H3C-S5500基本配置思路及实用命令

H3C S5500基本配置思路及实用命令

1. 总体配置思路：

1) 添加VLAN1，并将相应端口添加到该VLAN。(在VLAN状态下才可一次将多个端口加入相应VLAN,interface e 1/0/1 to e 1/0/24) 2) 添加VLAN2，并将其置为管理VLAN(在#状态下management-vlan 2)，才可设置其VLAN的IP地址。 3) 添加静态路由。

4) 配置端口TRUNK模式。 5) 配置远程登录VTY认证。 6) 配置本地用户。

2. 进入特权模式System View System View

System View: return to User View with Ctrl+Z. [H3C]dis

[H3C]display cur

3. 配置交换机主机名sysname sysname H3C 4. 添加VLAN vlan 1

或在此状态下直接将相应端口加入该VLAN (否则只能一个口一个口的添加)

Interface e 1/0/1 to e 1/0/24

5. 配置管理VLAN-- management-vlan management-vlan 2

6. 给管理VLAN添加IP地址interface Vlan-interface1 ip address 10.10.40.176 255.255.255.0 7. 添加端口到VLAN：port access vlan 1 interface GigabitEthernet1/0/2 port access vlan 1

8. 远程登录配置及3A认证模式 user-interface vty 0 4 authentication-mode scheme 9. 配置3A认证本地用户及属性 local-user test

password simple testpwd

authorization-attribute level 3 service-type telnet 可能的配置

local-user test

password simple test service-type telnet level 3

10. 将端口配置为Trunk口

interface GigabitEthernet1/0/20

1

port link-type trunk

port trunk permit vlan all 11. 添加静态路由

ip route-static 0.0.0.0 0.0.0.0 10.10.40.1 12. 查看路由表

display ip routing-table

[H3C]display ip routing-table Routing Tables: Public

Destinations : 7 Routes : 7

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/0 Static 60 0 10.10.40.1 Vlan2

10.10.40.0/24 Direct 0 0 10.10.40.180 Vlan2

10.10.40.180/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

192.168.76.0/24 Direct 0 0 192.168.76.3 Vlan76

192.168.76.3/32 Direct 0 0 127.0.0.1 InLoop0

13. 显示当前配置display current-configuration [H3C]display current-configuration 14. 查看端口及VLAN的up/down状态 display brief interface

[H3C]display brief interface

The brief information of interface(s) under route mode:

Interface Link Protocol-link Protocol type Main IP

NULL0 UP UP(spoofing) NULL --

Vlan1 UP UP ETHERNET 192.168.76.3

Vlan2 UP UP ETHERNET 10.10.40.180

The brief information of interface(s) under bridge mode:

Interface Link Speed Duplex Link-type PVID

GE1/0/1 UP 1G(a) full(a) access 1

GE1/0/2 DOWN auto auto access

2

1

GE1/0/3 DOWN auto auto access 1

GE1/0/9 DOWN auto auto access 1

GE1/0/10 DOWN auto auto access 1

display brief interface GigabitEthernet 1/0/1

[H3C]display brief interface GigabitEthernet 1/0/1

The brief information of interface(s) under bridge mode:

Interface Link Speed Duplex Link-type PVID

GE1/0/1 UP 1G(a) full(a) access 1

display brief interface Vlan-interface 1

[H3C]display brief interface Vlan-interface 1

The brief information of interface(s) under route mode:

Interface Link Protocol-link Protocol type Main IP

Vlan1 UP UP ETHERNET 192.168.76.3

15. 查看MAC地址缓存表 display mac-address

[H3C]display mac-address

MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)

0000-e7a7-2374 1 Learned GigabitEthernet1/0/19 AGING

0000-e8f1-6952 1 Learned GigabitEthernet1/0/19 AGING

0001-6c41-9cee 1 Learned GigabitEthernet1/0/19 AGING

000c-2919-0d6c 1 Learned GigabitEthernet1/0/19 AGING

000c-2961-d8ea 1 Learned GigabitEthernet1/0/19 AGING

16. 查看某一端口的MAC地址缓存表

display mac-address interface GigabitEthernet 1/0/1

[H3C]display mac-address interface GigabitEthernet 1/0/1

MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)

0016-3642-e888 1 Learned GigabitEthernet1/0/1 AGING

0016-eca2-d69d 1 Learned GigabitEthernet1/0/1

3

AGING

001c-25d8-77b6 1 Learned GigabitEthernet1/0/1 AGING

0024-1d6e-6fbe 1 Learned GigabitEthernet1/0/1 AGING

17. 查看ARP缓存表 display arp

[H3C]display arp

Type: S-Static D-Dynamic

IP Address MAC Address VLAN ID Interface Aging Type

192.168.76.56 0016-eca2-d69d 1 GE1/0/1 20 D

192.168.76.131 0016-3642-e888 1 GE1/0/1 19 D

192.168.76.171 0024-1d6e-6fbe 1 GE1/0/1 13 D

10.10.40.1 0018-742d-4fc0 2 GE1/0/19 14 D

192.168.76.1 0018-742d-4fc0 1 GE1/0/19 10 D

18. Tftp备份配置

1) 查看配置文件名及所在文件夹-dir 配置文件名可能为startup.cfg或config.cfg 配置文件可能在flash:/或unit1>flash:/目录下 dir flash:/ Directory of flash:/

0 -rw- 8221183 Aug 11 2010 16:27:52 s5500tpsi-cmw520-r2202p11.bin

1 -rw- 2365 Apr 26 2000 12:13:58 startup.cfg(配置文件名)

31496 KB total (23460 KB free) dir

Directory of unit1>flash:/

1 -rw- 3146 Jan 01 2004 00:00:00 config.def

2 (*) -rw- 3711222 Mar 25 2011 16:51:52 s31si_e-cmw310-r2211p07.bin

3 (*) -rw- 886025 Jan 01 2004 00:00:00 h3c-http3.1.9-0019.web

4 (*) -rw- 2834 Apr 03 2000 01:20:33 config.cfg(配置文件名)

7239 KB total (2739 KB free)

4

(*) -with main attribute (b) -with backup attribute (*b) -with both main and backup attribute

tftp 172.16.8.91 put unit1>flash:/config.cfg 10.10.40.185.txt

File will be transferred in binary mode.

Sending file to remote tftp server. Please wait... | TFTP: 2979 bytes sent in 0 second(s). File uploaded successfully.

dir

Directory of unit1>flash:/

1 -rw- 3146 Jan 01 2004 00:00:00 config.def

2 (*) -rw- 3711222 Mar 25 2011 16:51:52 s31si_e-cmw310-r2211p07.bin

3 (*) -rw- 886025 Jan 01 2004 00:00:00 h3c-http3.1.9-0019.web

4 (*) -rw- 2979 Apr 02 2000 07:17:02 config.cfg

7239 KB total (2739 KB free)

(*) -with main attribute (b) -with backup attribute (*b) -with both main and backup attribute 2) 配置可以使用tftp的ACL acl number 2000

rule permit source 172.16.8.91 0 [jyzx-px-zhongxin]acl number 2000 [jyzx-px-zhongxin-acl-basic-2000]rule permit source 172.16.8.91 ? 0 Wildcard bits : 0.0.0.0 ( a host ) X.X.X.X Wildcard of source

[jyzx-px-zhongxin-acl-basic-2000]rule permit source 172.16.8.91 0 3) 配置tftp服务器- tftp-server acl 2000 tftp-server acl 2000

[jyzx-px-zhongxin]tftp-server acl 2000

The ACL number does not exist or contains no rule. Continue? [Y/N]:y(如果还没有配置ACL,则会有此提示)

[jyzx-px-zhongxin]tftp client source ip 172.16.8.91

4) 备份配置文件到tftp软件所在目录下(在用户视图下,即“>”状态下)

tftp 172.16.8.91 put flash:/startup.cfg (无目标文件名则表示与源文件名同名)

tftp 172.16.8.91 put flash:/startup.cfg startup.txt(将配置文件保存为txt文件)

tftp 172.16.8.91 put flash:/startup.cfg

5

File will be transferred in binary mode

Sending file to remote TFTP server. Please wait... \\ TFTP: 2365 bytes sent in 0 second(s). File uploaded successfully.

tftp 172.16.8.91 put flash:/startup.cfg 10.10.40.177.txt

File will be transferred in binary mode

Sending file to remote TFTP server. Please wait... \\ TFTP: 2365 bytes sent in 0 second(s). File uploaded successfully. 5) 小结过程

在特权状态下配置ACL和Tftp-server信息 acl number 2000

rule permit source 172.16.8.91 0 quit

tftp-server acl 2000 save

在用户视图下备份配置

tftp 172.16.8.91 put flash:/startup.cfg 10.10.40.177.txt 19. 关闭实时信息- undo info-center enable [jyzx-bg-4-x]undo info-center enable % Information center is disabled

20. 问题1：无法用system-view命令进入特权模式

原因：因为local-user中用户认证属性设置不对，level 3必须设置。 21. 问题2：无法配置VLAN的IP地址

提示：Vlan-interface must be the same as Management-vlan

原因：只有一个VLAN为管理VLAN，必须将要配置IP地址的VLAN设置为管理VLAN才能配置。在#状态下，用management-vlan 2命令即可进入。

6

File will be transferred in binary mode

Sending file to remote TFTP server. Please wait... \\ TFTP: 2365 bytes sent in 0 second(s). File uploaded successfully.

tftp 172.16.8.91 put flash:/startup.cfg 10.10.40.177.txt

File will be transferred in binary mode

Sending file to remote TFTP server. Please wait... \\ TFTP: 2365 bytes sent in 0 second(s). File uploaded successfully. 5) 小结过程

在特权状态下配置ACL和Tftp-server信息 acl number 2000

rule permit source 172.16.8.91 0 quit

tftp-server acl 2000 save

在用户视图下备份配置

tftp 172.16.8.91 put flash:/startup.cfg 10.10.40.177.txt 19. 关闭实时信息- undo info-center enable [jyzx-bg-4-x]undo info-center enable % Information center is disabled

20. 问题1：无法用system-view命令进入特权模式

原因：因为local-user中用户认证属性设置不对，level 3必须设置。 21. 问题2：无法配置VLAN的IP地址

提示：Vlan-interface must be the same as Management-vlan

原因：只有一个VLAN为管理VLAN，必须将要配置IP地址的VLAN设置为管理VLAN才能配置。在#状态下，用management-vlan 2命令即可进入。

6

本文来源：https://www.bwwdw.com/article/j793.html