AT交换机安装手册.doc

中移动WAP扩容安装方案-安奈特交换机WAP安装方案 - 安奈特交换机Connecting The IP World第18页目 录1网络规划及需求31.1.AT-9924Ts交换机端口示意图：31.2.AT-SwitchBlade4004交换机端口示意图：41.3.VLAN分配41.4.端口中继/端口捆绑（Port Trunking）41.5.配置IP路由52交换机配置说明53交换机其他功能配置74主交换机完整配置及配置抓屏75从交换机完整配置及抓屏信息116.特殊情况161 网络规划及需求WAP网络组网图如下：内网服务器客户业务服务器Juniper 6350NetscreenF5负载均衡F5负载均衡：VLAN10：外网：VLAN20：连接路由器：VLAN50：连接内网服务器：VLAN30：客户服务器 1.1. AT-9924Ts交换机端口示意图：交换机端口124交换机端口101112交换机端口201212在安装中要求，如果只有一个模块，则安装在左侧插槽内。1.2. AT-SwitchBlade4004交换机端口示意图：第一插槽端口序号为：1.1-1.24第二插槽端口序号为：2.1-2.24第三插槽端口序号为：3.1-3.8第四插槽端口序号为：4.1-4.8在AT-SB4004安装时，规定第一个插槽安装24口千兆电口模块；第二个插槽安装24口千兆电口模块；第三个插槽安装8口千兆光纤模块。1.3. VLAN分配VLAN名称VLAN ID包含的端口号备注VLAN10103.2-3.4连接F5和防火墙的端口VLAN20203.7-3.8连接防火墙和路由器VLAN30301.1-1.12内网服务器VLAN50502.1-2.24SMP，SCPVLAN1001001.20-1.24光纤模块端口划分：12345678连接F5（vlan50）连接F5（vlan10）连接防火墙连接防火墙交换机互联交换机互联1.4. 端口中继/端口捆绑（Port Trunking）端口中继组名称该组内的端口号所属VLAN备注test3.5-3.6100,30,50交换机互联端口test13.3-3.410与防火墙连接1.5. 配置IP路由主交换机：IP接口名称真实分配IP地址虚拟IP地址Vlan1080Vlan304Vlan50554Vlan100554从交换机：IP接口名称真实分配IP地址虚拟IP地址Vlan1090Vlan3034Vlan505354Vlan10053542 交换机配置说明1、 交换机的默认用户名是manager，密码是friend。登录后，可以将交换机的用户名改为zte，密码改为123456：add user=zte pass=fjztewap priv=manager lo=yes添加一个新的用户set user=zte telnet=yes netmask=55之后再配置交换机时，可以用这个新的用户名密码登录。2、将交换机的主机名修改为NJ-WAP-SW1set system name=NJ-WAP-SW1添加主机名3、vlan配置Create vlan=v10 vid=10创建vlanCreate vlan=v20 vid=20Create vlan=v30 vid=30Create vlan=v50 vid=50Create vlan=v100 vid=100add vlan=10 port=3.2-3.4添加端口到vlan中add vlan=20 port=3.7-3.8add vlan=30 port=1.1-1.12add vlan=50 port=2.1-2.24add vlan=100 port=1.20-1.244、Trunk配置create switch trunk=test port=3.5-3.6 speed=1000m创建端口捆绑create switch trunk=test2 port=3.3-3.4 speed=1000madd vlan=100 port=3.5-3.6 frame=tagged将端口捆绑添加到vlan中add vlan=”10”port=3.5-3.6 frame=taggedadd vlan=”30”port=3.5-3.6 frame=taggedadd vlan=”50”port=3.5-3.6 frame=tagged5、IP配置主交换机配置：Enable ip启用IP功能add ip int=vlan10 ip=8 mask=24给vlan添加IP地址add ip int=vlan30 ip=2 mask=24add ip int=vlan50 ip=52 mask=28add ip int=vlan100 ip=52 mask=28add ip rou= mask= int=vlan10 next=添加静态路由enable vrrp启用VRRPcreate vrrp=10 over=vlan10 ipaddress=0 adopt=on priority=110 创建一个vrrp组create vrrp=30 over=vlan30 ipaddress=4 adopt=on priority=110 create vrrp=50 over=vlan50 ipaddress=54 adopt=on priority=110create vrrp=100 over=vlan100 ipaddress=54 adopt=on priority=110FJFZ-PS-WAP-SW1从交换机配置：Enable ipadd ip int=vlan10 ip=9 mask=24add ip int=vlan30 ip=3 mask=24add ip int=vlan50 ip=53 mask=28add ip int=vlan100 ip=53 mask=28add ip rou= mask= int=vlan10 next=enable vrrpcreate vrrp=10 over=vlan10 ipaddress=0 adopt=oncreate vrrp=30 over=vlan30 ipaddress=4 adopt=oncreate vrrp=50 over=vlan50 ipaddress=54 adopt=oncreate vrrp=100 over=vlan100 ipaddress=54 adopt=on destroyFJFZ-PS-WAP-SW26、STP配置主交换机配置：Enable stp=default启用STPSet stp=default mode=rapid设置STP为快速模式Set stp=default prio=8设定主交换机为STP的根网桥从交换机配置：Enable stp=defaultSet stp=default mode=rapid7、保存交换机的配置为NJ-WAP-SW1.cfgCreate config=NJ-WAP-SW1.cfg保存配置Set config=NJ-WAP-SW1.cfg指定下次启动时启用的配置3 交换机其他功能配置1、配置SNMP网管服务器的IP地址：x.x.x.x配置命令：Enable snmp启用SNMPCreate snmp com=public acc=write op=on manager= x.x.x.x traph= x.x.x.x配置一个snmpEnable snmp auth启用snmp认证TrapEnable snmp com=public trap启用snmp trap2、配置NTPNTP server的IP地址：x.x.x.x配置命令：enable ntp启用ntpset ntp utcoffset=+08:00:00设定时区偏移量add ntp peer=x.x.x.x设定ntp服务器地址3、 Syslog配置假定syslog服务器的IP地址为44:CREATE LOG OUTPUT=1 DESTINATION=SYSLOG SERVER=44 password=123456创建一个syslog输出ADD LOG OUTPUT=1 FILTER=1 ALL定义全部log都要输出注意：如果syslog服务器要求密码认证，则需要服务器上的密码和交换机上配置的password一致，如果syslog服务器不要求密码认证，则可以不输入”password=123456”参数。4 主交换机完整配置及配置抓屏1、主交换机完整配置：add user=zte pass=123456 priv=manager lo=yesset user=zte telnet=yes netmask=55set system name=NJ-WAP-SW1create vlan=v10 vid=10create vlan=v30 vid=30create vlan=v50 vid=50create vlan=v100 vid=100add vlan=10 port=3.2-3.4add vlan=20 port=3.7-3.8add vlan=30 port=1.1-1.12add vlan=50 port=2.1-2.24add vlan=100 port=1.20-1.24add vlan=100 port=3.5-3.6 frame=taggedcreate switch trunk=test port=3.5-3.6 speed=1000mcreate switch trunk=test1 port=3.3-3.4 speed=1000madd vlan=”10”port=3.5-3.6 frame=taggedadd vlan=”30”port=3.5-3.6 frame=taggedadd vlan=”50”port=3.5-3.6 frame=taggedenable ipadd ip int=eth0 ip=42add ip int=vlan10 ip=8 mask=24add ip int=vlan30 ip=2 mask=24add ip int=vlan50 ip=52 mask=28add ip int=vlan100 ip=52 mask=28add ip rou= mask= int=vlan10 next= enable vrrpcreate vrrp=10 over=vlan10 ipaddress=0 adopt=on priority=110 create vrrp=30 over=vlan30 ipaddress=4 adopt=on priority=110 create vrrp=50 over=vlan50 ipaddress=54 adopt=on priority=110create vrrp=100 over=vlan100 ipaddress=54 adopt=on priority=1102、主交换机配置抓屏INFO: Executing configuration script INFO: Switch startup complete login: managerPassword: friendManager add user=zte pass=123456 priv=manager lo=yesNumber of Radius-backup users. 0User Authentication Database-Username: zte () Status: enabled Privilege: manager Telnet: no Login: yes RBU: no Logins: 0 Fails: 0 Sent: 0 Rcvd: 0 Authentications: 0 Fails: 0 -Manager set user=zte telnet=yes netmask=55Number of Radius-backup users. 0User Authentication Database-Username: zte () Status: enabled Privilege: manager Telnet: yes Login: yes RBU: no Logins: 0 Fails: 0 Sent: 0 Rcvd: 0 Authentications: 0 Fails: 0 -Manager set system name=NJ-WAP-SW1Info (1034003): Operation successful.Manager NJ-WAP-SW1 create vlan=v10 vid=10Info (1089003): Operation successful.Manager NJ-WAP-SW1 create vlan=v30 vid=30Info (1089003): Operation successful.Manager NJ-WAP-SW1 create vlan=v50 vid=50Info (1089003): Operation successful.Manager NJ-WAP-SW1 create vlan=v100 vid=100Info (1089003): Operation successful.Manager NJ-WAP-SW1 add vlan=10 port= 3.2-3.4Info (1089003): Operation successful.Manager NJ-WAP-SW1 add vlan=30 port= 1.1-1.12Info (1089003): Operation successful.Manager NJ-WAP-SW1 add vlan=50 port= 2.1-2.24Info (1089003): Operation successful.Manager NJ-WAP-SW1 add vlan=100 port=1.20-1.24Info (1089003): Operation successful.Manager NJ-WAP-SW1 add vlan=100 port=3.5-3.6 frame=taggedInfo (1089003): Operation successful.Manager NJ-WAP-SW1 create switch trunk=test port=3.5-3.6 speed=1000mInfo (1087003): Operation successful.Manager NJ-WAP-SW1 create switch trunk=test1 port=3.3-3.4 speed=1000mInfo (1087003): Operation successful.Manager NJ-WAP-SW1 enable ipInfo (1005287): IP module has been enabled.Manager NJ-WAP-SW1 add ip int=vlan10 ip=8 mask=24Info (1005275): interface successfully added.Manager NJ-WAP-SW1 add ip int=vlan30 ip=2 mask=24Info (1005275): interface successfully added.Manager NJ-WAP-SW1 add ip int=vlan50 ip=52 mask=28Info (1005275): interface successfully added.Manager NJ-WAP-SW1 add ip rou= mask= int=vlan10 next=Info (1005275): IP route successfully added.Manager NJ-WAP-SW1 enable vrrpInfo (1088003): Operation successful.Manager NJ-WAP-SW1 create vrrp=10 over=vlan10 ipaddress=0 adopt=on priority=110 Warning (2088274): IP address adoption breaks RFC compliance. Note warnings in documentation.Info (1088003): Operation successful.Manager NJ-WAP-SW1 create vrrp=30 over=vlan30 ipaddress=4 adopt=on priority=110 Warning (2088274): IP address adoption breaks RFC compliance. Note warnings in documentation.Info (1088003): Operation successful.Manager NJ-WAP-SW1 create vrrp=50 over=vlan50 ipaddress=54 adopt=on priority=110 Warning (2088274): IP address adoption breaks RFC compliance. Note warnings in documentation.Info (1088003): Operation successful.Manager NJ-WAP-SW1 creat config=NJ-WAP-SW1.cfgInfo (1034003): Operation successful.Manager NJ-WAP-SW1 set config=NJ-WAP-SW1.cfgInfo (1049003): Operation successful.Manager NJ-WAP-SW15 从交换机完整配置及抓屏信息1、从交换机完整配置add user=zte pass=123456 priv=manager lo=yesset user=zte telnet=yes netmask=55set system name=NJ-WAP-SW2create vlan=v10 vid=10create vlan=v30 vid=30create vlan=v50 vid=50create vlan=v100 vid=100add vlan=10 port=3.2-3.4add vlan=20 port=3.7-3.8add vlan=30 port=1.1-1.12add vlan=50 port=2.1-2.24add vlan=100 port=1.20-1.24add vlan=100 port=3.5-3.6 frame=taggedcreate switch trunk=test port=3.5-3.6 speed=1000mcreate switch trunk=test2 port=3.3-3.4 speed=1000madd vlan=”10”port=3.5-3.6 frame=taggedadd vlan=”30”port=3.5-3.6 frame=taggedadd vlan=”50”port=3.5-3.6 frame=taggedenable ipadd ip int=eth0 ip=42add ip int=vlan10 ip=9 mask=24add ip int=vlan30 ip=3 mask=24add ip int=vlan50 ip=53 mask=28add ip int=vlan100 ip=53 mask=28add ip rou= mask= int=vlan10 next= enable vrrpcreate vrrp=10 over=vlan10 ipaddress=0 adopt=oncreate vrrp=30 over=vlan30 ipaddress=4 adopt=oncreate vrrp=50 over=vlan50 ipaddress=54 adopt=oncreate vrrp=100 over=vlan100 ipaddress=54 adopt=on2、从交换机抓屏信息INFO: Executing configuration script INFO: Switch startup complete login: managerPassword: friendManager add user=zte pass=123456 priv=manager lo=yesNumber of Radius-backup users. 0User Authentication Database-Username: zte () Status: enabled Privilege: manager Telnet: no Login: yes RBU: no Logins: 0 Fails: 0 Sent: 0 Rcvd: 0 Authentications: 0 Fails: 0 -Manager set user=zte telnet=yes netmask=55Number of Radius-backup users. 0User Authentication Database-Username: zte () Status: enabled Privilege: manager Telnet: yes Login: yes RBU: no Logins: 0 Fails: 0 Sent: 0 Rcvd: 0 Authentications: 0 Fails: 0 -Manager set system name=NJ-WAP-SW2Info (1034003): Operation successful.Manager NJ-WAP-SW2 create vlan=v10 vid=10Info (1089003): Operation successful.Manager NJ-WAP-SW2 create vlan=v30 vid=30Info (1089003): Operation successful.Manager NJ-WAP-SW2 create vlan=v50 vid=50Info (1089003): Operation successful.Manager NJ-WAP-SW2 create vlan=v100 vid=100Info (1089003): Operation successful.Manager NJ-WAP-SW2 add vlan=10 port= 3.2-3.4Info (1089003): Operation successful.Manager NJ-WAP-SW2 add vlan=30 port= 1.1-1.12Info (1089003): Operation successful.Manager NJ-WAP-SW2 add vlan=50 port= 2.1-2.24Info (1089003): Operation successful.Manager NJ-WAP-SW2 add vlan=100 port=1.20-1.24Info (1089003): Operation successful.Manager NJ-WAP-SW2 add vlan=100 port=3.5-3.6 frame=taggedInfo (1089003): Operation successful.Manager NJ-WAP-SW2 create switch trunk=test port=3.5-3.6 speed=1000mInfo (1087003): Operation successful.Manager NJ-WAP-SW2 create switch trunk=test1 port=3.3-3.4 speed=1000mInfo (1087003): Operation successful.Manager NJ-WAP-SW2 enable ipInfo (1005287): IP module has been enabled.Manager NJ-WAP-SW2 add ip int=vlan10 ip=9 mask=24Info (1005275): interface successfully added.Manager NJ-WAP-SW2 add ip int=vlan30 ip=3 mask=24Info (1005275): interface successfully added.Manager NJ-WAP-SW2 add ip int=vlan50 ip=53 mask=28Info (1005275): interface successfully added.Manager NJ-WAP-SW2 add ip rou= mask= int=vlan10 next=Info (1005275): IP route successfully added.Manager NJ-WAP-SW2 enable vrrpInfo (1088003): Operation successful.Manager NJ-WAP-SW2 create vrrp=10 over=vlan10 ipaddress=0 adopt=on Warning (2088274): IP address adoption breaks RFC compliance. Note warnings in documentation.Info (1088003): Operation successful.Manager NJ-WAP-SW2 create vrrp=30 over=vlan30 ipaddress=4 adopt=on Warning (2088274): IP address adoption breaks RFC compliance. Note warnings in documentation.Info (1088003): Operation successful.Manager NJ-WAP-SW2 create vrrp=50 over=vlan50 ipaddress=54 adopt=on Warning (2088274): IP address adoption breaks RFC compliance. Note warnings in documentation.Info (1088003): Operation successful.Manager NJ-WAP-SW2 creat config=NJ-WAP-SW2.cfgInfo (1034003): Operation successful.Manager NJ-WAP-SW2 set config=NJ-WAP-SW2.cfgInfo (1049003): Operation successful.Manager NJ-WAP-SW26. 特殊情况内网服务器客户业务服务器Juniper 6350NetscreenF5负载均衡F5负载均衡：VLAN10：外网：VLAN20：连接路由器：VLAN30：连接内网服务器：VLAN50：客户服务器此情况下，防火墙与交换机之间只有一条线路。在这条链路上，需要同时传递vlan10和vlan20的信息。在交换机上，vlan20同样不启用三层功能。本例中，3.3和3.4端口为该条链路， 并且做了捆绑。所以3.3和3.4端口要同时在vlan10和vlan20中加入，并且为tagged方式。1、主交换机完整配置：add user=zte pass=123456 priv=manager lo=yesset user=zte telnet=yes netmask=55set system name=NJ-WAP-SW1create vlan=v10 vid=10create vlan=”v20” vid=20create vlan=v30 vid=30create vlan=v50 vid=50create vlan=v100 vid=100add vlan=10 port=3.3-3.4 frame=taggedadd vlan=20 port=3.7-3.8add vlan=”20” port=3.3-3.4 frame=taggedadd vlan=30 port=1.1-1.12add vlan=50 port=2.1-2.24add vlan=100 port=1.20-1.24add vlan=100 port=3.5-3.6 frame=taggedcreate switch trunk=test port=3.5-3.6 speed=1000mcreate switch trunk=test1 port=3.3-3.4 speed=1000madd vlan=”10”port=3.5-3.6 frame=taggedadd vlan=”30”port=3.5-3.6 frame=taggedadd vlan=”50”port=3.5-3.6 frame=taggedenable ipadd ip int=eth0 ip=42add ip int=vlan10 ip=8 mask=24add ip int=vlan30 ip=2 mask=24add ip int=vlan50 ip=52 mask=28add ip int=vlan100 ip=52 mask=28add ip rou= mask= int=