本篇文章为“H3C交换机开局基础配置”,主要涵盖配置管理地址、聚合端口、静态路由、ACL,SSH远程管理、Console、SNMP、NTP时钟、日志主机等内容,方便调试人员远程管理、调试。
目录
#Step-1_设备名称配置:
system-view
sysname Core_S7503X
#Step-2_邻居发现协议:
lldp global enable#Step-3_VLAN配置:
vlan 100
#
vlan 100
description For_Device_Manage#Step-4_管理IP配置:
interface Vlan-interface100
description For_DevManage_Vlanif
ip address 172.28.115.254 255.255.255.0
quit
interface GigabitEthernet 1/0/1
port link-type access
port access vlan 100
#Step-5_链路聚接口配置:
interface Bridge-Aggregation 1
Quit
interface Bridge-Aggregation 11
Quit
#
interface Ten-GigabitEthernet 5/0/47
description To_SecPath_F1000_G1/0/20
port link-aggregation group 1
interface Ten-GigabitEthernet 5/0/48
description To_SecPath_F1000_G1/0/21
port link-aggregation group 1
Quit
interface Ten-GigabitEthernet 5/0/1
description To_Con_S6520X_XG1/0/23
port link-aggregation group 11
interface Ten-GigabitEthernet 5/0/2
description To_Con_S6520X_XG1/0/24
port link-aggregation group 11
Quit
#
interface Bridge-Aggregation1
description To_SecPath_F1000_BAGG2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100
link-aggregation mode dynamic
#
interface Bridge-Aggregation11
description To_Con_S6520X_BAGG1
port link-type trunk
port trunk permit vlan 1 100
link-aggregation mode dynamic
#Step-6_静态路由配置:
ip route-static 0.0.0.0 0 X.X.X.X description To_DefaultRoute#Step-7_ACL配置:
acl advanced name 3000
rule 5 permit ip source X.X.X.X 0
rule 5 comment For_Device_Manage_Server
acl advanced name 3001
rule 5 permit ip source X.X.X.X 0
rule 5 comment For_eSight_Server#Step-8_本地账号配置:
local-user admin
password simple Admin@123
service-type ssh
authorization-attribute user-role network-admin
quit
#Step-9_SSH配置:
ssh server enable
ssh server acl 3000
public-key local create rsa
y
2048
#
ssh user admin service-type all authentication-type password
#Step-10_终端登录,Console配置:
line aux 0
authentication-mode password
set authentication password simple Admin@123
screen-length 0
idle-timeout 10 0
#Step-11_终端登录,VTY配置:
line vty 0 4
authentication-mode scheme
protocol inbound ssh
screen-length 0
idle-timeout 10 0
#Step-12_网络管理协议SNMP配置:
snmp-agent
snmp-agent community read simple SNMP@Read mib-view view_all acl 3001
snmp-agent community write simple SNMP@Write mib-view view_all acl 3001
snmp-agent sys-info location XXXX
snmp-agent sys-info version v2c
snmp-agent mib-view included view_all iso
snmp-agent trap enable
snmp-agent target-host trap address udp-domain X.X.X.X params securityname Trap@Auth v2c
#Step-13_NTP时钟配置:
clock timezone BeiJing add 08:00:00ntp-service unicast-server X.X.X.X source Vlan-interface100#Step-14_日志主机配置:
info-center enable
info-center loghost source Vlan-interface100
info-center loghost X.X.X.X facility local6
#Step-15_生成树配置(可选):
stp global enable
#默认开启
stp instance 0 priority 0
#此命令适用于核心交换机,手动指定核心交换机为根
interface Bridge-Aggregation1
stp edged-port
stp port bpdu-filter enable
说明:
1、上联防火墙的端口开启边缘端口;
边缘端口快速进入转发状态;
边缘端口的UP/DOWN不会导致交换机发送TCN/TC BPDU,增强STP网络的稳定性;
2、上联防火墙的端口开启BPDU过滤;
配置为边缘端口后,端口仍然会发送BPDU报文,这可能导致BPDU报文发送到其他网络,引起其他网络产生震荡。
因此可以配置边缘端口的BPDU报文过滤功能,使边缘端口不处理、不发送BPDU报文。
#Step-16_保存配置:
Return
#
Save force
补充:
开启设备的ICMP超时报文的发送功能
ip ttl-expires enable
【缺省情况】ICMP超时报文发送功能处于关闭状态。
开启设备的ICMP目的不可达报文的发送功能——H3C
ip unreachables enable
【缺省情况】ICMP目的不可达报文发送功能处于关闭状态。
Huawei设备默认开启;
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
