华为5624交换机配置规范文档 5624核心交换机规范配置文档 进入交换机配置命令行后,须作如下配置: 进入系统视图 systemview 设置主机名,用于区别其他交换机.
主机名最好包括交换机型号,以及交换机在网络 中所起的作用等信息.
[Quidway]sysnameCenter-5624 配置Vlan时须对Vlan描述,帮助网络管理员确认该Vlan的用途与连接网络的范围.
防止长时间后难于正确识别Vlan用途.
[Center-5624]vlan 2 [Center-5624-vlan2]descriptionmenzhen-low [Center-5624-vlan2]quit [Center-5624]vlan 3 [Center-5624-vlan3]description zhuyuan-low [Center-5624-vlan3]quit
[Center-5624]vlan 4 [Center-5624-vlan4]description xingdai-low [Center-5624-vlan4]quit [Center-5624]vlan 5 [Center-5624-vlan5]description fengyuan [Center-5624-vlan5]quit [Center-5624]vlan 6 [Center-5624-vlan6]descriptionmengzhendian [Center-5624-vlan6]quit 配置VLAN的3层虚拟接口时,注意3层接口的地址与Vlan号最好要有对应关系.
比如Vlan2接口对应地址为192.168.2.1,Vlan3接口对应地址为192.168.3.1.其他应如 此类推.
[Center-5624]interfacevlan1 [Center-5624-vlan-interface1]jip address 192.168.1.1 255.255.255.0 [Center-5624-vlan-interface1]quit [Center-5624]interfacevlan2
[Center-5624-vlan-interface2]ip address 192.168.2.1 255.255.255.0 [Center-5624-vlan-interface2]quit [Center-5624]interfacevlan3 [Center-5624-vlan-interface3]ip address 192.168.3.1 255.255.255.0 [Center-5624-vlan-interface3]quit [Center-5624]interface vlan 4 [Center-5624-vlan-interface4]ip address 192.168.4.1 255.255.255.0 [Center-5624-vlan-interface4]quit [Center-5624]interfacevlan5 [Center-5624-vlan-interface5]ip address 192.168.5.1 255.255.255.0 [Center-5624-vlan-interface5]quit [Center-5624]interfacevlan6 [Center-5624-vlan-interface6]ip address 192.168.6.1 255.255.255.0 [Center-5624-vlan-interface5]quit 如果是将多个接口批量加入某个VLAN中,如下命令将相关接口加入对应 VLAN2、VLAN3、VLAN4.
[Center-5624]vlan2 [Center-5624-vlan2]port GigabitEthernet 1/0/1to GigabitEthernet 1/0/3 [Center-5624]vlan3 [Center-5624-vlan3]portGigabitEthernet1/0/4toGigabitEthernet1/0/6 [Center-5624]vlan 4 [Center-5624-vlan4]port GigabitEthernet1/0/7toGigabitEthernet1/0/8 配置将个别特定物理接口加入某个Vlan中.
可采用如下命令: [Center-5624]interfaceGigabitEthernet1/0/9 [Center-5624-GigabitEthernet1/0/9]port accessvlan5 [Center-5624]interfaceGigabitEthernet1/0/10 [Center-5624-GigabitEthernet1/0/9]port accessvlan6 创建交换机访问控制列表,控制VLAN只能与VLAN1互访,而不能与VLAN1 已外的VLAN互访.
[Center-5624]acl number3000 [Center-5624-acl-adv-3000]rule 100 permit ip source 192.168.1.0 0.0.0.255 destionany
上述访问控制列表规则让VLAN1的IP地址可以访问所以其他VLAN.
[Center-5624-acl-adv-3000]rule 90 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.1.0 0.0.0.255 上述访问控制列表规则让VLAN的IP地址可以访问VLAN1.
[Center-5624-acl-adv-3000]rule 80 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.0.1 0.0.255.0 上述访问控制列表规则让VLAN的IP地址可以访问网关IP地址:192.168.X.1 [Center-5624-acl-adv-3000]rule 70 deny ip source 192.168.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255 上述访问控制列表规则让VLAN的IP地址都不能互访.
[Center-5624-acl-adv-3000]quit [Center-5624] 创建的访问控制列表要真正起作用,必须在交换机接口上启用该访问控制列表.
以下 命令将访问控制列表在交换机接口使用.
[center-5624]interfaceGigabitEthernet1/0/1 [center-5624-GigabitEthernet1/0/1]packet-filter inbound ip-group 3000 [center-5624-GigabitEthernet1/0/1]quit
