H3C路由器配置命令

H3C路由器配置命令

一、路由器基本配置命令

1、system-view 进入系统视图模式

2、sysname R1 为设备命名为R

3、display ip routing-table 显示当前路由表

4、language-mode Chinese|English 中英文切换

5、interface Ethernet 0/0 进入以太网端口视图

7、undo shutdown 打开以太网端口

8、shutdown 关闭以太网端口

9、quit 退出当前视图模式

description 配置静态路由

11、ip route-static 0.0.0description 配置默认的路由

基本配置案例

[Quidway]display version 显示版本信息

[Quidway]display current-configuration 显示当前配置

[Quidway]display interfaces 显示接口信息

[Quidway]display ip route 显示路由信息

[Quidway]sysname aabbcc 更改主机名

[Quidway]super passwrod 123456 设置口令？

[Quidway]interface serial0 进入接口

[Quidway-serial0]ip address

[Quidway-serial0]undo shutdown 激活端口

[Quidway]link-protocol hdlc 绑定hdlc协议

[Quidway]user-interface vty 0 4

[Quidway-ui-vty0-4]authentication-mode password

[Quidway-ui-vty0-4]set authentication-mode password simple 2

[Quidway-ui-vty0-4]user privilege level 3

[Quidway-ui-vty0-4]quit

[Quidway]debugging hdlc all serial0 显示所有信息

[Quidway]debugging hdlc event serial0 调试事件信息

[Quidway]debugging hdlc packet serial0 显示包的信息

静态路由配置案例：

[Quidway]ip route-static {interface number|nexthop}[value][reject|blackhole]

例如：

10.0.0.

动态路由配置案例（RIP）：

[Quidway]rip

[Quidway]rip work

[Quidway]rip input

[Quidway]rip output

[Quidway-rip]n可以all

[Quidway-rip]peer ip-address

[Quidway-rip]summary

[Quidway]rip version

[Quidway]rip version 2 multicast

[Quidway-Ethernet0]rip split-horizon ;水平分隔

动态路由配置案例（OSPF）：

[Quidwa配置路由器的ID

[Quidway]ospf enable 启动OSPF协议

[Quidway-ospf]import-route direct 引入直联路由

[Quidway-Serial0]ospf enable area 配置OSPF区域

标准访问列表命令格式如下：

acl [match-order config|auto] 默认前者顺序匹配。

rule [normal|special]{permit|deny} [source source-addr source-wildcard|any]

例：

[Quidway]acl 10

[Quidway-acl-10]rule normal permit source 10.0.0

[Quidway-acl-10]rule normal deny source any

二、ACL配置

扩展访问控制列表配置命令

1.配置TCP/UDP协议的扩展访问列表：

rule {normal|special}{permit|deny}{tcp|udp}source {|any}destination |any}

[operate]

2.配置ICMP协议的扩展访问列表：

rule {normal|special}{permit|deny}icmp source {|any]destination {wild>|any]

[icmp-code] [logging]

扩展访问控制列表操作符的含义

equal portnumber 等于

greater-than portnumber 大于

less-than portnumber 小于

not-equal portnumber 不等

range portnumber1 portnumber 区间

3.扩展访问控制列表案例

[Quidway]acl 10

[Quidway-acl-101]rule deny souce any destination any

[Quidway-acl-101]rule permit icmp source any destination any icmp-type echo

[Quidway-acl-101]rule permit icmp source any destination any icmp-type

echo-reply

[Quidway]acl 10

[Quidway-acl-102]rule permit ip source 10.0.0

[Quidway-acl-102]rule deny ip source any destination any

[Quidway]acl 103

[Quidway-acl-103]rule permit tcp source any destination destination-port equal www

[Quidway]firewall enable

[Quidway]firewall default permit|deny

[Quidway]int e0

[Quidway-Ethernet0]firewall packet-filter 101 inbound|outbound

4. NAT的配置

地址转换配置案例

[Quidway]firewall enable

[Quidway]firewall default permit

[Quidway]acl 10

[Quidway-acl-101]rule deny ip source any destination any

[Quidway]acl 10

1024

[Quidway-Ethernet0]firewall packet-filter 101 inbound

[Quidway-Serial0]firewall packet-filter 102 inbound

[Quidway]acl

[Quidway-acl-1]rule deny source any

[Quidway-acl-1]int serial 0

[Quidway-Serial0]nat outbound 1 address-group pool

5. PPP验证配置：

主验方：pap|chap

[Quidway]local-user u2 password {simple|cipher} aaa

[Quidway]interface serial 0

[Quidway-serial0]ppp authentication-mode {pap|chap}

[Quidway-serial0]ppp chap user u1 //pap时，不用此句

pap被验方：

[Quidway]interface serial 0

[Quidway-serial0]ppp pap local-user u2 password {simple|cipher} aaa

chap被验方：

[Quidway]interface serial 0

[Quidway-serial0]ppp chap user u1 ？

[Quidway-serial0]local-user u2 password {simple|cipher} aaa

ospf

[R2-ospf-1]area 1

[R3-ospf-1]area 1

ppp pap

[R2]local-user r3

[R2-luser-r3]password simple 123

[R2-luser-r3]service-type ppp

[R2-luser-r3]int s 0/2/0

[R2-Serial0/2/0]ppp authentication-mode pap

[R3]int s 0/2/0

[R3-Serial0/2/0]ppp pap local-user r3 password simple 123

dhcp

[R2]dhcp enable

[R2]dhcp server ip-pool 1

[R2-dhcp-pool-1]expired day 3

[R3]dhcp enable

[R3]dhcp server ip-pool 0

[R3-dhcp-pool-0]expired day 3

telnet

[R3]telnet server enable

[R3]user-interface vty 0 4

[R3-ui-vty0-4]authentication-mode scheme

[R3-ui-vty0-4]set authentication password simple 123

[R3-ui-vty0-4]user privilege level 3

[R3-ui-vty0-4]quit

[R3]local-user r3

[R3-luser-r3]password simple 123

[R3-luser-r3]service-type telnet

[R2]telnet server enable

[R2]user-interface vty 0 4

[R2-ui-vty0-4]authentication-mode scheme

[R2-ui-vty0-4]set authentication password simple 123

[R2-ui-vty0-4]user privilege level 3

[R2-ui-vty0-4]quit

[R2]local-user r2

[R2-luser-r2]password simple 123

[R2-luser-r2]service-type telnet

acl

阻止R2 telnet R3

[R3]firewall enable

[R3]acl number 3000

[R3-acl-adv-3000]int s 0/2/0

[R3-Serial0/2/0]firewall packet-filter 3000 inbound

[R3-Serial0/2/0]quit

阻止 SW3 telnet R2

[R2]acl number 3000

[R2-acl-adv-3000]quit

[R2]int vlan 3

[R2-Vlan-interface3]fir

[R2-Vlan-interface3]firewall p

[R2-Vlan-interface3]firewall packet-filter 3000 in

[R2-Vlan-interface3]firewall packet-filter 3000 inbound

[R2-Vlan-interface3]quit

[R2]quit

交换机

[SW1]super password simple 123

[SW1]user-interface vty 0 4

[SW1-ui-vty0-4]authentication-mode password

[SW1-ui-vty0-4]set authentication password simple 123

[SW1-ui-vty0-4]user privilege level 3

端口安全

[SW1]interface e 0/4/1

[SW1-Ethernet0/4/1]port-security max-mac-count 10

[SW1-Ethernet0/4/1]port-security port-mode autolearn

[SW1-Ethernet0/4/1]port-security intrusion-mode disableport-temporarily

端口绑定

[SW3]int e 0/4/4

vlan配置（交换机与路由器通过vlan通信）

[R2]vlan 2

[R2-vlan2]int

[R2-vlan2]int vlan 2

[R2-Vlan-interface2]vlan 2

[R2-vlan2]port Ethernet 0/4/1

[SW1]vlan 2

[SW1-vlan2]int vlan 2

[SW1-Vlan-interface2]vlan 2

[SW1-vlan2]port Ethernet 0/4/0

[R2]vlan 3

[R2-vlan3]int vlan 3

[R2-Vlan-interface3]vlan 3

[R2-vlan3]port Ethernet 0/4/2

[SW2]vlan 3

[SW2-vlan3]int vlan 3

[SW2-Vlan-interface3]vlan 3

[SW2-vlan3]port Ethernet 0/4/1