学习啦>学习电脑>网络知识>网络技术>

核心交换机各项配置 Vlan划分、互访、ACL管控、链路聚合教程

加城分享

  交换机的主要功能包括物理编址、网络拓扑结构、错误校验、帧序列以及流控。交换机还具备了一些新的功能,如对VLAN(虚拟局域网)的支持、对链路汇聚的支持,甚至有的还具有防火墙的功能。这篇文章主要为大家介绍了核心交换机配置的方法,比如给核心交换机配置Vlan划分、互访、ACL管控、链路聚合等,需要的朋友可以参考下。

  概念介绍

  访问控制列表(Access Control List,ACL) 是路由器和交换机接口的指令列表,用来控制端口进出的数据包。ACL适用于所有的被路由协议,如IP、IPX、AppleTalk等。

  链路聚合是将两个或更多数据信道结合成一个单个的信道,该信道以一个单个的更高带宽的逻辑链路出现。链路聚合一般用来连接一个或多个带宽需求大的设备,例如连接骨干网络的服务器或服务器群。

  具体配置

  #

  !Software Version V200R001C00SPC300

  sysname IT_ServerRoom #交换机名称#

  #

  vlan batch 10 20 30 40 50 60 70 80 90 99 to 100 #设置Vlan#

  vlan batch 110

  #

  lacp priority 100 #链路聚合优先级设定#

  #

  undo http server enable

  #

  undo nap slave enable

  #

  dhcp enable #打开DHCP功能#

  #

  acl number 3001 #配置ACL访控#

  rule 4 permit tcp source 0.0.0.0 192.168.21.11 destination-port eq 3389 #允许指定IP使用远程协助#

  rule 5 permit tcp source 0.0.0.0 192.168.21.13 destination-port eq 3389

  rule 6 permit tcp source 0.0.0.1 192.168.11.254 destination-port eq 3389

  rule 7 permit tcp source 0.0.0.0 192.168.51.13 destination 0.0.0.0 192.168.11.10 destination-port eq 3389

  rule 8 permit tcp source 0.0.0.0 192.168.81.31 destination 0.0.0.0 192.168.11.10 destination-port eq 3389

  rule 9 permit tcp source 0.0.0.0 192.168.21.14 destination 0.0.0.0 192.168.11.12 destination-port eq 3389

  rule 10 permit tcp source 0.0.0.3 192.168.21.12 destination-port eq telnet

  rule 11 permit tcp source 0.0.0.1 192.168.11.254 destination-port eq telnet

  rule 12 permit tcp source 0.0.0.0 192.168.21.250 destination 0.0.0.0 192.168.11.12 destination-port eq 3389

  rule 100 deny tcp destination-port eq 3389 #关闭远程协助端口#

  rule 105 deny tcp destination-port eq telnet #关闭Telnet端口#

  #

  ip pool 1 #设置IP地址池#

  gateway-list 192.168.11.254 #设置网关#

  network 192.168.11.0 mask 255.255.255.0 #子网掩码及IP区段#

  excluded-ip-address 192.168.11.1 192.168.11.60 #DHCP分配时豁免的IP地址#

  lease day 10 hour 0 minute 0 #IP地址有效时间#

  dns-list 192.168.11.2 192.168.11.5 #DNS配置#

  #

  ip pool 2

  gateway-list 192.168.21.254

  network 192.168.21.0 mask 255.255.255.0

  excluded-ip-address 192.168.21.1 192.168.21.60

  lease day 10 hour 0 minute 0

  dns-list 192.168.11.2 192.168.11.5

  #

  ip pool 3

  gateway-list 192.168.31.254

  network 192.168.31.0 mask 255.255.255.0

  excluded-ip-address 192.168.31.1 192.168.31.60

  lease day 10 hour 0 minute 0

  dns-list 192.168.11.2 192.168.11.5

  #

  ip pool 4

  gateway-list 192.168.41.254

  network 192.168.41.0 mask 255.255.255.0

  excluded-ip-address 192.168.41.1 192.168.41.60

  lease day 10 hour 0 minute 0

  dns-list 192.168.11.2 192.168.11.5

  #

  ip pool 5

  gateway-list 192.168.51.254

  network 192.168.51.0 mask 255.255.255.0

  excluded-ip-address 192.168.51.1 192.168.51.60

  lease day 10 hour 0 minute 0

  dns-list 192.168.11.2 192.168.11.5

  #

  ip pool 6

  gateway-list 192.168.61.254

  network 192.168.61.0 mask 255.255.255.0

  excluded-ip-address 192.168.61.1 192.168.61.60

  lease day 10 hour 0 minute 0

  dns-list 192.168.11.2 192.168.11.5

  #

  ip pool 7

  gateway-list 192.168.71.254

  network 192.168.71.0 mask 255.255.255.0

  excluded-ip-address 192.168.71.1 192.168.71.60

  lease day 10 hour 0 minute 0

  dns-list 192.168.11.2 192.168.11.5

  #

  ip pool 8

  gateway-list 192.168.81.254

  network 192.168.81.0 mask 255.255.255.0

  excluded-ip-address 192.168.81.1 192.168.81.60

  lease day 10 hour 0 minute 0

  dns-list 192.168.11.2 192.168.11.5

  #

  ip pool 9

  gateway-list 192.168.91.254

  network 192.168.91.0 mask 255.255.255.0

  excluded-ip-address 192.168.91.1 192.168.91.60

  lease day 10 hour 0 minute 0

  dns-list 192.168.11.2 192.168.11.5

  #

  ip pool 10

  gateway-list 192.168.101.254

  network 192.168.101.0 mask 255.255.255.0

  excluded-ip-address 192.168.101.1 192.168.101.60

  lease day 10 hour 0 minute 0

  dns-list 192.168.11.2 192.168.11.5

  #

  ip pool 11

  gateway-list 192.168.111.254

  network 192.168.111.0 mask 255.255.255.0

  excluded-ip-address 192.168.111.1 192.168.111.60

  lease day 10 hour 0 minute 0

  dns-list 192.168.11.2 192.168.11.5

  #

  aaa

  authentication-scheme default

  authorization-scheme default

  accounting-scheme default

  domain default

  domain default_admin

  local-user admin password cipher %$%$O9hP7mbdf4Q#E\vU4j#wX3ypg%$%$@!@$

  local-user admin service-type http

  #

  interface Vlanif1

  ip address 192.168.66.254 255.255.255.0

  #

  interface Vlanif10 #实现Vlan间互访#

  ip address 192.168.11.254 255.255.255.0

  dhcp select global

  #

  interface Vlanif20

  ip address 192.168.21.254 255.255.255.0

  dhcp select global

  #

  interface Vlanif30

  ip address 192.168.31.254 255.255.255.0

  dhcp select global

  #

  interface Vlanif40

  ip address 192.168.41.254 255.255.255.0

  dhcp select global

  #

  interface Vlanif50

  ip address 192.168.51.254 255.255.255.0

  dhcp select global

  #

  interface Vlanif60

  ip address 192.168.61.254 255.255.255.0

  dhcp select global

  #

  interface Vlanif70

  ip address 192.168.71.254 255.255.255.0

  dhcp select global

  #

  interface Vlanif80

  ip address 192.168.81.254 255.255.255.0

  dhcp select global

  #

  interface Vlanif90

  ip address 192.168.91.254 255.255.255.0

  dhcp select global

  #

  interface Vlanif99

  ip address 10.0.0.2 255.255.255.0

  #

  interface Vlanif100

  ip address 192.168.101.254 255.255.255.0

  dhcp select global

  #

  interface Vlanif110

  ip address 192.168.111.254 255.255.255.0

  dhcp select global

  #

  interface MEth0/0/1

  ip address 192.168.88.1 255.255.255.0

  #

  interface Eth-Trunk1 #链路聚合设置#

  port link-type trunk #链路聚合后的模式#

  port trunk allow-pass vlan 2 to 4094 #允许通过的Vlan标签#

  mode lacp-static #链路聚合模式#

  max active-linknumber 2 #最大在线端口#

  #

  interface GigabitEthernet0/0/1 #各端口配置#

  port link-type access

  port default vlan 10

  loopback-detect enable #环路检测#

  #

  interface GigabitEthernet0/0/2

  port link-type access

  port default vlan 10

  loopback-detect enable

  #

  interface GigabitEthernet0/0/3

  port link-type access

  port default vlan 10

  loopback-detect enable

  #

  interface GigabitEthernet0/0/4

  port link-type access

  port default vlan 10

  loopback-detect enable

  #

  interface GigabitEthernet0/0/5

  port link-type access

  port default vlan 110

  #

  interface GigabitEthernet0/0/6

  port link-type access

  port default vlan 110

  loopback-detect enable

  #

  interface GigabitEthernet0/0/7

  port link-type access

  port default vlan 100

  loopback-detect enable

  #

  interface GigabitEthernet0/0/8

  port link-type access

  port default vlan 100

  loopback-detect enable

  #

  interface GigabitEthernet0/0/9

  port link-type access

  port default vlan 90

  loopback-detect enable

  #

  interface GigabitEthernet0/0/10

  port link-type access

  port default vlan 90

  loopback-detect enable

  #

  interface GigabitEthernet0/0/11

  port link-type access

  port default vlan 60

  loopback-detect enable

  #

  interface GigabitEthernet0/0/12

  port link-type access

  port default vlan 60

  loopback-detect enable

  #

  interface GigabitEthernet0/0/13

  port link-type access

  port default vlan 70

  loopback-detect enable

  #

  interface GigabitEthernet0/0/14

  loopback-detect enable

  #

  interface GigabitEthernet0/0/15

  loopback-detect enable

  #

  interface GigabitEthernet0/0/16

  loopback-detect enable

  #

  interface GigabitEthernet0/0/17 #链路聚合端口配置1#

  eth-trunk 1

  lacp priority 100 #高优先级#

  #

  interface GigabitEthernet0/0/18 #链路聚合端口配置2#

  eth-trunk 1

  lacp priority 100

  #

  interface GigabitEthernet0/0/19 #链路聚合端口配置3#

  eth-trunk 1 #备用链路,2用1备#

  #

  interface GigabitEthernet0/0/20

  loopback-detect enable

  #

  interface GigabitEthernet0/0/21

  port link-type trunk

  port trunk allow-pass vlan 10 20 30 40 50 60 70 80 90 100

  port trunk allow-pass vlan 110

  loopback-detect enable

  #

  interface GigabitEthernet0/0/22

  port link-type trunk

  port trunk allow-pass vlan 10 20 30 40 50 60 70 80 90 100

  port trunk allow-pass vlan 110

  loopback-detect enable

  #

  interface GigabitEthernet0/0/23 #连接防火墙配置#

  port link-type access

  port default vlan 99

  loopback-detect enable

  #

  interface GigabitEthernet0/0/24

  port link-type access

  port default vlan 99

  loopback-detect enable

  #

  interface NULL0

  #

  arp static 192.168.81.13 7427-ea35-eedf

  #

  ip route-static 0.0.0.0 0.0.0.0 10.0.0.1 #静态路由#

  ip route-static 192.168.10.0 255.255.255.0 192.168.71.1

  ip route-static 192.168.12.0 255.255.255.0 192.168.71.2

  ip route-static 192.168.118.0 255.255.255.0 192.168.111.1

  #

  traffic-filter inbound acl 3001 #全局启用ACL管控#

  #

  snmp-agent #利用Cacti监控192.168.11.151,配置SNMP#

  snmp-agent local-engineid 800007DB037054F5DFC580

  snmp-agent community read cipher %$%$@(=VHL9T2A-VkMN9{/I'MJ\SJ%$%$

  snmp-agent sys-info version all

  snmp-agent group v3 public

  snmp-agent target-host trap address udp-domain 192.168.11.151 params securityname public

  #

  user-interface con 0 #console口密码#

  authentication-mode password

  set authentication password cipher %$%$Q]]8BRT8^WMuCf9~]%QX~@7.\~)c#$!;K>.194{FaqXM&$F=8%$%$@#

  user-interface vty 0 4 #Telnet密码#

  authentication-mode password

  user privilege level 3

  set authentication password cipher %$%$%'cJU]0{$8$:m91'RKYxGYsja6iDE%48L>!hl'$Av[8vK6ypk%$%$@#$#

  user-interface vty 16 20

  #

  相关阅读:交换机硬件故障常见问题

  电源故障:

  由于外部供电不稳定,或者电源线路老化或者雷击等原因导致电源损坏或者风扇停止,从而不能正常工作。

  由于电源缘故而导致机内其他部件损坏的事情也经常发生。

  如果面板上的POWER指示灯是绿色的,就表示是正常的;如果该指示灯灭了,则说明交换机没有正常供电。

  这类问题很容易发现,也很容易解决,同时也是最容易预防的。

  针对这类故障,首先应该做好外部电源的供应工作,一般通过引入独立的电力线来提供独立的电源,并添加稳压器来避免瞬间高压或低压现象。

  如果条件允许,可以添加UPS(不间断电源)来保证交换机的正常供电,有的UPS提供稳压功能,而有的没有,选择时要注意。

  在机房内设置专业的避雷措施,来避免雷电对交换机的伤害。现在有很多做避雷工程的专业公司,实施网络布线时可以考虑。


核心交换机各项配置 Vlan划分、互访、ACL管控、链路聚合相关文章:

1.华为二层交换机基本配置命令有哪些

2.华为交换机配置的命令有哪些

3.交换机命令行配置与VLAN介绍

4.H3C交换机如何配置VLAN

5.华为交换机如何配置VLAN和VLANif

    4017797