Sample HPN vs. Cisco CLI Comparison Reference
H3C
|
Cisco
|
display
|
show
|
undo
|
no
|
Quit
|
exit
|
return
|
end
|
logout
|
exit
|
sysname
|
hostname
|
local-user
|
user
|
Acl
|
access-list
|
display
version
|
show
version
|
display
current
|
show
run
|
display
saved-config
|
show
start
|
ctrl+q
|
ctrl+z
|
ctrl+e
|
ctrl+p
|
ctrl+d
(undebug all)
|
no
debug all
|
save
|
write
|
delete
|
erase
|
simple
|
0
|
cipher
|
7
|
info-center
|
logging
|
Mode and View Reference:
H3C
|
Cisco
|
Description
|
User
View:
<Router>
|
Router>
|
User
level Basic limited access
|
System
View:
[Router]
|
Router#
|
Privileged
Detailed access
|
System
View: [Router]
|
Router(config)#
|
Configuration
Level access
|
Basic Configurations
Hostnames
Define the hostname (unique identifier) for each device being configured.
sysname CORE_9500
Command Alias
Time and Date
clock datetime HH:MM:SS {YYYY/MM/DD | MM/DD/YYYY } clock timezone zone-name { add | minus } HH:MM:SS
Startup Config File Settings
startup saved-config filename.cfg sysname
slave auto-update config (this auto saves to all slave management modules across a single chassis and IRF cluster)
Date and Time
Static
clock datetime HH:MM:SS {YYYY/MM/DD | MM/DD/YYYY }
NTP
ntp-service source-interface Vlan-interface10 ntp-service unicast-server 192.168.128.1 priority
ntp-service unicast-server 192.168.16.1 priority
LLDP
Enable
LLDP signaling on Ethernet ports. LLDP is enabled by default on fixed port switches.
It is disabled by default on chassis based switches.
lldp enable
Terminal Settings
This keeps logging and monitor messages from messing up your command input.
info-center synch (keeps system messages from messing up your typing)
quit
screen-length disable (don’t stop scrolling text…this is an individual session setting)
Loopback Interfaces
Create Loopback
interfaces. These can be used for BGP/OSPF router ID (RID) and MPLS
label switch router ID (LSR ID)
Interface loopback 0 ip address 10.1.200.1 32
Message of the Day
header
motd %This computer system and associated networks are for the sole
business use of ACME widget Corporation. No Unauthorized use.
%
Remote Access and AAA
Telnet
telnet server enable
user-interface vty 0 4
telnet server enable
user-interface vty 0 4
authentication-mode password (password will require only a password, scheme
requires a user name and password setup via local-user…see SSH example)
set authentication password simple admin
protocol inbound telnet (could be all to allow for both telnet and ssh)
quit
SSH
public-key local create rsa
public-key local create dsa
ssh server enable
Configure
User Interface:
user-interface vty 0 4
authentication-mode scheme
protocol inbound ssh (could be all to allow for both telnet and ssh)
quit
Configure
a local user:
local-user admin
password simple admin
authorization-attribute level 3
service-type ssh
quit
Configure
local user to use SSH:
ssh user admin service-type stelnet authentication-type password (using all as service
type allows this user to be used for sFTP)
FTP
Anonymous
FTP is not allowed. You must configure a local user with ftp rights.
ftp server enable
local-user admin
password simple admin
service-type ftp
authorization-attribute level 3
quit
sFTP
public-key local create rsa
public-key local create dsa
ssh server enable
sftp server enable
sFTP Server:
Configure User Interface:
user-interface vty 0 4
authentication-mode scheme
protocol inbound ssh (sFTP uses ssh)
quit
Configure a local user:
local-user sftp-user
password simple admin
service-type ssh
authorization-attribute level 3
quit
Configure local user to use sFTP:
ssh user sftp-user service-type sftp authentication-type password (using all as service
type allows this user to be used for SSH)
RADIUS
Create
a domain:
domain test-domain
quit
domain default enable test-domain
Create a RADIUS Scheme:
radius scheme rad-scheme
primary authentication x.x.x.x (this is for authentication and authorization)
secondary authentication x.x.x.x
key authentication test_key
primary accounting x.x.x.x
secondary accounting x.x.x.x
key accounting test_key
user-name-format without-domain (do this only if the RADIUS server doesn’t want to see the domain
name in the requests
quit
domain test-domain
authentication login radius-scheme rad-scheme
authorization login radius-scheme rad-scheme
accounting login radius-scheme rad-scheme
quit
TACACS
Create
a domain:
domain test-domain
quit
quit
domain default enable test-domain
hwtacacs scheme tacacs-scheme
primary authentication x.x.x.x
secondary authentication x.x.x.x
key authentication test_key
primary authorization x.x.x.x
secondary authorization x.x.x.x
key authorization test_key
primary accounting x.x.x.x
secondary accounting x.x.x.x
key accounting test_key
user-name-format without-domain (do this only if the TACACS server doesn’t want to see the
domain name in the requests
quit
domain test-domain
authentication login hwtacacs-scheme tacacs-scheme
authorization login hwtacacs-scheme tacacs-scheme
accounting login hwtacacs-scheme tacacs-scheme
quit
Create VLANs to be used on each switch according to the diagram, and assign VLAN IP addresses on the CORE.
VLAN 10
description test VLAN
quit
interface vlan 10
ip address 10.1.10.1 24
quit
Port Configurations
For ports that will be part of a link
aggregation group, skip to the Link Aggregation section. For these ports, all
configurations need to be done at the port group level with the exception of
adding each individual port to a port group. Otherwise there can be issues with
all port joining the group correctly.
Access Ports
interface ten 1/0/1
description access port
port access vlan 10
Trunk Ports
interface ten 1/2/0/1
description trunk port to EDGE_5800
port link-type trunk
port trunk permit vlan 10 to 11
undo port trunk permit vlan 1
port trunk pvid vlan 10 (if you want to set
pvid)
Link Aggregation
Order is important in LAG group
configuration:
Ø Clear out current
port config
Ø Create LAG group and
set it to dynamic if LACP is desired
Ø Add the ports to the
LAG
Ø Do remaining config
on the LAG
interface bridge-aggregation 1
description LAG to Server
link-aggregation mode dynamic (enables LACP.
Enabled by default)
quit
interface ten 1/2/0/8 (interface to be added to LAG)
port link-aggregation group 1
quit
interface ten 2/2/0/8 (interface to be added to LAG)
port link-aggregation group 1
quit
interface bridge-aggregation 1
port link-type trunk
port trunk permit vlan 10 to 11
undo port trunk permit vlan 1
quit
display link-aggregation verbose
All interfaces should have a status of S
(selected). If they say U (unselected), something is wrong.
No comments:
Post a Comment
Please add comments so I may update the material to accommodate platform modification to various commands. Also if you have some real-world caveats, do please share.