点击刷新
零 修订记录
| 序号 | 修订内容 | 修订时间 |
|---|---|---|
| 1 | 新增 | 20210422 |
一 摘要
本文主要介绍H3C 交换机常用配置
二 环境信息
(一)机器信息
| 机器型号 | 机器名称 | 用途 |
|---|---|---|
| LS-6860-54HF | A3_1F_DC_openstack_test_jieru_train-irf_b02&b03 | 接入层,用于接入openstack 集群 |
三 常用配置
(一)A3_1F_DC_openstack_test_jieru_train-irf_b02&b03
使用两台LS-6860-54HF,配置堆叠,两台交换机对应端口做端口聚合
3.1.1 修改交换机时间
<A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>display clock
22:10:06.169 UTC Fri 01/07/2011
<A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>
<A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>system-view
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]clock protocol none
#关闭protocol ,缺省情况下,默认开启,由缺省MDC获取系统时间
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]clock timezone beijing add 8
<A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>clock datetime 14:20:30 2021/4/22
<A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>display clock
14:20:34.266 beijing Thu 04/22/2021
Time Zone : beijing add 08:00:00
3.1.2 备份配置文件
<A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.
Slot 2:
Save next configuration file successfully.
3.1.3 配置堆叠
堆叠配置信息:
堆叠口
te1/0/47 te1/0/48
te2/0/47 te2/0/48
堆叠检测口
te1/0/46 te2/0/46
3.1.4 常看UP 接口信息
<A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>display interface brief | include UP
InLoop0 UP UP(s) --
NULL0 UP UP(s) --
REG0 UP -- --
Vlan1 UP UP --
Vlan81 UP UP 10.3.181.251
Vlan140 UP UP 10.3.140.1
Vlan141 UP UP 10.3.141.1
Vlan142 UP UP 10.3.142.1
Vlan143 UP UP 10.3.143.1
Vlan144 UP UP 10.3.144.1
Vlan145 UP UP 10.3.145.1
Vlan146 UP UP 10.3.146.1
Vlan147 UP UP 10.3.147.1
Vlan148 UP UP 10.3.148.1
Vlan149 UP UP 10.3.149.1
Vlan1000 UP UP 1.1.1.2 bfd
BAGG1 UP 20G(a) F(a) T 1 ithi
BAGG7 UP 10G(a) F(a) A 140
BAGG8 UP 20G(a) F(a) A 140
BAGG9 UP 10G(a) F(a) A 140
BAGG25 UP 10G(a) F(a) T 1
3.1.5 查看链路聚合详细信息
<A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>dis link-aggregation verbose
3.1.6 配置链路聚合(trunk)
检查是否已配置过该链路聚合
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]dis link-aggregation verbose | include 25
XGE1/0/8 255 1 15 0xffff, 6c92-bff6-2a71 {ACDEF}
XGE2/0/8 255 2 15 0xffff, 6c92-bff6-2a71 {ACDEF}
Aggregate Interface: Bridge-Aggregation25
XGE1/0/25(R) S 32768 7 4 {ACDEFG}
XGE2/0/25 U 32768 8 4 {ACG}
XGE1/0/25 32768 0 0 0x8000, 0000-0000-0000 {DEF}
XGE2/0/25 32768 0 0 0x8000, 0000-0000-0000 {DEF}
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]dis link-aggregation verbose | include 31
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface Bridge-Aggregation 31
//创建端口聚合31
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation31]quit
//退出 端口聚合31
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface te1/0/31
//进入 te1/0/31 端口
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet1/0/31]port link-aggregation group 31
// 将该端口加入 端口聚合31
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet1/0/31]quit
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface te2/0/31
//进入 te2/0/31 端口
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet2/0/31]port link-aggregation group 31
// 将该端口加入 端口聚合31
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet2/0/31]quit
//再次 进入端口聚合31
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface Bridge-Aggregation 31
//配置为trunk
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation31]port link-type trunk
Configuring Ten-GigabitEthernet1/0/31 done.
Configuring Ten-GigabitEthernet2/0/31 done.
//取消vlan 1
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation31]undo port trunk permit vlan 1
Configuring Ten-GigabitEthernet1/0/31 done.
Configuring Ten-GigabitEthernet2/0/31 done.
// permit vlan 140 149
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation31]port trunk permit vlan 140 to 149
Configuring Ten-GigabitEthernet1/0/31 done.
Configuring Ten-GigabitEthernet2/0/31 done.
// 配置动态链路聚合
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation31]link-aggregation mode dynamic
// 查看整体配置
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation31]display this
#
interface Bridge-Aggregation31
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 140 to 149
link-aggregation mode dynamic
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation31]
3.1.7 修改链路聚合配置
比如将trunk 配置改为access 等配置
首先清空原配置,然后配置新配置。
当前配置
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface Bridge-Aggregation 32
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]display this
#
interface Bridge-Aggregation32
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 140 to 149
link-aggregation mode dynamic
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]
恢复默认配置
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]default
This command will restore the default settings. Continue? [Y/N]:y
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]display this
#
interface Bridge-Aggregation32
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]
添加access vlan 141
添加动态链路聚合
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]port access vlan 141
Configuring Ten-GigabitEthernet1/0/32 done.
Configuring Ten-GigabitEthernet2/0/32 done.
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]link-aggregation mode dynamic
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]display this
#
interface Bridge-Aggregation32
port access vlan 141
link-aggregation mode dynamic
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation32]
3.1.6 配置链路聚合(access)
检查是否已配置过该链路聚合
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]dis link-aggregation verbose | include 1
Aggregate Interface: Bridge-Aggregation1
XGE1/0/45(R) S 32768 1
XGE2/0/45 S 32768 1
System ID: 0x8000, 1451-7e9e-a59a
可见 Bridge-Aggregation1 名称用了, 但实际用的是45port
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface Bridge-Aggregation 1111
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation1111]quit
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface te1/0/1
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet1/0/1]port link-aggregation group 1111
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet1/0/1]quit
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface te2/0/1
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet2/0/1]port link-aggregation group 1111
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet2/0/1]quit
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface Bridge-Aggregation 1111
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation1111]port access vlan 140
Configuring Ten-GigabitEthernet1/0/1 done.
Configuring Ten-GigabitEthernet2/0/1 done.
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation1111]link-aggregation mode dynamic
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation1111]display this
#
interface Bridge-Aggregation1111
port access vlan 140
link-aggregation mode dynamic
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Bridge-Aggregation1111]
3.1.7 端口从链路聚合里删除
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface te2/0/25
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet2/0/25]display this
#
interface Ten-GigabitEthernet2/0/25
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 140 to 149
port link-aggregation group 25
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet2/0/25]undo port link-aggregation group
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet2/0/25]display this
#
interface Ten-GigabitEthernet2/0/25
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 140 to 149
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Ten-GigabitEthernet2/0/25]
3.1.8 vlan 网络隔离
通过acl 实现vlan 网络隔离
<A3_1F_DC_openstack_test_jieru_train-irf_b02&b03>system-view
System View: return to User View with Ctrl+Z.
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]acl advanced 3001
// 新建acl
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]rule 1 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.14
5.0 0.0.0.255
//配置规则 禁止访问10.3.145.0/24
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]rule 2 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.14
6.0 0.0.0.255
//配置规则 禁止访问10.3.146.0/24
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]rule 20 permit ip
//允许其他ip
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]exit
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]interface Vlan-interface 143
//进入vlan 143
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Vlan-interface143]display this
#
interface Vlan-interface143
ip address 10.3.143.1 255.255.255.0
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Vlan-interface143]packet-filter 3001 inbound
// vlan 143 inbound 方向下发acl
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Vlan-interface143]display this
#
interface Vlan-interface143
ip address 10.3.143.1 255.255.255.0
packet-filter 3001 inbound
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-Vlan-interface143]exit
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]display acl 3001
Advanced IPv4 ACL 3001, 3 rules,
ACL's step is 5, start ID is 0
rule 1 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.145.0 0.0.0.255
rule 2 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.146.0 0.0.0.255
rule 20 permit ip
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]
通过配置counting,检测acl 是否生效
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]acl advanced 3001
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]display this
#
acl advanced 3001
rule 1 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.145.0 0.0.0.255
rule 2 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.146.0 0.0.0.255
rule 20 permit ip
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]undo rule 1
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]undo rule 2
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]undo rule 20
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]display this
#
acl advanced 3001
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]rule 1 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.14
5.0 0.0.0.255 counting
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]rule 2 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.14
6.0 0.0.0.255 counting
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]rule 20 permit ip counting
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]display this
#
acl advanced 3001
rule 1 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.145.0 0.0.0.255 counting
rule 2 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.146.0 0.0.0.255 counting
rule 20 permit ip counting
#
return
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03-acl-ipv4-adv-3001]
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]dis packet-filter statistics interface Vlan-interface 143 inbound
Interface: Vlan-interface143
Inbound policy:
IPv4 ACL 3001
rule 1 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.145.0 0.0.0.255 counting (14 packets)
rule 2 deny ip source 10.3.143.0 0.0.0.255 destination 10.3.146.0 0.0.0.255 counting (21 packets)
rule 20 permit ip counting (63 packets)
[A3_1F_DC_openstack_test_jieru_train-irf_b02&b03]
© 著作权归作者所有
举报
发表评论
0/200
