H3C网络设备常用配置脚本
1、sysname 交换机名字
super password level 3 cipher 密码
loopback-detection enable
user-interface aux 0
idle-timeout 30 0
user-interface vty 0 4
idle-timeout 30 0
1、clock timezone GMT add 8
ntp-service unicast-server NTP服务器IP地址
ntp source-interface LoopBack 0 (三层交换机,存在Loopback口时)
2、外网可用NTP服务器 202.120.2.101
1、Comware V3 Platform
acl number 2000
rule 1 permit source 192.168.0.1 0 //允许192.168.0.1登录
rule 50 deny
rsa local-key-pair create
user-interface vty 0 4
acl 2000 inbound
protocol inbound ssh
ssh user admin authentication-type password //允许admin用户进行ssh登录
2、Comware V5 Platform
acl number 2000
rule 1 permit source 192.168.0.1 0 //允许192.168.0.1登录
rule 50 deny
public-key local create rsa
ssh server enable
user-interface vty 0 4
acl 2000 inbound
protocol inbound ssh
ssh user admin service-type all authentication-type password //允许admin用户进行ssh登录
1、Comware V3 Platform
local-user admin
password cipher *****
service-type ssh telnet terminal
level 3
hwtacacs scheme acs
primary authentication *****
primary authorization *****
primary accounting *****
key authentication *****
key authorization *****
key accounting *****
user-name-format without-domain
domain acs
scheme hwtacacs-scheme acs local
domain default enable acs
user-interface aux 0
authentication-mode scheme command-authorization
accounting commands scheme
user-interface vty 0 4
authentication-mode scheme command-authorization
accounting commands scheme
2、Comware V5 Platform
local-user huangly
password cipher *****
authorization-attribute level 3
service-type ssh telnet terminal
hwtacacs scheme acs
key authentication *****
key authorization *****
key accounting *****
domain acs
authentication default hwtacacs-scheme acs local
authorization default hwtacacs-scheme acs local
accounting default hwtacacs-scheme acs local
domain default enable acs
user-interface aux 0 8
authentication-mode scheme
command authorization
command accounting
user-interface vty 0 4
authentication-mode scheme
command authorization
command accounting
1、SNMPv2
snmp-agent
snmp-agent community read *******
snmp-agent sys-info version all
2、SNMPv3
snmp-agent
snmp-agent sys-info version v3
snmp-agent group v3 ******* privacy
snmp-agent usm-user v3 admin ******* authentication-mode md5 ******* privacy-mode des56 *******
1、info-center logbuffer size 1024
info-center loghost ********
info-center loghost source LoopBack 0 (三层交换机,存在Loopback口时)
1、连接终端接口
interface Ethernet1/0/1
broadcast-suppression bps 64
multicast-suppression bps 64
2、级联口/Trunk口
interface GigabitEthernet1/0/1
broadcast-suppression 5
multicast-suppression 5
1、interface Ethernet1/0/1
port link-type access
port-security enable
port-security timer disableport 30
Interface Ethernet1/0/1
port-security max-mac-count 1
port-security intrusion-mode blockmac
port-security port-mode autolearn
1、arp static 192.168.10.47 0024-8117-4ce3
2、终端接口速率限制
arp rate-limit rate 50 drop
3、级联口/Trunk口速率限制
arp rate-limit rate 300 drop
1、MST
stp enable
stp mode mstp
stp bpdu-protection
stp region-configuration
region-name ***
instance 1 vlan 53 to 60 127
revision-level 1
active region-configuration
stp instance 0 root primary (适用于主根)
stp instance 1 root primary (适用于备根)
stp instance 0 root secondary (适用于主根)
stp instance 1 root secondary (适用于备根)
2、启用边缘端口(功能同PortFast)
interface Ethernet1/0/1
stp edged-port enable
1、interface Vlan-interface1
ip address 192.168.0.254 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.0.254
vrrp vrid 1 preempt-mode
vrrp vrid 1 priority 110 (VRRP主)
vrrp vrid 1 track interface GigabitEthernet1/0/28 reduced 20
1、omware V3 Platform
link-aggregation group 1 mode static
link-aggregation group 1 description LACP_to_CL-MYL-S3100-2X-1
int e1/0/21
port link-type trunk
port trunk permit vlan all
lacp enable
port link-aggregation group 1
int e1/0/22
port link-type trunk
port trunk permit vlan all
lacp enable
port link-aggregation group 1
2、Comware V5 Platform
link-aggregation load-sharing mode destination-ip source-ip
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan all
interface GigabitEthernet1/0/22
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
interface GigabitEthernet1/0/24
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
1、combo enable fiber
