更改 Azure Stack Hub 交换机配置上的设置Change settings on your Azure Stack Hub switch configuration

可以更改 Azure Stack Hub 交换机配置的一些环境设置。You can change a few environmental settings for your Azure Stack Hub switch configuration. 可以在原始设备制造商 (OEM) 创建的模板中确定哪些设置可以更改。You can identify which of the settings you can change in the template created by your original equipment manufacturer (OEM). 本文介绍每项这样的可自定义设置,以及所做的更改对 Azure Stack Hub 的具体影响。This article explains each of those customizable settings and how the changes can affect your Azure Stack Hub. 这些设置包括密码更新、Syslog 服务器、简单网络管理协议 (SNMP) 监视、身份验证,以及访问控制列表。These settings include password update, syslog server, simple network management protocol (SNMP) monitoring, authentication, and the access control list.

在部署 Azure Stack Hub 解决方案期间,原始设备制造商 (OEM) 会为 TOR 和 BMC 创建并应用交换机配置。During deployment of the Azure Stack Hub solution, the original equipment manufacturer (OEM) creates and applies the switch configuration for both TORs and BMC. OEM 使用 Azure Stack Hub 自动化工具来验证所需的配置是否已在这些设备上正确设置。The OEM uses the Azure Stack Hub automation tool to validate that the required configurations are properly set on these devices. 配置基于 Azure Stack Hub 部署工作表中的信息。The configuration is based on the information in your Azure Stack Hub deployment worksheet.

警告

在 OEM 创建配置以后,请勿在没有获得 OEM 或 Azure Stack Hub 工程团队同意的情况下更改配置。After the OEM creates the configuration, do not alter the configuration without consent from either the OEM or the Azure Stack Hub engineering team. 更改网络设备配置可能会显著影响 Azure Stack Hub 实例中网络问题的操作或排查。A change to the network device configuration can significantly impact the operation or troubleshooting of network issues in your Azure Stack Hub instance.

若要详细了解网络设备上的这些功能以及如何进行这些更改,请联系 OEM 硬件提供商或 Azure 支持部门。For more information about these functions on your network device, how to make these changes, contact your OEM hardware provider or Azure support. OEM 根据你的 Azure Stack Hub 部署工作表通过自动化工具创建配置文件。Your OEM has the configuration file created by the automation tool based on your Azure Stack Hub deployment worksheet.

但是,网络交换机的配置上的某些值是可以添加、删除或更改的。However, there are some values that can be added, removed, or changed on the configuration of the network switches.

密码更新Password update

操作员可以随时为网络交换机上的任何用户更新密码。The operator can update the password for any user on the network switches at any time. 不需更改 Azure Stack Hub 系统上的任何信息,也不需使用在 Azure Stack Hub 中轮换机密所需的步骤。There's no requirement to change any information on the Azure Stack Hub system, or to use the steps for Rotate secrets in Azure Stack Hub.

Syslog 服务器Syslog server

操作员可以将交换机日志重定向到其数据中心的 Syslog 服务器。Operators can redirect the switch logs to a syslog server on their datacenter. 使用此配置可确保特定时间点的日志可以用来进行故障排除。Use this configuration to ensure the logs from a particular point in time can be used for troubleshooting. 默认情况下,日志存储在交换机上,但交换机用于存储日志的容量有限。By default, the logs are stored on the switches, but their capacity for storing logs is limited. 请查看访问控制列表更新部分,大致了解如何配置进行交换机管理访问所需的权限。Check the Access control list updates section for an overview of how to configure the permissions for switch management access.

SNMP 监视SNMP monitoring

操作员可以配置 SNMP v2 或 v3,以便监视网络设备并向数据中心的网络监视应用发送陷阱。The operator can configure SNMP v2 or v3 to monitor the network devices and send traps to a network monitoring app on the datacenter. 出于安全考虑,请使用 SNMPv3,因为它比 v2 更安全。For security reasons, use SNMPv3 since it's more secure than v2. 对于所需的 MIB 和配置,请咨询 OEM 硬件提供商。Consult your OEM hardware provider for the MIBs and configuration required. 请查看访问控制列表更新部分,大致了解如何配置进行交换机管理访问所需的权限。Check the Access control list updates section for an overview of how to configure the permissions for switch management access.

身份验证Authentication

操作员可以配置 RADIUS 或 TACACS,以便管理网络设备上的身份验证。The operator can configure either RADIUS or TACACS to manage authentication on the network devices. 对于所需的受支持的方法和配置,请咨询 OEM 硬件提供商。Consult your OEM hardware provider for supported methods and configuration required. 请查看访问控制列表更新部分,大致了解如何配置进行交换机管理访问所需的权限。Check the Access control list updates section for an overview of how to configure the permissions for Switch Management access.

访问控制列表更新Access control list updates

备注

从 1910 版开始,部署工作表将为允许的网络添加一个新字段,取代允许从受信任的数据中心网络范围访问网络设备管理接口和硬件生命周期主机 (HLH) 所需的手动步骤。Starting in 1910, the deployment worksheet will have a new field for Permitted Networks which replaces the manual steps required to allow access to network device management interfaces and the hardware lifecycle host (HLH) from a trusted datacenter network range. 有关这一新功能的详细信息,请参阅 Azure Stack Hub 的网络集成规划For more information on this new feature, see Network integration planning for Azure Stack Hub.

操作员可以更改某些访问控制列表 (ACL),以允许从一系列受信任的数据中心网络访问网络设备管理接口和硬件生命周期主机 (HLH)。The operator can change some access control lists (ACL)s to allow access to network device management interfaces and the hardware lifecycle host (HLH) from a trusted datacenter network range. 操作员可以通过访问控制列表允许特定网络范围内的管理 jumpbox VM 访问交换机管理接口、HLH OS 和 HLH BMC。With the access control list, the operator can allow their management jumpbox VMs within a specific network range to access the switch management interface, the HLH OS, and the HLH BMC.

后续步骤Next steps

Azure Stack Hub 数据中心集成 - DNSAzure Stack Hub datacenter integration - DNS