2024浪潮网络S9800 系列产品典型配置手册

INSPURS9800INSPURS9800INSPURS9800约[[]{{}(x|y|…INSPURS9800INSPURS9800目 DHCP中继配置案 INSPURS9800INSPURS9800和密码（Admin@default666）登录设备。[INSPUR]sshenable[INSPUR]telnetenableTelnet后，就可以在串口终端上输入设备的管理地址和密码登录设备，终端信息UserUserAccess[INSPUR]linevty[INSPUR]authenticationmode和密码（Admin@default666）登录设备，终端信息显示如下：UserAccessVerificationUserAccessVerification1-1<INSPUR>show<INSPUR>showrunning-<INSPUR>show<INSPUR>showipinterface[INSPUR]sshenable[INSPUR]nosshenable[INSPUR]telnetenable[INSPUR]notelnetenable[INSPUR]line[INSPUR-line]authenticationmodeusername[INSPUR-line]authenticationmodenonewillbootin3这一句时，提示我们是否Conboot3秒的等待时间。在这一秒内键入<Ctrl+B>，系统会提示：pleaseenterthe Systemconfigurationhasbeenmodified.Save?(Y/N)[N]:yProceedwithreboot?(Y/N)[N]:ySystemThesystemisgoingdownNOW!SentSIGTERMtoallprocessesSentSIGKILLtoallprocessesRequestingsystemrebootSystemstartbooting...BootingBasicConBoot....RebootbycpldBooting System DramInit :StartedDram :EMMC :SiInit :StartedPcieInitPhase0 :StartedPcieInitPhase0 :PassedPcieInitPhase1 :StartedPcieInitPhase1 :PassedSiInit :PassedPcie :PcieScanning :StartedPCIFirstScanning :PassedPCISecondScanning:StartedPcieScanning :PassedPcieEnumerator :PassedI2C :DDRInformation :Size8GBDimmNum1Speed2133TranscendCPUFrequency :2200MHzExtend :CompiledDate :10:49:07Aug72024FlashSize :16MSerialNumber :02011150X199000003NetInterface :Meth0_0CPLD :5.002024-2-PCB :CPLD :PressCtrl+BtoenterExtendboot pleaseenterthe <1>Boot<2>EnterSerial<3>EnterEthernet<4>File<5>ModifyConBoot<6>SkipCurrentSystem<7>ConBootOperation<8>SkipCurrentSystem<0>enteryourchoice(0 <1>DownloadApplicationProgramToSDRAMAnd<2>ModifyGigeernet<3>UpdateMainApplication<4>UpdateBackupApplication<0>ExitToMainenteryourchoice(0 ===============<GIGEERNETPARAMETER'+'=gotonext'-'=Gotopreviousfield.Ctrl+D=Quit. ServerIP LocalIP >GatewayIP Net change<1>DownloadApplicationProgramToSDRAMAnd<2>ModifyGigeernet<3>UpdateMainApplication<4>UpdateBackupApplication<0>ExitToMain Downloading[Inspur-S9800-H6C7.1.71R15.bin].ServerIP:Bytesdownloaded:tftpc:downloaddone.Size[45386636]@AddrCheckingsystemSystemupdating,pleasedon'tpoweroff!writtenlen=update<1>DownloadApplicationProgramToSDRAMAnd<2><2>ModifyGigeernet<3>UpdateMainApplication<4>UpdateBackupApplication<0>ExitToMainenteryourchoice(0 <1>Boot<2>EnterSerial<3>EnterEthernet<4>File<5>ModifyConBoot<6>SkipCurrentSystem<7>ConBootOperation<8>SkipCurrentSystem<0>enteryourchoice(0 <1>Boot<2>EnterSerial<3>EnterEthernet<4>File<5>ModifyConBoot<6>SkipCurrentSystem<7>ConBootOperation<8>SkipCurrentSystem<0>enteryourchoice(0- ><1>DisplayAll<2>SetApplicationFile<3>Delete<4>Format<0>ExitToMain >2Displayallfile(s)in'M'=main 1:Inspur-S9800-S111C010D003.bin2:Inspur-S9800-H6C7.1.71R15.bin45386636 >键入版本编Modifythefile<1><2>-<3><4>-<0> change<1>DisplayAll<2>SetApplicationFile<3>Delete<4>Format<0>ExitToMainenteryourchoice(0 <1>Boot<2>EnterSerial<3>EnterEthernet<4>File<5>ModifyConBoot<6>SkipCurrentSystem<7>ConBootOperation<8>SkipCurrentSystem<0>enteryourchoice(0 <1>DisplayAll<2>SetApplicationFile<3>Delete<4>Format<0>ExitToMainenteryourchoice(0-4):3 Displayallfile(s)in'M'=main 1:Inspur-S9800-S111C010D003.bin2:Inspur-S9800-H6C7.1.71R15.bin45386636 <1>DisplayAll<2>SetApplicationFile<3>Delete<4>Format<0>ExitToMainenteryourchoice(0 >TFTP服务器。使用终端登录设备的串口，按照下面的提示升级版本。[INSPUR]boot-file[INSPUR]boot-filegetInspur-S9800-H6C7.1.71R15.bintftp%Total%Received%XferdAverageDload TimeLeft10037.6M100 Downloadsuccessfully!00:02:050:02:05-- [INSPUR]boot-file[INSPUR]boot-filemainInspur-S9800-[INSPUR]boot-file[INSPUR]boot-filebackupInspur-S9800-[INSPUR]boot-file[INSPUR]boot-filedeleteInspur-S9800-<INSPUR>configurationclear- INSPURS9800INSPURS9800MACMAC与端口的对应关系写到VLAN里通过二层转发。2-1[INSPUR]vlan[INSPUR]vlan2[INSPUR-vlan2]port[INSPUR-vlan2]portMACB与端口的对应关系，HostAHostB配置好同一网段的地址后能正常通信。层转发表项，CPU主要用于转发控制，维护表项并将三层转发表项下发到芯片。当交换机上未建2-SW1SW2上配置静态路由RIPOSFP等路由协议。[INSPUR]vlan2to3[INSPUR]vlan[INSPUR-vlan2]portgige0_1[INSPUR]vlan3[INSPUR-vlan3]port[INSPUR]interface[INSPUR]interfacevlan-[INSPUR-vlan-if2]ipaddress[INSPUR]interfacevlan-if3[INSPUR-vlan-if3]ipaddress/24[INSPUR]iproute[INSPUR]vlan2to3[INSPUR]vlan[INSPUR-vlan2]portgige0_1[INSPUR]vlan3[INSPUR-vlan3]port[INSPUR]interface[INSPUR]interfacevlan-[INSPUR-vlan-if2]ipaddress/24[INSPUR]interfacevlan-if3[INSPUR-vlan-if3]ipaddress/24[INSPUR]iprouteINSPURS9800INSPURS9800负载均衡-传入和外发通信都是根据用户选择的负载均衡策略（MACIP地址）(1)3-2KEY。这个信息组合中KEY。3-3LACP协议报文的协商确定。只有速率和双工属性相3-2IPgige0_1、gige0_2。SW1SW2bond1IP地址+IPgige0_1、gige0_2。[INSPUR]interfacebond1[INSPUR-bond1]bond[INSPUR]interfacebond1[INSPUR-bond1]bondmodedynamic[INSPUR-bond1]bondload-sharingmodesource-destination-ip[INSPUR]interfacegige0_1[INSPUR-gige0_1]bondgroup1[INSPUR]interfacegige0_2[INSPUR-gige0_1]bondgroup1[INSPUR]vlan2to3[INSPUR]interface[INSPUR]vlan2to3[INSPUR]interfacebond1[INSPUR-bond5]switchportmode[INSPUR-bond5]switchporttrunkallowedvlan2-3[INSPUR-bond5]switchporttrunknativevlan3<INSPUR>showbond1bondbond:Bond MII Bond Load BondMinimum Selectmode:::System-priority: :Parsystem-id :00:10:01:B5:47:12Minimumport :gige0_1Select :Unselect <INSPUR>showbond1bondbond:Bond MII Bond Load BondMinimum Select System-priority Parsystem- Minimum Select Unselect 聚合组状态信息表明了聚合组1IP+IP进行负载分担的动态聚合组。VLAN2INSPURS9800INSPURS98004-24-3将该端口配置为源端口，在目的端口上连接服务器就能进行实时监控。当网络出现故障，需要排[INSPUR]vlan2to4[INSPUR]vlan[INSPUR]vlan[INSPUR-vlan2]portgige0_1[INSPUR]vlan[INSPUR-vlan3]port[INSPUR-vlan3]portgige0_2[INSPUR]vlan4[INSPUR-vlan4]port[INSPUR]mirror1sourceinterfacegige0_1gige0_2[INSPUR]mirror1sourceinterfacegige0_1gige0_2[INSPUR]mirror1destinationinterface<INSPUR>show<INSPUR>showmirrorLocalmirrorgroups DirectionMonitor-ports ID1，源端口为gige0_1,gige0_2，目的端口为server12收发的报文进行监控，使用远程端口镜像SW1vlan2vlan3gige0_1vlan2gige0_2vlan3，配置gige0_3vlan10通过。SwitchAvlan10vlangige0_1gige0_2为镜像源端gige0_5为反射口。[SwitchA]vlan2to[SwitchA]vlan[SwitchA]vlan[SwitchA-vlan2]portgige0_1[SwitchA]vlan3[SwitchA-vlan3]port[SwitchA]interfacegige0_3[SwitchA-gige0_3]switchportmode[SwitchA-gige0_3]switchporttrunkallowedvlan[SwitchA]mirror1000sourceinterfacegige0_1gige0_2both[SwitchA]mirror1000destinationremote-vlan10reflector-portgige0_5[SwitchB]interfacegige0_1[SwitchB-gige0_1]switchportmode[SwitchB-gige0_1]switchporttrunkallowedvlan10[SwitchB]interfacegige[SwitchB-gige0_2]switchportmode[SwitchB-gige0_2]switchporttrunkallowedvlan[SwitchC]interfacegige0_1[SwitchC-gige0_1]switchportmode[SwitchC]interfacegige0_1[SwitchC-gige0_1]switchportmode[SwitchC-gige0_1]switchporttrunkallowedvlan[SwitchC]vlan10[SwitchC-vlan10]port[SwitchC]mirror2000sourceremote-vlan[SwitchA]show[SwitchA]showmirrorMirrorID:MirrorType:remotemirrorMirrorDirection:BothSourcePorts:gige0_1,gige0_2ReflectorPort:gige0_5RemoteVlan:10MirrorDescription:[SwitchC]show[SwitchC]showmirrorMirrorID:RemoteVlan:MirrorDescription:mirrormirror1000sourceinterfacegige0_1,gige0_2mirror1000destinationremote-vlan10reflector-portgige0_5vlan1to3interfacegige0_1switchportaccessvlan2interfaceswitchportswitchportaccessvlaninterfacegige0_3switchportmodetrunkswitchporttrunkallowedvlaninterfaceinterfacegige0_1switchportinterfacegige0_1switchportmodetrunkswitchporttrunkallowedvlan!interfacegige0_2switchportmodetrunkswitchporttrunkallowedvlanmirror2000sourceremote-vlanvlaninterfacegige0_1switchportmodetrunkswitchporttrunkallowedvlaninterfacegige0_2switchportaccessvlan10server12收发的报文进行监控，使用远程端口镜像SW1vlan2vlan3gige0_1vlan2gige0_2vlan3，配置gige0_3vlan10通过；SwitchAvlan10vlangige0_1gige0_2为镜像源端gige0_3为出端口；[SwitchA]vlan2to[SwitchA]vlan[SwitchA]vlan[SwitchA-vlan2]portgige0_1[SwitchA]vlan3[SwitchA-vlan3]port[SwitchA]interfacegige0_3[SwitchA-gige0_3]switchportmode[SwitchA-gige0_3]switchporttrunkallowedvlan[SwitchA]mirror1000sourceinterfacegige0_1gige0_2both[SwitchA]mirror1000destinationremote-vlan10out-portgige0_3[SwitchB]interfacegige0_1[SwitchB-gige0_1]switchportmode[SwitchB-gige0_1]switchporttrunkallowedvlan10[SwitchB]interfacegige[SwitchB-gige0_2]switchportmode[SwitchB-gige0_2]switchporttrunkallowedvlan[SwitchC]interfacegige0_1[SwitchC-gige0_1]switchportmode[SwitchC]interfacegige0_1[SwitchC-gige0_1]switchportmode[SwitchC-gige0_1]switchporttrunkallowedvlan[SwitchC]vlan10[SwitchC-vlan10]port[SwitchC]mirror2000sourceremote-vlan[SwitchA]show[SwitchA]showmirrorMirrorID:MirrorType:remotemirrorMirrorDirection:BothSourcePorts:gige0_1,gige0_2OutPort:gige0_3RemoteVlan:MirrorDescription:[SwitchC]show[SwitchC]showmirrorMirrorID:RemoteVlan:MirrorDescription:(1)SwitchAmirror1000sourceinterfacegige0_1,gige0_2bothmirrormirror1000sourceinterfacegige0_1,gige0_2bothmirror1000destinationremote-vlan10out-portgige0_3vlan1to3interfacegige0_1switchportaccessvlan2interfaceswitchportaccessvlaninterfaceswitchportmodetrunkswitchporttrunkallowed(2)SwitchBinterfaceswitchportmodetrunkswitchporttrunkallowedinterfacegige0_2switchportmodetrunkswitchporttrunkallowed(3)SwitchCmirrormirror2000sourceremote-vlanvlaninterfacegige0_1switchportmodetrunkswitchporttrunkallowedvlaninterfacegige0_2switchportaccessvlan10INSPURS9800INSPURS98005-15-2[INSPUR]vlan2[INSPUR-vlan2]portgige0_1[INSPUR-vlan2]portgige0_2[INSPUR]interface[INSPUR]interface[INSPUR-gige0_1]rate-limitinput10000burst-bucket1024INSPURS9800INSPURS9800VLAN资源的浪费。是一种较为实用的二层隔离技术。6-1[INSPUR]vlan[INSPUR]vlan[INSPUR-vlan2]portgige0_1[INSPUR-vlan2]portgige0_2[INSPUR-vlan2]portgige0_3[INSPUR]interface[INSPUR]interfacegige[INSPUR-gige0_1]switchportprotected[INSPUR-gige0_1]interfacegige0_2[INSPUR-gige0_2]switchportprotectedINSPURS9800INSPURS9800slice，则无法进行配置）[INSPUR]aclresourceslot1ingressslice3modemac-[INSPUR]aclmodemac-ipv4[INSPUR-acl-mac-ipv4-ingress]ruleR1source-mac0010-01B1-C2D3source-ipv40interfacegige1_0actionpermit[INSPUR-acl-mac-ipv4-ingress]rule[INSPUR-acl-mac-ipv4-ingress]ruleR2interfacegige1_0actiondropSwitchshowaclmodemac-ipv4slot1ingressallACL[INSPUR]show[INSPUR]showaclmodemac-ipv4slot1ingressThereare2ACLrulesofmodemac-ipv4ingressinslot--------RuleR1'spriorityis1andtakes1resource(s).SourceMAC/mask:00:10:01:B1:C2:D3/FF:FF:FF:FF:FF:FF.MAC/IPv4SourceIPv4:0.Inports:gige0_0.Permitif--------RuleR2'spriorityis2andtakes1InInports:gige0_0.Dropif那么在接口gige1_0的接入电脑只有当MAC地址为00:10:01:B1:C2:D3IPv4地址为INSPURS9800INSPURS9800VLANVLAN相互隔离。PVLAN通常用于企业内部网，用来防止连接到某些接口或接口组的网络设备之IP子网。8-1VLAN，隔离VLAN8-2PVLANPVLANVLAN10VLAN11，服务器划入隔离VLAN12VLAN100连接外网。[INSPUR]pvlanprimary-vlan100isolate-vlan12community-vlan-range10-[INSPUR]interface[INSPUR]interfacegige[INSPUR-gige0_0]pvlanpromisc-associationprimary-vlan100[INSPUR]interfacegige[INSPUR-gige0_1]pvlanhost-associationsecondary-vlan10[INSPUR]interfacegige[INSPUR-gige0_2]pvlanhost-associationsecondary-vlan10[INSPUR]interfacegige[INSPUR-gige0_3]pvlanhost-associationsecondary-vlan11[INSPUR]interfacegige[INSPUR-gige0_4]pvlanhost-associationsecondary-vlan11[INSPUR]interfacegige[INSPUR-gige0_5]pvlanhost-associationsecondary-vlan12[INSPUR]interfacegige[INSPUR-gige0_6]pvlanhost-associationsecondary-vlan12HostAHostB通信，PCAPCB通信，HostAPCA不能通信；ServerAServerB不Host、PCServer都能够连接外网。INSPURS9800INSPURS9800802.1QVLANVLAN透传公网。由于在骨干网中传递的报文有两层802.1QTag头（一层公网Tag，一层私网Tag）802.1Q-in-802.1QQinQ协议。QinQ802.1Q802.1Q的标签头，即VLANTagVPN隧道技术。QinQ的QinQQinQ。9-1QinQ基于端口方式实现，配置了基本QinQ功能的端口会为收到的报文添加一层本端口VLANTag。QinQ功能来实现。9-2QinQ[INSPUR]vlan2to SW1SW2gige0_1TrunkVLAN2通过，NativeVLANid2；gige0_2TrunkVLAN3通过，NativeVLANid3gige0_3Trunk，VLAN2-4通过，NativeVLANID4。[INSPUR]interface[INSPUR]interface[INSPUR-gige0_1]switchportmode[INSPUR-gige0_1]switchporttrunkallowedvlan2[INSPUR-gige0_1]switchporttrunknativevlan2[INSPUR]interface[INSPUR-gige0_2]switchportmode[INSPUR-gige0_2]switchporttrunkallowedvlan3[INSPUR-gige0_2]switchporttrunknativevlan3[INSPUR]interface[INSPUR-gige0_3]switchportmode[INSPUR-gige0_3]switchporttrunkallowedvlan2-4[INSPUR-gige0_3]switchporttrunknativevlan4[INSPUR]interfacegige0_1[INSPUR-gige0_1]qinq[INSPUR]interfacegige0_1[INSPUR-gige0_1]qinqenable[INSPUR]interfacegige0_2[INSPUR-gige0_2]qinq<INSPUR>show<INSPUR>showQinQisenabledonfollowingports:以上信息表明，gige0_1gige0_2QinQAB可以利用运营VLAN与异地部门进行正常通信。BQinQTagTag。9-3QinQ[INSPUR]vlan2to [INSPUR]interface[INSPUR]interface[INSPUR-gige0_1]switchportmode[INSPUR-gige0_1]switchporthybridallowedvlan2-3untagged[INSPUR-gige0_1]switchporthybridnativevlan2[INSPUR]interfacegige0_2[INSPUR-gige0_2]switchportmode[INSPUR-gige0_2]switchporttrunkallowedvlan2-4[INSPUR-gige0_2]switchporttrunknativevlan4[INSPUR]interface[INSPUR]interface[INSPUR-gige0_1]qinqinner-vid20outer-vid2outer-priority[INSPUR-gige0_1]qinqinner-vid30outer-vid3outer-priorityABVLAN进行正常通信。INSPURS9800INSPURS9800为了防止非法用户的ARPARP报文有效性检测功能对设备接收到的ARPMACIP地址模式。10-1ARPIP地址。信，导致网络信息传输出错，重要信息的泄露。ARP用户合法性检测能识别出非法用户，丢弃非ARPARP非信任端口，需要进行用户合用户合法性检测是根据ARP报文中源IP地址和源MAC地址检查用户是否是所属VLAN所在端口ARPIP不匹配源DHCPSnooping安全表项。DHCP任何一个，就认为该ARP报文合法，进行转发。如果所有检查都没有找到匹配[INSPUR]vlan2[INSPUR-vlan2]portgige0_1[INSPUR-vlan2]portgige0_2[INSPUR]arpinspectionvlan2untrustinterfacegige0_1 ARPARP报文后，会依次查询ARPARP仿冒用户攻击。[INSPUR]vlan2[INSPUR-vlan2]portgige0_1[INSPUR]interfacevlan-if2[INSPUR-vlan-if2]ipaddress/24[INSPUR]dhcpserverpool[INSPUR-dhcp-pool-test]bindinginterfacevlan-[INSPUR-dhcp-pool-test]addressrange000[INSPUR-dhcp-pool-test]default-router[INSPUR]dhcpserver[INSPUR]vlan2[INSPUR-vlan2]portgige0_1[INSPUR-vlan2]port[INSPUR-vlan2]port[INSPUR]interface[INSPUR]interface[INSPUR-gige0_3]dhcpsnoopingtrust[INSPUR]dhcpsnoopingenable[INSPUR]arpinspectionvlan2untrustinterfacegige0_1 SW2上启用了DHCPSnoopingHostA和HostB获取地址后会在SW2上形成一个SnoopingMAC地址、IPSW2gige0_1gige0_210-4ARP[INSPUR]vlan2[INSPUR-vlan2]port[INSPUR-vlan2]portgige0_2[INSPUR-vlan2]portHostAMACSW1的通信报文错误地发送到HostB上。INSPURS9800INSPURS9800RIP（RoutingInformationProtocol，路由信息协议）是一种较为简单的内部网关协议（InteriorProtocol，IGPRIP一般适用于小型同OSPF（OpenShortestPathFirst，开放最短路径优先）是一种典型的链路状态路由协议，采用ProtocolIGPOSPFOSPF进程，进程之间互不影响，彼此独RIDOSPF进程。策略路由（Policy-BasedRoutingPBR）是一种依据用户制定的策略进行路由选择的机制，SW1[INSPUR]vlan2[INSPUR-vlan2]exit[INSPUR]vlan10[INSPUR-vlan10]exit[INSPUR]interfacegige0_0[INSPUR-gige0_0]switchportmode[INSPUR-gige0_0]switchport[INSPUR-gige0_0]switchportaccessvlan10[INSPUR]interface[INSPUR-gige0_1]switchportaccessvlan[INSPUR-gige0_1]switchportaccessvlan2[INSPUR]interfacevlan-[INSPUR-vlan-if2]ipaddress/24[INSPUR]interfacevlan-if10[INSPUR-vlan-if10]ipaddressSW2[INSPUR]vlan2[INSPUR-vlan[INSPUR]vlan2[INSPUR-vlan2]exit[INSPUR]vlan10[INSPUR-vlan2]exit[INSPUR]interfacegige0_0[INSPUR-gige0_0]switchportaccessvlan[INSPUR-gige0_0]switchportaccessvlan10[INSPUR]interface[INSPUR-gige0_1]switchportaccessvlan[INSPUR-gige0_1]switchportaccessvlan2[INSPUR]interfacevlan-[INSPUR-vlan-if2]ipaddress/24[INSPUR]interfacevlan-[INSPUR-vlan-if10]ipaddress/24SW1[INSPUR]ip[INSPUR]iprouteSW2[INSPUR]ip[INSPUR]iproute<INSPUR>showip SW1[INSPUR]vlan2[INSPUR]vlan2[INSPUR]vlan10[INSPUR]interfacegige0_0[INSPUR-gige0_0]switchportmodeaccess[INSPUR-gige0_0]switchportaccessvlan10[INSPUR]interface[INSPUR-gige0_1]switchportmodeaccess[INSPUR-gige0_1]switchportaccessvlan2[INSPUR]interfacevlan-if2[INSPUR-vlan-if2]ipaddress/24[INSPUR]interfacevlan-if10[INSPUR-vlan-if10]ipaddressSW2[INSPUR]vlan[INSPUR]vlan[INSPUR]vlan11[INSPUR]interfacegige0_0[INSPUR-gige0_0]switchportmodeaccess[INSPUR-gige0_0]switchportaccessvlan10[INSPUR]interface[INSPUR-gige0_1]switchportmodeaccess[INSPUR-gige0_1]switchportaccessvlan11[INSPUR]interfacevlan-if10[INSPUR-vlan-if10]ipaddress/24[INSPUR]interfacevlan-if11[INSPUR-vlan-if11]ipaddressSW3[INSPUR]vlan[INSPUR]vlan[INSPUR]vlan[INSPUR]vlan[INSPUR]interfacegige0_0[INSPUR-gige0_0]switchportmodeaccess[INSPUR-gige0_0]switchportaccessvlan2[INSPUR]interface[INSPUR-gige0_1]switchportmodeaccess[INSPUR-gige0_1]switchportaccessvlan11[INSPUR]interfacevlan-if2[INSPUR-vlan-if2]ipaddress/24[INSPUR]interfacevlan-if11[INSPUR-vlan-if11]ipaddressSW1[INSPUR]routerSW2[INSPUR]routerSW3[INSPUR]router(3)<INSPUR>show<INSPUR>showip<INSPUR>showipOSPF路由协议组网，SW1[INSPUR]vlan[INSPUR]vlan[INSPUR]vlan[INSPUR]interface[INSPUR-gige0_0]switchportmodeaccess[INSPUR-gige0_0]switchportaccessvlan10[INSPUR]interface[INSPUR-gige0_1]switchportmode[INSPUR-gige0_1]switchportaccessvlan2[INSPUR]interfacevlan-if2[INSPUR-vlan-if2]ipaddress/24[INSPUR]interfacevlan-if10[INSPUR-vlan-if10]ipaddressSW2[INSPUR]vlan[INSPUR]vlan[INSPUR]vlan[INSPUR]interface[INSPUR-gige0_0]switchportmodeaccess[INSPUR-gige0_0]switchportaccessvlan10[INSPUR]interface[INSPUR-gige0_1]switchportmodeaccess[INSPUR-gige0_1]switchportaccessvlan11[INSPUR]interfacevlan-if10[INSPUR-vlan-if10]ipaddress/24[INSPUR]interfacevlan-if11[INSPUR-vlan-if11]ipaddressSW3[INSPUR]vlan[INSPUR]vlan[INSPUR]vlan[INSPUR]interface[INSPUR-gige0_0]switchportmodeaccess[INSPUR-gige0_0]switchportaccessvlan2[INSPUR]interface[INSPUR-gige0_1]switchportmodeaccess[INSPUR-gige0_1]switchportaccessvlan11[INSPUR]interfacevlan-if2[INSPUR-vlan-if2]ipaddress/24[INSPUR]interfacevlan-if11[INSPUR-vlan-if11]ipaddressSW1[INSPUR]routerospfSW2[INSPUR]routerospfSW3[INSPUR]routerospf(3)<INSPUR>showip<INSPUR>showip当用户的组网比较复杂，想要实现分区管理，使某些区域的设备独立出来不受其它区域的路由信OFOFSW1[INSPUR]vlan[INSPUR]vlan[INSPUR]vlan[INSPUR]interface[INSPUR-gige0_0]switchportmodeaccess[INSPUR-gige0_0]switchportaccessvlan10[INSPUR]interface[INSPUR-gige0_1]switchportmodeaccess[INSPUR-gige0_1]switchportaccessvlan2[INSPUR]interfacevlan-if2[INSPUR-vlan-if2]ipaddress/24[INSPUR]interfacevlan-if10[INSPUR-vlan-if10]ipaddressSW2[INSPUR]vlan[INSPUR]vlan[INSPUR]vlan[INSPUR]interface[INSPUR-gige0_0]switchportmodeaccess[INSPUR-gige0_0]switchportaccessvlan10[INSPUR]interface[INSPUR-gige0_1]switchportmodeaccess[INSPUR-gige0_1]switchportaccessvlan11[INSPUR]interfacevlan-[INSPUR-vlan-if10]ipaddress/24[INSPUR]interfacevlan-if11[INSPUR-vlan-if11]ipaddressSW3[INSPUR]vlan[INSPUR]vlan[INSPUR]vlan[INSPUR]interface[INSPUR-gige0_0]switchportmodeaccess[INSPUR-gige0_0]switchportaccessvlan2[INSPUR]interfacegige0_1[INSPUR-gige0_1]switchportmode[INSPUR-gige0_1]switchportaccessvlan11[INSPUR]interfacevlan-if2[INSPUR-vlan-if2]ipaddress/24[INSPUR]interfacevlan-if11[INSPUR-vlan-if11]ipaddressSW1[INSPUR]router[INSPUR]routerospf[INSPUR-ospf-1]network/24area[INSPUR-ospf-1]network/24area1SW2[INSPUR]router[INSPUR]routerospf[INSPUR-ospf-1]network/24area1[INSPUR]routerospf[INSPUR-ospf-2]network/24area2[INSPUR]routerospf[INSPUR-ospf-2]network[INSPUR]routerospf[INSPUR-ospf-2]network/24area[INSPUR-ospf-2]network/24area2[INSPUR]routeospf[INSPUR-ospf-1]redistributeospf[INSPUR]routeospf[INSPUR-ospf-1]redistributeospf[INSPUR]route[INSPUR]routeospf[INSPUR-ospf-2]redistributeospfvlan-ifIP地址。SwitchA[INSPUR]sysname[INSPUR]sysnameSwitchA[SwitchA]vlan100[SwitchA-vlan100]portgige3_1[SwitchA]vlan300[SwitchA-vlan300]portgige3_3[SwitchA]interfacevlan-if100[SwitchA-vlan-if100]ipaddress/24[SwitchA]interfacevlan-if300[SwitchA-vlan-if300]ipaddress/24[SwitchA-vlan14]portgige3_14[SwitchA]interfacevlan-if14[SwitchA-vlan-if14]ipaddress/24SwitchB[INSPUR]sysname[INSPUR]sysnameSwitchB[SwitchB]vlan100[SwitchB-vlan100]port[SwitchB]vlan[SwitchB]vlan[SwitchB-vlan200]portgige3_2[SwitchB]interfacevlan-if100[SwitchB-vlan-if100]ipaddress/24[SwitchB]interfacevlan-if200[SwitchB-vlan-if200]ipaddress/24SwitchC[INSPUR]sysname[INSPUR]sysnameSwitchC[SwitchC]vlan200[SwitchC-vlan200]portgige3_2[SwitchC]vlan400[SwitchC-vlan400]portgige3_4[SwitchC]vlan140[SwitchC-vlan140]portgige3_14[SwitchC]interfacevlan-if200[SwitchC-vlan-if200]ipaddress/24[SwitchC]interfacevlan-if400[SwitchC-vlan-if400]ipaddress/24[SwitchC]interfacevlan-if140[SwitchC-vlan-if140]ipaddress/24SwitchD[INSPUR]sysname[INSPUR]sysnameSwitchD[SwitchD]vlan300[SwitchD-vlan300]portgige3_3[SwitchD]vlan400[SwitchD-vlan400]port[SwitchD]interface[SwitchD]interfacevlan-if[SwitchD-vlan-if300]ipaddress/24[SwitchD]interfacevlan-if400[SwitchD-vlan-if400]ipaddress/24SwitchA[SwitchA]router[SwitchA]routerospf[SwitchA-ospf-1]ospfrouter-id[SwitchA-ospf-1]network/24areaSwitchB[SwitchB]router[SwitchB]routerospf[SwitchB-ospf-1]ospfrouter-id[SwitchB-ospf-1]network/24area[SwitchB-ospf-1]network/24areaSwitchC[SwitchC]router[SwitchC]routerospf[SwitchC-ospf-1]ospfrouter-id[SwitchC-ospf-1]network/24area[SwitchA]router[SwitchA]router[SwitchA-rip]networkvlan-if300[SwitchD]router [SwitchD-rip]network[SwitchD-rip]networkvlan-if300[SwitchD-rip]networkvlan-if400[SwitchC]router[SwitchC]router[SwitchC-rip]networkvlan-if400[SwitchC]router[SwitchC]router[SwitchC-rip]networkvlan-if140[SwitchC]routeospf[SwitchC-ospf-1]network/24area[SwitchA]show[SwitchA]showiprouteCodes:K-kernelroute,C-connected,S-static,R-RIP,O-OSPF,I-ISIS,B-BGP,>-selectedroute,*-FIBroute,G-GUARDO/24[110/1]fmap:0x0isdirectlyconnected,vlan-if100,instance1,00:27:17C>*/24fmap:0x1isdirectlyconnected,vlan-if100weight0O>*/24[110/2]fmap:0x1via,instance1,00:26:29C>*/24fmap:0x1isdirectlyconnected,vlan-if300weight0R>*/24[120/2]fmap:0x1via,00:05:50C>*/16fmap:0x1isdirectlyconnected,vlan-if1weight0R/24[120/3]fmap:0x0via,00:02:40O>*/24[110/3]fmap:0x1via,instance1,[SwitchA][SwitchA]showaclresourceslot3ingressSliceinformation:Slice0:Slice1:Slice2:Slice3:SliceSlice4:Slice5:rt-Slice6:Slice7:Slice8:Slice9:mix-Slice10:mix-Slice11:mix-Slice12:Slice13:Slice14:Slice15:Reserved[SwitchA]policy-route[SwitchA]policy-routemode[SwitchA]aclresourceslot4ingressslice8modert-policy[SwitchA]policy-routemodeswitch[SwitchA]policy-route[SwitchA]policy-routemodeswitch[SwitchA]policy-routeswitch123permit[SwitchA-policy-route-switch-123]matchdst-ip[SwitchA-policy-route-switch-123]matchprotocolUDPdst-port6000to6000[SwitchA-policy-route-switch-123]setoutput-interfacevlan-if300next-hopINSPURS9800INSPURS9800DHCP\h\h\h\h用客户端/IPIP地址等客户端通过动态分配方式获取到的\hP地址但是如果客户端想要继续使用该地址的话，可以通过主动续约的方式获取该地址的使用权。在地址租约到期前，客户端主动给服务器发送续约报文，如果服务器确定该地址能继续给该客户端使DHCPIP地址。12-1DHCPDHCPServerIPDHCPServerIP地址能12-2DHCPServer[INSPUR]vlan2[INSPUR-vlan2]portgige0_1[INSPUR]interfacevlan-if2[INSPUR-vlan-if2]ipaddress/24[INSPUR]dhcp[INSPUR]dhcpserverpool[INSPUR-dhcp-pool-192]addressrange00024[INSPUR-dhcp-pool-192]bindinginterfacevlan-if2[INSPUR-dhcp-pool-192]static-bindip-address20mac-address00:10:94:00:00:01client-nameadministrator[INSPUR]dhcpserverenable[INSPUR]vlan[INSPUR]vlan[INSPUR-vlan2]portgige0_1[INSPUR-vlan2]portgige0_2[INSPUR-vlan2]port<INSPUR>show<INSPUR>showdhcpserverpool192Pool192:Addressrange:0to :Leasetime:1days0hours0Staticbindipaddress20macaddressHostAHostBDHCPServerIP地址DHCPDHCPDHCPServer不在同一网段时，DHCPServer收不到客户端发送地址请求12-3DHCPif2/24IP/24gige0_2vlan-if3。[INSPUR]vlan2[INSPUR-vlan2]portgige0_1[INSPUR]interfacevlan-if2[INSPUR-vlan-if2]ipaddress/24[INSPUR]vlan[INSPUR-vlan3]portgige0_2[INSPUR]interfacevlan-[INSPUR]vlan2[INSPUR-vlan2]portgige0_1[INSPUR]interfacevlan-if2[INSPUR-vlan-if2]ipaddress/24[INSPUR]dhcp[INSPUR]dhcpserverpool[INSPUR-dhcp-pool-192]addressrange05024[INSPUR-dhcp-pool-192]bindinginterfacevlan-if2[INSPUR-dhcp-pool-192]dns-server[INSPUR]dhcpserver[INSPUR]iprouteif2/24IP/24gige0_2vlan-if3。[INSPUR-vlan-if3]ip[INSPUR-vlan-if3]ipaddress/24[INSPUR]interface[INSPUR]interfacevlan[INSPUR-vlan-if3]dhcprelayserver-address[INSPUR]dhcprelayDHCPSnoopingDHCPDHCP服务器上获取地址，DHCPDHCPSnooping功能，合法服务器和DHCPsnoopingIPMAC地址的对应关系。IP地址。12-4DHCPSnoopingSW2DHCPSnoopinggige0_1端口为信任端口，其余端口为非信任端IPMAC地址功能。[INSPUR]vlan2[INSPUR-vlan2]portgige0_1[INSPUR]interfacevlan-if2[INSPUR-vlan-if2]ipaddress/24[INSPUR]dhcpserverpool192[INSPUR-dhcp-pool-192]addressrange00024[INSPUR-dhcp-pool-192]bindinginterfacevlan-if2[INSPUR-dhcp-pool-192]dns-server[INSPUR]dhcpserver[INSPUR]vlan2[INSPUR-vlan2]port[INSPUR-vlan2]portgige0_2[INSPUR-vlan2]portSW2DHCPSnoopinggige0_1端口为信任端口，其余端口为非信任端[INSPUR]interfacegige0_1[INSPUR-gige0_1]dhcpsnooping[INSPUR]dhcpsnooping<INSPUR>showdhcpDhcpSnoopingINSPURS9800INSPURS9800QoSQoS（QualityofService，服务质量）QoS可以保障业务带宽的优先级最高，使其数据优先转发。COS、DSCP、IPCOS队列的8COS0-7表示，COS数值大WRRWDRRCOS队列的转发比例，即权重值。13-213-2QoSSWgige0_2QoSWRR771的3。[INSPUR]interfacegige0_0[INSPUR-gige0_0]qos[INSPUR]interfacegige0_0[INSPUR-gige0_0]qostrustport[INSPUR-gige0_0]qosmapport-cos7[INSPUR-gige0_0]interfacegige0_1[INSPUR-gige0_1]qostrustport[INSPUR-gige0_1]qosmapport-cos1SWgige0_2QoSWRR771的3。[INSPUR]interface[INSPUR]interface[INSPUR-gige0_2]qosschedulerwrr[INSPUR-gige0_2]qoswrrqueue7weight[INSPUR-gige0_2]qoswrrqueue1weightgige0_0gige0_170%带30%带宽数据转发。INSPURS9800INSPURS9800ACLACL（AccessControlList，访问控制列表）即通过配置对报文的匹配条件和处理动作而实现报文根据当前接口上配置的ACL表项对报文内容进行解析和匹配，对能够匹配到的报文进行相应动作ACLACL号、IP优先级、ToS/DSCP优先级、物理端口。端口号、IP优先级、ToS/DSCP优先级、物理端口。MAC/IPv4IPv4MACIPVLANID、802.1p优先级、物理端口。ID、802.1p优先级、物理端口。匹配报文的源MACMAC和掩码进行按位与操作得MAC1，ACLMAC与掩码进行按位与得MAC2，若MAC1与MAC2相同则为匹配匹配报文的目的MACMAC和掩码进行按位与操作得MAC1，ACLMACMAC2，若MAC1与MAC2相同则为匹配匹配报文的源IPIPIP1，ACL源IP匹配报文的目的IPIPIP1，ACL目匹配报文的源IPv6匹配报文的目的IPv6IPv6ip1，ACLIPv6ip2ip1与ip2相IP匹配报文的IPIPIP匹配IP匹配IPVLAN匹配报文外层VLAN标签中的VLANID。只有一层VLAN标签时，即检查该层VLAN标签的VLANID最小值且小于等于ACL的VLANID最大匹配报文ToS/DSCPToS/DSCP优先级等于ACLToS/DSCP优先ACL）属于ACL物理端口中的一个则为匹配。MAC/IPv4绑定功能时，需MAC/IPv4ACLIPv4MAC/IPv4aclresourceslotxxingressegressslicexxmodemac|ipv4|ipv6|mac-ipv4|mac-ipv6|portal|portal-ipv6|rt-policy|ipv4-vlan|ipv6-vlanIPv4ACL[INSPUR]aclmodeipv4ingress（/24[INSPUR-acl-ipv4-ingress]ruleT1source/24destinationhost00interfacegige4_0actiondropSwitchshowaclmodeipv4ingressruleT1ACL[INSPUR][INSPUR]showaclmodeipv4ingressrule--------RuleT1'spriorityis1andtakes1SourceDestinationhostInports:gige4_0.DropifIPv6ACLsliceIPv6ACLSwitch4槽部分ACLsliceIPv6ACL。[INSPUR]aclresourceslot4ingressslice3mode[INSPUR]aclmodeipv6ingress（03::/6~08::/64[INSPUR-acl-ipv6-ingress]ruleR1source2003::/642004::/642005::/642006::/642007::/642008::/64destinationhost3000::10interfacegige4_3actiondropSwitchshowaclmodeipv6ingressruleR1ACL[INSPUR]show[INSPUR]showaclmodeipv6ingressrule--------RuleR1'spriorityis3andtakes1SourceIPv6/prefix:2003::/64.IPv6/prefix:2004::/64.IPv6/prefix:2005::/64.IPv6/prefix:2006::/64.IPv6/prefix:2007::/64.IPv6/prefix:DestinationHostIPv6:Inports:Dropifmatched.3000::10，而研发部则不受任MACACL某公司研发部和管理部均部署了网络视频设备，这些视频设备的MAC000f-c2xx-xxxx，现8:3018:00的上班时间段向外网发送数据。IPMACMAC地址前缀MAC地址掩码的方式来进行同时匹配ACLsliceMACACL。[INSPUR]aclresourceslot1ingressslice