目标:
1.核心到交换机实现链路聚合,允许多vlan40、50、60数据流通
2.实现2条线路的相互备份,同时增加了带宽
步骤:
1.核心处配置链路聚合eth-trink 2 g2/0/15 g2/0/16 加入该聚合
[main]int g 2/0/16
[main-GigabitEthernet2/0/16]dis this //查看接口配置情况
interface GigabitEthernet2/0/16
port link-type trunk
port trunk allow-pass vlan 38 to 39
port-mirroring to observe-port 1 inbound
2.核心处恢复接口默认配置
[main-GigabitEthernet2/0/16]undo port trunk allow-pass vlan 38 to 39
Info: This operation may take a few seconds. Please wait for a moment...done.
[main-GigabitEthernet2/0/16]port trunk allow-pass vlan 1
[main-GigabitEthernet2/0/16]undo port-mirroring to observe-port 1 inbound
[main-GigabitEthernet2/0/16]port link-type hybrid
核心处将接口加入聚合链路2
[main]interface Eth-Trunk 2
[main-Eth-Trunk2]trunkport GigabitEthernet 2/0/15 2/0/16
<main>display eth-trunk
Eth-Trunk2's state information is:
PortName Status Weight
GigabitEthernet2/0/15 Down 1
GigabitEthernet2/0/16 Down 1
4.核心处配置vlan并加入聚合链路2
vlan batch 40 50 60
[main]interface Eth-Trunk 2
[main-Eth-Trunk2]port link-type trunk
[main-Eth-Trunk2]port trunk allow-pass vlan 2 to 4094
Info: This operation may take a few seconds. Please wait for a moment....done.
5.核心处配置vlanif实现vlan互通
[main] interface vlanif 40
[main-vlanif 40] ip address 192.168.40.1 255.255.255.0
[main] interface vlanif 50
[main-vlanif 50] ip address 192.168.50.1 255.255.255.0
[main] interface vlanif 60
[main-vlanif 60] ip address 192.168.60.1 255.255.255.0
ps:查看聚合口情况
[main]display eth-trunk 2
Eth-Trunk2's state information is:
WorkingMode: NORMAL Hash arithmetic: According to SIP-XOR-DIP
Least Active-linknumber: 1 Max Bandwidth-affected-linknumber: 8
Operate status: up Number Of Up Port In Trunk: 2
--------------------------------------------------------------------------------
PortName Status Weight
GigabitEthernet2/0/15 Up 1
GigabitEthernet2/0/16 Up 1
ps:查看加入的端口情况
<main>display port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
GigabitEthernet2/0/15 hybrid 0 -
GigabitEthernet2/0/16 hybrid 0 -
相关配置表如下:
interface Vlanif40
ip address 192.168.40.1 255.255.255.0
#
interface Vlanif44
ip address 172.33.33.1 255.255.255.0
#
interface Vlanif50
ip address 192.168.50.1 255.255.255.0
#
interface Vlanif51
ip address 192.168.51.1 255.255.255.0
#
interface Vlanif60
ip address 192.168.60.1 255.255.255.0
#
#
interface Eth-Trunk2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
#
interface GigabitEthernet2/0/15
eth-trunk 2
#
interface GigabitEthernet2/0/16
eth-trunk 2
#
初次连接使用console线连接交换机
电脑端插入console线后,调取设备管理器(win图标右键),出现如下说明驱动已成功安装
新建连接,设置终端软件的通信参数与设备的缺省值保持一致,分别为:传输速率为9600bit/s、8位数据位、1位停止位、无校验和无流控。//华为交换机s5700
输入console密码进入
6.二层交换机处配置vlan40 50 60
vlan batch 40 50 60
7.二层交换机处配置链路聚合eth-trink 2 g1+g2
[sw]interface Eth-Trunk 2
[sw-Eth-Trunk2]trunkport GigabitEthernet 2/0/1 2/0/2
[sw-Eth-Trunk2]port link-type trunk
[sw-Eth-Trunk2]port trunk allow-pass vlan 2 to 4094
<sw>display eth-trunk 2
Eth-Trunk2's state information is:
WorkingMode: NORMAL Hash arithmetic: According to SIP-XOR-DIP
Least Active-linknumber: 1 Max Bandwidth-affected-linknumber: 8
Operate status: up Number Of Up Port In Trunk: 1
--------------------------------------------------------------------------------
PortName Status Weight
GigabitEthernet0/0/1 Up 1
GigabitEthernet0/0/2 Up 1
二层交换机处连接管理口的配置
port default vlan 40
9.二层交换机处连接多网卡业务口配置
port link-type trunk
undo port trunk allow-pass vlan 1 //不允许vlan1通过
port trunk allow-pass vlan 2 to 4094
配置表如下:
#
sysname sw
#
vlan batch 40 to 60
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name multi_authen_profile
#
radius-server template default
#
pki realm default
certificate-check none
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
local-aaa-user password policy administrator
password history record number 0
password expire 0
domain default
authentication-scheme radius
radius-server default
domain default_admin
authentication-scheme default
local-user admin password irreversible-cipher $1a$@`xKFBPbIC$]5QN0_w06P%5@K
local-user admin privilege level 15
local-user admin service-type ssh
#
interface Vlanif1
#
interface Vlanif50 //作为交换机管理口
ip address 192.168.50.2 255.255.255.0
#
interface Eth-Trunk2
port link-type trunk
port trunk allow-pass vlan 2 to 4092
#
interface GigabitEthernet0/0/1
eth-trunk 2
#
interface GigabitEthernet0/0/2
eth-trunk 2
#
interface GigabitEthernet0/0/3
port default vlan 40
#
interface GigabitEthernet0/0/4
port default vlan 40
#
interface GigabitEthernet0/0/5
port default vlan 40
#
interface GigabitEthernet0/0/6
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/7
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/8
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/9
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/10
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/11
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/12
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/16 //用于测试
port link-type access
port default vlan 40
#
interface GigabitEthernet0/0/17 //用于测试
port link-type access
port default vlan 50
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.50.1
#
stelnet server enable
ssh server port 22622
ssh user admin
ssh user admin authentication-type password
ssh user admin service-type stelnet
#
user-interface con 0
authentication-mode password
set authentication password cipher $1a$f4<}(m~A|O$bPfX)Yj'l>DX8J8>#4wK#;d<N:
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
user-interface vty 16 20
#
port-group 2
group-member GigabitEthernet0/0/3
group-member GigabitEthernet0/0/4
group-member GigabitEthernet0/0/5
#
port-group 3
group-member GigabitEthernet0/0/6
group-member GigabitEthernet0/0/7
group-member GigabitEthernet0/0/8
group-member GigabitEthernet0/0/9
group-member GigabitEthernet0/0/10
group-member GigabitEthernet0/0/11
group-member GigabitEthernet0/0/12
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
ops
#
return