juniper配置汇总
基础配置
set system root-authentication plain-text-password (配置root密码,必须配置,密码要求字母和数字且大于6位)
set system login user admin class super-user authentication plain-text-password (配置普通用户,用于telnet,密码要求字母和数字且大于6位)
set system services telnet(开启telnet服务)
commit(提交配置,juniper设备配置不是立即生效,需要commit进行提交才能生效)
接口配置:
set interfaces ge-0/0/2.0 family inet address 10.0.0.1/30(.0指的是物理接口)
set interfaces ge-0/0/2.0 family inet address 10.0.0.1/30 primary
set interfaces ge-0/0/2.0 family inet address 20.0.0.1/30(一个接口下可以写多个ip地址,通过primary可以指定主用ip地址)
指定全双工速率
set interfaces ge-4/0/3 speed 1g
set interfaces ge-4/0/3 link-mode full-duplex
set interfaces ge-4/0/3 gigether-options no-auto-negotiation
lo0配置:
set interfaces lo0.0 family inet address 1.1.1.1/32
端口聚合配置
set chassis aggregated-devices ethernet device-count 10(只需要第一次配置,作用是路由器自动生成多少个聚合端口,目前配置10个,即ae0---ae9)
set interfaces ge-0/0/2 gigether-options 802.3ad ae0(把两个端口划入ae0)
set interfaces ge-0/0/3 gigether-options 802.3ad ae0
set interface ae0.0 family inet address 172.16.0.1/24(给ae0配置IP地址)
snmp配置
set snmp community xxx authorization read-only
set snmp community xxx clients 10.0.0.0/24
set snmp community xxx clients 20.0.0.0/24
ntp配置
set system ntp server x.x.x.x
set system ntp source-address x.x.x.x
syslog配置
set system syslog host x.x.x.x any notice
set system syslog source-address x.x.x.x
vlan配置:
set bridge-domains vlan10 domain-type bridge
set bridge-domains vlan10 vlan-id 10
set bridge-domains vlan10 interface ge-0/0/0.0 //access接口
set bridge-domains vlan10 interface ge-0/0/1.0 //access接口
set bridge-domains vlan10 routing-interface irb.10 //3层接口配置
access接口配置
set interfaces ge-0/0/0 encapsulation ethernet-bridge
set interfaces ge-0/0/0.0 family bridge
set interfaces ge-0/0/1 encapsulation ethernet-bridge
set interfaces ge-0/0/1.0 family bridge
trunk接口配置(穿透配置)
set interfaces ge-0/0/2 flexible-vlan-tagging
set interfaces ge-0/0/2.0 family bridge interface-mode trunk
set interfaces ge-0/0/2.0 family bridge vlan-id-list 10-20
3层接口配置
set interfaces irb.10 family inet address 211.161.112.227/29
子接口方式
set interface ge-0/0/3 flexible-vlan-tagging(推荐用这种方式)
set interface ge-0/0/3 encapsulation flexible-ethernet-services(可以在不同子接口下增加多种封装配置)
set interface ge-0/0/3.10 vlan-id 10
set interface ge-0/0/3.10 family inet address 30.0.0.1/24
set interface ge-0/0/3.20 vlan-id 20
set interface ge-0/0/3.20 family inet address 40.0.0.1/24
二层三层混合
set interfaces ae0 flexible-vlan-tagging
set interfaces ae0 encapsulation flexible-ethernet-services
set interfaces ae0 aggregated-ether-options link-speed mixed
set interfaces ae0 unit 10 vlan-id 10
set interfaces ae0 unit 10 family inet address 192.168.10.1/24
set interfaces ae0 unit 20 family bridge interface-mode trunk
set interfaces ae0 unit 20 family bridge vlan-id-list 11-1000
as配置:
set routing-options autonomous-system 64515
router-id配置:
set routing-options router-id 1.1.1.1
静态路由
set routing-options static route 0.0.0.0/0 next-hop 10.0.0.2
set routing-options static route 100.0.0.0/24 next-hop 12.12.12.2 resolve(juniper设备默认不进行递归查找,如果需要递归则在后面加上resolve命令)
set routing-options static route 100.0.0.0/24 next-hop 12.12.12.2 tag 2000(路由打标)
set routing-options static route 100.0.0.0/24 next-hop 12.12.12.2 passive(将不活跃的路由仍旧装入路由表与cisco ip route x.x.x.x x.x.x.x x.x.x.x active一致)
set routing-options static route 200.0.0.0/24 discard(与cisco的null0路由效果一样)
负载均衡配置(juniper默认不进行负载均衡,需要单独配置)
set policy-options policy-statement load_blance then load-balance per-packet
set routing-options forwarding-table export load_blance
OSPF配置
set protocols ospf area 0 interface xe-2/3/1.0(与cisco不同,是在区域里面把参与ospf进程的接口划进来)
set protocols ospf area 0 interface lo0.0 passive
set protocols ospf area 0 interface irb.10 passive
set protocols ospf area 0 interface ge-0/0/2.0 metric 100
set protocols ospf area 0 interface xe-2/2/0.0 passive
set protocols ospf area 0 interface xe-2/2/1.0 passive
BGP配置
set protocols bgp group ebgp peer-as 6666
set protocols bgp group ebgp type external
set protocols bgp group ebgp multihop ttl 2 (ebgp多跳)
set protocols bgp group ebgp neighbor 124.207.160.1
set protocols bgp group ibgp type internal
set protocols bgp group ibgp neighbor 3.3.3.3
set protocols bgp group ibgp local-address 1.1.1.1
BGP发路由
set policy-options policy-statement bgp term 1 from route-filter 101.0.0.0/24 exact
set policy-options policy-statement bgp term 1 from route-filter 201.0.0.0/24 exact
set policy-options policy-statement bgp term 1 then accept
set policy-options policy-statement bgp term 2 then reject
set protocols bgp group ebgp neighbor 124.207.160.1 export bgp
策略配置
ospf引入静态路由和直连路由配置
set policy-options policy-statement ospf_red term 1 from protocol static
set policy-options policy-statement ospf_red term 1 from protocol direct
set policy-options policy-statement ospf_red term 1 then accept
set protocols ospf export ospf_red
ospf引入默认路由
set policy-options policy-statement ospf_default term 1 from route-filter 0.0.0.0/0 exact
set policy-options policy-statement ospf_default term 1 then accept
set protocols ospf export ospf_default
bgp前缀列表限制路由条目
set policy-options prefix-list bgp_list 10.0.0.0/24
set policy-options prefix-list bgp_list 20.0.0.0/24
set policy-options policy-statement bgp term 1 from protocol bgp
set policy-options policy-statement bgp term 1 from prefix-list-filter bgp_list exact
set policy-options policy-statement bgp term 1 then accept
set policy-options policy-statement bgp term 2 then reject
set protocols bgp group ebgp neighbor 124.207.160.1 export bgp(限制路由条目,只允许列表上的条目进入邻居路由器)
set protocols bgp group ebgp neighbor 124.207.160.1 import bgp(限制路由条目,只允许列表上的条目进入本路由器)
bgp过滤AS-PATH
set policy-options as-path NULL-AS "()"
set policy-options as-path AS64527 "^64527$"
set policy-options as-path PLDT "^24115 (23930|9299)$"
set policy-options policy-statement AS64527-in term 1 from protocol bgp
set policy-options policy-statement AS64527-in term 1 from as-path AS64527
set policy-options policy-statement AS64527-in term 1 then accept
set policy-options policy-statement AS64527-in term 100 then reject
set policy-options policy-statement Metro-out term 1 from protocol bgp
set policy-options policy-statement Metro-out term 1 from as-path NULL-AS
set policy-options policy-statement Metro-out term 1 then accept
set policy-options policy-statement Metro-out term 100 then reject
set protocols bgp group ebgp neighbor 124.207.160.1 export Metro-out (限制路由,只允许本as路由进入邻居路由器)
set protocols bgp group ebgp neighbor 124.207.160.1 import AS64527-in (限制路由,只as-paht为64527的as进入路由表 as-path正则表达式与cisco略有不同,如juniper没有"_"而是采用空格替代,具体请参考http://www.juniper.net/techpubs/software/junos/junos94/swconfig-policy/defining-as-path-regular-expressions.html)
(策略可以写多条,也在一个term里面写完)
部分cisco与juniper as-path对比
cisco juniper
^$ ---------> "()"
_65999 ---------> ".* 65999 ."
_65999$ ---------> ". 65999$"
_65...$ ---------> ".* (65000-65999)$"
^18118_17430_9800 ---------> "^18118 17430 9800 .*"
run show route terse aspath-regex "xxxx"
bgp next-hop self
set policy-options policy-statement nh-self term 1 from protocol bgp
set policy-options policy-statement nh-self term 1 then next-hop self
set protocols bgp group ibgp export nh-self
bgp damping
set protocols bgp damping
set protocols bgp group ibgp import damp
set policy-options policy-statement damp from route-filter 192.168.0.0/32 exact damping high
set policy-options policy-statement damp from route-filter 192.168.0.0/32 exact accept
set policy-options policy-statement damp from route-filter 172.16.0.0/32 exact damping medium
set policy-options policy-statement damp from route-filter 172.16.0.0/32 exact accept
set policy-options policy-statement damp from route-filter 10.0.0.0/8 exact damping none
set policy-options policy-statement damp from route-filter 10.0.0.0/8 exact accept
set policy-options damping high half-life 30
set policy-options damping high reuse 750
set policy-options damping high suppress 3000
set policy-options damping high max-suppress 60
set policy-options damping medium half-life 15
set policy-options damping medium reuse 750
set policy-options damping medium suppress 3000
set policy-options damping medium max-suppress 45
set policy-options damping none disable
bgp手工软重启
run clear bgp neighbor 10.0.0.1 soft(软重启出路由)
run clear bgp neighbor 10.0.0.1 soft-inbound (软重启进路由)
ACL配置(juniper叫firewall filter)
set firewall family inet filter acl10 term 1 from source-address 211.162.228.255/32
set firewall family inet filter acl10 term 1 then discard
set firewall family inet filter acl10 term 2 from source-address 212.162.228.255/32
set firewall family inet filter acl10 term 2 then discard
set firewall family inet filter acl10 term last then accept(隐含拒绝,需要最后写一条accept配置)
set interfaces ge-0/0/0.0 family inet filter input acl10(应用到接口进方向)
set interfaces ge-0/0/0.0 family inet filter output acl10(应用到接口出方向)
策略路由配置
策略路由思路与cisco有很大不同,其思路大致是新建一张路由表,再通过acl把数据导入到这个路由表,在这个路由表里面在把路由指到相应的接口,同时这个新建的路由表也要共享主路由表的接口路由。
set routing-instances pbr instance-type forwarding
set routing-instances pbr routing-options static route 0.0.0.0/0 next-hop 10.0.0.2(新建了一个路由表,把路由指向相应的地址)
set firewall family inet filter acl100 term 1 from source-address 211.162.228.253/32
set firewall family inet filter acl100 term 1 then routing-instance pbr(通过acl把需要的流量引入新的路由表pbr)
set firewall family inet filter acl100 term 2 from source-address 11.62.22.21/32
set firewall family inet filter acl100 term 2 then routing-instance pbr
set firewall family inet filter acl100 term last then accept(其余流量按正常转发)
set interfaces ge-0/0/0.0 family inet filter input acl100(把acl应用到相应的接口)
set routing-options rib-groups pbr-group import-rib inet.0
set routing-options rib-groups pbr-group import-rib pbr.inet.0
set routing-options interface-routes rib-group inet pbr-group(把接口路由即直连路由共享)
限速
set firewall policer 100m if-exceeding bandwidth-limit 100m
set firewall policer 100m if-exceeding burst-size-limit 10m
set firewall policer 100m then discard(做一个令牌配置,超过100m的就丢弃)
set firewall family inet filter acl20 term 1 from destination-address 123.0.0.0/24
set firewall family inet filter acl20 term 1 then policer 100m
set firewall family inet filter acl20 term 1 accept
set firewall family inet filter acl20 term 2 accept(通过acl把需要做限速的流量引入到policer,其余流量放过)
set interfaces ge-0/0/0.0 family inet filter output acl120
set interfaces ge-0/0/0.0 family inet filter input acl120(把限速应用到相应的接口进、出方向)
限制管理
先做一个firewall filter(别忘了最后要accept,要不然协议会不通)
set firewall filter aa term 1 from source-address 10.0.0.1/32
set firewall filter aa term 1 from source-address 20.0.0.1/32
set firewall filter aa term 1 from protocol tcp
set firewall filter aa term 1 from port telnet
set firewall filter aa term 1 then accept
set firewall filter aa term 2 from protocol tcp
set firewall filter aa term 2 from port telnet
set firewall filter aa term 2 then discard
set firewall filter aa term last then accept
应用在lo0口
set interfaces lo0.0
set interfaces lo0.0 family inet filter input aa
flow配置
set forwarding-options sampling input rate 2000 run-length 1
set forwarding-options sampling family inet output flow-server x.x.x.x port xxx
set interfaces ge-0/0/0 unit 0 inet sampling output
set interfaces ge-0/0/0 unit 0 inet sampling input
端口镜像
1、把流量镜像到一个接口
set forwarding-options port-mirroring input rate 1
set forwarding-options port-mirroring family inet output interface ge-0/0/2.0 next-hop 20.0.0.2(流量出接口和目的地址)
set firewall filter port_mirror term 1 then port-mirror
set firewall filter port_mirror term 1 then accept
set interfaces ge-0/0/0 unit 0 family inet filter input port_mirror(通过acl把需要采集流量引入到刚才的配置)
set interfaces ge-0/0/0 unit 0 family inet filter output port_mirror
如果流量接收设备无IP地址那么需要知道该设备的MAC地址再写一个假的IP地址即可。
set interface ge-0/0/2.0 fa inet 20.0.0.1/30 arp 20.0.0.2 mac xx:xx:xx:xx:xx
2、把流量镜像到多个接口
set forwarding-options port-mirroring input rate 1
set forwarding-options port-mirroring family inet output next-hop-group inet_nhg(做一个流量出接口组)
set forwarding-options next-hop-group inet_nhg group-type inet interface ge-0/0/2.0 next-hop 20.0.0.2
set forwarding-options next-hop-group inet_nhg group-type inet interface ge-0/0/3.0 next-hop 30.0.0.2
set firewall filter port_mirror term 1 then port-mirror
set firewall filter port_mirror term 1 then accept
set interfaces ge-0/0/0 unit 0 family inet filter input port_mirror(通过acl把需要采集流量引入到刚才的配置)
set interfaces ge-0/0/0 unit 0 family inet filter output port_mirror
3、把vlan内流量镜像到一个接口
set forwarding-options port-mirroring input rate 1
set forwarding-options port-mirroring family inet output interface ge-0/0/2.0 next-hop 20.0.0.2(流量出接口和目的地址)
set firewall filter port_mirror term 1 then port-mirror
set firewall filter port_mirror term 1 then accept
set bridge-domains vlan100 forwarding-options filter input port_mirror(在VLAN广播域的forwading-options中调用firewall filter来实现端口镜像,只做input方向即可)
4、如果要求给予源地址把奇数偶数流量分开走不同的接口
MPC板卡set chassis fpc x port-mirror-instance port_oushu(x指的是镜像的源接口位于的槽位)
MPC板卡set chassis fpc x port-mirror-instance port_jishu(x指的是镜像的源接口位于的槽位)
DPC板卡:set chassis fpc x pic y port-mirror-instance port_oushu (x指的是镜像的源接口位于的槽位,y指的是位于的pfe编号)
DPC板卡:set chassis fpc x pic y port-mirror-instance port_jishu (x指的是镜像的源接口位于的槽位,y指的是位于的pfe编号)
set forwarding-options port-mirroring instance port_oushu
set forwarding-options port-mirroring instance port_oushu input rate 1 run-length 1
set forwarding-options port-mirroring instance port_oushu family inet output interface ge-1/2/1.0 next-hop x.x.x.x
set forwarding-options port-mirroring instance port_oushu family inet output no-filter-check
set forwarding-options port-mirroring instance port_jishu input rate 1 run-length 1
set forwarding-options port-mirroring instance port_jishu family inet output interface ge-1/2/2.0 next-hop x.x.x.x
set forwarding-options port-mirroring instance port_jishu family inet output no-filter-check
set firewall filter gw term oushu from source-address 0.0.0.0/0.0.0.1
set firewall filter gw term oushu then port-mirror-instance port_oushu
set firewall filter gw term oushu then accept
set firewall filter gw term jishu from source-address 0.0.0.1/0.0.0.1
set firewall filter gw term jishu then port-mirror-instance port_jishu
set firewall filter gw term jishu then accept
set firewall filter gw term last then accept
set interface xe-x/x/x.0 family inet filter input gw
set interface xe-x/x/x.0 family inet filter output gw
ip-ip隧道
set chassis fpc xx pic yy tunnel-services bandwidth 1g(让设备生成ip-ip接口)
xx指的是槽位 yy指的是ipip接口位于的pfe的位置,即物理接口的位置(0-3)
set interfaces ip-xx/yy/10 unit 0 tunnel source 10.0.0.1
set interfaces ip-xx/yy/10 unit 0 tunnel destination 10.0.0.2
set interfaces ip-xx/yy/10 unit 0 family inet address 12.12.12.2/30
set interfaces ip-xx/yy/10 unit 1 tunnel source 20.0.0.1
set interfaces ip-xx/yy/10 unit 1 tunnel destination 20.0.0.2
set interfaces ip-xx/yy/10 unit 1 family inet address 14.12.12.2/30
jflow V9 和 IPFIX
1、创建模板
set services flow-monitoring version9 template template1 flow-active-timeout 120
set services flow-monitoring version9 template template1 flow-inactive-timeout 60
set services flow-monitoring version9 template template1 template-refresh-rate packets 100
set services flow-monitoring version9 template template1 template-refresh-rate seconds 600
set services flow-monitoring version9 template template1 option-refresh-rate packets 100
set services flow-monitoring version9 template template1 option-refresh-rate seconds 600
set services flow-monitoring version9 template template1 ipv4-template
set services flow-monitoring version9 template template-v61 flow-active-timeout 120
set services flow-monitoring version9 template template-v61 flow-inactive-timeout 60
set services flow-monitoring version9 template template-v61template-refresh-rate packets 100
set services flow-monitoring version9 template template-v61 template-refresh-rate seconds 600
set services flow-monitoring version9 template template-v61 option-refresh-rate packets 100
set services flow-monitoring version9 template template-v61 option-refresh-rate seconds 600
set services flow-monitoring version9 template template-v61 ipv6-template
set services flow-monitoring version-ipfix template template-v61 flow-active-timeout 150
set services flow-monitoring version-ipfix template template-v61 flow-inactive-timeout 100
set services flow-monitoring version-ipfix template template-v61 template-refresh-rate seconds 30
set services flow-monitoring version-ipfix template template-v61 ipv6-template
2、设置采集实例
set forwarding-options sampling instance instance-1 input rate 1
set forwarding-options sampling instance instance-1 family inet output flow-server 10.50.1.2 port 2055
set forwarding-options sampling instance instance-1 family inet output flow-server 10.50.1.2 version9 template template1
set forwarding-options sampling instance instance-1 family inet output inline-jflow source-address 10.50.1.100
set forwarding-options sampling instance instance-1 family inet output inline-jflow flow-export-rate 10
set forwarding-options sampling instance instance-1 family inet6 output flow-server 10.50.1.2 port 2055
set forwarding-options sampling instance instance-1 family inet6 output flow-server 10.50.1.2 version-ipfix template template-v61
set forwarding-options sampling instance instance-1 family inet6 output inline-jflow source-address 10.50.1.110
set forwarding-options sampling instance instance-1 family inet6 output inline-jflow flow-export-rate 6
3、在板卡上创建采集实例
set chassis fpc 0 sampling-instance instance-1
set chassis fpc 0 inline-services flow-table-size ipv4-flow-table-size 8
set chassis fpc 0 inline-services flow-table-size ipv6-flow-table-size 7
4、创建采集ACL
set firewall family inet filter inet-sample term t1 then sample
set firewall family inet filter inet-sample term t1 then accept
set firewall family inet6 filter inet6-sample term t1 then sample
set firewall family inet6 filter inet6-sample term t1 then accept
5、应用ACL
set interfaces ge-0/0/4 unit 0 family inet filter input inet-sample
set interfaces ge-0/0/4 unit 0 family inet address 150.10.1.1/24
set interfaces ge-0/1/6 unit 0 family inet6 filter input inet6-sample
set interfaces ge-0/1/6 unit 0 family inet6 address 751b:b01:0:2::1/64
mpls
1、创建模板
set services flow-monitoring version-ipfix template mpls-traffic flow-active-timeout 150
set services flow-monitoring version-ipfix template mpls-traffic flow-inactive-timeout 100
set services flow-monitoring version-ipfix template mpls-traffic template-refresh-rate seconds 30
set services flow-monitoring version-ipfix template mpls-traffic mpls-ipv4-template
2、设置采集实例
set forwarding-options sampling instance instance-1 input rate 1
set forwarding-options sampling instance instance-1 family mpls output flow-server 10.50.1.2 port 2055
set forwarding-options sampling instance instance-1 family mpls output flow-server 10.50.1.2 version-ipfix template mpls-traffic
set forwarding-options sampling instance instance-1 family mpls output inline-jflow source-address 10.50.1.110
3、在板卡上创建采集实例
set chassis fpc 0 sampling-instance instance-1
4、创建采集ACL
set firewall family mpls filter mpls-sample term t1 then sample
set firewall family mpls filter mpls-sample term t1 then accept
5、应用ACL
set interfaces ge-0/1/6 unit 0 family mpls filter input mpls-sample
MX80 inline
set chassis tfeb slot 0 sampling-instance sample-ins1
Inline jflow
set chassis fpc 1 sampling-instance jflow
set services flow-monitoring version9 template ipv4 ipv4-template
set forwarding-options sampling instance jflow input rate 100 (100:1 )
set forwarding-options sampling instance jflow family inet output flow-server 192.168.3.2 port 2055 (flow服务器地址和端口号,这个是netflow的默认端口号,也可以自行定义)
set forwarding-options sampling instance jflow family inet output flow-server 192.168.3.2 version9 template ipv4
set forwarding-options sampling instance jflow family inet output inline-jflow source-address 192.168.3.1 (flow流量源地址)
set interfaces xe-1/0/0 unit 0 family inet sampling input
set chassis fpc 0 pic 0 tunnel-services bandwidth 10g
set chassis fpc 0 sampling-instance instance-1
set chassis fpc 0 inline-services flow-table-size ipv4-flow-table-size 9
set services flow-monitoring version9 template ipv4-template ipv4-template
set forwarding-options sampling input rate 1000
set forwarding-options sampling input run-length 1
set forwarding-options sampling input max-packets-per-second 65535
set forwarding-options sampling family inet output flow-inactive-timeout 15
set forwarding-options sampling family inet output flow-active-timeout 60
set forwarding-options sampling family inet output flow-server 10.10.255.252 port 9996
set forwarding-options sampling family inet output flow-server 10.10.255.252 utonomous-system-type origin
set forwarding-options sampling family inet output flow-server 10.10.255.252 no-local-dump
set forwarding-options sampling family inet output flow-server 10.10.255.252 source-address 10.30.0.4
set forwarding-options sampling family inet output flow-server 10.10.255.252 version9 template ipv4-template
set forwarding-options sampling family inet output flow-server 10.20.255.15 port 9996
set forwarding-options sampling family inet output flow-server 10.20.255.15 autonomous-system-type origin
set forwarding-options sampling family inet output flow-server 10.20.255.15 no-local-dump
set forwarding-options sampling family inet output flow-server 10.20.255.15 source-address 10.30.0.4
set forwarding-options sampling family inet output flow-server 10.20.255.15 version9 template ipv4-template
set forwarding-options sampling instance instance-1 input rate 1000
set forwarding-options sampling instance instance-1 input run-length 1
set forwarding-options port-mirroring input rate 10
set forwarding-options port-mirroring family inet output interface xe-0/3/0.0 next-hop 192.168.4.6
配置所有需要开启JFLOW的板卡
set chassis fpc 1 sampling-instance jflow
set chassis fpc 3 sampling-instance jflow
set chassis fpc 5 sampling-instance jflow
15.1F5之前版本会自动重启相关板卡,请小心,15.1F5之后版本配置下面3行不会重启,15.1F5之前版本默认ipv4就是15,也不需要调整
set chassis fpc 1 inline-services flow-table-size ipv4-flow-table-size 12
set chassis fpc 3 inline-services flow-table-size ipv4-flow-table-size 12
set chassis fpc 5 inline-services flow-table-size ipv4-flow-table-size 12
Jflow v9配置
set services flow-monitoring version9 template ipv4 flow-active-timeout 30
set services flow-monitoring version9 template ipv4 flow-inactive-timeout 30
set services flow-monitoring version9 template ipv4 template-refresh-rate seconds 30
set services flow-monitoring version9 template ipv4 option-refresh-rate seconds 30
set services flow-monitoring version9 template ipv4 ipv4-template
set forwarding-options sampling instance jflow input rate 2000
set forwarding-options sampling instance jflow family inet output flow-server 10.64.7.166 port 9995
set forwarding-options sampling instance jflow family inet output flow-server 10.64.7.166 version9 template ipv4
set forwarding-options sampling instance jflow family inet output inline-jflow source-address 172.29.254.3
set forwarding-options sampling instance jflow family inet output inline-jflow
开启jflow的index信息(15.2后的版本release)
set services flow-monitoring version9 template ipv4 flow-key flow-direction
set services flow-monitoring version9 template ipv4 nexthop-learning enable
浙公网安备 33010602011771号