H3CNE命令实验集

1、H3c NE命令 实验 例图集目录视图2命令行基础4Telnet配置例子6路由器SSH服务配置命令6SSH配置例子7配置文件的操作8配置设备的FTP服务9FTP操作示例9TFTP操作示例10重启和启动10系统调试的操作11VLAN基本配置12STP基本配置14802.1X基本配置16端口隔离基本配置17端口绑定基本配置18链路聚合18DNS20配置路由器作为FTP客户端21配置路由器作为FTP服务器端22DHCP服务器基本配置24DHCP中继配置示例26IPv6地址配置命令27查看设备路由表27VLAN间 路由28RIP基本配置30OSPF基本配置命令34启动包过滤防火墙功能39配置基本ACL

2、40配置高级ACL40网络地址转换43HDLC配置46PPP基本配置47帧中继基本配置命令56ISDN DCC基本配置示例59视图 用户视图设备启动后的缺省视图,可查看启动后基本运行状态和统计信息系统视图配置系统全局通用参数的视图路由协议视图配置路由协议参数的视图 接口视图配置接口参数的视图 用户界面视图配置登陆设备的各个用户属性的视图 命令行基础l 查看历史命令记录 display history-commandl 配置设备名称H3Csysname ? TEXT Host name (1 to 30 characters)l 配置系统时间<H3C>clock datetime ?

3、 TIME Specify the time (HH:MM:SS)l 显示系统时间 <H3C>display clockl 配置欢迎/提示信息H3Cheader ? incoming Specify the banner of the terminal user-interface legal Specify the legal banner login Specify the login authentication banner motd Specify the banner of today shell Specify the session banner l 查看版本信息&

4、lt;H3C>display version <H3C>display current-configurationl 查看当前配置l 显示接口信息<H3C>display interfacel 显示接口IP状态与配置信息<H3C>display ip interface brief l 显示系统运行统计信息<H3C>display diagnostic-information l 配置与网络相连端口的IP地址H3C-ethernet0/0ip address ip-address mask | mask-length l 使能Telnet服

5、务器端功能H3Ctelnet server enablel 进入vty用户界面视图，设置验证方式H3Cuser-interface vty first-num2 last-num2 H3C-ui-vty0authentication-mode none | password | scheme l 设置登录密码和用户级别H3C-ui-vty0set authentication password cipher | simple passwordH3C-ui-vty0user privilege level levell 创建用户、配置密码、设置服务类型、设置用户级别H3Clocal-user u

6、sernameH3C-luser-xxx password cipher | simple passwordH3C-luser-xxx service-type telnetH3C-luser-xxx level levelTelnet配置例子<H3C>system-viewH3Ctelnet server enable H3Cinterface ethernet0/0H3C-ethernet0/0ip address 54 24H3Cuser-interface vty 0H3C-ui-vty0set authentication password ciph

7、er 123456H3C-ui-vty0user privilege level 2用Telnet登录路由器SSH服务配置命令l 使能SSH服务器功能H3C ssh server enableH3C-ui-vty0-4authentication-mode schemeH3C-ui-vty0-4protocol inbound ssh l 配置SSH客户端登录时的用户界面 H3Clocal-user usernameH3C-luser-xxx password cipher | simple passwordH3C-luser-xxx service-type sshH3C-luser-xxx

8、 level levell 配置SSH用户l 生成RSA密钥H3Crsa local-key-pair createl 导出RSA密钥H3Crsa local-key-pair export ssh2 l 销毁RSA密钥H3Crsa local-key-pair destroySSH配置例子H3Crsa local-key-pair createH3Cinterface gigabitethernet0/0H3C-GigabitEthernet0/0ip address 54 H3Cssh server enableH3Cuser-interfa

9、ce vty 0 4H3C-ui-vty0-4authentication-mode schemeH3C-ui-vty0-4protocol inbound sshH3Clocal-user sshclientH3C-luser-sshclientpassword simple abcH3C-luser-sshclientservice-type sshH3C-luser-sshclientlevel 3启动SSH客户端配置文件的操作l 保存配置<H3C>savel 擦除配置<H3C>reset saved-configuration l 设置下次启动的配置文件 <

10、;H3C>startup saved-configuration filename l 备份/恢复下次启动配置文件<H3C>backup startup-configuration to dest-addr filename <H3C>restore startup-configuration from src-addr filename l 查看保存的配置文件<H3C>display saved-configuration l 查看系统启动配置文件<H3C>display startupl 查看当前生效的配置<H3C>disp

11、lay current-configuration l 查看当前视图下生效的配置H3C-ui-vty0display this配置设备的FTP服务H3Cftp server enablel 使能FTP服务器端功能 l 创建用户 H3Clocal-user username H3C-luser-xxxservice-type ftp H3C-luser-xxxpassword cipher | simple password l 设置服务类型及登录密码FTP操作示例C:>ftp Connected to .220 FTP service read

12、y.User (:(none): h3c331 Password required for h3c.Password:230 User logged in.ftp> put config.cfg200 Port command okay.150 Opening ASCII mode data connection for config.cfg.226 Transfer complete.ftp: 发送 1329 字节，用时 0.00Seconds 1329000.00Kbytes/sec.ftp>tftp server-address get | put |

13、sget source-filename destination-filename source interface interface-type interface-number | ip source-ip-address 在设备上使用TFTP服务 <H3C>tftp 0 get config.cfg The file config.cfg exists. Overwrite it? Y/N:y Verifying server file. Deleting the old file, please wait. File will be transferr

14、ed in binary mode Downloading file from remote tftp server, please wait. TFTP: 1329 bytes received in 0 second(s) File downloaded successfully. TFTP操作示例重启和启动l 指定下次启动加载的应用程序文件<H3C>boot-loader file file-urll 显示下次启动加载的应用程序文件<H3C>display boot-loaderl 重启系统<H3C>rebootl 开启设备定时重启功能，并指定重启的具

15、体时间 <H3C>schedule reboot at hh:mm date <H3C>schedule reboot delay hh:mm | mm l 开启设备定时重启功能，并指定重启的等待时延 l 显示设备的重启时间 <H3C>display schedule reboot路由器系统引导过程示例系统调试的操作l 开启控制台对系统信息的监视功能 <H3C>terminal monitorl 打开调试信息的屏幕输出开关 <H3C>terminal debugging l 打开模块调试开关 <H3C>debugging

16、module-name l 显示调试开关<H3C>display debugging VLAN基本配置l 创建VLAN并进入VLAN视图 Switch vlan vlan-idl 将指定端口加入到当前VLAN中Switch-vlan10 port interface-list配置Trunk端口l 配置端口的链路类型为Trunk类型Switch-Ethernet1/0/1 port link-type trunkl 允许指定的VLAN通过当前Trunk端口Switch-Ethernet1/0/1 port trunk permit vlan vlan-id-list | all Sw

17、itch-Ethernet1/0/1 port trunk pvid vlan vlan-idl 设置Trunk端口的缺省VLAN配置Hybrid端口l 配置端口的链路类型为Hybrid类型Switch-Ethernet1/0/1 port link-type hybridSwitch-Ethernet1/0/1 port hybrid vlan vlan-id-list tagged | untagged l 允许指定的VLAN通过当前Hybrid端口Switch-Ethernet1/0/1 port hybrid pvid vlan vlan-idl 设置Hybrid端口的缺省VLANVL

18、AN配置示例SWAvlan 10SWA-vlan10port Ethernet1/0/1SWAvlan 20SWA-vlan20port Ethernet1/0/2SWAinterface Ethernet1/0/24SWA-Ethernet1/0/24port link-type trunk SWA-Ethernet1/0/24port trunk permit vlan 10 20SWBvlan 10SWB-vlan10port Ethernet1/0/1SWBvlan 20SWB-vlan20port Ethernet1/0/2SWBinterface Ethernet1/0/24SWB

19、-Ethernet1/0/24port link-type trunk SWB-Ethernet1/0/24port trunk permit vlan 10 20VLAN显示及维护STP基本配置l 开启设备STP特性Switch stp enablel 关闭端口的STP特性Switch-Ethernet1/0/1 stp disablel 配置STP的工作模式 Switch stp mode stp | rstp | mstp Switch stp instance instance-id priority priorityl 配置当前设备的优先级 Switch-Ethernet1/0/1

20、stp edged-port enablel 配置端口为边缘端口 STP配置示例SWCstp enableSWCinterface Ethernet 1/0/1SWC-Ethernet1/0/1 stp edged-port enableSWBstp enableSWBstp priority 4096SWAstp enableSWAstp priority 0 STP监控与维护802.1X基本配置l 开启全局的802.1X特性Switch dot1xl 开启端口的802.1X特性Switch dot1x interface interface-listSwitch local-user us

21、er-nameSwitch-luser-localuser service-type lan-accessSwitch-luser-localuser password cipher | simple passwordl 添加本地接入用户并设置相关参数 802.1X典型配置举例SWAdot1xSWAdot1x interface ethernet1/0/1SWAlocal-user localuser SWA-luser-localuserpassword simple helloSWA-luser-localuserservice-type lan-access端口隔离基本配置l 将指定端口

22、加入到隔离组中，端口成为隔离组的普通端口Switch-Ethernet1/0/1 port-isolate enableSwitch-Ethernet1/0/2 port-isolate uplink-portl 将指定端口加入到隔离组中，端口成为隔离组的上行端口端口隔离配置举例SWAinterface ethernet1/0/2 SWA-Ethernet1/0/2 port-isolate enableSWAinterface ethernet1/0/3SWA-Ethernet1/0/3 port-isolate enableSWAinterface ethernet1/0/4SWA-Eth

23、ernet1/0/4 port-isolate enableSWAinterface ethernet1/0/1SWA-Ethernet1/0/1 port-isolate uplink-port端口绑定基本配置Switch-Ethernet1/0/1 user-bind ip-address ip-address mac-address mac-address l 配置静态绑定表项端口绑定典型配置举例SWAinterface ethernet1/0/2 SWA-Ethernet1/0/2 user-bind ip-address mac-address 0001-0201-

24、2123SWAinterface ethernet1/0/3SWA-Ethernet1/0/3 user-bind ip-address mac-address 0001-0401-2126SWAinterface ethernet1/0/4SWA-Ethernet1/0/4 user-bind ip-address mac-address 0002-0261-2562链路聚合静态聚合配置l 创建聚合端口 Switch interface bridge-aggregation interface-numberl 将以太网端口加入聚合组Switch-Ether

25、net1/0/1 port link-aggregation group number链路聚合配置举例SWA interface bridge-aggregation 1SWA-Ethernet1/0/1 port link-aggregation group 1SWA-Ethernet1/0/2 port link-aggregation group 1SWA-Ethernet1/0/3 port link-aggregation group 1SWB interface bridge-aggregation 1SWB-Ethernet1/0/1 port link-aggregation

26、group 1SWB-Ethernet1/0/2 port link-aggregation group 1SWB-Ethernet1/0/3 port link-aggregation group 1链路聚合显示及维护DNS配置静态及动态域名解析Router ip host hostname ip-addressl 配置静态域名解析表中主机名和对应地址l 使能动态域名解析功能Router dns resolve l 配置指定域名服务器Router dns server ip-addressl 配置域名后缀Router dns domain domain-namel 使能DNS代理功能Rout

27、er dns proxy enablel 配置指定域名服务器Router dns server ip-addressl 显示静态域名解析表 Router display ip hostl 显示域名服务器信息 Router display dns server dynamic l 显示动态域名缓存区的信息Router display dns dynamic-hostl 显示DNS代理信息Router display dns proxy table 配置路由器作为FTP客户端l 在用户视图下直接登录远程FTP服务器<Router> ftp server-addressl 查询远程FTP

28、服务器上的目录/文件ftp ls remotefile localfile ftp get remotefile localfile l 下载FTP服务器上的文件ftp byel 断开与远程FTP服务器的连接 设置FTP文件传输的模式为二进制流模式 ftp binaryl 显示远程FTP服务器上的工作目录ftp pwdl 切换远程FTP服务器上的工作路径 ftp cd pathnamel 上传本地文件到远程FTP服务器 ftp put localfile remotefile 配置路由器作为FTP服务器端l 在系统视图下启动FTP服务器功能 Router ftp server enablel

29、创建本地用户并进入本地用户视图 Router local-user user-namel 设置当前本地用户的密码 Router-luser-abc password simple | cipher passwordl 设置服务类型并指定可访问的目录 Router-luser-abc service-type ftp ftp-directory directory 配置示例<Router> ftp User(:(none):ftp_manager331 Password required for ftp_manager.Password:230 Use

30、r logged in.ftp> put aaa.app bbb.appRouter ftp server enableRouter local-user ftp_managerRouter-luser-ftp_manager password simple 123456Router-luser-ftp_manager service-type ftp 配置路由器作为TFTP客户端<Router> tftp server-address get | put | sget source-filename destination-filename source ip source

31、-ip-address | interface interface-type interface-number l 在用户视图下使用l 此命令用于使路由器作为TFTP客户端登录远程TFTP服务器l server-address：TFTP服务器的IP地址或主机名。l source-filename：源文件名。l destination-filename：目标文件名。l get：表示普通下载文件操作。l put：表示上传文件操作。l sget：表示安全下载文件操作。DHCP服务器基本配置l 使能DHCPRouter dhcp enablel 创建DHCP地址池Router dhcp server

32、ip-pool pool-namel 配置动态分配的IP地址范围 Router-dhcp-pool-0 network network-address mask-length | mask mask l 配置为DHCP客户端分配的网关地址 Router-dhcp-pool-0 gateway-list ip-addressl 配置为DHCP客户端分配的DNS服务器地址 Router-dhcp-pool-0 dns-list ip-addressRouter dhcp server forbidden-ip low-ip-address high-ip-address l 配置DHCP地址池中不

33、参与自动分配的IP地址Router-dhcp-pool-0 expired day day hour hour minute minute | unlimited l 配置动态分配的IP地址的租用有效期限 DHCP服务器基本配置示例Router dhcp enableRouter dhcp server forbidden-ip 0Router dhcp server forbidden-ip 54Router dhcp server ip-pool 0Router-dhcp-pool-0 network mask 255.2

34、55.255.0Router-dhcp-pool-0 gateway-list 54Router-dhcp-pool-0 dns-list 0Router-dhcp-pool-0 expired day 5 DHCP服务器显示及维护l 显示DHCP地址池的可用地址信息 Router display dhcp server free-ipl 显示DHCP服务器的统计信息 Router display dhcp server statisticsRouter display dhcp server forbidden-ipl 显示DHCP地址池中不参与自

35、动分配的IP地址 DHCP中继基本配置l 使能DHCPRouter dhcp enablel 配置DHCP服务器组中DHCP服务器的IP地址 Router dhcp relay server-group group-id ip ip-address l 配置接口工作在DHCP中继模式Router-Ethernet1/1 dhcp select relayl 配置接口与DHCP组关联Router-Ethernet1/1 dhcp relay server-select group-idDHCP中继配置示例Router dhcp enableRouter dhcp relay server-gro

36、up 1 ip 0Router interface ethernet 1/1Router-Ethernet1/1 dhcp select relayRouter-Ethernet1/1 dhcp relay server-select 1DHCP中继显示及维护Router display dhcp relay all | interface interface-type interface-number l 显示接口对应的DHCP服务器组的信息l 显示DHCP服务器组中服务器的IP地址Router display dhcp relay server-group group

37、-id | all l 显示DHCP中继的相关报文统计信息Router display dhcp relay statistics server-group group-id | all IPv6地址配置命令l 使能IPv6报文转发功能 RTA ipv6RTA-Ethernet0/1 ipv6 address FE80:1 link-local l 配置接口使用IPv6链路本地地址FE80:1 l 配置接口使用IPv6全球单播地址2001:1/64 RTA-Ethernet0/1 ipv6 address 2001:1/64查看设备路由表l 查看IP路由表摘要信息Router display

38、ip routing-tablel 查看符合指定目的地址的路由信息Router display ip routing-table ip-address mask-length | mask l 查看路由表的统计信息Router display ip routing-table statisticsIP路由表摘要信息VLAN间 路由用802.1Q和子接口实现VLAN间路由RTA-GigabitEthernet0/0interface GigabitEthernet0/0.1RTA-GigabitEthernet0/0.1ip address RTA-G

39、igabitEthernet0/0.1interface GigabitEthernet0/0.2RTA-GigabitEthernet0/0.2vlan-type dot1q vid 2RTA-GigabitEthernet0/0.2ip address RTA-GigabitEthernet0/0.2interface GigabitEthernet0/0.3RTA-GigabitEthernet0/0.3vlan-type dot1q vid 3RTA-GigabitEthernet0/0.3ip address 255.25

40、5.255.0Routerip route-static dest-address mask | mask-length gateway-address | interface-type interface-name preference preference-value l 静态路由配置命令l 配置要点：à 只有下一跳所属的接口是点对点接口时，才可以填写interface-type interface-name，否则必须填写gateway-addressà 目的IP地址和掩码都为的路由为默认路由静态路由配置示例RTBip route-static 10.1.

41、0.0 RTBip route-static RTBip route-static l 配置时须注意：à 所有路由器上都必须配置到所有网段的路由à 下一跳地址须为直连链路上可达的地址静态默认路由配置静态黑洞路由应用l 正确应用黑洞路由可以消除环路RIP基本配置l 创建RIP进程并进入RIP视图 Router rip process-id l 在指定网段接口上使能RIP Router-rip-1 network

42、 network-addressRouter-rip-1 silent-interface all | interface-type interface-number l 配置接口工作在抑制状态 l 使能RIP水平分割功能 Router-Ethernet1/0 rip split-horizonl 使能RIP毒性逆转功能Router-Ethernet1/0 rip poison-reversel 指定全局RIP版本Router-rip-1 version 1 | 2 l 关闭RIPv2自动路由聚合功能 Router-rip-1 undo summaryRouter-Ethernet1/0 ri

43、p authentication-mode md5 rfc2082 key-string key-id | rfc2453 key-string | simple password l 配置RIPv2报文的认证 RIP基本配置举例RTB ripRTB-rip-1 network RTB-rip-1 network RTA ripRTA-rip-1 network RTA-rip-1 network RIPv2配置举例RTA ripRTA-rip-1 network RTA-rip-1

44、network RTA-rip-1 version 2RTA-rip-1 undo summaryRTA-Serial0/0 rip authentication-mode md5 rfc2453 abcdef RTB ripRTB-rip-1 network RTB-rip-1 network RTB-rip-1 undo summaryRTB-rip-1 version 2RTB-Serial0/0 rip authentication-mode md5 rfc2453 abcdef显示RIP当前运行状态及配置信息查看RIP的d

45、ebugging信息OSPF基本配置命令l 配置Router IDRouterrouter id ip-addressl 启动OSPF进程Routerospf process-id l 重启OSPF进程<Router>reset ospf process-id l 配置OSPF区域Router-ospf-100area area-idl 在指定的接口上启动OSPFRouter-ospf-1-area- network network-address wildcard-mask l 配置OSPF接口优先级Router-Ethernet0/0 ospf dr-priori

46、ty priority l 配置OSPF接口CostRouter-Ethernet0/0 ospf cost value 单区域OSPF配置示例一RTA interface loopback 0RTA-loopback-0ip address 55RTA-loopback-0quitRTA router id RTA ospf 1RTA-ospf-1 area 0RTA-ospf-1-area- network RTA-ospf-1-area- network 55RTA-ospf-1-area- network 55RTBinterface loopback 0RTB-loopback-0ip address 55RTB-loopback-0quitRTBroute id 2.2.2.