如何配置三层交换机入门(三层交换机的完整配置)

水桥五颜

收藏 分享

华为Quidway S3500为例

如何配置三层交换机入门(三层交换机的完整配置)(1)

设置Host名称

[Quidway] sysname TC-JiFang-S3500

配置Telnet的用户名和密码

[Quidway] local-user huawei789

[Quidway-user-hwawei789] password cipher huawei@123

[Quidway-luser-huawei789] service-type telnet level 1

[Quidway] super password level 3 cipher huawei@2019A@iC

[Quidway] user-interface vty 0 2 设置同时在线用户

[Quidway-ui-vty0] authentication-mode scheme

[Quidway-ui-vty0-2] quit

[Quidway] user-interface aux 0

[Quidway-ui-aux0] authentication-mode scheme

[Quidway-ui-aux0] quit

创建和配置互连Vlan

[Quidway] vlan 10

[Quidway-vlan10] description Uplink_S9312_0_2_4

[Quidway-vlan10] quit

[Quidway] interface vlan 10

[Quidway-Vlan-interface10] ip address 2.2.2.2 30

[Quidway] inter Ethernet 1/1

[Quidway-Ethernet1/1] port link-type trunk

[Quidway-Ethernet1/1] port trunk permit vlan 10

创建和配置用户Vlan

[Quidway] vlan 20

[Quidway-vlan20] description xxx_wangba

[Quidway-vlan20] quit

[Quidway] interface vlan 20

[Quidway-Vlan-interface20] ip address 10.101.10.1 29

[Quidway] inter Ethernet 0/1

[Quidway-Ethernet0/1] port link-type access

[Quidway-Ethernet0/1] port access vlan 20

添加缺省路由

[Quidway] ip route-static 0.0.0.0 0 2.2.2.1

常用命令

[Quidway] display current-configuration 查看当前配置

<Quidway> reset saved-configuration 清除所有配置

<Quidway> save 保存系统配置

端口聚合

[Quidway] link-aggregation Ethernet 0/1 to Ethernet 0/3 both

设置老化时间

[Quidway] arp time ag 25

设置loopback

[Quidway]int loopback 0

[Quidway-loopback0] ip add 192.168.100.11 32

配置ACL

rule 1 deny icmp source any destination any

rule 2 deny tcp source-port eq 135 destination-port eq 135

rule 3 deny udp source-port eq 135 destination-port eq 135

rule 4 deny tcp source-port eq 136 destination-port eq 136

rule 5 deny udp source-port eq 136 destination-port eq 136

rule 6 deny tcp source-port eq 137 destination-port eq 137

rule 7 deny tcp source-port eq 138 destination-port eq 138

rule 8 deny tcp source-port eq 139 destination-port eq 139

rule 9 deny tcp source-port eq 389 destination-port eq 389

rule 10 deny udp source-port eq 389 destination-port eq 389

rule 11 deny tcp source-port eq 445 destination-port eq 445

rule 12 deny udp source-port eq 445 destination-port eq 445

rule 13 deny tcp source-port eq 1068 destination-port eq 1068

rule 14 deny udp source-port eq 1433 destination-port eq 1433

rule 15 deny udp source-port eq 1434 destination-port eq 1434

rule 16 deny tcp source-port eq 4444 destination-port eq 4444

rule 17 permit ip source any destination any

配置SNMP网管

snmp-agent community read public_R

snmp-agent community write public_W

snmp-agent target-host trap-hostname U2000 address 172.100.77.244 udp-port 162

,
展开全文

免责声明:本文仅代表文章作者的个人观点,与本站无关。其原创性、真实性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容文字的真实性、完整性和原创性本站不作任何保证或承诺,请读者仅作参考,并自行核实相关内容。文章投诉邮箱:anhduc.ph@yahoo.com

猜您喜欢

    热门推荐

    Copyright © 2013-2024 秒懂生活 站务投诉邮箱:anhduc.ph@yahoo.com

    分享
    投诉
    首页