华为S7706配置

sysname Playcrab-Core          修改交换机默认名字

super password level 3 cipher XXX          增加交换机超级密码

vlan batch 10 20 30 40 50 52 60 70 72 76          批量新建vlan

undo telnet server enable             关闭交换机telnet访问

observe-port 1 interface GigabitEthernet4/0/44        配置高速以太口4/0/44口为镜像口

undo http server enable        关闭web页面访问交换机

radius-server template XXX      配置radius模版

radius-server shared-key cipher XXX        配置radius共享密钥

radius-server authentication 172.16.XX.XX 1812      radius认证服务器地址及端口

radius-server retransmit 2       配置Radius实时记帐包发送间隔时间为2分钟

undo radius-server user-name domain-included radius    认证不加域名

acl number 3000            创建访问控制列表

description meeting         控制列表描述是会议

rule 1000 deny ip source 172.16.X.X  0.0.0.X destination 172.16.X.X  

0.0.X.X          拒绝源176.16.X.X，访问目标172.16.X.X

定义流策略

traffic classifier c_meeting operator or precedence 5

if-match acl 3000

定义流动作

traffic behavior b_permit 

permit

引用流策略和流动作

traffic policy p_meeting

classifier c_meeting behavior b_permit

访问控制列表在虚拟接口vlan76，进的方向策略生效

vlan 76

traffic-policy p_meeting inbound

#

创建dhcp中继服务组,并指定服务组的IP地址

dhcp server group 1

dhcp-server 172.16.X.X 0
#
dhcp server group 2

dhcp-server 172.16.X.X 1

#
aaa                开启AAA服务

authentication-scheme default      默认使用本地认证

authentication-scheme XX.com      配置aaa认证域模版

authentication-mode radius local     配置使用radius认证

authorization-scheme default      默认授权方式

accounting-scheme default       默认计费方式

domain default      默认域

domain XXX       创建AAA默认域

authentication-scheme XXX.com      应用认证域

radius-server XXX.com        radius认证模版

local-user admin password cipher XXX      配置admin密码

local-user admin service-type telnet terminal ssh web 8021x http  授权admin用登陆方式
#
ntp-service unicast-server 172.16.X.X     指向时间同步服务器
#
interface Vlanif10         进入vlan10虚拟接口

description to_chanpinfuwu        描述vlan10是产品服务

ip address 172.16.X.X 255.255.X.0        配置IP地址及其掩码

dhcp select relay        开启dhcp中继

dhcp relay server-select 1         dhcp中继指向中继组1

interface Eth-Trunk1         创建聚合组Eth-Trunk1

description To Playcrab-FireWall        描述Eth-Trunk1连接Playcrab-FireWall

port link-type trunk        端口链路类型为中继链路

port trunk pvid vlan 255        设置端口的默认vlan标签

undo port trunk allow-pass vlan 1        禁止vlan1通过中继链路端口

port trunk allow-pass vlan 255            允许vlan255通过中继链路端口

#
interface GigabitEthernet4/0/47           进入高速以太口

description To Playcrab-FrieWall-G0/0/1          描述连接防火墙的G0/0/1口

eth-trunk 1         加入聚合组1

ip route-static 0.0.0.0 0.0.0.0 172.16.X.X        配置默认路由

#
snmp-agent       开启交换机snmp服务

snmp-agent community read cipher XXX         配置snmp的团体名为XXX

snmp-agent sys-info version all        设置系统启用的snmp的版本号
#
ssh authentication-type default password        SSH认证类型，默认密码认证

#
user-interface con 0        进入交换机console口

authentication-mode password        密码认证模式

set authentication password cipher XXX       设置密码XXX为密文
#
user-interface vty 0 4         创建vty虚拟终端

authentication-mode aaa         认证模式为AAA

protocol inbound ssh         接入类型使用ssh