##基礎查詢&儲存##
<HP>display clock #顯示時間
<HP>system #enable mode
[HP]display current-configuration #對應cisco show running-configuration
[HP]display startup-configuration #對應cisco show startup-configuration
[HP]save #儲存設定檔
[HP]save force #強制儲存設定檔
[HP]display this #顯示現有階層下的狀態
[HP]dis link-aggregation summary #顯示LACP目前狀態
[HP]dis version #顯示版本
[HP]enable debug dotx all #除錯模式 dotx
<HP>dir flash: #顯示所有在Flash的檔案
________________________________________
## Debugging ##
debugging stp event interface gi 1/0/30
terminal monitor #show informantion output to current terminal
________________________________________
##設定SW IP address及Gateway##
[HP]interface vlan-interface 1 #進入vlan1(問我為什麼進入vlan1的請回去學switch的概念)
[HP-Vlan-interface1]ip address x.x.x.x x.x.x.x
[HP-Vlan-interface1]save
[HP-Vlan-interface1]quit
[HP]ip route-static 0.0.0.0 0.0.0.0 Vlan-interface 1 192.168.1.254 #直接一筆寫完上面一堆指令
________________________________________
##變更名稱##
[HP]sysname XXX
________________________________________
##啟動web管理介面##
<HP>system
[HP]local-user xxx
[HP-luser-admin]service-type web
[HP-luser-admin]authentication-attribute level 3 #設定帳號權限等級3
[HP-luser-admin]password cipher xxx #這指令有分simple及cipher,但我打simple最後還是變成cipher
[HP-luser-admin]quit
[HP]ip https enable #啟用Https服務
[HP]ip https port xxx #設定port
[HP-Vlan-interface1]save
[HP-Vlan-interface1]quit
________________________________________
##啟用Terminal服務##
<HP>system
[HP]user-interface vty 0 4
[HP-ui-vty0-4]authentication-mode password
[HP-ui-vty0-4]set authentication password cipher xxxxx
[HP-ui-vty0-4]user privilege level 3
[HP-ui-vty0-4]quit
[HP]telnet server enable
________________________________________
##啟用ssh服務##
<HP>system
[HP]public-key local create rsa
[HP]ssh server enable
[HP-ui-vty0-4]user-interface vty 0 4
[HP-ui-vty0-4]authentication-mode scheme
[HP-ui-vty0-4]user privilege level 3
[HP]quit
[HP]local-user xxx ##建立user帳號
[HP-luser-admin]service-type ssh (ssh telnet terminal web) ##要給予這個使用者採取那些連線方式
[HP-luser-admin]authentication-attribute level 3
[HP-luser-admin]password cipher password
[HP-luser-admin]quit
________________________________________
##設定ACL##
acl number 4000 name MAC01
rule 0 permit source-mac 0023-2401-b5ae ffff-ffff-ffff dest-mac 0000-0000-0000 0000-0000-0000
rule 5 permit source-mac 0000-0000-0000 0000-0000-0000 dest-mac 0023-2401-b5ae ffff-ffff-ffff
undo acl number xxxx ##刪除ACL
—————————————–
acl number 3000 name IP01 ## create acl (name)
rule 0 permit ip source 192.168.20.33 0 destination any ##create rule
rule 5 permit ip source any destination 192.168.20.33 0
undo acl number xxxx ##刪除ACL
________________________________________
##以interface 方式設定hybrid模式##
<HP>system
[HP]interface gi 1/0/1
[HP-GigabitEthernet1/0/1]port link-type hybrid ##設定hybrid可以寫入多個access vlan,這是傳統SW沒法做到的
[HP-GigabitEthernet1/0/1]port hybrid vlan 10 tagged #該vlan帶tag
[HP-GigabitEthernet1/0/1]port hybrid vlan 101 untagged #該vlan不帶tag
_________________________________________
##以interface 方式設定Vlan##
[HP]interface gi 1/0/1
[HP-GigabitEthernet1/0/1]port link-type access
[HP-GigabitEthernet1/0/1]port access vlan 100
______________________________________________
##以vlan 方式設定Vlan##
<HP>system
[HP]vlan 2
[HP-vlan2]port gi 1/0/3
[HP-vlan3]port gi 1/0/4 to gi 1/0/10
[HP-vlan3]quit
______________________________________________
##一次顯示所有設定檔(取消每一次顯示的行數)##
<HP>screen-length disable
______________________________________________
##存檔##
<HP>save backup #存檔成backup用的config
<HP>copy startup.cfg 20160819.cfg #複製開機設定檔
______________________________________________
##進入SW的BIOS(開機選單)##
開機時按 “ctrl+B”
BIOS可用的功能
______________________________________________
##忘記Console密碼##
開機時按 “ctrl+B”
選擇”skip current system configuration file”
以筆記本形式編輯starup-config
編輯完後再將內容貼回去,存檔
______________________________________________
##回復原廠預設值##
<HP>reset saved-configuration
<HP>reset saved-configuration backup
<HP>reboot
______________________________________________
##刪除現有檔案##
<HP>delete /unreserved file #加/unreserved的差別在於有/unreserved指令會直接清理檔案,不會進到垃圾桶
<HP>reset recyble bin #清理垃圾桶
<HP>undelete file #救回垃圾桶的檔案
______________________________________________
##選擇開機時要用的startup config及韌體##
<HP>start saved-configuration startup.cfg main
<HP>dir
<HP>boot-loader file a5500hi-cmw520-r5501p25.bin slot all main
______________________________________________
##直接在SW上面建立vlan的路由##(不適合用在5500以下的機型,因為如5130 ARP TABLE只有256,超過就有人沒法上網)
interface vlan-interface 1
ip address 192.168.1.254 24
quit
interface vlan-interface 2
ip address 192.168.2.254 24
quit
______________________________________________
##執行LACP##
interface bridge-aggregation 1
link-aggregation mode dynamic ##LACP Active的下法
quit
interface gi 1/0/1
port link-aggregation group 1
or
interface range GigabitEthernet 1/0/1 GigabitEthernet 1/0/3 ##一次設定範圍裏面的port
port link-aggregation group 1
dis link-aggregation summary #顯示LACP目前狀態
dis interface Bridge-Aggregation 1
______________________________________________
#設定Trunk port及於port中設定access vlan##
[hptest-GigabitEthernet1/0/1]port link-type trunk
[hptest-GigabitEthernet1/0/1]port trunk permit vlan all
[hptest-GigabitEthernet1/0/1]port trunk pvid vlan 2 #在trunk模式底下只能有一個untagged的vlan
______________________________________________
##啟用RSTP##
stp enable
stp mode rstp
stp priority 0
______________________________________________
##在interface上設定快速連線(porfast)##
[HP]stp edged-port enable
______________________________________________
##DHCP Relay##
dhcp enable
dhcp relay server-group 1 ip 192.168.1.1 #有第二筆就直接加在後面
interface vlan-interface 2
dhcp select relay
dhcp relay server-select 1
quit
______________________________________________
##DHCP Server##
ip-pool 1
network 192.168.1.0 mask 255.255.255.0
domain-name example.com
dns-list 192.168.1.2
expored day 1 hour 12
quit
dhcp server forbidden-ip 192.168.1.2 #禁止發的IP
dhcp server forbidden-ip 192.168.1.4 to 192.168.1.10
______________________________________________
##設定IRF## 目前還不完整,會再補
共用指令
chassis convert mode irf #非chassis不用下
#reboot
第一台
irf member 1 priority 32
quit
interface gi 1/0/1
shut
quit
interface gi 1/0/2
shut
quit
irf-port 1/1
port group interface ten 1/0/1
port group interface ten 1/0/2
interface gi 1/0/1
undo shut
interface gi 1/0/2
undo shut
quit
第二台
irf member 1 renumber 2
quit
reboot
interface gi 1/0/1
shut
quit
interface gi 1/0/2
shut
quit
irf-port 2/2
port group interface gi 1/0/1
port group interface gi 1/0/2
interface gi 1/0/1
undo shut
interface gi 1/0/2
undo shut
quit
______________________________________________
##TFTP上傳/下載##
#上傳,這裡指的是從SW上傳資料到TFTP Server
<HP>dir
<HP>tftp 19 2.168.1.20 put a5500hi-cmw520-r5206.bin a5500hi-cmw520-r5206.bin
#下載,這裡指的是從Server下載資料到SW
<HP>dir
<HP>tftp 192.168.1.20 get A5500HI-CMW520-R5501P25.bin A5500HI-CMW520-R5501P25.bin
______________________________________________
##設定Concole 密碼##
[HP]user-interface 0
[HP-ui0]auth
[HP-ui0]authentication-mode password
[HP-ui0]set authentication password cipher 123456
[HP-ui0]user privilege lev 3
[HP-ui0]quit______________________________________________
NTP server ###
ntp-service unicast-server 192.168.7.2
clock timezone GMT add 8
______________________________________________
portfast ###
spanning-tree port admin-edge-port
stp edge enable
STP Edged-Port enable ##5500
資料來源:https://www.lazyfu.com/2016/08/25/switch-command/
沒有留言:
張貼留言