一、华为交换机基础知识
1.1 华为交换机产品系列
华为交换机产品线覆盖从低端到高端全系列,弱电工程中常用的型号包括:
- S1700系列 — 入门级百兆/千兆交换机,适用于小型办公网络
- S2700系列 — 千兆接入交换机,支持基本VLAN和QoS
- S3700系列 — 千兆接入交换机,支持PoE供电,适合AP接入
- S5700系列 — 千兆接入/汇聚交换机,弱电项目中最常用
- S6700系列 — 万兆接入交换机,适用于中大型网络
- S7700/S9700系列 — 核心交换机,适用于大型园区网
1.2 VRP操作系统
华为交换机运行VRP(Versatile Routing Platform)通用路由平台,命令体系与思科IOS类似但有差异。VRP分为用户视图、系统视图、接口视图、VLAN视图、协议视图等多个层级。
二、设备登录与基本配置
2.1 首次登录
新设备首次登录通过Console口连接:
- 使用Console线连接交换机Console口与电脑串口
- 终端软件设置:波特率9600,数据位8,停止位1,无校验
- 默认用户名密码:admin/Admin@123 或通过无密码直接登录
2.2 基本系统配置
修改设备名称:
<Huawei> system-view
[Huawei] sysname SW-Core
[SW-Core]配置管理IP地址:
[SW-Core] interface Vlanif 1
[SW-Core-Vlanif1] ip address 192.168.1.1 255.255.255.0
[SW-Core-Vlanif1] quit开启SSH远程管理:
[SW-Core] rsa local-key-pair create
[SW-Core] user-interface vty 0 4
[SW-Core-ui-vty0-4] authentication-mode aaa
[SW-Core-ui-vty0-4] protocol inbound ssh
[SW-Core-ui-vty0-4] quit
[SW-Core] aaa
[SW-Core-aaa] local-user admin password cipher Admin@123
[SW-Core-aaa] local-user admin privilege level 15
[SW-Core-aaa] local-user admin service-type ssh telnet
[SW-Core-aaa] quit
[SW-Core] stelnet server enable保存配置:
[SW-Core] save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]: y三、VLAN配置
3.1 VLAN概述
VLAN(Virtual Local Area Network,虚拟局域网)是将物理网络划分为多个逻辑广播域的技术。弱电工程中通常按部门、楼层、功能区域划分VLAN。
3.2 创建VLAN
[SW-Core] vlan batch 10 20 30 40 50
[SW-Core] display vlan3.3 Access端口配置
将终端设备接入端口配置为Access类型:
[SW-Core] interface GigabitEthernet 0/0/1
[SW-Core-GigabitEthernet0/0/1] port link-type access
[SW-Core-GigabitEthernet0/0/1] port default vlan 10
[SW-Core-GigabitEthernet0/0/1] quit3.4 Trunk端口配置
交换机之间互联端口配置为Trunk类型:
[SW-Core] interface GigabitEthernet 0/0/24
[SW-Core-GigabitEthernet0/0/24] port link-type trunk
[SW-Core-GigabitEthernet0/0/24] port trunk allow-pass vlan 10 20 30
[SW-Core-GigabitEthernet0/0/24] quit3.5 Hybrid端口配置
Hybrid端口可以同时属于多个VLAN,适用于需要灵活控制的场景:
[SW-Core] interface GigabitEthernet 0/0/10
[SW-Core-GigabitEthernet0/0/10] port link-type hybrid
[SW-Core-GigabitEthernet0/0/10] port hybrid untagged vlan 10 20
[SW-Core-GigabitEthernet0/0/10] port hybrid tagged vlan 30
[SW-Core-GigabitEthernet0/0/10] quit四、链路聚合(Eth-Trunk)
4.1 链路聚合概述
链路聚合将多条物理链路捆绑为一条逻辑链路,实现带宽叠加和冗余备份。华为使用Eth-Trunk实现。
4.2 手动聚合配置
[SW-Core] interface Eth-Trunk 1
[SW-Core-Eth-Trunk1] port link-type trunk
[SW-Core-Eth-Trunk1] port trunk allow-pass vlan all
[SW-Core-Eth-Trunk1] quit
[SW-Core] interface GigabitEthernet 0/0/23
[SW-Core-GigabitEthernet0/0/23] eth-trunk 1
[SW-Core] interface GigabitEthernet 0/0/24
[SW-Core-GigabitEthernet0/0/24] eth-trunk 14.3 LACP动态聚合
[SW-Core] interface Eth-Trunk 1
[SW-Core-Eth-Trunk1] mode lacp-static
[SW-Core-Eth-Trunk1] quit
[SW-Core] interface GigabitEthernet 0/0/23
[SW-Core-GigabitEthernet0/0/23] eth-trunk 1
[SW-Core] interface GigabitEthernet 0/0/24
[SW-Core-GigabitEthernet0/0/24] eth-trunk 1五、DHCP服务器配置
5.1 接口地址池
[SW-Core] dhcp enable
[SW-Core] interface Vlanif 10
[SW-Core-Vlanif10] ip address 192.168.10.1 255.255.255.0
[SW-Core-Vlanif10] dhcp select interface
[SW-Core-Vlanif10] dhcp server dns-list 8.8.8.8 114.114.114.114
[SW-Core-Vlanif10] dhcp server lease day 3
[SW-Core-Vlanif10] dhcp server excluded-ip-address 192.168.10.1 192.168.10.10
[SW-Core-Vlanif10] quit5.2 全局地址池
[SW-Core] ip pool vlan20-pool
[SW-Core-ip-pool-vlan20-pool] network 192.168.20.0 mask 255.255.255.0
[SW-Core-ip-pool-vlan20-pool] gateway-list 192.168.20.1
[SW-Core-ip-pool-vlan20-pool] dns-list 8.8.8.8
[SW-Core-ip-pool-vlan20-pool] lease day 7
[SW-Core-ip-pool-vlan20-pool] quit
[SW-Core] interface Vlanif 20
[SW-Core-Vlanif20] dhcp select global六、STP生成树协议
6.1 STP概述
STP(Spanning Tree Protocol)用于消除网络中的二层环路,防止广播风暴。华为默认开启MSTP(多生成树协议)。
6.2 配置根桥
[SW-Core] stp mode mstp
[SW-Core] stp priority 0
[SW-Core] stp root primary6.3 配置备份根桥
[SW-Backup] stp priority 4096
[SW-Backup] stp root secondary6.4 MSTP多实例配置
[SW-Core] stp region-configuration
[SW-Core-mst-region] region-name RDAL
[SW-Core-mst-region] revision-level 1
[SW-Core-mst-region] instance 1 vlan 10 20
[SW-Core-mst-region] instance 2 vlan 30 40
[SW-Core-mst-region] active region-configuration
[SW-Core-mst-region] quit七、端口安全与隔离
7.1 MAC地址绑定
[SW-Core] interface GigabitEthernet 0/0/1
[SW-Core-GigabitEthernet0/0/1] port-security enable
[SW-Core-GigabitEthernet0/0/1] port-security max-mac-num 1
[SW-Core-GigabitEthernet0/0/1] port-security mac-address sticky
[SW-Core-GigabitEthernet0/0/1] port-security protect-action shutdown7.2 端口隔离
[SW-Core] interface GigabitEthernet 0/0/1
[SW-Core-GigabitEthernet0/0/1] port-isolate enable
[SW-Core-GigabitEthernet0/0/1] port-isolate mode l2八、ACL访问控制
8.1 基本ACL(2000-2999)
[SW-Core] acl 2001
[SW-Core-acl-basic-2001] rule 5 deny source 192.168.10.100 0
[SW-Core-acl-basic-2001] rule 10 permit source 192.168.10.0 0.0.0.255
[SW-Core-acl-basic-2001] quit
[SW-Core] interface GigabitEthernet 0/0/1
[SW-Core-GigabitEthernet0/0/1] packet-filter 2001 inbound8.2 高级ACL(3000-3999)
[SW-Core] acl 3001
[SW-Core-acl-adv-3001] rule 5 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.20.100 0
[SW-Core-acl-adv-3001] rule 10 permit ip
[SW-Core-acl-adv-3001] quit九、常用查看与维护命令
display version # 查看设备版本
display current-configuration # 查看当前配置
display ip interface brief # 查看接口IP
display vlan # 查看VLAN信息
display mac-address # 查看MAC地址表
display arp # 查看ARP表
display stp # 查看STP状态
display eth-trunk 1 # 查看链路聚合
display acl 2001 # 查看ACL规则
display dhcp pool # 查看DHCP地址池
display cpu-usage # 查看CPU使用率
display memory-usage # 查看内存使用率
display logbuffer # 查看系统日志
display device # 查看设备硬件信息
reset saved-configuration # 恢复出厂配置(谨慎使用)十、常见故障排查
10.1 网络不通排查步骤
- 检查物理连接 — 端口指示灯是否亮起
- 检查VLAN配置 — 确认端口VLAN归属正确
- 检查Trunk链路 — 确认允许通过的VLAN
- 检查路由 — 确认网关和路由表
- 检查ACL — 确认没有策略拦截
- 使用ping和tracert定位故障点
10.2 广播风暴处理
- 检查网络中是否存在环路
- 确认STP是否正常运行:display stp brief
- 检查是否有Hub等设备接入网络
- 临时方案:关闭问题端口排查
本教程涵盖了华为交换机最常用的配置操作,弱电工程师在实际项目中可根据需求灵活组合使用。建议在模拟器(如eNSP)上先练习,再在实际设备上操作。