亚洲国产日韩欧美在线a乱码,国产精品路线1路线2路线,亚洲视频一区,精品国产自,www狠狠,国产情侣激情在线视频免费看,亚洲成年网站在线观看

H3C交換機(jī)簡單配置案例

時(shí)間:2022-05-20 23:36:04 H3C認(rèn)證 我要投稿
  • 相關(guān)推薦

2016年H3C交換機(jī)簡單配置案例

  本文為大家?guī)淼氖荋3C交換機(jī)簡單配置案例,這里使用的H3C交換機(jī)是H126A,僅僅只做了最基本的配置以滿足使用。

  配置中可以通過display current-configura命令來顯示當(dāng)前使用的配置內(nèi)容。

  # 配置VLAN 1

  system-view

  System View:return to User View with Ctrl+Z.

  [Sysname]vlan 1

  [Sysname-vlan1]quit

  [Sysname]management-vlan1

  [Sysname]interfaceVlan-interface 1

  [Sysname-Vlan-interface1]ip address 10.0.1.201 255.255.255.0

  # 顯示VLAN 接口1 的相關(guān)信息。

  display ip interface Vlan-interface 1

  # 創(chuàng)建VLAN(H3C不支持cisco的VTP,所以只能添加靜態(tài)VLAN)

  system-view

  System View:return to User View with Ctrl+Z.

  [H3C_TEST]vlan 99

  [H3C_TEST-vlan99]nameseicoffice

  [H3C_TEST-vlan99]quit

  # 把交換機(jī)的端端口劃分到相應(yīng)的Vlan中

  [H3C_TEST]interfaceethernet1/0/2//進(jìn)入端口模式

  [H3C_TEST-Ethernet1/0/2]portlink-type access //設(shè)置端口的類型為access

  [H3C_TEST-Ethernet1/0/2]portaccess vlan 99//把當(dāng)前端口劃到vlan 99

  [H3C_TEST]vlan 99

  [H3C_TEST-vlan99]portethernet1/0/1 to ethernet1/0/24//把以及網(wǎng)端口1/0/1到1/0/24劃到vlan99

  [H3C_TEST-vlan99]quit

  [H3C_TEST-GigabitEthernet1/2/1]porttrunk permit vlan 1 99 // {ID|All} 設(shè)置trunk端口允許通過的VLAN

  ------------------------------------

  # 配置本地用戶

  system-view

  System View:return to User View with Ctrl+Z.

  [Sysname]local-userh3c

  New local useradded.

  [Sysname-luser-h3c]service-typetelnet level 3

  [Sysname-luser-h3c]passwordsimple h3c

  # 配置歡迎信息

  [H3C_TEST]headerlogin %Welcome to login h3c!%

  # 配置用戶認(rèn)證方式telnet(vty 0-4)

  [H3C_TEST]user-interfacevty 0 4

  [H3C_TEST-ui-vty0-4]authentication-modescheme

  [H3C_TEST-ui-vty0-4]protocolinbound telnet

  [H3C_TEST-ui-vty0-4]superauthentication-mode super-password

  [H3C_TEST-ui-vty0-4]quit

  [H3C_TEST]superpassword level 3 simple h3c //用戶登陸后提升權(quán)限的密碼

  # 配置Radius策略

  [H3C_TEST]radiusscheme radius1

  New Radius scheme

  [H3C_TEST-radius-radius1]primaryauthentication 10.0.1.253 1645

  [H3C_TEST-radius-radius1]primaryaccounting 10.0.1.253 1646

  [H3C_TEST-radius-radius1]secondaryauthentication 127.0.0.1 1645

  [H3C_TEST-radius-radius1]secondaryaccounting 127.0.0.1 1646

  [H3C_TEST-radius-radius1]timer5

  [H3C_TEST-radius-radius1]keyauthentication h3c

  [H3C_TEST-radius-radius1]keyaccounting h3c

  [H3C_TEST-radius-radius1]server-typeextended

  [H3C_TEST-radius-radius1]user-name-formatwithout-domain

  # 配置域

  [H3C_TEST]domainh3c

  [H3C_TEST-isp-h3c]authenticationradius-scheme radius1 local

  [H3C_TEST-isp-h3c]schemeradius-scheme radius1 local

  [H3C_TEST]domaindefault enable h3c

  # 配置在遠(yuǎn)程認(rèn)證失敗時(shí),本地認(rèn)證的key

  [H3C_TEST]local-servernas-ip 127.0.0.1 key h3c

  telnet僅用密碼登錄,管理員權(quán)限

  [Router]user-interfacevty 0 4[Router-ui-vty0-4]user privilege level 3[Router-ui-vty0-4]setauthentication password simple abc

  telnet僅用密碼登錄,非管理員權(quán)限

  [Router]superpassword level 3 simple super

  [Router]user-interfacevty 0 4[Router-ui-vty0-4]user privilege level 1[Router-ui-vty0-4]setauthentication password simple abc

  telnet使用路由器上配置的用戶名密碼登錄,管理員權(quán)限

  [Router]local-useradmin password simple admin[Router]local-user admin service-typetelnet[Router]local-user admin level 3

  [Router]user-interfacevty 0 4[Router-ui-vty0-4]authentication-mode local

  telnet使用路由器上配置的用戶名密碼登錄,非管理員權(quán)限

  [Router]superpassword level 3 simple super

  [Router]local-usermanage password simple manage[Router]local-user manage service-typetelnet[Router]local-user manage level 2

  [Router]user-interfacevty 0 4[Router-ui-vty0-4]authentication-mode local

  對console口設(shè)置密碼,登錄后使用管理員權(quán)限

  [Router]user-interfacecon 0[Router-ui-console0]user privilege level 3[Router-ui-console0]setauthentication password simple abc

  對console口設(shè)置密碼,登錄后使用非管理員權(quán)限

  [Router]superpassword level 3 simple super

  [Router]user-interfacecon 0[Router-ui-console0]user privilege level 1[Router-ui-console0]setauthentication password simple abc

  對console口設(shè)置用戶名和密碼,登錄后使用管理員權(quán)限

  [Router]local-useradmin password simple admin[Router]local-user admin service-typeterminal[Router]local-user admin level 3

  [Router]user-interfacecon 0[Router-ui-console0]authentication-mode local

  對console口設(shè)置用戶名和密碼,登錄后使用非管理員權(quán)限

  [Router]superpassword level 3 simple super

  [Router]local-usermanage password simple manage[Router]local-user manage service-typeterminal[Router]local-user manage level 2

  [Router]user-interfacecon 0[Router-ui-console0]authentication-mode local

  simple 是明文顯示,cipher 是加密顯示

  路由器不設(shè)置telnet登錄配置時(shí),用戶無法通過telnet登錄到路由器上

  [Router-ui-vty0-4]acl2000 inbound可以通過acl的規(guī)則只允許符合條件的用戶遠(yuǎn)程登錄路由器

  路由器命令

  ~~~~~~~~~~

  [Quidway]displayversion 顯示版本信息

  [Quidway]displaycurrent-configuration 顯示當(dāng)前配置

  [Quidway]displayinterfaces 顯示接口信息

  [Quidway]displayip route 顯示路由信息

  [Quidway]sysnameaabbcc 更改主機(jī)名

  [Quidway]superpasswrod 123456 設(shè)置口令

  [Quidway]interfaceserial0 進(jìn)入接口

  [Quidway-serial0]ipaddress

  [Quidway-serial0]undoshutdown 激活端口

  [Quidway]link-protocolhdlc 綁定hdlc協(xié)議

  [Quidway]user-interfacevty 0 4

  [Quidway-ui-vty0-4]authentication-modepassword

  [Quidway-ui-vty0-4]setauthentication-mode password simple 222

  [Quidway-ui-vty0-4]userprivilege level 3

  [Quidway-ui-vty0-4]quit

  [Quidway]debugginghdlc all serial0 顯示所有信息

  [Quidway]debugginghdlc event serial0 調(diào)試事件信息

  [Quidway]debugginghdlc packet serial0 顯示包的信息

  靜態(tài)路由:

  [Quidway]iproute-static {interfacenumber|nexthop}[value][reject|blackhole]

  例如:

  [Quidway]iproute-static 129.1.0.0 16 10.0.0.2

  [Quidway]iproute-static 129.1.0.0 255.255.0.0 10.0.0.2

  [Quidway]iproute-static 129.1.0.0 16 Serial 2

  [Quidway]ip route-static0.0.0.0 0.0.0.0 10.0.0.2

  動(dòng)態(tài)路由:

  [Quidway]rip

  [Quidway]rip work

  [Quidway]rip input

  [Quidway]ripoutput

  [Quidway-rip]network1.0.0.0 可以all

  [Quidway-rip]network2.0.0.0

  [Quidway-rip]peerip-address

  [Quidway-rip]summary

  [Quidway]ripversion 1

  [Quidway]ripversion 2 multicast

  [Quidway-Ethernet0]ripsplit-horizon 水平分隔

  [Quidway]router idA.B.C.D 配置路由器的ID

  [Quidway]ospfenable 啟動(dòng)OSPF協(xié)議

  [Quidway-ospf]import-routedirect 引入直聯(lián)路由

  [Quidway-Serial0]ospfenable area 配置OSPF區(qū)域

  標(biāo)準(zhǔn)訪問列表命令格式如下:

  acl [match-order config|auto] 默認(rèn)前者順序匹配。

  rule[normal|special]{permit|deny} [source source-addr source-wildcard|any]

  例:

  [Quidway]acl 10

  [Quidway-acl-10]rulenormal permit source 10.0.0.0 0.0.0.255

  [Quidway-acl-10]rulenormal deny source any

  擴(kuò)展訪問控制列表配置命令

  配置TCP/UDP協(xié)議的擴(kuò)展訪問列表:

  rule{normal|special}{permit|deny}{tcp|udp}source {|any}destination|any}

  [operate]

  配置ICMP協(xié)議的擴(kuò)展訪問列表:

  rule{normal|special}{permit|deny}icmp source {|any]destination{|any]

  [icmp-code][logging]

  擴(kuò)展訪問控制列表操作符的含義

  equalportnumber 等于

  greater-thanportnumber 大于

  less-thanportnumber 小于

  not-equalportnumber 不等

  range portnumber1portnumber2 區(qū)間

  擴(kuò)展訪問控制列表舉例

  [Quidway]acl 101

  [Quidway-acl-101]ruledeny souce any destination any

  [Quidway-acl-101]rulepermit icmp source any destination any icmp-type echo

  [Quidway-acl-101]rulepermit icmp source any destination any icmp-type echo-reply

  [Quidway]acl 102

  [Quidway-acl-102]rulepermit ip source 10.0.0.1 0.0.0.0 destination 202.0.0.1 0.0.0.0

  [Quidway-acl-102]ruledeny ip source any destination any

  [Quidway]acl 103

  [Quidway-acl-103]rulepermit tcp source any destination 10.0.0.1 0.0.0.0 destination-port equal ftp

  [Quidway-acl-103]rulepermit tcp source any destination 10.0.0.2 0.0.0.0 destination-port equal www

  [Quidway]firewallenable

  [Quidway]firewalldefault permit|deny

  [Quidway]int e0

  [Quidway-Ethernet0]firewallpacket-filter 101 inbound|outbound

  地址轉(zhuǎn)換配置舉例

  [Quidway]firewallenable

  [Quidway]firewalldefault permit

  [Quidway]acl 101

  [Quidway-acl-101]ruledeny ip source any destination any

  [Quidway-acl-101]rulepermit ip source 129.38.1.4 0 destination any

  [Quidway-acl-101]rulepermit ip source 129.38.1.1 0 destination any

  [Quidway-acl-101]rulepermit ip source 129.38.1.2 0 destination any

  [Quidway-acl-101]rulepermit ip source 129.38.1.3 0 destination any

  [Quidway]acl 102

  [Quidway-acl-102]rulepermit tcp source 202.39.2.3 0 destination 202.38.160.1 0

  [Quidway-acl-102]rulepermit tcp source any destination 202.38.160.1 0 destination-port great-than

  1024

  [Quidway-Ethernet0]firewallpacket-filter 101 inbound

  [Quidway-Serial0]firewallpacket-filter 102 inbound

  [Quidway]nataddress-group 202.38.160.101 202.38.160.103 pool1

  [Quidway]acl 1

  [Quidway-acl-1]rulepermit source 10.110.10.0 0.0.0.255

  [Quidway-acl-1]ruledeny source any

  [Quidway-acl-1]intserial 0

  [Quidway-Serial0]natoutbound 1 address-group pool1

  [Quidway-Serial0]natserver global 202.38.160.101 inside 10.110.10.1 ftp tcp

  [Quidway-Serial0]natserver global 202.38.160.102 inside 10.110.10.2 www tcp

  [Quidway-Serial0]natserver global 202.38.160.102 8080 inside 10.110.10.3 www tcp

  [Quidway-Serial0]natserver global 202.38.160.103 inside 10.110.10.4 smtp udp

  PPP驗(yàn)證:

  主驗(yàn)方:pap|chap

  [Quidway]local-useru2 password {simple|cipher} aaa

  [Quidway]interfaceserial 0

  [Quidway-serial0]pppauthentication-mode {pap|chap}

  [Quidway-serial0]pppchap user u1 //pap時(shí),不用此句

  pap被驗(yàn)方:

  [Quidway]interfaceserial 0

  [Quidway-serial0]ppppap local-user u2 password {simple|cipher} aaa

  chap被驗(yàn)方:

  [Quidway]interfaceserial 0

  [Quidway-serial0]pppchap user u1

  [Quidway-serial0]local-useru2 password {simple|cipher} aaa

  ----------------------------------------------------

  H3C路由器配置方案注解

  #

  version 5.20,Release 1719 //版本信息,自動(dòng)顯示

  #

  sysname H3C //給設(shè)備命名為H3C

  #

  super passwordlevel 3 cipher 7WC1<3E`[Y)./a!1$H@GYA!! //設(shè)置super密碼

  #

  domain defaultenable system

  #

  telnet serverenable

  #

  vlan 1

  #

  domain system

  access-limitdisable

  state active

  idle-cut disable

  self-service-urldisable

  #

  user-group system//從此以上未標(biāo)注的為默認(rèn)配置,不用去理解

  #

  local-user admin//添加用戶名為admin的用戶

  password cipher.]@USE=B,53Q=^Q`MAF4<1!! //設(shè)置密碼(密文)

  authorization-attributelevel 3 //設(shè)置用戶權(quán)限為3級(最高)

  service-typetelnet //設(shè)置用戶的模式為telnet用戶

  local-user share//從此往下四行同上

  password cipher[HM$GH8P1GSQ=^Q`MAF4<1!!

  authorization-attributelevel 1

  service-type telnet

  #

  controller E1 0/0//進(jìn)入E1物理端口(兩兆口)

  using e1 //設(shè)置端口模式為E1(設(shè)置后下面會(huì)出現(xiàn)interface Serial0/0:0)

  #

  interface Aux0 //從此以下三行為主控板aux口默認(rèn)配置

  async mode flow

  link-protocol ppp

  #

  interfaceEthernet0/0 //進(jìn)入E0/0接口(以太網(wǎng)口)

  port link-moderoute //配置該接口為路由模式

  #

  interface Serial0/0:0//進(jìn)入Serial0/0:0端口(前面用using e1命令后產(chǎn)生,對應(yīng)E1端口)

  link-protocol ppp//配置鏈路協(xié)議為ppp(默認(rèn))

  ip address74.1.63.170 255.255.255.252 //配置該接口IP地址

  #

  interface NULL0

  #

  interfaceVlan-interface1 //lan口vlan地址(lan口地址)

  ip address192.168.1.1 255.255.255.0

  #

  interfaceEthernet0/1

  port link-modebridge

  #

  interfaceEthernet0/2

  port link-modebridge

  #

  interfaceEthernet0/3

  port link-modebridge

  #

  interfaceEthernet0/4

  port link-modebridge

  #

  ip route-static74.1.8.0 255.255.255.0 74.1.63.169 //配置靜態(tài)路由

  #

  user-interface aux0

  user-interface vty0 4 //進(jìn)入vty接口(遠(yuǎn)程登陸接口)0-4通道

  authentication-modescheme //配置登陸驗(yàn)證類型為scheme(用戶驗(yàn)證型)

  user privilegelevel 1 //設(shè)置當(dāng)驗(yàn)證模式不是scheme類型時(shí)的登錄級別(廢配置)

  #

  return

  -----------------------------------------------

  H3C路由器基本配置命令

  [Quidway]displayversion 顯示版本信息

  [Quidway]displaycurrent-configuration 顯示當(dāng)前配置

  [Quidway]displayinterfaces 顯示接口信息

  [Quidway]displayip route 顯示路由信息

  [Quidway]sysnameaabbcc 更改主機(jī)名

  [Quidway]superpasswrod 123456 設(shè)置口令

  [Quidway]interfaceserial0 進(jìn)入接口

  [Quidway-serial0]ipaddress

  [Quidway-serial0]undoshutdown 激活端口

  [Quidway]link-protocolhdlc 綁定hdlc協(xié)議

  [Quidway]user-interfacevty 0 4

  [Quidway-ui-vty0-4]authentication-modepassword

  [Quidway-ui-vty0-4]setauthentication-mode password simple 222

  [Quidway-ui-vty0-4]userprivilege level 3

  [Quidway-ui-vty0-4]quit

  [Quidway]debugginghdlc all serial0 顯示所有信息

  [Quidway]debugginghdlc event serial0 調(diào)試事件信息

  [Quidway]debugginghdlc packet serial0 顯示包的信息

  靜態(tài)路由:

  [Quidway]iproute-static {interfacenumber|nexthop}[value][reject|blackhole]

  例如:

  [Quidway]iproute-static 129.1.0.0 16 10.0.0.2

  [Quidway]iproute-static 129.1.0.0 255.255.0.0 10.0.0.2

  [Quidway]iproute-static 129.1.0.0 16 Serial 2

  [Quidway]iproute-static 0.0.0.0 0.0.0.0 10.0.0.2

  動(dòng)態(tài)路由:

  [Quidway]rip

  [Quidway]rip work

  [Quidway]rip input

  [Quidway]ripoutput

  [Quidway-rip]network1.0.0.0 ;可以all

  [Quidway-rip]network2.0.0.0

  [Quidway-rip]peerip-address

  [Quidway-rip]summary

  [Quidway]ripversion 1

  [Quidway]ripversion 2 multicast

  [Quidway-Ethernet0]ripsplit-horizon ;水平分隔

  [Quidway]router idA.B.C.D 配置路由器的ID

  [Quidway]ospfenable 啟動(dòng)OSPF協(xié)議

  [Quidway-ospf]import-routedirect 引入直聯(lián)路由

  [Quidway-Serial0]ospfenable area 配置OSPF區(qū)域

  標(biāo)準(zhǔn)訪問列表命令格式如下:

  acl [match-order config|auto] 默認(rèn)前者順序匹配。

  rule[normal|special]{permit|deny} [source source-addr source-wildcard|any]

  例:

  [Quidway]acl 10

  [Quidway-acl-10]rulenormal permit source 10.0.0.0 0.0.0.255

  [Quidway-acl-10]rulenormal deny source any

  擴(kuò)展訪問控制列表配置命令

  配置TCP/UDP協(xié)議的擴(kuò)展訪問列表:

  rule{normal|special}{permit|deny}{tcp|udp}source {|any}destination|any}

  [operate]

  配置ICMP協(xié)議的擴(kuò)展訪問列表:

  rule{normal|special}{permit|deny}icmp source {|any]destination{|any]

  [icmp-code][logging]

  擴(kuò)展訪問控制列表操作符的含義

  equalportnumber 等于

  greater-thanportnumber 大于

  less-thanportnumber 小于

  not-equalportnumber 不等

  range portnumber1portnumber2 區(qū)間

  擴(kuò)展訪問控制列表舉例

  [Quidway]acl 101

  [Quidway-acl-101]ruledeny souce any destination any

  [Quidway-acl-101]rulepermit icmp source any destination any icmp-type echo

  [Quidway-acl-101]rulepermit icmp source any destination any icmp-type echo-reply

  [Quidway]acl 102

  [Quidway-acl-102]rulepermit ip source 10.0.0.1 0.0.0.0 destination 202.0.0.1 0.0.0.0

  [Quidway-acl-102]ruledeny ip source any destination any

  [Quidway]acl 103

  [Quidway-acl-103]rulepermit tcp source any destination 10.0.0.1 0.0.0.0 destination-port equal ftp

  [Quidway-acl-103]rulepermit tcp source any destination 10.0.0.2 0.0.0.0 destination-port equal www

  [Quidway]firewallenable

  [Quidway]firewalldefault permit|deny

  [Quidway]int e0

  [Quidway-Ethernet0]firewallpacket-filter 101 inbound|outbound

  地址轉(zhuǎn)換配置舉例

  [Quidway]firewallenable

  [Quidway]firewalldefault permit

  [Quidway]acl 101

  [Quidway-acl-101]ruledeny ip source any destination any

  [Quidway-acl-101]rulepermit ip source 129.38.1.4 0 destination any

  [Quidway-acl-101]rulepermit ip source 129.38.1.1 0 destination any

  [Quidway-acl-101]rulepermit ip source 129.38.1.2 0 destination any

  [Quidway-acl-101]rulepermit ip source 129.38.1.3 0 destination any

  [Quidway]acl 102

  [Quidway-acl-102]rulepermit tcp source 202.39.2.3 0 destination 202.38.160.1 0

  [Quidway-acl-102]rulepermit tcp source any destination 202.38.160.1 0 destination-port great-than

  1024

  [Quidway-Ethernet0]firewallpacket-filter 101 inbound

  [Quidway-Serial0]firewallpacket-filter 102 inbound

  [Quidway]nataddress-group 202.38.160.101 202.38.160.103 pool1

  [Quidway]acl 1

  [Quidway-acl-1]rulepermit source 10.110.10.0 0.0.0.255

  [Quidway-acl-1]ruledeny source any

  [Quidway-acl-1]intserial 0

  [Quidway-Serial0]natoutbound 1 address-group pool1

  [Quidway-Serial0]natserver global 202.38.160.101 inside 10.110.10.1 ftp tcp

  [Quidway-Serial0]natserver global 202.38.160.102 inside 10.110.10.2 www tcp

  [Quidway-Serial0]natserver global 202.38.160.102 8080 inside 10.110.10.3 www tcp

  [Quidway-Serial0]natserver global 202.38.160.103 inside 10.110.10.4 smtp udp

  PPP驗(yàn)證:

  主驗(yàn)方:pap|chap

  [Quidway]local-useru2 password {simple|cipher} aaa

  [Quidway]interfaceserial 0

  [Quidway-serial0]pppauthentication-mode {pap|chap}

  [Quidway-serial0]pppchap user u1 //pap時(shí),不用此句

  pap被驗(yàn)方:

  [Quidway]interfaceserial 0

  [Quidway-serial0]ppppap local-user u2 password {simple|cipher} aaa

  chap被驗(yàn)方:

  [Quidway]interfaceserial 0

  [Quidway-serial0]pppchap user u1

  [Quidway-serial0]local-useru2 password {simple|cipher} aaa

【H3C交換機(jī)簡單配置案例】相關(guān)文章:

h3c交換機(jī)配置telnet配置教程09-23

H3C交換機(jī)清空配置07-27

h3c交換機(jī)清除配置命令01-27

h3c交換機(jī)保存配置命令09-13

H3C交換機(jī)系統(tǒng)基本配置08-30

H3C交換機(jī)配置靜態(tài)路由的方法03-30

h3c交換機(jī)配置telnet實(shí)例教程04-01

交換機(jī)VLAN接口靜態(tài)IP地址配置「案例」03-30

H3C路由器簡單配置04-06

h3c交換機(jī)清除密碼09-08