61阅读

华为交换机命令-华为三层交换机常用命令

发布时间:2017-08-05 所属栏目:华为交换机配置命令

一 : 华为三层交换机常用命令


华为三层交换机常用命令
[Quidway]discur;显示当前配置
[Quidway]displaycurrent-configuration;显示当前配置
[Quidway]displayinterfaces;显示接口信息
[Quidway]display vlanall;显示路由信息
[Quidway]displayversion;显示版本信息

[Quidway]superpassword;修改特权用户密码
[Quidway]sysname;交换机命名
[Quidway]interface ethernet0/1;进入接口视图
[Quidway]interface vlanx;进入接口视图
[Quidway-Vlan-interfacex]ip address 10.65.1.1255.255.0.0;配置VLAN的IP地址

[Quidway]ip route-static 0.0.0.0 0.0.0.010.65.1.2;静态路由=网关
[Quidway]rip;三层交换支持
[Quidway]local-user ftp

[Quidway]user-interface vty 04;进入虚拟终端
[S3026-ui-vty0-4]authentication-modepassword;设置口令模式
[S3026-ui-vty0-4]set authentication-mode password simple222 ;设置口令
[S3026-ui-vty0-4]user privilege level3;用户级别

[Quidway]interface ethernet0/1;进入端口模式
[Quidway]inte0/1;进入端口模式
[Quidway-Ethernet0/1]duplex{half|full|auto};配置端口工作状态
[Quidway-Ethernet0/1]speed{10|100|auto};配置端口工作速率
[Quidway-Ethernet0/1]flow-control;配置端口流控
[Quidway-Ethernet0/1]mdi{across|auto|normal};配置端口平接扭接
[Quidway-Ethernet0/1]port link-type{trunk|access|hybrid};设置端口工作模式
[Quidway-Ethernet0/1]port access vlan3;当前端口加入到VLAN
[Quidway-Ethernet0/2]port trunk permit vlan{ID|All};设trunk允许的VLAN
[Quidway-Ethernet0/3]port trunk pvid vlan3;设置trunk端口的PVID
[Quidway-Ethernet0/1]undoshutdown;激活端口
[Quidway-Ethernet0/1]shutdown;关闭端口
[Quidway-Ethernet0/1]quit;返回

[Quidway]vlan3;创建VLAN
[Quidway-vlan3]port ethernet0/1;在VLAN中增加端口
[Quidway-vlan3]porte0/1;简写方式
[Quidway-vlan3]port ethernet 0/1 to ethernet0/4;在VLAN中增加端口
[Quidway-vlan3]port e0/1 toe0/4;简写方式

[Quidway]monitor-port <interface_typeinterface_num>;指定镜像端口
[Quidway]port mirror <interface_typeinterface_num>;指定被镜像端口
[Quidway]port mirror int_list observing-port int_type int_num;指定镜像和被镜像

[Quidway]descriptionstring;指定VLAN描述字符
[Quidway]description;删除VLAN描述字符
[Quidway]display vlan[vlan_id];查看VLAN设置

[Quidway]stp{enable|disable};设置生成树,默认关闭
[Quidway]stp priority4096;设置交换机的优先级
[Quidway]stp root{primary|secondary};设置为根或根的备份
[Quidway-Ethernet0/1]stp cost200;设置交换机端口的花费

[Quidway]link-aggregation e0/1 to e0/4ingress|both; 端口的聚合
[Quidway]undo link-aggregatione0/1|all; 始端口为通道号

[SwitchA-vlanx]isolate-user-vlanenable;设置主vlan
[SwitchA]isolate-user-vlan <x>secondary<list>;设置主vlan包括的子vlan
[Quidway-Ethernet0/2]port hybrid pvid vlan<id>;设置vlan的pvid
[Quidway-Ethernet0/2]port hybridpvid;删除vlan的pvid
[Quidway-Ethernet0/2]port hybrid vlan vlan_id_listuntagged ;设置无标识的vlan
如果包的vlan id与PVId一致,则去掉vlan信息. 默认PVID=1。
所以设置PVID为所属vlan id, 设置可以互通的vlan为untagged.




华为2403配置SNMP
snmp-agent community write idc
snmp-agent community read enhost
snmp-agent sys-info location text
snmp-agent sys-info version all

华为设置VLAN 指定网关
[Quidway S6502]vlan 400
[Quidway S6502-vlan400]port ?
EthernetEthernet interface
GigabitEthernetGigabitEthernet interface
[Quidway S6502-vlan400]port Ethernet ?
<1-1> Slotnumber
[Quidway S6502-vlan400]port Ethernet 1/0/5
[Quidway S6502-vlan400]q

[Quidway S6502]interface ?
AuxAux interface
EthernetEthernet interface
GigabitEthernetGigabitEthernet interface
LoopBackLoopBack interface
M-EthernetMETH interface
NULLNULL interface
Vlan-interface VLANinterface

[Quidway S6502]interface v
[Quidway S6502]interface Vlan-interface 400
[Quidway S6502-Vlan-interface400]ip ad
[Quidway S6502-Vlan-interface400]ip address ?
X.X.X.X IP address

[Quidway S6502-Vlan-interface400]ip address



做端口镜像

[Quidway S6506R]mirroring-group 1 local
[Quidway S6506R]mirroring-group 1 monitor-portGigabitEthernet 6/0/2
[Quidway S6506R]mirroring-group 1 mirroring-portGigabitEthernet 6/0/41 to Giga
bitEthernet 6/0/48 both

做端口汇聚
[Quidway S6506R]link-aggregation group 1 mode manual
[Quidway S6506R]interface GigabitEthernet 6/0/41
[Quidway S6506R-GigabitEthernet6/0/41]port access vlan 168
[Quidway S6506R-GigabitEthernet6/0/41]port link-aggregation group1

[Quidway S6506R-GigabitEthernet6/0/42]port access vlan 168
[Quidway S6506R-GigabitEthernet6/0/42]port li
[Quidway S6506R-GigabitEthernet6/0/42]port link-a
[Quidway S6506R-GigabitEthernet6/0/42]port link-aggregation group1



单独划分百独口
1,进入6502指定的端口:interface ethernet 1/0/7
[Quidway S6502-Ethernet1/0/7]port access vlan 600===指定特定VLAN下某个IP


华为2403H-EI限制端口带宽
(1-28)带宽标准是64K。5*1024/64
(29-127)带宽标准是1M。(n-27)*1



关闭特定的端口:[Quidway-Ethernet0/7]shutdown
解开特定的端口:[Quidway-Ethernet0/7]undo shutdown


华为2403H-EI配置端口镜像
[Quidway] monitor-port ethernet0/2no-filt 镜像端口号

[Quidway] mirroring-port ethernet0/3 to ethernet0/5both 被镜像端口


华为3600-28P-EI不同网段划到同一VLAN方法
[H3C]interface Vlan-interface 100
[H3C-Vlan-interface100]ip address 220.181.120.97255.255.255.240
[H3C-Vlan-interface100]ip address 220.181.120.225 255.255.255.240sub


二 : 华为2403交换机开启SNMP的命令

snmp-agent
snmp-agent community read gwidc acl 2000
snmp-agent community write gwidc acl 2000
snmp-agent sys-info version all
以下是补充:
snmp-agent
snmp-agent community write gzgy@))*
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 202.98.199.206 params securityname gzgy@))* v2c
snmp-agent target-host trap address udp-domain 202.98.199.209 params securityname gzgy@))* v2c
snmp-agent target-host trap address udp-domain 202.98.199.212 params securityname gzgy@))* v2c
snmp-agent trap source Vlan-interface3901
二层就有这个功能。。。三层当然也有!!追问三层开了下面二层用开吗?snmp-agent trap source Vlan-interface3901 是什么意思
snmp-agent comminity read 是什么意思

SNMP是针对管理和监控的。如果你交换机有管理地址,就需要开啊。
snmp-agent trap source Vlan-interface3901 3901是这台交换机的管理VLAN,也就是活SNMP从VLAN3901出去。。
snmp-agent comminity read 是访问字符串,,,READ是读。也就是时候校验一串字符串,通过的话就能获得读的权限。
snmp-agent community write 这是写的字符串。。这条命令后面跟的字符就是校验字符。相当于是密码。

三 : 华为交换机常用命令23

百度搜索:61阅读,发现并分享更多精彩生活。

华为系列交换机常用命令:

dis vlan 显示vlan

name text 指定当前vlan的名称

undo name 取消

dis startup 显示启动配置文件的信息

dis user-interface 显示用户界面的相关信息

dis web users 显示web用户的相关信息。

header login 配置登陆验证是显示信息

header shell

[h3c] vlan 2

[h3c-vlan2]name test vlan

dis users 显示用户

undo header

lock 锁住当前用户界面

acl 访问控制列表 acl number inbound/outbound

[h3c]user-interface vty 0 4

[h3c-vty0-4] acl 2000 inbound

shutdown:关闭vlan接口

undo shutdown 打开vlan接口

关闭vlan1 接口

[h3c] interface vlan-interface 1

[h3c-vlan-interface] shutdown

vlan vlan-id 定义vlan

undo valn vlan-id

display ip routing-table

display ip routing-table protocol static

display ip routing-table statistics

display ip routing-table verbose 查看路由表的全部详细信息

interface vlan-interface vlan-id 进入valn

management-vlan vlan-id 定义管理vlan号

reset ip routing-table statistics protocol all 清除所有路由协议的路由信息.

display garp statistics interface GigabitEthernet 1/0/1 显示以太网端口上的garp统计信息 display voice vlan status 查看语音vlan状态

[h3c-GigabitEthernet1/0/1] broadcast-suppression 20 允许接受的最大广播流量为该端口传输能力的20%.超出部分丢弃.

[h3c-GigabitEthernet1/0/1] broadcast-suppression pps 1000 每秒允许接受的最大广播数据包为1000传输能力的20%.超出部分丢弃.

display interface GigabitEthernet1/0/1 查看端口信息

display brief interface GigabitEthernet1/0/1 查看端口简要配置信息

display loopback-detection 用来测试环路测试是否开启

display transceiver-information interface GigabitEthernet1/0/50 显示光口相关信息

duplex auto/full/half

[h3c]interface GigabitEthernet1/0/1

[h3c-GigabitEthernet1/0/1]duplux auto 设置端口双工属性为自协商

port link-type access/hybrid/trunk 默认为access

port trunk permit vlan all 将trunk扣加入所有vlan中

reset counters interface GigabitEthernet1/0/1 清楚端口的统计信息

speed auto 10/100/1000

display port-security 查看端口安全配置信息

am user-bind mac-addr 00e0-fc00-5101 ip-addr 10.153.1.2 interface GigabitEthernet1/0/1 端口ip绑定

display arp 显示arp

display am user-bind 显示端口绑定的配置信息

display mac-address 显示交换机学习到的mac地址

display stp 显示生成树状态与统计信息

[h3c-GigabitEthernet1/0/1]stp instance 0 cost 200 设置生成树实例0上路径开销为200

stp cost 设置当前端口在指定生成树实例上路径开销。instance-id 为0-16 0表cist 取值范围1-200000

<h3c> display system-guard ip-record 显示防攻击记录信息.

system-guard enable 启用系统防攻击功能

display icmp statistics icmp流量统计

display ip socket

display ip statistics

display acl all

acl number acl-number match-order auto/config

acl-number (2000-2999 是基本acl 3000-3999是高级acl为管理员预留的编号)

rule deny/permit protocal

访问控制

[h3c] acl number 3000

[h3c-acl-adv-3000]rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.255.255 destination-port eq 80 (

定义高级acl 3000,允许129.0.0/16网段的主机向202.38.160/24网段主机访问端口80) rule permit source 211.100.255.0 0.255.255.255

rule deny cos 3 souce 00de-bbef-adse ffff-ffff-fff dest 0011-4301-9912 ffff-ffff-ffff

(禁止mac地址00de-bbef-adse发送到mac地址0011-4301-9912且802.1p优先级为3的报文通过)

display qos-interface GigabitEthernet1/0/1 traffic-limit 查看端口上流量

端口速率限制

line-rate inbound/outbound target-rate

inbound:对端口接收报文进行速率限制

outbound: 对端口发送报文进行速率限制

target-rate 对报文限制速率,单位kbps 千兆口 inbound范围1-1000000 outbound范围20-1000000

undo line-rate取消限速.

[h3c]interface GigabitEthernet1/0/1

[h3c-GigabitEthernet1/0/1]line-rate outbound 128 限制出去速率为128kbps

display arp | include 77

display arp count 计算arp表的记录数

display ndp 显示交换机端口的详细配置信息。

display ntdp device-list verbose 收集设备详细信息

display lock

display users

display cpu

display memory

display fan

display device

display power

----------------------------------------

交换机命令

~~~~~~~~~~

[Quidway]dis cur ;显示当前配置

[Quidway]display current-configuration ;显示当前配置

[Quidway]display interfaces ;显示接口信息

[Quidway]display vlan all ;显示路由信息

[Quidway]display version ;显示版本信息

[Quidway]super password simple <password> ;修改特权用户密码

[Quidway]sysname <name> ;交换机命名

[Quidway]interface ethernet0/1 ;进入接口视图

[Quidway]int e0/1 ;简写方式

[Quidway]interface vlan-interface <n> ;进入接口视图

[Quidway]int vlan <n> ;简写方式,n<6

[Quidway-Vlan-interfacen]ip address 10.65.1.1 255.255.0.0 ;配置VLAN的IP地址

[Quidway]ip route-static 0.0.0.0 0.0.0.0 10.65.1.2 ;静态路由=网关

[Quidway]rip ;三层交换支持

[Quidway]local-user ftp ;建立ftp用户

[Quidway]user-interface vty 0 4 ;进入虚拟终端

[S3026-ui-vty0-4]authentication-mode password ;设置口令模式

[S3026-ui-vty0-4]set authentication-mode password simple 222 ;设置口令

[S3026-ui-vty0-4]user privilege level 3 ;用户级别

[Quidway]interface ethernet0/1 ;进入端口模式

[Quidway]int e0/1 ;进入端口模式

[Quidway-Ethernet0/1]duplex {half|full|auto} ;配置端口工作状态

[Quidway-Ethernet0/1]speed {10|100|auto} ;配置端口工作速率

[Quidway-Ethernet0/1]flow-control ;配置端口流控

[Quidway-Ethernet0/1]mdi {across|auto|normal} ;配置端口平接扭接

[Quidway-Ethernet0/1]port link-type {trunk|access|hybrid} ;设置端口工作模式

[Quidway-Ethernet0/1]port access vlan 3 ;当前端口加入到VLAN

[Quidway-Ethernet0/1]port trunk permit vlan {ID|All} ;设trunk允许的VLAN

[Quidway-Ethernet0/1]port trunk pvid vlan 3 ;设置trunk端口的PVID

[Quidway-Ethernet0/1]undo shutdown ;激活端口

[Quidway-Ethernet0/1]shutdown ;关闭端口

[Quidway-Ethernet0/1]quit ;返回

[Quidway]vlan 3 ;创建VLAN

[Quidway-vlan3]port ethernet 0/1 ;在VLAN中增加端口

[Quidway-vlan3]port e0/1 ;简写方式

[Quidway-vlan3]port ethernet 0/1 to ethernet 0/4 ;在VLAN中增加端口

[Quidway-vlan3]port e0/1 to e0/4 ;简写方式

[Quidway]monitor-port <interface> ;指定镜像端口

[Quidway]port mirror <interface> ;指定被镜像端口

[Quidway]port mirror <if_list> observing-port <ifterface> ;指定镜像和被镜像

例如:

[Quidway]port mirror e0/1 to e0/4 observing-port e0/7 ;指定镜像和被镜像

[Quidway]description string ;指定VLAN描述字符

[Quidway]description ;删除VLAN描述字符

[Quidway]display vlan [vlan_id] ;查看VLAN设置

[Quidway]stp {enable|disable} ;设置生成树,默认关闭

[Quidway]stp priority 4096 ;设置交换机的优先级

[Quidway]stp root {primary|secondary} ;设置为根或根的备份

[Quidway-Ethernet0/1]stp cost 200 ;设置交换机端口的花费

[Quidway]link-aggregation e0/1 to e0/4 ingress|both ; 端口的聚合

[Quidway]undo link-aggregation e0/1|all ; 始端口为通道号

[SwitchA-vlanx]isolate-user-vlan enable ;设置主vlan

[SwitchA]isolate-user-vlan <n> secondary <list> ;设主vlan包括的子vlan

[Quidway-Ethernet0/2]port hybrid pvid vlan <id> ;设置vlan的pvid

[Quidway-Ethernet0/2]undo port hybrid pvid ;删除vlan的pvid

[Quidway-Ethernet0/2]port hybrid vlan vlan_id_list untagged ;设置无标识的vlan 如果数据包的vlan id与PVId一致,则去掉vlan信息. 默认PVID=1。

所以设置PVID为所属vlan id, 设置可以互通的vlan为untagged。

----------------------------------------

路由器命令

~~~~~~~~~~

[Quidway]display version ;显示版本信息

[Quidway]display current-configuration ;显示当前配置

[Quidway]display interfaces ;显示接口信息

[Quidway]display ip route ;显示路由信息

[Quidway]sysname <hostname> ;更改主机名

[Quidway]super passwrod <password> ;设置口令

[Quidway]int s0/0 ;进入接口

[Quidway-serial0/0]clock rate 64000 ;设置同步时钟

[Quidway-serial0/0]ip address <ip> <mask|mask_len> ;配置端口IP地址 例:

[Quidway-serial0/0]ip address 10.65.1.1 255.255.0.0 ;或

[Quidway-serial0/0]ip address 10.65.1.1 16 ;

[Quidway-serial0/0]undo shutdown ;激活端口

[Quidway]link-protocol hdlc ;绑定hdlc协议

[Quidway]user-interface vty 0 4

[Quidway-ui-vty0-4]authentication-mode password

[Quidway-ui-vty0-4]set authentication-mode password simple 222

[Quidway-ui-vty0-4]user privilege level 3

[Quidway-ui-vty0-4]quit

[Quidway]debugging hdlc all serial0 ;显示所有信息

[Quidway]debugging hdlc event serial0 ;调试事件信息

[Quidway]debugging hdlc packet serial0 ;显示包的信息 静态路由:

[Quidway]ip route-static <ip><mask>{interface number|nexthop}[value][reject|blackhole] 例如:

[Quidway]ip route-static 129.1.0.0 16 10.0.0.2

[Quidway]ip route-static 129.1.0.0 255.255.0.0 10.0.0.2

[Quidway]ip route-static 129.1.0.0 16 Serial 2

[Quidway]ip route-static 0.0.0.0 0.0.0.0 10.0.0.2

动态路由:

[Quidway]rip ;设置动态路由

[Quidway]rip work ;设置工作允许

[Quidway]rip input ;设置入口允许

[Quidway]rip output ;设置出口允许

[Quidway-rip]network 10.0.0.0 ;设置交换路由网络

[Quidway-rip]network all ;设置与所有网络交换

[Quidway-rip]peer ip-address ;指定交换点

[Quidway-rip]summary ;路由聚合

[Quidway]rip version 1 ;设置工作在版本1

[Quidway]rip version 2 multicast ;设版本2,多播方式

[Quidway-Ethernet0/0]rip split-horizon ;水平分隔

[Quidway]router id A.B.C.D ;配置路由器的ID

[Quidway]ospf enable ;启动OSPF协议

[Quidway-ospf]import-route direct ;引入直联路由

[Quidway-Serial0/0]ospf enable area <area_id> ;配置OSPF区域 标准访问列表命令格式如下:

acl number <acl-number> [match-order config|auto] ;默认前者顺序匹配。 rule [normal|special]{permit|deny} source <s_ip> <s-wildcard|any]

例:

华为交换机常用命令23_华为交换机命令

[Quidway]acl number 2001

[Quidway-acl-basic-2001]rule normal permit source 10.0.0.0 0.0.0.255

[Quidway-acl-basic-2001]rule normal deny source any

扩展访问控制列表配置命令

配置TCP/UDP协议的扩展访问列表:

rule {normal|special}{permit|deny}{tcp|udp}source {<ip wild>|any}destination <ip wild>|any}

[operate]

配置ICMP协议的扩展访问列表:

rule {normal|special}{permit|deny}icmp source {<ip wild>|any]destination {<ip wild>|any]

[icmp-code] [logging]

扩展访问控制列表操作符的含义

equal portnumber ;等于

greater-than portnumber ;大于

less-than portnumber ;小于

not-equal portnumber ;不等

range portnumber1 portnumber2 ;区间

扩展访问控制列表举例

[Quidway]acl number 3001

[Quidway-acl-3001]rule deny souce any destination any

[Quidway-acl-3001]rule permit icmp source any destination any icmp-type echo

[Quidway-acl-3001]rule permit icmp source any destination any icmp-type echo-reply

[Quidway]acl number 3002

[Quidway-acl-3002]rule permit ip source 10.0.0.1 0.0.0.0 destination 202.0.0.1 0.0.0.0

[Quidway-acl-3002]rule deny ip source any destination any

[Quidway]acl number 103

[Quidway-acl-103]rule permit tcp source any destination 10.0.0.1 0.0.0.0 destination-port equal ftp

[Quidway-acl-103]rule permit tcp source any destination 10.0.0.2 0.0.0.0 destination-port equal www

[Quidway]firewall enable

[Quidway]firewall default permit|deny

[Quidway]int e0/0

[Quidway-Ethernet0/0]firewall packet-filter 2001 inbound|outbound

设有公网IP:202.38.160.101~202.38.160.103 ;对外访问

[Quidway]nat address-group 202.38.160.101 202.38.160.103 pool1 ;建立地址池

[Quidway]acl 2001

[Quidway-acl-basic-2001]rule permit source 10.110.10.0 0.0.0.255 ;指定允许的内部网络

[Quidway-acl-basic-2001]rule deny source any

[Quidway-acl-basic-2001]int s0/0

[Quidway-Serial0/0]nat outbound 2001 address-group pool1 ;在s0口从地址池取出IP对外访问

[Quidway-Serial0/0]nat server global 202.38.160.101 inside 10.110.10.1 ftp tcp

[Quidway-Serial0/0]nat server global 202.38.160.102 inside 10.110.10.2 www tcp

[Quidway-Serial0/0]nat server global 202.38.160.102 8080 inside 10.110.10.3 www tcp

[Quidway-Serial0/0]nat server global 202.38.160.103 inside 10.110.10.4 smtp udp

PPP设置:

[Quidway-Serial0/0]link-protocol ppp ;默认的协议

PPP验证:

主验方:pap|chap

[Quidway]local-user q2 password {simple|cipher} hello ;路由器1

[Quidway]interface s0/0

[Quidway-serial0/0]ppp authentication-mode {pap|chap}

[Quidway-serial0/0]ppp chap user q1 ;pap时,没有此句 pap被验方:

[Quidway]interface s0/0 ;路由器2

[Quidway-serial0/0]ppp pap local-user q2 password {simple|cipher} hello

chap被验方:

[Quidway]interface s0/0 ;路由器2

[Quidway-serial0/0]ppp chap user q2 ;自己路由器名

[Quidway-serial0/0]local-user q1 password {simple|cipher} hello ;对方路由器名

帧中继frame-relay (二分册6-61)

[q1]fr switching

[q1]int s0/1

[q1-Serial0/1]ip address 192.168.34.51 255.255.255.0

[q1-Serial0/1]link-protocol fr ;封装帧中继协议

[q1-Serial0/1]fr interface-type dce

[q1-Serial0/1]fr dlci 100

[q1-Serial0/1]fr inarp

[q1-Serial0/1]fr map ip 192.168.34.52 dlci 100

[q2]int s0/1

[q2-Serial0/1]ip address 192.168.34.52 255.255.255.0

[q2-Serial0/1]link-protocol fr

[q2-Serial0/1]fr interface-type dte

[q2-Serial0/1]fr dlci 100

[q2-Serial0/1]fr inarp

[q2-Serial0/1]fr map ip 192.168.34.51 dlci 100

帧中继监测

[q1]display fr lmi-info[]interface type number]

[q1]display fr map

[q1]display fr pvc-info[serial interface-number][dlci dlci-number]

[q1]display fr dlci-switch

[q1]display fr interface

[q1]reset fr inarp-info

[q1]debugging fr all[interface type number]

[q1]debugging fr arp[interface type number]

[q1]debugging fr event[interface type number]

[q1]debugging fr lmi[interface type number]

地址转换配置举例

[Quidway]firewall enable

[Quidway]firewall default permit

[Quidway]acl 2001 ;内部指定主机可以进入e0

[Quidway-acl-basic-2001]rule deny ip source any destination any

[Quidway-acl-basic-2001]rule permit ip source 129.38.1.1 0 destination any

[Quidway-acl-basic-2001]rule permit ip source 129.38.1.2 0 destination any

[Quidway-acl-basic-2001]rule permit ip source 129.38.1.3 0 destination any

[Quidway-acl-basic-2001]rule permit ip source 129.38.1.4 0 destination any

[Quidway-acl-basic-2001]quit

[Quidway]int e0/0

[Quidway-Ethernet0]firewall packet-filter 2001 inbound

[Quidway]acl 3002 ;外部特定主机和大于1024端口的数据包允许进入S0

[Quidway-acl-adv-3002]rule deny ip source any destination any

[Quidway-acl-adv-3002]rule permit tcp source 202.39.2.3 0 destination 202.38.160.1 0

[Quidway-acl-adv-3002]rule permit tcp source any destination 202.38.160.1 0 destination-port great-than

1024

[Quidway-acl-adv-3002]quit

[Quidway]int s0/0

[Quidway-Serial0/0]firewall packet-filter 102 inbound

[Quidway-Serial0/0]nat outbound 3002 interface ;是Easy ip,将acl允许的IP从本接口出时变换源地址。

内部服务器地址转换配置命令(静态nat):

nat server global <ip> [port] inside <ip> port [protocol]

[Quidway-Serial0/0]nat server global 202.38.160.1 inside 129.38.1.1 ftp tcp

[Quidway-Serial0/0]nat server global 202.38.160.1 inside 129.38.1.2 telnet tcp

[Quidway-Serial0/0]nat server global 202.38.160.1 inside 129.38.1.3 www tcp

启动ftp服务:

[Quidway]local-user ftp password {simple|cipher} aaa service-type ftp

[Quidway]ftp server enable

本文标题:华为交换机命令-华为三层交换机常用命令
本文地址: http://www.61k.com/1111085.html

61阅读| 精彩专题| 最新文章| 热门文章| 苏ICP备13036349号-1