华为--汇总文章
华为综合汇总
三层连接以及接口地址
网络以及VLAN信息
如果计算机运行实验不通畅,建议不要一次性全部开启设备,先开启一部分设备,配置完毕后,回到用户模式save保存后,关闭设备,再开启另外一些设备。
任务
1)链路聚合
S1和S2使用链路聚合将两条物理线路聚合成一条逻辑线路,用于实现链路负载分担和备份,设置S1为LACP主动端,要求逻辑链路基于目的MAC的方式进行负载分担。
2) VLAN及VLAN间路由
要求实现所有VLAN客户端和服务器之间的互通。
3) OSPF和RIP部分
R2、R3、S1和S2开启OSPF进程110。所有的设备都属于OSPF区域0。R3、R4和R5和开启RIPv2协议,R3的G0/0/1接口和R4的G0/0/1接口、 R4的G0/0/2接口和R5的G0/0/2接口都能够收发RIPv2协议报文。
4)路由重分发
要求OSPF环境中所有计算机能够和RP环境中所有计算机、服务器相互访问。
5)NAT及访问控制
内网环境中所有计算机及服务器除了10.1.21-22.0/24这两个网段外,都可以访问互联网,并通过R2转换为固定IP (202 2. 12. 100),服务器的公网映射地址为202.2.12.200,要求PC7可以通过该地址访问内网服务器。
思路
1.自行搭建拓扑
2.手工配置各个路由器和PC的IP地址
3.配置链路聚合LACP
4.配置VLAN间路由
5.配置单臂路由
6.配置OSPF和RIP
7.配置路由重分发
8.配置NAT及访问控制
9.调整全局路由
实验步骤
1.自行搭建拓扑
本次采用AR3260路由器,S5700三层交换和S3700二层交换,PC和Server
R1和R2上的互联网接口要通过手动添加模块实现,右击设备图标,选择设置
找到2SA拖到设备插槽
搭建拓扑
完善拓扑
2.配置客户端IP地址
3.配置链路聚合LACP
华为的链路聚合主要通过LACP实现,在配置时,需要指定优先级、工作模式,负载均衡模式以及所需的成员接口
S1的配置如下
[S1]lacp priority 1000 //配置S1设备的系统LACP优先级
[S1]int Eth-Trunk 12 //创建链路聚合逻辑接口,名称为Eth-Trunk 12
[S1-Eth-Trunk12]mode lacp-static //配置静态LACP模式
[S1-Eth-Trunk12]load-balance dst-mac //配置负载均衡模式为目标MAC地址
[S1-Eth-Trunk12]trunkport g0/0/11 //添加成员接口g0/0/11
Info: This operation may take a few seconds. Please wait for a moment...done.
[S1-Eth-Trunk12]trunkport g0/0/12 //添加成员接口g0/0/12
Info: This operation may take a few seconds. Please wait for a moment...done.
[S1-Eth-Trunk12]quit
LACP优先级值越小,优先级越高,默认情况下,系统LACP优先级为32768.在两端设备中选择系统LACP优先级值较小的一端作为主动端,如果系统LACP优先级(值)相同,则选择MAC地址较小的一端作为主动端
S2的配置如下
[S2]int Eth-Trunk 12
[S2-Eth-Trunk12]mode lacp-static
[S2-Eth-Trunk12]trunkport g0/0/11
Info: This operation may take a few seconds. Please wait for a moment...done.
[S2-Eth-Trunk12]trunkport g0/0/12
Info: This operation may take a few seconds. Please wait for a moment...done.
[S2-Eth-Trunk12]quit
4.配置VLAN间路由
VLAN之间的路由主要通过S1和S2实现。即使S1和S2上面的接口都是Trunk模式,也需要创建相关的VLAN。因为当交换机收到来自某VLAN的数据包时,如果它没有该VLAN,那么将丢弃数据包
S1的配置如下
[S1]vlan batch 11 to 14 1000 to 1002 //批量创建VLAN11-14、VLAN1000-1002
Info: This operation may take a few seconds. Please wait for a moment...done.
[S1]int Eth-Trunk 12 //进入链路聚合接口
[S1-Eth-Trunk12]port link-type trunk //配置链路聚合接口模式为Trunk
[S1-Eth-Trunk12]port trunk allow-pass vlan 11 to 14 1000 to 1002
//Trunk链路允许VLAN11-14、VLAN1000-1002
[S1-Eth-Trunk12]int g0/0/21
[S1-GigabitEthernet0/0/21]port link-type trunk //链路聚合接口模式为Trunk
[S1-GigabitEthernet0/0/21]port trunk allow-pass vlan all //允许所有VLAN
[S1-GigabitEthernet0/0/21]int g0/0/22
[S1-GigabitEthernet0/0/22]port link-type trunk
[S1-GigabitEthernet0/0/22]port trunk allow-pass vlan all
[S1-GigabitEthernet0/0/22]int vlanif 11 进入VLAN11的虚接口
[S1-Vlanif11]ip address 10.1.11.1 24
[S1-Vlanif11]int vlanif 12
[S1-Vlanif12]ip address 10.1.12.1 24
[S1-Vlanif12]quit
华为的Trunk通道默认不允许除VLAN1以外的所有VLAN,而Cisco设备的Trunk链路默认允许所有的VLAN。所以在配置华为设备时,在配置完基本的Trunk配置后,一定要加上允许相关VLAN通过的Trunk的命令。port trunk allow-pass vlan 50则允许VLAN50;port trunk allow-pass vlan all则放行所有VLAN
S2的配置如下
[S2]vlan batch 11 to 14 1000 to 1002
Info: This operation may take a few seconds. Please wait for a moment...done.
[S2]int Eth-Trunk 12
[S2-Eth-Trunk12]port link-type trunk
[S2-Eth-Trunk12]port trunk allow-pass vlan all
[S2-Eth-Trunk12]int g0/0/23
[S2-GigabitEthernet0/0/23]port link-type trunk
[S2-GigabitEthernet0/0/23]port trunk allow-pass vlan all
[S2-GigabitEthernet0/0/23]int g0/0/24
[S2-GigabitEthernet0/0/24]port link-type trunk
[S2-GigabitEthernet0/0/24]port trunk allow-pass vlan all
[S2-GigabitEthernet0/0/24]quit
[S2]int vlanif13
[S2-Vlanif13]ip address 10.1.13.1 24
[S2-Vlanif13]int vlanif14
[S2-Vlanif14]ip address 10.1.14.1 24
[S2-Vlanif14]quit
S3的配置如下
[S3]vlan batch 11 to 14
Info: This operation may take a few seconds. Please wait for a moment...done.
[S3]int g0/0/1
[S3-GigabitEthernet0/0/1]port link-type trunk
[S3-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[S3-GigabitEthernet0/0/1]int e0/0/1
[S3-Ethernet0/0/1]port link-type access //配置端口模式为access
[S3-Ethernet0/0/1]port default vlan 11 //接口加入VLAN 11
[S3-Ethernet0/0/1]quit
S4的配置如下
[S4]vlan batch 11 to 14
Info: This operation may take a few seconds. Please wait for a moment...done.
[S4]int g0/0/1
[S4-GigabitEthernet0/0/1]port link-type trunk
[S4-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[S4-GigabitEthernet0/0/1]int e0/0/1
[S4-Ethernet0/0/1]port link-type access
[S4-Ethernet0/0/1]port default vlan 12
[S4-Ethernet0/0/1]quit
S5的配置如下
[S5]vlan batch 11 to 14
Info: This operation may take a few seconds. Please wait for a moment...done.
[S5]int g0/0/1
[S5-GigabitEthernet0/0/1]port link-type trunk
[S5-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[S5-GigabitEthernet0/0/1]int e0/0/1
[S5-Ethernet0/0/1]port link-type access
[S5-Ethernet0/0/1]port default vlan 13
[S5-Ethernet0/0/1]quit
S6的配置如下
[S6]vlan batch 11 to 14
Info: This operation may take a few seconds. Please wait for a moment...done.
[S6]int g0/0/1
[S6-GigabitEthernet0/0/1]port link-type trunk
[S6-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[S6-GigabitEthernet0/0/1]int e0/0/1
[S6-Ethernet0/0/1]port link-type access
[S6-Ethernet0/0/1]port default vlan 14
[S6-Ethernet0/0/1]quit
5.配置单臂路由
华为的单臂路由配置和Cisco几乎没有差别。主要有两项配置,一项是交换机和路由器之间的Trunk配置,另外一项是路由器的子接口配置及关联相应的VLAN
R4的配置如下
[R4]int g0/0/0.21 //进入子接口
[R4-GigabitEthernet0/0/0.21]ip address 10.1.21.1 24 //配置子接口IP地址
[R4-GigabitEthernet0/0/0.21]dot1q termination vid 21 //子接口和VLAN21关联
[R4-GigabitEthernet0/0/0.21]arp broadcast enable //子接口打开ARP广播
[R4-GigabitEthernet0/0/0.21]int g0/0/0.22
[R4-GigabitEthernet0/0/0.22]ip address 10.1.22.1 24
[R4-GigabitEthernet0/0/0.22]dot1q termination vid 22
[R4-GigabitEthernet0/0/0.22]arp broadcast enable
[R4-GigabitEthernet0/0/0.22]quit
S7的配置如下
[S7]vlan batch 21 22
Info: This operation may take a few seconds. Please wait for a moment...done.
[S7]int e0/0/10
[S7-Ethernet0/0/10]port link-type trunk
[S7-Ethernet0/0/10]port trunk allow-pass vlan all
[S7-Ethernet0/0/10]int e0/0/1
[S7-Ethernet0/0/1]port link-type access
[S7-Ethernet0/0/1]port default vlan 21
[S7-Ethernet0/0/1]int e0/0/2
[S7-Ethernet0/0/2]port link-type access
[S7-Ethernet0/0/2]port default vlan 22
[S7-Ethernet0/0/2]quit
6.配置RIP和OSPF
华为的RIP配置和Cisco命令几乎一致,注意把no变成undo即可。配置OSPF时和Cisco不同,它不是一条network命令同时宣告网络和区域,而是在某个区域下面的子模式宣告相关的网络
S1的配置如下
[S1]int g0/0/1
[S1-GigabitEthernet0/0/1]port link-type access
[S1-GigabitEthernet0/0/1]port default vlan 1001 //物理接口加入VLAN1001
[S1-GigabitEthernet0/0/1]quit
[S1]int vlanif 1000
[S1-Vlanif1000]ip address 10.1.122.11 24
[S1-Vlanif1000]int vlanif 1001 //配置VLAN 1001的虚接口
[S1-Vlanif1001]ip address 10.1.111.11 24
[S1-Vlanif1001]quit
[S1]ospf 110 //进入OSPF进程模式,其中110代表进程ID号
[S1-ospf-110]area 0 //和Cisco不同,华为要先进入某个区域,再network宣告网络
[S1-ospf-110-area-0.0.0.0]network 10.1.111.0 0.0.0.255 //宣告网络
[S1-ospf-110-area-0.0.0.0]network 10.1.122.0 0.0.0.255 //不需要跟区域
[S1-ospf-110-area-0.0.0.0]network 10.1.11.0 0.0.0.255
[S1-ospf-110-area-0.0.0.0]network 10.1.12.0 0.0.0.255
[S1-ospf-110-area-0.0.0.0]quit
在配置OSPF时,如果想指定router-id,可以在进入进程模式时追加router-id,如[S1]ospf 110 router-id 1.1.1.1
另外,华为三层交换机的二层接口没有直接提升为三层接口的命令,类似于Cisco下的no switchport命令。所以在做VLAN间路或者和路由器直连时,只能配置VLAN虚接口
S2的配置如下
[S2]int g0/0/2
[S2-GigabitEthernet0/0/2]port link-type access
[S2-GigabitEthernet0/0/2]port default vlan 1002
[S2-GigabitEthernet0/0/2]int vlanif 1000
[S2-Vlanif1000]ip address 10.1.122.12 24
[S2-Vlanif1000]int vlanif 1002
[S2-Vlanif1002]ip address 10.1.112.12 24
[S2-Vlanif1002]quit
[S2]ospf 110
[S2-ospf-110]area 0
[S2-ospf-110-area-0.0.0.0]network 10.1.112.0 0.0.0.255
[S2-ospf-110-area-0.0.0.0]network 10.1.122.0 0.0.0.255
[S2-ospf-110-area-0.0.0.0]network 10.1.13.0 0.0.0.255
[S2-ospf-110-area-0.0.0.0]network 10.1.14.0 0.0.0.255
[S2-ospf-110-area-0.0.0.0]quit
[S2-ospf-110]quit
R2的配置如下
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip address 10.1.113.1 24
[R2-GigabitEthernet0/0/0]undo shu //按Tab键自动补齐
[R2-GigabitEthernet0/0/0]undo shutdown
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip address 10.1.111.1 24
[R2-GigabitEthernet0/0/1]undo shutdown
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[R2-GigabitEthernet0/0/1]int g0/0/2
[R2-GigabitEthernet0/0/2]ip address 10.1.112.1 24
[R2-GigabitEthernet0/0/2]ospf 110
[R2-ospf-110]area 0
[R2-ospf-110-area-0.0.0.0]network 10.1.113.0 0.0.0.255
[R2-ospf-110-area-0.0.0.0]network 10.1.111.0 0.0.0.255
[R2-ospf-110-area-0.0.0.0]network 10.1.112.0 0.0.0.255
[R2-ospf-110-area-0.0.0.0]quit
[R2-ospf-110]quit
R3的配置如下
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip address 10.1.113.3 24
[R3-GigabitEthernet0/0/0]undo shutdown
[R3-GigabitEthernet0/0/0]int g0/0/1
[R3-GigabitEthernet0/0/1]ip address 10.1.134.3 24
[R3-GigabitEthernet0/0/1]undo shutdown
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[R3-GigabitEthernet0/0/1]ospf 110
[R3-ospf-110]area 0
[R3-ospf-110-area-0.0.0.0]network 10.1.113.0 0.0.0.255
//注意不要宣告10.1.134.0网段
[R3-ospf-110-area-0.0.0.0]quit
[R3-ospf-110]quit
[R3]rip //进入RIP 进程模式,默认进程ID为1
[R3-rip-1]version 2 //指定RIP版本
[R3-rip-1]undo summary //关闭RIP的自动汇总
[R3-rip-1]network 10.0.0.0 //宣告网络
[R3-rip-1]quit
在Cisco的IOS中配置RIP时,既可以通过标准的类宣告网络,也可以根据实际网络来宣告。如接口地址为10.1.1.1/24,那么在宣告该接口时,命令network 10.1.1.0和10.0.0.0都可以,但是Cisco会自动纠正为10.0.0.0(这才是标准的宣告方法)。而在华为中,只能以标准的方式宣告RIP网络,即根据主类的掩码来宣告。
R4的配置如下
[R4]int g0/0/1
[R4-GigabitEthernet0/0/1]ip address 10.1.134.4 24
[R4-GigabitEthernet0/0/1]undo shutdown
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[R4-GigabitEthernet0/0/1]int g0/0/2
[R4-GigabitEthernet0/0/2]ip address 10.1.145.4 24
[R4-GigabitEthernet0/0/2]undo shutdown
Info: Interface GigabitEthernet0/0/2 is not shutdown.
[R4-GigabitEthernet0/0/2]quit
[R4]rip
[R4-rip-1]version 2
[R4-rip-1]undo summary
[R4-rip-1]network 10.0.0.0
[R4-rip-1]quit
R5的配置如下
[R5]int g0/0/2
[R5-GigabitEthernet0/0/2]ip address 10.1.145.5 24
[R5-GigabitEthernet0/0/2]undo shutdown
Info: Interface GigabitEthernet0/0/2 is not shutdown.
[R5-GigabitEthernet0/0/2]int g0/0/0
[R5-GigabitEthernet0/0/0]ip address 10.1.100.1 24
[R5-GigabitEthernet0/0/0]undo shutdown
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R5-GigabitEthernet0/0/0]rip
[R5-rip-1]version 2
[R5-rip-1]undo summary
[R5-rip-1]network 10.0.0.0
[R5-rip-1]quit
7.配置路由重分发
华为的路由重分发是通过import-route命令实现的,不管导入什么协议,都要加上进程ID号。
R3的配置如下
[R3]ospf 110 //进入OSPF进程模式
[R3-ospf-110]import-route rip 1 //将RIP协议重分发到OSPF中
[R3-ospf-110]rip //进入RIP进程模式
[R3-rip-1]import-route ospf 110 //将OSPF协议重分发到RIP中
[R3-rip-1]quit
8.配置NAT及访问控制
华为的NAT转换直接配置在外部接口模式下。需要转换的内部流量通过ACL抓取,而转换后的内部全局地址通过配置NAT组实现。
R2的配置如下
[R2]int s4/0/0 //进入serial口
[R2-Serial4/0/0]ip address 202.2.12.1 24
[R2-Serial4/0/0]quit
[R2]ip route-static 0.0.0.0 0 202.2.12.2 //配置静态路由,掩码可以是点分十进制,也可以是长度
[R2]ospf 110
[R2-ospf-110]default-route-advertise//向OSPF注入默认路由(前提是自己有默认)
[R2-ospf-110]quit
[R2]nat address-group 1 202.2.12.100 202.2.12.100//配置NAT组(池)
[R2]acl 2000 //编写编号为2000的ACL
[R2-acl-basic-2000]rule 0 permit source 10.1.0.0 0.0.15.255 //规则0
[R2-acl-basic-2000]rule 10 permit source 10.1.100.0 0.0.0.255 //规则10
[R2-acl-basic-2000]quit
[R2]int s4/0/0
[R2-Serial4/0/0]nat outbound 2000 address-group 1 //NAT转换,2000为ACL
[R2-Serial4/0/0]nat server global 202.2.12.200 inside 10.1.100.100
//配置NAT映射,将服务器映射为公网地址202.2.12.200
[R2-Serial4/0/0]quit
[R2]acl 3000 //配置编号为3000的ACL
[R2-acl-adv-3000]rule 0 deny ip source 10.1.21.0 0.0.0.255 destination 202.0.0.0 0.255.255.255 //规则0
[R2-acl-adv-3000]rule 5 deny ip source 10.1.22.0 0.0.0.255 destination 202.0.0.0 0.255.255.255 //规则5
[R2-acl-adv-3000]quit
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
//接口调用ACL3000
[R2-GigabitEthernet0/0/0]quit
华为的ACL和Cisco类似,分为基本和高级,类似于Cisco的标准和扩展。其中基本的编号位2000~2999,高级的编号为3000~3999,rule后面的编号表示ACL规则的生效顺序。
上述命令中,ACL2000中标为红色字体的规则允许了一个汇总地址10.1.0.0/20,而该ACL最终将应用到NAT中,也就意味着ACL2000中允许的流量将进行NAT转换。实验要求VLAN21、VLAN22以及对应的网段10.1.21.0/24和10.1.22.0/24不能访问互联网。因为10.1.0.0/20汇总地址包含了VLAN11、 VLAN12、 VLAN13、 VLAN14,但是不包括VLAN2I和VLAN22,所以导致VLAN21和VLAN22发起的流量因为不匹配ACL2000而不能进行NAT转换,从而导致不能访问互联网。而ACL3000 也做了明确的限制,因为ACL3000直接应用在接口上,所以VLAN21和VLAN22的流量匹配拒绝规则直接丢弃。通过这两种方式都可以保证VLAN21和VLAN22不能访问互联网,生产环境中选择其一即可。本章只是考虑尽可能多地展示华为命令而已。
[R1]int s4/0/0
[R1-Serial4/0/0]ip address 202.2.12.2 24
[R1-Serial4/0/0]undo shutdown
Info: Interface Serial4/0/0 is not shutdown.
[R1-Serial4/0/0]int g0/0/0
[R1-GigabitEthernet0/0/0]ip address 202.2.2.1 24
[R1-GigabitEthernet0/0/0]undo shutdown
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R1-GigabitEthernet0/0/0]quit
9.调整全局路由
RIP区域的计算机若想访问互联网,要有对外的路由,生产环境中一般是生成默认路由。下面尝试在R3的RIP进程中通过命令注入一条默认路由,前提是R3自己要有默认路由。可以在R5上查看路由表,以验证是否存在对外的默认路由
//R3的配置如下
[R3]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 22 Routes : 22
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 O_ASE 150 1 D 10.1.113.1 GigabitEthernet 0/0/0
10.1.11.0/24 OSPF 10 3 D 10.1.113.1 GigabitEthernet 0/0/0
10.1.12.0/24 OSPF 10 3 D 10.1.113.1 GigabitEthernet 0/0/0
10.1.13.0/24 OSPF 10 3 D 10.1.113.1 GigabitEthernet 0/0/0
10.1.14.0/24 OSPF 10 3 D 10.1.113.1 GigabitEthernet 0/0/0
10.1.21.0/24 RIP 100 1 D 10.1.134.4 GigabitEthernet 0/0/1
10.1.22.0/24 RIP 100 1 D 10.1.134.4 GigabitEthernet 0/0/1
10.1.100.0/24 RIP 100 2 D 10.1.134.4 GigabitEthernet 0/0/1
10.1.111.0/24 OSPF 10 2 D 10.1.113.1 GigabitEthernet 0/0/0
10.1.112.0/24 OSPF 10 2 D 10.1.113.1 GigabitEthernet 0/0/0
10.1.113.0/24 Direct 0 0 D 10.1.113.3 GigabitEthernet 0/0/0
10.1.113.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/0
10.1.113.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/0
10.1.122.0/24 OSPF 10 3 D 10.1.113.1 GigabitEthernet 0/0/0
10.1.134.0/24 Direct 0 0 D 10.1.134.3 GigabitEthernet 0/0/1
10.1.134.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1
10.1.134.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1
10.1.145.0/24 RIP 100 1 D 10.1.134.4 GigabitEthernet 0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R3]rip
[R3-rip-1]default-route originate //向RIP注入一条默认路由
[R3-rip-1]quit
//R5的配置如下
[R5]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 22 Routes : 22
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 RIP 100 2 D 10.1.145.4 GigabitEthernet 0/0/2
10.1.11.0/24 RIP 100 2 D 10.1.145.4 GigabitEthernet 0/0/2
10.1.12.0/24 RIP 100 2 D 10.1.145.4 GigabitEthernet 0/0/2
10.1.13.0/24 RIP 100 2 D 10.1.145.4 GigabitEthernet 0/0/2
10.1.14.0/24 RIP 100 2 D 10.1.145.4 GigabitEthernet 0/0/2
10.1.21.0/24 RIP 100 1 D 10.1.145.4 GigabitEthernet 0/0/2
10.1.22.0/24 RIP 100 1 D 10.1.145.4 GigabitEthernet 0/0/2
10.1.100.0/24 Direct 0 0 D 10.1.100.1 GigabitEthernet 0/0/0
10.1.100.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/0
10.1.100.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/0
10.1.111.0/24 RIP 100 2 D 10.1.145.4 GigabitEthernet 0/0/2
10.1.112.0/24 RIP 100 2 D 10.1.145.4 GigabitEthernet 0/0/2
10.1.113.0/24 RIP 100 2 D 10.1.145.4 GigabitEthernet 0/0/2
10.1.122.0/24 RIP 100 2 D 10.1.145.4 GigabitEthernet 0/0/2
10.1.134.0/24 RIP 100 1 D 10.1.145.4 GigabitEthernet 0/0/2
10.1.145.0/24 Direct 0 0 D 10.1.145.5 GigabitEthernet 0/0/2
10.1.145.5/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/2
10.1.145.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/2
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
华为的display命令
1.查看VLAN信息
[S1]display vlan
The total number of vlans is : 8
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/2(D) GE0/0/3(D) GE0/0/4(D) GE0/0/5(D)
GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D)
GE0/0/10(D) GE0/0/13(D) GE0/0/14(D) GE0/0/15(D)
GE0/0/16(D) GE0/0/17(D) GE0/0/18(D) GE0/0/19(D)
GE0/0/20(D) GE0/0/21(U) GE0/0/22(U) GE0/0/23(D)
GE0/0/24(D) Eth-Trunk12(U)
11 common TG:GE0/0/21(U) GE0/0/22(U) Eth-Trunk12(U)
12 common TG:GE0/0/21(U) GE0/0/22(U) Eth-Trunk12(U)
13 common TG:GE0/0/21(U) GE0/0/22(U) Eth-Trunk12(U)
14 common TG:GE0/0/21(U) GE0/0/22(U) Eth-Trunk12(U)
1000 common TG:GE0/0/21(U) GE0/0/22(U) Eth-Trunk12(U)
1001 common UT:GE0/0/1(U)
TG:GE0/0/21(U) GE0/0/22(U) Eth-Trunk12(U)
1002 common TG:GE0/0/21(U) GE0/0/22(U) Eth-Trunk12(U)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
11 enable default enable disable VLAN 0011
12 enable default enable disable VLAN 0012
13 enable default enable disable VLAN 0013
14 enable default enable disable VLAN 0014
1000 enable default enable disable VLAN 1000
1001 enable default enable disable VLAN 1001
1002 enable default enable disable VLAN 1002
2.查看接口状态
[S1]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 6
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned up down
Vlanif11 10.1.11.1/24 up up
Vlanif12 10.1.12.1/24 up up
Vlanif1000 10.1.122.11/24 up up
Vlanif1001 10.1.111.11/24 up up
华为的虚接口名称以Vlanif开头,它是Vlan Interface的缩写
3.查看某一个接口的当前配置信息
[S1]display current-configuration interface Vlanif 1000
#
interface Vlanif1000
ip address 10.1.122.11 255.255.255.0
#
return
4.查看NAT转换条目
当主机ping的时候,会出现转换条目
5.查看OSPF邻居信息
[S1]display ospf peer brief
OSPF Process 110 with Router ID 10.1.11.1
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 Vlanif1000 10.1.13.1 Full
0.0.0.0 Vlanif1001 10.1.113.1 Full
----------------------------------------------------------------------------
6.查看ACL信息
[R2]display acl all
Total quantity of nonempty ACL number is 2
Basic ACL 2000, 2 rules
Acl's step is 5
rule 0 permit source 10.1.0.0 0.0.15.255
rule 10 permit source 10.1.100.0 0.0.0.255
Advanced ACL 3000, 2 rules
Acl's step is 5
rule 0 deny ip source 10.1.21.0 0.0.0.255 destination 202.0.0.0 0.255.255.255
rule 5 deny ip source 10.1.22.0 0.0.0.255 destination 202.0.0.0 0.255.255.255
实验结果验证
1.验证以太通道配置
[S1]display eth-trunk 12 //查看eth-trunk信息
Eth-Trunk12's state information is:
Local:
LAG ID: 12 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to DA
System Priority: 1000 System ID: 4c1f-cca5-2c58
Least Active-linknumber: 1 Max Active-linknumber: 8
Operate status: up Number Of Up Port In Trunk: 2
--------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet0/0/11 Selected 1GE 32768 12 3121 10111100 1
GigabitEthernet0/0/12 Selected 1GE 32768 13 3121 10111100 1
Partner:
--------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey PortState
GigabitEthernet0/0/11 32768 4c1f-cc6d-2c90 32768 12 3121 10111100
GigabitEthernet0/0/12 32768 4c1f-cc6d-2c90 32768 13 3121 10111100
2.验证VLAN间路由
在PC1上尝试ping内网所有的VLAN均可以通信
3.验证RIP和OSPF
在R3上,即可以看到OSPF学习到的路由,又可以看到RIP学习到的路由
4.验证重分发
5.验证NAT转换
在PC1上尝试ping互联网,然后在R2上查看转换条目,可以看到源地址10.1.11.100转换为202.2.12.100。在PC7上尝试ping服务器映射后的地址202.2.12.200,在R5和Server1之间抓包可以抓到该流量,说明该流量到达R2之后,被重定向到内部服务器。
抓包R5的G0/0/0
PC7pingserver1映射的IP地址
有流量到达Server1,并且目标地址已经被转换
6.验证PC5不能访问互联网
先查看ACL3000的信息
PC5尝试ping互联网
再次查看ACL3000的时候发现多配置了5个包,并且动作是丢弃
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 【译】Visual Studio 中新的强大生产力特性
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 【设计模式】告别冗长if-else语句:使用策略模式优化代码结构