(1)配置交换机的设备名称，管理vlan和telnet

//用户视图提示符

syster-view //进入系统视图

[HIUAWEI] sysname Switehl∥修改设备名称为SW1

[Switchl] vlan 5 //创建交换机管理 VLAN 5

[Switch1-VLAN5] management-vlan

[Switch1-VLAN5] quit

[Switchl] interface vlanif 5 //创建交换机管理VLAN的 VLANIF接口

[Switchl-vlanif5] ip address 10.10.1.1 24∥配置 VLANIF接口IP地址

[Switchl-vlanif5] quit

[Switchl] telnet server enable //Telnet默认是关闭的,需要打开

[Switchl] user-interface vty 0 4 ∥开启VTY线路模式

[Switchl-ui-vty0-4] protocol inbound telnet∥配 telnet置协议

[Switchl-ui-vty0-4] authentication-mode aaa //配置认证方式

[Switchl-ui-vty0-4]quit

[Switchl]aaa

[SwitchI-aaa] local-user admin password irreversible-cipher Hello@123 //配置用户名和密码,用户名不区分大小写,密码区分大小写

[Switchl-aaa] local-user admin privilege level 15∥将管理员的账号权限设置为15(最高)

[SwitchI-aaa]quit

[SwitchI ]quit

< Switchl>save

∥在用户视图下保存配置

(2)登录Telnet到交换机,出现用户视图提示符

C:\Documents and Settings\Administrator> telnet 10.10.1.1 //输入交换机管理IP

Login authentication

Usemame:admin //输入用户名和密码

Password:

Info: The max number of VTY users is 5, and the number

of current VTY users on line is 1.

The current login time is 2016-07-03 13: 33: 18+00:00.

∥用户视图命令行提示符

(3)配置交换机的接口，配置对象主要有接口隔离，速率，双工。

配置接口 GE1/0/1和GE1/0/2的端口隔离，实现二层数据隔离，三层数据互通。

< Switch1> system–view

[Switch1] port-isolate mode 12

[Switchl] interface gigabitethernet 1/0/1

[Switch1-GigabitEthernet1/0/1] port-isolate enable group 1

[Switch1-GigabitEthernet1/0/1] quit

[Switchl] interface gigabitethemet1/0/2

[Switch1-GigabitEthernet1/0/2] port-isolate enable group 1

[Switch1-GigabitEthernet1/0/2] quit

#配置以太网接口GE/0/1在自协商模式下协商速率为100Mb/

< Switch1> system-view

[Switchl] interface gigabitethernet 0/0/1

[Switch1-GigabitEthernet0/0/1] negotiation auto

[Switch1-GigabitEthernet0/0/1] auto speed 100

#配置以太网电接口GE0/0/1在自协商模式下双工模式为全双工模式

< SwitchI> system-view

[SwitchI] interface gigabitethernet 0/0/1

[Switch1-GigabitEthernet0/0/1] negotiation auto

(4)查看和配置MAC地址表，

display mac-address

#执行命令display interface vlanif5,显示 VLANIF接口的MAC地址

display interface vlanif 5

Vlanifs current state: DOWN

Line protocol current state: DOWN

Description:

Route Port, The Maximum Transmit Unit is 1500

Internet Address is 192.168.1.1/24

IP Sending Frames’ Format is PKTFMT ETHNT 2, Hardware address is 00e0-0987-

Current system time: 2016-07-03 13:33:09+08:00

Input bandwidth utilization:–

Output bandwidth utilization:–

#在MAC地址表中增加静态MAC地址表项,目的MAC地址为0001-0002-0003,vlan 5的报文，从接口 gigabitethernet0/0/5转发出去

[Switchl] mac-address static 0001-0002-0003 gigabitethernet 0/0/5 vlan 5

(5)#基于接口划分VLAN

system-view //进入交换机系统视图

[HUAWEI] sysname SwitchA //交换机命名

[SwitchA] vlan batch 2 //批量方式建立VLAN2

[SwitchA] interface gigabitethernet 0/0/1 //进入交换机接口视图

[SwitchA-GigabitEthernet0/0/1] port link-type access //配置接口类型

[SwitchA-GigabitEthernet0/0/1] port default vlan 2 //将接口加入VLAN2

[SwitchA-GigabitEthernet0/0/1] quit

[SwitchA] interface gigabitethernet 0/0/2 ∥在接口视图配置上联接口

[SwitchA-GigabitEthernet0/0/2] port link-type trunk //配置上联接口类型

[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 //通过VLAN2

[SwitchA-GigabitEthernet0/0/2] quit

(6)#基于MAC地址划分VLAN

system-view

[HUAWEI] sysname SwitchA

[SwitchA] vlan batch 2

[SwitchA] interface gigabitethernet 0/0/1 //在接口视图配置上联接口

[SwitchA-GigabitEthernet0/0/1] port link-type hybrid //配置上联接口类型

[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 2 //通过VLAN2

[SwitchA-GigabitEthernet0/0/1] quit

[SwitchA] interface gigabitethernet 0/0/2 //进入交换机接口视图

[SwitchA-GigabitEthernet0/0/2] port link-type hybrid //配置接口类型

SwitchA-GigabitEthernet0/0/2] port hybrid untagged vlan2 //将接口加入vlan2

[SwitchA-GigabitEthernet0/0/2] quit

[SwitchA]vlan 2

[SwitchA-vlan2] mac-vlan mac-address 22-22-22 //PC的MAC地址与VLAN2关联

[SwitchA-vlan2] quit

[SwitchA] interface gigabitethemnet 0/0/2

[SwitchA-GigabitEthernet0/0/2] mac-vlan enable //基于MAC地址启用接口

[SwitchA-GigabitEthernet0/0/2] quit

(7)配置stp

system-view

[HUAWEI] sysname SwitchA

[SwitchA] stp mode stp

配置根桥和备份根桥设备

#配置 Switcha为根桥

[Switcha] stp root primary

#配置 Switchb为备份根桥

[Switchb] stp root secondary

配置 Switcha的端口路径开销计算方法为华为计算方法, Switche、 Switch配置方法

[Switcha] stp pathcost-standard legacy

#配置 Switchc端口 Gigabitethernet0/0/1端口路径开销值为2000

[Switchc] stp pathcost-standard legacy

[switchc] interface gigabitethernet 0/0/1

[switchc-gigabitetherneto/0/1] stp cost 20000

[Switchc-gigabitethernet0/0/1] quit

启用STP,实现破除环路,将与PC机相连的端口设置为边缘端口并启用端口的文过滤功能

#配置 Switch端口 Gigabitetherner2为边缘端口并启用端口的BPDU报文过滤功能

[Switchb] interface gigarabitethemet0/02

[switchb-gigabitethereto/0/2] stp edged-port enable

[switchb-gigabitethemet0/0/2] stp bpdu-filter enable

[switchb-gigabite thereto/0/2] quit

#配置 Switchc端口 Gigabitethemet002为边缘端口并启用端口的BPDU报文过波功能

[SwitchC] interface glgabitethemet 0/0/2

[switchc-gigabitethemeto/0/2] stp edged- port enable

[switchc-gigabitethernet0/0/2] stp bpdu-filter enable

[switchc-gigabitethermeto/0/2] quit

设备全局启用STP,所有设备配置相同。

#设备 Switcha全局启用STP

[SwitchA]stp enable

检查配置结果

[SwitchA]display stp brief

查g0/0/1

[SwitchA]display stp interface gigabitethernet 0/0/1 brief

(8)配置SFTP

#配置SFTP服务器功能及参数

system-view

[Huawei] sysname SFTP Server

[FTP Server] rsa local-key-pair createThe key name will be: Host

RSA keys defined for Host already exist.

Confirm to replace them? (y/n)n]:y

The range of public key size is (512~2048).

NOTES: If the key modulus is less than 2048,

It will introduce potential security risks.

Input the bits in the modulus[default =2048]: 2048

Generating keys…

[SFTP Server] sftp server enable

#配置SSH用户登录的用户界面

[SFTP Server] user-interface vty 04

[SFTP Server-ui-vty0-4] authentication-mode aaa

[SFTP Server-ui-vty0-4] protocol inbound all

[SFTP Server-ui-vty0-4] user privilege level 15

[SFTP Server-ui-vty0-4] quit

#配置SSH用户

[SFTP Server] aaa

[SFTP Server-aaa] local-user user password

Please configure the login password(8-128)

It is recommended that the password consist of at least 2 types of characters, i

ncluding lowercase letters, uppercase letters, numerals and special characters

Please enter password:

Please confirm password:

[SFTP Server-aaa] local-user user privilege level 15

[SFTP Server-aaa] local-user user service-type ssh

[SFTP Server-aaa] local-user user ftp-directory flash:\autoconfig

[SFTP Server-aaa]quit

[SFTP Server]ssh user user authentication-type password

#配置SFTP服务器的IP地址

[SFTP Server] interface gigabitethernet

0/0/1

[SFTP Server-GigabitEthernet0/0/1] ip address 172.16.100.100 255.255.255.0

[SFTP Server-GigabitEthernet0/0/1] quit

#在SFTP服务器上配置缺省路由

[SFTP Server] ip route-static 0.0.0.0 0.0.0.0 172.16.100.1

步骤2:将配置文件、系统软件和补丁文件上传至SFTP服务器的工作目录hah

上(上传步骤略)

步骤3:配置DHCP服务器(以AR2220为例)

system-view

[Huawei] sysname DHCP Server

[DHCP Server] dhep enable

[DHCP Server] vlan 10

[DHCP Server-vlan10] quit

[DHCP Server] interface ethernet 1/0/1

DHCP Server-Ethernet1/0/1] port link-type hybrid

[DHCP Server-Ethernet1/0/1] port hybrid untagged vlan 10

[DHCP Server-Ethernet1/0/1] port hybrid pvid vlan 10

[DHCP Server-Ethernet1/0/1] quit

[DHCP Server] interface ethernet 1/0/2

[DHCP’Server-Ethernet1/0/2] port link-type hybrid

[DHCP Server-Ethernet1/0/2] port hybrid untagged vlan 10

[DHCP Server-Ethernet1/0/2] port hybrid pvid vlan 10

[DHCP Server-Ethernet1/0/2] quit

[DHCP Server] interface ethernet 1/0/3

[DHCPServer-Ethernet1/0/3] port link-type hybrid

[DHCP Server-Ethernet1/0/3] port hybrid untagged vlan 10

[DHCP Server-Ethernet1/0/3] port hybrid pvid vlan 10

[DHCP Server-Ethernet1/0/3] quit

[DHCP Server] interface gigabitEthernet 0/0/1

[DHCP Server-GigabitEthernet0/0/1] ip address 172.16.100.1 255.255.255.0

[DHCP Server-GigabitEthernet0/0/1] quit

[DHCP Server] interface vlanif 10

[DHCP Server-Vlanif10] ip address 172.16.200.100 255.255.255.0

[DHCP Server-Vlanif10] dhcp select global

[DHCP Server-Vlanif10] quit

[DHCP Server] ip pool auto-con fig

[DHCP Server-ip-pool-auto-config] network 172.16.200.0 255.255.255.0

[DHCP Server-ip-pool-auto-config] gateway-list 172.16.200.100

[DHCP Server-ip-pool-auto-config] option 67 ascii_ar V200R008 (C20&C30) cfg

[DHCP Server-ip-pool-auto-config] option 141 ascii user

[DHCP Server-ip-pool-auto-config] option 142 cipher huawei@123

[DHCP Server-ip-pool-auto-config] option 143 ip-address 172.16.100.100

[DHCPServer-ip-pool-auto-config]option145ascii vrpfile=auto V200R008

(c20&C30).cc;vrpver=-V200R008 (C20&C30;patchfile=ar V200R008 (C20&C30)

(9)静态路由

interface GigabitEthernet0/0/1 //接口视图配置R1的接口地址

ip address 10.1.1.1 255.255.255.0

interface GigabitEthernet0/0/2

address10.1.4.1 255.255.255.252

ip route-static 10.1.2.0 255.255.255.0 10.1.4.2 //系统视图配置R1到不同网段的静态

ip route-static 10.1.3.0 255.255.255.0 10.1.4.2

return

路由器R2配置文件如下。

interface GigabitEthernet0/0/1

接口视图配置R2的接口地址

ip addres10.1.2.1 255.255.255.0

interface GigabitEthernet0/0/2

address10.1.4.2 255.255.255.252

interface GigabitEthernet0/0/0

display routing-table protocol static

(10)ipv6

ipv6 //启用路由器IPv6报文转发能力

interface GigabitEthernet1/0/0

/在接口上启用IPv6功能

ipv6 enable

ipv6 address 1::164

interface GigabitEthernet2/0/0

ipv6 enable

ipv6 address 3:: 1 64

ipv6 route-static 2:: 64 3::1

/配置R1到2:64网段的静态路由

return

R2的相关配置如下。

ipv6

interface GigabitEthernet1/0/0

ipv6 enable

ipv6 address 2:: 1 64

interface GigabitEthernet2/0/0

ipv6 enable

ipv6 address 3:: 2 64

ipv6 route-static 1:: 64 3::2

配置R1到1:64网段的静态路由

retum

display ipv6 routing-table

(11)rip

配置路由器R1的RIP功能

[RI] rip

[R1-rip-1] network192.168.1.0

[RI-rip-l] quit

#配置路由器R2的RIP功能

[R2] rip

[R2-rip-1] network 192.168.1.0

[R2-rip-1] network 10.0.0.0

[R2-rip-1] quit

配置路由器R3的RIP功能

[R3]rip

[R3-rip-1]network172.16.0.0

[R3-ip-1]quit

display rip 1 route

[R1]rip

[R1-rip-1]version 2

[R1-rip-1]quit

(12)ISIS

isis[ process-i-id] 创建IS-IS进程并进入IS-IS视图

isis circuit-level[level-1 level-1-2|level-2] 设置接口的 Level级别,默认情况下,接口level为 level–1-2

network-entity net 设置网络实体名称

net格式为x….xx.xxxx.xxx.00,前面的“x-r

是区域地址,中间的12个“X”是路由器的System ID 最后的“00”是SEL

isis enable[process-id] 指定IS-IS的进程号,默认为1,IS-IS将通过该接口建立邻居、扩散LSP报文

display isis peer 查看IS-IS的邻居信息

display isis route 查看IS-IS的路由信息

(13)配置OSPF

#配置R路由器接口的IP地址

system-view

[Huawei] sysname RI

[R1] interface gigabitethernet 0/0/1

[RI-GigabitEthernet0/0/1] ip address 192.168.1.1 24

[R1-GigabitEthernet0/0/1] quit

[RI] interface gigabitethernet 0/0/2

[RI-GigabitEthernet0/0/2] ip address 192.168.2.124

[R1-GigabitEthernet0/0/2] quit

在路由器R1上配置OSPF基本功能

[R1] router id 1.1.1.1

[R1] ospf

[RI-ospf-1] area 0

[ospf-l-ara-0.0.0.0] network192.168.1.00.0.0.255

[R1-opf-1-area-0.0.0.0] quit

[RI-ospf-1] area 1

[ospf-l-ara-0.0.0.1] network192.168.1.00.0.0.255

[R1-opf-1-area-0.0.0.0] quit

ospf [process-id | router-id | router-id | vpn-instance vpn-instance-name] 启动OSPF进程,进入OS视图

area area-id 创建并进入OSPF区域视图

network ip-address wildcard-mask 配置区域所包含的网段

display ospf peer 查看OSPF邻居信息

display ospf routing 查看OSPF路由信息

(14)BGP

#配置各接口的P地址,配置R1,其他路由器各接口的IP地址与此配置一致

system-view

[RI] interface gigabitethernet 1/0/0

[R1-GigabitEthernet1/0/0] ip address 172.16.60.1

[R1-GigabitEthernet1/0/0] quit

配置IBGP连接,配置R2、R3、R4

[R2]bgp 65009

[R2-bgp] router-id 2.2.2.2

[R2-bgp] peer 9.1.1.2 as-number 65009

[R2-bgp] peer 9.1.3.2 as-number 65009

[R3]bgp65009

[R3-bgp] router-id 3.3.3.3

[R3-bgp] peer 9.1.3.1 as-number 65009

[R3-bgp] peer 9.1.2.2 as-number 65009

[R3-bgp] quit

BGP的相关命令

bgp{as-number-plain | as-number-dot} 启动BGP,指定本地AS编号,并进入BGP视图

router-id ipv4-address 配置BGP的 Router ID

peer{ipv4-address|ipv6-address} as-number{as-number-plain|as-number-dot} 创建BGP对等体

ipv4-family{unicast|multicast} 进入IPv4地址族视图