最近整理了一些和华为交换机、路由器的命令配置,现在一同和大家分享,为即将到来的软考做准备。
路由器基本配置
设置系统日期、时间和时区
<Huawei>clock timezone BJ add xx:xx:xx
<Huawei>clock datetime xx:xx:xx xxxx-xx-xx
设置设备名称和管理IP地址
<Huawei>system-view
[Huawei]sysname Server //配置设备名称
[Server]interface gigabitethernet x/x/x //进入路由器接口视图
[Server- gigabitethernet x/x/x]ip address xxx.xxx.xxx.xxx xx //配置接口管理IP地址
[Server- gigabitethernet x/x/x]quit //退出配置
静态路由配置
[Server]interface gigabitethernet x/x/1//进入路由器接口视图
[Server- gigabitethernet x/x/1]ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx //配置接口IP地址
[Server- gigabitethernet x/x/1]quit
[Server]interface gigabitethernet x/x/2//进入路由器接口视图
[Server- gigabitethernet x/x/2]ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx //配置接口IP地址
[Server- gigabitethernet x/x/2]quit
[Server]ip route-static xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx //配置静态路由
[Server]ip route-static xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx //配置静态路由
[Server]return
2台路由器静态路由ipv6配置方法
[Server]ipv6 //启用路由器IPv6报文转发功能
[Server]interface gigabitethernet x/x/1[Server- gigabitethernetx/x/1]ipv6 enable //在接口上启用IPv6 功能
[Server- gigabitethernetx/x/1]ipv6 address x::x xx
[Server- gigabitethernetx/x/1]quit
[Server]interface gigabitethernet x/x/2[Server- gigabitethernetx/x/2]ipv6 enable //在接口上启用IPv6 功能
[Server- gigabitethernetx/x/2]ipv6 address x::x xx
[Server- gigabitethernetx/x/2]quit
[Server]IPv6 route-static x::xx x::x //配置R1到x::xx网段的静态路由
[Server]return
动态路由rip配置
<Huawei>system-view
[Huawei]sysname Server //配置设备名称
[Server]interface gigabitethernet x/x/x //进入路由器接口视图
[Server- gigabitethernet x/x/x]ip address xxx.xxx.xxx.xxx xx //配置接口IP地址
[Server- gigabitethernet x/x/x]quit //退出配置
[Server]rip 1//配置RIP协议
[Server-rip-1]network xxx.xxx.xxx.xxx
[Server-rip-1]network xxx.xxx.xxx.xxx
[Server-rip-1]quit
rip与bfd联动实验,BFD双向转发检测,可以提供毫秒级的检测,可以实现链路的快速检测,通过与上层路由协议联动
配置各接口IP
<Huawei>system-view
[Huawei]sysname Server //配置设备名称
[Server]interface gigabitethernet x/x/1//进入路由器接口视图
[Server- gigabitethernet x/x/1]ip address xxx.xxx.xxx.xxx xx //配置接口IP地址
[Server- gigabitethernet x/x/1]quit
[Server] interface gigabitethernet x/x/2[Server- gigabitethernet x/x/2]ip address xxx.xxx.xxx.xxx xx
[Server- gigabitethernet x/x/2]quit
配置RIP协议
[Server]rip 1[Server-rip-1]version 2[Server-rip-1]network xxx.xxx.xxx.xxx
[Server-rip-1]network xxx.xxx.xxx.xxx
配置BFD联动
[Server]bfd
[Server-bfd]quit
[Server]rip 1[Server-rip-1]bfd all-interfaces enable //启用bfd功能
[Server-rip-1]bfd all-interfaces min-rx-interval 100min-tx-intercal 100 detect-multiplier 10//配置最小发送、时间间隔
[Server-rip-1]quit
OSPF开放最短路径协议,链路状态。发Hello报文建立邻接关系(邻居表)-形成链路状态数据库(拓扑表)-SPF算法形成路由表(路由表)。
一、配置R1接口IP
<Huawei>system-view
[Huawei]sysname Server //配置设备名称
[Server]interface e x/x/x //进入路由器接口视图
[Server- e x/x/x]ip address xxx.xxx.xxx.xxx xx //配置接口IP地址
[Server- e x/x/x]int s x/x/x
[Server- s x/x/x]ip add xxx.xxx.xxx.xxx xx
<Huawei>dis cu
二、配置R1的OSPF
[Huawei]ospf
[Huawei-ospf-1]area x
[Huawei-ospf-1-area-x]net xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
[Huawei-ospf-1-area-x]area xx
[Huawei-ospf-1-area-xx]netw xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
[Huawei-ospf-1-area-xx]return<Huawei>dis cu
三、使用dis ip routing和dis cu进行验证
路由器IS-IS实验,中间系统-中间系统,路由器称为中间系统IS
<Huawei>sys
[Huawei]un in en
[Huawei]isis
[Huawei-isis-1][Huawei-isis-1]network-entity xxx.xxx.xxx.xxx.xxx
[Huawei-isis-1]quit
[Huawei]int g x/x/x
[Huawei-gx/x/x]isis enable
[Huawei-gx/x/x]int g x/x/x
[Huawei-gx/x/x]isis enable
验证:ping,dis ip routing,dis isis peer,dis cu,dis isis route
BGP:边界网关协议,在自制系统AS之间选择最佳路由,矢量距离。
一、配置路由器接口基本配置
<Huawei>system-view
[Huawei]sysname Server //配置设备名称
[Server]interface gigabitethernet x/x/x //进入路由器接口视图
[Server- gigabitethernet x/x/x]ip address xxx.xxx.xxx.xxx xx //配置接口IP地址
[Server- gigabitethernet x/x/x]quit //退出配置
二、配置IBGB
[Server]bgp 65009//启动BGP及AS号
[Server-bgp]router-id x.x.x.x //配置BGP的routerlID
[Server-bgp]peer x.x.x.x as-number 65009//配置BGP对等体
[Server-bgp]peer x.x.x.x as-number 65009[Server-bgp]quit
三、配置EBGP
[Server1]bgp 65009[Server1-bgp]router-id x.x.x.x
[Server1-bgp]peer x.x.x.x as-number 65009[Server2-bgp]peer x.x.x.x as-number 65008
四、配置R1发布路由
[Server1-bgp]ipv4-family unicast //进入IPV4地址族视图
[Server1-bgp-af-ipv4]network x.x.x.x xxx.xxx.xxx.xxx
[Server1-bgp-af-ipv4]quit
五、配置R2引入路由
[Server2-bgp]ipv4-family unicast
[Server1-bgp-af-ipv4]import-route direct //引入路由表
六、验证BGP的命令,dis bgp peer
路由器ACL配置,访问控制列表,可以根据源地址、目标地址、源端口、目标端口、协议信息对数据包进出过滤控制。
基本ACL:编号2000-2999
<Huawei>system-view
[Huawei]acl 2001[Huawei-acl-basic-2001]rule permit source xxx.xxx.xxx.xxx
<Huawei>system-view //进入系统
[Huawei]acl 2001//配置编号
[Huawei-acl-basic-2001]rule permit source xxx.xxx.xxx.xxx //ACL列表
[Huawei-acl-basic-2001]rule deny source xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
[Huawei-acl-basic-2001]description permit only xxx.xxx.xxx.xxx through
<Huawei>system-view
[Huawei]time-range working-time x:xx to xx:xx working-day
[Huawei]acl name work-acl basic
[Huawei-acl-basic-work-acl]rule deny source xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx time-range woeking-time
<Huawei>system-view
[Huawei]acl 2001[Huawei-acl-basic-2001]rule deny source xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx none-first-fragment
二、高级ACL:编号3000-3999
<Huawei>system-view
[Huawei]acl 3001[Huawei-acl-basic-3001]rule permit source xxx.xxx.xxx.xxx x destination xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
<Huawei>system-view
[Huawei]acl name deny-telnet
[Huawei-acl-adv-deny-telnet]rule deny tcp destination-port eq telnet source xxx.xxx.xxx.xxx x destination xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
三、实验:限制用户在特定时间访问特定服务器
1、配置IP、vlan、vlanif
<Huawei>system-view
[Huawei]sysname R1
[R1]vlan batch xx xx xx //配置多个vlan
[R1]interface ethernet x/x/x
[R1- interface ethernet x/x/x]port link-type trunk
[R1- interface ethernet x/x/x]port trunk allow-pass vlan xx
[R1- interface ethernet x/x/x]quit
[R1]interface vlanif xx
[R1-vlanif xx]ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
[R1-vlanif xx]quit
2、配置基于时间的ACL访问规则
配置xx:xx至xx:xx的周期时间段
[R1]time-range satime xx:xx to xx:xx working-day
配置某部门到某服务器的访问规则
[R1]acl 3001[R1-acl-3001]rule deny ip source xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx destination xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx time-range satime
3、配置基于ACL的流分类策略
配置流分类c_xs,对匹配ACL 3001的报文进行分类
[R1]traffic classifier c_xs
[R1-classifier-c_xs]if-match acl 3001[R1-classifier-c_xs]quit
配置流行为b_xs,动作为拒绝报文通过
[R1]traffic behavior b_xs
[R1-behavior- b_xs]deny
[R1-behavior- b_xs]quit
4、基于ACL的流策略
配置流策略p_xs,将流分类c_xs与流行为b_xs关联
[R1]traffic policy p_xs
[R1-trafficpolicy-p_xs]classifier c_xs behavior b_xs
[R1-trafficpolicy-p_xs]quit
某部门访问服务器的流量从接口Ethx/x/x进入Router,所以可以在Ethx/x/x接口的入方向应用流策略p_xs
[R1]interface ethernet x/x/x
[R1-ethernetx/x/x]traffic-policy p_xs inbound
[R1-ethernetx/x/x]quit
本文转载自: https://blog.csdn.net/weixin_45928565/article/details/137740305
版权归原作者 安全菜鸟 所有, 如有侵权,请联系我们删除。
版权归原作者 安全菜鸟 所有, 如有侵权,请联系我们删除。