华为5624交换机配置规范文档5624核心交换机规范配置文档进入交换机配置命令行后,须作如下配置:进入系统视图systemview设置主机名,用于区别其他交换机。主机名最好包括交换机型号,以及交换机在网络中所起的作用等信息。[Quidway]sysnameCenter-5624配置Vlan时须对Vlan描述,帮助网络管理员确认该Vlan的用途与连接网络的范围。防止长时间后难于正确识别Vlan用途。[Center-5624]vlan2[Center-5624-vlan2]descriptionmenzhen-low[Center-5624-vlan2]quit[Center-5624]vlan3[Center-5624-vlan3]descriptionzhuyuan-low[Center-5624-vlan3]quit[Center-5624]vlan4[Center-5624-vlan4]descriptionxingdai-low[Center-5624-vlan4]quit[Center-5624]vlan5[Center-5624-vlan5]descriptionfengyuan[Center-5624-vlan5]quit[Center-5624]vlan6[Center-5624-vlan6]descriptionmengzhendian[Center-5624-vlan6]quit配置VLAN的3层虚拟接口时,注意3层接口的地址与Vlan号最好要有对应关系。比如Vlan2接口对应地址为192.168.2.1,Vlan3接口对应地址为192.168.3.1.其他应如此类推。[Center-5624]interfacevlan1[Center-5624-vlan-interface1]ipaddress192.168.1.1255.255.255.0[Center-5624-vlan-interface1]quit[Center-5624]interfacevlan2[Center-5624-vlan-interface2]ipaddress192.168.2.1255.255.255.0[Center-5624-vlan-interface2]quit[Center-5624]interfacevlan3[Center-5624-vlan-interface3]ipaddress192.168.3.1255.255.255.0[Center-5624-vlan-interface3]quit[Center-5624]interfacevlan4[Center-5624-vlan-interface4]ipaddress192.168.4.1255.255.255.0[Center-5624-vlan-interface4]quit[Center-5624]interfacevlan5[Center-5624-vlan-interface5]ipaddress192.168.5.1255.255.255.0[Center-5624-vlan-interface5]quit[Center-5624]interfacevlan6[Center-5624-vlan-interface6]ipaddress192.168.6.1255.255.255.0[Center-5624-vlan-interface5]quit如果是将多个接口批量加入某个VLAN中,如下命令将相关接口加入对应VLAN2、VLAN3、VLAN4。[Center-5624]vlan2[Center-5624-vlan2]portGigabitEthernet1/0/1toGigabitEthernet1/0/3[Center-5624]vlan3[Center-5624-vlan3]portGigabitEthernet1/0/4toGigabitEthernet1/0/6[Center-5624]vlan4[Center-5624-vlan4]portGigabitEthernet1/0/7toGigabitEthernet1/0/8配置将个别特定物理接口加入某个Vlan中。可采用如下命令:[Center-5624]interfaceGigabitEthernet1/0/9[Center-5624-GigabitEthernet1/0/9]portaccessvlan5[Center-5624]interfaceGigabitEthernet1/0/10[Center-5624-GigabitEthernet1/0/9]portaccessvlan6创建交换机访问控制列表,控制所有VLAN只能与VLAN1互访,而不能与VLAN1已外的VLAN互访。[Center-5624]aclnumber3000[Center-5624-acl-adv-3000]rule100permitipsource192.168.1.00.0.0.255destionany上述访问控制列表规则让VLAN1的IP地址可以访问所以其他所有VLAN。[Center-5624-acl-adv-3000]rule90permitipsource192.168.0.00.0.255.255destination192.168.1.00.0.0.255上述访问控制列表规则让所有VLAN的IP地址可以访问VLAN1。[Center-5624-acl-adv-3000]rule80permitipsource192.168.0.00.0.255.255destination192.168.0.10.0.255.0上述访问控制列表规则让所有VLAN的IP地址可以访问网关IP地址:192.168.X.1[Center-5624-acl-adv-3000]rule70denyipsource192.168.0.00.0.255.255destination192.168.0.00.0.255.255上述访问控制列表规则让所有VLAN的IP地址都不能互访。[Center-5624-acl-adv-3000]quit[Center-5624]创建的访问控制列表要真正起作用,必须在交换机接口上启用该访问控制列表。以下命令将访问控制列表在交换机所有接口使用。[center-5624]interfaceGigabitEthernet1/0/1[center-5624-GigabitEthernet1/0/1]packet-filterinboundip-group3000[center-5624-GigabitEthernet1/0/1]quit[center-5624]interfaceGigabitEthernet1/0/2[center-5624-GigabitEthernet1/0/2]packet-filterinboundip-group...
