环境介绍
三层楼
12楼 4台二层交换机,4个摄像头,2个无线AP,一个门禁
11楼 一台路由器,一台三层交换机,四台二层交换机,4个摄像头,2个无线AP,一个门禁,4台服务器,两台光纤交换机,一台SAN存储,一台上网行为管理,
10楼 4台二层交换机,4个摄像头,2个无线AP,一个门禁
注:服务器 LENOVO ThinkServer RD440
路由器 HUAWEI S5700 V200R003C00SPC300
交换机 HUAWEI S5700 V200R003C00SPC300 24个千兆以太接口
目的
保证各自自动获取ip地址,并且实现广播隔离,内外网可以通讯
网络规划
1.网络拓扑
2.网段划分
楼层网段(12) VLAN12 IP: 192.168.12.0/24
楼层网段(12) VLAN11 IP: 192.168.11.0/24
楼层网段(12)
VLAN10 IP: 192.168.10.0/24
服务器网段
VLAN18 IP : 192.168.18.0/24
虚拟桌面网段 VLAN16 IP: 192.168.16.0/24
网络设备网段 VLAN8 IP: 192.168.8.0/24
路由器段 VLAN6 IP: 192.168.6.0/24
无线 VLAN11 IP: 192.168.9.0/24
各网段网关均为192.168.*.254
每层第一个交换机的23,24配置为无线access模式、
19,20,21,22为摄像头为access模式
每个交换机的第一个接口配置为级联口
vlan1作为每个交换机的管理接口
3.网络配置
路由器配置
==================================================================================
三层交换机配置
基本用户配置
<>sys
[]sysname HX-Switch
[HX-Switch]user-interface vty 0 4
[
HX-Switch
-vty0-4]authencation-mode aaa
[
HX-Switch
-vty0-4]aaa
[
HX-Switch
-aaa]
[
HX-Switch
-aaa]
local-user pxtadmin password cipher xxx
[
HX-Switch
-aaa]
local-user pxtadmin privilege level 5
[
HX-Switch
-aaa]
local-user pxtadmin service-type telnet terminal ssh http
[
HX-Switch
-aaa]quit
[
HX-Switch
]telnet server enable 开启telnet服务
ip管理
[
HX-Switch
]interface vlanf 1
[
HX-Switch
]
ip address 192.168.16.253 255.255.255.0
划分及配置vlan网关及开启dhcp
[
HX-Switch
]interface vlanif6
ip address 192.168.6.254 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 192.168.6.180 192.168.6.253
dhcp server dns-list 192.168.8.1 192.168.18.2
[
HX-Switch
]interface vlanif8
ip address 192.168.8.254 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 192.168.8.1 192.168.8.100
dhcp server excluded-ip-address 192.168.8.180 192.168.8.254
dhcp server dns-list 192.168.8.1 192.168.18.2
[
HX-Switch
]interface vlanif9
ip address 192.168.9.254 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 192.168.9.1240 192.168.9.254
dhcp server dns-list 192.168.8.1 192.168.18.2
[
HX-Switch
]interface vlanif10
ip address 192.168.6.254 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 192.168.10.240 192.168.10.253
dhcp server dns-list 192.168.8.1 192.168.18.2
[
HX-Switch
]interface vlanif11
ip address 192.168.11.254 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 192.168.11.240 192.168.11.248
dhcp server excluded-ip-address 192.168.11.250 192.168.11.253
dhcp server dns-list 192.168.8.1 192.168.18.2
[
HX-Switch
]interface vlanif12
ip address 192.168.12.254 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 192.168.12.240 192.168.12.248
dhcp server excluded-ip-address 192.168.12.250 192.168.12.253
dhcp server dns-list 192.168.8.1 192.168.18.2
[
HX-Switch
]interface vlanif18
ip address 192.168.18.254 255.255.255.0
[
HX-Switch
]interface vlanif110
ip address 192.168.110.254 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 192.168.110.240 192.168.110.248
dhcp server excluded-ip-address 192.168.110.250 192.168.6.253
dhcp server dns-list 202.96.134.133 8.8.8.8
interface MEth0/0/1
接口配置
interface GigabitEhternet0/0/1
port link-type access
port default vlan 6
interface GigabitEhternet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/6
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/7
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/8
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/9
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/10
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/11
port link-type access
port default vlan 18
interface GigabitEhternet0/0/12
port link-type access
port default vlan 8
interface GigabitEhternet0/0/13
port link-type access
port default vlan 8
interface GigabitEhternet0/0/14
port link-type access
port default vlan 8
interface GigabitEhternet0/0/15
port link-type access
port default vlan 8
interface GigabitEhternet0/0/16
port link-type access
port default vlan 8
interface GigabitEhternet0/0/17
port link-type access
port default vlan 8
interface GigabitEhternet0/0/18
port link-type access
port default vlan 8
interface GigabitEhternet0/0/19
port link-type access
port default vlan 8
interface GigabitEhternet0/0/20
port link-type access
port default vlan 8
interface GigabitEhternet0/0/21
port link-type access
port default vlan 18
interface GigabitEhternet0/0/22
port link-type access
port default vlan 18
interface GigabitEhternet0/0/23
port link-type access
port default vlan 6
interface GigabitEhternet0/0/24
port link-type access
port default vlan 6
dhcp server group 12
gateway 192.168.12.254
interface vlanif1
ip address 192.168.6.254 255.255.255.0
dhcp select interface
dhcp server exclude-ip-address 192.168.6.180 192.168.6.253
dhcp server dns-list 192.168.18.2 192.168.8.1
=================================================================================================
二层交换机
12楼配置
S1201:
配置用户远程登陆密码及3A认证
<>sys 进入全局配置模式
[S1201]sysname xxx 给交换机命名
[S1201]user-interface vty 0 4 配置vty虚拟远程登陆端口
[S1201-ui-vty0-4] authentication-mode aaa 配置认证模式为3A认证
[S1201-ui-vty0-4] aaa 进入3A认证模式
[S1201-aaa] local-user pxtadmin password cipher xxxxx 添加用户
[S1201-aaa]local-user pxtadmin privilege level 15 为用户设置权限等级
[S1201-aaa]local-user pxtadmin service-type telnet terminal ssh http 允许远程登陆的服务类型
[S1201-aaa]quit 推出aaa模式
[S1201]telnet server enable 开启telnet服务
配置管理ip
[S1201] interface vlanf 1 进入vlan 1 接口
[S1201]ip address 192.168.16.121 255.255.255.0
配置vlan
trunk模式(接交换机)
[S1201]
interface g0/0/1
[S1201-GigabitEthernet0/0/1]port link-type trunk 配置接口类型为trunk
[S1201-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 to 4094 允许vlan2到vlan4094通过
access模式(主机接入)
[S1201]
vlan 12 添加vlan 12
[S1201-vlan10]quit
[S1201]interface g0/0/2
[S1201-GigabitEthernet0/0/2]port link-type access 接口模式为access
[S1201-GigabitEthernet0/0/2]port default vlan 12 接口加入到vlan10
wireless-user
[S1201]vlan 9 添加vlan 9
[S1201-vlan9] quit
[S1201]interface g0/0/23
[S1201-GigabitEthernet0/0/23]port link-type trunk
[S1201-GigabitEthernet0/0/23]
port trunk allow-pass vlan 2 to 4094
wireless-admin
[S1201]vlan 110 添加vlan110
[S1201-vlan110] quit
[S1201]interface g0/0/24
[S1201-GigabitEthernet0/0/24]
port link-type trunk
[S1201-GigabitEthernet0/0/24]
port trunk allow-pass vlan 2 to 4094
monitor
配置静态路由
[S1201]ip route-static 0.0.0.0 0.0.0.0 192.168.16.253 配置默认路由