安奈特三层交换机安装和维护手册RevA_Pre
安奈特三层交换机配置手册
安奈特三层交换机配置手册AlliedWare Plus TM OSHow T o |IntroductionThis How T o Note introduces a number of commonly-used management features of the AlliedWare Plus TM operating system (OS), the next generation operating system for Allied T elesis, Inc’s high performance layer 3 managed switches.ContentsIntroduction (1)Contents (1)Related How T o Notes (2)Which products and software version does it apply to? (2)Important differences between the AlliedWare OS and the AlliedWare Plus OS (3)How to log in (4)How to get command help (5)How to work with command modes (9)How to see the current configuration (14)Default settings (15)The default configuration script (16)How to change the password (17)How to set a management IP address (17)How to save and boot from the current configuration (18)How to save to the default configuration file (18)How to create and use a new configuration file (18)How to return to the factory defaults (20)How to see systeminformation ....................................................................................................... .. 21Get Started With The AlliedWare Plus TM Operating System IntroductionHow to set system parameters (23)How to change the telnet session timeout (23)How to name the switch (23)How to display a text banner at login (24)How to set the time and date (25)How to show current settings (25)How to set the time and date (25)How to set the timezone (26)How to configure summer-time (26)How to add and remove users (28)Pre-encrypted passwords (29)How to undo settings (30)How to use the no parameter (30)How to use the default parameter (30)How to work with files (31)How to list files (31)How to display the contents of configuration and text files (33)How to navigate through the file system (34)How to copy files (36)How to use the editor (38)How to upgrade the firmware (39)Appendix: Commands available in each mode (40)User Exec mode (40)Privileged Exec mode (41)Global Configuration mode (42)Related How T o NotesY ou may also find the following AlliedWare Plus OS How T o Notes useful:z How To Configure Basic Switching Functionalityz How T o Configure EPSR (Ethernet Protection Switching Ring) to Protect a Ring from Loops Which products and software version does it apply to? This How T o Note applies to the following Allied T elesis switches, running AlliedWare Plus software version 5.2.1 or later:z SwitchBlade x908z x900 seriesImportant differences between the AlliedWare OS and the AlliedWare Plus OS Important differences between the AlliedWare OS and the AlliedWare Plus OSThe most noticeable differences between the AlliedWare Plus and AlliedWare OSes are:z The command mode hierarchy. With the AlliedWare Plus OS, you go into an appropriate mode before entering configuration or monitoring commands.For details of the modes, see "How to work with command modes"on page9.z The style of the commands. Because you go into a configuration mode, the AlliedWare Plus OS already knows that you are entering a configuration command.Therefore, you do not have to begin commands with keywords like create. This means that many commands are shorter.z How the switch identifies values in commands. The AlliedWare Plus OS either has parameter keywords immediately followed by a space and their value (for an example, see "How to add and remove users"on page28), or simply has a series ofspace-separated values (for an example, see "How to set the time and date"on page25). For manycommands, you must enter the values in the correct order. The ? help makes this easy by prompting you for values one at a time.z How to undo an action or remove a setting. Mostly you remove settings by re-entering the configuration command with the keyword no before it. See "How to undo settings"on page30.z The things the command line warns you about. In the AlliedWare Plus OS: z If you try to create an object (such as a user, trigger etc) and an object with that name already exists, the switch overwrites the original object. It does not warn you before doing so.The file copying commands are an example of an exception to this—the switch asks if you want to overwrite the file.z Y ou only get a message telling you that an operation failed, not if it succeeds. If the switch does not display an error message, you can assume the command wassuccessful.z Port numbering. In the AlliedWare Plus OS, switch ports are named port x.y.z (e.g.port1.0.1), where:z the first number (x) is the stack ID numberz the second number (y) is the module number (0 for base ports and higher numbers for XEMs)z the third number (z) is the port number.z Associating VLANs with switch ports. In the AlliedWare Plus OS, VLANs are configured as an attribute of switch ports. T o associate a VLAN with a port, you enter Interface Configuration mode for the port, not for the VLAN. For details and examples,see the following AlliedWare Plus How T o Note: How To Configure Basic SwitchingFunctionality.z Flash compaction. In the AlliedWare Plus OS, Flash compaction takes up to a minute.The command line is unresponsive during this time. Do not power cycle the switch during Flash compaction.How to log in How to log in1.Set the console baud rateSet the baud rate of your terminal emulator to 115200.For bootloader version 1.0.8 and earlier, this is the switch’s default value. Y ou can use a bootloader menu option to change it, but the first time you access the switch, you must use 115200.Note that in bootloader version 1.0.9, the default baud rate will change to 9600.2.Login with manager/friendLike in AlliedWare, the defaults are:username: managerpassword: friendThe switch logs you into User Exec mode. From User Exec mode, you can perform high-level diagnostics (some show commands, ping, traceroute etc), start sessions (T elnet, SSH), and change mode.How to get command helpThe following kinds of command help are available:zlists of valid parameters with brief descriptions (the ? key)z completion of keywords (the T ab key)z error messages for incomplete or incorrect syntaxT o get syntax help, type ? after:z the prompt, to list all commands available in themode you are inz one or more parameters, to list parameters thatcan come next in the partial commandzone or more letters of a parameter, to listmatching parameters Example T o see which commands are available in User Exec mode, enter “?” at the User Exec mode command prompt:awplus>?This results in the following output:X View a list of valid parameters Tip:The AlliedWare Plus OS only displays one screenful of text at a time, with the prompt “--More--” at the end of each screenful. Press the space bar to display the next screenful or the Q key to return to the command prompt.Exec commands:clear Reset functionsdisable Turn off privileged mode commandecho Echo a stringenable Turn on privileged mode commandexit End current mode and down to previous modehelp Description of the interactive help systemlogout Exit from the EXECmstat Show statistics after multiple multicast traceroutesmtrace Trace multicast path from source to destinationping Send echo messagesquit Exit current mode and down to previous moderemote-command Remote stack member command executionshow Show running system informationssh Open an SSH connectiontelnet Open a telnet connectionterminal Set terminal line parameters traceroute Trace route to destinationExample T o see which show commands that start with “i” are available in User Exec mode, enter “?”after show i:awplus>show i?This results in the following output:interface Interface informationip Internet Protocol (IP)ipv6 Internet Protocol version 6 (IPv6)Example T o use the ? help to work out the syntax for the clock timezone command (page26), enter the following sequence of commands:awplus(config)#clock ?summer-time Manage summer-timetimezone Set clock timezoneawplus(config)#clock timezone ?TIMEZONE Timezone name, up to 6 charactersawplus(config)#clock timezone NZST ?minus negative offset (West of Greenwich)plus positive offset (East of Greenwich)awplus(config)#clock timezone NZST plus ?OFFSET Time zone offset to UTC in HH or HH:MM formatawplus(config)#clock timezone NZST plus 12The above example demonstrates that the ? help only indicates what you can type next. Forcommands that have a series of parameters, like clock timezone, the ? help does not makethe number of parameters obvious.X Complete keywordsT o complete keywords, type T ab after part of the command.If only one keyword matches the partial command, the AlliedWare Plus OS fills in thatkeyword. If multiple keywords match, it lists them.Example T o use T ab completion to enter the command show ip dhcp server summary, enter the following commands. We have included “” to show where to type the T ab key—it is not displayed on screen.awplus>show ipas-path-access-list bgp community-listdhcp dhcp-relay domain-listdomain-name extcommunity-list filterforwarding igmp interfaceirdp mroute mvifname-server nat ospfpim protocols riproute rpfawplus>show ip ddhcp dhcp-relay domain-list domain-nameawplus>show ip dhcpbinding pool serverawplus>show ip dhcp server sstatistics summaryawplus>show ip dhcp server summaryX View command messagesThe switch displays the following generic error messages about command input:% Incomplete command—this message indicates that the command requires more parameters. Use the ? help to find outwhat other parameters are available.awplus(config)#interfaceinterface% Incomplete command.% Invalid input detected at '^' marker—this indicates that the switch could not process the command you entered. The switch also prints the command and marks the first invalid character by putting a '^' under it. Note that you may get this error if you enter a command in the wrong mode, as the following output shows.awplus#interface port1.0.1interface port1.0.1^% Invalid input detected at '^' marker.% Unrecognized command—when you try to use ? help and get this message, it indicates that the switch can not provide help on the command because it does not recognise it. This means the command does not exist, or that you have entered it in the wrong mode, as the following output shows.awplus#interface ?% Unrecognized commandThe AlliedWare Plus OS does not tell you when commands are successful. If it does not display an error message, you can assume the command was successful.How to work with command modesThe following figure shows the command mode hierarchy and the commands to use to move to lower-level modes.X User Exec modeUser Exec mode is the mode you log into on the switch.It lets you perform high-level diagnostics (show commands, ping, traceroute etc), start sessions (T elnet, SSH), and change mode.For a list of commands available in this mode, see "User Exec mode"on page40.The default User Exec mode prompt is awplus>.T o change from User Exec to Privileged Exec mode, enter thecommand:awplus>enable Privileged Exec mode is the main mode for monitoring—forexample, running show commands and debugging. FromPrivileged Exec mode, you can do all the commands from User Exec mode plus many systemcommands.For a list of commands available in this mode, see "Privileged Exec mode"on page 41.The default Privileged Exec mode prompt is awplus#.T o change from Privileged Exec to Global Configuration mode,enter the command:awplus>configure terminal From Global Configuration mode, you can configure mostaspects of the switch.For a list of commands available in this mode, see "Global Configuration mode"on page 42.The default Global Configuration mode prompt is awplus(config)#.X Privileged Exec modeX Global Configuration mode Tip:en is a short-cut forenable Tip:conf t is a short-cut forconfigure terminalA number of features are configured by entering a lower-level mode from GlobalConfiguration mode. The following table lists these features.Some protocols have commands in both Global Configuration mode and lower-levelconfiguration modes. For example, to configure MSTP , you use:zGlobal Configuration mode to select MSTP as the spanning tree mode zMST mode to create instances and specify other MSTP settings z Interface Configuration mode to associate the instances with the appropriate ports.X Lower-level configuration modesModeWhat it configures Command Default prompt InterfaceSwitch ports, VLANs, the management Eth port.interface name awplus(config-if)#Class map QoS classes, which isolate and name specifictraffic flows (classes) from all other traffic.(first enable QoS globally with mls qos enable)class-map name awplus(config-cmap)#EPSR Ethernet Protection Switching Ring, a loopprotection mechanism with extremely fastconvergence times.epsr configuration awplus(config-epsr)#Line Console port settings or virtual terminalsettings for telnet.line console 0line vty number awplus(config-line)#Ping poll Ping polling, which checks whether specifieddevices are reachable or not.ping-poll number awplus(config-ping-poll)#Policy map QoS policies, a collection of user-defined QoS classes and the default class.(first enable QoS globally with mls qos enable)policy-map nameawplus(config-pmap)#Policy map classThe QoS actions to take on a class-map, andwhich class-maps to associate with a QoSpolicy.This mode is a sub-mode of Policy map mode.(in Policy map mode)class name awplus(config-pmap-c)#Route map Route maps, which select routes to include or exclude from the switch’s routing table and/or route advertisements.route-map name deny|permit entry-numberawplus(config-route-map)#Router Routing using BGP , IP , IPv6, OSPF , RIP , or VRRP .router protocolother-parametersawplus(config-router)#MST Multiple Spanning T ree Protocol.spanning-tree mst configuration awplus(config-mst)#T rigger T riggers, which run configuration scripts inresponse to events.trigger number awplus(config-trigger)#VLAN databaseVLANs.vlan database awplus(config-vlan)#X Returning to higher-level modesThe following figure shows the commands to use to move from a lower-level mode to ahigher-level mode.Examples T o go from Interface Configuration to Global Configuration mode:awplus(config-if)#exitawplus(config)#T o go from Interface Configuration to Privileged Exec:awplus(config-if)#endawplus#T o go from Privileged Exec to User Exec:awplus#disableawplus>X Entering Privileged Exec commands when in a configuration modeWhen you are configuring the switch, you are likely to want to enter show commands toconfirm the configuration. This can mean you change often between configuration modes andPrivileged Exec mode.However, you can run Privileged Exec commands without changing mode, by using thecommand:doHowever, you cannot use the ? help to find out command syntax when using the docommand.Example T o display information about the IP interfaces when in Global Configuration mode, enter the command:awplus(config)#do show ip int briefThis results in the following output:Interface IP-Address Status Protocoleth0 172.28.8.200 admin up runningvlan1 unassigned admin up running...How to see the current configurationHow to see the current configurationThe current configuration is called the running-config. T o see it,enter the following command in either Privileged Exec mode or any configuration mode:awplus#show running-config T o see only part of the current configuration, enter thecommand:awplus#show running-config |includeThis displays only the lines that contain word .T o start the display at a particular place, enter the command: awplus#show running-config |beginThis searches the running-config for the first instance of word and begins the display with thatline.Tip:show running-config works in all modesexcept User Exec mode.Default settingsWhen the switch first starts up with the AlliedWare Plus OS, it applies default settings and copies these defaults dynamically into its running-config.These default settings mean that the AlliedWare Plus OS:z encrypts passwords, such as user passwordsz records log message priority in log messagesz turns on jumbo frame support for all portsz turns on the telnet server so that you can telnet to the switchz enables the switch to look up domain names (but for domain name lookups to work, you have to configure a DNS server)z turns off L3 multicast packet switching in the swi tch’s hardware. This prevents L3 multicasts from flooding the switch’s CPU in its default state as an L2 switchz sets the maximum number of ECMP routes to 8z turns on RSTP on all ports. Note that the ports are not set to be edge portsz sets all the switch ports to access mode. This means they are untagged ports, suitable for connecting to hostsz creates VLAN 1 and adds all the switch ports to itz allows logins on the serial console portz allows logins on VTY sessions (for telnet etc)z has switching enabled, so layer 2 traffic is forwarded appropriately without further configurationz allocates all the routing table memory space to IPv4 routes (instead of IPv6 routes)z has ports set to autonegotiate their speed and duplex modez has copper ports set to auto MDI/MDI-X modez has all switch ports attached to VLAN 1The default configuration scriptMost of the above default settings are in the form of commands, which the switch copies toits running-config when it first boots up.The switch stores a copy of the default configuration commands in the file default.cfg anduses that file as its default start-up file.For more information about start-up files, see "How to save and boot from the currentconfiguration"on page18.The following figure shows the contents of the default file.Contents of default file Description!An empty comment line (comments begin with an !). service password-encryption!Forces passwords in the script to be encrypted.log record-priority Records log message priority.username manager privilege 15 password 8$1$bJoVec4D$JwOJGPr7YqoExA0GVasdE0Specifies the password for the manager userservice telnet!T urns on the telnet server.ip domain-lookup!Allows domain name lookups.no ip multicast-routing !T urns off L3 multicast packet switching in the switch hardware.maximum-paths 8Sets maximum number of ECMP routes. spanning-tree mode rstp!T urns on RSTP.interface eth0 !A heading for any configuration settings for the management eth0 port. There are no eth0 settings.interface port1.0.1-1.0.24switchportswitchport mode access!Sets each switch port to access mode.interface vlan1!Creates VLAN 1.line con 0 A heading for any configuration settings for the console port.There are no console port settings.line vty 0 32 !end A heading for any configuration settings for VTY sessions. There are no VTY session settings.How to change the password How to change the password T o change the password for the manager account, enter Global Configuration mode and enter the following command:awplus(config)#username manager passwordThe password can contain any printable character and is case sensitive.How to set a management IP addressThis section describes how to set an IP address on the eth0 management port.1.If desired, check the current configurationAfter logging in, enter Privileged Exec mode by using the command:awplus>enableThen check the current configuration by using one of the following commands:awplus#show ip interface eth0 briefThis results in the following output:Interface IP-Address Status Protocoleth0 172.28.8.200 admin up runningawplus#show running-config interface eth0This results in the following output:!interface eth0ip address 172.28.8.200/16!2.Enter Interface Configuration mode for the eth0 interfaceEnter Global Configuration mode and enter the command: awplus(config)#interface eth03.Enter the IP address and maskEnter the command:awplus(config-if)#ip addressFor example, to set the address to 172.28.8.210/16, enter the command:awplus(config-if)#ip address 172.28.8.210/16How to save and boot from the currentconfigurationThis section tells you how to save your configuration and run the saved configuration whenthe switch starts up.Y ou can either:z save the configuration to the switch’s default configuration file (called “default.cfg”). Bydefault, the switch uses that file at start-up.zcreate a new configuration file and set the switch to use the new configuration file atstart-up.How to save to the default configuration fileEnter Privileged Exec mode and enter the command:awplus#copy running-config startup-configThe parameter startup-config is a short-cut for the current boot configuration file, whichwill be the default configuration file unless you have changed it, as described in the nextsection.How to create and use a new configuration fileEnter Privileged Exec mode and enter the command:awplus#copy running-config .cfgExample T o save the current configuration in a file called example.cfg, enter the commandawplus#copy running-config example.cfgT o run the new file’s configuration when the switch starts up, enter Global Configurationmode and enter the command:awplus(config)#boot config-file .cfgExample T o run the commands in example.cfg on startup, enter the command awplus(config)#boot config-file example.cfg1.Copy the current configuration to a new file2.Set the switch to use the new file at startup3.Display the new settingsT o see the files that the switch uses at startup, enter Privileged Exec mode and enter the command:awplus#show bootThe output looks like this:Boot configuration--------------------------------------------------------------------Current software : r1-5.2.1.relCurrent boot image : flash:/r1-5.2.1.relBackup boot image : Not setDefault boot config: flash:/.configs/default.cfgCurrent boot config: flash:/example.cfg (file exists)4.Continue updating the file when you change the configurationWhen you next want to save the current configuration, enter Privileged Exec mode and enter the command:awplus#copy running-config startup-configThe parameter startup-config is a short-cut for the current boot configuration file.。
三层交换机的连接和配置
01
命令行接口是三层交换机最常 用的配置方式,通过CLI可以执 行各种配置命令,对交换机进 行全面配置。
ห้องสมุดไป่ตู้
02
CLI的命令结构通常由命令关键 字、参数和选项组成,用户需 要根据需求输入相应的命令。
03
常用的CLI命令包括查看配置、 修改配置、保存配置等,用户 需要熟练掌握这些命令的使用 方法。
配置文件
三层交换机的连接和 配置
目录
• 三层交换机概述 • 三层交换机的连接方式 • 三层交换机的配置基础 • 三层交换机的VLAN配置 • 三层交换机的IP配置 • 三层交换机的路由配置 • 三层交换机的安全配置
01
三层交换机概述
什么是三层交换机
定义
三层交换机是一种具备数据链路层和 网络层功能的交换机,能够实现路由 和交换两种功能。
详细描述
配置端口安全后,交换机将只允许与已绑定MAC地址 和IP地址的设备通信,从而防止非法设备接入网络。
IP源保护的配置
总结词
IP源保护是一种防止IP欺骗的安全机制,通过验证数据 包的源IP地址是否合法来确保通信安全。
详细描述
配置IP源保护后,交换机将检查数据包的源IP地址是否 与目的IP地址匹配,如果不匹配则丢弃该数据包,以防 止IP欺骗攻击。
详细描述
在配置三层交换机的IP地址时,需要选择一个未被使用的IP地址,并确保该IP地址在该网络中是唯一 的。IP地址的分配应考虑到网络的规划和管理需求。
子网掩码的配置
总结词
子网掩码用于划分IP地址的网络部分和主 机部分,帮助确定设备所属的子网。
VS
详细描述
子网掩码是一个32位的值,用于标识IP地 址的网络部分和主机部分。通过将IP地址 与子网掩码进行按位与运算,可以确定设 备所属的子网。子网掩码的配置应与网络 规划保持一致。
三层交换机的配置与管理教程
• Switch(config-if)# switchport access vlan 2 VLAN2
\\指定该端口属于
• Switch(config-if)#interface f0/8 接口配置子模式
\\进入交换机f0/8
• Switch(config-if)#switchport mode access \\将交换机端口工作 模式指定为接入模式
• Switch(vlan)#exit
\\返回到上一级模式
• Switch#config terminal
\\进入到全局配置模式
• Switch(config)#interface f0/6 口配置子模式
\\进入交换机f0/6接
• Switch(config-if)#switchport mode access \\将交换机端口工作 模式指定为接入模式
基于路由器物理端口的 VLAN互连
路由器
交换机 1 VLAN 1 VLAN 2
交换机 2 VLAN 3
VLAN间通信方法
VLAN间通信通过三层路由来通讯
172.10.0.0/16
VLAN10
172.20.0.0/16
VLAN20
VLAN30
172.30.0.0/16
基于路由器虚拟端口的VLAN互连
• Switch(config-if)# switchport access vlan 2 VLAN2
\\指定该端口属于
隔离的广播域
VLAN10 VLAN30
172.16.20.4
VLAN20
VLAN间通信的方法
172.10.0.0
VLAN10
172.20.0.0
VLAN20
浅谈三层交换机在信号源系统的使用和维护技巧
视听 • SHI TING 2019年 第 5 期131技术维护一、引言第三层交换是在网络交换机中引入路由模块而取代传统路由器实现交换与路由相结合的网络技术。
它根据实际应用时的情况,灵活地在网络第二层或者第三层进行网络分段。
具有三层交换功能的设备是一个带有第三层路由功能的第二层交换机。
如图1所示,三层交换机目前在我区的地面数字电视信源系统中广泛使用,每个台站都需要用交换机转发节目源。
随着乡镇级台站建设的不断扩大及远程监控系统升级改造的实施,三层交换机使用会越加频繁。
二、三层交换机的使用和维护技巧(一)三层交换机容易被忽略的配置命令1.快速将接口配置恢复到缺省值在维护过程中发现交换机有些接口已经配置参数,一般可以用undo 命令逐条删除或者reset 保存,但是这两种方法都比较花费时间。
为了更快捷可以直接进入接口使用default 恢复该接口的出厂设置,然后再进行配置。
2.检查光纤链路是否故障如图3所示,可以使用dis transceiver 命令查看接口光模块的信息波长是否匹配,传输距离是否正常。
如图4所示,可以查看光模块diagnosis 信息确认是否光功率处于光模块的临界值。
通过查看光模块alarm 信息来排查两者光模块以及中间光纤问题。
3.配置端口安全端口安全的主要功能是通过定义各种端口安全模式,让设备学习到合法的源MAC 地址,以达到相应的网络管理效果。
启动了端口安全功能之后,当发现非法报文时,系统将触发相应特性,并按照预先指定的方式进浅谈三层交换机在信号源系统的使用和维护技巧庞怀钊 周国荣 巫睿 郑标(广西广播电视技术中心崇左分中心)摘要:三层交换机作为我区地面数字电视信号源系统的重要组成部分,在其中发挥了十分重要的作用,本文针对三层交换机在我区使用过程中出现的问题,提出几点有效的措施和建议供大家参考。
关键词:三层交换机;VLC ;信号源系统;配置命令图4 查看接口光功率等信息图1 广西无线覆盖工程IP信号源传输链路图2 default命令使用图3 查看接口光模块信息132视听 •SHI TING 2019年 第 5 期技术维护行处理,既方便用户的管理又提高了系统的安全性。
交换设备配置与维护的培训手册
交换设备配置与维护的培训手册
1. 简介
本培训手册旨在帮助员工学习并掌握交换设备的配置与维护知识。
通过本手册的学习,您将能够独立完成交换设备的配置和日常维护工作。
2. 目标
本培训手册的目标是使您能够:
- 了解交换设备的基本原理和功能;
- 学会进行交换设备的基本配置;
- 掌握交换设备的日常维护方法。
3. 培训内容
3.1 交换设备基础知识
在本部分中,您将学习以下内容:
- 交换设备的定义和作用;
- 交换设备的基本组成部分;
- 交换设备的工作原理。
3.2 交换设备的配置
在本部分中,您将学习以下内容:
- 连接交换设备的基本步骤;
- 交换设备的基本配置命令;
- VLAN(虚拟局域网)的配置方法;
- STP(生成树协议)的配置方法。
3.3 交换设备的维护
在本部分中,您将学习以下内容:
- 交换设备的日常巡检方法;
- 交换设备故障的基本排除方法;
- 交换设备固件升级的步骤。
4. 培训建议
为了更好地完成培训,我们建议您:
- 在学习过程中充分利用本手册提供的示例和实践任务;
- 遇到问题时,可以参考设备厂商提供的官方文档或技术支持;- 培训结束后,通过模拟实验或实际操作来巩固所学知识。
5. 结束语
通过本培训手册,您将掌握交换设备的配置与维护技能,能够独立进行交换设备的配置,日常维护和故障排除工作。
希望您能够通过本培训达到预期目标,并在实际工作中不断提升自己的技能。
以上是《交换设备配置与维护的培训手册》的内容,祝您学习顺利!。
三层交换机基本配置
详细描述
三层交换机的主要功能包括路由,即根据IP地址或网络 层协议(如IPX或AppleTalk)将数据包从一个网络接口 转发到另一个网络接口。此外,它还可以实现访问控制 列表(ACL),这是一种安全功能,用于过滤和限制对 网络资源的访问。另外,三层交换机还可以在不同的 VLAN(虚拟局域网)之间进行路由,这对于大型企业 网络尤其重要,因为它们通常需要将不同的部门或用户 组划分为不同的VLAN。
详细描述
通过配置流量控制,可以限制网络中 数据包的流量,防止网络拥堵和数据 丢失。常见的流量控制技术包括基于 端口的流量控制和基于IP的流量控制。
端口汇聚配置
总结词
实现端口汇聚,提高网络带宽和可靠性
详细描述
端口汇聚可以将多个物理端口绑定为一个逻辑端口,从而提高网络带宽和可靠性。通过配置端口汇聚 ,可以实现负载均衡、备份和故障恢复等功能。
2. 创建ACL规则,指定允许或拒绝的IP地址和端口号。
详细描述:通过定义访问控制规则,ACL可以限制网络 流量,只允许符合规则的数据包通过交换机,从而保护 网络免受恶意攻击和非法访问。 1. 进入交换机的配置模式。
3. 将ACL应用到相应的接口上,以过滤进出的网络流量 。
IP源防护(IP Source Guard)配置
总结词:IP Source Guard用于防止IP地址欺骗攻击, 确保网络的安全性。
配置步骤
详细描述:IP Source Guard可以防止非法用户通过伪 造IP地址来攻击网络,通过绑定IP地址和MAC地址, 确保只有合法的用户能够通过交换机访问网络。
1. 进入交换机的配置模式。
2. 启用IP Source Guard功能。
动态路由配置(RIP)
总结词
三层交换机用户手册
三层交换机的连接和配置
课堂小结
例:
vlan 2 //建立编号为2的VLAN,并进入VLAN配置模式
port 0/0 untagged //加入接口0
exit
ห้องสมุดไป่ตู้
port 0/0 //进入设置接口模式
pvid 2 //设置接口0/0默认VLAN为VLAN2
exit
interface sw2 //进入sw2的接口配置模式
ip address 10.0.0.1 255.0.0.0 //配置VLAN网关地址
9.2三层交换机的连接和配置
三层交换机的接口
三层交换机的外观与普通交换机相似,有多种接口。 常用的接口有以下两种: ·以太网接口——一般为R45J接口,用双绞线与以太 网连接。一般有24个接口,通常标记为 “ETHERNET0/0”、“ETHERNET0/1”、…… “ETHERNET0/23”。 ·配置端口——又称为Console接口或控制台接口。大 多数三层交换机的Console接口同样为RJ45,少数使用 串口、IEEE1394接口。
VLAN接口配置命令需在全局配置模式下使用。 ①配置VLAN接口
interface VLAN接口(如sw0;sw1;sw3……) ②配置IP地址和子网掩码
ip address IP地址 子网掩码 例如: ③VLAN接口分配到VLAN。VLAN接口必须关联一个VLAN,此 VLAN必须提前配置好。 vlan-id 虚拟局域网号 vlan-id 1
port——向虚拟局域网中添加接口。
例:①vlan 2
建立编号为2的vlan,并进入vlan配置模式
②port 0/1 untagged 加入端口1
③exit
退出当前VLAN模式,返回上一级模式
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
安奈特三层交换机安装和维护手册Rev A安奈特(中国)网络有限公司目录前言 (2)第1章三层交换机的硬件概要和安装指南 (5)1.1 AT-SB4000系列 (5)1.2 AT-x900-24X系列 (12)1.3 AT-9924Ts (17)1.4 AT-9924系列 (21)1.5 AT-8600系列 (24)第2章三层交换机的操作维护基础 (27)2.1 三层交换机的端口编号规则 (27)2.2 如何登录到交换机的管理界面 (29)2.3 安奈特三层交换机的命令结构和语法 (32)2.4 为交换机设置管理IP地址 (33)2.5 交换机的用户管理 (33)2.6 为交换机进行软件版本或补丁升级 (34)2.7 保存和设置配置文件 (37)2.8 交换机的一些基本察看命令 (38)第3章三层交换机的典型配置指南 (39)3.1 为交换机设置名称 (39)3.2 VLAN配置 (39)3.3 端口捆绑(Port Trunking) (40)3.4 启用或禁用交换机的三层功能 (42)3.5 配置静态路由 (42)3.6 VRRP配置 (43)3.7 STP(生成树)的配置 (43)3.8 NTP(网络时间协议)配置 (45)3.9 端口镜像(Port Mirroring) (46)3.10配置SNMP (48)3.11 Syslog配置指南 (49)第4章三层交换机的日常设备维护和检查指南 (50)4.1 三层交换机的硬件维护和检查 (50)4.2 三层交换机的指示灯状态检查 (51)4.3 查看系统基本信息和运行时间 (54)4.4 查看当前的软件版本 (55)4.5 查看CPU的占用率 (56)4.6 查看系统的运行环境 (56)4.7 查看VRRP状态 (58)第5章三层交换机的故障排查指南 (60)5.1 使用“show debug”命令收集信息 (60)5.2 使用syslog服务器全面收集系统log信息 (61)5.3 采用替换法快速定位硬件故障 (61)5.4 不能登录到交换机管理界面 (61)5.5 交换机系统LED状态异常 (62)5.6 交换机个别电口状态异常(自协商问题) (62)5.7 整个网络陷入瘫痪(广播风暴) (63)5.8 CPU使用率过高 (64)5.9 启用VRRP的网络部分主机通信中断 (65)5.10 某主机终端无法和交换机通讯 (65)第6章三层交换机故障排查实例 (66)6.1 (66)6.2 (66)6.3 (66)6.4 (66)前言本手册涵盖了安奈特所有运行AlliedWare TM2.x或3.x操作系统的三层交换机设备,主要包括如下系列和型号:注意:本手册为简明手册,尽量以简洁的方式提供快速指南,如果需要了解更为详细的信息,请到下列网站下载最详尽的手册(英文版),或者联络安奈特或其合作伙伴的技术人员以获得帮助。
/support/software/default.aspx第1章三层交换机的硬件概要和安装指南本章节主要介绍了部分安奈特三层交换机的硬件概要和简要的安装指南,由于篇幅关系,不能具体涵盖到每一个产品,合作伙伴和用户的工程师可通过如下链接访问到最新的英文版硬件手册:/support/software/default.aspx1.1 AT-SB4000系列SwitchBlade 4000系列模块化多层以太网交换机分为AT-SB4008和AT-SB4004两款,分别具有10个插槽和6个插槽,可提供百兆、千兆、万兆、电口、多模光纤、单模光纤等各种端口。
AT-SB4008和AT-SB4004的机箱尺寸、槽位数和交换能力均不相同,所支持端口的数量正好相差一倍,但它们的功能完全相同,而且它们的各种模块也均可通用。
二者参数的简单比较如下,可根据需要选择不同的型号。
1.1.1 AT-SB4000系列硬件概要一个完整的AT-SB4004由图中所示的部件组成:一个完整的AT-SB4008由图中所示的部件组成:接口板卡 1~4电源模块AT-SB4162, 最少1个,最多3个机箱AT-SB4108插 槽 1 插 槽 2 插 槽 3 插 槽 4 插 槽 A 插 槽 B 插 槽 5 插 槽 6 插 槽 7 插 槽 8接口板卡5~8第一个交换引擎(必配) 第二个交换引擎(可选)图1.1.3接口板卡,最少1个,最多4个 第一个交换引擎(必配) 第二个交换引擎(选配) 或者带宽扩展板AT-SB4215 电源模块AT-SB4162, 最少1个,最多2个机箱AT-SB4104插槽1 插槽2 插槽3 插槽4 插槽A 插槽B 电源开关图1.1.2在安装设备前,请确认你需要安装的部件。
安装一个完整的AT-SB4000交换机可能会涉及如下部件,具体情况会随项目不同而不同。
为了保证设备的完好,我们建议不要把各种模块安装于机箱内进行运输,所有机箱和模块应该保持各自完整的包装,等到达安装现场后再拆开各自包装,进行安装,这样可以最大限度减少运输可能带来的风险和损失。
例如,如果把所有模块都安装于机箱内再放入包装进行运输,则由于较大的重量,可能会增加运输途中坠落的风险。
同时,一旦发生此情况,不仅可能损坏机箱,也有可能对机箱内安装的模块造成损伤。
1.1.2 AT-SB4000系列的机箱安装一个完整的AT-SB4000机箱的包装内会包含如下配件(安奈特工厂有可能会未经通知,在不影响设备的安装和使用的前提下改变包装的配件种类或数量):⏹一个机箱(AT-SB4104或AT-SB4108)⏹一个风扇模块和风扇模块挡板(已安装于机箱内)⏹交换引擎和接口模块空挡板(AT-SB4104:4个,AT-SB4108:8个)⏹电源模块空挡板(AT-SB4104:1个,AT-SB4108:2个)⏹两个机架安装支架(已安装于机箱上)⏹两个RS232电缆,用于连接AT-SB4211交换引擎的RS232管理接口⏹两个百兆以太网电缆,用于连接AT-SB4211交换引擎的RJ45以太网管理接口⏹一个机架横杆(安装于机架,用于支撑机箱)⏹一个交流供电电缆(仅交流供电机箱)首先,请将机架横杆安装于机架上(如果机架上没有安装其他支撑部件的话),如右图所示。
然后,将机箱稳妥放置于机架上,安装并旋紧用于固定机箱的螺丝。
图1.1.41.1.3 AT-SB4000系列的电源模块的安装1、正确选择电源模块插槽AT-SB4104机箱具有2个电源模块插槽,一个电源模块AT-SB4162即可负担整个机箱所有模块的供电,该电源模块可安装于任何一个插槽。
当安装两个电源模块时,机箱可工作于1+1冗余供电模式。
AT-SB4108机箱具有3个电源模块插槽,根据接口模块的种类和数量的不同,可能需要一个或两个电源模块负担整个机箱所有模块的供电(详见《安奈特产品售前配置手册-三层交换机》),如果额外提供一个电源模块,机箱可工作于1+1或2+1冗余供电模式。
需要注意的是,第一个电源模块需安装于最左侧的插槽,第二个电源模块需安装于中间的插槽,即,按照从左至右的顺序安装电源模块。
源模块故障或被拔出,均不会对交换机的工作造成任何影响。
2、安装电源模块必要时,需要首先卸下机箱上电源模块插槽挡板。
如图所示,将电源模块小心地滑入插槽,并用力推进,最后旋紧螺丝。
3、接续电源线交流供电的情形:将随电源模块一同提供的交流电源线接续在机箱背部的电源接口上,并锁紧卡头。
每个电源模块都应接续好电源线。
如果电源已接通并正确接好,即使不打开机箱背部的电源开关,电源模块正面的“POWER PRESENT”指示灯也会点亮。
直流供电的情形:AT-SB4000系列的标准包装内不包含直流供电的电源线,请按如下标准准备直流电源线:1、每一个电源模块都需要一组三芯的电源线。
2、电源线的建议规格:AT-SB4108-80使用线径8.4mm2(8AWG)的电源线,AT-SB4104-80使用线径3.3mm2(12AWG)的电源线。
连接直流电源线时,请注意不要搞错正极、负极和地线。
1.1.4 AT-SB4000系列的交换引擎模块和带宽扩展模块的安装1、安装DIMM内存条通常情况下,用于交换引擎模块AT-SB4211A的DIMM内存板是单独放在小包装内,需要你手工安装到AT-SB4211A。
安装时请注意采取防静电措施。
如右图所示,请将两块内存板以大约30度角斜着插入到DIMM槽内,并确认固定闩妥善锁紧。
2、取下交换引擎和带宽扩展模块槽位的空挡板(Slot A和Slot B)将固定空挡板的两个螺丝旋松,然后取出空挡板。
如果只需要安装一个AT-SB4211交换引擎,不需要安装第二个交换引擎模块AT-SB4211A或带宽扩展模块AT-SB4215,则只需要空出Slot A即可,无需卸下Slot B的空挡板。
3、安装交换引擎和带宽扩展模块安装模块前,请确认交换引擎(或带宽扩展模块)的金属背板的方向正确。
如果是AT-SB4108机箱,则模块的金属背板朝左(面对机箱);如果AT-SB4104机箱,则模块的金属背板朝下。
如下面左图所示。
将模块小心对准导轨,徐徐推入到槽位内。
同时将模块的锁定杆置于“unlock”的位置(如下面右图所示),然后将模块推到尽头,这时锁定杆会自动嵌入到正确位置,可以两手同时推动锁定杆使其置于锁定(lock)位置,此时模块应该与机箱背板紧密连接。
最后将模块的上下两个螺丝旋紧。
1.1.5 安装接口模块除了不需要安装DIMM内存条,安装接口模块的步骤与安装交换引擎的步骤完全一样。
接口模块需安装于Slot 1、Slot 2、......等标识数字的槽位内(请参考图1.1和图1.2)。
原则上,接口模块可以安装在任何一个这种槽位内,但是,很多网络会在事先有一个总体设计方案,可能已经规定了每一个模块的具体安装槽位,关于此事,请事先咨询您的网络设计人员。
1.1.6 加电将机箱背部的电源开关拨到“ON”位置。
如果机箱接受到正常供电,则应有下列现象:1、电源模块正面的“POWER PRESENT”和“FAN GOOD”指示灯点亮2、可以听到电源模块风扇和机箱风扇转动的声音。
3、交换引擎AT-SB4211A上的“POWER”指示灯点亮。
如果没有观察到上述现象,则可能是交换机存在硬件故障,请参照第四章“三层交换机的故障排查指南”。
1.2 AT-x900-24X 系列安奈特的IPv4/IPv6多层交换机x900-24X 系列是面向各种园区网络以及电信运营商的路由交换产品,机身仅1U 高,却具备24个千兆口以及两个高速的30Gbps 扩展插槽。
AT-x900-24X 系列目前有两个系列产品,如下表所示:1.2.1 AT-x900-24X 系列硬件概要AT-x900-24XT 和AT-x900-24XS 的硬件架构如下图所示。