华为5624交换机配置.doc

华为5624交换机配置规范文档5624核心交换机规范配置文档进入交换机配置命令行后，须作如下配置：进入系统视图systemview设置主机名，用于区别其他交换机主机名最好包括交换机型号，以及交换机在网络中所起的作用等信息 [Quidway]sysname Center-5624配置Vlan时须对Vlan描述，帮助网络管理员确认该Vlan的用途与连接网络的范围防止长时间后难于正确识别Vlan用途[Center-5624]vlan 2[Center-5624-vlan2]description menzhen-low[Center-5624-vlan2]quit[Center-5624]vlan 3[Center-5624-vlan3]description zhuyuan-low[Center-5624-vlan3]quit[Center-5624]vlan 4[Center-5624-vlan4]description xingdai-low[Center-5624-vlan4]quit[Center-5624]vlan 5[Center-5624-vlan5]description fengyuan[Center-5624-vlan5]quit[Center-5624]vlan 6[Center-5624-vlan6]description mengzhendian[Center-5624-vlan6]quit配置VLAN的3层虚拟接口时，注意3层接口的地址与Vlan号最好要有对应关系。

比如Vlan2接口对应地址为192.168.2.1，Vlan3接口对应地址为192.168.3.1.其他应如此类推[Center-5624]interface vlan 1[Center-5624-vlan-interface1]ip address 192.168.1.1 255.255.255.0[Center-5624-vlan-interface1]quit[Center-5624]interface vlan 2[Center-5624-vlan-interface2]ip address 192.168.2.1 255.255.255.0[Center-5624-vlan-interface2]quit[Center-5624]interface vlan 3[Center-5624-vlan-interface3]ip address 192.168.3.1 255.255.255.0[Center-5624-vlan-interface3]quit[Center-5624]interface vlan 4[Center-5624-vlan-interface4]ip address 192.168.4.1 255.255.255.0[Center-5624-vlan-interface4]quit[Center-5624]interface vlan 5[Center-5624-vlan-interface5]ip address 192.168.5.1 255.255.255.0[Center-5624-vlan-interface5]quit[Center-5624]interface vlan 6[Center-5624-vlan-interface6]ip address 192.168.6.1 255.255.255.0[Center-5624-vlan-interface5]quit如果是将多个接口批量加入某个VLAN中，如下命令将相关接口加入对应VLAN2、VLAN3、VLAN4。

[Center-5624]vlan 2[Center-5624-vlan2]port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/3[Center-5624]vlan 3[Center-5624-vlan3]port GigabitEthernet 1/0/4 to GigabitEthernet 1/0/6[Center-5624]vlan 4[Center-5624-vlan4]port GigabitEthernet 1/0/7 to GigabitEthernet 1/0/8配置将个别特定物理接口加入某个Vlan中可采用如下命令：[Center-5624]interface GigabitEthernet 1/0/9[Center-5624-GigabitEthernet1/0/9]port access vlan 5[Center-5624]interface GigabitEthernet 1/0/10[Center-5624-GigabitEthernet1/0/9]port access vlan 6创建交换机访问控制列表，控制所有VLAN只能与VLAN1互访，而不能与VLAN1已外的VLAN互访。

[Center-5624]acl number 3000[Center-5624-acl-adv-3000]rule 100 permit ip source 192.168.1.0 0.0.0.255 destion any上述访问控制列表规则让VLAN1的IP地址可以访问所以其他所有VLAN[Center-5624-acl-adv-3000]rule 90 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.1.0 0.0.0.255上述访问控制列表规则让所有VLAN的IP地址可以访问VLAN1[Center-5624-acl-adv-3000]rule 80 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.0.1 0.0.255.0上述访问控制列表规则让所有VLAN的IP地址可以访问网关IP地址：192.168.X.1[Center-5624-acl-adv-3000]rule 70 deny ip source 192.168.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255上述访问控制列表规则让所有VLAN的IP地址都不能互访。

[Center-5624-acl-adv-3000]quit[Center-5624]创建的访问控制列表要真正起作用，必须在交换机接口上启用该访问控制列表以下命令将访问控制列表在交换机所有接口使用[center-5624]interface GigabitEthernet 1/0/1[center-5624-GigabitEthernet1/0/1]packet-filter inbound ip-group 3000[center-5624-GigabitEthernet1/0/1]quit[center-5624]interface GigabitEthernet 1/0/2[center-5624-GigabitEthernet1/0/2]packet-filter inbound ip-group 3000[center-5624-GigabitEthernet1/0/2]quit···················[center-5624]interface GigabitEthernet 1/0/24[center-5624-GigabitEthernet1/0/24]packet-filter inbound ip-group 3000[center-5624-GigabitEthernet1/0/24]quit下列命令用于配置telnet用户的相关信息，包括用户名，用户口令，用户类型，用户级别。

[Center-5624]local-user gzyyadmin[Center-5624-luser-admin]service-type telnet[Center-5624-luser-admin]passord simple new2006[Center-5624-luser-admin]level 3在telnet的用户接口中指定登陆验证方式是交换机本地的用户数据库验证，并指定登陆的用户级别是最高级别：3级[Center-5624]user-interface vty 0 4[Center-5624-ui-vty0-4]authentication-mode scheme[Center-5624-ui-vty0-4]user privilege level 3保存配置[Center-5624]save[Center-5624]quit以下是桂洲医院5624交换机完整配置文件 sysname center-5624#radius scheme system#domain system #local-user gzyyadmin password simple new2006 service-type telnet level 3#acl number 3000 rule 70 deny ip source 192.168.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255 rule 80 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.0.1 0.0.255.0 rule 90 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.1.0 0.0.0.255 rule 100 permit ip source 192.168.1.0 0.0.0.255 #vlan 1#vlan 2 description menzhen-low#vlan 3 description zhuyuan-low#vlan 4 description xingdai-low#vlan 5 description fengyuan#vlan 6 description mengzhendian#interface Vlan-interface1 ip address 192.168.1.1 255.255.255.0 #interface Vlan-interface2 ip address 192.168.2.1 255.255.255.0 #interface Vlan-interface3 ip address 192.168.3.1 255.255.255.0 #interface Vlan-interface4 ip address 192.168.4.1 255.255.255.0 #interface Vlan-interface5 ip address 192.168.5.1 255.255.255.0 #interface Vlan-inte。