- 相關推薦
H3C交換機簡單配置案例
H3C交換機配置命令有哪些?怎么配置呢?下面yjbys為大家分享最新交換機配置命令及案例分析,這里使用的H3C交換機是H126A,僅僅只做了最基本的配置以滿足使用。
配置中可以通過display current-configura命令來顯示當前使用的配置內容。
# 配置VLAN 1
System View:return to User View with Ctrl+Z.
[Sysname]vlan 1
[Sysname-vlan1]quit
[Sysname]management-vlan1
[Sysname]interfaceVlan-interface 1
[Sysname-Vlan-interface1]ip address 10.0.1.201 255.255.255.0
# 顯示VLAN 接口1 的相關信息。
# 創建VLAN(H3C不支持cisco的VTP,所以只能添加靜態VLAN)
System View:return to User View with Ctrl+Z.
[H3C_TEST]vlan 99
[H3C_TEST-vlan99]nameseicoffice
[H3C_TEST-vlan99]quit
# 把交換機的端端口劃分到相應的Vlan中
[H3C_TEST]interfaceethernet1/0/2//進入端口模式
[H3C_TEST-Ethernet1/0/2]portlink-type access //設置端口的類型為access
[H3C_TEST-Ethernet1/0/2]portaccess vlan 99//把當前端口劃到vlan 99
[H3C_TEST]vlan 99
[H3C_TEST-vlan99]portethernet1/0/1 to ethernet1/0/24//把以及網端口1/0/1到1/0/24劃到vlan99
[H3C_TEST-vlan99]quit
[H3C_TEST-GigabitEthernet1/2/1]porttrunk permit vlan 1 99 // {ID|All} 設置trunk端口允許通過的VLAN
------------------------------------
# 配置本地用戶
System View:return to User View with Ctrl+Z.
[Sysname]local-userh3c
New local useradded.
[Sysname-luser-h3c]service-typetelnet level 3
[Sysname-luser-h3c]passwordsimple h3c
# 配置歡迎信息
[H3C_TEST]headerlogin %Welcome to login h3c!%
# 配置用戶認證方式telnet(vty 0-4)
[H3C_TEST]user-interfacevty 0 4
[H3C_TEST-ui-vty0-4]authentication-modescheme
[H3C_TEST-ui-vty0-4]protocolinbound telnet
[H3C_TEST-ui-vty0-4]superauthentication-mode super-password
[H3C_TEST-ui-vty0-4]quit
[H3C_TEST]superpassword level 3 simple h3c //用戶登陸后提升權限的密碼
# 配置Radius策略
[H3C_TEST]radiusscheme radius1
New Radius scheme
[H3C_TEST-radius-radius1]primaryauthentication 10.0.1.253 1645
[H3C_TEST-radius-radius1]primaryaccounting 10.0.1.253 1646
[H3C_TEST-radius-radius1]secondaryauthentication 127.0.0.1 1645
[H3C_TEST-radius-radius1]secondaryaccounting 127.0.0.1 1646
[H3C_TEST-radius-radius1]timer5
[H3C_TEST-radius-radius1]keyauthentication h3c
[H3C_TEST-radius-radius1]keyaccounting h3c
[H3C_TEST-radius-radius1]server-typeextended
[H3C_TEST-radius-radius1]user-name-formatwithout-domain
# 配置域
[H3C_TEST]domainh3c
[H3C_TEST-isp-h3c]authenticationradius-scheme radius1 local
[H3C_TEST-isp-h3c]schemeradius-scheme radius1 local
[H3C_TEST]domaindefault enable h3c
# 配置在遠程認證失敗時,本地認證的key
[H3C_TEST]local-servernas-ip 127.0.0.1 key h3c
H3C交換機路由器telnet和console口登錄配置
2009年11月09日星期一 10:00
級別說明
Level 名稱
命令
0
參觀
ping、tracert、telnet
1
監控
display、debugging
2
配置
所有配置命令(管理級的命令除外)
3
管理
文件系統命令、FTP命令、TFTP命令、XMODEM命令
telnet僅用密碼登錄,管理員權限
[Router]user-interfacevty 0 4[Router-ui-vty0-4]user privilege level 3[Router-ui-vty0-4]setauthentication password simple abc
telnet僅用密碼登錄,非管理員權限
[Router]superpassword level 3 simple super
[Router]user-interfacevty 0 4[Router-ui-vty0-4]user privilege level 1[Router-ui-vty0-4]setauthentication password simple abc
telnet使用路由器上配置的用戶名密碼登錄,管理員權限
[Router]local-useradmin password simple admin[Router]local-user admin service-typetelnet[Router]local-user admin level 3
[Router]user-interfacevty 0 4[Router-ui-vty0-4]authentication-mode local
telnet使用路由器上配置的用戶名密碼登錄,非管理員權限
[Router]superpassword level 3 simple super
[Router]local-usermanage password simple manage[Router]local-user manage service-typetelnet[Router]local-user manage level 2
[Router]user-interfacevty 0 4[Router-ui-vty0-4]authentication-mode local
對console口設置密碼,登錄后使用管理員權限
[Router]user-interfacecon 0[Router-ui-console0]user privilege level 3[Router-ui-console0]setauthentication password simple abc
對console口設置密碼,登錄后使用非管理員權限
[Router]superpassword level 3 simple super
[Router]user-interfacecon 0[Router-ui-console0]user privilege level 1[Router-ui-console0]setauthentication password simple abc
對console口設置用戶名和密碼,登錄后使用管理員權限
[Router]local-useradmin password simple admin[Router]local-user admin service-typeterminal[Router]local-user admin level 3
[Router]user-interfacecon 0[Router-ui-console0]authentication-mode local
對console口設置用戶名和密碼,登錄后使用非管理員權限
[Router]superpassword level 3 simple super
[Router]local-usermanage password simple manage[Router]local-user manage service-typeterminal[Router]local-user manage level 2
[Router]user-interfacecon 0[Router-ui-console0]authentication-mode local
simple 是明文顯示,cipher 是加密顯示
路由器不設置telnet登錄配置時,用戶無法通過telnet登錄到路由器上
[Router-ui-vty0-4]acl2000 inbound可以通過acl的規則只允許符合條件的用戶遠程登錄路由器
路由器命令
~~~~~~~~~~
[Quidway]displayversion 顯示版本信息
[Quidway]displaycurrent-configuration 顯示當前配置
[Quidway]displayinterfaces 顯示接口信息
[Quidway]displayip route 顯示路由信息
[Quidway]sysnameaabbcc 更改主機名
[Quidway]superpasswrod 123456 設置口令
[Quidway]interfaceserial0 進入接口
[Quidway-serial0]ipaddress
[Quidway-serial0]undoshutdown 激活端口
[Quidway]link-protocolhdlc 綁定hdlc協議
[Quidway]user-interfacevty 0 4
[Quidway-ui-vty0-4]authentication-modepassword
[Quidway-ui-vty0-4]setauthentication-mode password simple 222
[Quidway-ui-vty0-4]userprivilege level 3
[Quidway-ui-vty0-4]quit
[Quidway]debugginghdlc all serial0 顯示所有信息
[Quidway]debugginghdlc event serial0 調試事件信息
[Quidway]debugginghdlc packet serial0 顯示包的信息
靜態路由:
[Quidway]iproute-static
例如:
[Quidway]iproute-static 129.1.0.0 16 10.0.0.2
[Quidway]iproute-static 129.1.0.0 255.255.0.0 10.0.0.2
[Quidway]iproute-static 129.1.0.0 16 Serial 2
[Quidway]ip route-static0.0.0.0 0.0.0.0 10.0.0.2
動態路由:
[Quidway]rip
[Quidway]rip work
[Quidway]rip input
[Quidway]ripoutput
[Quidway-rip]network1.0.0.0 可以all
[Quidway-rip]network2.0.0.0
[Quidway-rip]peerip-address
[Quidway-rip]summary
[Quidway]ripversion 1
[Quidway]ripversion 2 multicast
[Quidway-Ethernet0]ripsplit-horizon 水平分隔
[Quidway]router idA.B.C.D 配置路由器的ID
[Quidway]ospfenable 啟動OSPF協議
[Quidway-ospf]import-routedirect 引入直聯路由
[Quidway-Serial0]ospfenable area
標準訪問列表命令格式如下:
acl
rule[normal|special]{permit|deny} [source source-addr source-wildcard|any]
例:
[Quidway]acl 10
[Quidway-acl-10]rulenormal permit source 10.0.0.0 0.0.0.255
[Quidway-acl-10]rulenormal deny source any
擴展訪問控制列表配置命令
配置TCP/UDP協議的擴展訪問列表:
rule{normal|special}{permit|deny}{tcp|udp}source {
[operate]
配置ICMP協議的擴展訪問列表:
rule{normal|special}{permit|deny}icmp source {
[icmp-code][logging]
擴展訪問控制列表操作符的含義
equalportnumber 等于
greater-thanportnumber 大于
less-thanportnumber 小于
not-equalportnumber 不等
range portnumber1portnumber2 區間
擴展訪問控制列表舉例
[Quidway]acl 101
[Quidway-acl-101]ruledeny souce any destination any
[Quidway-acl-101]rulepermit icmp source any destination any icmp-type echo
[Quidway-acl-101]rulepermit icmp source any destination any icmp-type echo-reply
[Quidway]acl 102
[Quidway-acl-102]rulepermit ip source 10.0.0.1 0.0.0.0 destination 202.0.0.1 0.0.0.0
[Quidway-acl-102]ruledeny ip source any destination any
[Quidway]acl 103
[Quidway-acl-103]rulepermit tcp source any destination 10.0.0.1 0.0.0.0 destination-port equal ftp
[Quidway-acl-103]rulepermit tcp source any destination 10.0.0.2 0.0.0.0 destination-port equal www
[Quidway]firewallenable
[Quidway]firewalldefault permit|deny
[Quidway]int e0
[Quidway-Ethernet0]firewallpacket-filter 101 inbound|outbound
地址轉換配置舉例
[Quidway]firewallenable
[Quidway]firewalldefault permit
[Quidway]acl 101
[Quidway-acl-101]ruledeny ip source any destination any
[Quidway-acl-101]rulepermit ip source 129.38.1.4 0 destination any
[Quidway-acl-101]rulepermit ip source 129.38.1.1 0 destination any
[Quidway-acl-101]rulepermit ip source 129.38.1.2 0 destination any
[Quidway-acl-101]rulepermit ip source 129.38.1.3 0 destination any
[Quidway]acl 102
[Quidway-acl-102]rulepermit tcp source 202.39.2.3 0 destination 202.38.160.1 0
[Quidway-acl-102]rulepermit tcp source any destination 202.38.160.1 0 destination-port great-than
1024
[Quidway-Ethernet0]firewallpacket-filter 101 inbound
[Quidway-Serial0]firewallpacket-filter 102 inbound
[Quidway]nataddress-group 202.38.160.101 202.38.160.103 pool1
[Quidway]acl 1
[Quidway-acl-1]rulepermit source 10.110.10.0 0.0.0.255
[Quidway-acl-1]ruledeny source any
[Quidway-acl-1]intserial 0
[Quidway-Serial0]natoutbound 1 address-group pool1
[Quidway-Serial0]natserver global 202.38.160.101 inside 10.110.10.1 ftp tcp
[Quidway-Serial0]natserver global 202.38.160.102 inside 10.110.10.2 www tcp
[Quidway-Serial0]natserver global 202.38.160.102 8080 inside 10.110.10.3 www tcp
[Quidway-Serial0]natserver global 202.38.160.103 inside 10.110.10.4 smtp udp
PPP驗證:
主驗方:pap|chap
[Quidway]local-useru2 password {simple|cipher} aaa
[Quidway]interfaceserial 0
[Quidway-serial0]pppauthentication-mode {pap|chap}
[Quidway-serial0]pppchap user u1 //pap時,不用此句
pap被驗方:
[Quidway]interfaceserial 0
[Quidway-serial0]ppppap local-user u2 password {simple|cipher} aaa
chap被驗方:
[Quidway]interfaceserial 0
[Quidway-serial0]pppchap user u1
[Quidway-serial0]local-useru2 password {simple|cipher} aaa
----------------------------------------------------
H3C路由器配置方案注解
#
version 5.20,Release 1719 //版本信息,自動顯示
#
sysname H3C //給設備命名為H3C
#
super passwordlevel 3 cipher 7WC1<3E`[Y)./a!1$H@GYA!! //設置super密碼
#
domain defaultenable system
#
telnet serverenable
#
vlan 1
#
domain system
access-limitdisable
state active
idle-cut disable
self-service-urldisable
#
user-group system//從此以上未標注的為默認配置,不用去理解
#
local-user admin//添加用戶名為admin的用戶
password cipher.]@USE=B,53Q=^Q`MAF4<1!! //設置密碼(密文)
authorization-attributelevel 3 //設置用戶權限為3級(最高)
service-typetelnet //設置用戶的模式為telnet用戶
local-user share//從此往下四行同上
password cipher[HM$GH8P1GSQ=^Q`MAF4<1!!
authorization-attributelevel 1
service-type telnet
#
controller E1 0/0//進入E1物理端口(兩兆口)
using e1 //設置端口模式為E1(設置后下面會出現interface Serial0/0:0)
#
interface Aux0 //從此以下三行為主控板aux口默認配置
async mode flow
link-protocol ppp
#
interfaceEthernet0/0 //進入E0/0接口(以太網口)
port link-moderoute //配置該接口為路由模式
#
interface Serial0/0:0//進入Serial0/0:0端口(前面用using e1命令后產生,對應E1端口)
link-protocol ppp//配置鏈路協議為ppp(默認)
ip address74.1.63.170 255.255.255.252 //配置該接口IP地址
#
interface NULL0
#
interfaceVlan-interface1 //lan口vlan地址(lan口地址)
ip address192.168.1.1 255.255.255.0
#
interfaceEthernet0/1
port link-modebridge
#
interfaceEthernet0/2
port link-modebridge
#
interfaceEthernet0/3
port link-modebridge
#
interfaceEthernet0/4
port link-modebridge
#
ip route-static74.1.8.0 255.255.255.0 74.1.63.169 //配置靜態路由
#
user-interface aux0
user-interface vty0 4 //進入vty接口(遠程登陸接口)0-4通道
authentication-modescheme //配置登陸驗證類型為scheme(用戶驗證型)
user privilegelevel 1 //設置當驗證模式不是scheme類型時的登錄級別(廢配置)
#
return
-----------------------------------------------
H3C路由器基本配置命令
[Quidway]displayversion 顯示版本信息
[Quidway]displaycurrent-configuration 顯示當前配置
[Quidway]displayinterfaces 顯示接口信息
[Quidway]displayip route 顯示路由信息
[Quidway]sysnameaabbcc 更改主機名
[Quidway]superpasswrod 123456 設置口令
[Quidway]interfaceserial0 進入接口
[Quidway-serial0]ipaddress
[Quidway-serial0]undoshutdown 激活端口
[Quidway]link-protocolhdlc 綁定hdlc協議
[Quidway]user-interfacevty 0 4
[Quidway-ui-vty0-4]authentication-modepassword
[Quidway-ui-vty0-4]setauthentication-mode password simple 222
[Quidway-ui-vty0-4]userprivilege level 3
[Quidway-ui-vty0-4]quit
[Quidway]debugginghdlc all serial0 顯示所有信息
[Quidway]debugginghdlc event serial0 調試事件信息
[Quidway]debugginghdlc packet serial0 顯示包的信息
靜態路由:
[Quidway]iproute-static
例如:
[Quidway]iproute-static 129.1.0.0 16 10.0.0.2
[Quidway]iproute-static 129.1.0.0 255.255.0.0 10.0.0.2
[Quidway]iproute-static 129.1.0.0 16 Serial 2
[Quidway]iproute-static 0.0.0.0 0.0.0.0 10.0.0.2
動態路由:
[Quidway]rip
[Quidway]rip work
[Quidway]rip input
[Quidway]ripoutput
[Quidway-rip]network1.0.0.0 ;可以all
[Quidway-rip]network2.0.0.0
[Quidway-rip]peerip-address
[Quidway-rip]summary
[Quidway]ripversion 1
[Quidway]ripversion 2 multicast
[Quidway-Ethernet0]ripsplit-horizon ;水平分隔
[Quidway]router idA.B.C.D 配置路由器的ID
[Quidway]ospfenable 啟動OSPF協議
[Quidway-ospf]import-routedirect 引入直聯路由
[Quidway-Serial0]ospfenable area
標準訪問列表命令格式如下:
acl
rule[normal|special]{permit|deny} [source source-addr source-wildcard|any]
例:
[Quidway]acl 10
[Quidway-acl-10]rulenormal permit source 10.0.0.0 0.0.0.255
[Quidway-acl-10]rulenormal deny source any
擴展訪問控制列表配置命令
配置TCP/UDP協議的擴展訪問列表:
rule{normal|special}{permit|deny}{tcp|udp}source {
[operate]
配置ICMP協議的擴展訪問列表:
rule{normal|special}{permit|deny}icmp source {
[icmp-code][logging]
擴展訪問控制列表操作符的含義
equalportnumber 等于
greater-thanportnumber 大于
less-thanportnumber 小于
not-equalportnumber 不等
range portnumber1portnumber2 區間
擴展訪問控制列表舉例
[Quidway]acl 101
[Quidway-acl-101]ruledeny souce any destination any
[Quidway-acl-101]rulepermit icmp source any destination any icmp-type echo
[Quidway-acl-101]rulepermit icmp source any destination any icmp-type echo-reply
[Quidway]acl 102
[Quidway-acl-102]rulepermit ip source 10.0.0.1 0.0.0.0 destination 202.0.0.1 0.0.0.0
[Quidway-acl-102]ruledeny ip source any destination any
[Quidway]acl 103
[Quidway-acl-103]rulepermit tcp source any destination 10.0.0.1 0.0.0.0 destination-port equal ftp
[Quidway-acl-103]rulepermit tcp source any destination 10.0.0.2 0.0.0.0 destination-port equal www
[Quidway]firewallenable
[Quidway]firewalldefault permit|deny
[Quidway]int e0
[Quidway-Ethernet0]firewallpacket-filter 101 inbound|outbound
地址轉換配置舉例
[Quidway]firewallenable
[Quidway]firewalldefault permit
[Quidway]acl 101
[Quidway-acl-101]ruledeny ip source any destination any
[Quidway-acl-101]rulepermit ip source 129.38.1.4 0 destination any
[Quidway-acl-101]rulepermit ip source 129.38.1.1 0 destination any
[Quidway-acl-101]rulepermit ip source 129.38.1.2 0 destination any
[Quidway-acl-101]rulepermit ip source 129.38.1.3 0 destination any
[Quidway]acl 102
[Quidway-acl-102]rulepermit tcp source 202.39.2.3 0 destination 202.38.160.1 0
[Quidway-acl-102]rulepermit tcp source any destination 202.38.160.1 0 destination-port great-than
1024
[Quidway-Ethernet0]firewallpacket-filter 101 inbound
[Quidway-Serial0]firewallpacket-filter 102 inbound
[Quidway]nataddress-group 202.38.160.101 202.38.160.103 pool1
[Quidway]acl 1
[Quidway-acl-1]rulepermit source 10.110.10.0 0.0.0.255
[Quidway-acl-1]ruledeny source any
[Quidway-acl-1]intserial 0
[Quidway-Serial0]natoutbound 1 address-group pool1
[Quidway-Serial0]natserver global 202.38.160.101 inside 10.110.10.1 ftp tcp
[Quidway-Serial0]natserver global 202.38.160.102 inside 10.110.10.2 www tcp
[Quidway-Serial0]natserver global 202.38.160.102 8080 inside 10.110.10.3 www tcp
[Quidway-Serial0]natserver global 202.38.160.103 inside 10.110.10.4 smtp udp
PPP驗證:
主驗方:pap|chap
[Quidway]local-useru2 password {simple|cipher} aaa
[Quidway]interfaceserial 0
[Quidway-serial0]pppauthentication-mode {pap|chap}
[Quidway-serial0]pppchap user u1 //pap時,不用此句
pap被驗方:
[Quidway]interfaceserial 0
[Quidway-serial0]ppppap local-user u2 password {simple|cipher} aaa
chap被驗方:
[Quidway]interfaceserial 0
[Quidway-serial0]pppchap user u1
[Quidway-serial0]local-useru2 password {simple|cipher} aaa