1、华为三康华为三康(H3C)三层交换机VLAN配置实例 摘要: H3C三层交换机VLAN配置实例关键词:交换机华为三康(H3C)三层交换机VLAN配置实例 正文: H3C三层交换机VLAN配置实例dis cu#sysname H3C#radius scheme system#domain system#acl number 2011rule 0 denyrule 1 permit source 172.16.11.0 0.0.0.255acl number 2012rule 0 denyrule 1 permit source 172.16.12.0 0.0.0.255acl number 20
2、13rule 0 denyrule 1 permit source 172.16.13.0 0.0.0.255acl number 2021rule 0 denyrule 1 permit source 172.16.21.0 0.0.0.255acl number 2022rule 0 denyrule 1 permit source 172.16.22.0 0.0.0.255acl number 2023rule 0 denyrule 1 permit source 172.16.23.0 0.0.0.255acl number 2031rule 0 denyrule 1 permit s
3、ource 172.16.31.0 0.0.0.255acl number 2032rule 0 denyrule 1 permit source 172.16.32.0 0.0.0.255acl number 2033rule 0 denyrule 1 permit source 172.16.33.0 0.0.0.255acl number 2041rule 0 denyrule 1 permit source 172.16.41.0 0.0.0.255acl number 2042rule 0 denyrule 1 permit source 172.16.42.0 0.0.0.255a
4、cl number 2043rule 0 denyrule 1 permit source 172.16.43.0 0.0.0.255acl number 2080rule 0 denyrule 1 permit source 172.16.80.0 0.0.0.255#vlan 1#vlan 11#vlan 12#vlan 13#vlan 21#vlan 22#vlan 23#vlan 31#vlan 32#vlan 33#vlan 41#vlan 42#vlan 43#vlan 80#interface Aux1/0/0#interface Ethernet1/0/1port link-t
5、ype hybridport hybrid vlan 1 11 untaggedport hybrid pvid vlan 11packet-filter inbound ip-group 2011 rule 0packet-filter inbound ip-group 2011 rule 1#interface Ethernet1/0/2port link-type hybridport hybrid vlan 1 12 untaggedport hybrid pvid vlan 12packet-filter inbound ip-group 2012 rule 0packet-filt
6、er inbound ip-group 2012 rule 1#interface Ethernet1/0/3port link-type hybridport hybrid vlan 1 13 untaggedport hybrid pvid vlan 13packet-filter inbound ip-group 2013 rule 0packet-filter inbound ip-group 2013 rule 1#interface Ethernet1/0/4port link-type hybridport hybrid vlan 1 21 untaggedport hybrid
7、 pvid vlan 21packet-filter inbound ip-group 2021 rule 0packet-filter inbound ip-group 2021 rule 1#interface Ethernet1/0/5port link-type hybridport hybrid vlan 1 22 untaggedport hybrid pvid vlan 22packet-filter inbound ip-group 2022 rule 0packet-filter inbound ip-group 2022 rule 1#interface Ethernet1
8、/0/6port link-type hybridport hybrid vlan 1 23 untaggedport hybrid pvid vlan 23packet-filter inbound ip-group 2023 rule 0packet-filter inbound ip-group 2023 rule 1#interface Ethernet1/0/7port link-type hybridport hybrid vlan 1 31 untaggedport hybrid pvid vlan 31packet-filter inbound ip-group 2031 ru
9、le 0packet-filter inbound ip-group 2031 rule 1#interface Ethernet1/0/8port link-type hybridport hybrid vlan 1 32 untaggedport hybrid pvid vlan 32packet-filter inbound ip-group 2032 rule 0packet-filter inbound ip-group 2032 rule 1#interface Ethernet1/0/9port link-type hybridport hybrid vlan 1 33 unta
10、ggedport hybrid pvid vlan 33packet-filter inbound ip-group 2033 rule 0packet-filter inbound ip-group 2033 rule 1#interface Ethernet1/0/10port link-type hybridport hybrid vlan 1 41 untaggedport hybrid pvid vlan 41packet-filter inbound ip-group 2041 rule 0packet-filter inbound ip-group 2041 rule 1#int
11、erface Ethernet1/0/11port link-type hybridport hybrid vlan 1 42 untaggedport hybrid pvid vlan 42packet-filter inbound ip-group 2042 rule 0packet-filter inbound ip-group 2042 rule 1#interface Ethernet1/0/12port link-type hybridport hybrid vlan 1 43 untaggedport hybrid pvid vlan 43packet-filter inboun
12、d ip-group 2043 rule 0packet-filter inbound ip-group 2043 rule 1#interface Ethernet1/0/13#interface Ethernet1/0/14#interface Ethernet1/0/15#interface Ethernet1/0/16#interface Ethernet1/0/17#interface Ethernet1/0/18#interface Ethernet1/0/19#interface Ethernet1/0/20port link-type hybridport hybrid vla
13、n 1 80 untaggedport hybrid pvid vlan 80packet-filter inbound ip-group 2080 rule 0packet-filter inbound ip-group 2080 rule 1#interface Ethernet1/0/21#interface Ethernet1/0/22port link-type hybridport hybrid vlan 1 11 to 13 21 to 23 31 to 33 41 to 43 80 untagged#interface Ethernet1/0/23port link-type
14、hybridport hybrid vlan 1 11 to 13 21 to 23 31 to 33 41 to 43 80 untagged#interface Ethernet1/0/24port link-type hybridport hybrid vlan 1 11 to 13 21 to 23 31 to 33 41 to 43 80 untagged#interface GigabitEthernet1/1/1#interface GigabitEthernet1/1/2#interface GigabitEthernet1/1/3port link-type hybridpo
15、rt hybrid vlan 1 11 to 13 21 to 23 31 to 33 41 to 43 80 untagged#interface GigabitEthernet1/1/4port link-type hybridport hybrid vlan 1 11 to 13 21 to 23 31 to 33 41 to 43 80 untagged#undo irf-fabric authentication-mode#interface NULL0#user-interface aux 0 7user-interface vty 0 4#returnF100-C的设置问题回复方
16、法一:F100-C恢复出厂设置,你以前的配置就会删除了,你可以重新配置你的固定IP配置固定IP配置实例:H3Cdis cur#sysname H3C#firewall packet-filter enablefirewall packet-filter default permit#insulate#undo connection-limit enableconnection-limit default denyconnection-limit default amount upper-limit 50 lower-limit 20#nat address-group 1 218.94.*.*
17、 218.94.*.*#firewall statistic system enable#radius scheme system#domain system#local-user wjmpassword simple wjmservice-type telnetlevel 3# acl number 2000 match-order autorule 0 permit source 192.168.0.0 0.0.255.255#interface Aux0async mode flow#interface Ethernet0/0ip address 192.168.0.1 255.255.
18、255.0#interface Ethernet0/1#interface Ethernet0/2#interface Ethernet0/3#interface Ethernet1/0ip address 218.94.*.* 255.255.255.240#interface Ethernet1/1#interface Ethernet1/2#interface NULL0#firewall zone localset priority 100#firewall zone trustadd interface Ethernet0/0add interface Ethernet0/1add
19、interface Ethernet0/2add interface Ethernet0/3set priority 85#firewall zone untrustadd interface Ethernet1/0 add interface Ethernet1/1add interface Ethernet1/2set priority 5#firewall zone DMZset priority 50#firewall interzone local trust#firewall interzone local untrust#firewall interzone local DMZ#
20、firewall interzone trust untrust#firewall interzone trust DMZ#firewall interzone DMZ untrust#ip route-static 0.0.0.0 0.0.0.0 218.94.*.*preference 60#user-interface con 0user-interface aux 0 user-interface vty 0 4authentication-mode scheme#return华为交换机配置命令本文网址: 复制华为QuidWay交换机配置命令手册:1、开始建立本地配置环境,将主机的串口
21、通过配置电缆与以太网交换机的Console口连接。在主机上运行终端仿真程序(如Windows的超级终端等),设置终端通信参数为:波特率为9600bit/s、8位数据位、1位停止位、无校验和无流控,并选择终端类型为VT100。以太网交换机上电,终端上显示以太网交换机自检信息,自检结束后提示用户键入回车,之后将出现命令行提示符(如)。键入命令,配置以太网交换机或查看以太网交换机运行状态。需要帮助可以随时键入?2、命令视图(1)用户视图(查看交换机的简单运行状态和统计信息):与交换机建立连接即进入(2)系统视图(配置系统参数)Quidway:在用户视图下键入system-view(3)以太网端口视图
22、(配置以太网端口参数)Quidway-Ethernet0/1:在系统视图下键入interface ethernet 0/1(4)VLAN视图(配置VLAN参数)Quidway-Vlan1:在系统视图下键入vlan 1(5)VLAN接口视图(配置VLAN和VLAN汇聚对应的IP接口参数)Quidway-Vlan-interface1:在系统视图下键入interface vlan-interface 1(6)本地用户视图(配置本地用户参数)Quidway-luser-user1:在系统视图下键入local-user user1(7)用户界面视图(配置用户界面参数)Quidway-ui0:在系统视图
23、下键入user-interface3、其他命令设置系统时间和时区clock time Beijing add 8 clock datetime 12:00:00 2005/01/23设置交换机的名称Quidwaysysname TRAIN-3026-1TRAIN-3026-1配置用户登录Quidwayuser-interface vty 0 4 Quidway-ui-vty0authentication-mode scheme创建本地用户Quidwaylocal-user huawei Quidway-luser-huaweipassword simple huawei Quidway-lus
24、er-huawei service-type telnet level 34、VLAN配置方法配置环境参数SwitchA端口E0/1属于VLAN2,E0/2属于VLAN3组网需求把交换机端口E0/1加入到VLAN2 ,E0/2加入到VLAN3数据配置步骤VLAN配置流程(1)缺省情况下所有端口都属于VLAN 1,并且端口是access端口,一个access端口只能属于一个vlan;(2)如果端口是access端口,则把端口加入到另外一个vlan的同时,系统自动把该端口从原来的vlan中删除掉;(3)除了VLAN1,如果VLAN XX不存在,在系统视图下键入VLAN XX,则创建VLAN XX并
25、进入VLAN视图;如果VLAN XX已经存在,则进入VLAN视图。【SwitchA相关配置】方法一:(1)创建(进入)vlan2 SwitchAvlan 2(2)将端口E0/1加入到vlan2 SwitchA-vlan2port ethernet 0/1(3)创建(进入)vlan3 SwitchA-vlan2vlan 3(4)将端口E0/2加入到vlan3 SwitchA-vlan3port ethernet 0/2方法二:(1)创建(进入)vlan2 SwitchAvlan 2(2)进入端口E0/1视图 SwitchAinterface ethernet 0/1(3)指定端口E0/1属于vl
26、an2 SwitchA-Ethernet1port access vlan 2(4)创建(进入)vlan3 SwitchAvlan 3(5)进入端口E0/2视图 SwitchAinterface ethernet 0/2(6)指定端口E0/2属于vlan3 SwitchA-Ethernet2port access vlan 3测试验证(1)使用命令disp cur可以看到端口E0/1属于vlan2,E0/2属于vlan3;(2)使用display interface Ethernet 0/1可以看到端口为access端口,PVID为2;(3)使用display interface Ethern
27、et 0/2可以看到端口为access端口,PVID为35、交换机IP地址配置功能需求及组网说明配置环境参数三层交换机SwitchA有两个端口ethetnet 0/1、ethernet 0/2,分别属于vlan 2、vlan 3;以vlan 2的三层接口地址分别是1.0.0.1/24作为PC1的网关;以vlan 3的三层接口地址分别是2.0.0.1/24作为PC2的网关;组网需求PC1和PC2通过三层接口互通【SwitchA相关配置】(1)创建(进入)vlan2 Quidwayvlan 2(2)将端口E0/1加入到vlan2 Quidway-vlan2port ethernet 0/1(3)进
28、入vlan2的虚接口 Quidway-vlan2interface vlan 2(4)在vlan2的虚接口上配置IP地址 Quidway-Vlan-interface2ip address 1.0.0.1 255.255.255.0(5)创建(进入)vlan3 Quidwayvlan 3(6)将E0/2加入到vlan3 Quidway-vlan3port ethernet 0/2(7)进入vlan3的虚接口 Quidway-vlan3interface vlan 3(8)在vlan3的虚接口上配置IP地址 Quidway-Vlan-interface3ip address 2.0.0.1 25
29、5.255.255.0测试验证(1)PC1和PC2都可以PING通自己的网关(2)PC1和PC2可以相互PING通6、端口的trunk配置配置环境参数(1)SwitchA 端口E0/1属于vlan10,E0/2属于vlan20,E0/3与SwitchB端口E0/3互连(2)SwitchB 端口E0/1属于vlan10,E0/2属于vlan20,E0/3与SwitchA端口E0/3互连组网需求(1)要求SwitchA的vlan10的PC与SwitchB的vlan10的PC互通(2)要求SwitchA的vlan20的PC与SwitchB的vlan20的PC互通数据配置步骤【SwitchA相关配置】(1)创建(进入)vlan10SwitchA vlan 10(2)将E0/1加入到vlan10SwitchA-vlan10port Ethernet 0/1(3)创建(进入)vlan20SwitchAvlan 20(4)将E0/2
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1