1. User Access and Security
Configure local authentication and remote access praameters to secure device entry.
<H3C>system-view
[H3C]super password Admin123! # Define privilege level management credentials
[H3C]undo super password # Remove existing privilege password
[H3C]localuser web_admin Password@99 1 # Create web management user, Level 1 is operator, default admin exists
[H3C]undo localuser web_admin # Delete specific web user account
[H3C]user-interface aux 0 # Select auxiliary interface (Only port 0 supported)
[H3C-Aux-0]idle-timeout 0 30 # Set session timeout: 0h 30m; value 0 implies no timeout; default 5min
[H3C-Aux-0]undo idle-timeout # Revert to factory timeout settings
[H3C]user-interface vty 0 4 # Select virtual terminal ports 0 through 4
[H3C-vty0-4]idle-timeout 0 15 # Set idle timeout: 0h 15m
[H3C-vty0-4]set authentication password P@ssw0rd # Define Telnet access credential
[H3C-vty0-4]undo set authentication password # Disable explicit password check
[H3C]display users # List active user sessions
[H3C]display user-interface # Check status of all interface lines
2. Management Interface & IP Addressing
Assign static addresses or obtain via DHCP for network visibility.
<H3C>system-view
[H3C]vlan 10 # Establish new VLAN domain
[H3C]management-vlan 10 # Designate as the management VLAN
[H3C]interface vlan-interface 10 # Activate Layer 3 VLAN interface
[H3C-Vlan-interface10]ip address 10.0.0.1 255.255.255.0 # Assign static IP gateway; default often varies
[H3C-Vlan-interface10]undo ip address # Clear configured IP settings
[H3C-Vlan-interface10]ip gateway 10.0.0.254 # Specify default gateway route
[H3C-Vlan-interface10]undo ip gateway # Remove gateway configuration
[H3C-Vlan-interface10]shutdown # Administratively disable interface
[H3C-Vlan-interface10]undo shutdown # Enable interface operation
[H3C]display ip # View current IP routing and interface details
[H3C]debugging ip # Toggle debug traces for IP operations
[H3C]undo debugging ip # Stop IP debugging output
3. Dynamic Address Assignment
Enable automatic IP retrieval mechanisms on interfaces.
[H3C-Vlan-interface10]ip address dhcp-alloc # Acquire IP dynamically from server
[H3C-Vlan-interface10]undo ip address dhcp-alloc # Force removal of DHCP acquisition mode
[H3C]display dhcp # Verify DHCP client lease status
[H3C]debugging dhcp-alloc # Enable packet trace for allocation
[H3C]undo debugging dhcp-alloc # Disable allocation tracing
4. Physical Port Optimizaton
Tune physical layer attributes, aggregation, and monitoring features.
[H3C]interface Ethernet 1/0/1
[H3C-Ethernet1/0/1]shutdown # Bring down link
[H3C-Ethernet1/0/1]speed 1000 # Force speed: 10, 100, 1000, or auto
[H3C-Ethernet1/0/1]duplex full # Set duplex mode: half, full, or auto
[H3C-Ethernet1/0/1]flow-control # Activate flow control signaling
[H3C-Ethernet1/0/1]broadcast-suppression 50 # Limit broadcast traffic to 50%
[H3C-Ethernet1/0/1]loopback internal # Initiate self-test loopback
[H3C-Ethernet1/0/1]loopback external # External loop test (requires shorting head)
[H3C-Ethernet1/0/1]port link-type trunk # Change port mode to trunk
[H3C-Ethernet1/0/1]port trunk pvid vlan 10 # Assign native PVID for untagged frames
[H3C-Ethernet1/0/1]port access vlan 10 # Assign port to a single VLAN group
[H3C-Ethernet1/0/1]port trunk permit vlan 10 # Allow specific VLANs on trunk path
[H3C-Ethernet1/0/1]mdi auto # Auto-sense MDI/MDIX crossover needs
[H3C]link-aggregation Group-1 range Ethernet 1/0/1 to Ethernet 1/0/4 # Bundle links into LAG
[H3C]undo link-aggregation Group-1 # Terminate link aggregation group
[H3C]link-aggregation mode both # Load balancing based on source/dest MAC
[H3C]mirroring-port Destination Ethernet 1/0/5 # Set destination for monitored traffic
[H3C]mirroring-source Ethernet 1/0/1 inbound outbound # Mirror ingress and egress on source
[H3C]display mirror # Inspect port mirroring rules
[H3C]reset counters # Zero packet statistics counters
[H3C]display link-aggregation Group-1 # Check bundle operational state
[H3C-Ethernet1/0/1]virtual-cable-test # Run physical copper wire diagnostics
5. Virtual LAN Segmentation
Organize broadcsat domains and implement isolation policies.
[H3C]vlan 20 # Create isolated broadcast segment
[H3C]undo vlan all # Purge non-default VLANs (Default VLAN protected)
[H3C-vlan20]port Ethernet 1/0/2 to 1/0/5 # Add access ports to this segment
[H3C-vlan20]port-isolate enable # Block L2 communication within same VLAN
[H3C-vlan20]port-isolate uplink-port # Designate upstream port for bridging data
[H3C]display vlan all # Show detailed VLAN topology
[H3C]user-group 50 # Configure User Group segmentation feature
[H3C-usergroup50]port Ethernet 1/0/6 to 1/0/8 # Group ports under specific security profile
[H3C]display user-group 50 # Retrieve group configuration details
6. System Clustering
Combine multiple units into a single logical management plane.
[H3C]cluster enable # Turn on cluster capability
[H3C]cluster # Enter cluster configuration view
[H3C-cluster]administrator-address AA-BB-CC-DD name MasterUnit # Register MAC with cluster master
[MasterUnit.cluster-undo]administrator-address # Deregister from cluster scope
[H3C]display cluster # Display cluster member status
[H3C]management-vlan 10 # Ensure all members share Mgmt VLAN context
[H3C]debugging cluster # Trace cluster protocol exchanges
7. Traffic Prioritization (QoS)
Apply Quality of Service rules to manage bandwidth and latency.
[H3C-Ethernet1/0/1]priority 5 # Mark queue priority level (0-7)
[H3C]priority-trust dscp # Trust external packet markings (DSCP/802.1p)
[H3C]queue-scheduler hq-wrr 1 3 5 7 # Weighted Round Robin scheduling weights
[H3C-Ethernet1/0/1]line-rate inbound 50 # Ingress rate limit: index mapping applied internally
[H3C]display queue-scheduler # Audit active QoS queue shapes
[H3C]display priority-trust # Review trust policy settings
8. Maintenance & Monitoring
Manage system state, logs, and saved configurations.
[H3C]mac-address blackhole AA-BB-CC-FF vlan 1 # Drop packets for specific MAC address
[H3C]mac-address static AA-BB-CC-FF interface Ethernet 1/0/1 vlan 1 # Map MAC to fixed port
[H3C]mac-address timer aging 600 # Set table entry expiration time (seconds)
[H3C]display mac-address # View hardware address table
[H3C]display arp # Check ARP cache entries
[H3C]mac-address port-binding AA-BB-CC-FF interface Ethernet 1/0/1 vlan 1 # Lock MAC to port
[H3C]display saved-configuration # Review file stored in flash
[H3C]display current-configuration # View running config memory
[H3C]save # Commit changes to persistent storage
[H3C]restore default # Factory reset configuration (Requires reboot)
[H3C]display version # Show firmware and hardware details
[H3C]reboot # Restart device immediately
[H3C]sysname CoreSwitch # Rename system identifier
[H3C]info-center enable # Activate system message logging engine
[H3C]info-center loghost 192.168.50.99 # Forward logs to centralized server
[H3C]info-center loghost level 8 # Set severity threshold for logging
[H3C]terminal debugging # Enable CLI debug output display
[H3C]terminal logging # Enable console log streaming
[H3C]terminal trapping # Enable console trap alerts
[H3C]display info-center # View logging subsystem status
[H3C]display logbuffer # Inspect recent historical logs
[H3C]reset logbuffer # Clear logged history buffer
9. Discovery Protocols
Manage neighbor discovery and topology visibility mechanisms.
[H3C]ndp enable # Activate Neighbor Discovery Protocol
[H3C]display ndp # List discovered adjacent devices
[H3C]ndp enable # Enable per-interface NDP if global is off
[H3C]debugging ndp interface Ethernet 1/0/1 # Debug NDP packet processing
# HABP (Huawei Authentication Bypass Protocol) allows management bypass during 802.1x auth
[H3C]habp enable # Initialize HABP client functionality
[H3C]debugging habp # Trace HABP negotiation events
# NTDP assists in topological discovery for clustering environments
[H3C]ntdp enable # Enable Topology Discovery Protocol
[H3C]debugging ntdp # Trace NTDP signaling
10. Network Management (SNMP)
Configure Simple Network Management Protocol agents and traps.
[H3C]snmp-agent community ro_secret # Define read-only community string
[H3C]snmp-agent max-size 1550 # Adjust UDP payload size for packets
[H3C]snmp-agent sys-info contact SupportTeam location DataCenter ver v2c # Update system identity text
[H3C]undo snmp-agent # Stop SNMP agent process entirely
[H3C]display snmp-agent community # Verify community strings setup
[H3C]display snmp-agent sys-info # Show configured device info
[H3C]debugging snmp-agent packet|process # Monitor SNMP packet flow or logic
11. Multicast Control
Optimize multicast delivery using Snooping logic.
[H3C]igmp-snooping # Enable IGMP Snooping globally
[H3C]igmp-snooping router-aging-time 400 # Tune router port invalidation period (seconds)
[H3C]igmp-snooping max-response-time 20 # Adjust query response wait window
[H3C]igmp-snooping host-aging-time 250 # Set host membership expiry duration
[H3C-Ethernet1/0/1]igmp-snooping fast-leave # Immediate leave processing upon disconnect request
[H3C]display igmp-snooping configuration # Print active snooping parameters
[H3C]display igmp-snooping statistics # Count received/sent IGMP reports
[H3C]display igmp-snooping group vlan 20 # List multicast groups per VLAN
[H3C]reset igmp-snooping statistics # Flush statistic counters
[H3C]debugging igmp-snooping # Debug snooping decision engine
12. Diagnostic Utilities
Run low-level troubleshooting commands for protocol verification.
debugging all # Enable every protocol debug stream
terminal debugging # Display debug messages on active terminal
debugging drv # Trace driver layer packet payloads
[H3C]display debugging # Enumerate currently active debug flags
13. Port-Based Authentication (802.1x)
Implement strict access control at the edge ports.
[H3C-Ethernet1/0/1]dot1x # Enable 802.1x globally or per port
[H3C-Ethernet1/0/1]dot1x port-control unauthorized-force # Allow access without auth trial
[H3C-Ethernet1/0/1]dot1x port-method portbased # Enforce control by port vs MAC
[H3C-Ethernet1/0/1]dot1x max-user 15 # Cap concurrent sessions on port
[H3C]dot1x authentication-method eap # Select EAP relay method for RADIUS
[H3C-Ethernet1/0/1]dot1x re-authenticate # Periodically force re-validation
[H3C]dot1x timer handshake-period 20 reauth-period 3600 quiet-period 30 tx-period 30 supp-timeout 30 server-timeout 200 # Tune 802.1x timing constants
[H3C]display dot1x statistics # Review authentication success/fail rates
debugging dot1x # Trace EAP packet exchange logic
14. Remote AAA (RADIUS)
Integrate centralized authentication servers for validation.
[H3C]radius scheme Auth_Server # Select predefined radius instance
[H3C-radius-auth]primary authentication 172.16.10.5 1812 # Point primary auth server
[H3C-radius-auth]key authentication SharedSecret#123 # Set shared encryption key
[H3C-radius-auth]timer 5 # Configure server reply timeout (sec)
[H3C-radius-auth]retry 5 # Set failed request retry count
[H3C]display radius # Verify scheme connectivity status
[H3C]debugging radius packet # Trace raw radius messages