Initial setting & basic command of HPE(H3C) switch ~ VLAN configuration, ssh, snmp, ntp, syslog ~ | SEの道標
HP switch (H3C, 3COM)

Initial setting & basic command of HPE(H3C) switch ~ VLAN configuration, ssh, snmp, ntp, syslog ~

2018.05.28

I summarized the basic settings of HP 5130 etc.

Display current config

<HPE> display current-configuration

Log into Configuration mode

<HPE> system-view

Set hostname

[HPE] sysname HOGE

Save config

[HOGE] save

Configure VLAN

[HOGE] vlan 2
[HOGE-vlan-2] quit
[HOGE] vlan 5 to 10
[HOGE-vlan-5to10] quit
[HOGE] int giga 1/0/1
[HOGE-int-giga-1/0/1] port access vlan 2
[HOGE-int-giga-1/0/1] quit
[HOGE] int giga 1/0/2
[HOGE-int-giga-1/0/2] port link-type trunk
[HOGE-int-giga-1/0/2] port trunk permit vlan 5 to 6 8
[HOGE-int-giga-1/0/2] quit
[HOGE] int vlan 2
[HOGE-interface-vlan-interface-2] ip address 192.168.0.1 255.255.255.0

Display setting status of interface currently in

[HOGE] interface giga 1/0/1
[HOGE-int-giga-1/0/1] display this
interface gigabitEthernet 1/0/1
port access vlan 2
[HOGE-int-giga-1/0/1]

Summary information such as the Link UP / DOWN status of the interface

[HOGE] display interface brief

SSH setting

[HOGE] line vty 0 7
[HOGE-line-vty-0-7] authentication-mode scheme
[HOGE-line-vty-0-7] user-role network-admin
[HOGE-line-vty-0-7] quit
[HOGE] local-user myadmin class manage
[HOGE-local-user] password simple ***
[HOGE-local-user] service-type ssh terminal
[HOGE-local-user] authrization-attribute user-role network-admin
[HOGE-local-user] quit
[HOGE] ssh server enable

ACL setting

Use ACL for access control of INBOUND / OUTBOUND to interface

[HOGE] acl number 2000
[HOGE-acl-2000] rule 10 permit source 172.16.1.0 0.0.0.255
[HOGE-acl-2000] quit
[HOGE] interface vlan 5
[HOGE-int-vlan 5] packet-filter inbound 2000
[HOGE-int-vlan 5] packet-filter outbound 2000

Use ACL for SSH access control

[HOGE] acl number 2001
[HOGE-acl-2000] rule 10 permit source 10.1.1.0 0.0.0.255
[HOGE-acl-2000] quit
[HOGE] ssh server acl 2001

Routing setting

Default route setting (0 after 0.0.0.0 means subnet mask 0.0.0.0)

[HOGE] ip route-static 0.0.0.0 0 192.168.0.254

The same static route is the same

[HOGE] ip route-static 10.0.0.0 255.0.0.0 192.168.0.254

ntp/time setting

Time zone

[HOGE] clock timezone JST add 09: 00: 00

Performing time synchronization manually

[HOGE] clock protocol none
[HOGE] quit
clock datetime 8: 58: 28 5/28/2018

Time synchronization with NTP

[HOGE] clock protocol ntp
[HOGE] ntp-service enable
[HOGE] ntp-service unicast-server 192.168.3.1

SNMP setting (v2c)

[HOGE] snmp-agent
[HOGE] snmp-agent community read examplepublic
[HOGE] snmp-agent community write exampleprivate
[HOGE] snmp-agent sysinfo version v 2 c
[HOGE] snmp-agent target-host trap address udp-domain 192.168.2.1 params securityname examplepublic v2c
[HOGE] snmp-agent trap enable arp
[HOGE] snmp-agent trap enable radius

syslog setting

[HOGE] info-center loghost 192.168.1.1
[HOGE] info-center loghost 192.168.1.2

Other settings to check other

ttl-expires and unreachable can be enabled, redirects can be invalid.

[HOGE] undo ip redirects enable
[HOGE] ip ttl-expires enable
[HOGE] ip unreachables enable

I do not use STP at this time

[HOGE] undo stp global enable

LoopbackDetection instead (do not put it on the uplink)

[HOGE] int giga 1/0/1
[HOGE-int-giga 1/0/1] loopback-detection enable vlan 1 to 4094
[HOGE-int-giga-1/0/1] loopback - detection action block

If you put it in the uplink, communication to the uplink will be totally disconnected if timing is bad.
Confirm setting status

[HOGE] display loopback-detection

Link aggregation (Bridge-Aggregation)

It is called bridge aggregation.The group is BAGG instead of LAG.
First create a logical Bridge Aggregation interface, enter the interface you want to belong to BAGG, set its group number, leave the group, enter the Bridge Aggregation interface once more and set up trunk etc. It reflects on all the interfaces.

[HOGE] int bri 9
[HOGE-int-Bridge9] description BAG9DAYO
[HOGE-int-Bridge9] quit
[HOGE] int giga 1/0/9
[HOGE-int-giga-1/0/9] description GIGA 1/0/9
[HOGE-int-giga-1/0/9] port link-aggregation group 9
[HOGE-int-giga-1/0/9] quit
[HOGE] int giga 2/0/9
[HOGE-int-giga-2/0/9] description GIGA 1/0/9
[HOGE-int-giga-2/0/9] port link-aggregation group 9
[HOGE-int-giga-2/0/9] quit
[HOGE] int bri 9
[HOGE-int-Bridge9] port link-type trunk
[HOGE-int-Bridge9] port trunk permit vlan 5 to 10

If you want to set with Static mode(in cisco, mode on), above settings is all. If you want to set with LACP(802.3ad/802.1ax), following setting is needed.

[HOGE-int-Bridge9] link-aggregation mode dynamic

Confirm setting status

[HOGE] display link-aggregation summary

How to debug

To debug with SSH running do the following

<HOGE> terminal monitor
<HOGE> terminal debugging
<HOGE> debug ip rip

Confirm log

To see the latest log, add reverse as below.

[HOGE] display logbuffer reverse

When reverse is not added, it is displayed in order from the oldest log.

コメント

Copied title and URL