枫飞天翔的博客

枫飞天翔的博客

ACL命令

对S3526交换机做端口限速

s3528p不同网段间的限制访问问题

识别是3层还是2层交换机(华为)

freebsd下添加双线静态路由

line-rate命令详细介绍

华为2403二层交换机一些命令的应用

华为交换机防止同网段ARP欺骗攻击配置案例

dell服务器错误代码

cisco2924不小心清除了nvrom

搜索文章

最新评论

博客信息

1.1.1 acl

1.1.2 display acl config

1.1.3 display acl running-packet-filter all

1.1.4 display time-range

1.1.6 reset acl counter

1.1.7 rule

1.1.1 acl

1.1.2 display acl config

1.1.3 display acl running-packet-filter all

1.1.4 display time-range

1.1.5 packet-filter

1.1.6 reset acl counter

1.1.7 rule

1. 定义或删除基本访问控制列表的子规则

2. 定义或删除高级访问控制列表的子规则

3. 定义或删除二层访问控制列表的子规则

4. 定义或删除用户自定义访问控制列表的子规则

华为设备防病毒acl配置

1. 定义或删除基本访问控制列表的子规则

2. 定义或删除高级访问控制列表的子规则

3. 定义或删除二层访问控制列表的子规则

4. 定义或删除用户自定义访问控制列表的子规则

华为设备防病毒acl配置

【命令】

acl { number acl-number | name acl-name [ advanced | basic | link | user ] }[ match-order { config | auto } ]

undo acl { number acl-number | name acl-name | all }

【视图】

系统视图

【参数】

number acl-number：访问列表序号，取值范围为:

2000～2999：表示基本访问控制列表。

3000～3999：表示高级访问控制列表。

4000～4999：表示二层访问控制列表。

5000～5999：表示用户自定义访问控制列表。

name acl-name：字符串参数，必须以英文字母（即[a-z,A-Z]）开始，而且中间不能有空格和引号；不区分大小写，不允许使用all、any关键字。

advanced：表示高级访问控制列表。

basic：表示基本访问控制列表。

link：表示二层访问控制列表。

user：表示用户自定义访问控制列表。

config：表示匹配访问列表的规则时按用户的配置顺序。

auto：表示匹配访问列表的规则时按深度优先顺序。

all：表示要删除所有的访问列表（包括数字标识的和名字标识的）。

【描述】

acl命令用来定义一条数字或名字标识的访问控制列表，并进入相应的访问控制列表视图，undo acl命令用来删除一条数字或名字标识的访问控制列表的所有子项，或者删除全部访问控制列表。

缺省情况下，按照config顺序匹配访问控制列表。

acl命令可以创建一个以“acl-name”命名的访问控制列表，此访问控制列表的类型由“advanced”、“basic”、“link”、“user”关键字决定。无论数字型还是名字型，进入相应的访问列表视图之后，可以用rule命令增加此命名访问列表的子项（用quit命令退出访问列表视图）。

可以使用match-order指定匹配顺序是按照用户配置的顺序还是按照深度优先顺序（优先匹配范围小的规则），如果不指定则缺省为用户配置顺序。用户一旦指定一条访问列表的匹配顺序后，就不能再更改，除非把该访问列表的子项全部删除，再重新指定其匹配顺序。注意，访问控制列表的匹配顺序特性只在该访问控制列表被软件引用用作数据过滤和分类时有效。

由于芯片不同，各款交换机的子规则硬件匹配顺序不同。具体描述见下表。

表1-1 交换机ACL子规则的硬件匹配顺序

交换机	ACL子规则的硬件匹配顺序
S3000-EI	同一个ACL配置了多个子规则时，硬件匹配顺序是后下发的子规则将会先匹配。

【命令】

display acl config { all | acl-number | acl-name }

【视图】

任意视图

【参数】

all：表示要显示所有的访问列表（包括数字标识的和名字标识的）。

acl-number：要显示的访问列表序号，2000到3999之间的一个数值。

acl-name：要显示的访问列表名字，字符串参数，必须以英文字母（即[a-z,A-Z]）开始，而且中间不能有空格和引号。

【描述】

display acl config命令用来显示访问控制列表的详细配置信息，包括每一个子规则及其序号和该语句匹配的数据包的个数和字节数。

本命令显示信息中的匹配次数是软件匹配次数，即需要经过交换机CPU处理的访问控制列表匹配次数。数据包转发过程中的硬件匹配次数可以使用命令traffic-statistic统计。

【举例】

# 下面的命令显示所有访问列表的内容。

<Quidway>display acl config all

【命令】

display acl running-packet-filter all

【视图】

任意视图

【参数】

无

【描述】

display acl running-packet-filter all命令用来显示访问控制列表的下发应用信息。显示内容包括访问控制列表名、子项名和下发状态。

【举例】

# 下面的命令显示所有接口的访问列表下发应用信息。

<Quidway> display acl running-packet-filter all

acl std1 rule 0 running

acl std1 rule 1 running

表1-2 显示信息描述表

域名	解释
acl std1 rule 0 running	表示访问控制列表std1的子规则0正在运行。std1是访问控制列表的名字，rule 0表示子规则0。下面的显示信息类似，不再一一介绍。

域名

解释

acl std1 rule 0 running

表示访问控制列表std1的子规则0正在运行。std1是访问控制列表的名字，rule 0表示子规则0。

下面的显示信息类似，不再一一介绍。

【命令】

display time-range[ all | name ]

【视图】

任意视图

【参数】

all：显示所有的时间段。

name：为时间段的名称，以[a-z,A-Z]为起始字母的字符串，取值范围为1～32个字符。

【描述】

display time-range命令用来显示当前时间段的配置和状态，对于当前处在激活状态的时间段将显示active，对于非激活状态显示inactive。

注意，由于系统更新访问控制列表状态有一个延时，大约1分钟，而display time-range会采用当前时间对其进行判断，所以有可能出现display time-range看到一个时间段已经激活，而引用它的访问控制列表没有激活。这种情况是正常的。

相关配置可参考命令time-range。

【举例】

# 显示所有时间段。

<Quidway> display time-range all

Current time is 14:36:364-3-2003 Thursday

Time-range : hhy ( Inactive )

from 08:302-5-2005 to 18:002-19-2005

Time-range : hhy1 ( Inactive )

from 08:302-5-2003 to 18:002-19-2003

表1-3 显示信息描述表

域名	解释
Current time is 14:36:364-3-2003 Thursday	系统的当前时间。
Time-range : hhy ( Inactive ) from 08:302-5-2005 to 18:002-19-2005	时间范围hhy，Inactive表示该时间范围目前处于非活动状态（active则反之），时间范围为从2005年2月5日8点30分到2005年2月19日18点。下面的显示信息类似，不再一一介绍。

域名

解释

Current time is 14:36:364-3-2003 Thursday

系统的当前时间。

Time-range : hhy ( Inactive )

from 08:302-5-2005 to 18:002-19-2005

时间范围hhy，Inactive表示该时间范围目前处于非活动状态（active则反之），时间范围为从2005年2月5日8点30分到2005年2月19日18点。

下面的显示信息类似，不再一一介绍。

# 显示名字为tm1的时间段。

<Quidway> display time-range tm1

Current time is 14:37:314-3-2003 Thursday

Time-range : tm1 ( Inactive )

from 08:302-5-2005 to 18:002-19-2005

表1-4 显示信息描述表

域名	解释
Current time is 14:36:364-3-2003 Thursday	系统的当前时间。
Time-range : tm1 ( Inactive ) from 08:302-5-2005 to 18:002-19-2005	时间范围hhy，Inactive表示该时间范围目前处于非活动状态（active则反之），时间范围为从2005年2月5日8点30分到2005年2月19日18点。下面的显示信息类似，不再一一介绍。

域名

解释

Current time is 14:36:364-3-2003 Thursday

系统的当前时间。

Time-range : tm1 ( Inactive )

from 08:302-5-2005 to 18:002-19-2005

时间范围hhy，Inactive表示该时间范围目前处于非活动状态（active则反之），时间范围为从2005年2月5日8点30分到2005年2月19日18点。

下面的显示信息类似，不再一一介绍。

packet-filter { user-group { acl-number | acl-name } [ rule rule ] | { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }* }

undo packet-filter { user-group { acl-number | acl-name } [ rule rule ] | { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }* }

【视图】

系统视图

【参数】

user-group { acl-number | acl-name }：表示激活用户自定义的访问控制列表。acl-number：访问控制列表序号，5000到5999之间的一个数值。acl-name：访问控制列表名字，字符串参数，必须以英文字母（即[ a～z，A～Z]）开头，而且中间不能有空格和引号。

ip-group { acl-number | acl-name }：表示激活IP访问控制列表，包括基本、高级访问控制列表。acl-number：访问控制列表序号，2000到3999之间的一个数值。acl-name：访问控制列表名字，字符串参数，必须以英文字母（即[ a～z，A～Z]）开头，而且中间不能有空格和引号。

link-group { acl-number | acl-name }：表示激活二层访问控制列表。acl-number：访问控制列表序号，4000到4999之间的一个数值。acl-name：访问控制列表名字，字符串参数，必须以英文字母（即[a～z，A～Z]）开头，而且中间不能有空格和引号。

rule rule：可选参数，指定激活访问列表中的哪个子项，取值范围为0～127，如果不指定则表示要激活访问列表中的所有子项。

【描述】

packet-filter命令用来激活访问控制列表，undo packet-filter命令用来取消激活。

packet-filter命令支持同时激活二层和IP访问控制列表，但是要求各访问控制列表的动作不互相冲突，如果动作冲突（例如一个是permit另一个是deny）则不能同时激活这些访问控制列表。

【举例】

# 下面的命令同时激活2000号访问控制列表和4000号访问控制列表。

[Quidway] packet-filter ip-group 2000 link-group 4000 rule 0

【命令】

reset acl counter { all | acl-number | acl-name }

【视图】

用户视图

【参数】

all：表示所有的访问列表（包括数字标识的和名字标识的）。

acl-number：访问列表序号，2000到3999之间的一个数值。

acl-name：访问列表名字，字符串参数，必须以英文字母（即[a-z,A-Z]）开始，而且中间不能有空格和引号；不区分大小写，不允许使用all、any关键字。

【描述】

reset acl counter命令用来清除对软件处理的报文过滤和流分类的访问控制列表的统计信息。本命令把访问控制列表被匹配的次数信息清零。

表1-5 统计信息的reset命令的比较

命令	功能
reset acl counter	清除访问控制列表的统计信息。本命令适用于对软件处理的报文过滤和流分类的访问控制列表。ACL被软件引用的情况包括：路由策略引用ACL、对登录用户进行控制时引用ACL等。在这种情况下，ACL序号的取值范围为2000～3999。
reset traffic-statistic	清除流量统计信息。本命令适用于直接下发到交换机的硬件中用于数据转发过程中的过滤和流分类的访问控制列表。一般情况下，本命令用于将命令traffic-statistic统计的信息清除。

【举例】

# 下面的命令清除2000号访问列表的统计信息。

<Quidway> reset acl counter 2000

【命令】

rule [ rule-id ] { permit | deny } [ source source-addr wildcard | any ] [ fragment ] [ time-range name ]

undo rule rule-id[ source ] [ fragment ] [ time-range ]

rule [ rule-id ] { permit | deny } protocol [ source source-addr wildcard | any ] [ destination dest-addr wildcard | any ] [ source-port operator port1 [ port2 ] ] [ destination-port operator port1 [ port2 ] ] [ icmp-type type code ] [ established ] [ [ precedence precedence | tos tos ]* | dscp dscp ] [ fragment ] [ time-range name ]

undo rule rule-id[ source ] [ destination ] [ source-port ] [ destination-port ] [ icmp-type ] [ precedence ] [ tos ] [ dscp ] [ fragment ] [ time-range ]

rule [ rule-id ]{ permit | deny } [ protocol ] [ cos vlan-pri ] [ ingress { { source-vlan-id | source-mac-addr source-mac-wildcard | interface { interface-name | interface-type interface-num } }* | any } ] [ egress { { dest-mac-addr dest-mac-wildcard | interface { interface-name | interface-type interface-num } }* | any } ] [ time-range name ]

undo rule rule-id

rule [ rule-id ] { permit | deny } { rule-string rule-mask offset }&<1-8> [ time-range name ]

undo rule rule-id

【视图】

相应的访问控制列表视图

【参数】

rule-id：指定访问控制列表的子项，取值范围为0～127。

permit：表明允许满足条件的报文通过。

deny：表明禁止满足条件的报文通过。

time-range name：时间段的名称，可选参数，表示该规则在此时间段内有效。

& 说明：

以下的参数是数据包携带的各种属性参数，访问控制列表就是根据这些属性参数的取值制定规则。

l 下面是基本访问控制列表特有的参数：

source source-addr wildcard | any：source-addr wildcard表示源IP地址和源地址通配位，点分十进制表示；any表示所有源地址。本参数适用于定义基本访问控制列表。

fragment：表示此条规则仅对分片报文有效。如果不选择本参数则表示本规则不以报文是否分片作为依据对报文进行过滤。本参数适用于定义基本访问控制列表。

l 下面是高级访问控制列表特有的参数：

protocol：本参数用来指定协议类型。协议类型可以使用名字表示，也可以使用数字表示。在使用名字表示时，该参数可以取值icmp、igmp、tcp、udp、ip、gre、ospf、ipinip等。如果本参数取值为IP，表示所有的IP协议。在使用数字表示时，数字的取值范围为1～255。本参数适用于定义高级访问控制列表。

source source-addr wildcard | any：source-addr wildcard表示源IP地址和源地址通配位，点分十进制表示；any表示所有源地址。本参数适用于定义高级访问控制列表。

destination dest-addr wildcard | any：dest-addr wildcard表示目的IP地址和目的地址通配位，点分十进制表示；any表示所有目的地址。本参数适用于定义高级访问控制列表。

source-port operator port1 [ port2 ]：表示报文使用的源TCP或者UDP端口号。其中operator表示端口操作符，包括eq（等于）、gt(大于)、lt(小于)、neq (不等于)、range(在某个范围内)。注：本参数在protocol参数取值为TCP或UDP时才可用。port1 [ port2 ]：报文使用的TCP或者UDP源端口号，用字符或数字表示。数字的取值范围为0～65535，字符取值请参看端口号助记符表。只有操作符为range时才会同时出现port1 port2两个参数，其它操作符只需port1。本参数适用于定义高级访问控制列表。

destination-port operator port1 [ port2 ]：表示报文使用的目的TCP或者UDP端口号。具体描述同source-port operator port1 [ port2 ]。

icmp-type type code：当protocol参数取值icmp时出现。type code指定一ICMP报文。type代表ICMP报文类型，用字符或数字表示，数字取值范围为0～255； code代表ICMP码，在协议为icmp且没有使用字符表示ICMP报文类型时出现，取值范围是0～255。本参数适用于定义高级访问控制列表。

established：表示此条规则仅对TCP建立连接的第一个SYN报文有效，可选参数，当protocol参数取值tcp时出现。本参数适用于定义高级访问控制列表。

precedence precedence：可选参数，表示IP优先级，取值为0～7的数值或名字。

tos tos：可选参数，数据包可以根据TOS值来分类，取值为0～15的数值或名字。本参数适用于定义高级访问控制列表。

dscp dscp：可选参数，数据包可以根据DSCP值来分类，取值为0～63的数值或名字。本参数适用于定义高级访问控制列表。

fragment：表示此条规则仅对分片报文有效。如果不选择本参数则表示本规则不以报文是否分片作为依据对报文进行过滤。本参数适用于定义高级访问控制列表。

l 下面是二层访问控制列表特有的参数：

protocol：为以太网帧承载的协议类型，可选参数，取值范围为ip、arp、rarp、pppoe-control和pppoe-data。

cos vlan-pri：802.1p优先级，取值范围为0～7。

ingress { { [ source-vlan-id ] [ source-mac-addr source-mac-wildcard ] [ interface { interface-name | interface-type interface-num } ] } | any }：数据包的源信息，[ source-vlan-id ]表示的是数据包的源VLAN，[ source-mac-addr source-mac-wildcard ]表示的是数据包的源MAC地址和MAC地址的通配符，这两个参数共同作用可以得到用户感兴趣的源MAC地址的范围，比如source-mac-wildcard取值为0.0.ffff，则表示用户只对源MAC地址的前32个bit（即通配符中数字0对应的比特位）感兴趣，interface { interface-name | interface-type interface-num }表示的是接收该报文的二层端口，any表示从所有端口接收到的所有报文。

egress { { [ dest-mac-addr dest-mac-wildcard ] [ interface { interface-name | interface-type interface-num } ] } | any }：数据包的目的信息，dest-mac-addr dest-mac-wildcard表示该报文的目的MAC地址和目的MAC地址通配符，这两个参数共同作用可以得到用户感兴趣的目的MAC地址的范围，比如dest-mac-wildcard取值为0.0.ffff，则表示用户只对目的MAC地址的前32个bit（即通配符中数字0对应的比特位）感兴趣，interface { interface-name | interface-type interface-num }表示转发该报文的二层端口，any表示从所有端口转发的所有报文。

l 下面是用户自定义访问控制列表特有的参数：

{ rule-string rule-mask offset }&<1-8>：rule-string是用户自定义的规则字符串，必须是16进制数组成，字符必须是偶数个；rule-mask offset用于提取报文的信息，rule-mask是规则掩码，用于和数据包作“与”操作，offset是偏移量，它以数据包的头部为基准，指定从第几个字节开始进行“与”操作，rule-mask offset共同作用，将从报文提取出来的字符串和用户定义的rule-string比较，找到匹配的报文，然后进行相应的处理。&<1-8>表示则一次最多可以定义8个这样的规则。此参数用于用户自定义的访问控制列表。

【描述】

rule命令用来增加访问控制列表的一条子规则，undo rule命令用来删除一条访问控制列表的其中一个子规则。

用户可以为一条访问控制列表定义多条子?/div>

查看(22) 评论(0) 收藏分享圈子管理

2007-03-13 22:43:20

现创建acl
acl number 100
禁ping
rule  deny icmp source any destination any
用于控制Blaster蠕虫的传播
rule  deny udp source any destination any destination-port eq 69
rule  deny tcp source any destination any destination-port eq 4444
用于控制冲击波病毒的扫描和攻击
rule  deny tcp source any destination any destination-port eq 135
rule  deny udp source any destination any destination-port eq 135
rule  deny udp source any destination any destination-port eq netbios-ns
rule  deny udp source any destination any destination-port eq netbios-dgm
rule  deny tcp source any destination any destination-port eq 139
rule  deny udp source any destination any destination-port eq 139
rule  deny tcp source any destination any destination-port eq 445
rule  deny udp source any destination any destination-port eq 445
rule  deny udp source any destination any destination-port eq 593
rule  deny tcp source any destination any destination-port eq 593
用于控制振荡波的扫描和攻击
rule  deny tcp source any destination any destination-port eq 445
rule  deny tcp source any destination any destination-port eq 5554
rule  deny tcp source any destination any destination-port eq 9995
rule  deny tcp source any destination any destination-port eq 9996
用于控制 Worm_MSBlast.A 蠕虫的传播
rule  deny udp source any destination any destination-port eq 1434
下面的不出名的病毒端口号  （可以不作）
rule  deny tcp source any destination any destination-port eq 1068
rule  deny tcp source any destination any destination-port eq 5800
rule  deny tcp source any destination any destination-port eq 5900
rule  deny tcp source any destination any destination-port eq 10080
rule  deny tcp source any destination any destination-port eq 455
rule  deny udp source any destination any destination-port eq 455
rule  deny tcp source any destination any destination-port eq 3208
rule  deny tcp source any destination any destination-port eq 1871
rule  deny tcp source any destination any destination-port eq 4510
rule  deny udp source any destination any destination-port eq 4334
rule  deny tcp source any destination any destination-port eq 4331
rule  deny tcp source any destination any destination-port eq 4557
然后下发配置
packet-filter ip-group 100
目的：针对目前网上出现的问题，对目的是端口号为1434的UDP报文进行过滤的配置方法，详细和复杂的配置请看配置手册。
 NE80的配置：
NE80(config)#rule-map r1 udp any any eq 1434
//r1为role-map的名字，udp 为关键字，any any 所有源、目的IP，eq为等于，1434为udp端口号
NE80(config)#acl a1 r1 deny
//a1为acl的名字，r1为要绑定的rule-map的名字，
NE80(config-if-Ethernet1/0/0)#access-group acl a1
//在1/0/0接口上绑定acl，acl为关键字，a1为acl的名字
 NE16的配置：
NE16-4(config)#firewall enable all
//首先启动防火墙
NE16-4(config)#access-list 101 deny udp any any eq 1434
//deny为禁止的关键字，针对udp报文，any any 为所有源、目的IP，eq为等于， 1434为udp端口号
NE16-4(config-if-Ethernet2/2/0)#ip access-group 101 in
//在接口上启用access-list，in表示进来的报文，也可以用out表示出去的报文
 中低端路由器的配置
[Router]firewall enable
[Router]acl 101
[Router-acl-101]rule deny udp source any destion any destination-port eq 1434
[Router-Ethernet0]firewall packet-filter 101 inbound
 6506产品的配置：
旧命令行配置如下：
6506(config)#acl extended aaa deny protocol udp any any eq 1434
6506(config-if-Ethernet5/0/1)#access-group  aaa
国际化新命令行配置如下：
[Quidway]acl number 100
[Quidway-acl-adv-100]rule deny udp source any destination any destination-port eq 1434
[Quidway-acl-adv-100]quit
[Quidway]interface ethernet  5/0/1
[Quidway-Ethernet5/0/1]packet-filter inbound ip-group 100 not-care-for-interface

 5516产品的配置：
旧命令行配置如下：
5516(config)#rule-map  l3 aaa protocol-type udp ingress any egress any eq 1434
5516(config)#flow-action fff deny
5516(config)#acl bbb aaa fff
5516(config)#access-group  bbb
国际化新命令行配置如下：
[Quidway]acl num 100
[Quidway-acl-adv-100]rule deny udp source any destination any destination-port eq 1434
[Quidway]packet-filter ip-group 100

 3526产品的配置：
旧命令行配置如下：
rule-map l3 r1 0.0.0.0 0.0.0.0 1.1.0.0 255.255.0.0 eq 1434
flow-action f1 deny
acl acl1 r1 f1
access-group acl1
国际化新命令配置如下：
acl number 100
rule 0 deny udp source 0.0.0.0 0 source-port eq 1434 destination 1.1.0.0 0
packet-filter ip-group 101 rule 0
注：3526产品只能配置外网对内网的过滤规则，其中1.1.0.0 255.255.0.0是内网的地址段。

 8016产品的配置：
旧命令行配置如下：
8016(config)#rule-map intervlan aaa udp  any  any eq 1434
8016(config)#acl bbb aaa deny
8016(config)#access-group acl bbb vlan 10 port all
国际化新命令行配置如下：
8016(config)#rule-map intervlan aaa udp  any  any eq 1434
8016(config)#eacl bbb aaa deny
8016(config)#access-group eacl bbb vlan 10 port all

acl name way100 advanced
rule 1 permit ip destination x.x.x.x 0 source y.y.y.y 0
exit
interface e0/2
traffic-limit inbound ip way100 1 (约定速度为1mbps)

acl number 2000
rule deny all
rule perimt 192.168.1.0 255.255.255.0
interface ethernet 0/2
packet-fil... inboud acl 2000

举例说明:
3026
2012
5012 看第2位是0~4 的说明它是2层交换机

3550 看第2位是5~9的说明它是3层交换机

LI(Lite software Image)表示设备为弱特性版本。

SI (Standard software Image)表示设备为标准版本，包含基础特性。
EI(Enhanced software Image)表示设备为增强版本，包含某些高级特性。
HI(Hyper software Image)表示设备为高级版本，包含某些更高级特性
Z，表示没有上行接口；（新产品不允许此位）
G，表示上行GBIC接口；
P，表示上行SFP接口；
T，表示上行RJ45接口；
V，表示上行VDSL接口；
W，表示上行可配置WAN接口；
C，表示上行接口可选配；
M，表示上行接口为多模光口；
S，表示上行接口为单模光口；
F，表示下行接口为模板板，可插光接口板或电接口板。主要为兼容3526F，3526EF，3552F等老产品的命名。
当同时存在时，表示上行接口为多种接口类型复合
注：Combo端口不在命名中显示。

折腾了n久,最后还是客户帮着解决的,看来还有很多东西需要学习,下面是路由表 ,在添加完毕电信网通的ip之后,把下面的内容粘贴到 /etc/rc.conf 里面去,另外附加一点,添加ip的时候最好是单网卡双ip,不要双网卡双ip,不然会报arp错误,虽然不耽误使用,但是挺烦人的

下面是网通路由表,可以根据需要再添加

# Add Internal Net CNC as a static route
static_routes="1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248"
route_1="-net 58.16.0.0/16 124.128.157.65"
route_2="-net 58.17.0.0/17 124.128.157.65"
route_3="-net 58.17.128.0/17 124.128.157.65"
route_4="-net 58.18.0.0/16 124.128.157.65"
route_5="-net 58.19.0.0/16 124.128.157.65"
route_6="-net 58.20.0.0/16 124.128.157.65"
route_7="-net 58.21.0.0/16 124.128.157.65"
route_8="-net 58.22.0.0/15 124.128.157.65"
route_9="-net 58.240.0.0/15 124.128.157.65"
route_10="-net 58.242.0.0/15 124.128.157.65"
route_11="-net 58.244.0.0/15 124.128.157.65"
route_12="-net 58.246.0.0/15 124.128.157.65"
route_13="-net 58.248.0.0/13 124.128.157.65"
route_14="-net 60.0.0.0/13 124.128.157.65"
route_15="-net 60.8.0.0/15 124.128.157.65"
route_16="-net 60.10.0.0/16 124.128.157.65"
route_17="-net 60.11.0.0/16 124.128.157.65"
route_18="-net 60.12.0.0/16 124.128.157.65"
route_19="-net 60.13.0.0/18 124.128.157.65"
route_20="-net 60.13.128.0/17 124.128.157.65"
route_21="-net 60.14.0.0/15 124.128.157.65"
route_22="-net 60.16.0.0/13 124.128.157.65"
route_23="-net 60.24.0.0/14 124.128.157.65"
route_24="-net 60.28.0.0/15 124.128.157.65"
route_25="-net 60.30.0.0/16 124.128.157.65"
route_26="-net 60.31.0.0/16 124.128.157.65"
route_27="-net 60.55.0.0/16 124.128.157.65"
route_28="-net 60.208.0.0/13 124.128.157.65"
route_29="-net 60.216.0.0/15 124.128.157.65"
route_30="-net 60.218.0.0/15 124.128.157.65"
route_31="-net 60.220.0.0/14 124.128.157.65"
route_32="-net 60.255.0.0/16 124.128.157.65"
route_33="-net 61.48.0.0/14 124.128.157.65"
route_34="-net 61.52.0.0/15 124.128.157.65"
route_35="-net 61.54.0.0/16 124.128.157.65"
route_36="-net 61.55.0.0/16 124.128.157.65"
route_37="-net 61.133.0.0/17 124.128.157.65"
route_38="-net 61.134.96.0/19 124.128.157.65"
route_39="-net 61.134.128.0/18 124.128.157.65"
route_40="-net 61.134.192.0/18 124.128.157.65"
route_41="-net 61.135.0.0/16 124.128.157.65"
route_42="-net 61.136.0.0/18 124.128.157.65"
route_43="-net 61.136.64.0/18 124.128.157.65"
route_44="-net 61.137.128.0/17 124.128.157.65"
route_45="-net 61.138.0.0/18 124.128.157.65"
route_46="-net 61.138.64.0/18 124.128.157.65"
route_47="-net 61.138.128.0/18 124.128.157.65"
route_48="-net 61.139.128.0/18 124.128.157.65"
route_49="-net 61.148.0.0/15 124.128.157.65"
route_50="-net 61.156.0.0/16 124.128.157.65"
route_51="-net 61.158.0.0/17 124.128.157.65"
route_52="-net 61.158.128.0/17 124.128.157.65"
route_53="-net 61.159.0.0/18 124.128.157.65"
route_54="-net 61.161.0.0/18 124.128.157.65"
route_55="-net 61.161.128.0/17 124.128.157.65"
route_56="-net 61.162.0.0/16 124.128.157.65"
route_57="-net 61.163.0.0/16 124.128.157.65"
route_58="-net 61.167.0.0/16 124.128.157.65"
route_59="-net 61.168.0.0/16 124.128.157.65"
route_60="-net 61.176.0.0/16 124.128.157.65"
route_61="-net 61.179.0.0/16 124.128.157.65"
route_62="-net 61.180.128.0/17 124.128.157.65"
route_63="-net 61.181.0.0/16 124.128.157.65"
route_64="-net 61.182.0.0/16 124.128.157.65"
route_65="-net 61.189.0.0/17 124.128.157.65"
route_66="-net 124.21.0.0/20 124.128.157.65"
route_67="-net 124.21.16.0/20 124.128.157.65"
route_68="-net 124.21.32.0/19 124.128.157.65"
route_69="-net 124.21.64.0/18 124.128.157.65"
route_70="-net 124.21.128.0/17 124.128.157.65"
route_71="-net 124.64.0.0/15 124.128.157.65"
route_72="-net 124.88.0.0/16 124.128.157.65"
route_73="-net 124.89.0.0/17 124.128.157.65"
route_74="-net 124.89.128.0/17 124.128.157.65"
route_75="-net 124.90.0.0/15 124.128.157.65"
route_76="-net 124.92.0.0/14 124.128.157.65"
route_77="-net 124.128.0.0/13 124.128.157.65"
route_78="-net 124.160.0.0/16 124.128.157.65"
route_79="-net 125.32.0.0/16 124.128.157.65"
route_80="-net 125.33.0.0/16 124.128.157.65"
route_81="-net 125.34.0.0/16 124.128.157.65"
route_82="-net 125.35.0.0/17 124.128.157.65"
route_83="-net 125.35.128.0/17 124.128.157.65"
route_84="-net 125.36.0.0/14 124.128.157.65"
route_85="-net 125.40.0.0/13 124.128.157.65"
route_86="-net 159.226.0.0/16 124.128.157.65"
route_87="-net 202.38.143.0/24 124.128.157.65"
route_88="-net 202.74.8.0/21 124.128.157.65"
route_89="-net 202.75.208.0/20 124.128.157.65"
route_90="-net 202.96.0.0/18 124.128.157.65"
route_91="-net 202.96.64.0/21 124.128.157.65"
route_92="-net 202.96.72.0/21 124.128.157.65"
route_93="-net 202.96.80.0/20 124.128.157.65"
route_94="-net 202.97.128.0/18 124.128.157.65"
route_95="-net 202.97.192.0/19 124.128.157.65"
route_96="-net 202.97.224.0/21 124.128.157.65"
route_97="-net 202.97.232.0/21 124.128.157.65"
route_98="-net 202.97.240.0/20 124.128.157.65"
route_99="-net 202.98.0.0/21 124.128.157.65"
route_100="-net 202.98.8.0/21 124.128.157.65"
route_101="-net 202.98.16.0/20 124.128.157.65"
route_102="-net 202.99.0.0/18 124.128.157.65"
route_103="-net 202.99.64.0/19 124.128.157.65"
route_104="-net 202.99.96.0/21 124.128.157.65"
route_105="-net 202.99.104.0/21 124.128.157.65"
route_106="-net 202.99.112.0/20 124.128.157.65"
route_107="-net 202.99.128.0/19 124.128.157.65"
route_108="-net 202.99.160.0/21 124.128.157.65"
route_109="-net 202.99.168.0/21 124.128.157.65"
route_110="-net 202.99.176.0/20 124.128.157.65"
route_111="-net 202.99.192.0/21 124.128.157.65"
route_112="-net 202.99.200.0/21 124.128.157.65"
route_113="-net 202.99.208.0/20 124.128.157.65"
route_114="-net 202.99.224.0/21 124.128.157.65"
route_115="-net 202.99.232.0/21 124.128.157.65"
route_116="-net 202.99.240.0/20 124.128.157.65"
route_117="-net 202.102.128.0/21 124.128.157.65"
route_118="-net 202.102.136.0/21 124.128.157.65"
route_119="-net 202.102.144.0/20 124.128.157.65"
route_120="-net 202.102.160.0/19 124.128.157.65"
route_121="-net 202.102.224.0/21 124.128.157.65"
route_122="-net 202.102.232.0/21 124.128.157.65"
route_123="-net 202.102.240.0/20 124.128.157.65"
route_124="-net 202.106.0.0/16 124.128.157.65"
route_125="-net 202.107.0.0/17 124.128.157.65"
route_126="-net 202.108.0.0/16 124.128.157.65"
route_127="-net 202.110.0.0/18 124.128.157.65"
route_128="-net 202.110.64.0/18 124.128.157.65"
route_129="-net 202.110.192.0/18 124.128.157.65"
route_130="-net 202.111.128.0/19 124.128.157.65"
route_131="-net 202.111.160.0/19 124.128.157.65"
route_132="-net 202.127.112.0/20 124.128.157.65"
route_133="-net 202.127.194.0/23 124.128.157.65"
route_134="-net 202.130.224.0/19 124.128.157.65"
route_135="-net 203.93.8.0/24 124.128.157.65"
route_136="-net 203.93.192.0/18 124.128.157.65"
route_137="-net 203.135.160.0/20 124.128.157.65"
route_138="-net 203.166.160.0/19 124.128.157.65"
route_139="-net 203.175.192.0/18 124.128.157.65"
route_140="-net 210.13.128.0/17 124.128.157.65"
route_141="-net 210.14.160.0/19 124.128.157.65"
route_142="-net 210.14.192.0/19 124.128.157.65"
route_143="-net 210.15.32.0/19 124.128.157.65"
route_144="-net 210.15.96.0/19 124.128.157.65"
route_145="-net 210.15.128.0/18 124.128.157.65"
route_146="-net 210.21.0.0/16 124.128.157.65"
route_147="-net 210.22.0.0/16 124.128.157.65"
route_148="-net 210.51.0.0/16 124.128.157.65"
route_149="-net 210.52.64.0/18 124.128.157.65"
route_150="-net 210.52.128.0/17 124.128.157.65"
route_151="-net 210.53.0.0/17 124.128.157.65"
route_152="-net 210.53.128.0/17 124.128.157.65"
route_153="-net 210.74.96.0/19 124.128.157.65"
route_154="-net 210.74.128.0/19 124.128.157.65"
route_155="-net 210.78.0.0/19 124.128.157.65"
route_156="-net 210.82.0.0/15 124.128.157.65"
route_157="-net 211.144.0.0/15 124.128.157.65"
route_158="-net 218.7.0.0/16 124.128.157.65"
route_159="-net 218.8.0.0/15 124.128.157.65"
route_160="-net 218.10.0.0/16 124.128.157.65"
route_161="-net 218.11.0.0/16 124.128.157.65"
route_162="-net 218.12.0.0/16 124.128.157.65"
route_163="-net 218.21.128.0/17 124.128.157.65"
route_164="-net 218.24.0.0/15 124.128.157.65"
route_165="-net 218.26.0.0/16 124.128.157.65"
route_166="-net 218.27.0.0/16 124.128.157.65"
route_167="-net 218.28.0.0/15 124.128.157.65"
route_168="-net 218.56.0.0/14 124.128.157.65"
route_169="-net 218.60.0.0/15 124.128.157.65"
route_170="-net 218.62.0.0/17 124.128.157.65"
route_171="-net 218.67.128.0/17 124.128.157.65"
route_172="-net 218.68.0.0/15 124.128.157.65"
route_173="-net 218.104.0.0/17 124.128.157.65"
route_174="-net 218.104.128.0/19 124.128.157.65"
route_175="-net 218.104.160.0/19 124.128.157.65"
route_176="-net 218.104.192.0/21 124.128.157.65"
route_177="-net 218.104.200.0/21 124.128.157.65"
route_178="-net 218.104.208.0/20 124.128.157.65"
route_179="-net 218.104.224.0/19 124.128.157.65"
route_180="-net 218.105.0.0/16 124.128.157.65"
route_181="-net 218.106.0.0/15 124.128.157.65"
route_182="-net 219.154.0.0/15 124.128.157.65"
route_183="-net 219.156.0.0/15 124.128.157.65"
route_184="-net 219.158.0.0/17 124.128.157.65"
route_185="-net 219.158.128.0/17 124.128.157.65"
route_186="-net 219.159.0.0/18 124.128.157.65"
route_187="-net 219.232.0.0/14 124.128.157.65"
route_188="-net 220.248.0.0/14 124.128.157.65"
route_189="-net 220.252.0.0/16 124.128.157.65"
route_190="-net 221.0.0.0/15 124.128.157.65"
route_191="-net 221.2.0.0/16 124.128.157.65"
route_192="-net 221.3.0.0/17 124.128.157.65"
route_193="-net 221.3.128.0/17 124.128.157.65"
route_194="-net 221.4.0.0/16 124.128.157.65"
route_195="-net 221.5.0.0/17 124.128.157.65"
route_196="-net 221.5.128.0/17 124.128.157.65"
route_197="-net 221.6.0.0/16 124.128.157.65"
route_198="-net 221.7.0.0/19 124.128.157.65"
route_199="-net 221.7.32.0/19 124.128.157.65"
route_200="-net 221.7.64.0/19 124.128.157.65"
route_201="-net 221.7.96.0/19 124.128.157.65"
route_202="-net 221.7.128.0/17 124.128.157.65"
route_203="-net 221.8.0.0/15 124.128.157.65"
route_204="-net 221.10.0.0/16 124.128.157.65"
route_205="-net 221.11.0.0/17 124.128.157.65"
route_206="-net 221.11.128.0/18 124.128.157.65"
route_207="-net 221.11.192.0/19 124.128.157.65"
route_208="-net 221.11.224.0/19 124.128.157.65"
route_209="-net 221.12.0.0/17 124.128.157.65"
route_210="-net 221.12.128.0/18 124.128.157.65"
route_211="-net 221.13.0.0/18 124.128.157.65"
route_212="-net 221.13.64.0/19 124.128.157.65"
route_213="-net 221.13.96.0/19 124.128.157.65"
route_214="-net 221.13.128.0/17 124.128.157.65"
route_215="-net 221.14.0.0/15 124.128.157.65"
route_216="-net 221.136.0.0/16 124.128.157.65"
route_217="-net 221.192.0.0/15 124.128.157.65"
route_218="-net 221.194.0.0/16 124.128.157.65"
route_219="-net 221.195.0.0/16 124.128.157.65"
route_220="-net 221.196.0.0/15 124.128.157.65"
route_221="-net 221.198.0.0/16 124.128.157.65"
route_222="-net 221.199.0.0/19 124.128.157.65"
route_223="-net 221.199.32.0/20 124.128.157.65"
route_224="-net 221.199.48.0/20 124.128.157.65"
route_225="-net 221.199.64.0/18 124.128.157.65"
route_226="-net 221.199.128.0/18 124.128.157.65"
route_227="-net 221.199.192.0/20 124.128.157.65"
route_228="-net 221.200.0.0/14 124.128.157.65"
route_229="-net 221.204.0.0/15 124.128.157.65"
route_230="-net 221.206.0.0/16 124.128.157.65"
route_231="-net 221.207.0.0/18 124.128.157.65"
route_232="-net 221.207.64.0/18 124.128.157.65"
route_233="-net 221.207.128.0/17 124.128.157.65"
route_234="-net 221.208.0.0/14 124.128.157.65"
route_235="-net 221.212.0.0/16 124.128.157.65"
route_236="-net 221.213.0.0/16 124.128.157.65"
route_237="-net 221.214.0.0/15 124.128.157.65"
route_238="-net 221.216.0.0/13 124.128.157.65"
route_239="-net 222.128.0.0/14 124.128.157.65"
route_240="-net 222.132.0.0/14 124.128.157.65"
route_241="-net 222.136.0.0/13 124.128.157.65"
route_242="-net 222.160.0.0/15 124.128.157.65"
route_243="-net 222.162.0.0/16 124.128.157.65"
route_244="-net 222.163.0.0/19 124.128.157.65"
route_245="-net 222.163.32.0/19 124.128.157.65"
route_246="-net 222.163.64.0/18 124.128.157.65"
route_247="-net 222.163.128.0/17 124.128.157.65"
route_248="-net 123.232.0.0/16 124.128.157.65"

这只是一个补充,请大家转帖注明出处,谢谢,毕竟有好多是俺好不容易摸索出来的,尊重劳动成果昂

报文速率限制级别取值为1～127。如果速率限制级别取值在1～28范围内，则速率限制的粒度为64Kbps，这种情况下，当设置的级别为N，则端口上限制的速率大小为N*64K；如果速率限制级别取值在29～127范围内，则速率限制的粒度为1Mbps，这种情况下，当设置的级别为N，则端口上限制的速率大小为(N-27)*1Mbps。

配置示例:
1.       进入端口E0/1的配置视图
[SwitchA]interface Ethernet 0/1

2.       对端口E0/1的出方向报文进行流量限速，限制到3Mbps
[SwitchA- Ethernet0/1]line-rate outbound 30

3.       对端口E0/1的入方向报文进行流量限速，限制到1Mbps
[SwitchA- Ethernet0/1]line-rate inbound 16

通过console口进入交换机

<Quidway>lang ch (完整命令:language-mode chinese)

Change language mode, confirm? [Y/N]y

% 改变到中文模式。
<Quidway>sys (完整命令:system-view)

<Quidway>system-view
进入系统视图, 键入Ctrl+Z退回到用户视图。

[Quidway]vlan 10 (创建并进入vlan 10)

[Quidway]inter vlan 10 (创建并进入vlan 10虚拟接口。在这里需要提一下，二层交换机只能创建一个

vlan虚接口并进行IP地址设置。如果你需要创建并设置其它vlan前，记得要

undo inter vlan 10 否则会提示你“没有足够的路由域资源！”。这种细节性

的问题，对初学者来说还是有必要提一下的。)

命令:port e0/1 e0/25 vlan视图中用此命令将以太口1至25加入到vlan10中;

命令:port-isolate enable开启此vlan的端口隔离功能;

命令:inter e0/25 进入e0/25口后执行port-isolate uplink-port vlan 10 将此接口作为vlan10的上行口;

命令:flow-control enable 在接口中执行.作用是将本接口的流量控制功能打开;

命令:line-rate inbound 8 在接口中执行,作用是将本接口的报文输入速度限制为512K,输出限速命令

为:line-rate outbound 8 (数值为16则限速1M,依次类推)

华为2403交换机支持web网管功能,系统视图下输入:

命令:local-user huawei 创建并进入登陆用户名;

命令:password simple xxxx 为huawei用户设置密码(明文显示)

命令:service-type telnet level 3 设置huawei登陆用户的权限;

2126交换机和2403交换机据供货商说它俩没什么区别,命令及使用都一样

1 阻止仿冒网关IP的arp攻击

1.1 二层交换机实现防攻击

1.1.1 配置组网

图1二层交换机防ARP攻击组网

S3552P是三层设备，其中IP：100.1.1.1是所有PC的网关，S3552P上的网关MAC地址为000f-e200-3999。PC-B上装有ARP攻击软件。现在需要对S3026_A进行一些特殊配置，目的是过滤掉仿冒网关IP的ARP报文。

1.1.2 配置步骤

对于二层交换机如S3026C等支持用户自定义ACL（number为5000到5999）的交换机，可以配置ACL来进行ARP报文过滤。

全局配置ACL禁止所有源IP是网关的ARP报文

acl num 5000

rule 0 deny 0806 ffff 24 64010101 ffffffff 40

rule 1 permit 0806 ffff 24 000fe2003999 ffffffffffff 34

其中rule0把整个S3026C_A的端口冒充网关的ARP报文禁掉，其中斜体部分64010101是网关IP地址100.1.1.1的16进制表示形式。Rule1允许通过网关发送的ARP报文，斜体部分为网关的mac地址000f-e200-3999。

注意：配置Rule时的配置顺序，上述配置为先下发后生效的情况。

在S3026C-A系统视图下发acl规则：

[S3026C-A] packet-filter user-group 5000

这样只有S3026C_A上连网关设备才能够发送网关的ARP报文，其它主机都不能发送假冒网关的arp响应报文。

1.2 三层交换机实现防攻击

1.2.1 配置组网

图2 三层交换机防ARP攻击组网

1.2.2 防攻击配置举例

对于三层设备，需要配置过滤源IP是网关的ARP报文的ACL规则，配置如下ACL规则：

acl number 5000

rule 0 deny 0806 ffff 24 64010105 ffffffff 40

rule0禁止S3526E的所有端口接收冒充网关的ARP报文，其中斜体部分64010105是网关IP地址100.1.1.5的16进制表示形式。

2 仿冒他人IP的arp攻击

作为网关的设备有可能会出现ARP错误表项，因此在网关设备上还需对仿冒他人IP的ARP攻击报文进行过滤。

如图1所示，当PC-B发送源IP地址为PC-D的arp reply攻击报文，源mac是PC-B的mac (000d-88f8-09fa)，源ip是PC-D的ip(100.1.1.3)，目的ip和mac是网关（3552P）的，这样3552上就会学习错误的arp，如下所示：

--------------------- 错误 arp 表项 --------------------------------

IP Address MAC Address VLAN ID Port Name Aging Type

100.1.1.4 000d-88f8-09fa 1 Ethernet0/2 20 Dynamic

100.1.1.3 000f-3d81-45b4 1 Ethernet0/2 20 Dynamic

从网络连接可以知道PC-D的arp表项应该学习到端口E0/8上，而不应该学习到E0/2端口上。但实际上交换机上学习到该ARP表项在E0/2。通过如下配置方法可以防止这类ARP的攻击。

一、在S3552上配置静态ARP，可以防止该现象：

arp static 100.1.1.3 000f-3d81-45b4 1 e0/8

二、同理在图2 S3526C上也可以配置静态ARP来防止设备学习到错误的ARP表项。

三、对于二层设备（S3050C和S3026E系列），除了可以配置静态ARP外，还可以配置IP＋MAC＋port绑定，比如在S3026C端口E0/4上做如下操作：

am user-bind ip-addr 100.1.1.4 mac-addr 000d-88f8-09fa int e0/4

则IP为100.1.1.4并且MAC为000d-88f8-09fa的ARP报文可以通过E0/4端口，仿冒其它设备的ARP报文则无法通过，从而不会出现错误ARP表项。

上述配置案例中仅仅列举了部分Quidway S系列以太网交换机的应用。在实际的网络应用中，请根据配置手册确认该产品是否支持用户自定义ACL和地址绑定。仅仅具有上述功能的交换机才能防止ARP欺骗。

dell的服务器太多,每次都得上dell的网站查找代码,索性直接粘贴过来

Cable and Board Presence - Message Code: "x1Axx"
Message Code	Message String	Message Priority	Message Comments	Minimum Action Required to Remove Message from LCD	Exists in SEL?	System Phase When Event Can Occur?
E1A10	PDBPwrCable	High	PDB power cable to the planar is missing or bad and system will not power on.	Failing device is reseated/replaced/repaired.	Yes	Pre-Post
E1A11	PCIRsrConfig	High	PCI risers are not configured correctly; some invalid configurations prevent system power on.	Failing device is reseated/replaced/repaired.	Yes	Pre-Post
E1A12	PCIRsrMissing	High	One or all of the PCI risers is missing. This prevents system power on.	Failing device is reseated/replaced/repaired.	Yes	Pre-Post
E1A14	SAS Cable A	Low	SAS cable A is missing or bad.	Failing device is reseated/replaced/repaired.	Yes	Any
E1A15	SAS Cable B	Low	SAS cable B is missing or bad.	Failing device is reseated/replaced/repaired.	Yes	Any
E1A16	SAS Cable FB	Low	Flex bay SAS cable is missing or bad.	Failing device is reseated/replaced/repaired.	Yes	Any
E1A17	PwrCable FB	Low	Flex bay power cable is missing or bad.	Failing device is reseated/replaced/repaired.	Yes	Any
E1A18	PDBCtrl Cable	High	PDB control cable to the planar is missing or bad and system will not power on.	Failing device is reseated/replaced/repaired.	Yes	Any

Temperature - Message Code: "x11xx"
Message Code	Message String	Message Priority	Message Comments	Minimum Action Required to Remove Message from LCD	Exists in SEL?	System Phase When Event Can Occur?
E1114	Temp Ambient	Med	Ambient temperature has a reached a point outside of the allowed range.	Temperature returns to allowable range.	Yes	Any
E1116	Temp Memory	High	Memory has exceeded allowable temperature and has been disabled to prevent damage to the components.	AC Cycle or SEL clear	Yes	Any

Voltages - Message Code: "x12xx"
Message Code	Message String	Message Priority	Message Comments	Minimum Action Required to Remove Message from LCD	Exists in SEL?	System Phase When Event Can Occur?
E1210	CMOSBatt	Low	CMOS battery is missing or the voltage is outside of the allowable range.	Failing device is reseated/replaced/repaired.	Yes	Any
E1211	ROMBBatt	Low	PERC5I RAID battery charger has reported to the Server Management that the battery is either missing, can't charge the battery (possibly because of high temperatures), or the battery is bad.	Failing device is reseated/replaced/repaired.	Yes	Any
W1228	ROMBBatt< 24 hr	Low	This is a predictive failure warning message telling the user that the PERC5I RAID battery has less then 24 hours of charge left init. We provide this message as a warning message to the customer.	Battery charges to > 24 hours of sustained charge.	Yes	Any
E1214	1.5VPwrGd	High	1.5 VV voltage regulator has failed.	AC Cycle or SEL clear	Yes	Any
E1215	1.8VPwrGd	High	1.8 VV voltage regulator has failed.	AC Cycle or SEL clear	Yes	Any
E1216	3.3VPwrGd	High	3.3 V voltage regulator has failed.	AC Cycle or SEL clear	Yes	Any
E1217	5VPwrGd	High	5 V voltage regulator has failed.	AC Cycle or SEL clear	Yes	Any
E1218	PCIRsr5VPwrGd	High	PCI Riser 5 V voltage regulator has failed.	AC Cycle or SEL clear	Yes	Any
E1219	BackplanePwrGd	High	Backplane voltage regulator has failed.	AC Cycle or SEL clear	Yes	Any
E1221	Flex BayPwrGd	High	Flex Bay voltage regulator power good has failed.	AC Cycle or SEL clear	Yes	Any
E1222	VCACHE #PwrGd	High	VCACHE # voltage regulator has failed.	AC Cycle or SEL clear	Yes	Any
E1223	VRM #PwrGd	High	VRM # voltage regulator has failed.	AC Cycle or SEL clear	Yes	Any
E1225	ESB 1.5VPwrGd	High	ESB 1.5 VV voltage regulator has failed.	AC Cycle or SEL clear	Yes	Any
E1226	PCIRsr1.5VPwrGd	High	PCI Riser 1.5 VV voltage regulator has failed.	AC Cycle or SEL clear	Yes	Any
E1227	LinearPwrGd	High	Linear voltage regulator(s) has failed. Represents status of multiple voltage regulators used in the video and LOM circuitry.	AC Cycle or SEL clear	Yes	Any
E1228	0.9VPwrGd	High	Memory VTT voltage regulator has failed.	AC Cycle or SEL clear	Yes	Any
E1229	CPU # VCORE	High	Processor # VCORE voltage regulator has failed.	AC Cycle or SEL clear	Yes	Any
E122A	CPU VTTPwrGd	High	Processor VTT voltage regulator has failed.	AC Cycle or SEL clear	Yes	Any
E122B	0.9 V Over Voltage	High	0.9 V regulator voltage has exceeded the allowable voltage range.	AC Cycle or SEL clear	Yes	Any
E122C	CPU Power Fault	High	A voltage regulator failure was detected when the processor regulator(s) was enabled.	AC Cycle or SEL clear	Yes	Any

Fans - Message Code: "x13xx"
Message Code	Message String	Message Priority	Message Comments	Minimum Action Required to Remove Message from LCD	Exists in SEL?	System Phase When Event Can Occur?
E1310	RPM Fan ##	Low	RPM of fan ## is outside of the intended operating range.	Fan RPM reading returns to a point inside of the intended operating range.	Yes	Any
E1311	RPM Fan Mod #A	Low	RPM of fan A in the # module is outside of the intended operating range.	Fan RPM reading returns to a point inside of the intended operating range.	Yes	Any
E1311	RPM Fan Mod #B	Low	Same as above except for fan B of module #.	Fan RPM reading returns to a point inside of the intended operating range.	Yes	Any
E1311	RPM Fan Mod #C	Low	Same as above except for fan C of module #.	Fan RPM reading returns to a point inside of the intended operating range.	Yes	Any
E1311	RPM Fan Mod #D	Low	Same as above except for fan D of module #.	Fan RPM reading returns to a point inside of the intended operating range.	Yes	Any
E1313	Fan Redundancy	Low	The system is no longer fan redundant. Another fan failure would put the system at risk of over-heating.	Fan redundancy is regained, which requires all fans to be operating within the intended operating range.	Yes	Any

Processors - Message Code: "x14xx"
Message Code	Message String	Message Priority	Message Comments	Minimum Action Required to Remove Message from LCD	Exists in SEL?	System Phase When Event Can Occur?
E1410	CPU # IERR	High	Processor # has had an internal error (IERR), but this does not always mean that CPU is the problem .There are a large variety of issues that cause an IERR.	AC Cycle or SEL clear	Yes	Any
E1414	CPU #Thermtrip	High	Processor # has encountered a Thermtrip(over-temperature) event.	AC Cycle or SEL clear	Yes	Any
E1418	CPU # Presence	High	Processor # is missing/bad and the system is in an unsupported configuration.	AC Cycle or SEL clear	Yes	Pre-POST
E141C	CPU Mismatch	High	Processors are not compatible as defined by Dell .System is in an unsupported configuration.	AC Cycle or SEL clear	Yes	Pre-POST
E141F	CPU Protocol	High	BIOS has reported a processor protocol error.	AC Cycle or SEL clear	Yes	POST, After POST
E1420	CPU Bus PERR	High	BIOS has reported a processor bus PERR (parity error).	AC Cycle or SEL clear	Yes	POST, After POST
E1421	CPU Init	High	BIOS has reported a processor initialization error.	AC Cycle or SEL clear	Yes	POST, After POST
E1422	CPU MachineChk	High	BIOS has reported a machine check error.	AC Cycle or SEL clear	Yes	POST, After POST

System Memory - Message Code: "x21xx"
Message Code	Message String	Message Priority	Message Comments	Minimum Action Required to Remove Message from LCD	Exists in SEL?	System Phase When Event Can Occur?
E2110	MBECrdx DIMM ## & ##	High	One of the DIMMs in the set implicated by "## & ##" has had a multi-bit error (MBE).If no memory riser is present the “Crdx” string is left out of the message.“x” is the memory riser, A-Z.	AC Cycle or SEL clear	Yes	POST, After POST
E2111	SBE Log DisableCrdx DIMM ##	High	BIOS has disabled memory single-bit error (SBE) logging and will not log anymore SBEE's until the system is rebooted.## represents DIMM implicated by BIOS .If no memory riser is present the “Crd x” string is left out of the message.“x” is the memory riser, A-Z.	System reset	Yes	POST, After POST
E2112	MemSpareCrdx DIMM ##	High	BIOS has spared the memory because it has determined the memory had too many errors.## represents DIMM implicated by BIOS. If no memory riser is present the “Crdx” string is left out of the message.“x” is the memory riser, A-Z.	System reset	Yes	POST, After POST
E2113	Mem Mirror Crd x DIMM ## & ##	High	BIOS has disabled memory mirroring because it has determined one half of the mirror has had too many errors. ## & ## represents DIMM pair implicated by BIOS. If no memory riser is present the “Crdx” string is left out of the message.“x” is the memory riser, A-Z.	System reset	Yes	POST, After POST
I2114	MemRaid	Low	BIOS Memory RAID Bank	User action, sensor return to normal	Yes	Any
I2115	MemAdded Card x	Low	Memory has been added while the system is running.	AC Cycle or SEL clear	Yes	Any
I2116	MemRemoved	Low	Memory has been removed while the system is running.	AC Cycle or SEL clear	Yes	Any
E2117	MemHot Plug	Low	Memory hot-plug operation has failed.	AC Cycle or SEL clear	Yes	Any
E2118	Fatal NBMemCRC	High	Northbound FBD CRC error on non-redundant entry. One of the connections in the FBD link on the Northbound (towards the MCH) side is "broken".This is determined by the MCH when two CRC errors have been detected twice in a row.	AC Cycle or SEL clear	Yes	POST, After POST
E2119	Fatal SBMemCRC	High	FBD alert on non-redundant entry. One of the connections in the FBD link on the Southbound (towards the AMB'son the FBDIMM's) side is "broken".This is determined by the MCH when two CRC errors have been detected twice in a row.	AC Cycle or SEL clear	Yes	POST, After POST

Power Supplies - Message Code: "x16xx"
Message Code	Message String	Message Priority	Message Comments	Minimum Action Required to Remove Message from LCD	Exists in SEL?	System Phase When Event Can Occur?
E1610	PS # Missing	Low	Power supply # was removed or is missing from the system.	Failing device is reseated/replaced/repaired.	Yes	Any
E1614	PS # Status	Low	Power supply # has failed.	Failing device is reseated/replaced/repaired.	Yes	Any
E1618	PS # Predictive	Low	Power supply # has a failure that predicts a power down event in this supply (i.e. power supply fan failure or power supply over-temp).	Failing device is reseated/replaced/repaired.	Yes	Any
E161C	PS # Input Lost	Low	Power supply # is attached to the system but has lost its AC/DC input.	Failing device is reseated/replaced/repaired.	Yes	Any
E1620	PS #Input Range	Low	Power supply #'s AC/DC input is outside of the allowable range.	Failing device is reseated/replaced/repaired.	Yes	Any
E1624	PS Redundancy	Low	The power supply subsystem is no longer redundant. If the last supply fails the system will go down.	Failing device is reseated/replaced/repaired.	Yes	Any
E1625	PS AC Current	Low	The power supply input power is above the allowed amount for the power supply.	Failing device is reseated/replaced/repaired.	Yes	Any

BIOS - Message Code: "x17xx"
Message Code	Message String	Message Priority	Message Comments	Minimum Action Required to Remove Message from LCD	Exists in SEL?	System Phase When Event Can Occur?
E1710	I/O ChannelChk	High	BIOS has reported an I/O channel check.	AC Cycle or SEL clear	Yes	POST, After POST
E1711	PCI PERR B## D## F##	High	BIOS has reported PCI parity error on a component that resides in PCI configuration space at bus ##, device ##, function ##.	AC Cycle or SEL clear	Yes	POST, After POST
E1711	PCI PERR Slot #	High	BIOS has reported PCI parity error on a component that resides in slot #.	Same as above.	Same as above.	Same as above.
E1712	PCI SERR B## D## F##	High	BIOS has reported a PCI system error on a component that resides in PCI configuration space at bus ##, device ##, function ##.	AC Cycle or SEL clear	Yes	POST, After POST
E1712	PCI SERR Slot #	High	BIOS has reported a PCI system error on a component that resides in slot #.	Same as above.	Same as above.	Same as above.
E1714	Unknown Err	Low	BIOS has determined there has been an error in the system but is unable to determine its origin.	AC Cycle or SEL clear	Yes	POST, After POST
E171F	PCIE Fatal Err B## D## F##	High	BIOS has reported a PCIe fatal error on a component that resides in PCI configuration space at bus ##, device ##, function ##.	AC Cycle or SEL clear	Yes	POST, After POST
E171F	PCIE Fatal Slot #	High	BIOS has reported a PCIe fatal error on a component that resides in slot #.	Same as above.	Same as above.	Same as above.

Hard Drives - Message Code: "x18xx"
Message Code	Message String	Message Priority	Message Comments	Minimum Action Required to Remove Message from LCD	Exists in SEL?	System Phase When Event Can Occur?
E1810	HDD ## Fault	Low	Hard drive ## has had a fault as determined by the SAS subsystem.	AC Cycle or SEL clear	Yes	POST, After POST
E1811	HDD ##RbldAbrt	Low	Drive ## has had its rebuild aborted.	AC Cycle or SEL clear	Yes	POST, After POST
E1812	HDD ## Removed	Low	Drive ## has been removed from the system.	System reset or device is reseated/replaced/repaired.	Yes	POST, After POST

Miscellaneous- Message Code: "x19xx"
Message Code	Message String	Message Priority	Message Comments	Minimum Action Required to Remove Message from LCD	Exists in SEL?	System Phase When Event Can Occur?
I1910	Intrusion	Low	The chassis lid has been removed.	Chassis lid is returned to the system.	Yes	Any
I1911	>3ERRsChkLog	N/A	User must check the system event log (SEL) for the rest of the errors on the system .Thee LCD is limited to three error, warning, and/or informational messages at a time based on priority level.	Less than 3 events to display on the LCD.	No	Any
I1912	SEL Full	Med	System Event Log is full of events and because of this is unable to log anymore. You must clear the log in order for the Server Management controller to log any more events.	AC Cycle or SEL clear	Yes	Any
E1913	CPU & Firmware Mismatch	Med	Current version of BMC firmware is incompatible with the Woodcrest processor.	AC Cycle or SEL clear	Yes	POST

BIOS Progress Codes - Message Code: N/A
Message Code	Message String	Message Priority	Message Comments	Minimum Action Required to Remove Message from LCD	Exists in SEL?	System Phase When Event Can Occur?
N/A	POWER	N/A	0x01 -- System power-on.	N/A	No	Any
N/A	MCODE	N/A	0x02 -- CPU Microcode load.	N/A	No	Any
N/A	CINIT	N/A	0x03 -- Chipset Initialization.	N/A	No	Any
N/A	MEMC	N/A	0x04 -- Memory Configuration.	N/A	No	Any
N/A	SBIOS	N/A	0x05 -- BIOS shadow into memory.	N/A	No	Any
N/A	PINIT	N/A	0x06 -- Multiprocessor Initialization.	N/A	No	Any
N/A	START	N/A	0x07 -- POST processing start.	N/A	No	Any
N/A	SMM	N/A	0x08 -- System management interrupt (SMI) initialization.	N/A	No	Any
N/A	PCIEN	N/A	0x09 -- PCI Bus Enumeration & Video initialization.	N/A	No	Any
N/A	VIDEO	N/A	0x40 -- Display sign-on.	N/A	No	Any
N/A	PCIC	N/A	0x41 -- PCI Configuration.	N/A	No	Any
N/A	OS	N/A	0x7F -- Give control to OS.	N/A	No	Any
N/A	E2010	N/A	0x80 -- No memory installed in the system.	N/A	No	Any
N/A	E2011	N/A	0x81 -- Memory detected but is not configurable .Error detected during memory configuration. Could be result of bad memory, mismatched memory or bad socket.	N/A	No	Any
N/A	E2012	N/A	0x82 -- Memory configured but not usable. Memory sub-system failure. Could be the result of bad memory.	N/A	No	Any
N/A	E2013	N/A	0x83 -- BIOS failed to copy its flash image into memory. Could be the result of bad memory.	N/A	No	Any
N/A	E2014	N/A	0x84 -- CMOS failure. CMOS'S RAM not working.	N/A	No	Any
N/A	E1215	N/A	0x05 -- DMA controller failure.	N/A	No	Any
N/A	E1116	N/A	0x80 -- Interrupt controller failure.	N/A	No	Any
N/A	E1217	N/A	0x07 -- Timer refresh failure.	N/A	No	Any
N/A	E1218	N/A	0x28 -- Programmable interval timer error.	N/A	No	Any
N/A	E0119	N/A	0x29 -- Parity error.	N/A	No	Any
N/A	E122A	N/A	0x2a -- SIO failure.	N/A	No	Any
N/A	E122B	N/A	0x00b0 -- Keyboard controller failure.	N/A	No	Any
N/A	E141C	N/A	0x3c -- System management interrupt (SMI) initialization failure.	N/A	No	Any
N/A	E.11	N/A	0xC4 -- BIOS shutdown test failure.	N/A	No	Any
N/A	E.11	N/A	0xC4 -- BIOS POST memory test failure. Could be the result of bad memory.	N/A	No	Any
N/A	E141F	N/A	0xC4 -- Dell remote access controller (DRAC) configuration failure. Check screen for the actual error message.	N/A	No	Any
N/A	E0000	N/A	0xC4 -- CPU configuration failure. Check screen for the actual error message.	N/A	No	Any
N/A	E1221	N/A	0xC4 -- Incorrect memory configuration. Memory population order not correct. Refer to the user guide.	N/A	No	Any
N/A	E1222	N/A	22x -- General failure after video. Check screen for the actual error message.	N/A	No	Any

BIOS Fatal Error Codes - Message Code: "x20xx"
Message Code	Message String	Message Priority	Message Comments	Minimum Action Required to Remove Message from LCD	Exists in SEL?	System Phase When Event Can Occur?
E2010	No Memory	High	0x80 -- No memory installed in the system.	System reset	Yes	POST
E2011	MemConfigErr	High	0x81 -- Memory detected but is not configurable. Error detected during memory configuration. Could be result of bad memory, mismatched memory or bad socket.	System reset	Yes	POST
E2012	Unusable Memory	High	0x82 -- Memory configured but not usable. Memory sub-system failure. Could be the result of bad memory.	System reset	Yes	POST
E2013	Shadow BIOS Fail	High	0x83 -- BIOS failed to copy its flash image into memory. Could be the result of bad memory.	System reset	Yes	POST
E2014	CMOS Fail	High	0x84 -- CMOS failure. CMOS'S RAM not working.	System reset	Yes	POST
E2015	DMA Controller	High	0x85 -- DMA controller failure.	System reset	Yes	POST
E2016	IntController	High	0x86 -- Interrupt controller failure.	System reset	Yes	POST
E2017	Timer Fail	High	0x87 -- Timer refresh failure.	System reset	Yes	POST
E2018	ProgTimer	High	0x88 -- Programmable interval timer error.	System reset	Yes	POST
E2019	Parity Error	High	0x89 -- Parity error.	System reset	Yes	POST
E201A	SIO Err	High	0x8A -- SIO failure.	System reset	Yes	POST
E201B	KybdController	High	0x8B -- Keyboard controller failure.	System reset	Yes	POST
E201C	SMI Init	High	0x8C -- System management interrupt (SMI) initialization failure.	System reset	Yes	POST
E201D	Shutdown Test	High	0xC0 -- BIOS shutdown test failure.	System reset	Yes	POST
E201E	POSTMemTest	High	0xC1 -- BIOS POST memory test failure. Could be the result of bad memory.	System reset	Yes	POST
E201F	DRACConfig	High	0xC2 -- Dell remote access controller (DRAC) configuration failure. Check screen for the actual error message.	System reset	Yes	POST
E2020	CPUConfig	High	0xC3 -- CPU configuration failure. Check screen for the actual error message.	System reset	Yes	POST
E2021	Memory Population	High	0xC4 -- Incorrect memory configuration. Memory population order not correct. Refer to the user guide.	System reset	Yes	POST
E2022	POST Fail	High	0xFE -- General failure after video. Check screen for the actual error message.	System reset	Yes	POST

Special Exceptions - Message Code: "x10xx"
Message Code	Message String	Message Priority	Message Comments	Minimum Action Required to Remove Message from LCD	Exists in SEL?	System Phase When Event Can Occur?
E1000	Failsafe, Call Support	Special	Check System Event Log for critical failure details.	AC Cycle or SEL clear	Yes	Any

昨天晚上做汇聚试验的时候手贱,不小心era了nvrom,结果交换机处于半死状态,从晚上找了一个晚上的时间也没有找到解决办法,早晨过来偶尔看到net130网中汉上有遇到这个问题的,并且有解决方法,原来我命令打对了,就是少了一个小小的冒号,我靠

switch: copy xmodem: f lash:c2900XL-hs-mz-112.8.11-SA6.bin

« 2010年09月 »