您好,欢迎访问三七文档
DHCP服务器[Router]dhcpenable[Router]serverforbidden-ip192.168.1.10[Router]serverforbidden-ip192.168.1.254[Router]dhcpserverip-pool0[Router-dhcp-pool-0]network192.168.1.0mask255.255.255.0[Router-dhcp-pool-0]gateway-list192.168.1.254[Router-dhcp-pool-0]dns-list192.168.1.10[Router-dhcp-pool-0]expiredday5配置动态分配的IP地址的租用有效期限[Router]displaydhcpserverfree-ip显示DHCP地址池的可用地址信息[Router]displaydhcpserverstatistics显示DHCP服务器的统计信息[Router]displaydhcpserverforbidden-ip显示DHCP地址池中不参与自动分配的IP地址DHCP中继[Router]dhcpenable[Router]dhcprelayserver-group1ip192.168.1.10配置DHCP服务器组中DHCP服务器的IP地址[Router]interfaceethernet1/1(此接口为连接客户端的接口)[Router-Ethernet1/1]dhcpselectrelay配置接口工作在DHCP中继模式[Router-Ethernet1/1]dhcprelayserver-select1配置接口与DHCP组关联[Router]displaydhcprelay{all|interfaceinterface-typeinterface-number}显示接口对应的DHCP服务器组的信息[Router]displaydhcprelayserver-group{group-id|all}显示DHCP服务器组中服务器的IP地址[Router]displaydhcprelaystatistics[server-group{group-id|all}]显示DHCP中继的相关报文统计信息PPPPAP验证配置示例RTA配置被验证方主验证方RTARTBSerial1/0Serial1/0local-userrouterapasswordsimplehelloservice-typepppinterfaceserial1/0pppauthentication-modepapRTB配置interfaceserial1/0ppppaplocal-userrouterapasswordsimplehelloCHAP验证配置示例1被验证方使用本地用户及密码进行验证RTA配置local-userrouterapasswordsimplehelloservice-typepppinterfaceserial1/0pppauthentication-modechappppchapuserrouterbRTB配置local-userrouterbpasswordsimplehelloservice-typepppinterfaceserial1/0pppchapuserrouteraCHAP验证配置示例2被验证方使用默认CHAP密码进行验证RTA配置local-userrouterapasswordsimplehelloservice-typepppinterfaceserial1/0pppauthentication-modechapRTB配置interfaceserial1/0pppchapuserrouterapppchappasswordsimplehello链路聚合配置举例被验证方主验证方RTARTBSerial1/0Serial1/0被验证方主验证方RTARTBSerial1/0Serial1/0静态聚合[SWA]interfacebridge-aggregation1[SWA-Ethernet1/0/1]portlink-aggregationgroup1[SWA-Ethernet1/0/2]portlink-aggregationgroup1[SWA-Ethernet1/0/3]portlink-aggregationgroup1[SWB]interfacebridge-aggregation1[SWB-Ethernet1/0/1]portlink-aggregationgroup1[SWB-Ethernet1/0/2]portlink-aggregationgroup1[SWB-Ethernet1/0/3]portlink-aggregationgroup1802.1X典型配置举例[SWA]dot1x开启全局的802.1X特性[SWA]dot1xinterfaceethernet1/0/1开启端口的802.1X特性[SWA]local-userlocaluser添加本地接入用户并设置相关参数[SWA-luser-localuser]passwordsimplehello[SWA-luser-localuser]service-typelan-access端口隔离基本配置[SWA]interfaceethernet1/0/2[SWA-Ethernet1/0/2]port-isolateenable[SWA]interfaceethernet1/0/3[SWA-Ethernet1/0/3]port-isolateenable[SWA]interfaceethernet1/0/4[SWA-Ethernet1/0/4]port-isolateenable[SWA]interfaceethernet1/0/1[SWA-Ethernet1/0/1]port-isolateuplink-port端口绑定配置[SWA]interfaceethernet1/0/2[SWA-Ethernet1/0/2]user-bindip-address10.1.1.1mac-address0001-0201-2123[SWA]interfaceethernet1/0/3[SWA-Ethernet1/0/3]user-bindip-address10.2.1.1mac-address0001-0401-2126[SWA]interfaceethernet1/0/4[SWA-Ethernet1/0/4]user-bindip-address10.3.1.1mac-address0002-0261-2562VLAN配置[SWA]vlan10[SWA-vlan10]portEthernet1/0/1[SWA]vlan20[SWA-vlan20]portEthernet1/0/2[SWA]interfaceEthernet1/0/24[SWA-Ethernet1/0/24]portlink-typetrunk[SWA-Ethernet1/0/24]porttrunkpermitvlan1020[SWB]vlan10[SWB-vlan10]portEthernet1/0/1[SWB]vlan20[SWB-vlan20]portEthernet1/0/2[SWB]interfaceEthernet1/0/24[SWB-Ethernet1/0/24]portlink-typetrunk[SWB-Ethernet1/0/24]porttrunkpermitvlan1020配置Trunk端口[Switch-Ethernet1/0/1]portlink-typetrunk配置端口的链路类型为Trunk类型[Switch-Ethernet1/0/1]porttrunkpermitvlan{vlan-id-list|all}允许指定的VLAN通过当前Trunk端口[Switch-Ethernet1/0/1]porttrunkpvidvlanvlan-id设置Trunk端口的缺省VLAN配置Hybrid端口[Switch-Ethernet1/0/1]portlink-typehybrid配置端口的链路类型为Hybrid类型[Switch-Ethernet1/0/1]porthybridvlanvlan-id-list{tagged|untagged}允许指定的VLAN通过当前Hybrid端口[Switch-Ethernet1/0/1]porthybridpvidvlanvlan-id设置Hybrid端口的缺省VLANVLAN显示及维护SwitchdisplayvlanVLANfunctionisenabled.Total3VLANexist(s).Now,thefollowingVLANexist(s):1(default),2,10当前交换机存在的VLANSwitchdisplayvlan2VLANID:2VLANType:staticRouteinterface:notconfiguredDescription:VLAN0002TaggedPorts:noneVLAN中哪些端口打标签UntaggedPorts:VLAN中哪些端口不打标签Ethernet1/0/1Ethernet1/0/3Ethernet1/0/4Switchdisplayinterfaceethernet1/0/1......PVID:1当前端口缺省VLANMditype:autoPortlink-type:access当前端口链路类型TaggedVLANID:noneUntaggedVLANID:1Portpriority:0......ACL对进出的数据包逐个过滤,丢弃或允许通过ACL应用于接口上,每个接口的出入双向分别过滤仅当数据包经过一个接口时,才能被此接口的此方向的ACL过滤基本访问控制列表2000~2999扩展访问控制列表3000~3999基于二层的访问控制列表4000~4999用户自定义的访问控制列表5000~5999高级ACL部署位置示例要求PCA不能访问NetworkA和NetworkB,但可以访问其他所有网络[RTC]firewallenable[RTC]aclnumber3000[RTC-acl-adv-3000]ruledenyipsource172.16.0.10destination192.168.0.00.0.1.255[RTC-Ethernet0/0]firewallpacket-filter3000inbound基本ACL部署位置示例要求PCA不能访问NetworkA和NetworkB,但可以访问其他所有网络[RTA]firewallenable[RTA]aclnumber2000[RTA-acl-basic-2000]ruledenysource172.16.0.10[RTA-Ethernet0/1]firewallpacket-filter2000inboundVPN主要的L2VPN技术L2TPPPTPMPLSL2VPN主要的L3VPN技术GREIPSecBGP/MPLSVPNSNMP启用snmp服务只读团体名读写团体名snmp版本v1使能所以类型的trap使接收snmptrap报文的主机为192.168.10.254发送trap报文的团体名为publicH3C无线AP分配101.1.1.1/24网段客户分配202.1.1.1/24网段1AC的配置(1)配置AC的接口#创建VLAN100及其对应的VLAN接口,并为该接口配置IP地址101.1.1.1/24。AC将使用该接口的IP地址与AP建立LWAPP隧道。ACsystem-view[AC]vlan100[AC-vlan100]quit[AC]interfacevlan-interface100[AC-Vlan-interface100]ipaddress101.1.1.124[AC-Vlan-interface100]qu
三七文档所有资源均是用户自行上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作他用。
扫描二维码
fabiao17
本文标题:H3C配置学习笔记
链接地址:https://www.777doc.com/doc-2875560 .html