H3C switches are connected from the core backbone to the edge, and hundreds of products of more than 10 series have all passed the test and certification of authoritative departments such as China Ministry of Information Industry, Tolly Group, Metropolitan Ethernet Forum and IPv6 Ready. I have compiled a complete set of H3C switch configuration commands for you, hoping to help you.
First, user configuration:
System view
[H3C] Super Password H3C sets the user's hierarchical password.
[H3C] Undo Super Password Delete the user's hierarchical password.
[h3c] Lots of local users 123456 1 Web network management user settings, 1 (default) is the administrative user, and the default is admin, admin.
[H3C] Cancel the local user bigheap and delete the Web network management user.
[H3C] The user interface aux 0 only supports 0.
[H3C-AUX] Idle-timeout 2 50 sets the timeout to 2 minutes and 50 seconds. If it is 0, it means there is no timeout, and the default is 5 minutes.
[H3C Auxiliary] Cancel the idle timeout and restore the default value.
[H3C] The user interface vty 0 only supports 0 and 1.
[H3C-VTY] Idle-timeout 2 50 sets the timeout to 2 minutes and 50 seconds. If it is 0, it means there is no timeout, and the default is 5 minutes.
[H3C-vty] Cancel the idle timeout and restore the default value.
[h3c-vty] Set authentication password 123456 To set telnet password, it must be set.
[h3c-vty] Unset the authentication password Cancel the password.
[H3C] Display User Display User.
[H3C] Display User Interface Displays the user interface status.
2. System IP configuration:
[H3C] Virtual Local Area Network 20
[H3C] management -vlan 20
[H3C] Interface vlan- Interface 20 creates and enters the management VLAN.
[h3c] Cancel the interface VLAN- Interface 20 deletes the management VLAN interface.
[H3C-VLAN- interface 20] IP address192.168.1.2 255.255.0 Configure the static IP address of the management VLAN interface (default is192.168.0
[h3c-VLAN- Interface 20] Cancel IP address Delete IP address.
[h3c-VLAN- interface 20] IP gateway 192. 168. 1 specifies the default gateway (no gateway address by default).
[H3C-Vlan- interface 20] Cancel the ip gateway
[H3C-Vlan- interface 20]shutdown closes the interface.
[h3c-VLAN- Interface 20] Shutdown cancellation has been opened.
[H3C]display ip displays information about managing VLAN interface ip.
[h3c] Display interface VLAN- Interface 20 View interface information of management VLAN.
Debugging ip enables IP debugging.
Undo debugging ip
3.DHCP client configuration:
[h3c-VLAN- interface 20] IP address dhcp-alloc management VLAN interface obtains IP address through dhcp.
[h3c-VLAN- Interface 20] Revocation of IP address DHCP-alloc has been cancelled.
[H3C]display dhcp displays dhcp customer information.
Debugging dhcp-alloc turns on the dhcp debugging function.
Cancel debugging dhcp-alloc
Four. Port configuration:
[H3C] Interface Ethernet 0/3
[H3C Ethernet 0/3] Shutdown
[h3c-Ethernet 0/3] Speed 100, which can be 10, 1000, 1000, automatic (default).
[H3C- Ethernet 0/3] Full duplex, which can be half duplex, full duplex and automatic (default) optical port, cannot be configured after convergence.
[H3C Ethernet 0/3] Flow Control Turn on flow control, which is off by default.
[h3c-ethernet0/3] Broadcast Suppression 20 sets the percentage of broadcast suppression to 20%, which can be 5 10/0,20, 100, and the default is 100. Multicast and unknown unicast are also affected by this.
[h3c- Ethernet 0/3] Loopback Inner Loop Test
[h3c-Ethernet 0/3] The loopback outer loop test needs to insert the self-loop header, which must be in full-duplex or self-negotiation mode.
[h3c-ethernet0/3] portlink-type trunk sets the link type to trunk, which can be access (default) or trunk.
[h3c-Ethernet 0/3] Port trunk PVID VLAN 20 is set to 20 as the default VLAN of this trunk, and the default is 1.
(PVID at both ends of trunk line must be consistent)
[h3c-Ethernet 0/3] Port Access VLAN 20 adds the current access port to the specified VLAN.
[h3c-Ethernet 0/3] port trunk permit VLAN all allows all VLANs to pass through the current trunk port, and this command can be used multiple times.
[H3C- Ethernet 0/3]mdi automatically sets the Ethernet port to automatic monitoring, and the normal (default) is a straight line, and the intersection is a cross line.
[h3c] Link-aggregation Ethernet 0/1 to Ethernet 0/4 Add port 1-4 to the aggregation group, with port1as the main port, and both ends need to be configured at the same time. Ports with port mirroring and port isolation cannot be aggregated.
[h3c] Cancel link aggregation Ethernet 0/ 1 Delete aggregation group.
[h3c] The link aggregation mode is configured with port aggregation mode at the exit, and the load is shared according to the destination MAC address, which can be the entrance, the exit and both, and the default is both.
[H3C]monitor-port Ethernet 0/2 sets this port as a mirror port, and the mirror port must be set first. When deleting, the mirror port must be deleted first, not in the same port. This port cannot be in an aggregation group. When setting a new mirror port, the new port will replace the old port and the mirror will remain unchanged.
[h3c] Mirror-Ports Ethernet 0/3 to Ethernet 0/4 all set ports 3 and 4 as mirror ports, which are used to monitor the received and sent messages. Inbound means monitoring only the received messages, while outbound means monitoring only the sent messages.
[H3C] display mirror
[H3C] Display interface Ethernet 0/3
Reset the counter to clear the statistics of all ports.
[h3c] displaylink-aggregation Ethernet 0/3 displays port aggregation information.
[h3c-Ethernet 0/3] Virtual cable test diagnoses the circuit condition of this port.
Verb (abbreviation for verb) VLAN configuration:
[H3C] Virtual LAN 2
[H3C]undo vlan all deletes all vlans except the default VLAN, which cannot be deleted by default.
[h3c-VLAN2] Ports Ethernet 0/4 to Ethernet 0/7 Add ports 4 to 7 to VLAN2. This command can only be used to add access ports, not trunk or mixed ports.
[H3C-vlan 2] Port isolation enables the port isolation function of VLAN to be enabled. This function cannot be forwarded at Layer 2, so it is not enabled by default.
[h3c-Ethernet 0/4] port isolation uplink port VLAN2 is set to 4, which is used as the isolation uplink port of VLAN 2 to forward layer 2 data. Only one uplink port can be configured. If it is a trunk, it is recommended to allow all VLANs to pass, and isolation cannot be configured at the same time as convergence.
[H3C] Show all VLANs Show details of all VLANs.
S 1550E supports port-based VLAN, which is realized by creating different user groups. A port can belong to multiple user groups. Ports that do not belong to the same user group cannot communicate with each other. Up to 50 user groups are supported.
[H3C] User group 20 Create user group 20, and by default only user group 1 exists.
[h3c- User Group 20] Ports Ethernet 0/4 to Ethernet 0/7 Add ports 4 to 7 to VLAN20, which originally belonged to user group 1.
[H3C] Displaying the user group 20 displays information about the user group 20.
Cluster configuration of intransitive verbs:
S2 100 can only join the cluster as a member switch. After joining, the system name is changed to "cluster name _ member number, original system name" format.
The plug-and-play function is realized through two functions: cluster management protocol MAC multicast address negotiation and management VLAN negotiation.
[H3C] Cluster Enabling Enables the cluster feature, which is enabled by default.
[H3C] Cluster enters the cluster view.
[h3c-cluster] Administrator-Address h-h-h Name Switch h-h-h is the MAC of the command switch to join the switch cluster.
[switch _ 1.h3c-cluster] Cancel the administrator address to exit the cluster.
[H3C] Display Cluster Displays cluster information.
[H3C] Management -vlan 2 cluster messages can only be forwarded in the management vlan, and the same cluster must be in the same management VLAN, and the management VLAN must be specified before the cluster is established.
Debugging cluster
Seven. QoS configuration:
QoS configuration steps: set port priority, set priority mode of switch trust message, queue scheduling and port speed limit.
[H3C- Ethernet 0/3] Priority 7 sets the port priority to 7, and the default is 0.
[h3c] priority-trustcos sets the priority of the switch trust message to cos(802. 1p priority, the default value), or it can be set to dscp mode (dscp priority mode).
[H3C] The queue scheduler hq-wrr 2 4 6 8 sets the queue scheduling algorithm to hq-wrr (wrr by default) with weights of 2, 4, 6 and 8.
[h3c-Ethernet 0/3] The line rate inbound 29 limits the port entry rate to 2Mbps. When 1-28 is taken, the rate is *8* 1024/ 125, that is, 64, 128, 198. 29- 127, the rate is (rate -27)* 1024, that is, 2M, 3M, 4M... 100M, and it can continue to be won in Gigabit, at 128-240, the rate is (rate
[H3C]display queue-scheduler displays the queue scheduling mode and parameters.
[H3C]display priority-trust shows priority trust mode.
Eight. System management:
[h3c] MAC address black hole H-H-H VLAN 1 Add black hole MAC to VLAN 1.
[h3c] mac address static H-H-H interface Ethernet 0/ 1 VLAN 1 Add a port 1 to VLAN 1 mac.
[H3C]mac address timer aging 500 sets the aging time of the mac address table to 500 seconds.
[H3C] display mac address
[H3C] display arp
[h3c] MAC-address port-binding H-H-H interface Ethernet 0/ 1 VLAN 1 configuration port binding.
[H3C] display mac address port binding
[H3C] Displays the saved configuration.
[H3C] Displays the current configuration.
rescue
[H3C]restore default restores the factory default configuration of the switch, which will not take effect until it is restarted.
[H3C] Display version
restart
[H3C] display device
[H3C]sysname bigheap
[H3C] The information center enables the system log function, which is enabled by default.
[h3c] Info-center log host IP192.168.0.3 To output information to the designated log host (UNIX or LINUX only, excluding Windows), you need to turn on the log function first, and turn it off by default.
[H3C] Information Center Log Host Level 8 sets the system log level to 8, and the default value is 5. Grade description: 1. Emergency 2. Alert 3. Critical 4. Error 5. Warning 6. Notice 7. Message 8. Debugging.
Terminal debugging enables the console to display debugging information. The default console is disabled.
Terminal logging enables the console to display log information, and the default console is enabled.
Terminal traps enable the console to display alarm information, and the default console is enabled.
[H3C] The display information center displays the configuration of the system log and the information recorded in the buffer.
[H3C]display logbuffer displays the specified amount of log information recently recorded in the log buffer.
[H3C]display trapbuffer displays the specified number of log information recently recorded in the alarm buffer.
Resetting the log buffer clears the information in the log buffer.
Reset trapbuffer to clear the information in alarm buffer.
Nine. Network protocol configuration:
NDP is a neighbor discovery protocol. S 1550E can only turn NDP on or off and cannot be configured. The default effective retention time is 180 seconds, and the interval between sending NDP messages is 60 seconds.
[H3C] By default, ndp enablement is turned on.
[H3C Ethernet 0/3] By default, ndp enablement is turned on.
[H3C]display ndp displays ndp configuration information.
[h3c] display NDP interface Ethernet 0/ 1 displays the neighbor information discovered by NDP on the specified port.
Debugging ndp interface Ethernet 0/ 1
HABP protocol, Huawei authentication bypass protocol, is used to solve the problem that when 802. 1x and HGMPv 1/v2 are configured on the switch at the same time, the HGMP message will be filtered on the unauthorized and authenticated ports, resulting in the management equipment being unable to manage the downloader switch. After the switch starts HABP, 802+438+0x authentication will be ignored.
HABP includes server and client. The server sends the request regularly, and the client replies and forwards it downwards. The server is usually started on the management device, and the client is started on the downloader. 1550E only supports clients.
[H3C】HABP enables the HABP function, which starts by default, and defaults to client mode after starting.
Debugging HABP starts habp debugging function.
NTDP is a neighbor topology discovery protocol, which is used to collect network topology information. It uses NDP protocol for cluster management. The configuration of S 1550E mainly includes on-off function and on-off debugging function.
[H3C] By default, ntdp enablement is turned on.
[H3C Ethernet 0/3] By default, ntdp is enabled.
Debugging ntdp
X.SNMP configuration:
S 1550E supports SNMPV 1 and SNMPV2C. The main configuration includes: setting community name, setting system information, setting trap target host address, allowing or prohibiting sending traps, and prohibiting SNMP agents from running.
[h3c]SNMP- proxy community read bigheap sets up a lot of communities and has read-only access.
[h3c] SNMP-agentmax-size 1600 sets the maximum SNMP message packet that the agent can accept/send as1600 bytes, and the default is 1500 bytes.
[h3c] r & ampagentsys-info contact information # 27345 Location Diqiu version v2c sets system information, version V2C, and the default contact information is "r & Greater Hangzhou, H3C Technology Co., Ltd. ",located in" Hangzhou, China ",v2c version.
[H3C]undo snmp-agent prohibits running snmp agent, and it will be restarted if any SNMP command is configured.
[H3C] display snmp agent community reader
[H3C] displays the contact person of snmp agent system information.
[H3C] Displays the location of snmp agent system information.
[H3C] Displays the snmp agent system information version.
Debugging snmp agent packets | process
Xi。 IGMP listening configuration:
IGMP snooping is a multicast constraint mechanism running on Layer 2 switches, which is used to manage and control multicast groups. It is mainly responsible for establishing and maintaining the Layer 2 MAC address table, and forwarding multicast messages sent by the router according to the established multicast address table. If IGMP listening is not running, multicast messages will be broadcast in the Layer 2 network.
The configuration of IGMP monitoring includes: starting and closing IGMP monitoring, configuring router port aging time, configuring maximum query response time, configuring multicast group member port aging time, configuring port quick departure and debugging functions.
[H3C]igmp-snooping enables the igmp listening function, which is turned off by default.
[h3c] igmp-snooping router-aging-time 500 The configured router port aging time is 500s, and the default is 105s.
[h3c] igmp-snooping max-response-time15 The maximum response query time is 15s, and the default is 10s.
[h3c] igmp-snooping host-aging-time300 configures the aging time of multicast group member ports to be 300s, and the default is 260s.
[h3c-Ethernet 0/3] igmp-snooping quick leave is configured as quick leave. If you receive a leave message, the port will be deleted immediately without asking.
[h3c] display igmp-snooping configuration displays configuration information.
[h3c] display igmp-snooping statistics displays package statistics.
[h3c] display igmp-snooping group VLAN2 displays the information of IP multicast group and MAC multicast group in VLAN2.
Resetting igmp-snooping statistics is about clearing statistics.
Debugging igmp listening
Twelve. System debugging:
Debug All Turn on all debugging switches. This command is a protocol debugging switch.
Terminal debugging terminal debugging switch, open the switch, and close it by default.
Debugging drv mainly displays the actual content of the message and is turned off by default.
[H3C] Display Debugging Displays the status of the debug switch.
Thirteen. 802. 1x configuration:
[H3C- Ethernet 0/3]dot 1x turns on the 802. 1x function, which can also be used in the system view. After use, it can be turned on globally, or the 802. 1x feature of the specified port can be turned on with the interface parameter, which is completely turned off by default. To enable 802. 1x, both the global and the port should be open.
[h3c-ethernet0/3] dot 1xport-controlunauthorized-force sets the working mode to forced unauthorized mode, and the usage mode is the same as that of the dot1x command. The default is auto, that is, it can only be accessed after authentication, and authorized-force, which is a compulsory authorization mode and allows users to access.
[h3c-ethernet0/3] dot 1xport-method port based sets the access control mode to port-based, and the usage mode is the same as that of the dot1x command. The default is macbase, which is based on MAC address.
[h3c-Ethernet 0/3] dot 1xmax-user 10 sets the maximum number of users accessing the port to10, which is used in the same way as the dot1x command. The default value is 128, and the value range is/kloc-0.
[h3c] dot1x authentication-method EAP sets the user authentication method of 802. 1x as EAP, that is, EAP relay, and sends it directly to the server through EAP datagram, which requires the support of the server.
[h3c-Ethernet 0/3] dot 1x reauthentication turns on the 802. 1x reauthentication function, which enables the switch to authenticate periodically at a specific time interval. The usage mode is the same as the dot 1x command, and all ports are closed by default.
[h3c] dot 1xtimer handshake -period 20 reauth-period 7200 silent period 30tx-period 20supp-timeout 20server-timeout 200 Set a timer for 802. 1x authentication. Handshake-period means that after successful authentication, the system sends a handshake request message at this interval (equivalent to the keepalive message sending interval), 1- 1024s, and the default is 15s.
Reauth-period is the revalidation timeout timer, 1-86400 seconds, and the default value is 3600 seconds.
Silent period is a silent timer after user authentication fails. Authentication will be processed after mute. 10- 120s, the default is 60s.
Tx-period is the transmission timeout timer. If the requester fails to send the authentication reply message, it will resend the authentication request. 10- 120s, the default is 30s.
Supp-timeout is an authentication timeout timer. If the requester fails to respond successfully, it will resend the authentication request, 10- 120s, and the default value is 30s.
Server-timeout is a timeout timer for unsuccessful server response, 100-300s, and the default value is 100s.
Reset dot 1x statistics and clear 802. 1x statistics.
[h3c] displaydot1x statistics displays the configuration, operation and statistics of 802.1x.
Debugging dot 1x opens the debugging information of 802. 1x related modules.
Fourteen RADIUS configuration:
[H3C] The radius scheme system enters the system scheme, and its value is the default value. 1550E only supports the default scheme.
[h3c-RADIUS-system] Master authentication10.10.1.1812 Set the RADIUS server address and UDP port number. By default, the server IP address in the system scheme is empty, and the UDP port number is 65438.
[h3c-RADIUS-System] Key authentication 123 means RADIUS encryption * * The shared key is 123, and there is no * * * shared key by default.
[h3c-RADIUS-System] timer10 Set the response timeout timer of RADIUS server, 1- 10s, which is 5s by default.
[h3c-RADIUS-System] Retry 10 Set the maximum number of response retries of the RADIUS server to10 and 1-20 times, and the default value is 5 times.
[H3C] Display radius Display radius scheme information.
Debugging radius packets Turn on the radius message debugging switch.
;