华为na基础实验的一些操作命令
九天过去了,班级要实训,以为可以出去,结果还是在学校,内容是华为na的基础内容,下面是我做实验的代码。
华为命令
Telnet
1.普通密码
(R1)
user-interface vty 0 4
authentication-mode password 123456
user privilege level 3
q
Password:
2.aaa
[R1]user-interface vty 0 4 [R1-ui-vty0-4]authentication-mode aaa
[R1-ui-vty0-4]q
[R1]aaa
[R1-aaa]local-user huawei password cipher 123.abc
Info: Add a new user.
[R1-aaa]q
Username:huawei
Password:
3.ssh
[R1]stelnet server enable
[R1]user-interface vty 0 4
[R1-ui-vty0-4]pro
[R1-ui-vty0-4]protocol in
[R1-ui-vty0-4]protocol inbound ssh
[R1-ui-vty0-4]q
[R1]aaa
[R1-aaa]local-user huawei password cipher 123
[R1-aaa]local-user huawei privilege level 15
[R1-aaa]local-user huawei service-type ssh
[R1]rsa local-key-pair create
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode aaa
[R2]stelnet server enable
[R2]ssh client first-time enable
4.ftp
[sysname R3]ftp server enable
[R3]int GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0] ip add
[R3-GigabitEthernet0/0/0]ip address 172.10.11.10 24(和主机ip的子网相同)
[R3]user-interface vty 0 4 [R3-ui-vty0-4]authentication-mode aaa
[R3-ui-vty0-4]q
[R3]aaa
[R3-aaa]local-user huawei password cipher 123
[R3-aaa]local-user huawei privilege level 3
[R3-aaa] local-user huawei ftp-directory flash:
[R3-aaa] local-user huawei service-type ftp
5.静态路由
Ip route 目的ip 子网掩码(24) 下一跳ip
Huawei]ip route-static 192.168.2.2 24 192.168.1.2
[Huawei]ip route-static 192.168.1.1 24 192.168.2.1
- 链路聚合
交换机链路聚合
[S1]interface Eth-Trunk 1
[S1-Eth-Trunk1]mode lacp-static
[S1-Eth-Trunk1]lacp preempt enable
[S1-Eth-Trunk1]trunkport e0/0/1
[S1-Eth-Trunk1]trunkport e0/0/2
[S1-Eth-Trunk1]trunkport e0/0/3
[S1-Eth-Trunk1]int e0/0/1
[S1-Ethernet0/0/1]lacp priority 10
[S1-Eth-Trunk1]int e0/0/2
[S1-Ethernet0/0/2]lacp priority 10
(第二个交换机进行以上相同配置)
路由器链路聚合
[AR1]interface Eth-Trunk 1 //创建逻辑链路
[AR1-Eth-Trunk1]undo portswitch //关闭二层功能
[AR1-Eth-Trunk1]ip address 192.168.1.1 24
[AR1-Eth-Trunk1]mode manual load-balance //手动负载均衡
[AR1-Eth-Trunk1]mode lacp-static //静态链路
[AR1-Eth-Trunk1]lacp preempt enable //开启抢占功能
[AR1-Eth-Trunk1]max active-linknumber 2 //开启两条活动链路
[AR1-Eth-Trunk1]q
[AR1]interface g
[AR1]interface GigabitEthernet 0/0/1
[AR1-GigabitEthernet0/0/1]eth-trunk 1
[AR1]interface GigabitEthernet 0/0/2
[AR1-GigabitEthernet0/0/1]eth-trunk 1
[AR1]interface GigabitEthernet 0/0/3
[AR1-GigabitEthernet0/0/1]eth-trunk 1
(路由器2做同样配置)
[AR1]dis interface Eth-Trunk 1
- vlan配置
[S1]vlan batch 11 22 //对S1下面的两个主机接口配置vlan
[S1]interface e0/0/2
[S1-Ethernet0/0/2]port link-type access
[S1-Ethernet0/0/2]port default vlan 11
[S1-Ethernet0/0/2]q
[S1]int e0/0/3
[S1-Ethernet0/0/3]port link-type access
[S1-Ethernet0/0/3]port default vlan 22
[S1-Ethernet0/0/3]q
[S2]vlan batch 11 22 // 对S2下面的两个主机接口配置vlan
[S2]interface e0/0/2
[S2-Ethernet0/0/2]port link-type access
[S2-Ethernet0/0/2]port default vlan 11
[S2-Ethernet0/0/2]q
[S2]int e0/0/3
[S2-Ethernet0/0/3]po
[S2-Ethernet0/0/3]port link-type access
[S2-Ethernet0/0/3]port default vlan 22
[S2-Ethernet0/0/3]q
[S2]int e0/0/1 //S2实现路由互通
[S2-Ethernet0/0/1]port link-type trunk
[S2-Ethernet0/0/1]port trunk allow-pass vlan 11 22
[S2-Ethernet0/0/1]q
[S1]int e0/0/1 //S1实现路由互通
[S1-Ethernet0/0/1]port link-type trunk
[S1-Ethernet0/0/1]port trunk allow-pass vlan 11 22
- mux-vlan
[S1]vlan batch 10 20 30 //创建vlan10,20.30
[S1]vlan 10
[S1-vlan10]mux-vlan //主vlan,使能端口
[S1-vlan10]subordinate separate 30 //设置vlan30为隔离型
[S1-vlan10]subordinate group 20 //设置vlan20为互通型
[S1-vlan10]q
[S1]interface e0/0/1
[S1-Ethernet0/0/1]port link-type access
[S1-Ethernet0/0/1]port default vlan 20
[S1-Ethernet0/0/1]int e0/0/2
[S1-Ethernet0/0/2]port link-type access
[S1-Ethernet0/0/2]port default vlan 20
[S1-Ethernet0/0/2]int e0/0/3
[S1-Ethernet0/0/3]port link-type access
[S1-Ethernet0/0/3]port default vlan 30
[S1-Ethernet0/0/3]int e0/0/4
[S1-Ethernet0/0/4]port link-type access
[S1-Ethernet0/0/4]port default vlan 30
[S1-Ethernet0/0/4]int e0/0/6
[S1-Ethernet0/0/6]port link-type access
[S1-Ethernet0/0/6]port default vlan 10
[S1-Ethernet0/0/6]port mux-vlan enable //开启端口mux-vlan功能
[S1-Ethernet0/0/6]int e0/0/5
[S1-Ethernet0/0/5]port mux-vlan enable
[S1-Ethernet0/0/5]int e0/0/4
[S1-Ethernet0/0/4]port mux-vlan enable
[S1-Ethernet0/0/4]int e0/0/3
[S1-Ethernet0/0/3]port mux-vlan enable
[S1-Ethernet0/0/3]int e0/0/2
[S1-Ethernet0/0/2]port mux-vlan enable
[S1-Ethernet0/0/2]int e0/0/1
[S1-Ethernet0/0/1]port mux-vlan enable
就可以了(注意端口别接错vlan!)
- 不同子网vlan 交换机设置
[S1]vlan batch 10 20
[S1]interface e0/0/1
[S1-Ethernet0/0/1]port link-type access
[S1-Ethernet0/0/1]port default vlan 10
[S1-Ethernet0/0/1]q
[S1]int Eth0/0/2
[S1-Ethernet0/0/2]port link-type access
[S1-Ethernet0/0/2]port default vlan 20
[S1-Ethernet0/0/2]q
[S1]int Vlanif 10
[S1-Vlanif10]ip address 192.168.1.254 24
[S1-Vlanif10]q
[S1]int Vlanif 20
[S1-Vlanif20]ip address 192.168.2.254 24
[S1-Vlanif20]q
- 单臂路由
[Huawei]vlan batch 10 20
[Huawei]interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]port default vlan 10
[Huawei-Ethernet0/0/1]q
[Huawei]int Ethernet 0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]port default vlan 20
[Huawei-Ethernet0/0/2]q
[Huawei]interface Ethernet 0/0/3
[Huawei-Ethernet0/0/3]port link-type trunk //trunk接口类型
[Huawei-Ethernet0/0/3]port trunk allow-pass vlan all //允许所有vlan通过
[Huawei]vlan batch 10 20
[Huawei]int g0/0/0.10 //进入子接口
[Huawei-GigabitEthernet0/0/0.10]dot1q termination vid 10 //给子接口加上vlan10标签
[Huawei-GigabitEthernet0/0/0.10]arp broadcast enable 打开arp广播
[Huawei-GigabitEthernet0/0/0.10]ip address 192.168.1.254 24 //添加逻辑接口
[Huawei]int g0/0/0.20
[Huawei-GigabitEthernet0/0/0.20]dot1q termination vid 20
[Huawei-GigabitEthernet0/0/0.20]ip add 192.168.2.254 24
- osfp简单设置
接口设置别错了
- 先把所有ip设好
[R1]int LoopBack 0
[R1-LoopBack0]ip address 1.1.1.1 32 //设置环回接口
[R1]ospf
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 13255
[R1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 13.1.1.0 0.0.0.255
之后所有的路由器都要设置环回接口,然后ospf给子网,它相邻的子网和它本身 的环回都要给
- osfp简单设置
主干区域 路由器R1
它需要宣告其他区域的直连的子网
[Huawei]ospf
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]undo network 12.1.1.0 0.0.0.255
[Huawei]ospf
[Huawei-ospf-1]area 1
[Huawei-ospf-1-area-0.0.0.0]undo network 13.1.1.0 0.0.0.255
[Huawei]ospf
[Huawei-ospf-1]area 2
[Huawei-ospf-1-area-0.0.0.0]undo network 16.1.1.0 0.0.0.255
- dhcp设置
[Huawei]dhcp enable //开启dhcp服务
[Huawei]int GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.1.254 24 //设置网关
[Huawei-GigabitEthernet0/0/0]dhcp select interface //选择接口模式
[Huawei-GigabitEthernet0/0/0]dhcp server dns-list 8.8.8.8 //设置dns服务器
[Huawei-GigabitEthernet0/0/0]dhcp server excluded-ip-address 192.168.1.250 192.168.1.253 //设置地址解除(不用)
[Huawei-GigabitEthernet0/0/0]dhcp server lease day 2 hour 0 minute 0 //设置租约时间
(记得pc要启用dhcp)
- 全局dhcp设置
[Huawei]dhcp enable //开启dhcp
[Huawei]ip pool 1 //进入(创建)地址池
Huawei-ip-pool-1]gateway-list 192.168.1.254 //设置一个网关
[Huawei-ip-pool-1]network 192.168.1.0 mask 255.255.255.0 //设置一个网段
[Huawei-ip-pool-1]excluded-ip-address 192.168.1.240 192.168.1.250
//设置排除地址
Huawei-ip-pool-1]lease day 8 hour 0 minute 0 //设置租约时间
[Huawei-ip-pool-1]dns-list 8.8.8.8 //设置dns
[Huawei]int GigabitEthernet 0/0/0 //进入接口
[Huawei-GigabitEthernet0/0/0]ip address 192.168.1.254 255.255.255.0 //添加网关ip
[Huawei-GigabitEthernet0/0/0]dhcp select global //设置为全局
- 基本ACL
https://wenku.baidu.com/view/d293f80e4a7302768e993962.html
[AR1]user-interface console 0 //进入Console口配置模式
[AR1-ui-console0]idle-timeout 0 0 //关闭超时功能 分钟:秒钟
[AR1-ui-console0]q
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 192.168.1.254 24
[AR1-GigabitEthernet0/0/0]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip add 13.1.1.1 24
[AR1-GigabitEthernet0/0/1]q
[AR1]ospf 1 //启用OSPF默认是进程1
[AR1-ospf-1]area 0 //进入区域0
[AR1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255 //发布直连网段
[AR1-ospf-1-area-0.0.0.0]network 13.1.1.0 0.0.0.255 //发布直连网段
[AR1-ospf-1-area-0.0.0.0][AR1-ospf-1-area-0.0.0.0]ping 192.168.2.2
//AR1能ping通PC2
PING 192.168.2.2: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=126 time=30 ms
Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=126 time=30 ms
[AR3]int g0/0/0
[AR3-GigabitEthernet0/0/0]ip add 34.1.1.3 24
[AR3-GigabitEthernet0/0/0]int g0/0/1
[AR3-GigabitEthernet0/0/1]ip add 192.168.2.254 24
[AR3-GigabitEthernet0/0/1]q
[AR3]ospf 1 //启用OSPF默认是进程1
[AR3-ospf-1]area 0 //进入区域0
[AR3-ospf-1-area-0.0.0.0]network 34.1.1.0 0.0.0.255 //发布直连网段
[AR3-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255 //发布直连网段
[AR3-ospf-1]acl 2001 //配置基本acl
[AR3-acl-basic-2001]rule 5 deny source 192.168.1.1 0 //拒绝源IP(注意反掩码0,默认步长为5)
[AR3-acl-basic-2001]rule 10 permit source any //允许任意
[AR3]int g0/0/1
[AR3-GigabitEthernet0/0/1]traffic-filter outbound acl 2001 //应用
- 配置生效时间段
[AR3]time-range time1 from 00:00 2019/1/1 to 23:59 2019/6/19 //设置时间范围
[AR3]acl 2000 //定义访问控制列表
[AR3-acl-basic-2000]rule 5 permit time-range time1 //设置规则5允许 时间段访问
[AR3-acl-basic-2000]q
[AR3]time-range time1 08:00 to 00:00 ?
<0-6> Day of the week(0 is Sunday)
Fri Friday
Mon Monday
Sat Saturday
Sun Sunday
Thu Thursday
Tue Tuesday
Wed Wednesday
daily Every day of the week
off-day Saturday and Sunday
working-day Monday to Friday
[AR3]time-range time1 08:00 to 00:00 daily
- 高级ACL
[AR3-acl-basic-2001]q
[AR3]undo acl 2001 //先undo基本acl
[AR1-ospf-1]q
[AR1]acl 3001
[AR1-acl-adv-3001]rule 6 deny ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
[AR1-acl-adv-3001]q
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]traffic-filter inbound acl 3001
[AR1-GigabitEthernet0/0/0]dis this
[AR1-GigabitEthernet0/0/0]q
[AR1]acl 3001
[AR1-acl-adv-3001]undo rule 5
[AR1-acl-adv-3001]rule 5 permit ip source 192.168.1.1 0 destination 192.168.2.0 0.0.0.255
- nat 一对一
[Huawei]ip route-static 0.0.0.0 0.0.0.0 202.10.1.1 //在Router上配置缺省路由,指定下一跳地址为202.10.1.1
[Huawei]nat static global 202.10.1.3 inside 192.168.1.1(下面那个也可以) //在Router的上行接口GE2/0/0上配置一对一的NAT映射
[Huawei-GigabitEthernet0/0/1]nat static global 202.10.1.3 inside
- 多对一nat
[Huawei]un in en
[Huawei]vlan batch 100 200
[Huawei]interface Vlanif 100
[Huawei-Vlanif100]ip add 192.168.1.1 24
[Huawei-Vlanif100]q
[Huawei]interface e0/0/1
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]port default vlan 100
[Huawei-Ethernet0/0/1]q
[Huawei]vlan 200
[Huawei]interface Vlanif 200
[Huawei-Vlanif200]ip add 10.0.0.1 24
[Huawei-Vlanif200]q
[Huawei]int e0/0/0
[Huawei-Ethernet0/0/0]port link-type access
[Huawei-Ethernet0/0/0]port default vlan 200
[Huawei-Ethernet0/0/0]q
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 202.169.10.1 24
[Huawei-GigabitEthernet0/0/0]q
[Huawei]ip route-static 0.0.0.0 0.0.0.0 202.169.10.2
//配置缺省路由,指定下一跳地址为202.169.10.2
[Huawei]nat address-group 1 202.169.10.100 202.169.10.200
//希望使用公网地址池中的地址(202.169.10.100 ~ 202.169.10.200)采用NAT方式替换A区内部的主机地址(网段为192.168.1.0/24 )
[Huawei]nat address-group 2 202.169.10.80 202.169.10.83
//希望使用公网地址池(202.169.10.80~20 2.169.10.83)采用IP地址和端口的替换方式替换B区内部的主机地址(网段为10.0.0.0/24 )
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[Huawei-acl-basic-2000]q
[Huawei]acl 2001
[Huawei-acl-basic-2001]rule 5 permit source 10.0.0.0 0.0.0.255
[Huawei-acl-basic-2001]q
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]nat outbound 2000 address-group 1 no-pat // 应用outbound,一对一(no-pat)
[Huawei-GigabitEthernet0/0/0]nat outbound 2001 address-group 2 // 应用outbound
[Huawei-GigabitEthernet0/0/0]q
[Huawei]dis nat outbound //显示