ZTE switch configuration commands
Summary of commonly used commands for ZTE switch configuration (extracted from the network)
Personal experience: Pay attention to various user modes when using commands.
Make it into an ordinary switch: put the 2-24 ports under VLAN1, if the 2-24 ports are isolated from each other, you can use PVLAN to delete the isolated ports.
2852s and 2826s configuration:
create a VLAN command as follows:
set vlan 10 enable ///create a vlan
set vlan 10 add port 1-24 untag ///add user ports in the created vlan
set vlan 10 add port 25 tag ///put The cascade port is added to vlan10, and it needs to be tagged, which is the trunk port.
set port 1-24 pvid 10 /// Add the user port added to vlan10, pvid to vlan10.
The switch user port must execute this command in the added vlan . (The default pvid is vlan10)
The command to delete vlan is as follows:
set vlan 10 delete port 1-24 ///delete user port
set vlan 10 delete port 25 ///delete cascade port
set vlan 10 disable ///delete vlan
set port 1-24 pvid 1 ///To restore the default settings, this command must be added, otherwise the information of set port 1-24 pvid 10 will be displayed in the show running-config information
, which will cause vlan users to use abnormally.
ENABLE password configuration:
zte>enable //Enter the global configuration mode
password: ***** //Enter the password to enter the global configuration mode, there is no password by default
zte(cfg)#adminpass zxr10 //Configure the password to enter the global configuration mode as zxr10
TELNET user Name and password configuration (in order to facilitate the maintenance of the device, sometimes it is necessary to modify the login user name or password, the configuration is as follows:)
zte(cfg)#create user zxr10 //create a user named zxr10
zte(cfg)#loginpass zxr10 //setting The login password is zxr10
zte(cfg)#show user //Display telnet login user information and current user name
Configure three-tier management or business address:
config router ///Enter config router mode
set ipport 0 ipaddress 10.20.20.1 255.255.255.0 / //Set layer 3 interface ip address and mask
set ipport 0 vlan 10 /// layer 3 port binding vlan
set ipport 0 enable /// enable layer 3 port
iproute 0.0.0.0 0.0.0.0 10.20.20.1 ///set The default route points to the gateway
T40G and 5228 switch Configuration:
Create vlan in batches Method:
zxr10#vlan database
zxr10(vlan)#vlan 10-20
In this way, consecutive vlans of numbers 10-20 are created, which is suitable for creating vlans in batches.
Add user port in vlan:
zxr10(config)vlan 10 ///Enter vlan10
zxr10(config-vlan)switchport pvid fei_1/1-24 ///Add port 1-24 in vlan10 as user port, default at this time The mode is already access mode.
Configure the trunk cascade port (in global mode):
interface fei_1/1 ///Enter the interface mode of the cascade port
switchport mode trunk ///Set the port mode to trunk
switchport trunk vlan 10 ///Bind the cascade port with vlan
Layer 3 interface address configuration:
interface vlan 10 ///Enter layer 3 vlan interface mode
ip address 10.20.20.1 255.255.255.0 ///Configure layer 3 ip address
28 series switch pvlan configuration:
set pvlan session 1 add isolated-port 1- 24 Add isolated port
set pvlan session 1 add promiscuous port 25 Add shared port
32 series switch pvlan configuration:
vlan private-map session-id 1 isolate fei_1/1-24 promis gei_3/1 Add isolated port and shared port
SNMP:
2826s:
create community zte private
create view zteview include 1.3.6.1
set community zte view zteview
set host 192.168.200.100 trap v2c zte
set trap coldstart enable
set trap warmstart enable
set trap linkup enable
set trap linkdown enable
set trap authenticationfail enable
set trap topologyChange enable
set trap memberUpDown enable
t40g:
snmp-server community zte view AllView rw
snmp-server host 192.168.200.100 trap version 2c zte udp-port 162
snmp-server enable trap
Use the Port-Security function of the switch to realize.
The following is a configuration example:
switch#config t
switch(config)#int f0/1
switch(config-if)#switchport mode access
//Set the port mode of the switch to access mode, pay attention to the lack of The province is dynamic
//The Port-security function cannot be used in dynamic ic mode
switch (config-if) #switchport port-security
//Open the port-security function
switch (config-if) #switchport port-security mac-address xxxx. xxxx.xxxx
//xxxx.xxxx.xxxx is the mac address you want to associate
switch (config-if) #switchport port-security maximum 1
//In fact, the default is 1
switch (config-if) #switchport port-security violation shutdown
//If it violates the rules, shut down the port
//At this time, when you show int f0/1, you will see that the interface is err-disable
Attachment:
switchport port-security command syntax
Switch(config-if)#switchport port-security?
aging Port-security aging commands
mac-address Secure mac address
//Set the secure MAC address
maximum Max secure addresses
//Set the maximum number of secure MAC addresses, the default is 1
violation Security violation mode
//Set after violating port security rules work, the default is shutdown