H3C - MSR810

最後更新: 2020-02-13




display version

H3C Comware Software, Version 7.1.064, Release 0707P16
Copyright (c) 2004-2019 New H3C Technologies Co., Ltd. All rights reserved.
H3C MSR810 uptime is 4 weeks, 0 days, 20 hours, 10 minutes
Last reboot reason : Power on
Boot image: flash:/msr810-cmw710-boot-r0707p16.bin
Boot image version: 7.1.064P88, Release 0707P16
  Compiled Jun 12 2019 15:00:00


CPU ID: 0xa
1G bytes DDR3 SDRAM Memory
256M bytes Flash Memory
PCB               Version:  2.0
CPLD              Version:  0.0
Basic    BootWare Version:  1.61
Extended BootWare Version:  1.61
[SLOT  0]CON                       (Hardware)2.0,   (Driver)1.0,   (CPLD)0.0
[SLOT  0]GE0/0                     (Hardware)2.0,   (Driver)1.0,   (CPLD)0.0
[SLOT  0]4GSW                      (Hardware)2.0,   (Driver)1.0,   (CPLD)0.0
[SLOT  0]SFP0/5                    (Hardware)2.0,   (Driver)1.0,   (CPLD)0.0
[SLOT  0]CELLULAR0/0               (Hardware)2.0,   (Driver)1.0,   (CPLD)0.0
[SLOT  0]WLAN-Radio0/0             (Hardware)2.0,   (Driver)1.0,   (CPLD)0.0
[SLOT  1]CELLULAR1/0               (Hardware)1.0,   (Driver)1.0,   (CPLD)0.0





ctrl+z           # 返回 User mode




<Router>screen-length disable


exit, end, quit

save force


Dump Setting


# ALL Setting

display current-configuration

# 部份 Setting

display current-configuration interface Vlan-interface1

interface Vlan-interface1
 ip address
 packet-filter 3000 inbound
 dhcp server apply ip-pool 1

display current-configuration configuration acl-ipv4-adv

acl advanced 3000
 rule 0 deny ip destination

display current-configuration configuration acl-ipv4-basic





display interface brief

display interface GigabitEthernet0/4

set ip

interface GigabitEthernet 0/0

ip address dhcp-alloc

ip address

duplex & speed

interface GigabitEthernet 0/4

duplex full
speed 1000




display vlan

 Total VLANs: 2
 The VLANs include:
 1(default), 12

display vlan brief

display vlan 12

 VLAN type: Static
 Route interface: Configured
 IPv4 address:
 IPv4 subnet mask:
 Description: Oasis Staff
 Name: VLAN 0012
 Tagged ports:   None
 Untagged ports:

display interface Vlan-interface 12


# 建立 vlan

vlan vlan-id

# 將 port 放到 vlan

# By default, all ports belong to VLAN 1.

vlan vlan-id

port interface-list




# 建立 DHCP Pool

dhcp server ip-pool 4

address range
network mask

# 查看 Pool

display dhcp server pool

# Pool bind NIC

interface interface-type interface-number

dhcp server apply ip-pool pool-name

# Enable DHCP Servcie

# By default, DHCP is disabled.

dhcp enable

# Enabling the DHCP server on an interface

# By default, the DHCP server is enabled on the interface.

interface interface-type interface-number

dhcp select server

# Check IP Usage

display dhcp server ip-in-use




用 Wan 上網

[H3C]interface GigabitEthernet 0/0
[H3C- GigabitEthernet 0/0]nat outbound

Port Forward

interface GigabitEthernet0/0
 port link-mode route
 description Single_Line1
 ip address dhcp-alloc
 packet-filter name WebTelnet2 inbound
 nat outbound
 nat server protocol tcp global current-interface 8443 inside 443




View Setting

display ddns policy

Modify Setting

# DDNS Login

ddns policy WAN0(GE0/0)      # WAN0(GE0/0) 是任意名
url http://members.3322.org/dyndns/update?system=dyndns&hostname=<h>&myip=<a>
method http-get
username xx
password xx

# Wan NIC

interface GigabitEthernet0/0
ddns apply policy WAN0(GE0/0) fqdn my.domain




ACL 類型

  • Basic ACLs  2000 to 2999
  • Advanced ACLs  3000 to 3999
  • Layer 2 ACLs  4000 to 4999

When a packet matches a rule, the device stops the match process and performs the action defined in the rule.

A rule with a lower ID is matched before a rule with a higher ID.


acl basic { acl-number | name acl-name } [ match-order { auto | config } ]  

description text

rule [ rule-id ] { deny | permit } [ counting | fragment | logging | source
{ object-group address-group-name | source-address source-wildcard |
any } | time-range time-range-name | vpn-instance vpn-instance-name ] *

rule rule-id comment text

Basic ACLs match packets based only on source IP addresses.


[Device] acl advanced 3000

[Device-acl-ipv4-adv-3000] rule permit ip source destination 0

display acl 3000

[Device] interface gigabitethernet 1/0/1

[Device-GigabitEthernet1/0/1] packet-filter 3000 outbound

[Device-GigabitEthernet1/0/1] quit

[Device-acl-ipv4-adv-3000] rule permit ip source destination 0


wildcard: more 0s means a narrower IPv4 address range


[Router]display current-configuration interface Vlan-interface 13




System-defined security zones

zones: Local, Trust, DMZ, Management, and Untrust

  • The system creates these security zones automatically when one of following events occurs:
  • The first command for creating a security zone is executed.
  • The first command related to creating a interzone policy is executed.

Default Rule

Packets between an interface that is in a security zone and an interface that is not in any security zone

=> Discard

Packets between two interfaces that are in the same security zone

=> Discard by default (security-zone intra-zone default permit )

Interzone policy

=> Discard by default

Packets between two interfaces that are not in any security zone

=> Forward

Packets originated from or destined for the device itself

=> Discard by default


1) 建立 ACL

acl basic name AllowAll
 rule 0 permit

acl basic name DenyAll
 rule 0 deny

2) Creating a security zone & Add NIC to Zone

# Creating Zone

security-zone name zone-name

# Add NIC to Zone

import interface layer3-interface-type layer3-interface-number
import interface layer2-interface-type layer2-interface-number vlan vlan-list

3) Interzone policy

zone-pair security source A_zone destination B_zone
 packet-filter name AllowAll

any           Any security zone


display security-zone [ name zone-name ]

display zone-pair security




Limit Traffic

qos car { inbound | outbound } { any | acl [ ipv6 ] acl-number | carl carl-index } \
cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ]
[ green action | red action | yellow action ] *

undo qos car ...

 * You can configure multiple qos car commands on an interface to define multiple CAR policies.


  • cir: 8~10000000 (Unit: kbps)
  • cbs:  1000 to 1000000000 (Unit: kbps)
    (CBS is smaller than (100/16)CIR, and this maybe effect network traffic burst)
    (The default CBS is the traffic transmitted at the rate of the CIR for 500 milliseconds)
  • ebs: excess-burst-size (0 to 1000000000. The default is 0 byte)


  • green action: conform to the CIR. Default: pass
  • red action: conform to neither CIR nor PIR. Default: discard
  • yellow action: conform to the PIR but not to the CIR. Default: pass

• discard: Drops the packet.
• pass: Permits the packet to pass through.


<Sysname> system-view
[Sysname] interface gigabitethernet 0/1
[Sysname-GigabitEthernet0/1] qos car outbound any cir 30000


undo qos car inbound any
undo qos car outbound any




Wifi Client info

display wlan wmm client ?

  all          All clients or radios
  ap           Specify an AP by its name
  mac-address  Specify a client by its MAC address

<AC>display wlan wmm client mac-address x-x-x

 MAC address : 000d-f073-7410        SSID : test
 QoS mode : WMM
 APSD information :
  Max SP Length : N/A
  L: Legacy     T: Trigger      D: Delivery
  AC            AC-BK   AC-BE   AC-VI   AC-VO
  Assoc state   L       L       L       L
 Statistic information :
  Uplink packets   : 0           Downlink packets   : 0
  Uplink bytes     : 0           Downlink bytes     : 0
  Downgrade packets    : 0           Discarded packets        : 0
  Downgrade bytes      : 0           Discarded bytes          : 0


reset wlan wmm client all

display mac-address

MAC Address      VLAN ID    State            Port/NickName            Aging
????-????-????   1          Client           WLAN-BSS1/0/9482         N

display wlan client

Total number of clients: 102

MAC address    User name            AP name               R IP address      VLAN
000d-f073-7410 N/A                  ap27                  3    1

display wlan client status

Total number of clients: 100

MAC address     Access time  RSSI  Rx/Tx rate      Discard  AP name     RID
000d-f073-7410  N/A          N/A   65/1Mbps        0.00%    ap27          3


display wlan ap all

Total number of APs: 40
Total number of connected APs: 38
Total number of connected manual APs: 38
Total number of connected auto APs: 0
Total number of connected common APs: 38
Total number of connected WTUs: 0
Total number of inside APs: 0
Maximum supported APs: 256
Remaining APs: 218
Total AP licenses: 40
Remaining AP licenses: 2
Sync AP licenses: 0

                                 AP information
 State : I = Idle,      J  = Join,       JA = JoinAck,    IL = ImageLoad
         C = Config,    DC = DataCheck,  R  = Run,   M = Master,  B = Backup

AP name                        APID  State Model           Serial ID
ap1                            1     R/M   WA5530          ???????????????????

display wlan ap all address

AP name                          IP address          MAC address
ap1                             ????-????-????

display wlan ap connection record all

AP name                         IP address      State     Time
ap21                      Run       02-12 13:31:07

Limit Speed

Setting: client-rate-limit

wlan service-template 3
 ssid test
 vlan 13
 akm mode psk
 preshared-key pass-phrase cipher ?????
 cipher-suite tkip
 security-ie rsn
 security-ie wpa
 client-rate-limit enable
 client-rate-limit inbound mode dynamic cir 10000
 client-rate-limit outbound mode dynamic cir 10000
 service-template enable


  • inbound = client to AP


display wlan service-template

Total number of service templates: 3
Service template name           SSID                Status
1                               OASIS               Enabled





  • -a             Specify the source IP address
  • -i             Specify an outgoing interface


ping -a -i Vlan-interface 13