配置命令示例:
汇聚层交换机 Focus-SW2 <Huawei>sy Enter system view, return user view with Ctrl+Z. [Huawei]undo info-center enable Info: Information center is disabled. [Huawei]sysname Focus-SW2 [Focus-SW2]vlan batch 10 20 30 40 50 60 100 101 6 8 Info: This operation may take a few seconds. Please wait for a moment...done. [Focus-SW2]interface Vlanif 10 [Focus-SW2-Vlanif10]ip addr 192.168.10.253 24 [Focus-SW2-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.252 [Focus-SW2-Vlanif10]vrrp vrid 10 track interface g0/0/1 [Focus-SW2-Vlanif10]vrrp vrid 10 track interface g0/0/2 [Focus-SW2-Vlanif10]int vlan 20 [Focus-SW2-Vlanif20]ip addr 192.168.20.253 24 [Focus-SW2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.252 [Focus-SW2-Vlanif20]vrrp vrid 20 track interface g0/0/1 [Focus-SW2-Vlanif20]vrrp vrid 20 track interface g0/0/2 [Focus-SW2-Vlanif20]int vlan 30 [Focus-SW2-Vlanif30]ip addr 192.168.30.253 24 [Focus-SW2-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.252 [Focus-SW2-Vlanif30]vrrp vrid 30 track interface g0/0/1 [Focus-SW2-Vlanif30]vrrp vrid 30 track interface g0/0/2 [Focus-SW2-Vlanif30]int vlan 40 [Focus-SW2-Vlanif40]ip address 192.168.40.253 24 [Focus-SW2-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.252 [Focus-SW2-Vlanif40]vrrp vrid 40 priority 120 [Focus-SW2-Vlanif40]vrrp vrid 40 track interface g0/0/1 [Focus-SW2-Vlanif40]vrrp vrid 40 track interface g0/0/2 [Focus-SW2-Vlanif40]int vlan 50 [Focus-SW2-Vlanif50]ip addr 192.168.50.253 24 [Focus-SW2-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.252 [Focus-SW2-Vlanif50]vrrp vrid 50 priority 120 [Focus-SW2-Vlanif50]vrrp vrid 50 track interface g0/0/1 [Focus-SW2-Vlanif50]vrrp vrid 50 track interface g0/0/2 [Focus-SW2-Vlanif50]int vlan 60 [Focus-SW2-Vlanif60]ip addr 192.168.60.253 24 [Focus-SW2-Vlanif60]vrrp vrid 60 virtual-ip 192.168.60.252 [Focus-SW2-Vlanif60]vrrp vrid 60 priority 120 [Focus-SW2-Vlanif60]vrrp vrid 60 track interface g0/0/1 [Focus-SW2-Vlanif60]vrrp vrid 60 track interface g0/0/2 [Focus-SW2-Vlanif60]int vlan 6 [Focus-SW2-Vlanif6]ip address 192.168.6.2 24 [Focus-SW2-Vlanif6]int vlan 8 [Focus-SW2-Vlanif8]ip addr 192.168.8.2 24 [Focus-SW2-Vlanif8]q [Focus-SW2]int g0/0/1 [Focus-SW2-GigabitEthernet0/0/1]port link-type access [Focus-SW2-GigabitEthernet0/0/1]port default vlan 8 [Focus-SW2-GigabitEthernet0/0/1]int g0/0/2 [Focus-SW2-GigabitEthernet0/0/2]port link-type access [Focus-SW2-GigabitEthernet0/0/2]port default vlan 6 [Focus-SW2-GigabitEthernet0/0/2]q [Focus-SW2]int Eth-Trunk 1 [Focus-SW2-Eth-Trunk1]port link-type trunk [Focus-SW2-Eth-Trunk1]port trunk allow-pass vlan all [Focus-SW2-Eth-Trunk1]trunkport GigabitEthernet 0/0/3 Info: This operation may take a few seconds. Please wait for a moment...done. [Focus-SW2-Eth-Trunk1]trunkport GigabitEthernet 0/0/4 Info: This operation may take a few seconds. Please wait for a moment...done. [Focus-SW2-Eth-Trunk1]display eth-trunk 1 Eth-Trunk1's state information is: WorkingMode: NORMAL Hash arithmetic: According to SIP-XOR-DIP Least Active-linknumber: 1 Max Bandwidth-affected-linknumber: 8 Operate status: up Number Of Up Port In Trunk: 2 -------------------------------------------------------------------------------- PortName Status Weight GigabitEthernet0/0/3 Up 1 GigabitEthernet0/0/4 Up 1 [Focus-SW2]int g0/0/6 [Focus-SW2-GigabitEthernet0/0/6]port link-type trunk [Focus-SW2-GigabitEthernet0/0/6]port trunk allow-pass vlan all [Focus-SW2-GigabitEthernet0/0/6]int g0/0/7 [Focus-SW2-GigabitEthernet0/0/7]port link-type trunk [Focus-SW2-GigabitEthernet0/0/7]port trunk allow-pass vlan all [Focus-SW2-GigabitEthernet0/0/7]int g0/0/8 [Focus-SW2-GigabitEthernet0/0/8]port link-type trunk [Focus-SW2-GigabitEthernet0/0/8]port trunk allow-pass vlan all [Focus-SW2-GigabitEthernet0/0/8]int g0/0/9 [Focus-SW2-GigabitEthernet0/0/9]port link-type trunk [Focus-SW2-GigabitEthernet0/0/9]port trunk allow-pass vlan all [Focus-SW2-GigabitEthernet0/0/9]int g0/0/10 [Focus-SW2-GigabitEthernet0/0/10]port link-type trunk [Focus-SW2-GigabitEthernet0/0/10]port trunk allow-pass vlan all [Focus-SW2-GigabitEthernet0/0/10]int g0/0/11 [Focus-SW2-GigabitEthernet0/0/11]port link-type trunk [Focus-SW2-GigabitEthernet0/0/11]port trunk allow-pass vlan all [Focus-SW2-GigabitEthernet0/0/11]q [Focus-SW2]stp enable [Focus-SW2]stp region-configuration #进入mstp设置模式 [Focus-SW2-mst-region]region-name huawei #区域名称设置为huawei [Focus-SW2-mst-region]revision-level 5 #版本级别为5 [Focus-SW2-mst-region]instance 1 vlan 10 20 30 100 #定义实例1为vlan 10 20 30 100 [Focus-SW2-mst-region]instance 2 vlan 40 50 60 [Focus-SW2-mst-region]active region-configuration #对mstp设置保存 Info: This operation may take a few seconds. Please wait for a moment...done. [Focus-SW2-mst-region]display this # stp region-configuration region-name huawei revision-level 5 instance 1 vlan 10 20 30 100 instance 2 vlan 40 50 60 active region-configuration # return [Focus-SW2]stp instance 1 root secondary #定义本交换机为实例1的备选根 [Focus-SW2]stp instance 2 root primary #定义本交换机为实例2的根 [Focus-SW2]ospf 20 [Focus-SW2-ospf-20]area 0 [Focus-SW2-ospf-20-area-0.0.0.0]network 192.168.10.0 0.0.0.255 [Focus-SW2-ospf-20-area-0.0.0.0]network 192.168.20.0 0.0.0.255 [Focus-SW2-ospf-20-area-0.0.0.0]network 192.168.30.0 0.0.0.255 [Focus-SW2-ospf-20-area-0.0.0.0]network 192.168.40.0 0.0.0.255 [Focus-SW2-ospf-20-area-0.0.0.0]network 192.168.50.0 0.0.0.255 [Focus-SW2-ospf-20-area-0.0.0.0]network 192.168.60.0 0.0.0.255 [Focus-SW2-ospf-20-area-0.0.0.0]network 192.168.6.0 0.0.0.255 [Focus-SW2-ospf-20-area-0.0.0.0]network 192.168.8.0 0.0.0.255 [Focus-SW2-ospf-20-area-0.0.0.0]display this # area 0.0.0.0 network 192.168.10.0 0.0.0.255 network 192.168.20.0 0.0.0.255 network 192.168.30.0 0.0.0.255 network 192.168.40.0 0.0.0.255 network 192.168.50.0 0.0.0.255 network 192.168.60.0 0.0.0.255 network 192.168.6.0 0.0.0.255 network 192.168.8.0 0.0.0.255 # return [Focus-SW2-ospf-20-area-0.0.0.0]q [Focus-SW2-ospf-20]q [Focus-SW1]dhcp enable [Focus-SW1]int Vlanif 10 [Focus-SW1-Vlanif10]dhcp select interface [Focus-SW1-Vlanif10]dhcp server dns-list 192.168.200.4 [Focus-SW1-Vlanif10]dhcp server excluded-ip-address 192.168.10.254 Error:Only idle or expired IP address can be disabled. [Focus-SW1-Vlanif10]dhcp server excluded-ip-address 192.168.10.253 [Focus-SW1-Vlanif10]dhcp server excluded-ip-address 192.168.10.252 [Focus-SW1-Vlanif10]dhcp server lease day 2 [Focus-SW1-Vlanif10]display this # interface Vlanif10 ip address 192.168.10.254 255.255.255.0 vrrp vrid 10 virtual-ip 192.168.10.252 vrrp vrid 10 priority 120 vrrp vrid 10 track interface GigabitEthernet0/0/1 vrrp vrid 10 track interface GigabitEthernet0/0/2 dhcp select interface dhcp server excluded-ip-address 192.168.10.252 192.168.10.253 dhcp server dns-list 192.168.200.4 # return
接入层交换机 Access-SW1 <Huawei>system-view Enter system view, return user view with Ctrl+Z. [Huawei]un in en Info: Information center is disabled. [Huawei]sysname Access-SW1 [Access-SW1]vlan batch 10 20 30 40 50 60 100 101 Info: This operation may take a few seconds. Please wait for a moment...done. [Access-SW1]stp enable [Access-SW1]stp region-configuration [Access-SW1-mst-region]region-name huawei [Access-SW1-mst-region]revision-level 5 [Access-SW1-mst-region]instance 1 vlan 10 20 30 100 [Access-SW1-mst-region]instance 2 vlan 40 50 60 [Access-SW1-mst-region]active region-configuration Info: This operation may take a few seconds. Please wait for a moment...done. [Access-SW1-mst-region]display this # stp region-configuration region-name huawei revision-level 5 instance 1 vlan 10 20 30 100 instance 2 vlan 40 50 60 active region-configuration # return [Access-SW1-mst-region]q [Access-SW1]int e0/0/1 [Access-SW1-Ethernet0/0/1]port link-type trunk [Access-SW1-Ethernet0/0/1]port trunk allow-pass vlan all [Access-SW1-Ethernet0/0/1]int e0/0/2 [Access-SW1-Ethernet0/0/2]port link-type trunk [Access-SW1-Ethernet0/0/2]port trunk allow-pass vlan all [Access-SW1-Ethernet0/0/2]int e0/0/3 [Access-SW1-Ethernet0/0/3]port link-type a [Access-SW1-Ethernet0/0/3]port link-type access [Access-SW1-Ethernet0/0/3]port default vlan 10 [Access-SW1-Ethernet0/0/3]int e0/0/4 [Access-SW1-Ethernet0/0/4]port link-type access [Access-SW1-Ethernet0/0/4]port default vlan 10
AC <AC6605>sy Enter system view, return user view with Ctrl+Z. [AC6605]sysname AC1 [AC1]vlan batch 100 101 Info: This operation may take a few seconds. Please wait for a moment...done. [AC1]int Vlanif 100 [AC1-Vlanif100]ip address 192.168.100.1 24 [AC1-Vlanif100]q [AC1]dhcp enable Info: The operation may take a few seconds. Please wait for a moment.done. [AC1]int Vlanif 100 [AC1-Vlanif100]dhcp select global [AC1-Vlanif100]q [AC1]int Vlanif 101 [AC1-Vlanif101]ip address 192.168.101.1 24 [AC1-Vlanif101]dhcp select interface [AC1-Vlanif101]q [AC1]ip pool vlan100 Info: It is successful to create an IP address pool. [AC1-ip-pool-vlan100]gateway-list 192.168.100.254 [AC1-ip-pool-vlan100]network 192.168.100.0 [AC1-ip-pool-vlan100]dns-list 192.168.200.4 [AC1-ip-pool-vlan100]excluded-ip-address 192.168.100.1 [AC1-ip-pool-vlan100]q [AC1]wlan [AC1-wlan-view]ap-group name ap-huawei Info: This operation may take a few seconds. Please wait for a moment.done. [AC1-wlan-ap-group-ap-huawei]q
[AC1-wlan-view]re [AC1-wlan-view]regulatory-domain-profile na [AC1-wlan-view]regulatory-domain-profile name huawei-domain [AC1-wlan-regulate-domain-huawei-domain]co [AC1-wlan-regulate-domain-huawei-domain]copy-from [AC1-wlan-regulate-domain-huawei-domain]country-code CN Info: The current country code is same with the input country code. [AC1-wlan-regulate-domain-huawei-domain]q [AC1-wlan-view]ap-group name ap-huawei [AC1-wlan-ap-group-ap-huawei]regulatory-domain-profile huaweu-domain Warning: Modifying the country code will clear channel, power and antenna gain c onfigurations of the radio and reset the AP. Continue?[Y/N]:y Error: The binding profile does not exist. [AC1-wlan-ap-group-ap-huawei]q [AC1-wlan-view]q [AC1]capwap source interface Vlanif 101 [AC1]wlan [AC1-wlan-view]ap auth-mode mac-auth [AC1-wlan-view]ap-id 0 ap-mac 00e0-fc0c-61e0 [AC1-wlan-ap-0]ap-name area-1 [AC1-wlan-ap-0]ap-group ap-huawei Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to c ontinue? [Y/N]:y Info: This operation may take a few seconds. Please wait for a moment.. done. [AC1-wlan-ap-0]q [AC1-wlan-view]q [AC1]display ap all Info: This operation may take a few seconds. Please wait for a moment.done. Total AP information: idle : idle [1] -------------------------------------------------------------------------------- --- ID MAC Name Group IP Type State STA Uptime -------------------------------------------------------------------------------- --- 0 00e0-fc0c-61e0 area-1 ap-huawei - - idle 0 - -------------------------------------------------------------------------------- --- Total: 1 [AC1]int g0/0/1 [AC1-GigabitEthernet0/0/1]port link-type trunk [AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan all [AC1-GigabitEthernet0/0/1]q [AC1]display ap all Info: This operation may take a few seconds. Please wait for a moment.done. Total AP information: nor : normal [1] -------------------------------------------------------------------------------- ---------------- ID MAC Name Group IP Type State STA U ptime -------------------------------------------------------------------------------- ---------------- 0 00e0-fc0c-61e0 area-1 ap-huawei 192.168.101.253 AP6050DN nor 0 5 M:13S -------------------------------------------------------------------------------- ---------------- Total: 1 [AC1]wlan [AC1-wlan-view]security-profile name sec [AC1-wlan-sec-prof-sec]security wpa2 psk pass-phrase huawei@123 aes [AC1-wlan-sec-prof-sec]q [AC1-wlan-view]ssid-profile name ssid-1 [AC1-wlan-ssid-prof-ssid-1]ssid huawei Info: This operation may take a few seconds, please wait.done. [AC1-wlan-ssid-prof-ssid-1]q [AC1-wlan-view]vap-profile name vap-1 [AC1-wlan-vap-prof-vap-1]forward-mode tunnel Info: This operation may take a few seconds, please wait.done. [AC1-wlan-vap-prof-vap-1]service-vlan vlan-id 100 Info: This operation may take a few seconds, please wait.done. [AC1-wlan-vap-prof-vap-1]security-profile sec Info: This operation may take a few seconds, please wait.done. [AC1-wlan-vap-prof-vap-1]ssid-profile ssid-1 Info: This operation may take a few seconds, please wait.done. [AC1-wlan-vap-prof-vap-1]q [AC1-wlan-view]ap-group name ap-huawei [AC1-wlan-ap-group-ap-huawei]vap-profile vap-1 wlan 1 radio 0 Info: This operation may take a few seconds, please wait...done. [AC1-wlan-ap-group-ap-huawei]q [AC1-wlan-ap-group-ap-huawei]quit [AC1-wlan-view]q [AC1]dis ap all Info: This operation may take a few seconds. Please wait for a moment.done. Total AP information: nor : normal [1] -------------------------------------------------------------------------------- ---------------- ID MAC Name Group IP Type State STA U ptime -------------------------------------------------------------------------------- ---------------- 0 00e0-fc0c-61e0 area-1 ap-huawei 192.168.101.253 AP6050DN nor 0 1 9M:1S -------------------------------------------------------------------------------- ---------------- Total: 1
核心层路由器 [Core-R1]int g0/0/0 [Core-R1-GigabitEthernet0/0/0]display th [Core-R1-GigabitEthernet0/0/0]ip address 192.168.4.1 255.255.255.0 [Core-R1-GigabitEthernet0/0/0]int g0/0/1 [Core-R1-GigabitEthernet0/0/1]ip address 192.168.2.2 255.255.255.0 [Core-R1-GigabitEthernet0/0/1]int g2/0/1 [Core-R1-GigabitEthernet2/0/1]ip address 192.168.6.1 255.255.255.0 [Core-R1-GigabitEthernet2/0/1]int g2/0/0 [Core-R1-GigabitEthernet2/0/0]ip address 192.168.5.1 255.255.255.0 [Core-R1]ospf 30 [Core-R1-ospf-30]area 0 [Core-R1-ospf-30-area-0.0.0.0]network 192.168.2.0 0.0.0.255 [Core-R1-ospf-30-area-0.0.0.0]network 192.168.4.0 0.0.0.255 [Core-R1-ospf-30-area-0.0.0.0]network 192.168.5.0 0.0.0.255 [Core-R1-ospf-30-area-0.0.0.0]network 192.168.6.0 0.0.0.255 [Core-R1-ospf-30-area-0.0.0.0]display this # area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 192.168.4.0 0.0.0.255 network 192.168.5.0 0.0.0.255 network 192.168.6.0 0.0.0.255 # return [Core-R1-ospf-30-area-0.0.0.0]q [Core-R1-ospf-30]q
防火墙 <SRG>sy 20:25:59 2024/05/03 Enter system view, return user view with Ctrl+Z. [FW]sy FW1 20:27:05 2024/05/03 [FW1]int g0/0/0 20:30:23 2024/05/03 [FW1-GigabitEthernet0/0/0]ip addr 192.168.2.1 24 20:31:39 2024/05/03 Info: The DHCP server configuration on this interface will be deleted. [FW1]un in en 20:32:02 2024/05/03 Info: Information center is disabled [FW1-GigabitEthernet0/0/0]int g0/0/1 20:32:53 2024/05/03 [FW1-GigabitEthernet0/0/1]ip addr 192.168.3.1 24 20:33:05 2024/05/03 [FW1-GigabitEthernet0/0/1]int g0/0/2 20:33:15 2024/05/03 [FW1-GigabitEthernet0/0/2]ip addr 192.168.200.1 24 20:33:30 2024/05/03 [FW1-GigabitEthernet0/0/2]int g0/0/3 20:33:38 2024/05/03 [FW1-GigabitEthernet0/0/3]ip addr 200.10.10.1 30 20:33:56 2024/05/03 [FW1-GigabitEthernet0/0/3]q 20:34:02 2024/05/03 [FW1]firewall zone trust [FW1-zone-trust]add interface g0/0/0 20:34:33 2024/05/03 Info: The interface has been added to trust security zone. [FW1-zone-trust]add interface GigabitEthernet0/0/1 20:34:36 2024/05/03 [FW1-zone-trust]q 20:34:44 2024/05/03 [FW1]firewall zone untrust 20:34:51 2024/05/03 [FW1-zone-untrust]add interface g0/0/3 20:35:08 2024/05/03 [FW1-zone-untrust]q 20:35:10 2024/05/03 [FW1]firewall zone dmz 20:35:15 2024/05/03 [FW1-zone-dmz]add interface g0/0/2 20:35:21 2024/05/03 [FW1-zone-dmz]q 20:35:24 2024/05/03 [FW1]ospf 50 [FW1-ospf-50]area 0 22:52:59 2024/05/07 [FW1-ospf-50-area-0.0.0.0]network 192.168.2.0 0.0.0.255 [FW1-ospf-50-area-0.0.0.0]network 192.168.3.0 0.0.0.255 [FW1-ospf-50-area-0.0.0.0]network 192.168.200.0 0.0.0.255 [FW1-ospf-50-area-0.0.0.0]q [FW1-ospf-50]q [FW1]ip route-static 0.0.0.0 0 200.10.10.2 [FW1]policy interzone trust untrust outbound 20:58:49 2024/05/03 [FW1-policy-interzone-trust-untrust-outbound]policy 10 20:59:03 2024/05/03 [FW1-policy-interzone-trust-untrust-outbound-10]policy destination 200.10.0.0 0.0.255.255 21:02:05 2024/05/03 [FW1-policy-interzone-trust-untrust-outbound-10]policy source 192.168.0.0 0.0.255.255 21:03:10 2024/05/03 [FW1-policy-interzone-trust-untrust-outbound-10]action permit 21:03:32 2024/05/03 [FW1-policy-interzone-trust-untrust-outbound-10]display this 21:03:36 2024/05/03 # policy 10 action permit policy source 192.168.2.0 0.0.0.255 policy source 192.168.3.0 0.0.0.255 policy destination 200.10.10.0 0.0.0.3 # return [FW1-policy-interzone-trust-untrust-outbound-10]q [FW1-policy-interzone-trust-untrust-outbound]q [FW1]policy interzone dmz untrust inbound [FW1-policy-interzone-dmz-untrust-inbound]policy 10 [FW1-policy-interzone-dmz-untrust-inbound-10]policy source 200.10.0.0 0.0.255.255 [FW1-policy-interzone-dmz-untrust-inbound-10]policy destination 192.168.200.0 0.0.0.255 [FW1-policy-interzone-dmz-untrust-inbound-10]action permit [FW1-policy-interzone-dmz-untrust-inbound-10]display this # policy 10 action permit policy source 200.10.10.0 0.0.0.3 policy destination 192.168.200.0 0.0.0.255 # return [FW1-policy-interzone-dmz-untrust-inbound-10]q [FW1-policy-interzone-dmz-untrust-inbound]q [FW1]policy interzone trust dmz outbound [FW1-policy-interzone-trust-dmz-outbound]policy 10 [FW1-policy-interzone-trust-dmz-outbound-10]policy destination 192.168.200.0 0.0.0.255 [FW1-policy-interzone-trust-dmz-outbound-10]policy source 192.168.0.0 0.0.255.255 [FW1-policy-interzone-trust-dmz-outbound-10]action permit [FW1-policy-interzone-trust-dmz-outbound-10]display this # policy 10 action permit policy source 192.168.0.0 0.0.255.255 policy destination 192.168.200.0 0.0.0.255 # return [FW1-policy-interzone-trust-dmz-outbound-10]q 22:21:31 2024/05/06 [FW1-policy-interzone-trust-dmz-outbound]q [FW1]nat-policy interzone trust untrust outbound [FW1-nat-policy-interzone-trust-untrust-outbound]policy 10 [FW1-nat-policy-interzone-trust-untrust-outbound-10]policy source any [FW1-nat-policy-interzone-trust-untrust-outbound-10]action source-nat [FW1-nat-policy-interzone-trust-untrust-outbound-10]easy-ip g0/0/3 [FW1-nat-policy-interzone-trust-untrust-outbound-10]q [FW1-nat-policy-interzone-trust-untrust-outbound]q