juniper srx 650配置

root# show | no-more ## Last changed: 2011-09-30 16:27:00 UTCversion 11.2R2.4;system { arp { aging-timer 1; } root-authentication { encrypted-password "$1$QipJr2uF$6JuFAruQdWXWqJZeGXe530"; ## SECRET-DATA } name-server { 2.6.22.4; 2.6.22.22; } services { ssh; telnet; web-management { http; https { system-generated-certificate; } } } syslog { user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } }}interfaces { ge-2/0/0 { vlan-tagging; native-vlan-id 1; unit 0 { family bridge { interface-mode trunk; vlan-id-list [ 1 6 14 200 201 ]; } } } ge-2/0/1 { vlan-tagging; native-vlan-id 1; unit 0 { family bridge { interface-mode trunk; vlan-id-list 1-4000; } } } ge-2/0/2 { vlan-tagging; native-vlan-id 1; unit 0 { family bridge { interface-mode trunk; vlan-id-list 1-4000; } } } ge-2/0/3 { vlan-tagging; native-vlan-id 1; unit 0 { family bridge { interface-mode trunk; vlan-id-list 1-4000; } } } ge-2/0/4 { description link-to-TSG552-JG08-04; vlan-tagging; native-vlan-id 1; unit 0 { family bridge { interface-mode trunk; vlan-id-list 1-4000; } } } ge-2/0/5 { description link-to-TSG528-JG08-04; vlan-tagging; native-vlan-id 1; unit 0 { family bridge { interface-mode trunk; vlan-id-list 1-4000; } } } ge-2/0/6 { description link-to-TSG5800-JG08-01; vlan-tagging; native-vlan-id 1; unit 0 { family bridge { interface-mode trunk; vlan-id-list 1-4000; } } } ge-2/0/7 { description link-to-TSG5800-JG08-02; vlan-tagging; native-vlan-id 1; unit 0 { family bridge { interface-mode trunk; vlan-id-list 1-4000; } } } ge-2/0/8 { description link-to-TSG552-JG08-03; vlan-tagging; unit 0 { family bridge { interface-mode trunk; vlan-id-list [ 1 101 202 ]; } } } ge-2/0/9 { unit 0 { family bridge { interface-mode access; vlan-id 200; } } } ge-2/0/10 { unit 0 { family bridge { interface-mode access; vlan-id 200; } } } ge-2/0/11 { unit 0 { family bridge { interface-mode access; vlan-id 200; } } } ge-2/0/20 { vlan-tagging; unit 0 { family bridge { interface-mode trunk; vlan-id-list [ 1 13 101 201 200 202 2000 6 14 ]; } } } ge-2/0/21 { native-vlan-id 1; unit 0 { family bridge { interface-mode trunk; vlan-id-list 1-4000; } } } irb { unit 0 { family inet { address 192.168.5.6/24; } } }}routing-options { static { route 0.0.0.0/0 next-hop 192.168.255.1; }}security { flow { bridge { bypass-non-ip-unicast; bpdu-vlan-flooding; } } screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } policies { from-zone trust to-zone untrust { policy trust-to-untrust { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone trust to-zone trust { policy trust-to-trust { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone untrust to-zone trust { policy untrust-to-trust { match { source-address any; destination-address any; application any; } then { permit; } } } } zones { functional-zone management; security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-2/0/4.0; ge-2/0/5.0; ge-2/0/6.0; ge-2/0/7.0; ge-2/0/8.0; ge-2/0/9.0; ge-2/0/10.0; ge-2/0/0.0; ge-2/0/1.0; ge-2/0/2.0; ge-2/0/3.0; } } security-zone untrust { screen untrust-screen; host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-2/0/20.0; ge-2/0/21.0; ge-2/0/11.0; } } }}bridge-domains { bd1 { domain-type bridge; vlan-id 1; routing-interface irb.0; } bd2 { vlan-id-list 2-4000; }}
[edit]
本文出自 “应在中国” 博客，请务必保留此出处http://forrestgun.blog.51cto.com/2311049/705481