热门标签
热门文章
- 1阿里小程序Serverless 操作指南
- 2设备管理中的数据结构
- 3使用TensorFlow 2.x 实现YOLOv5:一个高效且易用的目标检测框架
- 4公司新来的00后真是卷王,工作没两年,跳槽到我们公司起薪18K都快接近我了
- 5DockerFile怎么用?
- 6python程序设计的课后答案,python程序设计教程答案_学校python作业数值类型自学引导答案
- 7如何有效地进行数据挖掘和分析,数据治理平台哪家好?_光点科技_数据治理 挖掘
- 8python第三方库排行-Python模块汇总(常用第三方库)
- 9Postman接口模拟请求工具使用技巧
- 10转换为XML文件时发生 javax.xml.transform.TransformerException: java.lang.NullPointerException_javax.xml.transform.transformerexception: javax.xm
当前位置: article > 正文
华为路由器命令配置大全,看完赶快收藏_华为路由器配置命令
作者:weixin_40725706 | 2024-07-18 15:23:37
赞
踩
华为路由器配置命令
最近整理了一些和华为交换机、路由器的命令配置,现在一同和大家分享,为即将到来的软考做准备。
路由器基本配置
设置系统日期、时间和时区
<Huawei>clock timezone BJ add xx:xx:xx
<Huawei>clock datetime xx:xx:xx xxxx-xx-xx
- 1
- 2
设置设备名称和管理IP地址
<Huawei>system-view
[Huawei]sysname Server //配置设备名称
[Server]interface gigabitethernet x/x/x //进入路由器接口视图
[Server- gigabitethernet x/x/x]ip address xxx.xxx.xxx.xxx xx //配置接口管理IP地址
[Server- gigabitethernet x/x/x]quit //退出配置
- 1
- 2
- 3
- 4
- 5
静态路由配置
[Server]interface gigabitethernet x/x/1 //进入路由器接口视图
[Server- gigabitethernet x/x/1]ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx //配置接口IP地址
[Server- gigabitethernet x/x/1]quit
[Server]interface gigabitethernet x/x/2 //进入路由器接口视图
[Server- gigabitethernet x/x/2]ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx //配置接口IP地址
[Server- gigabitethernet x/x/2]quit
[Server]ip route-static xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx //配置静态路由
[Server]ip route-static xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx //配置静态路由
[Server]return
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
2台路由器静态路由ipv6配置方法
[Server]ipv6 //启用路由器IPv6报文转发功能
[Server]interface gigabitethernet x/x/1
[Server- gigabitethernetx/x/1]ipv6 enable //在接口上启用IPv6 功能
[Server- gigabitethernetx/x/1]ipv6 address x::x xx
[Server- gigabitethernetx/x/1]quit
[Server]interface gigabitethernet x/x/2
[Server- gigabitethernetx/x/2]ipv6 enable //在接口上启用IPv6 功能
[Server- gigabitethernetx/x/2]ipv6 address x::x xx
[Server- gigabitethernetx/x/2]quit
[Server]IPv6 route-static x::xx x::x //配置R1到x::xx网段的静态路由
[Server]return
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
动态路由rip配置
<Huawei>system-view
[Huawei]sysname Server //配置设备名称
[Server]interface gigabitethernet x/x/x //进入路由器接口视图
[Server- gigabitethernet x/x/x]ip address xxx.xxx.xxx.xxx xx //配置接口IP地址
[Server- gigabitethernet x/x/x]quit //退出配置
[Server]rip 1 //配置RIP协议
[Server-rip-1]network xxx.xxx.xxx.xxx
[Server-rip-1]network xxx.xxx.xxx.xxx
[Server-rip-1]quit
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
rip与bfd联动实验,BFD双向转发检测,可以提供毫秒级的检测,可以实现链路的快速检测,通过与上层路由协议联动
配置各接口IP
<Huawei>system-view
[Huawei]sysname Server //配置设备名称
[Server]interface gigabitethernet x/x/1 //进入路由器接口视图
[Server- gigabitethernet x/x/1]ip address xxx.xxx.xxx.xxx xx //配置接口IP地址
[Server- gigabitethernet x/x/1]quit
[Server] interface gigabitethernet x/x/2
[Server- gigabitethernet x/x/2]ip address xxx.xxx.xxx.xxx xx
[Server- gigabitethernet x/x/2]quit
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
配置RIP协议
[Server]rip 1
[Server-rip-1]version 2
[Server-rip-1]network xxx.xxx.xxx.xxx
[Server-rip-1]network xxx.xxx.xxx.xxx
- 1
- 2
- 3
- 4
配置BFD联动
[Server]bfd
[Server-bfd]quit
[Server]rip 1
[Server-rip-1]bfd all-interfaces enable //启用bfd功能
[Server-rip-1]bfd all-interfaces min-rx-interval 100 min-tx-intercal 100 detect-multiplier 10 //配置最小发送、时间间隔
[Server-rip-1]quit
- 1
- 2
- 3
- 4
- 5
- 6
OSPF开放最短路径协议,链路状态。发Hello报文建立邻接关系(邻居表)-形成链路状态数据库(拓扑表)-SPF算法形成路由表(路由表)。
一、配置R1接口IP
<Huawei>system-view
[Huawei]sysname Server //配置设备名称
[Server]interface e x/x/x //进入路由器接口视图
[Server- e x/x/x]ip address xxx.xxx.xxx.xxx xx //配置接口IP地址
[Server- e x/x/x]int s x/x/x
[Server- s x/x/x]ip add xxx.xxx.xxx.xxx xx
<Huawei>dis cu
- 1
- 2
- 3
- 4
- 5
- 6
- 7
二、配置R1的OSPF
[Huawei]ospf
[Huawei-ospf-1]area x
[Huawei-ospf-1-area-x]net xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
[Huawei-ospf-1-area-x]area xx
[Huawei-ospf-1-area-xx]netw xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
[Huawei-ospf-1-area-xx]return
<Huawei>dis cu
- 1
- 2
- 3
- 4
- 5
- 6
- 7
三、使用dis ip routing和dis cu进行验证
路由器IS-IS实验,中间系统-中间系统,路由器称为中间系统IS
<Huawei>sys
[Huawei]un in en
[Huawei]isis
[Huawei-isis-1]
[Huawei-isis-1]network-entity xxx.xxx.xxx.xxx.xxx
[Huawei-isis-1]quit
[Huawei]int g x/x/x
[Huawei-gx/x/x]isis enable
[Huawei-gx/x/x]int g x/x/x
[Huawei-gx/x/x]isis enable
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
验证:ping,dis ip routing,dis isis peer,dis cu,dis isis route
BGP:边界网关协议,在自制系统AS之间选择最佳路由,矢量距离。
一、配置路由器接口基本配置
<Huawei>system-view
[Huawei]sysname Server //配置设备名称
[Server]interface gigabitethernet x/x/x //进入路由器接口视图
[Server- gigabitethernet x/x/x]ip address xxx.xxx.xxx.xxx xx //配置接口IP地址
[Server- gigabitethernet x/x/x]quit //退出配置
- 1
- 2
- 3
- 4
- 5
二、配置IBGB
[Server]bgp 65009 //启动BGP及AS号
[Server-bgp]router-id x.x.x.x //配置BGP的routerlID
[Server-bgp]peer x.x.x.x as-number 65009 //配置BGP对等体
[Server-bgp]peer x.x.x.x as-number 65009
[Server-bgp]quit
- 1
- 2
- 3
- 4
- 5
三、配置EBGP
[Server1]bgp 65009
[Server1-bgp]router-id x.x.x.x
[Server1-bgp]peer x.x.x.x as-number 65009
[Server2-bgp]peer x.x.x.x as-number 65008
- 1
- 2
- 3
- 4
四、配置R1发布路由
[Server1-bgp]ipv4-family unicast //进入IPV4地址族视图
[Server1-bgp-af-ipv4]network x.x.x.x xxx.xxx.xxx.xxx
[Server1-bgp-af-ipv4]quit
- 1
- 2
- 3
五、配置R2引入路由
[Server2-bgp]ipv4-family unicast
[Server1-bgp-af-ipv4]import-route direct //引入路由表
- 1
- 2
六、验证BGP的命令,dis bgp peer
路由器ACL配置,访问控制列表,可以根据源地址、目标地址、源端口、目标端口、协议信息对数据包进出过滤控制。
基本ACL:编号2000-2999
<Huawei>system-view
[Huawei]acl 2001
[Huawei-acl-basic-2001]rule permit source xxx.xxx.xxx.xxx
<Huawei>system-view //进入系统
[Huawei]acl 2001 //配置编号
[Huawei-acl-basic-2001]rule permit source xxx.xxx.xxx.xxx //ACL列表
[Huawei-acl-basic-2001]rule deny source xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
[Huawei-acl-basic-2001]description permit only xxx.xxx.xxx.xxx through
<Huawei>system-view
[Huawei]time-range working-time x:xx to xx:xx working-day
[Huawei]acl name work-acl basic
[Huawei-acl-basic-work-acl]rule deny source xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx time-range woeking-time
<Huawei>system-view
[Huawei]acl 2001
[Huawei-acl-basic-2001]rule deny source xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx none-first-fragment
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
二、高级ACL:编号3000-3999
<Huawei>system-view
[Huawei]acl 3001
[Huawei-acl-basic-3001]rule permit source xxx.xxx.xxx.xxx x destination xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
<Huawei>system-view
[Huawei]acl name deny-telnet
[Huawei-acl-adv-deny-telnet]rule deny tcp destination-port eq telnet source xxx.xxx.xxx.xxx x destination xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
- 1
- 2
- 3
- 4
- 5
- 6
三、实验:限制用户在特定时间访问特定服务器
1、配置IP、vlan、vlanif
<Huawei>system-view
[Huawei]sysname R1
[R1]vlan batch xx xx xx //配置多个vlan
[R1]interface ethernet x/x/x
[R1- interface ethernet x/x/x]port link-type trunk
[R1- interface ethernet x/x/x]port trunk allow-pass vlan xx
[R1- interface ethernet x/x/x]quit
[R1]interface vlanif xx
[R1-vlanif xx]ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
[R1-vlanif xx]quit
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
2、配置基于时间的ACL访问规则
配置xx:xx至xx:xx的周期时间段
[R1]time-range satime xx:xx to xx:xx working-day
- 1
配置某部门到某服务器的访问规则
[R1]acl 3001
[R1-acl-3001]rule deny ip source xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx destination xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx time-range satime
- 1
- 2
3、配置基于ACL的流分类策略
配置流分类c_xs,对匹配ACL 3001的报文进行分类
[R1]traffic classifier c_xs
[R1-classifier-c_xs]if-match acl 3001
[R1-classifier-c_xs]quit
- 1
- 2
- 3
配置流行为b_xs,动作为拒绝报文通过
[R1]traffic behavior b_xs
[R1-behavior- b_xs]deny
[R1-behavior- b_xs]quit
- 1
- 2
- 3
4、基于ACL的流策略
配置流策略p_xs,将流分类c_xs与流行为b_xs关联
[R1]traffic policy p_xs
[R1-trafficpolicy-p_xs]classifier c_xs behavior b_xs
[R1-trafficpolicy-p_xs]quit
- 1
- 2
- 3
某部门访问服务器的流量从接口Ethx/x/x进入Router,所以可以在Ethx/x/x接口的入方向应用流策略p_xs
[R1]interface ethernet x/x/x
[R1-ethernetx/x/x]traffic-policy p_xs inbound
[R1-ethernetx/x/x]quit
- 1
- 2
- 3
推荐阅读
相关标签
