网络设备的基本配置
https://ruby-china.org/markdown
markdown书写规范
一. 前置知识
华为网络设备使用的操作系统为VRP,cisco思科设备使用的网络设备为IOS
1.常见的设备配置方式
1.console
2.telnet(适合有IP地址的设备,并确保PC和网络设备的连通性,SSH方式更安全)、
3.Web(适合有IP地址的网络设备,并内置有WEB页面)
使用console线配置时,com端口后连接后打开软件需要进行的端口设置
波特率(每秒传输波特)设置:9600
数据位:8
奇偶校验:none
停止位:1
数据流控制:全部关闭
2.基本术语:
内存
- ROM:存在操作系统的启动程序(引导程序)
- Flash:存放操作系统
- RAM:随机存储器,当前运行的配置
- NVRAM:非易失性随机存储器
配置文件:
运行配置:current-configuration
启动配置:saved-configuration
- 设备启动后的运行状态如下
BootRom引导
初始化程序
VRP操作系统平台
启动配置文件
进入命令行模式
- 代码演示
用户视图
<huawei>
进入系统视图
<huawei>system-view
配置vlan1
<huawei>vlan1
<huawei>quit
配置端口0/1
<huawei>interface ethernet 0/1
越级回到用户视图
<huawei>return
实际配置
1.配置vlan
创建vlan1011,首先创建vlan,才能配置vlan
<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan 1011
[Huawei-vlan1011]quit
[Huawei]interface vlanif 1011
[Huawei-Vlanif1011]
2.配置单个或多个vty用户界面视图
[Huawei]user-interface vty 1 3
[Huawei-ui-vty1-3]
[Huawei-ui-vty1-3]quit
[Huawei]user-interface vty 1
[Huawei-ui-vty1]
3.配置console用户界面参数
[Huawei]user-interface console 0
[Huawei-ui-console0]
4.配置RIP/ospf路由协议参数
[Huawei]rip
[Huawei-rip-1]
[Huawei]ospf
[Huawei-ospf-1]
5.配置ACL访问控制列表
[Huawei]acl 2100
[Huawei-acl-basic-2100]quit
[Huawei]acl 3000
[Huawei-acl-adv-3000]
6.配置以太网端口参数
[Huawei]interface Gigabitethernet0/0/1
[Huawei-GigabitEthernet0/0/1]
设备参数
华为设备存在用户界别和命令级别,不同级别的用户能进行的命令级别也不同
16个用户级别0-1-2-(3-15)
二.基本命令
//用户日志信息
[Huawei]display logbuffer
//查看告警信息
[Huawei]display trapbuffer
Trapping buffer configuration and contents : enabled
Allowed max buffer size : 1024
Actual buffer size : 256
Channel number : 3 , Channel name : trapbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 3
//版本信息
[Huawei]display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.110 (S5700 V200R001C00)
Copyright (c) 2000-2011 HUAWEI TECH CO., LTD
Quidway S5700-28C-HI Routing Switch uptime is 0 week, 0 day, 3 hours, 7 minutes
//设备信息
[Huawei]display device
S5700-28C-HI's Device status:
Slot Sub Type Online Power Register Status Role
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
0 - 5728C Present PowerOn Registered Normal Master
//接口信息
[Huawei]display interface
GigabitEthernet0/0/1 current state : DOWN
Line protocol current state : DOWN
Description:
Switch Port, PVID : 1, TPID : 8100(Hex), The Maximum Frame Length is 9216
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 4c1f-cc45-09c8
Last physical up time : -
Last physical down time : 2024-10-10 18:49:48 UTC-08:00
Current system time: 2024-10-10 21:57:48-08:00
Hardware address is 4c1f-cc45-09c8
Last 300 seconds input rate 0 bytes/sec, 0 packets/sec
Last 300 seconds output rate 0 bytes/sec, 0 packets/sec
Input: 0 bytes, 0 packets
Output: 0 bytes, 0 packets
Input:
Unicast: 0 packets, Multicast: 0 packets
Broadcast: 0 packets
Output:
Unicast: 0 packets, Multicast: 0 packets
Broadcast: 0 packets
Input bandwidth utilization : 0%
Output bandwidth utilization : 0%
GigabitEthernet0/0/2 current state : DOWN
Line protocol current state : DOWN
Description:
//接口状态和配置的简要信息
[Huawei]display interface brief
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(b): BFD down
(e): ETHOAM down
(dl): DLDP down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
GigabitEthernet0/0/1 down down 0% 0% 0 0
GigabitEthernet0/0/2 down down 0% 0% 0 0
GigabitEthernet0/0/3 down down 0% 0% 0 0
GigabitEthernet0/0/4 down down 0% 0% 0 0
GigabitEthernet0/0/5 down down 0% 0% 0 0
GigabitEthernet0/0/6 down down 0% 0% 0 0
GigabitEthernet0/0/7 down down 0% 0% 0 0
GigabitEthernet0/0/8 down down 0% 0% 0 0
GigabitEthernet0/0/9 down down 0% 0% 0 0
GigabitEthernet0/0/10 down down 0% 0% 0 0
GigabitEthernet0/0/11 down down 0% 0% 0 0
GigabitEthernet0/0/12 down down 0% 0% 0 0
GigabitEthernet0/0/13 down down 0% 0% 0 0
GigabitEthernet0/0/14 down down 0% 0% 0 0
GigabitEthernet0/0/15 down down 0% 0% 0 0
GigabitEthernet0/0/16 down down 0% 0% 0 0
GigabitEthernet0/0/17 down down 0% 0% 0 0
GigabitEthernet0/0/18 down down 0% 0% 0 0
GigabitEthernet0/0/19 down down 0% 0% 0 0
GigabitEthernet0/0/20 down down 0% 0% 0 0
GigabitEthernet0/0/21 down down 0% 0% 0 0
GigabitEthernet0/0/22 down down 0% 0% 0 0
GigabitEthernet0/0/23 down down 0% 0% 0 0
GigabitEthernet0/0/24 down down 0% 0% 0 0
//查看所有通过用户界面登录过的用户
[Huawei]display users
User-Intf Delay Type Network Address AuthenStatus AuthorcmdFlag
+ 0 CON 0 00:00:00 no
Username : Unspecified
//查看eth-trunk子接口状态
[Huawei]display interface eth-trunk
//查看vlan
[Huawei]display vlan
The total number of vlans is : 1
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/1(D) GE0/0/2(D) GE0/0/3(D) GE0/0/4(D)
GE0/0/5(D) GE0/0/6(D) GE0/0/7(D) GE0/0/8(D)
GE0/0/9(D) GE0/0/10(D) GE0/0/11(D) GE0/0/12(D)
GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D)
GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D)
GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
//查看stp的状态和统计信息
[Huawei]display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.4c1f-cc45-09c8
Config Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
Active Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.4c1f-cc45-09c8 / 0
CIST RegRoot/IRPC :32768.4c1f-cc45-09c8 / 0
CIST RootPortId :0.0
BPDU-Protection :Disabled
TC or TCN received :0
TC count per hello :0
STP Converge Mode :Normal
Time since last TC :0 days 0h:0m:0s
Number of TC :0
----[Port1(GigabitEthernet0/0/1)][DOWN]----
Port Protocol :Enabled
Port Role :Disabled Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=200000000
Designated Bridge/Port :32768.4c1f-cc45-09c8 / 128.1
Port Edged :Config=default / Active=disabled
Point-to-point :Config=auto / Active=false
Transit Limit :147 packets/hello-time
Protection Type :None
Port STP Mode :MSTP
//查看当前时间段的配置和状态
[Huawei]display time-range all
Current time is 21:59:44 10-10-2024 Thursday
Total time-range number is 0
//查看各trunk端口的gvrp信息
[Huawei]display gvrp statistics
//查看所有的ACL的配置
[Huawei]display acl all
Total nonempty ACL number is 0
//查看路由表
[Huawei]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 2 Routes : 2
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
//查看所有的BFD会话
[Huawei]display bfd session all
//查看所有或指定的RIP进程
[Huawei]display rip
//查看RIP路由
[Huawei]display rip route
//查看RIP的邻居
[Huawei]display rip neighbor
//查看OSPF的链路状态数据库信息
[Huawei]display ospf lsdb
//查看各OSPF的邻居
[Huawei]display ospf peer
//查看各OSPF路由
[Huawei]display ospf routing
//查看bgp对等体
[Huawei]display bgp peer
//查看bgp路由表
[Huawei]display bgp routing-table
启用telnet并配置vty线路登陆的验证方式
//三层交换机的端口可以直接配置IP地址
//二层交换机的端口不可以直接配置IP地址,可以借助vlanif配置ip
<Huawei>system
Enter system view, return user view with Ctrl+Z.
//开启telnet服务
[Huawei]telnet server enable
Info: The Telnet server has been enabled.
//开启vty线路模式,最多支持五个用户同时登录
[Huawei]user-interface vty 0 4
//配置vty支持telnet协议
[Huawei-ui-vty0-4]protocol inbound telnet
//设置认证模式为aaa认证,此外还有password、none认证模式
[Huawei-ui-vty0-4]authentication-mode aaa
[Huawei-ui-vty0-4]quit
//进入aaa试图
[Huawei]aaa
//配置用户名和密码,cipher表示密码不是明文
[Huawei-aaa]local-user user1 password irreversible-cipher Huawei12#$
//配置账户权限
[Huawei-aaa]local-user user1 privilege level 3
Info: Add a new user.
//返回用户试图(save命令是在用户试图下执行的)
[Huawei-aaa]return
<Huawei>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]y
Info: Please input the file name ( *.cfg, *.zip ) [vrpcfg.zip]:
Oct 11 2024 15:55:56-08:00 Huawei %%01CFM/4/SAVE(l)[52]:The user chose Y when de
ciding whether to save the configuration to the device.
Now saving the current configuration to the slot 0.
Save the configuration successfully.
<Huawei>
配置console用户验证方式
<Huawei>sy
//配置console0口
[Huawei]user-interface console 0
//配置认证模式,除aaa外还有password、none
[Huawei-ui-console0]authentication-mode aaa
//如果选用了本地认证,则需要配置密码,cipher password表示输入密码是密文密码,单独一个password表示交互方式输入明文密码
[Huawei-ui-console0]set authentication password cipher password
