网络工程师-华为设备配置命令2

(1)配置交换机的设备名称，管理vlan和telnet

//⽤户视图提⽰符

syster-view //进⼊系统视图

[HIUAWEI] sysname Switehl∥修改设备名称为SW1

[Switchl] vlan 5 //创建交换机管理 VLAN 5

[Switch1-VLAN5] management-vlan

[Switch1-VLAN5] quit

[Switchl] interface vlanif 5 //创建交换机管理VLAN的 VLANIF接⼝

[Switchl-vlanif5] ip address 10.10.1.1 24∥配置 VLANIF接⼝IP地址

[Switchl-vlanif5] quit

[Switchl] telnet server enable //Telnet默认是关闭的，需要打开

[Switchl] user-interface vty 0 4 ∥开启VTY线路模式

[Switchl-ui-vty0-4] protocol inbound telnet∥配 telnet置协议

[Switchl-ui-vty0-4] authentication-mode aaa //配置认证⽅式

[Switchl-ui-vty0-4]quit

[Switchl]aaa

[SwitchI-aaa] local-user admin password irreversible-cipher Hello@123 //配置⽤户名和密码,⽤户名不区分⼤⼩写，密码区分⼤⼩写[Switchl-aaa] local-user admin privilege level 15∥将管理员的账号权限设置为15(最⾼)

[SwitchI-aaa]quit

[SwitchI ]quit

< Switchl>save

∥在⽤户视图下保存配置

(2)登录Telnet到交换机，出现⽤户视图提⽰符

C:\Documents and Settings\Administrator> telnet 10.10.1.1 //输⼊交换机管理IP

Login authentication

Usemame:admin //输⼊⽤户名和密码

Password:

Info: The max number of VTY users is 5, and the number

of current VTY users on line is 1.

The current login time is 2016-07-03 13: 33: 18+00:00.

∥⽤户视图命令⾏提⽰符

(3)配置交换机的接⼝，配置对象主要有接⼝隔离，速率，双⼯。

配置接⼝ GE1/0/1和GE1/0/2的端⼝隔离，实现⼆层数据隔离，三层数据互通。

< Switch1> system–view

[Switch1] port-isolate mode 12

[Switchl] interface gigabitethernet 1/0/1

[Switch1-GigabitEthernet1/0/1] port-isolate enable group 1

[Switch1-GigabitEthernet1/0/1] quit

[Switchl] interface gigabitethemet1/0/2

[Switch1-GigabitEthernet1/0/2] port-isolate enable group 1

[Switch1-GigabitEthernet1/0/2] quit

#配置以太⽹接⼝GE/0/1在⾃协商模式下协商速率为100Mb/

< Switch1> system-view

[Switchl] interface gigabitethernet 0/0/1

[Switch1-GigabitEthernet0/0/1] negotiation auto

[Switch1-GigabitEthernet0/0/1] auto speed 100

#配置以太⽹电接⼝GE0/0/1在⾃协商模式下双⼯模式为全双⼯模式

< SwitchI> system-view

[SwitchI] interface gigabitethernet 0/0/1

[Switch1-GigabitEthernet0/0/1] negotiation auto

(4)查看和配置MAC地址表，

display mac-address

#执⾏命令display interface vlanif5，显⽰ VLANIF接⼝的MAC地址

display interface vlanif 5

Vlanifs current state: DOWN

Line protocol current state: DOWN

Description:

Route Port, The Maximum Transmit Unit is 1500

Internet Address is 192.168.1.1/24

IP Sending Frames’ Format is PKTFMT ETHNT 2, Hardware address is 00e0-0987-

Current system time: 2016-07-03 13:33:09+08:00

Input bandwidth utilization:–

Output bandwidth utilization:–

#在MAC地址表中增加静态MAC地址表项,⽬的MAC地址为0001-0002-0003,vlan 5的报⽂，从接⼝ gigabitethernet0/0/5转发出去[Switchl] mac-address static 0001-0002-0003 gigabitethernet 0/0/5 vlan 5

(5)#基于接⼝划分VLAN

system-view //进⼊交换机系统视图

[HUAWEI] sysname SwitchA //交换机命名

[SwitchA] vlan batch 2 //批量⽅式建⽴VLAN2

[SwitchA] interface gigabitethernet 0/0/1 //进⼊交换机接⼝视图

[SwitchA-GigabitEthernet0/0/1] port link-type access //配置接⼝类型

[SwitchA-GigabitEthernet0/0/1] port default vlan 2 //将接⼝加⼊VLAN2 [SwitchA-GigabitEthernet0/0/1] quit

[SwitchA] interface gigabitethernet 0/0/2 ∥在接⼝视图配置上联接⼝

[SwitchA-GigabitEthernet0/0/2] port link-type trunk //配置上联接⼝类型[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 //通过VLAN2 [SwitchA-GigabitEthernet0/0/2] quit

(6)#基于MAC地址划分VLAN

system-view

[HUAWEI] sysname SwitchA

[SwitchA] vlan batch 2

[SwitchA] interface gigabitethernet 0/0/1 //在接⼝视图配置上联接⼝

[SwitchA-GigabitEthernet0/0/1] port link-type hybrid //配置上联接⼝类型[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 2 //通过VLAN2 [SwitchA-GigabitEthernet0/0/1] quit

[SwitchA] interface gigabitethernet 0/0/2 //进⼊交换机接⼝视图

[SwitchA-GigabitEthernet0/0/2] port link-type hybrid //配置接⼝类型

SwitchA-GigabitEthernet0/0/2] port hybrid untagged vlan2 //将接⼝加⼊vlan2 [SwitchA-GigabitEthernet0/0/2] quit

[SwitchA]vlan 2

[SwitchA-vlan2] mac-vlan mac-address 22-22-22 //PC的MAC地址与VLAN2关联[SwitchA-vlan2] quit

[SwitchA] interface gigabitethemnet 0/0/2

[SwitchA-GigabitEthernet0/0/2] mac-vlan enable //基于MAC地址启⽤接⼝[SwitchA-GigabitEthernet0/0/2] quit

(7)配置stp

system-view

[HUAWEI] sysname SwitchA

[SwitchA] stp mode stp

配置根桥和备份根桥设备

#配置 Switcha为根桥

[Switcha] stp root primary

#配置 Switchb为备份根桥

[Switchb] stp root secondary

配置 Switcha的端⼝路径开销计算⽅法为华为计算⽅法, Switche、 Switch配置⽅法[Switcha] stp pathcost-standard legacy

#配置 Switchc端⼝ Gigabitethernet0/0/1端⼝路径开销值为2000

[Switchc] stp pathcost-standard legacy

[switchc] interface gigabitethernet 0/0/1

[switchc-gigabitetherneto/0/1] stp cost 20000

[Switchc-gigabitethernet0/0/1] quit

启⽤STP，实现破除环路，将与PC机相连的端⼝设置为边缘端⼝并启⽤端⼝的⽂过滤功能#配置 Switch端⼝ Gigabitetherner2为边缘端⼝并启⽤端⼝的BPDU报⽂过滤功能[Switchb] interface gigarabitethemet0/02

[switchb-gigabitethereto/0/2] stp edged-port enable

[switchb-gigabitethemet0/0/2] stp bpdu-filter enable

[switchb-gigabite thereto/0/2] quit

#配置 Switchc端⼝ Gigabitethemet002为边缘端⼝并启⽤端⼝的BPDU报⽂过波功能[SwitchC] interface glgabitethemet 0/0/2

[switchc-gigabitethemeto/0/2] stp edged- port enable

[switchc-gigabitethernet0/0/2] stp bpdu-filter enable

[switchc-gigabitethermeto/0/2] quit

设备全局启⽤STP，所有设备配置相同。

#设备 Switcha全局启⽤STP

[SwitchA]stp enable

检查配置结果

[SwitchA]display stp brief

查g0/0/1

[SwitchA]display stp interface gigabitethernet 0/0/1 brief

(8)配置SFTP

#配置SFTP服务器功能及参数

system-view

[Huawei] sysname SFTP Server

[FTP Server] rsa local-key-pair createThe key name will be: Host

RSA keys defined for Host already exist.

Confirm to replace them? (y/n)n]:y

The range of public key size is (512~2048).

NOTES: If the key modulus is less than 2048,

It will introduce potential security risks.

Input the bits in the modulus[default =2048]: 2048

Generating keys…

[SFTP Server] sftp server enable

#配置SSH⽤户登录的⽤户界⾯

[SFTP Server] user-interface vty 04

[SFTP Server-ui-vty0-4] authentication-mode aaa

[SFTP Server-ui-vty0-4] protocol inbound all

[SFTP Server-ui-vty0-4] user privilege level 15

[SFTP Server-ui-vty0-4] quit

#配置SSH⽤户

[SFTP Server] aaa

[SFTP Server-aaa] local-user user password

Please configure the login password(8-128)

It is recommended that the password consist of at least 2 types of characters, i ncluding lowercase letters, uppercase letters, numerals and special characters Please enter password:

Please confirm password:

[SFTP Server-aaa] local-user user privilege level 15

[SFTP Server-aaa] local-user user service-type ssh

[SFTP Server-aaa] local-user user ftp-directory flash:\autoconfig

[SFTP Server-aaa]quit

[SFTP Server]ssh user user authentication-type password

#配置SFTP服务器的IP地址

[SFTP Server] interface gigabitethernet

0/0/1

[SFTP Server-GigabitEthernet0/0/1] ip address 172.16.100.100 255.255.255.0 [SFTP Server-GigabitEthernet0/0/1] quit

#在SFTP服务器上配置缺省路由

[SFTP Server] ip route-static 0.0.0.0 0.0.0.0 172.16.100.1

步骤2：将配置⽂件、系统软件和补丁⽂件上传⾄SFTP服务器的⼯作⽬录hah

上(上传步骤略)

步骤3：配置DHCP服务器(以AR2220为例)

system-view

[Huawei] sysname DHCP Server

[DHCP Server] dhep enable

[DHCP Server] vlan 10

[DHCP Server-vlan10] quit

[DHCP Server] interface ethernet 1/0/1

DHCP Server-Ethernet1/0/1] port link-type hybrid

[DHCP Server-Ethernet1/0/1] port hybrid untagged vlan 10

[DHCP Server-Ethernet1/0/1] port hybrid pvid vlan 10

[DHCP Server-Ethernet1/0/1] quit

[DHCP Server] interface ethernet 1/0/2

[DHCP’Server-Ethernet1/0/2] port link-type hybrid

[DHCP Server-Ethernet1/0/2] port hybrid untagged vlan 10

[DHCP Server-Ethernet1/0/2] port hybrid pvid vlan 10

[DHCP Server-Ethernet1/0/2] quit

[DHCP Server] interface ethernet 1/0/3

[DHCPServer-Ethernet1/0/3] port link-type hybrid

[DHCP Server-Ethernet1/0/3] port hybrid untagged vlan 10

[DHCP Server-Ethernet1/0/3] port hybrid pvid vlan 10

[DHCP Server-Ethernet1/0/3] quit

[DHCP Server] interface gigabitEthernet 0/0/1

[DHCP Server-GigabitEthernet0/0/1] ip address 172.16.100.1 255.255.255.0 [DHCP Server-GigabitEthernet0/0/1] quit

[DHCP Server] interface vlanif 10

[DHCP Server-Vlanif10] ip address 172.16.200.100 255.255.255.0

[DHCP Server-Vlanif10] dhcp select global

[DHCP Server-Vlanif10] quit

[DHCP Server] ip pool auto-con fig

[DHCP Server-ip-pool-auto-config] network 172.16.200.0 255.255.255.0

[DHCP Server-ip-pool-auto-config] gateway-list 172.16.200.100

[DHCP Server-ip-pool-auto-config] option 67 ascii_ar V200R008 (C20&C30) cfg [DHCP Server-ip-pool-auto-config] option 141 ascii user

[DHCP Server-ip-pool-auto-config] option 142 cipher huawei@123

[DHCP Server-ip-pool-auto-config] option 143 ip-address 172.16.100.100 [DHCPServer-ip-pool-auto-config]option145ascii vrpfile=auto V200R008

(c20&C30).cc;vrpver=-V200R008 (C20&C30;patchfile=ar V200R008 (C20&C30)

(9)静态路由

interface GigabitEthernet0/0/1 //接⼝视图配置R1的接⼝地址

ip address 10.1.1.1 255.255.255.0

interface GigabitEthernet0/0/2

address10.1.4.1 255.255.255.252

ip route-static 10.1.2.0 255.255.255.0 10.1.4.2 //系统视图配置R1到不同⽹段的静态ip route-static 10.1.3.0 255.255.255.0 10.1.4.2

return

路由器R2配置⽂件如下。

interface GigabitEthernet0/0/1

接⼝视图配置R2的接⼝地址

ip addres10.1.2.1 255.255.255.0

interface GigabitEthernet0/0/2 address10.1.4.2 255.255.255.252 interface GigabitEthernet0/0/0 display routing-table protocol static (10)ipv6

ipv6 //启⽤路由器IPv6报⽂转发能⼒interface GigabitEthernet1/0/0

/在接⼝上启⽤IPv6功能

ipv6 enable

ipv6 address 1::164

interface GigabitEthernet2/0/0

ipv6 enable

ipv6 address 3:: 1 64

ipv6 route-static 2:: 64 3::1

/配置R1到2:64⽹段的静态路由

return

R2的相关配置如下。

ipv6

interface GigabitEthernet1/0/0

ipv6 enable

ipv6 address 2:: 1 64

interface GigabitEthernet2/0/0

ipv6 enable

ipv6 address 3:: 2 64

ipv6 route-static 1:: 64 3::2

配置R1到1:64⽹段的静态路由

retum

display ipv6 routing-table

(11)rip

配置路由器R1的RIP功能

[RI] rip

[R1-rip-1] network192.168.1.0 [RI-rip-l] quit

#配置路由器R2的RIP功能

[R2] rip

[R2-rip-1] network 192.168.1.0 [R2-rip-1] network 10.0.0.0

[R2-rip-1] quit

配置路由器R3的RIP功能

[R3]rip

[R3-rip-1]network172.16.0.0

[R3-ip-1]quit

display rip 1 route

[R1]rip

[R1-rip-1]version 2

[R1-rip-1]quit

(12)ISIS

isis[ process-i-id] 创建IS-IS进程并进⼊IS-IS视图

isis circuit-level[level-1 level-1-2|level-2] 设置接⼝的 Level级别，默认情况下，接⼝level为 level–1-2 network-entity net 设置⽹络实体名称

net格式为x….xx.xxxx.xxx.00，前⾯的“x-r

是区域地址，中间的12个“X”是路由器的System ID 最后的“00”是SEL

isis enable[process-id] 指定IS-IS的进程号，默认为1,IS-IS将通过该接⼝建⽴邻居、扩散LSP报⽂

display isis peer 查看IS-IS的邻居信息

display isis route 查看IS-IS的路由信息

(13)配置OSPF

#配置R路由器接⼝的IP地址

system-view

[Huawei] sysname RI

[R1] interface gigabitethernet 0/0/1

[RI-GigabitEthernet0/0/1] ip address 192.168.1.1 24

[R1-GigabitEthernet0/0/1] quit

[RI] interface gigabitethernet 0/0/2

[RI-GigabitEthernet0/0/2] ip address 192.168.2.124

[R1-GigabitEthernet0/0/2] quit

在路由器R1上配置OSPF基本功能

[R1] router id 1.1.1.1

[R1] ospf

[RI-ospf-1] area 0

[ospf-l-ara-0.0.0.0] network192.168.1.00.0.0.255

[R1-opf-1-area-0.0.0.0] quit

[RI-ospf-1] area 1

[ospf-l-ara-0.0.0.1] network192.168.1.00.0.0.255

[R1-opf-1-area-0.0.0.0] quit

ospf [process-id | router-id | router-id | vpn-instance vpn-instance-name] 启动OSPF进程，进⼊OS视图area area-id 创建并进⼊OSPF区域视图

network ip-address wildcard-mask 配置区域所包含的⽹段

display ospf peer 查看OSPF邻居信息

display ospf routing 查看OSPF路由信息

(14)BGP

#配置各接⼝的P地址，配置R1，其他路由器各接⼝的IP地址与此配置⼀致

system-view

[RI] interface gigabitethernet 1/0/0

[R1-GigabitEthernet1/0/0] ip address 172.16.60.1

[R1-GigabitEthernet1/0/0] quit

配置IBGP连接，配置R2、R3、R4

[R2]bgp 65009

[R2-bgp] router-id 2.2.2.2

[R2-bgp] peer 9.1.1.2 as-number 65009

[R2-bgp] peer 9.1.3.2 as-number 65009

[R3]bgp65009

[R3-bgp] router-id 3.3.3.3

[R3-bgp] peer 9.1.3.1 as-number 65009

[R3-bgp] peer 9.1.2.2 as-number 65009

[R3-bgp] quit

BGP的相关命令

bgp{as-number-plain | as-number-dot} 启动BGP，指定本地AS编号，并进⼊BGP视图

router-id ipv4-address 配置BGP的 Router ID

peer{ipv4-address|ipv6-address} as-number{as-number-plain|as-number-dot} 创建BGP对等体ipv4-family{unicast|multicast} 进⼊IPv4地址族视图

import-route direct 管理IP所在的⽹段路由，并引⼊RIP路由表

display bgp peer