Good afternoon, my network worker friend.
Regarding the switch , the club has talked about the content of no less than 20 issues.
Tips for connecting switches, configuration and deployment of switches, summary of switch commands, maintenance guides, networking solutions, key points for selection, etc.
Today we will continue to talk about Layer 3 switches .
When we need to transmit data between different LANs or VLANs, Layer 2 switches are not enough.
At this time, a layer-3 switch is needed.
Many newcomers are always asking how to configure a Layer 3 switch and what are the commonly used configuration commands .
Today's article reading benefits: "Page 1134 - Huawei Ethernet Switch Configuration Guide"
Let me share with you a Huawei switch configuration guide, including VLAN, MAC, QinQ, MSTP, etc. There are descriptions of the principles of various protocols and detailed configuration steps.
Private message me , note "configuration guide", you can get 1134 pages of complete resources.
01 Assign VLAN to the switch
Vlan is the meaning of virtual local area network, which is equivalent to a local area network working group.
"Vlan number" can be understood as a number of vlans.
For example, vlan 2 is the vlan numbered 2, which is just a number. It does not mean that the network segment of vlan 2 must be 2 network segments. The IP address of vlan2 can be set at will.
Next, I will add the 20th port of the layer-3 switch to vlan 10, the steps are as follows:
01 Add VLAN 10 to the switch
system-view (一般用缩写:sys)
[Quidway] vlan 10 (添加编号为10的vlan)[Quidway-vlan10] quit (一般缩写:q)02 Set the IP address of vlan 10
Set the IP address of vlan 10 to 192.168.66.66 and the gateway to 255.255.255.0.
[Quidway]interface vlanif 10 (interface一般可以缩写为:int ;vlanif也可以只写vlan)
[Quidway-vlanif10] ip address 192.168.66.66 255.255.255.0 (address缩写add)
[Quidway-vlanif10]quit03 Set the mode of the 20th port on the switch to access
[Quidway]interface vlanif 10 (interface一般可以缩写为:int ;vlanif也可以只写vlan)
[Quidway-vlanif10] ip address 192.168.66.66 255.255.255.0 (address缩写add)
[Quidway-vlanif10]quit
[Quidway] int gigabitethernet 0/0/20 (gigabitethernet:千兆以太网口)
[Quidway-GigabitEthernet0/0/20] port link-type access (port:端口)
[Quidway-GigabitEthernet0/0/20]quit04 Add the 20th port to vlan 10
[Quidway] vlan 10
[Quidway-vlan10] port gigabitethernet 0/0/20 (如果是多个连续端口,用XX to XX)
[Quidway-Vlan10]quitIn this way, the 20th port on the switch is successfully added to the VLAN numbered 10, and the VLAN division is these 4 steps.
2 steps to set vlan, 2 steps to set port.
Now you can use a network cable to connect the 20th port of the switch to the computer network card.
Set the network card address to 192.168.66.XX, the gateway to 192.168.66.66, and ping 192.168.66.66 in CMD can be pinged.
02 Delete VLAN
01 Use the "undo int vlan 2" command to delete the vlan port
In the system view, use the "undo int vlan 2" command to delete the Layer 3 interface of vlan 2, so that vlan 2 will no longer exist.
However, those ports assigned to vlan 2 are still in vlan 2. At this time, those ports can be released so that they no longer belong to any vlan.
02 Use the "undo vlan 2" command to delete the Layer 2 port
In the system view, use the "undo vlan 2" command to delete the Layer 2 port. This command can release the ports originally assigned to vlan 2, and now they do not belong to any vlan.
Of course, if you change a certain port on the switch to a certain vlan, you can directly add the port in the vlan view.
Notice:
A port on the switch is set to access mode, and a vlan is added.
If you want to change the mode of this port to trunk, it is not acceptable to directly mark "port link-type trunk" in the port view, and Error: Please renew the default configurations will appear.
At this time, you need to delete this port from the VLAN first, that is, let this port not belong to any VLAN as mentioned above, and then you can set this port as a trunk.
03 Speed limit through ports
Now it is necessary to limit the speed of the second port on the switch, so that the download speed through this port does not exceed 128KB/S
Configuration command description:
Inbound: limit the rate of inbound packets
Outbound: limit the rate of outbound packets
sys
[Quidway] intgigabitethernet 0/0/2
[Quidway-GigabitEthernet0/0/2] qos lr outbound cir 1024 cbs204800(1024代表1M的带宽,理论下载速度就是128KB/S,204800=1024*200,cbs代表突发信息速率 cir代表承诺信息速率 )After this command is executed, the download speed of port 2 is limited within 128KB/S.
The actual speed measurement shows that this speed limit value is the speed after the data flow of the port is stabilized, and its short-term peak value is much higher than 128KB/S.
This should be a process that the switch needs from detecting the port traffic to starting the speed limit. After the download speed is stable, it hovers around 128KB/S, and the effect is still good.
It is much better than router speed limit and speed limit software. The most critical switch is stable.
Note: Cancel the speed limit method
[Quidway-GigabitEthernet0/0/2] undo qos lr outbound
04 Configure the DHCP server based on the address pool
01 Start the DHCP service globally
sys
[Quidway] dhcp enable02 Configure the attributes of IP address pool 10
Configure the attributes of IP address pool 10 (address pool range, dns address, egress gateway, address pool lease period)
[Quidway] ip pool 10
Info:It's successful to create an IP address pool.
[Quidway-ip-pool-10] network 192.168.10.0 mask 255.255.255.0
[Quidway-ip-pool-10] dns-list 202.103.24.68
[Quidway-ip-pool-10] gateway-list 192.168.10.1
[Quidway-ip-pool-10] lease day 10
[Quidway-ip-pool-10] q03Add interface GE0/0/1 to VLAN 10
[Quidway] vlan 10
[Quidway-vlan10] port gigabitethernet 0/0/1 (如果是多个连续端口,用XX to XX)
[Quidway-Vlan10]quit04 Configure the client under the VLANIF10 interface to obtain an IP address from the global address pool
[Quidway]int vlan 10
[Quidway-vlanif10] ip add 192.168.10.1 24
[Quidway-vlanif10] dhcp select global
[Quidway-vlanif10] qAt this time, you can use the "dis ip pool" command to view the configuration of the IP address pool
Finally, you can verify whether it is successful on the computer
05 telnet remote login settings
system-view
[Quidway]aaa (进入aaa视图)
[Quidway-aaa] local-user tcwq passwordcipher tcwq (cipher是暗号的意思,password cipher就是指密码显示出来的是乱码,在用dis cur命令时,看到的密码是乱码)
[Quidway-aaa] local-user tcwq passwordsimple tcwq (simple是简单的意思,passwor simple:弱口令,可以理解为明文,和cipher是相对的,在用dis cur命令时,看到的密码是明文)
[Quidway-aaa] local-user tcwq service-type telnet (设置用户tcwq的登录方式为telnet)
[Quidway-aaa] local-user tcwqprivilege level 3 (privilege level:权限级别,3为最高级别,拥有最高权限)
[Quidway-aaa] q
[Quidway]user-interface vty 04 (vty:虚拟终端,0 4代表有0到4一共最多5个终端可以同时登录到交换机)
[Quidway-vty0-4]authentication-modeaaa (authentication:认证,验证。验证模式设置为aaa模式)
[Quidway -ui-vty0-4]qAfter setting, you can telnet the gateway in cmd and log in to the switch.
The following is a screenshot of S5324 and S5700 after successfully configuring telnet:
Note: When the verification fails, disabling and enabling the network card can solve the problem.
06 Configure FTP server
Create an FTP server, the user name is tcwq, and the password is tcwq
sys
[Quidway] ftp server enable (开启FTP服务)
[Quidway] aaa
[Quidway-aaa] local-user tcwq passwordsimple tcwq
[Quidway-aaa] local-usertcwq service-type ftp
[Quidway-aaa] local-usertcwq ftp-directory flash:/ (配置FTP用户的访问路径,如果不配置这一项,登录时会提示“530 logged incorrect”)
[Quidway-aaa] qAt this time, use a network cable to connect the computer network card to a port on the switch.
The computer IP is set to the address on the same network segment as the gateway of the Vlan where the port is located (such as IP: 192.168.1.128, gateway: 192.168.1.1).
Enter FTP 192.168.1.1 in the CMD command line to enter the FTP authentication interface, enter the account tcwq, password tcwq, and log in.
After logging in to ftp, you can download files from the Flash of the switch to the computer (the location of the downloaded file is the drive letter before logging in to the ftp server.
As shown in the figure above, you log in to FTP from the root directory of F disk, then the files will be downloaded to the root directory of F disk).
You can also select files from the computer and upload them to the Flash of the switch (the speed is very fast, much faster than serial port burning), and you can also delete files in the flash
ftp>dir (查看文件)
ftp>getvrpcfg.zip (下载文件名为“vrpcfg.zip”的文件)
ftp>put f:\S5700\web.zip (将电脑F盘里名字为S5700的文件夹里的web.zip文件上传的交换机的Flash里)
ftp>deleteweb.zip (删除文件名为“web.zip”的文件) 07 WEB page management
Layer 3 switches can manage web pages, provided that the HTTP service is enabled, and the switch Flash has web management files and has been successfully loaded.
The FTP server configuration was performed in the previous step. If there is no WEB management file with the ZIP suffix in the switch, you need to upload the WEB management file to Flash using FTP first.
ftp> put f:\S5700\web.zip
200 Port command okay.
150 Opening ASCII mode data connection for web.zip.
226 Transfer complete.When it is displayed here, it means that the web.zip file has been successfully uploaded to Flash.
Next, you need to load the web.zip just uploaded in the terminal or telnet
sys
[Quidway] http server loadweb.zip (加载web.zip)Next, you can start the HTTP service. Before web.zip is loaded, the HTTP service cannot be started.
[Quidway] http server enableNow create a network management account, account name xxx, password xxx.
[Quidway] aaa
[Quidway-aaa] local-user xxx passwordsimple xiaodong
[Quidway-aaa] local-user xxx service-typehttp
[Quidway-aaa] qAt this time, you can open the browser on the computer, enter 192.168.1.1, enter the login verification interface, enter the account xxx, password xxx, verification code, and you can log in.
Finishing: Lao Yang 丨 10-year senior network engineer, more network workers to improve dry goods, please pay attention to the official account: Network Engineer Club