H3C路由器配置命令手册.docx

H3C路由器配置命令手册常用命令1.查看当前配置使用displaycurrent-configuration命令显示系统当前运行的配置，由于我们使用的设备以及模块不同，操作时显示的具体内容也会有所不同。<H3C>displaycurrent-configuration<H3c>dscurrent-configuration使用空格键可以继续翻页显示，<ENTER>键翻行显示，<CTRL+C>结束显示。2.显示接口IP状态与配置信息<H3C>displayipinterfacebrief<H3c>ds ip interface brief “down: administratively down (s): spoofingInterfaceGigabitEthernetO/O/OGigabitEthernetO/O/1GigabitEthernetO/O/2GigabitEthernetO/O/3SerialO/l/OSerialO/1/1Serial0l2Seri al0/1/3<H3C>Physical down down down down down down down downOOcotownwnwnwnwnwnwnwn oooooooo PddddddddIP Address unassigned unassigned unassigned unassigned unassigned unassigned unassigned unassignedDescription GigabitEt. GigabitEt. GigabitEt. GigabitEt. SerialOl. SerialOl. SerialOl. SerialO/!.Telnet远程登录192.168.1.1/24 GOAVO RTl192.168.1.2/24GOVOL把两台路由器的接口ip地址先配好：<RTl>system-viewRT1interfaceg0/0/0RTl-GigabitEthernetO/O/Oipaddress192.168.1.124<RT2>system-viewRT2interfaceg0/0/0RT2-GigabitEthernetOOOipaddress192.168.1.2242.在RTl上配置telnet 有两种:设置密码登陆RTllteInet server enableRTl user-interface vty 0 4开启Telnet服务进入VTY线路,允许0到4, 5个用户 同时Telnet这台设备RTl-ui-vtyO-4authentication-modePaSSWOrd服务器认证类型为密码RTl-ui-vtyO-4setauthenticationpasswordsimple123设置密码设置登陆级别权限RTl-ui-vtyO-4userprivilegelevel3设置用户名，密码登陆RTltelnetserverenableRT1Iocal-Userwangyu设置一个用户名wangyuRTl-Iuser-WangyuJpasswordsimple123设置密码为明文123RTl-Iuser-Wangyuauthorization-attributelevel1设置权限RTl-Iuser-Wangyuservice-typetelnet服务方式是TeInetRT1superpasswordlevel3simpleh3c超级密码，提升权限进入VTY线路RT1user-interfacevty04RTl-ui-vtyO-4authentication-modeschemeTelnet验证模式设为要用户名密码登陆配置VLAN（将一个大的局域网划分成逻辑的几个小的局域网，每个小局域网都是单独的广播域）1.创建VLAN并将相应的端口加入到该VLAN中SWlvlan10SWl-VlanlOporte4lSwi-VlanlOlquitSWlvlan20SWl-vlan20porte042SWl-vlan20quit2 .将交换机与交换机相连的端口设置为端口设置为TrUnk型10 20 允许 VIanl0, 20通过，也可设为vlan allSWlJinterfacee040SWl-Ethernet040portlink-typetrunkSWl-Ethernet040porttrunkpermitvlan3 .SW2配置SW2vlan10SW2-vlanlOporte4lSW2-vlanlOquitSW2vlan20SW2-vlan20porte042SW2-vlan20quitSW2interfaceeO4OSW2-Ethernet040portlink-typetrunkSW2-Ethernet040porttrunkpermitvlan1020【实验测试】查看配置信息<Switd>displayylanVLANfunctionisenabled.Total3YLANexist(s).一共有3个Vlan存在，缺省的是VIan 1Now,thefollovingVLANexist(s)：1(default),2,10+-VSWitd>displayy典2VLANID：2VLANType：staticRouteinterface：notconfiguredDescription： VLAN 0002Tagged Ports： noneVLAN中哪些端口打标签Ifatagsed Ports： EthernetlZOZl Ethernetl0Z3 Ethemetl/0/4VLAN中哪些端口不打标签<Switd> display interface ethernet 1 /0/1PVID： 1Mdi type： auto Port 1 ink-type ： accessTagged VUN ID : noneIfotagged VLAH ID ： 1当前端口的缺省VLAN当前端口链路类型为 ACCeSSPort priority： 0测试vlan间主机的通信:UPCS4> ping 192.168.1.10No gateway foundKJPCS4J> ping 192.168.2.10192.168.2.10192.168.2.10192.168.2.10192.168.2.10192.168.2.10icnp_seq=l icnp_seq=2 icmp_seq=3 icnp_seq=4 icnp_seq=5ttl=64 ttl=64 ttl=64 tt1=64 ttl=64time=30.001 ms tine=20.000 ns tine =40.001 s tine=40.000 ms time=40.000 ms链路聚合的配置（将多根物理线缆逻辑上捆绑成一根，以增加链路带宽，可靠性）1.SW1配置<SWl>system-viewSWUinterfaceBridge-Aggregation1创建链路聚合组SWllinterfaceeO/4/OSWl-Ethernet040portlink-aggregationgroup1将端口加入到聚合组中SWl-Ethernet040quitSWliinterfacee4lSWl-EthernetO/4/1portlink-aggregationgroup1SW1-Ethernet4lquit2.SW2配置<SW2>system-viewSW2interfaceBridge-Aggregation1SW2interfacee040SW2-Ethernet040portlink-aggregationgroup1SW2-Ethernet040quitSW2interfacee4lSW2-EthernetO4lJportlink-aggregationgroup1SW2-EthernetO4lquit【查看】1.查看链路聚合信息，主要看selectports部分：Displaylink-aggreationsumaryswldisplaylink-aggregationsummaryAggregationinterfaceType:BAGG-Bridge-Aggregation,RAGG-Route-AggregationAggregationMode:Sstatic,D-Dynamic1.oadsnaringType:Shar-Loadsharing,Nons-Non-LoadsharingActorsystemID：0x8000,000f-e200-0100AGGAGGPartnerIDinterfaceModeSelectPortsUnselectPortsshareTypeBAGGlSnone5W1O0NonsBAGGl:聚合端口ID为1S：聚合方式为静态聚合2：聚合组中包含2个聚合端口Shar：组中端口是负载分担类型2.查看具体哪些口加入组：displaylink-aggregationmember-portIswldisplaylink-aggregationmember-portFlags:A-LACP_Activity,B-LACP_TimeOUt,C-Aggregation,D-synchronization,E-Collecting,F-DiStributing,G-Defaulted,H-ExpiredCt挺rnet040Z>Aggrgal75Tnterface:Bridge-AggregationlPortNumber:1PortPriority:32768Oper-Key:1fiernet0/47Tr>grgaturrnterface:Bridge-AggregationlPortNumber:2PortPriority:32768IOPer-Key:工3.链路聚合组的验证配置完成之后，在PCl上执行Ping命令，并且不间断地发送ICMP报文，如下所示:UPCS1>Ping192.168.1.2-t192.168.1.2icmp.Seq=Itt1=64tine=750.001RS192.168.1.2icmp.seq=2tt1=64tine=580.001RS192.168.1.2icnp_seq=3tt1=64tine=630.000ms192.168.1.2icmp-seq=4ttl=64tine=680.001ns192.168.1.2icp-seq=5ttl=64tine=200.000ms192.168.1.2icmp-.seq=6tt1=64tine=210.000msDHCP（动态主机配置协议，以动态获取IP地址）192.168.2.1开启DHCP功能创建一个地址池名为1设置DHCP月艮务器可分配的网段及掩码为客户端分配网关地址 设置网络中的DNS服务器地址租约期为5天不可分配给客户端的IP为RT2设置一个静态路由1 .DHCP服务器RT2上的配置：RT2-GigabitEthernetOOOipaddress192.168.2.224RT2dhcpenableRT2dhcpserverip-pool1RT2-dhcp-pool-lnetwork192.168.1.024RT2-dhcp-pool-lgateway-list192.168.1.1RT2-dhcp-pool-ldns-list1.1.1.1RT2-dhcp-pool-lexpiredday5RT2dhcpserverforbidden-ip192.168.1.1192.168.1.124 192.168.2.1RT2iproute-static2 .DHCP中继上的配置：RTlinterfaceGigabitEthernet0/0/1RTl-GigabitEthernetOOlipaddress192.168.1.124RTl-GigabitEthernetOOlinterg000RTl-GigabitEthernetOOOipaddress192.168.2.124RTldhcpenable打开DHCP服务器功能RTldhcprelayserver-group1ip192.168.2.2在DHCP中继上标明DHCP服务器的位置RTlinterfaceGigabitEthernet0/0/1RTl-GigabitEthernetOOldhcpselectrelay打开接口的中继功能RTl-GigabitEthernetOOldhcprelayserver-select1将接口与DHCP服务器上的地址池进行关联3 .查看结果查看dhcp可用ip：disdhcpserverfree-ipUPCSi>showipNAMEUPCStlJIP/MASK0.0.0.0/0GATEWAY0.0.0.0DNSMAC00:50:79:66:68:00LPORT19029RHOST：PORT127.0.0.1:19018MTU：0UPCS1J>dhcpDORAIP192.168.1.3/24GW192.168.1.1UPCSU>showipNAME：UPCSUIP/MASK：192.168.1.3/24GfiTEWAV：192.168.1.1DNS：DHCPSERUER：192.168.1.1MAC：00:50:79:66:68:001.PORT：19029RHOST：PORT：127.0.0.1:19018MTU：1500DHCP服务器和客户端在同一网段配置RTlinterfaceGigabitEthernet0/0/0RTl-GigabitEthernetOOOipaddress192.168.1.124RTldhcpenable开启DHCP功能RTldhcpserverip-pool1创建一个地址池名字为1RTl-dhcp-pool-lnetwork192.168.1.0mask255.255.255.0/DHCP服务器可以分配的网段，以及网段的子网掩码RTldhcp-pool-lgateway-Hst192.168.Ll为客户端分配的网关地址RTl-dhcp-pool-ldns-list1.1.1.1网络中DNS服务器的地址（可选）RTl-dhcp-pool-lexpiredday5租约期为5天RTldhcpserverforbidden-ip192.168.1.3不可以分配给客户端的IP地址单臂路由和三层交换机Vlan 20Vlan 10vlan 30实现不同VLAH方间的通信单臂路由1 .交换机上的操作：SWlvlan10SWl-vlanlOportEthernet0/4/1SWlvlan20SWl-vlan20portEthernet0/4/2SWlvlan 30SWl-vlan30port Ethernet 0/4把相应的PC划分进相应的VLANSWlinterfaceEthernet0/4/0进入与路由器相连的接口E0/4/0SW1-Ethernet040portlink-typetrunk把交换机与路由器相连的接口配置为TRUNKSW1-Ethernet040porttrunkpermitvlanall允许所有VLAN通过2 .路由器上的操作：RT2interfaceGigabitEthernet0/0/0.10进入子接口G0/0/0.10RT2-GigabitEthernet000.10ipaddress192.168.1.124配置接口IP地址，即对应网段的PC的网关地址RT2-GigabitEthernet000.10vlan-typedotlqvid10标记这个子接口属于哪一个VLANRT2interg000.20RT2-GigabitEthernetOOO.2Oipaddress192.168.2.124RT2-GigabitEthernetOOO.2Ovlan-typedotlqvid20RT2intergOOO.3ORT2-GigabitEthernetOOO.3Oipaddress192.1683.124RT2-GigabitEthernet000.30vlan-typedotlqvid30通过在三层交换机上面起虚接口实现VLAN间路由SWlvlan10SWl-vlanlOportEthernet0/4/0SWlvlan20SWl-vlan20portEthernet0/4/1把相应PC划到相应VLAN中SWlvlan30SWl-vlan30portEthernet0/4/2SWlinterfaceVlan-interface10在交换机上起虚接口（VLAN口），VLAN10虚接口SWl-Vlan-interfacelOipaddress192.168.1.124配置上对应VLAN所属网段的网关SWlinterfaceVlan-interface20SWl-Vlan-interface20ipaddress192.168.2.124SWlinterfaceVlan-interface30SWl-Vlan-interface30ipaddress192.168.3.124起虚接口的条件：1 .在交换机上必须存在对应虚接口的VLAN否则虚接口创建不成功2 .在对应VLAN中必须存在一y*活跃的接口，否则虚接口状态为(down/down)或者3 .在交换机的TRUNK链路上允许对应的VLAN通过，否则虚接口状态(down/down)静态路由配置RT3 ip route-static 192.168.1.0 24 192.168. 2.1192.168.1.1192.168.1. 2 RTl. RT2 192.168.2.1 G WO% RT3RTll iD route-static 192.168.2.0 24 192.168.1.2192.168.2.21 .RT1:RTlinterfaceGigabitEthernet0/0/0RTl-GigabitEthernetOOOipaddress192.168.1.124RTliproute-static192.168.2.024192.168.1.2配置去往2.0网段的静态路由，下一跳接口是RT3上与RT2连接的接口2 .RT2:RT3interfaceGigabitEthernet0/0/0RT3-GigabitEthernetOOOipaddress192.168.1.224RT3intergO/O/1RT3-GigabitEthernetOOlipaddress192.168.2.1243 .RT3:RT4interfaceGigabitEthernet0/0/1RT4-GigabitEthernet00lipaddress192.168.2.224RT4iproute-static192.168.1.024192.168.2.1配置去往1.0网段的静态4 .实验结果直接RTlpingRT2能够ping通实验2:环回口的配置RTlinterfaceGigabitEthernet0/0/0RTl-GigabitEthernetOOOipaddress192.168.1.124RTlinterfaceLoopBack0在路由器上起环回口，相当于路由器身后的一台主机，永不会downRTl-LoopBackOipaddressl.l.l.l32给环回口配置IP地址RTliproute-static2.2.2.232192.168.1.2配置静态路由，去往RT6身后222.2环回口的RT2interfaceGigabitEthernet0/0/0RT2-GigabitEthernetOOOipaddress192.168.1.224RT2interfaceLoopBack0RT2-LoopBackOipaddress2.2.2.232RT2iproute-staticl.l.l.l32192.168.1.1【实验过程】1'实验之前先查看路由器的路由表RTlJdisplayiprouting-tableRoutingTables:PublicDestinations:2Routes:2Destinafion/MaskProtoPreCostNextHopInterface127.0.0.0/8Direct00127.0.0.1InLoopO127.0.0.1/32Direct00127.0.0.1InLoopORT1Proto：发现该路由的路由协议Pre：路由的优先级COSI：路由的度量值NextHop：此路由的下一跳地址Interface：出接口，即到该目的网段的数据包将从此接口发出以上输出可知，目前路由器只有目的地址127.0.0.0的路由，这是路由器的回环地址直连路由。2、为PC以及路由器的各接口配置IP地址，各地址如下图设备名称接口IP地址网关RTlG0/0/1192.168.1.1G0/0/0192.168.2.1RT2G0/0/0192.168.2.2G0/0/1192.168.3.1PCl192.168.1.2192.168.1.1PC2192.168.3.2192.168.3.1RTl<RT1>system-view进入到接口视图配置IP地址RTlinterfacegO/O/1RTl-GigabitEthernetOOlipaddress192.168.1.124RTl-GigabitEthernetOOlquitRTlinterfaceg000RTl-GigabitEthernetOOOipaddress192.168.2.124RTl-GigabitEthernetOOOquitRT2<RT2>system-viewRT2interfaceg000RT2-GigabitEthernet000ipaddress192.168.2.224RT2-GigabitEthernetOOOquitRT2interfacegO/O/1RT2-GigabitEthernetOOlipaddress192.168.3.124RT2-GigabitEthernetOOlquit3、查看路由表RT1displayiprouting-tableRoutingTables:PublicDestinations:6Routes:6Destination/MaskProtoPreCostNextHopInterface127.0.0.0/8Direct00127.0.0.1InLoopO127.0.0.1/32Direct00127.0.0.1InLoopO192.168.1.0/24Direct00192.168.1.1GEO/O/1192.168.1.1/32Direct00127.0.0.1InLoopO192.168.2.0/24Direct00192.168.2.1GEO/O/O192.168.2.1/32Direct00127.0.0.1InLoopORT1直连路由是由路由层协议发现的路由，链路层协议UP后，路由器会将其加入路由表中。如果我们关闭链路层协议，则相关直连路由也消失。以上信息可知，配置了IP地址之后配置了IP地址之后,RTl的路由表中就出现了相关的直连路由。二、配置静态路由1、分别用PClPing网关和PC2,查看可达性UPCS2>1MPCS11>ping192.168.1.1192.168.1192.168.1192.168.1192.168.1192.168.11 11 11icnp-seql icnp-,seq=2 icnp_seq=3 icnp-seq=4 icp-seq=5ttl=255 tt1=255 tt1=255 tt1=255 ttl=255tine=0.000 t ine =0.000 tine=0.000 tine=0.000 time=0.000msnsRSRSms小UPCS(1J>Pztng192.168.3.2192.168.3.2icnp_seci=lt±meou192.168.3.2icnp-seq=2tineout192.168.3.2ic>p_seq=3t±neou192.168.3.2icmp_seq=4imeou192.168.3.2icmp_seq=5t±neoutUPCS(1J>以上信息可知PCl可以ping通网关但是ping不通PC22、配置静态路由RTlRTliproute-static192.168.3.024192.168.2.2RT2RT2iproute-static192.168.1.024192.168.2.13、配置完成后在RTl上再次查看路由表,跟之前的路由表做一个对比看看有什么变化？RTlJdisiprouting-tableRoutingTables:PublicDestinations:7Routes:7DestinatonMaskProtoPreCostNextHop127.0.0.0/8127.0.0.1/32192.168.1.0/24192.168.1.1/32192.168.2.0/24192.168.2.1/32192.168.3.0/24Dl rect O Di rect O Di rect O D-i rect O Di rect O Di rect O Static 60OooooooInLoopOInLoopO.1GEO/O/1 InLoopO.1GEO/O/O InLoopO.2GEO/O/O127.0.0127.0.0192.168127.0.0192.168127.0.0192.168InterfaceRT1以上图中可知,路由表中多出了一条静态路由192.168.3.0/24优先级为60，度量值为0，下一跳地址为192.168.2.2，出接口为g/0/0。4、使用ping命令测试PCl和PC2是否连通WPCS1>Ping192.168.3.2192.168.3.2icp.-Seq=Itt1=62time=0.000RS192.168.3.2icp._seq=2tt1=62time=0.000ns192.168.3.2icp.seq=3tt1=62time=0.000RS192.168.3.2icnp.seq=4tt1=62tine=0.000RS192.168.3.2icp.seq=5tt1=62tine=0.000nsRIP的配置G 0/0/0G 0/0/0192.168. 1.071 2 RTl RT2 RT3RTl：RT1interfaceGigabitEthernetO/O/ORTl-GigabitEthernetOOOipaddress192.168.1.124RTlrip100开启RIP100进程RTl-rip-100network192.168.1.0宣告自身有的直连网段RTl-rip-100version2速用RIPv2RTl-rip-100undosummary关闭自动汇总功能RT2:RT2interfaceGigabitEthernet0/0/0RT2-GigabitEthernet000ipaddress192.168.1.224RT2interfaceGigabitEthernet0/0/12RT2-GigabitEthernet00lipaddress192.168.2.124RT2rip100RT2-rip-100network192.168.1.0RT2-rip-100network192.168.2.0RT2-rip-100version2RT2-rip-100undosummaryRT3:RT3interfaceGigabitEthernet0/0/1RT3-GigabitEthernet00lipaddress192.168.2.224RT3rip100RT3-rip-100network192.168.2.0RT3-rip-100version2RT3-rip-100undosummary【实验结果】IsSSmsmsmmme4444455555b22222m三5enUeCneqqqqqe'eeeeSssss6666655555S=NeSSSSSTeeeeebytytytytytytbbbbba1.ta22222d222226888882566666Illll2222228999996211111z68omomomomom911fffffg9yyyyyImnPGT1FRPpppp666RRRRRStdgmVgSiSVinesaPaCO/eln2tritm2)eSSkP8(Ci6ttarleePtCc%dpapaooun0/0/0G0V0G0/0/1R11PClPC2先给路由器的接口和PC配置IP地址设备名称接口IP地址网关RTlG0/0/1192.168.1.1G0/0/0192.168.2.1-RT2G0/0/0192.168.2.2G0/0/1192.168.3.1-PCl192.168.1.2192.168.1.1PC2192.168.3.2192.168.3.1杳看路由器的路由表，观察路由表项1.RTJLJCnSPlayiprourng-raoeRoutingTables:PublicDestinations:6Routes:6Destination/MaskProtoPrecostNextHopInterface127.0.0.0/8127.0.0.1/32192.168.1.0/24192.168.1.1/32192.168.2.0/24192.168.2.1/32Dlrect O Direct O Di rect O Di rect O Di rect O Direct OOooOoo127.0.0.1127.0.0.1192.168.1.1127.0.0.1192.168.2.1127.0.0.1InLoopO InLoopO GEOO1 InLoopO GEO/O/O InLoopORTll可以看到RTl路由表中没有到PC2所在网段192.16820/24的路由。所以当PCl发出大豹纹到RTl后RTl就丢弃并返回不可达信息给PCl。我们可以在路由器上配置RIP协议来解决这个问题。1.配置RIPRTl创建RIP进程并进入到RIP视图RTlrip指定全局的RIP版本RTl-rip-1version2关闭RIPV2自动路由聚合功能RTl-rip-lundosummary在指定网段接口上使能RIPRTl-rip-lnetwork192.168.1.0RTl-rip-lnetw