零 修订记录

序号 修订内容 修订时间
1 新增 20210422

一 摘要

本文主要介绍H3C 交换机常用配置

二 环境信息

(一)机器信息

机器型号 机器名称 用途
LS-6860-54HF A3_1F_DC_openstack_test_jieru_train-irf_b02&b03 接入层,用于接入openstack 集群

三 常用配置

(一)A3_1F_DC_openstack_test_jieru_train-irf_b02&b03

使用两台LS-6860-54HF,配置堆叠,两台交换机对应端口做端口聚合

3.1.1 修改交换机时间

<A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>display clock
22:10:06.169 UTC Fri 01/07/2011
<A3_1F_DC_openstack_test_jieru_train-irf_b02&b03><A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>system-view
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]clock protocol none#关闭protocol ,缺省情况下,默认开启,由缺省MDC获取系统时间
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]clock timezone beijing add 8
<A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>clock datetime 14:20:30 2021/4/22
<A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>display clock
14:20:34.266 beijing Thu 04/22/2021
Time Zone : beijing add 08:00:00

3.1.2 备份配置文件


<A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.
Slot 2:
Save next configuration file successfully.

3.1.3 配置堆叠

堆叠配置信息:
堆叠口
te1/0/47 te1/0/48
te2/0/47 te2/0/48
堆叠检测口
te1/0/46 te2/0/46

3.1.4 常看UP 接口信息

<A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>display interface brief | include UP
InLoop0              UP   UP(s)    --
NULL0                UP   UP(s)    --
REG0                 UP   --       --
Vlan1                UP   UP       --
Vlan81               UP   UP       10.3.181.251
Vlan140              UP   UP       10.3.140.1
Vlan141              UP   UP       10.3.141.1
Vlan142              UP   UP       10.3.142.1
Vlan143              UP   UP       10.3.143.1
Vlan144              UP   UP       10.3.144.1
Vlan145              UP   UP       10.3.145.1
Vlan146              UP   UP       10.3.146.1
Vlan147              UP   UP       10.3.147.1
Vlan148              UP   UP       10.3.148.1
Vlan149              UP   UP       10.3.149.1
Vlan1000             UP   UP       1.1.1.2         bfd
BAGG1                UP   20G(a)  F(a)   T    1    ithi
BAGG7                UP   10G(a)  F(a)   A    140
BAGG8                UP   20G(a)  F(a)   A    140
BAGG9                UP   10G(a)  F(a)   A    140
BAGG25               UP   10G(a)  F(a)   T    1

###3.1.5 查看链路聚合详细信息

<A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>dis link-aggregation verbose

3.1.6 配置链路聚合(trunk)

检查是否已配置过该链路聚合

[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]dis link-aggregation verbose | include 25XGE1/0/8            255      1        15       0xffff, 6c92-bff6-2a71 {ACDEF}XGE2/0/8            255      2        15       0xffff, 6c92-bff6-2a71 {ACDEF}
Aggregate Interface: Bridge-Aggregation25XGE1/0/25(R)        S        32768    7        4                      {ACDEFG}XGE2/0/25           U        32768    8        4                      {ACG}XGE1/0/25           32768    0        0        0x8000, 0000-0000-0000 {DEF}XGE2/0/25           32768    0        0        0x8000, 0000-0000-0000 {DEF}
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]dis link-aggregation verbose | include 31
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface Bridge-Aggregation 31
//创建端口聚合31
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation31]quit
//退出 端口聚合31
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface te1/0/31
//进入 te1/0/31 端口
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet1/0/31]port link-aggregation group 31
// 将该端口加入 端口聚合31
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet1/0/31]quit
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface te2/0/31
//进入 te2/0/31 端口
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet2/0/31]port link-aggregation group 31
// 将该端口加入 端口聚合31[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet2/0/31]quit
//再次 进入端口聚合31
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface Bridge-Aggregation 31
//配置为trunk
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation31]port link-type trunk
Configuring Ten-GigabitEthernet1/0/31 done.
Configuring Ten-GigabitEthernet2/0/31 done.
//取消vlan 1
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation31]undo port trunk permit vlan 1
Configuring Ten-GigabitEthernet1/0/31 done.
Configuring Ten-GigabitEthernet2/0/31 done.
// permit vlan 140 149
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation31]port trunk permit vlan 140 to 149
Configuring Ten-GigabitEthernet1/0/31 done.
Configuring Ten-GigabitEthernet2/0/31 done.
// 配置动态链路聚合
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation31]link-aggregation mode dynamic
// 查看整体配置
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation31]display this
#
interface Bridge-Aggregation31port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 140 to 149link-aggregation mode dynamic
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation31]

3.1.7 修改链路聚合配置

比如将trunk 配置改为access 等配置
首先清空原配置,然后配置新配置。
当前配置

[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface Bridge-Aggregation 32
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]display this
#
interface Bridge-Aggregation32port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 140 to 149link-aggregation mode dynamic
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]

恢复默认配置

[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]default
This command will restore the default settings. Continue? [Y/N]:y
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]display this
#
interface Bridge-Aggregation32
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]

添加access vlan 141
添加动态链路聚合

[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]port access vlan 141
Configuring Ten-GigabitEthernet1/0/32 done.
Configuring Ten-GigabitEthernet2/0/32 done.
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]link-aggregation mode dynamic
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]display this
#
interface Bridge-Aggregation32port access vlan 141link-aggregation mode dynamic
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]

3.1.8 配置链路聚合(access)

检查是否已配置过该链路聚合

[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]dis link-aggregation verbose | include 1
Aggregate Interface: Bridge-Aggregation1XGE1/0/45(R)     S       32768    1XGE2/0/45        S       32768    1
System ID: 0x8000, 1451-7e9e-a59a

可见 Bridge-Aggregation1 名称用了, 但实际用的是45port

[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface Bridge-Aggregation 1111
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation1111]quit
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface te1/0/1
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet1/0/1]port link-aggregation group 1111
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet1/0/1]quit
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface te2/0/1
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet2/0/1]port link-aggregation group 1111
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet2/0/1]quit
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface Bridge-Aggregation 1111
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation1111]port access vlan 140
Configuring Ten-GigabitEthernet1/0/1 done.
Configuring Ten-GigabitEthernet2/0/1 done.
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation1111]link-aggregation mode dynamic
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation1111]display this
#
interface Bridge-Aggregation1111port access vlan 140link-aggregation mode dynamic
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation1111]

3.1.9 端口从链路聚合里删除

[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface te2/0/25
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet2/0/25]display this
#
interface Ten-GigabitEthernet2/0/25port link-mode bridgeport link-type trunkundo port trunk permit vlan 1port trunk permit vlan 140 to 149port link-aggregation group 25
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet2/0/25]undo port link-aggregation group
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet2/0/25]display this
#
interface Ten-GigabitEthernet2/0/25port link-mode bridgeport link-type trunkundo port trunk permit vlan 1port trunk permit vlan 140 to 149
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet2/0/25]

3.1.10 vlan 网络隔离

通过acl 实现vlan 网络隔离


<A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>system-view
System View: return to User View with Ctrl+Z.
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]acl advanced 3001
// 新建acl
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]rule 1 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.14
5.0 0.0.0.255//配置规则 禁止访问10.3.145.0/24
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]rule 2 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.14
6.0 0.0.0.255//配置规则 禁止访问10.3.146.0/24
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]rule 20 permit ip//允许其他ip
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]exit
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface Vlan-interface 143
//进入vlan 143
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Vlan-interface143]display this
#
interface Vlan-interface143ip address 10.3.143.1 255.255.255.0
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Vlan-interface143]packet-filter 3001 inbound// vlan 143 inbound 方向下发acl
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Vlan-interface143]display this
#
interface Vlan-interface143ip address 10.3.143.1 255.255.255.0packet-filter 3001 inbound
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Vlan-interface143]exit
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]display acl 3001
Advanced IPv4 ACL 3001, 3 rules,
ACL's step is 5, start ID is 0rule 1 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.145.0 0.0.0.255rule 2 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.146.0 0.0.0.255rule 20 permit ip[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]

通过配置counting,检测acl 是否生效

[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]acl advanced 3001
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]display this
#
acl advanced 3001rule 1 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.145.0 0.0.0.255rule 2 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.146.0 0.0.0.255rule 20 permit ip
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]undo rule 1
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]undo rule 2
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]undo rule 20
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]display this
#
acl advanced 3001
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]rule 1 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.14
5.0 0.0.0.255 counting
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]rule 2 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.14
6.0 0.0.0.255 counting
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]rule 20 permit ip counting
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]display this
#
acl advanced 3001rule 1 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.145.0 0.0.0.255 countingrule 2 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.146.0 0.0.0.255 countingrule 20 permit ip counting
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]dis packet-filter statistics interface Vlan-interface 143 inbound
Interface: Vlan-interface143Inbound policy:IPv4 ACL 3001rule 1 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.145.0 0.0.0.255 counting (14 packets)rule 2 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.146.0 0.0.0.255 counting (21 packets)rule 20 permit ip counting (63 packets)[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]

3.1.11 开启snmp

一般用zabbix 监控交换机时需要,开启snmp

A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>system-view
System View: return to User View with Ctrl+Z.
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]snmp-agent
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]snmp-agent community read public
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]snmp-agent sys-info version all

H3C交换机常用配置相关推荐

  1. 《H3C交换机常用命令》——【华三交换机常用配置及维护命令技能】

    <H3C交换机常用命令> 一.常用查看命令 [Quidway]dis cur                                  :显示当前配置 [Quidway]displ ...

  2. H3C交换机常用命令汇总

    H3C交换机常用命令 1.查看Linux下查看端口状态 root@root:~# netstat -an|grep -E "6002|6003" 2.H3C交换机显示当前配置 [H ...

  3. 华为交换机linux版本号,Cisco和华为交换机常用配置命令总结

    Cisco和华为交换机常用配置命令总结 一.调试命令 思科: Switch#show  run  显示所有配置命令 Switch#show  ip  inter  brief  显示所有接口状态 Sw ...

  4. 华为交换机一次性进入多个接口_华为交换机交换机常用配置(认证、批量操作)...

    华为交换机交换机常用配置(认证.批量操作) 一.简介 AAA是指:authentication(认证).authorization(授权).accounting(计费)的简称,是网络安全的一种管理机制 ...

  5. 《Cisco/H3C交换机高级配置与管理技术手册》目录

    备受业界关注,备受无数读者殷切期待的,我的2012年新作--<Cisco/H3C交换机高级配置与管理技术手册>,经过一年的艰辛编写,现终于胜利封笔.现应许多热心读者的要求,把本书的原始目录 ...

  6. H3C交换机SSH配置(20200922)

    H3C交换机SSH配置(20200922) H3C SSH配置方案1: (AAA认证+Password认证) H3C SSH配置方案2: (AAA认证+Publickey认证+FTP上传文件) H3C ...

  7. H3C 交换机 OpenFlow 配置指南

    H3C 交换机 OpenFlow 配置指南 目录 Console 连接交换机 配置 VLAN 创建实例并映射 VLAN 配置控制器1的IP地址并激活实例 验证配置 1. Console 连接交换机 笔 ...

  8. Openstack基础环境交换机常用配置(CISCO 3750G为例).md

    Openstack基础环境交换机常用配置(CISCO 3750G为例) 文章目录 Openstack基础环境交换机常用配置(CISCO 3750G为例) 基础操作 初始化配置 备份原交换机配置 交换机 ...

  9. Cisco和HuaWei交换机常用配置命令总结

    Cisco和华为交换机常用配置命令总结   一.调试命令 思科: Switch#show  run   显示所有配置命令 Switch#show   ip   inter   brief   显示所有 ...

  10. cisco交换机常用配置命令

    cisco交换机常用配置命令 思科交换机的基本配置 一.基本配置 switch>enable //进入特权模式 switch#config terminal //进入全局配置模式 switch( ...

最新文章

  1. 设计模式之抽象工厂模式(Abstract Factory)摘录
  2. 170多万篇论文,存储量达1.1 TB,Kaggle上线arXiv完整数据集
  3. 通过手写Spring MVC来理解其原理
  4. 谷歌的AI应用开发之道
  5. AngularJS内置指令
  6. 以太坊完整工作原理和运行机制!
  7. android按下enter键如何让光标跳到下一个edittext,我们如何知道光标已经移动到edittext的下一行android...
  8. 关于Exchange管理控制台报“您的权限不足,无法此查看数据”的解决办法
  9. 【剑指offer】面试题48. 最长不含重复字符的子字符串(java)
  10. C++ 类对象和 指针的区别
  11. PHP经验——获得PHP版本信息及版本比较
  12. Eclipse—在Eclipse中如何创建JavaWeb工程
  13. 代码安全之代码混淆及加固(Android)
  14. 基于wincc的虚拟电梯设计_PLC基于WinCC的四层电梯监控系统设计+梯形图
  15. day23面向对象第一篇
  16. 12个EMC设计标准电路
  17. matlab中omega是什么意思_小鸡宝宝考考你南柯一梦中的南柯是什么意思?
  18. QQ邮箱一直显示正在发送或右侧联系人一直在装载
  19. PAT A1010 Radix +神
  20. 以太网UDP数据协议

热门文章

  1. 鸡啄米:C++编程入门系列之一(进制数)
  2. 使用racoon setkey搭建IPsec环境
  3. VMware win10 虚拟机通过NAT模式联网
  4. 不懂zencart该如何找出路-新手soho建站指南
  5. ibm tivoli_在Tivoli Access Manager环境中管理TDS 6.0代理服务器并进行故障排除
  6. [24]Window PowerShell DSC学习系列---- 如何保护MOF文件里面存储的密码?
  7. 愤怒的小鸟有PC版本了!
  8. [Vue warn]: Extraneous non-props attributes (style) were passed to component but could not be 警告
  9. UOM Convertion Rate API
  10. uniapp , 微信小程序 图片加载时闪烁