华为5752有效密码 [email protected]
如果不行,可选择尝试huawei huawei.com www.huawei.com
a.交换机设置一个名称
[quidway]sysname JSHQ-02c14-ChaoWei-1.31
b.交换机设置 Dns
[JSHQ-02c14-AS-1.30]dns server 114.114.114.114
c.交换机设置管理 IP
[JSHQ-02c14-ChaoWei-1.31]undo interface Vlanif 1
<删除vlan1>
[JSHQ-02c14-ChaoWei-1.31]vlan 1152
创建vlan1152
[JSHQ-02c14-ChaoWei-1.31]interface Vlanif 1152
[JSHQ-02c14-ChaoWei-1.31-Vlanif1152]ip address 10.196.1.31 255.255.128.0
配置管理IP
d.交换机设置静态路由
[JSHQ-02c14-ChaoWei-1.31]ip route-static 0.0.0.0 0.0.0.0 10.196.0.1
e.交换机设置 snmp管理
[JSHQ-02c14-ChaoWei-1.31]snmp /启用 snmp/
[JSHQ-02c14-ChaoWei-1.31]snmp-agent community read 1qazwsxdcv /设置只读字团 /
[JSHQ-02c14-ChaoWei-1.31]snmp-agent sys-info contact AnchNet.Inc
[JSHQ-02c14-ChaoWei-1.31]snmp-agent sys-info location Shanghai
[JSHQ-02c14-ChaoWei-1.31]snmp-agent sys-info version all/支持所有版本 /
f.交换机设置 telnet登陆
步骤一 创建公钥
[JSHQ-02c14-ChaoWei-1.31]rsa local-key-pair create
The key name will be: Huawei_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 512]:1024
Generating keys...
............................++++++
...++++++
..++++++++
......++++++++
步骤二、配置VTY用户界面
[JSHQ-02c14-ChaoWei-1.31]user-interface vty 0 4
[JSHQ-02c14-ChaoWei-1.31-ui-vty0-4]authentication-mode aaa
[JSHQ-02c14-ChaoWei-1.31-ui-vty0-4]protocol inbound ssh
[JSHQ-02c14-ChaoWei-1.31-ui-vty0-4]quit
步骤三、创建SSH用户,并配置用户的认证方式为password
[JSHQ-02c14-ChaoWei-1.31]ssh user anchnet authentication-type password
步骤四、配置SSH用户的用户名和密码
[JSHQ-02c14-ChaoWei-1.31]aaa
[JSHQ-02c14-ChaoWei-1.31-aaa]local-user anchnet password cipher c15terminal
Info: Add a new user.
[JSHQ-02c14-ChaoWei-1.31-aaa]local-user anchnet privilege level 15
[JSHQ-02c14-ChaoWei-1.31-aaa]local-user anchnet service-type ssh
[JSHQ-02c14-ChaoWei-1.31-aaa]quitq
步骤五、使能STelent功能,并配置用户的服务类型为STelnet
[JSHQ-02c14-ChaoWei-1.31]stelnet server enable
Info: Succeeded in starting the Stelnet server.
[JSHQ-02c14-ChaoWei-1.31]ssh user anchnet service-type stelnet
g.配置Eth-Trunk
#
interface Eth-Trunk1
description Shanglian_Public_BSC02_G3/0/22_3/0/23
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 88
#
interface Eth-Trunk2
description Shanglian_Private_BSC02_G2/0/22_2/0/23
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 1152 2000 to 3000 4000
#
interface Eth-Trunk3
description To_C14_ChaoMi_10.196.1.31_G0/0/51_G0/0/52
port link-type trunk
port trunk allow-pass vlan 1151 to 1152 3000 4000
#
h.配置端口
#
interface GigabitEthernet0/0/47
description Shanglian_Public_G3/0/22
eth-trunk 1
#
interface GigabitEthernet0/0/48
description Shanglian_Public_G3/0/23
eth-trunk 1
#
interface GigabitEthernet0/0/49
description To_C14_ChaoMi_10.196.1.31_G0/0/51_G0/0/52
eth-trunk 3
#
interface GigabitEthernet0/0/50
description To_C14_ChaoMi_10.196.1.31_G0/0/51_G0/0/52
eth-trunk 3
#
interface GigabitEthernet0/0/51
description Shanglian_Private_G2/0/22
eth-trunk 2
#
interface GigabitEthernet0/0/52
description Shanglian_Private_G2/0/23
eth-trunk 2
#
根生成树保护
#
stp region-configuration
region-name anchnet
instance 1 vlan 80 to 1000
instance 2 vlan 2000 to 4000
active region-configuration
stp root-protection
stp edged-port enable
arp anti-attack check user-bind enable
ip source check user-bind enable
K. NTP服务的配置
设置时区
设置时间服务器地址
[S8505]ntp-service unicast-server 10.1.100.88
查看时间ntp状态
查看ntp服务会话
L、ACL配置(基于tracffic policy)
一、端口下只不允许192.168.0.0通过
[Quidway]acl number 3000
[Quidway-acl-adv-3000]rule deny ip source 192.168.0.0 0.0.0.255
[Quidway]acl number 3001
[Quidway-acl-adv-3001]rule permit ip
--------------------------------------------------------------
二、定义拒绝的访问的 acl 流分类,关联acl 3000
[Quidway]traffic classifier deny_ip
[Quidway-classifier-deny_ip]if-match acl 3000
三、定义拒绝的访问的 acl 流行为,动作为deny
[Quidway]traffic behavior deny_ip
[Quidway-behavior-deny_ip]deny
----------------------------------------------------------------
四、定义允许 访问的 acl 流分类,关联acl 3001
[Quidway]traffic classifier permit_ip
[Quidway-classifier-permit_ip]if-match acl 3001
五、定义允许的访问的 acl 流行为,动作为permit:
[Quidway]traffic behavior permit_ip
[Quidway-behavior-permit_ip]permit
---------------------------------------------------------
六、定义策略,管理流分类跟流行为:
[Quidway]traffic policy acl_ip
[Quidway-trafficpolicy-per-deny]classifier permit_ip behavior pemit_ip
[Quidway-trafficpolicy-per-deny]classifier deny_ip behavior deny_ip 允许访问的放在前面,deny 的放在后面
七、在端口下发策略:
[Quidway]int Ethernet 0/0/1
[Quidway-Ethernet0/0/1]traffic-policy acl_ip inbound
[Quidway-Ethernet0/0/1]traffic-policy acl_ip outbound
ACL配置(基于tracffic-filter)
一、定义acl策略
[Huawei] acl number 2000
[Huawei-acl-basic-2000] rule deny source 192.168.1.0 0.0.0.255
[Huawei] acl number 3000
[Huawei-acl-basic-3000] rule deny tcp source 192.168.1.0 0.0.0.255 destination 23.1.1.0 0.0.0.255 description-port wq www
二、端口策略的应用
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1] traffic-filter inbound acl 2000
[Huawei-GigabitEthernet0/0/1] traffic-filter inbound acl 3000
M、端口限速策略配置()
[Huawei]traffic classifier 20M
[Huawei-classifier-20M]if-match any
[Huawei-classifier-20M]quit
[Huawei]traffic behavior 20M
[Huawei-behavior-20M]car cir 20480 cbs 65544444 pbs 65544444
[Huawei-behavior-20M]quit
[Huawei]traffic policy 20M
[Huawei-trafficpolicy-20M]classifier 20M behavior 20M
N、SNMP配置
snmp-agent /使能snmp服务/
snmp-agent local-engineid 000007DB7F000001000049DD /系统自动生成,无需配置/
snmp-agent community read public /设置读团体名:public/
snmp-agent community write private /设置写团体名:private/
snmp-agent sys-info contact Mr.Wang-Tel:3306 /设置联系方式/
snmp-agent sys-info location 3rd-floor /设置设备位置/
snmp-agent sys-info version v1 v3 /配置snmp版本允许V1(默认只允许v3)/
snmp-agent target-host trap address udp-domain 129.102.149.23 udp-port 5000 par ams securityname public /允许向网管工作站(NMS)129.102.149.23发送Trap报文,使用的团体名为public/