华为:利用IP-Link技术实现静态路由冗余
作者:admin 日期:2017-08-05
USG5320A Config:
#配置接口IP
interface GigabitEthernet0/0/0
description TO_CoreSW_A
ip address 192.168.63.2 255.255.255.0
interface GigabitEthernet0/0/1
description TO_FWB
ip address 192.168.59.1 255.255.255.0
interface GigabitEthernet0/0/3
description TO_LIANTONG
ip address x.x.x.x 255.255.255.240
#将接口加入zone
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet0/0/1
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/3
#配置域间策略
policy interzone trust untrust outbound
policy 1
action permit
policy source 10.0.0.0 0.0.255.255
policy source 172.16.0.0 0.0.255.255
#配置NAT策略
nat address-group 0 LIANTONG x.x.x.x 255.255.255.240
nat-policy interzone trust untrust outbound
policy 1
action source-nat
policy source 172.16.0.0 0.0.255.255
policy source 10.0.0.0 0.0.255.255
address-group LIANTONG
#配置链路可达性检查并与静态路由绑定
ip-link check enable
ip-link 1 destination x.x.x.z timer 5 mode icmp
ip route-static 0.0.0.0 0.0.0.0 x.x.x.z preference 50 ip-link 1
ip route-static 0.0.0.0 0.0.0.0 192.168.59.2
ip route-static 10.0.0.0 255.255.0.0 192.168.63.1
ip route-static 172.16.0.0 255.255.0.0 192.168.59.2
USG5320B Config:
#配置接口IP
interface GigabitEthernet0/0/0
description TO_CoreSW_B
ip address 192.168.62.2 255.255.255.0
interface GigabitEthernet0/0/1
description TO_FWA
ip address 192.168.59.2 255.255.255.0
interface GigabitEthernet0/0/3
description TO_DIANXIN
ip address y.y.y.y 255.255.255.240
#将接口加入zone
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet0/0/1
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/3
#配置域间策略
policy interzone trust untrust outbound
policy 1
action permit
policy source 10.0.0.0 0.0.255.255
policy source 172.16.0.0 0.0.255.255
#配置NAT策略
nat address-group 0 DIANXIN y.y.y.y 255.255.255.240
nat-policy interzone trust untrust outbound
policy 1
action source-nat
policy source 172.16.0.0 0.0.255.255
policy source 10.0.0.0 0.0.255.255
address-group DIANXIN
#配置链路可达性检查并与静态路由绑定
ip-link check enable
ip-link 1 destination y.y.y.z timer 5 mode icmp
ip route-static 0.0.0.0 0.0.0.0 y.y.y.z preference 50 ip-link 1
ip route-static 0.0.0.0 0.0.0.0 192.168.59.1
ip route-static 172.16.0.0 255.255.0.0 192.168.62.1
ip route-static 10.0.0.0 255.255.0.0 192.168.59.1
注:
1、 当IP-Link自动侦测发现链路故障时,USG5300会将下一跳IP地址是IP-Link链路探测的目的IP地址的静态路由置为非激活状态,用display fib可以发现与IP-Link绑定的路由已经消失;同时防火墙会对自身的静态路由进行,选择次优静态路由,保持业务的持续。
2、 USG5300版本号V100R003SPC300才可支持IP-Link与静态路由绑定;
3、 IP-Link链路探测的目的IP地址必须与静态路由的下一跳IP地址相同;
4、 上面的配置虽然实现了运营商链路的冗余,但是如果核心交换VRRP主备倒换,则会出现办公区1或者办公区2上不了internet的情况,VRRP此时只能保证3层及以下数据的互通(无语,想了半天还是没有想出什么好的解决方法),保证VRRP的稳定只能靠设备了(双主控+双电源)。
还是希望有经验的朋友给出一个完整的解决方案,感觉这次配置还是有问题的,好多问题没有解决。
华为三层交换机与防火墙对接上网
作者:admin 日期:2017-08-03
交换机的三种模式:
Access模式:
一般用来连接计算机与交换机. 此模式下有一个PVID就是本端口所属的VLAN号,如果从链路上收到无标签的帧,则打上默认VLAN号,然后发给其他端口,如果从链路上收到有标签的帧,如果这个帧的VLAN等于PVID,则直接发给其他端口,如果不等于PVID,则直接丢弃.如果从其他端口收到一个有标签的帧,且VLAN等于PVID,则直接剥离掉标签从此端口发出,如果此标签不等于PVID,则直接丢弃.
Trunk模式:
一般用于各交换机之间连接.此模式下有一个PVID和允许通过的VLAN ID列表. 如果从链路上收到一个不带标签的帧,则直接打上PVID号,转发到其他端口, 如果从链路上收到一个带标签的帧,且此帧的VLAN号在允许通过的VLAN列表里,则直接转发给其他端口; 如果从其他端口收到一个有标签的帧,且此帧的VLAN等于PVID,则直接剥离掉标签,并从此端口发出,如果此标签不等于PVID,则查看此帧的VLAN号是否在允许通过的VLAN列表里,如果在,则直接从此端口发出,否则丢弃.
Hybrid模式:
此模式下,有一个默认的PVID号,一个untagged列表和一个tagged列表. 如果从链路上收到一个无标签的帧,则打上PVID号,转发到其他端口,如果从链路上收到一个带标签的帧,且此帧的VLAN号在untagged或者tagged列表中的其中任意一个列表里,则直接转发到其他端口,否则丢弃. 如果从其他端口收到一个有标签的帧,且帧的VLAN号在tagged列表里,则直接从此端口发出,如果VLAN号在untagged列表里,这剥离掉帧的VLAN标签,然后从此端口发出.
华为交换机的三种视图: 用户视图, 系统视图, 接口视图
用户视图: 刚开始登入交换机时的视图,一般看到的是尖括号<> .
save // 配置完交换机后保存当前配置的命令
system-view // 进入系统视图的命令
clock timezone BJ add|minus 8 // 设置时区
clock datetime 16:36:00 2016-07-01 //设置交换机的时间
系统视图: 在用户视图下输入system-view后进入系统视图,一般为方括号[]
display current-configuration // 显示当前配置
user-interface maximum-vty 15 //配置vty最大连接数
user-interface vty 0 14 //进入vty用户界面视图
user privilege level 2 //设置vty登入的用户等级为2(配置用户级别)
authentication-mode aaa //设置vty登入时的验证模式为用户名和密码验证
aaa //进入AAA视图
local-user admin password cipher admin@123 //设置aaa登入的用户名和密码
local-user admin service-type telnet //设置admin用户远程登入时的协议
user-interface console 0 //进入第0个console口的用户界面
authentication-mode passwd //配置从console口登入交换机的认证模式为密码认证
set authentication password cipher admin@123 //配置从console口登入交换机的密码
vlan 10 //创建一个VLAN
interface meth 0/0/1 //进入交换机的第一个管理网口
ip address 192.168.1.110 24 //设置管理网口的ip地址和子网掩码
interface gigabitethernet 0/0/1 //进入第一个业务网口
port link-type access //设置第1个网口位access模式
port default vlan 10 //设置此网口的VLAN号为10
interface gigabitethnet 0/0/2 //进入第2个业务网口
port link-type trunk //设置第二个网口位trunk模式
port trunk allow-pass vlan 10 20 30 //设置此端口可以通过的VLAN号
// port trunk allow-pass vlan all 表示可以通过所有的带VLAN的帧
Interface gigabitethnet 0/0/3 //进入第3个业务网口
Port link-type hybrid //设置此端口为hybrid模式,每个端口默认就是hybrid模式
Port hybrid pvid vlan 10 //设置pvid为10
Port hybrid tagged vlan 20 30 40 //设置tagged列表为20,30,40
Port hybrid untagged vlan 50 60 //设置untagged列表为50,60
Display port vlan //显示当前各端口的VLAN情况
清除某个端口的配置
Interface gigabitethernet 0/0/2
Clear configuration this
Undo shutdown
Interface gigabitethernet 0/0/3
Undo port default vlan //access 模式的端口
Undo port link-type
Undo port hybrid pvid vlan vlanid //hybrid 模式的端口
Undo port hybrid untagged vlan vlanid
Undo port hybrid tagged vlan vlanid
Undo port trunk pvid vlan //trunk 模式的端口
Undo port trunk allow-pass vlan vlanid
Undo port link-type
恢复出厂设置s5700SI
在用户视图下(按Ctrl+z组合键回到用户视图)输入如下命令操作
reset saved-configuration
Y
Reboot
N
Y
设置交换机的mux-vlan模式
假设主VLAN是10,从VLAN中group模式的有VLAN 20, separate模式的有VLAN 30,server连接1号端口,PC1和PC2连接2和3号端口,PC3和PC4连接4和5号端口
Vlan batch 10 20 30
Vlan 10
Mux-vlan
Subordinate group 20
Subordinate separate 30
把各连接的端口设为access模式,并且加入到各自的VLAN中,且同时开启mux-vlan功能,
Interface gigabitethernet 0/0/1
Port link-type access
Port default vlan 10
Port mux-vlan enable
Interface gigabitethernet 0/0/2 //3号端口设置方法类似
Port link-type access
Port default vlan 20
Port mux-vlan enable
Interface gigabitethernet 0/0/4 //5号端口设置方法类似
Port link-type access
Port default vlan 30
Port mux-vlan enable
三层交换机接路由器LAN口
Vlan 60 70
Interface vlanif 60
ip address 192.168.60.1 24
interface vlanif 70
ip address 192.168.1.238 24
interface gigabitethernet 0/0/3
port link-type access
port default vlan 60
interface gigabitethernet 0/0/4
port link-type access
port default vlan 70
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
在与交换机相连的路由器上设置一条静态ip地址,目的地址为交换机相关的各个网段地址,网关为交换机与路由器相连的vlanif的ip地址
批量配置交换机端口
vlan batch 10 20
port-group 1
group-member gigabitethernet 0/0/1 to gigabitethernet 0/0/10
port link-type access
port default vlan 10
点击下载此文件 华为三层交换机与防火墙对接上网
思科(锐捷)三层交换机配置VLAN+DHCP
作者:admin 日期:2017-07-31
命令如下: 假设是配置vlan 网关,那么就是配置SVI接口IP地址: enable configure terminal int vlan 10 (端口下命令) ip address 192.168.10.1 255.255.255.0(确定vlan网段) exit DHCP配置: ip dhcp pool vlan(设置名称) network 192.168.10.0 255.255.255.0(设置网段) default-rotuer 192.168.10.1(设置网关) dns-server X.X.X.X (设置DNS) exit ip dhcp e 192.168.10.1 (不分配IP)
asp乱码的有效解决办法
作者:admin 日期:2017-06-17
多个图标集于一张背景图片在网页上显示指定区域
作者:wang 日期:2011-11-28
无组件上传漏洞的修补方法
作者:wang 日期:2011-11-08
一个常见经典的上传程序漏洞的修补过程
作者:wang 日期:2011-11-08
父页面用window.open()打开子页面,子页面向父页面input域回传值
作者:wang 日期:2011-05-26
javascript:使select下拉框也可以输入文本
作者:wang 日期:2011-05-25
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>Editable listbox</title>
javascript数组去除重复数据
作者:wang 日期:2011-05-25
javascript实现下拉列表框模糊查询
作者:wang 日期:2011-05-25
var qswhSpell=["a",0,"ai",2,"an",15,"ang",24,"ao",27,"ba",36,"bai",54,"ban",62,"bang",77,"bao",89,"bei",106,"ben",121,"beng",125,"bi",131,"bian",155,"biao",167,"bie",171,"bin",175,"bing",181,"bo",190,"bu",211,"ca",220,"cai",221,"can",232,"cang",239,"cao",244,"ce",249,"ceng",254,"cha",256,"chai",267,"chan",270,"chang",280,"chao",293,"che",302,"chen",308,"cheng",318,"chi",333,"chong",349,"chou",354,"chu",366,"chuai",382,"chuan",383,"chuang",390,"chui",396,"chun",401,"chuo",408,"ci",410,"cong",422,"cou",428,"cu",429,"cuan",433,"cui",436,"cun",444,"cuo",447,"da",453,"dai",459,"dan",471,"dang",486,"dao",491,"de",503,"deng",506,"di",513,"dian",532,"diao",548,"die",557,"ding",564,"diu",573,"dong",574,"dou",584,"du",591,"duan",606,"dui",612,"dun",616,"duo",625,"e",637,"en",650,"er",651,"fa",659,"fan",667,"fang",684,"fei",695,"fen",707,"feng",722,"fo",737,"fou",738,"fu",739,"ga",784,"gai",786,"gan",792,"gang",803,"gao",812,"ge",822,"gei",839,"gen",840,"geng",842,"gong",849,"gou",864,"gu",873,"gua",891,"guai",897,"guan",900,"guang",911,"gui",914,"gun",930,"guo",933,"ha",939,"hai",940,"han",947,"hang",966,"hao",969,"he",978,"hei",996,"hen",998,"heng",1002,"hong",1007,"hou",1016,"hu",1023,"hua",1041,"huai",1050,"huan",1055,"huang",1069,"hui",1083,"hun",1104,"huo",1110,"ji",1120,"jia",1173,"jian",1190,"jiang",1230,"jiao",1243,"jie",1271,"jin",1298,"jing",1318,"jiong",1343,"jiu",1345,"ju",1362,"juan",1387,"jue",1394,"jun",1404,"ka",1415,"kai",1419,"kan",1424,"kang",1430,"kao",1437,"ke",1441,"ken",1456,"keng",1460,"kong",1462,"kou",1466,"ku",1470,"kua",1477,"kuai",1482,"kuan",1486,"kuang",1488,"kui",1496,"kun",1507,"kuo",1511,"la",1515,"lai",1522,"lan",1525,"lang",1540,"lao",1547,"le",1556,"lei",1558,"leng",1569,"li",1572,"lia",1606,"lian",1607,"liang",1621,"liao",1632,"lie",1645,"lin",1650,"ling",1662,"liu",1676,"long",1687,"lou",1696,"lu",1702,"lv",1722,"luan",1736,"lue",1742,"lun",1744,"luo",1751,"ma",1763,"mai",1772,"man",1778,"mang",1787,"mao",1793,"me",1805,"mei",1806,"men",1822,"meng",1825,"mi",1833,"mian",1847,"miao",1856,"mie",1864,"min",1866,"ming",1872,"miu",1878,"mo",1879,"mou",1896,"mu",1899,"na",1914,"nai",1921,"nan",1926,"nang",1929,"nao",1930,"ne",1935,"nei",1936,"nen",1938,"neng",1939,"ni",1940,"nian",1951,"niang",1958,"niao",1960,"nie",1962,"nin",1969,"ning",1970,"niu",1976,"nong",1980,"nu",1984,"nv",1987,"nuan",1988,"nue",1989,"nuo",1991,"o",1995,"ou",1996,"pa",2003,"pai",2009,"pan",2015,"pang",2023,"pao",2028,"pei",2035,"pen",2044,"peng",2046,"pi",2060,"pian",2077,"piao",2081,"pie",2085,"pin",2087,"ping",2092,"po",2101,"pu",2110,"qi",2125,"qia",2161,"qian",2164,"qiang",2186,"qiao",2194,"qie",2209,"qin",2214,"qing",2225,"qiong",2238,"qiu",2240,"qu",2248,"quan",2261,"que",2272,"qun",2280,"ran",2282,"rang",2286,"rao",2291,"re",2294,"ren",2296,"reng",2306,"ri",2308,"rong",2309,"rou",2319,"ru",2322,"ruan",2332,"rui",2334,"run",2337,"ruo",2339,"sa",2341,"sai",2344,"san",2348,"sang",2352,"sao",2355,"se",2359,"sen",2362,"seng",2363,"sha",2364,"shai",2373,"shan",2375,"shang",2391,"shao",2399,"she",2410,"shen",2422,"sheng",2438,"shi",2449,"shou",2496,"shu",2506,"shua",2539,"shuai",2541,"shuan",2545,"shuang",2547,"shui",2550,"shun",2554,"shuo",2558,"si",2562,"song",2578,"sou",2586,"su",2589,"suan",2602,"sui",2605,"sun",2616,"suo",2619,"ta",2627,"tai",2636,"tan",2645,"tang",2663,"tao",2676,"te",2687,"teng",2688,"ti",2692,"tian",2707,"tiao",2715,"tie",2720,"ting",2723,"tong",2733,"tou",2746,"tu",2750,"tuan",2761,"tui",2763,"tun",2769,"tuo",2772,"wa",2783,"wai",2790,"wan",2792,"wang",2809,"wei",2819,"wen",2852,"weng",2862,"wo",2865,"wu",2874,"xi",2903,"xia",2938,"xian",2951,"xiang",2977,"xiao",2997,"xie",3015,"xin",3036,"xing",3046,"xiong",3061,"xiu",3068,"xu",3077,"xuan",3096,"xue",3106,"xun",3112,"ya",3126,"yan",3142,"yang",3175,"yao",3192,"ye",3207,"yi",3222,"yin",3275,"ying",3291,"yo",3309,"yong",3310,"you",3325,"yu",3346,"yuan",3390,"yue",3410,"yun",3420,"za",3432,"zai",3435,"zan",3442,"zang",3446,"zao",3449,"ze",3463,"zei",3467,"zen",3468,"zeng",3469,"zha",3473,"zhai",3487,"zhan",3493,"zhang",3510,"zhao",3525,"zhe",3535,"zhen",3545,"zheng",3561,"zhi",3576,"zhong",3619,"zhou",3630,"zhu",3644,"zhua",3670,"zhuai",3672,"zhuan",3673,"zhuang",3679,"zhui",3686,"zhun",3692,"zhuo",3694,"zi",3705,"zong",3720,"zou",3727,"zu",3731,"zuan",3739,"zui",3741,"zun",3745,"zuo",3747];
function UrlEncode(str){
