|
|
Posted on 5/5/2017 10:13:40 AM
|
|
|
Get int
View the interface configuration information Get int ethx/x
View the specified interface configuration information Get mip
View the mapping IP relationship Get route
View the routing table Get policy id x
Review the specified policy Get NSRP
You can view the NSRP information, and then you can connect the parameters to view the specific VSD group, port monitoring settings, etc
Get per cpu de
View CPU utilization information Get per session de
View information about new sessions per second Get session
View the current session information to match the source address, source port, destination address, destination port, protocol, and other options
Get session info
See the current number of sessions in the Get system
View system information, including current OS version, interface information, device running time, etc
Get chaiss
Check the serial number of the device and the board to check the operating temperature of the equipment
Get counter stat
View all interface count information
Get counter stat ethx/x
View the specified interface count information
Get counter flow zone trust/untrust
View data flow information for a specified region
Get counter screen zone untrust/trust
View attack protection statistics for a specified region
Get tech-support
Review the device status command set, and generally collect this information to seek JTAC support in the event of a failure
Set int ethx/x zone trust/untrust/dmz/ha
Configure the specified interface to enter the specified area (trust/untrust/dmz/ha, etc.)
Set int ethx/x ip x.x.x.x/xx
Configure the IP address of the specified interface: Set int ethx/x manage
Configure the specified interface management options to open all management options
Set int ethx/x manage web/telnet/ssl/ssh
Configure specified interfaces to specify management options
Set int ethx/x phy full 100mb
Configure the specified interface rate and duplex mode
Set int ethx/x phy link-down
Configure the specified interface shutdown
Set nsrp vsd id 0 monitor interface ethx/x
Configure the HA monitoring port so that if the port is disconnected, the device will switch between primary and standby
Exec nsrp vsd 0 mode backup
Manually perform the device primary/standby switching on the current master
set route 0.0.0.0/0 interface ethernet1/3 gateway 222.92.116.33
To configure the route, you need to specify the next-hop interface and IP address at the same time
All set commands can be canceled by the unset command, which is equivalent to no in cisco
All commands can be completed by the "TAB" key, through the "?" to view the subsequent supported commands
Basic firewall configuration
create account [admin | user] <username> enter
Enter your password:
Enter your password again:
configure account admin enter
Enter your password:
Enter your password again:
2. Port configuration
config ports <portlist> auto off {speed [10 | 100 | 1000]} duplex [half | full] auto off
3. VLAN configuration
For both the core and access layers, create three vlans and remove all ports that belong to the default vlan:
config vlan default del port all
create vlan Server
create vlan User
create vlan Manger
Define the 802.1q tag
config vlan Server tag 10
config vlan User tag 20
config vlan Manger tag 30
Set the VLAN Gateway Address:
config vlan Server ipa 192.168.41.1/24
config vlan User ipa 192.168.40.1/24
config vlan Manger ipa 192.168.*.*/24
Enable ipforwarding Enables IP route forwarding, i.e., inter-VLAN routing
Trunk configuration
config vlan Server add port 1-3 t
config vlan User add port 1-3 t
config vlan manger add port 1-3 t
4. VRRP configuration
enable vrrp
configure vrrp add vlan UserVlan
configure vrrp vlan UserVlan add master vrid 10 192.168.6.254
configure vrrp vlan UserVlan authentication simple-password extreme
configure vrrp vlan UserVlan vrid 10 priority 200
configure vrrp vlan UserVlan vrid 10 advertisement-interval 15
configure vrrp vlan UserVlan vrid 10 preempt
5. Port image configuration
Start by removing the port from the VLAN
enable mirroring to port 3 #选择3作为镜像口
config mirroring add port 1 #把端口1的流量发送到3
config mirroring add port 1 vlan default #把1和vlan default traffic are sent to 3
6. Port-channel configuration
enable sharing <port> grouping <portlist> {port-based | address-based | round-robin}
show port sharing //View configuration
7. STP configuration
enable stpd // to start the spanning tree
create stpd stp-name // to create a spanning tree
configure stpd <spanning tree name> add vlan <vlan name> {ports <portlist> [dot1d | emistp | pvst-plus]}
configure stpd stpd1 priority 16384
configure vlan marketing add ports 2-3 stpd stpd1 emistp
8. DHCP trunk configuration
enable bootprelay
config bootprelay add <dhcp server ip>
9. NAT configuration
Enable nat #启用nat
Static NAT Rule Example
config nat add out_vlan_1 map source 192.168.1.12/32 to 216.52.8.32/32
Dynamic NAT Rule Example
config nat add out_vlan_1 map source 192.168.1.0/24 to 216.52.8.1 - 216.52.8.31
Portmap NAT Rule Example
config nat add out_vlan_2 map source 192.168.2.0/25 to 216.52.8.32 /28 both portmap
Portmap Min-Max Example
config nat add out_vlan_2 map source 192.168.2.128/25 to 216.52.8.64/28 tcp portmap 1024 - 8192
10. OSPF configuration
enable OSPF to enable the OSPF process
create OSPF area <area identifier> Create an OSPF area
configure ospf routerid [automatic | <routerid>] to configure the Routerid
configure ospf add vlan [<vlan name> | all] area <area identifier> {passive} Add a vlan to an area, equivalent to Cisco
network
configure ospf area <area identifier> add range <ipaddress> <mask> [advertise | noadvertise] {type-3 | type-7} Add a CIDR segment to it
In a certain area, it is equivalent to the role of the network in Cisco
configure ospf vlan <vlan name> neighbor add <ipaddress>
OSPF route republish configuration
enable ospf export direct [cost <metric> [ase-type-1 | ase-type-2] {tag <number>} | <route map>]
enable ospf export static [cost <metric> [ase-type-1 | ase-type-2] {tag <number>} | <route map>]
enable ospf originate-default {always} cost <metric> [ase-type-1 | ase-type-2] {tag <number>}
enable ospf originate-router-id
11. SNMP configuration
enable snmp access
enable snmp traps
create access-profile <access profile> type [ipaddress | vlan]
config snmp access-profile readonly [<access_profile> | none]Configure the read-only access list of snmp, none is removed
config snmp access-profile readwrite [<access_profile> | none] This is the control read and write control
config snmp add trapreceiver <ip address> {port <udp_port>} community <communitystring> {from <source ip address>} configure snmp connection
Collect host and group strings
12. Safety configuration
disable ip-option loose-source-route
disable ip-option strict-source-route
disable ip-option record-route
disable ip-option record-timestamp
disable ipforwarding broadcast
disable udp-echo-server
disable irdp vlan <vlan name>
disable icmp redirect
Disable web is disabled to access the switch by turning off the web
enable cpu-dos-protect
13. Access-Lists configuration
create access-list icmp destination source
create access-list ip destination source ports
create access-list tcp destination source ports
create access-list udp destination source ports
14. Default routing configuration
config iproute add default <gateway>
15. Restore factory values, but do not include the time of the user's change and the user's account information
unconfig switch {all}
16. Check the configuration
show version
show config
show session
show management to view management information, as well as SNMP information
show banner
show ports configuration
show ports utilization ?
show memory/show cpu-monitoring
show ospf
show access-list {<name> | port <portlist>}
show access-list-monitor
show ospf area <area identifier>
show ospf area detail
show ospf ase-summary
show ospf interfaces {vlan <vlan name> | area <area identifier>}
unconfigure ospf {vlan <vlan name> | area <area identifier>}
switch
show switch
show config
show diag
show iparp
show iproute
show ipstat
show log
show tech all
show version detail
17. Backup and upgrade software
download image [<hostname> | <ipaddress>] <filename> {primary | secondary}
upload image [<hostname> | <ipaddress>] <filename> {primary | secondary}
use image [primary | secondary]
18. Password recovery.
After you lose or forget the password, you need to restart the switch, press the space bar often, enter Bootrom mode, enter "h",
Select "d: Force Factory default configuration" to clear the configuration file, and finally select "f: Boot on board flash"
The password will be erased after restarting. Note: After recovering the password, the previous profile will be emptied.
For the Extreme X450E-48P, enter H after entering the bootrom, and then boot 1 enter
19. Switch Licese additions:
enable licese xxxx-xxxx-xxxx-xxxx-xxxx
The addition is prompted and Advanced Edge is displayed as successful
HN-HUAIHUA-ANQUAN-LS1.33 # show licenses
Enabled License Level:
Advanced Edge
Enabled Feature Packs:
None
Steps: a, HN-HUAIHUA-ANQUAN-LS1.34# show version
Switch : 800190-00-04 0804G-80211 Rev 4.0 BootROM: 1.0.2.2 IMG: 11.6.1.9
XGM2-1 :
Image : ExtremeXOS version 11.6.1.9 v1161b9 by release-manager
on Wed Nov 29 22:40:47 PST 2006
BootROM : 1.0.2.2
where 0804G-80211 is the serial number of the switch
b Then find the voucher serial number in the envelope containing the licese
c According to these two serial numbers, find the key of liceses on the specified website, with a total of 16 digits,
dThen enable licese to enter the key value
|
Previous:vs2017 about DCOM encountering error "Dependent service or group failed to start. ", trying to start service B...Next:Juniper router vulnerability backdoor
|
