華為5752有效密碼 [email protected]
如果不行,可選擇嘗試huawei huawei.com www.huawei.com
a.交換機設定一個名稱
<quidway>sys
[quidway]sysname JSHQ-02c14-ChaoWei-1.31
b.交換機設定 Dns
[JSHQ-02c14-AS-1.30]dns server 114.114.114.114
c.交換機設定管理 IP
[JSHQ-02c14-ChaoWei-1.31]undo interface Vlanif 1
<删除vlan1>
[JSHQ-02c14-ChaoWei-1.31]vlan 1152
建立vlan1152
[JSHQ-02c14-ChaoWei-1.31]interface Vlanif 1152
[JSHQ-02c14-ChaoWei-1.31-Vlanif1152]ip address 10.196.1.31 255.255.128.0
配置管理IP
d.交換機設定靜态路由
[JSHQ-02c14-ChaoWei-1.31]ip route-static 0.0.0.0 0.0.0.0 10.196.0.1
e.交換機設定 snmp管理
[JSHQ-02c14-ChaoWei-1.31]snmp /啟用 snmp/
[JSHQ-02c14-ChaoWei-1.31]snmp-agent community read 1qazwsxdcv /設定隻讀字團 /
[JSHQ-02c14-ChaoWei-1.31]snmp-agent sys-info contact AnchNet.Inc
[JSHQ-02c14-ChaoWei-1.31]snmp-agent sys-info location Shanghai
[JSHQ-02c14-ChaoWei-1.31]snmp-agent sys-info version all/支援所有版本 /
f.交換機設定 telnet登陸
步驟一 建立公鑰
[JSHQ-02c14-ChaoWei-1.31]rsa local-key-pair create
The key name will be: Huawei_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 512]:1024
Generating keys...
............................++++++
...++++++
..++++++++
......++++++++
步驟二、配置VTY使用者界面
[JSHQ-02c14-ChaoWei-1.31]user-interface vty 0 4
[JSHQ-02c14-ChaoWei-1.31-ui-vty0-4]authentication-mode aaa
[JSHQ-02c14-ChaoWei-1.31-ui-vty0-4]protocol inbound ssh
[JSHQ-02c14-ChaoWei-1.31-ui-vty0-4]quit
步驟三、建立SSH使用者,并配置使用者的認證方式為password
[JSHQ-02c14-ChaoWei-1.31]ssh user anchnet authentication-type password
步驟四、配置SSH使用者的使用者名和密碼
[JSHQ-02c14-ChaoWei-1.31]aaa
[JSHQ-02c14-ChaoWei-1.31-aaa]local-user anchnet password cipher c15terminal
Info: Add a new user.
[JSHQ-02c14-ChaoWei-1.31-aaa]local-user anchnet privilege level 15
[JSHQ-02c14-ChaoWei-1.31-aaa]local-user anchnet service-type ssh
[JSHQ-02c14-ChaoWei-1.31-aaa]quitq
步驟五、使能STelent功能,并配置使用者的服務類型為STelnet
[JSHQ-02c14-ChaoWei-1.31]stelnet server enable
Info: Succeeded in starting the Stelnet server.
[JSHQ-02c14-ChaoWei-1.31]ssh user anchnet service-type stelnet
g.配置Eth-Trunk
#
interface Eth-Trunk1
description Shanglian_Public_BSC02_G3/0/22_3/0/23
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 88
interface Eth-Trunk2
description Shanglian_Private_BSC02_G2/0/22_2/0/23
port trunk allow-pass vlan 1152 2000 to 3000 4000
interface Eth-Trunk3
description To_C14_ChaoMi_10.196.1.31_G0/0/51_G0/0/52
port trunk allow-pass vlan 1151 to 1152 3000 4000
h.配置端口
interface GigabitEthernet0/0/47
description Shanglian_Public_G3/0/22
eth-trunk 1
interface GigabitEthernet0/0/48
description Shanglian_Public_G3/0/23
interface GigabitEthernet0/0/49
eth-trunk 3
interface GigabitEthernet0/0/50
interface GigabitEthernet0/0/51
description Shanglian_Private_G2/0/22
eth-trunk 2
interface GigabitEthernet0/0/52
description Shanglian_Private_G2/0/23
根生成樹保護
stp region-configuration
region-name anchnet
instance 1 vlan 80 to 1000
instance 2 vlan 2000 to 4000
active region-configuration
stp root-protection
stp edged-port enable
arp anti-attack check user-bind enable
ip source check user-bind enable
K. NTP服務的配置
設定時區
<S8505>clock timezone cst add 8
設定時間伺服器位址
[S8505]ntp-service unicast-server 10.1.100.88
檢視時間ntp狀态
<S8505>dis clock
檢視ntp服務會話
<S8505>dis ntp-service sessions
L、ACL配置(基于tracffic policy)
一、端口下隻不允許192.168.0.0通過
[Quidway]acl number 3000
[Quidway-acl-adv-3000]rule deny ip source 192.168.0.0 0.0.0.255
[Quidway]acl number 3001
[Quidway-acl-adv-3001]rule permit ip
--------------------------------------------------------------
二、定義拒絕的通路的 acl 流分類,關聯acl 3000
[Quidway]traffic classifier deny_ip
[Quidway-classifier-deny_ip]if-match acl 3000
三、定義拒絕的通路的 acl 流行為,動作為deny
[Quidway]traffic behavior deny_ip
[Quidway-behavior-deny_ip]deny
----------------------------------------------------------------
四、定義允許 通路的 acl 流分類,關聯acl 3001
[Quidway]traffic classifier permit_ip
[Quidway-classifier-permit_ip]if-match acl 3001
五、定義允許的通路的 acl 流行為,動作為permit:
[Quidway]traffic behavior permit_ip
[Quidway-behavior-permit_ip]permit
---------------------------------------------------------
六、定義政策,管理流分類跟流行為:
[Quidway]traffic policy acl_ip
[Quidway-trafficpolicy-per-deny]classifier permit_ip behavior pemit_ip
[Quidway-trafficpolicy-per-deny]classifier deny_ip behavior deny_ip 允許通路的放在前面,deny 的放在後面
七、在端口下發政策:
[Quidway]int Ethernet 0/0/1
[Quidway-Ethernet0/0/1]traffic-policy acl_ip inbound
[Quidway-Ethernet0/0/1]traffic-policy acl_ip outbound
ACL配置(基于tracffic-filter)
一、定義acl政策
[Huawei] acl number 2000
[Huawei-acl-basic-2000] rule deny source 192.168.1.0 0.0.0.255
[Huawei] acl number 3000
[Huawei-acl-basic-3000] rule deny tcp source 192.168.1.0 0.0.0.255 destination 23.1.1.0 0.0.0.255 description-port wq www
二、端口政策的應用
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1] traffic-filter inbound acl 2000
[Huawei-GigabitEthernet0/0/1] traffic-filter inbound acl 3000
M、端口限速政策配置()
[Huawei]traffic classifier 20M
[Huawei-classifier-20M]if-match any
[Huawei-classifier-20M]quit
[Huawei]traffic behavior 20M
[Huawei-behavior-20M]car cir 20480 cbs 65544444 pbs 65544444
[Huawei-behavior-20M]quit
[Huawei]traffic policy 20M
[Huawei-trafficpolicy-20M]classifier 20M behavior 20M
N、SNMP配置
snmp-agent /使能snmp服務/
snmp-agent local-engineid 000007DB7F000001000049DD /系統自動生成,無需配置/
snmp-agent community read public /設定讀團體名:public/
snmp-agent community write private /設定寫團體名:private/
snmp-agent sys-info contact Mr.Wang-Tel:3306 /設定聯系方式/
snmp-agent sys-info location 3rd-floor /設定裝置位置/
snmp-agent sys-info version v1 v3 /配置snmp版本允許V1(預設隻允許v3)/
snmp-agent target-host trap address udp-domain 129.102.149.23 udp-port 5000 par ams securityname public /允許向網管工作站(NMS)129.102.149.23發送Trap封包,使用的團體名為public/
本文轉自 Bill_Xing 51CTO部落格,原文連結:http://blog.51cto.com/zhanx/1979558
![高防伺服器、高防IP與高防CDN的差別[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)