一、视图切换命令
<Huawei> # 用户视图
system-view # 进入系统视图
[Huawei] sysname SW1 # 修改设备名
[SW1] quit # 返回上一级
[SW1] return # 直接返回用户视图
[SW1] interface GE 0/0/1 # 进入接口视图
[SW1] vlan 10 # 进入VLAN视图
[SW1] ospf 1 # 进入OSPF视图二、接口配置命令
2.1 以太网接口
[SW] interface GigabitEthernet 0/0/1 # 进入千兆口
[SW] interface XGigabitEthernet 0/0/1 # 进入万兆口
[SW] interface 40GE 0/0/1 # 进入40G口
[SW-GE0/0/1] undo shutdown # 开启接口
[SW-GE0/0/1] shutdown # 关闭接口
[SW-GE0/0/1] description To-Server-Room # 接口描述
[SW-GE0/0/1] speed 100 # 设置速率
[SW-GE0/0/1] duplex full # 全双工模式
[SW-GE0/0/1] negotiation auto # 自协商2.2 端口类型配置
# Access端口
[SW-GE0/0/1] port link-type access
[SW-GE0/0/1] port default vlan 10
# Trunk端口
[SW-GE0/0/1] port link-type trunk
[SW-GE0/0/1] port trunk allow-pass vlan 10 20 30
[SW-GE0/0/1] port trunk pvid vlan 1
# Hybrid端口
[SW-GE0/0/1] port link-type hybrid
[SW-GE0/0/1] port hybrid tagged vlan 20 30
[SW-GE0/0/1] port hybrid untagged vlan 10
# 批量配置Access端口
[SW] port-group group-member GE 0/0/1 to GE 0/0/10
[SW-port-group] port link-type access
[SW-port-group] port default vlan 102.3 链路聚合
[SW] interface Eth-Trunk 1
[SW-Eth-Trunk1] mode lacp-static # LACP模式
[SW-Eth-Trunk1] mode manual load-balance # 手动模式
[SW-Eth-Trunk1] port link-type trunk
[SW-Eth-Trunk1] port trunk allow-pass vlan all
[SW-Eth-Trunk1] max active-linknumber 2 # 最大活动链路数
[SW-Eth-Trunk1] load-balance src-dst-mac # 负载均衡方式
[SW] interface GE 0/0/1
[SW-GE0/0/1] eth-trunk 1
[SW] interface GE 0/0/2
[SW-GE0/0/2] eth-trunk 1三、VLAN配置命令
[SW] vlan batch 10 20 30 40 # 批量创建VLAN
[SW] vlan batch 100 to 200 # 创建连续VLAN
[SW] display vlan brief # 查看VLAN摘要
[SW] display vlan 10 # 查看指定VLAN
[SW] undo vlan 10 # 删除VLAN
# VLANIF接口(三层接口)
[SW] interface Vlanif 10
[SW-Vlanif10] ip address 192.168.10.1 24
[SW-Vlanif10] undo shutdown
# VLAN间路由(需开启三层转发)
[SW] vlan 10
[SW-vlan10] description Office-Network四、DHCP配置命令
[SW] dhcp enable # 全局开启DHCP
# 接口地址池模式
[SW-Vlanif10] dhcp select interface
[SW-Vlanif10] dhcp server lease day 3 hour 0 minute 0
[SW-Vlanif10] dhcp server dns-list 8.8.8.8 114.114.114.114
[SW-Vlanif10] dhcp server excluded-ip-address 192.168.10.1 192.168.10.20
[SW-Vlanif10] dhcp server domain-name rdal.site
# 全局地址池模式
[SW] ip pool pool-vlan20
[SW-ip-pool-pool-vlan20] network 192.168.20.0 mask 255.255.255.0
[SW-ip-pool-pool-vlan20] gateway-list 192.168.20.1
[SW-ip-pool-pool-vlan20] dns-list 8.8.8.8
[SW-ip-pool-pool-vlan20] lease day 7
[SW-ip-pool-pool-vlan20] quit
# DHCP Snooping(防DHCP欺骗)
[SW] dhcp snooping enable
[SW] interface GE 0/0/1
[SW-GE0/0/1] dhcp snooping trusted # 信任端口五、STP/MSTP配置命令
[SW] stp mode mstp # 设置MSTP模式
[SW] stp enable # 开启STP
[SW] stp priority 0 # 设置优先级(根桥)
[SW] stp root primary # 设为主根桥
[SW] stp root secondary # 设为备份根桥
[SW] stp cost 200 # 设置端口开销
# MSTP多实例
[SW] stp region-configuration
[SW-mst-region] region-name RDAL
[SW-mst-region] revision-level 1
[SW-mst-region] instance 1 vlan 10 20
[SW-mst-region] instance 2 vlan 30 40
[SW-mst-region] active region-configuration
[SW-mst-region] quit
# 端口快速收敛
[SW-GE0/0/1] stp edged-port enable # 边缘端口(不参与STP计算)
[SW-GE0/0/1] stp cost 20000 # 设置端口路径开销六、ACL配置命令
# 基本ACL(2000-2999)— 基于源IP过滤
[SW] acl number 2001
[SW-acl-basic-2001] rule 5 deny source 192.168.10.100 0
[SW-acl-basic-2001] rule 10 permit source 192.168.10.0 0.0.0.255
[SW-acl-basic-2001] rule 15 deny source any
[SW-acl-basic-2001] display acl 2001
# 高级ACL(3000-3999)— 基于五元组过滤
[SW] acl number 3001
[SW-acl-adv-3001] rule 5 deny tcp source 192.168.10.0 0.0.0.255 destination-port eq 23
[SW-acl-adv-3001] rule 10 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
[SW-acl-adv-3001] rule 15 deny ip source any destination any
# 二层ACL(4000-4999)— 基于源MAC过滤
[SW] acl number 4001
[SW-acl-l2-4001] rule 5 deny source-mac 00e0-fc00-0001 ffff-ffff-ffff
# 应用ACL到接口
[SW-GE0/0/1] packet-filter 3001 inbound
[SW-GE0/0/1] packet-filter 3001 outbound七、QoS配置命令
# 简单流分类
[SW] traffic classifier c1
[SW-classifier-c1] if-match acl 3001
# 流行为
[SW] traffic behavior b1
[SW-behavior-b1] car cir 10000 pir 20000 cbs 100000 pbs 200000 green pass red discard
# 流策略
[SW] traffic policy p1
[SW-trafficpolicy-p1] classifier c1 behavior b1
# 应用流策略
[SW] interface GE 0/0/1
[SW-GE0/0/1] traffic-policy p1 inbound
# 优先级信任
[SW-GE0/0/1] trust 8021p
[SW-GE0/0/1] trust dscp
# 队列调度
[SW] qos queue-scheduler wrr 0 1 2 3 weight 10 20 30 40八、PoE配置命令
[SW] poe power-allocation dynamic # 动态功率分配
[SW] poe max-power 370000 # 设置最大供电功率(毫瓦)
[SW] display poe power-interface # 查看PoE端口供电状态
# 接口级PoE配置
[SW-GE0/0/1] poe enable # 开启PoE供电
[SW-GE0/0/1] poe power 30000 # 设置端口最大功率(毫瓦)
[SW-GE0/0/1] poe priority 3 # 优先级(0-3,3最高)
[SW-GE0/0/1] undo poe enable # 关闭PoE
# PoE供电模式
[SW] poe force-power # 强制供电(兼容非标PD)九、路由配置命令
# 静态路由
[SW] ip route-static 0.0.0.0 0.0.0.0 192.168.1.254 # 默认路由
[SW] ip route-static 10.0.0.0 255.0.0.0 192.168.1.1 # 普通静态路由
[SW] ip route-static 172.16.0.0 24 NULL0 # 空接口路由(黑洞)
# 查看路由表
[SW] display ip routing-table
[SW] display ip routing-table protocol static
# OSPF路由
[SW] ospf 1 router-id 1.1.1.1
[SW-ospf-1] area 0
[SW-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[SW-ospf-1-area-0.0.0.0] network 10.0.0.0 0.0.0.255
[SW-ospf-1] quit
# VLAN间路由(三层交换机)
[SW] vlan batch 10 20
[SW] interface Vlanif 10
[SW-Vlanif10] ip address 192.168.10.1 24
[SW] interface Vlanif 20
[SW-Vlanif20] ip address 192.168.20.1 24十、安全配置命令
# 端口安全
[SW-GE0/0/1] port-security enable
[SW-GE0/0/1] port-security max-mac-num 2
[SW-GE0/0/1] port-security protect-action restrict # restrict/reject/shutdown
# MAC地址表操作
[SW] mac-address static 00e0-fc00-0001 GE 0/0/1 vlan 10
[SW] mac-address aging-time 300
[SW] display mac-address
# ARP安全
[SW] arp static 192.168.10.100 00e0-fc00-0001 GE 0/0/1 vlan 10
[SW] display arp
[SW] arp anti-attack entry-check enable # ARP防攻击
# 用户管理
[SW] aaa
[SW-aaa] local-user admin password cipher Admin@123
[SW-aaa] local-user admin privilege level 15
[SW-aaa] local-user admin service-type ssh telnet terminal http
# 登录超时设置
[SW] user-interface console 0
[SW-ui-console0] idle-timeout 5 0 # 5分钟超时
[SW] user-interface vty 0 4
[SW-ui-vty0-4] idle-timeout 10 0十一、监控与维护命令
# 系统信息
display version # 版本信息
display device # 设备硬件
display cpu-usage # CPU使用率
display memory-usage # 内存使用率
display temperature # 设备温度
display power # 电源状态
display fan # 风扇状态
# 接口信息
display interface brief # 接口摘要
display interface GE 0/0/1 # 接口详细信息
display ip interface brief # IP接口摘要
display link-aggregation summary # 链路聚合摘要
# 二层信息
display mac-address # MAC地址表
display mac-address aging-time # MAC老化时间
display stp brief # STP摘要
display vlan brief # VLAN摘要
# 三层信息
display ip routing-table # 路由表
display arp # ARP表
display icmp statistics # ICMP统计
# 协议信息
display ospf peer # OSPF邻居
display ospf routing # OSPF路由
display dhcp pool # DHCP地址池
display dhcp server statistics # DHCP统计
# 日志与调试
display logbuffer # 系统日志
display trapbuffer # 告警日志
terminal debugging # 开启调试
terminal monitor # 终端显示日志
info-center loghost 192.168.1.100 # 日志服务器
# 保存与恢复
save # 保存配置
display saved-configuration # 查看已保存配置
display current-configuration # 查看当前配置
compare configuration # 比较配置差异
reset saved-configuration # 恢复出厂(危险!)十二、常见故障处理
# 端口Down
display interface GE 0/0/1 # 查看端口状态
undo shutdown # 开启端口
# VLAN不通
display vlan 10 # 检查VLAN配置
display mac-address vlan 10 # 检查MAC学习
# STP环路
display stp brief # 查看STP状态
stp edged-port enable # 配置边缘端口
# DHCP故障
display dhcp pool # 检查地址池
display dhcp server statistics # 检查DHCP统计
display ip pool name pool-vlan20 used # 检查地址使用
# PoE故障
display poe power-interface # 查看PoE状态
poe force-power # 强制供电本手册涵盖了华为交换机日常运维中90%以上的配置命令,建议收藏备用。实际操作中请根据设备型号和VRP版本做适当调整。