3COM MSR Series Router
Configuration Commands
System
is starting...
Do
you want to check SDRAM? [Y/N]
Booting
Normal Extend BootWare...
************************************************************************
H3C MSR20-11 BootWare, Version 2.09
************************************************************************
Copyright
(c) 2004-2008 Hangzhou H3C Technologies Co., Ltd.
Compiled
Date : Jan 5 2009
CPU
Type : MPC8323E
CPU
L1 Cache : 16KB
CPU
Clock Speed : 333MHz
Memory
Type : DDR SDRAM
Memory
Size : 256MB
Memory
Speed : 266MHz
BootWare
Size : 1024KB
CPLD
Version : 1.0
PCB
Version : 3.0
Boot
Ware Validating...
Press
Ctrl+B to enter extended boot menu...
Starting
to get the main application
file--flash:/main.bin!...............................................................................................
The
main application file is
self-decompressing.......................................... Done!
System
application is starting...
Press
ENTER to get started.
System
View: return to User View with Ctrl+Z.
[H3C]
[H3C]int
e0/0
[H3C-Ethernet0/0]ip
add
[H3C-Ethernet0/0]ip
address 172.17.0.1 255.255.255.0
[H3C-Ethernet0/0]quit
[H3C]
[H3C]int
s0/0
[H3C-Serial0/0]ip
address 172.20.0.1 255.255.255.252
[H3C-Serial0/0]link-protocol
hdlc or link-protocol ppp
[H3C-Serial0/0]quit
[H3C]
[H3C]sysname
MSR2011
[MSR2011]
[H3C]ip
route-static 0.0.0.0 0.0.0.0 172.20.0.2
[H3C]undo
ip route-static 0.0.0.0 0.0.0.0 172.20.0.2
[H3C]int
e0/0.100 (Sub Interface dot1q config)
[H3C-Ethernet0/0.100]vlan-type dot1q vid 100
[H3C-Ethernet0/0.100]ip
address 172.19.0.1 255.255.255.0
[H3C]int
e0/1
[H3C-Ethernet0/1]port link-mode route
[H3C-Ethernet0/1]ip
address 172.18.0.1 255.255.255.0
[H3C-Ethernet0/1]dis
this
interface Ethernet0/1
port
link-mode route
ip
address 172.18.0.1 255.255.255.0
[H3C]telnet
server enable
%
Start Telnet server
[H3C]user-interface vty 0 4
[H3C-ui-vty0-4]authentication-mode
scheme
[H3C-ui-vty0-4]quit
[H3C]
[H3C]local-user
test
New
local user added.
[H3C-luser-test]password
simple xyz or [H3C-luser-test]password cipher xyz
[H3C-luser-test]service-type
telnet
[H3C-luser-test]authorization-attribute
level 3
[H3C-luser-test]quit
[H3C]
[H3C]user-interface
aux 0
[H3C-ui-aux0]authentication-mode
password
[H3C-ui-aux0]set
authentication password simple 3com
[H3C]user-interface
aux 0 (
[H3C-ui-aux0]undo
authentication-mode
[H3C-ui-aux0]undo
set authentication password
[H3C]dns
resolve
[H3C]dns
server 4.2.2.2
[H3C]dis ip int brie (To view ip address details of interfaces)
*down:
administratively down , (s): spoofing
Interface
Physical Protocol IP Address Description
Aux0
down down unassigned Aux0
Inte...
Ethernet0/0
up up 172.17.0.1 Ethernet0...
Ethernet0/1
up up 172.18.0.1 Ethernet0...
Serial0/0
up up 172.20.0.1
Serial0/0...
Vlan-interface1
down down 192.168.1.1 Vlan-inte...
[H3C]save (For
Saving Configuration)
The
current configuration will be written to the device. Are you sure?
[Y/N]:y
Please
input the file name(*.cfg)[flash:/startup.cfg]
(To
leave the existing filename unchanged, press the enter key):
Validating file. Please wait........
Configuration is saved to device successfully.
[H3C]save
abc.cfg
The
current configuration will be saved to flash:/abc.cfg. Continue?
[Y/N]:y
Now
saving current configuration to the device.
Saving
configuration flash:/abc.cfg. Please wait..........
Configuration
is saved to flash successfully.
Directory
of flash:/
0
-rw- 13738388 Jan 01 2007 00:02:22 main.bin
1
-rw- 1008 Jan 01 2007 00:12:00 startup.cfg
2
-rw- 1008 Jan 01 2007 00:13:08 abc.cfg
Delete
flash:/abc.cfg?[Y/N]: y
%Delete
file flash:/abc.cfg...Done.
The
saved configuration file will be erased. Are you sure? [Y/N]: y
Configuration
file in flash is being cleared.
Please
wait ............. Configuration file in flash is cleared.
Start to check configuration with next startup configuration file,
please wait.........DONE!
This command will reboot the device. Current configuration may be
lost in next startup if you continue. Continue? [Y/N]:y
System
is rebooting now.
Now
rebooting, please wait...
[H3C-Ethernet0/0]shut (To
Down ethernet port)
[H3C-Ethernet0/0]undo
shut (To Up ethernet port)
[H3C]dis
cu (To show current configuration of Router)
[H3C]dis
sa (To show saved configuration of Router)
[H3C]dis
ver (To show BootROM version of Router)
[H3C]display
diagnostic-information (To view all information)
[H3C]display
interface (To view interface)
[H3C]clock
timezone IST add 05:30:00
[H3C]dis
clock
12:39:00
IST Sat 05/16/2009
Time
Zone : IST add 05:30:00
[H3C]ntp-service
unicast-server x.x.x.x (where x.x.x.x is a ip add of ntp server)
[H3C]display
device manuinfo (To view Sr. No. of Router)
slot
0
DEVICE_NAME
: MSR 20-10
DEVICE_SERIAL_NUMBER
: 210235A0A7B098000075
MAC_ADDRESS
: 0023-8962-9DE7
MANUFACTURING_DATE
: 2009-08-27
VENDOR_NAME
: H3C
[H3C]interface
Serial0/0 (Multilink Serial Config)
[H3C-Serial0/0]link-protocol
ppp
[H3C-Serial0/0]ppp
mp Mp-group 10
[H3C-Serial0/0]quit
[H3C]interface
Mp-group10
[H3C-Mp-group10]ip
address X.X.X.X 255.255.255.252
[H3C]interface
LoopBack0 (To assign Loopback IP address.)
[H3C-Loopback0]ip
address 172.36.0.1 255.255.255.255
[H3C]ping
x.x.x.x (where x.x.x.x is destination ip address)
[H3C]ping
-s 1500 x.x.x.x
(where
1500 is datagram size & x.x.x.x is destination ip address)
[H3C]ping
-c 100 x.x.x.x
(where
100 is no.of times to ping & x.x.x.x is destination ip address)
[H3C]interface
Vlan-interface1 (To
assign IP address to Vlan Interface)
[H3C-Vlan-interface1]ip
address 192.168.1.1 255.255.255.0
[H3C-Vlan-interface1]ip
address 192.168.2.1 255.255.255.0 sub
(To
assign secondary IP address)
[H3C]user-interface
console 0
[H3C-ui-console0]screen-length
0 ( 0 means to display all information at one time)
[H3C-ui-console0]undo
screen-length (To restore screen length to default 24 lines)
[H3C]ip count enable (To Enable IP accounting)
[H3C]interface
ethernet 0/0
[H3C-Ethernet0/0]ip
count inbound-packets
[H3C-Ethernet0/0]ip
count outbound-packets
[H3C]undo
ip count enable (To Remove IP accounting)
[H3C]interface
ethernet 0/0
[H3C-Ethernet0/0]undo
ip count inbound-packets
[H3C-Ethernet0/0]undo
ip count outbound-packets
VRRP
Config on Primary Router :-
[H3C]interface
ethernet 0/0
[H3C-Ethernet0/0]ip
address 10.10.10.2 255.255.255.0
[H3C-Ethernet0/0]vrrp
vrid 1 virtual-ip 10.10.10.1 (Set Virtual IP address)
[H3C-Ethernet0/0]vrrp
vrid 1 priority 110 (Set Higher Priority for Primary router)
[H3C-Ethernet0/0]vrrp
vrid 1 preempt-mode timer delay 5
Set
the interface to be tracked -
[H3C-Ethernet0/0]vrrp
vrid 1 track interface ethernet 0/1 reduced 30 or
[H3C-Ethernet0/0]vrrp
vrid 1 track interface Serial0/0 reduced 30
VRRP
Config on Secondary Router :-
[H3C]interface
ethernet 0/0
[H3C-Ethernet0/0]ip
address 10.10.10.3 255.255.255.240
[H3C-Ethernet0/0]vrrp
vrid 1 virtual-ip 10.10.10.1 (Set Virtual IP address)
[H3C-Ethernet0/0]vrrp
vrid 1 preempt-mode timer delay 5
[H3C-Ethernet1/0]display
vrrp verbose (To verify VRRP configuration)
BGP
Config :-
bgp
64520 (where 64520 is BGP no.)
import-route direct
import-route static
undo synchronization
peer x.x.x.x as-number 9730 (where x.x.x.x is ISP side POP end IP)
ISDN
Config as a Backup :-
#
acl
number 2011
rule 0 permit time-range test
#
acl
number 3001
rule 0 permit ip source x.x.x.x 0
#
local-user
test
password simple cisco
service-type ppp
local-user
admin
password cipher .]@USE=B,53Q=^Q`MAF4<1 p="">
tftp
172.17.0.2 put main.bin (172.17.0.2 is a tftp server IP add.)
tftp
172.17.0.2 get main.bin (172.17.0.2 is a tftp server IP add.)
boot-loader
file cfa0:/msr201x-cmw520-r1719p01.bin main
dis
boot-loader
reset arp all
authorization-attribute level 3
service-type telnet
#
interface
Bri0/0
link-protocol ppp
dialer enable-circular
dialer-group 1
dialer circular-group 0
dialer timer idle 300
dialer timer wait-carrier 300
dialer queue-length 60
#
interface
Dialer0
link-protocol ppp
ppp
authentication-mode chap
ppp
chap user airtel
ppp
chap password simple cisco
ppp
mp
ip
address 10.10.10.10 255.255.255.252
dialer enable-circular
dialer-group 1
dialer timer idle 300
dialer timer wait-carrier 300
dialer queue-length 60
dialer threshold 0 in-out
dialer route ip 10.10.10.9 user airtel broadcast 44332211
#
interface
Serial1/0
link-protocol ppp
ip
address 20.20.20.10 255.255.255.252
standby interface Dialer0
standby timer delay 3 300
qos
car inbound acl 3001 cir 10 cbs 1000 ebs 0 green pass red discard
#
ip
route-static 0.0.0.0 0.0.0.0 20.20.20.9
ip
route-static 0.0.0.0 0.0.0.0 10.10.10.9 preference 80
#
dialer-rule 1 acl 2011
#
Multicasting Config at Hub Location:-
#
multicast routing-enable
#
acl
number 2111
rule 0 permit source 239.0.0.2 0 (where 239.0.0.2 is multicast
group1)
rule 1 permit source 239.0.0.3 0 (where 239.0.0.3 is multicast
group2)
rule 3 deny
#
interface
Ethernet0/0
port link-mode route
ip
address x.x.x.x x.x.x.x
igmp enable
igmp version 3
pim
sm
#
pim
ssm-policy 2111
Multicasting
Config at Spoke Location:-
#
multicast routing-enable
#
acl
number 2111
rule 0 permit source 239.0.0.2 0 (where 239.0.0.2 is multicast
group1)
rule 1 permit source 239.0.0.3 0 (where 239.0.0.3 is multicast
group2)
rule 3 deny
#
interface
Ethernet0/0
port link-mode route
ip
address x.x.x.x x.x.x.x
igmp enable
igmp version 3
igmp static-group 239.0.0.2 source 192.168.2.X (where 192.168.2.X is
multicast source)
igmp static-group 239.0.0.3 source 192.168.3.X (where 192.168.3.X is
multicast source)
pim
sm
#
pim
ssm-policy 2111
To
verify Multicast config :-
[H3C]display
pim interface
[H3C]display
pim routing-table
To take backup of Firmware/config file from Router to PC using
tftp server.
(main.bin is a firmware file name)
File
will be transferred in binary mode.
Copying file to remote tftp server. Please wait... /
TFTP: 4840428 bytes sent in 58 second(s).
File uploaded successfully.
To
restore Firmware/config file from PC to Router using tftp server.
(main.bin is a firmware file name)
To
take backup of Firmware/config file from Router to PC using ftp
server.
Enable
ftp server & service-type ftp for admin user using foll.
Command.
[H3C]FTP
server enable
[H3C]local-user
admin
[H3C-luser-admin]service-type
ftp
Go
to command prompt C:\Documents and
Settings\Administrator>cd\
c:\ftp
172.17.0.1 (Router ethernet IP add.)
Connected
to 172.17.0.1
220
FTP service ready.
User
(172.17.0.1:(none)): admin
331
Password required for admin.
Password:
230
User logged in.
ftp>
ls
200
Port command okay.
150
Opening ASCII mode data connection for /*.
main.bin
startup.cfg
abc.cfg
226
Transfer complete.
ftp:
34 bytes received in 0.40Seconds 0.08Kbytes/sec.
ftp>get
abc.cfg (To take backup of Firmware/config file from Router to
PC)
200
Port command okay.
150
Opening ASCII mode data connection for /abc.cfg.
226
Transfer complete.
ftp:
2814 bytes received in 0.00Seconds 2814000.00Kbytes/sec.
ftp>
quit
221
Server closing.
ftp>put
abc.cfg (To restore Firmware/config file from PC to Router)
To
set new boot-loader file for boot startup use foll. Command.
This command will set the boot file. Continue? [Y/N]:y........
The specified file will be used as the main boot file at the next
reboot on slot 0!
The
boot file used at this reboot:cfa0:/ msr201x-cmw520-r1719p01.bin
attribute: main
The
boot file used at the next reboot:cfa0:/main.bin attribute: main
The
boot file used at the next reboot:cfa0:/main.bin attribute: backup
Failed to get the secure boot file used at the next reboot!
To
enable netstream on the interface.
[H3C]interface
e0/0
[H3C-Ethernet0/0]ip
netstream inbound
[H3C-Ethernet0/0]ip
netstream outbound
To
set the netflow server setting, please ensure to check the port
number(9996).
[H3C]ip
netstream export host x.x.x.x 9996 (where x.x.x.x is Netflow
server IP add.)
[H3C]ip
netstream export source interface e0/1
To
check the status on router.
[H3C]display
ip netstream cache
To
configure the SNMP basic information, including version and community
name.
[H3C]snmp-agent
trap enable
[H3C]snmp-agent
sys-info version v1
[H3C]snmp-agent
community read public
[H3C]snmp-agent
community write private
[H3C]snmp-agent
target-host trap address udp-domain 172.17.0.2 params securityname
private
[H3C]snmp-agent
target-host trap address udp-domain 172.17.0.2 params securityname
public
To
remove snmp-agent target-host :
[H3C]undo
snmp-agent target-host x.x.x.x securityname public
[H3C]undo
snmp-agent target-host x.x.x.x securityname private
[H3C]display
arp all
IP SEC config :
#
acl
number 3999
rule 0 permit ip source xx.xx.xx.xx yy.yy.yy.yy (where yy.yy.yy.yy is
wild card mask)
rule 1 deny ip
#
ike
proposal 1
encryption-algorithm 3des-cbc
dh
group2
authentication-algorithm md5
#
ike
dpd xxxx
#
ike
peer xxxx
pre-shared-key cipher yyyy
remote-address x.x.x.x
local-address y.y.y.y
dpd
xxxx
#
ipsec
proposal 1
esp
authentication-algorithm sha1
esp
encryption-algorithm 3des
#
ipsec
policy 1 1 isakmp
security acl 3999
ike-peer xxxx
proposal 1
Nqa
Track config :
#
nqa
entry admin test
type icmp-echo
destination ip x.x.x.x (where x.x.x.x is remote end ip add. Which
we have to monitor)
frequency 1000
probe count 5
probe timeout 800
reaction 1 checked-element probe-fail threshold-type consecutive 2
action-type trigger-only
#
ip
route-static 0.0.0.0 0.0.0.0 x.x.x.x track 1
ip
route-static 0.0.0.0 0.0.0.0 y.y.y.y preference 80 (where y.y.y.y is
second path ip add.)
#
track 1 nqa entry admin test reaction 1
#
nqa
schedule admin test start-time now lifetime forever
#
NAT
Config for Internet Link & MPLS link on single interface
:-
#
dns
resolve
dns
server X.X.X.X (where X.X.X.X is dns server IP address)
#
acl
number 2001
rule 0 permit source 192.168.1.0 0.0.0.255 (where 192.168.1.0 is
local LAN network)
#
interface
Ethernet0/0.100
vlan-type dot1q vid 100
ip
address 172.16.4.22 255.255.255.252 (MPLS Link IP address)
#
interface
Ethernet0/0.200
vlan-type dot1q vid 200
nat
outbound 2001
ip
address 125.20.4.226 255.255.255.252 (Internet Link IP address)
#
interface
Vlan-interface1 or interface Ethernet0/1
ip
address 192.168.1.1 255.255.255.0 (Local LAN Network)
ip
address 125.20.8.225 255.255.255.240 sub (Public IP Pool)
#
ip
route-static 0.0.0.0 0.0.0.0 125.20.4.225 (Default Route to Internet
Link)
#
NAT
Config for Internet Link having Public IP Pool :-
#
dns
resolve
dns
server X.X.X.X (where X.X.X.X is dns server IP address)
#
acl
number 2001
rule 0 permit source 192.168.0.0 0.0.0.255
#
interface
Ethernet0/0
port link-mode route
nat
outbound 2001
ip
address X.X.X.X 255.255.255.252 (Public IP address)
#
interface
Ethernet0/1
port link-mode route
ip
address 192.168.0.1 255.255.255.0 (Local LAN Network)
#
ip
route-static 0.0.0.0 0.0.0.0 X.X.X.X (Default Route to Internet
Link)
#
Tunnel Interface Config :-
[H3C]interface
tunnel 0
[H3C-Tunnel0]source
X.X.X.X (X.X.X.X is source IP add.)
[H3C-Tunnel0]destination
Y.Y.Y.Y (Y.Y.Y.Y is destination IP add.)
[H3C-Tunnel0]keepalive
5 5
SSH
Server Configuration Using Password Authentication :-
[H3C]public-key
local create rsa (Generate RSA key to enable SSH server)
[H3C]public-key
local create dsa (Generate DSA key to enable SSH server)
[H3C]ssh
server enable (To enable SSH server)
[H3C]local-user
test (To create New User with Password for SSH access)
[H3C-luser-test]password
simple xyz or [H3C-luser-test]password cipher xyz
[H3C-luser-test]service-type
ssh
[H3C-luser-test]authorization-attribute
level 3
[H3C-luser-test]quit
[H3C]
user-interface vty 0 4
[H3C-ui-vty0-4]
authentication-mode scheme
[H3C-ui-vty0-4]
protocol inbound ssh
[H3C-ui-vty0-4]
quit
[H3C]ssh
user test service-type stelnet authentication-type password
[H3C]dis
public-key local rsa public (To view rsa public key)
[H3C]dis
public-key local dsa public (To view dsa public key)
[H3C]
link-aggregation group 1 mode manual
[H3C]
interface ethernet 0/1 (Add ports Ethernet 0/1 through Ethernet 0/2
to the group.)
[H3C-Ethernet0/1]
port link-aggregation group 1
[H3C-Ethernet0/1]
interface ethernet 0/2
[H3C-Ethernet0/2]
port link-aggregation group 1
[H3C]
display link-aggregation interface
[H3C]
display link-aggregation summary
Port
Mirroring Configuration :-
[H3C]
mirroring-group 1 local
#
Add port Ethernet 1/1 and Ethernet 1/2 to the port mirroring group as
source ports. Add port Ethernet 1/3 to the port mirroring group as
the destination port.
[H3C]
mirroring-group 1 mirroring-port ethernet 1/1 ethernet 1/2 both
[H3C]
mirroring-group 1 monitor-port ethernet 1/3
#
Display the configuration of all the port mirroring groups.
[H3C]
display mirroring-group all
No comments:
Post a Comment