配置console口登录验证密码
<H3C>system-view
[H3C]user-interface aux 0
[H3C-ui-aux0]authentication-mode password
[H3C-ui-aux0]set authentication password cipher 123456
[H3C-ui-aux0]user privilege level 3
配置console口登录验证用户和密码
<H3C>system-view
[H3C]user-interface aux 0
[H3C-ui-aux0]authentication-mode scheme
[H3C-ui-aux0]quit
[H3C]local-user admin
[H3C-luser-admin]password cipher 123456
[H3C-luser-admin]authorization-attribute level 3
[H3C-luser-admin]service-type terminal
配置telnet远程验证登录密码
<H3C>system-view
[H3C]telnet server enable
[H3C]user-interface vty 0
[H3C-ui-vty0]authentication-mode password
[H3C-ui-vty0]set authentication password cipher 123456
[H3C-ui-vty0]user privilege level 3
配置telnet远程登录验证用户和密码
<H3C>system-view
[H3C]telnet server enable
[H3C]user-interface vty 0
[H3C-ui-vty0]authentication-mode scheme
[H3C]local-user h3c
[H3C-luser-h3c]password cipher h3c
[H3C-luser-h3c]authorization-attribute level 3
[H3C-luser-h3c]service-type telnet
配置ssh远程登录验证用户和密码
<H3C>system-view
#生成SSH公钥
[H3C]public-key local create rsa
#生成SSH密钥
[H3C]public-key local create dsa
#开启ssh服务
[H3C]ssh server enable
#配置同时在线5个VTY用户界面视图
[H3C]user-interface vty 0 4
#SSH用户登录界面认证方式为AAA认证
[H3C-ui-vty0-4]authentication-mode scheme
#远程用户登录协议为SSH(默认情况下系统支持)
[H3C-ui-vty0-4]protocol inbound ssh
[H3C-ui-vty0-4]quit
#创建一个本地用户user01
[H3C]local-user user01
#设置加密密码为123456
[H3C-luser-user01]password cipher 123456
#开启ssh服务类型
[H3C-luser-user01]service-type ssh
#设置用户命令访问级别为3
[H3C-luser-user01]authorization-attribute level 3
[H3C]ssh user user01 service-type stelnet authentication-type password
# 配置SSH用户client001的服务类型为Stelnet,认证方式为password认证。(此步骤可以不配置)
配置web登录验证
<H3C>system-view
[H3C]local-user admin
[H3C-luser-admin]service-type telnet
[H3C-luser-admin]authorization-attribute level 3
[H3C-luser-admin]password cipher 123456
[H3C]display web users #查看web登录用户
创建VLAN
<H3C>system-view
[H3C]vlan 10
[H3C-vlan10]port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/10
[H3C-vlan10]quit
[H3C]interface Vlan-interface 10
[H3C-Vlan-interface10]ip address 192.168.10.1 255.255.255.0
[H3C-Vlan-interface10]quit
##显示与维护
[H3C]display vlan
[H3C]display vlan 10
[H3C]display vlan all
[H3C]display interface Vlan-interface 10
[H3C]undo vlan 20 #删除VLAN
配置DHCP地址
##创建VLAN并分配地址
<H3C>system-view
[H3C]vlan 10
[H3C-vlan10]port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/5
[H3C-vlan10]quit
[H3C]interface Vlan-interface 10
[H3C-Vlan-interface10]ip address 192.168.10.1 255.255.255.0
[H3C-Vlan-interface10]quit
##启动DHCP功能
[H3C]dhcp enable
##定义DHCP实例名称、地址池、网关地址、DNS、租期、排除自动获取地址
[H3C]dhcp server ip-pool vlan10
[H3C-dhcp-pool-vlan10]network 192.168.10.0 mask 255.255.255.0
[H3C-dhcp-pool-vlan10]gateway-list 192.168.10.1
[H3C-dhcp-pool-vlan10]dns-list 192.168.10.254 192.168.10.250
[H3C-dhcp-pool-vlan10]expired day 5
[H3C]dhcp server forbidden-ip 192.168.10.1 192.168.10.10
配置DHCP中继代理
##创建DHCP中继组 2 并配置DHCP服务器 192.168.20.20
<H3C>system-view
[H3C]dhcp enable
[H3C]dhcp relay server-group 2 ip 192.168.20.20
##配置VLAN 10和VLAN 20工作在DHCP中继模式,并指定DHCP中继组2
[H3C]interface Vlan-interface 10
[H3C-Vlan-interface10]dhcp select relay
[H3C-Vlan-interface10]dhcp relay server-select 2
[H3C-Vlan-interface10]quit
[H3C]interface Vlan-interface 20
[H3C-Vlan-interface20]dhcp select relay
[H3C-Vlan-interface20]dhcp relay server-select 2
[H3C-Vlan-interface20]quit
创建默认静态出口路由
<H3C>system-view
[H3C]ip route-static 0.0.0.0 0.0.0.0 192.168.10.254 #添加静态路由
[H3C]undo ip route-static 0.0.0.0 0.0.0.0 192.168.10.254 #删除静态路由
##显示与维护
[H3C]display ip routing-table
ARP绑定
[H3C]arp static 192.168.10.11 b888-e33c-c11d #绑定IP和MAC
[H3C]undo arp static 192.168.10.11 b888-e33c-c11d #解绑IP和MAC
[H3C]display arp
关闭端口
<H3C>system-view
[H3C]interface GigabitEthernet 1/0/1
[H3C-GigabitEthernet1/0/1]shutdown
##显示与维护
[H3C]display current-configuration
开启端口
<H3C>system-view
[H3C]interface GigabitEthernet 1/0/1
[H3C-GigabitEthernet1/0/1]undo shutdown
##显示与维护
[H3C]display current-configuration
设置端口速率
<H3C>system-view
[H3C]interface GigabitEthernet 1/0/1
[H3C-GigabitEthernet1/0/1]speed 100 #设置端口速率为100M
[H3C-GigabitEthernet1/0/1]undo speed #取消端口速率,默认是auto自动协商
##显示与维护
[H3C]display interface GigabitEthernet 1/0/2 brief
Qos端口限速
<H3C>system-view
[H3C]interface GigabitEthernet 1/0/1
[H3C-GigabitEthernet1/0/1]qos lr inbound cir 2048 #入站速率限制1024kbps(下载速度2M)
[H3C-GigabitEthernet1/0/1]qos lr outbound cir 1024 #出站速率限制1024kbps(上传速度1M)
[H3C-GigabitEthernet1/0/1]quit
##显示与维护
[H3C]display qos lr interface GigabitEthernet 1/0/1
配置本地端口镜像
<H3C>system-view
[H3C]mirroring-group 1 local
[H3C]mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 to GigabitEthernet 1
/0/5 both #配置源端口镜像(被监控端口)
[H3C]mirroring-group 1 monitor-port GigabitEthernet 1/0/6 #配置目的端口镜像(监控端口)
##显示与维护
[H3C]display mirroring-group 1
[H3C]display mirroring-group all
[H3C]undo mirroring-group 1 mirroring-port GigabitEthernet 1/0/3 both #删除源端口镜像
[H3C]undo mirroring-group 1 monitor-port GigabitEthernet 1/0/6 #删除目的端口镜像
两台H3C S5120交换机配置端口Trunk
(实现相同VLAN互访,H3C S5120属于二层交换机,所以,不能实现不同VLAN 相互访问)
第一台H3CSW01配置如下:
##配置VLAN 10 和 VLAN 20
<H3CSW01>system-view
[H3CSW01]vlan 10
[H3CSW01-vlan10]port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/5
[H3CSW01-vlan10]quit
[H3CSW01-Vlan-interface10]ip address 192.168.10.1 255.255.255.0
[H3CSW01]vlan 20
[H3CSW01-vlan20]port GigabitEthernet 1/0/6 to GigabitEthernet 1/0/10
[H3CSW01-vlan20]quit
[H3CSW01]interface Vlan-interface 20
[H3CSW01-Vlan-interface20]ip address 192.168.20.1 255.255.255.0
[H3CSW01-Vlan-interface20]quit
[H3CSW01]display vlan all
##1/0/24端口开启trunk
[H3CSW01]interface GigabitEthernet 1/0/24
[H3CSW01-GigabitEthernet1/0/24]port link-type trunk
[H3CSW01-GigabitEthernet1/0/24]port trunk permit vlan all
[H3CSW01-GigabitEthernet1/0/24]quit
[H3CSW01]display current-configuration interface GigabitEthernet 1/0/24
第二台H3CSW02配置如下:
##配置VLAN 10 和 VLAN 20
<H3CSW02>system-view
[H3CSW02]vlan 10
[H3CSW02-vlan10]port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/5
[H3CSW02-vlan10]quit
[H3CSW02-Vlan-interface10]ip address 192.168.10.1 255.255.255.0
[H3CSW02]vlan 20
[H3CSW02-vlan20]port GigabitEthernet 1/0/6 to GigabitEthernet 1/0/10
[H3CSW02-vlan20]quit
[H3CSW02]interface Vlan-interface 20
[H3CSW02-Vlan-interface20]ip address 192.168.20.1 255.255.255.0
[H3CSW02-Vlan-interface20]quit
[H3CSW02]display vlan all
##1/0/24端口开启trunk
[H3CSW02]interface GigabitEthernet 1/0/24
[H3CSW02-GigabitEthernet1/0/24]port link-type trunk
[H3CSW02-GigabitEthernet1/0/24]port trunk permit vlan all
[H3CSW02-GigabitEthernet1/0/24]quit
[H3CSW02]display current-configuration interface GigabitEthernet 1/0/24
两台H3C S5120交换机配置链路聚合(二层静态链路聚合)
第一台H3CSW01配置如下:
##配置VLAN 10 和 VLAN 20
<H3CSW01>system-view
[H3CSW01]vlan 10
[H3CSW01-vlan10]port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/5
[H3CSW01-vlan10]quit
[H3CSW01-Vlan-interface10]ip address 192.168.10.1 255.255.255.0
[H3CSW01]vlan 20
[H3CSW01-vlan20]port GigabitEthernet 1/0/6 to GigabitEthernet 1/0/10
[H3CSW01-vlan20]quit
[H3CSW01]interface Vlan-interface 20
[H3CSW01-Vlan-interface20]ip address 192.168.20.1 255.255.255.0
[H3CSW01-Vlan-interface20]quit
[H3CSW01]display vlan all
##创建二层聚合接口1
[H3CSW01]interface Bridge-Aggregation 1
[H3CSW01-Bridge-Aggregation1]quit
##分别将端口GigabitEthernet 1/0/11至GigabitEthernet 1/0/13加入到聚合组1中
[H3CSW01]interface GigabitEthernet 1/0/11
[H3CSW01-GigabitEthernet1/0/11]port link-aggregation group 1
[H3CSW01-GigabitEthernet1/0/11]quit
[H3CSW01]interface GigabitEthernet 1/0/12
[H3CSW01-GigabitEthernet1/0/12]port link-aggregation group 1
[H3CSW01-GigabitEthernet1/0/12]quit
[H3CSW01]interface GigabitEthernet 1/0/13
[H3CSW01-GigabitEthernet1/0/13]port link-aggregation group 1
[H3CSW01-GigabitEthernet1/0/13]quit
##配置二层聚合接口1为Trunk端口,并允许所有VLAN报文通过
[H3CSW01]interface Bridge-Aggregation 1
[H3CSW01-Bridge-Aggregation1]port link-type trunk
[H3CSW01-Bridge-Aggregation1]port trunk permit vlan all
##显示与维护
[H3CSW01]display link-aggregation member-port
[H3CSW01]display link-aggregation summary
[H3CSW01]display link-aggregation verbose
*****第二台H3CSW02配置跟第一台H3CSW02一样*****
两台H3C S5120交换机配置链路聚合(二层动态链路聚合)
第一台H3CSW01配置如下:
##配置VLAN 10 和 VLAN 20
<H3CSW01>system-view
[H3CSW01]vlan 10
[H3CSW01-vlan10]port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/5
[H3CSW01-vlan10]quit
[H3CSW01-Vlan-interface10]ip address 192.168.10.1 255.255.255.0
[H3CSW01]vlan 20
[H3CSW01-vlan20]port GigabitEthernet 1/0/6 to GigabitEthernet 1/0/10
[H3CSW01-vlan20]quit
[H3CSW01]interface Vlan-interface 20
[H3CSW01-Vlan-interface20]ip address 192.168.20.1 255.255.255.0
[H3CSW01-Vlan-interface20]quit
[H3CSW01]display vlan all
##创建二层聚合接口1并配置该接口为动态聚合模式
[H3CSW01]interface Bridge-Aggregation 1
[H3CSW01-Bridge-Aggregation1]link-aggregation mode dynamic
[H3CSW01-Bridge-Aggregation1]quit
##分别将端口GigabitEthernet 1/0/11至GigabitEthernet 1/0/13加入到聚合组1中
[H3CSW01]interface GigabitEthernet 1/0/11
[H3CSW01-GigabitEthernet1/0/11]port link-aggregation group 1
[H3CSW01-GigabitEthernet1/0/11]quit
[H3CSW01]interface GigabitEthernet 1/0/12
[H3CSW01-GigabitEthernet1/0/12]port link-aggregation group 1
[H3CSW01-GigabitEthernet1/0/12]quit
[H3CSW01]interface GigabitEthernet 1/0/13
[H3CSW01-GigabitEthernet1/0/13]port link-aggregation group 1
[H3CSW01-GigabitEthernet1/0/13]quit
##配置二层聚合接口1为Trunk端口,并允许所有VLAN报文通过
[H3CSW01]interface Bridge-Aggregation 1
[H3CSW01-Bridge-Aggregation1]port link-type trunk
[H3CSW01-Bridge-Aggregation1]port trunk permit vlan all
##显示与维护
[H3CSW01]display link-aggregation member-port
[H3CSW01]display link-aggregation summary
[H3CSW01]display link-aggregation verbose
*****第二台H3CSW02配置跟第一台H3CSW02一样*****