一些基本命令
<Huawei>system-view #進入系統視圖
[Huawei]interface Ethernet 0/0/1 #進入接口視圖
[Huawei-Ethernet0/0/1]quit #返回上一級
[Huawei]interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1]return #返回用戶視圖 或者 Ctrl + z
<Huawei>後端
修改主機名
<Huawei>system-view #進入系統視圖
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname oschina #修改主機名爲oschina
[oschina]網絡
顯示VRP版本
[oschina]display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.110 (S3700 V200R001C00)
Copyright (c) 2000-2011 HUAWEI TECH CO., LTDQuidway S3700-26C-HI Routing Switch uptime is 0 week, 0 day, 0 hour, 11 minutesapp
查看配置
[oschina]display current-configuration
#
sysname oschina
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
#
...
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return負載均衡
設置密碼
<oschina>system-view #進入系統視圖
Enter system view, return user view with Ctrl+Z.
[oschina]aaa #進入認證設置
[oschina-aaa]local-user dongxia password cipher oschina #設置用戶爲 dongxia 密碼爲 oschina
Info: Add a new user.
[oschina-aaa]quit #返回系統視圖
[oschina]user-interface console 0 #用戶控制檯
[oschina-ui-console0]authentication-mode aaa #激活認證配置dom
ctrl + ] 登出 驗證tcp
[oschina-ui-console0]return #返回用戶視圖
<oschina>save #保存
The current configuration will be written to the device.
Are you sure to continue?[Y/N]Y #是否確認 選擇 Y
...
Save the configuration successfully.
<oschina>reboot ide
恢復出廠設置
<oschina>reset saved-configuration #恢復出廠
Warning: The action will delete the saved configuration in the device.
The configuration will be erased to reconfigure. Continue? [Y/N]:Y #是否擦除 選擇 Y
...
Info: Succeeded in clearing the configuration in the device.
<oschina>reboot #重啓
Info: The system is now comparing the configuration, please wait.
Warning: All the configuration will be saved to the configuration file for the n
ext startup:, Continue?[Y/N]:N #是否再次保存 選擇 N
Info: If want to reboot with saving diagnostic information, input 'N' and then e
xecute 'reboot save diagnostic-information'.
System will reboot! Continue?[Y/N]:Y #是否重啓 選擇 Yui
查看Mac地址
[Huawei]display mac-addressthis
關閉消息提醒
<Huawei>undo terminal debugging
Info: Current terminal debugging is off.
<Huawei>undo terminal logging
Info: Current terminal logging is off.
<Huawei>undo terminal trapping
Info: Current terminal trapping is off.
<Huawei>undo terminal monitor
Info: Current terminal monitor is off.spa
設置帳戶鎖定時間
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]user-interface console 0 #進入控制檯
[Huawei-ui-console0]idle-timeout 0 #設置爲0 即不鎖定
VLAN的劃分
建立vlan,並將接口加入
trunk 中繼鏈路
[Huawei-Ethernet0/0/7] undo shutdown #從新啓用用接口
配置trunk 放行全部vlan
[Huawei]interface Ethernet 0/0/7
[Huawei-Ethernet0/0/7]port link-type trunk
[Huawei-Ethernet0/0/7]port trunk allow-pass vlan all #容許全部vlan
在另外一臺交換機上的 7 端口 作一樣配置
驗證
鏈路聚合
捆綁物理接口
[Huawei]clear configuration interface Ethernet 0/0/7 #清除原有配置 注意後端口鏈接會關閉
[Huawei]interface Ethernet 0/0/7
[Huawei-Ethernet0/0/7]undo shutdown #啓用 端口鏈接 7
[Huawei]interface Eth-Trunk 1 #建立聚合 1
[Huawei-Eth-Trunk1]trunkport Ethernet 0/0/7 0/0/8 # 將 端口 7 8 聚合
[Huawei-Eth-Trunk1]port link-type trunk #準備設置trunk
[Huawei-Eth-Trunk1]port trunk allow-pass vlan all #放行全部vlan
另外一臺一樣操做
配置靜態路由
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.1.254 24 #設置端口IP 掩碼
[Huawei-GigabitEthernet0/0/0]display this #查看
[V200R003C00]
#
interface GigabitEthernet0/0/0
ip address 192.168.1.254 255.255.255.0
#
return
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]ip route-static 192.168.3.0 24 192.168.2.2 #設置靜態轉發
[Huawei]ip route-static 192.168.4.0 24 192.168.2.2
AR2一樣設置
[Huawei-GigabitEthernet0/0/0]ip address 192.168.3.254 24
[Huawei-GigabitEthernet0/0/1]ip address 192.168.2.2 24
[Huawei-GigabitEthernet0/0/2]ip address 192.168.4.254 24
[Huawei]ip route-static 192.168.1.0 24 192.168.2.1
三層交換機
華爲s5700三層交換機 注意三層交換機沒有 G0 口
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan batch 2 3
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]interface Vlanif 1
[Huawei-Vlanif1]ip address 192.168.1.254 24
[Huawei-Vlanif1]quit
[Huawei]interface Vlanif 2
[Huawei-Vlanif2]ip address 192.168.2.254 24
[Huawei-Vlanif2]quit
[Huawei]interface Vlanif 3
[Huawei-Vlanif3]ip address 192.168.3.254 24
[Huawei-Vlanif3]quit
[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 2
[Huawei]interface GigabitEthernet 0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type access
[Huawei-GigabitEthernet0/0/3]port default vlan 3
[Huawei-GigabitEthernet0/0/3]quit
動態路由
配置LSW1交換機(3700)
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan batch 2 3
[Huawei]interface Ethernet 0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]port default vlan 2
[Huawei]interface Ethernet 0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 3
[Huawei-Ethernet0/0/3]quit
[Huawei]interface Ethernet 0/0/22
[Huawei-Ethernet0/0/22]port link-type trunk
[Huawei-Ethernet0/0/22]port trunk allow-pass vlan all
[Huawei-Ethernet0/0/22]quit
配置三層交換機LSW2(5700)
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan batch 2 3 4
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]interface Vlanif 1
[Huawei-Vlanif1]ip address 192.168.1.254 24
[Huawei-Vlanif1]quit
[Huawei]interface Vlanif 2
[Huawei-Vlanif2]ip address 192.168.2.254 24
[Huawei-Vlanif2]quit
[Huawei]interface Vlanif 3
[Huawei-Vlanif3]ip address 192.168.3.254 24
[Huawei-Vlanif3]quit
[Huawei]interface Vlanif 4
[Huawei-Vlanif4]ip address 192.168.4.1 24
[Huawei-Vlanif4]quit
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 4
[Huawei-GigabitEthernet0/0/2]ospf 1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]quit
[Huawei-ospf-1]quit
[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.4.2
配置路由器AR1
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.4.2 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 192.168.5.254 24
[Huawei-GigabitEthernet0/0/1]ospf 1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]quit
配置ACL
首先配置路由器
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.1.254 24
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 192.168.2.254 24
[Huawei-GigabitEthernet0/0/1]quit
配置完成後節點所有打通
示例一:禁止PC2 和 PC1 通信
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule deny source 192.168.2.1 0
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 2000
示例二:只容許PC2 訪問PC1 其餘都拒絕
[Huawei]acl 2001
[Huawei-acl-basic-2001]rule permit source 192.168.2.1 0.0.0.0
[Huawei-acl-basic-2001]rule deny source any
[Huawei-acl-basic-2001]quit
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 2001
Error: A simplified ACL has been applied in this view.
[Huawei-GigabitEthernet0/0/1]undo traffic-filter inbound
[Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 2001
注:也能夠修改原ACL2000規則 一樣也能夠達到目的,並且不用再指定端口,即以前設置端口依然生效
示例三:禁止pc2訪問pc1的ftp服務,禁止pc3訪問pc1的www服務,全部主機的其餘服務不受限制
[Huawei]acl 3000 #高級ACL 用3000
[Huawei-acl-adv-3000]rule deny tcp source 192.168.2.1 0 destination 192.168.1.1 0 destination-port eq 21
[Huawei-acl-adv-3000]rule deny tcp source 192.168.2.2 0.0.0.0 destination 192.168.1.1 0.0.0.0 destination-port eq 80
[Huawei-acl-adv-3000]quit
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]undo traffic-filter inbound #清理原有ACL
[Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 3000 #指定ACL
[Huawei-GigabitEthernet0/0/1]display this
NAT ---靜態轉換
Enter system view, return user view with Ctrl+Z.
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 100.0.0.1 8
[Huawei-GigabitEthernet0/0/0]nat static global 100.0.0.2 inside 192.168.2.1 #設置轉換
[Huawei-GigabitEthernet0/0/0]nat static global 100.0.0.3 inside 192.168.2.2
[Huawei-GigabitEthernet0/0/0]display this
NAT----EasyIP
[Huawei-acl-basic-2000]rule permit source any
[Huawei-acl-basic-2000]quit
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]nat outbound 2000
[Huawei-GigabitEthernet0/0/0]display this
三層交換機配置VRRP
Enter system view, return user view with Ctrl+Z.
[Huawei] interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0] ip address 192.168.2.1 24
[Huawei-GigabitEthernet0/0/0] quit
[Huawei] interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ip address 192.168.3.1 24
[Huawei-GigabitEthernet0/0/1] quit
[Huawei] interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2] ip address 192.168.4.254 24
[Huawei-GigabitEthernet0/0/2] ospf
[Huawei-ospf-1] area 0
[Huawei-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0] network 192.168.3.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0] network 192.168.4.0 0.0.0.255
三層交換機LSW
Enter system view, return user view with Ctrl+Z.
[Huawei] interface Vlanif 1
[Huawei-Vlanif1] ip address 192.168.1.252 24
[Huawei-Vlanif1] quit
[Huawei] vlan 2
[Huawei-vlan2] quit
[Huawei] interface Vlanif 2
[Huawei-Vlanif2] ip address 192.168.2.2 24
[Huawei-Vlanif2] quit
[Huawei] interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1] port link-type access
[Huawei-GigabitEthernet0/0/1] port default vlan 2
[Huawei-GigabitEthernet0/0/1] quit
[Huawei] ospf
[Huawei-ospf-1] area 0
[Huawei-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0] quit
[Huawei-ospf-1] quit
[Huawei] interface Vlanif 1
[Huawei-Vlanif1] vrrp vrid 1 virtual-ip 192.168.1.254
Enter system view, return user view with Ctrl+Z.
[Huawei]interface Vlanif 1
[Huawei-Vlanif1]ip address 192.168.1.253 24
[Huawei-Vlanif1]quit
[Huawei]vlan 3
[Huawei-vlan3]quit
[Huawei]interface Vlanif 3
[Huawei-Vlanif3]ip address 192.168.3.2 24
[Huawei-Vlanif3]quit
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 3
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]ospf
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]quit
[Huawei-ospf-1]quit
[Huawei]interface Vlanif 1
[Huawei-Vlanif1]vrrp vrid 1 virtual-ip 192.168.1.254
[Huawei-Vlanif1]display this
負載均衡的實現
S1設置:
三個G口所有設置trunk(這裏再也不示範)
S1設置:
三個G口所有設置trunk(這裏再也不示範)
[Huawei]vlan batch 10 20
[Huawei]interface Vlanif 10