堆叠

bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# 二层交换机
sys
stack slot 0 priority 200
interface stack-port 0/1
port interface 100GE0/0/1 enable
port interface 100GE0/0/2 enable
q

sys
stack slot 0 renumber 1
interface stack-port 1/2
port interface 100GE1/0/1 enable
port interface 100GE1/0/2 enable
q

# 数据中心交换机 比如:CE6855-48S6Q-HI
https://support.huawei.com/enterprise/zh/doc/EDOC1000150272?idPath=24030814|21782165|21782239|22318540|22460628&section=j004

sys
stack
stack member 1 priority 150
stack member 1 domain 10
q
interface stack-port 1/1
port member-group interface 100GE 1/0/1 to 1/0/2

sys
stack
stack member 1 priority 120
stack member 1 domain 10
stack member 1 renumber 2 inherit-config
q
interface stack-port 1/1
port member-group interface 100GE 1/0/1 to 1/0/2

双主检测
dual-active detect mode direct

三层汇聚交换机

bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

clock timezone cst add 08:00:00
sys

ntp unicast-server 172.31.9.13
ntp unicast-server 172.31.9.14
ntp max-distance 16

management-plane isolate disable
undo management-plane isolate enable

telnet server enable
lldp en

sysn DMZ_Prod_3.3
aaa
undo local-user policy security-enhance
local-user admin password irreversible-cipher ******
local-user admin level 3
local-user admin service-type ssh terminal
local-user hradmin password irr ******
local-user hradmin level 3
local-user hradmin service-type ssh terminal
quit


acl number 2000
description switchacl
rule 1 permit source 10.50.4.221 0
rule 2 permit source 10.50.4.222 0.0.0.1
rule 3 permit source 10.50.4.224 0
rule 12 permit source 10.50.4.74 0
q

snmp-agent community read cipher ******
snmp-agent protocol source-status all-interface
snmp-agent sys-info version all
snmp-agent target-host inform address udp-domain 10.50.2.23 params securityname cipher ****** v2c
snmp-agent trap enable


stp instance 0 root primary

vlan batch 1090 1096 to 1098
undo interface vlanif 1

dhcp enable
dhcp snooping enable
dhcp server detect
dhcp snooping enable vlan 110


dhcp snooping user-bind arp-detect enable
arp dhcp-snooping-detect enable

dhcp snooping user-offline remove mac-address


interface vlanif 1097
description Management
ip address 172.16.3.3 24
quit

interface Vlanif98
description ZJ1C_MES_Client
ip address 10.15.98.1 255.255.255.0
dhcp select relay
dhcp relay binding server ip 172.31.9.19
dhcp relay binding server ip 172.31.9.22
q

ip route-static 0.0.0.0 0.0.0.0 172.16.3.1

interface Eth-Trunk1
description To_DMZ_3.2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
mode lacp-static
q
int eth-t 2
undo portswitch
des To_ZJ1C_Core_16.1
ip add 10.50.255.51 31
q


interface range 10G1/0/1 to 10G1/0/45
port link-type trunk
port trunk allow-pass vlan 2 to 4094
q
interface range 10G2/0/1 to 10G2/0/45
port link-type trunk
port trunk allow-pass vlan 2 to 4094
q

int 10g1/0/48
eth-t 1
q

stelnet server enable
stelnet ipv4 server enable
stelnet ipv6 server enable
ssh server-source all-interface
y

rsa peer-public-key P2key encoding-type openssh
public-key-code begin
*********
public-key-code end
peer-public-key end


ssh user admin
ssh user admin authentication-type password
ssh user admin service-type all
ssh user hradmin
ssh user hradmin authentication-type all
ssh user hradmin assign rsa-key P2key
ssh user hradmin service-type all



user-interface vty 0 4
authentication-mode aaa
user privilege level 3
protocol inbound all
q
user-interface console 0
authentication-mode aaa
q
q
sa
y
y

二层接入交换机

bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
clock timezone cst add 08:00:00
sys

# 时间
ntp-service unicast-server 172.31.9.13
ntp-service unicast-server 172.31.9.14
ntp-service max-distance 16

telnet server enable
lldp en

set save-configuration
transceiver phony-alarm-disable


sysn *******
aaa
undo local-aaa-user password policy administrator
local-user admin password irr ******
local-user admin privilege level 15
local-user admin service-type ssh terminal
local-user hradmin password irr ******
local-user hradmin privilege level 15
local-user hradmin service-type ssh terminal telnet
undo user-password complexity-check
quit


acl number 2000
description switchacl
rule 1 permit source 10.50.4.221 0
rule 2 permit source 10.50.4.222 0.0.0.1
rule 3 permit source 10.50.4.224 0
rule 12 permit source 10.50.4.74 0
q


snmp-agent community read cipher ******
snmp-agent protocol source-status all-interface
snmp-agent sys-info version all
snmp-agent target-host inform address udp-domain 10.50.2.23 params securityname cipher ****** v2c
snmp-agent trap enable
Y



vlan batch 2 to 4096
undo interface vlanif 1

interface vlanif 254
ip address 192.168.254.39 23
quit
ip route-static 0.0.0.0 0.0.0.0 192.168.255.254

dhcp enable
dhcp snooping enable
dhcp server detect
dhcp snooping enable vlan 110


dhcp snooping user-bind arp-detect enable
arp dhcp-snooping-detect enable

dhcp snooping user-offline remove mac-address


interface Vlanif50
ip address 10.25.50.1 255.255.254.0
dhcp select relay
dhcp relay server-ip 172.31.9.19
dhcp relay server-ip 172.31.9.22
q



interface range G0/0/1 to G0/0/24
port link-type trunk
port trunk pvid vlan 1012
port trunk allow-pass vlan 2 to 4094
stp bpdu-filter enable
stp edged-port enable
q


interface range G0/0/1 to G0/0/48
port link-t access
port defa vlan 254
stp edged-port enable
stp bpdu-filter enable
q

interface range xg0/0/1 to xg0/0/4
port link-t tr
port tr al vlan all
q



stelnet server enable
stelnet ipv4 server enable
stelnet ipv6 server enable
ssh server-source all-interface
y

rsa peer-public-key P2key encoding-type openssh
public-key-code begin
*********
public-key-code end
peer-public-key end

ssh user admin
ssh user admin authentication-type password
ssh user admin service-type all
ssh user hradmin
ssh user hradmin authentication-type all
ssh user hradmin assign rsa-key P2key
ssh user hradmin service-type all



user-interface vty 0 4
acl 2000 inbound
authentication-mode aaa
user privilege level 15
protocol inbound all
q
user-interface console 0
authentication-mode aaa
q
q
sa
y
y

交换机直连

bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
第一种互联方式
interface Eth-Trunk1
description To_ZJ1C_Core_16.1
port default vlan 3002
mode lacp

interface Vlanif3002
ip address 10.50.255.51 255.255.255.254

----------------------------------------
interface Eth-Trunk11
description link_to_ZJ1C_ProdCore_255.51
port link-type access
port default vlan 3002
mode lacp

interface Vlanif3001
ip address 10.50.255.50 255.255.255.254

第二种互联方式--启用三层
interface Eth-Trunk10
undo portswitch
ip address 10.50.255.2 255.255.255.252
mode lacp

----------------------------------------
interface Eth-Trunk10
undo portswitch
description link_bangonghuiju
ip address 10.50.255.1 255.255.255.252
mode lacp


杂项

bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
Switch(config)#ip dhcp snooping  //打开DHCP Snooping功能
Switch(config)#ip dhcp snooping vlan 10 //设置DHCP Snooping功能将作用于哪些VLAN

Switch(config-if)#interface range fastEthernet 0/1-24
Switch(config-if)#spanning-tree portfast // 设置边缘端口
Switch(config-if)#spanning-tree bpdufilter enable //启用BPDU过滤功能,在此端口不接受/发送BPDU报文)

Switch(config-if)#ip dhcp snooping trust //上行口信任dhcp

interface GigabitEthernet1/0/49
description to_bangonghuiju
switchport mode trunk
ip dhcp snooping trust
!


Switch(config)#hostname LYG_YJYOFF_98.131_yf4f
Switch(config)#enable secret Offsw@98
Switch(config)#service password-encryption # 密码开启加密
Switch(config)#line vty 0 4
Switch(config-line)#password Offsw@98

line con 0
password hrswpass
login
line vty 0 4
password hrswpass
login local
line vty 5 15
password hrswpass
login



Switch(config)#vtp mode transparent // VTP 透明模式
Switch(config)#vlan 1098
Switch(config)#interface vlan 1098
Switch(config-if)#ip address 10.50.98.131 255.255.255.0
Switch(config)#ip default-gateway 10.50.98.1

地址池
ip pool vlan1012
gateway-list 10.50.12.1
network 10.50.12.0 mask 255.255.255.0

option 43 ip-address 10.50.1.254 10.50.1.253
option 43 sub-option 3 ascii 10.50.1.254 10.50.1.253
#
以下3个配置等价,任选1个即可。
dhcp server option 43 sub-option 1 hex c0a86401
dhcp server option 43 sub-option 2 ip-address 192.168.100.1
dhcp server option 43 sub-option 3 ascii 192.168.100.1



无线配置
system-view
wlan
[ap auth-mode mac-auth]

ap-id 819 type-id 144 ap-mac 9844-CE7F-2570 ap-sn 2102353VURW0M6002888
ap-name LYG-AP0819
Y
ap-group AP-ZhiJi-1
Y


ap-id 603 type-id 174 ap-mac f09b-b870-3c30 ap-sn 2102353VUR10M7002093
ap-name LYG-AP0603
y
ap-group  YW-ALL
y


dis stp brief
dis stp topology-change 查看stp变化信息-来源
dis stp tc-bpdu statistics 查看stp发送bpdu信息


1、 观察现象:网络访问变得很慢,交换机业务口act指示灯狂闪烁,甚至有设备自动重启
2、 设备上确认:
display interface brif | inc up,查看接口收发流量是否很大;
Display interface 查看接口是否与大量广播报文拥塞;
display mac-address flapping record查看设备上地址飘逸记录表
3、 应急措施:针对步骤2将异常接口shutdown,看业务是否恢复
4、 后期排查:业务低峰器问题复现,
登陆设备用dis stp br查看生成树状态(端口角色和转发状态);
用dis stp region等看配置;
用dis lldp nei brif梳理交换网络物理连接情况;
诊断视图下dis stp history看生成树状态老化信息。

Topology change initiator(notified) :XGigabitEthernet0/0/9
Topology change initiator(detected)




某个mac地址上下记录
display station offline-record sta-mac 30f6-ef10-0f77
display station online-fail-record sta-mac xx



Hr@shnsnmp

snmp-server community Hr@lygsnmp RO
snmp-server host 10.50.2.23 version 2c Hr@lygsnmp udp-port 161


hostname ShangDong_router_10.52.0.2

snmp-server start
snmp-server community Hr@lygsnmp ro
snmp-server host 10.50.2.23 traps community Hr@lygsnmp version 2 port 161




interface Vlanif3002
description description link_to_ZJ1C_ProdCore_255.51
ip add 10.50.255.50 31
q
interface Eth-Trunk11
description link_to_ZJ1C_ProdCore_255.51
port link-type access
port default vlan 3002
mode lacp
q

ip route-static 10.15.96.0 255.255.248.0 10.50.255.51















1