锐捷交换机VLAN配置

锐捷交换机VLAN配置
新设备建⼀个VLAN
Ruijie>en ⽤户模式
Ruijie#config 特权模式
Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)#hostname shiyan 更改设备⽤户名
shiyan(config)#en secret xtlt 加密密码
shiyan(config)#line vty 0 4 设置虚拟终端的个数
shiyan(config-line)#password xtlt 登陆密码
shiyan(config-line)#vlan 50 设VLAN 50
shiyan(config-vlan)#name ceshi 设名⼦
shiyan(config-vlan)#exit
shiyan(config)#interface fastethernet0/22 进⼊22⼝
shiyan(config-if)#switchport access vlan 50 将22⼝加⼊VLAN 50 shiyan(config)#interface fastethernet0/23 进⼊23⼝
shiyan(config-if)#switchport access vlan 50 将22⼝加⼊VLAN 50 Ruijie(config-if)#no switchport access vlan 将22⼝删除VLAN 50 shiyan(config-if)#interface vlan 50 进⼊VLAN 50端⼝shiyan(config-if)#*Feb 18 08:29:52: %LINEPROTO-5-UPDOWN: Line protocol on Interf
ace VLAN 50, changed state to up
shiyan(config-if)#ip add 192.168.1.1 255.255.255.0 设VLAN 50 IP Ruijie#write 写⼊
设置系统时间
shiyan>en
Password:
shiyan#clock set 12:40:40 2 18 2009 设置系统时间
shiyan#sh clock 显⽰系统时间
Clock: 2009-2-18 12:40:59
shiyan#
系统重启设置
shiyan#reload in 2 test 2分钟后重启
System will reload in 120 seconds.
Ruijie#reload at 13:8 2 18 2009 newyear 在2008 2 18 13：8分重启System will reload in 181 seconds.
Ruijie#reload cancel 取消重启计划
配置信息
Ruijie>en
Ruijie#sh version 查看系统版本信息
System description : Ruijie Gigabit Routing Switch(S3750-24)
ork
System start time : 2009-2-18 13:8:50
System hardware version : 1.50
System software version : RGNOS 10.2.00(3), Release(39231) System boot version : 10.2.34077
System CTRL version : 10.2.38550
System serial number : 1234942570126
Module information:
Device-1
Hardware version : 1.5
Software version : RGNOS 10.2.00(3), Release(39231)
BOOT version : 10.2.34077
CTRL version : 10.2.38550
Serial Number : 1234942570126
Ruijie#sh version devices 当前的设备信息
Device Slots Description
------ ----- ------------
1 1 RG-S3750-24
向VLAN 分配ACCESS⼝
Ruijie(config)#interface fastethernet0/22 进⼊22⼝配置Ruijie(config-if)#switchport mode access 将⼝配成⼆层ACCESS⼝Ruijie(config-if)#switchport access vlan 2 将⼝分配给vlan 2 Ruijie(config-if)#sh interface fastethernet0/22 switchport显⽰壮态
向TRUNK分配⼝
Ruijie(config-if)#switchport mode trunk 将⼝配成⼆层TRUNK⼝Ruijie(config-if)#sh interface fastethernet0/19 switchport 显⽰壮态Ruijie(config-if)#switchport trunk allowed vlan remove 1移出vlan⼝Ruijie#del config.text 除去配置⽂件
Ruijie#reload 重启交换机
启⼆层交换例
Ruijie(config)#vlan 2
Ruijie(config-vlan)#name shiyan1
Ruijie(config-vlan)#exit
Ruijie(config)#vlan 3
Ruijie(config-vlan)#name shiyan2
Ruijie(config-vlan)#interface fastethernet0/6
Ruijie(config-if)#switchport access vlan 2
Ruijie(config-if)#interface fastethernet0/12
Ruijie(config-if)#switchport access vlan 3
Ruijie(config-if)#interface fastethernet0/22
Ruijie(config-if)#switchport trunk allowed vlan remove 1
会聚例
Ruijie(config)#vlan 2
Ruijie(config-vlan)#vlan 3
Ruijie(config-vlan)#interface fastethernet0/6
Ruijie(config-if)#switchport access vlan 2
Ruijie(config-if)#interface fastethernet0/12
Ruijie(config-if)#switchport access vlan 3
Ruijie(config-if)#exit
Ruijie(config)#interface range fastethernet0/21-22
Ruijie(config-if-range)#port-group 1
Ruijie(config-if-range)#*Feb 19 15:46:28: %LINEPROTO-5-UPDOWN: Line protocol on Interface AggregatePort 1, changed state to up
*Feb 19 15:46:30: %LINK-5-CHANGED: Interface FastEthernet 0/21, changed state to administratively down
*Feb 19 15:46:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet 0 /21, changed state to down
*Feb 19 15:46:30: %LINK-5-CHANGED: Interface FastEthernet 0/22, changed state to administratively down
*Feb 19 15:46:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet 0 /22, changed state to down
*Feb 19 15:47:26: %LINEPROTO-5-UPDOWN: Line protocol on Interface AggregatePort 1, changed state to down
*Feb 19 15:47:28: %LINEPROTO-5-UPDOWN: Line protocol on Interface AggregatePort 1, changed state to up
Ruijie(config)#interface aggregateport 1
Ruijie(config-if)#switchport mode trunk
将端⼝成批加⼊到⼀个vlan
Ruijie(config)#interface range fastethernet0/1-10
Ruijie(config-if-range)#*Feb 19
15:47:58: %LINEPROTO-5-UPDOWN: Line protocol on
Interface AggregatePort 1, changed state to down
Ruijie(config-if-range)#switchport access vlan 2
启三层交换例
Ruijie#config
Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config-vlan)#vlan 2
Ruijie(config-vlan)#vlan 3
Ruijie(config-vlan)#vlan 4
Ruijie(config-vlan)#interface fastethernet0/22
Ruijie(config-if)#switchport mode trunk
Ruijie(config-if)#interface fastethernet0/24
Ruijie(config-if)#switchport mode trunk
Ruijie(config-vlan)#interface vlan 3
Ruijie(config-if)#ip add 192.168.3.10 255.255.255.0e vlan 4
Ruijie(config-if)#interfac
Ruijie(config-if)#ip add 192.168.4.10 255.255.255.0
Ruijie(config-if)#interface vlan 2
Ruijie(config-if)#ip add 192.168.2.10 255.255.255.0
Ruijie(config-if)#interface vlan 1
Ruijie(config-if)#ip add 192.168.1.10 255.255.255.0
复合⼝hybrid
Ruijie(config)vlan 2
Ruijie(config)vlan 3
Ruijie(config)interface fastethernet0/1
Ruijie(config-if)swichport access vlan 3
Ruijie(config)interface fastethernet0/2
Ruijie(config-if)swichport access vlan 2
Ruijie(config-if)#inter fasteth0/23
Ruijie(config-if)#swichport mode hybrid
Ruijie(config-if)#switchport hybrid all vlan tag 1,2
Ruijie(config-if)#switchport hybrid all vlan untagged 3,4
路由的设置
交换机1
Ruijie(config-if)#vlan 2
Ruijie(config-if)#vlan 100
Ruijie(config)#ip rout 192.168.2.0 255.255.255.0 192.168.1.10
Ruijie(config-vlan)#ip add 192.168.100.10 255.255.255.0 Ruijie(config-if)#switchport access vlan 2 Ruijie(config-if)#switchport access vlan 100
Ruijie(config-vlan)#ip add 192.168.3.10 255.255.255.0
Ruijie(config-vlan)#ip add 192.168.100 .11 255.255.255.0
Ruijie(config-if)#switchport access vlan 2
Ruijie(config-if)#switchport access vlan 100
分别给两个交换机添加路由表
Ruijie(config)#ip route 192.168.3.0 255.255.255.0 192.168.100.10
Ruijie(config)# ip route 192.168.2.0 255.255.255.0 192.168.100.11
或者
Ruijie(config)# ip route 0.0.0.0 0.0.0.0 192.168.100.10
Ruijie(config)# ip route 0.0.0.0 0.0.0.0 192.168.100.11
端⼝的介质设置
Ruijie(config-if)#medium-type fiber 将端⼝设为光⼝
Ruijie(config-if)#medium-type copper 将端⼝设为电⼝
接⼝速度/双⼯配置
Switch(config-if)#speed {10 | 100 | 1000 | auto } 设置接⼝的速率参数Switch(config-if)#duplex {auto | full | half} 设置接⼝的双⼯模式
端⼝安全
Switch (config)#interface range f 0/1
Switch(config-if)# switchport port-security //开启端⼝安全
Switch(config-if)# switchport port-security //关闭端⼝安全
Switch(config-if)# switchport port-security maximum 8 //设置端⼝能包含的最⼤安全地址数为8
Switch(config-if)# switchport port-security violation protect //设置处理违例的⽅式为protect
Switch(config-if)#switchport port-security mac-address 00d0.f800.073c ip-address 192.168.1.1
在接⼝fastethernet0/1配置⼀个安全地址00d0.f800.073c，并为其绑定⼀个IP地址：192.168.1.1
Switch(config-if)#no switchport port-security mac-address 00d0.f800.073c ip-address 192.168.1.1 删除接⼝上配置的安全地址
protect：保护端⼝，当安全地址个数满后，安全端⼝将丢弃未知名地址(不是该端⼝的安全地址。

restrict：当违例产⽣时，将发送⼀个Trap通知。

shutdown：当违例产⽣时，将关闭端⼝并发送⼀个Trap通知
Switch# show port-security interface fastethernet 0/3 //查看接⼝f0/3的端⼝安全配置信息。

Switch# show port-security address //查看安全地址信息
访问列表的应⽤
Ruijie>en
Ruijie(config-vlan)#vlan 100
Ruijie(config-vlan)#interface fastethernet0/1
Ruijie(config-if)#switchport access vlan 3
Ruijie(config-if)#interface fastethernet0/24
Ruijie(config-if)#switchport access vlan 4
Ruijie(config-if)#interface fasteth0/18
Ruijie(config-if)#switchport access vlan 100
Ruijie(config-if)#exit
Ruijie(config)#interface vlan 3
Ruijie(config)#interface vlan 3
Ruijie(config-if)#*Mar 3 15:37:09: %LINEPROTO-5-UPDOWN: Line protocol on Interf
ace VLAN 3, changed state to up
Ruijie(config-if)#ip add 192.168.3.10 255.255.255.0
Ruijie(config-if)#interface vlan 4
Ruijie(config-if)#*Mar 3 15:37:51: %LINEPROTO-5-UPDOWN: Line protocol on Interf
ace VLAN 4, changed state to up
Ruijie(config-if)#ip add 192.168.4.10 255.255.255.0
Ruijie(config-if)#interface vlan 100
Ruijie(config-if)#*Mar 3 15:38:42: %LINEPROTO-5-UPDOWN: Line protocol on Interf
ace VLAN 100, changed state to up
Ruijie(config-if)#ip add 192.168.1.12 255.255.255.0
Ruijie(config-if)#exit
Ruijie(config)#ip rout 192.168.2.0 255.255.255.0 192.168.1.10
Ruijie(config)#ip access-list extended test 创建访问列表
Ruijie(config-ext-nacl)#permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
Ruijie(config-ext-nacl)#permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
Ruijie(config-ext-nacl)#deny ip any any
Ruijie(config-ext-nacl)#inter vlan 100
Ruijie(config-if)#ip access-group text in
或
Ruijie(config)#access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 Ruijie(config)#access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 Ruijie(config)#access-list 101 deny ip any any
Ruijie(config-if)#no ip access-group test in 删除创建的列表
的两步
Ruijie(config)#no ip access-list ex test 删除创建的列表
限制端⼝的速度
Ruijie(config)interface fastethernet0/9
Ruijie(config-if)#rate-limit output 512 512
2026交换机内
sh interface static 显⽰端⼝状态
sh mac-address interface fast0/?? 显⽰端⼝获取的MAC 地址
sh mac dy 查看每个端⼝的MAC 地址，不⽤上联⼝内的MAC地址
在S7604中⽤sh arp 查看MAC地址对应的IP
inter fast0/??
switchport port-security //s3750
启⽤端⼝安全
switchport port-security maxmum ??
设置端⼝上联最⼤地址数
switchport port-security violation protect //s3750
保护端⼝，当上联地址数满或不同时丢弃
switchport port-security mac-address h.h.h.h //s3750 ip a.b.c.d
设置端⼝连接的电脑MAC地址
exit
arp 192.168.?.? h.h.h.h ⽤ARP绑定MAC和IP地址
在3750交换机内创建不同的ACCESS-LIST
ip access-list extended 103
10 permit ip host 192.168.6.13 any 充许通过的IP地址
20 permit ip host 192.168.6.30 any
30 permit ip host 192.168.6.12 any
40 permit ip host 192.168.10.247 any 交换机管理VLAN的地址
50 deny ip any any 除了以上充许的IP外其它任意IP不能访问
增加时进⼊访问列表中，先⽤no deny ip any any 然后再增加IP地址，增加完后再把deny ip any any 加到列表最后interface FastEthernet 0/3
switchport mode trunk
switchport trunk allowed vlan remove 5
ip access-group 103 in 在级联端⼝应⽤访问列表。