华为5752有效密码 [email protected]


如果不行,可选择尝试huawei huawei.com www.huawei.com 


a.交换机设置一个名称


sys 


[quidway]sysname JSHQ-02c14-ChaoWei-1.31


b.交换机设置 Dns 


[JSHQ-02c14-AS-1.30]dns server 114.114.114.114


c.交换机设置管理 IP


[JSHQ-02c14-ChaoWei-1.31]undo interface Vlanif 1


 <删除vlan1>


[JSHQ-02c14-ChaoWei-1.31]vlan 1152    


创建vlan1152


[JSHQ-02c14-ChaoWei-1.31]interface Vlanif 1152


[JSHQ-02c14-ChaoWei-1.31-Vlanif1152]ip address 10.196.1.31 255.255.128.0


配置管理IP


d.交换机设置静态路由 


[JSHQ-02c14-ChaoWei-1.31]ip route-static 0.0.0.0 0.0.0.0 10.196.0.1


e.交换机设置 snmp管理 


[JSHQ-02c14-ChaoWei-1.31]snmp    /启用 snmp/ 


[JSHQ-02c14-ChaoWei-1.31]snmp-agent community read 1qazwsxdcv /设置只读字团 / 


[JSHQ-02c14-ChaoWei-1.31]snmp-agent sys-info contact AnchNet.Inc 


[JSHQ-02c14-ChaoWei-1.31]snmp-agent sys-info location Shanghai 


[JSHQ-02c14-ChaoWei-1.31]snmp-agent sys-info version all/支持所有版本 / 


f.交换机设置 telnet登陆 


步骤一    创建公钥


[JSHQ-02c14-ChaoWei-1.31]rsa local-key-pair create   


  The key name will be: Huawei_Host

 

  The range of public key size is (512 ~ 2048).

 

  NOTES: If the key modulus is greater than 512,

 

  it will take a few minutes.

 

  Input the bits in the modulus[default = 512]:1024

 

  Generating keys...

 

  ............................++++++

 

  ...++++++

 

  ..++++++++

 

  ......++++++++

步骤二、配置VTY用户界面

 

  [JSHQ-02c14-ChaoWei-1.31]user-interface vty 0 4

 

  [JSHQ-02c14-ChaoWei-1.31-ui-vty0-4]authentication-mode aaa

 

  [JSHQ-02c14-ChaoWei-1.31-ui-vty0-4]protocol inbound ssh

 

  [JSHQ-02c14-ChaoWei-1.31-ui-vty0-4]quit

 

  步骤三、创建SSH用户,并配置用户的认证方式为password

 

  [JSHQ-02c14-ChaoWei-1.31]ssh user anchnet authentication-type password

 

  步骤四、配置SSH用户的用户名和密码

 

  [JSHQ-02c14-ChaoWei-1.31]aaa

 

  [JSHQ-02c14-ChaoWei-1.31-aaa]local-user anchnet password cipher c15terminal

 

  Info: Add a new user.

 

  [JSHQ-02c14-ChaoWei-1.31-aaa]local-user anchnet privilege level 15

 

  [JSHQ-02c14-ChaoWei-1.31-aaa]local-user anchnet service-type ssh

 

  [JSHQ-02c14-ChaoWei-1.31-aaa]quitq

 

  步骤五、使能STelent功能,并配置用户的服务类型为STelnet

 

  [JSHQ-02c14-ChaoWei-1.31]stelnet server enable

 

  Info: Succeeded in starting the Stelnet server.

 

  [JSHQ-02c14-ChaoWei-1.31]ssh user anchnet service-type stelnet


g.配置Eth-Trunk


#

interface Eth-Trunk1

 description Shanglian_Public_BSC02_G3/0/22_3/0/23

 port link-type trunk

 undo port trunk allow-pass vlan 1

 port trunk allow-pass vlan 88

#

interface Eth-Trunk2

 description Shanglian_Private_BSC02_G2/0/22_2/0/23

 port link-type trunk

 undo port trunk allow-pass vlan 1

 port trunk allow-pass vlan 1152 2000 to 3000 4000

#

interface Eth-Trunk3

 description To_C14_ChaoMi_10.196.1.31_G0/0/51_G0/0/52

 port link-type trunk

 port trunk allow-pass vlan 1151 to 1152 3000 4000

#


h.配置端口


#

interface GigabitEthernet0/0/47

 description Shanglian_Public_G3/0/22

 eth-trunk 1

#

interface GigabitEthernet0/0/48

 description Shanglian_Public_G3/0/23

 eth-trunk 1

#

interface GigabitEthernet0/0/49

 description To_C14_ChaoMi_10.196.1.31_G0/0/51_G0/0/52

 eth-trunk 3

#

interface GigabitEthernet0/0/50

 description To_C14_ChaoMi_10.196.1.31_G0/0/51_G0/0/52

 eth-trunk 3

#

interface GigabitEthernet0/0/51

 description Shanglian_Private_G2/0/22

 eth-trunk 2

#

interface GigabitEthernet0/0/52

 description Shanglian_Private_G2/0/23

 eth-trunk 2

#

根生成树保护

#

stp region-configuration

 region-name anchnet

 instance 1 vlan 80 to 1000

 instance 2 vlan 2000 to 4000

 active region-configuration






 stp root-protection

 stp edged-port enable

 arp anti-attack check user-bind enable

 ip source check user-bind enable


K. NTP服务的配置

设置时区

clock timezone cst add 8


设置时间服务器地址

[S8505]ntp-service unicast-server 10.1.100.88


查看时间ntp状态

dis clock


查看ntp服务会话

dis ntp-service sessions

 

 

 L、ACL配置(基于tracffic policy)

 一、端口下只不允许192.168.0.0通过 

[Quidway]acl number 3000                                                        

[Quidway-acl-adv-3000]rule deny ip source 192.168.0.0  0.0.0.255                                                               

[Quidway]acl number 3001

[Quidway-acl-adv-3001]rule permit ip 


 

--------------------------------------------------------------

二、定义拒绝的访问的 acl 流分类,关联acl  3000                                                             

[Quidway]traffic classifier deny_ip                                                                                    

[Quidway-classifier-deny_ip]if-match acl 3000  

 

三、定义拒绝的访问的 acl 流行为,动作为deny

[Quidway]traffic behavior deny_ip 

[Quidway-behavior-deny_ip]deny

 


----------------------------------------------------------------


四、定义允许 访问的 acl 流分类,关联acl  3001    

[Quidway]traffic classifier permit_ip                                                                                                 

[Quidway-classifier-permit_ip]if-match acl 3001

 

 

五、定义允许的访问的 acl 流行为,动作为permit:

[Quidway]traffic behavior permit_ip                                                                                                 

[Quidway-behavior-permit_ip]permit

---------------------------------------------------------

 

六、定义策略,管理流分类跟流行为:

[Quidway]traffic policy acl_ip

[Quidway-trafficpolicy-per-deny]classifier permit_ip behavior pemit_ip 

[Quidway-trafficpolicy-per-deny]classifier deny_ip behavior deny_ip       允许访问的放在前面,deny 的放在后面 

 

七、在端口下发策略:

[Quidway]int Ethernet 0/0/1

[Quidway-Ethernet0/0/1]traffic-policy acl_ip inbound 

[Quidway-Ethernet0/0/1]traffic-policy acl_ip outbound


ACL配置(基于tracffic-filter)

一、定义acl策略

[Huawei] acl number 2000

[Huawei-acl-basic-2000] rule deny source 192.168.1.0 0.0.0.255


[Huawei] acl number 3000

[Huawei-acl-basic-3000] rule deny tcp source 192.168.1.0 0.0.0.255  destination 23.1.1.0 0.0.0.255 description-port wq www


二、端口策略的应用

[Huawei]interface GigabitEthernet 0/0/1

[Huawei-GigabitEthernet0/0/1] traffic-filter inbound acl 2000

[Huawei-GigabitEthernet0/0/1] traffic-filter inbound acl 3000



M、端口限速策略配置()

[Huawei]traffic classifier 20M 

[Huawei-classifier-20M]if-match any

[Huawei-classifier-20M]quit


[Huawei]traffic behavior 20M

[Huawei-behavior-20M]car cir 20480 cbs 65544444 pbs 65544444 

[Huawei-behavior-20M]quit


[Huawei]traffic policy 20M 

[Huawei-trafficpolicy-20M]classifier 20M behavior 20M


N、SNMP配置

snmp-agent                                           /使能snmp服务/

snmp-agent local-engineid 000007DB7F000001000049DD   /系统自动生成,无需配置/

snmp-agent community read public                     /设置读团体名:public/

snmp-agent community write private                   /设置写团体名:private/

snmp-agent sys-info contact Mr.Wang-Tel:3306         /设置联系方式/

snmp-agent sys-info location 3rd-floor               /设置设备位置/

snmp-agent sys-info version v1 v3            /配置snmp版本允许V1(默认只允许v3)/ 

snmp-agent target-host trap address udp-domain 129.102.149.23 udp-port 5000 par ams securityname public  /允许向网管工作站(NMS)129.102.149.23发送Trap报文,使用的团体名为public/