关于华为交换机的一些配置笔记

清除交换机某接口配置,命令执行后接口状态默认为shutdown

1
2
interface gig 0/0/7
clear config this

关闭密码历史

1
2
3
4
<HUAWEI> syatem-view
[HUAWEI] aaa
[HUAWEI-aaa] local-aaa-user password policy administrator
[HUAWEI-aaa-lupp-admin] password history record number 0

新型号、新批次设备开启telnet功能

protocal inbound all

ACL防止永恒之蓝防止勒索病毒

H3C 7506 V5

1
2
3
4
5
6
7
8
9
10
11
12
13
acl advanced 3998
rule 0 deny tcp destination-port eq 135
rule 5 deny tcp destination-port eq 137
rule 10 deny tcp destination-port eq 138
rule 15 deny tcp destination-port eq 139
rule 20 deny tcp destination-port eq 445
rule 25 permit ip

interface Vlan-interface1
ip address 10.239.23.254 255.255.255.0
ip address 10.239.18.254 255.255.255.0 sub
packet-filter 3998 inbound
packet-filter 3998 outbound

H3c Sr6602

1
2
3
4
5
6
7
8
9
10
11
12
13
14
acl number 3998
rule 0 deny tcp destination-port eq 135
rule 5 deny tcp destination-port eq 137
rule 10 deny tcp destination-port eq 138
rule 15 deny tcp destination-port eq 139
rule 20 deny tcp destination-port eq 445
rule 25 permit ip

interface GigabitEthernet3/2/5
port link-mode route
description to_shizhengfu_yidong
firewall packet-filter 3998 inbound
firewall packet-filter 3998 outbound
ip address 10.237.254.70 255.255.255.252

关闭telnet设备后每次都要改密码

在aaa模式中把其undo掉就可以了

1
2
3
4
5
6
7
8
9
10
display local-aaa-user password policy access-user 
Password control : Disable
Password history : Disable (history records:5)

display local-aaa-user password policy administrator
Password control : Enable
Password expiration : Enable (0 days)
Password history : Enable (history records:5)
Password alert before expiration : 30 days
Password alert original : Enable

清除S9306密码

1、重启交换机,ctrl+B进入bootrom菜单后,按CTRL+Z进入隐含菜单;
2、选择8-Rename file in CFCard,把9300默认配置文件vrpcfg.zip改为其他名称,例如为vrptest;
3、重启后进入较交换机,此时交换机为出厂的默认配置;
**4、把改名后的文件vrptest解压缩为vrpcfg.bat

1
<Quidway>unzip vrptest vrpcfg.bat

5、执行execute命令,把原有的配置调用出来,在此基础上可把console的密码去掉。

1
2
3
4
5
6
<Quidway>sys 
Enter system view, return user view with Ctrl+Z.
[Quidway]exec
[Quidway]execute vrpcfg.bat
[Quidway]user-inter console 0
[Quidway-ui-console0]undo auth

6、保存配置为vrpcfg.zip

1
2
3
4
<Quidway>save
The current configuration will be written to the device. Continue? [Y/N]:y
Info: Please input the file name(*.cfg,*.zip)[vrpcfg.zip]:
Jun 25 2010 11:41:59 Quidway %%01CFM/4/SAVE(l): The user chose Y when deciding whether to save the configuration to the device. vrpcfg.zip --这里要输入正确的9300默认配置文件名称vrpcfg.zip

7、重启交换机后,console密码被删除,同时原有的业务配置不丢失。

交换机Vlan转换

S9306 Vlan转换

1
2
3
[PE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[PE1-GigabitEthernet1/0/1] port vlan-mapping vlan 6 map-vlan 10
----port vlan-mapping vlan 源vlan map-vlan 转换为的vlan

S5700盒式交换机略有不同需要先进入到接口中使能vlan转换之后命令同上

1
qinq vlan-translation enable

S9306配置端口镜像

交换机支持多对一的镜像,即将多个端口的报文复制到一个观察端口上。
S9300支持跨版镜像,观察窗口可以配置8个,同一块单板下行只能镜像到同一个观察端口

1
2
3
4
5
首先配置观察端口:
[Quidway] observe-port 1 interface gigabitethernet1/0/31
然后配置端口镜像:
[Quidway] interface gigabitethernet 1/0/0
[Quidway-GigabitEthernet1/0/0] port-mirroring to observe-port 1 inbound

查看光模块光功率信息

要求光模块拥有DDM功能才能查看到光功率,走着不显示光功率

1
display transceiver interface GigabitEthernet 4/0/47 verbose