一、 配置目标
1) 设置root用户口令
2) 设置远程用户和口令
3) 打开一些service
4) 升级JUNOS
二、 具体配置
1) 初次进入系统:
Console(通用超级终端缺省配置)连接SRXroot用户登陆,密码为空
login: root
Password:
--- JUNOS 9.5R1.8 built 2009-07-16 15:04:30 UTC
root% cli                  /***进入操作模式***/
root>
root> configure
Entering configuration mode  /***进入配置模式***/
[edit]
Root#
2) 设置root口令
root# set system root-authentication plain-text-password
root# new password : root123   
root# retype new password: root123
密码将以密文方式显示
root# show system root-authentication
encrypted-password "$1$xavDeUe6$fNM6olGU.8.M7B62u05D6."; # SECRET-DATA
注意:强烈建议不要使用其它加密选项来加密root和其它user口令(encrypted-password加密方式),此配置参数要求输入的口令应是经加密算法加密后的字符串,采用这种加密方式手工输入时存在密码无法通过验证风险。
注:root用户仅用于console连接本地管理SRX,不能通过远程登陆管理SRX,必须成功设置root口令后,才能执行commit提交后续配置命令。
3) 设置远程用户和口令:
root# set system login user lab class super-user authentication plain-text-password
root# new password : lab123   
root# retype new password: lab123
注:此lab用户拥有超级管理员权限,可用于console和远程管理访问,另也可自行灵活定义其它不同管理权限用户。
4) 远程管理SRX相关配置
run set date YYYYMMDDhhmm.ss      /***设置系统时钟***/
set system time-zone Asia/Shanghai   /***设置时区为上海***/
set system host-name SRX3400-A     /***设置主机名***/
set system name-server 1.1.1.1      /***设置DNS服务器***/
set system services ftp       
set system services telnet           
set system services web-management http
/***在系统级开启ftp/telnet/http远程接入管理服务***/
root# set interfaces fxp0 unit 0 family inet address 192.168.3.81/24 
[edit]
root# commit
commit complete
/**为管理端口配置ip地址fxp默认在系统中看不到**/
5) 升级JUNOS
root> show version
Model: srx3600
JUNOS Software Release [9.4R2.9]  /**查看现在系统的版本**/
我们现在要升级到目标为10.1R1.8,通过juniper网站产看升级顺序,发现必须把软件升级到9.4以上的版本才能直接升级到10.1R1.8版本,所以我们首先把版本升级到9.6R1.13
我们首先要在电脑上有相应的系统软件,其次需要FTP 软件用户拷贝软件到SRX上
Eg:
root> ftp 192.168.3.100  /**ftp到服务器**/
Connected to 192.168.3.100.
220 ArGoSoft FTP Server for Windows NT/2000/XP, Version 1.4 (1.4.3.7)
Name (192.168.3.100:root): test
331 Need password
Password:
230 User test logged in successfully **
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> binary
200 Type set to Image (binary)
ftp> hash    /**hash校验root的初始密码**/
Hash mark printing on (1024 bytes/hash mark).
ftp> get junos-srx3000-9.  /**上传软件到系统**/
local: junos-srx3000-10. remote: junos-srx3000-10.
200 Port command successful
150 Opening binary data connection
100% |**************************************************|  172 MB    00:00 ETA
226 Transfer complete
180486271 bytes received in 500.33 seconds (352.28 KB/s)
ftp> bye  /**退出ftp**/
221 Aba he
root> request system software add junos-srx3000-9. unlink no-copy
/**升级软件**/
NOTICE: Validating configuration against junos-srx3000-9.
NOTICE: Use the 'no-validate' option to skip this if desired.
Checking compatibility with configuration
Verified manifest signed by PackageProduction_9_4_0
Using /cf/root/junos-srx3000-9.
Checking junos requirements on /
Available space: 500934 require: 163950
Saving boot file package in /var/sw/pkg/junos-boot-srx3000-9.
Verified manifest signed by PackageProduction_9_6_0
Hardware Database regeneration succeeded
Validating against /f.gz
mgd: commit complete
Validation succeeded
Installing package '/cf/root/junos-srx3000-9.' ...
Verified SHA1 checksum
Verified junos-boot-srx3000-9. signed by PackageProduction_9_6_0
Verified junos-srx3000-9.6R1.13-domestic signed by PackageProduction_9_6_0
Available space: 500934 require: 163950
Saving boot file package in /var/sw/pkg/junos-boot-srx3000-9.
JUNOS 9.6R1.13 will become active at next reboot
WARNING: A reboot is required to load this software correctly
WARNING:    Use the 'request system reboot' command
WARNING:        when software installation is complete
Saving state for rollback ...
Removing /cf/root/junos-srx3000-9.
root>request system reboot    /**重启**/
Reboot the system ? [yes,no] (no) yes
Shutdown NOW!
[pid 2541]
升级到9.6R1.13,重启,下一步升级到目标版本
root> ftp 192.168.3.100    /**ftp到服务器**/
Connected to 192.168.3.100.
220 ArGoSoft FTP Server for Windows NT/2000/XP, Version 1.4 (1.4.3.7)