华为交换机操作命令

时间:2024-03-03 08:25:18

华为交换机操作命令

1 修改设备名称

<Huawei> system-view

[Huawei] sysname SW01

[SW01] 

 

2 设置AAA本地登录

(需要用户名)

[SW01] user-interface console 0

[SW01-ui-console0] authentication-mode aaa

[SW01-ui-console0] aaa

[SW01-aaa] local-user test password cipher test123456

(无需用户名)

<SW01> system-view

[SW01] user-interface vty 0 4

[SW01-ui-vty0-4] set authentication password cipher huawei@123

[SW01-ui-vty0-4] user privilege level 15

[SW01-ui-vty0-4] q

 

3 设置远程登录telnet

[SW01] telnet server enable

[SW01] user-interface vty 0 4

[SW01-ui-vty0-4] authentication-mode aaa

[SW01] aaa

[SW01-aaa] local-user admin password cipher huawei@123

[SW01-aaa] local-user admin service-type telnet

[SW01-aaa] local-user admin privilege level 15

 

4 设置管理vlan地址、接口地址、批量设置access口

管理地址:

[SW01] vlan 3000

[SW01] interface Vlanif 3000

[SW01-Vlanif3000] ip address 20.1.1.1 24

接口地址:

[SW01] interface Ethernet 0/0/3

[SW01-Ethernet0/0/3] ip address 10.1.1.10 255.255.255.0

批量设置access口:

[SW01] port-group group-member Ethernet 0/0/3 to Ethernet 0/0/10

[SW01-port-group] port link-type access

[SW01-Ethernet0/0/3] port link-type access

[SW01-Ethernet0/0/4] port link-type access

[SW01-Ethernet0/0/5] port link-type access

[SW01-Ethernet0/0/6] port link-type access

[SW01-Ethernet0/0/7] port link-type access

[SW01-Ethernet0/0/8] port link-type access

[SW01-Ethernet0/0/9] port link-type access

[SW01-Ethernet0/0/10] port link-type access

[SW01-port-group] port default vlan 1

[SW01-Ethernet0/0/3] port default vlan 1

[SW01-Ethernet0/0/4] port default vlan 1

[SW01-Ethernet0/0/5] port default vlan 1

[SW01-Ethernet0/0/6] port default vlan 1

[SW01-Ethernet0/0/7] port default vlan 1

[SW01-Ethernet0/0/8] port default vlan 1

[SW01-Ethernet0/0/9] port default vlan 1

[SW01-Ethernet0/0/10] port default vlan 1

 

5 划分vlan并将端口划到vlan中

[SW01] vlan 111

[SW01] interface Vlanif 111

[SW01-Vlanif111] ip address 172.16.30.254 24

[SW01-Ethernet0/0/6] port link-type access

[SW01-Ethernet0/0/6] port default vlan 111

 

6 设置vlan网关地址

[SW01] interface Vlanif 1

[SW01-Vlanif1] ip address 10.1.1.1 24

 

7 设置console口密码

[SW01] user-interface console 0

[SW01-ui-console0] authentication-mode aaa

[SW01-ui-console0] aaa

[SW01-aaa] local-user test password cipher test123456

 

8 配置日志服务器,并设置日志级别

[SW01] info-center enable

[SW01] info-center loghost 10.1.1.10 language English

[SW01] info-center source default channel loghost log level warning

[SW01] Info-center loghost source Ethernet 0/0/10

 

9 配置trunk接口(所有的交换机都要配置)

[SW01-Ethernet0/0/3] port link-type trunk

[SW01-Ethernet0/0/3] port trunk allow-pass vlan 10 20 all ###允许所有vlan通过,一般情况下指定哪些具体的vlan通过,不设置允许所有的VLAN通过

例如:[SW01-Ethernet0/3] port trunk allow-pass vlan 10 20 ###只允许vlan10、20通过

 

10 配置acl禁止445端口并应用到端口

[SW01] acl number 3001

[SW01-acl-adv-3001] rule 5 deny tcp source-port eq 445 destination-port eq 445

[SW01-acl-adv-3001] rule 10 deny udp source-port eq 445 destination-port eq 445

[SW01] interface Ethernet 0/0/1

[SW01-Ethernet0/0/1] traffic-filter inbound acl 3001

[SW01-Ethernet0/0/1] traffic-filter outbound acl 3001

#2000-2999普通ACL,根据源IP过滤

#3000-3999高级ACL,根据源目的端口和源目的地址等过滤

#4000-4999二层ACL,根据源目的MAC等过滤

2000开始的数字限制源ip地址和目的ip地址

3000开始的数字限制源端口号和目的端口号

 

11 开启SNMP服务

[SW01] snmp-agent

[SW01] snmp-agent community read public ###具有读权限的团体字

[SW01] snmp-agent community write private ###具有写权限的团体字

[SW01] snmp-agent sys-info version all ###配置SNMP版本(all是所有版本)

 

12 开启流量监控镜像

[SW01] display interface brief ###查看交换机当前端口的开放状态,down端口关闭、up端口开启

[SW01] observe-port 1 interface Ethernet 0/0/22 ###将22口作为管理口

[SW01] dis observe-port ###查看管理口

将10-21口作为镜像口:

[SW01] port-group group-member Ethernet 0/0/10 to Ethernet 0/0/21

[SW01-port-group] port-mirroring to observe-port 1 both ###inbound入口、outbound出口、both入口和出口,在此指出入口流量

[SW01] dis port-mirroring ###查看所有镜像口

 

13 添加静态路由命令

静态路由:

[SW01] ip route-static 10.10.10.0 255.255.255.0 10.10.20.1 ###访问10.10.10.0/24这个段的下一跳地址是10.10.20.1

[SW01] dis ip routing-table ###查看路由表

 

14 添加可信地址

[SW01] acl number 2001

[SW01-acl-basic-2001] rule permit source 100.1.1.1 255.255.255.0

 

15 开启dhcp服务,自动获取ip地址

[Core SW] dhcp enable

[Core SW] ip pool 10 ###创建地址池

[Core SW-ip-pool-10] gateway-list 10.10.10.1 ###设置dhcp网关地址

[Core SW] interface Vlanif 10

[Core SW-Vlanif10] dhcp select global ###设置vlan10的终端自动获取ip

[Core SW] dis ip pool name 10 ###查看dhcp地址池分配情况