- 积分
- 393
- 下载分
- 分
- 威望
- 点
- 原创币
- 点
- 下载
- 次
- 上传
- 次
- 注册时间
- 2019-3-25
- 精华
|
马上注册,获取阅读精华内容及下载权限
您需要 登录 才可以下载或查看,没有帐号?注册
x
不知不觉维护一家企业的网络一年多了,学到些东西,想着和论坛的大家分享互相学习一下,当然论坛上大神多,我这些也比较基础,大佬自觉无视就可,好了废话不多说下面开始:
这里以华三的s3100为例
<H3C>system-view 进入系统视图
1.更改交换机名称
[H3C]sysname 名字
2.设置console口暗文输入密码
[H3C] user-interface aux 0
[H3C-ui-aux0]authentication-mode password
[H3C-ui-aux0]set authentication password cipher密码
[H3C-ui-aux0]user privilege level 3
[H3C-ui-aux0]qu
3.设置本地用户和暗文密码
[H3C]local-user 用户名
[H3C-luser-用户名]password cipher密码
[H3C-luser-用户名]authorization-attribute level 3
[H3C-luser-用户名]service-type telnet ssh
[H3C-luser-用户名]qu
4.配置Telnet登录
[H3C]user-interface vty 0 4
[H3C-ui-vty0-4]authentication-mode scheme
[H3C-ui-vty0-4]idle-timeout 20 0
5.配置SSH登录(password认证)
[H3C]public-key local create rsa
[H3C]public-key local create dsa
[H3C]ssh server enable
[H3C]ssh server authentication-retries 5
[H3C]ssh user 用户名 service-type stelnet authentication-type password
[H3C]user-interface vty 0 4
[H3C-ui-vty0-4]authentication-mode scheme
[H3C-ui-vty0-4]protocol inbound ssh
6.设置管理地址为192.168.0.3
[H3C]undo interface vlan-interface 1
[H3C]undo management-vlan
[H3C]vlan 100
[H3C-vlan100]qu
[H3C]interface vlan-interface 100
[H3C-Vlan-interface100]ip address 192.168.0.3 255.255.255.0
7.设置端口模式并将端口加入vlan
[H3C]port-group manual 1
[H3C-port-group-manual-1]group-member e1/0/1 to e1/0/16
[H3C-port-group-manual-1]port link-type access
[H3C-port-group-manual-1]port access vlan 100
[H3C-port-group-manual-1]qu
[H3C]port-group manual 2
[H3C-port-group-manual-2]group-member g1/0/17 to g1/0/18
[H3C-port-group-manual-2]port link-type trunk
[H3C-port-group-manual-2]port trunk permit vlan all
[H3C-port-group-manual-2]qu
8.配置SNMP网管用户名managev3user认证算法SHA-1认证密码123456TESTauth&!加密算法为AES加密密码123456TESTencr&!
[H3C] snmp-agent sys-info version v3
[H3C] snmp-agent mib-view included mibtest 1.3.6.1
[H3C] snmp-agent group v3 managev3group privacy read-view mibtest write-view mibtest notify-view mibtest
[H3C] snmp-agent usm-user v3 managev3user managev3group simple authentication-mode sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!
[H3C] snmp-agent trap enable
[H3C] snmp-agent target-host trap address udp-domain 192.168.1.4 params securityname managev3user v3 privacy
9.配置ACL只允许192.168.0.5连接
[H3C-acl-basic-2000] rule 1 permit source 192.168.0.5 0
[H3C-acl-basic-2000] rule 200 deny source any
[H3C-acl-basic-2000] qu
10.配置静态路由
[H3C] ip route-static 0.0.0.0 0.0.0.0 路由IP
11.端口绑定
[H3C] int e1/0/1
[H3C-Ethernet1/0/1] am user-bind mac-addr 0001-0002-0003 ip-addr 192.168.0.8
解绑命令:undoam user-bind mac-addr 0001-0002-0003 ip-addr 192.168.0.8
最后save一下,ok,下次有机会再来说说三层交换机。
|
评分
-
查看全部评分
|