JNCIS认证学习指南
1. 路由器启动进程:
当路由器启动,将从flash中加载最新版本的JUNOS软件。倘若在路由器上安装有PC Card和硬盘,也将
额外加载。路由器打开电源后,按下面的顺序查找软件:
1.PC Card(如果安装)
2.flash
3.硬盘
当电源打开路由器,将完成下面几步:
1.打开网管机PC,连接上控制口,辅助端口,或者路由引擎上的管理以太网端口
2.打开各自的后备电源
3.检查电源OK LEDS并且确信路由器的启动信息完全输出到网管设备上
注: 假如没有任何东西插入以太网管理接口,将产生一个常规的RED警告。请连接rj-45连接器解除这个警
告。
其他明显的信息,包含下面内容:
1.接口信息,例如:启动路由引擎、PFE等
2.FPC LEDS,(测试时是闪烁绿灯,测试完成后是常亮绿灯)
3.警告LEDS,(出现问题时)
4.PIC LEDS,(除非接口被配置,否则就处在关闭状态)
2.路由器配置:
当初始配置路由器,你需要配置下面内容:
。root密码设置,有下面三种不通的方法:
1.纯文本
root@router# set system root-authentication plain-text-password password (密码)
2.加密
root@router# set system root-authentication
encrypted-password password
3.安全shell(SSH) (只用于 domestic U.S. 版本)
。主机名设置:
[edit] root@router# set system host-name name
。域名设置:
[edit]
root@router# set system domain-name domain
。管理以太网端口设置:
[edit]
root@router# set interfaces fxp0 unit 0 family inet
address ip-address/prefix-length
。缺省路由设置:
[edit]
root@router# set system backup-router gateway-address
root@router# set routing-options static route default
nexthop gateway-address retain no-advertise
。域名服务器(DNS)设置:
[edit]
root@router# set system name-server dns-address
。非root用户设置:
[edit]
root@router# set system login user username class class
authentication plain-text-password
注:设置非root用户是非常重要的,因为root用户不能Telnet到路由器。
配置完上述内容,保存配置
[edit]
root@router# commit
3. JUNOS Software Upgrade Procedure
1.下载JUNOS
2.备份系统
root@router# request system snapshot
会将 /root下的系统文件备份到 /altroot下,将 /config 下文件备分到 /altconfig .
3.通过FTP copy 数据包到路由上
root@router# file copy
ftp://username:prompt@ftp.hostname.net/ filename
/var/tmp/filename
4.更新软件
root@router> request system software add package-name
Checking available free disk space...11600k available, 6076k suggested...
Installing package '/var/tmp/jbundle-package-name' ...
Auto-deleting old jroute...
Auto-deleting old jdocs...
Auto-deleting old jpfe...
Auto-deleting old jkernel...
Adding JUNOS base software release-number...
Adding jkernel...
Adding jpfe...
Adding jdocs...
Adding jroute...
NOTICE: uncommitted changes have been saved in
/var/db/config/juniper.conf.pre-install
Saving package file in /var/sw/pkg/jbundle-package-name ...
5.结束更新
root@router> request system reboot
详细信息请查看:
www.juniper.net/techpubs/software/junos50/swconfig50-getting-started/html/getting-started-upgra
de50.html#1017395
Table JUNOS Upgrade Software Release Files Filename Contents
jbase Additions to JUNOS
jkernel The operating system package
jroute The routing engine software
jpfe The PFE software
jdocs Updated online reference documentation
jcrypto Security software (U.S. domestic only)
jbundle All of the files combined
4.命令行接口:
操作模式
进入和退出操作模式:
下面的例子显示了使用用户名 root登陆到路由器进入到操作模式
login: root
Password:
Last login: Wed Nov 28 18:40:03 from 192.168.161.250
--- JUNOS 5.0R2.4 built 2001-09-25 02:34:13 UTC
root@52network>
Exit the operational mode by using the quit command:
root@52network> quit
52network (ttyd0)
login:
设置CLI:
1. set cli命令:
root@52network> set CLI ?
Possible completions:
complete-on-space Toggle word completion on space
idle-timeout Set the CLI maximum idle time
prompt Set the CLI command prompt string
restart-on-upgrade Set CLI to prompt for restart after a software upgrade
screen-length Set number of lines on screen
screen-width Set number of characters on a line
terminal Set terminal type
2.set CLI complete-on-space
这个命令将允许自动完成命令,语法如下:
set CLI complete-on-space <on|off>
例子:
root@52network> show p
^
'p' is ambiguous.
Possible completions:
pfe Show packet forwarding engine data
pim Show information about PIM
policy Show policy information
root@52network> show po<space>
root@52network> show policy
3.set CLI idle-timeout
设置CLI会话空闲时的最大时间
语法:
set CLI idle-timeout <timeout> (0-100000 minutes)
例子:
root@52network> set CLI idle-timeout 1
Idle timeout set to 1 minute
root@52network> Warning: session will be closed in 10 seconds if there is no activity
Idle timeout exceeded: closing session
4.set CLI prompt
设置cli会话操作模式下的提示符
语法:
set cli prompt <cli-prompt>
例子:
root@52network>set cli prompt newprompt
newprompt>
5.set CLI restart-on-upgrade
设置当软件更新完成,将提示去重新启动路由器,默认打开
语法:
set CLI restart-on-upgrade <on|off>
6.set CLI screen-length and screen-width
设置cli屏幕长度和宽度
语法:
set CLI screen-length <length> Number of lines on screen (0..100000)
set CLI screen-width <width> Number of characters on a line (0..100000)
例子:
root@52network> set CLI screen-length 2
Screen length set to 2
root@52network> set CLI screen-width 5
Screen width set to 5
7. set CLI terminal
设置路由器的终端类型
root@52network> set CLI terminal ?
Possible completions:
ansi ANSI-compatible terminal
small-xterm Small (24 line) xterm window
vt100 VT100-compatible terminal
xterm Large (65 line) xterm window
7. set date
设置时间
语法:
set date <time> New date and time (YYYYMMDDhhmm.ss)
例子:
root@52network> set date 200202171448.00
Sun Feb 17 14:48:00 UTC 2002
8. 操作模式中的基本操作:
Function Keyboard Sequence
Move cursor back one character Ctrl-b
Move cursor forward one character Ctrl-f
Move cursor to beginning of line Ctrl-a
Move cursor to end of line Ctrl-e
Delete character before the cursor Ctrl-h, Delete, Backspace
Delete character the cursor is on Ctrl-d
Delete word before cursor Ctrl-w, Esc-Backspace, Alt-Backspace
Insert most recently deleted text at the cursor Ctrl-y
Redraw the current line Ctrl-l
Scroll backward through history Ctrl-p
Scroll forward through history Ctrl-n
Search CLI history in reverse order Ctrl-r
Move cursor back one word Esc-b or Alt-b
Move cursor forward one word Esc-f or Alt-f
Delete the word after the cursor Esc-d, Alt-d
Search CLI history Esc-/
Specify the number of times to execute a key-board sequence (number from one to nine)
Esc-number sequence, Alt-number sequence
9. cli注释信息:
root@52network> show con
^
'con' is ambiguous.
(命令不完整)
root@52network> set CLI
^
syntax error, expecting <command>
(语法错误)
10.控制cli输出信息:
1.显示输出:
root@52network> show configuration
version 5.0R3.3;
system {
host-name 52network;
login {
user test {
uid 2001;
class superuser;
authentication {
encrypted-password "$Upc0"; # SECRET-D
ATA
}
}
user root {
uid 2000;
class superuser;
authentication {
encrypted-password "0"; # SECRET-D
ATA
---(more)---
定制输出信息使用管道参数:
这个参数可以帮助在一个大的文件中快速的找到制定的信息
root@52network> show configuration | ?
Possible completions:
count Count occurrences
display Display additional information
except Show only text that does not match a pattern
find Search for the first occurrence of a pattern
hold Hold text without exiting the --More-- prompt
match Show only text that matches a pattern
no-more Don't paginate output
resolve Resolve IP addresses
save Save output text to a file
trim Trim specified number of columns from start of line
2.过滤输出信息
1. count:
显示文件或列表行数
语法:
show route protocol isis | count
例子:
root@52network> show configuration | count
Count: 143 lines
root@52network> show route protocol isis | count
Count: 59 lines
2.display:
display命令提供显示输出xml格式
语法:
show configuration | display xml
例子:
root@52network> show configuration | display xml | find interfaces
<interfaces>
<interface>
<name junos:key="key">fxp0</name>
<speed>100m</speed>
<link-mode>full-duplex</link-mode>
<unit>
<name junos:key="key">0</name>
<encapsulation>802.3-llc</encapsulation>
<family>
<inet>
<address>
<name junos:key="key">192.168.161.16/24</name>
</address>
</inet>
</family>
</unit>
</interface>
</interfaces>
</configuration>
</rpc-reply>
3.except:
此参数设置显示输出信息不包含指定信息
语法:
show configuration | except <pattern> pattern to avoid
例子:
root@52network> show configuration
version 5.0R3.3;
system {
host-name 52network;
login {
user test {
uid 2001;
class superuser;
authentication {
encrypted-password "$1$A"; # SECRET-DATA
}
}
user root {
uid 2000;
class superuser;
authentication {
encrypted-password "niG0"; # SECRET-DATA
root@52network> show configuration | except uid
version 5.0R3.3;
system {
host-name 52network;
login {
user test {
class superuser;
authentication {
encrypted-password "$1$A"; # SECRET-DATA
}
}
user root {
class superuser;
authentication {
encrypted-password "niG0"; # SECRET-DATA
4.find 和match命令
find查找指定信息,并且显示所有相似信息
match查找指定信息,并且只显示此指定信息
语法:
show route | find <pattern> pattern to search for
show route | match <pattern> pattern to match against
例子:
root@52network> show route | find 192.168.161.0
192.168.161.0/24 *[Direct/0] 3d 02:05:58
> via fxp0.0
192.168.161.16/32 *[Local/0] 3d 02:05:58
Local
root@52network> show route | match 192.168.161.0
192.168.161.0/24 *[Direct/0] 3d 02:06:08
5.hold
hold参数设置通过up和down翻动查看文件。
语法:
show configuration | hold
6.save
将捕获信息保存到文件中
语法:
show configuration | save <filename> Output file name (or URL)
file list <[Enter]>
file show <filename> Filename to display
例子:
root@52network> show configuration | save my_local_file
Wrote 54 lines of output to 'my_local_file'
root@52network> file list
.ssh/
my_local_file
root@52network> file show my_local_file
version 4.3R1.4;
system {
host-name 52network;
ports {
console type vt100;
}
login {
class superuser {
permissions all;
}
user root {
uid 2000;
root@52network> show configuration | save ftp://192.168.5.107/my_ftp_file
Wrote 54 lines of output to 'ftp://192.168.5.107/my_ftp_file'
7.trim
trim参数设置显示输出整齐的行数
语法:
show configuration | trim <columns> Number of columns to trim
例子:
root@52network> show configuration | trim 3
sion 4.3R1.4;
tem {
host-name 52network;
ports {
console type vt100;
8.搜索输出信息
搜索和操作屏幕信息,下面是一些常用快捷键
Keyboard Sequences for Searching and Manipulating On-screen Data
Function Keyboard Sequence
List the keyboard sequences available when the -(more)- prompt is displayed h
Display output all at once (like no-more option) N
Repeat previous search for a string n
Search for a text string (like match option) m or M
Search, ignoring a text string (like except option) e or E
Do not redisplay prompt after displaying the output (like hold option) H
Clear match conditions and display complete output c or C
Save output to a file (like save option) s or S
Scroll down one line Enter, k, Ctrl-m, Ctrl-n, down arrow
Scroll down a half screen Tab, d, Ctrl-d, Ctrl-x
Scroll down whole screen Space, Ctrl-f
Scroll down to bottom of output Ctrl-e, G
Display previous line output j, Ctrl-h, Ctrl-p, up arrow
Scroll up a half screen u, Ctrl-u
Scroll up a whole screen b, Ctrl-b
Scroll to top of screen g, Ctrl-a
Search forward /string
Search backward ?string
/参数可以非常有用的帮助我们搜索文件。输入 / 参数,然后输入字符串。
下面的例子中,我们搜索bgp的信息
root@52network> show configuration
version 5.0R2.4;
system {
host-name 52network;
login {
class superuser {
permissions all;
}
user root {
uid 2000;
class superuser;
authentication {
encrypted-password "lGdV/"; # SECRET-DATA
Search for: bgp
bgp {
traceoptions {
file 539test4again2;
flag all;
}
local-address 2.2.2.2;
group IPV4_IBGP_ONLY {
type internal;
family inet {
unicast;
}
family inet-vpn {
unicast;
}
neighbor 4.4.4.4 {
traceoptions {
file vpntest;
flag all;
}
}
}
}
ospf {
11.查看cli历史信息:
root@52network> show CLI history
09:48:23 ?show route table mpls.0
09:48:33 ?show route table inet.0
09:48:42 ?show chassis hardware
09:48:50 ?show CLI history
12.查看用户信息
root@52network> show system users
8:04AM up 41 days, 18 hrs, 2 users, load averages: 0.02, 0.01, 0.00
USER TTY FROM LOGIN@ IDLE WHAT
root d0 - 8:03AM - CLI
lab p0 192.168.161.10 7:55AM 2 /bin/csh
13.cli帮助信息:
root@52network> help ?
Possible completions:
reference Reference material
topic Help for high level topics
topic (主题信息 )
下面帮助信息告诉你如何配置多播源发现协议(msdp)
root@52network> help topic msdp group
Configure MSDP Groups
An MSDP router must know which routers are its peers (neighbors). You define
the peer relationships explicitly by configuring the neighboring routers that
are the MSDP peers of the local router. After peer relationships are
established, the MSDP peers exchange messages to advertise active multicast
sources. You can arrange peers into different groups. Each group must contain
at least one peer. Arranging peers into groups is useful if you want to block
sources from some peers and accept them from others or set tracing options on
one group and not the others.
To configure MSDP groups, include one or more of the following statements at
the [edit protocols msdp group group-name] hierarchy level:
[edit protocols msdp]
group group-name {
disable;
export [ policy-name ];
import [ policy-name ];
local-address address;
mode <(mesh-group | standard)>;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
traceflag flag <flag-modifier> <disable>;
}
peer address; {
disable;
export [ policy-name ];
import [ policy-name ];
local-address address;
traceoptions {
file name <replace> <size size> <files number>
<no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
}
The individual statements are discussed in separate sections.
reference 参数将告诉更多的一些详细信息
root@52network> help reference msdp group
group
Syntax
group group-name {
disable;
export [ policy-name ];
import [ policy-name ];
local-address address;
mode (mesh-group|standard)
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
peer address; {
disable;
export [ policy-name ];
import [ policy-name ];
local-address address;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
}
}
Hierarchy Level
[edit protocols msdp]
Description
Define an MSDP peer group. MSDP peers within groups share common
traceoptions, if present and not overridden for an individual
peer with the peer statement. To configure multiple MSDP groups, include multiple group
statements.
By default, the group's options are identical to the global MSDP options.
To override the global options, include group-specific options within the
group statement.
The group must contain at least one peer.
Options
5. 配置模式:
1.进入和退出配置模式:
junos cli有两种方法进入配置模式:
1.edit命令 2.configure
例子:
root@52network> edit
Entering configuration mode
[edit]
root@52network#
root@52network> configure
Entering configuration mode
[edit]
root@52network#
退出配置模式使用命令:
1.exit
例子:
[edit]
root@52network# exit
Exiting configuration mode
root@52network>
2.配置模式层次
下面的列表提供了配置模式下的有效命令:
[edit]
root@52network# ?
Possible completions:
<[Enter]> Execute this command
activate Remove the inactive tag from a statement
annotate Annotate the statement with a comment
commit Commit current set of changes
copy Copy a statement
deactivate Add the inactive tag to a statement
delete Delete a data element
edit Edit a sub-element
exit Exit from this level
help Provide help information
insert Insert a new ordered data element
load Load configuration from an ASCII file
quit Quit from this level
rename Rename a statement
rollback Roll back database to last committed version
run Run an operational-mode command
save Save configuration to an ASCII file
set Set a parameter
show Show a parameter
status Display users currently editing the configuration
top Exit to top level of configuration
up Exit one level of configuration
3.理解配置模式下的提示标语:
这些提示标语将根据配置改变
例子:
root@52network> configure
Entering configuration mode
[edit]
root@52network#
[edit]
root@52network# edit protocols bgp
[edit protocols bgp]
root@52network#
4.操作配置模式
在操作模式中可以使用 up ,top移动到不通的级别中,exit退出配置模式
例子:下面例子解释了怎样在不通的级别中却换。下面的命令改变用户适当的配置模式并且改变提示标
语
[edit]
root@52network# edit protocols bgp family inet any rib-group
[edit protocols bgp family inet any rib-group]
root@52network# top
[edit]
root@52network# edit protocols bgp family inet any rib-group
[edit protocols bgp family inet any rib-group]
root@52network# up
[edit protocols bgp family inet any]
root@52network# up 2
[edit protocols bgp]
root@52network# top
[edit]
5.理解如何保存配置文件和配置文件存储位置
juniper路由器提供非常好的机制管理配置文件,junos是基于freebsd unix,所以在cli中有很多unxi特
性。在这里讨论如何去管理配置文件和保存配置。
当你要保存配置文件时,输入commit命令,你将看到新的系统信息。
junos有当前配置文件,后备配置文件和早先提交的九个配置文件。这些文件存储在不通位置。
当前配置文件名为juniper.conf,存储在flash的 /config目录,增加的juniper.conf的三个和更多的文件
存储在/config:juniper.conf.1.gz,juniper.conf.2.gz和juniper.conf.3.gz。这些文件是压缩文件而当前配置
文件不是压缩文件。其他五个配置文件存储在硬盘 /var/db/config目录下,文件名跟其他文件格式一样,开
始为juniper.conf.4.gz。
例子:
root@52network> file list ?
Possible completions:
<[Enter]> Execute this command
<path> Path to list
root@52network> file list /config
juniper.conf
juniper.conf.1.gz
juniper.conf.2.gz
juniper.conf.3.gz
root@52network> file list /var/db/config/
juniper.conf++
juniper.conf.4.gz
juniper.conf.5.gz
juniper.conf.6.gz
juniper.conf.7.gz
juniper.conf.8.gz
juniper.conf.9.gz
juniper.conf.post-install
juniper.conf.pre-install
root@52network> file show ?
Possible completions:
<filename> Filename to display
root@52network> file show /config/juniper.conf
version 5.1R1.4;
system {
host-name 52network;
6.返回早前配置
提供九个配置文件是一个非常好的机制。这个特性允许路由器返回到以前的配置,并且非常简单。
下面的例子,让路由器返回到倒数第二次保存的配置
[edit]
root@52network# rollback 2
load complete
root@52network# commit
commit complete
[edit]
root@test#
注:当使用rollback,而没有任何号码时,将返回到最后一次保存的配置。当使用了rollback后,可以使用
show | compare 比较当前的和先前配置的区别,不通的地方会被标示出来+(增加部分)和?(删除部分)
7.在配置模式下执行操作模式命令。
使用在操作模式命令前增加run命令
例子:
[edit]
root@52network# run show route protocol isis
inet.0: 32 destinations, 32 routes (32 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.0/24 *[IS-IS/18] 3d 11:20:48, metric 30, tag 2
> to 10.0.21.1 via ge-1/0/0.0
10.0.1.0/24 *[IS-IS/18] 3d 11:20:48, metric 30, tag 2
to 10.0.21.1 via ge-1/0/0.0
8.显示配置信息
junos可以在配置模式下不通的级别下显示相关的信息,使用show命令显示信息。
例子:
[edit]
root@52network# show
version 5.1R1.4;
system {
host-name 52network;
login {
class superuser-local {
permissions all;
[edit protocols bgp]
root@52network# show
group internal {
type internal;
local-address 192.168.20.1;
neighbor 192.168.16.1;
}
group external {
type external;
peer-as 2;
neighbor 10.0.23.2;
}
[edit]
root@52network# show routing-options static
route 172.16.252.0/24 {
next-hop 192.168.161.199;
retain;
9.保存,修改和加载配置文件
junos cli提供了工具选择不通的区域保存,修改和加载配置文件。文件可以通过ftp服务器上传、下载和
存储在本地。
1.保存
配置模式下,可以显示配置信息和使用save | 选项去保存配置文件到路由器或者ftp服务器。
例子:
1.保存文件到本地,文件名为testfile
[edit]
root@52network# save testfile
Wrote 94 lines of configuration to 'testfile'
2.保存到ftp服务器:
[edit]
root@52network# save ftp://192.168.161.9/testftp
Receiving ftp://192.168.161.9/testftp (1832 bytes): 100%
1832 bytes transferred in 0.0 seconds (2.42 MBps)
Wrote 94 lines of configuration to 'ftp://192.168.161.9/testftp'
2.修改配置文件
在cli下,可以去注释,复制,删除,重命名和插入配置。
1.注释
注释特性允许存储配置中的记录,其描述配置中的一些信息。
下面的例子,增加了bgp group external 的注释信息externalannotation:
[edit protocols bgp]
root@52network# annotate group external externalannotation
[edit protocols bgp]
root@52network# show
group internal {
type internal;
local-address 192.168.20.1;
neighbor 192.168.16.1;
}
/* externalannotation */
group external {
type external;
peer-as 2;
neighbor 10.0.23.2;
2.复制
假如你需要增加用户,替换一些信息,可以使用copy命令
下面的例子示范了复制用户lab到新用户
[edit]
root@52network# copy system login user lab to user labcopy
3.删除
下面的例子将重protocols bgp级别中删除组external。如果想完全关闭bgp,请使用delete
protocols bgp命令。
[edit]
root@52network# delete protocols bgp group external
4.重命名
例子:
[edit system login]
root@52network# rename user labcopy to user labcopy2
5.插入
提供排列和定制配置文件,特别是term策略。insert命令帮助移动一些行到配置文件其他行的前面
或后面。
例子:
[edit policy-options policy-statement insert_test]
root@52network# show
term 1 {
from protocol static;
then accept;
}
term 2 {
from protocol bgp;
then accept;
}
term 3 {
from protocol ospf;
then accept;
}
root@52network# insert term 3 before term 2
[edit policy-options policy-statement insert_test]
root@52network# show
term 1 {
from protocol static;
then accept;
}
term 3 {
from protocol ospf;
then accept;
}
term 2 {
from protocol bgp;
then accept;
}
6.激活和非激活
命令可以用来关闭一些参数,其不会从配置文件中删除。
例子:假如一个用户将离开公司并且很长时间不访问路由器,可以将其置于非激活状态。
[edit system login]
root@52network# deactivate user lab
[edit system login]
root@52network# show
class superuser-local {
permissions all;
}
inactive: user lab {
uid 2000;
[edit system login]
root@52network# activate user lab
[edit system login]
root@52network# show
class superuser-local {
permissions all;
}
user lab {
uid 2000;
7.从cli加载配置文件
加载配置文件使用load命令,有三种方式:
1.加载merge联合新文件和现有后备配置文件
例子:
第一个输出显示接口配置,在这里只有一个接口ge-1/0/0,当使用load merge命令,这个文件
interfaces将合并后备配置文件,在这个例子结果增加了so-6/0/0接口
[edit]
root@52network# show interfaces
ge-1/0/0 {
unit 0 {
family inet {
address 10.0.21.2/24;
}
family iso;
}
}
[edit]
root@52network# load merge interfaces
load complete
[edit]
root@52network# show interfaces
ge-1/0/0 {
unit 0 {
family inet {
address 10.0.21.2/24;
}
family iso;
}
}
so-6/0/0 {
unit 0 {
family inet {
address 10.0.23.1/24;
}
family iso;
}
}
2.加载replace配置文件中覆盖指定部分
要替换指定区域需要先使用replace:标记,在完成load replace,inet address合并 ge-1/0/0
接口并且改变配置.
例子:
[edit]
root@52network# show interfaces
ge-1/0/0 {
unit 0 {
family inet {
address 10.0.21.2/24;
}
family iso;
Contents of the replace_ge_inef file
interfaces {
replace:
ge-1/0/0 {
unit 0 {
family inet {
address 10.0.44.2/24;
}
family iso;
}
[edit]
root@52network# load replace replace_ge_inet
load complete
[edit]
root@52network# show interfaces
ge-1/0/0 {
unit 0 {
family inet {
address 10.0.44.2/24;
}
family iso;
3.加载override覆盖完整的后备配置文件
下面例子中,当前配置系统主机名设置为52network,用户root,加载文件override只有系统主
机名和允许的服务。当使用load override命令,文件override将完全覆盖后备配置:
[edit]
root@52network# show
version 5.1R1.4;
system {
host-name 52network;
login {
class superuser-local {
permissions all;
}
user root {
uid 2000;
class superuser;
[edit]
root@52network# load override override
load complete
[edit]
root@52network# show
system {
host-name override;
login {
class superuser-local {
permissions all;
}
user lab {
uid 2000;
class superuser;
authentication {
encrypted-password "$ /"; # SECRET-DATA
}
}
}
services {
ftp;
ssh;
telnet;
}
}
8.从终端加载配置
在junos cli中,也可以输入ascii格式的配置参数。
下面的例子,用户lab输入load override terminal并且粘帖配置到终端上,使用ctrl-d可以终止
。
[edit]
root@52network# load override terminal
[Type ^D to end input]
system {
host-name override;
login {
class superuser-local {
permissions all;
}
user lab {
uid 2000;
class superuser;
authentication {
encrypted-password "$ /"; # SECRET-DATA
}
}
}
services {
ftp;
ssh;
telnet;
}
}
load complete
9.建立配置组
配置组可以帮助我们方便的增加一些特性,应用配置组到许多的使用相同特性的区域,可以简化
配置。
组建立在配置模式,输入set groups命令,定义一个组名,然后定义组的参数。
语法:
set groups <group_name> Group name
当组建立后,需要应用到一个配置项目中
语法:
set interfaces apply-groups <value> Groups from which to inherit
configuration data
下面例子介绍了怎样配置组,将组应用到一个接口上。建立一个叫encap_fr的组,指定
encapsulation frame relay到这个组中,接口应用这个组,将继承组的参数encapsulation frame relay
[edit]
root@52network#set groups encap_fr interfaces <so*> encapsulation frame-relay
[edit]
root@52network# set interfaces so-6/0/0 apply-groups encap_fr
[edit]
root@52network# show
version 5.0R2.4;
groups {
encap_fr {
interfaces {
<so*> {
encapsulation frame-relay;
interfaces {
so-6/0/0 {
apply-groups encap_fr;
unit 0;
}
so-6/0/1 {
unit 0;
}
so-6/0/2 {
unit 0;
}
so-6/0/3 {
unit 0;
10.配置模式的帮助信息
配置模式中有三种帮助内容
help topic 和 help reference , help apropos 是早期的命令。帮助命令一个非常有用的工具。
下面给出了它的语法和例子:
[edit]
root@52network# help ?
Possible completions:
apropos Find help information about a topic
reference Reference material
topic Help for high level topics
[edit]
root@52network# help apropos asp
set system time-zone <time-zone> Europe/Tiraspol
Time zone for Transdniestria
set system time-zone <time-zone> Europe/Samara
Time zone for Moscow+01 - Caspian Sea
set protocols bgp traceoptions flag aspath
set protocols bgp group <group_name> traceoptions flag aspath
set protocols bgp group <group_name> neighbor <address> traceoptions flag aspath
set policy-options as-path <aspath_name>
Name to identify AS path regular expression
set routing-instances <instance_name> protocols bgp traceoptions flag aspath
set routing-instances <instance_name> protocols bgp group <group_name> traceoptions flag
aspath
set routing-instances <instance_name> protocols bgp group <group_name> neighbor <address>
traceoptions flag aspath
