配置h3c设备办公网络

@努力的小王  September 2, 2018
个人工作学习笔记总结 

QQ截图20180901230043.png
不同设备型号配置命令不同*
1.Console口登陆方式的配置:
system-view
un in en 不要弹出烦人的消息
user-interface aux 0 //进入aux接口
authentication-mode scheme //配置认证方式
quit
local-user xw //创建名叫xw的用户
password hash 123 //配置密码,生产中建议使用hash,以防止命令历史查看密码
service-type terminal telnet ssh //开启此用户登录方式
authorization-attribute user-role level-15
authorization-attribute level 3
user privilege level 3 //设置权限,v7版本命令不同,3 .15均为最高
2.配置telnent 服务
telnet server enable //开启telnet服务
interface Vlan-interface 1 //进入默认vlan 1(管理vlan)
ip address 192.168.1.2 24 //配置管理IP地址
user-interface vty 0 4 //进入虚拟接口
authentication-mode scheme //设置认证方式
local-user admin //添加本地用户telnet
password simple 123 //设置密码
passervice-type telnet //设置用户用途
authorization-attribute user-role level-15 //设置用户权限
2.配置网络(dhcp 默认路由 vlan acl)
sw1:

version 7.1.075, Alpha 7571
dhcp enable
vlan 1

vlan 21
description wuye

vlan 22
description xiaoshou

vlan 23
description servers

stp global enable

dhcp server ip-pool vlan21
gateway-list 192.168.15.254
network 192.168.15.0 mask 255.255.255.0
dns-list 202.101.172.35 202.101.172.47
expired day 8

dhcp server ip-pool vlan22
gateway-list 192.168.16.254
network 192.168.16.0 mask 255.255.255.0
dns-list 202.101.172.35 202.101.172.47
expired day 8

dhcp server ip-pool vlan23
gateway-list 192.168.17.254
network 192.168.17.0 mask 255.255.255.0
dns-list 202.101.172.35 202.101.172.47
expired day 8

interface NULL0

interface Vlan-interface1
ip address 192.168.30.1 255.255.255.0

interface Vlan-interface21
ip address 192.168.15.254 255.255.255.0
dhcp server apply ip-pool vlan21

interface Vlan-interface22
ip address 192.168.16.254 255.255.255.0
dhcp server apply ip-pool vlan22

interface Vlan-interface23
ip address 192.168.17.254 255.255.255.0
dhcp server apply ip-pool vlan23

interface FortyGigE1/0/53
port link-mode bridge

interface FortyGigE1/0/54
port link-mode bridge

interface GigabitEthernet1/0/2
port link-mode route
combo enable fiber
ip address 192.168.50.2 255.255.255.0
### 模拟上行路由,使其数据包出外网或安全设备
acl number 3000
rule 5 deny ip source 192.168.15.0 0.0.0.255 destination 192.168.16.0
wuye 和xiaoshou 不能直接互通
rule 10 deny ip source 192.168.17.0 0.0.0.255 destination 192.168.50.2
server 不能上外网
rule 15 permit ip

vlan 22 下调用 :packet-filter inbound ip-group 3000
vlan 23 调用 :packet-filter inbound ip-group 3000

sw2 sw3 sw5

interface Vlan-interface1
ip address 192.168.15.250 255.255.255.0

               16
               17

sw4

interface GigabitEthernet1/0/1
port link-mode route
combo enable fiber
ip address 192.168.50.5 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 192.168.50.2

3.常用命令:
重置接口 default
查看历史命令 display history-command
显示系统时间 : clock datetime?
时间协议 : clock protocol ntp
保存配置 : save
清空配置: reset saved-configuration

*个人h3c账号:zaq123456 查阅官方文档

添加新评论