星期五, 8月 02, 2013

3com 4500與4210設定範例



環境3com 4500當上層交換器
3com 4210當下層交換器
3com 450026埠接3com 421025
3com 4500 本身ip設定為172.21.1.254/24
Vlan 22 172.21.2.0/24 port 1-4
Vlan 33 172.21.3.0/24 port 5-8
Vlan 44 172.21.4.0/24 port 9-12

3com 4210 本身ip設定為172.21.1.253/24
Vlan 22 port 1-4
Vlan 33 port 5-8
Vlan 44 port 9-12

3com 4500的設定


<4500>
system-view
進入設定

[4500]
INTERFACE VLAN 1
進入vlan1 這個界面,交換器預設一定會有vlan 1

[4500-Vlan-interface1]
IP ADDRESS 172.21.1.254 255.255.255.0
設定vlan 1ip,也就這台交換器的IP

[4500-Vlan-interface1]
quit
跳離設定模式

[4500]
vlan 22
新增一個名為22vlan,並跳入vlan 22

[4500-vlan22]
vlan 33
新增一個名為33vlan,並跳入vlan 33

[4500-vlan33]
vlan 44
新增一個名為44vlan,並跳入vlan 44

[4500-vlan44]
quit
跳離

[4500]
vlan 22
進入vlan 22中設定

[4500-vlan22]
PORT ETHERNET 1/0/1 TO ETHERNET 1/0/4
port 1,2,3,4設定為vlan 22

[4500-vlan22]
vlan 33
進入vlan 33中設定

[4500-vlan33]
PORT ETHERNET 1/0/5 TO ETHERNET 1/0/8
port 5,6,7,8設定為vlan 33

[4500-vlan33]
vlan 44
進入vlan 44中設定

[4500-vlan44]
PORT ETHERNET 1/0/9 TO ETHERNET 1/0/12
port 5,6,7,8設定為vlan 33

[4500-vlan44]
quit


[4500]
display vlan
showvlan的內容


Total 4 VLAN exist(s).
 The following VLANs exist:
  1(default), 22, 33, 44


[4500]
interface Vlan-interface 22
進入vlan 22的設定界面

[4500-Vlan-interface22]
ip add 172.21.2.0 24
設定vlan 22ip

[4500-Vlan-interface22]
interface Vlan-interface 33
進入vlan 33的設定界面

[4500-Vlan-interface33]
ip add 172.21.3.0 24
設定vlan 33ip

[4500-Vlan-interface33]
interface Vlan-interface 44
進入vlan 44的設定界面

[4500-Vlan-interface44]
ip add 172.21.4.0 24
設定vlan 44ip

[4500-Vlan-interface44]
quit


[4500]
dis vlan all
顯示所有的vlan設定

[4500]
save


[4500]
The configuration will be written to the device.
Are you sure?[Y/N]
是否要儲存設定,如果沒問題就是Y

[4500]

3com預設port 27,28up的狀態,也就預設就可以用了,若要將mini gbic插入25,26 則要將27,28 down,將25,26 up

[4500]
interface  GigabitEthernet 1/0/27
因為25-28giga port所以一定要有GigabitEthernet才能進入port 27

[4500 -GigabitEthernet1/0/27]
Shutdown
port 27 shutdown才能讓對映的port 25啟用,但是請注意,下完這個指令後,系統會自動reboot,要小心設定是否己儲存

<4500>
system view


[4500]
interface  GigabitEthernet 1/0/25
如果燈號還是沒亮,這時就必須將其定速

[4500 -GigabitEthernet1/0/25]
speed 1000
定速為1000 Mbps

[4500 -GigabitEthernet1/0/25]
Duplex full
定義為全雙工模式

[4500 -GigabitEthernet1/0/25]
quit










另外下層的4210設定也是如此,只是4210Layer2,無法設定vlan interfaceIP
因為4500port 25要下接4210port26,且4210一樣要切vlan22 vlan33 vlan44 並讓兩部交換器的相同vlan能互相溝通,則port還要再作trunk的動作,且必須再設static route
再者,4210port 26要上接4500port 25,因此4210port 26也要設定啟用,再設定trunk並且 設static route

Port vlan 模式有3
1.      access :port只能屬於一個vlan
2.      hybrid :可以有很多種模式,ex vlan22 可帶tag vlan 33不帶tag
3.      trunk:所有封包帶tag
設定trunk的方式如下


[4500]
interface  GigabitEthernet 1/0/25


[4500 -GigabitEthernet1/0/25]
port link-type trunk


[4500 -GigabitEthernet1/0/25]
port trunk permit vlan 1


[4500 -GigabitEthernet1/0/25]
port trunk permit vlan 22


[4500 -GigabitEthernet1/0/25]
port trunk permit vlan 33


[4500 -GigabitEthernet1/0/25]
port trunk permit vlan 44


[4500 -GigabitEthernet1/0/25]
display ip interface brief

*down: administratively down
(l): loopback
(s): spoofing
 Interface                   IP Address      Physical  Protocol     Description
 Vlan-interface1             172.21.2.254    up     up         Vlan-inte...
 Vlan-interface22            172.21.2.254    up     up         Vlan-inte...
 Vlan-interface33            172.21.3.254    up     up         Vlan-inte...
 Vlan-interface44            172.21.4.254       up     up         Vlan-inte...

可以看到vlan-interface 22,33,44physical protocalup

所以4210trunk模式也是如上的方式設定
接著要設定dhcp relay,讓client可以順利向dhcp server要到ip


[4500]
dhcp-server 1 ip 172.20.1.2
設定group名稱1dhcp server ip172.20.1.2

[4500]
Interface Vlan-Interface 1
進入vlan 1

[4500-Vlan-interface1]
Dhcp-server 1
設定vlan 1dhcp relaydhcp-server 1也就向172.20.1.2ip

[4500-Vlan-interface1]
Interface Vlan-Interface 22
進入vlan 22

[4500-Vlan-interface22]
Dhcp-server 1
設定vlan 22dhcp relaydhcp-server 1也就向172.20.1.2ip

[4500-Vlan-interface22]
Interface Vlan-Interface 33


[4500-Vlan-interface33]
Dhcp-server 1


[4500-Vlan-interface33]
Interface Vlan-Interface 44


[4500-Vlan-interface44]
Dhcp-server 1


Display dhcp-server 1 顯示Dhcp-Server 設定
Display dhcp-server Interface Vlan 2 顯示VLAN 介面的Relay 設定
Display dhcp-security 顯示Dhcp 安全性定義

static route的設定

4210client預設所有的封包均往4500丟,所以
4210static route設定為
Ip route-static 0.0.0.0 0.0.0.0 172.21.1.254  
也就是說不管目的地是那邊,封包均往4500

4500要設定
Ip route-static 172.21.1.0 255.255.255.0 172.20.1.253
Ip route-static 172.21.2.0 255.255.255.0 172.20.1.253
Ip route-static 172.21.3.0 255.255.255.0 172.20.1.253
Ip route-static 172.21.4.0 255.255.255.0 172.20.1.253
也就是說來源封包為172.21.1.0/24172.21.2.0/24172.21.3.0/24172.21.4.0/24這四個網段的ip均往回到172.20.1.253這台交換器


如何消除指定portvlan
ex
[4210-vlan11]display vlan all
 VLAN ID: 11
 VLAN Type: static
 Route Interface: not configured
 Description: VLAN 0011
 Name: VLAN 0011
 Tagged   Ports: none
 Untagged Ports:
  Ethernet1/0/1            Ethernet1/0/2            Ethernet1/0/3
  Ethernet1/0/4            Ethernet1/0/6            Ethernet1/0/13
  Ethernet1/0/14           Ethernet1/0/15           Ethernet1/0/16
  Ethernet1/0/18

如果要除去vlan11 中的ethernet1/0/6 ethernet1/0/18則下以下指令:
[4210]vlan11
[4210-vlan11]
[4210-vlan11]undo port Ethernet 1/0/6
[4210-vlan11]undo port Ethernet 1/0/18
[4210-vlan11]display vlan all
VLAN ID: 11
 VLAN Type: static
 Route Interface: not configured
 Description: VLAN 0011
 Name: VLAN 0011
 Tagged   Ports: none
 Untagged Ports:
  Ethernet1/0/1            Ethernet1/0/2            Ethernet1/0/3
  Ethernet1/0/4            Ethernet1/0/13           Ethernet1/0/14
  Ethernet1/0/15           Ethernet1/0/16


沒有留言: