网络空间安全:行业资讯、技术分享、法规研讨、趋势分析……

“游侠安全网”创建了网络安全从业者QQ大群(群号:1255197) ,欢迎各位同仁加入!有其它问题如合作等,请联系站长“网路游侠”,QQ:55984512


北电交换机配置 命令行

2013-03-09 19:43 推荐: 浏览: 191 views 字号:

摘要: 一、DHCP中继 vlan 1 create byport 1 name “VLAN-1” vlan 1 ports add 1/1 vlan 1 ip create 10.1.1.1/255.255.255.0 vlan 1 ip d...

一、DHCP中继

vlan 1 create byport 1 name “VLAN-1”
vlan 1 ports add 1/1
vlan 1 ip create 10.1.1.1/255.255.255.0
vlan 1 ip dhcp-relay enable

ip dhcp-relay create-fwd-path agent 10.1.1.1 server 10.1.2.1 mode bootp_dhcp state enable

二、端口镜像

diag mirror-by-port 1 create in-port 1/1 out-port 10/1
diag mirror-by-port 1 enable enable
diag mirror-by-port 1 mode both

三、关闭广播、组播端口保护

ethernet 1/1 cp-limit disable multicast-limit 25000 broadcast-limit 20000

四、配置VRRP

      交换机1

vlan 1 create byport 1 name “VLAN-1”
vlan 1 ports add 1/1,2/1   //***2/1用于交换机互联
vlan 1 ip create 10.1.1.1/255.255.255.0
vlan 1 ip vrrp 1 address 10.31.0.254
vlan 1 ip vrrp 1 backup-master enable
vlan 1 ip vrrp 1 fast-adv-enable enable
vlan 1 ip vrrp 1 holddown-timer 4
vlan 1 ip vrrp 1 priority 250
vlan 1 ip vrrp 1 enable

ethernet 2/1 perform-tagging enable   //***tag,即封装DOT1Q

      交换机2
      vlan 1 create byport 1 name “VLAN-1”
vlan 1 ports add 1/1,2/1   //***2/1用于交换机互联
vlan 1 ip create 10.1.1.2/255.255.255.0
vlan 1 ip vrrp 1 address 10.1.1.254
vlan 1 ip vrrp 1 backup-master enable
vlan 1 ip vrrp 1 fast-adv-enable enable
vlan 1 ip vrrp 1 holddown-timer 4
vlan 1 ip vrrp 1 enable

ethernet 2/1 perform-tagging enable
五、配置syslog

sys syslog host 1 create

sys syslog host 1 address 10.2.1.100

sys syslog host 1 host enable

sys syslog host 1 severity info warning error fatal

六、配置MLT

mlt 1 create

mlt 1 add ports 3/1-3/4

mlt 1 name “MLT-1”

mlt 1 perform-tagging enable //***不用在端口下打tag

vlan 10 ports add-mlt 1      //***mlt1允许vlan10数据通过

七、配置SMLT

共三台交换机,核心1、2以及接入交换机1,核心之间通过IST维护SMLT,并建立SMLT,接入1的两个端口配置MLT分别接入两台核心。SMLT无需生成树机制,实现了二层的loadbalance,8600系列可创建32组,Single Port SMLT模式(服务器loadbalance)没有组数限制。

核心1

mlt 10 create

mlt 10 add ports 4/1-4/2

mlt 10 name “MLT-IST”

mlt 10 perform-tagging enable

mlt 10 ist create ip 192.168.168.2 vlan-id 100  //***对端核心IP

mlt 10 ist enable

 

mlt 20 create

mlt 20 add ports 4/3

mlt 20 name “MLT-SWITCH1_1/1”

mlt 20 perform-tagging enable

mlt 20 smlt create smlt-id 20

 

vlan 100 create byport1 name “IST”

vlan 100 add-mlt 10

vlan 100 add-mlt 20

vlan 100 ip create 192.168.168.1/255.255.255.252

 

ethernet 4/1-4/3 stg 1 stp disable

 

核心2

mlt 10 create

mlt 10 add ports 4/1-4/2

mlt 10 name “MLT-IST”

mlt 10 perform-tagging enable

mlt 10 ist create ip 192.168.168.1 vlan-id 100  //***对端核心IP

mlt 10 ist enable

 

mlt 20 create

mlt 20 add ports 4/3

mlt 20 name “MLT-SWITCH1_1/2”

mlt 20 perform-tagging enable

mlt 20 smlt create smlt-id 20

 

vlan 100 create byport1 name “IST”

vlan 100 add-mlt 10

vlan 100 add-mlt 20

vlan 100 ip create 192.168.168.2/255.255.255.252

 

ethernet 4/1-4/3 stg 1 stp disable

 

接入1

mlt 1 create

mlt 1 add ports 1/1-1/2

mlt 1 name “MLT-CORE_4/3”

mlt 1 perform-tagging enable

原文:http://cxz721.blog.163.com/blog/static/3806844320103110310222/

联系站长租广告位!

中国首席信息安全官


关闭


关闭