Huawei华为交换机基本配置命令
Huawei华为交换机基本配置命令
恢复出厂设置----------------注意Y和N的选项,不要输错。
<S1>reset saved-configuration
Warning: The action will delete the saved configuration in the device.
The configuration will be erased to reconfigure. Continue? [Y/N]:y
<S1>reboot
Info: The system is now comparing the configuration, please wait.
Warning: The configuration has been modified, and it will be saved to the next startup saved-configuration file . Continue? [Y/N]:n
Info: If want to reboot with saving diagnostic information, input 'N' and then execute 'reboot save diagnostic-information'.
System will reboot! Continue?[Y/N]:y
新交换机第一次上电,或恢复出厂设置后,要求设置新密码
出厂自带的用户名是admin,密码是admin@huawei.com
Login authentication
Username:admin
Password:
Warning: The default password poses security risks.
The password needs to be changed. Change now? [Y/N]: y
Please enter old password:
Please enter new password: ---------------------输入密码时没有任何显示
Please confirm new password:
The password has been changed successfully.
第一次保存设置时,需输入文件名,只需按回车
<HUAWEI>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]y
Info: Please input the file name ( *.cfg, *.zip ) [vrpcfg.zip]:
May 28 2019 10:57:52 HUAWEI %%01CFM/4/SAVE(s)[1]:The user chose Y when deciding whether to save the configuration to the device.
flash:/vrpcfg.zip exists, overwrite?[Y/N]:y
May 28 2019 10:57:54 HUAWEI %%01CFM/4/OVERWRITE_FILE(s)[2]:When deciding whether to overwrite the configuration file vrpcfg.zip, the user chose Y.
Now saving the current configuration to the slot 0......
Save the configuration successfully.
设置日期和时间
<HUAWEI>clock datetime 10:46:30 2019-05-28
设置console口的连接方式,可设置为无,仅密码,用户名密码等方式
[HUAWEI]user-interface console 0
[HUAWEI-ui-console0]authentication-mode ?
aaa AAA authentication, and this authentication mode is recommended
none Login without checking
password Authentication through the password of a user terminal interface
[HUAWEI-ui-console0]set authentication password
[HUAWEI-ui-console0]set authentication password cipher administrator
开启telnet服务,stp功能,http服务
[HUAWEI]telnet server enable-------------------开启telnet服务
[HUAWEI]stp mode rstp-------------------设置stp模式为rstp
[HUAWEI]stp enable-------------------开启stp功能
[HUAWEI]http server enable-------------------开启http服务(默认就是开启的)
设置vty,telnet登录
[HUAWEI]user-interface maximum-vty 15-------------------vty界面最大值15
authentication-mode password-------------认证模式设置为仅需密码,也可设置为aaa模式
user privilege level 15-------------------用户权限级别15(非常重要)
set authentication password cipher $1a$IZ,o~LZ$Z.$GHlQ-zn9-Gn<*8(yp-@F#6wmH;M\%L#($\PXNa.:$---此处是密码,输入时是明文,根据需要设置
history-command max-size 256-------------------命令行最大历史记录
idle-timeout 6 0-------------------用户超时时间6分0秒
screen-length 100-------------------屏幕长度100行
protocol inbound telnet-------------------允许telnet协议进入(非常重要)
设置一个用户用于网页登录
[HUAWEI]aaa
[HUAWEI-aaa]dis local-user
----------------------------------------------------------------------------
User-name State AuthMask AdminLevel
----------------------------------------------------------------------------
admin A MH 15
----------------------------------------------------------------------------
Total 1 user(s)
[HUAWEI-aaa]undo local-user admin
Error: Have user(s) online, can not be deleted.
[HUAWEI-aaa]quit
由于第一次登录时,console口要求用户名密码登录,所以无法删除本地用户admin,此时可退到<>视图,保存设置,退出交换机,再重新登录。由于我们已经将console口的认证方式改为仅需密码,所以可以再次进入aaa,删除用户admin。删除后,再建立admin,权限,服务类型等,均可由我们自己控制。
[HUAWEI]aaa
[HUAWEI-aaa]undo local-user admin
[HUAWEI-aaa]local-user admin password irreversible-cipher administrator idle-timeout 6 0------标红的为密码,根据需要设置
Info: Add a new user.
[HUAWEI-aaa]local-user admin service-type http
[HUAWEI-aaa]local-user admin privilege level 15
Warning: This operation may affect online users, are you sure to change the user privilege level ?[Y/N]y
[HUAWEI-aaa]local-user admin ftp-directory flash:
如遇更新版本的交换机软件,telnet服务要求必须是aaa认证(用户名密码认证),可按上面所述再建立一个用户,service-type设置为telnet。
关闭交换机自动弹出配置改变告警
输入配置命令后设备会提示如下类似信息:
DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 1, the change loop count is 64, and the maximum number of records is 1.
这个是配置改变的告警提示信息,不是错误信息,可以配置如下命令屏蔽此信息:
[HUAWEI]info-center source DS channel console trap level warning state off
建立vlan,并将端口加入vlan
[HUAWEI]vlan 2------------------建立单个vlan,2
[HUAWEI-vlan2]quit------------------建立vlan后就进入该vlan了,所以退出
[HUAWEI]vlan batch 3 to 10------------------批量建立vlan,3-10
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI]------------------批量建立vlan后不会进入哪个vlan
由于华为交换机的端口出厂时默认都是hybrid类型或auto类型的,所以无法立即加入vlan,需要更改端口的link-type后,才可以加入vlan。单个端口更改方式如下:
[HUAWEI]interface GigabitEthernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/1]port default vlan 2
[HUAWEI-GigabitEthernet0/0/1]dis this
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
批量更改,先更改端口类型,再统一加入某个vlan,如下:
[HUAWEI]port-group group-member g 0/0/2 to g 0/0/4
[HUAWEI-port-group]port link-type access
[HUAWEI-GigabitEthernet0/0/2]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/3]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/4]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-port-group]port default vlan 3
[HUAWEI-GigabitEthernet0/0/2]port default vlan 3
[HUAWEI-GigabitEthernet0/0/3]port default vlan 3
[HUAWEI-GigabitEthernet0/0/4]port default vlan 3
也可以先批量更改端口连接类型,再进入vlan添加端口,如下:
[HUAWEI]port-group group-member g 0/0/5 to g 0/0/10
[HUAWEI-port-group]port link-type access
[HUAWEI-GigabitEthernet0/0/5]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/6]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/7]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/8]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/9]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/10]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-port-group]quit
[HUAWEI]vlan 4
[HUAWEI-vlan4]port g 0/0/5 to 0/0/6
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-vlan4]
更改完成后可查看端口与vlan对应关系:
[HUAWEI]display port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
GigabitEthernet0/0/1 access 2 -
GigabitEthernet0/0/2 access 3 -
GigabitEthernet0/0/3 access 3 -
GigabitEthernet0/0/4 access 3 -
GigabitEthernet0/0/5 access 4 -
GigabitEthernet0/0/6 access 4 -
GigabitEthernet0/0/7 access 1 -
GigabitEthernet0/0/8 access 1 -
GigabitEthernet0/0/9 access 1 -
GigabitEthernet0/0/10 access 1 -
GigabitEthernet0/0/11 auto 1 1-4094
GigabitEthernet0/0/12 auto 1 1-4094
设置端口为trunk类型
[HUAWEI]interface GigabitEthernet 0/0/28
[HUAWEI-GigabitEthernet0/0/28]port link-type trunk
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/28]port trunk pvid vlan 10
[HUAWEI-GigabitEthernet0/0/28]port trunk allow-pass vlan 2 to 4000
Info: This operation may take a few seconds. Please wait a moment....done.
[HUAWEI-GigabitEthernet0/0/28]undo port trunk allow-pass vlan 1
Info: This operation may take a few seconds. Please wait a moment...done.
[HUAWEI-GigabitEthernet0/0/28]dis this
#
interface GigabitEthernet0/0/28
port link-type trunk
port trunk pvid vlan 10
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4000
#
return
两个交换机相连的trunk端口,pvid必须一致,规模较大的企业局域网,不建议使用vlan1,所以trunk端口不允许vlan1通过
设置链路聚合
[HUAWEI]interface Eth-Trunk 1
[HUAWEI-Eth-Trunk1]port link-type trunk
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-Eth-Trunk1]port trunk pvid vlan 10
[HUAWEI-Eth-Trunk1]port trunk allow-pass vlan 2 to 4000
Info: This operation may take a few seconds. Please wait a moment....done.
[HUAWEI-Eth-Trunk1]undo port trunk allow-pass vlan 1
Info: This operation may take a few seconds. Please wait a moment...done.
[HUAWEI-Eth-Trunk1]dis this
#
interface Eth-Trunk1
port link-type trunk
port trunk pvid vlan 10
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4000
#
return
以上命令建立一个聚合端口,并设置了端口的属性
[HUAWEI]interface GigabitEthernet 0/0/25
[HUAWEI-GigabitEthernet0/0/25]eth-trunk 1
Info: This operation may take a few seconds. Please wait a moment...done.
以上命令将G 0/0/25端口加入聚合端口eth-trunk 1,无需更多设置。可将更多的端口加入聚合端口。
开启DHCP功能,设置地址池,并应用
[HUAWEI]dhcp enable
ip pool 192.168.2.0----------------建立一个地址池,名为192.168.2.0
gateway-list 192.168.2.254----------------设置网关地址
network 192.168.2.0 mask 255.255.255.0----------------设置网段
excluded-ip-address 192.168.2.251 192.168.2.253----------------设置不参与分配的IP地址范围
lease day 0 hour 0 minute 30----------------设置租期时长
dns-list 114.114.114.114 8.8.8.8----------------设置dns地址
[HUAWEI]interface Vlanif 2----------------进入vlanif 2
[HUAWEI-Vlanif2]ip address 192.168.2.254 24----------------给vlanif 2 设置IP地址(就是上面地址池的网关地址)
[HUAWEI-Vlanif2]dhcp select global ----------------DHCP选择全局,会自动匹配地址池
开启流控制功能,限制某些网段互网(主要是限制访客网与办公网、财务网互访)
[HUAWEI]acl number 3001-----------添加一个高级ACL,可控制源地址和目的地址
Info: When the ACL that is referenced by SACL is modified, the SACL will be dynamically updated. During the update, these SACL will become invalid temporarily.
[HUAWEI-acl-adv-3001]rule 1000 deny ip source 172.16.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255
[HUAWEI-acl-adv-3001]rule 1100 deny ip source 172.16.0.0 0.0.255.255 destination 175.40.0.0 0.0.255.255
[HUAWEI-acl-adv-3001]quit
注意源地址和目的地址的反向掩码
[HUAWEI]traffic-filter inbound acl 3001-----------在全局层面应用ACL 3000里面的规则
Huawei华为交换机基本配置命令相关推荐
- 华为aaa服务器是什么系统,华为交换机aaa配置命令是什么
交换机具有性能价格比高.高度灵活.相对简单.易于实现等特点.所以,以太网技术已成为当今最重要的一种局域网组网技术,网络交换机也就成为了最普及的交换机.下面是学识网小编给大家整理的一些有关华为交换机aa ...
- 华为交换机关机方法_华为交换机启动配置命令详解大全
华为交换机启动配置命令详解大全 1.自动保存配置 [Huawei]set save-configuration ? backup-to-server Back up the configuratio ...
- 华为交换机基础配置命令参考
华为交换机基础配置命令参考 基础配置 用户模式 登陆设备后,直接进入用户模式,只能执行少量查看配置的命令: 视图模式 用户模式下,输入system-view进入视图模式,可执行设备全局配置的命令: 局 ...
- 华为交换机linux版本号,Cisco和华为交换机常用配置命令总结
Cisco和华为交换机常用配置命令总结 一.调试命令 思科: Switch#show run 显示所有配置命令 Switch#show ip inter brief 显示所有接口状态 Sw ...
- 华为交换机基本配置命令
华为交换机基本配置命令 一.单交换机VLAN划分 命令 命令解释 system 进入系统视图 system-view 进入系统视图 quit 退到系统视图 undo vlan 20 删除vlan ...
- 华为交换机端口配置删除_华为交换机基本配置命令
华为交换机基本配置命令 交换机是按照通信两端传输信息的需要,用人工或设备自动完成的方法,把要传输的信息送到符合要求的相应路由上的技术的统称.那么华为交换机的配置命令有哪些呢?下面跟yjbys小编一起来 ...
- 华为交换机命令 端口速率_华为交换机限速配置命令2016
华为 s2300 s5000 s5700 s5120 s3900 1 . 华为 s2300 交换机如何配置端口限速 使用 QOS 命令来配置 ( 网络带宽的 10M . 100M 和 1000M 的单 ...
- 华为交换机删除配置命令access_华为交换机配置常用命令
华为交换机配置常用命令 一.配置软件和硬件 1.配置(Console)电缆连接 配置电缆是一根8芯屏蔽电缆,一端是压接的RJ-45连接器,插入交换机的Console口里:另一端则同时带有一个DB-9( ...
- 华为交换机基本配置命令大全
查看万兆端口模块收发光:display transceiver interface XGigabitEthernet 1/0/0 verbose 一.单交换机VLAN划分 命令 命令解释 system ...
最新文章
- awk命令使用和取出数据的最大值,最小值和平均值
- JavaScript初学者编程题(18)
- 网站优化还是需要从实际工作经验中总结优化技巧
- led内部结构_粘合剂和密封胶性质一样吗?用在汽车、LED灯具需要注意什么?
- Android之获取手机上的图片和视频缩略图thumbnails
- c语言比较当前日期大小,C语言判断两个日期只差的方法
- Springboot的异步、定时、邮件任务
- shell中修改=后的值
- 服务器物理内存只增不降,服务器内存不断增加
- 计算机科学与技术素材,计算机科学与技术ppt素材
- 1203.1——条件语句 之 if语句
- 《JavaScript征途》广泛征集读后感创作者,参与有奖!
- Unity Module Manager 模块管理器
- Visual Studio中绘制UML用例图
- Linux上的Redis客户端软件G-dis3
- CentOS8 Docker 端口映射
- hp扫描无法选择发送到计算机,HP Officejet Pro 8600打印机无法使用扫描到计算机的功能...
- 高斯投影正反算C语言程序代码,一个老师给的高斯投影正反算c++源码.doc
- 数据分析岗之游戏业务类面试整理学习
- continue的用法