置时区 set system time-zone Asia/Shanghai
设置时间 > set date 200811071441.00
同步时间 > set date ntp
设置NTP服务器
认证方式
认证密码		 set system ntp server 192.168.1.1 set system ntp authentication-key 1 type md5 set system ntp authentication-key 1 value “password”
检查NTP服务器时钟源 show ntp associations
检查NTP服务器状态 show ntp status

设置主机名

设置主机名 set system host-name EX4200
del system host-name EX4200

3.设置ROOT密码

设置root密码-明文 set system root-authentication plain-text-password
设置root密码-密文 set system root-authentication encrypted-password

4.用户配置

添加用户

添加用户
添加用户权限
设置用户全名
设置UID
设置用户密码
删除用户		 edit system login user admin
set system login user admin class super-user
set system login user admin full-name “中兴通讯”
set system login user admin uid 101
set system login user admin authentication plain-text-password password
set system login user admin authentication encrypted-password “$19nk.”
delete system login user admin
添加到自定义权限
添加组权限		 set system login user zte class zte_class
set system login class zte_class

用户权限

5.连接方式

TELNET

设置Telnet 服务 set system service telnet
同时最大连接数 set system service telnet connection-limit 1-250
每分钟最大连接 set system service telnet rate-limit 1-250

SSH

开启远程ssh登陆 set system service ssh protocol-version v1/v2
set system service ssh connection-limit 1-250
set system service ssh rate-limit 1-250
查看配置 show system services ssh

WEB(HTTP/S)

开启远程WEB服务 超时时间(分钟) 同时连接用户数 打开web管理功能 指定web登陆端口 指定登陆板卡接口 https指定证书 set system system service web-management session idle-timeout 10 set system system service web-management session session-limit 10 set system system service web-management http/https set system system service web-management http port 1-65535 set system system service web-management http interface ge-0/0/1.0 set system system service web-management https local-certificate https-cer set system system service web-management http

MGT管理口

配置MGT管理口 set interfaces me0 unit 0 family inet address 192.168.1.1/24

FTP

开启远程Ftp服务 set system service ftp
set system service ftp connection-limit 1-250
set system service ftp rate-limit 1-250

6.告警配置

全部端口产生告
不产生告警
管理口产生告警		 set chassis alarm ethernet link-down red
set chassis alarm ethernet link-down ignore
set chassis alarm management-ethernet link-down red

7.端口配置

启动、关闭端口

关闭端口
恢复端口		 set interfaces ge-0/0/4 disable
del interfaces ge-0/0/4 disable

mac绑定

| MAC限制和IP绑定

edit ethernet-switching-options secure-access-port interface ge-0/0/1.0
set mac-limit 100
set mac-limit action drop
set allowed-mac 00:50:54:80:1e:1b
set static-ip 192.168.1.1 vlan 10 mac 00:50:54:80:1e:1b

双工及速率

工作模式为全双工
工作模式自动协商
指定端口速率
自动速率自动协商		 set interfaces ge-0/0/1 ether-options link-mode full-duplex
set interfaces ge-0/0/1 ether-options link-mode automatic
set interfaces ge-0/0/1 ether-options speed 10m/100m/1g
set interfaces ge-0/0/1 ether-options auto-negotiation

POE配置

禁止单个端口POE set poe interface ge-0/0/1 disable
打开单个端口POE delete poe interface ge-0/0/1 disable
set poe interface ge-0/0/1
打开所有端口POE delete poe interface all disable
set poe interface all
设置输出电压 set poe guard-band 1-19w
如果不使用到poe功能 必须通过set poe interface all disable禁止

端口镜像配置

添加镜像源端口 set forwarding-options analyzer port-mirroring-1 input ingress interface xe-1/0/21.0
set forwarding-options analyzer port-mirroring-1 input egress interface xe-1/0/21.0
添加镜像目的端口 set forwarding-options analyzer port-mirroring-1 output interface ge-17/0/3.0
如果没有镜像数据
为目的接口添加新建vlan		 set interfaces ge-17/0/3 description JingXiang-Port
set interfaces ge-17/0/3 unit 0 family ethernet-switching interface-mode access
set interfaces ge-17/0/3 unit 0 family ethernet-switching vlan members 999
端口镜像是请注意流量负载,可能会造成整块电板、光板down的情况发生。

端口聚合捆绑配置

声明聚合口数量,可修改 set chassis aggregated-devices ethernet device-count 60
聚合口修改mtu值(可选) set interfaces ae1 mtu 9216
聚合组里面链路的带宽 set interfaces ae1 aggregated-ether-options link-speed 10g
启用链路聚合协议(可选) set interfaces ae1 aggregated-ether-options lacp active
用于动态监测链路是否可用,并自动添加/删除链路,需要对端也配置,
deactive set interfaces ae1 aggregated-ether-options lacp active
如果对端不支持lacp动态负载可禁用lacp
每30秒发一个lacp pdu set interfaces ae1 aggregated-ether-options lacp periodic period slow
聚合口业务配置 set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae1 unit 0 family ethernet-switching vlan members 16
set interfaces ae1 unit 0 family ethernet-switching vlan members 85-110
物理口添加到聚合口
 set interfaces xe-0/0/0 gigether-options 802.3ad ae1
如果要将聚合口里的物理口切换别的聚合口,先关闭物理口,再配置别的聚合口,再启用端口
查询加到ae1的物理接口 run show lacp statistics interface ae1
run show interfaces terse |match ae1

8.DHCP服务

DHCP配置

  1. 新增vlan,设置三层接口、三层地址
  2. set vlans v8 description BXH
  3. set vlans v8 vlan-id 8
  4. set vlans v8 l3-interface irb.8
  6. vlan/irb接口启用DHCP服务
  7. set system services dhcp-local-server group v8 interface irb.8
  9. 设置网络号、起始IP、结束IP、租期(建议2H)、主备DNS、网关地址
  10. set access address-assignment pool v8 family inet network 10.3.123.192/26
  11. set access address-assignment pool v8 family inet range v8 low 10.3.123.200
  12. set access address-assignment pool v8 family inet range v8 high 10.3.123.250
  13. set access address-assignment pool v8 family inet dhcp-attributes maximum-lease-time 3600
  14. set access address-assignment pool v8 family inet dhcp-attributes name-server 10.3.71.3
  15. set access address-assignment pool v8 family inet dhcp-attributes name-server 10.3.71.4
  16. set access address-assignment pool v8 family inet dhcp-attributes router 10.3.123.193

服务状态

显示DHCP服务 show system services dhcp | display set
显示DHCP服务 > show system services dhcp (binding/conflict/global/pool/statistics)
绑定·显示DHCP客户端绑定信息
冲突·显示DHCP地址冲突
全局·显示DHCP全局范围信息
池 ·显示DHCP地址池信息
统计信息·显示DHCP统计信息

vlan配置

新增vlan名称ID
vlan描述
mac数量
mac生存时间
绑定三层接口
端口添加到vlan		 set vlans zte_vlan vlan-id 10
set vlans zte_vlan description “描述”
set vlans zte_vlan mac-limit 200
set vlans zte_vlan mac-table-aging-time 600
set vlans zte_vlan l3-interface vlan.10
set vlans zte_vlan interface ge-0/0/1.0
端口修改为access 加入到新VLAN set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 10
设置端口为Trunk 仅允许vlan10通过 允许所有vlan通过 删除端口下所有vlan set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 10 set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members all del interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members

三层配置

创建三层逻辑子端口 set interfaces vlan unit 10 family inet address 192.168.1.1/24
设置为二层接口
设置为三层接口
三层接口IP地址
删除二三层信息		 set interfaces ge-0/0/1 unit 0 family ethernet-switching
set interfaces ge-0/0/1 unit 0 family inet
set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/30
del interfaces ge-0/0/1 unit 0

安全配置

用户锁定策略 set system login re

备份恢复

FTP备份方式 show configuration | save EX4200CONFIG.txt
ftp 10.0.0.132
ftp> asc ftp> put EX4200CONFIG.txt ftp> bye
FTP备份文件恢复 load merge /var/tmp/config20220225 relative
先将配置上传到设备(比如/var/tmp/目录)。
配置恢复 load override EX4200CONFIG.txt
批量导入C格式配置 load merge relative
输入命令回车,将配置复制、粘贴到窗口,
最后一行再回车一下,用Ctrl + D终止输入。
恢复出厂设置 液晶面板上按菜单,当出现reset factiory之后按确定进入。
load factory-default
set system root-authentication plain-text-password
密码恢复 启动过程中,console上出现下面的提示的时候,按任意键中断正常启动方式,然后再进入单用户状态
执行密码恢复:在以下提示文字后输入recovery
进入配置模式,删除root密码:root> configure
root# delete system root-authentication
root# commit
root# exit root> exit
重新启动后,配置新的root密码,交换机恢复正常。

设置syslog服务器

设置syslog服务器
warning级别错误日志		 set system syslog host 192.168.1.254 any error
set system syslog host 192.168.1.254 interactive-commands warning

未解之谜

stp/rstp/mstp/ecmp/ospf/端口镜像/端口广播风暴控制/vrrp/OSPF中配置BFD/Virtual Chassis设置