H3C端口经验配置 - 360文档中心

合集下载

相关主题

1、下载文档前请自行甄别文档内容的完整性，平台不提供额外的编辑、内容补充、找答案等附加服务。
2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
3、如文档侵犯您的权益，请联系客服反馈,我们会尽快为您处理(人工客服工作时间：9:00-18:30)。

H3C网络设备常用配置脚本

为了方便H3C网络设备的配置特建立此文档方便大家参考

工具/原料

H3C交换机

交换机初始化基本配置

sysname 交换机名字

super password level 3 cipher 密码

loopback-detection enable

user-interface aux 0

idle-timeout 30 0

user-interfacevty 0 4

idle-timeout 30 0

END

NTP时间同步配置

1. 1

clocktimezone GMT add 8

ntp-service unicast-server NTP服务器IP地址

ntp source-interface LoopBack 0 （三层交换机，存在Loopback口时）

2. 2

外网可用NTP服务器202.120.2.101

END

SSH服务配置

1. 1

Comware V3 Platform

acl number 2000

rule 1 permit source 192.168.0.1 0 //允许192.168.0.1登录

rule 50 deny

rsa local-key-pair create

user-interfacevty 0 4

acl 2000 inbound

protocol inbound ssh

ssh user admin authentication-type password //允许admin用户进行ssh登录

2. 2

Comware V5 Platform

acl number 2000

rule 1 permit source 192.168.0.1 0 //允许192.168.0.1登录

rule 50 deny

public-key local create rsa

ssh server enable

user-interfacevty 0 4

acl 2000 inbound

protocol inbound ssh

ssh user admin service-type all authentication-type password //允许admin 用户进行ssh登录

END

AAA认证配置

1. 1

Comware V3 Platform

local-user admin

password cipher *****

service-typessh telnet terminal

level 3

hwtacacs scheme acs

primary authentication *****

primary authorization *****

primary accounting *****

key authentication *****

key authorization *****

key accounting *****

user-name-format without-domain

domainacs

schemehwtacacs-scheme acs local

domain default enable acs

user-interface aux 0

authentication-mode scheme command-authorization

accounting commands scheme

user-interfacevty 0 4

authentication-mode scheme command-authorization

accounting commands scheme

2. 2

Comware V5 Platform

local-userhuangly

password cipher *****

authorization-attribute level 3

service-typessh telnet terminal

hwtacacs scheme acs

key authentication *****

key authorization *****

key accounting *****

domainacs

authentication default hwtacacs-scheme acs local

authorization default hwtacacs-scheme acs local

accounting default hwtacacs-scheme acs local

domain default enable acs

user-interface aux 0 8

authentication-mode scheme

command authorization

command accounting

user-interfacevty 0 4

authentication-mode scheme

command authorization

command accounting

END

SNMP服务配置

1. 1

SNMPv2

snmp-agent

snmp-agent community read *******

snmp-agent sys-info version all

2. 2

SNMPv3

snmp-agent

snmp-agent sys-info version v3

snmp-agent group v3 ******* privacy

snmp-agentusm-user v3 admin ******* authentication-mode md5 ******* privacy-mode des56 *******

END

Syslog服务配置

1. 1

info-centerlogbuffer size 1024

info-centerloghost ********