最冷酷的H3C，命令基礎你值得擁有

quit

現代網絡交換機用電纜

7、 Trunk鏈路配置

interface GigabitEthernet1/1/3

port link-type trunk

port trunk permit vlan all

quit

動態VLAN （在trunk端口上開啟gvrp）

gvrp

GigabitEthernet1/1/3

gvrp

quit

端口隔離

interface GigabitEthernet 1/0/1

port-isolate enable

quit

interface GigabitEthernet 1/0/2

port-isolate enable

quit

interface GigabitEthernet 1/0/3

port-isolate enable

ACL VLAN之間不能互通 （VLAN2與VLAN3不能互通）

acl number 3000

rule 0 deny ip source 192.168.3.0 0.0.0.255 destination 192.168.2.0 0.0.0.255

rule 1 permit ip

Interface vlan-interface 2

packet-filter inbound ip-group 3000

8、 S3100交換機堆疊

stacking ip-pool 129.10.1.15 3 255.255.255.0

stacking enable

quit

display stacking

9、 3600交換機堆疊

fabric-port GigabitEthernet 1/1/1 enable

fabric-port GigabitEthernet 1/1/2 enable

change self-unit to 1

set unit 1 name unit 1

sysname fabric

irf-fabric authentication-mode simple hello

fabric-port GigabitEthernet 1/1/1 enable

fabric-port GigabitEthernet 1/1/2 enable

change self-unit to 2

set unit 2 name unit 2

sysname fabric

irf-fabric authentication-mode simple hello

display ftm information

display irf-fabric

10、 OSPF簡易配置過程

ospf

area 0

network 192.168.1.0 0.0.0.255

11、 OSPF和RIP路由的雙向引入

ospf

import-route rip

rip

import-route ospf

stp生成樹

stp enable 開啟stp功能

stp root primary 設置此交換機為主根

stp root secondary 設置此交換機為備根

stp bpdu-protection BPDU保護功能

interface Ethernet 0/1

stp root-protection 根保護 配置在主副根交換機所有端口

stp edged-port enable 邊緣端口 建議同時配置BPDU保護 提高STP收斂速度

stp loop-protection 環路保護

DHCP(全局DHCP）

dhcp server ip-pool vlan2

network 192.168.2.0 mask 255.255.255.0

gateway-list 192.168.2.1

dns-list 192.168.4.5

quit

dhcp server forbidden-ip 192.168.2.1

dhcp server ip-pool vlan3

network 192.168.3.0 mask 255.255.255.0

gateway-list 192.168.3.1

dns-list 192.168.4.5

quit

dhcp server forbidden-ip 192.168.3.1

interface vlan-interface 2

dhcp select global

quit

interface vlan-interface 3

dhcp select global

quit

NAT地址轉換

acl number 2001

rule 5 permit source 192.168.10.0 0.0.0.255

rule 10 permit source 192.168.20.0 0.0.0.255

rule 15 permit source 192.168.30.0 0.0.0.255

rule 20 permit source 192.168.40.0 0.0.0.255

rule 25 permit source 192.168.50.0 0.0.0.255

rule 30 deny

nat address-group 1 1.1.1.3 1.1.1.3

interface GigabitEthernet0/0/1

ip address 1.1.1.2 255.255.255.248

nat outbound 2001 address-group 1

端口映射

nat server protocol tcp global 123.1.1.2 inside 192.168.4.5

nat server protocol tcp global 123.1.1.3 inside 192.168.4.6

設置服務器IP,MAC和端口綁定

Am user-bind ip-address 192.168.4.5 mac-address 00e0-fcab-cd11 interface e0/4

Am user-bind ip-address 192.168.4.6 mac-address 0000-0cab-cd12 interface e0/5

閱讀更多 電腦磚家鶴哥哥 的文章

關鍵字: Scheme 編程語言 技術