Shulou(Shulou.com)06/01 Report--

This blog post is carried out through a large-scale experimental extension, so that friends can grasp the difference between Cisco devices and Huawei devices. The network principles involved in the blog article are the same as those of Cisco devices, but the commands are different!

1. Knowledge points of Huawei equipment

If you want to configure Huawei's network equipment, the following basic knowledge points must be mastered:

(1) Overview of link aggregation; (2) member interfaces; (3) link aggregation mode; (4) active and passive interfaces; (5) active and passive; (6) load balancing mode

These important knowledge points are described in detail below:

(1) Overview of link aggregation

Link aggregation (link aggregation) treats multiple physical interfaces as one logical interface to increase bandwidth and provide line redundancy. The bandwidth of link aggregation is theoretically equivalent to the sum of the bandwidth of physical interfaces, which is very suitable for enterprise core networks. at the same time, a member interface or link involved in the bundle is damaged, which does not affect the normal operation of the aggregation link and provides redundancy. The link aggregation protocol supported by Huawei devices is LACP (link aggregation control protocol). In Huawei equipment, a number of physical interfaces are bundled into logical interfaces, which are called Eth-Trunk interfaces. The standards related to link aggregation are defined by 802.3ad.

(2) member interface

When adding member interfaces to the Eth-Trunk, you need to be aware of the following issues:

1) each Eth-Trunk interface can contain up to 8 member interfaces

2) member interfaces cannot be configured with any features and static MAC addresses separately

3) when a member interface joins Eth-Trunk, it must be the default hybrid type interface (this type is the default interface type for Huawei devices)

4) Eth-Trunk interfaces cannot be nested, that is, member interfaces cannot be Eth-Trunk

5) only one Eth-Trunk interface can be added to an Ethernet interface. If you need to join other Eth-Trunk interfaces, you must first exit the original Eth-Trunk interface.

6) the member interface in an Eth-Trunk interface must be of the same type, that is, the FE port and the GE port cannot join the same Eth-Trunk interface.

7) Ethernet interfaces on different interface boards can be added to the same Eth-Trunk.

8) if the local device uses Eth-Trunk, the peer interface directly connected to the member interface must also be bundled as an Eth-Trunk interface so that the two sides can communicate properly.

9) when the rate of the member interface is inconsistent, the interface with low speed in use may become congested, resulting in packet loss.

10) when the member interface joins the Eth-Trunk, the MAC address is learned by Eth-Trunk, not by the member interface.

(3) Link aggregation mode

The link aggregation modes supported by Huawei network devices are manual load sharing mode and static LACP mode:

Manual load sharing mode: there is no participation of LACP protocol messages in this mode, and all configurations are done manually, such as adding multiple member interfaces. In this mode, all interfaces are in the forwarding state to realize the load sharing of the link. The load sharing methods it supports include destination MAC, source MAC, source MAC XOR destination MAC, source IP, destination IP, source IP XOR destination IP. The manual load pattern is usually used when the peer device does not support the LSCP protocol. Static LACP mode: this mode is that both ends of the line negotiate with LACP protocol to determine the link aggregation mode of active interface and inactive interface. In this mode, creating Eth-Trunk and joining Eth-Trunk member interface needs to be done manually, while determining active interface and inactive interface is negotiated by LACP protocol. Static LACP mode is also known as M: n mode. This method can realize the dual functions of link load sharing and redundant backup. In the link aggregation group, M links are active, forward data and load sharing, while the other N links are inactive and do not forward data. When there is a link failure in M links, the system automatically selects the highest priority replacement failure link from the N backup links and begins to forward data.

Note: the main difference between the static LACP mode and the manual load sharing mode is that the static LACP mode can have backup links, while in the manual load sharing mode, all member interfaces are in the forwarding state and share the load traffic unless the line fails.

(4) the interface that is active and responsible for forwarding data between the active interface and the inactive interface is called the active interface; the interface that is inactive and forbids forwarding data is called the inactive interface.

The upper and lower limits of the number of active interfaces can be configured in static LACP mode, and active and inactive interfaces generally do not require human intervention.

According to the working mode of the configuration, the roles are divided as follows:

Manual load sharing mode: normally, all interfaces are active interfaces unless they have a link failure. Static LACP mode: the interfaces corresponding to M links are active interfaces and are responsible for forwarding data, while the interfaces corresponding to N links are inactive interfaces and responsible for redundant backup. (5) active end and passive end

In static LACP mode, one end of the device at both ends of the aggregation group needs to be selected as the active end and the other end as the passive end. In general, the higher priority end of LACP is the active end, and the lower priority end of LACP is the passive end. If the priority is the same, then the active end of the segment with a small MAC address is usually selected. (the lower the priority value, the higher the priority.)

The purpose of distinguishing the active end from the passive end is to ensure that the active interfaces finally confirmed by the devices on both sides are consistent, otherwise both sides choose the active interfaces according to the respective interface priorities of the local end, and the active interfaces determined by the two sides are likely to be inconsistent. the aggregation link cannot be established. As shown in the figure:

SwitchA chooses the above two interfaces as the active interface, while SwitchB chooses the following two interfaces as the active interface. Because the priority of SwitchA is higher, both ends of the final active interface are subject to SwitchA, so the active end should be determined first, and the passive end should select the active interface according to the interface priority of the active side.

(6) load balancing mode

The main role of link aggregation is to increase bandwidth and redundancy, while the common practice is to share the load across multiple physical links.

Common load sharing patterns include:

Dst-ip (destination IP address) mode: select the 3bit value of the location from the destination IP address and the TCP/UDP port number of the outgoing port for XOR operation, and select the corresponding exit interface in the Eth-Trunk table according to the operation result. Dst-mac (destination MAC address) mode: XOR operations are performed from the destination MAC address, VLAN ID, Ethernet type and incoming port information, respectively, and the corresponding exit interface in the Eth-Trunk table is selected according to the calculation result. Src-ip (source IP address) mode: XOR operation is performed from the source IP address and the TCP/UDP port number of the incoming port, respectively, and the corresponding exit interface in the Eth-Trunk table is selected according to the operation result. Src-mac (source MAC address) mode: XOR operations are performed from the source MAC address, VLAN ID, Ethernet type and input port information, respectively, and the corresponding exit interface in the Eth-Trunk table is selected according to the operation result. Src-dst-ip (XOR between source IP address and destination IP address) mode: XOR operation is performed on the operation results of destination IP address and source IP address, and the corresponding exit interface in the Eth-Trunk table is selected according to the operation result. Src-dst-mac (XOR between source MAC address and destination MAC address) mode: XOR operation is performed on the destination MAC address, source MAC address, VLAN ID, Ethernet type and input port information respectively, and the corresponding exit interface in the Eth-Trunk table is selected according to the operation result. 2. Experimental extension

After mastering the principle, then we begin to explain the commands of Huawei equipment through a large-scale experimental topology. The experimental topology is as follows:

(1) Experimental requirements:

1) Link aggregation

S1 and S2 use link aggregation to form a logical link for link load sharing and backup. S1 is set as the LCAP active end, which requires the logical link to share the load based on the destination MAC mode.

2) routing between VALN and VLAN

Requires interworking between all VLAN clients and servers

3) OSPF and RIP parts

R2, R3, S1, S2 use OSPF;R3, R4, R5 to open RIP

4) Route redistribution

OSPF and RIP are required to fully send and communicate with each other.

5) NAT and access control

The host in the network segment of 192.168.20 is not allowed to access the Internet. The server is published to the Internet at the address of 202.106.0.200, and the Internet user PC1 can access the server through this address!

The following commands are involved in the topology diagram:

Link aggregation; vlan partitioning; router on one arm and layer 3 switching; dynamic routing configuration for OSPF and RIP; route redistribution; configuration of PAT and static NAT; basic ACL and advanced ACL configuration; (2) case implementation 1) pc, server self-configuration IP address 2) configure link aggregation

Huawei's link aggregation is mainly realized through LACP. When configuring, you need to specify priority, working mode, load balancing mode, and required member interfaces.

S1 is configured as follows:

System-view / / enter system view mode Enter system view, return user view with Ctrl+ Z. [Huawei] undo info enable / / turn off echo information Avoid disrupting Info: Information center is aggregation. [Huawei] sysname S1 / / configure device name S1 [S1] lacp priority 1000 / / set system LACP priority of S1 device [S1] interface Eth-Trunk 12 / / create link aggregation logical interface The name is Eth-Trunk12 [S1-Eth-Trunk12] mode lacp-static / / configure static LACP mode [S1-Eth-Trunk12] load-balance dst-mac / / configure the load balancing mode as the target MAC address [S1-Eth-Trunk12] trunkport GigabitEthernet 0UniMax 2 / / add member interface G0/0/2Info: This operation may take a few seconds. Please wait for a moment...done. [S1-Eth-Trunk12] trunkport GigabitEthernet 0Accord 0 / / add member interface G0/0/3Info: This operation may take a few seconds. Please wait for a moment...done. [S1-Eth-Trunk12] quit / / returns system view mode

Note: the lower the LACP priority value, the higher the priority. By default, the value of the system LACP priority is 32768. Select the lower LACP priority of the system as the active end, and if the LACP priority value is the same, select the lower MAC address as the active end.

S2 is configured as follows:

System-view [Huawei] undo info enable Info: Information center is disabled.[Huawei] sysname S2[S2] interface Eth-Trunk12 [S2-Eth-Trunk12] mode lacp-static [S2-Eth-Trunk12] trunkport GigabitEthernet 0/0/2Info: This operation may take a few seconds. Please wait for a moment...done. [S2-Eth-Trunk12] trunkport GigabitEthernet 0/0/3Info: This operation may take a few seconds. Please wait for a moment...done. [S2-Eth-Trunk12] quit// since the configuration commands are similar to S1 devices, there is no more explanation here. 3) configure inter-VLAN routing

Routing between VLAN is mainly achieved through S1 and S2, and it is important to note that even if the interfaces on S1 and S2 are in trunk mode, you need to create a corresponding VLAN, because when the switch receives a packet from a VLAN, if it does not change the VLAN itself, it will discard the packet.

S1 is configured as follows:

[S1] vlan batch 10 to 13 / / create VLAN10~VLAN13Info: This operation may take a few seconds. Please wait for a moment. [S1] interface Eth-Trunk12 / / enter the link aggregation interface [S1-Eth-Trunk12] port link-type trunk / / configure the link aggregation interface mode is trunk [S1-Eth-Trunk12] port trunk allow-pass vlan all / / trunk links allow all VLAN to pass through [S1-GigabitEthernet0/0/4] int g0Universe 4 [S1-GigabitEthernet0/0/ 5] port link-type trunk / / Link aggregation mode is trunk [S1-GigabitEthernet0/0/5] port trunk allow-pass vlan all / / allows all VLAN to pass through [S1-GigabitEthernet0/0/4] int g0and0Accord 5 [S1-GigabitEthernet0/0/5] port link-type trunk [S1-GigabitEthernet0/0/5] port trunk allow-pass vlan all [S1-GigabitEthernet0/0/5] int vlan 10 / / enter VLAN10 [S1-Vlanif10] ip add 192.168.10.1 24 / / set IP address [S1-Vlanif10] int vlan 11 [S1-Vlanif11] ip add 192.168.11.1 24 [S1-Vlanif11] quit

Note: the Trunk channel of Huawei devices does not allow all VLAN except VLAN1 by default, while Cisco devices allow all VLAN to pass by default. Therefore, when configuring Huawei devices, after the basic Trunk configuration is completed, be sure to add the command to allow the relevant VLAN to pass through the Trunk.

S2 is configured as follows:

[S2] vlan batch 10 to 13Info: This operation may take a few seconds. Please wait for a moment...done.[S2] interface eth-trunk 12 [S2-Eth-Trunk12] port link-type trunk [S2-Eth-Trunk12] port trunk allow-pass vlan all [S2-Eth-Trunk12] interface g0/0/4 [S2-GigabitEthernet0/0/4] port link-type trunk [S2-GigabitEthernet0/0/4] port trunk allow-pass vlan all [S2-GigabitEthernet0/0/4] interface g0/0/5 [S2-GigabitEthernet0/0/5] port link-type trunk [S2-GigabitEthernet0 ] port trunk allow-pass vlan all [S2-GigabitEthernet0/0/5] int vlan 12 [S2-Vlanif12] ip add 192.168.12.1 24 [S2-Vlanif12] int vlan 13 [S2-Vlanif13] ip add 192.168.13.1 24 [S2-Vlanif13] quit// is basically consistent with S1 command There are no more explanations here!

The configuration of SW1 is as follows:

System-view Enter system view Return user view with Ctrl+ Z.[ Huawei] undo info enable Info: Information center is principled.[ Huawei] sysname SW1 [SW1] vlan10 [sw1-vlan10] interface g0and0 sw1-GigabitEthernet0/0/1 1 [sw1-GigabitEthernet0/0/1] port link-type trunk [sw1-GigabitEthernet0/0/1] port trunk allow-pass vlan all [sw1-GigabitEthernet0/0/1] int G0UniUniUni2 [sw1-GigabitEthernet0/0/2] port link-type access / / configure port mode is Access [sw1-GigabitEthernet0/0/2] port default vlan 10 / / Interface join VLAN 10 [sw1-GigabitEthernet0/0/2] quit

The configuration of SW2 is as follows:

System-view Enter system view, return user view with Ctrl+ Z.[Huawei] undo info enable Info: Information center is disabled.[Huawei] sysname sw2 [sw2] vlan11 [sw2-vlan11] interface g0/0/1 [sw2-GigabitEthernet0/0/1] port link-type trunk [sw2-GigabitEthernet0/0/1] port trunk allow-pass vlan all [sw2-GigabitEthernet0/0/1] int g0/0/2 [sw2-GigabitEthernet0/0/2] port link-type access [sw2-GigabitEthernet0/0/2] port default vlan11 [sw2-GigabitEthernet0/0/2] quit

The configuration of SW3 is as follows:

System-view Enter system view, return user view with Ctrl+ Z.[Huawei] undo info enable Info: Information center is disabled.[Huawei] sysname sw3[sw3] vlan12 [sw3-vlan12] interface g0/0/1 [sw3-GigabitEthernet0/0/1] port link-type trunk [sw3-GigabitEthernet0/0/1] port trunk allow-pass vlan all [sw3-GigabitEthernet0/0/1] interface g0/0/2 [sw3-GigabitEthernet0/0/2] port link-type access [sw3-GigabitEthernet0/0/2] port default vlan12 [sw3-GigabitEthernet0/0/2] quit

The configuration of SW4 is as follows:

System-view Enter system view Return user view with Ctrl+ Z.[ Huawei] undo info enable Info: Information center is routing. [Huawei] sysname SW4 [SW4] vlan13 [sw4-vlan13] interface g0x0xx 1 [sw4-GigabitEthernet0/0/1] port link-type trunk [sw4-GigabitEthernet0/0/1] port trunk allow-pass vlan all [sw4-GigabitEthernet0/0/1] interface g0xantha 2 [sw4-GigabitEthernet0/0/2] port link-type access [sw4-GigabitEthernet0/0/2] port default vlan13 [sw4-GigabitEthernet0/0/2] quit4) configuration one-arm routing

Huawei's one-arm routing is almost no different from Cisco. There are two main configurations, one is the Trunk configuration between the switch and the router, and the other is the router subinterface configuration and the associated VLAN.

The configuration of R4 is as follows:

System-view Enter system view Return user view with Ctrl+ Z.[ Huawei] undo info enable Info: Information center is R4-GigabitEthernet0/0/0. [Huawei] sysname R4 [R4] int g0 ip add 0 [R4-GigabitEthernet0/0/0] ip add 192.168.101.2 24 [R4-GigabitEthernet0/0/0] int g0G0 Universe 1.1 / enter subinterface [R4-GigabitEthernet0/0/1.1] ip add 192.168.20.1 24 / / subinterface configuration IP address [ R4-GigabitEthernet0/0/1.1] dot1q termination vid 20 / / associate the subinterface with vlan 20 [R4-GigabitEthernet0/0/1.1] arp broadcast enable / / the subinterface turns on ARP broadcast [R4-GigabitEthernet0/0/1.1] int g0x0x1.2 [R4-GigabitEthernet0/0/1.2] ip add 192.168.21.1 24 [R4-GigabitEthernet0/0/1.2] dot1q termination vid 21 [R4-GigabitEthernet0/0/] 1.2] arp broadcast enable [R4-GigabitEthernet0/0/1.2] int g0/0/2 [R4-GigabitEthernet0/0/2] ip add 192.168.102.1 24 [R4-GigabitEthernet0/0/2] quit

The configuration of SW5 is as follows:

System-view Enter system view Return user view with Ctrl+ Z.[ Huawei] undo info enable Info: Information center is sw5-vlan21. [Huawei] sysname SW5 [SW5] vlan20 [sw5-vlan20] vlan21 / / VLAN can also create one by one [sw5-vlan21] int g0max 0Unimax 1 [sw5-GigabitEthernet0/0/1] port link-type trunk [sw5-GigabitEthernet0/0/1] port trunk allow-pass vlan all [sw5-GigabitEthernet0/0/2] int G0. / 0port default vlan 2 [sw5-GigabitEthernet0/0/3] port link-type access [sw5-GigabitEthernet0/0/3] port default vlan 20 [sw5-GigabitEthernet0/0/2] int g0gamma 0 [sw5-GigabitEthernet0/0/3] port link-type access [sw5-GigabitEthernet0/0/3] port default vlan 215) configure OSPF and RIP

Huawei's RIP configuration is almost the same as the Cisco command, so just change no to undo. Unlike Cisco, when configuring OSPF, it is not a network command that declares both a network and an area, but a submode under an area that declares the corresponding network.

S1 is configured as follows:

[S1] vlan50 [S1-vlan50] int g0x0x0and1 [S1-GigabitEthernet0/0/1] port link-type access [S1-GigabitEthernet0/0/1] port default vlan50 / / physical interface join VLAN [S1-GigabitEthernet0/0/1] int vlan50 [S1-Vlanif50] ip add 192.168.50.10 24 [S1-Vlanif50] ospf 1 / / enter OSPF process [S1-ospf-1] area 0 / / enter region 0 [S1-ospf-1-area-0.0.0.0] network 0.0.0.0 255.255.255.255 / / for simplicity Declare all network segments [S1-ospf-1-area-0.0.0.0] quit

Note: when configuring OSPF, if you want to specify router-id, you can append router-id when entering process mode, such as [S1] ospf 1 router-id 1.1.1.1. In addition, the layer 2 interface of Huawei layer 3 switch is not directly upgraded to layer 3 interface, similar to the no switchport command under Cisco. So when doing VLAN or directly connecting with the router, you can only configure the VLAN virtual interface, and the physical interface can be bound to VLAN!

S2 is configured as follows:

[S2] vlan60 [S2-vlan60] int g0/0/1 [S2-GigabitEthernet0/0/1] port link-type access [S2-GigabitEthernet0/0/1] port default vlan60 [S2-GigabitEthernet0/0/1] int vlan60 [S2-Vlanif60] ip add 192.168.60.10 24 [S2-Vlanif60] ospf 1 [S2-ospf-1] area 0 [S2-ospf-1-area-0.0.0.0] network 0.0.0.0 255.255.255.255

R2 is configured as follows:

System-view Enter system view Return user view with Ctrl+ Z.[Huawei] undo info enable Info: Information center is disabled.[Huawei] sysname R2[R2] int g4/0/0 [R2-GigabitEthernet4/0/0] ip add 202.106.0.10 24 [R2-GigabitEthernet4/0/0] int g0/0/1 [R2-GigabitEthernet0/0/1] ip add 192.168.50.1 24 [R2-GigabitEthernet0/0/1] int g0/0/2 [R2-GigabitEthernet0/0/2] ip add 192.168.60.1 24 [R2-GigabitEthernet0/0/2] int g0/0/0 [R2-GigabitEthernet0/0/0] ip add 192.168.100.1 24 [R2-GigabitEthernet0/0/0] ospf 1 [R2-ospf-1] area 0 [R2-ospf-1-area-0.0.0.0] netw [R2-ospf-1-area-0.0.0.0] network 192.168.50.0 0.0.0.255 [R2-ospf-1-area-0.0.0 .0] network 192.168.60.0 0.0.0.255 [R2-ospf-1-area-0.0.0.0] network 192.168.100.0 0.0.0.255 / / Note that OSPF cannot declare all network segments. Otherwise, the communication between the external network and the internal network of the experiment will be meaningless! [R2-ospf-1-area-0.0.0.0] quit

The configuration of R3 is as follows:

System-view Enter system view Return user view with Ctrl+ Z.[Huawei] undo info enableInfo: Information center is disabled.[Huawei] sysname R3[R3] int g0/0/0 [R3-GigabitEthernet0/0/0] ip add 192.168.100.2 24 [R3-GigabitEthernet0/0/0] int g0/0/1 [R3-GigabitEthernet0/0/1] ip add 192.168.101.1 24 [R3-GigabitEthernet0/0/1] ospf 1 [R3-ospf-1] area 0 [R3-ospf-1-area-0.0.0. 0] network 192.168.100.0 0.0.0.255 [R3-ospf-1-area-0.0.0.0] rip / / enter RIP process mode The default process ID is 1 [R3-rip-1] version 2 / / specify RIP version [R3-rip-1] undo summary / / turn off automatic summarization of RIP [R3-rip-1] network 192.168.101.0 / / declare the network segment [R3-rip-1] quit

Note: when you configure RIP in Cisco's IOS, you can declare the network through the standard class, or you can declare it based on the actual network. For example: 10.1.1.1 Compact 24, then both the command 10.1.1.0 and the command 10.0.0.0 are fine when declaring, but Cisco corrects it to 10.0.0.0 (which is the standard declaration method). In Huawei devices, RIP networks can only be declared in a standard way. That is, it is declared according to the mask of the main class!

The configuration of R4 is as follows:

[R4] rip [R4-rip-1] version 2 [R4-rip-1] undo summary [R4-rip-1] network 192.168.101.0 [R4-rip-1] network 192.168.20.0 [R4-rip-1] network 192.168.21.0 [R4-rip-1] network 192.168.102.0

The configuration of R5 is as follows:

System-view Enter system view Return user view with Ctrl+ Z.[Huawei] undo info enable Info: Information center is disabled.[Huawei] sysname R5[R5] int g0/0/0 [R5-GigabitEthernet0/0/0] ip add 192.168.102.2 2 [R5-GigabitEthernet0/0/0] int g0/0/1 [R5-GigabitEthernet0/0/1] ip add 10.0.0.1 24 [R5-GigabitEthernet0/0/1] rip [R5-rip-1] version 2 [R5-rip-1] undo summary [R5-rip-1 ] network 192.168.102.0 [R5-rip-1] network 10.0.0.06) configure route redistribution

The routing retransmission of Huawei equipment is achieved through the import-route command. No matter what protocol is imported, you have to go to the process ID number. Just like Cisco, if you import A protocol into B protocol, you must first enter the B routing process and execute the command to import A, and vice versa!

The configuration of R3 is as follows:

[R3] ospf 1 [R3-ospf-1] import-route rip 1 / / enter the OSPF process to announce the RIP process [R3-ospf-1] [R3-rip-1] import-route ospf 1 / / enter the RIP to announce the OSPF process [R3-rip-1] quit

R2 is configured as follows:

[R2] ip route-static 0.0.0.0 0.0.0 202.106.0.1 in the real environment, the server connected to the external network must be a default route [R2] ospf 1 [R2-ospf-1] default-route-advertise// declares a default route (if there is a default route) 7) configure NAT and access control

Huawei's NAT translation is directly configured in the external interface mode, and the internal traffic to be translated is grabbed by ACL, while the translated internal global address is realized by configuring the NAT group.

R2 is configured as follows:

[R2] nat address-group 1 202.106.0.100 202.106.0.100 / define NAT group (pool) [R2] acl 2000 / / write acl rule [R2-acl-basic-2000] rule 0 permit source 192.168.50.0 0.0.25 [R2-acl-basic-2000] 10 permit source 192.168.60.0 0.0.0.255 [R2- Acl-basic-2000] rule 20 permit source 192.168.10.0 0.0.0.255 [R2-acl-basic-2000] rule 30 permit source 192.168.11.0 0.0.255 [R2-acl-basic-2000] rule 40 permit source 192.168.12.0 0.0.255 [R2-acl-basic-2000] rule 50 permit source 192.168.13.0 0.0.0.255max / allow source address access Of course, you can do route summary and write less! [R2-acl-basic-2000] int g4inside 0 [R2-GigabitEthernet4/0/0] nat outbound 2000 address-group 1 PAT, map the addresses allowed by acl to the address pool [R2-GigabitEthernet4/0/0] nat server global 202.106.0.200 inside 10.0.0.10 Universe, one to one! [R2-GigabitEthernet4/0/0] quit[ R2] acl 3000 [R2-acl-adv-3000] rule 0 deny ip source 192.168.20.0 0.0.255 [R2-acl-adv-3000] rule 10 deny ip source 192.168.21.0 0.0.255 destination 20.0.0.0 0.0.255 destination eq80// defines the acl with the number 3000 and rejects the source address You can add the destination address and port [R2-acl-adv-3000] int g4 acl 0 [R2-GigabitEthernet4/0/0] traffic-filter inbound acl 3000 no. / acl with the interface application number 3000

Note: Huawei's ACL is similar to Cisco, divided into basic and advanced, similar to Cisco standards and extensions. The basic number is 2000 "2999, and the advanced number is 3000" 3999. The number after rule indicates the order in which the ACL rule takes effect!

R1 is configured as follows:

System-view Enter system view, return user view with Ctrl+ Z.[ Huawei] undo info enable Info: Information center is R1-GigabitEthernet0/0/0. [Huawei] sysname R1 [R1] int g0and0 [R1-GigabitEthernet0/0/0] ip add 202.106.0.124 [R1-GigabitEthernet0/0/0] int g0and0and1 [R1-GigabitEthernet0/0/1] ip add 20.0.0.1 24max / Note, R1 can only be configured with an IP address!

After the configuration is complete, you can verify it by yourself. this blog post is just to show the commands as much as possible!

3. Commonly used troubleshooting command [S1] display current-configuration / / View all configurations of the current device [S1] display ip routing-table / / View routing table [S1] display vlan / / View vlan information [S1] display ip interface brief / / View Interface status [S1] display current-configuration interface vlan 10 / View the current configuration of an interface Set information [S1] display nat session all / / View NAT translation entry [S1] display ospf peer brief / / View OSPF neighbor information [S1] display acl all / / View ACL information [S1] display eth-trunk 12 / / View link aggregation information

-this is the end of this article. Thank you for reading-

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.