华为交换机路由器的使用

一些基本命令

<Huawei>system-view #进入系统视图
[Huawei]interface Ethernet 0/0/1 #进入接口视图
[Huawei-Ethernet0/0/1]quit #返回上一级
[Huawei]interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1]return #返回用户视图或者 Ctrl + z
<Huawei>

修改主机名

<Huawei>system-view #进入系统视图
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname oschina #修改主机名为oschina
[oschina]

显示VRP版本

[oschina]display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.110 (S3700 V200R001C00)
Copyright (c) 2000-2011 HUAWEI TECH CO., LTDQuidway S3700-26C-HI Routing Switch uptime is 0 week, 0 day, 0 hour, 11 minutes

查看配置

[oschina]display current-configuration
#
sysname oschina
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
#
...
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

设置密码

<oschina>system-view #进入系统视图
Enter system view, return user view with Ctrl+Z.
[oschina]aaa #进入认证设置
[oschina-aaa]local-user dongxia password cipher oschina #设置用户为 dongxia 密码为 oschina
Info: Add a new user.
[oschina-aaa]quit #返回系统视图
[oschina]user-interface console 0 #用户控制台
[oschina-ui-console0]authentication-mode aaa #激活认证配置

ctrl + ] 登出验证

[oschina-ui-console0]return #返回用户视图
<oschina>save #保存
The current configuration will be written to the device.
Are you sure to continue?[Y/N]Y #是否确认选择 Y
...
Save the configuration successfully.
<oschina>reboot

恢复出厂设置

<oschina>reset saved-configuration #恢复出厂
Warning: The action will delete the saved configuration in the device.
The configuration will be erased to reconfigure. Continue? [Y/N]:Y #是否擦除选择 Y
...
Info: Succeeded in clearing the configuration in the device.
<oschina>reboot #重启
Info: The system is now comparing the configuration, please wait.
Warning: All the configuration will be saved to the configuration file for the n
ext startup:, Continue?[Y/N]:N #是否再次保存选择 N
Info: If want to reboot with saving diagnostic information, input 'N' and then e
xecute 'reboot save diagnostic-information'.
System will reboot! Continue?[Y/N]:Y #是否重启选择 Y

查看Mac地址

[Huawei]display mac-address

关闭消息提醒

<Huawei>undo terminal debugging
Info: Current terminal debugging is off.
<Huawei>undo terminal logging
Info: Current terminal logging is off.
<Huawei>undo terminal trapping
Info: Current terminal trapping is off.
<Huawei>undo terminal monitor
Info: Current terminal monitor is off.

设置账户锁定时间
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]user-interface console 0 #进入控制台
[Huawei-ui-console0]idle-timeout 0 #设置为0 即不锁定

VLAN的划分

创建vlan，并将接口加入

默认情况下所有接口都在 VLAN1中，且VLAN1默认就存在，所以只需要配置其他即可

<Huawei> system-view

[Huawei] vlan batch 2 3 #创建VLAN2、3 batch用于批量

[Huawei] port-group 1 #建组用于批量设置接口

[Huawei-port-group-1] group-member Ethernet0/0/3 Ethernet0/0/4 #将多个接口添加到组中

[Huawei-port-group-1] port link-type access #准备加入vlen

[Huawei-port-group-1] port default vlan 2 // 将组group1中的接口加入到vlen中

[Huawei-port-group-1] quit

trunk 中继链路

默认情况下两个交换机只有 vlan1 的节点可以通信，如需要不同交换机的相同vlan 通讯需设置trunk

如果接口被改动过，则需要恢复默认配置

[Huawei] clear configuration interface Ethernet0/0/7 #清除原有配置

[Huawei] interface Ethernet0/0/7
[Huawei-Ethernet0/0/7] undo shutdown #重新启用用接口

[Huawei-Ethernet0/0/7] port default vlan 1

配置trunk 放行所有vlan

[Huawei]interface Ethernet 0/0/7
[Huawei-Ethernet0/0/7]port link-type trunk
[Huawei-Ethernet0/0/7]port trunk allow-pass vlan all #允许所有vlan

在另一台交换机上的 7 端口做同样配置

验证

链路聚合

捆绑物理接口

[Huawei]clear configuration interface Ethernet 0/0/7 #清除原有配置注意后端口连接会关闭

[Huawei]interface Ethernet 0/0/7

[Huawei-Ethernet0/0/7]undo shutdown #启用端口连接 7

[Huawei]interface Eth-Trunk 1 #创建聚合 1

[Huawei-Eth-Trunk1]trunkport Ethernet 0/0/7 0/0/8 # 将端口 7 8 聚合

[Huawei-Eth-Trunk1]port link-type trunk #准备设置trunk

[Huawei-Eth-Trunk1]port trunk allow-pass vlan all #放行所有vlan

另一台同样操作

配置静态路由

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.1.254 24 #设置端口IP 掩码
[Huawei-GigabitEthernet0/0/0]display this #查看
[V200R003C00]
#
interface GigabitEthernet0/0/0
ip address 192.168.1.254 255.255.255.0
#
return
[Huawei-GigabitEthernet0/0/0]quit

[Huawei]ip route-static 192.168.3.0 24 192.168.2.2 #设置静态转发
[Huawei]ip route-static 192.168.4.0 24 192.168.2.2

AR2同样设置

[Huawei-GigabitEthernet0/0/0]ip address 192.168.3.254 24
[Huawei-GigabitEthernet0/0/1]ip address 192.168.2.2 24
[Huawei-GigabitEthernet0/0/2]ip address 192.168.4.254 24

[Huawei]ip route-static 192.168.1.0 24 192.168.2.1

三层交换机

华为s5700三层交换机注意三层交换机没有 G0 口

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan batch 2 3
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]interface Vlanif 1
[Huawei-Vlanif1]ip address 192.168.1.254 24
[Huawei-Vlanif1]quit

[Huawei]interface Vlanif 2
[Huawei-Vlanif2]ip address 192.168.2.254 24
[Huawei-Vlanif2]quit

[Huawei]interface Vlanif 3
[Huawei-Vlanif3]ip address 192.168.3.254 24
[Huawei-Vlanif3]quit

[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 2
[Huawei]interface GigabitEthernet 0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type access
[Huawei-GigabitEthernet0/0/3]port default vlan 3
[Huawei-GigabitEthernet0/0/3]quit

动态路由

配置LSW1交换机（3700）

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan batch 2 3
[Huawei]interface Ethernet 0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]port default vlan 2
[Huawei]interface Ethernet 0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 3
[Huawei-Ethernet0/0/3]quit
[Huawei]interface Ethernet 0/0/22
[Huawei-Ethernet0/0/22]port link-type trunk
[Huawei-Ethernet0/0/22]port trunk allow-pass vlan all
[Huawei-Ethernet0/0/22]quit

配置三层交换机LSW2（5700）

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan batch 2 3 4
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]interface Vlanif 1
[Huawei-Vlanif1]ip address 192.168.1.254 24
[Huawei-Vlanif1]quit
[Huawei]interface Vlanif 2
[Huawei-Vlanif2]ip address 192.168.2.254 24
[Huawei-Vlanif2]quit
[Huawei]interface Vlanif 3
[Huawei-Vlanif3]ip address 192.168.3.254 24
[Huawei-Vlanif3]quit
[Huawei]interface Vlanif 4
[Huawei-Vlanif4]ip address 192.168.4.1 24
[Huawei-Vlanif4]quit
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 4
[Huawei-GigabitEthernet0/0/2]ospf 1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]quit
[Huawei-ospf-1]quit
[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.4.2

配置路由器AR1

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.4.2 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 192.168.5.254 24
[Huawei-GigabitEthernet0/0/1]ospf 1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]quit

配置ACL

首先配置路由器

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.1.254 24
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 192.168.2.254 24
[Huawei-GigabitEthernet0/0/1]quit

配置完成后节点全部打通

示例一：禁止PC2 和 PC1 通讯

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule deny source 192.168.2.1 0
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 2000

示例二：只允许PC2 访问PC1 其他都拒绝

[Huawei]acl 2001
[Huawei-acl-basic-2001]rule permit source 192.168.2.1 0.0.0.0
[Huawei-acl-basic-2001]rule deny source any
[Huawei-acl-basic-2001]quit
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 2001
Error: A simplified ACL has been applied in this view.
[Huawei-GigabitEthernet0/0/1]undo traffic-filter inbound
[Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 2001

注：也可以修改原ACL2000规则同样也可以达到目的，而且不用再指定端口，即之前设置端口依然生效

示例三：禁止pc2访问pc1的ftp服务，禁止pc3访问pc1的www服务，所有主机的其他服务不受限制

<Huawei>system-view
[Huawei]acl 3000 #高级ACL 用3000
[Huawei-acl-adv-3000]rule deny tcp source 192.168.2.1 0 destination 192.168.1.1 0 destination-port eq 21
[Huawei-acl-adv-3000]rule deny tcp source 192.168.2.2 0.0.0.0 destination 192.168.1.1 0.0.0.0 destination-port eq 80
[Huawei-acl-adv-3000]quit
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]undo traffic-filter inbound #清理原有ACL
[Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 3000 #指定ACL
[Huawei-GigabitEthernet0/0/1]display this

NAT ---静态转换

在路由器AR1上配置静态NAT使192.168.2.1转换为100.0.0.2,192.168.2.2转换为100.0.0.3，实现外部网络访问

pc3无需配置网关

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 100.0.0.1 8
[Huawei-GigabitEthernet0/0/0]nat static global 100.0.0.2 inside 192.168.2.1 #设置转换
[Huawei-GigabitEthernet0/0/0]nat static global 100.0.0.3 inside 192.168.2.2
[Huawei-GigabitEthernet0/0/0]display this

NAT----EasyIP

在AR1上配置Easy IP使企业内网192.168.2.0/24利用g0/0/0端口的ip，实现外部网络的访问

[Huawei]acl 2000
[Huawei-acl-basic-2000]rule permit source any
[Huawei-acl-basic-2000]quit
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]nat outbound 2000
[Huawei-GigabitEthernet0/0/0]display this

三层交换机配置VRRP

路由器配置：

<Huawei> system-view
Enter system view, return user view with Ctrl+Z.
[Huawei] interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0] ip address 192.168.2.1 24
[Huawei-GigabitEthernet0/0/0] quit
[Huawei] interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ip address 192.168.3.1 24
[Huawei-GigabitEthernet0/0/1] quit
[Huawei] interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2] ip address 192.168.4.254 24
[Huawei-GigabitEthernet0/0/2] ospf
[Huawei-ospf-1] area 0
[Huawei-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0] network 192.168.3.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0] network 192.168.4.0 0.0.0.255

三层交换机LSW

<Huawei> system-view
Enter system view, return user view with Ctrl+Z.
[Huawei] interface Vlanif 1
[Huawei-Vlanif1] ip address 192.168.1.252 24
[Huawei-Vlanif1] quit
[Huawei] vlan 2
[Huawei-vlan2] quit
[Huawei] interface Vlanif 2
[Huawei-Vlanif2] ip address 192.168.2.2 24
[Huawei-Vlanif2] quit
[Huawei] interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1] port link-type access
[Huawei-GigabitEthernet0/0/1] port default vlan 2
[Huawei-GigabitEthernet0/0/1] quit
[Huawei] ospf
[Huawei-ospf-1] area 0
[Huawei-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0] quit
[Huawei-ospf-1] quit
[Huawei] interface Vlanif 1
[Huawei-Vlanif1] vrrp vrid 1 virtual-ip 192.168.1.254

[Huawei-Vlanif1] vrrp vrid 1 priority 110 #指定master

配置LSW2：

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]interface Vlanif 1
[Huawei-Vlanif1]ip address 192.168.1.253 24
[Huawei-Vlanif1]quit
[Huawei]vlan 3
[Huawei-vlan3]quit
[Huawei]interface Vlanif 3
[Huawei-Vlanif3]ip address 192.168.3.2 24
[Huawei-Vlanif3]quit
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 3
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]ospf
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]quit
[Huawei-ospf-1]quit
[Huawei]interface Vlanif 1
[Huawei-Vlanif1]vrrp vrid 1 virtual-ip 192.168.1.254
[Huawei-Vlanif1]display this

负载均衡的实现

配置S1为vlan10的主路由器、vlan20的备份路由器，S2为vlan10的备份路由器、vlan20的主路由器，实现负载均衡的效果

S1设置：

三个G口全部设置trunk（这里不再示范）

[Huawei] vlan batch 10 20

[Huawei] interface Vlanif 10

[Huawei-Vlanif10] ip address 192.168.10.252 24

[Huawei-Vlanif10] vrrp vrid 10 virtual-ip 192.168.10.254

[Huawei-Vlanif10] vrrp vrid 10 priority 110

[Huawei] interface Vlanif 20

[Huawei-Vlanif20] ip address 192.168.20.252 24

[Huawei-Vlanif20] vrrp vrid 20 virtual-ip 192.168.20.254

S1设置：

三个G口全部设置trunk（这里不再示范）

[Huawei]vlan batch 10 20

[Huawei]interface Vlanif 10

[Huawei-Vlanif10]ip address 192.168.10.253 24

[Huawei-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254

[Huawei]interface Vlanif 20

[Huawei-Vlanif20]ip address 192.168.20.252 24

[Huawei-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254

[Huawei-Vlanif20]vrrp vrid 20 priority 110

来源：oschina

链接：https://my.oschina.net/u/4502772/blog/4257209

标签

BFE

dfc

acl2

Linux

华为 交换机 路由器 的使用