华为交换机基本配置

一、配置时间

sys
ntp-service unicast-server 192.168.1.1
ntp-service unicast-server 192.168.1.2
clock timezone UTC add 8
clock timezone CST add 08:00:00
undo ntp-service disable
q

手动设置一个时间
clock datetime 13:43:00 2023-10-10

save
y


sys

保存！保存！保存！


更改NTP服务器
sys
undo ntp-service unicast-server 192.168.1.1
undo ntp-service unicast-server 192.168.1.2
ntp-service unicast-server 172.16.1.1
q
save
y

保存！保存！保存！

二、重命名

sysname hahaha

三、配置VLAN

vlan batch 100 200 300
vlan 100                                  
 description fuwuqi
vlan 200
 description jiankong
vlan 300
 description guanli

ip route-static 0.0.0.0 0 192.168.100.1
interface Vlanif 300

ip address 192.168.100.2 24

保存！保存！保存！

四、配置SNMP

snmp-agent
snmp-agent sys-info version v2c v3
snmp-agent community read  tuantizi mib-view View_ALL acl 2000
snmp-agent protocol source-status all-interface
snmp-agent mib-view included View_ALL iso

保存！保存！保存！

五、远程登录

dsa local-key-pair create


user-interface vty 0 4
authentication-mode aaa
protocol inbound all
quit

aaa
local-user admin password irreversible-cipher mimamimamima
local-user admin privilege level 15
local-user admin service-type ssh http telnet
quit

ssh user admin authentication-type password
stelnet server enable
ssh server-source all-interface
y
ssh user admin service-type all


quit
load-module weakea
install-module weakea.mod
system

undo ssh server hmac
undo ssh server cipher
undo ssh server publickey
undo ssh server key-exchange

ssh server port 10023
y
http server port 10024
y
telnet server port 10025
y
telnet server-source all-interface
y
http secure-server enable
y
http secure-server port 10026
y
http server-source all-interface
y

保存！保存！保存！

六、批量端口配置

TRUNK配置
port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/22
port link-type trunk
port trunk allow-pass vlan all
q

port-group group-member XGigabitEthernet 0/0/1 to XGigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan all
q

port-group group-member GigabitEthernet 0/0/9 to GigabitEthernet 0/0/12
port link-type trunk
port trunk allow-pass vlan all
q

ACCESS配置
port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/8
port link-type access
port default vlan 100
poe enable
q

保存！保存！保存！

七、ACL规则

ssh server acl 2000
telnet server acl 2000
http acl 2000
acl 2000
 rule permit source 192.168.100.0 0.0.0.255
 rule permit source 192.168.12.0 0.0.0.63
 rule permit source 192.168.6.33 0
 rule permit source 172.16.12.39 0
 rule permit source 172.16.12.101 0
 rule permit source 172.16.12.102 0
 rule permit source 172.16.12.103 0
 rule permit source 172.16.12.105 0
 rule permit source 172.16.12.63 0
 rule permit source 172.26.252.113 0
 rule 100 deny
q
q
save
y

保存！保存！保存！

八、手工链路聚合LACP

核心-链路聚合-手工模式LACP

interface Eth-Trunk 12
mode lacp
trunkport GigabitEthernet 0/0/12
trunkport GigabitEthernet 1/0/12
port link-type trunk
port trunk allow-pass vlan all

保存！保存！保存！


汇聚-链路聚合-手工模式LACP
interface Eth-Trunk 1
mode lacp
trunkport XGigabitEthernet 0/0/3 to 0/0/4
port link-type trunk
port trunk allow-pass vlan all

保存！保存！保存！