For a long time, for the command configuration of Huawei, H3C, Ruijie, and Cisco switches, the configuration commands of the four switches are easy to confuse , and often make mistakes in the actual project configuration. Therefore, in this issue, we will introduce the basic configuration commands of these four switches , you can see the difference between their commands separately.
Let's take a detailed look at the configuration commands of switches from Cisco, Huawei, H3C, and Ruirui.
To make it clearer, each line of code is explained.
1. Huawei switch basic configuration commands
1. Create VLANs:
<Quidway> //User view, that is, run commands in Quidway mode.
<Quidway>system-view //Enter configuration view
[Quidway] vlan 10 //Create vlan 10 and enter vlan10 configuration view, if vlan10 exists, directly enter vlan10 configuration view
[Quidway-vlan10] quit //Return to configuration view
[ Quidway] vlan 100 //Create vlan 100 and enter vlan100 configuration view, if vlan10 exists, directly enter vlan100 configuration view
[Quidway-vlan100] quit //Back to configuration view
2. Add the port to the vlan:
[Quidway] interface GigabitEthernet2/0/1 (10G optical port)
[Quidway- GigabitEthernet2/0/1] port link-type access //Define port transmission mode
[Quidway- GigabitEthernet2/0/1] port default vlan 100 //Set Add the port to vlan100
[Quidway- GigabitEthernet2/0/1] quit //Back to configuration view
[Quidway] interface GigabitEthernet1/0/0 //Enter the first GigabitEthernet port configuration view on slot 1. 0 represents port 1
[Quidway- GigabitEthernet1/0/0] port link-type access //Define port transmission mode
[Quidway- GigabitEthernet2/0/1] port default vlan 10 //Add this port to vlan10
[Quidway- GigabitEthernet2/0/1] quit
3. Add multiple ports to VLAN
<Quidway>system-view
[Quidway]vlan 10
[Quidway-vlan10]port GigabitEthernet 1/0/0 to 1/0/29 //Add ports 0 to 29 to vlan10
[Quidway-vlan10]quit
4. Configure the IP address of the switch
[Quidway] interface Vlanif100 // Enter vlan100 interface view is different from vlan 100 command
[Quidway-Vlanif100] ip address 119.167.200.90 255.255.255.252 // Define vlan100 management IP Layer 3 switching gateway route
[Quidway-Vlanif100] quit / /Return to view
[Quidway] interface Vlanif10 // Enter vlan10 interface view is different from vlan 10 command
[Quidway-Vlanif10] ip address 119.167.206.129 255.255.255.128 // Define vlan10 management IP Layer 3 switching gateway route
[Quidway-Vlanif10] quit
5. Configure the default gateway:
[Quidway]ip route-static 0.0.0.0 0.0.0.0 119.167.200.89 //Configure the default gateway.
6. Switch save settings and reset commands
<Quidway>save //Save the configuration information
<Quidway>reset saved-configuration //Reset the configuration of the switch
<Quidway>reboot //Restart the switch
7. Display commands commonly used by switches
In user view mode:
<Quidway>display current-configuration //Display the current configuration details of the switch
<Quidway>display device //Display the status of each device
<Quidway>display interface? //Display a port status, use? You can check the following option
<Quidway>display version //Check the switch firmware version information
<Quidway>display vlan? // View vlan configuration information
8. Restore the factory settings of the switch
<Quidway>reset saved-configuration //reset the configuration of the switch
2. Basic configuration of H3C switch
Let's first understand the configuration commands and functions of h3c, which are commonly used. Basically, these commands are indispensable for most network configurations.
1. Basic configuration
<H3C> //User straight mode prompt, user view
<H3C>system-view // Enter the configuration view
[H3C] sysname xxx //Set the host name to xxx here to modify the privileged user password
2. User configuration
<H3C>system-view
[H3C]super password H3C //Set the password for user classification
[H3C]undo superpassword //Delete user hierarchical password
[H3C]localuser bigheap 1234561 //Web network management user settings, 1 is the management level user
[H3C]undo localuser bigheap //delete web network management user
[H3C]user-interface aux 0 //Only support 0
[H3C-Aux]idle-timeout 250 //Set the timeout to 2 minutes and 50 seconds, if it is 0, it means no timeout, the default is 5 minutes
[H3C-Aux]undoidle-timeout //restore default value
[H3C]user-interface vty 0 //Only support 0 and 1
[H3C-vty]idle-timeout 250 //Set the timeout to 2 minutes and 50 seconds, if it is 0, it means no timeout, the default is 5 minutes
[H3C-vty]undoidle-timeout //restore default value
[H3C-vty]set authentication password123456 //Set telnet password, must be set
[H3C-vty]undo set authenticationpassword //Cancel password
[H3C]displayusers //display users
[H3C]displayuser-interface //User interface status
3. VLAN configuration
[H3C]vlan 2 //Create VLAN2
[H3C]undo vlanall //Delete all VLANs except the default VLAN, the default VLAN cannot be deleted
[H3C-vlan2]port Ethernet 0/4 to Ethernet0/7 //Add ports 4 to 7 to VLAN2, this command can only be used to add access ports, not trunk or hybrid ports
[H3C-vlan2]port-isolate enable //Enable the port isolation feature in the VLAN, which cannot be forwarded at the second layer, and this function is not enabled by default
[H3C-Ethernet0/4]port-isolate uplink-portvlan 2 //Set 4 as the isolated uplink port of VLAN2 , which is used to forward Layer 2 data. Only one uplink port can be configured. If it is trunk, it is recommended to allow all VLANs to pass through. Isolation cannot be configured at the same time as aggregation
[H3C]display vlan all // Display detailed information of all VLANs
[H3C]user-group 20 //Create user-group 20, only user-group 1 exists by default
[H3C-UserGroup20]port Ethernet 0/4 toEthernet 0/7 // Add ports 4 to 7 to VLAN 20, which belong to user-group 1 initially
[H3C]display user-group 20 //Display related information of user-group 20
Fourth, the switch ip configuration
[H3C]vlan 20 // create vlan
[H3C]management-vlan 20 //management vlan
[H3C]interface vlan-interface 20 // Enter and manage vlan20
[H3C]undo interface vlan-interface 20 //Delete management VLAN port
[H3C-Vlan-interface20]ip address192.168.1.2 255.255.255.0 // Configure the static IP address of the management VLAN interface
[H3C-Vlan-interface20]undo ipaddress //Delete IP address
[H3C-Vlan-interface20]ip gateway 192.168.1.1 //Specify the default gateway (no gateway address by default)
[H3C-Vlan-interface20]undo ip gateway
[H3C-Vlan-interface20]shutdown // Close the interface
[H3C-Vlan-interface20]undo shutdown //Enable
[H3C]display ip //Display the relevant information of the management VLAN interface IP
[H3C]display interface vlan-interface20 //View the interface information of the management VLAN
<H3C>debugging ip //Enable IP debugging function
<H3C>undo debugging ip
5. DHCP client configuration
[H3C-Vlan-interface20]ip address dhcp-alloc // The management VLAN interface obtains an IP address through DHCP
[H3C-Vlan-interface20]undo ip address dhcp-alloc // 取消
[H3C]display dhcp //Display DHCP client information
<H3C>debugging dhcp-alloc //Enable the DHCP debugging function
<H3C>undo debugging dhcp-alloc
6. Port configuration
[H3C]interface Ethernet0/3 //Enter port
[H3C-Ethernet0/3]shutdown //Close the port
[H3C-Ethernet0/3]speed 100 //speed can be 10,100,1000 and auto(default)
[H3C-Ethernet0/3]duplexfull // Duplex, can be half, full and auto, optical port and aggregation cannot be configured
[H3C-Ethernet0/3]flow-control // Enable flow control, the default is off
[H3C-Ethernet0/3]broadcast-suppression 20 //Set the suppression broadcast percentage to 20%, which can be 5, 10, 20, 100, the default is 100, and multicast and unknown unicast are also affected by this
[H3C-Ethernet0/3]loopback internal //inner loop test
[H3C-Ethernet0/3]port link-type trunk //Set the link type to trunk
[H3C-Ethernet0/3]port trunk pvid vlan 20 //Set 20 as the default VLAN of the trunk, and the default is 1 (PVID at both ends of the trunk line must be the same)
[H3C-Ethernet0/3]port access vlan 20 //Add the current access port to the specified VLAN
[H3C-Ethernet0/3]port trunk permit vlanall //Allow all VLANs to pass through the current trunk port, this command can be used multiple times
[H3C-Ethernet0/3]mdiauto //Set the Ethernet port to automatic monitoring, normal to straight line, across to cross line
[H3C]link-aggregation Ethernet 0/1 toEthernet 0/4 // Add 1-4 ports to the aggregation group, 1 is the main port, both ends need to be configured at the same time, ports with port mirroring and port isolation cannot be aggregated
[H3C]undo link-aggregation Ethernet 0/1 //Delete this aggregation group
[H3C]link-aggregation mode egress //Configure the port aggregation mode to load balance according to the destination MAC address, the options are ingress, egress and both, and the default is both
[H3C]monitor-port Ethernet 0/2 // Set this port as a mirror port , the mirror port must be set first, and the mirrored port must be deleted before deleting, and they cannot be in the same port, and the port cannot be in the aggregation group , when setting a new mirror port, the new one replaces the old one, and the mirrored port remains unchanged
[H3C]mirroring-port Ethernet 0/3 toEthernet 0/4 both //Set ports 3 and 4 as mirrored ports , both means to monitor received and sent packets at the same time, inbound means only to monitor received messages, and outbound means Only monitor sent packets
[H3C]display mirror
[H3C]display interface Ethernet 0/3
<H3C>resetcounters // Clear all port statistics
[H3C]display link-aggregation Ethernet0/3 // Display port aggregation information
[H3C-Ethernet0/3]virtual-cable-test //Diagnose the circuit status of this port
7. qos priority configuration
QoS configuration steps: set the priority of the port, set the priority mode of the switch trust message, queue scheduling, port speed limit
[H3C-Ethernet0/3]priority 7 //Set the port priority to 7 , the default is 0
[H3C]priority-trustcos //Set the priority mode of switch trust packets to cos (802.1p priority, default value), and can also be set to dscp mode
[H3C]queue-scheduler hq-wrr 2 4 6 8 //Set the queue scheduling algorithm to HQ-WRR (the default is WRR), and the weight is 2, 4, 6, 8
[H3C-Ethernet0/3]line-rate inbound 29 // Limit the port import rate to 2Mbps. When 1-28 is selected, the rate is rate*8*1024/125, that is, 64,128,192...1.792M;
When 29-127, the rate is (rate-27)*1024, that is, 2M, 3M, 4M...100M.
[H3C]displayqueue-scheduler //display queue scheduling mode and parameters
[H3C]displaypriority-trust // display priority trust mode
3. Ruijie switch basic command configuration
After connecting to the switch, command configuration is definitely required. Let's look at the basic command configuration.
1. Prepare command
>Enable //Enter the privileged mode
#Exit //Return to the previous operation mode
#End //Return to the privileged mode
#copy running-config startup-config //Save the configuration file
#del flash:config.text //Delete the configuration file (Switches and 1700 series routers)
#erase startup-config //Delete configuration files (2500 series routers)
#del flash:vlan.dat //Delete Vlan configuration information (switches)
#Configure terminal //Enter global configuration mode
(config) # hostname switchA //Configure the device name as switchA
(config)#banner motd & //Configure the daily reminder & as the terminator
(config)#enable secret level 1 0 star //Configure the remote login password as star
(config)# enable secret level 15 0 star //Configure the privileged password to star
Level 1 is a common user level, optional 1~15, 15 is the highest authority level; 0 means the password is not encrypted
(config)#enable services web-server //Enable Switch WEB management function
Services can choose the following: web-server (WEB management), telnet-server (remote login), etc.
2. View information
#show running-config //View the current effective configuration information
#show interface fastethernet 0/3 //View F0/3 port information
#show interface serial 1/2 //View S1/2 port information
#show interface //View all Port information
#show ip interface brief //View all port information in a concise way
#show ip interface //View all port information
#show version //View version information
#show mac-address-table //View the current MAC address table of the switch Information
#show running-config //View the current effective configuration information
#show vlan //View all VLAN information
#show vlan id 10 //View information of a certain VLAN (such as VLAN10)
#show interface fastethernet 0/1 //View A certain port mode (such as F 0/1)
#show aggregateport 1 summary //View the information of the aggregation port AG1
#show spanning-tree //View the spanning tree configuration information
#show spanning-tree interface fastethernet 0/1 //View the spanning tree status of the port
#show port-security //View the port security configuration information of the switch
#show port-security address //View the address security binding configuration information
#show ip access-lists listname //View the configuration information of the list named listname
3. Basic port configuration
(config)#Interface fastethernet 0/3 //Enter F0/3 port configuration mode
(config)#interface range fa 0/1-2,0/5,0/7-9 //Enter Port configuration mode of F0/1, F0/2, F0/5, F0/7, F0/8, F0/9 (config-if) #speed 10
//Configure the port speed as 10M, optional 10, 100, auto
(config -if)#duplex full //Configure the port as full-duplex mode, optional full (full-duplex), half (half-duplex), auto (adaptive) (config-if
)#no shutdown //Enable the port
( config-if)#switchport access vlan 10 //Add this port to VLAN10 for VLAN
(config-if)#switchport mode trunk //Set this port to trunk mode, the optional mode is access, trunk
(config -if)#port-group 1 //Add this port to the aggregation port AG1 for aggregation port
4. Creation of aggregation ports
(config)# interface aggregateport 1 //Create aggregate interface AG1
(config-if)# switchport mode trunk //Configure and ensure that AG1 is in trunk mode
(config)#int f0/23-24
(config-if-range)#port -group 1 //Add the port (port group) to the aggregation port AG1
5. Spanning tree
Configure Multiple Spanning Tree Protocol:
switch(config)#spanning-tree //Enable Spanning Tree Protocol
switch(config)#spanning-tree mst configuration //establish multiple spanning tree protocol
switch(config-mst)#name ruijie //name it ruijie
switch(config-mst)#revision 1 //set revision 1
switch( config-mst)#instance 0 vlan 10,20 //Create instance 0
switch(config-mst)#instance 1 vlan 30,40 //Create instance 1
switch(config)#spanning-tree mst 0 priority 4096 //Set priority The level is 4096
switch(config)#spanning-tree mst 1 priority 8192 //Set the priority to 8192
switch(config)#interface vlan 10
switch(config-if)#vrrp 1 ip 192.168.10.1 //This is for vlan 10 IP address
switch(config)#interface vlan 20
switch(config-if)#vrrp 1 ip 192.168.20.1 //This is the IP address of vlan 20
switch(config)#interface vlan 30
switch(config-if)#vrrp 2 ip 192.168.30.1 //This is the IP address of vlan 30 (another Layer 3 switch)
switch(config)#interface vlan 40
switch(config-if)#vrrp 2 ip 192.168.40.1 //This is the IP address of vlan 40 (another layer-3 switch)
6. Basic configuration of VLAN
(config)#vlan 10 //Create VLAN10
(config-vlan)#name vlanname //Name the VLAN as vlanname
(config-if)#switchport access vlan 10 //Add this port to the
interface configuration mode of a port in VLAN10 Carry out
(config)#interface vlan 10 //Enter the virtual port configuration mode of VLAN 10
(config-if)# ip address 192.168.1.1 255.255.255.0 //Configure IP and mask for the virtual port of VLAN10, the Layer 2 switch can only Configure an IP, which is used as a management IP, for example, the IP address to log in with Telnet
(config-if)# no shutdown //enable this port
7. Port Security
(config)# interface fastethernet 0/1 //Enter a port
(config-if)# switchport port-security //Enable the security function of this port
a. Configure the maximum number of connections
(config-if)# switchport port-secruity maxmum 1 //Configure the maximum number of connections on the port to 1, and the maximum number of connections to 128 (config-if)
# switchport port-secruity violation shutdown
//Configure the handling method of security violations as shutdown , which can be selected as protect (discard unknown addresses when the number of safe addresses is full), restrict (send a Trap notification when a violation occurs), shutdown (close the port when a violation occurs, and send a Trap notification, which can be set in the global mode Use errdisable recovery to recover)
b. IP and MAC address binding
(config-if)#switchport port-security mac-address xxxx.xxxx.xxxx ip-address 172.16.1.1
//In interface configuration mode, configure MAC address xxxx.xxxx.xxxx and IP172.16.1.1 for binding (MAC address Note the use of lowercase)
8. Layer 3 routing function (for Layer 3 switches)
(config)# ip routing //Enable the routing function of the Layer 3 switch
(config)# interface fastethernet 0/1
(config-if)# no switchport //Enable the Layer 3 routing function of the port (so that a certain port can be configured IP)
(config-if)# ip address 192.168.1.1 255.255.255.0
(config-if)# no shutdown
9. Layer 3 switch routing protocol
(config)# ip route 172.16.1.0 255.255.255.0 172.16.2.1 //Configure static routing
Note: 172.16.1.0 255.255.255.0 // is the network number and subnet mask of the target network, and
172.16.2.1 is the address of the next hop, which can also be represented by an interface, such as ip route 172.16.1.0 255.255.255.0 serial 1/2( The port connected to 172.16.2.0)
(config)# router rip //Enable the RIP protocol process
(config-router)# network 172.16.1.0 //Declare the directly connected network segment information of this device
(config-router)# version 2 //Enable RIP V2, optional version 1(RIPV1), version 2(RIPV2)
(config-router)# no auto-summary //Turn off the automatic summary function of routing information (only supported in RIPV2)
(config)# router ospf //Open OSPF routing protocol process ( For 1762, no process ID is required)
(config)# router ospf 1 //Enable OSPF routing protocol process (for 2501, OSPF process ID needs to be added)
(config-router)# network 192.168.1.0 0.0.0.255 area 0
//Declare Directly connected network segment information, and assign an area number (area0 is the backbone area)
It can be clearly seen that the commands of the three companies are similar, but Huawei and H3C are more similar.
4. Basic configuration commands of Cisco switches
In addition to the above three commands, we usually do projects, and we may also encounter Cisco switches. Let's learn about the configuration commands of Cisco switches in detail.
1: Enter privileged mode enable
switch> enable
switch#
2: Enter the global configuration mode configure terminal
switch> enable
switch#c onfigure terminal
switch(conf)#
3: Name the switch hostname aptech2950 Take aptech2950 as an example
switch> enable
switch#c onfigure terminal
switch(conf)#hostname aptch-2950
aptech2950(conf)#
4: Configure enable password enable password cisco Take cisco as an example
switch> enable
switch#c onfigure terminal
switch(conf)#hostname aptch2950
aptech2950(conf)# enable password cisco
5: Configure enable password enable secret ciscolab Take cicsolab as an example
switch> enable
switch#c onfigure terminal
switch(conf)#hostname aptch2950
aptech2950(conf)# enable secret ciscolab
6: Create multiple VLANs
1. Create multiple VLANs
Switch>enable (enter privileged mode)
Switch#vlan data (enter vlan configuration mode)
Switch(vlan)#vlan 10 name IT (divide vlan10, named IT)
Switch(vlan)#vlan 20 name HR (divide vlan20, named HR)
Switch(vlan)#vlan 30 name FIN (divide vlan30, the name is FIN)
Switch(vlan)#vlan 40 name LOG (divide vlan40, the name is LOG)
Switch(vlan)#exit
7: set vlan 1
switch> enable
switch#c onfigure terminal
switch(conf)#hostname aptch2950
aptech2950(conf)# interface vlan 1
aptech2950(conf-if)#ip address 192.168.1.1 255.255.255.0 Configure switch port ip and subnet mask
aptech2950(conf-if)#no shut is configuration is running
aptech2950(conf-if)#exit
aptech2950(conf)#ip default-gateway 192.168.254 Set the gateway address
8: Enter interface fastehernet 0/17 of a certain port of the switch, taking port 17 as an example
switch> enable
switch#c onfigure terminal
switch(conf)#hostname aptch2950
aptech2950(conf)# interface fastehernet 0/17
aptech2950(conf-if)#
9: View command show
switch> enable
switch# show version View all version information in the system
show interface vlan 1 View the configuration information of the switch about the ip protocol
show running-configure View the current configuration information of the switch
show interface fastethernet 0/1 View the specific configuration and statistics of the switch 1 interface
show mac-address-table View mac address table
show mac-address-table aging-time View the automatic aging time of the mac address table
10: The switch restores the factory default recovery command
switch> enable
switch# erase startup-configure
switch# reload
11: Duplex mode setting
switch> enable
switch#c onfigure terminal
switch2950(conf)#hostname aptch-2950
aptech2950(conf)# interface fasterhernet 0/17 Take port 17 as an example
aptech2950(conf-if)#duplex full/half/auto has three options: full, half, auto
item
11: cdp related commands
switch> enable
switch# show cdp View the global cdp configuration information of the device
show cdp interface fastethernet 0/17 View the cdp configuration information of port 17
show cdp traffic View statistics about cdp packets
show cdp nerghbors lists cisco devices connected to the device
12: Switch telnet remote login settings:
switch>en
switch#c onfigure terminal
switch(conf)#hostname aptech-2950
aptech2950(conf)#enable password cisco Use cisco as the privileged mode password
aptech2950(conf)#interface fastethernet 0/1 Use port 17 as telnet remote login port
aptech2950(conf-if)#ip address 192.168.1.1 255.255.255.0
aptech2950(conf-if)#no shut
aptech2950(conf-if)#exit
aptech2950(conf)line vty 0 4 Set 0-4 users to log in remotely via telnet
aptech2950(conf-line)#login
aptech2950(conf-line)#password edge Use edge as the user password for remote login
Host settings:
ip 192.168.1.2 The ip of the host must be in the same network as the address of the switch port
part
netmask 255.255.255.0
gate-way 192.168.1.1 The gateway address is the switch port address
run:
telnet 192.168.1.1
Enter the telnet remote login interface
password : edge
aptech2950>en
password: cisco
aptech#