命令行基础功能
CTRL+A 把光标移动到当前命令行的最前端
+C 停止当前命令的运行
+Z 回到用户视图
+] 终止当前连接或切换连接
配置系统时钟
clock timezone 设置所在时区
clock datetime 设置当前时间和日期
clock daylight-saving-time 设置采用夏时制
配置标题消息
header login 配置在用户登陆前显示的标题消息
header shell 配置在用户登陆后显示的标题消息
用户界面
Console / VTY
VTY一般最多支持15个用户
[r1]user-interface maximum-vty ?
INTEGER<0-15> The maximum number of VTY users, the default value is 5
配置用户界面命令
user-interface console 0
idle-timeout 设置超时时间
screen-length 设置指定终端屏幕的临时显示行数
history-commandmax-size 设置历史命令缓冲区的大小
配置登陆权限
user-interface vty 0
user privilege 配置指定用户界面下的用户级别
set authentication password 配置本地认证密码
基本查询命令
pwd 查看当前目录
dir 显示当前目录下的文件信息
more 查看文本文件的具体内容
基本目录操作
cd 修改用户当前界面的工作目录
mkdir 创建新的目录
rmdir 删除目录
文件操作
copy 复制文件
move 移动文件
rename 重命名文件
delete/unreserved 删除/永久删除文件
undelete 恢复删除文件
reset recycle-bin 彻底删除回收站中的文件
配置文件查询
dis current-configuration 显示当前配置文件
display saved-configuration 显示保存的配置文件
配置文件保存
save
系统启动文件查询
dispaly startup 查看系统启动配置参数
配置文件重置
reset saved-configuration 清除下次启动时加载的配置文件
VRP系统更新-从TFTP服务器获取VRP
tftp 10.1.1.2 get AR2220E-V200R003C00SPC600.cc
startup system-software ARxxx.cc
reboot
交换机基本配置
[sw1-GigabitEthernet0/0/2]undo negotiation auto 改变接口工作模式
[sw1-GigabitEthernet0/0/2]duplex full 以太网端口的双工模式
STP
stp mode stp/rstp/mstp 改变STP模式
stp root primary/secondary 交换机配置为根桥/备份根桥
stp priority 配置根桥选举优先级,取值越小优先级越高
stp port priority 修改端口优先级,取值越小优先级越高
stp cost 修改端口开销值
RSTP
stp edged-port enable 配置边缘端口
stp bpdu-protection 配置BPDU保护功能
stp loop-protection 配置环路保护功能,主要在根端口和Alternate端口配置
OSPF单区域配置
首先完成IP配置
配置OSPF
[R1]ospf 1 router-id 10.0.1.1 默认进程号为1,进程号只有本地意义,同一路由域的不同路由器可以使用相同或不同的OSPF进程号
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 10.0.1.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 10.0.13.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255
[R2-ospf-1]dis th
ospf 1 router-id 10.0.2.2
area 0.0.0.0
network 10.0.2.0 0.0.0.255
network 10.0.12.0 0.0.0.255
[R3]ospf 1 router-id 10.0.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 10.0.3.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 10.0.13.0 0.0.0.255
display ospf interface GigabitEthernet 0/0/0 查看ospf接口信息
[R1-GigabitEthernet0/0/0]ospf timer hello 15 修改hello时间dead时间
[R3]ip route-static 0.0.0.0 0.0.0.0 LoopBack 2
[R3-ospf-1]default-route-advertise OSPF缺省路由发布,需开启默认路由通告
[R1-GigabitEthernet0/0/0]ospf dr-priority 201 修改接口优先级
Neighbors
Area 0.0.0.0 interface 10.0.13.1(GigabitEthernet0/0/0)'s neighbors
Router ID: 10.0.3.3 Address: 10.0.13.3
State: Full Mode:Nbr is Master Priority: 100 此处显示对端DR优先级
DR: 10.0.13.3 BDR: 10.0.13.1 MTU: 0
Dead timer due in 37 sec
Retrans timer interval: 5
Neighbor is up for 00:03:56
Authentication Sequence: [ 0 ]
OSPF认证
[R1-GigabitEthernet0/0/1]ospf authentication-mode md5 1 huawei 接口和区域都可运行
DHCP接口地址池配置
dhcp enable 使能DHCP功能
dhcp select interface 关联接口地址池
dhcp server dns-list 指定接口地址池下的DNS服务器地址
dhcp server excluded-ip-address 设置不参与分配的IP地址范围
dhcp server lease 配置租用期
DHCP全局地址池配置
ip pool 创建全局地址池
network 配置全局地址池下可分配的网段地址
gateway-list 配置DHCP服务器全局地址池的出口网关地址
lease 配置租用期
dhcp select global 关联全局ip地址池
display ip pool 查看地址池信息
交换机端口启用DHCP发现
[SW1]dhcp enable
[SW1]interface Vlanif 1
[SW1-Vlanif1]ip address dhcp-alloc
交换机获取地址后会自动生成一条指向DHCP服务器的缺省静态路由
Telnet
认证模式
AAA AAA认证(用户名和密码)
Password 密码认证
[R1-ui-vty0-4]authentication-mode password
Please configure the login password (maximum length 16):huawei
telnet 10.0.12.1
二层链路聚合配置
[SW1]interface Eth-Trunk 1
[SW1-GigabitEthernet0/0/1]eth-trunk 1
[SW1-GigabitEthernet0/0/2]eth-trunk 1
[SW2]interface Eth-Trunk 1
[SW2-GigabitEthernet0/0/1]eth-trunk 1
[SW2-GigabitEthernet0/0/2]eth-trunk 1
[SW2]display interface Eth-Trunk 1 查看链路聚合信息
LACP链路聚合
[S1]interface Eth-Trunk 1
[S1-Eth-Trunk1]mode lacp
[S1-Eth-Trunk1]quit
[S1]interface GigabitEthernet 0/0/9
[S1-GigabitEtherneto/0/9]eth-trunk 1
[S1-GigabitEthernet0/0/9]quit
[S1]interface GigabitEthernet 0/0/10
[S1-GigabitEthernet0/0/10]eth-trunk 1
[S2]interface Eth-Trunk 1
[S2-Eth-Trunk1]mode lacp
[S2-Eth-Trunk1]quit
[S2]interface GigabitEthernet 0/09
[S2-GigabitEthernet0/0/9]eth-trunk 1
[S2-GigabitEthernet0/0/9]quit
[S2]interface GigabitEthernet 0/0/10
[S2-GigabitEthernet0/0/10]eth-trunk 1
三层链路聚合配置
[SW1]interface Eth-Trunk 1
[SW1-Eth-Trunk1]undo portswitch
[SW1-GigabitEthernet0/0/1]eth-trunk 1
[SW1-GigabitEthernet0/0/2]eth-trunk 1
[SW2]interface Eth-Trunk 1
[SW2-Eth-Trunk1]undo portswitch
[SW2-GigabitEthernet0/0/1]eth-trunk 1
[SW2-GigabitEthernet0/0/2]eth-trunk 1
三层链路聚合,需要执行undo port switch把聚合链路从二层转为三层链路,之后可以为Eth-Trunk逻辑口分配一个IP地址
VLAN配置
[SW1]vlan 10
[SW1]vlan batch 2 to 3
配置Access端口
[SW1-Ethernet0/0/1]port link-type access
添加端口到VLAN
[SW1-vlan2]port Ethernet 0/0/1
[SW1-Ethernet0/0/1]port default vlan 2
配置Trunk端口
[SW1-Eth-Trunk1]port link-type trunk
[SW1-Eth-Trunk1]port trunk allow-pass vlan 2 3 修改允许通过的VLAN帧
[SW1-Ethernet0/0/2]port trunk pvid vlan 2 修改缺省vlan
配置Hybrid端口
[SW2-Ethernet0/0/1]dis th
interface Ethernet0/0/1
port hybrid pvid vlan 2 修改缺省VLAN
可选择对不同VLAN帧进行操作:
port hybrid untagged vlan 2 3 (连接用户)
port hybrid tagged vlan 2 3 (连接交换机)
VLAN路由
如果不同VLAN不属于同一个网段,则需要三层路由
- 每个VLAN一个物理路由器连接
- 单臂路由(需开启dot1q和arp broadcast)
- 三层交换(vlanif)
配置三层交换
先添加vlan,vlan加入端口
[SW2]interface Vlanif 2
[SW2-Vlanif2]ip address 192.168.2.254 24
三层交换实验
1.在S1和S2上批量创建VLAN3到VLAN7
2.配置Eth-Trunk链路
3.配置VLANIF三层接口
4.为R1、R3、S3、和S4配置IP地址和缺省路由
5.检测VLAN3和VLAN4间的连通性
6.在S1和S2上配置OSPF协议
修改PVID使物理端口加入三层VLANIF逻辑接口->
VLANIF号和VLAN是绑定的,因此S1和S2之间的VLAN(PVID)要与VLANIF号相同,也包括其他网段
因为不能在交换机上配置物理IP地址,所以S3和S4使用本地管理接口VLANIF1配置IP地址
[s1]dis current-configuration
#
sysname s1
#
vlan batch 3 to 7
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif3
ip address 10.0.3.254 255.255.255.0
#
interface Vlanif4
ip address 10.0.4.254 255.255.255.0
#
interface Vlanif5
ip address 10.0.5.1 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
port link-type trunk
port trunk pvid vlan 5
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 4
port hybrid untagged vlan 3 to 7
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
eth-trunk 1
#
interface GigabitEthernet0/0/10
eth-trunk 1
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
port hybrid pvid vlan 3
port hybrid untagged vlan 3 to 7
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.255.255.255
#
user-interface con 0
user-interface vty 0 4
#
return
[s2]dis current-configuration
#
sysname s2
#
vlan batch 3 to 7
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif5
ip address 10.0.5.2 255.255.255.0
#
interface Vlanif6
ip address 10.0.6.254 255.255.255.0
#
interface Vlanif7
ip address 10.0.7.254 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
port link-type trunk
port trunk pvid vlan 5
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 6
port hybrid untagged vlan 3 to 7
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
port hybrid pvid vlan 7
port hybrid untagged vlan 3 to 7
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
eth-trunk 1
#
interface GigabitEthernet0/0/10
eth-trunk 1
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.255.255.255
#
user-interface con 0
user-interface vty 0 4
#
return
[r1]dis current-configuration
[V200R003C00]
#
sysname r1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip address 10.0.4.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.0.4.254
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[r3]dis cu
[V200R003C00]
#
sysname r3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address 10.0.6.3 255.255.255.0
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.0.6.254
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[s3]dis cu
#
sysname s3
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
ip address 10.0.3.3 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.0.3.254
#
user-interface con 0
user-interface vty 0 4
#
return
[s4]dis cu
#
sysname s4
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
ip address 10.0.7.4 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.0.7.254
#
user-interface con 0
user-interface vty 0 4
#
return
串行链路协议HDLC
[RTA-Ssrial1/0/0]link-protocol hdlc
HDLC接口地址借用
[RTA-Serial1/0/0]ip address unnumbered interface looBack 0
[RTA]ip route-static 10.1.1.0 24 Serial 1/0/0 借用接口地址还需配置静态路由
串行链路协议PPP
有CHAP(加密) PAP认证
LCP可检测链路环境
NCP可适应不同网络层协议
[RTA-Ssrial1/0/0]link-protocol ppp
PAP
[RTA]aaa
[RTA-aaa]local-user huawei password cipher huawei123
[RTA-aaa]local-user huawei service-type ppp
[RTA]interface serial 1/0/0
[RTA-Serial1/0/0]link-protocol ppp
[RTA-Serial1/0/0]ppp authentication-mode pap
[RTA-Serial1/0/0]ip address 10.1.1.130
[RTB]interface serial 1/0/0
[RTB-Serial1/0/0]link-protocol ppp
[RTB-Serial1/0/0]ppp pap local-user huawei password cipher huawei123
[RTB-Serial1/0/0]ip address 10.1.1.2 30
CHAP
[RTA]aaa
[RTA-aaa]local-user huawei password cipher huawei123
[RTA-aaa]local-user huawei service-type ppp
[RTA]interface Serial 1/0/0
[RTA-Serial1/0/0]link-protocol ppp
[RTA-Serial1/0/0]ppp authentication-mode chap
[RTB]interface Serial 1/0/0
[RTB-Serial1/0/0]link-protocol ppp
[RTB-Serial1/0/0]ppp chap user huawei
[RTB-Serial1/0/0]ppp chap password cipher huawei123
NAT
- 静态NAT
- 动态NAT
- NAPT
- Easy IP
- NAT服务器
静态NAT
[Huawei-GigabitEthernet0/0/0]ip add 192.168.1.254 24
[Huawei-GigabitEthernet0/0/2]ip add 200.10.10.2 24
[Huawei-GigabitEthernet0/0/2]nat static global 202.10.10.1 inside 192.168.1.1
NAT服务器
[RTA]interface GigabitEthernet0/0/1
[RTA-GigabitEthernet0/0/]ip address 192.168.1.254 24
[RTA-GigabitEthernet0/0/1]interface serial1/0/0
[RTA-Serial1/0/0]ip address 200.10.10.2 24
[RTA-Serial1/0/0]nat server protocol tcp global 202.10.10.1 www inside 192.168.1.1 8080
公网访问内网
基本ACL
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule deny source 192.168.1.0 0.0.0.255
[Huawei-GigabitEthernet0/0/0]traffic-filter outbound acl 2000
[Huawei]display traffic-filter applied-record
高级ACL
[Huawei]acl 3000
[Huawei-acl-adv-3000]rule deny tcp source 192.168.1.0 0.0.0.255 destination 172.
16.10.1 0.0.0.0 destination-port eq 21
[Huawei-acl-adv-3000]rule permit ip 最后一条规则需匹配所有IP报文,对报文执行允许动作
[Huawei-GigabitEthernet0/0/1]traffic-filter outbound acl 3000
ACL应用-动态NAT
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[Huawei-acl-basic-2000]acl 2001
[Huawei-acl-basic-2001]rule permit source 192.168.2.0 0.0.0.255
[Huawei-GigabitEthernet0/0/0]nat outbound 2000 address-group 1
[Huawei-GigabitEthernet0/0/0]nat outbound 2001 address-group 2 no-pat
私网192.168.1.0/24使用地址池1进行转换
私网192.168.2.0/24使用地址池2进行转换,no-pat表示不转换端口信息
ACL应用-EASY IP
[RTA] acl 2000
[RTA-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[RTA-acl-basic-2000]quit
[RTA]interface serial1/0/0
[RTA-serial1/0/0]nat outbound 2000
将多个内部地址映射到网关出接口地址上的不同端口
AAA
[RTA-aaa] local-user huawei@huawei password cipher huawei123
[RTA-aaa] local-user huawei@huawei service-type telnet
[RTA-aaa] local-user huawei@huawei privilege level 0
[RTA]user-interface vty 04
[RTA-ui-vty0-4 ] authentication-mode aaa
GRE
1.创建隧道接口
[r1]interface Tunnel 0/0/0 //创建隧道接口
[r1-Tunnel0/0/0lip address 192.168.3.1 24
[r1-Tunnel0/0/0]tunnel-protocol gre //定义封装方式
[r1-Tunnel0/0/0]source 12.0.0.1 //定义封装内容,注意是物理接口IP地址
[r1-Tunnel0/0/0]destination 23.0.0.3
双方均需要进行GRE配置
2.配置虚拟静态路由条目
修改OSPF接口Cost值
[r1-GigabitEthernet1/0/0]ospf cost 20
[r1-LoopBack0]ospf cost 20
配置OSPF的Silent-linterface
[r1-ospf-1]silent-interface GigabitEthernet 1/0/0
OSPF多区域实验
任务思路
- 设备 IP 地址配置。
- 按照规划配置 OSPF 区域。
- 检查 OSPF 配置结果,检查 OSPF 邻居关系状态,在 ABR 上查看 OSPF LSDB。
- 在 ABR、ASBR 上配置路由汇总,减少区域间、外部路由数量。
- 修改 OSPF 的参考带宽值。
- 在 OSPF 中引入缺省路由。
- 修改 OSPF 域内、域间路由和域外路由的缺省路由优先级。
1.修改LoopBack接口网络类型为Broadcast,路由汇总
2.[R1-ospf-1] bandwidth-reference 10000 修改OSPF带宽参考值,所有设备统一
3.#使用 R1 的 Loopback0 接口模拟 Internet 接入,在 R1 上配置缺省路由,且出接口指定为Loopback0
[R1]ip route-static 0.0.0.0 0.0.0.0 LoopBack 0
#将缺省路由引入到 OSPF,指定外部路由类型为 1
[R1-ospf-1] default-route-advertise always type 1
4.#修改 R1、R3 设备上的 OSPF 区域内和区域之间的路由优先级为 20,修改 OSPF 外部路由的优先级为 50
[R1]ospf 1
[R1-ospf-1] preference 20
[R1-ospf-1] preference ase 50
[R3-ospf-1] preference 20
[R3-ospf-1] preference ase 50
[r1]dis cu
[V200R003C00]
#
sysname r1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.0.123.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.1.1
default-route-advertise always type 1
area 0.0.0.2
network 10.0.1.0 0.0.0.255
network 10.0.123.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 LoopBack0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[r2]dis cu
[V200R003C00]
#
sysname r2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.0.24.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.123.2 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.0
ospf network-type broadcast
#
interface LoopBack1
ip address 10.2.0.1 255.255.255.0
#
interface LoopBack2
ip address 10.2.1.1 255.255.255.0
#
ospf 1 router-id 10.0.2.2
asbr-summary 10.2.0.0 255.255.254.0
import-route direct
area 0.0.0.0
network 10.0.2.0 0.0.0.255
network 10.0.24.0 0.0.0.255
area 0.0.0.2
abr-summary 10.3.0.0 255.255.254.0
network 10.0.123.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[r3]dis cu
[V200R003C00]
#
sysname r3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.0.123.3 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.0
ospf network-type broadcast
#
interface LoopBack1
ip address 10.3.0.1 255.255.255.0
ospf network-type broadcast
#
interface LoopBack2
ip address 10.3.1.1 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.3.3
area 0.0.0.2
network 10.0.3.0 0.0.0.255
network 10.0.123.0 0.0.0.255
network 10.3.0.0 0.0.0.255
network 10.3.1.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<r4>dis cu
[V200R003C00]
#
sysname r4
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.0.24.4 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.45.4 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.4.4
area 0.0.0.0
network 10.0.4.0 0.0.0.255
network 10.0.24.0 0.0.0.255
area 0.0.0.1
abr-summary 10.5.0.0 255.255.254.0
network 10.0.45.0 0.0.0.255
area 0.0.0.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<r5>dis cu
[V200R003C00]
#
sysname r5
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip address 10.0.45.5 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.0.5.5 255.255.255.0
ospf network-type broadcast
#
interface LoopBack1
ip address 10.5.0.1 255.255.255.0
ospf network-type broadcast
#
interface LoopBack2
ip address 10.5.1.1 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.5.5
area 0.0.0.1
network 10.0.5.0 0.0.0.255
network 10.0.45.0 0.0.0.255
network 10.5.0.0 0.0.0.255
network 10.5.1.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
OSPF的邻接关系和LSA
任务思路
- 设备 IP 地址配置。
- 按照规划配置 OSPF 多区域。
- 检查 OSPF 配置结果,检查 OSPF 邻居关系状态,检查 OSPF 路由表,检查 OSPFLSDB。
- 手动修改接口的 DR 优先级,人工干预 OSPF DR、BDR 的选举结果。
- 在 R5 上将直连路由引入到 OSPF 中,在 R1 上观察 Type-5 LSA。
- 单独观察 Type-1 LSA、Type-2 LSA、Type-3 LSA、Type-4 LSA
- R1 上通过 debug 观察 OSPF LSU、LSAck、LSR 报文。
[r1]dis cu
[V200R003C00]
#
sysname r1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip address 10.0.123.1 255.255.255.0
ospf dr-priority 0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.1.1
area 0.0.0.0
network 10.0.123.0 0.0.0.255
area 0.0.0.2
network 10.0.1.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<r2>dis cu
[V200R003C00]
#
sysname r2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip address 10.0.123.2 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.2.2
area 0.0.0.0
network 10.0.2.0 0.0.0.255
network 10.0.123.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[r3]dis cu
[V200R003C00]
#
sysname r3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip address 10.0.123.3 255.255.255.0
ospf dr-priority 2
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.3.3
area 0.0.0.0
network 10.0.3.0 0.0.0.255
network 10.0.123.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<r4>dis cu
[V200R003C00]
#
sysname r4
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ospf dr-priority 0
#
interface GigabitEthernet0/0/1
ip address 10.0.123.4 255.255.255.0
ospf dr-priority 0
#
interface GigabitEthernet0/0/2
ip address 10.0.45.4 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.4.4
area 0.0.0.0
network 10.0.4.0 0.0.0.255
network 10.0.123.0 0.0.0.255
area 0.0.0.1
network 10.0.45.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<r5>dis cu
[V200R003C00]
#
sysname r5
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address 10.0.45.5 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 10.0.5.5 255.255.255.0
#
ospf 1 router-id 10.0.5.5
import-route direct
area 0.0.0.1
network 10.0.45.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
OSPF Stub区域与NSSA区域实验
任务思路
- 设备 IP 地址配置。
- 按照规划配置 OSPF 区域。
- 检查 OSPF 配置结果,检查 OSPF 邻居关系状态,检查 OSFP 路由表。
- 在 R2、R5 上将外部路由引入到 OSPF 中。
- 配置区域 2 为 Stub 区域,观察区域 2 内 OSPF 路由表、LSDB 的变化。
- 配置区域 1 为 NSSA 区域,观察区域 1 内 OSPF 路由表、LSDB 的变化。
- 查看 R4 的 OSPF 路由器身份,在 R4 上观察 Type-7 LSA 向 Type-5 LSA 的转换。
<r1>dis cu
[V200R003C00]
#
sysname r1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip address 10.0.13.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.1.1
area 0.0.0.2
network 10.0.1.1 0.0.0.0
network 10.0.13.0 0.0.0.255
stub
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<r2>dis cu
[V200R003C00]
#
sysname r2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address 10.0.23.2 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.2.2
default-route-advertise cost 20 type 1
area 0.0.0.3
network 10.0.23.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 LoopBack0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<r3>dis cu
[V200R003C00]
#
sysname r3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.0.23.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.13.3 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 10.0.34.3 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.3.3
area 0.0.0.0
network 10.0.3.3 0.0.0.0
network 10.0.34.0 0.0.0.255
area 0.0.0.2
network 10.0.13.0 0.0.0.255
stub no-summary
area 0.0.0.3
network 10.0.23.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<r4>dis cu
[V200R003C00]
#
sysname r4
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip address 10.0.45.4 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 10.0.34.4 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.0
ospf network-type broadcast
#
ospf 1
area 0.0.0.0
network 10.0.4.4 0.0.0.0
network 10.0.34.0 0.0.0.255
area 0.0.0.1
network 10.0.45.0 0.0.0.255
nssa
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<r5>dis cu
[V200R003C00]
#
sysname r5
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip address 10.0.45.5 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.0.5.5 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.5.5
import-route direct
area 0.0.0.1
network 10.0.45.0 0.0.0.255
nssa
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return