HCNA笔记华为路由器清空配置步骤:<R1>reset saved-configurationThis will delete the configuration in the flash memory.The device configurations will be erased to reconfigure.Are you sure? (y/n)[n]:yClear the configuration in the device successfully.<R1>reboot 重启设备Info: The system is comparing the configuration, please wait.Warning: All the configuration will be saved to the next startup configuration. Continue ? [y/n]:nSystem will reboot! Continue ? [y/n]:yInfo: system is rebooting ,please wait...华为IP 报头 MTU=1500的组成是 1472+8+20 也就是说ping数据的时候,大小要低于等于1472 才可以ping通[R] ping-a 加源地址-c ping的包个数-f 不分段-s 包大小-pping -f -s 1500 -c 100 12.1.1.2解释:ping 12.1.1.2 不分段,包大小为1500字节,ping包的个数为100个。
开启debug 命令<R2>terminal monitor<R2>terminal debugging这两条命令必须打开 然后在开启debug其它需要的命令如:<R2>debugging ip icmp 开启icmp的debug 命令<R2>undo debugging ip icmp 取消debug<R1>tracert -a 12.1.1.1 12.1.1.2 源地址为12.1.1.1Telnet 配置[R2]user-interface vty 0 4[R2-ui-vty0-4]authentication-mode password ?<cr> Please press ENTER to execute command[R2-ui-vty0-4]authentication-mode passwordPlease configure the login password (maximum length 16):huawei[R2-ui-vty0-4]set authentication password cipher ?STRING<1-16>/<56> Cipher text password[R2-ui-vty0-4]set authentication password cipher cisco[R2-ui-vty0-4]user privilege level 15测试:<R1>telnet 12.1.1.2 在>号下telnetaaa 模式[R2]aaa[R2-aaa]local-user tian password cipher cisco配置系统时间<R1>clock timezone UTC add 8 要先设置时区<R1>clock datetime 15:40:40 2016-06-14 在设置时间配置静态路由[R1]ip route-static 2.2.2.0 24 g0/0/0 12.1.1.2 出接口+吓一跳[R2]ip route-static 1.1.1.0 24 12.1.1.1 或者直接写下一跳IP查看路由表[R2]display ip routing-table protocol static或者 [R2]display ip routing-table[R2]ip route-static 9.9.9.0 24 12.1.1.1 preference 80 调整优先级,浮动路由[R1]display rip动态路由协议RIP:Routing Information ProtocolOSPF:Open Shortest Path FirstISIS:Intermediate System to Intermediate SystemBGP:Border Gateway ProtocolOSPF的配置[R1]ospf 1 router-id 1.1.1.1 /进入OSPF进程1,手工指定router-id [R1-ospf-1]area 0 /进入区域0[R1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0 /宣告主机[R1-ospf-1-area-0.0.0.0]network 123.1.1.0 0.0.0.255 /宣告网段[R1]display ospf interface /验证OSPF使能的接口[R1]display current-configuration configuration ospf /查看ospf配置[R1]display ospf peer brief /查看OSPF邻居状态[R1]display ospf routing /查看OSPF路由信息[R1]display ospf lsdb /查看LSDB数据库信息[R1]display ip routing-table protocol ospf /查看通过ospf学习到的路由[R1]display ospf abr-asbr /查看哪个路由器是ABR或ASBR [R1]display ospf peer邻居状态机down---Init(Attempt)---2way---ExStart----Exchange----Loading------Full重新启动OSPF的进程<R3>reset ospf processWarning: The OSPF process will be reset. Continue? [Y/N]:y单臂路由第一:交换机的配置[SW]vlan 10[SW]vlan 20[SW]int Ethernet0/0/10[SW-Ethernet0/0/10]port link-type acc[SW-Ethernet0/0/10]port default vlan 10[SW]int Ethernet0/0/20[SW-Ethernet0/0/10]port link-type acc[SW-Ethernet0/0/10]port default vlan 20首先要建立vlan 10 vlan 20 把相应的接口划入vlan中[SW]int e0/0/1[SW-Ethernet0/0/1]port link-type trunk[SW-Ethernet0/0/1]port trunk allow-pass vlan all将与路由器连接的接口设置为trunk 并允许相应的vlan通过,最好是全部vlan 都可以通过。
以上交换机就配置完毕...................................................................................第二:配置路由器[R1]int g0/0/1.10[R1-GigabitEthernet0/0/1.10]dot1q termination vid 10 vid要与子接口相同[R1-GigabitEthernet0/0/1.10]arp broadcast enable[R1-GigabitEthernet0/0/1.10]ip add 192.168.10.254 24[R1]int g0/0/1.20[R1-GigabitEthernet0/0/1.20]dot1q termination vid 20 vid要与子接口相同[R1-GigabitEthernet0/0/1.20]arp broadcast enable[R1-GigabitEthernet0/0/1.20]ip add 172.16.20.254 24以上路由器配置完毕------------------------------------------------------------------------测试连通性测试完毕,实验成功。
静态NAT第一:静态NAT配置[R1]interface g0/0/0[R1-GigabitEthernet0/0/0]nat static global 12.1.1.10 inside 192.168.10.1[R1-GigabitEthernet0/0/0]nat static global 12.1.1.20 inside 172.16.20.1[R1]ip route-static 0.0.0.0 0.0.0.0 12.1.1.2注意:NAT 是需要在公网出口上配置的,全局配置无效。
将内部的两个PC 地址转换成公网IP,为了让内部PC上网还要写一条默认路由出去。
验证:[R1]display nat staticNAT 服务器配置端口应用转换[R1-G0/0]nat server protocol tcp global 12.1.1.30 5678 inside 10.1.1.2 23把公网地址12.1.1.30的5678端口转换成内网10.1.1.2的23端口[R1]display nat server[R2]display nat session all动态NAT[R3]nat address-group 1 200.1.1.1 200.1.1.10 首先建立地址池[R3]acl 2000 写ACL匹配需要转换的网段或者地址[R3-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255[R3-acl-basic-2000]q[R3]int g0/0/0 进入接口调用ACL中的网段和定义的地址池[R3-GigabitEthernet0/0/0]nat outbound 2000 address-group 1 no-pat动态NAT 当地址池中的IP被用光后,就无法在转换其它地址,因此基本很少使用这种技术[R3]display nat address-group 1[R2]display nat session allNAPT网络地址端口转换NAPT允许多个内部地址映射到同一个公有地址的不同端口Easy IPEasy ip 允许将许多个内部地址映射到网关出接口地址上的不同端口[R2]acl 2000[R2-acl-basic-2000]rule 5 permit source192.168.0.0 0.0.255.255 或者是any [R2]int g0/0/2[R2-GigabitEthernet0/0/2]nat outbound 2000 进入接口调用[R2]display nat outbound acl 2000 验证NAT Outbound Information:--------------------------------------------------------------------------Interface Acl Address-group/IP/InterfaceType--------------------------------------------------------------------------GigabitEthernet0/0/2 2000 200.1.1.1 easyip--------------------------------------------------------------------------Total : 1[R2][R2]display nat session all广域网HDLC(High-Level Date Link Control)高级数据链路控制PPP (point to point protocol) 点对点协议PPP华为设备接口默认为ppp[R2]int Serial 1/0/0[R2-Serial1/0/0]link-protocol hdlc 把接口修改为HDLC协议HDLC 接口地址借用。