什么是vrp?
vrp是Versatile Routing Platform的縮寫,翻譯成中文就是通用路由平台,該平台是華為公司具有完全自主知識產權的網絡操作系統。可以運行在多種硬件平台之上。擁有一致的網絡界面、用戶界面和管理界面,提供了靈活豐富的應用解決方案,集成了路由交換技術、QoS技術、安全技術和IP語音技術等數據通信功能。
vrp的歷史版本
常用的管理vrp系統的方式,以及各種方式的優缺點及應用場景
提示:通常管理vrp的方式有兩種,一種是本地管理,本地管理通常需要用console線連接設備的console口,然后通過終端使用serial協議管理vrp;使用場景:適合初始化,故障恢復,系統升級,同時只能支持一個會話;另外一種就是通過IP地址或域名連接虛擬VTY口,使用Telnet或SSH協議,遠程連接vrp進行管理;使用場景:適合后期維護、異地管理,同時可以支持多個會話;
VRP基礎配置
在開始聊vrp的基礎配置之前,我們先補充一點命令行視圖的概念;什么是視圖呢?我們可以理解為界面,每個界面配置的東西不一樣,比如我們要配置vlan就得先進入vlan的界面才可以配置,我們要配置某接口的參數,得進入到該接口才可以配置;默認情況設備啟動進入到視圖是用戶視圖,該視圖下用戶可以操作的命令很少,多為一些查詢類的命令和一些不改變系統配置的命令;我們要做配置首先要進入到系統視圖,系統視圖中又有各種視圖,具體如下圖
視圖切換
示例:從用戶視圖切換到系統視圖
<Huawei>sys <Huawei>system-view Enter system view, return user view with Ctrl+Z. [Huawei]
提示:vrp是支持命令補全的,我們可以敲TAB鍵即可;
示例:從系統視圖切換至用戶視圖
[Huawei]q <Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei] <Huawei>
提示:從系統視圖切換至用戶視圖我們可以使用quit命令,簡寫q;也可以使用快捷鍵Ctrl+z鍵直接從系統視圖退出到用戶視圖;
示例:從任意非用戶視圖返回到用戶視圖
<Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei]int g0/0/0 [Huawei-GigabitEthernet0/0/0]quit [Huawei]quit <Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei]int g0/0/0 [Huawei-GigabitEthernet0/0/0]return <Huawei>
提示:return可以從任意非用戶視圖直接返回到用戶視圖;quit只能一級一級的退出視圖;
命令行幫助
提示:問號的作用就是告訴我們能夠運行的命令,或者滿足以我們敲打打字串開頭的命令,或者是完全幫助里的能夠運行的命令,或者命令后面能夠接到子命令或參數等;
示例:
<Huawei>d? debugging <Group> debugging command group delete Delete a file dialer Dialer dir List files on a filesystem display Display information <Huawei>dis <Huawei>display h? hdlc Information of HDLC health System health information history-command Configuration information about history commands hotkey Hotkey status and configuration information http HTTP hwtacacs-server HWTACACS server information <Huawei>display ip? ip <Group> ip command group ipsec Specify IPSec(IP Security) configuration information ipv6 <Group> ipv6 command group <Huawei>display ip rou? routing-table Routing table <Huawei>display ip rou
歷史命令查詢和調用
示例:查看歷史命令列表
<Huawei>dis his <Huawei>dis history-command display ip rou display ip rout return int g0/0/0 sys quit q system-view <Huawei>
提示:默認歷史命令只會保存最近10條命令;當然我們可以通過命令去設置顯示的歷史命令條目數量;
設置命令歷史顯示條目數量
[Huawei]user-int [Huawei]user-interface con [Huawei]user-interface console 0 [Huawei-ui-console0]hist [Huawei-ui-console0]history-command ma [Huawei-ui-console0]history-command max-size 20
vrp基礎配置
設置設備名稱
示例:修改設備名稱為R1
<Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei]sysna [Huawei]sysname R1 [R1] [R1] [R1]
配置系統日期時間
示例:修改系統時區為北京時間,東八區
[R1]clock [R1]clock tim [R1]clock timz [R1]clock time [R1]clock timez [R1]q <R1>cloc <R1>clock timez <R1>clock timezone BJ add 08:00:00 <R1>dis clo <R1>dis clock 2021-06-20 06:48:42 Sunday Time Zone(BJ) : UTC+08:00 <R1>
提示:設置時區需要在用戶視圖下設置,系統視圖沒法設置;
示例:設置當前時間和日期
<R1>dis clock 2021-06-20 06:50:35 Sunday Time Zone(BJ) : UTC+08:00 <R1>clo <R1>clock da <R1>clock datetime ? HH:MM:SS Specify the time <R1>clock datetime 22:51:22 ? YYYY-MM-DD Specify the date from 2000 to 2099 <R1>clock datetime 22:51:22 2021-06-20 <R1>dis clo <R1>dis clock 2021-06-20 22:51:25 Sunday Time Zone(BJ) : UTC+08:00 <R1>
配置標題消息
示例:設置用戶登錄前和登錄后的標題消息
<R1>sys Enter system view, return user view with Ctrl+Z. [R1]head [R1]header lo [R1]header login ? file Specify filename of banner information Specify information of banner [R1]header login inf [R1]header login information "welcome to R1" [R1]head [R1]header lo [R1]header she [R1]header shell ? file Specify filename of banner information Specify information of banner [R1]header shell in [R1]header shell information "have a good time" …… <R1>q Configuration console exit, please press any key to log on welcome to R1 Login authentication Password: have a good time <R1>
配置用戶界面命令
示例:配置console口超時時間
<R1>sys Enter system view, return user view with Ctrl+Z. [R1]use [R1]user-bind [R1]user-group [R1]user-interface con [R1]user-interface console 0 [R1-ui-console0]idl [R1-ui-console0]idle-timeout 5 12
提示:上述設置表示設置console口的超時時間為5分12秒;這里還需要注意一點console口的編號是從0開始的,默認情況下一台設備只有一個console口,所以我們設置的都是0口;進入到console 需要用user-interface 命令;該命令后面可以通常都是跟終端類型;常見的終端類型有console,vty;vty就是虛擬的終端,一般遠程用到都是vty類型的終端;默認vty的接口編號范圍最大可以支持到4,即總共支持5個遠程用戶使用vty,當然這個vty的數量是可以更改的,最大支持15個用戶;
示例:進入到vty
<R1>sys Enter system view, return user view with Ctrl+Z. [R1]user-int [R1]user-interface vty ? INTEGER<0-4,16-20> The first user terminal interface to be configured [R1]user-interface vty 0 ? INTEGER<1-4> Specify a last user terminal interface number to be configured <cr> Please press ENTER to execute command [R1]user-interface vty 0 4 [R1-ui-vty0-4]
配置登錄權限和設置密碼
示例:設置console口登錄密碼為admin123.com
<R1>sys
Enter system view, return user view with Ctrl+Z.
[R1]user-int
[R1]user-interface con
[R1]user-interface console 0
[R1-ui-console0]set
[R1-ui-console0]set au
[R1-ui-console0]set authentication pa
[R1-ui-console0]set authentication password ?
cipher Set the password with cipher text
[R1-ui-console0]set authentication password ci
[R1-ui-console0]set authentication password cipher admin123.com
[R1-ui-console0]dis this
[V200R003C00]
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$W~Nm5vbJ{S0yS@K}!JAF,(BD.-9:#x[ak!f@{wX%
h"*C(BG,%$%$
history-command max-size 20
idle-timeout 5 12
user-interface vty 0 4
user-interface vty 16 20
#
return
[R1-ui-console0]q
[R1]q
<R1>q
Configuration console exit, please press any key to log on
welcome to R1
Login authentication
Password:
have a good time
<R1>
提示:password后面的cipher表示回顯加密,即在配置里面看到的都是加密處理后端字符串;
示例:配置vty登錄密碼
<R1>sys
Enter system view, return user view with Ctrl+Z.
[R1]user-interface
[R1]user-interface vty 0 4
[R1-ui-vty0-4]set au
[R1-ui-vty0-4]set authentication pa
[R1-ui-vty0-4]set authentication password ci
[R1-ui-vty0-4]set authentication password cipher admin123.com
[R1-ui-vty0-4]dis this
[V200R003C00]
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$"<Kf/[6KRFvztj2q~J'(,(hM.!O.+tL7{XXS5}P:
t-)P(hP,%$%$
history-command max-size 20
idle-timeout 5 12
user-interface vty 0 4
authentication-mode password
set authentication password cipher %$%$"<Kf/[6KRFvztj2q~J'(,(hM.!O.+tL7{XXS5}P:
t-)P(hP,%$%$
user-interface vty 16 20
#
return
[R1-ui-vty0-4]
示例:設置遠程登錄用戶的權限為3
[R1-ui-vty0-4]user pri [R1-ui-vty0-4]user privilege le [R1-ui-vty0-4]user privilege level 3 [R1-ui-vty0-4]d th [V200R003C00] # user-interface con 0 authentication-mode password set authentication password cipher %$%$.gtX'!_=\OGX:pJ5f*u6,(2wvE#v<y(fe57<FiMr i>X9(2z,%$%$ history-command max-size 20 idle-timeout 5 12 user-interface vty 0 4 authentication-mode password user privilege level 3 set authentication password cipher %$%$.gtX'!_=\OGX:pJ5f*u6,(2wvE#v<y(fe57<FiMr i>X9(2z,%$%$ user-interface vty 16 20 # return [R1-ui-vty0-4]
提示:如果不設置用戶權限級別默認是0,0的權限很小,只能執行網絡診斷工具命令(ping、tracert)、從本設備出發訪問外部設備的命令(Telnet客戶端)、部分display命令等。權限級別分類如下表
| 用戶級別 | 命令級別 | 級別名稱 | 說明 |
| 0 | 0 | 訪問級 | 網絡診斷工具命令(ping、tracert)、從本設備出發訪問 |
| 1 | 0、1 | 監控級 | 用於系統維護,包括display等命令。 |
| 2 | 0、1、2 | 配置級 | 業務配置命令,包括路由、各個網絡層次的命令,向用戶 |
| 3~15 | 0、1、2、3 | 管理級 | 用於系統基本運行的命令,對業務提供支撐作用,包括文 |
接口配置地址
<R1>sys Enter system view, return user view with Ctrl+Z. [R1]int g0/0/0 [R1-GigabitEthernet0/0/0]ip add [R1-GigabitEthernet0/0/0]ip address 192.168.0.111 24 [R1-GigabitEthernet0/0/0]d th [V200R003C00] # interface GigabitEthernet0/0/0 ip address 192.168.0.111 255.255.255.0 # return [R1-GigabitEthernet0/0/0]
開啟telnet 遠程訪問
[R1-GigabitEthernet0/0/0]q [R1]telne [R1]telnet se [R1]telnet server e [R1]telnet server enable Error: TELNET server has been enabled [R1]
提示:默認華為模擬器ensp上模擬的路由器上開啟了telnet,所以在此開啟會報錯;
實驗:使用r2遠程訪問r1
實驗top
在r2上配置地址,然后使用telnet客戶端連接r1
<Huawei> Jun 20 2021 23:44:30-08:00 Huawei %%01IFPDT/4/IF_STATE(l)[0]:Interface GigabitEt hernet0/0/0 has turned into UP state. <Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei]sys R2 [R2]int g0/0/0 [R2-GigabitEthernet0/0/0]ip add 192.168.0.222 24 Jun 20 2021 23:44:55-08:00 R2 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. [R2-GigabitEthernet0/0/0]q [R2]q <R2>tel <R2>telnet 192.168.0.111 Press CTRL_] to quit telnet mode Trying 192.168.0.111 ... Connected to 192.168.0.111 ... welcome to R1 Login authentication Password: have a good time <R1>
查看接口摘要信息
示例:查看r1設備的接口摘要信息
<R1>dis ip int brief *down: administratively down ^down: standby (l): loopback (s): spoofing The number of interface that is UP in Physical is 2 The number of interface that is DOWN in Physical is 2 The number of interface that is UP in Protocol is 2 The number of interface that is DOWN in Protocol is 2 Interface IP Address/Mask Physical Protocol GigabitEthernet0/0/0 192.168.0.111/24 up up GigabitEthernet0/0/1 unassigned down down GigabitEthernet0/0/2 unassigned down down NULL0 unassigned up up(s) <R1>dis int brief PHY: Physical *down: administratively down (l): loopback (s): spoofing (b): BFD down ^down: standby (e): ETHOAM down (d): Dampening Suppressed InUti/OutUti: input utility/output utility Interface PHY Protocol InUti OutUti inErrors outErrors GigabitEthernet0/0/0 up up 0% 0% 0 0 GigabitEthernet0/0/1 down down 0% 0% 0 0 GigabitEthernet0/0/2 down down 0% 0% 0 0 NULL0 up up(s) 0% 0% 0 0 <R1>
提示:dis ip int brief 和dis int brief的區別是,dis ip int brief 一般用於查看三層接口的簡要信息,所謂三層一般就是可以配置ip地址信息的接口;dis int brief 一般多用於查看二層接口簡要信息;
狀態信息查詢
示例:查看vrp版本信息
<R1>dis <R1>display ver <R1>display version Huawei Versatile Routing Platform Software VRP (R) software, Version 5.130 (AR2200 V200R003C00) Copyright (C) 2011-2012 HUAWEI TECH CO., LTD Huawei AR2220 Router uptime is 0 week, 0 day, 1 hour, 55 minutes BKP 0 version information: 1. PCB Version : AR01BAK2A VER.NC 2. If Supporting PoE : No 3. Board Type : AR2220 4. MPU Slot Quantity : 1 5. LPU Slot Quantity : 6 MPU 0(Master) : uptime is 0 week, 0 day, 1 hour, 55 minutes MPU version information : 1. PCB Version : AR01SRU2A VER.A 2. MAB Version : 0 3. Board Type : AR2220 4. BootROM Version : 0 <R1>
示例:查看當前視圖的配置
<R1>dis <R1>display this # return <R1>sys Enter system view, return user view with Ctrl+Z. [R1]user-int [R1]user-interface con [R1]user-interface console 0 [R1-ui-console0]dis this [V200R003C00] # user-interface con 0 authentication-mode password set authentication password cipher %$%$)i3~%MGAQ,00KSWe|";E,+jWV+l97J2A9'P]E[=} CA"9+jZ,%$%$ history-command max-size 20 idle-timeout 5 12 user-interface vty 0 4 authentication-mode password user privilege level 3 set authentication password cipher %$%$)i3~%MGAQ,00KSWe|";E,+jWV+l97J2A9'P]E[=} CA"9+jZ,%$%$ user-interface vty 16 20 # return [R1-ui-console0]