Huawei switch port bulk edit
the first step to build port-group 1 group
the second step is added to the port group
group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/10
third step of the group of port operations. The above operation will also apply to port
port link-type access (access to access form)
Huawei switches batch add vlan
Step build port-group 1 group
the second step is added to the port group
group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/10
step Example: port default vlan 2
a single switch VLAN classification
system enter system view
system-view system view
quit retreated system view
undo vlan 20 20 is deleted VLAN
Sysname switch named
disp vlan display VLAN
VLAN vlan 20 creates (20 may also enter the vlan)
port E1 / 0 /. 1 to E1 / 0 / 1-5. 5 put into port VLAN 20 in
DISP vlan port 20 in the display vlan 20
int E1 / 0/24 access port 24
port access vlan 20 vlan 20 into the current port
undo port e1 / 0/10 indicates to delete the current VLAN ports 10
DISP display the current configuration Curr
two configure the switch to support the TELNET
System The system view
sysname switch named
int vlan 1. 1 enters the VLAN
IP address 192.168.3.100 255.255.255.0 IP address configuration
user- int vty 0 4 into the virtual terminal
authentication-mode password (aut password) set the password mode
set authentication password simple 222 (set aut pass sim 222) to set a password
user privilege level 3 (use priv lev 3) user level
disp current-configuration ( disp cur) view the current configuration
disp ip int View VLAN IP configuration switches
delete the configuration must retire user mode
reset saved-configuration (reset saved) to delete the configuration
reboot reboot the switch
three inter-switch VLAN communication
on SW1:
vlan 10 VLAN 10 to establish
int e1 / 0/5 5 access port
port Access added vlan 10 vlan 10 put port 5
vlan 20 20 is to establish the VLAN
int E1 / 0/15 into the port 15
Port 15 Port Access vlan 20 to 20 is added to the VLAN
int E1 / 0/24 into the port 24
Port Link Trunk-type TRUNK port to port 24 to
port trunk permit vlan all ditto
on SW2:
vlan 10 10 establishing VLAN
int E1 / 0/20 into the port 20
port Access vlan 10 to 10-port 20 into the VLAN
int E1 / 0/24 into the port 24
port Trunk of the type Link-24 port to the TRUNK port
port trunk permit vlan all (port trunk permit vlan 10 vlan 10 can only use) for all 24-port VLAN use
disp int e1 / 0/24 port 24 to see whether TRUNK
delete the sentence undo port trunk permit vlan all
four routes the configuration command
system to enter the system mode
sysname named
int e1 / 0 port into the
ip address 192.168.3.100 255.255.255.0 provided IP
Use the undo the shutdown port open
disp ip int e1 / 0 See IP interface where
disp ip int brief view IP interface where
user-int vty 0 4 enters the password mode
authentication-mode password (auth pass) to enter the password mode
set authentication password simple 222 37 Set Password
user privilege level 3 into the privilege level 3
Save to save the configuration
reset saved- configuration delete configuration (running in user mode)
Use the undo the shutdown configure remote access code
int E1 / 4
ip route 192.168.3.0 (target segment) 255.255.255.0 192.168.12.1 (the next-hop: the next router interface) a static route
ip route 0.0.0.0 0.0.0.0 192.168.12.1 default route
disp ip rout routing list displayed
Chinese-18 is the AR. 3C
E1 / 0 (LAN1-LAN4)
E2 of / 0 (WAN0)
E3 / 0 (the WAN1)
router use straight lines. wan0 pick wan0 or wan1 pick wan1
computer should be set to the gateway address of the router interfaces.
Five, three switches to configure VLAN-VLAN communication
sw1 (three switches):
System comes into view
sysname named
vlan 10 VLAN 10 to establish
VLAN 20 to establish the VLAN 20
int E1 / 0/20 into the port 20.
Port 20 Port Access VLAN 10 to 10 into the VLAN
int E1 / 0/24 port 24 into the
port link-type trunk port 24 to the port TRUNK
port trunk permit vlan all (port trunk permit vlan 10 vlan 10 can only use) port 24 using any VLAN
SW2:
vlan 10
int E1 / 0 /. 5
port Access vlan 10
int E1 / 0/24
port Link Trunk-type to the port 24 TRUNK port
port trunk permit vlan all (port trunk permit vlan 10 vlan 10 can only use) for all 24-port VLAN use
: sw1 (three switches)
10 int vlan 10 create a virtual interface VLAN
ip address 192.168.10.254 255.255.255.0 set addresses virtual interface VLAN 10 to
int vlan 20 create 20 virtual interface VLAN
ip address 192.168.20.254 255.255.255.0 set up a virtual interface address of IP VLAN 20
Note: vlan 10 in the computer's gateway to 192.168.10.254
vlan 20 is set in the gateway computer 192.168.20.254
six, dynamic routing, the RIP
Rl:
int e1 / 0 into the e1 / 0 port
ip address 192.168.3.1 255.255.255.0 set the IP
int e2 / 0 into the e2 / 0 port
ip adress 192.168 .5.1 255.255.255.0 IP setting
RIP disposed dynamic routing
network 192.168.5.0 defined IP
Network 192.168.3.0 defined IP
DISP IP routing interface view ROUT
R2:
int e1 / 0 into the e1 / 0 port
ip address 192.168.4.1 255.255.255.0 IP settings
int e2 / 0 enter e2 / 0 port
ip adress 192.168.5.2 255.255.255.0 set IP
RIP setting dynamic routing
network 192.168.5.0 defined IP
Network 192.168.4.0 defined IP
the DISP view ip ROUT routing interface
(note: two PC gateway set PC1 IP: 192.168.3.1 PC2 IP: 192.168.4.1 )
seven, IP access list
int E1 / 0
ip address 192.168.3.1 255.255.255.0
E2 int / 0
IP address 192.168.1.1 255.255.255.0
int E3 / 0
IP address 192.168.2.1 255.255.255.0
ACL Number 2001 (2001-2999 belong to the basic ACL)
rule. 1 Source the deny 192.168.1.0 0.0.0.255 (address rejected data segment 192.168.1.0)
rule 2 the permit 192.168.3.0 0.0.0.255 Source (allowing data segment address 192.168.3.0)
the following is the access control list in the application Interface:
Firewall enable
Firewall default the permit
int E3 / 0
Firewall Packet-filter 2001 outbound
the DISP display information acl 2001
undo acl number 2001 2001 delete control list
extended access control list
acl Number The 3001
rule Source deny tcp 192.168.3.0 0.0.0.255 Where do you want 192.168.2.0 0.0.0.255 Where do you want the FTP-Port EQ
must to perform in-acl-ADV-r 3001
rule in permit ip Source AN Where do you want the any (rule in permit ip)
e3 int / 0
Firewall enable open the firewall
firewall packet-filter 3001 inbound
need to perform in port E3 / 0
eight standard commands IP access list (three switches):
allows access to the server machine in the Group A information, does not allow access B set of machines (servers without limitation)
SYS
VLAN 10
name server
VLAN 20 is
name Teacher
VLAN 30
name Student
int E1 / 0 /. 5
Port Access VLAN 10
int E1 / 0/10
Port Access VLAN 20 is
int E1 / 0/15
Port Access VLAN 30
VLAN 10 int
IP address 192.168.10.1 255.255.255.0
Use the undo SH
int 20 is VLAN
IP address 192.168.20.1 255.255.255.0
int VLAN 30
IP address 192.168.30.1 255.255.255.0
ACL Number 2001
rule. 1 Source the deny the 192.168.30.0 0.0.0.255
Source 2 the permit the any rule
DISP view 2001 list ACL 2001
E1 / 0/10 int
Port 20 is VLAN Access
Packet-filter outbound IP-2001 rule. 1 Group
outlet
nine, allowing access to the machine A machine B but not FTP access WWW, C machine There are no restrictions.
10 VLAN
VLAN 20 is
VLAN 30
int E1 / 0 /. 5
Port Access VLAN 10
int E1 / 0/10
Port Access VLAN 20 is
int E1 / 0/15
Port Access VLAN 30
int 10 VLAN
IP address 192.168.10.1 255.255.255.0
Use the undo SH
int 20 is VLAN
IP address 192.168.20.1 255.255.255.0
int VLAN 30
IP address 192.168.30.1 255.255.255.0
ACL Number 3001
the 192.168.30.0. 1 the deny TCP Source rule 0.0.0.255 Where do you want 192.168.10.0 0.0.0.255 Where do you want WWW-Port EQ
int E1 / 0/15
Packet-filter inbound IP-3001 rule. 1 Group
import
ten, NAT address translation (single static one pair an address translation)
Rl:
SYS
Sysname Rl
int E1 / 0
IP address 192.168.3.1 255.255.255.0
int E2 / 0
IP address 192.1.1.1 255.255.255.0
R2:
SYS
Sysname R2
int E2 / 0
IP address 192.1.1.2 255.255.255.0
E1 int / 0
IP address 10.80.1.1 255.255.255.0
Back Rl:
NAT 192.1.1.1 192.168.3.1 static
int E2 / 0
NAT outbound static
IP route 0.0.0.0 0.0.0.0 192.1.1.2
eleven, NAT internal network segment the entire address Translation
R1:
SYS
Rl Sysname
int E1 / 0
IP address 192.168.3.1 255.255.255.0
int E2 / 0
IP address 192.1.1.1 255.255.255.0
ACL Number 2008
rule 0 Source the permit 192.168.3.0 0.0.0.255
rule. 1 the deny
quit
int E2 / 0
NAT outbound 2008
quit
IP 192.1.1.2 0.0.0.0 0.0.0.0 static route by the preference-60
↑
next router interface
R2:
SYS
Sysname R2
int E2 / 0
IP address 192.1.1.2 255.255.255.0
int E1 / 0
IP address 10.80.1.1 255.255. 255.0
the NAT address pool configuration:
Rl:
SYS
Sysname Rl
int E1 / 0
IP address 192.168.3.1 255.255.255.0
int E2 / 0
address 192.1.1.1 255.255.255.0 ip
NAT address 192.1.1.1 192.1.1.5 1-Group to address pool
undo address-group 1 to delete the address pool
acl number 2001 to create an access list
rule permit source 192.168.1.0 0.0.0.255
allow 192.168.1.0/ 24 network address translation (ethernet2 / 0 refers to port router wan):
int E2 / 0
NAT address 2001 outbound protocol-enabled. 1 Group
ip route 0.0.0.0 0.0.0.0 192.1.1.2 default route
R2:
SYS
Sysname R2
int E1 / 0
address 10.80.1.1 255.255.255.0 IP
int E2 / 0
IP address 192.1.1.2 255.255.255.0
AR18-22-8 configuration command
a, vlan configuration
1, vlan division scheme
-------------- ------------------------------------ -------------- ----
| sector | vlan name | ip address | port allocation |
-------------------------------------------------- ------------------
| J chamber | VLAN10 | 192.168.10.1/24 | Ethernet 3/1 |
| K chamber | vlan20 | 192.168.20.1/24 | ethernet 3 / 2 |
| C room | VLAN30 | 192.168.30.1/24 | Ethernet 3/3 |
| Server | VLAN40 | 192.168.0.1/24 | Ethernet. 3 / {4,5,6} |
--------- ----------------------------------------- --------- ---------
2 vlan command to display information
display specified VLAN information. display vlan vid
display processing specified maximum number of packets VLAN configuration. display vlan max-packet-process vid
explicitly specified VLAN packet statistics, including the number of packets sent and received. display vlan statistics vid vid
display a VLAN interface configuration information. display vlan interface interface-type interface- num
Clear packet statistics of the specified VLAN. VID VID VLAN statistics RESET
. 3, the physical port configuration
Router, Ethernet port into the view, designated link type of the port to the specified vlan, note vlan Access port is not added vlan1.
# Configure Ethernet3 /. 1
<H3C> System View-
H3C 3/1 Ethernet access port interface. 1
H3C-Ethernet3 / Link-type Access Port. 1 port type is provided Access
VLAN H3C-Ethernet3 / Access Port. 1 is added to this port 10 vlan10 in
H3C-Ethernet3 / quit. 1
# configure Ethernet3 / 2
H3C] 3/2 Ethernet interface
H3C-Ethernet3 / 2-type Link Access Port
H3C-Ethernet3 / Access Port VLAN 20 is 2
H3C-Ethernet3 / 2 quit
# configure Ethernet3 /. 3
H3C interface 3/3 Ethernet
H3C-Ethernet3 / Link-type Access Port. 3
H3C-Ethernet3 / Access Port VLAN. 3 30
H3C-Ethernet3 / quit. 3
# configure Ethernet3 /. 4
H3C 3/4 Ethernet interface
H3C-Ethernet3 / Link-type Access Port. 4
Ethernet3-H3C / Access Port VLAN 40. 4
H3C-Ethernet3 / quit. 4
# arranged Ethernet3 /. 5
H3C Ethernet interface of 3/5
H3C-Ethernet3 / Link-type Access Port. 5
H3C-Ethernet3 / Access Port VLAN 40. 5
H3C-Ethernet3 /. 5 quit
# configure Ethernet3 /. 6
H3C 3/6 Ethernet interface
H3C-Ethernet3 / Link-type Access port. 6
H3C-Ethernet3 / Access port VLAN. 6 40
H3C-Ethernet3 / quit. 6
. 4, the virtual port disposed
between the VLAN to achieve interoperability, the need configure the Ethernet sub-interface, i.e. corresponding to the VLAN routing interface is created and the corresponding sub-interface view, and to configure appropriate protocol VLAN ID associated with the package, and an IP address and mask, ethernet 3/0 three layer virtual port.
# Configure. 3 Ethernet / 0.1
H3C. 3 Ethernet interface / sub-interface is created and the 0.1
H3C-Ethernet3 / 0.1 vlan-type dot1q vid 10 disposed Ethernet encapsulation type VLAN ID associated with the sub-interface
H3C-Ethernet3 / 0.1 ip address 192.168 .10.1 255.255.255.0
Ethernet3-H3C / 0.1 quit
# Configure. 3 Ethernet / 0.2
H3C Ethernet interface. 3 / 0.2
H3C-Ethernet3 / 0.2 VID VLAN-type dot1q 20 is
H3C-Ethernet3 / 0.2 IP address 192.168.20.1 255.255.255.0
H3C-Ethernet3 / 0.2 quit
# Configure . 3 ethernet / 0.3
H3C Ethernet interface. 3 / 0.3
H3C-Ethernet3 / 0.3 VID VLAN-type dot1q 30
H3C-Ethernet3 / 0.3 IP address 192.168.30.1 255.255.255.0
H3C-Ethernet3 / 0.3 quit
# configure. 3 Ethernet / 0.4
H3C Ethernet interface. 3 /0.4
H3C-Ethernet3 / 0.4 VID VLAN-type dot1q 40
H3C-Ethernet3 / 0.4 255.255.255.0 IP address 192.168.0.1
H3C-Ethernet3 / 0.4 quit
two, DHCP server configuration
1, detect a DHCP server
display dhcp server ip-in-use View address pool dynamic address binding information
display dhcp server conflict view the DHCP address conflict statistics
display dhcp server statistics View DHCP server statistics
display dhcp servertree View DHCP address pool structure
2, the specific configuration
# common configuration (server and relay are applicable)
<H3C> System-View into the system view
H3C dhcp enable enable DHCP
H3C dhcp server detect enabled DHCP server detection function
# global address pool configured
H3C dhcp select global interface ethernet 3 / 0.1 to ethernet 3 / 0.4 enabled on the interface DHCP server mode, from the global address pool are assigned
H3C dhcp server ip-pool vlan10 create a global address pool vlan10 (supports up to 128 global address pool / router)
H3C-ip-mask 255.255.255.0 192.168.10.0 the pool Network configuration dynamically assigned IP address range (only configuration 1 / address pool)
H3C-IP-23 is the pool expired The Day. 7 hour 59 minute configuration lease
H3C-ip-pool domain-name pearl.cn configuration domain
H3C-ip-pool dns-list ip-address 192.168.0.6 202.106.0.20 202.106.196.115 configuration DNS (up to 8 / address pool)
H3C-ip-pool gateway-list ip-address 192.168.10.1 configure the default gateway (up to 8 / address pool)
H3C-Forbidden DHCP Server IP 192.168.10.1 192.168.10.10 IP configuration address range reserved (the plurality of configurable / Address Pool )
H3C Relay Information Server enable dhcp enable dHCP Server 82 supports the Option
# interface address pool configuration
H3C dhcp select interface interface ethernet 3 / 0.1 to ethernet 3 / 0.4 ( refer to refer to the physical interface or virtual interface ???)
to configure multiple interfaces work in DHCP Server mode, from the interface address pool, created automatically "interface address pool"
H3C expired the DHCP Server. 7 Day hour 59 minute 23 is Ethernet interface. 3 / 0.1 to Ethernet. 3 / 0.4
H3C DHCP Server Domain name-interface pearl.cn . 3 Ethernet / Ethernet. 3 to 0.1 / 0.4
H3C DHCP Server DNS-List-IP address 202.106.0.20 192.168.0.6 202.106.196.115 Ethernet interface. 3 / 0.1 to Ethernet. 3 / 0.4
H3C Ethernet interface. 3 / 0.1
H3C-interface Gateway IP-List -address 192.168.10.1
H3C dhcp server forbidden-ip 192.168.10.1 192.168.10.10 ( whether with the interface mode ??)
H3C DHCP Relay Server Information enable
three up, NAT configuration
# Configure the address pool and ACL:
H3C-Group. 1 NAT address 222.128.28.172 222.128 .28.174
H3C ACL Number 2001
H3C-ACL-Basic-2001rule the permit 192.168.0.0 0.0.0.255 Source
# network address translation allows 192.168.0.0/24 (ethernet3 / 0 refers to port router wan):
H3C interface the ethernet3 / 0
H3C-the ethernet3 / 2001 0 outbound NAT-address. 1 Group
# set internal FTP server:
H3C-the ethernet3 / 0 NAT Global server Protocol TCP FTP 222.128.28.171 192.168.0.8 inside
# www servers disposed inside. 1:
H3C-the ethernet3 / NAT server Protocol TCP Global 0 inside 192.168.0.9 www 222.128.28.171
# 2 set the internal www server:
H3C-ethernet3/0 nat server protocol tcp global 222.128.28.171 8080 inside 192.168.0.10 www
Huawei switches commonly used commands
Guess you like
Origin www.cnblogs.com/calakuai/p/11717437.html
Ranking