1、删除配置文件后重启
delete config.text
reload

2、telnet配置
Ruijie(config)#line vty 0 4
进入telnet密码配置模式,0 4表示允许共5个用户同时telnet登入到交换机

Ruijie(config-line)#login
启用需输入密码才能telnet成功

Ruijie(config-line)#password ruijie
将telnet密码设置为ruijie

Ruijie(config-line)#exit
回到全局配置模式

Ruijie(config)#enable password ruijie
配置进入特权模式的密码为ruijie

Ruijie(config)#end
退出到特权模式

Ruijie#write
确认配置正确,保存配置

3、查看
show ip int br
查看所有的ip

show inter status
查看所有端口信息

show run inter g0/1
查看0/1口配置信息

show vlan
查看所有vlan

show cpu/memery
查看cpu或内存使用率

show inter trunk
查看所有的trunk口

hostname
改名字

创建聚合口1并设置为trunk
interface AggregatePort 1
switchport mode trunk

ip dhcp snooping
开启dhcp检测功能

上联核心口设置为dhcp snooping为信任
ip dhcp snooping trust

端口聚合配置:
Switch(config)#interface fastEthernet 0/1
Switch (config-if)#port-group 1
把端口f0/1加入到聚合组1中

show aggregateport 1 summary
查看聚合1口的信息

show aggregateport summary
查看哪些口加入了聚合口

no spaning-tree
关闭生成树

4、DHCP配置
打开DHCP :
Switch(config)#service dhcp
打开DHCP服务

Switch(config)#no service dhcp
关闭DHCP服务

DHCP中继:
Switch(config)#service dhcp
Switch(config)#ip helper-address 192.168.1.1
//设置DHCP Server的IP地址为192.168.1.1
配置了DHCP Server,交换机所收到的DHCP请求报文将全部转发给它。

Ruijie(config)#service dhcp
开启DHCP功能

Ruijie(config)#ip dhcp pool vlan2
Ruijie(dhcp-config)#lease 1 2 3
1、2、3分别是天、时、分,地址释放时间默认为24小时。

Ruijie(dhcp-config)#network 192.168.2.0 255.255.255.0
可以分配的地址是192.168.2.1~192.168.2.25

ip dhcp excluded-address 192.168.2.200 192.168.2.254
排除地址段

hardware-address 0026.b90b.a48a
这个mac地址每次分配的ip地地址不变

Ruijie(dhcp-config)#dns-server 8.8.8.8 6.6.6.6
8.8.8.8为主DNS,6.6.6.6为备用DNS

Ruijie(dhcp-config)#default-router 192.168.2.254
Ruijie(dhcp-config)#exit

Ruijie#show ip dhcp binding
查看分配到的地址

5、锐捷路路检测:
Rujijie(config)#rldp enable
全局开启RLDP功能

Rujijie(config)#interface range g0/1-24
对于下联PC或HUB的端口需要开启,不要在接入交换机的上联口开启该功能

Rujijie(config-if-range)#rldp port loop-detect shutdown-port
接口开启RLDP功能,如果检测出环路后shutdow该端口

Rujijie(config-if-range)#exit

Rujijie(config)#errdisable recovery interval 300
如果端口被RLDP检测并shutdown,再过300秒后会自动恢复,重新检测是否有环路

show sysmac //查本机mac背板地址,
注意:int vlan 的mac地址和三层物理mac地址是上面这个地址再+1

show arpentry //查acp表交换机

show mac count //查看设备mac使用情况

show ip dhcp binding |in 192.168.1.0 //查看dhcp使用情况

show lldp neig…
用邻居发现协议查看和邻居的接口

rldp port loop-detect shutdown-port
开环路检测,自动关口

dchp下防止私自设置IP:
dhcp snooping
上联口信任口
其它接PC口设置:ip verify source port-security
旧版本用:ip dhcp snooping address-bind

防网关arp欺骗:
anti-arp-spoofing ip 网关IP sip 源ip地址(pc) smac 源mac地址(pc)

DHCP场景下防arp欺骗:
dhcp snooping
上联口信任口
ip verify source port-security //生成dhcp表对应mac地址项
arp-check //检测到不在表中就丢掉

802.1x认证场景下dchp自动地址下的防arp欺骗:
配安全通道:
expert accecc-list entend dhcp
permit udp any any any any eq bootps //放通dhcp报文
global access-group dhcp
aaa authoriztion ip-auth-mode supplicant //设置授权模式为客户端授权
arp-check //接pc 口开检测
arp-check list //在接口上查看结果

无线防arp欺骗:
dhcp snooping
ip dchp noopting trust //上联口为信任口
未开web认证时:
wlansec 1
ip verify source port-security //开IP防护功能
arp-check
如果有web认证时:
是11.1版继续下配:
wlansec 1
ip verify source port-security
arp-check
不是11.1版继续下配:
web-auth dhcp-check
http redirect direct-arp 192.168.1.1 //开放无线用户网关让用户发起http请示
wlansec 1
arp-check

AP接入交接我机arp防治(vlan30是ap管理dhcp段)
interface GigabitEthernet 0/1
switchport mode trunk
switchport trunk native vlan 30
rldp port loop-detect shutdown-port
anti-arp-spoofing ip 10.177.52.1
anti-arp-spoofing ip 192.168.20.254
anti-arp-spoofing ip 192.168.50.254
anti-arp-spoofing ip 192.168.30.254
anti-arp-spoofing ip 192.168.1.1
ip verify source port-security
arp-check
poe enable

6、网络三层生产环境配置:
核心配置:
Building configuration…
Current configuration : 4654 bytes

version 11.0(4)B19P2
hostname RG-S7808C
!
ip access-list extended 101
10 deny ip 192.168.1.0 0.0.0.255 any
11 deny ip 192.168.2.0 0.0.0.255 any
20 permit ip any any
!
username admin password ruijie@123
!
cwmp
acs url http://cloudg.rj.link/service/acs/G1PB092000666
cpe inform interval 180
!
service dhcp
ip dhcp excluded-address 192.168.30.2 192.168.30.50
ip dhcp excluded-address 192.168.13.1 192.168.13.75
ip dhcp excluded-address 192.168.13.100 192.168.13.105
!
ip dhcp pool vlan101
network 192.168.13.0 255.255.255.0
dns-server 114.114.114.114 202.96.128.86
default-router 192.168.13.254
!
ip dhcp pool vlan103
option 138 ip 1.1.1.1
network 192.168.103.0 255.255.255.0
dns-server 114.114.114.114 202.96.128.86
default-router 192.168.103.1
!
ip dhcp pool vlan105
lease 0 8 0
network 192.168.105.0 255.255.255.0
dns-server 114.114.114.114 202.96.128.86
default-router 192.168.105.1
!
ip dhcp pool vlan10
!
ip dhcp pool vlan30
network 192.168.30.0 255.255.255.0
dns-server 114.114.114.114 202.96.128.86
default-router 192.168.30.1
!
install 1 M7800C-24SFP/12GT4XS-EA
install 2 M7800C-16SFP8XS-EA
!
sysmac c0b8.e6f9.6b3a
ip name-server 114.114.114.114
!
grtd
!
nfpp
!
no service password-encryption
!
redundancy
!
clock timezone PRC +8 0
!
enable password ruijie@123
!
vlan range 1,10,29-30,100-110
!
interface GigabitEthernet 1/1
no switchport
ip access-group 101 out
ip address 30.30.30.1 255.255.255.248
!
interface GigabitEthernet 1/2
switchport mode trunk
switchport trunk allowed vlan only 100,105
!
interface GigabitEthernet 1/3
switchport access vlan 100
!
interface GigabitEthernet 1/4
switchport access vlan 10
!
interface GigabitEthernet 1/5
switchport access vlan 10
!
interface GigabitEthernet 1/6
switchport access vlan 10
!
interface GigabitEthernet 1/7
switchport access vlan 10
!
interface GigabitEthernet 1/8
switchport access vlan 10
!
interface GigabitEthernet 1/9
switchport access vlan 101
!
interface GigabitEthernet 1/10
!
interface GigabitEthernet 1/11
switchport access vlan 101
!
interface GigabitEthernet 1/12
description DNS
switchport access vlan 102
!
interface GigabitEthernet 1/13
!
interface GigabitEthernet 1/14
!
interface GigabitEthernet 1/15
!
interface GigabitEthernet 1/16
!
interface GigabitEthernet 1/17
!
interface GigabitEthernet 1/18
!
interface GigabitEthernet 1/19
!
interface GigabitEthernet 1/20
!
interface GigabitEthernet 1/21
!
interface GigabitEthernet 1/22
!
interface GigabitEthernet 1/23
!
interface GigabitEthernet 1/24
!
interface GigabitEthernet 2/1
!
interface GigabitEthernet 2/2
!
interface GigabitEthernet 2/3
!
interface GigabitEthernet 2/4
!
interface GigabitEthernet 2/5
!
interface GigabitEthernet 2/6
!
interface GigabitEthernet 2/7
!
interface GigabitEthernet 2/8
!
interface GigabitEthernet 2/9
!
interface GigabitEthernet 2/10
!
interface GigabitEthernet 2/11
!
interface GigabitEthernet 2/12
!
interface GigabitEthernet 2/13
!
interface GigabitEthernet 2/14
!
interface GigabitEthernet 2/15
!
interface GigabitEthernet 2/16
!
interface TenGigabitEthernet 1/25
!
interface TenGigabitEthernet 1/26
!
interface TenGigabitEthernet 1/27
port-group 1
!
interface TenGigabitEthernet 1/28
port-group 1
!
interface TenGigabitEthernet 2/17
!
interface TenGigabitEthernet 2/18
!
interface TenGigabitEthernet 2/19
!
interface TenGigabitEthernet 2/20
!
interface TenGigabitEthernet 2/21
!
interface TenGigabitEthernet 2/22
!
interface TenGigabitEthernet 2/23
!
interface TenGigabitEthernet 2/24
!
interface AggregatePort 1
switchport mode trunk
!
interface VLAN 10
!
interface VLAN 29
description jk-vpn
ip address 172.16.101.94 255.255.255.252
!
interface VLAN 30
ip address 192.168.30.1 255.255.255.0
!
interface VLAN 100
description MGMT
ip address 192.168.100.254 255.255.255.0
!
interface VLAN 101
description BGS
ip address 192.168.13.254 255.255.255.0
!
interface VLAN 102
description DNS
ip address 192.168.0.1 255.255.255.0
!
interface VLAN 103
description AP-MGMT
ip address 192.168.103.1 255.255.255.0
!
interface VLAN 104
description JK
ip address 192.168.2.1 255.255.255.0
!
interface VLAN 105
description AP-STA
ip address 192.168.105.1 255.255.255.0
!
interface VLAN 106
description GB
ip address 192.168.1.1 255.255.255.0
!
interface Mgmt 0
!
ip route 0.0.0.0 0.0.0.0 30.30.30.3
ip route 1.1.1.1 255.255.255.255 192.168.100.253
!
line console 0
line vty 0 4
login local
!
end
RG-S7808C(config)#

汇聚配置:
Building configuration…
Current configuration: 2560 bytes

version S5760X_RGOS 12.3(1)B0701
hostname RG-S5760-HJ
!
username admin password ruijie@123
!
cwmp
acs url http://cloudg.rj.link/service/acs/G1P922U001247
cpe inform interval 180
!
install 0 S5760C-24SFP/8GT8XS-X
!
sysmac c0b8.e64e.e53c
ip name-server 114.114.114.114
!
enable service web-server http
enable service web-server https
webmaster level 0 username admin password 7 111323081b44
!
nfpp
!
no service password-encryption
!
redundancy
!
clock timezone PRC +8 0
!
enable password ruijie@123
!
vlan range 1,30,100-110
!
interface GigabitEthernet 0/1
switchport mode trunk
!
interface GigabitEthernet 0/2
switchport mode trunk
!
interface GigabitEthernet 0/3
switchport mode trunk
!
interface GigabitEthernet 0/4
switchport mode trunk
!
interface GigabitEthernet 0/5
switchport mode trunk
!
interface GigabitEthernet 0/6
switchport mode trunk
!
interface GigabitEthernet 0/7
switchport mode trunk
!
interface GigabitEthernet 0/8
switchport mode trunk
!
interface GigabitEthernet 0/9
switchport mode trunk
!
interface GigabitEthernet 0/10
switchport mode trunk
!
interface GigabitEthernet 0/11
switchport mode trunk
!
interface GigabitEthernet 0/12
switchport mode trunk
!
interface GigabitEthernet 0/13
switchport mode trunk
!
interface GigabitEthernet 0/14
switchport mode trunk
!
interface GigabitEthernet 0/15
switchport mode trunk
!
interface GigabitEthernet 0/16
switchport access vlan 104
!
interface GigabitEthernet 0/17
switchport mode trunk
!
interface GigabitEthernet 0/18
switchport mode trunk
!
interface GigabitEthernet 0/19
switchport mode trunk
!
interface GigabitEthernet 0/20
switchport mode trunk
!
interface GigabitEthernet 0/21
switchport mode trunk
!
interface GigabitEthernet 0/22
switchport mode trunk
!
interface GigabitEthernet 0/23
switchport mode trunk
!
interface GigabitEthernet 0/24
switchport mode trunk
!
interface TenGigabitEthernet 0/25
!
interface TenGigabitEthernet 0/26
!
interface TenGigabitEthernet 0/27
!
interface TenGigabitEthernet 0/28
!
interface TenGigabitEthernet 0/29
!
interface TenGigabitEthernet 0/30
!
interface TenGigabitEthernet 0/31
port-group 1
!
interface TenGigabitEthernet 0/32
port-group 1
!
interface AggregatePort 1
switchport mode trunk
!
interface VLAN 100
description mgmt
ip address 192.168.100.250 255.255.255.0
!
interface Mgmt 0
!
ip route 0.0.0.0 0.0.0.0 192.168.100.254
!
line console 0
line vty 0 4
login local
!
end
RG-S5760-HJ(config)#

接入配置:
S2928_2L(config)#show running-config

Building configuration…
Current configuration: 3576 bytes

version S29_RGOS 11.4(1)B70P1
hostname S2928_2L
!
errdisable recovery interval 300
no spanning-tree
!
rldp enable
!
ip dhcp snooping
!
username admin password ruijie@123
!
cwmp
acs url http://cloudg.rj.link/service/acs/G1PHB1X024869
cpe inform interval 180
!
install 0 S2928G-E V3
!
sysmac c0b8.e67e.f6e5
ip name-server 114.114.114.114
!
nfpp
!
no service password-encryption
!
redundancy
!
clock timezone PRC +8 0
!
no zam
enable password ruijie@123
!
vlan range 1,30,100-120
!
interface GigabitEthernet 0/1
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/2
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/3
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/4
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/5
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/6
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/7
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/8
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/9
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/10
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/11
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/12
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/13
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/14
switchport access vlan 103
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/15
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/16
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/17
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/18
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/19
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/20
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/21
switchport access vlan 30
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/22
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/23
switchport access vlan 104
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/24
switchport access vlan 104
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/25
switchport mode trunk
switchport trunk allowed vlan only 30,100-101,104
ip dhcp snooping trust
!
interface GigabitEthernet 0/26
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/27
switchport access vlan 101
rldp port loop-detect shutdown-port
!
interface GigabitEthernet 0/28
switchport mode trunk
rldp port loop-detect shutdown-port
ip dhcp snooping trust
!
interface VLAN 100
ip address 192.168.100.2 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.100.254
!
line console 0
line vty 0 4
login local
!
end
S2928_2L(config)#

Logo

华为开发者空间,是为全球开发者打造的专属开发空间,汇聚了华为优质开发资源及工具,致力于让每一位开发者拥有一台云主机,基于华为根生态开发、创新。

更多推荐