V5 的配置改成v7的 大佬指点一下
- 0关注
- 0收藏,53浏览
问题描述:
V5 的配置改成v7的 大佬指点一下
clock timezone beijing add 08:00:00
#
super password sim 1111111
#
dhcp relay server-group 1 ip 192.168.0.19
dhcp relay server-group 2 ip 192.168.59.19
#
domain default enable jinluo
#
ipv6
#
telnet server enable
#
ip ttl-expires enable
ip unreachables enable
#
bfd echo-source-ip 1.0.0.1
#
switch-mode standard
switch-mode normal slot 4
switch-mode normal slot 6
#
switch-mode route-normal
#
password-recovery enable
#radius scheme portal
server-type extended
primary authentication 192.168.0.26
primary accounting 192.168.0.26
key authentication cipher $c$3$2baOEGiQ0pU5BCdg23l2iOWWkkN6MpuThQ==
key accounting cipher $c$3$yEeQleWzxPpvIhJLNovHuIwwjQTRIFbLew==
user-name-format without-domain
nas-ip 192.168.249.254
radius scheme login
primary authentication 192.168.0.26
primary accounting 192.168.0.26
key authentication cipher $c$3$Xr3dbX1AsdmLSlBA8mXE++sRacRUDwayMQ==
key accounting cipher $c$3$sM8CKduzCuOSKbLcuWbsMeDk+w8KaVxojA==
user-name-format without-domain
nas-ip 192.168.249.254
#
domain jinluo domain name jinluo
authentication login radius-scheme login local
authorization login radius-scheme login local
accounting login radius-scheme login local
authentication portal radius-scheme portal
authorization portal radius-scheme portal
accounting portal radius-scheme portal
access-limit disable
state active
idle-cut disable
self-service-url disable
accounting optional
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#nqa entry imclinktopologypleaseignore ping
type icmp-echo
destination ip 192.168.249.253
frequency 270000
#
mac-address blackhole c400-ad67-93df vlan 93
mac-address blackhole dc65-55b0-84fe vlan 93
mac-address blackhole dc65-55b0-7bba vlan 93
mac-address blackhole dc65-55b0-8531 vlan 93
mac-address blackhole dc65-55b0-8d8d vlan 93
mac-address blackhole c42f-9012-8972 vlan 93
mac-address blackhole ecc8-9c7b-7a4f vlan 93
mac-address blackhole a414-377c-97d3 vlan 93
mac-address blackhole a414-377c-977b vlan 93
mac-address blackhole 44a6-42f4-743f vlan 93
mac-address blackhole d8b0-4cd9-e19b vlan 93
mac-address blackhole c42f-9012-8a2a vlan 93
#
ip ip-prefix Static2Ospf index 10 permit 192.168.249.248 32
ip ip-prefix Static2Ospf index 20 permit 192.168.249.250 32
ip ip-prefix Static2Ospf index 30 permit 192.168.249.251 32
ip ip-prefix Static2Ospf index 40 permit 192.168.249.252 32
ip ip-prefix Static2Ospf index 50 permit 10.12.0.0 23
ip ip-prefix Static2Ospf index 60 permit 192.168.95.0 24
#
ip route-static 0.0.0.0 0.0.0.0 10.102.1.5 track 1 preference 100
ip route-static 0.0.0.0 0.0.0.0 10.103.1.9 preference 200 description "新屠宰-防火墙"
ip route-static 10.12.0.0 255.255.254.0 10.103.1.20 description "wifi-guest"
ip route-static 192.168.249.248 255.255.255.255 10.103.1.9
ip route-static 192.168.249.250 255.255.255.255 10.103.1.9
ip route-static 192.168.249.251 255.255.255.255 10.103.1.21
ip route-static 192.168.249.252 255.255.255.255 10.103.1.22
#
ipv6 route-static :: 0 FD00:86:2004:1022::1
#
info-center source DHCP channel 4 log state off
info-center source DHCPS channel 4 log state off
info-center loghost 192.168.0.26
undo info-center logfile enable
#
snmp-agent
snmp-agent local-engineid 800063A2035CDD70035FA5
snmp-agent community read jinluo-r acl 2000
snmp-agent community write jinluo-w acl 2000
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 192.168.0.26 params securityname jinluo-r
#
track 1 bfd echo interface Vlan-interface1022 remote ip 10.102.1.5 local ip 10.102.1.6
#
dhcp enable
#
nqa schedule imclinktopologypleaseignore ping start-time now lifetime 630720000
#
ntp-service unicast-server 192.168.0.10
#
qos vlan-policy BanGong vlan 93 inbound
qos vlan-policy BanGong vlan 95 inbound
qos vlan-policy BanGong vlan 92 inbound
#
load xml-configuration
#
load tr069-configuration
#
user-interface aux 0 1
user-interface vty 0 15
acl 2001 inbound
acl ipv6 2001 inbound
authentication-mode scheme
user privilege level 3
set authentication password cipher $c$3$rMQeAThH6pYWfXXqbSz58nm6VTvYN5q7XUnAW/o=
#
return
V5 到 V7 核心差异速查
这份速查表整理了您配置中涉及的核心命令变化,是翻译配置时最常用到的:
| V5 命令 | V7 命令 (差异与说明) |
|---|---|
clock timezone beijing add 08:00:00 | clock timezone beijing add 08:00:00 (命令本身通用,但需确认 add 参数是否仍需指定) |
super password sim 1111111 | super password simple 1111111 (sim 变更为 simple) |
dhcp relay server-group 1 ip 192.168.0.19 | dhcp relay server-group 1server 192.168.0.19 (需要分两步配置) |
domain default enable jinluo | domain jinluodomain default enable jinluo (需要先创建domain) |
telnet server enable | telnet server enable (命令通用) |
bfd echo-source-ip 1.0.0.1 | bfd echo-source-ip 1.0.0.1 (命令通用) |
ip ip-prefix Static2Ospf index 10 permit 192.168.249.248 32 | ip prefix-list Static2Ospf index 10 permit 192.168.249.248 32 (ip ip-prefix 变为 ip prefix-list,命令更简洁) |
track 1 bfd echo interface Vlan-interface1022 remote ip 10.102.1.5 local ip 10.102.1.6 | track 1 bfd echo interface Vlan-interface1022 remote ip 10.102.1.5 local ip 10.102.1.6 (命令通用,但对端不需要配置BFD) |
ntp-service unicast-server 192.168.0.10 | ntp-service enablentp-service unicast-server 192.168.0.10 (需要先开启NTP服务) |
snmp-agent community read jinluo-r acl 2000 | snmp-agent community read jinluo-rsnmp-agent community write jinluo-wsnmp-agent community acl 2000 (建议分步配置,将ACL绑定到Community) |
user-interface vty 0 15acl 2001 inboundauthentication-mode schemeuser privilege level 3 | user-interface vty 0 15acl 2001 inboundauthentication-mode schemeuser-role network-admin (user privilege level 命令被废除,使用 user-role 替代) |
📝 配置翻译详解
下面是一些核心模块的详细翻译和解释。
🔌 基础与网络连通性
1. 系统时钟与时区
# V5 clock timezone beijing add 08:00:00# V7 clock timezone beijing add 08:00:00
⚠️ 特别注意:在配置clock timezone时,务必确认命令格式。在某些V7版本中,需要去掉add参数,直接写为clock timezone beijing 08:00:00。这是一个关键差异,若不确定,可以?查看在线帮助。2. BFD (双向转发检测)
# V5 bfd echo-source-ip 1.0.0.1# V7 bfd echo-source-ip 1.0.0.1track与bfd echo联动的配置在 V7 中依然有效。只要本端配置了bfd echo-source-ip,对端无需配置BFD,只需将收到的 Echo 报文转发回本端即可。3. NTP (网络时间协议)
# V5 ntp-service unicast-server 192.168.0.10
# V7 ntp-service enable # V7 需要先手动开启NTP服务 ntp-service unicast-server 192.168.0.104. DHCP Relay (DHCP中继)
# V5 dhcp relay server-group 1 ip 192.168.0.19# V7 dhcp relay server-group 1 server 192.168.0.195. 黑洞MAC地址 (MAC Address Blackhole)
# V5 mac-address blackhole c400-ad67-93df vlan 93# V7 mac-address blackhole c400-ad67-93df vlan 93
V7 配置黑洞MAC的命令与V5完全相同。这是一种静态MAC地址表项,用于丢弃源或目的MAC为指定地址的报文。
🔐 AAA与用户管理
1. RADIUS Scheme (RADIUS方案)
# V5
radius scheme
portal server-type extended
primary authentication 192.168.0.26
primary accounting 192.168.0.26
key authentication cipher $c$3$2baOEGiQ0pU5BCdg23l2iOWWkkN6MpuThQ==
key accounting cipher $c$3$yEeQleWzxPpvIhJLNovHuIwwjQTRIFbLew==
user-name-format without-domain
nas-ip 192.168.249.254# V7
radius scheme
portal primary authentication 192.168.0.26
primary accounting 192.168.0.26
key authentication cipher $c$3$2baOEGiQ0pU5BCdg23l2iOWWkkN6MpuThQ==
key accounting cipher $c$3$yEeQleWzxPpvIhJLNovHuIwwjQTRIFbLew==
user-name-format without-domain
nas-ip 192.168.249.254server-type extended在V7中已废除,但使用cipher加密的密码可以直接复用。2. ISP Domain (ISP域)
# V5
domain jinluo
authentication login radius-scheme login local
authorization login radius-scheme login local
accounting login radius-scheme login local
authentication portal radius-scheme portal
authorization portal radius-scheme portal
accounting portal radius-scheme portal# V7
domain jinluo authentication login radius-scheme login local
authorization login radius-scheme login local
accounting login radius-scheme login local
authentication portal radius-scheme portal
authorization portal radius-scheme portal
accounting portal radius-scheme portal
V5和V7在domain视图下的AAA配置方法完全相同。domain default enable jinluo命令也通用。3. User-Interface (用户接口)
# V5
user-interface vty 0 15
acl 2001 inbound
authentication-mode scheme
user privilege level 3# V7
user-interface vty 0 15
acl 2001 inbound
authentication-mode scheme
user-role network-admin
# V7 使用 user-role 代替 privilege level
⚠️ 特别注意:user privilege level命令在V7中已被user-role命令取代。您需要根据需求选择合适的用户角色,常用的有network-admin(等同于V5的level 3) 和network-operator(等同于level 1)。
📊 路由策略与静态路由
1. 地址前缀列表 (IP Prefix-List)
# V5 ip ip-prefix Static2Ospf index 10 permit 192.168.249.248 32# V7 ip prefix-list Static2Ospf index 10 permit 192.168.249.248 32
命令从ip ip-prefix变更为ip prefix-list,语法更简洁。这条命令的作用是匹配一条精确的主机路由。在route-policy中引用时,if-match子句后的命令也从ip address prefix-list变更为ip address prefix-list。2. 静态路由 (Static Route)
# V5 ip route-static 0.0.0.0 0.0.0.0 10.102.1.5 track 1 preference 100# V7 ip route-static 0.0.0.0 0.0.0.0 10.102.1.5 track 1 preference 100
此命令完全通用。
1. 时区配置不变:
clock timezone beijing add 08:00:00
2. 超级密码:
super password simple 1111111(V7兼容该写法,如需基于角色控制可额外配置user-role绑定)
3. DHCP中继服务器组(V7需进组视图配置):
dhcp relay server-group 1
ip 192.168.0.19
dhcp relay server-group 2
ip 192.168.59.19
4. 默认域配置不变:
domain default enable jinluo
5. IPv6全局开启配置不变:
ipv6
6. Telnet服务配置不变:
telnet server enable(额外提醒:V7要求登录用户需绑定service-type telnet否则无法登录)
7. ICMP差错报文开启(V7需加enable后缀):
ip ttl-expires enable
ip unreachables enable
暂无评论
一、V5 → V7 完整转换结果(可直接用)
# 时钟
clock timezone beijing offset 08:00:00
# 超级密码(V7 已合并到本地用户)
local-user admin class manage
password simple 1111111
service-type ssh telnet terminal
authorization-attribute user-role network-admin
authorization-attribute user-role level-3
# DHCP 中继
dhcp relay server-group 1 ip 192.168.0.19
dhcp relay server-group 2 ip 192.168.59.19
# 域名
domain default enable jinluo
# IPv6
ipv6
# TELNET
telnet server enable
# IP 异常报文
ip ttl-expires enable
ip unreachables enable
# BFD
bfd echo-source-ip 1.0.0.1
# 交换模式(V7 自动适配,无需配置)
# switch-mode standard
# switch-mode normal slot 4
# switch-mode normal slot 6
# switch-mode route-normal
# 密码恢复
password-recovery enable
# RADIUS scheme portal
radius scheme portal
server-type extended
primary authentication 192.168.0.26
primary accounting 192.168.0.26
key authentication cipher $c$3$2baOEGiQ0pU5BCdg23l2iOWWkkN6MpuThQ==
key accounting cipher $c$3$yEeQleWzxPpvIhJLNovHuIwwjQTRIFbLew==
user-name-format without-domain
nas-ip 192.168.249.254
# RADIUS scheme login
radius scheme login
primary authentication 192.168.0.26
primary accounting 192.168.0.26
key authentication cipher $c$3$Xr3dbX1AsdmLSlBA8mXE++sRacRUDwayMQ==
key accounting cipher $c$3$sM8CKduzCuOSKbLcuWbsMeDk+w8KaVxojA==
user-name-format without-domain
nas-ip 192.168.249.254
# 域 jinluo
domain jinluo
authentication login radius-scheme login local
authorization login radius-scheme login local
accounting login radius-scheme login local
authentication portal radius-scheme portal local
authorization portal radius-scheme portal local
accounting portal radius-scheme portal local
access-limit disable
state active
idle-cut disable
accounting optional
# 域 system
domain system
access-limit disable
state active
idle-cut disable
# NQA(V7 语法)
nqa entry imclinktopologypleaseignore ping
type icmp-echo
destination ip 192.168.249.253
frequency 270000
# 黑洞 MAC
mac-address blackhole c400-ad67-93df vlan 93
mac-address blackhole dc65-55b0-84fe vlan 93
mac-address blackhole dc65-55b0-7bba vlan 93
mac-address blackhole dc65-55b0-8531 vlan 93
mac-address blackhole dc65-55b0-8d8d vlan 93
mac-address blackhole c42f-9012-8972 vlan 93
mac-address blackhole ecc8-9c7b-7a4f vlan 93
mac-address blackhole a414-377c-97d3 vlan 93
mac-address blackhole a414-377c-977b vlan 93
mac-address blackhole 44a6-42f4-743f vlan 93
mac-address blackhole d8b0-4cd9-e19b vlan 93
mac-address blackhole c42f-9012-8a2a vlan 93
# 前缀列表
ip prefix-list Static2Ospf index 10 permit 192.168.249.248 32
ip prefix-list Static2Ospf index 20 permit 192.168.249.250 32
ip prefix-list Static2Ospf index 30 permit 192.168.249.251 32
ip prefix-list Static2Ospf index 40 permit 192.168.249.252 32
ip prefix-list Static2Ospf index 50 permit 10.12.0.0 23
ip prefix-list Static2Ospf index 60 permit 192.168.95.0 24
# 静态路由
ip route-static 0.0.0.0 0.0.0.0 10.102.1.5 track 1 preference 100
ip route-static 0.0.0.0 0.0.0.0 10.103.1.9 preference 200 description "新屠宰-防火墙"
ip route-static 10.12.0.0 255.255.254.0 10.103.1.20 description "wifi-guest"
ip route-static 192.168.249.248 255.255.255.255 10.103.1.9
ip route-static 192.168.249.250 255.255.255.255 10.103.1.9
ip route-static 192.168.249.251 255.255.255.255 10.103.1.21
ip route-static 192.168.249.252 255.255.255.255 10.103.1.22
# IPv6 路由
ipv6 route-static :: 0 FD00:86:2004:1022::1
# 日志
info-center source DHCP channel 4 log disable
info-center source DHCPS channel 4 log disable
info-center loghost 192.168.0.26
undo info-center logfile enable
# SNMP
snmp-agent
snmp-agent community read jinluo-r acl 2000
snmp-agent community write jinluo-w acl 2000
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 192.168.0.26 params securityname jinluo-r v2c
# Track
track 1 bfd echo interface Vlan-interface1022 remote 10.102.1.5 local 10.102.1.6
# DHCP 使能
dhcp enable
# NQA 调度
nqa schedule imclinktopologypleaseignore ping start-time now lifetime forever
# NTP
ntp-service unicast-server 192.168.0.10
# QOS
qos vlan-policy BanGong vlan 93 inbound
qos vlan-policy BanGong vlan 95 inbound
qos vlan-policy BanGong vlan 92 inbound
# 用户线路
user-interface aux 0 1
user-role network-admin
user-interface vty 0 15
acl 2001 inbound
acl ipv6 2001 inbound
authentication-mode scheme
user-role network-admin
user-role level-3
set authentication password cipher $c$3$rMQeAThH6pYWfXXqbSz58nm6VTvYN5q7XUnAW/o=
# 保存
save
二、最关键的 V5 → V7 变化(你必须知道)
1. 超级密码
- V5:
super password - V7:取消,改用
local-user + user-role network-admin
2. 前缀列表
- V5:
ip ip-prefix - V7:
ip prefix-list
3. Radius/Potal/ 域
- V5:
authentication portal radius-scheme portal - V7:必须加
local做备份plaintextauthentication portal radius-scheme portal **local**
4. 日志关闭
- V5:
state off - V7:
log disable
5. SNMP trap
- V5:自动 v2c
- V7:必须加
v2c
6. switch-mode
- V7 全部删掉,不需要配置
三、你可以直接用
- 时间
- 密码
- DHCP 中继
- Radius + 域
- MAC 黑洞
- 前缀列表
- 静态路由 + Track + BFD
- NQA
- NTP
- SNMP
- 日志
- QOS
- 用户线路
暂无评论
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论