华为交换机配置手册指导

华为交换机配置实用手册换机配置实用手册3.掌握端口聚合(LinkAggregation)的原理和配置；4.掌握生成树协议(STP)的原理和配置；6.掌握三层交换机和访问控制列表(ACL)的原理和配置；uidwayPCA：10.1.1.1PCB：10.1.2.1PCC：10.1.1.2PCD：10.1.2.2hASwitchA(config)#vlan2VLAN2SwitchA(config-vlan2)#vlan3//创SwitchA(config-if-Ethernet0/1)#switchmodetrunk//将e0/1接口设置为trunk模式lVLANhBSwitchB(config)#vlan2SwitchB(config-vlan2)#switchportethernet0/9SwitchB(config-vlan2)#vlan3SwitchB(config-vlan3)#switchportethernet0/10SwitchB(config-vlan3)#interfaceethernet0/1SwitchB(config-if-Ethernet0/1)#switchmodetrunkSwitchB(config-if-Ethernet0/1)#switchtrunkallowvlanallI1.4.2端口聚合(LinkAggregation)hASwitchA(config)#link-aggregatione0/1toe0/2ingress-egress//将e0/1及e0/2做SwitchA(config)#interfacee0/1SwitchA(config-if-Ethernet0/1)#switchmodetrunk//将e0/1接口设置SwitchA(config-if-Ethernet0/1)#switchtrunkallowvlanall//配置允许所有的VLAN通SwitchB：SwitchB(config)link-aggregatione0/1toe0/2ingress-egressSwitchB(config)#interfacee0/1SwitchB(config-if-Ethernet0/1)#switchmodetrunkSwitchB(config-if-Ethernet0/1)#switchtrunkallowvlanall--------------------------------------------------------------------------------1.4.3生成树协议(STP)3、用“showspanning-treestatisticsEthernet”命令观察接口状态，并根据显示信息解释hAwitchAconfigspanningtreeenableSTPhBwitchBconfigspanningtreeenableSTPSwitchB(config)#spanning-treepriority4096//设置优先级SwitchB(config)#interfacee0/2thcostVLAN注册协议(GVRP)PAbleGVRPSwitchA(config)#switchethernet0/1SwitchA(config-if-Ethernet0/1)#switchmodetrunkSwitchA(config-if-Ethernet0/1)#switchtrunkallowvlanallSwitchAconfigifEthernetgvrpenable启用GVRPBSwitchB(config)#gvrpenableSwitchB(config)#switchethernet0/1SwitchB(config-if-Ethernet0/1)#switchmodetrunkSwitchB(config-if-Ethernet0/1)#switchtrunkallowvlanallSwitchB(config-if-Ethernet0/1)#gvrpenable这次我们要用到一台三层交换机QuidwayS3526，具体组网图如下。注意SwitchA是一台三层交换PCA：10.1.1.1PCB：10.1.2.1PCC：10.1.1.2PCD：10.1.3.1以上配置我们在前面的练习中已全部学过，另外还需要完成以下工作：我们知道，不同VLAN间的通信在二层是隔离的。所以我们必须寻找一种方法能够通过三层实现 (QuidwayS3526)是一种三层交换机，能帮助我们解决这个问题。按以下步骤来实现不同VLAN之10.1.3.100。制列表(ACL)。你可以用ACL来限制10.1.1.0网段和10.1.2.0网段主机之间的通信。SwitchA(config)link-aggregatione0/1toe0/2ingress-egressSwitchA(config)#gvrpenableSwitchA(config)#vlan2SwitchA(config-vlan2)#porte0/9SwitchA(config-vlan2)#vlan3SwitchA(config-vlan3)#porte0/10SwitchA(config-vlan4)#interfacee0/1SwitchA(config-if-Ethernet0/1)#trunkallSwitchA(config-if-Ethernet0/1)#gvrpenableSwitchA(config-if-Ethernet0/1)#interfacevlan2//进入VLAN2的虚接口配置模式SwitchA(config-VLAN-Interface2)#ipaddress10.1.1.100255.255.255.0SwitchA(config-VLAN-Interface2)#interfacevlan3SwitchA(config-VLAN-Interface3)#ipaddress10.1.2.100255.255.255.0SwitchA(config-VLAN-Interface3)#interfacevlan4SwitchA(config-VLAN-Interface4)#ipaddress10.1.3.100255.255.255.0SwitchA(config-VLAN-Interface4)#exitSwitchA(config)#rule-mapl3net1tonet210.1.1.0255.255.255.010.1.2.0255.255.255.//定义流分类规则SwitchA(config)#flow-actionnet1tonet2deny//定义流的动作SwitchA(config)#aclnet1tonet2net1tonet2net1tonet2//定义访问控制列表SwitchA(config)#access-groupnet1tonet2SwitchA(config)#showrunning-configBuildingrunningconfiguration...Currentconfigurationis:hostnameSwitchArule-mapl3net1tonet210.1.1.0255.255.255.010.1.2.0255.255.255.0flow-actionnet1tonet2denyaclnet1tonet2net1tonet2net1tonet2access-groupnet1tonet2link-aggregationEthernet0/1toEthernet0/2ingress-egressenablevlan1vlan2portEthernet0/9vlan3portEthernet0/10vlan4aceEthernetallenableterfaceEthernetinterfaceVLAN-Interface2ipaddress10.1.1.100255.255.255.0interfaceVLAN-Interface3ipaddress10.1.2.100255.255.255.0interfaceVLAN-Interface4ipaddress10.1.3.100255.255.255.0vlan4eauxnologinnevtySwitchB#showrunning-configBuildingrunningconfiguration...Currentconfigurationis:hostnameSwitchB!!vlan1!vlan2!!aceEthernetswitchportmodetrunkswitchporttrunkallowedvlanall!terfaceEthernetswitchportaccessvlan4!terfaceEthernet!aceEthernetswitchportmodetrunkswitchporttrunkallowedvlanall!terfaceEthernetaceEthernet!aceEthernetswitchportaccessvlan2!!link-aggregationEthernet0/1toEthernet0/2ingress-egress!eauxnologinnevty!--------------------------------------------------------------------------------------SwitchA(config)#enablepassword0huawei//配置进入特权模SwitchA(config-line-vty0-4)#loginlocal//使能本地口令验证SwitchA(config-line-vty0-4)#exitSwitchA(config)#userhuaweipassword0huawei//配置本地验证的用户名及密码如果你的配置已正常运行，你可以在PCA或PCC上用“telnet10.1.1.100”登录SwitchA，然后nternet----------------------------------------------------------------------------------实验步骤PCA：10.1.1.1PCB：10.1.2.1PCC：10.1.1.2PCD：10.1.3.1SwitchAS生成树状态：SwitchA#showspanning-treestatisticse0/1ThebridgeisexecutingtheIEEERapidSpanningTreeprotocolThebridgehaspriority32768,MACaddress:00e0.fc06.81e0ConfiguredHelloTime2,MaxAge20,ForwardDelay15RootBridgehaspriority32768,MACaddress00e0.fc06.81e0Pathcosttorootbridgeis0Port1(Ethernet0/1)ofbridgeisForwardingSpanningtreeprotocolisenabledTheportisaDesignatedPortPortpathcost180Portpriority128Designatedbridgehaspriority32768,MACaddress00e0.fc06.81e0Configuredasanon-edgeportConnectedtoapoint-to-pointLANsegmentMaximumtransmissionlimitis3BPDUsperhellotimeTimes:HelloTime2,MaxAge20ForwardDelay15,MessageAge0sentBPDU:8584TCN:0,RST:8584,ConfigBPDU:0receivedBPDU:7657TCN:0,RST:7657,ConfigBPDU:0SwitchA#showspanning-treestatisticse0/9ThebridgeisexecutingtheIEEERapidSpanningTreeprotocolThebridgehaspriority32768,MACaddress:00e0.fc06.81e0--ConfiguredHelloTime2,MaxAge20,ForwardDelay15RootBridgehaspriority32768,MACaddress00e0.fc06.81e0Pathcosttorootbridgeis0Port9(Ethernet0/9)ofbridgeisForwardingSpanningtreeprotocolisenabledTheportisaDesignatedPortPortpathcost180Portpriority128Designatedbridgehaspriority32768,MACaddress00e0.fc06.81e0Configuredasanon-edgeportConnectedtoapoint-to-pointLANsegmentMaximumtransmissionlimitis3BPDUsperhellotimeTimes:HelloTime2,MaxAge20ForwardDelay15,MessageAge0sentBPDU:6563TCN:0,RST:6563,ConfigBPDU:0receivedBPDU:5377361TCN:0,RST:5377361,ConfigBPDU:0--------------------------------------------------------------------------------SwitchBS生成树状态：SwitchB>enableSwitchB#showspanning-treeinterfacee0/1ThebridgeisexecutingtheIEEERapidSpanningTreeprotocolThebridgehaspriority32768,MACaddress:00e0.fc07.707cConfiguredHelloTime2,MaxAge20,ForwardDelay15RootBridgehaspriority32768,MACaddress00e0.fc06.81e0Pathcosttorootbridgeis180Port1(Ethernet0/1)ofbridgeisForwardingSpanningtreeprotocolisenabledTheportisaRootPortPortpathcost180Portpriority128Designatedbridgehaspriority32768,MACaddress00e0.fc06.81e0Configuredasanon-edgeportConnectedtoapoint-to-pointLANsegmentMaximumtransmissionlimitis3BPDUsperhellotimeTimes:HelloTime2,MaxAge20ForwardDelay15,MessageAge0sentBPDU:9TCN:0,RST:9,ConfigBPDU:0receivedBPDU:3903TCN:0,RST:3903,ConfigBPDU:0SwitchA#debugstppacketSwitchA#terminaldebug*0.28473716-RSTP-8-PACKET:Port0:SentPacket*0.28473775-RSTP-8-PACKET:ProtocolIdentifier:0000ProtocolVersionID:02BPDUType:02Flags:2cRootIdentifier:80.00.00.e0.fc.06.81.e0RootPathCost:BridgeIdentifier:80.00.00.e0.fc.06.81.e0PortIdentifier:80.01MessageAge:0000MaxAge:1400HelloTime:0200ForwardDelay:Version1Length:00b然后用上面的命令观察生成树的变化。SwitchC(config)#showinterfacee0/10Ethernet0/10isupHardwareisFastEthernet,Hardwareaddressis00e0.fc07.7042Auto-duplex(Full),Auto-speed(100M),100_BASE_TXFlowcontrolisdisabledBroadcastmax-ratiois100PVIDis1Mditype:autoItisavlantrunkingport,vlan(s)passingthisport:1(defaultvlan),2-3vlan(s)allowedtopassthisport:defaultvlan2-4000ItisnotamonitorportItdoesn\'tbelongtoaport-aggregation28287packetsoutput2210677bytes,13133multicasts,241broadcasts,0pausesketsinput1504252bytes,2373multicasts,240broadcasts,0pauses0FCSerrors0longframesSwitchC(config)#showinterfacee0/9Ethernet0/9isupHardwareisFastEthernet,Hardwareaddressis00e0.fc07.7042Auto-duplex(Full),Auto-speed(100M),100_BASE_TXFlowcontrolisdisabledBroadcastmax-ratiois100PVIDis1Mditype:autoItisavlantrunkingport,vlan(s)passingthisport:1(defaultvlan),2,4vlan(s)allowedtopassthisport:defaultvlan2-4000ItisnotamonitorportItdoesn\'tbelongtoaport-aggregation27603packetsoutput2182362bytes,12321multicasts,357broadcasts,0pausesketsinput1537891bytes,3171multicasts,126broadcasts,0pauses0FCSerrors0longframesSwitchA#showrunning-configBuildingrunningconfiguration...Currentconfigurationis:!hostnameSwitchArule-mapl3net1tonet210.1.1.0255.255.255.010.1.2.0255.255.255.0flow-actionnet1tonet2denyaclnet1tonet2net1tonet2net1tonet2access-groupnet1tonet2spanning-treeenablelink-aggregationEthernet0/1toEthernet0/2ingress-egresslink-aggregationEthernet0/9toEthernet0/10ingress-egressenable!enable!vlan1!vlan2!vlan3!vlan4!aceEthernet----------------------------------------------------------------------------------all!terfaceEthernetallenable!terfaceEthernet……..aceEthernetallenable!!aceEthernetallenable!!interfaceVLAN-Interface1ipaddress202.101.10.2255.255.255.0!interfaceVLAN-Interface2ipaddress10.1.1.100255.255.255.0!interfaceVLAN-Interface3ipaddress10.1.2.100255.255.255.0!interfaceVLAN-Interface4ipaddress10.1.3.100255.255.255.0!!routerospfnetwork10.1.1.0network10.1.2.0network10.1.3.0.255.255.255area.0.0.0area.0.0.0area.0.0.0network202.101.10.00.0.0.255area0.0.0.0!!!eauxnologinnevty!RouterA#showrunning-configNowcreateconfiguration...Currentconfiguration!hostnameRouterA!rnetipaddress202.101.10.1255.255.255.0ipospfenablearea0.0.0.0!encapsulationppp!encapsulationppp!flowcontrolnormalasyncmodededicatedencapsulationppp!routerospfenable!RouterA#showiprouteRoutingTables:Destination/MaskProtoPrefMetricNexthopInterface10.1.1.0/24OSPF1020202.101.10.2E10.1.2.0/24OSPF1020202.101.10.2E10.1.3.0/24OSPF1020202.101.10.2E127.0.0.0/8Static00127.0.127.0.0.1/32Direct00