Telnet配置
1、密碼登錄
[Huawei]user-interface console 0 //進入管理控制口
[Huawei-ui-console0]authentication-mode password
Please configure the login password (maximum length 16):輸入密碼
[Huawei-ui-console0]user privilege level ? //設置特權等級
[Huawei-ui-console0]idle-timeout 20 0 //設置空閑超時時間為20分鍾,默認為10分鍾
2、用戶和密碼登錄
[Huawei]user-interface console 0 //進入管理控制口
[Huawei-ui-console0]authentication-mode aaa
[Huawei-ui-console0]quit
[Huawei]aaa
[Huawei-aaa]local-user huawei password cipher hw(密碼)
[Huawei-aaa]local-user huawei service-type terminal //從終端登錄
3、PC通過以太網口遠程登錄配置
#AAA模式遠程登錄
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode aaa
[R1]aaa //進入認證、授權、計費模式(簡稱AAA模式)
[R1-aaa]local-user admin password cipher 123456 //配置本地用戶和密碼
[R1-aaa]local-user admin service-type telnet //選擇授權用戶的服務類型
[R1-aaa]local-user admin privilege level 3 //設置管理員用戶級別
#僅密碼遠程登錄
[R2]user-interface vty 0 4 //虛擬用戶終端接口
[R2-ui-vty0-4]authentication-mode password //配置用戶終端的認證模式
[R2-ui-vty0-4]set authentication password simple 123456 //設置登錄用戶密碼
[R2-ui-vty0-4]user privilege level 3 //設置用戶等級
[R2-ui-vty0-4]user network-admin //設置登錄用戶的參數
4、設置超級密碼
[Huawei]super password level 3 cipher 123456(作用?)
FTP配置
1、將路由器作為FTP服務器
[R1]ftp server enable
[R1]aaa
[R1-aaa]local-user winda password cipher aqx123456(字母與數字的組合)
[R1-aaa]local-user winda privilege level 15
[R1-aaa]local-user winda service-type ftp
[R1-aaa]local-user winda ftp-directory flash: //指定目錄
2、登錄FTP服務器,並傳送文件
ftp 10.0.12.2
User(10.0.12.2:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in.
[R1-ftp]put portalpage.zip //上傳文件
[R1-ftp]get portalpage.zip portal.zip //下載文件並改名字
delete /unreserved portal.zip //徹底刪除該文件
其它配置
配置登錄標語
[R1]header shell information "Welcome to HuaWei"
指定下次啟動裝載的配置文件
startup saved-configuration iascfg.zip
指定下次啟動裝載的配置文件
factory-configuration reset
設置下次啟動用的文件
startup saved-configuration 文件名
刪除保存的配置文件
reset saved-configuration
reboot
Warning: All the configuration will be saved to the next startup configuration.
Continue ? [y/n]:n
關閉消息提示功能
[R1]undo info-center enable //關閉提示信息,提高配置時的視覺
或
undo terminal monitor //關閉日志提示消息(很煩人的一個東西)
路由IP配置
浮動靜態路由
[Huawei]ip route-static 192.168.1.0 24(目標網絡) 192.168.2.1(下一跳IP) preference 80
描述接口
[R1-Serial1/0/0]description this port connect to R2-S1/0/0
默認(缺省)路由
[R1]ip route-static 0.0.0.0 0.0.0.0 10.0.13.3
使用帶源參數的ping命令
[R2]ping -a 10.0.2.2 10.0.3.3
配置從IP地址(解決RIPv1不連續子網)
[R1-Serial1/0/0]ip add 10.0.23.2 sub
靜態路由與BFD聯動
#激活BFD功能
[R1]bfd
[R1-bfd]quit
#創建BFD會話,名稱為ab(自定義),對端的IP地址為10.1.12.2
[R1]bfd ab bind peer-ip 10.1.12.2
VLAN配置
端口類型配置
配置端口為access
[Huawei]vlan 10 //創建vlan 10
[Huawei]interface GigabitEthernet 0/0/2 //進入g0/0/2端口
[Huawei-GigabitEthernet0/0/2]port link-type access //選擇端口類型
[Huawei-GigabitEthernet0/0/2]port default vlan 10 //划分VLAN
技巧:[S2]vlan batch 3 to 5 //創建VLAN3、4、5
配置端口的Hybrid類型
[SW1]vlan 10
[SW1-GigabitEthernet0/0/1]port hybrid pvid vlan 10
[SW1-GigabitEthernet0/0/1]port hybrid untagged vlan 10 30 //對VLAN10和30去標簽
配置端口的Trunk類型
[SW1]interface g0/0/24
[SW1-GigabitEthernet0/0/24]port link-type trunk
[SW1-GigabitEthernet0/0/24]port trunk allow-pass vlan all //允許所有VLAN通過
更改Trunk端口的PVID
[SW1-GigabitEthernet0/0/24]port trunk pvid vlan 10
Eth-trunk配置
創建Eth-trunk 1,並將接口加入Eth-trunk 1
[S1]interface Eth-Trunk 1
[S1]int g0/0/9
[S1-GigabitEthernet0/0/9]eth-trunk 1
或
[S1]interface Eth-Trunk 1
[S1-Eth-Trunk1]trunkport g0/0/9
配置Eth-trunk 1鏈路配置為access
[S1]interface Eth-Trunk 1
[S1-Eth-Trunk1]port link-type access
[S1-Eth-Trunk1]port default vlan 5
STP配置
STP配置
#修改橋優先級
[S1]stp priority 4096 //數值越小優先級越高
#修改端口優先級
[S1-GigabitEthernet0/0/9]stp port priority 32 //默認為128,數值越小優先級越高
#配置邊緣端口(使端口快速進入轉發狀態)
[S3]interface Ethernet0/0/3
[S3-Ethernet0/0/3]stp edged-port enable
[S3-Ethernet0/0/3]stp cost //設置路徑開銷值
[根交換機]stp timer forward-delay //設置延遲時間
[根交換機]stp edged-port enable //設置網絡直徑
配置MSTP
[SW1]stp region-configuration //進入MST域
[SW1-mst-region]region-name huawei //配置域名
[SW1-mst-region]revision-level 1 //配置修訂級別為1
[SW1-mst-region]instance 1 vlan 10 //制定MSTI 1與VLAN10的映射
查看STP
#各接口簡要STP狀態
[S1]dis stp brief
#具體接口詳細STP信息
[S1]dis stp interface g0/0/10
#查看當前根橋信息
[S1]dis stp
#查看實例1的信息
[SW1]dis stp instance 1 brief
DHCP配置
基於接口配置DHCP功能
[R1]dhcp enable //開啟DHCP功能
[R1-GigabitEthernet0/0/0]dhcp select interface //開啟接口DHCP功能
[R1-GigabitEthernet0/0/0]dhcp server lease day 2【可選】 //設置租用有效期限為2天
[R1-GigabitEthernet0/0/0]dhcp server dns-list 8.8.8.8 //為PC自動分配DNS服務器地址
[R1-GigabitEthernet0/0/1]dhcp server excluded-ip-address 192.168.2.250 192.168.2.253 //配置不參與自動分配的IP地址范圍
基於全局配置DHCP
[R1]dhcp enable //開啟DHCP功能
[R1]ip pool huawei1 //配置全局地址池
[R1-ip-pool-huawei1]network 192.168.1.0 //指定地址池范圍
[R1-ip-pool-huawei1]lease day 2【可選】 //租期為2天,默認1天
[R1-ip-pool-huawei1]gateway-list 192.168.1.254 //出口網關地址
[R1-ip-pool-huawei1]excluded-ip-address 192.168.1.250 192.168.1.253 //不參與自動分配
[R1-ip-pool-huawei1]dns-list 8.8.8.8 //配置DNS服務器地址
[R1-GigabitEthernet0/0/0]dhcp select global //開啟接口的DHCP功能
查看
dis ip pool //查看地址池地址分配情況
DHCP中繼
[R1]dhcp enable //開啟DHCP功能
#面向PC的接口:
[R1-Ethernet0/0/0]dhcp select relay
[R1-Ethernet0/0/0]dhcp relay server-ip 100.1.1.1 //指定DHCP服務器IP地址
#面向PC的接口下調用全局定義的DHCP服務器組:
[R1]dhcp server group dhcp-group
[R1-dhcp-server-group-dhcp-group]dhcp-server 100.1.1.1
[R1-Ethernet0/0/0]dhcp select relay
[R1-Ethernet0/0/0]dhcp relay server-select dhcp-group
幀中繼配置
DCE配置
[R1]interface s1/0/0
[R1-Serial1/0/0]link-protocol fr
[R1-Serial1/0/0]fr interface-type dce //接口類型
[R1-Serial1/0/0]fr dlci 100
[R1-Serial1/0/0]ip add 192.168.1.1 24
DTE配置
[R2]interface s1/0/0
[R2-Serial1/0/0]link-protocol fr
[R2-Serial1/0/0]fr interface-type dte
其它配置
查看PVC
[R1]dis fr pvc-info
#查看映射
[R1]dis fr map-info
#靜態映射
[R2-Serial1/0/0]undo fr inarp
[R1-Serial1/0/0]fr map ip 192.168.1.2 100 broadcast
//OSPF中使用組播的網絡類型時,應在映射后面加Broadcast
單臂路由配置
配置路由器
[R1]int g0/0/0.1 //創建並進入g0/0/0的0.1子接口
[R1-GigabitEthernet0/0/0.1]dot1q termination vid 10 //封裝dot1q協議
[R1-GigabitEthernet0/0/0.1]ip address 192.168.10.254 24 //配置IP地址
[R1-GigabitEthernet0/0/0.1]arp broadcast enable //開啟arp廣播
[R1-GigabitEthernet0/0/0.1]dhcp select global //開啟DHCP全局模式
[R1-GigabitEthernet0/0/0.1]int g0/0/0.2
[R1-GigabitEthernet0/0/0.2]dot1q termination vid 20
[R1-GigabitEthernet0/0/0.2]ip address 192.168.20.254 24
[R1-GigabitEthernet0/0/0.2]arp broadcast enable
[R1-GigabitEthernet0/0/0.2]dhcp select global
配置交換機
[SW1]vlan batch 10 20 //創建vlan 10和vlan 20
[SW1-GigabitEthernet0/0/1]int g0/0/1 //進入g0/0/1接口
[SW1-GigabitEthernet0/0/1]port link-type access //修改端口為access模式
[SW1-GigabitEthernet0/0/1]port default vlan 10 //將端口划分到vlan 10中
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 20
[SW1-GigabitEthernet0/0/2]int g0/0/24 //交換機與路由器相連的接口需要修改為trunk模式
[SW1-GigabitEthernet0/0/24]port link-type trunk //修改端口為trunk模式
[SW1-GigabitEthernet0/0/24]port trunk allow-pass vlan 10 20 //允許vlan 10和vlan 20的數據通過
RIP配置
基本配置
[Huawei]rip 1 //啟動RIP進程
[Huawei-rip-1]version 2 //選擇版本(可選)
[Huawei-rip-1]net 10.0.0.0(通告自然網段)
其它配置
[Huawei-rip-1]summary always //使能自動匯總[V2默認開啟,但不生效]
[接口]undo rip split-horizon //關閉接口水平分割
[Huawei-GigabitEthernet0/0/0]rip summary-address 聚合后網絡 子網掩碼 //手動匯總
#接口附加度量值
[接口]rip metricin x //cost=原來的值+x
[接口]rip metricout x //cost=0+x
#認證
[R2-Serial1/0/0]rip authentication-mode simple huawei //明文
[R2-Serial2/0/0]rip authentication-mode md5 usual huawei //MD5
#開啟RIP調試
debug rip 1
terminal debugging
Info: Current terminal debugging is on.
terminal monitor
#抑制接口(只收不發)
[R1-GigabitEthernet0/0/0]undo rip output //不能使用單播通信
或
[R2-rip-1]silent-interface E0/0/0 //優先級高於前者
[R2-rip-1]peer IP地址 //單播通信
[R2-rip-1]preference x //修改優先級(只在本地有效)
[R2-rip-1]timers rip 20 120 60 //修改定時器
[R3]ip route-static 0.0.0.0 0 LoopBack 2 //發布默認路由
[R3-rip-1]default-route originate //不需創建默認路由,也能發布
reset rip 1 statistics //刷新RIP統計信息
reset ip routing-table statistics protocol rip //清除RIP學到的路由信息
[R2]undo rip 1 //刪除RIP
[R1]rip version2 multicase //配置版本1的也能發送RIPv2報文
OSPF配置
配置OSPF
[R1]ospf Router-id 1.1.1.1 //配置環回口IP地址
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 1.1.1.0 0.0.0.255
引入路由
[R3-ospf-1]import-route direct //引入直連路由
[R1-ospf-1]import-route rip 1 cost 100 //引入RIP路由
發布默認路由
[R3]ip route-static 0.0.0.0 0 LoopBack 2
[R3]ospf 100
[R3-ospf-100]default-route-advertise
[R3-ospf-100]default-route-advertise always //自動發布默認路由
OSPF驗證
#接口認證明文:
[R1-Serial1/0/0]ospf authentication-mode simple plain huawei
#區域認證密文:
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher huawei
抑制接口(不收不發)
R2-ospf-1]silent-interface E0/0/0
[R2-ospf-1]peer IP地址 //單播通信
查看
[R1]dis ospf peer brief //查看鄰居
[R1]dis ospf interface //查看DR、BDR
[R1]reset ospf process //重置OSPF進程
[R1]dis ip routing-table protocol ospf //查看OSPF學到的路由
[R1]display ospf lsdb ase 172.16.0.0 //顯示鏈路狀態數據庫的外接路由信息
[R1]dis ospf int G0/0/0 //查看接口的OSPF信息
查看LSA信息
[R1]dis ospf lsdb router //查看一類LSA
[R1]dis ospf lsdb netword //查看二類LSA
[R1]dis ospf lsdb summary //查看三類LSA
[R1]dis ospf lsdb asbr //查看四類LSA
[R1]dis ospf lsdb ase //查看五類LSA
[R1]dis ospf lsdb nssa //查看七類LSA
其它
修改Hello和Dead時間
[R1-GigabitEthernet0/0/0]ospf timer hello 15
[R1-GigabitEthernet0/0/0]ospf timer dead 60
修改DR優先級
[R1-GigabitEthernet0/0/0]ospf dr-priority 200(越大優先級越高)
注:由於DR/BDR選舉默認為不搶占模式,因此在修改了路由器優先級后不會自動重新選舉DR,需要重置OSPF進程。
修改網絡類型為廣播
[R2-Serial2/0/0]ospf network-type broadcast
修改開銷值、帶寬參考值
[接口]ospf cost x
[R3-ospf-1]bandwidth-reference x
VRRP配置
[SW1-Vlanif10]vrrp vrid 1 virtual-ip 10.1.1.254 //配置虛擬網關
[SW1-Vlanif10]vrrp vrid 1 priority 150 //更改優先級
[SW1-Vlanif10]vrrp vrid 1 preempt-mode disable //關閉搶占模式
[SW1-Vlanif10]vrrp vrid 1 track interface g0/0/24 reduced 60 //跟蹤上層端口
[R1-Serial2/0/0]ospf network-type p2mp //配置接口的網絡類型為Point-to-multipoint
[S1] display vrrp //查看VRRP信息
HDLC配置
[R1-Serial1/0/0]ip address unnumbered interface LoopBack0 //IP地址借用
[R1]ip route-static 10.1.1.0 24 Serial1/0/0
[R1-Serial1/0/0]link-protocol hdlc //將接口改為HDLC類型
PPP配置
認證方
[R1]aaa
[R1-aaa]local-user huawei password cipher 123456
[R1-aaa]local-user huawei service-type ppp
[R1-Serial0]ppp authentication-mode pap(CHAP)
被認證方
#PAP:
[R2-Serial0]ppp pap local-user huawei password cipher 123456
#CHAP:
[R2-Serial0]ppp chap user huawei
[R2-Serial0]ppp chap password cipher 123456
使用 CHAP 建立 PPP連接的協商過程
debugging ppp chap all
terminal debugging
以太網接口配置
[S1-G0/0/9]undo negotiation auto //更改接口的速率和雙工模式前應先關閉接口的自動協商功能
[S1-G0/0/9]speed 100 //設置為100M速率
[S1-G0/0/9]duplex full //全雙工模式
[S1]dis eth-trunk 1 //查看Eth-trunk 1配置結果
防火牆配置
#登錄不需要用戶名和密碼
[FW]user-interface console 0
[FW-ui-console0]authentication-mode none
#定義時區:
clock timezone 1 add 08:00:00
鏈路技術
鏈路聚合
[S1]interface Eth-Trunk 1 //聚合交換機之間的Eth-Trunk端口編號相等
[S1-Eth-Trunk1]mode lacp-static //lacp模式
[S1-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 to 0/0/2 //將成員端口加入到聚合端口中
[S1-Eth-Trunk1]max active-linknumber 2 //設置活動上限閥值
[S1-Eth-Trunk1]port link-type trunk
[S1-Eth-Trunk1]port trunk allow-pass vlan all
[S1-Eth-Trunk1]dis eth-trunk 1 verbose //查看聚合端口的信息
[S1] lacp priority 100 //配置系統優先級使其成為主控端
[S1-G0/0/1] lacp priority 100 //配置活動鏈路優先級
[S1-G0/0/2] lacp priority 100 //配置活動鏈路優先級
Smart Link
[S1-G0/0/1]stp disable //關掉相關接口的STP
[S1]smart-link group 1
[S1-smlk-group1]port GigabitEthernet 0/0/1 master //設置主端口
[S1-smlk-group1]port g0/0/2 slave //設置從端口
[S1-smlk-group1]flush send control-vlan 10 password simple 123 //使能smart link組1發送Flush幀的功能,攜帶的控制VLAN編號為10,密碼是:123
[S1-smlk-group1]restore enable //開啟回切功能
[S1-smlk-group1]timer wtr 30 //回切時間為30秒
[S1-smlk-group1]smart-link enable //使能Smart Link組1的功能
[S1-smlk-group1]dis smart-link group 1 //查看Smart Link組1的信息
[S2-GigabitEthernet0/0/1]smart-link flush receive control-vlan 10 password simple 123 //設置其他交換機可以接收和處理攜帶控制VLAN編號是10的Flush幀
其他配置
自動保存
#自動保存
autosave interval on
autosave interval 120 //每隔120分鍾自動保存
#定點保存
autosave time on
autosave time 23:00:00 //到23點自動保存
端口鏡像
[R1]observe-port 1 interface Ethernet4/0/1 //設置觀察端口
[接口] mirror to observe-port 1 both //將鏡像端口映射到觀察端口
端口綁定
[Huawei]user-bind static mac-address 5489-988B-5157 int e0/0/1 //綁定MAC地址
[Huawei]user-bind static ip-address 192.168.1.3 //綁定IP地址
端口安全
[接口]port-security enable //啟用端口安全
[接口]port-security max-mac-num 2 //自動學習MAC地址的最大數量
[接口]port-security protect-action shutdown //保護行為為關閉端口
前綴列表
[R1]ip ip-prefix 1 deny 11.1.1.0 25 greater-equal 25 less-equal 25 //在RIP里面過濾掉11.1.1.0/25
[R1]ip ip-prefix 1 permit 0.0.0.0 0 less-equal 32
[R1-rip-1]filter-policy ip-prefix 1 import
IPv6配置
[R1]ipv6 //開啟全局IPv6功能
[R1-E0/0/0]ipv6 enable //在接口(連接PC)下開啟IPv6功能
[R1-E0/0/0]ipv6 address auto link-local //自動生成鏈路本地地址
[R1-G0/0/0]ipv6 enable //在接口(連接路由器)下開啟IPv6功能
[R1-G0/0/0]ipv6 add 2031:0:130F::1 64 //配置全球單播地址
[R1-E0/0/0]ipv6 add 2001:3:FD:: 64 eui-64 //用EUI-64配置地址
設備版本升級
檢查設備剩余空間是否大於新的軟件包大小
<H07_S5720_BMC-05>dir flash:
Directory of flash:/
Idx Attr Size(Byte) Date Time FileName
0 drw- - Oct 30 2019 03:37:16 dhcp
1 drw- - Oct 30 2019 03:19:15 user
2 -rw- 13,432 Oct 30 2019 03:37:25 default_ca.cer
3 -rw- 36 Oct 30 2019 03:38:18 $_patchstate_reboot
4 -rw- 3,684 Oct 30 2019 03:38:18 $_patch_history
5 -rw- 1,903 Oct 30 2019 03:37:31 default_local.cer
6 drw- - Oct 30 2019 03:37:42 logfile
7 -rw- 1,111 Apr 08 2020 17:03:35 vrpcfg.zip
8 -rw- 8,718,710 Dec 12 2013 07:53:05 s5720ei-v200r011sph008.pat
9 drw- - Oct 30 2019 03:19:14 pmdata
10 -rw- 85,051,908 Jun 28 2018 15:55:01 s5720ei-v200r011c10spc600.cc
11 drw- - Oct 30 2019 03:18:44 $_install_mod
12 -rw- 836 Mar 30 2020 10:48:44 rr.bak
13 -rw- 836 Mar 30 2020 10:48:44 rr.dat
14 -rw- 1,773 Apr 08 2020 17:03:36 private-data.txt
15 drw- - Apr 08 2020 17:03:33 localuser
16 drw- - Mar 30 2020 14:24:42 $_backup
17 -rw- 200 Oct 30 2019 03:37:32 ca_config.ini
352,772 KB total (265,060 KB free)
將PC作為FTP Server,並FTP到PC
# 連接到PC FTP Server
ftp 192.168.1.2
# 進行二進制編碼
[ftp]bin
# 備份軟件包
[ftp]put S5720EI-V200R019C00SPC500.cc S5720EI-V200R019C00SPC500.bak.cc
# 備份補丁
[ftp]put S5720EI-V200R019SPH007.pat S5720EI-V200R019SPH007.bak.pat
# 上傳軟件包
[ftp]get S5720EI-V200R019C00SPC500.cc
# 上傳補丁
[ftp]get S5720EI-V200R019SPH007.pat
# 退出
[ftp]bye
# 設置新版軟件包應用全部設備並下次啟動該軟件包
startup system-software flash:/S5720EI-V200R019C00SPC500.cc all
# 重啟設備
reboot
# 查看堆疊狀態
display stack
# 將補丁應用到全部並運行
patch load flash:/S5720EI-V200R019SPH007.pat all run
# 查看補丁信息
display patch-information
# 選中補丁
patch load flash:/S5720EI-V200R019SPH007.pat all active
# 刪除軟件包
delete /unreserved flash:/s5720ei-v200r011c10spc600.cc
# 刪除補丁包
delete /unreserved flash:/S5720EI-V200R019SPH007.pat
恢復出廠設置
<HUAWEI> reset saved-configuration
Warning: The action will delete the saved configuration in the device.The configuration will be erased to reconfigure. Continue? [Y/N]:y
Warning: Now clearing the configuration in the device.
Info: Succeeded in clearing the configuration in the device.
<HUAWEI> reboot
Info: The system is now comparing the configuration, please wait.
Warning: The configuration has been modified, and it will be saved to the next startup saved-configuration file flash:/vrpcfg.zip. Continue? [Y/N]:n //此處請選擇”N“,不保存配置,否則無法清除配置
Info: If want to reboot with saving diagnostic information, input 'N' and then execute 'reboot save diagnostic-information'.
System will reboot! Continue?[Y/N]:y