1、H3C5500详细配置及说明version 5.20, Release 1207sysname dunan-s5500设备重命名super password level 3 simple abcd123456设置串口连接密码domain default enable system说明性文字telnet server enable telnet服务开启loopback-detection enable环回口连接开启注释VLAN连接区域vlan 1vlan 30vlan 70description fileserverdescription waimaodescription huayivlan
2、2vlan 40vlan 80description firewalldescription bigofficedescription zongcaivlan 10vlan 50vlan 90description erp+sql+otherdescription jishubudescription webservlan 20vlan 60vlan 130description caiwudescription erchejiandescription wlanradius scheme systemdomain system说明性文字access-limit disablestate ac
3、tiveidle-cut disableself-service-url disable将ACL规则定义策略和行为这里和3600是不同的,分为三部traffic classifier c_vlan operator and if-match acl 3000traffic classifier a_vlan operator and if-match acl 3001traffic behavior d_vlanfilter denytraffic behavior b_vlanfilter denyqos policy p_vlanclassifier c_vlan behavior b_v
4、lanqos policy t_vlanclassifier a_vlan behavior d_vlan设置web访问用户和密码并定义权限为最高local-user h3cpassword simple dafmservice-type telnetlevel 3建立高级访问控制列表并建立子规则acl number 3000rule 0 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.90.0 0.0.0.255rule 1 deny tcp source 192.168.130.0 0.0.0.255 destinati
5、on 192.168.90.0 0.0.0.255rule 2 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.20.0 0.0.0.255rule 3 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.30.0 0.0.0.255rule 4 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.40.0 0.0.0.255rule 5 deny tcp source 192.168.1
6、30.0 0.0.0.255 destination 192.168.50.0 0.0.0.255rule 6 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.60.0 0.0.0.255rule 7 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.70.0 0.0.0.255rule 8 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.80.0 0.0.0.255rule 9 d
7、eny tcp source 192.168.50.0 0.0.0.255 destination 192.168.80.0 0.0.0.255rule 10 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.70.0 0.0.0.255rule 11 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.60.0 0.0.0.255rule 12 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168
8、.20.0 0.0.0.255rule 13 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.40.0 0.0.0.255rule 14 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.30.0 0.0.0.255rule 15 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.20.0 0.0.0.255rule 16 deny tcp source 192.168.50.0 0.0.0
9、.255 destination 192.168.130.0 0.0.0.255rule 17 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.30.0 0.0.0.255rule 18 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.40.0 0.0.0.255rule 19 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.50.0 0.0.0.255rule 20 deny tcp
10、source 192.168.80.0 0.0.0.255 destination 192.168.60.0 0.0.0.255rule 21 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.70.0 0.0.0.255rule 22 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.90.0 0.0.0.255rule 23 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.130.0 0
11、.0.0.255acl number 3001rule 0 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.1.0 0.0.0.255rule 1 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.10.0 0.0.0.255rule 2 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.20.0 0.0.0.255rule 3 deny tcp source 192.168.90.0 0.
12、0.0.255 destination 192.168.30.0 0.0.0.255rule 4 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.40.0 0.0.0.255rule 5 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.60.0 0.0.0.255rule 6 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.70.0 0.0.0.255rule 7 deny tcp so
13、urce 192.168.90.0 0.0.0.255 destination 192.168.80.0 0.0.0.255rule 8 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.130.0 0.0.0.255配置VLAN网关,实际为设置vlan间路由interface NULL0interface Vlan-interface 1ip address 192.168.1.1 255.255.255.0interface Vlan-interface 2ip address 192.168.2.2 255.255.25
14、5.0interface Vlan-interface 10ip address 192.168.10.1 255.255.255.0interface Vlan-interface 20ip address 192.168.20.1 255.255.255.0interface Vlan-interface 30ip address 192.168.30.1 255.255.255.0interface Vlan-interface 40ip address 192.168.40.1 255.255.255.0interface Vlan-interface 50ip address 192
15、.168.50.1 255.255.255.0interface Vlan-interface 60ip address 192.168.60.1 255.255.255.0interface Vlan-interface 70ip address 192.168.70.1 255.255.255.0interface Vlan-interface 80ip address 192.168.80.1 255.255.255.0interface Vlan-interface 90ip address 192.168.90.1 255.255.255.0interface Vlan-interf
16、ace 30ip address 192.168.130.1 255.255.255.0将接口划入vlaninterface GigabitEthernet1/0/1port access vlan 10interface GigabitEthernet1/0/2port access vlan 10interface GigabitEthernet1/0/3port access vlan 10interface GigabitEthernet1/0/4port access vlan 90定义策略到接口qos apply policy t_vlan inboundinterface Gig
17、abitEthernet1/0/5port access vlan 20interface GigabitEthernet1/0/6port access vlan 20interface GigabitEthernet1/0/7port access vlan 30interface GigabitEthernet1/0/8port access vlan 30interface GigabitEthernet1/0/9port access vlan 40interface GigabitEthernet1/0/10port access vlan 40interface GigabitE
18、thernet1/0/11port access vlan 50定义策略到接口qos apply policy p_vlan inboundinterface GigabitEthernet1/0/12port access vlan 50定义策略到接口qos apply policy p_vlan inboundinterface GigabitEthernet1/0/13port access vlan 60interface GigabitEthernet1/0/14port access vlan 60interface GigabitEthernet1/0/15port access
19、 vlan 70interface GigabitEthernet1/0/16port access vlan 70interface GigabitEthernet1/0/17port access vlan 80定义策略到接口qos apply policy p_vlan inboundinterface GigabitEthernet1/0/18port access vlan 80定义策略到接口qos apply policy p_vlan inboundinterface GigabitEthernet1/0/19port access vlan 130定义策略到接口qos appl
20、y policy p_vlan inboundinterface GigabitEthernet1/0/20 port access vlan 130定义策略到接口qos apply policy p_vlan inboundinterface GigabitEthernet1/0/21 duplex full flow-controlinterface GigabitEthernet1/0/22interface GigabitEthernet1/0/23 port access vlan 2interface GigabitEthernet1/0/24 port access vlan 2
21、interface GigabitEthernet1/0/25 shutdowninterface GigabitEthernet1/0/26 shutdowninterface GigabitEthernet1/0/27 shutdowninterface GigabitEthernet1/0/28 shutdown配置到防火墙的默认路由ip route-static 0.0.0.0 0.0.0.0 192.168.2.1简单网络管理协议的描述snmp-agentsnmp-agent local-engineid 800063A20300E0FC123456snmp-agent sys-in
22、fo version v3load xml-configuration开启aux口和telnet访问的权限并设定串口访问密码user-interface aux 0authentication-mode passwordset authentication password simple abcd123456user-interface vty 0 4user privilege level 3set authentication password cipher BM!.M()1=%X)AGU/NCA!protocol inbound telnet华为路由器交换机配置命令:交换机命令Quidw
23、aydis curr;显示当前配置Quidwaydisplay interfaces;显示接口信息Quidwaydisplay vlanall;显示路由信息Quidwaydisplay version;显示版本信息Quidwaysuper password;修改特权用户密码Quidwaysysname;交换机命名Quidwayinterface ethernet0/1;进入接口视图Quidwayinterface vlanx;进入接口视图Quidway-Vlan-interfacexip address 10.65.1.1 255.255.0.0;配置VLAN的IP地址Quidwayip ro
24、ute-static 0.0.0.0 0.0.0.0 10.65.1.2;静态路由网关Quidwayrip;三层交换支持Quidwayuser-interface vty 0 4;进入虚拟终端S3026-ui-vty0-4authentication-mode password;设置口令模式S3026-ui-vty0-4set authentication-mode password simple222;设置口令S3026-ui-vty0-4user privilege level3;用户级别Quidwayinterface ethernet0/1;进入端口模式Quidwayint e0/1;
25、进入端口模式Quidway-Ethernet0/1duplex half|full|auto;配置端口工作状态Quidway-Ethernet0/1speed10|100|auto;配置端口工作速率Quidway-Ethernet0/1flow-control;配置端口流控Quidway-Ethernet0/1mdiacross|auto|normal;配置端口平接扭接Quidway-Ethernet0/1portlink-typetrunk|access|hybrid;设置端口工作模式Quidway-Ethernet0/1port access vlan3;当前端口加入到VLANQuidwa
26、y-Ethernet0/2port trunk permitvlanID|All;设trunk允许的VLANQuidway-Ethernet0/3port trunk pvid vlan3;设置trunk端PVID Quidway-Ethernet0/1undoshutdown;激活端口Quidway-Ethernet0/1shutdown;关闭端口Quidway-Ethernet0/1quit;返回Quidwayvlan3;创建VLANQuidway-vlan3port ethernet0/1;在VLAN中增加端口Quidway-vlan3port e0/1;简写方式Quidway-vlan
27、3port ethernet0/1 to ethernet0/4;在VLAN中增加端口Quidway-vlan3port e0/1 to e0/4;简写方式Quidwaymonitor-port;指定镜像端口Quidwayport mirror;指定被镜像端口Quidwayport mirror int_listobserving-portint_typeint_num;指定镜像和被镜像Quidwaydescription string;指定VLAN描述字符Quidwaydescription;删除VLAN描述字符Quidwaydisplay vlanvlan_id;查看VLAN设置Quidw
28、aystpenable|disable;设置生成树,默认关闭的口Quidwaystp priority 4096;设置交换机的优先级Quidwaystp rootprimary|secondary;设置为根或根的备份Quidway-Ethernet0/1stpcost200;设置交换机端口的花费Quidwaylink-aggregatione0/1toe0/4ingress|both;端口的聚合Quidwayundolink-aggregatione0/1|all;始端口为通道号SwitchA-vlanxisolate-user-vlanenable;设置主vlanSwitchAisolate-user-vlansecondary;设置主vlan包括的子vlanQuidway-Ethernet0/2porthybridpvidvlan;设置vlan的pvidQuidway-Ethernet0/2porthybridpvid;删除vlan的pvidQuidway-Ethernet0/2porthybridvlanvlan_id_listuntagged;设置无标识的vlan如果包的vlanid与PVId一致,则去掉vlan信息.默认PVID=1。所以设置PVID为所属vlanid,设置可以互通的vlan为untagged.
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1