青菜 2007-11-16 09:19
大猫JNCIP-M Lab考试问答之一[Initial Config & System Mgmt]
[size=22pt][font=Times New Roman]Initial Config & System Mgmt:[/font][/size]
[size=10.5pt][font=Times New Roman][size=3] [/size][/font][/size]
[size=3][color=blue][font=宋体]问题一:配置指定用户权限的方法,只让用户看[/font][/color][color=blue][size=10.5pt][font=Times New Roman]show interfaces[/font][/size][/color][color=blue][font=宋体]结果和能够[/font][/color][color=blue][size=10.5pt][font=Times New Roman]ping[/font][/size][/color][/size]
[size=10.5pt][size=3][font=Times New Roman]set class ops permissions network[/font][/size][/size]
[size=3][size=10.5pt][font=Times New Roman]set ops allow-commands “show interface [[/font][/size][font=宋体]空格[/font][size=10.5pt][font=Times New Roman]]”[/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]set ops deny-commands “traceroute|telnet|ssh”[/font][/size][/size]
[size=3][font=宋体]然后把用户加入到[/font][size=10.5pt][font=Times New Roman]ops[/font][/size][font=宋体]的组里,主要不要改动[/font][size=10.5pt][font=Times New Roman]operator/read-only/superuser/unauthorized[/font][/size][font=宋体]这四个预定义的组[/font][size=10.5pt][/size][/size]
[color=blue][size=10.5pt][font=Times New Roman][size=3] [/size][/font][/size][/color]
[align=left][size=3][color=blue][font=宋体]问题二:题目要求如下:[/font][/color][color=blue][size=10.5pt][/size][/color][/size][/align]
[align=left][size=3][b][color=blue][font=宋体][size=10.5pt]Place authorization messages into a log file named [/size][/font][/color][/b][b][color=blue][font=宋体][size=10.5pt]auth[/size][/font][/color][/b][/size][/align]
[align=left][size=3][b][color=blue][font=宋体][size=10.5pt]Permit five copies of the [/size][/font][/color][/b][b][color=blue][font=宋体][size=10.5pt]auth [/size][/font][/color][/b][b][color=blue][font=宋体][size=10.5pt]file, each no larger than 5MB[/size][/font][/color][/b][b][color=blue][font=宋体][size=10.5pt][/size][/font][/color][/b][/size][/align]
[size=3][font=宋体]注意,先删除默认的[/font][size=10.5pt][font=Times New Roman]file messages authorization[/font][/size][font=宋体],然后[/font][size=10.5pt][font=Times New Roman]set file auth authorization info/set file auth archive files 5 size 5m[/font][/size][font=宋体],注意一定不要把配置层次搞错了,否则就是应用到[/font][size=10.5pt][font=Times New Roman]syslog[/font][/size][font=宋体]下所有文件[/font][size=10.5pt][/size][/size]
[size=10.5pt][font=Times New Roman][size=3] [/size][/font][/size]
[size=3][color=blue][font=宋体]问题三:题目要求如下:[/font][/color][size=10.5pt][/size][/size]
[align=left][color=blue][font=Wingdings][size=10.5pt][size=3]l[/size]
[/size][/font][/color][b][color=blue][font=宋体][size=10.5pt][size=3]Only allow SNMP access from the SNMP server[/size][/size][/font][/color][/b][/align]
[align=left][color=blue][font=Wingdings][size=10.5pt][size=3]l[/size]
[/size][/font][/color][b][color=blue][font=宋体][size=10.5pt][size=3]Only allow SNMP access over the fxp0 interface[/size][/size][/font][/color][/b][/align]
[align=left][color=blue][font=Wingdings][size=10.5pt][size=3]l[/size]
[/size][/font][/color][size=3][b][color=blue][font=宋体][size=10.5pt]Use a community string of [/size][/font][/color][/b][b][color=blue][font=宋体][size=10.5pt]test[/size][/font][/color][/b][/size][/align]
[align=left][color=blue][font=Wingdings][size=10.5pt][size=3]l[/size]
[/size][/font][/color][size=3][b][color=blue][font=宋体][size=10.5pt]Send all link up and down related traps to the SNMP server[/size][/font][/color][/b][b][color=blue][font=宋体][size=10.5pt][/size][/font][/color][/b][/size][/align]
[size=10.5pt][size=3][font=Times New Roman][edit snmp][/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]lab@Juniper-Lab# show [/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]interface fxp0.0;[/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]community test {[/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]
clients {[/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]
10.0.200.2/32;[/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]
}[/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]}[/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]trap-group interface-log {[/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]
categories {[/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]
link;[/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]
}[/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]
targets {[/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]
10.0.200.2;[/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]
}[/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]}[/font][/size][/size]
[size=3][font=宋体]另外,默认的[/font][size=10.5pt][font=Times New Roman]snmp community[/font][/size][font=宋体]的权限是[/font][size=10.5pt][font=Times New Roman]read-only[/font][/size][font=宋体],如果要改就使用命令[/font][size=10.5pt][font=Times New Roman]set community test authorization read-write[/font][/size][/size]
[size=3][font=宋体]验证[/font][size=10.5pt][font=Times New Roman]trap-group[/font][/size][font=宋体]的配置可以用[/font][size=10.5pt][font=Times New Roman]monitor traffic interface fxp0 matching udp[/font][/size][font=宋体]来看结果是不是有[/font][size=10.5pt][/size][/size]
[size=10.5pt][font=Times New Roman][size=3] [/size][/font][/size]
[size=3][color=blue][font=宋体]问题四:题目要求如下:[/font][/color][size=10.5pt][/size][/size]
[align=left][b][color=blue][font=宋体][size=10.5pt][size=3]In this example, you will configure NTP on the local router to meet the following criteria:[/size][/size][/font][/color][/b][/align]
[align=left][color=blue][font=Wingdings][size=10.5pt][size=3]l[/size]
[/size][/font][/color][b][color=blue][font=宋体][size=10.5pt][size=3]The router must synchronize to the NTP server.[/size][/size][/font][/color][/b][/align]
[align=left][color=blue][font=Wingdings][size=10.5pt][size=3]l[/size]
[/size][/font][/color][b][color=blue][font=宋体][size=10.5pt][size=3]The router clock cannot set automatically at boot.[/size][/size][/font][/color][/b][/align]
[align=left][color=blue][font=Wingdings][size=10.5pt][size=3]l[/size]
[/size][/font][/color][size=3][b][color=blue][font=宋体][size=10.5pt]NTP version 4 must be used, with MD5 authentication using key ID [/size][/font][/color][/b][b][color=blue][font=宋体][size=10.5pt]101 [/size][/font][/color][/b][b][color=blue][font=宋体][size=10.5pt]and a key value of [/size][/font][/color][/b][b][color=blue][font=宋体][size=10.5pt]jni[/size][/font][/color][/b][b][color=blue][font=宋体][size=10.5pt].[/size][/font][/color][/b][/size][/align]
[size=10.5pt][size=3][font=Times New Roman][edit system ntp][/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]lab@Juniper-Lab# show [/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]authentication-key 101 type md5 value "$9$km5FIRSreW"; ## SECRET-DATA[/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]server 10.0.200.2 key 101; ## SECRET-DATA[/font][/size][/size]
[size=10.5pt][size=3][font=Times New Roman]trusted-key 101;[/font][/size][/size]
[size=3][font=宋体]第二个要求启动时不自动同步就是不设置[/font][size=10.5pt][font=Times New Roman]ntp boot-server[/font][/size][font=宋体],还有注意[/font][size=10.5pt][font=Times New Roman]NTP client[/font][/size][font=宋体]只有和[/font][size=10.5pt][font=Times New Roman]server[/font][/size][font=宋体]时间相差[/font][size=10.5pt][font=Times New Roman]128ms[/font][/size][font=宋体]到[/font][size=10.5pt][font=Times New Roman]128s[/font][/size][font=宋体]之间才会同步,所以必要时在[/font][size=10.5pt][font=Times New Roman] operational mode[/font][/size][font=宋体]下[/font][size=10.5pt][font=Times New Roman]set date[/font][/size][font=宋体]吧,还有,别忘记设置[/font][size=10.5pt][font=Times New Roman]time-zone[/font][/size][/size]
[size=10.5pt][font=Times New Roman][size=3] [/size][/font][/size]
[size=3][color=blue][font=宋体]问题五:注意如果[/font][/color][color=blue][size=10.5pt][font=Times New Roman]load merge terminal[/font][/size][/color][color=blue][font=宋体]不好用的话就用[/font][/color][color=blue][size=10.5pt][font=Times New Roman]load merge terminal relative[/font][/size][/color][color=blue][font=宋体],这个好用![/font][/color][size=10.5pt][/size][/size]
[size=10.5pt][font=Times New Roman][size=3] [/size][/font][/size]
[size=3][color=blue][font=宋体]问题六:[/font][/color][color=blue][size=10.5pt][font=Times New Roman]fxp0.0[/font][/size][/color][color=blue][font=宋体]接口要注意做了静态路由以后要加上[/font][/color][color=blue][size=10.5pt][font=Times New Roman]no-readvertise[/font][/size][/color][color=blue][font=宋体],否则都进到你的[/font][/color][color=blue][size=10.5pt][font=Times New Roman]IGP[/font][/size][/color][color=blue][font=宋体]里去了[/font][/color][size=10.5pt][/size][/size]
