1、华为交换机基本配置命令华为交换机基本配置命令华为交换机基本配置命令一、单交换机VLAN划分命令命令解释system进入系统视图system-view进入系统视图quit退到系统视图undovlan20删除vlan20sysname交换机命名dispvlan显示vlanvlan20创建vlan(也可进入vlan20)porte1/0/1toe1/0/5把端口1-5放入VLAN20中5700系列单个端口放入VLAN Huaweiintg0/0/1 Huaweiportlink-typeaccess(注:接口类型access,hybrid、trunk) Huaweiportdefaultvlan10
2、批量端口放入VLAN Huaweiport-group1 Huawei-port-group-1group-memberethernetG0/0/1toethernetG0/0/20 Huawei-port-group-1porthybriduntaggedvlan3删除group(组)vlan200内的15端口 Huaweiintg0/0/15 Huawei-GigabitEthernet0/0/15undoporthybriduntaggedvlan200通过group端口限速设置 HuaweiPort-group2 Huaweigroup-memberg0/0/2tog0/0/23 Hu
3、aweiqoslroutboundcir2000cbs20000dispvlan20显示vlan里的端口20inte1/0/24进入端口24undoporte1/0/10表示删除当前VLAN端口10dispcurr显示当前配置 return返回 portaccessvlan10把端口20放入VLAN10inte1/0/24进入端口24portlink-typetrunk把24端口设为TRUNK端口porttrunkpermitvlanall(porttrunkpermitvlan10只能为vlan10使用)24端口为所有VLAN使用dispinte1/0/24查看端口24是否为TRUNKund
4、oporttrunkpermitvlanall删除该句四、路由的配置命令system进入系统模式sysname命名inte1/0进入端口ipaddress192.168.3.100255.255.255.0设置IPundoshutdown打开端口dispipinte1/0查看IP接口情况dispipintbrief查看IP接口情况user-intvty04进入口令模式authentication-modepassword(authpass)进入口令模式setauthenticationpasswordsimple22237设置口令userprivilegelevel3进入3级特权save保存配
5、置resetsaved-configuration删除配置(用户模式下运行)undoshutdown配置远程登陆密码inte1/4iproute192.168.3.0(目标网段)255.255.255.0192.168.12.1(下一跳:下一路由器的接口)静态路由iproute0.0.0.00.0.0.0192.168.12.1默认路由dispiprout显示路由列表华3CAR-18E1/0(lan1-lan4)E2/0(wan0)E3/0(WAN1)路由器连接使用直通线。wan0接wan0或wan1接wan1计算机的网关应设为路由器的接口地址。五、三层交换机配置VLAN-VLAN通讯sw1(
6、三层交换机):system进入视图sysname命名vlan10建立VLAN10vlan20建立VLAN20inte1/0/20进入端口20portaccessvlan10把端口20放入VLAN10inte1/0/24进入24端口portlink-typetrunk把24端口设为TRUNK端口porttrunkpermitvlanall(porttrunkpermitvlan10只能为vlan10使用)24端口为所有VLAN使用sw2:vlan10inte1/0/5portaccessvlan10inte1/0/24portlink-typetrunk把24端口设为TRUNK端口porttru
7、nkpermitvlanall(porttrunkpermitvlan10只能为vlan10使用)24端口为所有VLAN使用sw1(三层交换机):intvlan10创建虚拟接口VLAN10ipaddress192.168.10.254255.255.255.0设置虚拟接口VLAN10的地址intvlan20创建虚拟接口VLAN20ipaddress192.168.20.254255.255.255.0设置虚拟接口IPVLAN20的地址注意:vlan10里的计算机的网关设为192.168.10.254vlan20里的计算机的网关设为192.168.20.254六、动态路由RIPR1:inte1/
8、0进入e1/0端口ipaddress192.168.3.1255.255.255.0设置IPinte2/0进入e2/0端口ipadress192.168.5.1255.255.255.0设置IPrip设置动态路由network192.168.5.0定义IPnetwork192.168.3.0定义IPdispiprout查看路由接口R2:inte1/0进入e1/0端口ipaddress192.168.4.1255.255.255.0设置IPinte2/0进入e2/0端口ipadress192.168.5.2255.255.255.0设置IPrip设置动态路由network192.168.5.0定
9、义IPnetwork192.168.4.0定义IPdispiprout查看路由接口(注意:两台PC机的网关设置PC1IP:192.168.3.1PC2IP:192.168.4.1)七、IP访问列表inte1/0ipaddress192.168.3.1255.255.255.0inte2/0ipaddress192.168.1.1255.255.255.0inte3/0ipaddress192.168.2.1255.255.255.0aclnumber2001(2001-2999属于基本的访问列表)rule1denysource192.168.1.00.0.0.255(拒绝地址192.168.1
10、.0网段的数据通过)rule2permitsource192.168.3.00.0.0.255(允许地址192.168.3.0网段的数据通过)以下是把访问控制列表在接口下应用:firewallenablefirewalldefaultpermitinte3/0firewallpacket-filter2001outbounddispacl2001显示信息undoaclnumber2001删除2001控制列表扩展访问控制列表aclnumber3001ruledenytcpsource192.168.3.00.0.0.255destination192.168.2.00.0.0.255destin
11、ation-porteqftp必须在r-acl-adv-3001下才能执行rulepermitipsourceandestinationany(rulepermitip)inte3/0firewallenable开启防火墙firewallpacket-filter3001inbound必须在端口E3/0下才能执行八、命令的标准访问IP列表(三层交换机):允许A组机器访问服务器内资料,不允许访问B组机器(服务器没有限制)sysvlan10nameservervlan20nameteachervlan30namestudentinte1/0/5portaccessvlan10inte1/0/10p
12、ortaccessvlan20inte1/0/15portaccessvlan30intvlan10ipaddress192.168.10.1255.255.255.0undoshintvlan20ipaddress192.168.20.1255.255.255.0intvlan30ipaddress192.168.30.1255.255.255.0aclnumber2001rule1denysource192.168.30.00.0.0.255rule2permitsourceanydispacl2001查看2001列表inte1/0/10portaccessvlan20packet-fil
13、teroutboundip-group2001rule1出口九、允许A机器访问B机器的FTP但不允许访问WWW,C机器没有任何限制。vlan10vlan20vlan30inte1/0/5portaccessvlan10inte1/0/10portaccessvlan20inte1/0/15portaccessvlan30intvlan10ipaddress192.168.10.1255.255.255.0undoshintvlan20ipaddress192.168.20.1255.255.255.0intvlan30ipaddress192.168.30.1255.255.255.0acln
14、umber3001rule1denytcpsource192.168.30.00.0.0.255destination192.168.10.00.0.0.255destination-porteqwwwinte1/0/15packet-filterinboundip-group3001rule1进口十、NAT地址转换(单一静态一对一地址转换)R1:syssysnameR1inte1/0ipaddress192.168.3.1255.255.255.0inte2/0ipaddress192.1.1.1255.255.255.0R2:syssysnameR2inte2/0ipaddress192.
15、1.1.2255.255.255.0inte1/0ipaddress10.80.1.1255.255.255.0回到R1:natstatic192.168.3.1192.1.1.1inte2/0natoutboundstaticiproute0.0.0.00.0.0.0192.1.1.2十一、NAT内部整网段地址转换R1:syssysnameR1inte1/0ipaddress192.168.3.1255.255.255.0inte2/0ipaddress192.1.1.1255.255.255.0aclnumber2008rule0permitsource192.168.3.00.0.0.2
16、55rule1denyquitinte2/0natoutbound2008quitiproute-static0.0.0.00.0.0.0192.1.1.2preference60下一个路由接口地址R2:syssysnameR2inte2/0ipaddress192.1.1.2255.255.255.0inte1/0ipaddress10.80.1.1255.255.255.0NAT地址池配置:R1:syssysnameR1inte1/0ipaddress192.168.3.1255.255.255.0inte2/0ipaddress192.1.1.1255.255.255.0nataddre
17、ss-group1192.1.1.1192.1.1.5配置地址池undoaddress-group1删除地址池aclnumber2001创建访问列表rulepermitsource192.168.1.00.0.0.255允许192.168.1.0/24网段地址转换(ethernet2/0指路由器wan口):inte2/0natoutbound2001address-group1启用协议iproute0.0.0.00.0.0.0192.1.1.2默认路由R2:syssysnameR2inte1/0ipaddress10.80.1.1255.255.255.0inte2/0ipaddress192
18、.1.1.2255.255.255.01、配置文件相关命令Quidwaydisplaycurrent-configuration显示当前生效的配置Quidwaydisplaysaved-configuration显示flash中配置文件,即下次上电启动时所用的配置文件resetsaved-configuration 檫除旧的配置文件reboot 交换机重启displayversion 显示系统版本信息2、基本配置Quidwaysuperpassword修改特权用户密码Quidwaysysname交换机命名Quidwayinterfaceethernet1/0/1进入接口视图Quidwayint
19、erfacevlan1进入接口视图Quidway-Vlan-interfacexipaddress10.1.1.11255.255.0.0配置VLAN的IP地址Quidwayiproute-static0.0.0.00.0.0.010.1.1.1静态路由网关3、telnet配置Quidwayuser-interfacevty04进入虚拟终端S3026-ui-vty0-4authentication-modepassword设置口令模式S3026-ui-vty0-4setauthentication-modepasswordsimplexmws123设置口令S3026-ui-vty0-4user
20、privilegelevel3用户级别4、端口配置Quidway-Ethernet1/0/1duplexhalf|full|auto配置端口工作状态Quidway-Ethernet1/0/1speed10|100|auto配置端口工作速率Quidway-Ethernet1/0/1flow-control配置端口流控Quidway-Ethernet1/0/1mdiacross|auto|normal配置端口平接扭接Quidway-Ethernet1/0/1portlink-typetrunk|access|hybrid设置端口工作模式Quidway-Ethernet1/0/1undoshutdo
21、wn激活端口Quidway-Ethernet1/0/2quit退出系统视图5、链路聚合配置DeviceAlink-aggregationgroup1modemanual创建手工聚合组1Qw_Ainterfaceethernet1/0/1将以太网端口Ethernet1/0/1加入聚合组1Qw_A-Ethernet1/0/1portlink-aggregationgroup1Qw_A-Ethernet1/0/1interfaceethernet1/0/2将以太网端口Ethernet1/0/1加入聚合组1Qw_A-Ethernet1/0/2portlink-aggregationgroup1Qw_A
22、link-aggregationgroup1service-typetunnel#在手工聚合组的基础上创建unnel业务环回组。Qw_Ainterfaceethernet1/0/1将以太网端口Ethernet1/0/1加入业务环回组。Qw_A-Ethernet1/0/1undostpQw_A-Ethernet1/0/1portlink-aggregationgroup16、端口镜像Quidwaymonitor-port指定镜像端口Quidwayportmirror指定被镜像端口Quidwayportmirrorint_listobserving-portint_typeint_num指定镜像和
23、被镜像7、VLAN配置Quidwayvlan4创建VLANQuidway-vlan4portethernet1/0/1toethernet1/0/4在VLAN中增加端口配置基于access的VLANQuidway-Ethernet1/0/2portaccessvlan4当前端口加入到VLAN注意:缺省情况下,端口的链路类型为Access类型,所有Access端口均属于且只属于VLAN1配置基于trunk的VLANQuidway-Ethernet1/0/24portlink-typetrunk设置当前端口为trunkQuidway-Ethernet1/0/24porttrunkpermitvla
24、nID|All设trunk允许的VLAN注意:所有端口缺省情况下都是允许VLAN1的报文通过的Quidway-Ethernet1/0/2porttrunkpvidvlan34设置trunk端口的PVID配置基于Hybrid端口的VLANQuidway-Ethernet1/0/2portlink-typehybrid配置端口的链路类型为Hybrid类型Quidway-Ethernet1/0/2porthybridvlanvlan-id-listtagged|untagged允许指定的VLAN通过当前Hybrid端口注意:缺省情况下,所有Hybrid端口只允许VLAN1通过Quidway-Ethe
25、rnet1/0/2porthybridpvidvlanvlan-id设置Hybrid端口的缺省VLAN注意:缺省情况下,Hybrid端口的缺省VLAN为VLAN1VLAN描述Quidwaydescriptionstring指定VLAN描述字符Quidwayundodescription删除VLAN描述字符Quidwaydisplayvlanvlan_id查看VLAN设置私有VLAN配置Qw_A-vlanxisolate-user-vlanenable设置主vlanQw_AIsolate-user-vlansecondary 设置主vlan包括的子vlanQuidway-Ethernet1/0/2porthybridpvidvlan设置vlan的pvidQuidway-Ethernet1/0/2porthybridpvid删除vlan的pvidQuidway-Ethernet1/0/2porthybridvlanvlan_id_listuntagged设置无标识的vlan如果包的vlanid与PVId一致,则去掉vlan信息.默认PVID=1。所以设置PVID为所属vlanid,设置可以互通的vlan为untagged.8、STP配置Quidwaystpenable|disab
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1
升级会员 