当前位置:文学乐>工作职场>IT认证>

2016年H3C交换机简单配置案例

文学乐 人气:7.62K

本文为大家带来的是H3C交换机简单配置案例,这里使用的H3C交换机是H126A,仅仅只做了最基本的配置以满足使用。

配置中可以通过display current-configura命令来显示当前使用的配置内容。

# 配置VLAN 1

system-view

System View:return to User View with Ctrl+Z.

[Sysname]vlan 1

[Sysname-vlan1]quit

[Sysname]management-vlan1

[Sysname]interfaceVlan-interface 1

[Sysname-Vlan-interface1]ip address

# 显示VLAN 接口1 的相关信息。

display ip interface Vlan-interface 1

# 创建VLAN(H3C不支持cisco的VTP,所以只能添加静态VLAN)

system-view

System View:return to User View with Ctrl+Z.

[H3C_TEST]vlan 99

[H3C_TEST-vlan99]nameseicoffice

[H3C_TEST-vlan99]quit

# 把交换机的端端口划分到相应的Vlan中

[H3C_TEST]interfaceethernet1/0/2//进入端口模式

[H3C_TEST-Ethernet1/0/2]portlink-type access //设置端口的类型为access

[H3C_TEST-Ethernet1/0/2]portaccess vlan 99//把当前端口划到vlan 99

[H3C_TEST]vlan 99

[H3C_TEST-vlan99]portethernet1/0/1 to ethernet1/0/24//把以及网端口1/0/1到1/0/24划到vlan99

[H3C_TEST-vlan99]quit

[H3C_TEST-GigabitEthernet1/2/1]porttrunk permit vlan 1 99 // {ID|All} 设置trunk端口允许通过的VLAN

------------------------------------

# 配置本地用户

system-view

System View:return to User View with Ctrl+Z.

[Sysname]local-userh3c

New local useradded.

[Sysname-luser-h3c]service-typetelnet level 3

[Sysname-luser-h3c]passwordsimple h3c

# 配置欢迎信息

[H3C_TEST]headerlogin %Welcome to login h3c!%

# 配置用户认证方式telnet(vty 0-4)

[H3C_TEST]user-interfacevty 0 4

[H3C_TEST-ui-vty0-4]authentication-modescheme

[H3C_TEST-ui-vty0-4]protocolinbound telnet

[H3C_TEST-ui-vty0-4]superauthentication-mode super-password

[H3C_TEST-ui-vty0-4]quit

[H3C_TEST]superpassword level 3 simple h3c //用户登陆后提升权限的密码

# 配置Radius策略

[H3C_TEST]radiusscheme radius1

New Radius scheme

[H3C_TEST-radius-radius1]primaryauthentication 1645

[H3C_TEST-radius-radius1]primaryaccounting 1646

[H3C_TEST-radius-radius1]secondaryauthentication 1645

[H3C_TEST-radius-radius1]secondaryaccounting 1646

[H3C_TEST-radius-radius1]timer5

[H3C_TEST-radius-radius1]keyauthentication h3c

[H3C_TEST-radius-radius1]keyaccounting h3c

[H3C_TEST-radius-radius1]server-typeextended

[H3C_TEST-radius-radius1]user-name-formatwithout-domain

# 配置域

[H3C_TEST]domainh3c

[H3C_TEST-isp-h3c]authenticationradius-scheme radius1 local

[H3C_TEST-isp-h3c]schemeradius-scheme radius1 local

[H3C_TEST]domaindefault enable h3c

# 配置在远程认证失败时,本地认证的key

[H3C_TEST]local-servernas-ip key h3c

telnet仅用密码登录,管理员权限

[Router]user-interfacevty 0 4[Router-ui-vty0-4]user privilege level 3[Router-ui-vty0-4]setauthentication password simple abc

telnet仅用密码登录,非管理员权限

[Router]superpassword level 3 simple super

[Router]user-interfacevty 0 4[Router-ui-vty0-4]user privilege level 1[Router-ui-vty0-4]setauthentication password simple abc

telnet使用路由器上配置的用户名密码登录,管理员权限

[Router]local-useradmin password simple admin[Router]local-user admin service-typetelnet[Router]local-user admin level 3

[Router]user-interfacevty 0 4[Router-ui-vty0-4]authentication-mode local

telnet使用路由器上配置的用户名密码登录,非管理员权限

[Router]superpassword level 3 simple super

[Router]local-usermanage password simple manage[Router]local-user manage service-typetelnet[Router]local-user manage level 2

[Router]user-interfacevty 0 4[Router-ui-vty0-4]authentication-mode local

对console口设置密码,登录后使用管理员权限

[Router]user-interfacecon 0[Router-ui-console0]user privilege level 3[Router-ui-console0]setauthentication password simple abc

对console口设置密码,登录后使用非管理员权限

[Router]superpassword level 3 simple super

[Router]user-interfacecon 0[Router-ui-console0]user privilege level 1[Router-ui-console0]setauthentication password simple abc

对console口设置用户名和密码,登录后使用管理员权限

[Router]local-useradmin password simple admin[Router]local-user admin service-typeterminal[Router]local-user admin level 3

[Router]user-interfacecon 0[Router-ui-console0]authentication-mode local

对console口设置用户名和密码,登录后使用非管理员权限

[Router]superpassword level 3 simple super

[Router]local-usermanage password simple manage[Router]local-user manage service-typeterminal[Router]local-user manage level 2

[Router]user-interfacecon 0[Router-ui-console0]authentication-mode local

simple 是明文显示,cipher 是加密显示

路由器不设置telnet登录配置时,用户无法通过telnet登录到路由器上

[Router-ui-vty0-4]acl2000 inbound可以通过acl的规则只允许符合条件的用户远程登录路由器

路由器命令

~~~~~~~~~~

[Quidway]displayversion 显示版本信息

[Quidway]displaycurrent-configuration 显示当前配置

[Quidway]displayinterfaces 显示接口信息

[Quidway]displayip route 显示路由信息

[Quidway]sysnameaabbcc 更改主机名

[Quidway]superpasswrod 123456 设置口令

[Quidway]interfaceserial0 进入接口

[Quidway-serial0]ipaddress

[Quidway-serial0]undoshutdown 激活端口

[Quidway]link-protocolhdlc 绑定hdlc协议

[Quidway]user-interfacevty 0 4

[Quidway-ui-vty0-4]authentication-modepassword

[Quidway-ui-vty0-4]setauthentication-mode password simple 222

[Quidway-ui-vty0-4]userprivilege level 3

[Quidway-ui-vty0-4]quit

[Quidway]debugginghdlc all serial0 显示所有信息

[Quidway]debugginghdlc event serial0 调试事件信息

[Quidway]debugginghdlc packet serial0 显示包的.信息

静态路由:

[Quidway]iproute-static {interfacenumber|nexthop}[value][reject|blackhole]

例如:

[Quidway]iproute-static 16

[Quidway]iproute-static

[Quidway]iproute-static 16 Serial 2

[Quidway]ip

动态路由:

[Quidway]rip

[Quidway]rip work

[Quidway]rip input

[Quidway]ripoutput

[Quidway-rip] 可以all

[Quidway-rip]

[Quidway-rip]peerip-address

[Quidway-rip]summary

[Quidway]ripversion 1

[Quidway]ripversion 2 multicast

[Quidway-Ethernet0]ripsplit-horizon 水平分隔

[Quidway]router idA.B.C.D 配置路由器的ID

[Quidway]ospfenable 启动OSPF协议

[Quidway-ospf]import-routedirect 引入直联路由

[Quidway-Serial0]ospfenable area 配置OSPF区域

标准访问列表命令格式如下:

acl [match-order config|auto] 默认前者顺序匹配。

rule[normal|special]{permit|deny} [source source-addr source-wildcard|any]

例:

[Quidway]acl 10

[Quidway-acl-10]rulenormal permit source

[Quidway-acl-10]rulenormal deny source any

扩展访问控制列表配置命令

配置TCP/UDP协议的扩展访问列表:

rule{normal|special}{permit|deny}{tcp|udp}source {|any}destination|any}

[operate]

配置ICMP协议的扩展访问列表:

rule{normal|special}{permit|deny}icmp source {|any]destination{|any]

[icmp-code][logging]

扩展访问控制列表操作符的含义

equalportnumber 等于

greater-thanportnumber 大于

less-thanportnumber 小于

not-equalportnumber 不等

range portnumber1portnumber2 区间

扩展访问控制列表举例

[Quidway]acl 101

[Quidway-acl-101]ruledeny souce any destination any

[Quidway-acl-101]rulepermit icmp source any destination any icmp-type echo

[Quidway-acl-101]rulepermit icmp source any destination any icmp-type echo-reply

[Quidway]acl 102

[Quidway-acl-102]rulepermit ip source destination

[Quidway-acl-102]ruledeny ip source any destination any

[Quidway]acl 103

[Quidway-acl-103]rulepermit tcp source any destination destination-port equal ftp

[Quidway-acl-103]rulepermit tcp source any destination destination-port equal www

[Quidway]firewallenable

[Quidway]firewalldefault permit|deny

[Quidway]int e0

[Quidway-Ethernet0]firewallpacket-filter 101 inbound|outbound

地址转换配置举例

[Quidway]firewallenable

[Quidway]firewalldefault permit

[Quidway]acl 101

[Quidway-acl-101]ruledeny ip source any destination any

[Quidway-acl-101]rulepermit ip source 0 destination any

[Quidway-acl-101]rulepermit ip source 0 destination any

[Quidway-acl-101]rulepermit ip source 0 destination any

[Quidway-acl-101]rulepermit ip source 0 destination any

[Quidway]acl 102

[Quidway-acl-102]rulepermit tcp source 0 destination 0

[Quidway-acl-102]rulepermit tcp source any destination 0 destination-port great-than

1024

[Quidway-Ethernet0]firewallpacket-filter 101 inbound

[Quidway-Serial0]firewallpacket-filter 102 inbound

[Quidway]nataddress-group pool1

[Quidway]acl 1

[Quidway-acl-1]rulepermit source

[Quidway-acl-1]ruledeny source any

[Quidway-acl-1]intserial 0

[Quidway-Serial0]natoutbound 1 address-group pool1

[Quidway-Serial0]natserver global inside ftp tcp

[Quidway-Serial0]natserver global inside www tcp

[Quidway-Serial0]natserver global 8080 inside www tcp

[Quidway-Serial0]natserver global inside smtp udp

PPP验证:

主验方:pap|chap

[Quidway]local-useru2 password {simple|cipher} aaa

[Quidway]interfaceserial 0

[Quidway-serial0]pppauthentication-mode {pap|chap}

[Quidway-serial0]pppchap user u1 //pap时,不用此句

pap被验方:

[Quidway]interfaceserial 0

[Quidway-serial0]ppppap local-user u2 password {simple|cipher} aaa

chap被验方:

[Quidway]interfaceserial 0

[Quidway-serial0]pppchap user u1

[Quidway-serial0]local-useru2 password {simple|cipher} aaa

----------------------------------------------------

H3C路由器配置方案注解

#

version 5.20,Release 1719 //版本信息,自动显示

#

sysname H3C //给设备命名为H3C

#

super passwordlevel 3 cipher 7WC1<3E`[Y)./a!1$H@GYA!! //设置super密码

#

domain defaultenable system

#

telnet serverenable

#

vlan 1

#

domain system

access-limitdisable

state active

idle-cut disable

self-service-urldisable

#

user-group system//从此以上未标注的为默认配置,不用去理解

#

local-user admin//添加用户名为admin的用户

password cipher.]@USE=B,53Q=^Q`MAF4<1!! //设置密码(密文)

authorization-attributelevel 3 //设置用户权限为3级(最高)

service-typetelnet //设置用户的模式为telnet用户

local-user share//从此往下四行同上

password cipher[HM$GH8P1GSQ=^Q`MAF4<1!!

authorization-attributelevel 1

service-type telnet

#

controller E1 0/0//进入E1物理端口(两兆口)

using e1 //设置端口模式为E1(设置后下面会出现interface Serial0/0:0)

#

interface Aux0 //从此以下三行为主控板aux口默认配置

async mode flow

link-protocol ppp

#

interfaceEthernet0/0 //进入E0/0接口(以太网口)

port link-moderoute //配置该接口为路由模式

#

interface Serial0/0:0//进入Serial0/0:0端口(前面用using e1命令后产生,对应E1端口)

link-protocol ppp//配置链路协议为ppp(默认)

ip //配置该接口IP地址

#

interface NULL0

#

interfaceVlan-interface1 //lan口vlan地址(lan口地址)

ip

#

interfaceEthernet0/1

port link-modebridge

#

interfaceEthernet0/2

port link-modebridge

#

interfaceEthernet0/3

port link-modebridge

#

interfaceEthernet0/4

port link-modebridge

#

ip //配置静态路由

#

user-interface aux0

user-interface vty0 4 //进入vty接口(远程登陆接口)0-4通道

authentication-modescheme //配置登陆验证类型为scheme(用户验证型)

user privilegelevel 1 //设置当验证模式不是scheme类型时的登录级别(废配置)

#

return

-----------------------------------------------

H3C路由器基本配置命令

[Quidway]displayversion 显示版本信息

[Quidway]displaycurrent-configuration 显示当前配置

[Quidway]displayinterfaces 显示接口信息

[Quidway]displayip route 显示路由信息

[Quidway]sysnameaabbcc 更改主机名

[Quidway]superpasswrod 123456 设置口令

[Quidway]interfaceserial0 进入接口

[Quidway-serial0]ipaddress

[Quidway-serial0]undoshutdown 激活端口

[Quidway]link-protocolhdlc 绑定hdlc协议

[Quidway]user-interfacevty 0 4

[Quidway-ui-vty0-4]authentication-modepassword

[Quidway-ui-vty0-4]setauthentication-mode password simple 222

[Quidway-ui-vty0-4]userprivilege level 3

[Quidway-ui-vty0-4]quit

[Quidway]debugginghdlc all serial0 显示所有信息

[Quidway]debugginghdlc event serial0 调试事件信息

[Quidway]debugginghdlc packet serial0 显示包的信息

静态路由:

[Quidway]iproute-static {interfacenumber|nexthop}[value][reject|blackhole]

例如:

[Quidway]iproute-static 16

[Quidway]iproute-static

[Quidway]iproute-static 16 Serial 2

[Quidway]iproute-static

动态路由:

[Quidway]rip

[Quidway]rip work

[Quidway]rip input

[Quidway]ripoutput

[Quidway-rip] ;可以all

[Quidway-rip]

[Quidway-rip]peerip-address

[Quidway-rip]summary

[Quidway]ripversion 1

[Quidway]ripversion 2 multicast

[Quidway-Ethernet0]ripsplit-horizon ;水平分隔

[Quidway]router idA.B.C.D 配置路由器的ID

[Quidway]ospfenable 启动OSPF协议

[Quidway-ospf]import-routedirect 引入直联路由

[Quidway-Serial0]ospfenable area 配置OSPF区域

标准访问列表命令格式如下:

acl [match-order config|auto] 默认前者顺序匹配。

rule[normal|special]{permit|deny} [source source-addr source-wildcard|any]

例:

[Quidway]acl 10

[Quidway-acl-10]rulenormal permit source

[Quidway-acl-10]rulenormal deny source any

扩展访问控制列表配置命令

配置TCP/UDP协议的扩展访问列表:

rule{normal|special}{permit|deny}{tcp|udp}source {|any}destination|any}

[operate]

配置ICMP协议的扩展访问列表:

rule{normal|special}{permit|deny}icmp source {|any]destination{|any]

[icmp-code][logging]

扩展访问控制列表操作符的含义

equalportnumber 等于

greater-thanportnumber 大于

less-thanportnumber 小于

not-equalportnumber 不等

range portnumber1portnumber2 区间

扩展访问控制列表举例

[Quidway]acl 101

[Quidway-acl-101]ruledeny souce any destination any

[Quidway-acl-101]rulepermit icmp source any destination any icmp-type echo

[Quidway-acl-101]rulepermit icmp source any destination any icmp-type echo-reply

[Quidway]acl 102

[Quidway-acl-102]rulepermit ip source destination

[Quidway-acl-102]ruledeny ip source any destination any

[Quidway]acl 103

[Quidway-acl-103]rulepermit tcp source any destination destination-port equal ftp

[Quidway-acl-103]rulepermit tcp source any destination destination-port equal www

[Quidway]firewallenable

[Quidway]firewalldefault permit|deny

[Quidway]int e0

[Quidway-Ethernet0]firewallpacket-filter 101 inbound|outbound

地址转换配置举例

[Quidway]firewallenable

[Quidway]firewalldefault permit

[Quidway]acl 101

[Quidway-acl-101]ruledeny ip source any destination any

[Quidway-acl-101]rulepermit ip source 0 destination any

[Quidway-acl-101]rulepermit ip source 0 destination any

[Quidway-acl-101]rulepermit ip source 0 destination any

[Quidway-acl-101]rulepermit ip source 0 destination any

[Quidway]acl 102

[Quidway-acl-102]rulepermit tcp source 0 destination 0

[Quidway-acl-102]rulepermit tcp source any destination 0 destination-port great-than

1024

[Quidway-Ethernet0]firewallpacket-filter 101 inbound

[Quidway-Serial0]firewallpacket-filter 102 inbound

[Quidway]nataddress-group pool1

[Quidway]acl 1

[Quidway-acl-1]rulepermit source

[Quidway-acl-1]ruledeny source any

[Quidway-acl-1]intserial 0

[Quidway-Serial0]natoutbound 1 address-group pool1

[Quidway-Serial0]natserver global inside ftp tcp

[Quidway-Serial0]natserver global inside www tcp

[Quidway-Serial0]natserver global 8080 inside www tcp

[Quidway-Serial0]natserver global inside smtp udp

PPP验证:

主验方:pap|chap

[Quidway]local-useru2 password {simple|cipher} aaa

[Quidway]interfaceserial 0

[Quidway-serial0]pppauthentication-mode {pap|chap}

[Quidway-serial0]pppchap user u1 //pap时,不用此句

pap被验方:

[Quidway]interfaceserial 0

[Quidway-serial0]ppppap local-user u2 password {simple|cipher} aaa

chap被验方:

[Quidway]interfaceserial 0

[Quidway-serial0]pppchap user u1

[Quidway-serial0]local-useru2 password {simple|cipher} aaa

TAGS:案例 交换机 配置 H3C
相关文章:
热门推荐
猜你喜欢
今日热门
更多推荐

Copyright©2024 文学乐 wenxuele.com版权所有