Mun daɗe muna amfani da kayan aikin Huawei a ciki . Kwanan nan mu kuma lokacin ƙara sabbin na'urori, ra'ayin ya zo don raba takamaiman jerin abubuwan bincike ko tarin saitunan asali tare da misalai.
Akwai umarni iri ɗaya da yawa akan gidan yanar gizo don masu amfani da kayan aikin Cisco. Koyaya, akwai 'yan irin waɗannan labaran don Huawei kuma wani lokacin dole ne ku nemi bayanai a cikin takaddun ko tattara su daga labarai da yawa. Muna fatan zai zama da amfani, mu tafi!
Labarin zai bayyana abubuwa masu zuwa:
Haɗin farko
Haɗa zuwa maɓalli ta hanyar haɗin na'ura mai kwakwalwa
Ta hanyar tsoho, ana jigilar maɓallan Huawei ba tare da saiti ba. Ba tare da fayil ɗin sanyi ba a cikin ƙwaƙwalwar maɓalli, tsarin ZTP (Zero Touch Provisioning) yana farawa lokacin da aka kunna ta. Ba za mu kwatanta wannan tsarin daki-daki ba, kawai mun lura cewa yana dacewa lokacin aiki tare da adadi mai yawa na na'urori ko don daidaitawa mai nisa. Rahoton da aka ƙayyade na ZTP .
Don saitin farko ba tare da amfani da ZTP ba, ana buƙatar haɗin na'ura mai kwakwalwa.
Zaɓuɓɓukan haɗin kai (daidaitacce)
Yawan watsawa: 9600
Data bit (B): 8
Bambanci tsakanin: Babu
Tsaya (S): 1
Yanayin sarrafa kwarara: Babu
Bayan haɗawa, zaku ga buƙatar saita kalmar sirri don haɗin na'ura.
Saita kalmar sirri don haɗin wasan bidiyo
Ana buƙatar kalmar sirri ta farko don shiga ta farko ta na'ura wasan bidiyo.
Ci gaba da saita shi? [Y/N]: y
Saita kalmar sirri kuma kiyaye shi lafiya!
In ba haka ba ba za ku iya shiga ta na'ura mai kwakwalwa ba.
Da fatan za a saita kalmar wucewa ta shiga (8-16)
Shigar da Kalmar wucewa:
Tabbata kalmar shiga:
Kawai shigar da kalmar sirri, tabbatar da shi kuma kun gama! Sannan zaku iya canza kalmar sirri da sauran sigogin tantancewa akan tashar wasan bidiyo ta amfani da umarni masu zuwa:
Misalin canza kalmar sirri
tsarin duba
[~ Huawei] Console mai amfani 0
[~HUAWEI-ui-console0] kalmar sirrin yanayin tabbatarwa
[~HUAWEI-ui-console0] saita cipher kalmar sirri <password>
[*HUAWEI-ui-console0] aikata
Saitin Stacking (iStack)
Bayan samun dama ga maɓallai, zaku iya saita tari da zaɓin. Huawei CE yana amfani da fasahar iStack don haɗa maɓalli da yawa zuwa na'ura mai ma'ana guda ɗaya. Tushen topology zobe ne, watau. Ana ba da shawarar yin amfani da aƙalla tashoshin jiragen ruwa 2 akan kowane maɓalli. Adadin tashoshin jiragen ruwa ya dogara da saurin sadarwar da ake so na maɓalli a cikin tari.
Yana da kyau a yi amfani da uplinks lokacin tarawa, gudun wanda yawanci ya fi na tashar jiragen ruwa don haɗa na'urorin ƙarshe. Don haka, zaku iya samun ƙarin bandwidth tare da ƴan tashoshi kaɗan. Hakanan, ga yawancin samfura akwai hani akan amfani da tashoshin gigabit don tarawa. Ana ba da shawarar yin amfani da aƙalla tashoshin 10G.
Akwai zaɓuɓɓukan daidaitawa guda biyu waɗanda suka bambanta kaɗan a cikin jerin matakai:
-
Tsarin farko na masu sauyawa tare da haɗin jiki na gaba.
-
Na farko, shigar da haɗa masu sauyawa zuwa juna, sannan saita su don yin aiki a cikin tari.
Jerin ayyuka na waɗannan zaɓuɓɓukan sune kamar haka:
Matakai don Zaɓuɓɓukan Tari Biyu
Yi la'akari da zaɓi na biyu (tsawo) don saita tari. Don yin wannan, bi waɗannan matakan:
-
Muna tsara aikin yin la'akari da yiwuwar raguwar lokaci. Muna tsara jerin ayyuka.
-
Muna aiwatar da shigarwa da haɗin kebul na masu sauyawa.
-
Muna saita ma'auni na asali na tari don maɓallin mai sarrafa:
[~HUAWEI] stack
3.1. Mun saita sigogi da muke bukata
#
memba tari 1 mai lamba X - inda X shine sabon ID na canzawa a cikin tari. Ta hanyar tsoho, ID = 1
kuma zaku iya barin ID ɗin tsoho don maɓallin maigidan.
#
memba tari 1 fifiko 150 - Bayyana fifiko. Sauyawa tare da mafi girma
Za a ba da fifiko ta hanyar madaidaicin mashin ɗin. Ƙimar fifiko
tsoho: 100.
#
memba tari {memba-id | duk} yankin - sanya ID na yanki don tari.
Ta tsohuwa, ba a saita ID na yanki ba.
#
Alal misali:
tsarin duba
[~ Huawei] Sysname SwitchA
[Huawei] aikata
[~SwitchA] tari
[~SwitchA-tari] memba tari 1 fifiko 150
[SwitchA-tari] memba tari 1 yankin 10
[SwitchA-tari] sallama
[SwitchA] aikata
3.2 Haɓaka madaidaicin tashar tashar jiragen ruwa (misali)
[~SwitchA] Interface stack-port 1/1[SwitchA-Stack-Port1/1] Ƙungiya memba na tashar jiragen ruwa 10ge 1/0/1 zuwa 1/0/4
Gargaɗi: Bayan an gama daidaitawa,
1.The interface(s) (10GE1/0/1-1/0/4) za a tuba zuwa tari yanayin da kuma a kaga tare da
kididdigar tashar tashar jiragen ruwa crc-statistics tana haifar da umarni-ƙasa kuskure idan tsarin bai wanzu ba.
2.The interface(s) na iya zuwa Kuskure-Down (crc-statistics) saboda babu wani tsarin rufewa akan musaya. Ci gaba? [Y/N]: y
[SwitchA-Stack-Port1/1] aikata
[~SwitchA-Stack-Port1/1] samu
Na gaba, kuna buƙatar adana sanyi kuma ku sake kunna canjin:
ajiye
Gargaɗi: Za'a rubuta tsarin daidaitawa na yanzu zuwa na'urar. ci gaba? [Y/N]: y
sake yi
Gargaɗi: Tsarin zai sake yin aiki. ci gaba? [Y/N]: y
4. Kashe Stacking Ports akan Maɓallin Jagora (Misali)
[~SwitchA] Interface stack-port 1/1
[*SwitchA-Stack-Port1/1] shutdown
[*SwitchA-Stack-Port1/1] aikata
5. Mun saita canji na biyu a cikin tari ta kwatankwacinta da na farko:
tsarin duba
[~Huawei] sysname SauyawaB
[*HUAWEI] aikata
[~SwitchB] tari
[~SwitchB-tari] memba tari 1 fifiko 120
[*SwitchB-tari] memba tari 1 yankin 10
[*SwitchB-tari] memba tari 1 renumber 2 inherit-config
Gargadi: Za'a gaji tsarin ma'auni na memba ID 1 zuwa ID na memba 2
bayan na'urar ta sake saiti. ci gaba? [Y/N]: y
[*SwitchB-tari] sallama
[*SwitchB] aikata
Saita tashoshin jiragen ruwa don tarawa. Lura cewa duk da cewa umurnin "memba tari 1 renumber 2 inherit-config", memba-id a cikin tsarin ana amfani da shi tare da ƙimar "1" don SwitchB.
Wannan yana faruwa ne saboda memba-id na maɓalli za a canza shi ne kawai bayan sake yi, kuma kafin shi har yanzu canjin yana da memba-id daidai da 1. Siga ".gado-config” kawai ana buƙata ta yadda bayan an sake kunnawa, ana adana duk saitunan tari don memba 2, wanda zai zama maɓalli, saboda An canza ID membansa daga ƙimar 1 zuwa ƙima 2.
[~SwitchB] Interface stack-port 1/1
[*SwitchB-Stack-Port1/1] Ƙungiya memba na tashar jiragen ruwa 10ge 1/0/1 zuwa 1/0/4
Gargaɗi: Bayan an gama daidaitawa,
1.The dubawa(s) (10GE1/0/1-1/0/4) za a tuba zuwa tari
yanayin kuma a daidaita shi tare da tashar tashar tashar crc-statistics yana haifar da kuskuren kuskure idan tsarin ya yi
babu.
2.The interface(s) na iya zuwa Kuskure-Down (crc-statistics) saboda babu wani tsarin rufewa akan
musayar.
ci gaba? [Y/N]: y
[*SwitchB-Stack-Port1/1] aikata
[~SwitchB-Stack-Port1/1] samu
Sake yi SwitchB
ajiye
Gargaɗi: Za'a rubuta tsarin daidaitawa na yanzu zuwa na'urar. ci gaba? [Y/N]: y
sake yi
Gargaɗi: Tsarin zai sake yin aiki. ci gaba? [Y/N]: y
6. Kunna tashoshin jiragen ruwa masu tarawa a kan maɓalli mai mahimmanci. Yana da mahimmanci a sami lokaci don kunna tashoshin jiragen ruwa kafin a gama sake kunnawa na Switch B, saboda. idan kun kunna su bayan, kunna B zai sake komawa cikin sake yi.
[~SwitchA] Interface stack-port 1/1
[~SwitchA-Stack-Port1/1] sake kashewa
[*SwitchA-Stack-Port1/1] aikata
[~SwitchA-Stack-Port1/1] samu
7. Duba aikin tari tare da umarnin "nuni tari"
Misalin fitarwar umarni bayan daidaitaccen tsari
nuni tari
---------------------------
Matsayin MemberID MAC Bayanin Nau'in Na'urar fifiko
---------------------------
+1 Jagora 0004-9f31-d520 150 CE6850-48T4Q-EI
2 Jiran aiki 0004-9f62-1f40 120 CE6850-48T4Q-EI
---------------------------
+ yana nuna na'urar inda kunna aikin dubawar gudanarwa ke zaune.
8. Ajiye tsarin tari tare da umarnin "ajiye". An gama saitin
и Hakanan ana iya kallo akan gidan yanar gizon Huawei.
Saitunan shiga
A sama mun yi aiki ta hanyar haɗin na'ura. Yanzu muna buƙatar ko ta yaya haɗi zuwa canjin mu (stack) akan hanyar sadarwa. Don yin wannan, yana buƙatar dubawa (daya ko fiye) tare da adireshin IP. Yawanci, don sauyawa, ana sanya adireshin zuwa wurin dubawa a cikin VLAN na gudanarwa ko zuwa tashar gudanarwar da aka keɓe. Amma a nan, ba shakka, duk ya dogara da haɗin kai topology da manufar aiki na sauyawa.
Misalin saitin adireshi don dubawar VLAN 1:
[~ Huawei] Interface vlan 1
[~HUAWEI-Vlanif1] Adireshin IP: 10.10.10.1 255.255.255.0
[~HUAWEI-Vlanif1] aikata
Kuna iya fara ƙirƙirar Vlan a sarari kuma sanya masa suna, misali:
[~ Canjawa] wuta 1
[*Switch-vlan1] suna TEST_VLAN (Sunan VLAN na zaɓi ne)
Akwai ɗan hack na rayuwa dangane da suna - rubuta sunayen tsarin ma'ana a cikin manyan haruffa (ACL, Route-map, wani lokacin sunayen VLAN) don sauƙaƙe samun su a cikin fayil ɗin daidaitawa. Kuna iya ɗaukar "armament" 😉
Don haka, muna da VLAN, yanzu muna "ƙasa" a kan wasu tashar jiragen ruwa. Don zaɓin da aka bayyana a cikin misalin, wannan ba lallai ba ne, saboda. duk tashar jiragen ruwa ta hanyar tsohuwa suna cikin VLAN 1. Idan muna son saita tashar jiragen ruwa a cikin wani VLAN, muna amfani da umarnin da suka dace:
Saitin tashar jiragen ruwa a yanayin shiga:
[~ Canjawa] dubawa 25GE 1/0/20
[~ Canja-25GE1/0/20] nau'in hanyar haɗin tashar tashar jiragen ruwa
[~ Canja-25GE1/0/20] tashar jiragen ruwa vlan 10
[~ Canja-25GE1/0/20] aikata
Tsarin tashar tashar jiragen ruwa a yanayin gangar jikin:
[~ Canjawa] dubawa 25GE 1/0/20[~ Canja-25GE1/0/20] gangar jikin nau'in tashar tashar jiragen ruwa
[~ Canja-25GE1/0/20] tashar tashar jiragen ruwa pvid vlan 10 - Ƙayyade VLAN na asali (frames a cikin wannan VLAN ba za su sami tag a cikin rubutun ba)
[~ Canja-25GE1/0/20] tashar tashar jiragen ruwa izinin izinin wucewa vlan 1 zuwa 20 - ba da damar kawai VLAN mai alamar daga 1 zuwa 20 (misali)
[~ Canja-25GE1/0/20] aikata
Mun gano saitunan dubawa. Bari mu matsa zuwa tsarin SSH.
Muna ba da umarnin da ake buƙata kawai:
Sanya suna ga mai sauyawa
tsarin duba
[~ Huawei] sysname SSH Server
[*HUAWEI] aikata
Ƙirƙirar maɓalli
[~SSH Server] rsa gida-key-biyu ƙirƙira // Ƙirƙiri mai masaukin RSA na gida da maɓallan maɓallai na uwar garken.
Makullin sunan zai zama: SSH Server_Host
Matsakaicin girman maɓalli na jama'a shine (512 ~ 2048).
NOTE: Ƙirƙirar maɓalli na biyu zai ɗauki ɗan lokaci kaɗan.
Shigar da ragowa a cikin modulus [tsoho = 2048]: 2048
[*SSH Server] aikata
Kafa hanyar sadarwa ta VTY
[~SSH Server] mai amfani-interface vty 0 4
[~ SSH Server-ui-vty0-4] ingantaccen yanayin aaa
[SSH Server-ui-vty0-4] matakin gata mai amfani 3
[SSH Server-ui-vty0-4] protocol inbound ssh
[*SSH Server-ui-vty0-4] sallama
Ƙirƙiri mai amfani na gida "client001" kuma saita kalmar sirri don shi
[SSH Server] AAA[SSH Server-aaa] abokin ciniki na gida-mai amfani001 kalmar sirri mara jujjuyawa-cipher
[SSH Server-aaa] abokin ciniki na gida-mai amfani001 matakin 3
[SSH Server-aaa] abokin ciniki na gida-mai amfani001 nau'in sabis na ssh
[SSH Server-aaa] sallama
[SSH Server] ssh mai amfani abokin ciniki001 kalmar sirri-nau'in kalmar sirri
Kunna sabis na SSH akan maɓalli
[~SSH Server] stelnet uwar garken kunna[*SSH Server] aikata
Taɓawar ƙarshe: saita sabis-tupe don abokin ciniki mai amfani001
[~SSH Server] ssh mai amfani abokin ciniki001 nau'in sabis na stelnet[*SSH Server] aikata
An gama saitin Idan kun yi komai daidai, to, zaku iya haɗawa da sauyawa ta hanyar sadarwar gida kuma ku ci gaba da aiki.
Ana iya samun ƙarin cikakkun bayanai kan saita SSH a cikin takaddun Huawei - и .
Ana saita Saitunan Tsari Na Asali
A cikin wannan toshe, za mu yi la'akari da ƙaramin adadin tubalan umarni daban-daban don daidaita abubuwan da suka fi shahara.
1. Saita lokacin tsarin da aiki tare ta hanyar NTP.
Kuna iya amfani da umarni masu zuwa don saita lokaci a gida akan maɓalli:
yankin lokacin agogo { add | rage }
agogon kwanan wata [ utc ] HH:MM:SS YYYY-MM-DD
Misali na saita lokaci a gida
yankin lokacin agogo MSK ƙara 03:00:00
agogon kwanan wata 10:10:00 2020-10-08
Don daidaita lokaci ta hanyar NTP tare da uwar garken, shigar da umarni mai zuwa:
ntp unicast uwar garken [ version lamba | tabbaci-keyid key-id | tushen-interface nau'in dubawa
Misalin umarni don aiki tare na lokaci ta hanyar NTP
ntp unicast-uwar garken 88.212.196.95
aikata
2. Don yin aiki tare da sauyawa, wani lokacin kana buƙatar saita aƙalla hanya ɗaya - hanyar da ta dace ko hanyar da ta dace. Ana amfani da umarni mai zuwa don ƙirƙirar hanyoyi:
hanyar ip-a tsaye ip-adireshin {mask | mask-tsawon } {adireshin gaba | Interface-type interface-lambar [na gaba-adireshin] }
Misalin umarni don ƙirƙirar hanyoyi:
tsarin duba
hanyar ip-a tsaye 0.0.0.0 0.0.0.0 192.168.0.1
aikata
3. Saita yanayin aiki na ka'idar Spanning-Tree.
Don daidaitaccen amfani da sabon canji a cikin hanyar sadarwa mai gudana, yana da mahimmanci a kula da zaɓin yanayin aiki na STP. Har ila yau, zai yi kyau a saita shi nan da nan. Ba za mu daɗe a nan ba, domin. batun yana da fadi sosai. Bari mu bayyana kawai hanyoyin aiki na yarjejeniya:
yanayin stp { stp | rstp | mstp | vbst } - a cikin wannan umarni, zaɓi yanayin da muke buƙata. Yanayin tsoho: MSTP. Hakanan shine yanayin da aka ba da shawarar don aiki akan na'urorin Huawei. Baya masu jituwa tare da RSTP yana samuwa.
Alal misali:
tsarin duba
stp yanayin mstp
aikata
4. Misali na kafa tashar wuta don haɗa na'urar ƙarewa.
Yi la'akari da misali na daidaita tashar shiga don aiwatar da zirga-zirga a cikin VLAN10
[SW] dubawa 10ge 1/0/3
[SW-10GE1/0/3] nau'in hanyar haɗin tashar tashar jiragen ruwa
[SW-10GE1/0/3] Port default vlan 10
[SW-10GE1/0/3] stp gefen-port kunna
[*SW-10GE1/0/3] sallama
Kula da umarninstp gefen-port kunna”- yana ba ku damar hanzarta aiwatar da canjin tashar jiragen ruwa zuwa yanayin turawa. Koyaya, bai kamata a yi amfani da wannan umarni akan tashoshin jiragen ruwa waɗanda wasu maɓallai ke haɗa su ba.
Hakanan, umarnin"stp bpdu-tace kunna".
5. Misali na daidaita tashar Port-Channel a yanayin LACP don haɗawa zuwa wasu maɓalli ko sabobin.
Alal misali:
[SW] Interface eth-trunk 1[SW-Eth-Trunk1] gangar jikin nau'in tashar tashar jiragen ruwa
[SW-Eth-Trunk1] tashar tashar jiragen ruwa izinin izinin wucewa vlan 10
[SW-Eth-Trunk1] yanayin lacp-a tsaye (ko za ku iya amfani da lacp-dynamic)
[SW-Eth-Trunk1] sallama
[SW] dubawa 10ge 1/0/1
[SW-10GE1/0/1] eth-Trunk 1
[SW-10GE1/0/1] sallama
[SW] dubawa 10ge 1/0/2
[SW-10GE1/0/2] eth-Trunk 1
[*SW-10GE1/0/2] sallama
Kar ku manta game da "aikata” kuma mun riga mun yi aiki tare da ke dubawa tuk 1.
Kuna iya duba matsayin haɗin haɗin haɗin gwiwa tare da umarnin "nuni eth-trunk".
Mun bayyana mahimman abubuwan daidaitawar Huawei switches. Tabbas, zaku iya zurfafa zurfafa cikin batun kuma ba a bayyana adadin maki ba, amma mun yi ƙoƙarin nuna manyan, shahararrun umarni don saitin farko.
Muna fatan cewa wannan "manual" zai taimaka maka saita masu sauyawa da sauri.
Hakanan zai yi kyau idan kun rubuta a cikin sharhin umarnin da kuke tunanin bacewa a cikin labarin, amma kuma suna iya sauƙaƙe daidaitawar masu sauyawa. To, kamar yadda muka saba, za mu yi farin cikin amsa tambayoyinku.
source: www.habr.com