#基礎查詢&儲存##
<HP>system ##enable mode
<HP>reboot ##restart system
[HP]display current-configuration #對應cisco show running-configuration
[HP]display startup-configuration #對應cisco show startup-configuration
[HP]save #儲存設定檔
[HP]save force #強制儲存設定檔
[HP]display this #顯示現有階層下的狀態
[HP]dis link-aggregation summary #顯示LACP目前狀態
[HP]dis version #顯示版本
<HP>display clock #顯示時間
[HP]enable debug dotx all #除錯模式 dotx
<HP>dir flash: #顯示所有在Flash的檔案
display process cpu #顯示CPU
display process memory #顯示記憶體
clear mac address
display device manuinfo slot 1 #顯示Slot SN
display arp
reset arp interface gi 2/0/5
display ip routing-table # show ip routing
______________________________________________
## display ##
dis cu | begin Ten #Ten-gigabitethernet
______________________________________________
## Debugging ##
debugging stp event interface gi 1/0/30
terminal monitor #show informantion output to current terminal
________________________________________
##設定SW IP address及Gateway##
[HP]interface vlan-interface 1 #進入vlan1(問我為什麼進入vlan1的請回去學switch的概念)
[HP-Vlan-interface1]ip address x.x.x.x x.x.x.x
[HP-Vlan-interface1]save
[HP-Vlan-interface1]quit
[HP]ip route-static 0.0.0.0 0.0.0.0 Vlan-interface 1 192.168.1.254 #直接一筆寫完上面一堆指令
________________________________________
##變更名稱##
[HP]sysname XXX
________________________________________
##啟動web管理介面##
<HP>system
[HP]local-user xxx
[HP-luser-admin]service-type web
[HP-luser-admin]service-type http https #HP version 7.1
[HP-luser-admin]authorization-attribute level 3 #設定帳號權限等級3
[HP-luser-admin]password cipher xxx #這指令有分simple及cipher,但我打simple最後還是變成cipher
[HP-luser-admin]quit
[HP]ip https enable #啟用Https服務
[HP]ip https port xxx #設定port
[HP-Vlan-interface1]save
[HP-Vlan-interface1]quit
________________________________________
##啟用Terminal服務## telnet
<HP>system
[HP]user-interface vty 0 4
[HP-ui-vty0-4]authentication-mode password
[HP-ui-vty0-4]set authentication password cipher xxxxx
[HP-ui-vty0-4]user privilege level 3
[HP-ui-vty0-4]quit
[HP]telnet server enable
________________________________________
##啟用ssh服務##
<HP>system
[HP]public-key local create rsa
[HP]ssh server enable
[HP-ui-vty0-4]user-interface vty 0 4
[HP-ui-vty0-4]authentication-mode scheme
[HP-ui-vty0-4]user privilege level 3
[HP-ui-vty0-4]user-role network-admin #HP version 7.1
[HP]quit
[HP]local-user xxx ##建立user帳號
[HP-luser-admin]service-type ssh (ssh telnet terminal web) ##要給予這個使用者採取那些連線方式
[HP-luser-admin]authorization-attribute user-role network-admin #HP version 7.1
[HP-luser-admin]authentication-attribute level 3
[HP-luser-admin]password cipher password
[HP-luser-admin]quit
________________________________________
##設定ACL##
acl number 4000 name MAC01
rule 0 permit source-mac 0023-2401-b5ae ffff-ffff-ffff dest-mac 0000-0000-0000 0000-0000-0000
rule 5 permit source-mac 0000-0000-0000 0000-0000-0000 dest-mac 0023-2401-b5ae ffff-ffff-ffff
undo acl number xxxx ##刪除ACL
—————————————–
acl number 3000 name IP01 ## create acl (name)
rule 0 permit ip source 192.168.20.33 0 destination any ##create rule
rule 5 permit ip source any destination 192.168.20.33 0
undo acl number xxxx ##刪除ACL
________________________________________
##以interface 方式設定hybrid模式##
<HP>system
[HP]interface gi 1/0/1
[HP-GigabitEthernet1/0/1]port link-type hybrid ##設定hybrid可以寫入多個access vlan,這是傳統SW沒法做到的
[HP-GigabitEthernet1/0/1]port hybrid vlan 10 tagged #該interface 帶tag 10
[HP-GigabitEthernet1/0/1]port hybrid vlan 101 untagged #該interface 不帶tag
_________________________________________
##以interface 方式設定Vlan##
[HP]interface gi 1/0/1
[HP-GigabitEthernet1/0/1]port link-type access #需為port link-mode bridge
[HP-GigabitEthernet1/0/1]port access vlan 100
______________________________________________
##以vlan 方式設定Vlan##
<HP>system
[HP]vlan 2
[HP-vlan2]port gi 1/0/3
[HP-vlan3]port gi 1/0/4 to gi 1/0/10
[HP-vlan3]quit
______________________________________________
## interface routing ##
interface gi 1/0/24
port link-mode route
ip address x.x.x.x x.x.x.x
______________________________________________
##一次顯示所有設定檔(取消每一次顯示的行數)##
<HP>screen-length disable
______________________________________________
##存檔##
<HP>save backup #存檔成backup用的config
<HP>copy startup.cfg 20160819.cfg #複製開機設定檔
______________________________________________
##進入SW的BIOS(開機選單)##
開機時按 “ctrl+B”
BIOS可用的功能
______________________________________________
##忘記Console密碼##
開機時按 “ctrl+B”
選擇”skip current system configuration file”
以筆記本形式編輯starup-config
編輯完後再將內容貼回去,存檔
______________________________________________
##回復原廠預設值##
<HP>reset saved-configuration
<HP>reset saved-configuration backup
<HP>reboot
______________________________________________
##刪除現有檔案##
<HP>delete /unreserved file #加/unreserved的差別在於有/unreserved指令會直接清理檔案,不會進到垃圾桶
<HP>reset recyble bin #清理垃圾桶
<HP>undelete file #救回垃圾桶的檔案
______________________________________________
##選擇開機時要用的startup config及韌體##
<HP>start saved-configuration startup.cfg main
<HP>dir
<HP>boot-loader file a5500hi-cmw520-r5501p25.bin slot all main
______________________________________________
##直接在SW上面建立vlan的路由##(不適合用在5500以下的機型,因為如5130 ARP TABLE只有256,超過就有人沒法上網)
interface vlan-interface 1
ip address 192.168.1.254 24
quit
interface vlan-interface 2
ip address 192.168.2.254 24
quit
______________________________________________
##執行LACP##
interface bridge-aggregation 1
link-aggregation mode dynamic #LACP Active的下法, 另外針對cisco的設備,這個指可以不用下,讓HP變成static模式。
quit
interface gi 1/0/1
port link-aggregation group 1
interface gi 1/0/2
port link-aggregation group 1
interface bridge-aggregation 1
port link-type trunk
port trunk permit vlan all
or
interface range GigabitEthernet 1/0/1 GigabitEthernet 1/0/3 ##一次設定範圍裏面的port
port link-aggregation group 1
dis link-aggregation summary #顯示LACP目前狀態
dis interface Bridge-Aggregation 1
dis link-aggregation verbose Bridge-Aggregation26 #顯示LACP詳細狀態
______________________________________________
#設定Trunk port及於port中設定access vlan##
[hptest-GigabitEthernet1/0/1]port link-type trunk
[hptest-GigabitEthernet1/0/1]port trunk permit vlan all
[hptest-GigabitEthernet1/0/1]port trunk pvid vlan 2 #在trunk模式底下只能有一個untagged的vlan
______________________________________________
##啟用RSTP##
stp enable
stp mode rstp
stp priority 0
______________________________________________
##在interface上設定快速連線(porfast)##
[HP]stp edged-port enable
______________________________________________
##dhcp Relay##
dhcp enable
dhcp relay server-group 1 ip 192.168.1.1 #有第二筆就直接加在後面
interface vlan-interface 2
dhcp select relay
dhcp relay server-select 1
quit
dhcp enable
interface vlan 2
dhcp select relay
dhcp relay server-address 192.168.1.227
______________________________________________
##DHCP Server## version 5
dhcp server ip-pool
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.201.253
domain-name example.com
dns-list 192.168.1.2
expored day 1 hour 12
quit
dhcp server forbidden-ip 192.168.1.2 #禁止發的IP
dhcp server forbidden-ip 192.168.1.4 to 192.168.1.10
dis dhcp server pool #HP version 7.1
dis dhcp server ip-in-use #HP version 7.1
reset dhcp server ip-in-use IP/pool #HP version 7.1
option 121 hex 18 C0 A8 CB C0 A8 C9 FE # 16進制 24 192 168 203 0 192 168 200 254
option 121 hex 12 C0 A8 00 C0 A8 18 FE # 16進制 18 192 168 0 0 192 168 24 254
option 121 hex 12 C0 A8 C0 A8 18 FE # 16進制 18 192 168 0 0 192 168 24 254
______________________________________________
##DHCP Server## version 7
______________________________________________
##設定IRF##
共用指令
chassis convert mode irf #非chassis不用下
#reboot
第一台
irf member 1 priority 32 #越高優先
quit
interface gi 1/0/1
shut
quit
interface gi 1/0/2
shut
quit
irf-port 1/1
port group interface ten 1/0/1
port group interface ten 1/0/2
interface gi 1/0/1
undo shut
interface gi 1/0/2
undo shut
quit
save
改設定第二台
irf-port-configuration active
第二台
irf member 1 renumber 2 #由第一台改為第二台
quit
reboot
interface gi 2/0/1
shut
quit
interface gi 2/0/2
shut
quit
irf-port 2/1
port group interface gi 2/0/1
port group interface gi 2/0/2
interface gi 2/0/1
undo shut
interface gi 2/0/2
undo shut
quit
save
設定完第二台後接線
irf-port-configuration active
#
display irf
display irf topology
display irf link
display irf configuration
______________________________________________
## MAD ##
<DeviceA> system-view
[DeviceA] vlan 1000
[DeviceA-vlan3] port gigabitethernet 1/0/1 gigabitethernet 2/0/1
[DeviceA-vlan3] quit
[Sysname] interface vlan-interface 3
[Sysname-Vlan-interface3] mad bfd enable
[Sysname-Vlan-interface3] mad ip address 192.168.99.99 24 member 1
[Sysname-Vlan-interface3] mad ip address 192.168.99.199 24 member 2
[Sysname-Vlan-interface3] quit
dis int g2/0/21
GigabitEthernet2/0/21 current state: DOWN ( MAD ShutDown ) #測試時,確認關閉是否由MAD執行
display mad verbose
#在STP狀態中做BFD MAD,status會一直顯示Faulty,要關閉STP才會正常。
______________________________________________
##TFTP上傳/下載##
#上傳,這裡指的是從SW上傳資料到TFTP Server
<HP>dir
<HP>tftp 192.168.1.20 put a5500hi-cmw520-r5206.bin a5500hi-cmw520-r5206.bin
#下載,這裡指的是從Server下載資料到SW
<HP>dir
<HP>tftp 192.168.1.20 get A5500HI-CMW520-R5501P25.bin A5500HI-CMW520-R5501P25.bin
<HP>boot-loader file a5500hi-cmw520-r5501p25.bin slot all main
<HP>delete flash:/xxxx.bin #如果空間不夠,先執行下面動作後再上傳新的檔案
<HP>reset recycle-bin
______________________________________________
##設定Concole 密碼##
[HP]user-interface 0
[HP-ui0]auth
[HP-ui0]authentication-mode password
[HP-ui0]set authentication password cipher 123456
[HP-ui0]user privilege lev 3
[HP-ui0]quit
______________________________________________
###NTP server ###
ntp-service enable
ntp-service unicast-server 192.168.8.55
clock timezone GMT add 8
clock protocol ntp
display ntp-service status
______________________________________________
### radius ###
radius scheme intech.local
server-type extended
primary authentication 192.168.6.2 key xxxxx
user-name-format without-domain
nas-ip 10.1.1.2
domain intech.local
authentication radius-scheme intech.local
authorization lan-access radius-scheme intech.local
quit
domain default enable intech.local
dot1x
user-interface vty 0 4
authentication-mode scheme
# 配置在?程??失??,本地??的key
[H3C_TEST]local-server nas-ip 127.0.0.1 key h3c
______________________________________________
### HP 1910 cmd開啟模式 ###
Username:admin
Password:空白
<HP V1910 – 192.168.1.251>_cmdline-mode on
All commands can be displayed and executed. Continue? [Y/N]y
Please input password:512900
______________________________________________
### HP 1912 cmd開啟模式 ###
>_cmdline-mode on
______________________________________________
### HP 1950 cmd開啟模式 ###
>xtd-cli-mode
password: foes-bent-pile-atom-ship
## HP 1950 ACL ##
acl number 3000 name deny_access_vlan3
rule 10 deny ip source 192.168.3.0 0.0.0.255
interface vlan 3
[HPE-Vlan-interface3]packet-filter name deny_access_vlan3 inbound
______________________________________________
### portfast ###
STP Edged-Port enable ##5500
STP Edged-Port ##5130 5900
______________________________________________
### monitor session ###
1. Assign destination port for mirror traffic (Wireshark port)
a) [Switch] mirroring-group 1 local
b) [Switch] mirroring-group 1 monitor-port g1/0/yy #destination port
2. Assign source port for traffic to monitor
a) [Switch] mirroring-group 1 mirroring-port g1/0/xx both #source port
display mirroring-group 1
______________________________________________
## port snooping #
dhcp snooping trust
______________________________________________
## BPDU ##
stp bpdu-protection
______________________________________________
## loopback detection ##
loopback-detection global enable vlan all
loopback-detection global action shutdown
loopback-detection interval-time 60
______________________________________________
## SNMP ##
snmp-agent
snmp-agent sys-info version all/v1/v2c/v3
snmp-agent community read public
snmp-agent community write public
snmp-agent trap enable
snmp-agent target-host trap address udp-domain 192.168.200.177 udp-port 161 params securityname public
snmp-agent community read public
snmp-agent community write public
snmp-agent sys-info version v1 v2c
dis snmp-agent sys-info
dis snmp-agent community
dis snmp-agent statistics
save
______________________________________________
## STP ##
[HP]stp global enable 啟用全域stp
stp enable
[HP]undo stp global enable 關閉全域stp
[HP]stp priority 61440 設定stp priority的數值
[HP]stp mode mstp/pvst/rstp/stp 選擇stp類型
[HP]stp vlan 1 enable 針對vlan1啟動stp
[HP]stp bpdu-protection 啟用BPDU protection
______________________________________________
## loop or loopback ##
<HP> system-view
[HP]loopback-detection enable #全域啟動
[HP]loopback-detection interval-time 10 #每十秒發送一個BPDU封包檢查
[HP]interface g1/0/12 #切換到每一個介面上去
[HP-GigabitEthernet1/0/12]loopback-detection enable #在介面上啟動
[HP-GigabitEthernet1/0/12]loopback-detection action shutdown #介面上發現 LOOP 之後 強迫關閉介面
[HP-GigabitEthernet1/0/12]storm-constrain broadcast pps 1500 500 #當廣波風暴超過每秒 1500 個封包 啟動抑制機制
[HP-GigabitEthernet1/0/12]storm-constrain multicast pps 1500 500 #當多廣波風暴超過每秒 1500 個封包 啟動抑制機制
[HP-GigabitEthernet1/0/12]storm-constrain unicast pps 1500 500 #當單點廣波風暴超過每秒 1500 個封包 啟動抑制機制
[HP-GigabitEthernet1/0/12]storm-constrain control shutdown #介面上發現任一廣波風暴 關閉該介面
[HP-GigabitEthernet1/0/12] quit
[HP]Save
______________________________________________
## DNS ##
dns server 168.95.1.1
dns server 8.8.8.8
______________________________________________
## sflow ##
system-view
sflow agent ip 192.168.200.14 ## 設定此Switch本身要發送資料的IP(就是Switch的IP)
sflow collector 1 ip 192.168.200.131 port 9020 ##server IP
interface gigabitethernet 1/0/2
sflow counter interval 20 # 設定取樣間隔時間為20秒
sflow counter collector 1 # 設定至 sFlow collector 1
sflow sampling-mode random # 設定取樣模式為”隨機取樣”
sflow sampling-rate 1000
# 設定取樣數為1000
# sFlow官方文件建議取樣值:
# 10Mb/s: 200
# 100Mb/s: 500
# 1Gb/s: 1000
# 10Gb/s: 2000
# HP官方文件範例為4000
sflow flow collector 1 # 設定至 sFlow collector 1
display sflow
______________________________________________
##setting interface speed ##
______________________________________________
## assign ip in interface ##
interface gi 1/0/1
port link-mode route
ip address 10.252.15.185 255.255.255.248
______________________________________________
## NQA (IP SLA) icmp ##
nqa entry icmp 10.10.244.250
type icmp-echo
destination ip 10.10.244.250
frequency 5000
nqa schedule icmp 10.10.244.250 start-time now lifetime forever
______________________________________________
## PBR ##
policy-based-route 10 permit node 10
if-match acl name PBR-ACL-for-internet
apply next-hop 10.10.244.250 track 1
acl basic name PBR-ACL-for-internet
rule 0 permit source 10.10.0.0 0.0.255.127
rule 5 permit source 10.11.0.0 0.0.255.127
interface GigabitEthernet1/0/2
port link-mode route
ip policy-based-route 10
______________________________________________
## bgp ##
bgp 65001
peer 10.252.14.154 as-number 65535
#
address-family ipv4 unicast
balance 3
summary automatic
network 61.220.58.64 255.255.255.192
network 74.125.101.0 255.255.255.0
network 113.196.38.128 255.255.255.248
peer 10.252.14.154 enable
peer 10.252.14.154 as-path-acl 10 export
______________________________________________
## OSPF ##
______________________________________________
## ecmp path ##
______________________________________________
## fan direction ## HP 5700 & HP 5900
dis fan #show fan status
fan prefer-direction slot 1 port-to-power # change prefer airflow
______________________________________________
## openflow ##
______________________________________________
## IGMP ##
igmp-snooping
undo igmp-snooping
display igmp-snooping #show igmp config
display igmp-snooping group vlan 2
______________________________________________
## 40g to 10g ##
interface FortyGigE 1/0/52
using tengige
y
reboot
______________________________________________
## config for NLB ##
#unicast
mac-address destination-hit disable # comware 5
#Configuring a multiport unicast MAC address entry globally
mac-address multiport <mac-address> interface <interface-list> vlan <vlan-id>
#Configuring a multiport unicast MAC address entry on an interface
interface interface-type <interface-number> # comware 7
or
interface bridge-aggregation <interface-number>
mac-address multiport <mac-address> vlan <vlan-id>
______________________________________________
## MTU ##
#5710
interface vlan 1
mtu XXX
interface gi 1/0/1
jumboframe enable
mtu XXX ????
______________________________________________
## flow control ##
[5930]interface range FortyGigE 1/0/1 to FortyGigE 1/0/32
[5930-if-range]flow-control
______________________________________________
## poe ##
# Enable PoE on a PI in PI view.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] poe enable
# Enable PoE on a PI in PoE profile view.
<Sysname> system-view
[Sysname] poe-profile abc
[Sysname-poe-profile-abc-1] poe enable
display poe
interfacepoe-profile