初始化密码设置,开局
admin
admin@huawei.com
y
admin@huawei.com
Admin@023
Admin@023
根桥
stp root primary
备份根桥
stp root secondary
BPDU保护,系统视图
stp bpdu-protection
配置根保护功能,接口视图
stp root-protection
MSTP
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
quit
stp instance 1 root primary
stp instance 1 root secondary
interface gigabitethernet 1/0/1
stp instance 2 cost 20000
interface gigabitethernet 0/0/1
stp root-protection
display stp interface gigabitethernet 0/0/3 brief
VRRP
interface vlanif 2
vrrp vrid 1 virtual-ip 10.1.2.100
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
quit
display vrrp
堆叠
interface stack-port 0/1
port interface gigabitethernet 0/0/27 enable
quit
stack slot 0 priority 200
stack slot 0 renumber 1
interface GigabitEthernet0/0/5
mad detect mode direct
quit
display device
display stack
display stack peers
display elabel slot 0 1
display stack port slot 0
reset stack-port configuration
堆叠线缆堆叠
display stack port auto-cable-info
save stack configuration
y
Eth-trunk
默认手工负载分担模式链路聚合
interface eth-trunk 10
trunkport gigabitethernet 0/0/5
trunkport gigabitethernet 1/0/5
trunkport gigabitethernet 2/0/5
quit
interface eth-trunk 10
mad detect mode relay
return
对端设备:
interface eth-trunk 10
mad relay
return
display mad verbose
display mad proxy
display trunkmembership eth-trunk 10
清除接口配置
clear configuration interface GigabitEthernet 0/0/1
y
combo接口工作模式
combo-port copper
排障
display error-down recovery
<Huawei>
reset counters interface g0/0/1
查看SN
display elabel slot slot-id
BarCode=2102351820109C000451
V200R003及之后的版本支持
display device manufacture-info
解除账号锁定
CE交换机
<HUAWEI>activate aaa local-user admin
<HUAWEI>activate vty ip-block ip-address 10.X.X.3
<HUAWEI>activate ssh server ip-block ip-address 10.X.X.3
防火墙
aaa
manager-user admin
state active
quit
quit
路由器
aaa
local-user admin state active
S7700系列CSS集群
1、集群卡方式集群
SwitchA
system-view
sysname SwitchA
set css mode css-card
set css id 1
set css priority 100
SwitchB
system-view
sysname SwitchB
set css mode css-card
set css id 2
set css priority 10
配置好以后
SwitchA
css enable
SwitchB
css enable
查看集群是否组件成功
display device
2、业务口方式集群
SwitchA
system-view
sysname SwitchA
set css mode lpu
set css id 1
set css priority 100
interface css-port 1
port interface xgigabitethernet 1/0/1 to xgigabitethernet 1/0/2 enable
quit
interface css-port 2
port interface xgigabitethernet 2/0/1 to xgigabitethernet 2/0/2 enable
quit
SwitchB
system-view
sysname SwitchB
set css mode lpu
set css id 2
set css priority 10
interface css-port 1
port interface xgigabitethernet 1/0/1 to xgigabitethernet 1/0/2 enable
quit
interface css-port 2
port interface xgigabitethernet 2/0/1 to xgigabitethernet 2/0/2 enable
quit
配置好以后
SwitchA
css enable
SwitchB
css enable
集群配置好以后,建议配置多主检测
system-view
interface gigabitethernet 1/2/0/0
mad detect mode direct
y
quit
interface gigabitethernet 2/2/0/0
mad detect mode direct
y
quit
quit
主备倒换
slave switchover
带关键业务升级
save
信息采集
screen-length 0 temporary
display device
display alarm all
display version
display patch-information
display startup
display stp brief
display arp all
display ip routing-table (vpn-stance)
display current-config
display interface brief
display transceiver verbose
check version all
数据备份
dir
tftp 192.168.1.200 put vrpcfg.zip
tftp 192.168.1.200 put licxxx.dat
tftp 192.168.1.200 put xxxx.pat
文件上传至设备
ftp 192.168.1.200 vpn-instance xxx
user:
password:
ls
get xxx.cc
开始升级
copy S12700-V200R019SPH011.pat S12700-V200R019SPH011.pat all
startup system-software S12700-V200R019C10-MPUB.cc all
startup patch S12700-V200R019SPH002.pat all
reboot
验证
display startup
display device
display patch-information
check version
display current-configuration
compare configuration
交换机开启web
上传Web网页文件
http server load xxx
http secure-server enable
http server enable
display http server
限制登录地址
http acl 3000
开启eSight管理无线
S12708交换机
set net-manager vpn-instance Internet
wlan
ap data-collection enable
组播
multicast routing-enable
igmp
version 3
成员端口开启
interface vlan 3
igmp enable
interface vlan 2
pim sm
quit
pim
static-rp 192.168.4.1 //源网关
quit
display igmp interface Vlanif 20
display igmp groupdisplay pim routing-table
display pim interface
IGMP Snooping
igmp-snooping enable
vlan 2
igmp-snooping enable
igmp-snooping version 2 //缺省情况下,设备可以处理IGMPv1和IGMPv2的报文
IPSG IP+MAC绑定
user-bind static ip-address 10.0.0.1 mac-address 0001-0001-0001
interface gigabitethernet 0/0/1
ip source check user-bind enable
ip source check user-bind alarm enable
ip source check user-bind alarm threshold 200
quit
display dhcp static user-bind all
防止主机私自更改IP,DHCP Snooping动态绑定
dhcp enable
dhcp snooping enable
vlan 10
dhcp snooping enable
dhcp snooping trusted interface g0/0/3
ip source check user-bind enable
quit
display dhcp snooping user-bind all
基本QinQ
外层vlan
vlan batch 100 200
下行接口
interface gigabitethernet 0/0/1
port link-type dot1q-tunnel
port default vlan 100
公网测接口
interface gigabitethernet 0/0/3
port link-type trunk
port trunk allow-pass vlan 100 200
quit
interface gigabitethernet 0/0/3
qinq protocol 9100
灵活QinQ
vlan batch 2 3
interface gigabitethernet 0/0/1
port link-type hybrid
port hybrid untagged vlan 2 3
qinq vlan-translation enable
port vlan-stacking vlan 100 stack-vlan 2
port vlan-stacking vlan 300 stack-vlan 3
quit