博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
juniper交换机ex2200配置(生产环境)
阅读量:7033 次
发布时间:2019-06-28

本文共 8409 字,大约阅读时间需要 28 分钟。

qnqy-dpf-jrex2200-01# show | display set

set version 12.3R11.2
set system host-name qnqy-dpf-jrex2200-01
set system time-zone Asia/Shanghai
set system root-authentication encrypted-password "$1$7RMyTyeG$tLGAToBggMFhcOw85Ts.EP/"
set system login user admin uid 2000
set system login user admin class super-user
set system login user admin authentication encrypted-password "$1$m5Fp3PtY$cenAvv5Yq6VKsAlA317C2E/"
set system services ftp
set system services ssh
set system services telnet
set system services web-management https system-generated-certificate
set system services web-management https interface all
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system ntp boot-server 192.168.16.45
set system ntp server 192.168.16.45
set chassis alarm management-ethernet link-down ignore
set chassis auto-image-upgrade
set interfaces interface-range allport member-range ge-0/0/0 to ge-0/0/20
set interfaces interface-range allport unit 0 family ethernet-switching port-mode access
set interfaces interface-range allport unit 0 family ethernet-switching vlan members vlan_54
set interfaces interface-range allport unit 0 family ethernet-switching filter input 54
deactivate interfaces interface-range allport unit 0 family ethernet-switching filter
set interfaces ge-0/0/0 unit 0 family ethernet-switching
set interfaces ge-0/0/1 unit 0 family ethernet-switching
set interfaces ge-0/0/2 unit 0 family ethernet-switching
set interfaces ge-0/0/3 unit 0 family ethernet-switching
set interfaces ge-0/0/4 unit 0 family ethernet-switching
set interfaces ge-0/0/5 unit 0 family ethernet-switching
set interfaces ge-0/0/6 unit 0 family ethernet-switching
set interfaces ge-0/0/7 unit 0 family ethernet-switching
set interfaces ge-0/0/8 unit 0 family ethernet-switching
set interfaces ge-0/0/9 unit 0 family ethernet-switching
set interfaces ge-0/0/10 unit 0 family ethernet-switching
set interfaces ge-0/0/11 unit 0 family ethernet-switching
set interfaces ge-0/0/12 unit 0 family ethernet-switching
set interfaces ge-0/0/13 unit 0 family ethernet-switching
set interfaces ge-0/0/14 unit 0 family ethernet-switching
set interfaces ge-0/0/15 unit 0 family ethernet-switching
set interfaces ge-0/0/16 unit 0 family ethernet-switching
set interfaces ge-0/0/17 unit 0 family ethernet-switching
set interfaces ge-0/0/18 unit 0 family ethernet-switching
set interfaces ge-0/0/19 unit 0 family ethernet-switching
set interfaces ge-0/0/20 unit 0 family ethernet-switching
set interfaces ge-0/0/21 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/21 unit 0 family ethernet-switching vlan members 917
set interfaces ge-0/0/22 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/22 unit 0 family ethernet-switching vlan members vlan_54
set interfaces ge-0/0/23 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members all
set interfaces ge-0/1/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/1/0 unit 0 family ethernet-switching vlan members all
set interfaces ge-0/1/2 unit 0 family ethernet-switching
set interfaces ge-0/1/3 unit 0 family ethernet-switching
set interfaces vlan unit 0
set interfaces vlan unit 502 family inet address 192.168.13.171/24
set snmp community public authorization read-only
set routing-options static route 0.0.0.0/0 next-hop 192.168.13.254
set protocols igmp-snooping vlan all
set protocols rstp bridge-priority 60k
set protocols rstp interface allport edge
set protocols vstp vlan vlan_502
set protocols vstp vlan vlan_54
set protocols lldp interface all
set protocols lldp-med interface all
set firewall family inet filter RE_Filter term 1 from source-address 192.168.16.0/24
set firewall family inet filter RE_Filter term 1 from protocol tcp
set firewall family inet filter RE_Filter term 1 from destination-port telnet
set firewall family inet filter RE_Filter term 1 from destination-port ssh
set firewall family inet filter RE_Filter term 1 from destination-port http
set firewall family inet filter RE_Filter term 1 from destination-port ftp
set firewall family inet filter RE_Filter term 1 from destination-port https
set firewall family inet filter RE_Filter term 1 then accept
set firewall family inet filter RE_Filter term 2 from protocol tcp
set firewall family inet filter RE_Filter term 2 from destination-port telnet
set firewall family inet filter RE_Filter term 2 from destination-port ssh
set firewall family inet filter RE_Filter term 2 from destination-port http
set firewall family inet filter RE_Filter term 2 from destination-port ftp
set firewall family inet filter RE_Filter term 2 from destination-port https
set firewall family inet filter RE_Filter term 2 then discard
set firewall family inet filter RE_Filter term icmp from source-address 192.168.16.0/24
set firewall family inet filter RE_Filter term icmp from protocol icmp
set firewall family inet filter RE_Filter term icmp then accept
set firewall family inet filter RE_Filter term icmp-other from protocol icmp
set firewall family inet filter RE_Filter term icmp-other then discard
set firewall family inet filter RE_Filter term NTP from source-address 192.168.16.45/32
set firewall family inet filter RE_Filter term NTP from protocol tcp
set firewall family inet filter RE_Filter term NTP from protocol udp
set firewall family inet filter RE_Filter term NTP from source-port ntp
set firewall family inet filter RE_Filter term NTP-Other from protocol tcp
set firewall family inet filter RE_Filter term NTP-Other from protocol udp
set firewall family inet filter RE_Filter term NTP-Other from source-port ntp
set firewall family inet filter RE_Filter term NTP-Other then discard
set firewall family inet filter RE_Filter term Other then accept
set firewall family ethernet-switching filter 54 term 1 from protocol udp
set firewall family ethernet-switching filter 54 term 1 from destination-port 1434
set firewall family ethernet-switching filter 54 term 1 from destination-port 1433
set firewall family ethernet-switching filter 54 term 1 from destination-port netbios-ns
set firewall family ethernet-switching filter 54 term 1 from destination-port netbios-dgm
set firewall family ethernet-switching filter 54 term 1 from destination-port 139
set firewall family ethernet-switching filter 54 term 1 from destination-port netbios-ssn
set firewall family ethernet-switching filter 54 term 1 then discard
set firewall family ethernet-switching filter 54 term 2 from protocol tcp
set firewall family ethernet-switching filter 54 term 2 from destination-port 135
set firewall family ethernet-switching filter 54 term 2 from destination-port 139
set firewall family ethernet-switching filter 54 term 2 from destination-port 445
set firewall family ethernet-switching filter 54 term 2 then discard
set firewall family ethernet-switching filter 54 term Other-Permit then accept
set ethernet-switching-options secure-access-port interface ge-0/0/23.0 dhcp-trusted
set ethernet-switching-options secure-access-port interface ge-0/1/0.0 dhcp-trusted
set ethernet-switching-options secure-access-port interface allport mac-limit 10
set ethernet-switching-options secure-access-port interface allport mac-limit action shutdown
set ethernet-switching-options secure-access-port interface allport vlan 54 mac-limit 10
set ethernet-switching-options secure-access-port interface allport vlan 54 mac-limit action drop
set ethernet-switching-options secure-access-port interface allport no-dhcp-trusted
set ethernet-switching-options secure-access-port vlan vlan_54 arp-inspection
set ethernet-switching-options secure-access-port vlan vlan_54 examine-dhcp
set ethernet-switching-options secure-access-port vlan vlan_54 ip-source-guard
set ethernet-switching-options port-error-disable disable-timeout 600
set ethernet-switching-options storm-control interface all
set ethernet-switching-options bpdu-block interface allport
set vlans default l3-interface vlan.0
set vlans vlan917 vlan-id 917
set vlans vlan_502 vlan-id 502
set vlans vlan_502 l3-interface vlan.502
set vlans vlan_506 vlan-id 506
set vlans vlan_54 vlan-id 54
set vlans vlan_924 description guanli-vlan
set vlans vlan_924 vlan-id 924

转载于:https://blog.51cto.com/yzmlinux/2407148

你可能感兴趣的文章
[Servlet&JSP] 初识ServletConfig
查看>>
搭建Jasig CAS中央认证服务实现单点登录——搭建Tomcat并实现SSL安全连接
查看>>
[MySQL 源码] 关于bug#65389的碎碎念
查看>>
ArcSDE10.1使用st_geometry环境配置
查看>>
java.lang.NoSuchMethodError: org.hibernate.SessionFactory.openSession()
查看>>
使用Json Web Token设计Passport系统
查看>>
设计模式之动态代理(dynamic proxy)
查看>>
从零开始学_JavaScript_系列(八)——js系列<2>(事件触发顺序、文本读取、js编写ajax、输入验证、下拉菜单)...
查看>>
Java我的高效编程之环境搭建
查看>>
如何为自己制作出一份优秀的简历
查看>>
testing - 测试基本使用接口
查看>>
开放平台_OAuth1.0
查看>>
拥抱Core Graphics吧!
查看>>
Meta标签中的viewport属性及含义
查看>>
在线扩容LVM硬盘容量
查看>>
排序高级之交换排序_梳排序
查看>>
SpriteBuilder中节点的%位置移动
查看>>
玩玩小爬虫——入门
查看>>
Scala中的类
查看>>
android 下的网络图片加载
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2025-02-06 19:41:56   当前IP: 3.146.105.252   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我