文件系统VRP
<huawei>dir flash: ---显示磁盘文件<huawei>copy flash:/vrpcfg.zip vrpcfg.zip ---复制文件<huawei>rename vrpcfg.zip a.zip ---重命名文件<huawei>move a.zip flash:/ ---移动文件<huawei>pwd ---查看当前位置<huawei>dir /all ---查看所有<huawei>delete a.zip ---删除文件<huawei>undelete ---恢复删除的文件<huawei>reset recycle-bin ---彻底删除回收站中文件 <Huawei>display startup ---系统启动文件查询<Huawei>startup saved-configuration flash:/vrpcfg.zip ---设置下次启动从vrpcfg.zip 文件中启动<Huawei>compare configuration ---比较当前配置和保存的配置<huawei>fixdisk flash:<huawei>format ---格式化<huawei><huawei><huawei><huawei><huawei>ftp、tftp备份配置-----练习
路由器配置ftp[huawei]ftp server enable[huawei]aaa[huawei-aaa]local-user AR password cipher huawei[huawei-aaa]local-user AR ftp-directory flash:/a[huawei-aaa]local-user AR service-type ftp[huawei-aaa]local-user AR privilege level 15windows端运行CMD输入 ftp 10.1.1.1 登入路由器ftp[huawei][huawei][huawei]恢复出厂设置
<huawei>delete flash:/vrpcfg.zip<huawei>reset saved-configuration<huawei> 快捷键<huawei>system-view (sys) ---进入系统视图[huawei]quit --退出[huawei-GigabitEthernet0/0/0]return (Ctrl+Z) ---直接退出到用户视图 Ctrl+A ---光标放到命令行最前端 显示信息命令<Huawei>
<Huawei><Huawei>display saved-configuration ---显示当前配置[huawei]display history-command ---查看历史命令[huawei]display user ---查看当前在线用户[huawei]display ssh user-information ---显示ssh用户信息[huawei]display rsa local-user-pair public ---查看电子证书[huawei]display ssh ser status ---显示ssh服务状态路由信息显示[huawei]display ip routing-table 192.168.1.0 verbose ---显示192.168.1.0路由表详细信息[huawei]display ip routing-table ---查看路由表[huawei]display fib ---查看FIB表[huawei]display this ---查看当前接口下信息[huawei]display user-interface ---查看用户接口信息[huawei]display current-configuration (dis cur) ---显示当前配置[huawei]display ip interface briref ---查看接口信息[huawei]display mac-address ---显示mac地址表[huawei]display port vlan ---查看端口属于哪个vlan[huawei]display stp brief ---查看生成树[huawei]display gvrp status ---查看gvrp状态[huawei]display gvrp statistics ---查看gvrp详细信息[huawei][huawei][huawei][huawei][huawei][huawei]路由优先级
路由协议 外部优先级DIRECT 0OSPF 10IS-IS 15STATIC 60RIP 100OSPF ASE 150IBGP 255EBGP 255Untrustworthy 255静态路由的下一跳
点对点链路:至少写上出接口;但也可以写上下一跳IP地址。以太网链路:至少写上下一跳IP地址;也可以写上出接口。下一跳IP地址可以不直连,但这样会发生递归。配置交换机&路由器命令
[huawei]interface g0/0/0 ---进入接口模式[huawei-g0/0/0]ip address 10.1.1.1 24 ---配置IP地址[huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 ---设置静态默认路由[huawei]ip route-static 1.1.1.0 255.255.255.0 s0/0/0 1.1.3.1 ---设置静态路由 (优先级是60)[huawei]undo ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 ---删除静态默认路由[huawei]负载分担(需求:两台路由器连接,双网线串联。路由备份) [huawei]ip route-static 192.168.1.0 255.255.255.0 10.0.12.1[huawei]ip route-static 192.168.1.0 255.255.255.0 20.0.12.1 preference 100[huawei]hybrid模式[huawei-g0/0/0]port hybrid unttagged vlan 10 #去掉标签[huawei-g0/0/0]port link-type hybrid ---设置成hybrid[huawei-g0/0/0]port hybrid tagged 10 ---打标签GARP:通过在交换机之间交互GARP报文来注册、注销、和传播交换机的属性。[huawei]gvrp[huawei-g0/0/0]gvrp[huawei-g0/0/0]gvrp registration fixed[huawei-g0/0/0][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei]端口安全
[huawei]interface GigabitEthernet 0/0/0 ---接口视图[huawei-Ethernet0/0/0]ip address x.x.x.x 空格掩码位 ---配置IP地址[huawei-Ethernet0/0/0]port-security enable ---开启端口安全[huawei-Ethernet0/0/0]undo port-security ---关闭端口安全[huawei-Ethernet0/0/0]port-security max-mac-num 1 ---设置最大mac地址数量为 1[huawei-Ethernet0/0/0]port-security protect-action shutdown ---配置保护模式 若大于1 端口down[huawei-Ethernet0/0/0]port-security mac-address sticky ---该端口下若有两个mac,以后只能允许该mac访问[huawei-Ethernet0/0/0]port-security mac-address sticky xxx.xxx.xxx vlan 1 ---绑定mac地址[huawei-Ethernet0/0/0]
[huawei-Ethernet0/0/0][huawei-Ethernet0/0/0][huawei-Ethernet0/0/0][huawei-Ethernet0/0/0][huawei-Ethernet0/0/0][huawei-Ethernet0/0/0][huawei-Ethernet0/0/0]VLAN配置
[huawei]vlan 10 ---创建vlan10[huawei]vlan batch 2 to 10 ---创建 2 到 10 VLAN[huawei-vlan10]description student ---描述VLAN[huawei-Ethernet0/0/0]port link-type access ---设置access模式[huawei-Ethernet0/0/0]port link-type trunk ---设置trunk模式[huawei-Ethernet0/0/0]port trunk allow-pass vlan 2 3 ---允许VLAN2 VLAN3 通过[huawei-Ethernet0/0/0]port trunk allow-pass vlan all ---允许所有VLAN通过[huawei-Ethernet0/0/0]port trunk pvid vlan 1 ---trunk PVID必须相同 (相当于nativeVlan)[huawei-Ethernet0/0/0]port default vlan 3 ---加入到VLAN3基于MAC划分VLAN
[huawei-vlan10]mac-vlan mac-address xxx.xxx.xxx priority ---绑定电脑mac地址[huawei-vlan10][huawei-Ethernet0/0/0]mac-vlan enable[huawei-Ethernet0/0/0]vlan precedence mac-vlan[huawei-Ethernet0/0/0]port hybrid unttaggedSTP生成树
[huawei]stp enable ---开启stp[huawei]stp mode stp ---配置stp模式[huawei]stp root primary[huawei-ethernet0/0/0]bpdu enable[huawei]display stp ---查看stp生成树信息[huawei]stp priority 4096 ---更改stp优先级[huawei]display stp brief ---查看stp端口信息[huawei]stp timer mac-age 1900 ---更改stp最大超时时间[huawei]stp root secondary ---指定端口[huawei]stp cost 100 ---更改stp cost值生成树选举规则:1.比较根桥ID,越小越好 2.比较到根桥的路径成本 cost值 3.比较BPDU发送者的桥ID 4.比较BPDU发送者的端口IDRSTP快速生成树
[huawei]stp mode rstp ---开启快速生成树[huawei-Ethernet0/0/0]stp edged-port enable ---开启边缘接口MSTP多生成树
[huawei]stp mode mstp ---开启多生成树[huawei]stp region-configuration[huawei-mst-region]region-name RegionA[huawei-mst-region]revision-level 1[huawei-mst-region]instance 1 vlan 2 ---加入vlan2[huawei-mst-region]instance 2 vlan 3 ---加入vlan3[huawei-mst-region]active region-configuration ---激活[huawei]stp instance 1 priority 4096 ---设置实例优先级[huawei]stp instance 2 priority 8192 ---设置实例优先级[huawei-Ethernet0/0/0]stp edged-port enable ---开启边缘接口[huawei-Ethernet0/0/0]stp point-to-point force-true ---点到点链路[huawei]stp max-hops 30 ---设置最大跳数,本地有效注:华为交换机默认选择MSTP生成树单臂路由实现VLAN间路由
交换机[huawei-Ethernet0/0/1]port link-type access[huawei-Ethernet0/0/1]port default vlan 10[huawei-Ethernet0/0/2]port link-type access[huawei-Ethernet0/0/2]port default vlan 20[huawei]interface g0/0/1[huawei-Ethernet0/0/1]port link-type trunk[huawei-Ethernet0/0/1]port trunk allow-pass vlan 10 20 路由器[huawei]interface g0/0/0.1[huawei-Ethernet0/0/0]dot1q termination vid 10[huawei-Ethernet0/0/0]ip address 192.168.10.1 24[huawei-Ethernet0/0/0]arp broadcast enable[huawei]interface g0/0/0.2[huawei-Ethernet0/0/0]dot1q termination vid 20[huawei-Ethernet0/0/0]ip address 192.168.20.1 24[huawei-Ethernet0/0/0]arp broadcast enableVLAN间路由--三层交换[huawei]interface vlanif 2[huawei-vlanif]ip address 192.168.1.1 24[huawei]interface vlanif 3[huawei-vlanif]ip address 192.168.2.1 24注:华为交换机 三层交换路由功能默认是开启的。VRRP
实验环境:路由器A ,路由器B,二层交换机[huaweiA]interface vlanif 100[huaweiA-Vlanif100]vrrp vrid 1 virtual-ip 10.1.1.1 #创建一个虚拟网关,两端必须是一样[huaweiA-Vlanif100]vrrp vrid 1 priority 120 #配置优先级,默认是100[huaweiA-Vlanif100]vrrp vrid 1 preempt-mode timer delay 20 #抢占,默认为0[huaweiA-Vlanif100]quit[huaweiB]interface vlanif 100[huaweiB-Vlanif100]vrrp vrid 1 virtual-ip 10.1.1.1 #创建一个虚拟网关[huaweiB-Vlanif100]vrrp vrid 1 priority 120 #配置优先级,默认是100[huaweiB-Vlanif100]vrrp vrid 1 preempt-mode timer delay 20 #抢占,默认为0[huaweiB-Vlanif100]quit[switch-Ethernet0/0/0]stp edged-port enable ---开启边缘接口[huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei]undo shutdown ---开启端口[huawei][huawei]interface loopback 1 ---创建环回接口 [huawei][huawei][huawei]display version ---查看系统版本[huawei]display tohat[huawei]sysname XXX ---更改设备命令[huawei]clock datetime 17:0:0 2016-9-20 [huawei]command-privilege level 3 view user save ---更改用户等级 《《Telnet 登录配置》》[huawei]user-interface vty 0 4 ---配置用户数量[huawei-ui-vty0-4]authentication-mode password ---配置密码[huawei-ui-vty0-4]user privilege level 3或15 ---配置用户等级[huawei-ui-vty0-4]authentication-mode aaa ---配置多用户模式[huawei]aaa ---进入aaa模式[huawei-aaa]local-user admin password cipher xxxx ---配置用户和密码[huawei-aaa]local-user admin privilege level 15 ---配置用户等级[huawei-aaa]local-user admin service-type telnet ---指定用户执行相关服务[huawei][huawei]user-interface maximum-vty 15 ---配置最大用户[huawei]ssh client first-time enable
[huawei]telnet server enable ---开启telnet服务《《console 登录配置》》
[huawei]user-interface console 0[huawei-ui-console0]authentication-mode password ---配置密码[huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei][huawei] vlan batch 2 to 3 ---建立2到3 两个vlan[Huawei][Huawei]dhcp enable ---开启DHCP服务[Huawei]undo dhcp enable ---关闭DHCP服务
----------课程学习-------
10、负载分担、路由备份 --学到 start49、交换机的端口安全