H3c交换机常见配置
堆叠设置
(1) 配置Device A
选定IRF物理端口并关闭这些端口。
[Sysname] interface Ten-GigabitEthernet 1/0/29
[Sysname-if-range] shutdown
[Sysname-if-range] quit
配置IRF端口1/1,并将它与物理端口Ten-GigabitEthernet1/0/29绑定。
[Sysname] irf-port 1/1
[Sysname-irf-port1/1] port group interface Ten-GigabitEthernet 1/0/29
[Sysname-irf-port1/1] quit
开启Ten-GigabitEthernet1/0/29,并保存配置。
[Sysname] interface Ten-GigabitEthernet 1/0/29
[Sysname-if-range] undo shutdown
[Sysname-if-range] quit
[Sysname] save
(2) 配置Device B
将Device B的成员编号配置为2,并重启设备使新编号生效。
[Sysname] irf member 1 renumber 2
Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[Sysname] quit
选定IRF物理端口并进行物理连线。
重新登录到设备,关闭选定的所有IRF物理端口。
[Sysname] interface Ten-GigabitEthernet 2/0/29
[Sysname-if-range] shutdown
[Sysname-if-range] quit
配置IRF端口2/1,并将它与物理端口Ten-GigabitEthernet2/0/29绑定。
[Sysname] irf-port 2/1
[Sysname-irf-port2/1] port group interface Ten-GigabitEthernet 2/0/29
[Sysname-irf-port2/1] quit
开启Ten-GigabitEthernet2/0/29,并保存配置。
[Sysname] interface Ten-GigabitEthernet 2/0/29
[Sysname-if-range] undo shutdown
[Sysname-if-range] quit
[Sysname] save
激活IRF端口下的配置。
[Sysname] irf-port-configuration active
(3) Device A和Device B间将会进行主设备竞选,竞选失败的一方将重启,重启完成后,IRF形成。
配置优先级
irf member 1 priority 1
irf member 2 priority 10
关闭生成树
stp global disable
NTP设置
ntp-service unicast-server 10.109.192.7 priority ntp-service unicast-server 10.109.192.45
SNMP设置
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 10.142.1.155 udp-port 161 params securityname fjdlj_fjgp v2c
snmp-agent target-host trap address udp-domain 10.142.1.198 udp-port 161 params securityname fjdlj_fjgp v2c
snmp-agent target-host trap address udp-domain 10.142.1.39 udp-port 161 params securityname fjdlj_fjgp v2c
登录认证设置
[H3C]acl basic 2000
[H3C-acl-ipv4-basic-2000]description vty-login-limit
[H3C-acl-ipv4-basic-2000]rule 5 permit source 10.142.44.64 0.0.0.63
[H3C-acl-ipv4-basic-2000]rule 10 permit source 10.142.1.75 0
[H3C]ssh server acl 2000 //在SSH上加访问列表
SSH(Stelnet) server端配置:
public-key local create rsa //创建rsa密钥对
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:512
Generating Keys...
........................++++++
...................++++++
..++++++++
............++++++++
Create the key pair successfully.
public-key local create dsa //创建dsa密钥对
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:512
Generating Keys...
.++++++++++++++++++++++++++++++++++++++++++++++++++*
........+......+.....+......................................+
...+.................+..........+...+.
Create the key pair successfully.
ssh server enable //开启ssh认证功能
user-interface vty 0 4 //配置控制台
authentication-mode scheme
local-user admin class manage //创建本地用户、开启ssh认证功能
password simple fjdl_987
service-type ssh
authorization-attribute user-role network-admin
ssh user cai service-type stelnet authentication-type password //配置服务类型、认证方式
接入层端口配置
管理口做接入vlan配置示例
interface GigabitEthernet1/0/3
port link-mode bridge
port access vlan 170
业务口做多vlan配置示例
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type hybrid
port hybrid vlan 1 3 50 100 to 106 108 120 128 160 170 201 to 204 untagged
上联端口设置
interface Bridge-Aggregation1
quit
interface GigabitEthernet1/0/25
port link-mode bridge
combo enable fiber
port link-aggregation group 1
interface GigabitEthernet1/0/26
port link-mode bridge
combo enable fiber
port link-aggregation group 1
interface Bridge-Aggregation1 port link-type trunk
port trunk permit vlan 1 3 50 100 to 106 108 120 128 160 170 201 to 204
管理IP
interface Vlan-interface160
ip address 10.142.16.123 255.255.255.0
风险分析
下联H3C默认开启STP生成树,上联核心HUAWEI交换机MSTP生成树,MSTP会变更为STP,会造成所有端口重新计算。本次针对H3C手工全局关闭STP,建议针对HUAWEI核心4个下联口关闭生成树。