華為交換機配置 &nb
華為5752有效密碼 [email protected]
如果不行,可選擇嘗試huawei huawei.com www.huawei.com
a.交換機設置一個名稱
<quidway>sys
[quidway]sysname JSHQ-02c14-ChaoWei-1.31
b.交換機設置 Dns
[JSHQ-02c14-AS-1.30]dns server 114.114.114.114
c.交換機設置管理 IP
[JSHQ-02c14-ChaoWei-1.31]undo interface Vlanif 1
<刪除vlan1>
[JSHQ-02c14-ChaoWei-1.31]vlan 1152
創建vlan1152
[JSHQ-02c14-ChaoWei-1.31]interface Vlanif 1152
[JSHQ-02c14-ChaoWei-1.31-Vlanif1152]ip address 10.196.1.31 255.255.128.0
配置管理IP
d.交換機設置靜態路由
[JSHQ-02c14-ChaoWei-1.31]ip route-static 0.0.0.0 0.0.0.0 10.196.0.1
e.交換機設置 snmp管理
[JSHQ-02c14-ChaoWei-1.31]snmp /啟用 snmp/
[JSHQ-02c14-ChaoWei-1.31]snmp-agent community read 1qazwsxdcv /設置只讀字團 /
[JSHQ-02c14-ChaoWei-1.31]snmp-agent sys-info contact AnchNet.Inc
[JSHQ-02c14-ChaoWei-1.31]snmp-agent sys-info location Shanghai
[JSHQ-02c14-ChaoWei-1.31]snmp-agent sys-info version all/支持所有版本 /
f.交換機設置 telnet登陸
步驟一 創建公鑰
[JSHQ-02c14-ChaoWei-1.31]rsa local-key-pair create
The key name will be: Huawei_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 512]:1024
Generating keys...
............................++++++
...++++++
..++++++++
......++++++++
步驟二、配置VTY用戶界面
[JSHQ-02c14-ChaoWei-1.31]user-interface vty 0 4
[JSHQ-02c14-ChaoWei-1.31-ui-vty0-4]authentication-mode aaa
[JSHQ-02c14-ChaoWei-1.31-ui-vty0-4]protocol inbound ssh
[JSHQ-02c14-ChaoWei-1.31-ui-vty0-4]quit
步驟三、創建SSH用戶,並配置用戶的認證方式為password
[JSHQ-02c14-ChaoWei-1.31]ssh user anchnet authentication-type password
步驟四、配置SSH用戶的用戶名和密碼
[JSHQ-02c14-ChaoWei-1.31]aaa
[JSHQ-02c14-ChaoWei-1.31-aaa]local-user anchnet password cipher c15terminal
Info: Add a new user.
[JSHQ-02c14-ChaoWei-1.31-aaa]local-user anchnet privilege level 15
[JSHQ-02c14-ChaoWei-1.31-aaa]local-user anchnet service-type ssh
[JSHQ-02c14-ChaoWei-1.31-aaa]quitq
步驟五、使能STelent功能,並配置用戶的服務類型為STelnet
[JSHQ-02c14-ChaoWei-1.31]stelnet server enable
Info: Succeeded in starting the Stelnet server.
[JSHQ-02c14-ChaoWei-1.31]ssh user anchnet service-type stelnet
g.配置Eth-Trunk
#
interface Eth-Trunk1
description Shanglian_Public_BSC02_G3/0/22_3/0/23
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 88
#
interface Eth-Trunk2
description Shanglian_Private_BSC02_G2/0/22_2/0/23
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 1152 2000 to 3000 4000
#
interface Eth-Trunk3
description To_C14_ChaoMi_10.196.1.31_G0/0/51_G0/0/52
port link-type trunk
port trunk allow-pass vlan 1151 to 1152 3000 4000
#
h.配置端口
#
interface GigabitEthernet0/0/47
description Shanglian_Public_G3/0/22
eth-trunk 1
#
interface GigabitEthernet0/0/48
description Shanglian_Public_G3/0/23
eth-trunk 1
#
interface GigabitEthernet0/0/49
description To_C14_ChaoMi_10.196.1.31_G0/0/51_G0/0/52
eth-trunk 3
#
interface GigabitEthernet0/0/50
description To_C14_ChaoMi_10.196.1.31_G0/0/51_G0/0/52
eth-trunk 3
#
interface GigabitEthernet0/0/51
description Shanglian_Private_G2/0/22
eth-trunk 2
#
interface GigabitEthernet0/0/52
description Shanglian_Private_G2/0/23
eth-trunk 2
#
根生成樹保護
#
stp region-configuration
region-name anchnet
instance 1 vlan 80 to 1000
instance 2 vlan 2000 to 4000
active region-configuration
stp root-protection
stp edged-port enable
arp anti-attack check user-bind enable
ip source check user-bind enable
K. NTP服務的配置
設置時區
<S8505>clock timezone cst add 8
設置時間服務器地址
[S8505]ntp-service unicast-server 10.1.100.88
查看時間ntp狀態
<S8505>dis clock
查看ntp服務會話
<S8505>dis ntp-service sessions
L、ACL配置(基於tracffic policy)
一、端口下只不允許192.168.0.0通過
[Quidway]acl number 3000
[Quidway-acl-adv-3000]rule deny ip source 192.168.0.0 0.0.0.255
[Quidway]acl number 3001
[Quidway-acl-adv-3001]rule permit ip
--------------------------------------------------------------
二、定義拒絕的訪問的 acl 流分類,關聯acl 3000
[Quidway]traffic classifier deny_ip
[Quidway-classifier-deny_ip]if-match acl 3000
三、定義拒絕的訪問的 acl 流行為,動作為deny
[Quidway]traffic behavior deny_ip
[Quidway-behavior-deny_ip]deny
----------------------------------------------------------------
四、定義允許 訪問的 acl 流分類,關聯acl 3001
[Quidway]traffic classifier permit_ip
[Quidway-classifier-permit_ip]if-match acl 3001
五、定義允許的訪問的 acl 流行為,動作為permit:
[Quidway]traffic behavior permit_ip
[Quidway-behavior-permit_ip]permit
---------------------------------------------------------
六、定義策略,管理流分類跟流行為:
[Quidway]traffic policy acl_ip
[Quidway-trafficpolicy-per-deny]classifier permit_ip behavior pemit_ip
[Quidway-trafficpolicy-per-deny]classifier deny_ip behavior deny_ip 允許訪問的放在前面,deny 的放在後面
七、在端口下發策略:
[Quidway]int Ethernet 0/0/1
[Quidway-Ethernet0/0/1]traffic-policy acl_ip inbound
[Quidway-Ethernet0/0/1]traffic-policy acl_ip outbound
ACL配置(基於tracffic-filter)
一、定義acl策略
[Huawei] acl number 2000
[Huawei-acl-basic-2000] rule deny source 192.168.1.0 0.0.0.255
[Huawei] acl number 3000
[Huawei-acl-basic-3000] rule deny tcp source 192.168.1.0 0.0.0.255 destination 23.1.1.0 0.0.0.255 description-port wq www
二、端口策略的應用
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1] traffic-filter inbound acl 2000
[Huawei-GigabitEthernet0/0/1] traffic-filter inbound acl 3000
M、端口限速策略配置()
[Huawei]traffic classifier 20M
[Huawei-classifier-20M]if-match any
[Huawei-classifier-20M]quit
[Huawei]traffic behavior 20M
[Huawei-behavior-20M]car cir 20480 cbs 65544444 pbs 65544444
[Huawei-behavior-20M]quit
[Huawei]traffic policy 20M
[Huawei-trafficpolicy-20M]classifier 20M behavior 20M
N、SNMP配置
snmp-agent /使能snmp服務/
snmp-agent local-engineid 000007DB7F000001000049DD /系統自動生成,無需配置/
snmp-agent community read public /設置讀團體名:public/
snmp-agent community write private /設置寫團體名:private/
snmp-agent sys-info contact Mr.Wang-Tel:3306 /設置聯系方式/
snmp-agent sys-info location 3rd-floor /設置設備位置/
snmp-agent sys-info version v1 v3 /配置snmp版本允許V1(默認只允許v3)/
snmp-agent target-host trap address udp-domain 129.102.149.23 udp-port 5000 par ams securityname public /允許向網管工作站(NMS)129.102.149.23發送Trap報文,使用的團體名為public/
本文出自 “一直在路上,從未到終點” 博客,謝絕轉載!
華為交換機配置 &nb