華為交換機(jī)開(kāi)局手冊(cè)-配置一本通

目 VLAN配 DHCP配 POE配 ACL配 QoS基礎(chǔ)配 SNMP配 VRRP配 OSPF基礎(chǔ)配 1-1console線(xiàn)和com1-2USB圖1-3查看終端的com181-4xp系統(tǒng)打開(kāi)超級(jí)終端圖1-5圖1-6com圖1-7com圖1-8consoleSecureCRT圖1-9scrtinterfaceinterface-typeinterface-numberipaddressip-addressmask|mask-length}，配置主IPipaddressip-addressmask|mask-lengthsub，配置從IP

圖1-10配置IP配置主從IP配置主從IP地址，實(shí)現(xiàn)一個(gè)接口可以接入兩個(gè)不同網(wǎng)段。<HUAWEI>system-[HUAWEI]sysname[Switch]<HUAWEI>system-[HUAWEI]sysname[Switch]vlan[Switch-vlan100]//創(chuàng)建//退出vlan[Switch]interfacegigabitethernet[Switch-GigabitEthernet0/0/1]portlink-typeaccess[Switch-GigabitEthernet0/0/1]portdefaultvlan100[Switch-GigabitEthernet0/0/1]quit[Switchinterfacevlanif //vlanif[Switch-Vlanif100]ipaddress24 [Switch-Vlanif100ipaddress24sub//IP地址[Switch-Vlanif100]quit[Switch]（在配置用戶(hù)通過(guò)Telnet登錄設(shè)備之前，需完成以下任務(wù)：終端與設(shè)備之間路由可達(dá)telnettelnetserverenable，使能設(shè)備的Telnetuser-interfacevtyfirst-ui-numberlast-ui-numberVTY用VTYauthentication-modepassword|aaa|none，配置用戶(hù)驗(yàn)證方式為密碼驗(yàn)證/AAA驗(yàn)證/不驗(yàn)證；（可選）當(dāng)使用AAA[HUAWEI //進(jìn)入AAA[HUAWEI-aaalocal-useruser-namepasswordpassword//配置用戶(hù)名和密碼[HUAWEI-aaa]local-useruser-nameservice-typetelnet//配置協(xié)議[HUAWEI-aaa]local-useruser-nameprivilegelevel3//用戶(hù)優(yōu)先級(jí)[HUAWEI-aaa]quitprotocolinboundall|telnet，配置VTY用戶(hù)界面支持所有協(xié)議/ssh協(xié)議/Telnet協(xié)議：從終端通過(guò)Telnet登錄設(shè)備，以Windows單擊左下角菜單在搜索欄中輸入cmd并回車(chē)，進(jìn)入Windows命令行界面，執(zhí)行命令“telnetIP-address”（IP地址為設(shè)備管理IP即可ping通

端配置Telnet用戶(hù)使用AAA驗(yàn)證登錄，并配置安全策略，保證只有用戶(hù)使用的PC才能登錄設(shè)備。圖1-11交換機(jī)配置telnet采用如下的思路配置通過(guò)Telnet配置Telnet配置管理員的用戶(hù)名和密碼，并配置AAA配置安全策略，保證只有當(dāng)前管理員使用的PC才能登錄設(shè)備。<HUAWEI><HUAWEI>system-[HUAWEI]telnetserver配置VTY[HUAWEI]user-interfacevty[HUAWEI]user-interfacevty0[HUAWEI-ui-vty0-4]protocolinbound配置VTY[HUAWEI-ui-vty0-4][HUAWEI-ui-vty0-4]authentication-mode[HUAWEI-ui-vty0-4][HUAWEI][HUAWEI-aaa]local-useradmin1234passwordadmin1234[HUAWEI-aaa][HUAWEI][HUAWEI-aaa]local-useradmin1234passwordadmin1234[HUAWEI-aaa]local-useradmin1234service-typetelnet[HUAWEI-aaa]local-useradmin1234privilegelevel15[HUAWEI-aaa]C:\DocumentsandSettings\Administrator>telnet進(jìn)入管理員PCC:\DocumentsandSettings\Administrator>telnet輸入Enter鍵后，在登錄窗口輸入AAA驗(yàn)證方式配置的登錄用戶(hù)名和密碼，驗(yàn)證通過(guò)后，出現(xiàn)用戶(hù)LoginauthenticationLoginauthenticationInfo:ThemaxnumberofVTYusersis8,andthenumberofcurrentVTYusersonlineis2.Thecurrentlogintimeis2012-08-06<Telnet盒式交換機(jī)web＠設(shè)置在出廠(chǎng)時(shí)，存儲(chǔ)器中無(wú)web+設(shè)備在出廠(chǎng)時(shí)，存儲(chǔ)器中已經(jīng)保存了web?設(shè)備在出廠(chǎng)時(shí)，存儲(chǔ)器中已經(jīng)保存了Web回設(shè)備在出廠(chǎng)時(shí)，系統(tǒng)軟件中集成了Web－設(shè)＠＠－－－－－－＠+－－－－－－??回＠＠＠＠++＠＠＠＠＠++??回回－＠＠－－－－－－＠++??－－－＠+＠?回回回－＠＠＠＠回回－－+＠?回回回一.通過(guò)配置WEB登錄功能實(shí)現(xiàn)圖形化界面配置功能。二.配置命令和步驟獲取web下載>企業(yè)網(wǎng)絡(luò)園區(qū)交換機(jī)>S23&27&33&37&53&57系列”路徑下，根據(jù)版本名稱(chēng)，下版本號(hào).WEB網(wǎng)管文件版本號(hào).web.7z”。interfaceinterfacevlanifinterface-number，進(jìn)入管理VLANipaddressip-addressmask|mask-lengthIP上傳webftpserverenable，系統(tǒng)視圖下使能FTP服務(wù)。執(zhí)行命令aaa，進(jìn)入AAA視圖local-useruser-namepasswordsimple|cipherpassword，配置local-useruser-nameftp-directorydirectory，配置FTP用戶(hù)的訪(fǎng)問(wèn)路徑。執(zhí)行命令local-useruser-nameservice-typeftp，配置FTP登錄用戶(hù)的服務(wù)類(lèi)型。在在PC的cmdftpip-address，輸入用戶(hù)名和密碼，登錄S傳至S系列交換機(jī)。httpserverhttpserverloadfile-name，系統(tǒng)視圖下加載Web創(chuàng)建webhttpserverenable，系統(tǒng)視圖下使能HTTPhttpsecure-serverenable，再敲此命令。aaa，進(jìn)入AAAlocal-useruser-namepasswordsimple|cipherpassword，配置local-useruser-nameservice-typehttp，配置用戶(hù)admin的訪(fǎng)問(wèn)類(lèi)型為HTTP登錄web達(dá)的路由），按回車(chē)鍵后將顯示登錄對(duì)話(huà)框。如圖1-12所示，輸入之前設(shè)置的Web網(wǎng)管帳號(hào)和密碼，輸入驗(yàn)證碼，并選擇Web網(wǎng)管系統(tǒng)的語(yǔ)言。圖1-12web單擊“登錄”Web網(wǎng)管系統(tǒng)主頁(yè)面。登錄到Web網(wǎng)管后，可以對(duì)交換機(jī)進(jìn)行配置。三.1-13所示，從PC上通過(guò)Web網(wǎng)管登錄設(shè)備，將設(shè)備作為Web網(wǎng)管服務(wù)器，實(shí)現(xiàn)圖形化界采用如下的思路配置用戶(hù)通過(guò)Web上傳Web加載Web配置HTTP服務(wù)功能及HTTP登錄Web網(wǎng)管。<huawei>system-[huawei]<huawei>system-[huawei]interfaceVlanif[huawei-Vlanif1]ipaddress2、（可選）上傳web文件（參考web文件附錄表選擇是否執(zhí)行此步驟[huawei][huawei]ftpserver[huawei]//系統(tǒng)視圖下使能FTP//系統(tǒng)系統(tǒng)下進(jìn)入aaa[huawei-aaalocal-useradminpasswordcipherAdmin@123//配置FTP[huawei-aaalocal-useradminftp-directory //配置FTP[huawei-aaalocal-useradminservice-type [huawei-aaa]C:\>ftp//PC電腦的cmdC:\>ftp//PC電腦的cmd下登錄Connectedto220FTPserviceUser(32:(none))://輸入FTP331PasswordrequiredforPassword:230Userloggedin.ftp>put//將PC上的web200200Portcommand150OpeningASCIImodedataconnectionfor226Transferftp2510473.36Seconds74.74Kbytes/sec.[huaweihttpserverloads5700-28c-ei-v200r005c00spc300.web.zip//系統(tǒng)系統(tǒng)[huaweihttpserverloads5700-28c-ei-v200r005c00spc300.web.zip//系統(tǒng)系統(tǒng)4、創(chuàng)建web[huawei][huawei]httpserver[huawei]//系統(tǒng)視圖下使能http//系統(tǒng)視圖下進(jìn)入aaa[huawei-aaalocal-useradminpasswordcipherAdmin@123//創(chuàng)建HTTP[huawei-aaa]local-useradminprivilegelevel//配置http[huawei-aaa]local-useradminservice-type[huawei-aaa]5、通過(guò)webPCWeb瀏覽器，在地址欄中直接輸入“”，按回車(chē)鍵后，將顯1-14所示。1-14web請(qǐng)正確輸入HTTP用戶(hù)名、驗(yàn)證碼和密碼，單擊登錄或直接按回車(chē)鍵即可進(jìn)入Web網(wǎng)管系統(tǒng)主頁(yè)一.將設(shè)備中的某些接口定義為一個(gè)單獨(dú)的區(qū)域，將指定接口加入到指定VLAN中之后，接口就可以轉(zhuǎn)發(fā)指定VLAN報(bào)文。從而實(shí)現(xiàn)VLAN內(nèi)的主機(jī)可以直接通信，而VLAN間的主機(jī)不能直接互通，將廣播報(bào)文限制在一個(gè)VLAN內(nèi)。要實(shí)現(xiàn)VLANVLANVLANIF接口是一個(gè)三層的邏輯接口，在其上配置IP地址為用戶(hù)的網(wǎng)關(guān)地址后，它就在三層交換機(jī)上生成直連路由，同時(shí)，可作為用戶(hù)的網(wǎng)關(guān)。這樣，發(fā)往各VLAN網(wǎng)段的報(bào)文，就可在路由表中分別找到其出接口VLANIF接口，從而實(shí)現(xiàn)三層轉(zhuǎn)發(fā)。二.配置命令和步驟在系統(tǒng)視圖下創(chuàng)建vlanvlan-id在系統(tǒng)視圖下創(chuàng)建vlanvlan-idVLAN并進(jìn)入VLAN或vlanbatchvlan-id1tovlan-id2&<1-10>批量創(chuàng)建vlan配置以太網(wǎng)接口屬性關(guān)聯(lián)接口和vlanportlink-typeaccessportdefaultvlanvlan-id，將接口加入到指定的VLAN或portlink-typetrunkporttrunkallow-passvlanvlan-idVLAN配置vlanifinterferevlanifvlan-idvlanif接口視圖；執(zhí)行命令ipaddressip-addressmask-address三.此場(chǎng)景配置簡(jiǎn)單，只需將連接PC的接口加入VLAN，然后創(chuàng)建VLANIF，并配置IP地址為對(duì)應(yīng)用戶(hù)<SW1>system-<SW1>system-[SW1]vlanbatch10//vlan10創(chuàng)建vlanifPC電腦的網(wǎng)關(guān)IP[SW1][SW1]interfaceVlanif//進(jìn)入三層vlanif10[SW1-Vlanif10ipaddress//IP地址為PC1[SW1-Vlanif10]//退出vlanif2[SW1]interfaceVlanif[SW1-Vlanif20ipaddress//IP地址為PC2[SW1-Vlanif20][SW1]interface[SW1]interfaceGigabitEthernet[SW1-GigabitEthernet0/0/1]portlink-type[SW1-GigabitEthernet0/0/1]portdefaultvlan//將PC1劃分到VLAN10[SW1-GigabitEthernet0/0/1][SW1]interfaceGigabitEthernet[SW1-GigabitEthernet0/0/2]portlink-typeaccess //鏈路類(lèi)型為access[SW1-GigabitEthernet0/0/2]portdefaultvlan20 //將PC2劃分到VLAN10中[SW1-GigabitEthernet0/0/2]2-2所示，HOSTA和HOSTB、HOSTC和HOSTD分屬研發(fā)部和質(zhì)量部，兩部門(mén)通過(guò)一臺(tái)二層交換將SwitchB連接終端HOST的接口加入vlan，鏈路類(lèi)型為將SwitchA和SwitchB互聯(lián)的接口加入vlan，鏈路類(lèi)型為創(chuàng)建VLANIF并配置IP地址為對(duì)應(yīng)用戶(hù)的網(wǎng)關(guān)；[SWITCHA]vlanbatch2//vlan2創(chuàng)建vlanifPC電腦的網(wǎng)關(guān)IP[SWITCHA][SWITCHA]interfaceVlanif//進(jìn)入三層vlanif10[SWITCHA-Vlanif2]ipaddress//此IP地址為HOSTA/B[SWITCHA-Vlanif2]//退出vlanif2[SWITCHA]interfaceVlanif[SWITCHA-Vlanif3]ipaddress//IP地址為HOSTC/D對(duì)應(yīng)[SWITCHA-Vlanif3][SWITCHA]interfaceGigabitEthernet[SWITCHA]interfaceGigabitEthernet//鏈路類(lèi)型為22和vlan3[SWITCHA-GigabitEthernet0/0/1]<SWITCHB>system-<SWITCHB>system-[SWITCHB]vlanbatch2//vlan2接口加入相應(yīng)vlan，SwitchB [SWITCHB][SWITCHB]interfaceGigabitEthernet[SWITCHB-GigabitEthernet0/0/1]portlink-type//鏈路類(lèi)型為[SWITCHB-GigabitEthernet0/0/1porttrunkallow-pass2to3//VLAN2和vlan3[SWITCHB-GigabitEthernet0/0/1][SWITCHB]interfaceGigabitEthernet[SWITCHB-GigabitEthernet0/0/2port[SWITCHB]interfaceGigabitEthernet[SWITCHB-GigabitEthernet0/0/2portdefaultvlan2//HOSTA劃分到vlan2[SWITCHB-GigabitEthernet0/0/2][SWITCHB]interfaceGigabitEthernet[SWITCHB-GigabitEthernet0/0/4]portlink-type//鏈路類(lèi)型為[SWITCHB-GigabitEthernet0/0/4portdefaultvlan3//HOSTC劃分到vlan3[SWITCHB-GigabitEthernet0/0/3]此場(chǎng)景用戶(hù)與服務(wù)器間跨越多臺(tái)二層、三層交換機(jī)，可以配置VLANIF，將匯聚交換機(jī)AGG作為用戶(hù)PC的網(wǎng)關(guān)，核心交換機(jī)作為服務(wù)器Server的網(wǎng)關(guān)。但VLANIF只生成直連路由，只能使得相鄰設(shè)備互通，要使User與服務(wù)器互通，還需要配置從AGG到VLAN20網(wǎng)段以及從CORE到VLAN10網(wǎng)段的路由，<ACC1>system-<ACC1>system-[ACC1]vlanbatch//批量新建vlan接口加入相應(yīng)vlan接口加入相應(yīng)vlan[ACC1]interfaceGigabitEthernet[ACC1-GigabitEthernet0/0/1]portlink-type[ACC1]interfaceGigabitEthernet[ACC1-GigabitEthernet0/0/1]portlink-type//鏈路類(lèi)型為[ACC1-GigabitEthernet0/0/1]portdefaultvlan //將User劃分到vlan10[ACC1-GigabitEthernet0/0/1][ACC1]interfaceGigabitEthernet[ACC1-GigabitEthernet0/0/2]portlink-type[ACC1-GigabitEthernet0/0/2]porttrunkallow-pass//vlan10到[ACC1-GigabitEthernet0/0/2]<AGG>system-<AGG>system-[AGG]vlanbatch10//批量新建vlan10[CORE]interfaceGigabitEthernet[CORE-GigabitEthernet0/0/1]portlink-type//鏈路類(lèi)型為[CORE-GigabitEthernet0/0/1]porttrunkallow-pass接口加入相應(yīng)vlan接口加入相應(yīng)vlan[AGG]interfaceVlanif[AGG]interfaceVlanif[AGG-Vlanif10ipaddress//IP地址為User[AGG-Vlanif10]//退出vlanif2[AGG]interfaceVlanif[AGG-Vlanif30ipaddress//互聯(lián)IP地址，不能與User、Server的IP網(wǎng)段沖突[AGG-Vlanif30][AGG]interfaceGigabitEthernet[AGG-GigabitEthernet0/0/1]portlink-type//鏈路類(lèi)型為[AGG-GigabitEthernet0/0/1porttrunkallow-pass10//vlan10，以轉(zhuǎn)發(fā)[AGG-GigabitEthernet0/0/1][AGG]interfaceGigabitEthernet[AGG-GigabitEthernet0/0/2]portlink-type[AGG-GigabitEthernet0/0/2porttrunkallow-pass30//vlan30[AGG-GigabitEthernet0/0/2]配置靜態(tài)路由，實(shí)現(xiàn)User和Server[AGG][AGG]iproute-static<CORE>system-<CORE>system-[CORE]vlanbatch20//批量新建vlan20接口加入相應(yīng)vlan接口加入相應(yīng)vlan[CORE-GigabitEthernet0/0/1][CORE-GigabitEthernet0/0/1][CORE]interfaceGigabitEthernet[CORE-GigabitEthernet0/0/2]portlink-type[CORE-GigabitEthernet0/0/2]porttrunkallow-pass //[CORE-GigabitEthernet0/0/2][CORE]interfaceVlanif//進(jìn)入三層[CORE]interfaceVlanif//進(jìn)入三層vlanif20[CORE-Vlanif20]ipaddress//IP地址為User[CORE-Vlanif20]//退出vlanif20[CORE]interfaceVlanif[CORE-Vlanif30]ipaddress//IP[CORE-Vlanif30]配置靜態(tài)路由，實(shí)現(xiàn)User和Server[CORE][CORE]iproute-staticPC電腦之間的互訪(fǎng)通信；注：S3接入層交換機(jī)作為HUB采用如下的思路配置VLAN創(chuàng)建VLAN并將連接用戶(hù)的接口加入VLAN配置各PCIP地址，實(shí)現(xiàn)不同業(yè)務(wù)用戶(hù)之間三層互通匯聚層交換機(jī)SW1<SW1>system-<SW1>system-[SW1]vlanbatch2to//vlan2接口加入相應(yīng)[SW1]interfaceGigabitEthernet[SW1]interfaceGigabitEthernet[SW1-GigabitEthernet0/0/2portlink-type //鏈路類(lèi)型為trunk[SW1-GigabitEthernet0/0/2]porttrunkallow-passvlan2to[SW1-GigabitEthernet0/0/2]SW1HUB交換機(jī)PC，接口配置成access[SW1][SW1]interfaceGigabitEthernet[SW1-GigabitEthernet0/0/3]portlink-typeaccess//鏈路類(lèi)型為access[SW1-GigabitEthernet0/0/3]portdefaultvlan4[SW1-GigabitEthernet0/0/3][SW1]interfaceGigabitEthernet[SW1-GigabitEthernet0/0/1][SW1]interfaceGigabitEthernet[SW1-GigabitEthernet0/0/1]portlink-type[SW1-GigabitEthernet0/0/1]portdefaultvlan配置IPPC[SW1]interfaceVlanif[SW1-Vlanif2]ip//vlanif2[SW1-Vlanif2][SW1]interfaceVlanif[SW1-Vlanif3]ip[SW1-Vlanif3][SW1]interfaceVlanif[SW1-Vlanif4]ip配置ip地址實(shí)現(xiàn)和R[SW1][SW1]interfaceVlanif[SW1-Vlanif5]ipaddress<SW1>接入層交換機(jī)SW21.創(chuàng)建<Huawei>system-view[Huawei]sysnameSW2[SW2]vlan2[SW2-vlan2][SW2]vlan//Huawei修改為SW2（可選//vlan//vlan[SW2-vlan3]2.接口透?jìng)? SW1，接口配置成trunk[SW2]interface[SW2-GigabitEthernet0/0/1]portlink-typetrunk //配置鏈路類(lèi)型為trunk[SW2-GigabitEthernet0/0/1]porttrunkallow-passvlan2to3[SW2-GigabitEthernet0/0/1][SW2]interfaceGigabitEthernet[SW2]interfaceGigabitEthernet//[SW2-GigabitEthernet0/0/23]portlink-type//鏈路類(lèi)型為[SW2-GigabitEthernet0/0/23]portdefaultvlan[SW2-GigabitEthernet0/0/23][SW2]interfaceGigabitEthernet//[SW2-GigabitEthernet0/0/24]portlink-type[SW2-GigabitEthernet0/0/24]portdefaultvlan[SW2-GigabitEthernet0/0/24]<SW2><SW2>接入到SW2，網(wǎng)關(guān)為vlanif3/24；PC3和PC4vlan4S3vlanif4/24PC2-5接入層做網(wǎng)關(guān)基于接口劃分vlan采用如下的思路配置VLAN創(chuàng)建VLAN并將連接用戶(hù)的接口加入VLAN配置各PCIPSW2創(chuàng)建<SW2>system- [SW2]vlanbatch2to //批量創(chuàng)建vlan2[SW2]vlan //vlan[SW2-vlan5]//退出vlan2.接口加入到相應(yīng)vlan#SW2 [SW2]interface//[SW2-GigabitEthernet0/0/3]portlink-typeaccess [SW2-GigabitEthernet0/0/3]portdefaultvlan2[SW2-GigabitEthernet0/0/3][SW2]interfaceGigabitEthernet0/0/2 [SW2-GigabitEthernet0/0/2]portlink-typeaccess[SW2-GigabitEthernet0/0/2]portdefaultvlan[SW3][SW3]interfaceEthernet//接PC[SW3-Ethernet0/0/1]portlink-type[SW2-GigabitEthernet0/0/2][SW2]interfaceGigabitEthernet[SW2]interfaceGigabitEthernet//[SW2-GigabitEthernet0/0/1]portlink-type[SW2-GigabitEthernet0/0/1]portdefaultvlan[SW2-GigabitEthernet0/0/1]配置ipPC電腦的網(wǎng)關(guān)IP//系統(tǒng)視圖下進(jìn)入三層vlanif[SW2-Vlanif2]ipaddress [SW2-Vlanif2]//退出vlanif[SW2]interfaceVlanif[SW2-Vlanif3]ipadd[SW2-Vlanif3][SW2]interfaceVlanif[SW2-Vlanif5]ip[SW2]interfaceVlanif[SW2-Vlanif5]ipaddress//互聯(lián)接口IP[SW2-Vlanif5]配置靜態(tài)路由，為SW2PC[SW2][SW2]iproute-static//對(duì)端SW1<SW2><SW2>SW3<SW3>system-<SW3>system-[SW3]vlan//新建vlan[SW3-vlan4]退出vlan[SW3]vlan[SW3-vlan5]接口加入到相應(yīng)vlan#SW2 [SW3-Ethernet0/0/1][SW3-Ethernet0/0/1]portdefaultvlan[SW3-Ethernet0/0/1][SW3]interfaceGigabitEthernet[SW3]interfaceGigabitEthernet[SW3-GigabitEthernet0/0/1]portlink-type//對(duì)接[SW3-GigabitEthernet0/0/1]portdefaultvlan[SW3-GigabitEthernet0/0/1]配置IPPC電腦的網(wǎng)關(guān)IP[SW3][SW3]interfaceVlanif[SW3-Vlanif4]ipaddress[SW3-Vlanif4][SW3]interfaceVlanif[SW3-Vlanif5]ip[SW3]interfaceVlanif[SW3-Vlanif5]ipaddress[SW3-Vlanif5]配置靜態(tài)路由，為SW3PC[SW3][SW3]iproute-static 為對(duì)端SW1<SW3>SW11.創(chuàng)建<SW1>system-[SW1]vlan//新建vlan[SW1-vlan5]//vlan52.接口加入到相應(yīng)vlan[SW1]interface//對(duì)接[SW1-GigabitEthernet0/0/2]link-type[SW1-GigabitEthernet0/0/2]defaultvlan//[SW1-GigabitEthernet0/0/2]//[SW1]interface//對(duì)接[SW1-GigabitEthernet0/0/24]portlink-type[SW1-GigabitEthernet0/0/24]portdefaultvlan[SW1-GigabitEthernet0/0/24][SW1][SW1]interfaceGigabitEthernet[SW1-GigabitEthernet0/0/1]portlink-type[SW1-GigabitEthernet0/0/1]portdefaultvlan[SW1-GigabitEthernet0/0/1][SW1]interfaceVlanif[SW1-Vlanif5]ipaddress[SW1]interfaceVlanif[SW1-Vlanif5]ipaddress[SW1-Vlanif5]//進(jìn)入三層接口//退出vlanif#[SW1]iproute-static[SW1]iproute-static<SW1><SW1>圖2-6配置接口加入VLAN<HUAWEI>system-[HUAWEI]<HUAWEI>system-[HUAWEI]vlan[HUAWEI-vlan10][HUAWEI]interfacegigabitethernet[HUAWEI-GigabitEthernet0/0/1]portlink-type[HUAWEI-GigabitEthernet0/0/1]portdefaultvlan[HUAWEI-GigabitEthernet0/0/1]配置GE0/0/2[HUAWEI][HUAWEI]interfacegigabitethernet[HUAWEI-GigabitEthernet0/0/2]portlink-typeaccess[HUAWEI-GigabitEthernet0/0/2]portdefaultvlan10[HUAWEI-GigabitEthernet0/0/2]port-isolateenable[HUAWEI-GigabitEthernet0/0/2][HUAWEI]interfacegigabitethernet[HUAWEI-GigabitEthernet0/0/3][HUAWEI]interfacegigabitethernet[HUAWEI-GigabitEthernet0/0/3]portlink-type[HUAWEI-GigabitEthernet0/0/3]portdefaultvlan[HUAWEI-GigabitEthernet0/0/3]現(xiàn)不同VLAN間的用戶(hù)可以互相訪(fǎng)問(wèn)。可以在Switch上部署VLAN聚合，實(shí)現(xiàn)VLAN2和VLAN3二層隔離、三層互通，同時(shí)VLAN2和VLAN3采用同一個(gè)子網(wǎng)網(wǎng)段，節(jié)省了IP地址。采用如下思路配置VLAN把Switch接口加入到相應(yīng)的sub-VLAN中，實(shí)現(xiàn)不同sub-VLAN把sub-VLAN聚合為super-VLAN配置VLANIF接口的IP配置super-VLAN的ProxyARP，實(shí)現(xiàn)sub-VLAN間的三層互通。<HUAWEI>system-[HUAWEI]sysname[Switch]interfacegigabitethernet[Switch-GigabitEthernet0/0/1]port<HUAWEI>system-[HUAWEI]sysname[Switch]interfacegigabitethernet[Switch-GigabitEthernet0/0/1]portlink-type[Switch-GigabitEthernet0/0/1]創(chuàng)建sub-[Switch]vlan//sub-vlan[Switch-vlan2port[Switch]vlan//sub-vlan[Switch-vlan2portgigabitethernet0/0/1 [Switch-vlan2][Switch]vlan[Switch-vlan3]portgigabitethernet0/0/3[Switch]vlan[Switch-vlan3]portgigabitethernet0/0/3//創(chuàng)建sub-vlan//將接口加入到vlan[Switch-vlan3]配置super-vlan，把sub-vlan加入到super-[Switch][Switch]vlan[Switch-vlan4]aggregate-//vlan4為super[Switch-vlan4][Switch]interfacevlanif[Switch-Vlanif4ipaddress2[Switch]interfacevlanif[Switch-Vlanif4ipaddress2//IPPC[Switch-Vlanif4]配置ProxyARP，必須配置此步驟vlan2和vlan3[Switch][Switch]interfacevlanif[Switch-Vlanif4arp-proxyinter-sub-vlan-proxy //配置ARP[Switch-Vlanif4]要求所有HOST都可以訪(fǎng)問(wèn)服務(wù)器（Server），即VLAN3和VLAN4可以訪(fǎng)問(wèn)VLAN2。HOSTB和HOSTC之間可以互訪(fǎng)，和HOSTC、HOSTE不能互訪(fǎng)，即VLAN3和VLAN4不能互訪(fǎng)。HOSTC和HOSTE之間隔離，不能互訪(fǎng)，即VLAN4內(nèi)用戶(hù)不能互訪(fǎng)。2-8所示，為了解決上述問(wèn)題，可在連接終端的交換機(jī)上部署MUXVLAN特性。MUXVLAN不但能夠?qū)崿F(xiàn)企業(yè)需求，同時(shí)也解決了VLANID緊缺問(wèn)題，也便于網(wǎng)絡(luò)管理者維護(hù)。采用如下思路配置MUX-VLAN配置主VLAN的MUX-VLAN配置Group-VLAN功能,，GroupVLAN可以和PrincipalVLAN和本VLANSeparate-VLAN功能,，SeparateVLANPrincipalVLANVLAN內(nèi)配置接口加入VLAN并使能MUX-VLAN功能。配置MUX<HUAWEI>system-[HUAWEI]sysname[Switch]<HUAWEI>system-[HUAWEI]sysname[Switch]vlanbatch23配置MUXVLAN中的GroupVLAN和SeparateVLAN[Switch][Switch]vlan[Switch-vlan2subordinategroup //配置/Group[Switch-vlan2]subordinateseparate4 [Switch-vlan2]quit[Switch]interfacegigabitethernet[Switch-GigabitEthernet0/0/1][Switch]interfacegigabitethernet[Switch-GigabitEthernet0/0/1]portlink-type[Switch-GigabitEthernet0/0/1]portdefaultvlan2//PrincipalVLAN可以和所有VLAN互通[Switch-GigabitEthernet0/0/1]portmux-vlanenablevlan2//mux-vlan[Switch-GigabitEthernet0/0/1]quit[Switch]interfacegigabitethernet[Switch-GigabitEthernet0/0/2]portlink-type[Switch-GigabitEthernet0/0/2]portdefaultvlan[Switch-GigabitEthernet0/0/2]portmux-vlanenablevlan3//mux-vlan[Switch-GigabitEthernet0/0/2]quit[Switch]interfacegigabitethernet[Switch-GigabitEthernet0/0/3]portlink-type[Switch-GigabitEthernet0/0/3]portdefaultvlan[Switch-GigabitEthernet0/0/3][Switch-GigabitEthernet0/0/3]portmux-vlanenablevlan3//mux-vlan[Switch-GigabitEthernet0/0/3]quit[Switch]interfacegigabitethernet[Switch-GigabitEthernet0/0/4]portlink-type[Switch-GigabitEthernet0/0/4]portdefaultvlan[Switch-GigabitEthernet0/0/4]portmux-vlanenablevlan4//mux-vlan[Switch-GigabitEthernet0/0/4]quit[Switch]interfacegigabitethernet[Switch-GigabitEthernet0/0/5]portlink-type[Switch-GigabitEthernet0/0/5]portdefaultvlan[Switch-GigabitEthernet0/0/5]portmux-vlanenablevlan4//mux-vlan[Switch-GigabitEthernet0/0/5]quit），而總裁辦公室不受限制，可以隨時(shí)訪(fǎng)問(wèn)。采用如下的思路配置配置接口IP配置ACL配置接口IP配置接口加入VLAN，并配置VLANIF接口的IP<HUAWEI>system-[HUAWEI]vlanbatch102030//[HUAWEI]interfacegigabitethernet[HUAWEI-GigabitEthernet0/0/1]<HUAWEI>system-[HUAWEI]vlanbatch102030//[HUAWEI]interfacegigabitethernet[HUAWEI-GigabitEthernet0/0/1]portlink-typeaccess //access[HUAWEI-GigabitEthernet0/0/1]portdefaultvlan10[HUAWEI-GigabitEthernet0/0/1][HUAWEI]interfacevlanif[HUAWEI-Vlanif10]ipaddress//配置vlanIP[HUAWEI-Vlanif10][HUAWEI]time-rangesatime8:00to[HUAWEI]time-rangesatime8:00to17:30working-配置[HUAWEI]acl[HUAWEI]acl[HUAWEI-acl-adv-3002]ruledenyipsource55time-range[HUAWEI-acl-adv-3002]#[HUAWEI][HUAWEI]acl[HUAWEI-acl-adv-3003]ruledenyipsource55time-range[HUAWEI-acl-adv-3003]配置基于ACL[HUAWEI]trafficclassifier[HUAWEI]trafficclassifier[HUAWEI-classifier-c_market]配置流分類(lèi)c_rd，對(duì)匹配ACL3003[HUAWEI][HUAWEI]trafficclassifier[HUAWEI-classifier-c_rd][HUAWEI]trafficbehavior[HUAWEI]trafficbehavior[HUAWEI-behavior-b_market][HUAWEI-behavior-b_market]配置流行為b_rd[HUAWEI][HUAWEI]trafficbehavior[HUAWEI-behavior-b_rd][HUAWEI-behavior-b_rd][HUAWEI]trafficpolicy略[HUAWEI-trafficpolicy-p_market][HUAWEI]trafficpolicy略[HUAWEI-trafficpolicy-p_market]classifierc_marketbehaviorb_market//分[HUAWEI-trafficpolicy-p_market]配置流策略p_rd，將流分類(lèi)c_rd與流行為b_rd[HUAWEI-trafficpolicy-p_rd]classifierc_rdbehavior [HUAWEI-trafficpolicy-p_rd][HUAWEI]interfacegigabitethernet[HUAWEI-GigabitEthernet0/0/2]traffic-policyp_marketinbound [HUAWEI]interfacegigabitethernet[HUAWEI-GigabitEthernet0/0/2]traffic-policyp_marketinbound [HUAWEI-GigabitEthernet0/0/2][HUAWEI]interfacegigabitethernet[HUAWEI]interfacegigabitethernet[HUAWEI-GigabitEthernet0/0/3]IP地址的使用效率。根據(jù)客戶(hù)端的實(shí)際需要，IP地址分配方式可以選擇動(dòng)態(tài)分配或靜態(tài)綁定方式。用于對(duì)IP地址沒(méi)有特殊要求的客戶(hù)端，通常也稱(chēng)這類(lèi)客戶(hù)端為動(dòng)態(tài)客戶(hù)端。靜態(tài)綁定方式：DHCPIP地址給固定客戶(hù)端，通過(guò)在地址池中配置客戶(hù)端的ippoolip-pool-namenetworkip-addressmaskmask|mask-length，配置全局地址池可動(dòng)態(tài)分配的IP地址范圍。gateway-listip-address&<1-8>DHCPdns-listip-address&<1-8>DHCP客戶(hù)端使用的DNSIPstatic-bindip-addressip-addressmac-addressmac-address，采用靜態(tài)地址綁定方式將全局地址池中的IP地址與DHCP客戶(hù)端的MAC地址綁定。執(zhí)行命令leasedaydayhourhourminuteminute|unlimited}，配置IP地址租期，缺省情況下，IP1天。excluded-ip-addressstart-ip-addressend-ip-address]，配置地址池中不參與自動(dòng)分配的IP地址保留以分配給其他的服務(wù)。lock，鎖定IPdhcpenable，系統(tǒng)視圖下使能DHCPdhcpselectglobal，接口視圖下使能接口采用全局地址池的DHCP1.1.dhcpenable，系統(tǒng)視圖下使能DHCPdhcpselectinterface，接口視圖下使能接口采用接口地址池的DHCP配置IP地址租期，缺省情況下，IP地址的租期為1天。配置地址池中不參與自動(dòng)分配的IP地址保留以分配給其他的服務(wù)。采用靜態(tài)地址綁定方式將接口地址池中的IP地址與MAC地址綁定。dhcpserverdns-listip-address&<1-8>，為DHCP客戶(hù)端指定DNS服務(wù)器的2（注：樓層交換機(jī)SW2和SW3都作為HUB基于VLANIF接口地址池的DHCP在Switch1上創(chuàng)建兩個(gè)接口地址池并配置地址池相關(guān)屬性DHCP服務(wù)器可以根據(jù)不同需求，從不同的接口地址池中選擇合適的IP地址及其配置參數(shù)分配給辦公室主機(jī)。Switch1VLANIFDHCP服務(wù)器從基于接口的地址池中選擇IP地址分配給辦公室主機(jī)。<SW1>system-[SW1]vlanbatch<SW1>system-[SW1]vlanbatch2to//[SW1]dhcp [SW1]dhcp 3、配置vlanif接口地址作為dhcp地址池給PC電腦分配IP[SW1][SW1]interfaceVlanif//系統(tǒng)視圖進(jìn)入vlanif2[SW1-Vlanif2]ipaddress[SW1-Vlanif2]dhcpselect//配置PC//使能接口地址池dhcp[SW1-Vlanif2]dhcpserverdns-list[SW1-Vlanif2]dhcpserverleaseday//配置dhcp30[SW1]interfaceVlanif[SW1-Vlanif3]ipaddress[SW1-Vlanif3]dhcpselect[SW1-Vlanif3]dhcpserverdns-list[SW1-Vlanif3]dhcpserverleaseday[SW1]interfaceGigabitEthernet[SW1]interfaceGigabitEthernet[SW1-GigabitEthernet0/0/2]portlink-type[SW1-GigabitEthernet0/0/2]portdefaultvlan[SW1]interfaceGigabitEthernet[SW1-GigabitEthernet0/0/3]portlink-type[SW1-GigabitEthernet0/0/3]portdefaultvlan5、SW2、SW3為接入HUBSwitchA作為DHCP服務(wù)器統(tǒng)一分配IP28/25，主機(jī)都加入VLAN202天。在SwitchA上配置全局地址池，并采取動(dòng)態(tài)地址分配方式為兩個(gè)辦公室的主機(jī)分配IP基于VLANIF接口地址池的DHCP在SwitchA上創(chuàng)建兩個(gè)接口地址池并配置地址池相關(guān)屬性DHCP服務(wù)器可以根據(jù)不同需求，從不同的接口地址池中選擇合適的IP地址及其配置參數(shù)分配給辦公室主機(jī)。SwitchAVLANIFDHCP服務(wù)器從基于接口的地址池中選擇IP地址分配給辦公室主機(jī)。<SwitchA>system-<SwitchA>system-[SwitchA]dhcp//使能dhcp[SwitchA]ippool//IP[SwitchA-ip-pool-1]network[SwitchA]ippool//IP[SwitchA-ip-pool-1]networkmask28//[SwitchA-ip-pool-1]dns-list//配置[SwitchA-ip-pool-1]excluded-ip-address//IP[SwitchA-ip-pool-1]excluded-ip-address//IP[SwitchA-ip-pool-1]leaseleaseday[SwitchA-ip-pool-1]#[SwitchA]ippool[SwitchA-ip-pool-2]network28mask[SwitchA]ippool[SwitchA-ip-pool-2]network28mask[SwitchA-ip-pool-2]dns-list[SwitchA-ip-pool-2]gateway-list[SwitchA-ip-pool-2]leaseday[SwitchA-ip-pool-2]3、配置VLANIF[SwitchA]vlanbatch10[SwitchA]interfacegigabitethernet[SwitchA]vlanbatch10[SwitchA]interfacegigabitethernet[SwitchA-GigabitEthernet0/0/1]portlink-typeaccess[SwitchA-GigabitEthernet0/0/1]portdefaultvlan10[SwitchA-GigabitEthernet0/0/1]quit[SwitchA]interfaceGigabitEthernet[SwitchA-GigabitEthernet0/0/2]portlink-typeaccess[SwitchA-GigabitEthernet0/0/2]portdefaultvlan20[SwitchA-GigabitEthernet0/0/2]quit[SwitchA]interfacevlanif[SwitchA-Vlanif10]ipaddress[SwitchA]interfacevlanif[SwitchA-Vlanif10]ipaddress[SwitchA-Vlanif10dhcpselect [SwitchA-Vlanif10]配置VLANIF20接口下的客戶(hù)端從全局地址池ippool2中獲取IP[SwitchA][SwitchA]interfacevlanif[SwitchA-Vlanif20]ipaddress29[SwitchA-Vlanif20]dhcpselect[SwitchA-Vlanif20]3-3所示，IPPhone和PC為某辦公區(qū)辦公設(shè)備。為了方便統(tǒng)一管理，降低手工配置成本，管理員希望網(wǎng)絡(luò)主機(jī)通過(guò)DHCPIP地址。其中，PC要通過(guò)域名訪(fǎng)問(wèn)網(wǎng)絡(luò)設(shè)備，因此，除了動(dòng)態(tài)獲取IP地址，還需要地址的租期為無(wú)限長(zhǎng)，且需要獲取DNS/24。3-3配置基于全局地址池的DHCP在SwitchA上創(chuàng)建DHCPOptionDHCPOption模板視圖下為靜態(tài)客戶(hù)端IP器信息；為靜態(tài)客戶(hù)端IPPhone配置IP地址與MAC地址的綁定并綁定DHCPOption模板，從而實(shí)現(xiàn)<SwitchA>system-view[SwitchA]vlan10[SwitchA-vlan10]quit[SwitchA]<SwitchA>system-view[SwitchA]vlan10[SwitchA-vlan10]quit[SwitchA]interfacegigabitethernet[SwitchA-GigabitEthernet0/0/1]portlink-type[SwitchA-GigabitEthernet1/0/1]portdefaultvlan[SwitchA-GigabitEthernet1/0/1]使能DHCP[SwitchA][SwitchA]dhcp //全局下使能DHCP[SwitchA]ippool[SwitchA-ip-pool-pool1]networkmask[SwitchA]ippool[SwitchA-ip-pool-pool1]networkmask//[SwitchA-ip-pool-pool1][SwitchA-ip-pool-pool1]dns-list[SwitchA-ip-pool-pool1]gateway-list[SwitchA-ip-pool-pool1]excluded-ip-address//IP//配置dhcp //iPhoneip地址和mac地址綁定實(shí)現(xiàn)IPpone獲取固定IP[SwitchA-ip-pool-pool1][SwitchA]interfacevlanif[SwitchA]interfacevlanif[SwitchA-Vlanif10]ipaddress//配置接口IP[SwitchA-Vlanif10]dhcpselect//使能dhcp[SwitchA-Vlanif10]同的VLAN內(nèi)，公司希望不同辦公地點(diǎn)的主機(jī)由共同的DHCP服務(wù)器SwitchBIP地址。公司的辦公地點(diǎn)A/24，而DHCP/24。通過(guò)帶DHCP中繼功能的SwitchADHCP報(bào)文，使得DHCP客戶(hù)端可以從DHCP服務(wù)器上申請(qǐng)到IP地址等SwitchA上接口VLANIF10/24,對(duì)端SwitchB上接口VLANIF10/24。圖4配置DHCP在SwitchA上配置DHCP中繼功能，實(shí)現(xiàn)SwitchA轉(zhuǎn)發(fā)不同網(wǎng)段的DHCP在SwitchB上配置一個(gè)IP/24DHCP服務(wù)器為不同網(wǎng)段的客戶(hù)端分配IP地址。在switchA上配置dhcp<SwitchA>system-<SwitchA>system-//創(chuàng)建dhcp服務(wù)器組[SwitchA-dhcp-server-group-dhcpgroup1dhcp-server//dhcp務(wù)器組dhcpgroup1添加dhcp[SwitchA-dhcp-server-group-dhcpgroup1quit在接口下使能dhcpSWA—PC，鏈路類(lèi)型為[SwitchA][SwitchA]vlanbatch10//創(chuàng)建vlan10和vlan[SwitchA]interfacegigabitethernet//鏈路類(lèi)型為[SwitchA-GigabitEthernet0/0/2]portdefaultvlan[SwitchA-GigabitEthernet0/0/2][SwitchA]dhcp//全局下使能dhcp[SwitchA]interface[SwitchA]dhcp//全局下使能dhcp[SwitchA]interfacevlanif[SwitchA-Vlanif20]ipaddress[SwitchA-Vlanif20]dhcpselect//IP[SwitchA-Vlanif20dhcprelayserver-selectdhcpgroup1//dhcp[SwitchA-Vlanif20]在SwitchA上配置缺省路由下一跳為SwitchB[SwitchA][SwitchA]interfacevlanif[SwitchA-Vlanif10]ipaddress[SwitchA-Vlanif10][SwitchA]iproute-staticDHCPServerSWB<SwitchB>system-<SwitchB>system-[SwitchB]vlan[SwitchB-vlan10][SwitchB-vlan10][SwitchB]interfacegigabitethernet//鏈路類(lèi)型為[SwitchB-GigabitEthernet0/0/1]portdefaultvlan[SwitchB-GigabitEthernet0/0/1][SwitchB]dhcp[SwitchB]dhcp[SwitchB]vlan[SwitchB-vlan10][SwitchB]interfacevlanif[SwitchB-Vlanif10]ipaddress[SwitchB-Vlanif10]dhcpselect//全局地址池dhcp[SwitchB-Vlanif10][SwitchB][SwitchB]ippool[SwitchB-ip-pool-pool1]networkmask[SwitchB-ip-pool-pool1]gateway-list[SwitchB-ip-pool-pool1][SwitchB]iproute-static[SwitchB]iproute-static獲取IP地址。圖3-5VRRP組網(wǎng)下同網(wǎng)段內(nèi)配置基于全局地址池的DHCPVRRP組網(wǎng)下同網(wǎng)段內(nèi)配置基于全局地址池的DHCP1SwitchASwitchBIPSwitch上設(shè)備為客戶(hù)端分配IP地址；SwitchB3、在SwitchA和SwitchB4、在SwitchA、SwitchB和Switch上配置破環(huán)協(xié)議，防止環(huán)路的產(chǎn)生（STP為例。<HUAWEI>system-view[HUAWEI]sysnameSwitchA[SwitchA]vlanbatch<HUAWEI>system-view[HUAWEI]sysnameSwitchA[SwitchA]vlanbatch[SwitchA-GigabitEthernet0/0/2]portlink-typeaccess[SwitchA-GigabitEthernet0/0/2]portdefaultvlan100[SwitchA-GigabitEthernet0/0/2]quit[SwitchA]interfacegigabitethernet[SwitchA-GigabitEthernet0/0/5]portlink-typeaccess[SwitchA-GigabitEthernet0/0/5]portdefaultvlan100[SwitchA-GigabitEthernet0/0/5]quit[SwitchA]interfacevlanif[SwitchA-Vlanif100]ipaddress[SwitchA-Vlanif100]配置Switch<HUAWEI><HUAWEI>system-view[HUAWEI]sysnameSwitch[Switch]vlan100[Switch-vlan100]quit//上連[Switch-GigabitEthernet0/0/1]portlink-type[Switch-GigabitEthernet0/0/1]portdefaultvlan[Switch-GigabitEthernet0/0/1][Switch-GigabitEthernet0/0/2]portlink-type[Switch-GigabitEthernet0/0/2]portdefaultvlan[Switch-GigabitEthernet0/0/2][SwitchA]dhcp在SwitchA[SwitchA]dhcp<HUAWEI>system-[HUAWEI]sysname[SwitchB]<HUAWEI>system-[HUAWEI]sysname[SwitchB]dhcp[SwitchA]ippool[SwitchA-ip-pool-1]networkmask[SwitchA-ip-pool-1]gateway-list[SwitchA-ip-pool-1]excluded-ip-address[SwitchA-ip-pool-1]excluded-ip-address29[SwitchA-ip-pool-1]leaseday[SwitchA-ip-pool-1]IP地址SwitchB30～54SwitchA上配[SwitchB]ippool[SwitchB]ippool[SwitchB-ip-pool-1]networkmask[SwitchB-ip-pool-1]gateway-list[SwitchB-ip-pool-1]excluded-ip-address[SwitchB-ip-pool-1]excluded-ip-address12[SwitchB-ip-pool-1]leaseday[SwitchB-ip-pool-1]在SwitchA上創(chuàng)建VRRP1，配置SwitchA120，并配置客戶(hù)端從全局地址池中獲取IP地址。[SwitchA][SwitchA]interfacevlanif[SwitchA-Vlanif100]vrrpvrid1virtual-ip[SwitchA-Vlanif100]vrrpvrid1priority120[SwitchA-Vlanif100]dhcpselectglobal[SwitchA-Vlanif100]quit[SwitchB]interfacevlanif[SwitchB-Vlanif100]vrrpvrid1virtual-ip[SwitchB]interfacevlanif[SwitchB-Vlanif100]vrrpvrid1virtual-ip[SwitchB-Vlanif100]dhcpselect[SwitchB-Vlanif100]4、配置STP[Switch]stp在Switch上全局使能STP功能，SwitchA[Switch]stp在Switch的GE0/0/3接口上去使能STP并將端口GE0/0/120000[Switch][Switch]interfacegigabitethernet[Switch-GigabitEthernet0/0/3]portlink-typeaccess[Switch-GigabitEthernet0/0/3]portdefaultvlan100[Switch-GigabitEthernet0/0/3]stpdisable[Switch-GigabitEthernet0/0/3][Switch]interfacegigabitethernet[Switch-GigabitEthernet0/0/1]stpcost[Switch-GigabitEthernet0/0/1]3-6所示，SwitchA作為DHCP客戶(hù)端，要求從作為DHCP服務(wù)器的SwitchB中獲取動(dòng)態(tài)綁定的IP地址、DNS服務(wù)器、網(wǎng)關(guān)地址等信息。圖3-6配置DHCP1、在SwitchA上使能DHCP客戶(hù)端功能，實(shí)現(xiàn)SwitchA可以從DHCP服務(wù)器動(dòng)態(tài)獲取IP2、在SwitchB上創(chuàng)建DHCP服務(wù)器的全局地址池并配置相關(guān)屬性。SwitchA上配置DHCP<HUAWEI>system-view[HUAWEI]sysnameSwitchA[SwitchA]vlan10[SwitchA-vlan10]quit[SwitchA]<HUAWEI>system-view[HUAWEI]sysnameSwitchA[SwitchA]vlan10[SwitchA-vlan10]quit[SwitchA]interfacegigabitethernet[SwitchA-GigabitEthernet0/0/1]portlink-type[SwitchA-GigabitEthernet0/0/1]porttrunkallow-passvlan[SwitchA-GigabitEthernet0/0/1]2、在VLANIF10接口上使能DHCP[SwitchA][SwitchA]interfacevlanif//通過(guò)HDCP自動(dòng)獲取接口在SwitchB上創(chuàng)建DHCP<HUAWEI>system-[HUAWEI]<HUAWEI>system-[HUAWEI]sysname[SwitchB]dhcp2、創(chuàng)建VLAN10并將GE0/0/1接口加入到VLAN10[SwitchB][SwitchB]vlan[SwitchB-vlan10][SwitchB]interfacegigabitethernet[SwitchB-GigabitEthernet0/0/1]portlink-type[SwitchB-GigabitEthernet0/0/1]porttrunkallow-passvlan[SwitchB-GigabitEthernet0/0/1][SwitchB]interfacevlanif[SwitchB]interfacevlanif[SwitchB-Vlanif10]ipaddress[SwitchB-Vlanif10][SwitchB-Vlanif10]dhcpselect[SwitchB-Vlanif10][SwitchB][SwitchB]ippool[SwitchB-ip-pool-pool1]networkmask[SwitchB-ip-pool-pool1]gateway-list[SwitchB-ip-pool-pool1]dns-list[SwitchB-ip-pool-pool1]DHCPSnooping（網(wǎng)關(guān)防假冒）Server仿冒者攻擊、DHCPServer的拒絕服務(wù)攻擊、仿冒DHCP報(bào)文攻擊等。為了保證網(wǎng)絡(luò)通信業(yè)務(wù)的安全性，引入了DHCPSnooping技術(shù)。DHCPSnooping是DHCP的一種地址等參數(shù)的對(duì)應(yīng)關(guān)系，防止網(wǎng)絡(luò)上針對(duì)DHCP攻擊。dhcpdhcpenable開(kāi)啟DHCPdhcpsnoopingenable開(kāi)啟DHCPSnooping在接口或者VLANdhcpsnoopingenable開(kāi)啟接口或VLAN的dhcp把連接合法DHCPdhcpsnooping把接口配置為信任接口，在VLANdhcpsnoopingtrustedin