华为路由器命令配置大全,看完赶快收藏

avatar
作者
猴君
阅读量:0

最近整理了一些和华为交换机、路由器的命令配置,现在一同和大家分享,为即将到来的软考做准备。
路由器基本配置
设置系统日期、时间和时区

<Huawei>clock timezone BJ add xx:xx:xx <Huawei>clock datetime xx:xx:xx xxxx-xx-xx 

设置设备名称和管理IP地址

<Huawei>system-view [Huawei]sysname Server //配置设备名称 [Server]interface gigabitethernet x/x/x //进入路由器接口视图 [Server- gigabitethernet x/x/x]ip address xxx.xxx.xxx.xxx xx //配置接口管理IP地址 [Server- gigabitethernet x/x/x]quit //退出配置 

静态路由配置

[Server]interface gigabitethernet x/x/1 //进入路由器接口视图 [Server- gigabitethernet x/x/1]ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx //配置接口IP地址 [Server- gigabitethernet x/x/1]quit [Server]interface gigabitethernet x/x/2 //进入路由器接口视图 [Server- gigabitethernet x/x/2]ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx //配置接口IP地址 [Server- gigabitethernet x/x/2]quit [Server]ip route-static xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx //配置静态路由 [Server]ip route-static xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx //配置静态路由 [Server]return 

2台路由器静态路由ipv6配置方法

[Server]ipv6 //启用路由器IPv6报文转发功能 [Server]interface gigabitethernet x/x/1 [Server- gigabitethernetx/x/1]ipv6 enable //在接口上启用IPv6 功能 [Server- gigabitethernetx/x/1]ipv6 address x::x xx [Server- gigabitethernetx/x/1]quit [Server]interface gigabitethernet x/x/2 [Server- gigabitethernetx/x/2]ipv6 enable //在接口上启用IPv6 功能 [Server- gigabitethernetx/x/2]ipv6 address x::x xx [Server- gigabitethernetx/x/2]quit [Server]IPv6 route-static x::xx x::x //配置R1到x::xx网段的静态路由 [Server]return 

动态路由rip配置

<Huawei>system-view [Huawei]sysname Server //配置设备名称 [Server]interface gigabitethernet x/x/x //进入路由器接口视图 [Server- gigabitethernet x/x/x]ip address xxx.xxx.xxx.xxx xx //配置接口IP地址 [Server- gigabitethernet x/x/x]quit //退出配置 [Server]rip 1 //配置RIP协议 [Server-rip-1]network xxx.xxx.xxx.xxx [Server-rip-1]network xxx.xxx.xxx.xxx [Server-rip-1]quit 

rip与bfd联动实验,BFD双向转发检测,可以提供毫秒级的检测,可以实现链路的快速检测,通过与上层路由协议联动
配置各接口IP

<Huawei>system-view [Huawei]sysname Server //配置设备名称 [Server]interface gigabitethernet x/x/1 //进入路由器接口视图 [Server- gigabitethernet x/x/1]ip address xxx.xxx.xxx.xxx xx //配置接口IP地址 [Server- gigabitethernet x/x/1]quit [Server] interface gigabitethernet x/x/2 [Server- gigabitethernet x/x/2]ip address xxx.xxx.xxx.xxx xx [Server- gigabitethernet x/x/2]quit 

配置RIP协议

[Server]rip 1 [Server-rip-1]version 2 [Server-rip-1]network xxx.xxx.xxx.xxx [Server-rip-1]network xxx.xxx.xxx.xxx 

配置BFD联动

[Server]bfd [Server-bfd]quit [Server]rip 1 [Server-rip-1]bfd all-interfaces enable //启用bfd功能 [Server-rip-1]bfd all-interfaces min-rx-interval 100 min-tx-intercal 100 detect-multiplier 10 //配置最小发送、时间间隔 [Server-rip-1]quit 

OSPF开放最短路径协议,链路状态。发Hello报文建立邻接关系(邻居表)-形成链路状态数据库(拓扑表)-SPF算法形成路由表(路由表)。
一、配置R1接口IP

<Huawei>system-view [Huawei]sysname Server //配置设备名称 [Server]interface e x/x/x //进入路由器接口视图 [Server- e x/x/x]ip address xxx.xxx.xxx.xxx xx //配置接口IP地址 [Server- e x/x/x]int s x/x/x [Server- s x/x/x]ip add xxx.xxx.xxx.xxx xx <Huawei>dis cu 

二、配置R1的OSPF

[Huawei]ospf [Huawei-ospf-1]area x [Huawei-ospf-1-area-x]net xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx [Huawei-ospf-1-area-x]area xx [Huawei-ospf-1-area-xx]netw xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx [Huawei-ospf-1-area-xx]return <Huawei>dis cu 

三、使用dis ip routing和dis cu进行验证
路由器IS-IS实验,中间系统-中间系统,路由器称为中间系统IS

<Huawei>sys [Huawei]un in en [Huawei]isis [Huawei-isis-1] [Huawei-isis-1]network-entity xxx.xxx.xxx.xxx.xxx [Huawei-isis-1]quit [Huawei]int g x/x/x [Huawei-gx/x/x]isis enable [Huawei-gx/x/x]int g x/x/x [Huawei-gx/x/x]isis enable 

验证:ping,dis ip routing,dis isis peer,dis cu,dis isis route

BGP:边界网关协议,在自制系统AS之间选择最佳路由,矢量距离。
一、配置路由器接口基本配置

<Huawei>system-view [Huawei]sysname Server //配置设备名称 [Server]interface gigabitethernet x/x/x //进入路由器接口视图 [Server- gigabitethernet x/x/x]ip address xxx.xxx.xxx.xxx xx //配置接口IP地址 [Server- gigabitethernet x/x/x]quit //退出配置 

二、配置IBGB

[Server]bgp 65009 //启动BGP及AS号 [Server-bgp]router-id x.x.x.x //配置BGP的routerlID [Server-bgp]peer x.x.x.x as-number 65009 //配置BGP对等体 [Server-bgp]peer x.x.x.x as-number 65009 [Server-bgp]quit 

三、配置EBGP

[Server1]bgp 65009 [Server1-bgp]router-id x.x.x.x [Server1-bgp]peer x.x.x.x as-number 65009 [Server2-bgp]peer x.x.x.x as-number 65008 

四、配置R1发布路由

[Server1-bgp]ipv4-family unicast //进入IPV4地址族视图 [Server1-bgp-af-ipv4]network x.x.x.x xxx.xxx.xxx.xxx [Server1-bgp-af-ipv4]quit 

五、配置R2引入路由

[Server2-bgp]ipv4-family unicast [Server1-bgp-af-ipv4]import-route direct //引入路由表 

六、验证BGP的命令,dis bgp peer
路由器ACL配置,访问控制列表,可以根据源地址、目标地址、源端口、目标端口、协议信息对数据包进出过滤控制。
基本ACL:编号2000-2999

<Huawei>system-view [Huawei]acl 2001 [Huawei-acl-basic-2001]rule permit source xxx.xxx.xxx.xxx <Huawei>system-view //进入系统 [Huawei]acl 2001 //配置编号 [Huawei-acl-basic-2001]rule permit source xxx.xxx.xxx.xxx //ACL列表 [Huawei-acl-basic-2001]rule deny source xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx [Huawei-acl-basic-2001]description permit only xxx.xxx.xxx.xxx through <Huawei>system-view [Huawei]time-range working-time x:xx to xx:xx working-day [Huawei]acl name work-acl basic [Huawei-acl-basic-work-acl]rule deny source xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx time-range woeking-time <Huawei>system-view [Huawei]acl 2001 [Huawei-acl-basic-2001]rule deny source xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx none-first-fragment 

二、高级ACL:编号3000-3999

<Huawei>system-view [Huawei]acl 3001 [Huawei-acl-basic-3001]rule permit source xxx.xxx.xxx.xxx x destination xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx <Huawei>system-view [Huawei]acl name deny-telnet [Huawei-acl-adv-deny-telnet]rule deny tcp destination-port eq telnet source xxx.xxx.xxx.xxx x destination xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 

三、实验:限制用户在特定时间访问特定服务器
1、配置IP、vlan、vlanif

<Huawei>system-view [Huawei]sysname R1 [R1]vlan batch xx xx xx //配置多个vlan [R1]interface ethernet x/x/x [R1- interface ethernet x/x/x]port link-type trunk [R1- interface ethernet x/x/x]port trunk allow-pass vlan xx [R1- interface ethernet x/x/x]quit [R1]interface vlanif xx [R1-vlanif xx]ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx [R1-vlanif xx]quit 

2、配置基于时间的ACL访问规则
配置xx:xx至xx:xx的周期时间段

[R1]time-range satime xx:xx to xx:xx working-day 

配置某部门到某服务器的访问规则

[R1]acl 3001 [R1-acl-3001]rule deny ip source xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx destination xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx time-range satime 

3、配置基于ACL的流分类策略
配置流分类c_xs,对匹配ACL 3001的报文进行分类

[R1]traffic classifier c_xs [R1-classifier-c_xs]if-match acl 3001 [R1-classifier-c_xs]quit 

配置流行为b_xs,动作为拒绝报文通过

[R1]traffic behavior b_xs [R1-behavior- b_xs]deny [R1-behavior- b_xs]quit 

4、基于ACL的流策略
配置流策略p_xs,将流分类c_xs与流行为b_xs关联

[R1]traffic policy p_xs [R1-trafficpolicy-p_xs]classifier c_xs behavior b_xs [R1-trafficpolicy-p_xs]quit 

某部门访问服务器的流量从接口Ethx/x/x进入Router,所以可以在Ethx/x/x接口的入方向应用流策略p_xs

[R1]interface ethernet x/x/x [R1-ethernetx/x/x]traffic-policy p_xs inbound [R1-ethernetx/x/x]quit 

广告一刻

为您即时展示最新活动产品广告消息,让您随时掌握产品活动新动态!