extreme-交换机常用维护命令

extreme交换机常用维护命令最近有个项目用extreme的网络设备,根据extreme官方资料,整理了一些常用的配置!1.用户名和密码配置createaccount[admin|user]username{encrypted}{password}configureaccountadmin2.port配置configportsportlistautooff{speed[10|100|1000]}duplex[half|full]autooff3.Vlan配置无论是核心还是接入层，都要先创建三个Vlan，并且将所有归于DefaultVlan的端口删除：configvlandefaultdelportallcreatevlanServercreatevlanUsercreatevlanManger删除vlanDelvlanuser定义802.1q标记configvlanServertag10configvlanUsertag20configvlanMangertag30设定Vlan网关地址：configvlanServeripa192.168.41.1/24configvlanUseripa192.168.40.1/24configvlanMangeripa192.168.*.*/24Enableipforwarding启用ip路由转发，即vlan间路由Trunk配置configvlanServeraddport1-3tconfigvlanUseraddport1-3tconfigvlanmangeraddport1-3tTrunk删除配置configvlanServerdelport1-3tconfigvlanUserdelport1-3tconfigvlanmangerdelport1-3t添加vlanipconfigurevlanServeripaddress192.168.155.25255.255.255.252添加IPROUTEConfigiprouteadd删除IPROUTEConfigiproutedel4.VRRP配置enablevrrpconfigurevrrpaddvlanUserVlanconfigurevrrpvlanUserVlanaddmastervrid10192.168.6.254configurevrrpvlanUserVlanauthenticationsimple-passwordextremeconfigurevrrpvlanUserVlanvrid10priority200configurevrrpvlanUserVlanvrid10advertisement-interval15configurevrrpvlanUserVlanvrid10preempt5.端口镜像配置configmirroringaddvlanxxxenablemirroringtoport3＃选择3作为镜像口configmirroringaddport1＃把端口1的流量发送到3configmirroringaddport1vlandefault＃把1和vlandefault的流量都发送到36.port-channel配置enablesharingportgroupingportlist{port-based|address-based|round-robin}7.stp配置enableIS_rtpstpdcreatestpd*configurestpdspanningtreenameaddvlanvlanname{portsportlist[dot1d|emistp|pvst-plus]}configurestpdstpd1priority16384configurevlanmarketingaddports2-3stpdstpd1emistp8.DHCP中继配置enablebootprelayconfigbootprelayadddhcpserverip9.NAT配置Enablenat＃启用natStaticNATRuleExampleconfignataddout_vlan_1mapsource192.168.1.12/32to216.52.8.32/32DynamicNATRuleExampleconfignataddout_vlan_1mapsource192.168.1.0/24to216.52.8.1-216.52.8.31PortmapNATRuleExampleconfignataddout_vlan_2mapsource192.168.2.0/25to216.52.8.32/28bothportmapPortmapMin-MaxExampleconfignataddout_vlan_2mapsource192.168.2.128/25to216.52.8.64/28tcpportmap1024-819210.OSPF配置enableospf启用OSPF进程createospfareaareaidentifier创建OSPF区域configureospfrouterid[automatic|routerid]配置Routeridconfigureospfaddvlan[vlanname|all]areaareaidentifier{passive}把某个vlan加到某个Area中去，相当于Cisco中的network的作用configureospfareaareaidentifieraddrangeipaddressmask[advertise|noadvertise]{type-3|type-7}把某个网段加到某个Area中去，相当于Cisco中的network的作用configureospfvlanvlannameneighboraddipaddressOSPF中路由重发布配置enableospfexportdirect[costmetric[ase-type-1|ase-type-2]{tagnumber}|routemap]enableospfexportstatic[costmetric[ase-type-1|ase-type-2]{tagnumber}|routemap]enableospforiginate-default{always}costmetric[ase-type-1|ase-type-2]{tagnumber}enableospforiginate-router-id11.SNMP配置enablesnmpaccessenablesnmptrapscreateaccess-profileaccessprofiletype[ipaddress|vlan]configsnmpaccess-profilereadonly[access_profile|none]配置snmp的只读访问列表，none是去除configsnmpaccess-profilereadwrite[access_profile|none]这是控制读写控制configsnmpaddtrapreceiveripaddress{portudp_port}communitycommunitystring{fromsourceipaddress}配置snmp接收host和团体字符串12.安全配置disableip-optionloose-source-routedisableip-optionstrict-source-routedisableip-optionrecord-routedisableip-optionrecord-timestampdisableipforwardingbroadcastdisableudp-echo-serverdisableirdpvlanvlannamedisableicmpredirectdisableweb关闭web方式访问交换机enablecpu-dos-protect13.Access－Lists配置createaccess-listicmpdestinationsourcecreateaccess-listipdestinationsourceportscreateaccess-listtcpdestinationsourceportscreateaccess-listudpdestinationsourceports14.默认路由配置configiprouteadddefaultgateway15.恢复出厂值，但不包括用户改的时间和用户帐号信息unconfigswitch{all}16.检查配置showversionshowconfigshowsessionShowmirroring查看映像showmanagement查看管理信息，以及snmp信息showbannershowportsconfigurationshowospfshowaccess-list{name|portportlist}showaccess-list-monitorshowospfareaareaidentifiershowospfareadetailshowospfase-summaryshowospfinterfaces{vlanvlanname|areaareaidentifier}unconfigureospf{vlanvlanname|areaareaidentifier}17.备份和升级软件downloadimage[hostname|ipaddress]filename{primary|secondary}uploadimage[hostname|ipaddress]filename{primary|secondary}useimage[primary|secondary]小知识点：1.DHCP中继。bootprelay/dhcprelay用于主机获取它的IP地址，但是在一个高度需要安全的网络中需要以更安全的方法配置它，比如通过udp-forwarding的方法来配置dhcprelay。disablebootprelay以下是一个用udp-forwarding代替enablebootrelay的配置例子。createudp-profilebackbonedhcpconfigbackbonedhcpadd67ipaddress*configuser_vlan1udp-profilebackbonedhcp2.密码恢复。Extreme交换机在你丢失或忘记密码后，需要重新启动交换机，常按空格键，进入Bootrom模式，输入“h”，选择“d:ForceFactorydefaultconfiguration”清除配置文件，最后选择“f:Bootonboardflash”重新启动后密码会被清除掉。注意：恢复密码后，以前的配置文件将会被清空。