H3C
基礎配置
配置管理地址
int vlan 1
ip add 192.168.1.10 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
#默認路由
二層鏈路聚合
interface Bridge-Aggregation 1
port access vlan 10
#創建聚合口,劃入vlan
int g 1/0/1
port link-aggregation group 1
int g 1/0/2
port link-aggregation g 1
配置權限管理
local-user admin
password simple *****
#s5311設備配置密碼
service-type terminal ssh telnet
#授權訪問的服務
authorization-attribute user-role level-15
#根據實際設備配置最高級別,測試用戶登錄接口下是否有操作權限
user-interface vty 0 4
#line vty 0 4
authentication-mode scheme
protocol inbound telnet
#虛接口配置認證方式
telnet server enable
#開啓遠程服務
開啓snmp網絡管理協議
snmp-agent
snmp-agent community read public
snmp-agent sys-info version v2c
開啓路由追蹤
Ip ttl en
Ip un en
鏡像端口
mirroring-group 1 local
#創建本地鏡像組1
mirroring-group 1 mirroring-port gigabitethernet 1/0/1 gigabitethernet 1/0/2 both
#鏡像端口
mirroring-group 1 monitor-port gigabitethernet 1/0/13
#觀察端口
物理狀態
光模塊檢測與接口雙工速率模式
display transceiver interface t 1/0/28
Transfer Distance(km): 10(SMF) Ordering Name: SFP-GE-LX-SM1310-D 10 公里單模
RX接收正常範圍 - 20 與 - 3 之間
TX發送正常範圍 - 9 與 - 3 之間
收到光接口 up,沒收到光 down
接口雙工速率模式
speed 1000
duplex full
華爲
S5700 ACL
acl number 3000
description Deny Access to Servers
rule 1 deny tcp source 192.168.11.0 0.0.0.255 destination 192.168.10.0 0.0.0.255 destination-port eq 22
rule 2 deny tcp source 192.168.110.0 0.0.0.255 destination 192.168.10.0 0.0.0.255 destination-port eq 22
rule 3 deny tcp source 192.168.11.0 0.0.0.255 destination 192.168.10.0 0.0.0.255 destination-port eq 3389
rule 4 deny tcp source 192.168.110.0 0.0.0.255 destination 192.168.10.0 0.0.0.255 destination-port eq 3389
#限制業務部有線無線訪問服務器遠程端口
#
traffic classifier 3000 operator and
if-match acl 3000
#
traffic behavior 3000
deny
#
traffic policy 3000
classifier 3000 behavior 3000
#
interface GigabitEthernet0/0/48
description TO 192.168.10.254 ER5200 (上聯進口 & ACL策略調用)
traffic-policy 3000 inbound