一、H3C与cisco命令对比
1、H3C与cisco路由器命令差异
| Cisco | H3C | 功能 |
|---|---|---|
| Enable | System-view | 进入特权模式 |
| Show | Display | 显示/查看 |
| Show running-config | Diplay current | 显示当前的运行配置 |
| Show version | Display version | 显示版本 |
| No | Undo | 取消(删除) |
| Exit | Quit | 退出 |
| End | Return | 退回到系统视图 |
| Router rip | Rip | 启用rip路由协议 |
| Router ospf | Ospf | 启用ospf路由协议 |
| Hostname | Sysname | 更改机器名 |
| Write | Save | 保存配置 |
| Access-list | Acl | 访问控制列表 |
| Ip dhcp | Dhcp | 设置dhcp服务器 |
| Show ip route | Display ip routing-table | 显示路由表 |
| Show ip protocol | Display ip protocol | 显示路由协议 |
| Reload | Reboot | 重启设备 |
2、H3C与cisco交换机命令差异
| Cisco | H3C | 功能 |
|---|---|---|
| Switchport mode trunk/access | Port link-type trunk/access | 配置端口工作模式 |
| Switchport access vlan id | Port access vlan id | 将端口加入vlan |
| No shutdown | Undo shutdown | 激活端口 |
| Show interface | Display interface | 显示接口 |
| Show vlan brief | Display vlan all | 显示vlan信息 |
二、H3C基础配置
1、主机名与接口配置
<H3C>system-view # 进入特权模式
System View: return to User View with Ctrl+Z.
[H3C]sysname pc1 # 设置主机名
[pc1]int g0/0 # 进入接口
[pc1-GigabitEthernet0/0]ip add 192.168.2.100 24 # 配置接口ip地址
[pc1-GigabitEthernet0/0]ip route 0.0.0.0 0.0.0.0 192.168.2.1 # 配置网关
[pc1-GigabitEthernet0/0]undo shutdown # 启用接口
[pc1-GigabitEthernet0/0]quit # 退出
2、路由器配置
1、配置端口IP
<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysname R1
[R1]int g0/0
[R1-GigabitEthernet0/0]ip add 202.202.202.2 30
[R1-GigabitEthernet0/0]no sh
[R1-GigabitEthernet0/0]int g0/1
[R1-GigabitEthernet0/1]ip add 200.200.200.2 29
[R1-GigabitEthernet0/1]un sh
[R1-GigabitEthernet0/1]int vlan 1 # 进入vlan1接口
[R1-Vlan-interface1]ip add 192.168.1.1 24 # 配置IP地址
[R1-Vlan-interface1]un sh
[R1-Vlan-interface1]quit
2、配置端口为桥接模式
[R1]int g0/2
[R1-GigabitEthernet0/2]port link-mode bridge # 指定接口为bridge模式
[R1-GigabitEthernet0/2]quit
3、配置静态路由和ospf
[R1]ip route 192.168.2.0 255.255.255.0 192.168.1.2 # 配置静态路由
[R1]ip route 192.168.3.0 255.255.255.0 192.168.1.2
[R1]ospf 1 # 进入ospf进程模式,进程ID号为110
[R1-ospf-1]area 0 # 进入area 0区域
[R1-ospf-1-area-0.0.0.0]net 202.202.202.0 0.0.0.3 # 宣告网络
[R1-ospf-1-area-0.0.0.0]net 200.200.200.0 0.0.0.7
[R1-ospf-1-area-0.0.0.0]quit
[R1-ospf-1]quit
4、查看路由表
[R1]display ip routing-table
5、NAT地址转换
[R1]acl basic 2001 # 创建普通规则2001
[R1-acl-ipv4-basic-2001]rule 0 permit source 192.168.2.0 0.0.0.255 # 允许192.168.2.0网段
[R1-acl-ipv4-basic-2001]rule 5 permit source 192.168.3.0 0.0.0.255
[R1-acl-ipv4-basic-2001]rule 10 deny # 拒绝所有
[R1-acl-ipv4-basic-2001]quit
[R1]int g0/0
[R1-GigabitEthernet0/0]nat outbound 2001 # 应用到出口
[R1-GigabitEthernet0/0]quit
[R1]int g0/1
[R1-GigabitEthernet0/1]nat outbound 2001
[R1-GigabitEthernet0/1]quit
6、查看NAT地址转换列表
[R1]display nat session verbose
7、配置策略路由
vlan3的流量要求全部从g0/1转发出去,其他流量按照策略路由策略转发
[R1]acl advanced 3000 # 高级ACL,编号范围3000-3999
[R1-acl-ipv4-adv-3000]rule 0 permit ip source 192.168.3.0 0.0.0.255 # 允许192.168.3.0网段的所有主机
[R1-acl-ipv4-adv-3000]quit
[R1]policy-based-route a1 permit node 10 # 创建名为a1的规则第一条
[R1-pbr-a1-10]if-match acl 3000 # 如果匹配到acl 3000
[R1-pbr-a1-10]apply next-hop 200.200.200.1 # 下一跳则为200.200.200.1
[R1-pbr-a2-10]quit
[R1]policy-based-route a1 permit node 20 # 创建名为a1的规则第二条,允许其他
[R1-pbr-a1-20]int vlan 1
[R1-Vlan-interface1]ip policy-based-route a1 # a1规则应用于vlan1
3、交换机配置
1、创建vlan及配合IP
<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysname SW1
[SW1]vlan 2 # 创建vlan2
[SW1-vlan2]vlan 3 # 创建vlan3
[SW1-vlan3]int vlan 1 # 进入vlan1接口
[SW1-Vlan-interface1]ip add 192.168.1.2 24
[SW1-Vlan-interface1]un sh
[SW1-Vlan-interface1]int vlan 2
[SW1-Vlan-interface2]ip add 192.168.2.1 24
[SW1-Vlan-interface2]un sh
[SW1-Vlan-interface2]int vlan 3
[SW1-Vlan-interface3]ip add 192.168.3.1 24
[SW1-Vlan-interface3]un sh
[SW1-Vlan-interface3]quit
2、配置默认路由
[SW1]ip route 0.0.0.0 0.0.0.0 192.168.1.1
3、查看vlan接口
[SW1]display vlan brief # vlan接口由g0/1成为g1/0/1
Brief information about all VLANs:
Supported Minimum VLAN ID: 1
Supported Maximum VLAN ID: 4094
Default VLAN ID: 1
VLAN ID Name Port
1 VLAN 0001 FGE1/0/53 FGE1/0/54 GE1/0/1
GE1/0/2 GE1/0/3 GE1/0/4 GE1/0/5
GE1/0/6 GE1/0/7 GE1/0/8 GE1/0/9
GE1/0/10 GE1/0/11 GE1/0/12
GE1/0/13 GE1/0/14 GE1/0/15
GE1/0/16 GE1/0/17 GE1/0/18
GE1/0/19 GE1/0/20 GE1/0/21
GE1/0/22 GE1/0/23 GE1/0/24
GE1/0/25 GE1/0/26 GE1/0/27
GE1/0/28 GE1/0/29 GE1/0/30
GE1/0/31 GE1/0/32 GE1/0/33
GE1/0/34 GE1/0/35 GE1/0/36
GE1/0/37 GE1/0/38 GE1/0/39
GE1/0/40 GE1/0/41 GE1/0/42
GE1/0/43 GE1/0/44 GE1/0/45
GE1/0/46 GE1/0/47 GE1/0/48
XGE1/0/49 XGE1/0/50 XGE1/0/51
XGE1/0/52
2 VLAN 0002
3 VLAN 0003
4、查看端口IP简要状态信息
[SW1]display ip interface brief
5、将端口加入vlan
[SW1]int g1/0/2
[SW1-GigabitEthernet1/0/2]port link-type access
[SW1-GigabitEthernet1/0/2]port access vlan 2
[SW1-GigabitEthernet1/0/2]quit
[SW1]int g1/0/3
[SW1-GigabitEthernet1/0/3]port link-type access
[SW1-GigabitEthernet1/0/3]port access vlan 3
[SW1-GigabitEthernet1/0/3]int g1/0/4
[SW1-GigabitEthernet1/0/4]port link-type access
[SW1-GigabitEthernet1/0/4]port access vlan 3
[SW1-GigabitEthernet1/0/4]quit
三、服务器配置
当外网访问内部服务器时
1、配置telnet
[server]telnet server enable # 开启telnet
[server]local-user admin # 设置admin用户
New local user added.
[server-luser-manage-admin]password simple pwd123 # 密码为pwd123
[server-luser-manage-admin]service-type telnet # 类型为telnet
[server-luser-manage-admin]authorization-attribute user-role level-15 # 身份验证为管理员级别
[server-luser-manage-admin]quit
[server]user-interface vty 0 # 同时只能一个用户登录
[server-line-vty0]authentication-mode scheme # 身份验证模式为scheme
[server-line-vty0]protocol inbound telnet # 协议入站telnet流量
[server-line-vty0]quit
2、在路由器上设置映射
[R1]int g0/1
[R1-GigabitEthernet0/1]nat server protocol tcp global 200.200.200.3 23 inside 19
2.168.3.250 23 # 内网的192.1683.250:23端口映射外部的200.200.200.3:23
[R1-GigabitEthernet0/1]quit
远程telnet登录
<pc3>telnet 200.200.200.3
Trying 200.200.200.3 ...
Press CTRL+K to abort
Connected to 200.200.200.3 ...
******************************************************************************
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
login: admin
Password:
<server>
评论区