交换机学习

最新推荐文章于 2024-03-02 08:10:33 发布

Kelley_

最新推荐文章于 2024-03-02 08:10:33 发布

阅读量599

点赞数

分类专栏：二层学习文章标签：交换机网络

本文链接：https://blog.csdn.net/Kelley_/article/details/117816640

版权

二层学习专栏收录该内容

1 篇文章 0 订阅

订阅专栏

交换机初始化

[Office_1F]sysname switch   修改交换机名称
<switch>reset saved-configuration    交换机初始化，选择Y
<switch>reboot
Info: The system is now comparing the configuration, please wait.
Warning: The configuration has been modified, and it will be saved to the next startup saved-configuration file . Continue? [Y/N]:N
System will reboot! Continue?[Y/N]:y

Con及telnet远程登陆配置

初始化之后   admin  admin@huawei.com Username:admin
 Password: Warning: The default password poses security risks. 
The password needs to be changed. Change now? 
[Y/N]: Y Please enter old password: 旧密码 
Please enter new password: 新密码
 Please confirm new password: 新密码
 The password has been changed successfully.

[HUAWEI]user-interface console 0    进入console 口配置
[HUAWEI-ui-console0]authentication-mode password   授权只需密码登陆
[HUAWEI-ui-console0]set authentication password cipher 你的密码    设置密码
设置完成后保存，qui退出后生效。

[HUAWEI]telnet server enable   开启telnet远程
[HUAWEI]user-interface vty 0 4   配置telnet远程
[HUAWEI-ui-vty0-4]protocol inbound all     允许授权telnet打开
[HUAWEI-ui-vty0-4]authentication-mode password      授权只需密码登陆
Warning: The "password" authentication mode is not secure, and it is strongly recommended to use "aaa" authentication mode.  警告
[HUAWEI-ui-vty0-4]set authentication password cipher 你的密码     设置密码
[HUAWEI-ui-vty0-4]user privilege level 15      设置telnet配置权限为最高权限

远程telnet IP地址

[HUAWEI]vlan 1000  添加vlan 1000
[HUAWEI]vlan batch 100 1000 156  10 to 15     批量建立vlan
[HUAWEI-vlan1000]description manage_vlan  描述为 manage_vlan
[HUAWEI]display vlan   显示交换机vlan信息
[HUAWEI]interface vlanif 1000    给vlan 1000 配置IP地址（端口模式）
[HUAWEI-Vlanif1000]ip address 10.10.0.200 24   配置IP地址为10.10.0.200

设置上联口

[HUAWEI]interface GigabitEthernet 0/0/28    进入上联端口
[HUAWEI-GigabitEthernet0/0/28]description to XX  描述上联到哪里
[HUAWEI-GigabitEthernet0/0/28]port link-type trunk    设置成trunk模式（多vlan使用）
 [HUAWEI-GigabitEthernet0/0/28]port trunk allow-pass vlan all   设置所有vlan通过

以下配置就是允许所有vlan通过的上联口，也可作为串联口。
 interface GigabitEthernet0/0/28
   port link-type trunk                    
   port trunk allow-pass vlan 2 to 4094

DHCP安全机制  设置DHCP只允许从某端口通过

[HUAWEI]dhcp enable                 启用dhcp
[HUAWEI]dhcp snooping enable    dhcp snooping 机制启用
[HUAWEI-GigabitEthernet0/0/28]dhcp snooping trusted      
该端口的DHCP设置为信任（此端口需是上联口或串联口）

interface GigabitEthernet0/0/28   标准格式
 description to XX
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
 dhcp snooping trusted

多端口操作（多端口分组操作）

[HUAWEI]port-group XX   创建一个组名
[HUAWEI-port-group-xx]group-member GigabitEthernet 0/0/25 to GigabitEthernet 0/0/28
将25-28加入到组XX
[HUAWEI-port-group-xx]port link-type trunk     设置成trunk模式
[HUAWEI-port-group-xx]port trunk allow-pass vlan all    设置所有vlan通过
[HUAWEI-port-group-xx] dhcp snooping trusted   该组端口的DHCP设置为信任
[HUAWEI]undo port-group all    配置完成可以删除组名

设置下联口

trunk模式
interface GigabitEthernet0/0/23  
 port link-type trunk          trunk模式    AP适用
 port trunk pvid vlan 100     允许vlan 100 通过  
 port trunk allow-pass vlan 2 to 4094

access模式（适用于PC接入）
interface GigabitEthernet0/0/23 
 description XX  
 port link-type access
 port default vlan 100

核心交换机配置

[HUAWEI]vlan 200    建立vlan 200
[HUAWEI]interface Vlanif 200   进入vlan200端口模式
[HUAWEI-Vlanif200]ip address 20.20.20.254 255.255.255.0    配置vlan200 的IP地址
[HUAWEI]dhcp enable   DHCP开启
[HUAWEI]ip pool XX      建立名为XX的DHCP地址池
[HUAWEI-ip-pool-XX]gateway-list 20.20.20.254        配置此地址为默认网关
[HUAWEI-ip-pool-XX]network 20.20.20.0 mask 255.255.255.0    建立IP地址段
[HUAWEI-ip-pool-XX]excluded-ip-address 20.20.20.1 20.20.20.200     1-200为静态地址
[HUAWEI-ip-pool-XX]dns-list 61.139.2.69 8.8.8.8       配置DNS
[HUAWEI-ip-pool-XX] lease day 0 hour 8 minute 0     配置地址租期8小时（终端数量少可不用）
[HUAWEI-vlan200]int vlan 200     进入vlan 200 端口设置模式
 [HUAWEI-Vlanif200]dhcp select global    应用DHCP

对应下联口端口配置：

interface GigabitEthernet0/0/23
 description XX
 port link-type access
 port default vlan 200

路由器配置
设置静态路由

ip route-static 20.20.20.0 255.255.255.0 10.10.0.9 //10.10.0.9为下一跳

acl number 2000       配置acl访问控制列表
rule 200 permit source 20.20.0.0 0.0.255.255      子网反写
或rule 200 permit source 20.20.20.0 0.0.0.255   

interface GigabitEthernet0/0/0
 description to ChinaTelecom
 ip address 222.87.6.123 255.255.255.0
nat outbound 2000     将acl 规则应用到端口上

加入另一条专线

interface GigabitEthernet0/0/1      配置新的wan口
 description yidong
 ip address [固定IP地址] 255.255.255.0
 nat outbound 2000

[Internet_Router]ip route-static 0.0.0.0 0.0.0.0 [网关]

[Internet_Router]load-balance src-ip    负载均横