《SRX基本配置》由会员分享,可在线阅读,更多相关《SRX基本配置(8页珍藏版)》请在金锄头文库上搜索。
1、SRXSRX 300300 配置上网(配置上网(WLANWLAN 与与 VLANVLAN 都为内部都为内部 IPIP)环境介绍环境介绍设备 ge-0/0/0 口为外网口,即第一个口,地址 172.16.65.203/24,下一跳地址172.16.65.1设备 ge-0/0/2 口为内网口即第三个口,地址 192.168.2.1/24,内网口作为 PC 网关来用, 设置 DHCP,DHCP 设置参数如下:地址段 192.168.2.29-192.168.2.39网关 192.168.1.1DNS 202.103.24.68;8.8.8.8设置源 NAT,用 172.16.65.250、172.1
2、6.65.251 两个地址做转换 NAT 地址设置策略允许内网上网创建超级用户 root 密码 TS.具体步骤具体步骤用串口线连接设备 console 口,设置参数如下:这台设备是有配置的,所以要先清空设备配置,清空完设备配置,需要直接设备初始超级 用户的密码,然后保存,才可以完成恢复出厂设置登入设备出现以下rootrootrootrootconfigure 进入配置模式Entering configuration modeeditrootroot# load factory-default 恢复出厂设备warning: activating factory configurationedit
3、rootroot# set system root-authentication plain-text-password 设置超级用户密码New password: Retype new password:editrootroot# commit commit completeedit 此时回复出厂设置完成,下一步开始配置login: root 输入默认用户名 rootPassword: 输入重置设备前输入的密码rootroot% cli 敲入 cli 进入执行模式rootroot configure 敲入 configure 进入配置模式,执行模式代表符号“” Entering config
4、uration modeeditrootroot# 配置模式“#”rootroot# set system login user lvlin class super-user authentication plain- text-password 建立用户名为“wangjian”的超级用户New password: 为用户“root”设置密码 Retype new password: 重复输入密码editrootroot# delete interfaces ge-0/0/0.0 删除接口相关配置,接口默认处于交换edit 模式 Ethernet-switching 模式下,要想设置成三层必须
5、先把这个 属rootroot# delete interfaces fe-0/0/2 unit 0 性删除,“.0”和 unit0 在意义上一 样editwangjian# set interfaces ge-0/0/0.0 family inet address 192.168.201.239/24edit 设置 ge-0/0/0.0 为三层接口地址 192.168.201.239 set interfaces ge-0/0/0.0 family inet address 172.16.65.203/24172.16.65.203/24wangjian# set interfaces fe-
6、0/0/2.0 family inet address 192.168.1.1/24edit 设置 Ge-0/0/2.0 为三层接口地址 192.168.2.1wangjian# set routing-options static route 0.0.0.0/0 next-hop 192.168.201.250set routing-options static route 0.0.0.0/0 next-hop 172.16.65.1edit 设置默认路由wangjian# set security zones security-zone untrust interfaces ge-0/0/
7、0.0edit 设置 ge-0/0/0.0 口为 untrust 安全域接口wangjian# set security zones security-zone trust interfaces ge-0/0/2.0edit 设置 fe-0/0/2.0 口为 trust 安全域接口wangjian# delete security nat source rule-set trust-to-untrustedit 删除系统自带的源 nat 规则wangjian# set security nat source pool wangjian address 192.168.201.59 to 192
8、.168.201.60 设置源 nat 地址池set security nat source pool wangjian address 172.16.65.250 to 172.16.65.251editwangjian# set security nat source rule-set wangjiannat from zone trust edit 设置 nat 源安全域wangjian# set security nat source rule-set wangjiannat to zone untrust edit 设置 nat 目的安全域wangjian# set security
9、 nat source rule-set wangjiannat rule wangjiannat1 match source-address 0.0.0.0/0 设置 nat 源地址editwangjian# set security nat source rule-set wangjiannat rule wangjiannat1 then source-nat pool wangjian 设置 nat 关联地址池editwangjian# set security zones security-zone untrust interface ge-0/0/0.0 host- inbound
10、-traffic system-services httpedit 打开接口 http 管理wangjian# set system services web-management http edit 打开 http 全局开关wangjian# delete security policies from-zone trust to-zone untrust policy trust-to untrust 删除系统自带策略delete security policies from-zone trust to-zone untrust policy trust-to untrusteditwang
11、jian# set security policies from-zone trust to-zone untrust policy wangjian match source-address anyedit 配置策略源地址wangjian# set security policies from-zone trust to-zone untrust policy wangjian match destination-address any 配置策略目的地址editwangjian# set security policies from-zone trust to-zone untrust po
12、licy wangjian match application any 配置策略应用editwangjian# set security policies from-zone trust to-zone untrust policy wangjian then permit 配置策略动作editwangjian# set security policies from-zone trust to-zone untrust policy wangjian then log session-init 开启策略日志会话开始editwangjian# set security policies from
13、-zone trust to-zone untrust policy wangjian then log session-close 开启策略日志会话结束editwangjian# delete system services dhcp edit 删除系统默认 dhcpwangjian# set system services dhcp router 192.168.1.1edit DHCP 参数默认网关wangjian# set system services dhcp pool 192.168.2.0/24 address-range low 192.168.2.29 DHCP 参数地址池
14、开始地址editwangjian# set system services dhcp pool 192.168.2.0/24 address-range high 192.168.2.39 DHCP 参数地址池结束地址editwangjian# set system services dhcp maximum-lease-time 4294967295 edit DHCP 参数分配地址租约时间wangjian# set system services dhcp name-server 202.106.0.20 edit DHCP 参数 DNS 服务器wangjian# set system services dhcp name-server 8.8.8.8 edit DHCP 参数 DNS 服务器wangjian# set system services dhcp propagate-settings ge-0/0/2.0edit 设置 DHCP 信号发散端口wangjian# delete interfaces ge-0/0/2.0 edit
