导图社区 华为设备一般性配置
- 51
- 1
- 1
- 举报
华为设备一般性配置
非完全末梢区域LSA(NSSA LSA):由ASBR产生,用于描述到达OSPF域外的路由。NSSA LSA与AS外部LSA功能类似,但是泛洪范围不同。NSSA LSA只能在始发的NSSA内泛洪,并且不能直接进入Area0。NSSA的ABR会将7类LSA转换成5类LSA注入到Area0。
编辑于2023-01-10 20:05:38 湖北省- HCIA
- HCIP
- 华为设备
- 一般性配置
- 相似推荐
- 大纲
华为设备配置命令参考
时间
<Huawei> clock timezone BJ add 08:00:00 <Huawei> clock datetime 20:10:00 2015-03-26 <Huawei> system-view [Huawei] sysname Server
NTP网络时间协议
系统
<Huawei>display saved-configuration
查看已保存配置
<Huawei>reset saved-configuration
重置配置,
<Huawei> display startup
查看下次启动文件
<Huawei>startup saved-configuration configuration-file
下次启动使用的配置文件
<Huawei>reboot
重启设备
<Huawei>dir
查看文件
<Huawei>mkdir test
创建新的目录
<Huawei>rmdir test
删除目录
<Huawei>rename huawei.txt save.zip
重命名为save.zip
<Huawei>copy save.zip file.txt
复制为file.txt
<Huawei>delete file.txt
删除文件
console 0
设置AAA认证
sys user-interface console 0 authentication-mode aaa quit aaa local-user admin password irreversible-cipher pawwwor local-user admin privilege level 3 local-user admin service-type terminal quit
[R1]aaa [R1-aaa]local-user huawei password cipher huawei123 [R1-aaa]local-user huawei service-type telnet [R1-aaa]local-user huawei privilege level 0 [R1]user-interface vty 0 4 [R1-ui-vty0-4]authentication-mode aaa
设置Password认证
sys user-interface console 0 authentication-mode password set authentication password cipher pawwword
telnet管理
[Server] telnet server enable [Server] user-interface vty 0 4 [Server-ui-vty0-4] user privilege level 15 [Server-ui-vty0-4] authentication-mode aaa [Server-ui-vty0-4] quit [Server] aaa [Server-aaa] local-user admin1234 password cipher Hello [Server-aaa] local-user admin1234 privilege level 15 [Server-aaa] local-user admin1234 service-type telnet [Server-aaa] quit
sys user-interface vty 0 4 protocol inbound all|telnet authentication-mode password set authentication password cipher
Stelnet
# sysname SSH Server # acl number 2001 rule 5 permit source 10.137.217.10 0 rule 10 permit source 10.137.217.20 0 rule 15 deny source 10.137.217.30 0 # rsa peer-public-key rsakey001 public-key-code begin 30820107 public-key-code end peer-public-key end # aaa local-user client001 password irreversible-cipher %^%#*~Br";[g6Pv5Zf>$~{hY+N!`{$<[Y{;l02P)B,EBz\1FN!c+%^%# local-user client001 privilege level 3 local-user client001 service-type ssh local-user client002 password irreversible-cipher %^%#HW=5%Mr;:2)/RX$FnU1HLO%-TBMp4wn%;~\#%iAut}_~O%0L%^%# local-user client002 privilege level 3 local-user client002 service-type ssh # ssh user client002 assign rsa-key rsakey001 ssh user client002 authentication-type rsa stelnet server enable # user-interface vty 0 4 acl 2001 inbound authentication-mode aaa protocol inbound ssh # return
交换机
查看
arp -a
查看主机的MAC地址表
dis mac-address verboss
查看交换机的MAC地址表
VLAN
取值为1-4094
vlan batch 10 20 to 30 undo vlan
批量创建VLAN 删除vlan
接口下配置
port link-type access{trunk} port default vlan 10
配置接口为access模式 VLAN 10划入接口下
port-link-trpe trunk port trunk allow-pass vlan 10 20 port trunk pvid vlan 10
配置接口为trunk模式 接口下通过的VLAN值 可选---配置接口的缺少VLAN
port link-type hybrid port hybrid untagged vlan 10 20 port hybrid pvid vlan 10 ----------------------- port hybrid tagged vlan 10 20
配置接口为hybrid模式 以untagged方式通过接口 或者 以tagged方式通过接口
mac-vlan enable
接口视图下MACvlan功能打开
dis vlan
查看配置的VLAN信息
mac-vlan
vlan视图下
mac-vlan mac-address ffff-ffff-ffff
绑定MAC与vlan
dis mac-vlan{mac-address{all|vlan}
查看MACvlan
vlanif接口
[SW1]interface Vlanif 10 [SW1-Vlanif10]ip address 192.168.10.254 24
对接路由设备
创建子接口
[R1]interface GigabitEthernet0/0/1.10 [R1-GigabitEthernet0/0/1.10]dot1q termination vid 10 [R1-GigabitEthernet0/0/1.10]ip address 192.168.10.254 24 [R1-GigabitEthernet0/0/1.10]arp broadcast enable
链路聚合
[SW1] interface eth-trunk 1 [SW1-Eth-Trunk1] mode lacp [SW1-Eth-Trunk1] max active-linknumber 2 [SW1-Eth-Trunk1] trunkport gigabitethernet 0/0/1 to 0/0/3 [SW1-Eth-Trunk1] port link-type trunk [SW1-Eth-Trunk1] port trunk allow-pass vlan 10 20 [SW1-Eth-Trunk1] quit [SW1] lacp priority 30000 display eth-trunk 1
[Huawei] interface eth-trunk trunk-id
创建聚合组
[Huawei-Eth-Trunk1] mode {lacp | manual load-balance
配置链路聚合模式
[Huawei-GigabitEthernet0/0/1] eth-trunk trunk-id
将接口加入链路聚合组中以太接口视图
[Huawei-Eth-Trunk1] trunkport interface-type { interface-number}
将接口加入链路聚合组中eth-trunk视图
[Huawei-Eth-Trunk1] mixed-rate link enable
使能不同速率端口加入同一eth-trunk接口的功能 缺省情况下,设备未使能,一般均同速率
[Huawei] lacp priority priority
配置系统LACP优先级
[Huawei-GigabitEthernet0/0/1] lacp priority priority
配置接口LACP优先级接口LACP优先级值越小,优先级越高。
[Huawei-Eth-Trunk1] max active-linknumber {number
配置最大活动接口数
[Huawei-Eth-Trunk1] least active-linknumber {number
配置最小活动接口数
子主题
三层链路聚合
[RouterA] interface eth-trunk 1 [RouterA-Eth-Trunk1] undo portswitch [RouterA-Eth-Trunk1] ip address 10.1.1.1 24 [RouterA-Eth-Trunk1] quit [RouterA] interface ethernet 1/0/0 [RouterA-Ethernet1/0/0] eth-trunk 1 [RouterA-Ethernet1/0/0] quit
端口组
sys port-group 1 group-member gi0/0/1 to gi0/0/10
端口隔离
sys port-isolate mode{l2|all}可选 interface gi0/0/1 am isolate
配置端口的单向隔离
sys interface gi0/0/1 port-isolate enable[group group-id]
配置端口隔离组
接口二三层切换
sys interface gigabitethernet0/0/1 undo portswitch
工作在三层模式的以太网接口支持配置IP地址。只有从二层模式切换到三层模式的以太网接口,支持通过portswitch命令切换回二层模式,其他三层以太网接口不支持切换到二层模式
MAC地址漂移检测
路由
华为定义的路由优先级: Direct:0 OSPF:10 IS-IS:15 Static:60 OSPF ASE:150 OSPF NSSA:150 IBGP:255 EBGP:255
静态路由
[Huawei] ip route-static ip-address { mask | mask-length } nexthop-address
关联下一跳
[Huawei] ip route-static ip-address { mask | mask-length } interface-type interface-number
关联出接口
[Huawei] ip route-static ip-address { mask | mask-length } interface-type interface-number [ nexthop-address
关联出接口和下一跳
[RTA] ip route-static 0.0.0.0 0 10.0.0.2
缺省路由
[RTB] ip route-static 10.1.0.0 16 0 NULL0
为防止环路;在本设备上发现有到本设备的路由进入黑洞 在路由汇总的时候使用,例中10.1.0.0 16是本设备下的源网段
浮动路由
动态路由
OSPF
查看
[R1]display ospf peer
OSPF邻居关系
[R1]display ospf lsdb
Type标识LSA的类型,AdvRouter标识发送LSA的路由器
[R1]display ospf routing
包含Destination、Cost和NextHop等指导转发的信息
[R2]display ospf interface all
<R1>display ospf lsdb router self-originate
<R2>display ospf lsdb router self-originate
router lsa描述transnet
<R2>display ospf lsdb network self-originate
network lsa描述MA网络
<R2>display ospf lsdb summary 192.168.1.0
网络类型
ospf network { p2p | p2mp | broadcast | nbma }
七类LSA分解
路由器LSA (Router LSA
每个设备都会产生,描述了设备的链路状态和开销,该LSA只能在接口所属的区域内泛洪
网络LSA (Network LSA)
由DR产生,描述该DR所接入的MA网络中所有与之形成邻接关系的路由器,以及DR自己。该LSA只能在接口所属区域内泛洪
网络汇总LSA (Network Summary LSA
由ABR产生,描述区域内某个网段的路由,该类LSA主要用于区域间路由的传递
ASBR汇总LSA (ASBR Summary LSA)
由ABR产生,描述到ASBR的路由,通告给除ASBR所在区域的其他相关区域
AS外部LSA (AS External LSA
由ASBR产生,用于描述到达OSPF域外的路由
非完全末梢区域LSA (NSSA LSA)
由ASBR产生,用于描述到达OSPF域外的路由。NSSA LSA与AS外部LSA功能类似,但是泛洪范围不同。NSSA LSA只能在始发的NSSA内泛洪,并且不能直接进入Area0。NSSA的ABR会将7类LSA转换成5类LSA注入到Area0
一般配置
[Huawei] ospf [ process-id | Router ID Router ID ]
启动OSPF进程,进入OSPF视图
[Huawei-ospf-1] area area-id
创建并进入OSPF区域视图
[Huawei-ospf-1-area-0.0.0.0] network network-address wildcard-mask
在OSPF区域中使能OSPF
[Huawei-GigabitEthernet1/0/0] ospf enable process-id area area-id
接口视图下使能OSPF
[Huawei-GigabitEthernet1/0/0] ospf dr-priority priority
接口视图下:设置选举DR时的优先级
[Huawei-GigabitEthernet1/0/0] ospf timer Hello interval
接口视图下:设置Hello报文发送的时间间隔
[Huawei-GigabitEthernet1/0/0] ospf network-type { broadcast | nbma | p2mp | p2p}
接口视图下:设置网络类型
[R2]ospf 1 router-id 10.0.2.2 [R2-ospf-1]area 0.0.0.0 [R2-ospf-1-area-0.0.0.0] network 10.0.12.0 0.0.0.255 [R2-ospf-1-area-0.0.0.0] network 10.0.24.2 0.0.0.0 [R2-ospf-1-area-0.0.0.0] network 10.0.35.2 0.0.0.0
V-LINK
[R2-ospf-1]ospf 1
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]vlink-peer 10.0.3.3
路由汇总
ospf 1
asbr-summary 172.17.0.0 255.255.248.0
Silent-Interface
Silent-Interface有以下特性: Silent-Interface不会接收和发送OSPF报文。 Silent-Interface的直连路由仍可以发布出去
[R1]ospf
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[R1-ospf-1]silent-interface GigabitEthernet 0/0/1
OSPF报文认证
区域认证方式:一个OSPF区域中所有的路由器在该区域下的认证模式和口令必须一致。 接口认证方式:相邻路由器直连接口下的认证模式和口令必须一致
OSPF报文认证
[R2]interface GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher Huawei
执行命令authentication-mode simple [ plain plain-text | [ cipher ] cipher-text ],配置OSPF区域的认证模式。 plain表示明文口令类型。 cipher表示密文口令类型。对于MD5/HMAC-MD5认证模式,当此参数缺省时,默认为cipher类型
子主题
ISIS
开销值
IS-IS使用Cost(开销)作为路由度量值,Cost值越小,则路径越优
一条IS-IS路径的Cost等于本路由器到达目标网段沿途的所有链路的Cost总和
IS-IS有三种方式来确定接口的开销,按照优先级由高到低分别是:
接口开销:为单个接口设置开销。
全局开销:为所有接口设置开销。
自动计算开销:根据接口带宽自动计算开销
system id
router id
10.0.1.1
010.000.001.001
0100.0000.1001
49.0001.0100.0000.1001.NET
基本配置
[Huawei] isis [process-id ]
创建IS-IS进程,进入IS-IS进程
[Huawei-isis-1] network-entity net
配置网络实体名称(NET)
[Huawei-isis-1] is-level { level-1 | level-1-2 | level-2 }
配置全局Level级别
[Huawei]interface interface-type interface-number
进入接口视图
[Huawei-GigabitEthernet0/0/1] isis enable [ process-id ]
在接口上使能IS-IS协议
[Huawei-GigabitEthernet0/0/1] isis circuit-level [ level-1 | level-1-2 | level-2 ]
配置接口Level级别
[Huawei-GigabitEthernet0/0/1]isis circuit-type p2p
设置接口的网络类型为P2P
[Huawei-GigabitEthernet0/0/1] undo isis circuit-type
恢复接口的缺省网络类型
[Huawei-GigabitEthernet0/0/1] isis dis-priority priority [ level-1 | level-2
修改接口的DIS优先级
[R1] isis 1 [R1-isis-1] is-level level-1 [R1-isis-1] network-entity 49.0001.0010.0100.1001.00 [R1-isis-1] quit [R1] interface gigabitethernet 0/0/0 [R1-GigabitEthernet0/0/0] isis enable 1 [R1-GigabitEthernet0/0/0] interface gigabitethernet 0/0/1 [R1-GigabitEthernet0/0/1] isis enable 1
查看
<R4> display isis peer
<R1> display isis route
路由渗透
[R2] ip ip-prefix 1 permit 192.168.10.0 24 [R2] isis 1 [R2-isis-1] import-route isis level-2 into level-1 filter-policy ip-prefix 1
把不同ISI区域里存在的一条路由引入到本区域内来
<R1> display ip routing-table protocol isis
查看是否新增了明细路由
ISIS认证
[Huawei-isis-1] area-authentication-mode { { simple | md5 } { plain plain-text | [ cipher ] plain-cipher-text } keychain keychain-name | hmac-sha256 key-id key-id } [ snp-packet { authentication-avoid | send-only } | all-send-only ]
配置IS-IS区域认证
[Huawei-isis-1] domain-authentication-mode { { simple | md5 } { plain plain-text | [ cipher ] plain-cipher-text } keychain keychain-name | hmac-sha256 key-id key-id } [ snp-packet { authentication-avoid | send-only } | all-send-only ]
配置IS-IS路由域认证
[Huawei-GigabitEthernet0/0/0] isis authentication-mode [keychain | md5 | simple ] [ level-1 | level-2 ] [ ip | osi ] [ send-only ]
配置IS-IS接口认证
例
[R1] interface GigabitEthernet0/0/0
[R1-GigabitEthernet0/0/0] isis authentication-mode simple cipher huawei
BGP
引入外部路由
[Huawei-ospf-100] import-route { bgp | direct | static | isis [ process-id-isis ] | ospf [ process-id-ospf ]}
import-route direct
将路由表中所有直连路由引入到动态路由协议
import-route static
将路由表中所有静态路由引入到动态路由协议
import-route isis 1
将路由表中的所有IS-IS路由引入到动态路由协议
PPPoE
server
# sysname Router # ip pool pool1 gateway-list 192.168.10.1 network 192.168.10.0 mask 255.255.255.0 # aaa authentication-scheme system_a authorization-scheme system_a domain system authentication-scheme system_a authorization-scheme system_a local-user user1@system password cipher %^%#9T`|L}K(4#J3k=+I8SiJrsM:RO[iy@Uuc:LTQJ,1%^%# local-user user1@system privilege level 0 local-user user1@system service-type ppp # interface Virtual-Template1 ppp authentication-mode chap domain system remote address pool pool1 ppp keepalive retry-times 2 ppp ipcp dns 10.10.10.10 10.10.10.11 timer hold 30 ip address 192.168.10.1 255.255.255.0 # interface GigabitEthernet1/0/0 pppoe-server bind Virtual-Template 1 # return
cl
# sysname Router # acl number 3002 rule 5 permit ip source 192.168.10.0 0.0.0.255 # interface Dialer1 link-protocol ppp ppp chap user user1@system ppp chap password cipher %^%#LHG2'Q8n%8NSLn'4-i'Z18)-%eT"v*||t1Mh;NbH%^%# ip address ppp-negotiate dialer user user2 dialer bundle 1 nat outbound 3002 # interface GigabitEthernet2/0/0 pppoe-client dial-bundle-number 1 # ip route-static 0.0.0.0 0.0.0.0 Dialer1 # return
综合配置客户端举例
# sysname Router # acl number 3002 rule 5 permit ip source 192.168.10.0 0.0.0.255 # interface Dialer1 link-protocol ppp ppp chap user user1@system ppp chap password cipher %^%#R=>NT8A-8KmWU38WOZq(s%MsRSg>3,}l9b%K.%!S%^%# ip address ppp-negotiate dialer user user2 dialer bundle 1 dialer number 1 autodial nat outbound 3002 # interface Dialer2 link-protocol ppp ppp chap user user1@system ppp chap password cipher %^%#$`GP<&RG`A@+F/'fP)xY84g7V/%g-Oahd"*"r/'Z%^%# ip address ppp-negotiate dialer user user2 dialer bundle 2 nat outbound 3002 # interface GigabitEthernet2/0/0 pppoe-client dial-bundle-number 1 # interface GigabitEthernet3/0/0 pppoe-client dial-bundle-number 2 # ip route-static 0.0.0.0 0.0.0.0 Dialer1 ip route-static 0.0.0.0 0.0.0.0 Dialer2 preference 100 # return
华为设备