1、恢复出厂设置:
request system zeroize
2、清空配置:
load factory-default
3、备份系统:
request system snapshot media internal slice alternate
4、查看系统和备份系统:
show system snapshot media internal all-members
5、升级系统:
request system software add /var/tmp/jinstall-ex-3300-12.3R12.4-domestic-signed.tgz no-validate no-copy reboot
6、镜像配置:
//设置要镜像的端口流量,egress是镜像端口出流量,ingress是镜像端口1入流量,//port_monitor是镜像名称
set ethernet-switching-options analyzer port_monitor input egress interface ge-0/0/11.0
set ethernet-switching-options analyzer port_monitor input ingress interface ge-0/0/10.0
//设置要输出镜像到哪个端口,下面命令是镜像流量输出到ge-0/0/1端口
set ethernet-switching-options analyzer port_monitor output interface ge-0/0/1.0
7、限制telnet登录地址:
########三层动作#####
定义acl:
set policy-options prefix-list telnet-list 111.198.33.11/32
set policy-options prefix-list telnet-list 111.198.33.12/32
定义动作(三层)
set firewall family inet filter telnet-control term allow-telnet from source-prefix-list telnet-list
set firewall family inet filter telnet-control term allow-telnet from protocol tcp
set firewall family inet filter telnet-control term allow-telnet from port telnet
set firewall family inet filter telnet-control term allow-telnet then accept
set firewall family inet filter telnet-control term deny-telnet from protocol tcp
set firewall family inet filter telnet-control term deny-telnet from port telnet
set firewall family inet filter telnet-control term deny-telnet then reject
set firewall family inet filter telnet-control term default-telnet-allow then accept
应用端口(三层)
set interfaces xe-0/1/0 unit 0 family inet filter input telnet-control
set interfaces xe-0/1/1 unit 0 family inet filter input telnet-control
########二层动作#####
定义acl:
set policy-options prefix-list telnet-list 111.198.33.11/32
set policy-options prefix-list telnet-list 111.198.33.12/32
定义动作(二层)
set firewall family ethernet-switching filter telnet-control term allow-telnet from source-prefix-list telnet-list
set firewall family ethernet-switching filter telnet-control term allow-telnet from protocol tcp
set firewall family ethernet-switching filter telnet-control term allow-telnet from port telnet
set firewall family ethernet-switching filter telnet-control term allow-telnet then accept
set firewall family ethernet-switching filter telnet-control term deny-telnet from protocol tcp
set firewall family ethernet-switching filter telnet-control term deny-telnet from port telnet
set firewall family ethernet-switching filter telnet-control term deny-telnet then reject
set firewall family ethernet-switching filter telnet-control term default-telnet-allow then accept
应用端口(二层)
set interfaces xe-0/1/0 unit 0 family ethernet-switching filter input telnet-control
set interfaces xe-0/1/1 unit 0 family ethernet-switching filter input telnet-control
8、进行限速:
限速方法一:
#定义限速速度
set firewall policer mini_policer if-exceeding bandwidth-limit 2m
set firewall policer mini_policer if-exceeding burst-size-limit 15k
set firewall policer mini_policer then discard
#定义限速ip
set firewall family ethernet-switching filter uplink-cos term mini from destination-address 218.206.177.18/32
set firewall family ethernet-switching filter uplink-cos term other then accept
#定义限速动作
set firewall family ethernet-switching filter uplink-cos term mini then policer mini_policer
#应用动作
set interfaces ge-0/0/47 unit 0 family ethernet-switching filter input uplink-cos
activate firewall family ethernet-switching filter uplink-cos term mini
限速方法二:
set class-of-service interfaces ge-0/0/47 shaping-rate 200k
9、配置策略路由:
set routing-instances sinopbr instance-type forwarding routing-options static route 0.0.0.0/0 next-hop 10.10.100.53
set routing-options rib-groups FBF-group import-rib [inet.0 sinopbr.inet.0]
set routing-options interface-routes rib-group FBF-group
set routing-options rib-groups FBF-group import-rib [inet.0 sinopbr.inet.0]
set routing-options interface-routes rib-group FBF-group
set firewall family inet filter FBF term source1 from destination-port http
set firewall family inet filter FBF term source1 then routing-instance sinopbr
set firewall family inet filter FBF term default then accept
set firewall family inet filter FBF term source1 then routing-instance sinopbr
set firewall family inet filter FBF term default then accept
set interfaces ge-0/0/45 unit 0 family inet filter input FBF