锐捷交换机全场景命令手册(工业级实战版)

Lear 2025-06-07 12:00:00
Categories: > Tags:

锐捷交换机全场景命令手册(工业级实战版)

一、系统基础配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
 # 进入特权模式 enable
configure terminal 

# 查看设备信息
show version
show inventory

# 配置管理IP(建议使用专用VLAN)
 interface vlan 100
ip address 10.1.100.254 255.255.255.0
exit
ip default-gateway 10.1.100.1

# 配置SSH登录(推荐安全协议)
hostname Ruijie-SW
crypto key generate rsa modulus 2048  # 生成密钥
line vty 0 4
login local
transport input ssh
exit
username admin password 8 ruijie@2024  # 密码加密存储

二、VLAN深度配置

2.1 基础VLAN操作

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# 批量创建VLAN
 vlan range 10,20,30-40

# 配置Access端口
 interface gigabitEthernet 0/5
  switchport mode access
  switchport access vlan 10
  storm-control broadcast level 20 # 广播抑制

# 配置Trunk端口(支持QinQ)
 interface gigabitEthernet 0/24
  switchport mode trunk
  switchport trunk allowed vlan 10,20
  switchport trunk native vlan 10

2.2 私有VLAN(PVLAN)

1
2
3
4
5
6
vlan 500 private-vlan community \# 公共VLAN
vlan 501 private-vlan isolated \# 隔离VLAN
private-vlan association 500 501
interface gigabitEthernet 0/10
 switchport mode private-vlan host
 switchport private-vlan host-association 500 501 \# 端口隔离

三、安全加固配置

3.1 端口安全(防私接)

1
2
3
4
5
interface gigabitEthernet 0/8
 port-security enable
 port-security maximum 3
 port-security violation restrict # 违规限制
 port-security mac-address sticky 0011.2233.4455

3.2 DHCP Snooping防护

1
2
3
4
ip dhcp snooping
ip dhcp snooping vlan 10
interface gigabitEthernet 0/24
ip dhcp snooping trust # 信任上行口

3.3 动态ARP检测(DAI)

1
2
3
ip arp inspection vlan 10
interface gigabitEthernet 0/24
ip arp inspection trust

四、路由协议配置

4.1 静态路由

1
ip route 0.0.0.0 0.0.0.0 192.168.100.1

4.2 OSPF动态路由

1
2
3
router ospf 1
 network 10.1.0.0 0.0.255.255 area 0
 network 192.168.1.0 0.0.0.255 area 0

4.3 VRRP虚拟路由冗余

1
2
3
4
interface vlan 10
 vrrp 1 ip 10.1.10.254
 vrrp 1 priority 120 # 主设备优先级
 vrrp 1 preempt delay 60 # 抢占延迟

五、QoS流量工程

5.1 流量分类与标记

1
2
3
4
5
6
7
8
class-map match-all VOICE
 match dscp ef
policy-map QOS_POLICY
 class VOICE
 set cos 5
 police cir 10000000 # 10M带宽保障
interface gigabitEthernet 0/18
 service-policy input QOS_POLICY

5.2 限速策略(基于端口)

1
2
3
interface gigabitEthernet 0/15
 rate-limit input 1024000 2048000 # 突发限制
 rate-limit output 1024000 2048000

**

六、高级排错命令

6.1 端口诊断

1
2
3
show interfaces status # 端口状态总览
show interfaces counters gigabitEthernet 0/24 # 流量统计
show mac-address-table dynamic vlan 10 # MAC地址追踪

6.2 镜像端口抓包

1
2
monitor session 1 source interface gigabitEthernet 0/5 both # 双向镜像
monitor session 1 destination interface gigabitEthernet 0/1

6.3 日志分析

1
2
show logging | include error # 过滤错误日志
debug ip packet detail # 实时调试(慎用)

七、维护与管理

7.1 配置管理

1
2
copy running-config startup-config # 保存配置
copy startup-config tftp://192.168.1.100/backup.cfg # 备份到TFTP

7.2 固件升级

1
2
3
4
copy tftp://192.168.1.100/RGOS11.4.bin flash: # 下载固件
verify flash:RGOS11.4.bin # 校验文件
boot system flash:RGOS11.4.bin # 设置启动镜像
reload # 重启生效

特别说明‌:不同型号锐捷交换机可能存在命令差异,建议在实验环境中验证后再进行生产环境部署。

华为交换机实战命令大全(附应用场景)