网络工程师备考6章（续2）

hang_AI427

已于 2023-01-11 17:06:06 修改

阅读量644

点赞数 1

分类专栏：考试文章标签：华为

于 2023-01-09 09:58:50 首次发布

本文链接：https://blog.csdn.net/qq_32752467/article/details/128580251

版权

考试专栏收录该内容

12 篇文章

订阅专栏

6.15 华为命令行基础

华为基本命令行主要有三块，分别是视图标识符、命令和参数

打开华为的模拟器，eNSP:

几种常见的视图：

用户视图 <Huawei>：简单查看运行状态和统计信息

系统视图 [Huawei]：<Huawei>: system-view进入系统视图，可配置全局参数，进入其他视图。

配置特定接口或者特定功能进入相应视图：例如：[Huawei]: user-interface vty 0 4 进入<Huawei-ui-vty0-4>

基本命令梳理：

1. sy是简写的命令，可以用Tab键自动补全
<Huawei>sy	
<Huawei>system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]q

2. 同上使用简写的sy命令直接进去
<Huawei>
<Huawei>sy
Enter system view, return user view with Ctrl+Z.

3. 进入0-4所有的接口 vty口是VTY线路虚拟终端，对VTY的0到4号端口（即0号、1号、2号、3号、4号）进行配置
[Huawei]user-interface vty 0 4

4. 显示所有的接口，int就是interface的简写。
[Huawei-ui-vty0-4]display int brief
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(b): BFD down
^down: standby
(e): ETHOAM down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface                   PHY   Protocol InUti OutUti   inErrors  outErrors
Ethernet0/0/0               down  down        0%     0%          0          0
Ethernet0/0/1               down  down        0%     0%          0          0
Ethernet0/0/2               down  down        0%     0%          0          0
Ethernet0/0/3               down  down        0%     0%          0          0
Ethernet0/0/4               down  down        0%     0%          0          0
Ethernet0/0/5               down  down        0%     0%          0          0
Ethernet0/0/6               down  down        0%     0%          0          0
Ethernet0/0/7               down  down        0%     0%          0          0
GigabitEthernet0/0/0        up    down        0%     0%          0          0
GigabitEthernet0/0/1        down  down        0%     0%          0          0
NULL0                       up    up(s)       0%     0%          0          0

5. 进入g0/0的接口
[Huawei-ui-vty0-4]int g0/0/0
[Huawei-GigabitEthernet0/0/0]

6. 配置ip : 以下两种配置方法都可以
[Huawei-GigabitEthernet0/0/0]ip add 12.1.1.1 24
Jan 10 2023 10:38:27-08:00 Huawei %%01IFNET/4/LINK_STATE(l)[0]:The line protocol
 IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[Huawei-GigabitEthernet0/0/0]ip add 12.1.1.1 255.255.255.0
Error: The address already exists.

7. 配置好的ip如何取消；（思科的命令和华为的是不一样的）
[Huawei-GigabitEthernet0/0/0]undo ip add 12.1.1.1 24
[Huawei-GigabitEthernet0/0/0]
Jan 10 2023 11:07:40-08:00 Huawei %%01IFNET/4/LINK_STATE(l)[0]:The line protocol
 IP on the interface GigabitEthernet0/0/0 has entered the DOWN state. 

8. 使用 dispaly ip intergface breif 查看一下
注：以下可以使用简写的方法
[Huawei-GigabitEthernet0/0/0]di ip int br
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 1
The number of interface that is DOWN in Protocol is 2

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              unassigned           up         down      
GigabitEthernet0/0/1              unassigned           down       down      
NULL0                             unassigned           up         up(s)

----------------------------------------------------------------------------------------
9. 再进入acl配置一下：# 创建一个编号为2000的编号型访问控制列表。
[Huawei]acl 2000
[Huawei-acl-basic-2000]

10. 还可以接入VLAN视图：例如vlan10；#默认有一个vlan 1
[Huawei]vlan 10
[Huawei-vlan10]dis vlan
* : management-vlan
---------------------
The total number of vlans is : 2
VLAN ID Type         Status   MAC Learning Broadcast/Multicast/Unicast Property 
--------------------------------------------------------------------------------

1       common       enable   enable       forward   forward   forward default  
10      common       enable   enable       forward   forward   forward default  
[Huawei-vlan10]

11. 一次创建两个vlan 通过这个命令可以一次创建两个vlan
[Huawei]vlan batch 5 20

6.15.1 常用命令

[Huawei]sys ROUTER
[ROUTER]

[ROUTER]display this #显示我最近敲的一些命令
[V200R003C00]
#
 sysname ROUTER
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
vlan batch 10
#
 set cpu-usage threshold 80 restore 75
#
return
[ROUTER]

# 查看路由器当前所有的配置 display cun
[ROUTER]display current-configuration 
[V200R003C00]
#
 sysname ROUTER
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
vlan batch 10
#
 set cpu-usage threshold 80 restore 75
#
acl number 2000  
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface NULL0
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac

可以使用|方法，选定输出的内容，这里有四个命令可供选择；
[ROUTER]display current-configuration | ?
  begin    Begin with the line that matches # 从哪一行开始全部找出来
  count    Count the matched lines # 
  exclude  Match the character strings excluding with the regular expression
  include  Match the character strings including with the regular expression 
[ROUTER]display current-configuration | begin aaa
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
  ---- More ----
# include 把aaa有关的命令都给找出来
[ROUTER]display current-configuration | in aaa
aaa

注：可以通过ctrl+z退出系统模式

6.15.2 语法检查

6.15.3 配置标题消息和系统时钟

(1) 标题消息

远程登录的适合才会显示标题；

所以我们先配置远程登录的用户名：

[ROUTER]user-interface vty 0 4
[ROUTER-ui-vty0-4]authentication-mode password 
Please configure the login password (maximum length 16):admin
[ROUTER-ui-vty0-4]dis ip int br
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 1
The number of interface that is DOWN in Protocol is 2

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              12.1.1.1/24          up         up        
GigabitEthernet0/0/1              unassigned           down       down      
NULL0                             unassigned           up         up(s)

注：authentication-mode 常见的配置参数有三种计算机网络实验（华为eNSP模拟器）——第六章密码模式和AAA模式_晚风(●•σ )的博客-CSDN博客
进入到user-interface vty 0 4用户面板（一台路由器上有两个用户面板，有一个console口，五个cty口，必须要确定登录哪个口）：
1、authentication-mode aaa或authentication-mode scheme
进入aaa模式，可以开始创建用户名和密码。

scheme是组合的意思.就是组合认证方式,即输入:用户名+密码认证..
1.进入用户界面：user-interface 0 4 （和思科里面的VTY一样，0 4是指可以有5个用户会话同时连接，0,1,2,3,4 ）
2.设置认证模式为组合模式（用户名加密码）：Authenticate-mode scheme
3.建立本地用户名:local-user 用户名,
4.设置用户密码:password simple 密码...
5.设置访问服务类型为telnet：service-type telnet
6.设置授权访问级别：level 3
7.退出:quit

可以在一行或两行里就写完上述命令：

local-user admin123 privilege level 0 password cipher admin123

local-user admin123 service-type telnet

2、authentication-mode password
直接在user-interface vty 下用passrod设置密码，不需要用户名就可以直接登录。

3、authentication-mode none
远程维护登陆不需要密码。

我们在本地就可以远程登录:

[ROUTER]q
<ROUTER>telnet 12.1.1.1
  Press CTRL_] to quit telnet mode
  Trying 12.1.1.1 ...
  Connected to 12.1.1.1 ...

Login authentication

再设置标题：

#1. 先退出远程登录

<ROUTER>q

  Configuration console exit, please press any key to log on

<ROUTER>sy
Enter system view, return user view with Ctrl+Z.

#2. 设置登录的标题
[ROUTER]header login information 'welcome!'
[ROUTER]q

#3. 重新远程登录一下，发现下面显示了welcome!
<ROUTER>telnet 12.1.1.1
  Press CTRL_] to quit telnet mode
  Trying 12.1.1.1 ...
  Connected to 12.1.1.1 ...
welcome!

Login authentication


Password:
<ROUTER>

#4. 设置登录成功后的标题
<ROUTER>q
  Configuration console exit, please press any key to log on
<ROUTER>sy
Enter system view, return user view with Ctrl+Z.
[ROUTER]header shell information "DON'T REBOOT THE DEVICE!!!!!!!!"
[ROUTER]q
<ROUTER>telnet 12.1.1.1
  Press CTRL_] to quit telnet mode
  Trying 12.1.1.1 ...
  Connected to 12.1.1.1 ...
welcome!

Login authentication


Password:
DON'T REBOOT THE DEVICE!!!!!!!!
<ROUTER>

(2) 系统时钟

# 查看时间

<ROUTER>display cl
2023-01-10 15:33:57
Tuesday
Time Zone(China-Standard-Time) : UTC-08:00

# 设置北京东八区的时间

<ROUTER>clock timezone BJ add 08:00:00

<ROUTER>display cl
2023-01-09 23:36:42
Monday
Time Zone(BJ) : UTC+08:00
<ROUTER>

# 手动设置时间

<ROUTER>clock datetime 08:10:00 2018-3-23
<ROUTER>display cl
2018-03-23 08:10:03
Friday
Time Zone(BJ) : UTC+08:00

6.15.4 快捷键的使用

注：CTRL+A在华为自带的登录终端eNSP里无法使用，在SecureCRT里是可以使用的；

ping本地设置的端口地址：

[Huawei]ping 12.1.1.1
  PING 12.1.1.1: 56  data bytes, press CTRL_C to break
    Reply from 12.1.1.1: bytes=56 Sequence=1 ttl=255 time=30 ms
    Reply from 12.1.1.1: bytes=56 Sequence=2 ttl=255 time=1 ms
    Reply from 12.1.1.1: bytes=56 Sequence=3 ttl=255 time=1 ms
    Reply from 12.1.1.1: bytes=56 Sequence=4 ttl=255 time=1 ms
    Reply from 12.1.1.1: bytes=56 Sequence=5 ttl=255 time=1 ms

  --- 12.1.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 1/6/30 ms

6.15.5 命令等级

以下是第二种创建用户名和密码的方法，上面第一种是先进入vty端口，再进去aaa管理视图，再创建用户名密码。这里的第二种是先进入aaa管理视图，创建用户名密码，登录方法，然后再进入vty接口，使用authentication-mode aaa激活创建的用户名和密码即可。

<Huawei>sy
Enter system view, return user view with Ctrl+Z.

# 进入AAA管理视图
[Huawei]aaa

# 创建0级本地用户admin123，密码设置为admin
[Huawei-aaa]local-user admin123 privilege level 0 password cipher admin123
Info: Add a new user.

# 设置admin123用户为telnet登录
[Huawei-aaa]local-user admin123 service-type telnet 
[Huawei-aaa]q

# 进入vty视图
[Huawei]user-int vty 0 4

# 创建本地用户并启用AAA验证
[Huawei-ui-vty0-4]authentication-mode aaa
[Huawei-ui-vty0-4]q
[Huawei]q
<Huawei>telnet 12.1.1.1
  Press CTRL_] to quit telnet mode
  Trying 12.1.1.1 ...
  Connected to 12.1.1.1 ...

Login authentication


Username:admin123
Password:

6.15.6 用户界面与登录权限

用户界面类型	编号
console（一般是本地）	0
VTY	0-4

命令	功能
user privilege	配置指定用户界面下的用户级别
set authentication password	配置本地认证密码

（1）直接设置console口的密码（本地）

[Huawei]user-int console0
[Huawei-ui-console0]set authentication password cipher admin
[Huawei-ui-console0]q
[Huawei]q
<Huawei>q
  Configuration console exit, please press any key to log on

Login authentication

Password:
<Huawei>

（2）同理也可以设置vty口的密码（远程）

由于之前设置了authentication-mode aaa，所以只需要先undo掉就可以了：

[Huawei-ui-vty0-4]undo authenticatio-mode

然后再登录：

[Huawei-ui-vty0-4]set authentication password cipher admin
[Huawei-ui-vty0-4]q
[Huawei]q
<Huawei>telnet 12.1.1.1
Login authentication

Password:
<Huawei>

6.15.7 配置用户界面命令

命令	功能
idle-timeout	设置超时时间
screen-length	设置指定终端屏幕的临时显示长度
history-command max-size 20	设置历史命令缓冲区大小
display history-command	显示历史命令行

以上命令只需要进入vty或console端口操作即可；

例如：[Huawei-ui-vty0-4]idle-timeout 20 20 # 设置20分钟20s自动超时

两种常用的命令：idle-timeout 0 // 登录永不超时

undo info-center enable // 关闭日志同步：防止正在敲的命令被中间的日志打断

6.16 VRP文件管理系统

注：华为的VRP系统底层还是linux，基本命令基本一致，也有不同的地方。

# 1. 显示当前的配置
<Huawei>dis current-configuration
[V200R003C00]
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface NULL0
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#

# 2. 我们save一下保存到硬盘里
<Huawei>save
  The current configuration will be written to the device. 
  Are you sure to continue? (y/n)[n]:y
  It will take several minutes to save configuration file, please wait.......
  Configuration file had been saved successfully
  Note: The configuration file will take effect after being activated

# 3.查看配置文件：vrpcfg.zip就是配置文件
<Huawei>dir
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time(LMT)  FileName 
    0  drw-              -  Jan 11 2023 07:28:46   dhcp
    1  -rw-        121,802  May 26 2014 09:20:58   portalpage.zip
    2  -rw-          2,263  Jan 11 2023 07:28:41   statemach.efs
    3  -rw-        828,482  May 26 2014 09:20:58   sslvpn.zip
    4  -rw-            352  Jan 11 2023 07:32:59   private-data.txt
    5  -rw-            541  Jan 11 2023 07:32:58   vrpcfg.zip

1,090,732 KB total (784,456 KB free)

# 4.假如以后手动上传了一个配置文件叫vrpcfg1.zip，我们希望下次启动会自动加载配置文件
<Huawei>startup saved-configuration vrpcfg1.zip
This operation will take several minutes, please wait....
Info: Succeeded in setting the file for booting system

6.16.1 网络设备中的存储

6.17 VRP系统升级演示

6.17.1 常见的文件传输协议

6.17.2 VRP升级的步骤

搭建FTP/TFTP：

假定已经搭建好FTP/TFTP服务器：

<Huawei>ftp 10.1.1.100
Trying 10.1.1.100 ...

Press CTRL+X to abort
Connected to 10.1.1.100.
220 SCom SCDaemon FTP 服务器版本 2.0
User(10.1.1.100:(none)):admin
331 用户名正确，需要口令
Enter password:
230 用户已登录 

# 1. 备份本地的操作系统,假设操作系统文件名为 sslvpn.zip
[Huawei-ftp]put sslvpn.zip 

# 2. 如果空间不够，我们删除本地的操作系统
[Huawei-ftp]q
[Huawei]delet sslvpn.zip

# 3. 从服务器上下载系统
<Huawei>ftp 10.1.1.100
Trying 10.1.1.100 ...

Press CTRL+X to abort
Connected to 10.1.1.100.
220 SCom SCDaemon FTP 服务器版本 2.0
User(10.1.1.100:(none)):admin
331 用户名正确，需要口令
Enter password:
230 用户已登录 

<Huawei-ftp>get system.zip

# 4. 开始升级系统
<Huawei>startup system-software system.zip

# 5. 查看升级后的系统版本
<Huawei>dispaly version

系统升级：

TFTP：直接一条命令：