Shulou(Shulou.com)06/01 Report--

1: configure login users, passwords, etc.

/ / user straight-line mode prompt, user view

System-view / / enter the configuration view

[Quidway] / / configuration view (you must enter a password before entering the configuration view)

[Quidway] sysname xxx / / set the hostname to xxx

[Quidway] aaa / / enter aaa authentication mode to define user account

[Quidway-aaa] local-user wds password cipher wds

[Quidway-aaa] local-user wds level 15

[Quidway-aaa] local-user wds service-type telnet terminal ssh / / sometimes this command can be shipped first

/ / Yes, the above two commands, such as password,level, define vty.

/ / only appears after authentication-mode aaa

[Quidway-aaa] quit

[Quidway] user-interface vty 0 4 / / it was strange that the command could not be found, and it took several attempts to run it.

[Quidway-ui-vty0-4] authentication-mode aaa

[Quidway-ui-vty0-4] quit

2: Huawei S9303 VLan setting

Create a vlan:

/ / user straight-line mode prompt, user view

System-view / / enter the configuration view

[Quidway] vlan10 / / create a vlan10 and enter the vlan10 configuration view. If the vlan10 exists, go directly to the vlan10 configuration view

Figure

[Quidway-vlan10] quit / / return to the configuration view

[Quidway] vlan100 / / create a vlan100, and enter the vlan100 configuration view. If the vlan10 exists, enter the vlan100 directly.

Configuration View

[Quidway-vlan100] quit / / return to the configuration view

Add the port to the vlan:

[Quidway] interface GigabitEthernet2/0/1 (10G optical port)

[Quidway- GigabitEthernet2/0/1] port link-type access / / defines the port transfer mode

[Quidway- GigabitEthernet2/0/1] port default vlan100 / / add port to vlan100

[Quidway- GigabitEthernet2/0/1] quit

[Quidway] interface GigabitEthernet1/0/0 / / enter the first gigabit port configuration view on slot 1. 0 represents number 1.

Mouth

[Quidway- GigabitEthernet1/0/0] port link-type access / / defines the port transfer mode

[Quidway- GigabitEthernet2/0/1] port default vlan10 / / add this port to the vlan10

[Quidway- GigabitEthernet2/0/1] quit

.

.

.

.

Add multiple ports to the VLAN

System-view

[Quidway] vlan 10

[Quidway-vlan10] port GigabitEthernet 1-0-0 to 1-0-29 / / add ports 0 to 29 to vlan10

[Quidway-vlan10] quit

Huawei issued this order now I do not know, looking for the answer is to no avail.

3: setting VTP cisco proprietary vlan ultimate protocol has also become the LAN trunk road protocol, the function is to configure more than a dozen switches in the enterprise network.

VLAN has a lot of work, so you can use VTP protocol to configure one switch as VTP Server and the other switches as VTP Client.

They can learn VLAN information on server automatically.

Configure environment parameters

(1) switches SwitchA, SwitchB and SwitchC are all interconnected through GE interfaces.

(2) SwitchB and SwitchC switches are core switches, which require active and standby switches.

"networking requirements"

Require the entire network to run the STP protocol

Data configuration steps

(1) [SwitchA switch configuration]

Start spanning Tree Protocol: [SwitchA] stp enable

(1) [SwitchB switch configuration]

Start spanning Tree Protocol: [SwitchB] stp enable

(3) configure this bridge as the root bridge

[SwitchB] stp root primary

(4) [SwitchC switch configuration]

A start spanning Tree Protocol [SwitchC] stp enable

B configure this bridge as backup root bridge [SwitchC] stp root secondary

(5) [SwitchD switch configuration]

A start spanning Tree Protocol [SwitchD] stp enable

[supplementary note]

(1) by default, the priority of a switch is 32768. If you want to artificially designate a switch as the root switch, you can also modify it.

In advance to realize it.

(2) when spanning tree is opened by default, all ports will have spanning Tree Protocol enabled. Please change the port connected to PC to edge port mode.

(3) if you want to control the state of a link, you can set the cost value of the port.

Test verification

(1) use display stp to view the STP running status of the switch.

(2) check whether the port STP status display stp interface Ethernet XX is correct

4: switch configuration IP address

[Quidway] interface Vlanif100 / / entering the vlan100 interface view is different from where the vlan100 command enters

[Quidway-Vlanif100] ip address 119.167.200.90 255.255.255.252 / / define three layers of vlan100 management IP

Switched gateway routing

[Quidway-Vlanif100] quit

[Quidway] interface Vlanif10 / / entering the vlan10 interface view is different from where the vlan10 command enters

[Quidway-Vlanif10] ip address 119.167.206.129 255.255.255.128 / / define three layers of vlan10 management IP

Switched gateway routing

[Quidway-Vlanif10] quit

Configure the default gateway:

[Quidway] ip route-static 0.0.0.0 0.0.0.0 119.167.200.89 / / configure the default gateway.

5: the switch saves settings and reset commands

Save / / Save configuration information

Reset saved-configuration / reset switch configuration

Reboot / / restart the switch

6: display commands commonly used in switches

In user view mode:

Display current-configuration / / shows the configuration details that the switch is running now

Display device / / displays the status of each device in S9303

Display interface? / / display a port status, use? You can view the options followed by

Display version / / View switch firmware version information

Display vlan? / / View the configuration information of vlan

7: Port-based mac address binding

Under the system view

Am user-bind mac-addr mac address ip-addr ip address interface interface type interface serial number

Under the Ethernet port view

Interface interface type interface serial number

Am user-bind mac-addr mac address ip-addr ip address

8: configure the snmp function of the switch

[Quidway] snmp-agent community read xx / / xx is the name of the organization, and read is viewed in read-only mode

[Quidway] undo snmp-agent community xx / / Delete xx Organization

[Quidway] display snmp-agent community / / display the name of the organization

9: switch forbids ping configuration

[Quidway] acl number 3000

[Quidway-acl-adv-3000] rule 1 deny icmp-type echo any / / disable all network ping

[Quidway-acl-adv-3000] rule 3 deny icmp source 1.1.1.1 0.0.15 destination 2.2.2.2 0 prohibited

Icmp packages from 1.1.1.1 to 2.2.2.2

[Quidway-acl-adv-3000] quit

[Quidway] interface giga1/0/20

[Quidway-GigabitEthernet1/0/20] packet-filter inbound ip-group 3000 rule 1 / / use rules under the API

[Quidway-GigabitEthernet1/0/20] packet-filter inbound ip-group 3000 rule 3 / / put the rules under the API

Use

[Quidway-GigabitEthernet1/0/20] quit

[Quidway] interface Vlanif 100

[Quidway-Vlanif100] packet-filter inbound ip-group 3000 rule 1 / / use rules under the API

[Quidway-Vlanif100] quit

[Quidway] interface Vlanif 10

[Quidway-Vlanif10] packet-filter inbound ip-group 3000 rule 1 / / use rules under the API

[Quidway-Vlanif10] quit

10: restore the switch factory settings

Reset saved-configuration / reset switch configuration

11: a configuration example in actual work

Vlan 10

Quit

Vlan 100

Quit

Interface XGigabitEthernet2/0/1 (10G optical port)

Port link-type access

Port default vlan 100

Quit

Interface Vlanif100

Ip address 119.187.200.90 255.255.255.252

Quit

Ip route-static 0.0.0.0 0.0.0.0 119.187.200.89

Aaa local-user wds password cipher wds

Local-user wds privilege level 15

Local-user wds service-type telnet terminal ssh

Quit

User-interface vty 0 4

Authentication-mode aaa quit

12: Port trunking instance

(1) the switch SwitchA and SwitchB are interconnected through the Ethernet port.

(2) the ports used by the SwitchA for interconnection are e0Charact1 and e0Univer2reSwitchB, and the ports used for interconnection are e0Charact1 and e0Universe 2.

"networking requirements"

Increase the bandwidth of the interconnection link of SwitchA's SwitchB, and be able to achieve link backup, using port aggregation data configuration steps

[SwitchA switch configuration]

(1) enter port E0Unition1

[SwitchA] interface Ethernet 0/1

(2) the trunk port must work in full-duplex mode.

[SwitchA-Ethernet0/1] duplex full

(3) the port rate of trunking is the same, but it cannot be adaptive.

[SwitchA-Ethernet0/1] speed 100

(4) enter port E0Unition2

[SwitchA] interface Ethernet 0/2

(5) the trunk port must work in full-duplex mode.

[SwitchA-Ethernet0/2] duplex full

(6) the port rate of trunking is the same, but it cannot be adaptive.

[SwitchA-Ethernet0/2] speed 100

(7) Port selection and trunking based on source and destination MAC

[SwitchA] link-aggregation Ethernet 0/1 to Ethernet 0/2 both

[SwitchB switch configuration]

[SwitchB] interface Ethernet 0/1

[SwitchB-Ethernet0/1] duplex full

[SwitchB-Ethernet0/1] speed 100

[SwitchB] interface Ethernet 0/2

[SwitchB-Ethernet0/2] duplex full

[SwitchB-Ethernet0/2] speed 100

[SwitchB] link-aggregation Ethernet 0/1 to Ethernet 0/2 both

[note]

(1) the link type of the member port in the same aggregation group is the same as that of the primary port, that is, if the primary port is a Trunk port

Then the member port is also a Trunk port; if the link type of the primary port is changed to Access port, the link type of the member port also becomes Access

Port.

(2) different products have different requirements for the starting port number of port trunking. Please refer to the Operation Manual for configuration.

13: Port Mirror configuration instance

Environment configuration parameters

(1) the PC1 is connected to the switch E0ax 1, and the IP address is 1.1.1.1 Universe 24

(2) the PC2 is connected to the switch E0ax 2, and the IP address is 2.2.2.2 Universe 24.

(3) E0thumb 24 is the uplink port of the switch.

(4) Server is connected to switch E0ax 8, which is used as a mirror port.

"networking requirements"

(1) through the function of switch port mirroring, use server to monitor the business messages of the two pc. According to different models of Quidway switch

Images can be configured in different ways:

Port-based mirroring-Port-based mirroring makes a complete copy of the incoming and outgoing data packets of the mirrored port to the mirrored port.

Carry out flow observation or fault location.

Flow-based mirroring-the switch based on flow mirroring mirrors some streams, and each connection has two directions of data flow.

To change the machine, the two data streams should be mirrored separately.

Switches such as S2008/S2016/S2026/S2403H/S3026 support port-based mirroring, while 8016 switches support port-based mirroring

3500/3026E/3026F/3050 supports flow-based mirroring, and 5516 _ 6506max _ 6503max _ 6506R supports mirroring data configuration for ingress port traffic.

Take Quidway S3026C as an example, and configure it through an image based on layer 2 flow:

(1) define an ACL

[SwitchA] acl num 200

(2) define a rule packet that is sent from E0Plac1 to all other ports

[SwitchA] rule 0 permit ingress interface Ethernet0/1 egress

Interface Ethernet0/2

(3) define a packet with a rule from all other ports to E0ram port 1.

[SwitchA] rule 1 permit ingress interface Ethernet0/2 egress

Interface Ethernet0/1

(4) Mirror the packets that conform to the above ACL to E0UB8

[SwitchA] mirrored-to link-group 200 interface e0/8

14: show configuration commands

Display system version information: display version

Display diagnostic information: display diagnostic-information

Displays the current system configuration: display current-configuration

Display system Save configuration: display saved-configuration

Display interface information: display interface

Display routing information: display ip routing-table

Display VLAN information: display vlan

Display spanning tree information: display stp

Show MAC address table: display mac-address

Display ARP information: display arp

Display system CPU usage: display cpu

Display system memory usage: display memory

Show Syslog: display log

Display system clock: display clock

After verifying that the configuration is correct, use the save configuration command: save

To delete a command, generally use the command: undo

15:trunk trunk road configuration

Configure environment parameters

(1) SwitchA port E0ram 1 belongs to vlan10,E0/2 and belongs to vlan20,E0/3 and SwitchB

Port E0BAN3 interconnection

(2) SwitchB port E0ram 1 belongs to vlan10,E0/2 and belongs to vlan20,E0/3 and SwitchA

Port E0BAN3 interconnection

"networking requirements"

(1) PC interworking between vlan10 PC of SwitchA and vlan10 of SwitchB is required.

(2) PC interworking between vlan20 PC of SwitchA and vlan20 of SwitchB

Data configuration steps

[SwitchA related configuration]

(1) create (enter) vlan10

[SwitchA] vlan 10

(2) add E0Compare 1 to vlan10

[SwitchA-vlan10] port Ethernet 0/1

(3) create (enter) vlan20

[SwitchA] vlan 20

(4) add E0Compact 2 to vlan20

[SwitchA-vlan20] port Ethernet 0/2

(5) in practice, the uplink port is generally set to trunk attribute, which allows vlan to transmit transparently

[SwitchA-Ethernet0/3] port link-type trunk

(6) allow all vlan to pass through from port E0ram 3, or specify a specific VLAN value.

[SwitchA-Ethernet0/3] port trunk permit vlan all

[SwitchB related configuration]

(1) create (enter) vlan10

[SwitchB] vlan 10

(2) add E0Compare 1 to vlan10

[SwitchB-vlan10] port Ethernet 0/1

(3) create (enter) vlan20

[SwitchB] vlan 20

(4) add E0Compact 2 to vlan20

[SwitchB-vlan20] port Ethernet 0/2

(5) in practice, the uplink port is generally set to trunk attribute, which allows vlan to transmit transparently

[SwitchB-Ethernet0/3] port link-type trunk

(7) allow all vlan to pass through from port E0ram 3, or specify a specific VLAN value.

[SwitchB-Ethernet0/3] port trunk permit vlan all

[supplementary note]

(1) if a port is a trunk port, the port can belong to multiple vlan

(2) by default, the PVID of trunk port is 1, which can be modified by command port trunk pvid vlan vlanid in port mode.

PVID of the port

(3) if the vlan id of the data message forwarded from the trunk is the same as the PVID of the port, the VLAN information of the message will be stripped.

Be careful when configuring trunk ports.

(4) if a port is already set as a hybrid port on a switch, another port cannot be set as a trunk port.

(5) in general, it is best to specify which specific VLAN is allowed through the port, and do not set to allow all VLAN to pass.

Test verification

(1) PC in SwitchA vlan10 can be interconnected with PC in SwitchB vlan10

(2) PC in SwitchA vlan20 can be interconnected with PC in SwitchB vlan20

(3) PC in SwitchA vlan10 cannot interwork with PC in SwitchB vlan20

(4) PC in SwitchA vlan20 cannot communicate with PC in SwitchB vlan10.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.