华三防火墙实用操作

目录

• 华三防火墙实用操作
  • 查看邻居
  • 虚拟化
  • 保存

华三防火墙实用操作

查看邻居

[JN-FW-01]lldp global enable 
[JN-FW-01]dis lldp neighbor-information list
Chassis ID : * -- -- Nearest nontpmr bridge neighbor
             # -- -- Nearest customer bridge neighbor
             Default -- -- Nearest bridge neighbor
System Name          Local Interface Chassis ID      Port ID
JN-FW-01-NeiWang     GE1/0/1         a4fa-763e-4ab4  GigabitEthernet1/0/2   

解释一下，JN-FW-01是物理防火墙的名字，而JN-FW-01-NeiWang指的是与之相邻防火墙的名字，G1/0/1指的是本地与相邻防火墙相连的接口，最后的G1/0/2指的是邻居防火墙与之相连的接口，而最后一行的MAC地址是谁的呢？是对方的。

通过dis arp可查看arp地址表，从而确认自已和对方的MAC地址。

[JN-FW-01]dis lldp neighbor-information verbose 
LLDP neighbor-information of port 2[GigabitEthernet1/0/1]:
LLDP agent nearest-bridge:
 LLDP neighbor index : 1
 Update time         : 133 days, 4 hours, 35 minutes, 44 seconds
 Chassis type        : MAC address
 Chassis ID          : a4fa-763e-4ab4
 Port ID type        : Interface name
 Port ID             : GigabitEthernet1/0/2
 Time to live        : 121
 Port description    : to AC-FW
 System name         : JN-FW-01-NeiWang
 System description  : H3C Comware Software. Software Version 7.1.064, Release 9
                       333P22
                       H3C SecPath F1000 Context
                       Copyright (c) 2004-2019 New H3C Technologies Co., Ltd. Al
                       l rights reserved.
 System capabilities supported : Bridge, Router, Customer Bridge, Service Bridge
 System capabilities enabled   : Bridge, Router, Customer Bridge
 Management address type           : IPv4
 Management address                : 192.168.1.3
 Management address interface type : IfIndex
 Management address interface ID   : 3
 Management address OID            : 0
 Link aggregation supported : Yes
 Link aggregation enabled   : No
 Aggregation port ID        : 0
 Auto-negotiation supported : Yes
 Auto-negotiation enabled   : No
 OperMau                    : Speed(1000)/Duplex(Full)
 Power port class           : PD
 PSE power supported        : No
 PSE power enabled          : No
 PSE pairs control ability  : No
 Power pairs                : Signal
 Port power classification  : Class 0
 Maximum frame size         : 1600

虚拟化

[JN-FW-01]dis context 
ID     Name             Status       Description
1      Admin            active       DefaultContext
2      NeiWang          active       

Total contexts:2
[JN-FW-01]context NeiWang   #切换到另一台防火墙
[JN-FW-01-context-2-NeiWang]dis th
#
context NeiWang id 2 vlan-unshared
 context start
 allocate interface GigabitEthernet1/0/2 to GigabitEthernet1/0/4  # 再次敲此命令是追加之意，并不是覆盖
#
return

//追加示例
context H3C-context-4-Company_C
[H3C-context-4-Company_C]allocate interface gigabitethernet 1/0/5 gigabitethernet 1/0/6
Configuration of the interfaces will be lost. Continue? [Y/N]:Y
[H3C-context-4-Company_C]quit

在做重大变更之后，应该下刷防火墙配置到硬盘，在内存里面修改，一旦修改失误，重启即可恢复。

保存

[JN-FW-01]write force 
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.