juniper交换机ex2200配置(生产环境)

qnqy-dpf-jrex2200-01# show | display set
set version 12.3R11.2
set system host-name qnqy-dpf-jrex2200-01
set system time-zone Asia/Shanghai
set system root-authentication encrypted-password "$1$7RMyTyeG$tLGAToBggMFhcOw85Ts.EP/"
set system login user admin uid 2000
set system login user admin class super-user
set system login user admin authentication encrypted-password "$1$m5Fp3PtY$cenAvv5Yq6VKsAlA317C2E/"
set system services ftp
set system services ssh
set system services telnet
set system services web-management https system-generated-certificate
set system services web-management https interface all
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system ntp boot-server 192.168.16.45
set system ntp server 192.168.16.45
set chassis alarm management-ethernet link-down ignore
set chassis auto-image-upgrade
set interfaces interface-range allport member-range ge-0/0/0 to ge-0/0/20
set interfaces interface-range allport unit 0 family ethernet-switching port-mode access
set interfaces interface-range allport unit 0 family ethernet-switching vlan members vlan_54
set interfaces interface-range allport unit 0 family ethernet-switching filter input 54
deactivate interfaces interface-range allport unit 0 family ethernet-switching filter
set interfaces ge-0/0/0 unit 0 family ethernet-switching
set interfaces ge-0/0/1 unit 0 family ethernet-switching
set interfaces ge-0/0/2 unit 0 family ethernet-switching
set interfaces ge-0/0/3 unit 0 family ethernet-switching
set interfaces ge-0/0/4 unit 0 family ethernet-switching
set interfaces ge-0/0/5 unit 0 family ethernet-switching
set interfaces ge-0/0/6 unit 0 family ethernet-switching
set interfaces ge-0/0/7 unit 0 family ethernet-switching
set interfaces ge-0/0/8 unit 0 family ethernet-switching
set interfaces ge-0/0/9 unit 0 family ethernet-switching
set interfaces ge-0/0/10 unit 0 family ethernet-switching
set interfaces ge-0/0/11 unit 0 family ethernet-switching
set interfaces ge-0/0/12 unit 0 family ethernet-switching
set interfaces ge-0/0/13 unit 0 family ethernet-switching
set interfaces ge-0/0/14 unit 0 family ethernet-switching
set interfaces ge-0/0/15 unit 0 family ethernet-switching
set interfaces ge-0/0/16 unit 0 family ethernet-switching
set interfaces ge-0/0/17 unit 0 family ethernet-switching
set interfaces ge-0/0/18 unit 0 family ethernet-switching
set interfaces ge-0/0/19 unit 0 family ethernet-switching
set interfaces ge-0/0/20 unit 0 family ethernet-switching
set interfaces ge-0/0/21 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/21 unit 0 family ethernet-switching vlan members 917
set interfaces ge-0/0/22 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/22 unit 0 family ethernet-switching vlan members vlan_54
set interfaces ge-0/0/23 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members all
set interfaces ge-0/1/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/1/0 unit 0 family ethernet-switching vlan members all
set interfaces ge-0/1/2 unit 0 family ethernet-switching
set interfaces ge-0/1/3 unit 0 family ethernet-switching
set interfaces vlan unit 0
set interfaces vlan unit 502 family inet address 192.168.13.171/24
set snmp community public authorization read-only
set routing-options static route 0.0.0.0/0 next-hop 192.168.13.254
set protocols igmp-snooping vlan all
set protocols rstp bridge-priority 60k
set protocols rstp interface allport edge
set protocols vstp vlan vlan_502
set protocols vstp vlan vlan_54
set protocols lldp interface all
set protocols lldp-med interface all
set firewall family inet filter RE_Filter term 1 from source-address 192.168.16.0/24
set firewall family inet filter RE_Filter term 1 from protocol tcp
set firewall family inet filter RE_Filter term 1 from destination-port telnet
set firewall family inet filter RE_Filter term 1 from destination-port ssh
set firewall family inet filter RE_Filter term 1 from destination-port http
set firewall family inet filter RE_Filter term 1 from destination-port ftp
set firewall family inet filter RE_Filter term 1 from destination-port https
set firewall family inet filter RE_Filter term 1 then accept
set firewall family inet filter RE_Filter term 2 from protocol tcp
set firewall family inet filter RE_Filter term 2 from destination-port telnet
set firewall family inet filter RE_Filter term 2 from destination-port ssh
set firewall family inet filter RE_Filter term 2 from destination-port http
set firewall family inet filter RE_Filter term 2 from destination-port ftp
set firewall family inet filter RE_Filter term 2 from destination-port https
set firewall family inet filter RE_Filter term 2 then discard
set firewall family inet filter RE_Filter term icmp from source-address 192.168.16.0/24
set firewall family inet filter RE_Filter term icmp from protocol icmp
set firewall family inet filter RE_Filter term icmp then accept
set firewall family inet filter RE_Filter term icmp-other from protocol icmp
set firewall family inet filter RE_Filter term icmp-other then discard
set firewall family inet filter RE_Filter term NTP from source-address 192.168.16.45/32
set firewall family inet filter RE_Filter term NTP from protocol tcp
set firewall family inet filter RE_Filter term NTP from protocol udp
set firewall family inet filter RE_Filter term NTP from source-port ntp
set firewall family inet filter RE_Filter term NTP-Other from protocol tcp
set firewall family inet filter RE_Filter term NTP-Other from protocol udp
set firewall family inet filter RE_Filter term NTP-Other from source-port ntp
set firewall family inet filter RE_Filter term NTP-Other then discard
set firewall family inet filter RE_Filter term Other then accept
set firewall family ethernet-switching filter 54 term 1 from protocol udp
set firewall family ethernet-switching filter 54 term 1 from destination-port 1434
set firewall family ethernet-switching filter 54 term 1 from destination-port 1433
set firewall family ethernet-switching filter 54 term 1 from destination-port netbios-ns
set firewall family ethernet-switching filter 54 term 1 from destination-port netbios-dgm
set firewall family ethernet-switching filter 54 term 1 from destination-port 139
set firewall family ethernet-switching filter 54 term 1 from destination-port netbios-ssn
set firewall family ethernet-switching filter 54 term 1 then discard
set firewall family ethernet-switching filter 54 term 2 from protocol tcp
set firewall family ethernet-switching filter 54 term 2 from destination-port 135
set firewall family ethernet-switching filter 54 term 2 from destination-port 139
set firewall family ethernet-switching filter 54 term 2 from destination-port 445
set firewall family ethernet-switching filter 54 term 2 then discard
set firewall family ethernet-switching filter 54 term Other-Permit then accept
set ethernet-switching-options secure-access-port interface ge-0/0/23.0 dhcp-trusted
set ethernet-switching-options secure-access-port interface ge-0/1/0.0 dhcp-trusted
set ethernet-switching-options secure-access-port interface allport mac-limit 10
set ethernet-switching-options secure-access-port interface allport mac-limit action shutdown
set ethernet-switching-options secure-access-port interface allport vlan 54 mac-limit 10
set ethernet-switching-options secure-access-port interface allport vlan 54 mac-limit action drop
set ethernet-switching-options secure-access-port interface allport no-dhcp-trusted
set ethernet-switching-options secure-access-port vlan vlan_54 arp-inspection
set ethernet-switching-options secure-access-port vlan vlan_54 examine-dhcp
set ethernet-switching-options secure-access-port vlan vlan_54 ip-source-guard
set ethernet-switching-options port-error-disable disable-timeout 600
set ethernet-switching-options storm-control interface all
set ethernet-switching-options bpdu-block interface allport
set vlans default l3-interface vlan.0
set vlans vlan917 vlan-id 917
set vlans vlan_502 vlan-id 502
set vlans vlan_502 l3-interface vlan.502
set vlans vlan_506 vlan-id 506
set vlans vlan_54 vlan-id 54
set vlans vlan_924 description guanli-vlan
set vlans vlan_924 vlan-id 924

原文地址:https://blog.51cto.com/yzmlinux/2407148

时间: 2024-10-11 21:54:12

juniper交换机ex2200配置(生产环境)的相关文章

linux iptables常用命令之配置生产环境iptables及优化

在了解iptables的详细原理之前,我们先来看下如何使用iptables,以终为始,有可能会让你对iptables了解更深 所以接下来我们以配置一个生产环境下的iptables为例来讲讲它的常用命令 第一步:清空当前的所有规则和计数 iptables -F #清空所有的防火墙规则 iptables -X #删除用户自定义的空链 iptables -Z #清空计数 第二步:配置允许ssh端口连接 iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport

一般生产环境LINUX服务器配置

1.生产环境LINUX服务器系统版本的选择 选择CentOS6.5版本64位的LINUX操作系统 CentOS (Community Enterprise Operating System,中文意思是:社区企业操作系统)是Linux发行版之一,它是来自于红帽的Red Hat Enterprise Linux依照开放源代码规定释出的源代码所编译而成.由于出自同样的源代码,因此和红帽商业版的RHEL系统用着同样的高度稳定性.两者的不同,在于CentOS并不包含红帽的商业支持和一些RHEL商业版隐藏的

生产环境FTP(linux搭建手册)

linux配置生产环境FTP anonymous_enable=NOlocal_enable=YESwrite_enable=YESlocal_umask=022anon_upload_enable=YESanon_mkdir_write_enable=YESanon_umask=022dirmessage_enable=YESxferlog_enable=YESconnect_from_port_20=YES xferlog_std_format=YESchroot_list_enable=Y

Jenkins测试环境到生产环境的一键部署策略(Windows)

Jenkins测试环境到生产环境的一键部署策略(Windows) 一.前言 前面我们已经初步实现了开发集成环境.测试环境的持续集成(自动化构建.自动化测试.自动化部署).但生产环境自动化部署迟迟没有推进.其原因主要在以下几个方面: 尚未实现部署之前的自动化备份 尚未实现部署出现问题后的自动化回滚 由于之前采用FTP上传部署需要生产环境开放FTP端口存在安全性问题且FTP会因为各种的网速问题,导致站点瞬间挂掉 只要解决以上三个问题,我们就可以初步实现生产环境的自动化部署. 二.实现思路 利用Jen

Kubernetes(三)生产环境部署规划

单Master集群 多Master集群 硬件配置 测试环境单master,生产环境多master.避免单点故障.工作节点的服务器配置要求相对较高,用于运行实际业务. 单Master集群 集群架构图 多Master集群 集群架构图 集群机器规划图 硬件配置 生产环境最低预留30%的资源:防止突发流量导致服务器集群击垮: 原文地址:https://www.cnblogs.com/TSir/p/12209112.html

redis的单机安装与配置以及生产环境启动方案

简单介绍一下redis的单机安装与配置,方便自己记录安装步骤的同时方便他人获取知识. 首先,从官网下载最新版的(稳定版)的redis安装包.官网地址如下:https://redis.io/download 下载源码包后,redis需要编译安装.需要安装gcc和tcl,gcc用于编译tcl用于测试. 使用命令安装gcc,yum install gcc,一路选择yes,gcc就可以安装成功. 接下来安装tcl,首先获取tcl源码包(见百度云盘)或者使用命令:wget http://downloads

配置开发环境测试环境线上生产环境

1.正确打包 项目有三种环境: 1.本地开发环境(local) 2.开发测试环境(dev) 3.线上生产环境(product) 不同的环境有不同的配置,比如数据库连接什么的....maven打包时默认去resources文件夹下打包这些配置文件,放在WEB-INF/classes下,然后再打成war包,就能用了...现在通过修改pom.xml文件,增加三种配置,让maven打包时选择打包不同文件夹下的配置文件到WEB-INF/classes下,这样就省事儿了.... 如图所示,resources

linux生产环境精华优化实战配置(亲测)

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 编写人:陈飞 邮箱:[email protected] +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CentOS系统安装之后并不能立即投入生产环境使用,往往需要先经过我们运维人员的优化才行.在此讲解几

Hadoop生产环境的配置

生产环境的搭建 主机规划 这里我们使用5 台主机来配置Hadoop集群. djt11/192.168.3.11 djt17/192.168.3.12 djt13/192.168.3.13 djt14/192.168.3.14 djt15/192.168.3.15 namenode 是 是 否 否 否 datanode 否 否 是 是 是 resourcemanager 是 是 否 否 否 journalnode 是 是 是 是 是 zookeeper 是 是 是 是 是 Journalnode和