《核心交换机各项配置 Vlan划分、互访、ACL管控、链路聚合教程.docx》由会员分享,可在线阅读,更多相关《核心交换机各项配置 Vlan划分、互访、ACL管控、链路聚合教程.docx(24页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、核心交换机各项配置Vlan划分、互访、ACL管控、链路聚合教程核心交换机各项配置Vlan划分、互访、ACL管控、链路聚合教程交换机的主要功能包括物理编址、网络拓扑构造、错误校验、帧序列以及流控。交换机还具备了一些新的功能,如对VLAN(虚拟局域网)的支持、对链路会聚的支持,甚至有的还具有防火墙的功能。这篇文章主要为大家介绍了核心交换机配置的方法,比方给核心交换机配置Vlan划分、互访、ACL管控、链路聚合等,需要的朋友能够参考下。概念介绍访问控制列表(AccessControlList,ACL)是路由器和交换机接口的指令列表,用来控制端口进出的数据包。ACL适用于所有的被路由协议,如IP、IP
2、X、AppleTalk等。链路聚合是将两个或更多数据信道结合成一个单个的信道,该信道以一个单个的更高带宽的逻辑链路出现。链路聚合一般用来连接一个或多个带宽需求大的设备,例如连接骨干网络的服务器或服务器群。详细配置#!SoftwareVersionV200R001C00SPC300sysnameIT_ServerRoom#交换机名称#vlanbatch10203040506070809099to100#设置Vlan#vlanbatch110#lacppriority100#链路聚合优先级设定#undoserverenable#undonapslaveenable#dhcpenable#打开DHC
3、P功能#aclnumber3001#配置ACL访控#rule4permittcpsource0.0.0.0192.168.21.11destination-porteq3389#允许指定IP使用远程协助#rule5permittcpsource0.0.0.0192.168.21.13destination-porteq3389rule6permittcpsource0.0.0.1192.168.11.254destination-porteq3389rule7permittcpsource0.0.0.0192.168.51.13destination0.0.0.0192.168.11.10de
4、stination-porteq3389rule8permittcpsource0.0.0.0192.168.81.31destination0.0.0.0192.168.11.10destination-porteq3389rule9permittcpsource0.0.0.0192.168.21.14destination0.0.0.0192.168.11.12destination-porteq3389rule10permittcpsource0.0.0.3192.168.21.12destination-porteqtelnetrule11permittcpsource0.0.0.11
5、92.168.11.254destination-porteqtelnetrule12permittcpsource0.0.0.0192.168.21.250destination0.0.0.0192.168.11.12destination-porteq3389rule100denytcpdestination-porteq3389#关闭远程协助端口#rule105denytcpdestination-porteqtelnet#关闭Telnet端口#ippool1#设置IP地址池#gateway-list192.168.11.254#设置网关#network192.168.11.0mask2
6、55.255.255.0#子网掩码及IP区段#excluded-ip-address192.168.11.1192.168.11.60#DHCP分配时豁免的IP地址#leaseday10hour0minute0#IP地址有效时间#dns-list192.168.11.2192.168.11.5#DNS配置#ippool2gateway-list192.168.21.254network192.168.21.0mask255.255.255.0excluded-ip-address192.168.21.1192.168.21.60leaseday10hour0minute0dns-list192
7、.168.11.2192.168.11.5#ippool3gateway-list192.168.31.254network192.168.31.0mask255.255.255.0excluded-ip-address192.168.31.1192.168.31.60leaseday10hour0minute0dns-list192.168.11.2192.168.11.5#ippool4gateway-list192.168.41.254network192.168.41.0mask255.255.255.0excluded-ip-address192.168.41.1192.168.41
8、.60leaseday10hour0minute0dns-list192.168.11.2192.168.11.5#ippool5gateway-list192.168.51.254network192.168.51.0mask255.255.255.0excluded-ip-address192.168.51.1192.168.51.60leaseday10hour0minute0dns-list192.168.11.2192.168.11.5#ippool6gateway-list192.168.61.254network192.168.61.0mask255.255.255.0exclu
9、ded-ip-address192.168.61.1192.168.61.60leaseday10hour0minute0dns-list192.168.11.2192.168.11.5#ippool7gateway-list192.168.71.254network192.168.71.0mask255.255.255.0excluded-ip-address192.168.71.1192.168.71.60leaseday10hour0minute0dns-list192.168.11.2192.168.11.5#ippool8gateway-list192.168.81.254netwo
10、rk192.168.81.0mask255.255.255.0excluded-ip-address192.168.81.1192.168.81.60leaseday10hour0minute0dns-list192.168.11.2192.168.11.5#ippool9gateway-list192.168.91.254network192.168.91.0mask255.255.255.0excluded-ip-address192.168.91.1192.168.91.60leaseday10hour0minute0dns-list192.168.11.2192.168.11.5#ip
11、pool10gateway-list192.168.101.254network192.168.101.0mask255.255.255.0excluded-ip-address192.168.101.1192.168.101.60leaseday10hour0minute0dns-list192.168.11.2192.168.11.5#ippool11gateway-list192.168.111.254network192.168.111.0mask255.255.255.0excluded-ip-address192.168.111.1192.168.111.60leaseday10h
12、our0minute0dns-list192.168.11.2192.168.11.5#aaaauthentication-schemedefaultauthorization-schemedefaultaccounting-schemedefaultdomaindefaultdomaindefault_adminlocal-useradminpasswordcipher%$%$O9hP7mbdf4Q#EvU4j#wX3ypg%$%$!$local-useradminservice-type#interfaceVlanif1ipaddress192.168.66.254255.255.255.
13、0#interfaceVlanif10#实现Vlan间互访#ipaddress192.168.11.254255.255.255.0dhcpselectglobal#interfaceVlanif20ipaddress192.168.21.254255.255.255.0dhcpselectglobal#interfaceVlanif30ipaddress192.168.31.254255.255.255.0dhcpselectglobal#interfaceVlanif40ipaddress192.168.41.254255.255.255.0dhcpselectglobal#interfa
14、ceVlanif50ipaddress192.168.51.254255.255.255.0dhcpselectglobal#interfaceVlanif60ipaddress192.168.61.254255.255.255.0dhcpselectglobal#interfaceVlanif70ipaddress192.168.71.254255.255.255.0dhcpselectglobal#interfaceVlanif80ipaddress192.168.81.254255.255.255.0dhcpselectglobal#interfaceVlanif90ipaddress1
15、92.168.91.254255.255.255.0dhcpselectglobal#interfaceVlanif99ipaddress10.0.0.2255.255.255.0#interfaceVlanif100ipaddress192.168.101.254255.255.255.0dhcpselectglobal#interfaceVlanif110ipaddress192.168.111.254255.255.255.0dhcpselectglobal#interfaceMEth0/0/1ipaddress192.168.88.1255.255.255.0#interfaceEth
16、-Trunk1#链路聚合设置#portlink-typetrunk#链路聚合后的形式#porttrunkallow-passvlan2to4094#允许通过的Vlan标签#modelacp-static#链路聚合形式#maxactive-linknumber2#最大在线端口#interfaceGigabitEthernet0/0/1#各端口配置#portlink-typeaccessportdefaultvlan10loopback-detectenable#环路检测#interfaceGigabitEthernet0/0/2portlink-typeaccessportdefaultvlan
17、10loopback-detectenable#interfaceGigabitEthernet0/0/3portlink-typeaccessportdefaultvlan10loopback-detectenable#interfaceGigabitEthernet0/0/4portlink-typeaccessportdefaultvlan10loopback-detectenable#interfaceGigabitEthernet0/0/5portlink-typeaccessportdefaultvlan110#interfaceGigabitEthernet0/0/6portli
18、nk-typeaccessportdefaultvlan110loopback-detectenable#interfaceGigabitEthernet0/0/7portlink-typeaccessportdefaultvlan100loopback-detectenable#interfaceGigabitEthernet0/0/8portlink-typeaccessportdefaultvlan100loopback-detectenable#interfaceGigabitEthernet0/0/9portlink-typeaccessportdefaultvlan90loopba
19、ck-detectenable#interfaceGigabitEthernet0/0/10portlink-typeaccessportdefaultvlan90loopback-detectenable#interfaceGigabitEthernet0/0/11portlink-typeaccessportdefaultvlan60loopback-detectenable#interfaceGigabitEthernet0/0/12portlink-typeaccessportdefaultvlan60loopback-detectenable#interfaceGigabitEthe
20、rnet0/0/13portlink-typeaccessportdefaultvlan70loopback-detectenable#interfaceGigabitEthernet0/0/14loopback-detectenable#interfaceGigabitEthernet0/0/15loopback-detectenable#interfaceGigabitEthernet0/0/16loopback-detectenable#interfaceGigabitEthernet0/0/17#链路聚合端口配置1#eth-trunk1lacppriority100#高优先级#inte
21、rfaceGigabitEthernet0/0/18#链路聚合端口配置2#eth-trunk1lacppriority100#interfaceGigabitEthernet0/0/19#链路聚合端口配置3#eth-trunk1#备用链路,2用1备#interfaceGigabitEthernet0/0/20loopback-detectenable#interfaceGigabitEthernet0/0/21portlink-typetrunkporttrunkallow-passvlan102030405060708090100porttrunkallow-passvlan110loopb
22、ack-detectenable#interfaceGigabitEthernet0/0/22portlink-typetrunkporttrunkallow-passvlan102030405060708090100porttrunkallow-passvlan110loopback-detectenable#interfaceGigabitEthernet0/0/23#连接防火墙配置#portlink-typeaccessportdefaultvlan99loopback-detectenable#interfaceGigabitEthernet0/0/24portlink-typeacc
23、essportdefaultvlan99loopback-detectenable#interfaceNULL0#arpstatic192.168.81.137427-ea35-eedf#iproute-static0.0.0.00.0.0.010.0.0.1#静态路由#iproute-static192.168.10.0255.255.255.0192.168.71.1iproute-static192.168.12.0255.255.255.0192.168.71.2iproute-static192.168.118.0255.255.255.0192.168.111.1#traffic-
24、filterinboundacl3001#全局启用ACL管控#snmp-agent#利用Cacti监控192.168.11.151,配置SNMP#snmp-agentlocal-engineid800007DB037054F5DFC580snmp-agentcommunityreadcipher%$%$(=VHL9T2A-VkMN9/IMJSJ%$%$snmp-agentsys-infoversionallsnmp-agentgroupv3publicsnmp-agenttarget-hosttrapaddressudp-domain192.168.11.151paramssecurityna
25、mepublic#user-interfacecon0#console口密码#authentication-modepasswordsetauthenticationpasswordcipher%$%$Q8BRT8WMuCf9%QX7.)c#$!;K.194FaqXM$F=8%$%$#user-interfacevty04#Telnet密码#authentication-modepassworduserprivilegelevel3setauthenticationpasswordcipher%$%$%cJU0$8$:m91RKYxGYsja6iDE%48L!hl$Av8vK6ypk%$%$#
26、$#user-interfacevty1620#相关浏览:交换机硬件故障常见问题电源故障:由于外部供电不稳定,或者电源线路老化或者雷击等原因导致电源损坏或者风扇停止,进而不能正常工作。由于电源缘故而导致机内其他部件损坏的事情也经常发生。假如面板上的POWER指示灯是绿色的,就表示是正常的;假如该指示灯灭了,则讲明交换机没有正常供电。这类问题很容易发现,也很容易解决,同时也是最容易预防的。针对这类故障,首先应该做好外部电源的供给工作,一般通过引入独立的电力线来提供独立的电源,并添加稳压器来避免霎时高压或低压现象。假如条件允许,能够添加UPS(不间断电源)来保证交换机的正常供电,有的UPS提供稳压功能,而有的没有,选择时要注意。在机房内设置专业的避雷措施,来避免雷电对交换机的伤害。如今有很多做避雷工程的专业公司,施行网络布线时能够考虑。核心交换机各项配置Vlan划分、互访、ACL管控、链路聚合