Huawei華為交換機基本配置指令
恢複出廠設定----------------注意Y和N的選項,不要輸錯。
<S1>reset saved-configuration
Warning: The action will delete the saved configuration in the device.
The configuration will be erased to reconfigure. Continue? [Y/N]:y
<S1>reboot
Info: The system is now comparing the configuration, please wait.
Warning: The configuration has been modified, and it will be saved to the next startup saved-configuration file . Continue? [Y/N]:n
Info: If want to reboot with saving diagnostic information, input 'N' and then execute 'reboot save diagnostic-information'.
System will reboot! Continue?[Y/N]:y
新交換機第一次上電,或恢複出廠設定後,要求設定新密碼
出廠自帶的使用者名是admin,密碼是[email protected]
Login authentication
Username:admin
Password:
Warning: The default password poses security risks.
The password needs to be changed. Change now? [Y/N]: y
Please enter old password:
Please enter new password: ---------------------輸入密碼時沒有任何顯示
Please confirm new password:
The password has been changed successfully.
第一次儲存設定時,需輸入檔案名,隻需按回車
<HUAWEI>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]y
Info: Please input the file name ( *.cfg, *.zip ) [vrpcfg.zip]:
May 28 2019 10:57:52 HUAWEI %%01CFM/4/SAVE(s)[1]:The user chose Y when deciding whether to save the configuration to the device.
flash:/vrpcfg.zip exists, overwrite?[Y/N]:y
May 28 2019 10:57:54 HUAWEI %%01CFM/4/OVERWRITE_FILE(s)[2]:When deciding whether to overwrite the configuration file vrpcfg.zip, the user chose Y.
Now saving the current configuration to the slot 0......
Save the configuration successfully.
設定日期和時間
<HUAWEI>clock datetime 10:46:30 2019-05-28
設定console口的連接配接方式,可設定為無,僅密碼,使用者名密碼等方式
[HUAWEI]user-interface console 0
[HUAWEI-ui-console0]authentication-mode ?
aaa AAA authentication, and this authentication mode is recommended
none Login without checking
password Authentication through the password of a user terminal interface
[HUAWEI-ui-console0]set authentication password
[HUAWEI-ui-console0]set authentication password cipher administrator
開啟telnet服務,stp功能,http服務
[HUAWEI]telnet server enable-------------------開啟telnet服務
[HUAWEI]stp mode rstp-------------------設定stp模式為rstp
[HUAWEI]stp enable-------------------開啟stp功能
[HUAWEI]http server enable-------------------開啟http服務(預設就是開啟的)
設定vty,telnet登入
[HUAWEI]user-interface maximum-vty 15-------------------vty界面最大值15
authentication-mode password-------------認證模式設定為僅需密碼,也可設定為aaa模式
user privilege level 15-------------------使用者權限級别15(非常重要)
set authentication password cipher $1a$IZ,o~LZ$Z.$GHlQ-zn9-Gn<*8([email protected]#6wmH;M\%L#($\PXNa.:$---此處是密碼,輸入時是明文,根據需要設定
history-command max-size 256-------------------指令行最大曆史記錄
idle-timeout 6 0-------------------使用者逾時時間6分0秒
screen-length 100-------------------螢幕長度100行
protocol inbound telnet-------------------允許telnet協定進入(非常重要)
設定一個使用者用于網頁登入
[HUAWEI]aaa
[HUAWEI-aaa]dis local-user
----------------------------------------------------------------------------
User-name State AuthMask AdminLevel
----------------------------------------------------------------------------
admin A MH 15
----------------------------------------------------------------------------
Total 1 user(s)
[HUAWEI-aaa]undo local-user admin
Error: Have user(s) online, can not be deleted.
[HUAWEI-aaa]quit
由于第一次登入時,console口要求使用者名密碼登入,是以無法删除本地使用者admin,此時可退到<>視圖,儲存設定,退出交換機,再重新登入。由于我們已經将console口的認證方式改為僅需密碼,是以可以再次進入aaa,删除使用者admin。删除後,再建立admin,權限,服務類型等,均可由我們自己控制。
[HUAWEI]aaa
[HUAWEI-aaa]undo local-user admin
[HUAWEI-aaa]local-user admin password irreversible-cipher administrator idle-timeout 6 0------标紅的為密碼,根據需要設定
Info: Add a new user.
[HUAWEI-aaa]local-user admin service-type http
[HUAWEI-aaa]local-user admin privilege level 15
Warning: This operation may affect online users, are you sure to change the user privilege level ?[Y/N]y
[HUAWEI-aaa]local-user admin ftp-directory flash:
如遇更新版本的交換機軟體,telnet服務要求必須是aaa認證(使用者名密碼認證),可按上面所述再建立一個使用者,service-type設定為telnet。
關閉交換機自動彈出配置改變告警
輸入配置指令後裝置會提示如下類似資訊:
DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 1, the change loop count is 64, and the maximum number of records is 1.
這個是配置改變的告警提示資訊,不是錯誤資訊,可以配置如下指令屏蔽此資訊:
[HUAWEI]info-center source DS channel console trap level warning state off
建立vlan,并将端口加入vlan
[HUAWEI]vlan 2------------------建立單個vlan,2
[HUAWEI-vlan2]quit------------------建立vlan後就進入該vlan了,是以退出
[HUAWEI]vlan batch 3 to 10------------------批量建立vlan,3-10
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI]------------------批量建立vlan後不會進入哪個vlan
由于華為交換機的端口出廠時預設都是hybrid類型或auto類型的,是以無法立即加入vlan,需要更改端口的link-type後,才可以加入vlan。單個端口更改方式如下:
[HUAWEI]interface GigabitEthernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/1]port default vlan 2
[HUAWEI-GigabitEthernet0/0/1]dis this
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
批量更改,先更改端口類型,再統一加入某個vlan,如下:
[HUAWEI]port-group group-member g 0/0/2 to g 0/0/4
[HUAWEI-port-group]port link-type access
[HUAWEI-GigabitEthernet0/0/2]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/3]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/4]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-port-group]port default vlan 3
[HUAWEI-GigabitEthernet0/0/2]port default vlan 3
[HUAWEI-GigabitEthernet0/0/3]port default vlan 3
[HUAWEI-GigabitEthernet0/0/4]port default vlan 3
也可以先批量更改端口連接配接類型,再進入vlan添加端口,如下:
[HUAWEI]port-group group-member g 0/0/5 to g 0/0/10
[HUAWEI-port-group]port link-type access
[HUAWEI-GigabitEthernet0/0/5]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/6]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/7]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/8]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/9]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/10]port link-type access
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-port-group]quit
[HUAWEI]vlan 4
[HUAWEI-vlan4]port g 0/0/5 to 0/0/6
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-vlan4]
更改完成後可檢視端口與vlan對應關系:
[HUAWEI]display port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
GigabitEthernet0/0/1 access 2 -
GigabitEthernet0/0/2 access 3 -
GigabitEthernet0/0/3 access 3 -
GigabitEthernet0/0/4 access 3 -
GigabitEthernet0/0/5 access 4 -
GigabitEthernet0/0/6 access 4 -
GigabitEthernet0/0/7 access 1 -
GigabitEthernet0/0/8 access 1 -
GigabitEthernet0/0/9 access 1 -
GigabitEthernet0/0/10 access 1 -
GigabitEthernet0/0/11 auto 1 1-4094
GigabitEthernet0/0/12 auto 1 1-4094
設定端口為trunk類型
[HUAWEI]interface GigabitEthernet 0/0/28
[HUAWEI-GigabitEthernet0/0/28]port link-type trunk
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-GigabitEthernet0/0/28]port trunk pvid vlan 10
[HUAWEI-GigabitEthernet0/0/28]port trunk allow-pass vlan 2 to 4000
Info: This operation may take a few seconds. Please wait a moment....done.
[HUAWEI-GigabitEthernet0/0/28]undo port trunk allow-pass vlan 1
Info: This operation may take a few seconds. Please wait a moment...done.
[HUAWEI-GigabitEthernet0/0/28]dis this
#
interface GigabitEthernet0/0/28
port link-type trunk
port trunk pvid vlan 10
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4000
#
return
兩個交換機相連的trunk端口,pvid必須一緻,規模較大的企業區域網路,不建議使用vlan1,是以trunk端口不允許vlan1通過
設定鍊路聚合
[HUAWEI]interface Eth-Trunk 1
[HUAWEI-Eth-Trunk1]port link-type trunk
Info: This operation may take a few seconds. Please wait for a moment...done.
[HUAWEI-Eth-Trunk1]port trunk pvid vlan 10
[HUAWEI-Eth-Trunk1]port trunk allow-pass vlan 2 to 4000
Info: This operation may take a few seconds. Please wait a moment....done.
[HUAWEI-Eth-Trunk1]undo port trunk allow-pass vlan 1
Info: This operation may take a few seconds. Please wait a moment...done.
[HUAWEI-Eth-Trunk1]dis this
#
interface Eth-Trunk1
port link-type trunk
port trunk pvid vlan 10
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4000
#
return
以上指令建立一個聚合端口,并設定了端口的屬性
[HUAWEI]interface GigabitEthernet 0/0/25
[HUAWEI-GigabitEthernet0/0/25]eth-trunk 1
Info: This operation may take a few seconds. Please wait a moment...done.
以上指令将G 0/0/25端口加入聚合端口eth-trunk 1,無需更多設定。可将更多的端口加入聚合端口。
開啟DHCP功能,設定位址池,并應用
[HUAWEI]dhcp enable
ip pool 192.168.2.0----------------建立一個位址池,名為192.168.2.0
gateway-list 192.168.2.254----------------設定網關位址
network 192.168.2.0 mask 255.255.255.0----------------設定網段
excluded-ip-address 192.168.2.251 192.168.2.253----------------設定不參與配置設定的IP位址範圍
lease day 0 hour 0 minute 30----------------設定租期時長
dns-list 114.114.114.114 8.8.8.8----------------設定dns位址
[HUAWEI]interface Vlanif 2----------------進入vlanif 2
[HUAWEI-Vlanif2]ip address 192.168.2.254 24----------------給vlanif 2 設定IP位址(就是上面位址池的網關位址)
[HUAWEI-Vlanif2]dhcp select global ----------------DHCP選擇全局,會自動比對位址池
開啟流控制功能,限制某些網段互網(主要是限制訪客網與辦公網、财務網互訪)
[HUAWEI]acl number 3001-----------添加一個進階ACL,可控制源位址和目的位址
Info: When the ACL that is referenced by SACL is modified, the SACL will be dynamically updated. During the update, these SACL will become invalid temporarily.
[HUAWEI-acl-adv-3001]rule 1000 deny ip source 172.16.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255
[HUAWEI-acl-adv-3001]rule 1100 deny ip source 172.16.0.0 0.0.255.255 destination 175.40.0.0 0.0.255.255
[HUAWEI-acl-adv-3001]quit
注意源位址和目的位址的反向掩碼
[HUAWEI]traffic-filter inbound acl 3001-----------在全局層面應用ACL 3000裡面的規則
![記錄在華為雲伺服器上使用Docker啟動最新版本Minio檔案伺服器遇到的問題[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)