恢复出厂设置:
配置交换机的步骤:
1、设置管理VLAN及业务VLAN
Sys
Vlan 1163 //管理VLAN
Vlan 1103 //业务VLAN设置交换机管理IP地址
interface vlan 1163
ip address 10.120.3.1 255.255.255.0
/////////////////////////////////////////////////////////////////////
management-vlan 1571
interface vlan 1571
ip address 10.120.211.1 255.255.255.0
////////////////////////////////////////////
Switch#con term
Switch(config)#inter inter vlan 1166
Switch(config-if)#ip addresss 10.120.6.3 255.255.255.0
Switch(config-if)#exit
Switch(config)#ip default-gateway 10.120.6.254
幼儿园的交换机
DHCP服务器210.36.64.80的设置:
新建作用域。。。业务VLAN
核心交换机端的设置:
1、
interface Vlanif1103
description GuoJiaoChu.user1
ip address 10.21.16.254 255.255.255.0
dhcp select relay
dhcp relay server-select 210.36.64.80
2、
interface Vlanif1163
description GuoJiaoChu.Mgr
ip address 10.120.3.254 255.255.255.0
3、
interface GigabitEthernet5/0/41
description TO-[YouErYuan]
port link-type trunk
port trunk allow-pass vlan 2 24 1511
//切记在该光口透传新增的业务VLAN1511
interface GigabitEthernet5/0/14
description TO-[GuoJiJiaoLiuCHu-2]
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
//此处则因为透传了所有的VLAN而忽略了
接入层交换机端的设置:
添加VLAN1103、VLAN1163
2、sysname
3、各交换机端口允许访问的VLAN
将交换机级联口设置为trunk口:
interface Ethernet0/0/24
port link-type trunk
port trunk allow-pass vlan all
将交换机端口口设置为access口:
///////////////////////////////////////////////////////
Switch#con term
Switch(config)#inter Ethernet0/0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 1106
Switch#con term
Switch(config)#inter gi1/0/1
Switch(config-if)# switchport trunk encapsulation isl
//指定封装类型isl或dot1q
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk allow vlan 1166
校验以上设置:
Switch#show interface…
Switch#show ip interface…
Switch#show running-config interface…
a、[ShangXueYuan.SW2]stp enable //启用STP
b、[ShuangXueYuan.SW4-Ethernet0/1]stp edged-port enable
//将交换机的普通端口(级联口禁止设置为edged-port)设置为边缘端口,这样普通端口up或down时就不再把信息向整个网络广播。
c、[ShuangXueYuan.SW2]stp bpdu-protectiloon
//全局设置stp bpdu-protection后若某个边缘端口被接入交换机(该交换机是能发送STP的服务器)或有环路,则该端口会自动shutdown掉。例如:
d、[5po3.Sw02.4F-GigabitEthernet1/1/1]stp root-protection
//只能在下行口设置,上行口不能做这样的设置。
4、认证方式为Scheme时的Telnet登录配置
使能设备的Telnet服务:telnet server enable //S5120
[Quidway]local-user admin
[Quidway-luser-longway]password cipher abc123
[Quidway-luser-longway]service-type telnet level 3
//S5120设置VTY用户的命令级别:authorization-attribute level
[Quidway-luser-longway]quit
[Quidway]user-interface vty 0 4
[Quidway-ui-vty0-4]authentication-mode scheme/password
[Quidway-ui-vty0-4]set authentication password cipher abc123
修改telnet用户登录后的用户级别:
??????
[sw1]aaa
[sw1-aaa]local-user admin password cipher abc123
[sw1-aaa]local-user admin service-type telnet
[sw1-aaa]quit
[sw1]user-interface vty 0 4
[sw1-ui-vty0-4]authentication-mode aaa
修改telnet用户登录后的用户级别:
[sw1-ui-vty0-4]user privilege level 3
[sw1-ui-vty0-4]protocol inbound telnet
////////////////////////////////////////////////
telnet server enable
local-user admin
password cipher abc123
authorization-attribute level 3
service-type telnet
service-type telnet level 3
quit
user-interface vty 0 4
authentication-mode scheme
set authentication password cipher abc123
super password cipher abc123
authentication-mode password
quit
super password level 3 cipher abc123
////////////////////////////////////////////////
Switch>enable
Switch#conf term
Switch(config)#line vty 0 15
Switch(config-line)#password gxun@2014
Switch(config-line)#end
Switch#show running-config
Switch#copy running-config startup-config
5、设置路由
ip route-static 0.0.0.0 0.0.0.0 10.120.3.254 preference 60
ip route-static 10.10.10.0 255.255.255.0 210.36.68.1 preference 60
ip route-static 210.36.64.0 255.255.255.0 210.36.68.1 preference 60
6、加入Catic
snmp-agent community read Mrtgread
snmp-agent sys-info location LiXueYuan.SW2.216
snmp-agent sys-info version all
(注意路由是否设置对了
ip route-static 0.0.0.0 0.0.0.0 10.120.3.254 preference 60)
7、DHCP服务器的设置
[ShangXueYuan.SW2]dhcp enable
[ShangXueYuan.SW2]dhcp snooping enable
[ShangXueYuan.SW2-Ethernet0/0/45]dhcp snooping trusted
8、ntp-service unicast-server 10.4.0.1
9、ARP入侵检测与ARP报文限速配置
[SwitchA] interface Ethernet1/0/1
[SwitchA-Ethernet1/0/1] dhcp-snooping trust
[SwitchA-Ethernet1/0/1] arp detection trust
//a、开启交换机的DHCP Snooping功能,并设置级联端口Ethernet1/0/1为DHCP Snooping信任端口。b、为防止ARP中间人攻击,配置VLAN 1的ARP入侵检测功能,设置级联端口Ethernet1/0/1为ARP信任端口;
[SwitchA] vlan 1
[SwitchA-vlan1] arp detection enable
//开启VLAN 1内所有端口的ARP入侵检测功能。
[SwitchA] interface Ethernet1/0/2
[SwitchA-Ethernet1/0/2] arp rate-limit enable
[SwitchA-Ethernet1/0/2] arp rate-limit 20
//开启普通端口上的ARP报文限速功能,防止来自Client A和Client B的ARP报文流量攻击。
[SwitchA] arp protective-down recover enable
[SwitchA] arp protective-down recover interval 200
//开启Switch A上的端口状态自动恢复功能,设置恢复时间间隔为200
秒。
配置注意事项:
a、配置ARP入侵检测功能之前,需要先在交换机上开启DHCP Snooping功能,并设置DHCP Snooping信任端口。
b、用户必须先开启交换机的端口状态自动恢复功能,才能设置端口状态自动恢复的时间。
c、一般情况下,需要配置交换机的上行端口作为ARP信任端口。
d、建议用户不要在汇聚组中的端口或Fabric端口上配置ARP入侵检测、ARP报文限速功能。
已经有S2700-52P-EI-V100R006C03.WEB.ZIP了,如何设置可WEB管理?
使用命令加载WEB文件
[Quidway] http server load S2700-52P-EI-V100R006C03.WEB.ZIP
创建WEB登陆账号:
执行命令system-view,进入系统视图。
执行命令http server enable,使能HTTP服务。
执行命令aaa,进入AAA视图。
执行命令local-user user-name password { simple | cipher } password,配置HTTP用户名和密码。
说明:
在实际配置时最好使用cipher形式的密码,用户名和密码不要设置的过于简单,以保证安全性。
执行命令local-user user-name service-type http,配置用户的访问类型为HTTP。
执行命令quit,返回系统视图。
CISCO:
更改交换机端口速率:
supervisor
Tsyg**~~~
telnet 10.0.175.2
user4gxmy
su
user4gxmy
sysinter giga 2/1
line-rate 8
q
q
save
y
q
广西大学()——路由器NE
(核心交换机)百兆电口——光纤收发器——光纤机柜——带百兆光模的交换机
百兆电口的配置:interface Ethernet7/0/7
undo negotiation auto
duplex
undo shutdown
port trunk permit vlan 2 75
access-group eacl kvicmp port Ethernet 7/0/7
qosbuildrunrecover access-group
(核心交换机)百兆电口——PC
百兆电口的配置:interface Ethernet7/0/7
undo negotiation auto
duplex
undo shutdown
port default vlan 75
access-group eacl kvicmp port Ethernet 7/0/7
qosbuildrunrecover access-group
检查DNS的运行情况:
(核心交换机3)百兆电口——光纤收发器——带百兆光模的交换机——笔记本电脑
在笔记本电脑上:nslookup——telnet 10.1.0.3 ——telnet 210.36.7.6
路由器端口(至广西大学)——210.36.7.6;广西大学——210.36.7.5
路由器端口(至电信)——219.195.69.118;电信——219.195.69.117
telnet到核心交换机
telnet到核心交换机
telnet到核心交换机
在
telnet 10.0.1.1
2403:gxmyibm2003
3024:user4gxmy
super密码一样
例如:在
48口交换机需要对Ethernet0/45~ Ethernet0/48这4个trunk口以及GigabitEthernet2/1做配置
如何解决外语学院(Cs1——Vlan 12)能正确获取IP地址能上校园网但是上不了外网的问题:
[center-switch-2]disp inter vlan 12
[center-switch-2]inter vlan 12
[center-switch-2-Vlanif12]shutdown
百兆口的配置:
interface Ethernet1/1
port link-type trunk
port trunk permit vlan all
gvrp
disp cpu
在核心交换机处把传输包的大小改小,级联端口的错误包就会减少
interface Ethernet14/0/8
description 8po2-4unit-switch1
mtu 1450
undo negotiation auto
duplex
undo shutdowninput: 612 input errors, 0 runts, 612 giants, 0 throttles, 0 CRC
0 frame, - overruns, 0 aborts, 0 ignored, - parity errors
模拟VLAN77去PING DHCP
PING 210.36.64.80: 56 data bytes, press CTRL_C to break
Reply from 210.36.64.80: bytes=56 Sequence=1 ttl=128 time = 1 ms
Reply from 210.36.64.80: bytes=56 Sequence=2 ttl=128 time = 1 ms
Reply from 210.36.64.80: bytes=56 Sequence=3 ttl=128 time = 1 ms
Reply from 210.36.64.80: bytes=56 Sequence=4 ttl=128 time = 1 ms
Reply from 210.36.64.80: bytes=56 Sequence=5 ttl=128 time = 1 ms
看4坡6栋(原4-4A座)的网关10.2.12.1到路由器是否正常
PING 10.1.0.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.0.2: bytes=56 Sequence=1 ttl=255 time = 10 ms
Reply from 10.1.0.2: bytes=56 Sequence=2 ttl=255 time = 1 ms
Reply from 10.1.0.2: bytes=56 Sequence=3 ttl=255 time = 1 ms
Reply from 10.1.0.2: bytes=56 Sequence=4 ttl=255 time = 1 ms
Reply from 10.1.0.2: bytes=56 Sequence=5 ttl=255 time = 1 ms
#
interface Ethernet0/2
broadcast-suppression 5
stp edged-port enable
设置密码:
S2008
user-interface aux 0
authentication-mode password
set authentication password cipher user4gxmy
user-interface vty 0 4
authentication-mode password
set authentication password cipher user4gxmy
1) 本地用户名称和权限
super password level 3 cipher xxxx
local-user guest level 0 password cipher xxxx
local-user supervisor level 3 password cipher xxxxx
其中各level权限的定义如下:
level 0:参观
level 1:监控
level 2:配置
level 3:管理
2)定义使用本地验证
user-interface con 0
set authentication-mode local
user-interface aux 0
authentication-mode local
user-interface vty 0 4
authentication-mode local
#
interface Ethernet0/45
port link-type trunk
port trunk permit vlan all
broadcast-suppression 5
gvrp
#
interface Ethernet0/46
port link-type trunk
port trunk permit vlan all
broadcast-suppression 5
gvrp
#
interface Ethernet0/47
port link-type trunk
port trunk permit vlan all
broadcast-suppression 5
gvrp
#
interface Ethernet0/48
duplex full
port link-type trunk
port trunk permit vlan all
broadcast-suppression 5
gvrp
#
interface GigabitEthernet2/1
duplex full
speed 1000
port link-type trunk
port trunk permit vlan all
broadcast-suppression 10
gvrp
<>sys
[]interface eth0/21
忘记交换机的密码怎么办?
*******************************************
* *
* Quidway S2403H BOOTROM, Version 110 *
* *
*******************************************
Copyright(C) 2000-2002 by HUAWEI TECHNOLOGIES CO.,LTD.
Creation Date : Sep 23 2002, 13:45:15
CPU Type : ARM
CPU Clock Speed : 62.5Mhz
Memory Size : 24MB
Please check port leds....................
Initialize LS4BLTSU ......................OK!
SDRAM selftest............................OK!
FLASH selftest............................OK!
Interrupt selftest........................OK!
Switch chip selftest......................OK!
Port 26 has no module
PHY selftest..............................OK!
The switch Mac is: 00-E0-FC-1B-85-F4
Press Ctrl-B to enter Boot Menu...
Password :
BOOT MENU
1. Download application file to flash
2. Select application file to boot
3. Display all files in flash
4. Delete file from Flash
5. Modify bootrom password
6. Set switch HGMP mode
0. Reboot
Enter your choice(0-6): 4
File Number File Name File Size(bytes)
===========================================================================
1 * S2403H-VRP310-0010.app 2182440
2 vrpcfg.txt 1978
Free Space : 5225472 bytes
The current application file is S2403H-VRP310-0010.app
Please input the file number to delete: 2
Do you want to delete vrpcfg.txt now? Yes or No(Y/N)y
Delete file...done!
BOOT MENU
1. Download application file to flash
2. Select application file to boot
3. Display all files in flash
4. Delete file from Flash
5. Modify bootrom password
6. Set switch HGMP mode
0. Reboot
Enter your choice(0-6): 0
System rebooting...
starting......
*******************************************
* *
* Quidway S2403H BOOTROM, Version 110 *
* *
*******************************************
Copyright(C) 2000-2002 by HUAWEI TECHNOLOGIES CO.,LTD.
Creation Date : Sep 23 2002, 13:45:15
CPU Type : ARM
CPU Clock Speed : 62.5Mhz
Memory Size : 24MB
Please check port leds....................
Initialize LS4BLTSU ......................OK!
SDRAM selftest............................OK!
FLASH selftest............................OK!
Interrupt selftest........................OK!
Switch chip selftest......................OK!
Port 26 has no module
PHY selftest..............................OK!
The switch Mac is: 00-E0-FC-1B-85-F4
Press Ctrl-B to enter Boot Menu... 0
Auto-booting...
Decompress Image................................................................
................done!
Starting ...
**********************************************************
* All rights reserved (1997-2003) *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed.*
**********************************************************
User interface Aux0/0 is available
Please Press ENTER.
#
sysname Quidway
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
domain system
radius-scheme system
access-limit disable
state active
idle-cut disable
domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei
#
interface Aux0/0
#
vlan 1
#
interface Ethernet0/1
#
interface Ethernet0/2
#
本文来源:https://www.2haoxitong.net/k/doc/cd97e836ba0d4a7303763a3c.html
文档为doc格式