华为命令
华为命令
eth-trunk
手动模式的链路聚合
[s1]interface Eth-Trunk 1
[s1-Eth-Trunk1]quit
[s1]interface gigabitethernet 0/0/1
[s1-GigabitEthernet0/0/1]eth-trunk 1
[s1-GigabitEthernet0/0/1]quit
[s1]interface gigabitethernet 0/0/2
[s1-GigabitEthernet0/0/2]eth-trunk 1
[s2]interface Eth-Trunk 1
[s2-Eth-Trunk1]quit
[s2]interface gigabitethernet 0/0/1
[s2-GigabitEthernet0/0/1]eth-trunk 1
[s2-GigabitEthernet0/0/1]quit
[s2]interface gigabitethernet 0/0/2
[s2-GigabitEthernet0/0/2]eth-trunk 1
静态lacp模式的链路聚合
[s1]interface Eth-Trunk 1
[s1-Eth-Trunk1]mode lacp-static
[s1-Eth-Trunk1]quit
[s1]interface gigabitethernet 0/0/1
[s1-GigabitEthernet0/0/1]eth-trunk 1
[s1-GigabitEthernet0/0/1]quit
[s1]interface gigabitethernet 0/0/2
[s1-GigabitEthernet0/0/2]eth-trunk 1
在s1上配置系统优先级为100,使其成为lacp主动端
[s1]lacp priority 100
在s1上配置接口优先级确定活动链路
[s1]interface gigabitethernet 0/0/1
[s1-GigabitEthernet0/0/1]lacp priority 100
[s1-GigabitEthernet0/0/1]quit
[s1]interface gigabitethernet 0/0/2
[s1-GigabitEthernet0/0/2]lacp priority 100
[s2]interface Eth-Trunk 1
[s2]mode lacp-static
[s2-Eth-Trunk1]quit
[s2]interface gigabitethernet 0/0/1
[s2-GigabitEthernet0/0/1]eth-trunk 1
[s2-GigabitEthernet0/0/1]quit
[s2]interface gigabitethernet 0/0/2
[s2-GigabitEthernet0/0/2]eth-trunk 1
验证配置结果
[s1]display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to SIP-XOR-DIP
System Priority: 100 System ID: 4c1f-cc12-4b06
Least Active-linknumber: 1 Max Active-linknumber: 8
Operate status: up Number Of Up Port In Trunk: 2
--------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet0/0/1 Selected 1GE 100 2 305 10111100 1
GigabitEthernet0/0/2 Selected 1GE 100 3 305 10111100 1
Partner:
--------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey PortState
GigabitEthernet0/0/1 32768 4c1f-cc60-3a1b 32768 2 305 10111100
GigabitEthernet0/0/2 32768 4c1f-cc60-3a1b 32768 3 305 10111100
[s2]display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to SIP-XOR-DIP
System Priority: 32768 System ID: 4c1f-cc60-3a1b
Least Active-linknumber: 1 Max Active-linknumber: 8
Operate status: up Number Of Up Port In Trunk: 2
--------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet0/0/1 Selected 1GE 32768 2 305 10111100 1
GigabitEthernet0/0/2 Selected 1GE 32768 3 305 10111100 1
Partner:
--------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey PortState
GigabitEthernet0/0/1 100 4c1f-cc12-4b06 100 2 305 10111100
GigabitEthernet0/0/2 100 4c1f-cc12-4b06 100 3 305 10111100
通过以上显示信息可以看到,s1的系统优先级为100,高于s2的系统优先级。
stp
stp
1.配置设备生成树协议工作在STP模式
[s1]stp mode stp
[s1]stp root primary //配置为根桥
[s1]stp enabel
[s2]stp mode stp
[s2]stp root secondary //配置备份根桥
[s2]stp enable
[s2]interface gigabitethernet 0/0/3
[s2-gigabitethernet0/0/3]stp disable
[s3]stp mode stp
[s3]stp enable
[s3]interface gigabitethernet 0/0/2
[s3-gigabitethernet0/0/2]stp cost 20000 //配置端口的路径开销为20000,选择阻塞该端口
[s3]dis stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
0 GigabitEthernet0/0/2 ALTE DISCARDING NONE
g0/0/2端口被阻塞了。
stp协议虽然可以解决环路问题,但是由于网络拓扑收敛速度慢,会影响用户通信质量。如果网络中的拓扑频繁变化,用户通信也会频繁中断。所以一般是配置rstp
rstp
[s1]stp mode rstp
[s1]stp root primary //配置为根桥
[s1]stp enabel
[s1]interface gigabitethernet0/0/1
[s1-gigabitethernet0/0/1]stp root-protection //开启根保护功能
[s1]interface gigabitethernet0/0/2
[s1-gigabitethernet0/0/2]stp root-protection //开启根保护功能
[s2]stp mode rstp
[s2]stp root secondary //配置备份根桥
[s2]stp enable
[s2]interface gigabitethernet 0/0/3
[s2-gigabitethernet0/0/3]stp edged-port enable //开启边缘端口,边缘端口可以不通过RSTP计算直接由Discarding状态转发为Forwarding状态
[s3]stp bpdu-protection //开启bpud保护功能,边缘端口直接与用户终端相连,正常情况下不会收到BPDU报文。但如果攻
击者向交换机的边缘端口发送伪造的BPDU报文,交换机会自动将边缘端口设置为非边缘端口,并重新进行生成树计算,从而引起网络震荡。在交换机上配置BPDU保护功能,可以防止该类攻击。
[s3]stp mode rstp
[s3]stp enable
[s2]interface gigabitethernet 0/0/3
[s2-gigabitethernet0/0/3]stp edged-port enable //开启边缘端口
[s3]stp bpdu-protection //开启bpud保护功能
[s3]dis stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
0 GigabitEthernet0/0/2 ALTE DISCARDING NONE
0 GigabitEthernet0/0/3 DESI FORWARDING BPDU
路由协议
rip
ripv1
配IP地址省略
[r1]rip
[r1-rip-1]network 192.168.1.0
[r2]rip
[r2-rip-1]network 192.168.1.0
[r2-rip-1]network 172.16.0.0
[r2-rip-1]network 10.0.0.0
[r3]rip
[r3-rip-1]network 10.0.0.0
查看rip路由表
[r1]dis rip 1 route
Route Flags : R - RIP
A - Aging, G - Garbage-collect
----------------------------------------------------------------------------
Peer 192.168.1.2 on GigabitEthernet0/0/0
Destination/Mask Nexthop Cost Tag Flags Sec
172.16.0.0/16 192.168.1.2 1 0 RA 0
10.0.0.0/8 192.168.1.2 1 0 RA 0
ripv2
在rip-1的基础上做以下配置
[r1]rip
[r1-rip-1]version 2
[r2]rip
[r2-rip-1]version 2
[r3]rip
[r3-rip-1]version 2
查看rip路由表
[r1]dis rip 1 route
Route Flags : R - RIP
A - Aging, G - Garbage-collect
----------------------------------------------------------------------------
Peer 192.168.1.2 on GigabitEthernet0/0/0
Destination/Mask Nexthop Cost Tag Flags Sec
172.16.1.0/24 192.168.1.2 1 0 RA 5
10.1.1.0/24 192.168.1.2 1 0 RA 5
rip最大条数为16,只适用于小型网络
ospf
配置IP地址步骤省略
[a]router id 1.1.1.1
[a]ospf
[a-ospf-1]area 0
[a-ospf-1-area-0.0.0.0]network 192.168.0.0 0.0.0.255
[a-ospf-1-area-0.0.0.0]quit
[a-ospf-1]area 1
[a-ospf-1-area-0.0.0.1]network 192.168.1.0 0.0.0.255
[b] router id 2.2.2.2
[b] ospf
[b-ospf-1] area 0
[b-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
[b-ospf-1-area-0.0.0.0] quit
[b-ospf-1] area 2
[b-ospf-1-area-0.0.0.2] network 192.168.2.0 0.0.0.255
[c] router id 3.3.3.3
[c] ospf
[c-ospf-1] area 1
[c-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255
[c-ospf-1-area-0.0.0.1] network 172.16.1.0 0.0.0.255
[d] router id 4.4.4.4
[d] ospf
[d-ospf-1] area 2
[d-ospf-1-area-0.0.0.2] network 192.168.2.0 0.0.0.255
[d-ospf-1-area-0.0.0.2] network 172.17.1.0 0.0.0.255
[e] router id 5.5.5.5
[e] ospf
[e-ospf-1] area 1
[e-ospf-1-area-0.0.0.1] network 172.16.1.0 0.0.0.255
[f] router id 6.6.6.6
[f] ospf
[f-ospf-1] area 2
[f-ospf-1-area-0.0.0.2] network 172.17.1.0 0.0.0.255
查看a的ospf邻居
[a]dis ospf peer
OSPF Process 1 with Router ID 1.1.1.1
Neighbors
Area 0.0.0.0 interface 192.168.0.1(GigabitEthernet0/0/0)'s neighbors
Router ID: 2.2.2.2 Address: 192.168.0.2
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.0.1 BDR: 192.168.0.2 MTU: 0
Dead timer due in 35 sec
Retrans timer interval: 5
Neighbor is up for 00:11:07
Authentication Sequence: [ 0 ]
Neighbors
Area 0.0.0.1 interface 192.168.1.1(GigabitEthernet0/0/1)'s neighbors
Router ID: 3.3.3.3 Address: 192.168.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.1.1 BDR: 192.168.1.2 MTU: 0
Dead timer due in 39 sec
Retrans timer interval: 5
Neighbor is up for 00:10:07
Authentication Sequence: [ 0 ]
显示a的ospf路由信息
[a]dis ospf routing
OSPF Process 1 with Router ID 1.1.1.1
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
192.168.0.0/24 1 Transit 192.168.0.1 1.1.1.1 0.0.0.0
192.168.1.0/24 1 Transit 192.168.1.1 1.1.1.1 0.0.0.1
172.16.1.0/24 2 Transit 192.168.1.2 3.3.3.3 0.0.0.1
192.168.2.0/24 2 Inter-area 192.168.0.2 2.2.2.2 0.0.0.0
Total Nets: 4
Intra Area: 3 Inter Area: 1 ASE: 0 NSSA: 0
DHCP
全局地址池
[r1]dhcp enable
[r1]ip pool 1
[r1-ip-pool-pool1]network 10.0.1.0 mask 24
[r1-ip-pool-pool1]gateway-list 10.0.1.1
[r1-ip-pool-pool1]dns-list 114.14.114.114
[r1-ip-pool-pool1]lease day 1 hour 12
[r1]interface GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]dhcp select global
接口地址池
[r1]dhcp enable
[r1]interface GigabitEthernet 0/0/1
[r1-GigabitEthernet0/0/0]dhcp select interface
[r1-GigabitEthernet0/0/0]dhcp server dns-list 114.114.114.114
[r1-GigabitEthernet0/0/0]dhcp server lease day 1 hour 12
dhcp中继
[r1]dhcp enable
[r1]ip pool vlan100
[r1-ip-pool-vlan100]network 10.0.1.0 mask 24
[r1-ip-pool-vlan100]gateway-list 10.0.1.2
[r1-ip-pool-vlan100]dns-list 114.14.114.114
[r1]interface GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]ip add 10.0.1.1 24
[r1-GigabitEthernet0/0/0]dhcp select global
[s1]dhcp enable
[s1]vlan 100
[s1]interface vlanif 100
[s1-vlanif100]ip add 10.0.1.2 24
[s1-vlanif100]dhcp select relay
[s1-vlanif100]dhcp relay server-ip 10.0.1.1
[s1]interface gigabitethernet 0/0/1
[s1-gigabitethernet0/0/1]port link-type access
[s1-gigabitethernet0/0/1]port default vlan 100
dhcp snooping
配置了DHCP功能之后,部门内用户主机可以自动获取地址。但是为了防止员工在内网私自接一个小路由器并开启DHCP自动分配地址的功能,导致内网合法用户获取到了私接的小路由器分配的地址而不能正常上网,还需要配置DHCP Snooping功能。
[s1]dhcp enable
[s1]dhcp sooping enable
[s1]port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/24
[s1-port-group]dhcp snooping enable
[s1]interface GigabitEthernet 0/0/1
[s1-GigabitEthernet0/0/1]undo dhcp snooping enable #删除端口snooping服务
[s1-GigabitEthernet0/0/1]dhcp snooping trusted #开启端口信任,只有这个端口分配的IP地址才会接受
LLDP
[s1]lldp enable
[s1]lldp management-address 192.168.0.1 //配置LLDP管理IP地址(可选)
[s2]lldp enable
[s2]lldp management-address 192.168.0.2
查看s1的邻居信息
[s1]display lldp neighbor brief
堆叠
模拟器上做不了堆叠,所以直接按官方文档来
1.规划
规划SwitchA的堆叠成员ID为1,SwitchB的成员ID为2。 规划SwitchA作为主交换机,其堆叠优先级最高,为150。SwitchB的堆叠优先级为120。 规划堆叠域编号(Domain ID)为10,不与网络中其他堆叠系统的域编号冲突。 规划SwitchA和SwitchB用于堆叠连接的端口为10GE1/0/1~10GE1/0/4。
2.配置
[~SwitchA] stack
[~SwitchA-stack] stack member 1 priority 150
[*SwitchA-stack] stack member 1 domain 10
[~SwitchB] stack
[~SwitchB-stack] stack member 1 priority 120
[*SwitchB-stack] stack member 1 domain 10
[*SwitchB-stack] stack member 1 renumber 2 inherit-config
[~SwitchA] interface stack-port 1/1
[*SwitchA-Stack-Port1/1] port member-group interface 10ge 1/0/1 to 1/0/4
Warning: After the configuration is complete,
1.The interface(s) (10GE1/0/1-1/0/4) will be converted to stack mode and be configured with the port crc-statistics trigger error-down command if the configuration does not exist.
2.The interface(s) may go Error-Down (crc-statistics) because there is no shutdown configuration on the interfaces.Continue? [Y/N]: y
[*SwitchA-Stack-Port1/1] commit
[~SwitchB] interface stack-port 1/1
[*SwitchB-Stack-Port1/1] port member-group interface 10ge 1/0/1 to 1/0/4
Warning: After the configuration is complete,
1.The interface(s) (10GE1/0/1-1/0/4) will be converted to stack mode and be configured with the port crc-statistics trigger error-down command if the configuration does not exist.
2.The interface(s) may go Error-Down (crc-statistics) because there is no shutdown configuration on the interfaces.Continue? [Y/N]: y
[*SwitchB-Stack-Port1/1] commit
检查堆叠配置信息
dis stack configuration
loop detection与loopback detection
Loop Detection和Loopback Detection都可用来检测接口自环、设备下挂环路以及设备双接口环路。只不过,Loopback Detection可基于VLAN和接口进行检测,而Loop Detection只能基于VLAN进行检测;但Loop Detection可同时检测4094个VLAN,而Loopback Detection最多仅支持检测8个VLAN。
loop detection
[huawei]loop-detection enable
[huawei]loop-detection enale vlan all
[huawei][huawei]interface g 1/0/1
[huawei-GigabitEthernet1/0/1]loop-detection mode port-shutdown
查看设备上全局环路检测运行情况
[huawei]display loop-detection
loopdack detection
配置接口自环示例
[huawei]interface g 1/0/1
[huawei-GigabitEthernet1/0/1]loopback-detect enable
[huawei-GigabitEthernet1/0/1]loopback-detect action block
[huawei-GigabitEthernet1/0/1]loopback-detect recovery-time 30 //自动恢复时间
配置下挂网路环路示例
[huawei]interface g 1/0/1
[huawei-GigabitEthernet1/0/1]loopback-detect enable
[huawei-GigabitEthernet1/0/1]loopback-detect packet vlan 10
[huawei-GigabitEthernet1/0/1]loopback-detect action shutdown
display loopback-detect
License:
CC BY 4.0