H3C常用配置和命令

时间:2024-03-06 11:17:07

邻居发现命令
[H3C]display lldp neighbor-information list
[H3C]public-key local create  #生成本地密钥对

H3C链路聚合配置
[H3C]interface Ten-GigabitEthernet 1/0/1
[H3C-Ten-GigabitEthernet1/0/1]port link-mode bridge
[H3C-Ten-GigabitEthernet1/0/1]description "Server"
[H3C-Ten-GigabitEthernet1/0/1]port link-type trunk
[H3C-Ten-GigabitEthernet1/0/1]port trunk pvid vlan 10
[H3C-Ten-GigabitEthernet1/0/1]bpdu-drop any
[H3C-Ten-GigabitEthernet1/0/1]stp edged-port
[H3C-Ten-GigabitEthernet1/0/1]port link-aggregation group 1
[H3C]interface Bridge-Aggregation 1
[H3C-Bridge-Aggregation1]port link-type trunk
[H3C-Bridge-Aggregation1]port trunk pvid vlan 10   #设置本帧vlan为vlan 10
[H3C-Bridge-Aggregation1]link-aggregation mode dynamic   #使用LACP(ComwareV5配置方法:lacp mode active)如使用静态不配置该命令
[H3C-Bridge-Aggregation1]lacp edge-port   #配置聚合接口为聚合边缘接口,边缘接口一般用来接host
[H3C-Bridge-Aggregation1]stp edged-port
[H3C]display link-aggregation summary    #H3C查看使用的链路聚合协议

DHCP中继配置
dhcp enable
dhcp relay server-group 1 ip x.x.x.x #x为DHCP服务器的ip地址
int vlan 30
     dhcp select relay
     dhcp relay server-select 1

在H3C交换机配置dhcp服务器时查看地址的分配情况
dis dhcp server ip-in-use pool vlan1006
dis dhcp server free-ip pool vlan1006

在H3C交换机上释放dhcp分配的地址
<H3C>reset dhcp server ip-in-use all

查看接口描述
[H3C]display interface brief description
[H3C]display ip interface brief description

default接口
[h3c]interface GigabitEthernet 1/0/41
[h3c-GigabitEthernet1/0/41]default

802.1X配置

1、全局开启802.1X
dot1x
dot1x authentication-method eap
dot1x timer quiet-period 10
dot1x timer tx-period 10
mac-authentication
mac-authentication domain 1x
radius scheme 1x
primary authentication 172.28.101.3
primary accounting 172.28.101.3
secondary authentication 172.28.101.2
secondary accounting 172.28.101.2
key authentication cipher $c$3$NAIz9CqJDECj7p7qCeuCDXbmfRIcyOtxxCDlaA==
key accounting cipher $c$3$TaTYg1NBpPoTzE97hwyZJSEnRnFiBvIpaVoOgg==
user-name-format without-domain
radius scheme system
user-name-format without-domain
domain 1x
authentication lan-access radius-scheme 1x
authorization lan-access radius-scheme 1x
accounting lan-access radius-scheme 1x

2、接口下开启802.1X
interface GigabitEthernet2/0/1
description 802.1x_authenration
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 1030 3000 untagged
port hybrid pvid vlan 3000
mac-vlan enable
stp edged-port
dot1x
undo dot1x handshake
dot1x mandatory-domain 1x
undo dot1x multicast-trigger
dot1x re-authenticate
dot1x unicast-trigger
dot1x guest-vlan 1030
dot1x auth-fail vlan 1030
mac-authentication
mac-authentication domain 1x
mac-authentication guest-vlan 1030
mac-authentication parallel-with-dot1x
View Code

日志管理
display logbuffer #查看日志
reset logbuffer #清除日志

查看arp
[CORE]arp max-learning-number 1024 #设置arp最大学习条目(h3c最大条目数为1024)
[CORE]dis arp all count #查看arp已使用条目
<CORE>reset arp dynamic #清除动态arp表
[CORE]dis ip routing-table summary #查看最大支持路由条目

SSH,Telnet登陆配置

user-interface vty 0 4
 authentication-mode password
 user privilege level 3
 set authentication password cipher admin
local-user admin
 password cipher admin
 authorization-attribute level 3
 service-type ssh telnet
 service-type web
user-interface vty 0 4
 authentication-mode scheme

H3C版本升级及打补丁:
<H3C>dis version
<H3C>ftp 192.168.1.1
ftp>help
ftp>dir
ftp>get S6800-CMW710-R2612P02.ipe
ftp>get S6800-CMW710-SYSTEM-R2612P02H21.bin
<H3C>boot-loader file flash:/S6800-CMW710-R2612P02.ipe all main
<H3C>dis boot-loader
<H3C>reboot
<H3C>dis patch information
<H3C>dis install active
<H3C>dir
<H3C>install activate patch flash:/S6800-CMW710-SYSTEM-R2612P02H21.bin all
<H3C>install commit
<H3C>dis install active

参考链接:
      https://zhiliao.h3c.com/questions      #H3C知了社区
      https://info.support.huawei.com/onlinetoolweb/ptmngsys/Web/tsrev_s/cn/content/s/index.html
      https://info.support.huawei.com/onlinetoolweb/tsrev/cn/index.html
      http://www.h3c.com/cn/d_201811/1131076_30005_0.htm   #解读vxlan