"Common Switch Configuration"

"Common Switch Configuration"

1. Telnet management

Example: Huawei S5700

The management address of the switch is 192.168.100.254, and the computer can ping the switch.

illustrate:

Students who have listened to the teacher's course know that telnet is transmitted in plain text. During the course, we can see the password by capturing packets.

If there are security requirements, it is recommended to use SSH management.

Configuration steps:

## Note, if other network segments need to manage the switch, a static route must be configured, the next hop exit is 100.253

## ip route-static 0.0.0.0 0.0.0.0 192.168.100.253

#1. Create the management VLAN first: 
vlan 100 
quit 

#2. Add the management port to VLAN 100: 
int g0/0/1 
 port link-type access 
 port default vlan 100 
 quit 

#3. Configure the management IP address on the management VLAN interface: 
interface vlan 100 
 ip address 192.168.100.254 255.255.255.0 
 quit 

#4. Enable telnet service 
telnet server enable 

#5. Enter the aaa authentication view and establish user password, service type and authority: 
 aaa 
 local-user admin password cipher admin123    
 local-user admin service- type telnet          
 local-user admin privilege level 15            
 quit 

#6. Enter vty interface view: authentication mode is aaa mode\protocol is all types 
user-interface vty 0 4             
 authentication-mode aaa           
 protocol inbound all              
 quit
 
 

Two, VLAN configuration

#There are two ways to add ports to VLAN: 
#1. Create management VLAN first:                                                         
vlan 100 

vlan batch 10 20 30 #Create discontinuous VLANs in batches 

vlan batch 40 to 60 #Create continuous VLANs in batches 



#2. Add ports to VLAN 100 :                       
int g0/0/1                         
 port link-type access                 
 port default vlan 100                
 quit 



#(Create a port group and add discontinuous ports to the group) 
port-group group-member g0/0/11 g0/0/13 g0/0/ 15   
 port link-type access 
 port default vlan 100 
 quit       
 
 
#(Create a port group and add consecutive ports to the group) 
port-group group-member g0/0/21 to g0/0/40    
 port link-type access                        
 port default vlan 100 
 quit


#3. The port is changed from VLAN100 to VLAN200 
int g0/0/1                               
 port default vlan 200          
 quit 


#4. Trunk configuration 
int g0/0/1                       
 port link-type trunk                       
 port trunk allow-pass vlan 10 20 30 #Allow specific VLAN Through 
 quit 

port trunk allow-pass vlan 40 to 80 #Allow continuous VLANs to pass through 

port trunk allow-pass vlan all #Allow all VLANs to pass 



#5, to switch between trunk and access, you need to configure these commands before you can configure 
#access port normally To trunk port: 

undo port default vlan                         
undo port link-type                  


#trunk port to access port 

undo port trunk allow-pass vlan all   
port trunk allow-pass vlan 1

3. Configure the IP address

The switch port is not a routing port, and the IP address can only be configured on the vlanif interface

#1. Create a VLAN first: 
vlan 100 
quit 

#2. Configure the management IP address of the VLAN interface: 
interface vlan 100 
ip address 192.168.100.254 255.255.255.0 
quit

Fourth, configure routing

As shown in the picture:

#1. Configure static routing: go to the route of 172.16.1.0 /24 network segment, and the next hop is 10.2.2.2 

ip route-static 172.16.1.0 255.255.255.0 10.2.2.2 

#2. Default route: when no specific network segment or address, take the default route (equivalent to the default gateway) 

ip route-static 0.0.0.0 0.0.0.0 10.1.1.2

5. Port Aggregation

As shown in the picture:

#SW1: 
#1. Create trunk port (number 0-63) 
int Eth-Trunk 1 #Create link trunk port 1  
 mode lacp-static #Configure LACP mode, configure first, and then add physical port   
 trunkport g0/0/1 # Add G0/0/1 port to trunk   
 port g0/0/2 #Add G0/0/2 port to trunk port   
 stp disable #If STP is not enabled, port STP can be turned off 
 port link-type trunk #Turn the trunk port It can be regarded as a common port configuration. 
 port trunk allow-pass vlan all     
 quit 

#2. Delete the aggregation port 
int Eth-Trunk 1 #Enter the aggregation port 1   
 undo trunkport g0/0/1 #Move the G0/0/1 port out of the aggregation port   
 undo trunkport g0/0/2 #Move the G0/0/2 port out of the aggregation port 
 quit               


#Delete the aggregation port, you must first remove all physical ports from the aggregation port to delete 
undo int Eth-Trunk 1 #Delete the aggregation port 1 

#SW2: 
#1. Create trunk port (number 0-63) 
int Eth-Trunk 1 #Create link trunk port 1  
 mode lacp-static #Configure LACP mode, configure first, and then add physical port   
 trunkport g0/0/1 # Add G0/0/1 port to trunk   
 port g0/0/2 #Add G0/0/2 port to trunk port   
 stp disable #If STP is not enabled, port STP can be disabled 
 port link-type trunk #Turn the trunk port It can be regarded as a common port configuration. 
 port trunk allow-pass vlan all     
 quit 

#2. Delete the aggregation port 
int Eth-Trunk 1 #Enter the aggregation port 1   
 undo trunkport g0/0/1 #Move the G0/0/1 port out of the aggregation port   
 undo trunkport g0/0/2 #Move the G0/0/2 port out of the aggregation port 
 quit               

#Delete the aggregation port, you must first remove all physical ports from the aggregation port to delete 
undo int Eth-Trunk 1 #Delete the aggregation port 1