中兴89系列交换机开通维护手册:
1 设置设备名称
hostname FDDX_Zhongxingjifang_8905
2 设置远程登录用户名和密码
urname zxr10 password zxr10
urname zxr10 password zxr10 privilege 15 //设置用户zxr10 ,密码zxr10 等级为15(最高权限)
3 设置限制远程登录
line telnet access-class 1
acl standard number 1
rule 1 permit 61.128.177.0 0.0.0.7
rule 2 permit 218.70.65.232 0.0.0.0
rule 3 permit 61.128.177.34 0.0.0.0
rule 4 permit 222.179.186.188 0.0.0.0
rule 5 permit 10.130.131.177 0.0.0.0
rule 6 permit 222.179.235.222 0.0.0.0
配置一个标准acl,允许需要访问的地址通过,然后引用该acl
4 设置端口单端口环路检测功能
loop-detect reopen-time 10 //设置端口重新开启的时间(单位为 分)(设备检测到端口有环路会自动shutdown端口)
loop-detect interface gei_2/1-24 enable //在端口开启单端口环路检测功能(支持批处理)
5 设备stp协议的配置:
spanning-tree enable
spanning-tree mst configuration
name zte
instance 1 vlan 1-4093 //配置需要保护的vlan,请注意:zesr环网的控制vlan不能被保护。
说明:我们要求在全局模式下将stp协议打开,然后进入端口模式,将生成树协议关闭,以避免stp不稳定引起的网络震荡。
进入接口模式:
pokey
spanning-tree disable
6 设备端口限速配置:89系列设备都支持二层和三层限速,我们建议尽量使用二层限制速度;
在接口模式下配置:
traffic-limit rate-limit 100000 bucket-size 4094 in
traffic-limit rate-limit 100000 bucket-size 4094 out
7 设备端口聚合的配置 89系列设备的端口聚合支持有三种模式:active、on、passive 我们一般建议使用on(静态模式),如果使用动态方式,一段使用active,则另一段一般设置为passive。
首先在配置模式下建立端口聚合组:
interface smartgroup30
然后在接口模式下:
smartgroup 30 mode
active Enable port to LACP mode
on Enable port to manual aggregation mode
passive Enable port to LACP mode if neighbor is detected
说明:端口聚合的成员端口的属性需要保持一直,包括vlan属性、端口物理属性等,请配置的时候注意
8 qinq配置 89系列设备实现亲切有以下方式:1 native vlan 实现qinq,2 vfp 实现qinq
区别如下:使用native vlan方式实现qinq是非灵活qinq,他将本端口接受到的所有vlan报告都封装为native vlan 的tag之的vlan标签,这种方式一个端口只能支持一个外层vlan,不能透传单层vlan。
vfp模式为灵活qinq,可以支持根据所有qinq业务的需求。
interface gei_1/8
description To-YuHuLuKong_c220
no negotiation auto
ip access-group 201 in //必须配置
ip access-group 201 vfp //必须配置
switchport mode hybrid
switchport hybrid native vla
n 2206
switchport hybrid vlan 1093-1094 tag
switchport hybrid vlan 1102 tag
switchport hybrid vlan 14 untag
switchport hybrid vlan 2200 untag
switchport hybrid vlan 2206 untag
switchport qinq customer
spanning-tree disable
vfp ssion 4 invlan 2206 in 201 rule 1 ovlan 2200 //给内层vlan2206打2200的外层标签;
vfp ssion 1 invlan 2200 in 201 rule 1 ovlan 2206 //给内层vlan为2200打2206的外层标签
vfp ssion 2 invlan 14 in 201 rule 1 ovlan 14 //给内层vlan14 打14的外层标签
vfp ssion 3 invlan 1093-1094,1102 in 201 rule 1 untag pinpoint//透传vlan 1093-1094,1102,对这些vlan标签不做任何处理,直接透传
acl link number 201
rule 1 permit any ingress any egress any
使用native vlan 方式配置如下:
interface gei_8/45
switchport mode hybrid
switchport hybrid native vlan 1100
switchport hybrid vlan 1100 untag
switchport qinq customer
这两种方式都需要在上行端口将外层vlan透传。
9 常见病毒端口的关闭:
acl extended number 101
rule 1 deny tcp any any eq 135
rule 2 deny tcp any any eq 136
transmissionrule 3 deny tcp any any eq 137
rule 4 deny tcp any any eq 138
rule 5 deny tcp any any eq 139
rule 6 deny tcp any any eq 445
rule 7 deny tcp any any eq 593
rule 8 deny tcp any any eq 1434
rule 9 deny tcp any any eq 3333
rule 10 deny tcp any any eq 4444
rule 11 deny tcp any any eq 5554
rule 12 deny udp any any eq 135
rule 13 deny udp any any eq 136
rule 14 deny udp any any eq 137
rule 15 deny udp any any eq 138
rule 16 deny udp any any eq 139
rule 17 deny udp any any eq 445
rule 18 deny udp any any eq 593
rule 19 deny udp any any eq 1434
rule 20 deny udp any any eq 3333
rule 21 deny udp any any eq 4444
rule 22 deny udp any any eq 5554
rule 23 permit ip any any
然后在接口上引用本acl 就可以了
10 zesr 以太环网的配置 说明:本配置请不要轻易删除或者修改,操作不当会引起全网故障。
zesr ctrl-vlan 4094 protect-instance 1 //配置保护实例
zesr ctrl-vlan 4094 major-level role master gei_2/13 gei_2/14 // 配置master节点,zesr的成员端口,前者为主用端口,后者为从端口,正常情况下后者是block状态;
zesr ctrl-vlan 4094 protect-instance 1
zesr ctrl-vlan 4094 major-level role transit smartgroup2 smartgroup1 //配置transit节点,zesr成员端口不分主从,正常情况都是处于forward状态;
11 zess 双上行配置:说明:本配置请不要轻易删除或者修改,操作不当会引起全网故障。
zess domain 1 protect-instance 1 //配置保护实例
zess domain 1 member primary xgei_4/1 condary xgei_4/2 //配置zess的成员端口,前者为主端口,后者为从端口,正常情况下,前者是forward状态,后者是block状态。
im软件12 端口隔离的配置:
vlan private-map ssion-id 1 iso
late fei_7/1-15 promis fei_7/13
说明:isolate 后面是需要隔离的端口,promis 后面是需要隔离端口和谁通讯的端口;ssion-id 为1-256之间的数值,支持256条隔离语句。
13 SNMP的配置
snmp-rver community yubei view AllView rw //配置字符串 和视图 并指明是 读或者写 权限
snmp-rver community ps-yubei view AllView ro
snmp-rver view AllView internet included
snmp-rver view allview internet included
snmp-rver view DefaultView system included
snmp-rver host 136.14.116.7 trap version 2c yubei udp-port 162 //配置host 和trap
snmp-rver host 136.14.116.8 trap version 2c yubei udp-port 162
14 supervlan的配置
interface supervlan5
ip poison-rever
ip address 222.179.151.25 255.255.255.248
inter-subvlan-routing disable
arp-broadcast enable
ip-pool-filter disable
vlan 1019
name TO_shuangxi_wangba
在线翻译工具supervlan 5
15 ospf配置 :
router ospf 22
network 222.179.184.100 0.0.0.3 area 0.0.0.22
network 222.179.184.172 0.0.0.3 area 0.0.0.22
network 222.179.184.176 0.0.0.3 area 0.0.0.22
network 222.179.184.184 0.0.0.3 area 0.0.0.22
network 222.179.184.188 0.0.0.3 area 0.0.0.22
network 222.179.184.192 0.0.0.3 area 0.0.0.22
tdenetwork 222.179.184.198 0.0.0.0 area 0.0.0.22
network 222.179.184.200 0.0.0.3 area 0.0.0.2230的英文
network 222.179.184.208 0.0.0.3 area 0.0.0.22
network 222.179.184.212 0.0.0.3 area 0.0.0.22
network 222.179.184.216 0.0.0.3 area 0.0.0.22
network 222.179.184.220 0.0.0.3 area 0.0.0.22
network 222.179.184.224 0.0.0.3 area 0.0.0.22
network 222.179.184.228 0.0.0.3 area 0.0.0.22
network 222.179.184.232 0.0.0.3 area 0.0.0.22
network 222.179.184.236 0.0.0.3 area 0.0.0.22
redistribute connected
日常维护:
1 查看设备版本 说明:89系列交换机可以在任何模式下使用show命令
show version
for the hordeZXR10 T160G Software, Version ZXR10 G-Series&8900&6900 V2.8.01.C.24.P01(设备版本), RELEASE SOFTWARE
Copyright (c) 2001-2008 by ZTE Corporation
Compiled Nov 14 2008, 14:37:30
ZXR10 Router Operating System Software, ZTE Corporation
ZXR10 ROS Version V4.8.11.01(平台版本)
System image files are flash:<//flash/img/zxr10.zar>
System uptime is 211 days, 11 hours, 54 minutes //设备运行的时间
[MEC, panel 1, master](主控板 主用)
Main Processor: IBM 750FX Processor
System Memory : 512M bytes , System Flash : 64M bytes
System Serial : 16139 , System BaudRate : 115200
System Nvram : 8192 bytes , Temperature : 42℃(板卡温度)
CPLD Version : V1.4 , FPGA Version : V1.2
Board Name : RS-T160G-MCS(板件名)
[MEC, panel 2, slave](主控板 备用)
Main Processor: IBM 750FX Processor
System Memory : 512M bytes , System Flash : 64M bytes
System Serial : 16139 , System BaudRate : 115200
maliciousSystem Nvram : 8192 bytes , Temperature : 41℃
CPLD
Version : V1.4 , FPGA Version : V1.2
Board Name : RS-T160G-MCS
[NPCI, panel 1]
Main Processor: PowerPC MPC8270 Processor
System Memory : 128M bytes , System Flash : 16M bytes
Board Type : TGFI , Network Processor : NO(是否支持NP)
Port Number : 24 , CPLD Version : V1.4
Temperature : 44℃
Board Name : RS-XG-24GE-SFP4RJ45(板件名)
Network Processor Status : DISABLE
CPLD2 Version : V1.4
2 查看设备学习mac地址情况
show mac (后面可以接m具体的mac地址或者接口,或者vlan)
3 查看设备端口情况
show interface gei_2/1
gei_2/1 is up, line protocol is up (端口状态 是否UP或者down
Description is bananfeng-vod
The port is electric (端口物理模式 是电口或者光口
Duplex full
Mdi type:auto
VLAN mode is access, pvid 961
MTU 1500 bytes BW 1000000 Kbits
Last clearing of "show interface" counters 177Day 13Hour 10Min 12Sec
120 conds input rate: 378 Bps, 2 pps
120 conds output rate: 2022 Bps, 27 pps
Interface peak rate : input 30914267Bps, output 484335Bps
Interface utilization: input 0%, output 0%
Input:
Packets : 24978891879 Bytes: 25125469607940
Unicasts : 24978552771 Multicasts: 0
Broadcasts: 339036 Undersize: 0
Oversize : 0 CRC-ERROR : 27
Dropped : 1498668016 Fragments : 17
Jabber : 0 MacRxErr : 0
Output:
Packets : 96912628 Bytes: 8336593753
Unicasts : 29949953 Multicasts: 1281861
Broadcasts: 65680856 Collision: 0
LateCollision: 0
Total:
64B : 248692060 65-127B : 118368383
128-255B : 53933147 256-511B : 84327531
512-1023B : 20111805084 1024-1518B: 4458678286
查看所有端口的状态
show interface brief
Interface Portattribute Mode BW(Mbits) Admin Phy Prot Description
gei_1/1 optical Duplex/full 1000 down down down none
gei_1/2 electric Duplex/full 1000 up down down none
gei_1/3 optical Duplex/full 1000 up down down none
gei_1/4 optical Duplex/full 1000 up down down none
gei_1/5 optical Duplex/full 1000 up down down none
gei_1/6 optical Duplex/full 1000 up down down none
gei_1/7 optical Duplex/full 1000 up down down none
gei_1/8 optical Duplex/full 1000 up down down none
gei_1/9 optical Duplex/full 1000 up down down none
gei_1/10
optical Duplex/full 1000 up down down none
gei_1/11 optical Duplex/full 1000 up down down
gei_1/12 optical Duplex/full 1000 up up up To-YD3750-2_...
gei_1/13 optical Duplex/full 1000 up down down none
gei_1/14 optical Duplex/full 1000 up down down none
gei_1/15 optical Duplex/full 1000 up up up
gei_1/16 optical Duplex/full 1000 up down down none
gei_1/17 optical Duplex/full 1000 up down down
gei_1/18 optical Duplex/full 1000 up down down
gei_1/19 optical Duplex/full 1000 up down down none
gei_1/20 optical Duplex/full 1000 up up up To-Yd3750-2(...
gei_1/21 optical Duplex/full 1000 up up up
gei_1/22 optical Duplex/full 1000 up down down none
查看设备三层端口:
show ip interface brief
Interface IP-Address Mask AdminStatus PhyStatus Protocol
vlan100 192.168.7.150 255.255.255.0 up up up
vlan215 192.168.215.2 255.255.255.0 up up up
vlan900 192.168.123.2 255.255.255.0 up up down
vlan901 222.178.144.161 255.255.255.252 up up up
vlan902 222.178.144.165 255.255.255.252 up up up
vlan998 222.178.146.7 255.255.255.192 up up up
4 查看zesr环网状态
show zesr brief
ctrl-vlan: 4000 protectinstance: 1
level g role port port level-state switch-times
major transit xgei_4/1 xgei_4/2 up (状态 正常情况为UP) 36切换次数
restarttime: 120(s)
port detect: normal
protocol mac: normal
show zesr ctrl-vlan 4000
ctrl-vlan: 4000 protectinstance: 1
my best friend
level: majoronline是什么意思
state: up
role: transit
port: xgei_4/1 portstate: forward
port: xgei_4/2 portstate: forward(端口状态为转发)
preforward: 20(s)
switch-times: 36
level: 1 g: 2
state: down
role: edge-assistant
port: smartgroup2 portstate: forward
preforward: 20(s)
switch-times: 0
5 查看端口聚合:
show lacp internal
Smartgroup:1
Flag *--LOOP is TRUE
Actor Agg LACPDUs Port Oper Port RX Mux
Port State Interval Priority Key State Machine Machine
-----------------------------------------------------------------------------
gei_2/23 unlected 30 32768 0x103 0x4 N/A N/A
gei_2/24 unlected 30 32768 0x103 0x4 N/A N/A
Smartgroup:2
Flag *--LOOP is TRUE
Actor Agg LACPDUs Port Oper Port RX Mux
Port State Interval Priority Key State Machine Machine
----
