网络路由与交换命令
仅列举一些常用场景
h3c
交换机接口配置
[H3C]vlan 100 #创建vlan
[H3C]interface GigabitEthernet 1/0/1 #进入接口
[H3C-GigabitEthernet1/0/1]display this #查询当前配置
#
interface GigabitEthernet1/0/1
port access vlan 200
#
return
[H3C-GigabitEthernet1/0/1]port access vlan 100 #修改access接口vlan为100
[H3C-GigabitEthernet1/0/1]default #初始化接口
This command will restore the default settings. Continue? [Y/N]:y #确定初始化
[H3C-GigabitEthernet1/0/1]port link-type trunk #修改接口类型为trunk
[H3C-GigabitEthernet1/0/1]port trunk permit vlan all #允许所有vlan通过
[H3C-GigabitEthernet1/0/1]port trunk pvid vlan 2 #配置pvid为vlan 2默认为1
[H3C-GigabitEthernet1/0/1]display this #查询当前配置
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 2
#
return
[H3C-GigabitEthernet1/0/1]undo port trunk permit vlan all #禁止所有vlan通过
[H3C-GigabitEthernet1/0/1]port trunk permit vlan 100 #添加允许vlan 100通过
[H3C-GigabitEthernet1/0/1]port trunk permit vlan 200 #添加允许vlan 200通过
接口IP配置
提示
只有高端一点的交换机或路由器才有三层模式
二层模式 接口为二层模式,ip地址只能配在vlan子接口下,低端交换机只有二层模式
[H3C]vlan 50 to 60 #创建vlan 50到60,共11个vlan
# 进入vlan子接口配置ip
[H3C]interface Vlan-interface50
[H3C-Vlan-interface50]ip address 192.168.1.1 24
[H3C]interface Vlan-interface60
[H3C-Vlan-interface60]ip address 192.168.2.1 24
[H3C-Vlan-interface60]quit
#奖物理接口g1/0/20和g1/0/21分别划分到 vlan50和60下
[H3C]interface GigabitEthernet 1/0/20
[H3C-GigabitEthernet1/0/20]port access vlan 50
[H3C-GigabitEthernet1/0/20]quit
[H3C]interface GigabitEthernet 1/0/21
[H3C-GigabitEthernet1/0/21]port access vlan 60
[H3C-GigabitEthernet1/0/21]quit
三层模式
[H3C]interface GigabitEthernet 1/0/20
[H3C-GigabitEthernet1/0/20]port link-mode route #切换到三层模式
The configuration of the interface will be restored to the default. Continue? [Y/N]:y
%Feb 2 10:17:28:437 2024 H3C IFNET/3/PHY_UPDOWN: Physical state on the interface GigabitEthernet1/0/20 changed to down.
%Feb 2 10:17:28:437 2024 H3C IFNET/5/LINK_UPDOWN: Line protocol state on the interface GigabitEthernet1/0/20 changed to down.
%Feb 2 10:17:30:495 2024 H3C IFNET/3/PHY_UPDOWN: Physical state on the interface GigabitEthernet1/0/20 changed to up.
%Feb 2 10:17:30:496 2024 H3C IFNET/5/LINK_UPDOWN: Line protocol state on the interface GigabitEthernet1/0/20 changed to up.
[H3C-GigabitEthernet1/0/20]ip address 192.168.1.1 24 #三层模式下可直接配置接口ip
#G1/0/21配置过程略
pc1配置为
ip地址: 192.168.2.2
子网掩码: 255.255.255.0
网关: 192.168.2.1
pc2配置为
ip地址: 192.168.1.2
子网掩码: 255.255.255.0
网关: 192.168.1.1
此时两台pc已经能够互相通信。若无法通信按以下思路进行排查:
1.确保pc1和pc2物理链接正常,如果vlan中没有物理接口是启用状态,虚拟子接口将会自动停用,即如果pc2未连接,pc1 ping 192.168.1.1也是不可达的。
2.ping检测
ping 192.168.2.1 #网关不通,检查物理链路是否正确,ip地址配置,vlan配置,arp冲突,ip地址冲突
ping 192.168.1.1 #检查网关配置,子网掩码,acl策略
ping 192.168.1.2 #检查pc2防火墙,网关,子网掩码,acl策略
路由表及静态路由
以三层接口为例,二层接口ip请配在vlan子接口下
[H3C]interface GigabitEthernet 1/0/24
[H3C-GigabitEthernet1/0/24]port link-mode route
The configuration of the interface will be restored to the default. Continue? [Y/N]:y
[H3C-GigabitEthernet1/0/24]ip address 192.168.100.1 24
[H3C-GigabitEthernet1/0/24]quit
[H3C]ip route-static 0.0.0.0 0 192.168.100.2 #指定交换机/路由器默认路由
#查询当前路由表
[H3C]display ip routing-table
Destinations : 21 Routes : 21
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 Static 60 0 192.168.100.2 GE1/0/24
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.0/24 Direct 0 0 192.168.1.1 Vlan50
192.168.1.0/32 Direct 0 0 192.168.1.1 Vlan50
192.168.1.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.255/32 Direct 0 0 192.168.1.1 Vlan50
192.168.2.0/24 Direct 0 0 192.168.2.1 Vlan60
192.168.2.0/32 Direct 0 0 192.168.2.1 Vlan60
192.168.2.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.2.255/32 Direct 0 0 192.168.2.1 Vlan60
192.168.100.0/24 Direct 0 0 192.168.100.1 GE1/0/24
192.168.100.0/32 Direct 0 0 192.168.100.1 GE1/0/24
192.168.100.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.100.255/32 Direct 0 0 192.168.100.1 GE1/0/24
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
路由匹配优先级,在没有策略路由的情况下: 路由优先级pre越小越优先,开销cost越小越优先,路由表中只会显示当前最优的路由信息
- 最长掩码匹配,比如本设备访问192.168.1.1只会匹配到Inloop0接口,即本机.而不会匹配到默认路由
- 路由优先级,直连路由>ospf>isis>静态路由>rip(已弃用)>bgp,因此即使我们配置一条静态路由,如下:
[H3C]ip route-static 192.168.1.0 255.255.255.0 192.168.100.2 #即使配置了路由表中也不会显示
但是,当vlan 50没有任何物理接口或trunk引用时,原直连路由丢失,静态路由将会启用,根据这个原理也可以做主备 3. 路由优化级相同时,按cost值越小,路由越优先.一般存在于ospf|rip(已弃用)或bgp中
策略路由
策略路由,不按路由优先级匹配,按1~65535从小到大依次匹配,只要命中一条,就完成匹配,多数情况下可以替代代静态路由
链路聚合
链路聚合前需要先对接口进行初始化
[H3C]interface Bridge-Aggregation 1 #创建聚合组1
[H3C-Bridge-Aggregation1]quit
[H3C]interface Bridge-Aggregation 2 #创建聚合组2
[H3C-Bridge-Aggregation2]quit
[H3C]interface range GigabitEthernet 1/0/1 to GigabitEthernet 1/0/2 #进入临时端口组1,2口
[H3C-if-range]default #初始化接口
[H3C-if-range]port link-aggregation group 1 #将1,2口加入到聚合组1中
[H3C-if-range]quit #退出接口,回到上级菜单
[H3C]interface range GigabitEthernet 1/0/3 to GigabitEthernet 1/0/4
[H3C-if-range]default
[H3C-if-range]port link-aggregation group 2
[H3C-if-range]quit
[H3C]interface Bridge-Aggregation 1 #进入聚合组1
#h3c交换机接口默认为access,此处省略了port link-tye access
[H3C-Bridge-Aggregation1]port access vlan 100 #配置接口vlan为100
Configuring GigabitEthernet1/0/1 done.
Configuring GigabitEthernet1/0/2 done.
#h3c交换机默认为静态链路聚合
[H3C-Bridge-Aggregation1]link-aggregation mode dynamic #配置为lacp动态链路聚合
[H3C-Bridge-Aggregation1]link-aggregation load-sharing mode ?
destination-ip Destination IP address #四种动态链路聚合模式
destination-mac Destination MAC address
source-ip Source IP address
source-mac Source MAC address
[H3C-Bridge-Aggregation1]undo link-aggregation mode #取消动态链路聚合,恢复为静态
#以下是优化lacp链接用的,可以不配置
[H3C]interface range GigabitEthernet 1/0/1 to GigabitEthernet 1/0/2
[H3C-if-range]lacp mode passive #配置接口lacp为被动模式,该模式只能接收lacp报文,不会主动发送lacp报文,一般不用
[H3C-if-range]lacp period short #配置lacp短超时,不配置的话是30秒,配置了是3秒
镜像流量
镜像流量g1/0/10进出流量到g1/0/11口
[H3C]vlan 20 30 #创建两个vlan
# 分别给g1/0/10,g1/0/11配置vlan 20,30
[H3C]interface GigabitEthernet 1/0/10
[H3C-GigabitEthernet1/0/10]port access vlan 20
[H3C-GigabitEthernet1/0/10]quit
[H3C]interface GigabitEthernet 1/0/11
[H3C-GigabitEthernet1/0/11]port access vlan 30
[H3C-GigabitEthernet1/0/11]quit
[H3C]display mirroring-group all #查看所有镜像流量组
[H3C]mirroring-group 1 local #创建镜像组1
#配置g1/0/10为镜像流量源,g1/0/11为镜像目的
[H3C]mirroring-group 1 mirroring-port GigabitEthernet 1/0/10 both
[H3C]mirroring-group 1 monitor-port GigabitEthernet 1/0/11
[H3C]undo mirroring-group 1 #取消镜像组1
BGP配置
R1
interface Ten-GigabitEthernet1/0/13
port link-mode route
ip address 192.168.5.4 255.255.255.0
#
interface Ten-GigabitEthernet1/0/14
port link-mode route
ip address 192.168.2.4 255.255.255.0
#
interface Ten-GigabitEthernet1/0/15
port link-mode route
ip address 192.168.16.4 255.255.255.0
#
interface Ten-GigabitEthernet1/0/16
port link-mode route
ip address 192.168.15.4 255.255.255.0
bgp 6000
peer 192.168.2.5 as-number 7000
peer 192.168.15.40 as-number 6000
#
address-family ipv4 unicast
network 192.168.2.0 255.255.255.0
network 192.168.5.0 255.255.255.0
network 192.168.16.0 255.255.255.0
peer 192.168.2.5 enable
peer 192.168.15.40 enable
R2
interface Ten-GigabitEthernet1/0/1
port link-mode route
ip address 192.168.2.5 255.255.255.0
#
interface Ten-GigabitEthernet1/0/2
port link-mode route
ip address 192.168.10.5 255.255.255.0
bgp 7000
peer 192.168.2.4 as-number 6000
#
address-family ipv4 unicast
network 192.168.2.0 255.255.255.0
network 192.168.10.0 255.255.255.0
peer 192.168.2.4 enable
display bgp peer ipv4 #查询对等体建立状态
display bgp routing-table ipv4 #查询BGP路由