For a long time, friends have been leaving messages about the command configuration of Huawei, H3C, Ruijie, and Cisco switches. The configuration commands of the four switches are easy to confuse and often make mistakes in actual project configurations. Therefore, in this issue, we will introduce these four switches. For the basic configuration commands of home switches, you can look at the differences between their commands separately.
Although Cisco's switches are not as widely used as Huawei's switches, they are still used in projects. Many friends in our weak power VIP technology group have also encountered them in projects.
In this issue, we will take a detailed look at the configuration commands of switches from four manufacturers: Cisco, Huawei, H3C, and Ruijie. To make it clearer, each line of code is explained.
1. Basic configuration commands for Huawei switches:
1) Create vlan:
[Quidway] //User view, that is, running commands in Quidway mode.
[Quidway]system-view //Enter configuration view
[Quidway] vlan 10 //Create vlan 10 and enter the vlan10 configuration view. If vlan10 exists, enter the vlan10 configuration view directly.
[Quidway-vlan10] quit //Return to configuration view
[Quidway] vlan 100 //Create vlan 100 and enter the vlan100 configuration view. If vlan10 exists, enter the vlan100 configuration view directly.
[Quidway-vlan100] quit //Return to configuration view
2) Add the port to vlan:
[Quidway] interface GigabitEthernet2/0/1 (10G optical port)
[Quidway- GigabitEthernet2/0/1] port link-type access //Define port transmission mode
[Quidway- GigabitEthernet2/0/1] port default vlan 100 //Add the port to vlan100
[Quidway- GigabitEthernet2/0/1] quit //Return to configuration view
[Quidway] interface GigabitEthernet1/0/0 //Enter the configuration view of the first Gigabit network port on slot 1. 0 represents gate 1
[Quidway- GigabitEthernet1/0/0] port link-type access //Define port transmission mode
[Quidway- GigabitEthernet2/0/1] port default vlan 10 //Add this port to vlan10
[Quidway- GigabitEthernet2/0/1] quit
3) Add multiple ports to VLAN:
[Quidway]system-view
[Quidway]vlan 10
[Quidway-vlan10]port GigabitEthernet 1/0/0 to 1/0/29 //Add ports 0 to 29 to vlan10
[Quidway-vlan10]quit
4) Configure the IP address of the switch:
[Quidway] interface Vlanif100 // Entering the vlan100 interface view is different from where the vlan 100 command is entered.
[Quidway-Vlanif100] ip address 119.167.200.90 255.255.255.252 // Define vlan100 management IP layer 3 switching gateway route
[Quidway-Vlanif100] quit //Return to view
[Quidway] interface Vlanif10 // Entering the vlan10 interface view is different from where the vlan 10 command is entered.
[Quidway-Vlanif10] ip address 119.167.206.129 255.255.255.128 // Define vlan10 management IP layer 3 switching gateway route
[Quidway-Vlanif10] quit
5) Configure the default gateway:
[Quidway]ip route-static 0.0.0.0 0.0.0.0 119.167.200.89 //Configure the default gateway.
6) The switch saves settings and reset commands
[Quidway]save //Save configuration information
[Quidway]reset saved-configuration //Reset switch configuration
[Quidway]reboot //Restart the switch
7) Commonly used display commands for switches
In user view mode:
[Quidway]display current-configuration //Display the configuration details of the switch currently running
[Quidway]display device //Display the status of each device
[Quidway]display interface? //Display port status, use? You can view the options that follow
[Quidway]display version //View switch firmware version information
[Quidway]display vlan? //View vlan configuration information
8) Restore the switch to factory settings
[Quidway]reset saved-configuration //Reset switch configuration
2. Basic configuration of H3C switch:
Let’s first understand the configuration commands and functions of h3c. They are all commonly used. Basically, these commands are indispensable for most network configurations.
1) Basic configuration:
[H3C] //User direct mode prompt, user view
[H3C]system-view //Enter configuration view
[H3C] sysname xxx //Set the host name to xxx. Use it here to modify the password of the privileged user.
2) User configuration:
[H3C]system-view
[H3C]super password H3C //Set user level password
[H3C]undo superpassword //Delete user level password
[H3C]localuser bigheap 1234561 //Web network management user settings, 1 is a management-level user
[H3C]undo localuser bigheap //Delete Web network management user
[H3C]user-interface aux 0 //Only supports 0
[H3C-Aux]idle-timeout 250 //Set the timeout to 2 minutes and 50 seconds. If it is 0, it means no timeout. The default is 5 minutes.
[H3C-Aux]undoidle-timeout //Restore default value
[H3C]user-interface vty 0 //Only supports 0 and 1
[H3C-vty]idle-timeout 250 //Set the timeout to 2 minutes and 50 seconds. If it is 0, it means no timeout. The default is 5 minutes.
[H3C-vty]undoidle-timeout //Restore default value
[H3C-vty]set authentication password123456 //Set telnet password, must be set
[H3C-vty]undo set authenticationpassword //Cancel password
[H3C]displayusers //Display users
[H3C]displayuser-interface //User interface status
3) vlan configuration:
[H3C]vlan 2 //Create VLAN2
[H3C]undo vlanall //Delete all VLANs except the default VLAN. The default VLAN cannot be deleted.
[H3C-vlan2]port Ethernet 0/4 to Ethernet0/7 //Add ports 4 to 7 to VLAN2. This command can only be used to add access ports and cannot be used to add trunk or hybrid ports.
[H3C-vlan2]port-isolate enable //Enable the port isolation feature within the VLAN. Layer 2 forwarding is not possible. This feature is not enabled by default.
[H3C-Ethernet0/4]port-isolate uplink-portvlan 2 //Set 4 as the isolated uplink port of VLAN2, which is used to forward Layer 2 data. Only one uplink port can be configured. If it is a trunk, it is recommended to allow all VLANs to pass. Isolation cannot be configured at the same time as aggregation
[H3C]display vlan all //Display detailed information of all VLANs
[H3C]user-group 20 //Create user-group 20, only user-group 1 exists by default
[H3C-UserGroup20]port Ethernet 0/4 toEthernet 0/7 //Add ports 4 to 7 to VLAN20. They all belong to user-group 1 initially.
[H3C]display user-group 20 //Display related information of user-group 20
4) Switch ip configuration:
[H3C]vlan 20 //Create vlan
[H3C]management-vlan 20 //Management vlan
[H3C]interface vlan-interface 20 //Enter and manage vlan20
[H3C]undo interface vlan-interface 20 //Delete the management VLAN port
[H3C-Vlan-interface20]ip address192.168.1.2 255.255.255.0 //Configure the static IP address of the management VLAN interface
[H3C-Vlan-interface20]undo ipaddress //Delete IP address
[H3C-Vlan-interface20]ip gateway 192.168.1.1 //Specify the default gateway (default no gateway address)
[H3C-Vlan-interface20]undo ip gateway
[H3C-Vlan-interface20]shutdown //Close the interface
[H3C-Vlan-interface20]undo shutdown //turn on
[H3C]display ip //Display information related to the management VLAN interface IP
[H3C]display interface vlan-interface20 //View the interface information of the management VLAN
[H3C]debugging ip //Enable IP debugging function
[H3C]undo debugging ip
5) DHCP client configuration:
[H3C-Vlan-interface20]ip address dhcp-alloc // The management VLAN interface obtains the IP address through DHCP.
[H3C-Vlan-interface20]undo ip address dhcp-alloc // Cancel
[H3C]display dhcp //Display DHCP client information
[H3C]debugging dhcp-alloc //Enable DHCP debugging function
[H3C]undo debugging dhcp-alloc
6) Port configuration:
[H3C]interface Ethernet0/3 //Enter port
[H3C-Ethernet0/3]shutdown //Close the port
[H3C-Ethernet0/3]speed 100 //The speed can be 10, 100, 1000 and auto (default)
[H3C-Ethernet0/3]duplexfull //Duplex, which can be half, full and auto. The optical port and aggregation cannot be configured.
[H3C-Ethernet0/3]flow-control //Enable flow control, the default is closed
[H3C-Ethernet0/3] broadcast-suppression 20 //Set the broadcast suppression percentage to 20%, which can be 5, 10, 20, 100, and the default is 100. Multicast and unknown unicast are also affected by this.
[H3C-Ethernet0/3]loopback internal //Inner loop test
[H3C-Ethernet0/3]port link-type trunk //Set the link type to trunk
[H3C-Ethernet0/3]port trunk pvid vlan 20 //Set 20 as the default VLAN of the trunk, the default is 1 (the PVID at both ends of the trunk line must be consistent)
[H3C-Ethernet0/3]port access vlan 20 //Add the current access port to the specified VLAN
[H3C-Ethernet0/3]port trunk permit vlanall //Allow all VLANs to pass through the current trunk port. This command can be used multiple times.
[H3C-Ethernet0/3]mdiauto //Set the Ethernet port to automatic monitoring, normal to straight line, and across to crossover line
[H3C]link-aggregation Ethernet 0/1 toEthernet 0/4 //Add ports 1-4 to the aggregation group, with 1 as the main port. Both ends need to be configured at the same time. Ports with port mirroring and port isolation set up cannot be aggregated.
[H3C]undo link-aggregation Ethernet 0/1 //Delete the aggregation group
[H3C]link-aggregation mode egress //Configure the port aggregation mode for load sharing based on the destination MAC address. The options are ingress, egress and both. The default is both.
[H3C]monitor-port Ethernet 0/2 //To set this port as a mirror port, the mirror port must be set first. When deleting, the mirrored port must be deleted first, and they cannot be on the same port. The port cannot be in an aggregation group. ,When setting a new mirror port, the new one replaces the old one and the mirrored port remains unchanged.
[H3C]mirroring-port Ethernet 0/3 toEthernet 0/4 both //Set ports 3 and 4 as mirrored ports, both means monitoring received and sent messages at the same time, inbound means only monitoring received messages, and outbound means Only monitor sent messages
[H3C]display mirror
[H3C]display interface Ethernet 0/3
[H3C]resetcounters //Clear statistics of all ports
[H3C]display link-aggregation Ethernet0/3 //Display port aggregation information
[H3C-Ethernet0/3]virtual-cable-test //Diagnose the circuit status of this port
7) qos priority configuration:
QoS configuration steps: Set the priority of the port, set the priority mode of the switch to trust packets, queue scheduling, and port speed limit
[H3C-Ethernet0/3]priority 7 //Set the port priority to 7, the default is 0
[H3C]priority-trustcos //Set the priority mode of switch trust packets to cos (802.1p priority, default value). It can also be set to dscp mode.
[H3C]queue-scheduler hq-wrr 2 4 6 8 //Set the queue scheduling algorithm to HQ-WRR (default is WRR), and the weight is 2,4,6,8
[H3C-Ethernet0/3]line-rate inbound 29 //Limit the port inbound rate to 2Mbps. When 1-28 is used, the rate is rate*8*1024/125, which is 64,128,192...1.792M;
When 29-127, the rate is (rate-27)*1024, that is, 2M, 3M, 4M...100M.
[H3C]displayqueue-scheduler //Display queue scheduling mode and parameters
[H3C]displaypriority-trust //Display priority trust mode
3. Ruijie switch basic command configuration:
After connecting to the switch, you definitely need to configure commands. Let's take a look at the basic command configuration.
1) Prepare orders
>Enable //Enter privileged mode
#Exit //Return to the previous level operating mode
#End //Return to privileged mode
#copy running-config startup-config //Save the configuration file
#del flash:config.text //Delete configuration file (switches and 1700 series routers)
#erase startup-config //Delete configuration file (2500 series router)
#del flash:vlan.dat //Delete Vlan configuration information (switch)
#Configure terminal //Enter global configuration mode
(config)# hostname switchA //Configure the device name to switchA
(config)#banner motd & //Configure daily reminder information & is the terminator
(config)#enable secret level 1 0 star //Configure the remote login password to star
(config)#enable secret level 15 0 star //Configure the privilege password to star
Level 1 is the normal user level, which can be selected from 1 to 15, with 15 being the highest authority level; 0 means the password is not encrypted.
(config)#enable services web-server //Enable switch WEB management function
Services are available as follows: web-server (WEB management), telnet-server (remote login), etc.
2) View information
#show running-config //View the currently effective configuration information
#show interface fastethernet 0/3 //View F0/3 port information
#show interface serial 1/2 //View S1/2 port information
#show interface //View all port information
#show ip interface brief //Show all port information in a concise way
#show ip interface //View all port information
#show version //View version information
#show mac-address-table //View the current MAC address table information of the switch
#show running-config //View the currently effective configuration information
#show vlan //View all VLAN information
#show vlan id 10 //View information of a certain VLAN (such as VLAN10)
#show interface fastethernet 0/1 //View a certain port mode (such as F 0/1)
#show aggregateport 1 summary //View aggregate port AG1 information
#show spanning-tree //View spanning tree configuration information
#show spanning-tree interface fastethernet 0/1 //View the spanning tree status of this port
#show port-security //View the port security configuration information of the switch
#show port-security address //View address security binding configuration information
#show ip access-lists listname //View the configuration information of the list named listname
3) Basic configuration of the port
(config)#Interface fastethernet 0/3 //Enter the port configuration mode of F0/3
(config)#interface range fa 0/1-2,0/5,0/7-9 //Enter the ports of F0/1, F0/2, F0/5, F0/7, F0/8, F0/9 configuration mode
(config-if)#speed 10 //Configure the port speed to 10M, optional 10, 100, auto
(config-if)#duplex full //Configure the port in full-duplex mode, optional full (full duplex), half (half-duplex), auto (adaptive)
(config-if)#no shutdown //Open the port
(config-if)#switchport access vlan 10 //Assign this port to VLAN10 for VLAN
(config-if)#switchport mode trunk //Set the port to trunk mode. The optional modes are access and trunk.
(config-if)#port-group 1 //Add this port to the aggregation port AG1 for aggregation port
4)Creation of aggregate port
(config)# interface aggregateport 1 //Create aggregate interface AG1
(config-if)# switchport mode trunk //Configure and ensure that AG1 is in trunk mode
(config)#int f0/23-24
(config-if-range)#port-group 1 //Add the port (port group) to the aggregate port AG1
5)Spanning tree
Configure multiple spanning tree protocols:
switch(config)#spanning-tree //Enable spanning tree protocol
switch(config)#spanning-tree mst configuration //Establish multiple spanning tree protocol
switch(config-mst)#name ruijie //named ruijie
switch(config-mst)#revision 1 //Set revision to 1
switch(config-mst)#instance 0 vlan 10,20 //Create instance 0
switch(config-mst)#instance 1 vlan 30,40 //Create instance 1
switch(config)#spanning-tree mst 0 priority 4096 //Set the priority to 4096
switch(config)#spanning-tree mst 1 priority 8192 //Set the priority to 8192
switch(config)#interface vlan 10
switch(config-if)#vrrp 1 ip 192.168.10.1 //This is the IP address of vlan 10
switch(config)#interface vlan 20
switch(config-if)#vrrp 1 ip 192.168.20.1 //This is the IP address of vlan 20
switch(config)#interface vlan 30
switch(config-if)#vrrp 2 ip 192.168.30.1 //This is the IP address of vlan 30 (another layer 3 switch)
switch(config)#interface vlan 40
switch(config-if)#vrrp 2 ip 192.168.40.1 //This is the IP address of vlan 40 (another layer 3 switch)
6)Basic configuration of VLAN
(config)#vlan 10 //Create VLAN10
(config-vlan)#name vlanname // Name the VLAN as vlanname
(config-if)#switchport access vlan 10 //Assign the port to VLAN10
Performed in the interface configuration mode of a certain port
(config)#interface vlan 10 //Enter the virtual port configuration mode of VLAN 10
(config-if)# ip address 192.168.1.1 255.255.255.0 //Configure the IP and mask for the virtual port of VLAN10. The layer 2 switch can only configure one IP. This IP is used as the management IP, for example, using Telnet. Login IP address
(config-if)# no shutdown //Enable this port
7)Port security
(config)# interface fastethernet 0/1 //Enter a port
(config-if)# switchport port-security //Enable the security function of this port
A. Configure the maximum number of connections
(config-if)# switchport port-security maxmum 1 //Configure the maximum number of connections for the port to 1 and the maximum number of connections to 128
(config-if)# switchport port-security violation shutdown
//Configure the processing method of security violations as shutdown. The optional options are protect (when the number of safe addresses is full, unknown addresses are discarded), restrict (when a violation occurs, a trap notification is sent), shutdown (when a violation occurs, the port is closed) , and send Trap notification, which can be recovered using errdisable recovery in global mode)
B. IP and MAC address binding
(config-if)#switchport port-security mac-address xxxx.xxxx.xxxx ip-address 172.16.1.1
//Configure the MAC address xxxx.xxxx.xxxx and IP172.16.1.1 for binding in interface configuration mode (note that the MAC address is in lowercase)
8)Layer 3 routing function (for Layer 3 switches)
(config)# ip routing //Enable the routing function of the layer 3 switch
(config)# interface fastethernet 0/1
(config-if)# no switchport //Enable the Layer 3 routing function of the port (so that you can configure an IP for a certain port)
(config-if)#ip address 192.168.1.1 255.255.255.0
(config-if)# no shutdown
9)Layer 3 switch routing protocol
(config)# ip route 172.16.1.0 255.255.255.0 172.16.2.1 //Configure static routing
Note: 172.16.1.0 255.255.255.0 //It is the network number and subnet mask of the target network
172.16.2.1 is the next hop address, which can also be represented by an interface, such as ip route 172.16.1.0 255.255.255.0 serial 1/2 (the port connected to 172.16.2.0)
(config)# router rip //Start the RIP protocol process
(config-router)# network 172.16.1.0 //Declare the directly connected network segment information of this device
(config-router)# version 2 //Enable RIP V2, optional version 1 (RIPV1), version 2 (RIPV2)
(config-router)# no auto-summary //Turn off the automatic summary function of routing information (only supported in RIPV2)
(config)# router ospf //Start the OSPF routing protocol process (for 1762, no need to use process ID)
(config)# router ospf 1 //Start the OSPF routing protocol process (for 2501, you need to add the OSPF process ID)
(config-router)# network 192.168.1.0 0.0.0.255 area 0
//Declare the directly connected network segment information and assign an area number (area0 is the backbone area)
It can be clearly seen that the orders of the three companies are similar. In fact, Huawei and H3C are more similar.
4. Basic configuration commands for Cisco switches:
In addition to the above three commands, when we usually do projects, we may also encounter Cisco switches. Let's learn about the configuration commands of Cisco switches in detail.
1)Enter privileged mode enable
switch> enable
switch#
2) Enter global configuration mode configure terminal
switch> enable
switch#c onfigure terminal
switch(conf)#
3) Switch naming hostname aptech2950, taking aptech2950 as an example
switch> enable
switch#c onfigure terminal
switch(conf)#hostname aptch-2950
aptech2950(conf)#
4) Configure the enable password enable password cisco. Take cisco as an example.
switch> enable
switch#c onfigure terminal
switch(conf)#hostname aptch2950
aptech2950(conf)# enable password cisco
5) Configure the enable password enable secret ciscolab. Take cicsolab as an example.
switch> enable
switch#c onfigure terminal
switch(conf)#hostname aptch2950
aptech2950(conf)# enable secret ciscolab
6) Create multiple vlans
Switch>enable (enter privileged mode)
Switch#vlan data (enter vlan configuration mode)
Switch(vlan)#vlan 10 name IT (divide vlan10, named IT)
Switch(vlan)#vlan 20 name HR (divide vlan20, named HR)
Switch(vlan)#vlan 30 name FIN (divide vlan30, named FIN)
Switch(vlan)#vlan 40 name LOG (divide vlan40, named LOG)
Switch(vlan)#exit
7) Set vlan 1
switch> enable
switch#c onfigure terminal
switch(conf)#hostname aptch2950
aptech2950(conf)# interface vlan 1
aptech2950(conf-if)#ip address 192.168.1.1 255.255.255.0 Configure switch port ip and subnet mask
aptech2950(conf-if)#no shut means the configuration is running
aptech2950(conf-if)#exit
aptech2950(conf)#ip default-gateway 192.168.254 Set the gateway address
8) Enter a certain port of the switch interface fastehernet 0/17. Take port 17 as an example.
switch> enable
switch#c onfigure terminal
switch(conf)#hostname aptch2950
aptech2950(conf)# interface fastehernet 0/17
aptech2950(conf-if)#
9) View command show
switch> enable
switch# show version View all version information in the system
show interface vlan 1 View the configuration information of the switch regarding the IP protocol
show running-configure View the currently active configuration information of the switch
show interface fastethernet 0/1 View the specific configuration and statistical information of switch 1 interface
show mac-address-table View mac address table
show mac-address-table aging-time View the automatic aging time of the mac address table
10)Restore the switch to factory default recovery command
switch> enable
switch# erase startup-configure
switch# reload
11)Duplex mode setting
switch> enable
switch#c onfigure terminal
switch2950(conf)#hostname aptch-2950
aptech2950(conf)# interface fastehernet 0/17 Take port 17 as an example
aptech2950(conf-if)#duplex full/half/auto There are three options: full, half, and auto.
item
12) cdp related commands
switch> enable
switch# show cdp View the cdp global configuration information of the device
show cdp interface fastethernet 0/17 View the cdp configuration information of port 17
show cdp traffic View statistics about cdp packets
show cdp nerghbors lists cisco devices connected to the device
13) Switch telnet remote login settings:
switch>en
switch#c onfigure terminal
switch(conf)#hostname aptech-2950
aptech2950(conf)#enable password cisco Use cisco as the privileged mode password
aptech2950(conf)#interface fastethernet 0/1 Use port 17 as the telnet remote login port
aptech2950(conf-if)#ip address 192.168.1.1 255.255.255.0
aptech2950(conf-if)#no shut
aptech2950(conf-if)#exit
aptech2950(conf)line vty 0 4 Set 0-4 users to log in remotely via telnet
aptech2950(conf-line)#login
aptech2950(conf-line)#password edge Use edge as the user password for remote login
Host settings:
ip 192.168.1.2 The host’s IP must be in the same network segment as the switch port address.
netmask 255.255.255.0
gate-way 192.168.1.1 The gateway address is the switch port address
run:
telnet 192.168.1.1
Enter the telnet remote login interface
password: edge
aptech2950>en
password: cisco
aptech#
Contact: Mr.Molle
Phone: 18823647757
E-mail: info@opticsswitch.com
Whatsapp:8618823647757
Add: A508, Hedi Chuangke Building, No. 28 Qingshui Road, Longgang District, Shenzhen, Guangdong Province, China
We chat