extreme X450配置解析

clear account [all | ] lockout Description

Re-enables an account that has been locked out (disabled) for exceeding the permitted

number failed

login attempts, which was configured by using the configure account password-policy

lockouton-

login-failures command. Syntax Description Default N/A.

Usage Guidelines

This command applies to sessions at the console port of the switch as well as all other

sessions. You can

re-enable both user and administrative accounts, once they have been disabled for

exceeding the 3 failed login attempts. NOTE

The failsafe accounts are never locked out.

This command only clears the locked-out (or disabled) condition of the account. The

action of locking out accounts following the failed login attempts remains until you turn it off by issuing

the configure

account [all | ] password-policy lockout-on-login failures off command. Example

The following command re-enables the account finance, which had been locked out

(disabled) for

exceeding 3 consecutive failed login attempts: clear account finance lockout

1.用户名和密码配置

create account [admin | user] {encrypted} {} configure account admin 2.port配置

config ports auto off {speed [10 | 100 | 1000]} duplex [half | full] auto

off 3.Vlan配置

无论是核心还是接入层，都要先创建三个Vlan，并且将所有归于Default Vlan的端口删除： config vlan default del port all create vlan Server create vlan User create vlan Manger 定义802.1q标记

config vlan Server tag 10 config vlan User tag 20 config vlan Manger tag 30

设定Vlan网关地址：

config vlan Server ipa 192.168.41.1/24 config vlan User ipa 192.168.40.1/24 config vlan Manger ipa 192.168.*.*/24

Enable ipforwarding 启用ip路由转发，即vlan间路由 Trunk 配置

config vlan Server add port 1-3 t config vlan User add port 1-3 t config vlan manger add port 1-3 t 4.VRRP配置 enable vrrp

configure vrrp add vlan UserVlan

configure vrrp vlan UserVlan add master vrid 10 192.168.6.254

configure vrrp vlan UserVlan authentication simple-password extreme configure vrrp vlan UserVlan vrid 10 priority 200

configure vrrp vlan UserVlan vrid 10 advertisement-interval 15 configure vrrp vlan UserVlan vrid 10 preempt

5.端口镜像配置

enable mirroring to port 3 ＃选择3作为镜像口

config mirroring add port 1 ＃把端口1的流量发送到3

config mirroring add port 1 vlan default ＃把1和vlan default的流量都发送到3 6.port-channel配置

enable sharing grouping {port-based | address-based | round-robin}

7.stp配置 enable stpd create stpd *

configure stpd add vlan {ports [dot1d |

emistp | pvst-plus]}

configure stpd stpd1 priority 16384

configure vlan marketing add ports 2-3 stpd stpd1 emistp

8.DHCP 中继配置 enable bootprelay

config bootprelay add 9.NAT配置

Enable nat ＃启用nat Static NAT Rule Example

config nat add out_vlan_1 map source 192.168.1.12/32 to 216.52.8.32/32 Dynamic NAT Rule Example

config nat add out_vlan_1 map source 192.168.1.0/24 to 216.52.8.1 - 216.52.8.31 Portmap NAT Rule Example

config nat add out_vlan_2 map source 192.168.2.0/25 to 216.52.8.32 /28 both portmap Portmap Min-Max Example

config nat add out_vlan_2 map source 192.168.2.128/25 to 216.52.8./28 tcp portmap

1024 - 8192

10.OSPF配置

enable ospf 启用OSPF进程

create ospf area 创建OSPF区域

configure ospf routerid [automatic | ] 配置Routerid

configure ospf add vlan [ | all] area {passive} 把某个

vlan加到某个Area中去，相当于Cisco中的network的作用

configure ospf area add range [advertise |

noadvertise] {type-3 | type-7} 把某个网段加到某个Area中去，相当于Cisco中的network的作用

configure ospf vlan neighbor add

OSPF中路由重发布配置

enable ospf export direct [cost [ase-type-1 | ase-type-2] {tag } |

]

enable ospf export static [cost [ase-type-1 | ase-type-2] {tag } |

]

enable ospf originate-default {always} cost [ase-type-1 | ase-type-2] {tag

}

enable ospf originate-router-id

11.SNMP配置

enable snmp access enable snmp traps

create access-profile type [ipaddress | vlan] config snmp access-profile readonly [ | none]配置snmp的只读访问列表，

none是去除

config snmp access-profile readwrite [ | none] 这是控制读写控制 config snmp add trapreceiver {port } community

{from } 配置snmp接收host和团体字符串

12.安全配置

disable ip-option loose-source-route disable ip-option strict-source-route disable ip-option record-route disable ip-option record-timestamp disable ipforwarding broadcast disable udp-echo-server

disable irdp vlan disable icmp redirect

disable web 关闭web方式访问交换机 enable cpu-dos-protect

13.Access－Lists配置

create access-list icmp destination source create access-list ip destination source ports

create access-list tcp destination source ports create access-list udp destination source ports

14.默认路由配置

config iproute add default

15.恢复出厂值，但不包括用户改的时间和用户帐号信息 unconfig switch {all}

16.检查配置 show version show config show session

show management 查看管理信息，以及snmp信息 show banner

show ports configuration show ospf

show access-list { | port } show access-list-monitor

show ospf area show ospf area detail show ospf ase-summary

show ospf interfaces {vlan | area } unconfigure ospf {vlan | area }

17.备份和升级软件

download image [ | ] {primary | secondary} upload image [ | ] {primary | secondary} use image [primary | secondary]

{L2 | L3 | L3_L4}]}

小知识点：

1.DHCP中继。bootp relay /dhcp relay 用于主机获取它的IP地址，但是在一个高度需要安全

的网络中需要以更安全的方法配置它，比如通过udp-forwarding的方法来配置dhcp relay。disable bootprelay 以下是一个用udp-forwarding 代替enable bootrelay 的配置例子。 create udp-profile backbonedhcp

config backbonedhcp add 67 ipaddress * config user_vlan1 udp-profile backbonedhcp

2.密码恢复。

Extreme交换机在你丢失或忘记密码后，需要重新启动交换机，常按空格键，进入Bootrom模式，

输入“h”，选择“d: Force Factory default configuration”清除配置文件，最后选择“f: Boot

on board flash”重新启动后密码会被清除掉。注意：恢复密码后，以前的配置文件将会被清空。