华为s6502及多台s3026交换机配置实例

最新推荐文章于 2022-05-29 07:18:10 发布
最新推荐文章于 2022-05-29 07:18:10 发布
阅读量3.7k 收藏 1
点赞数
分类专栏: huawei 文章标签: 华为 interface access authentication domain system
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/gotonet/article/details/1381083
版权
运用的DHCP中继,TRUNK,VLAN,ACL,端口绑定等技术:
<Quidway S6502>dis cu
#
 sysname Quidway S6502
#
 local-server nas-ip 127.0.0.1 key huawei
#
 domain default enable system
#
 dhcp-server 1 ip 10.139.165.254
#
 temperature-limit 0 10 80
#
 poe power max-value 2400
#
radius scheme system
 primary authentication 127.0.0.1 1645
 primary accounting 127.0.0.1 1646
 user-name-format without-domain
#
domain system
 vlan-assignment-mode integer
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable                
 messenger time disable
#
 stp TC-protection enable
#
acl number 3000
 rule 0 deny ip
 rule 1 permit ip destination 10.139.165.0 0.0.0.255
 rule 2 permit tcp destination 10.139.165.2 0 destination-port eq www
 rule 3 permit ip destination 10.139.165.1 0
 rule 4 permit ip destination 10.139.165.8 0
 rule 5 permit ip destination 10.139.165.3 0
 rule 6 permit ip destination 10.139.165.4 0
 rule 7 permit ip destination 10.139.165.5 0
 rule 8 permit ip destination 10.139.165.253 0
acl number 3002
 rule 0 deny ip
 rule 1 permit ip source 192.168.1.0 0.0.0.255 destination 10.138.0.0 0.1.255.255
 rule 2 deny ip source 192.168.1.0 0.0.0.255 destination 10.139.165.0 0.0.0.255
 rule 3 permit tcp source 192.168.1.0 0.0.0.255 destination 10.139.165.2 0 destination-port eq www
 rule 4 permit ip source 192.168.1.0 0.0.0.255 destination 10.139.165.1 0
 rule 5 permit ip source 192.168.1.4 0
 rule 6 permit ip source 192.168.1.1 0
 rule 7 permit ip source 192.168.1.2 0   
 rule 8 permit ip source 192.168.1.3 0
acl number 3003
 rule 0 deny ip
 rule 1 permit ip source 192.168.2.0 0.0.0.255 destination 10.138.0.0 0.1.255.255
 rule 2 deny ip source 192.168.2.0 0.0.0.255 destination 10.139.165.0 0.0.0.255
 rule 3 permit tcp source 192.168.2.0 0.0.0.255 destination 10.139.165.2 0 destination-port eq www
 rule 4 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.1 0
 rule 5 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.8 0
 rule 6 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.3 0
 rule 7 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.4 0
 rule 8 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.5 0
 rule 9 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.253 0
 rule 10 permit ip source 192.168.2.1 0
 rule 11 permit ip source 192.168.2.2 0
 rule 12 permit ip source 192.168.2.3 0
 rule 13 permit ip source 192.168.2.4 0
acl number 3004
 rule 0 deny ip
 rule 1 permit ip source 192.168.3.0 0.0.0.255 destination 10.138.0.0 0.1.255.255
 rule 2 permit tcp source 192.168.3.0 0.0.0.255 destination 10.139.165.2 0 destination-port eq www
 rule 3 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.1 0
 rule 4 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.8 0
 rule 5 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.3 0
 rule 6 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.4 0
 rule 7 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.5 0
 rule 8 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.253 0
 rule 9 permit ip source 192.168.3.251 0
 rule 10 permit ip source 192.168.3.252 0
 rule 11 permit ip source 192.168.3.253 0
 rule 12 permit ip source 10.139.165.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
acl number 3010
 rule 0 deny udp destination-port eq tftp
 rule 1 deny tcp destination-port eq 135
 rule 2 deny udp destination-port eq 135
 rule 3 deny udp destination-port eq netbios-ns
 rule 4 deny udp destination-port eq netbios-dgm
 rule 5 deny tcp destination-port eq 139
 rule 6 deny udp destination-port eq netbios-ssn
 rule 7 deny tcp destination-port eq 445
 rule 8 deny udp destination-port eq 445
#
vlan 1
#
vlan 2
#
vlan 3                                   
#
vlan 4
#
vlan 5
#
vlan 10
#
vlan 20
 description XINGZHENG&DANGQUN
#
vlan 30
 description YINGXIAO
#
vlan 40
 description SHENGCHANG
#
interface Vlan-interface1
 description NETWORK DEVICE MANAGE DOMAIN
 ip address 10.139.165.29 255.255.255.240
#
interface Vlan-interface2
 description jienen
 ip address 192.168.1.254 255.255.255.0  
#
interface Vlan-interface3
 description kefu
 ip address 192.168.2.254 255.255.255.0
#
interface Vlan-interface4
 description gongdiansou
 ip address 192.168.3.254 255.255.255.0
 dhcp-server 1
#
interface Vlan-interface5
 description caiwu and xunxingongqu
 ip address 168.10.0.254 255.255.255.0
 ip address 192.168.4.254 255.255.255.0 sub
#
interface Vlan-interface10
 description SERVER DOMAIN
 ip address 10.139.165.14 255.255.255.240
#
interface Vlan-interface20
 description XIANGZHENG&DANGQUN
 ip address 10.139.165.62 255.255.255.224
#
interface Vlan-interface30
 description YINGXIAO
 ip address 10.139.165.126 255.255.255.192
#
interface Vlan-interface40
 description SHENGCHANG
 ip address 10.139.165.254 255.255.255.128
#
interface Aux0/0/0
#
interface M-Ethernet0/0/0
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk permit vlan all
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk permit vlan all              
 qos
 packet-filter inbound ip-group 3003 rule 0 system-index 23
 packet-filter inbound ip-group 3003 rule 1 system-index 24
 packet-filter inbound ip-group 3003 rule 2 system-index 25
 packet-filter inbound ip-group 3003 rule 3 system-index 26
 packet-filter inbound ip-group 3003 rule 4 system-index 27
 packet-filter inbound ip-group 3003 rule 5 system-index 28
 packet-filter inbound ip-group 3003 rule 6 system-index 29
 packet-filter inbound ip-group 3003 rule 7 system-index 30
 packet-filter inbound ip-group 3003 rule 8 system-index 31
 packet-filter inbound ip-group 3003 rule 9 system-index 32
 packet-filter inbound ip-group 3003 rule 10 system-index 33
 packet-filter inbound ip-group 3003 rule 11 system-index 34
 packet-filter inbound ip-group 3003 rule 12 system-index 35
 packet-filter inbound ip-group 3003 rule 13 system-index 36
#
interface GigabitEthernet0/0/4
 port access vlan 5
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
 port link-type trunk                    
 port trunk permit vlan all
 qos
 packet-filter inbound ip-group 3000 rule 0 system-index 55
 packet-filter inbound ip-group 3000 rule 1 system-index 56
 packet-filter inbound ip-group 3000 rule 2 system-index 57
 packet-filter inbound ip-group 3000 rule 3 system-index 58
 packet-filter inbound ip-group 3000 rule 4 system-index 59
 packet-filter inbound ip-group 3000 rule 5 system-index 60
 packet-filter inbound ip-group 3000 rule 6 system-index 61
 packet-filter inbound ip-group 3000 rule 7 system-index 62
 packet-filter inbound ip-group 3000 rule 8 system-index 63
#
interface GigabitEthernet0/0/7
 port link-type trunk
 port trunk permit vlan all
 qos
 packet-filter inbound ip-group 3000 rule 0 system-index 64
 packet-filter inbound ip-group 3000 rule 1 system-index 65
 packet-filter inbound ip-group 3000 rule 2 system-index 66
 packet-filter inbound ip-group 3000 rule 3 system-index 67
 packet-filter inbound ip-group 3000 rule 4 system-index 68
 packet-filter inbound ip-group 3000 rule 5 system-index 69
 packet-filter inbound ip-group 3000 rule 6 system-index 70
 packet-filter inbound ip-group 3000 rule 7 system-index 71
 packet-filter inbound ip-group 3000 rule 8 system-index 72
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
 port link-type trunk
 port trunk permit vlan all
 qos
 packet-filter inbound ip-group 3000 rule 0 system-index 73
 packet-filter inbound ip-group 3000 rule 1 system-index 74
 packet-filter inbound ip-group 3000 rule 2 system-index 75
 packet-filter inbound ip-group 3000 rule 3 system-index 76
 packet-filter inbound ip-group 3000 rule 4 system-index 77
 packet-filter inbound ip-group 3000 rule 5 system-index 78
 packet-filter inbound ip-group 3000 rule 6 system-index 79
 packet-filter inbound ip-group 3000 rule 7 system-index 80
 packet-filter inbound ip-group 3000 rule 8 system-index 81
#
interface GigabitEthernet0/0/10
 port link-type trunk
 port trunk permit vlan all              
 qos
 packet-filter inbound ip-group 3000 rule 0 system-index 82
 packet-filter inbound ip-group 3000 rule 1 system-index 83
 packet-filter inbound ip-group 3000 rule 2 system-index 84
 packet-filter inbound ip-group 3000 rule 3 system-index 85
 packet-filter inbound ip-group 3000 rule 4 system-index 86
 packet-filter inbound ip-group 3000 rule 5 system-index 87
 packet-filter inbound ip-group 3000 rule 6 system-index 88
 packet-filter inbound ip-group 3000 rule 7 system-index 89
 packet-filter inbound ip-group 3000 rule 8 system-index 90
#
interface GigabitEthernet0/0/11
 port link-type trunk
 port trunk permit vlan all
 qos
 packet-filter inbound ip-group 3000 rule 0 system-index 91
 packet-filter inbound ip-group 3000 rule 1 system-index 92
 packet-filter inbound ip-group 3000 rule 2 system-index 93
 packet-filter inbound ip-group 3000 rule 3 system-index 94
 packet-filter inbound ip-group 3000 rule 4 system-index 95
 packet-filter inbound ip-group 3000 rule 5 system-index 96
 packet-filter inbound ip-group 3000 rule 6 system-index 97
 packet-filter inbound ip-group 3000 rule 7 system-index 98
 packet-filter inbound ip-group 3000 rule 8 system-index 99
#
interface GigabitEthernet0/0/12
 port access vlan 2
 qos
 packet-filter inbound ip-group 3002 rule 0 system-index 1
 packet-filter inbound ip-group 3002 rule 1 system-index 2
 packet-filter inbound ip-group 3002 rule 2 system-index 3
 packet-filter inbound ip-group 3002 rule 3 system-index 4
 packet-filter inbound ip-group 3002 rule 4 system-index 5
 packet-filter inbound ip-group 3002 rule 5 system-index 6
 packet-filter inbound ip-group 3002 rule 6 system-index 7
 packet-filter inbound ip-group 3002 rule 7 system-index 8
 packet-filter inbound ip-group 3002 rule 8 system-index 9
#
interface GigabitEthernet0/0/13
 port link-type trunk
 port trunk permit vlan all
#
interface GigabitEthernet0/0/14
 port link-type trunk
 port trunk permit vlan all
 qos                                     
 packet-filter inbound ip-group 3004 rule 0 system-index 10
 packet-filter inbound ip-group 3004 rule 1 system-index 11
 packet-filter inbound ip-group 3004 rule 2 system-index 12
 packet-filter inbound ip-group 3004 rule 3 system-index 13
 packet-filter inbound ip-group 3004 rule 4 system-index 14
 packet-filter inbound ip-group 3004 rule 5 system-index 15
 packet-filter inbound ip-group 3004 rule 6 system-index 16
 packet-filter inbound ip-group 3004 rule 7 system-index 17
 packet-filter inbound ip-group 3004 rule 8 system-index 18
 packet-filter inbound ip-group 3004 rule 9 system-index 19
 packet-filter inbound ip-group 3004 rule 10 system-index 20
 packet-filter inbound ip-group 3004 rule 11 system-index 21
 packet-filter inbound ip-group 3004 rule 12 system-index 22
#
interface GigabitEthernet0/0/15
 port link-type trunk
 port trunk permit vlan all
 qos
 packet-filter inbound ip-group 3000 rule 0 system-index 46
 packet-filter inbound ip-group 3000 rule 1 system-index 47
 packet-filter inbound ip-group 3000 rule 2 system-index 48
 packet-filter inbound ip-group 3000 rule 3 system-index 49
 packet-filter inbound ip-group 3000 rule 4 system-index 50
 packet-filter inbound ip-group 3000 rule 5 system-index 51
 packet-filter inbound ip-group 3000 rule 6 system-index 52
 packet-filter inbound ip-group 3000 rule 7 system-index 53
 packet-filter inbound ip-group 3000 rule 8 system-index 54
#
interface GigabitEthernet0/0/16
 port link-type trunk
 port trunk permit vlan all
 qos
 packet-filter inbound ip-group 3010 rule 0 system-index 37
 packet-filter inbound ip-group 3010 rule 1 system-index 38
 packet-filter inbound ip-group 3010 rule 2 system-index 39
 packet-filter inbound ip-group 3010 rule 3 system-index 40
 packet-filter inbound ip-group 3010 rule 4 system-index 41
 packet-filter inbound ip-group 3010 rule 5 system-index 42
 packet-filter inbound ip-group 3010 rule 6 system-index 43
 packet-filter inbound ip-group 3010 rule 7 system-index 44
 packet-filter inbound ip-group 3010 rule 8 system-index 45
#
interface NULL0
#
 ip route-static 0.0.0.0 0.0.0.0 10.139.165.30 preference 60
#
user-interface aux 0
 set authentication password simple xxxxx
user-interface vty 0 4
 user privilege level 3
 set authentication password simple xxxxx
#
return
 
以下为s3026配置,多台设置基本相同,只例一台:

<3026-9>dis cu
#
 sysname 3026-9
#
radius scheme system
 server-type huawei
 primary authentication 127.0.0.1 1645
 primary accounting 127.0.0.1 1646
 user-name-format without-domain
domain system
 radius-scheme system
 access-limit disable
 state active
 vlan-assignment-mode integer
 idle-cut disable
 self-service-url disable
 messenger time disable
 domain default enable system
#
 local-server nas-ip 127.0.0.1 key huawei
#
 temperature-limit 0 42 65
#                                        
 am enable
  am user-bind ip-addr 10.139.165.129 interface Ethernet0/17
  am user-bind ip-addr 10.139.165.130 interface Ethernet0/18
  am user-bind ip-addr 10.139.165.131 interface Ethernet0/19
  am user-bind ip-addr 10.139.165.132 interface Ethernet0/20
  am user-bind ip-addr 10.139.165.33 interface Ethernet0/1
#
vlan 1
#
vlan 20
 description XINGZHENG&DANGQUN
#
vlan 30
 description YINGXIAO
#
vlan 40
 description SHENGCHANG
#
interface Vlan-interface1
 ip address 10.139.165.28 255.255.255.240
#
interface Aux0/0                         
#
interface Ethernet0/1
 port access vlan 20
#
interface Ethernet0/2
 port access vlan 20
#
interface Ethernet0/3
 port access vlan 20
#
interface Ethernet0/4
 port access vlan 20
#
interface Ethernet0/5
 port access vlan 20
#
interface Ethernet0/6
 port access vlan 20
#
interface Ethernet0/7
 port access vlan 20
#                                        
interface Ethernet0/8
 port access vlan 20
#
interface Ethernet0/9
 port access vlan 30
#
interface Ethernet0/10
 port access vlan 30
#
interface Ethernet0/11
 port access vlan 30
#
interface Ethernet0/12
 port access vlan 30
#
interface Ethernet0/13
 port access vlan 30
#
interface Ethernet0/14
 port access vlan 30
#
interface Ethernet0/15                   
 port access vlan 30
#
interface Ethernet0/16
 port access vlan 30
#
interface Ethernet0/17
 port access vlan 40
#
interface Ethernet0/18
 port access vlan 40
#
interface Ethernet0/19
 port access vlan 40
#
interface Ethernet0/20
 port access vlan 40
#
interface Ethernet0/21
 port access vlan 40
#
interface Ethernet0/22
 port access vlan 40                     
#
interface Ethernet0/23
 port access vlan 40
#
interface Ethernet0/24
 port access vlan 40
#
interface GigabitEthernet1/1
 port link-type trunk
 port trunk permit vlan all
#
interface NULL0
#
user-interface aux 0
 set authentication password simple xxxxx
user-interface vty 0 4
 user privilege level 3
 set authentication password simple xxxxx
#
return 
gotonet
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
网络的高可用性(二)
weixin_34348805的博客
04-06 221
(3)vrrp技术实现网络高可用性: vrpp协议简介: VRRP是一种容错协议它为具有组播或广播能力的局域网如以太网设计它保证当局域网内主机的下一跳路由器出现故障时可以及时的由另一台路由器来代替从而保持通讯的连续性和可靠性为了使VRRP工作要在路由器上配置虚拟路由器号和虚拟IP地址同时产生一个虚拟MAC地址这样在这个网络中就加入了一个虚拟路由器而网络上的主机与虚拟路由器...
华为配置技术白皮书 S3026F
12-01
华为配置技术白皮书 S3026F
华为 Quidway S3026 交换机 配置实例
weixin_34256074的博客
11-11 766
一、设置管理VLAN 1.进入系统视图 <Quidway>system-view Enter system view , return user view wit...
华为S3026交换机基本命令
11-17
一份详细介绍华为S3026交换机配置命令的文档,全面易懂。
华为6502做端口镜像
kepa520的博客
07-23 505
[cur]mirroring-group 1 local         创建组 [cur-GigabitEthernet1/0/8]mirroring-group 1 monitor-port      监控口 [cur-GigabitEthernet0/0/1]mirroring-group 1 mirroring-port both      被监控口 [cur]dis m
enable 华为交换机ntdp_华为交换机设置
weixin_39615499的博客
12-19 1444
华为交换机设置2018-11-23实战上机:Quidway S3000dis cu#sysname Quidway#radius scheme systemserver-type huaweiprimary authentication 127.0.0.1 1645primary accounting 127.0.0.1 1646user-name-format without-domaindom...
华为交换机及路由器各种配置实例大全.docx
06-05
本文档主要涵盖了华为不同系列交换机的端口限速配置实例,这对于保证网络带宽的有效利用和防止过载至关重要。 首先,我们来看华为2000_EI系列交换机的端口限速配置。在这一系列的交换机中,我们可以直接在端口视图...
华为交换机及路由器各种配置实例大全.pdf
06-12
华为交换机及路由器配置实例详解》 华为作为全球领先的通信设备供应商,其交换机和路由器产品在业界广泛应用。在日常网络管理中,正确配置这些设备对于网络性能和稳定性至关重要。本文将深入探讨华为交换机及...
华为交换机各种配置实例
03-08
华为交换机配置中,涉及了多个方面,包括端口限速、端口绑定、访问控制列表(ACL)、密码恢复、三层...以上是华为交换机配置实例的详细说明,涵盖了多个网络管理的重要方面,有助于提升网络性能、安全性和可管理性。
华为低端交换机典型配置实例
12-12
此次列入配置实例的低端交换机产品主要包括:S2000系列、S2000C系列、S2000EI系列、S2026-SI系列、S3026系列、S3026-SI系列、S3026E系列、S3526系列、S3526E系列、S3528系列、S3900系列、S5012系列和S5600系列。
华为交换机各种配置实例网管必学.doc
10-07
本文档详细介绍了华为交换机各种配置实例,涵盖了华为 3Com 2000_EI、S2000-SI、S3000-SI、S3026E、S3526E、S3528、S3552、S3900、S3050、S5012、S5024、S5600 系列交换机的端口限速配置。下面是相关知识点的详细...
西电华为交换设备的配置(5516)
weixin_33726313的博客
02-18 143
华为 5516交换配置细节 #sysname XD-JSQ-S5516-02#radius scheme systemserver-type huaweiprimary authentication 127.0.0.1 1645primary accounting 127.0.0.1 1646user-name-format without-domain ...
ACL常用的匹配项
qq_32044265的博客
05-29 4592
交换机支持的ACL匹配项种类非常丰富,其中以下的几个匹配项比较常用 生效时间段 ACL的生效时间段可以规定ACL规则在何时生效,从而实现在不同的时间段设置不同的策略。 在ACL规则中引用的生效时间段存在两种模式: 周期时间段:以星期为参数来定义时间范围,表示规则以一周为周期(如每周一的8至12点)循环生效。 绝对时间段:从某年某月某日的某一时间开始,到某年某月某日的某一时间结束,表示规则在这段时间范围内生效。 同一名称(time-name)配置多条时间段时,通过以下规则选出最终生效
华为交换机2016-i远程管理配置
weixin_34403693的博客
04-21 181
2019独角兽企业重金招聘Python工程师标准>>> ...
华为二层交换机配置命令详解
热门推荐
Baple的专栏
10-11 2万+
配置交换机,从基础开始。 以下是配置的交换机命令。(HUAWEI S3000) 本人认为有五个步骤是重点(红色字体) 配置过程(// 后面为注释) 1.改变中文模式 language-mode chinese //习惯英语的可以不用此步骤 2.进入系统试图 system-view 3.设置特权密码: super password cipher NIMEI //
华三交换机ping不通用户但用户_用H3C模拟器做交换机实验,但是终端总是PING不通交换机,求各位高手帮忙!...
weixin_39752434的博客
12-21 1736
基本情况说明:H3C S3026 交换机,一共有8个口。其中HOST A 的IP地址为:10.65.1.1,其与交换机端口3连接;HOST B的IP地址为:10.65.1.2,其与接口6相连。交换机配置:sysEnter system view, return to user view with Ctrl+Z.[Quidway]sysname s3026[s3026]super password ...
交换机命令---华为路由器配置
weixin_34258782的博客
03-12 394
1.在基于IOS的交换机上设置主机名/系统名: switch(config)# hostname hostname 在基于CLI的交换机上设置主机名/系统名: switch(enable) set system name name-string 2.在基于IOS的交换机上设置登录口令: switch(config)# enable password level 1 pas...
华为交换机 查ip冲突_华为交换机如何查看本交换机IP地址?
weixin_39751391的博客
12-20 7412
1,dis cu 这是查看交换机所有配置的命令。你要看的IP应是VLAN的IPinterface vlan 1ip address 172.16.1.7 255.255.255.0 看到这就是交换机的IP。像H3C Quaidway 6506这是个三层的交换机,可能会划很多VLAN,所以它会有很我IP。vlan1的IP可以做管理IP(就是做远程配置的IP如:telnet)。如果有多个VLAN IP...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值