H3C5500详细配置及说明.docx

H3C5500详细配置及说明.docx

《H3C5500详细配置及说明.docx》由会员分享，可在线阅读，更多相关《H3C5500详细配置及说明.docx（10页珍藏版）》请在冰点文库上搜索。

H3C5500详细配置及说明

version5.20,Release1207

sysnamedunan-s5500设备重命名

superpasswordlevel3simpleabcd123456设置串口连接密码

domaindefaultenablesystem说明性文字

telnetserverenabletelnet服务开启

loopback-detectionenable环回口连接开启

注释VLAN连接区域

vlan1vlan30vlan70

descriptionfileserverdescriptionwaimaodescriptionhuayi

vlan2vlan40vlan80

descriptionfirewalldescriptionbigofficedescriptionzongcai

vlan10vlan50vlan90

descriptionerp+sql+otherdescriptionjishubudescriptionwebser

vlan20vlan60vlan130

descriptioncaiwudescriptionerchejiandescriptionwlan

radiusschemesystem

domainsystem说明性文字

access-limitdisable

stateactive

idle-cutdisable

self-service-urldisable

将ACL规则定义策略和行为这里和3600是不同的，分为三部

trafficclassifierc_vlanoperatorandif-matchacl3000

trafficclassifiera_vlanoperatorandif-matchacl3001

trafficbehaviord_vlan

filterdeny

trafficbehaviorb_vlan

filterdeny

qospolicyp_vlan

classifierc_vlanbehaviorb_vlan

qospolicyt_vlan

classifiera_vlanbehaviord_vlan

设置web访问用户和密码并定义权限为最高

local-userh3c

passwordsimpledafm

service-typetelnet

level3

建立高级访问控制列表并建立子规则

aclnumber3000

rule0denytcpsource192.168.50.00.0.0.255destination192.168.90.00.0.0.255

rule1denytcpsource192.168.130.00.0.0.255destination192.168.90.00.0.0.255

rule2denytcpsource192.168.130.00.0.0.255destination192.168.20.00.0.0.255

rule3denytcpsource192.168.130.00.0.0.255destination192.168.30.00.0.0.255

rule4denytcpsource192.168.130.00.0.0.255destination192.168.40.00.0.0.255

rule5denytcpsource192.168.130.00.0.0.255destination192.168.50.00.0.0.255

rule6denytcpsource192.168.130.00.0.0.255destination192.168.60.00.0.0.255

rule7denytcpsource192.168.130.00.0.0.255destination192.168.70.00.0.0.255

rule8denytcpsource192.168.130.00.0.0.255destination192.168.80.00.0.0.255

rule9denytcpsource192.168.50.00.0.0.255destination192.168.80.00.0.0.255

rule10denytcpsource192.168.50.00.0.0.255destination192.168.70.00.0.0.255

rule11denytcpsource192.168.50.00.0.0.255destination192.168.60.00.0.0.255

rule12denytcpsource192.168.80.00.0.0.255destination192.168.20.00.0.0.255

rule13denytcpsource192.168.50.00.0.0.255destination192.168.40.00.0.0.255

rule14denytcpsource192.168.50.00.0.0.255destination192.168.30.00.0.0.255

rule15denytcpsource192.168.50.00.0.0.255destination192.168.20.00.0.0.255

rule16denytcpsource192.168.50.00.0.0.255destination192.168.130.00.0.0.255

rule17denytcpsource192.168.80.00.0.0.255destination192.168.30.00.0.0.255

rule18denytcpsource192.168.80.00.0.0.255destination192.168.40.00.0.0.255

rule19denytcpsource192.168.80.00.0.0.255destination192.168.50.00.0.0.255

rule20denytcpsource192.168.80.00.0.0.255destination192.168.60.00.0.0.255

rule21denytcpsource192.168.80.00.0.0.255destination192.168.70.00.0.0.255

rule22denytcpsource192.168.80.00.0.0.255destination192.168.90.00.0.0.255

rule23denytcpsource192.168.80.00.0.0.255destination192.168.130.00.0.0.255

aclnumber3001

rule0denytcpsource192.168.90.00.0.0.255destination192.168.1.00.0.0.255

rule1denytcpsource192.168.90.00.0.0.255destination192.168.10.00.0.0.255

rule2denytcpsource192.168.90.00.0.0.255destination192.168.20.00.0.0.255

rule3denytcpsource192.168.90.00.0.0.255destination192.168.30.00.0.0.255

rule4denytcpsource192.168.90.00.0.0.255destination192.168.40.00.0.0.255

rule5denytcpsource192.168.90.00.0.0.255destination192.168.60.00.0.0.255

rule6denytcpsource192.168.90.00.0.0.255destination192.168.70.00.0.0.255

rule7denytcpsource192.168.90.00.0.0.255destination192.168.80.00.0.0.255

rule8denytcpsource192.168.90.00.0.0.255destination192.168.130.00.0.0.255

配置VLAN网关，实际为设置vlan间路由

interfaceNULL0

interfaceVlan-interface1

ipaddress192.168.1.1255.255.255.0

interfaceVlan-interface2

ipaddress192.168.2.2255.255.255.0

interfaceVlan-interface10

ipaddress192.168.10.1255.255.255.0

interfaceVlan-interface20

ipaddress192.168.20.1255.255.255.0

interfaceVlan-interface30

ipaddress192.168.30.1255.255.255.0

interfaceVlan-interface40

ipaddress192.168.40.1255.255.255.0

interfaceVlan-interface50

ipaddress192.168.50.1255.255.255.0

interfaceVlan-interface60

ipaddress192.168.60.1255.255.255.0

interfaceVlan-interface70

ipaddress192.168.70.1255.255.255.0

interfaceVlan-interface80

ipaddress192.168.80.1255.255.255.0

interfaceVlan-interface90

ipaddress192.168.90.1255.255.255.0

interfaceVlan-interface30

ipaddress192.168.130.1255.255.255.0

将接口划入vlan

interfaceGigabitEthernet1/0/1

portaccessvlan10

interfaceGigabitEthernet1/0/2

portaccessvlan10

interfaceGigabitEthernet1/0/3

portaccessvlan10

interfaceGigabitEthernet1/0/4

portaccessvlan90

定义策略到接口

qosapplypolicyt_vlaninbound

interfaceGigabitEthernet1/0/5portaccessvlan20

interfaceGigabitEthernet1/0/6portaccessvlan20

interfaceGigabitEthernet1/0/7portaccessvlan30

interfaceGigabitEthernet1/0/8portaccessvlan30

interfaceGigabitEthernet1/0/9portaccessvlan40

interfaceGigabitEthernet1/0/10portaccessvlan40

interfaceGigabitEthernet1/0/11portaccessvlan50

定义策略到接口

qosapplypolicyp_vlaninbound

interfaceGigabitEthernet1/0/12portaccessvlan50

定义策略到接口

qosapplypolicyp_vlaninbound

interfaceGigabitEthernet1/0/13portaccessvlan60

interfaceGigabitEthernet1/0/14portaccessvlan60

interfaceGigabitEthernet1/0/15portaccessvlan70

interfaceGigabitEthernet1/0/16portaccessvlan70

interfaceGigabitEthernet1/0/17portaccessvlan80

定义策略到接口

qosapplypolicyp_vlaninbound

interfaceGigabitEthernet1/0/18portaccessvlan80

定义策略到接口

qosapplypolicyp_vlaninbound

interfaceGigabitEthernet1/0/19portaccessvlan130

定义策略到接口

qosapplypolicyp_vlaninbound

interfaceGigabitEthernet1/0/20portaccessvlan130

定义策略到接口

qosapplypolicyp_vlaninbound

interfaceGigabitEthernet1/0/21duplexfullflow-control

interfaceGigabitEthernet1/0/22

interfaceGigabitEthernet1/0/23portaccessvlan2

interfaceGigabitEthernet1/0/24portaccessvlan2

interfaceGigabitEthernet1/0/25shutdown

interfaceGigabitEthernet1/0/26shutdown

interfaceGigabitEthernet1/0/27shutdown

interfaceGigabitEthernet1/0/28shutdown

配置到防火墙的默认路由

iproute-static0.0.0.00.0.0.0192.168.2.1

简单网络管理协议的描述

snmp-agent

snmp-agentlocal-engineid800063A20300E0FC123456

snmp-agentsys-infoversionv3

loadxml-configuration

开启aux口和telnet访问的权限并设定串口访问密码

user-interfaceaux0

authentication-modepassword

setauthenticationpasswordsimpleabcd123456

user-interfacevty04

userprivilegelevel3

setauthenticationpasswordcipher^BM!

.M（）1=%X）AG\U/NCA!

!

protocolinboundtelnet

华为路由器交换机配置命令：

交换机命令

[Quidway]discurr；显示当前配置

[Quidway]displayinterfaces；显示接口信息

[Quidway]displayvlanall；显示路由信息

[Quidway]displayversion；显示版本信息

[Quidway]superpassword；修改特权用户密码

[Quidway]sysname；交换机命名

[Quidway]interfaceethernet0/1；进入接口视图

[Quidway]interfacevlanx；进入接口视图

[Quidway-Vlan-interfacex]ipaddress10.65.1.1255.255.0.0；配置VLAN的IP地址

[Quidway]iproute-static0.0.0.00.0.0.010.65.1.2；静态路由＝网关

[Quidway]rip；三层交换支持

[Quidway]user-interfacevty04；进入虚拟终端

[S3026-ui-vty0-4]authentication-modepassword；设置口令模式

[S3026-ui-vty0-4]setauthentication-modepasswordsimple222；设置口令

[S3026-ui-vty0-4]userprivilegelevel3；用户级别

[Quidway]interfaceethernet0/1；进入端口模式

[Quidway]inte0/1；进入端口模式

[Quidway-Ethernet0/1]duplex{half|full|auto}；配置端口工作状态

[Quidway-Ethernet0/1]speed{10|100|auto}；配置端口工作速率

[Quidway-Ethernet0/1]flow-control；配置端口流控

[Quidway-Ethernet0/1]mdi{across|auto|normal}；配置端口平接扭接

[Quidway-Ethernet0/1]portlink-type{trunk|access|hybrid}；设置端口工作模式

[Quidway-Ethernet0/1]portaccessvlan3；当前端口加入到VLAN

[Quidway-Ethernet0/2]porttrunkpermitvlan{ID|All}；设trunk允许的VLAN

[Quidway-Ethernet0/3]porttrunkpvidvlan3；设置trunk端

PVID[Quidway-Ethernet0/1]undoshutdown；激活端口

[Quidway-Ethernet0/1]shutdown；关闭端口

[Quidway-Ethernet0/1]quit；返回[Quidway]vlan3；创建VLAN

[Quidway-vlan3]portethernet0/1；在VLAN中增加端口

[Quidway-vlan3]porte0/1；简写方式

[Quidway-vlan3]portethernet0/1toethernet0/4；在VLAN中增加端口

[Quidway-vlan3]porte0/1toe0/4；简写方式

[Quidway]monitor-port；指定镜像端口

[Quidway]portmirror；指定被镜像端口

[Quidway]portmirrorint_listobserving-portint_typeint_num；指定镜像和被镜像

[Quidway]descriptionstring；指定VLAN描述字符

[Quidway]description；删除VLAN描述字符

[Quidway]displayvlan[vlan_id]；查看VLAN设置

[Quidway]stp{enable|disable}；设置生成树,默认关闭的口[Quidway]stppriority4096；设置交换机的优先级

[Quidway]stproot{primary|secondary}；设置为根或根的备份

[Quidway-Ethernet0/1]stpcost200；设置交换机端口的花费

[Quidway]link-aggregatione0/1toe0/4ingress|both;端口的聚合

[Quidway]undolink-aggregatione0/1|all;始端口为通道号

[SwitchA-vlanx]isolate-user-vlanenable；设置主vlan

[SwitchA]isolate-user-vlansecondary；设置主vlan包括的子vlan

[Quidway-Ethernet0/2]porthybridpvidvlan；设置vlan的pvid

[Quidway-Ethernet0/2]porthybridpvid；删除vlan的pvid

[Quidway-Ethernet0/2]porthybridvlanvlan_id_listuntagged；设置无标识的vlan如果包的vlanid与PVId一致，则去掉vlan信息.默认PVID=1。

所以设置PVID为所属vlanid,设置可以互通的vlan为untagged.