华为3com配置命令
交换机命令 super password ;修改特权用户密码sysname ;交换机命名
interface ethernet 0/1 ;进入接口视图
interface vlan x ;进入接口视图
ip address 10.65.1.1 255.255.0.0 ;配置VLAN的IP地址
ip route-static 0.0.0.0 0.0.0.0 10.65.1.2 ;静态路由=网关
user-interface vty 0 4 ;进入虚拟终端
authentication-mode password ;设置口令模式
set authentication-mode password simple 222;设置口令
user privilege level 3 ;用户级别
duplex {half|full|auto} ;配置端口工作状态
speed {10|100|auto} ;配置端口工作速率
flow-control ;配置端口流控
mdi {across|auto|normal} ;配置端口平接扭接
port link-type {trunk|access|hybrid} ;设置端口工作模式
undo shutdown ;激活端口
quit ;退出系统视图
vlan 3 ;创建VLAN
port ethernet 0/1 to ethernet 0/4 ;在VLAN中增加端口
port access vlan 3 ;当前端口加入到VLAN
port trunk permit vlan {ID|All} ;设trunk允许的VLAN
port trunk pvid vlan 3 ;设置trunk端口的PVID
monitor-port <interface_type interface_num> ;指定镜像端口
port mirror <interface_type interface_num> ;指定被镜像端口
port mirror int_list observing-port int_type int_num ;指定镜像和被镜像
description string ;指定VLAN描述字符
description ;删除VLAN描述字符
display vlan ;查看VLAN设置
stp {enable|disable} ;设置生成树,默认关闭
stp priority 4096 ;设置交换机的优先级
stp root {primary|secondary} ;设置为根或根的备份
stp cost 200 ;设置交换机端口的花费
isolate-user-vlan enable ;设置主vlan
Isolate-user-vlan <x> secondary <list> ;设置主vlan包括的子vlan
port hybrid pvid vlan <id> ;设置vlan的pvid
port hybrid pvid ;删除vlan的pvid
port hybrid vlan vlan_id_list untagged ;设置无标识的vlan
如果包的vlan>
所以设置PVID为所属vlan> ----------------------------------------
路由器命令
display version ;显示版本信息
display current-configuration ;显示当前配置
display interfaces ;显示接口信息
display ip route ;显示路由信息
sysname aabbcc ;更改主机名
super passwrod 123456 ;设置口令
interface serial0 ;进入接口
ip address <ip> <mask|mask_len> ;配置端口IP地址
undo shutdown ;激活端口
link-protocol hdlc ;绑定hdlc协议
user-interface vty 0 4
authentication-mode password
set authentication-mode password simple 222
user privilege level 3
quit
debugging hdlc all serial0 ;显示所有信息
debugging hdlc event serial0 ;调试事件信息
debugging hdlc packet serial0 ;显示包的信息
静态路由:
ip route-static <ip><mask>{interface number|nexthop}
例如:
ip route-static 129.1.0.0 16 10.0.0.2
ip route-static 129.1.0.0 255.255.0.0 10.0.0.2
ip route-static 129.1.0.0 16 Serial 2
ip route-static 0.0.0.0 0.0.0.010.0.0.2
动态路由:
rip ;设置动态路由
rip work ;设置工作允许
rip input ;设置入口允许
rip output ;设置出口允许
network 1.0.0.0 ;设置交换路由网络
network all ;设置与所有网络交换
peer ip-address ;
summary ;路由聚合
rip version 1 ;设置工作在版本1
rip version 2 multicast ;设置工作在版本2,多播方式
rip split-horizon ;水平分隔
router> ospf enable ;启动OSPF协议
import-route direct ;引入直联路由
ospf enable area <area_id> ;配置OSPF区域
标准访问列表命令格式如下:
acl <acl-number> ;默认前者顺序匹配。
rule {permit|deny}
例:
acl 10
rule normal permit source 10.0.0.0 0.0.0.255
rule normal deny source any
扩展访问控制列表配置命令
配置TCP/UDP协议的扩展访问列表:
rule {normal|special}{permit|deny}{tcp|udp}source {<ip wild>|any}destination <ip wild>|any}
配置ICMP协议的扩展访问列表:
rule {normal|special}{permit|deny}icmp source {<ip wild>|any]destination {<ip wild>|any]
扩展访问控制列表操作符的含义
equal portnumber ;等于
greater-than portnumber ;大于
less-than portnumber ;小于
not-equal portnumber ;不等
range portnumber1 portnumber2 ;区间
扩展访问控制列表举例
acl 101
rule deny souce any destination any
rule permit icmp source any destination any icmp-type echo
rule permit icmp source any destination any icmp-type echo-reply
acl 102
rule permit ip source 10.0.0.1 0.0.0.0 destination 202.0.0.1 0.0.0.0
rule deny ip source any destination any
acl 103
rule permit tcp source any destination 10.0.0.1 0.0.0.0 destination-port equal ftp
rule permit tcp source any destination 10.0.0.2 0.0.0.0 destination-port equal www
firewall enable
firewall default permit|deny
int e0
firewall packet-filter 101 inbound|outbound
地址转换配置举例
firewall enable
firewall default permit
acl 101
rule deny ip source any destination any
rule permit ip source 129.38.1.4 0 destination any
rule permit ip source 129.38.1.1 0 destination any
rule permit ip source 129.38.1.2 0 destination any
rule permit ip source 129.38.1.3 0 destination any
acl 102
rule permit tcp source 202.39.2.3 0 destination 202.38.160.1 0
rule permit tcp source any destination 202.38.160.1 0 destination-port great-than
1024
firewall packet-filter 101 inbound
firewall packet-filter 102 inbound
nat address-group 202.38.160.101 202.38.160.103 pool1
acl 1
rule permit source 10.110.10.0 0.0.0.255
rule deny source any
int serial 0
nat outbound 1 address-group pool1
nat server global 202.38.160.101 inside 10.110.10.1 ftp tcp
nat server global 202.38.160.102 inside 10.110.10.2 www tcp
nat server global 202.38.160.102 8080 inside 10.110.10.3 www tcp
nat server global 202.38.160.103 inside 10.110.10.4 smtp udp
PPP验证:
主验方:pap|chap
local-user u2 password {simple|cipher} aaa
interface serial 0
ppp authentication-mode {pap|chap}
ppp chap user u1 //pap时,不用此句
pap被验方:
interface serial 0
ppp pap local-user u2 password {simple|cipher} aaa
chap被验方:
interface serial 0
ppp chap user u1
local-user u2 password {simple|cipher} aaa
页:
[1]