存档十一月 2019

路由器备份流程

路由器 备份配置文件
     一 从web 导出
     二 路由器ftp服务器导出
         ssh 192.168.0.2
         sys                    \\ 系统模式
         ftp server enable       \\ 打开ftp服务器
         电脑端 命令提示符
             cmd                   \\ 电脑端ftp连接 服务器命令
             ftp 192.168.0.2
             dir
             lcd c:/                 \\ 修改当前 本地目录为c盘根目录
             get aaa.cfg              \\ 下载  可以用于备份 路由器配置文件
         undo ftp server               \\ 关闭ftp服务器
 路由器导入备份流程
     一 不知道开机密码情况下:                 \\ Console口连接 选择serial   com3    9600 
         Ctrl+B                              \\ 重启开机进入BootROM菜单。用户需要输入初始密码 Admin@huawei 交换机为Admin@huawei.com
         4. Password Manager                  \\ 进入BootROM菜单后,选择第4项,进入Password Manager菜单
         2. Clear the console login password   \\ 选择第2项,清除Console登录密码。
         0. Return                              \\ 返回
         5. Reboot                               \\ 选择第5项,继续启动,即可不需要密码直接登录
         sys
         aaa
         local-user X1 password cipher admin@huawei
         local-user X1 service-type ssh terminal ftp http telnet
         local-user X1 ftp-directory flash:/
         local-user X1 privilege level 15                         \\ undo local-usr X1 可以删除X1用户
         interface g0/0/0
         ip address 192.168.254.1 24                                \\ 后设置电脑ip为192.168.254.254 进入 接步骤二
     二 已知网口配置及用户名密码:
         ssh 192.168.254.1    \\ 网线连接GE0口 电脑端自动获取到的ip为254.254 Huawei    99mi3d#u
         dir                   \\ 查看文件
         display startup        \\ 查看 启动状态 可以看到下次启动的状态
         display ftp-server      \\ 查看ftp服务器 状态
         system-view              \\ 系统视图
         ftp server enable         \\ 打开ftp 服务器 此时 ftp地址为 192.168.254.1
         aaa                        \\ 进入aaa 视图
         display this                \\ 查看当前配置 可以看到 哪些用户 开启ftp权限
         电脑端 命令提示符
             cmd                       \\ 电脑端ftp连接 服务器命令
             ftp 192.168.254.1          \\
             dir
             lcd c:/                      \\ 修改当前 本地目录为c盘根目录
             put vrpcfg2019.10.17.cfg      \\ 上传配置文件到 路由器    get aaa.cfg 下载到本地
         startup saved-configuration vrpcfg2019.10.17.cfg   \\ 修改下次启动时的配置文件 还原配置文件
         display startup                                     \\ 可查看到下次启动时候的配置文件
         reboot                                               \\ 重启
         n                                                     \\ 所有配置将保存到下一个启动配置。 继续? 选择 否
         y                                                      \\ 是否重新启动 选择 是
 路由器常用命令
     一 常用配置命令:
         display interface brief      查看接口信息
         display ip interface brief    查看接口ip信息
         display port vlan active
     二 电脑端ftp命令
         ftp 192.168.254.1
         lcd c:/             \\ 设置本地目录
         put a.txt             \\ ftp上传命令
         get a.txt              \\ ftp下载命令               
     三 路由器常用命令
         reset saved-configuration           \\ 恢复出厂设置
         display startup                      \\ 查看下次启动的配置
         display current-configuration         \\ 查看当前路由器的配置
         startup saved-configuration 10.30.cfg  \\ 调用 已保存的配置文件 之后重启  reboot  1N2Y
     四 console 
         华为ar5700交换机 Ctrl+B 进入 密码为 Admin@huawei.com
         华为ar2200路由器 Ctrl+B 进入 密码为 Admin@huawei

交换机配置文件详解

sysname CORESWITCH-00
 telnet server enable 
 ftp server enable
 dhcp enable
 dhcp snooping enable                           \\ 防止dhpc 攻击的 安全机制
 lldp enable                                     \\ 二层的链路状态信息
 undo portal url-encode enable                    \\ 关闭 url 编解码功能 默认开启
 interface MEth0/0/1                               \\ 配置 管理接口 可配置ip 只可以登录使用
 easy-operation dtls disable                        \\ dtls 加密功能   升级有关 关闭可以升级
 ecmp local-preference disable                       \\ 关闭 ecpm 本设备进入流量 优先转发 堆叠系统关闭
 loopback-detect auto disable                         \\ 自动检测环路功能 确定没有环路可以关闭 减少浪费系统资源
 set flow-change-ratio input-broadcast-detect disable  \\ 关闭 接口流量突变警告 入方向
 arp learning ip-network-cross enable                   \\ 跨网段arp学习功能 只能在配置恢复阶段可用 恢复后不能配置 
 arp anti-attack gateway-duplicate enable                \\ arp 放网关冲突 功能
 arp anti-attack packet-check sender-mac dst-mac          \\ arp报文合法性检查 源ip 目的ip
 stelnet server enable                            \\ ssh
 ssh client first-time enable                      \\ 开启ssh客户端首次认证
 rsa peer-public-key 192.168.40.4                   \\ rsa 编码格式 名字 进入 公共秘钥 视图
  public-key-code begin                              \\ 进入 公共秘钥 编辑视图
   30820109
     02820100                              
       BA69970B 8EBE16D6 36FAEEF2 D5091134 CCAD46EE 47AA1A51 775C6555 249CC5BD
       82DE5696 B14CD119 F191A05C 5037DC0D D4811581 05D38B93 1D683302 ECF48826
       6AF1ACD3 8BCA9369 74CF98C5 9382E7CC 7D30BF37 17D4931E 26854754 33AD9371
       4D45E9A9 DBD8419A EBCBA2E9 FD419727 76058256 43D89DA7 D67E595E FFD6EB8A
       752BC353 5840AF27 1FD78F09 65AABDA0 768251DB 6711E469 63468C43 5BA68DCB
       ABC43E19 8572E37A 3B225A2A F6B11E7D 40E1C5F6 AEFCE648 2D764293 515B2F44
       6B88CC36 A0039678 9F853A38 54C70F39 F1CC7F12 009A5FB4 EC3F4A2B F7FC0CC0
       2019EB18 2EAFF7C4 9DA1F02C 5BD888CC 5427A46B 4F24D463 634B8E33 C33B7A53
     0203
       010001
  public-key-code end                                    \\ 结束 公共秘钥编辑 视图
 peer-public-key end                                      \\ 结束 公共秘钥 视图
 ssh client 192.168.40.4 assign rsa-key 192.168.40.4
 user-interface console 0
 authentication-mode password
 set authentication password cipher abc123456
 user-interface vty 0 4
 authentication-mode aaa
 protocol inbound all                           \\ 配置 vty用户所支持的协议 默认为ssh all为telnet和ssh
 snmp-agent                                       \\ 开启snmp功能 系统会自动生成id    与网管平台互通 管理功能
 snmp-agent community read cipher abc123456        \\ 设置读团体名
 snmp-anent sys-info version v2c v3                 \\ 设置支持的版本 或all 配合snmp软件使用
 local-user huawei password irreversible-cipher abc123456
 local-user huawei privilege level 15
 local-user huawei ftp-directoy flash:/
 local-user huawei service-type http
 local-user admin password irreversible-cipher abc123456
 local-user admin privilege level 15
 local-user admin ftp-directory flash:/
 local-user admin service-type telnet ftp http ssh terminal
 radius-server template default                    \\ 创建 radius 模板  可以用于 认证 计费 等 修改默认模板defaul
     radius-server shared-key cipher abc123456      \\ 创建密码
 ospf
     import-route direct
     area0
         network 192.168.0.0 0.0.0.255
 stp instance 0 root primary                         \\ 生成树  指定生成树实例ID 设置跟交换机
 stp bpdu-protection                                  \\ 生成树 bpdu保护功能 边缘端口不参与生成树计算 bpdu报文是运行生成树交换机之间的 
 stp tc-protection                                     \\ 生成树 打开tc的保护开关   tc拓扑
 vlan batch 9 to 28 100 1001 to 1002 2001 to 2015 3015 to 3016 4000
 interface Vlanif4000
     description to-Router
     ip address 192.168.0.1 24
 interface Eth-Trunk0
     description To-Router
     port link-type trunk
     port trunk allow-pass vlan all
     undo port trunk allow-pass vlan 1
 interface g0/0/47
     eth-trunk 0
 interface g0/0/48
     eth-trunk 0
 interface Vlanif1
     ip address 192.168.2.1 24
 interface Vlanif10
     ip address 192.168.10.254 24
 interface Vlanif11
     ip address 192.168.11.254 24
 interface Vlanif12
     ip address 192.168.12.254 24
 interface Vlanif13
     ip address 192.168.13.254 24
 interface Vlanif14
     ip address 192.168.14.254 24
 interface Vlanif15
     ip address 192.168.15.254 24
 interface Vlanif16
     ip address 192.168.16.254 24
 interface Vlanif17                        
     ip address 192.168.17.254 24
 interface Vlanif18
     ip address 192.168.18.254 24
 interface Vlanif19
     ip address 192.168.19.254 24
 interface Vlanif20
     ip address 192.168.20.254 24
 interface Vlanif21
     ip address 192.168.21.254 24
 interface Vlanif22
     ip address 192.168.22.254 24
 interface Vlanif23
     ip address 192.168.23.254 24
 interface Vlanif24
     ip address 192.168.24.254 24
 interface Vlanif25                        
     ip address 192.168.25.254 24
 interface Vlanif26
     ip address 192.168.26.254 24
 interface Vlanif27
     ip address 192.168.27.254 24
 interface Vlanif28
     ip address 192.168.28.254 24
 interface Vlanif100
     ip address 192.168.100.254 24
 port-group group-member g0/0/2 to g0/0/4
     port link-type trunk
     port trunk allow-pass vlan 10 4000
     undo port trunk allow-pass vlan 1
 port-group group-member g0/0/5 to g0/0/12
     port link-type trunk
     port trunk allow-pass vlan all
     undo port trunk allow-pass vlan 1
 port-group group-member g0/0/21 to g0/0/22
     port link-type access                    
     port default vlan 100
 port-group group-member g0/0/23 to g0/0/24
     port link-type trunk                    
     port trunk allow-pass vlan all
 interface g0/0/25
     port link-type access
     port default vlan 3015
 interface g0/0/26
     port link-type access
     port default vlan 3016
 port-group group-member g0/0/27 to g0/0/39
     port link-type access
     port default vlan 100
 vlan 1002
     description AC To AP
 vlan 2001
     description G-1
 vlan 2002                                 
     description G-2
 vlan 2003
     description G-3
 vlan 2004
     description G-4
 vlan 2005
     description G-5
 vlan 2006
     description G-6
 vlan 2007
     description G-7
 vlan 2008
     description G-8
 vlan 2009
     description G-10-1
 vlan 2010
     description G-10-2
 vlan 2011
     description G-AFD
 vlan 2012
     description G-OMD
 vlan 2013
     description G-HR
 vlan 2014                                 
     description G-CFR
 vlan 2015
     description G-VIP
 interface Vlanif1001
     ip address 192.168.244.2 255.255.254.0
 interface Vlanif1002
     ip address 192.168.251.2 255.255.255.0
 interface Vlanif2001
     description G-1
     ip address 10.100.1.1 255.255.255.0
     dhcp select global                       
 interface Vlanif2002
     description G-2
     ip address 10.100.2.1 255.255.255.0
     dhcp select global
 interface Vlanif2003
     description G-3
     ip address 10.100.3.1 255.255.255.0
     dhcp select global
 interface Vlanif2004
     description G-4
     ip address 10.100.4.1 255.255.255.0
     dhcp select global
 interface Vlanif2005
     description G-5
     ip address 10.100.5.1 255.255.255.0
     dhcp select global
 interface Vlanif2006
     description G-6
     ip address 10.100.6.1 255.255.255.0      
     dhcp select global
 interface Vlanif2007
     description G-7
     ip address 10.100.7.1 255.255.255.0
     dhcp select global
 interface Vlanif2008
     description G-8
     ip address 10.100.8.1 255.255.255.0
     dhcp select global
 interface Vlanif2009
     description G-10-1
     ip address 10.100.9.1 255.255.255.0
     dhcp select global
 interface Vlanif2010
     description G-10-2
     ip address 10.100.10.1 255.255.255.0
     dhcp select global
 interface Vlanif2011
     description G-AFD                        
     ip address 10.100.11.1 255.255.255.0
     dhcp select global
 interface Vlanif2012
     description G-OMD
     ip address 10.100.12.1 255.255.255.0
     dhcp select global
 interface Vlanif2013
     description G-HR
     ip address 10.100.13.1 255.255.255.0
     dhcp select global
 interface Vlanif2014
     description G-CFR
     ip address 10.100.14.1 255.255.255.0
     dhcp select global
 interface Vlanif2015
     description G-VIP
     ip address 10.100.15.1 255.255.255.0
     dhcp select global
 interface Vlanif3015                      
     ip address 10.15.20.254 255.255.255.0
 interface Vlanif3016
     ip address 10.16.17.254 255.255.255.0
 ip pool G-1
     gateway-list 10.100.1.1
     network 10.100.1.0 mask 255.255.255.0
     excluded-ip-address 10.100.1.2 10.100.1.10
     dns-list 8.8.8.8 8.8.4.4
 ip pool G-2
     gateway-list 10.100.2.1
     network 10.100.2.0 mask 255.255.255.0
     excluded-ip-address 10.100.2.2 10.100.2.10
     dns-list 8.8.8.8 8.8.4.4
 ip pool G-3
     gateway-list 10.100.3.1
     network 10.100.3.0 mask 255.255.255.0
     excluded-ip-address 10.100.3.2 10.100.3.10
     dns-list 8.8.8.8 8.8.4.4
 ip pool G-4
     gateway-list 10.100.4.1                  
     network 10.100.4.0 mask 255.255.255.0
     excluded-ip-address 10.100.4.2 10.100.4.10
     dns-list 8.8.8.8 8.8.4.4
 ip pool G-5
     gateway-list 10.100.5.1
     network 10.100.5.0 mask 255.255.255.0
     excluded-ip-address 10.100.5.2 10.100.5.10
     dns-list 8.8.8.8 8.8.4.4
 ip pool G-6
     gateway-list 10.100.6.1
     network 10.100.6.0 mask 255.255.255.0
     excluded-ip-address 10.100.6.2 10.100.6.10
     dns-list 8.8.8.8 8.8.4.4
 ip pool G-7
     gateway-list 10.100.7.1
     network 10.100.7.0 mask 255.255.255.0
     excluded-ip-address 10.100.7.2 10.100.7.10
     dns-list 8.8.8.8 8.8.4.4
 ip pool G-8
     gateway-list 10.100.8.1
     network 10.100.8.0 mask 255.255.255.0
     excluded-ip-address 10.100.8.2 10.100.8.10
     dns-list 8.8.8.8 8.8.4.4
 ip pool G-10-1
     gateway-list 10.100.9.1
     network 10.100.9.0 mask 255.255.255.0
     excluded-ip-address 10.100.9.2 10.100.9.10
     dns-list 8.8.8.8 8.8.4.4
 ip pool G-10-2
     gateway-list 10.100.10.1                 
     network 10.100.10.0 mask 255.255.255.0
     excluded-ip-address 10.100.10.2 10.100.10.10
     dns-list 8.8.8.8 8.8.4.4
 ip pool G-AFD
     gateway-list 10.100.11.1
     network 10.100.11.0 mask 255.255.255.0
     excluded-ip-address 10.100.11.2 10.100.11.10
     dns-list 8.8.8.8 8.8.4.4
 ip pool G-OMD
     gateway-list 10.100.12.1
     network 10.100.12.0 mask 255.255.255.0
     excluded-ip-address 10.100.12.2 10.100.12.10
     dns-list 8.8.8.8 8.8.4.4
 ip pool G-HR
     gateway-list 10.100.13.1                 
     network 10.100.13.0 mask 255.255.255.0
     excluded-ip-address 10.100.13.2 10.100.13.10
     dns-list 8.8.8.8 8.8.4.4
 ip pool G-CFR
     gateway-list 10.100.14.1
     network 10.100.14.0 mask 255.255.255.0
     excluded-ip-address 10.100.14.2 10.100.14.10
     dns-list 8.8.8.8 8.8.4.4
 ip pool G-VIP
     gateway-list 10.100.15.1
     network 10.100.15.0 mask 255.255.255.0
     excluded-ip-address 10.100.15.2 10.100.15.10
     dns-list 8.8.8.8 8.8.4.4