Bowen directory:
First, the origin of the H3C
1, H3C product system
2, H3C and Cisco command contrast
two, H3C Basic Configuration
1, the host name and interface configuration
2, configure Telnet access (user name and password double authentication)
3, configure a static default route
4, VLAN and Trunk
5, configure ACL
6, configure NAT
7, PBR
A, H3C origin
Huawei 3COM H3C's predecessor company, Huawei 3COM and American joint venture company. In November 2006, Huawei 3COM its 49% stake in the $ 880 million to sell 3COM. In April 2007, the company officially changed its name to "Hangzhou H3C Technologies Co., Ltd.", referred to as "H3C".
Current data communication market is divided into telecom operators and enterprise network market, Huawei has focused on the carrier market, H3C and mainly focus on the enterprise network market. Cisco's business is across carrier and enterprise network market, and maintain a certain leading position in both markets. In the carrier market Huawei is Cisco's main rival in the H3C enterprise network market is Cisco's main rival. Cisco in the energy, finance, international business, and electric power industries have an advantage, but in H3C government, tobacco, transportation, small and medium enterprises and related government procurement advantage. China in the field of routers and switches, H3C's market share has been ranked first.
1, H3C product system
After years of development, H3C network product line already has the industry's most comprehensive network products, including a full range of routers, switches, WLAN, ICG information and communication gateways and business software products. Meanwhile H3C always explore customer needs, to provide users with next-generation unified fabric data center solution, IPv6 solutions, virtual campus network solution, the park wired and wireless integrated solutions, intelligent unified management solution, EAD solutions, 3G routing access solutions, two-way radio and television transformation solution that operators can manage wireless broadband solutions and a series of solutions. At present the application of its products and solutions have been covering the world nearly 100 countries and regions, the construction of the National Grand Theater, Hong Kong MTR major projects, the National Library, the Palace Museum, the Qinghai-Tibet railway.
Relying on the deep accumulation in the field of IP technology, H3C product system includes IP networking products, IP wireless products, IP security products, IP storage products, IP multimedia products, IP management products and training products. Following is a brief to tell you about routing and switching products Series IP networking products contain.
1) Router Series
There is H3C router product line with many similarities Csico router, its main product lines are also for different users and the development of network size, such as (Enterprise Router, Enterprise Routers) series ER for small businesses, MSR for medium-sized enterprises (Multiple services router, multi-service router) series for large enterprises and carriers SR (service router, service router) series, as shown below:
The main function of the application environment and corresponding to the following:
ER series routers: mainly used in small and medium enterprises broadband access low-end router series, mainly located in Ethernet, fiber optic and ADSL WAN access to the SMB market and government, organizations, Internet cafes and other network environments, such as the need for high-speed Internet Bandwidth Internet cafes, businesses, schools and hotels.
MSR series routers: mainly used in large and medium enterprises and branch offices of the company in the end router series. The routers integrating data, voice, security, user and open exchange of business is one that is integrated multi-service router products in the true sense. This is the most widely used in the enterprise of a class router series, the equivalent of Cisco's ISR series router.
- SR系列路由器:主要应用于大型企业,或者一些行业用户,如电信、电力、金融、教育、政府机关等万兆高端路由器系列。其中又根据目标用户分为两大部分,针对大型企业,以及金融、教育、政府机关等网络规模稍小、应用需求不是很高的用户推出了SR6600系列路由器,而针对运营商的IP骨干网、城域网及各种大型IP网络的核心和汇聚位置推出了SR8800系列路由器。
2)交换机系列产品
H3C以太网交换机产品线分常齐全,从园区到数据中心,从十万兆到百兆,从高端到低端,从核心层到接入层有许多可选产品方案,可以灵活满足不同层次用户的需求。其中核心层基本上都是路由式交换机,带有强劲的路由功能,代表系列有S10500、S9500E、S7500E、S7500等;在汇聚层主要是全千兆智能交换机,代表系列主要有S5500-EI/SI、S5510、S5120-EI/SI、S5600等。在接入层基本上是上行支持千兆以太网技术,下行基本上都是百兆的,代表系列和机型主要有S3100-EI/SI、S3600-EI/SI、S3610、E328、E126等。SMB交换机是指应用于中小型企业的交换机系列,代表系列和机型有S1000/1200、S1500/E、S1650、S2100、S5000P、S5000E等。交换系列的产品如下所示:
如上图中最下面的SMB交换机是指应用于中小型企业的交换机系列,代表系列和机型有S1000/1200、S1500L/E、S1650、S2100、S5000P、S500E等。
除了为广大的园区和企业用户提供全系列的园区以太网交换机产品外,H3C还专门为大中型企业或者互联网企业提供专门为数据中心开发的交换机产品。因为数据中心规模一般不大,主要用于互联网或者数据库管理,不是一般交换机可以随便胜任的。规模稍大的一些数据中心网络汇聚层也可以选用核心层的交换机、毕竟这类网络中对设备的数据处理性能等各方面的要求都非常高。具体产品如下图所示:
2、H3C与Cisco命令对比
H3C与Cisco路由器和交换机因属于不同的IOS平台,所以命令存在差异。
1)H3C与Cisco路由器命令差异如下表:
2)H3C与Cisco交换机命令差异如下表:
二、H3C基础配置
H3C的基础配置包括主机名与接口配置、telnet接入、静态路由、VLAN与Trunk、NAT和策略路由。具体配置如下:
1、主机名与接口配置
<H3C> system-view <!--进入特权模式-->
[H3C] sysname Li <!--设置主机名-->
[R1] interface ethernet 0/0/0 <!--进入接口-->
[R1-ethernet0/0/0] ip address 192.168.10.1 255.255.255.0 <!--配置接口IP地址-->
[R1-ethernet0/0/0] undo shutdown <!--启用接口,默认开启-->
[R1-ethernet0/0/0] description to LAN <!--接口描述,选配置-->
[R1-ethernet0/0/0]quit <!--退出-->2、配置Telnet接入(用户名和密码双认证)
[R1]telnet server enable <!--开启Telnet,默认开启-->
[R1]local-user admin <!--创建用户admin-->
[R1-luser-admin]password cipher 2019.com <!--配置密码-->
[R1-luser-admin]service-type telnet <!--指定服务器类型为telnet-->
[R1-luser-admin]authorization-attribute level 15 <!--指定命令级别为15级-->
[R1-luser-admin]quit <!--退出-->
[R1]user-interface vty 0 <!--进入vty线路-->
[R1-ui-vty 0]authentication-mode scheme <!--配置用户认证方式-->
[R1-ui-vty0]protocol inbound telnet <!--支持telnet-->
[R1-ui-vty0]quit <!--退出-->3、配置静态默认路由
[R1]ip rout-static 192.168.10.0 255.255.0.0 192.168.20.1 <!--配置静态路由-->
[R1]ip route-static 0.0.0.0 0.0.0.0 192.168.30.2 <!--配置默认路由-->4、配置VLAN与Trunk
[sw1]VLAN 2 <!--创建vlan2-->
[sw1-valn2]name caiwu <!--配置vlan2名-->
[sw1-vlan2]port e1/0/3 to e1/0/4 <!--将端口加入vlan-->
[sw1-vlan2]quit <!--退出-->
[sw1]interface e1/0/5 <!--进入接口-->
[sw1-ethernet1/0/5]port access vlan2 <!--vlan 2加入此接口-->
[sw1-ethernet1/0/5]quit <!--退出-->
[sw1]interface e1/0/1 <!--进入接口-->
[sw1-ethernet1/0/1]port link-type trunk <!--指定接口为trunk模式-->
[sw1-ethernet1/0/1]port trunk permit vlan all <!--允许所有vlan通过该trunk接口-->
[sw1-ethernet1/0/1]quit <!--退出-->5、配置ACL
H3C的ACL分为basic(标准)和advanced(扩展)两类:basic是基本acl编号2000-2999,对源地址控制,advanced是高级acl,编号3000-3999
[R1]acl advanced 3000 <!--创建一个高级ACL,编号范围3000~3999-->
[R1-acl-ipv4-basic-3000]rule 0 permit ip source 192.168.3.0 0.0.0.255 destination any
<!--允许源地址3.0网段去往任何目标地址-->
[R1]acl basic 2000 <!--创建基本ACL,编号范围2000~2999-->
[R1-acl-ipv4-basic-2001]rule 5 permit source 192.168.2.0 0.0.0.255 <!--抓取192.168.2.0/24网段的数据流-->6、配置NAT
通过NAT设备上静态建立或者动态生成的地址映射关系,可以实现内部网络与外部网络IP地址的转换。通常,我们按照地址映射关系的产生方式将地址转换分为动态地址转换和静态地址转换两类:
- 1)静态地址转换:外部网络和内部网络之间的地址映射关系在配置中确定,适用于内部网络与外部网络之间的少量固定访问需求。静态地址转换映射支持两种方式:
- 一对一静态转换映射。
- 网段对网段静态转换映射。
- 2)动态地址转换:外部网络和内部网络之间的地址映射关系由报文动态决定。通过配置访问控制列表和地址池(或接口地址)的关联,由“具有某些特征的IP报文”挑选使用“地址池中地址(或接口地址)”,从而建立动态地址映射关系。它适用于内部网络有大量用户需要访问外部网络的需求。这种情况下,关联中指定的地址池资源由内网报文按需从中选择使用,访问外网的会话结束之后该资源便释放给其他用户。
通过在接口上配置访问控制列表和地址池(或接口地址)的关联即可实现动态地址转换。若直接使用接口的IP地址作为转换后的地址,则配置Easy-IP功能来实现动态地址转换。若选择使用地址池中的地址作为转换后的地址,则根据地址转换过程中是否适用端口信息可将动态地址转换分为NO-PAT和PAPT两种方式:
- NO-PAY为不使用TCP/UDP端口信息实现的多对多地址转换。
- NAPT address using many-to-TCP / UDP port numbers conversion.
1) Easy-IP configuration:
[R1]acl basic 2000 <!--创建基本ACL,编号范围2000~2999-->
[R1-acl-ipv4-basic-2001]rule 5 permit source 192.168.2.0 0.0.0.255 <!--抓取192.168.2.0/24网段的数据流-->
[R1]int g0/0 <!--进入接口-->
[R1-GigabitEthernet0/0]ip add 192.168.10.1 24 <!--配置IP地址-->
[R1-GigabitEthernet0/0]undo shutdown <!--启用接口-->
[R1-GigabitEthernet0/0]nat outbound 2000 <!--配置为ACL2000出口-->2) nat-server configuration:
[R1]int g0/1 <!--进入接口-->
[R1-GigabitEthernet0/1]nat server protocol tcp global 192.168.10.1 23 inside 192.168.20.2 23 <!--将内网telnet功能发布到外网-->
[R1]dis nat session verbose <!--查看NAT转换信息-->7, PBR
[R1]policy-based-route test permit node 10 <!--策略路由的名字为test-->
[R1-pbr-test-10]if-match acl 2001 <!--调用用户创建的ACL-->
[R1-pbr-test-10]apply next-hop 192.168.100.2 <!--修改下一跳IP地址为192.168.100.2-->
[R1-pbr-test-10]quit
[R1]policy-based-route test permit node 20 <!--空节点流量放行-->
[R1-pbr-test-20]quit
[R1]int g0/1 <!--进入接口-->
[R1-GigabitEthernet0/1]ip policy-based-route test <!--应用策略路由-->
[R1-GigabitEthernet0/1]quit