1.telnet登录配置核心命令:
telnet server enable
protocol inbound telnet
authentication-mode password //配置认证方式为password
set authentication password
user privilege level 15
#
authentication-mode aaa
aaa //配置认证方式为AAA
local-user admin123 password irreversible-cipher abcd@123
local-user admin123 service-type telnet
local-user admin123 privilege level 15
2.DHCP基于全局、接口、中继配置核心命令:
dhcp enable
ip pool 1 //创建地址池
network 10.1.1.0 mask 24
gateway 10.1.1.254
dns-list 8.8.8.8
excluded-ip-address 10.1.1.250 10.1.1.253
lease day 8
dhcp select global //应用全局
dhcp select interface //应用接口
dhcp server select interface
dhcp server dns 8.8.8.8
dhcp server excluded-ip-address 10.1.1.2
dhcp server lease day 8
#
dhcp server group 1 //创建DHCP服务器组
dhcp-server 10.1.1.1 //配置中继服务器地址
#
interface vlanif 20
ip address 20.20.20.1 24
dhcp select relay //选择DHCP中继服务
dhcp relay server-select 1 //应用DHCP服务器组
3.NAT五种配置核心命令:
全局静态NAT
nat static global 1.1.1.2 inside 10.1.1.2
nat static enable
接口静态NAT
nat static global 1.1.1.2 inside 10.1.1.2
动态NAT
nat address-group 1 1.1.1.20 1.1.1.25
acl 2001
rule 10 permit source 10.1.1.0 0.0.0.255
nat outbound 2001 address-group 1 no-pat
NAPT
nat address-group 1.1.1.100 1.1.1.100
nat outbound 2001 address-group 1
Easy IP
acl 2001
rule 10 permit source 10.1.1.0 0.0.0.255
nat outbound 2001
4.基本ACL、高级ACL、ACL流策略、策略路由配置核心命令:
acl 2000 //基本acl
rule 10 piemit source 10.1.1.1 0.0.0.0
acl 3000 //高级acl
rule 10 permit ip source 10.1.1.0 0.0.0.255 destination 100.1.1.1 0.0.0.0
#
acl 2000
rule permit source 192.168.1.0 0.0.0.255
acl 2001
rule permit source 192.168.2.0 0.0.0.255
traffic classifier 2000
if-match acl 2000
traffic classifier 2001
if-match acl 2001
traffic behavior 2000
redirect ip-nexthop 10.1.1.1
traffic behavior 2001
redirect ip-nexthop 20.1.1.1
traffic policy policy-route
traffic policy policy-route inbound //将ACL流策略应用接口实现策略路由
5.BFD、BFD单臂回声、NQA监测网络状态配置核心命令:
bfd
bfd R1R2 bind peer-ip 10.1.1.2 source-ip 10.1.1.1 auto //BFD自动参数
commit
#
bfd 1 bind peer-ip 10.1.1.2 source-ip 10.1.1.1 one-arm-echo //BFD单臂回声手动参数
discriminator local 123
discriminator remote 123
min-tx-interval 100
min-rx-interval 100
wtr 1
commit
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2 track bfd-session 1
#
nqa test-instance root icmp //NQA配置命令
test-type icmp
frequency 10
probe-count 2
destination-address ipv4 10.1.1.2
strat now
ip route-static 0.0.0.0 0.0.0.0 10.1.1.2 track nqa root icmp
6.VRRP、STP、MSTP配置核心命令:
interface vlanif 10 //启用VRRP
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 120
vrrp vrid 10 preemit-mode timer delay 20
#
stp enable //启用STP
stp mode stp
stp root primary
stp pathcost-standard legacy
stp cost 20000
stp bpdu-protection
#
stp region-configuration //启用MSTP
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
stp instance 1 root primary //配置SwitchA为MSTI1的根桥
stp instance 2 root secondary //配置SwitchA为MSTI2的备份根桥
stp pathcost-standard legacy
7.RIP宣告路由、OSPF宣告路由、BGP宣告对等体、路由策略(引进路由)配置核心命令:
rip 1 //RIP宣告路由
version 2
network 12.0.0.0
#
ospf 1 //OSPF宣告路由
area 0
network 23.1.1.0 0.0.0.255
network 0.0.0.0 0.0.0.0 //宣告全网
#
bgp 100 //BGP宣告对等体
peer 34.1.1.2 as-number 200
#
acl 2000
rule 10 permit source 30.1.1.0 0.0.0.255
route-policy 10 permit node 10
if-match acl 2000
rip 1
import-route ospf 1 route-policy 10 //RIP引进OSPF路由
acl 2001
rule 10 permit source 10.1.2.0 0.0.0.255
route-policy 20 permit node 20
if-match acl 2001
ospf 1
import-policy rip 1 route-policy 20 //OSPF引进RIP路由
#
rip/ospf 1 //将RIP或OSPF引进BGP
version 2
import-route bgp
bgp 100 ////将RIP或OSPF单播引进BGP
inv4-family unicast
import-route rip 1
bag 200
ipv4-family unicast
peer 45.1.1.2 next-hop-local //将RIP或OSPF单播引进下一跳改为路由本身
8.IPsec静态与ike隧道配置核心命令:
acl 3000
rule 10 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
ipsec proposal cd
esp authentication-algorithm sha2-256 创建预共享密钥
esp encryption-algorithm aes-128
ipsec policy chengdu 10 manual
security acl 3000
proposal cd
tunnel local 100.1.1.1
tunnel remote 200.1.1.1
sa spi inbound esp 54321
sa string-key inbound esp cipher summer
sa spi outbound esp 12345
sa string-key outbound esp cipher summer
ipsec policy chengdu //将IPsec静态配置应用在接口上
#
acl 3000
rule 10 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
ike proposal 10
authentication-algorithm sha1
encryption-algorithm aes-cbc-128
dh group14
ike peer bj v1
pre-shared-key cipher summer
ike proposal 10
local-address 100.1.1.1
remoto-address 200.1.1.1
ipsec proposal cd
sep authentication-algorithm sha2-256
sep encryption-algorithm aes-128
ipsec policy chengdu 10 isakmp
security acl 3000
ike-peer bj
proposal cd
ipsec policy chengdu //将IPsec的ike配置应用在接口上
9.无线WLAN隧道与直接转发模式配置核心命令:
wlan //配置AP上线
regulatory-domain-profile name summer
country-code CN
ap-group name summer
regulatory-domain-profile summer
Y
capwap source interface vlanif 100
wlan
ap auth-mode mac-auth
ap-id 1 ap-mac 00e0-fc9e-3770
ap-name VLAN101-001
ap-group summer
Y
wlan //配置无线WLAN业务下发对应AP
security-profile name 0
security wpa-wpa2 psk pass-phrase hot12345 aes
wlan
ssid-profile name summer
ssid work
wlan
vap-profile name work
forward-mode tunnel/dirct-forward //更换AP转发方式
service-vlan vlan-id 101
security-profile 0
ssid-profile summer
wlan
ap-group name summer
vap-profile work wlan 1 radio 0
vap-profile work wlan 1 radio 1
vap-profile summer wlan 2 radio all
10.eth-trunk链路聚合静态与LACP模式、堆叠istack、SNMPv1/2/3配置核心命令:
interface eth-trunk 1 //启用静态链路聚合
trunkport gigabitethernet 0/0/1 to 0/0/3
load-balance src-dst-mac
#
interface eth-trunk 1
mode lacp
max active-linkunmber 2
interface gigabitethernet 0/0/1
eth-trunk 1 //接口上应用LCAP链路聚合
#
interface stack-port 0/1 //接口启用堆叠
port interface gigabitethernet 0/0/27 enable Y
stack slot 0 priority 200 Y
stack slot 0 renumber 1 Y
#
snmp-agent sys-info version v1 //SNMPv1
snmp-agent community write huawei
snmp-agent community complexity-check disable
snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname huawei
#
snmp-agent sys-info version v2c //SNMPv2
snmp-agent mib-view excluded allextisis 1.3.6.1.3.37
snmp-agent community write adminnms2 mib-view allextisis acl 2001
snmp-agent target-host inform address udp-domain 1.1.1.2 params securityname adminnms2 v2c
#
snmp-agent sys-info version v3 //SNMPv3
snmp-agent mib-view included isoview iso
snmp-agent usm-user v3 nms-admin group admin
snmp-agent usm-user v3 nms-admin authentication-mode md5
snmp-agent group v3 admin privacy write-view isoview
snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname nms-admin v3 privacy