ICON+ H3C S3100 Basic Configuration Template With Best Practice April 2021 - v2

Configuration management
ICON 2021
H3C S3100
Project Name : Best Practice H3C S3100
Prepared By : Fraedi Hangga H
Reviewed By : -
Approved By : CM
Preparation Date: 02-03-2020
Review Date : 02-03-2020
Approve Date : 02-03-2020
Update Version : V1 02-maret-2020
V2 06-april-2021
Update firware stable version & Update syslog config
UPGRADE FIRMWARE
UPGRADE VIA REMOTE :
<h3c>tftp 10.14.3.6 get S3100V3_EI-CMW710-R6318P01/S3100V3_EI-CMW710-R6318P01.ipe

Press CTRL+C to abort.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
51 53.2M 51 27.6M 0 0 16220 0 0:57:24 0:29:49 0:27:35 16334
<h3c>boot-loader file flash:/ S3100V3_EI-CMW710-R6318P01.ipe slot 1 main

Akan muncul dialog, ketik Y kemudian enter
Tunggu sampai progress selesai, kemudian
<h3c>reboot
Akan muncul dialog lagi, ketik Y dan Enter.
Switch akan reboot, setelah tunggu saja sampai seluruh proses booting selesai.
Setelah selesai bisa cek dengan perintah display version, maka software sudah terupgrade
dari 6121 ke 6318.
FIRMWARE RECOMMENDATION :
1. Basic Configuration Template H3C S3100
Figure 1 Basic Configuration Template
#
version 7.1.070, Release 6126P20
#
# Global LLDP configuration
lldp compliance cdp
lldp global enable
# Password Recovery feature
password-recovery enable
# Disable LLDP on interfaces facing to customer
interface [INTERFACE ID]
undo lldp enable
#
# Enable lldp on interfaces facing to ICON+ device
lldp enable
#
# Enable BPDU Filter on all access interfaces facing to customers
stp bpdu-protection
#
# Disable BPDU Filter on all trunk interfaces facing to ICON+ devices
stp port bpdu-protection disable
#
# Unused interface(s): Shutdown
shutdown
#
# Spanning Tree Configuration
stp global enable
stp region-configuration
stp instance 0 priority 4096
stp port-log all
#
sysname [REGIONAME-SITENAME-H3C.S3100-CPE-ID]
# Example: BALI-APJ.DENPASAR-H3C.S3100-CPE-01
# Management VLAN and Interface
vlan [ID]
name [Text]
# Interface vlan
interface [MANAGEMENT VLAN]
ip address [MANAGEMENT IP ADDRESS] 29
#
# MTU config interface
interface GigabiteEthernet1/0/4
jumbo frame enable 9000
#
# NTP (Time Protocol)
ntp-service enable
ntp-service unicast-server 10.14.4.2
ntp-service unicast-server 10.14.4.23
#
# logging
info-center enable
info-center loghost 10.14.4.15
# Telnet activated
telnet server enable
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
interface Ethernet1/0/1
Shutdown
#
Shutdown
#
Shutdown
#
Shutdown
#
interface GigabitEthernet1/0/5
Shutdown
#
Shutdown
#
Shutdown
#
Shutdown
#
#
description "Trunk to [Uplink Hostname] Port [Port from Uplink to H3C]"
port link-type trunk
port trunk permit vlan 1 [another VLAN ID]
lldp enable
jumbo frame enable 9000
#
line class aux
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0 4
authentication-mode scheme
#
line vty 5 63
## static route to gateway NMS
ip route-static 0.0.0.0 0 [GATEWAY IP ADDRESS NMS]
#
# SNMP Configuration
snmp-agent community read simple IPMPLS-ICON+ acl 2098
snmp-agent sys-info contact admin@iconpln.net.id
snmp-agent sys-info location RKAL-DISKOMINFO.BJB.DINAS.KOPERASI-H3C.3100-CPE-01
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 10.14.3.12 params securityname
IPMPLS-ICON+
#
ssh server enable
ssh user j2m service-type all authentication-type password
#
acl number 2088
rule permit source 10.14.4.4 0
rule permit source 172.25.35.0 0.0.0.255
rule permit source [NETWORK] [WILDCARDMASK] #(misainfo CM 172.21.21.1/29)
acl number 2098

#
#HWTACAC REGIONALISASI [Pilih sesuai dengan regionalnya]
hwtacacs scheme rkal
primary authentication 10.14.4.19
primary authorization 10.14.4.19
primary accounting 10.14.4.19
secondary authentication 10.14.4.12
secondary authorization 10.14.4.12
secondary accounting 10.14.4.12
key authentication simple iC0N-IPmpls+
key authorization simple iC0N-IPmpls+
key accounting simple iC0N-IPmpls+
user-name-format without-domain
#
radius scheme system
#
domain domain-rkal
authentication login hwtacacs-scheme rkal local
authorization login hwtacacs-scheme rkal local
accounting login hwtacacs-scheme rkal local
#
hwtacacs scheme sumatera
#
#
domain domain-sumatera
authentication login hwtacacs-scheme sumatera local
authorization login hwtacacs-scheme sumatera local
accounting login hwtacacs-scheme sumatera local
#
hwtacacs scheme jabar
#
#
domain domain-jabar
authentication login hwtacacs-scheme jabar local
authorization login hwtacacs-scheme jabar local
accounting login hwtacacs-scheme jabar local
#
hwtacacs scheme jakarta
#
#
domain domain-jakarta
authentication login hwtacacs-scheme Jakarta local
authorization login hwtacacs-scheme Jakarta local
accounting login hwtacacs-scheme Jakarta local
#
hwtacacs scheme jateng
#
#
domain domain-jateng
authentication login hwtacacs-scheme jateng local
authorization login hwtacacs-scheme jateng local
accounting login hwtacacs-scheme jateng local
#
hwtacacs scheme jatim
#
#
domain domain-jatim
authentication login hwtacacs-scheme jatim local
authorization login hwtacacs-scheme jatim local
accounting login hwtacacs-scheme jatim local
#
hwtacacs scheme balirit
#
#
domain domain-balirit
authentication login hwtacacs-scheme balirit local
authorization login hwtacacs-scheme balirit local
accounting login hwtacacs-scheme balirit local
#
domain default enable [pilih sesuai dengan domainnya]
#
role name level-0
description Predefined level-0 role
#
role name level-1
#
role name level-2
#
role name level-3
#
role name level-4
#
role name level-5
#
role name level-6
#
role name level-7
#
role name level-8
#
role name level-9
#
role name level-10
#
role name level-11
#
role name level-12
#
role name level-13
#
role name level-14
#
local-user j2m class manage
password simple multimedia123
service-type telnet ssh
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
save
2. Service Configuration
# QOS Configuration
interface [int ID]
qos lr inbound cir 20480
qos lr outbound cir 20480
# Interface Access Configuration

interface [interfaces to customer]
port link-type access
port access vlan [vlan ID]
stp edge-port
stp root-protection
undo shutdown
# Multicast IPTV
igmp-snooping
# Stroomnet
dhcp snooping enable
dhcp snooping enable vlan 2882
description Interface Stromnet Broadband
port access vlan 2882
dhcp snooping information enable
dhcp snooping information circuit-id string (option-82 key string)
dhcp snooping information circuit-id vlan 2882 string (option-82 key string)
description Trunk ke Arah Server
port link-type trunk
port trunk permit vlan 1 13 100 2882 2886
dhcp snooping trust
# QinQ
description Interface QinQ kearah user
port access vlan 2882
qinq enable
3. Banner Login Configuration
#
header login %
*************************************************************************
* This system is the property of PT Indonesia Comnets Plus. *
* Unauthorized access is prohibited. *
* All unauthorized attempt to access this system will be *
* logged and investigated. *
* Violators will be prosecuted in conformance with local law. *
* *
* ...:: NOT Integrated to IPSA yet ::... *
*************************************************************************
* Maintenance Partner : H3C Indonesia *
* Email : h3cts@h3c.com *
* Hotline : 001803065034 (ID) *
* +86-571-86763000 (China) *
*************************************************************************
%
#

ICON+ H3C S3100 Basic Configuration Template With Best Practice April 2021 - v2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ICON+ H3C S3100 Basic Configuration Template With Best Practice April 2021 - v2

Uploaded by

Copyright:

Available Formats

Configuration management

UPGRADE VIA REMOTE :

<h3c>tftp 10.14.3.6 get S3100V3_EI-CMW710-R6318P01/S3100V3_EI-CMW710-R6318P01.ipe

<h3c>boot-loader file flash:/ S3100V3_EI-CMW710-R6318P01.ipe slot 1 main

acl number 2098

# Interface Access Configuration

You might also like