通信人家园

标题: 华为9300接入交换机初始配置 [查看完整版帖子] [打印本页]

时间: 2016-9-30 21:09

作者: copy2001 标题: 华为9300接入交换机初始配置

[Quidway]Sysname NB-SW1-S9300 //设置名称

#

[NB-SW1- S9300] clock timezone beijing add08:00:00 //时间设置

#

vlan 250 //配置网管vlan

description TO S9300-NetManagement

#

vlan 1483 //新建vlan

description yw-BinWang-14-ALCXD-DSLAM-2 //vlan描述

#

interface Vlanif250 //配置网管接口地址

description TO S9303-NetManagement

ipaddress 61.130.38.38 255.255.255.252 //配置网管ip

#

[url=]配置端囗镜像：[/url][a1]
首先在全局模式下将一个端囗配置成观测端囗(整机支持两个观察端囗)：
[S9300]observe-port 1 interface GigabitEthernet x/x/x
然后再进入需要镜像的端囗配置镜像端囗：
[S9300-GigabitEthernet3/0/37]port-mirroring observe-port 1 both(支持出或入方向及双向流)
配置流镜像：
首先也是在全局模式下将一个端囗配置成观测端囗(整机支持两个观察端囗)：
[S9300]observe-port 1 interface GigabitEthernet x/x/x
然后再配置ACL将需要镜像的流匹配出来：
acl number 3000                            //创建ACL
rule 5 permit ip                            //增加一条规则
#
traffic classifier 1 operator and precedence 5       //创建流分类1
if-match 5 acl 3000                         //匹配acl
#
traffic behavior 1                            //创建流行为1
mirroring observing-port 1
#
traffic policy 1                            //创建流策略1
classifier 1 behavior 1                   //把创建流分类与创建流行为关联
最后进入此流进入或出去的端囗下发镜像规则：
[S9303-GigabitEthernet3/0/37]traffic-policy 1 inbound (支持出流量和入流量)

端口速率限制：

[url=]# [/url][a2]
[S9300]interface GigabitEthernet 1/0/10
[S9300-GigabitEthernet1/0/10] broadcast-suppression cir 100 cbs 18800#[url=][S9300] qos car qoscar1 cir 10000 cbs 10240[/url][a3] #[S9300] interface GigabitEthernet 2/0/0[url=][S9300-GigabitEthernet2/0/0] qos car inbound qoscar1[/url][a4]

#

[url=]interface eth-trunk 2[/url][a5]

description To JH-YW-BW-BAS-SE800-4-DM1.MANG2/8

portswitch //三层接口切换到二层工作模式

portlink-type trunk

porttrunk allow-pass vlan 1483 to 1494 1511 1513 to 1515 1528 1536 1587

#

interface GigabitEthernet1/0/1

eth-trunk 2

#

interface GigabitEthernet1/0/2

eth-trunk 2

#

interface GigabitEthernet1/0/19

description To JH-YW-BW-BAS-SE800-4-DM1.MANG2/8

portlink-type trunk

porttrunk allow-pass vlan 1483 to 1494 1511 1513 to 1515 1528 1536 1587

#

[url=]interface GigabitEthernet1/0/1[/url][a6]

description To yw-FuTian-MA5600-DSLAM

undo negotiation auto // 端口强制模式(强制模式只适用GE光口、千兆电口只能采用自协商)

port hybrid tagged vlan 32 // 透传Dslam管理vlan

port hybrid untaggedvlan 1400 //剥离回程报文外层vlan

port vlan-stacking vlan 101 to 960 stack-vlan 1400 //对vlan 101-960打上外层vlan 1400

port vlan-stacking vlan 3600 stack-vlan 1400 //对vlan 3600打上外层vlan 1400

[url=]#[/url][a7]

router id120.199.95.4 //指定router id

#

interface Vlanif43

descriptionTo_QT-JR-S5352-07

ip address120.199.95.110 255.255.255.252

ospf cost10 //设置链路开销值，也可以默认不设

ospf network-type p2p //选定链路网络类型为p2p模式

#

interface LoopBack0 //创建LoopBack0接口与接口地址

ip address 120.199.95.4255.255.255.255

#

ospf 10 //创建ospf进程

silent-interface LoopBack0 //不向LoopBack0接口发送协议报文

import-route static //引如静态路由（直连direct）

area 0.0.0.0 //选定area区域

network120.199.95.4 0.0.0.0 //发布LoopBack0接口地址，并使能ospf

network 120.199.95.108 0.0.0.3 //发布接口地址，并使能ospf

[url=]#[/url][a8]

[S9300]isis //在全局模式下启用IS-IS

[S9300-isis]network-entity 49.0001.1201.9909.5004.00 //配置网络实体名称

[S9300-isis]is-level level-1 //设置当前S9300工作在Level-1

[S9300-isis-1]import-route static cost 15 //引入静态路由，并设置cost值为15

#

interface Vlanif43

descriptionTo_QT-JR-S5352-07

ip address 120.199.95.110255.255.255.252

isis enable //在端口模式下使能IS-IS

isis circuit-level level-1 //在端口模式下更改IS端口的层次，端口默认模式是Level-1-2层

isis cost 5 level-1 //链路开销为5

#

interface LoopBack0 //创建LoopBack0接口与接口地址

ip address 120.199.95.4255.255.255.255

isis enable

#

ip route-static 0.0.0.00.0.0.0 172.135.xxx.xxx //配置默认路由

#

info-center source default channel 2 loglevel warning //配置syslog信息

info-center loghost source Vlanif 26

info-center loghost 172.200.100.6 facilitylocal6

#

snmp-agent //配置综合网管

snmp-agent local-engineid 800007DB000FE23F4C

snmp-agent community read nbroot

snmp-agent sys-info contact HuaWei800-8302118

snmp-agent sys-info location NB-A-YJXQ-3552-1 //设置设备名称

snmp-agent sys-info version all

snmp-agent target-host trap addressudp-domain 172.200.xxx.xxx udp-port 161 params securityname public //设置网管服务器地址

snmp-agent trap enable

#

super password level 3 cipher XXXXX //配置登录信息

#

aaa

local-user XXXpassword cipher XXXXX

local-user XXXservice-type terminal telnet

local-user XXXlevel 1

authentication-scheme default

#

user-interface vty 0 4

authentication-mode aaa

idle-time 30 0

protocol inbound telnet

#

ntp-service unicast-server 172.135.xxx.xxx //配置网络时钟

通信人家园 (https://www.txrjy.com/)

Powered by C114