华为5624交换机配置.doc

华为5624交换机配置规范文档5624核心交换机规范配置文档进入交换机配置命令行后，须作如下配置：进入系统视图systemview设置主机名，用于区别其他交换机。主机名最好包括交换机型号，以及交换机在网络中所起的作用等信息。 Quidwaysysname Center-5624配置Vlan时须对Vlan描述，帮助网络管理员确认该Vlan的用途与连接网络的范围。防止长时间后难于正确识别Vlan用途。Center-5624vlan 2Center-5624-vlan2description menzhen-lowCenter-5624-vlan2quitCenter-5624vlan 3Center-5624-vlan3description zhuyuan-lowCenter-5624-vlan3quitCenter-5624vlan 4Center-5624-vlan4description xingdai-lowCenter-5624-vlan4quitCenter-5624vlan 5Center-5624-vlan5description fengyuanCenter-5624-vlan5quitCenter-5624vlan 6Center-5624-vlan6description mengzhendianCenter-5624-vlan6quit配置VLAN的3层虚拟接口时，注意3层接口的地址与Vlan号最好要有对应关系。比如Vlan2接口对应地址为192.168.2.1，Vlan3接口对应地址为192.168.3.1.其他应如此类推。Center-5624interface vlan 1Center-5624-vlan-interface1ip address 192.168.1.1 255.255.255.0Center-5624-vlan-interface1quitCenter-5624interface vlan 2Center-5624-vlan-interface2ip address 192.168.2.1 255.255.255.0Center-5624-vlan-interface2quitCenter-5624interface vlan 3Center-5624-vlan-interface3ip address 192.168.3.1 255.255.255.0Center-5624-vlan-interface3quitCenter-5624interface vlan 4Center-5624-vlan-interface4ip address 192.168.4.1 255.255.255.0Center-5624-vlan-interface4quitCenter-5624interface vlan 5Center-5624-vlan-interface5ip address 192.168.5.1 255.255.255.0Center-5624-vlan-interface5quitCenter-5624interface vlan 6Center-5624-vlan-interface6ip address 192.168.6.1 255.255.255.0Center-5624-vlan-interface5quit如果是将多个接口批量加入某个VLAN中，如下命令将相关接口加入对应VLAN2、VLAN3、VLAN4。Center-5624vlan 2Center-5624-vlan2port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/3Center-5624vlan 3Center-5624-vlan3port GigabitEthernet 1/0/4 to GigabitEthernet 1/0/6Center-5624vlan 4Center-5624-vlan4port GigabitEthernet 1/0/7 to GigabitEthernet 1/0/8配置将个别特定物理接口加入某个Vlan中。可采用如下命令：Center-5624interface GigabitEthernet 1/0/9Center-5624-GigabitEthernet1/0/9port access vlan 5Center-5624interface GigabitEthernet 1/0/10Center-5624-GigabitEthernet1/0/9port access vlan 6创建交换机访问控制列表，控制所有VLAN只能与VLAN1互访，而不能与VLAN1已外的VLAN互访。Center-5624acl number 3000Center-5624-acl-adv-3000rule 100 permit ip source 192.168.1.0 0.0.0.255 destion any上述访问控制列表规则让VLAN1的IP地址可以访问所以其他所有VLAN。Center-5624-acl-adv-3000rule 90 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.1.0 0.0.0.255上述访问控制列表规则让所有VLAN的IP地址可以访问VLAN1。Center-5624-acl-adv-3000rule 80 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.0.1 0.0.255.0上述访问控制列表规则让所有VLAN的IP地址可以访问网关IP地址：192.168.X.1Center-5624-acl-adv-3000rule 70 deny ip source 192.168.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255上述访问控制列表规则让所有VLAN的IP地址都不能互访。Center-5624-acl-adv-3000quitCenter-5624创建的访问控制列表要真正起作用，必须在交换机接口上启用该访问控制列表。以下命令将访问控制列表在交换机所有接口使用。center-5624interface GigabitEthernet 1/0/1center-5624-GigabitEthernet1/0/1packet-filter inbound ip-group 3000center-5624-GigabitEthernet1/0/1quitcenter-5624interface GigabitEthernet 1/0/2center-5624-GigabitEthernet1/0/2packet-filter inbound ip-group 3000center-5624-GigabitEthernet1/0/2quitcenter-5624interface GigabitEthernet 1/0/24center-5624-GigabitEthernet1/0/24packet-filter inbound ip-group 3000center-5624-GigabitEthernet1/0/24quit下列命令用于配置telnet用户的相关信息，包括用户名，用户口令，用户类型，用户级别。Center-5624local-user gzyyadminCenter-5624-luser-adminservice-type telnetCenter-5624-luser-adminpassord simple new2006Center-5624-luser-adminlevel 3在telnet的用户接口中指定登陆验证方式是交换机本地的用户数据库验证，并指定登陆的用户级别是最高级别：3级。Center-5624user-interface vty 0 4Center-5624-ui-vty0-4authentication-mode schemeCenter-5624-ui-vty0-4user privilege level 3保存配置。Center-5624saveCenter-5624quit以下是桂洲医院5624交换机完整配置文件。# sysname center-5624#radius scheme system#domain system #local-user gzyyadmin password simple new2006 service-type telnet level 3#acl number 3000 rule 70 deny ip source 192.168.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255 rule 80 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.0.1 0.0.255.0 rule 90 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.1.0 0.0.0.255 rule 100 permit ip source 192.168.1.0 0.0.0.255 #vlan 1#vlan 2 description menzhen-low#vlan 3 description zhuyuan-low#vlan 4 description xingdai-low#vlan 5 description fengyuan#vlan 6 description mengzhendian#interface Vlan-interface1 ip address 192.168.1.1 255.255.255.0 #interface Vlan-interface2 ip address 192.168.2.1 255.255.255.0 #interface Vlan-interface3 ip address 192.168.3.1 255.255.255.0 #interface Vlan-interface4 ip address 192.168.4.1 255.255.255.0 #interface Vlan-interface5 ip address 192.168.5.1 255.255.255.0 #interface Vlan-interface6 ip address 192.168.6.1 255.255.255.0 #LOCCFG. MUST NOT DELETE#interface Aux1/0/0#interface GigabitEthernet1/0/1 port access vlan 2 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/2 port access vlan 2 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/3 port access vlan 2 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/4 port access vlan 3 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/5 port access vlan 3 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/6 port access vlan 3 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/7 port access vlan 4 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/8 port access vlan 4 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/9 port access vlan 5 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/10 port access vlan 6 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/11 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/12 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/13 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/14 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/15 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/16 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/17 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/18 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/19 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/20 packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/21 shutdown packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/22 shutdown packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/23 shutdown packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rule 90 packet-filter inbound ip-group 3000 rule 100#interface GigabitEthernet1/0/24 shutdown packet-filter inbound ip-group 3000 rule 70 packet-filter inbound ip-group 3000 rule 80 packet-filter inbound ip-group 3000 rul