version 5.20, Release 1207sysname dunan-s5500 设备重命名super password level 3 simple abcd123456 设置串口连接密码 domain default enable system说明性文字telnet server enable telnet服务开启loopback-detection enable 环回口连接开启注释VLAN连接区域vlan 1description fileserver vlan 2description firewallvlan 10description erp+sql+other vlan 20description caiwu vlan 30description waimaovlan 40description bigofficevlan 50description jishubuvlan 60description erchejianvlan 70description huayivlan 80description zongcaivlan 90description webservlan 130description wlanradius scheme systemdomain system 说明性文字access-limit disablestate activeidle-cut disableself-service-url disable将ACL规则定义策略和行为这里和3600是不同的，分为三部traffic classifier c_vlan operator and if-match acl 3000traffic classifier a_vlan operator and if-match acl 3001traffic behavior d_vlanfilter denytraffic behavior b_vlanfilter denyqos policy p_vlanclassifier c_vlan behavior b_vlanqos policy t_vlanclassifier a_vlan behavior d_vlan设置web访问用户和密码并定义权限为最高local-user h3cpassword simple dafmservice-type telnetlevel 3建立高级访问控制列表并建立子规则acl number 3000rule 0 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.90.0 0.0.0.255 rule 1 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.90.0 0.0.0.255 rule 2 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule 3 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule 4 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule 5 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.50.0 0.0.0.255 rule 6 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 rule 7 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 rule 8 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.80.0 0.0.0.255 rule 9 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.80.0 0.0.0.255 rule 10 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 rule 11 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 rule 12 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule 13 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule 14 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule 15 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule 16 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.130.0 0.0.0.255 rule 17 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule 18 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule 19 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.50.0 0.0.0.255 rule 20 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 rule 21 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 rule 22 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.90.0 0.0.0.255 rule 23 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.130.0 0.0.0.255 acl number 3001rule 0 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 rule 1 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.10.0 0.0.0.255 rule 2 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule 3 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule 4 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule 5 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 rule 6 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 rule 7 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.80.0 0.0.0.255 rule 8 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.130.0 0.0.0.255 配置VLAN网关，实际为设置vlan 间路由interface NULL0interface Vlan-interface 1ip address 192.168.1.1 255.255.255.0interface Vlan-interface 2ip address 192.168.2.2 255.255.255.0interface Vlan-interface 10ip address 192.168.10.1 255.255.255.0interface Vlan-interface 20ip address 192.168.20.1 255.255.255.0interface Vlan-interface 30ip address 192.168.30.1 255.255.255.0interface Vlan-interface 40ip address 192.168.40.1 255.255.255.0interface Vlan-interface 50ip address 192.168.50.1 255.255.255.0interface Vlan-interface 60ip address 192.168.60.1 255.255.255.0interface Vlan-interface 70ip address 192.168.70.1 255.255.255.0interface Vlan-interface 80ip address 192.168.80.1 255.255.255.0interface Vlan-interface 90ip address 192.168.90.1 255.255.255.0interface Vlan-interface 30ip address 192.168.130.1 255.255.255.0将接口划入vlaninterface GigabitEthernet1/0/1port access vlan 10interface GigabitEthernet1/0/2port access vlan 10interface GigabitEthernet1/0/3port access vlan 10interface GigabitEthernet1/0/4port access vlan 90定义策略到接口qos apply policy t_vlan inboundinterface GigabitEthernet1/0/5 port access vlan 20 interface GigabitEthernet1/0/6 port access vlan 20 interface GigabitEthernet1/0/7 port access vlan 30 interface GigabitEthernet1/0/8 port access vlan 30 interface GigabitEthernet1/0/9 port access vlan 40 interface GigabitEthernet1/0/10 port access vlan 40 interface GigabitEthernet1/0/11 port access vlan 50 定义策略到接口qos apply policy p_vlan inboundinterface GigabitEthernet1/0/12 port access vlan 50定义策略到接口qos apply policy p_vlan inboundinterface GigabitEthernet1/0/13 port access vlan 60 interface GigabitEthernet1/0/14 port access vlan 60 interface GigabitEthernet1/0/15 port access vlan 70 interface GigabitEthernet1/0/16 port access vlan 70 interface GigabitEthernet1/0/17 port access vlan 80定义策略到接口qos apply policy p_vlan inboundinterface GigabitEthernet1/0/18 port access vlan 80定义策略到接口qos apply policy p_vlan inboundinterface GigabitEthernet1/0/19 port access vlan 130定义策略到接口qos apply policy p_vlan inboundinterface GigabitEthernet1/0/20 port access vlan 130定义策略到接口qos apply policy p_vlan inboundinterface GigabitEthernet1/0/21 duplex full flow-control interface GigabitEthernet1/0/22interface GigabitEthernet1/0/23 port access vlan 2 interface GigabitEthernet1/0/24 port access vlan 2 interface GigabitEthernet1/0/25 shutdowninterface GigabitEthernet1/0/26 shutdowninterface GigabitEthernet1/0/27 shutdowninterface GigabitEthernet1/0/28 shutdown配置到防火墙的默认路由ip route-static 0.0.0.0 0.0.0.0 192.168.2.1简单网络管理协议的描述snmp-agentsnmp-agent local-engineid 800063A20300E0FC123456 snmp-agent sys-info version v3load xml-configuration开启aux口和telnet访问的权限并设定串口访问密码user-interface aux 0authentication-mode passwordset authentication password simple abcd123456user-interface vty 0 4user privilege level 3set authentication password cipher ^BM!.M()1=%X)AG\U/NCA!!protocol inbound telnet华为路由器交换机配置命令：交换机命令[Quidway]dis curr；显示当前配置[Quidway]display interfaces；显示接口信息[Quidway]display vlanall；显示路由信息[Quidway]display version；显示版本信息[Quidway]super password；修改特权用户密码[Quidway]sysname；交换机命名[Quidway]interface ethernet0/1；进入接口视图[Quidway]interface vlanx；进入接口视图[Quidway-Vlan-interfacex]ip address 10.65.1.1 255.255.0.0；配置VLAN的IP地址[Quidway]ip route-static 0.0.0.0 0.0.0.0 10.65.1.2；静态路由＝网关[Quidway]rip；三层交换支持[Quidway]user-interface vty 0 4；进入虚拟终端[S3026-ui-vty0-4]authentication-mode password；设置口令模式[S3026-ui-vty0-4]set authentication-mode password simple222；设置口令[S3026-ui-vty0-4]user privilege level3；用户级别[Quidway]interface ethernet0/1；进入端口模式[Quidway]int e0/1；进入端口模式[Quidway-Ethernet0/1]duplex {half|full|auto}；配置端口工作状态[Quidway-Ethernet0/1]speed{10|100|auto}；配置端口工作速率[Quidway-Ethernet0/1]flow-control；配置端口流控[Quidway-Ethernet0/1]mdi{across|auto|normal}；配置端口平接扭接[Quidway-Ethernet0/1]portlink-type{trunk|access|hybrid}；设置端口工作模式[Quidway-Ethernet0/1]port access vlan3；当前端口加入到VLAN[Quidway-Ethernet0/2]port trunk permitvlan{ID|All}；设trunk允许的VLAN[Quidway-Ethernet0/3]port trunk pvid vlan3；设置trunk端口的PVID [Quidway-Ethernet0/1]undoshutdown；激活端口[Quidway-Ethernet0/1]shutdown；关闭端口[Quidway-Ethernet0/1]quit；返回 [Quidway]vlan3；创建VLAN[Quidway-vlan3]port ethernet0/1；在VLAN中增加端口[Quidway-vlan3]port e0/1；简写方式[Quidway-vlan3]port ethernet0/1 to ethernet0/4；在VLAN中增加端口[Quidway-vlan3]port e0/1 to e0/4；简写方式[Quidway]monitor-port；指定镜像端口[Quidway]port mirror；指定被镜像端口[Quidway]port mirror int_listobserving-portint_typeint_num；指定镜像和被镜像[Quidway]description string；指定VLAN描述字符[Quidway]description；删除VLAN描述字符[Quidway]display vlan[vlan_id]；查看VLAN设置[Quidway]stp{enable|disable}；设置生成树,默认关闭[Quidway]stp priority 4096；设置交换机的优先级[Quidway]stp root{primary|secondary}；设置为根或根的备份[Quidway-Ethernet0/1]stpcost200；设置交换机端口的花费[Quidway]link-aggregatione0/1toe0/4ingress|both;端口的聚合[Quidway]undolink-aggregatione0/1|all;始端口为通道号[SwitchA-vlanx]isolate-user-vlanenable；设置主vlan[SwitchA]isolate-user-vlansecondary；设置主vlan包括的子vlan[Quidway-Ethernet0/2]porthybridpvidvlan；设置vlan的pvid[Quidway-Ethernet0/2]porthybridpvid；删除vlan的pvid[Quidway-Ethernet0/2]porthybridvlanvlan_id_listuntagged；设置无标识的vlan 如果包的vlanid与PVId一致，则去掉vlan信息.默认PVID=1。