H3C路由器配置命令一、路由器基本配置命令1、system-view 进入系统视图模式2、sysname R1 为设备命名为R3、display ip routing-table 显示当前路由表4、language-mode Chinese|English 中英文切换5、interface Ethernet 0/0 进入以太网端口视图6、ip address 192.168.1.1 255.255.255.0 配置IP地址和子网掩码7、undo shutdown 打开以太网端口8、shutdown 关闭以太网端口9、quit 退出当前视图模式10、ip route-static 192.168.2.0 255.255.255.0 192.168.12.2 description To.R2配置静态路由11、ip route-static 0.0.0.0 0.0.0.0 192.168.12.2 description To.R2配置默认的路由基本配置案例[Quidway]display version 显示版本信息[Quidway]display current-configuration 显示当前配置[Quidway]display interfaces 显示接口信息[Quidway]display ip route 显示路由信息[Quidway]sysname aabbcc 更改主机名[Quidway]super passwrod 123456 设置口令[Quidway]interface serial0 进入接口[Quidway-serial0]ip address <ip><mask>[Quidway-serial0]undo shutdown 激活端口[Quidway]link-protocol hdlc 绑定hdlc协议[Quidway]user-interface vty 0 4[Quidway-ui-vty0-4]authentication-mode password[Quidway-ui-vty0-4]set authentication-mode password simple 2[Quidway-ui-vty0-4]user privilege level 3[Quidway-ui-vty0-4]quit[Quidway]debugging hdlc all serial0 显示所有信息[Quidway]debugging hdlc event serial0 调试事件信息[Quidway]debugging hdlc packet serial0 显示包的信息静态路由配置案例：[Quidway]ip route-static <ip><mask>{interfacenumber|nexthop}[value][reject|blackhole]例如：[Quidway]ip route-static 129.1.0.0 16 10.0.0.[Quidway]ip route-static 129.1.0.0 255.255.0.0 10.0.0.[Quidway]ip route-static 129.1.0.0 16 Serial[Quidway]ip route-static 0.0.0.0 0.0.0.0 10.0.0.动态路由配置案例（RIP）：[Quidway]rip[Quidway]rip work[Quidway]rip input[Quidway]rip output[Quidway-rip]network 1.0.0.0 ;可以all[Quidway-rip]network 2.0.0.0[Quidway-rip]peer ip-address[Quidway-rip]summary[Quidway]rip version[Quidway]rip version 2 multicast[Quidway-Ethernet0]rip split-horizon ;水平分隔动态路由配置案例（OSPF）：[Quidway]router id A.B.C.D 配置路由器的ID[Quidway]ospf enable 启动OSPF协议[Quidway-ospf]import-route direct 引入直联路由[Quidway-Serial0]ospf enable area <area_id> 配置OSPF区域标准访问列表命令格式如下：acl <acl-number> [match-order config|auto] 默认前者顺序匹配。

rule [normal|special]{permit|deny} [source source-addr source-wildcard|any] 例：[Quidway]acl 10[Quidway-acl-10]rule normal permit source 10.0.0.0 0.0.0.25[Quidway-acl-10]rule normal deny source any二、ACL配置扩展访问控制列表配置命令1.配置TCP/UDP协议的扩展访问列表：rule {normal|special}{permit|deny}{tcp|udp}source {<ipwild>|any}destination <ip wild>|any}[operate]2.配置ICMP协议的扩展访问列表：rule {normal|special}{permit|deny}icmp source {<ip wild>|any]destination {<ip wild>|any][icmp-code] [logging]扩展访问控制列表操作符的含义equal portnumber 等于greater-than portnumber 大于less-than portnumber 小于not-equal portnumber 不等range portnumber1 portnumber区间3.扩展访问控制列表案例[Quidway]acl 10[Quidway-acl-101]rule deny souce any destination any[Quidway-acl-101]rule permit icmp source any destination any icmp-type echo [Quidway-acl-101]rule permit icmp source any destination any icmp-type echo-reply[Quidway]acl 10[Quidway-acl-102]rule permit ip source 10.0.0.1 0.0.0.0 destination 202.0.0.1 0.0.0.0[Quidway-acl-102]rule deny ip source any destination any[Quidway]acl 103[Quidway-acl-103]rule permit tcp source any destination 10.0.0.1 0.0.0.0 destination-port equal ftp[Quidway-acl-103]rule permit tcp source any destination 10.0.0.2 0.0.0.0 destination-port equal www[Quidway]firewall enable[Quidway]firewall default permit|deny[Quidway]int e0[Quidway-Ethernet0]firewall packet-filter 101 inbound|outbound4. NAT的配置地址转换配置案例[Quidway]firewall enable[Quidway]firewall default permit[Quidway]acl 10[Quidway-acl-101]rule deny ip source any destination any[Quidway-acl-101]rule permit ip source 129.38.1.4 0 destination any [Quidway-acl-101]rule permit ip source 129.38.1.1 0 destination any [Quidway-acl-101]rule permit ip source 129.38.1.2 0 destination any [Quidway-acl-101]rule permit ip source 129.38.1.3 0 destination any [Quidway]acl 10[Quidway-acl-102]rule permit tcp source 202.39.2.3 0 destination202.38.160.1 0[Quidway-acl-102]rule permit tcp source any destination 202.38.160.1 0 destination-port great-than1024[Quidway-Ethernet0]firewall packet-filter 101 inbound[Quidway-Serial0]firewall packet-filter 102 inbound[Quidway]nat address-group 202.38.160.101 202.38.160.103 pool [Quidway]acl[Quidway-acl-1]rule permit source 10.110.10.0 0.0.0.25[Quidway-acl-1]rule deny source any[Quidway-acl-1]int serial 0[Quidway-Serial0]nat outbound 1 address-group pool[Quidway-Serial0]nat server global 202.38.160.101 inside 10.110.10.1 ftp tcp [Quidway-Serial0]nat server global 202.38.160.102 inside 10.110.10.2 www tcp[Quidway-Serial0]nat server global 202.38.160.102 8080 inside 10.110.10.3 www tcp[Quidway-Serial0]nat server global 202.38.160.103 inside 10.110.10.4 smtp udp5. PPP验证配置：主验方：pap|chap[Quidway]local-user u2 password {simple|cipher} aaa[Quidway]interface serial 0[Quidway-serial0]ppp authentication-mode {pap|chap}[Quidway-serial0]ppp chap user u1 //pap时，不用此句pap被验方：[Quidway]interface serial 0[Quidway-serial0]ppp pap local-user u2 password {simple|cipher} aaachap被验方：[Quidway]interface serial 0[Quidway-serial0]ppp chap user u1[Quidway-serial0]local-user u2 password {simple|cipher} aaa。