进入管理模式
<H3C>system-view 显示正在运行的配置信息 [H3C] dis cur 保存配置信息 [H3C]quit <H3C>save 配置telnet 管理的用户和口令 [H3C]local-user admin [H3C-]password simple [H3C-]service-type telnet [H3C-]level 3 [H3C-]quit [H3C]user-interface vty 0 4 [H3C-]authentication-mode scheme 一、 1、 创建vlan1 [H3C] VLAN 1 [H3C]int [H3C-Vlan-interface1]ip add 192.168.1.253 255.255.255.0 [H3C-Vlan-interface1]quit [H3C]int [H3C-Ethernet1/0/1]port access vlan 1 [H3C-Ethernet1/0/1]quit [H3C]int [H3C-Ethernet1/0/2]port access vlan 1 [H3C-Ethernet1/0/2]quit 创建vlan 2 [H3C]vlan 2 [H3C]int [H3C-Vlan-interface1]ip add 192.168.2.253 255.255.255.0 [H3C-Vlan-interface1]quit [H3C]int [H3C-Ethernet1/0/3]port access vlan 2 [H3C-Ethernet1/0/3]quit [H3C]int [H3C-Ethernet1/0/4]port access vlan 2 [H3C-Ethernet1/0/4]quit [H3C]int [H3C-G1/0/1]port access vlan 2 [H3C-G1/0/1]quit 3100及3600交换机TRUNK口应用: 两台交换机级联SwitchA与SwitchB用 trunk互连,相同VLAN的PC之间可以互访,不同VLAN的PC之间禁止互访 l # 进入GigabitEthernet 1/1 [SWA] interface GigabitEthernet 1/1 # 配置端口GigabitEthernet 1/1为Trunk端口 [SWA-Gthernet1/0/1] port link-type trunk [SWA-Gthernet1/0/1] port trunk permit vlan 10 20 [SWA]int e10/1 [SWA-E1/0/1]port acc vlan 10 [SWA-E1/0/2]port acc vlan 20 SWB交换机配置相同 增加路由 [H3C]ip route 0.0.0.0 0.0.0.0 192.168.1.254 [H3C]quit <H3C>save [H3C]mirroring-group 1 local [H3C]mirroring-group 1 monitor-port GigabitEthernet 1/1/4 [H3C]mirroring-group 1 mirroring-port GigabitEthernet 1/1/1 both <H3C>system-view [H3C]link-aggregation group 1 mode manual [H3C]interface ethernet1/0/1 [H3C-Ethernet1/0/1] port link-aggregation group 1 [H3C-Ethernet1/0/1] interface ethernet1/0/2 [H3C-Ethernet1/0/2] port link-aggregation group 1 [H3C-Ethernet1/0/2] interface ethernet1/0/3 [H3C-Ethernet1/0/3] port link-aggregation group 1 <<在互联网出口的路由器上需要配置返回路由 192.168.2.0 255.255.255.0 192.168.1.253 >> 2、 [H3C]interface Ethernet1/0/1 [H3C-Ethernet1/0/1]am user-bind mac-addr 0001-0002-0003 ip-addr 10.12.1.1 3、 arp static ip-address mac-address [ vlan-id interface-type interface-number ] 4、 公司企业网通过Switch的端口实现各部门之间的互连。研发部门由GigabitEthernet1/1/1接入交换机,工资查 询服务器的地址为192.168.1.2。要求正确配置ACL,禁止研发部门在工作日8:00至18:00访问工资服务器。 配置步骤 (1)定义时间段 # 定义8:00至18:00的周期时间段。 <H3C> system-view [H3C] time-range test 8:00 to 18:00 working-day (2) # 进入ACL3000视图。 [H3C] acl number 3000 # 定义其它部门到工资服务器的访问规则。 [H3C-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 0 time-range test [H3C-acl-adv-3000] quit (3) # 在端口上应用ACL 3000。 [H3C] interface gigabitethernet1/1/1 [H3C-GigabitEthernet1/1/1] packet-filter inbound ip-group 3000 二、 1、广播抑制 [H3C]int e1/0/1 [H3C]broadcast-suppression 5 [H3C]int e1/0/2 [H3C]broadcast-suppression 5 2、配置web管理 [H3C]int vlan 1 [H3C-]ip add 192.168.1.253 255.255.255.0 [H3C-]quit [H3C]undo ip http shutdown [H3C]local-user admin [H3C-]password simple [H3C-]service-type telnet [H3C-]level 3 [H3C-]quit [H3C]user-interface vty 0 4 [H3C-]authentication-mode scheme [H3C-]quit [H3C]quit <H3C>save
3C 3600及3100交换机配置方法
原创
©著作权归作者所有:来自51CTO博客作者miller51的原创作品,请联系作者获取转载授权,否则将追究法律责任
上一篇:二三层交换识别
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章