开局配置管理方式
# 交换机下接多AP组mesh的时候,要把stp生成树关闭
undo stp enable
# 配置新账户和服务类型
aaa
local-user zeng password cipher admin@huawei.com
local-user zeng privilege level 15
local-user zeng service-type terminal http ssh ftp telnet
q
# 验证方式为账号加密码的aaa认证
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
q
# ssh具体配置
ssh user zeng authentication-type password
ssh user zeng service-type stelnet
stelnet server enable
# 创建密钥(非必选)
rsa local-key-pair create
# 全接口可连接
ssh server-source all-interface
# 指定接口连接
ssh server-source -i vlanif 100
ssh server-source -i Eth-Trunk 1
ssh server-source -i Meth
ssh server-source -i GIgabitEthernet 0/0/1
# ftp具体设置
ftp server enable
ftp server-source all-interface
# http具体配置
http server load file-name
#
fm-s5735-l2-v200r022c00spc500.120.web.7z
S5720LI-V200R022C00SPC500.120.web.7z
#
http secure-server enable
http server enable
http server-source all-interface
vlan建立
# 单个
vlan 100
# 多个
vlan batch 101 to 120 # 建20个
vlan batch 101 120 # 建2个
常用端口操作
单端口
# 千兆
int g0/0/1
# 万兆
int x0/0/1
端口组
# 端口组
port-group test
group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/2
port link-type access
prot default vlan 101
# 查看端口组成员
display port-group all
临时端口组
# 操作完自动退出端口组
interface range gigabitethernet 0/0/1 to 0/0/4 // 根据实际情况选择端口范围
vlan类型:Trunk|Hybrid|Access
1.基本操作
# Access
port link-type access
port default vlan 100
# Hybrid_untagged
port link-type hybrid
port hybrid link-type untagged vlan 100 200 300 20 to 30
purt hybrid pvid vlan 100
# Hybrid_tagged
port link-type access
port default vlan 100
# Hybrid_untagged
port link-type hybrid
port hybrid tagged vlan 20 to 30
purt hybrid pvid vlan 100
# Trunk
port link-type trunk
port trunk allow vlan 20 to 30
prot trunk pvid vlan 100
2.vlan1为本征vlan,默认都是放行的.可禁用
# Hybrid
undo port hybrid vlan 1
# Trunk
undo port trunk allow vlan 1
DHCP及回收 & 静态IP & Opthon
1.全局DHCP配置
# 系统视图
dhcp enable
ip pool test
dns-list 10.0.0.1, 223.6.6.6
gatway-list 10.0.0.1
excluded-ip-address 10.0.0.3 to 10.0.0.49 \\排除地址,注意网关和dns不能排除,否则会报错
int vlan100
dhcp select global \\开启全局dhcp
q
dhcp option template op \\建立新的option选项op并进入
dns-list 10.0.0.2
gatway-list 10.0.0.2
q
# 用户视图
reset ip pool name test 10.0.0.88 \\回收dhcp地址,注意设备先断开连接,否则会再次获得,回收失败
# 系统视图
static-bind ip-address 10.0.0.80 mac-address 4aac-c7f2-4f54 option-template op \\设置静态IP及option选项
# 查看dhcp全部分配情况
dis ip pool name test used
# 查看dhcp单个分配情况
dis ip pool name test used | in 10.0.0.80
# 查看某个设备的ip和mac地址
dis arp | include 4f54
端口聚合
常用查看命令及技巧
固件升级
常用密码
2.console密码重置
1、通过Console口连接交换机,并重启交换机。
2、当界面出现以下打印信息时,及时按下快捷键“Ctrl+B”并输入BootROM/BootLoad密码,进入BootROM/BootLoad主菜单
3、密码: Admin@huawei.com A必须大写。
4、选着7 Clear password for console user (选择清除console用户密码模式)。
5、选择1 Boot with default mode(键入1启动默认模式),进入后更改Console 及telnet密码。
配置Console用户的认证方式为AAA:
选择AAA认证,需要配置AAA用户的认证信息、接入类型和用户级别。
[HUAWEI] aaa
[HUAWEI-aaa]
local-user admin password irreversible-cipher Admin@123 //创建本地用户admin123,登录密码为abcd@123
[HUAWEI-aaa] local-user admin privilege level 15 //配置本地用户admin123的级别为15
Warning: This operation may affect online users, are you sure to change the user privilege level ?[Y/N]y
[HUAWEI-aaa]
local-user admin service-type terminal //配置本地用户admin123的接入类型为终端用户,即Console用户
user-interface console 0
authentication-mode password
set authentication password cipher admin888
Comments | NOTHING