Extreme basic setup step：                      ver:6.3

1.     Upgarde Bootrom & IOS

2.     Basic setup

3.     Add trunk vlan setup

4.     Add Tacacs setup

5.     Add default route setup

6.     Add ospf area setup

7.     Add ospf export setup

8.     Testing everying………

 

新設備第一次config時要下的command

enable license fullL3 xxxxxxx

unconfigure switch all  (按YES，會自動重開機)

Configure account admin (ENTER後就可變更密碼)

Admin密碼 xxxxxxxxxxx(請詢問NOC同仁)

 

1.Upgarde Bootrom & IOS ：

<host name/ip> à 172.18.100.135  or  61.63.0.84

<filename> à bootrom: ngboot72.bin

IOS: v618b12.xtr

v619b22.xtr

v621b20.xtr

 

bootrom upgrade :

download bootrom <host name/ip> <filename>

save

reboot

 

IOS upgrade:

download image <host name/ip> <filename> primary(secondary)

upgrade step：

upgrade IOS 6.1.7 to 6.1.8 (pri & sec)

save

reboot

upgrade bootrom 6.5 to 7.2

reboot

upgrade IOS 6.1.8 to 6.1.9(pri & sec)

save

reboot

upgrade IOS 6.1.9 to 6.2.1(pri & sec)

save

reboot

 

2.Extreme basic setup:

 

disable idletimeout

enable system-watchdog

Configure vlan default delete port all

enable rmon

enable snmp access

Configure snmp community readonly Idid

Configure snmp community readwrite tong9f

Configure snmp sysName xxx  (XXX為該設備之名稱)

create access-profile intranet type ipaddress

Configure access-profile intranet mode permit

Configure access-profile intranet add ipaddress 202.2.52.0/22

configure access-profile intranet add ipaddress 61.63.0.0/24

enable telnet access-profile intranet

disable web

enable syslog

Configure syslog add 61.63.0.83 local0 debug

Configure timezone +480 noautodst

Configure sntp-client primary server 203.133.1.8

Configure sntp-client secondary server 203.133.1.6

enable sntp-client

Configure time (按tab後照提示輸入現在時間)

upload configuration 61.63.0.84 (host name) every 04 : 20

Create vlan loopback0

Conf loopback0 ipaddress 61.63.xxx.xxx(此段loopback用的IP請至技術組要)

Enable loopback-mode loopback0

Enable ipforwd loopback0

Conf ospf add loopback0 area 0.0.0.x

Conf ospf routeid <loopback0 IP>

save

 

 

P.S

在BD上可設定取消支援早期模組，以增加系統資源及穩定性

disable g1-module support

save

reboot

Caution:必需要重新開機才會生效，建議操一開始建置BD時，就使用這個指令。

 

 

 

2. Add trunk vlan setup：

 

先進入IP分配表登入設備使用之IP位址

再進入設備建立trunk vlan

create vlan <trunk vlan name>

config vlan <trunk vlan name> ipaddress <202.2.5X.X> à就是該設備的ip位址

config vlan <trunk vlan name> add port <trunk port number> à通常為GBIC port

 

3. Add RADIUS setup：  ----※先不要設※

Notice：要先建立TRUNK VLAN 才能設定RADIUS

<switch ip address> -- 就是該設備的ip位址

以下為switch上 Radius的設定  configure radius primary server 61.63.0.67 client-ip <switch ip address> configure radius primary shared-secret KBT9felecom configure radius-accounting primary server 61.63.0.67 client-ip <switch ip address> configure radius-accounting primary shared-secret KBT9felecom configure radius secondary server 61.63.0.74 client-ip <switch ip address> configure radius secondary shared-secret KBT9felecom configure radius-accounting secondary server 61.63.0.74 client-ip <switch ip address> configure radius-accounting secondary shared-secret KBT9felecom

enable radius-accounting

enable radius  ----à這一行要最後下，不然會出現權限不足！！

 

 

4. Add default route setup：

 

configure iproute add default <gateway>

<gateway> ＝>> 上一部設備的IP位址

 

5. Add ospf area setup：

 

先至上一台設備

show ospf area detail

確認ospf area之後…….(通常為0.0.0.0以外的另一個0.0.0.X )

enable <trunk vlan name> ipforwarding

create ospf area <area identifier> à就是ospf area 0.0.0.X

configure ospf add vlan <trunk vlan name> area <area identifier>

注意 --- 用戶端所使用之L2，L3　VLAN不可加入ospf area之中

 

6. Add ospf export setup：

 

用途：當設備上有L3電路(IA)時才需下列command………..

enable ospf export direct cost 10 type ase-type-2

 

7.Testing everying………

 

確認basic setup OK~

admin密碼是否修改完成？

RADIUS設定是否完成?

TRUNK IP,port 是否正確?

VLAN名稱符不符合?

OSPF area 是否正確?

ospf export 設定是否加入?

Static設定是否加入?

Bootrom與IOS版本是否搭配?

Bootrom與IOS升級程序是否正確?

INDEX

 

當show vlan 時port number旁邊多個s0的時候

configure stpd s0 delete vlan 『name』

configure stpd s0 delete vlan 『name』

 

subvlan ip range 的command  -- 同一段IP切成三段共用一個gataway時

create vlan vlansu

conf vlan vlansu ip *.*.*.*/*

enable ipforwarding 

create vlan subv1

config vlan subv1 add port <port_number>

config subv1 subvlan-address-range *.*.*.* - *.*.*.* 

create vlan subv2

config vlan subv2 add port <port_number>

config subv2 subvlan-address-range *.*.*.* - *.*.*.* 

create vlan subv3

config vlan subv3 add port <port_number>

config subv3 subvlan-address-range *.*.*.* - *.*.*.* 

configure vlansu add subvlan subv1

configure vlansu add subvlan subv2

configure vlansu add subvlan subv3 

disable subvlan-proxy-arp vlan < all > ; < vlan_name >    -------->  讓subvlan之間不互通

enable subvlan-proxy-arp vlan <all> ; <vlan_name >        -------->  讓subvlan之間互通

 

Access-list

create access-list < access-list name> <type> destination <dst_ipaddress/mask> ip-port any source <src_ipaddress/mask> ip-port < port> deny ports any precedence <1~25600>