HCNA Routing&Switching之vrp基礎
阿新 • • 發佈:2021-07-17
什麼是vrp?
vrp是Versatile Routing Platform的縮寫,翻譯成中文就是通用路由平臺,該平臺是華為公司具有完全自主智慧財產權的網路作業系統。可以執行在多種硬體平臺之上。擁有一致的網路介面、使用者介面和管理介面,提供了靈活豐富的應用解決方案,集成了路由交換技術、QoS技術、安全技術和IP語音技術等資料通訊功能。
vrp的歷史版本
常用的管理vrp系統的方式,以及各種方式的優缺點及應用場景
提示:通常管理vrp的方式有兩種,一種是本地管理,本地管理通常需要用console線連線裝置的console口,然後通過終端使用serial協議管理vrp;使用場景:適合初始化,故障恢復,系統升級,同時只能支援一個會話;另外一種就是通過IP地址或域名連線虛擬VTY口,使用Telnet或SSH協議,遠端連線vrp進行管理;使用場景:適合後期維護、異地管理,同時可以支援多個會話;
VRP基礎配置
在開始聊vrp的基礎配置之前,我們先補充一點命令列檢視的概念;什麼是檢視呢?我們可以理解為介面,每個介面配置的東西不一樣,比如我們要配置vlan就得先進入vlan的介面才可以配置,我們要配置某介面的引數,得進入到該接口才可以配置;預設情況裝置啟動進入到檢視是使用者檢視,該檢視下使用者可以操作的命令很少,多為一些查詢類的命令和一些不改變系統配置的命令;我們要做配置首先要進入到系統檢視,系統檢視中又有各種檢視,具體如下圖
檢視切換
示例:從使用者檢視切換到系統檢視
| 1 2 3 4 |
<Huawei>sys
<Huawei>system-viewEnter system view,returnuser view with Ctrl+Z.
[Huawei]
|
提示:vrp是支援命令補全的,我們可以敲TAB鍵即可;
示例:從系統檢視切換至使用者檢視
| 1 2 3 4 5 |
[Huawei]q
<Huawei>sys
Enter system view,returnuser view with Ctrl+Z.
[Huawei]
<Huawei>
|
提示:從系統檢視切換至使用者檢視我們可以使用quit命令,簡寫q;也可以使用快捷鍵Ctrl+z鍵直接從系統檢視退出到使用者檢視;
示例:從任意非使用者檢視返回到使用者檢視
| 1 2 3 4 5 6 7 8 9 10 |
<Huawei>sys
Enter system view,returnuser view with Ctrl+Z.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]quit
<Huawei>sys
Enter system view,returnuser view with Ctrl+Z.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]return
<Huawei>
|
提示:return可以從任意非使用者檢視直接返回到使用者檢視;quit只能一級一級的退出檢視;
命令列幫助
提示:問號的作用就是告訴我們能夠執行的命令,或者滿足以我們敲打打字串開頭的命令,或者是完全幫助裡的能夠執行的命令,或者命令後面能夠接到子命令或引數等;
示例:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
<Huawei>d?
debugging <Group> debuggingcommandgroup
delete Delete afile
dialer Dialer
dirList files on a filesystem
display Display information
<Huawei>dis
<Huawei>display h?
hdlc Information of HDLC
health System health information
history-commandConfiguration information abouthistorycommands
hotkey Hotkey status and configuration information
http HTTP
hwtacacs-server HWTACACS server information
<Huawei>display ip?
ip <Group> ipcommandgroup
ipsec Specify IPSec(IP Security) configuration information
ipv6 <Group> ipv6commandgroup
<Huawei>display ip rou?
routing-table Routing table
<Huawei>display ip rou
|
歷史命令查詢和呼叫
示例:檢視歷史命令列表
| 1 2 3 4 5 6 7 8 9 10 11 |
<Huawei>dis his
<Huawei>dishistory-command
display ip rou
display ip rout
return
int g0/0/0
sys
quit
q
system-view
<Huawei>
|
提示:預設歷史命令只會儲存最近10條命令;當然我們可以通過命令去設定顯示的歷史命令條目數量;
設定命令歷史顯示條目數量
| 1 2 3 4 5 6 |
[Huawei]user-int
[Huawei]user-interface con
[Huawei]user-interface console 0
[Huawei-ui-console0]hist
[Huawei-ui-console0]history-commandma
[Huawei-ui-console0]history-commandmax-size 20
|
vrp基礎配置
設定裝置名稱
示例:修改裝置名稱為R1
| 1 2 3 4 5 6 7 |
<Huawei>sys
Enter system view,returnuser view with Ctrl+Z.
[Huawei]sysna
[Huawei]sysname R1
[R1]
[R1]
[R1]
|
配置系統日期時間
示例:修改系統時區為北京時間,東八區
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[R1]clock
[R1]clock tim
[R1]clock timz
[R1]clocktime
[R1]clock timez
[R1]q
<R1>cloc
<R1>clock timez
<R1>clock timezone BJ add 08:00:00
<R1>dis clo
<R1>dis clock
2021-06-20 06:48:42
Sunday
Time Zone(BJ) : UTC+08:00
<R1>
|
提示:設定時區需要在使用者檢視下設定,系統檢視沒法設定;
示例:設定當前時間和日期
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
<R1>dis clock
2021-06-20 06:50:35
Sunday
Time Zone(BJ) : UTC+08:00
<R1>clo
<R1>clock da
<R1>clock datetime ?
HH:MM:SS Specify thetime
<R1>clock datetime 22:51:22 ?
YYYY-MM-DD Specify thedatefrom 2000 to 2099
<R1>clock datetime 22:51:22 2021-06-20
<R1>dis clo
<R1>dis clock
2021-06-20 22:51:25
Sunday
Time Zone(BJ) : UTC+08:00
<R1>
|
配置標題訊息
示例:設定使用者登入前和登入後的標題訊息
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
<R1>sys
Enter system view,returnuser view with Ctrl+Z.
[R1]head
[R1]header lo
[R1]header login ?
fileSpecify filename of banner
information Specify information of banner
[R1]header login inf
[R1]header login information"welcome to R1"
[R1]head
[R1]header lo
[R1]header she
[R1]header shell ?
fileSpecify filename of banner
information Specify information of banner
[R1]header shellin
[R1]header shell information"have a good time"
……
<R1>q
Configuration consoleexit, please press any key to log on
welcome to R1
Login authentication
Password:
have a goodtime
<R1>
|
配置使用者介面命令
示例:配置console口超時時間
| 1 2 3 4 5 6 7 8 9 |
<R1>sys
Enter system view,returnuser view with Ctrl+Z.
[R1]use
[R1]user-bind
[R1]user-group
[R1]user-interface con
[R1]user-interface console 0
[R1-ui-console0]idl
[R1-ui-console0]idle-timeout 5 12
|
提示:上述設定表示設定console口的超時時間為5分12秒;這裡還需要注意一點console口的編號是從0開始的,預設情況下一臺裝置只有一個console口,所以我們設定的都是0口;進入到console 需要用user-interface 命令;該命令後面可以通常都是跟終端型別;常見的終端型別有console,vty;vty就是虛擬的終端,一般遠端用到都是vty型別的終端;預設vty的介面編號範圍最大可以支援到4,即總共支援5個遠端使用者使用vty,當然這個vty的數量是可以更改的,最大支援15個使用者;
示例:進入到vty
| 1 2 3 4 5 6 7 8 9 10 |
<R1>sys
Enter system view,returnuser view with Ctrl+Z.
[R1]user-int
[R1]user-interface vty ?
INTEGER<0-4,16-20> The first user terminal interface to be configured
[R1]user-interface vty 0 ?
INTEGER<1-4> Specify a last user terminal interface number to be configured
<cr> Please press ENTER to executecommand
[R1]user-interface vty 0 4
[R1-ui-vty0-4]
|
配置登入許可權和設定密碼
示例:設定console口登入密碼為admin123.com
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
<R1>sys
Enter system view,returnuser view with Ctrl+Z.
[R1]user-int
[R1]user-interface con
[R1]user-interface console 0
[R1-ui-console0]set
[R1-ui-console0]setau
[R1-ui-console0]setauthentication pa
[R1-ui-console0]setauthentication password ?
cipher Set the password with cipher text
[R1-ui-console0]setauthentication password ci
[R1-ui-console0]setauthentication password cipher admin123.com
[R1-ui-console0]dis this
[V200R003C00]
#
user-interface con 0
authentication-mode password
setauthentication password cipher %$%$W~Nm5vbJ{S0yS@K}!JAF,(BD.-9:#x[ak!f@{wX%
h"*C(BG,%$%$
history-commandmax-size 20
idle-timeout 5 12
user-interface vty 0 4
user-interface vty 16 20
#
return
[R1-ui-console0]q
[R1]q
<R1>q
Configuration consoleexit, please press any key to log on
welcome to R1
Login authentication
Password:
have a goodtime
<R1>
|
提示:password後面的cipher表示回顯加密,即在配置裡面看到的都是加密處理後端字串;
示例:配置vty登入密碼
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
<R1>sys
Enter system view,returnuser view with Ctrl+Z.
[R1]user-interface
[R1]user-interface vty 0 4
[R1-ui-vty0-4]setau
[R1-ui-vty0-4]setauthentication pa
[R1-ui-vty0-4]setauthentication password ci
[R1-ui-vty0-4]setauthentication password cipher admin123.com
[R1-ui-vty0-4]dis this
[V200R003C00]
#
user-interface con 0
authentication-mode password
setauthentication password cipher %$%$"<Kf/[6KRFvztj2q~J'(,(hM.!O.+tL7{XXS5}P:
t-)P(hP,%$%$
history-commandmax-size 20
idle-timeout 5 12
user-interface vty 0 4
authentication-mode password
setauthentication password cipher %$%$"<Kf/[6KRFvztj2q~J'(,(hM.!O.+tL7{XXS5}P:
t-)P(hP,%$%$
user-interface vty 16 20
#
return
[R1-ui-vty0-4]
|
示例:設定遠端登入使用者的許可權為3
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
[R1-ui-vty0-4]user pri
[R1-ui-vty0-4]user privilegele
[R1-ui-vty0-4]user privilege level 3
[R1-ui-vty0-4]d th
[V200R003C00]
#
user-interface con 0
authentication-mode password
setauthentication password cipher %$%$.gtX'!_=\OGX:pJ5f*u6,(2wvE#v<y(fe57<FiMr
i>X9(2z,%$%$
history-commandmax-size 20
idle-timeout 5 12
user-interface vty 0 4
authentication-mode password
user privilege level 3
setauthentication password cipher %$%$.gtX'!_=\OGX:pJ5f*u6,(2wvE#v<y(fe57<FiMr
i>X9(2z,%$%$
user-interface vty 16 20
#
return
[R1-ui-vty0-4]
|
提示:如果不設定使用者許可權級別預設是0,0的許可權很小,只能執行網路診斷工具命令(ping、tracert)、從本裝置出發訪問外部裝置的命令(Telnet客戶端)、部分display命令等。許可權級別分類如下表
| 使用者級別 | 命令級別 | 級別名稱 | 說明 |
| 0 | 0 | 訪問級 |
網路診斷工具命令(ping、tracert)、從本裝置出發訪問 |
| 1 | 0、1 | 監控級 |
用於系統維護,包括display等命令。 |
| 2 | 0、1、2 | 配置級 |
業務配置命令,包括路由、各個網路層次的命令,向用戶 |
| 3~15 | 0、1、2、3 | 管理級 |
用於系統基本執行的命令,對業務提供支撐作用,包括文 |
介面配置地址
| 1 2 3 4 5 6 7 8 9 10 11 12 13 |
<R1>sys
Enter system view,returnuser view with Ctrl+Z.
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add
[R1-GigabitEthernet0/0/0]ip address 192.168.0.111 24
[R1-GigabitEthernet0/0/0]d th
[V200R003C00]
#
interface GigabitEthernet0/0/0
ip address 192.168.0.111 255.255.255.0
#
return
[R1-GigabitEthernet0/0/0]
|
開啟telnet 遠端訪問
| 1 2 3 4 5 6 7 |
[R1-GigabitEthernet0/0/0]q
[R1]telne
[R1]telnet se
[R1]telnet server e
[R1]telnet serverenable
Error: TELNET server has been enabled
[R1]
|
提示:預設華為模擬器ensp上模擬的路由器上開啟了telnet,所以在此開啟會報錯;
實驗:使用r2遠端訪問r1
實驗top
在r2上配置地址,然後使用telnet客戶端連線r1
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
<Huawei>
Jun 20 2021 23:44:30-08:00 Huawei %%01IFPDT/4/IF_STATE(l)[0]:Interface GigabitEt
hernet0/0/0has turned into UP state.
<Huawei>sys
Enter system view,returnuser view with Ctrl+Z.
[Huawei]sys R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 192.168.0.222 24
Jun 20 2021 23:44:55-08:00 R2 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/0has entered the UP state.
[R2-GigabitEthernet0/0/0]q
[R2]q
<R2>tel
<R2>telnet 192.168.0.111
Press CTRL_] to quit telnet mode
Trying 192.168.0.111 ...
Connected to 192.168.0.111 ...
welcome to R1
Login authentication
Password:
have a goodtime
<R1>
|
檢視介面摘要資訊
示例:檢視r1裝置的介面摘要資訊
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
<R1>dis ip int brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UPinPhysical is 2
The number of interface that is DOWNinPhysical is 2
The number of interface that is UPinProtocol is 2
The number of interface that is DOWNinProtocol is 2
Interface IP Address/MaskPhysical Protocol
GigabitEthernet0/0/0192.168.0.111/24up up
GigabitEthernet0/0/1unassigned down down
GigabitEthernet0/0/2unassigned down down
NULL0 unassigned up up(s)
<R1>dis int brief
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(b): BFD down
^down: standby
(e): ETHOAM down
(d): Dampening Suppressed
InUti/OutUti: input utility/outpututility
Interface PHY Protocol InUti OutUti inErrors outErrors
GigabitEthernet0/0/0up up 0% 0% 0 0
GigabitEthernet0/0/1down down 0% 0% 0 0
GigabitEthernet0/0/2down down 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
<R1>
|
提示:dis ip int brief 和dis int brief的區別是,dis ip int brief 一般用於檢視三層介面的簡要資訊,所謂三層一般就是可以配置ip地址資訊的介面;dis int brief 一般多用於檢視二層介面簡要資訊;
狀態資訊查詢
示例:檢視vrp版本資訊
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
<R1>dis
<R1>display ver
<R1>display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.130 (AR2200 V200R003C00)
Copyright (C) 2011-2012 HUAWEI TECH CO., LTD
Huawei AR2220 Router uptime is 0 week, 0 day, 1 hour, 55 minutes
BKP 0 version information:
1. PCB Version : AR01BAK2A VER.NC
2. If Supporting PoE : No
3. Board Type : AR2220
4. MPU Slot Quantity : 1
5. LPU Slot Quantity : 6
MPU 0(Master) : uptime is 0 week, 0 day, 1 hour, 55 minutes
MPU version information :
1. PCB Version : AR01SRU2A VER.A
2. MAB Version : 0
3. Board Type : AR2220
4. BootROM Version : 0
<R1>
|
示例:檢視當前檢視的配置
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
<R1>dis
<R1>display this
#
return
<R1>sys
Enter system view,returnuser view with Ctrl+Z.
[R1]user-int
[R1]user-interface con
[R1]user-interface console 0
[R1-ui-console0]dis this
[V200R003C00]
#
user-interface con 0
authentication-mode password
setauthentication password cipher %$%$)i3~%MGAQ,00KSWe|";E,+jWV+l97J2A9'P]E[=}
CA"9+jZ,%$%$
history-commandmax-size 20
idle-timeout 5 12
user-interface vty 0 4
authentication-mode password
user privilege level 3
setauthentication password cipher %$%$)i3~%MGAQ,00KSWe|";E,+jWV+l97J2A9'P]E[=}
CA"9+jZ,%$%$
user-interface vty 16 20
#
return
[R1-ui-console0]
|