为了方便H3C网络设备的配置特建立此文档方便大家参考
工具/原料
H3C交换机
交换机初始化基本配置
1、sysname交换机名字superpasswordlevel3cipher密码loopback-detectionenableuser-interfaceaux0idle-timeout300user-interfacevty04idle-timeout300
NTP时间同步配置
1、clocktimezoneGMTadd8ntp-serviceunicast-serverNTP服务器IP地址ntpsource-interfaceLoopBack0(三层交换机,存在Loopback口时)
2、外网可用NTP服务器202.120.2.101
SSH服务配置
1、ComwareV3Platformaclnumber2000rule1permitsource192.168.0.10//允许192.168.0.1登录rule50denyrsalocal-key-paircreateuser-interfacevty04acl2000inboundprotocolinboundsshsshuseradminauthentication-typepassword//允许admin用户进行ssh登录
2、ComwareV5Platformaclnumber2000rule1permitsource192.168.0.10//允许192.168.0.1登录rule50denypublic-keylocalcreatersasshserverenableuser-interfacevty04acl2000inboundprotocolinboundsshsshuseradminservice-typeallauthentication-typepassword//允许admin用户进行ssh登录
AAA认证配置
1、ComwareV3Platforml艺皱麾酪ocal-useradminpasswordcipher*****service-墉掠载牿typesshtelnetterminallevel3hwtacacsschemeacsprimaryauthentication*****primaryauthorization*****primaryaccounting*****keyauthentication*****keyauthorization*****keyaccounting*****user-name-formatwithout-domaindomainacsschemehwtacacs-schemeacslocaldomaindefaultenableacsuser-interfaceaux0authentication-modeschemecommand-authorizationaccountingcommandsschemeuser-interfacevty04authentication-modeschemecommand-authorizationaccountingcommandsscheme
2、ComwareV5Platforml艺皱麾酪ocal-userhuanglypasswordcipher*****author足毂忍珩ization-attributelevel3service-typesshtelnetterminalhwtacacsschemeacskeyauthentication*****keyauthorization*****keyaccounting*****domainacsauthenticationdefaulthwtacacs-schemeacslocalauthorizationdefaulthwtacacs-schemeacslocalaccountingdefaulthwtacacs-schemeacslocaldomaindefaultenableacsuser-interfaceaux08authentication-modeschemecommandauthorizationcommandaccountinguser-interfacevty04authentication-modeschemecommandauthorizationcommandaccounting
SNMP服务配置
1、SNMPv2snmp-agentsnmp-agentcommunityread*******snmp-agentsys-infoversionall
2、SNMPv3snmp-agentsnmp-agentsys-infoversionv3snmp-agentgroupv3*******privacysnmp-agentusm-userv3admin*******authentication-modemd5*******privacy-modedes56*******
Syslog服务配置
1、info-centerlogbuffersize1024info-centerloghost********info-centerloghostsourceLoopBack0(三层交换机,存在Loopback口时)
广播/组播风暴抑制
1、连接终端接口interfaceEthernet1/0/1broadcast-suppressionbps64multicast-suppressionbps64
2、级联口/Trunk口interfaceGigabitEthernet1/0/1broadcast-suppression5multicast-suppression5
端口安全
1、interfaceEthernet1/0/1portlink-typeaccessport-securityenableport-securitytimerdisableport30InterfaceEthernet1/0/1port-securitymax-mac-count1port-securityintrusion-modeblockmacport-securityport-modeautolearn
静态ARP绑定
1、arpstatic192.168.10.470024-8117-4ce3
2、终端接口速率限制arprate-limitrate50drop
3、级联口/Trunk口速率限制arprate-limitrate300drop
生成树相关
1、MSTstpenablestpmodemstpstp水瑞侮瑜bpdu-protectionstpre爿讥旌护gion-configurationregion-name***instance1vlan53to60127revision-level1activeregion-configurationstpinstance0rootprimary(适用于主根)stpinstance1rootprimary(适用于备根)stpinstance0rootsecondary(适用于主根)stpinstance1rootsecondary(适用于备根)
2、启用边缘端口(功能同PortFast)interfaceEthernet1/0/1stpedged-portenable
VRRP
1、interfaceVlan-interface1ipaddress192.168.0.254255.255.255.0vrrpvrid1virtual-ip192.168.0.254vrrpvrid1preempt-modevrrpvrid1priority110(VRRP主)vrrpvrid1trackinterfaceGigabitEthernet1/0/28reduced20
Port-Channel(LACP)
1、omwareV3Platfo筠续师诈rmlink-aggregationgroup1modestaticlink-aggregat足毂忍珩iongroup1descriptionLACP_to_CL-MYL-S3100-2X-1inte1/0/21portlink-typetrunkporttrunkpermitvlanalllacpenableportlink-aggregationgroup1inte1/0/22portlink-typetrunkporttrunkpermitvlanalllacpenableportlink-aggregationgroup1
2、ComwareV5Platforml坡纠课柩ink-aggregationload-sharingmodedest足毂忍珩ination-ipsource-ipinterfaceBridge-Aggregation1portlink-typetrunkporttrunkpermitvlanallinterfaceGigabitEthernet1/0/22portlink-typetrunkporttrunkpermitvlanallportlink-aggregationgroup1interfaceGigabitEthernet1/0/24portlink-typetrunkporttrunkpermitvlanallportlink-aggregationgroup1
光口复用
1、comboenablefiber
