华为路由器与交换机常用命令（20200618）

这是我第一次写博客。里面是以前自己学习华为的路由与交换的课程时，整理的常用命令。

基本命令

< Huawei>system-view	进入系统视图
[Huawei]interface GigabitEthernet 0/0/0	进入接口
[Huawei]sysname RTA	配置设备名称为RTA
[Huawei-GigabitEthernet0/0/0]ip address 10.0.12.1 255.255.255.0	配置接口IP地址
[Huawei-GigabitEthernet0/0/0]interface loopback 0	进入loopback 0 口
[Huawei-LoopBack0]ip address 1.1.1.1 32	配置接口loopback 0 IP地址
< huaweii>save	保存
< RTA>reboot	设备重启

交换机的基本配置命令

system-view	进入特权模式
[SWA]interface GigabitEthernet 0/0/1	进入接口
[SWA-GigabitEthernet0/0/1]undo negotiation auto	以太网端口的自协商
[SWA-GigabitEthernet0/0/1]speed 100	端口的工作速率 100
[SWA-GigabitEthernet0/0/1]duplex full	以太网端口的双工模式

生成树协议STP基本配置命令

[SWA]stp mode stp stp	用来配置交换机的生成树协议模式
[SWA]stp priority 4096	配置交换机优先级
[SWA-GigabitEthernet0/0/1]stp cost 2000	配置路径开销

静态路由配置命令

[RTB]ip route-static 192.168.1.0 255.255.255.0 10.0.12.1	1.0去往下一跳地址
[RTB]ip route-static 192.168.1.0 255.255.255.0 Serial 1/0/0	1.0去往下一跳接口
[RTB]ip route-static 192.168.1.0 24 Serial 1/0/0

OSPF基本配置命令

[RTA]interface GigabitEthernet 0/0/0	进入接口
[RTA- GigabitEthernet0/0/0]ospf cost 20	配置开销为20
[RTB]ospf	进入ospf进程1
[RTB-ospf-1]bandwidth-reference 10000	设置带宽参考值为 10000
[RTA]ospf router-id 1.1.1.1	设置router-id
[RTA-ospf-1]area 0	进入骨干区域（区域0）
[RTA-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255	宣告网段
[RTA-GigabitEthernet0/0/0]ospf authentication-mode md5 1 huawei	配置OSPF认证（分区域认证和接口认证两种）

DHCP配置命令

DHCP接口地址池配置

[Huawei]dhcp enable	使能DHCP
[Huawei]interface GigabitEthernet0/0/0	进入接口
[Huawei-GigabitEthernet0/0/0]dhcp select interface	使能接口模式
[Huawei-GigabitEthernet0/0/0]dhcp server dns-list 10.1.1.2	指定DNS服务器地址
[Huawei-GigabitEthernet0/0/0]dhcp server excluded-ip-address 10.1.1.2	不参与自动分配的IP地址
[Huawei-GigabitEthernet0/0/0]dhcp server lease day 3	租用有效期限为3天

DHCP全局地址池配置

[Huawei]dhcp enable	使能DHCP
[Huawei]ip pool pool 2	创建全局地址池
[Huawei-ip-pool-pool2]network 1.1.1.0 mask 24	分配的网段地址
[Huawei-ip-pool-pool2]gateway-list 1.1.1.1	配置出口网关地址
[Huawei-ip-pool-pool2]lease day 10	租用有效期限为10天
[Huawei-ip-pool-pool2]quit	退出
[Huawei]interface GigabitEthernet0/0/1	进入接口
[Huawei-GigabitEthernet0/0/1]dhcp select global	使能全局模式

FTP配置

[Huawei]ftp server enable	使能FTP功能。
[Huawei]set default ftp-directory flash:/	设置FTP用户的默认工作目录
[Huawei]aaa	进入AAA视图
[Huawei-aaa]local-user huawei password cipher huawei12	指定用户名为huawei和密码为huawei12
[Huawei-aaa]local-user huawei service-type ftp	配置本地用户的接入类型为ftp
[Huawei-aaa]local-user huawei ftp-directory flash:/	设置FTP用户的默认工作目录
[Huawei-aaa]local-user huawei access-limit 200	指定用户名可建立的最大连接数目 200
[Huawei-aaa]local-user huawei idle-timeout 0 0	指定用户的闲置超时时间
[Huawei-aaa]local-user huawei privilege level 3	指定用户的优先级
ftp 172.16.1.1	与远程FTP服务器建立控制连接，并进入FTP客户端视图

Trying 172.16.1.1 …
Press CTRL+K to abort
Connected to 172.16.1.1.
220 FTP service ready.
User(172.16.1.1:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in.
[ftp]binary 文件传输方式为Binary模式，又称二进制模式
200 Type set to I.
[ftp]get vrp.cc 从远程FTP服务器下载文件并保存在本地

Telnet 配置命令

认证模式	描述
AAA	AAA 认证
Password	登录时只通过密码实现认证

命令：

[Huawei]interface Ethernet 2/0/0
[Huawei-Ethernet2/0/0]ip address 10.1.1.1 24
[Huawei]user-interface vty 0 4
[Huawei-ui-vty0-4]authentication-mode password
[Huawei-ui-vty0-4]set authentication password cipher

Enter Password(<8-128>): huawei12
telnet 10.1.1.1
Trying 10.1.1.1 …
Press CTRL+K to abort
Connected to 10.1.1.1 …
Login authentication
Password:
Info: The max number of VTY users is 10, and the number
of current VTY users on line is 1.
The current login time is 2013-04-19 16:32:00.

链路聚合配置

二层链路聚合配置

[SWA]interface Eth-Trunk 1
[SWA-Eth-Trunk1]interface GigabitEthernet0/0/1
[SWA-GigabitEthernet0/0/1]eth-trunk 1
[SWA-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[SWA-GigabitEthernet0/0/2]eth-trunk 1

三层链路聚合配置

[RTA]interface eth-trunk 1
[RTA-Eth-Trunk1]undo portswitch
[RTA-Eth-Trunk1]ip address 100.1.1.1 24
[RTA-Eth-Trunk1]quit
[RTA]interface GigabitEthernet 0/0/1
[RTA-GigabitEthernet0/0/1]eth-trunk 1
[RTA-GigabitEthernet0/0/1]quit
[RTA]interface GigabitEthernet0/0/2
[RTA-GigabitEthernet0/0/2]eth-trunk 1
[RTA-GigabitEthernet0/0/2]quit

VLAN配置

[SWA]vlan 10
[SWA-vlan10]quit
[SWA]vlan batch 2 to 3

配置Access端口

[SWA]interface GigabitEthernet 0/0/5
[SWA-GigabitEthernet0/0/5]port link-type access
[SWA-GigabitEthernet0/0/5]interface GigabitEthernet 0/0/7
[SWA-GigabitEthernet0/0/7]port link-type access

添加端口到VLAN

[SWA]vlan 2
[SWA-vlan2]port GigabitEthernet 0/0/7
[SWA-vlan2]quit
[SWA]interface GigabitEthernet0/0/5
[SWA-GigabitEthernet0/0/5]port default vlan 3

配置Trunk端口

[SWA-GigabitEthernet0/0/1]port link-type trunk
[SWA-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3

配置Hybrid端口

[SWA-GigabitEthernet0/0/1]port link-type hybrid
[SWA-GigabitEthernet0/0/1]port hybrid tagged vlan 2 3 100
[SWA-GigabitEthernet0/0/2]port hybrid pvid vlan 2
[SWA-GigabitEthernet0/0/2]port hybrid untagged vlan 2 100
[SWA-GigabitEthernet0/0/3]port hybrid pvid vlan 3
[SWA-GigabitEthernet0/0/3]port hybrid untagged vlan 3 100

配置Hybrid

[SWB-GigabitEthernet0/0/1]port link-type hybrid
[SWB-GigabitEthernet0/0/1]port hybrid tagged vlan 2 3 100
[SWB-GigabitEthernet0/0/2]port hybrid pvid vlan 100
[SWB-GigabitEthernet0/0/2]port hybrid untagged vlan 2 3 100

配置Voice VLAN

[SWB]vlan 2
[SWB-vlan2]interface GigabitEthernet 0/0/1
[SWB-GigabitEthernet0/0/1]voice-vlan 2 enable
[SWB-GigabitEthernet0/0/1]voice-vlan mode auto
[SWB-GigabitEthernet0/0/1]quit
[SWB]voice-vlan mac-address 0011-2200-0000 mask ffff-ff00-0000

单臂路由配置

交换机上
[SWA]vlan batch 2 3
[SWA-GigabitEthernet0/0/1]port link-type trunk
[SWA-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3
[SWA-GigabitEthernet0/0/2]port link-type access
[SWA-GigabitEthernet0/0/2]port default vlan 2
[SWA-GigabitEthernet0/0/3]port link-type access
[SWA-GigabitEthernet0/0/3]port default vlan 3
路由器上
[RTA]interface GigabitEthernet0/0/1.1
[RTA-GigabitEthernet0/0/1.1]dot1q termination vid 2
[RTA-GigabitEthernet0/0/1.1]ip address 192.168.2.254 24
[RTA-GigabitEthernet0/0/1.1]arp broadcast enable
[RTA]interface GigabitEthernet0/0/1.2
[RTA-GigabitEthernet0/0/1.2]dot1q termination vid 3
[RTA-GigabitEthernet0/0/1.2]ip address 192.168.3.254 24
[RTA-GigabitEthernet0/0/1.2]arp broadcast enable

三层交换配置

[SWA]vlan batch 2 3
[SWA-GigabitEthernet0/0/1]port link-type access
[SWA-GigabitEthernet0/0/1]port default vlan 2
[SWA-GigabitEthernet0/0/2]port link-type access
[SWA-GigabitEthernet0/0/2]port default vlan 3
[SWA]interface vlanif 2
[SWA-Vlanif2]ip address 192.168.2.254 24
[SWA-Vlanif2]quit
[SWA]interface vlanif 3
[SWA-Vlanif3]ip address 192.168.3.254 24
[SWA-Vlanif3]quit

HDLC基本配置

[RTA]interface Serial 1/0/0
[RTA-Serial1/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
[RTA-Serial1/0/0]ip address 10.0.1.1 30

HDLC接口地址借用

[RTA]interface Serial 1/0/0
[RTA-Serial1/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
[RTA-Serial1/0/0]ip address unnumbered interface loopBack 0
[RTA]ip route-static 10.1.1.0 24 Serial 1/0/0

PPP基本配置

[RTA]interface Serial 1/0/0
[RTA-Serial1/0/0]link-protocol ppp
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
[RTA-Serial1/0/0]ip address 10.1.1.1 30

PAP认证

[RTA]aaa
[RTA-aaa]local-user huawei password cipher huawei123
[RTA-aaa]local-user huawei service-type ppp
[RTA]interface Serial 1/0/0
[RTA-Serial1/0/0]link-protocol ppp
[RTA-Serial1/0/0]ppp authentication-mode pap
[RTA-Serial1/0/0]ip address 10.1.1.1 30
[RTB]interface Serial 1/0/0
[RTB-Serial1/0/0]link-protocol ppp
[RTB-Serial1/0/0]ppp pap local-user huawei password cipher huawei123
[RTB-Serial1/0/0]ip address 10.1.1.2 30

配置CHAP认证模式

[RTA]aaa
[RTA-aaa]local-user huawei password cipher huawei123
[RTA-aaa]local-user huawei service-type ppp
[RTA]interface Serial 1/0/0
[RTA-Serial1/0/0]link-protocol ppp
[RTA-Serial1/0/0]ppp authentication-mode chap
[RTB]interface Serial 1/0/0
[RTB-Serial1/0/0]link-protocol ppp
[RTB-Serial1/0/0]ppp chap user huawei
[RTB-Serial1/0/0]ppp chap password cipher huawei123

PPPoE配置

PPPoE客户端配置：

1.创建拨号规则:

[RTA]dialer-rule

1>dialer-rule拨号规则;
2>规则内容为允许所有;

[Huawei]dialer-rule
[RTA-dialer-rule]dialer-rule 1 ip permit

2.创建拨号接口：

[Huawei]interface Dialer 0

1>配置链路协议为ppp;

[Huawei-Dialer0]link-protocol ppp

2>设置用户名及密码（与服务器配置保持一致）;

[Huawei-Dialer0]ppp chap user huawei
[Huawei-Dialer0]ppp chap password cipher 00000000

3>配置接口IP地址获取方式为ppp协商;

[Huawei-Dialer0]ip address ppp-negotiate

4>创建拨号用户;

[Huawei-Dialer0]dialer user haha

5>创建拨号组;

[Huawei-Dialer0]dialer-group 1

6>创建拨号接口与物理接口绑定号；

[Huawei-Dialer0]dialer bundle 100

3.配置拨号接口与物理接口绑定；

[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]pppoe-client dial-bundle-number 100

PPPoE服务器配置：

1.创建PPPoE服务器地址池；

[Huawei]ip pool PPPoE
[Huawei-ip-pool-PPPoE]network 12.12.12.0 mask 24

2.配置aaa计费认证；

[Huawei]aaa

1>配置本地认证用户名及密码;

[Huawei-aaa]local-user huawei password cipher 00000000

2>服务类型为ppp；

[Huawei-aaa]local-user huawei service-type ppp

3.创建虚拟模板接口:

[Huawei]int Virtual-Template 0

1>配置接口IP地址;

[Huawei-Virtual-Template0]ip address 12.12.12.2 24

2>匹配本地服务器地址池;

[Huawei-Virtual-Template0]remote address pool pppoe

3>ppp认证模式设为chap;

ppp authentication-mode chap

4>设置chap认证用户名及密码（与aaa计费认证一致）；

ppp chap user huawei
ppp chap password cipher 00000000

4.虚拟模板接口与物理接口绑定；

int g0/0/0
pppoe-server bind virtual-templte 0

网络地址转换NAT配置

静态NAT配置

[RTA]interface GigabitEthernet0/0/1
[RTA-GigabitEthernet0/0/1]ip address 192.168.1.254 24
[RTA-GigabitEthernet0/0/1]interface Serial1/0/0
[RTA-Serial1/0/0]ip address 200.10.10.2 24
[RTA-Serial1/0/0]nat static global 202.10.10.1 inside 192.168.1.1
[RTA-Serial1/0/0]nat static global 202.10.10.2 inside 192.168.1.2

动态NAT配置

[RTA]nat address-group 1 200.10.10.1 200.10.10.200
[RTA]acl 2000
[RTA-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[RTA-acl-basic-2000]quit
[RTA]interface serial1/0/0
[RTA-Serial1/0/0]nat outbound 2000 address-group 1 no-pat

Easy IP配置

[RTA]acl 2000
[RTA-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[RTA-acl-basic-2000]quit
[RTA]interface serial1/0/0
[RTA-Serial1/0/0]nat outbound 2000

NAT服务器配置

[RTA]interface GigabitEthernet0/0/1
[RTA-GigabitEthernet0/0/1]ip address 192.168.1.254 24
[RTA-GigabitEthernet0/0/1]interface Serial1/0/0
[RTA-Serial1/0/0]ip address 200.10.10.2 24
[RTA-Serial1/0/0]nat server protocol tcp global 202.10.10.1 www inside 192.168.1.1 8080

访问控制列表ACL

基本ACL配置

[RTA]acl 2000
[RTA-acl-basic-2000]rule deny source 192.168.1.0 0.0.0.255
[RTA]interface GigabitEthernet 0/0/0
[RTA-GigabitEthernet 0/0/0]traffic-filter outbound acl 2000

高级ACL配置

[RTA]acl 3000
[RTA-acl-adv-3000]rule deny tcp source 192.168.1.0 0.0.0.255 destination 172.16.10.1 0.0.0.0 destination-port eq 21
[RTA-acl-adv-3000]rule deny tcp source 192.168.2.0 0.0.0.255 destination 172.16.10.2 0.0.0.0
[RTA-acl-adv-3000]rule permit ip
[RTA-GigabitEthernet 0/0/0]traffic-filter outbound acl 3000

ACL应用-NAT

[RTA]nat address-group 1 202.110.10.8 202.110.10.15
[RTA]nat address-group 2 202.115.60.1 202.115.60.30
[RTA]acl 2000
[RTA-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[RTA-acl-basic-2000]acl 2001
[RTA-acl-basic-2001]rule permit source 192.168.2.0 0.0.0.255
[RTA-acl-basic-2001]interface GigabitEthernet0/0/0
[RTA-GigabitEthernet0/0/0]nat outbound 2000 address-group 1
[RTA-GigabitEthernet0/0/0]nat outbound 2001 address-group 2

SNMP配置

[RTA]snmp-agent
[RTA]snmp-agent sys-info version v2c
[RTA]snmp-agent trap enable
[RTA]snmp-agent trap source GigabitEthernet0/0/1

RIP 配置

RIP基本配置

[RTA]rip
[RTA-rip-1]version 2
[RTA-rip-1]network 10.0.0.0

RIP配置-Metricin

[RTC]interface GigabitEthernet 0/0/0
[RTC-GigabitEthernet1/0/0]rip metricin 2

RIP配置-Metricout

[RTA]interface GigabitEthernet 0/0/0
[RTA-GigabitEthernet0/0/0]rip metricout 2

水平分割&毒性逆转

[RTC]interface GigabitEthernet 0/0/0
[RTC-GigabitEthernet0/0/0]rip split-horizon
[RTC-GigabitEthernet0/0/0]rip poison-reverse

RIP配置-Input

[RTD]interface GigabitEthernet 0/0/1
[RTD-GigabitEthernet0/0/1]undo rip input

抑制接口

[RTD]rip
[RTD-rip-1]silent-interface GigabitEthernet 0/0/1