无色无味(杨波) 的Web Log(博客)
最近要准备装修的事。打算不忙写了!
最近要准备装修的事。打算不忙写了!
利用SLA监控静态路由非直连DOWN
大家都知道如果你的静态路由的下一跳DOWN掉,静态路由会在路由表消失。但是如果非直连DOWN,一般还会存在在你的本地路由表。
但是我使用SLA可做到检测非直连DOWN
R1——————————R2————————-R3
12.1.1.1 1.2 23.1.1.2 1.3
ip sla monitor 123
type echo protocol ipIcmpEcho 23.1.1.3 source-ipaddr 12.1.1.1
frequency 10
ip sla monitor schedule 123 life forever start-time now
track 1 rtr 123 reachability
ip route 23.1.1.0 255.255.255.0 12.1.1.2 track 1
ip route 23.1.1.0 255.255.255.0 12.1.1.2
把R3的接口DOWN掉,在R1show ip route 测试
原文由:kinglab发帖,经修改后发帖!
CCNP将在2009年末重大改版 考试费有望部分下调
Juniper学习杂记(七)配置Juniper路由器
1.使用J-web来配置出厂化配置的设备
i.用RJ45连接到fe-0/0/0 or ge-0/0/0 。使用支持128bit位的浏览器。
ii.配置客户端IP地址,(可以使用Dhcp Client或者是static ip address form of 192.168.1.x/24.where x is any value from 2 to 254 .
iii.PING 192.168.1.1 看能否PING通。然后用浏览器打开http://192.168.1.1
iiii.系统将自动以root身份登录进J-web的configuration>quick configuration> setup wizard
快速配置页面功能总汇:
1.访问安全:(Secure Access)
2.端口(interfaces)
3.用户(Users)
4.SNMP(SNMP)
5.Routing and Protocols
6.class of service:
7.Firewall
8.DHCP
9.IPSec Tunnels:
10.RPM
11.Firewall Filters:
在Junos的show 中有一个非常方便的使用方法
[edit]
root@Junos# show interfaces em0
link-mode full-duplex;
unit 0 {
family inet {
address 192.168.1.254/24;
address 10.0.0.5/24;
address 1.1.1.2/24;
}
}
[edit]
root@Junos# show interfaces em0 | display set
set interfaces em0 link-mode full-duplex
set interfaces em0 unit 0 family inet address 192.168.1.254/24
set interfaces em0 unit 0 family inet address 10.0.0.5/24
set interfaces em0 unit 0 family inet address 1.1.1.2/24
在配置模式下,通过show查看某个节点的配置,可以在后面加上PIPE选项(display set)即显示为配置命令。
物理接口逻辑单元:
t1-4/0/0.43
逻辑接口在Junos中是必须的。
多播协议地址支持一个逻辑单元。
系统监控:
Monitor > System (CLI: show system …)
System identiffication:
System Time:显示系统启动时间,上次修改时间,上次路由协议高动时间等
Users:显示用户登录相关信息。
Memory Usage:
CPU Usage:
System Storage:
Monitoring the Chassis (系统底层监控)
J-web:Monitor > Chassis
CLI:show chassis
Monitoring Interfaces: 
J-web: Monitor > Interfaces
CLI: show interfaces terse
MOnltoring an interface:
CLI:root@Junos> monitor interface em0
Operating Juniper Networks Routers In the Enterprise (Chapter 4:Installation and Initial Configurarion)
自动安装(what is Autoinstallation?)
这特性只有J-serial才支持。
自动安装有两个阶段:
1)、获取地址(DHCP、RARP、SLARP)
2)、下载配置文件 (ftp/http/tftp)
关于自动安装的第一步:获取地方的一些记录:
1、LAN中使用DHCP和RARP
2. 在点到点的WAN中Router使用串行接口的SLARP(Serial Line address Resolution Protocol Over Cisco-HDLC encapsulation for address acquisition)
自动安装中的配置文件名获取顺序:
1.如果有在edit system autoinstallation中配置,则获取此文件
2.如果没有配置,且如果DHCP有附加文件名,则获取此文件
3.获取文件为network.conf的配置文件
4.如果有在edit system static-host-mapping中指定,获取hostname.conf
5.获取hostname.conf,此hostname来自与DNS。
6.获取hostname.conf,如果在edit system host-name中指定的话
7.获取router.conf
q
Juniper学习杂记(五)<配置模式>
使用edit ….进入配置模式
使用edit system …等路径进入需要配置的地方。
使用set 配置参数
可使用top、up、up n 、等命令Moveing
完全配置后使用commit保存配置。
Juniper最多可以保存50次以往配置。
ID为0的为当前活动配置
0-3存储在/config/目录下
4-49的存储在/var/db/config目录下面
可以使用configure exclusive进入排它配置模式,可以使用configure private进入只显示自己数据的模式.
root@Junos% cli
root@Junos> configure ?
Possible completions:
<[Enter]> Execute this command
exclusive Obtain exclusive lock (other users cannot make changes)
private Work in private database (other’s changes do not show)
配置文件差异对比:
可使用show | compare来对比当前修改过的配置与活动配置的差异。
可样可以使用show | compare rollback n 来对比活动配置与n号配置的差异。
root@Junos# show | compare rollback 5
[edit system]
+ time-zone asia/chongqing;
[edit system login user yangybcy authentication]
- encrypted-password "$1$BbQKmMvk$4fNVVgGYHUog3Sn/c8rb9."; ## SECRET-DATA
+ encrypted-password "$1$/lVD51tY$81XjgiyJTvaY.W04hQ.uP1"; ## SECRET-DATA
[edit system services]
- ssh {
- root-login allow;
- protocol-version v2;
- }
[edit interfaces em0 unit 0 family inet]
address 10.0.0.5/24 { … }
+ address 1.1.1.2/24;
[edit]
在这儿可以看到-表示的是被修改过的配置。+号表示新增的配置。
还可以在Montor状态下使用file compare来对比文件。
移除某条配置:
可使用delete来删除某条配置。
[edit system services ssh]
root@Junos# set root-login allow
[edit system services ssh]
root@Junos#
[edit system services ssh]
root@Junos# show
root-login allow;
[edit system services ssh]
root@Junos# delete root-login allow
[edit system services ssh]
root@Junos# show
[edit system services ssh]
root@Junos#
配置保存:
对配置操作后,一定要使用commit保存配置,
可使用commit check来检查当前配置的正确性、
可使用commit confirmed 来验证修改后的配置是否可以正常运行。执行此命令后系统会自动在10分钟后返回当前活动配置。
root@Junos# commit confirmed
commit confirmed will be automatically rolled back in 10 minutes unless confirmed
commit complete
# commit confirmed will be rolled back in 10 minutes
[edit system services ssh]
root@Junos#
可使用commit at time (21:00:00)来指定配置在什么时间保存
可使用commit comment “TEXT” 来为此次保存的配置添加说明
可使用commit and-quit来执行保存后退出。
配置回退:
可使用Rollback来回退配置,最多可以回退50个配置。
rollback n
SAVE命令。
可以把配置到其它地方。可以是LOCAL、FTP、TFTP等地方。
root@Junos# save ?
Possible completions:
<filename> Filename (URL, local, remote, or floppy)
terminal Use login terminal
[edit system services ssh]
root@Junos# save
Load命令:
root@Junos# load ?
Possible completions:
factory-default Override existing configuration with factory default
merge Merge contents with existing configuration
patch Load patch file into configuration
replace Replace configuration data
set Execute set of commands on existing configuration
update Update existing configuration
[edit system services ssh]
RUN命令:
JUNOS学习杂记(五)<CLI Configuration mode>
Movie Level:
[edit]
root@Junos# edit system login
[edit system login]
root@Junos# top
[edit]
root@Junos#
[edit]
root@Junos# edit protocols ospf area 10
[edit protocols ospf area 0.0.0.10]
root@Junos# up 2
[edit protocols]
root@Junos#
Moving Between Level
Summary of moving between levels:
edit function like a CD command
up movies up one level
up n movies up n levels
top moviesto the top of the hierarchy
exit moves to the previous higher level in the hierarchy or exits configuration mode if at the top level of the hierarchy
root@Junos# top edit protocols ospf area 10
[edit protocols ospf area 0.0.0.10]
root@Junos# top
[edit]
root@Junos# top edit protocols ospf area 10
[edit protocols ospf area 0.0.0.10]
root@Junos# up
[edit protocols ospf]
root@Junos# up 2
[edit]
root@Junos# exit
The configuration has been changed but not committed
Exit with uncommitted changes? [yes,no] (yes) yes
root@Junos> show configuration | compare rollback 21
[edit system]
+ time-zone asia/chongqing;
[edit system login class read]
+ permissions view;
- allow-commands show;
+ allow-commands configure;
[edit system login user yangybcy authentication]
- encrypted-password "$1$BbQKmMvk$4fNVVgGYHUog3Sn/c8rb9."; ## SECRET-DATA
+ encrypted-password "$1$/lVD51tY$81XjgiyJTvaY.W04hQ.uP1"; ## SECRET-DATA
[edit interfaces em0 unit 0 family inet]
address 10.0.0.5/24 { … }
+ address 1.1.1.2/24;
回退配置文件
Backing out of Configuration Changes
rollback n
配置文件回退后,一定要执行commit保存。
配置保存:
commit
save filename
Save tftp{ftp}://hostname/filename
Junos学习杂记(四)<CLI>
CLI Modes and Feature Overview(CLI模式和特点) 
CLI Operational Mode (CLI操作模式)
Use the CLI operational mode to monitor and troubleshoot the operational of the router
(使用此模式可监控和排错)
CLI Configuration Mode(CLI配置模式)
Use the CLI Configuration mode when
(当确定要修改路由器配置时,使用此模式)
CLI Modes
Operational mode:(操作模式)
Monitor and troubleshoot lthe software、network、connectivity and router hardware
configuration mode:
configure the router,including interfaces,general routing information, routing protocols,user acces,and system hardware properties.
Logging in:
当普通用户登录系统是这种效果: 
当你从本地使用root登录。是这种情况:
Junos (ttyd0)
login: root
Password:
— JUNOS 8.5R1.14 built 2007-12-08 07:38:33 UTC
root@Junos%
root@Junos% cli
当root用户成功登录后, 会首先进入 Unix的sheel命令提示符,需输入cli 以进入CLI状态。
CLI操作模式: 
root@Junos> show ospf neighbor logical-router r1
Address Interface State ID Pri Dead
10.0.4.6 em1.102 Full 10.0.6.2 128 38
10.0.4.13 em1.103 Full 10.0.6.3 128 37
root@Junos> configure
Entering configuration mode
[edit]
root@Junos# run show ospf neighbor logical-router r1
Address Interface State ID Pri Dead
10.0.4.6 em1.102 Full 10.0.6.2 128 31
10.0.4.13 em1.103 Full 10.0.6.3 128 32
[edit]
root@Junos#
CLI的快捷键:与VT100的一样。
JunOS的Command and Variable completion
Junos命令的自动补全与命令提示
root@Junos> sh<space> i
^
‘i’ is ambiguous.
Possible completions:
igmp Show Internet Group Management Protocol information
ike Show Internet Key Exchange information
ilmi Show interim local management interface information
interfaces Show interface information
ipsec Show IP Security information
ipv6 Show IP version 6 information
isis Show Intermediate System-to-Intermediate System information
root@Junos> show i
<space>表示space按键!
同样也可以使用tab按键来补全命令。
命令提示! 输入 ?
在Junos中有一个命令非常实用。 它就是Help
root@Junos> help topic system user
[code]
Configuring User Accounts User accounts provide one way for users to access the router. (Users can access the router without accounts if you configured RADIUS or TACACS+ servers, as described in Configuring User Authentication.) For each account, you define the login name for the user and, optionally, information that identifies the user. After you have created an account, the software creates a home directory for the user. To create user accounts, include the user statement at the [edit system login] hierarchy level: [edit system login] user username { full-name complete-name; uid uid-value; class class-name; authentication { (encrypted-password "password" | plain-text-password); ssh-rsa "public-key"; ssh-dsa "public-key"; } } For each user account, you can define the following: * Username--(Optional) Name that identifies the user. It must be unique ---(more)--- [/code]
Help reference(参考)
root@Junos> help reference system user-login user (Access) Syntax user username { full-name complete-name; uid uid-value; class class-name; authentication { (encrypted-password "password" | plain-text-password); ssh-rsa "public-key"; ssh-dsa "public-key"; } } Hierarchy Level [edit system login] Release Information Statement introduced before JUNOS Release 7.4. Description Configure access permission for individual users. Options The remaining statements are explained separately. Usage Guidelines See "Configuring User Access". Required Privilege Level admin--To view this statement in the configuration. admin-control--To add this statement to the configuration. class
Junos 学习杂记(三)<monitor traffic packet>
今天看到J-web这一章,看到可以通过J-web中的Diagnose—>Packet Capture来decode包到Web上输出! 所以想在CLI上试试实现此功能的命令为什么!
我试过了decode,debug等一些命令都不行。
突然我想到Junos中有对命令功能分类的习惯。decode数据包应该是属于监控类命令中的,所以试试在Monitor 后打?号,发现有个traffic 哈哈。正是此命令。
root@Junos> monitor traffic count 5
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on em0, capture size 96 bytes
Reverse lookup for 1.1.1.2 failed (check DNS reachability).
Other reverse lookup failures will not be reported.
Use <no-resolve> to avoid reverse lookups on IP addresses.
22:37:36.476065 In IP 1.1.1.1.1927 > 1.1.1.2.http: S 3115715898:3115715898(0) win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp 0 0,[|tcp]>
22:37:36.477092 Out IP 1.1.1.2.http > 1.1.1.1.1927: S 4292642396:4292642396(0) ack 3115715899 win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 880588 0,[|tcp]>
22:37:36.477391 In IP 1.1.1.1.1927 > 1.1.1.2.http: . ack 1 win 8192 <nop,nop,timestamp 126625 880588>
22:37:36.478045 In IP 1.1.1.1.1927 > 1.1.1.2.http: P 1:1084(1083) ack 1 win 8192 <nop,nop,timestamp 126625 880588>
22:37:36.577526 Out IP 1.1.1.2.http > 1.1.1.1.1927: . ack 1084 win 33304 <nop,nop,timestamp 880689 126625>
如果不加count 5,它会一直traffic下去! 真够郁闷的
monitor traffic print-hex count 1 (还可以指定monitor traffic到的数据包以何种格式显示)
22:42:47.264304 In IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 1024, seq 512, length 40
000c 29ab 3359 0200 4c4f 4f50 0800 4500
003c 34b0 0000 4001 420d 0101 0101 0101
0102 0800 475c 0400 0200 6162 6364 6566
6768 696a 6b6c 6d6e 6f70 7172 7374 7576
7761 6263 6465 6667 6869
Huawei S8505 install H3C LSB1GT48LDB0(Upgrade)
现一台HuaweiS8505交换机。原有一块主控板+一块24口LC的光纤板卡。现需升级一块48口全千兆电口交换板!
原有主控软件版本为:S8500-VRP310-R1631-EI
新插上Lsb1gt48ldb0的交换机后。端口状态为Fail。且无识别交换机型号和类型!
后升级S85交换机而解决此问题!
并不是所有的Huawei交换机都可以用此法的
我自己
