Scribd Logo
Upload

Welcome to Scribd!

  • 44 views

    Configuracion Cpe - Huawei VS 1.1

    Uploaded by

    Yosimar Enoki Rojas
    This document contains configurations for quality of service (QoS), access lists, routing, and interfaces for a network device. It defines three access lists to classify traffic by source IP address. It also sets up QoS policies for the local area network (LAN) interface and wide area network (WAN) interface, including traffic classifiers, behaviors, and policies for multiple classes of service. Border Gateway Protocol (BGP) is configured for routing between the device and neighboring routers.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd

    Configuracion Cpe - Huawei VS 1.1

    Uploaded by

    Yosimar Enoki Rojas
    44 views18 pages
    This document contains configurations for quality of service (QoS), access lists, routing, and interfaces for a network device. It defines three access lists to classify traffic by source IP address. It also sets up QoS policies for the local area network (LAN) interface and wide area network (WAN) interface, including traffic classifiers, behaviors, and policies for multiple classes of service. Border Gateway Protocol (BGP) is configured for routing between the device and neighboring routers.

    Original Title

    CONFIGURACION CPE - HUAWEI VS 1.1

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document contains configurations for quality of service (QoS), access lists, routing, and interfaces for a network device. It defines three access lists to classify traffic by source IP address. It also sets up QoS policies for the local area network (LAN) interface and wide area network (WAN) interface, including traffic classifiers, behaviors, and policies for multiple classes of service. Border Gateway Protocol (BGP) is configured for routing between the device and neighboring routers.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Download as xlsx, pdf, or txt
    44 views18 pages

    Configuracion Cpe - Huawei VS 1.1

    Uploaded by

    Yosimar Enoki Rojas
    This document contains configurations for quality of service (QoS), access lists, routing, and interfaces for a network device. It defines three access lists to classify traffic by source IP address. It also sets up QoS policies for the local area network (LAN) interface and wide area network (WAN) interface, including traffic classifiers, behaviors, and policies for multiple classes of service. Border Gateway Protocol (BGP) is configured for routing between the device and neighboring routers.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Download as xlsx, pdf, or txt
    of 18

    INGRESAR BW ACCESS-LIST RED WILCARD

    COS3 0 3003 192.168.3.0 0.0.0.255


    COS2 3 3072 3002 192.168.101.0 0.0.0.255
    COS1 0 3001 192.168.1.0 0.0.0.255
    BWT 3 3072

    INTERFACE LAN
    INTERFACE WAN
    VLAN

    CONFIGURACION ACCES LIST

    acl number 3001


    rule 0 permit ip source 192.168.1.0 0.0.0.255 // source en blanco: es any por defecto

    acl number 3002


    rule 0 permit ip source 192.168.101.0 0.0.0.255 // source en blanco: es any por defecto

    acl number 3003


    rule 0 permit ip source 192.168.3.0 0.0.0.255 // source en blanco: es any por defecto

    CONFIGURACION QOS LAN CONFIGURACION QOS WAN

    // 1. TRAFFIC CLASSIFIER // 1. TRAFFIC CLASSIFIER


    # #
    traffic classifier P1 operator or traffic classifier cs1 operator or
    if-match acl 3001 if-match dscp cs1
    if-match dscp cs1
    traffic classifier cs2 operator or
    traffic classifier P2 operator or if-match dscp cs2
    if-match dscp cs2
    if-match acl 3002 traffic classifier cs5 operator or
    if-match dscp cs5
    traffic classifier P3 operator or
    if-match dscp cs5 #
    if-match acl 3003
    // 2. TRAFFIC BEHAVIOR

    // 2. TRAFFIC BEHAVIOR #
    traffic behavior cs1
    traffic behavior P1 queue af bandwidth 0
    remark dscp cs1 statistic enable
    statistic enable
    traffic behavior cs2
    traffic behavior P2 queue af bandwidth 3072
    remark dscp cs2 car cir 3072 pir 3072 cbs 576000
    statistic enable statistic enable

    traffic behavior P3 traffic behavior cs5


    remark dscp cs5 car cir 0 pir 0 cbs 0 pbs 0 green
    statistic enable queue ef bandwidth 0
    statistic enable
    traffic behavior default
    remark dscp cs1 // 3. POLITICA DE TRÁFICO

    // 3. POLITICA DE TRÁFICO traffic policy wan


    classifier cs1 behavior cs1
    traffic policy SetDscpLan classifier cs2 behavior cs2
    classifier P1 behavior P1 classifier cs5 behavior cs5
    classifier P2 behavior P2
    classifier P3 behavior P3 // 4. Traffic Shapping
    classifier default-class behavior default
    traffic behavior Shape3072
    // 4. APLICACIÓN DE LA POLITICA EN LAINTERFACE LAN gts cir 3072 cbs 76800 queue-le
    interface GigabitEthernet0/0/1 traffic policy wan
    description <IDE XXXXXX - SERVICIO - CLIENTE> statistic enable
    ip address 192.168.101.1 255.255.255.0
    set flow-stat interval 10 traffic policy Shape3072
    traffic-policy SetDscpLan inbound 51200 classifier default-class behavio
    statistic enable inbound
    statistic enable outbound
    // 4. APLICACIÓN DE LA POLI
    256000 interface GigabitEthernet0/0/
    description <IDE XXXXXX - SE
    interface Vlanif1 set flow-stat interval 10
    description <IDE XXXXXX - SERVICIO - CLIENTE> combo-port fiber
    ip address 192.168.101.1 255.255.255.0 negotiation auto
    set flow-stat interval 10 interface GigabitEthernet0/0
    traffic-policy SetDscpLan inbound description <IDE XXXXXX - SE
    statistic enable inbound set flow-stat interval 10
    statistic enable outbound dot1q termination vid x
    ip address 10.10.94.98 255.2
    traffic-policy Shape3072 ou
    statistic enable inbound
    statistic enable outbound
    192.168.101.0/24
    0.2 interface LoopBack0
    0.1 ROUTER description IP de Gestion
    ip address 10.232.45.110 255
    #

    ip route-static 0.0.0.0 0.0.0.0


    CIR PIR CBS EBS
    0 0 0 0
    3072 3072 576000 1152000
    0

    NFIGURACION QOS WAN

    1. TRAFFIC CLASSIFIER

    ffic classifier cs1 operator or


    match dscp cs1

    ffic classifier cs2 operator or


    match dscp cs2

    ffic classifier cs5 operator or traffic classifier cs5_VRF100 operator or


    match dscp cs5 if-match dscp cs5

    2. TRAFFIC BEHAVIOR

    ffic behavior cs1


    eue af bandwidth 0
    ffic behavior cs2
    eue af bandwidth 3072
    ar cir 3072 pir 3072 cbs 576000 pbs 1152000 green pass yellow pass remark-dscp cs1 red pass remark-dscp 8

    ffic behavior cs5 traffic behavior cs5_VRF100


    ar cir 0 pir 0 cbs 0 pbs 0 green pass yellow discard red disca car cir 2048 pir 2048 cbs 384000 pbs 768000
    ueue ef bandwidth 0 queue ef bandwidth 2048
    statistic enable

    3. POLITICA DE TRÁFICO

    ffic policy wan traffic policy wan_VRF100


    ssifier cs1 behavior cs1
    ssifier cs2 behavior cs2
    ssifier cs5 behavior cs5 classifier cs5 behavior cs5

    4. Traffic Shapping

    ffic behavior Shape3072 traffic behavior Shape2048_VRF100


    s cir 3072 cbs 76800 queue-length 100 gts cir 2048 cbs 51200 queue-length 100
    affic policy wan traffic policy wan_VRF100
    statistic enable

    affic policy Shape3072 traffic


    ssifier default-class behavior Shape3072

    4. APLICACIÓN DE LA POLITICA EN LAINTERFACE LAN


    erface GigabitEthernet0/0/0
    escription <IDE XXXXXX - SERVICIO - CLIENTE>
    et flow-stat interval 10
    ombo-port fiber
    negotiation auto
    terface GigabitEthernet0/0/0.x
    description <IDE XXXXXX - SERVICIO - CLIENTE>
    et flow-stat interval 10
    dot1q termination vid x
    p address 10.10.94.98 255.255.255.252
    raffic-policy Shape3072 outbound
    atistic enable inbound
    atistic enable outbound
    erface LoopBack0
    escription IP de Gestion
    address 10.232.45.110 255.255.255.255

    route-static 0.0.0.0 0.0.0.0 10.14.1.241


    ACCESS-LIST

    acl number 2500


    rule 0 permit source 192.168.1.0 0.0.0.255
    rule 1 permit source 192.168.2.0 0.0.0.255
    rule 2 permit source 192.168.3.0 0.0.0.255
    acl number 2501
    rule 0 permit source 190.119.242.168 0.0.0.7

    ENRUTAMIENTO

    bgp 64516 bgp 64516


    router-id 10.234.128.75 router-id 10.234.128.75
    peer 10.17.1.125 as-number 12252 group WAN_CLIENTE external
    peer 10.17.1.125 password simple T3rm03nc0g1bL3 peer WAN_CLIENTE as-number 12252
    # peer WAN_CLIENTE timer keepalive 10 hold 30
    ipv4-family unicast peer WAN_CLIENTE timer connect-retry 1
    undo synchronization peer WAN_CLIENTE password simple T3rm03nc0g1bL3$
    peer 10.17.1.125 as-number 12252
    peer 10.17.1.125 enable peer10.17.1.125 group WAN_CLIENTE
    # peer 10.17.1.125 description Enlace RPV WAN_CLIENTE
    ipv4-family vpn-instance VRF01 #
    network 10.10.10.0 255.255.255.0 ipv4-family unicast
    peer 10.10.94.101 as-number 12252 undo synchronization
    peer 10.10.94.101 password simple 4M0VP0P network 10.234.128.75 255.255.255.255
    #
    ipv4-family vpn-instance VRF02 peer WAN_CLIENTE enable
    network 10.10.10.0 255.255.255.0 peer 10.17.1.125 enable
    peer 10.10.94.89 as-number 12252 peer 10.17.1.125 group WAN_CLIENTE
    peer 10.10.94.89 password simple 4M0VP0P #
    # ipv4-family vpn-instance VRF02
    route-policy test1 permit node 0 network 10.10.10.0 255.255.255.0
    if-match acl 2500 peer 10.10.94.89 as-number 12252
    apply community 12252:200 peer 10.10.94.89 password simple 4M0VP0P
    # peer WAN_CLIENTE2 enable
    route-policy test2 permit node 0 group WAN_CLIENTE2 external
    if-match acl 2501 peer 10.10.94.89 group WAN_CLIENTE2
    apply community 12252:1200

    // DHCP

    Habilitamos dhcp
    [huawei]dhcp enable

    [huawei]vlan 100
    [huawei]interface GigabitEthernet 0/0/0
    [huawei-GigabitEthernet0/0/0]port link-type access
    [huawei-GigabitEthernet0/0/0]port default vlan 100

    [huawei]interface Vlanif100
    [huawei-Vlanif100]ip address 10.10.10.1 255.255.255.0
    [huawei-Vlanif100]dhcp select global

    [huawei]ip pool vlan100


    [huawei-ip-pool-vlan100]network 10.10.10.0 mask 255.255.255.0
    [huawei-ip-pool-vlan100]excluded-ip-address 10.10.10.1 10.10.10.33
    [huawei-ip-pool-vlan100]lease day 0 hour 1 minute 0
    [huawei-ip-pool-vlan100]dns-list 8.8.8.8
    [huawei-ip-pool-vlan100]domain-name huawei.com

    Creación de access-list

    [hostname]acl number acl-number


    [hostname-acl-adv-acl-number]rule [ rule-id ] permit ip source { source-address source-wildcard | any }

    Creación de subinterfaces y loopbacks:

    [hostname]interface GigabitEthernet0/0/0.x
    [hostname-GigabitEthernet0/0/0.x]description <IDE XXXXXX - SERVICIO - CLIENTE>
    [hostname-GigabitEthernet0/0/0.x]set flow-stat interval 10

    [hostname-GigabitEthernet0/0/0.x]dot1q termination vid x


    [hostname]interface LoopBack x
    [hostname-LoopBackx]ip address IP_ADDR<X.X.X.X> INTEGER<0-32>

    ENRUTAMIENTO BGP

    [hostname]bgp INTEGER<1-4294967295>
    [hostname-bgp]router-id IP_ADDR<X.X.X.X>
    [hostname-bgp]peer IP_ADDR<X.X.X.X> as-number xx
    [hostname-bgp]peer IP_ADDR<X.X.X.X> password simple “password”

    [hostname-bgp]ipv4-family unicast
    [hostname-bgp-af-ipv4]network IP_ADDR<X.X.X.X> INTEGER<0-32>
    [hostname-bgp-af-ipv4]peer IP_ADDR<X.X.X.X> enable
    [hostname-bgp-af-ipv4]peer IP_ADDR<X.X.X.X> advertise-community
    [hostname-bgp-af-ipv4]peer IP_ADDR<X.X.X.X> route-policy "test" export

    [hostname]route-policy "test" permit node 0


    [hostname-route-policy]if-match acl 2501
    [hostname-route-policy]apply community 12252:1200

    PROTOCOLO VRRP

    [hostname]interface GigabitEthernet0/0/0.x
    [hostname-GigabitEthernet0/0/0.x]vrrp vrid 1 virtual-ip 192.168.1.1
    [hostname-GigabitEthernet0/0/0.x]vrrp vrid 1 track interface GigabitEthernet0/0/0.z reduced a
    // Configura el servicio DHCP

    // Configura la Vlan 100


    // Configura la interface GE 0/0/0
    // Configura el puerto 0/0/0 a Access
    // Configura la vlan por defecto a vlan 100

    // Configura una interface vlan 100


    // Configura una direccion ip a la interface vlan 100
    // Configura la interface para que utilice el pool de direcciones global

    // Configuramos un pool de direcciones de nombre "vlan100"


    // Configura la red del pool de direcciones
    // Excluye un rango de Ips
    // Configura el rango de funcionamiento del pool de Ips
    // Configura una lista de direcciones dns
    // Especifica un domain name para asignar a un cliente DHCP

    // Configura el access control list de numero acl-number


    // Crea la regla de id rule-id y configura la red de origen y wilcard

    // creacion de una sub interface de id x


    // Configura la descripción de la sub interface con los datos del cliente y servicio
    // Configura el intervalo de la colecta de las estadisticas de trafico

    // Configura la encapsulacion dot1q de vlan ID x en la sub interface


    // Configura una interface loopback de ID x
    // Configura la direccion ip y mascara en la interface loopback

    // Configura y abilita el sistema autonomo del protocolo BGP


    // Configura el router id en el router
    // Configura el peer BGP y su sistema autonomo
    // Configura el password para la autenticacion con el BGP peer

    // Habilita la ipv4 family unicast


    // Configura una ruta en la tabla BGP
    // Habilita el intercambio de rutas entre el router y el peer
    // Habilita al router el poder advertir comunidades al router vecino
    // Configura un filtrado de rutas y la advierte hacia su vecino BGP

    // Configura una politica para el filtrado de rutas


    // Filta la politica por un access control list
    // Cambia el cominnity attribute de las rutas de BGP en una politica de ruteo

    // creacion de una sub interface de id x


    // Configura la id del vrrp con la IP virtual
    // Configura el trackeo de la subinterface "z", y en caso de caida, su prioridad se reducira en "a"
    ROUTER NUEVO
    usuario: admin
    password: Admin@huawei

    command-privilege level 1 view cli_8f display current-configuration


    command-privilege level 1 view cli_8f display saved-configuration
    #
    sysname rOficina_Internacional_Del_Trabajo
    #
    drop illegal-mac alarm
    #
    dns server 200.62.191.11
    dns server 200.62.191.12
    dns server 200.24.191.11
    dns server 200.24.191.12
    #
    #
    interface Vlanif1
    description INTERFACE LAN CLIENTE
    set flow-stat interval 10
    ip address 190.116.28.241 255.255.255.248
    ip address 192.168.1.1 255.255.255.0 sub /// IP SECUNDARIA si requiere que el router h
    #
    interface GigabitEthernet0/0/0
    description Interface LAN
    set flow-stat interval 10
    #
    interface GigabitEthernet0/0/1
    description Interface LAN
    set flow-stat interval 10
    #
    interface GigabitEthernet0/0/2
    set flow-stat interval 10
    #
    interface GigabitEthernet0/0/3
    set flow-stat interval 10
    #
    interface GigabitEthernet0/0/4 interface GigabitEthernet0/0/8
    description INTERFACE WAN
    set flow-stat interval 10
    undo negotiation auto
    combo-port copper combo-port fiber
    full-duplex
    speed 100 speed 1000
    undo shutdown
    #
    interface GigabitEthernet0/0/4.10 interface GigabitEthernet0/0/8.10
    description Wan OFICINA INTERNACIONAL DEL TRABAJO - INTERNET CORPORATIVO 10 Mbps - CID:8308861
    set flow-stat interval 10
    dot1q termination vid 586
    ip address 190.81.144.243 255.255.255.248
    statistic enable inbound
    statistic enable outbound
    #
    #
    ssh client first-time enable
    stelnet server enable
    telnet server enable

    #
    http secure-server ssl-policy default_policy
    http server enable
    http secure-server enable
    #
    ip route-static 0.0.0.0 0.0.0.0 190.81.144.241
    [email protected]

    NDARIA si requiere que el router haga PAT.

    abitEthernet0/0/8

    ///// "fiber" si la conexion es fibra


    //levantar el puerto a nivel administrativo

    abitEthernet0/0/8.10
    ATIVO 10 Mbps - CID:8308861

    /// similar dot1q

    /// habilita el telnet


    sysname rInt_RELIX_Miraflores
    #
    command-privilege level 1 view cli_8f display current-configuration
    command-privilege level 1 view cli_8f display saved-configuration
    #
    #
    dns resolve
    dns server 200.62.191.11
    dns server 200.24.191.11
    dns server 200.62.191.12
    dns server 200.24.191.12
    #
    #
    hwtacacs-server template Claro_aaa
    hwtacacs-server authentication 200.14.241.43
    hwtacacs-server authorization 200.14.241.43
    hwtacacs-server accounting 200.14.241.43
    hwtacacs-server source-ip 190.81.140.68
    hwtacacs-server shared-key cipher ftcm&sec/
    undo hwtacacs-server user-name domain-included
    #
    #
    #
    aaa
    authentication-scheme default
    authentication-scheme hwtacacs
    authentication-mode hwtacacs local
    authorization-scheme default
    authorization-scheme hwtacacs
    authorization-mode hwtacacs local
    accounting-scheme default
    accounting-scheme hwtacacs
    accounting-mode hwtacacs
    domain default
    domain default_admin
    authentication-scheme hwtacacs
    authorization-scheme hwtacacs
    hwtacacs-server Claro_aaa
    domain default_domain
    authentication-scheme hwtacacs
    accounting-scheme hwtacacs
    authorization-scheme hwtacacs
    hwtacacs-server Claro_aaa
    undo local-user admin
    local-user admin password irreversible-cipher scylla&//
    local-user admin privilege level 15
    local-user admin service-type terminal http
    local-user huawei password irreversible-cipher scylla&//
    local-user huawei privilege level 15
    local-user huawei ftp-directory flash:
    local-user huawei service-type telnet
    #
    #
    ssh client first-time enable
    stelnet server enable
    telnet server enable
    #
    #
    acl number 3333
    rule 0 permit source 190.81.139.1 0 /// siguiente salto
    #
    #
    user-interface con 0
    authentication-mode password
    set authentication password cipher %^%#G}75+py\1E'\HZ,'O3L~U%C_.J:v,G)O3C"c"\w7Y)If.8II;7SdrBG6/'c1%^%#
    authentication-mode aaa (DEBE QUEDAR ASI)
    user-interface vty 0 4
    acl 3333 inbound
    authentication-mode aaa
    user privilege level 15
    idle-timeout 3 0
    #
    wlan ac
    #
    ops
    #
    autostart
    #
    return
    C"c"\w7Y)If.8II;7SdrBG6/'c1%^%#

    You might also like