HCIA配置指导v1 - edu.funnet.net

Microsoft Word - HCIAv1.2-5-22.docx ....................................................................................................................... 10
OSPF ............................................................................................................ 17
DHCP ....................................................................................................... 20
STP ........................................................................................................................ 27
ACL Telnet ...................................................................................... 38
NAT .................................................................................................. 43
(EMMMMM
BGPMPLS VPNIPSEC)

2

IE NP
IE
NP NP
IE
NP IE
2012 12

IE IE
IE

4

1.2.
NP
NP
NP

IE
IE
VRRP
IE
1.3. NA
()
NA

NA OSPF 7
OSPF NAT
NA NA NP
NPNP(NA)
(NP IE)
1.4.
1.4.1.
24 8()8 4
4
2 20-22
2

6

1.4.3.

)

7
VISIO()+teamview()

8
1. Flash IOS PC

2. NVRAMNon-Volatile Random Access Memory RAM startup-config
3. RAMRandom Access Memory IOS IP ARP
running-config 4. ROMRead-only Memory POST
Bootstrap IOSROMMON
1. [Huawei]sysname R1 [R1]
2. [R1]header shell information "Welcome to the FUNNET to learning."

9
[R1]quit <R1>quit Configuration console exit, please press any key to log on Welcome to the FUNNET to learning.
3. Console
Console
2010
[R1-ui-console0]authentication-mode password [R1-ui-console0]set authentication password cipher Warning: The "password" authentication mode is not secure, and it is strongly
recommended to use "aaa" authentication mode. Enter Password(<8-128>): Confirm password:
[R1-ui-console0] idle-timeout 20 0 20 dis this
4. <R1>dir
5. <R1>display saved-configuration <R1>save
<R1>reset saved-configuration This will delete the configuration in the flash memory. The device configurations will be erased to reconfigure. Are you sure? (y/n)[n]:y
6. <R1>reboot
Info: The system is now comparing the configuration, please wait. Warning: All the configuration will be saved to the next startup configuration. Continue ? [y/n]:n System will reboot! Continue ? [y/n]:y

10
1. ip route-static 0.0.0.0 0.0.0.0 X.X.X.X 2.

TTL 3.
null 0

R3,R4,R51) 3.

sysname [] \\ interface loopback [0~ 2147483647] \\ loopback ip address [] [] \\ IP interface gigabitEtherent [//] \\ ip address [] [] \\ IP undo shutdown \\ ip route-static [] [] [] ip route-static 2.2.2.2 255.255.255.255 12.1.1.2 ip route-static 0.0.0.0 0.0.0.0 [] ip route-static 0.0.0.0 0.0.0.0 12.1.1.2 ip route [] [] [] ip route-static 10.1.0.0 255.255.252.0 12.1.1.2 ip route-static 10.1.0.0 255.255.252.0 NULL 0

1. ping 2. 23 R1
R1 23
3. R1 ping R2 loopback R1 2.2.2.2
R2 R2 R2 R2
R1ping 2.2.2.2

12

RIP RIPv1/2 30 255.255.255.255/224.0.0.9 180 16240
15 UDP 520 1 2 RIP RIP Silence-interface RIP Maximum load-balanceRIP
4 1

1. R1 R2 12.1.1.0/24 R2 R3 23.1.1.0/24 2. RIPv2 R1/R2/R3 loopback 10.1.0.0
network RIP RIPsummarry always R1/R2 10.0.0.0
3. R1/R2 10.0.0.0 R2 R1 10.1.0.0/22

13
4. R1 10.1.0.0/22 metric metric
6 5. R4 23.1.1.0 R4 R2
RIP R4 23.1.1.0 Silent-interface 6. R1 1.0.0.0 network R2 R3 R4
1.0.0.0 R1 R2 R3 R4 7. R2 R4 RIP R2 34.1.1.0
RIP

RIP rip 1 RIP 1 version 2 RIP 2 1 summary-always network [] RIP RIP rip summary-address [] [] rip summary-address 172.16.0.0 255.255.248.0 RIP RIP silent-interface
RIP silent-interface g0/0/0 RIP silent-interface all RIP undo silent-interface g0/0/0 RIP maximum load-balancing

14

1. OSPF Router-id 2. IP
DR/BDR DR Designated Router BDRBackup Designated Router OSPF DR/BDR LSADR/BDR LSA DR LSA DR BDR DR
> Routerid DR BDR
1. Area-id 2. Hello and Dead IntervalHello Dead
3. Authentication
1. Down———— ospf hello
2. Attempt———

15
5. Exstart———— DBD DBD
6. Exchange——— DBD 7. Loading———— LSR LSA LSU
LSA
8. Full——————
1. 192.168.1.0/24 R1 1.1R2
1.2R1 loopback 1.1.1.1/32R2 2.2.2.2/32
2. loopback R5 5.5.5.5/32 Area 1
Area 0 up
OSPF 3. R1 debug ip ospf event R1 R2
R1 debug OSPF DR/BDR
debug R1 clear ip ospf process,
4. up R5 loopback 5.5.5.5 Area 1 R1
5.5.5.5 O IA 5.5.5.5. OSPF 5. R2 10.1.1.1 loopback network ospf R1
ping 10.1.1.1 ping

OSPF ospf [] router-id [router-id] Area [] network [] []
ospf 1 router-id 1.1.1.1 Area 0 network 192.168.1.0 0.0.0.255
OSPF import-route [] subnets subnet
ospf 1 OSPF
import-route static subnets OSPF default-route-advertise [always] // always always
display

16
display ospf peer
display this display ospf interface ospf display ospf lsdb ospf reset ospf process <huawei> ospf

17
COST
2. COST COST 1 serial COST 64 T1 100/1.544=64 10 E 100/10=10 1 F /E 100/100=1 1 GE 100/1000=1 1 Ten GE 100/10000=1 100
OSPF 3. OSPF AD Cisco 110 HUAWEI 10 150

18

1. IP OSPF IP OSPF
1 Router-ID R1 1.1.1.1
Loopback 2. R1 1.1.1.1 OSPF Area 1 R4 OSPF
1.1.1.1 OSPF R4 R1
1.1.1.1 OSPF Area 2 R1 R4 OSPF
1.1.1.1 R4 3. R1 1.1.1.1 R4 OSPF
1.1.1.1 4. R4 R2 COST R4 1.1.1.1 R1
4.4.4.4

OSPF ospf [] router-id [router-id] Area [] network [] [] area []
ospf 1 router-id 1.1.1.1 network 192.168.1.0 0.0.0.255
OSPF import-route [] subnets subnet
ospf 1 OSPF
import-route static OSPF COSTinterface [//]
ospf cost [Metric] interface g0/0/0 ospf cost 1 OSPF ospf [] bandwidth-reference [ref-bw] show dis ospf peer

19
dis ospf interface all ospf dis ospf lsdp ospf reset ospf process ospf

20
1. 1Client 1s/ DHCP Discover (
) 2. 2 DHCP Server
DNS DHCP Offer ( MAC
IP) 3. 3Client DHCP Offer Client Ping
Information
2 Ping
Client DHCP Request ( IP )
Request 4. 4 DHCP Request
() DHCP Ack ClientClient

DHCP IP DHCP server
server IP ( Relay ) server
DHCP OfferDHCP ACK

22
Server Server DHCP Ack Client
87.5% DHCP Request
Server DHCP Request DHCP Ack
Client DHCP Release
DHCP

1. PC1 DHCP 2. VLAN 10 DHCP

ip pool vlan10-pool // DHCP gateway-list 192.168.1.1 network 192.168.1.0 mask 255.255.255.0 dns-list 202.101.172.35 interface Vlanif10 // DHCP
ip address 192.168.1.1 255.255.255.0 dhcp select global
DHCP relay Interface vlan 10 Dhcp relay server-select dhcp1

23

Hub Switch

24
VLAN
1. 2. 3.
Native VLAN Native VLAN vlan 1 Native VLAN Native VLAN Trunk Vlan Native VLAN Trunk VLAN
VLAN 1,4094 VLAN
1 VLAN 2~1001 VLAN
1002~1005 FDDICiscoVLAN 1006~1024 VLAN 1025~4094
VLAN
VLAN 1,4094 VLAN
1 VLAN 2~4094 VLAN
Access: VLAN Access
1. VLAN TAG 2. VLAN TAG
Trunk: VLAN Trunk 1. VLAN TAG 2. Trunk VLAN TAG VLAN TAG 3. Native VLAN trunk VLAN TAG
Trunk 4. Trunk VLAN TAG Native VLAN
Native VLAN TAG GVRP VLAN Cisco 5 VLAN VTP VTP
1. Normal VLAN GVRP
VLAN VLAN NVRAM 2. Fixed VLAN GVRP VLAN
GVRP VLAN

25
VLAN VLAN NVRAM GVRP

1. 1 PC VLAN
PC VLAN ping Wireshake PC
, TAGaccess
VID 2. 2 VLAN
VLAN Trunk PC1 ping PC3
Wireshake Trunk 1
access VLAN 10 VLAN TAG 3. 2 PC VLAN
PC VLAN Trunk Trunk Switch 1 G0/0/0 GVRP Fixed Switch 2 G0/0/0 GVRP Normal Switch 1 VLAN 10/20/30 Switch 2
VLAN Switch 2 VLAN 40/50 Switch 1
VLAN GVRP VLAN
VLAN VLAN

VLAN vlan [1 ~ 1005] VLAN name [] VLAN int g0/0/1
port link-type access access
port default vlan [1 ~ 4096] VLAN
Trunk int g0/0/0
port link-type trunk trunk
port trunk allow-pass vlan [1 ~ 4096] VLAN (
VLAN 1) port trunk vlan [vlan ID] native vlan GVRP [Huawei]gvrp GVRP [Huawei-Etherent0/0/1]gvrp registration [normal/fixed/forbidden]
GVRP

26
display vlan VLAN display vlan [VLAN ID] VLAN
display vlan summary //VALNVLANVLAN

PC
PC PING:
General failure. PC1 192.168.1.10 ping 192.168.2.10 PC1 192.168.2.10 windows

27

BPDU
BPDU BPDU BPDU Bridge ID (BID); BIDBID

29
1. Bridge Priority 32768 0 ~ 65535
4096 2. MAC Address MAC
(RP)

STP 4
1. Blocking 2. Listening 3. Learning 4. Forwarding
STP

30
10^7/ STP
1. 1 VLAN ID

BPDU 2. STP 1

cost > BID > ID 3. STP
cost > BID > ID
4. AP
1. SW1 SW2 SW3 Root Bridge
Root PortDesignated PortBlocked Port 2. 3. 4. 5. Blocking

STP stp mode stp STP PVST+, MSTP dis stp brief //stp
stp priority [0-61440] // dis stp interface e0/0/1

31

FHRPHSRP VRRP

32
SVI (Switch Virtual interface) VLAN(
VLAN )
VLAN up : 1. VLAN 2. (Trunk OR Access ) VLAN
HSRP: HSRP . HSRP ,. HSRP
1. active 2. standby 3. . Virtual 4. HSRP
Hello 224.0.0.2. UDP=1985
3s

IP MAC

33
ARP IP MAC
ARP ( ARP ) MAC MAC
3 224.0.0.2 UDP 1985 Hello L2
1. ( Track )
Hello

VRRP: VRRP
( DOWN) HSRP VRRP HSRP VRRP Cisco IEEE 255 255 1

IP IP IP IP 224.0.0.2 Hello 224.0.0.18 Hello Hello 3 10 (/ Hello)
Hello 1 3 ( Hello)
FHRP HSRP ()down
() track SLA

34
FHRPSLAdownFHRP
SLA

1. 1 SW1 R1 IP
VLAN ping 2. 2 VRRP HSRP SW1 SW2
HSRP VRRP PC1 PC2
ping 3. 2 SW1 SW2 SVI R1 SW1
SW2 R1 OSPF 114 192 SW1 SW2 OSPF (passive-interface) Track VLAN 10 HSRP 10 ping 114 shutdown SW1
4. 3 Track & NQA VRRP 20 PC2 ping
114 shutdown R1 SW2

interface [] [] SVI
ip address [] [] IP standby [0 ~ 255] ip 192.168.1.254 IP standby [0 ~ 255] priority [0 ~ 255] 100
standby [0 ~ 255] preempt standby [0 ~ 255] authentication []
standby [0 ~ 255] timers [Hello timer] [holdtime] Hello Holdtime

standby [0 ~ 255] track [track object number] decrement [priority decrement] Track track [track object number] interface [] [] line-protocol Track
VRRP interface [] [] SVI
ip address [] [] IP vrrp vrid [0 ~ 255] vritual-ip 192.168.1.254 IP vrrp vrid [0 ~ 255] priority [0 ~ 255] 100
vrrp vrid [0 ~ 255] preempt VRRP vrrp vrid [0 ~ 255] track nqa track [NQA test name] [instance name] reduced
[priority (0~255)] TrackNQA vrrp vrid 10 track nqa jiance funnet reduced 30 //vrrp 10 track trackNQA jiance funnet
30 vrrp vrid [0~255] track interface [] [] reduced [priorty 0~255] Track,downvrrp30 vrrp vrid 10 track interface e0/0/1 reduced 30 //vrrp 10 e0/0/1
e0/0/1downvrrp30 Track&NQAvrrp VRRP
vrrp vrid [0 ~ 255] track nqa track [NQA test name] [instance name] reduced [priority (0~255)] NAQ nqa test-instance [test administrator name] [instance name] //NAQ+ test-type [] // frequency [1~604800] // s probe-count [1~15] // destination-address ipv4 [x.x.x.x] // start now //

36
NQA

Block
3. HSRP SVI HSRP
4. HSRP vlan HSRP HSRP 10
5. HSRP
6. PC ping ping ping

37
PC ping ping ping
ip routing

38
ACLdeny any
ACL
102030

3. deny
:,
ACL 1~99,1300~1999 ACL IP 100~199,2000~2699
ACL IP
ACL
ACL

39
ACL deny
ACL if
ACL ACL ACL
0 1 (8bit) bit
18 32
34 64

40
ACL : 1. 192.168.1.0/24 : permit 192.168.1.0 0.0.0.255 2. 192.168.1.0~192.168.7.255 permit 192.168.0.0 0.0.7.255 3. 192.168.16.0~192.168.31.255 permit 192.168.16.0
0.0.15.255 4. 192.168.64.0~192.168.63.255 permit 192.168.0.0
0.0.63.255 5. B (128.0.0.0~191.255.255.255)permit 128.0.0.0
63.255.255.255 6. C (192.0.0.0~223.255.255.255)deny 192.0.0.0
31.255.255.255 7. IP :permit 0.0.0.1 255.255.255.254 8. IP :permit 0.0.0.0 255.255.255.254 9.
ACL : 1. 192.168.1.0/24 192.168.2.0 IP :permit ip
192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 2. 192.168.1.1 192.168.2.1 ICMP permit
icmp 192.168.1.1 0.0.0.0 192.168.2.1 0.0.0.0 3. 192.168.1.1 192.168.2.1 ICMP-echo(ICMP
)permit icmp host 192.168.1.1 host 192.168.2.1 echo \\(host=0.0.0.0)
4. 192.168.1.1 192.168.2.1 telnet permit tcp tcp 192.168.1.1 0.0.0.0 192.168.2.1 0.0.0.0 eq telnet \\(eq telnet = eq 23)
ACL ACL ACL ACL : ACL ACL
ACL
ACL Telnet TCP 23

R11.1.1.1/32 2. 192.168.10.0/24 ACL
PC1 ping 3. R1 Telnet 192.168.30.0/24
4. R1 192.168.30.10 R1 telnet, ACL
R1
ACL [HUAWEI]acl 2000 [HUAWEI-acl-adv-2000] rule 10 deny source 192.168.30.1
[HUAWEI-acl-adv-2000]quit [HUAWEI]interface g0/0/0 [HUAWEI-GigabitEthernet0/0/0]traffic-filter inbound acl 2000 ACL
[HUAWEI]acl 3000 [HUAWEI-acl-adv-3000]rule 5 permit tcp source 192.168.30.10 0.0.0.0 destination 1.1.1.1 0.0.0.0 destination-port eq 23 R1
192.168.30.10 [HUAWEI]interface GigabitEthernet0/0/0
Telnet Telnettelnet server enable

[R1]telnet server enable [R1]user-interface vty 0 4 [R1-ui-vty0-4]protocol inbound all [R1-ui-vty0-4]authentication-mode password [R1-ui-vty0-4]set authentication password cipher huawei123
[switch]aaa [switch-aaa]local-user admin password simple admin //2admin
[switch-aaa]local-user admin privilege level 3 //3 [switch-aaa]local-user service-type telnet //telnet [switch-aaa]quit [switch]user-interface vty 0 4 [switch-user-vty0-4]authentication-mode aaa //aaa [switch-user-vty0-4]protocol bind all //
telnet/ftp/ssh [switch-user-vty0-4]quit
2. ACLACL 3. Telnet Telnet

43
()

1. R1R3 PC1 1 RIP ;R2R4
PC2 2 EIGRP R1R2R5 OSPF
2. R1 NAT PC1 114.114.114.114, NAT 3. R2 NAT (200.1.1.10~200.1.1.20) NAT
192.168.30.0/24 R4 loopback 10
192.168.20.10 PC2 loopback 10 114.114.114.114, NAT
4. R1 NAT NAT R1
NAT R2 NAT
114.114.114.114 R1 R2 NAT

45

NAT nat server global 12.1.1.100 inside 192.168.2.10 //
192.168.2.10 12.1.1.100 nat static enable [Huawei] nat static global 12.1.1.10 inside 192.168.1.10 netmask 255.255.255.255 NAT
[Huawei]nat address-group 1 12.1.1.10 12.1.1.18 NAT
acl number 2000 rule 1 permit source 192.168.1.0 0.0.0.255 NAT interface GigabitEthernet0/0/2 nat outbound 2000 address-group 1 no-pat
NATPAT no-pat NAT+PAT
acl number 2000 aclip rule 1 permit
interface GigabitEthernet0/0/2 ip address 100.1.1.1 255.255.255.0 nat outbound 2000 PAT loopback 0 [Huawei-GigabitEthernet0/0/2]nat outbound 2000 interface loopback 0 # display nat session NAT display nat mapping NAT debugging nat event NAT

46

Documents

HCIA配置指导v1 - edu.funnet.net