总结一些常用的实验基础配置命令,有助于在做项目时快速想起相关配置的命令。
总结以下:
IS-IS协议、BGP协议、OSPF协议、静态路由协议、STP协议、GVRP协议、Telnet协议、RIP协议、RIP与BFD联动、DHCP及中继代理、NAT ACL VRRP、配置和实施Eth-Trunk、GRE 虚拟局域网 配置、IPSec 虚拟局域网 配置、策略路由配置、VLAN以及VLAN间的三层通信、视图。
[AR-2]isis---------------------------------系统模式下开启本设备的IS-IS进程,默认进程1
[AR-2-isis-1]is-level level-1--------------修改本设备所有宣告进对IS-IS协议支持模式为L -1级别(默认为L 1/2级别)
[AR-2-isis-1]network-entity 49.0001.0000.0000.0001.00
[AR-2-GigabitEthernet0/0/0]isis enable 1
[AR-1]bgp 65009------------------------------------------------启动BGP,指定本地AS编号,并进入bgp视图
[AR-1-bgp]router-id 1.1.1.1------------------------------------配置BGP的router-id
[AR-1-bgp]peer 12.1.1.2 as-number 65009------------------------创建IBGP邻居关系
[AR-1-bgp]ipv4-family unicast----------------------------------进入IPV4地址族视图
[AR-1-bgp-af-ipv4]network 12.1.1.0 255.255.255.0---------------宣告网络
[AR-1-bgp-af-ipv4]import-route direc---------------------------引入直连路由
[AR-2]ospf 1 router-id 2.2.2.2-------------------------启用OSPF,指定router-id为2.2.2.2
[AR-2-ospf-1]area 1------------------------------------进入区域1
[AR-2-ospf-1-area-0.0.0.0]network 23.1.1.2 0.0.0.0-----宣告接口23.1.1.2
[AR-2]ip route-static 192.168.1.0 24 12.1.1.1------配置静态路由,到达目标网络192.168.1.0/24下一跳为12.1.1.1
[LSW-1]stp enable---------------启用stp协议
[LSW-1]stp mode stp-------------设置生成树协议为stp
[LSW-1]gvrp---------------------------------------------------------全局启用GVRP协议
[LSW-1]int g0/0/1
[LSW-1-GigabitEthernet0/0/1]gvrp------------------------------------接口启用GVRP协议
[LSW-1-GigabitEthernet0/0/1]gvrp registration normal---------------设置GVRP工作模式normal
[AR-1-aaa]local-user HCIE service-type telnet----------------设置该用户的接入类型为Telnet
[AR-1]int g0/0/0
[AR-1-GigabitEthernet0/0/0]ip address 12.1.1.1 24------------配置IPv4地址
[AR-1]aaa----------------------------------------------------进入aaa视图
[AR-1-aaa]local-user HCIE password cipher 1008611
Info: Add a new user.
[AR-1-aaa]local-user HCIE privilege level 3------------------权限级别设置为3级
[AR-1]user-interface vty 0 4
[AR-1-ui-vty0-4]authentication-mode aaa----------------------验证模式改成aaa
[AR-1]rip---------------------------进入rip视图
[AR-1-rip-1]network 12.0.0.0--------宣告12.0.0.0网络
[AR-1-rip-1]net 192.168.1.0
[AR-1-rip-1]version 2---------------配置Ripv2版本
[AR-1-rip-1]undo summary------------关闭自动汇总
[AR-2]bfd----------------------------------全局模式下开启bfd
[AR-2-bfd]rip 1----------------------------进入rip进程,将bfd与rip联动在一起
[AR-2-rip-1]bfd all-interfaces enable------设置所有运行rip的接口都开启bfd
[AR-2-rip-1]bfd all-interfaces min-rx-interval 100 min-tx-interval 100 detect-multiplier 10
[DHCP]dhcp enable
[DHCP]ip pool department1---------------------------------------新增地址池名称为 department1
[DHCP-ip-pool-department1]net 12.1.1.0 mask 26
[DHCP-ip-pool-department1]gateway-list 12.1.1.------------------网关地址
[DHCP-ip-pool-department1]dns-list 202.1.1.1 8.8.8.8------------dns 地址
[DHCP-ip-pool-department1]domain-name hostyd.club---------------配置域名为hostyd.club
[DHCP-ip-pool-department1]lease day 3 hour 6 minute 30
[DHCP]int g0/0/0
[DHCP-GigabitEthernet0/0/0]dhcp select global
[DHCP]int g0/0/0
[DHCP-GigabitEthernet0/0/0]dhcp select relay
[DHCP-GigabitEthernet0/0/0]dhcp relay server-ip 12.1.1.1
[AR-1]acl 200--------------------------------------------------建立访问控制列表,编号2001,属于基本的访问控制列表
[AR-1-acl-basic-2001]rule permit source 192.168.1.0 0.0.0.255-建立一条规则允许源IP为192.168.1.0 的数据包通过
[AR-1-acl-basic-2001]rule deny source any----------------------拒绝所有的规则,
[AR-1-acl-basic-2001]nat address-group 1 12.1.1.1 12.1.1.5
[AR-1]int g0/0/0
[AR-1-GigabitEthernet0/0/0]nat outbound 2001 address-group 1---路由器AR1的g0/0/0出接口方向上做一个端口nat,采用编号为2001的acl访问控制列表中的规则
[AR-1]acl 2010---------------------------------------------------创建ACL 2010
[AR-1-acl-basic-2010]rule permit source 192.168.1.1 0------------配置规则允许源IP地址192.168.1.1的主机
[AR-1-acl-basic-2010]quit
[AR-1]user-interface vty 0 4-------------------------------------vty 是虚拟窗口
[AR-1-ui-vty0-4]acl 2000 inbound
[AR-1-ui-vty0-4]int g0/0/0
[AR-1-GigabitEthernet0/0/0]traffic-filter outbound acl 2010
[AR-1]time-range satime 8:00 to 20:00 daily---------------------------配置每天8:00至20:00的周期时间段satime
[AR-1]time-range satime from 8:00 2020/04/04 to 20:00 2021/04/04------配置绝对时间
[AR-1]int Vlanif 10
[AR-1-Vlanif10]traffic-filter inbound acl 3001-----------------------在接口应用ACL 3001
[AR-2]int g0/0/0
[AR-2-GigabitEthernet0/0/0]undo vrrp vrid 1 virtual-ip 12.1.1.1----------------创建vrrp虚拟组,虚拟ip为12.1.1.1
[AR-2-GigabitEthernet0/0/0]vrrp vrid 1 priority 150----------------------------配置优先级为150(默认是100)
[AR-2-GigabitEthernet0/0/0]vrrp vrid 1 preempt-mode timer delay 2-------------在故障恢复后,延迟2s进行抢占回主设备
[AR-2-GigabitEthernet0/0/0]vrrp vrid 1 track interface g0/0/1 reduced 30-------跟踪G0/0/0端口,如果G0/0/1端口down,优先级自动减30
[AR-1]int g0/0/0.10
[AR-1-GigabitEthernet0/0/0.10]ip address 172.16.0.1 24
[AR-1-GigabitEthernet0/0/0.10]dot1q termination vid 10--封装dot1q协议,该子接口对应vlan10
[AR-1-GigabitEthernet0/0/0.10]arp broadcast enable------开启子接口的ARP广播
[AR-2]interface Eth-Trunk 1
[AR-2-Eth-Trunk1]mode manual load-balance-------------模式为手工负载分担, mode lacp-static是静态LACP模式
[AR-2-Eth-Trunk1]trunkport GigabitEthernet 0/0/0 to 0/0/3
[AR-1]int Tunnel 0/0/0---------------------------------定义隧道接口
[AR-1-Tunnel0/0/0]ip address 172.16.1.1 24-------------配置隧道端口IP地址
[AR-1-Tunnel0/0/0]tunnel-protocol gre------------------tunnel协议为GRE
[AR-1-Tunnel0/0/0]source g0/0/1------------------------隧道源端口
[AR-1-Tunnel0/0/0]description 172.16.1.2---------------隧道目的地址
[AR-1]ip route-static 192.168.1.0 255.255.255.0 Tunnel 0/0/0
[AR-2]ike proposal 5-------------------------------------------创建IKE提议
[AR-2-ike-proposal-5]encryption-algorithm aes-cbc-128----------IKE提议使用的加密算法aes-cbc-128
[AR-2-ike-proposal-5]authentication-algorithm sha1-------------IKE提议使用的验证算法aes-cbc-128
[AR-2-ike-proposal-5]dh group14--------------------------------使用DH交换组14
[AR-2-ike-proposal-5]quit
AR-2]ike peer spub v1
[AR-2-ike-peer-spub]ike-proposal 5
[AR-2-ike-peer-spub]pre-shared-key simple huawei---------------域共享秘钥为huawei
[AR-2-ike-peer-spub]remote-address 172.16.1.1--------------------隧道对端地址为172.16.1.1
[AR-2-ike-peer-spub]quit
[AR-2]ipsec proposal tran1-------------------------------------------创建IPSec安全提议tran1
[AR-2-ipsec-proposal-tran1]esp authentication-algorithm sha2-256-----使用ESP验证算法sha2-256
[AR-2-ipsec-proposal-tran1]esp encryption-algorithm aes-128---------使用ESP加密算法sha2-256
[AR-2]ipsec policy use1 10 isakmp------------------------------------创建IPSEC策略use1,使用IKE协商SA
[AR-2-ipsec-policy-isakmp-use1-10]ike-peer spub
[AR-2-ipsec-policy-isakmp-use1-10]proposal tran1
[AR-2-ipsec-policy-isakmp-use1-10]security acl 3000
[AR-1]traffic classifier 1----------------------------------创建流分类 1
[AR-1-classifier-1]if-match acl 2000------------------------匹配ACL2015的流量
[AR-1]traffic behavior 2-----------------------------------创建流行为 2
[AR-1-behavior-2]redirect ip-nexthop 12.1.1.1---------------配置重定向,下一跳为12.1.1.1
[AR-1]traffic policy 3--------------------------------------创建流策略 3
[AR-1-trafficpolicy-3]classifier 1 behavior 2---------------流分类 1关联流行为2
[AR-1-GigabitEthernet0/0/0]traffic-policy 3 inbound---------在接口上应用流策略
[LSW-1]vlan 10
[LSW-1]vlan batch 10 20 30
[LSW-1]int g0/0/2
[LSW-1-GigabitEthernet0/0/2]port link-type access-----------------接口类型为access
[LSW-1-GigabitEthernet0/0/2]port default vlan 10-----------------将接口加入VLAN10
[LSW-1-GigabitEthernet0/0/1]port link-type trunk------------------配置上联接口类型trunk
[LSW-1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10---------允许vlan 10通过
[LSW-1-GigabitEthernet0/0/3]port link-type hybrid-----------------接口类型为hybrid
[LSW-1-GigabitEthernet0/0/3]port hybrid pvid vlan 10--------------接口的pvid 为vlan 10
[LSW-1-GigabitEthernet0/0/3]port hybrid untagged vlan 10 30-------接口的untgged vlan 10 30
[AR-1]interface vlanif 10-----------------------------------------进入vlan10的三层接口
[AR-1-Vlanif10]ip address 12.1.1.1 24-----------------------------设置ip地址
save---------------------保存配置
--------------------------用户视图
system-view----------进入系统视图
[AR-1]int g0/0/0--------------进入接口视图
[LSW-1]quit-------------------退回上个视图
[AR-1]rip----------------------路由协议视图
[Huawei]sysname AR-1------修改设备系统名字为AR-1
[LSW-1-GigabitEthernet0/0/3]display this------------查看当前接口、模式下的配置
[AR-1]display ip interface brief--------------------查看接口的描述信息