當前位置:學問君>人在職場>IT認證>

2016年H3C交換機簡單配置案例

學問君 人氣:8.6K

本文爲大家帶來的是H3C交換機簡單配置案例,這裏使用的H3C交換機是H126A,僅僅只做了最基本的配置以滿足使用。

配置中可以透過display current-configura命令來顯示當前使用的配置內容。

# 配置VLAN 1

system-view

System View:return to User View with Ctrl+Z.

[Sysname]vlan 1

[Sysname-vlan1]quit

[Sysname]management-vlan1

[Sysname]interfaceVlan-interface 1

[Sysname-Vlan-interface1]ip address

# 顯示VLAN 接口1 的相關資訊。

display ip interface Vlan-interface 1

# 創建VLAN(H3C不支援cisco的VTP,所以只能添加靜態VLAN)

system-view

System View:return to User View with Ctrl+Z.

[H3C_TEST]vlan 99

[H3C_TEST-vlan99]nameseicoffice

[H3C_TEST-vlan99]quit

# 把交換機的端端口劃分到相應的Vlan中

[H3C_TEST]interfaceethernet1/0/2//進入端口模式

[H3C_TEST-Ethernet1/0/2]portlink-type access //設定端口的類型爲access

[H3C_TEST-Ethernet1/0/2]portaccess vlan 99//把當前端口劃到vlan 99

[H3C_TEST]vlan 99

[H3C_TEST-vlan99]portethernet1/0/1 to ethernet1/0/24//把以及網端口1/0/1到1/0/24劃到vlan99

[H3C_TEST-vlan99]quit

[H3C_TEST-GigabitEthernet1/2/1]porttrunk permit vlan 1 99 // {ID|All} 設定trunk端口允許透過的VLAN

------------------------------------

# 配置本地用戶

system-view

System View:return to User View with Ctrl+Z.

[Sysname]local-userh3c

New local useradded.

[Sysname-luser-h3c]service-typetelnet level 3

[Sysname-luser-h3c]passwordsimple h3c

# 配置歡迎資訊

[H3C_TEST]headerlogin %Welcome to login h3c!%

# 配置用戶認證方式telnet(vty 0-4)

[H3C_TEST]user-interfacevty 0 4

[H3C_TEST-ui-vty0-4]authentication-modescheme

[H3C_TEST-ui-vty0-4]protocolinbound telnet

[H3C_TEST-ui-vty0-4]superauthentication-mode super-password

[H3C_TEST-ui-vty0-4]quit

[H3C_TEST]superpassword level 3 simple h3c //用戶登陸後提升權限的密碼

# 配置Radius策略

[H3C_TEST]radiusscheme radius1

New Radius scheme

[H3C_TEST-radius-radius1]primaryauthentication 1645

[H3C_TEST-radius-radius1]primaryaccounting 1646

[H3C_TEST-radius-radius1]secondaryauthentication 1645

[H3C_TEST-radius-radius1]secondaryaccounting 1646

[H3C_TEST-radius-radius1]timer5

[H3C_TEST-radius-radius1]keyauthentication h3c

[H3C_TEST-radius-radius1]keyaccounting h3c

[H3C_TEST-radius-radius1]server-typeextended

[H3C_TEST-radius-radius1]user-name-formatwithout-domain

# 配置域

[H3C_TEST]domainh3c

[H3C_TEST-isp-h3c]authenticationradius-scheme radius1 local

[H3C_TEST-isp-h3c]schemeradius-scheme radius1 local

[H3C_TEST]domaindefault enable h3c

# 配置在遠程認證失敗時,本地認證的key

[H3C_TEST]local-servernas-ip key h3c

telnet僅用密碼登入,管理員權限

[Router]user-interfacevty 0 4[Router-ui-vty0-4]user privilege level 3[Router-ui-vty0-4]setauthentication password simple abc

telnet僅用密碼登入,非管理員權限

[Router]superpassword level 3 simple super

[Router]user-interfacevty 0 4[Router-ui-vty0-4]user privilege level 1[Router-ui-vty0-4]setauthentication password simple abc

telnet使用路由器上配置的用戶名密碼登入,管理員權限

[Router]local-useradmin password simple admin[Router]local-user admin service-typetelnet[Router]local-user admin level 3

[Router]user-interfacevty 0 4[Router-ui-vty0-4]authentication-mode local

telnet使用路由器上配置的用戶名密碼登入,非管理員權限

[Router]superpassword level 3 simple super

[Router]local-usermanage password simple manage[Router]local-user manage service-typetelnet[Router]local-user manage level 2

[Router]user-interfacevty 0 4[Router-ui-vty0-4]authentication-mode local

對console口設定密碼,登入後使用管理員權限

[Router]user-interfacecon 0[Router-ui-console0]user privilege level 3[Router-ui-console0]setauthentication password simple abc

對console口設定密碼,登入後使用非管理員權限

[Router]superpassword level 3 simple super

[Router]user-interfacecon 0[Router-ui-console0]user privilege level 1[Router-ui-console0]setauthentication password simple abc

對console口設定用戶名和密碼,登入後使用管理員權限

[Router]local-useradmin password simple admin[Router]local-user admin service-typeterminal[Router]local-user admin level 3

[Router]user-interfacecon 0[Router-ui-console0]authentication-mode local

對console口設定用戶名和密碼,登入後使用非管理員權限

[Router]superpassword level 3 simple super

[Router]local-usermanage password simple manage[Router]local-user manage service-typeterminal[Router]local-user manage level 2

[Router]user-interfacecon 0[Router-ui-console0]authentication-mode local

simple 是明文顯示,cipher 是加密顯示

路由器不設定telnet登入配置時,用戶無法透過telnet登入到路由器上

[Router-ui-vty0-4]acl2000 inbound可以透過acl的規則只允許符合條件的用戶遠程登入路由器

路由器命令

~~~~~~~~~~

[Quidway]displayversion 顯示版本資訊

[Quidway]displaycurrent-configuration 顯示當前配置

[Quidway]displayinterfaces 顯示接口資訊

[Quidway]displayip route 顯示路由資訊

[Quidway]sysnameaabbcc 更改主機名

[Quidway]superpasswrod 123456 設定口令

[Quidway]interfaceserial0 進入接口

[Quidway-serial0]ipaddress

[Quidway-serial0]undoshutdown 激活端口

[Quidway]link-protocolhdlc 綁定hdlc協議

[Quidway]user-interfacevty 0 4

[Quidway-ui-vty0-4]authentication-modepassword

[Quidway-ui-vty0-4]setauthentication-mode password simple 222

[Quidway-ui-vty0-4]userprivilege level 3

[Quidway-ui-vty0-4]quit

[Quidway]debugginghdlc all serial0 顯示所有資訊

[Quidway]debugginghdlc event serial0 調試事件資訊

[Quidway]debugginghdlc packet serial0 顯示包的.資訊

靜態路由:

[Quidway]iproute-static {interfacenumber|nexthop}[value][reject|blackhole]

例如:

[Quidway]iproute-static 16

[Quidway]iproute-static

[Quidway]iproute-static 16 Serial 2

[Quidway]ip

動態路由:

[Quidway]rip

[Quidway]rip work

[Quidway]rip input

[Quidway]ripoutput

[Quidway-rip] 可以all

[Quidway-rip]

[Quidway-rip]peerip-address

[Quidway-rip]summary

[Quidway]ripversion 1

[Quidway]ripversion 2 multicast

[Quidway-Ethernet0]ripsplit-horizon 水平分隔

[Quidway]router idA.B.C.D 配置路由器的ID

[Quidway]ospfenable 啓動OSPF協議

[Quidway-ospf]import-routedirect 引入直聯路由

[Quidway-Serial0]ospfenable area 配置OSPF區域

標準訪問列表命令格式如下:

acl [match-order config|auto] 默認前者順序匹配。

rule[normal|special]{permit|deny} [source source-addr source-wildcard|any]

例:

[Quidway]acl 10

[Quidway-acl-10]rulenormal permit source

[Quidway-acl-10]rulenormal deny source any

擴展訪問控制列表配置命令

配置TCP/UDP協議的擴展訪問列表:

rule{normal|special}{permit|deny}{tcp|udp}source {|any}destination|any}

[operate]

配置ICMP協議的擴展訪問列表:

rule{normal|special}{permit|deny}icmp source {|any]destination{|any]

[icmp-code][logging]

擴展訪問控制列表操作符的含義

equalportnumber 等於

greater-thanportnumber 大於

less-thanportnumber 小於

not-equalportnumber 不等

range portnumber1portnumber2 區間

擴展訪問控制列表舉例

[Quidway]acl 101

[Quidway-acl-101]ruledeny souce any destination any

[Quidway-acl-101]rulepermit icmp source any destination any icmp-type echo

[Quidway-acl-101]rulepermit icmp source any destination any icmp-type echo-reply

[Quidway]acl 102

[Quidway-acl-102]rulepermit ip source destination

[Quidway-acl-102]ruledeny ip source any destination any

[Quidway]acl 103

[Quidway-acl-103]rulepermit tcp source any destination destination-port equal ftp

[Quidway-acl-103]rulepermit tcp source any destination destination-port equal www

[Quidway]firewallenable

[Quidway]firewalldefault permit|deny

[Quidway]int e0

[Quidway-Ethernet0]firewallpacket-filter 101 inbound|outbound

地址轉換配置舉例

[Quidway]firewallenable

[Quidway]firewalldefault permit

[Quidway]acl 101

[Quidway-acl-101]ruledeny ip source any destination any

[Quidway-acl-101]rulepermit ip source 0 destination any

[Quidway-acl-101]rulepermit ip source 0 destination any

[Quidway-acl-101]rulepermit ip source 0 destination any

[Quidway-acl-101]rulepermit ip source 0 destination any

[Quidway]acl 102

[Quidway-acl-102]rulepermit tcp source 0 destination 0

[Quidway-acl-102]rulepermit tcp source any destination 0 destination-port great-than

1024

[Quidway-Ethernet0]firewallpacket-filter 101 inbound

[Quidway-Serial0]firewallpacket-filter 102 inbound

[Quidway]nataddress-group pool1

[Quidway]acl 1

[Quidway-acl-1]rulepermit source

[Quidway-acl-1]ruledeny source any

[Quidway-acl-1]intserial 0

[Quidway-Serial0]natoutbound 1 address-group pool1

[Quidway-Serial0]natserver global inside ftp tcp

[Quidway-Serial0]natserver global inside www tcp

[Quidway-Serial0]natserver global 8080 inside www tcp

[Quidway-Serial0]natserver global inside smtp udp

PPP驗證:

主驗方:pap|chap

[Quidway]local-useru2 password {simple|cipher} aaa

[Quidway]interfaceserial 0

[Quidway-serial0]pppauthentication-mode {pap|chap}

[Quidway-serial0]pppchap user u1 //pap時,不用此句

pap被驗方:

[Quidway]interfaceserial 0

[Quidway-serial0]ppppap local-user u2 password {simple|cipher} aaa

chap被驗方:

[Quidway]interfaceserial 0

[Quidway-serial0]pppchap user u1

[Quidway-serial0]local-useru2 password {simple|cipher} aaa

----------------------------------------------------

H3C路由器配置方案註解

#

version 5.20,Release 1719 //版本資訊,自動顯示

#

sysname H3C //給設備命名爲H3C

#

super passwordlevel 3 cipher 7WC1<3E`[Y)./a!1$H@GYA!! //設定super密碼

#

domain defaultenable system

#

telnet serverenable

#

vlan 1

#

domain system

access-limitdisable

state active

idle-cut disable

self-service-urldisable

#

user-group system//從此以上未標註的爲默認配置,不用去理解

#

local-user admin//添加用戶名爲admin的用戶

password cipher.]@USE=B,53Q=^Q`MAF4<1!! //設定密碼(密文)

authorization-attributelevel 3 //設定用戶權限爲3級(最高)

service-typetelnet //設定用戶的模式爲telnet用戶

local-user share//從此往下四行同上

password cipher[HM$GH8P1GSQ=^Q`MAF4<1!!

authorization-attributelevel 1

service-type telnet

#

controller E1 0/0//進入E1物理端口(兩兆口)

using e1 //設定端口模式爲E1(設定後下面會出現interface Serial0/0:0)

#

interface Aux0 //從此以下三行爲主控板aux口默認配置

async mode flow

link-protocol ppp

#

interfaceEthernet0/0 //進入E0/0接口(以太網口)

port link-moderoute //配置該接口爲路由模式

#

interface Serial0/0:0//進入Serial0/0:0端口(前面用using e1命令後產生,對應E1端口)

link-protocol ppp//配置鏈路協議爲ppp(默認)

ip //配置該接口IP位址

#

interface NULL0

#

interfaceVlan-interface1 //lan口vlan地址(lan口地址)

ip

#

interfaceEthernet0/1

port link-modebridge

#

interfaceEthernet0/2

port link-modebridge

#

interfaceEthernet0/3

port link-modebridge

#

interfaceEthernet0/4

port link-modebridge

#

ip //配置靜態路由

#

user-interface aux0

user-interface vty0 4 //進入vty接口(遠程登陸接口)0-4通道

authentication-modescheme //配置登陸驗證類型爲scheme(用戶驗證型)

user privilegelevel 1 //設定當驗證模式不是scheme類型時的登入級別(廢配置)

#

return

-----------------------------------------------

H3C路由器基本配置命令

[Quidway]displayversion 顯示版本資訊

[Quidway]displaycurrent-configuration 顯示當前配置

[Quidway]displayinterfaces 顯示接口資訊

[Quidway]displayip route 顯示路由資訊

[Quidway]sysnameaabbcc 更改主機名

[Quidway]superpasswrod 123456 設定口令

[Quidway]interfaceserial0 進入接口

[Quidway-serial0]ipaddress

[Quidway-serial0]undoshutdown 激活端口

[Quidway]link-protocolhdlc 綁定hdlc協議

[Quidway]user-interfacevty 0 4

[Quidway-ui-vty0-4]authentication-modepassword

[Quidway-ui-vty0-4]setauthentication-mode password simple 222

[Quidway-ui-vty0-4]userprivilege level 3

[Quidway-ui-vty0-4]quit

[Quidway]debugginghdlc all serial0 顯示所有資訊

[Quidway]debugginghdlc event serial0 調試事件資訊

[Quidway]debugginghdlc packet serial0 顯示包的資訊

靜態路由:

[Quidway]iproute-static {interfacenumber|nexthop}[value][reject|blackhole]

例如:

[Quidway]iproute-static 16

[Quidway]iproute-static

[Quidway]iproute-static 16 Serial 2

[Quidway]iproute-static

動態路由:

[Quidway]rip

[Quidway]rip work

[Quidway]rip input

[Quidway]ripoutput

[Quidway-rip] ;可以all

[Quidway-rip]

[Quidway-rip]peerip-address

[Quidway-rip]summary

[Quidway]ripversion 1

[Quidway]ripversion 2 multicast

[Quidway-Ethernet0]ripsplit-horizon ;水平分隔

[Quidway]router idA.B.C.D 配置路由器的ID

[Quidway]ospfenable 啓動OSPF協議

[Quidway-ospf]import-routedirect 引入直聯路由

[Quidway-Serial0]ospfenable area 配置OSPF區域

標準訪問列表命令格式如下:

acl [match-order config|auto] 默認前者順序匹配。

rule[normal|special]{permit|deny} [source source-addr source-wildcard|any]

例:

[Quidway]acl 10

[Quidway-acl-10]rulenormal permit source

[Quidway-acl-10]rulenormal deny source any

擴展訪問控制列表配置命令

配置TCP/UDP協議的擴展訪問列表:

rule{normal|special}{permit|deny}{tcp|udp}source {|any}destination|any}

[operate]

配置ICMP協議的擴展訪問列表:

rule{normal|special}{permit|deny}icmp source {|any]destination{|any]

[icmp-code][logging]

擴展訪問控制列表操作符的含義

equalportnumber 等於

greater-thanportnumber 大於

less-thanportnumber 小於

not-equalportnumber 不等

range portnumber1portnumber2 區間

擴展訪問控制列表舉例

[Quidway]acl 101

[Quidway-acl-101]ruledeny souce any destination any

[Quidway-acl-101]rulepermit icmp source any destination any icmp-type echo

[Quidway-acl-101]rulepermit icmp source any destination any icmp-type echo-reply

[Quidway]acl 102

[Quidway-acl-102]rulepermit ip source destination

[Quidway-acl-102]ruledeny ip source any destination any

[Quidway]acl 103

[Quidway-acl-103]rulepermit tcp source any destination destination-port equal ftp

[Quidway-acl-103]rulepermit tcp source any destination destination-port equal www

[Quidway]firewallenable

[Quidway]firewalldefault permit|deny

[Quidway]int e0

[Quidway-Ethernet0]firewallpacket-filter 101 inbound|outbound

地址轉換配置舉例

[Quidway]firewallenable

[Quidway]firewalldefault permit

[Quidway]acl 101

[Quidway-acl-101]ruledeny ip source any destination any

[Quidway-acl-101]rulepermit ip source 0 destination any

[Quidway-acl-101]rulepermit ip source 0 destination any

[Quidway-acl-101]rulepermit ip source 0 destination any

[Quidway-acl-101]rulepermit ip source 0 destination any

[Quidway]acl 102

[Quidway-acl-102]rulepermit tcp source 0 destination 0

[Quidway-acl-102]rulepermit tcp source any destination 0 destination-port great-than

1024

[Quidway-Ethernet0]firewallpacket-filter 101 inbound

[Quidway-Serial0]firewallpacket-filter 102 inbound

[Quidway]nataddress-group pool1

[Quidway]acl 1

[Quidway-acl-1]rulepermit source

[Quidway-acl-1]ruledeny source any

[Quidway-acl-1]intserial 0

[Quidway-Serial0]natoutbound 1 address-group pool1

[Quidway-Serial0]natserver global inside ftp tcp

[Quidway-Serial0]natserver global inside www tcp

[Quidway-Serial0]natserver global 8080 inside www tcp

[Quidway-Serial0]natserver global inside smtp udp

PPP驗證:

主驗方:pap|chap

[Quidway]local-useru2 password {simple|cipher} aaa

[Quidway]interfaceserial 0

[Quidway-serial0]pppauthentication-mode {pap|chap}

[Quidway-serial0]pppchap user u1 //pap時,不用此句

pap被驗方:

[Quidway]interfaceserial 0

[Quidway-serial0]ppppap local-user u2 password {simple|cipher} aaa

chap被驗方:

[Quidway]interfaceserial 0

[Quidway-serial0]pppchap user u1

[Quidway-serial0]local-useru2 password {simple|cipher} aaa

TAGS:H3C 配置 交換機 案例
相關文章:
最熱推薦
猜你喜歡
最近更新
更多推薦

Copyright©2024學問君 xuewenjun.com版權所有