在网络运维与项目实施中,华为、H3C、锐捷三款主流交换机覆盖绝大多数政企场景。三者配置逻辑相似但命令语法体系不同,极易混淆。本文基于各厂商最新固件版本(华为VRP5/VRP8、H3C Comware V7、锐捷RGOS 11.x),整理全套标准、可用、无冗余的基础配置命令,附带详细注释,适合日常调试、项目部署与学习参考。
版本基准:华为 VRP V5/V8、H3C Comware V7、锐捷 RGOS 11.x/12.x
核心理念:摒弃过时命令,统一采用 MGMT隔离 + SSH加密 + AAA认证 的现代网络规范。
华为VRP系统逻辑严谨,采用display查看,save保存。
system-view # 进入系统视图
[Huawei] sysname HW-CORE-01 # 设备命名(位置+角色+序号)
[HW-CORE-01] undo info-center enable # 关闭信息中心提示(可选,简化输出)
# 批量创建VLAN(推荐)
[HW-CORE-01] vlan batch 10 20 100 # 10/20为业务VLAN,100为管理VLAN
[HW-CORE-01] vlan 10
[HW-CORE-01-vlan10] description Office_Wired # 添加描述,便于运维
[HW-CORE-01-vlan10] quit 注意:10GE代表万兆口,GE代表千兆口,原文混淆了接口类型。
# Access端口(接PC/打印机/摄像头)
[HW-CORE-01] interface GigabitEthernet 1/0/1
[HW-CORE-01-GigabitEthernet1/0/1] port link-type access
[HW-CORE-01-GigabitEthernet1/0/1] port default vlan 10
[HW-CORE-01-GigabitEthernet1/0/1] storm-control broadcast min-packet-interval 20 # 广播风暴抑制
[HW-CORE-01-GigabitEthernet1/0/1] quit
# Trunk端口(接AP/上游交换机)
[HW-CORE-01] interface 10GE 2/0/1
[HW-CORE-01-10GE2/0/1] port link-type trunk
[HW-CORE-01-10GE2/0/1] port trunk allow-pass vlan 10 20 100
[HW-CORE-01-10GE2/0/1] port trunk pvid vlan 100 # 管理VLAN设为默认VLAN
[HW-CORE-01-10GE2/0/1] quit
# 批量端口加入VLAN(高效运维)
[HW-CORE-01] port-group group-member GE 1/0/2 to GE 1/0/24
[HW-CORE-01-port-group] port link-type access
[HW-CORE-01-port-group] port default vlan 20# 配置VLANIF三层接口(SVI)
[HW-CORE-01] interface Vlanif 10
[HW-CORE-01-Vlanif10] ip address 192.168.10.1 255.255.255.0
[HW-CORE-01-Vlanif10] quit
[HW-CORE-01] interface Vlanif 100
[HW-CORE-01-Vlanif100] ip address 192.168.100.1 255.255.255.0 # 管理网段
[HW-CORE-01-Vlanif100] quit
# 默认路由指向出口防火墙
[HW-CORE-01] ip route-static 0.0.0.0 0.0.0.0 192.168.100.254原文纠错:原文保留了Telnet配置,现网中属于高危配置,必须改为SSH。
# AAA本地用户(不可逆加密)
[HW-CORE-01] aaa
[HW-CORE-01-aaa] local-user admin password irreversible-cipher Admin@123
[HW-CORE-01-aaa] local-user admin privilege level 15
[HW-CORE-01-aaa] local-user admin service-type terminal ssh http # 仅允许SSH和Web
[HW-CORE-01-aaa] quit
# 开启SSH服务
[HW-CORE-01] rsa local-key-pair create # 生成RSA密钥
[HW-CORE-01] stelnet server enable
[HW-CORE-01] ssh user admin authentication-type password
# VTY线路限制
[HW-CORE-01] user-interface vty 0 4
[HW-CORE-01-ui-vty0-4] authentication-mode aaa
[HW-CORE-01-ui-vty0-4] protocol inbound ssh # 禁止Telnet
[HW-CORE-01-ui-vty0-4] idle-timeout 5 # 5分钟超时 save # 保存配置
reset saved-configuration # 清空配置
reboot # 重启
display current-configuration # 查看当前配置
display interface brief # 查看接口状态 H3C Comware V7与华为VRP命令相似度极高,但管理VLAN配置逻辑已更新。
system-view
[H3C] sysname H3C-ACCESS-01
# 创建管理级用户(V7版本推荐用法)
[H3C-ACCESS-01] local-user admin class manage
[H3C-ACCESS-01-luser-manage-admin] password simple Admin@123
[H3C-ACCESS-01-luser-manage-admin] authorization-attribute user-role network-admin
[H3C-ACCESS-01-luser-manage-admin] service-type ssh terminal https
[H3C-ACCESS-01-luser-manage-admin] quit
# 开启SSH
[H3C-ACCESS-01] public-key local create rsa
[H3C-ACCESS-01] ssh server enable
# VTY配置
[H3C-ACCESS-01] line vty 0 63
[H3C-ACCESS-01-line-vty0-63] authentication-mode scheme
[H3C-ACCESS-01-line-vty0-63] protocol inbound ssh [H3C-ACCESS-01] vlan 10
[H3C-ACCESS-01-vlan10] port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/24
[H3C-ACCESS-01-vlan10] quit
# Trunk配置
[H3C-ACCESS-01] interface GigabitEthernet 1/0/48
[H3C-ACCESS-01-GigabitEthernet1/0/48] port link-type trunk
[H3C-ACCESS-01-GigabitEthernet1/0/48] port trunk permit vlan all
原文错误纠正:原文使用的 management-vlan命令在V7版本中已被弃用。现代H3C配置直接使用VLAN-interface。
# 标准三层接口配置(无management-vlan命令)
[H3C-ACCESS-01] interface Vlan-interface 10
[H3C-ACCESS-01-Vlan-interface10] ip address 192.168.10.1 255.255.255.0
[H3C-ACCESS-01-Vlan-interface10] quit
# 进阶:使用VPN实例隔离管理流量(核心设备推荐)
[H3C-ACCESS-01] ip vpn-instance MGMT
[H3C-ACCESS-01-vpn-instance-MGMT] route-distinguisher 100:1
[H3C-ACCESS-01] interface Vlan-interface 100
[H3C-ACCESS-01-Vlan-interface100] ip binding vpn-instance MGMT
[H3C-ACCESS-01-Vlan-interface100] ip address 192.168.100.2 255.255.255.0# 静态链路聚合
[H3C-ACCESS-01] interface Bridge-Aggregation 1
[H3C-ACCESS-01-Bridge-Aggregation1] link-aggregation mode static
[H3C-ACCESS-01-Bridge-Aggregation1] port link-type trunk
[H3C-ACCESS-01] interface GigabitEthernet 1/0/47
[H3C-ACCESS-01-GigabitEthernet1/0/47] port link-aggregation group 1
# 本地端口镜像
[H3C-ACCESS-01] mirroring-group 1 local
[H3C-ACCESS-01] mirroring-group 1 monitor-port GigabitEthernet 1/0/49
[H3C-ACCESS-01] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/10 both锐捷RGOS基于Cisco IOS演化,采用show查看,write保存。
原文错误纠正:锐捷设备默认Telnet/SSH/Web服务是关闭的,必须手动开启。
Ruijie> enable
Ruijie# configure terminal
Ruijie(config)# hostname RG-ACCESS-01
# 开启服务(原文缺失的关键步骤)
Ruijie(config)# enable service ssh-server # 开启SSH
Ruijie(config)# enable service telnet-server # 如需Telnet
Ruijie(config)# enable service web-server # 开启Web界面
# 配置AAA本地用户
Ruijie(config)# username admin password Admin@123
Ruijie(config)# line vty 0 4
Ruijie(config-line)# login local # 调用本地用户
Ruijie(config-line)# transport input ssh telnet # 允许协议# 创建VLAN
Ruijie(config)# vlan range 10,20,100
Ruijie(config-vlan-range)# exit
# Access端口
Ruijie(config)# interface gigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# switchport mode access
Ruijie(config-if-GigabitEthernet 0/1)# switchport access vlan 10
Ruijie(config-if-GigabitEthernet 0/1)# no shutdown
# Trunk端口
Ruijie(config)# interface gigabitEthernet 0/24
Ruijie(config-if-GigabitEthernet 0/24)# switchport mode trunk
Ruijie(config-if-GigabitEthernet 0/24)# switchport trunk allowed vlan only 10,20,100# SVI接口
Ruijie(config)# interface vlan 10
Ruijie(config-if-VLAN 10)# ip address 192.168.10.1 255.255.255.0
Ruijie(config-if-VLAN 10)# no shutdown
# 开启三层路由转发
Ruijie(config)# ip routing
Ruijie(config)# ip route 0.0.0.0 0.0.0.0 192.168.100.254Ruijie(config)# interface AggregatePort 1
Ruijie(config-if-AggregatePort 1)# switchport mode trunk
Ruijie(config)# interface range gigabitEthernet 0/47-48
Ruijie(config-if-range)# port-group 1 mode active # LACP主动模式# MSTP配置
Ruijie(config)# spanning-tree mode mstp
Ruijie(config)# spanning-tree mst configuration
Ruijie(config-mst)# instance 1 vlan 10
Ruijie(config-mst)# instance 2 vlan 20
Ruijie(config-mst)# exit
Ruijie(config)# spanning-tree mst 1 priority 4096
# VRRP网关冗余
Ruijie(config)# interface vlan 10
Ruijie(config-if-VLAN 10)# vrrp 1 ip 192.168.10.254
Ruijie(config-if-VLAN 10)# vrrp 1 priority 120 # 主设备优先级调高功能模块 | 华为 (Huawei) | H3C (新华三) | 锐捷 (Ruijie) | 备注 |
视图进入 | system-view | system-view | configure terminal | 华为/H3C一致 |
查看配置 | display current | display current | show running-config | 锐捷使用show |
保存配置 | save | save | write memory | 锐捷也可用copy run start |
三层接口 | interface Vlanif X | interface Vlan-interface X | interface vlan X | 命名规则不同 |
SSH服务 | stelnet server enable | ssh server enable | enable service ssh-server | 锐捷必须手动开启 |
链路聚合 | Eth-Trunk | Bridge-Aggregation | AggregatePort | 逻辑接口名不同 |
默认路由 | ip route-static 0.0.0.0 0 X.X.X.X | ip route-static 0.0.0.0 0 X.X.X.X | ip route 0.0.0.0 0.0.0.0 X.X.X.X | 锐捷语法略有差异 |
清除配置 | reset saved-configuration | reset saved-configuration | delete flash:config.text | 锐捷是删除文件 |
更新时间:2026-07-04
本站资料均由网友自行发布提供,仅用于学习交流。如有版权问题,请与我联系,QQ:4156828
© CopyRight All Rights Reserved.
Powered By 61893.com 闽ICP备11008920号
闽公网安备35020302034903号