论坛 › Juniper › juniper srx240相关配置

远行的心 发表于 2018-7-28 07:54:14

juniper srx240相关配置

　　1、在配置好相关参数后，可以ping通网站，但是发现网页打开网络很忙，这时候可通过如下方法解决：
　　set security flow tcp-mss all-tcp mss 1400
　　2、拨号配置：
　　set interfaces fe-0/0/2 unit 0 encapsulation ppp-over-ether (封装协议)
　　set interfaces pp0 unit 0 ppp-options pap default-password "$9$2CoDHQznu01wYiqPQ6/MWLxdw"
　　set interfaces pp0 unit 0 ppp-options pap local-name "sztanxiaohong@163.gd"
　　set interfaces pp0 unit 0 ppp-options pap local-password "$9$VSsaGmPT9CpNdZDHmQzrlKMXN"
　　set interfaces pp0 unit 0 ppp-options pap passive
　　set interfaces pp0 unit 0 pppoe-options underlying-interface fe-0/0/2.0

　　set interfaces pp0 unit 0 pppoe-options>　　set interfaces pp0 unit 0 pppoe-options auto-reconnect 1
　　set interfaces pp0 unit 0 pppoe-options client
　　set interfaces pp0 unit 0 family inet negotiate-address
　　set routing-options static route 0.0.0.0/0 next-hop pp0.0
　　set security zones security-zone untrust interfaces fe-0/0/2.0
　　set security zones security-zone untrust interfaces pp0.0
　　3、# juniper srx防火墙status闪红灯
　　run request system autorecovery state save
　　4、新增vlan100
　　set vlans vlan100 vlan-id 100
　　set vlans vlan100 l3-interface vlan.100
　　#（定义vlan100虚拟接口并开启3层配置功能）
　　set interfaces vlan unit 100 family inet address 192.168.100.1/24
　　#（配置vlan100的IP地址，注：vlan.100可以看作是vlan unit 100）
　　set security zones security-zone trust interfaces vlan.100
　　#(将vlan100放入trust区域)
　　#将子接口加入vlan100
　　set interface ge-0/0/0/12 unit 0 family ethernet-switching vlan members vlan100
　　set interface ge-0/0/0/13 unit 0 family ethernet-switching vlan members vlan100
　　set interface ge-0/0/0/14 unit 0 family ethernet-switching vlan members vlan100
　　set interface ge-0/0/0/15 unit 0 family ethernet-switching vlan members vlan100
　　#开通vlan100的DHCP功能
　　set system services dhcp router 192.168.100.254
　　set system services dhcp pool 192.168.100.254/24 address-range low 192.168.100.200
　　set system services dhcp pool 192.168.100.254/24 address-range high 192.168.100.253
　　#开通trust到trust的策略，确保vlan100和vlan0能相互通讯
　　set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
　　set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
　　set security policies from-zone trust to-zone trust policy trust-to-trust match application any
　　set security policies from-zone trust to-zone trust policy trust-to-trust then permit

查看完整版本: juniper srx240相关配置