无色无味(杨波) 的Web Log(博客)
qemu manager安装junos快速向导
一、安装qemu manager 6.0
二、安装openvpn,低版本的openvpn在安装虚拟网卡TAP时,在vista或win7上会报驱动无法通过认证,不予以安装,此时需下载openvpn-2.1_rc15-install版本以上,即可顺利安装网卡驱动。
1、安装完成后看到网络连接内新的网卡,重命名为英文TAP0。TAP网卡负责和虚拟机通讯,虚拟机内的网卡和TAP看起来在一个交换机下。
2、将TAP0网卡设置为和本地网卡不同网段。192.168.10.31(本地网卡为192.168.0.31),掩码都是16位,网关都是192.168.0.1;(此时虚拟机如装好,可以和TAP互通,但是不通其他网络)
3、将本地连接设置为允许共享上网。此时虚拟机只要把网关设为TAP地址,即可和其他网络通讯。相当于通过虚拟机——TAP——本地连接(ICS)——外部网络。
三、qemu manager设置如下:
1、新建虚拟机,20G硬盘,linux系统。
2、网卡参数调整为557b,559e会崩溃,这是这个版本的qemu的问题;e1000没试过,据说junos8以上支持了,在vmware里可以装成功,qemu这次没试。
3、VLAN类型设置为TAP,ID填网络连接里的名称(如TAP0)
4、光盘设置为4.8-RELEASE-i386-mini.iso
5、串口设置为TCP接口,127.0.0.1,端口1007,监听不等待。
四、启动安装系统。
开机,选择第一个选项跳过——stand安装——A自动分配Q完成——stand引导——分区:按C,输入8000M,FS,挂载点/;如此完成:
ad0s1a / 8000M
ad0s1b SWAP 1000M
ad0s1e /tmp 2000M
ad0s1f /var 8800M
Q退出——mini安装——CD/DVD安装——一路回车,设置网卡,192.168.10.37,掩码16位,网关192.168.10.31(TAP地址)——一路回车,中途设置下时区和鼠标,其他全部默认。
完成后测试ping,已经可以连接任何网络。
五、安装junos
在Freebsd 上登陆FTP服务器输入用户名和密码,模式改为binary的二进制模式,要不在junos安装时出错。
切换到Lcd /var/tmp里面,使用get jinstall-9.6 上传到/var/tmp里,bye(退出)
查看junos文件ls /var/tmp
rm /dev/wd0c 删除/dev/wd0c目录
ln -s /dev/ad0c /dev/wd0c
mkdir /var/etc 在/var下创建一个etc目录
touch /var/etc/master.passwd
touch /var/etc/inetd.conf
touch /var/etc/group
进入/var/tmp目录下
cd /var/tmp
mkdir jinst-signed
cd jinst-signed
tar zxfv ../jinstall-9.6R1.13-export-signed.tgz
mkdir jinst
cd jinst
tar zxfv ../jinstall-9.6R1.13-export.tgz
mkdir pkgtools
cd pkgtools
tar zxfv ../pkgtools.tgz
cd bin
cp /usr/bin/true ./checkpic 把包中的pkgtools.tgz中的checkpic用/usr/bin/true替換掉
cd ..
tar zcfv ../pkgtools.tgz *
cd ..
rm -rf pkgtools
tar zcfv /var/tmp/jinstall-9.6R1.13-export -olive.tgz * 这里我把打好包的olive做了个备份,省的以后重装麻烦了
打包完成后,在/var/tmp下安装 pkg_add -f jinstall-9.6R1.13-export -olive.tgz;
安装成功后先关闭机器#shutdown -h now
六、等待junos自动安装
1、telnet 127.0.0.1 1007;等待JUNOS安装自动完成,时间有点长。
2、安装完成后,telnet和console出现提示符,均可以操作。输入cli进入junos测试。
3、完成后shutdown -h now;耐心等待关闭,此时console无响应,但是telnet里可以看见仍在同步磁盘,不要急于关机。
Juniper学习杂记(七)配置Juniper路由器
1.使用J-web来配置出厂化配置的设备
i.用RJ45连接到fe-0/0/0 or ge-0/0/0 。使用支持128bit位的浏览器。
ii.配置客户端IP地址,(可以使用Dhcp Client或者是static ip address form of 192.168.1.x/24.where x is any value from 2 to 254 .
iii.PING 192.168.1.1 看能否PING通。然后用浏览器打开http://192.168.1.1
iiii.系统将自动以root身份登录进J-web的configuration>quick configuration> setup wizard
快速配置页面功能总汇:
1.访问安全:(Secure Access)
2.端口(interfaces)
3.用户(Users)
4.SNMP(SNMP)
5.Routing and Protocols
6.class of service:
7.Firewall
8.DHCP
9.IPSec Tunnels:
10.RPM
11.Firewall Filters:
在Junos的show 中有一个非常方便的使用方法
[edit]
root@Junos# show interfaces em0
link-mode full-duplex;
unit 0 {
family inet {
address 192.168.1.254/24;
address 10.0.0.5/24;
address 1.1.1.2/24;
}
}
[edit]
root@Junos# show interfaces em0 | display set
set interfaces em0 link-mode full-duplex
set interfaces em0 unit 0 family inet address 192.168.1.254/24
set interfaces em0 unit 0 family inet address 10.0.0.5/24
set interfaces em0 unit 0 family inet address 1.1.1.2/24
在配置模式下,通过show查看某个节点的配置,可以在后面加上PIPE选项(display set)即显示为配置命令。
物理接口逻辑单元:
t1-4/0/0.43
逻辑接口在Junos中是必须的。
多播协议地址支持一个逻辑单元。
系统监控:
Monitor > System (CLI: show system …)
System identiffication:
System Time:显示系统启动时间,上次修改时间,上次路由协议高动时间等
Users:显示用户登录相关信息。
Memory Usage:
CPU Usage:
System Storage:
Monitoring the Chassis (系统底层监控)
J-web:Monitor > Chassis
CLI:show chassis
Monitoring Interfaces: 
J-web: Monitor > Interfaces
CLI: show interfaces terse
MOnltoring an interface:
CLI:root@Junos> monitor interface em0
Operating Juniper Networks Routers In the Enterprise (Chapter 4:Installation and Initial Configurarion)
自动安装(what is Autoinstallation?)
这特性只有J-serial才支持。
自动安装有两个阶段:
1)、获取地址(DHCP、RARP、SLARP)
2)、下载配置文件 (ftp/http/tftp)
关于自动安装的第一步:获取地方的一些记录:
1、LAN中使用DHCP和RARP
2. 在点到点的WAN中Router使用串行接口的SLARP(Serial Line address Resolution Protocol Over Cisco-HDLC encapsulation for address acquisition)
自动安装中的配置文件名获取顺序:
1.如果有在edit system autoinstallation中配置,则获取此文件
2.如果没有配置,且如果DHCP有附加文件名,则获取此文件
3.获取文件为network.conf的配置文件
4.如果有在edit system static-host-mapping中指定,获取hostname.conf
5.获取hostname.conf,此hostname来自与DNS。
6.获取hostname.conf,如果在edit system host-name中指定的话
7.获取router.conf
q
Juniper学习杂记(五)<配置模式>
使用edit ….进入配置模式
使用edit system …等路径进入需要配置的地方。
使用set 配置参数
可使用top、up、up n 、等命令Moveing
完全配置后使用commit保存配置。
Juniper最多可以保存50次以往配置。
ID为0的为当前活动配置
0-3存储在/config/目录下
4-49的存储在/var/db/config目录下面
可以使用configure exclusive进入排它配置模式,可以使用configure private进入只显示自己数据的模式.
root@Junos% cli
root@Junos> configure ?
Possible completions:
<[Enter]> Execute this command
exclusive Obtain exclusive lock (other users cannot make changes)
private Work in private database (other’s changes do not show)
配置文件差异对比:
可使用show | compare来对比当前修改过的配置与活动配置的差异。
可样可以使用show | compare rollback n 来对比活动配置与n号配置的差异。
root@Junos# show | compare rollback 5
[edit system]
+ time-zone asia/chongqing;
[edit system login user yangybcy authentication]
- encrypted-password "$1$BbQKmMvk$4fNVVgGYHUog3Sn/c8rb9."; ## SECRET-DATA
+ encrypted-password "$1$/lVD51tY$81XjgiyJTvaY.W04hQ.uP1"; ## SECRET-DATA
[edit system services]
- ssh {
- root-login allow;
- protocol-version v2;
- }
[edit interfaces em0 unit 0 family inet]
address 10.0.0.5/24 { … }
+ address 1.1.1.2/24;
[edit]
在这儿可以看到-表示的是被修改过的配置。+号表示新增的配置。
还可以在Montor状态下使用file compare来对比文件。
移除某条配置:
可使用delete来删除某条配置。
[edit system services ssh]
root@Junos# set root-login allow
[edit system services ssh]
root@Junos#
[edit system services ssh]
root@Junos# show
root-login allow;
[edit system services ssh]
root@Junos# delete root-login allow
[edit system services ssh]
root@Junos# show
[edit system services ssh]
root@Junos#
配置保存:
对配置操作后,一定要使用commit保存配置,
可使用commit check来检查当前配置的正确性、
可使用commit confirmed 来验证修改后的配置是否可以正常运行。执行此命令后系统会自动在10分钟后返回当前活动配置。
root@Junos# commit confirmed
commit confirmed will be automatically rolled back in 10 minutes unless confirmed
commit complete
# commit confirmed will be rolled back in 10 minutes
[edit system services ssh]
root@Junos#
可使用commit at time (21:00:00)来指定配置在什么时间保存
可使用commit comment “TEXT” 来为此次保存的配置添加说明
可使用commit and-quit来执行保存后退出。
配置回退:
可使用Rollback来回退配置,最多可以回退50个配置。
rollback n
SAVE命令。
可以把配置到其它地方。可以是LOCAL、FTP、TFTP等地方。
root@Junos# save ?
Possible completions:
<filename> Filename (URL, local, remote, or floppy)
terminal Use login terminal
[edit system services ssh]
root@Junos# save
Load命令:
root@Junos# load ?
Possible completions:
factory-default Override existing configuration with factory default
merge Merge contents with existing configuration
patch Load patch file into configuration
replace Replace configuration data
set Execute set of commands on existing configuration
update Update existing configuration
[edit system services ssh]
RUN命令:
Junos 学习杂记(三)<monitor traffic packet>
今天看到J-web这一章,看到可以通过J-web中的Diagnose—>Packet Capture来decode包到Web上输出! 所以想在CLI上试试实现此功能的命令为什么!
我试过了decode,debug等一些命令都不行。
突然我想到Junos中有对命令功能分类的习惯。decode数据包应该是属于监控类命令中的,所以试试在Monitor 后打?号,发现有个traffic 哈哈。正是此命令。
root@Junos> monitor traffic count 5
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on em0, capture size 96 bytes
Reverse lookup for 1.1.1.2 failed (check DNS reachability).
Other reverse lookup failures will not be reported.
Use <no-resolve> to avoid reverse lookups on IP addresses.
22:37:36.476065 In IP 1.1.1.1.1927 > 1.1.1.2.http: S 3115715898:3115715898(0) win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp 0 0,[|tcp]>
22:37:36.477092 Out IP 1.1.1.2.http > 1.1.1.1.1927: S 4292642396:4292642396(0) ack 3115715899 win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 880588 0,[|tcp]>
22:37:36.477391 In IP 1.1.1.1.1927 > 1.1.1.2.http: . ack 1 win 8192 <nop,nop,timestamp 126625 880588>
22:37:36.478045 In IP 1.1.1.1.1927 > 1.1.1.2.http: P 1:1084(1083) ack 1 win 8192 <nop,nop,timestamp 126625 880588>
22:37:36.577526 Out IP 1.1.1.2.http > 1.1.1.1.1927: . ack 1084 win 33304 <nop,nop,timestamp 880689 126625>
如果不加count 5,它会一直traffic下去! 真够郁闷的
monitor traffic print-hex count 1 (还可以指定monitor traffic到的数据包以何种格式显示)
22:42:47.264304 In IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 1024, seq 512, length 40
000c 29ab 3359 0200 4c4f 4f50 0800 4500
003c 34b0 0000 4001 420d 0101 0101 0101
0102 0800 475c 0400 0200 6162 6364 6566
6768 696a 6b6c 6d6e 6f70 7172 7374 7576
7761 6263 6465 6667 6869
components of Authorization
user –> class –Permissions –> deny-command(deny-configuration) –> allow-command (allow-configuration ) –>authorized or denied
Permlssions
access:Allows viewing of network access configuration;
……
等等
Authorization Example
[edit system login]
root@Junos# show
class read {
permissions view;
}
}
user user {
uid 2002;
class read;
authentication {
encrypted-password "$1$qWjRAxao$jD/0DVK4dqevvAz4ZNlwt1"; ## SECRET-DATA
}
}
当user为Read的class时。通过该 用户登录的终端为以下:
user@Junos> ?
Possible completions:
file Perform file operations
help Provide help information
op Invoke an operation script
quit Exit the management session
request Make system-level requests
set Set CLI properties, date/time, craft
show Show system information
start Start shell
test Perform diagnostic debugging
user@Junos>
这儿有show 是因为有一个Permissions view;
当在Class read中使用set class read allow-command configure //允许执行configure后的命令结构如下 :
user@Junos> ?
Possible completions:
configure Manipulate software configuration inf
file Perform file operations
help Provide help information
op Invoke an operation script
quit Exit the management session
request Make system-level requests
set Set CLI properties, date/time, craft
show Show system information
start Start shell
test Perform diagnostic debugging
user@Junos>
【转】JUNOS8.5+JWEB8.5虚拟机[117M]组播固化-VLAN-逻辑路由器
Address Interface State ID Pri Dead
10.0.4.6 em1.12 Full 10.0.6.2 128 37
10.0.4.13 em1.13 Full 10.0.3.3 128 34
Address Interface State ID Pri Dead
10.0.2.2 em5.53 Full 10.0.3.3 128 34
10.0.2.10 em5.54 Full 10.0.3.4 128 33
10.0.8.5 em5.56 Full 10.0.9.6 128 31
10.0.8.10 em5.57 Full 10.0.9.7 128 34
+ = Active Route, – = Last Active, * = Both
> to 10.0.4.13 via em1.13
10.0.2.4/30 *[OSPF/10] 00:02:51, metric 2
> to 10.0.4.13 via em1.13
10.0.2.8/30 *[OSPF/10] 00:02:51, metric 3
> to 10.0.4.6 via em1.12
to 10.0.4.13 via em1.13
10.0.3.3/32 *[OSPF/10] 00:02:51, metric 1
> to 10.0.4.13 via em1.13
10.0.3.4/32 *[OSPF/10] 00:02:51, metric 2
to 10.0.4.6 via em1.12
> to 10.0.4.13 via em1.13
10.0.3.5/32 *[OSPF/10] 00:02:51, metric 2
> to 10.0.4.13 via em1.13
10.0.4.0/30 *[OSPF/10] 00:02:51, metric 2
to 10.0.4.6 via em1.12
> to 10.0.4.13 via em1.13
10.0.4.4/30 *[Direct/0] 00:03:56
> via em1.12
10.0.4.5/32 *[Local/0] 00:03:56
Local via em1.12
10.0.4.8/30 *[OSPF/10] 00:03:06, metric 2
> to 10.0.4.6 via em1.12
10.0.4.12/30 *[Direct/0] 00:03:56
> via em1.13
10.0.4.14/32 *[Local/0] 00:03:56
Local via em1.13
10.0.6.1/32 *[Direct/0] 00:03:56
> via lo0.1
10.0.6.2/32 *[OSPF/10] 00:03:06, metric 1
> to 10.0.4.6 via em1.12
10.0.8.0/30 *[OSPF/10] 00:02:51, metric 4
> to 10.0.4.13 via em1.13
10.0.8.4/30 *[OSPF/10] 00:02:51, metric 3
> to 10.0.4.13 via em1.13
10.0.8.8/30 *[OSPF/10] 00:02:51, metric 3
> to 10.0.4.13 via em1.13
10.0.9.6/32 *[OSPF/10] 00:02:51, metric 3
> to 10.0.4.13 via em1.13
10.0.9.7/32 *[OSPF/10] 00:02:51, metric 3
> to 10.0.4.13 via em1.13
224.0.0.5/32 *[OSPF/10] 00:03:56, metric 1
MultiRecv
## Last commit: 2008-10-10 17:44:21 UTC by root
version 8.5R1.14;
system {
backup-router 192.168.1.1;
root-authentication {
encrypted-password “$1$Mvxox7d8$UVmJd7OLkwbIJ/B7Kbavz0″; ## SECRET-DATA
}
login {
user mengmeng {
uid 2001;
class super-user;
authentication {
encrypted-password “$1$GAAB2nYd$v.aOFalSpMh5rbiWG/f1a.”; ## SECRET-DATA
}
}
}
services {
ftp;
telnet;
web-management {
http {
port 80;
}
}
}
}
logical-routers {
r1 {
interfaces {
em1 {
unit 12 {
vlan-id 12;
family inet {
address 10.0.4.5/30;
}
}
unit 13 {
vlan-id 13;
family inet {
address 10.0.4.14/30;
}
}
}
lo0 {
unit 1 {
family inet {
address 10.0.6.1/32;
}
}
}
}
protocols {
ospf {
area 0.0.0.10 {
interface em1.12;
interface em1.13;
interface lo0.1;
}
}
}
}
r2 {
interfaces {
em2 {
unit 21 {
vlan-id 12;
family inet {
address 10.0.4.6/30;
}
}
unit 23 {
vlan-id 23;
family inet {
address 10.0.4.2/30;
}
}
unit 24 {
vlan-id 24;
family inet {
address 10.0.4.10/30;
}
}
}
lo0 {
unit 2 {
family inet {
address 10.0.6.2/32;
}
}
}
}
protocols {
ospf {
area 0.0.0.10 {
interface em2.21;
interface em2.23;
interface em2.24;
interface lo0.2;
}
}
}
}
r3 {
interfaces {
em3 {
unit 31 {
vlan-id 13;
family inet {
address 10.0.4.13/30;
}
}
unit 32 {
vlan-id 23;
family inet {
address 10.0.4.1/30;
}
}
unit 34 {
vlan-id 34;
family inet {
address 10.0.2.5/30;
}
}
unit 35 {
vlan-id 35;
family inet {
address 10.0.2.2/30;
}
}
}
lo0 {
unit 3 {
family inet {
address 10.0.3.3/32;
}
}
}
}
protocols {
ospf {
area 0.0.0.10 {
interface em3.31;
interface em3.32;
}
area 0.0.0.0 {
interface em3.34;
interface em3.35;
interface lo0.3;
}
}
}
}
r4 {
interfaces {
em4 {
unit 42 {
vlan-id 24;
family inet {
address 10.0.4.9/30;
}
}
unit 43 {
vlan-id 34;
family inet {
address 10.0.2.6/30;
}
}
unit 45 {
vlan-id 45;
family inet {
address 10.0.2.10/30;
}
}
}
lo0 {
unit 4 {
family inet {
address 10.0.3.4/32;
}
}
}
}
protocols {
ospf {
area 0.0.0.10 {
interface em4.42;
}
area 0.0.0.0 {
interface em4.43;
interface em4.45;
interface lo0.4;
}
}
}
}
r5 {
interfaces {
em5 {
unit 53 {
vlan-id 35;
family inet {
address 10.0.2.1/30;
}
}
unit 54 {
vlan-id 45;
family inet {
address 10.0.2.9/30;
}
}
unit 56 {
vlan-id 56;
family inet {
address 10.0.8.6/30;
}
}
unit 57 {
vlan-id 57;
family inet {
address 10.0.8.9/30;
}
}
}
lo0 {
unit 5 {
family inet {
address 10.0.3.5/32;
}
}
}
}
protocols {
ospf {
area 0.0.0.0 {
interface em5.53;
interface em5.54;
interface lo0.5;
}
area 0.0.0.1 {
interface em5.56;
interface em5.57;
}
}
}
}
r6 {
interfaces {
em6 {
unit 65 {
vlan-id 56;
family inet {
address 10.0.8.5/30;
}
}
unit 67 {
vlan-id 67;
family inet {
address 10.0.8.1/30;
}
}
}
lo0 {
unit 6 {
family inet {
address 10.0.9.6/32;
}
}
}
}
protocols {
ospf {
area 0.0.0.1 {
interface em6.65;
interface em6.67;
interface lo0.6;
}
}
}
}
r7 {
interfaces {
em7 {
unit 75 {
vlan-id 57;
family inet {
address 10.0.8.10/30;
}
}
unit 76 {
vlan-id 67;
family inet {
address 10.0.8.2/30;
}
}
}
lo0 {
unit 7 {
family inet {
address 10.0.9.7/32;
}
}
}
}
protocols {
ospf {
area 0.0.0.1 {
interface em7.75;
interface em7.76;
interface lo0.7;
}
}
}
}
}
interfaces {
em0 {
unit 0 {
family inet {
address 192.168.1.254/24;
}
}
}
em1 {
vlan-tagging;
}
em2 {
vlan-tagging;
}
em3 {
vlan-tagging;
}
em4 {
vlan-tagging;
}
em5 {
vlan-tagging;
}
em6 {
vlan-tagging;
}
em7 {
vlan-tagging;
}
}
routing-options {
static {
route 0.0.0.0/0 {
next-hop 192.168.1.1;
retain;
no-readvertise;
}
}
}
我自己
