H3C交换机和路由器日常管理

一、H3C交换机和路由器的日常管理配置

1.交换机配置VLAN

#创建vlan
system-view
[h3c]vlan 11

说明:h3c 3层交换任何型号的交换机都支持4096个VLAN,把交换机的接口加入到不同的VLAN中,不同VLAN中的接口就属于不同的广播域。
VLAN ID从0–4095
VLAN 0是保留VLAN
VLAN是默认的VLAN

#查看本机有多少VLAN,VLAN ID是多少
display vlan
#删除VLAN ID 为11的VLAN
undo vlan 11
#创建ID为10,20,30,的VLAN 把E0/4/0加入到VLAN 10中,把E0/4/1加入到VLAN 20,把E0/4/3加入到VLAN 30
过程如下:
#删除vlan11到vlan13
[h3c]undo vlan 11 to 13
#分别创建vlan 10 vlan 20 vlan 30

[h3c]vlan 10
[h3c]vlan 20
[h3c]vlan 30

#查看接口名称(display current interface)
[h3c]dis cu int
#把接口介入到vlan
步骤如下:

 #进入到e0/4/0接口(interface E0/4/0)
[h3c]int E0/4/0
[h3c-Ethernet0/4/0]
 #查看Ethernet0/4/0接口的配置
[h3c-Ethernet0/4/0]dis this
 #更改接口的类型access
[h3c-Ethernet0/4/0]port link-type access
 #加入接口E0/4/0到VLAN 10(EO/4/0属于vlan 10的接口)
[h3c-Ethernet0/4/0]port access vlan 10

命令集合:

interface Ethernet0/4/0
 port link-mode bridge
 port access vlan 10
interface Ethernet0/4/1
 port link-mode bridge
 port access vlan 20
interface Ethernet0/4/2
 port link-mode bridge
 port access vlan 30

查看配置的验证
看VLAN的方法:
[h3c]display vlan 10
查看接口信息
[h3c]display interface E0/4/0
2.配置Trunk
  概念:只用一条链路,实现相同ID的VLAN跨交换机数据通信。
交换机网络中链路的类型

	1)接入链路 access
	2)中继链路  trunk
接入链路: port link-type access
	连接终端的一定是接入链路
中继链路: port link-type trunk
	交换机连接多半是中继链路
	交换机连接路由器也有可能是中继链路
说明:中继链路的实质就是给数据帧Tagget VLAN标签

例如:
  交换机的Gi0/0/0改成中继链路,只能允许中继VLAN 10 和VLAN 20
命令集合:

#进入对应接口
[h3c]int GigabitEthernet0/0/0
#更改端口的模式route为bridge
[h3c-GigabitEthernet0/0/0]port link-mode bridge
#更改对应接口的类型为trunk
[h3c-GigabitEthernet0/0/0]port link-type trunk
#允许VLAN 10通过此对应端口
[h3c-GigabitEthernet0/0/0]port trunk permit vlan 1 10 20

交换机的Gi0/0/1改成中继链路,只能允许中继VLAN 30

命令集合:
#进入对应接口
[h3c]int GigabitEthernet0/0/1
#更改端口的模式route为bridge
[h3c-GigabitEthernet0/0/1]port link-type bridge
#更改对应接口的类型为trunk
[h3c-GigabitEthernet0/0/1]port link-type trunk
#允许VLAN 10通过此对应端口
[h3c-GigabitEthernet0/0/1]port trunk permit vlan 1 30

说明:如果不希望Gi0/0/1接口中继VLAN 1 ,则输入这条命令
[h3c-GigabitEthernet0/0/1]undo port trunk permit vlan 1
检查配置结果:
1.可以从接口配置查看
[h3c]display cu int gi 0/0/0
#

interface GigabitEthernet 0/0/0
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan 1 10 20

2.从VLAN查看
目的:了解改VLAN目前有哪些接口加入,被哪些接口中继
[h3c]dis vlan 20
Taggeted ports:说明该VLAN 被哪些Trunk接口中继
Untagged Ports: 说明哪些接口加入加入该VLAN
说明:Trunk接口的两边交换机的配置要相同
3.配置STP
需求:

	1.在三个交换机创建VLAN 10 20 30 40
	2.要求配置生成树协议
	SW1 作为 10 20 的根桥
	SW2 作为 30 40 的根桥

过程:
1)分别在SW1/SW2/SW3创建 VLAN 10 20 30 40

[SW1]sys
[SW1]vlan 10
[SW1-vlan10]vlan 20
[SW1-vlan20]vlan 30
[SW1-vlan30]vlan 40

验证创建结果:
[SW1]dis vlan
2)把交换机互联接口改成中继模式(SW1/SW2/SW3)

[SW1]interface e0/4/0
[SW1-Ethernet0/4/0]port link-type trunk
[SW1-Ethernet0/4/0]port trunk permit vlan 10 20 30 40

3)#查看配置验证
[SW1-Ethernet0/4/0]dis this
4);配置生成树的时候,三个交换机必须配置相同的实例
而且开启生成树功能。(h3c默认关闭STP的)
#开启生成树功能(SW1/SW2/SW3上分别执行)

[SW1]system-view
[SW1]stp enable

配置实例的原则:
1.网络中有几个根桥,就配几个实例
2.做VLAN的根桥,要把VLAN配置到一个实例中

5)配置实例命令:SW1/SW2/SW3上分别执行

[SW1]stp region-configuration
[SW1-mst-region]region-name YUAN
[SW1-mst-region]instance 1 vlan 10 20
[SW1-mst-region]instance 2 vlan 30 40
[SW1-mst-region]active region-configuration

#查看配置的验证
[SW1-mst-region]dis this
6)配置SW1成为vlan 10 20的根桥
[SW1]stp instance 1 priority 0
7)配置SW2成为vlan 30 40的根桥
[SW2]stp instance 1 priority 0
8)查看配置根桥的命令
[SW1]display stp instance 1
或者使用其他命令查看
[SW1]display stip instance 1 brief
说明:Root 代表根端口,ALTER 代表替代端口(被阻塞的端口)
#开启边缘端口
stp edged-port enable #更改端口为边缘端口(不参与生成树协议)
4.配置和验证VRRP

VLAN 与IP地址的规划
VLAN 10 : 10.10.1.0/24
VLAN 20 : 10.20.1.0/24
VLAN 30 : 10.30.1.0/24
VLAN 40 : 10.40.1.0/24

说明:只给SW1和SW2的VLAN配置IP地址 SW3作为纯粹的二层设备
配置命令过程:
1)给SW1 VLAN配置IP地址
进入vlan 10

[SW1]int vlan 10
[SW1-vlan-interface10]ip add 10.10.1.253 24
[SW1-vlan-interface10]undo shutdown

进入vlan 20

[SW1-vlan-interface20]ip add 10.20.1.253 24
[SW1-vlan-interface20]undo shutdown

进入vlan 30

[SW1-vlan-interface30]ip add 10.30.1.253 24
[SW1-vlan-interface30]undo shutdown

进入vlan 40

[SW1-vlan-interface40]ip add 10.40.1.253 24
[SW1-vlan-interface40]undo shutdown

#给SW2 VLAN配置IP地址

进入vlan 10
[SW1]int vlan 10
[SW1-vlan-interface10]ip add 10.10.1.254 24
[SW1-vlan-interface10]undo shutdown

进入vlan 20

[SW1-vlan-interface20]ip add 10.20.1.254 24
[SW1-vlan-interface20]undo shutdown

进入vlan 30

[SW1-vlan-interface30]ip add 10.30.1.254 24
[SW1-vlan-interface30]undo shutdown

进入vlan 40

[SW1-vlan-interface40]ip add 10.40.1.254 24
[SW1-vlan-interface40]undo shutdown

#最后检查配置IP的配置
display cu int vlan 10
#测试ping 地址即可
2)配置VRRP,SW1作为VLAN 10 20 主用设备,SW2作为30 40 主用的设备

VRRP:两台设备的在负载的(心跳线)
说明:VRRP和STP(生成树)一起配置
某个VLAN的根桥一定要和VRRP的主用设备位于同一台设备

配置VRRP需要指定的参数:

1.指定漂移地址
漂移地址作为VLAN的默认网关,漂移的地址必须和当前VLAN的IP在一个网段。但是地址不能相同。两台设备必须指定相同的IP的地址。
配置语法:
vrrp vrid 10 virtual-ip 指定ip漂移地址

例如:
#进入SW1 vlan 10

[SW1]interface vlan 10
[SW1-vlan-interface10]vrrp vrid 10 virtual-ip 10.10.1.1

#进入SW2 vlan 10

[SW2]interface vlan 10
[SW2-vlan-interface10]vrrp vrid 10 virtual-ip 10.10.1.1

2.配置优先级和占先权
2.1主用设备的优先级高于备用设备,优先级默认值100
vrrp vrid 10 priority [优先级数值]
说明设置的优先级数值的差值不要大于10
#设置占先权
vrrp vrid 10 preempt-mode
2.2配置跟中对象
在主用设备上跟踪对象
一旦对象失效,就降低一定的优先级,降到比备用设备的额优先级更低
配置命令:
vrrp vrid 10 track 接口 降低的值
SW1上的配置命令集合:

#interface vlan-interface 10
 ip address 10.10.1.253 255.255.255.0
 vrrp vrid 10 virtual-ip 10.10.1.1
 vrrp vrid 10 priority 130
#interface vlan-interface 20
 ip address 10.20.1.253 255.255.255.0
 vrrp vrid 20 virtual-ip 10.20.1.1
 vrrp vrid 20 priority 130
#interface vlan-interface 30
 ip address 10.30.1.253 255.255.255.0
 vrrp vrid 30 virtual-ip 10.30.1.1
 vrrp vrid 30 priority 80
#interface vlan-interface 40
 ip address 10.40.1.253 255.255.255.0
 vrrp vrid 40 virtual-ip 10.40.1.1
 vrrp vrid 40 priority 80

SW2上配置vrrp
命令集合:

#interface vlan-interface 10
 ip address 10.10.1.254 255.255.255.0
 vrrp vrid 10 virtual-ip 10.10.1.1
 vrrp vrid 10 priority 110
#interface vlan-interface 20
 ip address 10.20.1.254 255.255.255.0
 vrrp vrid 20 virtual-ip 10.20.1.1
 vrrp vrid 20 priority 110
#interface vlan-interface 30
 ip address 10.30.1.254 255.255.255.0
 vrrp vrid 30 virtual-ip 10.30.1.1
 vrrp vrid 30 priority 90
#interface vlan-interface 40
 ip address 10.40.1.254 255.255.255.0
 vrrp vrid 40 virtual-ip 10.40.1.1
 vrrp vrid 40 priority 90

二、H3C综合实践实例


配置VRRP和OSPF综合实践
1)分别在SW1\SW2\SW3创建VLAN 10 20 30 40
#SW1上操作

[SW1]sys
[SW1]vlan 10
[SW1-vlan 20]vlan 20
[SW1-vlan 30]vlan 30
[SW1-vlan 40]vlan 40

#SW2上操作

[SW2]sys
[SW2]vlan 10
[SW2-vlan 20]vlan 20
[SW2-vlan 30]vlan 30
[SW2-vlan 40]vlan 40

#SW3上操作

[SW3]sys
[SW3]vlan 10
[SW3-vlan 20]vlan 20
[SW3-vlan 30]vlan 30
[SW3-vlan 40]vlan 40

#SW4上操作

[SW4]sys
[SW4]vlan 10
[SW4-vlan 20]vlan 20
[SW4-vlan 30]vlan 30
[SW4-vlan 40]vlan 40

2)进入到E0/4/0和e0/4/1配置trunk
SW1上操作

[SW1]int e0/4/0
[SW1-Ethernet0/4/0]port link-type trunk
[SW1-Ethernet0/4/0]port trunk permit vlan 10 20 30 40
[SW1]int e0/4/1]port link-type trunk
[SW1]int e0/4/1]port trunk permit vlan 10 20 30 40

SW2上操作

[SW2]int e0/4/0
[SW2-Ethernet0/4/0]port link-type trunk
[SW2-Ethernet0/4/0]port trunk permit vlan 10 20 30 40
[SW2]int e0/4/1]port link-type trunk
[SW2]int e0/4/1]port trunk permit vlan 10 20 30 40

SW3上操作

[SW3]int e0/4/0
[SW3-Ethernet0/4/0]port link-type trunk
[SW3-Ethernet0/4/0]port trunk permit vlan 10 20 30 40
[SW3]int e0/4/1]port link-type trunk
[SW3]int e0/4/1]port trunk permit vlan 10 20 30 40

3)配置生成树(实例)
SW1上操作

[SW1]stp region-configuration
[SW1-mst-region]region name ergeng
[SW1-mst-region]instance 1 vlan 10 20
[SW1-mst-region]instance 2 vlan 30 40
[SW1-mst-region]active region-configuration
[SW1-mst-region]stp enable

SW2上操作

[SW2]stp region-configuration
[SW2-mst-region]region name ergeng
[SW2-mst-region]instance 1 vlan 10 20
[SW2-mst-region]instance 2 vlan 30 40
[SW2-mst-region]active region-configuration
[SW2-mst-region]stp enable

SW3上操作

[SW3]stp region-configuration
[SW3-mst-region]region name ergeng
[SW3-mst-region]instance 1 vlan 10 20
[SW3-mst-region]instance 2 vlan 30 40
[SW3-mst-region]active region-configuration
[SW3-mst-region]stp enable

4)配置根桥
SW1成为vlan 10 20的根桥
SW1上配置优先级

[SW1]stp instance 1 priority 0
[SW1]stp instance 2 priority 4096
[SW1]display stp instance 1 brief

SW2上配置优先级

[SW2]stp instance 2 priority 0
[SW2]stp instance 1 priority 4096
[SW2]display stp instance 2 brief

5)配置vrrp
配置vlan 10的vrrp
SW1上操作

[SW1-vlan-interface10]ip add 10.10.1.253 24
[SW1-vlan-interface10]vrrp vrid 10 virtual-ip 10.10.1.1
[SW1-vlan-interface10]vrrp vrid 10 priority 90
[SW1-vlan-interface10]display vrrp brief

SW2上操作

[SW2-vlan-interface10]ip add 10.10.1.254 24
[SW2-vlan-interface10]vrrp vrid 10 virtual-ip 10.10.1.1
[SW2-vlan-interface10]vrrp vrid 10 priority 70
[SW2-vlan-interface10]display vrrp brief

配置vlan 20的vrrp

[SW1-vlan-interface20]ip add 10.20.1.253 24
[SW1-vlan-interface20]vrrp vrid 20 virtual-ip 10.20.1.1
[SW1-vlan-interface20]vrrp vrid 20 priority 90
[SW1-vlan-interface20]display vrrp brief

SW2上操作

[SW2-vlan-interface20]ip add 10.20.1.254 24
[SW2-vlan-interface20]vrrp vrid 20 virtual-ip 10.20.1.1
[SW2-vlan-interface20]vrrp vrid 20 priority 70
[SW2-vlan-interface20]display vrrp brief

配置vlan 30的vrrp

[SW1-vlan-interface30]ip add 10.30.1.253 24
[SW1-vlan-interface30]vrrp vrid 30 virtual-ip 10.30.1.1
[SW1-vlan-interface30]vrrp vrid 30 priority 70
[SW1-vlan-interface30]display vrrp brief

SW2上操作

[SW2-vlan-interface30]ip add 10.30.1.254 24
[SW2-vlan-interface30]vrrp vrid 30 virtual-ip 10.30.1.1
[SW2-vlan-interface30]vrrp vrid 30 priority 90
[SW2-vlan-interface30]display vrrp brief

配置vlan 40的vrrp

[SW1-vlan-interface40]ip add 10.40.1.253 24
[SW1-vlan-interface40]vrrp vrid 40 virtual-ip 10.40.1.1
[SW1-vlan-interface40]vrrp vrid 40 priority 70
[SW1-vlan-interface40]display vrrp brief

SW2上操作

[SW2-vlan-interface40]ip add 10.40.1.254 24
[SW2-vlan-interface40]vrrp vrid 40 virtual-ip 10.40.1.1
[SW2-vlan-interface40]vrrp vrid 40 priority 90
[SW2-vlan-interface40]display vrrp brief

6)给交换机的Loopback配置接口地址

	SW1:10.1.1.1
	SW2:10.2.2.2
	SW3:10.3.3.3

SW1上操作:

[SW1]int lo 0
[SW1-LoopBack0]ip add 10.1.1.1 32

SW2上操作:

[SW2]int lo 0
[SW2-LoopBack0]ip add 10.2.2.2 32

SW3上操作:

[SW3]int lo 0
[SW3-LoopBack0]ip add 10.3.3.3 32

7)配置OSPF路由协议使得全网互通
SW1上配置OSPF操作

[SW1]ospf 123 router-id 10.1.1.1
[SW1-ospf-123]area 0
[SW1-ospf-123-area-0.0.0.0]display ip routing-table protocol Direct
[SW1-ospf-123-area-0.0.0.0]network 10.1.1.1 0.0.0.0
[SW1-ospf-123-area-0.0.0.0]network 10.10.1.0 0.0.0.255
[SW1-ospf-123-area-0.0.0.0]network 10.20.1.0 0.0.0.255
[SW1-ospf-123-area-0.0.0.0]network 10.30.1.0 0.0.0.255
[SW1-ospf-123-area-0.0.0.0]network 10.40.1.0 0.0.0.255

SW2上配置OSPF操作

[SW2]ospf 123 router-id 10.2.2.2
[SW2-ospf-123]area 0
[SW2-ospf-123-area-0.0.0.0]display ip routing-table protocol Direct
[SW2-ospf-123-area-0.0.0.0]network 10.2.2.2 0.0.0.0
[SW2-ospf-123-area-0.0.0.0]network 10.10.1.0 0.0.0.255
[SW2-ospf-123-area-0.0.0.0]network 10.20.1.0 0.0.0.255
[SW2-ospf-123-area-0.0.0.0]network 10.30.1.0 0.0.0.255
[SW2-ospf-123-area-0.0.0.0]network 10.40.1.0 0.0.0.255

SW3上配置OSPF操作

[SW3]ospf 123 router-id 10.3.3.3
[SW3-ospf-123]display ip routing-table protocol direct
[SW3-ospf-123]area 0
[SW3-ospf-123-area-0.0.0.0]network 10.3.3.3 0.0.0.0

8)SW1 SW2配置SSH,用户级别为0,要求输入super密码登录以后才能使用system-view
#SW1/SW2 开启SSH

[SW1]ssh server enable
[SW2]ssh server enable

#配置一个用于SSH远程登录的用户名和密码(ergeng)

[SW1]local user ergeng
[SW1]servic-type ssh
[SW1-luser-ergeng]authorization-attribute level 0
[SW1-luser-ergeng]password cipher liuliya
[SW1]user-interface vty 0 4
[SW1-ui-vty0-4]authentication-mode scheme
[SW1-ui-vty0-4]protocol inbound ssh
[SW1-ui-vty0-4]user privilege 0

#生成秘钥对

[SW1]public-key local create rsa
[SW1]

#设置super密码

[SW1]super password cipher ergeng

三、H3C配置DHCP和DHCP中继实践实例


需求描述:
RT1 作为DHCP服务器
创建两个全局地址池
192.168.10.0/24
192.168.20.0/24

RT1 和RT3属于VLAN 10的终端
RT2属于VLAN 20 的终端
在交换机上配置DHCP中继,确保RT2和RT3都能从RT1处获取IP地址

1)交换机上SW1创建2个VLAN 10 20

[SW1]vlan 10
[SW1-vlan 10]vlan 20

2)给VLAN 配置IP地址,作为RT1 RT2 RT3的网关

interfavce vlan-interface 10
ip address 192.168.10.1 255.255.255.0
#
interface vlan 20
ip address 192.168.20.1 255.255.255.0

3)E 0/4/0 和E 0/4/1 加入到vlan 10 E 0/4/2加入到vlan 20

[SW1]int e 0/4/0
[SW1-Ethernet0/4/0]port link-type access
[SW1-Ethernet0/4/0]port link-mode bridge
[SW1-Ethernet0/4/0]port access vlan 10
#
[SW1]int e 0/4/1
[SW1-Ethernet0/4/1]port link-type access
[SW1-Ethernet0/4/1]port link-mode bridge
[SW1-Ethernet0/4/1]port access vlan 10

#E 0/4/2加入到vlan 20

[SW1]int e 0/4/2
[SW1-Ethernet0/4/2]port link-type access
[SW1-Ethernet0/4/2]port link-mode bridge
[SW1-Ethernet0/4/2]port access vlan 20

4)配置RT1 配置IP地址和默认网关

[RT1]int gi 0/0/0
[RT1-GigabitEthernet0/0/0]ip address 192.168.10.2 255.255.255.0
[RT1]ip route-static 0.0.0.0 0.0.0.0 192.168.10.1

5)配置2个全局地址池
#启动DHCP服务
[RT1]dhcp enable
#配置第一个全局地址池

[RT1]dhcp server ip-pool VLAN10
[RT1-dhcp-pool-vlan10]network 192.168.10.0
[RT1-dhcp-pool-vlan10]gateway-list 192.168.10.1
[RT1-dhcp-pool-vlan10]dns-list 202.106.0.20 114.114.114.114

#配置第二个全局地址池

[RT1]dhcp server ip-pool vlan20
[RT1-dhcp-pool-vlan20]network 192.168.20.0 mast 255.255.255.0
[RT1-dhcp-pool-vlan20]gateway-list 192.168.20.1
[RT1-dhcp-pool-vlan20]dns-list 202.106.0.20 114.114.114.114

6)配置RT3终端的gi 0/0/0由DHCP分配

[RT3]int gi 0/0/0
[RT3-GigabitEthernet0/0/0]ip add dhcp-alloc

#查看gi 0/0/0的IP地址及路由表

[RT3]dis cu interface gi 0/0/0
[RT3]dis ip routing-table

#RT2配置

[RT2]int gi 0/0/0
[RT2-GibitEthernet0/0/0]ip add dhcp-alloc
[RT2-GibitEthernet0/0/0]qu
[RT2]dis ip interface gi 0/0/0

7)配置DHCP中继
中继配置服务端的出口方向,即客户端的的入口方向
如果客户端连接在路由器的Ge-0/0/1口上则在Ge-0/0/1上做中继,如果客户端连接在属于vlan20的接口上,则在VLAN20上做中继
#中继一般做在网关的设备上
交换机上开启DHCP
[SW1]dhcp enable
#指定dhcp服务器的地址(192.168.10.2)
[SW1]dhcp relay server-group 1 ip 192.168.10.2
#调入relay 到vlan20

[RT1-vlan-interface20]dhcp select relay
[RT1-vlan-interface20]dhcp relay server-select 1

说明 这里的server-select 1 中的1表示上面的IP(192.168.10.2)
#开启客户端检测
[RT1-vlan-interface20]dhcp relay client-detect enable
#进入RT2上面

[RT2]int gi 0/0/0
[RT2-GigabitEthernet0/0/0]shutdown
[RT2-GigabitEthernet0/0/0]undo shutdown

发表评论

发表评论

*

沙发空缺中,还不快抢~