企业在多个地方有工厂,工厂之间采用移动专线,将各工厂核心交换机连接
每个企业多有各自的企业宽带接入,下面是2个企业的配置。
#
version 7.1.064, Release 5208P03
#
sysname H3C
#
telnet server enable
#
irf mac-address persistent timer
irf auto-update enable
irf auto-merge enable
irf member 1 priority 1
#
password-recovery enable
#
vlan 1
#
vlan 10
#
vlan 17
#
irf-port 1
#
wlan service-template 1
ssid HDAP-11
vlan 10
akm mode psk
preshared-key pass-phrase cipher $c$3$/4QXimQ+9XcPSTS6gLu/XOC9sb2tUWi0ntBN
cipher-suite ccmp
cipher-suite tkip
security-ie rsn
security-ie wpa
client-security authentication-mode mac
service-template enable
#
wlan service-template vlan17
ssid HDAP-12
vlan 17
akm mode psk
preshared-key pass-phrase cipher $c$3$FW4K9QhD2iWX/Pm0S7aYsxR2+VQmOwzlt5Ru
cipher-suite ccmp
cipher-suite tkip
security-ie rsn
security-ie wpa
service-template enable
#
interface NULL0
#
interface Vlan-interface1
#
interface Vlan-interface10
ip address 10.3.10.253 255.255.255.0
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
port access vlan 10
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
port link-type trunk
port trunk permit vlan all
#
scheduler logfile size 16
#
line class console
user-role network-admin
#
line class vty
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 31
authentication-mode scheme
user-role network-operator
#
ip route-static 10.2.0.0 16 10.3.10.1
ip route-static 192.168.0.0 16 10.3.10.1
#
undo info-center logfile enable
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash $h$6$F7zT+JzP5uvVTv2H$l97zZX4RWHXIF9Z93D+cHK13K88AtLoc/WHW41vhbWop7Xa8FL6gk/fTwWCi9gRPTv93Yh22q148tgqD+QynhQ==
service-type telnet http https
authorization-attribute user-role network-admin
#
local-user 30d16be12867 class network
password cipher $c$3$noXzA+sExAlZldCz/LdxxV5OqXa09Jyhc+e7z6U8NA==
service-type lan-access
authorization-attribute user-role network-operator
#
local-user 9c2ea121d7b2 class network
password cipher $c$3$c8cFMgCR3TmQXOZdo/B22ZwurbVow6bauU7iRxGZJQ==
service-type lan-access
authorization-attribute user-role network-operator
#
local-user d05349ee81bc class network
password cipher $c$3$4WlLk+VL+n3nmb1ereQLAC4mUas5nzZFIT43BdIr2Q==
service-type lan-access
authorization-attribute user-role network-operator
#
ip http enable
ip https enable
#
wlan auto-ap enable
wlan auto-persistent enable
#
wlan global-configuration
#
wlan ap-group default-group
vlan 1
ap-model WA4320i-ACN
radio 1
radio enable
service-template 1
service-template vlan17
radio 2
radio enable
service-template 1
service-template vlan17
gigabitethernet 1
gigabitethernet 2
#
wlan ap 210235a1gqc163000319 model WA4320i-ACN
serial-id 210235A1GQC163000319
region-code CN
vlan 1
radio 1
radio 2
gigabitethernet 1
gigabitethernet 2
#
wlan ap 210235a1gqc172001734 model WA4320i-ACN
serial-id 210235A1GQC172001734
region-code CN
vlan 1
radio 1
radio 2
gigabitethernet 1
gigabitethernet 2
#
return
View Code
#
version 7.1.070, Release 1118P01
#
sysname TZ-HDQX-CORE-5560
#
clock timezone Beijing add 08:00:00
clock protocol none
#
telnet server enable
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
dhcp enable
dhcp server forbidden-ip 10.3.10.253
dhcp server forbidden-ip 10.3.11.2 10.3.11.5
dhcp server forbidden-ip 10.3.16.100
dhcp server forbidden-ip 10.3.16.101
dhcp server forbidden-ip 10.3.20.102
#
lldp global enable
#
fan prefer-direction slot 1 power-to-port
password-recovery enable
#
vlan 1
#
vlan 2 to 20
#
vlan 995 to 1000
#
stp global enable
#
dhcp server ip-pool 3
#
dhcp server ip-pool vlan1
gateway-list 10.3.1.1
network 10.3.1.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
expired day 0 hour 12
#
dhcp server ip-pool vlan2
gateway-list 10.3.2.1
network 10.3.2.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan3
gateway-list 10.3.3.1
network 10.3.3.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan4
gateway-list 10.3.4.1
network 10.3.4.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan5
gateway-list 10.3.5.1
network 10.3.5.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan6
gateway-list 10.3.6.1
network 10.3.6.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan7
gateway-list 10.3.7.1
network 10.3.7.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan8
gateway-list 10.3.8.1
network 10.3.8.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan9
gateway-list 10.3.9.1
network 10.3.9.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan10
gateway-list 10.3.10.1
network 10.3.10.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan11
gateway-list 10.3.11.1
network 10.3.11.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan12
gateway-list 10.3.12.1
network 10.3.12.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan13
gateway-list 10.3.13.1
network 10.3.13.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan14
gateway-list 10.3.14.1
network 10.3.14.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan15
gateway-list 10.3.15.1
network 10.3.15.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan16
gateway-list 10.3.16.1
network 10.3.16.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan17
gateway-list 10.3.17.1
network 10.3.17.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan18
gateway-list 10.3.18.1
network 10.3.18.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan19
gateway-list 10.3.19.1
network 10.3.19.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan20
gateway-list 10.3.20.1
network 10.3.20.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
interface NULL0
#
interface Vlan-interface1
ip address 10.3.1.1 255.255.255.0
#
interface Vlan-interface2
ip address 10.3.2.1 255.255.255.0
#
interface Vlan-interface3
ip address 10.3.3.1 255.255.255.0
#
interface Vlan-interface4
ip address 10.3.4.1 255.255.255.0
#
interface Vlan-interface5
ip address 10.3.5.1 255.255.255.0
#
interface Vlan-interface6
ip address 10.3.6.1 255.255.255.0
#
interface Vlan-interface7
ip address 10.3.7.1 255.255.255.0
#
interface Vlan-interface8
ip address 10.3.8.1 255.255.255.0
#
interface Vlan-interface9
ip address 10.3.9.1 255.255.255.0
#
interface Vlan-interface10
ip address 10.3.10.1 255.255.255.0
#
interface Vlan-interface11
ip address 10.3.11.1 255.255.255.0
#
interface Vlan-interface12
ip address 10.3.12.1 255.255.255.0
#
interface Vlan-interface13
ip address 10.3.13.1 255.255.255.0
#
interface Vlan-interface14
ip address 10.3.14.1 255.255.255.0
#
interface Vlan-interface15
ip address 10.3.15.1 255.255.255.0
#
interface Vlan-interface16
ip address 10.3.16.1 255.255.255.0
#
interface Vlan-interface17
ip address 10.3.17.1 255.255.255.0
#
interface Vlan-interface18
ip address 10.3.18.1 255.255.255.0
#
interface Vlan-interface19
ip address 10.3.19.1 255.255.255.0
#
interface Vlan-interface20
ip address 10.3.20.1 255.255.255.0
#
interface Vlan-interface995
ip address 10.30.30.30 255.255.255.0
#
interface Vlan-interface999
ip address 10.20.20.251 255.255.255.0
#
interface Vlan-interface1000
ip address 10.40.40.40 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-mode bridge
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
#
interface GigabitEthernet1/0/3
port link-mode bridge
port access vlan 3
#
interface GigabitEthernet1/0/4
port link-mode bridge
port access vlan 4
#
interface GigabitEthernet1/0/5
port link-mode bridge
port access vlan 5
#
interface GigabitEthernet1/0/6
port link-mode bridge
port access vlan 6
#
interface GigabitEthernet1/0/7
port link-mode bridge
port access vlan 7
#
interface GigabitEthernet1/0/8
port link-mode bridge
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/9
port link-mode bridge
port access vlan 9
#
interface GigabitEthernet1/0/10
port link-mode bridge
port access vlan 10
#
interface GigabitEthernet1/0/11
port link-mode bridge
port access vlan 11
#
interface GigabitEthernet1/0/12
port link-mode bridge
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/13
port link-mode bridge
port access vlan 20
#
interface GigabitEthernet1/0/14
port link-mode bridge
port access vlan 20
#
interface GigabitEthernet1/0/15
port link-mode bridge
port access vlan 20
#
interface GigabitEthernet1/0/16
port link-mode bridge
port access vlan 20
#
interface GigabitEthernet1/0/17
port link-mode bridge
port access vlan 20
combo enable fiber
#
interface GigabitEthernet1/0/18
port link-mode bridge
port access vlan 20
combo enable fiber
#
interface GigabitEthernet1/0/19
port link-mode bridge
port access vlan 20
combo enable fiber
#
interface GigabitEthernet1/0/20
port link-mode bridge
description xin-chang
port access vlan 20
combo enable fiber
#
interface GigabitEthernet1/0/21
port link-mode bridge
port access vlan 995
combo enable copper
#
interface GigabitEthernet1/0/22
port link-mode bridge
port access vlan 996
combo enable copper
#
interface GigabitEthernet1/0/23
port link-mode bridge
port access vlan 999
combo enable copper
#
interface GigabitEthernet1/0/24
port link-mode bridge
port access vlan 1000
combo enable copper
#
interface M-GigabitEthernet0/0/0
#
interface Ten-GigabitEthernet1/0/25
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/26
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/27
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/28
port link-mode bridge
#
scheduler logfile size 16
#
line class aux
user-role network-admin
#
line class usb
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0 4
authentication-mode scheme
user-role network-admin
user-role network-operator
#
line vty 5 63
user-role network-operator
#
ip route-static 0.0.0.0 0 10.40.40.1
ip route-static 10.2.0.0 16 10.20.20.254
ip route-static 192.168.0.0 16 10.20.20.254
#
radius scheme system
user-name-format without-domain
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash $h$6$snDWQATrpWeCQrrQ$e/sG16TGFpeRMGxU47EU8dI+N7GorTPSg5wSu4rCjluvI9/TNgVNTjaY1Qm/xypSgFWbyulKXjF9ISipX336EA==
service-type ftp
service-type telnet http https
authorization-attribute user-role level-15
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
ftp server enable
#
ip http enable
#
return
View Code
#
version 7.1.064, Release 5205P02
#
sysname TXHD-WX3510H
#
telnet server enable
#
irf mac-address persistent timer
irf auto-update enable
irf auto-merge enable
irf member 1 priority 1
#
port-security enable
#
dhcp enable
#
password-recovery enable
#
vlan 1
#
vlan 2 to 200
#
irf-port 1
#
dhcp server ip-pool vlan100
gateway-list 192.168.100.254
network 192.168.100.0 mask 255.255.255.0
#
wlan service-template 1
ssid HD-AP11
akm mode psk
preshared-key pass-phrase cipher $c$3$7BwN4wwensofKd+M6xz/cj+IgkizgmXnYz1A
cipher-suite ccmp
security-ie rsn
service-template enable
#
interface NULL0
#
interface Vlan-interface1
ip address 10.2.1.253 255.255.255.0 sub
#
interface Vlan-interface100
ip address 192.168.100.254 255.255.255.0
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/6
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/7
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/8
port access vlan 100
#
scheduler logfile size 16
#
line class console
user-role network-admin
#
line class vty
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 15
user-role level-15
user-role network-admin
set authentication password hash $h$6$xP586skcKIv95W0Y$8MQOZ+dB1dgIXfIwJUVLsoLAQ9TlxQloc/hKlJOEltBYxPRSfr42M9ya9PkkStp8Az91+MzvJxMqFDj9o/CDyQ==
#
line vty 16 31
authentication-mode scheme
user-role network-operator
#
ip route-static 0.0.0.0 0 10.2.1.1
#
undo info-center logfile enable
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash $h$6$3NgALkpc9amDFcrO$yPMgajm2qxBPMcnmUqK3Wh2v9DL2vHcsKdpffaKX259As1YhqL4SgeK7f0Uk5uxArc7X49h35vujaYtC2GYTuQ==
service-type telnet http https
authorization-attribute user-role level-15
authorization-attribute user-role network-admin
#
local-user dddddd class network
password cipher $c$3$XKX5rQBFAwdC32mJGPilk7h/zMo7ywg=
service-type lan-access
authorization-attribute user-role network-operator
#
local-user lxj class network
password cipher $c$3$t2zcOzSd+m/FlUXoO9odGhmwvtXS5Q==
service-type lan-access
authorization-attribute user-role network-operator
#
ip http enable
ip https enable
#
wlan auto-ap enable
wlan auto-persistent enable
#
wlan global-configuration
control-address disable
#
wlan ap-group default-group
vlan 1
ap-model WA4320i-ACN
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap ap1-1 model WA4320i-ACN
serial-id 210235A1GQC163000334
vlan 1
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap ap1-2 model WA4320i-ACN
serial-id 210235A1GQC163000375
vlan 1
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap ap1-3 model WA4320i-ACN
serial-id 210235A1GQC163000947
vlan 1
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap ap1-4 model WA4320i-ACN
serial-id 210235A1GQC163000970
vlan 1
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap ap2-1 model WA4320i-ACN
serial-id 210235A1GQC163000290
vlan 1
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap ap2-2 model WA4320i-ACN
serial-id 210235A1GQC163000173
vlan 1
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap ap2-3 model WA4320i-ACN
serial-id 210235A1GQC163000319
vlan 1
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap ap2-4 model WA4320i-ACN
serial-id 210235A1GQC163000284
vlan 1
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap ap3-1 model WA4320i-ACN
serial-id 210235A1GQC163000943
vlan 1
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap ap3-2 model WA4320i-ACN
serial-id 210235A1GQC163000942
vlan 1
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap ap3-3 model WA4320i-ACN
serial-id 210235A1GQC163000107
vlan 1
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap ap3-4 model WA4320i-ACN
serial-id 210235A1GQC163000377
vlan 1
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap ap4-1 model WA4320i-ACN
serial-id 210235A1GQC163000836
vlan 1
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap ap4-2 model WA4320i-ACN
serial-id 210235A1GQC172001383
vlan 1
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap ap4-3 model WA4320i-ACN
serial-id 210235A1GQC172001734
vlan 1
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap ap5-1 model WA4320i-ACN
serial-id 210235A1GQC172001457
vlan 1
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
return
View Code
#
sysname TZ-HD-CORE-5560
#
clock timezone Lisbon add 00:00:00
clock protocol none
#
telnet server enable
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
dhcp enable
dhcp server forbidden-ip 10.2.10.220 10.2.10.250
#
lldp global enable
#
password-recovery enable
#
vlan 1
#
vlan 2 to 20
#
vlan 100
#
vlan 999 to 1000
#
stp global enable
#
dhcp server ip-pool vlan1
gateway-list 10.2.1.1
network 10.2.1.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
expired day 0 hour 12
static-bind ip-address 10.2.1.4 mask 255.255.255.0 hardware-address d053-49ee-81bc
static-bind ip-address 10.2.1.40 mask 255.255.255.0 hardware-address 30d1-6be1-2867
#
dhcp server ip-pool vlan2
gateway-list 10.2.2.1
network 10.2.2.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan3
gateway-list 10.2.3.1
network 10.2.3.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan4
gateway-list 10.2.4.1
network 10.2.4.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan5
gateway-list 10.2.5.1
network 10.2.5.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan6
gateway-list 10.2.6.1
network 10.2.6.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan7
gateway-list 10.2.7.1
network 10.2.7.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan8
gateway-list 10.2.8.1
network 10.2.8.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan9
gateway-list 10.2.9.1
network 10.2.9.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan10
gateway-list 10.2.10.1
network 10.2.10.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan11
gateway-list 10.2.11.1
network 10.2.11.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan12
gateway-list 10.2.12.1
network 10.2.12.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan13
gateway-list 10.2.13.1
network 10.2.13.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan14
gateway-list 10.2.14.1
network 10.2.14.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan15
gateway-list 10.2.15.1
network 10.2.15.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan16
gateway-list 10.2.16.1
network 10.2.16.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan17
gateway-list 10.2.17.1
network 10.2.17.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan18
gateway-list 10.2.18.1
network 10.2.18.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan19
gateway-list 10.2.19.1
network 10.2.19.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
dhcp server ip-pool vlan20
gateway-list 10.2.20.1
network 10.2.20.0 mask 255.255.255.0
dns-list 60.191.134.206 60.191.134.196
#
interface NULL0
#
interface Vlan-interface1
ip address 10.2.1.1 255.255.255.0
#
interface Vlan-interface2
ip address 10.2.2.1 255.255.255.0
#
interface Vlan-interface3
ip address 10.2.3.1 255.255.255.0
#
interface Vlan-interface4
ip address 10.2.4.1 255.255.255.0
#
interface Vlan-interface5
ip address 10.2.5.1 255.255.255.0
#
interface Vlan-interface6
ip address 10.2.6.1 255.255.255.0
#
interface Vlan-interface7
ip address 10.2.7.1 255.255.255.0
#
interface Vlan-interface8
ip address 10.2.8.1 255.255.255.0
#
interface Vlan-interface9
ip address 10.2.9.1 255.255.255.0
#
interface Vlan-interface10
ip address 10.2.10.1 255.255.255.0
#
interface Vlan-interface11
ip address 10.2.11.1 255.255.255.0
#
interface Vlan-interface12
ip address 10.2.12.1 255.255.255.0
#
interface Vlan-interface13
ip address 10.2.13.1 255.255.255.0
#
interface Vlan-interface14
ip address 10.2.14.1 255.255.255.0
#
interface Vlan-interface15
ip address 10.2.15.1 255.255.255.0
#
interface Vlan-interface16
ip address 10.2.16.1 255.255.255.0
#
interface Vlan-interface17
ip address 10.2.17.1 255.255.255.0
#
interface Vlan-interface18
ip address 10.2.18.1 255.255.255.0
#
interface Vlan-interface19
ip address 10.2.19.1 255.255.255.0
#
interface Vlan-interface20
ip address 10.2.20.1 255.255.255.0
#
interface Vlan-interface100
ip address 192.168.1.1 255.255.0.0
packet-filter 3000 inbound
#
interface Vlan-interface999
ip address 10.20.20.254 255.255.255.0
#
interface Vlan-interface1000
ip address 10.10.10.254 255.255.255.0
packet-filter 3004 outbound
#
interface GigabitEthernet1/0/1
port link-mode bridge
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
#
interface GigabitEthernet1/0/3
port link-mode bridge
port access vlan 3
#
interface GigabitEthernet1/0/4
port link-mode bridge
port access vlan 4
#
interface GigabitEthernet1/0/5
port link-mode bridge
port access vlan 5
#
interface GigabitEthernet1/0/6
port link-mode bridge
port access vlan 6
#
interface GigabitEthernet1/0/7
port link-mode bridge
port access vlan 7
#
interface GigabitEthernet1/0/8
port link-mode bridge
port access vlan 8
#
interface GigabitEthernet1/0/9
port link-mode bridge
port access vlan 9
#
interface GigabitEthernet1/0/10
port link-mode bridge
port access vlan 10
#
interface GigabitEthernet1/0/11
port link-mode bridge
port access vlan 11
#
interface GigabitEthernet1/0/12
port link-mode bridge
port access vlan 12
#
interface GigabitEthernet1/0/13
port link-mode bridge
port access vlan 13
#
interface GigabitEthernet1/0/14
port link-mode bridge
port access vlan 14
#
interface GigabitEthernet1/0/15
port link-mode bridge
port access vlan 15
#
interface GigabitEthernet1/0/16
port link-mode bridge
port access vlan 16
#
interface GigabitEthernet1/0/17
port link-mode bridge
port access vlan 17
#
interface GigabitEthernet1/0/18
port link-mode bridge
port access vlan 18
#
interface GigabitEthernet1/0/19
port link-mode bridge
port access vlan 19
#
interface GigabitEthernet1/0/20
port link-mode bridge
port access vlan 999
#
interface GigabitEthernet1/0/21
port link-mode bridge
port access vlan 100
combo enable copper
#
interface GigabitEthernet1/0/22
port link-mode bridge
port access vlan 100
combo enable copper
#
interface GigabitEthernet1/0/23
port link-mode bridge
port access vlan 100
combo enable copper
#
interface GigabitEthernet1/0/24
port link-mode bridge
port access vlan 100
combo enable copper
#
interface GigabitEthernet1/0/25
port link-mode bridge
combo enable copper
#
interface GigabitEthernet1/0/26
port link-mode bridge
description con-cixi-haorun
port access vlan 999
combo enable copper
#
interface GigabitEthernet1/0/27
port link-mode bridge
combo enable copper
#
interface GigabitEthernet1/0/28
port link-mode bridge
port access vlan 1000
combo enable copper
#
interface M-GigabitEthernet0/0/0
#
interface M-GigabitEthernet0/0/1
#
interface Ten-GigabitEthernet1/0/29
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/30
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/31
port link-mode bridge
port access vlan 100
#
interface Ten-GigabitEthernet1/0/32
port link-mode bridge
port access vlan 17
#
scheduler logfile size 16
#
line class aux
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0 4
user-role level-15
user-role network-operator
set authentication password hash $h$6$nU+AkipUP9u9B8+5$3hi6djXQS1kjEaFUj7Umk4yAZrDOgc2nQPlosh/RcZCdYwX6W+7Ll/CI3IIb5xkkEg3QDzDpo69L1hOKHJYvrg==
#
line vty 5 63
user-role network-operator
#
ip route-static 0.0.0.0 0 10.10.10.1
ip route-static 10.1.0.0 16 10.20.20.253
ip route-static 10.3.0.0 16 10.20.20.251
ip route-static 172.16.0.0 16 Vlan-interface999 10.20.20.253
#
snmp-agent
snmp-agent local-engineid 800063A2801CAB349776BC00000001
snmp-agent community write public
snmp-agent sys-info version all
snmp-agent trap enable arp
snmp-agent trap enable radius
#
time-range a1 00:00 to 23:59 daily
#
acl number 3000
rule 0 deny ip source 192.168.115.155 0
rule 5 deny ip source 192.168.2.71 0
rule 10 deny ip source 192.168.24.20 0
rule 15 deny ip source 192.168.23.22 0
#
acl number 3003
rule 0 permit ip destination 10.86.87.185 0
rule 5 permit ip destination 218.75.72.116 0
rule 10 permit ip destination 218.75.72.114 0
rule 15 deny ip source 10.2.1.0 0.0.0.255
rule 20 deny ip source 10.2.17.0 0.0.0.255
rule 25 deny ip source 10.2.18.0 0.0.0.255
rule 30 deny ip source 10.2.19.0 0.0.0.255
#
acl number 3004
rule 0 permit ip source 10.2.1.4 0
rule 5 permit ip source 10.2.1.40 0
rule 15 deny ip source 10.2.1.0 0.0.0.255
rule 20 deny ip source 10.2.17.0 0.0.0.255
rule 25 deny ip source 10.2.18.0 0.0.0.255
rule 30 deny ip source 10.2.19.0 0.0.0.255
rule 35 deny ip source 10.2.16.0 0.0.0.255
#
acl number 4000
#
acl number 4001
#
radius scheme system
user-name-format without-domain
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash $h$6$snDWQATrpWeCQrrQ$e/sG16TGFpeRMGxU47EU8dI+N7GorTPSg5wSu4rCjluvI9/TNgVNTjaY1Qm/xypSgFWbyulKXjF9ISipX336EA==
service-type ftp
service-type telnet http
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
ftp server enable
#
ip http enable
#
return
View Code
# 进入系统视图,并开启Telnet服务,默认开启。
<H3C> system-view
[H3C] telnet server enable
# 配置VTY接口认证模式为scheme模式(用户名+密码认证)。
[H3C] line vty 0 4
[H3C-ui-vty0-4] authentication-mode scheme //另两种认证模式为None(无密码)和Password(单密码)
[H3C-ui-vty0-4] user-role network-admin
[H3C-ui-vty0-4] quit
# 创建本地账号abc,密码为123456,权限级别为network-admin。
[H3C] local-user abc
[H3C-luser-abc] password simple 123456
[H3C-luser-abc] service-type telnet
[H3C-luser-abc] authorization-attribute user-role network-admin
[H3C-luser-abc] quit
# 保存配置。
[H3C] save force
风扇修改风向命令
[h3c]fan prefer-direction slot 1 port-to-power (slot后面的数字根据具体的槽位配置)
轻轻松松配置产品案例链接:
轻轻松松配交换:https://zhiliao.h3c.com/topic/huati/1246
轻轻松松配路由:https://zhiliao.h3c.com/topic/huati/1247
轻轻松松配安全:https://zhiliao.h3c.com/topic/huati/1248
轻轻松松配无线:https://zhiliao.h3c.com/topic/huati/1249
说明
vlan 2 to 20
配置一个vlan interface
只有配置了vlan interface 后,
笔记本插入核心的对应于AC的 vlan 访问口,才可以访问到
网络连接
----------
下面SW指核心交换机
加入路由
- ip route-static 0.0.0.0 0 10.3.15.1 后,可以笔记本插任意核心端口多可以访问到AC控制器 --- 这条作废
- 笔记本连SW13 口, AC与SW 8口trunk相连,只要 AC上配置 Vlan-interface13 的 ip address后就可以访问了,跟上面的ip route-static无关
- SW-AC 8口trunk , poe_sw1 连 AC 3口 ,AC3口做port access vlan 3, SW 4口连 poe_sw2
- AP1连 poe_sw1, AP2连poe_sw2 ,结果发现2个AP都能自动被发现 (需要在AC上配置一个 vlan-interface 4 的ip address)
AP的设置。
---------------------
AP区分 fat 与fit
进到AP里使用 ap-mode fit ,普通试图下面
使用核心的dhcp 服务时,看AP是否获取IP地址,可以在核心上使用下面命令
display dhcp server ip-in-use
-------------------------------
Radious服务器在外网的情况下
需呀保证在AC上能访问到 Radious服务器, 需要做 ip route-static 路由
Radius 需要在ISP的System域中把 授权的-不授权勾打上
--------------
路由规则,第一条匹配是就不会匹配第二条
在内网要ping 192.168.1.94 是需要
将 ip route-static 192.168.0.0 16 10.3.10.1 注意10.3.10.1是允许访问外网的网段101