關(guān)于華為二層交換機(jī)集群管理配置規(guī)范及說明_第1頁
關(guān)于華為二層交換機(jī)集群管理配置規(guī)范及說明_第2頁
關(guān)于華為二層交換機(jī)集群管理配置規(guī)范及說明_第3頁
關(guān)于華為二層交換機(jī)集群管理配置規(guī)范及說明_第4頁
關(guān)于華為二層交換機(jī)集群管理配置規(guī)范及說明_第5頁
已閱讀5頁,還剩13頁未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡介

1、關(guān)于華為二層交換機(jī)集群管理配置規(guī)范及說明一、組網(wǎng)說明:榆社縣局S3552G交換機(jī)下掛榆社水利小區(qū) 3號(hào)樓S2016C 3號(hào)樓S2016C 交換機(jī)下掛水利小區(qū)2號(hào)樓S2403H 3號(hào)樓S2016C交換機(jī)下掛水利小區(qū)1號(hào)樓 S2024C。二、組網(wǎng)圖:YS_XianJu_S3552GYS_ShuiLi_3#Lou_S2016CYS_ShuiLi_1#Lou_S2024CYS_ShuiLi_2#Lou_S2403H三、配置步驟1 、配置管理設(shè)備(由匯聚層人員來配置)(1)啟動(dòng)設(shè)備上的NDP和端口日的NDP協(xié)議:YS_XianJu_S3552G ndp enable#配置NDP信息的有效保留時(shí)間為200

2、秒YS_XianJu_S3552G ndp timer aging 200#配置NDP報(bào)文發(fā)送的時(shí)間間隔為70秒YS_XianJu_S3552G ndp timer hello 70(2)啟動(dòng)設(shè)備上的 NTDP和端口上的NTDPYS_XianJu_S3552G ntdp enable#配置拓?fù)涫占秶鸀?7 跳YS_XianJu_S3552G ntdp hop 7 #配置被收集設(shè)備轉(zhuǎn)發(fā)拓?fù)涫占?qǐng)求的延遲時(shí)間為150msYS_XianJu_S3552G ntdp timer hop-delay 15015ms#配置被收集設(shè)備的端口轉(zhuǎn)發(fā)拓?fù)涫占?qǐng)求的延遲時(shí)間為 YS_XianJu_S3552G n

3、tdp timer port-delay 15 #配置定時(shí)拓?fù)涫占臅r(shí)間間隔為 3 分鐘 YS_XianJu_S3552G ntdp timer 3(3) 配置管理 vlan#創(chuàng)建管理 vlan YS_XianJu_S3552Gvlan 4051#將管理 vlan4051 作為管理 vlan YS_XianJu_S3552Gmanagement-vlan 4051 #進(jìn)入以太網(wǎng)端口description to_ys_shuili_dishui2_caizhen_xiaoquport link-type trunkundo port trunk permit vlan 1port trunk p

4、ermit vlan 45 to 51 3527 4051( 4)啟動(dòng)集群功能YS_XianJu_S3552G cluster enable#進(jìn)入集群視圖YS_XianJu_S3552G clusterYS_XianJu_S3552G -cluster#配置集群內(nèi)部使用的IP地址池起始地址為10.0.1.1有254個(gè)地址YS_XianJu_S3552G -cluster ip-pool 10.0.1.1 255.255.255.0(5)配置集群名字建立集群YS_XianJu_S3552G -cluster build YSYDYSYD_0.YS_XianJu_S3552G -cluster(6

5、)將下掛的兩個(gè)交換機(jī)加入到集群中YSYD_0.YS_XianJu_S3552G -cluster add-member 1 mac-address 00e0-fc01- 0011YSYD_0.YS_XianJu_S3552G -cluster add-member 2 mac-address 00e0-fc01- 0013YSYD_0.YS_XianJu_S3552G -cluster add-member 3 mac-address 00e0-fc01- 0011#配置成員設(shè)備信息的保留時(shí)間為 100秒YSYD_0.YS_XianJu_S3552G -cluster holdtime 100

6、#配置握手報(bào)文定時(shí)發(fā)送的時(shí)間間隔為10秒YSYD_0.YS_XianJu_S3552G -cluster timer 102、配置成員設(shè)備(由接入層維護(hù)人員來配置)以xx水利小區(qū)3號(hào)樓S2016C為例:#啟動(dòng)設(shè)備上的NDP和端口上的NDPYS_ShuiLi_3#Lou_S2016C ndp enable#啟動(dòng)設(shè)備上的NTDP和端口上的NTDPYS_ShuiLi_3#Lou_S2016C ntdp enable#創(chuàng)建vlan 4051創(chuàng)建管理vian,根匯聚層交換機(jī)管理vlan來確定。YS_ShuiLi_3#Lou_S2016C vlan 4051#將 vlan4051 作為管理 vlanYS_

7、ShuiLi_3#Lou_S2016C management-vlan 4051#進(jìn)入以太網(wǎng)端口透傳管理vlan 4051將二層交換機(jī)上聯(lián)口透傳管理 vlan#啟 動(dòng)集群功能YS_ShuiLi_3#Lou_S2016C cluster enable四、數(shù)據(jù)配置舉例如下:1、xx局S3552G配置如下:dis cu# sysname YS_XianJu_S3552G #superpassword level 3 cipher A#:+/G*8P,:)&CZHH(&1!#ntdp hop 7ntdp timer port-delay 15ntdp timer hop-delay 150ntdp t

8、imer 3#radius scheme systemserver-type huaweiprimary authentication 127.0.0.1 1645primary accounting 127.0.0.1 1646user-name-format without-domaindomain systemradius-scheme systemaccess-limit disable state active vlan-assignment-mode integer idle-cut disable self-service-url disable messenger time d

9、isabledomain default enable system # local-server nas-ip 127.0.0.1 key huawei local-user sxhuaweipassword cipher (W_UELR9laNK;9B9.)Q!ndp timer aging 200#management-vlan 4051#acl number 3998rule 0 deny ip destination 10.0.1.0 0.0.0.255rule 1 permit ip source 10.0.1.0 0.0.0.255acl number 3999rule 0 de

10、ny ip source 10.0.1.0 0.0.0.255rule 1 permit ip destination 10.0.1.0 0.0.0.255#vlan 1#vlan 27#vlan 28#vlan29#vlan 30#vlan 31#vlan 32#vlan 33#vlan 34#vlan 35#vlan 36#vlan 37#vlan 38#vlan39#vlan 40#vlan 41#vlan 42#vlan 43#vlan 44#vlan 45#vlan 46#vlan 47#vlan 48#vlan49#vlan 50#vlan 51#vlan 52#vlan 53#v

11、lan 1672description to_ys_taichanggaosu(yulin)#vlan 1711#vlan 2101#vlan 2103#vlan 2104#vlan 2105multicast-vlan enable #vlan 3524#vlan 3526#vlan 3527#vlan 3528#vlan3529#vlan 3530#vlan 3532#vlan 3534#vlan 35#vlan 3536#vlan 3537#vlan 4051#interface Vlan-interface4051ip address 221.131.31.130 255.255.25

12、5.240#shutdown #description to_ys_taichanggaosu(yulin) broadcast-suppression 5port access vlan 1672# description to_ys_donghuixiaoxue broadcast-suppression 5port access vlan 3526# description to_ys_tudijushe broadcast-suppression 5port access vlan 3528# description to_ys_nonghangsushe broadcast-supp

13、ression 5port access vlan 3529# description to_ys_dishuiyixiaoqu broadcast-suppression 5port access vlan 3530# description to_ys_lianjiazhuang broadcast-suppression 5port access vlan 1711# description to_ys_dongshengyingyeting port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 2

14、103 to 2105 3532# description _xianweidanxiaowenhuazhanbroadcast-suppression 5port access vlan 3534# description to_ys_youzhenxiaoqu broadcast-suppression 5port access vlan 35# description to_ys_jiaokejuwenhuazhanbroadcast-suppression 5 port access vlan 3536# description to_ys_jishengfuyouyuan broad

15、cast-suppression 5port access vlan 3537# description to_ys_xiangzhenjuxiaoquport link-type trunkundo port trunk permit vlan 1port trunk permit vlan 31 to 33# description to_ys_mingzhenjuxiaoqu port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 34 to 35# description to_ys_renhang

16、xiaoqu port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 36# description to_ys_huagongxiaoquport link-type trunkundo port trunk permit vlan 1port trunk permit vlan 27 to 30# description to_ys_gongan,liangshijuxiaoqu port link-type trunkundo port trunk permit vlan 1port trunk pe

17、rmit vlan 37 to 40# description to_ys_gongan,yizhongxuexiaoqu port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 41 to 44# description to_ys_shuili_dishui2_caizhen_xiaoquport link-type trunkundo port trunk permit vlan 1port trunk permit vlan 45 to 51 3527 4051# description to_ys

18、_guoshuixiaoquport link-type trunkundo port trunk permit vlan 1port trunk permit vlan 52 to 53# description to_ys_yingchunyingyetingport link-type trunkundo port trunk permit vlan 1port trunk permit vlan 2101 3524# shutdown # shutdown # shutdown # shutdown # shutdown # shutdown # shutdown # shutdown

19、 # shutdown # shutdown # shutdown # shutdown # shutdown # shutdown # shutdown # shutdown # shutdown # shutdown # shutdown # shutdown # shutdown # shutdown # shutdown # shutdown # shutdown # shutdown # shutdown# duplex fullspeed 1000port link-type trunkundo port trunk permit vlan 1port trunk permit v

20、lan 27 to 531672 1711 to 3526 to 3530 to 3537 4051# shutdown # shutdown # shutdown #interface NULL0#clusterip-pool 10.0.1.1 255.255.255.0build YSYDholdtime 100#YSYD_0.YS_XianJu_S3552G -cluster add-member 1 mac-address 00e0-fc01-0011YSYD_0.YS_XianJu_S3552G -cluster add-member 2 mac-address 00e0-fc01-

21、0013YSYD_0.YS_XianJu_S3552G -cluster add-member 3 mac-address 00e0-fc01-0011#ip route-static 0.0.0.0 0.0.0.0 221.131.31.129 preference 60# snmp-agentsnmp-agent local-engineid 8007DB000FE215Dsnmp-agent sys-info location BeiJing Chinasnmp-agent sys-info version allsnmp-agent target-host trap address u

22、dp-domain 211.142.42.68params securityname jzydsnmp-agent target-host trap address udp-domain 211.142.42.69params securityname jzydsnmp-agent trap enable standardsnmp-agent trap enable configurationsnmp-agent trap enable vrrpsnmp-agent trap enable bgpsnmp-agent trap source Vlan-interface4051#ntp-ser

23、vice unicast-server 211.138.98.2ntp-service unicast-server 211.138.98.1#user-interface aux 0authentication-mode schemeuser-interface vty 0 4authentication-mode scheme #Return2、榆社水利小區(qū)3號(hào)樓S2016C配置如下:dis cu# sysname YS_ShuiLi_3#Lou_S2016C 對(duì)交換機(jī)進(jìn)行命名 #super password level 3 cipher 八#:+/G*8P,:)&CZHH(&1!#inf

24、o-center loghost 10.0.1.1#management-vlan 4051 修改集群 管理vlan (根據(jù)匯聚層交換機(jī)管理 vlan確定)#que-scheduler wrr 1 2 4 8#vlan 1#vlan 45port-isolate enable小區(qū)交換機(jī)端口隔離配置 #vlan46#vlan 47#vlan 48#vlan 49#vlan 50#vlan 51#vlan 3527#vlan 4051增加交換機(jī)集群 管理 vlan 號(hào)(根據(jù)匯聚層交換機(jī)管理 vlan 確定) #interface Vlan-interface4051#description to_

25、 (描述該交換機(jī)的上聯(lián)交換機(jī)及端口)port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 45 to 51 (上聯(lián)口透傳集群管理 vlan 號(hào)) port-isolate uplink-port vlan 45(上聯(lián)口配置本交換機(jī)端口隔離 vlan) #description 對(duì)交換機(jī)聯(lián)端口進(jìn)行描述port link-type trunkundo port trunk permit vlan 1(透傳集群管理 VLAN)(透傳集群管理 VLAN)port trunk permit vlan 464051

26、description 對(duì)交換機(jī)聯(lián)端口進(jìn)行描述port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 474051broadcast-suppression 5 (對(duì) ACCESS 口進(jìn)行廣播抑制) port access vian 45#broadcast-suppression 5port access vian 45#broadcast-suppression 5port access vian 45#broadcast-suppression 5port access vian 45#broadca

27、st-suppression 5port access vian 45#broadcast-suppression 5port access vian 45#broadcast-suppression 5port access vian 45#broadcast-suppression 5port access vian 45#broadcast-suppression 5port access vian 45#broadcast-suppression 5port access vian 45#broadcast-suppression 5port access vian 45#broadc

28、ast-suppression 5port access vian 45#broadcast-suppression 5port access vian 45#interface NULL0# snmp-agentsnmp-agent iocai-engineid 8007DB000FE237E4CB6877snmp-agent sys-info iocation BeiJing Chinasnmp-agent sys-info version aiisnmp-agent target-host trap address udp-domain 10.0.1.1params securityna

29、me ciustersnmp-agent trap enabie standardsnmp-agent trap enabie configurationsnmp-agent trap source Vlan-interface4051#user-interface aux 0 authentication-mode passwordset authe nticati on password cipher NC55QKv二/QQMAF4v1!#Retur n3、榆社水利1號(hào)樓S2024C交換機(jī)配置如下:dis cu# sysname YS_ShuiLi_1#Lou_S2024C 對(duì)交換機(jī)進(jìn)行命

30、名 #super password level 3 cipher A#:+/G*8P,:)&CZHH(&1!#info-center loghost 10.0.1.1#management-vlan 4051修改集群 管理vlan (根據(jù)匯聚層交換機(jī)管理 vlan確定)#que-scheduler wrr 1 2 4 8#vlan 1#vlan 47port-isolate enable小區(qū)交換機(jī)端口隔離配置 #vlan 4051增加交換機(jī)集群管理 vlan 號(hào)(根據(jù)匯聚層交換機(jī)管理 vlan 確定) #interface Vlan-interface4051#description to_

31、(描述該交換機(jī)的上聯(lián)交換機(jī)及端口)port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 474051 (上聯(lián)口透傳集群管理 vlan 號(hào)) port-isolate uplink-port vlan 47(上聯(lián)口配置本交換機(jī)端口隔離 vlan) #broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#br

32、oadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppressio n 5ACCESS 口進(jìn)行廣播抑制)(對(duì)por

33、t access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5po

34、rt access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#broadcast-suppression 5port access vlan 47#interface NULL0#clustera

35、dministrator-address 000f-e22e-0f80 name huawei # snmp-agent snmp-agent local-engineid 8007DB00E0FC2D944E6877snmp-agent sys-info contact HuaWei BeiJing Chinasnmp-agent sys-info location BeiJing Chinasnmp-agent sys-info version allsnmp-agent target-host trap address udp-domain 10.10.0.1params securit

36、yname clustersnmp-agent trap enable standard #user-interface aux 0authentication-mode passwordset authe nticati on password cipher NC55QKv二/QQMAF4v1!#Retur n4、水利小區(qū)2號(hào)S2403H配置如下:dis cu # sysname YS_ShuiLi_2#Lou_S2403H 對(duì)交換機(jī)進(jìn)行命名 #radius scheme systemserver-type huaweiprimary authentication 127.0.0.1 164

37、5primary accounting 127.0.0.1 1646user-name-format without-domaindomain systemradius-scheme systemaccess-limit disablestate activeidle-cut disableself-service-url disablemessenger time disabledomain default enable system # local-server nas-ip 127.0.0.1 key huawei #info- center loghost 10.10.0.1#mana

38、gement-vlan 4051修改集群管理 vian (根據(jù)匯聚層 交換機(jī)管理 vlan 確定) #vlan 1#vlan 46port-isolate enable小區(qū)交換機(jī)端口隔離配置 #vlan 4051增加交換機(jī)集群管理vlan號(hào)(根據(jù)匯聚層交換機(jī)管理vlan確定)#in terface Via n-i nterface4051#descriptio n to_ (描述該交換機(jī)的上聯(lián)交換機(jī)及 端口) port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 464051 (上聯(lián)口透傳集群管理 vla

39、n 號(hào)) port-isolate uplink-port vlan 46(上聯(lián)口配置本交換機(jī)端口隔離 vlan) #broadcast-suppression 5 (對(duì) ACCESS 口進(jìn)行廣播抑制) port access vian 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadc

40、ast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broad

41、cast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broa

42、dcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#broadcast-suppression 5port access vlan 46#interface NULL0#cluster administrator-address 000f-e22e-0f80 name YSYD # snmp-agent snmp-

43、agent local-engineid 8007DB00E0FC2D944E6877snmp-agent sys-info contact HuaWei BeiJing Chinasnmp-agent sys-info location BeiJing Chinasnmp-agent sys-info version allsnmp-agent target-host trap address udp-domain 10.10.0.1params securityname clustersnmp-agent trap enable standard #user-interface aux 0

44、user-interface vty 0 4#Return五、二層交換機(jī)管理說明:由于本次二層交換機(jī)集群管理的時(shí)間緊迫性,為了以后更好的維護(hù),配置 一定要規(guī)范,具體規(guī)范內(nèi)容在配置舉例中說明,并用紅色字體標(biāo)明,有什么不 對(duì)的地方及時(shí)提出。1、交換機(jī)命名一定要規(guī)范,要不在集群網(wǎng)管上不能區(qū)分是哪個(gè)小區(qū)哪個(gè)樓 的交換機(jī),不便于網(wǎng)管查看和管理。2、交換機(jī)TRUNK端口不要進(jìn)行廣播抑制配置,如有要去掉。3、如有交換機(jī)是老版本的如 S2403H的,如果不支持 management-vlan命 令的要進(jìn)行BOOTROM和APP軟件升級(jí)或者更換交換機(jī)。4、將小區(qū)交換機(jī)的拓樸結(jié)構(gòu)一定要搞清楚,尤其是上聯(lián)端口及光貓、網(wǎng) 線、尾纖一定要粘貼標(biāo)簽,為以后更好的維護(hù)提供便利。5、對(duì)一些不需要認(rèn)證的在核心機(jī)房 R2811路由器上下掛的小區(qū)交換機(jī)也要 進(jìn)行集群管理。6、對(duì)交換機(jī)的端口一定要隔離,這樣可以對(duì)病毒等的傳播進(jìn)行抑制。7、對(duì)access端口增加廣播抑制配置,即 broadcast 5的配置。8、對(duì)一些小區(qū)不是華為交換機(jī)的一定要更換成華為交換機(jī)并對(duì)其進(jìn)行數(shù)據(jù) 配置及集群管理。9、 將二層交換機(jī)集群管理信息表小區(qū)交換機(jī)M

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

最新文檔

評(píng)論

0/150

提交評(píng)論