3¡¢acl ÃüÁî¸ñʽ£º

»ù±¾/¸ß¼¶ ACL Ö§³Ö£º

acl [ ipv6 ] acl-number { inbound | outbound } undo acl [ ipv6 ] acl-number { inbound | outbound } ¶þ²ã ACL Ö§³Ö£º acl acl-number inbound undo acl acl-number inbound

¹¦ÄÜ£ºacl ÃüÁîÓÃÀ´ÒýÓ÷ÃÎÊ¿ØÖÆÁÐ±í£¨ ACL£©£¬2000¡«2999£º»ù±¾ ACL ±àºÅ£»3000¡«3999£º¸ß¼¶ ACL ±àºÅ£»4000¡«4999£º¶þ²ã ACL ±àºÅ¡£ Ó¦ÓÃʵÀý£º

system-view [Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 192.168.1.26 0 system-view [Sysname] acl number 3001

[Sysname-acl-adv-3001] rule permit tcp destination 192.168.1.41 0

4¡¢DHCP ÃüÁî¸ñʽ£º

£¨1£©ÅäÖûùÓÚ½Ó¿ÚµØÖ·³ØµÄDHCP [R1]dhcp enable

¿ªÆôDHCP¹¦ÄÜ

[R1-GigabitEthernet0/0/2]dhcp select interface ¿ªÆô½Ó¿ÚµÄDHCP·þÎñ¹¦ÄÜ

[R1-GigabitEthernet0/0/2]dhcp server lease day 2

ÅäÖÃIPµØÖ·×âÓÃÓÐЧÆÚÏÞΪ2Ì죬ĬÈÏΪ1Ì죬³¬¹ý×âÆÚºó¸ÃµØÖ·½«»áÖØзÖÅä [R1-GigabitEthernet0/0/2]dhcp 192.168.3.253

server

excluded-ip-address

192.168.3.251

ÅäÖò»²ÎÓë×Ô¶¯·ÖÅäµÄIPµØÖ·

[R1-GigabitEthernet0/0/2]dhcp server dns-list 8.8.8.8 Ö¸¶¨½Ó¿ÚµØÖ·³ØϵÄDNS·þÎñÆ÷ £¨2£©ÅäÖûùÓÚÈ«¾ÖµØÖ·³ØµÄDHCP [R2]dhcp enable ¿ªÆôDHCP¹¦ÄÜ [R2]ip pool huawei1

´´½¨Ò»¸öÈ«¾ÖµØÖ·³Ø£¬µØÖ·³ØÃû³ÆΪhuawei1 [R3-ip-pool-huawei1]network 192.168.4.0 ¶¯Ì¬·ÖÅäµÄµØÖ··¶Î§192.168.4.0£¬ Èç¹û²»Ö¸¶¨ÑÚÂ룬ÔòĬÈÏʹÓÃ×ÔÈ»ÑÚÂë [R3-ip-pool-huawei1]lease day 2 È«¾ÖµØÖ·³ØϵĵØÖ·×âÆÚ

[R3-ip-pool-huawei1]gateway-list 192.168.4.254 ÅäÖÃDHCP¿Í»§¶ËµÄÍø¹ØµØÖ·

[R3-ip-pool-huawei1]excluded-ip-address 192.168.4.250 192.168.4.253 [R3-ip-pool-huawei1]dns-list 8.8.8.8

[R3]interface GigabitEthernet 0/0/0

[R3-GigabitEthernet0/0/0]dhcp select global

¿ªÆô½Ó¿ÚDHCP¹¦ÄÜ£¬Ö¸¶¨½Ó¿Ú²ÉÓÃÈ«¾ÖµØÖ·³ØΪ¿Í»§¶Ë·ÖÅäIPµØÖ·

5¡¢Eth-Trunk ÃüÁî¸ñʽ£º

[S1]interface Eth-Trunk 1

ÅäÖÃÁ´Â·¾ÛºÏ£¬´´½¨Eth-Trunk 1

[S1-Eth-Trunk1]mode manual load-balance Ö¸¶¨ÎªÊÖ¹¤¸ºÔØ·Öµ£Ä£Ê½

[S1]interface GigabitEthernet 0/0/1 [S1-GigabitEthernet0/0/1]eth-trunk 1 ¼ÓÈëµ½Eth-Trunk 1½Ó¿Ú

[S1]interface GigabitEthernet 0/0/2 [S1-GigabitEthernet0/0/2]eth-trunk 1 ¼ÓÈëµ½Eth-Trunk 1½Ó¿Ú

6¡¢GVRP ÃüÁî¸ñʽ£º

[S1]gvrp

ÔÚ½»»»»úÉÏÆôÓÃGVRP

[S1]interface GigabitEthernet 0/0/1 [S1-GigabitEthernet0/0/1]gvrp ÔÚ½Ó¿ÚÉÏÆôÓÃGVRP

[S3]interface GigabitEthernet 0/0/1

[S3-GigabitEthernet0/0/1]gvrp registration fixed ÔÚ½Ó¿ÚϽ«GVRPµÄ×¢²áģʽÐÞ¸ÄΪFixedģʽ

[S2]interface GigabitEthernet 0/0/1

[S2-GigabitEthernet0/0/1]gvrp registration forbidden ÔÚ½Ó¿ÚϽ«GVRPµÄ×¢²áģʽÐÞ¸ÄΪForbiddenģʽ 7¡¢IPV6 ÃüÁî¸ñʽ£º [R1]ipv6

È«¾Ö¿ªÆôIPv6¹¦ÄÜ [R1]int g 0/0/0

[R1-GigabitEthernet0/0/0]ipv6 enable ½Ó¿ÚÏ¿ªÆôIPv6¹¦ÄÜ

[R1-GigabitEthernet0/0/0]ipv6 address auto link-local ½Ó¿ÚÉÏÅäÖÃ×Ô¶¯Éú³ÉÁ´Â·±¾µØµØÖ·

[r1-GigabitEthernet0/0/0]ipv6 address 2001:3:fd:: 64 eui-64

ÅäÖÃEUI-64µØÖ· [R1]int g 0/0/0

[R1-GigabitEthernet0/0/0]ipv6 enable ½Ó¿ÚÏ¿ªÆôIPv6¹¦ÄÜ

[r1-GigabitEthernet0/0/0]ipv6 add 2031:0:130f::1 64 ÔÚ½Ó¿ÚÉÏÊÖ¹¤¾²Ì¬ÅäÖÃÈ«Çòµ¥²¥µØÖ· 8¡¢NAT ÃüÁî¸ñʽ£º [R1]int g 0/0/0

[R1-GigabitEthernet0/0/0]nat static global 202.169.10.5 inside 172.16.1.1 ¾²Ì¬NAT [r1]int g 0/0/1

[r1-GigabitEthernet0/0/1]nat server protocol tcp global current-interface www inside 192.168.1.1 www

¾²Ì¬PAT,ʹÓõ±Ç°½Ó¿ÚIP×÷NATÓ³Éä

[R1]nat address-group 1 202.169.10.50 202.169.10.60 ÅäÖÃNATµØÖ·³Ø [R1]acl 2001

[R1-acl-basic-2001]rule 5 permit source 172.16.1.0 0.0.0.255 ÅäÖ÷ÃÎÊ¿ØÖÆÁбí [R1]int g 0/0/0

[R1-GigabitEthernet0/0/0]nat outbound 2001 address-group 1 ÅäÖÃNAT Outbound [R1]acl 2001

[R1-acl-basic-2001]rule 5 permit source 172.16.1.0 0.0.0.255 [R1]int g 0/0/0

[R1-GigabitEthernet0/0/0]nat outbound 2001 ÅäÖÃNAT Easy ¨C IP£¬Ê¹ÓýӿڵÄIPµØÖ·×÷ΪNAT

9¡¢OSPF ÃüÁî¸ñʽ£º [Huawei]ospf 1

1´ú±í½ø³ÌºÅ£¬Èç¹ûûÓÐ×¢Ã÷£¬ÔòĬÈÏΪ½ø³Ì1 [Huawei-ospf-1]area 0 ÇøÓòID£¬ÅäÖÃΪÇøÓò0

[Huawei-ospf-1-area-0.0.0.0]network 1.1.1.0 0.0.0.255 ¾«È·ÇøÅäËùͨ¸æµÄÍø¶Î

10¡¢PAP£¬CHAP ÃüÁî¸ñʽ£º

R1]interface Serial 1/0/0

[R1-Serial1/0/0]ppp authentication-mode pap

ÅäÖÃPPPµÄPAPÈÏÖ¤£¬ÅäÖñ¾¶ËµÄPPPЭÒéÑéÖ¤·½Ê½ÎªPAP

[R2]interface Serial 1/0/0

[R2-Serial1/0/0]ppp pap local-user huawei password cipher hello ÅäÖ÷¢ËÍÕË»§huaweiÃÜÂëhelloµ½ÈÏÖ¤·½ [R1]interface Serial 1/0/0

[R1-Serial1/0/0]ppp authentication-mode chap

ÅäÖÃPPPµÄCHAPÈÏÖ¤£¬ÅäÖñ¾¶ËµÄPPPЭÒéÑéÖ¤·½Ê½ÎªCHAP [R1]aaa

[R1-aaa]local-user huawei password cipher hello [R1-aaa]local-user R1 service-type ppp

н¨¶Ô¶Ë±»ÈÏÖ¤·½ËùʹÓõÄÓû§ÃûΪhuaweiÃÜÂëΪhello [R2]interface Serial 1/0/0

[R2-Serial1/0/0]ppp chap user huawei

[R2-Serial1/0/0]ppp chap password cipher hello ½øÈë½Ó¿ÚģʽÏÂÅäÖ÷¢ËÍÕË»§huaweiÃÜÂëhelloµ½ÈÏÖ¤·½ 11¡¢RIP ÃüÁî¸ñʽ£º [R1]rip

ʹÓÃRIPÃüÁÆôЭÒé½ø³Ì£¬Ä¬ÈϽø³ÌºÅÊÇ1 [R1-rip-1]network 10.0.0.0 ÅäÖÃͨ¸æµÄÍø¶Î [R1-rip-1]version 2

ÅäÖÃRIPÔËÐеİ汾Ϊ2 14¡¢STP ÃüÁî¸ñʽ£º [S1]stp enable ½»»»»úÆôÓÃSTP [S1]stp mode stp

½«½»»»»úµÄSTPģʽ¸ü¸ÄΪÆÕͨÉú³ÉÊ÷STP [S1]stp priority 0 ÅäÖÃS1Ϊ¸ù½»»»»ú [S2]stp priority 4096

ÅäÖÃS2 ¸ùÍøÇÅÓÅÏȼ¶Îª4096 [S1]stp region-configuration ÅäÖÃMSTP£¬½øÈëMSTÓòÊÓͼ

[S1-mst-region]region-name huawei ÅäÖÃMSTÓòÃû

[S1-mst-region]revision-level 1 ÅäÖÃMSTPµÄÐÞ¶©¼¶±ðΪ1 [S1-mst-region]instance 1 vlan 10 Ö¸¶¨VLAN 10Ó³Éäµ½MSTI1 [S1-mst-region]instance 2 vlan 20 Ö¸¶¨VLAN 20Ó³Éäµ½MSTI2

[S1-mst-region]active region-configuration ¼¤»îMSTÓòÅäÖÃ

15¡¢Telnet ÃüÁî¸ñʽ£º

[Huawei]user-interface vty 0 4 ½øÈëVTY 0µ½4½Ó¿Ú

[Huawei-ui-vty0-4]authentication-mode password

Please configure the login password (maximum length 16):Huawei ÅäÖÃTELNETÃÜÂëΪhuawei

[Huawei-ui-vty0-4]user privilege level 1 Óû§¼¶±ðΪ1£¨¼à¿Ø¼¶£©

16¡¢VRRP ÃüÁî¸ñʽ£º

[R2]interface Ethernet 1/0/1

[R2-Ethernet1/0/1]vrrp vrid 1 virtual-ip 172.16.1.254 ´´½¨VRRP±¸·Ý×飬±¸·Ý×éºÅΪ1£¬ÐéÄâIPΪ172.16.1.254 [R2-Ethernet1/0/1]vrrp vrid 1 priority 120 ÅäÖÃÓÅÏȼ¶Îª120

[R2]interface Ethernet 1/0/1

[R2-Ethernet1/0/1]vrrp vrid 2 preempt-mode disable

ÅäÖÃÐéÄâ×é2ÖеÄÇÀռģʽΪ·ÇÇÀÕ¼·½Ê½£¬Ä¬ÈÏΪÇÀռģʽ [R2]interface Ethernet 1/0/1

[R2-Ethernet1/0/1]vrrp vrid 1 track interface GigabitEthernet 0/0/0 reduced 50 ÅäÖüàÊÓÉÏÐнӿڣ¬Èç´Ë½Ó¿Ú¶Ïµô£¬²Ã¼õÓÅÏȼ¶50 [R3]interface Ethernet 1/0/1

[R3-Ethernet1/0/1]vrrp vrid 1 authentication-mode md5 huawei ¶ÔVRRPÐéÄâ×é1ÅäÖýӿÚÈÏÖ¤£¬ÈÏÖ¤·½Ê½ÎªMD5£¬ÃÜÂëΪhuawei

17¡¢Ö¡ÖÐ¼Ì ÃüÁî¸ñʽ£º [r1]int s 1/0/0

[r1-Serial1/0/0] ip address 10.0.123.1 255.255.255.0 ÅäÖÃIPµØÖ·Óë×ÓÍøÑÚÂë [r1-Serial1/0/0]link-protocol fr

ʹÓö¯Ì¬Ó³É䣬ÅäÖÃÁ´Â·²ãЭÒéΪFR [r1-Serial1/0/0]fr inarp

ÔËÐÐÖ¡ÖмÌÄæÏòµØÖ·½âÎö¹¦ÄÜ×Ô¶¯Éú³ÉµØÖ·Ó³Éä±í£¬Ä¬ÈÏ¿ªÆô

18¡¢µ¥±Û·ÓÉ ÃüÁî¸ñʽ£º

[R1]interface GigabitEthernet0/0/1.1

[R1-GigabitEthernet0/0/1.1] ip address 192.168.1.254 255.255.255.0

[R1-GigabitEthernet0/0/1.1] dot1q termination vid 10 ÅäÖÃ×Ó½Ó¿Ú¶ÔÒ»²ãtag±¨ÎĵÄÖսṦÄÜ£¬VIDΪ10 [R1-GigabitEthernet0/0/1.1] arp broadcast enable

¿ªÆô×Ó½Ó¿ÚµÄARP¹ã²¥¹¦ÄÜ£¬Èç¹û²»ÅäÖøÄÃüÁ½«»áµ¼Ö¸Ã×Ó½Ó¿ÚÎÞ·¨Ö÷¶¯·¢ËÍARP¹ã²¥±¨ÎÄ£¬ÒÔ¼°ÏòÍâת·¢IP±¨ÎÄ

19¡¢VLAN ÃüÁî¸ñʽ£º [S1]vlan 10

[S1-vlan10]vlan 20 Ò»´Î´´½¨µ¥¸öVLAN

[S1-vlan10]description abc ÃèÊö»òÕßÃû³ÆµÄÒâ˼ [S2]vlan batch 30 40 ͬʱ´´½¨¶à¸öVLAN [S1]display vlan ²é¿´VLANÏà¹ØÐÅÏ¢

20¡¢AAA ÃüÁî¸ñʽ [Huawei]aaa ½øÈëAAAÊÓͼ

[Huawei-aaa]local-user huawei password cipher hello

ʹÓÃlocal-userÃüÁî´´½¨±¾µØÓû§ºÍÓû§¿ÚÁ²¢ÒÔÃÜÎÄ·½Ê½ÏÔʾÓû§¿ÚÁhuaweiΪÓû§Ãû£¬helloΪÃÜÂë¡£

[Huawei-aaa]local-user huawei service-type telnet ÅäÖñ¾µØÓû§µÄ½ÓÈëÀàÐÍΪtelnet

[Huawei-aaa]local-user huawei privilege level 3 ÅäÖñ¾µØÓû§µÄÓÅÏȼ¶Îª3

22¡¢Â·ÓɲßÂÔ ÃüÁî¸ñʽ

[R2]route-policy import-ospf permit node 10

н¨Ò»ÌõÃû³ÆΪimport-ospfµÄ·ÓɲßÂÔ£¬ÔÊÐí״̬£¬½ÚµãΪ10 [R2-route-policy] if-match acl 2000 ÅäÖ÷ÓɲßÂÔÇøÅäµÄACL·ÃÎÊ¿ØÖÆÁбí [R2-route-policy] apply cost 20 ÅäÖ÷ûºÏ´Ë·ÓɲßÂԵĿªÏúÉèÖÃΪ20

23¡¢Â·ÓÉÆ÷½»»»»ú³£ÓÃÃüÁî

[Huawei-GigabitEthernet0/0/0]return

ÔÚÈÎÒâģʽ϶¼¿ÉÒÔʹÓÃÕâÌõ£¨·µ»Ø£©ÃüÁîÍ˳öµ½Óû§ÊÓͼ [Huawei]sysname Huawei Ð޸ķÓÉÆ÷Ãû³Æ

[Huawei]display current-configuration ²é¿´Â·ÓÉÆ÷µ±Ç°ÅäÖÃ

[Huawei]display interface GigabitEthernet 0/0/0 ²é¿´Â·ÓÉÆ÷½Ó¿ÚµÄ״̬ÐÅÏ¢ save

±£´æ·ÓÉÆ÷µ±Ç°ÅäÖÃ

display ip interface brief ²é¿´½Ó¿ÚÓëIPÏà¹ØÕªÒªÐÅÏ¢

display ip routing-table ²é¿´Â·ÓɱíÐÅÏ¢