第1步:准备工作    
如果是新机器无配置,可直接跳到第2步    
如果配置较多,建议初始化配置load factory-default / commit命令可恢复到出厂缺省配置。    
load factory-default     
恢复出厂后,必须立刻设置ROOT帐号密码<默认密码至少6位数:字母加数字>    
2.1.3 设置root用户口令    
root# set system root-authentication plain-text-password    
root# new password : root123    
root# retype new password: root123    
commit     
//srx所有命令生效,都需要commit提交,建议每个命令提交下

网站的建设创新互联专注网站定制,经验丰富,不做模板,主营网站定制开发.小程序定制开发,H5页面制作!给你焕然一新的设计体验!已为混凝土搅拌罐车等企业提供专业服务。
第2步:启用透明模式   
***由于web界面不支持透明模式管理,需要用超级终端先调试成透明模式***    
set bridge-domains bd1 domain-type bridge    
set bridge-domains bd1 vlan-id 3     
set interfaces irb unit 0 family inet address 10.34.208.199/24    
set bridge-domains bd1 routing-interface irb.0    
//bd1是任意指定的桥域名
第3步:接口启用透明模式   
***要删掉所有接口的unit 0,srx240 为ge-0/0/0~ge-0/0/15***    
delete interfaces ge-0/0/10 unit 0    
delete interfaces ge-0/0/11 unit 0    
***将接口加入透明桥    
set interfaces ge-0/0/0 unit 0 description L2-Untrust    
set interfaces ge-0/0/0 unit 0 family bridge interface-mode trunk    
set interfaces ge-0/0/0 unit 0 family bridge vlan-id-list 3    
set interfaces ge-0/0/1 unit 0 description L2-Untrust    
set interfaces ge-0/0/1 unit 0 family bridge interface-mode trunk    
set interfaces ge-0/0/1 unit 0 family bridge vlan-id-list 3    
set interfaces ge-0/0/2 unit 0 description L2-Trust    
set interfaces ge-0/0/2 unit 0 family bridge interface-mode trunk    
set interfaces ge-0/0/2 unit 0 family bridge vlan-id-list 3    
set interfaces ge-0/0/3 unit 0 description L2-Trust    
set interfaces ge-0/0/3 unit 0 family bridge interface-mode trunk    
set interfaces ge-0/0/3 unit 0 family bridge vlan-id-list 3    
//有提示重启表示透明模式生效    
root#quit    
root> request system reboot    
//重启命令,注意在>模式下输入
第三步:配置接口   
delete security zones security-zone untrust interfaces ge0/0/0.0     
delete security zones security-zone trust interfaces vlan.0    
//把要加入L2-Zone的接口从默认zone里面删除,一个接口只能属于一个zone    
set security zones security-zone L2-Trust host-inbound-traffic system-services all    
set security zones security-zone L2-Trust host-inbound-traffic protocols all    
set security zones security-zone L2-Untrust host-inbound-traffic system-services ping    
set security zones security-zone L2-Untrust host-inbound-traffic system-services http    
set security zones security-zone L2-Untrust host-inbound-traffic system-services telnet    
set security zones security-zone L2-Untrust interfaces ge-0/0/0.0    
set security zones security-zone L2-Untrust interfaces ge-0/0/1.0    
set security zones security-zone L2-Trust interfaces ge-0/0/2.0    
set security zones security-zone L2-Trust interfaces ge-0/0/3.0
第四步:   
set system services web-management http interface irb.0    
//irb可以web管理    
通过http://10.34.208.199     
***irb.0管理口的ip,一般默认设置密码root/root123    
web可以访问后,以下步骤都可以在web界面配置
第五步:加访问策略   
set security policies from-zone L2-Trust to-zone L2-Untrust policy IN-OUT-PERMIT-ALL match source-address any     
set security policies from-zone L2-Trust to-zone L2-Untrust policy IN-OUT-PERMIT-ALL match destination-address any     
set security policies from-zone L2-Trust to-zone L2-Untrust policy IN-OUT-PERMIT-ALL match application any     
set security policies from-zone L2-Trust to-zone L2-Untrust policy IN-OUT-PERMIT-ALL then permit     
set security policies from-zone L2-Untrust to-zone L2-Trust policy OUT-IN-PERMIT-ALL match source-address any     
set security policies from-zone L2-Untrust to-zone L2-Trust policy OUT-IN-PERMIT-ALL match destination-address any     
set security policies from-zone L2-Untrust to-zone L2-Trust policy OUT-IN-PERMIT-ALL match application any     
set security policies from-zone L2-Untrust to-zone L2-Trust policy OUT-IN-PERMIT-ALL then permit
set routing-options static route 0.0.0.0/0 next-hop x.x.x.x   
//默认路由  
本文题目:SRX240的透明模式
网页URL:http://www.jxjierui.cn/article/gcissg.html

 建站
建站
 咨询
咨询 售后
售后
 建站咨询
建站咨询 
 