總結一些常用的實驗基礎配置命令,有助於在做項目時快速想起相關配置的命令。
總結以下:
IS-IS協議、BGP協議、OSPF協議、靜態路由協議、STP協議、GVRP協議、Telnet協議、RIP協議、RIP與BFD聯動、DHCP及中繼代理、NAT ACL VRRP、配置和實施Eth-Trunk、GRE 虛擬局域網 配置、IPSec 虛擬局域網 配置、策略路由配置、VLAN以及VLAN間的三層通信、視圖。
文章目錄
拓撲
IS-IS協議
[AR-2]isis---------------------------------系統模式下開啓本設備的IS-IS進程,默認進程1
[AR-2-isis-1]is-level level-1--------------修改本設備所有宣告進對IS-IS協議支持模式爲L -1級別(默認爲L 1/2級別)
[AR-2-isis-1]network-entity 49.0001.0000.0000.0001.00
[AR-2-GigabitEthernet0/0/0]isis enable 1
BGP協議
[AR-1]bgp 65009------------------------------------------------啓動BGP,指定本地AS編號,並進入bgp視圖
[AR-1-bgp]router-id 1.1.1.1------------------------------------配置BGP的router-id
[AR-1-bgp]peer 12.1.1.2 as-number 65009------------------------創建IBGP鄰居關係
[AR-1-bgp]ipv4-family unicast----------------------------------進入IPV4地址族視圖
[AR-1-bgp-af-ipv4]network 12.1.1.0 255.255.255.0---------------宣告網絡
[AR-1-bgp-af-ipv4]import-route direc---------------------------引入直連路由
OSPF協議
[AR-2]ospf 1 router-id 2.2.2.2-------------------------啓用OSPF,指定router-id爲2.2.2.2
[AR-2-ospf-1]area 1------------------------------------進入區域1
[AR-2-ospf-1-area-0.0.0.0]network 23.1.1.2 0.0.0.0-----宣告接口23.1.1.2
靜態路由協議
[AR-2]ip route-static 192.168.1.0 24 12.1.1.1------配置靜態路由,到達目標網絡192.168.1.0/24下一跳爲12.1.1.1
STP協議
[LSW-1]stp enable---------------啓用stp協議
[LSW-1]stp mode stp-------------設置生成樹協議爲stp
GVRP協議
[LSW-1]gvrp---------------------------------------------------------全局啓用GVRP協議
[LSW-1]int g0/0/1
[LSW-1-GigabitEthernet0/0/1]gvrp------------------------------------接口啓用GVRP協議
[LSW-1-GigabitEthernet0/0/1]gvrp registration normal---------------設置GVRP工作模式normal
Telnet協議
[AR-1-aaa]local-user HCIE service-type telnet----------------設置該用戶的接入類型爲Telnet
[AR-1]int g0/0/0
[AR-1-GigabitEthernet0/0/0]ip address 12.1.1.1 24------------配置IPv4地址
[AR-1]aaa----------------------------------------------------進入aaa視圖
[AR-1-aaa]local-user HCIE password cipher 1008611
Info: Add a new user.
[AR-1-aaa]local-user HCIE privilege level 3------------------權限級別設置爲3級
[AR-1]user-interface vty 0 4
[AR-1-ui-vty0-4]authentication-mode aaa----------------------驗證模式改成aaa
RIP協議
[AR-1]rip---------------------------進入rip視圖
[AR-1-rip-1]network 12.0.0.0--------宣告12.0.0.0網絡
[AR-1-rip-1]net 192.168.1.0
[AR-1-rip-1]version 2---------------配置Ripv2版本
[AR-1-rip-1]undo summary------------關閉自動彙總
RIP與BFD聯動
[AR-2]bfd----------------------------------全局模式下開啓bfd
[AR-2-bfd]rip 1----------------------------進入rip進程,將bfd與rip聯動在一起
[AR-2-rip-1]bfd all-interfaces enable------設置所有運行rip的接口都開啓bfd
[AR-2-rip-1]bfd all-interfaces min-rx-interval 100 min-tx-interval 100 detect-multiplier 10
DHCP及中繼代理
[DHCP]dhcp enable
[DHCP]ip pool department1---------------------------------------新增地址池名稱爲 department1
[DHCP-ip-pool-department1]net 12.1.1.0 mask 26
[DHCP-ip-pool-department1]gateway-list 12.1.1.------------------網關地址
[DHCP-ip-pool-department1]dns-list 202.1.1.1 8.8.8.8------------dns 地址
[DHCP-ip-pool-department1]domain-name hostyd.club---------------配置域名爲hostyd.club
[DHCP-ip-pool-department1]lease day 3 hour 6 minute 30
[DHCP]int g0/0/0
[DHCP-GigabitEthernet0/0/0]dhcp select global
[DHCP]int g0/0/0
[DHCP-GigabitEthernet0/0/0]dhcp select relay
[DHCP-GigabitEthernet0/0/0]dhcp relay server-ip 12.1.1.1
NAT ACL VRRP
[AR-1]acl 200--------------------------------------------------建立訪問控制列表,編號2001,屬於基本的訪問控制列表
[AR-1-acl-basic-2001]rule permit source 192.168.1.0 0.0.0.255-建立一條規則允許源IP爲192.168.1.0 的數據包通過
[AR-1-acl-basic-2001]rule deny source any----------------------拒絕所有的規則,
[AR-1-acl-basic-2001]nat address-group 1 12.1.1.1 12.1.1.5
[AR-1]int g0/0/0
[AR-1-GigabitEthernet0/0/0]nat outbound 2001 address-group 1---路由器AR1的g0/0/0出接口方向上做一個端口nat,採用編號爲2001的acl訪問控制列表中的規則
[AR-1]acl 2010---------------------------------------------------創建ACL 2010
[AR-1-acl-basic-2010]rule permit source 192.168.1.1 0------------配置規則允許源IP地址192.168.1.1的主機
[AR-1-acl-basic-2010]quit
[AR-1]user-interface vty 0 4-------------------------------------vty 是虛擬窗口
[AR-1-ui-vty0-4]acl 2000 inbound
[AR-1-ui-vty0-4]int g0/0/0
[AR-1-GigabitEthernet0/0/0]traffic-filter outbound acl 2010
[AR-1]time-range satime 8:00 to 20:00 daily---------------------------配置每天8:00至20:00的週期時間段satime
[AR-1]time-range satime from 8:00 2020/04/04 to 20:00 2021/04/04------配置絕對時間
[AR-1]int Vlanif 10
[AR-1-Vlanif10]traffic-filter inbound acl 3001-----------------------在接口應用ACL 3001
[AR-2]int g0/0/0
[AR-2-GigabitEthernet0/0/0]undo vrrp vrid 1 virtual-ip 12.1.1.1----------------創建vrrp虛擬組,虛擬ip爲12.1.1.1
[AR-2-GigabitEthernet0/0/0]vrrp vrid 1 priority 150----------------------------配置優先級爲150(默認是100)
[AR-2-GigabitEthernet0/0/0]vrrp vrid 1 preempt-mode timer delay 2-------------在故障恢復後,延遲2s進行搶佔回主設備
[AR-2-GigabitEthernet0/0/0]vrrp vrid 1 track interface g0/0/1 reduced 30-------跟蹤G0/0/0端口,如果G0/0/1端口down,優先級自動減30
配置和實施Eth-Trunk
[AR-1]int g0/0/0.10
[AR-1-GigabitEthernet0/0/0.10]ip address 172.16.0.1 24
[AR-1-GigabitEthernet0/0/0.10]dot1q termination vid 10--封裝dot1q協議,該子接口對應vlan10
[AR-1-GigabitEthernet0/0/0.10]arp broadcast enable------開啓子接口的ARP廣播
[AR-2]interface Eth-Trunk 1
[AR-2-Eth-Trunk1]mode manual load-balance-------------模式爲手工負載分擔, mode lacp-static是靜態LACP模式
[AR-2-Eth-Trunk1]trunkport GigabitEthernet 0/0/0 to 0/0/3
GRE 虛擬局域網 配置
[AR-1]int Tunnel 0/0/0---------------------------------定義隧道接口
[AR-1-Tunnel0/0/0]ip address 172.16.1.1 24-------------配置隧道端口IP地址
[AR-1-Tunnel0/0/0]tunnel-protocol gre------------------tunnel協議爲GRE
[AR-1-Tunnel0/0/0]source g0/0/1------------------------隧道源端口
[AR-1-Tunnel0/0/0]description 172.16.1.2---------------隧道目的地址
[AR-1]ip route-static 192.168.1.0 255.255.255.0 Tunnel 0/0/0
IPSec 虛擬局域網 配置
[AR-2]ike proposal 5-------------------------------------------創建IKE提議
[AR-2-ike-proposal-5]encryption-algorithm aes-cbc-128----------IKE提議使用的加密算法aes-cbc-128
[AR-2-ike-proposal-5]authentication-algorithm sha1-------------IKE提議使用的驗證算法aes-cbc-128
[AR-2-ike-proposal-5]dh group14--------------------------------使用DH交換組14
[AR-2-ike-proposal-5]quit
AR-2]ike peer spub v1
[AR-2-ike-peer-spub]ike-proposal 5
[AR-2-ike-peer-spub]pre-shared-key simple huawei---------------域共享祕鑰爲huawei
[AR-2-ike-peer-spub]remote-address 172.16.1.1--------------------隧道對端地址爲172.16.1.1
[AR-2-ike-peer-spub]quit
[AR-2]ipsec proposal tran1-------------------------------------------創建IPSec安全提議tran1
[AR-2-ipsec-proposal-tran1]esp authentication-algorithm sha2-256-----使用ESP驗證算法sha2-256
[AR-2-ipsec-proposal-tran1]esp encryption-algorithm aes-128---------使用ESP加密算法sha2-256
[AR-2]ipsec policy use1 10 isakmp------------------------------------創建IPSEC策略use1,使用IKE協商SA
[AR-2-ipsec-policy-isakmp-use1-10]ike-peer spub
[AR-2-ipsec-policy-isakmp-use1-10]proposal tran1
[AR-2-ipsec-policy-isakmp-use1-10]security acl 3000
策略路由配置
[AR-1]traffic classifier 1----------------------------------創建流分類 1
[AR-1-classifier-1]if-match acl 2000------------------------匹配ACL2015的流量
[AR-1]traffic behavior 2-----------------------------------創建流行爲 2
[AR-1-behavior-2]redirect ip-nexthop 12.1.1.1---------------配置重定向,下一跳爲12.1.1.1
[AR-1]traffic policy 3--------------------------------------創建流策略 3
[AR-1-trafficpolicy-3]classifier 1 behavior 2---------------流分類 1關聯流行爲2
[AR-1-GigabitEthernet0/0/0]traffic-policy 3 inbound---------在接口上應用流策略
VLAN以及VLAN間的三層通信
[LSW-1]vlan 10
[LSW-1]vlan batch 10 20 30
[LSW-1]int g0/0/2
[LSW-1-GigabitEthernet0/0/2]port link-type access-----------------接口類型爲access
[LSW-1-GigabitEthernet0/0/2]port default vlan 10-----------------將接口加入VLAN10
[LSW-1-GigabitEthernet0/0/1]port link-type trunk------------------配置上聯接口類型trunk
[LSW-1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10---------允許vlan 10通過
[LSW-1-GigabitEthernet0/0/3]port link-type hybrid-----------------接口類型爲hybrid
[LSW-1-GigabitEthernet0/0/3]port hybrid pvid vlan 10--------------接口的pvid 爲vlan 10
[LSW-1-GigabitEthernet0/0/3]port hybrid untagged vlan 10 30-------接口的untgged vlan 10 30
[AR-1]interface vlanif 10-----------------------------------------進入vlan10的三層接口
[AR-1-Vlanif10]ip address 12.1.1.1 24-----------------------------設置ip地址
視圖
<AR-1>save---------------------保存配置
<AR-1>--------------------------用戶視圖
<Huawei>system-view----------進入系統視圖
[AR-1]int g0/0/0--------------進入接口視圖
[LSW-1]quit-------------------退回上個視圖
[AR-1]rip----------------------路由協議視圖
[Huawei]sysname AR-1------修改設備系統名字爲AR-1
[LSW-1-GigabitEthernet0/0/3]display this------------查看當前接口、模式下的配置
[AR-1]display ip interface brief--------------------查看接口的描述信息
本人所有文章都受版權保護,著作權歸藝博東所有!未經授權,轉載必究或附上其原創鏈接。