H3C网络设备常用配置脚本
为了方便H3C网络设备的配置特建立此文档方便大家参考
工具/原料
H3C交换机
交换机初始化基本配置
sysname 交换机名字
super password level 3 cipher 密码
loopback-detection enable
user-interface aux 0
idle-timeout 30 0
user-interfacevty 0 4
idle-timeout 30 0
END
NTP时间同步配置
1. 1
clocktimezone GMT add 8
ntp-service unicast-server NTP服务器IP地址
ntp source-interface LoopBack 0 (三层交换机,存在Loopback口时)
2. 2
外网可用NTP服务器202.120.2.101
END
SSH服务配置
1. 1
Comware V3 Platform
acl number 2000
rule 1 permit source 192.168.0.1 0 //允许192.168.0.1登录
rule 50 deny
rsa local-key-pair create
user-interfacevty 0 4
acl 2000 inbound
protocol inbound ssh
ssh user admin authentication-type password //允许admin用户进行ssh登录
2. 2
Comware V5 Platform
acl number 2000
rule 1 permit source 192.168.0.1 0 //允许192.168.0.1登录
rule 50 deny
public-key local create rsa
ssh server enable
user-interfacevty 0 4
acl 2000 inbound
protocol inbound ssh
ssh user admin service-type all authentication-type password //允许admin 用户进行ssh登录
END
AAA认证配置
1. 1
Comware V3 Platform
local-user admin
password cipher *****
service-typessh telnet terminal
level 3
hwtacacs scheme acs
primary authentication *****
primary authorization *****
primary accounting *****
key authentication *****
key authorization *****
key accounting *****
user-name-format without-domain
domainacs
schemehwtacacs-scheme acs local
domain default enable acs
user-interface aux 0
authentication-mode scheme command-authorization
accounting commands scheme
user-interfacevty 0 4
authentication-mode scheme command-authorization
accounting commands scheme
2. 2
Comware V5 Platform
local-userhuangly
password cipher *****
authorization-attribute level 3
service-typessh telnet terminal
hwtacacs scheme acs
key authentication *****
key authorization *****
key accounting *****
domainacs
authentication default hwtacacs-scheme acs local
authorization default hwtacacs-scheme acs local
accounting default hwtacacs-scheme acs local
domain default enable acs
user-interface aux 0 8
authentication-mode scheme
command authorization
command accounting
user-interfacevty 0 4
authentication-mode scheme
command authorization
command accounting
END
SNMP服务配置
1. 1
SNMPv2
snmp-agent
snmp-agent community read *******
snmp-agent sys-info version all
2. 2
SNMPv3
snmp-agent
snmp-agent sys-info version v3
snmp-agent group v3 ******* privacy
snmp-agentusm-user v3 admin ******* authentication-mode md5 ******* privacy-mode des56 *******
END
Syslog服务配置
1. 1
info-centerlogbuffer size 1024
info-centerloghost ********
info-center loghost source LoopBack 0 (三层交换机,存在Loopback口时)
END
广播/组播风暴抑制
1. 1
连接终端接口
interface Ethernet1/0/1
broadcast-suppression bps 64
multicast-suppression bps 64
2. 2
级联口/Trunk口
interface GigabitEthernet1/0/1
broadcast-suppression 5
multicast-suppression 5
END
端口安全
1. 1
interface Ethernet1/0/1
port link-type access
port-security enable
port-security timer disableport 30
Interface Ethernet1/0/1
port-security max-mac-count 1
port-security intrusion-mode blockmac
port-security port-mode autolearn
END
静态ARP绑定
1. 1
arp static 192.168.10.47 0024-8117-4ce3
2. 2
终端接口速率限制
arp rate-limit rate 50 drop
3. 3
级联口/Trunk口速率限制
arp rate-limit rate 300 drop
END
生成树相关
1. 1
MST
stp enable
stp mode mstp
stpbpdu-protection
stp region-configuration
region-name ***
instance 1 vlan 53 to 60 127
revision-level 1
active region-configuration
stp instance 0 root primary (适用于主根)
stp instance 1 root primary (适用于备根)
stp instance 0 root secondary (适用于主根)
stp instance 1 root secondary (适用于备根)
2. 2
启用边缘端口(功能同PortFast)
interface Ethernet1/0/1
stp edged-port enable
END
VRRP
1. 1
interface Vlan-interface1
ip address 192.168.0.254 255.255.255.0
vrrpvrid 1 virtual-ip 192.168.0.254
vrrpvrid 1 preempt-mode
vrrpvrid 1 priority 110 (VRRP主)
vrrpvrid 1 track interface GigabitEthernet1/0/28 reduced 20 END
Port-Channel(LACP)
1. 1
omware V3 Platform
link-aggregation group 1 mode static
link-aggregation group 1 description LACP_to_CL-MYL-S3100-2X-1
int e1/0/21
port link-type trunk
port trunk permit vlan all
lacp enable
port link-aggregation group 1
int e1/0/22
port link-type trunk
port trunk permit vlan all
lacp enable
port link-aggregation group 1
2. 2
Comware V5 Platform
link-aggregation load-sharing mode destination-ip source-ip
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan all
interface GigabitEthernet1/0/22
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
interface GigabitEthernet1/0/24
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
END
光口复用
1. 1
combo enable fiber
END
注意事项
若觉得这篇经验写的好或者还凑合的话,记得点击页面右上角的“大拇指”或者“两角箭头”,谢谢了。百度经验首发,仅供参考哦!如果有任何意见,请留言,或者私信我。
版权所有,切勿转载哦!