华为零配置开局
在零配置设备部署场景中,如果用户指定配置文件,配置文件第一行需要指定版本号。版本号需要和软件大包的版本一致,否则可能会导致设备实际生效的配置与配置文件不一致
注意
所用文件名及说明
/home/config/为sftp服务器工作目录
/home/config/cfg/为交换机配置文件存放目录
交换机下载文件命名格式esn_ip.cfg
lswnet.cfg存放与sftp工作目录,文件内容中指定了交换机下载文件所在目录、下载内容,以及交换机唯一标识(esn或mac)
monitor_cfg.sh监控/home/config/cfg/目录下文件变化并更新lswnet.cfg文件
monitor_cfg.service以服务方式运行monitor_cfg.sh脚本
配置文件服务器
vim /home/config/lswnet.cfgesn=xxxx;vrpfile=s57li_easy_V200R022C00.cc;vrpver=V200R022C00SPC100;patchfile=s57li_easy_V200R022C00.pat;cfgfile=/cfg/esn_ip.cfg;配置DHCP
提示
将sftp服务器用户名、密码以及配置文件名下发至零配置开局交换机,配置文件中包含设备唯一标识及对应该设备的配置
ip pool easy-operation
gateway-list x.x.x.
network x.x.x.0 mask 255.255.255.0
option 66 ascii sftp://tftpuser:password@192.168.4.6:10020
option 146 ascii netfile=lswnet.cfg;交换机下行口
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 10
port hybrid untagged vlan 10更新lswnet.cfg文件
安装inotifywait
yum install inotify-tools编写服务文件
vim /etc/systemd/system/monitor_cfg.service[Unit]
Description=Directory Monitor for /home/config/cfg
After=network.target
[Service]
Type=simple
ExecStart=/home/config/monitor_cfg.sh
Restart=always
RestartSec=5
User=root
[Install]
WantedBy=multi-user.target- 启用服务
systemctl daemon-reexec
systemctl daemon-reload
systemctl enable --now monitory_cfg.servicemonitor_cfg.sh脚本
#!/bin/bash
WATCH_DIR="/home/config/cfg"
TARGET_FILE="/home/config/lswnet.cfg"
LOG_FILE="/home/config/monitor.log"
echo "$(date) - Monitor started" >> "$LOG_FILE"
generate_cfg_index() {
# 清空旧内容,重新生成 lswnet.cfg
declare -a lines=()
for file in "$WATCH_DIR"/*_*.cfg; do
[[ -f "$file" ]] || continue
base_name=$(basename "$file" .cfg)
name_prefix=$(echo "$base_name" | sed -E 's/([a-zA-Z0-9]+)_([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)$/\1/')
lines+=("esn=$name_prefix;cfgfile=cfg/$base_name.cfg")
done
printf "%s\n" "${lines[@]}" > "$TARGET_FILE"
echo "$(date) - Regenerated: $TARGET_FILE" >> "$LOG_FILE"
}
while true; do
inotifywait -m -r -e modify,create,delete,move "$WATCH_DIR" |
while read path action file; do
echo "$(date) - Detected: $action $file" >> "$LOG_FILE"
generate_cfg_index
done
# inotifywait 异常退出后重启
echo "$(date) - inotifywait exited, restarting in 5s..." >> "$LOG_FILE"
sleep 5
done上传交换机配置文件至sftp服务器
S5736.cfg
sysname {mgmt_ip}
vlan batch {all_vlan}
#
stp mode rstp
stp bpdu-protection
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name multi_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name wsx
dot1x-access-profile wsx
mac-access-profile wsx
access-domain wsx force
#
http server-source -i MEth0/0/1
#
radius-server template default
radius-server template wsx
radius-server shared-key cipher 共享密钥
radius-server authentication 10.1.1.1 1812 weight 100
radius-server authentication 10.1.1.2 1812 weight 80
radius-server accounting 10.1.1.1 1813 weight 100
radius-server accounting 10.1.1.2 1813 weight 80
#
pki realm default
certificate-check none
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-mode local
authentication-scheme wsx
authentication-mode radius
authentication-scheme radius
authentication-mode radius
authorization-scheme default
authorization-mode local
accounting-scheme default
accounting-mode none
domain default
authentication-scheme radius
accounting-scheme default
radius-server default
domain default_admin
authentication-scheme default
accounting-scheme default
domain wsx
authentication-scheme wsx
accounting-scheme default
radius-server wsx
undo local-user password change-offline enable
undo local-aaa-user change-password verify
local-user {username} password irreversible-cipher {passwd}
local-user {username} privilege level 15
local-user {username} service-type ssh
#
ntp-service server disable
ntp-service ipv6 server disable
ntp-service unicast-server 10.x.x.x
#
interface Vlanif1
#
interface Vlanif {mgmt_vlan}
ip address {mgmt_ip} {netmask}
#
interface MEth0/0/1
undo ip address
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/3
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/4
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/5
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/6
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/7
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/8
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/9
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/10
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/11
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/12
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/13
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/14
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/15
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/16
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/17
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/18
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/19
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/20
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/21
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/22
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/23
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/24
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/25
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/26
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/27
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/28
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/29
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/30
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/31
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/32
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/33
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/34
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/35
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/36
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/37
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/38
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/39
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/40
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/41
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/42
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/43
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/44
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/45
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/46
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/47
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface GigabitEthernet0/0/48
port link-type hybrid
port hybrid pvid vlan {vlanid}
undo port hybrid vlan 1
port hybrid untagged vlan {vlanid}
stp edged-port enable
#
interface XGigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan {all_vlan}
#
interface XGigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan {all_vlan}
#
interface XGigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan {all_vlan}
#
interface XGigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan {all_vlan}
#
interface NULL0
#
undo icmp name timestamp-request receive
#
ip route-static 0.0.0.0 0.0.0.0 {gateway}
#
snmp-agent
snmp-agent community read cipher 团体名
snmp-agent sys-info version v2c v3
undo snmp-agent protocol source-status all-interface
snmp-agent protocol source-interface Vlanif{mgmt_vlan}
undo snmp-agent protocol source-status ipv6 all-interface
#
stelnet server enable
ssh user {username}
ssh user {username} authentication-type password
ssh user {username} service-type stelnet
ssh server-source all-interface
#
command-privilege level 1 view shell display current-configuration
#
user-interface con 0
authentication-mode password
set authentication password cipher console密码
user-interface vty 0 4
authentication-mode aaa
user-interface vty 16 20
#
dot1x-access-profile name dot1x_access_profile
dot1x-access-profile name wsx
#
mac-access-profile name mac_access_profile
mac-access-profile name wsx
#
ops
#
remote-unit
#
return