BIOS LOADING ...CopyrighT (c) 2008-2011 HUAWEI TECH CO,, LTD, (Ver248t ^un 26 2012, 18:54:52) press ctr1+B to enrer BOOTROM menu ・*. 0 Auto-booti ng.,.Decompressing image file .*・ doneInirialize FSP TaskPPI DEV sysinit .............................................. OKvrrp emd di sabl e...BFD emd disable*..SEP emd di sable・ * ・Hard system init............................................ OKBegin to start the system, pl ease wai ti ngVOS VF5彳门亍工 ............................... O K.Starrup File Check........................................ O Kvos monitor ini t*..*,*..* .OKCFM inix advan匚E ........................................ OKPAT init .......................................................... OKHA S2M 1nit.................................................. O KVDS VFS irht hind............................. OK vRP_Root begin,,,VRP_in111 al 1zeTask begin.・.init the Device Link .................................... . .CFG(_planETrrit begin................................CFM_Ini t begi n ...........................................CLi_cmdinit begin■ VRP_RegestAnLiNK€ird begincreate task begi门……. task 1n1t begin...Recover configurate on, ,, OK!Press ENTER To get started.恢复出厂设置:<Quidway>reset saved-configuration<Quidway>reboot配置交换机的步骤：1、设置管理VLAN及业务VLANSysVlan 1163 //管理VLANVlan 1103 //业务VLAN设置交换机管理IP地址ip address 10.12031 255.255.255.0in terface vla n 1163/////////////////////////////////////////////////////////////////////man ageme nt-vla n 1571in terface vla n 1571ip address 10.120.211.1 255.255.255.0////////////////////////////////////////////Switch#c on termSwitch(co nfig)#i nter in ter vla n 1166Switch(config-if)#ip addresss 10.120.6.3 255.255.255.0 Switch(c on fig-if)#exitSwitch(co nfig)#ip default-gateway 10.120.6.254 幼儿园的交换机DHCP服务器210.36.64.80的设置:新建作用域。

业务VLAN 核心交换机端的设置：1、<MZDX-KJB-6F-S9306-office>dis curr inter Vlanif 1103 interface Vlanif1103description er1ip address 10.21.16.254 255.255.255.0dhcp select relaydhcp relay server-select 210.36.64.802、<MZDX-KJB-6F-S9306-office>dis curr inter Vlanif 1163 interface Vlanif1163description GuoJiaoChu.Mgrip address 10.120.3.254 255.255.255.03、<MZDX-KJB-6F-S9306-office>dis curr inter G5/0/41 interface GigabitEthernet5/0/41description TO-[YouErYuan]port link-type trunkport trunk allow-pass vlan 2 24 1511 //切记在该光口透传新增的业务VLAN1511 interface GigabitEthernet5/0/14description TO-[GuoJiJiaoLiuCHu-2]port link-type trunkundo port trunk allow-pass vlan 1port trunk allow-pass vlan 2 to 4094//此处则因为透传了所有的VLAN 而忽略了接入层交换机端的设置：添加VLAN1103 、VLAN11632、sysname3、各交换机端口允许访问的VLAN 将交换机级联口设置为trunk 口：interface Ethernet0/0/24 port link-type trunk port trunk allow-pass vlan all 将交换机端口口设置为access 口：///////////////////////////////////////////////////////Switch#con term Switch(config)#inter Ethernet0/0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 1106Switch#con term Switch(config)#inter gi1/0/1Switch(config-if)# switchport trunk encapsulation isl//指定封装类型isl 或dot1qSwitch(config-if)#switchport mode trunkSwitch(config-if)#switchport trunk allow vlan 1166校验以上设置：Switch#show in terface …Switch#show ip in terface …Switch#show runnin g-c onfig in terface•…a、[ShangXueYuan.SW2]stp enable //启用STPb、[ShuangXueYuan.SW4-Ethernet0/1]stp edged-port enable〃将交换机的普通端口（级联口禁止设置为edged-port）设置为边缘端口，这样普通端口up 或down 时就不再把信息向整个网络广播。

c、[ShuangXueYuan.SW2]stp bpdu-protectiloon//全局设置stp bpdu-protection 后若某个边缘端口被接入交换机（该交换机是能发送STP的服务器）或有环路，则该端口会自动shutdown 掉。

例如：<LiXueYuan. SW2>dis stp portdownDown ReasonEthernetl/0/2 Ethernet 1/0/21 Ethernet 1/0/23 Ethernet 1/0/24 <LiXueYuan. SW2>sys Systein View: return to User View with Ctrl+Z._LiXueYuan, SW2]inter Etherne11/0/2.LiXueYuan. SW2-Ethernet 1/0/2]undo shutdown 'LiXueYuan* SW2-Ethernet 1/0/2]interEthernet 1/0/21 .Li Xue Yuan, SW2-Ethernet 1 /0/21 ]l undo shutdownd 、[5po3.Sw02.4F-GigabitEthernet1/1/1]stp root-protection〃只能在下行口设置，上行口不能做这样的设置。

4、认证方式为Scheme 时的Tel net 登录配置使能设备的 Tel net 服务：tel net server e nable //S5120[Quidway]local-user adm in[Quidway-luser- Ion gway]password cipher abc123[Quidway-luser- Ion gway]service-type telnet level 3//S5120 设置 VTY 用户的命令级别：authorization-attribute level[Quidway-luser-lo ngway]quit[Quidway]user- in terface vty 0 4[Quidway-ui-vty0-4]authentication-mode scheme/password [Quidway-ui-vty0-4]set authentication password cipher abc123修改tel net 用户登录后的用户级别：？？？？？？BPDU-Protection BPDU-Protection BPDU-Protection BPDU-Protectiun[sw1]aaa[sw1-aaa]local-user admin password cipher abc123 [sw1-aaa]local-user admin service-type telnet [sw1-aaa]quit[sw1]user-interface vty 0 4 [sw1-ui-vty0-4]authentication-mode aaa 修改telnet 用户登录后的用户级别：[sw1-ui-vty0-4]user privilege level 3 [sw1-ui-vty0-4]protocol inbound telnet //////////////////////////////////////////////// telnet server enable local-user admin password cipher abc123 authorization-attribute level 3 service-type telnet service-type telnet level 3 quit user-interface vty 0 4 authentication-mode scheme set authentication password cipher abc123 super password cipherabc123 authentication-mode passwordquit super password level 3 cipher abc123////////////////////////////////////////////////Switch>enableSwitch#conf termSwitch(config)#line vty 0 15Switch(config-line)#password gxun@2014Switch(config-line)#endSwitch#show running-configSwitch#copy running-config startup-config5、设置路由ip route-static 0.0.0.0 0.0.0.0 10.120.3.254 preference 60ip route-static 10.10.10.0 255.255.255.0 210.36.68.1 preference 60ip route-static 210.36.64.0 255.255.255.0 210.36.68.1 preference 606、加入Caticsnmp-agent community read Mrtgreadsnmp-agent sys-info location LiXueYuan.SW2.216snmp-agent sys-info version all注意路由是否设置对了ip route-static 0.0.0.0 0.0.0.0 10.120.3.254 preference 60)7、DHCP 服务器的设置[ShangXueYuan.SW2]dhcp enable[ShangXueYuan.SW2]dhcp snooping enable [ShangXueYuan.SW2-Ethernet0/0/45]dhcp snooping trusted8、ntp-service unicast-server 10.4.0.19、ARP 入侵检测与ARP 报文限速配置[SwitchA] interface Ethernet1/0/1 [SwitchA-Ethernet1/0/1] dhcp-snooping trust [SwitchA-Ethernet1/0/1] arp detection trust〃a、开启交换机的DHCP Snooping功能，并设置级联端口Ethernet1/O/1 为DHCP Snooping 信任端口。