華為ensp配置

本文轉載自查看原文 2019-02-13 08:04 919 路由交換命令

防火牆配置實例參考

https://blog.csdn.net/huangdan00/article/details/79335055

sys

sysname r1修改設備名字

實例操作記錄查詢路由和添加路由

display ip routing-table 45.43.232.251

dis cur int vlan 2473

顯示內容如下
interface vlanif2473

ip address 104.232.96.133 255.255.255.252 #顯示路由網關

執行命令
display ip routing-table 104.232.96.133

顯示
104.232.96.133/32 direct 0 0 d 127.0.0.1 vlanif2473


進入指定的vlan：[S9312-S1-Netdc]interface Vlanif 3040

對主ip進行路由；網關 掩碼
ip address 220.158.245.233 255.255.255.248

undo ip address 220.158.245.233 255.255.255.248 #刪除路由
5.
對額外ip地址添加靜態路由。(在system-view下輸入下面命令) 
網段 掩碼 主ip地址
ip route-static 192.168.2.0 255.255.255.192 192.168.1.2

1.簡單路由設置

<Huawei>sys
[Huawei]interface g0/0/0 [Huawei-GigabitEthernet0/0/0]ip address 192.168.1.1 24 [Huawei-GigabitEthernet0/0/0]undo shutdown [Huawei-GigabitEthernet0/0/0]interface g0/0/1 [Huawei-GigabitEthernet0/0/1]ip address 192.168.2.1 24

[Huawei-GigabitEthernet0/0/1]undo ip address 192.168.2.1 24 #刪除ip配置

 [Huawei-GigabitEthernet0/0/1]undo shutdown
[Huawei]dis ip int b #查看接口信息

2.用戶設置

密碼驗證方式
[Huawei]user-interface vty 0 4 [Huawei-ui-vty0-4]authentication-mode password Please configure the login password (maximum length 16):huawei user privilege level 1 
aaa驗證方式 telnet 管理賬戶 用戶admin 密碼hello 管理級別3 [Huawei]aaa [Huawei-aaa]local-user admin password cipher hello privilege level 3 [Huawei-aaa]local-user admin service-type telnet [Huawei-aaa]user-interface vty 0 4 [Huawei-ui-vty0-4]authentication-mode aaa

3.ssh認證

設置認證類型ssh 服務端
[Huawei]rsa local-key-pair create
[Huawei]dis rsa local-key-pair public
[Huawei]user-interface vty 0 4
[Huawei-ui-vty0-4]authentication-mode aaa
[Huawei-ui-vty0-4]protocol inbound ssh
創建用戶huawei1 密碼huawei1
[Huawei]aaa
[Huawei-aaa]local-user huawei1 password cipher huawei1
[Huawei-aaa]local-user huawei1 service-type ssh
[Huawei-aaa]quit 
[Huawei]ssh user huawei1 authentication-type password
#這里可以0-15 值越大優先級越高3代表管理員
[Huawei-aaa]local-user huawei1 privilege level 15 #15級別才能遠程管理3級別有時候不能
[Huawei]stelnet server enable #開啟服務才能遠程登錄
[Huawei]dis ssh user-information huawei1 #查看ssh認證
[Huawei]dis ssh server status #查看服務狀態

另一台開啟ssh客戶端認證功能

[Huawei]ssh client first-time enable 
[Huawei]stelnet 192.168.1.2
輸入用戶huawei1
Y Y
輸入密碼huawei1

服務端查看會話連接
[Huawei]dis ssh server session

4.交換機協議速率配置

關閉自動協議 開啟全雙工模式
[S1]int g0/0/1    
[S1-GigabitEthernet0/0/1]undo negotiation auto    
[S1-GigabitEthernet0/0/1]duplex full

[S3-GigabitEthernet0/0/1]int g0/0/2
[S3-GigabitEthernet0/0/2]undo negotiation auto    
[S3-GigabitEthernet0/0/2]duplex full
配置接口速率
網絡用戶少可以手動配置速率
ge100m et10m

https://wenku.baidu.com/view/3ce4210a71fe910ef02df810.html 問答整理


[S1]int e0/0/1    
[S1-Ethernet0/0/1]undo negotiation auto
[S1-Ethernet0/0/1]speed 10

<S2>sys
[S2]int e0/0/1
[S2-Ethernet0/0/1]undo negotiation auto
[S2-Ethernet0/0/1]speed 10
[S2-Ethernet0/0/1]int g0/0/2
[S2-GigabitEthernet0/0/2]undo negotiation auto
[S2-GigabitEthernet0/0/2]speed 100

5.綁定arp表

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addre    
[Huawei-GigabitEthernet0/0/1]ip address 192.168.1.254 24

[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 192.168.2.254 24

[Huawei]dis arp all #查看arp映射pc上是 arp -a 清空是arp -d
reset arp all #清空arp表

在路由上綁定pc1 錯誤靜態arp
[Huawei]arp static 192.168.1.1 5489-98cf-2803
[Huawei]dis arp all


然后發現pc無法與網關通信
ping 192.168.1.254

arp static 192.168.1.1 5489-9818-4b9e

192.168.1.2     5489-9873-463c  6         D-0         GE0/0/1
192.168.2.2     5489-9877-2be8  7         D-0         GE0/0/2

arp static 192.168.1.2 5489-9873-463c
arp static 192.168.2.2 5489-9877-2be8

路由配置好網絡跨網不通可能是pc上沒有設置網關
網絡設備不多的時候用靜態 多的時候用動態

arp代理pc2和pc3通信

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]arp-proxy enable
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]arp-proxy enable

6.交換機vlan划分

<Huawei>sys
[Huawei]sysname s1
[s1]vlan 10
[s1-vlan10]vlan 20

<Huawei>sys 
[Huawei]sysname s2
[s2]vlan batch 30 40

[s1]dis vlan
[s1-Ethernet0/0/3]dis port vlan 查看vlan接口模式信息

配置ACCESS接口（連接用戶主機接口）

[s1]int e0/0/1
[s1-Ethernet0/0/1]port link-type access
[s1-Ethernet0/0/1]port default vlan 10
[s1-Ethernet0/0/1]int e0/0/2
[s1-Ethernet0/0/2]port link-type access
[s1-Ethernet0/0/2]port default vlan 10
[s1-Ethernet0/0/2]int e0/0/3
[s1-Ethernet0/0/3]port link-type access
[s1-Ethernet0/0/3]port default vlan 20


[s2]
[s2]int e0/0/1
[s2-Ethernet0/0/1]port link-type access
[s2-Ethernet0/0/1]port default vlan 30
[s2-Ethernet0/0/1]int e0/0/2
[s2-Ethernet0/0/2]port link-type access
[s2-Ethernet0/0/2]port default vlan 40

檢查配置結果
pc1和pc2可以通信 其他主機不可以

7.TRUNK 配置

再vlan 修改目的名字
description market

允許10.20通過
[s1-Ethernet0/0/3]int e0/0/22
[s1-Ethernet0/0/22]port link-type trunk
[s1-Ethernet0/0/22]port trunk allow-pass vlan 10 20
允許所有通過
[s2]int e0/0/22
[s2-Ethernet0/0/22]port link-type trunk
[s2-Ethernet0/0/22]port trunk allow-pass vlan all

access 只屬於一個vlan

trunk 默認所有vlan
hybrid 在前兩者之間可以自主選擇

8.通訊結構圖

[s1]vlan 30

[s1-vlan30]int e0/0/4
[s1-Ethernet0/0/4]port hybrid pvid vlan 30
[s1-Ethernet0/0/4]port hybrid untagged vlan 10 20 30

[s1-Ethernet0/0/4]int e0/0/2
[s1-Ethernet0/0/2]port hybrid untagged vlan 20 30

[s1-Ethernet0/0/2]int e0/0/3
[s1-Ethernet0/0/3]port hybrid untagged vlan 10 30


[s1-Ethernet0/0/3]int e0/0/1
[s1-Ethernet0/0/1]port hybrid tagged vlan 10 20 30


[s2]int e0/0/1
[s2-Ethernet0/0/1]port hybrid tagged vlan 10 20 30

[s1-Ethernet0/0/4]int e0/0/2
[s1-Ethernet0/0/2]port hybrid untagged vlan 20 30

[s1-Ethernet0/0/2]int e0/0/3
[s1-Ethernet0/0/3]port hybrid untagged vlan 10 30

vlan 划分操作注意兩個交換機都要有vlan 10 20 30 接口類型不對的話執行這個命令在接口下 port link-type hybrid

vlan batch 10 20 30

dis vlan
dis port vlan

[s1-vlan30]int e0/0/2
[s1-Ethernet0/0/4]port hybrid pvid vlan 20

[s1-vlan30]int e0/0/3
[s1-Ethernet0/0/4]port hybrid pvid vlan 10

undo port default vlan #恢復vlan 設置
undo port trunk allow-pass vlan 2 to 4094

9.三層交換實現vlan間路由

ip 一次為 192.168.1.1 192.168.1.2 192.168.2.1

[Huawei]vlan 10
[Huawei-vlan2]vlan 20
[Huawei-vlan20]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access 
[Huawei-GigabitEthernet0/0/1]port default VLAN 10

[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default VLAN 10

[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type access
[Huawei-GigabitEthernet0/0/3]port default VLAN 20



[Huawei-GigabitEthernet0/0/3]int vlanif 10
[Huawei-Vlanif10]ip address 192.168.1.254 24
[Huawei-Vlanif10]int vlanif 20
[Huawei-Vlanif20]ip address 192.168.2.254 24

10.stp協議配置

<Huawei>sys
[Huawei]sysname s1
[s1]stp enable
[s1]stp mode stp
[s1]stp root primary

<Huawei>sys
[Huawei]sysname s2
[s2]stp enable
[s2]stp mode stp
[s2]stp root secondary 

<Huawei>sys
[Huawei]sysname s3
[s3]stp enable
[s3]stp mode stp

<Huawei>sys
[Huawei]sysname s4
[s4]stp enable
[s4]stp mode stp

11.交換機聚合提高帶寬

<Huawei>sys
[Huawei]dis stp b
 MSTID  Port                        Role  STP State     Protection
   0    GigabitEthernet0/0/1        ROOT  FORWARDING      NONE
   0    GigabitEthernet0/0/2        ALTE  DISCARDING      NONE
   0    GigabitEthernet0/0/3        DESI  FORWARDING      NONE
   0    GigabitEthernet0/0/5        ALTE  DISCARDING      NONE

兩台交換機都要操作
[Huawei]int Eth-Trunk 1

[Huawei-Eth-Trunk1]mode manual load-balance 

[Huawei-Eth-Trunk1]int g0/0/1    
[Huawei-GigabitEthernet0/0/1]eth-trunk 1

[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]eth-trunk 1

[Huawei-GigabitEthernet0/0/2]dis eth-trunk 1 #查看聚合結果

--------------------------------------------------------------------------------
PortName                      Status      Weight 
GigabitEthernet0/0/1          Up          1      
GigabitEthernet0/0/2          Up          1      

[Huawei-GigabitEthernet0/0/2]dis stp b

交換機聚合
靜態lacp模式#切換模式需要刪除舊的接口重新配置
[Huawei-GigabitEthernet0/0/1]int g0/0/1
[Huawei-GigabitEthernet0/0/1]undo eth-trunk 

[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]undo eth-trunk

開始配置兩台交換機
[Huawei-GigabitEthernet0/0/2]int Eth-Trunk 1
[Huawei-Eth-Trunk1]mode lacp-static 

int g0/0/1 int g0/0/2 int g0/0/5

Eth-Trunk 1

[Huawei-GigabitEthernet0/0/5]dis eth-trunk 1

配置 雙線一備在S1上配置s2不用配置
[Huawei]lacp priority 100

[Huawei]dis eth-trunk 

[Huawei]int Eth-Trunk 1

[Huawei-Eth-Trunk1]max active-linknumber 2 #最大激活數2

[Huawei-Eth-Trunk1]int g0/0/1
[Huawei-GigabitEthernet0/0/1]lacp priority 100

[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]lacp priority 100
[Huawei]dis eth-trunk 

#GigabitEthernet0/0/5 備份鏈路關閉一條線會自動激活 不做測試
GigabitEthernet0/0/1   Selected 1GE      100     2      305     10111100  1     
GigabitEthernet0/0/2   Selected 1GE      100     3      305     10111100  1     
GigabitEthernet0/0/5   Unselect 1GE      32768   6      305     10100000  1

12 多路由配置靜態路由

pc1 192.168.10.10
r1
[Huawei-GigabitEthernet0/0/2]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.10.1 24
[Huawei-GigabitEthernet0/0/2]int g0/0/1
[Huawei-GigabitEthernet0/0/0]ip address 192.168.12.1 24

r2
<Huawei>sys

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/0]ip address 192.168.12.2 24

[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/1]ip address 192.168.23.2 24

r3
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/1]ip address 192.168.23.3 24

[Huawei-GigabitEthernet0/0/1]int g0/0/0
[Huawei-GigabitEthernet0/0/2]ip address 192.168.20.3 24

pc2 192.168.20.20


默認靜態路由
在R1 
undo ip route-static 192.168.20.0 255.255.255.0 192.168.12.2

r2
undo ip route-static 192.168.20.0 255.255.255.0 192.168.23.3
undo ip route-static 192.168.10.0 24 192.168.12.1

r3

undo ip route-static 192.168.10.0 24 192.168.23.2


pc1 通信r3路由
r1 
undo ip route-static 192.168.23.0 24 192.168.12.2
r3
undo ip route-static 192.168.12.0 24 192.168.23.2


默認路由設置
r1
undo ip route-static 192.168.23.0 24 192.168.12.2
undo ip route-static 192.168.20.0 24 192.168.12.2

ip route-static 0.0.0.0 0 192.168.12.2

r3
undo ip route-static 192.168.12.0 24 192.168.23.2
undo ip route-static 192.168.10.0 24 192.168.23.2

ip route-static 0.0.0.0 0 192.168.23.2

13.路由負載均衡和備份鏈路配置

pc1 192.168.10.10
r1
[Huawei-GigabitEthernet0/0/2]int g0/0/2
[Huawei-GigabitEthernet0/0/0]ip address 192.168.10.1 24
[Huawei-GigabitEthernet0/0/2]int g0/0/1
[Huawei-GigabitEthernet0/0/0]ip address 10.0.12.1 24

[Huawei-GigabitEthernet0/0/2]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.0.13.1 24


r2

<Huawei>sys

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/0]ip address 10.0.12.2 24

[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/1]ip address 10.0.23.2 24

r3
<Huawei>sys

[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/1]ip address 10.0.23.3 24

[Huawei-GigabitEthernet0/0/1]int g0/0/0
[Huawei-GigabitEthernet0/0/2]ip address 10.0.13.3 24

[Huawei-GigabitEthernet0/0/1]int g0/0/1
[Huawei-GigabitEthernet0/0/2]ip address 192.168.20.1 24



pc2 192.168.20.20


默認靜態路由
在R1 
ip route-static 192.168.20.0 24 10.0.13.3

r2
ip route-static 192.168.20.0 24 10.0.23.3
ip route-static 192.168.10.0 24 10.0.12.1

r3

ip route-static 192.168.10.0 24 10.0.13.1


pc1 與pc2 可以正常通信


配置分部通信為主干路 故障時 通過總部通信
r1
ip route-static 192.168.20.0 24 10.0.12.2 preference 100 #默認60是負載均衡 100備線路

[Huawei]dis ip routing-table protocol static 

r3
ip route-static 192.168.10.0 24 10.0.23.2 preference 100

關閉主干路 測試網絡短暫丟包后正常
[Huawei]
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]shutdown

14.nat映射上網配置

單對多
acl number 2000
rule 5 permit source 192.168.2.0 0.0.0.255
interface g0/0/1
ip address 192.168.2.1 255.255.255.0

interface g0/0/0
ip address 192.168.1.70 255.255.255.0
nat outbound 2000

 dns resolve  
 dns server 114.114.114.114 
 dns server 114.114.115.115 
 dns server 223.5.5.5 
 dns server 223.6.6.6 
 dns proxy enable

ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 192.168.1.1

多對多

nat address-group 1 202.169.10.50 202.169.10.60
acl 2001
rule 5 permit souce 172.17.1.0 0.0.0.255

int g0/0/0 #外網接口
nat outbound 2001 address-group 1 no-pat

ftp 映射
nat server protocol tcp global 202.169.10.6 ftp inside 172.16.1.3 ftp
quit
nat alg ftp enable

ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 202.169.10.50

ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 202.169.10.60

15.snmp協議配置

<Huawei>sys
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.0.0.254 24
[Huawei]snmp-agent
[Huawei]dis snmp-agent sys-info

指定協議版本
[Huawei]snmp-agent sys-info version v3
[Huawei]dis snmp-agent sys-info version

控制權限
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule 5 permit source 10.0.0.1 0.0.0.255

[Huawei-acl-basic-2000]rule 10 deny source 10.0.0.2 0.0.0.255

[Huawei-acl-basic-2000]snmp-agent usm-user v3 user group acl 2000
[Huawei]dis snmp-agent usm-user
配置輸出trap信息
snmp-agent target-host trap-hostname adminNMS1 address 10.0.0.1 udp-port 9991 trap-paramsname trapNMS1
snmp-agent trap enable
snmp-agent trap queue-size 200
snmp-agent trap life 240
snmp-agent sys-info contact call admin 110
snmp-agent sys-info location zheng zhou
dis snmp-agent sys-info
dis snmp-agent target-host

16.端口鏡像

[Huawei]observe-port 1 int e0/0/4 #觀察端口
[Huawei]int e0/0/3 #被監控端口
[Huawei-Ethernet0/0/3]port-mirroring to observe-port 1 both #配置監聽
[Huawei-Ethernet0/0/3]dis cur

undo port-mirroring xxxx，解除綁定關系；

undo observe-port xxx，刪除觀察端口

#
interface Ethernet0/0/3
port-mirroring to observe-port 1 inbound
port-mirroring to observe-port 1 outbound

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 eNSP(華為) OSPF多區域配置華為eNSP配置基本命令在華為eNSP中配置簡單的DHCP 華為eNSP靜態路由原理與配置華為ensp OSPF動態路由配置實驗 eNSP(華為) 配置OSPF 路由協議華為eNSP上的NAT地址轉換配置華為防火牆的登錄方式telnet配置【ENSP】華為ENSP------Telnet配置（交換機）連載（1）華為ensp模擬某公司網絡架構及配置詳解