华为ensp配置

本文转载自查看原文 2019-02-13 08:04 919 路由交换命令

防火墙配置实例参考

https://blog.csdn.net/huangdan00/article/details/79335055

sys

sysname r1修改设备名字

实例操作记录查询路由和添加路由

display ip routing-table 45.43.232.251

dis cur int vlan 2473

显示内容如下
interface vlanif2473

ip address 104.232.96.133 255.255.255.252 #显示路由网关

执行命令
display ip routing-table 104.232.96.133

显示
104.232.96.133/32 direct 0 0 d 127.0.0.1 vlanif2473


进入指定的vlan：[S9312-S1-Netdc]interface Vlanif 3040

对主ip进行路由；网关 掩码
ip address 220.158.245.233 255.255.255.248

undo ip address 220.158.245.233 255.255.255.248 #删除路由
5.
对额外ip地址添加静态路由。(在system-view下输入下面命令) 
网段 掩码 主ip地址
ip route-static 192.168.2.0 255.255.255.192 192.168.1.2

1.简单路由设置

<Huawei>sys
[Huawei]interface g0/0/0 [Huawei-GigabitEthernet0/0/0]ip address 192.168.1.1 24 [Huawei-GigabitEthernet0/0/0]undo shutdown [Huawei-GigabitEthernet0/0/0]interface g0/0/1 [Huawei-GigabitEthernet0/0/1]ip address 192.168.2.1 24

[Huawei-GigabitEthernet0/0/1]undo ip address 192.168.2.1 24 #删除ip配置

 [Huawei-GigabitEthernet0/0/1]undo shutdown
[Huawei]dis ip int b #查看接口信息

2.用户设置

密码验证方式
[Huawei]user-interface vty 0 4 [Huawei-ui-vty0-4]authentication-mode password Please configure the login password (maximum length 16):huawei user privilege level 1 
aaa验证方式 telnet 管理账户 用户admin 密码hello 管理级别3 [Huawei]aaa [Huawei-aaa]local-user admin password cipher hello privilege level 3 [Huawei-aaa]local-user admin service-type telnet [Huawei-aaa]user-interface vty 0 4 [Huawei-ui-vty0-4]authentication-mode aaa

3.ssh认证

设置认证类型ssh 服务端
[Huawei]rsa local-key-pair create
[Huawei]dis rsa local-key-pair public
[Huawei]user-interface vty 0 4
[Huawei-ui-vty0-4]authentication-mode aaa
[Huawei-ui-vty0-4]protocol inbound ssh
创建用户huawei1 密码huawei1
[Huawei]aaa
[Huawei-aaa]local-user huawei1 password cipher huawei1
[Huawei-aaa]local-user huawei1 service-type ssh
[Huawei-aaa]quit 
[Huawei]ssh user huawei1 authentication-type password
#这里可以0-15 值越大优先级越高3代表管理员
[Huawei-aaa]local-user huawei1 privilege level 15 #15级别才能远程管理3级别有时候不能
[Huawei]stelnet server enable #开启服务才能远程登录
[Huawei]dis ssh user-information huawei1 #查看ssh认证
[Huawei]dis ssh server status #查看服务状态

另一台开启ssh客户端认证功能

[Huawei]ssh client first-time enable 
[Huawei]stelnet 192.168.1.2
输入用户huawei1
Y Y
输入密码huawei1

服务端查看会话连接
[Huawei]dis ssh server session

4.交换机协议速率配置

关闭自动协议 开启全双工模式
[S1]int g0/0/1    
[S1-GigabitEthernet0/0/1]undo negotiation auto    
[S1-GigabitEthernet0/0/1]duplex full

[S3-GigabitEthernet0/0/1]int g0/0/2
[S3-GigabitEthernet0/0/2]undo negotiation auto    
[S3-GigabitEthernet0/0/2]duplex full
配置接口速率
网络用户少可以手动配置速率
ge100m et10m

https://wenku.baidu.com/view/3ce4210a71fe910ef02df810.html 问答整理


[S1]int e0/0/1    
[S1-Ethernet0/0/1]undo negotiation auto
[S1-Ethernet0/0/1]speed 10

<S2>sys
[S2]int e0/0/1
[S2-Ethernet0/0/1]undo negotiation auto
[S2-Ethernet0/0/1]speed 10
[S2-Ethernet0/0/1]int g0/0/2
[S2-GigabitEthernet0/0/2]undo negotiation auto
[S2-GigabitEthernet0/0/2]speed 100

5.绑定arp表

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addre    
[Huawei-GigabitEthernet0/0/1]ip address 192.168.1.254 24

[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 192.168.2.254 24

[Huawei]dis arp all #查看arp映射pc上是 arp -a 清空是arp -d
reset arp all #清空arp表

在路由上绑定pc1 错误静态arp
[Huawei]arp static 192.168.1.1 5489-98cf-2803
[Huawei]dis arp all


然后发现pc无法与网关通信
ping 192.168.1.254

arp static 192.168.1.1 5489-9818-4b9e

192.168.1.2     5489-9873-463c  6         D-0         GE0/0/1
192.168.2.2     5489-9877-2be8  7         D-0         GE0/0/2

arp static 192.168.1.2 5489-9873-463c
arp static 192.168.2.2 5489-9877-2be8

路由配置好网络跨网不通可能是pc上没有设置网关
网络设备不多的时候用静态 多的时候用动态

arp代理pc2和pc3通信

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]arp-proxy enable
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]arp-proxy enable

6.交换机vlan划分

<Huawei>sys
[Huawei]sysname s1
[s1]vlan 10
[s1-vlan10]vlan 20

<Huawei>sys 
[Huawei]sysname s2
[s2]vlan batch 30 40

[s1]dis vlan
[s1-Ethernet0/0/3]dis port vlan 查看vlan接口模式信息

配置ACCESS接口（连接用户主机接口）

[s1]int e0/0/1
[s1-Ethernet0/0/1]port link-type access
[s1-Ethernet0/0/1]port default vlan 10
[s1-Ethernet0/0/1]int e0/0/2
[s1-Ethernet0/0/2]port link-type access
[s1-Ethernet0/0/2]port default vlan 10
[s1-Ethernet0/0/2]int e0/0/3
[s1-Ethernet0/0/3]port link-type access
[s1-Ethernet0/0/3]port default vlan 20


[s2]
[s2]int e0/0/1
[s2-Ethernet0/0/1]port link-type access
[s2-Ethernet0/0/1]port default vlan 30
[s2-Ethernet0/0/1]int e0/0/2
[s2-Ethernet0/0/2]port link-type access
[s2-Ethernet0/0/2]port default vlan 40

检查配置结果
pc1和pc2可以通信 其他主机不可以

7.TRUNK 配置

再vlan 修改目的名字
description market

允许10.20通过
[s1-Ethernet0/0/3]int e0/0/22
[s1-Ethernet0/0/22]port link-type trunk
[s1-Ethernet0/0/22]port trunk allow-pass vlan 10 20
允许所有通过
[s2]int e0/0/22
[s2-Ethernet0/0/22]port link-type trunk
[s2-Ethernet0/0/22]port trunk allow-pass vlan all

access 只属于一个vlan

trunk 默认所有vlan
hybrid 在前两者之间可以自主选择

8.通讯结构图

[s1]vlan 30

[s1-vlan30]int e0/0/4
[s1-Ethernet0/0/4]port hybrid pvid vlan 30
[s1-Ethernet0/0/4]port hybrid untagged vlan 10 20 30

[s1-Ethernet0/0/4]int e0/0/2
[s1-Ethernet0/0/2]port hybrid untagged vlan 20 30

[s1-Ethernet0/0/2]int e0/0/3
[s1-Ethernet0/0/3]port hybrid untagged vlan 10 30


[s1-Ethernet0/0/3]int e0/0/1
[s1-Ethernet0/0/1]port hybrid tagged vlan 10 20 30


[s2]int e0/0/1
[s2-Ethernet0/0/1]port hybrid tagged vlan 10 20 30

[s1-Ethernet0/0/4]int e0/0/2
[s1-Ethernet0/0/2]port hybrid untagged vlan 20 30

[s1-Ethernet0/0/2]int e0/0/3
[s1-Ethernet0/0/3]port hybrid untagged vlan 10 30

vlan 划分操作注意两个交换机都要有vlan 10 20 30 接口类型不对的话执行这个命令在接口下 port link-type hybrid

vlan batch 10 20 30

dis vlan
dis port vlan

[s1-vlan30]int e0/0/2
[s1-Ethernet0/0/4]port hybrid pvid vlan 20

[s1-vlan30]int e0/0/3
[s1-Ethernet0/0/4]port hybrid pvid vlan 10

undo port default vlan #恢复vlan 设置
undo port trunk allow-pass vlan 2 to 4094

9.三层交换实现vlan间路由

ip 一次为 192.168.1.1 192.168.1.2 192.168.2.1

[Huawei]vlan 10
[Huawei-vlan2]vlan 20
[Huawei-vlan20]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access 
[Huawei-GigabitEthernet0/0/1]port default VLAN 10

[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default VLAN 10

[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type access
[Huawei-GigabitEthernet0/0/3]port default VLAN 20



[Huawei-GigabitEthernet0/0/3]int vlanif 10
[Huawei-Vlanif10]ip address 192.168.1.254 24
[Huawei-Vlanif10]int vlanif 20
[Huawei-Vlanif20]ip address 192.168.2.254 24

10.stp协议配置

<Huawei>sys
[Huawei]sysname s1
[s1]stp enable
[s1]stp mode stp
[s1]stp root primary

<Huawei>sys
[Huawei]sysname s2
[s2]stp enable
[s2]stp mode stp
[s2]stp root secondary 

<Huawei>sys
[Huawei]sysname s3
[s3]stp enable
[s3]stp mode stp

<Huawei>sys
[Huawei]sysname s4
[s4]stp enable
[s4]stp mode stp

11.交换机聚合提高带宽

<Huawei>sys
[Huawei]dis stp b
 MSTID  Port                        Role  STP State     Protection
   0    GigabitEthernet0/0/1        ROOT  FORWARDING      NONE
   0    GigabitEthernet0/0/2        ALTE  DISCARDING      NONE
   0    GigabitEthernet0/0/3        DESI  FORWARDING      NONE
   0    GigabitEthernet0/0/5        ALTE  DISCARDING      NONE

两台交换机都要操作
[Huawei]int Eth-Trunk 1

[Huawei-Eth-Trunk1]mode manual load-balance 

[Huawei-Eth-Trunk1]int g0/0/1    
[Huawei-GigabitEthernet0/0/1]eth-trunk 1

[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]eth-trunk 1

[Huawei-GigabitEthernet0/0/2]dis eth-trunk 1 #查看聚合结果

--------------------------------------------------------------------------------
PortName                      Status      Weight 
GigabitEthernet0/0/1          Up          1      
GigabitEthernet0/0/2          Up          1      

[Huawei-GigabitEthernet0/0/2]dis stp b

交换机聚合
静态lacp模式#切换模式需要删除旧的接口重新配置
[Huawei-GigabitEthernet0/0/1]int g0/0/1
[Huawei-GigabitEthernet0/0/1]undo eth-trunk 

[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]undo eth-trunk

开始配置两台交换机
[Huawei-GigabitEthernet0/0/2]int Eth-Trunk 1
[Huawei-Eth-Trunk1]mode lacp-static 

int g0/0/1 int g0/0/2 int g0/0/5

Eth-Trunk 1

[Huawei-GigabitEthernet0/0/5]dis eth-trunk 1

配置 双线一备在S1上配置s2不用配置
[Huawei]lacp priority 100

[Huawei]dis eth-trunk 

[Huawei]int Eth-Trunk 1

[Huawei-Eth-Trunk1]max active-linknumber 2 #最大激活数2

[Huawei-Eth-Trunk1]int g0/0/1
[Huawei-GigabitEthernet0/0/1]lacp priority 100

[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]lacp priority 100
[Huawei]dis eth-trunk 

#GigabitEthernet0/0/5 备份链路关闭一条线会自动激活 不做测试
GigabitEthernet0/0/1   Selected 1GE      100     2      305     10111100  1     
GigabitEthernet0/0/2   Selected 1GE      100     3      305     10111100  1     
GigabitEthernet0/0/5   Unselect 1GE      32768   6      305     10100000  1

12 多路由配置静态路由

pc1 192.168.10.10
r1
[Huawei-GigabitEthernet0/0/2]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.10.1 24
[Huawei-GigabitEthernet0/0/2]int g0/0/1
[Huawei-GigabitEthernet0/0/0]ip address 192.168.12.1 24

r2
<Huawei>sys

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/0]ip address 192.168.12.2 24

[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/1]ip address 192.168.23.2 24

r3
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/1]ip address 192.168.23.3 24

[Huawei-GigabitEthernet0/0/1]int g0/0/0
[Huawei-GigabitEthernet0/0/2]ip address 192.168.20.3 24

pc2 192.168.20.20


默认静态路由
在R1 
undo ip route-static 192.168.20.0 255.255.255.0 192.168.12.2

r2
undo ip route-static 192.168.20.0 255.255.255.0 192.168.23.3
undo ip route-static 192.168.10.0 24 192.168.12.1

r3

undo ip route-static 192.168.10.0 24 192.168.23.2


pc1 通信r3路由
r1 
undo ip route-static 192.168.23.0 24 192.168.12.2
r3
undo ip route-static 192.168.12.0 24 192.168.23.2


默认路由设置
r1
undo ip route-static 192.168.23.0 24 192.168.12.2
undo ip route-static 192.168.20.0 24 192.168.12.2

ip route-static 0.0.0.0 0 192.168.12.2

r3
undo ip route-static 192.168.12.0 24 192.168.23.2
undo ip route-static 192.168.10.0 24 192.168.23.2

ip route-static 0.0.0.0 0 192.168.23.2

13.路由负载均衡和备份链路配置

pc1 192.168.10.10
r1
[Huawei-GigabitEthernet0/0/2]int g0/0/2
[Huawei-GigabitEthernet0/0/0]ip address 192.168.10.1 24
[Huawei-GigabitEthernet0/0/2]int g0/0/1
[Huawei-GigabitEthernet0/0/0]ip address 10.0.12.1 24

[Huawei-GigabitEthernet0/0/2]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.0.13.1 24


r2

<Huawei>sys

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/0]ip address 10.0.12.2 24

[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/1]ip address 10.0.23.2 24

r3
<Huawei>sys

[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/1]ip address 10.0.23.3 24

[Huawei-GigabitEthernet0/0/1]int g0/0/0
[Huawei-GigabitEthernet0/0/2]ip address 10.0.13.3 24

[Huawei-GigabitEthernet0/0/1]int g0/0/1
[Huawei-GigabitEthernet0/0/2]ip address 192.168.20.1 24



pc2 192.168.20.20


默认静态路由
在R1 
ip route-static 192.168.20.0 24 10.0.13.3

r2
ip route-static 192.168.20.0 24 10.0.23.3
ip route-static 192.168.10.0 24 10.0.12.1

r3

ip route-static 192.168.10.0 24 10.0.13.1


pc1 与pc2 可以正常通信


配置分部通信为主干路 故障时 通过总部通信
r1
ip route-static 192.168.20.0 24 10.0.12.2 preference 100 #默认60是负载均衡 100备线路

[Huawei]dis ip routing-table protocol static 

r3
ip route-static 192.168.10.0 24 10.0.23.2 preference 100

关闭主干路 测试网络短暂丢包后正常
[Huawei]
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]shutdown

14.nat映射上网配置

单对多
acl number 2000
rule 5 permit source 192.168.2.0 0.0.0.255
interface g0/0/1
ip address 192.168.2.1 255.255.255.0

interface g0/0/0
ip address 192.168.1.70 255.255.255.0
nat outbound 2000

 dns resolve  
 dns server 114.114.114.114 
 dns server 114.114.115.115 
 dns server 223.5.5.5 
 dns server 223.6.6.6 
 dns proxy enable

ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 192.168.1.1

多对多

nat address-group 1 202.169.10.50 202.169.10.60
acl 2001
rule 5 permit souce 172.17.1.0 0.0.0.255

int g0/0/0 #外网接口
nat outbound 2001 address-group 1 no-pat

ftp 映射
nat server protocol tcp global 202.169.10.6 ftp inside 172.16.1.3 ftp
quit
nat alg ftp enable

ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 202.169.10.50

ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 202.169.10.60

15.snmp协议配置

<Huawei>sys
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.0.0.254 24
[Huawei]snmp-agent
[Huawei]dis snmp-agent sys-info

指定协议版本
[Huawei]snmp-agent sys-info version v3
[Huawei]dis snmp-agent sys-info version

控制权限
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule 5 permit source 10.0.0.1 0.0.0.255

[Huawei-acl-basic-2000]rule 10 deny source 10.0.0.2 0.0.0.255

[Huawei-acl-basic-2000]snmp-agent usm-user v3 user group acl 2000
[Huawei]dis snmp-agent usm-user
配置输出trap信息
snmp-agent target-host trap-hostname adminNMS1 address 10.0.0.1 udp-port 9991 trap-paramsname trapNMS1
snmp-agent trap enable
snmp-agent trap queue-size 200
snmp-agent trap life 240
snmp-agent sys-info contact call admin 110
snmp-agent sys-info location zheng zhou
dis snmp-agent sys-info
dis snmp-agent target-host

16.端口镜像

[Huawei]observe-port 1 int e0/0/4 #观察端口
[Huawei]int e0/0/3 #被监控端口
[Huawei-Ethernet0/0/3]port-mirroring to observe-port 1 both #配置监听
[Huawei-Ethernet0/0/3]dis cur

undo port-mirroring xxxx，解除绑定关系；

undo observe-port xxx，删除观察端口

#
interface Ethernet0/0/3
port-mirroring to observe-port 1 inbound
port-mirroring to observe-port 1 outbound

免责声明！

本站转载的文章为个人学习借鉴使用，本站对版权不负任何法律责任。如果侵犯了您的隐私权益，请联系本站邮箱yoyou2525@163.com删除。

猜您在找 华为eNSP上的NAT地址转换配置记一次华为eNSP设备网络项目基本配置过程华为ensp的安装和使用华为ensp命令大全华为eNsp S5700组网配置ACC1 配置DHCP Snooping和IPSG zabbix4.2配置监控华为路由器：基于ENSP模拟器华为eNSP环境，WLAN简介与组网，AP+AC详细配置华为模拟器eNSP下载 ENSP模拟华为USG6000 华为eNSP模拟器— telnet实验