H3C交换机配置代码要点(4)

display system-guard ip-record 显示防攻击记录信息.

system-guard enable 启用系统防攻击功能

display icmp statistics icmp流量统计

display ip socket

display ip statistics

display acl all

acl number acl-number match-order auto/config

acl-number (2000-2999 是基本acl 3000-3999是高级acl为管理员预留的编号)

rule deny/permit protocal 访问控制

[h3c] acl number 3000

[h3c-acl-adv-3000]rule permit tcp source 129.9.0.0 0.0.255.255 destiNation 202.38.160.0 0.0.255.255 destiNation-port eq 80 (

定义高级acl 3000,允许129.0.0/16网段的主机向202.38.160/24网段主机访问端口80)

rule permit source 211.100.255.0 0.255.255.255

rule deny cos 3 souce 00de-bbef-adse ffff-ffff-fff dest 0011-4301-9912 ffff-ffff-ffff

(禁止mac地址00de-bbef-adse发送到mac地址0011-4301-9912且802.1p优先级为3的报文通过)

display qos-interface GigabitEthernet1/0/1 traffic-limit 查看端口上流量

端口速率限制

line-rate inbound/outbound target-rate

inbound:对端口接收报文进行速率限制

outbound: 对端口发送报文进行速率限制

target-rate 对报文限制速率,单位kbps 千兆口 inbound范围1-1000000 outbound范围20-1000000

undo line-rate取消限速.

[h3c]interface GigabitEthernet1/0/1

[h3c-GigabitEthernet1/0/1]line-rate outbound 128 限制出去速率为128kbps

display arp | include 77

display arp count 计算arp表的记录数

display ndp 显示交换机端口的详细配置信息。

display ntdp device-list verbose 收集设备详细信息

实验八 单臂路由

设置Pca ip:10.65.1.1 gateway:10.65.1.2 设置PCB ip:10.66.1.1 gateway:10.66.1.2

1.一个接口两个IP的情况 system password:

[Quidway]interface ethernet0

[Quidway-Ethernet0]ip addr 10.65.1.2 255.255.255.0

[Quidway-Ethernet1]ip addr 10.66.1.2 255.255.255.0 secondary [Quidway-Ethernet1]undo shutdown

[root@Pca root]#ping 10.66.1.1 通

2．划分两个子接口，对两个vlan的路由 [SwitchA]vlan 2 [SwitchA-vlan2]port e0/3 [SwitchA]vlan 3

[SwitchA-vlan3]port e0/6 [SwitchA]ine e0/1

[SwitchA-Ethernet0/1]port link-type trunk [SwitchA-Ethernet0/1]port trunk permit vlan all [SwitchA-Ethernet0/1]port trunk encap dot1q [SwitchA]dis curr

[Quidway]int e0

[SwitchA-Ethernet0]int e0.1

[SwitchA-Ethernet0.1]encapsulation dot1q 2

[SwitchA-Ethernet0.1]ip addr 10.65.1.2 255.255.255.0 [SwitchA-Ethernet0.1]nudo shut [SwitchA-Ethernet0.1]int e0.2

[SwitchA-Ethernet0.2]encapsulation dot1q 2

[SwitchA-Ethernet0.2]ip addr 10.66.1.2 255.255.255.0 [SwitchA-Ethernet0.2]nudo shut [SwitchA]dis curr

[root@Pca root]#ping 10.66.1.1 通