网络设备稳定运行一方面依赖于完备的网络规划,另一方面,通过网络设备日常的维护和监测发现设备运行隐患也是非常必要的。
此文以华为设备配置代码以交换为主简述在工作中即可应用简单的几条指令。
架构上分为核心层、分布层、接入层三层,部分相同的代码有简略。
------------虚拟接口------------------------------------
1)管理地址
interface Vlanif1
description Management
ip address 192.168.250.197 255.255.255.0
dhcp select relay
dhcp relay server-select dhcpgroup1
#
2)核心交换虚拟网关接口
interface Vlanif2
description Server
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif3
description office
ip address 192.168.0.2 255.255.255.0
dhcp select relay
dhcp relay server-select dhcpgroup1
-----------Trunk------------------------------------
interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan 2 to 100
ntdp enable
ndp enable
bpdu enable
-----------Eth Trunk-------------------------------
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/1
eth-trunk 1
interface GigabitEthernet0/0/2
eth-trunk 1
-----------IP ROUTE---------------------
1)核心交换静态路由
ip route-static 0.0.0.0 0.0.0.0 10.16.0.1
ip route-static 1.1.1.0 255.255.255.0 192.168.9.101
ip route-static 10.0.0.0 255.255.0.0 192.168.9.100
1)分布层接入层
ip route-static 0.0.0.0 0.0.0.0 192.168.250.1
-----------VLAN-----------------------------
vlan 1
description Management
vlan 2
description Server
vlan 3
description office
interface GigabitEthernet 0/0/11
-----------DHCP服务器声明-----------------------------
dhcp server group dhcpgroup1
dhcp-server 192.168.1.250 0
-----------Access Port------------------------------
1)defaule
interface GigabitEthernet0/0/1
port link-type access
port default vlan 3
stp disable
stp edged-port enable
ntdp enable
ndp enable
2)POE config
interface GigabitEthernet0/0/1
port hybrid pvid vlan 2
port hybrid tagged vlan 9 92
port hybrid untagged vlan 2
stp edged-port enable
undo poe enable
-----------认证---------------------------------------------------
1)全局配置
super password level 1 cipher ***
super password level 2 cipher ***
super password level 3 cipher ***
2)Console配置
user-interface con 0
authentication-mode password
set authentication password cipher a:FL2/KX#^;Q=^Q`MAF4<1!!
idle-timeout 5 0
3)VTY配置
user-interface vty 0 4
authentication-mode password
idle-timeout 15 0
user privilege level 3
-----------STP---------------------------------------------------
1)公共配置
stp mode rstp
stp enable
stp pathcost-standard legacy
2)核心层交换
stp instance 0 root primary
stp enable
3)分布层交换
stp instance 0 priority 8192
stp enable
4)接入层交换
stp instance 0 priority 16384
stp enable
stp mode mstp
5)接入端口配置
stp edged-port enable
-----------LLDP--------------------------------------------------
lldp enable
-----------VRRP--------------------------------------------------
1)Master交换机:
interface Vlanif1
description Management
ip address 192.168.250.250 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.250.1
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
2)Slave网络交换机配置(维护):
interface Vlanif1
description Management
ip address 192.168.250.251 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.250.1
-----------SystemName------------------------------------------------------
systemname XXXX 192.168.2.X
---------------------------------------------------------------
storm-control broadcast min-rate 1000 max-rate 2000
storm-control multicast min-rate 1000 max-rate 2000
storm-control unicast min-rate 1000 max-rate 2000
storm-control interval 90
storm-control action block
storm-control enable log
相关文章