Brocade ip   配置             与CISCO 比较

 Foundry                                                                        Cisco            

 

common commands that are different between vendors:

 

 

**access configuration**

 

Access-list 10 permit 172.16.0.0 0.0.0.255                             Access-list 10 permit 172.16.0.0 0.0.0.255

telnet access-group 10                                                             line vty 0 4

ip access-class 10 in

 

ip ssh-client 192.168.1.1

 

snmp-client 192.168.1.1

 

web-client 192.168.1.1

 

all-client 192.168.1.1

 

 

enable telnet password letmein                                               line vty 0 4

                                                                                                password letmein

 

enable super-user-password enable                                         enable password enable

                                                                                                enable secret enable

 

 **************** dns ****************

 

Ip dns domain-name foundry.net                                           ip domain-name foundry.net

Ip dns name-server 4.2.2.2                                                      ip name-server 4.2.2.2

 

 

****************interface naming****************

 

Interface ether 1                                                                      interface e 1

Port-name test                                                                         description test

 

****************speed-duplex****************

 

Interface ether 1                                                                      interface ether 1

Speed-duplex 100 full                                                                        speed 100

                                                                                                Duplex full

 

**************** disabling a port ****************

 

Int e 1                                                                                      int e 1

Disable                                                                                    shutdown

 

**************** range of interfaces ****************

 

Int Ethernet 1/1 to 1/24                                                          interface range Ethernet 1/1 -24

 

**************** POE ****************

 

Int Ethernet 1/1                                                                       interface Ethernet 1/1

Inline power                                                                            power inline

 

 

 

**************** ntp server ****************

 

Sntp server 3.3.3.3                                                                  ntp-server x.x.x.x

 

 

****************adding layer-3 interface****************

 

Interface ve 1                                                                          Interface vlan

Ip address x.x.x.x x.x.x.x                                                       Ip address x.x.x.x x.x.x.x

 

vlan 200 name test

 tagged ethe 3/22

 router-interface ve 1

 

**Protocol based VLAN**

 

Ip-subnet 3.3.3.3 255.255.255.0 name subnet-a

No dynamic

Static Ethernet 1 to 9 ethernet 20

 

 

 

 

****************port based vlans****************

 

                                                                        vlan 222 name Test

Vlan 222 name Test

 

****************adding port to vlan****************

 

Vlan 222                                                                                 interface e 1/1

untagged ether 1/1                                                                  switchport access vlan 222

  Untagged ether 1/1

 

vlan 222                                                                                    interface e1/24

  taggedd e 1/24                                                                             switch mode trunk

****************stp root****************

 

Spanning-tree priority 0                                                          spanning-tree vlan 100 root primary/secondary

 

 

****************  portfast-fastport ****************

 

Int e 1/3                                                                                   int e 1/3

Fast port-span                                                                         spanning-tree portfast

Stp-protect                                                                              spanning-tree portfast bpduguard

                                                           

****************802.1q trunk****************

 

int e 2/2

                                                                                                switchport encapsulation dot1q

                                                                                                Switchport mode trunk

Vlan 222

Tagged ether 2/2

Tagged ether 2/2

 

 

****************802.3ad link aggregation****************

 

 inte e1 to e2 

link-aggregate 

 

Trunk Ethernet 1 to 4                                                              interface range gigabitethernet2/0/1 -2 

channel-group 2 mode active

 

(trunk specific parameters need to be done from master port, first port)

 

 

****************Port Mirroring****************

 

Mirror-port ether 1 (sniffer port)                                             monitor session 1 source int fast 2

Int ether 2                                                                               monitor session 1 destination int fast 1

Monitor port ether 1

 

 

**************** Routing protocols *****************

 

Router rip                                                                                            router rip

Ethernet 1/1                                                                                        network 172.16.0.0

Ip rip v1-only

 

Router rip

Permit redistribute 1 static address 172.16.0.0 255.255.255.0           router rip

Redistribution                                                                                     redistribute static

 

 

 

Router ospf                                                                                         router ospf 1

Area 0.0.0.0                                                                                        network 10.0.0.0 0.0.0.255 area 0.0.0.0

Interface e 1/1

Ip ospf area 0.0.0.0

 

Router ospf                                                                                         router ospf 1

Redistribution rip                                                                                redistribute static

Redistribution static                                                                            redistribute rip

 

Router bgp                                                                                          router bgp 40

Local-as 40

(neighbor commands identical)

 

**************** VRRP-HSRP config *****************

 

VRRP                                                                                                 HSRP

 

Router 1                                                                                              Router 1

 

Router vrrp                                                                                          interface e 1/6

Inter e 1/6                                                                                            ip address 192.168.5.2

Ip address 192.168.5.1 255.255.255.0                                               standby 1 ip 192.168.5.1

Ip vrrp vrid 1                                                                                       standby 1 priority 110

Owner                                                                                                 standby 1 preempt

Ip address 192.168.53.1

Activate

 

 

 

Router 2                                                                                              Router 2

 

Router vrrp                                                                                          interface e 1/5                                                            

Inter e 1/5                                                                                            ip address 192.168.5.3 255.255.255.0

Ip address 192.168.5.3                                                                       standy 1 ip 192.168.5.1

Ip vrrp vrid 1

backup

Ip address 192.168.53.1

Activate

 

 

**VRRPE**

(highest priority is the master)

 

Router vrrp-extended

Inter e 1/5

            Ip address 192.168.5.2

Ip vrrp-extended vrid 1

Backup

Ip address 192.168.5.1

activate

 

Router vrrp-extended

Inter e 1/3

            Ip address 192.168.5.3

Ip vrrp-extended vrid 1

Backup

Backup priority 50 track-priority 10 (track priority decrements priority upon failure of interface being tracked)

Ip address 192.168.5.1

activate

 

 

 

**********************Other commands*************************

 

**sflow**

 

-Sflow

Sflow destination x.x.x.x

Sflow enable

Int e 1/1

Sflow forwarding

 

 

**dot1x**

 

Aaa authentication dot1x default radius

radius-server host 10.10.10.10 auth-port 1812 acct-port 1813 default key mykey dot1x

 

 

dot1x-enable

            enable all

            enable ether 2/1

 

inter ether 2/1

            dot1x port-control auto

 

re-authentication (global default 3600 seconds)

 

Dot1x initialize e 3/1 (from # prompt (not config)

dot1x multiple-hosts

auth-fail-vlanid 300 (unsuccessful auth places client in vlan 300)

 

 

**rate limiting**

 

---fixed rate---

 

 

int e 1/1

rate limit fixed 500000 payload-only

 

show rate-limit fixed

 

 

traffic-policy tpd rate-limit fixed 100 exceed-action drop

access-list 101 permit ip any any traffic-policy tpd

 

int e 1/1

ip access-group 101 in

 

---Adaptive rate---

 

Cir: committed info rate (rate bps)

Cbs: commited burst size (packets)

Pir: peek information rate (rate  bps)

Pbs: peer burst size (packets)

traffic-policy tpdadapt rate-limit adaptive cir 10000 cbs 16000 pir 20000 pbs 40000 exceed-action drop

access-list 101 permit ip any any traffic-policy tpdadapt

 

int e 1/1

ip access-group 101 in

 

 

***UDLD***

 

Link-keepalive Ethernet 1/1

Link-keepalive Ethernet 1/1 to ¼

 

Link-keepalive retries (default 5)

Link-keepalive interval (default 5)

 

 

***Radius***

 

Username tborst password mypassword  (optional local database user)

 

Radius-server host 3.3.3.3

Radius-server key mykey

Radius-server retransmit 5 (default 3)

Radius-server timeout 5 (default 3 sec)

 

Enable telnet authentication

Aaa authentication login default radius local

Aaa authentication enable default radius local

 

Aaa authentication login privilege-mode (goes to enable mode after successful logon)

Aaa authentication enable implicit-user (when entering enable mode, prompts for just password –no userid)

 

 

***Security commands***

 

---RPF---

 

Int e 1/1

Ip verify unicast reverse-path external

 

---DHCP snooping---

 

Ip dhcp snooping vlan x

 

Interface Ethernet 1/1 (trusted ports..router, switches, dhcp server)

            Dhcp snooping trust

 

---ip source guard---

 

Enable acl-per-port-per-vlan (global config)

 

Interface e 1/1

            Source-guard enable

 

---arp inspection---

 

Ip arp inspection vlan 2 (globa)

 

Interface ether 1/1

            Arp inspection trust

 

***source interface admin***

 

Ip telnet source-interface loop 0

 

Ip tftp source-interface loop 0

 

 

***mdi/mdx***

 

Interface e 1/1

            mdi-mdx mdi (connects to end device)

            mdi-mdx mdx (connects to switch-hub xover)

 

 

 

 

 

 

 

 

***VSRP***

(enabled by default, to run vrrp/vrrpe disable vsrp first)

            No router vsrp

 

Vlan 200

            Tag Ethernet 1/1 to 1/8

            Vsrp vid 1

                        Backup

                        Activate

                        Scale-timer 2 (divides times by 2)

                        Ip vsrp auth-type simple-text-auth passwd (hello packets)

                        No include-port ether 1/1

                        Backup priority 75

                        Backup track-priority 1

                        Track-port e 1/1

                        Non-preempt-mode

 

Vlan 200 (vsrp-aware device)

            Vsrp-aware vrid 1 auth simple-text-auth passwd

           

                       

 

 

____________________________Software Naming conventions FastIron________________________________

 

SxSxxxxxx.bin (layer 2)

SxLxxxxxx.bin (Base Layer 3)

SxRxxxxxx.bin (Full Layer 3)

 

 

 

 

 

 菊�硐忝笔�

http://jajamaozi.taobao.com

 

            

你可能感兴趣的:(IP,配置,brocade)