《华为系列中端路由器典型配置手册讲课教案.doc》由会员分享,可在线阅读,更多相关《华为系列中端路由器典型配置手册讲课教案.doc(270页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、Good is good, but better carries it.精益求精,善益求善。华为系列中端路由器典型配置手册-Quidway系列中端路由器典型配置手册目录第1章 路由器日常维护典型配置1.1 基本操作1.1.1 常用命令新旧对照列表表1-1 常用命令新旧对照表旧新旧新showdisplayshowversiondispversionnoundoshowrundispcurrent-configurationuserlocal-usershowtech-supportdispbase-informationendreturnshowstartdispsaved-configurat
2、ionexitquitexitlogoutctrl+zctrl+qrouterripripctrl+pctrl+erouterospfospfnodebugallctrl+drouterbgpbgphostnamesysnameaccess-listaclwritesaveerasedelete0simple7cipherhostiphostlogginginfo-centerencaplink-pro注意:dispcur显示路由器当前生效的配置参数,同时也是可以输入的命令disp是display的缩写,在没有歧义时路由器会自动识别不完整词disp和ping命令在任何视图下都可执行,不必切换到
3、系统视图删除某条命令,一般的命令是undoxxx,另一种情况是用其他的参数代替现在的参数,如有时虽然xxxabc无法undo删除,但是可以修改为xxxdef清除所有的配置命令是delete,需要y/n确认或者取消,重启生效1.2 路由器配置之后,所需要的检查事项表1-2 配置路由器之后的检查事项序号检查项目记录1是否设置了exec-administrator用户名和密码,以防止他人随意登陆路由器进行配置或其他危险操作2bootrom和exec-administrator是否设置了足够强度的密码,请牢记.如123,abc等是危险的密码3接口下是否配置了正确的ip地址,并且处于undoshutdo
4、wn状态4静态路由是否配置;或者动态路由是否使能5接口下是否配置了description以确保配置的易读性6配置包过滤防火墙,是否firewallenable并且在接口的正确方向(in/out)引用了acl命令7acl中反掩码配置得是否正确8串口缺省封装的是ppp协议,互通两端需要一致,某些牌子路由器缺省串口配置的是hdlc,我们推荐ppp9debug开关是否已经关闭,可以运行Routerundodebugall或者ctrl+d10sysname是否可以明显区别出并定位到路由器11请检查console配置线缆和aux备份线缆是否放在不易丢失,不会遗忘的地方12如果aux口不做业务,建议配置as
5、ymodeflow/undomodem两条命令,做为console口的备份13【线缆上是否有标签,线缆标签上应注明足够的信息,以便排除线路故障时,可以从容不迫】14模块是否拧紧15路由器是否固定良好,是否有足够的支撑16路由器是否接地,多雷电地区,或者路由器线路有室外走线的,一定要良好接地,接地电阻不大于5欧姆17是否配置命令的接口和线缆所插接口一致18版本信息和路由器配置是否已经备份到pc机:displayversion/displaycur/displaybase19路由器是上是否已经运行Routersave以确保当前的正确配置保存到路由器上说明:因路由器型号和配置模块差别,以及阅读方便,
6、以下所有配置中仅给出相关配置;配置分三列,最左是视图模式,表示当前命令的可执行视图模式,中间一列是dispcur所显示的配置命令,也是我们需要输入的,最右是相应解释1.3 远程登陆telnet1.3.1 缺省情况:无需用户名和密码,均可telnet图1-3 组网:pctelnet到路由器配置:version1.74适用版本vrp1.7!RouterinterfaceEthernet0Router-Ethernet0ipaddress10.0.0.1255.255.255.0!RouterinterfaceSerial0Router-Serial0link-protocolppp!Routeri
7、nterfaceBri0Router-Bri0link-protocolppp!quit注意:中端路由器的缺省配置下,pc可以直接登陆到路由器上,无须用户名和密码1.3.2 允许telnet:只有正确的用户名和密码才可以telnet配置:version1.74适用版本vrp1.7Routerlocal-userbservice-typeexec-administratorpasswordsimpleb!RouterinterfaceEthernet0Router-Ethernet0ipaddress10.0.0.1255.255.255.0!RouterinterfaceSerial0Rout
8、er-Serial0link-protocolppp!RouterinterfaceBri0Router-Bri0link-protocolppp!quit现象:pc从远程telnet或者是console口登陆路由器时出现输入用户名和密码提示,输入用户名:b,密码:b,登陆成功注意:错误的用户名和密码是无法进行配置的1.3.3 禁止telnet:只允许特定IP地址设备telnet到路由器version1.74适用版本vrp1.7Routerlocal-useraservice-typeexec-adminastratorpasswordsimpleatelnet的用户名是a密码是aRouter
9、!Routeracl101Router-acl-101rulepermittcpsource10.0.0.20.0.0.0destination10.0.0.10.0.0.0eqtelnet允许10.0.0.2主机telnet到10.0.0.1Router-acl-101ruledenytcpsourceanydestination10.0.0.10.0.0.0eqtelnet禁止所有telnet到10.0.0.1的报文!RouterinterfaceEthernet0Router-Ethernet0ipaddress10.0.0.1255.255.255.0Router-Ethernet0f
10、irewallpacket-filter101inbound接口引用acl101!RouterinterfaceSerial0Router-Serial0link-protocolppp!RouterinterfaceBri0Router-Bri0link-protocolppp!quit现象:仅ip为10.0.0.2的设备才能登陆到10.0.0.1这台路由器上1.4 ftp在线升级vrp图1-4 组网:pcftp到路由器配置:!Routerversion1.74适用版本vrp1.7Routerlocal-userftpservice-typeftppasswordsimpleftpftp的用
11、户名ftp,密码ftpRouterftp-serverenable打开ftp-server开关!RouterinterfaceEthernet0Router-Ethernet0ipaddress10.0.0.1255.255.255.0!RouterinterfaceSerial0Router-Serial0link-protocolppp!RouterinterfaceBri0Router-Bri0link-protocolppp!quit过程:1.windows开始-运行中输入:ftp10.0.0.12.输入用户名:ftp;输入密码:ftp3.pwd/显示路由器当前路径4.lcd/显示pc
12、机路径,将vrp版本文件重命名为system后放入此目录,system无任何后缀5.bin/更改为二进制传输方式6.hash/显示传输进度7.getconfig/下载配置文件,备份之用8.putsystem/从pc机往路由器上传版本文件,本地版本文件必须更名为system其他命令:getsystem/从路由器向pc机下载版本文件,存放路径就是lcd所显示目录putconfig/上传配置文件9.若在传输过程中出现意外中断,此时请不要重启路由器;正确的做法是添加新的ftp用户local-usera1service-typeexec-adminastratorpasswordsimplea1,并从1
13、.操作开始重新进行10.当显示”filetransmitsuccess”字样时,请重启路由器:reboot图1-5 11.当路由器重启正常后,确认配置无误,关闭ftp服务功能:undoftpenableftp升级过程图示ftp升级完毕图示注意:1.版本配套关系,带E和不带E路由器的版本文件是不同的具体设备的bootrom和vrp配套版本请到的软件中心查询下载2.重启前,请在pc机上备份配置3.升级过程若中断,请重新升级正确版本,升级过程中请勿重启路由器,否则路由器无法正常启动4.升级时,system文件上传过程中,路由器业务不会中断5.pc机与需升级路由器之间线路不限,但其速率最好不要低于56
14、K1.5 tftp升级vrp过程:首先启动tftp软件,并设置好目录Quidwaystartbooting(M)odifyanyofQuidwayrouterconfigurationor(C)ontinue?MMForeachofthefollowingquestions,youcanpresstoselectthevalueshowninbraces,oryoucanenteranewvalue.NETWORKINTERFACEPARAMETERS:DoyouwantaLANinterface?NyThisboardsLANIPaddress?169.254.10.1010.0.0.1Su
15、bnetmaskforLAN(0fornone)?255.255.0.0255.255.255.0TFTPSERVERPARAMETERS:IPaddressoftheTFTPserver?169.254.75.16610.0.0.254Whatisthenameofthefiletobeloadedandstarted?m8240ram.arjQ263XE-36XXE-V1.63-002.BINHowlong(inseconds)shouldCPUdelaybeforestartingup?5-NETWORKINTERFACEPARAMETERS:IPaddressonLANis10.110
16、.50.1LANinterfacessubnetmaskis0xfffff800HARDWAREPARAMETERS:ProcessortypeisMPC8240InternalClockRate250MhzExternalClockRate100MhzLANControllerisIntel82559Serialchannelswilluseabaudrateof9600TFTPSERVERPARAMETERS:IPaddressoftheTFTPhostis10.110.51.11ThefiletodownloadandstartisaAfterboardisreset,start-upc
17、odewillwait5seconds-(M)odifyanyofQuidwayrouterconfigurationor(C)ontinue?Mc*QuidwaySeriesRouterBootrom,V4.32*Copyright(C)1999-2001byHUAWEITECHCO.,LTD.Compiledat17:47:11,Mar212002.Nowtestingmemory.OK!128MbytesSDRAM8192kbytesflashmemoryPressCtrl-BtoenterBootMenuPleaseinputBootrompassword:BootMenu:1:Dow
18、nloadapplicationprogramwithXMODEM2:DownloadapplicationprogramwithTFTP3:Clearapplicationpassword4:Clearconfiguration5:QuitandrebootEnteryourchoice(1-5):2PleasestartTFTPserverthenpressENTERkeytogetstartStartingtheTFTPdownload.readlen=05802263WritingprogramcodetoFLASH.Pleasewaiting,itneedsalongtime(abo
19、ut1min)WriteFlashSuccess.PressENTERkeytorebootthesystem.适用版本vrp1.5/1.6/1.7quidwaystartbooting出现时迅速按n,多按不限选择M选择Y路由器的ip地址掩码pc的ip地址网站下载的升级软件的名字回车键入C按ctrl+b选择2将版本文件写入flash回车重启注意:1.tftp升级必须在近端进行,远程无法操作2.tftp软件下载链接http:/perso.wanadoo.fr/philippe.jounin/default.html1.6 打开debug开关过程:Routerinfo-centerenable配置
20、口情况时:Routerinfo-centerconsoleRouterinfo-centerconsoledebug远程telnet情况时:Routerinfo-centermonitorRouterinfo-centermonitordebug然后,此处以调试链路层协议ppp数据包为例Routerdebuggingppppacket注意:1.特权模式下debug;可以从displaydebug看出现在有哪些调试开关是打开的2.调试开关打开,对路由器性能会有相应程度的影响,所以用后请及时关闭调试信息:Routerundodebugall,或者ctrl+d亦可1.7 Snmp配置!version
21、1.74适用版本vrp1.7Router!RouterinterfaceEthernet0Router-Ethernet0ipaddress10.0.0.1255.255.255.0!RouterinterfaceSerial0Router-Serial0link-protocolppp!RouterinterfaceBri0Router-Bri0link-protocolpppRouter-Bri0dialerin-band!quitRoutersnmp-agent使能snmp服务Routersnmp-agentlocal-engineid800007DB0300E0FC0F6256全网唯一
22、设备引擎IDRoutersnmp-agentcommunityreadisPublic设置读团体名:isPublicRoutersnmp-agentcommunitywriteisPrivate设置写团体名:isPrivateRoutersnmp-agentsys-infoversionall选择网管snmpv1/v2/v3Routersnmp-agentsys-infocontact010-12345678联系电话:010-12345678Routersnmp-agenttarget-hosttrapaddress10.0.0.10port69parametersv1securityname
23、aaa设置trap接收主机10.0.0.10Routersnmp-agentsys-infolocationHuaweiTech.Beijing,China路由器位置Routersnmp-agenttrapenablestandardauthenticationcoldstartlinkdownlinkupwarmstartTrap的内容standardauthenticationcoldstartlinkdownlinkupwarmstartRoutersnmp-agenttrapenablesystemTrap的内容system!注意:1.网管的communityname应该与路由器上配置
24、一致2.缺省配置下communityreadname为public,communitywritename为private1.8 终端接入服务器(哑终端)1.8.1 不同的终端使用不同的unix主机上的不同业务组网:图1-6 终端接入服务器之不同的终端使用不同unix主机上的不同业务需求:终端0/1/2应用对公业务;终端3/4/5/6/7应用储蓄业务配置:!version1.74适用版本vrp1.7Routerttyenable使能终端接入服务功能Routertty-appsenderconnect0-210.0.1.290011duigong0-2对公业务Routertty-appsender
25、connect3-710.0.1.190001chuxu3-7储蓄业务!RouterinterfaceSerial0Router-Serial0clockDTECLK1Router-Serial0link-protocolpppRouter-Serial0ipaddress10.0.0.1255.255.255.0!RouterinterfaceAsync0Router-Async0undomodemRouter-Async0asyncmodetty00016000请注意数字颜色Router-Async0link-protocolppp与上下文的对应关系!RouterinterfaceAsyn
26、c1Router-Async1undomodemRouter-Async1asyncmodetty10116000Router-Async1link-protocolppp!RouterinterfaceAsync2Router-Async2undomodemRouter-Async2asyncmodetty20216000Router-Async2link-protocolppp!RouterinterfaceAsync3Router-Async3undomodemRouter-Async3asyncmodetty30316000Router-Async3link-protocolppp!R
27、outerinterfaceAsync4Router-Async4undomodemRouter-Async4asyncmodetty40416000Router-Async4link-protocolppp!RouterinterfaceAsync5Router-Async5undomodemRouter-Async5asyncmodetty50516000link-protocolppp!RouterinterfaceAsync6Router-Async6undomodemRouter-Async6asyncmodetty60616000Router-Async6link-protocol
28、ppp!RouterinterfaceAsync7Router-Async7undomodemRouter-Async7asyncmodetty70716000Router-Async7link-protocolppp!quitRouteriproute-static0.0.0.00.0.0.010.0.0.2preference60!quit储蓄unix主机10.0.1.1的ttyd.conf内容:severport9000mode1squitsize512readsize300interval200nodelay1debug0ttyp5010.0.0.13ttyp5110.0.0.14tt
29、yp5210.0.0.15ttyp5310.0.0.16ttyp5410.0.0.17对公unix主机10.0.1.2的ttyd.conf内容:severport9001mode1squitsize512readsize300interval200nodelay1debug0ttyp5010.0.0.10ttyp5110.0.0.11ttyp5210.0.0.121.8.2 不同终端使用同一unix主机上的不同业务图1-7 组网:不同终端使用同一unix主机上的不同业务需求:对公储蓄业务均在一台unix主机上运行;终端0/1/2应用对公业务,终端3/4/5/6/7应用储蓄业务配置:!versi
30、on1.74适用版本vrp1.7RouterTtyenable使能终端接入服务功能Routertty-appsenderconnect0-210.0.1.190011duigong0-2对公Routertty-appsenderconnect3-710.0.1.190001chuxu3-7储蓄!RouterinterfaceSerial0Router-Serial0clockDTECLK1Router-Serial0link-protocolpppRouter-Serial0ipaddress10.0.0.1255.255.255.0!RouterinterfaceAsync0Router-A
31、sync0undomodemRouter-Async0asyncmodetty00016000请注意数字颜色Router-Async0link-protocolppp与上下文对应关系!RouterinterfaceAsync1Router-Async1undomodemRouter-Async1asyncmodetty10116000Router-Async1link-protocolppp!RouterinterfaceAsync2Router-Async2undomodemRouter-Async2asyncmodetty20216000Router-Async2link-protocol
32、ppp!RouterinterfaceAsync3Router-Async3undomodemRouter-Async3asyncmodetty30316000Router-Async3link-protocolppp!RouterinterfaceAsync4Router-Async4undomodemRouter-Async4asyncmodetty40416000Router-Async4link-protocolppp!RouterinterfaceAsync5Router-Async5undomodemRouter-Async5asyncmodetty50516000Router-A
33、sync5link-protocolppp!RouterinterfaceAsync6Router-Async6undomodemRouter-Async6asyncmodetty60616000Router-Async6link-protocolppp!interfaceAsync7RouterundomodemRouter-Async7asyncmodetty70716000Router-Async7link-protocolppp!quitRouteriproute-static0.0.0.00.0.0.010.0.0.2preference60!returnunix主机10.0.1.1
34、储蓄的ttyd1.conf内容:severport9000mode1squitsize512readsize300interval200nodelay1debug0ttyp5010.0.0.13ttyp5110.0.0.14ttyp5210.0.0.15ttyp5310.0.0.16ttyp5410.0.0.17unix主机10.0.1.1对公的ttyd2.conf内容:severport9001mode1squitsize512readsize300interval200nodelay1debug0ttyp6010.0.0.10ttyp6110.0.0.11ttyp6210.0.0.121.
35、8.3 同一终端同时使用多种业务图1-8 组网:同一终端同时使用多种业务需求:终端0/1可以处理储蓄,对公,记账,外汇四项业务终端2/3可以处理储蓄,对公,记账三项业务终端4/5可以处理储蓄,记账两项业务终端6/7可以处理储蓄业务切换按键为ctrl6,对应的anscii值为30表1-3 同一终端使用不同业务业务虚终端终端chuxuduigongjizhangwaihui0012310123201230124015016070配置:!version1.74适用版本vrp1.7Routerttyenable使能终端接入服务功能Routertty-appsenderconnection010.0.1
36、.190001chuxuRoutertty-appsenderconnection110.0.1.190011duigongRoutertty-appsenderconnection210.0.1.290021jizhangRoutertty-appsenderconnection310.0.1.290031waihuiRoutertty-appsenderconnection410.0.1.190001chuxuRoutertty-appsenderconnection510.0.1.190011duigongRoutertty-appsenderconnection610.0.1.2900
37、21jizhangRoutertty-appsenderconnection710.0.1.290031waihuiRoutertty-appsenderconnection810.0.1.190001chuxuRoutertty-appsenderconnection910.0.1.190011duigongRoutertty-appsenderconnection1010.0.1.290021jizhangRoutertty-appsenderconnection1110.0.1.190001chuxuRoutertty-appsenderconnection1210.0.1.190011
38、duigongRoutertty-appsenderconnection1310.0.1.290021jizhangRoutertty-appsenderconnection1410.0.1.190001chuxuRoutertty-appsenderconnection1510.0.1.290021jizhangRoutertty-appsenderconnection1610.0.1.190001chuxuRoutertty-appsenderconnection1710.0.1.290021jizhangRoutertty-appsenderconnection1810.0.1.1900
39、01chuxuRoutertty-appsenderconnection1910.0.1.190001chuxu!RouterinterfaceSerial0Router-Serial0clockDTECLK1Router-Serial0link-protocolpppRouter-Serial0ipaddress10.0.0.1255.255.255.0!RouterinterfaceAsync0Router-Async0undomodemRouter-Async0asyncmodetty000Router-Async0asyncmodetty011Router-Async0asyncmodetty022Router-Async0asyncmodetty033Router-Async0ttymenu-key30Router-Async0link-protocolppp!RouterinterfaceAsync1Router-Async1undomodemRouter-Async1asyncmodetty104Router-Async1asyncmodetty115Router-Async1asyncmodetty126Router-Async1asyncmodetty137R