H3c S5024P二层交换机对接S5100三层配置记录

S5100三层交换机配置:

<H3C>dis cu
#
 sysname H3C
#
radius scheme system
#
domain system
#
local-user admin
 password simple admin
 service-type telnet
 level 3
#
dhcp server ip-pool vlan91
 network 192.168.91.0 mask 255.255.255.0
 gateway-list 192.168.91.1
 dns-list 119.29.29.29 114.114.114.114
#
dhcp server ip-pool vlan92
 network 192.168.92.0 mask 255.255.255.0
 gateway-list 192.168.92.1
 dns-list 119.29.29.29 114.114.114.114
#
vlan 1
#
vlan 91 to 92                             
#                                         
vlan 100                                  
#                                         
interface Vlan-interface91                
 ip address 192.168.91.1 255.255.255.0    
#                                         
interface Vlan-interface92                
 ip address 192.168.92.1 255.255.255.0    
#                                         
interface Vlan-interface100               
 ip address 192.168.90.254 255.255.255.0  
#                                         
interface Aux1/0/0                        
#                                         
interface GigabitEthernet1/0/1            
 port access vlan 100                     
#                                         
interface GigabitEthernet1/0/2            
 port access vlan 91                      
#                                         
interface GigabitEthernet1/0/3            
 port access vlan 91                      
#                                         
interface GigabitEthernet1/0/4            
 port access vlan 91                      
#                                         
interface GigabitEthernet1/0/5            
 port access vlan 91                      
#                                         
interface GigabitEthernet1/0/6            
 port access vlan 91                      
#                                         
interface GigabitEthernet1/0/7            
 port access vlan 91                      
#                                         
interface GigabitEthernet1/0/8            
 port access vlan 92                      
#                                         
interface GigabitEthernet1/0/9            
 port access vlan 92                      
#                                         
interface GigabitEthernet1/0/10           
 port access vlan 92                      
#                                         
interface GigabitEthernet1/0/11           
 port access vlan 92                      
#                                         
interface GigabitEthernet1/0/12           
 port access vlan 92                      
#                                         
interface GigabitEthernet1/0/13           
 port access vlan 92                      
#                                         
interface GigabitEthernet1/0/14           
 port access vlan 92                      
#                                         
interface GigabitEthernet1/0/15           
 port access vlan 92                      
#                                         
interface GigabitEthernet1/0/16           
 port link-type trunk                     
 port trunk permit vlan all               
#                                         
interface GigabitEthernet1/0/17           
 shutdown                                 
 port access vlan 92                      
#                                         
interface GigabitEthernet1/0/18           
 port link-type trunk                     
 port trunk permit vlan all               
 shutdown                                 
#                                         
interface GigabitEthernet1/0/19           
 shutdown                                 
 port access vlan 92                      
#                                         
interface GigabitEthernet1/0/20           
 shutdown                                 
 port access vlan 92                      
#                                         
interface NULL0                           
#                                         
 ip route-static 0.0.0.0 0.0.0.0 192.168.90.1 preference 60
#                                         
user-interface aux 0                      
user-interface vty 0 4                    
 user privilege level 3                   
 set authentication password simple h3c001@
#                                         
return                                    
                                          

S5042P-EI二层交换机配置:

一些操作备注:
取消默认管理vlan了:输入“undo interface vlan-interface 1”以及“undo management-vlan” 
创建了vlan 100,将新建的VLAN设置成管理VLAN,在VLAN模式下,输入“management-vlan 100”
添加 Web 用户,用户级别设为 3(管理级用户)
[H3C] local-user admin(设置用户名为 admin)
[H3C-luser-admin] service-type telnet level 3
(设置级别 3)
[H3C-luser-admin] password simple h3c001@(设置
密码 h3c001)

<H3C>dis cu
#
 Product Version S5024P-EIV100R004
#
 sysname H3C
#
hardware-failure-detection board warning
#
local-user admin
 service-type telnet
 service-type web
#
radius scheme system
#
#
vlan 1
#
vlan 91 to 92
#
vlan 100
#
interface vlan-interface100
 ip address 192.168.90.253 255.255.255.0
 ip gateway 192.168.90.254
#
#
interface GigabitEthernet0/1 
 port link-type trunk
 port trunk permit vlan all
#
interface GigabitEthernet0/2 
 port access vlan 91
#
interface GigabitEthernet0/3 
 port access vlan 91
#
interface GigabitEthernet0/4 
 port access vlan 91
#
interface GigabitEthernet0/5 
 port access vlan 91
#
interface GigabitEthernet0/6 
 port access vlan 91
#
interface GigabitEthernet0/7 
 port access vlan 91
#
interface GigabitEthernet0/8 
 port access vlan 91
#
interface GigabitEthernet0/9 
 port access vlan 91
#
interface GigabitEthernet0/10
 port access vlan 91
#
interface GigabitEthernet0/11
 port access vlan 91
#
interface GigabitEthernet0/12
 port access vlan 92
#
interface GigabitEthernet0/13
 port access vlan 92
#
interface GigabitEthernet0/14
 port access vlan 92
#
interface GigabitEthernet0/15
 port access vlan 92
#
interface GigabitEthernet0/16
 port access vlan 92
#
interface GigabitEthernet0/17
 port access vlan 92
#
interface GigabitEthernet0/18
 port access vlan 92
#
interface GigabitEthernet0/19
 port access vlan 92
#
interface GigabitEthernet0/20
 port access vlan 92
#
interface GigabitEthernet0/21
 port access vlan 92
#
interface GigabitEthernet0/22
 port access vlan 92
#
interface GigabitEthernet0/23
 port access vlan 92
#
interface GigabitEthernet0/24
 port access vlan 100
#
user-interface aux 0
user-interface vty 0
user-interface vty 1
#

主防火墙华为USG2130配置:

<USG2100>dis cu
17:30:47  2020/12/16
#
sysname USG2100
#
l2tp domain suffix-separator @
#
ip df-unreachables enable
#
undo firewall ipv6 session link-state check
firewall ipv6 statistic system enable
#
dns resolve
dns server unnumbered interface Ethernet0/0/0
#
vlan batch 1
#
firewall statistic system enable
#
pki certificate access-control-policy default permit
#
dns proxy enable
#
license-server domain lic.huawei.com
#
web-manager enable                        
web-manager security enable port 8443     
undo web-manager config-guide enable      
#                                         
user-manage web-authentication security port 8888
#                                         
l2fwdfast enable                          
#                                         
interface Vlanif1                         
 ip address 192.168.90.1 255.255.255.0    
 service-manage enable                    
 service-manage http permit               
 service-manage https permit              
 service-manage ping permit               
 service-manage ssh permit                
 service-manage telnet permit             
#                                         
interface Cellular5/0/0                   
 link-protocol ppp                        
#                                         
interface Ethernet0/0/0                   
 alias WAN                                
 dhcp client enable                       
 nat enable                               
 detect ftp                               
#                                         
interface Ethernet1/0/0                   
 portswitch                               
 port link-type access                    
#                                         
interface Ethernet1/0/1                   
 portswitch                               
 port link-type access                    
#                                         
interface Ethernet1/0/2                   
 portswitch                               
 port link-type access                    
#                                         
interface Ethernet1/0/3                   
 portswitch                               
 port link-type access                    
#                                         
interface Ethernet1/0/4                   
 portswitch                               
 port link-type access                    
#                                         
interface Ethernet1/0/5                   
 portswitch                               
 port link-type access                    
#                                         
interface Ethernet1/0/6                   
 portswitch                               
 port link-type access                    
#                                         
interface Ethernet1/0/7                   
 portswitch                               
 port link-type access                    
#                                         
interface NULL0                           
#                                         
firewall zone local                       
 set priority 100                         
#                                         
firewall zone trust                       
 set priority 85                          
 detect ftp                               
 detect rtsp                              
 detect pptp                              
 add interface Ethernet1/0/0              
 add interface Ethernet1/0/1              
 add interface Ethernet1/0/2              
 add interface Ethernet1/0/3              
 add interface Ethernet1/0/4              
 add interface Ethernet1/0/5              
 add interface Ethernet1/0/6              
 add interface Ethernet1/0/7              
 add interface Vlanif1                    
#                                         
firewall zone untrust                     
 set priority 5                           
 detect ftp                               
 detect rtsp                              
 detect pptp                              
 add interface Ethernet0/0/0              
#                                         
firewall zone dmz                         
 set priority 50                          
 detect ftp                               
 detect rtsp                              
 detect pptp                              
#                                         
firewall interzone local trust            
 detect ftp                               
 detect pptp                              
 detect rtsp                              
#                                         
firewall interzone local untrust          
 detect ftp                               
 detect pptp                              
 detect rtsp                              
#                                         
firewall interzone local dmz              
 detect ftp                               
 detect pptp                              
 detect rtsp                              
#                                         
firewall interzone trust untrust          
 detect ftp                               
 detect pptp                              
 detect rtsp                              
#                                         
firewall interzone trust dmz              
 detect ftp                               
 detect pptp                              
 detect rtsp                              
#                                         
firewall interzone dmz untrust            
 detect ftp                               
 detect pptp                              
 detect rtsp                              
#                                         
#                                         
aaa                                       
 local-user admin password irreversible-cipher %@%@d+LM,~(yE1zu8DBmH)@S<`WNm0PzHCEHb$(<#pK/'^(~|f]X%@%@
 local-user admin service-type web terminal telnet
 local-user admin level 15                
 authentication-scheme default            
 #                                        
 authorization-scheme default             
 #                                        
 accounting-scheme default                
 #                                        
 domain default                           
 domain dot1x                             
 #                                        
#                                         
nqa-jitter tag-version 1                  
                                          
#                                         
ip route-static 0.0.0.0 0.0.0.0 192.168.2.254 preference 245
ip route-static 192.168.91.0 255.255.255.0 192.168.90.254
ip route-static 192.168.92.0 255.255.255.0 192.168.90.254
#                                         
banner enable                             
#                                         
user-interface con 0                      
user-interface tty 2                      
 modem both                               
user-interface vty 0 4                    
 authentication-mode aaa                  
 protocol inbound all                     
#                                         
sa                                        
#                                         
slb                                       
#                                         
cwmp                                      
#                                         
right-manager server-group                
#                                         
return                                    
                                          
接口
静态路由表
上一篇
下一篇