H3C 交换机配置命令

H3C 交换机配置命令
三层和二层交换机配置命令

dis this 查看下属命令
save 保存
reboot 重启

初始化命令和提示选项
reset saved-configuration 初始----清除所有配置信息后
提示是否初始化：The saved configuration file will be erased. Are you sure? Y

reboot 重启 初始化密码h3c
提示保留配置：This command will reboot the device. Current configuration will be lost, save current configuration?N

提示是否重启：This command will reboot the device. Continue?Y

删除vlan里ip地址
[H3C]interface Vlan20（vlan名称）
[H3C-vlan-interface20]no ip address

端口添加VLAN
[H3C]interface GigabitEthernet1/0/1
[H3C-vlan-GigabitEthernet1/0/1]port access vlan 20
[H3C-vlan-GigabitEthernet1/0/1]quit

批量修改/添加VLAN
[H3C ]vlan 216
[H3C-vlan216]port ethernet 1/0/23 to ethernet 1/0/28 （连续端口批量添加IP）
[H3C-vlan216]port ethernet 1/0/2 ethernet 1/0/4 ethernet 1/0/6 （断续端口批量添加IP）

删除vlan
[H3C]int g 1/0/1
[H3C-vlan-GigabitEthernet1/0/1]undo port access vlan 20
[H3C-vlan-GigabitEthernet1/0/1]quit
再删除配置接口
[H3C]undo int vlan 20(删除所有在vlan20下的GE接口)
删除VLAN
[H3C]undo vlan 20(删除所创建后的vlan20)

如要删除interface GigabitEthernet 1/0/47里的下列命令
port link-type trunk
port trunk permit vlan all
port link-aggregation group 4

在port前加上undo删除
[H3C]interface GigabitEthernet1/0/47
[H3C-vlan-GigabitEthernet1/0/47]undo port link-aggregation group
[H3C-vlan-GigabitEthernet1/0/47]undo port trunk permit vlan all
[H3C-vlan-GigabitEthernet1/0/47]undo port link-type trunk
或 undo port link-type

删除alc单条命令
[H3C]acl number 3000
[H3C_CS1-acl-adv-3000]undo rule 1

---

1.password认证telnet登录方式
system-view 进入系统视图
[H3C]sysname H3C_IS4 改名称
[H3C_IS4]telnet server enable 启用telnet
[H3C_IS4]user-interface vty 0 4
[H3C_IS4-line-vty0-4]authentication-mode password 不需要输入用户名，只输入密码登录
authentication-mode scheme 设置用户远程登录方式为使用用户名和密码
[H3C_IS4-line-vty0-4]user-role admin （s3100在创建用户时在视图窗口“[H3C]”下，[H3C] local-user admin 命令）
[H3C_IS4-line-vty0-4]user-role level-15 (s3100创建权限使用：user privilege level 3user privilege level-15)
[H3C_IS4-line-vty0-4]set authentication password simple jkzx+is4（密码)
[H3C_IS4-line-vty0-4]screen-length 30
[H3C_IS4-line-vty0-4]history-command max-size 20
[H3C_IS4-line-vty0-4]idle-timeout 6
[H3C_IS4-line-vty0-4]protocol inbound telnet

2.passeord认证console口登录方式
system-view 进入系统视图
[H3C]sytname H3C_IS4 改名称
[H3C_IS4]user-interface aux 0
[H3C_IS4-ui-aux0]authentication-mode password
[H3C_IS4-ui-aux0]user-role admin （s3100在创建用户时在视图窗口“[H3C]”下，[H3C] local-user admin 命令）
[H3C_IS4-ui-aux0]user-role level-15 (s3100创建权限使用：user privilege level 3)
[H3C_IS4-ui-aux0]set authentication password simple jkzx+is4(密码)
[H3C_IS4-ui-aux0]screen-lengthe 30
[H3C_IS4-ui-aux0]history-command max-size 20
[H3C_IS4-ui-aux0]idle-timeout 5
[H3C_IS4-ui-aux0]speed 9600（超级链接端口设置 9600 19200等）

3.web方式登录
system-view 进入系统视图
[H3C]sytname H3C_IS4 改名称
[H3C_IS4]vlan 20
[H3C_IS4]interface vlan-interface 20
[H3C_IS4-vlan-interface20]ip address 172.16.0.14 255.255.255.224
[H3C_IS4-vlan-interface20]quit
[H3C_IS4]ip route-static 0.0.0.0 0.0.0.0 172.16.0.1 指定下一跳地址
[H3C_IS4]
[H3C_IS4]ip http enable
[H3C_IS4]ip https enable
[H3C_IS4]local-user admin
[H3C_IS4-luser-admin]authorization-attribute user-role level-15 (service-type telnet level-15)
[H3C_IS4-luser-admin]passeword simple jkzx+is4（密码）
[H3C_IS4-luser-admin]service-type http https 启用http和https服务。
[H3C_IS4-luser-admin]service-type telnet terminal
[H3C_IS4-luser-admin]authorization-attribute user-role network-admin
[H3C_IS4-luser-admin]quit
[H3C_IS4]save(保存)

4.Vlan
[H3C_IS4]vlan 100 to 133
[H3C_IS4]stp global enable 全局启用
[H3C_IS4]interface Bridge-Aggregation 4
[H3C_IS4-Bridge-Aggregation4]port link-type trunk
[H3C_IS4-Bridge-Aggregation4]port trunk permit vlan all
[H3C_IS4-Bridge-Aggregation4]quit
[H3C_IS4]
[H3C_IS4]interface GigabitEthernet 1/0/4
[H3C_IS4-GigabitEthernet1/0/47]port link-type trunk
[H3C_IS4-GigabitEthernet1/0/47]port trunk permit vlan all
[H3C_IS4-GigabitEthernet1/0/47]port link-aggregation group 4
[H3C_IS4]
[H3C_IS4]undo info-center logfile enable 开启系统视图

---

三层配置ACL后二层不用配置ACL

ACL登录用户控制
system-view 进入系统视图
[H3C]sytname H3C_IS4 改名称
[H3C_IS4]
[H3C_IS4]acl number2000 进入acl 2000视图
[H3C_IS4-acl-basic-2000]rule 1 permit source 10.0.10.111 0
[H3C_IS4-acl-basic-2000]rule 2 permit source 10.0.10.122 0
[H3C_IS4-acl-basic-2000]rule 3 deny soure any 仅允许10.111和10.112访问telnet snmp web访问交换机
[H3C_IS4-acl-basic-2000]quit

ip对telnet用户进行控制
[H3C_IS4]acl number2000 进入acl 2000视图
[H3C_IS4-acl-basic-2000]rule 1 permit source 10.0.10.111 0
[H3C_IS4-acl-basic-2000]rule 2 permit source 10.0.10.122 0
[H3C_IS4-acl-basic-2000]rule 3 deny soure any 仅允许10.111和10.112访问telnet snmp web访问交换机
[H3C_IS4-acl-basic-2000]quit
[H3C_IS4]
[H3C_IS4]user-interface vty 0 4
[H3C_IS4-ui-vty0-4]acl 2000 inbound
[H3C_IS4-ui-vty0-4]quit

ip对网管用户进行控制
[H3C_IS4]acl number2000 进入acl 2000视图
[H3C_IS4-acl-basic-2000]rule 1 permit source 10.0.10.111 0
[H3C_IS4-acl-basic-2000]rule 2 permit source 10.0.10.122 0
[H3C_IS4-acl-basic-2000]rule 3 deny soure any 仅允许10.111和10.112访问telnet snmp web访问交换机
[H3C_IS4-acl-basic-2000]quit
[H3C_IS4]
[H3C_IS4]snmp-agent communtiy read aaa acl 2000
[H3C_IS4]snmp-agent group v2c groupa acl 2000
[H3C_IS4]snmp-agent usm-user v2c usera groupa acl 2000

ip对web用户进行控制
[H3C_IS4]acl number2000 进入acl 2000视图
[H3C_IS4-acl-basic-2000]rule 1 permit source 10.0.10.111 0
[H3C_IS4-acl-basic-2000]rule 2 permit source 10.0.10.122 0
[H3C_IS4-acl-basic-2000]rule 3 deny soure any 仅允许10.111和10.112访问telnet snmp web访问交换机
[H3C_IS4-acl-basic-2000]quit
[H3C_IS4]
[H3C_IS4]ip http acl 2000

---

FTP
[h3c]local-user ftp
[h3c-local-user-ftp]password simple 123456
[h3c-local-user-ftp]service-type ftp
交换为s5120系列-V7平台需要加入下来命令：
[h3c-local-user-ftp]authorization-attribute user-role level-15
[h3c-local-user-ftp]authorization-attribute user-role network-admin
[h3c-local-user-ftp]authorization-attribute user-role network-operator
启用ftp服务
[h3c]ftp server enable

下载配置文件
运行CMD，或者附件里打开命令提示符

ftp 172.16.0.22 ip地址
用户名：ftp 输入用户
密码：jkzx+iscs 输入密码
ftp> dir 配置文件名称命令
ftp>get config.cfg 下载配置文件config.cfg；
文件保存在C:\用户\用户名文件夹里。
例如：我的电脑登录用户ghq，配置文件保存在C:\Users\ghq
ftp>quit 退出