[系统运维] 思科NXOS系列交换机(N5KN7KN9K)和华为CE交换机配置比对

开发: C++知识库 Java知识库 JavaScript Python PHP知识库人工智能区块链大数据移动开发嵌入式开发工具数据结构与算法开发测试游戏开发网络协议系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑笔记本显卡显示器固态硬盘硬盘耳机手机 iphone vivo oppo 小米华为单反装机图拉丁

-> 系统运维 -> 思科NXOS系列交换机(N5KN7KN9K)和华为CE交换机配置比对 -> 正文阅读

[系统运维]思科NXOS系列交换机(N5KN7KN9K)和华为CE交换机配置比对

最近做了一个国产化替换的项目，把思科NXOS系列交换机的配置翻译分享一点出来。

NXOS	备注	CE
功能
feature bash-shell
feature tacacs+
cfs eth distribute
feature ospf
feature bgp
feature interface-vlan
feature hsrp
feature lacp
feature vpc
feature vtp	对应华为GVRP
时区
clock timezone BJT 8 0		clock timezone BJ add 08:00:00
其他配置
no ip domain-lookup		undo dns resolve
ip domain-name network.spdb		dns domain network.spdb
		command-privilege level rearrange

errdisable recovery cause link-flap	处于Error-Down状态的接口状态自动恢复为Up的功能:-端口频繁updown	error-down auto-recovery cause link-flap interval 300
errdisable recovery cause bpduguard	处于Error-Down状态的接口状态自动恢复为Up的功能:bpdu	error-down auto-recovery cause bpdu-protection interval 300
errdisable recovery cause loopback	处于Error-Down状态的接口状态自动恢复为Up的功能:-环路	error-down auto-recovery cause loopback-detect interval 300
errdisable recovery cause psecure-violation	接口安全，mac变化导致的down，华为不支持



acl
ip access-list 10		acl number 2010
? 10 permit ip 1.1.1.1/32 any?		? rule 10 permit source 1.1.1.1 0
? 20 permit 2.2.2.2/32 any?		? rule 20 permit source 2.2.2.2 0
SNMP
snmp-server source-interface traps mgmt0		snmp-agent snmp-agent trap source MEth0/0/0
snmp-server user admin network-admin auth md5 0x22643f18a9d378628e8c53532482078b priv 0x22643f18a9d378628e8c53532482078b localizedkey		snmp-agent sys-info location admin snmp-agent sys-info version v2c snmp-agent community complexity-check disable
snmp-server host 3.3.3.3 traps version 2c read		snmp-agent target-host trap address udp-domain 3.3.3.3 vpn-instance MGT? params securityname cipher adminnms2 v2c
	添加网管对某些节点访问权限	snmp-agent mib-view included nt iso
		snmp-agent mib-view included rd iso
		snmp-agent mib-view included wt iso
		snmp-agent mib-view included iso-view iso
rmon event 1 description FATAL(1) owner PMON@FATAL		rmon event 1 description FATAL(1) log owner PMON@FATAL
rmon event 2 description CRITICAL(2) owner PMON@CRITICAL		rmon event 2 description CRITICAL(2) log owner PMON@CRITICAL
rmon event 3 description ERROR(3) owner PMON@ERROR		rmon event 3 description ERROR(3) log owner PMON@ERROR
rmon event 4 description WARNING(4) owner PMON@WARNING		rmon event 4 description WARNING(4) log owner PMON@WARNING
rmon event 5 description INFORMATION(5) owner PMON@INFO		rmon event 5 description INFORMATION(5) log owner PMON@INFO
snmp-server enable traps callhome event-notify	华为侧只需配置一条命令	snmp-agent trap enable
snmp-server enable traps callhome smtp-send-fail
snmp-server enable traps cfs state-change-notif
snmp-server enable traps cfs merge-failure
snmp-server enable traps aaa server-state-change
snmp-server enable traps hsrp state-change
snmp-server enable traps feature-control FeatureOpStatusChange
snmp-server enable traps sysmgr cseFailSwCoreNotifyExtended
snmp-server enable traps config ccmCLIRunningConfigChanged
snmp-server enable traps snmp authentication
snmp-server enable traps link cisco-xcvr-mon-status-chg
snmp-server enable traps vtp notifs
snmp-server enable traps vtp vlancreate
snmp-server enable traps vtp vlandelete
snmp-server enable traps bridge newroot
snmp-server enable traps bridge topologychange
snmp-server enable traps stpx inconsistency
snmp-server enable traps stpx root-inconsistency
snmp-server enable traps stpx loop-inconsistency
snmp-server enable traps system Clock-change-notification
snmp-server enable traps feature-control ciscoFeatOpStatusChange
snmp-server enable traps mmode cseNormalModeChangeNotify
snmp-server enable traps mmode cseMaintModeChangeNotify
snmp-server community read group network-operator	华为不支持
snmp-server community read use-acl 10		snmp-agent community read cipher read acl?2010


NTP
ntp server 4.4.4.4 use-vrf management		ntp unicast-server 4.4.4.4? vpn-instance MGT
ntp source-interface? mgmt0		ntp source-interface MEth0/0/0?
ntp logging		ntp ipv6 server disable
静态路由
ip route 11.11.11.0/24 Vlan3 10.123.255.52 name to-admin		ip route-static 10.119.146.0 255.255.255.0 vlanif3 10.123.255.52 description to-admin
ip route 11.11.12.0/24 Vlan3 10.123.255.52 name to-admin		ip route-static 10.119.156.0 255.255.255.0 vlanif3 10.123.255.52 description to-admin
ip route 11.11.13.0/24 Vlan3 10.123.255.52 name to-admin		ip route-static 10.119.158.0 255.255.255.0 vlanif3 10.123.255.52 description to-admin
ip route 11.11.14.0/24 Vlan3 10.123.255.52 name to-admin		ip route-static 10.119.159.0 255.255.255.0 vlanif3 10.123.255.52 description to-admin
STP
spanning-tree pathcost method long	生成树修改和思科对应的RSTP，路径开销算法思科long对应华为默认dot1t（IEEE 802.1t）	stp mode rstp
spanning-tree port type edge bpduguard default	生成树修改和思科对应的RSTP，路径开销算法思科long对应华为默认dot1t（IEEE 802.1t）	stp instance 0 root primary
前缀列表
ip prefix-list BGPtoOSPF seq 10 permit 10.0.0.0/24 le 32?		ip ip-prefix BGPtoOSPF index 10 permit 10.0.0.0 24 greater-equal 24 less-equal 32
ip prefix-list BGPtoOSPF seq 20 permit 10.1.1.0/24 le 32?		ip ip-prefix BGPtoOSPF index 20 permit 10.1.1.0 24 greater-equal 24 less-equal 32
ip prefix-list BGPtoOSPF seq 30 permit 10.2.2.0/24 le 32?		ip ip-prefix BGPtoOSPF index 30 permit 10.2.2.0 24 greater-equal 24 less-equal 32
路由策略
route-map BGPtoOSPF permit 10		route-policy BGPtoOSPF permit node 10
? match ip address prefix-list BGPtoOSPF?		?if-match ip-prefix BGPtoOSPF
? set metric-type type-1		?apply cost-type type-1
route-map SET-Community permit 10		route-policy SET-Community permit node 10
? match ip address prefix-list 1111?		?if-match ip-prefix 1111
? set community 65000:1000		?apply community 65000:1000

VRF
vrf context management		ip vpn-instance management ?ipv4-family
? ip route 0.0.0.0/0 20.0.0.1		ip route-static 0.0.0.0 0 vpn-instance management 20.0.0.1
VPC/M-LAG
vpc domain 10		dfs-group 1
? role priority 150		?priority 150
? peer-keepalive destination 1.1.1.2 source 1.1.1.1 vrf vpk1		?source ip? 1.1.1.1 vpn-instance vpk1
		?dual-active detection enhanced enable



		stp bridge-address xxxx-xxxx-xxxx stp mode rstp stp v-stp enable stp instance 0 root primary stp flush disable

interface port-channel1		interface Eth-Trunk0
? switchport		?mode lacp-static
? switchport mode trunk		?peer-link 1
? spanning-tree port type network		?port vlan exclude 1???
? vpc peer-link



interface port-channel2		interface Eth-Trunk2
? vrf member management		?undo portswitch
? ip address 1.1.1.1/30		?ip binding vpn-instance management
		?ip address? 1.1.1.1 255.255.255.252

三层接口
interface Vlan100		interface Vlanif100
? no shutdown		? undo shutdown
? no ip redirects		? ip address 10.10.10.2 29
? ip address? 10.10.10.2/29		? vrrp vrid 20 virtual-ip? 10.10.10.1
? no ipv6 redirects		? vrrp vrid 20 priority 150
? hsrp version 2		? vrrp vrid 20 preempt timer delay 120
? hsrp 20
??? preempt delay minimum 120 reload 120?
??? priority 150
??? ip? 10.10.10.1


聚合接口

interface port-channel50		interface Eth-Trunk50
? switchport		?port link-type trunk
? switchport mode trunk		?undo port trunk allow-pass vlan 1
? vpc 50		?port trunk allow-pass vlan 2 to 4094
		?? dfs-group 1 m-lag 50
		? undo shutdown

物理接口
interface Ethernet1/4		interface 10GE1/0/4
? switchport		? undo shutdown
? switchport access vlan 98		? eth-trunk 4
? channel-group 4 mode active
? no shutdown

interface Ethernet1/5		interface 10GE1/0/5
? switchport		? undo shutdown
? switchport mode trunk		? eth-trunk 99
? channel-group 99 mode active

interface Ethernet1/48	镜像口	observe-port 1 interface 10GE1/0/48
? description Connect to TA10-02_3/1/x13
? switchport
? switchport monitor
? no shutdown


登陆
line console		user-interface con 0
? exec-timeout 5		idle-timeout 5 0


line vty		user-interface vty 0 4
? exec-timeout 5		?idle-timeout 5 0
? access-class 90 in		?acl 2090 inbound
		?authentication-mode aaa
		?protocol inbound ssh

OSPF
router ospf 1		ospf 1 router-id 1.1.1.1
? router-id 1.1.1.1		? silent-interface all
? redistribute static route-map StatictoOSPF		? undo silent-interface Eth-Trunk3
? redistribute bgp 65000 route-map BGPtoOSPF		? undo silent-interface 10GE1/0/5
? passive-interface default		? undo silent-interface 10GE1/0/9
		? import-route static route-policy StatictoOSPF
		? import-route bgp route-policy BGPtoOSPF
interface port-channel3
? ip address 10.10.255.57/30		area 0.0.0.0
? ip ospf network point-to-point		? network 10.10.255.56 0.0.0.3
? no ip ospf passive-interface		? network 10.10.255.60 0.0.0.3
? ip router ospf 1 area 0.0.0.0		? network 10.10.255.72 0.0.0.3


interface Ethernet1/5
? ip address 10.10.255.73/30
? ip ospf network point-to-point
? no ip ospf passive-interface
? ip router ospf 1 area 0.0.0.0
? no shutdown


interface Ethernet1/9
? ip address 10.10.255.61/30
? ip ospf network point-to-point
? no ip ospf passive-interface
? ip router ospf 1 area 0.0.0.0
? no shutdown

BGP
router bgp 65100		bgp 65100
? router-id 1.1.1.1		?router-id 1.1.1.1
? bestpath always-compare-med	比较不同AS的MED	compare-different-as-med
		peer 20.10.255.58 as-number 65405
		peer 20.10.203.30 as-number 65010
		peer 20.10.165.25 as-number 65502
? address-family ipv4 unicast		ipv4-family unicas
??? network 9.0.0.1/32		? network 9.0.0.1 255.255.255.255
??? network 10.20.238.113/32		? network 10.20.238.113 255.255.255.255
??? network 10.20.241.0/24		? network 10.20.241.0 255.255.255.0
? neighbor 20.10.255.58		? peer 20.10.255.58 enable
??? remote-as 65405		? peer 20.10.255.58 next-hop-local
??? address-family ipv4 unicast		? peer 20.10.255.58 advertise-community
????? send-community		? peer 20.10.255.58 advertise-ext-community
????? send-community extended		? peer 20.10.203.30 enable
????? next-hop-self		? peer 20.10.203.30 route-policy SET-Community export
? neighbor 20.10.203.30		? peer 20.10.203.30 advertise-community
??? remote-as 65010		? peer 20.10.203.30 advertise-ext-community
??? address-family ipv4 unicast		? peer 20.10.165.25 enable
????? send-community		? peer 20.10.165.25 route-policy SET-Community export
????? send-community extended		? peer 20.10.165.25 advertise-community
????? route-map SET-Community out		? peer 20.10.165.25 advertise-ext-community
? neighbor? 20.10.165.25
??? remote-as 65502
??? address-family ipv4 unicast
????? send-community
????? send-community extended
????? route-map SET-Community out

流量镜像
monitor session 2?
? source interface port-channel3 both		interface Eth-Trunk3 ? port-mirroring observe-port 1 inbound ? port-mirroring observe-port 1 outbound
? source interface port-channel6 both		interface Eth-Trunk6 ? port-mirroring observe-port 1 inbound ? port-mirroring observe-port 1 outbound
? destination interface Ethernet1/48		observe-port 1 interface 10GE1/0/48
? no shut


日志功能
logging logfile messages 6		info-center loghost source MEth0/0/0
logging server 20.20.20.2 6 use-vrf management		info-center loghost 20.20.20.2 vpn-instance management
logging server 30.30.30.3 5 use-vrf management		info-center loghost 30.30.30.3 vpn-instance management
logging source-interface mgmt0		info-center timestamp debugging format-date precision-time tenth-second
logging timestamp microseconds		info-center timestamp log format-date precision-time millisecond
		undo info-center statistic-suppress enable
		info-center logbuffer size 1024