华为ensp园区网络设计与实施
目 录
1.企业背景
2.项目具体要求
3. 实验拓扑及规划
3.1 网络拓扑结构图
3.2 网络设备命名与设备连接表
3.3 IP地址规划
3.4 VLAN规划表
4. 开启telnet管理功能
4.1 开启路由器telnet:
4.2 开启交换机telnet:
5. 配置端口聚合
6. 配置网关冗余VRRP
6.1 配置VRRP与接口状态联动
7. 配置单臂路由
8. 配置DHCP服务
8.1 配置DHCP全局地址池
8.2 配置DHCP中继
8.3 配置DHCP Snooping+IPSG+DAL
9. 配置生成树MSTP协议
10. 配置OSPF
10.1 配置OSPF边缘端口
11. 配置默认路由
12. 配置NAT·
12.1 动态地址转换·
12.2 NAT Server
13. 配置ACL访问控制列表
14. 各设备的运行配置列表
14.1 路由器:
14.1.1 CJ15net24_zb_R_1 配置文件:
14.1.2 CJ15net24_fb1_R_2 配置文件:
14.1.3 CJ15net24_fb2_R_3 配置文件:
14.1.4 CJ15net24_out_R_4 配置文件:
14.2 三层交换机:
14.2.1 CJ15net24_zb_SW_1 配置文件:
14.2.2 CJ15net24_zb_SW_2 配置文件:
14.3.3 CJ15net24_fwq_SW_7 配置文件:
14.3 二层交换机:
14.3.1 CJ15net24_zb_SW_3 配置文件:
14.3.2 CJ15net24_zb_SW_4 配置文件:
14.3.3 CJ15net24_zb_SW_5 配置文件:
14.3.4 CJ15net24_zb_SW_6 配置文件:
14.3.5 CJ15net24_fb1_SW_9 配置文件:
14.3.6 CJ15net24_fb2_SW_10 配置文件:
14.4 服务器:
14.4.1 CJ15net24_fwq_DHCP配置文件
园区网络设计与实施文档
1.企业背景
某集团经过业务发展,总公司在广州市体育中心附近,在海珠区和白云区有二个分公司,为了实现快捷的信息交流和资源共享,需要构建统一网络,整合公司所有相关业务流程。总公司采用双核心的网络架构模式,采用专线接入互联网,二个分公司分别租用二条专线光纤线路进行连接,特向ISP供应商取得如下公网IP地址:202.16.10.5~20/27,现要求组建网络,总体要求如下:
- 保证整个网络的稳定性、可靠性。
- 各单位部门能通过地址转换连接上互联网。
- 各部门划分VLAN,只有经理室才能访问分公司。
- 要求集团各部门能通过FTP服务器进行文件传输。
- 内网和外网均能访问公司的主页。
2.项目具体要求
- 画出总的拓扑结构图
- 作出具体IP地址规划和VLAN规划
- 写出网络设备连接表
- 给所有的设备进行命名,命令规则:姓名01_部门简称_设备名_编号
- 在所有设备上开启 telnet 管理功能,管理设备使用 cjnet做为用户名,口令为 telnet123。
- 总部的交换网络中,在两台三层核心交换机通过端口聚合进行冗余备份,各交换机间采用MSTP,核心交换机作为根桥,并作流量均衡。
- 全网采用专门的DHCP服务器进行IP统一分配。
- 全公司均能访问FTP服务器和WEB服务器。
- 总公司各部门均能相互访问,分公司各部门亦能相互访问,但只有总公司的经理部能访问公司各部门的数据。
- 制作网络工程实施文档以供查阅与维护。
3. 实验拓扑及规划
3.1 网络拓扑结构图
根据项目要求绘制网络拓扑结构图,如图3.1所示:
图3.1 网络拓扑结构图
3.2 网络设备命名与设备连接表
根据网络拓扑结构图绘制网络设备命名与设备连接表,如表1所示:
表1 设备命名与设备连接表
|
部门名称 |
设备名称 |
互联接口 |
连接至 |
设备名称 |
互联接口 |
|
网络中心 |
LJY27_zb_LSW1 |
G0/0/1 |
→ |
LJY27_zb_AR1 |
G0/0/1 |
|
G0/0/2 |
→ |
LJY27_jlb_LSW3 |
G0/0/1 |
||
|
G0/0/3 |
→ |
LJY27_cwb_LSW4 |
G0/0/1 |
||
|
G0/0/4 |
→ |
LJY27_rsb_LSW5 |
G0/0/1 |
||
|
G0/0/5 |
→ |
LJY27_kfb_LSW6 |
G0/0/1 |
||
|
G0/0/21 |
→ |
LJY27_zb_LSW2 |
G0/0/21 |
||
|
G0/0/22 |
→ |
LJY27_zb_LSW2 |
G0/0/22 |
||
|
G0/0/23 |
→ |
LJY27_zb_LSW2 |
G0/0/23 |
||
|
G0/0/24 |
→ |
LJY27_zb_LSW2 |
G0/0/24 |
||
|
LJY27_zb_LSW2 |
G0/0/2 |
→ |
LJY27_zb_AR1 |
G0/0/2 |
|
|
G0/0/3 |
→ |
LJY27_jlb_LSW3 |
G0/0/2 |
||
|
G0/0/4 |
→ |
LJY27_cwb_LSW4 |
G0/0/2 |
||
|
G0/0/5 |
→ |
LJY27_rsb_LSW5 |
G0/0/2 |
||
|
G0/0/6 |
→ |
LJY27_kfb_LSW6 |
G0/0/2 |
||
|
G0/0/21 |
→ |
LJY27_zb_LSW1 |
G0/0/21 |
||
|
G0/0/22 |
→ |
LJY27_zb_LSW1 |
G0/0/22 |
||
|
G0/0/23 |
→ |
LJY27_zb_LSW1 |
G0/0/23 |
||
|
G0/0/24 |
→ |
LJY27_zb_LSW1 |
G0/0/24 |
||
|
LJY27_zb_AR1 |
S1/0/0 |
→ |
AR4 |
S1/0/0 |
|
|
G4/0/0 |
→ |
LJY27_fgs_AR2 |
G0/0/0 |
||
|
G4/0/1 |
→ |
LJY27_fgs2_AR3 |
G0/0/1 |
||
|
G0/0/1 |
→ |
LJY27_zb_LSW1 |
G0/0/1 |
||
|
G0/0/2 |
→ |
LJY27_zb_LSW2 |
G0/0/2 |
||
|
G0/0/0 |
→ |
LJY27_fwq_LSW7 |
G0/0/1 |
||
|
LJY27_jlb_LSW3 |
G0/0/1 |
→ |
LJY27_zb_LSW1 |
G0/0/2 |
|
|
G0/0/2 |
→ |
LJY27_zb_LSW2 |
G0/0/3 |
||
|
E0/0/1 |
→ |
LJY27_jlb_PC3 |
E0/0/1 |
||
|
LJY27_cwb_LSW4 |
G0/0/1 |
→ |
LJY27_zb_LSW1 |
G0/0/3 |
|
|
G0/0/2 |
→ |
LJY27_zb_LSW2 |
G0/0/4 |
||
|
E0/0/1 |
→ |
LJY27_cwb_PC4 |
E0/0/1 |
||
|
LJY27_rsb_LSW5 |
G0/0/1 |
→ |
LJY27_zb_LSW1 |
G0/0/4 |
|
|
G0/0/2 |
→ |
LJY27_zb_LSW2 |
G0/0/5 |
||
|
E0/0/1 |
→ |
LJY27_rsb_PC5 |
E0/0/1 |
||
|
LJY27_kfb_LSW6 |
G0/0/1 |
→ |
LJY27_zb_LSW1 |
G0/0/5 |
|
|
G0/0/2 |
→ |
LJY27_zb_LSW2 |
G0/0/6 |
||
|
E0/0/1 |
→ |
LJY27_kfb_PC6 |
E0/0/1 |
||
|
LJY27_fwq_LSW7 |
G0/0/4 |
→ |
LJY27_fwq_FTP |
E0/0/0 |
|
|
G0/0/3 |
→ |
LJY27_fwq_HTTP |
E0/0/0 |
||
|
G0/0/2 |
→ |
LJY27_fwq_DHCP |
G0/0/0 |
||
|
G0/0/1 |
→ |
LJY27_zb_AR1 |
G0/0/0 |
||
|
LJY27_fgs_AR2 |
G0/0/0 |
→ |
LJY27_zb_AR1 |
G4/0/0 |
|
|
G0/0/1 |
→ |
LJY27_fgs_LSW9 |
G0/0/1 |
||
|
LJY27_fgs2_AR3 |
G0/0/1 |
→ |
LJY27_zb_AR1 |
G4/0/1 |
|
|
G0/0/2 |
→ |
LJY27_fgs2_LSW10 |
G0/0/2 |
||
|
LJY27_fgs_LSW9 |
G0/0/1 |
→ |
LJY27_fgs_AR2 |
G0/0/1 |
|
|
E0/0/1 |
→ |
LJY27_xsb_PC1 |
E0/0/1 |
||
|
E0/0/2 |
→ |
LJY27_glb_PC2 |
E0/0/1 |
||
|
LJY27_fgs2_LSW10 |
G0/0/2 |
→ |
LJY27_fgs2_AR3 |
G0/0/2 |
|
|
E0/0/1 |
→ |
LJY27_xsb2_PC7 |
E0/0/1 |
||
|
E0/0/2 |
→ |
LJY27_glb2_PC8 |
E0/0/1 |
||
|
外网 |
AR4 |
S1/0/0 |
→ |
LJY27_zb_AR1 |
S1/0/0 |
|
网络中心 |
LJY27_xsb_PC1 |
E0/0/1 |
→ |
LJY27_fgs_LSW9 |
E0/0/1 |
|
LJY27_glb_PC2 |
E0/0/1 |
→ |
LJY27_fgs_LSW9 |
E0/0/2 |
|
|
LJY27_jlb_PC3 |
E0/0/1 |
→ |
LJY27_jlb_LSW3 |
E0/0/1 |
|
|
LJY27__cwb_PC4 |
E0/0/1 |
→ |
LJY27_cwb_LSW4 |
E0/0/1 |
|
|
LJY27_rsb_PC5 |
E0/0/1 |
→ |
LJY27_rsb_LSW5 |
E0/0/1 |
|
|
LJY27_kfb_PC6 |
E0/0/1 |
→ |
LJY27_kfb_LSW6 |
E0/0/1 |
|
|
LJY27_fwq_DHCP |
G0/0/0 |
→ |
LJY27_fwq_LSW7 |
G0/0/2 |
|
|
LJY27_fwq_HTTP |
E0/0/0 |
→ |
LJY27_fwq_LSW7 |
G0/0/3 |
|
|
LJY27_fwq_FTP |
E0/0/0 |
→ |
LJY27_fwq_LSW7 |
G0/0/4 |
|
|
LJY27_xsb2_PC7 |
E0/0/1 |
→ |
LJY27_fgs2_LSW10 |
E0/0/1 |
|
|
LJY27_glb2_PC8 |
E0/0/1 |
→ |
LJY27_fgs2_LSW10 |
E0/0/2 |
3.3 IP地址规划
根据网络拓扑结构图绘制IP地址规划表,如表2所示:
表2 设备IP地址规划表
|
部门名称 |
设备名称 |
接口 |
IP地址 |
子网掩码 |
|
总部 |
LJY27_zb_AR1 |
G4/0/0 |
10.10.20.2 |
30 |
|
G4/0/1 |
10.10.10.1 |
30 |
||
|
G0/0/1 |
10.10.30.1 |
30 |
||
|
G0/0/2 |
10.10.40.1 |
30 |
||
|
G0/0/0 |
10.10.50.1 |
30 |
||
|
S1/0/0 |
202.16.10.20 |
27 |
||
|
LJY27_zb_LSW1 |
G0/0/1 |
10.10.30.2 |
30 |
|
|
G0/0/2 |
192.27.10.252 |
24 |
||
|
G0/0/3 |
192.27.20.252 |
24 |
||
|
G0/0/4 |
192.27.30.253 |
24 |
||
|
G0/0/5 |
192.27.40.253 |
24 |
||
|
LJY27_zb_LSW2 |
G0/0/2 |
10.10.40.2 |
30 |
|
|
G0/0/3 |
192.27.10.253 |
24 |
||
|
G0/0/4 |
192.27.20.253 |
24 |
||
|
G0/0/5 |
192.27.30.252 |
24 |
||
|
G0/0/6 |
192.27.40.252 |
24 |
||
|
服务区 |
LJY27_fwq_LSW7 |
G0/0/1 |
10.10.50.2 |
30 |
|
G0/0/0/2-4 |
172.16.1.254 |
24 |
||
|
分公司1 |
LJY27_fgs_AR2 |
G0/0/0 |
10.10.20.1 |
30 |
|
G0/0/1.100 |
192.27.100.254 |
24 |
||
|
G0/0/1.110 |
192.27.110.254 |
24 |
||
|
分公司2 |
LJY27_fgs2_AR3 |
G0/0/1 |
10.10.10.2 |
30 |
|
G0/0/2.200 |
192.27.200.254 |
24 |
||
|
G0/0/2.210 |
192.27.210.254 |
24 |
||
|
外网 |
AR4 |
S1/0/0 |
202.16.10.1 |
27 |
3.4 VLAN规划表
根据项目要求制作VLAN规划表,如表3所示:
表3 Vlan规划表
|
序号 |
部门名称 |
VLAN编号 |
VLAN名称 |
IP地址 |
子网掩码 |
备注 |
|
1 |
经理部 |
10 |
Jingli |
DHCP自动获取 |
255.255.255.0 |
网关:192.168.10.254 |
|
2 |
财务部 |
20 |
DHCP自动获取 |
255.255.255.0 |
192.168.20.254 |
|
|
3 |
人事部 |
30 |
DHCP自动获取 |
255.255.255.0 |
192.168.30.254 |
|
|
4 |
开发部 |
40 |
DHCP自动获取 |
255.255.255.0 |
192.168.40.254 |
|
|
5 |
管理部1 |
100 |
DHCP自动获取 |
255.255.255.0 |
192.168.100.254 |
|
|
6 |
销售部1 |
110 |
DHCP自动获取 |
255.255.255.0 |
192.168.110.254 |
|
|
7 |
管理部2 |
200 |
DHCP自动获取 |
255.255.255.0 |
192.168.200.254 |
|
|
8 |
销售部2 |
210 |
DHCP自动获取 |
255.255.255.0 |
192.168.210.254 |
|
|
9 |
分公司2AR3 |
10 |
10.10.10.2 |
255.255.255.252 |
||
|
10 |
分公司1AR2 |
20 |
10.10.20.1 |
255.255.255.252 |
||
|
11 |
zbAR1-SW1 |
70 |
10.10.30.2 |
255.255.255.252 |
||
|
12 |
zbAR1-SW2 |
80 |
10.10.40.2 |
255.255.255.252 |
||
|
13 |
服务器区 |
50 |
10.10.50.2 |
255.255.255.252 |
||
|
14 |
管理vlan |
|||||
|
15 |
互联vlan |
4. 开启telnet管理功能
开启设备的telnet管理功能,并为交换机配置管理IP(交换机使用vlan 1做管理vlan),实现远程登录控制网络设备。
配置过程:
4.1 开启路由器telnet:
LJY27_zb_AR1:
<LJY27_zb_AR1>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_zb_AR1]telnet server enable
Error: TELNET server has been enabled
[LJY27_zb_AR1]user-interface vty 0 4
[LJY27_zb_AR1-ui-vty0-4]authentication-mode aaa
[LJY27_zb_AR1-ui-vty0-4]aaa
[LJY27_zb_AR1-aaa]local-user cjnet password cipher telnet123
Info: Add a new user.
[LJY27_zb_AR1-aaa]user-interface vty 0 4
[LJY27_zb_AR1-ui-vty0-4]authentication-mode aaa
[LJY27_zb_AR1-ui-vty0-4]user privilege level 15 [LJY27_zb_AR1-ui-vty0-4]
LJY27_fgs_AR2:
<LJY27_fgs_AR2>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_fgs_AR2]telnet server enable
Error: TELNET server has been enabled
[LJY27_fgs_AR2]user-interface vty 0 4
[LJY27_fgs_AR2-ui-vty0-4]authentication-mode aaa
[LJY27_fgs_AR2-ui-vty0-4]aaa
[LJY27_fgs_AR2-aaa]local-user cjnet password cipher telnet123
Info: Add a new user.
[LJY27_fgs_AR2]user-interface vty 0 4
[LJY27_fgs_AR2-ui-vty0-4]user privilege level 15
[LJY27_fgs_AR2-ui-vty0-4]authentication-mode aaa
LJY27_fgs2_AR3:
<LJY27_fgs2_AR3>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_fgs2_AR3]telnet server enable
Error: TELNET server has been enabled
[LJY27_fgs2_AR3]user-interface vty 0 4
[LJY27_fgs2_AR3-ui-vty0-4]authentication-mode aaa
[LJY27_fgs2_AR3-ui-vty0-4]aaa
[LJY27_fgs2_AR3-aaa]local-user cjnet password cipher telnet123
Info: Add a new user.
[LJY27_fgs2_AR3-aaa]user-interface vty 0 4
[LJY27_fgs2_AR3-ui-vty0-4]user privilege level 15
[LJY27_fgs2_AR3-ui-vty0-4]authentication-mode aaa
[LJY27_fgs2_AR3-ui-vty0-4]
4.2 开启交换机telnet:
LJY27_zb_LSW1:
<LJY27_zb_LSW1>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_zb_LSW1]telnet server enable
Info: The Telnet server has been enabled.
[LJY27_zb_LSW1]user-interface vty 0 4
[LJY27_zb_LSW1-ui-vty0-4]protocol inbound telnet
[LJY27_zb_LSW1-ui-vty0-4]authentication-mode aaa
[LJY27_zb_LSW1-ui-vty0-4]aaa
[LJY27_zb_LSW1-aaa]local-user cjnet password cipher telnet123
Info: Add a new user.
[LJY27_zb_LSW1-aaa]local-user cjnet privilege level 15
[LJY27_zb_LSW1-aaa]local-user cjnet service-type telnet
LJY27_zb_LSW2:
<LJY27_zb_LSW2>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_zb_LSW2]telnet server enable
Info: The Telnet server has been enabled.
[LJY27_zb_LSW2]user-interface vty 0 4
[LJY27_zb_LSW2-ui-vty0-4]protocol inbound telnet
[LJY27_zb_LSW2-ui-vty0-4]authentication-mode aaa
[LJY27_zb_LSW2-ui-vty0-4]aaa
[LJY27_zb_LSW2-aaa]local-user cjnet password cipher telnet123
Info: Add a new user.
[LJY27_zb_LSW2-aaa]local-user cjnet privilege level 15
[LJY27_zb_LSW2-aaa]local-user cjnet service-type telnet
LJY27_fwq_LSW7:
<LJY27_fwq_LSW7>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_fwq_LSW7]telnet server enable
Info: The Telnet server has been enabled.
[LJY27_fwq_LSW7]user-interface vty 0 4
[LJY27_fwq_LSW7-ui-vty0-4]protocol inbound telnet
[LJY27_fwq_LSW7-ui-vty0-4]authentication-mode aaa
[LJY27_fwq_LSW7-ui-vty0-4]local-user cjnet password cipher telnet123
[LJY27_fwq_LSW7-ui-vty0-4]aaa
[LJY27_fwq_LSW7-aaa]local-user cjnet password cipher telnet123
Info: Add a new user.
[LJY27_fwq_LSW7-aaa]local-user cjnet privilege level 15
[LJY27_fwq_LSW7-aaa]local-user cjnet service-type telnet
5. 配置端口聚合
采用链路聚合技术可以在不进行硬件升级的条件下,通过将多个物理接口捆绑为一个逻辑接口,达到增加链路带宽的目的。在实现增大带宽目的的同时,链路聚合采用备份链路的机制,可以有效的提高设备之间链路的可靠性。
LJY27_zb_LSW1:
<LJY27_zb_LSW1>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_zb_LSW1]int Eth-Trunk 1
[LJY27_zb_LSW1-Eth-Trunk1]trunkport g0/0/21
Info: This operation may take a few seconds. Please wait for a moment...done.
[LJY27_zb_LSW1-Eth-Trunk1]trunkport g0/0/22
Info: This operation may take a few seconds. Please wait for a moment...done.
[LJY27_zb_LSW1-Eth-Trunk1]trunkport g0/0/23
Info: This operation may take a few seconds. Please wait for a moment...done.
[LJY27_zb_LSW1-Eth-Trunk1]trunkport g0/0/24
Info: This operation may take a few seconds. Please wait for a moment...done.
[LJY27_zb_LSW1-Eth-Trunk1]port link-type trunk
[LJY27_zb_LSW1-Eth-Trunk1]port trunk allow-pass vlan all
LJY27_zb_LSW2:
<LJY27_zb_LSW2>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_zb_LSW2]int Eth-Trunk 1
[LJY27_zb_LSW2-Eth-Trunk1]trunkport g0/0/21
Info: This operation may take a few seconds. Please wait for a moment...done.
[LJY27_zb_LSW2-Eth-Trunk1]trunkport g0/0/22
Info: This operation may take a few seconds. Please wait for a moment...done.
[LJY27_zb_LSW2-Eth-Trunk1]trunkport g0/0/23
Info: This operation may take a few seconds. Please wait for a moment...done.
[LJY27_zb_LSW2-Eth-Trunk1]trunkport g0/0/24
Info: This operation may take a few seconds. Please wait for a moment...done.
[LJY27_zb_LSW2-Eth-Trunk1]port link-type trunk
[LJY27_zb_LSW2-Eth-Trunk1]port trunk allow-pass vlan all
6 核心交换机冗余备份
Vrrp mstp在其他地方配置了
7. 配置单臂路由
分公司1
LJY27_fgs_AR2:
[LJY27_fgs_AR2]int g0/0/1.100
[LJY27_fgs_AR2-GigabitEtherne0/0/1.100]ip add 192.27.100.254 24
[LJY27_fgs_AR2-GigabitEtherne0/0/1.100]dot1q termination vid 100
[LJY27_fgs_AR2-GigabitEthernet0/0/1.100]arp broadcast enable
[LJY27_fgs_AR2-GigabitEthernet0/0/0.10]int g0/0/1.110
[LJY27_fgs_AR2-GigabitEthernet0/0/1.110]ip add 192.27.110.254 24
[LJY27_fgs_AR2-GigabitEthernet0/0/1.110]dot1q termination vid 110
[LJY27_fgs_AR2-GigabitEthernet0/0/1.110]arp broadcast enable
LJY27_fgs_LSW9:
[LJY27_fgs_LSW9]vlan 100
[LJY27_fgs_LSW9-vlan100]vlan 110
[LJY27_fgs_LSW9]int e0/0/1
[LJY27_fgs_LSW9-Ethernet0/0/1]port link-type access
[LJY27_fgs_LSW9-Ethernet0/0/1]port default vlan 100
[LJY27_fgs_LSW9]int e0/0/2
[LJY27_fgs_LSW9-Ethernet0/0/2]port link-type access
[LJY27_fgs_LSW9-Ethernet0/0/2]port default vlan 110
[LJY27_fgs_LSW9]int g0/0/3
[LJY27_fgs_LSW9-GigabitEthernet0/0/1]port link-type trunk
[LJY27_fgs_LSW9- GigabitEthernet0/0/1]port trunk allow-pass vlan 100 110
分公司2
LJY27_fgs2_AR3:
[LJY27_fgs2_AR3]int g0/0/2.200
[LJY27_fgs2_AR3-GigabitEtherne0/0/2.200]ip add 192.27.200.254 24
[LJY27_fgs2_AR3-GigabitEtherne0/0/2.200]dot1q termination vid 200
[LJY27_fgs2_AR3-GigabitEthernet0/0/2.200]arp broadcast enable
[LJY27_fgs2_AR3-GigabitEthernet0/0/2.210]int g0/0/2.210
[LJY27_fgs2_AR3-GigabitEthernet0/0/2.210]]ip add 192.27.210.254 24
[LJY27_fgs2_AR3-GigabitEthernet0/0/2.210]]dot1q termination vid 210
[LJY27_fgs2_AR3-GigabitEthernet0/0/2.210]]arp broadcast enable
LJY27_fgs2_LSW10:
[LJY27_fgs2_LSW10]vlan 200
[LJY27_fgs2_LSW10-vlan200]vlan 210
[LJY27_fgs2_LSW10]int e0/0/1
[LJY27_fgs2_LSW10-Ethernet0/0/1]port link-type access
[LJY27_fgs2_LSW10-Ethernet0/0/1]port default vlan 200
[LJY27_fgs2_LSW10]int e0/0/2
[LJY27_fgs2_LSW10-Ethernet0/0/2]port link-type access
[LJY27_fgs2_LSW10-Ethernet0/0/2]port default vlan 210
[LJY27_fgs2_LSW10]int g0/0/2
[LJY27_fgs2_LSW10-GigabitEthernet0/0/2]port link-type trunk
[LJY27_fgs2_LSW10- GigabitEthernet0/0/2]port trunk allow-pass vlan 200 210
8. 配置DHCP服务
LJY27_fwq_DHCP
配置分公司1
[LJY27_fwq_DHCP]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LJY27_fwq_DHCP]ip pool fgs1
Info: It's successful to create an IP address pool.
[LJY27_fwq_DHCP-ip-pool-fgs1]network 192.27.100.0 mask 255.255.255.0
[LJY27_fwq_DHCP-ip-pool-fgs1]network 192.27.110.0 mask 255.255.255.0
Error:Please delete the network section first.
[LJY27_fwq_DHCP-ip-pool-fgs1]gateway-list 192.27.100.254
[LJY27_fwq_DHCP]ip pool fgs1glb1
Info: It's successful to create an IP address pool.
[LJY27_fwq_DHCP-ip-pool-fgs1glb1]network 192.27.110.0 mask 255.255.255.0
[LJY27_fwq_DHCP-ip-pool-fgs1glb1]gateway-list 192.27.110.254
配置分公司2:
<LJY27_fwq_DHCP>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_fwq_DHCP]ip pool fgs2xsb2
Info: It's successful to create an IP address pool.
[LJY27_fwq_DHCP-ip-pool-fgs2xsb2]network 192.27.200.0 mask 255.255.255.0
[LJY27_fwq_DHCP-ip-pool-fgs2xsb2]gateway-list 192.27.200.254
[LJY27_fwq_DHCP-ip-pool-fgs2xsb2]ip pool fgs2glb2
Info: It's successful to create an IP address pool.
[LJY27_fwq_DHCP-ip-pool-fgs2glb2]network 192.27.210.0 mask 255.255.255.0
[LJY27_fwq_DHCP-ip-pool-fgs2glb2]gateway-list 192.27.210.254
配置分公司1销售部1
<LJY27_fgs_AR2>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_fgs_AR2]dhcp en
[LJY27_fgs_AR2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LJY27_fgs_AR2]int g0/0/1.100
[LJY27_fgs_AR2-GigabitEthernet0/0/1.100]dhcp select relay
[LJY27_fgs_AR2-GigabitEthernet0/0/1.100]dhcp relay server-ip 172.16.1.1
分公司1管理部1
[LJY27_fgs_AR2]int g0/0/1.110
[LJY27_fgs_AR2-GigabitEthernet0/0/1.110]dhcp select relay
[LJY27_fgs_AR2-GigabitEthernet0/0/1.110]dhcp relay server-ip 172.16.1.1
配置分公司2
<LJY27_fgs2_AR3>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_fgs2_AR3]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LJY27_fgs2_AR3]int g0/0/2.200
[LJY27_fgs2_AR3-GigabitEthernet0/0/2.200]dhcp select relay
[LJY27_fgs2_AR3-GigabitEthernet0/0/2.200]dhcp relay server-ip 172.16.1.1
[LJY27_fgs2_AR3-GigabitEthernet0/0/2.200]int g0/0/2.210
[LJY27_fgs2_AR3-GigabitEthernet0/0/2.210]dhcp select relay
[LJY27_fgs2_AR3-GigabitEthernet0/0/2.210]dhcp relay server-ip 172.16.1.1
配置总部
<LJY27_fwq_DHCP> sys
Enter system view, return user view with Ctrl+Z.
[LJY27_fwq_DHCP]dhcp enable
[LJY27_fwq_DHCP]ip pool zbjlb
Info: It's successful to create an IP address pool.
[LJY27_fwq_DHCP-ip-pool-zbjlb]network 192.27.10.0 mask 255.255.255.0
[LJY27_fwq_DHCP-ip-pool-zbjlb]gateway-list 192.27.10.254
[LJY27_fwq_DHCP-ip-pool-zbjlb]excluded-ip-address 192.27.10.252 192.27.10.253
[LJY27_fwq_DHCP]ip pool zbcwb
Info: It's successful to create an IP address pool.
[LJY27_fwq_DHCP-ip-pool-zbcwb]network 192.27.20.0 mask 255.255.255.0
[LJY27_fwq_DHCP-ip-pool-zbcwb]gateway-list 192.27.20.254
[LJY27_fwq_DHCP-ip-pool-zbcwb]excluded-ip-address 192.27.20.252 192.27.20.253
[LJY27_fwq_DHCP-ip-pool-zbcwb]ip pool zbrsb
Info: It's successful to create an IP address pool.
[LJY27_fwq_DHCP-ip-pool-zbrsb]network 192.27.30.0 mask 255.255.255.0
[LJY27_fwq_DHCP-ip-pool-zbrsb]gateway-list 192.27.30.254
[LJY27_fwq_DHCP-ip-pool-zbrsb]excluded-ip-address 192.27.30.252 192.27.30.253
[LJY27_fwq_DHCP-ip-pool-zbrsb]ip pool zbkfb
Info: It's successful to create an IP address pool.
[LJY27_fwq_DHCP-ip-pool-zbkfb]network 192.27.40.0 mask 255.255.255.0
[LJY27_fwq_DHCP-ip-pool-zbkfb]gateway-list 192.27.40.254
[LJY27_fwq_DHCP-ip-pool-zbkfb]excluded-ip-address 192.27.40.252 192.27.40.253
[LJY27_fwq_DHCP-ip-pool-zbkfb]int g0/0/0
[LJY27_fwq_DHCP-GigabitEthernet0/0/0]dhcp select global
VRRP:
LJY27_zb_LSW1
<LJY27_zb_LSW1>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_zb_LSW1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LJY27_zb_LSW1]int vlan10
[LJY27_zb_LSW1-Vlanif10]vrrp vrid 10 virtual-ip 192.27.10.254
[LJY27_zb_LSW1-Vlanif10]vrrp vrid 1 priority 120
[LJY27_zb_LSW1-Vlanif10]dhcp sel relay
[LJY27_zb_LSW1-Vlanif10]dhcp relay server-ip 172.16.1.1
[LJY27_zb_LSW1]int vlan 20
[LJY27_zb_LSW1-Vlanif20]vrrp vrid 20 virtual-ip 192.27.20.254
[LJY27_zb_LSW1-Vlanif20]vrrp vrid 1 priority 120
[LJY27_zb_LSW1-Vlanif20]dhcp select relay
[LJY27_zb_LSW1-Vlanif20]dhcp relay server-ip 172.16.1.1
[LJY27_zb_LSW1-Vlanif20]int vlan 30
[LJY27_zb_LSW1-Vlanif30]vrrp vrid 30 virtual-ip 192.27.30.254
[LJY27_zb_LSW1-Vlanif30]dhcp select relay
[LJY27_zb_LSW1-Vlanif30]dhcp relay server-ip 172.16.1.1
[LJY27_zb_LSW1-Vlanif30]int vlan 40
[LJY27_zb_LSW1-Vlanif40]vrrp vrid 40 virtual-ip 192.27.40.254
[LJY27_zb_LSW1-Vlanif40]dhcp select relay
[LJY27_zb_LSW1-Vlanif40]dhcp relay server-ip 172.16.1.1
LJY27_zb_LSW2
<LJY27_zb_LSW2>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_zb_LSW2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LJY27_zb_LSW2]int vlan 10
[LJY27_zb_LSW2-Vlanif10]vrrp vrid 10 virtual-ip 192.27.10.254
[LJY27_zb_LSW2-Vlanif10]dhcp select relay
[LJY27_zb_LSW2-Vlanif10]dhcp relay server-ip 172.16.1.1
[LJY27_zb_LSW2-Vlanif10]int vlan 20
[LJY27_zb_LSW2-Vlanif20]vrrp vrid 20 virtual-ip 192.27.20.254
[LJY27_zb_LSW2-Vlanif20]dhcp select relay
[LJY27_zb_LSW2-Vlanif20]dhcp relay server-ip 172.16.1.1
[LJY27_zb_LSW2-Vlanif20]int vlan 30
[LJY27_zb_LSW2-Vlanif30]vrrp vrid 30 virtual-ip 192.27.30.254
[LJY27_zb_LSW2-Vlanif30]vrrp vrid 1 priority 120
[LJY27_zb_LSW2-Vlanif30]dhcp select relay
[LJY27_zb_LSW2-Vlanif30]dhcp relay server-ip 172.16.1.1
[LJY27_zb_LSW2-Vlanif30]int vlan 40
[LJY27_zb_LSW2-Vlanif40]vrrp vrid 40 virtual-ip 192.27.40.254
[LJY27_zb_LSW2-Vlanif40]vrrp vrid 1 priority 120
[LJY27_zb_LSW2-Vlanif40]dhcp select relay
[LJY27_zb_LSW2-Vlanif40]dhcp relay server-ip 172.16.1.1
9. 配置生成树MSTP协议
LJY27_zb_LSW1
<LJY27_zb_LSW1>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_zb_LSW1]stp mode mstp
[LJY27_zb_LSW1]stp region-configuration
[LJY27_zb_LSW1-mst-region]region-name huawei
[LJY27_zb_LSW1-mst-region]revision-level 1
[LJY27_zb_LSW1-mst-region]instance 1 vlan 10
[LJY27_zb_LSW1-mst-region]instance 2 vlan 20
[LJY27_zb_LSW1-mst-region]instance 3 vlan 30
[LJY27_zb_LSW1-mst-region]instance 4 vlan 40
[LJY27_zb_LSW1-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[LJY27_zb_LSW1-mst-region]q
[LJY27_zb_LSW1]stp instance 1 root primary
[LJY27_zb_LSW1]stp instance 2 root primary
[LJY27_zb_LSW1]stp instance 3 root secondary
[LJY27_zb_LSW1]stp instance 4 root secondary
LJY27_zb_LSW2
<LJY27_zb_LSW2>
<LJY27_zb_LSW2>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_zb_LSW2]stp mode mstp
[LJY27_zb_LSW2]stp region-configuration
[LJY27_zb_LSW2-mst-region]region-name huawei
[LJY27_zb_LSW2-mst-region]revision-level 1
[LJY27_zb_LSW2-mst-region]instance 1 vlan 10
[LJY27_zb_LSW2-mst-region]instance 2 vlan 20
[LJY27_zb_LSW2-mst-region]instance 3 vlan 30
[LJY27_zb_LSW2-mst-region]instance 4 vlan 40
[LJY27_zb_LSW2-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[LJY27_zb_LSW2-mst-region]q
[LJY27_zb_LSW2]stp instance 1 root secondary
[LJY27_zb_LSW2]stp instance 2 root secondary
[LJY27_zb_LSW2]stp instance 3 root primary
[LJY27_zb_LSW2]stp instance 4 root primary
10. 配置OSPF
LJY27_fgs_AR2:
<LJY27_fgs_AR2>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_fgs_AR2]ospf 1
[LJY27_fgs_AR2-ospf-1]silent-interface g0/0/1.100
[LJY27_fgs_AR2-ospf-1]silent-interface g0/0/1.110
[LJY27_fgs_AR2-ospf-1]area 0
[LJY27_fgs_AR2-ospf-1-area-0.0.0.0]network 10.10.20.0 0.0.0.3
[LJY27_fgs_AR2-ospf-1-area-0.0.0.0]network 192.27.100.0 0.0.0.255
[LJY27_fgs_AR2-ospf-1-area-0.0.0.0]network 192.27.110.0 0.0.0.255
LJY27_zb_AR1:
<LJY27_zb_AR1>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_zb_AR1]ospf 1
[LJY27_zb_AR1-ospf-1]area 0
[LJY27_zb_AR1-ospf-1-area-0.0.0.0] network 10.10.20.0 0.0.0.3
[LJY27_zb_AR1-ospf-1-area-0.0.0.2] network 10.10.10.0 0.0.0.3
[LJY27_zb_AR1-ospf-1-area-0.0.0.0]network10.10.30.0 0.0.0.3
[LJY27_zb_AR1-ospf-1-area-0.0.0.0]network10.10.40.0 0.0.0.3
[LJY27_zb_AR1-ospf-1-area-0.0.0.0]network10.10.50.0 0.0.0.3
LJY27_zb_LSW1:
<LJY27_zb_LSW1> sys
Enter system view, return user view with Ctrl+Z.
[LJY27_zb_LSW1]ospf 1
[LJY27_zb_LSW1-ospf-1]silent-interface g0/0/2
[LJY27_zb_LSW1-ospf-1]silent-interface g0/0/3
[LJY27_zb_LSW1-ospf-1]silent-interface g0/0/4
[LJY27_zb_LSW1-ospf-1]silent-interface g0/0/5
[LJY27_zb_LSW1-ospf-1]area 0
[LJY27_zb_LSW1-ospf-1-area-0.0.0.0]network 10.10.30.0 0.0.0.3
[LJY27_zb_LSW1-ospf-1-area-0.0.0.0]network192.27.10.0 0.0.0.255
[LJY27_zb_LSW1-ospf-1-area-0.0.0.0]network 192.27.20.0 0.0.0.255
[LJY27_zb_LSW1-ospf-1-area-0.0.0.0]network 192.27.30.0 0.0.0.255
[LJY27_zb_LSW1-ospf-1-area-0.0.0.0]network 192.27.40.0 0.0.0.255
LJY27_zb_LSW2
<LJY27_zb_LSW2> sys
Enter system view, return user view with Ctrl+Z.
[LJY27_zb_LSW2]ospf 1
[LJY27_zb_LSW2-ospf-1]silent-interface g0/0/3
[LJY27_zb_LSW2-ospf-1]silent-interface g0/0/4
[LJY27_zb_LSW2-ospf-1]silent-interface g0/0/5
[LJY27_zb_LSW2-ospf-1]silent-interface g0/0/6
[LJY27_zb_LSW2-ospf-1]area 0
[LJY27_zb_LSW2-ospf-1-area-0.0.0.0]network 10.10.40.0 0.0.0.3
[LJY27_zb_LSW2-ospf-1-area-0.0.0.0]network 192.27.10.0 0.0.0.255
[LJY27_zb_LSW2-ospf-1-area-0.0.0.0]network 192.27.20.0 0.0.0.255
[LJY27_zb_LSW2-ospf-1-area-0.0.0.0]network 192.27.30.0 0.0.0.255
[LJY27_zb_LSW2-ospf-1-area-0.0.0.0]network 192.27.40.0 0.0.0.255
LJY27_fwq_LSW7:
<LJY27_fwq_LSW7> sys
Enter system view, return user view with Ctrl+Z.
[LJY27_fwq_LSW7]ospf 1
[LJY27_fwq_LSW7-ospf-1]area 0
[LJY27_fwq_LSW7-ospf-1-area-0.0.0.0]network10.10.50.0 0.0.0.3
[LJY27_fwq_LSW7-ospf-1-area-0.0.0.0]network172.16.1.0 0.0.0.255
LJY27_fwq_DHCP:
<LJY27_fwq_DHCP>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_fwq_DHCP]ospf 1
[LJY27_fwq_DHCP-ospf-1]area 0
[LJY27_fwq_DHCP-ospf-1-area-0.0.0.0]netw
[LJY27_fwq_DHCP-ospf-1-area-0.0.0.0]network 172.16.1.0 0.0.0.255
LJY27_fgs2_AR3:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname LJY27_fgs2_AR3
[LJY27_fgs2_AR3]ospf 1
[LJY27_fgs2_AR3-ospf-1]silent-interface g0/0/2.200
[LJY27_fgs2_AR3-ospf-1]silent-interface g0/0/2.210
[LJY27_fgs2_AR3-ospf-1]area 2
[LJY27_fgs2_AR3-ospf-1-area-0.0.0.2] network 10.10.10.0 0.0.0.3
[LJY27_fgs2_AR3-ospf-1-area-0.0.0.2] network 192.27.200.0 0.0.0.255
[LJY27_fgs2_AR3-ospf-1-area-0.0.0.2] network 192.27.210.0 0.0.0.255
11. 配置默认路由
LJY27_fgs_AR2:
<LJY27_fgs_AR2>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_fgs_AR2]ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
LJY27_fgs2_AR3:
<LJY27_fgs2_AR3>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_fgs2_AR3]ip route-static 0.0.0.0 0.0.0.0 10.10.10.1
LJY27_fwq_DHCP:
<LJY27_fwq_DHCP>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_fwq_DHCP]ip route-static 0.0.0.0 0.0.0.0 172.16.1.254
[LJY27_fwq_LSW7]ip route-static 202.16.10.1 27 10.10.50.1
LJY27_zb_AR1:
<LJY27_zb_AR1>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_zb_AR1]ip route-static 0.0.0.0 0.0.0.0 202.16.10.1
LJY27_zb_LSW1:
<LJY27_zb_LSW1>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_zb_LSW1]ip route-static 0.0.0.0 0.0.0.0 10.10.30.1
LJY27_zb_LSW2:
<LJY27_zb_LSW2>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_zb_LSW2]ip route-static 0.0.0.0 0.0.0.0 10.10.40.1
LJY27_fgs_AR2:
<LJY27_fgs_AR2>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_fgs_AR2]ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
LJY27_fgs2_AR3
<LJY27_fgs2_AR3>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_fgs2_AR3]ip route-static 0.0.0.0 0.0.0.0 10.10.10.1
LJY27_fwq_LSW7:
<LJY27_fwq_LSW7>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_fwq_LSW7]ip route-static 0.0.0.0 0.0.0.0 10.10.50.1
AR4:
<Huawei>sys
[Huawei]ip route-static 172.16.1.0 255.255.255.0 202.16.10.5
12. 配置NAT
LJY27_zb_AR1:
<LJY27_zb_AR1>sys
Enter system view, return user view with Ctrl+Z.
[LJY27_zb_AR1]int s1/0/0
[LJY27_zb_AR1-Serial1/0/0]ip add 202.16.10.5 27
[LJY27_zb_AR1-Serial1/0/0]nat address-group 1 202.16.10.6 202.16.10.19
[LJY27_zb_AR1]acl 2001
[LJY27_zb_AR1-acl-basic-2001]rule 5 permit source 192.27.100.0 0.0.0.255
[LJY27_zb_AR1-acl-basic-2001]rule 10 permit source 192.27.110.0 0.0.0.255
[LJY27_zb_AR1-acl-basic-2001]rule 15 permit source 192.27.200.0 0.0.0.255
[LJY27_zb_AR1-acl-basic-2001]rule 20 permit source 192.27.210.0 0.0.0.255
[LJY27_zb_AR1-acl-basic-2001]rule 25 permit source 192.27.10.0 0.0.0.255
[LJY27_zb_AR1-acl-basic-2001]rule 30 permit source 192.27.20.0 0.0.0.255
[LJY27_zb_AR1-acl-basic-2001]rule 35 permit source 192.27.30.0 0.0.0.255
[LJY27_zb_AR1-acl-basic-2001]rule 40 permit source 192.27.40.0 0.0.0.25
[LJY27_zb_AR1-acl-basic-2001]rule 40 permit source 192.27.40.0 0.0.0.255
[LJY27_zb_AR1-acl-basic-2001]int s1/0/0
[LJY27_zb_AR1-Serial1/0/0]nat outbound 2001 address-group 1 no-pat
[LJY27_zb_AR1-Serial1/0/0]ip route-static 0.0.0.0 0.0.0.0 202.16.10.1
[LJY27_zb_AR1]int s1/0/0
[LJY27_zb_AR1-Serial1/0/0]nat server protocol tcp global 202.16.10.20 www inside 172.16.1.2 8080
13. 配置ACL访问控制列表
LJY27_zb_AR1
[LJY27_zb_AR1]acl 2000
[LJY27_zb_AR1-acl-basic-2000]rule 5 deny source 192.27.20.0 0.0.0.255
[LJY27_zb_AR1-acl-basic-2000]rule 10 deny source 192.27.30.0 0.0.0.255
[LJY27_zb_AR1-acl-basic-2000]rule 15 deny source 192.27.40.0 0.0.0.255
[LJY27_zb_AR1-acl-basic-2000]rule 20 permit source 192.27.10.0 0.0.0.255
[LJY27_zb_AR1-acl-basic-2000]int g4/0/0
[LJY27_zb_AR1-GigabitEthernet4/0/0]traffic-filter outbound acl 2000
[LJY27_zb_AR1-GigabitEthernet4/0/0]int g4/0/1
[LJY27_zb_AR1-GigabitEthernet4/0/1]traffic-filter outbound acl 2000
14. 各设备的运行配置列表
分公司1
LJY27_fgs_AR2
<LJY27_fgs_AR2>dis cu
[V200R003C00]
#
sysname LJY27_fgs_AR2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
dhcp enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user cjnet password cipher %$%$0[F_!Ib<';4!Rp>F[='$Q"M:%$%$
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.10.20.1 255.255.255.252
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.100
dot1q termination vid 100
ip address 192.27.100.254 255.255.255.0
arp broadcast enable
dhcp select relay
dhcp relay server-ip 172.16.1.1
#
interface GigabitEthernet0/0/1.110
dot1q termination vid 110
ip address 192.27.110.254 255.255.255.0
arp broadcast enable
dhcp select relay
dhcp relay server-ip 172.16.1.1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 1
silent-interface GigabitEthernet0/0/1.100
silent-interface GigabitEthernet0/0/1.110
area 0.0.0.1
network 10.10.20.0 0.0.0.3
network 192.27.100.0 0.0.0.255
network 192.27.110.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
user-interface vty 16 20
#
wlan ac
#
return
LJY27_fgs_LSW9
<LJY27_fgs_LSW9>
<LJY27_fgs_LSW9>dis cu
#
sysname LJY27_fgs_LSW9
#
undo info-center enable
#
vlan batch 100 110
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 100
#
interface Ethernet0/0/2
port link-type access
port default vlan 110
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 110
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
分公司2
LJY27_fgs2_AR3
<LJY27_fgs2_AR3>dis cu
[V200R003C00]
#
sysname LJY27_fgs2_AR3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
dhcp enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user cjnet password cipher %$%$[Umu:,[lPOwwxi)imKu-Q'8=%$%$
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip address 10.10.10.2 255.255.255.252
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/2.200
dot1q termination vid 200
ip address 192.27.200.254 255.255.255.0
arp broadcast enable
dhcp select relay
dhcp relay server-ip 172.16.1.1
#
interface GigabitEthernet0/0/2.210
dot1q termination vid 210
ip address 192.27.210.254 255.255.255.0
arp broadcast enable
dhcp select relay
dhcp relay server-ip 172.16.1.1
#
interface NULL0
#
ospf 1
silent-interface GigabitEthernet0/0/2.200
silent-interface GigabitEthernet0/0/2.210
area 0.0.0.2
network 10.10.10.0 0.0.0.3
network 192.27.200.0 0.0.0.255
network 192.27.210.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 10.10.10.1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
user-interface vty 16 20
#
wlan ac
#
return
LJY27_fgs2_LSW10
<LJY27_fgs2_LSW10>dis cu
#
sysname LJY27_fgs2_LSW10
#
undo info-center enable
#
vlan batch 200 210
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 200
#
interface Ethernet0/0/2
port link-type access
port default vlan 210
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 200 210
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
总部
LJY27_zb_AR1
<LJY27_zb_AR1>dis cu
[V200R003C00]
#
sysname LJY27_zb_AR1
#
board add 0/1 2SA
board add 0/4 4GET
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 deny source 192.27.20.0 0.0.0.255
rule 10 deny source 192.27.30.0 0.0.0.255
rule 15 deny source 192.27.40.0 0.0.0.255
rule 20 permit source 192.27.10.0 0.0.0.255
acl number 2001
rule 5 permit source 192.27.100.0 0.0.0.255
rule 10 permit source 192.27.110.0 0.0.0.255
rule 15 permit source 192.27.200.0 0.0.0.255
rule 20 permit source 192.27.210.0 0.0.0.255
rule 25 permit source 192.27.10.0 0.0.0.255
rule 30 permit source 192.27.20.0 0.0.0.255
rule 35 permit source 192.27.30.0 0.0.0.255
rule 40 permit source 192.27.40.0 0.0.0.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user cjnet password cipher %$%$1i3F4C4ho:YM4e<Y/8+7Q&4}%$%$
#
firewall zone Local
priority 15
#
nat address-group 1 202.16.10.6 202.16.10.19
#
interface Serial1/0/0
link-protocol ppp
ip address 202.16.10.5 255.255.255.224
nat server protocol tcp global 202.16.10.20 www inside 172.16.1.2 8080
nat outbound 2001 address-group 1 no-pat
#
interface Serial1/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.10.50.1 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 10.10.30.1 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 10.10.40.1 255.255.255.252
#
interface GigabitEthernet4/0/0
ip address 10.10.20.2 255.255.255.252
traffic-filter outbound acl 2000
#
interface GigabitEthernet4/0/1
ip address 10.10.10.1 255.255.255.252
traffic-filter outbound acl 2000
#
interface GigabitEthernet4/0/2
#
interface GigabitEthernet4/0/3
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 10.10.30.0 0.0.0.3
network 10.10.40.0 0.0.0.3
network 10.10.50.0 0.0.0.3
area 0.0.0.1
network 10.10.20.0 0.0.0.3
area 0.0.0.2
network 10.10.10.0 0.0.0.3
#
ip route-static 0.0.0.0 0.0.0.0 202.16.10.1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
user-interface vty 16 20
#
wlan ac
#
return
LJY27_zb_LSW1
<LJY27_zb_LSW1>dis cu
#
sysname LJY27_zb_LSW1
#
undo info-center enable
#
vlan batch 10 20 30 40 70
#
stp instance 1 root primary
stp instance 2 root primary
stp instance 3 root secondary
stp instance 4 root secondary
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
stp region-configuration
region-name huawei
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
instance 3 vlan 30
instance 4 vlan 40
active region-configuration
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
local-user cjnet password cipher >:@7=5T:*&II>,Z,88J\:Q!!
local-user cjnet privilege level 15
local-user cjnet service-type telnet
#
interface Vlanif1
#
interface Vlanif10
ip address 192.27.10.252 255.255.255.0
vrrp vrid 10 virtual-ip 192.27.10.254
dhcp select relay
dhcp relay server-ip 172.16.1.1
#
interface Vlanif20
ip address 192.27.20.252 255.255.255.0
vrrp vrid 20 virtual-ip 192.27.20.254
dhcp select relay
dhcp relay server-ip 172.16.1.1
#
interface Vlanif30
ip address 192.27.30.253 255.255.255.0
vrrp vrid 30 virtual-ip 192.27.30.254
dhcp select relay
dhcp relay server-ip 172.16.1.1
#
interface Vlanif40
ip address 192.27.40.253 255.255.255.0
vrrp vrid 40 virtual-ip 192.27.40.254
dhcp select relay
dhcp relay server-ip 172.16.1.1
#
interface Vlanif70
ip address 10.10.30.2 255.255.255.252
#
interface MEth0/0/1
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 70
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
eth-trunk 1
#
interface GigabitEthernet0/0/22
eth-trunk 1
#
interface GigabitEthernet0/0/23
eth-trunk 1
#
interface GigabitEthernet0/0/24
eth-trunk 1
#
interface NULL0
#
ospf 1
silent-interface GigabitEthernet0/0/2
silent-interface GigabitEthernet0/0/3
silent-interface GigabitEthernet0/0/4
silent-interface GigabitEthernet0/0/5
area 0.0.0.0
network 10.10.30.0 0.0.0.3
network 192.27.10.0 0.0.0.255
network 192.27.20.0 0.0.0.255
network 192.27.30.0 0.0.0.255
network 192.27.40.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 10.10.30.1
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
LJY27_zb_LSW2
<LJY27_zb_LSW2>dis cu
#
sysname LJY27_zb_LSW2
#
undo info-center enable
#
vlan batch 10 20 30 40 80
#
stp instance 1 root secondary
stp instance 2 root secondary
stp instance 3 root primary
stp instance 4 root primary
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
stp region-configuration
region-name huawei
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
instance 3 vlan 30
instance 4 vlan 40
active region-configuration
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
local-user cjnet password cipher >:@7=5T:*&II>,Z,88J\:Q!!
local-user cjnet privilege level 15
local-user cjnet service-type telnet
#
interface Vlanif1
#
interface Vlanif10
ip address 192.27.10.253 255.255.255.0
vrrp vrid 10 virtual-ip 192.27.10.254
dhcp select relay
dhcp relay server-ip 172.16.1.1
#
interface Vlanif20
ip address 192.27.20.253 255.255.255.0
vrrp vrid 20 virtual-ip 192.27.20.254
dhcp select relay
dhcp relay server-ip 172.16.1.1
#
interface Vlanif30
ip address 192.27.30.252 255.255.255.0
vrrp vrid 30 virtual-ip 192.27.30.254
dhcp select relay
dhcp relay server-ip 172.16.1.1
#
interface Vlanif40
ip address 192.27.40.252 255.255.255.0
vrrp vrid 40 virtual-ip 192.27.40.254
dhcp select relay
dhcp relay server-ip 172.16.1.1
#
interface Vlanif80
ip address 10.10.40.2 255.255.255.252
#
interface MEth0/0/1
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 80
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/6
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
eth-trunk 1
#
interface GigabitEthernet0/0/22
eth-trunk 1
#
interface GigabitEthernet0/0/23
eth-trunk 1
#
interface GigabitEthernet0/0/24
eth-trunk 1
#
interface NULL0
#
ospf 1
silent-interface GigabitEthernet0/0/3
silent-interface GigabitEthernet0/0/4
silent-interface GigabitEthernet0/0/5
silent-interface GigabitEthernet0/0/6
area 0.0.0.0
network 10.10.40.0 0.0.0.3
network 192.27.10.0 0.0.0.255
network 192.27.20.0 0.0.0.255
network 192.27.30.0 0.0.0.255
network 192.27.40.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 10.10.40.1
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
LJY27_jlb_LSW3
<LJY27_jlb_LSW3>dis cu
#
sysname LJY27_jlb_LSW3
#
undo info-center enable
#
vlan batch 10
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
LJY27_cwb_LSW4
<LJY27_cwb_LSW4>dis cu
#
sysname LJY27_cwb_LSW4
#
vlan batch 20
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 20
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
LJY27_rsb_LSW5
<LJY27_rsb_LSW5>dis cu
#
sysname LJY27_rsb_LSW5
#
undo info-center enable
#
vlan batch 30
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 30
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
LJY27_kfb_LSW6
<LJY27_kfb_LSW6>dis cu
#
sysname LJY27_kfb_LSW6
#
undo info-center enable
#
vlan batch 40
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 40
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
Return
服务器
LJY27_fwq_LSW7
<LJY27_fwq_LSW7>dis cu
#
sysname LJY27_fwq_LSW7
#
undo info-center enable
#
vlan batch 50 60
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
local-user cjnet password cipher >:@7=5T:*&II>,Z,88J\:Q!!
local-user cjnet privilege level 15
local-user cjnet service-type telnet
#
interface Vlanif1
#
interface Vlanif50
ip address 10.10.50.2 255.255.255.252
#
interface Vlanif60
ip address 172.16.1.254 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 50
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 60
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 60
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 60
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 10.10.50.0 0.0.0.3
network 172.16.1.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 10.10.50.1
ip route-static 202.16.10.0 255.255.255.224 10.10.50.1
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
LJY27_fwq_DHCP
<LJY27_fwq_DHCP>dis cu
[V200R003C00]
#
sysname LJY27_fwq_DHCP
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
dhcp enable
#
ip pool fgs1
gateway-list 192.27.100.254
network 192.27.100.0 mask 255.255.255.0
#
ip pool fgs1glb1
gateway-list 192.27.110.254
network 192.27.110.0 mask 255.255.255.0
#
ip pool fgs2xsb2
gateway-list 192.27.200.254
network 192.27.200.0 mask 255.255.255.0
#
ip pool fgs2glb2
gateway-list 192.27.210.254
network 192.27.210.0 mask 255.255.255.0
#
ip pool zbjlb
gateway-list 192.27.10.254
network 192.27.10.0 mask 255.255.255.0
excluded-ip-address 192.27.10.252 192.27.10.253
#
ip pool zbcwb
gateway-list 192.27.20.254
network 192.27.20.0 mask 255.255.255.0
excluded-ip-address 192.27.20.252 192.27.20.253
#
ip pool zbrsb
gateway-list 192.27.30.254
network 192.27.30.0 mask 255.255.255.0
excluded-ip-address 192.27.30.252 192.27.30.253
#
ip pool zbkfb
gateway-list 192.27.40.254
network 192.27.40.0 mask 255.255.255.0
excluded-ip-address 192.27.40.252 192.27.40.253
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 172.16.1.1 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 172.16.1.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 172.16.1.254
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
单纯想公司内网全网通的配置步骤:
配置端口聚合,配置网关冗余VRRP,配置单臂路由,配置DHCP服务,配置生成树MSTP协议
华为ensp园区网络设计与实施相关推荐
- 华为ensp——企业网络的设计与实现【具体配置】
企业网络的设计与实现--具体配置 本次实验在华为ensp模拟器具体实现. 文章目录 企业网络的设计与实现--具体配置 拓扑图 网段划分 办公区 VLAN+端口配置(二层) 无线网络配置 DHCP配置 ...
- 华为云园区网络四大升级;IMAX中国十一黄金周劲收1.68亿票房;电通集团推出综合解决方案电通游戏 | 全球TMT...
国内市场 华为云园区网络四大升级.华为CloudCampus 3.0云园区网络在无线.有线.广域互联.智能运维四个方面进行全面升级,带来全新的Wi-Fi 6新品."小行星"架构的园 ...
- 华为ensp防火墙园区网络设计与部署
又临近期末,老师给我们自己做一个防火墙大作业 在这里分享一个我的期末作业 文档名称 防火墙设计实施文档 学生姓名 专业名称 ...
- 华为企业园区网络建设技术方案建议书
项目概述 根据实际情况增加项目介绍 项目背景 项目目标 园区总体系统规划设计 需求分析 随着企业信息化建设不断深入,企业的生产业务系统.经营管理系统.办公自动化系统均得到大力发展,对于企业园 ...
- 华为ensp保存网络设备配置和导出导入网络设备
配置好的策略后,没有进行保存,断电后导致设备不能正常使用,之前配置的数据也丢失了,还要重新配置,下面操作如何保存配置好的策略,和设备的导入导出: 首先打开ensp软件,拉入两个设备用线连接好开机,做好 ...
- 基于ensp的网络设计【实现网络互联、限制访问、内外网地址转换】
做下来觉得比较像是计算机网络的课设,有用的话就点个
- 《CCNP SWITCH 300-115认证考试指南》——第1章 企业园区网络的设计
本节书摘来自异步社区<CCNP SWITCH 300-115认证考试指南>一书中的第1章 企业园区网络的设计,作者 [美]David Hucaby(戴维 胡卡比),更多章节内容可以访问云栖 ...
- IP网络设计系列之-局域网设计
[导读]这是ip网络设计系列讲座的最后一部分,讨论园区局域网设计中遇到的一些问题.以太网交换机优越于传统的集线器环境的好处将首先介绍一下.应用虚拟局域网的动机已经同规划和配置虚拟局域网遇到的问题一起进 ...
- 华为认证的网络工程师证好考吗,含金量高吗 ?
华为认证分等级的,相当于初中高三个等级,当然高级是比较难考的,也是含金量最高的.我就慢慢给你介绍一下. 1.了解华为认证 华为认证网络工程师是由华为公司认证与采购部推出的独立认证体系,与之前的华为认证 ...
最新文章
- bzoj 1040: [ZJOI2008]骑士 树形dp
- Oracle cursor_sharing 参数 详解
- 2000/XP自动网络GHOST+全自动改IP
- 利用Axis2默认口令安全漏洞入侵WebService网站
- linux mode4的双网卡绑定,Linux实现双网卡绑定自动化脚本 | 聂扬帆博客
- 牛客 牛牛选物(01背包)
- 18-ESP8266 SDK开发基础入门篇--TCP 服务器 RTOS版,串口透传,TCP客户端控制LED
- 终端不能联网_5G和物联网DDA的关系
- 使用SharedPreferences存储和读取数据
- onCreate onStart onResume onStop onPause onDestroy onRestart onWindowFocusChanged
- 有趣的mysql string和0比较返回1的问题
- 电脑照片尺寸如何调整成自己想要的
- 用pentbox-1.8在kali中设置蜜罐记录攻击者行为
- 前端des加密,后端des解密
- 南宁计算机职称考试网,南宁人事考试职称网
- Python爬虫实战(1):抓取毒舌电影最新推送
- JAVA 根据身份证获取年龄
- 实验三十五 Windows Server 2012 RDS桌面虚拟化之六VDI虚拟桌面的用户管理和安全防护
- 转:九月十月百度人搜,阿里巴巴,腾讯华为笔试面试八十题(第331-410题)
- 最小树形图 之 朱刘算法【模板】