H3C端口经验配置.doc

H3C网络设备常用配置脚本为了方便H3C网络设备的配置特建立此文档方便大家参考工具/原料 H3C交换机交换机初始化基本配置sysname 交换机名字super password level 3 cipher 密码loopback-detection enableuser-interface aux 0idle-timeout 30 0user-interface vty 0 4idle-timeout 30 0END百度经验:NTP时间同步配置1. 1clock timezone GMT add 8ntp-service unicast-server NTP服务器IP地址ntp source-interface LoopBack 0 （三层交换机，存在Loopback口时）2. 2外网可用NTP服务器01END百度经验:SSH服务配置1. 1Comware V3 Platformacl number 2000rule 1 permit source 0 /允许登录rule 50 denyrsa local-key-pair createuser-interface vty 0 4acl 2000 inboundprotocol inbound sshssh user admin authentication-type password /允许admin用户进行ssh登录2. 2Comware V5 Platformacl number 2000rule 1 permit source 0/允许登录rule 50 denypublic-key local create rsassh server enableuser-interface vty 0 4acl 2000 inboundprotocol inbound sshssh user admin service-type all authentication-type password/允许admin用户进行ssh登录END百度经验:AAA认证配置1. 1Comware V3 Platformlocal-user adminpassword cipher *service-type ssh telnet terminallevel 3hwtacacs scheme acsprimary authentication *primary authorization*primary accounting *key authentication *key authorization*key accounting *user-name-format without-domaindomain acsscheme hwtacacs-scheme acs localdomain default enable acsuser-interface aux 0authentication-mode scheme command-authorizationaccounting commands schemeuser-interface vty 0 4authentication-mode scheme command-authorizationaccounting commands scheme2. 2Comware V5 Platformlocal-user huanglypassword cipher *authorization-attribute level 3service-type ssh telnet terminalhwtacacs scheme acskey authentication *key authorization *key accounting *domain acsauthentication default hwtacacs-scheme acs localauthorization default hwtacacs-scheme acs localaccounting default hwtacacs-scheme acs localdomain default enable acsuser-interface aux 0 8authentication-mode schemecommand authorizationcommand accountinguser-interface vty 0 4authentication-mode schemecommand authorizationcommand accountingEND百度经验:SNMP服务配置1. 1SNMPv2snmp-agentsnmp-agent community read *snmp-agent sys-info version all2. 2SNMPv3snmp-agentsnmp-agent sys-info version v3snmp-agent group v3 * privacysnmp-agent usm-user v3 admin *authentication-mode md5 * privacy-mode des56*END百度经验:Syslog服务配置1. 1info-center logbuffer size 1024info-center loghost *info-center loghost source LoopBack 0（三层交换机，存在Loopback口时）END百度经验:广播/组播风暴抑制1. 1连接终端接口interface Ethernet1/0/1broadcast-suppression bps 64multicast-suppression bps 642. 2级联口/Trunk口interface GigabitEthernet1/0/1broadcast-suppression 5multicast-suppression 5END百度经验:端口安全1. 1interface Ethernet1/0/1port link-type accessport-security enableport-security timer disableport 30Interface Ethernet1/0/1port-security max-mac-count 1port-security intrusion-mode blockmacport-security port-mode autolearnEND百度经验:静态ARP绑定1. 1arp static 7 0024-8117-4ce32. 2终端接口速率限制arp rate-limit rate 50 drop3. 3级联口/Trunk口速率限制arp rate-limit rate 300 dropEND百度经验:生成树相关1. 1MSTstp enablestp mode mstpstp bpdu-protectionstp region-configurationregion-name *instance 1 vlan 53 to 60 127revision-level 1active region-configurationstp instance 0 root primary（适用于主根）stp instance 1 root primary（适用于备根）stp instance 0 root secondary（适用于主根）stp instance 1 root secondary（适用于备根）2. 2启用边缘端口（功能同PortFast）interface Ethernet1/0/1stp edged-port enableEND百度经验:VRRP1. 1interface Vlan-interface1ip address 54 vrrp vrid 1 virtual-ip 54vrrp vrid 1 preempt-modevrrp vrid 1 priority 110（VRRP主）vrrp vrid 1 track interface GigabitEthernet1/0/28 reduced 20END百度经验:Port-Channel（LACP）1. 1omware V3 Platformlink-aggregation group 1 mode staticlink-aggregation group 1 description LACP_to_CL-MYL-S3100-2X-1int e1/0/21port link-type trunkport trunk permit vlan alllacp enableport link-aggregation group 1int e1/0/22port link-type trunkport trunk permit vlan alllacp enableport link-aggregation group 12. 2Comware V5 Platformlink-aggregation load-sharing mode destination-ip source-ipinterface Bridge-Aggregation1port link-type trunkport trunk permit vlan allinterface GigabitEthernet1/0/22port link-type trunkport trunk permit vlan allport link-aggregation group 1interface GigabitEthernet1/0/24port link-type