码迷,mamicode.com
首页 > 其他好文 > 详细

juniper交换机ex2200配置(生产环境)

时间:2019-06-11 13:01:55      阅读:300      评论:0      收藏:0      [点我收藏+]

标签:inpu   tor   vlan   accept   boot   switch   ade   routing   emerge   

qnqy-dpf-jrex2200-01# show | display set
set version 12.3R11.2
set system host-name qnqy-dpf-jrex2200-01
set system time-zone Asia/Shanghai
set system root-authentication encrypted-password "$1$7RMyTyeG$tLGAToBggMFhcOw85Ts.EP/"
set system login user admin uid 2000
set system login user admin class super-user
set system login user admin authentication encrypted-password "$1$m5Fp3PtY$cenAvv5Yq6VKsAlA317C2E/"
set system services ftp
set system services ssh
set system services telnet
set system services web-management https system-generated-certificate
set system services web-management https interface all
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system ntp boot-server 192.168.16.45
set system ntp server 192.168.16.45
set chassis alarm management-ethernet link-down ignore
set chassis auto-image-upgrade
set interfaces interface-range allport member-range ge-0/0/0 to ge-0/0/20
set interfaces interface-range allport unit 0 family ethernet-switching port-mode access
set interfaces interface-range allport unit 0 family ethernet-switching vlan members vlan_54
set interfaces interface-range allport unit 0 family ethernet-switching filter input 54
deactivate interfaces interface-range allport unit 0 family ethernet-switching filter
set interfaces ge-0/0/0 unit 0 family ethernet-switching
set interfaces ge-0/0/1 unit 0 family ethernet-switching
set interfaces ge-0/0/2 unit 0 family ethernet-switching
set interfaces ge-0/0/3 unit 0 family ethernet-switching
set interfaces ge-0/0/4 unit 0 family ethernet-switching
set interfaces ge-0/0/5 unit 0 family ethernet-switching
set interfaces ge-0/0/6 unit 0 family ethernet-switching
set interfaces ge-0/0/7 unit 0 family ethernet-switching
set interfaces ge-0/0/8 unit 0 family ethernet-switching
set interfaces ge-0/0/9 unit 0 family ethernet-switching
set interfaces ge-0/0/10 unit 0 family ethernet-switching
set interfaces ge-0/0/11 unit 0 family ethernet-switching
set interfaces ge-0/0/12 unit 0 family ethernet-switching
set interfaces ge-0/0/13 unit 0 family ethernet-switching
set interfaces ge-0/0/14 unit 0 family ethernet-switching
set interfaces ge-0/0/15 unit 0 family ethernet-switching
set interfaces ge-0/0/16 unit 0 family ethernet-switching
set interfaces ge-0/0/17 unit 0 family ethernet-switching
set interfaces ge-0/0/18 unit 0 family ethernet-switching
set interfaces ge-0/0/19 unit 0 family ethernet-switching
set interfaces ge-0/0/20 unit 0 family ethernet-switching
set interfaces ge-0/0/21 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/21 unit 0 family ethernet-switching vlan members 917
set interfaces ge-0/0/22 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/22 unit 0 family ethernet-switching vlan members vlan_54
set interfaces ge-0/0/23 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members all
set interfaces ge-0/1/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/1/0 unit 0 family ethernet-switching vlan members all
set interfaces ge-0/1/2 unit 0 family ethernet-switching
set interfaces ge-0/1/3 unit 0 family ethernet-switching
set interfaces vlan unit 0
set interfaces vlan unit 502 family inet address 192.168.13.171/24
set snmp community public authorization read-only
set routing-options static route 0.0.0.0/0 next-hop 192.168.13.254
set protocols igmp-snooping vlan all
set protocols rstp bridge-priority 60k
set protocols rstp interface allport edge
set protocols vstp vlan vlan_502
set protocols vstp vlan vlan_54
set protocols lldp interface all
set protocols lldp-med interface all
set firewall family inet filter RE_Filter term 1 from source-address 192.168.16.0/24
set firewall family inet filter RE_Filter term 1 from protocol tcp
set firewall family inet filter RE_Filter term 1 from destination-port telnet
set firewall family inet filter RE_Filter term 1 from destination-port ssh
set firewall family inet filter RE_Filter term 1 from destination-port http
set firewall family inet filter RE_Filter term 1 from destination-port ftp
set firewall family inet filter RE_Filter term 1 from destination-port https
set firewall family inet filter RE_Filter term 1 then accept
set firewall family inet filter RE_Filter term 2 from protocol tcp
set firewall family inet filter RE_Filter term 2 from destination-port telnet
set firewall family inet filter RE_Filter term 2 from destination-port ssh
set firewall family inet filter RE_Filter term 2 from destination-port http
set firewall family inet filter RE_Filter term 2 from destination-port ftp
set firewall family inet filter RE_Filter term 2 from destination-port https
set firewall family inet filter RE_Filter term 2 then discard
set firewall family inet filter RE_Filter term icmp from source-address 192.168.16.0/24
set firewall family inet filter RE_Filter term icmp from protocol icmp
set firewall family inet filter RE_Filter term icmp then accept
set firewall family inet filter RE_Filter term icmp-other from protocol icmp
set firewall family inet filter RE_Filter term icmp-other then discard
set firewall family inet filter RE_Filter term NTP from source-address 192.168.16.45/32
set firewall family inet filter RE_Filter term NTP from protocol tcp
set firewall family inet filter RE_Filter term NTP from protocol udp
set firewall family inet filter RE_Filter term NTP from source-port ntp
set firewall family inet filter RE_Filter term NTP-Other from protocol tcp
set firewall family inet filter RE_Filter term NTP-Other from protocol udp
set firewall family inet filter RE_Filter term NTP-Other from source-port ntp
set firewall family inet filter RE_Filter term NTP-Other then discard
set firewall family inet filter RE_Filter term Other then accept
set firewall family ethernet-switching filter 54 term 1 from protocol udp
set firewall family ethernet-switching filter 54 term 1 from destination-port 1434
set firewall family ethernet-switching filter 54 term 1 from destination-port 1433
set firewall family ethernet-switching filter 54 term 1 from destination-port netbios-ns
set firewall family ethernet-switching filter 54 term 1 from destination-port netbios-dgm
set firewall family ethernet-switching filter 54 term 1 from destination-port 139
set firewall family ethernet-switching filter 54 term 1 from destination-port netbios-ssn
set firewall family ethernet-switching filter 54 term 1 then discard
set firewall family ethernet-switching filter 54 term 2 from protocol tcp
set firewall family ethernet-switching filter 54 term 2 from destination-port 135
set firewall family ethernet-switching filter 54 term 2 from destination-port 139
set firewall family ethernet-switching filter 54 term 2 from destination-port 445
set firewall family ethernet-switching filter 54 term 2 then discard
set firewall family ethernet-switching filter 54 term Other-Permit then accept
set ethernet-switching-options secure-access-port interface ge-0/0/23.0 dhcp-trusted
set ethernet-switching-options secure-access-port interface ge-0/1/0.0 dhcp-trusted
set ethernet-switching-options secure-access-port interface allport mac-limit 10
set ethernet-switching-options secure-access-port interface allport mac-limit action shutdown
set ethernet-switching-options secure-access-port interface allport vlan 54 mac-limit 10
set ethernet-switching-options secure-access-port interface allport vlan 54 mac-limit action drop
set ethernet-switching-options secure-access-port interface allport no-dhcp-trusted
set ethernet-switching-options secure-access-port vlan vlan_54 arp-inspection
set ethernet-switching-options secure-access-port vlan vlan_54 examine-dhcp
set ethernet-switching-options secure-access-port vlan vlan_54 ip-source-guard
set ethernet-switching-options port-error-disable disable-timeout 600
set ethernet-switching-options storm-control interface all
set ethernet-switching-options bpdu-block interface allport
set vlans default l3-interface vlan.0
set vlans vlan917 vlan-id 917
set vlans vlan_502 vlan-id 502
set vlans vlan_502 l3-interface vlan.502
set vlans vlan_506 vlan-id 506
set vlans vlan_54 vlan-id 54
set vlans vlan_924 description guanli-vlan
set vlans vlan_924 vlan-id 924

juniper交换机ex2200配置(生产环境)

标签:inpu   tor   vlan   accept   boot   switch   ade   routing   emerge   

原文地址:https://blog.51cto.com/yzmlinux/2407148
(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
分享档案
更多>
2021年07月29日 (22)
2021年07月28日 (40)
2021年07月27日 (32)
2021年07月26日 (79)
2021年07月23日 (29)
2021年07月22日 (30)
2021年07月21日 (42)
2021年07月20日 (16)
2021年07月19日 (90)
2021年07月16日 (35)
周排行
mamicode.com排行更多图片
更多
友情链接
兰亭集智   国之画   百度统计   站长统计   阿里云   chrome插件   新版天听网
关于我们 - 联系我们 - 留言反馈
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!