华为路由器交换机配置命令、管理、Layer2、Layer3、IGP

基础/管理配置：system-viewquitreturnundodisplay current-configurationdisplay thisdisplay this include-defaultsave/用户视图下rebootheader login information Hello,Welcome to Huawei!display hotkeylanguage-mode chinese | english history-command max-size VALUE display history-command all-users clock datetime HH:MM:SS YYYY-MM-DDclock timezone time-zone-name add | minus offset配置 Console:使用 AAA 验证： user-interface console 0 authentication-mode aaa quitaaalocal-user ADMIN123 password irreversible-cipher ADMIN123 local-user ADMIN123 service-type terminalquit使用密码验证：user-interface console 0authentication-mode passwordset authentication password cipher ADMIN123配置 VTY(Telent):telnet server enableaaalocal-user ADMIN123 password irreversible-cipher ADMIN123 local-user ADMIN123 privilege level 15local-user ADMIN123 service-type telnet quituser-interface maximum-vty 15user-interface vty 0 4user privilege level 15 authentication-mode aaa idle-timeout 10 0quit验证命令：display usersdisplay user-interface maximum-vtydisplay user-interface vty summarydisplay local-userdisplay vty mode配置 SSH:使用本地用户密码方式(可使用rsa密钥方式) system-viewrsa local-key-pair create/或 dsa local-key-pair create/display rsa local-key-pair public/display dsa local-key-pair public stelnet server enable ssh server timeout 60user-interface vty 0 4 authentication-mode aaa protocol inbound all | ssh/默认为 telnet 方式aaalocal-user CLIENT001 password irreversible-cipher CLIENT001local-user CLIENT001 privilege level 3 local-user CLIENT001 service-type ssh quitssh user CLIENT001 authentication-type passwordssh user CLIENT001 service-type stelnetdisplay ssh user-information display ssh server status display ssh server sessionssh client first-time enableWeb 网管(https):system-viewhttp server load defaulthttp secure-server enablehttp timeout xxxaaalocal-user NAME password irreversible-cipher PASSWORD local-user NAME privilege level LEVEL/级别在3 级以上具有管理权限 local-user NAME service-type httpdisplay http userdisplay http server配置管理 VLAN(L2 Switch):vlan 4000 name MGMT management-vlan/Vlanl不能配置为管理VLAN quitundo interface vlanifl只支持1个VLANIF接口，所以需要删除vlaniflinterface vlanif 4000ip address x.x.x.x y.y.y.ydisplay vlan/带有*的 VLAN 为管理 VLANDisplay 查看设备状态：display devicedisplay esndisplay versiondisplay powerdisplay power systemdisplay voltage all | slot SLOT-IDdisplay temperature all | slot SLOT-IDdisplay fandisplay fan-para all | slot SLOT-IDdisplay cpu-usage slave | slot SLOT-IDdisplay cpu-usage configuratoin slave | slot SLOT-IDdisplay memory-usage slave | slot SLOT-IDdisplay memory-usage threshold slot SLOT-IDdisplay environment versiondisplay thisdisplay this interfacedisplay system-macdisplay elabel chassis-id/slot-id/subcard-id brief display elabel backplane chassis chassis-iddisplay diagnostic-informationdisplay healthdisplay transceiver interface interface-type interface-number | slot slot-id verbose display spu-information硬件管理：reset slot slot-id all | master /复位单板slave restart /复位备用主控板display switchover stateslave switchover enable /使能主备倒换功能slave switchoverdisplay osp status startup osp SLOT-ID shutdown osp SLOT-ID force reset osp SLOT-IDpower on slot SLOT-ID power off slot SLOT-IDtransceiver phony-alarm-disable/关闭非华为定制光模块的告警功能display fabric-mode configuration/查看设备线速模式的配置set fabric-mode turbo all | chassis CHASSIS-ID /配置设备的线速模式为扩展模式,默认线速模式为普通模式信息中心(LOG):info-center enable/使能信息中心功能info-center timestamp log date | format-date | short-date precision-time second | tenth-second | millisecond | boot | none /配置 Log 信息的时间戳info-center logbuffer info-center logbuffer size LOGBUFFER-SIZE terminal logginginfo-center timestamp debugging date | format-date | short-date precision-time second | tenth-second | millisecond | boot | none /配置 Debug 信息的时间戳reset info-center statisticsreset logbufferdisplay info-center statistics display logbuffer配置 NTP:clock datetime HH:MM:SS YYYY-MM-DD ntp-service refclock-master IP-ADDRESS STRATUM 配置本地时钟作为NTP主时钟undo ntp-service ipv6 server disable使能设备作为NTP服务器的功能。为了防止外部设备同步设备的时钟，配置NTP的 相关命令后，设备自动去使能NTP服务器功能缺省情况下， NTP 服务器功能处于去使能状态ntp-service unicast-server ip-address version number | authentication-keyid key-id | source-interface interface-type interface-number | preference | vpn-instance vpn-instance-name | maxpoll max-number | minpoll min-number | burst | iburst | preempt | port port-number 配置指定IPv4地址的NTP服务器（单播模式）ntp-service sync-interval interval/配置客户端更新时间间隔，默认 600sntp-service source-interface interface-type interface-number vpn-instance vpn-instance-name display ntp-service status/查看 NTP 的状态信息配置 PoE:interface TYPE NUMBERpoe enable/或使能 lldp enable 自动配电poe max-power PORT-MAX-POWERpoe max-power MAX-POWER slot SLOT-ID/配置单板最大供电功率display poe-powerdisplay poe informationdisplay lldp localdisplay lldp neighbordisplay poe power-state接口配置：接口基础配置：set flow-stat interval interval-time/配置接口流量统计时间间隔display counters inbound | outbound interface x/x /查看接口的流量统计计数 reset counters interface xxx/清除指定接口的统计信息reset counters if-mib interface xxx /清除网管的接口流量统计信息clear configuration interface X/X/清除接口配置combo-port auto | copper | fiber 配置Combo接口工作模式undo portswitch配置接口切换到三层模式undo portswitch batch interface-type interface-number1 to interface-number2 & /配置接口批量切换到三层模式interface xxxjumboframe enable value 配置接口允许通过的最大帧长，最大9216字节。为指定value则为9216字节mdi across | auto | normal 配置以太网接口 MDI类型。默认为auto，即自动识别所连接网线的类型loopback internal /配置以太网接口的内环回检测功能。配置 Access 接口：interface GigabitEthernet0/0/1port link-type accessport default vlan 900stp bpdu-filter enablestp edged-port enable配置 Trunk 接口：interface GigabitEthernet1/8/1/22port link-type trunkport trunk allow-pass vlan 888 999 to 1000配置以太网子接口：interfacetype number.sub-numberip addressip-address mask | mask-length sub 配置以太网子接口的IP地址。dot1q termination vid low-pe-vid to high-pe-vid 配置子接口对一层Tag报文的终结功能qinq termination pe-vid pe-vid ce-vid ce-vid1 to ce-vid2 配置子接口对两层Tag报文的终结功能arp broadcast enable/使能子接口的 ARP 广播功能display interface type x/x.xdisplay dot1q information termination interface x/x.x查看配置了 dotlq终结的所有接口的名称以及终结子接口对用户报文终结的规则数量display qinq information termination interface x/x.x查看配置了 QinQ终结的所有接口的名称以及终结子接口对用户报文终结的规则数量配置 Eth-trunk 子接口：interface eth-trunk trunk-idquitinterface eth-trunktrunk-id.subnumberip ad dress ip-address mask | mask-length sub dot1q termination vid low-pe-vid to high-pe-vid qinq termination pe-vid pe-vid ce-vid ce-vid1 to ce-vid2 arp broadcast enabledisplay interface eth-trunk xxxdisplay dot1q information termination interface xxxdisplay qinq information termination interface xxx配置 loopback 接口：interface l oopback numberip binding vpn-instanceINSTANCEip address ip-address maskip verify source-addressdisplay interface l o opback number配置NULL接口：interface null 0/NULL接口一直处于UP状态，不能转发数据包，也不能配置IP地址或封装其他协议display interface null 0Layer2 配置：配置端口安全：mac-address static mac-address interface-type interface-number vlan vlan-id/添加静态 MAC 表项interface type numberport-security enable /使能端口安全功能port-security mac-address mac-address vlan vlan-id手工配置安全静态MAC地址表项port-security mac-address sticky使能接口 Sticky MAC功能port-security max-mac-num max-number配置端口安全动态MAC学习限制数量port-security protect-action protect | restrict | shutdown /配置端口安全保护动作。port-security aging-timetime type absolute | inactivity 配置接口学习到的安全动态MAC地址的老化时间，默认学习的安全动态MAC地址不 老化display mac-address security vlan vlan-id interface verbosedisplay mac-address sticky vlan vlan-id interface verbosedisplay mac-addressdisplay mac-address flapping recorddisplay mac-address blackholedisplay mac-address summary配置 Eth-Trunk:eth-trunk load-balance hash-mode advanced | normal slot slot-id配置X1E单板的hash模式，以便与其它单板组成跨板Eth-Trunk （X1E与比其规格高 单板为 advanced 模式）interface eth-trunktrunk-id取值范围是0127mode lacp配置Eth-trunk的工作模式，默认为手工负载分担模式trunkport type ifnumber1 to ifnumber2 & mode active | passive /增加成员接口或：进入相应成员接口添加interfaceinterface-type interface-numberet h -t r u n k trunk-id mode active | passive 将当前接口加入Eth-Trunk，每个Eth-Trunk接口下最多可以包含8个成员接口load-balance dst-ip | dst-mac | src-ip | src-mac | src-dst-ip | src-dst-mac 配置Eth-Trunk负载分担方式，默认为src-dst-iplocal-preference enable使能Eth-Trunk接口流量本地优先转发功能（集群），默认已使能lacp priority priority配置当前设备的系统LACP优先级。默认32768interfaceinterface-type interface-numberlacp priority priority配置当前接口的LACP优先级。默认32768增强型负载分担方式：system-viewload-balance-profileprofile-name /创建负载分担模板，并进入模板视图。设备全局公用一个负载分担模板l2 field dmac | l2-protocol | smac | sport | vlan 配置指定负载分担模板中二层报文的负载分担模式。缺省为smac、dmacipv4 field dip | l4-dport | l4-sport | protocol | sip | sport | vlan 配置指定负载分担模板中IPV4报文负载分担模式。缺省sip、dip。ipv6 field dip | l4-dport | l4-sport | protocol | sip | sport | vlan 配置指定负载分担模板中IPV6报文负载分担模式。缺省为sip、dipmpls field 2nd-label | dip | sip | sport | top-label | vlan 配置指定负载分担模板中的MPLS报文负载分担模式。缺省top-label、2nd-label quitinterface et h -t r u n k trunk-idload-balance enhanced profileprofile-name应用配置的负载分担模板以上针对已知单播：unknown-unicast load-balance dmac | smac | smacxordmac | enhanced /对于非已知单播，系统视图下执行此命令来配置其负载分担方式display eth-trunk trunk-id verbosedisplay trunkmembership eth-trunk trunk-iddisplay eth-trunk trunk-id load-balancedisplay load-balance-profile NAMEdisplay trunk configurationdisplay lacp statistics eth-trunk trunk-id查看LACP模式下的LACP报文收发统计信息collect forward-path sip source-ip-address dip destination-ip-address /查看指定流量的出入接口reset lacp statistics eth-trunk trunk-id清除LACP收发报文的统计信息配置 VLAN （vlanif）:vlan vlan-idvlan batch vlan-id1 to vlan-id2name NAME配置ACCESS接口：interface type numberport link-type accessport default vlan vlan-idquit配置Trunk接口：interface x/xport link-type trunkport trunk allow-pass vlan vlan-id1 to vlan-id2 将接口加入到指定的VLAN中（即在trunk链路上允许的VLAN,类似HP交换机） port trunk pvid vlan vlan-id配置trunk接口的缺省VLAN （本征VLAN）interface vlanifvlan-idip address ip-address mask | mask-length sub , mtu VALUE/需要重启接口以保证配置的 MTU 生效配置 VCMP (VTP):system-viewvcmp role transparent配置VCMP管理域中设备的角色display vcmp statusdisplay vcmp interface brief配置 STP/RSTP:stp enable使能交换机的STP/RSTP功能，默认启用stp mode stp | rstp 默认运行MSTP模式，兼容STP和RSTPstp root primary /secondary /primary的BID自动设为0，secondary的BID自动设为4096。不能更改stp priorityVALUE/默认为 32768stp pathcost-standard dot1d-1998 | dot1t | legacy 默认路径开销值的计算方法为IEEE 802.1t (dot1t)stp bridge-diameterdiameter/配置网络直径，默认直径为 7interface x/xstp cost VALUE/设置当前端口的路径开销值stp port priorityVALUE/配置端口的优先级，默认128display stp interface x/x | slotslot-id brief 配置 RSTP 端口保护：stp edged-port default /配置当前设备上所有端口为边缘端口，默认设备的所有端口为非边缘端口stp bpdu-filter default配置当前设备所有端口为BPDU filter端口。缺省设备的所有端口为非BPDU filter端口 interfacetype numberstp edged-port enable/将端口配置成边缘端口stp bpdu-filter enable /配置当前端口为 BPDU filter 端口stp bpdu-protection配置交换设备边缘端口的BPDU保护功能stp root-protection /配置交换设备的 Root 保护功能stp loop-protection配置交换设备根端口或Alternate端口的环路保护功能error-down auto-recovery cause bpdu-protection interval interval-value 使能端口自动恢复为Up的功能配置和其他厂商设备互通的参数：interface type number （参与 STP 的接口stp no-agreement-check/配置端口使用普通的快速迁移方式， 缺省使用增强的快速迁移机制display stp topology-change查看STP/RSTP拓扑变化相关的统计信息display stp interface x/x | slot slot-id tc-bpdu statistics/查看端口 TC/TCN 报文收发计数display stp interface x/x | slot slot-id brief 配置 MSTP:stp mode mstpstp region-configurationregion-nameNAME缺省情况下，MST域的域名等于交换设备主控板上管理网口的MAC地址instanceinstance-id vlan vlan-id1 to vlan-id2 配置多生成树实例和VLAN的映射关系或.vlan-mapping modulomodulo配置多生成树实例和VLAN按照缺省算法自动分配映射关系。缺省，MST域内所有的 VLAN 都映射到生成树实例 0revision-level level配置MST域的MSTP修订级别active region-configuration激活MST域的配置，使域名、VLAN映射表和MSTP修订级别生效stp instance instance-id root primarystp instance instance-id root secondarystp instance instance-id priority prioritystp pathcost-standard dotld-1998 | dotlt | legacy 表4 IEEE802.1t径开销列表STP路径开销4 Mbps25010 Mbps10016 Mbps62P 45 Mbps39100 Mbps19155 Mbps14f 622 Mbps61 Gbps410 Gbps2interfacetype numberstp instanceinstance-id cost coststp instanceinstance-id port priorityprioritydisplay stp region-configurationdisplay stp region-configuration digestLayer3 配置：IP 地址/ARP：arp static ip-address mac-address vid vlan-id interface x/x配置静态ARP表项reset arp清除ARP表项arp ip-conflict-detect enable使能IP地址冲突检测功能arp-ping ip ip-address测试IP地址是否已被使用，可透过禁Ping回复的防火墙i nterface type numberip addressip-address mask | mask-length arp-proxy enable使能接口的路由式ARP代理功能，默认关闭（没必要开启tcp min-mss mss-value全局，配置TCP连接的最小MSS值，默认216display arp interfacedisplay arp statisticsdisplay arp vpn-instance配置 DHCP：dhcp enable全局启用DHCP服务ip pool POOL1network 10.1.1.0 mask 255.255.255.128dns-list 10.1.1.2gateway-list 10.1.1.1 excluded-ip-address 10.1.1.2 excluded-ip-address 10.1.1.4lease day 1static-bind ip-address 10.1.1.4 mac-address dcd2-fc96-e4c0为静态DHCP客户端分配网络参数domain-name NAMEquitinterface vlanif 10ip address 10.1.1.1 255.255.255.128dhcp select global使能接口采用全局地址池的DHCP服务器功能dhcp select relay启动接口的DHCP中继功能dhcp relay server-ip 10.10.20.2reset dhcpreset ip pool display ip pool name NAME display dhcp server database display dhcp option template NAME display dhcp statisticsdisplay dhcp client statisticsdisplay dhcp relayIP 单播路由配置：配置静态路由：ip route-static network mask preference preference | tag tag * description text permanent track bfd-session name ip route-static vpn-instance name network mask preference preference | tag tag * description text ip route-static default-preferencepreference /配置静态路由的缺省优先级，默认为60ip route-static selection-rule relay-depth /配置静态路由按迭代深度进行优先选择，缺省不按迭代深度进行优选display ip routing-tabledisplay ip routing-table verbosedisplay bfd session all verbose ipv6 route-static配置静态路由+NQA：nqa test-instance admin-name test-name建立NQA测试例test-type icmpdestination-address ipv4 x.x.x.xfrequencyinterval /没有配置自动测试间隔，即只进行一次测试probe-countnumber /测试例一次测试的探针数目，缺省为3start now lifetimetime quitip route-static network mask * track nqa admin-name test-namedisplay nqa results collection test-instanceadmin-name test-name /查看 NQA 测试结果display nqa results配置静态路由+BFD：SwitchA#bfdquitbfdSWaa bind peer-ip 1.1.1.2discriminator local 10discriminator remote 20commitquitSwitchB#:bfdquitbfdSWbb bind peer-ip 1.1.1.1discriminator local 20discriminator remote 10commitquitSwitchA#:ip route-static 2.2.2.0 24 1.1.1.2 track bfd-session SWaadisplay bfd session alldisplay ip routing-table配置 RIP:rip process-id vpn-instancevpn-instance-name descriptiontextversion 2network network-addresspreference preference | route-policyroute-policy-name /设置 RIP 协议的优先级，缺省为100display rip process-id route display default-parameter rip/查看 RIP 的缺省配置信息配置RIP引入外部路由信息：rip process-id default-cost cost /设定引入路由的缺省度量值import-route bgp permit-ibgp cost cost | transparent | route-policy route-policy-name 或.import-route static | direct | unr | rip | ospf | isis process-id cost cost | route-policy route-policy-name filter-policy acl-number acl-name acl-name import interface-type interface-number 基于ACL过滤学到的路由信息，只有通过过滤的路由才能被加入本地路由表中 filter-policy acl-number | acl-name acl-name export interface-type interface-number 对引入的路由信息向外发布时进行过滤（指将引入的外部路由通过RIP进程通告出去）配置RIP与动态BFD联动特性：rip 1version 2network 2.0.0.0network 3.0.0.0bfd all-interfaces enablebfd all-interfaces min-tx 100 min-rx-interval 100 detect-multiplier 10配置 OSPF:ospf process-id | router-idrouter-id | vpn-instancevpn-instance-name enable log config | error | state | snmp-trap /使能日志信息bandwidth-reference value/配置带宽参考值，单位是 Mbit/smaximum load-balancingnumber/配置最大等价路由数量silent-interface all | interface-type interface-number 抑制接口接收和发送OSPF报文，接口的直连路由仍可以发布出去。不建邻居preference ase preference | route-policyroute-policy-name 配置OSPF协议的优先级，默认为10。ase表示设置AS-External路由的优先级，指定ASE 时，缺省为 150area area-idnetwork ip-address wildcard-maskvlink-peerrouter-id/创建虚连接stub no-summary 配置当前区域为STUB。no-summary禁止ABR向STUB区域内发送Type3 Summary LSAnssa default-route-advertise配置当前区域为NSSA区域default-route-advertiseabr-summary/配置 ABR 路由聚合asbr-summary/配置 ASBR 路由聚合filter-policyinterface interface-type interface-numberospf enable process-id area area-id/在接口级别，使能 OSPFospf network-type broadcast | nbma | p2mp | p2p /配置 OSPF 接口的网络类型ospf costcost/设置 OSPF 接口的开销值ospf timer hello intervalospf timer deadintervalreset ospf process-id redistribution重新引入路由display ospf process-id interfacedisplay ospf process-id peer命令查看OSPF邻居的信息display ospf process-id brief/命令查看 OSPF 的概要信息区域验证方式：ospf process-id area area-idauthentication-mode simple plainplain-text | cipher cipher-text /配置 OSPF 区域的验证模式（简单验证）。authentication-mode md5 | hmac-md5 | hmac-sha256 key-id plainplain-text | cipher cipher-text 配置OSPF区域的MD5/SHA验证模式authentication-mode keychain keychain-name /配置 OSPF 区域的 Keychain 验证模式（选择一种验证方式）接口验证方式：interface interface-type interface-numberospf authentication-mode simple plain plain-text | cipher cipher-text /配置 OSPF 区域的验证模式（简单验证）。ospf authentication-mode md5 | hmac-md5 | hmac-sha256 key-id plain plain-text | cipher cipher-text /配置 OSPF 区域的 MD5/SHA 验证模式ospf authentication-mode keychain keychain-name/配置 OSPF 区域的 Keychain 验证模式ospf authentication-mode null/不对 OSPF 接口进行验证配置 OSPF 引入外部路由：ospf process-id default cost cost-value | inherit-metric | limit limit | tag tag | type type /配置引入路由时的参数缺省值（路由度量、标记、类型）import-route limit limit-number | bgp permit-ibgp | direct | unr | rip process-id-rip | static | isis process-id-isis | ospf process-id-ospf cost cost | type type | tag tag | route-policy route-policy-name * /引入其它协议的路由信息配置 ISIS:isis process-id vpn-instance vpn-instance-name description textnetwork-entity 49.0000.0000.0001.00 /设置网络实体名称is-level level-1 | level-1-2 | level-2 /全局设置设备的 Level 级别，默认为 level-1-2preference preference | route-policy route-policy-name /配置 IS-IS 路由的优先级，默认为15cost-style narrow | wide | wide-compatible | narrow-compatible | compatible relax-spf-limit /设置 IS-IS 开销的类型，缺省为 narrowbandwidth-reference value配置计算带宽的参考值。单位是Mbit/sauto-cost enable/使能自动计算接口的开销值summary ip-address mask avoid-feedback | generate_null0_route | tag tag | level-1 | level-1-2 | level-2 /设置 IS-IS 生成聚合路由maximum load-balancing numberdefault-route-advertiseimport-route isis level-2 into level-1/ISIS 路由渗透filter-policyset-overload on-startup timeoutl |配置ISIS设备进入过载状态interface interface-type interface-numberisis enable process-id 使能IS-IS接口。IS-IS将通过该接口建立邻居、扩散LSP报文isis circuit-level level-1 | level-1-2 | level-2 设置接口的Level级别，默认为level-1-2isiscircuit-type p2p设置接口的网络类型为P2P，广播网络不用设置isis dis-prioritypriority level-1 | level-2 设置用来选举DIS的优先级，数值越大优先级越高isis silent advertise-zero-cost 配置IS-IS接口为抑制状态，只通告路由，不建邻居isis cost cost | maximum level-1 | level-2 设置IS-IS接口的开销isis timer hellohello-interval level-1 | level-2 配置接口上Hello报文发送间隔isis timer holding-multipliernumber level-1 | level-