2024年6月5日发(作者:焦蕴涵)
HPN交换机简单配置命令
1,进入配置模式、查看全局配置、退出
[HP]display-cu
[HP]quit
2,配置VLAN,命名VLAN ,配置vlan ip
[HP]vlan 10
[HP-vlan10]description XXXXXX
[HP]interface vlan10
[HP-vlan-interface10]ip address 192.168.1.0 255.255.255.0
3,接口配置access vlan
[HP]interface range g1/0/1 to g1/0/10 g1/0/18
[HP-if-range]port link-type access
[HP-if-range]port access vlan 10
*老IOS没有RANGE命令可以进入vlan配置下加接口
[HP]vlan 10
[HP-vlan10]port g1/0/1 to g1/0/10 g1/0/18
4,接口配置trunk
[HP]interface g1/0/1
[HP -GigabitEthernet1/0/1]port link-type trunk
[HP -GigabitEthernet1/0/1]port trunk permit vlan 1112022
[HP -GigabitEthernet1/0/1]port trunk permit vlan all
5,配置DHCP relay
[HP]dhcp enable
[HP]
dhcp relay server-group 1 ip 192.168.1.10
[HP]
dhcp relay server-group 1 ip 192.168.1.20
[HP]interface vlan10
[HP-vlan-interface10]
dhcp select relay
[HP-vlan-interface10]
dhcp relay server-select 1
6,配置stp
[HP]stp enable
[HP]stp mode stp/mstp/pvst/rstp
[HP]stp instance 1 root/priority 0
[HP]stp vlan 1 to 4094 root/priority 0
7,配置channel-group
[HP]int Bridge-Aggregation 1
[HP -Bridge-Aggregation1]port link-type trunk
[HP -Bridge-Aggregation1]port trunk permit vlan 1112022
[HP -Bridge-Aggregation1]
link-aggregation mode dynamic
[HP]interface g1/0/1
[HP -GigabitEthernet1/0/1]port link-type trunk
[HP -GigabitEthernet1/0/1]port trunk permit vlan 1112022
[HP -GigabitEthernet1/0/1]
port link-aggregation group 1
8,配置user,权限,以及登陆方式
[HP]
local-user 123
[HP -luser - 123]
password cipher 123
[HP -luser - 123]
authorization-attribute level 3
[HP -luser - 123]
service-type ssh telnet terminal
[HP -luser - 123]
service-type web
[HP -luser - 123]quit
[HP]
user-interface vty 0 15
[HP –ui -vty0-15]
authentication-mode scheme
9,配置静态路由
[HP]
ip route-static 0.0.0.0 0.0.0.0 192.168.1.250
10,配置ACL
[HP]
acl number 3001
[HP –acl –adv -3001]
rule 10 permit ip source 192.168.158.0 0.0.1.255
[HP –acl –adv -3001]
rule 20 deny tcp destination 192.168.156.0 0.0.1.255
destination-port eq 445
[HP –acl –adv -3001]
rule 30 deny tcp destination 192.168.156.0 0.0.1.255
destination-port eq 139
[HP –acl –adv -3001]
rule 40 permit ip
[HP]interface vlan10
[HP-vlan-interface10]
packet-filter 3001 inbound
[HP-vlan-interface10]
packet-filter 3001 outbound
11,配置端口安全
接口下:loopback-detection enable =loop graud
stp edged-port enable =portfast
stp root-protection =root graud
port-security max-mac-count 2
port-security port-mode autolearn
dhcp snooping
dhcp snooping information enable
dhcp snooping trust
12,其他命令:
ntp-service unicast-server 172.28.126.2
snmp-agent
snmp-agent community read/write proacs!ro
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 172.28.42.244 params
securityname public
info-center loghost 172.28.42.245 facility local0
sysname OKS-1A-5500
telnet server enable
ip ttl-expires enable
ip unreachables enable
13 IRF
Sw1:
irf member 1 renumber 1
irf member 1 priority 32
interface Ten-GigabitEthernet 1/1/1
shutdown
interface Ten-GigabitEthernet 1/1/2
shutdown
irf-port 1/2
port group interface Ten-GigabitEthernet 1/1/1
port group interface Ten-GigabitEthernet 1/1/2
interface Ten-GigabitEthernet 1/1/1
undo shutdown
interface Ten-GigabitEthernet 1/1/2
undo shutdown
Sw2
irf member 1 renumber 2
reboot
interface Ten-GigabitEthernet 2/1/1
shutdown
interface Ten-GigabitEthernet 2/1/2
shutdown
irf-port 2/1
port group interface Ten-GigabitEthernet 2/1/1
port group interface Ten-GigabitEthernet 2/1/2
interface Ten-GigabitEthernet 2/1/1
undo shutdown
interface Ten-GigabitEthernet 2/1/2
undo shutdown
2024年6月5日发(作者:焦蕴涵)
HPN交换机简单配置命令
1,进入配置模式、查看全局配置、退出
[HP]display-cu
[HP]quit
2,配置VLAN,命名VLAN ,配置vlan ip
[HP]vlan 10
[HP-vlan10]description XXXXXX
[HP]interface vlan10
[HP-vlan-interface10]ip address 192.168.1.0 255.255.255.0
3,接口配置access vlan
[HP]interface range g1/0/1 to g1/0/10 g1/0/18
[HP-if-range]port link-type access
[HP-if-range]port access vlan 10
*老IOS没有RANGE命令可以进入vlan配置下加接口
[HP]vlan 10
[HP-vlan10]port g1/0/1 to g1/0/10 g1/0/18
4,接口配置trunk
[HP]interface g1/0/1
[HP -GigabitEthernet1/0/1]port link-type trunk
[HP -GigabitEthernet1/0/1]port trunk permit vlan 1112022
[HP -GigabitEthernet1/0/1]port trunk permit vlan all
5,配置DHCP relay
[HP]dhcp enable
[HP]
dhcp relay server-group 1 ip 192.168.1.10
[HP]
dhcp relay server-group 1 ip 192.168.1.20
[HP]interface vlan10
[HP-vlan-interface10]
dhcp select relay
[HP-vlan-interface10]
dhcp relay server-select 1
6,配置stp
[HP]stp enable
[HP]stp mode stp/mstp/pvst/rstp
[HP]stp instance 1 root/priority 0
[HP]stp vlan 1 to 4094 root/priority 0
7,配置channel-group
[HP]int Bridge-Aggregation 1
[HP -Bridge-Aggregation1]port link-type trunk
[HP -Bridge-Aggregation1]port trunk permit vlan 1112022
[HP -Bridge-Aggregation1]
link-aggregation mode dynamic
[HP]interface g1/0/1
[HP -GigabitEthernet1/0/1]port link-type trunk
[HP -GigabitEthernet1/0/1]port trunk permit vlan 1112022
[HP -GigabitEthernet1/0/1]
port link-aggregation group 1
8,配置user,权限,以及登陆方式
[HP]
local-user 123
[HP -luser - 123]
password cipher 123
[HP -luser - 123]
authorization-attribute level 3
[HP -luser - 123]
service-type ssh telnet terminal
[HP -luser - 123]
service-type web
[HP -luser - 123]quit
[HP]
user-interface vty 0 15
[HP –ui -vty0-15]
authentication-mode scheme
9,配置静态路由
[HP]
ip route-static 0.0.0.0 0.0.0.0 192.168.1.250
10,配置ACL
[HP]
acl number 3001
[HP –acl –adv -3001]
rule 10 permit ip source 192.168.158.0 0.0.1.255
[HP –acl –adv -3001]
rule 20 deny tcp destination 192.168.156.0 0.0.1.255
destination-port eq 445
[HP –acl –adv -3001]
rule 30 deny tcp destination 192.168.156.0 0.0.1.255
destination-port eq 139
[HP –acl –adv -3001]
rule 40 permit ip
[HP]interface vlan10
[HP-vlan-interface10]
packet-filter 3001 inbound
[HP-vlan-interface10]
packet-filter 3001 outbound
11,配置端口安全
接口下:loopback-detection enable =loop graud
stp edged-port enable =portfast
stp root-protection =root graud
port-security max-mac-count 2
port-security port-mode autolearn
dhcp snooping
dhcp snooping information enable
dhcp snooping trust
12,其他命令:
ntp-service unicast-server 172.28.126.2
snmp-agent
snmp-agent community read/write proacs!ro
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 172.28.42.244 params
securityname public
info-center loghost 172.28.42.245 facility local0
sysname OKS-1A-5500
telnet server enable
ip ttl-expires enable
ip unreachables enable
13 IRF
Sw1:
irf member 1 renumber 1
irf member 1 priority 32
interface Ten-GigabitEthernet 1/1/1
shutdown
interface Ten-GigabitEthernet 1/1/2
shutdown
irf-port 1/2
port group interface Ten-GigabitEthernet 1/1/1
port group interface Ten-GigabitEthernet 1/1/2
interface Ten-GigabitEthernet 1/1/1
undo shutdown
interface Ten-GigabitEthernet 1/1/2
undo shutdown
Sw2
irf member 1 renumber 2
reboot
interface Ten-GigabitEthernet 2/1/1
shutdown
interface Ten-GigabitEthernet 2/1/2
shutdown
irf-port 2/1
port group interface Ten-GigabitEthernet 2/1/1
port group interface Ten-GigabitEthernet 2/1/2
interface Ten-GigabitEthernet 2/1/1
undo shutdown
interface Ten-GigabitEthernet 2/1/2
undo shutdown