问题一:配置指定用户权限的方法,只让用户看show interfaces结果和能够ping
set class ops permissions network
set ops allow-commands “show interface [空格]”
set ops deny-commands “traceroute|telnet|ssh”
然后把用户加入到ops的组里,主要不要改动operator/read-only/superuser/unauthorized这四个预定义的组
问题二:题目要求如下:
Place authorization messages into a log file named auth
Permit five copies of the auth file, each no larger than 5MB
注意,先删除默认的file messages authorization,然后set file auth authorization info/set file auth archive files 5 size 5m,注意一定不要把配置层次搞错了,否则就是应用到syslog下所有文件
问题三:题目要求如下:
l
Only allow SNMP access from the SNMP server
l
Only allow SNMP access over the fxp0 interface
l
Use a community string of test
l
Send all link up and down related traps to the SNMP server
[edit snmp]
lab@Juniper-Lab# show
interface fxp0.0;
community test {
clients {
10.0.200.2/32;
}
}
trap-group interface-log {
categories {
link;
}
targets {
10.0.200.2;
}
}
另外,默认的snmp community的权限是read-only,如果要改就使用命令set community test authorization read-write
验证trap-group的配置可以用monitor traffic interface fxp0 matching udp来看结果是不是有
问题四:题目要求如下:
In this example, you will configure NTP on the local router to meet the following criteria:
l
The router must synchronize to the NTP server.
l
The router clock cannot set automatically at boot.
l
NTP version 4 must be used, with MD5 authentication using key ID 101 and a key value of jni.
[edit system ntp]
lab@Juniper-Lab# show
authentication-key 101 type md5 value "$9$km5FIRSreW"; ## SECRET-DATA
server 10.0.200.2 key 101; ## SECRET-DATA
trusted-key 101;
第二个要求启动时不自动同步就是不设置ntp boot-server,还有注意NTP client只有和server时间相差128ms到128s之间才会同步,所以必要时在 operational mode下set date吧,还有,别忘记设置time-zone
问题五:注意如果load merge terminal不好用的话就用load merge terminal relative,这个好用!
问题六:fxp0.0接口要注意做了静态路由以后要加上no-readvertise,否则都进到你的IGP里去了
2001-2007 Comsenz Inc.
