关于华为二层交换机集群管理配置规范及说明_第1页
关于华为二层交换机集群管理配置规范及说明_第2页
关于华为二层交换机集群管理配置规范及说明_第3页
关于华为二层交换机集群管理配置规范及说明_第4页
关于华为二层交换机集群管理配置规范及说明_第5页
已阅读5页,还剩15页未读 继续免费阅读

下载本文档

版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领

文档简介

1、关于华为二层交换机集群管理配置规范及说明一、组网说明:榆社县局S3552G交换机下挂榆社水利小区3号楼S2016C 3号楼S2016C交换机下挂水利 小区2号楼S2403H 3号楼S2016C交换机下挂水利小区1号楼S2024C。二、组网图:YS_XianJu_S3552GYS_ShuiLi_3#Lou_S2016CYS_ShuiLi_1#Lou_S2024CYS_ShuiLi_2#Lou_S2403H三、配置步骤1配置管理设备(由汇聚层人员来配置)(1) 启动设备上的NDP和端口日的NDP协议:YS_XianJu_S3552G ndp enable#配置NDP信息的有效保留时间为200秒YS

2、_XianJu_S3552G ndp timer aging 200#配置NDP报文发送的时间间隔为70秒YS_XianJu_S3552G ndp timer hello 70(2) 启动设备上的NTDP和端口上的NTDPYS_XianJu_S3552G ntdp enable#配置拓扑收集范围为7跳YS_XianJu_S3552G ntdp hop 7 #配置被收集设备转发拓扑收集请求的延迟时间为150msYS_XianJu_S3552G ntdp timer hop-delay 150#配置被收集设备的端口转发拓扑收集请求的延迟时间为15msYS_XianJu_S3552G ntdp ti

3、mer port-delay 15 #配置定时拓扑收集的时间间隔为 3 分钟YS_XianJu_S3552G ntdp timer 3(3)配置管理vlan#创建管理 vlan YS_XianJu_S3552Gvlan 4051#将管理 vlan4051 作为管理 vlan YS_XianJu_S3552Gmanagement-vlan 4051 #进入以太网端口description to_ys_shuili_dishui2_caizhen_xiaoquport link-type trunkundo port trunk permit vlan 1port trunk permit vla

4、n 45 to 51 3527 4051(4) 启动集群功能YS_XianJu_S3552G cluster enable#进入集群视图YS_XianJu_S3552G clusterYS_XianJu_S3552G -cluster#配置集群内部使用的IP地址池起始地址为10.011有254个地址YS_XianJu_S3552G -cluster ip-pool 10.0.1.1 255.255.255.0(5) 配置集群名字建立集群YS_XianJu_S3552G -cluster build YSYDYSYD_0.YS_XianJu_S3552G -cluster(6) 将下挂的两个交换

5、机加入到集群中YSYD_0.YS_XianJu_S3552G -cluster add-member 1 mac-address 00e0-fc01- 0011 YSYD_0.YS_XianJu_S3552G -cluster add-member 2 mac-address 00e0-fc01- 0013YSYD_0.YS_XianJu_S3552G -cluster add-member 3 mac-address 00e0-fc01- 0011#配置成员设备信息的保留时间为100秒YSYD_0.YS_XianJu_S3552G -cluster holdtime 100#配置握手报文定时

6、发送的时间间隔为10秒YSYD_0.YS_XianJu_S3552G -cluster timer 102、配置成员设备(由接入层维护人员来配置)以XX水利小区3号楼S2016C为例:#启动设备上的NDP和端口上的NDPYS_ShuiLi_3#Lou_S2016C ndp enable#启动设备上的NTDP和端口上的NTDPYS_ShuiLi_3#Lou_S2016C ntdp enable#创建vlan 4051创建管理vian,根汇聚层交换机管理vlan来确定。YS_ShuiLi_3#Lou_S2016C vlan 4051#将vlan4051作为管理vlanYS_ShuiLi_3#Lou

7、_S2016C management-vlan 4051#进入以太网端口透传管理vlan 4051将二层交换机上联口透传管理vlan#启动集群功能YS_ShuiLi_3#Lou_S2016C cluster enable四、数据配置举例如下:1 xx局S3552G配置如下:dis cu# sysname YS_XianJu_S3552G #super password level 3 cipherA#:+/G*8P,:)&HCZHH(&1!#ntdp hop 7ntdp timer port-delay 15ntdp timer hop-delay 150ntdp timer 3#radius

8、 scheme systemserver-type huaweiprimary authentication 127.0.0.1 1645primary accounting 127.0.0.1 1646user-name-format without-domaindomain systemradius-scheme systemaccess-limit disable state active vlan-assignment-mode integer idle-cut disable self- service-url disable messenger time disabledomain

9、 default enable system # local-server nas-ip 127.0.0.1 key huawei local-usersxhuaweipassword cipher (WJUELR9laNK;9B9/)Q!lndp timer aging 200#managementvlan 4051 #acl number 3998rule 0 deny ip destination 10.0.1.0 0.0.0.255rule 1 permit ip source 10.0.1.0 0.0.0.255acl number 3999rule 0 deny ip source

10、 10.0.1.0 0.0.0.255rule 1 permit ip destination 10.0.1.0 0.0.0.255#vlan 1#vlan 27#vlan 28#vlan29#vlan 30#vlan 31#vlan 32#vlan 33#vlan 34#vlan 35#vlan 36#vlan 37#vlan 38#vlan39#vlan 40#vlan 41#vlan 42#vlan 43#vlan 44#vlan 45#vlan 46#vlan 47#vlan 48#vlan49#vlan 50#vlan 51#vlan 52#vlan 53#vlan 1672desc

11、ription to_ys_taichanggaosu(yulin)#vlan 1711#vlan 2101#vlan 2103#vlan2104#vlan 2105multicast-vlan enable #vlan 3524#vlan 3526#vlan 3527#vlan 3528#vlan3529#vlan 3530#vlan 3532#vlan 3534#vlan 35#vlan 3536#vlan 3537#vlan 4051 interface Vlan-interface4051ip address 221.131.31.130 255.255.255.240#shutdow

12、n #description to_ys_taichanggaosu(yulin) broadcast-suppression 5port access vlan 1672# description to_ys_donghuixiaoxue broadcast-suppression 5port access vlan 3526# description to_ys_tudijushe broadcast-suppression 5port access vlan 3528# description to_ys_nonghangsushe broadcast-suppression 5 por

13、t access vlan 3529# description to_ys_dishuiyixiaoqu broadcast-suppression 5 port access vlan 3530# description to_ys_lianjiazhuang broadcast-suppression 5 port access vlan 1711# description to_ys_dongshengyingyeting port link-type trunk undo port trunk permit vlan 1port trunk permit vlan 2103 to 21

14、05 3532# description _xianweidanxiaowenhuazhan broadcast-suppression 5port access vlan 3534# description to_ys_youzhenxiaoqu broadcast-suppression 5port access vlan 35# description to_ysjiaokejuwenhuazhanbroadcast-suppression 5 port access vlan 3536# description to_ysjishengfuyouyuan broadcast-suppr

15、ession 5port access vlan 3537# description to_ys_xiangzhenjuxiaoquport link-type trunkundo port trunk permit vlan 1port trunk permit vlan 31 to 33# description to_ys_mingzhenjuxiaoqu port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 34 to 35# description to_ys_renhangxiaoqu por

16、t link-type trunkundo port trunk permit vlan 1port trunk permit vlan 36# description to_ys_huagongxiaoquport link-type trunkundo port trunk permit vlan 1port trunk permit vlan 27 to 30# description to_ys_gonganjiangshijuxiaoqu port linktype trunkundo port trunk permit vlan 1port trunk permit vlan 37

17、 to 40# description to_ys_gongan,yizhongxuexiaoqu port linktype trunkundo port trunk permit vlan 1port trunk permit vlan 41 to 44# description to_ys_shuili_dishui2_caizhen_xiaoquport link-type trunkundo port trunk permit vlan 1port trunk permit vlan 45 to 51 3527 4051# description to_ys_guoshuixiaoq

18、uport link-type trunkundo port trunk permit vlan 1port trunk permit vlan 52 to 53# description to_ys_yingchunyingyetingport link-type trunkundo port trunk permit vlan 1port trunk permit vlan 2101 3524# shutdown# shutdown # shutdown # shutdown #shutdown # shutdown # shutdown# shutdown #shutdown# shut

19、down #shutdown #shutdown # shutdown # shutdown# shutdown #shutdown# shutdown #shutdown #shutdown # shutdown # shutdown# shutdown #shutdown# shutdown #shutdown #shutdown # shutdown# duplex fullspeed 1000port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 27 to 531672 1711 to 3526

20、to 3530 to 3537 4051# shutdown # shutdown # shutdown #interface NULL0#clusterip-pool 10.0.1.1 255.255.255.0build YSYDholdtime 100#YSYD_0.YS_XianJu_S3552G -cluster add-member 1 mac-address 00e0-fc01 -0011 YSYD_0.YS_XianJu_S3552G -cluster add-member 2 mac-address OOeO- fcO1 -0013YSYD_0.YS_XianJu_S3552

21、G -cluster add-member 3 mac-address 00e0-fc01- 0011#ip route-static 0.0.0.0 0.0.0.0 221.131.31.129 preference 60# snmp-agentsnmp-agent local-engineid 8007DB000FE215D11/20snmp-agent sys-info location BeiJing Chinasnmp-agent sys-info version allsnmp-agent target-host trap address udp-domain 211.142426

22、8params securityname jzydsnmp-agent target-host trap address udp-domain 211.1424269params securityname jzydsnmp-agent trap enable standardsnmp-agent trap enable configurationsnmp-agent trap enable vrrpsnmp-agent trap enable bgpsnmp-agent trap source Vian-interface4051 #ntp-service unicast-server 211

23、 138.98.2ntp-service unicast-server 211.138.98.1 #userinterface aux 0authenticatiorvmode schemeuser-interface vty 0 4authenticatiorvmode scheme #Return2、榆社水利小区3号楼S2016C配置如下:dis cu# sysname YS ShuiLi 3#Lou S2016C 对交换机进行命名 #super password level 3 cipher 八#:+/G*8P,:)&nCZHH (& 1 !#info-center loghost 10

24、.0.1.1#management-vlan 4051 修改集群 管理 vlan (根据汇聚层交换机管理 vlan 确定)#que-scheduler wrr 1 2 4 8#vlan 1#vlan 45port-isolate enable小区交换机端口隔离配置#vlan46#vlan 47#vlan 48#vlan 49#vlan 50#vlan 51#vlan 3527#vlan 4051 增加交换机集群 管理 vlan号(根据汇聚层交换机管理vlan确定)#interface Vlan-interface4051 #description to_ (描述该交换机的上联交换机及端口)po

25、rt link-type trunkundo port trunk permit vlan 1port trunk permit vlan 45 to 51 (上联口透传集群管理 vlan 号)port-isolate uplink-port vlan 45 (上联口配置本交换机端口隔离vlan) #description对交换机联端口进行描述port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 464051(透传集群管理 VLAN)description对交换机联端口进行描述port link-type

26、 trunkundo port trunk permit vlan 1port trunk permit vlan 474051(透传集群管理 VLAN)broadcast-suppression 5 (对 ACCESSA 口进行广播抑制)port access vian45#broadcast-suppression 5port access vian 45#broadcast-suppression 5port access vian 45#broadcast-suppression 5port access vian 45#broadcast-suppression 5port acce

27、ss vian 45#broadcast-suppression 5port access vian 45#broadcast-suppression 5port access vian 45#broadcast-suppression 5port access vian 45#broadcast-suppression 5port access vian 45#broadcast-suppression 5port access vian 45#broadcast-suppression 5port access vian 45#broadcast-suppression 5port acc

28、ess vian 45#broadcast-suppression 5port access vian 45#interface NULLO# snmp-agentsnmp-agent iocai-engineid 8007DB000FE237E4CB6877snmp-agent sys-info iocation BeiJing Chinasnmp-agent sys-info version aiisnmp-agent target-host trap address udp-domain 10.0.1.1 params securityname ciustersnmp-agent tra

29、p enabie startdardsnmp-agent trap enabie configurationsnmp-agent trap source Vlan-interface4051#user-interface aux 0 authentication-modepasswordset authe nticati on password cipher NC55QKv二/Q”QMAF4v1 !#Retur n3、榆社水利1号楼S2024C交换机配置如下:dis cu# sysname YS ShuiLi 1#Lou S2024C 对交换机进行命名 #super password leve

30、l 3 cipherA#:+/G*8P,:)&nCZHH (& 1 !#info-center loghost 10.0.1.1#management-vlan 4051 修改集群 管理 vlan (根据汇聚层交换机管理 vlan 确定)#que-scheduler wrr 1 2 4 8#vlan 1#vlan 47port-isolate enable小区交换机端口隔离配置#vlan 4051增加交换机集群管理vlan号(根据汇聚层交换机管理vlan确定)#interface Vlan-interface4051 #description to_ (描述该交换机的上联交换机及端口)port

31、 link-type trunkundo port trunk permit vlan 1port trunk permit vlan 474051 (上联口透传集群管理 vlan 号)port-isolate uplink-port vlan 47 (上联口配置本交换机端口隔离vlan) #broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5p

32、ort access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppressio n 5ACCESS 口进行广播抑制)(对port access vlan 47#broad

33、cast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broa

34、dcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#interface NULLO#clusteradministratoraddress 00

35、0f-e22e-0f80 name huawei # snmp-agent snmp-agentlocal-engineid 8007DB00E0FC2D944E6877snmp-agent sys-info contact HuaWei BeiJing Chinasnmp-agent sys-info location BeiJing Chinasnmp-agent sys-info version allsnmp-agent target-host trap address udp-domain 10.10.0.1 params securityname13 /clustersnmp-ag

36、ent trap enable standard #user-interface aux 0authenticatiorvmode passwordset authe nticati on password cipher NC55QKv二/CTQMAF4v1 !#Retur n4、水利小区2号S2403H配置如下:dis cu # sysname YS ShuiLi 2#Lou S2403H 对交换机进行命名#radius scheme systemserver-type huaweiprimary authentication 127.0.0.1 1645primary accounting

37、 127.0.0.1 1646user-name-format without-domaindomain systemradius-scheme systemaccess-limit disablestate activeidle-cut disableself-service-url disablemessenger time disabledomain default enable system # local-server nas-ip 127.0.0.1 key huawei infocenter loghost 10.10.0.1#managementvlan 4051修改集群管理v

38、ian (根据汇聚层 交换机管 理vlan确定)#vlan 1#vlan 46port-isolate enable小区交换机端口隔离配置#vlan 4051增加交换机集群管理vlan号(根据汇聚层交换机管理vlan确定)#in terface Via n-i nterface4051 #descriptio n to_ (描述该交换机的上联交换机及 端口) port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 464051 (上联口透传集群管理 vlan 号)port-isolate uplink-po

39、rt vlan 46 (上联口配置本交换机端口隔离vlan) #broadcast-suppression 5 (对 ACCESSA 口进行广播抑制)port access vian 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcastsuppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access

40、 vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcastsuppression 5port access vlan 46#broadcast-suppression 5port access

41、 vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port acces

42、s vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#interface NULLO#cluster administrator-address 000f-e22e-0f80name YSYD # snmp-agent snmp-agent local-engineid 8007DB00E

43、0FC2D944E6877snmp-agent sys-info contact HuaWei BeiJing Chinasnmp-agent sys-info location BeiJing Chinasnmp-agent sys-info version allsnmp-agent target-host trap address udp-domain 10.10.0.1 params securitynameclustersnmp-agent trap enable standard #user-interface aux 0user-interface vty 0 4#Return五

44、、二层交换机管理说明:由于本次二层交换机集群管理的时间紧迫性,为了以后更好的维护,配置一定要规范,具体规范内容在配置举例中说明,并用红色字体标明,有什么不 对的地方及时提出。1交换机命名一定要规范,要不在集群网管上不能区分是哪个小区哪个楼的交换机,不便于 网管查看和管理。2、交换机TRUNK端口不要进行广播抑制配置,如有要去掉。3、如有交换机是老版本的如S2403H的,如果不支持management-vlan命令的要进行 BOOTROM和APP软件升级或者更换交换机。4、将小区交换机的拓朴结构一定要搞清楚,尤其是上联端口及光猫、网 线、尾纤一定要粘贴 标签,为以后更好的维护提供便利。5、对一些不需要认证的在核心机房R2811路由器上下挂的小区交换机也要进行集群管理。6、对交换机的端口一定要隔离,这样可以对病毒等的传播进行抑制。7、对access端口增加广播抑制配置,即broadcast 5的配置。8、对一些小区不是华为交换机的一定要更换成华为交换机并对其进行数据配置及集群管理。9、将二层交换机

人人文库> 全部分类> 行业资料 > 信息产业

温馨提示

  • 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
  • 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
  • 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
  • 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
  • 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
  • 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
  • 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

最新文档

评论

0/150

提交评论