Juniper 허브의 유용한 명령어와 사용예시

Posted by 대혀니_
2018. 10. 20. 10:29 IT/Network

모드 변경

cli : Unix -> operation mode

configure : operation mode -> configuration mode

run : configuration mode -> operation mode



configuration mode 설정

root 비밀번호 설정

set system root-authentication plain-text-password

패스워드 변경후
show | compare
commit


허브 설정 초기화

load factory-default

set system root-authentication plain-text-password

commit and-quit (저장후 종료)


혹은 start shell (configuration 모드 아님)

cd /config

rm -r *

reboot




poe 활성화

set poe interface all

set poe interface ge-0/0/0

set poe interface range ~~


유용 명령어


show | compare : 뭐가 변경되었는지 보여줌 + - 이런식으로 git 와 같이

commit : 커밋임

commit check : 커밋했을때 제대로 됬는지 확인

set system host-name ~~~ : hostname 지정

set interfaces ge-0/0/0/ unit 0 family inet address 192.168.1.1/24 :

L3장치의 port를 192.168.1.1 주소 등록 (3계층으로 동작시킬려면 inet을 추가하고 ether-switching을 del 시켜줘야한다.)

set interfaces ge-0/0/0 disable : ge-0/0/0 인터페이스 끄기
delete interfaces ge-0/0/0 disable : ge-0/0/0 인터페이스 켜기
run show interfaces terse ge-0/0/0 : ge-0/0/0 인터페이스 확인

show system alarms : 왜 스위치에 alarm에 불들어왔는지 확인
 


PASSWORD RECOVERY

FreeBSD/MIPS U-Boot bootstrap loader , Revision 0.1

(vishal@slt-pool1-0.3.juniper.net, Web Mar 18 11:41:32 PDT 2009)

Memory: 2048M

Loading /boot/defaults/loader.conf

/kernel data=0x90ca48+0xc6ac4 syms=[0x4+0x74470+0x4+0x4+0xa4910]

 Hit [Enter] ro boot immediatrly, or space bar for command prompt.  ---> 부팅시 좌측 메시지가 보이면 스페이스바 (엄청 빨리 넘어가니까 대기 잘타셔야됨..)

Booting [/kernel] in 1 second...

Type '?' for a list of commands, 'help' for more detailed help.

loader> boot -s  입력

kernel entry at 0x801000d8...

getbootinfo: magic 0x0 md 0x80bee000 memsize 0x0

WARNING: System coming up from legacy bootloader.

중간생략

System watchdog timer disabled

Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery 입력

performing system setup ...

** /dev/bo0os3e

중간생략

PASSWORD RECOVERY (CONT)

Starting CLI ...

root> configure

Entering configuration mode

[edit]

root# set system root-authentication plain-text-password

New password :

Retype new password :

[edit]

root# commit

root password 설정 후, commit 으로 저장 후 재부팅


VLAN 설정 하는법 예시 (https://kb.juniper.net/InfoCenter/index?page=content&id=KB16354)

Configure a VLAN:

user@juniper# set vlans vlan10 vlan-id 10

Configure the interface range "test" to be a part of a vlan (vlan10, in this case):

user@juniper# set interfaces interface-range test unit 0 family ethernet-switching vlan members vlan10

Add member interfaces (actual physical interface) to the interface range:

user@juniper# set interfaces interface-range test member-range ge-0/0/0 to ge-0/0/10

user@juniper# commit check

configuration check succeeds


user@juniper# commit

configuration check succeeds

commit complete

Verify that all physical interfaces in the interface range have become part of the member VLAN to which the "test" interface range was added:

user@juniper# run show vlans


Name                 Tag                Interfaces

default

                                        ge-0/0/11.0, ge-0/0/12.0, ge-0/0/13.0, ge-0/0/14.0,

                                        ge-0/0/15.0, ge-0/0/16.0*, ge-0/0/17.0, ge-0/0/18.0,

                                        ge-0/0/19.0, ge-0/0/20.0, ge-0/0/21.0, ge-0/0/22.0,

                                        ge-0/0/23.0, ge-0/1/0.0

                                        vlan10 10                            <<<<<<< Interfaces ge-0/0/0 - ge-0/0/10 in vlan10

                                        ge-0/0/0.0, ge-0/0/1.0, ge-0/0/2.0, ge-0/0/3.0,

                                        ge-0/0/4.0, ge-0/0/5.0, ge-0/0/6.0, ge-0/0/7.0,

                                        ge-0/0/8.0, ge-0/0/9.0, ge-0/0/10.0*


user@juniper# edit interfaces interface-range test

[edit interfaces interface-range test]

user@juniper# show

member-range ge-0/0/0 to ge-0/0/10;

unit 0 {

family ethernet-switching {

vlan {

members 10;

}

}

}


Firewall filter (Access-list)

1. Firewall filter 정의

set firewall family inet filter <acl name> term <term name> from < match>

set firewall family inet filter <acl name> term <term name> then < action>

<ACL NAME> : Interface 에 적용할 ACL NAME 정의

<Term name> : ACL Line에 대한 Description

<Match> : Mac, IP, Protocol, Layer4 Port의 ACL Matching을 위한 조건 정의

<Action> : Packet을 deny or permit 할 것인지 action 정의

* Action 종류

Discard : packet을 deny함.

accept : packet을 permit 함

2. Interface에 input/output 방향으로 적용

set interfaces vlan unit 10 family inet filter input <ACL NAME>

( 1.1.1.1/32 에서 1.1.1.2/32 으로 가는 packet만 discard 하고, 나머지 packet 은 forwarding)

-------------------- ---------------------------------------

1. firewall filter(acl) 만들기

juniper@EX2# set firewall family inet filter blockhost term 1 from source-address 1.1.1.1/32

juniper@EX2# set firewall family inet filter blockhost term 1 from destination-address 1.1.1.2/32

juniper@EX2# set firewall family inet filter blockhost term 1 then discard

juniper@EX2# set firewall family inet filter blockhost term 2 then accept

juniper@EX2# set firewall family inet filter blockhost term 2 then count blockcount (counter 옵션)

2. interface에 적용하기

juniper@EX2# set interfaces vlan unit 10 family inet filter input blockhost

juniper@EX2# set interfaces vlan unit 20 family inet filter input blockhost

3. counter 확인하기

juniper@EX2# run show firewall filter blockhost

Filter: blockhost

Counters:

Name Bytes Packets

blockcount 0 0

Copyright