华为交换机操作命令
1 修改设备名称
<Huawei> system-view
[Huawei] sysname SW01
[SW01]
2 设置AAA本地登录
(需要用户名)
[SW01] user-interface console 0
[SW01-ui-console0] authentication-mode aaa
[SW01-ui-console0] aaa
[SW01-aaa] local-user test password cipher test123456
(无需用户名)
<SW01> system-view
[SW01] user-interface vty 0 4
[SW01-ui-vty0-4] set authentication password cipher huawei@123
[SW01-ui-vty0-4] user privilege level 15
[SW01-ui-vty0-4] q
3 设置远程登录telnet
[SW01] telnet server enable
[SW01] user-interface vty 0 4
[SW01-ui-vty0-4] authentication-mode aaa
[SW01] aaa
[SW01-aaa] local-user admin password cipher huawei@123
[SW01-aaa] local-user admin service-type telnet
[SW01-aaa] local-user admin privilege level 15
4 设置管理vlan地址、接口地址、批量设置access口
管理地址:
[SW01] vlan 3000
[SW01] interface Vlanif 3000
[SW01-Vlanif3000] ip address 20.1.1.1 24
接口地址:
[SW01] interface Ethernet 0/0/3
[SW01-Ethernet0/0/3] ip address 10.1.1.10 255.255.255.0
批量设置access口:
[SW01] port-group group-member Ethernet 0/0/3 to Ethernet 0/0/10
[SW01-port-group] port link-type access
[SW01-Ethernet0/0/3] port link-type access
[SW01-Ethernet0/0/4] port link-type access
[SW01-Ethernet0/0/5] port link-type access
[SW01-Ethernet0/0/6] port link-type access
[SW01-Ethernet0/0/7] port link-type access
[SW01-Ethernet0/0/8] port link-type access
[SW01-Ethernet0/0/9] port link-type access
[SW01-Ethernet0/0/10] port link-type access
[SW01-port-group] port default vlan 1
[SW01-Ethernet0/0/3] port default vlan 1
[SW01-Ethernet0/0/4] port default vlan 1
[SW01-Ethernet0/0/5] port default vlan 1
[SW01-Ethernet0/0/6] port default vlan 1
[SW01-Ethernet0/0/7] port default vlan 1
[SW01-Ethernet0/0/8] port default vlan 1
[SW01-Ethernet0/0/9] port default vlan 1
[SW01-Ethernet0/0/10] port default vlan 1
5 划分vlan并将端口划到vlan中
[SW01] vlan 111
[SW01] interface Vlanif 111
[SW01-Vlanif111] ip address 172.16.30.254 24
[SW01-Ethernet0/0/6] port link-type access
[SW01-Ethernet0/0/6] port default vlan 111
6 设置vlan网关地址
[SW01] interface Vlanif 1
[SW01-Vlanif1] ip address 10.1.1.1 24
7 设置console口密码
[SW01] user-interface console 0
[SW01-ui-console0] authentication-mode aaa
[SW01-ui-console0] aaa
[SW01-aaa] local-user test password cipher test123456
8 配置日志服务器,并设置日志级别
[SW01] info-center enable
[SW01] info-center loghost 10.1.1.10 language English
[SW01] info-center source default channel loghost log level warning
[SW01] Info-center loghost source Ethernet 0/0/10
9 配置trunk接口(所有的交换机都要配置)
[SW01-Ethernet0/0/3] port link-type trunk
[SW01-Ethernet0/0/3] port trunk allow-pass vlan 10 20 all ###允许所有vlan通过,一般情况下指定哪些具体的vlan通过,不设置允许所有的VLAN通过
例如:[SW01-Ethernet0/3] port trunk allow-pass vlan 10 20 ###只允许vlan10、20通过
10 配置acl禁止445端口并应用到端口
[SW01] acl number 3001
[SW01-acl-adv-3001] rule 5 deny tcp source-port eq 445 destination-port eq 445
[SW01-acl-adv-3001] rule 10 deny udp source-port eq 445 destination-port eq 445
[SW01] interface Ethernet 0/0/1
[SW01-Ethernet0/0/1] traffic-filter inbound acl 3001
[SW01-Ethernet0/0/1] traffic-filter outbound acl 3001
#2000-2999普通ACL,根据源IP过滤
#3000-3999高级ACL,根据源目的端口和源目的地址等过滤
#4000-4999二层ACL,根据源目的MAC等过滤
2000开始的数字限制源ip地址和目的ip地址
3000开始的数字限制源端口号和目的端口号
11 开启SNMP服务
[SW01] snmp-agent
[SW01] snmp-agent community read public ###具有读权限的团体字
[SW01] snmp-agent community write private ###具有写权限的团体字
[SW01] snmp-agent sys-info version all ###配置SNMP版本(all是所有版本)
12 开启流量监控镜像
[SW01] display interface brief ###查看交换机当前端口的开放状态,down端口关闭、up端口开启
[SW01] observe-port 1 interface Ethernet 0/0/22 ###将22口作为管理口
[SW01] dis observe-port ###查看管理口
将10-21口作为镜像口:
[SW01] port-group group-member Ethernet 0/0/10 to Ethernet 0/0/21
[SW01-port-group] port-mirroring to observe-port 1 both ###inbound入口、outbound出口、both入口和出口,在此指出入口流量
[SW01] dis port-mirroring ###查看所有镜像口
13 添加静态路由命令
静态路由:
[SW01] ip route-static 10.10.10.0 255.255.255.0 10.10.20.1 ###访问10.10.10.0/24这个段的下一跳地址是10.10.20.1
[SW01] dis ip routing-table ###查看路由表
14 添加可信地址
[SW01] acl number 2001
[SW01-acl-basic-2001] rule permit source 100.1.1.1 255.255.255.0
15 开启dhcp服务,自动获取ip地址
[Core SW] dhcp enable
[Core SW] ip pool 10 ###创建地址池
[Core SW-ip-pool-10] gateway-list 10.10.10.1 ###设置dhcp网关地址
[Core SW] interface Vlanif 10
[Core SW-Vlanif10] dhcp select global ###设置vlan10的终端自动获取ip
[Core SW] dis ip pool name 10 ###查看dhcp地址池分配情况