接入层交换机配置脚本
综合数据网小区接入各型交换机配置模板
综合数据网小区接入各型交换机配置模板第一部分、小区汇聚交换机(以华为S35236为例)<Quidway>sys (进入配置模式) [Quidway]sysname mijiaqiao-huiju (配置交换机系统名----- 根据小区名称命名)[mijiaqiao-huiju]super password level 3 si s3526 (配置超级密码)[mijiaqiao-huiju]acl name deny-blaster advanced match-order auto(配置防病毒ACL访问控制) rule 0 deny udp destination-port eq tftprule 1 deny tcp destination-port eq 135rule 2 deny udp destination-port eq 135rule 3 deny udp destination-port eq netbios-nsrule 4 deny udp destination-port eq netbios-dgmrule 5 deny tcp destination-port eq 139rule 6 deny udp destination-port eq netbios-ssnrule 7 deny tcp destination-port eq 445rule 8 deny udp destination-port eq 445rule 9 deny tcp destination-port eq 593rule 10 deny tcp destination-port eq 1080rule 11 deny tcp destination-port eq 1068rule 12 deny tcp destination-port eq 1092rule 13 deny tcp destination-port eq 2299rule 14 deny tcp destination-port eq 3127rule 15 deny udp destination-port eq 3127rule 16 deny tcp destination-port eq 3128rule 17 deny udp destination-port eq 3128rule 18 deny tcp destination-port eq 3332rule 19 deny tcp destination-port eq 4444rule 20 deny tcp destination-port eq 4899rule 21 deny udp destination-port eq 4899rule 22 deny tcp destination-port eq 5554rule 23 deny udp destination-port eq 5554rule 24 deny tcp destination-port eq 9996rule 25 deny tcp destination-port eq 10168rule 26 permit ip[mijiaqiao-huiju]packet-filter ip-group deny-blaster (将ACL在全局启用)[mijiaqiao-huiju]vlan 1270 (若交换机下联不可网管的交换机)[mijiaqiao-huiju-vlan1270] port e0/10 (该端口下联不可网管交换机,单独配置使其只属于vlan1270)[mijiaqiao-huiju]vlan 4000(属于管理vlan,一个三层下的所有二层设备都应只属于该管理vlan ,且各个三层设备的管理vlan应不同) [mijiaqiao-huiju-vlan 4000]int vlan 4000[mijiaqiao-huiju-Vlan-interface4000]ip add X.X.X.X 255.255.X.X(配置管理地址,且该地址应统一由分公司规划,每台设备的管理地址不能重复)[mijiaqiao-huiju-Ethernet0/1]des upto-SGS-s8016-e10/0/1(该端口是上联省公司s8016的e10/0/1,应对端口进行相应的描述)[mijiaqiao-huiju-Ethernet0/1]port link trunk (将上连口的工作模式设置成trunk模式)[mijiaqiao-huiju-Ethernet0/1]port trunk per vlan 1260 to 1299 4000(透传vlan个数为下联所有交换机包涵的所有用户vlan 和管理vlan,该汇聚交换机透传了vlan 1260到vlan 1299以及管理vlan 4000)[mijiaqiao-huiju-Ethernet0/1]b 20 (配置广播风暴抑制,只在上联/下联端口进行配置) [mijiaqiao-huiju]int e0/X (该端口下联华为交换机,X为交换机下联端口号)[mijiaqiao-huiju-Ethernet0/X]des downto-XXX-X#(该端口下联XXX小区的X楼,比如米家桥小区1号楼:downto-mijiaqiao-1#) [mijiaqiao-huiju-Ethernet0/X]port link trunk[mijiaqiao-huiju-Ethernet0/X]port trunk per vlan X to X 4000 (透传vlan个数为下联所有楼道交换机包涵的所有用户vlan 和管理vlan,X为透传的vlan ID)[mijiaqiao-huiju-Ethernet0/X]b 20 (配置广播风暴抑制,只在上联/下联端口进行配置)[mijiaqiao-huiju]ip route 0.0.0.0 0.0.0.0 X.X.X.1(配置静态路由,在此配置的地址与前面管理地址的相似,如管理地址是10.20.252.10,配置的静态路由地址为10.20.252.1)[mijiaqiao-huiju]snmp-agent (配置snmp网管协议) [mijiaqiao-huiju]snmp-agent local-engineid 800007DB00E0FC16F6236877[mijiaqiao-huiju]snmp-agent community read public[mijiaqiao-huiju]snmp-agent community write private[mijiaqiao-huiju]snmp-agent sys-info location BeiJing China[mijiaqiao-huiju]snmp-agent sys-info version v2c[mijiaqiao-huiju]snmp-agent target-host trap address udp-domain 172.29.191.10 params securityname public[mijiaqiao-huiju]snmp-agent trap enable standard[mijiaqiao-huiju]snmp-agent trap enable vrrp[mijiaqiao-huiju]snmp-agent trap enable bgp[mijiaqiao-huiju]snmp-agent trap source Vlan-interface4000 (与该三层交换机的管理vlan一致)[mijiaqiao-huiju]user-int vty 0 4 (配置远程登录,所有三层设备密码一样)[mijiaqiao-huiju-ui-vty0-4]set auth pa si s3526<mijiaqiao-huiju>sa (保存配置文件)y第二部分、小区楼道交换机(以华为S2016为例)1、直接接用户的楼道交换机<Quidway>sys(进入配置模式)[Quidway]sysname mijiaqiao-1#(配置交换机系统名----- 根据小区名称命名,比如米家桥小区1号楼)[mijiaqiao-1#]super password level 3 si s2403 (配置超级密码)[mijiaqiao-1#]vlan 1260(配置用户vlan,应统一由分公司规划,且不能重复使用)[mijiaqiao-1#-vlan1260]port e0/2 to e0/9[mijiaqiao-1#]vlan 1261[mijiaqiao-1#-vlan1261]port e0/10 to e0/16[mijiaqiao-1#]vlan 4000(属于管理vlan,一个三层下的所有二层设备都应只属于该管理vlan ,且各个三层设备的管理vlan应不同)[mijiaqiao-1#-vlan 4000]int vlan 4000[mijiaqiao-1#-Vlan-interface4000]ip add X.X.X.X 255.255.X.X(置管理地址,且该地址应统一由分公司规划,每台设备的管理地址不能重复) [mijiaqiao-1#]int e0/X(该端口上联汇聚交换机,如s3526)[mijiaqiao-1#-Ethernet0/X]des upto-s3526-e0/2(该端口是上联汇聚交换机的e0/2,应对端口进行相应的描述)[mijiaqiao-1#-Ethernet0/X]port link-type trunk (将上连口的工作模式设置成trunk模式)[mijiaqiao-1#-Ethernet0/X]port trunk permit vlan 1260 to 1261 4000(透传vlan个数为该交换机包涵的所有用户vlan 和管理vlan)[mijiaqiao-1#-Ethernet0/X]b 20 (配置广播风暴抑制,只在上联/下联端口进行配置) [mijiaqiao-1#]ip route 0.0.0.0 0.0.0.0 X.X.X.1(配置静态路由,在此配置的地址与前面管理地址的相似,如管理地址是10.20.252.10,配置的静态路由地址为10.20.252.1)[mijiaqiao-1#]snmp-agent local-engineid 800007DB00E0FC2D6F586877[mijiaqiao-1#]snmp-agent community read public[mijiaqiao-1#]snmp-agent community write private[mijiaqiao-1#]snmp-agent sys-info contact HuaWei BeiJing China[mijiaqiao-1#]snmp-agent sys-info location BeiJing China[mijiaqiao-1#]snmp-agent sys-info version v2c[mijiaqiao-1#]snmp-agent target-host trap address udp-domain 172.29.191.10 params securityname public[mijiaqiao-1#]snmp-agent trap enable standard[mijiaqiao-1#]user-int vty 0 4 (配置远程登录,所有二层设备密码一样)[mijiaqiao-1#-ui-vty0-4] set auth pass si s2403<mijiaqiao-1#>sa (保存配置文件)y2、既接用户又下联交换机的楼道交换机(以华为S2016为例)<Quidway>sys (进入配置模式) [Quidway]sysname mijiaqiao-1# (配置交换机系统名----- 根据小区名称命名,比如米家桥小区1号楼)[mijiaqiao-1#]super password level 3 si s2403 (配置超级密码)[mijiaqiao-1#]vlan 1260(配置用户vlan,应统一由分公司规划,且不能重复使用,1260到1261是本机的用户vlan,1262是下联交换机的用户vlan)[mijiaqiao-1#-vlan1260]port e0/3 to e0/10[mijiaqiao-1#]vlan 1261[mijiaqiao-1#-vlan1261]port e0/11 to e0/16[mijiaqiao-1#]vlan 4000(属于管理vlan,一个三层下的所有二层设备都应只属于该管理vlan ,且各个三层设备的管理vlan应不同)[mijiaqiao-1#-vlan 4000]int vlan 4000[mijiaqiao-1#-Vlan-interface4000]ip add X.X.X.X 255.255.X.X(配置管理地址,且该地址应统一由分公司规划,每台设备的管理地址不能重复) [mijiaqiao-1#]int e0/X (该端口上联汇聚交换机,如s3526)[mijiaqiao-1#-Ethernet0/X]des upto-s3526-e0/1(该端口是上联汇聚交换机的e0/1,应对端口进行相应的描述)[mijiaqiao-1#-Ethernet0/X]port link-type trunk (将上连口的工作模式设置成trunk模式)[mijiaqiao-1#-Ethernet0/X]port trunk permit vlan 1260 to 1262 4000(透传vlan个数为该交换机包涵的所有用户vlan 和管理vlan)[mijiaqiao-1#-Ethernet0/X]b 20 (配置广播风暴抑制,只在上联/下联端口进行配置) [mijiaqiao-1#]int e0/2 (该端口下联华为s2008交换机)[mijiaqiao-1#-Ethernet0/2]des downto-XXX-X#(该端口下联XXX小区的X楼,比如米家桥小区2号楼:downto-mijiaqiao-2#) [mijiaqiao-1#-Ethernet0/2]port link trunk (将上连口的工作模式设置成trunk模式)(透传vlan个数为下联交换机包涵的所有用户vlan 和管理vlan)[mijiaqiao-1#-Ethernet0/1]b 20 (配置广播风暴抑制,只在上联/联端口进行配置) [mijiaqiao-1#]ip route 0.0.0.0 0.0.0.0 X.X.X.1(配置静态路由,在此配置的地址与前面管理地址的相似,如管理地址是10.20.252.10,配置的静态路由地址为10.20.252.1)[mijiaqiao-1#]snmp-agent (配置snmp网管协议) [mijiaqiao-1#]snmp-agent local-engineid 800007DB00E0FC2D6F586877[mijiaqiao-1#]snmp-agent community read public[mijiaqiao-1#]snmp-agent community write private[mijiaqiao-1#]snmp-agent sys-info contact HuaWei BeiJing China[mijiaqiao-1#]snmp-agent sys-info location BeiJing China[mijiaqiao-1#]snmp-agent sys-info version v2c[mijiaqiao-1#]snmp-agent target-host trap address udp-domain 172.29.191.10 params securityname public[mijiaqiao-1#]snmp-agent trap enable standard[mijiaqiao-1#]user-int vty 0 4 (配置远程登录,所有二层设备密码一样)[mijiaqiao-1#-ui-vty0-4] set auth pass si s2403<mijiaqiao-1#>sa (保存配置文件)y3、格林耐特(16口)TiNet>enableTiNet#config t (进入配置模式)TiNet(config)# host mijiaqiao-1#(配置交换机系统名----- 根据小区名称命名,比如米家桥小区1号楼)TiNet(config)#ipadd X.X.X.X 255.255.X.X X.X.X.X(配置管理地址,且该地址应统一由分公司规划,每台设备的管理地址不能重复,蓝色的部分为网关,配置与华为交换机类似)TiNet(config)#vlan 4000 (属于管理vlan,一个三层下的所有二层设备都应只属于该管理vlan ,且各个三层设备的管理vlan应不同)TiNet(config-if-vlan-4000)#sw int e 0/1 (将端口与管理vlan 绑定)exTiNet(config)#ip vlan 4000 (将ip与管理vlan 绑定)exTiNet(config)#vlan 1260 (配置用户vlan,应统一由分公司规划,且不能重复使用) TiNet(config-if-vlan-1260)#sw int e 0/1 to e 0/8exTiNet(config)#int e 0/2sw acc vlan 1260exTiNet(config)#int e 0/3sw acc vlan 1260TiNet(config)#int e 0/4 sw acc vlan 1260exTiNet(config)#int e 0/5 sw acc vlan 1260exTiNet(config)#int e 0/6 sw acc vlan 1260exTiNet(config)#int e 0/7 sw acc vlan 1260exTiNet(config)#int e 0/8 sw acc vlan 1260exTiNet(config)#vlan 1261 sw int e 0/1 e 0/9 to e 0/16 exTiNet(config)#int e 0/9 sw acc vlan 1261exTiNet(config)#int e 0/10 sw acc vlan 1261exTiNet(config)#int e 0/11 sw acc vlan 1261exTiNet(config)#int e 0/12 sw acc vlan 1261TiNet(config)#int e 0/13sw acc vlan 1261exTiNet(config)#int e 0/14sw acc vlan 1261exTiNet(config)#int e 0/15sw acc vlan 1261exTiNet(config)#int e 0/16sw acc vlan 1261exTiNet(config)#int e 0/1 (该端口上联汇聚交换机,如s3526)sw mode trunk (将上连口的工作模式设置成trunk模式)exTiNet(config)#snmp community public ro permit (配置snmp网管协议)TiNet(config)#snmp host 10.199.255.254 version 2c snmpexTiNet(config)#sa (copy run st ) (保存配置文件)y重要说明:1、上述配置中标为红体字的交换机的管理vlan、管理的ip地址、用户vlan都是有变化的,主要由分公司统一规划。
CRT脚本
CRT脚本1.登录脚本 (1)例: (1)2.自动巡检多个设备,会在crt下开启多个窗口,方便观察每台设备状态 (2)3.批量配置统一模板的接入层交换机 (3)1.登录脚本这个脚本方便用于交换机路由器登陆过程,可自行识别输入,例如若交换机登陆过程中不要求输入用户名,则免去该步骤例:#$language = "VBScript"#$interface = "1.0"crt.Screen.Synchronous = True' This automatically generated script may need to be' edited in order to work correctly.Sub Maincrt.Screen.Send ""&chr(13)if(crt.Screen.WaitForStrings("sername:",2)<>false)Thencrt.Screen.Send "用户名" &chr(13)elsecrt.Screen.Send ""&chr(13)End ifIf(crt.Screen.WaitForStrings("Password:",2)<>false)Thencrt.Screen.Send"密码"&chr(13)elsecrt.Screen.Send "" &chr(13)end ifIf (crt.Screen.WaitForString (">",2)<>false) Thencrt.Screen.Send "en" &chr(13)crt.Screen.WaitForString "Password:"crt.Screen.Send "enable密码" &chr(13)Elsecrt.Screen.Send ""&chr(13)End IfEnd sub2.自动巡检多个设备,会在crt下开启多个窗口,方便观察每台设备状态例:#$language = "VBScript"#$interface = "1.0"crt.Screen.Synchronous = TrueSub MainSet objCurrentTab1 = crt.GetTab(1)objCurrentTab1.session.disConnectobjCurrentTab1.ActivateobjCurrentTab1.session.Connect("/telnet 设备地址")if(objCurrentTab1.Screen.WaitForStrings("Username:", 2)<>Faluse)ThenobjCurrentTab1.Screen.Send "用户名" &chr(13)elseobjCurrentTab1.Screen.Send " " &chr(13)End ifIf(objCurrentTab1.Screen.WaitForStrings("Password:",2)<>Faluse)ThenobjCurrentTab1.Screen.Send"密码"&chr(13)elseobjCurrentTab1.Screen.Send " " &chr(13)end ifIf (objCurrentTab1.Screen.WaitForString (">",3)<>Faluse) ThenobjCurrentTab1.Screen.Send "en" &chr(13)objCurrentTab1.Screen.WaitForString "Password: ",2objCurrentTab1.Screen.Send "enable密码" &chr(13)ElseobjCurrentTab1.Screen.Send " " &chr(13)End IfobjCurrentTab1.Screen.Send "巡检指令" &chr(13)Set newtab = objCurrentTab1.Clone()Set objCurrentTab2 = crt.GetTab(2)objCurrentTab2.session.disConnectobjCurrentTab2.ActivateobjCurrentTab2.session.Connect("/telnet 设备地址")if(objCurrentTab2.Screen.WaitForStrings("Username:", 2)<>Faluse)ThenobjCurrentTab2.Screen.Send "用户名" &chr(13)elseobjCurrentTab2.Screen.Send " " &chr(13)End ifIf(objCurrentTab2.Screen.WaitForStrings("Password:",2)<>Faluse)ThenobjCurrentTab2.Screen.Send"密码"&chr(13)elseobjCurrentTab2.Screen.Send " " &chr(13)end ifIf (objCurrentTab2.Screen.WaitForString (">",3)<>Faluse) ThenobjCurrentTab2.Screen.Send "en" &chr(13)objCurrentTab2.Screen.WaitForString "Password: ",2objCurrentTab2.Screen.Send "enable" &chr(13)ElseobjCurrentTab2.Screen.Send " " &chr(13)End IfobjCurrentTab2.Screen.Send "巡检指令" &chr(13)end sub3.批量配置统一模板的接入层交换机一般大型企业架构新网络时需要着大量的接入层交换机,而配置大批统一样式的接入层交换机是件无聊且繁琐的工作,因此提供一个简易的配置脚本希望能够给大家带来方便。
华为交换机配置模版脚本
华为交换机配置模版脚本总体模版sysuser-interface vty 0 4authentication-mode passwordset authentication password cipher sdsy/sdsy user privilege level 15quiuser-interface conso 0authentication-mode passwordset authentication password cipher sdsy/sdsy quiip route-static 0.0.0.0 0.0.0.0 10.1.1.3vlan 39quiint vlan 1quiundo int vlan 1vlan 255int vlan 255ip add 10.1.1.202 24int g0/0/8port link-type trunkport trunk allow-pass vlan allquiint range g0/0/1 to g0/0/7port link-typ accessport defaul vlan 39stp edged-port enableloopback-detection enableexiterrdisable recovery cause loopback-detetion errdisable recovery interval 60dhcp-snooping enableint range g0/0/8dhcp-snooping trustdhcp enable3A认证Aaalocal-user meng password cipher meng privilege level 15User-interface vty 0 4Authentication mode aaa端口聚合创建聚合组命令如下:[S9303]interface Eth-Trunk1 //聚合组名称为ETH-Trunk1[S9303-Eth-Trunk1]description To-S9303-2 //描述[S9303-Eth-Trunk1]undo port hybrid vlan 1 //去掉VLAN1的透传[S9303-Eth-Trunk1]port hybrid tagged vlan 100 to 200 //VLAN透传3进入端口,将端口加入聚合组,命令如下:[S9303]interface GigabitEthernet1/1/16 //进入G1/1/16端口[S9303-GigabitEthernet1/1/16]description To-S7810-G7/0/31 //端口描述[S9303-GigabitEthernet1/1/16]eth-trunk 1 //加入聚合组1[S9303]interface GigabitEthernet1/1/17 //进入G1/1/17端口[S9303-GigabitEthernet1/1/17]description To-S7810-G7/0/30 //端口描述[S9303-GigabitEthernet1/1/17]eth-trunk 1 //加入聚合组1dhcp enable#dhcp snooping enableuser-bind static ip-address 192.168.1.200 ---保留手动分配的地址,不加保留的手动分配的地址没法使用user-bind static ip-address 192.168.1.201 mac-address 4c1f-cc58-379e --保留手动分配的地址和MAC地址捆绑#interface Vlanif1000ip address 192.168.1.1 255.255.255.0dhcp select interfacedhcp server excluded-ip-address 192.168.1.200 192.168.1.254 ---保留手动分配的地址段expired day 0 hour 5dhcp server forbidden-ip 192.168.2.201 192.168.2.253display dhcp client#interface GigabitEthernet0/0/1port link-type accessport default vlan 1000ip source check user-bind enableip source check user-bind check-item ip-address mac-addressdhcp snooping enabledhcp snooping check user-bind enableexpired day 0 hour 5dhcp server forbidden-ip 192.168.2.201 192.168.2.253display dhcp client镜像命令:Mirroring-group 2 local 创建组Int g0/0/1Mirroring-group 2 mirroring-port both 设置被监控对象Int g0/0/2Mirroring-group 2 monitor-port Sniffer口备份和恢复Tftp 1.1.1.1 put vrpcfg.cfg 22-hw-22.cfg下载Tftp 2.2.2.2 get 23-hw22.cfg vrpcfg.vfgPrivilege levlesysname HuaWei_testsuper password level 1 cipher 456123DHCPIP-MAC绑定#############################dhcp snooping bind-table static ip-address 192.168.6.254 mac-address 0000-1111-1234 interface Ethernet 0/0/2 (1)将IP192.168.1.100 mac 0001-0002-0003 固定到接口上interface GigabitEthernet 0/0/1 user-bind static ip-address 192.168.1.100 mac-address 0001-0002-0003 interface GigabitEthernet 0/0/1 vlan 10(2)接口上启用:ip source check user-bind enable即可:具体配置过程如下:Ip+mac+端口绑定sysEnter system view, return user view with Ctrl+Z.[Huawei][Huawei]vlan 10 //在设备上创建vlan 10[Huawei-vlan10]quit[Huawei]inter gi0/0/1 //进入接口视图[Huawei-GigabitEthernet0/0/1]port link-type access //指定接口为access类型:可直接接电脑或是服务器的那种类型[Huawei-GigabitEthernet0/0/1]port default vlan 10 // 将接口划入vlan 10;[Huawei-GigabitEthernet0/0/1]quit[Huawei]user-bind static ip-address 192.168.1.100 mac-address 0001-0002-0003 interface GigabitEthernet 0/0/1 vlan 10 //在全局模式下,将IP地址(192.168.1.100),MAC地址(0001-0002-0003),具体接口(GigabitEthernet 0/0/1),//和接口所属vlan(10),绑定到一起。
接入层交换机配置
user-interface
aux vty
配置用户终端接口
辅助用户终端接口 (0-7终端接口) 虚拟用户终端接口 (0-4终端接口)
authentication-mode 配置用户终端接口的认证方式
none 无需认证直接登录 password 利用用户终端接口的口令认证 scheme 利用RADIUS方案进行认证 既是说既要用户名又要密码
interface GigabitEthernet 1/1 进入千兆以太网口视图
mac-address 配置MAC地址 mac-address static 0000-1111-2222 interface Ethernet 0/1 vlan 101 绑定端口的MAC地址
Ip route-static 配置静态路由 ip route-static 0.0.0.0 0.0.0.0 10.35.252.2 preference 60 ( preference 配置路由的优先级)
undo description quit
取消当前设置 描述信息(做备注) 退出当前的命令视图
interface Ethernet 0/1 进入以太网口视图 port access vlan 101 设置以太网口vlan port link-type trunk 指定端口为trunk模式 port trunk permit vlan 1 104 制定当前trunk端口允许通过的vlan duplex 双工状态 speed 设置接口速率 shutdown 禁止接口
接入层交换机配置
厂内常用二层交换机
• 常用牌子:华为(Quidway) H3C D-LINK TP-LINK HUB • 华为:S2016 S3026 • H3C:LS-3100-26C-SI S3050 LS-3600-52P-SI
接入交换机配置操作步骤
接入交换机配置操作步骤接入交换机做配置操作步骤一、登录到各楼层交换机上面做配置操作二、输入设备的密码:cisco三、开始配置操作一、启用AAA认证configure terminalaaa new-modelaaa authentication dot1x default group radius localaaa authorization network default group radius localusername cisco password cisco // 创建用户名和密码为本地认证,当radius 不生效时起作用二、在接口下面启用端口安全interface gig1/0/1 //进入到相应的接口下面switchport port-securityswitchport port-security mac-address 1111.1111.1111switchport maximum 1switchport mode accessswitchport access vlan 3authentication control-direction inauthentication port-control autodot1x pae authenticator三、指定radius服务器的地址以及端口号radius-server host 192.168.0.9 auth-port 1812 acct-port 1813 key 7 13061E010803四、全局绑定IP+MAC+端口号ip source binding 001A.6B66.2AB0 vlan 3 192.168.3.108interface Gi2/9五、现有交换机情况分配现有楼层交换机有12台地址分别是:192.168.0.3 4个交换机堆叠48口一楼192.168.0.4 1个交换机48口三楼192.168.0.5 1个交换机24口三楼192.168.0.6 2个交换机堆叠1个24口1个48口五楼192.168.0.2 4个交换机堆叠48口七楼预计分配情况:VLAN 3分配到1楼到4楼用户IP地址段:192.168.3.0 子网掩码:255.255.255.0 网关地址:192.168.3.254 VLAN 4分配到5楼到8楼用户IP地址段:192.168.4.0 子网掩码:255.255.255.0 网关地址:192.168.4.254。
接入层交换机配置文档
接入层交换机配置文档开机过程:这里需要输“no”才能进入用户模式“>”(第一次开机才会出现)配置交换机:进入用户模式后输入“enable”进入特权模式(命令可以用“tab”键补全)在特权模式下可使用show命令后面可以跟具体的参数在特权模式下输入“conf treminal”进入全局模式,也叫配置模式在全局模式下可以实现用户名、密码、设备名称、路由等配置,还可以创建vlan、进入vlan 接口、进入物理接口。
//创建用户名和密码,这个用户名和密码是远程登陆时候需要用到的:用户名:cisco 密码:cisco//这是从特权模式进入到全局模式需要用的密码,这个密码无论远程登陆或者console线连接登陆都是需要的(密码是密文的)密码:cisco 配置设备名称://在全局模式下配置本设备名称:“hostname 后加设备名称”(JR=接入、JHJ=交换机、LTBGL=炼铁办公楼、C3560=交换机型号)划分Vlan://首先全局模式创建相应的vlan:vlan 2进入vlan 2 :int vlan 2开启vlan 2 :no shutdown然后进入物理端口,配置需要划分vlan的端口,例如把f0/1口划分到vlan 2里//全局模式下进入f0/1口:interface f0/1把此端口划分到vlan 2:switchport access vlan 2把此端口模式设置成访问模式:switchport mode access开启此端口:no shutdowm还可以同时将多个端口划分到同一个vlan里,全局模式下进入多个端口:interface range f0/1 - 24例如:配置trunk链路//全局模式下进入需要配置trunk模式的端口:interface range g0/1 -2封装dot1q协议:switchport trunk encapsulation dot1q设置trunk模式:switchport mode trunk开启端口:no shutdown配置管理地址://全局模式下进入vlan 1的端口模式:interface vlan 1添加一个ip地址:ip address 10.99.21.1 255.255.255.128开启此端口:no shutdown(这个地址是远程登陆的telnet地址)配置线程模式:线程模式是远程登陆端口,如果不开启此端口,那么就无法远程登陆。
接入层交换机配置
C2960-9F-up#show running-configBuilding configuration...Current configuration : 10054 bytes!! Last configuration change at 02:00:32 UTC Tue Oct 26 2010 by liujunjie ! NVRAM config last updated at 23:51:51 UTC Wed Sep 1 2010 by liujunjie !version 12.2no service padservice timestamps debug datetimeservice timestamps log datetimeno service password-encryption!hostname C2960-9F-up!enable secret 5 $1$vPXp$Sa4uHCN37NDywGx1ahNb9/!username cisco password 0 scpitmaaa new-modelaaa authentication login default group tacacs+ localaaa authentication enable default group tacacs+ enableaaa authentication dot1x default group radiusaaa authorization consoleaaa authorization exec default group tacacs+ localaaa authorization commands 15 default group tacacs+ localaaa authorization network default group radiusaaa accounting exec default start-stop group tacacs+aaa accounting commands 15 default start-stop group tacacs+aaa accounting connection default start-stop group tacacs+!aaa session-id commonvtp mode transparentip subnet-zero!no ip domain-lookup!!!dot1x system-auth-controlno file verify auto!spanning-tree mode pvstspanning-tree extend system-idno spanning-tree vlan 202!vlan internal allocation policy ascending !vlan 10-11,77!vlan 88name vlan88!vlan 101name HQSR1!vlan 103name HQSR3!vlan 105name HQSR5!vlan 188name internet!vlan 199name HQDCSW!vlan 200name HQPR!vlan 201name HQGMO!vlan 202name HQHR!vlan 203name HQFINANCE!vlan 204name HQDEVELOP!vlan 205name HQINV!vlan 206name HQ-PROJ-MANAGER!vlan 207name HQ-PROJ-BUDGET !vlan 208name HQLAW!vlan 209name HQADMIN!vlan 210name HQIT!vlan 225name HQGUEST!vlan 226name HQOFFICE!vlan 231name BRLEADER!vlan 232name BRHR!vlan 233name BRFINANCE!vlan 236name BROFFICE!vlan 299name HQSW!vlan 1101name RTSR1!vlan 1103name RTSR3!vlan 1105name RTSR5!vlan 1200name RTPR!vlan 1201name RTGMO!vlan 1202name RTHR!vlan 1203name RTFINANCE!vlan 1205name RTINV!vlan 1206name rtproject!vlan 1210name RTIT!vlan 1225name RTGUEST!vlan 1226name RTOFFICE!vlan 1232name MALLHR!vlan 1233name MALLFINANCE!vlan 1236name MALLOFFICE!vlan 1299name RTSW!interface FastEthernet0/1 switchport access vlan 226 switchport mode access spanning-tree portfast!interface FastEthernet0/2switchport access vlan 226 switchport mode access spanning-tree portfast!interface FastEthernet0/3 switchport access vlan 226 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/4 switchport access vlan 226 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/5 switchport access vlan 226 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/6 switchport access vlan 226 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/7 switchport access vlan 226 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/8 switchport access vlan 226 switchport mode access dot1x pae authenticator dot1x port-control autospanning-tree portfast!interface FastEthernet0/9 switchport access vlan 226 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/10 switchport access vlan 226 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/11 switchport access vlan 226 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/12 switchport access vlan 226 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/13 switchport access vlan 225 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/14 switchport access vlan 226 switchport mode access spanning-tree portfast!interface FastEthernet0/15 switchport access vlan 225switchport mode accessdot1x pae authenticatordot1x port-control auto spanning-tree portfast!interface FastEthernet0/16 switchport access vlan 225 switchport trunk native vlan 199 switchport mode trunk spanning-tree portfast!interface FastEthernet0/17 switchport access vlan 225 switchport trunk native vlan 199 switchport mode trunk spanning-tree portfast!interface FastEthernet0/18 switchport access vlan 225 switchport trunk native vlan 199 switchport mode trunk spanning-tree portfast!interface FastEthernet0/19 switchport access vlan 202 switchport mode access spanning-tree portfast!interface FastEthernet0/20 switchport access vlan 202 switchport mode access spanning-tree portfast!interface FastEthernet0/21 switchport access vlan 225 switchport mode accessdot1x pae authenticatordot1x port-control auto spanning-tree portfast!interface FastEthernet0/22 switchport access vlan 225 switchport mode accessdot1x pae authenticatordot1x port-control auto spanning-tree portfast!interface FastEthernet0/23 switchport access vlan 225 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/24 switchport access vlan 225 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/25 switchport access vlan 225 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/26 switchport access vlan 225 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/27 switchport access vlan 225 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/28 switchport access vlan 225 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/29 switchport access vlan 225 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/30 switchport access vlan 225 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/31 switchport access vlan 226 switchport mode access spanning-tree portfast!interface FastEthernet0/32 switchport access vlan 225 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/33 switchport access vlan 225 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/34 switchport access vlan 225 switchport mode access dot1x pae authenticator dot1x port-control auto spanning-tree portfast!interface FastEthernet0/35 switchport access vlan 225 switchport mode accessdot1x pae authenticatordot1x port-control auto spanning-tree portfast!interface FastEthernet0/36 switchport access vlan 225 switchport mode accessdot1x pae authenticatordot1x port-control auto spanning-tree portfast!interface FastEthernet0/37 switchport access vlan 225 switchport mode accessdot1x pae authenticatordot1x port-control auto spanning-tree portfast!interface FastEthernet0/38 switchport access vlan 225 switchport mode accessdot1x pae authenticatordot1x port-control auto spanning-tree portfast!interface FastEthernet0/39 switchport access vlan 225 switchport mode accessdot1x pae authenticatordot1x port-control auto spanning-tree portfast!interface FastEthernet0/40 switchport access vlan 225 switchport trunk native vlan 199 switchport mode trunk spanning-tree portfast!interface FastEthernet0/41 switchport access vlan 225 switchport mode accessdot1x pae authenticatordot1x port-control auto spanning-tree portfast!interface FastEthernet0/42 switchport access vlan 225 switchport mode accessdot1x pae authenticatordot1x port-control auto spanning-tree portfast!interface FastEthernet0/43 switchport access vlan 225 switchport trunk native vlan 199 switchport mode trunk spanning-tree portfast!interface FastEthernet0/44 switchport access vlan 225 switchport mode accessdot1x pae authenticatordot1x port-control auto spanning-tree portfast!interface FastEthernet0/45 switchport access vlan 225 switchport mode accessdot1x pae authenticatordot1x port-control auto spanning-tree portfast!interface FastEthernet0/46 switchport access vlan 1226 switchport mode accessdot1x pae authenticatordot1x port-control auto spanning-tree portfast!interface FastEthernet0/47 switchport access vlan 225 switchport mode accessdot1x pae authenticatordot1x port-control auto spanning-tree portfast!interface FastEthernet0/48 switchport access vlan 225switchport mode accessdot1x pae authenticatordot1x port-control autospanning-tree portfast!interface GigabitEthernet0/1!interface GigabitEthernet0/2switchport mode trunk!interface Vlan1no ip addressno ip route-cache!interface Vlan199ip address 10.1.99.16 255.255.255.0no ip route-cache!ip default-gateway 10.1.99.251no ip http serveraccess-list 1 permit 10.2.10.0 0.0.0.255access-list 1 permit 10.1.1.0 0.0.0.255access-list 1 permit 10.1.100.0 0.0.0.255access-list 10 permit 10.1.1.15snmp-server community scppub RO 10snmp-server host 10.1.1.15 version 2c scppubtacacs-server host 10.1.1.7 key scpitmtacacs-server directed-requestradius-server host 10.1.1.4 auth-port 1645 acct-port 1646 key scpkey radius-server source-ports 1645-1646!control-plane!!line con 0line vty 0 4access-class 1 inpassword 123line vty 5 15!ntp clock-periodntp server 10.1.99.252endC2960-9F-up#。
H3C交换机实战配置脚本
H3C交换机实战配置脚本1、修改主机名[H3C]sysname hnyx2、创建管理及业务VLAN[hnyx]vlan 31[hnyx]vlan 101 to 1073、进入上行接口,将接口改成trunk模式[hnyx]interface Ethernet 1/0/1[hnyx-Ethernet1/0/1]port link-type trunk4、配置上行trunk接口允许通过的VLAN范围(管理VLAN+业务VLAN)[hnyx-Ethernet1/0/1]port trunk permit vlan 31 101 to 1075、分别进入下行接口,将接口类型改为ACCESS并划分到相应的VLAN [hnyx]interface Ethernet 1/0/2[hnyx-Ethernet1/0/2]port access vlan 1016、创建管理接口并配置相应的IP地址[hnyx]management-vlan 31 //将VLAN31指定为管理VLAN[hnyx]interface Vlan-interface 31[hnyx-Vlan-interface31]ip address 172.16.31.11 247、配置交换机网关[hnyx]ip route-static 0.0.0.0 0.0.0.0 172.16.31.18、开启telnet服务[hnyx]telnet server enable9、将登录的认证方式改为本地用户名加密码认证[hnyx]user-interface vty 0 4[hnyx-ui-vty0-4]authentication-mode scheme10、创建本地用户名及密码[hnyx]local-user admin[hnyx-luser-admin]password simple hnyx[hnyx-luser-admin]service-type telnet11、配置进入系统视图的密码(切换权限认证密码)[hnyx]super password simple yxhn12、保存配置<hnyx>save。
中兴交换机配置脚本
中兴交换机配置脚本以2609为例//进入配置模式zte>enablepassword:zte(cfg)#//修改交换机名称zte(cfg)#hostname 小区交换机名//添加管理VLAN 70 和业务VLANset vlan 7 enableset vlan 1031 enableset vlan 1032 enableset vlan 1033 enableset vlan 1034 enableset vlan 1035 enableset vlan 1036 enableset vlan 1037 enableset vlan 1038 enableset vlan 1039 enableset vlan 2531 enableset vlan 2532 enableset vlan 2533 enableset vlan 2534 enableset vlan 2535 enableset vlan 2536 enableset vlan 2537 enableset vlan 2538 enableset vlan 2539 enableset vlan 4000 enable//配置上行口数据set vlan 7,1031-1039,2531-2539,4000 add port 9 tag//配置下行口数据set vlan 7,1031-1039,2531-2539,4000 add port 1 tag//配置普通PPPOE用户端口数据set vlan 1032 add port 2 untagset vlan 1033 add port 3 untagset vlan 1034 add port 4 untagset vlan 1035 add port 5 untagset vlan 1036 add port 6 untagset vlan 1037 add port 7 untagset vlan 1038 add port 8 untagset vlan 1031 add port 1 untagset vlan 2532 add port 2 untagset port 1 pvid 1031set port 2 pvid 1032set port 3 pvid 1033set port 4 pvid 1034set port 5 pvid 1035set port 6 pvid 1036set port 7 pvid 1037set port 8 pvid 1038//配置E8-C用户端口数据set vlan 1032,2532,4000 add port 2 tagset vlan 1003,2503,3003,4000 add port 3 tagset vlan 1004,2504,3004,4000 add port 4 tagset vlan 1005,2505,3005,4000 add port 5 tagset vlan 1006,2506,3006,4000 add port 6 tagset vlan 1007,2507,3007,4000 add port 7 tagset vlan 1008,2508,3008,4000 add port 8 tagset vlan 1009,2509,3009,4000 add port 9 tag//配置交换机管理地址set vlan 7 enableset vlan 7 add port 9 tagconfig routerset ipport 9 ipaddress 10.10.30.22/24set ipport 9 vlan 7set ipport 9 enableiproute 0.0.0.0 0.0.0.0 10.10.30.1telnet登录用户名密码缺省为(admin/zhongxing )。
2. 接入层交换机配置
配置管理
接入层交换机配置
认识接入层以太网交换机: 交换机的基本配置
④ 交换机VLAN创建,删除
switch#vlan database ;进入VLAN设置 switch(vlan)#vlan 2 ;创建VLAN 2 switch(vlan)#vlan 3 name vlan3 ;创建VLAN 3并命名
(1)通过Console端口配置
接入层交换机配置
认识接入层以太网交换机: 交换机的配置途径
(1)通过Console端口配置
接入层交换机配置
认识接入层以太网交换机: 交换机的配置途径
(2)通过Telnet访问
接入层交换机配置
认识接入层以太网交换机: 交换机的配置途径
(3)通过其它方法访问 ① 利用SecureCRT软件登录 ② 利用HTTP访问
当在不同的模式下,CLI界面中会出现不同的提示符。
接入层交换机配置
认识接入层以太网交换机: 交换机的基本配置
接入层交换机配置
认识接入层以太网交换机: 交换机的基本配置
基本配置方法
① 设置主机名:
switch>enable;进入特权模式 switch#config terminal;进入全局配置模式 switch(config)#hostname csico ;设置交换机 的主机名为csico
接入层交换机配置
认识接入层以太网交换机: 启动交换机
交换机相当于一台特殊的计算机,同样有CPU、存 储介质和操作系统,只不过这些都与PC机有些差别而已。
交换机也由硬件和软件两部分组成,软件部分主要 是IOS操作系统,硬件主要包含CPU、端口和存储介质。
对于还未配置的交换机,在启动时会询问是否进行 配置,此时可键人“yes”进行配置,若不想配置,可 键入“no”,在任何时刻,可按Ctrl+C组合键,终止配 置。
交换机配置脚本
烽火网络二层交换机配置模板模板说明:假设需配置一台小区汇聚交换机,其中交换机管理vlan 定义为100,上网vlan615,IPTV直播业务vlan2104,ip电话业务vlan2103,上联口为25-26口(透传所有VLAN),1-4口直接连接IPTV 用户机顶盒添加到vlan2104中设置为untag模式,5-12口连接下级交换机(透传所有vlan),13-24口直连IP电话用户添加vlan2103中设置为untag模式。
admin ------------------------------------------交换机用户名12345-------------------------------------------交换机密码Config-------------------------------------------进入全局配置模式hostname YQYD ---------------------------对交换机命名YQYDint vlan 100------------------------------------创建vlan100(进入VLAN配置模式)网管配置mem 25-26 t----------------------------------将上联口加入vlan100模式为透传模式(网管配置)q-------------------------------------------------退出VLAN配置模式system --------------------------------------进入系统配置模式anti-attack dis-----------------------------关闭防攻击功能(iptv相关配置) ip add 192.168.11.11 255.255.255.0—配置交换机IP地址(网管配置)man vlan 100---------------------------------指定交换机管理vlan(网管配置) q-------------------------------------------------退出系统配置模式igmp-snooping------------------------------进入组播监听模式igmp-snooping en--------------------------开启组播监听igmp-snooping f en---------------------开启组播快速转发quit--------------------------------------------退出组播监听模式port 1-26 packet-limit dlf 0 ------------关闭1-26口DLF包限制port 1-26 packet-limit br 0-------------关闭1-26口广播包限制port 1-26 packet-limit multicast 0---关闭1-26口组播包限制port 1-26 flow-ctrl dis-------------------关闭1-26口流量控制int eth 25-----------------------------------进入25号端口loop-check dis----------------------------关闭此端口的环回检测功能(上联口需配)q---------------------------------------------退出端口模式int vlan 2104------------------------------创建VLAN2104(进入VLAN配置模式)mem 1-4 untag---------------------------将1-4加入2104接口模式为用户模式mem 5-12,25-26 tag---------------------将5-12和25-26加入到2104并设为透传模式q---------------------------------------------退出VLAN配置模式port 1-4 pvid 2104 ---------------------将1-4口pvid值设为2104 (config 模式)int vlan 2103-----------------------------创建VLAN2103(进入VLAN配置模式)mem 5-12,25-26 tag -------------------将5-12和25-26加入到2103并设为透传模式mem 13-24 untag-----------------------将13-24口加入到2103接口模式为用户模式(untag)q--------------------------------------------退出VLAN配置模式port 13-24 pvid 2103 ------------------将13-24口pvid值设为2103 (config 模式)int vlan 615------------------------------创建VLAN615(进入VLAN配置模式)mem 5-12,25-26 tag -------------------将5-12和25-26加入到615并设为透传模式q--------------------------------------------退出VLAN配置模式q--------------------------------------------退出全局配置模式wri file------------------------------------保存配置(#号模式)y注意:其他业务无须进行此项配置。
h3c接入层交换机设置
h3c接入层交换机设置system-viewSystem View: return to User View with Ctrl+Z.[H3C]local-user h3c /*建立telnet登录用户*/New local user added.[H3C-luser-h3c]password simple h3c /*设置telnet用户登录密码*/[H3C-luser-h3c]service-type telnet /*设置用户服务类型为telnet*/[H3C-luser-h3c]level 3 /*设置用户服务权限为最高*/[H3C-luser-h3c][H3C-luser-h3c][H3C-luser-h3c]quit /*退出到系统视图*/[H3C][H3C]sysname wxjdc /*交换机命名为 wxjdc */[wxjdc]user-interface vty 0 4 /*进入用户配置模版固定值*/[wxjdc-ui-vty0-4]authentication-mode scheme /*设置用户配置模版验证模式 */[wxjdc-ui-vty0-4][wxjdc-ui-vty0-4]quit /*退出到系统视图*/[wxjdc]vl 20 /*建立VLAN 20*/[wxjdc-vlan20][wxjdc-vlan20][wxjdc-vlan20]port Ethernet 1/0/1 to e 1/0/48 /*把1/0/1至1/0/48划入VLAN20*/[wxjdc-vlan20]interface GigabitEthernet1/1/1 /*进入 Gi 1/1/1接口下*/[wxjdc-vlan20]port access vlan 20 /*把Gi 1/1/1划入VLAN20*/[wxjdc-vlan20][wxjdc-vlan20]interface Vlan-interface 20 /*进入VLAN 20 三层接口*/[wxjdc-Vlan-interface20]ip add 10.136.47.111 255.255.255.0/24 /*配置VLAN 20 三层接口地址*/[wxjdc-Vlan-interface20][wxjdc-Vlan-interface20][wxjdc-Vlan-interface20]qu[wxjdc]ip route-static 0.0.0.0 0.0.0.0 10.136.47.254 /*配置默认路由至Vlan 20的网关地址*/[wxjdc]qutelnet 127.0.0.1 /*测试telnet配置是否成功*/Trying 127.0.0.1 ...Press CTRL+K to abortConnected to 127.0.0.1 ...*************************************************************** ****************** Copyright(c) 2004-2006 Hangzhou Huawei-3Com Tech. Co., Ltd. ** Without the owner's prior written consent, ** no decompiling or reverse-engineering shall be allowed. * *************************************************************** *****************Login authenticationUsername:h3cPassword:%Apr 2 00:06:36:900 2000 wxjdc SHELL/5/LOGIN:- 1 - h3c(127.0.0.1) in unit1 login%Apr 2 00:06:36:997 2000 wxjdc SHELL/5/LOGIN:- 1 - h3c(127.0.0.1) in unit1 loginsySystem View: return to User View with Ctrl+Z.[wxjdc][wxjdc]qu%Apr 2 00:06:50:187 2000 wxjdc SHELL/5/LOGOUT:- 1 - h3c(127.0.0.1) in unit1 logoutThe connection was closed by the remote host!sySystem View: return to User View with Ctrl+Z.[wxjdc]完整配置:[wxjdc]dis cu#sysname wxjdc#radius scheme system#domain system#local-user h3cpassword simple h3cservice-type telnetlevel 3#vlan 1#vlan 20interface Vlan-interface20ip address 10.136.47.31 255.255.255.0 #interface Aux1/0/0#interfaceEthernet1/0/1port access vlan 20#interface Ethernet1/0/2port access vlan 20#interface Ethernet1/0/3port access vlan 20#interface Ethernet1/0/4port access vlan 20#interface Ethernet1/0/5port access vlan 20#interface Ethernet1/0/6port access vlan 20#interface Ethernet1/0/7port access vlan 20#interface Ethernet1/0/8#interface Ethernet1/0/9 port access vlan 20#interface Ethernet1/0/10 port access vlan 20#interface Ethernet1/0/11 port access vlan 20#interface Ethernet1/0/12 port access vlan 20#interface Ethernet1/0/13 port access vlan 20#interface Ethernet1/0/14 port access vlan 20#interface Ethernet1/0/15 port access vlan 20#interface Ethernet1/0/16 port access vlan 20#interface Ethernet1/0/17 port access vlan 20#interface Ethernet1/0/18#interface Ethernet1/0/19 port access vlan 20#interface Ethernet1/0/20 port access vlan 20#interface Ethernet1/0/21 port access vlan 20#interface Ethernet1/0/22 port access vlan 20#interface Ethernet1/0/23 port access vlan 20#interface Ethernet1/0/24 port access vlan 20#interface Ethernet1/0/25 port access vlan 20#interface Ethernet1/0/26 port access vlan 20#interface Ethernet1/0/27 port access vlan 20#interface Ethernet1/0/28#interface Ethernet1/0/29 port access vlan 20#interface Ethernet1/0/30 port access vlan 20#interface Ethernet1/0/31 port access vlan 20#interface Ethernet1/0/32 port access vlan 20#interface Ethernet1/0/33 port access vlan 20#interface Ethernet1/0/34 port access vlan 20#interface Ethernet1/0/35 port access vlan 20#interface Ethernet1/0/36 port access vlan 20#interface Ethernet1/0/37 port access vlan 20#interface Ethernet1/0/38#interface Ethernet1/0/39 port access vlan 20#interface Ethernet1/0/40 port access vlan 20#interface Ethernet1/0/41 port access vlan 20#interface Ethernet1/0/42 port access vlan 20#interface Ethernet1/0/43 port access vlan 20#interface Ethernet1/0/44 port access vlan 20#interface Ethernet1/0/45 port access vlan 20#interface Ethernet1/0/46 port access vlan 20#interface Ethernet1/0/47 port access vlan 20#interface Ethernet1/0/48#interface GigabitEthernet1/1/1port access vlan 20#interface GigabitEthernet1/1/2#interface GigabitEthernet1/1/3#interface GigabitEthernet1/1/4#undo irf-fabric authentication-mode#interface NULL0#voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000 #ip route-static 0.0.0.0 0.0.0.0 10.136.47.254 preference 60#user-interface aux 0 7user-interface vty 0 4authentication-mode scheme。
配置接入层交换机
S2126#c opy running-config startup-config
S2126# write memory
S2126# write //将当前运行的参数保存到flash中用于系统初始化是初始化参数
S2126# delete flash:config.text //永久性的删除flash中配置的文件
S2126 (config-if)# exit
07)查看交换机的配置信息
S2126# show ip interfaces
//查看交换机接口信息
S2126# show interfaces vlan 1
//查看管理VLAN1信息
S2126# show running-config
//查看配置信息
08)保存/删除交换机配置信息
(4)按下面要求对交换机进行配置,网络拓扑结构如图3-1-6所示,要求如下。 1)设置enable密码为admin。 2)创建VLAN10、VLAN20、VLAN30;分别命名为yuwen、shuxue和yingyu。 3)将Fa0/1-5加入VLAN10、Fa/6-10加入VLAN20、Fa/11-20加入VLAN30。 4)在电脑PC1中ping电脑PC2和PC3的IP,检测网络连通性。 5)在电脑PC3中ping电脑PC2的IP、ping电脑PC4的IP,检测网络连通性。 6)导出配置文件为T1-4.text。
//配置交换机的Telnet登录密码为xxhua
Switch(config)# enable secret level 15 0 xxh
//配置交换机的特权密码为xxh
(3)配置交换机允许Telnet登录
为了使交换机允许通过Telnet进行远程配置,而不需要每次都通过本地进行配置,这就需要对交换机进行一系列 的配置,步骤如下。
接入交换机简单实例配置
接⼊交换机简单实例配置博主⽹⼯毕业⼏年了,有⼀段时间没天天练习路由与交换⼀块了。
最近在单位⽹络上加了⼀台⼆层交换机,⽤此来做个简单的配置总结。
(博客园,防爬⾍)2021/8更新,博主有些命令只是参考,配置交换机很重要⼀个点是思路,你要知道你需要配什么,⽽不是关注交换机命令。
交换机命令随便百度都可以搜到,但是思路这个东西是知识,不是靠死记硬背的。
⼀、接⼊交换机配置简介⽬前⼤多数企业环境(⾮数据中⼼),内部⽹络⼀般都是三层架构。
分别是核⼼层,汇聚层,接⼊层。
(博客园,防爬⾍)接⼊层⽤于终端设备(电脑,笔记本,⼀体机,电视,监控等等)连接⽹络,划分VLAN,有些还做⼀些MAC绑定等等那么⼤多数情况下,⼀台接⼊交换机的基本配置分为以下⼏块:1.管理⼝与远程登录(telent/ssh): 设置交换机的⽤户跟密码,web登录,远程登录2.划分vlan: 根据上层的设备的vlan进⾏具体划分,那个接⼝开什么vlan,区别⽹段3.划分acess⼝与trunk⼝: 接⼝类型,交换机与终端⽤acess⼝,交换机与交换机⽤trunk⼝(博客园,防爬⾍)4.静态路由: 看情况,默认配置⼀条0.0.0.0缺省路由到核⼼即可除了这些,可能还有⼀些SNMP或者接⼝MAC绑定,都是⼀两条命令,不复杂⼆、案例环境单位环境⼤部分是⽤的华为跟华三的设备。
此次由于是后续新增,⽤了⼀个锐捷的设备。
区别不⼤,命令可以参照思科,或者下个命令⼿册。
(博客园,防爬⾍)设备型号:RG-NBS2009G-P⼆层⽹管千兆POE交换机三、实际操作1.⽤console连连接交换机,重置交换机找台笔记本,下载⼀个【CRT】或者【MobaXterm】【xsell】远程⼯具,把console线接⼊交换机与电脑(博客园,防爬⾍)参数默认9600 0 8 1登录上去后,有密码就进去输⼊命令erase startup-config #清除启动配置reload #重启Save current configuration to startup-config(Yes|No)?是否保存配置到启动 #不保存输⼊NOPlease confirm system to reload(Yes|No)?确认重启 #是输⼊YES没密码恢复出⼚设置,(博客园,防爬⾍)华为:https:///article/046a7b3ea36325f9c27fa9e8.html思科:https:///article/e5c39bf5ff982339d660336e.html2.进⼊后,设置⽤户名与密码,开启远程登录# configure terminal 进⼊全局配置模式(config)#user admin password 0 admin 配置⽤户名和密码都为admin(config)#enable password admin 全局模式密码admin(config)# line vty 0 4 进⼊VTY的配置模式(低版本默认开启telent+web)(config)# login local 配置启动本地认证ssh配置,这个锐捷版本低了,不⽀持,补充下Ruijie(config)#enable service ssh-server ------>开启SSH服务,默认关闭Ruijie(config)#ip ssh version 2 ------>默认1.99版本,设置为版本2Ruijie(config)#crypto key generate rsa ------>加密⽅式有两种:DSA和RSA,已RSA为例3.基本信息配置1设置设备名称23 hostname xxx45同步时间67 ntp server 172.16.98.254 version 3 同步时间服务器ip+版本8 ntp synchronize 开启同步910 show clock 查看时间4.添加VLAN,根据单位需要来添加,我这⾥是放通96-108,(博客园,防爬⾍)Ruijie# configure terminalRuijie(config) # vlan 888 vlan888Ruijie (config-vlan 888) # description test888 设置描述5.配置⼀个管理vlan,⽤于远程登录interface vlan 98 管理vlan98ip address 172.16.98.137 255.255.255.0 管理ip地址⾃⼰设置exit6.设置trunk⼝,连接交换机interface gigabitEthernet 0/1 打开g0/1description 5f-jr-sw(98.3) 输⼊描述no shutdown 不关闭switch mode trunk 接⼝模式trunkswitch trunk allowed vlan 1 允许vlanswitch trunk allowed vlan 96 to 108 允许vlanswitch trunk native vlan 1 默认native通过vlan 1标签poe alloc-power 30no poe enable 不开启poeexit7.设置acess⼝,连接终端,这⾥我分4个⼝到vlan100,3个⼝到vlan106,(博客园,防爬⾍)interface gigabitEthernet 0/2no shutdownswitch access vlan 100poe alloc-power 30no poe enableexitinterface gigabitEthernet 0/3no shutdownswitch access vlan 100poe alloc-power 30no poe enableexitinterface gigabitEthernet 0/4no shutdownswitch access vlan 100poe alloc-power 30no poe enableexitinterface gigabitEthernet 0/5no shutdownswitch access vlan 100poe alloc-power 0no poe enableexitinterface gigabitEthernet 0/6no shutdownswitch access vlan 106poe alloc-power 0no poe enableexitinterface gigabitEthernet 0/7no shutdownswitch access vlan 106poe alloc-power 0no poe enableexitinterface gigabitEthernet 0/8no shutdownswitch access vlan 106poe alloc-power 0no poe enableexit8.来条静态路由,全部转发到核⼼上去,(博客园,防爬⾍)ip route 0.0.0.0 0.0.0.0 172.16.98.2549.连接⽹线测试telent测试web测试,(博客园,防爬⾍)四、总结接⼊⽐较简单,基本上这些都够了,还有需要的,单独查下命令就ok补充两条:配置后⼀定要保存华为/华三:save思科/锐捷:wr。