配置h3c设备办公网络

![QQ截图20180901230043.png](http://www.xwblog.club/usr/uploads/2018/09/649118616.png)
****不同设备型号配置命令不同*****
1.Console口登陆方式的配置：
system-view
un in en     不要弹出烦人的消息
user-interface aux 0       //进入aux接口
authentication-mode  scheme   //配置认证方式
quit
local-user xw       //创建名叫xw的用户
password hash 123   //配置密码，生产中建议使用hash，以防止命令历史查看密码
service-type terminal telnet ssh //开启此用户登录方式
authorization-attribute user-role level-15
authorization-attribute level 3
user privilege level 3    //设置权限，v7版本命令不同，3 .15均为最高
2.配置telnent 服务
 telnet server enable       //开启telnet服务
 interface Vlan-interface 1  //进入默认vlan 1（管理vlan）
 ip address 192.168.1.2 24      //配置管理IP地址
 user-interface vty 0 4      //进入虚拟接口
 authentication-mode scheme     //设置认证方式
 local-user admin       //添加本地用户telnet
 password simple 123    //设置密码
 passervice-type telnet     //设置用户用途   
 authorization-attribute user-role level-15    //设置用户权限
 2.配置网络（dhcp 默认路由 vlan acl）
sw1：

version 7.1.075, Alpha 7571
dhcp enable
vlan 1
#
vlan 21
 description wuye
#
vlan 22
 description xiaoshou
#
vlan 23
 description servers
#
 stp global enable
#
dhcp server ip-pool vlan21
 gateway-list 192.168.15.254
 network 192.168.15.0 mask 255.255.255.0
 dns-list 202.101.172.35 202.101.172.47
 expired day 8
#
dhcp server ip-pool vlan22
 gateway-list 192.168.16.254
 network 192.168.16.0 mask 255.255.255.0
 dns-list 202.101.172.35 202.101.172.47
 expired day 8
#
dhcp server ip-pool vlan23
 gateway-list 192.168.17.254
 network 192.168.17.0 mask 255.255.255.0
 dns-list 202.101.172.35 202.101.172.47
 expired day 8
#
interface NULL0
#
interface Vlan-interface1
 ip address 192.168.30.1 255.255.255.0
#
interface Vlan-interface21
 ip address 192.168.15.254 255.255.255.0
 dhcp server apply ip-pool vlan21
#
interface Vlan-interface22
 ip address 192.168.16.254 255.255.255.0
 dhcp server apply ip-pool vlan22
#
interface Vlan-interface23
 ip address 192.168.17.254 255.255.255.0
 dhcp server apply ip-pool vlan23
#
interface FortyGigE1/0/53
 port link-mode bridge
#
interface FortyGigE1/0/54
 port link-mode bridge
#
interface GigabitEthernet1/0/2
 port link-mode route
 combo enable fiber
 ip address 192.168.50.2 255.255.255.0
 ### 模拟上行路由，使其数据包出外网或安全设备
acl number 3000
rule 5 deny ip source 192.168.15.0 0.0.0.255 destination 192.168.16.0
wuye 和xiaoshou 不能直接互通
rule 10 deny ip source 192.168.17.0 0.0.0.255 destination 192.168.50.2
server 不能上外网
rule 15 permit ip

vlan 22 下调用 ：packet-filter inbound ip-group 3000
vlan 23 调用   ：packet-filter inbound ip-group 3000

sw2 sw3 sw5

interface Vlan-interface1
ip address 192.168.15.250 255.255.255.0
                   16
				   17
				   
sw4

interface GigabitEthernet1/0/1
 port link-mode route
 combo enable fiber
 ip address 192.168.50.5 255.255.255.0
 ip route-static 0.0.0.0 0.0.0.0 192.168.50.2
 
3.常用命令：
重置接口   default 
查看历史命令 display history-command
显示系统时间 ： clock datetime? 
时间协议 ：            clock protocol ntp
保存配置 ： save
清空配置： reset saved-configuration

****个人h3c账号：zaq123456 查阅官方文档***

添加新评论