华三核心三层

H3C S5560S-28P-SI-6113 （只读管理建议使用web） mac : 307b-acc4-4070

在线命令查看

选型参考

192.168.*.[20-220] IP常规使用

管理后建议不适用vlan1

查看版本和运行时间

display version

改名

sysname  5560

关闭 提示信息

undo info-center enable

流量

display counters rate inbound interface 
display counters rate outbound interface

普通模式下

重置配置

reset saved-configuration
reboot

恢复出厂配置

restore factory-default

二层相关

回环检查

loopback-detection global enable vlan all
dis loopback-detection

arp统计

display arp detection statistics attack-source

批量设置

interface range GigabitEthernet 1/0/1 to GigabitEthernet 1/0/10
 
loopback-detection enable vlan all        #开启端口环路检测功能
loopback-detection action block       #组操作

拓扑变化

dis stp history 

stp状态

查看阻断情况

dis stp br

看日志

display log

dns设置

dns 代理proxy

display dns server

dns server 192.168.0.121

dns resolve
dns proxy enable

ospf

互相同步路由表，存入数据库

查看

ip ttl-expires enable 
ip unreachables enable

链路

display router id
dis ospf peer

状态都必须full状态才正常

路由

display ospf lsdb router

display ip routing-table protocol ospf
dis ospf routing 
 

详情

dis ospf 1

配置

dis ospf verbose

router id 200.190.22.8
ospf 1  
default-route-advertise always  #下发默认路由
area 0
network 10.1.0.0   0.0.0.255
network 10.1.2.0   0.0.0.255

端口模式ospf

int g0/0/0
ospf 1 router 1.1.1.1
network 10.1.12.1 0.0.0.0

启用

ospf enable 1 area 0

重启

reset ospf process  

删除

undo ospf 1

地址漂移

display mac-address mac-move

广播限流

 broadcast-suppression  50

dis stp history

配置vlan

vlan 2
vlan 10 to 28
vlan 34
vlan 100
vlan 87 to 88
vlan 200 to 201

混合口

端口1,3

port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2 11 to 26 34 87 to 88 100 200 to 201 untagged
port hybrid pvid vlan 11

直通口

端口2,4

port link-type trunk
port trunk permit vlan 2 to 99
port trunk pvid vlan 2 

mac vlan

mac-vlan mac-address b83a-080e-f650 vlan 2

删除mac记录

undo mac-address 4cbd-8f79-1b84 vlan 34

配置IP地址

查看ip

display vlan

display ip interface  brief

查看本机mac

display stp
dis int gi 1/0/1   每个接口都有mac

cpu使用率

dis cpu-usage

三层相关

设置ip

interface vlan-interface 1
ip address 192.168.11.205 255.255.255.0

配置默认路由

ip route-static 0.0.0.0  0  192.168.11.1

路由表

dis ip routing-table

路由协议

display ip routing-table protocol rip

删除arp记录

undo arp 192.168.88.7

设置常用服务

发现协议lldp

lldp global enable



display lldp neighbor-information   #显示附近的设备

dis lldp nei list 

telnet 开启

telnet server enable

查看接口状况

display interface brief

修改接口备注

interface GigabitEthernet1/0/24
description upload

统计信息

display interface brief

端口加入vlan

vlan 2
port GigabitEthernet 1/0/2

开启web

ip http enable
ip https enable

local-user admin

password simple admin

service-type http https

开启telnet

telnet server enable

local-user admin 
service-type telnet  

authorization-attribute user-role level-15 

user-interface vty 0 4
authentication-mode scheme  

trunk回环冲突

1(default), 11-28, 34, 87-88, 100, 200-201,

vlan 2 问题 与 默认pvid 冲突

端口类型参考

端口纯trunk

也不行 要在允许的vlan中取消当前vlan

 port link-type trunk
 port trunk pvid vlan 2 
 port trunk permit vlan 3 to 1024
 poe enable

对端

#
interface GigabitEthernet0/0/4
 description updown
 port link-type trunk
 port trunk pvid vlan 2
 port trunk allow-pass vlan 3 to 4094
 ntdp enable
 ndp enable
 bpdu enable
#

开启dhcp

配置一个IP池

dhcp server ip-pool loopv24 
network 192.168.24.0 mask 255.255.255.0
gateway-list 192.168.24.1
address range 192.168.24.25 192.168.24.250
expired day 0 hour 10 minute 0 second 0
dns-list 8.8.8.8
 

dhcp enable

认证

display radius    scheme

Portal ++

支持bs结构

display portal server

openPortal

梳理冗余配置

mac 状态为Incomplete很有可能属于不符合vlan的ip段

无法访问的排除

配置 26vlan的ip 插在到 34vlan的接口上 没有做mac-vlan ,导致交换机也无法访问。mac列表一定要找到对应的ip

192.168.6.153 
192.168.6.128

192.168.14.14
192.168.88.52
192.168.88.28
192.168.24.10
192.168.6.46

sflow流分析

display sflow

sflow collector 2 ip (NetFlow Server IP) port 9996
sflow agent ip (Device IP)

interface gigabitethernet 1/0/2
 sflow flow collector 2
 sflow counter collector 2
 sflow counter interval 30

5560x

策略路由（PBR）

v5

display acl all

dis traffic classifier user-defined 
dis traffic behavior user-defined 
display qos policy interface

将分类与行为叠加形成策略

classifier tc-telecom
behavior tb-telecom

v7

display ip policy-based-route
display acl 3000

匹配的流量

display ip policy-based-route interface Vlan-interface20

display ip routing-table 192.168.20.174

关键next-hop

# 高级ack
acl advanced 3000   
 rule 5 permit ip source 192.168.20.174 0 destination any
# 创建策略路由
policy-based-route pbr-telecom permit node 10  
 if-match acl 3000                         
 apply next-hop 192.168.4.1    
# 应用策略路由 到vlan
interface Vlan-interface50
 ip policy-based-route pbr-telecom