TXT

H3C

By Andrew Bell,2014-04-13 10:58
14 views 0
H3C

reset save

    reboot

    SYSNAME起名

    建立VLAN

    进入接口

    PORT LINK TRUNK

    PORT TRUNK PER VLAN ALL

    VTP

    TELNET SERVER ENABLE

    USER INT VTY 0 4

    PROTOCOL IN TE

    IDLE TIME 5

    USER PRIVILAGE LE 3

    AUTHENTICA PASS

    SET AUTHEN PASS CIP

    LOCA-USER ADMIN PASS ADMIN

    UNDO SHUTDOWN

    IP ROUTE STATIC

    <Sysname> system-view

    [Sysname] user-interface aux 0

    [Sysname] local-user guest

    [Sysname-luser-guest] password simple 123456 [Sysname-luser-guest] service-type terminal level 2 [Sysname-luser-guest] quit

    [Sysname-ui-aux0] authentication-mode none [Sysname-ui-aux0] authentication-mode password,[Sysname-ui-aux0] set

    authentication password simple 123456 [Sysname-ui-aux0] user privilege level 2 [Sysname-ui-aux0] speed 19200

    [Sysname-ui-aux0] screen-length 3

    [Sysname-ui-aux0] history-command max-size 20 [Sysname-ui-aux0] idle-timeout 6

    vty

    <Sysname> system-view

    [Sysname] local-user guest

    [Sysname-luser-guest] password simple 123456 [Sysname-luser-guest] service-type telnet level 2 [Sysname-luser-guest] quit

    [Sysname] user-interface vty 0

    [Sysname-ui-vty0] authentication-mode none/[Sysname-ui-vty0] authentication-mode

    password/[Sysname-ui-vty0] set authentication password simple 123456

    [Sysname-ui-vty0] user privilege level 2 [Sysname-ui-vty0] protocol inbound telnet启用协议

    [Sysname-ui-vty0] screen-length 30

    [Sysname-ui-vty0] history-command max-size 20 [Sysname-ui-vty0] idle-timeout 6

    acl

    <Sysname> system-view

    [Sysname] acl number 2000

    [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] quit

    [Sysname] user-interface vty 0 4

    [Sysname-ui-vty0-4] acl 2000 inbound

    <Sysname> system-view

    [Sysname] acl number 2000

    [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] quit

    [Sysname] snmp-agent community read aaa acl 2000 [Sysname] snmp-agent group v2c groupa acl 2000 [Sysname] snmp-agent usm-user v2c usera groupa acl 2000 vlan

    <SwitchB> system-view

    [SwitchB] vlan 101

    [SwitchB-vlan101] description DMZ

    [SwitchB-vlan101] port GigabitEthernet 1/0/11 [SwitchB-vlan101] quit

    [SwitchA] interface GigabitEthernet 1/0/3 [SwitchA-GigabitEthernet1/0/3] port link-type trunk [SwitchA-GigabitEthernet1/0/3] port trunk permit vlan 101 <sysname> system-view

    [sysname] vlan 10

    [sysname-vlan10] quit

    [sysname] management-vlan 10 做管理

    [sysname] interface vlan-interface 10

    [sysname-Vlan-interface10] ip address 1.1.1.1 255.255.255.0 [sysname-Vlan-interface10] quit

    [sysname] ip route-static 0.0.0.0 0.0.0.0 1.1.1.2 也可以是默认网关

    开启全局 GVRP

    <Switch> system-view

    [Switch] gvrp

    [Switch] interface GigabitEthernet 1/0/1

    [Switch-GigabitEthernet1/0/1] port link-type trunk [Switch-GigabitEthernet1/0/1] port trunk permit vlan all [Switch-GigabitEthernet1/0/1] gvrp

    [Switch-GigabitEthernet1/0/1] quit

    注册模式为 fixed

    [SwitchE] interface GigabitEthernet 1/0/1 [SwitchE-GigabitEthernet1/0/1] gvrp registration fixed

注册模式为 forbidden

    [SwitchE-GigabitEthernet1/0/1] gvrp registration forbidden

    [SwitchA] display vlan dynamic

    [Sysname-GigabitEthernet1/0/1] undo enable log updown 关闭端口检查功能 手工汇聚方式?

    <Sysname> system-view

    [Sysname] link-aggregation group 1 mode manual创建手工汇聚组

    [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port link-aggregation group 1加入汇聚组 静态 LACP 汇聚

    <Sysname> system-view

    [Sysname] link-aggregation group 1 mode static [Sysname] interface GigabitEthernet1/0/1 [Sysname-GigabitEthernet1/0/1] port link-aggregation group 1

    动态 LACP 汇聚

    <Sysname> system-view

    [Sysname] interface GigabitEthernet1/0/1 [Sysname-GigabitEthernet1/0/1] lacp enable只有端口的基本配置、速率、双工等参数一致时?上述端口在开启 LACP 协议之后?才能汇聚到同一个动态汇聚组内?实现端口的负载分担。

    以太网端口 GigabitEthernet1/0/2GigabitEthernet1/0/3GigabitEthernet1/0/4 加入隔离组?之间不能互通。

    <Sysname> system-view

    [Sysname] interface GigabitEthernet1/0/2 [Sysname-GigabitEthernet1/0/2] port isolate [Sysname-GigabitEthernet1/0/2] quit <Sysname> display isolate port

    端口安全

    <Switch> system-view

    [Switch] port-security enable

    [Switch] interface GigabitEthernet 1/0/1 [Switch-GigabitEthernet1/0/1] port-security max-mac-count 80最大MAC地址数量 [Switch-GigabitEthernet1/0/1] port-security port-mode autolearn安全模式为 autolearn

    [Switch-GigabitEthernet1/0/1] mac-address security 0001-0002-0003 vlan 1 Host MAC 地址 0001-0002-0003 作为 Security MAC 添加到 VLAN 1 中。

    [Switch-GigabitEthernet1/0/1] port-security intrusion-mode

    disableport-temporarily关闭时间为 30

    [Switch-GigabitEthernet1/0/1] quit [Switch] port-security timer disableport 30 地址绑定

    <SwitchA> system-view

    [SwitchA] interface GigabitEthernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] am user-bind mac-addr 0001-0002-0003 ip-addr

10.12.1.1

    DLDP配置

    <SwitchA> system-view

    [SwitchA] interface gigabitethernet 1/0/50 [SwitchA-GigabitEthernet1/0/50] duplex full配置端口工作在强制全双工模式 [SwitchA-GigabitEthernet1/0/50] speed 1000速率为 1000Mbits/s [SwitchA-GigabitEthernet1/0/50] quit 全局开启 DLDP

    [SwitchA] dldp enable

    [SwitchA] dldp interval 15设置发送 DLDP 报文的时间间隔为 15

    [SwitchA] dldp work-mode enhance配置 DLDP 协议的工作模式为加强模式

    [SwitchA] dldp unidirectional-shutdown auto配置 DLDP 单向链路操作模式为自动模式 [SwitchA] display dldp 1

    [SwitchA] dldp reset恢复被 DLDP 协议 Down 掉的端口

    STP

    <Sysname> system-view

    [Sysname] stp region-configuration

    [Sysname-mst-region] region-name info [Sysname-mst-region] instance 1 vlan 2 to 10 [Sysname-mst-region] instance 2 vlan 20 to 30 [Sysname-mst-region] revision-level 1 [Sysname-mst-region] active region-configuration [Sysname-mst-region] check region-configuration

Report this document

For any questions or suggestions please email
cust-service@docsford.com