Huawei switch configuration

1. Reset console password
   a. Press on startup 【Ctrl】+【B】 key , Get into BOOTROM Catalog
   b. Input bootrom password
   By default ：V200R001 Previous version , The default password is “huawei”;V200R001 And later , The default password is “[email protected]”
   c. Input 7, eliminate console password
   d. Input 1, Enter the system in default mode
   e. Enter a new password to enter the system
   

2. Change of name
   

3. see
   display ip interface brief see ip
   display interface brief View interface status

4. Delete vlan Of vlanif ip Address

5. establish vlan And delete vlan（ First delete this vlan Of ip）

establish vlan40 and 50

[huawei3700]vlan batch 40 50
Info: This operation may take a few seconds. Please wait for a moment...done.
[huawei3700]

7. Set the port to access Mode and specify vlan
   [SwitchA] interface ethernet 0/0/1 // Access port 0/0/1

[SwitchA-Ethernet0/0/1] port link-type access // Set the port mode to access

[SwitchA-Ethernet0/0/1] port default vlan 2 // Add ports to vlan2 in

[SwitchA-Ethernet0/0/1] quit // sign out

8. Join multiple ports vlan
   a. Establish port group
   b. Add ports to the port group
   c. Operate on the port group

9. To configure trunk
   

10. Configure the mirror port
    a. Configure the observation port
    hold 24 This port is configured as an observation port
    b. Enter the port to be the mirror port , Carry out orders
    c. View the completed configuration
    

11. To configure snmp

a. snmp-agent sys-info contact Specific identification
Set the identification and contact method of the Administrator

b. snmp-agent sys-info location Specific location
Set the location information of the switch , This item is not initially set .
c. snmp-agent community read public
Set up a SNMP Community, Use this Community When connecting the switch , Only its... Can be read SNMP Information . You can put... In the instruction public Replace it with the string you want .
d. snmp-agent community write private
Set up a SNMP Community, Use this Community When connecting the switch , You can not only read its SNMP Information , You can also write values to SNMP Of MIB object , Realize the configuration of equipment . You can put... In the instruction private Replace it with the string you want .
e. snmp-agent sys-info version all
Set the switch support SNMP agreement , Yes v1,v2c,v3 this 3 A version , If you're not sure , It is better to set it to all, Will also support this 3 Agreements
f. Setting allows to send data to the network management workstation （NMS）192.168.1.1 send out Trap message , The group name used is tangseng
snmp-agent target-host trap address udp-domain 192.168.1.1 params securityname tangseng
g. Startup and shutdown snmp
snmp-agent
undo snmp-agent

h. see snmp Configuration of

[huawei3700]display current-configuration

i. see snmp Working condition of

10. To configure telnet
    a. Turn on telnet
    b. To configure Telnet User interface for user login ：
    Include VTY The user level of the user interface 、 Verification mode 、 Call in and call out restrictions and other basic attributes

 Use three a Verification mode 

allow telnet Access
Set up aaa Verified user name and password
Set user root The type of telnet user
Set user level

11. Check which versions of... Are enabled on the switch snmp
    

12. To configure snmp v3
    a. Create an accessible view
    [huawei3700]snmp-agent mib-view included
    b. Create group mygroup
    c. Create a user name and join the group , And set authentication mode and encryption mode
    d. Turn on v3 Of trap
    

13. To configure dhcp snooping

a. start-up dhcp function
b. In all vlan Upper opening snooping· function
c. On the trust port trust

14. dhcp Relay configuration
    a. Build a dhcp Server groups , Name the group casually , Such as andy
    b. hold dhcp Server's ip Add the address to the group just established andy
    

c. start-up dhcp service
d. Enter to use dhcp Relay interface , Enable relay , This step is divided into two situations , Physical interfaces and vlan Virtual interface .
d-1. If it's a router
d-2. If it's a layer 3 switch
Get into vlanif, choice relay
Select the just created dhcp Server groups andy

15. see dhcp snooping surface
    

16. Restore factory settings
    reset saved-configuration / Reset switch configuration

17. To configure snmp v3

snmp-agent       // Turn on snmp
snmp-agent sys-info version v3  // To configure snmp  Version is V3
snmp-agent mib-view included myview iso //  Add a new one mib View of object , myview Is the view name ,iso Is the of this view mib Tree node 
snmp-agent group v3 testers privacy read-view myview write-view myview //  Add a new group ,testers Group name ,privacy Means both authentication and encryption （ If it is authenticatio Just verify without encryption ）,read-view myview  Is to authorize this group to read views ,write-view myview Is to authorize this group to write views  
snmp-agent usm-user v3 tester testers authentication-mode md5 tangseng123 privacy-mode des56 tangseng123  //  Add a user （tester）, And specify the group to which this user belongs （testers）, And specify the user's authentication algorithm （MD5） And password （tangseng124）, And specify the encryption algorithm of this user （des56） And password （tangseng123）

18. Port security
    18.1MAC The address list is divided into three

1、 static state MAC Address table , Manual binding , Priority over dynamic MAC Address table

2、 dynamic MAC Address table , After receiving the data frame, the switch will send the source message mac Learning to MAC In the address table

3、 Black holes MAC Address table , Manual binding or automatic learning , Used to discard the specified MAC Address

18.2 see mac Electronic watch
18.3 Configure static mac Address table
take mac Address 5C80-B698-B65B Bind to port Ethernet 0/0/10 stay vlan 20 Effective in

18.4 Configure black holes mac Address table
stay vlan30 Source or destination received in mac The address is 5C80-B698-B651 The frame is discarded

18.5 Configure port security
1） In the port 10 Enable port security on
2） Limit ports mac The number of addresses is 1
3） Configure other non secure devices mac Frame processing action
4） Configure security MAC Aging time of address 300s, No aging by default

5） Delete port security

[huawei-Ethernet0/0/16]undo port-security enable 

6） delete a port sticky

huawei-Ethernet0/0/9]undo port-security mac-address sticky