lab@EX4200-1# set login-tip

#\设置登陆之后显示tip提示\

lab@EX4200-1# set permissions view #\具有查看权限\lab@EX4200-1# set permissions configure #\具有配置权限\可以选择权限列表：

access Can view access configuration access-control Can modify access configuration admin Can view user accounts admin-control Can modify user accounts all All permission bits turned on clear Can clear learned network info configure Can enter configuration mode control Can modify any config field Can use field debug commands firewall Can view firewall configuration firewall-control Can modify firewall configuration floppy Can read and write the floppy flow-tap Can view flow-tap configuration flow-tap-control Can modify flow-tap configuration flow-tap-operation Can tap flows

interface Can view interface configuration interface-control Can modify interface configuration maintenance Can become the super-user network Can access the network

reset Can reset/restart interfaces and daemons rollback Can rollback to previous configurations routing Can view routing configuration routing-control Can modify routing configuration secret Can view secret statements secret-control Can modify secret statements security Can view security configuration security-control Can modify security configuration shell Can start a local shell

snmp Can view SNMP configuration snmp-control Can modify SNMP configuration system Can view system configuration system-control Can modify system configuration trace Can view trace file settings trace-control Can modify trace file settings

第29页 共110页

view Can view current values and statistics

view-configuration Can view all configuration (not including secrets)

2.4 设置alarm告警

EX交换机在前面面板LCD旁边，有一个alarm的告警LED灯，当系统出现出现alarm之后，除了在系统日志中反映出来，还可以通过LED显示出来。可以设置端口down产生告警，并且定义LED的显示颜色。EX不支持对单个端口定义产生alarm告警，只能对全部端口或者MGT管理端口产生link down的alarm告警，一旦端口down之后会在alarm LED上显示出来。(注意：如果设置了端口link down的alarm告警，则不用的端口最好disable) 配置方法： lab@EX4200-1# top [edit]

lab@EX4200-1# set chassis alarm ethernet link-down red #\设置全部端口产生告警\lab@EX4200-1# set chassis alarm ethernet link-down ignore # \全部端口不产生告警\lab@EX4200-1# set chassis alarm management-ethernet link-down red# \端口产生告警\link-down后面可以选择的参数有： ignore Do not assert any alarm signals red Assert red system alarm yellow Assert yellow system alarm

2.5 VLAN配置

EX交换机除了具有二层VLAN功能之外，还具有三层VLAN路由功能。EX交换机会有一个名字为vlan的三层逻辑端口，这个三层逻辑端口可以划分多个逻辑unit单元，unit号范围是(0..16385)，

第30页 共110页

而每个逻辑unit单元可以配置IP地址然后跟一个VLAN绑定，实际上unit 单元号和VLAN号没有对应关系，但是为了维护方便，我们建议在实际应用中unit单元号和vlan号配置相同(如下面的vlan.10中的10是unit单元号，它实际上可以跟VLAN 20绑定，但是在实际中最好将它和vlan 10绑定)，这样在EX上就可以配置不同VLAN的网关地址了。例如下面交换机划分了3个VLAN，每个VLAN对应的网关IP分别配置在vlan.10 、vlan.20以及vlan.30端口(跟Cisco的interface vlan10和interface vlan20，interface vlan30效果一样的)。

2.5.1 添加/修改VLAN

如果创建一个名字为zte_vlan的VLAN 10，并且网关设置为192.168.1.1/24,ge-0/0/1属于该VLAN。 配置步骤： (1) 创建VLAN

#编辑vlan信息zte_vlan是vlan名字，如果不存在则新建一个VLAN

lab@EX4200-1# edit vlans zte_vlan #\以下所有操作都是对zte_vlan进行\[edit vlans zte_vlan]

lab@EX4200-1# set vlan-id 10 #\设置zte_vlan的vlan id\lab@EX4200-1# set description \设置vlan描述\

lab@EX4200-1# set mac-limit 200 #\设置mac数量,范围是(1..65535)，通常不配置\

lab@EX4200-1# set mac-table-aging-time 600 #\设置mac生存时间(秒)，范围是(60-1000000) \

lab@EX4200-1# set l3-interface vlan.10 #\将绑定三层逻辑子端口\

lab@EX4200-1# set interface ge-0/0/1.0 #\将端口加入到VLAN中\（跟后面的命令重复） lab@EX4200-1# set interface ge-0/0/2.0 #\将端口加入到VLAN中\

第31页 共110页

(2) 创建三层逻辑子端口

lab@EX4200-1# top #\回到最外层菜单\[edit]

lab@EX4200-1# set interfaces vlan unit 10 family inet address 192.168.1.1/24

(3) 将交换机端口修改为access模式并加入到新创建的VLAN中

lab@EX4200-1# top #\回到最外层菜单\[edit]

lab@EX4200-1# set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode access lab@EX4200-1# set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 10 lab@EX4200-1# set interfaces ge-0/0/2 unit 0 family ethernet-switching port-mode access lab@EX4200-1# set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members 10

(4) commit提交： lab@EX4200-1#commit

2.5.2 删除VLAN

由于一个VLAN创建之后，会被端口引用，可能还创建了三层端口，因此在删除vlan的时候需要把端口引用关系接触同时删除三层vlan子端口，删除步骤如下：

? 1.删除端口vlan lab@EX4200-1# top [edit]

lab@EX4200-1# delete interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode access lab@EX4200-1# delete interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 10 lab@EX4200-1# delete interfaces ge-0/0/2 unit 0 family ethernet-switching port-mode access lab@EX4200-1# delete interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members 10

? 2.删除vlan对应的L3子端口

lab@EX4200-1# top [edit]

lab@EX4200-1# delete interfaces vlan unit 10 ? 3.接着删除vlan配置

第32页 共110页