导图社区 H3C Switch

H3C Switch

H3C Switch的思维导图，内容有Account、Login、Interface、VOIP、Loop Protection、SNMP、Router。

编辑于2023-08-25 11:38:11

青玉

他的近期作品查看更多>>

H3C Switch
H3C Switch的思维导图，内容有Account、Login、Interface、VOIP、Loop Protection、SNMP、Router。

H3C Switch

社区模板帮助中心，点此进入>>

青玉

他的近期作品查看更多>>

H3C Switch
H3C Switch的思维导图，内容有Account、Login、Interface、VOIP、Loop Protection、SNMP、Router。

相似推荐
大纲

互联网9大思维
- 33.9k
- 911
- 2.4k
- 390
MindMaster
安全教育的重要性
- 6.5k
- 858
- 97
- 18
issen
组织架构-单商户商城webAPP 思维导图。
- 14.6k
- 3
- 184
- 10
Kacyun
个人日常活动安排思维导图
- 7.2k
- 0
- 78
- 0
少儿栏目外景策划波波老师
域控上线
- 1.6k
- 162
- 11
- 4
jackrao
西游记主要人物性格分析
- 15.3k
- 1.3k
- 636
- 105
issen
17种头脑风暴法
- 195.2k
- 3.9k
- 11.6k
- 3.9k
MindMaster
python思维导图
- 5.4k
- 525
- 242
- 7
(*^▽^*)
css
- 1.2k
- 1
- 43
- 3
A张舫
CSS
- 3.3k
- 262
- 188
- 33
journey

General Structure

Account

admin

operator

audit

Local-Console（Baud rate 9600）

Remote-Telnet（It is recommended to disable it, and no additional configuration explanation will be made here）

Remote-SSH（Manually specify Version2 or higher）

Access Security

Access-list limit

Global Settings limit

Invoke Under the interface, in the group, associate related accounts

Interface

Access

Trunk

Hybrid

Bridge-Aggregation

AAA

What is AAA?

Authentication

who are you?

no Authentication

local Authentication

remote Authentication

Authorization

what can you do?

no Authorization

local Authorization

remotr Authorization

Accounting

you done something

no Accounting

remote Accounting

Audit-(single log level)

you done everything

remote Audit

local Audit

RADIUS

client

NAS ( Network Access Server/device

AAA Server (like you AD server)

UDP Port 1812 Authentication

UDP Port 1813 Authorization

UDP Port 1645 Authentication(if neighbor device is Cisco.Cisco default port)

UDP Port 1646 Authentication(if neighbor device is Cisco.Cisco default port)

TACACS+

client

NAS ( Network Access Server/device

AAA Server (like you AD server)

TCP/UDP Port 49 Authentication

TCP/UDP Port 49 Authorization

more secure

VOIP

OUI

LLDP

Auto-discover phones via LLDP

vocie-vlan track lldp

LLDP-CDP

LLDP compatible with CDP function

lldp compatible cdp

useful commands

undo voice-vlan security enable # lldp compliance cdp lldp ignore-pvid-inconsistency lldp global enable # poe pd-policy priority poe legacy enable pse 10 poe legacy enable pse 13 poe legacy enable pse 4 poe legacy enable pse 7 poe reset enable #

voice-vlan mac-address 8875-5600-0000 mask ffff-ff00-0000 voice-vlan mac-address c85b-7600-0000 mask ffff-ff00-0000 voice-vlan mac-address 000d-bc00-0000 mask ffff-ff00-0000 voice-vlan mac-address 000d-ed00-0000 mask ffff-ff00-0000 description Cisco 7960G voice-vlan mac-address 000f-8f00-0000 mask ffff-ff00-0000 voice-vlan mac-address 0012-0000-0000 mask ffff-0000-0000 voice-vlan mac-address 0013-1a00-0000 mask ffff-ff00-0000 voice-vlan mac-address 0015-2b00-0000 mask ffff-ff00-0000 voice-vlan mac-address 0016-c700-0000 mask ffff-ff00-0000 voice-vlan mac-address 0019-e700-0000 mask ffff-ff00-0000 voice-vlan mac-address 0019-5600-0000 mask ffff-ff00-0000 voice-vlan mac-address 0024-1400-0000 mask ffff-ff00-0000 voice-vlan mac-address 0057-d200-0000 mask ffff-ff00-0000 voice-vlan mac-address 0817-0000-0000 mask ffff-0000-0000 voice-vlan mac-address 108c-cf00-0000 mask ffff-ff00-0000 voice-vlan mac-address 14a2-a000-0000 mask ffff-ff00-0000 voice-vlan mac-address 2c3f-3800-0000 mask ffff-ff00-0000 voice-vlan mac-address 5067-ae00-0000 mask ffff-ff00-0000 voice-vlan mac-address 5c50-1500-0000 mask ffff-ff00-0000 voice-vlan mac-address 64a0-0000-0000 mask ffff-0000-0000 voice-vlan mac-address 6416-8d00-0000 mask ffff-ff00-0000

# interface GigabitEthernet1/0/12 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 49 untagged port hybrid pvid vlan 49 voice-vlan 5 enable stp edged-port lldp compliance admin-status cdp txrx poe enable poe legacy enable loopback-detection enable vlan 1 to 4094 #

# interface GigabitEthernet2/0/47 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 5 tagged port hybrid vlan 49 untagged port hybrid pvid vlan 49 stp edged-port lldp compliance admin-status cdp txrx poe enable poe legacy enable loopback-detection action block #

Loop Protection

Architecture anti-loop

Self-device access loop prevention

SNMP

SNMPv2

SNMPv3

V3 data messages are transmitted in ciphertext, and their actual content cannot be seen through packet capture tools such as wireshark/tcpdump

SNMP

poll

UDP Port 161

trap

UDP Port 162

SNMPv1-3

community

public (read-only)

It means that the management terminal has read permission to the device, no write permission, and can only monitor the running status of the system

private(read-write)

The management terminal is readable and writable to the device, which can monitor and perform operations such as modifying the configuration and changing the interface status

The community name must be the same, and the SNMP communication between the management device and the device can be carried out

NMS to Device example SolarWinds send 161 to switch

Device to NMS example switch send 162 to SolarWinds

Router

static

ip route-static 0.0.0.0 0 192.168.0.1

###### password-control login-attempt 5 exceed lock-time 5 ###### acl basic 2023 rule 5 permit source *.*.*.* *.*.*.* rule 10 permit source *.*.*.* *.*.*.* rule 15 permit source *.*.*.* *.*.*.* rule 20 permit source 10.75.0.0 *.*.*.* local-user HPE class manage password hash $h$6$QSVCKRxoI2QWebXi== access-limit 2023 service-type ssh terminal authorization-attribute user-role network-admin authorization-attribute user-role network-operator

###### ssh server enable undo telnet server enable undo ssh server compatible-ssh1x enable ///shutdown SSH version 1 ssh user admin service-type all authentication-type password ###### public-key local create dsa Y 1024 ###### password-control enable undo password-control aging enable undo password-control length enable undo password-control composition enable undo password-control history enable password-control login-attempt 3 exceed unlock password-control update-interval 0 password-control login idle-time 0

local-user super/operator/audit class manage password simple SoluTion123 service-type ssh terminal https authorization-attribute user-role network-admin/// authorization-attribute user-role network-operator/// authorization-attribute user-role security-audit/// ###

admin level 15 operator level 1 audit level 2