Mudanças entre as edições de "Switch Huawei"

De IFRS Campus Canoas
Ir para: navegação, pesquisa
(Usuário)
(SNMP)
 
(15 revisões intermediárias pelo mesmo usuário não estão sendo mostradas)
Linha 11: Linha 11:
 
  [sys-view] ssh user admin service-type stelnet
 
  [sys-view] ssh user admin service-type stelnet
 
  [sys-view] user-interface vty 0 4
 
  [sys-view] user-interface vty 0 4
  [sys-view] authentication-mode aaa
+
  [sys-view-vty] authentication-mode aaa
  [sys-view] protocol inbound ssh
+
  [sys-view-vty] protocol inbound ssh
  
 
=== NTP ===
 
=== NTP ===
Linha 54: Linha 54:
 
  [sys-view-GigabitEthernet1/0/24] port trunk allow-pass vlan 2
 
  [sys-view-GigabitEthernet1/0/24] port trunk allow-pass vlan 2
 
  [sys-view-GigabitEthernet1/0/24] port description switch
 
  [sys-view-GigabitEthernet1/0/24] port description switch
 +
 +
Atribuir IP para a interface VLAN
 +
 +
[sys-view] interface vlanif 2
 +
[sys-view-Vlanif2] ip address 192.168.1.XXX 255.255.255.0
 +
[sys-view-Vlanif2] ipv6 enable
 +
[sys-view-Vlanif2] ipv6 address 2804:0:24B0:XXXX::XXXX/64
 +
 +
=== Voice VLAN ===
 +
 +
Necessário habilitar lldp geral
 +
 +
<HUAWEI> llpd enable
 +
 +
Neste exemplo, a VLAN 5 é a LAN do PC conectado no telefone IP e a VLAN 10 para Voice-VLAN
 +
 +
[sys-view] interface gigabitethernet 0/0/1
 +
[sys-view-GigabitEthernet0/0/1] port link-type hybrid
 +
[sys-view-GigabitEthernet0/0/1] port hybrid pvid vlan 5
 +
[sys-view-GigabitEthernet0/0/1] port hybrid untagged vlan 5
 +
 +
[sys-view-GigabitEthernet0/0/1] voice-vlan 10 enable
 +
[sys-view-GigabitEthernet0/0/1] voice-vlan mode manual
 +
[sys-view-GigabitEthernet0/0/1] port hybrid tagged vlan 10
 +
[sys-view-GigabitEthernet0/0/1] undo voice-vlan security enable
 +
[sys-view-GigabitEthernet0/0/1] trust 8021p
 +
[sys-view-GigabitEthernet0/0/1] lldp enable
 +
 +
=== LOG ===
 +
 +
[sys-view] info-center channel 6 name graylog
 +
[sys-view] info-center source INFO channel 6 log level notification
 +
[sys-view] info-center source AAA channel 6 log level notification
 +
[sys-view] info-center source ETH channel 6 log level warning
 +
[sys-view] info-center source L2IF channel 6 log level warning
 +
[sys-view] info-center source TFTP channel 6 log level error
 +
[sys-view] info-center loghost source Vlanif25
 +
[sys-view] info-center loghost ipv6 2804:0:24B0:XXXX::XXXX channel 6 facility local2 log-counter disable port 5514
 +
[sys-view] info-center local log-counter disable
 +
 +
=== POE ===
 +
 +
[sys-view] poe power-management manual slot 0
 +
 +
=== Backup Auto das Configurações ===
 +
 +
[sys-view] set save-configuration interval 60
 +
[sys-view] set save-configuration backup-to-server server 192.168.1.1 transport-type tftp
 +
 +
=== SNMP ===
 +
 +
[sys-view] snmp-agent
 +
[sys-view] snmp-agent community read cipher NOME_COMUNITY
 +
[sys-view] snmp-agent sys-info version v2c         
 +
[sys-view] undo snmp-agent sys-info version v3
 +
[sys-view] snmp-agent acl NUMERO
 +
 +
=== ACL ===
 +
 +
[sys-view]      acl name acl-ssh 3999
 +
[sys-view-acl]  description Gerenciamento
 +
[sys-view-acl]  rule 5 permit tcp source XXX.XXX.XXX.XXX 0 destination-port eq 22
 +
[sys-view-acl]  rule 10 permit tcp source XXX.XXX.XXX.XXX 0 destination-port eq 22
 +
 +
=== Outros ===
 +
 +
[sys-view] igmp-snooping enable
 +
[sys-view] smart-upgrade web-prompt disable
 +
 +
=== STP ===
 +
 +
[sys-view] stp mode rstp
 +
 +
=== Upgrade ===
 +
Firmware
 +
[user-view] tftp 192.168.1.1 get ARQUIVO
 +
[user-view] startup system software flash:/ARQUIVO
 +
[user-view] startup patch software flash:/ARQUIVO
 +
[user-view] reboot
 +
Servidor Web
 +
[sys-view] http server load ARQUIVO

Edição atual tal como às 14h19min de 30 de março de 2022

Usuário

[sys-view] aaa
[sys-view-aaa] local-user admin service-type ssh http terminal

SSH

[sys-view] rsa local-key-pair create
[sys-view] stelnet server enable
[sys-view] ssh user admin
[sys-view] ssh user admin authentication-type password
[sys-view] ssh user admin service-type stelnet
[sys-view] user-interface vty 0 4
[sys-view-vty] authentication-mode aaa
[sys-view-vty] protocol inbound ssh

NTP

[sys-view] ntp-service server disable
[sys-view] ntp-service ipv6 server disable
[sys-view] ntp-service unicast-server 200.189.40.8
[sys-view] ntp-service unicast-server 200.160.0.8

Timezone 

[sys-view] clock timezone Brasilia minus 03:00:00

IPv6

Habilitar configuração global de IPv6 

[sys-view] ipv6

Gateway

[sys-view] ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
[sys-view] ipv6 route-static :: 0 2804:0:24B0:XXXX::1

VLAN

[sys-view] vlan 2
[sys-view] name TI
[sys-view-vlan2] description TI

Interface em modo de acesso 

[sys-view] interface gigabitethernet 0/0/2
[sys-view-GigabitEthernet0/0/2] port link-type access
[sys-view-GigabitEthernet0/0/2] port access vlan 2
[sys-view-GigabitEthernet0/0/2] port description desktop

Interface em modo trunk 

[sys-view] interface gigabitethernet 0/0/24
[sys-view-GigabitEthernet0/0/24] port link-type trunk
[sys-view-GigabitEthernet0/0/24] undo port trunk allow-pass vlan 1
[sys-view-GigabitEthernet1/0/24] port trunk allow-pass vlan 2
[sys-view-GigabitEthernet1/0/24] port description switch

Atribuir IP para a interface VLAN 

[sys-view] interface vlanif 2
[sys-view-Vlanif2] ip address 192.168.1.XXX 255.255.255.0
[sys-view-Vlanif2] ipv6 enable
[sys-view-Vlanif2] ipv6 address 2804:0:24B0:XXXX::XXXX/64

Voice VLAN

Necessário habilitar lldp geral 

<HUAWEI> llpd enable

Neste exemplo, a VLAN 5 é a LAN do PC conectado no telefone IP e a VLAN 10 para Voice-VLAN 

[sys-view] interface gigabitethernet 0/0/1
[sys-view-GigabitEthernet0/0/1] port link-type hybrid
[sys-view-GigabitEthernet0/0/1] port hybrid pvid vlan 5
[sys-view-GigabitEthernet0/0/1] port hybrid untagged vlan 5

[sys-view-GigabitEthernet0/0/1] voice-vlan 10 enable
[sys-view-GigabitEthernet0/0/1] voice-vlan mode manual
[sys-view-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[sys-view-GigabitEthernet0/0/1] undo voice-vlan security enable 
[sys-view-GigabitEthernet0/0/1] trust 8021p
[sys-view-GigabitEthernet0/0/1] lldp enable

LOG

[sys-view] info-center channel 6 name graylog
[sys-view] info-center source INFO channel 6 log level notification
[sys-view] info-center source AAA channel 6 log level notification
[sys-view] info-center source ETH channel 6 log level warning
[sys-view] info-center source L2IF channel 6 log level warning
[sys-view] info-center source TFTP channel 6 log level error
[sys-view] info-center loghost source Vlanif25
[sys-view] info-center loghost ipv6 2804:0:24B0:XXXX::XXXX channel 6 facility local2 log-counter disable port 5514
[sys-view] info-center local log-counter disable

POE

[sys-view] poe power-management manual slot 0

Backup Auto das Configurações

[sys-view] set save-configuration interval 60
[sys-view] set save-configuration backup-to-server server 192.168.1.1 transport-type tftp

SNMP

[sys-view] snmp-agent
[sys-view] snmp-agent community read cipher NOME_COMUNITY
[sys-view] snmp-agent sys-info version v2c           
[sys-view] undo snmp-agent sys-info version v3
[sys-view] snmp-agent acl NUMERO

ACL

[sys-view]      acl name acl-ssh 3999
[sys-view-acl]  description Gerenciamento
[sys-view-acl]  rule 5 permit tcp source XXX.XXX.XXX.XXX 0 destination-port eq 22
[sys-view-acl]  rule 10 permit tcp source XXX.XXX.XXX.XXX 0 destination-port eq 22

Outros

[sys-view] igmp-snooping enable
[sys-view] smart-upgrade web-prompt disable

STP

[sys-view] stp mode rstp

Upgrade

Firmware 

[user-view] tftp 192.168.1.1 get ARQUIVO
[user-view] startup system software flash:/ARQUIVO
[user-view] startup patch software flash:/ARQUIVO
[user-view] reboot

Servidor Web 

[sys-view] http server load ARQUIVO
Disponível em "https://wiki.canoas.ifrs.edu.br/index.php?title=Switch_Huawei&oldid=580"