ÄÚÈÝ·¢²¼¸üÐÂʱ¼ä : 2025/9/28 14:29:20ÐÇÆÚÒ» ÏÂÃæÊÇÎÄÕµÄÈ«²¿ÄÚÈÝÇëÈÏÕæÔĶÁ¡£
acl-num/acl-name rule-id pkt-type stat-type stat-value 200 1 all byte 113700600
1.37 LACP
A£©¡¢LacpµÄÅäÖ÷½·¨£º ´´½¨smartgroup×飺
ZXAN(config)#interface smartgroup1
°Ñ¶Ë¿ÚÒÔijÖÖÐÎʽ¼ÓÈësarmtgroup×飺 ZXAN(config-if)#smartgroup 1 mode active
˵Ã÷£º
ģʽÓÐ3ÖÖ£ºactive¡¢on¡¢passive
Active£º´ú±íÖ÷¶¯·¢ËÍlacpÐÒé°ü£¬½øÐÐÐÉÌ On£º´ú±ítrunkģʽ£¬ËùÓж˿ڲ»½øÐÐÐÉÌ
Passive£º±»¶¯Ä£Ê½£¬²»·¢ËÍlacp£¬µ«ÊǽÓÊÕlacp°ü ×¢Ò⣺
¶Ë¿Ú¼ÓÈësmartgroup֮ǰÐèҪʹÆävlanÐÅÏ¢ÓësmartgroupµÄvlanÐÅÏ¢Ò»Ö£¬·ñÔò¶Ë¿Ú¼ÓÈë²»½øÈ¥smartgroup¡£
B£©¡¢ÅäÖö˿ڵĸºÔؾùºâ£º
ÔÚsmartgroup½Ó¿ÚÏÂÓÐÈçϼ¸ÖÖ¸ºÔؾùºâË㷨ѡÔñ£º ZXAN(config-if)#smartgroup load-balance ? dst-ip Dst ip address dst-mac Dst mac address src-dst-ip Src-dst ip address src-dst-mac Src-dst mac address src-ip Src ip address
1.38 UAPS¹¦ÄÜ
UAPS¡ª¡ªUplink Automatic Protection Switching£¨ÉÏÁª¿Ú×Ô¶¯±£»¤µ¹»»£© ²âÊÔ×¢ÒâÊÂÏ
1£©²ÎÓë±£»¤µ¹»»µÄÖ÷¶Ë¿ÚºÍ±¸¶Ë¿ÚÊý¾ÝÒªÅäÖÃÒ»Ö£¬UAPS¹¦Äܱ¾Éí²»¾ß±¸×Ô¶¯Í¬²½Êý¾Ý¹¦ÄÜ£»
2£©²ÎÓë±£»¤µ¹»»µÄÖ÷¶Ë¿ÚºÍ±¸¶Ë¿Ú²¢²»ÊÇ»ã¾ÛÔÚÒ»ÆðÐγÉÒ»¸ö»ã¾Û×飬ÒÔʵÏÖ³ö/È븺ºÉÔÚ»ã¾Û×éÖи÷¸ö³ÉÔ±¶Ë¿ÚÖеķֵ££¬Ö»ÊǼòµ¥µÄÖ÷±¸¹Øϵ£» 1¡¢UAPS¹¦ÄÜÃüÁîÐнéÉÜ
ZXAN(config)#uaps-group 1 ----------´´½¨Ò»¸öÉÏÁª¿Ú×Ô¶¯±£»¤µ¹»»×é
ZXAN(cfg-uaps-1)#port master-portlist gei_1/19/1 £¿----ÉèÖÃÒ»¸öÖ÷±¸¶Ë¿Ú±£»¤×é slave-portlist Add slave portlist to UAPS group
ZXAN(cfg-uaps-1)#port master-portlist gei_1/19/1 slave-portlist ? gei_1/19 Gei interface gei_1/20 Gei interface
ZXAN(cfg-uaps-1)#port master-portlist gei_1/19/1 slave-portlist gei_1/19/2 ZXAN(cfg-uaps-1)#protect-time ? ----ÉèÖñ£»¤Ê±¼ä
¿ÉÒÔ¶ÔÕâ¸öUAPS×éÉèÖñ£»¤Ê±¼ä£¨ÖµµÃ×¢ÒâµÄÊÇ£ºÕâ¸ö±£»¤Ê±¼äÓÐÁ½¸ö×÷ÓâÛ×Ô
¶¯»Ö¸´Ê±¼ä¢Ü±£»¤Çл»Ê±¼ä£©
¶ÔÓÚ¢Û±ØÐëʹÓÃÈçÏÂÃüÁ ZXAN(cfg-uaps-1)#revertive ?
disable Disable-----------ĬÈÏÇé¿öÏ£¬Îª·ÇʹÄÜ״̬ enable Enable-----------ʹÄܺó×Ô¶¯»Ö¸´¹¦ÄÜÆð×÷Óà ZXAN(cfg-uaps-1)#revertive enable
¶ÔÓڢܴ´½¨UAPS×éºó£¬±ãÆð×÷Óã¨Ä¬ÈÏʱ¼äΪ300s£©£»
ZXAN(cfg-uaps-1)#swap ? -------Ç¿ÖƵ¹»»ÃüÁÍê³ÉÖ÷±¸¿ÚÖ®¼äµÄÒµÎñµ¹»»
ZXAN(cfg-uaps-2)#no port master gei_1/19/1--------ɾ³ý¸ÃUAPS×éÖеÄÒ»¶ÔÖ÷±¸±£»¤¶Ë¿Ú
ZXAN(cfg-uaps-1)#show uaps groupid 1--------²é¿´UAPS×éÖÐÏêϸÐÅÏ¢ Revertive control : disable PortLight control : disable Protect-time : 10s
Next-hop : 0.0.0.0 Bfd next_hop : 0.0.0.0 Link-type : normal Link-detect-retry : 5 Link-detect-interval : 3
Link status : connected or NA Bfd Link status : connected or NA Switch-type : common port Master ports status : forwarding
gei_1/19/3 : up Slave ports status : block
gei_1/19/4 : up 2¡¢²âÊÔʵÀý
´î½¨²âÊÔ»·¾³²âÊÔ£¨Èçͼ£©
ÅäÖÃUAPS×é1¶Ô±£»¤¶Ë¿ÚÊý¾Ý£º ZXAN(config)#uaps-group 1
ZXAN(cfg-uaps-1)#port master-portlist gei_1/19/1 slave-portlist gei_1/19/2
ZXAN(cfg-uaps-1)#show uaps groupid 1
Revertive control : disable ----´Ëʱ×Ô¶¯»Ö¸´¹¦ÄÜΪ·ÇʹÄÜ״̬ PortLight control : disable
Protect-time : 300s ----ĬÈÏΪ300s Next-hop : 0.0.0.0 Bfd next_hop : 0.0.0.0 Link-type : normal Link-detect-retry : 5 Link-detect-interval : 3
Link status : connected or NA Bfd Link status : connected or NA Switch-type : common port Master ports status : forwarding
gei_1/19/3 : up ----Ö÷¶Ë¿Ú Slave ports status : block
gei_1/19/4 : up ----±¸¶Ë¿Ú
1.39 ·ç±©¿ØÖÆÅäÖÃ
ÓÐʱºòÐèÒªÓõ½·ç±©¿ØÖÆ£¬ÒÑ×èֹϵͳÖйý´óµÄºé·ººÍ¹ã²¥±¨ÎÄ¡£
ZXAN(config)#eth-switch broadcast-limit 100 //¹ã²¥±¨ÎÄ¿ØÖÆÔÚÿÃë100¸ö±¨ÎÄÒÔÄÚ ZXAN(config)#eth-switch unknowncast-limit 100 //ºé·º±¨ÎÄ¿ØÖÆÔÚÿÃë100¸ö±¨ÎÄÒÔÄÚ ZXAN(config)#no eth-switch multicast-limit //Èç¹ûÓÐ×é²¥ÒµÎñ£¬¾Í²»Òª¿ØÖÆÁË£¬´ËÃüÁîΪȡÏû×é²¥·ç±©¿ØÖÆÃüÁÆäËû¹ã²¥¡¢ºé·ºÃüÁîÓë¸ÃÃüÁîÀàËÆ¡£
´øÄÚÍø¹Ü¿ÚÓëÍø¹Ü·þÎñÆ÷ͨÐŵÄÊǵ¥²¥µÄsnmp±¨ÎÄ£¬Òò´Ë¸ÃÉèÖò»»áÓ°Ïì´øÄÚÍø¹Ü¡£
1.21 °²È«¹¦ÄÜ
1.40
anti-dos ¹¦ÄÜ £¨°üº¬ÁËfirewall blacklist×Ó¹¦ÄÜ£©
¸Ã¹¦ÄÜÓÃÓÚ¼à²âÍâÀ´ÈκÎÀàÐÍÐÒ鱨ÎĵÄÁ÷Á¿£¬Èç¹û½øÈëOLT CPUµÄÐÒ鱨ÎÄ´óÓÚÉ趨ֵ£¨¼à²âËÙÂÊx¼à²âʱ¼ä¼ä¸ô£©£¬Ôò½«¸ÃÐÒ鱨ÎĵÄÔ´macÁÐÈëºÚÃûµ¥£¬Ö®ºó¸ÃÔ´macÀ´µÄÐÒ鱨ÎĽ«È«²¿±»¶ªÆúÖ±ÖÁÁ÷Á¿½µµÍµ½É趨ֵÒÔÏÂ
ZXAN(config)#control-panel *½øÈ밲ȫ¹¦ÄÜ¿ØÖÆÃæ°å ZXAN(control-panel)#?
anti-dos Set anti dos parameter cpu set cpu queue rate limit end Exit to EXEC mode
exit Exit from interface configuration mode no Negate a command or set its defaults packet-limit Configure packet limit value
show Show running system information ZXAN(control-panel)#anti-dos ?
blocking-time Set the anti-dos block time disable Set disable
drop Drop the packet that exceed the limit number
drv-limit Driver enable/disable packet limit function. enable Set enable
limit-num Set anti-dos limit number
ZXAN(control-panel)#anti-dos blocking-time ? *ÅäÖÃanti-dos ¼à²âʱ¼ä¼ä¸ô <1-600> block time
ZXAN(control-panel)#anti-dos enable * ÅäÖÃanti-dos ʹÄÜ
ZXAN(control-panel)#anti-dos drv-limit ? * ÅäÖÃanti-dos Çý¶¯²ã±¨ÎĶªÆú¹¦ÄÜʹÄÜ£¬ ¸Ã¹¦ÄÜ¿ÉÒÔÈÃÐÒ鱨ÎÄÔÚ½øÈëcpu֮ǰ¾Í±»¶ªÆú£¬¿ÉÒÔÏÔÖø·ÀÖ¹CPU Õ¼ÓÃÂÊÉÏÉý
disable Set disable enable Set enable ZXAN(control-panel)#anti-dos drop ? *ÅäÖà anti-dos ±¨ÎĶªÆú£¬¸Ã¹¦ÄÜÊÇÔÚÇý¶¯²ãÌá°üÖ®ºó²Å½øÐб¨ÎĶªÆú£¬¶Ô·ÀÖ¹cpuÕ¼ÓÃÂÊÉÏÉý×÷Óò»´ó
disable Set disable enable Set enable
blocking-time Set the anti-dos block time disable Set disable
drop Drop the packet that exceed the limit number drv-limit Driver enable/disable packet limit function. enable Set enable
limit-num Set anti-dos limit number
ZXAN(control-panel)#anti-dos limit-num ? *ÅäÖà anti-dosµÄ¼à²âËÙÂÊ <10-1000> Limit number(unit:pps)
ZXAN(config)#show anti-dos black-table *²éѯanti-dos ²úÉúµÄºÚÃûµ¥ÁÐ±í£¬¸ÃÁбí¿ÉÒÔÏÔʾµ±Ç°±»ÁÐÈëºÚÃûµ¥µÄÔ´macµØÖ·£¬vlan£¬ÒѾ¶ÔÓ¦µÄ¶Ë¿Ú µÈÐÅÏ¢
-------------------------------------------------------------------------
mac-address vlan port Processed Dropped
1.41 ÐÒ鱨ÎÄÏÞËÙ¹¦ÄÜ
¸Ã¹¦ÄÜÄÜÕë¶Ô²»Í¬µÄÐÒéÀàÐͱ¨ÎĽøÐе¥¶ÀµÄÏÞËÙ»òÕßÕë¶ÔÈ«Ì屨ÎĽøÐÐÏÞËÙ ZXAN(control) #control-panel ZXAN(control-panel)#?
anti-dos Set anti dos parameter cpu set cpu queue rate limit end Exit to EXEC mode
exit Exit from interface configuration mode no Negate a command or set its defaults packet-limit Configure packet limit value
show Show running system information
ZXAN(control-panel)#packet-limit ? * Ä¿Ç°µÄÐÒ鱨ÎÄÏÞËÙÄÜÕë¶ÔÒÔϼ¸ÖÖÐÒ鱨ÎÄÆð×÷ÓÃ
all All packet arp ARP packet bpdu BPDU packet dhcp DHCP packet
icmp ICMP packet igmp IGMP packet pppoe PPPoE packet snmp SNMP packet vbas VBAS packet
ZXAN(control-panel)#packet-limit all ? *¶ÔËùÓÐÐÒ鱨ÎĽøÐÐͳһÏÞËÙ£¬ÏÞËÙÊÇÔÚÇý¶¯²ã½øÐеģ¬Ã»Óнøcpu
<100-65535> All packet limit value(unit:pps) ZXAN(control-panel)#packet-limit arp ? *¶Ôµ¥Ò»ÀàÐ͵ÄÐÒ鱨ÎÄÏÞËÙ£¬ÓÉÈí¼þÀ´Çø·ÖÐÒ鱨ÎÄÀàÐÍ£¬ËùÒÔÖ»ÄÜÔÚÈí¼þ´¦½øÐÐÏÞËÙ£¬ÐÒ鱨ÎÄ֮ǰÒѾ½øÈëÁËcpu
<1-50> ARP packet limit value(unit:pps) ZXAN(control-panel)#packet-limit bpdu ? <1-50> BPDU packet limit value(unit:pps) ZXAN(control-panel)#packet-limit dhcp ? <1-50> DHCP packet limit value(unit:pps) ZXAN(control-panel)#packet-limit icmp ? <1-50> ICMP packet limit value(unit:pps) ZXAN(control-panel)#packet-limit igmp ? <1-50> IGMP packet limit value(unit:pps) ZXAN(control-panel)#packet-limit pppoe ? <1-50> PPPOE packet limit value(unit:pps) ZXAN(control-panel)#packet-limit snmp ? <1-50> SNMP packet limit value(unit:pps) ZXAN(control-panel)#packet-limit vbas ? <1-50> VBAS packet limit value(unit:pps) ²âÊÔÕâ¸ö¹¦ÄܵÄʱºò£¬ÖîÈçarp£¬icmpµÈ¿ÉÒÔÖ±½ÓÓÃÒÇ±í¹¹½¨£¬Èç¹ûÒÇ±í²»»á¹¹½¨£¬»òÕß¹¹½¨³öÀ´µÄÐÒ鱨ÎÄolt²»ÈϵĻ°£¬¿ÉÒÔÕǪ̀µçÄÔ£¬¿ªÆôµçÄÔµÄ×¥°üÈí¼þ£¬×¥µ½ÐÒ鱨ÎÄÖ®ºó£¬ÔÙÓÃÈí¼þ·´Ïò³å°ü¾Í¿ÉÒԴﵽĿµÄ¡£
²é¿´°²È«¹¦Äܵ±Ç°µÄÅäÖÃÇé¿öµÄÃüÁĿǰûÓе¥¶ÀµÄÃüÁî×ö³öÀ´£¬ÇëÓÃÒÔÏÂÃüÁî²é¿´£º ZXAN(control-panel)#show running-config | begin control-panel
1.42 mff¹¦ÄÜ
¸Ã¹¦ÄܵÄÈ«³ÆÊÇmac forced forwarding£¬ÊµÏÖÒ»¸öarp proxy£¬ÓÃÀ´½ûֹͬһ×ÓÍøµÄÁ½¸öÓû§¼äÖ±½Ó»¥Í¨£¬²¢°ÑÓû§µÄÉÏÐÐÁ÷Á¿Ç¿ÖÆת·¢µ½Íø¹Ø£¬Íø¹Øת·¢Á÷Á¿£¬À´ÊµÏÖÓû§¼äµÄÈý²ã»¥Í¨¡£²¢ÇÒÍø¹ØÄܼà¿ØÓû§¼äµÄÁ÷Á¿£¬·ÀÖ¹¶ñÒâ¹¥»÷¡£