华为 实验基础配置命令 工程师必备

华为 基础实验配置命令

总结一些常用的实验基础配置命令

拓扑

OSPF协议

[AR-2]ospf 1 router-id 2.2.2.2 //启用OSPF，指定router-id为2.2.2.2
[AR-2-ospf-1]area 0 //进入区域0
[AR-2-ospf-1-area-0.0.0.0]net 12.1.1.2 0.0.0.0 //宣告接口12.1.1.2 0

静态路由协议

[AR-2]ip route-static 192.168.1.0 24 12.1.1.1 //配置静态路由，到达目标网络192.168.1.0/24下一跳为12.1.1.1

默认路由

[AR-2]ip route-static 0.0.0.0 0.0.0.0 12.1.1.1 //配置默认路由，下一跳为12.1.1.1

Rip协议

[AR-1]rip //进入rip视图
[AR-1-rip-1]network 12.0.0.0 //宣告12.0.0.0网络
[AR-1-rip-1]net 192.168.1.0
[AR-1-rip-1]version 2 //配置Ripv2版本
[AR-1-rip-1]undo summary //关闭自动汇总

Rip与BFD联动

[AR-2]bfd // 全局模式下开启bfd
[AR-2-bfd]rip 1 //进入rip进程，将bfd与rip联动在一起
[AR-2-rip-1]bfd all-interfaces enable //设置所有运行rip的接口都开启bfd
[AR-2-rip-1]bfd all-interfaces min-rx-interval 100 min-tx-interval 100 detect-multiplier 10

Stp协议

[LSW-1]stp enable //启用stp协议
[LSW-1]stp mode stp //设置生成树协议为stp

IS-IS协议

[AR-2]isis //系统模式下开启本设备的IS-IS进程，默认进程1
[AR-2-isis-1]is-level level-1 //修改本设备所有宣告进对IS-IS协议支持模式为L -1级别（默认为L 1/2级别）
[AR-2-isis-1]network-entity 49.0001.0000.0000.0001.00 //宣告本设//备的区域ID为1区域，系统ID为0000.0000.0003；
//服务类型为00代表IPv4协议
[AR-2-GigabitEthernet0/0/0]isis enable 1 //将本接口所属网段宣告进本设备IS-IS进程1中

bgp协议

[AR-1]bgp 65009 //启动BGP，指定本地AS编号，并进入bgp视图
[AR-1-bgp]router-id 1.1.1.1 //配置BGP的router-id
[AR-1-bgp]peer 12.1.1.2 as-number 65009 //创建IBGP邻居关系
[AR-1-bgp]ipv4-family unicast //进入IPV4地址族视图
[AR-1-bgp-af-ipv4]network 12.1.1.0 255.255.255.0 //宣告网络
[AR-1-bgp-af-ipv4]import-route direct //引入直连路由

GVRP协议

[LSW-1]gvrp //全局启用GVRP协议
[LSW-1]int g0/0/1
[LSW-1-GigabitEthernet0/0/1]gvrp //接口启用GVRP协议
[LSW-1-GigabitEthernet0/0/1]gvrp registration normal //设置GVRP工作模式normal

使用Telnet协议登录系统

[AR-1-aaa]local-user HCIE service-type telnet //设置该用户的接入类型为Telnet

[AR-1]int g0/0/0
[AR-1-GigabitEthernet0/0/0]ip address 12.1.1.1 24 //配置IPv4地址

[AR-1]aaa // //进入AAA视图
[AR-1-aaa]local-user HCIE password cipher 1008611
Info: Add a new user.
[AR-1-aaa]local-user HCIE privilege level 3 //权限级别设置为3级

[AR-1]user-interface vty 0 4
[AR-1-ui-vty0-4]authentication-mode aaa //验证模式改成aaa

VLAN间的三层通信

[AR-1]interface vlanif 10 //进入vlan10的三层接口
[AR-1-Vlanif10]ip address 12.1.1.1 24 //设置ip地址

配置和实施Eth-Trunk

[AR-1]int g0/0/0.10
[AR-1-GigabitEthernet0/0/0.10]ip address 172.16.0.1 24
[AR-1-GigabitEthernet0/0/0.10]dot1q termination vid 10 //封装dot1q协议，该子接口对应vlan10
[AR-1-GigabitEthernet0/0/0.10]arp broadcast enable //开启子接口的ARP广播

[AR-2]interface Eth-Trunk 1
[AR-2-Eth-Trunk1]mode manual load-balance //模式为手工负载分担, mode lacp-static是静态LACP模式
[AR-2-Eth-Trunk1]trunkport GigabitEthernet 0/0/0 to 0/0/3

配置DHCP

[DHCP]dhcp enable
[DHCP]ip pool department1 //新增地址池名称为 department1
[DHCP-ip-pool-department1]net 12.1.1.0 mask 26
[DHCP-ip-pool-department1]gateway-list 12.1.1.1 // 网关地址
[DHCP-ip-pool-department1]dns-list 202.1.1.1 8.8.8.8 //dns 地址
[DHCP-ip-pool-department1]domain-name hostyd.club //配置域名为hostyd.club
[DHCP-ip-pool-department1]lease day 3 hour 6 minute 30
[DHCP]int g0/0/0
[DHCP-GigabitEthernet0/0/0]dhcp select global //

DHCP中继代理

[DHCP]int g0/0/0
[DHCP-GigabitEthernet0/0/0]dhcp select relay
[DHCP-GigabitEthernet0/0/0]dhcp relay server-ip 12.1.1.1

NAT

[AR-1]acl 2001 //建立访问控制列表，编号2001，属于基本的访问控制列表
[AR-1-acl-basic-2001]rule permit source 192.168.1.0 0.0.0.255 //建立一条规则允许源IP为192.168.1.0 的数据包通过
[AR-1-acl-basic-2001]rule deny source any //拒绝所有的规则，
[AR-1-acl-basic-2001]nat address-group 1 12.1.1.1 12.1.1.5
[AR-1]int g0/0/0
[AR-1-GigabitEthernet0/0/0]nat outbound 2001 address-group 1
//路由器AR1的g0/0/0出接口方向上做一个端口nat，采用编号为2001的acl访问控制列表中的规则

Acl

[AR-1]acl 2010 //创建ACL 2010
[AR-1-acl-basic-2010]rule permit source 192.168.1.1 0 //配置规则允许源IP地址192.168.1.1的主机
[AR-1-acl-basic-2010]quit

[AR-1]user-interface vty 0 4 //vty 是虚拟窗口
[AR-1-ui-vty0-4]acl 2000 inbound
[AR-1-ui-vty0-4]int g0/0/0
[AR-1-GigabitEthernet0/0/0]traffic-filter outbound acl 2010

ACL配置基于时间及策略

[AR-1]time-range satime 8:00 to 20:00 daily //配置每天8:00至20:00的周期时间段satime
[AR-1]time-range satime from 8:00 2020/04/04 to 20:00 2021/04/04 //配置绝对时间
[AR-1]int Vlanif 10
[AR-1-Vlanif10]traffic-filter inbound acl 3001 //在接口应用ACL 3001

策略路由配置

[AR-1]traffic classifier 1 //创建流分类 1
[AR-1-classifier-1]if-match acl 2000 //匹配ACL2015的流量

[AR-1]traffic behavior 2 //创建流行为 2
[AR-1-behavior-2]redirect ip-nexthop 12.1.1.1 //配置重定向,下一跳为12.1.1.1

[AR-1]traffic policy 3 //创建流策略 3
[AR-1-trafficpolicy-3]classifier 1 behavior 2 //流分类 1关联流行为2
[AR-1-GigabitEthernet0/0/0]traffic-policy 3 inbound //在接口上应用流策略

VRRP

[AR-2]int g0/0/0
[AR-2-GigabitEthernet0/0/0]undo vrrp vrid 1 virtual-ip 12.1.1.1 //创建vrrp虚拟组，虚拟ip为12.1.1.1
[AR-2-GigabitEthernet0/0/0]vrrp vrid 1 priority 150 //配置优先级为150（默认是100）
[AR-2-GigabitEthernet0/0/0]vrrp vrid 1 preempt-mode timer delay 2 //在故障恢复后，延迟2s进行抢占回主设备
[AR-2-GigabitEthernet0/0/0]vrrp vrid 1 track interface g0/0/1 reduced 30
//跟踪G0/0/0端口，如果G0/0/1端口down，优先级自动减30。

GRE VPN配置

[AR-1]int Tunnel 0/0/0 //定义隧道接口
[AR-1-Tunnel0/0/0]ip address 172.16.1.1 24 //配置隧道端口IP地址
[AR-1-Tunnel0/0/0]tunnel-protocol gre //tunnel协议为GRE
[AR-1-Tunnel0/0/0]source g0/0/1 //隧道源端口
[AR-1-Tunnel0/0/0]description 172.16.1.2 //隧道目的地址
[AR-1]ip route-static 192.168.1.0 255.255.255.0 Tunnel 0/0/0

IPSec VPN配置

[AR-2]ike proposal 5 //创建IKE提议
[AR-2-ike-proposal-5]encryption-algorithm aes-cbc-128 //IKE提议使用的加密算法aes-cbc-128

[AR-2-ike-proposal-5]authentication-algorithm sha1 //IKE提议使用的验证算法aes-cbc-128
[AR-2-ike-proposal-5]dh group14 //使用DH交换组14
[AR-2-ike-proposal-5]quit
AR-2]ike peer spub v1
[AR-2-ike-peer-spub]ike-proposal 5
[AR-2-ike-peer-spub]pre-shared-key simple huawei //域共享秘钥为huawei
[AR-2-ike-peer-spub]remote-address 172.16.1.1 //隧道对端地址为172.16.1.1
[AR-2-ike-peer-spub]quit
[AR-2]ipsec proposal tran1 //创建IPSec安全提议tran1
[AR-2-ipsec-proposal-tran1]esp authentication-algorithm sha2-256 //使用ESP验证算法sha2-256
[AR-2-ipsec-proposal-tran1]esp encryption-algorithm aes-128 //使用ESP加密算法sha2-256
[AR-2]ipsec policy use1 10 isakmp //创建IPSEC策略use1，使用IKE协商SA
[AR-2-ipsec-policy-isakmp-use1-10]ike-peer spub
[AR-2-ipsec-policy-isakmp-use1-10]proposal tran1
[AR-2-ipsec-policy-isakmp-use1-10]security acl 3000

vlan

[LSW-1]vlan 10 //创建vlan10
[LSW-1]vlan batch 10 20 30 //创建vlan10、vlan20、vlan30

[LSW-1]int g0/0/2 //进入GigabitEthernet0/0/2接口配置视图
[LSW-1-GigabitEthernet0/0/2]port link-type access //配置接口类型为access
[LSW-1-GigabitEthernet0/0/2]port default vlan 10 //将接口加入VLAN10

[LSW-1-GigabitEthernet0/0/1]port link-type trunk //配置上联接口类型trunk
[LSW-1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 //允许vlan 10通过

[LSW-1-GigabitEthernet0/0/3]port link-type hybrid //配置接口类型为hybrid
[LSW-1-GigabitEthernet0/0/3]port hybrid pvid vlan 10 //配置接口的pvid 为vlan 10
[LSW-1-GigabitEthernet0/0/3]port hybrid untagged vlan 10 30 //配置接口的untgged vlan 10 30

视图

[Huawei]sysname AR-1 //修改设备系统名字为AR-1

<AR-1 > //用户视图

system-view //进入系统视图

[AR-1]int g0/0/0 //进入接口视图

[LSW-1]quit //退回上个视图

[AR-1]rip //路由协议视图

<AR-1>save //保存配置

[LSW-1-GigabitEthernet0/0/3]display this //查看当前接口、模式下的配置

[AR-1]display ip interface brief //查看接口的描述信息