配置H3C AR18-21A路由器(Ethernet端口管理)
配置H3C AR18-21A路由器(Ethernet端口管理)
全部的命令列举可以参考我记录的另外三篇文章:
H3C AR18-21A路由器(常用)配置命令 http://clin003.com/servers/h3c-ar18-21a-command-1515/
目的:在不关闭或重启路由的情况下限制特定端口(路由器接口)下的PC机连入路由器直至外网。
如果不清楚哪些接口可以配置哪些不可以配置(其实就是找出来要配置哪个路由器端口),可使用“Display current-configuration”进行查看,一般这个型号的路由器WAN(外网)端口是“Ethernet3/0”,内网配置网关地址的端口(内置)是“Ethernet1/0”。其他的四个口“Ethernet1/1,Ethernet1/2,Ethernet1/3,Ethernet1/4”,都是可配置的。
停用路由器端口(接口):
system
System View: return to User View with Ctrl+Z.
[H3C]interface Ethernet1/4
[H3C-Ethernet1/4]?
Ethernetport interface view commands:
broadcast-suppression Specify the broadcast storm control
description Specify interface description
dialer Dialer disconnect
display Display current system information
duplex Configure duplex operation mode
enable Enable function
flow-control Configure flow-control operation mode
loopback Set loopback on an interface
mac-address Specify mac-address aging time (second)
nslookup Query Internet name servers
ping Ping function
port Specify port link-type characteristics
quit Exit from current command view
return Exit to User View
save Save current configuration
shutdown Shut down this interface
speed Set ethernet speed
tracert Trace route function
undo Cancel current setting
vrbd Show application version
[H3C-Ethernet1/4]shutdown
[H3C-Ethernet1/4]
启用这个路由器端口:
[H3C-Ethernet1/4]undo shutdown
[H3C-Ethernet1/4]
限制这个路由器端口的速度:
PS:只有三个级别,10M,100M,自适应。
[H3C-Ethernet1/4]speed ?
10 set ethernet speed 10M
100 set ethernet speed 100M
negotiation Auto negotiates both 10M and 100M mode
[H3C-Ethernet1/4]speed 10
[H3C-Ethernet1/4]
配置H3C AR18-21A路由器端口工作模式:
PS:有全双工,半双工,自适应
[H3C-Ethernet1/4]duplex ?
full Full-Duplex mode
half Half-Duplex mode
negotiation Auto negotiates both full and half duplex mode
[H3C-Ethernet1/4]duplex full
[H3C-Ethernet1/4]
配置H3C AR18-21A路由器端口broadcast-suppression,做广播风暴抑制:
ratio:指定以太网端口最大广播流量的线速度百分比,取值范围为10~40,缺省值为10。百分比越小,则允许通过的广播流量也越小。
PS:如果哪个端口下开BT下载影响全局网速,可设置这个数值低一些,以减少对他人的影响。
[H3C-Ethernet1/4]broadcast-suppression ?
INTEGER<10-40> The max-ratio of broadcast (module value is 10)
[H3C-Ethernet1/4]broadcast-suppression 20
[H3C-Ethernet1/4]
对端口做相应备注,方便日后管理:
[H3C-Ethernet1/4]description other
[H3C-Ethernet1/4]
H3C AR18-21A路由器防火墙配置
建立规则,允许80端口和3389端口,其他禁止
[H3C-acl-adv-3000]acl number 3500
[H3C-acl-adv-3500]?
Acl-adv view commands:
description Specify ACL description
dialer Dialer disconnect
display Display current system information
nslookup Query Internet name servers
ping Ping function
quit Exit from current command view
return Exit to User View
rule Specify an acl rule
save Save current configuration
tracert Trace route function
undo Cancel current setting
vrbd Show application version
[H3C-acl-adv-3500]dis this
#
acl number 3500
rule 0 permit tcp destination-port eq www
#
return
[H3C-acl-adv-3500]rule 1 permit tcp destination-port eq 3389
[H3C-acl-adv-3500]rule 20 deny tcp
[H3C-acl-adv-3500]rule 20 deny ?
<1-255> Protocol number
gre GRE tunneling(47)
icmp Internet Control Message Protocol(1)
igmp Internet Group Management Protocol(2)
ip Any IP protocol
ipinip IP in IP tunneling(4)
ospf OSPF routing protocol(89)
tcp Transmission Control Protocol (6)
udp User Datagram Protocol (17)
[H3C-acl-adv-3500]
在“Ethernet3/0”端口上应用规则
[H3C-acl-adv-3500]rule 20 deny tcp
[H3C-acl-adv-3500]interface ethernet3/0
[H3C-Ethernet3/0]firewall packet-filter 3500 outbound
[H3C-Ethernet3/0]q
[H3C]firewall enable
[H3C]
(配置完之后,需检查是否和其他规则冲突)
查看当前端口下的配置信息:
[H3C-Ethernet1/4]dis this
#
interface Ethernet1/4
speed 10
duplex full
broadcast-suppression 40
description other
#
return
[H3C-Ethernet1/4]
另外“flow-control”是控制流量的
这个还没研究过具体是怎样控制的。希望知道的朋友能分享下。。
Over。
限制不是目的,稳定顺畅才是目标。
附注:
在WAN端口还可以配置更多的东东,今天就不配置啦,列一下命令列表:
[H3C-Ethernet3/0]?
Ethernet interface view commands:
arp Configure ARP
arp-proxy Specify ARP Proxy function
bridge Config interface of bridge set
bridge-set Config bridge set
description Specify interface description
dhcp DHCP configuration subcommands
dialer Dialer disconnect
display Display current system information
duplex Configure duplex operation mode
enable Enable function
firewall Specify firewall configuration
force-link Force link-control operation mode
ip Interface IP configuration commands
ipsec Specify IPSec(IP Security) configuration information
loadbandwidth Set loadsharing bandwidth
loopback Set loopback on an interface
mtu Specify Maximum Transmission Unit(MTU) of the interface
nat Specify NAT(Network Address Translation) configuration
information
nslookup Query Internet name servers
ntp-service Specify NTP(Network Time Protocol) configuration information
ospf Configure interface parameters for OSPF
ping Ping function
pppoe-client PPPoE Client Settings
pppoe-server Specify PPPoE(PPP over Ethernet) server configuration
information
promiscuous Configure promiscuous operation mode
qmtoken Specify the number of QOS sending token
qos Command of QoS(Quality of Service)
quit Exit from current command view
restart Restart the port
return Exit to User View
rip Specify interface parameters for RIP
rmon Specify RMON
save Save current configuration
shutdown Shut down this interface
speed Set ethernet speed
standby Specify interface-standby configuration information
tcp Specify TCP parameters of the interface
timer Specify hold timer
tracert Trace route function
undo Cancel current setting
vrbd Show application version
vrrp Specify configuration information of VRRP
[H3C-Ethernet3/0]
广播风暴的说明是参考自H3C的一个PDF电子书。
转载原创文章请注明,转载自:Lin's Space|Only[http://clin003.com]
本文链接: http://clin003.com/servers/configuration-information-for-the-interface-h3c-ar18-21a-1733/
Google比较注重原创性和时效性,若没有找到需要的内容可尝试以下搜素。
流控的那个是什么呢?博主知道不?
@Beriszl
这个流控 我还没实验过呢,按照说明翻译过来是这样的:
配置流量控制操作模式
可是具体到端口上 并没有参数可选,这样我也不知道配置出来的控制模式是怎样的,目前我也没有看到,关于这个型号的端口流量控制模式是怎样控制的。
简单的可以理解为让相应端口的带宽更合理的使用。
当有人使用下载工具大量下载影响网速的时候,打开这个可以实验一下,看看怎样的效果。