当前位置:文档之家› 2016年华为交换机配置步骤讲解

2016年华为交换机配置步骤讲解

恢复出厂设置:<Quidway>reset saved-configuration <Quidway>reboot配置交换机的步骤:1、设置管理VLAN及业务VLANSysVlan 1163 //管理VLANVlan 1103 //业务VLAN设置交换机管理IP地址interface vlan 1163ip address 10.120.3.1 255.255.255.0/////////////////////////////////////////////////////////////////////management-vlan 1571interface vlan 1571ip address 10.120.211.1 255.255.255.0////////////////////////////////////////////Switch#con termSwitch(config)#inter inter vlan 1166Switch(config-if)#ip addresss 10.120.6.3 255.255.255.0 Switch(config-if)#exitSwitch(config)#ip default-gateway 10.120.6.254 幼儿园的交换机DHCP服务器210.36.64.80的设置:新建作用域。

业务VLAN核心交换机端的设置:1、<MZDX-KJB-6F-S9306-office>dis curr inter Vlanif 1103 interface Vlanif1103description er1ip address 10.21.16.254 255.255.255.0dhcp select relaydhcp relay server-select 210.36.64.802、<MZDX-KJB-6F-S9306-office>dis curr inter Vlanif 1163 interface Vlanif1163description GuoJiaoChu.Mgrip address 10.120.3.254 255.255.255.03、<MZDX-KJB-6F-S9306-office>dis curr inter G5/0/41 interface GigabitEthernet5/0/41description TO-[YouErYuan]port link-type trunkport trunk allow-pass vlan 2 24 1511//切记在该光口透传新增的业务VLAN1511interface GigabitEthernet5/0/14description TO-[GuoJiJiaoLiuCHu-2]port link-type trunkundo port trunk allow-pass vlan 1port trunk allow-pass vlan 2 to 4094//此处则因为透传了所有的VLAN而忽略了接入层交换机端的设置:添加VLAN1103、VLAN11632、sysname3、各交换机端口允许访问的VLAN将交换机级联口设置为trunk口:interface Ethernet0/0/24port link-type trunkport trunk allow-pass vlan all将交换机端口口设置为access口:///////////////////////////////////////////////////////Switch#con termSwitch(config)#inter Ethernet0/0/1Switch(config-if)#switchport mode accessSwitch(config-if)#switchport access vlan 1106Switch#con termSwitch(config)#inter gi1/0/1Switch(config-if)# switchport trunk encapsulation isl//指定封装类型isl或dot1qSwitch(config-if)#switchport mode trunkSwitch(config-if)#switchport trunk allow vlan 1166校验以上设置:Switch#show interface…Switch#show ip interface…Switch#show running-config interface…a、[ShangXueYuan.SW2]stp enable //启用STPb、[ShuangXueYuan.SW4-Ethernet0/1]stp edged-port enable//将交换机的普通端口(级联口禁止设置为edged-port)设置为边缘端口,这样普通端口up或down时就不再把信息向整个网络广播。

c、[ShuangXueY uan.SW2]stp bpdu-protectiloon//全局设置stp bpdu-protection后若某个边缘端口被接入交换机(该交换机是能发送STP的服务器)或有环路,则该端口会自动shutdown 掉。

例如:d、[5po3.Sw02.4F-GigabitEthernet1/1/1]stp root-protection//只能在下行口设置,上行口不能做这样的设置。

4、认证方式为Scheme时的Telnet登录配置使能设备的Telnet服务:telnet server enable //S5120 [Quidway]local-user admin[Quidway-luser-longway]password cipher abc123[Quidway-luser-longway]service-type telnet level 3//S5120设置VTY用户的命令级别:authorization-attribute level [Quidway-luser-longway]quit[Quidway]user-interface vty 0 4[Quidway-ui-vty0-4]authentication-mode scheme/password [Quidway-ui-vty0-4]set authentication password cipher abc123 修改telnet用户登录后的用户级别:[sw1]aaa[sw1-aaa]local-user admin password cipher abc123 [sw1-aaa]local-user admin service-type telnet [sw1-aaa]quit[sw1]user-interface vty 0 4[sw1-ui-vty0-4]authentication-mode aaa修改telnet用户登录后的用户级别:[sw1-ui-vty0-4]user privilege level 3[sw1-ui-vty0-4]protocol inbound telnet//////////////////////////////////////////////// telnet server enablelocal-user adminpassword cipher abc123authorization-attribute level 3service-type telnetservice-type telnet level 3quituser-interface vty 0 4authentication-mode schemeset authentication password cipher abc123super password cipher abc123authentication-mode passwordquitsuper password level 3 cipher abc123////////////////////////////////////////////////Switch>enableSwitch#conf termSwitch(config)#line vty 0 15Switch(config-line)#password gxun@2014Switch(config-line)#endSwitch#show running-configSwitch#copy running-config startup-config5、设置路由ip route-static 0.0.0.0 0.0.0.0 10.120.3.254 preference 60ip route-static 10.10.10.0 255.255.255.0 210.36.68.1 preference 60ip route-static 210.36.64.0 255.255.255.0 210.36.68.1 preference 606、加入Caticsnmp-agent community read Mrtgreadsnmp-agent sys-info location LiXueYuan.SW2.216snmp-agent sys-info version all(注意路由是否设置对了ip route-static 0.0.0.0 0.0.0.0 10.120.3.254 preference 60)7、DHCP服务器的设置[ShangXueYuan.SW2]dhcp enable[ShangXueY uan.SW2]dhcp snooping enable[ShangXueY uan.SW2-Ethernet0/0/45]dhcp snooping trusted8、ntp-service unicast-server 10.4.0.19、ARP入侵检测与ARP报文限速配置[SwitchA] interface Ethernet1/0/1[SwitchA-Ethernet1/0/1] dhcp-snooping trust[SwitchA-Ethernet1/0/1] arp detection trust//a、开启交换机的DHCP Snooping功能,并设置级联端口Ethernet1/0/1为DHCP Snooping信任端口。

相关主题