内容发布更新时间 : 2025/1/10 22:02:04星期一 下面是文章的全部内容请认真阅读。

总体模版

sys

user-interface vty 0 4

authentication-mode password

set authentication password cipher sdsy/sdsy user privilege level 15 qui

user-interface conso 0

authentication-mode password

set authentication password cipher sdsy/sdsy qui

ip route-static 0.0.0.0 0.0.0.0 10.1.1.3

vlan 39 qui

int vlan 1 qui

undo int vlan 1 vlan 255 int vlan 255

ip add 10.1.1.202 24

int g0/0/8

port link-type trunk

port trunk allow-pass vlan all qui

int range g0/0/1 to g0/0/7 port link-typ access port defaul vlan 39 stp edged-port enable loopback-detection enable exit

errdisable recovery cause loopback-detetion errdisable recovery interval 60

dhcp-snooping enable

int range g0/0/8 dhcp-snooping trust dhcp enable

3A认证

Aaa

local-user meng password cipher meng privilege level 15 User-interface vty 0 4 Authentication mode aaa

端口聚合

创建聚合组命令如下：

[S9303]interface Eth-Trunk1 //聚合组名称为ETH-Trunk1 [S9303-Eth-Trunk1]description To-S9303-2 //描述

[S9303-Eth-Trunk1]undo port hybrid vlan 1 //去掉VLAN1的透传 [S9303-Eth-Trunk1]port hybrid tagged vlan 100 to 200 //VLAN透传 3

进入端口，将端口加入聚合组，命令如下:

[S9303]interface GigabitEthernet1/1/16 //进入G1/1/16端口 [S9303-GigabitEthernet1/1/16]description To-S7810-G7/0/31 //端口描述

[S9303-GigabitEthernet1/1/16]eth-trunk 1 //加入聚合组1 [S9303]interface GigabitEthernet1/1/17 //进入G1/1/17端口 [S9303-GigabitEthernet1/1/17]description To-S7810-G7/0/30 //端口描述

[S9303-GigabitEthernet1/1/17]eth-trunk 1 //加入聚合组1

dhcp enable

#

dhcp snooping enable

user-bind static ip-address 192.168.1.200 －－－保留手动分配的地址，不加保留的手动分配的地址没法使用

user-bind static ip-address 192.168.1.201 mac-address 4c1f-cc58-379e －－保留手动分配的地址和MAC地址捆绑 #

interface Vlanif1000

ip address 192.168.1.1 255.255.255.0 dhcp select interface

dhcp server excluded-ip-address 192.168.1.200 192.168.1.254 －－－保留手动分配的地址段

expired day 0 hour 5

dhcp server forbidden-ip 192.168.2.201 192.168.2.253 display dhcp client #

interface GigabitEthernet0/0/1 port link-type access port default vlan 1000

ip source check user-bind enable

ip source check user-bind check-item ip-address mac-address dhcp snooping enable

dhcp snooping check user-bind enable

expired day 0 hour 5

dhcp server forbidden-ip 192.168.2.201 192.168.2.253 display dhcp client

镜像命令：

Mirroring-group 2 local 创建组 Int g0/0/1

Mirroring-group 2 mirroring-port both 设置被监控对象 Int g0/0/2

Mirroring-group 2 monitor-port Sniffer口

备份和恢复

Tftp 1.1.1.1 put vrpcfg.cfg 22-hw-22.cfg 下载

Tftp 2.2.2.2 get 23-hw22.cfg vrpcfg.vfg

Privilege levle

sysname HuaWei_test

super password level 1 cipher 456123

DHCPIP-MAC绑定#############################

dhcp snooping bind-table static ip-address 192.168.6.254 mac-address 0000-1111-1234 interface Ethernet 0/0/2