传统网络组网配置-一、核心

时间:2024-03-11 17:37:56

1 开局MLAG组网(厂商初始化工作)

核心、Leaf 均配置MLAG(MLAG的vap domain ID 为 1,1.1.1.0/30 为keepalive IP,1.1.1.4/30 为数据同步IP)

1.1 peerlink:

vlan 4094
name For_peer-link
interface vlan 4094
ip add 1.1.1.5/30

interface agg255
no mac-address-learning
sw mo trunk
sw trunk allowed vlna only 2-4094
peer-link

interface hun0/55
carrier-delay up 2 down 0
port-group 255 mode active
lacp short-timeout
interface hun0/56
carrier-delay up 2 down 0
port-group 255 mode active
lacp short-timeout

1.2 keepalive:

interface agg254
no switchport
ip address 1.1.1.1.1 30
vap error-down except

interface ten0/47
no switchport
port-group 254 mode active
lacp short-timeout
interface ten0/48
no switchport
port-group 254 mode active
lacp short-timeout

1.3 vap domain 1

no fast-convergence
recover up-dely 120 none-vap 60
priority 5 (M2配置 4)
data-sysnc local 1.1.1.5 peer 1.1.1.6
peer keepalive local 1.1.1.1 peer 1.1.1.2
dual-active auto recovery

查看:
show vap keepalive
show vap peer-link
show vap data-sync(查看数据同步)

2 开局基础配置(厂商初始化工作)

用户名 加密
username openstackadmin privilege 15 password Pr@ject2018
username COC_operator privilege 15 password shixun@2023
username COC_monitor privilege 1 password shixun@2023
username yundiao_read privilege 1 password shixun@2023
privilege exec all level 1 show run
privilege exec level 15 enable

加密:service password-encryption

2.1 关闭 telnet 服务、web服务

enable service ssh-server
no enable service telnet-server
no enable service telnet-server
!
no enable service web-server http
no enable service web-server https

2.2 时钟 NTP

clock timezone beijing 8 0

ntp update-calendar
ntp server vrf NET-manage 10.30.1.254 source Mgmt 0 pre

2.3 LLDP封装:

lldp enable
lldp management-address-tlv 本机带外地址

2.4 snmp

snmp-server host 地址1 vrf NET-manage traps version 2c yundiao*&COC2016
snmp-server host 地址2 vrf NET-manage traps version 2c yundiao*&COC2016
snmp-server community 只读串 RO 2000
snmp-server trap-source mgmt 0
snmp-server enable traps
no snmp-server enable version v1

snmp-server user yundiao SNMPGROUP v3 auth sha yundiao*&COC2016 priv aes128 yundiao*&COC2016
snmp-server group SNMPGROUP v3 priv read default write default access 2000

2.5 日志:

logging userinfo command-log (命令记录)
logging source interface Mgmt 0
logging facility local4
logging server 日志地址1 vrf NET-manage udp-port 5000 level warnings
logging server 日志地址2 vrf NET-manage udp-port 5000 level warnings

2.6 trap acl,ssh acl

trap acl:
ip access-list extended 2000
10 permit ip host snmp主机地址1 any
15 permit ip host snmp主机地址2 any
1000 deny ip any any
list-remark For_SNMP

ssh acl:
ip access-list extended 2001
10 permit ip 192.168.0.0 0.0.7.255 any
20 permit ip 10.30.0.0 0.0.1.255 any
1000 deny ip any any
list-remark For_Login

本地认证调用acl
line vty 0 9
transport input ssh
session-timeout 10
access-class 2001 in
login local
width 256
logging synchronous(日志输出同步,敲入命令不会弹出信息)
privilege level 15
!
line console 0
session-timeout 10
privilege level 15
logging synchronous(日志输出同步,敲入命令不会弹出信息)
login local
width 256

2.7 巨帧转发

mtu forwarding 9216(允许转发mtu为9216内的数据包,默认1500)

2.8 开启netconf并且最大会话次数为10

netconf enable
netconf max-sessions 10

2.9 ACL仅对三层报文生效

svi router-acls enable

2.10 开启五元组hash

load-balance-profile ruijie
y
ipv4 field src-ip dst-ip protocol l4-src-port l4-dst-port
ipv6 field src-ip dst-ip protocol l4-src-port l4-dst-port
hash-disturb 16
!
aggregateport load-balance enhanced profile ruijie
!
在这里插入图片描述

2.11 核心生成树关闭

no spanning-tree
!
no spanning-tree mst configuration
!

3 业务配置(其他分工人员)

网关地址配置
interface vlan 100
ip add 192.168.10.1/24

相关文章