华为接入层路由器配置培训.ppt

接入层路由器配置,HuaWei AR2831 / FiberHome R2600,提纲,1. 接入层路由器介绍 2. CMNET专线接入网络结构 3. 搭建Console配置环境 4. Huawei AR2831配置及实例 5. FiberHome R2600配置及实例 6. 网络测试,路由器,电脑,1.1 路由器构成,CPU,interface,内存,Flash,CPU,网卡,内存,硬盘,VRP / IOS,Windows Linux,dis ver Huawei Versatile Routing Platform Software VRP software, Version 3.40, Release 0311 Copyright (c) 1998-2010 Huawei Technologies Co., Ltd. All rights reserved. Without the owners prior written consent, no decompiling nor reverse-engineering shall be allowed. Quidway AR28-31 uptime is 0 week, 0 day, 0 hour, 47 minutes Last reboot 2010/01/14 15:25:08 System returned to ROM By Command. CPU type: PowerPC 8245 300MHz 128M bytes SDRAM Memory 32M bytes Flash Memory 128K bytes NvRAM Memory PCB Version:1.0 Logic Version:1.0 BootROM Version:9.40 SLOT 0 2FE (Hardware)3.1, (Driver)2.0, (CPLD)0.0,1.2 路由器版本信息,1.3 Huawei AR2831路由器及工作状态,1.3 Huawei AR2831路由器及工作状态,1.4 FiberHome R2600路由器,2. 1 IP相关概念,私网地址（Private IP） 私有地址是指内部网络或主机地址，不必向ISP或注册中心申请而在公司或企业内部自由使用。 RFC1918为私有网络预留出了三个IP地址块，如下： A类：55 B类：55 B类：55 上述三个范围内的地址不会在因特网上被分配。,公网地址（Public IP） 公有地址是指在因特网上全球唯一的IP地址。 需要向ISP或注册中心申请。,将IP数据报报头中的IP地址转换为另一个IP地址的过程。在实际应用中，NAT主要用于实现私有网络访问外部网络的功能。这种通过使用少量的公有IP地址代表多数的私有IP地址的方式将有助于减缓可用IP地址空间枯竭的速度。,NAT（Network Address Translation，地址转换）,2. 2 专线接入Internet典型拓扑,E0/0,Internet,E0/01,/24,/24,6/30,5/30,缺省路由() 基于源的地址转换(NAT),NAT,WAN,LAN,3.1 查找正确的com接口,“我的电脑”右键属性 “硬件” “设备管理器”,USB-to-Serial转换线连接到USB接口（建议每次使用同一USB接口）,3.2 通过超级终端连接Console,Console接口,Console线缆,RJ45,RS232串口,“开始” - “程序” - “附件” - “通讯” - “超级终端”,配置烽火路由器一定要使用原配的console线缆才能连接成功,3.3 通过SecureCRT连接Console,Console接口,Console线缆,RJ45,RS232串口,新建会话：“连接管理” - “新建会话”,设置串行口参数,配置烽火路由器时console线缆一定要使用烽火原配的,才能连接成功,3. 4 路由器配置顺序,全局基本配置,接口配置,路由配置,NAT配置,配置保存,4.1 Huawei AR2831配置视图,表2-1 命令视图功能特性列表,4.2 路由器全局基本配置（Huawei AR2831）,配置主机名 su /切换到用户等级3 system-view /进入系统视图 Quidway sysname CZ-HONGQIAO-AR2831 /配置主机名 CZ-HONGQIAO-AR2831,配置登录用户名、密码 CZ-HONGQIAO-AR2831 local-user admin /创建admin用户 CZ-HONGQIAO-AR2831-luser-adminpassword cipher cmcc /设置密码 CZ-HONGQIAO-AR2831 -luser-admin level 1 /设置用户级别 CZ-HONGQIAO-AR2831 super password level 3 cipher cmnet /配置等级3用户切换密码 CZ-HONGQIAO-AR2831 user-interface vty 0 4 CZ-HONGQIAO-AR2831 -ui-console0 authentication-mode scheme /使用本地用户数据库进行认证,设置路由器时钟 su clock datetime 16:28:20 2011/03/08 /配置时间,配置SNMP Community su system-view CZ-HONGQIAO-AR2831 snmp-agent community read CZFWZCSCMCC / 配置只读snmp共同体字符串,huawei设备缺省用户名：admin 密码：huawei,4.3 路由器接口配置（Huawei AR2831）,配置接口 (Huawei AR2831) su system-view CZ-HONGQIAO-AR2831 interface Ethernet 0/0 CZ-HONGQIAO-AR2831-Ethernet0/0 description hongqiao_wan /接口口描述 CZ-HONGQIAO-AR2831-Ethernet0/0 ip address 6 52 /配置接口ip CZ-HONGQIAO-AR2831-Ethernet0/0 qos car inbound any cir 10000000 cbs 10000000 ebs 0 green pass red discard / inbound方向限速10M，cir单位bps，cbs单位bit，cir不能超过cbs*20 CZ-HONGQIAO-AR2831-Ethernet0/0 qos car outbound any cir 10000000 cbs 10000000 ebs 0 green pass red discard / outbound方向限速10M， cir单位bps，cbs单位bit，cir不能超过cbs*20 CZ-HONGQIAO-AR2831-Ethernet0/0 interface Ethernet0/1 CZ-HONGQIAO-AR2831-Ethernet0/1 description hongqiao_lan CZ-HONGQIAO-AR2831-Ethernet0/1 ip address ,4.4 路由器路由配置（Huawei AR2831）,配置缺省路由(Huawei AR2831) su system-view CZ-HONGQIAO-AR2831 ip route-static 5 /配置缺省路由,4.5 路由器NAT配置(Huawei AR2831), su system-view CZ-HONGQIAO-AR2831 dhcp server ip-pool lan-pool CZ-HONGQIAO-AR2831-dhcp-pool-lan-pool network mask CZ-HONGQIAO-AR2831-dhcp-pool-lan-pool gateway-list CZ-HONGQIAO-AR2831-dhcp-pool-lan-pool dns-list CZ-HONGQIAO-AR2831-dhcp-pool-lan-pool expired day 3 CZ-HONGQIAO-AR2831 dhcp server forbidden-ip CZ-HONGQIAO-AR2831 acl number 2001 /配置内网访问控制列表 CZ-HONGQIAO-AR2831-acl-basic-2001 rule 0 permit source 55 CZ-HONGQIAO-AR2831 nat address-group 3 6 6 /配置外网地址池 CZ-HONGQIAO-AR2831 interface ethernet 0/0 CZ-HONGQIAO-AR2831-Ethernet0/0 nat outbound 2001 address-group 3 /在WAN接口上应用NAT,配置DHCP,4.6 路由器配置保存（Huawei AR2831）,配置保存(Huawei AR2831) su system-view CZ-HONGQIAO-AR2831 save /保存配置,4.7 其他辅助配置（Huawei AR2831）,Tab键补全功能 systab = system-view ? 帮助功能 CZ-HONGQIAO-AR2831 int? interface CZ-HONGQIAO-AR2831 interface ? Aux Aux interface Bridge-template Bridge template Interface Dialer Dialer interface Ethernet Ethernet interface Logic-Channel Logic tunnel interface LoopBack LoopBack interface 中文/英文模式转换 su language-mode chinese % 改变到中文模式。,4.8 配置检查（Huawei AR2831）, su system-view CZ-HONGQIAO-AR2831 display current-configuration /查看当前正在运行的配置, su system-view CZ-HONGQIAO-AR2831 display ip interface brief /显示接口信息摘要 *down: administratively down (l): loopback (s): spoofing Interface IP Address Physical Protocol Description Aux0 unassigned down down Aux0 Inte. Ethernet0/0 6 up up hongqiao_wan Ethernet0/1 up up hongqiao_lan, su system-view CZ-HONGQIAO-AR2831 display ip routing-table /显示路由表 Routing Table: public net Destination/Mask Protocol Pre Cost Nexthop Interface /0 STATIC 60 0 5 Ethernet0/0 4/30 DIRECT 0 0 6 Ethernet0/0 6/32 DIRECT 0 0 InLoopBack0 /8 DIRECT 0 0 InLoopBack0 /32 DIRECT 0 0 InLoopBack0,4.8 配置检查（Huawei AR2831）, su system-view CZ-HONGQIAO-AR2831 display interface Ethernet 0/0 /查看接口状态 Ethernet0/0 current state :UP Line protocol current state :UP Description : hongqiao_wan The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 6/30 IP Sending Frames Format is PKTFMT_ETHNT_2, Hardware address is 3ce5-a654-9a42 Media type is twisted pair, loopback not set, promiscuous mode not set 100Mb/s, Full-duplex, link type is autonegotiation Output flow-control is disabled, input flow-control is disabled Output queue : (Urgent queuing : Size/Length/Discards) 0/50/0 Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 Last clearing of counters: Never Last 300 seconds input rate 197.35 bytes/sec, 1578 bits/sec, 2.42 packets/sec Last 300 seconds output rate 0.00 bytes/sec, 0 bits/sec, 0.00 packets/sec Input: 1754 packets, 154392 bytes, 1754 buffers 1319 broadcasts, 435 multicasts, 0 pauses 0 errors, 0 runts, 0 giants 0 crc, 0 align errors, 0 overruns 0 dribbles, 0 drops, 0 no buffers 0 frame errors Output:1 packets, 120 bytes, 2 buffers 2 broadcasts, 0 multicasts, 0 pauses 0 errors, 0 underruns, 0 collisions 0 deferred, 0 lost carriers,4.9 配置实例 ( Huawei AR2831),# sysname CZ-HONGQIAO-AR2831 # super password level 3 cipher cmnet # nat address-group 3 6 6 # radius scheme system # domain system # undo ftp server # ip http shutdown # # local-user admin password cipher cmcc undo service-type ftp level 1 # dhcp server ip-pool 0 network mask gateway-list dns-list expired day 3 #,acl number 2001 rule 0 permit source 55 # interface Ethernet0/0 description hongqiao_wan ip address 6 52 nat outbound 2001 address-group 3 qos car inbound any cir 10000000 cbs 10000000 ebs 0 green pass red discard qos car outbound any cir 10000000 cbs 10000000 ebs 0 green pass red discard # interface Ethernet0/1 description hongqiao_lan ip address # dhcp server forbidden-ip # ip route-static 5 preference 60 # snmp-agent community read CZFWZCSCMCC snmp-agent sys-info version all # user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme,5.1 FiberHome R2600配置视图,5.2 路由器全局基本配置（FiberHome R2600）,配置主机名 R1enable R1#config R1_config#hostname CZ-LIJIN-R2600 /配置主机名 CZ-LIJIN-R2600_config#,配置登录用户名、密码 CZ-LIJIN-R2600enable CZ-LIJIN-R2600#config CZ-LIJIN-R2600_config#username admin password 0 cmcc /创建用户名和密码 CZ-LIJIN-R2600_config# enable password 0 cmnet level 15 /配置enable密码 CZ-LIJIN-R2600_config# aaa authentication login default local /启用从本地用户数据库认证 CZ-LIJIN-R2600_config# aaa authentication enable default enable CZ-LIJIN-R2600_config#line vty 0 4 / 将认证方式应用到vty CZ-LIJIN-R2600_config_line#login aaa,设置路由器时钟 CZ-LIJIN-R2600enable CZ-LIJIN-R2600#clock set clock set 14:57:20 9 3 2011 /配置时间,配置SNMP Community CZ-LIJIN-R2600enable CZ-LIJIN-R2600#config CZ-LIJIN-R2600_config# snmp-server community CZFWZCSCMCC RO /配置只读的SNMP共同体字符串,FibleHome默认用户名/密码：admin /12345 enable密码：12345,5.3 路由器接口配置（FiberHome R2600）,配置接口IP CZ-LIJIN-R2600 enable CZ-LIJIN-R2600# config CZ-LIJIN-R2600_config# interface FastEthernet1/0 CZ-LIJIN-R2600_config_if# description hongqiao_wan /接口描述 CZ-LIJIN-R2600_config_if# ip address 6 52 /配置接口ip CZ-LIJIN-R2600_config_if# interface FastEthernet1/1 CZ-LIJIN-R2600_config_if# description hongqiao_lan CZ-LIJIN-R2600_config_if# ip address ,5.4 路由器路由配置（FiberHome R2600）,配置缺省路由(FiberHome R2600) CZ-LIJIN-R2600 enable CZ-LIJIN-R2600# config CZ-LIJIN-R2600_config# ip route default 5 /配置缺省路由,5.5 路由器NAT配置 (FiberHome R2600),CZ-LIJIN-R2600 en CZ-LIJIN-R2600# config CZ-LIJIN-R2600_config# ip dhcpd enable /启用DHCP服务 CZ-LIJIN-R2600_config# ip dhcp pool lan-pool CZ-LIJIN-R2600_config_dhcp# network CZ-LIJIN-R2600_config_dhcp# range 54 CZ-LIJIN-R2600_config_dhcp# default-router CZ-LIJIN-R2600_config_dhcp# dns-server CZ-LIJIN-R2600_config# ip access-list standard 10 /配置内网访问控制列表 CZ-LIJIN-R2600_config# permit CZ-LIJIN-R2600_config# ip nat pool nat-pool 6 6 52 /配置外网地址池 CZ-LIJIN-R2600_config# ip nat inside source list 10 pool nat-pool overload /配置NAT方式 CZ-LIJIN-R2600_config_f1/0# interface FastEthernet1/0 CZ-LIJIN-R2600_config_f1/0# ip nat outside / 在WAN口应用NAT CZ-LIJIN-R2600_config_f1/0# interface FastEthernet1/1 CZ-LIJIN-R2600_config_f1/0# ip nat inside /在LAN口应用NAT,配置DHCP,5.6 路由器配置保存,配置保存(FiberHome R2600) CZ-LIJIN-R2600 enable CZ-LIJIN-R2600# write /保存配置,5.7 配置检查（FiberHome R2600）,CZ-LIJIN-R2600#sh run /查看正在运行的配置 CZ-LIJIN-R2600#show ip interface brief /查看接口信息摘要 CZ-LIJIN-R2600#show interface f1/0 /查看接口状态及流量 CZ-LIJIN-R2600#show ip route /查看路由表,5.8 配置实例 (FiberHome R2600 ),service timestamps log date service timestamps debug date service password-encryption ! hostname CZ-LIJIN-R2600 ! aaa authentication login default local aaa authentication enable default enable ! username admin password 0 cmcc ! enable password 0 cmnet level 15 ! interface FastEthernet1/0 description hongqiao_wan ip address 6 52 ip nat outside ! interface FastEthernet1/1 description hongqiao_lan ip address ip nat inside ! line vty 0 4 login aaa !,ip route default 5 ! snmp-server community CZFWZCSCMCC RO ! ip nat pool nat-pool 6 6 52 ! ip access-list standard 10 permit ! ip dhcpd pool lan-pool network range 54 default-router dns-server ! ip dhcpd enable ! ip nat inside source list 10 pool nat-pool overload !,6 网络测试,将测试PC连接到内网，通过DHCP获取内网地址进行测试： ping 测试,C:ping Pinging with 32 bytes of data: Reply from : bytes=32 time=3ms TTL=255 Reply from : bytes=32 time=13ms TTL=255 Reply from : bytes=32 time=5ms TTL=255 Reply from : bytes=32 time=1ms TTL=255 Ping statistics for : Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round