System-view

display current-configuration
PING EXTENDIDO
<mintel2-lab-piloto2uio>ping -a 201.218.38.198 10.21.143.76
PING 10.21.143.76: 56 data bytes, press CTRL_C to break
MSR 900
10 Mb Full-duplex (encryptacion baja a 8 Mb)
2 WAN y 4 lan, 2puertos LAN se pueden hacer WAN
no requiere licencia.
Quit

comando para salir del equipo

ROUTER H3C guia de configuracin bsica

<H3C> display version
hp Corporation
Switch MSR900 Software Version hp OS V3.01.07s56
Copyright(C) 2003-2005 hp Corporation. All Rights Reserved
Switch MSR900 uptime is 0 week, 1 day, 5 hours, 23 m
Switch MSR900 with 1 MIPS Processor
64M

bytes DRAM

16384K bytes Flash Memory

Config Register points to FLASH
CPLD Version is CPLD 001
Bootrom Version is 1.05
[Subslot 0] 24 FE + 4 GE Hardware Version is 00.00.00

Saving the configuration after making changes:

<H3C>save

wr (write)

The configuration will be written to the device.

Are you sure?[Y/N] y
Please input the file name (*.cfg) [flash:startup.cfg]:
nota:

A power fail during save may corrupt the file

Use save safely to prevent such corruption.

To set a switch back to factory defaults:

<H3C>reset saved-configuration
configuration
The saved configuration will be erased.
Are you sure?[Y/N] y

= erase startup-

Configuration in flash memory is being cleared.

Please wait
<H3C> reboot

reload

This will reboot device. Continue? [Y/N] y

backup startup-configuration to dest-addr dest-filename

display device manuinfo

como un tftp

para ver la serie del equipo.

display current-configuration | begin palabra

palabra

muestra desde elprimer encuentro de

display ip routing-table | exclude Palabra

palabra

muestra las lineas que no contienen

display ip routing-table | include Palabra

palabra

muestra las lineas que incluyen

<H3C> system-view
[H3C] sysname PRUEBA
-----> [PRUEBA]

= configuration terminal
= hostname PRUEBA

<h3c> clock datetime time date

Ej:

setear hora

clock datetime 14:10:20 8/1/2005

[H3] clock timezone zone-name { add | minus } zone-offset

Ej:

Clocktime zone

[H3C] clock timezone z5 add 5

idle-timeout minutes [ seconds ]

timeout

undo copyright-info enable

deshabilita copyright

[H3C]super password simple clave

[H3C] header login % mensaje %

enable secret

banner motd

[H3C] flow-interval 30
interfases

setea el tiempo de medicion a 30 seg en

[H3C] mac-address dynamic vlan 1

reset arp dynamic

clear arp

[H3C] copyright-info enable

para que no salga el copyright de H3C

Setear ip en interfase
ip address ip_address { mask mask_length } [ sub ]

Ping con source

Ping -a source-ip ip-target
Configurar VLANs
[H3C] vlan 20
name LAN_B

Creacion de Vlan

[H3C] interface vlan-interface 20

Ip address 172.16.0.1 24
[H3C] interface Ethernet 0/3
port link-type access
port access vlan 20

Asignacin de direccin IP a la VLAN

Asignacin de vlan a los puertos

Commands are classified into 4 privilege levels

Visit (level 0)
Including network diagnostic commands like telnet, ping & traceroute for testing
Monitor (level 1)
Including display and debugging command, used for system maintenance & fault diagnosis
Configuration (level 2)
Including all service configuration commands, but no system administration authority
Administrator (level 3)
Including file system commands, FTP commands, TFTP commands, XModem downloading
commands, user management commands, and level setting commands

[H3C]telnet server enable

[H3C]ssh server enable
[H3C]ftp server enable

habilita telnet servicio (siempre )

habilita ssh servicio (siempre)
habilita ssh servicio

Crear usuarios y privilegios

[H3C] local-user john

[H3C-luser-john] password [simple/ cipher ] clave
[H3C-luser-john]service-type telnet ssh terminal
[H3C-luser-john]Authorization-attribute level [0 ~ 3]

crear usuario local

clave que tendr el usuario
servicios habilitados
nivel de privilegio

[H3C] user-interface vty 0 4

[H3C-ui-vty0-4]authentication-mode scheme
[H3C-ui-vty0-4]protocol inbound [all / ssh / telnet ]
interfase vty 0 4

habilitar ssh, telnet en

Habilitacion de SSH
<H3C> system-view
[H3C] Ssh server enable

habilitar ssh

[H3C] ssh server authentication-retries #

(default 3)
[H3C] ssh server authentication-timeout
(default 60 segundos)

Specify authentication retry times

Specify authentication timeout

[H3C] user-interface vty 0 4

[H3C-ui-vty0-4] authentication-mode scheme
[MSR900-ui-vty0-4] protocol inbound ssh

<----- habilita solo SSH

[MSR900-ui-vty0-4] quit
[H3C] local-user client1
[H3C-luser-client1] password simple clave
[H3C-luser-client1] service-type ssh level 3
[H3C-luser-client1] quit
[H3C] Public-key local create rsa
bytes)

crea clave rsa (default 1024

To Display connected users:

<H3C>display users [all]
0
8
9

UI Delay Type Ipaddress

Username
AUX 0 00:00:00
admin
3
VTY 0 00:01:31 TEL 10.0.0.4
admin
VTY 1 00:01:07 TEL 10.0.0.3
monitor

Userlevel
3
1

To disconnect a user:
<H3C>free user-interface vty #
Are you sure you want free user-interface vty1 [Y/N]

DHCP

[Router] DHCP enable

activo DHCP

[Router]dhcp server ip-pool name extended

defino pool

[Router ip pool 1] network 192.168.1.0 mask 255.255.255.128

dhcp

defino red a usar en

[Router ip pool 1]network ip range 192.168.1.2 192.168.1.254

se usaran

defino rango de ips que

[Router ip pool 1]gateway-list 192.168.1.1

defino gateway

[Router ip pool 1]dns-list 4.4.4.4 8.8.8.8

defino DNS

[Router ip pool 1] domain example.com

defino domain

[Router ip pool 1] expired day 0 hour 10 minute 0 second 0

(lease)

tiempo de alquiler de ip

[Router ip pool 1] quit

[Router]forbidden-ip 192.168.1.2 192.168.1.5
modo global

defino ips a excluir

[Router]Interface vlan 1

acceso a interfase vlan

[Router vlan1]Dhcp server apply ip-pool name

de interfase

aplico pool dhcp dentro

Con este ejemplo la primera ip a entregar es la 192.168.1.6/25

Troubleshooting
[PRUEBA]display dhcp server ip-in-use all
Pool utilization: 0.82%
IP address
Client-identifier/ Lease expiration
Type
Hardware address
192.168.1.6
001b-38c4-fd27
Jan 2 2007 02:13:09
Auto:COMMITTED
--- total 1 entry --[PRUEBA]
Access-list
Se aplica en wan e interfases vlan
Por default termina en un permit any por lo que se recomienda poner explicitamente un
deny any
acl basico 2000-2999 verifica ip source del paquete
acl advanced 3000-3999 verifica ip source, ip destino, puerto.
Pueden funcionar por un lapso de tiempo.
time range horario hora-inicio hora-final peridodo

[H3C] firewall enable para habilitar las ACLs

acl number 1
rule 1 [permit/deny] permit source ip-address wildcard-mask
acl number # match-order auto
ordena las reglas automticamente desde la ms especifica a la mas general
aplicando a interfase
firewall packet-filter acl-number [inbound/outbound]
acl 3000
rule 1 permit tcp source wildcard destination eq telnet desti

NAT ESTATICO
=============
naturemask-arp
nat static ip-interna ip-externa
[h3c] int interfase
[H3C] ip address de interfase
nat outbound static

habilita NAT

(misma red que la ip-externa)

NAT DINAMICO
============
naturemask-arp enable
nat address-group NAME primera-ip ultima-ip
crear primero el acl.
interfase
nat outbound ACL address-group NAME
ACL = access-list
Display nat session
NAT ENTRANTE

ver las traslaciones

revisar
nat server 1 protocol tcp global current-interface 8080 inside 192.168.0.2 8080
display nat server
TUNEL

gre

ipv4-ipv4

dvpn

interface tunnel 0
source ip-origen
destination ip-destino
ip addres (de interfase tunel)
tcp mss 1432
tunnel-protocol [ gre/ ipv4-ipv4 ]

Policy-based-route
Creacion de FILTRO

acl number 2000

rule 0 permit source 172.16.1.0 0.0.0.255
rule 100 deny

Definicin de la poltica

Aplicacin de la poltica
display policy-based-route
OSPF
25 areas maximas
5 areas por ruteador
eleccion de DR
1- DR priority
2- Router-ID
3- Loop interfases mas alta
4- ip de interfases fisicas mas alta
costo =1Gb/BW=
ECMP

Route-map

10e8

Equal Cost Multiple path

ospf dr-priority
router id valor-ip
ospf process_id
area area-id
network red mask-wildcard
display ospf routing table

policy-based-route NAME-PBR permit node 10

if-match acl 2000
apply ip-address next-hop 172.16.0.2
interface Tunnel0
ip policy-based-route NAME-PBR

BGP
www.bgp.he.net pagina para ayudarnos con BGP.
AS_path: mas corto mejor
MED: mas bajo mejor
bgp AS
router-id IP R-ID
loopback)
undo synchronization
peer IP-PEER as-number AS-PEER
peer IP-PEER connect-interface LoopBack0
peer IP-PEER description NAME
peer IP-PEER preferred-value 1000
network RED MASK
#

Identidicador (generalmente una

no syncronization
declaracion de neighbors
description de peer
Seleccin de enlace principal

Recordar que PEERS deben verse a nivel de IP.

display ip routing-table
display bgp routing-table
display bgp peer

QoS
clasificador+ comportamiento = politica
acl + operador (and / or)
trafficc classifier class 1 operatod and
if-match acl 3100
if match acl 3101

generictraffic shappe (BW)

commitd basic rate (con acl basicos)
queue tiene 3niveles
AF
assured forwarding
EF
expedited forwarding
WFQ mejor esfuerzo
comportamiento
traffic behavior nombre
queue [af/ef/wqf] bandwidth
politica --->
qos policy nombre de politica
classifier nombre de clasificador behavioor nombre de comportamiento
ahora se aplica sobre interfases wan y vlan
[e0/0] qos max-bandwidth Kbps
(sirve para los calculos de pct en)
qos apply policy nombre de politica outbound
TRAFFIC SHAPPING
traffic behavior nombre
car cir 2000 green pass red discard

car es rate limit a 2Mbps

green (trafico dentro de

2Mbps
rojo (fuera de los 2Mbps)
traffic behavior nombre
gts cir 700

cbs 800 ebs 200000

permite tramas de hasta cbs y permitir rafagas maximas de hasta ebs

VRRP

[H3C]display vrrp verbose

IPv4 Standby Information:
Run Mode
: Standard
Run Method
: Virtual MAC
Total number of virtual routers : 1
Interface Vlan-interface1
VRID
:1
Adver Timer : 1

Admin Status : Up
Config Pri
: 100
Preempt Mode : Yes
Auth Type
: None
Virtual IP
: 10.2.0.3
Master IP
: 10.2.0.1

State
: Backup
Running Pri : 100
Delay Time : 0
<ip del master

[H3C]display vrrp
IPv4 Standby Information:
Run Mode
: Standard
Run Method
: Virtual MAC
Total number of virtual routers : 1
Interface
VRID State
Run
Adver Auth
Virtual
Pri
Timer Type
IP
--------------------------------------------------------------------Vlan1
1
Backup
100
1
None
10.2.0.3
[H3C]

diferencia entre real mac y virtual mac

NQA

====

LSA

nqa entry admin test

type icmp echo
destination ip ip-destino
next hop ip-next-hop
probe count # de veces
frequency # en mseg
history-record enable
history-record number #

admin = local-user

test nombre de nqa

numero de grabaciones a tener

nqa schedule admin test start-time now lifetime forever

voice
nqa served udp-echo ip-de-servidor 5600 <------------type voice
destination ip ip-servidor
destination port 5600
nqa schedule admin testvoice test
-----

reaction 1 checked-element probe-fail thershold-type consecutive 5 action-type triggeronly

track 1 nqa entry admin testvrrp reaction 1

vrrp vrid 1 track 1 reduced 30

standby 1
track 1 donde se usa el nqa

mirrroring
mirroring
mirroring-group 1
mirroring-port e0/1
monitor-port e0/0
mirrroring-group 1 mirroring port interfase both para emparejar
no se puede hacer entre un port mirroring route y un bridge port (capa 2 con capa 2 y 3
con 3)

RMON
SFLOW
sflow agent la direccion delrouter
sflow counter interval
NQA'

password recovery
6 es equivalente a

2142

solo se salta el main NO SE SALTA EL BACKUP

4 ver los archivos

STARTUP.CFG

(puedo borrar el main y backup

ipv6
[H3C] ipv6
ipv6 address 3001::1 64

activar ipv6

.cfg)

NO BORRAR EL

ipv6 route-static 2002:: 64 3002::

tunnel protocol ipv4-ipv6
tunel ipv6
int tu 1
tunnel-protocol ipv4-ipv6
ip address 10.10.0.1 30
source 3001::1
destination 3001::2

(hay que ver que es la lan ipv4 o ipv6

ip route-static 192.168.2.0 24 tu 1
ospf v3

(ipv6)

ip deinterfase en ipv6
[H3C] ospfv3 1
router-id 1.1.1.1
int e0/0
ospfv3 1 area 0
display ospfv3 peer
display ospfv3 routing-table

vlans
======
vlan 2

crea vlan 2 y accede a vlan 2

int e0/2
port link-type trunk (troncaliza puerto)
port trunk permit vlan all

dis dhcp ser ip-in-use all para mostrar las dadas por dhcp

=== ====

==== ===

Deshabilitar telnet
undo telnet server enable
Habilitar ssh
public-key local create rsa
ssh server enable
local-user bancos
service-type ssh
undo service-type telnet
undo service-type web
Cerrar el acceso por la linea auxiliar.
[HP]user-interface tty 13
[HP-ui-tty13]set authentication password cipher CLAVE
Cerrar el acceso por consola
[HP]user-interface con 0
[HP-ui-console0]set authentication password cipher CLAVE
Proxy ARP viene deshabilitado por default.

En la plantilla esta configurado qos en la interfaz WAN. Esto se hara para los enlaces de
radio. Caso contrario eliminar de la configuracin.
#
traffic classifier BW operator and
if-match any
#
traffic behavior beh_BW
car cir 128 cbs 1000 ebs 0 green pass red discard
#
qos policy pol_BW
classifier BW behavior beh_BW
qos policy BW
#
#
interface Ethernet0/0
port link-mode route
description WAN
qos apply policy pol_BW inbound
qos apply policy pol_BW outbound
#

======================================================
=========
### ENCAPSULACION DOT1Q
#####################################
interface Ethernet0/0.477
vlan-type dot1q vid 477
ip address 10.11.92.18 255.255.255.248