H3C路由器配置命令

精品文档H3C路由器配置命令一、路由器基本配置命令1、system-view 进入系统视图模式2、sysname R1 为设备命名为R3、display ip routing-table 显示当前路由表4、language-mode Chinese|English 中英文切换5、interface Ethernet 0/0 进入以太网端口视图6、ip address 配置IP地址和子网掩码7、undo shutdown 打开以太网端口8、shutdown 关闭以太网端口9、quit 退出当前视图模式10、ip route-static description To.R2 配置静态路由11、ip route-static description To.R2 配置默认的路由基本配置案例Quidwaydisplay version 显示版本信息Quidwaydisplay current-configuration 显示当前配置Quidwaydisplay interfaces 显示接口信息Quidwaydisplay ip route 显示路由信息Quidwaysysname aabbcc 更改主机名Quidwaysuper passwrod 123456 设置口令Quidwayinterface serial0 进入接口Quidway-serial0ip address Quidway-serial0undo shutdown 激活端口Quidwaylink-protocol hdlc 绑定hdlc协议Quidwayuser-interface vty 0 4Quidway-ui-vty0-4authentication-mode passwordQuidway-ui-vty0-4set authentication-mode password simple 2Quidway-ui-vty0-4user privilege level 3Quidway-ui-vty0-4quitQuidwaydebugging hdlc all serial0 显示所有信息Quidwaydebugging hdlc event serial0 调试事件信息Quidwaydebugging hdlc packet serial0 显示包的信息静态路由配置案例：Quidwayip route-static interface number|nexthopvaluereject|blackhole例如：Quidwayip route-static 16 10.0.0.Quidwayip route-static 10.0.0.Quidwayip route-static 16 SerialQuidwayip route-static 10.0.0.动态路由配置案例（RIP）：QuidwayripQuidwayrip workQuidwayrip inputQuidwayrip outputQuidway-ripnetwork ;可以allQuidway-ripnetwork Quidway-rippeer ip-addressQuidway-ripsummaryQuidwayrip versionQuidwayrip version 2 multicastQuidway-Ethernet0rip split-horizon ;水平分隔动态路由配置案例（OSPF）：Quidwayrouter id A.B.C.D 配置路由器的IDQuidwayospf enable 启动OSPF协议Quidway-ospfimport-route direct 引入直联路由Quidway-Serial0ospf enable area 配置OSPF区域标准访问列表命令格式如下：acl match-order config|auto 默认前者顺序匹配。rule normal|specialpermit|deny source source-addr source-wildcard|any例：Quidwayacl 10Quidway-acl-10rule normal permit source 5Quidway-acl-10rule normal deny source any二、ACL配置扩展访问控制列表配置命令1.配置TCP/UDP协议的扩展访问列表：rule normal|specialpermit|denytcp|udpsource |anydestination |anyoperate2.配置ICMP协议的扩展访问列表：rule normal|specialpermit|denyicmp source |anydestination |anyicmp-code logging扩展访问控制列表操作符的含义equal portnumber 等于greater-than portnumber 大于less-than portnumber 小于not-equal portnumber 不等range portnumber1 portnumber 区间3.扩展访问控制列表案例Quidwayacl 10Quidway-acl-101rule deny souce any destination anyQuidway-acl-101rule permit icmp source any destination any icmp-type echoQuidway-acl-101rule permit icmp source any destination any icmp-type echo-replyQuidwayacl 10Quidway-acl-102rule permit ip source destination Quidway-acl-102rule deny ip source any destination anyQuidwayacl 103Quidway-acl-103rule permit tcp source any destination destination-port equal ftpQuidway-acl-103rule permit tcp source any destination destination-port equal wwwQuidwayfirewall enableQuidwayfirewall default permit|denyQuidwayint e0Quidway-Ethernet0firewall packet-filter 101 inbound|outbound4. NAT的配置地址转换配置案例Quidwayfirewall enableQuidwayfirewall default permitQuidwayacl 10Quidway-acl-101rule deny ip source any destination anyQuidway-acl-101rule permit ip source 0 destination anyQuidway-acl-101rule permit ip source 0 destination anyQuidway-acl-101rule permit ip source 0 destination anyQuidway-acl-101rule permit ip source 0 destination anyQuidwayacl 10Quidway-acl-102rule permit tcp source 0 destination 0Quidway-acl-102rule permit tcp source any destination 0 destination-port great-than1024Quidway-Ethernet0firewall packet-filter 101 inboundQuidway-Serial0firewall packet-filter 102 inboundQuidwaynat address-group 01 03 poolQuidwayaclQuidway-acl-1rule permit source 5Quidway-acl-1rule deny source anyQuidway-acl-1int serial 0Quidway-Serial0nat outbound 1 address-group poolQuidway-Serial0nat server global 01 inside ftp tcpQuidway-Serial0nat server global 02 inside www tcpQuidway-Serial0nat server global 02 8080 inside www tcpQuidway-Serial0nat server global 03 inside smtp udp5. PPP验证配置：主验方：pap|chapQuidwaylocal-user u2 password simple|cipher aaaQuidwayinterface serial 0Quidway-serial0ppp authentication-mode pap|chapQuidway-serial0ppp chap user u1 /pap时，不用此句 pap被验方：Quidwayinterface serial 0Quidway-serial0ppp pap local-user u2 password simple|cipher aaachap被验方：Quidwayinterface serial 0Quidway-serial0ppp chap user u1 Quidway-serial0local-user u2 password simple|cipher aaa ospfR2ospf 1 router-id R2-ospf-1area 1R2-ospf-1-area-network R2-ospf-1-area-network 55R2-ospf-1-area-network 55R2-ospf-1-area-network 55R2-ospf-1-area-quitR3ospf 1 router-id R3-ospf-1area 1R3-ospf-1-area-network R3-ospf-1-area-network 55 R3-ospf-1-area-quit ppp papR2local-user r3R2-luser-r3password simple 123R2-luser-r3service-type pppR2-luser-r3int s 0/2/0R2-Serial0/2/0ppp authentication-mode papR3int s 0/2/0R3-Serial0/2/0ppp pap local-user r3 password simple 123 dhcpR2dhcp enable R2dhcp server forbidden-ip 0R2dhcp server forbidden-ip 54R2dhcp server ip-pool 1R2-dhcp-pool-1network mask R2-dhcp-pool-1gateway-list 54R2-dhcp-pool-1dns-list 0R2-dhcp-pool-1expired day 3R3dhcp enable R3dhcp server forbidden-ip 0R3dhcp server forbidden-ip 54R3dhcp server ip-pool 0R3-dhcp-pool-0network mask R3-dhcp-pool-0gateway-list 54R3-dhcp-pool-0dns-list 0R3-dhcp-pool-0expired day 3 telnetR3telnet server enable R3user-interface vty 0 4R3-ui-vty0-4authentication-mode scheme R3-ui-vty0-4set authentication password simple 123R3-ui-vty0-4user privilege level 3R3-ui-vty0-4quit R3local-user r3R3-luser-r3password simple 123R3-luser-r3service-type telnet R2telnet server enable R2user-interface vty 0 4R2-ui-vty0-4authentication-mode scheme R2-ui-vty0-4set authentication password simple 123R2-ui-vty0-4user privilege level 3R2-ui-vty0-4quitR2local-user r2 R2-luser-r2password simple 123R2-luser-r2service-type telnet acl 阻止R2 telnet R3R3firewall enable R3acl number 3000R3-acl-adv-3000rule deny tcp source destination destination-port eq telnetR3-acl-adv-3000int s 0/2/0R3-Serial0/2/0firewall packet-filter 3000 inbound R3-Serial0/2/0quit 阻止 SW3 telnet R2R2acl number 3000 R2-acl-adv-3000rule deny tcp source 0 destination 0 destination-port eq telnet R2-acl-adv-3000quitR2int vlan 3R2-Vlan-interface3firR2-Vlan-interface3firewall pR2-Vlan-interface3firewall packet-filter 3000 inR2-Vlan-interface3firewall packet-filter 3000 inbound R2-Vlan-interface3quitR2quit交换机SW1super password simple 123SW1user-interface vty 0 4SW1-ui-vty0-4authentication-mode password SW1-ui-vty0-4set authentication password simple 123SW1-ui-vty0-4user privilege level 3端口安全SW1interface e 0/4/1SW1-Ethernet0/