目錄

• 華三防火牆實用操作
  • 查看鄰居
  • 虛擬化
  • 保存

華三防火牆實用操作

查看鄰居

[JN-FW-01]lldp global enable 
[JN-FW-01]dis lldp neighbor-information list
Chassis ID : * -- -- Nearest nontpmr bridge neighbor
             # -- -- Nearest customer bridge neighbor
             Default -- -- Nearest bridge neighbor
System Name          Local Interface Chassis ID      Port ID
JN-FW-01-NeiWang     GE1/0/1         a4fa-763e-4ab4  GigabitEthernet1/0/2   

解釋一下，JN-FW-01是物理防火牆的名字，而JN-FW-01-NeiWang指的是與之相鄰防火牆的名字，G1/0/1指的是本地與相鄰防火牆相連的接口，最后的G1/0/2指的是鄰居防火牆與之相連的接口，而最后一行的MAC地址是誰的呢？是對方的。

通過dis arp可查看arp地址表，從而確認自已和對方的MAC地址。

[JN-FW-01]dis lldp neighbor-information verbose 
LLDP neighbor-information of port 2[GigabitEthernet1/0/1]:
LLDP agent nearest-bridge:
 LLDP neighbor index : 1
 Update time         : 133 days, 4 hours, 35 minutes, 44 seconds
 Chassis type        : MAC address
 Chassis ID          : a4fa-763e-4ab4
 Port ID type        : Interface name
 Port ID             : GigabitEthernet1/0/2
 Time to live        : 121
 Port description    : to AC-FW
 System name         : JN-FW-01-NeiWang
 System description  : H3C Comware Software. Software Version 7.1.064, Release 9
                       333P22
                       H3C SecPath F1000 Context
                       Copyright (c) 2004-2019 New H3C Technologies Co., Ltd. Al
                       l rights reserved.
 System capabilities supported : Bridge, Router, Customer Bridge, Service Bridge
 System capabilities enabled   : Bridge, Router, Customer Bridge
 Management address type           : IPv4
 Management address                : 192.168.1.3
 Management address interface type : IfIndex
 Management address interface ID   : 3
 Management address OID            : 0
 Link aggregation supported : Yes
 Link aggregation enabled   : No
 Aggregation port ID        : 0
 Auto-negotiation supported : Yes
 Auto-negotiation enabled   : No
 OperMau                    : Speed(1000)/Duplex(Full)
 Power port class           : PD
 PSE power supported        : No
 PSE power enabled          : No
 PSE pairs control ability  : No
 Power pairs                : Signal
 Port power classification  : Class 0
 Maximum frame size         : 1600

虛擬化

[JN-FW-01]dis context 
ID     Name             Status       Description
1      Admin            active       DefaultContext
2      NeiWang          active       

Total contexts:2
[JN-FW-01]context NeiWang   #切換到另一台防火牆進行配置，但並不是進入虛擬牆里面，想進入到虛擬牆里面要通過switchto context <NAME>才進去
[JN-FW-01-context-2-NeiWang]dis th
#
context NeiWang id 2 vlan-unshared
 context start
 allocate interface GigabitEthernet1/0/2 to GigabitEthernet1/0/4  # 再次敲此命令是追加之意，並不是覆蓋
#
return

通過consoel口、ssh進的是全局牆

//追加示例
context H3C-context-4-Company_C
[H3C-context-4-Company_C]allocate interface gigabitethernet 1/0/5 gigabitethernet 1/0/6
Configuration of the interfaces will be lost. Continue? [Y/N]:Y
[H3C-context-4-Company_C]quit

在做重大變更之后，應該下刷防火牆配置到硬盤，在內存里面修改，一旦修改失誤，重啟即可恢復。

保存

[JN-FW-01]write force 
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.