SRX一些配置命令

设备初始化

1.1 初始登录设备

#默认账号和密码：root/空
login: root         
Password:
root@% cli          //进入操作模式
root>
root> configure     //进入配置模式（默认share）

1.2 基础配置

#设置root用户口令,首次登录修改，方便后续操作
root@SRX# set system root-authentication plain-text-password    
New password:
Retype new password:
root@SRX#show system root-authentication

#设置主机名
root@SRX#set system host-name SRX

#设置时间
root@SRX#set system time-zone Asia/Shanghai
root@SRX# run set date 201808251200.00

#设置DNS
root@SRX#set system name-server 114.114.114.114

#设置SNMP
root@SRX#set snmp client-list snmp_list 192.168.1.0/24
root@SRX#set snmp community juniper client-list-name snmp_list authorization read-only
----------------------远程登录管理----------------------
#超级用户
root# set system login user admin class super‐user authentication plain‐text‐password     //创建一个超级用户admin
New password:
Retype new password:

#开启telnet/ssh/web/ping服务
#全局服务
set system services ssh
set system services telnet
set system services web-management http interface ge-0/0/0.0
set system services web-management https interface ge-0/0/0.0
set system services web-management https system-generated-certificate
#放开内网telnet/ssh/web/ping服务
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services telnet
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services http
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services https
#或者放开所有服务
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services all

----------------------接口初始化配置----------------------
#传统set接口配置
root# set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.111/24
#Edit配置
root# edit interfaces ge-0/0/0 unit 0        //进入接口GE-0/0/0
root# set family inet address 192.168.1.111/24
root#commit     #保存配置

#SVI配置
root@SRX#set protocols l2-learning global-mode transparent-bridge  //切换为透明墙需要重启才能生效
root@SRXset vlans vlan10 vlan-id 10  //创建vlan
root@SRXset vlans vlan10 l3-interface irb.10  //创建三层vlan
root@SRXset interfaces irb unit 10 family inet address 192.168.10.254/24
root@SRXset interfaces ge-0/0/0 unit 0 family ethernet-switching interface-mode access  //配置成acces模式
root@SRXset interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan10  //接口划入vlan10

#子接口配置
root@SRX# set interfaces ge-0/0/0 vlan-tagging
root@SRX# set interfaces ge-0/0/0 unit 10 vlan-id 10 family inet address 192.168.10.254/24
root@SRX# set security zones security-zone trust interfaces ge-0/0/0.10

#trunk接口配置
root@SRX# set interfaces ge-0/0/0 unit 10 family ethernet-switching port-mode trunk vlan members 10
root@SRX# set vlans vlan10 vlan-id 10 l3-interface vlan.10
root@SRX# set security zones security-zone trust interfaces ge-0/0/0.10 

1.3 密码恢复

#设备掉电重启，看到如下提示按“空格”键：
Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [/kernel]...

#进入单用户模式
loader>
loader>boot -s

#执行密码恢复
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh：recovery

#删除root密码后重新设置root密码，并保存配置重启
root# delete system root-authentication
root# set system root-authentication plain-text-password
root# commit
root#exit
root> request system reboot

1.4 维护命令

-------------------------show命令----------------------------------
root@SRX> show configuration | display set | no-more                   //显示set格式的当前配置
root@SRX> request system license add terminal   //增加license key（Ctrl+D 结束）
root@SRX> show system license                       //查看license
root@SRX> show system license keys
root@SRX> show system processes extensive       //查看进程
root@SRX# restart chassis-control gracefully    //重启进程
root@SRX# set cli screen-length 0               //不分屏
root@SRX> show system uptime                    //查看系统运行时间
root@SRX> show version                          //查看系统版本
root@SRX> show chassis routing-engine           //查看引擎信息
root@SRX> show chassis environment              //查看运行环境
root@SRX> show ntp status                       //查看NTP状态
root@SRX> show ntp associations
root@SRX> show ospf neighbor                    //查看OSPF邻居
root@SRX> show vrrp brief                       //查看VRRP状态
root@SRX> show system alarms                    //查看系统告警
---------------------------快捷命令-------------------------------
root@SRX# load override 20180717.bak
root@SRX# exit   //返回上一级
root@SRX#up    //返回上一级
root@SRX#top    //返回最高级
root@SRX# copy interfaces ge-0/0/2 to ge-0/0/3   //复制配置
root@SRX# delete interfaces ge-0/0/2 unit 0  //删除某个接口配置
root@SRX# delete interfaces                 //删除所有接口配置
root@SRX# delete vlan                       //删除所有vlan配置
root@SRX# delete security                   //删除所有security配置
root@SRX# wildcard delete interfaces ge-0/0/*    //批量删除
root@SRX# edit security nat source              //删除源NAT配置
root@SRX# rename rule-set trust-to-untrust to rule-set  //重命名 inside-to-outside 
root@SRX# replace pattern ge-0/0/2 with ge-0/0/3  //替换配置 //把ge-0/0/2替换成ge-0/0/3root@SRX# load override 20180717.bak
root@SRX# exit   //返回上一级
root#up    //返回上一级
root#top    //返回最上级
root# copy interfaces ge-0/0/2 to ge-0/0/3   //复制配置
root# delete interfaces ge-0/0/2 unit 0  //删除某个接口配置
root# delete interfaces                 //删除所有接口配置
root# delete vlan                       //删除所有vlan配置
root# delete security                   //删除所有security配置
root# wildcard delete interfaces ge-0/0/*    //批量删除
root# edit security nat source              //删除源NAT配置
root# rename rule-set trust-to-untrust to rule-set  //重命名 inside-to-outside 
root# replace pattern ge-0/0/2 with ge-0/0/3  //替换配置 //把ge-0/0/2替换成ge-0/0/3
--------------------------回退命令---------------------------------
root# commit at "2018-6-24 12:30"   //定义某个时间点提交配置
root> clear system commit           //清除未被提交的配置
root# commit comment "Clear system config"  //保存配置，自定义标签
root# run show system commit
root# rollback 0                    //回滚配置
root# commit confirmed             //10分钟之内需commit，否则回滚上一个配置
root# commit                       //确认提交
root@SRX# save 20180717.bak        //保存配置
root@SRX# load override 20180717.bak   //加载配置
root@SRX# load factory-default  //恢复出厂设置（重启后需设置root密码）
------------------------系统相关命令------------------------------
root@SRX> request system reboot  //重启系统
root@SRX> request system power-off  //关闭系统
root@SRX> request system license add terminal   //增加license key（Ctrl+D 结束）
root@SRX> request support information | no-more         //收集tech信息
------------------------功能模块关闭-------------------------------
root@SRX# deactivate security policies  //关闭安全策略模块
root@SRX# deactivate security nat       //关闭NAT模块

作者：点滴技术
链接：https://www.jianshu.com/u/0d9516fb4027
来源：简书
著作权归作者所有。商业转载请联系作者获得授权，非商业转载请注明出处。