各类交换机配置集合.docx
《各类交换机配置集合.docx》由会员分享,可在线阅读,更多相关《各类交换机配置集合.docx(15页珍藏版)》请在冰豆网上搜索。
各类交换机配置集合
一、QINQ配置:
1、汇聚交换机QINQ配置:
(1)S7800系列交换机QINQ配置:
<1>QINQ端口配置:
interfaceEthernet7/0/13
portlink-typehybrid定义端口为hybrid端口
porthybridvlan150903988208323002583304430833091tagged定义透传VLAN
porthybridvlan11183untagged定义外层VLAN
speed100
duplexfull
descriptionTo_ZB_YangJiaHe_MA5103_20070614端口信息描述
qinqenable使能端口QINQ功能
qosapplypolicyin-policy-ZB-YJH-MA5103inbound引用针对该设备的入流量策略
qosapplypolicyout-policy-ZB-YJH-MA5103outbound引用针对该设备的出流量策略
<2>针对VLAN配置相应的流量策略:
(a)定义入方向的流量策略:
(精邦外层VLAN,需要配置入方向的流量策略)
trafficclassifierV0150-VPN-JIAOJING-inoperatorand(classifier语句用来匹配判断条件)
if-matchcustomer-vlan-id150(透传VLAN)
if-matchcustomer-vlan-id1001to1096(精邦内层VLAN)
quit
trafficbehaviorV0150-VPN-JIAOJING-in(behavior语句用来完成指定动作)
remarkservice-vlan-id150(透传VLAN)
nesttop-mostvlan-id1100(精邦外层VLAN)
qospolicyin-policy-ZB-YJH-MA5103(定义针对某设备的入流量策略)
classifierV0150-VPN-JIAOJING-inbehaviorV0150-VPN-JIAOJING-in(此语句将判断的条件与完成的动作进行了绑定)
(b)定义出方向的流量策略:
(需透传的VLAN才配置出方向策略)
trafficclassifierV0150-VPN-JIAOJING-outoperatorand(classifier语句用来匹配判断条件)
if-matchservice-vlan-id150(透传VLAN)
quit
trafficbehaviorV0150-VPN-JIAOJING-out(behavior语句用来完成指定动作)
remarkcustomer-vlan-id150(透传VLAN)
quit
qospolicyout-policy-ZB-YJH-MA5103(定义针对某设备的出流量策略)
classifierV0150-VPN-JIAOJING-outbehaviorV0150-VPN-JIAOJING-out(此语句将判断的条件与完成的动作进行了绑定)
注:
修改流策略时,必须先在端口下undo该策略,修改完成后,再在端口下应用新策略。
因此会引起端口下设备的业务中断,应在闲时进行。
(2)T160G&T64G交换机QINQ配置:
<1>QINQ端口配置:
Interfacefei_1/1
Switchportmodehybrid(定义端口为hybrid端口)
Switchporthybridnativevlanvlan-id(默认和外层VLAN一致)
Switchporthybridvlanvlan-idtag(配置透传VLAN)
Switchporthybridvlanvlan-iduntag(配置外层VLAN)
Switchportqinqnormal(不需要改为customer)
<2>定义端口的流策略:
Vlanqinqsession-nosession-idcustomer-portport-nameuplink-portport-namein-vlan1001-1500ovlanvlan-idadvanced(指定精邦内外层VLAN的对应关系)
(3)ZX3900系列交换机QINQ配置:
<1>QINQ端口配置:
Interfacefei_1/1
Switchportmodehybrid(定义端口为hybrid端口)
Switchporthybridnativevlanvlan-id(和外层VLAN一致)
Switchporthybridvlanvlan-idtag(配置透传VLAN)
Switchporthybridvlanvlan-iduntag(配置外层VLAN)
Switchportqinqcustomer(设置接口为QINQ用户端口)
<2>定义端口的流策略:
Vlanqinqsession-nosession-idcustomer-portport-nameuplink-portport-namein-vlan1001-1500ovlanvlan-id设置内层VLAN与外层VLAN的对应关系(当端口nativevlan与外层VLAN配置一致,则不需配置该命令,端口默认先为所有数据帧打上nativevlan标记)
Vlanqinqsession-nosession-idcustomer-portport-nameuplink-portport-namein-vlanvlan-id
Untaghelper-vlan1000设置需要进行透传的vlan
注:
在将原来的QINQ端口修改为TRUNK端口后,一定要记得删除对应端口的VLANQINQSESSION,否则会影响业务。
(4)S9300系列交换机QINQ配置:
<1>QINQ端口配置:
interfaceGigabitEthernet3/0/1
descriptionLAN-dianxinjiashuyuan2#(端口描述信息)
porthybridtaggedvlan700(配置透传VLAN)
porthybriduntaggedvlan1206(配置外层VLAN)
portvlan-mappingoutside-vlan700map-vlan700(为透传VLAN配置VLAN映射)
traffic-policyjb-dxjsy-laninbound(引用针对该设备的入流量策略,只针对精邦VLAN)
undonegotiationauto(取消自适应)
speed100(强制100M)
<2>针对VLAN配置相应的流量策略:
(a)定义入方向的流量策略:
(精邦外层VLAN,只需要配置入方向的流量策略,透传VLAN不用做策略,直接用VLAN映射完成透传)
trafficclassifierV0150-VPN-JIAOJING-inoperatorand(classifier语句用来匹配判断条件)
if-matchcustomer-vlan-id1001-1096(精邦内层VLAN)
quit
trafficbehaviorV0150-VPN-JIAOJING-in(behavior语句用来完成指定动作)
nesttop-mostvlan-id1100(精邦外层VLAN)
qospolicyin-policy-ZB-YJH-MA5103(定义针对某设备的入流量策略)
classifierV0150-VPN-JIAOJING-inbehaviorV0150-VPN-JIAOJING-in(此语句将判断的条件与完成的动作进行了绑定)
(5)S5300系列交换机QINQ配置:
<1>QINQ端口配置:
interfaceGigabitEthernet0/0/1
descriptionTO-FuYuanXiaoQu-3328-GE端口信息描述
portdefaultvlan1端口默认VLAN
porttrunkallow-passvlan700236328633363配置透传VLAN
porthybriduntaggedvlan1176配置外层VLAN
bpduenable使能桥协议数据单元(用于STP协议,防止环路)
port-isolateenable使能端口隔离
qinqvlan-translationenable接口使能灵活QinQ功能
portvlan-stackingvlan1001to1170pushvlan1176priority-inherit配置接口给幀加上外层VLANTAG
portvlan-mappingexternal-vlan2363map-external-vlan2363priority-inherit配置VLAN映射
portvlan-mappingexternal-vlan2863map-external-vlan2863priority-inherit配置VLAN映射
portvlan-mappingexternal-vlan3363map-external-vlan3363priority-inherit配置VLAN映射
portvlan-mappingexternal-vlan700map-external-vlan700priority-inherit配置VLAN映射
ntdpenable使能邻接拓扑发现协议
ndpenable使能邻接发现协议
(5)S3900系列交换机QINQ配置:
<1>QINQ端口配置:
interfaceEthernet1/0/19
portlink-typehybrid(定义端口为hybrid端口)
porthybridvlan2142230726423142tagged(配置透传VLAN)
porthybridvlan1242untagged(配置外层VLAN)
undoporthybridvlan1(禁用默认VLAN:
1)
porthybridpvidvlan1242(指定端口默认VLAN,与外层VLAN一致)
vlan-vpnenable(启用VLAN-VPN功能)
descriptionTo-chazhen9806h(端口描述信息)
traffic-redirectinboundlink-group4000rule0interfaceGigabitEthernet1/1/1untagged(配置上行端口的流量策略)
vlan-vpnvid1242(制定外层VLAN)
raw-vlan-idinbound1001to1096(配置内层VLAN)
<2>利用高级ACL列表实现条件判断
aclnumber4000
rule0permitc-tag-vlan300(主要针对透传VLAN,设置判断条件)
rule1permitc-tag-vlan987
rule2permitc-tag-vlan906
rule3permitc-tag-vlan988
rule4permitc-tag-vlan3549
(6)(6)ZX3900系列交换机QINQ配置:
<1>QINQ端口配置:
interfacegei_3/2
descriptionTo-hexi-MA5603
negotiationauto
hybrid-attributefiber
switchportmodehybrid
switchporthybridnativevlan1(此项必须保留而不能设置为外层VLANID)
switchporthybridvlan201tag
switchporthybridvlan2119tag
switchporthybridvlan2619tag
switchporthybridvlan3119tag
switchporthybridvlan1219untag
switchportqinqcustomer
<2>定义端口的流策略:
vlanqinqsession-no1customer-portgei_3/2uplink-portgei_3/1in-vlan1001-1200ovlan1219
注:
uplink端口需要配置untagvlan1000
(7)ZX3228交换机QINQ配置:
interfacefei_1/2
descriptionTo-HZ-PZ-XMS-ShuangMiaoCun-ZTE9806H
nonegotiationauto
switchportmodehybrid
switchporthybridnativevlan1000(该VLAN:
1000在端口中设置为nativevlan,在UPLINK端口中设置为untagvlan)
switchporthybridvlan200tag
switchporthybridvlan2144tag
switchporthybridvlan2644tag
switchporthybridvlan3144tag
switchporthybridvlan1244untag
switchportqinqcustomer
定义端口的流策略:
vlanqinqsession-no1customer-portgei_3/2uplink-portgei_3/1in-vlan1001-1200ovlan1219
注:
只用配置内层VLAN与外层VLAN的策略,不用配置透传VLAN的策略。
2、接入交换机QINQ相关配置:
(1)S2300系列交换机QINQ相关配置:
<1>接入端口配置:
interfaceEthernet0/0/2
portdefaultvlan1590(设置端口默认VLAN)
porttrunkallow-passvlan1590236328633363(透传业务VLAN)
trust8021p(配置接口信任报文所携带的802.1P优先级)
port-isolateenable(使能端口隔离功能)
qinqvlan-translationenable(使能端口QINQ功能)
portvlan-mappingexternal-vlan43map-external-vlan2363(配置用户VLAN与网络侧VLAN的映射关系)
portvlan-mappingexternal-vlan45map-external-vlan2863
portvlan-mappingexternal-vlan46map-external-vlan3363
portvlan-mappingexternal-vlan1590map-external-vlan1590
mac-tablelimit10
ntdpenable
ndpenable
<2>上行端口配置:
interfaceGigabitEthernet0/0/1
portdefaultvlan1
porttrunkallow-passvlan4345to467001589to1618236328633363
trust8021p
ntdpenable
ndpenable
(2)S3300系列交换机QINQ相关配置:
interfaceEthernet0/0/20(直接接入用户时的配置)
portdefaultvlan1020(设置端口默认VLAN)
porttrunkallow-passvlan1020236328633363(透传业务VLAN)
trust8021p(配置接口信任报文所携带的802.1P优先级)
loopback-detectenable(使能端口环回检测)
loopback-detectactionblock(发现环回后自动闭塞)
bpduenable使能桥协议数据单元(用于STP协议,防止环路)
port-isolateenable(使能端口隔离功能)
qinqvlan-translationenable(使能端口QINQ功能)
portvlan-mappingexternal-vlan1020map-external-vlan1020priority-inherit
portvlan-mappingexternal-vlan43map-external-vlan2363priority-inherit
portvlan-mappingexternal-vlan45map-external-vlan2863priority-inherit
portvlan-mappingexternal-vlan46map-external-vlan3363priority-inherit
mac-tablelimit10(MAC地址表条目限制)
ntdpenable
ndpenable
interfaceEthernet0/0/20(本交换机上的QINQ)
portdefaultvlan1(设置端口默认VLAN)
porttrunkallow-passvlan700236328633363(透传业务VLAN)
porthybriduntaggedvlan1020(配置外层VLAN)
trust8021p(配置接口信任报文所携带的802.1P优先级)
bpduenable使能桥协议数据单元(用于STP协议,防止环路)
port-isolateenable(使能端口隔离功能)
qinqvlan-translationenable(使能端口QINQ功能)
portvlan-stackingvlan1001to1200pushvlan1020priority-inherit(建立内外层VLAN的关联关系)
portvlan-mappingexternal-vlan700map-external-vlan700priority-inherit(透传VLAN)
portvlan-mappingexternal-vlan2363map-external-vlan2363priority-inherit
portvlan-mappingexternal-vlan2863map-external-vlan2863priority-inherit
portvlan-mappingexternal-vlan3363map-external-vlan3363priority-inherit
ntdpenable
ndpenable
二、基本配置:
(1)华为系列交换机基本配置:
<1>S2000系列交换机
A、用户界面配置:
[Quidway]user-interfacevty0(进入虚拟终端接口)
[Quidway-ui-vty0]authentication-modepassword(设置虚拟终端接口为密码认证方式)
[Quidway-ui-vty0]setauthenticationpasswordsimple(cipher)huawei(设置认证密码为明码huawei)
[Quidway]user-interfacevty0(进入虚拟终端接口)
[Quidway-ui-vty0]authentication-modescheme(设置虚拟终端接口为方案认证方式)
[Quidway-ui-vty0]quit
[Quidway]local-userzbr(创建本地认证用户名zbr)
[Quidway-luser-zbr]passwordsimplehuawei(创建本地认证用户的认证密码为明码huawei)
[Quidway-luser-zbr]service-typetelnet(设置本地认证用户的服务类型为telnet)
B、管理VLAN和IP地址配置
二层以太网交换机同时只能有一个VLAN对应的VLAN接口可以配置IP地址,而该VLAN即为管理VLAN。
[Quidway]interfacevlan-interface2300(创建管理VLAN接口)
[Quidway-vlan-if]ipaddressip-addressnetmask(配置管理IP地址)
[Quidway-vlan-if]descriptionstring(添加描述信息)
C、配置静态路由
Iproute-staticip-addressmask
<2>S3900系列交换机
A、用户界面配置:
(系统缺省使用的AAA方案为local)
[Quidway]sysnamestring(配置交换机系统名)
[Quidway]local-userzbr(创建本地认证用户名zbr)
[Quidway-luser-zbr]passwordsimplehuawei(创建本地认证用户的认证密码为明码huawei)
[Quidway-luser-zbr]service-typeterminal[levellevel](设置本地认证用户的服务类型为terminal)
[Quidway-luser-zbr]service-typetelnet[levellevel](设置本地认证用户的服务类型为telnet)
[Quidway-luser-zbr]quit
[Quidway]user-interfaceaux0
[Quidway-aux-0]authentication-modescheme
[Quidway]user-interfacevty04
[Quidway-vty-0]authentication-modescheme
[Quidway-vty-0]userprivilegelevellevel(设置通过vty接口登录时的命令级别)
B、管理VLAN和IP地址配置
[Quidway]interfacevlan-interface2300(创建管理VLAN接口)
[Quidway-vlan-if]ipaddressip-
升级会员 