H3C S5120-52P-WiNet交换机配置

时间:2020-11-27 17:39:51

配置console口登录验证密码

<H3C>system-view

[H3C]user-interface aux 0

[H3C-ui-aux0]authentication-mode password

[H3C-ui-aux0]set authentication password cipher 123456

[H3C-ui-aux0]user privilege level 3

配置console口登录验证用户和密码

<H3C>system-view

[H3C]user-interface aux 0

[H3C-ui-aux0]authentication-mode scheme

[H3C-ui-aux0]quit

[H3C]local-user admin

[H3C-luser-admin]password cipher 123456

[H3C-luser-admin]authorization-attribute level 3

[H3C-luser-admin]service-type terminal

 

配置telnet远程验证登录密码

<H3C>system-view

[H3C]telnet server enable

[H3C]user-interface vty 0

[H3C-ui-vty0]authentication-mode password

[H3C-ui-vty0]set authentication password cipher 123456

[H3C-ui-vty0]user privilege level 3

配置telnet远程登录验证用户和密码

<H3C>system-view

[H3C]telnet server enable

[H3C]user-interface vty 0

[H3C-ui-vty0]authentication-mode scheme

[H3C]local-user h3c

[H3C-luser-h3c]password cipher h3c

[H3C-luser-h3c]authorization-attribute level 3

[H3C-luser-h3c]service-type telnet

配置ssh远程登录验证用户和密码

<H3C>system-view

#生成SSH公钥

[H3C]public-key local create rsa

#生成SSH密钥

[H3C]public-key local create dsa

#开启ssh服务

[H3C]ssh server enable

#配置同时在线5个VTY用户界面视图

[H3C]user-interface vty 0 4

#SSH用户登录界面认证方式为AAA认证

[H3C-ui-vty0-4]authentication-mode scheme

#远程用户登录协议为SSH(默认情况下系统支持)

[H3C-ui-vty0-4]protocol inbound ssh

[H3C-ui-vty0-4]quit

#创建一个本地用户user01

[H3C]local-user user01

#设置加密密码为123456

[H3C-luser-user01]password cipher 123456

#开启ssh服务类型

[H3C-luser-user01]service-type ssh

#设置用户命令访问级别为3

[H3C-luser-user01]authorization-attribute level 3

[H3C]ssh user user01 service-type stelnet authentication-type password

# 配置SSH用户client001的服务类型为Stelnet,认证方式为password认证。(此步骤可以不配置)

配置web登录验证

<H3C>system-view

[H3C]local-user admin

[H3C-luser-admin]service-type telnet

[H3C-luser-admin]authorization-attribute level 3

[H3C-luser-admin]password cipher 123456

[H3C]display web users     #查看web登录用户

创建VLAN

<H3C>system-view

[H3C]vlan 10

[H3C-vlan10]port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/10

[H3C-vlan10]quit

[H3C]interface Vlan-interface 10

[H3C-Vlan-interface10]ip address 192.168.10.1 255.255.255.0

[H3C-Vlan-interface10]quit

##显示与维护

[H3C]display vlan

[H3C]display vlan 10

[H3C]display vlan all

[H3C]display interface Vlan-interface 10

[H3C]undo vlan 20     #删除VLAN

配置DHCP地址

##创建VLAN并分配地址

<H3C>system-view

[H3C]vlan 10

[H3C-vlan10]port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/5

[H3C-vlan10]quit

[H3C]interface Vlan-interface 10

[H3C-Vlan-interface10]ip address 192.168.10.1 255.255.255.0

[H3C-Vlan-interface10]quit

##启动DHCP功能

[H3C]dhcp enable

##定义DHCP实例名称、地址池、网关地址、DNS、租期、排除自动获取地址

[H3C]dhcp server ip-pool vlan10

[H3C-dhcp-pool-vlan10]network 192.168.10.0 mask 255.255.255.0

[H3C-dhcp-pool-vlan10]gateway-list 192.168.10.1

[H3C-dhcp-pool-vlan10]dns-list 192.168.10.254 192.168.10.250

[H3C-dhcp-pool-vlan10]expired day 5

[H3C]dhcp server forbidden-ip  192.168.10.1 192.168.10.10

配置DHCP中继代理

##创建DHCP中继组 2 并配置DHCP服务器 192.168.20.20

<H3C>system-view

[H3C]dhcp enable

[H3C]dhcp relay server-group 2 ip 192.168.20.20

##配置VLAN 10和VLAN 20工作在DHCP中继模式,并指定DHCP中继组2

[H3C]interface Vlan-interface 10

[H3C-Vlan-interface10]dhcp select relay

[H3C-Vlan-interface10]dhcp relay server-select 2

[H3C-Vlan-interface10]quit

[H3C]interface Vlan-interface 20

[H3C-Vlan-interface20]dhcp select relay

[H3C-Vlan-interface20]dhcp relay server-select 2

[H3C-Vlan-interface20]quit

创建默认静态出口路由

<H3C>system-view

[H3C]ip route-static  0.0.0.0 0.0.0.0 192.168.10.254        #添加静态路由

[H3C]undo ip route-static  0.0.0.0 0.0.0.0 192.168.10.254   #删除静态路由

##显示与维护

[H3C]display ip routing-table

ARP绑定

[H3C]arp static 192.168.10.11 b888-e33c-c11d         #绑定IP和MAC

[H3C]undo arp static 192.168.10.11 b888-e33c-c11d    #解绑IP和MAC

[H3C]display arp

关闭端口

<H3C>system-view

[H3C]interface GigabitEthernet 1/0/1

[H3C-GigabitEthernet1/0/1]shutdown

##显示与维护

[H3C]display current-configuration

开启端口

<H3C>system-view

[H3C]interface GigabitEthernet 1/0/1

[H3C-GigabitEthernet1/0/1]undo shutdown

##显示与维护

[H3C]display current-configuration

设置端口速率

<H3C>system-view

[H3C]interface GigabitEthernet 1/0/1

[H3C-GigabitEthernet1/0/1]speed 100    #设置端口速率为100M

[H3C-GigabitEthernet1/0/1]undo speed   #取消端口速率,默认是auto自动协商

##显示与维护

[H3C]display interface GigabitEthernet 1/0/2  brief

Qos端口限速

<H3C>system-view

[H3C]interface GigabitEthernet 1/0/1

[H3C-GigabitEthernet1/0/1]qos lr inbound cir 2048    #入站速率限制1024kbps(下载速度2M)

[H3C-GigabitEthernet1/0/1]qos lr outbound cir 1024   #出站速率限制1024kbps(上传速度1M)

[H3C-GigabitEthernet1/0/1]quit

##显示与维护

[H3C]display qos lr interface GigabitEthernet 1/0/1

配置本地端口镜像

<H3C>system-view

[H3C]mirroring-group 1 local

[H3C]mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 to GigabitEthernet 1

/0/5 both   #配置源端口镜像(被监控端口)

[H3C]mirroring-group 1 monitor-port GigabitEthernet 1/0/6  #配置目的端口镜像(监控端口)

##显示与维护

[H3C]display mirroring-group 1

[H3C]display mirroring-group all

[H3C]undo mirroring-group 1 mirroring-port GigabitEthernet 1/0/3 both   #删除源端口镜像

[H3C]undo mirroring-group 1 monitor-port GigabitEthernet 1/0/6        #删除目的端口镜像

两台H3C  S5120交换机配置端口Trunk

(实现相同VLAN互访,H3C S5120属于二层交换机,所以,不能实现不同VLAN 相互访问)

第一台H3CSW01配置如下:

##配置VLAN 10 和 VLAN 20

<H3CSW01>system-view

[H3CSW01]vlan 10

[H3CSW01-vlan10]port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/5

[H3CSW01-vlan10]quit

[H3CSW01-Vlan-interface10]ip address 192.168.10.1 255.255.255.0

[H3CSW01]vlan 20

[H3CSW01-vlan20]port GigabitEthernet 1/0/6 to GigabitEthernet 1/0/10

[H3CSW01-vlan20]quit

[H3CSW01]interface Vlan-interface 20

[H3CSW01-Vlan-interface20]ip address 192.168.20.1 255.255.255.0

[H3CSW01-Vlan-interface20]quit

[H3CSW01]display vlan all

##1/0/24端口开启trunk

[H3CSW01]interface GigabitEthernet 1/0/24

[H3CSW01-GigabitEthernet1/0/24]port link-type trunk

[H3CSW01-GigabitEthernet1/0/24]port trunk permit vlan all

[H3CSW01-GigabitEthernet1/0/24]quit

[H3CSW01]display current-configuration interface GigabitEthernet 1/0/24

第二台H3CSW02配置如下:

##配置VLAN 10 和 VLAN 20

<H3CSW02>system-view

[H3CSW02]vlan 10

[H3CSW02-vlan10]port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/5

[H3CSW02-vlan10]quit

[H3CSW02-Vlan-interface10]ip address 192.168.10.1 255.255.255.0

[H3CSW02]vlan 20

[H3CSW02-vlan20]port GigabitEthernet 1/0/6 to GigabitEthernet 1/0/10

[H3CSW02-vlan20]quit

[H3CSW02]interface Vlan-interface 20

[H3CSW02-Vlan-interface20]ip address 192.168.20.1 255.255.255.0

[H3CSW02-Vlan-interface20]quit

[H3CSW02]display vlan all

##1/0/24端口开启trunk

[H3CSW02]interface GigabitEthernet 1/0/24

[H3CSW02-GigabitEthernet1/0/24]port link-type trunk

[H3CSW02-GigabitEthernet1/0/24]port trunk permit vlan all

[H3CSW02-GigabitEthernet1/0/24]quit

[H3CSW02]display current-configuration interface GigabitEthernet 1/0/24

两台H3C  S5120交换机配置链路聚合(二层静态链路聚合)

第一台H3CSW01配置如下:

##配置VLAN 10 和 VLAN 20

<H3CSW01>system-view

[H3CSW01]vlan 10

[H3CSW01-vlan10]port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/5

[H3CSW01-vlan10]quit

[H3CSW01-Vlan-interface10]ip address 192.168.10.1 255.255.255.0

[H3CSW01]vlan 20

[H3CSW01-vlan20]port GigabitEthernet 1/0/6 to GigabitEthernet 1/0/10

[H3CSW01-vlan20]quit

[H3CSW01]interface Vlan-interface 20

[H3CSW01-Vlan-interface20]ip address 192.168.20.1 255.255.255.0

[H3CSW01-Vlan-interface20]quit

[H3CSW01]display vlan all

##创建二层聚合接口1

[H3CSW01]interface Bridge-Aggregation 1

[H3CSW01-Bridge-Aggregation1]quit

##分别将端口GigabitEthernet 1/0/11至GigabitEthernet 1/0/13加入到聚合组1

[H3CSW01]interface GigabitEthernet 1/0/11

[H3CSW01-GigabitEthernet1/0/11]port link-aggregation group 1

[H3CSW01-GigabitEthernet1/0/11]quit

[H3CSW01]interface GigabitEthernet 1/0/12

[H3CSW01-GigabitEthernet1/0/12]port link-aggregation group 1

[H3CSW01-GigabitEthernet1/0/12]quit

[H3CSW01]interface GigabitEthernet 1/0/13

[H3CSW01-GigabitEthernet1/0/13]port link-aggregation group 1

[H3CSW01-GigabitEthernet1/0/13]quit

##配置二层聚合接口1为Trunk端口,并允许所有VLAN报文通过

[H3CSW01]interface Bridge-Aggregation 1

[H3CSW01-Bridge-Aggregation1]port link-type trunk

[H3CSW01-Bridge-Aggregation1]port trunk permit vlan all

##显示与维护

[H3CSW01]display link-aggregation member-port

[H3CSW01]display link-aggregation  summary

[H3CSW01]display link-aggregation  verbose

*****第二台H3CSW02配置跟第一台H3CSW02一样*****

两台H3C  S5120交换机配置链路聚合(二层动态链路聚合)

第一台H3CSW01配置如下:

##配置VLAN 10 和 VLAN 20

<H3CSW01>system-view

[H3CSW01]vlan 10

[H3CSW01-vlan10]port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/5

[H3CSW01-vlan10]quit

[H3CSW01-Vlan-interface10]ip address 192.168.10.1 255.255.255.0

[H3CSW01]vlan 20

[H3CSW01-vlan20]port GigabitEthernet 1/0/6 to GigabitEthernet 1/0/10

[H3CSW01-vlan20]quit

[H3CSW01]interface Vlan-interface 20

[H3CSW01-Vlan-interface20]ip address 192.168.20.1 255.255.255.0

[H3CSW01-Vlan-interface20]quit

[H3CSW01]display vlan all

##创建二层聚合接口1并配置该接口为动态聚合模式

[H3CSW01]interface Bridge-Aggregation 1

[H3CSW01-Bridge-Aggregation1]link-aggregation mode dynamic

[H3CSW01-Bridge-Aggregation1]quit

##分别将端口GigabitEthernet 1/0/11至GigabitEthernet 1/0/13加入到聚合组1

[H3CSW01]interface GigabitEthernet 1/0/11

[H3CSW01-GigabitEthernet1/0/11]port link-aggregation group 1

[H3CSW01-GigabitEthernet1/0/11]quit

[H3CSW01]interface GigabitEthernet 1/0/12

[H3CSW01-GigabitEthernet1/0/12]port link-aggregation group 1

[H3CSW01-GigabitEthernet1/0/12]quit

[H3CSW01]interface GigabitEthernet 1/0/13

[H3CSW01-GigabitEthernet1/0/13]port link-aggregation group 1

[H3CSW01-GigabitEthernet1/0/13]quit

##配置二层聚合接口1为Trunk端口,并允许所有VLAN报文通过

[H3CSW01]interface Bridge-Aggregation 1

[H3CSW01-Bridge-Aggregation1]port link-type trunk

[H3CSW01-Bridge-Aggregation1]port trunk permit vlan all

##显示与维护

[H3CSW01]display link-aggregation member-port

[H3CSW01]display link-aggregation  summary

[H3CSW01]display link-aggregation  verbose

*****第二台H3CSW02配置跟第一台H3CSW02一样*****