来源:蜘蛛抓取(WebSpider)
时间:2018-06-20 00:21
标签:
an en in un 教案
【华为路由器】基本配置命令学习【祗王夜雪吧】_百度贴吧
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&签到排名:今日本吧第个签到,本吧因你更精彩,明天继续来努力!
本吧签到人数:0可签7级以上的吧50个
本月漏签0次!成为超级会员,赠送8张补签卡连续签到:天&&累计签到:天超级会员单次开通12个月以上,赠送连续签到卡3张
关注:7贴子:
【华为路由器】基本配置命令学习
搜集华为路由器常用的配置命令,方便学习使用~
删除设备配置 reset saved-configuration 重启 reboot 看当前配置文件 display current-configuration 改设备名 sysname 保存配置 save 进入特权模式 sysview 华为只有2层模式 不像cisco enale之后还要conf t 定义acl acl nubmere XXXX(3000以上)进入以后 rule permit/deny IP/TCP/UDP等 source XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX(反向) destination XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX(反向) eq 注意 华为默认没有deny any any 防火墙上端口加载ACL [Quidway-Ethernet0/0]firewall packet-filter 3000 inbound 防火墙上新增加用户 local-user XXX(用户名) password simple XXX(密码) local-user XXX service-type ppp 删除某条命令 undo(类似与cisco的no) 静态路由 ip route-static 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX 对vpdn用户设置acl的接口 inte***ce Virtual-Template1 查看路由表 display ip routing-table 设定telnet密码 user-inte***ce vty 0 4 user privilege level 3 set authentication password simple XXX 启动/关闭 启动 un shut 关闭 shut 动态nat设置 acl number 3000 rule 0 permit ip source XXX.XXX.XXX.XXX rule 1 permit ip source XXX.XXX.XXX.XXX rule 2 permit ip source XXX.XXX.XXX.XXX inte***ce Ethernet1/0 des cription ====To-Internet(WAN)==== ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX nat outbound 3000 ipsec policy policy1 利用acl来做 符合acl的IP地址可以出去(注意 此处的ACL隐含了deny any any)不符合的IP地址不可以出去 创建vlan [shzb-crsw-s6506-1]vlan 100 华为vlan不支持name 将port放入vlan 创建了vlan后 进入vlan模式 [shzb-crsw-s6506-1-vlan100]port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/8 表示从G1/0/1 到1/0/8放入VLAN 100 创建trunk inte***ce GigabitEthernet1/0/1 duplex full speed 1000 * port link-type trunk * port trunk permit vlan all port link-aggregation group 1 带*号的是创建trunk链路的语句 vlan地址指定 inte***ce Vlan-inte***ce2 des cription server ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX vrrp vrid 2 virtual-ip XXX.XXX.XXX.XXX vrrp vrid 2 priority 120 vrrp vrid 2 preempt-mode timer delay 10 其中vrrp语句指定vrrp 类似与hsrp 使用vrrp要注意的是华为不支持pvst 只能一台完全是主,一台完全是备份 在主vrrp设备上要指定 stp instance 0 root primary stp TC-protection enable stp enable 在从vrrp设备上要指定 stp instance 0 root secondary stp TC-protection enable stp enable 交换机下面绑acl 首先进入接口模式,输入qos命令 [shzb-crsw-s6506-1-GigabitEthernet1/0/1]qos 在输入如下命令 [shzb-crsw-s6506-1-qoss-GigabitEthernet1/0/1]packet-filter inbound ip-group 3000 华为交换机只能指定inbound方向 启用ospf [shzb-crsw-s6506-1]ospf 100 [shzb-crsw-s6506-1-ospf-100]area 0 [shzb-crsw-s6506-1-ospf-100-area-0.0.0.0]network XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX 配置ospf重发布 [shzb-crsw-s6506-1-ospf-100-area-0.0.0.0]quit [shzb-crsw-s6506-1-ospf-100]import-route static 建立link-group(类似与cisco的channel-group) link-aggregation group 1 mode manual 然后进入接口 port link-aggregation group 1 启用VRRP之前必须输入 vrrp ping-enable 使得客户能ping网关
华为华为路由器交换机配置命令大全一、计算机命令PCAlogin:root;使用root用户password:linux;口令是linux#shutdown-hnow;关机#init 0;关机#logout;用户注销#login;用户登录#ifconfig;显示IP地址#ifconfig eth0 netmask;设置IP地址#ifconfig eht0 netmask down;禁用IP地址#route add 0.0.0.0 gw;设置网关#route del 0.0.0.0 gw;删除网关#route add default gw;设置网关#route del default gw;删除网关#route;显示网关#ping;发ECHO包#telnet;远程登录
二、华为路由器交换机配置命令:交换机命令[Quidway]dis cur;显示当前配置[Quidway]display current-configuration;显示当前配置[Quidway]display interfaces;显示接口信息[Quidway]display vlan;显示vlan信息[Quidway]display version;显示版本信息[Quidway]super password;修改特权用户密码[Quidway]sysname;交换机命名[Quidway]interface ethernet0/1;进入接口视图[Quidway]interface vlan x;进入接口视图[Quidway-Vlan-interfacex]ip address 10.65.1.1 255.255.0.0;配置VLAN的IP地址[Quidway]Ip route-static 0.0.0.0 0.0.0.0 10.65.1.2;静态路由=网关[Quidway]rip; rip协议[Quidway]local-user ftp[Quidway]user-interface vty 0 4;进入虚拟终端[S3026-ui-vty0-4]authentication-mode password;设置口令模式[S3026-ui-vty0-4]set authentication-mode password simple 222;设置口令[S3026-ui-vty0-4]user privilege level 3;用户级别[Quidway]interface ethernet0/1;进入端口模式[Quidway]int e0/1;进入端口模式[Quidway-Ethernet0/1]duplex{half|full|auto};配置端口工作状态[Quidway-Ethernet0/1]speed{10|100|auto};配置端口工作速率[Quidway-Ethernet0/1]flow-control;配置端口流控[Quidway-Ethernet0/1]mdi{across|auto|normal};配置端口平接扭接[Quidway-Ethernet0/1]portlink-type{trunk|access|hybrid};设置端口工作模式[Quidway-Ethernet0/1]port access vlan 3;当前端口加入到VLAN[Quidway-Ethernet0/2]port trunk permit vlan{ID|All};设trunk允许的VLAN[Quidway-Ethernet0/3]port trunk pvid vlan 3;设置trunk端口的PVID[Quidway-Ethernet0/1]undo shutdown;激活端口[Quidway-Ethernet0/1]shutdown;关闭端口[Quidway-Ethernet0/1]quit;返回[Quidway]vlan3;创建VLAN[Quidway-vlan3]port ethernet0/1;在VLAN中增加端口[Quidway-vlan3]port e0/1;简写方式[Quidway-vlan3]port ethernet0/1 to ethernet0/4;在VLAN中增加端口[Quidway-vlan3]port e0/1 to e0/4;简写方式[Quidway]monitor-port;指定镜像端口[Quidway]port mirror;指定被镜像端口[Quidway]port mirror int_list observing-port int_type int_num;指定镜像和被镜像[Quidway]description string;指定VLAN描述字符[Quidway]description;删除VLAN描述字符[Quidway]display vlan[vlan_id];查看VLAN设置[Quidway]stp{enable|disable};设置生成树,默认关闭[Quidway]stp priority 4096;设置交换机的优先级[Quidway]stp root{primary|secondary};设置为根或根的备份[Quidway-Ethernet0/1]stp cost 200;设置交换机端口的花费[Quidway]link-aggregation e0/1 to e0/4 ingress|端口的聚合[Quidway]undo link-aggregation e0/1|始端口为通道号[SwitchA-vlanx]isolate-user-vlan enable;设置主vlan[SwitchA]isolate-user-vlan secondary;设置主vlan包括的子vlan[Quidway-Ethernet0/2]port hybrid pvid vlan;设置vlan的pvid[Quidway-Ethernet0/2]port hybrid pvid;删除vlan的pvid[Quidway-Ethernet0/2]port hybrid vlan vlan_id_list untagged;设置无标识的vlan如果包的vlanid与PVId一致,则去掉vlan信息.默认PVID=1。所以设置PVID为所属vlanid,设置可以互通的vlan为untagged.
三、华为路由器交换机配置命令:路由器命令[Quidway]display version;显示版本信息[Quidway]display current-configuration;显示当前配置[Quidway]display interfaces;显示接口信息[Quidway]display ip route;显示路由信息[Quidway]sysname aabbcc;更改主机名[Quidway]super password 123456;设置口令[Quidway]interface serial0;进入接口[Quidway-serial0]ip address;配置端口IP地址[Quidway-serial0]undo shutdown;激活端口[Quidway]link-protocol hdlc;绑定hdlc协议[Quidway]user-interface vty 0 4[Quidway-ui-vty0-4]authentication-mode password[Quidway-ui-vty0-4]set authentication-mode password simple 222[Quidway-ui-vty0-4]user privilege level 3[Quidway-ui-vty0-4]quit[Quidway]debugging hdlc all serial0;显示所有信息[Quidway]debugging hdlc event serial0;调试事件信息[Quidway]debugging hdlc packet serial0;显示包的信息
四、华为路由器交换机配置命令:静态路由:[Quidway]ip route-static{interfacenumber|nexthop}[value][reject|blackhole]例如:[Quidway]ip route-static 129.1.0.0 16 10.0.0.2[Quidway]ip route-static 129.1.0.0 255.255.0.0 10.0.0.2[Quidway]ip route-static 129.1.0.0 16 Serial2[Quidway]ip route-static 0.0.0.0 0.0.0.0 10.0.0.2
五、华为路由器交换机配置命令:动态路由:[Quidway]rip;设置动态路由[Quidway]rip work;设置工作允许[Quidway]ri pinput;设置入口允许[Quidway]rip output;设置出口允许[Quidway-rip]network 1.0.0.0;设置交换路由网络[Quidway-rip]network all;设置与所有网络交换[Quidway-rip]peer ip-address;[Quidway-rip]summary;路由聚合[Quidway]rip version 1;设置工作在版本1[Quidway]rip version 2 multicast;设版本2,多播方式[Quidway-Ethernet0]rip split-horizon;水平分隔[Quidway]router id A.B.C.D;配置路由器的ID[Quidway]ospf enable;启动OSPF协议[Quidway-ospf]import-routedirect;引入直联路由[Quidway-Serial0]ospf enable area;配置OSPF区域
六、华为路由器交换机配置命令:标准访问列表命令格式如下:acl[match-orderconfig|auto];默认前者顺序匹配。rule[normal|special]{permit|deny}[sourcesource-addrsource-wildcard|any]例:[Quidway]acl10[Quidway-acl-10]rule normal permit source 10.0.0.0 0.0.0.255[Quidway-acl-10]rule normal deny source any
七、华为路由器交换机配置命令:扩展访问控制列表配置命令配置TCP/UDP协议的扩展访问列表:rule{normal|special}{permit|deny}{tcp|udp}source{|any}destination|any}[operate]配置ICMP协议的扩展访问列表:rule{normal|special}{permit|deny}icmpsource{|any]destination{|any][icmp-code][logging]
八、华为路由器交换机配置命令:扩展访问控制列表操作符的含义Equalport number;等于greater-thanport number;大于less-thanport number;小于not-equalport number;不等range port number1 port number2;区间
九、华为路由器交换机配置命令:扩展访问控制列表举例[Quidway]acl101[Quidway-acl-101]rule deny souce any destination any[Quidway-acl-101]rule permit icmp source any destination any icmp-type echo[Quidway-acl-101]rule permit icmp source any destination any icmp-type echo-reply[Quidway]acl102[Quidway-acl-102]rule permit ip source 10.0.0.1 0.0.0.0 destination 202.0.0.1 0.0.0.0[Quidway-acl-102]rule deny ip source any destination any[Quidway]acl 103[Quidway-acl-103]rule permit tcp source any destination 10.0.0.1 0.0.0.0 destination-port equal ftp[Quidway-acl-103]rule permit tcp source any destination 10.0.0.2 0.0.0.0 destination-port equal www[Quidway]firewall enable[Quidway]firewall default permit|deny[Quidway]int e0[Quidway-Ethernet0]firewall packet-filter 101 inbound|outbound
十、华为路由器交换机配置命令:地址转换配置举例[Quidway]firewall enable[Quidway]firewall default permit[Quidway]acl 101;内部指定主机可以进入e0[Quidway-acl-101]rule deny ip source any destination any[Quidway-acl-101]rule permit ip source 129.38.1.10 destination any[Quidway-acl-101]rule permit ip source 129.38.1.20 destination any[Quidway-acl-101]rule permit ip source 129.38.1.30 destination any[Quidway-acl-101]rule permit ip source 129.38.1.40 destination any[Quidway-acl-101]quit[Quidway]int e0[Quidway-Ethernet0]firewall packet-filter 101 inbound[Quidway]acl 102;外部特定主机和大于1024端口的数据包允许进入S0[Quidway-acl-102]rule deny ip source any destination any[Quidway-acl-102]rule permit tcp source 202.39.2.30 destination 202.38.160.10[Quidway-acl-102]rule permit tcp source any destination 202.38.160.10 destination-port great-than 1024[Quidway-acl-102]quit[Quidway]int s0[Quidway-Serial0]firewall packet-filter 102 inbound;设202.38.160.1是路由器出口IP。[Quidway-Serial0]nat outbound 101是Easyip,将acl 101允许的IP从本接口出时变换源地址。
十一、华为路由器交换机配置命令:内部服务器地址转换配置命令(静态nat):natserverglobal[port]insideport[protocol];global_port不写时使用inside_port[Quidway-Serial0]nat server global 202.38.160.1 inside 129.38.1.1 ftp tcp[Quidway-Serial0]nat server global 202.38.160.1 inside 129.38.1.2 telnet tcp[Quidway-Serial0]nat server global 202.38.160.1 inside 129.38.1.3 www tcp设有公网IP:202.38.160.101~202.38.160.103可以使用。;对外访问(原例题)[Quidway]nat address-group 202.38.160.101 202.38.160.103 pool1;建立地址池[Quidway]acl 1[Quidway-acl-1]rule permit source 10.110.10.0 0.0.0.255;指定允许的内部网络[Quidway-acl-1]rule deny source any[Quidway-acl-1]int serial0[Quidway-Serial0]nat outbound 1 address-group pool1;在s0口从地址池取出IP对外访问[Quidway-Serial0]nat server global 202.38.160.101 inside 10.110.10.1 ftp tcp[Quidway-Serial0]nat server global 202.38.160.102 inside 10.110.10.2 www tcp[Quidway-Serial0]nat server global 202.38.160.102 8080 inside 10.110.10.3 www tcp[Quidway-Serial0]nat server global 202.38.160.103 inside 10.110.10.4 smtp udp华为路由器交换机配置命令:PPP设置:[Quidway-s0]link-默认的协议
十二、华为路由器交换机配置命令:PPP验证:主验方:pap|chap[Quidway]local-userq2password{simple|cipher}路由器1[Quidway]interface serial0[Quidway-serial0]ppp authentication-mode{pap|chap}[Quidway-serial0]ppp chap user q1;pap时,没有此句 十三、华为路由交换机配置命令:pap被验方:[Quidway]interface serial0;路由器2[Quidway-serial0]ppp pap local-user q2 password{simple|cipher}hello十四、华为路由器交换机配置命令:chap被验方:[Quidway]interface serial0;路由器2[Quidway-serial0]ppp chap user q2;自己路由器名[Quidway-serial0]local-user q1 password{simple|cipher}对方路由器名帧中继frame-relay(二分册6-61)[q1]fr switching[q1]int s1[q1-Serial1]ip address 192.168.34.51 255.255.255.0[q1-Serial1]link-封装帧中继协议[q1-Serial1]fr interface-type dce[q1-Serial1]fr dlci 100[q1-Serial1]fr inarp[q1-Serial1]frmapip 192.168.34.52 dlci 100[q2]int s1[q2-Serial1]ip address 192.168.34.52 255.255.255.0[q2-Serial1]link-protocol fr[q2-Serial1]fr interface-type dte[q2-Serial1]f rdlci 100[q2-Serial1]fr inarp[q2-Serial1]fr mapip 192.168.34.51 dlci 100
十五、华为路由器交换机配置命令:帧中继监测[q1]displayfrlmi-info[]interfacetypenumber][q1]display frmap[q1]display fr pvc-info[serialinterface-number][dlcidlci-number][q1]display fr dlci-switch[q1]display fr interface[q1]reset fr inarp-info[q1]debugging fr all[interfacetype number][q1]debugging fr arp[interfacetype number][q1]debugging fr event[interfacetype number][q1]debugging fr lmi[interfacetype number] 十六、华为路由器交换机配置命令:启动ftp服务:[Quidway]local-user ftp password{simple|cipher}aaa service-type ftp[Quidway]ftp server enable
贴吧热议榜
使用签名档&&
保存至快速回贴 上传我的文档
 上传文档
 下载
 收藏
该文档贡献者很忙,什么也没留下。
 下载此文档
正在努力加载中...
华为三层常用命令
下载积分:2000
内容提示:华为三层常用命令
文档格式:DOC|
浏览次数:0|
上传日期: 19:57:56|
文档星级:
全文阅读已结束,如果下载本文需要使用
 2000 积分
下载此文档
该用户还上传了这些文档
华为三层常用命令
关注微信公众号华为USG防火墙基本配置
USG防火墙基本配置学习目的掌握登陆USG防火墙的方法掌握修改防火墙设备名的方法掌握对防火墙的时间、时区进行修改的方法掌握修改防火墙登陆标语信息的方法掌握修改防火墙登陆密码的方法掌握查看、保存和删除防火墙配置的方法掌握在防火墙上配置vlan、地址接口、测试基本连通性的方法拓扑图
学习任务步骤一.登陆缺省配置的防火墙并修改防火墙的名称
防火墙和路由器一样,有一个Console接口。使用console线缆将console接口和计算机的com口连接在一块。使用windows操作系统自带的超级终端软件,即可连接到防火墙。
防火墙的缺省配置中,包括了用户名和密码。其中用户名为admin、密码Admin@123,所以登录时需要输入用户名和密码信息,输入时注意区分大小写。
修改防火墙的名称的方法与修改路由器名称的方法一致。
另外需要注意的是,由于防火墙和路由器同样使用了VRP平台操作系统,所以在命令级别、命令帮助等,与路由器上相应操作相同。&SRG&sys13:47:28 Enter system view, return user view withCtrl+Z.[SRG]sysname FW13:47:32 步骤二.修改防火墙的时间和时区信息
默认情况下防火墙没有定义时区,系统保存的时间和实际时间可能不符。使用时应该根据实际的情况定义时间和时区信息。实验中我们将时区定义到东八区,并定义标准时间。&FW&clock timezone 1 add 08:00:0013:50:57 &FW&dis clock21:51:15
21:51:15ThursdayTime Zone : 1 add 08:00:00&FW&clock datetime 13:53:/0421:53:29 &FW&dis clock13:54:04
13:54:04FridayTime Zone : 1 add 08:00:00步骤三。修改防火墙登录标语信息
默认情况下,在登陆防火墙,登陆成功后有如下的标语信息。Please Press ENTER. Login authentication
Username:adminPassword:*********NOTICE:This is a private communicationsystem.
Unauthorized access or use may lead to prosecution.
防火墙设备以此信息警告非授权的访问。
实际使用中,管理员可以根据需要修改默认的登陆标语信息。分为登录前提示信息和登陆成功后提示信息两种。[FW]header login information ^14:01:21 Info: The banner text supports 220characters max, including the start and the end character.If you want to enter more thanthis, use banner file instead.Input banner text, and quit with thecharacter '^':Welcome to USG5500^
[FW]header shell information ^14:02:54 Info: The banner text supports 220characters max, including the start and the end character.If you want to enter more thanthis, use banner file instead.Input banner text, and quit with thecharacter '^':Welcome to USG5500You are logining insystem Please do not delete system config files^配置完成后,通过推出系统。然后重新登录,可以查看是否生效。Please Press ENTER. Welcome to USG5500 Login authentication
Username:adminPassword:*********Welcome to USG5500You are logining insystem Please do not delete system config filesNOTICE:This is a private communicationsystem.
Unauthorized access or use may lead to prosecution.注意,默认达到NOTICE信息一般都会存在,不会消失或被代替。步骤四.修改登陆防火墙的用户名和密码
防火墙默认使用的用户名admin。密码Admin@123。可以根据我们的需求进行修改。试验中我们新建一个用户,级别为level3.用户名为user1.密码:接口登陆验证方式为aaa,才能确保新建的用户生效。在配置中,需要指定该配置的用户名的使用范围,本次实验中选择termianl,表示使用于通过console口登陆验证的凭据。[FW]aaa14:15:43 [FW-aaa]local-user user1 pass
[FW-aaa]local-user user1 password cipherhuawei@12314:16:08
[FW-aaa]local-user user1 service-typeterminal14:16:28 [FW-aaa]local-user user1 level 314:16:38 [FW-aaa]q14:16:43 [FW]user-interface console 014:16:57 [FW-ui-console0]authentication-mode aaa退出系统,测试新用户名和密码是否生效。Please Press ENTER. Welcome to USG5500 Login authentication
Username:user1Password:**********Welcome to USG5500You are logining in system Please do notdelete system config filesNOTICE:This is a private communicationsystem.
Unauthorized access or use may lead to prosecution.&FW&步骤五.掌握查看、保存、和删除配置的方法。
在防火墙上使用命令查看运行的配置和已经保存的配置。其中使用display current-configuration命令查看运行配置,使用displaysaved-configuration命令查看已经保存的配置。&FW&dis current-configuration14:27:01 #stp region-configuration region-name f0a7e2157008 active region-configuration#interface GigabitEthernet0/0/0 alias GE0/MGMT ipaddress 192.168.0.1 255.255.255.0 dhcpselect interface dhcpserver gateway-list 192.168.0.1#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface GigabitEthernet0/0/3#interface GigabitEthernet0/0/4#interface GigabitEthernet0/0/5#interface GigabitEthernet0/0/6#interface GigabitEthernet0/0/7#interface GigabitEthernet0/0/8#interface NULL0 alias NULL0#firewall zone local setpriority 100#firewall zone trust setpriority 85 addinterface GigabitEthernet0/0/0#firewall zone untrust setpriority 5#firewall zone dmz setpriority 50#aaa local-user admin password cipher%$%$s$]c%^XV6(/|BaQ$[T;X"G&5%$%$ local-user admin service-type web terminaltelnet local-user admin level 15 local-user user1 password cipher%$%$tY4Z:`xG0/G!1^C)2[48"%yp%$%$ local-user user1 service-type terminal local-user user1 level 3 authentication-scheme default # authorization-scheme default # accounting-scheme default # domain default ##nqa-jitter tag-version 1 # header shell information "Welcome toUSG5500You are logining in system Please do notdelete system config files" header login information "Welcome toUSG5500" banner enable#user-interface con 0 authentication-mode aaauser-interface vty 0 4 authentication-mode none protocol inbound all# slb#right-manager server-group# sysname FW# l2tpdomain suffix-separator @# firewall packet-filter default permitinterzone local trust direction inbound firewall packet-filter default permitinterzone local trust direction outbound firewall packet-filter default permitinterzone local untrust direction outbound
firewall packet-filter default permitinterzone local dmz direction outbound# ipdf-unreachables enable# firewall ipv6 session link-state check firewall ipv6 statistic system enable# dnsresolve# firewall statistic system enable# pkiocsp response cache refresh interval 0 pkiocsp response cache number 0# undodns proxy# license-server domain lic.huawei.com# web-manager enable#return保存配置,并查看以保存的配置信息。&FW& sa14:29:29 The current configuration will be writtento the device.Are you sure to continue?[Y/N]y 14:29:31 FW %%01CFM/4/SAVE(l):When deciding whether to save configuration to the device, the user chose Y.Do you want to synchronically save theconfiguration to the startup saved-configuration file on peer device?[Y/N]:yNow saving the current configuration to thedevice...Info:The current configuration was saved tothe device successfully.
&FW&dis saved-configuration14:27:48 # CLI_VERSION=V300R001 # Last configuration was changed at 13:56:09 from console0#*****BEGIN****public****##interface GigabitEthernet0/0/0 alias GE0/MGMT ipaddress 192.168.0.1 255.255.255.0 dhcpselect interface dhcpserver gateway-list 192.168.0.1#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface GigabitEthernet0/0/3#interface GigabitEthernet0/0/4#interface GigabitEthernet0/0/5#interface GigabitEthernet0/0/6#interface GigabitEthernet0/0/7#interface GigabitEthernet0/0/8#interface NULL0 alias NULL0#firewall zone local setpriority 100#firewall zone trust setpriority 85 addinterface GigabitEthernet0/0/0#firewall zone untrust setpriority 5#firewall zone dmz setpriority 50#aaa local-user admin password cipher%$%$s$]c%^XV6(/|BaQ$[T;X"G&5%$%$ local-user admin service-type web terminaltelnet local-useradmin level 15 authentication-scheme default # authorization-scheme default # accounting-scheme default # domain default ##nqa-jitter tag-version 1 # banner enable#user-interface con 0 authentication-mode noneuser-interface vty 0 4 authentication-mode none protocol inbound all# slb#right-manager server-group# sysname FW# l2tpdomain suffix-separator @# firewall packet-filter default permitinterzone local trust direction inbound firewall packet-filter default permitinterzone local trust direction outbound firewall packet-filter default permitinterzone local untrust direction outbound
firewall packet-filter default permitinterzone local dmz direction outbound# ipdf-unreachables enable# firewall ipv6 session link-state check firewall ipv6 statistic system enable# dnsresolve # firewall statistic system enable# pkiocsp response cache refresh interval 0 pkiocsp response cache number 0# undodns proxy # license-server domain lic.huawei.com# web-manager enable#return#-----END----#使用delete Flash:/vrpcfg.zip命令删除保存的配置。 &FW&delete flash:/vrpcfg.cfg14:31:42 Be Careful! Deleting the next startupconfig file will lose your configuration. Delete flash:/vrpcfg.cfg?[Y/N]:y%Deleting file flash:/vrpcfg.cfg...Done!步骤六.配置接口地址
配置G0/0/1:10.0.2.1/24;G0/0/0:10.0.1.1/24;G0/0/2:10.0.3.1/24.[FW] interface g0/0/216:12:58 [FW-GigabitEthernet0/0/2]ip add 10.0.3.1 2416:13:21 [FW-GigabitEthernet0/0/2]interface g0/0/016:13:32 [FW-GigabitEthernet0/0/0]undo ip add16:14:02 [FW-GigabitEthernet0/0/0]ip add 10.0.1.1 2416:14:14 [FW-GigabitEthernet0/0/0]interface g0/0/116:14:36 [FW-GigabitEthernet0/0/1]ip add 10.0.2.1 2416:14:50 [FW-GigabitEthernet0/0/1]q16:14:52 [FW]
在交换机S1上配置接口G0/0/21属于vlan1、G0/0/22属于vlan2、G0/0/23属于vlan3.vlanif接口配置IP地址10.0.1.2/24、vlanif2接口配置IP地址10.0.2.2/24、vlanif3接口配置IP地址10.0.3.2/24。[Huawei]sysname S1[S1]vlan batch 2 3[S1]interface g0/0/21[S1-GigabitEthernet0/0/21]port link-typeaccess[S1-GigabitEthernet0/0/21]port default vlan1[S1-GigabitEthernet0/0/21]interface g0/0/22[S1-GigabitEthernet0/0/22]port link-typeaccess[S1-GigabitEthernet0/0/22]port default vlan2[S1-GigabitEthernet0/0/22]interface g0/0/23[S1-GigabitEthernet0/0/23]port link-typeaccess[S1-GigabitEthernet0/0/23]port default vlan3[S1-GigabitEthernet0/0/23]interface vlanif1[S1-Vlanif1]ip add 10.0.1.2 24[S1-Vlanif1]interface vlanif 2[S1-Vlanif2]ip add 10.0.2.2 24[S1-Vlanif2]interface vlanif 3[S1-Vlanif3]ip add 10.0.3.2 24将G0/0/0、G0/0/1、G0/0/2添加到trust区。在测试三口的连通性(在添加到trust区以前先确认这些端口不在untrust区) [FW]firewall zone trust16:39:40 [FW-zone-trust]add interface g0/0/216:40:05 [FW-zone-trust]add interface g0/0/316:41:59 [FW-zone-trust]add interface g0/0/1[FW-zone-trust]q [S1]ping -c 1 10.0.1.1 PING 10.0.1.1: 56
data bytes,press CTRL_C to break
Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=255 time=50 ms
---10.0.1.1 ping statistics ---
1packet(s) transmitted
1packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/50/50 ms [S1]ping -c 1 10.0.2.1 PING 10.0.2.1: 56
data bytes,press CTRL_C to break
Reply from 10.0.2.1: bytes=56 Sequence=1 ttl=255 time=50 ms
---10.0.2.1 ping statistics ---
1packet(s) transmitted
1packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/50/50 ms [S1]ping -c 1 10.0.3.1 PING 10.0.3.1: 56
data bytes,press CTRL_C to break
Reply from 10.0.3.1: bytes=56 Sequence=1 ttl=255 time=60 ms
---10.0.3.1 ping statistics ---
1packet(s) transmitted
1packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/60/60 ms
本文出自 “” 博客,请务必保留此出处
没有更多推荐了,
