配置有三种模式:
用户模式,可查看运行状态和统计信息等功能,这些命令对路由器正常工作没有影响
[HUAWEI]系统视图模式
[HUAWEI-Vlanif1]具体业务视图,这里表示Vlanif1的业务
命令
[HUAWEI]dhcp enable //DHCP启用
[HUAWEI]ip pool pool1 //创建全局地址池pool1
[HUAWEI-ip-pool-pool1]dhcp select global //开启接口采用全局地址池的DHCP Server功能. global 英 /?ɡl??b(?)l/ 全局
[HUAWEI-ip-pool-pool1]dns-list 192.168.3.2 //配置自动分配给DHCP客户端的网关IP
[HUAWEI-ip-pool-pool1]excluded-ip-address 192.168.3.2 //配置不分配的IP
[HUAWEI-ip-pool-pool1]lease day 1 hour 10 //配置租约信息(华为路由器默认1天)lease 英 /li?s/ 租约
当出现以下错误时,
Info: This pool does not exist.
Error: The IP address is being used by a static-MAC user.
Error: The static-MAC is exist in this IP-pool.
使用
reset ip pool interface Vlanif1 192.168.0.32 命令重置IP
[R1-rip-1]network 192.168.1.0 //宣告直连网段192.168.1.0
system-view
[R1]router-id 1.1.1.1 //指定R1的routerID为1.1.1.1
[R1]ospf
[R1-ospf-1]area 0
VLAN之间的通信(三层交换机)
[HUAWEI]interface vlanif 10
[HUAWEI-vlanif10]ip address 192.168.0.1 255.255.255.0
[HUAWEI]interface vlanif 20
[HUAWEI-vlanif20]ip address 10.10.10.1 255.255.255.0
[HUAWEI]interface vlanif 100
[HUAWEI-vlanif100]ip address 172.16.0.1 255.255.255.0
VLAN间的通信在华为三层交换机上只需要给对应逻辑接口配置IP地址(相当于直连网段)就可以实现。
查看命令
display current-configuration //显示当前配置
display arp all | include 192.168.1.119 查看ARP中特定的项
display current-configuration | include arp static /*显示当前的arp
display arp ip-conflict track用来查看检测到的IP地址冲突的记录信息
基本命令
system-view//进入系统视图
[HUAWEI]sysname R1 //设备命名为R1
[R1]interface gigabitethernet 0/0/1 //进入端口视图
[R1-Gigabitetherent]auto speed 1000 //配置端口自协商的速率为1000[Router GigabitEthernet 1/0/0] port link-type trunk 端口连接类型为trunk
[Router GigabitEthernet 1/0/0] port trunk allow-pass vlan 101 端口加入101的虚拟局域网
[R1-Gigabitetherent]quit //退出到系统视图
AAA是认证(Authentication)、授权(Authorization)和计费(Accounting)的简称
设置AAA
[HUAWEI]aaa //进入aaa视图
[HUAWEI-aaa]local-user IT1 password irreversible-cipher IT123456//配置用户名为IT1和密码IT123456
[HUAWEI-aaa]local-user user1 privilege level3 //配置账号的权限为3
[HUAWEI-aaa]returnsave
[SW]vlan vlan-id //创建vlan-id
[SW]vlan batch 100 200 //批量创建vlan100和vlan200
[SW]vlan batch 10 to 20 //批量创建vlan10到vlan20
[SW-Eth0/1]port link-type {access|trunk|hybrid} //配置端口类型
[SW-Eth0/1]port default vlan 100 把端口加入到一个指定VLAN
[SW-Eth0/1]port trunk allow-pass vlan 10 //配置trunk中允许通过的VLAN
[SW]interface vlanif 1
[SW-vlanif 1]ip address 192.168.0.1 255.255.255.0 //配置管理IP地址和子网掩码
缺省/默认路由为什么是0.0.0.0/0?因为0表示通配所有,ACL中也是
detect-group 1 //侦测组1,侦测组是用来检测这条线路是否通的,用于实现网络冗余
detect-list 1 ip address 142.1.1.1
timer loop 5
ip route-static 0.0.0.0 0.0.0.0 Dialer 0 preference 100 //静态路由,优先级是100,越小优先级越高.Dialer英 /?da??l?(r)/ 拨号者,说明它是PPPoE的线路
ip route-static 0.0.0.0 0.0.0.0 142.1.1.1 preference 60 detect-group 1//优先级高,所以默认线路是以太网而不是拨号网络
[Router] nat address-group 0 200.100.1.3 200.100.1.6
[Router] acl number 2000
[Router-acl-basic-2000]rule 5 (deny|permit) source 10.10.1.0 0.0.0.255
[Router-GigabitEthernet0/0/0]interface GigabitEthernet0/0/3
[Router-GigabitEthernet0/0/3]nat (outbound)2000 address-group 0 no-pat////将ACL与地址池关联,no-pat表示不可反复使用
[Router-GigabitEthernet0/0/3]quit
[Router]ip route-static 0.0.0.0 0.0.0.0 (permanent 60)
[HUAWEI]sysname (AC) 把设备命名为AC
[AC] vlan batch 100 101 批量创建vlan 100 101
[AC] interface gigabitethernet 0/0/1进入高速接口
[AC-GigabitEthernet0/0/1] port link-type trunk 端口连接类型为trunk
[AC-GigabitEthernet0/0/1] port trunk pvid vlan 100 设置Trunk类型接口的缺省VLAN ID
[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[AC-GigabitEthernet0/0/1] port-isolate( enable ) //实现端口隔离
[AC-GigabitEthernet0/0/1] quit
[AC] interface gigabitethernet 0/0/2
[AC-GigabitEthernet0/0/2] port link-type trunk
[AC-GigabitEthernet0/0/2] port trunk allow-pass vlan 101
[AC-GigabitEthernet0/0/2] quit
#配置中心AP和AP上线
[AC] wlan
[AC-wlan-view] ap-group name ap-groupl ap组名称为
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] regulatory-domain-profile name default 创建名称为default的域管理模板
创建域管理模板后,需要在AP或AP组下引用域管理模板才能生效
[AC-wlan-regulate-domain-default] country-code (cn)国家代码
[AC-wlan-regulate domain-default] quit
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] regulatory-domain-profile( default ) 引用以便生效
Warning: Modifying the country code will clear channel, power and antenna gain config Of the config send reset the AP Continue?[Y/N]:y
[AC-wlan-ap-group-ap-group1]quit
[AC-wlan-view]quit
[AC]capwap source interface( vlanif100) 配置源接口,
capwap用于AP对AC的自动发现及AP和AC的状态机运行、维护。AC对AP进行管理,业务配置下发。STA数据封装CAPWAP隧道进行转发
[AC] wlan
[AC-wlan-view] ap auth mode mac-auth 配置AP认证模式为MAC认证
[AC-wlan-view] ap-id 0 ap-mac 68a8-2845-62fd//中心AP的MAC地址
[AC-wlan-ap-0] ap-name central AP
Warning: This operation may cause AP reset Continue?[Y/N]:y
[AC-wlan-ap-0] ap-group ap-group1
Warning: This operation may cause AP reset.If the country code changes,it will clear channel,power and antenna gain configuration s of the radio,Whether to continue?[Y/N]:y
[AC- wlan-ap-0] quit
#配置WLAN业务参数
[AC-wlan-view] security-profile name wlan-net 创建安全模板名为
[AC-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase(a123456) aes 配置安全策略为WPA-WPA2 PSK 密码a123456
[AC-wlan-sec-prof-wlan-net] quit
[AC-wlan-view] ssid-profile name wlan-net SSID模板
[AC-wlan-ssid-prof-wlan-net] ssid(wlan-net)
[AC-wlan-ssid-prof-wlan-net] quit
[AC-wlan-view] vap-profile name wlan-net 虚拟ap模板
[AC-wlan-vap-prof-wlan-net] forward-mode tunnel 配置AP有线口数据转发方式为隧道转发
[AC-wlan-vap-prof-wlan-net] service-vlan vlan-id(101) 查资料意思是下发vap业务的vlan,所以应该是100,不知为什么答案是101
[AC-wlan-vap-prof-wlan-net] security-profile wlan-net
[AC-wlan-vap-prof-wlan-net] ssid-profile wlan-net
[AC-wlan-vap-prof-wlan-net] quit
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-groupl] vap-profile wlan-net wlan 1 radio 0
[AC-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 1
[AC-wlan-ap-group-ap-group1] quit
路由器RI上配置RIP协议
[R1]_ (RIP)
[R1-rip-1]network_ (10.0.0.0) 指定与该路由器相连的网络,有多少个就写多少次
[R1-ip-1]version2 使用RIP 2.0版本的
[R1-rip-1]undo summary 取消备注
各路由器上均完成了RIP协议的配置,在路由器RI上执行display ip routing-table,由RIP生成的路由信息如下所示:
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.3.0.0/24 RIP 100 1 D 10.13.0.2 GigabitEthernet0/0/1
10.4.0.0/24 RIP 100 1 D 10.13.0.2 GigabitEthernet0/0/1
10.34.0.0/30 RIP 100 1 D 10.13.0.2 GigabitEthernet/0/0/1
10.42.0.0/24 RIP 100 1 D 10.21.0.2 GigabitEthernet/0/0/0
创建ACL
第1步:在路由器R4上创建所需ACL
创建用于PCI策略的ACL:
[R4]acl 2000
[R4-acl-basic -2000] rule 1 permit source(7)
[R4-acl-basic- 2000] quit
创建用于PC3策略的ACL:
[R4] time-range satime(8:00 TO 18:00)working-day
[R4]acl number 3001
[R4-acl-adv-3001] rule deny source (9) destination 218.63.0.0 240.255.255.255 time-range satime
第2步:执行如下命令的作用是(10)。
[R4]trafficlassifer 1
[R4-classifier-1]if-match acl 2000
[R4-classifier-1]quit
[R4]traffic classifier3
[R4-classifier-3]if-match acl 3001
[R4-classifier-3]quit
第3步:在路由器R4上创建流行为并配置重定向
[R4]traffic behavior 1
[R4-bchavior-1]redirect (11) 221.137.0.1
[R4-behavior-1]quit
[R4]traffic behavior 3
[R4-behavior-3] (12)
[R4-behavior-3]quit
第4步:创建流策略,并在接口上应用(仅列出了R4上GigabitEthernet 0/0/0接口的配置)
[R4]traffic policy 1
[R4-trafficpolicy-1]classifier 1(13)
[R4-trafficpolicy-1]classifier 3(14)
[R4-trafficpolicy-1]quit
[R4]interGigabitEthernet 0/0/0
[R4-GigabitEthernet0/0/0]traffic-policy(15)
[R4-GigabitEthernet0/0/0]quit