您的位置:360文档中心› h3c三层交换机配置实例5500

h3c三层交换机配置实例5500

合集下载

华三S5500交换机配置

华三S5500交换机配置

基于多个VLAN 在一个端口
[H3C]interface GigabitEthernet 1/0/2 进入第二个端口设置
[H3C-GigabitEthernet1/0/2]port link-type trunk 端口的链路类型的树干
[H3C-GigabitEthernet1/0/2]port trunk permit vlan all 如果使用单独的就不用增加这项
[H3C]pim
static-rp 192.168.100.1
undo 删除
[H3C]undo vlan 103 删除vlan 103
[H3C]interface GigabitEthernet 1/0/3 进入端口3
Please wait........................................... Done.
[H3C-GigabitEthernet1/0/2]quit 设置好了第二个端口的VLAN可以通过所有
[H3C-GigabitEthernet1/0/2]port trunk permit vlan 122 在此端口上增加VLAN组
[H3C-Vlan-interface104]ip address 192.168.69.1 255.255.255.0 设置IP
步骤三:将所要配置端口加入到VLAN组
[H3C] interface GigabitEthernet 1/0/1 设置第一个端口
[H3C-GigabitEthernet1/0/1]port access vlan 101 设置端口一为VLAN 101组
[H3C-GigabitEthernet1/0/3]undo port link-type 删除port link-type

H3C5500详细配置及说明

H3C5500详细配置及说明

version 5.20, Release 1207sysname dunan-s5500 设备重命名super password level 3 simple abcd123456 设置串口连接密码 domain default enable system说明性文字telnet server enable telnet服务开启loopback-detection enable 环回口连接开启注释VLAN连接区域vlan 1description fileserver vlan 2description firewallvlan 10description erp+sql+other vlan 20description caiwu vlan 30description waimaovlan 40description bigofficevlan 50description jishubuvlan 60description erchejianvlan 70description huayivlan 80description zongcaivlan 90description webservlan 130description wlanradius scheme systemdomain system 说明性文字access-limit disablestate activeidle-cut disableself-service-url disable将ACL规则定义策略和行为这里和3600是不同的,分为三部traffic classifier c_vlan operator and if-match acl 3000traffic classifier a_vlan operator and if-match acl 3001traffic behavior d_vlanfilter denytraffic behavior b_vlanfilter denyqos policy p_vlanclassifier c_vlan behavior b_vlanqos policy t_vlanclassifier a_vlan behavior d_vlan设置web访问用户和密码并定义权限为最高local-user h3cpassword simple dafmservice-type telnetlevel 3建立高级访问控制列表并建立子规则acl number 3000rule 0 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.90.0 0.0.0.255 rule 1 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.90.0 0.0.0.255 rule 2 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule 3 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule 4 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule 5 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.50.0 0.0.0.255 rule 6 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 rule 7 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 rule 8 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.80.0 0.0.0.255 rule 9 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.80.0 0.0.0.255 rule 10 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 rule 11 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 rule 12 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule 13 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule 14 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule 15 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule 16 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.130.0 0.0.0.255 rule 17 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule 18 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule 19 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.50.0 0.0.0.255 rule 20 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 rule 21 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 rule 22 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.90.0 0.0.0.255 rule 23 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.130.0 0.0.0.255 acl number 3001rule 0 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 rule 1 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.10.0 0.0.0.255 rule 2 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule 3 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule 4 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule 5 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 rule 6 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 rule 7 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.80.0 0.0.0.255 rule 8 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.130.0 0.0.0.255 配置VLAN网关,实际为设置vlan 间路由interface NULL0interface Vlan-interface 1ip address 192.168.1.1 255.255.255.0interface Vlan-interface 2ip address 192.168.2.2 255.255.255.0interface Vlan-interface 10ip address 192.168.10.1 255.255.255.0interface Vlan-interface 20ip address 192.168.20.1 255.255.255.0interface Vlan-interface 30ip address 192.168.30.1 255.255.255.0interface Vlan-interface 40ip address 192.168.40.1 255.255.255.0interface Vlan-interface 50ip address 192.168.50.1 255.255.255.0interface Vlan-interface 60ip address 192.168.60.1 255.255.255.0interface Vlan-interface 70ip address 192.168.70.1 255.255.255.0interface Vlan-interface 80ip address 192.168.80.1 255.255.255.0interface Vlan-interface 90ip address 192.168.90.1 255.255.255.0interface Vlan-interface 30ip address 192.168.130.1 255.255.255.0将接口划入vlaninterface GigabitEthernet1/0/1port access vlan 10interface GigabitEthernet1/0/2port access vlan 10interface GigabitEthernet1/0/3port access vlan 10interface GigabitEthernet1/0/4port access vlan 90定义策略到接口qos apply policy t_vlan inboundinterface GigabitEthernet1/0/5 port access vlan 20 interface GigabitEthernet1/0/6 port access vlan 20 interface GigabitEthernet1/0/7 port access vlan 30 interface GigabitEthernet1/0/8 port access vlan 30 interface GigabitEthernet1/0/9 port access vlan 40 interface GigabitEthernet1/0/10 port access vlan 40 interface GigabitEthernet1/0/11 port access vlan 50 定义策略到接口qos apply policy p_vlan inboundinterface GigabitEthernet1/0/12 port access vlan 50定义策略到接口qos apply policy p_vlan inboundinterface GigabitEthernet1/0/13 port access vlan 60 interface GigabitEthernet1/0/14 port access vlan 60 interface GigabitEthernet1/0/15 port access vlan 70 interface GigabitEthernet1/0/16 port access vlan 70 interface GigabitEthernet1/0/17 port access vlan 80定义策略到接口qos apply policy p_vlan inboundinterface GigabitEthernet1/0/18 port access vlan 80定义策略到接口qos apply policy p_vlan inboundinterface GigabitEthernet1/0/19 port access vlan 130定义策略到接口qos apply policy p_vlan inboundinterface GigabitEthernet1/0/20 port access vlan 130定义策略到接口qos apply policy p_vlan inboundinterface GigabitEthernet1/0/21 duplex full flow-control interface GigabitEthernet1/0/22interface GigabitEthernet1/0/23 port access vlan 2 interface GigabitEthernet1/0/24 port access vlan 2 interface GigabitEthernet1/0/25 shutdowninterface GigabitEthernet1/0/26 shutdowninterface GigabitEthernet1/0/27 shutdowninterface GigabitEthernet1/0/28 shutdown配置到防火墙的默认路由ip route-static 0.0.0.0 0.0.0.0 192.168.2.1简单网络管理协议的描述snmp-agentsnmp-agent local-engineid 800063A20300E0FC123456 snmp-agent sys-info version v3load xml-configuration开启aux口和telnet访问的权限并设定串口访问密码user-interface aux 0authentication-mode passwordset authentication password simple abcd123456user-interface vty 0 4user privilege level 3set authentication password cipher ^BM!.M()1=%X)AG\U/NCA!!protocol inbound telnet华为路由器交换机配置命令:交换机命令[Quidway]dis curr;显示当前配置[Quidway]display interfaces;显示接口信息[Quidway]display vlanall;显示路由信息[Quidway]display version;显示版本信息[Quidway]super password;修改特权用户密码[Quidway]sysname;交换机命名[Quidway]interface ethernet0/1;进入接口视图[Quidway]interface vlanx;进入接口视图[Quidway-Vlan-interfacex]ip address 10.65.1.1 255.255.0.0;配置VLAN的IP地址[Quidway]ip route-static 0.0.0.0 0.0.0.0 10.65.1.2;静态路由=网关[Quidway]rip;三层交换支持[Quidway]user-interface vty 0 4;进入虚拟终端[S3026-ui-vty0-4]authentication-mode password;设置口令模式[S3026-ui-vty0-4]set authentication-mode password simple222;设置口令[S3026-ui-vty0-4]user privilege level3;用户级别[Quidway]interface ethernet0/1;进入端口模式[Quidway]int e0/1;进入端口模式[Quidway-Ethernet0/1]duplex {half|full|auto};配置端口工作状态[Quidway-Ethernet0/1]speed{10|100|auto};配置端口工作速率[Quidway-Ethernet0/1]flow-control;配置端口流控[Quidway-Ethernet0/1]mdi{across|auto|normal};配置端口平接扭接[Quidway-Ethernet0/1]portlink-type{trunk|access|hybrid};设置端口工作模式[Quidway-Ethernet0/1]port access vlan3;当前端口加入到VLAN[Quidway-Ethernet0/2]port trunk permitvlan{ID|All};设trunk允许的VLAN[Quidway-Ethernet0/3]port trunk pvid vlan3;设置trunk端口的PVID [Quidway-Ethernet0/1]undoshutdown;激活端口[Quidway-Ethernet0/1]shutdown;关闭端口[Quidway-Ethernet0/1]quit;返回 [Quidway]vlan3;创建VLAN[Quidway-vlan3]port ethernet0/1;在VLAN中增加端口[Quidway-vlan3]port e0/1;简写方式[Quidway-vlan3]port ethernet0/1 to ethernet0/4;在VLAN中增加端口[Quidway-vlan3]port e0/1 to e0/4;简写方式[Quidway]monitor-port;指定镜像端口[Quidway]port mirror;指定被镜像端口[Quidway]port mirror int_listobserving-portint_typeint_num;指定镜像和被镜像[Quidway]description string;指定VLAN描述字符[Quidway]description;删除VLAN描述字符[Quidway]display vlan[vlan_id];查看VLAN设置[Quidway]stp{enable|disable};设置生成树,默认关闭[Quidway]stp priority 4096;设置交换机的优先级[Quidway]stp root{primary|secondary};设置为根或根的备份[Quidway-Ethernet0/1]stpcost200;设置交换机端口的花费[Quidway]link-aggregatione0/1toe0/4ingress|both;端口的聚合[Quidway]undolink-aggregatione0/1|all;始端口为通道号[SwitchA-vlanx]isolate-user-vlanenable;设置主vlan[SwitchA]isolate-user-vlansecondary;设置主vlan包括的子vlan[Quidway-Ethernet0/2]porthybridpvidvlan;设置vlan的pvid[Quidway-Ethernet0/2]porthybridpvid;删除vlan的pvid[Quidway-Ethernet0/2]porthybridvlanvlan_id_listuntagged;设置无标识的vlan 如果包的vlanid与PVId一致,则去掉vlan信息.默认PVID=1。

H3C 5500 -EI SI IRF 配置

H3C 5500 -EI SI IRF 配置

1.5.1 配置IRF域编号1. IRF域简介域是一个逻辑概念,设备通过IRF链路连接在一起就组成一个IRF,这些成员设备的集合就是一个IRF域。

为了适应各种组网应用,同一个网络里可以部署多个IRF,IRF之间使用域编号(DomainID)来以示区别。

如图1-7所示,Switch A和Switch B组成IRF1,Switch C和Switch D组成IRF2。

如果IRF1和IRF2之间有LACP MAD检测链路,则IRF1和IRF2会通过检测链路互相发送MAD检测报文,从而彼此影响IRF系统的状态和运行。

这种情况下,可以给两个IRF配置不同的域编号,以保证两个IRF互不干扰。

配置IRF域编号后,成员设备发出的扩展LACP报文中将携带IRF域信息,用以区分不同IRF的LACP检测报文,避免与其它IRF产生混淆。

图1-7 多IRF域示意图2. 配置IRF域编号表1-2 配置IRF域编号●IRF域编号的配臵必须在开启LACP MAD检测功能之前进行。

●建议用户为同一IRF中的成员设备配臵统一的IRF域编号,否则会影响LACP MAD检测功能的正常运行。

●在完成上述配臵后,在任意视图下执行display irf命令可以显示IRF域编号的配臵情况,通过查看显示信息验证配臵的效果。

1.5.2 配置成员编号IRF通过成员编号唯一的识别各成员设备,设备上的许多信息、配置与成员编号相关,比如接口(包括物理接口和逻辑接口)的编号以及接口下的配置、成员优先级的配置等。

●修改成员编号后,如果没有重启本设备,则原编号继续生效,各物理资源仍然使用原编号来标识;配置文件中,只有IRF端口的编号以及IRF端口下的配置、成员优先级的配置会跟着改变,其它配置均不会跟着改变。

●修改成员编号后,如果保存当前配置,重启本设备,则新的成员编号生效,需要用新编号来标识物理资源;配置文件中,只有IRF端口的编号以及IRF端口下的配置、成员优先级会继续生效,其它与成员编号相关的配置(比如普通物理接口的配置等)不再生效,需要重新配置。

h3c 5500三层交换机配置文档

h3c 5500三层交换机配置文档
#
interface GigabitEthernet1/0/7
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/8
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/5
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/6
port access vlan 11
mirroring-group 1 mirroring-port both
snmp-agent target-host trap address udp-domain 10.10.30.27 udp-port 161 params
securityname public
#
user-interface aux 0 8
user-interface vty 0 4
authentication-mode scheme
authorization-attribute level 3
service-type telnet
#
interface Bridge-Aggregation2
port link-type trunk
port trunk permit vlan all
#

h3c-5500-24I交换机配置

h3c-5500-24I交换机配置

一.H3C 5500 三层交换机启动配置连接好交换机后,打开PC上的超级终端仿真程序(点击“开始”-“程序”-“附件”-“通讯”-“超级终端”,进入超级终端吹昂口,系统弹出如图1所示的连接说明界面)图1在连接说明中键入新连接的名称,单击“确定”按钮,系统弹出如图2所示的界面图,在“连接时使用”一栏中选择连接使用的串口。

图2串口选择完毕后,单击“确定”按钮,系统弹出如图3所示的链接串口参数设置界面,设置每秒位数为9600,数据位为8,奇偶校验为无,停止位为1,数据流控制为无。

图3串口参数设置完成后,单击“确定”按钮,系统进入如图4所示的超级终端界面。

图4在超级终端属性对话框中选择“文件/属性”菜单项,进入属性窗口。

点击属性窗口中的“设置”页签,进入属性设置窗口(如图5所示),在其中选择终端仿真为VT100,选择完成后,单击“确定”按钮。

图5交换机插上电源,终端启动bootrom,下面进入命令配置阶段。

二.H3C 5500 三层交换机详细配置操作及命令(1)首先创建VLANVLAN1为系统缺省VLAN,用户不能手工创建和删除。

保留VLAN是系统为实现特定功能预留的VLAN,用户也不能手工创建和删除。

不能通过undo vlan命令删除设备上动态学习到的VLAN。

(2)为每个创建好的VLAN设置IP口。

【举例】VLAN2命令:<h3c> system-view[h3c] vlan 2[h3c-vlan2] quit[h3c] interface vlan-interface 2[h3c-Vlan-interface2] ip address 24[h3c-Vlan-interface2] quitVLAN3命令:<h3c> system-view[h3c] vlan 3[h3c-vlan3] quit[h3c] interface vlan-interface 3[h3c-Vlan-interface3] ip address 24[h3c-Vlan-interface3] quit(3)设置动态链路聚合【举例】<h3c> system-view[h3c] interface bridge-aggregation 1[h3c-Bridge-Aggregation1] link-aggregation mode dynamic [h3c-Bridge-Aggregation1] port link-type trunk[h3c-Bridge-Aggregation1] port trunk permit vlan all[h3c-Bridge-Aggregation1] port trunk pvid vlan 2|3[h3c-Bridge-Aggregation1] quit[h3c] interface GigabitEthernet 1/0/24[GigabitEthernet1/0/24] port link-aggregation group 15500 到此配置完毕,接入二层交换机H3C-3600到端口1/0/24作为聚合端口。

H3C5500的详细配置

H3C5500的详细配置

di[Quidway]dis cur ;显示当前配置[Quidway]display current-configuration ;显示当前配置[Quidway]display interfaces ;显示接口信息[Quidway]display vlan all ;显示路由信息[Quidway]display version ;显示版本信息[Quidway]super password ;修改特权用户密码[Quidway]sysname ;交换机命名[Quidway]interface ethernet 0/1 ;进入接口视图[Quidway]interface vlan x ;进入接口视图[Quidway-Vlan-interfacex]ip address 10.65.1.1 255.255.0.0 ;配置VLAN的IP地址[Quidway]ip route-static 0.0.0.0 0.0.0.0 10.65.1.2 ;静态路由=网关[Quidway]rip ;三层交换支持[Quidway]local-user ftp[Quidway]user-interface vty 0 4 ;进入虚拟终端[S3026-ui-vty0-4]authentication-mode password ;设置口令模式[S3026-ui-vty0-4]set authentication-mode password simple 222 ;设置口令[S3026-ui-vty0-4]user privilege level 3 ;用户级别[Quidway]interface ethernet 0/1 ;进入端口模式[Quidway]int e0/1 ;进入端口模式[Quidway-Ethernet0/1]duplex {half|full|auto} ;配置端口工作状态[Quidway-Ethernet0/1]speed {10|100|auto} ;配置端口工作速率[Quidway-Ethernet0/1]flow-control ;配置端口流控[Quidway-Ethernet0/1]mdi {across|auto|normal} ;配置端口平接扭接[Quidway-Ethernet0/1]port link-type {trunk|access|hybrid} ;设置端口工作模式[Quidway-Ethernet0/1]port access vlan 3 ;当前端口加入到VLAN[Quidway-Ethernet0/2]port trunk permit vlan {ID|All} ;设trunk允许的VLAN [Quidway-Ethernet0/3]port trunk pvid vlan 3 ;设置trunk端口的PVID [Quidway-Ethernet0/1]undo shutdown ;激活端口[Quidway-Ethernet0/1]shutdown ;关闭端口[Quidway-Ethernet0/1]quit ;返回[Quidway]vlan 3 ;创建VLAN[Quidway-vlan3]port ethernet 0/1 ;在VLAN中增加端口[Quidway-vlan3]port e0/1 ;简写方式[Quidway-vlan3]port ethernet 0/1 to ethernet 0/4 ;在VLAN中增加端口[Quidway-vlan3]port e0/1 to e0/4 ;简写方式[Quidway]monitor-port <interface_type interface_num> ;指定镜像端口[Quidway]port mirror <interface_type interface_num> ;指定被镜像端口[Quidway]port mirror int_list observing-port int_type int_num ;指定镜像和被镜像[Quidway]description string ;指定VLAN描述字符[Quidway]description ;删除VLAN描述字符[Quidway]display vlan [vlan_id] ;查看VLAN设置[Quidway]stp {enable|disable} ;设置生成树,默认关闭[Quidway]stp priority 4096 ;设置交换机的优先级[Quidway]stp root {primary|secondary} ;设置为根或根的备份[Quidway-Ethernet0/1]stp cost 200 ;设置交换机端口的花费[Quidway]link-aggregation e0/1 to e0/4 ingress|both ; 端口的聚合[Quidway]undo link-aggregation e0/1|all ; 始端口为通道号[SwitchA-vlanx]isolate-user-vlan enable ;设置主vlan[SwitchA]isolate-user-vlan <x> secondary <list> ;设置主vlan包括的子vlan [Quidway-Ethernet0/2]port hybrid pvid vlan <id> ;设置vlan的pvid [Quidway-Ethernet0/2]port hybrid pvid ;删除vlan的pvid[Quidway-Ethernet0/2]port hybrid vlan vlan_id_list untagged ;设置无标识的vlan 如果包的vlan id与PVId一致,则去掉vlan信息. 默认PVID=1。

宽带路由器接H3C5500-EI做网络管理

宽带路由器接H3C5500-EI做网络管理
宽带路由器+H3C5500-EI 架设小型局域网划分vlan
internet
WAN口 口
123.123.123.123
宽带路由器R 宽带路由器
口 192.168.1.1 LAN口 192.168.1.2/24 Int g1/0/24
Vlan 10
192.168.2.10 192.168.2.11 网关: 网关:192.168.2.1Leabharlann H3C5500-EI的设置
• 配置命令: sys sysname H3C vlan 2 port g1/0/1 g1/0/2 vlan 3 port g1/0/3 g1/0/4 vlan 10 port g1/0/24 quit int vlan 2 ip add 192.168.2.1 255.255.255.0 int vlan 3 ip add 192.168.3.1 255.255.255.0 int vlan 10 ip add 192.168.1.2 255.255.255.0 quit ip rout 0.0.0.0 0 192.168.1.1
192.168.3.10 192.168.3.11 网关: 网关:192.168.3.1
Vlan 2
Vlan 3
• 宽带路由器设置: 宽带路由器设置: • 1、配置宽带路由器的wan口的连接模式,如果是adsl需要 设置拨号,如果是动态获取ip或者设置静态IP,保证路由 器能够上inter网就可以了,这个不是本实验的主要内容所 以省略。 • 2、配置宽带路由器的Lan口,设置网关地址为 192.168.1.1/24,然后,关闭dhcp服务。 • 3、设置宽带路由器的静态路由选项,添加指向H3C三层 交换机的静态路由,如图中实验,设置两个静态路由: vlan 2 静态路由设置: 静态路由设置: 目的地址:192.168.2.0 子网掩码:255.255.255.0 网关地址:192.168.1.2 vlan 3静态路由设置: 静态路由设置: 静态路由设置 目的地址:192.168.3.0 子网掩码:255.255.255.0 网关地址:192.168.1.2

H3C三层交换机S5500初始配置+网络访问策略

H3C三层交换机S5500初始配置+网络访问策略

H3C三层交换机S5500初始配置+网络访问策略H3C三层交换机S5500初始配置+网络访问策略作者:饮马闪客发布于:2014-7-31 22:00 Thursday 分类:网络相关以下为H3C交换机系列S5500型号的初始配置首先连接交换机的CONSOLE口,使用超级终端进入交换机操作的指令界面:配置VLAN1地址:<HG-S5500> sysSystem View: return to User View with Ctrl+Z.[HG-S5500] interface Vlan-interface 1[HG-S5500-Vlan-interface1] ip address 192.168.254.1 24开启web和telnet服务:[HG-S5500] ip http enable[HG-S5500] telnet server enable建立管理用户:[HG-S5500] local-user admin设置密码:[HG-S5500-luser-admin] password cipher admin110为该用户开启web服务:[HG-S5500-luser-admin] service-type web为该用户开启telnet服务:[HG-S5500-luser-admin] service-type telnet将该用户设置为管理员级别:[HG-S5500-luser-admin] authorization-attribute level 3telnet访问(vty)配置:[HG-S5500] user-interface vty 0 4配置本地或远端用户名口令认证方式[HG-S5500-ui-vty0-4] authentication-mode scheme配置静态路由连接外网:[HG-S5500] ip route-static 0.0.0.0 0.0.0.0 192.168.254.2 (注:静态路由地址为外网进来的接口地址)建立网段访问策略,以vlan31为例,首先建立vlan31:[HG-S5500]vlan 31配置vlan31的ip地址:[HG-S5500] interface Vlan-interface 31[HG-S5500-Vlan-interface31] ip address 192.168.31.1 24编写31网段的访问规则如能访问34、35网段,不能访问其他网段:给其能访问的规则名为 acl number 3100:[HG-S5500] acl number 3100[HG-S5500-acl-adv-3100] rule permit ip source 192.168.31.1 0.0.0.255 destination 192.168.34.0 0.0.0.255[HG-S5500-acl-adv-3100] rule permit ip source 192.168.31.1 0.0.0.255 destination 192.168.35.0 0.0.0.255限制其访问其他网段名为 acl number 3600:[HG-S5500] acl number 3600[HG-S5500-acl-adv-3600] rule permit ip source 192.168.31.1 0.0.0.255 destination 192.168.0.0 0.0.255.255首先注意一点交换机S5500不支持packet_filter,因此只能通过Qos实现vlan策略,以上诉vlan31为例接着定义类h3100: [HG-S5500] traffic classifier h3100[HG-S5500-classifier-h3100] if-match acl 3100定义类h3600:[HG-S5500] traffic classifier h3600[HG-S5500-classifier-h3600] if-match acl 3600创建流hb3100为允许访问,hb3600为不允许访问:[HG-S5500] traffic behavior hb3100[HG-S5500-behavior-hb3100] filter permit[HG-S5500] traffic behavior hb3600[HG-S5500-behavior-hb3600] filter deny创建Qos policy:[HG-S5500] qos policy hvlan31绑定:[HG-S5500-qospolicy-hvlan31] classifier h3100 behavior hb3100[HG-S5500-qospolicy-hvlan31] classifier h3600 behavior hb3600绑定Qos策略:[HG-S5500] qos vlan-policy hvlan31 vlan 31 inbound初始化操作:<HG-S5500> reset saved-configuration选择确认初始化Y:<HG-S5500> Y重启即可生效:<HG-S5500> reboot保存配置:[HG-S5500] saveThe current configuration will be written to the device. Are you sure? [Y/N]: yPlease input the file name(*.cfg)[flash:/20130115.cfg](To leave the existing filename unchanged, press the enter key): 20140408.cfg备注:编写其他vlan策略,请仿照红字处vlan31开始根据步骤编写即可。

华三三层交换机配置案例

华三三层交换机配置案例

三层交换机s5500-28P:vlan1 port 1-2 192.168.0.1 管理用vlan2 port 3-12 192.168.30.1 服务器用vlan3 port 13-22 192.168.20.1 计算机用vlan4 port 23-24 192.168.10.1 路由防火墙用二层交换机s5120-52P作为接入层连电脑,port48上联三层交换机的port22口。

port1-2还是作为管理用可以WEB登陆到交换机。

请教各位大侠如何配置这两台交换机,给出详细步骤。

三层交换机s5500-28P:sys!建立管理用户local-user adminpass ci adminlevel 3service tel!建立需要的VLANvlan 1des manageport e1/0/1 to e1/0/2vlan 2des serverport e1/0/3 to e1/0/12vlan 3des pcport e1/0/13 to e1/0/22vlan 4des route_linkport eq/0/23 to e1/0/24inte vlan-inte 1ip add 192.168.0.1 255.255.255.0undo shinte vlan-inte 2ip add 192.168.30.1 255.255.255.0undo shinte vlan-inte 3ip add 192.168.20.1 255.255.255.0inte vlan-inte 4ip add 192.168.10.1 255.255.255.0undo shinte e1/0/22port link-type trunkport trunk permit vlan allip route-static 0.0.0.0 0.0.0.0 x.x.x.x(Router的IP地址)dhcp server ip-pool 1network 192.168.30.0 mask 255.255.255.0gateway-list 192.168.30.1dns-list 61.177.7.1 221.228.255.1(DNS的IP)dhcp server ip-pool 2network 192.168.20.0 mask 255.255.255.0gateway-list 192.168.20.1dns-list 61.177.7.1 221.228.255.1(DNS的IP)dhcp server ip-pool 3network 192.168.10.0 mask 255.255.255.0gateway-list 192.168.10.1dns-list 61.177.7.1 221.228.255.1(DNS的IP)!禁止DHCP不分配以下地址dhcp server forbidden-ip 192.168.10.1dhcp server forbidden-ip 192.168.20.1dhcp server forbidden-ip 192.168.30.1!VTY线路启用认证user-interface vty 0 4authentication-mode scheme二层交换机s5120-52P!建立管理用户local adminpass ci adminlevel 3!建立VLANvlan 1port e1/0/1 to e1/0/2vlan 2vlan 3vlan 4inte e1/0/48port link-type trunkport trunk permit vlan allinte vlan-inte 1ip add 192.168.0.2 255.255.255.0undo ship route-static 0.0.0.0 0.0.0.0 192.168.0.1user-inte vty 0 4authentication-mode scheme。

H3C-S5500基本配置思路及实用命令

H3C-S5500基本配置思路及实用命令

H3C S5500基本配置思路及实用命令1.总体配置思路:1)添加VLAN1,并将相应端口添加到该VLAN。

(在VLAN状态下才可一次将多个端口加入相应VLAN,interface e 1/0/1 to e 1/0/24)2)添加VLAN2,并将其置为管理VLAN(在#状态下management-vlan 2),才可设置其VLAN的IP地址。

3)添加静态路由。

4)配置端口TRUNK模式。

5)配置远程登录VTY认证。

6)配置本地用户。

2.进入特权模式System View<H3C> System ViewSystem View: return to User View with Ctrl+Z.[H3C]dis[H3C]display cur3.配置交换机主机名sysnamesysname H3C4.添加VLANvlan 1或在此状态下直接将相应端口加入该VLAN (否则只能一个口一个口的添加)Interface e 1/0/1 to e 1/0/245.配置管理VLAN-- management-vlanmanagement-vlan 26.给管理VLAN添加IP地址interface Vlan-interface1ip address 10.10.40.176 255.255.255.07.添加端口到VLAN:port access vlan 1interface GigabitEthernet1/0/2port access vlan 18.远程登录配置及3A认证模式user-interface vty 0 4authentication-mode scheme9.配置3A认证本地用户及属性local-user testpassword simple testpwdauthorization-attribute level 3service-type telnet可能的配置local-user testpassword simple testservice-type telnetlevel 310.将端口配置为Trunk口interface GigabitEthernet1/0/20port link-type trunkport trunk permit vlan all11.添加静态路由ip route-static 0.0.0.0 0.0.0.0 10.10.40.112.查看路由表display ip routing-table[H3C]display ip routing-tableRouting Tables: PublicDestinations : 7 Routes : 7Destination/Mask Proto Pre Cost NextHop Interface0.0.0.0/0 Static 60 0 10.10.40.1 Vlan210.10.40.0/24 Direct 0 0 10.10.40.180Vlan210.10.40.180/32 Direct 0 0 127.0.0.1 InLoop0127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0192.168.76.0/24 Direct 0 0 192.168.76.3Vlan76192.168.76.3/32 Direct 0 0 127.0.0.1 InLoop013.显示当前配置display current-configuration[H3C]display current-configuration14.查看端口及VLAN的up/down状态display brief interface[H3C]display brief interfaceThe brief information of interface(s) under route mode:Interface Link Protocol-link Protocol type Main IPNULL0 UP UP(spoofing) NULL --Vlan1 UP UP ETHERNET 192.168.76.3Vlan2 UP UP ETHERNET 10.10.40.180The brief information of interface(s) under bridge mode:Interface Link Speed Duplex Link-typePVIDGE1/0/1 UP 1G(a) full(a) access1GE1/0/2 DOWN auto auto access1GE1/0/3 DOWN auto auto access1GE1/0/9 DOWN auto auto access1GE1/0/10 DOWN auto auto access1display brief interface GigabitEthernet 1/0/1[H3C]display brief interface GigabitEthernet 1/0/1The brief information of interface(s) under bridge mode:Interface Link Speed Duplex Link-typePVIDGE1/0/1 UP 1G(a) full(a) access1display brief interface Vlan-interface 1[H3C]display brief interface Vlan-interface 1The brief information of interface(s) under route mode:Interface Link Protocol-link Protocol type Main IPVlan1 UP UP ETHERNET 192.168.76.315.查看MAC地址缓存表display mac-address[H3C]display mac-addressMAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)0000-e7a7-2374 1 Learned GigabitEthernet1/0/19 AGING0000-e8f1-6952 1 Learned GigabitEthernet1/0/19 AGING0001-6c41-9cee 1 Learned GigabitEthernet1/0/19 AGING000c-2919-0d6c 1 Learned GigabitEthernet1/0/19 AGING000c-2961-d8ea 1 Learned GigabitEthernet1/0/19 AGING16.查看某一端口的MAC地址缓存表display mac-address interface GigabitEthernet 1/0/1[H3C]display mac-address interface GigabitEthernet 1/0/1MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)0016-3642-e888 1 Learned GigabitEthernet1/0/1 AGING0016-eca2-d69d 1 Learned GigabitEthernet1/0/1AGING001c-25d8-77b6 1 Learned GigabitEthernet1/0/1 AGING0024-1d6e-6fbe 1 Learned GigabitEthernet1/0/1 AGING17.查看ARP缓存表display arp[H3C]display arpType: S-Static D-DynamicIP Address MAC Address VLAN ID Interface Aging Type192.168.76.56 0016-eca2-d69d 1 GE1/0/1 20D192.168.76.131 0016-3642-e888 1 GE1/0/1 19D192.168.76.171 0024-1d6e-6fbe 1 GE1/0/1 13D10.10.40.1 0018-742d-4fc0 2 GE1/0/19 14D192.168.76.1 0018-742d-4fc0 1 GE1/0/19 10D18.Tftp备份配置1)查看配置文件名及所在文件夹-dir配置文件名可能为startup.cfg或config.cfg配置文件可能在flash:/或unit1>flash:/目录下<jyzx-px-zhongxin>dir flash:/Directory of flash:/0 -rw- 8221183 Aug 11 2010 16:27:52s5500tpsi-cmw520-r2202p11.bin1 -rw- 2365 Apr 26 2000 12:13:58 startup.cfg(配置文件名)31496 KB total (23460 KB free)<jyzx-bg-3-d>dirDirectory of unit1>flash:/1 -rw- 3146 Jan 01 2004 00:00:00 config.def2 (*) -rw- 3711222 Mar 25 2011 16:51:52s31si_e-cmw310-r2211p07.bin3 (*) -rw- 886025 Jan 01 2004 00:00:00h3c-http3.1.9-0019.web4 (*) -rw- 2834 Apr 03 2000 01:20:33 config.cfg(配置文件名)7239 KB total (2739 KB free)(*) -with main attribute (b) -with backup attribute(*b) -with both main and backup attribute<jyzx-bg-4-x>tftp 172.16.8.91 put unit1>flash:/config.cfg 10.10.40.185.txtFile will be transferred in binary mode.Sending file to remote tftp server. Please wait... |TFTP: 2979 bytes sent in 0 second(s).File uploaded successfully.<jyzx-bg-4-x>dirDirectory of unit1>flash:/1 -rw- 3146 Jan 01 2004 00:00:00 config.def2 (*) -rw- 3711222 Mar 25 2011 16:51:52 s31si_e-cmw310-r2211p07.bin3 (*) -rw- 886025 Jan 01 2004 00:00:00 h3c-http3.1.9-0019.web4 (*) -rw- 2979 Apr 02 2000 07:17:02 config.cfg7239 KB total (2739 KB free)(*) -with main attribute (b) -with backup attribute(*b) -with both main and backup attribute2)配置可以使用tftp的ACLacl number 2000rule permit source 172.16.8.91 0[jyzx-px-zhongxin]acl number 2000[jyzx-px-zhongxin-acl-basic-2000]rule permit source 172.16.8.91 ?0 Wildcard bits : 0.0.0.0 ( a host )X.X.X.X Wildcard of source[jyzx-px-zhongxin-acl-basic-2000]rule permit source 172.16.8.91 03)配置tftp服务器- tftp-server acl 2000tftp-server acl 2000[jyzx-px-zhongxin]tftp-server acl 2000The ACL number does not exist or contains no rule. Continue? [Y/N]:y(如果还没有配置ACL,则会有此提示)[jyzx-px-zhongxin]tftp client source ip 172.16.8.914)备份配置文件到tftp软件所在目录下(在用户视图下,即“>”状态下)tftp 172.16.8.91 put flash:/startup.cfg (无目标文件名则表示与源文件名同名)tftp 172.16.8.91 put flash:/startup.cfg startup.txt(将配置文件保存为txt文件)<jyzx-px-zhongxin>tftp 172.16.8.91 put flash:/startup.cfgFile will be transferred in binary modeSending file to remote TFTP server. Please wait... \TFTP: 2365 bytes sent in 0 second(s).File uploaded successfully.<jyzx-px-zhongxin>tftp 172.16.8.91 put flash:/startup.cfg 10.10.40.177.txtFile will be transferred in binary modeSending file to remote TFTP server. Please wait... \TFTP: 2365 bytes sent in 0 second(s).File uploaded successfully.5)小结过程在特权状态下配置ACL和Tftp-server信息acl number 2000rule permit source 172.16.8.91 0quittftp-server acl 2000save在用户视图下备份配置tftp 172.16.8.91 put flash:/startup.cfg 10.10.40.177.txt19.关闭实时信息- undo info-center enable[jyzx-bg-4-x]undo info-center enable% Information center is disabled20.问题1:无法用system-view命令进入特权模式原因:因为local-user中用户认证属性设置不对,level 3必须设置。

H3C S5500三层交换机划分Vlan与H3C路由组网

H3C S5500三层交换机划分Vlan与H3C路由组网

H3C S5500三层交换机划分Vlan与H3C路由组网基本属性:vlan特性:三层互通,两层隔离。

三层交换机不同vlan之间默认是互通的,两次交换机不同vlan是隔离的。

vlan IP:就是定义一个vlan下所有机器的网关地址,该vlan下的机器网关必须是这个IP。

接口:就是交换机后面可以插网线的端口,可以设置为Access、Trunk、Hybrid等.注意点:交换机与相关设备(路由、交换机)相连时,建议将接口设置为Trunk口,并且允许相关vlan 通过。

交换机下行连接电脑终端或服务器终端建议将接口设置为Access接口。

定义vlan时,尽量使用24的掩码(255.255.255.0)进行划分,如果存在包含关系vlan之间互连就会有问题,所以尽量不适用大网段。

设置DHCP自动划分IP示例:组网图:1)配置DHCP服务#启用DHCP服务。

<H3C> system-view[H3C] dhcp enable2)配置端口所属VLAN和对应VLAN接口的IP地址,IP地址即是对应VLAN的网关地址[H3C]vlan 5[H3C-vlan5]port GigabitEthernet 1/0/5[H3C-vlan5]quit[H3C]vlan 6[H3C-vlan6]port GigabitEthernet 1/0/6[H3C-vlan6]quit[H3C]vlan 7[H3C-vlan7]port GigabitEthernet 1/0/7[H3C-vlan7]quit[H3C]interface vlan 5[H3C-Vlan-interface5]ip address 192.168.5.254 255.255.255.0[H3C-Vlan-interface5]quit[H3C]interface vlan 6[H3C-Vlan-interface6]ip address 192.168.6.254 255.255.255.0[H3C-Vlan-interface6]quit[H3C]interface vlan 7[H3C-Vlan-interface7]ip address 192.168.7.254 255.255.255.0[H3C-Vlan-interface7]quit3)配置不参与自动分配的IP地址(DNS服务器等,此步为选配)[H3C] dhcp server forbidden-ip 192.168.5.100[H3C] dhcp server forbidden-ip 192.168.6.100[H3C] dhcp server forbidden-ip 192.168.7.1004)配置DHCP地址池5,用来为192.168.5.0/24网段内的客户端分配IP地址。

H3C三层交换机配置实例(完整资料).doc

H3C三层交换机配置实例(完整资料).doc

【最新整理,下载后即可编辑】H3C三层交换机配置实例1 网络拓扑图 (1)2 配置要求 (1)3划分VLAN并描述 (2)3.1进入系统视图 (2)3.2 创建VLAN并描述 (2)4 给VLAN设置网关 (3)4.1 VLAN1的IP地址设置 (3)4.2 VLAN100的网关设置 (3)4.3 VLAN101的网关设置 (4)4.4 VLAN102的网关设置 (4)4.5 VLAN103的网关设置 (4)5 给VLAN指定端口,设置端口类型 (5)5.1 VLAN100指定端口 (5)5.2 VLAN102指定端口 (5)5.3 VLAN1/101/103指定端口 (6)6 配置路由协议 (7)6.1 默认路由 (7)6.2配置流分类 (7)6.3 定义行为 (7)6.4 应用QOS策略 (8)6.5 接口配置QOS策略 (8)1 网络拓扑图图1-1 网络拓扑图2 配置要求用户1网络:172.16.1.0/24 至出口1网络:172.16.100.0/24用户2网络:192.168.1.0/24 至出口2网络:192.168.100.0/24实现功能:用户1通过互联网出口1,用户2通过互联网出口2。

3划分VLAN并描述3.1进入系统视图<H3C>system-view //进入系统视图图3-1 系统视图3.2 创建VLAN并描述[H3C]vlan 1 //本交换机使用[H3C-vlan1]description Manager //描述为“Manager”[H3C-vlan1]quit[H3C]vlan 100 //划分vlan100[H3C-vlan100]description VLAN 100 //描述为“VLAN 100”[H3C-vlan100]quit[H3C]vlan 101 //划分vlan101[H3C-vlan101]description VLAN 101 //描述为“VLAN 101”[H3C-vlan101]quit[H3C]vlan 102 //划分vlan102[H3C-vlan102]description VLAN 102 //描述为“VLAN 102”[H3C-vlan102]quit[H3C]vlan 103 //划分vlan103[H3C-vlan103]description VLAN 103 //描述为“VLAN 103”[H3C-vlan103]quit[H3C]图3-2 划分VLAN及描述4 给VLAN设置网关4.1 VLAN1的IP地址设置把VLAN1的IP地址设置为192.168.0.254,子网掩码为255.255.255.0,用于本地使用。

H3C5500实用配置

H3C5500实用配置

H3C5500实用配置目录一、端口的链路类型 (2)二、各种通迅协议和用户名及密码配置 (4)3.1Console 口登录方式 (4)3.2TELNET口登录方式(认证方式三种跟上面一样) (6)3.3HTTP登录方式 (9)三、VLAN配置 (10)3.1创建及配置端口VLAN (13)3.2基于IP子网的VLAN配置命令 (13)四、以太网链路聚合 (15)4.1静态聚合配置举例 (15)4.2动态聚合配置举例 (18)五、静态路由配置 (19)5.1静态路由典型配置 (19)5.2动态路由典型配置 (22)六、ACL访问控制列表配置 (22)七、创建管理VLAN (23)一、端口的链路类型根据端口在转发报文时对Tag标签的不同处理方式,可将端口的链路类型分为三种:●Access类型:端口只能属于1个VLAN,并在发送该VLAN的报文时不带Tag 标签,一般用于连接用户设备;●Trunk类型:端口可以允许多个VLAN通过,可以接收和发送多个VLAN的报文,一般用于设备之间连接;●Hybrid类型:端口可以允许多个VLAN通过,可以接收和发送多个VLAN的报文,可以用于设备之间连接,也可以用于连接用户设备。

Hybrid端口和Trunk端口的不同之处在于:●Hybrid端口允许多个VLAN的报文发送时不带Tag标签;●Trunk端口只允许缺省VLAN的报文发送时不带Tag标签。

●当执行undo vlan命令删除的VLAN是某个端口的缺省VLAN 时,对Access端口,端口的缺省VLAN会恢复到VLAN1;对Trunk 或Hybrid端口,端口的缺省VLAN配置不会改变,即它们可以使用已经不存在的VLAN作为缺省VLAN。

表1-3 端口收发报文的处理二、各种通迅协议和用户名及密码配置3.1C onsole 口登录方式配置步骤认证方试:nonesystem-view# 进入AUX 用户界面视图。

[H3C] user-interface aux 0# 配置通过AUX 用户界面登录交换机的用户不需要进行认证。

H3C三层交换机配置实例

H3C三层交换机配置实例

H3C三层交换机配置实例H3C三层交换机配置实例1 网络拓扑图 02 配置要求 03划分VLAN并描述 (1)3.1进入系统视图 (1)3.2 创建VLAN并描述 (1)4 给VLAN设置网关 (2)4.1 VLAN1的IP地址设置 (2)4.2 VLAN100的网关设置 (2)4.3 VLAN101的网关设置 (2)4.4 VLAN102的网关设置 (3)4.5 VLAN103的网关设置 (3)5 给VLAN指定端口,设置端口类型 (3)5.1 VLAN100指定端口 (3)5.2 VLAN102指定端口 (4)5.3 VLAN1/101/103指定端口 (4)6 配置路由协议 (5)6.1 默认路由 (5)6.2配置流分类 (5)6.3 定义行为 (5)6.4 应用QOS策略 (6)6.5 接口配置QOS策略 (6)1 网络拓扑图图1-1 网络拓扑图2 配置要求用户1网络:172.16.1.0/24 至出口1网络:172.16.100.0/24 用户2网络:192.168.1.0/24 至出口2网络:192.168.100.0/24实现功能:用户1通过互联网出口1,用户2通过互联网出口2。

3划分VLAN并描述3.1进入系统视图<H3C>system-view //进入系统视图图3-1 系统视图3.2 创建VLAN并描述[H3C]vlan 1 //本交换机使用[H3C-vlan1]description Manager //描述为“Manager”[H3C-vlan1]quit[H3C]vlan 100 //划分vlan100[H3C-vlan100]description VLAN 100 //描述为“VLAN 100”[H3C-vlan100]quit[H3C]vlan 101 //划分vlan101[H3C-vlan101]description VLAN 101 //描述为“VLAN 101”[H3C-vlan101]quit[H3C]vlan 102 //划分vlan102[H3C-vlan102]description VLAN 102 //描述为“VLAN 102”[H3C-vlan102]quit[H3C]vlan 103 //划分vlan103[H3C-vlan103]description VLAN 103 //描述为“VLAN 103”[H3C-vlan103]quit[H3C]图3-2 划分VLAN及描述4 给VLAN设置网关4.1 VLAN1的IP地址设置把VLAN1的IP地址设置为192.168.0.254,子网掩码为255.255.255.0,用于本地使用。

H3C5500详细配置及说明

H3C5500详细配置及说明

version 5.20, Release 1207#sysname dunan-s5500 设备重命名#super password level 3 simple abcd123456 设置串口连接密码#domain default enable system 说明性文字#telnet server enable telnet服务开启#loopback-detection enable 环回口连接开启#vlan 1description fileserver 注释VLAN连接区域#vlan 2description firewall#vlan 10description erp+sql+other#vlan 20description caiwu#vlan 30description waimao#vlan 40description bigoffice#vlan 50description jishubu#vlan 60description erchejian#vlan 70description huayi#vlan 80description zongcai#vlan 90description webser#vlan 130description wlan#radius scheme system#domain system 说明性文字access-limit disablestate activeidle-cut disableself-service-url disable#traffic classifier c_vlan operator and 将ACL规则定义策略和行为这里和3600是不同的,分为三部if-match acl 3000traffic classifier a_vlan operator andif-match acl 3001#traffic behavior d_vlanfilter denytraffic behavior b_vlanfilter deny#qos policy p_vlanclassifier c_vlan behavior b_vlanqos policy t_vlanclassifier a_vlan behavior d_vlan#local-user h3c 设置web访问用户和密码并定义权限为最高password simple dafmservice-type telnetlevel 3#acl number 3000rule 0 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.90.0 0.0.0.255rule 1 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.90.0 0.0.0.255rule 2 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.20.0 0.0.0.255rule 3 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.30.0 0.0.0.255rule 4 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.40.0 0.0.0.255rule 5 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.50.0 0.0.0.255rule 6 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 rule 7 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 rule 8 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.80.0 0.0.0.255 rule 9 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.80.0 0.0.0.255 rule 10 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 rule 11 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 rule 12 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule 13 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule 14 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule 15 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule 16 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.130.0 0.0.0.255 rule 17 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule 18 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule 19 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.50.0 0.0.0.255 rule 20 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 rule 21 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 rule 22 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.90.0 0.0.0.255 rule 23 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.130.0 0.0.0.255 acl number 3001rule 0 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 rule 1 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.10.0 0.0.0.255 rule 2 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule 3 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule 4 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule 5 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 rule 6 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 rule 7 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.80.0 0.0.0.255 rule 8 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.130.0 0.0.0.255 建立高级访问控制列表并建立子规则#interface NULL0#interface Vlan-interface1ip address 192.168.1.1 255.255.255.0#interface Vlan-interface2ip address 192.168.2.2 255.255.255.0#interface Vlan-interface10ip address 192.168.10.1 255.255.255.0#interface Vlan-interface20ip address 192.168.20.1 255.255.255.0#interface Vlan-interface30ip address 192.168.30.1 255.255.255.0#interface Vlan-interface40ip address 192.168.40.1 255.255.255.0#interface Vlan-interface50ip address 192.168.50.1 255.255.255.0#interface Vlan-interface60ip address 192.168.60.1 255.255.255.0#interface Vlan-interface70ip address 192.168.70.1 255.255.255.0#interface Vlan-interface80ip address 192.168.80.1 255.255.255.0#interface Vlan-interface90ip address 192.168.90.1 255.255.255.0#interface Vlan-interface130ip address 192.168.130.1 255.255.255.0 配置VLAN网关,实际为设置vlan间路由#interface GigabitEthernet1/0/1port access vlan 10 将接口划入vlan#interface GigabitEthernet1/0/2port access vlan 10#interface GigabitEthernet1/0/3port access vlan 10#interface GigabitEthernet1/0/4port access vlan 90qos apply policy t_vlan inbound 定义策略到接口#interface GigabitEthernet1/0/5port access vlan 20#interface GigabitEthernet1/0/6port access vlan 20#port access vlan 30#interface GigabitEthernet1/0/8port access vlan 30#interface GigabitEthernet1/0/9port access vlan 40#interface GigabitEthernet1/0/10port access vlan 40#interface GigabitEthernet1/0/11port access vlan 50qos apply policy p_vlan inbound 定义策略到接口#interface GigabitEthernet1/0/12port access vlan 50qos apply policy p_vlan inbound定义策略到接口#interface GigabitEthernet1/0/13port access vlan 60#interface GigabitEthernet1/0/14port access vlan 60#interface GigabitEthernet1/0/15port access vlan 70#interface GigabitEthernet1/0/16port access vlan 70#interface GigabitEthernet1/0/17port access vlan 80qos apply policy p_vlan inbound定义策略到接口#interface GigabitEthernet1/0/18port access vlan 80qos apply policy p_vlan inbound 定义策略到接口#interface GigabitEthernet1/0/19port access vlan 130qos apply policy p_vlan inbound 定义策略到接口#port access vlan 130qos apply policy p_vlan inbound 定义策略到接口#interface GigabitEthernet1/0/21duplex fullflow-control#interface GigabitEthernet1/0/22#interface GigabitEthernet1/0/23port access vlan 2#interface GigabitEthernet1/0/24port access vlan 2#interface GigabitEthernet1/0/25shutdown#interface GigabitEthernet1/0/26shutdown#interface GigabitEthernet1/0/27shutdown#interface GigabitEthernet1/0/28shutdown#ip route-static 0.0.0.0 0.0.0.0 192.168.2.1 配置到防火墙的默认路由#snmp-agentsnmp-agent local-engineid 800063A20300E0FC123456snmp-agent sys-info version v3 简单网络管理协议的描述#load xml-configuration#user-interface aux 0 开启aux口和telnet访问的权限并设定串口访问密码authentication-mode passwordset authentication password simple abcd123456user-interface vty 0 4user privilege level 3set authentication password cipher ^BM!.#M()1=%X)AG\U/NCA!!protocol inbound telnet#华为路由器交换机配置命令:交换机命令[Quidway]dis curr;显示当前配置[Quidway]display interfaces;显示接口信息[Quidway]display vlanall;显示路由信息[Quidway]display version;显示版本信息[Quidway]super password;修改特权用户密码[Quidway]sysname;交换机命名[Quidway]interface ethernet0/1;进入接口视图[Quidway]interface vlanx;进入接口视图[Quidway-Vlan-interfacex]ip address 10.65.1.1 255.255.0.0;配置VLAN的IP 地址[Quidway]ip route-static 0.0.0.0 0.0.0.0 10.65.1.2;静态路由=网关[Quidway]rip;三层交换支持[Quidway]user-interface vty 0 4;进入虚拟终端[S3026-ui-vty0-4]authentication-mode password;设置口令模式[S3026-ui-vty0-4]set authentication-mode password simple222;设置口令[S3026-ui-vty0-4]user privilege level3;用户级别[Quidway]interface ethernet0/1;进入端口模式[Quidway]int e0/1;进入端口模式[Quidway-Ethernet0/1]duplex {half|full|auto};配置端口工作状态[Quidway-Ethernet0/1]speed{10|100|auto};配置端口工作速率[Quidway-Ethernet0/1]flow-control;配置端口流控[Quidway-Ethernet0/1]mdi{across|auto|normal};配置端口平接扭接[Quidway-Ethernet0/1]portlink-type{trunk|access|hybrid};设置端口工作模式[Quidway-Ethernet0/1]port access vlan3;当前端口加入到VLAN [Quidway-Ethernet0/2]port trunk permitvlan{ID|All};设trunk允许的VLAN [Quidway-Ethernet0/3]port trunk pvid vlan3;设置trunk端口的PVID [Quidway-Ethernet0/1]undoshutdown;激活端口[Quidway-Ethernet0/1]shutdown;关闭端口[Quidway-Ethernet0/1]quit;返回[Quidway]vlan3;创建VLAN[Quidway-vlan3]port ethernet0/1;在VLAN中增加端口[Quidway-vlan3]port e0/1;简写方式[Quidway-vlan3]port ethernet0/1 to ethernet0/4;在VLAN中增加端口[Quidway-vlan3]port e0/1 to e0/4;简写方式[Quidway]monitor-port;指定镜像端口[Quidway]port mirror;指定被镜像端口[Quidway]port mirror int_listobserving-portint_typeint_num;指定镜像和被镜像[Quidway]description string;指定VLAN描述字符[Quidway]description;删除VLAN描述字符[Quidway]display vlan[vlan_id];查看VLAN设置[Quidway]stp{enable|disable};设置生成树,默认关闭[Quidway]stp priority 4096;设置交换机的优先级[Quidway]stp root{primary|secondary};设置为根或根的备份[Quidway-Ethernet0/1]stpcost200;设置交换机端口的花费[Quidway]link-aggregatione0/1toe0/4ingress|both;端口的聚合[Quidway]undolink-aggregatione0/1|all;始端口为通道号[SwitchA-vlanx]isolate-user-vlanenable;设置主vlan[SwitchA]isolate-user-vlansecondary;设置主vlan包括的子vlan[Quidway-Ethernet0/2]porthybridpvidvlan;设置vlan的pvid[Quidway-Ethernet0/2]porthybridpvid;删除vlan的pvid[Quidway-Ethernet0/2]porthybridvlanvlan_id_listuntagged;设置无标识的vlan 如果包的vlanid与PVId一致,则去掉vlan信息.默认PVID=1。

H3C_S5500-EI_IRF及以太口堆叠的典型配置

H3C_S5500-EI_IRF及以太口堆叠的典型配置

H3C S5500-EI IRF堆叠的典型配置一、组网需求:配置两台S5500-EI交换机进行链型堆叠,并分别配置成员编号为1、2线缆连接方式如图所示二、组网图:三、配置步骤:(1) 两台设备不连堆叠线缆,分别上电,分别配置# 在Switch 1上的配置。

#[Switch-01]dis versionH3C Comware Platform SoftwareComware Software, Version 5.20, Release 2202 ------查看版本#[Switch-01]irf member 1 renumber 1Warning: Renumbering the switch number may result in configuration change or loss. Continue?(Y/N)y#[Switch-01]irf member 1 irf-port 1 port 1#[Switch-01]irf member 1 irf-port 1 port 2# 在Switch 1上的配置。

#[Switch-01]dis versionH3C Comware Platform SoftwareComware Software, Version 5.20, Release 2202 ------查看版本#[Switch-01]irf member 1 renumber 1Warning: Renumbering the switch number may result in configuration change or loss. Continue?(Y/N)y#[Switch-01]irf member 1 irf-port 2 port 3#[Switch-01]irf member 1 irf-port 2 port 4(2) 关闭三台设备电源,将三台设备按照组网图连接堆叠电缆,然后全部上电,堆叠形成。

相关主题
  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
#
interface Vlan-interface103
ip address 192.168.3.254 255.255.255.0
#
interface Vlan-interface105
ip address 192.168.5.254 255.255.255.0
#
interface Vlan-interface106
<H3C>syst
System View: return to User View with Ctrl+Z.
[H3C]disp cu
#
version 5.20, Release 1301
#
sysname H3C
#
domain default enable system
#
telnet server enable
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
port access vlan 110
#
interface GigabitEthernet1/0/16
port access vlan 110
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
port link-type trunk
#
undo ip redirects
undo ip ttl-expires
undo ip unreachables
#
vlan 1
#
vlan 102 to 103
#
vlan 105 to 106
#
vlan 110
#
vlan 112 to 113
#
vlan 115 to 116
#
load xml-configuration
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
level 3
#
interface NULL0
#
interface Vlan-interface1
ip address 172.16.1.254 255.255.255.0
#
interface Vlan-interface102
ip address 192.168.2.254 255.255.255.0
port trunk permit vlan all
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/3
port link-type trunk
ip address 192.168.16.254 255.255.255.0
#
interface Vlan-interface1000
ip address 10.10.10.2 255.255.255.248
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
port access vlan 1000
#
ip route-static 0.0.0.0 0.0.0.0 10.10.10.1
#
vlan 1000
#
radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
ip address 192.168.6.254 255.255.255.0
#
interface Vlan-interface110
ip address 192.168.10.254 255.255.255.0
#
interface Vlan-interface112
ip address 192.168.12.254 255.255.255.0
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
local-user supervisor
password simple supervisor
service-type telnet
port trunk permit vlan all
#
interface GigabitEthernet1/0/4
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface Vlan-interface113
ip address 192.168.13.254 255.255.255.0
#
interface Vlan-interface115
ip address 192.168.15.254 255.255.255.0
#
interface Vlan-interface116
相关文档
最新文档