企业网络搭建
企业在多个地方有工厂,工厂之间采用移动专线,将各工厂核心交换机连接
每个企业多有各自的企业宽带接入,下面是2个企业的配置。
# version 7.1.064, Release 5208P03 # sysname H3C # telnet server enable # irf mac-address persistent timer irf auto-update enable irf auto-merge enable irf member 1 priority 1 # password-recovery enable # vlan 1 # vlan 10 # vlan 17 # irf-port 1 # wlan service-template 1 ssid HDAP-11 vlan 10 akm mode psk preshared-key pass-phrase cipher $c$3$/4QXimQ+9XcPSTS6gLu/XOC9sb2tUWi0ntBN cipher-suite ccmp cipher-suite tkip security-ie rsn security-ie wpa client-security authentication-mode mac service-template enable # wlan service-template vlan17 ssid HDAP-12 vlan 17 akm mode psk preshared-key pass-phrase cipher $c$3$FW4K9QhD2iWX/Pm0S7aYsxR2+VQmOwzlt5Ru cipher-suite ccmp cipher-suite tkip security-ie rsn security-ie wpa service-template enable # interface NULL0 # interface Vlan-interface1 # interface Vlan-interface10 ip address 10.3.10.253 255.255.255.0 # interface GigabitEthernet1/0/1 # interface GigabitEthernet1/0/2 # interface GigabitEthernet1/0/3 # interface GigabitEthernet1/0/4 # interface GigabitEthernet1/0/5 port access vlan 10 # interface GigabitEthernet1/0/6 # interface GigabitEthernet1/0/7 # interface GigabitEthernet1/0/8 port link-type trunk port trunk permit vlan all # scheduler logfile size 16 # line class console user-role network-admin # line class vty user-role network-operator # line con 0 user-role network-admin # line vty 0 31 authentication-mode scheme user-role network-operator # ip route-static 10.2.0.0 16 10.3.10.1 ip route-static 192.168.0.0 16 10.3.10.1 # undo info-center logfile enable # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$F7zT+JzP5uvVTv2H$l97zZX4RWHXIF9Z93D+cHK13K88AtLoc/WHW41vhbWop7Xa8FL6gk/fTwWCi9gRPTv93Yh22q148tgqD+QynhQ== service-type telnet http https authorization-attribute user-role network-admin # local-user 30d16be12867 class network password cipher $c$3$noXzA+sExAlZldCz/LdxxV5OqXa09Jyhc+e7z6U8NA== service-type lan-access authorization-attribute user-role network-operator # local-user 9c2ea121d7b2 class network password cipher $c$3$c8cFMgCR3TmQXOZdo/B22ZwurbVow6bauU7iRxGZJQ== service-type lan-access authorization-attribute user-role network-operator # local-user d05349ee81bc class network password cipher $c$3$4WlLk+VL+n3nmb1ereQLAC4mUas5nzZFIT43BdIr2Q== service-type lan-access authorization-attribute user-role network-operator # ip http enable ip https enable # wlan auto-ap enable wlan auto-persistent enable # wlan global-configuration # wlan ap-group default-group vlan 1 ap-model WA4320i-ACN radio 1 radio enable service-template 1 service-template vlan17 radio 2 radio enable service-template 1 service-template vlan17 gigabitethernet 1 gigabitethernet 2 # wlan ap 210235a1gqc163000319 model WA4320i-ACN serial-id 210235A1GQC163000319 region-code CN vlan 1 radio 1 radio 2 gigabitethernet 1 gigabitethernet 2 # wlan ap 210235a1gqc172001734 model WA4320i-ACN serial-id 210235A1GQC172001734 region-code CN vlan 1 radio 1 radio 2 gigabitethernet 1 gigabitethernet 2 # return
# version 7.1.070, Release 1118P01 # sysname TZ-HDQX-CORE-5560 # clock timezone Beijing add 08:00:00 clock protocol none # telnet server enable # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # dhcp enable dhcp server forbidden-ip 10.3.10.253 dhcp server forbidden-ip 10.3.11.2 10.3.11.5 dhcp server forbidden-ip 10.3.16.100 dhcp server forbidden-ip 10.3.16.101 dhcp server forbidden-ip 10.3.20.102 # lldp global enable # fan prefer-direction slot 1 power-to-port password-recovery enable # vlan 1 # vlan 2 to 20 # vlan 995 to 1000 # stp global enable # dhcp server ip-pool 3 # dhcp server ip-pool vlan1 gateway-list 10.3.1.1 network 10.3.1.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 expired day 0 hour 12 # dhcp server ip-pool vlan2 gateway-list 10.3.2.1 network 10.3.2.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan3 gateway-list 10.3.3.1 network 10.3.3.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan4 gateway-list 10.3.4.1 network 10.3.4.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan5 gateway-list 10.3.5.1 network 10.3.5.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan6 gateway-list 10.3.6.1 network 10.3.6.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan7 gateway-list 10.3.7.1 network 10.3.7.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan8 gateway-list 10.3.8.1 network 10.3.8.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan9 gateway-list 10.3.9.1 network 10.3.9.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan10 gateway-list 10.3.10.1 network 10.3.10.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan11 gateway-list 10.3.11.1 network 10.3.11.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan12 gateway-list 10.3.12.1 network 10.3.12.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan13 gateway-list 10.3.13.1 network 10.3.13.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan14 gateway-list 10.3.14.1 network 10.3.14.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan15 gateway-list 10.3.15.1 network 10.3.15.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan16 gateway-list 10.3.16.1 network 10.3.16.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan17 gateway-list 10.3.17.1 network 10.3.17.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan18 gateway-list 10.3.18.1 network 10.3.18.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan19 gateway-list 10.3.19.1 network 10.3.19.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan20 gateway-list 10.3.20.1 network 10.3.20.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # interface NULL0 # interface Vlan-interface1 ip address 10.3.1.1 255.255.255.0 # interface Vlan-interface2 ip address 10.3.2.1 255.255.255.0 # interface Vlan-interface3 ip address 10.3.3.1 255.255.255.0 # interface Vlan-interface4 ip address 10.3.4.1 255.255.255.0 # interface Vlan-interface5 ip address 10.3.5.1 255.255.255.0 # interface Vlan-interface6 ip address 10.3.6.1 255.255.255.0 # interface Vlan-interface7 ip address 10.3.7.1 255.255.255.0 # interface Vlan-interface8 ip address 10.3.8.1 255.255.255.0 # interface Vlan-interface9 ip address 10.3.9.1 255.255.255.0 # interface Vlan-interface10 ip address 10.3.10.1 255.255.255.0 # interface Vlan-interface11 ip address 10.3.11.1 255.255.255.0 # interface Vlan-interface12 ip address 10.3.12.1 255.255.255.0 # interface Vlan-interface13 ip address 10.3.13.1 255.255.255.0 # interface Vlan-interface14 ip address 10.3.14.1 255.255.255.0 # interface Vlan-interface15 ip address 10.3.15.1 255.255.255.0 # interface Vlan-interface16 ip address 10.3.16.1 255.255.255.0 # interface Vlan-interface17 ip address 10.3.17.1 255.255.255.0 # interface Vlan-interface18 ip address 10.3.18.1 255.255.255.0 # interface Vlan-interface19 ip address 10.3.19.1 255.255.255.0 # interface Vlan-interface20 ip address 10.3.20.1 255.255.255.0 # interface Vlan-interface995 ip address 10.30.30.30 255.255.255.0 # interface Vlan-interface999 ip address 10.20.20.251 255.255.255.0 # interface Vlan-interface1000 ip address 10.40.40.40 255.255.255.0 # interface GigabitEthernet1/0/1 port link-mode bridge # interface GigabitEthernet1/0/2 port link-mode bridge port access vlan 2 # interface GigabitEthernet1/0/3 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/4 port link-mode bridge port access vlan 4 # interface GigabitEthernet1/0/5 port link-mode bridge port access vlan 5 # interface GigabitEthernet1/0/6 port link-mode bridge port access vlan 6 # interface GigabitEthernet1/0/7 port link-mode bridge port access vlan 7 # interface GigabitEthernet1/0/8 port link-mode bridge port link-type trunk port trunk permit vlan all # interface GigabitEthernet1/0/9 port link-mode bridge port access vlan 9 # interface GigabitEthernet1/0/10 port link-mode bridge port access vlan 10 # interface GigabitEthernet1/0/11 port link-mode bridge port access vlan 11 # interface GigabitEthernet1/0/12 port link-mode bridge port link-type trunk port trunk permit vlan all # interface GigabitEthernet1/0/13 port link-mode bridge port access vlan 20 # interface GigabitEthernet1/0/14 port link-mode bridge port access vlan 20 # interface GigabitEthernet1/0/15 port link-mode bridge port access vlan 20 # interface GigabitEthernet1/0/16 port link-mode bridge port access vlan 20 # interface GigabitEthernet1/0/17 port link-mode bridge port access vlan 20 combo enable fiber # interface GigabitEthernet1/0/18 port link-mode bridge port access vlan 20 combo enable fiber # interface GigabitEthernet1/0/19 port link-mode bridge port access vlan 20 combo enable fiber # interface GigabitEthernet1/0/20 port link-mode bridge description xin-chang port access vlan 20 combo enable fiber # interface GigabitEthernet1/0/21 port link-mode bridge port access vlan 995 combo enable copper # interface GigabitEthernet1/0/22 port link-mode bridge port access vlan 996 combo enable copper # interface GigabitEthernet1/0/23 port link-mode bridge port access vlan 999 combo enable copper # interface GigabitEthernet1/0/24 port link-mode bridge port access vlan 1000 combo enable copper # interface M-GigabitEthernet0/0/0 # interface Ten-GigabitEthernet1/0/25 port link-mode bridge # interface Ten-GigabitEthernet1/0/26 port link-mode bridge # interface Ten-GigabitEthernet1/0/27 port link-mode bridge # interface Ten-GigabitEthernet1/0/28 port link-mode bridge # scheduler logfile size 16 # line class aux user-role network-admin # line class usb user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line vty 0 4 authentication-mode scheme user-role network-admin user-role network-operator # line vty 5 63 user-role network-operator # ip route-static 0.0.0.0 0 10.40.40.1 ip route-static 10.2.0.0 16 10.20.20.254 ip route-static 192.168.0.0 16 10.20.20.254 # radius scheme system user-name-format without-domain # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$snDWQATrpWeCQrrQ$e/sG16TGFpeRMGxU47EU8dI+N7GorTPSg5wSu4rCjluvI9/TNgVNTjaY1Qm/xypSgFWbyulKXjF9ISipX336EA== service-type ftp service-type telnet http https authorization-attribute user-role level-15 authorization-attribute user-role network-admin authorization-attribute user-role network-operator # ftp server enable # ip http enable # return
# version 7.1.064, Release 5205P02 # sysname TXHD-WX3510H # telnet server enable # irf mac-address persistent timer irf auto-update enable irf auto-merge enable irf member 1 priority 1 # port-security enable # dhcp enable # password-recovery enable # vlan 1 # vlan 2 to 200 # irf-port 1 # dhcp server ip-pool vlan100 gateway-list 192.168.100.254 network 192.168.100.0 mask 255.255.255.0 # wlan service-template 1 ssid HD-AP11 akm mode psk preshared-key pass-phrase cipher $c$3$7BwN4wwensofKd+M6xz/cj+IgkizgmXnYz1A cipher-suite ccmp security-ie rsn service-template enable # interface NULL0 # interface Vlan-interface1 ip address 10.2.1.253 255.255.255.0 sub # interface Vlan-interface100 ip address 192.168.100.254 255.255.255.0 # interface GigabitEthernet1/0/1 # interface GigabitEthernet1/0/2 # interface GigabitEthernet1/0/3 # interface GigabitEthernet1/0/4 # interface GigabitEthernet1/0/5 port link-type trunk port trunk permit vlan all # interface GigabitEthernet1/0/6 port link-type trunk port trunk permit vlan all # interface GigabitEthernet1/0/7 port link-type trunk port trunk permit vlan all # interface GigabitEthernet1/0/8 port access vlan 100 # scheduler logfile size 16 # line class console user-role network-admin # line class vty user-role network-operator # line con 0 user-role network-admin # line vty 0 15 user-role level-15 user-role network-admin set authentication password hash $h$6$xP586skcKIv95W0Y$8MQOZ+dB1dgIXfIwJUVLsoLAQ9TlxQloc/hKlJOEltBYxPRSfr42M9ya9PkkStp8Az91+MzvJxMqFDj9o/CDyQ== # line vty 16 31 authentication-mode scheme user-role network-operator # ip route-static 0.0.0.0 0 10.2.1.1 # undo info-center logfile enable # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$3NgALkpc9amDFcrO$yPMgajm2qxBPMcnmUqK3Wh2v9DL2vHcsKdpffaKX259As1YhqL4SgeK7f0Uk5uxArc7X49h35vujaYtC2GYTuQ== service-type telnet http https authorization-attribute user-role level-15 authorization-attribute user-role network-admin # local-user dddddd class network password cipher $c$3$XKX5rQBFAwdC32mJGPilk7h/zMo7ywg= service-type lan-access authorization-attribute user-role network-operator # local-user lxj class network password cipher $c$3$t2zcOzSd+m/FlUXoO9odGhmwvtXS5Q== service-type lan-access authorization-attribute user-role network-operator # ip http enable ip https enable # wlan auto-ap enable wlan auto-persistent enable # wlan global-configuration control-address disable # wlan ap-group default-group vlan 1 ap-model WA4320i-ACN radio 1 radio enable service-template 1 radio 2 radio enable service-template 1 gigabitethernet 1 gigabitethernet 2 # wlan ap ap1-1 model WA4320i-ACN serial-id 210235A1GQC163000334 vlan 1 radio 1 radio enable service-template 1 radio 2 radio enable service-template 1 gigabitethernet 1 gigabitethernet 2 # wlan ap ap1-2 model WA4320i-ACN serial-id 210235A1GQC163000375 vlan 1 radio 1 radio enable service-template 1 radio 2 radio enable service-template 1 gigabitethernet 1 gigabitethernet 2 # wlan ap ap1-3 model WA4320i-ACN serial-id 210235A1GQC163000947 vlan 1 radio 1 radio enable service-template 1 radio 2 radio enable service-template 1 gigabitethernet 1 gigabitethernet 2 # wlan ap ap1-4 model WA4320i-ACN serial-id 210235A1GQC163000970 vlan 1 radio 1 radio enable service-template 1 radio 2 radio enable service-template 1 gigabitethernet 1 gigabitethernet 2 # wlan ap ap2-1 model WA4320i-ACN serial-id 210235A1GQC163000290 vlan 1 radio 1 radio enable service-template 1 radio 2 radio enable service-template 1 gigabitethernet 1 gigabitethernet 2 # wlan ap ap2-2 model WA4320i-ACN serial-id 210235A1GQC163000173 vlan 1 radio 1 radio enable service-template 1 radio 2 radio enable service-template 1 gigabitethernet 1 gigabitethernet 2 # wlan ap ap2-3 model WA4320i-ACN serial-id 210235A1GQC163000319 vlan 1 radio 1 radio enable service-template 1 radio 2 radio enable service-template 1 gigabitethernet 1 gigabitethernet 2 # wlan ap ap2-4 model WA4320i-ACN serial-id 210235A1GQC163000284 vlan 1 radio 1 radio enable service-template 1 radio 2 radio enable service-template 1 gigabitethernet 1 gigabitethernet 2 # wlan ap ap3-1 model WA4320i-ACN serial-id 210235A1GQC163000943 vlan 1 radio 1 radio enable service-template 1 radio 2 radio enable service-template 1 gigabitethernet 1 gigabitethernet 2 # wlan ap ap3-2 model WA4320i-ACN serial-id 210235A1GQC163000942 vlan 1 radio 1 radio enable service-template 1 radio 2 radio enable service-template 1 gigabitethernet 1 gigabitethernet 2 # wlan ap ap3-3 model WA4320i-ACN serial-id 210235A1GQC163000107 vlan 1 radio 1 radio enable service-template 1 radio 2 radio enable service-template 1 gigabitethernet 1 gigabitethernet 2 # wlan ap ap3-4 model WA4320i-ACN serial-id 210235A1GQC163000377 vlan 1 radio 1 radio enable service-template 1 radio 2 radio enable service-template 1 gigabitethernet 1 gigabitethernet 2 # wlan ap ap4-1 model WA4320i-ACN serial-id 210235A1GQC163000836 vlan 1 radio 1 radio enable service-template 1 radio 2 radio enable service-template 1 gigabitethernet 1 gigabitethernet 2 # wlan ap ap4-2 model WA4320i-ACN serial-id 210235A1GQC172001383 vlan 1 radio 1 radio enable service-template 1 radio 2 radio enable service-template 1 gigabitethernet 1 gigabitethernet 2 # wlan ap ap4-3 model WA4320i-ACN serial-id 210235A1GQC172001734 vlan 1 radio 1 radio enable service-template 1 radio 2 radio enable service-template 1 gigabitethernet 1 gigabitethernet 2 # wlan ap ap5-1 model WA4320i-ACN serial-id 210235A1GQC172001457 vlan 1 radio 1 radio enable service-template 1 radio 2 radio enable service-template 1 gigabitethernet 1 gigabitethernet 2 # return
# sysname TZ-HD-CORE-5560 # clock timezone Lisbon add 00:00:00 clock protocol none # telnet server enable # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # dhcp enable dhcp server forbidden-ip 10.2.10.220 10.2.10.250 # lldp global enable # password-recovery enable # vlan 1 # vlan 2 to 20 # vlan 100 # vlan 999 to 1000 # stp global enable # dhcp server ip-pool vlan1 gateway-list 10.2.1.1 network 10.2.1.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 expired day 0 hour 12 static-bind ip-address 10.2.1.4 mask 255.255.255.0 hardware-address d053-49ee-81bc static-bind ip-address 10.2.1.40 mask 255.255.255.0 hardware-address 30d1-6be1-2867 # dhcp server ip-pool vlan2 gateway-list 10.2.2.1 network 10.2.2.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan3 gateway-list 10.2.3.1 network 10.2.3.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan4 gateway-list 10.2.4.1 network 10.2.4.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan5 gateway-list 10.2.5.1 network 10.2.5.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan6 gateway-list 10.2.6.1 network 10.2.6.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan7 gateway-list 10.2.7.1 network 10.2.7.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan8 gateway-list 10.2.8.1 network 10.2.8.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan9 gateway-list 10.2.9.1 network 10.2.9.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan10 gateway-list 10.2.10.1 network 10.2.10.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan11 gateway-list 10.2.11.1 network 10.2.11.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan12 gateway-list 10.2.12.1 network 10.2.12.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan13 gateway-list 10.2.13.1 network 10.2.13.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan14 gateway-list 10.2.14.1 network 10.2.14.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan15 gateway-list 10.2.15.1 network 10.2.15.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan16 gateway-list 10.2.16.1 network 10.2.16.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan17 gateway-list 10.2.17.1 network 10.2.17.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan18 gateway-list 10.2.18.1 network 10.2.18.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan19 gateway-list 10.2.19.1 network 10.2.19.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan20 gateway-list 10.2.20.1 network 10.2.20.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # interface NULL0 # interface Vlan-interface1 ip address 10.2.1.1 255.255.255.0 # interface Vlan-interface2 ip address 10.2.2.1 255.255.255.0 # interface Vlan-interface3 ip address 10.2.3.1 255.255.255.0 # interface Vlan-interface4 ip address 10.2.4.1 255.255.255.0 # interface Vlan-interface5 ip address 10.2.5.1 255.255.255.0 # interface Vlan-interface6 ip address 10.2.6.1 255.255.255.0 # interface Vlan-interface7 ip address 10.2.7.1 255.255.255.0 # interface Vlan-interface8 ip address 10.2.8.1 255.255.255.0 # interface Vlan-interface9 ip address 10.2.9.1 255.255.255.0 # interface Vlan-interface10 ip address 10.2.10.1 255.255.255.0 # interface Vlan-interface11 ip address 10.2.11.1 255.255.255.0 # interface Vlan-interface12 ip address 10.2.12.1 255.255.255.0 # interface Vlan-interface13 ip address 10.2.13.1 255.255.255.0 # interface Vlan-interface14 ip address 10.2.14.1 255.255.255.0 # interface Vlan-interface15 ip address 10.2.15.1 255.255.255.0 # interface Vlan-interface16 ip address 10.2.16.1 255.255.255.0 # interface Vlan-interface17 ip address 10.2.17.1 255.255.255.0 # interface Vlan-interface18 ip address 10.2.18.1 255.255.255.0 # interface Vlan-interface19 ip address 10.2.19.1 255.255.255.0 # interface Vlan-interface20 ip address 10.2.20.1 255.255.255.0 # interface Vlan-interface100 ip address 192.168.1.1 255.255.0.0 packet-filter 3000 inbound # interface Vlan-interface999 ip address 10.20.20.254 255.255.255.0 # interface Vlan-interface1000 ip address 10.10.10.254 255.255.255.0 packet-filter 3004 outbound # interface GigabitEthernet1/0/1 port link-mode bridge # interface GigabitEthernet1/0/2 port link-mode bridge port access vlan 2 # interface GigabitEthernet1/0/3 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/4 port link-mode bridge port access vlan 4 # interface GigabitEthernet1/0/5 port link-mode bridge port access vlan 5 # interface GigabitEthernet1/0/6 port link-mode bridge port access vlan 6 # interface GigabitEthernet1/0/7 port link-mode bridge port access vlan 7 # interface GigabitEthernet1/0/8 port link-mode bridge port access vlan 8 # interface GigabitEthernet1/0/9 port link-mode bridge port access vlan 9 # interface GigabitEthernet1/0/10 port link-mode bridge port access vlan 10 # interface GigabitEthernet1/0/11 port link-mode bridge port access vlan 11 # interface GigabitEthernet1/0/12 port link-mode bridge port access vlan 12 # interface GigabitEthernet1/0/13 port link-mode bridge port access vlan 13 # interface GigabitEthernet1/0/14 port link-mode bridge port access vlan 14 # interface GigabitEthernet1/0/15 port link-mode bridge port access vlan 15 # interface GigabitEthernet1/0/16 port link-mode bridge port access vlan 16 # interface GigabitEthernet1/0/17 port link-mode bridge port access vlan 17 # interface GigabitEthernet1/0/18 port link-mode bridge port access vlan 18 # interface GigabitEthernet1/0/19 port link-mode bridge port access vlan 19 # interface GigabitEthernet1/0/20 port link-mode bridge port access vlan 999 # interface GigabitEthernet1/0/21 port link-mode bridge port access vlan 100 combo enable copper # interface GigabitEthernet1/0/22 port link-mode bridge port access vlan 100 combo enable copper # interface GigabitEthernet1/0/23 port link-mode bridge port access vlan 100 combo enable copper # interface GigabitEthernet1/0/24 port link-mode bridge port access vlan 100 combo enable copper # interface GigabitEthernet1/0/25 port link-mode bridge combo enable copper # interface GigabitEthernet1/0/26 port link-mode bridge description con-cixi-haorun port access vlan 999 combo enable copper # interface GigabitEthernet1/0/27 port link-mode bridge combo enable copper # interface GigabitEthernet1/0/28 port link-mode bridge port access vlan 1000 combo enable copper # interface M-GigabitEthernet0/0/0 # interface M-GigabitEthernet0/0/1 # interface Ten-GigabitEthernet1/0/29 port link-mode bridge # interface Ten-GigabitEthernet1/0/30 port link-mode bridge # interface Ten-GigabitEthernet1/0/31 port link-mode bridge port access vlan 100 # interface Ten-GigabitEthernet1/0/32 port link-mode bridge port access vlan 17 # scheduler logfile size 16 # line class aux user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line vty 0 4 user-role level-15 user-role network-operator set authentication password hash $h$6$nU+AkipUP9u9B8+5$3hi6djXQS1kjEaFUj7Umk4yAZrDOgc2nQPlosh/RcZCdYwX6W+7Ll/CI3IIb5xkkEg3QDzDpo69L1hOKHJYvrg== # line vty 5 63 user-role network-operator # ip route-static 0.0.0.0 0 10.10.10.1 ip route-static 10.1.0.0 16 10.20.20.253 ip route-static 10.3.0.0 16 10.20.20.251 ip route-static 172.16.0.0 16 Vlan-interface999 10.20.20.253 # snmp-agent snmp-agent local-engineid 800063A2801CAB349776BC00000001 snmp-agent community write public snmp-agent sys-info version all snmp-agent trap enable arp snmp-agent trap enable radius # time-range a1 00:00 to 23:59 daily # acl number 3000 rule 0 deny ip source 192.168.115.155 0 rule 5 deny ip source 192.168.2.71 0 rule 10 deny ip source 192.168.24.20 0 rule 15 deny ip source 192.168.23.22 0 # acl number 3003 rule 0 permit ip destination 10.86.87.185 0 rule 5 permit ip destination 218.75.72.116 0 rule 10 permit ip destination 218.75.72.114 0 rule 15 deny ip source 10.2.1.0 0.0.0.255 rule 20 deny ip source 10.2.17.0 0.0.0.255 rule 25 deny ip source 10.2.18.0 0.0.0.255 rule 30 deny ip source 10.2.19.0 0.0.0.255 # acl number 3004 rule 0 permit ip source 10.2.1.4 0 rule 5 permit ip source 10.2.1.40 0 rule 15 deny ip source 10.2.1.0 0.0.0.255 rule 20 deny ip source 10.2.17.0 0.0.0.255 rule 25 deny ip source 10.2.18.0 0.0.0.255 rule 30 deny ip source 10.2.19.0 0.0.0.255 rule 35 deny ip source 10.2.16.0 0.0.0.255 # acl number 4000 # acl number 4001 # radius scheme system user-name-format without-domain # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$snDWQATrpWeCQrrQ$e/sG16TGFpeRMGxU47EU8dI+N7GorTPSg5wSu4rCjluvI9/TNgVNTjaY1Qm/xypSgFWbyulKXjF9ISipX336EA== service-type ftp service-type telnet http authorization-attribute user-role level-15 authorization-attribute user-role network-operator # ftp server enable # ip http enable # return
# 进入系统视图,并开启Telnet服务,默认开启。
<H3C> system-view
[H3C] telnet server enable
# 配置VTY接口认证模式为scheme模式(用户名+密码认证)。
[H3C] line vty 0 4
[H3C-ui-vty0-4] authentication-mode scheme //另两种认证模式为None(无密码)和Password(单密码)
[H3C-ui-vty0-4] user-role network-admin
[H3C-ui-vty0-4] quit
# 创建本地账号abc,密码为123456,权限级别为network-admin。
[H3C] local-user abc
[H3C-luser-abc] password simple 123456
[H3C-luser-abc] service-type telnet
[H3C-luser-abc] authorization-attribute user-role network-admin
[H3C-luser-abc] quit
# 保存配置。
[H3C] save force
风扇修改风向命令
[h3c]fan prefer-direction slot 1 port-to-power (slot后面的数字根据具体的槽位配置)
轻轻松松配置产品案例链接:
轻轻松松配交换:https://zhiliao.h3c.com/topic/huati/1246
轻轻松松配路由:https://zhiliao.h3c.com/topic/huati/1247
轻轻松松配安全:https://zhiliao.h3c.com/topic/huati/1248
轻轻松松配无线:https://zhiliao.h3c.com/topic/huati/1249
说明
vlan 2 to 20
配置一个vlan interface
只有配置了vlan interface 后,
笔记本插入核心的对应于AC的 vlan 访问口,才可以访问到
网络连接
----------
下面SW指核心交换机
加入路由
- ip route-static 0.0.0.0 0 10.3.15.1 后,可以笔记本插任意核心端口多可以访问到AC控制器 --- 这条作废
- 笔记本连SW13 口, AC与SW 8口trunk相连,只要 AC上配置 Vlan-interface13 的 ip address后就可以访问了,跟上面的ip route-static无关
- SW-AC 8口trunk , poe_sw1 连 AC 3口 ,AC3口做port access vlan 3, SW 4口连 poe_sw2
- AP1连 poe_sw1, AP2连poe_sw2 ,结果发现2个AP都能自动被发现 (需要在AC上配置一个 vlan-interface 4 的ip address)
AP的设置。
---------------------
AP区分 fat 与fit
进到AP里使用 ap-mode fit ,普通试图下面
使用核心的dhcp 服务时,看AP是否获取IP地址,可以在核心上使用下面命令
display dhcp server ip-in-use
-------------------------------
Radious服务器在外网的情况下
需呀保证在AC上能访问到 Radious服务器, 需要做 ip route-static 路由
Radius 需要在ISP的System域中把 授权的-不授权勾打上
--------------
路由规则,第一条匹配是就不会匹配第二条
在内网要ping 192.168.1.94 是需要
将 ip route-static 192.168.0.0 16 10.3.10.1 注意10.3.10.1是允许访问外网的网段101
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 如何编写易于单元测试的代码
· 10年+ .NET Coder 心语,封装的思维:从隐藏、稳定开始理解其本质意义
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 周边上新:园子的第一款马克杯温暖上架
· Open-Sora 2.0 重磅开源!
· .NET周刊【3月第1期 2025-03-02】
· 分享 3 个 .NET 开源的文件压缩处理库,助力快速实现文件压缩解压功能!
· [AI/GPT/综述] AI Agent的设计模式综述
2008-09-13 Linq学习笔记