H3C 设备配置文件备份还原实验
H3C模拟器搭建实验,仅为参考(2024年1月14日)
实验拓扑
实验需求
1、按照图示连接到真机,并配置IP地址(真机IP地址配置到VirtualBox Host-Only Ethernet Adapter网卡)
2、R1保存当前配置
3、在R1上开启FTP服务
4、使用真机访问FTP服务,把R1的配置文件拷贝到本地
5、在R1上清空配置,重启R1,确认已配置为空配状态
6、再次在R1开启FTP服务,并把真机拷贝的配置文件还原到路由器
7、更改R1的启动配置文件名
8、再次重启R1,确认配置已还原
实验步骤
配置IP地址
R1接口配置
#
sysname R1
#
interface GigabitEthernet0/1
ip address 192.168.56.2 255.255.255.0
PC接口配置
Host_1 192.168.56.1/24
3.2R1开启FTP服务,创建用test,密码12345678,保存当前配置
开启FTP服务
#
ftp server enable
密码复杂度关闭
(实验阶段可全部关闭,在实际项目实施中建议依据安全原则设定密码强度)
#
undo password-control length enable //关闭最小密码长度
undo password-control composition enable //关闭指定密码类型组合
创建FTP用户,配置密码,设置用户权限,服务类型
# local-user test class manage password hash $h$6$RNu+OxTxuo4e7ryK$YS82RTXhoaYJodktLHwfLzWEklrJZgMHFUT/v0q0GBAQYpz6XheSMiKIUBzHYCs+Q9Ix33Cuo3aHx6bbiBgCXg<span style="font-weight: bold;" class="mark"> service-type ftp authorization-attribute user-role level-15 authorization-attribute user-role network-operator
保存当前配置
[R1]save The current configuration will be written to the device. Are you sure? [Y/N]:y Please input the file name(*.cfg)[flash:/startup.cfg] (To leave the existing filename unchanged, press the enter key): Validating file. Please wait... Configuration is saved to device successfully.
<R1>dir
Directory of flash: (VFAT)
0 drw- - Jan 14 2024 18:03:00 diagfile
1 -rw- 252 Jan 14 2024 18:53:08 ifindex.dat
2 -rw- 43136 Jan 14 2024 18:03:00 licbackup
3 -rw- 43136 Jan 14 2024 18:03:00 licnormal
4 drw- - Jan 14 2024 18:47:48 logfile
5 -rw- 0 Jan 14 2024 18:03:00 msr36-cmw710-boot-r0424p22.bin
6 -rw- 0 Jan 14 2024 18:03:00 msr36-cmw710-system-r0424p22.bin
7 drw- - Jan 14 2024 18:03:00 seclog
8 -rw- 2604 Jan 14 2024 18:53:08 startup.cfg
9 -rw- 43790 Jan 14 2024 18:53:08 startup.mdb
1046512 KB total (1046340 KB free)
使用FTP访问R1,备份配置文件
使用资源管理器访问FTP服务
复制R1的配置文件
将startup.cfg和startup.mdb 两个文件进行备份
清空R1配置
恢复出厂设置
<R1>reset saved-configuration The saved configuration file will be erased. Are you sure? [Y/N]:y Configuration file in flash: is being cleared. Please wait ... Configuration file is cleared.
重启
<R1>reboot
Start to check configuration with next startup configuration file, please wait.........DONE!
Current configuration may be lost after the reboot, save current configuration? [Y/N]:n //不保存
This command will reboot the device. Continue? [Y/N]:y
Now rebooting, please wait...
%Jan 14 18:47:49:981 2024 R1 DEV/5/SYSTEM_REBOOT: System is rebooting now.
空配置状态
<H3C>dir Directory of flash: (VFAT) 0 drw- - Jan 14 2024 18:03:00 diagfile 1 -rw- 252 Jan 14 2024 18:53:08 ifindex.dat 2 -rw- 43136 Jan 14 2024 18:03:00 licbackup 3 -rw- 43136 Jan 14 2024 18:03:00 licnormal 4 drw- - Jan 14 2024 18:47:48 logfile 5 -rw- 0 Jan 14 2024 18:03:00 msr36-cmw710-boot-r0424p22.bin 6 -rw- 0 Jan 14 2024 18:03:00 msr36-cmw710-system-r0424p22.bin 7 drw- - Jan 14 2024 18:03:00 seclog1046512 KB total (1046388 KB free)
<H3C>dis cu
#
version 7.1.064, Release 0427P22
#
sysname H3C
#
system-working-mode standard
xbar load-single
password-recovery enable
lpu-type f-series
#
vlan 1
#
interface Serial1/0
#
interface Serial2/0
#
interface Serial3/0
#
interface Serial4/0
#
interface NULL0
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
还原R1配置
再次把R1的GE0/1口配置IP地址,并开启FTP(略)
使用FTP上传备份文件(略)
加载原备份配置文件
<H3C>startup saved-configuration startup.cfg
Please wait...... Done.
重启
<H3C>reboot
Start to check configuration with next startup configuration file, please wait.........DONE!
Current configuration may be lost after the reboot, save current configuration? [Y/N]:n
This command will reboot the device. Continue? [Y/N]:y
检验配置还原状态
%Jan 14 19:20:50:026 2024 H3C DEV/5/SYSTEM_REBOOT: System is rebooting now.
Cryptographic algorithms tests passed.
Line con0 is available.
Press ENTER to get started.
<R1>%Jan 14 19:21:11:296 2024 R1 SHELL/5/SHELL_LOGIN: Console logged in from con0.
<R1>dis cu
#
version 7.1.064, Release 0427P22
#
sysname R1
#
system-working-mode standard
xbar load-single
password-recovery enable
lpu-type f-series
#
vlan 1
#
interface Serial1/0
#
interface Serial2/0
#
interface Serial3/0
#
interface Serial4/0
#
interface NULL0
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
ip address 192.168.56.2 255.255.255.0
#
interface GigabitEthernet0/2
port link-mode route
combo enable copper
#
interface GigabitEthernet5/0
port link-mode route
combo enable copper
#
interface GigabitEthernet5/1
port link-mode route
combo enable copper
#
interface GigabitEthernet6/0
port link-mode route
combo enable copper
#
interface GigabitEthernet6/1
port link-mode route
combo enable copper
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line aux 0
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 63
user-role network-operator
#
undo password-control length enable
undo password-control composition enable
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user test class manage
password hash $h$6$RNu+OxTxuo4e7ryK$YS82RTXhoaYJodktLHwfLzWEklrJZgMHFUT/v0q0GBAQYpz6XheSMiKIUBzHYCs+Q9Ix33Cuo3aHx6bbiBgCXg</span>
service-type ftp
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
ftp server enable
#
return
<R1>
<R1>dir Directory of flash: (VFAT) 0 drw- - Jan 14 2024 19:10:48 diagfile 1 -rw- 43136 Jan 14 2024 19:10:48 licbackup 2 -rw- 43136 Jan 14 2024 19:10:48 licnormal 3 drw- - Jan 14 2024 19:13:00 logfile 4 -rw- 0 Jan 14 2024 19:10:48 msr36-cmw710-boot-r0424p22.bin 5 -rw- 0 Jan 14 2024 19:10:48 msr36-cmw710-system-r0424p22.bin 6 drw- - Jan 14 2024 19:10:48 seclog 7 -rw- 2604 Jan 14 2024 19:17:28 startup.cfg 8 -rw- 43790 Jan 14 2024 19:17:28 startup.mdb
1046512 KB total (1046344 KB free)
自此配置还原成功
备注
配置密码时不符合设备出厂默认安全要求时提示的如下信息:
The new password is too short. It must contain at least 10 characters.
新密码太短。它必须至少包含10个字符。
Invalid password composition. The new password must contain at least 2 types and at least 1 characters for each type.
密码组合无效。新密码必须至少包含2种类型,每种类型至少包含1个字符。
实验附件
标签:H3C,14,配置文件,level,备份,2024,role,Jan,R1 From: https://www.cnblogs.com/caomojian/p/18008449/h3c-device-configuration-file-backup-and-rest