S5500 简单Vlan配置
华三S5500交换机配置
基于多个VLAN 在一个端口
[H3C]interface GigabitEthernet 1/0/2 进入第二个端口设置
[H3C-GigabitEthernet1/0/2]port link-type trunk 端口的链路类型的树干
[H3C-GigabitEthernet1/0/2]port trunk permit vlan all 如果使用单独的就不用增加这项
[H3C]pim
static-rp 192.168.100.1
undo 删除
[H3C]undo vlan 103 删除vlan 103
[H3C]interface GigabitEthernet 1/0/3 进入端口3
Please wait........................................... Done.
[H3C-GigabitEthernet1/0/2]quit 设置好了第二个端口的VLAN可以通过所有
[H3C-GigabitEthernet1/0/2]port trunk permit vlan 122 在此端口上增加VLAN组
[H3C-Vlan-interface104]ip address 192.168.69.1 255.255.255.0 设置IP
步骤三:将所要配置端口加入到VLAN组
[H3C] interface GigabitEthernet 1/0/1 设置第一个端口
[H3C-GigabitEthernet1/0/1]port access vlan 101 设置端口一为VLAN 101组
[H3C-GigabitEthernet1/0/3]undo port link-type 删除port link-type
H3C S5500-SI 03-组播VLAN配置
1-4
有关 port link-type、port hybrid pvid vlan 和 port hybrid vlan 命令的详细介绍,请参见“接入 分册”中的“VLAN 命令”。
目录
1 组播VLAN配置................................................................................................................................... 1-1 1.1 组播VLAN简介 .................................................................................................................................. 1-1 1.2 组播VLAN配置任务简介.................................................................................................................... 1-3 1.3 配置基于子VLAN的组播VLAN .......................................................................................................... 1-3 1.3.1 配置准备 ................................................................................................................................. 1-3 1.3.2 配置基于子VLAN的组播VLAN................................................................................................ 1-3 1.4 配置基于端口的组播VLAN ................................................................................................................ 1-4 1.4.1 配置准备 ................................................................................................................................. 1-4 1.4.2 配置用户端口属性................................................................................................................... 1-4 1.4.3 配置组播VLAN端口................................................................................................................. 1-5 1.5 组播VLAN显示和维护 ....................................................................................................................... 1-5 1.6 组播VLAN典型配置举例.................................................................................................................... 1-6 1.6.1 基于子VLAN的组播VLAN配置举例......................................................................................... 1-6 1.6.2 基于端口的组播VLAN配置举例 .............................................................................................. 1-9
S5500系列交换机基本QINQ功能的配置
S5500系列交换机基本QINQ功能的配置一组网需求:1、Provider1、Provider2均为H3C S5500-SI系列设备,用作运营商网络接入设备,Customer1、Customer2为用户网络接入设备;2、Customer1能够发出VLAN10的报文,要求Customer1和Customer2之间可以互通VLAN10的报文。
二组网图:三配置步骤:Provider1的配置1.创建vlan 1000并将入端口加入<Sysname> system-view[Sysname] vlan 1000[Sysname] port GigabitEthernet 1/0/12.开启以太网端口的QinQ功能[Sysname] interface GigabitEthernet 1/0/1[Sysname-GigabitEthernet1/0/1] qinq enable3.配置G1/0/2口允许vlan 1000的报文通过[Sysname] interface GigabitEthernet 1/0/3[Sysname-GigabitEthernet1/0/3] port link-type trunk[Sysname-GigabitEthernet1/0/3] port trunk permit vlan 1000Provider2的配置Provider2的配置与Provider1完全相同配置完成后,Customer1和Customer2同属于VLAN10,且ip地址在同一网段的主机可以相互ping通。
四配置关键点:1.如果与provider1(或者provider2)相连的设备为其他厂商的设备,请确定该设备以太网协议类型值是否为0x8100,如果不是请在provider1(或者provider2)全局视图下应用qinq ethernet-type命令进行配置,例如该设备以太网协议类型值9100,则配置qinq ethernet-type 9100。
H3C S5500 V2基本配置及配置命令
H3C S5500 V2 series基本配置之蔡仲巾千创作一、配置交换的web界面<h3c>sys(进入系统模式)[h3c]int vlan 1(进入虚接口VLAN 1)[h3c-int-vlan 1]undo ip address(清除原地址)[h3c-int-vlan 1]ip add 2.10.3.1 255.255.255.0(配置web界面ip地址)[h3c-int-vlan 1]quit(返回上一级)[h3c]ip http enable(启用web服务)[h3c]local-user admin(设置当地用户名、此处用户名admin)[h3c-admin]password simple admin(设置当地密码、此处密码admin)[h3c-admin]service-type telnet level 3(设置服务等级为3级)[h3c-admin]quit(返回上一级)[h3c]loal-user admin[h3c-admin]service-type terminal telnet http https(平安防护措施、认证方式)[h3c-admin]quit(返回上一级)注:以上配置完成后接入服务器用IE访问IP地址2.10.3.1访问二、交换机划分vlan<h3c>sys(进入系统模式)[h3c]vlan 2(划分vlan 2)[h3c-vlan 2]quit(返回上一级)[h3c]vlan 3(划分vlan 3)[h3c-vlan 3]quit(返回上一级)[h3c]vlan 2(进入vlan 2)[h3c-vlan 2]port g/0/1 to g1/0/12(对vlan 2进行端口划分-此处vlan 2划分到1-12端口)[h3c-vlan 2]quit(返回上一级)[h3c]vlan 3(进入vlan 3)[h3c-vlan 3]port g/0/13 to g1/0/24(对vlan 3进行端口划分-此处vlan3划分到13-24端口)注:以上配置是根据现场要求24口交换机划分两个vlan平分所有端口三、交换机VLAN IP 互通[h3c]int vlan 2[h3c-vlan-interface 2]ip add 192.168.2.1 255.255.255.0[h3c-vlan-interface 2]quit[h3c]int vlan 3[h3c-vlan-interface 3]ip add 192.168.3.1 255.255.255.0[h3c-vlan-interface 3]quit注:以上配置完成后能通过vlan 2 的端口与vlan 3 的端口互通。
H3C-S5500基本配置思路及实用命令
H3C S5500基本配置思路及实用命令1.总体配置思路:1)添加VLAN1,并将相应端口添加到该VLAN。
(在VLAN状态下才可一次将多个端口加入相应VLAN,interface e 1/0/1 to e 1/0/24)2)添加VLAN2,并将其置为管理VLAN(在#状态下management-vlan 2),才可设置其VLAN的IP地址。
3)添加静态路由。
4)配置端口TRUNK模式。
5)配置远程登录VTY认证。
6)配置本地用户。
2.进入特权模式System View<H3C> System ViewSystem View: return to User View with Ctrl+Z.[H3C]dis[H3C]display cur3.配置交换机主机名sysnamesysname H3C4.添加VLANvlan 1或在此状态下直接将相应端口加入该VLAN (否则只能一个口一个口的添加)Interface e 1/0/1 to e 1/0/245.配置管理VLAN-- management-vlanmanagement-vlan 26.给管理VLAN添加IP地址interface Vlan-interface1ip address 10.10.40.176 255.255.255.07.添加端口到VLAN:port access vlan 1interface GigabitEthernet1/0/2port access vlan 18.远程登录配置及3A认证模式user-interface vty 0 4authentication-mode scheme9.配置3A认证本地用户及属性local-user testpassword simple testpwdauthorization-attribute level 3service-type telnet可能的配置local-user testpassword simple testservice-type telnetlevel 310.将端口配置为Trunk口interface GigabitEthernet1/0/20port link-type trunkport trunk permit vlan all11.添加静态路由ip route-static 0.0.0.0 0.0.0.0 10.10.40.112.查看路由表display ip routing-table[H3C]display ip routing-tableRouting Tables: PublicDestinations : 7 Routes : 7Destination/Mask Proto Pre Cost NextHop Interface0.0.0.0/0 Static 60 0 10.10.40.1 Vlan210.10.40.0/24 Direct 0 0 10.10.40.180Vlan210.10.40.180/32 Direct 0 0 127.0.0.1 InLoop0127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0192.168.76.0/24 Direct 0 0 192.168.76.3Vlan76192.168.76.3/32 Direct 0 0 127.0.0.1 InLoop013.显示当前配置display current-configuration[H3C]display current-configuration14.查看端口及VLAN的up/down状态display brief interface[H3C]display brief interfaceThe brief information of interface(s) under route mode:Interface Link Protocol-link Protocol type Main IPNULL0 UP UP(spoofing) NULL --Vlan1 UP UP ETHERNET 192.168.76.3Vlan2 UP UP ETHERNET 10.10.40.180The brief information of interface(s) under bridge mode:Interface Link Speed Duplex Link-typePVIDGE1/0/1 UP 1G(a) full(a) access1GE1/0/2 DOWN auto auto access1GE1/0/3 DOWN auto auto access1GE1/0/9 DOWN auto auto access1GE1/0/10 DOWN auto auto access1display brief interface GigabitEthernet 1/0/1[H3C]display brief interface GigabitEthernet 1/0/1The brief information of interface(s) under bridge mode:Interface Link Speed Duplex Link-typePVIDGE1/0/1 UP 1G(a) full(a) access1display brief interface Vlan-interface 1[H3C]display brief interface Vlan-interface 1The brief information of interface(s) under route mode:Interface Link Protocol-link Protocol type Main IPVlan1 UP UP ETHERNET 192.168.76.315.查看MAC地址缓存表display mac-address[H3C]display mac-addressMAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)0000-e7a7-2374 1 Learned GigabitEthernet1/0/19 AGING0000-e8f1-6952 1 Learned GigabitEthernet1/0/19 AGING0001-6c41-9cee 1 Learned GigabitEthernet1/0/19 AGING000c-2919-0d6c 1 Learned GigabitEthernet1/0/19 AGING000c-2961-d8ea 1 Learned GigabitEthernet1/0/19 AGING16.查看某一端口的MAC地址缓存表display mac-address interface GigabitEthernet 1/0/1[H3C]display mac-address interface GigabitEthernet 1/0/1MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)0016-3642-e888 1 Learned GigabitEthernet1/0/1 AGING0016-eca2-d69d 1 Learned GigabitEthernet1/0/1 AGING001c-25d8-77b6 1 Learned GigabitEthernet1/0/1 AGING0024-1d6e-6fbe 1 Learned GigabitEthernet1/0/1 AGING17.查看ARP缓存表display arp[H3C]display arpType: S-Static D-DynamicIP Address MAC Address VLAN ID Interface Aging Type192.168.76.56 0016-eca2-d69d 1 GE1/0/1 20D192.168.76.131 0016-3642-e888 1 GE1/0/1 19D192.168.76.171 0024-1d6e-6fbe 1 GE1/0/1 13D10.10.40.1 0018-742d-4fc0 2 GE1/0/19 14D192.168.76.1 0018-742d-4fc0 1 GE1/0/19 10D18.Tftp备份配置1)查看配置文件名及所在文件夹-dir配置文件名可能为startup.cfg或config.cfg配置文件可能在flash:/或unit1>flash:/目录下<jyzx-px-zhongxin>dir flash:/Directory of flash:/0 -rw- 8221183 Aug 11 2010 16:27:52s5500tpsi-cmw520-r2202p11.bin1 -rw- 2365 Apr 26 2000 12:13:58 startup.cfg(配置文件名)31496 KB total (23460 KB free)<jyzx-bg-3-d>dirDirectory of unit1>flash:/1 -rw- 3146 Jan 01 2004 00:00:00 config.def2 (*) -rw- 3711222 Mar 25 2011 16:51:52s31si_e-cmw310-r2211p07.bin3 (*) -rw- 886025 Jan 01 2004 00:00:00h3c-http3.1.9-0019.web4 (*) -rw- 2834 Apr 03 2000 01:20:33 config.cfg(配置文件名)7239 KB total (2739 KB free)(*) -with main attribute (b) -with backup attribute(*b) -with both main and backup attribute<jyzx-bg-4-x>tftp 172.16.8.91 put unit1>flash:/config.cfg 10.10.40.185.txtFile will be transferred in binary mode.Sending file to remote tftp server. Please wait... |TFTP: 2979 bytes sent in 0 second(s).File uploaded successfully.<jyzx-bg-4-x>dirDirectory of unit1>flash:/1 -rw- 3146 Jan 01 2004 00:00:00 config.def2 (*) -rw- 3711222 Mar 25 2011 16:51:52 s31si_e-cmw310-r2211p07.bin3 (*) -rw- 886025 Jan 01 2004 00:00:00 h3c-http3.1.9-0019.web4 (*) -rw- 2979 Apr 02 2000 07:17:02 config.cfg7239 KB total (2739 KB free)(*) -with main attribute (b) -with backup attribute(*b) -with both main and backup attribute2)配置可以使用tftp的ACLacl number 2000rule permit source 172.16.8.91 0[jyzx-px-zhongxin]acl number 2000[jyzx-px-zhongxin-acl-basic-2000]rule permit source 172.16.8.91 ?0 Wildcard bits : 0.0.0.0 ( a host )X.X.X.X Wildcard of source[jyzx-px-zhongxin-acl-basic-2000]rule permit source 172.16.8.91 03)配置tftp服务器- tftp-server acl 2000tftp-server acl 2000[jyzx-px-zhongxin]tftp-server acl 2000The ACL number does not exist or contains no rule. Continue? [Y/N]:y(如果还没有配置ACL,则会有此提示)[jyzx-px-zhongxin]tftp client source ip 172.16.8.914)备份配置文件到tftp软件所在目录下(在用户视图下,即“>”状态下)tftp 172.16.8.91 put flash:/startup.cfg (无目标文件名则表示与源文件名同名)tftp 172.16.8.91 put flash:/startup.cfg startup.txt(将配置文件保存为txt文件)<jyzx-px-zhongxin>tftp 172.16.8.91 put flash:/startup.cfgFile will be transferred in binary modeSending file to remote TFTP server. Please wait... \TFTP: 2365 bytes sent in 0 second(s).File uploaded successfully.<jyzx-px-zhongxin>tftp 172.16.8.91 put flash:/startup.cfg 10.10.40.177.txtFile will be transferred in binary modeSending file to remote TFTP server. Please wait... \TFTP: 2365 bytes sent in 0 second(s).File uploaded successfully.5)小结过程在特权状态下配置ACL和Tftp-server信息acl number 2000rule permit source 172.16.8.91 0quittftp-server acl 2000save在用户视图下备份配置tftp 172.16.8.91 put flash:/startup.cfg 10.10.40.177.txt19.关闭实时信息- undo info-center enable[jyzx-bg-4-x]undo info-center enable% Information center is disabled20.问题1:无法用system-view命令进入特权模式原因:因为local-user中用户认证属性设置不对,level 3必须设置。
H3C S5500通过console线配置Web管理
H3C S5500-34C-HI通过console线配置Web管理(原著20160325)实现对H3C-S5500采用web界面管理,最近采购了一台H3C s5500交换机,其缺省配置方式为命令行方式,不习惯。
查看其配置手册标明支持Web方式登录,却找不到如何登录。
此H3C-S5500交换机缺省情况下只能通过Console口进行本地登录,H3C交换机s5500需要在命令行下进行适当配置才能实现Web登录,如果你不需要进行诸如远程web管理、ACL授权等复杂配置,而是本地pc直接接入s5500进入web界面管理,可以采用下面简单的配置方法:1、将pc的串口com1通过Console线与交换机console口连接。
打开超级终端新建连接:超级端口属性配置:打开交换机,交换机自检结束后提示用户键入回车,之后将出现命令行提示符<H3C>[H3C]ip http enable (启用WEB服务,默认可能已经启动)(退出超级终端)3、使用网线连接PC与交换机以太网口,PC机ip设为192.168.11.x,在IE浏览器以192.168.11.100登录交换机管理程序,在登录窗口输入用户名/口令:administrator/3tcloud,即可进入交换机S5500 的Web管理界面,在进入“管理“功能时将需要超级密码password。
附相关的命令说明:H3C S5500 查看VLNA相关命令:1、dis vlan 1 /显示那些接口属于VLAN 12、dis vlan /显示所有存在的vlan3、dis mac-vlan vlan 1 /显示所有Vlan 1 中电脑的mAC地址以及所在接口4、dis arp vlan 1 / 显示所有Vlan 1 中电脑的IP+MAC+端口5、dis local-user /显示所有存在的用户6、loca-user administrator /如果存在administrator,直接输入这样,就会进入该用户的设置。
H3C S5500-SI 02-组播VLAN命令
<Sysname> system-view [Sysname] multicast-vlan 100 [Sysname-mvlan-100] port gigabitethernet1/0/1 to gigabitethernet1/0/5
1.1.4 port multicast-vlan
【命令】 port multicast-vlan vlan-id undo port multicast-vlan
i
1 组播 VLAN 配置命令
1.1 组播 VLAN 配置命令
1.1.1 display multicast-vlan
【命令】 display multicast-vlan [ vlan-id ]
【视图】 任意视图
【缺省级别】 1:监控级
【参数】 vlan-id:查看指定组播 VLAN 的信息,取值范围为 1~4094。如果不指定该参数,将 ........................................................................................................................... 1-1 1.1 组播VLAN配置命令 ........................................................................................................................... 1-1 1.1.1 display multicast-vlan ............................................................................................................. 1-1 1.1.2 multicast-vlan.......................................................................................................................... 1-2 1.1.3 port (Multicast-VLAN view)..................................................................................................... 1-2 1.1.4 port multicast-vlan .................................................................................................................. 1-3 1.1.5 subvlan (Multicast-VLAN view)............................................................................................... 1-4
H3C S5500 V2基本配置及配置命令
H3C S5500 V2 series基本配置一、配置交换的web界面<h3c>sys(进入系统模式)[h3c]int vlan 1(进入虚接口VLAN 1)[h3c-int-vlan 1]undo ip address(清除原地址)[h3c-int-vlan 1]ip add 2.10.3.1 255.255.255.0(配置web界面ip地址)[h3c-int-vlan 1]quit(返回上一级)[h3c]ip http enable(启用web服务)[h3c]local-user admin(设置本地用户名、此处用户名admin)[h3c-admin]password simple admin(设置本地密码、此处密码admin)[h3c-admin]service-type telnet level 3(设置服务等级为3级)[h3c-admin]quit(返回上一级)[h3c]loal-user admin[h3c-admin]service-type terminal telnet http https(安全防护措施、认证方式)[h3c-admin]quit(返回上一级)注:以上配置完成后接入服务器用IE访问IP地址2.10.3.1访问二、交换机划分vlan<h3c>sys(进入系统模式)[h3c]vlan 2(划分vlan 2)[h3c-vlan 2]quit(返回上一级)[h3c]vlan 3(划分vlan 3)[h3c-vlan 3]quit(返回上一级)[h3c]vlan 2(进入vlan 2)[h3c-vlan 2]port g/0/1 to g1/0/12(对vlan 2进行端口划分-此处vlan 2划分到1-12端口)[h3c-vlan 2]quit(返回上一级)[h3c]vlan 3(进入vlan 3)[h3c-vlan 3]port g/0/13 to g1/0/24(对vlan 3进行端口划分-此处vlan3划分到13-24端口)注:以上配置是根据现场要求24口交换机划分两个vlan平分所有端口三、交换机VLAN IP 互通[h3c]int vlan 2[h3c-vlan-interface 2]ip add 192.168.2.1 255.255.255.0[h3c-vlan-interface 2]quit[h3c]int vlan 3[h3c-vlan-interface 3]ip add 192.168.3.1 255.255.255.0[h3c-vlan-interface 3]quit注:以上配置完成后能通过vlan 2 的端口与vlan 3 的端口互通。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
BRIDGE ,网桥,是一个网络设备或软件,用于两个或多个网络之间的互连,对帧进行转发。
与路由器的区别在于它工作于数据链路层。
进入系统视图
<h3c>sys
[h3c]
退出系统视图
[h3c]quit或Ctrl+Z
<h3c>
查看当前设置
[h3c]或<h3c>dis cur
创建Vlan,指定端口和IP地址:
[h3c]Vlan3
[h3c-vlan3] port GigabitEthernet 1/0/X
[h3c-vlan3]quit
[h3c]int vlan 3
[H3C-Vlan-interface3]ip add X.X.X.X X.X.X.X
为端口指定工作模式,并允许指定Vlan通过:恢复端口模式为缺省
undo port link-mode
[h3c]interface e1/0/1
[h3c-Ethernet1/0/1]port link-type trunk
[h3c-Ethernet1/0/1]port trunk permit vlan all
作互访策略
[H3C-]acl number 3000 创建策略名称
[H3C-acl-adv-3000]rule deny ip source 192.168.0.00.0.255.255 destination 192.168.0.0 0.0.255.255
禁止源ip地址192.168.0.00.0.255.255访问192.168.0.00.0.255.255。
此命令只对不同网段的ip进行访问,不会影响到同网段。
[H3C-acl-adv-3000]rule permit ip source 192.168.0.00.0.255.255 destination 172.168.0.0 0.0.255.255
允许源IP地址192.168.0.00.0.255.255访问172.168.0.0 0.0.255.255
应用到端口:应用到端口和Vlan的区别在于,通过策略端口下方的数据都受此策略
影响,应用Vlan只针对Vlan网段生效
[H3C-]int e 1/0/1
[H3C-]packet-filter 3000 inbound
应用到VLAN
[H3C-]Inter vlan 2
[H3C-]packet-filter 3000 inbound。