(1)配置交换机的设备名称,管理vlan和telnet
//用户视图提示符
syster-view //进入系统视图
[HIUAWEI] sysname Switehl∥修改设备名称为SW1
[Switchl] vlan 5 //创建交换机管理 VLAN 5
[Switch1-VLAN5] management-vlan
[Switch1-VLAN5] quit
[Switchl] interface vlanif 5 //创建交换机管理VLAN的 VLANIF接口
[Switchl-vlanif5] ip address 10.10.1.1 24∥配置 VLANIF接口IP地址
[Switchl-vlanif5] quit
[Switchl] telnet server enable //Telnet默认是关闭的,需要打开
[Switchl] user-interface vty 0 4 ∥开启VTY线路模式
[Switchl-ui-vty0-4] protocol inbound telnet∥配 telnet置协议
[Switchl-ui-vty0-4] authentication-mode aaa //配置认证方式
[Switchl-ui-vty0-4]quit
[Switchl]aaa
[SwitchI-aaa] local-user admin password irreversible-cipher Hello@123 //配置用户名和密码,用户名不区分大小写,密码区分大小写
[Switchl-aaa] local-user admin privilege level 15∥将管理员的账号权限设置为15(最高)
[SwitchI-aaa]quit
[SwitchI ]quit
< Switchl>save
∥在用户视图下保存配置
(2)登录Telnet到交换机,出现用户视图提示符
C:\Documents and Settings\Administrator> telnet 10.10.1.1 //输入交换机管理IP
Login authentication
Usemame:admin //输入用户名和密码
Password:
Info: The max number of VTY users is 5, and the number
of current VTY users on line is 1.
The current login time is 2016-07-03 13: 33: 18+00:00.
∥用户视图命令行提示符
(3)配置交换机的接口,配置对象主要有接口隔离,速率,双工。
配置接口 GE1/0/1和GE1/0/2的端口隔离,实现二层数据隔离,三层数据互通。
< Switch1> system–view
[Switch1] port-isolate mode 12
[Switchl] interface gigabitethernet 1/0/1
[Switch1-GigabitEthernet1/0/1] port-isolate enable group 1
[Switch1-GigabitEthernet1/0/1] quit
[Switchl] interface gigabitethemet1/0/2
[Switch1-GigabitEthernet1/0/2] port-isolate enable group 1
[Switch1-GigabitEthernet1/0/2] quit
#配置以太网接口GE/0/1在自协商模式下协商速率为100Mb/
< Switch1> system-view
[Switchl] interface gigabitethernet 0/0/1
[Switch1-GigabitEthernet0/0/1] negotiation auto
[Switch1-GigabitEthernet0/0/1] auto speed 100
#配置以太网电接口GE0/0/1在自协商模式下双工模式为全双工模式
< SwitchI> system-view
[SwitchI] interface gigabitethernet 0/0/1
[Switch1-GigabitEthernet0/0/1] negotiation auto
(4)查看和配置MAC地址表,
display mac-address
#执行命令display interface vlanif5,显示 VLANIF接口的MAC地址
display interface vlanif 5
Vlanifs current state: DOWN
Line protocol current state: DOWN
Description:
Route Port, The Maximum Transmit Unit is 1500
Internet Address is 192.168.1.1/24
IP Sending Frames’ Format is PKTFMT ETHNT 2, Hardware address is 00e0-0987-
Current system time: 2016-07-03 13:33:09+08:00
Input bandwidth utilization:–
Output bandwidth utilization:–
#在MAC地址表中增加静态MAC地址表项,目的MAC地址为0001-0002-0003,vlan 5的报文,从接口 gigabitethernet0/0/5转发出去
[Switchl] mac-address static 0001-0002-0003 gigabitethernet 0/0/5 vlan 5
(5)#基于接口划分VLAN
system-view //进入交换机系统视图
[HUAWEI] sysname SwitchA //交换机命名
[SwitchA] vlan batch 2 //批量方式建立VLAN2
[SwitchA] interface gigabitethernet 0/0/1 //进入交换机接口视图
[SwitchA-GigabitEthernet0/0/1] port link-type access //配置接口类型
[SwitchA-GigabitEthernet0/0/1] port default vlan 2 //将接口加入VLAN2
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2 ∥在接口视图配置上联接口
[SwitchA-GigabitEthernet0/0/2] port link-type trunk //配置上联接口类型
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 //通过VLAN2
[SwitchA-GigabitEthernet0/0/2] quit
(6)#基于MAC地址划分VLAN
system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 2
[SwitchA] interface gigabitethernet 0/0/1 //在接口视图配置上联接口
[SwitchA-GigabitEthernet0/0/1] port link-type hybrid //配置上联接口类型
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 2 //通过VLAN2
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2 //进入交换机接口视图
[SwitchA-GigabitEthernet0/0/2] port link-type hybrid //配置接口类型
SwitchA-GigabitEthernet0/0/2] port hybrid untagged vlan2 //将接口加入vlan2
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA]vlan 2
[SwitchA-vlan2] mac-vlan mac-address 22-22-22 //PC的MAC地址与VLAN2关联
[SwitchA-vlan2] quit
[SwitchA] interface gigabitethemnet 0/0/2
[SwitchA-GigabitEthernet0/0/2] mac-vlan enable //基于MAC地址启用接口
[SwitchA-GigabitEthernet0/0/2] quit
(7)配置stp
system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp mode stp
配置根桥和备份根桥设备
#配置 Switcha为根桥
[Switcha] stp root primary
#配置 Switchb为备份根桥
[Switchb] stp root secondary
配置 Switcha的端口路径开销计算方法为华为计算方法, Switche、 Switch配置方法
[Switcha] stp pathcost-standard legacy
#配置 Switchc端口 Gigabitethernet0/0/1端口路径开销值为2000
[Switchc] stp pathcost-standard legacy
[switchc] interface gigabitethernet 0/0/1
[switchc-gigabitetherneto/0/1] stp cost 20000
[Switchc-gigabitethernet0/0/1] quit
启用STP,实现破除环路,将与PC机相连的端口设置为边缘端口并启用端口的文过滤功能
#配置 Switch端口 Gigabitetherner2为边缘端口并启用端口的BPDU报文过滤功能
[Switchb] interface gigarabitethemet0/02
[switchb-gigabitethereto/0/2] stp edged-port enable
[switchb-gigabitethemet0/0/2] stp bpdu-filter enable
[switchb-gigabite thereto/0/2] quit
#配置 Switchc端口 Gigabitethemet002为边缘端口并启用端口的BPDU报文过波功能
[SwitchC] interface glgabitethemet 0/0/2
[switchc-gigabitethemeto/0/2] stp edged- port enable
[switchc-gigabitethernet0/0/2] stp bpdu-filter enable
[switchc-gigabitethermeto/0/2] quit
设备全局启用STP,所有设备配置相同。
#设备 Switcha全局启用STP
[SwitchA]stp enable
检查配置结果
[SwitchA]display stp brief
查g0/0/1
[SwitchA]display stp interface gigabitethernet 0/0/1 brief
(8)配置SFTP
#配置SFTP服务器功能及参数
system-view
[Huawei] sysname SFTP Server
[FTP Server] rsa local-key-pair createThe key name will be: Host
RSA keys defined for Host already exist.
Confirm to replace them? (y/n)n]:y
The range of public key size is (512~2048).
NOTES: If the key modulus is less than 2048,
It will introduce potential security risks.
Input the bits in the modulus[default =2048]: 2048
Generating keys…
[SFTP Server] sftp server enable
#配置SSH用户登录的用户界面
[SFTP Server] user-interface vty 04
[SFTP Server-ui-vty0-4] authentication-mode aaa
[SFTP Server-ui-vty0-4] protocol inbound all
[SFTP Server-ui-vty0-4] user privilege level 15
[SFTP Server-ui-vty0-4] quit
#配置SSH用户
[SFTP Server] aaa
[SFTP Server-aaa] local-user user password
Please configure the login password(8-128)
It is recommended that the password consist of at least 2 types of characters, i
ncluding lowercase letters, uppercase letters, numerals and special characters
Please enter password:
Please confirm password:
[SFTP Server-aaa] local-user user privilege level 15
[SFTP Server-aaa] local-user user service-type ssh
[SFTP Server-aaa] local-user user ftp-directory flash:\autoconfig
[SFTP Server-aaa]quit
[SFTP Server]ssh user user authentication-type password
#配置SFTP服务器的IP地址
[SFTP Server] interface gigabitethernet
0/0/1
[SFTP Server-GigabitEthernet0/0/1] ip address 172.16.100.100 255.255.255.0
[SFTP Server-GigabitEthernet0/0/1] quit
#在SFTP服务器上配置缺省路由
[SFTP Server] ip route-static 0.0.0.0 0.0.0.0 172.16.100.1
步骤2:将配置文件、系统软件和补丁文件上传至SFTP服务器的工作目录hah
上(上传步骤略)
步骤3:配置DHCP服务器(以AR2220为例)
system-view
[Huawei] sysname DHCP Server
[DHCP Server] dhep enable
[DHCP Server] vlan 10
[DHCP Server-vlan10] quit
[DHCP Server] interface ethernet 1/0/1
DHCP Server-Ethernet1/0/1] port link-type hybrid
[DHCP Server-Ethernet1/0/1] port hybrid untagged vlan 10
[DHCP Server-Ethernet1/0/1] port hybrid pvid vlan 10
[DHCP Server-Ethernet1/0/1] quit
[DHCP Server] interface ethernet 1/0/2
[DHCP’Server-Ethernet1/0/2] port link-type hybrid
[DHCP Server-Ethernet1/0/2] port hybrid untagged vlan 10
[DHCP Server-Ethernet1/0/2] port hybrid pvid vlan 10
[DHCP Server-Ethernet1/0/2] quit
[DHCP Server] interface ethernet 1/0/3
[DHCPServer-Ethernet1/0/3] port link-type hybrid
[DHCP Server-Ethernet1/0/3] port hybrid untagged vlan 10
[DHCP Server-Ethernet1/0/3] port hybrid pvid vlan 10
[DHCP Server-Ethernet1/0/3] quit
[DHCP Server] interface gigabitEthernet 0/0/1
[DHCP Server-GigabitEthernet0/0/1] ip address 172.16.100.1 255.255.255.0
[DHCP Server-GigabitEthernet0/0/1] quit
[DHCP Server] interface vlanif 10
[DHCP Server-Vlanif10] ip address 172.16.200.100 255.255.255.0
[DHCP Server-Vlanif10] dhcp select global
[DHCP Server-Vlanif10] quit
[DHCP Server] ip pool auto-con fig
[DHCP Server-ip-pool-auto-config] network 172.16.200.0 255.255.255.0
[DHCP Server-ip-pool-auto-config] gateway-list 172.16.200.100
[DHCP Server-ip-pool-auto-config] option 67 ascii_ar V200R008 (C20&C30) cfg
[DHCP Server-ip-pool-auto-config] option 141 ascii user
[DHCP Server-ip-pool-auto-config] option 142 cipher huawei@123
[DHCP Server-ip-pool-auto-config] option 143 ip-address 172.16.100.100
[DHCPServer-ip-pool-auto-config]option145ascii vrpfile=auto V200R008
(c20&C30).cc;vrpver=-V200R008 (C20&C30;patchfile=ar V200R008 (C20&C30)
(9)静态路由
interface GigabitEthernet0/0/1 //接口视图配置R1的接口地址
ip address 10.1.1.1 255.255.255.0
interface GigabitEthernet0/0/2
address10.1.4.1 255.255.255.252
ip route-static 10.1.2.0 255.255.255.0 10.1.4.2 //系统视图配置R1到不同网段的静态
ip route-static 10.1.3.0 255.255.255.0 10.1.4.2
return
路由器R2配置文件如下。
interface GigabitEthernet0/0/1
接口视图配置R2的接口地址
ip addres10.1.2.1 255.255.255.0
interface GigabitEthernet0/0/2
address10.1.4.2 255.255.255.252
interface GigabitEthernet0/0/0
display routing-table protocol static
(10)ipv6
ipv6 //启用路由器IPv6报文转发能力
interface GigabitEthernet1/0/0
/在接口上启用IPv6功能
ipv6 enable
ipv6 address 1::164
interface GigabitEthernet2/0/0
ipv6 enable
ipv6 address 3:: 1 64
ipv6 route-static 2:: 64 3::1
/配置R1到2:64网段的静态路由
return
R2的相关配置如下。
ipv6
interface GigabitEthernet1/0/0
ipv6 enable
ipv6 address 2:: 1 64
interface GigabitEthernet2/0/0
ipv6 enable
ipv6 address 3:: 2 64
ipv6 route-static 1:: 64 3::2
配置R1到1:64网段的静态路由
retum
display ipv6 routing-table
(11)rip
配置路由器R1的RIP功能
[RI] rip
[R1-rip-1] network192.168.1.0
[RI-rip-l] quit
#配置路由器R2的RIP功能
[R2] rip
[R2-rip-1] network 192.168.1.0
[R2-rip-1] network 10.0.0.0
[R2-rip-1] quit
配置路由器R3的RIP功能
[R3]rip
[R3-rip-1]network172.16.0.0
[R3-ip-1]quit
display rip 1 route
[R1]rip
[R1-rip-1]version 2
[R1-rip-1]quit
(12)ISIS
isis[ process-i-id] 创建IS-IS进程并进入IS-IS视图
isis circuit-level[level-1 level-1-2|level-2] 设置接口的 Level级别,默认情况下,接口level为 level–1-2
network-entity net 设置网络实体名称
net格式为x….xx.xxxx.xxx.00,前面的“x-r
是区域地址,中间的12个“X”是路由器的System ID 最后的“00”是SEL
isis enable[process-id] 指定IS-IS的进程号,默认为1,IS-IS将通过该接口建立邻居、扩散LSP报文
display isis peer 查看IS-IS的邻居信息
display isis route 查看IS-IS的路由信息
(13)配置OSPF
#配置R路由器接口的IP地址
system-view
[Huawei] sysname RI
[R1] interface gigabitethernet 0/0/1
[RI-GigabitEthernet0/0/1] ip address 192.168.1.1 24
[R1-GigabitEthernet0/0/1] quit
[RI] interface gigabitethernet 0/0/2
[RI-GigabitEthernet0/0/2] ip address 192.168.2.124
[R1-GigabitEthernet0/0/2] quit
在路由器R1上配置OSPF基本功能
[R1] router id 1.1.1.1
[R1] ospf
[RI-ospf-1] area 0
[ospf-l-ara-0.0.0.0] network192.168.1.00.0.0.255
[R1-opf-1-area-0.0.0.0] quit
[RI-ospf-1] area 1
[ospf-l-ara-0.0.0.1] network192.168.1.00.0.0.255
[R1-opf-1-area-0.0.0.0] quit
ospf [process-id | router-id | router-id | -instance -instance-name] 启动OSPF进程,进入OS视图
area area-id 创建并进入OSPF区域视图
network ip-address wildcard-mask 配置区域所包含的网段
display ospf peer 查看OSPF邻居信息
display ospf routing 查看OSPF路由信息
(14)BGP
#配置各接口的P地址,配置R1,其他路由器各接口的IP地址与此配置一致
system-view
[RI] interface gigabitethernet 1/0/0
[R1-GigabitEthernet1/0/0] ip address 172.16.60.1
[R1-GigabitEthernet1/0/0] quit
配置IBGP连接,配置R2、R3、R4
[R2]bgp 65009
[R2-bgp] router-id 2.2.2.2
[R2-bgp] peer 9.1.1.2 as-number 65009
[R2-bgp] peer 9.1.3.2 as-number 65009
[R3]bgp65009
[R3-bgp] router-id 3.3.3.3
[R3-bgp] peer 9.1.3.1 as-number 65009
[R3-bgp] peer 9.1.2.2 as-number 65009
[R3-bgp] quit
BGP的相关命令
bgp{as-number-plain | as-number-dot} 启动BGP,指定本地AS编号,并进入BGP视图
router-id ipv4-address 配置BGP的 Router ID
peer{ipv4-address|ipv6-address} as-number{as-number-plain|as-number-dot} 创建BGP对等体
ipv4-family{unicast|multicast} 进入IPv4地址族视图
import-route direct 管理IP所在的网段路由,并引入RIP路由表
display bgp peer