dell M6220 配置

1.Vlan及三层交换:

假设环境:6224交换机,需要划分4个Vlan,启用Vlan间路由.第24口设置为Trunk口,下连其他交换机或者上连到路由器,核心交换机等. (1).首先添加相应的Vlan:

console(config)#vlan database console(config-vlan)#vlan 2-5

(2).再将端口划分到指定Vlan,然后将第24口配置为trunk口,允许来自所有Vlan的数据包通过.这里需要注意的是:Vlan1是默认的管理Vlan,不建议将其作生产Vlan使用.来自Vlan1的数据包不能被打上802.1Q的包头,所以,这样配置下,来自Vlan1的的数据包无法通过24口. 如果必须使用Vlan1,则24口只能被配置为General模式:

console(config)#interface range ethernet 1/g1-1/g6 console(config-if)#switchport access vlan 2

console(config)#interface range ethernet 1/g7-1/g12 console(config-if)#switchport access vlan 3

console(config)#interface range ethernet 1/g13-1/g18 console(config-if)#switchport access vlan 4

console(config)#interface range ethernet 1/g19-1/g23 console(config-if)#switchport access vlan 5 console(config)#interface ethernet 1/g24

console(config-if-1/g24)#switchport mode trunk

console(config-if-1/g24)#switchport trunk allowed vlan add 2-5

(3).进入相应的Vlan接口配置模式,配置用于Vlan路由的IP地址,该地址也就是每个Vlan成员的对应网关地址. 然后用ip routing开启Vlan路由功能(默认为关闭): console(config)#interface vlan 2

console(config-if-vlan2)#ip address 192.168.2.1 255.255.255.0 console(config-if-vlan3)#ip address 192.168.3.1 255.255.255.0 console(config-if-vlan4)#ip address 192.168.4.1 255.255.255.0 console(config-if-vlan5)#ip address 192.168.5.1 255.255.255.0 console(config)#ip routing

*at least one interface has to be up and active for each vlan .

这里需要注意:每个参与路由的Vlan至少必须有一个端口是连上设备,并且处于UP状态. Vlan1 是默认的管理Vlan,不能参加路由. 如果必须使Vlan1参加路由,可以参考以下办法: 设置一空的Vlan,然后用下面命令将默认的管理Vlan从 Vlan1转移到该空Vlan上,再给Vlan1配置IP地址,启用路由. console(config)#ip address vlan

(4).如果上连路由器或者核心三层交换机,在没有启用路由协议时,可以用以下命令添加静态出口路由:

console(config)# ip route default

(5).保存配置:

console#copy run startup

2.查看配置状态:

console#show vlan

VLAN Name Ports Type Authorization ----- --------------- ------------- ----- ------------- 1 Default ch1-8, Default Required 1/g1-1/g24, 1/xg3-1/xg4

2 Static Required 3 Static Required 4 Static Required 5 Static Required

console#show ip interface

Management Interface:

IP Address..................................... 192.168.100.254 Subnet Mask.................................... 255.255.255.0 Default Gateway................................ 0.0.0.0

Burned In MAC Address.......................... 00FC.E390.0080 Network Configuration Protocol Current......... None Management VLAN ID............................. 1

Routing Interfaces:

Netdir Multi Interface IP Address IP Mask Bcast CastFwd ---------- --------------- --------------- -------- -------- vlan 2 192.168.2.1 255.255.255.0 Disable Disable vlan 3 192.168.3.1 255.255.255.0 Disable Disable vlan 4 192.168.4.1 255.255.255.0 Disable Disable vlan 5 192.168.5.1 255.255.255.0 Disable Disable

console#show ip interface vlan 2

Primary IP Address............................. 192.168.2.1/255.255.255.0 Routing Mode................................... Enable Administrative Mode............................ Enable Forward Net Directed Broadcasts................ Disable Proxy ARP...................................... Enable Local Proxy ARP................................ Disable Active State................................... Active Link Speed Data Rate........................... 10 Half

MAC Address.................................... 00FC.E390.0082 Encapsulation Type............................. Ethernet IP MTU......................................... 1500

console#show ip route

Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static B - BGP Derived, IA - OSPF Inter Area

E1 - OSPF External Type 1, E2 - OSPF External Type 2

N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2

C 192.168.2.0/24 [0/0] directly connected, vlan 2

console#show interfaces switchport ethernet 1/g1 (显示物理端口的详细信息)

Port: 1/g1

VLAN Membership mode:Access Mode

Operating parameters: PVID: 2

Ingress Filtering: Enabled

Acceptable Frame Type: Untagged Default Priority: 0 GVRP status:Disabled Protected:Disabled

Port 1/g1 is member in:

VLAN Name Egress rule Type

---- --------------------------------- ----------- -------- 2 Untagged Static

Static configuration: PVID: 2

Ingress Filtering: Enabled

Acceptable Frame Type: Untagged

Port 1/g1 is statically configured to:

VLAN Name Egress rule ---- --------------------------------- ----------- 2 Untagged

Forbidden VLANS: VLAN Name

---- --------------------------------- 更多的VLAN配置命令参考用户手册:

http://support.dell.com/support/edocs/network/PC62xx/en/CLI/HTML/vlan.htm#wp10305

3.基于802.1X的认证配置:

62XX系列交换机支持基于802.1x的端口认证,其配置方法和DELL53XX,3系列交换机的配置相同,参考附件文档.

基于8021X认证配置.doc

4.启用端口锁定功能:

62XX和5代,3代交换机相同,也支持端口锁定功能,启用此功能后的端口只学习一次所接入的设备的MAC地址. IT管理员可以借此用户私自在LAN中更改或者添加设备.不同的是,在5代,3代交换机上需要先开启端口的multiple-hosts多主机接入功能:

console(config)#interface range ethernet 1/g1-1/g24

console(config-if)# dot1x multiple-hosts( 5XXX,3XXX交换机上配置) console(config-if)# port security

怎样配置端口绑定静态MAC地址表,参考用户手册在Web方式下实现:

http://supportapj.dell.com/support/edocs/network/PC62xx/en/UG/HTML/configuc.htm#wp1298016

5.端口叠加(Overlapping)配置方法:

参考53XX系列交换机的配置.

6.端口镜像:

主要用于对源端口的监控,设置好镜像口后,发往或者发出源端口的所有数据包将会被复制到目的端口中. 目的端口不能是VLAN或者LAG成员.

console(config)#monitor session 1 source interface 1/g11 console(config)#monitor session 1 destination interface 1/g24

7.ACL

62XX支持L2/3/4层ACL,基于MAC和IP两类配置.可以从Web界面配置.步骤是首先定义ACL列表(默认最多可以配置100个ACL表),然后给ACL表指定规则,默认也是100条/ACL,最后将其绑定在接口上,接口可以是物理端口,也可以是LAG,Vlan.配置要点: (1)每个ACL表的末尾都会隐含”deny”所有不符合规则的包;

(2)源和目的的地址位掩码配置中,“0”代表精确匹配,”1”代表忽略该位.如允许来自192.168.1.0/24网段机器的访问,则其掩码是0.0.0.255

(3)同一接口可以绑定多个ACL,此时需要给每个ACL设置相应的优先级. 具体配置方法参考用户手册:

http://supportapj.dell.com/support/edocs/network/PC62xx/en/UG/HTML/configuc.htm#wp1399999

8.恢复密码

开机时在Boot Menu下选择2,再选择12,按照提示进行即可.

Boot Menu Version: 24 Sep 2006

2Select an option. If no selection in 10 seconds then operational code will start.

1 - Start operational code. 2 - Start Boot Menu. Select (1, 2):2

oot Menu Version: 24 Sep 2006

Options available

1 - Start operational code 2 - Change baud rate

3 - Retrieve event log using XMODEM

4 - Load new operational code using XMODEM 5 - Display operational code vital product data 6 - Run flash diagnostics 7 - Update boot code 8 - Delete backup image 9 - Reset the system

10 - Restore configuration to factory defaults (delete config files) 11 - Activate Backup Image

12 - Password Recovery Procedure [Boot Menu] 12

链路聚合

Port g1 ，g2 聚合

可以连接服务器，服务器的2个网卡可以配置Team

Interface range Ethernet 1/G(1,2) Chancel-group 2 mode on Exit

Port g3, g4 聚合

配置成trunk 模式，可以上联其它端口聚合的交换机

Interface range Ethernet 1/G(3,4) Chancel-group 1 mode on Exit

Port g1，g2 聚合的channel 2 属于vlan 2 Interface range port-channel 2 Switchport access vlan2

让Vlan 2 的信息通过 聚合channel 1 的trunk 端口出去上联 Interface range port-channel 1

Switchport trunk allowed vlan add 2