Professional Documents
Culture Documents
3com MSR Router Command 1
3com MSR Router Command 1
System is starting...
Do you want to check SDRAM? [Y/N]
Booting Normal Extend BootWare...
***********************************************************************
*
H3C MSR20-11 BootWare, Version 2.09
***********************************************************************
*
Copyright (c) 2004-2008 Hangzhou H3C Technologies Co., Ltd.
Compiled Date
: Jan 5 2009
CPU Type
: MPC8323E
CPU L1 Cache
: 16KB
CPU Clock Speed : 333MHz
Memory Type
: DDR SDRAM
Memory Size
: 256MB
Memory Speed
: 266MHz
BootWare Size
: 1024KB
CPLD Version
: 1.0
PCB Version
: 3.0
Boot Ware Validating...
Press Ctrl+B to enter extended boot menu...
Starting to get the main application file-flash:/main.bin!...............................................................................................
The main application file is self-decompressing.......................................... Done!
System application is starting...
Press ENTER to get started.
<H3C>
<H3C>system-view
System View: return to User View with Ctrl+Z.
[H3C]
[H3C]int e0/0
[H3C-Ethernet0/0]ip add
[H3C-Ethernet0/0]ip address 172.17.0.1 255.255.255.0
[H3C-Ethernet0/0]quit
[H3C]
[H3C]int s0/0
[H3C-Serial0/0]ip address 172.20.0.1 255.255.255.252
[H3C-Serial0/0]link-protocol hdlc or link-protocol ppp
[H3C-Serial0/0]quit
[H3C]
[H3C]sysname MSR2011
[MSR2011]
[H3C]ip route-static 0.0.0.0 0.0.0.0 172.20.0.2
[H3C]undo ip route-static 0.0.0.0 0.0.0.0 172.20.0.2
[H3C]int e0/0.100
(Sub Interface dot1q config)
[H3C-Ethernet0/0.100]vlan-type dot1q vid 100
[H3C-Ethernet0/0.100]ip address 172.19.0.1 255.255.255.0
[H3C]int e0/1
[H3C-Ethernet0/1]port link-mode route
[H3C-Ethernet0/1]ip address 172.18.0.1 255.255.255.0
[H3C-Ethernet0/1]dis this
interface Ethernet0/1
port link-mode route
ip address 172.18.0.1 255.255.255.0
[H3C]telnet server enable
% Start Telnet server
[H3C]user-interface vty 0 4
[H3C-ui-vty0-4]authentication-mode scheme
[H3C-ui-vty0-4]quit
[H3C]
[H3C]local-user test
New local user added.
[H3C-luser-test]password simple xyz
or
[H3C-luser-test]service-type telnet
[H3C-luser-test]authorization-attribute level 3
[H3C-luser-test]quit
[H3C]
[H3C]user-interface aux 0
[H3C-ui-aux0]authentication-mode password
[H3C-ui-aux0]set authentication password simple 3com
[H3C]user-interface aux 0
(
[H3C-ui-aux0]undo authentication-mode
[H3C-ui-aux0]undo set authentication password
[H3C]dns resolve
main.bin
startup.cfg
abc.cfg
<H3C>delete abc.cfg
Delete flash:/abc.cfg?[Y/N]: y
%Delete file flash:/abc.cfg...Done.
<H3C>reset save
(To Clear saved configuration)
The saved configuration file will be erased. Are you sure? [Y/N]: y
Configuration file in flash is being cleared.
Please wait ............. Configuration file in flash is cleared.
<H3C>reboot
(To reboot Router)
Start to check configuration with next startup configuration file, please wait.........DONE!
This command will reboot the device. Current configuration may be lost in next startup
if you continue. Continue? [Y/N]:y
System is rebooting now.
Now rebooting, please wait...
[H3C-Ethernet0/0]shut
[H3C-Ethernet0/0]undo shut
[H3C]dis cu
(To show current configuration of Router)
[H3C]dis sa
(To show saved configuration of Router)
[H3C]dis ver
(To show BootROM version of Router)
[H3C]display diagnostic-information
(To view all information)
[H3C]display interface
(To view interface)
[H3C]clock timezone IST add 05:30:00
[H3C]dis clock
12:39:00 IST Sat 05/16/2009
Time Zone : IST add 05:30:00
[H3C]ntp-service unicast-server x.x.x.x
or
service-type ppp
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
authorization-attribute level 3
service-type telnet
#
interface Bri0/0
link-protocol ppp
dialer enable-circular
dialer-group 1
dialer circular-group 0
dialer timer idle 300
dialer timer wait-carrier 300
dialer queue-length 60
#
interface Dialer0
link-protocol ppp
ppp authentication-mode chap
ppp chap user airtel
ppp chap password simple cisco
ppp mp
ip address 10.10.10.10 255.255.255.252
dialer enable-circular
dialer-group 1
dialer timer idle 300
dialer timer wait-carrier 300
dialer queue-length 60
dialer threshold 0 in-out
dialer route ip 10.10.10.9 user airtel broadcast 44332211
#
interface Serial1/0
link-protocol ppp
ip address 20.20.20.10 255.255.255.252
standby interface Dialer0
standby timer delay 3 300
qos car inbound acl 3001 cir 10 cbs 1000 ebs 0 green pass red discard
#
ip route-static 0.0.0.0 0.0.0.0 20.20.20.9
ip route-static 0.0.0.0 0.0.0.0 10.10.10.9 preference 80
#
dialer-rule 1 acl 2011
#
To set new boot-loader file for boot startup use foll. Command.
<H3C>boot-loader file cfa0:/msr201x-cmw520-r1719p01.bin main
This command will set the boot file. Continue? [Y/N]:y........
The specified file will be used as the main boot file at the next reboot on slot 0!
<H3C>dis boot-loader
The boot file used at this reboot:cfa0:/ msr201x-cmw520-r1719p01.bin attribute: main
The boot file used at the next reboot:cfa0:/main.bin attribute: main
The boot file used at the next reboot:cfa0:/main.bin attribute: backup
Failed to get the secure boot file used at the next reboot!
To enable netstream on the interface.
[H3C]interface e0/0
[H3C-Ethernet0/0]ip netstream inbound
[H3C-Ethernet0/0]ip netstream outbound
To set the netflow server setting, please ensure to check the port number(9996).
[H3C]ip netstream export host x.x.x.x 9996
(where x.x.x.x is Netflow server IP add.)
[H3C]ip netstream export source interface e0/1
To check the status on router.
[H3C]display ip netstream cache
To configure the SNMP basic information, including version and community name.
[H3C]snmp-agent trap enable
[H3C]snmp-agent sys-info version v1
[H3C]snmp-agent community read public
[H3C]snmp-agent community write private
[H3C]snmp-agent target-host trap address udp-domain 172.17.0.2 params securityname
private
[H3C]snmp-agent target-host trap address udp-domain 172.17.0.2 params securityname
public
To remove snmp-agent target-host :
[H3C]undo snmp-agent target-host x.x.x.x securityname public
[H3C]undo snmp-agent target-host x.x.x.x securityname private
[H3C]display arp all
<H3C> reset arp all
IP SEC config :
#
acl number 3999
rule 0 permit ip source xx.xx.xx.xx yy.yy.yy.yy (where yy.yy.yy.yy is wild card mask)
rule 1 deny ip
#
ike proposal 1
encryption-algorithm 3des-cbc
dh group2
authentication-algorithm md5
#
ike dpd xxxx
#
ike peer xxxx
pre-shared-key cipher yyyy
remote-address x.x.x.x
local-address y.y.y.y
dpd xxxx
#
ipsec proposal 1
esp authentication-algorithm sha1
esp encryption-algorithm 3des
#
ipsec policy 1 1 isakmp
security acl 3999
ike-peer xxxx
proposal 1
Nqa Track config :
#
nqa entry admin test
type icmp-echo
destination ip x.x.x.x (where x.x.x.x is remote end ip add. Which we have to monitor)
frequency 1000
probe count 5
probe timeout 800
reaction 1 checked-element probe-fail threshold-type consecutive 2 action-type triggeronly
#
ip route-static 0.0.0.0 0.0.0.0 x.x.x.x track 1
ip route-static 0.0.0.0 0.0.0.0 y.y.y.y preference 80 (where y.y.y.y is second path ip add.)
#
track 1 nqa entry admin test reaction 1
#
nqa schedule admin test start-time now lifetime forever
#
NAT Config for Internet Link & MPLS link on single interface :#
dns resolve
dns server X.X.X.X (where X.X.X.X is dns server IP address)
#
acl number 2001
rule 0 permit source 192.168.1.0 0.0.0.255 (where 192.168.1.0 is local LAN network)
#
interface Ethernet0/0.100
vlan-type dot1q vid 100
ip address 172.16.4.22 255.255.255.252
(MPLS Link IP address)
#
interface Ethernet0/0.200
vlan-type dot1q vid 200
nat outbound 2001
ip address 125.20.4.226 255.255.255.252 (Internet Link IP address)
#
interface Vlan-interface1
or
interface Ethernet0/1
ip address 192.168.1.1 255.255.255.0
(Local LAN Network)
ip address 125.20.8.225 255.255.255.240 sub
(Public IP Pool)
#
ip route-static 0.0.0.0 0.0.0.0 125.20.4.225 (Default Route to Internet Link)
#
NAT Config for Internet Link having Public IP Pool :#
dns resolve
dns server X.X.X.X (where X.X.X.X is dns server IP address)
#
acl number 2001
rule 0 permit source 192.168.0.0 0.0.0.255
#
interface Ethernet0/0
port link-mode route
nat outbound 2001
ip address X.X.X.X 255.255.255.252
(Public IP address)
#
interface Ethernet0/1
port link-mode route
ip address 192.168.0.1 255.255.255.0
(Local LAN Network)
#
ip route-static 0.0.0.0 0.0.0.0 X.X.X.X
(Default Route to Internet Link)
#
SSH Server Configuration Using Password Authentication :[H3C]public-key local create rsa
(Generate RSA key to enable SSH server)
[H3C]public-key local create dsa
(Generate DSA key to enable SSH server)
[H3C]ssh server enable
(To enable SSH server)
[H3C]local-user test
(To create New User with Password for SSH access)
[H3C-luser-test]password simple xyz
or
[H3C-luser-test]password cipher xyz
[H3C-luser-test]service-type ssh
[H3C-luser-test]authorization-attribute level 3
[H3C-luser-test]quit
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] authentication-mode scheme
[H3C-ui-vty0-4] protocol inbound ssh
[H3C-ui-vty0-4] quit
[H3C]ssh user test service-type stelnet authentication-type password
[H3C]dis public-key local rsa public
[H3C]dis public-key local dsa public