華為S系列交換機配置

----------配置Telnet---------
以本地PC登錄遠程的HUAWEI為例，Telent登錄配置如下：

1、開啟telnet服務(V200R005之前版本默認開啟telnet服務功能，可以不配置該項；V200R005及之后版本缺省關閉telnet服務功能，需手動打開telnet服務功能)
[HUAWEI]telnet server enable
2、在VTY口下配置認證方式為aaa，以及允許telnet協議
[HUAWEI] user-interface vty 0 4
[Server-ui-vty0-4] user privilege level 15
[HUAWEI-ui-vty0-4] authentication-mode aaa
[HUAWEI-ui-vty0-4] protocol inbound telnet //允許telnet協議，可以配置為all，即同時放行ssh和telnet
[HUAWEI-ui-vty0-4] quit
3、在aaa下配置telnet賬號密碼
[HUAWEI] aaa
[Server-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789//配置賬號，用戶名admin1234，密碼Helloworld6789123
//(僅V200R003及之后版本才支持使用不可逆算法（irreversible-cipher）進行了加密，之前版本可以使用可逆加密算法（cipher）。密碼強度太低會報錯。)
[HUAWEI-aaa] local-user admin1234 privilege level 15
[HUAWEI-aaa] local-user admin1234 service-type telnet //給賬號開啟telnet服務，還可以在后面跟http ssh 等，同時開始多種服務
[HUAWEI-aaa]quit
4、 在V200R020C00及之后版本，增加了安全機制，需要執行telnet的源接口，需要配置telnet server-source -i interface-type interface-number命令，指定接口為Telnet服務器端的源接口。如果無特殊接口要求，可以配置 telnet server-source all-interface，允許源接口為設備上所有配置了IPv4地址的接口，指定為所有會增加了系統安全風險，不建議用戶配置該命令。
舉例：
[HUAWEI] telnet server-source all-interface
5、客戶端登錄
進入管理員PC的Windows的命令行提示符，執行相關命令，通過Telnet方式登錄設備
C:\Documents and Settings\Administrator> telnet 10.137.217.177
輸入Enter鍵后，在登錄窗口輸入AAA驗證方式配置的登錄用戶名和密碼，驗證通過后，出現用戶視圖的命令行提示符，至此用戶成功登錄設備。

#查看設備的生產日期
<HUAWEI> display device manufacture-info

 

#查看設備的版本信息，包括型號、運行時間等
[HUAWEI] display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.160 (S5720 V200R007C00) //VRP版本及發布版本
Copyright (C) 2000-2014 HUAWEI TECH CO., LTD
HUAWEI S5720-56C-HI-AC Routing Switch uptime is 0 week, 1 day, 3 hours, 24 minutes ///設備的硬件名稱及系統運行時間
ES5D2T52C001 0(Master) : uptime is 0 week, 1 day, 3 hours, 23 minutes
4095M bytes DDR Memory
64M bytes FLASH
Pcb Version : VER.A
Basic BootROM Version : 0207.0015 Compiled at Mar 20 2014 , 22:53:47
BootLoad Version : 0207.0015 Compiled at Mar 14 2014 , 13:33:43
CPLD Version : 256
Software Version : VRP (R) Software, Version 5.160 (V200R007C00) //軟件版本，包括VRP的版本和設備的軟件版本
SLOT2 information //后插卡信息。如果設備沒有后插卡，則不顯示此信息
Pcb Version : ES5D21X04S01 VER.A
PWR1 information //可插拔電源模塊信息。如果設備沒有可插拔電源模塊，則不顯示此信息。
Pcb Version : PWR VER.A

#查看當前設備保存的歷史命令
display history-command

#查看光模塊類型、波長、傳輸距離、功率等
<HUAWEI>display transceiver interface XGigabitEthernet 1/1/0/1 verbose
XGigabitEthernet1/1/0/1 transceiver information:
Common information:
Transceiver Type :10GBBASE_SR_SFP //光模塊類型
Connector Type :LC
Wavelength(nm) :850 //波長
Transfer Distance(m) :33(OM1),82(OM2),300(OM3),400(OM4)//最長距離。OM、50/62.5um表示多模，9um表示單模
Digital Diagnostic Monitoring :YES
Vendor Name :HUAWEI //廠家信息
Vendor Part Number :02318169 //BOM碼，申請備件會用到
Ordering Name :
Manufacture information:
Manu. Serial Number :CE26HP1DC //OEM序列號，華為序列號要在模塊上掃碼
Manufacturing Date :2014-06-26
Vendor Name :HUAWEI
Diagnostic information:
Current Rx Power(dBM) :-3.89 //當前接收光功率，正常情況在以下兩值之間
Default Rx Power High Threshold(dBM) :1.00
Default Rx Power Low Threshold(dBM) :-11.90
Current Tx Power(dBM) :-2.48 //當前發送光功率，正常情況在以下兩值之間
Default Tx Power High Threshold(dBM) :1.00
Default Tx Power Low Threshold(dBM) :-9.30

# 設置系統的日期、時間和時區

<HUAWEI> clock timezone BJ add 08:00:00
<HUAWEI> clock datetime 20:10:00 2012-07-26

 

[Huawei]display current-configuration //查看當前配置信息

sysname Switch1 //修改交換機名稱
----------------------------vlan-----------------------------------
[Huawei]vlan batch 2 3 4 //創建vlan
[Huawei]vlan batch 2 to 10 //創建2到10vlan
[Huawei]undo interface Vlanif 2 //刪除Vlan
[Huawei]display vlan //查看vlan配置信息
//接口刪除vlan
[HUAWEI] interface GigabitEthernet 0/0/8
[HUAWEI-GigabitEthernet0/0/8] undo port default vlan //接口從vlan中刪除

 

//vlan設置IP跟DNS
[Huawei]interface Vlanif60
ip address 192.168.60.254 255.255.255.0
dhcp select interface
dhcp server dns-list 61.134.1.4
//接口設置模式並加入vlan
[Huawei]interface GigabitEthernet0/0/6
[HUAWEI-GigabitEthernet0/0/6]port link-type access
[HUAWEI-GigabitEthernet0/0/6]port default vlan 20
//接口模式設置trunk
[Huawei]interface GigabitEthernet0/0/20
[HUAWEI-GigabitEthernet0/0/20]port link-type trunk
[HUAWEI-GigabitEthernet0/0/20] port trunk pvid vlan 8 //接口加入vlan8
[HUAWEI-GigabitEthernet0/0/20] port trunk allow-pass vlan 2 to 4094 //允許vlan2到vlan4094從此接口通過

[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.50.2（外網） //公司內部網絡訪問外網從192.168.50.2這個地址口出去
[Huawei]ip route-static 192.168.2.0 255.255.255.0 192.168.8.2 //訪問192.168.2.0網段地址從192.168.8.2口進
save //保存配置
undo ip route-static 192.168.10.0 24 //刪除出口路由器到內網的靜態路由

[CORE1-GigabitEthernet0/0/5] clear configuration interface GigabitEthernet 0/0/5 //清除接口配置
[CORE1-GigabitEthernet0/0/5] undo shutdown
[CORE1-GigabitEthernet0/0/5]dis this
[CORE1-GigabitEthernet0/0/5] quit

-----------------------接口速率配置--------------------------
1. 配置交換機雙工模式，先關閉自動協商功能，再手工指定雙工模式為全雙工
[S2]inter g0/0/1
[S2-GigabitEthernet0/0/1]undo negotiation auto   //關閉自動協商
[S2-GigabitEthernet0/0/1]duplex full    //指定全雙工
2. 配置交換機接口速率，
<1>關閉自協商，配置e0/0/1接口速率為10Mbit/s
[S2]inter e0/0/1
[S2-Ethernet0/0/1]undo negotiation auto
[S2-Ethernet0/0/1]speed 10

<2>配置G0/0/2接口的速率為100Mbit/s
[Huawei-GigabitEthernet0/0/1]inter g0/0/2
[Huawei-GigabitEthernet0/0/2]undo negotiation auto
[Huawei-GigabitEthernet0/0/2]speed 100

-----------------------交換機補丁升級-------------------------
對於S系列和E系列交換機（S1700除外）來說，補丁是一種與系統軟件兼容的軟件，用於解決系統軟件的少量且急需解決的Bug。分為冷補丁CP和熱補丁HP。冷補丁需要重啟設備才能生效，而熱補丁HP加載到設備后，無需重啟即可生效。有SPH標志為熱補丁，SPC為冷補丁，補丁擴展名是“.pat”。
1. 冷補丁加載的操作和升級操作相同，可以參見：
a、將補丁通過FTP或TFTP方式上傳至設備；
上傳補丁文件方法請參考使用FTP/TFTP傳輸文件
b、用戶視圖下執行dir命令確認補丁文件是否已上傳成功；
<HUAWEI> dir
c、用戶視圖下執行startup patch XXX配置下次啟動使用的補丁文件；
<HUAWEI> startup patch s5700.dat
d.執行display startup確認下次啟動補丁是否正確；
<HUAWEI> display startup
e.執行reboot重啟設備，使系統加載補丁。
<HUAWEI> reboot
2. 熱補丁加載的配置方法有如下兩種：
# 以加載熱補丁patch.pat並查看補丁狀態為例
方法一：
<HUAWEI> patch load patch.pat all //加載補丁包文件
<HUAWEI> patch active all //激活補丁文件
<HUAWEI> patch run all //運行補丁文件
<HUAWEI> display patch-information //驗證補丁是否加載成功，顯示補丁狀態為Running
方法二：
<HUAWEI> patch load patch.pat all run //加載補丁包文件
<HUAWEI> display patch-information //驗證補丁是否加載成功，顯示補丁狀態為Running

-------------太網接口切換到三層模式-------------------------------
執行命令system-view，進入系統視圖。
執行命令interface interface-type interface-number，進入以太網接口視圖。
執行命令undo portswitch，配置接口切換到三層模式。

------------------------S系列設備組件堆疊---------------------------------------
SwitchA、SwitchB和SwitchC三台接入交換機采用環形堆疊組網，並通過跨設備Eth-Trunk連接上層設備SwitchD。其中，SwitchA、SwitchB和SwitchC的角色分別為主、備、從，堆疊ID分別為0、1、2，優先級分別為200、100、100。由於組成堆疊的成員交換機在邏輯上是一個整體，所以整個網絡在擴展了端口數量的同時也方便了用戶對網絡的管理和維護。

 

配置邏輯堆疊端口並加入物理成員端口
# 配置SwitchA的業務口GigabitEthernet0/0/27、GigabitEthernet0/0/28為物理成員端口，並加入到相應的邏輯堆疊端口。

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface stack-port 0/1
[SwitchA-stack-port0/1] port interface gigabitethernet 0/0/27 enable
Warning: Enabling stack function may cause configuration loss on the interface. Continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait.
[SwitchA-stack-port0/1] quit
[SwitchA] interface stack-port 0/2
[SwitchA-stack-port0/2] port interface gigabitethernet 0/0/28 enable
Warning: Enabling stack function may cause configuration loss on the interface. Continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait.
[SwitchA-stack-port0/2] quit
# 配置SwitchB的業務口GigabitEthernet0/0/27、GigabitEthernet0/0/28為物理成員端口，並加入到相應的邏輯堆疊端口。

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] interface stack-port 0/1
[SwitchB-stack-port0/1] port interface gigabitethernet 0/0/27 enable
Warning: Enabling stack function may cause configuration loss on the interface. Continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait.
[SwitchB-stack-port0/1] quit
[SwitchB] interface stack-port 0/2
[SwitchB-stack-port0/2] port interface gigabitethernet 0/0/28 enable
Warning: Enabling stack function may cause configuration loss on the interface. Continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait.
[SwitchB-stack-port0/2] quit
# 配置SwitchC的業務口GigabitEthernet0/0/27、GigabitEthernet0/0/28為物理成員端口，並加入到相應的邏輯堆疊端口。

<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] interface stack-port 0/1
[SwitchC-stack-port0/1] port interface gigabitethernet 0/0/27 enable
Warning: Enabling stack function may cause configuration loss on the interface. Continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait.
[SwitchC-stack-port0/1] quit
[SwitchC] interface stack-port 0/2
[SwitchC-stack-port0/2] port interface gigabitethernet 0/0/28 enable
Warning: Enabling stack function may cause configuration loss on the interface. Continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait.
[SwitchC-stack-port0/2] quit
配置堆疊ID和堆疊優先級
# 配置SwitchA的堆疊優先級為200。

[SwitchA] stack slot 0 priority 200
Warning: Please do not frequently modify Priority because it will make the stack split. Continue? [Y/N]:y
# 配置SwitchB的堆疊ID為1。

[SwitchB] stack slot 0 renumber 1
Warning: All the configurations related to the slot ID will be lost after the slot ID is modified.
Do not frequently modify the slot ID because it will make the stack split. Continue? [Y/N]:y
Info: Stack configuration has been changed, and the device needs to restart to make the configuration effective.
# 配置SwitchC的堆疊ID為2。

[SwitchC] stack slot 0 renumber 2
Warning: All the configurations related to the slot ID will be lost after the slot ID is modified.
Do not frequently modify the slot ID because it will make the stack split. Continue? [Y/N]:y
Info: Stack configuration has been changed, and the device needs to restart to make the configuration effective.
SwitchA、SwitchB、SwitchC下電，使用SFP+電纜連接后再上電

配置跨設備Eth-Trunk
在堆疊系統上行鏈路上配置跨設備Eth-Trunk，具體配置過程請參見配置堆疊Eth-Trunk示例。

驗證配置結果
# 查看堆疊系統的基本信息。

[SwitchA] display stack
Stack mode: Service-port
Stack topology type : Ring
Stack system MAC: 0018-82d2-2e85
MAC switch delay time: 10 min
Stack reserved vlan : 4093
Slot of the active management port: --
Slot Role Mac address Priority Device type
-------------------------------------------------------------
0 Master 0018-82d2-2e85 200 S5720-28P-LI-AC
1 Standby 0018-82c6-1f44 100 S5720-28P-LI-AC
2 Slave 0018-82c6-1f4c 100 S5720-28P-LI-AC

<HUAWEI> display VLAN 4093

Error: The VLAN does not exist.

 

#If the VLAN is in use and cannot be free, we can use this command to choose another VLAN ID to stack creation:

 

stack reserved-vlan vlan-id

 

#After this process, the standby equipment can complete the normal BOOT process and the result will be like this:

 

<HUAWEI> display stack
Stack mode: Service-port
Stack topology type: Link
Stack system MAC: 0018-82b1-6eb4
MAC switch delay time: 2 min
Stack reserved vlan: 4093
Slot of the active management port: --
Slot Role Mac address Priority Device type
-------------------------------------------------------------
0 Master 0018-82b1-6eb4 200 S5720-28P-LI-AC
1 Standby 0018-82b1-6eba 150 S5720-28P-LI-AC