华为S5700系列交换机 , 是我们项目中用的较多的一款 , 其中24与48口应用较多 。现在将华为交换机的一些常用配置整理一下 , 进行记录 。如有错误 , 请指正 。
1 允许telnet(远程登录)
允许华为交换机能telnet , 设置密码为Admin@123
telnet server en
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user huawei password cipher Admin@123
local-user huawei privilege level 15
local-user huawei service-type telnet terminal
local-user admin password cipher Admin@123
local-user admin service-type http
#
user-interface con 0
authentication-mode password
set authentication password cipher Admin@123
user-interface vty 0 4
protocol inbound telnet
authentication-mode aaa
user-interface vty 16 20
#
华为S5720S交换机远程登录
telnet server enable
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
local-aaa-user password policy administrator
password expire 0
domain default
authentication-scheme radius
radius-server default
domain default_admin
authentication-scheme default
local-user admin password irreversible-cipher Admin@123
local-user admin privilege level 15
local-user admin service-type terminal http
local-user huawei password irreversible-cipher Admin@123
local-user huawei privilege level 15
local-user huawei service-type telnet terminal
user-interface con 0
authentication-mode password
set authentication password cipher Admin@123
user-interface vty 0 4
protocol inbound telnet
authentication-mode aaa
user-interface vty 16 20
2 创建VLAN
为交换机划分VLAN1001 , VLAN1002 ,
设置vlan1001 , 接口IP地址为172.16.1.254(即网关地址) , 子网掩码为255.255.255.0
将g0/0/1~g0/0/24配置为vlan1001
防止arp***
vlan 1001
interface vlan 1001
ip addr 172.16.1.254 24
arp anti-attack gateway-duplicate enable
arp anti-attack rate-limit enable
arp-miss anti-attack rate-limit enable
port-group group1
group-member g0/0/1 to g0/0/24
port link-type access
port default vlan 1001
loopback-detect enable
arp anti-attack rate-limit enable
arp-miss anti-attack rate-limit enable
quit
批量将多个端口添加到Access
port-group group-member GigabitEthernet0/0/17 to GigabitEthernet0/0/22
port link-type access
port default vlan 2006
quit
3 将多个端口添加到Trunk
将25~44端口划分为Trunk端口
port-group group2
group-member g0/0/25 to g0/0/44
port link-type trunk
port trunk allow-pass vlan 2 to 4094
loopback-detect enable
quit
# 批量将1~16端口添加到Trunk
port-group group-member GigabitEthernet0/0/1 to GigabitEthernet0/0/16
port link-type trunk
port trunk allow-pass vlan 2 to 4094
quit
4 创建链路聚合端口
将45、46创建链路聚合1 , 使用RJ45
将47、48创建链路聚合2 , 使用光纤
clear configuration inte g0/0/45
clear configuration inte g0/0/46
clear configuration inte g0/0/47
clear configuration inte g0/0/48
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
mode lacp
interface Eth-Trunk2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
mode lacp
interface GigabitEthernet0/0/45
eth-trunk 1
interface GigabitEthernet0/0/46
eth-trunk 1
interface GigabitEthernet0/0/47
eth-trunk 2
combo-port fiber
interface GigabitEthernet0/0/48
eth-trunk 2
combo-port fiber
【说明】每个端口可能需要执行undo shutdown以激活端口 。
5 VLAN端口重新配置为Trunk
原配置如下:
interface GigabitEthernet0/0/17
port link-type access
port default vlan 128
将g0/0/17端口配置为Trunk端口命令
undo port default vlan
undo port link-type
port link-type trunk
port trunk allow-pass vlan all
6 Trunk端口重新配置为VLAN
原配置如下
interface GigabitEthernet0/0/11
port link-type trunk
port trunk allow-pass vlan 2 to 4094
将g0/0/11端口配置为VLAN140命令
undo port trunk allow-pass vlan all
port trunk allow-pass vlan 1
推荐阅读
- 华为交换机vlan与trunk配置
- 华为|华为监事会换届选举:孟晚舟担任轮值董事长
- 华为Mate 20系列推送EMUI 10.0正式版更新
- 华为手机音量键的7大功能,除了调节音量,其它功能你用过几个?
- 把这三个设置关闭,让你的华为手机告别卡顿!
- 华为手机光清理内存是没效果的,关闭这几个功能,能腾出大量空间
- 华为手机隐藏的8个技巧
- 华为终于放出方舟编译器源代码!
- 华为手机型号后缀含义
- 华为EMUI10“滚屏翻译”之背后的学问