奇安信防火墙+浪潮三层交换+浪潮二层交换(vpc+mlag)
华为防火墙+浪潮三层交换(mlag+varp)
fw
<USG6331E>dis current-configuration
2023-11-24 13:59:28.470
!Software Version V600R007C20SPC500
#
sysname USG6331E
#
l2tp domain suffix-separator @
#
vlan batch 100 254
#
authentication-profile name portal_authen_default
#
undo factory-configuration prohibit
#
undo telnet server enable
undo telnet ipv6 server enable
#
clock timezone UTC add 00:00:00
#
firewall packet-filter basic-protocol enable
#
update schedule location-sdb weekly Sun 01:03
#
firewall defend action discard
#
undo log type traffic enable
log type syslog enable
log type policy enable
undo log type threat enable
undo log type url enable
undo log type um enable
undo log type audit enable
undo log type mail-filter enable
undo log type content enable
#
undo dataflow enable
#
undo sa force-detection enable
#
banner enable
#
user-manage web-authentication security port 8887
undo privacy-statement english
undo privacy-statement chinese
page-setting
user-manage security version tlsv1.2
password-policy
level high
#
firewall ipv6 statistics system enable
#
firewall ids authentication type aes256
#
web-manager security version tlsv1.2
web-manager enable
web-manager security enable
undo web-manager config-guide enable
#
firewall dataplane to manageplane application-apperceive default-action drop
#
dns resolve
dns server 223.5.5.5
dns server 119.29.29.29
dns server unnumbered interface GigabitEthernet0/0/1
dns proxy enable
#
dhcp enable
#
update schedule ips-sdb daily 22:20
update schedule av-sdb daily 22:20
update schedule sa-sdb daily 22:20
update schedule cnc daily 22:20
update schedule file-reputation daily 22:20
update schedule ext-url-sdb daily 22:20
#
ip vpn-instance default
ipv4-family
#
ip address-set 192.168.254.0/24 type object
description 192.168.254.0/24
address 0 192.168.254.0 mask 24
#
ip address-set 192.168.100.0/24 type object
address 0 192.168.100.0 mask 24
#
ip address-set 192.168.10.0/24 type object
address 0 192.168.10.0 mask 24
#
ip address-set 192.168.99.0/24 type object
address 0 192.168.99.0 mask 24
#
ip address-set 192.168.1.0/24 type object
address 0 192.168.1.0 mask 24
#
ip address-set 192.168.100.31 type object
address 0 192.168.100.31 mask 32
#
ip address-set 100.100.100.242 type object
address 0 100.100.100.242 mask 32
#
ip address-set 100.100.100.237 type object
address 0 100.100.100.237 mask 32
#
time-range worktime
period-range 08:00:00 to 18:00:00 working-day
#
ike proposal default
encryption-algorithm aes-256 aes-192 aes-128
dh group14
authentication-algorithm sha2-512 sha2-384 sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
web-auth-server default
port 50100
#
portal-access-profile name default
#
aaa
authentication-scheme admin_ad
authentication-scheme admin_ad_local
authentication-scheme admin_hwtacacs
authentication-scheme admin_hwtacacs_local
authentication-scheme admin_ldap
authentication-scheme admin_ldap_local
authentication-scheme admin_local
authentication-scheme admin_radius
authentication-scheme admin_radius_local
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
service-type internetaccess ssl-vpn l2tp ike dot1x
internet-access mode password
reference user current-domain
manager-user admin
password cipher xxxxxxxxxxxxxxxxxxxxx
service-type web ssh
level 15
authentication-scheme admin_local
role system-admin
role device-admin
role device-admin(monitor)
role audit-admin
bind manager-user admin role system-admin
#
ntp-service server disable
ntp-service ipv6 server disable
ntp-service unicast-server 210.72.145.44
#
interface Eth-Trunk0
ip address 192.168.254.254 255.255.255.0
alias Eth-Trunk0
service-manage http permit
service-manage https permit
service-manage ping permit
service-manage ssh permit
service-manage snmp permit
#
l2tp-group default-lns
#
interface GigabitEthernet0/0/0
undo shutdown
ip binding vpn-instance default
ip address 192.168.0.1 255.255.255.0
alias GE0/METH
service-manage http permit
service-manage https permit
service-manage ping permit
service-manage ssh permit
#
interface GigabitEthernet0/0/1
undo shutdown
ip address 192.168.1.1 255.255.255.0
dhcp server ip-range 192.168.1.1 192.168.1.254
dhcp select interface
dhcp server dns-list 223.5.5.5 119.29.29.29
#
interface GigabitEthernet0/0/2
undo shutdown
#
interface GigabitEthernet0/0/3
undo shutdown
#
interface GigabitEthernet0/0/4
undo shutdown
#
interface GigabitEthernet0/0/5
undo shutdown
#
interface GigabitEthernet0/0/6
undo shutdown
#
interface GigabitEthernet0/0/7
undo shutdown
#
interface GigabitEthernet0/0/8
undo shutdown
ip address 100.100.100.237 255.255.255.0
service-manage https permit
#
interface GigabitEthernet0/0/9
undo shutdown
#
interface XGigabitEthernet0/0/0
undo shutdown
eth-trunk 0
#
interface XGigabitEthernet0/0/1
undo shutdown
eth-trunk 0
#
interface Virtual-if0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface Eth-Trunk0
add interface GigabitEthernet0/0/0
add interface GigabitEthernet0/0/1
#
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/8
#
firewall zone dmz
set priority 50
#
api
security version tlsv1.2
#
undo icmp name timestamp-request receive
undo icmp name timestamp-reply receive
undo icmp type 17 code 0 receive
undo icmp type 18 code 0 receive
#
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/8 100.100.100.1
ip route-static 192.168.0.0 255.255.0.0 Eth-Trunk0 192.168.254.1
#
snmp-agent
snmp-agent local-engineid 800007DB0344E968B5EAB2
snmp-agent sys-info version v3
snmp-agent group v3 v3group privacy read-view v3view write-view v3view notify-view v3view
snmp-agent mib-view included v3view iso
snmp-agent usm-user v3 snmp001
snmp-agent usm-user v3 snmp001 group v3group
snmp-agent usm-user v3 snmp001 authentication-mode sha2-256 cipher xxxxxxxxxxxxxxxxxxxxx
snmp-agent usm-user v3 snmp001 privacy-mode aes256 cipher xxxxxxxxxxxxxxxxxxxxx#
snmp-agent trap enable
#
undo ssh server compatible-ssh1x enable
sftp server enable
stelnet server enable
ssh authentication-type default password
ssh user admin
ssh user admin authentication-type password
ssh user admin service-type all
ssh user admin sftp-directory hda1:
ssh server cipher aes256_ctr aes128_ctr
ssh server hmac sha2_256
ssh server key-exchange dh_group16_sha512 dh_group15_sha512 dh_group14_sha256 dh_group_exchange_sha256
ssh client cipher aes256_ctr aes128_ctr
ssh client hmac sha2_256
ssh client key-exchange dh_group16_sha512 dh_group15_sha512 dh_group14_sha256 dh_group_exchange_sha256
ssh server dh-exchange min-len 3072
ssh server publickey ecc
#
firewall detect ftp
firewall detect dns
#
v-gateway ssl-renegotiation-attack defend enable
undo v-gateway ssl weak-encryption enable
#
nat server untrust_to_192.168.10.10 protocol tcp global 100.100.100.242 29010 inside 192.168.10.10 3389 unr-route
nat server untrust_to_192.168.10.11 protocol tcp global 100.100.100.242 29011 inside 192.168.10.11 3389 unr-route
nat server untrust_to_192.168.10.12 protocol tcp global 100.100.100.242 29012 inside 192.168.10.12 3389 unr-route
nat server untrust_to_192.168.10.13 protocol tcp global 100.100.100.242 29013 inside 192.168.10.13 3389 unr-route
nat server untrust_to_192.168.10.17 protocol tcp global 100.100.100.242 29017 inside 192.168.10.17 3389 unr-route
nat server untrust_to_192.168.10.14 protocol tcp global 100.100.100.242 29014 inside 192.168.10.14 3389 unr-route
nat server untrust_to_192.168.10.15 protocol tcp global 100.100.100.242 29015 inside 192.168.10.15 3389 unr-route
nat server untrust_to_192.168.10.16 protocol tcp global 100.100.100.242 29016 inside 192.168.10.16 3389 unr-route
nat server untrust_to_192.168.10.32 protocol tcp global 100.100.100.242 29032 inside 192.168.10.32 2222 unr-route
nat server untrust_to_192.168.10.25 protocol tcp global 100.100.100.242 29025 inside 192.168.10.25 22 unr-route
nat server untrust_to_192.168.10.30 protocol tcp global 100.100.100.242 29030 inside 192.168.10.30 22 unr-route
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
protocol inbound ssh
user-interface vty 16 20
#
pki realm default
#
sa
#
location
#
multi-interface
mode proportion-of-weight
#
right-manager server-group
#
sandbox cloud
linkage enable
file-set EXE max-size 2048
file-set GZIP max-size 2048
file-set OFFICE max-size 2048
file-set PDF max-size 2048
#
IoT
#
network-scan
target-ip 1 192.168.100.0 mask 24
target-ip 2 192.168.254.0 mask 24
network-scan timeout per-asset 300
network-scan timeout entire-scan 23
conflict-resolve override
#
ztna
#
device-classification
device-group pc
device-group mobile-terminal
device-group undefined-group
#
user-manage single-sign-on ad
user-manage single-sign-on tsm
user-manage single-sign-on radius
user-manage auto-sync online-user
user-manage server-sync tsm
#
security-policy
rule name vlan100_to_untrust
source-zone trust
destination-zone untrust
source-address address-set 192.168.100.0/24
action permit
rule name vlan10_to_untrust
source-zone trust
destination-zone untrust
source-address address-set 192.168.10.0/24
action permit
rule name vlan1_to_untrust
source-zone trust
destination-zone untrust
source-address address-set 192.168.1.0/24
action permit
rule name untrust_to_vlan100
source-zone untrust
destination-zone trust
destination-address address-set 192.168.100.0/24
action permit
rule name untrust_to_vlan10
source-zone untrust
destination-zone trust
destination-address address-set 192.168.10.0/24
action permit
rule name local_to_untrust
source-zone local
destination-zone untrust
source-address address-set 100.100.100.237
action permit
#
auth-policy
#
traffic-policy
#
policy-based-route
#
nat-policy
rule name vlan100_nat
egress-interface GigabitEthernet0/0/8
source-address address-set 192.168.100.0/24
action source-nat easy-ip
rule name vlan1_nat
egress-interface GigabitEthernet0/0/8
source-address address-set 192.168.1.0/24
action source-nat easy-ip
rule name vlan10_nat
egress-interface GigabitEthernet0/0/8
source-address address-set 192.168.10.0/24
action source-nat easy-ip
#
audit-policy
#
quota-policy
#
dns-transparent-policy
dns transparent-proxy enable
dns server bind interface GigabitEthernet0/0/8 preferred 223.5.5.5 alternate 119.29.29.29
dns server bind interface GigabitEthernet0/0/1 preferred 223.5.5.5 alternate 119.29.29.29
mode based-on-multi-interface
#
rightm-policy
#
decryption-policy
#
mac-access-profile name mac_access_profile
#
return
l3-1
S6820-1# show running-config
Building configuration...
version 10.002.007
!
service password-encryption
!
rsa key a
key type private
key format der
30820258
0201
00
028180
BA833FA1 F92253E7 8A1D04AE 49078D66 6DE92CD6 094308A7 FE3BCF7E F739FD8E
5FB98710 F1625413 199770A5 6240466D 035BEFE7 1B85968F F036E1A6 BB5DB77B
6189C307 B00EE6B6 ACB494C2 3AB8DCFB 68135D27 44F4C116 5817EE46 443B6E48
09D7ACFA 77E61E61 905924EC 17F24F93 897CAF33 FCCB6012 284C91F3 C7902557
0203
010001
028180
697836CF 9D567024 0AD20607 987C90D5 4F6A0054 B8C01371 0C2F3E53 09F2DD13
59C64C3E A4817A11 A2F3245C 21873F4B FE0E4B47 6124D5D3 677F6173 2B98FF5B
E95CFFD1 E10972E3 886200A8 3DE76F37 84697ABF 98F9C494 71F3CD77 3CD91438
D722F7A9 537D0A03 B5488011 42B1F0AF A494A1B1 CADEB6A4 96B4D71A FA15C721
0240
F3B77E9A 926351B0 19FEAAED B82C8E82 1009C8A0 EDB78874 1D0E38F4 FB504BB8
13A7D865 7711181B DFC6AB14 CA2DDE30 5BCD1EFD 09E28509 1790B8AE 6874C435
0240
C3E9B0AA 02278FF6 62ED1CD9 4CCEEAB4 C7CC228A 3D1745F6 D19FDBC2 394E0BCF
1333590A DAD2C6A9 2A6C40CC 7B248C1F 878308C7 6D416E02 42441C94 BF2C9CDB
0240
770E6983 7B0597AF 2E53B10E 65CD2664 B50F027A 5306385B 78A22D02 C80E269F
2AC2F0BC 48590A6C FB7922B4 0A3C33F1 6DB71B6F 4337EC03 5006BBA1 3F97E30D
0240
12FF4F2D 3D263EF4 826541BD E48FCFFC 95BF3ABE 32EC55D1 78444B18 0B5C8112
A466FF44 6931B527 E440390C 5B089139 E177185B D64158FC 891677BB 08CAB7AF
0240
C8B2F70B 0FEA0F2D E70F8BF8 AA76D7C9 FD34B950 E220B3B7 3A881E86 99ED9320
2ACE0BD3 4475816A E0F30E6A 92FB63D9 F371F5C2 6C010728 BF1C5E99 22ED03F3
key string end
rsa key importKey
key type public
key format der
308188
028180
BA833FA1 F92253E7 8A1D04AE 49078D66 6DE92CD6 094308A7 FE3BCF7E F739FD8E
5FB98710 F1625413 199770A5 6240466D 035BEFE7 1B85968F F036E1A6 BB5DB77B
6189C307 B00EE6B6 ACB494C2 3AB8DCFB 68135D27 44F4C116 5817EE46 443B6E48
09D7ACFA 77E61E61 905924EC 17F24F93 897CAF33 FCCB6012 284C91F3 C7902557
0203
010001
key string end
!
http server load flash:/boot/S6820-24XQ-E-webImage-10.002.007.bin
service http enable
!
!
!
!
hostname S6820-1
!
enable password 8 xxxxxxxxxxxx
!
!
username admin password 8 xxxxxxxxxxxx
username admin assign rsa key importKey
!
!
!
no errdisable detect reason link-flap
management ip address 10.3.135.127/16
management route add gateway 10.3.0.1
ip ssh server enable
!
snmp-server enable
snmp-server usm-user smmp001 authentication sha 8 xxxxxxxxxxxx privacy aes 8 xxxxxxxxxxxx
snmp-server group snmp001 user snmp001 security-model usm
snmp-server access snmp001 security-model usm priv
!
vlan database
vlan 10,98-100,254,4094
!
interface eth-0-1
switchport access vlan 100
channel-group 1 mode active
!
interface eth-0-2
switchport access vlan 100
channel-group 2 mode active
!
interface eth-0-3
switchport access vlan 100
channel-group 3 mode active
!
interface eth-0-4
switchport access vlan 100
channel-group 4 mode active
!
interface eth-0-5
switchport mode trunk
switchport trunk allowed vlan all
channel-group 5 mode active
!
interface eth-0-6
switchport mode trunk
switchport trunk allowed vlan all
channel-group 6 mode active
!
interface eth-0-7
switchport mode trunk
switchport trunk allowed vlan all
channel-group 7 mode active
!
interface eth-0-8
switchport access vlan 100
channel-group 8 mode active
!
interface eth-0-9
switchport access vlan 100
channel-group 9 mode active
!
interface eth-0-10
switchport access vlan 100
channel-group 10 mode active
!
interface eth-0-11
switchport access vlan 100
channel-group 11 mode active
!
interface eth-0-12
switchport access vlan 100
channel-group 12 mode active
!
interface eth-0-13
switchport access vlan 100
channel-group 13 mode active
!
interface eth-0-14
switchport access vlan 100
channel-group 14 mode active
!
interface eth-0-15
switchport access vlan 100
channel-group 15 mode active
!
interface eth-0-16
switchport access vlan 100
channel-group 16 mode active
!
interface eth-0-17
switchport access vlan 100
channel-group 17 mode active
!
interface eth-0-18
switchport access vlan 100
channel-group 18 mode active
!
interface eth-0-19
switchport access vlan 100
channel-group 19 mode active
!
interface eth-0-20
switchport access vlan 100
channel-group 20 mode active
!
interface eth-0-21
switchport mode trunk
switchport trunk allowed vlan all
channel-group 21 mode active
!
interface eth-0-22
switchport access vlan 254
static-channel-group 22
!
interface eth-0-23
switchport mode trunk
switchport trunk allowed vlan all
static-channel-group 23
!
interface eth-0-24
switchport mode trunk
switchport trunk allowed vlan all
static-channel-group 23
!
interface eth-0-25
!
interface eth-0-26
!
interface agg1
switchport access vlan 100
mlag 1
!
interface agg2
switchport access vlan 100
mlag 2
!
interface agg3
switchport access vlan 100
mlag 3
!
interface agg4
switchport access vlan 100
mlag 4
!
interface agg5
switchport mode trunk
switchport trunk allowed vlan all
mlag 5
!
interface agg6
switchport mode trunk
switchport trunk allowed vlan all
mlag 6
!
interface agg7
switchport mode trunk
switchport trunk allowed vlan all
mlag 7
!
interface agg8
switchport access vlan 100
mlag 8
!
interface agg9
switchport access vlan 100
mlag 9
!
interface agg10
switchport access vlan 100
mlag 10
!
interface agg11
switchport access vlan 100
mlag 11
!
interface agg12
switchport access vlan 100
mlag 12
!
interface agg13
switchport access vlan 100
mlag 13
!
interface agg14
switchport access vlan 100
mlag 14
!
interface agg15
switchport access vlan 100
mlag 15
!
interface agg16
switchport access vlan 100
mlag 16
!
interface agg17
switchport access vlan 100
mlag 17
!
interface agg18
switchport access vlan 100
mlag 18
!
interface agg19
switchport access vlan 100
mlag 19
!
interface agg20
switchport access vlan 100
mlag 20
!
interface agg21
switchport mode trunk
switchport trunk allowed vlan all
mlag 21
!
interface agg22
switchport access vlan 254
mlag 22
!
interface agg23
switchport mode trunk
switchport trunk allowed vlan all
spanning-tree port disable
!
interface vlan1
!
interface vlan10
ip address 192.168.10.2/24
ip virtual-router address 192.168.10.1
!
interface vlan98
ip address 192.168.98.2/24
ip virtual-router address 192.168.98.1
!
interface vlan99
ip address 192.168.99.2/24
ip virtual-router address 192.168.99.1
!
interface vlan100
ip address 192.168.100.2/24
ip virtual-router address 192.168.100.1
!
interface vlan254
ip address 192.168.254.2/24
ip virtual-router address 192.168.254.1
!
interface vlan4094
ip address 12.1.1.1/24
!
mlag configuration
peer-link agg23
peer-address 12.1.1.2
exit
!
ip virtual-router mac 22e5.baeb.9ae4
!
ip route 0.0.0.0/0 192.168.254.254
!
!
line con 0
no line-password
no login
line vty 0 7
exec-timeout 35791 0
privilege level 4
no line-password
no login
!
!
end
l3-2
S6820-2# show running-config
Building configuration...
version 10.002.007
!
service password-encryption
!
rsa key a
key type private
key format der
30820258
0201
00
028180
D4AB20A7 603FF659 1EA2307F 1989C8B8 D08FB26C 34AA004C 5D8CB7AC 122C1564
CD82B871 D31D6C23 F16110B1 6F4E0D88 DA48856E 06C002C0 2E2A217D 7109446F
8230C0C5 F07C1BF1 6F2807E5 98FEDCE8 31BA7C33 319CB7E0 848F76EC BB1BC110
B41EE6DB 7B0853E8 6ADE3058 4A4AF374 2A7F89CB DFE4D649 B2527A90 900F4857
0203
010001
028180
A103ABA6 6DDE1F93 1BF96A44 60BE8C25 396B0288 A05AF1FC DF7B51F8 CA8D6BE9
351BBAB0 1B4A147D 261CFA79 8CAF08DA 4B824ADB A1EAB06A 76C9592F D36C53CD
C3EEE50F E321B57F 5F56E14A 50FF4C9D 162B44C9 D68EB2B6 2DBD37F2 B34F6ED9
0960FFD8 E8D7EAFB 99FA281C EF2A0A2D 94AFFFCD C22EAAA7 2D3D2671 AFDFE329
0240
E9CFE933 DEF3A738 B390A923 301A1F98 0C4E647E F9F3479E 26264979 96EC9F8B
37CD3515 58359933 032A191F D14B395C 3E27CE8A 2A49FA35 FDF119F7 485EC09D
0240
E8D9909C 49C0417E 8EA45CFB CCEB4B39 21B0B23A E3A3C1B8 656650D3 DDE88CFB
7BADDE9B DF5DB396 096326A2 DB34E453 0B63721B F2CD7143 B66BF9E8 9A541883
0240
61B6C752 2B420EC7 AE9BAD64 0C4D4E98 DFC3BF52 25A99B6B A7ABE697 0F1112D8
3ED8DEEF 6DAEF0B8 9600F901 0819F4FD ECE7FBF4 581A149C 8DE53E21 CF37F22D
0240
C0163AE5 B33196D6 007636FE C21D9900 987A5B8D 991D0E42 3FE417E9 AFB69817
1E006113 D5404756 0E886CE7 0C4EA5CC 9C287D89 F0D2EA0D 22001139 8196BE61
0240
D1568815 80993D2A 34510024 30B422D3 81949E8E 441D6514 55BA75D5 346DF3FB
44B4A1DC C18976AA BF6777D3 F32DC3EE 98F06A2F AEBA8177 92FED137 696EBE4F
key string end
rsa key importKey
key type public
key format der
308188
028180
D4AB20A7 603FF659 1EA2307F 1989C8B8 D08FB26C 34AA004C 5D8CB7AC 122C1564
CD82B871 D31D6C23 F16110B1 6F4E0D88 DA48856E 06C002C0 2E2A217D 7109446F
8230C0C5 F07C1BF1 6F2807E5 98FEDCE8 31BA7C33 319CB7E0 848F76EC BB1BC110
B41EE6DB 7B0853E8 6ADE3058 4A4AF374 2A7F89CB DFE4D649 B2527A90 900F4857
0203
010001
key string end
!
http server load flash:/boot/S6820-24XQ-E-webImage-10.002.007.bin
service http enable
!
!
!
!
hostname S6820-2
!
enable password 8 xxxxxxxxxxxx
!
!
username admin password 8 xxxxxxxxxxxx
username admin assign rsa key importKey
!
!
!
no errdisable detect reason link-flap
management ip address 10.3.230.130/16
management route add gateway 10.3.0.1
ip ssh server enable
!
snmp-server enable
snmp-server usm-user snmp001 authentication sha 8 xxxxxxxxxxxx privacy aes 8 xxxxxxxxxxxx
snmp-server group snmp001 user snmp001 security-model usm
snmp-server access snmp001 security-model usm priv
!
vlan database
vlan 10,98-100,254,4094
!
interface eth-0-1
switchport access vlan 100
channel-group 1 mode active
!
interface eth-0-2
switchport access vlan 100
channel-group 2 mode active
!
interface eth-0-3
switchport access vlan 100
channel-group 3 mode active
!
interface eth-0-4
switchport access vlan 100
channel-group 4 mode active
!
interface eth-0-5
switchport mode trunk
switchport trunk allowed vlan all
channel-group 5 mode active
!
interface eth-0-6
switchport mode trunk
switchport trunk allowed vlan all
channel-group 6 mode active
!
interface eth-0-7
switchport mode trunk
switchport trunk allowed vlan all
channel-group 7 mode active
!
interface eth-0-8
switchport access vlan 100
channel-group 8 mode active
!
interface eth-0-9
switchport access vlan 100
channel-group 9 mode active
!
interface eth-0-10
switchport access vlan 100
channel-group 10 mode active
!
interface eth-0-11
switchport access vlan 100
channel-group 11 mode active
!
interface eth-0-12
switchport access vlan 100
channel-group 12 mode active
!
interface eth-0-13
switchport access vlan 100
channel-group 13 mode active
!
interface eth-0-14
switchport access vlan 100
channel-group 14 mode active
!
interface eth-0-15
switchport access vlan 100
channel-group 15 mode active
!
interface eth-0-16
switchport access vlan 100
channel-group 16 mode active
!
interface eth-0-17
switchport access vlan 100
channel-group 17 mode active
!
interface eth-0-18
switchport access vlan 100
channel-group 18 mode active
!
interface eth-0-19
switchport access vlan 100
channel-group 19 mode active
!
interface eth-0-20
switchport access vlan 100
channel-group 20 mode active
!
interface eth-0-21
switchport mode trunk
switchport trunk allowed vlan all
channel-group 21 mode active
!
interface eth-0-22
switchport access vlan 254
static-channel-group 22
!
interface eth-0-23
switchport mode trunk
switchport trunk allowed vlan all
static-channel-group 23
!
interface eth-0-24
switchport mode trunk
switchport trunk allowed vlan all
static-channel-group 23
!
interface eth-0-25
!
interface eth-0-26
!
interface agg1
switchport access vlan 100
mlag 1
!
interface agg2
switchport access vlan 100
mlag 2
!
interface agg3
switchport access vlan 100
mlag 3
!
interface agg4
switchport access vlan 100
mlag 4
!
interface agg5
switchport mode trunk
switchport trunk allowed vlan all
mlag 5
!
interface agg6
switchport mode trunk
switchport trunk allowed vlan all
mlag 6
!
interface agg7
switchport mode trunk
switchport trunk allowed vlan all
mlag 7
!
interface agg8
switchport access vlan 100
mlag 8
!
interface agg9
switchport access vlan 100
mlag 9
!
interface agg10
switchport access vlan 100
mlag 10
!
interface agg11
switchport access vlan 100
mlag 11
!
interface agg12
switchport access vlan 100
mlag 12
!
interface agg13
switchport access vlan 100
mlag 13
!
interface agg14
switchport access vlan 100
mlag 14
!
interface agg15
switchport access vlan 100
mlag 15
!
interface agg16
switchport access vlan 100
mlag 16
!
interface agg17
switchport access vlan 100
mlag 17
!
interface agg18
switchport access vlan 100
mlag 18
!
interface agg19
switchport access vlan 100
mlag 19
!
interface agg20
switchport access vlan 100
mlag 20
!
interface agg21
switchport mode trunk
switchport trunk allowed vlan all
mlag 21
!
interface agg22
switchport access vlan 254
mlag 22
!
interface agg23
switchport mode trunk
switchport trunk allowed vlan all
spanning-tree port disable
!
interface vlan1
!
interface vlan10
ip address 192.168.10.3/24
ip virtual-router address 192.168.10.1
!
interface vlan98
ip address 192.168.98.3/24
ip virtual-router address 192.168.98.1
!
interface vlan99
ip address 192.168.99.3/24
ip virtual-router address 192.168.99.1
!
interface vlan100
ip address 192.168.100.3/24
ip virtual-router address 192.168.100.1
!
interface vlan254
ip address 192.168.254.3/24
ip virtual-router address 192.168.254.1
!
interface vlan4094
ip address 12.1.1.2/24
!
mlag configuration
peer-link agg23
peer-address 12.1.1.1
exit
!
ip virtual-router mac 22e5.baeb.9ae4
!
ip route 0.0.0.0/0 192.168.254.254
!
!
line con 0
no line-password
no login
line vty 0 7
exec-timeout 35791 0
privilege level 4
no line-password
no login
!
!
end
l2
s6550-ipmi#show running-config
System current configuration:
!command in view_mode
!
!command in config_mode first-step
create vlan 99,254 active
!
!command in qos mapping mode
!
!command in wred mode
!
!command in vrf_mode
!
!command in acl-ipv4-basic mode
!
!command in acl-ipv4-advanced mode
!
!command in acl-mac mode
!
!command in acl-map mode
!
!command in acl-ipv6 mode
!
!command in acl-advanced mode
!
!command in filter-vlanlist mode
!
!command in traffic policer mode
!
!command in cmap_mode
!
!command in pmap_mode
!
!command in bandwidth profile mode
!
!command in hcos_mode
!
!command in hvlan_mode
!
!command in enable_mode
user name admin password cipher xxxxxxxxxxxx confirm
hostname s6550-ipmi
!
!command in region_mode
!
!command in ip igmp profile mode
!
!command in mld profile mode
!
!command in outband_mode
!
!command in NULL_mode
!
!command in l2cp profile mode
!
!command in aggregation_mode
!
interface port-channel 11
portswitch
switchport mode trunk
!
!command in vlan configuration mode
!
!command in tunnel interface mode
!
!command in port_mode
!
interface gigaethernet 1/1/1
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/2
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/3
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/4
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/5
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/6
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/7
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/8
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/9
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/10
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/11
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/12
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/13
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/14
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/15
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/16
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/17
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/18
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/19
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/20
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/21
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/22
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/23
portswitch
switchport access vlan 99
!
interface gigaethernet 1/1/24
portswitch
switchport access vlan 99
!
interface tengigabitethernet 1/1/25
portswitch
port-channel 11
!
interface tengigabitethernet 1/1/26
portswitch
port-channel 11
!
!command in isf_mode
!
!command in dhcp-pool mode
!
!command in loopback interface mode
!
interface loopback 0
!
!command in vlan interface mode
!
interface vlan 254
ip address 192.168.254.4 255.255.255.0
!
!command in sub_interface mode
!
!command in tdm port mode
!
!command in vxlan_interface mode
!
!command in routemap_mode
!
!command in ospf_mode
!
!command in pim_mode
!
!command in ipv6 pim_mode
!
!command in cluster_mode
!
!command in keychain_mode
!
!command in bfd_template_mode
!
!command in iccp mode
!
!command in service_mode
!
!command in linktrace_mode
!
!command in config_mode
snmp-server access snmp001 read internet notify internet usm authpriv
snmp-server group snmp001 user snmp001 usm
snmp-server user snmp001 authkey sha xxxxxxxxxxxx privkey xxxxxxxxxxxx
ip route 0.0.0.0 0.0.0.0 192.168.254.1
ssh2 server
!
!command in clkmgmt_mode
!
!command in ccsp_mode
!
server-proxmox
root@pve31:/# cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
# apt install openvswitch-server -y
auto lo
iface lo inet loopback
auto eno1
iface eno1 inet manual
auto eno2
iface eno2 inet manual
iface enp175s0f0 inet manual
iface enp175s0f0 inet manual
auto br0_pve_mgmt
iface br0_pve_mgmt inet static
address 192.168.100.31/24
gateway 192.168.100.1
ovs_type OVSIntPort
ovs_bridge vmbr0
ovs_options tag=100
auto br0_pve_cluster
iface br0_pve_cluster inet static
address 192.168.98.31/24
ovs_type OVSIntPort
ovs_bridge vmbr0
ovs_options tag=98
auto bond0
iface bond0 inet manual
ovs_bonds eno1 eno2
ovs_type OVSBond
ovs_bridge vmbr0
ovs_options lacp=active trunks=10,98,100 bond_mode=balance-tcp
auto vmbr0
iface vmbr0 inet manual
ovs_type OVSBridge
ovs_ports bond0 br0_pve_mgmt br0_pve_cluster
#auto vmbr0
#iface vmbr0 inet static
# address 192.168.100.31/24
# gateway 192.168.100.1
# bridge-ports enp175s0f0
# bridge-stp off
# bridge-fd 0
#root@pve31:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master ovs-system state UP group default qlen 1000
link/ether b4:05:5d:b9:82:60 brd ff:ff:ff:ff:ff:ff
altname enp26s0f0
inet6 fe80::b605:5dff:feb9:8260/64 scope link
valid_lft forever preferred_lft forever
3: enp175s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 80:61:5f:10:4a:4c brd ff:ff:ff:ff:ff:ff
4: enp175s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 80:61:5f:10:4a:4d brd ff:ff:ff:ff:ff:ff
5: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master ovs-system state UP group default qlen 1000
link/ether b4:05:5d:b9:82:61 brd ff:ff:ff:ff:ff:ff
altname enp26s0f1
inet6 fe80::b605:5dff:feb9:8261/64 scope link
valid_lft forever preferred_lft forever
12: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 12:fd:27:64:dd:28 brd ff:ff:ff:ff:ff:ff
13: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether b4:05:5d:b9:82:60 brd ff:ff:ff:ff:ff:ff
inet6 fe80::d883:62ff:fe81:be44/64 scope link
valid_lft forever preferred_lft forever
14: br0_pve_mgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether da:d1:a6:07:9d:d4 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.31/24 scope global br0_pve_mgmt
valid_lft forever preferred_lft forever
inet6 fe80::d8d1:a6ff:fe07:9dd4/64 scope link
valid_lft forever preferred_lft forever
15: br0_pve_cluster: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 0e:86:35:bb:38:8c brd ff:ff:ff:ff:ff:ff
inet 192.168.98.31/24 scope global br0_pve_cluster
valid_lft forever preferred_lft forever
inet6 fe80::c86:35ff:febb:388c/64 scope link
valid_lft forever preferred_lft forever
16: bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 46:2a:90:12:64:98 brd ff:ff:ff:ff:ff:ff
inet6 fe80::442a:90ff:fe12:6498/64 scope link
valid_lft forever preferred_lft forever
# root@pve31:~# ovs-vsctl show
067d234c-dd41-4097-8380-7068335a149a
Bridge vmbr0
Port vmbr0
Interface vmbr0
type: internal
Port br0_pve_cluster
tag: 98
Interface br0_pve_cluster
type: internal
Port bond0
trunks: [10, 98, 100]
Interface eno1
Interface eno2
Port br0_pve_mgmt
tag: 100
Interface br0_pve_mgmt
type: internal
ovs_version: "2.15.0"
nas-ovm
root@omv25:/# cat /etc/netplan/40-openmediavault-bond0.yaml
network:
ethernets:
eno1:
addresses: []
dhcp4: false
dhcp6: false
eno2:
addresses: []
dhcp4: false
dhcp6: false
bonds:
bond0:
addresses:
- 192.168.100.25/24
gateway4: 192.168.100.1
dhcp4: false
dhcp6: false
link-local: []
nameservers:
addresses:
- 223.5.5.5
interfaces:
- eno1
- eno2
parameters:
mode: 802.3ad
primary: eno1
primary-reselect-policy: always
mii-monitor-interval: 100
up-delay: 200
down-delay: 200
nas-truenas
# admin@truenas-28[/]$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP group default qlen 1000
link/ether b4:05:5d:b9:7e:54 brd ff:ff:ff:ff:ff:ff
altname enp26s0f0
3: enp175s0f0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 80:61:5f:10:4a:a8 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.28/24 brd 192.168.0.255 scope global enp175s0f0
valid_lft forever preferred_lft forever
inet6 fe80::8261:5fff:fe10:4aa8/64 scope link
valid_lft forever preferred_lft forever
4: eno2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP group default qlen 1000
link/ether b4:05:5d:b9:7e:54 brd ff:ff:ff:ff:ff:ff permaddr b4:05:5d:b9:7e:55
altname enp26s0f1
5: enp175s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 80:61:5f:10:4a:a9 brd ff:ff:ff:ff:ff:ff
6: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether b4:05:5d:b9:7e:54 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.28/24 brd 192.168.100.255 scope global bond0
valid_lft forever preferred_lft forever
# admin@truenas-28[~]$ cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v5.15.107+truenas
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2+3 (2)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0
802.3ad info
LACP active: on
LACP rate: slow
Min links: 0
Aggregator selection policy (ad_select): stable
Slave Interface: eno1
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: b4:05:5d:b9:7e:54
Slave queue ID: 0
Aggregator ID: 1
Actor Churn State: none
Partner Churn State: none
Actor Churned Count: 0
Partner Churned Count: 0
Slave Interface: eno2
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: b4:05:5d:b9:7e:55
Slave queue ID: 0
Aggregator ID: 1
Actor Churn State: none
Partner Churn State: none
Actor Churned Count: 0
Partner Churned Count: 0
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· AI技术革命,工作效率10个最佳AI工具
2018-07-12 golang 微框架 gin