华为交换机配置 &nbs
华为5752有效密码 Admin@huawei.com如果不行,可选择尝试huawei huawei.com www.huawei.com
a.交换机设置一个名称
<quidway>sys
sysname JSHQ-02c14-ChaoWei-1.31
b.交换机设置 Dns
dns server 114.114.114.114
c.交换机设置管理 IP
undo interface Vlanif 1
<删除vlan1>
vlan 1152
创建vlan1152
interface Vlanif 1152
ip address 10.196.1.31 255.255.128.0
配置管理IP
d.交换机设置静态路由
ip route-static 0.0.0.0 0.0.0.0 10.196.0.1
e.交换机设置 snmp管理
snmp /启用 snmp/
snmp-agent community read 1qazwsxdcv /设置只读字团 /
snmp-agent sys-info contact AnchNet.Inc
snmp-agent sys-info location Shanghai
snmp-agent sys-info version all/支持所有版本 /
f.交换机设置 telnet登陆
步骤一 创建公钥
rsa local-key-pair create
The key name will be: Huawei_Host
The range of public key> NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus:1024
Generating keys...
............................++++++
...++++++
..++++++++
......++++++++
步骤二、配置VTY用户界面
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
quit
步骤三、创建SSH用户,并配置用户的认证方式为password
ssh user anchnet authentication-type password
步骤四、配置SSH用户的用户名和密码
aaa
local-user anchnet password cipher c15terminal
Info: Add a new user.
local-user anchnet privilege level 15
local-user anchnet service-type ssh
quitq
步骤五、使能STelent功能,并配置用户的服务类型为STelnet
stelnet server enable
Info: Succeeded in starting the Stelnet server.
ssh user anchnet service-type stelnet
g.配置Eth-Trunk
#
interface Eth-Trunk1
description Shanglian_Public_BSC02_G3/0/22_3/0/23
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 88
#
interface Eth-Trunk2
description Shanglian_Private_BSC02_G2/0/22_2/0/23
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 1152 2000 to 3000 4000
#
interface Eth-Trunk3
description To_C14_ChaoMi_10.196.1.31_G0/0/51_G0/0/52
port link-type trunk
port trunk allow-pass vlan 1151 to 1152 3000 4000
#
h.配置端口
#
interface GigabitEthernet0/0/47
description Shanglian_Public_G3/0/22
eth-trunk 1
#
interface GigabitEthernet0/0/48
description Shanglian_Public_G3/0/23
eth-trunk 1
#
interface GigabitEthernet0/0/49
description To_C14_ChaoMi_10.196.1.31_G0/0/51_G0/0/52
eth-trunk 3
#
interface GigabitEthernet0/0/50
description To_C14_ChaoMi_10.196.1.31_G0/0/51_G0/0/52
eth-trunk 3
#
interface GigabitEthernet0/0/51
description Shanglian_Private_G2/0/22
eth-trunk 2
#
interface GigabitEthernet0/0/52
description Shanglian_Private_G2/0/23
eth-trunk 2
#
根生成树保护
#
stp region-configuration
region-name anchnet
instance 1 vlan 80 to 1000
instance 2 vlan 2000 to 4000
active region-configuration
stp root-protection
stp edged-port enable
arp anti-attack check user-bind enable
ip source check user-bind enable
K. NTP服务的配置
设置时区
<S8505>clock timezone cst add 8
设置时间服务器地址
ntp-service unicast-server 10.1.100.88
查看时间ntp状态
<S8505>dis clock
查看ntp服务会话
<S8505>dis ntp-service sessions
L、ACL配置(基于tracffic policy)
一、端口下只不允许192.168.0.0通过
acl number 3000
rule deny ip source 192.168.0.00.0.0.255
acl number 3001
rule permit ip
--------------------------------------------------------------
二、定义拒绝的访问的 acl 流分类,关联acl3000
traffic> if-match acl 3000
三、定义拒绝的访问的 acl 流行为,动作为deny
traffic behavior deny_ip
deny
----------------------------------------------------------------
四、定义允许 访问的 acl 流分类,关联acl3001
traffic> if-match acl 3001
五、定义允许的访问的 acl 流行为,动作为permit:
traffic behavior permit_ip
permit
---------------------------------------------------------
六、定义策略,管理流分类跟流行为:
traffic policy acl_ip
classifier permit_ip behavior pemit_ip
classifier deny_ip behavior deny_ip 允许访问的放在前面,deny 的放在后面
七、在端口下发策略:
int Ethernet 0/0/1
traffic-policy acl_ip inbound
traffic-policy acl_ip outbound
ACL配置(基于tracffic-filter)
一、定义acl策略
acl number 2000
rule deny source 192.168.1.0 0.0.0.255
acl number 3000
rule deny tcp source 192.168.1.0 0.0.0.255destination 23.1.1.0 0.0.0.255 description-port wq www
二、端口策略的应用
interface GigabitEthernet 0/0/1
traffic-filter inbound acl 2000
traffic-filter inbound acl 3000
M、端口限速策略配置()
traffic> if-match any
quit
traffic behavior 20M
car cir 20480 cbs 65544444 pbs 65544444
quit
traffic policy 20M
classifier 20M behavior 20M
N、SNMP配置
snmp-agent /使能snmp服务/
snmp-agent local-engineid 000007DB7F000001000049DD /系统自动生成,无需配置/
snmp-agent community read public /设置读团体名:public/
snmp-agent community write private /设置写团体名:private/
snmp-agent sys-info contact Mr.Wang-Tel:3306 /设置联系方式/
snmp-agent sys-info location 3rd-floor /设置设备位置/
snmp-agent sys-info version v1 v3 /配置snmp版本允许V1(默认只允许v3)/
snmp-agent target-host trap address udp-domain 129.102.149.23 udp-port 5000 par ams securityname public/允许向网管工作站(NMS)129.102.149.23发送Trap报文,使用的团体名为public/
页:
[1]