H3C交换机全场景命令手册(企业级实战版)

Lear 2025-06-07 10:00:00
Categories: > > Tags:

H3C交换机全场景命令手册(企业级实战版)

一、基础系统配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# 进入系统视图
 system-view
# 查看系统版本
 display version
 display device manuinfo

   # 配置管理VLAN(Web登录基础)
 vlan 99
 description Management_VLAN
 quit
 interface Vlan-interface99
  ip address 10.1.99.254 255.255.255.0
  quit

   # 配置Telnet远程管理(密码+用户名)
 line vty 0 4
  authentication-mode scheme
 user-role network-admin
 quit
 local-user admin
   password simple P@ssw0rd123
  service-type telnet
  authorization-attribute user-role network-admin
  quit

二、VLAN全流程配置

2.1 基础VLAN划分

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# 批量创建VLAN
 vlan batch 10 20 30 to 40

# 配置Access端口
 interface GigabitEthernet1/0/5
  port link-mode bridge
  port access vlan 10
  broadcast-suppression 20% # 抑制广播风暴   

# 配置Trunk端口(允许多VLAN)
 interface GigabitEthernet1/0/24
  port link-type trunk
  port trunk permit vlan 10 20
  port trunk pvid vlan 10

2.2 基于协议的VLAN(语音流量分离)

1
2
3
4
5
6
vlan 100
protocol-vlan ipv4 # 匹配IPv4协议
interface GigabitEthernet1/0/10
 port link-type hybrid
 port hybrid vlan 100 tagged
 port hybrid protocol-vlan vlan 100 1 # 优先级映射

三、IRF堆叠配置(核心功能)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# 配置物理堆叠端口
 interface range Ten-GigabitEthernet1/0/49 to Ten-GigabitEthernet1/0/50
  shutdown # 先关闭端口
  port link-mode route # 切换为路由模式(物理连接)
  quit

   # 启用IRF模式
 irf member 1 priority 120 # 主设备优先级
 irf-port 1/1
  port group interface Ten-GigabitEthernet1/0/49
  port group interface Ten-GigabitEthernet1/0/50
  quit
 save force # 强制保存配置
 reboot # 重启生效

四、安全防护命令集

4.1 端口安全

1
2
3
4
5
# MAC地址绑定
 interface GigabitEthernet1/0/8
  port-security enable
  port-security mac-address sticky 0001-0203-0405
  port-security max-mac-count 3 # 最大学习数量

4.2 DHCP Snooping

1
2
3
4
5
dhcp snooping enable
vlan 10
 dhcp snooping enable
interface GigabitEthernet1/0/5
 dhcp snooping trust # 指定信任端口

4.3 防ARP欺骗

1
2
arp detection enable
arp detection trust interface GigabitEthernet1/0/24 # 指定信任上行口

五、路由协议配置

5.1 静态路由

1
ip route-static 0.0.0.0 0 192.168.100.1 preference 60

5.2 OSPF动态路由

1
2
3
4
ospf 1 router-id 1.1.1.1
 area 0
 network 10.1.0.0 0.0.255.255
 network 192.168.1.0 0.0.0.255

5.3 VLAN间路由(SVI配置)

1
2
3
4
interface Vlan-interface10
 ip address 10.1.10.254 255.255.255.0
interface Vlan-interface20
 ip address 10.1.20.254 255.255.255.0

**

六、QoS流量控制

6.1 限速策略

1
2
3
4
5
6
7
8
traffic classifier video operator and
 if-match dscp ef # 匹配视频流量
traffic behavior video
 car cir 20000 cbs 375000 # 承诺速率20Mbps
qos policy Video_Policy
 classifier video behavior video
interface GigabitEthernet1/0/18
 qos apply policy Video_Policy inbound

6.2 优先级标记

1
2
3
4
traffic classifier VOIP
 if-match dscp 46
traffic behavior VOIP
 remark dot1p 5 # 标记802.1p优先级

七、高级排错命令

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
 # 实时流量监控
 display interface GigabitEthernet1/0/24 # 查看带宽利用率

# MAC地址追踪
 display mac-address | include 5489.98c3.5d6a # 定位终端位置

# 环回检测(解决网络风暴)
 loopback-detection enable
 loopback-detection interval-time 30 # 30秒检测周期

# 抓包分析(镜像端口)
 mirroring-group 1 remote-source
 mirroring-group 1 remote-probe vlan 100
 interface GigabitEthernet1/0/1
  mirroring-group 1 monitor-port # 镜像到1号端口

八、配置文件管理

1
2
3
4
5
6
7
 # 备份配置到FTP服务器
 ftp 10.1.99.100
  put flash:/config.cfg /backup/h3c_switch.cfg

# 恢复出厂设置(慎用!)
 reset save-configuration
 reboot

华为交换机实战命令大全(附应用场景)
Ollama 常见命令速览:本地大模型管理指南