SRX基础配置实验:
1.确保电源打开
2.root用户登录,没有密码
3.进入CLI模式
root# cli
root@>
4.进入configuration 模式
configure
[edit]
root@#
5.设置root密码
[edit]
root@# set system root-authentication plain-text-password
New password: password
Retype new password: password
6.配置新用户
[edit]
root@# set system login user admin class plain-text-password
7.确认commit
[edit]
root@# commit
8.用你第六步新创建的账户登录
9.配置设备名称
configure
[edit]
admin@# set system host-name host-name
super-user authentication
10.配置数据接口
[edit]
admin@# set interfaces fe-0/0/1 unit 0 family inet 192.168.1.1/24
11.配置默认
[edit]
admin@# set routing-options static route 0.0.0.0/0 {下一条地址}
12.配置安全区域,并且将端口加入
[edit]
admin@# set security zones security-zone untrust interfaces fe-0/0/1
13.配置基本的策略
[edit]
admin@# set security policies from-zone trust to-zone untrust policy policy-name match source-address any destination-address any application any
root@# set security policies from-zone trust to-zone untrust policy
policy-name then permit
14.配置NAT
[edit]
admin@# set security nat source rule-set interface-nat from zone trust
admin@# set security nat source rule-set interface-nat to zone untrust
admin@# set security nat source rule-set interface-nat rule rule1 match source-address 0.0.0.0/0 destination-address 0.0.0.0/0
admin@# set security nat source rule-set interface-nat rule rule1 then source-nat interface
Check the configuration for validity.
[edit]
15.效验配置
admin@# commit check
configuration check succeeds
16.提交配置
[edit]
admin@# commit
commit complete
17.显示设备配置
[edit]
user@host# show
system {
host-name devicea;
domain-name lab.device.net;
domain-search [ lab.device.net device.net ];
backup-device 192.168.2.44;
time-zone America/Los_Angeles;
root-authentication {
ssh-rsa \"ssh-rsa AAAAB3Nza...D9Y2gXF9ac==root@devicea.lab.device.net\";
}
name-server {
10.148.2.32;
}
services {
}
ntp {
server 10.148.2.21;
}
}
interfaces {
fe-0/0/0 {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 172.16.1.24/32;
}
}
}
}