华为Quidway S6506R开局文档
- 格式:doc
- 大小:46.50 KB
- 文档页数:3
摘要本论文是根据我企业单位实际情况,在原有电脑设施的基础上,建立企业内部的局域网并与 Internet网相连接,这一网络化建设,是实现企业信息化管理的发展方向。
本毕业设计将主要以我们单位企业局域网网络建设过程可能用到的各种技术及实施方案为设计方向,为我们企业定做了一套信息化建设网络方案,为我们企业网络的建设提供理论依据和实践指导。
我单位是一家金融单位,对网络的安全性质较高,为了实现这一要求使用了冗余热备份,使用负载均衡功能,VLAN和防火墙等相关的措施。
在这里使用到了交换技术、路由技术、防火墙技术等。
这次局域网的建设主要解决了因单位的规模扩大,网络信息点不够用和网络速度上的优化。
第一章概述随着计算机信息产业技术的普及和发展,各企业单位的计算机应用越来越广泛。
通过信息化提高企业的竞争力已成为大多数企业的共识,但尚有不少企业的管理者往往认为买了电脑就万事大吉,却不知来建立企业内部的局域网并联接国际网联网信息化能够有效重复和加强协作,从而提高效率。
企业要实现信息化管理,首要的条件就是建立企业局域网,然后在该系统的基础上开发应用各种基础和专业软件。
网络化可以有效地实现企业内部的资源共享、信息发布、技术交流、生产组织。
此外,还可以通过这个网络连接到世界上其它计算机,使得企业方便地实现与外部的交流。
我公司在2栋大楼的5层中,要将两栋大楼的房间组建成一个局域网,网络技术选择了以太网技术,交换技术,冗余技术等。
由于单位目前员工和业务量的增加需要对局域网进行建设。
要求局域网主干线路为千兆,到桌面为百兆。
从而使公司有一个良好稳定的办公网络。
第二章需求分析2.1 系统现状分析企业内共计300台计算机,2台服务器;分布在2栋5层楼中,每层楼高4米,两栋楼间距为30米,每座楼高20米,长60米,宽18米,每层楼有12个工作间,1个会议室。
要将2栋大楼的所有房间成一个局域网,每个工作间要求有3个信息点,会议室要求有4个信息点。
目录第一章端口操作 31.1配置以太网端口描述 31.2配置端口工作模式 31.3配置以太网端口速率 41.4配置自协商模式 41.5 Telnet 配置 41.6 IP+MAC+端口绑定 51.7堆叠管理配置 51.8端口操作实验 5第二章VLAN操作72.1 VLAN的创建与删除72.2 配置VLAN端口72.3 VLAN监控和维护72.4 VLAN间路由82.5VLAN操作实验8第三章QACL访问控制列表操作103.1访问控制列表ACL 103.2访问控制列表的子规则113.3 激活访问控制列表113.4访问控制列表实验12第四章Spanning Tree配置134.1开启/关闭端口Spanning Tree特性134.2 Spanning Tree监控和维护134.3 Spanning Tree配置实验14第五章系统网络管理155.1设置团体名(Community Name)155.2设置管理员的标识及联系方法(sysContact)165.3允许或禁止发送Trap 165.4设置本地或远端设备的名字165.5设置或删除一个SNMP的组165.6设置或取消Trap目标主机的地址175.7设置或取消S8016路由交换机的位置(sysLocation)17 5.8指定发送Trap 的源地址175.9 SNMP的组添加或删除一个新用户185.10创建/更新视图的信息或删除视图185.11监控和维护18第一章端口操作以太网端口配置包括:进入以太网端口视图λ打开/关闭以太网端口λλ对以太网端口进行描述设置以太网端口双工状态λλ设置以太网端口速率S8016路由交换机支持两种类型的以太网接口板:快速以太网板(FE)和千兆以太网板(GE)。
快速以太网可提供16个百兆端口;千兆以太网板可提供4个千兆(又称吉比特)端口。
1.1配置以太网端口描述请在以太网或吉比特以太网接口配置模式下进行下列配置。
配置以太网端口描述操作命令设置以太网端口描述description ethernet-description恢复以太网端口缺省描述undo description1.2配置端口工作模式以太网接口有全双工和半双工两种工作模式,在接口模式下可通过以下命令来进行配置。
华为网络原理——根据S6506R操作手册节选华为网络原理——根据S6506R操作手册节选我这里只讲原理,因为配置命令各个厂商之间并不是通用的。
第1章以太网端口配置1.1 以太网端口简介S6500 系列以太网交换机支持的以太网端口特性如下:10Base-T/100Base-TX 以太网端口支持MDI/MDI-X 自适应,可以工作在半双工、全双工或自协商模式下,可以与其他网络设备协商确定工作方式和速率,自动选择最合适的工作方式和速率。
100BaseFX-SMF/MMF 以太网端口工作在百兆全双工模式下。
双工模式可以设置为full(全双工)和auto(自协商),速率可以设置为100(100Mbit/s)和auto(自协商)。
1000Base-X(GBIC)和1000Base-X(SFP)以太网端口工作在千兆全双工模式下。
双工模式可以设置为full(全双工)和auto(自协商),速率可以设置为1000(1000Mbit/s)和auto(自协商)。
10/100/1000Base-T 以太网端口支持MDI/MDI-X 自适应,工作方式为:1000M全双工,100M 半双工/全双工或10M 半双工/全双工。
对于万兆以太网端口,双工模式只能设置为full(全双工),速率只能设置为10000(10000Mbit/s)。
1.2.4 设置以太网端口双工状态当希望端口在发送数据包的同时可以接收数据包,可以将端口设置为全双工属性;当希望端口同一时刻只能发送数据包或接收数据包时,可以将端口设置为半双工属性;当设置端口为自协商状态时,端口的双工状态由本端口和对端端口自动协商而定。
缺省情况下,端口的双工状态为auto(自协商)状态。
1.2.5 设置以太网端口速率可以使用以下命令对以太网端口的速率进行设置,当设置端口速率为自协商状态时,端口的速率由本端口和对端端口双方自动协商而定。
缺省情况下,以太网端口的速率处于auto(自协商)状态。
华为QuidWay交换机配置命令手册介绍交换机的主要功能包括物理编址、网络拓扑结构、错误校验、帧序列以及流控。
交换机还具备了一些新的功能,如对VLAN(虚拟局域网)的支持、对链路汇聚的支持,甚至有的还具有防火墙的功能。
有用户对华为QuidWay交换机配置不太熟悉,下面一起看看命令手册,需要配置华为交换机的朋友可以参考下方法步骤1、开始建立本地配置环境,将主机的串口通过配置电缆与以太网交换机的Console口连接。
在主机上运行终端仿真程序(如Windows的超级终端等),设置终端通信参数为:波特率为9600bit/s、8位数据位、1位停止位、无校验和无流控,并选择终端类型为VT100。
以太网交换机上电,终端上显示以太网交换机自检信息,自检结束后提示用户键入回车,之后将出现命令行提示符(如)。
键入命令,配置以太网交换机或查看以太网交换机运行状态。
需要帮助可以随时键入"?"2、命令视图(1)用户视图(查看交换机的简单运行状态和统计信息):与交换机建立连接即进入(2)系统视图(配置系统参数)[Quidway]:在用户视图下键入system-view(3)以太网端口视图(配置以太网端口参数)[Quidway-Ethernet0/1]:在系统视图下键入interface ethernet 0/1(4)VLAN视图(配置VLAN参数)[Quidway-Vlan1]:在系统视图下键入vlan 1(5)VLAN接口视图(配置VLAN和VLAN汇聚对应的IP接口参数)[Quidway-Vlan-interface1]:在系统视图下键入interface vlan-interface 1(6)本地用户视图(配置本地用户参数)[Quidway-luser-user1]:在系统视图下键入local-user user1(7)用户界面视图(配置用户界面参数)[Quidway-ui0]:在系统视图下键入user-interface3、其他命令设置系统时间和时区clock time Beijing add 8clock datetime 12:00:00 2005/01/23设置交换机的名称[Quidway]sysname TRAIN-3026-1[TRAIN-3026-1]配置用户登录[Quidway]user-interface vty 0 4[Quidway-ui-vty0]authentication-mode scheme创建本地用户[Quidway]local-user huawei[Quidway-luser-huawei]password simple huawei[Quidway-luser-huawei] service-type telnet level 34、VLAN配置方法『配置环境参数』SwitchA端口E0/1属于VLAN2,E0/2属于VLAN3『组网需求』把交换机端口E0/1加入到VLAN2 ,E0/2加入到VLAN3数据配置步骤『VLAN配置流程』(1)缺省情况下所有端口都属于VLAN 1,并且端口是access端口,一个access端口只能属于一个vlan;(2)如果端口是access端口,则把端口加入到另外一个vlan的同时,系统自动把该端口从原来的vlan中删除掉;(3)除了VLAN1,如果VLAN XX不存在,在系统视图下键入VLAN XX,则创建VLAN XX并进入VLAN视图;如果VLAN XX已经存在,则进入VLAN视图。
访问以太网交换机目录目录第1章产品介绍 ....................................................................................................................... 1-11.1 产品简介............................................................................................................................. 1-11.2 功能特性列表 ..................................................................................................................... 1-2 第2章访问以太网交换机......................................................................................................... 2-12.1 通过配置口访问以太网交换机............................................................................................ 2-12.2 通过Telnet访问以太网交换机........................................................................................... 2-32.2.1 通过微机Telnet到以太网交换机............................................................................. 2-32.2.2 通过以太网交换机Telnet到以太网交换机 .............................................................. 2-52.3 通过Modem拨号访问以太网交换机.................................................................................. 2-62.4 Line配置 ............................................................................................................................ 2-82.4.1 Line简介.................................................................................................................. 2-82.4.2 Line配置.................................................................................................................. 2-92.4.3 进入Line配置模式 ................................................................................................ 2-102.4.4 配置AUX(即Console)口属性........................................................................... 2-102.4.5 配置终端属性......................................................................................................... 2-112.4.6 Line用户配置 ........................................................................................................ 2-132.4.7 Modem属性配置................................................................................................... 2-162.4.8配置重定向功能 .................................................................................................... 2-162.4.9 Line的监控和维护................................................................................................. 2-17 第3章命令行接口.................................................................................................................... 3-13.1 命令行接口......................................................................................................................... 3-13.2 命令行模式......................................................................................................................... 3-13.3 命令行特性功能.................................................................................................................. 3-43.3.1 命令行在线帮助....................................................................................................... 3-43.3.2 命令行错误信息....................................................................................................... 3-73.3.3 历史命令.................................................................................................................. 3-83.3.4编辑特性 ................................................................................................................. 3-83.3.5显示特性 ................................................................................................................. 3-9第1章产品介绍1.1 产品简介随着Internet市场的不断发展,用户对通信的需求已从传统的电话、传真、电报等低速业务逐渐向高速的Internet接入、可视电话、视频点播(Video OnDemand,VOD)等宽带业务领域延伸。
端口配置目录目录第1章以太网端口配置 ........................................................................................................... 1-11.1 以太网端口简介................................................................................................................. 1-11.2 以太网端口配置................................................................................................................. 1-21.2.1 以太网端口配置任务列表........................................................................................ 1-21.2.2 进入以太网端口配置模式........................................................................................ 1-21.2.3关闭/打开以太网端口 ............................................................................................. 1-31.2.4 设置以太网端口的描述字符串................................................................................. 1-31.2.5设置以太网端口的双工状态 .................................................................................... 1-41.2.6设置以太网端口的速率 ........................................................................................... 1-41.2.7 设置以太网端口的流量控制 .................................................................................... 1-51.2.8 禁止/允许长帧通过千兆以太网端口 ........................................................................ 1-51.2.9 禁止/允许以太网端口进行MAC地址学习 .............................................................. 1-61.2.10 设置以太网端口的链路环回检测功能.................................................................... 1-61.2.11设置以太网端口的优先级...................................................................................... 1-71.2.12将以太网端口设置为Trunk端口........................................................................... 1-71.2.13设置Trunk端口的属性 ......................................................................................... 1-81.2.14指定以太网端口所属的VLAN ............................................................................... 1-81.3 以太网端口的监控与维护 .................................................................................................. 1-91.4 以太网端口配置举例........................................................................................................ 1-101.4.1配置Trunk端口.................................................................................................... 1-101.5 以太网端口配置排错........................................................................................................ 1-11 第2章以太网端口汇聚配置 .................................................................................................... 2-12.1 以太网端口汇聚简介.......................................................................................................... 2-12.2 以太网端口汇聚配置.......................................................................................................... 2-12.2.1 以太网端口汇聚配置任务列表................................................................................. 2-12.2.2 将一组以太网端口设置为同一个汇聚组的成员 ....................................................... 2-12.3 以太网端口汇聚的监控与维护 ........................................................................................... 2-22.4 以太网端口汇聚典型配置举例 ........................................................................................... 2-22.4.1 配置参与汇聚的以太网端口 .................................................................................... 2-22.5 以太网端口汇聚故障的诊断与排除.................................................................................... 2-3第1章以太网端口配置1.1 以太网端口简介S6506以太网交换机在顶端交换路由处理板的面板上提供1个固定的10BASE-T以太网接口,用于配置交换机或升级交换机的主体软件;在机柜正面提供6个业务接口板插槽,每个插槽均可以插接以下五种业务接口板中的一种:●8端口GBIC千兆以太光口交换板;●8端口千兆以太电口交换板;●8端口10/100/1000BaseT千兆以太网业务板;●24端口百兆以太光口交换板;●48端口百兆以太电口交换板。
华三交换机命令大全文件管理序列号:[K8UY-K9IO69-O6M243-OL889-F88688]一、<Quidway>system 进入使能模式password:~~~~~~~~~~[Quidway]super password 修改特权用户密码[Quidway]sysname 交换机命名[Quidway]interface ethernet 0/1 进入接口视图[Quidway]interface vlan x 进入接口视图=网关[Quidway]user-interface vty 0 4[S3026-ui-vty0-4]authentication-mode password[S3026-ui-vty0-4]set authentication-mode password simple 222 [S3026-ui-vty0-4]user privilege level 3[Quidway-Ethernet0/1]duplex {half|full|auto} 配置端口双工工作状态[Quidway-Ethernet0/1]speed {10|100|auto} 配置端口工作速率[Quidway-Ethernet0/1]flow-control 配置端口流控[Quidway-Ethernet0/1]mdi {across|auto|normal} 配置端口MDI/MDIX 状态平接或扭接[Quidway-Ethernet0/1]port link-type {trunk|access|hybrid} 接口工作模式[Quidway-Ethernet0/1]shutdown 关闭/重起接口[Quidway-Ethernet0/2]quit 退出视图[Quidway]vlan 3 创建/删除一个VLAN/进入VLAN模式[Quidway-vlan3]port ethernet 0/1 to ethernet 0/4 在当前VLAN增加/删除以太网接口[Quidway-Ethernet0/2]port access vlan 3 将当前接口加入到指定VLAN[Quidway-Ethernet0/2]port trunk permit vlan {ID|All} 设trunk允许的VLAN[Quidway-Ethernet0/2]port trunk pvid vlan 3 设置trunk端口的PVID[Quidway]monitor-port <interface_type interface_num> 指定和清除镜像端口[Quidway]port mirror <interface_type interface_num> 指定和清除被镜像端口[Quidway]port mirror int_list observing-port int_type int_num 指定镜像和被镜像[Quidway]description string 指定VLAN描述字符[Quidway]description 删除VLAN描述字符[Quidway] vlan [vlan_id]查看VLAN设置[Quidway] {enable|disable} 开启/关闭生成树,默认关闭[Quidway]stp priority 4096 设置交换机的优先级[Quidway]stp root{primary|secondary} 设置交换机为根或根的备份[Quidway-Ethernet0/1]stp cost 200 设置交换机端口的花费[SwitchA-vlanx]isolate-user-vlan enable 设置主vlan[SwitchA]Isolate-user-vlan <x> secondary <list> 设置主vlan包括的子vlan[Quidway-Ethernet0/2]port hybrid pvid vlan <id> 设置vlan的pvid[Quidway-Ethernet0/2]port hybrid pvid 删除vlan的pvid[Quidway-Ethernet0/2]port hybrid vlan vlan_id_list untagged 设置无标识的vlan如果包的vlan id与PVId一致,则去掉vlan信息. 默认PVID=1。
路由协议配置目录目录第6章IP路由策略配置........................................................................................................... 6-16.1 IP路由策略简介................................................................................................................. 6-16.2 IP路由策略配置................................................................................................................. 6-36.2.1 IP路由策略配置任务列表........................................................................................ 6-36.2.2 定义Route-map ...................................................................................................... 6-36.2.3 定义Route-map的match子句 .............................................................................. 6-46.2.4 定义Route-map的set子句 ................................................................................... 6-56.2.5 引入其它路由协议发现的路由信息 ......................................................................... 6-66.2.6 定义地址前缀列表................................................................................................... 6-76.2.7 配置路由过滤.......................................................................................................... 6-76.3 IP路由策略的监控与维护................................................................................................... 6-96.4 IP路由策略典型配置举例................................................................................................. 6-106.4.1 配置过滤接收的路由信息...................................................................................... 6-10第6章 IP路由策略配置6.1 IP路由策略简介路由器在发布与接收路由信息时,可能需要实施一些策略,对路由信息进行过滤,比如只希望接收或发布一部分满足给定条件的路由信息;一种路由协议(如RIP)可能需要引入(redistribute)其它的路由协议(如OSPF)发现的路由信息,从而丰富自己的路由知识;在引入其它路由协议的路由信息时,可能需要只引入一部分满足条件的路由信息,并对所引入的路由信息的某些属性进行设置,以使其满足本协议的要求。
目录第1章 VLAN配置...................................................................................................................1-11.1 VLAN简介..........................................................................................................................1-11.1.1 VLAN概述................................................................................................................1-11.1.2 VLAN的划分............................................................................................................1-11.2 VLAN的公共配置................................................................................................................1-21.2.1 创建/删除VLAN........................................................................................................1-21.2.2 设置VLAN广播风暴抑制..........................................................................................1-21.2.3 为VLAN或VLAN接口指定描述字符.........................................................................1-31.2.4 为当前VLAN命名.....................................................................................................1-31.2.5 创建/删除VLAN接口................................................................................................1-41.2.6 打开/关闭VLAN接口................................................................................................1-41.3 基于端口的VLAN配置........................................................................................................1-51.3.1 为VLAN指定以太网端口..........................................................................................1-51.4 基于协议的VLAN配置........................................................................................................1-51.4.1 创建/删除VLAN的协议类型和封装格式...................................................................1-51.4.2 在指定端口下创建/删除基于协议的VLAN................................................................1-61.4.3 在指定单板上创建/删除基于协议的VLAN................................................................1-71.5 VLAN显示和调试................................................................................................................1-81.6 VLAN典型配置举例............................................................................................................1-8第2章 GARP/GVRP配置.......................................................................................................2-12.1 GARP配置..........................................................................................................................2-12.1.1 GARP协议简介........................................................................................................2-12.1.2 配置GARP定时器参数.............................................................................................2-22.1.3 GARP显示和调试....................................................................................................2-32.2 GVRP配置..........................................................................................................................2-32.2.1 GVRP协议简介........................................................................................................2-32.2.2 全局开启/关闭GVRP...............................................................................................2-42.2.3 端口开启/关闭GVRP...............................................................................................2-42.2.4 配置GVRP注册类型................................................................................................2-52.2.5 GVRP显示和调试....................................................................................................2-52.2.6 GVRP典型配置举例................................................................................................2-6第3章 Super VLAN................................................................................................................3-13.1 Super VLAN简介................................................................................................................3-13.2 Super VLAN配置................................................................................................................3-13.2.1 配置VLAN类型为Super VLAN.................................................................................3-13.2.2 配置Sub VLAN........................................................................................................3-23.2.3 配置Super VLAN和Sub VLAN间的映射关系...........................................................3-2 3.3 Super VLAN显示和调试.....................................................................................................3-3 3.4 Super VLAN典型配置举例.................................................................................................3-31.1.1 VLAN 概述VLAN (Virtual Local Area Network ),是一种通过将局域网内的设备逻辑地而不是成不同的广播域(或称虚VLAN 中,从而1.1.2 VLAN 式的不同,VLAN 可以分成以下四类:z 基于MAC 地址划分的VLAN z系列交换机支持基于端口划分的VLAN 和基于网络层划分的VLAN 。
竭诚为您提供优质文档/双击可除光纤标签模板篇一:光缆清查的标签及挂牌规范(1)附件一光缆清查的标签及挂牌规范一、线路标签规范:1、重要用户用红色标签,其它用户用白色标签2、光交内标签模板:用户名称(1、2)--光交孺子路三楼传输机(电路名称)注:用户名称处必须标清用户占用的纤芯数最后落地机房的具体位置必须标清。
电路名称为:开通的是传输业务还是数据业务3、机房内跳纤标签模板:用户名称(1、2)--光交孺子路三楼传输机(电路名称)本机房odF00305k1k2---odF00404k1k2注:跳纤信息内注明是本机房内跳纤还是跨机房跳纤电路名称为:开通的是传输业务还是数据业务4、传输设备现场贴标规范(1)标签的尺寸标签的大小为宽3.8cm,高2.5cm,具体形状如下:目前机房使用的外购标签形状示意图沿虚线对折标签均分为二,上半部分文字和下半部分文字方向相反,在标签对折后要使得标签文字方向一致。
(2)标签的颜色大客户标签选择红色,其他标签选择白色。
(3)设备尾纤标签规范所有设备和线缆都必须粘贴标签,标签描述设备名称、物理位置、本端信息、对端信息等内容。
在每一条链路的两端粘贴标签,两端标签的字体、纸张、描述内容、粘贴时间等都应一致,并全部采用标签打印机打印的标签。
设备尾纤标签分两面打印,正面第一行描述本端网元(网元id、原名称)和端口信息,并注明是收还是发,如果是pdh设备,请注明pdh设备所在机架、板位和端口号,第二行描述电路名称信息;反面第一行是对端关联信息,或者是对端odF位置,或者是对端设备信息(描述网元和端口信息),其标签格式如下:本端设备信息;举例一1-孺子路”华为10g的622m光口,由于有收发方向,必须贴两张标签,标签(白色),具体如下:标签一正面:标签一反面:标签二正面:标签二反面:举例二35-枢三楼扩展6-slq4-1收2500+至metRo5000的622m 环1-孺子路3楼4-slq4a-2发电路名称:odF(或者对端设备信息):35-枢三楼扩展6-slq4-1发2500+至metRo5000的622m环1-孺子路3楼4-slq4a-2收602-蛟桥的,该10g为至安义龙津的10g,且为中继电路,由于有收发方向,必须贴两张标签,其标签(白色)如下:602-蛟桥-24-jl64-1发标签一正面:标签一反面:标签二正面:标签二反面:蛟桥至安义龙津华为10godF7/1/10蛟桥至安义龙津华为10godF7/1/225(1)所有设备和线缆都必须粘贴标签,标签描述设备名称、物理位置ip地址、本端信息、对端信息等内容。
目录第1章 HABP命令..................................................................................................................1-11.1 HABP命令.........................................................................................................................1-11.1.1 display debugging habp..........................................................................................1-11.1.2 display habp............................................................................................................1-11.1.3 display habp table...................................................................................................1-21.1.4 display habp traffic..................................................................................................1-31.1.5 habp enable.............................................................................................................1-41.1.6 habp server vlan......................................................................................................1-51.1.7 habp timer...............................................................................................................1-5第2章 HGMP V2配置命令.....................................................................................................2-12.1 NDP配置命令....................................................................................................................2-12.1.1 display ndp..............................................................................................................2-12.1.2 ndp enable...............................................................................................................2-42.1.3 ndp timer aging........................................................................................................2-52.1.4 ndp timer hello.........................................................................................................2-62.1.5 reset ndp statistics..................................................................................................2-62.2 NTDP配置命令..................................................................................................................2-72.2.1 display ntdp.............................................................................................................2-72.2.2 display ntdp device-list............................................................................................2-82.2.3 ntdp explore...........................................................................................................2-102.2.4 ntdp hop................................................................................................................2-112.2.5 ntdp enable............................................................................................................2-122.2.6 ntdp timer..............................................................................................................2-122.2.7 ntdp timer hop-delay.............................................................................................2-132.2.8 ntdp timer port-delay.............................................................................................2-142.3 集群配置命令...................................................................................................................2-152.3.1 add-member..........................................................................................................2-152.3.2 auto-build...............................................................................................................2-162.3.3 build.......................................................................................................................2-162.3.4 cluster....................................................................................................................2-172.3.5 cluster enable........................................................................................................2-182.3.6 cluster switch-to.....................................................................................................2-192.3.7 administrator-address...........................................................................................2-202.3.8 delete-member......................................................................................................2-202.3.9 display cluster........................................................................................................2-212.3.10 display cluster candidates...................................................................................2-232.3.11 display cluster members.....................................................................................2-242.3.12 ftp-server.............................................................................................................2-272.3.13 holdtime...............................................................................................................2-272.3.14 ip-pool..................................................................................................................2-28 2.3.15 logging-host.........................................................................................................2-29 2.3.16 port-tagged..........................................................................................................2-30 2.3.17 reboot member....................................................................................................2-31 2.3.18 snmp-host............................................................................................................2-31 2.3.19 tftp-server............................................................................................................2-32 2.3.20 timer....................................................................................................................2-33第1章 HABP命令1.1 HABP命令1.1.1 display debugging habp【命令】display debugging habp【视图】所有视图【参数】无【描述】display debugging habp命令用来显示HABP的调试开关状态。
华为S6506R设备维护指导手册一、华为S6506R功能简介华为S6506R以太网交换机是华为开发的一系列大容量、模块化、L2/L3线速以太网交换机,支持双交换引擎,提供引擎的冗余备份(双引擎各占1个槽位)及6个业务板槽位。
目前应用在忻州、原平、代县、五台、保德、偏关、神池、五寨、岢岚、静乐、宁武。
二、华为S6506R设备简介1、S6506R以太网交换机的机箱及槽位示意图如下:SRPU:Switch & Route Processing Unit,交换路由板LPU:Line Processing Unit,线路处理板(简称业务板)PWR:Power,电源模块FAN:风扇框各部分模块均支持热插拔功能,其中:单板区共有8个横插拔的单板槽位,最上面的2个槽位固定为交换路由板(SRPU)槽位,S6506R以太网交换机为用户提供了SRPU 冗余备份功能,其余6个槽位为业务板槽位,支持各种业务板的混插。
风扇区位于机箱的右侧,为竖插拔结构。
电源区位于机箱的底部,对应交流(AC)输入、直流(DC)输入两种供电方式,需分别选用交流电源模块、直流电源模块。
2、板卡介绍2.1 SRPUSRPU上依次排列有CF卡接口、4个1000Base-X-SFP接口、Console 口、10Base-T/100Base-TX接口、系统状态指示灯、系统复位键(RESET),其面板图如下所示。
Salience III (LS81SRPG)面板示意图CF卡接口面板开口,支持标准的CF卡热插拔,可以用来存放主机版本,能方便地进行交换机软件的在线升级。
Console口该接口采用RJ45连接器,使用普通异步串行口电缆,既可用来连接终端计算机以进行系统的本地调试、配置、维护、管理及主机软件程序加载等工作,也可用来连接Modem设备以进行系统的远程调试、配置、维护、管理等工作。
管理用以太网口(10Base-T/100Base-TX)该接口采用RJ45连接器,可用来连接计算机以进行系统的程序加载、调试等工作,也可以接远端的网管工作站等设备以实现系统的远程管理。
路由协议配置目录目录第2章静态路由配置 ............................................................................................................... 2-12.1 静态路由简介..................................................................................................................... 2-12.1.1 静态路由的属性及功能 ........................................................................................... 2-12.1.2 缺省路由 ................................................................................................................. 2-12.2 静态路由配置..................................................................................................................... 2-22.2.1 静态路由配置任务列表 ........................................................................................... 2-22.2.2 设置静态路由.......................................................................................................... 2-22.2.3 设置缺省路由.......................................................................................................... 2-32.3 静态路由的监控与维护...................................................................................................... 2-32.4 静态路由典型配置举例...................................................................................................... 2-62.5 静态路由故障的诊断与排除............................................................................................... 2-8第2章静态路由配置2.1 静态路由简介2.1.1 静态路由的属性及功能静态路由是一种特殊的路由,它是由网络管理员手工设置的。
1.1 BOOT菜单Quidway S6506交换机上电后,将首先运行BOOTROM程序,终端屏幕上显示如下信息:******************************************************* Quidway S6500 BOOTROM, Version 500 *******************************************************Copyright(C) 2001-2005 by HUAWEI TECHNOLOGIES CO.LTD.Creation date: Aug 2 2002, 09:31:49CPU type : MPC8260CPU Clock Speed : 200MhzBUS Clock Speed : 66MhzMemory Size : 128MBS6506 main board self testing...............................60X_SDRAM Data lines Selftest.............................OK!60X_SDRAM Address lines Selftest..........................OK!60X_SDRAM fast selftest...................................OK!LOCAL_SDRAM Data lines Selftest...........................OK!LOCAL_SDRAM Address lines Selftest........................OK!LOCAL_SDRAM fast selftest.................................OK!Please check LEDs......................Led selftest finished!Switch chip selftest......................................OK!CPLD selftest.............................................OK!Press Ctrl+B to enter Boot Menu (5)此时,键入<Ctrl+B>,系统将进入BOOT菜单。
……………………………………………………………最新资料推荐…………………………………………………Quidway防火墙 Eudemon1000E 开局指导书华为技术有限公司版权所有侵权必究修订记录目录第1章Quidway Eudemon 1000E产品概述 (1)1.1 系统介绍 (1)1.2 组网介绍 (2)1.3 系统结构介绍 (2)第2章Quidway Eudemon 1000E的特点 (2)2.1 产品系列 (3)2.2 产品优点 (3)2.3 安全域概念介绍 (4)2.3.1 防火墙的域 (4)2.3.2 域间概念 (5)2.3.3 本地域 (6)2.4 防火墙工作模式 (7)2.4.1 防火墙工作模式概述 (7)2.4.2 路由模式 (7)2.4.3 透明模式 (7)2.4.4 混合模式 (8)2.5 访问控制策略和报文过滤 (8)2.5.1 访问控制策略的异同 (8)2.5.2 ACL加速查找 (9)2.5.3 报文过滤规则的应用 (9)2.5.4 防火墙缺省动作 (10)2.6 双机热备 (10)2.6.1 VRRP的应用 (11)2.6.2 传统VRRP在E1000E备份实现的不足 (12)2.6.3 VGMP备份组 (13)2.6.4 HRP备份 (14)2.6.5 VRRP、VGMP和HRP之间的协议层次关系 (14)2.7 NAT介绍 (15)2.7.1 NAT的应用 (15)2.7.2 NAT与VRRP绑定 (16)第3章Quidway Eudemon 1000E数据准备 (16)3.1 初始连接配置 (16)3.1.1 通过Console接口搭建 (16)3.1.2 通过Telnet方式搭建 (19)3.1.3 通过WEB方式接入设备 (21)3.2 设备启动 (22)3.2.1 设备上电 (22)3.3 版本配套 (25)3.3.1 查看当前的软件版本 (25)3.4 软件版本升级 (26)3.5 配置规划 (28)3.5.1 网络拓扑图 (28)3.5.2 系统名 (28)3.5.3 当地时区 (28)3.5.4 远程维护登录帐号/口令和Super密码 (29)3.5.5 区域、接口和IP地址规划 (29)3.5.6 路由规划 (29)3.5.7 访问策略规划 (29)3.5.8 双机热备规划 (30)3.5.9 链路可达性规划 (30)3.5.10会话快速备份规划 (31)3.5.11 NAT规划 (31)3.5.12 NAT与VRRP绑定 (31)第4章Quidway Eudemon 1000E 配置 (32)4.1 时间日期和时区配置 (32)4.2 系统名配置 (32)4.3 远程维护登录帐号/口令和Super密码配置 (33)4.3.1 远程维护登录帐号/口令配置 (33)4.3.2 Super密码配置 (33)4.4 区域、接口和IP地址配置 (34)4.4.1 数据配置步骤 (34)4.4.2 测试验证 (35)4.5 路由配置 (35)4.5.1 缺省路由配置 (35)4.5.2 静态路由配置 (35)4.5.3 动态路由OSPF配置 (35)4.5.4 测试验证 (36)4.6 访问策略控制配置 (36)4.6.1 需求说明 (36)4.6.2 数据配置 (36)4.6.3 测试验证 (37)4.7 双机热备配置 (37)4.7.1 VRRP/VGMP配置 (37)4.7.2 HRP配置 (37)4.7.3 测试验证 (38)4.8 链路可达性配置 (38)4.8.1 配置方法 (38)4.9 会话快速备份配置 (39)4.10 NAT配置 (39)4.10.1 配置地址池与VRRP绑定 (39)4.10.2 配置内部服务器与VRRP绑定 (40)4.10.3 验证测试 (40)第5章Quidway Eudemon 1000E基本维护 (40)5.1 查看软件版本信息 (40)5.2 系统配置文件维护 (41)5.3 查看单板、电源、风扇运行状况 (41)5.4 查看CPU占用率 (41)5.5 查看内存占用率 (41)5.6 查看接口流量 (41)5.7 查看接口、链路状态 (42)5.8 查看日志缓冲区信息 (42)5.9 查看路由表信息 (42)5.10 查看ARP映射表 (42)5.11 查看会话表信息 (42)5.12 收集系统诊断信息 (42)……………………………………………………………最新资料推荐…………………………………………………关键词:Quidway,防火墙,Eudemon1000E,开局指导书摘要:本文结合业务与软件产品线工程师开局需要对华为Quidway局域网交换机数据准备给出指导,并对其常见配置进行描述。
目录第5章交换机的安装..............................................................................................................5-15.1 安装准备工作确认..............................................................................................................5-15.2 安装流程.............................................................................................................................5-15.3 交换机安装于19英寸标准机柜上......................................................................................5-25.4 交换机安装于华为B68-22机柜上.......................................................................................5-25.4.1 B68-22机柜的安装..................................................................................................5-25.4.2 交换机的安装...........................................................................................................5-25.5 交换机安装于工作台上.......................................................................................................5-35.6 地线及电源线的连接..........................................................................................................5-45.6.1 地线的连接..............................................................................................................5-45.6.2 交流电源线的连接....................................................................................................5-65.6.3 直流电源线的连接....................................................................................................5-75.6.4 外置PoE电源线的连接.............................................................................................5-75.7 交换机自带走线架的安装...................................................................................................5-95.8 交换机业务板的安装..........................................................................................................5-95.9 接口线缆的连接................................................................................................................5-105.9.1 配置电缆的连接.....................................................................................................5-105.9.2 备份电缆的连接.....................................................................................................5-105.9.3 外置电源监控口电缆的连接...................................................................................5-125.9.4 5类线的连接..........................................................................................................5-135.9.5 光纤的连接............................................................................................................5-145.10 安装中的布线推荐..........................................................................................................5-165.10.1 交换机单独安装在工作台的情况..........................................................................5-165.10.2 交换机安装在机柜的情况.....................................................................................5-165.11 安装中的电缆捆扎..........................................................................................................5-165.11.1 注意正确使用标签...............................................................................................5-165.11.2 电缆捆扎时的注意事项........................................................................................5-165.12 安装后的检查.................................................................................................................5-19第5章交换机的安装S6500系列交换机要求工作于室内,并且固定使用。
1.1上CPU报文处理各种协议报文和指向S6500本身的报文会通过交换芯片送CPU处理。
S6500报文上送CPU 的方式有以下几种:1、通过ACL copy to CPU(复制一份上CPU)或者redirect to CPU(重定向上CPU);2、匹配各种表项如MAC地址表、路由表送CPU;3、一些特殊的报文如TTL超时报文、IP重定向报文、带IP OPTION的报文,通过设置芯片寄存器上CPU一、如何查看报文上CPU:1)使用平台的系统调试命令,查看相关协议模块的报文收发情况:示例:查看ARP模块接收和发送的报文< S6506R>terminal debugging< S6506R>terminal monitor< S6506R>debugging arp packet二、如果协议模块的报文收发异常,建议从驱动层开始分析:1、确认报文是从那块单板上CPU,特别是对于集中式业务板,有些报文是先上业务板的CPU,然后再转发到主控板CPU,有些报文则是业务板透传到上主控板的CPU。
2、确认上CPU的报文特征,主要有:目的MAC、源MAC、VLAN、帧类型、源IP、目的IP、IP类型、入端口号、广播、多播、单播、CPU接收(RX)、CPU发送(TX)3、使用display rxtx <type> slot <slot>选择要看的报文;4、使用debugging rxtx –c <num> pkt slot <slot>打开调试开关查看报文;举例,查看是否有目的mac为00e0-fc0f-8c06的报文送往5槽位CPU:a) 选择报文:[S6506R S6506R-testdiag]dis rxtx dest_mac 00e0-fc0f-8c06 s 5b) 最多打印10个:< S6506R>debug rxtx -c 10 pkt slot 5结果显示的每个报文的可能形式如下:*0.15515370 S6506R S6506R RXTX/8/pkt: received packet from chip4,port7,reason=0x1000,cos=7,len=68*0.15515491 S6506R S6506R RXTX/8/pkt:---------------------------------------------------------------00 e0 fc 0f 8c 06 00 e0 fc 0a 15 e0 81 00 00 01ff ee 00 05 00 00 00 00 00 37 03 e5 72 24 00 0008 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00---------------------------------------------------------------c) 使用完毕后注意恢复选择开关:[S6506R-testdiag]display rxtx all slot 5三、设置端口镜像,通过专用抓包工具如Sniffer等对报文进行分析:示例:将G5/0/1的入报文和出报文镜像到G5/0/2[S6506R]mirroring-group 1 inbound g5/0/1 mirrored-to g5/0/2[S6506R]mirroring-group 1 outbound g5/0/1 mirrored-to g5/0/2说明:S6500有关镜像的注意事项请参见后面的章节分析完后注意删除已经配置的镜像组1.2报文转发故障排查:一、查询单板状态:1、查看单板状态是否正常,如果单板状态异常,建议复位单板恢复业务。
华为6506带防毒带限速配置#sysname SHENJIJU S6506R#super password level 3 cipher 3ZD(-*`O\D]./a!1$H@GYA!! #local-server nas-ip 127.0.0.1 key huawei#domain default enable system#temperature-limit 0 10 70temperature-limit 2 10 70#poe power max-value 2400#acl mode link-based#radius scheme systemprimary authentication 127.0.0.1 1645primary accounting 127.0.0.1 1646user-name-format without-domain#isis mac#domain systemvlan-assignment-mode integeraccess-limit disablestate activeidle-cut disableself-service-url disablemessenger time disable#local-user bdkjjpassword cipher 5J``ZF'+<6%'JGS]C]&AH1!!service-type telnetlocal-user totalpassword cipher `VM[1OZ_R/:$%I/R9`/*#Q!!service-type telnet#stp TC-protection enable#acl name anti_worm advancedrule 0 deny udp destination-port eq tftprule 1 deny tcp destination-port eq 135rule 2 deny udp destination-port eq 135rule 3 deny udp destination-port eq netbios-nsrule 4 deny udp destination-port eq netbios-dgmrule 5 deny tcp destination-port eq 139rule 6 deny udp destination-port eq netbios-ssnrule 7 deny tcp destination-port eq 445rule 8 deny udp destination-port eq 445rule 9 deny tcp destination-port eq 539rule 10 deny udp destination-port eq 539rule 11 deny tcp destination-port eq 593rule 12 deny udp destination-port eq 593acl name shenjijv-bingdu linkrule 0 deny ingress 00e0-4c3f-4d56 egress any rule 1 deny ingress any egress 00e0-4c3f-4d56 acl name acl_limit0 linkrule 0 permit ingress any egress any#vlan 1#vlan 2#vlan 501description shenjiju#vlan 502description tuanshiwei#vlan 503description fulian#vlan 504description kexie#vlan 505description wenwuju#vlan 506description jijianwei#vlan 507description renshiju#vlan 508description weishengju#vlan 509description jishengwei#vlan 510description dizhengju#vlan 511description wenhuaju#vlan 512description dangshiban#vlan 513description lvyouju#vlan 514description jishengxie#vlan 515description quhuaban#vlan 516description difangzhi&laoganbuchu&zonghechudescription shenjijuip address 10.38.64.1 255.255.255.0#interface Vlan-interface502description tuanshiweiip address 10.38.65.1 255.255.255.128 #interface Vlan-interface503description fulianip address 10.38.65.129 255.255.255.128 #interface Vlan-interface504description kexieip address 10.38.66.1 255.255.255.0#interface Vlan-interface505description wenwujuip address 10.38.74.1 255.255.255.128 #interface Vlan-interface506description jijianweiip address 10.38.67.1 255.255.255.0#interface Vlan-interface507description renshijuip address 10.38.68.1 255.255.255.0#interface Vlan-interface508description weishengjuip address 10.38.69.1 255.255.255.0#interface Vlan-interface509description jishengweiip address 10.38.70.1 255.255.255.0#interface Vlan-interface510description dizhengjuip address 10.38.71.1 255.255.255.0#interface Vlan-interface511description wenhuajuip address 10.38.73.1 255.255.255.0#interface Vlan-interface512description dangshibanip address 10.38.74.129 255.255.255.128 #interface Vlan-interface513description lvyoujuip address 10.38.72.1 255.255.255.0#interface Vlan-interface514description jishengxieip address 10.38.75.1 255.255.255.192 #description difangzhi&laoganbuchu&zonghechuip address 10.38.75.129 255.255.255.192#interface Aux0/0/0#interface M-Ethernet0/0/0#interface Ethernet2/0/1description shenjijubroadcast-suppression 5port access vlan 501qospacket-filter inbound ip-group anti_worm rule 0 system-index 1packet-filter inbound ip-group anti_worm rule 1 system-index 2packet-filter inbound ip-group anti_worm rule 2 system-index 3packet-filter inbound ip-group anti_worm rule 3 system-index 4packet-filter inbound ip-group anti_worm rule 4 system-index 5packet-filter inbound ip-group anti_worm rule 5 system-index 6packet-filter inbound ip-group anti_worm rule 6 system-index 7packet-filter inbound ip-group anti_worm rule 7 system-index 8packet-filter inbound ip-group anti_worm rule 8 system-index 9packet-filter inbound ip-group anti_worm rule 9 system-index 10packet-filter inbound ip-group anti_worm rule 10 system-index 11packet-filter inbound ip-group anti_worm rule 11 system-index 12packet-filter inbound ip-group anti_worm rule 12 system-index 13packet-filter inbound ip-group anti_worm rule 13 system-index 14packet-filter inbound ip-group anti_worm rule 14 system-index 15packet-filter inbound link-group shenjijv-bingdu rule 0 system-index 244 packet-filter inbound link-group shenjijv-bingdu rule 1 system-index 245 traffic-limit inbound link-group acl_limit0 rule 0 system-index 246 kbps 8192 line-rate kbps 6144#interface Ethernet2/0/2description tuanshiweiport access vlan 502qospacket-filter inbound ip-group anti_worm rule 0 system-index 16packet-filter inbound ip-group anti_worm rule 1 system-index 17packet-filter inbound ip-group anti_worm rule 2 system-index 18packet-filter inbound ip-group anti_worm rule 3 system-index 19packet-filter inbound ip-group anti_worm rule 4 system-index 20packet-filter inbound ip-group anti_worm rule 5 system-index 21packet-filter inbound ip-group anti_worm rule 6 system-index 22packet-filter inbound ip-group anti_worm rule 7 system-index 23packet-filter inbound ip-group anti_worm rule 8 system-index 24packet-filter inbound ip-group anti_worm rule 9 system-index 25packet-filter inbound ip-group anti_worm rule 10 system-index 26packet-filter inbound ip-group anti_worm rule 11 system-index 27packet-filter inbound ip-group anti_worm rule 12 system-index 28packet-filter inbound ip-group anti_worm rule 13 system-index 29packet-filter inbound ip-group anti_worm rule 14 system-index 30#interface Ethernet2/0/3description fulianport access vlan 503packet-filter inbound ip-group anti_worm rule 6 system-index 37packet-filter inbound ip-group anti_worm rule 7 system-index 38packet-filter inbound ip-group anti_worm rule 8 system-index 39packet-filter inbound ip-group anti_worm rule 9 system-index 40packet-filter inbound ip-group anti_worm rule 10 system-index 41packet-filter inbound ip-group anti_worm rule 11 system-index 42packet-filter inbound ip-group anti_worm rule 12 system-index 43packet-filter inbound ip-group anti_worm rule 13 system-index 44packet-filter inbound ip-group anti_worm rule 14 system-index 45#interface Ethernet2/0/4description kexieport access vlan 504qospacket-filter inbound ip-group anti_worm rule 0 system-index 46packet-filter inbound ip-group anti_worm rule 1 system-index 47packet-filter inbound ip-group anti_worm rule 2 system-index 48packet-filter inbound ip-group anti_worm rule 3 system-index 49packet-filter inbound ip-group anti_worm rule 4 system-index 50packet-filter inbound ip-group anti_worm rule 5 system-index 51packet-filter inbound ip-group anti_worm rule 6 system-index 52packet-filter inbound ip-group anti_worm rule 7 system-index 53packet-filter inbound ip-group anti_worm rule 8 system-index 54packet-filter inbound ip-group anti_worm rule 9 system-index 55packet-filter inbound ip-group anti_worm rule 10 system-index 56packet-filter inbound ip-group anti_worm rule 11 system-index 57packet-filter inbound ip-group anti_worm rule 12 system-index 58packet-filter inbound ip-group anti_worm rule 13 system-index 59packet-filter inbound ip-group anti_worm rule 14 system-index 60traffic-limit inbound link-group acl_limit0 rule 0 system-index 241 kbps 2048 line-rate kbps 2048#interface Ethernet2/0/5port access vlan 505qospacket-filter inbound ip-group anti_worm rule 0 system-index 61packet-filter inbound ip-group anti_worm rule 1 system-index 62packet-filter inbound ip-group anti_worm rule 2 system-index 63packet-filter inbound ip-group anti_worm rule 3 system-index 64packet-filter inbound ip-group anti_worm rule 4 system-index 65packet-filter inbound ip-group anti_worm rule 5 system-index 66packet-filter inbound ip-group anti_worm rule 6 system-index 67packet-filter inbound ip-group anti_worm rule 7 system-index 68packet-filter inbound ip-group anti_worm rule 8 system-index 69packet-filter inbound ip-group anti_worm rule 9 system-index 70packet-filter inbound ip-group anti_worm rule 10 system-index 71packet-filter inbound ip-group anti_worm rule 11 system-index 72packet-filter inbound ip-group anti_worm rule 12 system-index 73packet-filter inbound ip-group anti_worm rule 13 system-index 74packet-filter inbound ip-group anti_worm rule 14 system-index 75#interface Ethernet2/0/6port access vlan 506packet-filter inbound ip-group anti_worm rule 6 system-index 82packet-filter inbound ip-group anti_worm rule 7 system-index 83packet-filter inbound ip-group anti_worm rule 8 system-index 84packet-filter inbound ip-group anti_worm rule 9 system-index 85packet-filter inbound ip-group anti_worm rule 10 system-index 86packet-filter inbound ip-group anti_worm rule 11 system-index 87packet-filter inbound ip-group anti_worm rule 12 system-index 88packet-filter inbound ip-group anti_worm rule 13 system-index 89packet-filter inbound ip-group anti_worm rule 14 system-index 90traffic-limit inbound link-group acl_limit0 rule 0 system-index 247 kbps 7168 line-rate kbps 6144#interface Ethernet2/0/7broadcast-suppression 5port access vlan 507qospacket-filter inbound ip-group anti_worm rule 0 system-index 91packet-filter inbound ip-group anti_worm rule 1 system-index 92packet-filter inbound ip-group anti_worm rule 2 system-index 93packet-filter inbound ip-group anti_worm rule 3 system-index 94packet-filter inbound ip-group anti_worm rule 4 system-index 95packet-filter inbound ip-group anti_worm rule 5 system-index 96packet-filter inbound ip-group anti_worm rule 6 system-index 97packet-filter inbound ip-group anti_worm rule 7 system-index 98packet-filter inbound ip-group anti_worm rule 8 system-index 99packet-filter inbound ip-group anti_worm rule 9 system-index 100packet-filter inbound ip-group anti_worm rule 10 system-index 101 packet-filter inbound ip-group anti_worm rule 11 system-index 102 packet-filter inbound ip-group anti_worm rule 12 system-index 103 packet-filter inbound ip-group anti_worm rule 13 system-index 104 packet-filter inbound ip-group anti_worm rule 14 system-index 105traffic-limit inbound link-group acl_limit0 rule 0 system-index 243 kbps 5120 line-rate kbps 4096#interface Ethernet2/0/8port access vlan 508qospacket-filter inbound ip-group anti_worm rule 0 system-index 106packet-filter inbound ip-group anti_worm rule 1 system-index 107packet-filter inbound ip-group anti_worm rule 2 system-index 108packet-filter inbound ip-group anti_worm rule 3 system-index 109packet-filter inbound ip-group anti_worm rule 4 system-index 110packet-filter inbound ip-group anti_worm rule 5 system-index 111packet-filter inbound ip-group anti_worm rule 6 system-index 112packet-filter inbound ip-group anti_worm rule 7 system-index 113packet-filter inbound ip-group anti_worm rule 8 system-index 114packet-filter inbound ip-group anti_worm rule 9 system-index 115packet-filter inbound ip-group anti_worm rule 10 system-index 116 packet-filter inbound ip-group anti_worm rule 11 system-index 117 packet-filter inbound ip-group anti_worm rule 12 system-index 118 packet-filter inbound ip-group anti_worm rule 13 system-index 119 packet-filter inbound ip-group anti_worm rule 14 system-index 120traffic-limit inbound link-group acl_limit0 rule 0 system-index 242 kbps 2048port access vlan 509qospacket-filter inbound ip-group anti_worm rule 0 system-index 121 packet-filter inbound ip-group anti_worm rule 1 system-index 122 packet-filter inbound ip-group anti_worm rule 2 system-index 123 packet-filter inbound ip-group anti_worm rule 3 system-index 124 packet-filter inbound ip-group anti_worm rule 4 system-index 125 packet-filter inbound ip-group anti_worm rule 5 system-index 126 packet-filter inbound ip-group anti_worm rule 6 system-index 127 packet-filter inbound ip-group anti_worm rule 7 system-index 128 packet-filter inbound ip-group anti_worm rule 8 system-index 129 packet-filter inbound ip-group anti_worm rule 9 system-index 130 packet-filter inbound ip-group anti_worm rule 10 system-index 131 packet-filter inbound ip-group anti_worm rule 11 system-index 132 packet-filter inbound ip-group anti_worm rule 12 system-index 133 packet-filter inbound ip-group anti_worm rule 13 system-index 134 packet-filter inbound ip-group anti_worm rule 14 system-index 135 #interface Ethernet2/0/10port access vlan 510qospacket-filter inbound ip-group anti_worm rule 0 system-index 136 packet-filter inbound ip-group anti_worm rule 1 system-index 137 packet-filter inbound ip-group anti_worm rule 2 system-index 138 packet-filter inbound ip-group anti_worm rule 3 system-index 139 packet-filter inbound ip-group anti_worm rule 4 system-index 140 packet-filter inbound ip-group anti_worm rule 5 system-index 141 packet-filter inbound ip-group anti_worm rule 6 system-index 142 packet-filter inbound ip-group anti_worm rule 7 system-index 143 packet-filter inbound ip-group anti_worm rule 8 system-index 144packet-filter inbound ip-group anti_worm rule 9 system-index 145 packet-filter inbound ip-group anti_worm rule 10 system-index 146 packet-filter inbound ip-group anti_worm rule 11 system-index 147 packet-filter inbound ip-group anti_worm rule 12 system-index 148 packet-filter inbound ip-group anti_worm rule 13 system-index 149 packet-filter inbound ip-group anti_worm rule 14 system-index 150 #interface Ethernet2/0/11port access vlan 511qospacket-filter inbound ip-group anti_worm rule 0 system-index 151 packet-filter inbound ip-group anti_worm rule 1 system-index 152 packet-filter inbound ip-group anti_worm rule 2 system-index 153 packet-filter inbound ip-group anti_worm rule 3 system-index 154 packet-filter inbound ip-group anti_worm rule 4 system-index 155 packet-filter inbound ip-group anti_worm rule 5 system-index 156 packet-filter inbound ip-group anti_worm rule 6 system-index 157 packet-filter inbound ip-group anti_worm rule 7 system-index 158 packet-filter inbound ip-group anti_worm rule 8 system-index 159 packet-filter inbound ip-group anti_worm rule 9 system-index 160 packet-filter inbound ip-group anti_worm rule 10 system-index 161 packet-filter inbound ip-group anti_worm rule 11 system-index 162 packet-filter inbound ip-group anti_worm rule 12 system-index 163 packet-filter inbound ip-group anti_worm rule 13 system-index 164 packet-filter inbound ip-group anti_worm rule 14 system-index 165 #interface Ethernet2/0/12packet-filter inbound ip-group anti_worm rule 5 system-index 171packet-filter inbound ip-group anti_worm rule 6 system-index 172packet-filter inbound ip-group anti_worm rule 7 system-index 173packet-filter inbound ip-group anti_worm rule 8 system-index 174packet-filter inbound ip-group anti_worm rule 9 system-index 175packet-filter inbound ip-group anti_worm rule 10 system-index 176 packet-filter inbound ip-group anti_worm rule 11 system-index 177 packet-filter inbound ip-group anti_worm rule 12 system-index 178 packet-filter inbound ip-group anti_worm rule 13 system-index 179 packet-filter inbound ip-group anti_worm rule 14 system-index 180#interface Ethernet2/0/13port access vlan 513qospacket-filter inbound ip-group anti_worm rule 0 system-index 181packet-filter inbound ip-group anti_worm rule 1 system-index 182packet-filter inbound ip-group anti_worm rule 2 system-index 183packet-filter inbound ip-group anti_worm rule 3 system-index 184packet-filter inbound ip-group anti_worm rule 4 system-index 185packet-filter inboundip-group anti_worm rule 5 system-index 186packet-filter inbound ip-group anti_worm rule 6 system-index 187packet-filter inbound ip-group anti_worm rule 7 system-index 188packet-filter inbound ip-group anti_worm rule 8 system-index 189packet-filter inbound ip-group anti_worm rule 9 system-index 190packet-filter inbound ip-group anti_worm rule 10 system-index 191 packet-filter inbound ip-group anti_worm rule 11 system-index 192 packet-filter inbound ip-group anti_worm rule 12 system-index 193 packet-filter inbound ip-group anti_worm rule 13 system-index 194 packet-filter inbound ip-group anti_worm rule 14 system-index 195traffic-limit inbound link-group acl_limit0 rule 0 system-index 248 kbps 4096 line-rate kbps 3072#interface Ethernet2/0/14port access vlan 514qospacket-filter inbound ip-group anti_worm rule 0 system-index 196packet-filter inbound ip-group anti_worm rule 1 system-index 197packet-filter inbound ip-group anti_worm rule 2 system-index 198packet-filter inbound ip-group anti_worm rule 3 system-index 199packet-filter inbound ip-group anti_worm rule 4 system-index 200packet-filter inbound ip-group anti_worm rule 5 system-index 201packet-filter inbound ip-group anti_worm rule 6 system-index 202packet-filter inbound ip-group anti_worm rule 7 system-index 203packet-filter inbound ip-group anti_worm rule 8 system-index 204packet-filter inbound ip-group anti_worm rule 9 system-index 205packet-filter inbound ip-group anti_worm rule 10 system-index 206 packet-filter inbound ip-group anti_worm rule 11 system-index 207 packet-filter inbound ip-group anti_worm rule 12 system-index 208 packet-filter inbound ip-group anti_worm rule 13 system-index 209 packet-filter inbound ip-group anti_worm rule 14 system-index 210#interface Ethernet2/0/15port access vlan 515packet-filter inbound ip-group anti_worm rule 6 system-index 217 packet-filter inbound ip-group anti_worm rule 7 system-index 218 packet-filter inbound ip-group anti_worm rule 8 system-index 219 packet-filter inbound ip-group anti_worm rule 9 system-index 220 packet-filter inbound ip-group anti_worm rule 10 system-index 221 packet-filter inbound ip-group anti_worm rule 11 system-index 222 packet-filter inbound ip-group anti_worm rule 12 system-index 223 packet-filter inbound ip-group anti_worm rule 13 system-index 224 packet-filter inbound ip-group anti_worm rule 14 system-index 225 #interface Ethernet2/0/16port access vlan 516qospacket-filter inbound ip-group anti_worm rule 0 system-index 226packet-filter inbound ip-group anti_worm rule 1 system-index 227 packet-filter inbound ip-group anti_worm rule 2 system-index 228 packet-filter inbound ip-group anti_worm rule 3 system-index 229 packet-filter inbound ip-group anti_worm rule 4 system-index 230 packet-filter inbound ip-group anti_worm rule 5 system-index 231 packet-filter inbound ip-group anti_worm rule 6 system-index 232 packet-filter inbound ip-group anti_worm rule 7 system-index 233 packet-filter inbound ip-group anti_worm rule 8 system-index 234 packet-filter inbound ip-group anti_worm rule 9 system-index 235 packet-filter inbound ip-group anti_worm rule 10 system-index 236 packet-filter inbound ip-group anti_worm rule 11 system-index 237 packet-filter inbound ip-group anti_worm rule 12 system-index 238 packet-filter inbound ip-group anti_worm rule 13 system-index 239 packet-filter inbound ip-group anti_worm rule 14 system-index 240 #interface Ethernet2/0/17#interface Ethernet2/0/18#interface Ethernet2/0/19#interface Ethernet2/0/20#interface Ethernet2/0/21#interface Ethernet2/0/22#interface Ethernet2/0/23#interface Ethernet2/0/24#interface Ethernet2/0/25#interface Ethernet2/0/26#interface Ethernet2/0/27#interface Ethernet2/0/28##interface Ethernet2/0/31#interface Ethernet2/0/32#interface Ethernet2/0/33#interface Ethernet2/0/34#interface Ethernet2/0/35#interface Ethernet2/0/36#interface Ethernet2/0/37#interface Ethernet2/0/38#interface Ethernet2/0/39#interface Ethernet2/0/40#interface Ethernet2/0/41#interface Ethernet2/0/42#interface Ethernet2/0/43#interface Ethernet2/0/44#interface Ethernet2/0/45port access vlan 501#interface Ethernet2/0/46#interface Ethernet2/0/47 duplex fullspeed 100port link-type trunkport trunk permit vlan all#interface Ethernet2/0/48 description hulian2zhongxin duplex fullspeed 100port access vlan 2#interface GigabitEthernet0/0/1 description To-zhongxin-C7609 duplex fullspeed 100port link-type trunkport trunk permit vlan allflow-control#interface GigabitEthernet0/0/2 duplex fullport link-type trunkport trunk permit vlan allinterface GigabitEthernet0/0/4#interface NULL0#interface LoopBack0ip address 10.38.252.3 255.255.255.255#ip route-static 0.0.0.0 0.0.0.0 10.38.255.1 preference 60#snmp-agentsnmp-agent local-engineid 800007DB000FE24576486877 snmp-agent community read RObdkjjsnmp-agent sys-info version all#user-interface aux 0user-interface vty 0 4authentication-mode schemeuser privilege level 3#return。
华为Quidway S6506R开局文档系统命名[quidway] sysname LZMAN-XXX-S6506R-XX(XXX-局向, XX-节点序号)TELNET 登录配置设置用户TELNET登录时需要的口令<Quidway> system-view[Quidway] user-interface vty 0 4[Quidway-ui-vty0-4] authentication-mode password 本地口令验证[Quidway-ui-vty0-4]set authentication password cipher XXXX(xxxx 是欲设置的该Telnet 用户登录口令)[Quidway-ui-vty0-4]user privilege level 1 //权限为1系统视图口令配置:[Quidway]sup pass lev 3 cip XXXXXX创建VLAN[Quidway] vlan vlan_id管理地址配置[Quidway]vlan 100 创建管理VLAN 100[Quidway-vlan100]interface vlan-interface 100创建VLAN 100 接口[Quidway -Vlan-interface100] ip add XX.XX.XX.XX 255.255.255.0 配置管理地址配置静态路由[Quidway]ip route-static XX.XX.XX.XX 255.255.0.0 X.X.X.X preference 60 [Quidway]ip route-static 61.178.42.192 255.255.255.192 X.X.X.X preference 60 [Quidway]ip route-static 61.178.253.0 255.255.255.0 X.X.X.X preference 60 [Quidway]ip route-static 61.178.254.0 255.255.255.0 X.X.X.X preference 60 [Quidway]ip route-static 61.178.255.0 255.255.255.0 X.X.X.X preference 60 [Quidway]ip route-static 61.178.24.4 255.255.255.255 X.X.X.X preference 60 注:XX.XX.XX.XX 指需要配置的交换机管理地址段X.X.X.X 指网关端口配置#基于正常Trunk口级联的配置[Quidway]interface GigabitEthernet2/0/1进入接口[Quidway -GigabitEthernet2/0/1] des to XXXXXXX定义描述[Quidway -GigabitEthernet2/0/1] duplex full设置全双工[Quidway -GigabitEthernet2/0/1] speed 1000设置速率[Quidway -GigabitEthernet2/0/1] port link-type trunk 设置trunk口[Quidway -GigabitEthernet2/0/1] undo port trunk permit vlan 1禁用通过的VLAN [Quidway -GigabitEthernet2/0/1] port trunk permit vlan 2 to 4094允许通过的VLAN[Quidway -GigabitEthernet2/0/1] broadcast-suppression bandwidth 20设置以太网端口的广播风暴抑制比例#基于QinQ绑定的上联端口配置[Quidway]interface GigabitEthernet2/0/1[Quidway -GigabitEthernet2/0/1]description xxxxxxx设置以太网端口描述字符串[Quidway -GigabitEthernet2/0/1]duplex full设置以太网端口的双工状态[Quidway -GigabitEthernet2/0/1]speed 1000设置以太网端口的速率[Quidway -GigabitEthernet2/0/1]port link-type hybrid设置端口为Hybrid 端口[Quidway -GigabitEthernet2/0/1]port hybrid vlan xxx tagged将当前Hybrid 端口加入到指定tagged VLAN[Quidway -GigabitEthernet2/0/1]port hybrid vlan 1000 untagged将当前Hybrid 端口加入到指定untagged VLAN 1000[Quidway -GigabitEthernet2/0/1]port hybrid pvid vlan 1000设置Hybrid 端口的缺省VLAN ID [Quidway -GigabitEthernet2/0/1]broadcast-suppression bandwidth 20设置以太网端口的广播风暴抑制比例#基于QinQ绑定的下联端口配置[Quidway]interface Ethernet6/0/3【本例端口为Ethernet6/0/3】[Quidway–Ethernet6/0/3]des XXXXX【XXXXX为DSLAM节点描述】[Quidway–Ethernet6/0/3]port link-type hybrid[Quidway–Ethernet6/0/3]undo ntdp enable 关闭NTDP 协议[Quidway–Ethernet6/0/3] stp disable关闭STP[Quidway–Ethernet6/0/3]vlan-vpn enable打开Vlan-vpn[Quidway–Ethernet6/0/3] port hybrid pvid vlan 1000设置Hybrid 端口的缺省VLAN 1000 [Quidway–Ethernet6/0/3]port hybrid vlan XX 1000 untagged 将当前Hybrid 端口加入到Dslam 拨号XX VLAN和缺省VLAN 1000[Quidway–Ethernet6/0/3]vlan-vpn vid XX uplink GigabitEthernet2/0/1将拨号VLAN与上行端口GigabitEthernet2/0/1关联[Quidway–Ethernet6/0/3-vid-XX]raw-vlan-id inbound 2000 to 2672设置内层VLAN [Quidway–Ethernet6/0/3]port hybrid vlan 100 2000 to 2672 tagged 将当前Hybrid 端口加入到指定网管VLAN 100和基于DSLAM端口的内层VLAN[Quidway–Ethernet6/0/3]undo port hybrid vlan 1关闭系统默认VLAN 1#基于Access端口的配置[Quidway]interface Ethernet6/0/3【本例端口为Ethernet6/0/3】[Quidway–Ethernet6/0/3]description XXXXX[Quidway–Ethernet6/0/3]port access vlan vlan_id配置交换机的保护功能[Quidway] loopback-detection enable 开启环路检测功能[Quidway]stp bpdu-protection配置交换机的BPDU 保护功[Quidway]stp enable 开启设备MSTP 特性配置对TELNET 用户的ACL 控制(由于配置了静态路由,此部分可以不配,在此列出仅供学习之用)定义基本访问控制列表。
[Quidway] acl number 2000 进入基本访问控制列表视图[Quidway] rule 10 permit source 61.178.42.192 0.0.0.63 定义子规则[Quidway] rule 20 permit source 61.178.253.0 0.0.0.255[Quidway] rule 30 permit source 61.178.254.0 0.0.0.255[Quidway] rule 50 permit source 61.178.255.0 0.0.0.255[Quidway] rule 60 permit source 10.10.0.0 0.0.255.255[Quidway] rule 40 permit source 61.178.24.4 0[Quidway] rule 70 permit source 202.100.68.0 0.0.0.255引用访问控制列表,对TELNET 用户进行控制[Quidway] user-interface vty 0 4 进入用户界面[Quidway-user-interface-vty0-4] acl 2000 inbound 引用访问控制列配置SNMP[Quidway] snmp-agent trap enable 开启trap[Quidway] snmp-agent community read gs169ro acl 2000 设置团体名及允许访问权限的列表[Quidway]snmp-agent sys-info version all 设置SNMP的版本信息。
设置MAC 地址表项[Quidway] mac-address static XX-XX-XX-XX interface giga 2/0/1 vlan 1000注意:作QinQ 必须作此项配置增加一个静态MAC 地址(指出所属VLAN、端口、状态)。
XX-XX-XX-XX—上联ERX 接口MAC地址。