华为S系列交换机配置
----------配置Telnet---------
以本地PC登录远程的HUAWEI为例,Telent登录配置如下:
1、开启telnet服务(V200R005之前版本默认开启telnet服务功能,可以不配置该项;V200R005及之后版本缺省关闭telnet服务功能,需手动打开telnet服务功能)
[HUAWEI]telnet server enable
2、在VTY口下配置认证方式为aaa,以及允许telnet协议
[HUAWEI] user-interface vty 0 4
[Server-ui-vty0-4] user privilege level 15
[HUAWEI-ui-vty0-4] authentication-mode aaa
[HUAWEI-ui-vty0-4] protocol inbound telnet //允许telnet协议,可以配置为all,即同时放行ssh和telnet
[HUAWEI-ui-vty0-4] quit
3、在aaa下配置telnet账号密码
[HUAWEI] aaa
[Server-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789//配置账号,用户名admin1234,密码Helloworld6789123
//(仅V200R003及之后版本才支持使用不可逆算法(irreversible-cipher)进行了加密,之前版本可以使用可逆加密算法(cipher)。密码强度太低会报错。)
[HUAWEI-aaa] local-user admin1234 privilege level 15
[HUAWEI-aaa] local-user admin1234 service-type telnet //给账号开启telnet服务,还可以在后面跟http ssh 等,同时开始多种服务
[HUAWEI-aaa]quit
4、 在V200R020C00及之后版本,增加了安全机制,需要执行telnet的源接口,需要配置telnet server-source -i interface-type interface-number命令,指定接口为Telnet服务器端的源接口。如果无特殊接口要求,可以配置 telnet server-source all-interface,允许源接口为设备上所有配置了IPv4地址的接口,指定为所有会增加了系统安全风险,不建议用户配置该命令。
举例:
[HUAWEI] telnet server-source all-interface
5、客户端登录
进入管理员PC的Windows的命令行提示符,执行相关命令,通过Telnet方式登录设备
C:\Documents and Settings\Administrator> telnet 10.137.217.177
输入Enter键后,在登录窗口输入AAA验证方式配置的登录用户名和密码,验证通过后,出现用户视图的命令行提示符,至此用户成功登录设备。
#查看设备的生产日期
<HUAWEI> display device manufacture-info
#查看设备的版本信息,包括型号、运行时间等
[HUAWEI] display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.160 (S5720 V200R007C00) //VRP版本及发布版本
Copyright (C) 2000-2014 HUAWEI TECH CO., LTD
HUAWEI S5720-56C-HI-AC Routing Switch uptime is 0 week, 1 day, 3 hours, 24 minutes ///设备的硬件名称及系统运行时间
ES5D2T52C001 0(Master) : uptime is 0 week, 1 day, 3 hours, 23 minutes
4095M bytes DDR Memory
64M bytes FLASH
Pcb Version : VER.A
Basic BootROM Version : 0207.0015 Compiled at Mar 20 2014 , 22:53:47
BootLoad Version : 0207.0015 Compiled at Mar 14 2014 , 13:33:43
CPLD Version : 256
Software Version : VRP (R) Software, Version 5.160 (V200R007C00) //软件版本,包括VRP的版本和设备的软件版本
SLOT2 information //后插卡信息。如果设备没有后插卡,则不显示此信息
Pcb Version : ES5D21X04S01 VER.A
PWR1 information //可插拔电源模块信息。如果设备没有可插拔电源模块,则不显示此信息。
Pcb Version : PWR VER.A
#查看当前设备保存的历史命令
display history-command
#查看光模块类型、波长、传输距离、功率等
<HUAWEI>display transceiver interface XGigabitEthernet 1/1/0/1 verbose
XGigabitEthernet1/1/0/1 transceiver information:
Common information:
Transceiver Type :10GBBASE_SR_SFP //光模块类型
Connector Type :LC
Wavelength(nm) :850 //波长
Transfer Distance(m) :33(OM1),82(OM2),300(OM3),400(OM4)//最长距离。OM、50/62.5um表示多模,9um表示单模
Digital Diagnostic Monitoring :YES
Vendor Name :HUAWEI //厂家信息
Vendor Part Number :02318169 //BOM码,申请备件会用到
Ordering Name :
Manufacture information:
Manu. Serial Number :CE26HP1DC //OEM序列号,华为序列号要在模块上扫码
Manufacturing Date :2014-06-26
Vendor Name :HUAWEI
Diagnostic information:
Current Rx Power(dBM) :-3.89 //当前接收光功率,正常情况在以下两值之间
Default Rx Power High Threshold(dBM) :1.00
Default Rx Power Low Threshold(dBM) :-11.90
Current Tx Power(dBM) :-2.48 //当前发送光功率,正常情况在以下两值之间
Default Tx Power High Threshold(dBM) :1.00
Default Tx Power Low Threshold(dBM) :-9.30
# 设置系统的日期、时间和时区
<HUAWEI> clock timezone BJ add 08:00:00
<HUAWEI> clock datetime 20:10:00 2012-07-26
[Huawei]display current-configuration //查看当前配置信息
sysname Switch1 //修改交换机名称
----------------------------vlan-----------------------------------
[Huawei]vlan batch 2 3 4 //创建vlan
[Huawei]vlan batch 2 to 10 //创建2到10vlan
[Huawei]undo interface Vlanif 2 //删除Vlan
[Huawei]display vlan //查看vlan配置信息
//接口删除vlan
[HUAWEI] interface GigabitEthernet 0/0/8
[HUAWEI-GigabitEthernet0/0/8] undo port default vlan //接口从vlan中删除
//vlan设置IP跟DNS
[Huawei]interface Vlanif60
ip address 192.168.60.254 255.255.255.0
dhcp select interface
dhcp server dns-list 61.134.1.4
//接口设置模式并加入vlan
[Huawei]interface GigabitEthernet0/0/6
[HUAWEI-GigabitEthernet0/0/6]port link-type access
[HUAWEI-GigabitEthernet0/0/6]port default vlan 20
//接口模式设置trunk
[Huawei]interface GigabitEthernet0/0/20
[HUAWEI-GigabitEthernet0/0/20]port link-type trunk
[HUAWEI-GigabitEthernet0/0/20] port trunk pvid vlan 8 //接口加入vlan8
[HUAWEI-GigabitEthernet0/0/20] port trunk allow-pass vlan 2 to 4094 //允许vlan2到vlan4094从此接口通过
[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.50.2(外网) //公司内部网络访问外网从192.168.50.2这个地址口出去
[Huawei]ip route-static 192.168.2.0 255.255.255.0 192.168.8.2 //访问192.168.2.0网段地址从192.168.8.2口进
save //保存配置
undo ip route-static 192.168.10.0 24 //删除出口路由器到内网的静态路由
[CORE1-GigabitEthernet0/0/5] clear configuration interface GigabitEthernet 0/0/5 //清除接口配置
[CORE1-GigabitEthernet0/0/5] undo shutdown
[CORE1-GigabitEthernet0/0/5]dis this
[CORE1-GigabitEthernet0/0/5] quit
-----------------------接口速率配置--------------------------
1. 配置交换机双工模式,先关闭自动协商功能,再手工指定双工模式为全双工
[S2]inter g0/0/1
[S2-GigabitEthernet0/0/1]undo negotiation auto //关闭自动协商
[S2-GigabitEthernet0/0/1]duplex full //指定全双工
2. 配置交换机接口速率,
<1>关闭自协商,配置e0/0/1接口速率为10Mbit/s
[S2]inter e0/0/1
[S2-Ethernet0/0/1]undo negotiation auto
[S2-Ethernet0/0/1]speed 10
<2>配置G0/0/2接口的速率为100Mbit/s
[Huawei-GigabitEthernet0/0/1]inter g0/0/2
[Huawei-GigabitEthernet0/0/2]undo negotiation auto
[Huawei-GigabitEthernet0/0/2]speed 100
-----------------------交换机补丁升级-------------------------
对于S系列和E系列交换机(S1700除外)来说,补丁是一种与系统软件兼容的软件,用于解决系统软件的少量且急需解决的Bug。分为冷补丁CP和热补丁HP。冷补丁需要重启设备才能生效,而热补丁HP加载到设备后,无需重启即可生效。有SPH标志为热补丁,SPC为冷补丁,补丁扩展名是“.pat”。
1. 冷补丁加载的操作和升级操作相同,可以参见:
a、将补丁通过FTP或TFTP方式上传至设备;
上传补丁文件方法请参考使用FTP/TFTP传输文件
b、用户视图下执行dir命令确认补丁文件是否已上传成功;
<HUAWEI> dir
c、用户视图下执行startup patch XXX配置下次启动使用的补丁文件;
<HUAWEI> startup patch s5700.dat
d.执行display startup确认下次启动补丁是否正确;
<HUAWEI> display startup
e.执行reboot重启设备,使系统加载补丁。
<HUAWEI> reboot
2. 热补丁加载的配置方法有如下两种:
# 以加载热补丁patch.pat并查看补丁状态为例
方法一:
<HUAWEI> patch load patch.pat all //加载补丁包文件
<HUAWEI> patch active all //激活补丁文件
<HUAWEI> patch run all //运行补丁文件
<HUAWEI> display patch-information //验证补丁是否加载成功,显示补丁状态为Running
方法二:
<HUAWEI> patch load patch.pat all run //加载补丁包文件
<HUAWEI> display patch-information //验证补丁是否加载成功,显示补丁状态为Running
-------------太网接口切换到三层模式-------------------------------
执行命令system-view,进入系统视图。
执行命令interface interface-type interface-number,进入以太网接口视图。
执行命令undo portswitch,配置接口切换到三层模式。
------------------------S系列设备组件堆叠---------------------------------------
SwitchA、SwitchB和SwitchC三台接入交换机采用环形堆叠组网,并通过跨设备Eth-Trunk连接上层设备SwitchD。其中,SwitchA、SwitchB和SwitchC的角色分别为主、备、从,堆叠ID分别为0、1、2,优先级分别为200、100、100。由于组成堆叠的成员交换机在逻辑上是一个整体,所以整个网络在扩展了端口数量的同时也方便了用户对网络的管理和维护。
配置逻辑堆叠端口并加入物理成员端口
# 配置SwitchA的业务口GigabitEthernet0/0/27、GigabitEthernet0/0/28为物理成员端口,并加入到相应的逻辑堆叠端口。
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface stack-port 0/1
[SwitchA-stack-port0/1] port interface gigabitethernet 0/0/27 enable
Warning: Enabling stack function may cause configuration loss on the interface. Continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait.
[SwitchA-stack-port0/1] quit
[SwitchA] interface stack-port 0/2
[SwitchA-stack-port0/2] port interface gigabitethernet 0/0/28 enable
Warning: Enabling stack function may cause configuration loss on the interface. Continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait.
[SwitchA-stack-port0/2] quit
# 配置SwitchB的业务口GigabitEthernet0/0/27、GigabitEthernet0/0/28为物理成员端口,并加入到相应的逻辑堆叠端口。
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] interface stack-port 0/1
[SwitchB-stack-port0/1] port interface gigabitethernet 0/0/27 enable
Warning: Enabling stack function may cause configuration loss on the interface. Continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait.
[SwitchB-stack-port0/1] quit
[SwitchB] interface stack-port 0/2
[SwitchB-stack-port0/2] port interface gigabitethernet 0/0/28 enable
Warning: Enabling stack function may cause configuration loss on the interface. Continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait.
[SwitchB-stack-port0/2] quit
# 配置SwitchC的业务口GigabitEthernet0/0/27、GigabitEthernet0/0/28为物理成员端口,并加入到相应的逻辑堆叠端口。
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] interface stack-port 0/1
[SwitchC-stack-port0/1] port interface gigabitethernet 0/0/27 enable
Warning: Enabling stack function may cause configuration loss on the interface. Continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait.
[SwitchC-stack-port0/1] quit
[SwitchC] interface stack-port 0/2
[SwitchC-stack-port0/2] port interface gigabitethernet 0/0/28 enable
Warning: Enabling stack function may cause configuration loss on the interface. Continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait.
[SwitchC-stack-port0/2] quit
配置堆叠ID和堆叠优先级
# 配置SwitchA的堆叠优先级为200。
[SwitchA] stack slot 0 priority 200
Warning: Please do not frequently modify Priority because it will make the stack split. Continue? [Y/N]:y
# 配置SwitchB的堆叠ID为1。
[SwitchB] stack slot 0 renumber 1
Warning: All the configurations related to the slot ID will be lost after the slot ID is modified.
Do not frequently modify the slot ID because it will make the stack split. Continue? [Y/N]:y
Info: Stack configuration has been changed, and the device needs to restart to make the configuration effective.
# 配置SwitchC的堆叠ID为2。
[SwitchC] stack slot 0 renumber 2
Warning: All the configurations related to the slot ID will be lost after the slot ID is modified.
Do not frequently modify the slot ID because it will make the stack split. Continue? [Y/N]:y
Info: Stack configuration has been changed, and the device needs to restart to make the configuration effective.
SwitchA、SwitchB、SwitchC下电,使用SFP+电缆连接后再上电
配置跨设备Eth-Trunk
在堆叠系统上行链路上配置跨设备Eth-Trunk,具体配置过程请参见配置堆叠Eth-Trunk示例。
验证配置结果
# 查看堆叠系统的基本信息。
[SwitchA] display stack
Stack mode: Service-port
Stack topology type : Ring
Stack system MAC: 0018-82d2-2e85
MAC switch delay time: 10 min
Stack reserved vlan : 4093
Slot of the active management port: --
Slot Role Mac address Priority Device type
-------------------------------------------------------------
0 Master 0018-82d2-2e85 200 S5720-28P-LI-AC
1 Standby 0018-82c6-1f44 100 S5720-28P-LI-AC
2 Slave 0018-82c6-1f4c 100 S5720-28P-LI-AC
<HUAWEI> display VLAN 4093
Error: The VLAN does not exist.
#If the VLAN is in use and cannot be free, we can use this command to choose another VLAN ID to stack creation:
stack reserved-vlan vlan-id
#After this process, the standby equipment can complete the normal BOOT process and the result will be like this:
<HUAWEI> display stack
Stack mode: Service-port
Stack topology type: Link
Stack system MAC: 0018-82b1-6eb4
MAC switch delay time: 2 min
Stack reserved vlan: 4093
Slot of the active management port: --
Slot Role Mac address Priority Device type
-------------------------------------------------------------
0 Master 0018-82b1-6eb4 200 S5720-28P-LI-AC
1 Standby 0018-82b1-6eba 150 S5720-28P-LI-AC
