一、 物理端口相关配置
1.1 查看物理端口状态
show interfaces gigabitEthernet state
BEB-1:1(config-if)#show interfaces gigabitEthernet state
======================================================================== Port State ======================================================================== PORT NUM ADMINSTATUS PORTSTATE REASON DATE ---------------------------------------------------------------------------------------------------- 1/1 down down -- 06/13/18 13:54:35 1/2 up down -- 06/13/18 14:25:31 1/3 up up -- 06/13/18 14:26:20 |
1.2 查看物理端口数据包
BEB-1:1(config-if)#show interfaces gigabitEthernet statistics
Please widen the terminal for optimal viewing of data.
========================================================================= Port Stats Interface ========================================================================= PORT IN OUT IN OUT NUM OCTETS OCTETS PACKET PACKET ------------------------------------------------------------------------------------------------------------------ 1/1 0 0 0 0 1/2 0 0 0 0 1/3 17086 21041 183 181 |
1.3 查看物理端口物理层状态
show interfaces gigabitEthernet l1-config
BEB-1:1(config-if)#show interfaces gigabitEthernet l1-config
========================================================================================== Port Config L1 ========================================================================================== PORT AUTO CUSTOM AUTO NEGOTIATION ADMIN OPERATE ADMIN OPERATE NUM NEG. ADVERTISEMENTS DPLX SPD DPLX SPD TX-FLW-CTRL TX-FLW-CTRL ------------------------------------------------------------------------------------------ 1/1 true 10F 10H 100F 100H 1000F 1000H half 10 0 disable disable 1/2 true 10F 10H 100F 100H 1000F 1000H half 10 0 disable disable 1/3 true 10F 10H 100F 100H 1000F 1000H half 10 full 1000 disable disable |
1.4 查看端口详细信息
======================================================================== Port Interface ======================================================================== PORT LINK PORT PHYSICAL STATUS NUM INDEX DESCRIPTION TRAP LOCK MTU ADDRESS ADMIN OPERATE ------------------------------------------------------------------------------------------ 1/3 194 1000BaseTX true false 1950 c8:1f:ea:00:6c:02 up up
======================================================================== Port Name ======================================================================== PORT OPERATE OPERATE OPERATE NUM NAME DESCRIPTION STATUS DUPLX SPEED VLAN ---------------------------------------------------------------------------------------------------- 1/3 1000BaseTX up full 1000 Access
======================================================================== Port Config ======================================================================== PORT DIFF-SERV QOS MLT VENDOR
NUM TYPE EN TYPE LVL ID NAME ---------------------------------------------------------------------------------------------------- 1/3 1000BaseTX true core 1 0 N/A
PORT ADMIN OPERATE AUTO ACCESS-SERV RMON FLEX-UNI NUM ROUTING ROUTING RECOVER EN ---------------------------------------------------------------------------------------------------- 1/3 Enable Disable Disable false Disable Disable
=========================================================================== Port Config L1 =========================================================================== PORT AUTO CUSTOM AUTO NEGOTIATION ADMIN OPERATE ADMIN OPERATE NUM NEG. ADVERTISEMENTS DPLX SPD DPLX SPD TX-FLW-CTRL TX-FLW-CTRL ------------------------------------------------------------------------------------------ 1/3 true 10F 10H 100F 100H 1000F 1000H half 10 full 1000 disable disable
========================================================================== Port State ========================================================================= PORT NUM ADMINSTATUS PORTSTATE REASON DATE
----------------------------------------------------------------------------------------------------- 1/3 up up -- 06/13/18 14:26:20
========================================================================= Port Arp ========================================================================= PORT_NUM DOPROXY DORESP ---------------------------------------------------------------------------------------------------- 1/3 false true
========================================================================= Port Dhcp ========================================================================= PORT VRF MAX MIN ALWAYS CIRCUIT REMOTE TRUST NUM NAME ENABLE HOP SEC MODE BCAST ID ID CIRC ----------------------------------------------------------------------------------------------------
========================================================================= Port High-Secure
========================================================================= PORT NUM HIGH_SECURE ---------------------------------------------------------------------------------------------------- 1/3 false
========================================================================= Port Fdb ========================================================================= VLAN MAC SMLT ID STATUS ADDRESS INTERFACE REMOTE ---------------------------------------------------------------------------------------------------- 1 learned 54:ee:75:9f:b5:fc Port-1/3 false
c: customer vid u: untagged-traffic
1 out of 1 entries in all fdb(s) displayed.
======================================================================= Brouter Port Ip
====================================================================== PORT VRF IP_ADDRESS NET_MASK BROADCAST REASM ADVERTISE DIRECT RPC RPCMODE NUM NAME MAXSIZE WHEN_DOWN BCAST --------------------------------------------------------------------------------------------------
PORT VRF NUM NAME ----------------------------------------------------------------------------------------------------
====================================================================== Port Ipv6 Interface ===================================================================== IFINDX VRF BROUTER PHYSICAL ADMIN OPER TYPE MTU HOP REACHABLE RETRANSMIT MCAST IPSEC RPC RPCMODE INDX NAME ADDRESS STATE STATE LMT TIME TIME STATUS -----------------------------------------------------------------------------------------------------------------------
========================================================================== Port Ipv6 Address ========================================================================== IPV6 ADDRESS BROUTER TYPE ORIGIN STATUS ----------------------------------------------------------------------------------------------------
0 out of 0 Total Num of Interface Entries displayed. 0 out of 0 Total Num of Address Entries displayed.
========================================================================= Port Ipv6 Nd ========================================================================= IFID VRF BTR RTR-ADV MAX-INT MIN-INT LIFETIME MANAG OTHER DAD-NS MTU HOP REACHABLE RETRANSMIT NAME FLAG CONF LIMIT TIME TIME -----------------------------------------------------------------------------------------------------------------------
Note: (s) = Set, (d) = Default, (i) = inherit.
0 out of 0 Total Num of Ipv6 ND Entries displayed.
========================================================================= Port Ipv6 Nd Prefix ========================================================================= INTF VRF IPV6 BTR VALID PREF EUI INDEX NAME ADDRESS/PREFIX LIFE LIFE ----------------------------------------------------------------------------------------------------
0 out of 0 Total Num of Ipv6 ND prefix Entries displayed.
======================================================================== Port Ipv6 MLD ======================================================================== BROUTER Q-INT VR QUERIER Q-M-R ROBUST L-M-Q ---------------------------------------------------------------------------------------------------- Legend: Q-INT: query-interval VR: version Q-M-R: query-max-resp ROBUST: robustval L-M-Q: last-memb-query-int
0 out of 0 Total Num of Ipv6 MLD Entries displayed.
======================================================================= Port Ospf ======================================================================= PORT HELLO RTRDEAD OSPF NUM ENABLE INTVAL INTVAL PRIORITY METRIC AUTHTYPE AUTHKEY AREA_ID ---------------------------------------------------------------------------------------------------- 1/3 false 10 40 1 0 none 0.0.0.0
====================================================================== Port Ospfv3 Interface
====================================================================== IFINDX(BTR) AREAID ADM IFSTATE METRIC PRI DR/BDR IFTYPE ----------------------------------------------------------------------------------------------------
0 out of 0 Total Num of Ospf Interface Entries displayed.
===================================================================== Port Rip ==================================================================== PORT DEFAULT DEFAULT TRIGGERED AUTOAGG NUM ENABLE SUPPLY LISTEN UPDATE ENABLE SUPPLY LISTEN POISON ---------------------------------------------------------------------------------------------------- 1/3 false false false false false true true false
==================================================================== Port Rip - Extn ==================================================================== PORT ADVERTISE HOLD TIME MANUAL NUM WHEN-DOWN COST DOWN OUT TRIGGER ---------------------------------------------------------------------------------------------------- 1/3 disable 1 120 180 N/A
=================================================================== Port Rip - In Policy =================================================================== PORT IN-POLICY ---------------------------------------------------------------------------------------------------- 1/3 N/A
=================================================================== Port Rip - Out Policy =================================================================== PORT OUT-POLICY ---------------------------------------------------------------------------------------------------- 1/3 N/A
=================================================================== Port Ripng Interface ================================================================== IFINDX COST POISON SEND OPER STATUS DEFAULT STATUS ----------------------------------------------------------------------------------------------------
================================================================== Port Vrrp ================================================================== PORT VRF VRRP IP VIRTUAL VERSION NUM NAME ID ADDRESS MAC ADDRESS ----------------------------------------------------------------------------------------------------
================================================================== Port Vrrp Extended ================================================================== PORT VRRP VRF MASTER ADVERTISE CRITICAL VERSION NUM ID NAME STATE CONTROL PRIORITY IPADDR INTERVAL IPADDR ----------------------------------------------------------------------------------------------------
PORT VRRP VRF HOLDDWN ACTION CRITICAL BACKUP BACKUP FAST ADV FAST ADV VERSION NUM ID NAME TIME IP MASTER MASTER INTERVAL ENABLE ENABLE STATE ----------------------------------------------------------------------------------------------------
VRRP VRF MASTER ADV PREEMPT PSEUDO-HEADER VERSION NUM ID NAME INTERVAL(ms) MODE CHECKSUM
----------------------------------------------------------------------------------------------------
======================================================================== Port Vlans ========================================================================== PORT DISCARD DISCARD DEFAULT VLAN PORT UNTAG DYNAMIC UNTAG NUM TAGGING TAGFRAM UNTAGFRAM VLANID IDS TYPE DEFVLAN VLANS VLANS ---------------------------------------------------------------------------------------------------- 1/3 disable false false 1 1 normal disable P 1 ---------------------------------------------------------------------------------------------------- DYNAMIC VLAN Legend: P=Protocol enabled.
======================================================================= Port VRF Association ======================================================================= PORT VRF VRF NUM COUNT LIST
----------------------------------------------------------------------------------------------------- 1/3 1 GlobalRouter
===================================================================== Port Ip Igmp ===================================================================== PORT QUERY QUERY ROBUST VERSION LAST PROXY SNOOP SSM FAST NUM INTVL MAX MEMB SNOOP ENABLE SNOOP LEAVE RESP QUERY ENABLE ENABLE ENABLE ---------------------------------------------------------------------------------------------------- 1/3 125 100 2 2 10 false false false false
---------------------------------------------------------------------------------------------------- PORT DYNAMIC COMPATIBILITY EXPLICIT NUM DOWNGRADE MODE HOST VERSION TRACKING ---------------------------------------------------------------------------------------------------- 1/3 enable disable disable
======================================================================
Port limit-fdb-learning ====================================================================== PORT FDB MAXMAC MINMAC LOG PORT CURMAC MAC NUM PROTECT COUNT COUNT TRAP DOWN COUNT LEARN ---------------------------------------------------------------------------------------------------- 1/3 dis 1024 512 dis dis 0 true
======================================================================= Port Loop-Detect ======================================================================= PORT VLAN MAC LOOP DETECT SMLT REMOTE ACTION ----------------------------------------------------------------------------------------------------
===================================================================== Port Ip Pim ===================================================================== PORT-NUM PIM-ENABLE MODE HELLOINT JPINT CBSRPREF INTF TYPE ----------------------------------------------------------------------------------------------------
===================================================================== Actor Admin ==================================================================== INDEX SYS SYS KEY PORT PORT STATE PRIO ID PRIO ---------------------------------------------------------------------------------------------------- 1/3 32768 c8:1f:ea:00:6c:00 1218 0xc2 32768 act long indi
==================================================================== Actor Oper =================================================================== INDEX KEY SELECTED ATTACHED AGGR STATE AGGR ID AGGR ID ---------------------------------------------------------------------------------------------------- 1/3 1218 0 0 false act long indi
================================================================== Partner Admin ================================================================= INDEX SYS SYS KEY PORT PORT STATE
PRIO ID PRIO ---------------------------------------------------------------------------------------------------- 1/3 0 00:00:00:00:00:00 0 0x0 0 pas long indi
================================================================= Partner Operational ================================================================= INDEX SYS SYS KEY PORT PORT STATE PRIO ID PRIO ---------------------------------------------------------------------------------------------------- 1/3 0 00:00:00:00:00:00 0 0x0 0 pas long indi
============================================================================ LACP Extension ============================================================================= INDEX ADMIN OPER FAST SLOW AGGRWAIT TIMEOUT FAST SLOW AGGRWAIT TIMEOUT ENABLED ENABLED TIME TIME TIME SCALE TIME TIME TIME SCALE ADMIN ADMIN ADMIN ADMIN OPER OPER OPER OPER ---------------------------------------------------------------------------------------------------- 1/3 false false 1000 30000 2000 3 1000 30000 2000 3
=========================================================================== Port Mroute-Limit ========================================================================== PORT MROUTE STR MROUTE STR ENABLE LIMIT LIMIT TMR ---------------------------------------------------------------------------------------------------- 1/3 1984 10 false
========================================================================== Port Interface ========================================================================== PORT PKT-RX PKT-RX INCOMING SLPP PDU NUM THRESHOLD VLAN ID ORIGINATOR ----------------------------------------------------------------------------------------------------
PORT PKT-RX TIME LEFT TO CLEAR NUM COUNT RX COUNT(IN SECONDS) ----------------------------------------------------------------------------------------------------
==========================================================================
Port Private Vlans ========================================================================= PORT VID NUM TAGGING PVLAN PVLAN TYPE TYPE VID ----------------------------------------------------------------------------------------------------
All 0 out of 0 Total Num displayed BEB-1:1(config-if)#
|
1.5 启用端口
no shutdown
BEB-1:1(config-if)#interface gigabitEthernet 1/3 BEB-1:1(config-if)#no shutdown 1 2018-06-13T14:26:16.763Z BEB-1 CP1 - 0x0000c5ec - 00300001.194 DYNAMIC CLEAR GlobalRouter HW INFO Link Up(1/3) 1 2018-06-13T14:26:20.940Z BEB-1 CP1 - 0x002d0609 - 00000000 GlobalRouter LLDP INFO New LLDP Neighbor Discovered on interface 1/3 |
1.6 禁用端口
shudown
1.7 配置端口速率
speed
BEB-1:1(config-if)#speed ? 10 Set speed to 10Mbps 100 Set speed to 100Mbps 1000 Set speed to 1Gbps 10000 Set speed to 10Gbps 2500 Set speed to 2.5Gbps 25000 Set speed to 25Gbps 5000 Set speed to 5Gbps |
1.8 配置协商
duplex
BEB-1:1(config-if)#duplex ? port Port(s) which are to be changed half Set to half full Set to full |
二、 VLAN相关
按照VLAN规划创建VLAN,具体配置步骤如下
2.1 创建VLAN
举例,创建VLAN 100, 并把端口1分配到VLAN 100
>enable #configure terminal (config)# vlan create 100 name data type port-mstprstp 0 (config)# vlan members add 100 1/1 |
2.2 配置端口为Untagged/Access口
vlan members add {vlan id} {port_list}
BEB-1:1 >enable BEB-1:1#configure terminal BEB-1:1(config)#vlan create 10 name POC type port-mstprstp 0 BEB-1:1(config)#vlan members add 100 1/1 |
2.3 配置上联端口为Tagged口
核心交换机与计费网关和楼层堆叠设备互联的端口需要配置为Tagged口,例如,配置1/1端口为Tagged端口,1/1的untag VLAN 为20,具体的配置方法如下。
BEB-1:1(config)#vlan create 10 name POC type port-mstprstp 0 BEB-1:1(config)#vlan members add 100 1/1 BEB-1:1(config)#interface gigabitEthernet 1/1 BEB-1:1(config-if)#encapsulation dot1q BEB-1:1(config-if)# untag-port-default-vlan port 1/1 enable BEB-1:1(config-if)# default-vlan-id 20 |
2.4 查看端口VLAN
BEB-1:1(config)#show ports vlans
============================================================================ Port Vlans =========================================================================== PORT DISCARD DISCARD DEFAULT VLAN PORT UNTAG DYNAMIC UNTAG NUM TAGGING TAGFRAM UNTAGFRAM VLANID IDS TYPE DEFVLAN VLANS VLANS ---------------------------------------------------------------------------------------------------- 1/1 enable false false 1 1,10 normal disable P 1/2 disable false false 1 1 normal disable P 1 1/3 disable false false 10 10 normal disable P 10 |
BEB-1:1(config)#show vlan members
===================================================================== Vlan Port ===================================================================== VLAN PORT ACTIVE STATIC NOT_ALLOW ID MEMBER MEMBER MEMBER MEMBER ---------------------------------------------------------------------------------------------------- 1 1/1-1/50 1/1-1/50
10 1/1 1/1
|
2.5 VLAN相关参数说明
BEB-1:1(config)#vlan create ? <2-4059> Vlan id BEB-1:1(config)#vlan create 10 ? name Enter a name for the vlan to be created type Select type of the vlan to be created BEB-1:1(config)#vlan create 10 name ? WORD<0-64> Vlan name BEB-1:1(config)#vlan create 10 name POC type ? port-mstprstp Create a vlan by port protocol-mstprstp Create a vlan by protocol pvlan-mstprstp Create a private vlan by port spbm-bvlan Create a spbm-bvlan BEB-1:1(config)#vlan create 10 name POC type port-mstprstp ? <0-63> Instance id |
三、 配置链路聚合
如果用户接入层交换机采用双链路上联到核心,则需要配置LACP,具体的配置方法如下:
[no] mlt <1-512>
mlt <1-512> member {slot/port[/sub-port] [-slot/port[/sub-port]][,...]}
mlt <1-512> vlan <1-4059>
mlt <1-512> encapsulation dot1q
show mlt <1–512>
Optional:
mlt <1-512> name WORD<0-20>
EXAMPLE:
Switch:1>enable
Switch:1#config t
Switch:1(config)# mlt 10
Switch:1(config)# mlt 10 member 1/1-1/4
Switch:1(config)#mlt 10 encapsulation dot1q
Switch:1(config)# mlt 10 vlan 20
Switch:1(config)# mlt 10 enable
VSP-4850GTS-PWR+:1(config)#vlacp enable
VSP-4850GTS-PWR+:1(config)#interface GigabitEthernet 1/49
VSP-4850GTS-PWR+:1(config-if)#vlacp fast-periodic-time 500 timeout short timeout-scale 5
funcmac-addr 01:80:c2:00:00:0f
VSP-4850GTS-PWR+:1(config-if)#vlacp enable
VSP-4850GTS-PWR+:1(config-if)#show vlacp interface
switch(config)# show vlacp
====================================================
Vlacp Global Information
====================================================
Multicast address : 01:80:c2:00:00:0f
Vlacp : enabled
3.1 配置生成树spanning tree
系统默认开启MSTP生成树,如果做核心交换机,建议把主核心交换机生成树的优先级改成4096,备份核心交换机改成8192:
#configure terminal (config)# spanning-tree mstp priority 4096 |
3.2 跨设备链路聚合(SMLT)配置
拓扑图:
4850-1配置:
1.关闭spbm,保存,重启
no boot config flags spbm-config-mode
Save
Reset
2.创建IST
mlt 2 enable name "IST"
mlt 2 member 1/47-1/48
mlt 2 encapsulation dot1q
3.创建mlt
mlt 1 enable name "vlan10"
mlt 1 member 1/46
mlt 1 encapsulation dot1q
4.创建virtual-ist vlan
vlan members remove 1 1/46-1/48
vlan create 2 name "vlan2" type port-mstprstp 0
interface Vlan 2
ip address 192.168.2.1 255.255.255.0 0
exit
virtual-ist peer-ip 192.168.2.2 vlan 2
5.启用virtual-ist
interface mlt 2
virtual-ist enable
Exit
6.启用smlt
interface mlt 1
smlt
exit
7.创建用户vlan以及vrrp配置
vlan create 10 name "vlan10" type port-mstprstp 0
vlan mlt 10 1
vlan members 10 1/46 portmember
interface Vlan 10
ip address 192.168.10.1 255.255.255.0 1
4850-2配置跟4850-1一样,把virtual-ist peer-ip地址改一下
X440配置:
1.配置LAG
enable sharing 11 grouping 11-12 algorithm address-based L2
2.创建用户vlan,添加到端口
create vlan "vlan10"
configure vlan vlan10 tag 10
configure vlan vlan10 add ports 11 tagged
configure vlan vlan10 add ports 1 untagged
PC测试结果:
配置SLPP
拓扑图:
配置说明:
1. SLPP每个VLAN启用,启用后每个VLAN的所有端口会发送SLPP探测包,默认每0.5秒发1个。
2. 核心交换机在除互连端口(IST)外的其他端口配置slpp packet-rx,如果收到本交换机或者IST对端交换机发送的SLPP探测包,就会把收到的端口disable。
3. 不要在IST端口启用slpp packet-rx。
4. 主交换机和从交换机的slpp packet-rx-threshold的值不要设成相同,否则可能2个端口同时被disable。建议从交换机的值时主交换机的10倍。
4850-1配置:
Slpp enable
Slpp vid 10
Interface gigabitEthernet 1/46
slpp packet-rx-threshold 50
4850-2配置:
Slpp enable
Slpp vid 10
Interface gigabitEthernet 1/46
slpp packet-rx
配置SLPP Guard
配置说明:
1. SLPP Guard功能是配合核心交换机的SLPP功能,把从上连端口收到的SLPP探测包,转到下连端口发送,如果下连端口又收到SLPP数据包进入,则disable下连端口。
2. 只有下连端口需要配置SLPP Guard,上连端口不要配置SLPP Guard。
3. ERS系列接入交换机支持SLPP Guard功能。
4. XOS系列交换机的30.2版本以上也加入了支持SLPP Guard功能。
接入交换机配置:
Interface ethernet 1-10
slpp-guard enable
slpp-guard timeout 0
3.3 配置DHCP Relay
配置如下,命令要分开写,不能合并:
#configure terminal (VSP4k:1(config)#int vlan 10 VSP4k:1(config-if)#ip dhcp-relay VSP4k:1(config-if)#exit VSP4k:1(config)# ip dhcp-relay fwd-path 10.228.236.2 172.21.176.10 VSP4k:1(config)# ip dhcp-relay fwd-path 10.228.236.2 172.21.176.10 enable VSP4k:1(config)# ip dhcp-relay fwd-path 10.228.236.2 172.21.176.10 mode bootp_dhcp |
3.4 配置路由相关
配置静态路由
举例:创建到10.1.1.0网段的路由
BEB-1:1#configure terminal BEB-1:1((config)#ip route 10.1.1.0 255.255.255.0 2.2.2.2 weight 1 |
配置默认路由
Switch#configure terminal Switch(config)#ip route 0.0.0.0 0.0.0.0 2.2.2.2 weight 1 |
3.5 配置VRRP
举例创建VLAN 10的VRRP,主为BEB-1,备为BEB-2
主节点配置 BEB-1:1(config)#vlan create 10 name Guest type port-mstprstp 0 BEB-1:1(config)#interface vlan 10 BEB-1:1(config-if)#ip address 192.168.10.252 255.255.255.0 BEB-1:1(config-if)#ip vrrp version 2 BEB-1:1(config-if)#ip vrrp address 10 192.168.10.254 BEB-1:1(config-if)#ip vrrp 10 backup-master enable BEB-1:1(config-if)#ip vrrp 10 priority 200 BEB-1:1(config-if)#ip vrrp 10 holddown-timer 60 BEB-1:1(config-if)#ip vrrp 10 enable
BEB-1:1(config)#router vrrp BEB-1:1(config-vrrp)#ping-virtual-address enable BEB-1:1(config-vrrp)#send-trap enable |
备节点配置 BEB-1:1(config)#vlan create 10 name Guest type port-mstprstp 0 BEB-1:1(config)#interface vlan 10 BEB-1:1(config-if)#ip address 192.168.10.253 255.255.255.0 BEB-1:1(config-if)#ip vrrp version 2 BEB-1:1(config-if)#ip vrrp address 10 192.168.10.254 BEB-1:1(config-if)#ip vrrp 10 backup-master enable BEB-1:1(config-if)#ip vrrp 10 holddown-timer 60 BEB-1:1(config-if)#ip vrrp 10 enable
BEB-1:1(config)#router vrrp BEB-1:1(config-vrrp)#ping-virtual-address enable BEB-1:1(config-vrrp)#send-trap enable |
3.6 配置ACL
配置样例:创建ACL 1,ACE ID为10,关闭VLAN 2的ICMP服务
VSP-2:1#enable VSP-2:1#configure terminal VSP-2:1(config)#filter acl 1 type inVlan name POC #1为ACL ID VSP-2:1(config)#filter acl vlan 1 2 #1为ACL ID,2为VLAN ID VSP-2:1(config)#filter acl ace action 1 10 #1为ACL ID,10为ACE-ID VSP-2:1(config)#filter acl ace action 1 10 deny count #ACE10的动作为拒绝,开启策略匹配技术 VSP-2:1(config)#filter acl ace ethernet 1 10 ether-type eq ip #指定服务类型是IP filter acl ace ip 1 10 src-ip eq 192.168.2.2 #指定匹配的原IP地址为192.168.2.2 filter acl ace ip 1 10 ip-protocol-type eq icmp #指定协议类型为ICMP filter acl ace 1 10 enable #VLAN 10启用ACL 1 |
命令参数说明
ACL的类型
VSP-2:1(config)#filter acl 1 type ?
inVlan inVlan
inPort inPort
outPort outPort
ACE Action类型
VSP-2:1(config)#filter acl ace action 1 10 deny ?
count Enable count
internal-qos Qos: Set the qos level
monitor-dst-mlt Security: Enable mirroring on destination mlt
monitor-dst-ports Security: Enable mirroring on destination port or port-list
redirect-next-hop Security: Next hop IPv4 or IPv6 address for redirect mode
remark-dot1p Qos: New dot1 priority for matching packets (0 - 7)
remark-dscp Qos: New phb and dscp for matching packets {0 - 63} or {0x0 - 0x3f}
<cr>
ACE应用类型
VSP-2:1(config)#filter acl ace ethernet 1 10 ?
dst-mac Specify dst-mac address attribute of ethernet header
ether-type Specify ether type attribute of ethernet header
port Specify port attribute
src-mac Specify src-mac address attribute of ethernet header
vlan-id Specify a vlan or a vlan-list
vlan-tag-prio Specify vlan tagged priority attribute of ethernet header
ACE匹配类型
VSP-2:1(config)#filter acl ace ethernet 1 10 ether-type eq ?
WORD<1-200> Ethertype name {0x0-0xffff} or {ip | arp| ipx802dot3 | ipx802dot2 | ipxSnap |
ipxEthernet2 | appleTalk | AppleTalk-ARP | sna802dot2 | snaEthernet2 | netBios | xns
| vines | ipv6 | rarp | PPPoE-discovery | PPPoE-session}
3.7 配置OSPF
#configure terminal (config)# interface loopback 1 (config-if)#ip address 192.168.204.10 255.255.255.255
(config)#router ospf (config-ospf)#router-id 192.168.204.10 (config-ospf)#enable
(config)#interface vlan 1 (config-if)#ip address 192.168.10.1/24 (config-if)#ip ospf enable
(config)#router ospf (config-ospf)#redistribute direct (config-ospf)#redistribute direct enable |
3.8 配置端口镜像
BEB-1:1(config)#mirror 1 in-port 1/1-1/4 out-port 1/24 mode both enable |
3.9 生成show tech文件
BEB-1:1#terminal more disable BEB-1:1#show tech BEB-1:1#terminal more enable |