Professional Documents
Culture Documents
Huawei Commands JM
Huawei Commands JM
Huawei Commands JM
- Several commands
display current-configuration - Similar to Cisco “show run”
display ip interface brief
display interface description
display transceiver interface <Interface> verbose - Dicplay F.O parameters on a port (Rx/Tx)
display logbuffer
display trapbuffer - Check whether powered on and powered off information is frequently displayed
clear configuration interface ? - Similar to “default interface” of Cisco, the interface turns “shutdown”
interfacex/x]clear configuration this - Dentro de una interfaz, puedo un reset a los paramentros default (borra la config)
display configuration candidate [changes] - Similar to Cisco “show config” on XR
[change] muestra que se borra (-), y que se agrega (+)
- PoE Power
display poe-power - Check PoE power supply info
display poe information
display poe power slot 0 - Display the output power per port
- Schedule reboot
>schedule reboot ? - Similar to Cisco “reload in”
at Specify the exact time. - Set a time interval TIME (mm or hh:mm) & DATE (YYYY-MM-DD)
delay Specify the time interval - Set a time interval (mm or hh:mm), e.g 15 minutes to reboot
display schedule reboot - Display schedule reboot information, remaining time until reboot
> undo schedule reboot - CANCEL reboot, only works in “>” mode
- Check SSH
display ssh server status - Display SSH server status, stelnet must be enable, can be enable with stelnet server enable
display users
display user-interface máximum-vty
display rsa local-key-pair public - Check whether the RSA public key exists, can be config with rsa local-key-pair create
- ARP
>arp -a - Dislay ARP Table (ARP Cache)
>display arp all
>display arp track
]command-privilege level 3 view user save - Page 166 HCNA, indicates that only a user "level 3" can execute the command "save" in "user view"
]screen-length <0 - 512> - Console/VTY mode] Modify number of lines displayed, default are 24, max 512
- If screen-legth is set to 0, nothing is display=very bad
]non-authentication - Console/VTY mode] It’s the default value in Console Line, no credential are needed to enter the device
>display interface <INTERFACE> - Display interface status
<AR_VID_RAC_01_(P04)>dir | i cfg
Idx Attr Size(Byte) Date Time(LMT) FileName
7 -rw- 1,916 May 07 2017 12:50:52 vrpcfg.zip - Notar el tamaño del Archivo vrpcfg.zip
<AR_VID_RAC_01_(P04)>reset saved-configuration ?
<cr> Please press ENTER to execute command
<AR_VID_RAC_01_(P04)>reset saved-configuration
Warning: This will delete the configuration in the flash memory.
The device configurations will be erased to reconfigure.
Are you sure? (y/n):y.
Info: Clear the configuration in the device successfully.
<AR_VID_RAC_01_(P04)>dir | i cfg
Idx Attr Size(Byte) Date Time(LMT) FileName
7 -rw- 120 Oct 26 2017 23:50:17 vrpcfg.zip - Notar que el archivo vrpcfg.zip se sobre-escribio con la config default
<AR_VID_RAC_01_(P04)>reboot
Info: The system is comparing the configuration, please wait.
Warning: All the configuration will be saved to the next startup configuration. Continue? [y/n]:n - OJO, sí le doy “Y” la config FULL que esta en RAM, pasa nuevamente
al archivo
System will reboot! Continue? [y/n]:y osea, es como no haber hecho NADA. Hay que decirle que NO (n)
Info: system is rebooting, please wait...
Oct 26 2017 23:51:15-06:00 AR_VID_RAC_01_(P04) %%01DEV/4/ENTRESET(l)[0]:Board[0] is reset, The reason is: Reset by user command.
<Huawei> - Se ingresa al equipo con las credenciales default.
El equipo queda con la config DEFAULT
- VRP Image
_Example of the VRP versión upgrades:
Version 5.90 (AR2200 V200R001C00)
Version 5.160 (AR2200 V200R007C00)
2. TFTP Server
a. Retrieve files from a TFTP server
>tftp <IP_TFTP_Server> get <FILE_NAME>
<Root protection>
- Function:
1. Port with root-protection on, if received a superior BPDU, takes the following actions:
stops forwarding packets
turns to listening state
port retains a Designated state
2. If the port does not receive superior BPDU for certain period, restored the port to normal condition (FWD)
]stp root-protection - interface mode] Root protection prevents changes in STP topo,
as result of root bridge transition, caused by receiving superior BPDU
- RSTP
]stp mode rstp - Set RSTP mode
]stp edged-port enable - interface mode] Allows transition of edge port to forwarding without delay (similar PortFast)
- Interfaces on S5700 are "non-edge" ports by default
>display stp
3. Metric (Cost)
Note: Only best routes are install from FIB to RT (routing table)
<Other Considerations>
1. Route Convergence
> Default convergence priorities of public routes
[Routing Protocol or Route Type] [Convergence Priority]
Direct High
Static Medium
32-bit host routes of OSPF & IS-IS Medium
OSPF routes (excluding 32-bit host routes) Low
IS-IS routes (excluding 32-bit host routes) Low
RIP Low
BGP Low
- Static Route
]ip route-static <Dest_IP> <Dest_Mask> - System view] Set Static route. Mask can be subnet mask (255.255.255.0) or prefix format (24)
<Next-Hop_IP> - Define static route with next-hop, used in Ethernet enviroment
<Interface_type> <Outbound_Interface_ID> - Define static route with outbound interface, must be configured for serial médium (P2P)
{Next-Hop_IP | interface} preference INTEGER<1-255> - Preference parameter used for floating static routes or or simply to define a preference different from default (60)
- Load Balancing is applied when there are two or more routes with same weights towards the same destination,
by different next-hops
<Static route example> -
ip route-static 11.0.0.0 255.255.255.0 10.0.0.1
ip route-static 11.0.0.0 255.255.255.0 20.0.0.1 preference 65
ip route-static 33.0.0.0 24 30.0.0.2
ip route-static 0.0.0.0 0 10.0.0.1 - Default route with next-hop, using prefix format (0), however in the config is stored as 0.0.0.0 (Simulated)
ip route-static 0.0.0.0 0.0.0.0 serial 0/0
- RIP
<All of this was validated via Simulation>
]rip INTEGER<1-65535> - Enable RIP. If no Process ID is defined, default process of 1 is set.
- It is recommended to use the same Process ID on all routers
version 2 - Set RIP version
network x.x.x.x - Match interfaces participating in RIP process
silent-interface <Interface> - Interface will NOT participate in RIP, but will receive and process RIP routes,
only add info to RT, NOT forwarding out RIP updates
- Takes precedence over rip input & rip output
- By Default every interface match in the RIP network command, allow outbound & inbound RIP adv
undo rip output - Outbound RIP adv restricted, RIP update message will cease to be forwarded out
undo rip input - Inbound RIP adv restricted, any inbound RIP update messages will be discarded immediately
>display rip 2 ?
bfd - Bidirectional Forwarding Detection
database - Database information
graceful-restart - Graceful restart information
interface - Interface information
neighbor - Neighbour information
route - Route information
statistics - Statistical information
| - Matching output
<cr>
]interface <Interface>
ospf enable <Process _ID> area <Area_ID> - Enable OSPF per interface
ospf network-type ?
broadcast - Specify OSPF broadcast network
nbma - Specify OSPF NBMA network
p2mp - Specify OSPF point-to-multipoint network
p2p - Specify OSPF point-to-point networkf
>display ospf ?
INTEGER<1-65535> Process ID
abr-asbr Information of the OSPF ABR and ASBR
asbr-summary Information of aggregate addresses for OSPF(only for ASBR)
bfd Bidirectional forwarding detection
brief Brief information of OSPF processes
cumulative Statistics information
error Error information
global-statistics OSPF global statistics
graceful-restart Display GR information
interface Interface information
ldp-sync LDP-OSPF synchronization Information
lsdb Link state database
mesh-group Detail information for Mesh-Group
nexthop Nexthop information
peer A neighbor router
request-queue Link state request list
retrans-queue Link state retransmission list
routing OSPF route table
spf-statistics Statistics of SPF calculation
statistics Statistics information
vlink Virtual link information
- EBGP vs IBGP
> EBGP runs between ASs
> IBGP runs within an AS
>> To prevent routing loops within an AS, a BGP does not advertise the routes learned from an IBGP peer to the other IBGP peers & establishes full-mesh connections with all IBGP peers
>> To address the problem of too many IBGP connections between IBGP peers, BGP uses Route Reflector and BGP Confederation.
- BGP Router ID
> 32-bit value
> Often represented by an IPv4 address to identify a BGP device
> It is carried in the Open message sent during the establishment of a BGP session
> When 2 BGP peers need to establisd a BGP session, they each requiere a unique router ID. Otherwise, the two peers cannot establish a BGP session
- BGP Messages
> Open
>> Used to establish BGP peer relationships.
> Update
>> Used to exchange routes between BGP peers.
> Notification
>> Used to terminate BGP connections.
> Keepalive
>> Used to maintain BGP connections.
> Route-refresh
>> Used to request the peer to retransmit routes if routing policies are changed.
>> Only the BGP devices supporting route-refresh can send and respond to Route-refresh messages.
- DHCP
<Interface Pool mode>
]dhcp enable - system view] Enable the service DHCP
]interface <Interface>
ip address <IP> <Mask> - Without IP, can not be configure the following commands
dhcp select interface - Used the local interface pool
dhcp server dns-list <DNS_IP>
dhcp server excluded-ip-address <Excluded_IP> - The Gateway = ip address of interface, cannot be excluded
dhcp server lease day <X> - Defualt 1 day
]interface <Interface>
dhcp select global - Asociated the interface with a global DHCP pool
- FTP
]ftp server enable - Is required to enable FTP service
]set dafault ftp-directory <Location> - Must set default local directory
]aaa
local-user MURI password cipher CISCO
local-user MURI service-type ftp
local-user MURI ftp-directory <Location>
local-user MURI access-limit 200
local-user MURI idle-timeout 0 0
local-user MURI privilege level 3
<Connect to FTP server>
>ftp <IP_FTP_Server> - Credencials are request for FTP server (User/pass)
[ftp]get <FILE_NAME> - Retrieve the File for FTP to the device
- Example:
local-user ftp_user1 password irreversible-cipher cisco123
local-user ftp_user1 privilege level 15
local-user ftp_user1 ftp-directory flash:
local-user ftp_user1 service-type ftp
- Telnet
]user-interface vty 0 4
authentication-mode ?
aaa - AAA authentication
none - Login without checking
password - Authentication through the password of a user terminal interface
]user-interface vty 0 4
authentication-mode password
set authetication password cipher CISCO
<Manual L2 Eth-Trunk>
interface Eth-Trunk20 - Default a Eth-trunk is on L2 “portswitch”
#
interface GigabitEthernet0/0/1
eth-trunk 20
#
interface GigabitEthernet0/0/2
eth-trunk 20
<Manual L3 Eth-Trunk>
interface Eth-Trunk20
undo portswitch - Force Eth-trunk to L3 mode
ip address <IP> <Mask>
#
interface GigabitEthernet0/0/1
eth-trunk 20
#
interface GigabitEthernet0/0/2
eth-trunk 20
- VLAN
<Creating VLANs>
vlan INTEGER<1-4094>
<Examples VLAN creation>
vlan 10 - One VLAN creation
vlan batch 2 to 20 - Range VLAN creation
vlan batch 2 7 22 - Random VLAN creation
display vlan
display port vlan active
interface <interface>
port link-type access
port default vlan 10
interface g0/0/2
port link-type hybrid
port hybrid pvid vlan 4
<Ways to allow send traffic untag for different VLANs on port>
port hybrid untagged vlan 3 4 - Send untag traffic for VLANs 3 and 4, under this port
port hybrid untagged vlan 3 to 9
port hybrid untagged vlan all
port hybrid tagged vlan 3 4 - Define VLANs TAG that are carried over this port
port hybrid tagged vlan 3 to 9 - Hybrid port does not have ALLOW parameter like trunk port, with tagged parameter is sufficient
port hybrid tagged vlan all
<Voice VLAN>
]voice 30
]interface <Interface>
voice-vlan 2 enable
voice-vlan mode auto
<VLAN - CUIDADO>
display vlan summary - Validar la parte de “Reserved VLAN”, validar las VLANs que NO puedo utilizar
- VLANs reservadas no se pueden configurar, un cambio de las VLANs reservadas implica un reinicio del equipo
]interface <Interface>
port link-type trunk - Similar to VTP, GVRP operate only on trunk ports
port trunk allow-pass vlan all
gvrp - Enable GVRP on interface
gvrp registration ?
fixed - Registration type fixed // Deny Dynamic VLAN, allow send Static VLAN
forbidden - Registration type forbidden // Deny all, allow only VLAN1
normal - Registration type normal, default mode //Allow all (Static & Dynamic VLAN)
- VLAN Routing
1. Switch + Router (similar to Cisco router on stick)
<Switch>
- Port connect to router must be TRUNK
- Trunk port must allow VLANs received on the router
- VLAN must send TAGGED to the router
- Normal configuration must be set on the switch
<Router>
- Need subinterface
- Need define dot1q tagging on the subinterface and the VLAN ID. Allow send traffic TAGGED, and read/removed VID tag from incoming traffic
- Must be enable arp broadcast on the subinterface, defualt is not
- HDLC
interface serial x/x/x
link-protocol hdlc
ip address <IP> <Mask>
- PPP
interface serial x/x/x
link-protocol ppp
ip address <IP> <Mask>
<PAP Authentication>
R1 (s0/0)----------PPP----------(s0/1) R2
R1
aaa
local-user MURI password cipher CISCO - PAP/CHAP Credentials can be configured over aaa or interface mode
local-user MURI service-type ppp
interface s0/0
link-protocol ppp
ppp authentication-mode pap - Pass/user are send in clear text over the link
ip address <x.x.x.1> <30>
R2
interface serial 0/1
link-protocol ppp
ppp pap local-user MURI password cipher CISCO - PAP/CHAP Credentials can be configured over aaa or interface mode
ip address <x.x.x.2> <30>
<CHAP Authentication>
R1 (s0/0)----------PPP----------(s0/1) R2
R1
aaa
local-user MURI password cipher CISCO
local-user MURI service-type ppp
interface s0/0
link-protocol ppp
ppp authentication-mode chap
ip address <x.x.x.1> <30>
R2
interface serial 0/1
link-protocol ppp
ppp chap user MURI
ppp chap password cipher CISCO - Password is NOT send over the link
ip address <x.x.x.2> <30>
DTE
interface <Interface>
link-protocol fr
fr interface-type dte
ip address 10.0.0.1 24
fr inarp - Dynamic mapping InverseARP enable
<Manual option>
undo fr inarp - Static MAP configuration, disable InARP
fr map ip 10.0.0.2 100 <broadcast> - Manual mapping. If there is a manual entry, it has a presedence on inarp entry
- Broadcast is used when need to carried broadcast over PVC. Example I need dynamic protocolo ver the link
display fr pvc-info
display fr map-info
- PPPoE
R1-G0/1---------------------------------R2
PPPoE_Client PPPoE_Server
R1
interface g0/1
pppoe-client dial-buldle-number 1 on-demand
quit
ip route-static 0.0.0.0 0 dialer 1
- ACL
Type Ranges Parameters
Basic 2000-2999 Source IP
Advanced 3000-3999 Source & Destinaton IP, Protocol, Source & Destination Port
Layer 2 ACL 4000-4999 MAC address
<Basic ACL>
acl 2000
rule deny source 192.168.1.0 0.0.0.255
rule permit source 192.0.2.0 0.0.0.255
interface <Interface>
traffic-filter outbound acl 2000
<Advanced ACL>
acl 3000
rule deny tcp source 192.0.0.0 0.0.0.255 destination 172.0.0.0 0.0.0.255 destination-port eq 21
rule deny ip source 192.0.2.0 0.0.0.255 destination 172.0.2.2 0.0.0.0
interface <Interface>
traffic-filter inbound acl 3000
interface <interface>
nat outbound 2000 address-group 1 - More than one NAT statement can be configured
nat outbound 2002 address-group 2
- NAT
<Static NAT>
Pool: 200.0.0.5 - .10
<------Inside global----->
RED_LAN-----------------------------------------------G0/1 R1 G0/2--------------------Internet
Internal Server:10.0.0.22/24 10.0.0.1/24 200.0.0.1/24
R1
interface gi0/1
ip address 10.0.0.1 24
interface gi0/2
ip address 200.0.0.1 24
nat static global 200.0.0.5 inside 10.0.0.22 - Set public IP from pool static to 10.0.0.22
<Dynamic NAT>
R1
]nat address-group 1 200.0.0.1 200.0.0.10 - Pool public address
]acl 2000
rule 5 permit source 10.0.0.0 0.0.0.255 - Match interesting NAT traffic to traslate
quit
interface gi0/2
nat outbound 2000 address-group 1 no-pat - no-pat avoid Port Address Treanslation to be in used
interface gi0/2
nat outbound 2000
- 3G Network
< Configuring a 3G cellular interface >
interface cellular x/x/x
ip address ppp-negotiate
profile créate 1 static 3GNET
mode wcdma wcdma-precedence
quit
- IPsec
LAN1---------------R1 (G0/0)----------((IP Network))----------(G0/1) R2------------LAN2
10.0.0.0/24 .1 20.0.0.0/30 .2 30.0.0.0/24
]ipsec ?
policy - Config IPSec security policy
policy-template - Policy template
profile - Config IPSec security profile
proposal - Config IPSec security proposal
- GRE
LAN1---------------R1 (G0/0)----------((IP Network))----------(G0/1) R2------------LAN2
10.0.0.0/24 .1 20.0.0.0/30 .2 30.0.0.0/24
<GRE Config>
[R1]
Interface tunnel 0/0
ip addess 40.0.0.1 24
tunnel-protocol gre
source 20.0.0.1
destination 20.0.0.2
keepalive period <period> [retry-times <retry-times> ] -
quit
- Example:
<Definir NQA>
nqa test-instance ENLACE1 ICMP - Create NQA
test-type icmp
destination-address ipv4 172.30.254.33
frequency 10
probe-count 2
start now