1 .远程登录登录配置核心命令:
远程登录服务器启用
协议入站远程登录
身份验证模式密码//配置认证方式为密码
设置验证密码
用户权限级别15
#
认证模式美国汽车协会
aaa //配置认证方式为美国汽车协会
本地用户admin123密码不可逆密码abcd@123
本地用户admin123服务类型远程登录
本地用户admin123权限级别15
2.动态主机配置协议基于全局、接口、中继配置核心命令:
动态主机配置协议启用
互联网协议(Internet Protocol的缩写)池1 //创建地址池
网络10.1.1.0掩码24
网关
DNS-列出8.8.8.8
排除的互联网协议(Internet Protocol的缩写)地址10.1.1.250 10.1.1.253
租赁日8
动态主机配置协议选择全局//应用全局
动态主机配置协议选择接口//应用接口
动态主机配置协议服务器选择接口
动态主机配置协议服务器DNS 8.8.8.8
动态主机配置协议服务器排除了互联网协议(Internet Protocol的缩写)地址10.1.1.2
动态主机配置协议服务器租约第8天
#
动态主机配置协议服务器组1 //创建动态主机配置协议服务器组
DHCP-服务器10.1.1.1 //配置中继服务器地址
#
接口弗拉尼夫20
互联网协议(Internet Protocol的缩写)地址20.20.20.1 24
动态主机配置协议选择中继//选择动态主机配置协议中继服务
动态主机配置协议中继服务器-选择1 //应用动态主机配置协议服务器组
3.精灵五种配置核心命令:
全局静态精灵
10.1.1.2内部的精灵静态全局1.1.1.2
精灵静态启用
接口静态精灵
10.1.1.2内部的精灵静态全局1.1.1.2
动态精灵
精灵地址-第一组1.1.1.20 1.1.1.25
acl 2001
规则10允许来源10.1.1.0 0.0.0.255
精灵出站2001地址-第一组无补丁
NAPT
精灵地址-1.1.1.100 1.1.1.100组
精灵出站2001地址-组一
易互联网协议(Internet Protocol)
acl 2001
规则10允许来源10.1.1.0 0.0.0.255
精灵出站2001
4.基本ACL、高级ACL、ACL流策略、策略路由配置核心命令:
acl 2000 //基本访问控制列表
第10条提交来源
acl 3000 //高级访问控制列表
规则10允许互联网协议(Internet Protocol的缩写)源10.1.1.0 0.0.0.255目的地100.1.1.1 0 .0 .0 .0
#
acl 2000
规则允许来源192.168.1.0 0.0.0.255
acl 2001
规则允许来源192.168.2.0 0.0.0.255
流量分类器2000
如果匹配acl 2000
流量分类器2001
如果匹配acl 2001
交通行为2000
重定向IP-下一跳10.1.1.1
交通行为20
01redirect ip-nexthop 20.1.1.1
traffic policy policy-route
classifier 2000 behavior 2000
classifier 2001 behavior 2001
traffic policy policy-route inbound //将ACL流策略应用接口实现策略路由
5.BFD、BFD单臂回声、NQA监测网络状态配置核心命令:
bfd
bfd R1R2 bind peer-ip 10.1.1.2 source-ip 10.1.1.1 auto //BFD自动参数
commit
#
bfd 1 bind peer-ip 10.1.1.2 source-ip 10.1.1.1 one-arm-echo //BFD单臂回声手动参数
discriminator local 123
discriminator remote 123
min-tx-interval 100
min-rx-interval 100
wtr 1
commit
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2 track bfd-session 1
#
nqa test-instance root icmp //NQA配置命令
test-type icmp
frequency 10
probe-count 2
destination-address ipv4 10.1.1.2
strat now
ip route-static 0.0.0.0 0.0.0.0 10.1.1.2 track nqa root icmp
6.VRRP、STP、MSTP配置核心命令:
interface vlanif 10 //启用VRRP
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 120
vrrp vrid 10 preemit-mode timer delay 20
#
stp enable //启用STP
stp mode stp
stp root primary
stp pathcost-standard legacy
stp cost 20000
stp bpdu-protection
#
stp region-configuration //启用MSTP
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
stp instance 1 root primary //配置SwitchA为MSTI1的根桥
stp instance 2 root secondary //配置SwitchA为MSTI2的备份根桥
stp pathcost-standard legacy
7.RIP宣告路由、OSPF宣告路由、BGP宣告对等体、路由策略(引进路由)配置核心命令:
rip 1 //RIP宣告路由
version 2
network 12.0.0.0
#
ospf 1 //OSPF宣告路由
area 0
network 23.1.1.0 0.0.0.255
network 0.0.0.0 0.0.0.0 //宣告全网
#
bgp 100 //BGP宣告对等体
peer 34.1.1.2 as-number 200
#
acl 2000
rule 10 permit source 30.1.1.0 0.0.0.255
route-policy 10 permit node 10
if-match acl 2000
rip 1
import-route ospf 1 route-policy 10 //RIP引进OSPF路由
acl 2001
rule 10 permit source 10.1.2.0 0.0.0.255
route-policy 20 permit node 20
if-match acl 2001
ospf 1
import-policy rip 1 route-policy 20 //OSPF引进RIP路由
#
rip/ospf 1 //将RIP或OSPF引进BGP
version 2
import-route bgp
bgp 100 ////将RIP或OSPF单播引进BGP
inv4-family unicast
import-route rip 1
bag 200
ipv4-family unicast
peer 45.1.1.2 next-hop-local //将RIP或OSPF单播引进下一跳改为路由本身
8.IPsec静态与ike隧道配置核心命令:
acl 3000
rule 10 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
ipsec proposal cd
esp authentication-algorithm sha2-256 创建预共享密钥
esp encryption-algorithm aes-128
ipsec policy chengdu 10 manual
security acl 3000
proposal cd
tunnel local 100.1.1.1
tunnel remote 200.1.1.1
sa spi inbound esp 54321
sa string-key inbound esp cipher summer
sa spi outbound esp 12345
sa string-key outbound esp cipher summer
ipsec policy chengdu //将IPsec静态配置应用在接口上
#
acl 3000
rule 10 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
ike proposal 10
authentication-algorithm sha1
encryption-algorithm aes-cbc-128
dh group14
ike peer bj v1
pre-shared-key cipher summer
ike proposal 10
local-address 100.1.1.1
remoto-address 200.1.1.1
ipsec proposal cd
sep authentication-algorithm sha2-256
sep encryption-algorithm aes-128
ipsec policy chengdu 10 isakmp
security acl 3000
ike-peer bj
proposal cd
ipsec policy chengdu //将IPsec的ike配置应用在接口上
9.无线WLAN隧道与直接转发模式配置核心命令:
wlan //配置AP上线
regulatory-domain-profile name summer
country-code CN
ap-group name summer
regulatory-domain-profile summer
Y
capwap source interface vlanif 100
wlan
ap auth-mode mac-auth
ap-id 1 ap-mac 00e0-fc9e-3770
ap-name VLAN101-001
ap-group summer
Y
wlan //配置无线WLAN业务下发对应AP
security-profile name 0
security wpa-wpa2 psk pass-phrase hot12345 aes
wlan
ssid-profile name summer
ssid work
wlan
vap-profile name work
forward-mode tunnel/dirct-forward //更换AP转发方式
service-vlan vlan-id 101
security-profile 0
ssid-profile summer
wlan
ap-group name summer
vap-profile work wlan 1 radio 0
vap-profile work wlan 1 radio 1
vap-profile summer wlan 2 radio all
10.eth-trunk链路聚合静态与LACP模式、堆叠istack、SNMPv1/2/3配置核心命令:
interface eth-trunk 1 //启用静态链路聚合
trunkport gigabitethernet 0/0/1 to 0/0/3
load-balance src-dst-mac
#
interface eth-trunk 1
mode lacp
max active-linkunmber 2
interface gigabitethernet 0/0/1
eth-trunk 1 //接口上应用LCAP链路聚合
#
interface stack-port 0/1 //接口启用堆叠
port interface gigabitethernet 0/0/27 enable Y
stack slot 0 priority 200 Y
stack slot 0 renumber 1 Y
#
snmp-agent sys-info version v1 //SNMPv1
snmp-agent community write huawei
snmp-agent community complexity-check disable
snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname huawei
#
snmp-agent sys-info version v2c //SNMPv2
snmp-agent mib-view excluded allextisis 1.3.6.1.3.37
snmp-agent community write adminnms2 mib-view allextisis acl 2001
snmp-agent target-host inform address udp-domain 1.1.1.2 params securityname adminnms2 v2c
#
snmp-agent sys-info version v3 //SNMPv3
snmp-agent mib-view included isoview iso
snmp-agent usm-user v3 nms-admin group admin
snmp-agent usm-user v3 nms-admin authentication-mode md5
snmp-agent group v3 admin privacy write-view isoview
snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname nms-admin v3 privacy