您的当前位置：首页正文

华为5624交换机配置

来源：意榕旅游网

华为5624交换机配置规范文档

5624核心交换机规范配置文档

进入交换机配置命令行后，须作如下配置：

进入系统视图

systemview

设置主机名，用于区别其他交换机。主机名最好包括交换机型号，以及交换机在网络中所起的作用等信息。

[Quidway]sysname Center-5624

配置Vlan时须对Vlan描述，帮助网络管理员确认该Vlan的用途与连接网络的范围。防止长时间后难于正确识别Vlan用途。

[Center-5624]vlan 2

[Center-5624-vlan2]description menzhen-low

[Center-5624-vlan2]quit

[Center-5624]vlan 3

[Center-5624-vlan3]description zhuyuan-low

[Center-5624-vlan3]quit

[Center-5624]vlan 4

[Center-5624-vlan4]description xingdai-low

[Center-5624-vlan4]quit

[Center-5624]vlan 5

[Center-5624-vlan5]description fengyuan

[Center-5624-vlan5]quit

[Center-5624]vlan 6

[Center-5624-vlan6]description mengzhendian

[Center-5624-vlan6]quit

配置VLAN的3层虚拟接口时，注意3层接口的地址与Vlan号最好要有对应关系。比如Vlan2接口对应地址为192.168.2.1，Vlan3接口对应地址为192.168.3.1.其他应如此类推。

[Center-5624]interface vlan 1

[Center-5624-vlan-interface1]ip address 192.168.1.1 255.255.255.0

[Center-5624-vlan-interface1]quit

[Center-5624]interface vlan 2

[Center-5624-vlan-interface2]ip address 192.168.2.1 255.255.255.0

[Center-5624-vlan-interface2]quit

[Center-5624]interface vlan 3

[Center-5624-vlan-interface3]ip address 192.168.3.1 255.255.255.0

[Center-5624-vlan-interface3]quit

[Center-5624]interface vlan 4

[Center-5624-vlan-interface4]ip address 192.168.4.1 255.255.255.0

[Center-5624-vlan-interface4]quit

[Center-5624]interface vlan 5

[Center-5624-vlan-interface5]ip address 192.168.5.1 255.255.255.0

[Center-5624-vlan-interface5]quit

[Center-5624]interface vlan 6

[Center-5624-vlan-interface6]ip address 192.168.6.1 255.255.255.0

[Center-5624-vlan-interface5]quit

如果是将多个接口批量加入某个VLAN中，如下命令将相关接口加入对应VLAN2、VLAN3、VLAN4。

[Center-5624]vlan 2

[Center-5624-vlan2]port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/3

[Center-5624]vlan 3

[Center-5624-vlan3]port GigabitEthernet 1/0/4 to GigabitEthernet 1/0/6

[Center-5624]vlan 4

[Center-5624-vlan4]port GigabitEthernet 1/0/7 to GigabitEthernet 1/0/8

配置将个别特定物理接口加入某个Vlan中。可采用如下命令：

[Center-5624]interface GigabitEthernet 1/0/9

[Center-5624-GigabitEthernet1/0/9]port access vlan 5

[Center-5624]interface GigabitEthernet 1/0/10

[Center-5624-GigabitEthernet1/0/9]port access vlan 6

创建交换机访问控制列表，控制所有VLAN只能与VLAN1互访，而不能与VLAN1已外的VLAN互访。

[Center-5624]acl number 3000

[Center-5624-acl-adv-3000]rule 100 permit ip source 192.168.1.0 0.0.0.255 destion any

上述访问控制列表规则让VLAN1的IP地址可以访问所以其他所有VLAN。

[Center-5624-acl-adv-3000]rule 90 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.1.0 0.0.0.255

上述访问控制列表规则让所有VLAN的IP地址可以访问VLAN1。

[Center-5624-acl-adv-3000]rule 80 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.0.1 0.0.255.0

上述访问控制列表规则让所有VLAN的IP地址可以访问网关IP地址：192.168.X.1

[Center-5624-acl-adv-3000]rule 70 deny ip source 192.168.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255

上述访问控制列表规则让所有VLAN的IP地址都不能互访。

[Center-5624-acl-adv-3000]quit

[Center-5624]

创建的访问控制列表要真正起作用，必须在交换机接口上启用该访问控制列表。以下命令将访问控制列表在交换机所有接口使用。

[center-5624]interface GigabitEthernet 1/0/1

[center-5624-GigabitEthernet1/0/1]packet-filter inbound ip-group 3000

[center-5624-GigabitEthernet1/0/1]quit

[center-5624]interface GigabitEthernet 1/0/2

[center-5624-GigabitEthernet1/0/2]packet-filter inbound ip-group 3000

[center-5624-GigabitEthernet1/0/2]quit

[center-5624]interface GigabitEthernet 1/0/24

[center-5624-GigabitEthernet1/0/24]packet-filter inbound ip-group 3000

[center-5624-GigabitEthernet1/0/24]quit

下列命令用于配置telnet用户的相关信息，包括用户名，用户口令，用户类型，用户级别。

[Center-5624]local-user gzyyadmin

[Center-5624-luser-admin]service-type telnet

[Center-5624-luser-admin]passord simple new2006

[Center-5624-luser-admin]level 3

在telnet的用户接口中指定登陆验证方式是交换机本地的用户数据库验证，并指定登陆的用户级别是最高级别：3级。

[Center-5624]user-interface vty 0 4

[Center-5624-ui-vty0-4]authentication-mode scheme

[Center-5624-ui-vty0-4]user privilege level 3

保存配置。

[Center-5624]save

[Center-5624]quit

以下是桂洲医院5624交换机完整配置文件。

sysname center-5624

radius scheme system

domain system

local-user gzyyadmin

password simple new2006

service-type telnet

level 3

acl number 3000

rule 70 deny ip source 192.168.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255

rule 80 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.0.1 0.0.255.0

rule 90 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.1.0 0.0.0.255

rule 100 permit ip source 192.168.1.0 0.0.0.255

vlan 1

vlan 2

description menzhen-low

vlan 3

description zhuyuan-low

vlan 4

description xingdai-low

vlan 5

description fengyuan

vlan 6

description mengzhendian

interface Vlan-interface1

ip address 192.168.1.1 255.255.255.0

interface Vlan-interface2

ip address 192.168.2.1 255.255.255.0

interface Vlan-interface3

ip address 192.168.3.1 255.255.255.0

interface Vlan-interface4

ip address 192.168.4.1 255.255.255.0

interface Vlan-interface5

ip address 192.168.5.1 255.255.255.0

interface Vlan-interface6

ip address 192.168.6.1 255.255.255.0

#LOCCFG. MUST NOT DELETE

interface Aux1/0/0

interface GigabitEthernet1/0/1

port access vlan 2