华为命令实例.doc

一、华为系统设置1、华为更改路由名字syssystem-view Enter system view, return user view with Ctrl+Z.susyssusysname luyuluyu2、华为配置系统时钟查看系统时间display clockclock timezone cst add 8-（cst是中国标准时间）3、时间设置clock datetime 11:53:00 2016-11-144、华为标题sysystem-view Enter system view, return user view with Ctrl+Z.luyuheluyuheader ? login Specify the login authentication banner shell Specify the start banner of sessionluyuheader loluyuheader login ? file Specify filename of banner information Specify information of bannerluyuheader login inluyuheader login information ? TEXT Set header text, take the first character as the specified start and end character, the string between the start character and the end character is the header to be displayedluyuheader login information #Info: Input banner text, and quit with the character #.-Warning-#（#两个#之间输入文字#）进入系统之后提示luyuheadluyuheader sheluyuheader shell inluyuheader shell information ? TEXT Set header text, take the first character as the specified start and end character, the string between the start character and the end character is the header to be displayedluyuheader shell information #Info: Input banner text, and quit with the character #.-Welcome-#5、用户命令等级用户等级命令等级名称00访问级10 and 1监控级20，1 and 2配置级3-150，1，2 and 3管理级6、用户界面用户界面类型编号Console0VTY0-4VTY默认是0-4可以5个人同时远程连接，默认值可以修改，最大15个。6.1 VTY修改默认数AR1user-interface maximum-vty ? INTEGER The maximum number of VTY users, the default value is 5Console 出厂配置vty 远程连接（telnet 明文数据抓包能获得用户名和密码 不安全）7、配置console密码luyuuser-interface cluyuuser-interface console 0luyu-ui-console0auluyu-ui-console0authentication-mode pluyu-ui-console0authentication-mode password Please configure the login password (maximum length 16):luyu8、修改console密码luyuuser-interface cluyuuser-interface console 0luyu-ui-console0set auluyu-ui-console0set authentication pluyu-ui-console0set authentication password ciluyu-ui-console0set authentication password cipherluyu-ui-console0set authentication password cipher tianlan9、配置VTY远程登陆luyuuser-interface vluyuuser-interface vty ? INTEGER The first user terminal interface to be configuredluyuuser-interface vty 0luyu-ui-vty0auluyu-ui-vty0authentication-mode pluyu-ui-vty0authentication-mode password Please configure the login password (maximum length 16):tianlanluyuuserluyuuser-interface vty 0 4luyu-ui-vty0-4userluyu-ui-vty0-4user prluyu-ui-vty0-4user privilege lluyu-ui-vty0-4user privilege level 3 配置用户等级查看用户等级display user-interface10、配置远程空闲时间解释：空闲时间好比计算机的屏保时间。0是永不超时。AR1userAR1user-interface vAR1user-interface vty 0 4AR1-ui-vty0-4idAR1-ui-vty0-4idle-timeout 1 10 先输入分，然后是秒。11、历史命令的配置11.1查看历史命令AR1display history-command 系统默认是保留10条。11.2修改保留历史命令AR1userAR1user-interface cAR1user-interface console 0AR1-ui-console0hisAR1-ui-console0history-command mAR1-ui-console0history-command max-size 2012、配置接口命令R1intR1interface gR1interface GigabitEthernet 0/0/0R1-GigabitEthernet0/0/0unR1-GigabitEthernet0/0/0undo shR1-GigabitEthernet0/0/0undo shutdown Info: Interface GigabitEthernet0/0/0 is not shutdown.R1-GigabitEthernet0/0/0ipR1-GigabitEthernet0/0/0ip addR1-GigabitEthernet0/0/0ip address 24Nov 14 2016 16:49:28-08:00 R1 %01IFNET/4/LINK_STATE(l)0:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state.12.1查看当前接口命令display this12.2查看谁连接display users12.3查看路由基本信息AR1display version12.4查看接口状态信息AR1display interface GigabitEthernet 0/0/012.5查看有没有电子证书display rsa local-key-pair public 12.6查看全部接口的IP简要信息，含IP地址AR1display ip interface brief13、创建电子证书 (STelnet 是加密密码 安全)AR1rsa local-key-pair create The key name will be: Host% RSA keys defined for Host already exist.Confirm to replace them? (y/n)n:yThe range of public key size is (512 2048).NOTES: If the key modulus is greater than 512, It will take a few minutes.Input the bits in the modulusdefault = 512:1024Generating keys.+.+.+.+AR1display rsAR1display rsa lAR1display rsa local-key-pair AR1display rsa local-key-pair pAR1display rsa local-key-pair public =Time of Key pair created: 2016-11-17 14:39:22-08:00Key name: HostKey type: RSA encryption Key=Key code:308188 028180 9FAFC491 4CB9B7A7 C49E5F10 83ADBEF3 5B1E4A2D AA6AF3C5 D6DBE118 129CD363 9ECC893F E38D10E0 73F032F2 FDB98135 DD037827 96686E0D 4395E7A1 10A06E40 CAA8BA70 3825C210 A617C4B5 78DF5A52 DB4B214E 62620B59 8A3552DB 3C1AD1E3 AF9DE62C E0ECE98C 36DBF6E7 CF4821EA 08454E00 6159D0CB 325DC155 9DA37277 0203 010001=Time of Key pair created: 2016-11-17 14:39:25-08:00Key name: ServerKey type: RSA encryption Key=Key code:3067 0260 C77482E1 98F6F480 BE60853F 549EF344 54BAD71A 2F557B47 3C4A106B FFF409EE 8957079F 1CC2F2E2 F3632326 96157EC8 F47E7AC1 464469AB 790E9524 FF7144C3 7258376E 08611414 2FE2E8B9 37243BC8 CA2295CC 3DF914AA E9AA1961 A66C76FB 0203 010001AR1useAR1user-interface vAR1user-interface vty 0 4AR1-ui-vty0-4disAR1-ui-vty0-4display this 查看当前接口状况V200R003C00#user-interface con 0 authentication-mode password set authentication password cipher %$%$;n9vxV(YmGf4tCd5,X&cxcX=RT*7,&Ck9Z2IXULX),%$%$user-interface vty 0 4 authentication-mode aaa user privilege level 15user-interface vty 16 20#returnAR1-ui-vty0-4proAR1-ui-vty0-4protocol inAR1-ui-vty0-4protocol inbound sAR1-ui-vty0-4protocol inbound ssh AR1-ui-vty0-4aaaAR1-aaadisAR1-aaadisplay thAR1-aaadisplay this V200R003C00#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user sumj password cipher %$%$i)Jt/)5LngsRVG(RsY+WJ1%$%$ local-user sumj privilege level 15 local-user sumj service-type telnet local-user admin password cipher %$%$K8m.Nt84DZe#08bmE3Uw%$%$ local-user admin service-type http local-user tianlan password cipher %$%$L:qFoAa8ZvLG*FTQXO+Qb7%$%$ local-user tianlan privilege level 15 local-user tianlan service-type telnet#returnAR1-aaaloAR1-aaalocal-user adAR1-aaalocal-user admin serAR1-aaalocal-user admin service-type ssAR1-aaalocal-user admin service-type sshAR1-aaaqAR1ssh userAR1ssh user adAR1ssh user admin auAR1ssh user admin authentication-type pAR1ssh user admin authentication-type password Authentication type setted, and will be in effect next timeAR1disAR1display ssAR1display ssh userAR1display ssh user-information - Username Auth-type User-public-key-name - admin password null -AR1display ssAR1display ssh ser stAR1display ssh ser status SSH version :1.99 SSH connection timeout :60 seconds SSH server key generating interval :0 hours SSH Authentication retries :3 times SFTP Server :Disable Stelnet server :DisableAR1steAR1stelnet serAR1stelnet server enAR1stelnet server enable Info: Succeeded in starting the STELNET server.客户端连接stelnet的时候必须执行ssh client first-time enable查看有没有人连过来AR1dispAR1display ssh seAR1display ssh server sAR1display ssh server session14、创建本地用户AR1userAR1user-interface vAR1user-interface vty 0 4AR1-ui-vty0-4userAR1-ui-vty0-4user pAR1-ui-vty0-4user privilege lAR1-ui-vty0-4user privilege level 15AR1-ui-vty0-4authentication-modeAR1-ui-vty0-4authentication-mode aaaAR1-ui-vty0-4qAR1aaaAR1-aaaloAR1-aaalocal-user tianlan pAR1-aaalocal-user tianlan password ciAR1-aaalocal-user tianlan password cipher huaweiInfo: Add a new user.AR1-aaalocAR1-aaalocal-user tiAR1-aaalocal-user tianlan prAR1-aaalocal-user tianlan privilege lAR1-aaalocal-user tianlan privilege level 15AR1-aaalocAR1-aaalocal-user tAR1-aaalocal-user tianlan serAR1-aaalocal-user tianlan service-type tAR1-aaalocal-user tianlan service-type telnetAR1-aaaqAR1-aaaquit AR1disAR1display this二、文件系统文件系统是用来保存路由器或者交换机配置文件1、 查看文件命令dirdir fdir flash:Directory of flash:/ Idx Attr Size(Byte) Date Time(LMT) FileName 0 drw- - Nov 18 2016 01:28:02 dhcp d代表目录 1 -rw- 121,802 May 26 2014 09:20:58 portalpage.zip rw 表示读写 2 -rw- 2,263 Nov 18 2016 01:27:47 statemach.efs 3 -rw- 828,482 May 26 2014 09:20:58 sslvpn.zip1,090,732 KB total (784,468 KB free)2、 更变文件目录pwpwd flash:cd flcd flash:/dhcd flash:/dhcp/ dirDirectory of flash:/dhcp/ Idx Attr Size(Byte) Date Time(LMT) FileName 0 -rw- 98 Nov 18 2016 01:28:02 dhcp-duid.txt1,090,732 KB total (784,468 KB free)pwd 当前目录flash:/dhcpmomore dhcmore dhcp-duid.txt 目录里面的东西*Huawei DHCP DUID*time* 2016-11-18 09:28:02*version* 1#DUID_LL: 0003000100E0FC7C54C5*end*3、创建目录三、IP路由原理、静态路由基本配置1、基本关键词定义路由器：在互联网中进行路由选择所使用的设备，或者说，实现路由的设备，我们称之为路由器。 路由器关键功能： 检查数据包的目的地 确定信息源 发现可能的路由 选择最佳路由 验证和维护路由信息路由：是指导IP报文发送的路径信息。路由表：工作时依赖于路由表进行数据的转发。路由表犹如一张地图，它包含着去往各个目的的路径信息（路由条目）。每条信息至少应该包括下面3个内容：目的网络-表明路由器可以到达的网络地址，可理解为去哪里。下一跳-通常情况下，下一跳（nexthop）一般指向去往目的网络的下一个路由器的接口地址，该路由器称之为下一跳路由器。出接口-表明数据包从本路由器的哪个接口发送出去。2、静态和动态路由静态路由：静态路由由网络管理员手工指定的路由。 其优点为： 使用简单，容易实现 可精确控制路由走向，对网络进行最优化调整 对设备性能要求较低，不额外占用链路带宽其缺点为： 网络是否通畅以及是否优化，完全取决于管理员的配置 网络规模扩大时，由于路由表项的增多，将增加配置的繁杂度以及管理员的工作量 网络拓扑发生变更时，不能自动适应，需要管理员参与修正当网络拓扑发生变化时，管理员需要手工更新静态路由。静态路由的应用： 静态路由在实际应用中相当广泛，通常应用于以下两个场景：小规模、稳定的网络路径选择的控制，即控制某些目的网络的路由走向（配合动态路由）动态路由：动态路由路由器使用路由协议从其他路由器那里获悉的路由。当网络拓扑发生变化时，路由器会更新路由信息。3、路由配置基础命令常用命令视图作用ip route-static ip-addressmask|mask-lengthnexthop-address|interface-type interface-numbernexthop-addresspreference preference|tag tag系统配置单播静态路由Display ip interface briefinterface-type interface-number所有查看接口与IP相关的配置和统计信息或者简要信息Display ip routing-table所有查看路由表静态路由的下一跳： 点对点链路：至少写上出接口；但也可以写上下一跳IP地址。 以太网链路：至少写上下一跳IP地址；也可以写上出接口。 下一跳IP地址可以不直连，但这样会发生递归。4、接口配置IP地址4.1、前期接口ip的配置R1intR1interface gR1interface GigabitEthernet 0/0/0R1-GigabitEthernet0/0/0unR1-GigabitEthernet0/0/0undo shR1-GigabitEthernet0/0/0undo shutdown Info: Interface GigabitEthernet0/0/0 is not shutdown.R1-GigabitEthernet0/0/0ipR1-GigabitEthernet0/0/0ip addR1-GigabitEthernet0/0/0ip address 24Nov 14 2016 16:49:28-08:00 R1 %01IFNET/4/LINK_STATE(l)0:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state.4.2、查看接口IP配置AR1-GigabitEthernet0/0/0dispAR1-GigabitEthernet0/0/0display ip intAR1-GigabitEthernet0/0/0display ip interface briAR1-GigabitEthernet0/0/0display ip interface brief *down: administratively downdown: standby(l): loopback(s): spoofingThe number of interface that is UP in Physical is 1The number of interface that is DOWN in Physical is 2The number of interface that is UP in Protocol is 1The number of interface that is DOWN in Protocol is 2Interface IP Address/Mask Physical Protocol GigabitEthernet0/0/0 /24 down down GigabitEthernet0/0/1 unassigned down down NULL0 unassigned up up(s)4.3、关闭接口R1interface GigabitEthernet 0/0/1R1-GigabitEthernet0/0/1shutdown4.4、开启接口R1interface GigabitEthernet 0/0/1R1-GigabitEthernet0/0/1undo shutdown5、配置路由表路由表就是设备之间能互通。5.1查看路由表命令AR1disAR1display ip rouAR1display ip routing-table Route Flags: R - relay, D - download to fib-Routing Tables: Public Destinations : 4 Routes : 4 Destination/Mask Proto Pre Cost Flags NextHop Interface /8 Direct 0 0 D InLoopBack0 /32 Direct 0 0 D InLoopBack055/32 Direct 0 0 D InLoopBack055/32 Direct 0 0 D InLoopBack05.2查看静态路由表命令R1display ip routing-table protocol static5.3查看详细路由表信息R1display ip routing-table verboseDirect 表示直连路由（点对点，两边只有一个设备）路由优先级（Preference）： 当存在多个路由来源时，具有较高优先级（数值越小表明优先级越高）的路由来源提供的路由将被激活，用于指导报文的转发。 路由优先级有内外之分，如果外部优先级相同则比较内部优先级。路由优先级（Preference）：VRP缺省的外部路由优先级如下表： 内部：路由协议外部优先级路由协议外部优先级 DIRECT0DIRECT0OSPF10OSPF10IS-IS15IS-IS15STATIC60STATIC18RIP100RIP60OSPF ASE150OSPF ASE100IBGP255IBGP150EBGP255EBGP150 Untrustworthy255Untrustworthy2005.4添加路由表实例，如下拓扑：添加路由表命令：实例：CLENT1和CLENT2相互ping通AR1ip roAR1ip route-sAR1ip route-static 24 s1/0/0 AR2ip route-static 24 s1/0/0 实例：CLENT1和CLENT3相互ping通R1ip route-static 24 Serial1/0/0 R2ip route-static 24 g0/0/0 R3ip route-static 24 s1/0/0 R4ip route-static 24 s1/0/0 R3ip route-static 24 g0/0/0 实例：CLENT2和CLENT3相互ping通R4ip route-static 24 s1/0/0 实例：AR1和AR4相互ping通R1ip route-static 24 s1/0/0 R2ip route-static 24 g0/0/0 R3ip route-static 24 GigabitEthernet 0/0/0 R4ip route-static 24 s1/0/0 6、删除路由表命令R2 undo ip route-static GigabitEthernet0/0/0 7、缺省路由8、配置优先级同级别路由分优先级（备份链路）preference 越大优先走AR1ip route-static 24 s1/0/0 preference 70四、动态路由协议基础定义：路由协议是路由器之间交互信息的一种语言，路由器之间通过路由选择协议共享网络状态和网络可达性的一些信息。路由器依靠动态路由协议传播和收集路由选择信息。路由协议定义了一套路由器与邻接路由器通信时使用的规则。动态计算路由，适应网络变化，找出本地路由器到网络中其他网段的路由。1、动态路由协议 常见的动态路由协议有： RIP: Routing Information Protocol，路由信息协议。 OSPF: Open Shortest Path First，开放式最短路径优先。 ISIS: Intermediate System to Intermediate System，中间系统到中间系统。 BGP: Border Gateway Protocol，边界网关协议。1.2、自治系统 1.3、动态路由协议的分类2、路由协议之间的互操作 每种路由协议只能发布和学习自己协议已知的路由 自己已知的路由是指在某个接口上运行了该种路由协议，或者在路由表中的本路由协议发现的路由。 在不同的路由来源共享路由信息，需要进行引入(import-route)操作。 最经常使用的是引入静态路由和直接路由。有时也需要引入其它路由协议的路由。3、衡量动态路由协议的一些性能指标正确性 能够正确找到最优的路由，且无自环快收敛 当网络的拓扑结构发生变化后，能够迅速在自治系统中作相应的路由改变。低开销 协议自身的开销（内存、CPU、网络带宽）最小。安全性 协议自身不易受攻击，有安全机制。普适性 适应各种拓扑结构和规模的网络。4、RIP简单介绍及基本配置RIP的优点：配置简单、易于维护、适合小型网络。4.1、RIP工作原理4.2、RIP度量4.3、RIP路由表的初始化4.4、RIP路由表的更新4.5、RIP1 VS RIP2RIPv1是有类别路由协议，不支持VLSM和CIDR。以广播的形式发送报文。不支持认证。RIPv2为无类别路由协议，支持VLSM，支持路由聚合与CIDR。支持以广播或组播（）方式发送报文。支持明文认证和MD5密文认证。4.6、RIP报文格式 RIPv1 报文格式RIPv2 报文格式 4.7、RIP基本配置注：配置RIP要配置水平分割和毒性反正（避免环路），水平分割时默认开启。配置AR1:R1interface GigabitEthernet 0/0/0R1-GigabitEthernet0/0/0ip address 24R1interface GigabitEthernet 0/0/1R1-GigabitEthernet0/0/1ip address 172.16.12