create account [admin | user] <username> 回车 输入密码: 再次输入密码: configure account admin 回车 输入密码: 再次输入密码: 2.port配置 config ports <portlist> auto off {speed [10 | 100 | 1000]} duplex [half | full] auto off 3.Vlan配置 无论是核心还是接入层,都要先创建三个Vlan,并且将所有归于Default Vlan的端口删除: config vlan default del port all create vlan Server create vlan User create vlan Manger 定义802.1q标记 config vlan Server tag 10 config vlan User tag 20 config vlan Manger tag 30 设定Vlan网关地址: config vlan Server ipa 192.168.41.1/24 config vlan User ipa 192.168.40.1/24 config vlan Manger ipa 192.168.*.*/24 Enable ipforwarding 启用ip路由转发,即vlan间路由 Trunk 配置 config vlan Server add port 1-3 t config vlan User add port 1-3 t config vlan manger add port 1-3 t 4.VRRP配置 enable vrrp configure vrrp add vlan UserVlan configure vrrp vlan UserVlan add master vrid 10 192.168.6.254 configure vrrp vlan UserVlan authentication simple-password extreme configure vrrp vlan UserVlan vrid 10 priority 200 configure vrrp vlan UserVlan vrid 10 advertisement-interval 15 configure vrrp vlan UserVlan vrid 10 preempt 5.端口镜像配置 首先将端口从VLAN中删除 enable mirroring to port 3 #选择3作为镜像口 config mirroring add port 1 #把端口1的流量发送到3 config mirroring add port 1 vlan default #把1和vlan default的流量都发送到3 6.port-channel配置 enable sharing <port> grouping <portlist> {port-based | address-based | round-robin} show port sharing //查看配置 7.stp配置 enable stpd //启动生成树 create stpd stp-name //创建一个生成树 configure stpd <spanning tree name> add vlan <vlan name> {ports <portlist> [dot1d | emistp | pvst-plus]} configure stpd stpd1 priority 16384 configure vlan marketing add ports 2-3 stpd stpd1 emistp 8.DHCP 中继配置 enable bootprelay config bootprelay add <dhcp server ip> 9.NAT配置 Enable nat #启用nat Static NAT Rule Example config nat add out_vlan_1 map source 192.168.1.12/32 to 216.52.8.32/32 Dynamic NAT Rule Example config nat add out_vlan_1 map source 192.168.1.0/24 to 216.52.8.1 - 216.52.8.31 Portmap NAT Rule Example config nat add out_vlan_2 map source 192.168.2.0/25 to 216.52.8.32 /28 both portmap Portmap Min-Max Example config nat add out_vlan_2 map source 192.168.2.128/25 to 216.52.8.64/28 tcp portmap 1024 - 8192 10.OSPF配置 enable ospf 启用OSPF进程 create ospf area <area identifier> 创建OSPF区域 configure ospf routerid [automatic | <routerid>] 配置Routerid configure ospf add vlan [<vlan name> | all] area <area identifier> {passive} 把某个vlan加到某个Area中去,相当于Cisco中的 network的作用 configure ospf area <area identifier> add range <ipaddress> <mask> [advertise | noadvertise] {type-3 | type-7} 把某个网段加到 某个Area中去,相当于Cisco中的network的作用 configure ospf vlan <vlan name> neighbor add <ipaddress> OSPF中路由重发布配置 enable ospf export direct [cost <metric> [ase-type-1 | ase-type-2] {tag <number>} | <route map>] enable ospf export static [cost <metric> [ase-type-1 | ase-type-2] {tag <number>} | <route map>] enable ospf originate-default {always} cost <metric> [ase-type-1 | ase-type-2] {tag <number>} enable ospf originate-router-id 11.SNMP配置 enable snmp access enable snmp traps create access-profile <access profile> type [ipaddress | vlan] config snmp access-profile readonly [<access_profile> | none]配置snmp的只读访问列表,none是去除 config snmp access-profile readwrite [<access_profile> | none] 这是控制读写控制 config snmp add trapreceiver <ip address> {port <udp_port>} community <communitystring> {from <source ip address>} 配置snmp接 收host和团体字符串 12.安全配置 disable ip-option loose-source-route disable ip-option strict-source-route disable ip-option record-route disable ip-option record-timestamp disable ipforwarding broadcast disable udp-echo-server disable irdp vlan <vlan name> disable icmp redirect disable web 关闭web方式访问交换机 enable cpu-dos-protect 13.Access-Lists配置 create access-list icmp destination source create access-list ip destination source ports create access-list tcp destination source ports create access-list udp destination source ports 14.默认路由配置 config iproute add default <gateway> 15.恢复出厂值,但不包括用户改的时间和用户帐号信息 unconfig switch {all} 16.检查配置 show version show config show session show management 查看管理信息,以及snmp信息 show banner show ports configuration show ports utilization ? show memory/show cpu-monitoring show ospf show access-list {<name> | port <portlist>} show access-list-monitor show ospf area <area identifier> show ospf area detail show ospf ase-summary show ospf interfaces {vlan <vlan name> | area <area identifier>} unconfigure ospf {vlan <vlan name> | area <area identifier>} 【2】switch show switch show config show diag show iparp show iproute show ipstat show log show tech all show version detail 17.备份和升级软件 download image [<hostname> | <ipaddress>] <filename> {primary | secondary} upload image [<hostname> | <ipaddress>] <filename> {primary | secondary} use image [primary | secondary] 18.密码恢复。 Extreme交换机在你丢失或忘记密码后,需要重新启动交换机,常按空格键,进入Bootrom模式,输入“h”, 选择“d: Force Factory default configuration”清除配置文件,最后选择“f: Boot on board flash” 重新启动后密码会被清除掉。注意:恢复密码后,以前的配置文件将会被清空。 对于extreme x450e-48p 进入bootrom 后 输入h,然后boot 1 回车即可 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 18.switch licese 的添加: enable licese xxxx-xxxx-xxxx-xxxx-xxxx 会提示添加成功,显示Advanced Edge为成功 HN-HUAIHUA-ANQUAN-LS1.33 # show licenses Enabled License Level: Advanced Edge Enabled Feature Packs: None 步骤:a,HN-HUAIHUA-ANQUAN-LS1.34 # show version Switch : 800190-00-04 0804G-80211 Rev 4.0 BootROM: 1.0.2.2 IMG: 11.6.1.9 XGM2-1 : Image : ExtremeXOS version 11.6.1.9 v1161b9 by release-manager on Wed Nov 29 22:40:47 PST 2006 BootROM : 1.0.2.2 其中 0804G-80211 为交换机的serial number b然后在装有licese的信封里找到voucher serial number c根据这两个serial number 在指定网站上查找liceses 的key 共16位, d然后 enable licese 输入key值即可 |