1. 常规系统维护... 2

2. 配置文件的操作... 3

3. 配置FTP,tftp信息... 3

4. VLAN配置... 3

5. STP基本配置... 3

6. 802.1X基本配置... 3

7. 端口隔离基本配置... 3

8. 配置静态绑定表项... 3

9. 静态聚合配置... 3

10. 配置静态及动态域名解析... 3

11. DHCP服务器基本配置... 3

12. DHCP中继基本配置... 3

13. 查看设备路由表... 3

14. VLAN间路由(单臂路由)... 3

15. 静态路由配置命令... 3

16. RIP基本配置... 3

17. RIPv2配置任务... 3

18.OSPF基本配置命令... 3

19. 访问控制列表... 3

20. 配置基本ACL. 3

21.配置高级ACL. 3

22. 网络地址转换... 3

--------------------------------------------------------------

1. 常规系统维护

1.1查看历史命令记录

display history-command

1.2 配置设备名称

[H3C]sysname ?

TEXT Host name (1 to 30 characters)

1.3配置系统时间

clock datetime ?

TIME Specify the time (HH:MM:SS)

1.4显示系统时间

display clock

1.5配置欢迎/提示信息

[H3C]header ?

incoming Specify the banner of the terminal user-interface

legal Specify the legal banner

login Specify the login authentication banner

motd Specify the banner of today

shell Specify the session banner

1.6查看版本信息

display version

1.7查看当前配置

display current-configuration

1.8显示接口信息

display interface

1.9显示接口IP状态与配置信息

display ip interface brief

1.10显示系统运行统计信息

display diagnostic-information

1.11指定下次启动加载的应用程序文件

boot-loader file file-url

1.12显示下次启动加载的应用程序文件

display boot-loader

1.13重启系统

reboot

1.14开启设备定时重启功能,并指定重启的具体时间

schedule reboot at hh:mm [ date ]

1.15开启设备定时重启功能,并指定重启的等待时延

schedule reboot delay { hh:mm | mm }

1.16显示设备的重启时间

display schedule reboot

1.17配置Telnet

(1) 配置与网络相连端口的IP地址

[H3C-ethernet0/0]ip address ip-address { mask | mask-length }

(2) 使能Telnet服务器端功能

[H3C]telnet server enable

(3) 进入vty用户界面视图,设置验证方式

[H3C]user-interface vty first-num2 [ last-num2 ]

[H3C-ui-vty0]authentication-mode { none | password | scheme }

(4) 设置登录密码和用户级别

[H3C-ui-vty0]set authentication password { cipher | simple } password

[H3C-ui-vty0]user privilege level level

(5) 创建用户、配置密码、设置服务类型、设置用户级别

[H3C]local-user username

[H3C-luser-xxx] password { cipher | simple } password

[H3C-luser-xxx] service-type telnet

[H3C-luser-xxx] level level

Telnet配置例子

system-view

[H3C]telnet server enable

[H3C]interface ethernet0/0

[H3C-ethernet0/0]ip address 192.168.0.254 24

[H3C]user-interface vty 0

[H3C-ui-vty0]set authentication password cipher 123456

[H3C-ui-vty0]user privilege level 2

2. 配置文件的操作

2.1保存配置

save

2.2擦除配置

reset saved-configuration

2.3设置下次启动的配置文件

startup saved-configuration filename

2.4备份/恢复下次启动配置文件

backup startup-configuration to dest-addr [ filename ]

restore startup-configuration from src-addr filename

2.5查看保存的配置文件

display saved-configuration

2.6查看系统启动配置文件

display startup

2.7查看当前生效的配置

display current-configuration

2.8查看当前视图下生效的配置

[H3C-ui-vty0]display this

3. 配置FTP,tftp信息

3.1使能FTP服务器端功能

[H3C]ftp server enable

3.2创建用户

[H3C]local-user username

3.3设置服务类型及登录密码

[H3C-luser-xxx]service-type ftp

[H3C-luser-xxx]password { cipher | simple } password

3.4 FTP操作示例

C:\>ftp 192.168.0.1

Connected to 192.168.0.1.

220 FTP service ready.

User (192.168.0.1:(none)): h3c

331 Password required for h3c.

Password:

230 User logged in.

ftp> put config.cfg

200 Port command okay.

150 Opening ASCII mode data connection for config.cfg.

226 Transfer complete.

ftp: 发送 1329 字节,用时 0.00Seconds 1329000.00Kbytes/sec.

ftp>

3.5在设备上使用TFTP服务

tftp server-address { get | put | sget } source-filename [ destination-filename ] [ source { interface interface-type interface-number | ip source-ip-address } ]

在执行上传/下载操作时,到TFTP服务器的可达路由可能有多条,用户可以配置客户端TFTP报文的源地址

当设备作为TFTP客户端时,可以把本设备的文件上传到TFTP服务器,还可以从TFTP服务器下载文件到本地设备

下载分为普通下载和安全下载两种

4. VLAN配置

4.1创建VLAN并进入VLAN视图

[Switch] vlan vlan-id

4.2将指定端口加入到当前VLAN中

[Switch-vlan10] port interface-list

4.3配置端口的链路类型为Trunk类型

[Switch-Ethernet1/0/1] port link-type trunk

4.4允许指定的VLAN通过当前Trunk端口

[Switch-Ethernet1/0/1] port trunk permit vlan { vlan-id-list | all }

4.5设置Trunk端口的缺省VLAN

[Switch-Ethernet1/0/1] port trunk pvid vlan vlan-id

4.6配置端口的链路类型为Hybrid类型

[Switch-Ethernet1/0/1] port link-type hybrid

4.7允许指定的VLAN通过当前Hybrid端口

[Switch-Ethernet1/0/1] port hybrid vlan vlan-id-list { tagged | untagged }

4.8设置Hybrid端口的缺省VLAN

[Switch-Ethernet1/0/1] port hybrid pvid vlan vlan-id

4.9VLAN显示及维护

display vlan

5. STP基本配置

5.1开启设备STP特性

[Switch] stp enable

5.2关闭端口的STP特性

[Switch-Ethernet1/0/1] stp disable

5.3配置STP的工作模式

[Switch] stp mode { stp | rstp | mstp }

5.4STP可选配置

配置当前设备的优先级

[Switch] stp [ instance instance-id ] priority priority

5.5配置端口为边缘端口

[Switch-Ethernet1/0/1] stp edged-port enable

6. 802.1X基本配置

6.1开启全局的802.1X特性

[Switch] dot1x

6.2开启端口的802.1X特性

[Switch] dot1x interface interface-list

6.3添加本地接入用户并设置相关参数

[Switch] local-user user-name

[Switch-luser-localuser] service-type lan-access

[Switch-luser-localuser] password { cipher | simple } password

6.4802.1X典型配置举例

[SWA]dot1x

[SWA]dot1x interface ethernet1/0/1

[SWA]local-user localuser

[SWA-luser-localuser]password simple hello

[SWA-luser-localuser]service-type lan-access

7. 端口隔离基本配置

7.1将指定端口加入到隔离组中,端口成为隔离组的普通端口

[Switch-Ethernet1/0/1] port-isolate enable

7.2将指定端口加入到隔离组中,端口成为隔离组的上行端口

[Switch-Ethernet1/0/2] port-isolate uplink-port

8. 配置静态绑定表项

[Switch-Ethernet1/0/1] user-bind ip-address ip-address [ mac-address mac-address ]

9. 静态聚合配置

9.1创建聚合端口

[Switch] interface bridge-aggregation interface-number

9.2将以太网端口加入聚合组

[Switch-Ethernet1/0/1] port link-aggregation group number

9.3链路聚合显示及维护

display link-aggregation summary

H3CNE命令行归档_第1张图片

10. 配置静态及动态域名解析

H3CNE命令行归档_第2张图片

10.1配置DNS代理

使能DNS代理功能

[Router] dns proxy enable

10.2配置指定域名服务器

[Router] dns server ip-address

10.3显示静态域名解析表

[Router] display ip host

10.4 显示域名服务器信息

[Router] display dns server [ dynamic ]

10.5显示动态域名缓存区的信息

[Router] display dns dynamic-host

10.6显示DNS代理信息

[Router] display dns proxy table

11. DHCP服务器基本配置

11.1使能DHCP

[Router] dhcp enable

11.2创建DHCP地址池

[Router] dhcp server ip-pool pool-name

11.3配置动态分配的IP地址范围

[Router-dhcp-pool-0] network network-address [ mask-length | mask mask ]

11.4配置为DHCP客户端分配的网关地址

[Router-dhcp-pool-0] gateway-list ip-address

11.5配置为DHCP客户端分配的DNS服务器地址

[Router-dhcp-pool-0] dns-list ip-address

11.6配置DHCP地址池中不参与自动分配的IP地址

[Router] dhcp server forbidden-ip low-ip-address [ high-ip-address ]

11.7配置动态分配的IP地址的租用有效期限

[Router-dhcp-pool-0] expired { day day [ hour hour [ minute minute ] ] | unlimited }

11.8DHCP服务器基本配置示例

[Router] dhcp enable

[Router] server forbidden-ip 192.168.1.10

[Router] server forbidden-ip 192.168.1.254

[Router] dhcp server ip-pool 0

[Router-dhcp-pool-0] network 192.168.1.0 mask 255.255.255.0

[Router-dhcp-pool-0] gateway-list 192.168.1.254

[Router-dhcp-pool-0] dns-list 192.168.1.10

[Router-dhcp-pool-0] expired day 5

11.9显示DHCP地址池的可用地址信息

[Router] display dhcp server free-ip

11.10显示DHCP服务器的统计信息

[Router] display dhcp server statistics

11.11显示DHCP地址池中不参与自动分配的IP地址

[Router] display dhcp server forbidden-ip

12. DHCP中继基本配置

12.1使能DHCP

[Router] dhcp enable

12.2配置DHCP服务器组中DHCP服务器的IP地址

[Router] dhcp relay server-group group-id ip ip-address

12.3配置接口工作在DHCP中继模式

[Router-Ethernet1/1] dhcp select relay

12.4配置接口与DHCP组关联

[Router-Ethernet1/1] dhcp relay server-select group-id

12.5DHCP中继配置示例

[Router] dhcp enable

[Router] dhcp relay server-group 1 ip 192.168.1.10

[Router] interface ethernet 1/1

[Router-Ethernet1/1] dhcp select relay

[Router-Ethernet1/1] dhcp relay server-select 1

12.6显示接口对应的DHCP服务器组的信息

[Router] display dhcp relay { all | interface interface-type interface-number }

12.7显示DHCP服务器组中服务器的IP地址

[Router] display dhcp relay server-group { group-id | all }

12.8显示DHCP中继的相关报文统计信息

[Router] display dhcp relay statistics [ server-group { group-id | all } ]

13. 查看设备路由表

13.1查看IP路由表摘要信息

[Router] display ip routing-table

13.2查看符合指定目的地址的路由信息

[Router] display ip routing-table ip-address [ mask-length | mask ]

13.3查看路由表的统计信息

[Router] display ip routing-table statistics

14. VLAN间路由(单臂路由)

用802.1Q和子接口实现VLAN间路由

[RTA-GigabitEthernet0/0]interface GigabitEthernet0/0.1

[RTA-GigabitEthernet0/0.1]ip address 10.1.1.1 255.255.255.0

[RTA-GigabitEthernet0/0.1]interface GigabitEthernet0/0.2

[RTA-GigabitEthernet0/0.2]vlan-type dot1q vid 2

[RTA-GigabitEthernet0/0.2]ip address 10.1.2.1 255.255.255.0

[RTA-GigabitEthernet0/0.2]interface GigabitEthernet0/0.3

[RTA-GigabitEthernet0/0.3]vlan-type dot1q vid 3

[RTA-GigabitEthernet0/0.3]ip address 10.1.3.1 255.255.255.0

15. 静态路由配置命令

[Router]ip route-static dest-address { mask | mask-length } {gateway-address | interface-type interface-name } [ preference preference-value ]

配置要点:

只有下一跳所属的接口是点对点接口时,才可以填写interface-type interface-name,否则必须填写gateway-address

目的IP地址和掩码都为0.0.0.0的路由为默认路由

16. RIP基本配置

16.1创建RIP进程并进入RIP视图

[Router] rip [ process-id ]

16.2在指定网段接口上使能RIP

[Router-rip-1] network network-address

16.3配置接口工作在抑制状态

[Router-rip-1] silent-interface { all | interface-type interface-number }

16.4使能RIP水平分割功能

[Router-Ethernet1/0] rip split-horizon

16.5使能RIP毒性逆转功能

[Router-Ethernet1/0] rip poison-reverse

17. RIPv2配置任务

17.1指定全局RIP版本

[Router-rip-1] version { 1 | 2 }

17.2关闭RIPv2自动路由聚合功能

[Router-rip-1] undo summary

17.3配置RIPv2报文的认证

[Router-Ethernet1/0] rip authentication-mode { md5 { rfc2082 key-string key-id | rfc2453 key-string } | simple password }

17.4显示RIP当前运行状态及配置信息

display rip

18.OSPF基本配置命令

18.1配置Router ID

[Router]router id ip-address

18.2启动OSPF进程

[Router]ospf [ process-id ]

18.3重启OSPF进程

reset ospf [ process-id ]

18.4配置OSPF区域

[Router-ospf-100]area area-id

18.5在指定的接口上启动OSPF

[Router-ospf-1-area-0.0.0.0] network network-address wildcard-mask

18.6OSPF可选配置命令配置OSPF接口优先级

[Router-Ethernet0/0] ospf dr-priority priority

18.7配置OSPF接口Cost

[Router-Ethernet0/0] ospf cost value

18.8显示OSPF邻居信息

[H3C]display ospf peer

18.9显示OSPF的链路状态数据库

display ospf lsdb

18.10显示OSPF路由信息

display ospf routing

18.11显示OSPF摘要信息

[Router] display ospf brief

18.12显示启动OSPF的接口信息

[Router] display ospf interface

18.13显示OSPF的出错信息

[Router] display ospf error

18.14显示OSPF的进程信息

[Router] display ospf INTEGER<1-16635>

19. 访问控制列表

19.1启动包过滤防火墙功能

防火墙功能需要在路由器上启动后才能生效

[sysname] firewall enable

19.2设置防火墙的默认过滤方式

系统默认的默认过滤方式是permit

[sysname] firewall default { permit | deny }

20. 配置基本ACL

20.1配置基本ACL,并指定ACL序号

基本IPv4 ACL的序号取值范围为2000~2999

[sysname] acl number acl-number

20.2定义规则

制定要匹配的源IP地址范围

指定动作是permit或deny

[sysname-acl-basic-2000] rule [ rule-id ] { deny | permit } [ fragment | logging | source { sour-addr sour-wildcard | any } | time-range time-name ]

21.配置高级ACL

21.1配置高级IPv4 ACL,并指定ACL序号

高级IPv4 ACL的序号取值范围为3000~3999

[sysname] acl number acl-number

21.2定义规则

需要配置规则来匹配源IP地址、目的IP地址、IP承载的协议类型、协议端口号等信息

指定动作是permit或deny

[sysname-acl-adv-3000] rule [ rule-id ] { deny | permit } protocol [ destination { dest-addr dest-wildcard | any } | destination-port operator port1 [ port2 ] established | fragment | source { sour-addr sour-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-name]

21.3配置二层ACL

配置二层 ACL,并指定ACL序号

二层ACL的序号取值范围为4000~4999

[sysname] acl number acl-number

21.4定义规则

需要配置规则来匹配源MAC地址、目的MAC地址、802.1p优先级、二层协议类型等二层信息

指定动作是permit或拒绝deny

[sysname-acl-ethernetframe-3000] rule [ rule-id ] { deny | permit } [ cos vlan-pri | dest-mac dest-addr dest-mask | lsap lsap-code lsap-wildcard | source-mac sour-addr source-mask | time-range time-name]

21.5将ACL应用到接口上,配置的ACL包过滤才能生效

指明在接口上应用的方向是Outbound还是Inbound

[sysname-Serial2/0 ] firewall packet-filter { acl-number | name acl-name } { inbound | outbound }

21.6ACL包过滤显示与调试

H3CNE命令行归档_第3张图片

22. 网络地址转换

22.1Basic NAT配置示例

# 通过ACL定义一条rule,匹配源地址属于10.0.0.0/24网段的数据

[RTA]acl number 2000

[RTA-acl-basic-2000]rule 0 permit source 10.0.0.0 0.0.0.255

# 配置NAT地址池1用于地址转换的,地址池中的地址从198.76.28.11到198.76.28.20

[RTA]nat address-group 1 198.76.28.11 198.76.28.20

# 进入接口模式视图

[RTA]interface Ethernet0/1

# 将地址池1与acl 2000关联,并在接口出方向上应用NAT

[RTA-Ethernet0/1]nat outbound 2000 address-group 1 no-pat

22.2NAPT配置举例

# 通过ACL定义一条rule,匹配源地址属于10.0.0.0/24网段的数据

[RTA]acl number 2000

[RTA-acl-basic-2000]rule 0 permit source 10.0.0.0 0.0.0.255

# 配置NAT地址池1,地址池中只放入一个地址198.76.28.11

[RTA]nat address-group 1 198.76.28.11

# 进入接口模式视图

[RTA]interface Ethernet0/1

# 将地址池1与acl 2000关联,并在接口出方向上应用NAT

[RTA-Ethernet0/1]nat outbound 2000 address-group 1

22.3Easy IP配置举例

# 通过ACL定义一条rule,匹配源地址属于10.0.0.0/24网段的数据

[RTA]acl number 2000

[RTA-acl-basic-2000]rule 0 permit source 10.0.0.0 0.0.0.255

# 进入接口模式视图

[RTA]interface Ethernet0/1

# 将acl 2000与接口关联,并在出方向上应用NAT

[RTA-Ethernet0/1]nat outbound 2000 address-group 1

22.4NAT Server配置举例

# 进入接口模式视图

[RTA]interface Ethernet0/1

# 在出接口上将私网服务器地址和公网地址做一对一NAT映射绑定

[RTA-Ethernet0/1]nat server protocol tcp global 198.76.28.11 telnet inside 10.0.0.1 telnet

22.5NAT的信息显示和调试

显示地址转换信息

display nat { address-group | aging-time | all | outbound | server | statistics | session | [ slot slot-number ] | [ source global global-addr | source inside inside-addr ] | [ destionation ip-addr ] }

调试地址转换过程

debugging nat { alg | event | packet [ interface interface-type interface-number ] } nat aging-time { tcp | udp | icmp} seconds

清除地址转换连接

reset nat session