JUNIPER命令翻译

Juniper_华为_H3C设备维护常用命令1、[Router&Swithc]华为/H3C设备常规巡检命令#系统时间display clock#系统以及各单板软件版本display version#设备温度display environment#日志信息display logbuffer#单板运行状态display device#电源状态display device#风扇状态display device#CPU占用状态display cpu-usage#存占用率display memory limit#接口流量display interface#接口、链路状态display interface#地址分配display current-configuration interface##路由扩散display current-configuration | include ospf#OSPF（Open Shortest Path First）配置display router id#路由信息display ip routing-table#端口统计数据display ip interface#当前配置文件display current-configuration#保存配置文件display saved-configuration端口使用状态display interface GigabitEthernet/Ten-GigabitEthernet briefVLAN使用状态display ip interface brief2、脚本—华为display versiondis patch-informationdisplay clockdis dustproofdis frame-typedis healthdisplay cpu-usagedisplay memorydisplay memory limitdisplay devicedisplay device manuinfodisplay powerdisplay fandisplay voltagedir cfcard2:/dir cfcard:display device pic-statusdis switchover statedisplay environmentdisplay interfacedisplay logbufferdis alarmdis bootrom ethernetdisplay current-configurationdisplay current-configuration interface#display router iddisplay ip routing-tabledisplay ip interfacedisplay ip interface briefdisplay current-configurationdisplay saved-configurationdisplay diagnostic-information3、脚本—华为NE40edisplay version 查看VRP版本等信息dis patch-information 查看版本补丁display clock 查看时钟dis dustproof 防尘网信息Dis frame-type 显示NE40E机框类型dis health 显示系统资源的使用情况display cpu-usage 查看1分钟CPU利用率display memory 查看存使用情况display memory limitdisplay device 查看母板信息display device manuinfodisplay power 查看电源状态display fan 查看风扇状态display voltage 查看板卡电压dir cfcard2:/ 查看设备crash信息dir cfcard: 查看设备cf卡信息display device pic-status 查看子卡型号，序列号(NE40E NE80E)dis switchover state 查看引擎HA情况display environmentdisplay interface 查看接口状态display logbuffer 查看日志dis alarm 查看设备告警dis bootrom ethernet 查看设备bootrom信息display current-configuration查看当前配置display current-configuration interface# 查看设备当前接口配置display router id 查看设备路由IDdisplay ip routing-table 查看设备路由display ip interface 查看设备接口情况display ip interface brief 查看设备接口状态display current-configuration 查看设备当前配置display saved-configuration 查看设备存配置（相当show start）display diagnostic-information 抓取设备完整信息相对于show tech二、JUNIPER设备常用维护巡检命令1、脚本—JUNIPERshow system uptimeshow version detailshow chassis hardware detailshow chassis environment //显示设备的环境信息，包括温度、风扇状况、电源状况、路由引擎状况。

参数时区设置虚拟路由器设置ALG认证和管理员属性ZONE设置接口设置Flow设置HA设置SYSLOGSNMP VPN命令set clock dst-offset clock ntpset clock timezone 8set ntp server x.x.x.xset ntp server backup1 "x.x.x.x"set ntp server backup2 "x.x.x.x"set ntp max-adjustment 0set vrouter trust-vr sharableunset vrouter "trust-vr" auto-route-exportunset alg sip enableunset alg mgcp enableunset alg sccp enableunset alg sunrpc enableunset alg msrpc enableunset alg rtsp enableunset alg h323 enableset auth-server "XXXX" radius secret "xxxx"set auth-server "ACS" radius port 1646set admin name "ccb"set admin password "xxxxxxxxx"set admin manager-ip x.x.x.x x.x.x.xset admin auth timeout 10set admin auth server "XXXX"set admin auth banner console login "Access is….ly" set admin privilege get-externalset admin format dosset zone "Trust" vrouter "untrust-vr"set zone "Untrust" vrouter "untrust-vr"set zone "DMZ" vrouter "untrust-vr"unset zone "Trust" tcp-rstset zone "Trust" blockunset zone "Untrust" tcp-rstset zone "Untrust" blockset zone "Untrust" screen tear-dropset zone "Untrust" screen syn-floodset zone "Untrust" screen ping-deathset zone "Untrust" screen ip-filter-srcset zone "Untrust" screen landset zone "Untrust" screen alarm-without-dropset interface "ethernet1/1" zone "xxx"set interface ethernet1/1 ip x.x.x.x/xset interface ethernet1/1 routeset interface ethernet1/1 manage-ipset interface ethernet1/1 ip manageableset interface ethernet1/1 manage xxxxunset flow tcp-syn-checkset flow tcp-syn-bit-checkset flow syn-proxy syn-cookieset flow reverse-route clear-text peferset flow reverse-route tunnel alwaysset flow no-tcp-seq-checkset nsrp cluster id 1set nsrp rto-mirror syncset nsrp rto-mirror session ageout-ackunset nsrp rto-mirror session pingset nsrp vsd-group id 0 priority 20set nsrp vsd-group id 0 monitor interface ethernet1/1 set nsrp monitor track-ip ipset nsrp monitor track-ip ip x.x.x.x threshold 10set nsrp vsd-group master-always-existset ntp no-ha-syncset syslog enableset syslog config "x.x.x.x"set syslog config " x.x.x.x " facilities local0 local0set snmp community "xxx" Read-Only Trap-on version v1set snmp host "bbb" y.y.y.y 255.255.255.255 trap v2set snmp name xxxxset snmp port listen 161set snmp port trap 162set pki authority default scep mode "auto"set pki x509 default cert-path partialset ike respond-bad-spi 1unset ike ikeid-enumerationunset ike dos-protectionunset ipsec access-session enableset ipsec access-session maximum 5000set ipsec access-session upper-threshold 0set ipsec access-session lower-threshold 0set ipsec access-session dead-p2-sa-timeout 0unset ipsec access-session log-errorunset ipsec access-session info-exch-connectedunset ipsec access-session use-error-logset interface tunnel.1 zone untrustset interface tunnel.1 ip unnumbered interface ethernet3set ike gateway To_Paris address 2.2.2.2 main outgoing-interface ethernet3 preshare h1p8A24nG5 proposal pre-g2-3des-shaset vpn Tokyo_Paris gateway To_Paris sec-level compatibleset vpn Tokyo_Paris bind interface tunnel.1set vpn Tokyo_Paris proxy-id local-ip 10.1.1.0/24 remote-ip10.2.2.0/24 anywebConfiguration > Date/Time > Configuration > Date/Time > Configuration > Date/Time > Set Time Zone_hours_minutes from GMT Configuration > Date/Time>Primary Server IP/Name: X.X.X.X Configuration > Date/Time>Backup Server1 IP/Name: X.X.X.X Configuration > Date/Time>Backup Server2 IP/Name: X.X.X.X Configuration >Date/Time>Automatically synchronize with an Internet Time Server (NTP): ( 选择 )Maximum time adjustment seconds:0Network > Routing > Virtual Routers > Edit ( 对于 trust-vr):Shared and accessible by other vsys ( 选择 )Network > Routing > Virtual Router > Edit ( 对于 trust-vr): 取消选择Auto Export Route to Untrust-VR，然后单击 OK。

juniper交换机命令juniper 交换机配置命令整理导读：就爱阅读网友为您分享以下“juniper 交换机配置命令整理”的资讯，希望对您有所帮助，感谢您对 的支持!设置交换机名字set system host-name BaoGaoTing端口镜像set ethernet-switching-options analyzer debug input ingress interface ge-0/0/0.0set ethernet-switching-options analyzer debug input egress interface ge-0/0/0.0set ethernet-switching-options analyzer debug output interface ge-0/0/4.0Dual-partition的主要目的：解决异常断电设备无法启动的问题request system snapshot media internal slice alternate request system snapshot slice alternate //主备之间备份request system reboot slice alternate media internal // 指定从另外一个分区启动，下一次启动就会默认从上次启动的分区启动junos os，记忆功能QinQ 配置基本的set ethernet-switching-options dot1q-tunneling ether-type 0x8100 封装协议set vlans qinqvlan vlan-id 2821set vlans qinqvlan dot1q-tunnelingset interfaces ge-0/0/28 unit 0 family ethernet-switching vlan members 2821 上行端口set ethernet-switching-options dot1q-tunneling ether-type 0x8100set vlans cust1 vlan-id 100set vlans cust1 interface ge-0/0/1.0set vlans cust1 interface ge-0/0/2.0灵活的set ethernet-switching-options dot1q-tunneling ether-type 0x8100 ##set interfaces ge-0/0/27 unit 0 family ethernet-switching port-mode access ##下行端口set interfaces ge-0/0/27 unit 0 family ethernet-switching vlan members qinq ##用户Vlan为qinq 管理Vlan为Vlan600是透传上去的set interfaces ge-0/0/27 unit 0 family ethernet-switching vlan members vlan600 ** 注意点：一般情况下是不可以同时两个access的，--那样就做成trunk模式** 除非有一个vlan是dot1q-tunnel，而且需要tunnel vlan必须得有customer-vlan的，没有customer-vlan是无法提交成功的set vlans qinq vlan-id 4000 ##//灵活qinq，对于内层标签2-150的tag加上外层4000set vlans qinq interface ge-0/0/27.0set vlans qinq dot1q-tunneling customer-vlans 2-150接入交换机配置setinterfaces ge-0/1/1 unit 0 family ethernet-switching port-mode trunkset interfaces ge-0/1/1 unit 0 family ethernet-switching vlan members 2set interfaces ge-0/1/1 unit 0 family ethernet-switching native-vlan-id 600 **由于上联汇聚交换机的端口为Access口所以要透传的Vlan为native-Vlan##root用户名密码set system root-authentication encrypted-password "$1$z2Z28Ixe$AScMP7uMvMHY3fy8dgtm11" ##用户idset system login user juniper uid 2100 ##设置root用户为超级用户set system login user juniper class super-user##远程用户名和密码set system login user juniper authentication encrypted-password "$1$qUdu0s0Z$vGS88V0jrjhsPnQOTF9oy/" ##启用telnet set system services telnet connection-limit 10 set system services telnet rate-limit 10##端口模式为accesset interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access ##端口加入Vlan为600 set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members 600 ##端口为trunkset interfaces ge-0/1/0 unit 0 family ethernet-switching port-mode trunk ##允许通过Vlan为600 set interfaces ge-0/1/0 unit 0 family ethernet-switching vlan members 600 ##设置Vlan600的ip地址set interfaces vlan unit 600 family inet address 172.30.0.16/24 ##设置默认网关set routing-options static route 0.0.0.0/0 next-hop 172.30.0.1 ##开启Vlan的三层接口set vlans default l3-interface vlan.0 ##创建Vlan 名字为mgt id 为600 set vlans mgt vlan-id 600 ##开启Vlans mgt的三层接口set vlans mgt l3-interface vlan.600 ##开启Vlans mgt的三层接口set poe interface all X配置VLAN的L3接口地址set vlans name l3-interface vlan.xxset interface vlan xx unit xx family inet address x.x.x.x/24将某个交换端口添加到创建好的VLAN中set interface ge-0/0/x unit 0 family ethernet-switching port-mode access vlan members name 配置TRUNK端口set interface ge-0/0/23 unit 0 family ethernet-switching port-mode trunk native-vlan-id 1 vlan member xx预提交commit check清除LED灯报警clear alarm trafficclear alarm eventEX2200 ALARM告警灯亮红灯：show chassis alarmshow system alarmrequest system configuration rescue save/delete set chassis alarmmanagement-ethernet link-down ignore 管理口状态警告信息灯关闭set chassis alarm ethernet link-down ignore 交换机端口状态警告信息灯关闭igmp 开启set protocols igmp-snooping vlan alldeactivate protocols igmp-snooping开启生成树Set protocol stp恢复出厂设置load factory defaultDual-partition的主要目的：解决异常断电设备无法启动的问题request system snapshot media internal slice alternate //主备之间备份request system reboot slice alternate media internal // 指定从另外一个分区启动，下一次启动就会默认从上次启动的分区启动junos os，记忆功能dhcp 配置set system services dhcp pool 100.1.1.0/24 address-range low 100.1.1.10set system services dhcp pool 100.1.1.0/24 address-range high 100.1.1.200set system services dhcp pool 100.1.1.0/24 default-lease-time 7200set system services dhcp pool 100.1.1.0/24 router 100.1.1.254将端口设置为三层模式。

Juniper华为H3C设备维护通用命令Juniper_华为_H3C设备维护常用命令1、[Router&Swithc]华为/H3C设备常规巡检命令#系统时间display clock#系统以及各单板软件版本display version#设备温度display environment#日志信息display logbuffer#单板运行状态display device#电源状态display device#风扇状态display device#CPU占用状态display cpu-usage#内存占用率display memory limit#接口流量display interface#接口、链路状态display interface#地址分配display current-configuration interface##路由扩散display current-configuration | include ospf#OSPF（Open Shortest Path First）配置display router id#路由信息display ip routing-table#端口统计数据display ip interface#当前配置文件display current-configuration#保存配置文件display saved-configuration端口使用状态display interface GigabitEthernet/T en-GigabitEthernet brief VLAN使用状态display ip interface brief2、脚本—华为display versiondis patch-informationdisplay clockdis dustproofdis frame-typedis healthdisplay cpu-usagedisplay memorydisplay memory limitdisplay devicedisplay device manuinfodisplay powerdisplay fandisplay voltagedir cfcard2:/dir cfcard:display device pic-statusdis switchover statedisplay environmentdisplay interfacedisplay logbufferdis alarmdis bootrom ethernetdisplay current-configurationdisplay current-configuration interface#display router iddisplay ip routing-tabledisplay ip interfacedisplay ip interface briefdisplay current-configurationdisplay saved-configurationdisplay diagnostic-information3、脚本—华为NE40edisplay version 查看VRP版本等信息dis patch-information 查看版本补丁display clock 查看时钟dis dustproof 防尘网信息Dis frame-type 显示NE40E机框类型dis health 显示系统资源的使用情况display cpu-usage 查看1分钟CPU利用率display memory 查看内存使用情况display memory limitdisplay device 查看母板信息display device manuinfodisplay power 查看电源状态display fan 查看风扇状态display voltage 查看板卡电压dir cfcard2:/ 查看设备crash信息dir cfcard: 查看设备cf卡信息display device pic-status 查看子卡型号，序列号(NE40E NE80E) dis switchover state 查看引擎HA情况display environmentdisplay interface 查看接口状态display logbuffer 查看日志dis alarm 查看设备告警dis bootrom ethernet 查看设备bootrom信息display current-configuration查看当前配置display current-configuration interface# 查看设备当前接口配置display router id 查看设备路由IDdisplay ip routing-table 查看设备路由display ip interface 查看设备接口情况display ip interface brief 查看设备接口状态display current-configuration 查看设备当前配置display saved-configuration 查看设备内存配置（相当show start）display diagnostic-information 抓取设备完整信息相对于show tech二、JUNIPER设备常用维护巡检命令1、脚本—JUNIPERshow system uptimeshow version detailshow chassis hardware detailshow chassis environment //显示设备的环境信息，包括温度、风扇状况、电源状况、路由引擎状况。

juniper命令注解netscreen 设备管理配置netscreen 设备管理配置8实例分析：NETSCREEN 现有配置1.1时间设定set clock dst-off /自动调整时间关set clock ntp /设置NTP时间同步set clock timezone 9 /设置时区set vrouter trust-vr sharable /设置虑拟路由器trust-vr可以为其他VSYS系统共享1.2路由导出及自定义服务设定unset vrouter "trust-vr" auto-route-export /禁止路由器trust-vr的路由自动导出set service "CVS" protocol tcp src-port 0-65535 dst-port 2401-2401/自定义CVS服务协议为TCP 源端口为0-65535 目地端口为24011.3认证的设定set auth-server "Local" id 0 /设置认证SERVER为本地认证set auth-server "Local" server-name "Local" /设置本地认证SERVER名为LOCAL set auth default auth server "Local" /设置默认认证服务器为LOCAL1.4管理员的设定set admin name "netscreen" /设置管理员用户名set admin password "XXXXXX" /设置管理员密码set admin user "livedoorcn" password "XXXXXXX" privilege "all"/添加管理员用户livedoorcn及其权限为R-W1.5管理IP的设定set admin manager-ip xxx.174.65.0 255.255.255.0 /设置管理IPset admin manager-ip 10.0.71.136 255.255.255.255 /设置管理IPset admin manager-ip xxx.xxx.xxx.141 255.255.255.192 /设置管理IPset admin manager-ip xxx.xxx.xxx.246 255.255.255.255 /设置管理IPset admin manager-ip 10.0.71.139 255.255.255.255 /设置管理IPset admin manager-ip xxx.xxx.xxx.0 255.255.255.0 /设置管理IP1.6SSH及区域设定set admin scs password disable username netscreen /禁止用户的SSH密码认证set admin scs password disable username livedoorcn /禁止用户的SSH密码认证set admin auth timeout 10 /设置认证时间超时set admin auth server "Local" /设置管理认证服务器set zone "Trust" vrouter "trust-vr" /设置信任区域set zone "Untrust" vrouter "trust-vr" /设置非信任区域set zone "VLAN" vrouter "trust-vr" /设置VLAN区域set zone "Trust" tcp-rst /设置TRUST安全区超时回应RESET信息set zone "Untrust" block /封锁同一安全区中主机之间的信息流unset zone "Untrust" tcp-rst /设置UNTRUST安全区超时不回应RESET信息set zone "MGT" block /封锁同一安全区中主机之间的信息流set zone "VLAN" block /封锁同一安全区中主机之间的信息流set zone "VLAN" tcp-rst /设置TRUST安全区超时回应RESET信息1.7网络攻击保护选项的设定set zone "Trust" screen alarm-without-drop /设置告警但并不丢弃数据包set zone "Trust" screen icmp-flood /设置ICMP泛洪攻击保护set zone "Trust" screen udp-flood /设置UDP泛洪攻击保护set zone "Trust" screen winnuke /设置winnuke攻击保护set zone "Trust" screen port-scan /设置端口扫描攻击保护set zone "Trust" screen ip-sweep /设置IP地址扫描攻击保护set zone "Trust" screen tear-drop /设置tear-drop攻击保护set zone "Trust" screen syn-flood /设置SYN 泛滥攻击保护(DOS)set zone "Trust" screen ip-spoofing /设置IP欺骗攻击保护set zone "Trust" screen ping-death /设置PING-DEATH攻击保护set zone "Trust" screen ip-filter-src /设置禁示使用松散源路由或严格源路由选项set zone "Trust" screen land /设置陆地攻击保护set zone "Trust" screen tcp-no-flag /设置TCP无标志保护set zone "Trust" screen unknown-protocol /设置未知协议保护set zone "Trust" screen ip-bad-option /设置BAD选项保护set zone "Trust" screen ip-record-route /设置记录路由保护set zone "Trust" screen ip-timestamp-opt /设置时间戳保护set zone "Trust" screen ip-security-opt /设置IP安全选项保护(已不用)set zone "Trust" screen ip-loose-src-route /设置松散源路由(记录)set zone "Trust" screen ip-strict-src-route /设置严格源路由(记录)set zone "Trust" screen ip-stream-opt /设置IP选项流ID(费弃选项)set zone "Trust" screen icmp-large /设置icmp大包保护set zone "Trust" screen syn-fin /设置操作系统set zone "Trust" screen fin-no-ack /设置FIN但无ACK标志保护set zone "Trust" screen limit-session source-ip-based /设置源IP会话限制set zone "Trust" screen syn-ack-ack-proxy /设置同步代理泛滥保护set zone "Trust" screen block-frag /设置IP封包的碎片保护set zone "Trust" screen limit-session destination-ip-based /设置目的IP会话限制set zone "Untrust" screen tear-dropset zone "Untrust" screen syn-floodset zone "Untrust" screen ping-deathset zone "Untrust" screen ip-filter-srcset zone "Untrust" screen landset zone "V1-Untrust" screen tear-dropset zone "V1-Untrust" screen syn-floodset zone "V1-Untrust" screen ping-deathset zone "V1-Untrust" screen ip-filter-srcset zone "V1-Untrust" screen landset zone "Trust" screen limit-session destination-ip-based 1280 /设置目的IP会话限制1.8接口的设定set interface "trust" zone "Trust" /将接口trust绑定到trust安全区域set interface "untrust" zone "Untrust" /将接口untrust绑定到untrust安本区域unset interface vlan1 ip /没有设定VLAN IP地址set interface trust ip 10.0.71.1/24 /设置trust接口IP地址set interface trust nat /设置trust接口工作模式set interface untrust ip xxx.xxx.xxx.131/26 /设置untrust接口IP地址set interface untrust route /设置untrust接口工作模式set interface untrust gateway xxx.xxx.xxx.129 /设置untrust接口网关unset interface vlan1 bypass-others-ipsec /阻止NetScreen 设备通过IPSec信息流unset interface vlan1 bypass-non-ip /阻止所有非IP和非ARP 单点传送信息流set interface trust ip manageable /设置trust接口为可管理接口set interface untrust ip manageable /设置untrust接口为可管理接口set interface untrust manage ping /允许untrust接口PINGset interface untrust manage ssh /允许untrust接口可以SSH 管理set interface untrust manage web /允许untrust接口可以WEB 管理1.9MIP地址映射的设定set interface "untrust" mip xxx.xxx.xxx.135 host 10.0.71.135 netmask 255.255.255.255 vrouter "trust-vr" /设置MIP映射地址以下类同:set interface "untrust" mip xxx.xxx.xxx.133 host 10.0.71.133 netmask 255.255.255.255 vrouter "trust-vr"set interface "untrust" mip xxx.xxx.xxx.134 host 10.0.71.134 netmask 255.255.255.255 vrouter "trust-vr"set interface "untrust" mip xxx.xxx.xxx.136 host 10.0.71.136 netmask 255.255.255.255 vrouter "trust-vr"set interface "untrust" mip xxx.xxx.xxx.139 host 10.0.71.139 netmask 255.255.255.255 vrouter "trust-vr"set interface "untrust" mip xxx.xxx.xxx.140 host 10.0.71.140 netmask 255.255.255.255 vrouter "trust-vr"set interface "untrust" mip xxx.xxx.xxx.132 host 10.0.71.132 netmask 255.255.255.255 vrouter "trust-vr"set interface "untrust" mip xxx.xxx.xxx.142 host 10.0.71.142 netmask 255.255.255.255 vrouter "trust-vr"set interface "untrust" mip xxx.xxx.xxx.143 host 10.0.71.143 netmask 255.255.255.255 vrouter "trust-vr"。

Juniper路由器配置命令介绍Juniper路由器配置命令介绍目录1、简介2、配置基础命令2.1 进入操作模式2.2 配置系统参数2.3 设置管理接口2.4 配置路由表3、高级配置命令3.1 OSPF配置3.2 BGP配置3.3 VRF配置3.4 MPLS配置4、安全配置命令4.1 配置防火墙4.2 配置安全策略4.3 配置VPN4.4 配置ACL5、故障排查命令5.1 显示命令5.2 路由故障排查5.3 硬件故障排查5.4 访问控制故障排查6、性能优化命令6.1 接口配置6.2 QoS配置6.3 缓存配置6.4 动态路由配置1、简介Juniper路由器是一种支持多种网络协议的高性能路由器。

本文档介绍了Juniper路由器的配置命令，并根据功能分类进行了细化。

2、配置基础命令2.1 进入操作模式- login：登录路由器- cli：进入命令行操作模式- configure：进入配置操作模式2.2 配置系统参数- set system hostname <hostname>：设置路由器主机名- set system domn-name <domn-name>：设置路由器域名- set system time-zone <time-zone>：设置时区- set system name-server <ip-address>：设置DNS服务器2.3 设置管理接口- set interfaces <interface> unit <unit> family inet address <ip-address/mask>：配置管理接口的IP地质- set interfaces <interface> unit <unit> family inet address dhcp：使用DHCP分配管理接口的IP地质2.4 配置路由表- set routing-options static route <destination> next-hop <next-hop>：配置静态路由- set routing-options router-id <id>：配置路由器ID- set protocols ospf area <area> interface <interface>：配置接口与OSPF区域的关联3、高级配置命令3.1 OSPF配置- set protocols ospf area <area> interface <interface>：配置接口与OSPF区域的关联- show ospf neighbor：显示OSPF邻居信息- show ospf route：显示OSPF路由表3.2 BGP配置- set protocols bgp group <group-name> neighbor<neighbor-address>：配置BGP邻居- set protocols bgp group <group-name> family <family>：配置BGP邻居的地质族- show bgp neighbor：显示BGP邻居信息- show bgp summary：显示BGP邻居摘要信息3.3 VRF配置- set routing-instances <instance-name> interface<interface>：配置接口与VRF的关联- set routing-instances <instance-name> routing-options static route <destination> next-hop <next-hop>：配置静态路由3.4 MPLS配置- set protocols mpls interface <interface>：启用接口的MPLS功能- set protocols mpls label-switched-path <LSP-name> to <destination-address> : 配置LSP的路径4、安全配置命令4.1 配置防火墙- set security policies from-zone <from-zone> to-zone <to-zone> policy <policy-name> match <match-conditions> then permit/deny：配置安全策略4.2 配置安全策略- set security zones security-zone <zone-name> address-book address <address-name> <ip-address>：配置地质对象- set security zones security-zone <zone-name> host-inbound-traffic system-services <services>：配置允许进入防火墙的服务4.3 配置VPN- set security ike proposal <proposal-name> authentication-method <method>：配置IKE提议- set security ike gateway <gateway-name> ike-policy <policy-name>：配置IKE网关- set security ipsec vpn <vpn-name> bind-interface<interface>：绑定VPN到接口4.4 配置ACL- set firewall family inet filter <filter-name> term <term-name> from protocol <protocol>：配置ACL规则- set firewall family inet filter <filter-name> term <term-name> then accept/discard：配置ACL规则动作5、故障排查命令5.1 显示命令- show interfaces <interface> detl：显示接口详细信息- show route <destination> : 显示路由信息- show chassis hardware：显示硬件信息5.2 路由故障排查- show bgp summary：显示BGP邻居摘要信息- show ospf neighbor：显示OSPF邻居信息- show route protocol <protocol>：显示指定协议的路由5.3 硬件故障排查- show chassis hardware：显示硬件信息- show log messages：显示系统日志消息- request support information：收集支持信息文件5.4 访问控制故障排查- show security policies from-zone <from-zone> to-zone <to-zone> policy <policy-name>：显示安全策略信息- show security zones interfaces：显示接口与安全域的关联信息6、性能优化命令6.1 接口配置- set interfaces <interface> mtu <mtu-size>：设置接口MTU大小- set interfaces <interface> description <description>：设置接口描述6.2 QoS配置- set class-of-service interfaces <interface> unit<unit> scheduler-map <map-name>：为接口配置调度器映射- set class-of-service scheduler-maps <map-name> forwarding-class <forwarding-class> scheduler <scheduler-name>：配置调度器映射6.3 缓存配置- set forwarding-options cache hit-cache-size <size>：设置缓存大小- set forwarding-options cache timeout <timeout-value>：设置缓存超时时间6.4 动态路由配置- set protocols ospf area <area> interface <interface> passive：将接口设置为OSPF被动接口- set routing-instances <instance-name> interface <interface> passive：将接口设置为VRF被动接口附件：无法律名词及注释：无。

简单介绍以下命令的含义:show chassis fabric destinations | no-more上面的命令的含义是什么意思呢?先在lab里输入后，看下输出：lab > show chassis fabric destinations | no-moreFabric destinations state:0: non-existent2: enabled3: disabled6: dest-err and disabledFPC 2PFE 0Plane 0 0000 0000 2222 0000 0000 2222 0000 2200 0000 0000Plane 1 0000 0000 2222 0000 0000 2222 0000 2200 0000 0000Plane 2 0000 0000 2222 0000 0000 2222 0000 2200 0000 0000Plane 3 0000 0000 2222 0000 0000 2222 0000 2200 0000 0000Plane 4 0000 0000 2222 0000 0000 2222 0000 2200 0000 0000Plane 5 0000 0000 2222 0000 0000 2222 0000 2200 0000 0000Plane 6 0000 0000 2222 0000 0000 2222 0000 2200 0000 0000Plane 7 0000 0000 2222 0000 0000 2222 0000 2200 0000 0000输出有点长，这里简单的截取了前面的一部分。

OK，到这里，我们发现，有0也有2，这些代表什么意思呢？首先，我们知道，pfe和plane、fpc是full-mesh的，即全互连。

所以，这条命令显示的就是，哪个pfe下的plane与fpc相连接。

举例如下：FPC2我们先看下设备上有多少板卡是online的：lab > show chassis fpcTemp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%)Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer0 Empty1 Empty2 Online 46 17 0 16 16 16 3584 8 253 Empty4 Empty5 Online 70 18 0 16 16 16 3136 17 226 Empty7 Online 31 16 0 16 18 18 2048 13 218 Empty9 Empty从上，可以看出有fpc2、fpc5、fpc7是online的。