交换机的六种常见连接方式配置(基于华为eNSP)
交换机的六种常见连接方式配置(基于华为eNSP)
1.基础直连
要求两台主机的IP地址C段要相同,可以设置网关也可以不设置网关
PC>ping 192.168.0.99Ping 192.168.0.99: 32 data bytes, Press Ctrl_C to break
From 192.168.0.99: bytes=32 seq=1 ttl=128 time=32 ms
From 192.168.0.99: bytes=32 seq=2 ttl=128 time=31 ms
From 192.168.0.99: bytes=32 seq=3 ttl=128 time=31 ms
From 192.168.0.99: bytes=32 seq=4 ttl=128 time=32 ms
From 192.168.0.99: bytes=32 seq=5 ttl=128 time=32 ms--- 192.168.0.99 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 31/31/32 msPC>ping 192.168.0.99Ping 192.168.0.99: 32 data bytes, Press Ctrl_C to break
From 192.168.1.100: Destination host unreachable
2.交换机说明
配置每一个接口,图中有1-24个接口
需要配置:每一个接口的链路类型、如果有网段还需要配置vlan;如果是三层交换机配置了vlanif也需要单独配置
一、交换机基础概念
- 二层交换机
- 工作层次:数据链路层
- 特点:无 vlanif 配置,主要用于同一网段内的数据帧转发。
- 三层交换机
- 工作层次:网络层
- 特点:支持 vlanif 路由配置,可实现不同网段(VLAN)间的通信。
二、链路类型(交换机接口模式)
- access 模式
- 应用场景:主机与主机之间、主机与交换机之间的连接。
- 特点:通常只允许一个 VLAN 的报文通过(默认 VLAN)。
- trunk 模式
- 应用场景:交换机与交换机之间的连接。
- 特点:可配置允许多个 VLAN 的报文通过,实现跨交换机的 VLAN 通信。
- hybrid 模式
- 特点:融合 access 和 trunk 的功能,既可以用于主机间连接,也可用于交换机间连接;能灵活接收和发送多个 VLAN 的报文。
三、VLAN(虚拟局域网)
- 核心作用:
- 网络隔离:将同一网段的主机划分到不同 VLAN,实现逻辑隔离(如限制广播域)。
- 跨网段通信:配合三层交换机的 vlanif 配置,可实现不同 VLAN(网段)间的互通。
- 示例:
- 网段 192.168.61.0/24 的主机可划分到 vlan2,网关为 192.168.61.1;
- 网段 192.168.71.0/24 的主机可划分到 vlan3,网关为 192.168.71.1。
四、子网与子网掩码
- 作用:通过子网掩码划分网络(如 / 24 表示子网掩码为 255.255.255.0),实现网络分段,减少广播风暴,提高网络效率。
五、网关
- 网关定义:
协议转换器、间接连接器,工作在网络层及以上,用于实现不同网络(网段)之间的互联。 - 默认网关:
- 作用:主机访问其他网段时的 “出口”,通常是网段的首个或最后一个 IP(如 192.168.61.1 或 192.168.61.254)。
- 地址分配:网段内 2-253 的 IP 通常留给 DHCP 自动分配(主机使用)。
六、vlanif
- 作用:为 VLAN 配置网关,是三层交换机实现跨 VLAN 通信的核心配置(每个 VLAN 对应一个 vlanif 接口,IP 为该 VLAN 的网关地址)。
七、交换机扩展与层级
- 堆叠
- 定义:将多台交换机逻辑上 “集中” 为一台设备。
- 目的:解决单台交换机接口数量不足的问题,提升网络扩展性。
- 交换机层级
- 楼层交换机:部署在接入层,直接连接终端设备(如主机、摄像头)。
- 汇聚层交换机:汇总楼层交换机的数据,是网络核心节点之一;
渗透测试中常以汇聚层为接入点(可覆盖更多网段)。
八、相关安全概念
- 钓鱼:通过伪装合法信息(如邮件、链接)诱导用户泄露敏感信息的攻击方式。
- 蜜罐:模拟脆弱系统或服务的陷阱,用于诱捕攻击者、收集攻击行为数据。
3.主机通过交换机通信
配置思路:
1.PC1和PC2要连接交换机
2.交换机配置vlan
1.创建vlan 2
<Huawei>system-view #切换系统视图
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan 2 #创建单一vlan2
[Huawei-vlan2]vlan batch 3 to 5 #批量创建vlan
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]dis this #打印当前 查看vlan的状态
#
sysname Huawei
#
vlan batch 2 to 5 #包括所有vlan
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
return
2.配置vlanif,作为vlan的网关
[Huawei]int #Tab补全
[Huawei]interface vlan2 #配置vlan2的网关,会进入vlanif2的配置路径
[Huawei-Vlanif2]dis this #[Huawei-Vlanif2]的配置路径
#
interface Vlanif2
#
return
[Huawei-Vlanif2]ip address 192.168.0.1 255.255.255.0
[Huawei-Vlanif2]dis this
#
interface Vlanif2ip address 192.168.0.1 255.255.255.0
#
return
3.配置交换机连接主机的接口
要配置接口类型为access,配置当前默认的vlan(给当前接口划分一个vlan)
[Huawei-Vlanif2]int g0/0/1 #进入GE0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 2
[Huawei-GigabitEthernet0/0/1]dis this
#
interface GigabitEthernet0/0/1port link-type accessport default vlan 2
#
return
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 2
[Huawei-GigabitEthernet0/0/2]dis this
#
interface GigabitEthernet0/0/2port link-type accessport default vlan 2
#
return
用pc1ping网关和pc2发现可以通信
PC>ping 192.168.0.1Ping 192.168.0.1: 32 data bytes, Press Ctrl_C to break
From 192.168.0.1: bytes=32 seq=1 ttl=255 time=16 ms
From 192.168.0.1: bytes=32 seq=2 ttl=255 time=31 ms
From 192.168.0.1: bytes=32 seq=3 ttl=255 time=32 ms
From 192.168.0.1: bytes=32 seq=4 ttl=255 time=31 ms
From 192.168.0.1: bytes=32 seq=5 ttl=255 time=31 ms--- 192.168.0.1 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 16/28/32 msPC>ping 192.168.0.99Ping 192.168.0.99: 32 data bytes, Press Ctrl_C to break
From 192.168.0.99: bytes=32 seq=1 ttl=128 time=47 ms
From 192.168.0.99: bytes=32 seq=2 ttl=128 time=32 ms
From 192.168.0.99: bytes=32 seq=3 ttl=128 time=62 ms
From 192.168.0.99: bytes=32 seq=4 ttl=128 time=47 ms
From 192.168.0.99: bytes=32 seq=5 ttl=128 time=47 ms--- 192.168.0.99 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 32/47/62 ms
4.两台不同交换机互联
配置思路:
1.配置主机系统的ip地址
2.配置交换机1,创建vlan同时配置vlanif 指定当前接口GE0/0/1为access 接口GE0/0/24为trunk
配置交换机2,创建vlan同时配置vlanif 指定当前接口GE0/0/1为access 接口GE0/0/24为trunk
1.配置LSW2,创建vlan2,设置GE0/0/24为trunk模式,并放行vlan 2
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int g0/0/24
[Huawei-GigabitEthernet0/0/24]port link-type trunk[Huawei-GigabitEthernet0/0/24]port trunk allow-pass vlan 2 #允许vlan 2通行
# 或者[Huawei-GigabitEthernet0/0/24]port trunk allow-pass vlan all #允许所有vlan通行
[Huawei-GigabitEthernet0/0/24]dis this
#
interface GigabitEthernet0/0/24port link-type trunkport trunk allow-pass vlan 2
#
return
2.配置vlanif 2 ,设置GE0/0/1为access模式
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan 2
[Huawei-vlan2]int vlanif2
[Huawei-Vlanif2]ip address 192.168.0.1 255.255.255.0
[Huawei-Vlanif2]dis this
#
interface Vlanif2
ip address 192.168.0.1 255.255.255.0
#
return
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]dis this
#
interface GigabitEthernet0/0/1port link-type accessport default vlan 2
#
return
3.配置LSW3,创建vlan2 同时配置vlanif2
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan 2
[Huawei-vlan2]int vlanif 2
[Huawei-Vlanif2]ip address 192.168.0.1 255.255.255.0
[Huawei-Vlanif2]dis this
#
interface Vlanif2
ip address 192.168.0.1 255.255.255.0
#
return
[Huawei-Vlanif2]4.指定当前接口001为access接口 0024为trunk
[Huawei-Vlanif2]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 2
[Huawei-GigabitEthernet0/0/1]dis this
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
return [Huawei-GigabitEthernet0/0/1]int g0/0/24
[Huawei-GigabitEthernet0/0/24]port link-ty trunk
[Huawei-GigabitEthernet0/0/24]port trunk allow-pass vlan 2
[Huawei-GigabitEthernet0/0/24]dis this
#
interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan 2
#
return
发现可以PC1可以ping通PC2
PC>ping 192.168.0.99Ping 192.168.0.99: 32 data bytes, Press Ctrl_C to break
From 192.168.0.100: Destination host unreachable
From 192.168.0.100: Destination host unreachable
From 192.168.0.100: Destination host unreachable
From 192.168.0.100: Destination host unreachable
From 192.168.0.100: Destination host unreachable--- 192.168.0.99 ping statistics ---5 packet(s) transmitted0 packet(s) received100.00% packet lossPC>ping 192.168.0.99Ping 192.168.0.99: 32 data bytes, Press Ctrl_C to break
From 192.168.0.99: bytes=32 seq=1 ttl=128 time=94 ms
From 192.168.0.99: bytes=32 seq=2 ttl=128 time=78 ms
From 192.168.0.99: bytes=32 seq=3 ttl=128 time=62 ms
From 192.168.0.99: bytes=32 seq=4 ttl=128 time=63 ms
From 192.168.0.99: bytes=32 seq=5 ttl=128 time=62 ms--- 192.168.0.99 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 62/71/94 ms
扩展:如果要将PC3接入,需要怎么做?
1、在接入的交换机中创建vlan3,配置vlanif3,配置对应的接口为access,同时允许vlan3通过
2、另一台交换机也创建vlan3,不需要配置vlanif
3、两台交换机之间的trunk口要配置为:port trunk allow-pass vlan 2 3
LSW2:
int g0/0/24
port trunk allow-pass vlan 2 3
int g0/0/3
port link-type access
vlan 3
int vlanif 3
ip address 192.168.100.1 255.255.255.0
port default vlan 3
LSW3:
vlan 3
5.[三层交换机]不同的vlan间通信
主要原理:三层交换机支持mac地址转发,具备路由功能 ,只要在交换机内配置网关之间的vlanif,交换机本身的路由会进行两个网段的互通。 配置不同的网段内主机,在不同vlan中的通信
未配置时两个主机无法通信
在交换机中创建两个vlan ,并分别配置vlanif2和vlanif3 指向两个不同的vlan
创建vlan2并配置vlanif2
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]vlan 2
[Huawei-vlan2]int vlanif 2
[Huawei-Vlanif2]ip address 192.168.0.1 255.255.255.0
[Huawei-Vlanif2]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 2
[Huawei-GigabitEthernet0/0/1]dis this
#
interface GigabitEthernet0/0/1port link-type accessport default vlan 2
#
return
创建vlan3并配置vlanif3
[Huawei-GigabitEthernet0/0/1]vlan 3
[Huawei-vlan3]int vlanif 3
[Huawei-Vlanif3]ip address 192.168.2.1 255.255.255.0
[Huawei-Vlanif3]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 3
[Huawei-GigabitEthernet0/0/2]dis this
#
interface GigabitEthernet0/0/2port link-type accessport default vlan 3
#
return
[Huawei-GigabitEthernet0/0/2]dis vlan
The total number of vlans is : 3
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/3(D) GE0/0/4(D) GE0/0/5(D) GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D) GE0/0/10(D) GE0/0/11(D) GE0/0/12(D) GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D) GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D) GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D) 2 common UT:GE0/0/1(U) 3 common UT:GE0/0/2(U) VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------1 enable default enable disable VLAN 0001
2 enable default enable disable VLAN 0002
3 enable default enable disable VLAN 0003
配置完成后PC1与PC2可以进行通信
6.二层交换机利用三层vlanif配置不同网络vlan间通信
模拟二层交换机作为汇聚层交换机,通过三层交换机配置vlanif,实现不同的vlan间的通信
核心思路:
1、二层只做转发,不配置vlanif,但是要划分对应的vlan
2、三层交换机需要配置vlan及vlanif,同时在每个接口中放行所有vlan
1.配置pc机的IP、子网掩码、网关
2.配置LSW5
(1)配置GE0/0/1类型为access 放行vlan2
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan 2
[Huawei-vlan2]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 2
[Huawei-GigabitEthernet0/0/1]dis this
#
interface GigabitEthernet0/0/1port link-type accessport default vlan 2
#
return
(2)配置GE0/0/2类型为access 放行vlan2
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 2
[Huawei-GigabitEthernet0/0/2]dis this
#
interface GigabitEthernet0/0/2port link-type accessport default vlan 2
#
return
(3)配置GE0/0/3类型为trunk 放行vlan 2
[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type trunk
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan 2
[Huawei-GigabitEthernet0/0/3]dis this
#
interface GigabitEthernet0/0/3port link-type trunkport trunk allow-pass vlan 2
#
return
3.配置LSW1
(1)配置GE0/0/1 类型为access 放行vlan3
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]vlan 3
[Huawei-vlan3]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port default vlan 3
[Huawei-GigabitEthernet0/0/1]dis this
#
interface GigabitEthernet0/0/1port link-type accessport default vlan 3
#
return
(2)配置GE0/0/2类型为access 放行vlan3
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 3
[Huawei-GigabitEthernet0/0/2]dis this
#
interface GigabitEthernet0/0/2port link-type accessport default vlan 3
#
return
(3)配置GE0/0/1类型为trunk 放行vlan2
[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type trunk
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan 3
[Huawei-GigabitEthernet0/0/3]dis this
#
interface GigabitEthernet0/0/3port link-type trunkport trunk allow-pass vlan 3
#
return
4.配置LSW3
(1)配置GE0/0/2 类型为access 放行vlan 4
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]vlan 4
[Huawei-vlan4]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port default vlan 4
[Huawei-GigabitEthernet0/0/2]dis this
#
interface GigabitEthernet0/0/2port link-type accessport default vlan 4
#
return
(2)配置GE0/0/1类型为trunk 放行vlan2
[Huawei-GigabitEthernet0/0/2]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trun allow-pass vlan 4
[Huawei-GigabitEthernet0/0/1]dis this
#
interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 4
#
return
5.配置LSW2
(1)配置GE0/0/1类型为trunk 放行所有vlan
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]vlan 2
[Huawei-vlan2]int vlanif 2
[Huawei-Vlanif2]ip address 192.168.0.1 255.255.255.0
[Huawei-Vlanif2]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/1]dis this
#
interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 2 to 4094
#
return
(2)配置GE0/0/2 类型为trunk 放行所有vlan
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/2]vlan 3
[Huawei-vlan3]int vlanif 3
[Huawei-Vlanif3]ip address 192.168.1.1 255.255.255.0
[Huawei-Vlanif3]dis this
#
interface Vlanif3ip address 192.168.1.1 255.255.255.0
#
return
[Huawei-Vlanif3]quit
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]dis this
#
interface GigabitEthernet0/0/2port link-type trunkport trunk allow-pass vlan 2 to 4094
#
return
(3)配置GE0/0/3类型为trunk 放行所有vlan
[Huawei-GigabitEthernet0/0/2]vlan 4
[Huawei-vlan4]int vlanif 4
[Huawei-Vlanif4]ip address 192.168.2.1 255.255.255.0
[Huawei-Vlanif4]dis this
#
interface Vlanif4ip address 192.168.2.1 255.255.255.0
#
return
[Huawei-Vlanif4]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type trunk
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/3]dis this
#
interface GigabitEthernet0/0/3port link-type trunkport trunk allow-pass vlan 2 to 4094
#
return
6.验证网络连通性
使用PC5ping各个主机
7.交换机配置:链路聚合以及手工负载分担
一、链路聚合核心概念
定义:将多个物理端口捆绑为一个逻辑端口(Eth-Trunk),实现带宽叠加(总和为成员端口带宽之和)、负载分担()及链路冗余。
核心价值:
- 带宽提升:无需硬件升级,通过逻辑聚合突破单链路带宽限制。
- 可靠性增强:某链路故障时,流量自动切换至其他链路。
- 负载均衡:流量按规则分配至成员端口,避免单链路拥塞。
二、手工负载分担模式(Manual Load-Balance)
是一种基本的链路聚合方式,配置使用Eth-Trunk
模式特点:
- 纯手工配置:无 LACP 协议参与,两端需手动创建 Eth-Trunk 并添加成员接口。
- 全活跃转发:所有成员接口均处于活动状态,共同分担流量(无备份链路)。
- 兼容性强:适用于至少一端设备不支持 LACP 的场景(如老旧设备互联)。
优缺点:
- ✅ 配置简单,稳定无协议开销。
- ❌ 无法检测链路错连(如一端接错设备),故障仅依赖物理层检测。
配置过程:
(1)配置LSW1的过程
1.创建两个vlan,将两个口聚合
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan 2 #创建vlan 2
[Huawei-vlan2]int Eth-Trunk 1 #创建一个聚合Eth-Trunk设置对应的编号
[Huawei-Eth-Trunk1]mode manual load-balance #设置当前手工负载分担
[Huawei-Eth-Trunk1]load-balance ? #查看可加载的有哪些模式dst-ip According to destination IP hash arithmeticdst-mac According to destination MAC hash arithmeticsrc-dst-ip According to source/destination IP hash arithmetic #默认模式src-dst-mac According to source/destination MAC hash arithmeticsrc-ip According to source IP hash arithmeticsrc-mac According to source MAC hash arithmetic
[Huawei-Eth-Trunk1]load-balance src-dst-ip #设置Eth-Trunk1为默认模式
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 to 0/0/2 #将g0/0/1和g0/0/2进行聚合
2.给逻辑口配置trunk 放行vlan
[Huawei-Eth-Trunk1]int Eth-Trunk 1
[Huawei-Eth-Trunk1]port link-type trunk
[Huawei-Eth-Trunk1]port trunk allow-pass vlan 2
[Huawei-Eth-Trunk1]dis this
#
interface Eth-Trunk1port link-type trunkport trunk allow-pass vlan 2
#
return
3.给GE0/0/3配置access模式
[Huawei-Eth-Trunk1]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type access
[Huawei-GigabitEthernet0/0/3]port default vlan 2
[Huawei-GigabitEthernet0/0/3]dis this
#
interface GigabitEthernet0/0/3port link-type accessport default vlan 2
#
return
[Huawei-GigabitEthernet0/0/3]dis vlan
The total number of vlans is : 2
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/4(D) GE0/0/5(D) GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D) GE0/0/10(D) GE0/0/11(D) GE0/0/12(D) GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D) GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D) GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D) Eth-Trunk1(U) 2 common UT:GE0/0/3(U) TG:Eth-Trunk1(U) VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------1 enable default enable disable VLAN 0001
2 enable default enable disable VLAN 0002
(2)LSW2配置过程同上
1.创建两个vlan,将两个口聚合
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan 2
[Huawei-vlan2]
Jul 22 2025 22:40:21-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 4, th
e change loop count is 0, and the maximum number of records is 4095.
[Huawei-vlan2]int Eth-Trunk 1
[Huawei-Eth-Trunk1]mode manual load-balance
[Huawei-Eth-Trunk1]load-balance src-dst-ip
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 to 0/0/2
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei-Eth-Trunk1]
Jul 22 2025 22:42:01-08:00 Huawei %%01IFNET/4/IF_STATE(l)[0]:Interface Eth-Trunk
1 has turned into UP state.
2.给逻辑口配置trunk 放行vlan
[Huawei-vlan2]int Eth-Trunk 1
[Huawei-Eth-Trunk1]mode manual load-balance
[Huawei-Eth-Trunk1]load-balance src-dst-ip
[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 to 0/0/2
[Huawei-Eth-Trunk1]int Eth-Trunk 1
[Huawei-Eth-Trunk1]port link-type trunk
[Huawei-Eth-Trunk1]port trunk allow-pass vlan 2
[Huawei-Eth-Trunk1]
#
interface Eth-Trunk1port link-type trunkport trunk allow-pass vlan 2
#
return
3.给GE0/0/3配置access模式
[Huawei-Eth-Trunk1]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type access
[Huawei-GigabitEthernet0/0/3]port default vlan 2
#
interface GigabitEthernet0/0/3port link-type accessport default vlan 2
#
return
[Huawei-GigabitEthernet0/0/3]dis vlan
The total number of vlans is : 2
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/4(D) GE0/0/5(D) GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D) GE0/0/10(D) GE0/0/11(D) GE0/0/12(D) GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D) GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D) GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D) Eth-Trunk1(U) 2 common UT:GE0/0/3(U) TG:Eth-Trunk1(U) VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------1 enable default enable disable VLAN 0001
2 enable default enable disable VLAN 0002
说明:
如果要使用网关通信,只需要在链路聚合的某一个vlanif中配置网关即可,比如在LSW2中配置,同网段即可联通。
[Huawei-GigabitEthernet0/0/3]int vlanif 2 [Huawei-Vlanif2]ip address 192.168.0.1 255.255.255.0
三、静态 LACP 模式(Static LACP/M:N 模式)
在原本的链路聚合上加入了一条备份链路,利用LACP协议进行链路聚合,可以包含活动或者非活动接口
模式特点:
- LACP 协议协商:通过 LACPDU 报文交互,动态确定活动链路(M 条)与备份链路(N 条),支持冗余切换。
- 智能选路:两端设备通过系统优先级(默认 32768)和 MAC 地址选举主动端,以主动端接口优先级(默认 128)和端口号选择活动接口。
- 混合速率支持:需手动开启
lacp mixed-rate link enable,否则不同速率接口仅高速口活跃。
常见使用场景:
1.要和服务器进行互联,需要选择手工模式
2.多台交换机进行堆叠的时候,需要进行聚合
配置过程
(1)配置LSW1的过程
1、配置聚合模式为lacp,同时聚合端口
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int Eth-Trunk 2
[Huawei-Eth-Trunk2]mode lacp-static
[Huawei-Eth-Trunk2]trunkport GigabitEthernet 0/0/1 to 0/0/3
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei-Eth-Trunk2]dis this
#
interface Eth-Trunk2mode lacp-static
#
return
2.设置对应优先级,设置连接上限
[Huawei-Eth-Trunk2]quit
[Huawei]lacp priority 100 #设置系统优先级为100
[Huawei]int Eth-Trunk 2
[Huawei-Eth-Trunk2]max active-linknumber 2 #配置交换机活动接口上限为2(因为有3个聚合,用2个)
3.指定活动链路,只需要进入需要配置的接口进行优先级设置即可
[Huawei-Eth-Trunk2]int g0/0/1
[Huawei-GigabitEthernet0/0/1]lacp priority 100
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]lacp priority 100
4.配置聚合链路Eth-Trunk 2的trunk模式以及通过的vlan
[Huawei-GigabitEthernet0/0/2]int Eth-Trunk 2
[Huawei-Eth-Trunk2]port link-type trunk
[Huawei-Eth-Trunk2]port trunk allow-pass vlan all
[Huawei-Eth-Trunk2]dis this
#
interface Eth-Trunk2port link-type trunkport trunk allow-pass vlan 2 to 4094mode lacp-staticmax active-linknumber 2
#
return
5.创建vlan2并配置vlanif
[Huawei-Eth-Trunk2]vlan 2
[Huawei-vlan2]int vlanif 2
[Huawei-Vlanif2]ip address 192.168.0.1 255.255.255.0
[Huawei-Vlanif2]dis this
#
interface Vlanif2ip address 192.168.0.1 255.255.255.0
#
return
6.验证查看当前配置的聚合状态是否成功
[Huawei-Vlanif2]quit
[Huawei]dis Eth-Trunk 2
Eth-Trunk2's state information is:
Local:
LAG ID: 2 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to SIP-XOR-DIP
System Priority: 100 System ID: 4c1f-cc16-1899
Least Active-linknumber: 1 Max Active-linknumber: 2
Operate status: down Number Of Up Port In Trunk: 0
--------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet0/0/1 Unselect 1GE 100 2 561 10100010 1
GigabitEthernet0/0/2 Unselect 1GE 100 3 561 10100010 1
GigabitEthernet0/0/3 Unselect 1GE 32768 4 561 10100010 1 #portPri越高表示优先级越低Partner:
--------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey PortState
GigabitEthernet0/0/1 0 0000-0000-0000 0 0 0 10100011
GigabitEthernet0/0/2 0 0000-0000-0000 0 0 0 10100011
GigabitEthernet0/0/3 0 0000-0000-0000 0 0 0 10100011
(2)配置LSW2同上
1、配置聚合模式为lacp,同时聚合端口
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int Eth-TRunk 2
[Huawei-Eth-Trunk2]mode lacp-static
[Huawei-Eth-Trunk2]trunkport GigabitEthernet 0/0/1 to 0/0/3
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei-Eth-Trunk2]dis this
#
interface Eth-Trunk2mode lacp-static
#
return
2.设置对应优先级,设置连接上限
[Huawei-Eth-Trunk2]quit
[Huawei]lacp priority 100 #设置系统优先级为100
[Huawei]int Eth-Trunk 2
[Huawei-Eth-Trunk2]max active-linknumber 2 #配置交换机活动接口上限为2(因为有3个聚合,用2个)
3.指定活动链路,只需要进入需要配置的接口进行优先级设置即可
[Huawei-Eth-Trunk2]int g0/0/1
[Huawei-GigabitEthernet0/0/1]lacp priority 100
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]lacp priority 100
4.配置聚合链路Eth-Trunk 2的trunk模式以及通过的vlan
[Huawei-GigabitEthernet0/0/2]int Eth-Trunk 2
[Huawei-Eth-Trunk2]port link-type trunk
[Huawei-Eth-Trunk2]port trunk allow-pass vlan all
[Huawei-Eth-Trunk2]dis this
#
interface Eth-Trunk2port link-type trunkport trunk allow-pass vlan 2 to 4094mode lacp-staticmax active-linknumber 2
#
return
5.创建vlan2并配置vlanif
[Huawei-Eth-Trunk2]vlan 2
[Huawei-vlan2]int vlanif 2
[Huawei-Vlanif2]ip address 192.168.0.1 255.255.255.0
[Huawei-Vlanif2]dis this
#
interface Vlanif2ip address 192.168.0.1 255.255.255.0
#
return
6.验证查看当前配置的聚合状态是否成功
[Huawei-Vlanif2]quit
[Huawei]dis Eth-Trunk 2
Eth-Trunk2's state information is:
Local:
LAG ID: 2 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to SIP-XOR-DIP
System Priority: 100 System ID: 4c1f-cc16-1899
Least Active-linknumber: 1 Max Active-linknumber: 2
Operate status: down Number Of Up Port In Trunk: 0
--------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet0/0/1 Unselect 1GE 100 2 561 10100010 1
GigabitEthernet0/0/2 Unselect 1GE 100 3 561 10100010 1
GigabitEthernet0/0/3 Unselect 1GE 32768 4 561 10100010 1 #portPri越高表示优先级越低Partner:
--------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey PortState
GigabitEthernet0/0/1 0 0000-0000-0000 0 0 0 10100011
GigabitEthernet0/0/2 0 0000-0000-0000 0 0 0 10100011
GigabitEthernet0/0/3 0 0000-0000-0000 0 0 0 10100011