Easy IP 方式的NAT
acl number 2000
rule 5 deny source 192.168.0.3 0
rule 6 permit source 192.168.0.0 0.0.0.255
quit
interface GigabitEthernet0/0/1
ip address 1.1.1.2 255.255.255.0
nat outbound 2000
quit
ip route-static 0.0.0.0 0.0.0.0 1.1.1.1
dis nat session all
三层链路聚合
interface Eth-Trunk1
undo portswitch
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
eth-trunk 1
子接口
interface Ethernet1/0/0.1
control-vid 1 dot1q-termination //标识终结子接口,终结类型为dot1q,V200R002C01及之后版本不支持该命令
dot1q termination vid 10
ip address 10.10.10.1 255.255.255.0
arp broadcast enable // 接口可以处理ARP广播报文,V200R003C01及之后版本缺省情况下已使能ARP广播功能
Eth-Trunk子接口
int Eth-Trunk 1
undo portswitch
quit
int Eth-Trunk 1.1
dot1q termination vid 10
quit
拨号上网
dialer-rule
dialer-rule 1 ip permit
#
acl 3002
rule 5 permit ip source 192.168.0.0 0.0.0.255
#
interface Dialer0
link-protocol ppp
ip address ppp-negotiate
ppp chap user client
ppp chap password cipher %@%@VGZIW’r|aGrQ”v8`<pEP$7uH%@%@
dialer user server
dialer bundle 1
dialer-group 1
nat outbound 3002
tcp adjust-mss 1200
#
interface Ethernet2/0/0
pppoe-client dial-bundle-number 1
#
ip route-static 0.0.0.0 0 Dialer0
display pppoe-client session summary
DNS Proxy
dns proxy enable
dns resolve
dns server 10.2.1.1
OSPF
router id 3.3.3.3
ospf
area 2
network 192.168.2.0 0.0.0.255
network 172.17.1.0 0.0.0.255
quit
quit
ospf
import-route static type 1
quit
ospf
area 1
stub
quit
quit
ospf
area 1
stub no-summary
quit
quit
ospf
area 1
nssa
quit
quit
选路
interface gigabitethernet 2/0/0
ospf cost 1000
quit
display current-configuration configuration ospf
display ospf peer
display ospf routing
display ospf lsdb
display ospf abr-asbr
display ospf error
display ospf interface g0/0/1
reset ospf process 在线业务慎用
BGP
bgp 100
router-id 1.1.1.1
peer 10.1.2.2 as-number 100
#
ipv4-family unicast
undo synchronization
network 10.1.1.0 24
peer 10.1.2.2 enable
#
display bgp routing-table
display bgp group
display bgp paths
display bgp bfd session
display bgp peer
ISIS
isis
network-entity
is-level level-1
preference 10
import isis level-2 into level-1
quit
interface g0/0/1
isis enable
isis circuit-level level-1
isis dis-priority 50
isis circuit-type p2p
isis timer hello 8
isis timer holding-multiplier 3 默认
display isis peer
display isis interface
display isis route
MPLS
静态lsp MPLS
mpls lsr-id 10.10.1.1
mpls
quit
interface gigabitethernet 1/0/0
mpls
PE1 ingress
static-lsp ingress LSP1 destination 10.10.1.4 32 nexthop 10.1.1.2 out-label 20
P
static-lsp transit LSP1 incoming-interface gigabitethernet 1/0/0 in-label 20 nexthop 10.2.1.2 out-label 40
PE2
static-lsp egress LSP1 incoming-interface gigabitethernet 1/0/0 in-label 40
ping lsp ip 10.10.1.4 32
display mpls static-lsp verbose
display mpsl lsp
BFD
bfd
quit
BFD单跳
bfd btoa bind peer-ip default-ip interface ethernet 2/0/0
discriminator local 2
discriminator remote 1
commit
quit
BFD多跳
bfd atob bind peer-ip 172.16.1.2
discriminator local 1
discriminator remote 2
min-rx-interval 50
min-tx-interval 50
commit
quit
BFD检测静态MPLS LSP
bfd
quit
bfd pe1tope2 bind static-lsp LSP1
discriminator local 1
discriminator remote 2
min-tx-interval 100
min-rx-interval 100
process-pst
commit
quit
display bfd session all verbose
VRRP
接口状态联动
vrrp vrid 1 track interface gigabitethernet 1/0/0 reduced 40
vrrp vrid 1 track bfd-session 1 reduced 40
vrrp vrid 1 track nqa user test reduced 40
dis vrrp statistics
NQA
nqa test-instance user vlan100
test-type icmp
destination-address ipv4 119.62.125.193
frequency 22
probe-count 5
fail-percent 80
start now
quit
display nqa results test-instance user test
SSH
rsa local-key-pair create
stelnet server enable
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh