标签:
关闭RIP
[R1]rip
[R1-rip-1]silent-interface all--禁止发送OSPF报文
<R1>reset rip 1 configuration
路由备份/浮动静态路由 ECMP
]ip route-static 10.0.1.0 24 g0/0/0 10.0.10.1 preference 100
>debugging ip icmp
>terminal debugging //在终端显示debugging信息
默认路由
]ip route-static 0.0.0.0 0 g0/0/0 10.0.0.254
划分VLAN:
g0/0/1]port link-type access
g0/0/1]port default vlan ? //把端口划入某个VLAN,默认VLAN1
vlanxx]port g0/0/1 //把某个端口划入这个VLAN
批量创建VLAN //所有交换机都要创建相同的VLAN
]vlan batch 2 3 100 //创建VLAN ID为2,3,100的VLAN
配置trunk //如已经配置了vlan,需要清理掉该端口的vlan信息
g0/0/1]undo port default vlan //清理vlan ,直接回车,不需要加vlan号
g0/0/1]port link-type trunk
g0/0/1]port trunk allow-pass vlan ? //如果放行所有可以直接输allow-pass vlan all
]clear configuration interface g0/0/1 //清理该端口所有配置,只有交换机有效,并且被清空配置的端口处于shutdown状态,需要手动启动。
g0/0/1]undo shutdown
STP
]stp mode stp //调整默认STP模式
]stp priority 0 //将某些设备设为根设备(可能成为根)
STP测试,需要三台设备,SW1-3,3台设备使用TRUNK连接,先创建VLAN 2 3,然后加上TRUNK,允许VLAN 2 3通过。设置G2,3口TRUNK。修改stp模式为传统stp(所有 设备都需要修改)。然后验证stp状态,display stp brief。STP状态先是DISCARDING(拥塞/不可用/丢弃),接着是LEARNING,最后变为FORWARDING(转发)。
STP即在有冗余线路的情况下,会自动保证所有设备都可以互连,并且没有环路。他会自动选出根设备,然后从可互连的端口选择出口连接到相邻设备,相邻设备再继续连接相邻设备。STP会每二秒发一次报文(BPDU),来判断当前线路及调整相应的线路状态,只有根设备才可以发送BPDU。先判断STP的优先级,再判断MAC地址,最后再选定根设备。display stp后可以看到本设备的stp状态,以及根设备的MAC地址和优先级。stp priority x--调整stp优先级。
stp root primary
stp priority 0 //效果一样
]display stp interface xx //可以看到BPDU数
stp必须有根设备,其他设备必须要根端口
rip
]dis rip 1
]dis rip 1 interface
]dis rip 1 neigh //思科没有
]dis rip 1 database //rip数据库中状态为rip-interface的是设备使能rip的接口//重要
10.0.0.0/8, cost 0, ClassfulSumm
10.0.1.0/24, cost 1, [A], nexthop 10.0.14.1
10.0.2.0/24, cost 2, [A], nexthop 10.0.14.1
10.0.3.0/24, cost 2, [A], nexthop 10.0.14.1
10.0.4.0/24, cost 0, [A], Rip-interface //端口使能rip,使能:rip能在此端口工作
10.0.14.0/24, cost 0, [A], Rip-interface //端口使能rip,使能:rip能在此端口工作
10.0.123.0/24, cost 1, [A], nexthop 10.0.14.1
10.1.0.0/23, cost NA, IfSumm
10.1.1.0/24, cost 0, [A], Rip-interface
]aaa
aaa]local-user admin/xxx password cipher xxx
INFO: Add a new user.
aaa]local-user admin/xxx service-type ppp/xxx //用于什么服务
s0/0/1]ppp authentication-mode pap/chap //pap=明文认证,chap=密文认证
s0/0/1]ppp pap/chap local-user admin/xxx password cipher xxx
trunk
g0/0/1]port link-type trunk
g0/0/1]port trunk allow-pass vlan all
子接口
]inter g0/0/1.10 //创建1端口下的子接口10
单臂路由()
方式:先将交换机端与路由器连接的接口设置为trunk,并允许所有VLAN通过。然后在路由设备上设置子接口,调整子接口的可接受VID模式及VID号:dot1q ter vid xx,再arp broadcast enable并设置对应IP地址。
环境:vlan 10 20
SW]interface g0/0/2 //此接口与路由连接
g0/0/2]port link-type trunk
g0/0/2]port trunk allow-pass vlan all //允许所有vlan通过
验证:
]dis port vlan active //可以看到接口2模式为trunk,并允许当前已创建的vlan id通过(打标签)
R1]interface g0/0/2.10 //增加子接口 //删除可用undo interface g0/0/2.10
2.10]dot1q termination vid 10 //允许vlan10通过
2.10]arp broadcast enable //使能arp
2.10]ip address xxx xx //设置子接口IP地址
验证:
]dis current interface g0/0/2.10
开启Telnet
]user-interface vty 0 4
vty0-4]authentication-mode password cr
输入密码 cr
NAT转换
]interface dialer 1
dialer 1]nat static global 外网地址 inside 内网地址 netmask 255.255.255.255
[R1-acl-adv-3001]rule 10 permit ip source 192.168.1.0 0.0.0.255 destination 10.1.1.0 0.0.0.255
[R1-acl-adv-3001]dis this
[V200R003C00]
#
acl number 3001
rule 10 permit ip source 192.168.1.0 0.0.0.255 destination 10.1.1.0 0.0.0.255
#
return
[R1-acl-adv-3001]q
[R1]ipsec proposal rogue
[R1-ipsec-proposal-rogue]encapsulation-mode tunnel
[R1-ipsec-proposal-rogue]esp authentication-algorithm sha1
[R1-ipsec-proposal-rogue]dis this
[V200R003C00]
#
ipsec proposal rogue
esp authentication-algorithm sha1
#
return
[R1]dis ipsec proposal
Number of proposals: 1
IPSec proposal name: rogue
Encapsulation mode: Tunnel
Transform : esp-new
ESP protocol : Authentication SHA1-HMAC-96
Encryption DES
[R2]acl 3001
[R2-acl-adv-3001]rule 10 permit ip source 10.1.1.0 0.0.0.255 destination 192.168
.1.0 0.0.0.255
[R2-acl-adv-3001]q
[R2]ipsec proposal rogue
[R2-ipsec-proposal-rogue]esp authentication-algorithm sha1
[R2-ipsec-proposal-rogue]q
[R2]dis ipsec proposal
Number of proposals: 1
IPSec proposal name: rogue
Encapsulation mode: Tunnel
Transform : esp-new
ESP protocol : Authentication SHA1-HMAC-96
Encryption DES
R1
ipsec policy IPSEC 10 manual
security acl 3001
proposal rogue
tunnel local 202.100.1.254 //本端出口IP
tunnel remote 61.100.1.254 //对端出口IP
sa spi inbound esp 2345 //这里的inbound就是对面的outbound
sa string-key inbound esp simple QYT
sa spi outbound esp 5432
sa string-key outbound esp simple QYT
R2
ipsec policy IPSEC 10 manual
security acl 3001
proposal rogue
tunnel local 61.100.1.254
tunnel remote 202.100.1.254
sa spi inbound esp 5432
sa string-key inbound esp simple QYT
sa spi outbound esp 2345
sa string-key outbound esp simple QYT
OSPF
[R1]ospf
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 10.0.1.0 0.0.0.255 //通配符掩码
[R1-ospf-1-area-0.0.0.0]network 10.0.123.0 0.0.0.255
[R1-ospf-1]dis this
[V200R003C00]
#
ospf 1
area 0.0.0.0
authentication-mode simple plain huawei //明文密码认证
network 10.0.1.0 0.0.0.255 //通造本地的路由以及使能OSPF接口的范围
network 10.0.123.0 0.0.0.255
#
return
[R1]display ospf peer brief //查看OSPF邻居关系
[R1]display ospf 1 lsdb //
OSPF-HCNP-LAB1
[R1]
#
area 0.0.0.1
network 11.1.1.1 0.0.0.0 //2层含义,1、使能OSPF;2、通告一个网段。
network 12.1.1.0 0.0.0.255
#
[R2-GigabitEthernet0/0/0]ospf enable 1 area 0.0.0.1 //可同样达到使端口能OSPF,只不过需要先手工启动area1
[R2]ospf 1
[R2-ospf-1]area 1
[R2]
<R1>reset ospf 1 process
[R1]ospf 1 router-id 0.0.0.1 //设置OSPF专属RID,方式一。
[R1]router id 0.0.0.1 //设置全局RID,可能包括OSPF、BGP等
HCNA学习笔记
标签:
原文地址:http://www.cnblogs.com/xddsq/p/5313989.html
