S3552G调测版本

访问方法：

console进入： 登录密码：anquan 配置模式密码：anquan telnet进入：

登录密码：anquan 配置模式密码：anquan

说明：console和telnet进入后，只有最低的查看权限，要进入配置模式，请输入, super 3

提示password:

键入相应的密码，然后输入sys进入配置模式。

配置说明：

访问列表共有2个

第一个：对流行病毒的防护策略。

acl name deny_virus advanced match-order auto rule 0 deny udp destination-port eq tftp rule 1 deny udp destination-port eq 135 rule 2 deny tcp destination-port eq 135

rule 3 deny udp destination-port eq netbios-ns rule 4 deny tcp destination-port eq 137

rule 5 deny udp destination-port eq netbios-dgm rule 6 deny tcp destination-port eq 138

rule 7 deny udp destination-port eq netbios-ssn rule 8 deny tcp destination-port eq 139 rule 9 deny tcp destination-port eq 445 rule 10 deny tcp destination-port eq 593 rule 11 deny tcp destination-port eq 4444 rule 12 permit ip

第二个：对接入用户对接入设备的telnet功能进行了限定。 acl name safe advanced match-order auto

rule 1 permit tcp source 218.27.128.0 0.0.0.63 rule 0 permit tcp source 202.111.168.0 0.0.0.255

rule 3 deny tcp destination 218.27.128.0 0.0.0.63 destination-port eq telnet rule 2 deny tcp destination 202.111.168.0 0.0.0.255 destination-port eq telnet rule 4 deny tcp destination 218.62.67.0 0.0.0.255 destination-port eq telnet

sys 进入配置状态

Enter system view, return to user view with Ctrl+Z. [Quidway]sysname HY3552 （起个局名）

[HY3552]local-user jl3552 New local user added.

[HY3552-luser-jl3552]service-type telnet level 1允许登陆类型 Ethernet0/48: turns into UP state

[HY3552-luser-jl3552]password ci yhbl*sqt [HY3552-luser-jl3552]quit

[jiuzhan3552]super password level 3 cipher Do^Nis9s! [HY3552]display curr 查看配置

[HY3552]user-interface vty 0 4 (vty:虚拟用户终端接口 0-4)

[jiuzhan3552-ui0-4]authentication scheme 打开认证 （authentication：配置用户终端接口认证参数 cipher:显示当前配置时隐藏此用户口令）

[HY3552-ui-vty0-4]user privilege level 3 （user:指定登陆用户的参数 privilege :设置用户终端的优先级 level:配置用户终端的登陆优先级 3：指定优先级 integer<0-3>） [HY3552-ui-vty0-4]quit

[HY3552]vlan 20 建立一个管理vlan20 [HY3552-vlan20]q

[HY3552]interface vlan 20

[HY3552-Vlan-interface20]ip address 202.111.168.235 255.255.255.0 [HY3552-Vlan-interface20]undo shut

Interface Vlan-interface20 is not shutdown [HY3552-Vlan-interface20]q

[HY3552]ip route 0.0.0.0 0.0.0.0 202.111.168.1 [HY3552]interface e0/48

[HY3552-Ethernet0/48]port access vlan 20 [HY3552-Ethernet0/48]q [HY3552]ping 202.111.168.1

PING 202.111.168.1: 56 data bytes, press CTRL_C to break

Reply from 202.111.168.1: bytes=56 Sequence=1 ttl=255 time = 7 ms Reply from 202.111.168.1: bytes=56 Sequence=2 ttl=255 time = 4 ms Reply from 202.111.168.1: bytes=56 Sequence=3 ttl=255 time = 4 ms Reply from 202.111.168.1: bytes=56 Sequence=4 ttl=255 time = 5 ms Reply from 202.111.168.1: bytes=56 Sequence=5 ttl=255 time = 35 ms

--- 202.111.168.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss

round-trip min/avg/max = 4/11/35 ms

[HY3552]quit save

This will save the configuration in the flash memory. The switch configurations will be written to flash. Are you sure?[Y/N]y

Now saving current configuration to flash memory. Please wait for a while...

Current configuration saved to flash memory successfully. 业务说明：

新增业务时需要增加的数据如下：（以用户接入e0/40口为例） 第一步：增加VLAN 40,把e/40加入VLAN 40。 [JL_CNC_3552]vlan 40

[JL_CNC_3552-vlan40]port e0/40

第二步：设定新增VLAN 40的IP地址和描述信息。 [JL_CNC_3552]interface vlan 40

[JL_CNC_3552-Vlan-interface40]description R_test

[JL_CNC_3552-Vlan-interface40]ip add 218.62.67.121 255.255.255.252 第三步：根据业务需要对端口进行限速。 [JL_CNC_3552]inter e0/40

[JL_CNC_3552-Ethernet0/40]traffic-shape 1300 4 1024 注：1M业务－1300 2M业务－2600 3M业务－3250 4M业务－4550 6M业务－6500 8M业务－8450

以此类推，以650K的倍数递增。

第四步：设置端口的安全策略（可根据实际需要进行配置）

[JL_CNC_3552-Ethernet0/40]packet-filter inbound ip-group deny_virus [JL_CNC_3552-Ethernet0/40]packet-filter inbound ip-group safe [JL_CNC_3552-Ethernet0/40]broadcast-suppression 5 interface Ethernet0/47 description connect_8016 duplex full speed 100

port link-type trunk

port trunk permit vlan 1 18 2041 broadcast-suppression 5 #

interface Ethernet0/48 description connect_8016 duplex full speed 100

port link-type trunk

port trunk permit vlan 1 18 2041 broadcast-suppression 5

link-aggregation Ethernet0/47 to Ethernet0/48 both （上联端口绑定）

[XS_3552]undo loopback-detection enable （由于用户原因形成环路自检故障取消命令）

[XS_3552]undo loopback-detection control enable