Common H3C Switch configuration commands

 

1. User Configuration:

<H3C> system-view

[H3C] super password H3C sets the user's hierarchical password

[H3C] undo super password: Delete the user's hierarchical password

[H3C] localuser bigheap 123456 1 Web network management user settings, 1 (default) is a management user, default admin, admin

[H3C] undo localuser bigheap deletes a Web administrator

[H3C] user-interface aux 0 only supports 0

[H3C-Aux] idle-timeout 2 50 set timeout to 2 minutes 50 seconds, if it is 0, it indicates no timeout, the default is 5 minutes

[H3C-Aux] undo idle-timeout Restore Default

[H3C] user-interface vty 0 only supports 0 and 1

[H3C-vty] idle-timeout 2 50 set timeout to 2 minutes 50 seconds, if it is 0, it indicates no timeout, the default is 5 minutes

[H3C-vty] undo idle-timeout Restore Default

[H3C-vty] set authentication password 123456 set telnet password, required

[H3C-vty] undo set authentication password cancel password

[H3C] display users

[H3C] display user-interface display user interface status

 

Ii. system IP Configuration:

[H3C] vlan 20

[H3C] management-vlan 20

[H3C] interface vlan-interface 20: Create and enter the management VLAN

[H3C] undo interface vlan-interface 20 Delete management VLAN interface

[H3C-Vlan-interface20] ip address 192.168.1.2 255.255.255.0 Configuration Management VLAN Interface static ip address (default: 192.168.0.234)

[H3C-Vlan-interface20] undo ip address Delete ip address

[H3C-Vlan-interface20] ip gateway 192.168.1.1 specify the Default gateway (no gateway address by default)

[H3C-Vlan-interface20] undo ip gateway

[H3C-Vlan-interface20] shutdown close interface

[H3C-Vlan-interface20] undo shutdown Enabled

[H3C] displays information about the ip address used to manage VLAN interfaces.

[H3C] display interface vlan-interface 20

<H3C> enable ip address debugging for debugging IP

<H3C> undo debugging ip

 

Iii. DHCP Client Configuration:

[H3C-Vlan-interface20] ip address dhcp-alloc management VLAN interface get ip address through DHCP

[H3C-Vlan-interface20] undo ip address dhcp-alloc cancel

[H3C] display dhcp client information

<H3C> enable dhcp debugging for debugging DHCP-alloc

<H3C> undo debugging dhcp-alloc

 

4. Port Configuration:

[H3C] interface Ethernet0/3

[H3C-Ethernet0/3] shutdown

[H3C-Ethernet0/3] speed 100 rate, 10,100,100 0 and auto (default)

[H3C-Ethernet0/3] duplex full duplex, can be half, full and auto (default) optical ports and cannot be configured after aggregation

[H3C-Ethernet0/3] flow-control enabling flow control, disabled by default

[H3C-Ethernet0/3] broadcast-suppression 20 sets to suppress broadcast percentage to 20%, May 5, 10, 20,100, default is 100, and both multicast and unknown unicast are also affected

[H3C-Ethernet0/3] loopback internal inner ring test

[H3C-Ethernet0/3] loopback external outer ring test, needs to be inserted with self-ring header, must be full duplex or self-negotiation mode

[H3C-Ethernet0/3] port link-type trunk sets the link type to trunk, which can be access (default), trunk

[H3C-Ethernet0/3] port trunk pvid vlan 20 set 20 to the default VLAN of the trunk, default is 1

(PVID at both ends of the trunk line must be consistent)

[H3C-Ethernet0/3] port access vlan 20 Add the current access port to the specified VLAN

[H3C-Ethernet0/3] port trunk permit vlan all allows all VLANs to pass through the current trunk port and can be used multiple times

[H3C-Ethernet0/3] mdi auto sets the Ethernet port to automatic monitoring, normal (default) is a straight line, and swap SS is a cross Line

[H3C] link-aggregation Ethernet 0/1 to Ethernet 0/4 Add 1-4 ports to the aggregation group. 1 is the master port. Both ends must be configured at the same time. Port Mirroring and port isolation ports cannot be aggregated.

[H3C] undo link-aggregation Ethernet 0/1 Delete this aggregation Group

[H3C] link-aggregation mode egress: configure the port aggregation mode for Load Balancing Based on the target MAC address. Optional values: ingress, egress, and both. The default value is both.

[H3C] monitor-port Ethernet 0/2 sets this port as an Image port. You must first set an Image port. When deleting the port, you must first delete it from the Image port, and they cannot be on the same port, this port cannot be in the aggregation group. When a New Image Port is set, the port is replaced with the old one, and the image remains unchanged.

[H3C] using ing-port Ethernet 0/3 to Ethernet 0/4 both sets ports 3 and 4 as mirrored ports, and both is used to monitor received and sent packets at the same time, inbound indicates only monitoring received packets, and outbound indicates only monitoring sent packets

[H3C] display mirror

[H3C] display interface Ethernet 0/3

<H3C> reset counters clears statistics of all ports

[H3C] display link-aggregation Ethernet 0/3 display port aggregation Information

[H3C-Ethernet0/3] virtual-cable-test diagnose the circuit status of the port

 

5. VLAN configuration:

[H3C] vlan 2

[H3C] undo vlan all deletes all VLANs except the default VLAN. The default VLAN cannot be deleted.

[H3C-vlan2] port Ethernet 0/4 to Ethernet 0/7 add port 4 to port 7 to VLAN2. This command can only be used to add access ports, not to add trunk or hybrid ports

[H3C-vlan2] port-isolate enable enables port isolation in VLAN, layer-2 Forwarding is not allowed, this function is not enabled by default

[H3C-Ethernet0/4] port-isolate uplink-port vlan 2 set 4 to an isolated uplink port of VLAN2 for forwarding Layer 2 data, only one upstream port can be configured, if it is trunk, we recommend that you allow all VLANs to pass through. Isolation cannot be configured at the same time as aggregation.

[H3C] display vlan all displays details of all VLANs

S1550E supports port-based VLAN. It is implemented by creating different user-groups. A port can belong to multiple user-groups. ports that do not belong to the same user-group cannot communicate with each other, up to 50 user-groups are supported.

[H3C] user-group 20: create user-group 20. By default, only user-group 1 exists.

[H3C-UserGroup20] port Ethernet 0/4 to Ethernet 0/7 add port 4 to port 7 to VLAN20, initially in user-group 1

[H3C] display user-group 20 displays information about user-group 20

 

6. Cluster Configuration:

S2100 can only be added to a cluster as a member switch. After adding, the system name is changed to the format of "cluster name_member number. Original System name.

The plug-and-play function implements two functions: Cluster Management Protocol MAC multicast address negotiation and management VLAN negotiation.

[H3C] cluster enable cluster function, which is enabled by default

[H3C] cluster to enter the cluster View

[H3C-cluster] administrator-address H-H-H name switch H-H-H is the MAC of the command switch, adding a switch Cluster

[Switch_1.H3C-cluster] undo administrator-address exit Cluster

[H3C] display cluster information

[H3C] management-vlan 2 cluster packets can only be forwarded in the management VLAN. The same cluster must be in the same management VLAN. You must specify the management VLAN before creating the cluster.

<H3C> debugging cluster

 

VII. QoS configuration:

QoS configuration steps: Set the port priority, set the priority mode of the switch trust message, queue scheduling, Port Speed Limit

[H3C-Ethernet0/3] priority 7 set port priority to 7, default to 0

[H3C] priority-trust cos: set the priority mode of switch trust packets to cos (802.1p priority, default value), or dscp (dscp priority mode)

[H3C] queue-sched1_hq-wrr 2 4 6 8 set the queue scheduling algorithm as HQ-WRR (WRR by default) with a weight of 2, 4, 6, 8

[H3C-Ethernet0/3] line-rate inbound 29 Port inlet speed limit to 2 Mbps, 1-28, rate * 8*1024/125, That Is 64,128,192... 1.792 M; 29-127, the rate is (rate-27) * 1024, that is, 2 M, 3 M, 4 M... 100 M, Gigabit can continue to get down, 115-1024, the rate is (rate-104) * 8*112, that is, M, M, 120M... 1000 M

[H3C] display queue-scheduler display queue scheduling mode and Parameters

[H3C] display priority-trust display priority trust mode

 

8. System Management:

[H3C] mac-address blackhole H-H-H vlan 1 Add black hole MAC in VLAN1

[H3C] mac-address static H-H-H interface Ethernet 0/1 vlan 1 Add a mac for Port 1 in VLAN1

[H3C] mac-address timer aging 500 sets the aging time of the MAC address table to 500 s

[H3C] display mac-address

[H3C] display arp

[H3C] mac-address port-binding H-H-H interface Ethernet 0/1 vlan 1 Configure port Bonding

[H3C] display mac-address port-binding

[H3C] display saved-configuration

[H3C] display current-configuration

<H3C> save

[H3C] restore default restores the default factory configuration of the switch. After the switch is restored, it must be restarted to take effect.

[H3C] display version

<H3C> reboot

[H3C] display device

[H3C] sysname bigheap

[H3C] info-center enable system log function, which is enabled by default

[H3C] info-center loghost ip 192.168.0.3 outputs information to the specified log host (only UNIX or LINUX, not Windows). You must enable the log function first and disable it by default.

[H3C] info-center loghost level 8 sets the System Log level to 8. The default value is 5. level description: 1. emergencies 2. alerts 3. critical 4. errors 5. warnings 6. communications 7. informational 8. debugging

<H3C> terminal debugging enables the console to display debugging information. The default console is disabled.

<H3C> terminal logging is enabled. The console displays log information. The default console is enabled.

<H3C> enable the terminal trapping console to display alarm information. The default console is enabled.

[H3C] display info-center displays system log configuration and buffer record information

[H3C] display logbuffer displays the specified number of logs recently recorded in the log Buffer

[H3C] display trapbuffer displays the specified number of logs recently recorded in the alarm buffer.

<H3C> reset logbuffer clears log buffer Information

<H3C> reset trapbuffer clears alarm buffer Information

 

9. Network Protocol Configuration:

NDP is A Neighbor Discovery Protocol. S1550E can only enable or disable NDP and cannot be configured. The default valid retention time is 180 s, and the interval between NDP messages is 60 s.

[H3C] ndp enable is enabled by default.

[H3C-Ethernet0/3] enable ndp enabled by default

[H3C] display ndp shows NDP configuration information

[H3C] display ndp interface Ethernet 0/1 displays the neighbor information found on the specified port NDP

<H3C> debugging ndp interface Ethernet 0/1

The HABP Protocol is Authentication Bypass Protocol. The Authentication Bypass Protocol is used to filter HGMP packets on unauthorized and authenticated ports when 802.1x and HGMPv1/v2 are configured on the switch, as a result, the management device cannot manage the mounted switch. After the vswitch starts HABP, 802.1x authentication is ignored.

The HABP includes servers and clients. The server regularly sends requests, the client responds, and forwards the requests downward. The server is generally started on the management device, and the client is started on the next device, 1550E only supports clients.

[H3C] The habp enable enables the HABP feature. It is started by default, and the client mode is used by default after it is started.

<H3C> debugging habp enables the HABP debugging Function

NTDP is the neighbor Topology Discovery protocol used to collect network topology information. It works with the NDP protocol for cluster management. The S1550E configuration mainly includes enabling and disabling functions, enable and disable debugging

[H3C] ntdp enable is enabled by default

[H3C-Ethernet0/3] ntdp enable is enabled by default

<H3C> debugging ntdp

 

10. SNMP Configuration:

S1550E supports SNMPv1 and SNMPv2c. The main configurations include: Set the group name, system information, address of the target Trap host, allow or prohibit sending of traps, and prohibit the running of SNMP Agent.

[H3C] snmp-agent community read bigheap sets the bigheap group and is read-only

[H3C] snmp-agent max-size 1600 sets the maximum size of the SNMP message package that the Agent can accept/send to 1600 bytes. The default value is 1500.

[H3C] snmp-agent sys-info contact #27345 location Diqiu version v2c sets the system information, the version is v2c, and the default contact information is "R & D Hangzhou, h3C Technologies co ., ltd. ", Location:" Hangzhou China ", v2c

[H3C] The undo snmp-agent disables the running of the SNMP Agent. If any SNMP command is configured, the SNMP Agent will be restarted.

[H3C] display snmp-agent community read

[H3C] display snmp-agent sys-info contact

[H3C] display snmp-agent sys-info location

[H3C] display snmp-agent sys-info version

<H3C> debugging snmp-agent packet | process

 

11. IGMP Snooping Configuration:

IGMP Snooping is a multicast constraint mechanism running on a layer-2 switch. It is used to manage and control multicast groups. it is mainly responsible for establishing and maintaining a layer-2 MAC address table and forwarding the multicast address table sent by the vro. If IGMP Snooping is not run, the multicast packets are broadcast on the L2 network.

IGMP Snooping configurations include starting and disabling IGMP Snooping, configuring the aging time of the router port, configuring the maximum response query time, configuring the aging time of the multicast group member port, configuring the port quick exit, and debugging.

[H3C] Enable igmp snooping for IGMP-Snooping, Which is disabled by default.

[H3C] igmp-snooping router-aging-time 500: Set the router port aging time to 500 s. The default value is 105 s.

[H3C] The maximum response query time configured for igmp-snooping max-response-time 15 is 15 s. The default value is 10 s.

[H3C] igmp-snooping host-aging-time 300: Set the Group Multicast Group member port aging time to 300 s. The default value is 260 s.

[H3C-Ethernet0/3] igmp-snooping fast-leave configuration to quickly exit. If you receive the Exit message, delete the port immediately without asking

[H3C] display igmp-snooping configuration displays configuration information

[H3C] display igmp-snooping statistics display package statistics

[H3C] display igmp-snooping group vlan 2 displays information about IP multicast groups and MAC multicast groups in vlan2.

<H3C> reset igmp-snooping statistics clear statistics

<H3C> debugging igmp-snooping

 

12. system debugging:

<H3C> enable all debugging switches for debugging all. This command is a protocol debugging switch.

<H3C> terminal debugging switch. Turn on the switch. The default value is disabled.

<H3C> debugging drv mainly displays the actual content of the message, which is disabled by default.

[H3C] display debugging displays the debug Switch Status

 

13. 802.1x Configuration:

[H3C-Ethernet0/3] dot1x enable 802.1x feature, can also be used in the system view, after use global enable, can also enable the 802.1x feature of the specified port interface parameter, by default all off, to enable 802.1x, enable both global and Port

[H3C-Ethernet0/3] dot1x port-control unauthorized-force sets the work mode to forced non-authorization mode, the use mode is the same as the dot1x command, the default is auto, that is, access can pass authentication, there is also authorized-force, which is a forced authorization mode that allows users to access

[H3C-Ethernet0/3] dot1x port-method portbased set access control mode to port-based, use mode is the same as the dot1x command, the default is macbase, MAC address-based

[H3C-Ethernet0/3] dot1x max-user 10 set the maximum number of port access users is 10, the usage mode is the same as the dot1x command, the default is 128, the value range is 1-128

[H3C] dot1x authentication-method eap sets the user authentication method of 802.1x to EAP, that is, EAP relay, and sends it directly to the server using EAP packets, which must be supported by the server

[H3C-Ethernet0/3] dot1x re-authenticate enable 802.1x reauthentication to enable the switch to periodically authenticate at a certain interval, using the same mode as the dot1x command, by default all ports this feature is disabled

[H3C] dot1x timer handshake-period 20 reauth-period 7200 quiet-period 30 tx-period 20 supp-timeout 20 server-timeout 200 set the 802.1x Authentication timer, after handshake-period is successfully authenticated, the system sends a handshake request packet (equivalent to the keepalive message sending interval) in this interval. The value ranges from 1 to 1024 s. The default value is 15 s.

Reauth-period is the priority authentication timeout timer, 1-86400 s, default 3600 s.

Quiet-period indicates the silent timer of the Autheticator after the user fails to authenticate, and then processes the authenticator after the silent operation. The default value is 10-120 s. The default value is 60 s.

Tx-period is the transmission time-out timer. If Supplicant fails to send the authentication response message, the request is resent for 10-120 s. The default value is 30 s.

Supp-timeout is the authentication timeout timer. If Supplicant fails to respond, the authentication request is resent. The default value is 30 s.

Server-timeout is the timeout timer for failed server response. It is 100-300 s. The default value is 100 s.

<H3C> reset dot1x statistics clear 802.1x statistics

[H3C] display dot1x statistics displays 802.1x configuration, running status, and statistics

<H3C> debugging dot1x debug information of the 802.1x-related modules

 

14. RADIUS Configuration:

[H3C] radius scheme system enters the system scheme, and its values are the default values. 1550E only supports the default scheme.

[H3C-radius-system] primary authentication 10.110.1.1 1812 sets the RADIUS server address and UDP port number. By default, the server IP address in the system scheme is blank and the UDP port number is 1812

[H3C-radius-system] key authentication 123 indicates that the radius encryption shared key is 123, no shared key by default

[H3C-radius-system] timer 10 sets the RADIUS server response timeout timer, 1-10 s, default is 5 s

[H3C-radius-system] retry 10 sets the RADIUS server's maximum number of response retries to 10, 1-20, 5 by default

[H3C] display radius solution information

<H3C> debugging radius packet enables radius packet debugging