Friday, October 7, 2011

H3C - Configuration Examples


Sample HPN vs. Cisco CLI Comparison Reference


H3C


Cisco

display
show
undo
no
Quit
exit
return
end
logout
exit
sysname
hostname
local-user
user
Acl
access-list
display version
show version
display current
show run
display saved-config
show start
ctrl+q
ctrl+z
ctrl+e
ctrl+p
ctrl+d (undebug all)
no debug all
save
write
delete
erase
simple
0
cipher
7
info-center
logging


Mode and View Reference:

H3C
Cisco
Description
User View:
<Router>
Router>
User level Basic limited access
System View:
[Router]
Router#
Privileged Detailed access
System View: [Router]
Router(config)#
Configuration Level access


Basic Configurations
              Hostnames
              Define the hostname (unique identifier) for each device being configured.
              sysname CORE_9500
                  Command Alias

Time and Date
             clock datetime HH:MM:SS {YYYY/MM/DD | MM/DD/YYYY }
             clock timezone zone-name { add | minus } HH:MM:SS
Startup Config File Settings
             startup saved-config filename.cfg
             sysname
             slave auto-update config (this auto saves to all slave management modules across a single chassis and IRF cluster)
Date and Time

Static
             clock datetime HH:MM:SS {YYYY/MM/DD | MM/DD/YYYY }
NTP
            ntp-service source-interface Vlan-interface10
            ntp-service unicast-server 192.168.128.1 priority
            ntp-service unicast-server 192.168.16.1 priority
LLDP
             Enable LLDP signaling on Ethernet ports.
             LLDP is enabled by default on fixed port switches.
             It is disabled by default on chassis based switches.
             lldp enable
                 Terminal Settings
            This keeps logging and monitor messages from messing up your command input.
              info-center synch (keeps system messages from messing up your typing)
              quit
              screen-length disable (don’t stop scrolling text…this is an individual session setting)
Loopback Interfaces
Create Loopback interfaces.  These can be used for BGP/OSPF router ID (RID) and MPLS label switch router ID (LSR ID)
             Interface loopback 0
             ip address 10.1.200.1 32
Message of the Day
      header motd %
      This computer system and associated networks are for the sole
      business use of ACME widget Corporation.  No Unauthorized use.
      %

Remote Access and AAA

Telnet
telnet server enable
user-interface vty 0 4
authentication-mode password (password will require only a password, scheme requires a user name and password setup via local-user…see SSH example)
set authentication password simple admin
protocol inbound telnet (could be all to allow for both telnet and ssh)
quit
SSH
public-key local create rsa
public-key local create dsa
ssh server enable
Configure User Interface:
user-interface vty 0 4
authentication-mode scheme
protocol inbound ssh (could be all to allow for both telnet and ssh)
quit
Configure a local user:
local-user admin
password simple admin
authorization-attribute level 3
service-type ssh
quit
Configure local user to use SSH:
ssh user admin service-type stelnet authentication-type password (using all as service type allows this user to be used for sFTP)

FTP
Anonymous FTP is not allowed. You must configure a local user with ftp rights.
ftp server enable
local-user admin
password simple admin
service-type ftp
authorization-attribute level 3
quit

sFTP 
public-key local create rsa
public-key local create dsa
ssh server enable
sftp server enable
sFTP Server:

Configure User Interface:
user-interface vty 0 4
authentication-mode scheme
protocol inbound ssh (sFTP uses ssh)
quit

Configure a local user:
local-user sftp-user
password simple admin
service-type ssh
authorization-attribute level 3
quit

Configure local user to use sFTP:
ssh user sftp-user service-type sftp authentication-type password (using all as service type allows this user to be used for SSH)

RADIUS
Create a domain: 
domain test-domain
quit
domain default enable test-domain

Create a RADIUS Scheme:
radius scheme rad-scheme
primary authentication x.x.x.x (this is for authentication and authorization)
secondary authentication x.x.x.x
key authentication test_key
primary accounting x.x.x.x
secondary accounting x.x.x.x
key accounting test_key
user-name-format without-domain (do this only if the RADIUS server doesn’t want to see the domain name in the requests
quit

domain test-domain
authentication login radius-scheme rad-scheme
authorization login radius-scheme rad-scheme
accounting login radius-scheme rad-scheme
quit

TACACS 
Create a domain:
domain test-domain
quit

domain default enable test-domain
hwtacacs scheme tacacs-scheme
primary authentication x.x.x.x
secondary authentication x.x.x.x
key authentication test_key
primary authorization x.x.x.x
secondary authorization x.x.x.x
key authorization test_key
primary accounting x.x.x.x
secondary accounting x.x.x.x
key accounting test_key
user-name-format without-domain (do this only if the TACACS server doesn’t want to see the domain name in the requests
quit

domain test-domain
authentication login hwtacacs-scheme tacacs-scheme
authorization login hwtacacs-scheme tacacs-scheme
accounting login hwtacacs-scheme tacacs-scheme
quit

 
VLANs
Create VLANs to be used on each switch according to the diagram, and assign VLAN IP addresses on the CORE.
VLAN 10
description test VLAN
quit

interface vlan 10
ip address 10.1.10.1 24
quit
Port Configurations
For ports that will be part of a link aggregation group, skip to the Link Aggregation section. For these ports, all configurations need to be done at the port group level with the exception of adding each individual port to a port group. Otherwise there can be issues with all port joining the group correctly.
Access Ports
interface ten 1/0/1
description access port
port access vlan 10
Trunk Ports
interface ten 1/2/0/1
description trunk port to EDGE_5800
port link-type trunk
port trunk permit vlan 10 to 11
undo port trunk permit vlan 1
port trunk pvid vlan 10 (if you want to set pvid)
Link Aggregation
Order is important in LAG group configuration:
Ø  Clear out current port config
Ø  Create LAG group and set it to dynamic if LACP is desired
Ø  Add the ports to the LAG
Ø  Do remaining config on the LAG
interface bridge-aggregation 1
description LAG to Server
link-aggregation mode dynamic (enables LACP. Enabled by default)
quit

interface ten 1/2/0/8 (interface to be added to LAG)
port link-aggregation group 1
quit

interface ten 2/2/0/8 (interface to be added to LAG)
port link-aggregation group 1
quit

interface bridge-aggregation 1
port link-type trunk
port trunk permit vlan 10 to 11
undo port trunk permit vlan 1
quit

display link-aggregation verbose
All interfaces should have a status of S (selected). If they say U (unselected), something is wrong.


No comments:

Post a Comment

Please add comments so I may update the material to accommodate platform modification to various commands. Also if you have some real-world caveats, do please share.

Search Duke

About the Author

My photo
Central Florida, United States