三层交换机的配置与管理教材

基于SCALANCE 管理型三层交换机静态路由原理介绍及配置指南SIMATIC XM400 路由Siemens Industry Online© S i e m e n s A G c o p y r i g h t y e a r A l l r i g h t s r e s e r v e dThis entry is from the Siemens Industry Online Support. The general terms of use (/terms_of_use ) apply.安全性信息Siemens 为其产品及解决方案提供了工业信息安全功能，以支持工厂、系统、机器和网络的安全运行。

为了防止工厂、系统、机器和网络受到网络攻击，需要实施并持续维护先进且全面的工业信息安全保护机制。

Siemens 的产品和解决方案仅构成此类概念的其中一个要素。

客户负责防止其工厂、系统、机器和网络受到未经授权的访问。

只有在必要时并采取适当安全措施（例如，使用防火墙和网络分段）的情况下，才能将系统、机器和组件连接到企业网络或 Internet 。

此外，应考虑遵循 Siemens 有关相应信息安全措施的指南。

更多有关工业信息安全的信息，请访问 /industrialsecurity 。

Siemens 不断对产品和解决方案进行开发和完善以提高安全性。

Siemens 强烈建议您及时更新产品并始终使用最新产品版本。

如果使用的产品版本不再受支持，或者未能应用最新的更新程序，客户遭受网络攻击的风险会增加。

要及时了解有关产品更新的信息，请订阅 Siemens 工业信息安全 RSS 源，网址为 /industrialsecurity 。

© S i e m e n s A G c o p y r i g h t y e a r A l l r i g h t s r e s e r v e d目录1.1 路由的概念 ......................................................... 4 1.2 静态路由的原理 ..................................................... 5 1.3 静态路由配置指南 ................................................... 6 配置样例 ................................................................ 6 配置说明 ................................................................ 6 配置步骤 . (6)© S i e m e n s A G c o p y r i g h t y e a r A l l r i g h t s r e s e r v e d1.1 路由的概念路由是指路由器提供在不同网络中的互联机制，实现从一个接口上收到数据包，根据数据包的目的地址进行定向并转发到另一个接口的过程；路由发生在第三层（网络层），就是指导IP 数据包发送的路径信息。

安奈特三层交换机配置手册AlliedWare Plus TM OSHow T o |IntroductionThis How T o Note introduces a number of commonly-used management features of the AlliedWare Plus TM operating system (OS), the next generation operating system for Allied T elesis, Inc’s high performance layer 3 managed switches.ContentsIntroduction (1)Contents (1)Related How T o Notes (2)Which products and software version does it apply to? (2)Important differences between the AlliedWare OS and the AlliedWare Plus OS (3)How to log in (4)How to get command help (5)How to work with command modes (9)How to see the current configuration (14)Default settings (15)The default configuration script (16)How to change the password (17)How to set a management IP address (17)How to save and boot from the current configuration (18)How to save to the default configuration file (18)How to create and use a new configuration file (18)How to return to the factory defaults (20)How to see systeminformation ....................................................................................................... .. 21Get Started With The AlliedWare Plus TM Operating System IntroductionHow to set system parameters (23)How to change the telnet session timeout (23)How to name the switch (23)How to display a text banner at login (24)How to set the time and date (25)How to show current settings (25)How to set the time and date (25)How to set the timezone (26)How to configure summer-time (26)How to add and remove users (28)Pre-encrypted passwords (29)How to undo settings (30)How to use the no parameter (30)How to use the default parameter (30)How to work with files (31)How to list files (31)How to display the contents of configuration and text files (33)How to navigate through the file system (34)How to copy files (36)How to use the editor (38)How to upgrade the firmware (39)Appendix: Commands available in each mode (40)User Exec mode (40)Privileged Exec mode (41)Global Configuration mode (42)Related How T o NotesY ou may also find the following AlliedWare Plus OS How T o Notes useful:z How To Configure Basic Switching Functionalityz How T o Configure EPSR (Ethernet Protection Switching Ring) to Protect a Ring from Loops Which products and software version does it apply to? This How T o Note applies to the following Allied T elesis switches, running AlliedWare Plus software version 5.2.1 or later:z SwitchBlade x908z x900 seriesImportant differences between the AlliedWare OS and the AlliedWare Plus OS Important differences between the AlliedWare OS and the AlliedWare Plus OSThe most noticeable differences between the AlliedWare Plus and AlliedWare OSes are:z The command mode hierarchy. With the AlliedWare Plus OS, you go into an appropriate mode before entering configuration or monitoring commands.For details of the modes, see "How to work with command modes"on page9.z The style of the commands. Because you go into a configuration mode, the AlliedWare Plus OS already knows that you are entering a configuration command.Therefore, you do not have to begin commands with keywords like create. This means that many commands are shorter.z How the switch identifies values in commands. The AlliedWare Plus OS either has parameter keywords immediately followed by a space and their value (for an example, see "How to add and remove users"on page28), or simply has a series ofspace-separated values (for an example, see "How to set the time and date"on page25). For manycommands, you must enter the values in the correct order. The ? help makes this easy by prompting you for values one at a time.z How to undo an action or remove a setting. Mostly you remove settings by re-entering the configuration command with the keyword no before it. See "How to undo settings"on page30.z The things the command line warns you about. In the AlliedWare Plus OS: z If you try to create an object (such as a user, trigger etc) and an object with that name already exists, the switch overwrites the original object. It does not warn you before doing so.The file copying commands are an example of an exception to this—the switch asks if you want to overwrite the file.z Y ou only get a message telling you that an operation failed, not if it succeeds. If the switch does not display an error message, you can assume the command wassuccessful.z Port numbering. In the AlliedWare Plus OS, switch ports are named port x.y.z (e.g.port1.0.1), where:z the first number (x) is the stack ID numberz the second number (y) is the module number (0 for base ports and higher numbers for XEMs)z the third number (z) is the port number.z Associating VLANs with switch ports. In the AlliedWare Plus OS, VLANs are configured as an attribute of switch ports. T o associate a VLAN with a port, you enter Interface Configuration mode for the port, not for the VLAN. For details and examples,see the following AlliedWare Plus How T o Note: How To Configure Basic SwitchingFunctionality.z Flash compaction. In the AlliedWare Plus OS, Flash compaction takes up to a minute.The command line is unresponsive during this time. Do not power cycle the switch during Flash compaction.How to log in How to log in1.Set the console baud rateSet the baud rate of your terminal emulator to 115200.For bootloader version 1.0.8 and earlier, this is the switch’s default value. Y ou can use a bootloader menu option to change it, but the first time you access the switch, you must use 115200.Note that in bootloader version 1.0.9, the default baud rate will change to 9600.2.Login with manager/friendLike in AlliedWare, the defaults are:username: managerpassword: friendThe switch logs you into User Exec mode. From User Exec mode, you can perform high-level diagnostics (some show commands, ping, traceroute etc), start sessions (T elnet, SSH), and change mode.How to get command helpThe following kinds of command help are available:zlists of valid parameters with brief descriptions (the ? key)z completion of keywords (the T ab key)z error messages for incomplete or incorrect syntaxT o get syntax help, type ? after:z the prompt, to list all commands available in themode you are inz one or more parameters, to list parameters thatcan come next in the partial commandzone or more letters of a parameter, to listmatching parameters Example T o see which commands are available in User Exec mode, enter “?” at the User Exec mode command prompt:awplus>?This results in the following output:X View a list of valid parameters Tip:The AlliedWare Plus OS only displays one screenful of text at a time, with the prompt “--More--” at the end of each screenful. Press the space bar to display the next screenful or the Q key to return to the command prompt.Exec commands:clear Reset functionsdisable Turn off privileged mode commandecho Echo a stringenable Turn on privileged mode commandexit End current mode and down to previous modehelp Description of the interactive help systemlogout Exit from the EXECmstat Show statistics after multiple multicast traceroutesmtrace Trace multicast path from source to destinationping Send echo messagesquit Exit current mode and down to previous moderemote-command Remote stack member command executionshow Show running system informationssh Open an SSH connectiontelnet Open a telnet connectionterminal Set terminal line parameters traceroute Trace route to destinationExample T o see which show commands that start with “i” are available in User Exec mode, enter “?”after show i:awplus>show i?This results in the following output:interface Interface informationip Internet Protocol (IP)ipv6 Internet Protocol version 6 (IPv6)Example T o use the ? help to work out the syntax for the clock timezone command (page26), enter the following sequence of commands:awplus(config)#clock ?summer-time Manage summer-timetimezone Set clock timezoneawplus(config)#clock timezone ?TIMEZONE Timezone name, up to 6 charactersawplus(config)#clock timezone NZST ?minus negative offset (West of Greenwich)plus positive offset (East of Greenwich)awplus(config)#clock timezone NZST plus ?OFFSET Time zone offset to UTC in HH or HH:MM formatawplus(config)#clock timezone NZST plus 12The above example demonstrates that the ? help only indicates what you can type next. Forcommands that have a series of parameters, like clock timezone, the ? help does not makethe number of parameters obvious.X Complete keywordsT o complete keywords, type T ab after part of the command.If only one keyword matches the partial command, the AlliedWare Plus OS fills in thatkeyword. If multiple keywords match, it lists them.Example T o use T ab completion to enter the command show ip dhcp server summary, enter the following commands. We have included “” to show where to type the T ab key—it is not displayed on screen.awplus>show ipas-path-access-list bgp community-listdhcp dhcp-relay domain-listdomain-name extcommunity-list filterforwarding igmp interfaceirdp mroute mvifname-server nat ospfpim protocols riproute rpfawplus>show ip ddhcp dhcp-relay domain-list domain-nameawplus>show ip dhcpbinding pool serverawplus>show ip dhcp server sstatistics summaryawplus>show ip dhcp server summaryX View command messagesThe switch displays the following generic error messages about command input:% Incomplete command—this message indicates that the command requires more parameters. Use the ? help to find outwhat other parameters are available.awplus(config)#interfaceinterface% Incomplete command.% Invalid input detected at '^' marker—this indicates that the switch could not process the command you entered. The switch also prints the command and marks the first invalid character by putting a '^' under it. Note that you may get this error if you enter a command in the wrong mode, as the following output shows.awplus#interface port1.0.1interface port1.0.1^% Invalid input detected at '^' marker.% Unrecognized command—when you try to use ? help and get this message, it indicates that the switch can not provide help on the command because it does not recognise it. This means the command does not exist, or that you have entered it in the wrong mode, as the following output shows.awplus#interface ?% Unrecognized commandThe AlliedWare Plus OS does not tell you when commands are successful. If it does not display an error message, you can assume the command was successful.How to work with command modesThe following figure shows the command mode hierarchy and the commands to use to move to lower-level modes.X User Exec modeUser Exec mode is the mode you log into on the switch.It lets you perform high-level diagnostics (show commands, ping, traceroute etc), start sessions (T elnet, SSH), and change mode.For a list of commands available in this mode, see "User Exec mode"on page40.The default User Exec mode prompt is awplus>.T o change from User Exec to Privileged Exec mode, enter thecommand:awplus>enable Privileged Exec mode is the main mode for monitoring—forexample, running show commands and debugging. FromPrivileged Exec mode, you can do all the commands from User Exec mode plus many systemcommands.For a list of commands available in this mode, see "Privileged Exec mode"on page 41.The default Privileged Exec mode prompt is awplus#.T o change from Privileged Exec to Global Configuration mode,enter the command:awplus>configure terminal From Global Configuration mode, you can configure mostaspects of the switch.For a list of commands available in this mode, see "Global Configuration mode"on page 42.The default Global Configuration mode prompt is awplus(config)#.X Privileged Exec modeX Global Configuration mode Tip:en is a short-cut forenable Tip:conf t is a short-cut forconfigure terminalA number of features are configured by entering a lower-level mode from GlobalConfiguration mode. The following table lists these features.Some protocols have commands in both Global Configuration mode and lower-levelconfiguration modes. For example, to configure MSTP , you use:zGlobal Configuration mode to select MSTP as the spanning tree mode zMST mode to create instances and specify other MSTP settings z Interface Configuration mode to associate the instances with the appropriate ports.X Lower-level configuration modesModeWhat it configures Command Default prompt InterfaceSwitch ports, VLANs, the management Eth port.interface name awplus(config-if)#Class map QoS classes, which isolate and name specifictraffic flows (classes) from all other traffic.(first enable QoS globally with mls qos enable)class-map name awplus(config-cmap)#EPSR Ethernet Protection Switching Ring, a loopprotection mechanism with extremely fastconvergence times.epsr configuration awplus(config-epsr)#Line Console port settings or virtual terminalsettings for telnet.line console 0line vty number awplus(config-line)#Ping poll Ping polling, which checks whether specifieddevices are reachable or not.ping-poll number awplus(config-ping-poll)#Policy map QoS policies, a collection of user-defined QoS classes and the default class.(first enable QoS globally with mls qos enable)policy-map nameawplus(config-pmap)#Policy map classThe QoS actions to take on a class-map, andwhich class-maps to associate with a QoSpolicy.This mode is a sub-mode of Policy map mode.(in Policy map mode)class name awplus(config-pmap-c)#Route map Route maps, which select routes to include or exclude from the switch’s routing table and/or route advertisements.route-map name deny|permit entry-numberawplus(config-route-map)#Router Routing using BGP , IP , IPv6, OSPF , RIP , or VRRP .router protocolother-parametersawplus(config-router)#MST Multiple Spanning T ree Protocol.spanning-tree mst configuration awplus(config-mst)#T rigger T riggers, which run configuration scripts inresponse to events.trigger number awplus(config-trigger)#VLAN databaseVLANs.vlan database awplus(config-vlan)#X Returning to higher-level modesThe following figure shows the commands to use to move from a lower-level mode to ahigher-level mode.Examples T o go from Interface Configuration to Global Configuration mode:awplus(config-if)#exitawplus(config)#T o go from Interface Configuration to Privileged Exec:awplus(config-if)#endawplus#T o go from Privileged Exec to User Exec:awplus#disableawplus>X Entering Privileged Exec commands when in a configuration modeWhen you are configuring the switch, you are likely to want to enter show commands toconfirm the configuration. This can mean you change often between configuration modes andPrivileged Exec mode.However, you can run Privileged Exec commands without changing mode, by using thecommand:doHowever, you cannot use the ? help to find out command syntax when using the docommand.Example T o display information about the IP interfaces when in Global Configuration mode, enter the command:awplus(config)#do show ip int briefThis results in the following output:Interface IP-Address Status Protocoleth0 172.28.8.200 admin up runningvlan1 unassigned admin up running...How to see the current configurationHow to see the current configurationThe current configuration is called the running-config. T o see it,enter the following command in either Privileged Exec mode or any configuration mode:awplus#show running-config T o see only part of the current configuration, enter thecommand:awplus#show running-config |includeThis displays only the lines that contain word .T o start the display at a particular place, enter the command: awplus#show running-config |beginThis searches the running-config for the first instance of word and begins the display with thatline.Tip:show running-config works in all modesexcept User Exec mode.Default settingsWhen the switch first starts up with the AlliedWare Plus OS, it applies default settings and copies these defaults dynamically into its running-config.These default settings mean that the AlliedWare Plus OS:z encrypts passwords, such as user passwordsz records log message priority in log messagesz turns on jumbo frame support for all portsz turns on the telnet server so that you can telnet to the switchz enables the switch to look up domain names (but for domain name lookups to work, you have to configure a DNS server)z turns off L3 multicast packet switching in the swi tch’s hardware. This prevents L3 multicasts from flooding the switch’s CPU in its default state as an L2 switchz sets the maximum number of ECMP routes to 8z turns on RSTP on all ports. Note that the ports are not set to be edge portsz sets all the switch ports to access mode. This means they are untagged ports, suitable for connecting to hostsz creates VLAN 1 and adds all the switch ports to itz allows logins on the serial console portz allows logins on VTY sessions (for telnet etc)z has switching enabled, so layer 2 traffic is forwarded appropriately without further configurationz allocates all the routing table memory space to IPv4 routes (instead of IPv6 routes)z has ports set to autonegotiate their speed and duplex modez has copper ports set to auto MDI/MDI-X modez has all switch ports attached to VLAN 1The default configuration scriptMost of the above default settings are in the form of commands, which the switch copies toits running-config when it first boots up.The switch stores a copy of the default configuration commands in the file default.cfg anduses that file as its default start-up file.For more information about start-up files, see "How to save and boot from the currentconfiguration"on page18.The following figure shows the contents of the default file.Contents of default file Description!An empty comment line (comments begin with an !). service password-encryption!Forces passwords in the script to be encrypted.log record-priority Records log message priority.username manager privilege 15 password 8$1$bJoVec4D$JwOJGPr7YqoExA0GVasdE0Specifies the password for the manager userservice telnet!T urns on the telnet server.ip domain-lookup!Allows domain name lookups.no ip multicast-routing !T urns off L3 multicast packet switching in the switch hardware.maximum-paths 8Sets maximum number of ECMP routes. spanning-tree mode rstp!T urns on RSTP.interface eth0 !A heading for any configuration settings for the management eth0 port. There are no eth0 settings.interface port1.0.1-1.0.24switchportswitchport mode access!Sets each switch port to access mode.interface vlan1!Creates VLAN 1.line con 0 A heading for any configuration settings for the console port.There are no console port settings.line vty 0 32 !end A heading for any configuration settings for VTY sessions. There are no VTY session settings.How to change the password How to change the password T o change the password for the manager account, enter Global Configuration mode and enter the following command:awplus(config)#username manager passwordThe password can contain any printable character and is case sensitive.How to set a management IP addressThis section describes how to set an IP address on the eth0 management port.1.If desired, check the current configurationAfter logging in, enter Privileged Exec mode by using the command:awplus>enableThen check the current configuration by using one of the following commands:awplus#show ip interface eth0 briefThis results in the following output:Interface IP-Address Status Protocoleth0 172.28.8.200 admin up runningawplus#show running-config interface eth0This results in the following output:!interface eth0ip address 172.28.8.200/16!2.Enter Interface Configuration mode for the eth0 interfaceEnter Global Configuration mode and enter the command: awplus(config)#interface eth03.Enter the IP address and maskEnter the command:awplus(config-if)#ip addressFor example, to set the address to 172.28.8.210/16, enter the command:awplus(config-if)#ip address 172.28.8.210/16How to save and boot from the currentconfigurationThis section tells you how to save your configuration and run the saved configuration whenthe switch starts up.Y ou can either:z save the configuration to the switch’s default configuration file (called “default.cfg”). Bydefault, the switch uses that file at start-up.zcreate a new configuration file and set the switch to use the new configuration file atstart-up.How to save to the default configuration fileEnter Privileged Exec mode and enter the command:awplus#copy running-config startup-configThe parameter startup-config is a short-cut for the current boot configuration file, whichwill be the default configuration file unless you have changed it, as described in the nextsection.How to create and use a new configuration fileEnter Privileged Exec mode and enter the command:awplus#copy running-config .cfgExample T o save the current configuration in a file called example.cfg, enter the commandawplus#copy running-config example.cfgT o run the new file’s configuration when the switch starts up, enter Global Configurationmode and enter the command:awplus(config)#boot config-file .cfgExample T o run the commands in example.cfg on startup, enter the command awplus(config)#boot config-file example.cfg1.Copy the current configuration to a new file2.Set the switch to use the new file at startup3.Display the new settingsT o see the files that the switch uses at startup, enter Privileged Exec mode and enter the command:awplus#show bootThe output looks like this:Boot configuration--------------------------------------------------------------------Current software : r1-5.2.1.relCurrent boot image : flash:/r1-5.2.1.relBackup boot image : Not setDefault boot config: flash:/.configs/default.cfgCurrent boot config: flash:/example.cfg (file exists)4.Continue updating the file when you change the configurationWhen you next want to save the current configuration, enter Privileged Exec mode and enter the command:awplus#copy running-config startup-configThe parameter startup-config is a short-cut for the current boot configuration file.。

数据通信网络技术教案8三层交换机的配置与管理三层交换机是网络中的重要设备，它能够实现数据的快速交换和路由转发。

在进行三层交换机的配置与管理时，需要掌握一些基本的操作和命令，以便能够正确地配置网络设备并进行故障排除。

本教案将介绍三层交换机的配置与管理，包括VLAN、静态路由和动态路由等方面的知识。

1.VLAN的基本概念VLAN（Virtual Local Area Network）是一种虚拟的局域网，它能够将物理上分散的设备逻辑地分组在一起，提供更好的网络管理和安全性。

在配置三层交换机时，我们可以使用VLAN技术来实现不同网段之间的隔离和互通。

2.VLAN的配置①创建VLAN在三层交换机上创建VLAN，我们需要使用命令行界面或者Web界面进行配置。

在命令行界面下，可以使用"vlan database"命令进入VLAN数据库模式，然后通过"vlan <vlan-id>"创建VLAN。

在Web界面下，可以直接进入交换机的管理页面，找到VLAN配置的入口，然后创建所需的VLAN。

②配置端口的VLAN属性一旦创建了VLAN，我们需要将端口与VLAN进行关联，使得端口能够属于特定的VLAN。

在命令行界面下，可以使用"interface <interface-id>"命令进入接口配置模式，然后使用"switchport mode access"命令设置接口的工作模式为接入模式，并使用"switchport access vlan <vlan-id>"命令将接口划分到相应的VLAN中。

在Web界面下，可以找到端口配置的入口，然后选择所需的VLAN。

静态路由是一种手动配置的路由方式，它需要管理员手动添加路由表项，指定下一跳的目标地址。

静态路由适用于小型网络环境，并且配置较为简单直观。

安装手册三层网管交换机Enterprise Networking Solution全千兆三层网管交换机全千兆三层网管PoE交换机千兆上联三层网管交换机声明Copyright © 2023 普联技术有限公司版权所有，保留所有权利未经普联技术有限公司明确书面许可，任何单位或个人不得擅自仿制、复制、誊抄或转译本手册部分或全部内容，且不得以营利为目的进行任何方式（电子、影印、录制等）的传播。

为普联技术有限公司注册商标。

本手册提及的所有商标，由各自所有人拥有。

本手册所提到的产品规格和资讯仅供参考，如有内容更新，恕不另行通知。

除非有特殊约定，本手册仅作为使用指导，所作陈述均不构成任何形式的担保。

I声明相关文档除本安装手册外，TP-LINK官网还提供了《用户手册》、《命令行手册》和《防雷安安装手册简介《三层网管交换机安装手册》主要介绍交换机的硬件特性、安装方法以及在安装过程中应注意事项。

本手册包括以下章节：第1章：产品介绍。

简述交换机的基本功能特性并详细介绍外观信息。

第2章：产品安装。

指导交换机的硬件安装方法以及注意事项。

第3章：硬件连接。

指导交换机与其他设备之间的连接及注意事项。

第4章：配置指南。

指导通过WEB登录、本地登录以及远程登录配置交换机。

附录A：常见故障处理。

附录B：技术参数规格。

附录C：连接SFP端口补充说明。

II相关文档附录D：产品保修卡。

有毒有害物质含量声明。

附录E：本手册适合下列人员阅读：网络工程师网络管理员约定在本手册以下部分，如无特别说明，均以TL-SG5428机型为例介绍，所提到的交换机是指三层网管交换机。

本手册中产品图片仅为示意，端口数量、类型和位置等请以实际机型为准。

本手册采用了如下几种醒目标志来表示操作过程中应该注意的地方，这些标志的III阅读对象目录第1章产品介绍——————————011.1 产品简介 (01)1.2 产品外观 (02)第2章产品安装——————————102.1 物品清单 (10)2.2 安装注意事项 (10)2.3 安装工具准备 (12)2.4 产品安装 (12)第3章硬件连接——————————143.1 连接至RJ45端口 (14)3.2 连接SFP端口 (14)3.3 连接Console端口 (15)3.4 连接电源线 (15)3.5 设备初始化 (16)3.6 安装后检查 (16)第4章配置指南——————————174.1 WEB登录 (17)4.2 本地登录 (18)4.3 远程登录 (18)4.4 远程管理 (19)附录A 常见故障处理————————22附录B 技术参数规格————————23附录C 连接SFP端口补充说明—————24附录D 产品保修卡 ——————————25附录E 有毒有害物质含量声明—————26IV目录01三层网管交换机安装手册产品介绍第1章 产品介绍1.1 产品简介普联技术有限公司自主研发设计并推出的新一代三层网管交换机，采用全新的软硬件平台，支持静态路由和RIP动态路由，支持云管理和维护，提供完备的安全防护机制、完善的QoS策略及灵活的VLAN划分等功能，易于管理维护，可作为中小企业、校园网络、酒店、医院、网吧等使用场景的核心交换机，为用户提供安全可靠、高性能、低成本的网络解决方案。

非常详细的锐捷三层交换机配置教程，适合新手小白笔者上一篇文章写了关于锐捷网关路由配置教程，但是这只是出口的配置，还不能搭建一个完整的企业网络。

那么这一篇就来讲一下锐捷的三层交换机配置，如果将上一篇文章中的锐捷网关路由配置结合这篇的交换机配置，就可以快速构建一个企业核心网络。

今天的教程是基于命令行，但是并不复杂，适合新手小白进行学习。

场景概述目的：搭建一个小型的企业内部网络，使用RG-NBR3000D-E作为出口网关，使用RG-S5750C-28GT4XS-H作为核心，使用RG-S2910-10GT2SFP-P-E作为接入POE给无线AP供电使用。

IT技术迷-网络拓扑图什么是三层交换机？三层交换机实质就是一种特殊的路由器，是一种在性能上侧重于交换而价格低廉的路由器。

传统交换技术是在OSI网络标准模型第二层——数据链路层进行操作，而三层交换机是为IP设计的，接口类型简单，拥有很强二层包处理能力，它既可以工作在协议第三层替代或部分完成传统路由器的功能，同时又具有几乎第二层交换的速度，且价格相对便宜。

三层交换机最重要的目的是加快大型局域网内部的数据交换，做到一次路由，多次转发。

当一个大型局域网按照功能或地域等因素划成一个个小局域网时，VLAN（Virtual LocalArea Network虚拟局域网）技术在网络中得以大量应用，而各个不同VLAN间的通信都要经过路由器来完成转发。

单纯使用路由器来实现不仅端口数量有限，而且路由速度较慢，从而限制了网络的规模和访问速度。

三层交换机参数RG-S5750C-28GT4XS-H固定端口： 28口10/100/1000M自适应电口，4个复用的SFP接口（SFP为千兆/百兆口）4个1G/10G SFP+光口，2个扩展槽， 2个模块化电源插槽管理口：1个MGMT端口、1个Console 端口、1个Mini USB Console口、1个USB端口，符合USB2.0的标准交换容量：598G/7T包转发率：222M/396M准备工作配置前准备：console配置线、超级终端软件（或者CRT软件）。

部分三层交换机的硬件概要和安装指南（适用于AlliedWare TM操作系统）Rev D安奈特（中国）网络有限公司前言本手册适用于安奈特运行AlliedWare TM 2.x或3.x操作系统的三层交换机设备，主要包括如下系列和型号（但本文的内容并未涵盖所有型号）系列名称具体产品名称备注AT-SB4000系列 AT-SB4008、AT-SB4004AT-x900系列 AT-x900-24XT、AT-x900-24XS、AT-9924Ts、AT-x900-12XT、AT-x900-48FE 安装了Alliedware Plus 系统的产品不适用AT-9924系列 AT-9924T、AT-9924SP、AT-9924T/4SPAT-9800系列 AT-9812T、AT-9816GBAT-8900系列 AT-8948A、AT-8948PAT-8800系列 AT-8824、AT-8848AT-RP系列 AT-RP24i、AT-RP48i、AT-RP16Fi、AT-RPG6FLX/SC、AT-RPG6FSX/SCAT-8700系列 AT-8724XL、AT-8748XLAT-8600系列 AT-8624T/2M、AT-8624POE、AT-8648T/2SP注意：本手册为简明手册，尽量以简洁的方式提供快速指南，如果需要了解更为详细的信息，请到下列网站下载最详尽的手册（英文版），或者联络安奈特或其合作伙伴的技术人员以获得帮助。

/support/software/default.aspx请注意，本手册并不适用于使用AlliedWare Plus TM操作系统的产品，例如AT-SBx908、AT-x600系列和安装了AlliedWare Plus的AT-x900系列等。

1. AT-SB4000系列SwitchBlade 4000系列模块化多层以太网交换机分为AT-SB4008和AT-SB4004两款，分别具有10个插槽和6个插槽，可提供百兆、千兆、万兆、电口、多模光纤、单模光纤等各种端口。

华为华三三层交换机配置展开全文华为三层交换机配置方法（1）本文以华为华三通信的H3C S3600-28P-SI为例，配置前首先要确定型号后缀是SI还是EI，EI的支持所有协议，SI的不支持OSPS动态协议，因此SI配置路由时可以使用静态协议和RIP协议，具体配置如下：<H3C>system-view //进入系统视图[H3C]display current-configuration //显示当前配置//以下开始配置//第一步：划分VLAN，并描述vlan 1description local-S3600vlan 2description link-to-wenquanvlan 3description link-to-ruzhouvlan 4description link-to-xiaotunvlan 5description link-to-baofengvlan 6description link-to-pingxivlan 7description link-to-pingnanvlan 8description Uplink-to-Putianvlan 9description link-to-pingxicentre//第二步：给VLAN 划网关interface Vlan-interface2description link to wenquanip address 10.41.77.41 255.255.255.192 interface Vlan-interface3description link to ruzhouip address 10.41.77.105 255.255.255.192 interface Vlan-interface4description link to xiaotunip address 10.41.77.169 255.255.255.192 interface Vlan-interface5description link to baofengip address 10.41.77.233 255.255.255.192 interface Vlan-interface6description link to pingxiip address 10.41.78.41 255.255.255.192 interface Vlan-interface7description link to pingnanip address 10.41.78.105 255.255.255.192 interface Vlan-interface8description uplink to putianip address 10.41.244.102 255.255.255.252 interface Vlan-interface9description link to pingxicentreip address 10.41.80.233 255.255.255.192 //第三步：给VLAN 指定端口interface Ethernet1/0/2description link to wenquanport access vlan 2interface Ethernet1/0/3description link to ruzhouport access vlan 3interface Ethernet1/0/4description link to xiaotunport access vlan 4interface Ethernet1/0/5description link to baofengport access vlan 5interface Ethernet1/0/6description link to pingxiport access vlan 6interface Ethernet1/0/7description link to pingnanport access vlan 7interface Ethernet1/0/8description uplink to putianport access vlan 8interface Ethernet1/0/9 to Ethernet1/0/24 description link to pingxicentreport access vlan 9//第四步：配置路由协议//（1）用RIP配动态路由ripnetwork 10.41.77.41network 10.41.77.105network 10.41.77.169network 10.41.77.233network 10.41.78.41network 10.41.78.105network 10.41.80.233network 10.41.244.102//（2）配静态路由（只用对远华为三层交换机配置命令分类:默认栏目2007.6.2 07:28 作者：weiwei2501 | 评论：1 | 阅读：0Enable //进入私有模式Configure terminal //进入全局模式service password-encryption //对密码进行加密hostname Catalyst 3550-12T1 //给三层交换机定义名称enable password 123456. //enable密码Enable secret 654321 //enable的加密密码（应该是乱码而不是654321这样）Ip subnet-zero //允许使用全0子网（默认都是打开的）Ip name-server 172.16.8.1 172.16.8.2 //三层交换机名字Catalyst 3550-12T1对应的IP地址是172.16.8.1Service dhcp //提供DHCP服务ip routing //启用三层交换机上的路由模块ExitVtp mode server //定义VTP工作模式为sever模式Vtp domain centervtp //定义VTP域的名称为centervtpVlan 2 name vlan2 //定义vlan并给vlan取名（如果不取名的话，vlan2的名字应该是vlan002）Vlan 3 name vlan3Vlan 4 name vlan4Vlan 5 name vlan5Vlan 6 name vlan6Vlan 7 name vlan7Vlan 8 name vlan8Vlan 9 name vlan9Exitinterface Port-channel 1 //进入虚拟的以太通道组1Interface gigabitethernet 0/1 //进入模块0上的吉比特以太口1 channel-group 1 mode on //把这个接口放到快速以太通道组1中Interface gigabitethernet 0/2 //同上channel-group 1 mode onport-channel load-balance src-dst-ip //定义快速以太通道组的负载均衡方式（依靠源和目的IP的方式）interface gigabitethernet 0/3 //进入模块0上的吉比特以太口3interface gigabitethernet 0/4 //同上interface gigbitethernet 0/5 //同上interface gigbitethernet 0/6 //同上interface gigbitethernet 0/7 //进入模块0上的吉比特以太口7 no shutdownspanning-tree vlan 6-9 cost 1000 //在生成树中，vlan6-9的开销定义为10000interface range gigabitethernet 0/8 – 10 //进入模块0上的吉比特以太口8,9,10no shutdownspanning-tree portfast //在这些接口上使用portfast（使用portfast以后，在生成树的时候不参加运算，直接成为转发状态）interface gigabitethernet 0/11 //进入模块0上的吉比特以太口11interface gigabitethernet 0/12 //同上interface vlan 1 //进入vlan1的逻辑接口（不是物理接口，用来给vlan做路由用）ip address 172.16.1.7 255.255.255.0 //配置IP地址和子网掩码no shutdownstandby 1 ip 172.16.1.9 //开启了冗余热备份（HSRP），冗余热备份组1，虚拟路由器的IP地址为172.16.1.9standby 1 priority 110 preempt //定义这个三层交换机在冗余热备份组1中的优先级为110，preempt是用来开启抢占模式interface vlan 2 //同上ip address 172.16.2.252 255.255.255.0no shutdownstandby 2 ip 172.16.2.254standby 2 priority 110 preemptip access-group 101 in //在入方向上使用扩展的访问控制列表101interface vlan 3 //同上ip address 172.16.3.252 255.255.255.0no shutdownstandby 3 ip 172.16.3.254standby 3 priority 110 preemptip access-group 101 ininterface vlan 4 //同上ip address 172.16.4.252 255.255.255.0no shutdownstandby 4 ip 172.16.4.254standby 4 priority 110 preemptip access-group 101 ininterface vlan 5ip address 172.16.5.252 255.255.255.0 no shutdownstandby 5 ip 172.16.5.254standby 5 priority 110 preemptip access-group 101 ininterface vlan 6ip address 172.16.6.252 255.255.255.0 no shutdownstandby 6 ip 172.16.6.254standby 6 priority 100 preemptinterface vlan 7ip address 172.16.7.252 255.255.255.0 no shutdownstandby 7 ip 172.16.7.254standby 7 priority 100 preemptinterface vlan 8ip address 172.16.8.252 255.255.255.0 no shutdownstandby 8 ip 172.16.8.254standby 8 priority 100 preemptinterface vlan 9ip address 172.16.9.252 255.255.255.0 no shutdownstandby 9 ip 172.16.9.254standby 9 priority 100 preemptaccess-list 101 deny ip any 172.16.7.0 0.0.0.255 //扩展的访问控制列表101access-list 101 permit ip any anyInterface vlan 1 //进入vlan1这个逻辑接口Ip helper-address 172.16.8.1 //可以转发广播（helper－address的作用就是把广播转化为单播，然后发向172.16.8.1）Interface vlan 2Ip helper-address 172.16.8.1Interface vlan 3ip helper-address 172.16.8.1interface vlan 4ip helper-address 172.16.8.1interface vlan 5ip helper-address 172.16.8.1interface vlan 6ip helper-address 172.16.8.1interface vlan 7ip helper-address 172.16.8.1interface vlan 9ip helper-address 172.16.8.1router rip //启用路由协议RIPversion 2 //使用的是RIPv2，如果没有这句，则是使用RIPv1network 172.16.0.0 //宣告直连的网段exitip route 0.0.0.0 0.0.0.0 172.16.9.250 //缺省路由，所有在路由表中没有办法匹配的数据包，都发向下一跳地址为172.16.9.250这个路由器line con 0line aux 0line vty 0 15 //telnet线路（路由器只有5个，是0-4）password 12345678 //login密码loginendcopy running-config startup-config 保存配置cisco 3550Switch# configure terminalSwitch(config)#vtp mode transparentSwitch(config)#vlan 10Switch(config-vlan)# name vlan10Switch(config)#exitSwitch(config)#vlan 11Switch(config-vlan)name vlan11Switch(config-vlan)endSwitch#configure terminalSwitch(config)#interface fastethernet0/9Switch(config-if)#switchport mode accessSwitch(config-if)#switchport access vlan 10Switch(config-if)#exitSwitch(config)#interface fastethernet0/10Switch(config-if)#switchport mode accessSwitch(config-if)#switchport access vlan 10Switch(config-if)#exitSwitch(config)#interface fastethernet0/11Switch(config-if)#switchport mode accessSwitch(config-if)#switchport access vlan 11Switch(config-if)#exitSwitch(config)#interface fastethernet0/12Switch(config-if)#switchport mode accessSwitch(config-if)#switchport access vlan 11Switch(config-if)#exitSwitch(config)#interface vlan10Switch(config-if)#ip address 192.168.0.1 255.255.255.0Switch(config-if)#no shutdownSwitch(config-if)#exitSwitch(config)#interface vlan11Switch(config-if)#ip address 192.168.1.1 255.255.255.0Switch(config-if)#no shutdownSwitch(config-if)#exitSwitch(config)#ip routingSwitch(config)#ip forward-protocol udpSwitch(config)#inter vlan 10ip helper 172.16.11.255 //这个命令又是什么意思？是不是转发整个网段的UDP协议？为什么用到了172.16.11.255这个地址？Switch(config)#exitSwitch(config)#inter vlan 11Switch(config-if)#ip helper 172.16.10.255 //同上？Switch(config-if)#exitSwitch(config)#ip route 0.0.0.0 0.0.0.0 Vlan10Switch(config)#ip route 0.0.0.0 0.0.0.0 Vlan11Switch(config)#conf tSwitch(config)#access-list 103 permit ip 172.16.11.00.0.0.255 172.16.10.0 0.0.0.255Switch(config)#access-list 103 permit udp any any eq bootpc Switch(config)#access-list 103 permit udp any any eq tftpSwitch(config)#access-list 103 permit udp any eq bootpc any Switch(config)#access-list 103 permit udp any eq tftp anySwitch(config)#inter vlan 10Switch(config-if)#ip directed-broadcast 103 //请解释一下这个的具体含义，本人不是太明白，懂一点意思（直接广播这个列表？是不是）Switch(config-if)#exitSwitch(config)#access-list 104 permit ip 172.16.10.0 0.0.0.255 172.16.11.0 0.0.0.255Switch(config)#access-list 104 permit udp any any eq bootpc Switch(config)#access-list 104 permit udp any any eq tftpSwitch(config)#access-list 104 permit udp any eq bootpc any Switch(config)#access-list 104 permit udp any eq tftp anySwitch(config)#inter vlan 11Switch(config-if)#ip directed-broadcast 104 //同上Switch(config)#endSwitch#copy run star华为三层交换机配置实例一例华为三层交换机配置实例一例服务器1双网卡，内网IP:192.168.0.1，其它计算机通过其代理上网PORT1属于VLAN1PORT2属于VLAN2PORT3属于VLAN3VLAN1的机器可以正常上网配置VLAN2的计算机的网关为：192.168.1.254配置VLAN3的计算机的网关为：192.168.2.254即可实现VLAN间互联如果VLAN2和VLAN3的计算机要通过服务器1上网则需在三层交换机上配置默认路由系统视图下：ip route-static 0.0.0.0 0.0.0.0 192.168.0.1然后再在服务器1上配置回程路由进入命令提示符route add 192.168.1.0 255.255.255.0 192.168.0.254route add 192.168.2.0 255.255.255.0 192.168.0.254这个时候vlan2和vlan3中的计算机就可以通过服务器1访问internet了~~华为路由器与CISCO路由器在配置上的差别＂华为路由器与同档次的CISCO路由器在功能特性与配置界面上完全一致，有些方面还根据国内用户的需求作了很好的改进。