华为交换机S5720S-12TP-LI-AC接外部portal笔记
1.usb转串口驱动
console口是usb转9针串口母口,再由9针串口公口转网线口。这个串口与VGA口有点像,不过VGA口是15针的。
2.display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.170 (S5720 V200R019C10SPC500)
Copyright (C) 2000-2020 HUAWEI TECH Co., Ltd.
HUAWEI S5720S-12TP-LI-AC Routing Switch uptime is 0 week, 0 day, 0 hour, 5 minutes
ES5D2T12S000 0(Master) : uptime is 0 week, 0 day, 0 hour, 4 minutes
DDR Memory Size : 512 M bytes
FLASH Total Memory Size : 512 M bytes
FLASH Available Memory Size : 241 M bytes
Pcb Version : VER.B
BootROM Version : 0213.0000
BootLoad Version : 0213.0000
Software Version : VRP (R) Software, Version 5.170 (V200R019C10SPC500)
FLASH Version : 020b.0a06
3.查询所有接口,可以看到有一个vlan10
dis ip interface brief
Interface IP Address/Mask Physical Protocol
NULL0 unassigned up up(s)
Vlanif1 unassigned down down
Vlanif10 192.168.51.1/24 up up
Vlanif20 192.168.10.254/24 down down
4.再查看所有物理口
display vlan 10
VID Type Ports
--------------------------------------------------------------------------------
10 common UT:GE0/0/1(D) GE0/0/2(U) GE0/0/3(D) GE0/0/4(D)
GE0/0/5(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D)
GE0/0/10(D) GE0/0/11(D) GE0/0/12(D)
5.配置dhcp
https://support.huawei.com/enterprise/zh/doc/EDOC1000069491/6946084b
[Switch] interface vlanif 11
[Switch-Vlanif11] ip address 10.1.2.1 24 //企业为出差人员分配的网段
[Switch-Vlanif11] quit
配置接口地址池
# 配置VLANIF10接口下的终端从接口地址池中获取IP地址。
[Switch] interface vlanif 10
[Switch-Vlanif10] dhcp select interface //使能接口采用接口地址池的DHCP服务器功能,缺省未使能
[Switch-Vlanif10] dhcp server lease day 30 //租期的缺省值为1天,修改租期为30天
[Switch] dhcp server database enable
#查看所有dhcp已分配的ip
[Switch]display ip pool interface vlanif10 used
[Switch]display ip pool interface vlanif10 all
6.配置用户名密码
system-view
aaa
local-user cz password cipher Admin@123
local-user cz service-type http # 允许用户通过HTTP/HTTPS登录
local-user cz privilege level 15
quit
即可从http://192.168.51.1 登录,现在用户名密码为cz admin@123
7.web中配置portal服务器
查看所有url模板 display url-template all
命令行可查相关信息 display web-auth-server configuration
如果查出来的Web-auth-server Name为"dev",则可以用下面命令进去[HUAWEI]web-auth-server dev
web中配置portal服务器的接入配置,选择端口,将这个端口应用portal认证
[HUAWEI]url-template name url1
[HUAWEI-url-template-url1]url http://192.168.51.36/portal
[HUAWEI-url-template-url1]url-parameter set device-ip 192.168.51.1
[HUAWEI-url-template-url1]url-parameter device-ip wlanacip sysname wlanacname user-ipaddress wlanuserip user-mac wlanusermac user-vlan ssid
[HUAWEI-url-template-url1]quit
[HUAWEI]web-auth-server dev
[HUAWEI-web-auth-server-dev]url-template url1
8.打印日志
trace object ip-address 192.168.51.36
开启
trace enable
关闭
undo trace enable
9.查看用户在线表项(预连接)
display access-user
如果status是success则是在线状态,使用如下命令下线
进入aaa视图:aaa
cut access-user mac-address e89c-25c2-2945
10.端口恢复默认设置
clear configuration interface GigabitEthernet 0/0/5
再进入端口模式interface GigabitEthernet 0/0/5
执行undo shutdown
11.将一个端口添加进vlan 10
[HUAWEI]vlan 10
[HUAWEI]port GigabitEthernet 0/0/5
12.查ip与端口的对应关系
[HUAWEI]display arp
13.开启路由器的IPv6分配功能
[HUAWEI]interface Vlanif 10
[HUAWEI-Vlanif10]ipv6 enable
[HUAWEI-Vlanif10]ipv6 address 2001:db8:2::1/64
[HUAWEI-Vlanif10]ipv6 address auto dhcp
[HUAWEI-Vlanif10]undo ipv6 nd ra halt #激活vlanif10的RA路由器通告消息,也就是取消RA的抑制。取消之后交换机的vlanif10将开始周期性的发送RA消息。
IPv6无状态自动配置,只需在PC的网关所在设备对应的接口开启RA消息的通告功能即可(命令:undo ipv6 nd ra halt)。
查看已经配置的IPv6
[Huawei] display ipv6 interface brief # 查看接口IPv6地址摘要
[Huawei] display ipv6 interface Vlanif10 #查看Vlanif10的总体IPv6信息
[Huawei] display ipv6 neighbors #查看分配的所有IPv6地址与mac地址,再结合display ip pool interface vlanif10 used可以查看IPv4-端口-IPv6信息。
14.开启本地dhcp和dhcp中继
开启vlan的dhcp
[HUAWEI-Vlanif51]dhcp select global
开启dhcp中继
删除本地的dhcp池
[HUAWEI-Vlanif51]dhcp select relay
[HUAWEI]dhcp server group nacv4
[HUAWEI-dhcp-server-group-nacv4]dhcp-server 192.168.31.248
[HUAWEI-dhcp-server-group-nacv4]quit
[HUAWEI]interface Vlanif 51
[HUAWEI-Vlanif51]dhcp relay server-select nacv4
15.已有一个DHCPv6服务,让本交换机中继请求这个DHCPv6服务,给连本交换机的端口分配地址
[HUAWEI]dhcp enable
[HUAWEI]interface Vlanif 51
[HUAWEI-Vlanif51]dhcp select relay
[HUAWEI-Vlanif51]dhcp relay server-ip 192.168.99.13
以上应是IPv4的,以下是ipv6
[HUAWEI]ipv6
[HUAWEI]dhcpv6 server group nac
[HUAWEI-dhcpv6-server-group-nac]dhcpv6-server FD80:9999::13
[HUAWEI-dhcpv6-server-group-nac]quit
最后Vlanif51配置如下:
interface Vlanif51
ipv6 enable
ip address 192.168.51.253 255.255.255.0
ipv6 address FD81:1111::1/64
undo ipv6 nd ra halt
ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig other-flag
dhcp select global
dhcpv6 relay server-select nac
dhcpv6 relay option79 insert enable
16.配置自已为dhcpv6
dhcpv6 pool ipv6_pool
[HUAWEI-dhcpv6-pool-ipv6_pool]display this
dhcpv6 pool ipv6_pool
address prefix FD81:1111::/64
excluded-address FD81:1111::1
dns-server FD81:1111::1
再配置vlan
interface Vlanif51
ipv6 enable
ip address 192.168.51.253 255.255.255.0
ipv6 address FD81:1111::1/64
undo ipv6 nd ra halt
ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig other-flag
dhcp select global
dhcpv6 server ipv6_pool
17.交换机配了端口portal认证,但不弹出认证页面
华为s5720s上是配portal pass dns enable
其它交换机是配portal free-rule之类的命令,
可以在终端未认证状态下,ping www.baidu.com,可以发现未解析为IP,判断dns有问题。dns有问题后,会引发这问题。