华为HCNA技术配置小型公司网络

一、设计目的

利用华为HCNA网络技术设计经典网络实例,仿真实现日常生活中小型网络的基本需求。

二、设计原理

  1. 实验拓扑图

华为HCNA技术配置小型公司网络_第1张图片

三、设计要求

1.链路聚合

2.VLAN

3.STP

4.IP地址规划

根据表格为设备配置IP地址以及网关。

设备/端口

IP地址

网关

PC1

自动获取

 

PC2

自动获取

 

PC3

自动获取

 

PC4

自动获取

 

HTTP-Server

100.1.1.1/24

 

SW1-VLANIF 10

10.1.10.254/24

 

SW1-VLANIF 20

10.1.20.254/24

 

SW1-VLANIF 13

10.1.13.3/24

 

SW2-VLANIF 14

10.1.14.4/24

 

AR1-G0/0/0

100.1.12.1/24

 

AR1-G0/0/1

10.1.13.1/24

 

AR1-G0/0/2

10.1.14.1/24

 

AR2-G0/0/0

100.1.12.2/24

 

AR2-G0/0/1

100.1.1.254/24

 

注:所有VLAN内主机的网关都在SW1上。

5.PPP认证

6.DHCP服务

7.配置RIP协议

8.NAT技术

9.设备登陆控制

10.流量控制

 

 

四、设计步骤

1.链路聚合

(1)SW1和SW2之间配置三条链路的LACP模式的链路聚合,其中SW1为主动端,SW2为被动端

//配置二层Eth-Trunk接口

[S1]interface Eth-Trunk 1

[S2]interface Eth-Trunk 1

//配置链路聚合模式为LACP模式

LACP模式下,需手工创建Eth-Trunk,手工加入Eth-Trunk成员接口,但活动接口的选择是由LACP协商确定的,配置相对灵活。

[S1-Eth-Trunk1]mode lacp

[S2-Eth-Trunk1]mode lacp

//将成员接口加入聚合组

[S1-Eth-Trunk1]trunkport GigabitEthernet 0/0/22 to 0/0/24

[S2-Eth-Trunk1]trunkport GigabitEthernet 0/0/22 to 0/0/24

//在S1上配置优先级为100,使其成为LACP主动端

[S1]lacp priority 100

 

(2)LACP的最大活跃链路为3条

//在S1,S2上配置活动接口上限阈值为3

[S1]interface Eth-Trunk 1

[S1-Eth-Trunk1]max active-linknumber 3

[S2-Eth-Trunk1]max active-linknumber 3

//在S1上配置接口优先级确定活动链路

[S1-GigabitEthernet0/0/22]lacp priority 100

[S1-GigabitEthernet0/0/23]lacp priority 100

[S1-GigabitEthernet0/0/24]lacp priority 100

查看链路聚合配置结果:

华为HCNA技术配置小型公司网络_第2张图片

华为HCNA技术配置小型公司网络_第3张图片

2.VLAN

(1)按照拓扑要求将交换机连接PC和路由器的端口划分进相应VLAN。

//在S3上,将端口E0/0/3和E0/0/4分别加入到VLAN 10和VLAN 20。  

[S3-Ethernet0/0/3]port link-type access

[S3-Ethernet0/0/4]port link-type access

[S3]vlan 10

[S3]vlan 20

[S3-vlan10]port Ethernet 0/0/3

[S3-vlan20]port Ethernet 0/0/4

//在S4上,将端口E0/0/3和E0/0/4分别加入VLAN 10和VLAN 20。

[S4-Ethernet0/0/3]port link-type access

[S4-Ethernet0/0/4]port link-type access

[S4-vlan10]port Ethernet 0/0/3

[S4-vlan20]port Ethernet 0/0/4

//在S1上,将端口G0/0/1加入VLAN 13。

[S1-GigabitEthernet0/0/1]port link-type access

[S1-vlan13]port GigabitEthernet 0/0/1

//在S2上,将端口G0/0/1加入VLAN 14。

[S2-GigabitEthernet0/0/1]port link-type access

[S2-vlan14]port GigabitEthernet 0/0/1

 

(2)交换机之间互联端口配置为TRUNK端口并允许除VLAN 1以外其他所有VLAN通过。

[S1-GigabitEthernet0/0/2]port link-type trunk

[S1-GigabitEthernet0/0/2]port trunk allow-pass vlan all

[S1-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1

[S1-GigabitEthernet0/0/2]int g0/0/3

[S1-GigabitEthernet0/0/3]port link-type trunk

[S1-GigabitEthernet0/0/3]port trunk allow-pass vlan all

[S1-GigabitEthernet0/0/3]undo port trunk allow-pass vlan 1

[S2-GigabitEthernet0/0/2]port link-type trunk

[S2-GigabitEthernet0/0/2]port trunk allow-pass vlan all

[S2-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1

[S2-GigabitEthernet0/0/2]int g0/0/3

[S2-GigabitEthernet0/0/3]port link-type trunk

[S2-GigabitEthernet0/0/3]port trunk allow-pass vlan all

[S2-GigabitEthernet0/0/3]undo port trunk allow-pass vlan 1

[S3-Ethernet0/0/1]port link-type trunk

[S3-Ethernet0/0/1]port trunk allow-pass vlan all

[S3-Ethernet0/0/1]undo port trunk allow-pass vlan 1

[S3-Ethernet0/0/1]int e0/0/2

[S3-Ethernet0/0/2]port link-type trunk

[S3-Ethernet0/0/2]port trunk allow-pass vlan all

[S3-Ethernet0/0/2]undo port trunk allow-pass vlan 1

[S4]int e0/0/1

[S4-Ethernet0/0/1]port link-type trunk

[S4-Ethernet0/0/1]port trunk allow-pass vlan all

[S4-Ethernet0/0/1]undo port trunk allow-pass vlan 1

[S4-Ethernet0/0/1]int e0/0/2

[S4-Ethernet0/0/2]port link-type trunk

[S4-Ethernet0/0/2]port trunk allow-pass vlan all

[S4-Ethernet0/0/2]undo port trunk allow-pass vlan 1

查看VLAN配置结果:

华为HCNA技术配置小型公司网络_第4张图片

华为HCNA技术配置小型公司网络_第5张图片

华为HCNA技术配置小型公司网络_第6张图片

华为HCNA技术配置小型公司网络_第7张图片

3.STP

(1)所有交换机运行RSTP。

[S1]stp mode rstp

[S2]stp mode rstp

[S3]stp mode rstp

[S4]stp mode rstp

 

(2)指定SW1为根桥,SW2为备份根桥。

//配置根桥和备份根桥设备

[S1]stp root primary

[S2]stp root secondary 

//全局使能RSTP

[S1]stp enable

[S2]stp enable

[S3]stp enable

[S4]stp enable

 

(3)交换机连接PC的端口配置为边缘端口,并在开启边缘端口的交换机开启BPDU保护

//S3,S4连接PC的端口配置为边缘端口,并开启BPDU保护

[S3]int e0/0/3

[S3-Ethernet0/0/3]stp edged-port enable

[S3-Ethernet0/0/3]stp bpdu-filter enable

[S3-Ethernet0/0/3]int e0/0/4

[S3-Ethernet0/0/4]stp edged-port enable

[S3-Ethernet0/0/4]stp bpdu-filter enable

[S4]int e0/0/3

[S4-Ethernet0/0/3]stp edged-port enable

[S4-Ethernet0/0/3]stp bpdu-filter enable

[S4-Ethernet0/0/3]int e0/0/4

[S4-Ethernet0/0/4]stp edged-port enable

[S4-Ethernet0/0/4]stp bpdu-filter enable

 

(4)在根桥的DP端口开启根保护功能。

//在根桥的DP端口开启根保护功能

[S1]int g0/0/2

[S1-GigabitEthernet0/0/2]stp root-protection

[S1-GigabitEthernet0/0/2]int g0/0/3

[S1-GigabitEthernet0/0/3]stp root-protection

[S1]int Eth-Trunk 1

[S1-Eth-Trunk1]stp root-protection

 

(5)在SW2的RP端口开启环路保护功能

//在SW2的RP端口开启环路保护功能

[S2]int Eth-Trunk 1

[S2-Eth-Trunk1]stp loop-protection

 

查看STP配置结果:

华为HCNA技术配置小型公司网络_第8张图片

华为HCNA技术配置小型公司网络_第9张图片

华为HCNA技术配置小型公司网络_第10张图片

华为HCNA技术配置小型公司网络_第11张图片

 

4.IP地址规划

设备/端口

IP地址

设备/端口

IP地址

PC1

自动获取

SW1-VLANIF 13

10.1.13.3/24

PC2

自动获取

SW2-VLANIF 14

10.1.14.4/24

PC3

自动获取

AR1-S1/0/0

100.1.12.1/24

PC4

自动获取

AR1-G0/0/1

10.1.13.1/24

HTTP-Server

100.1.1.1/24

AR1-G0/0/2

10.1.14.1/24

SW1-VLANIF 10

10.1.10.254/24

AR2-S1/0/0

100.1.12.2/24

SW1-VLANIF 20

10.1.20.254/24

AR2-G0/0/1

100.1.1.254/24

[S1]vlan 10

[S1-vlan10]vlan 20

[S1-vlan20]vlan 14

[S1-Vlanif10]ip add 10.1.10.254 24

[S1-Vlanif20]ip add 10.1.20.254 24

[S1-Vlanif13]ip add 10.1.13.3 24

[S1-Vlanif14]ip add 10.1.14.4 24

[R1]int s1/0/0

[R1-Serial1/0/0]ip add 100.1.12.1 24

[R1-Serial1/0/0]int g0/0/1

[R1-GigabitEthernet0/0/1]ip add 10.1.13.1 24

[R1-GigabitEthernet0/0/1]int g0/0/2

[R1-GigabitEthernet0/0/2]ip add 10.1.14.1 24

[R2]int s1/0/0

[R2-Serial1/0/0]ip add 100.1.12.2 24

[R2-Serial1/0/0]int g0/0/1

[R2-GigabitEthernet0/0/1]ip add 100.1.1.254 24

 

5.PPP

配置R1和R2之间PPP的CHAP认证,R1为认证方,R2为被认证方,认证用户名为user1,密码为huawei@123。

[R1]aaa

[R1-aaa]local-user user1 password cipher huawei@123

Info: Add a new user.

[R1-aaa]local-user user1 service-type ppp

[R1-aaa]int s1/0/0

[R1-Serial1/0/0]link-protocol ppp

[R1-Serial1/0/0]ppp authentication-mode chap

 

[R2]int s1/0/0

[R2-Serial1/0/0]link-protocol ppp

[R2-Serial1/0/0]ppp chap user user1

[R2-Serial1/0/0]ppp chap password cipher huawei@123

查看PPP配置结果:

华为HCNA技术配置小型公司网络_第12张图片

 

6.DHCP

(1)在SW1上部署DHCP服务器,使用全局地址池,为VLAN 10和VLAN 20分配IP地址

//在S1上部署DHCP服务器,使用全局地址池

[S1]dhcp enable

[S1]ip pool vlan10 //创建一个全局地址池名为vlan10

[S1]ip pool vlan20 //创建一个全局地址池名为vlan20

 

(2)VLAN 10分配网段为10.1.10.0/24,VLAN 20分配10.1.20.0/24网段

[S1-ip-pool-vlan10]network 10.1.10.0 mask 255.255.255.0

[S1-ip-pool-vlan20]net 10.1.20.0 mask 255.255.255.0

 

(3)指定VLAN 10获取网关为10.1.10.254,VLAN 20获取网关为10.1.20.254

[S1-ip-pool-vlan10]gateway-list 10.1.10.254

[S1-ip-pool-vlan20]gateway-list 10.1.20.254

 

(4)指定PC1获得10.1.10.100的IP地址

//查看PC1的MAC地址为

static-bind ip-address 10.1.10.100 mac-address 5489-986B-5A1D

 

(5)地址分配租期为10 h

[S1-ip-pool-vlan10]lease day 0 hour 10

[S1-ip-pool-vlan20]lease day 0 hour 10

 

(6)保留10.1.10.200~10.1.10.210地址不能分配

[S1-ip-pool-vlan10]excluded-ip-address 10.1.10.200 10.1.10.210

[S1-Vlanif10]dhcp select global

[S1-Vlanif20]dhcp select global

 

查看DHCP配置结果:

华为HCNA技术配置小型公司网络_第13张图片

华为HCNA技术配置小型公司网络_第14张图片

PC1

华为HCNA技术配置小型公司网络_第15张图片

PC2

华为HCNA技术配置小型公司网络_第16张图片

PC3

华为HCNA技术配置小型公司网络_第17张图片

PC4

华为HCNA技术配置小型公司网络_第18张图片

 

7.RIP

(1)在R1和R2之间互联公网网段运行RIPv2,通告两台设备直连网段

[R1]rip

[R1-rip-1]network 100.0.0.0

[R1-rip-1]network 10.0.0.0

[R1-rip-1]version 2

[R2]rip

[R2-rip-1]network 100.1.0.0

[R2-rip-1]version 2

 

(2)在R1上将链接SW1和SW2的端口配置为静默端口

[R1]rip 1

[R1-rip-1]silent-interface GigabitEthernet 0/0/1

[R1-rip-1]silent-interface GigabitEthernet 0/0/2

 

(3)将R1和R2之间开销值配置为5跳。(注意来回一致)

[R1-Serial1/0/0]rip metricout 5

[R2-Serial1/0/0]rip metricout 5

 

查看RIP配置结果:

华为HCNA技术配置小型公司网络_第19张图片

 

华为HCNA技术配置小型公司网络_第20张图片

 

8.NAT

(1)在R1上部署地址池NAPT技术,使得内网只有10.1.10.0/24和10.1.20.0/24网段可以通过地址池访问外网服务器

(2)地址池范围为100.1.2.1~100.1.2.10

//在R1上配置NAT Outbound

[R1]nat address-group 1 100.1.2.1 100.1.2.10

[R1]acl 2000

[R1-acl-basic-2000]rule 5 permit source 10.1.10.0 0.0.0.255

[R1-acl-basic-2000]rule 10 permit source 10.1.20.0 0.0.0.255

[R1-Serial1/0/0]nat outbound 2000 address-group 1

 

(3)在SW1,SW2,R1合理配置静态路由使得内网可以通过NAT访问外网

[S1]ip route-static 100.1.1.0 24 10.1.13.1

[S1]ip route-static 100.1.12.0 24 10.1.13.1

[S2]ip route-static 100.1.1.0 24 10.1.14.1

[S2]ip route-static 100.1.12.0 24 10.1.14.1

[R1]ip route-static 10.1.10.0 24 10.1.13.3

[R1]ip route-static 10.1.20.0 24 10.1.13.3

[R2]ip route-static 100.1.2.0 24 100.1.12.1

 

查看NAT配置结果:

 

华为HCNA技术配置小型公司网络_第21张图片

 

华为HCNA技术配置小型公司网络_第22张图片

华为HCNA技术配置小型公司网络_第23张图片

内网可以ping通外网

 

9.设备登录控制

(1)配置R1可以通过密码huawei@123进行Console登陆

[R1]user-interface console 0

[R1-ui-console0]authentication-mode aaa

[R1-ui-console0]user privilege level 15

[R1]aaa

[R1-aaa]local-user admin1234 password cipher huawei@123

Info: Add a new user.

[R1-aaa]local-user admin1234 privilege level 3

[R1-aaa]local-user admin1234 service-type terminal

 

(2)配置R2可以通过用户名user1以及密码huawei@123进行Telnet登陆,用户登陆后的权限为3级权限。配置完成后可以在R1上进行Telnet测试

[R2]aaa

[R2-aaa]local-user user1 password cipher huawei@123 privilege level 3

[R2-aaa]local-user user1 service-type telnet

[R2]user-interface vty 0 4

[R2-ui-vty0-4]authentication-mode aaa

 

查看登录控制配置结果:

华为HCNA技术配置小型公司网络_第24张图片

 

华为HCNA技术配置小型公司网络_第25张图片

 

10.流量控制

在R2的G0/0/1接口通过配置流量控制,只允许内网用户通过NAT访问HTTP-Server的HTTP流量和ICMP流量,其他流量不能通过该接口。

[R2]acl 3000

[R2-acl-adv-3000]rule 5 permit icmp source 100.1.0.0 0.0.255.255 destination 100.1.1.1 0.0.0.0

[R2-acl-adv-3000]rule 10 permit tcp source 100.1.0.0 0.0.255.255 destination 100.1.1.1 0.0.0.0

[R2-GigabitEthernet0/0/1]traffic-filter outbound acl 3000

 

查看流量控制配置结果:

华为HCNA技术配置小型公司网络_第26张图片

 

五、配置

AR1:

密码:huawei@123

 

display current-configuration

[V200R003C00]

#

 sysname R1

#

 board add 0/1 2SA

#

 snmp-agent local-engineid 800007DB03000000000000

 snmp-agent

#

 clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load flash:/portalpage.zip

#

 drop illegal-mac alarm

#

 wlan ac-global carrier id other ac id 0

#

 set cpu-usage threshold 80 restore 75

#

acl number 2000  

 rule 5 permit source 10.1.10.0 0.0.0.255

 rule 10 permit source 10.1.20.0 0.0.0.255

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

 local-user admin service-type http

 local-user user1 password cipher %$%$u,nJS!4!kMJ1r^+FO-:J+lQn%$%$

 local-user user1 service-type ppp

 local-user admin1234 password cipher %$%$3gpcV_DG'Fa>t}0~oFZG/{C"%$%$

 local-user admin1234 privilege level 3

 local-user admin1234 service-type terminal

#

firewall zone Local

 priority 15

#

 nat address-group 1 100.1.2.1 100.1.2.10

#

interface Serial1/0/0

 link-protocol ppp

 ppp authentication-mode chap

 ip address 100.1.12.1 255.255.255.0

 rip metricout 5

 nat outbound 2000 address-group 1

#

interface Serial1/0/1

 link-protocol ppp

#

interface GigabitEthernet0/0/0

#

interface GigabitEthernet0/0/1

 ip address 10.1.13.1 255.255.255.0

#

interface GigabitEthernet0/0/2

 ip address 10.1.14.1 255.255.255.0

#

interface NULL0

#

rip 1

 version 2

 network 100.0.0.0

 network 10.0.0.0

 silent-interface GigabitEthernet0/0/1

 silent-interface GigabitEthernet0/0/2

#

ip route-static 0.0.0.0 0.0.0.0 100.1.12.2

ip route-static 10.1.10.0 255.255.255.0 10.1.13.3

ip route-static 10.1.20.0 255.255.255.0 10.1.13.3

#

user-interface con 0

 authentication-mode aaa

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

 

 

 

 

 

 

AR2:

display current-configuration

[V200R003C00]

#

 sysname R2

#

 board add 0/1 2SA

#

 snmp-agent local-engineid 800007DB03000000000000

 snmp-agent

#

 clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load flash:/portalpage.zip

#

 drop illegal-mac alarm

#

 wlan ac-global carrier id other ac id 0

#

 set cpu-usage threshold 80 restore 75

#

acl number 3000  

 rule 5 permit icmp source 100.1.0.0 0.0.255.255 destination 100.1.1.1 0

 rule 10 permit tcp source 100.1.0.0 0.0.255.255 destination 100.1.1.1 0

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

 local-user admin service-type http

 local-user user1 password cipher %$%$fFf3J'f)SJ+wwuP3(uTW/5U#%$%$

 local-user user1 privilege level 3

 local-user user1 service-type telnet

#

firewall zone Local

 priority 15

#

interface Serial1/0/0

 link-protocol ppp

 ppp chap user user1

 ppp chap password cipher %$%$j9yq@Tr&>4l:a`N%TV[:,"q,%$%$

 ip address 100.1.12.2 255.255.255.0

 rip metricout 5

#

interface Serial1/0/1

 link-protocol ppp

#

interface GigabitEthernet0/0/0

#

interface GigabitEthernet0/0/1

 ip address 100.1.1.254 255.255.255.0

 traffic-filter outbound acl 3000

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

rip 1

 version 2

 network 100.0.0.0

#

ip route-static 100.1.1.0 255.255.255.0 100.1.1.1

ip route-static 100.1.2.0 255.255.255.0 100.1.12.1

#

user-interface con 0

 authentication-mode password

user-interface vty 0 4

 authentication-mode aaa

 user privilege level 3

user-interface vty 16 20

#

wlan ac

#

return

 

 

 

 

 

 

 

LSW1:

display current-configuration

#

sysname S1

#

vlan batch 10 13 to 14 20

#

stp mode rstp

stp instance 0 root primary

#

lacp priority 100

#

cluster enable

ntdp enable

ndp enable

#

drop illegal-mac alarm

#

dhcp enable

#

diffserv domain default

#

drop-profile default

#

ip pool vlan10

 gateway-list 10.1.10.254

 network 10.1.10.0 mask 255.255.255.0

 static-bind ip-address 10.1.10.100 mac-address 5489-986b-5a1d

 excluded-ip-address 10.1.10.200 10.1.10.210

 lease day 0 hour 10 minute 0

#

ip pool vlan20

 gateway-list 10.1.20.254

 network 10.1.20.0 mask 255.255.255.0

 lease day 0 hour 10 minute 0

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password simple admin

 local-user admin service-type http

#

interface Vlanif1

#

interface Vlanif10

 ip address 10.1.10.254 255.255.255.0

 dhcp select global

#

interface Vlanif13

 ip address 10.1.13.3 255.255.255.0

#

interface Vlanif14

 ip address 10.1.14.4 255.255.255.0

#

interface Vlanif20

 ip address 10.1.20.254 255.255.255.0

 dhcp select global

#

interface MEth0/0/1

#

interface Eth-Trunk1

 stp root-protection

 mode lacp-static

 max active-linknumber 3

#

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 13

#

interface GigabitEthernet0/0/2

 port link-type trunk

 undo port trunk allow-pass vlan 1

 port trunk allow-pass vlan 2 to 4094

 stp root-protection

#

interface GigabitEthernet0/0/3

 port link-type trunk

 undo port trunk allow-pass vlan 1

 port trunk allow-pass vlan 2 to 4094

 stp root-protection

#

interface GigabitEthernet0/0/4

#

interface GigabitEthernet0/0/5

#

interface GigabitEthernet0/0/6

#

interface GigabitEthernet0/0/7

#

interface GigabitEthernet0/0/8

#

interface GigabitEthernet0/0/9

#

interface GigabitEthernet0/0/10

#

interface GigabitEthernet0/0/11

#

interface GigabitEthernet0/0/12

#

interface GigabitEthernet0/0/13

#

interface GigabitEthernet0/0/14

#

interface GigabitEthernet0/0/15

#

interface GigabitEthernet0/0/16

#

interface GigabitEthernet0/0/17

#

interface GigabitEthernet0/0/18

#

interface GigabitEthernet0/0/19

#

interface GigabitEthernet0/0/20

#

interface GigabitEthernet0/0/21

#

interface GigabitEthernet0/0/22

 eth-trunk 1

 lacp priority 100

#

interface GigabitEthernet0/0/23

 eth-trunk 1

 lacp priority 100

#

interface GigabitEthernet0/0/24

 eth-trunk 1

 lacp priority 100

#

interface NULL0

#

ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1

ip route-static 10.1.13.1 255.255.255.255 GigabitEthernet0/0/1

ip route-static 100.1.1.0 255.255.255.0 10.1.13.1

ip route-static 100.1.12.0 255.255.255.0 10.1.13.1

#

user-interface con 0

user-interface vty 0 4

#

return

 

 

LSW2:

display current-configuration

#

sysname S2

#

vlan batch 10 13 to 14 20

#

stp mode rstp

stp instance 0 root secondary

#

cluster enable

ntdp enable

ndp enable

#

drop illegal-mac alarm

#

diffserv domain default

#

drop-profile default

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password simple admin

 local-user admin service-type http

#

interface Vlanif1

#

interface MEth0/0/1

#

interface Eth-Trunk1

 stp loop-protection

 mode lacp-static

 max active-linknumber 3

#

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 14

#

interface GigabitEthernet0/0/2

 port link-type trunk

 undo port trunk allow-pass vlan 1

 port trunk allow-pass vlan 2 to 4094

#

interface GigabitEthernet0/0/3

 port link-type trunk

 undo port trunk allow-pass vlan 1

 port trunk allow-pass vlan 2 to 4094

#

interface GigabitEthernet0/0/4

#

interface GigabitEthernet0/0/5

#

interface GigabitEthernet0/0/6

#

interface GigabitEthernet0/0/7

#

interface GigabitEthernet0/0/8

#

interface GigabitEthernet0/0/9

#

interface GigabitEthernet0/0/10

#

interface GigabitEthernet0/0/11

#

interface GigabitEthernet0/0/12

#

interface GigabitEthernet0/0/13

#

interface GigabitEthernet0/0/14

#

interface GigabitEthernet0/0/15

#

interface GigabitEthernet0/0/16

#

interface GigabitEthernet0/0/17

#

interface GigabitEthernet0/0/18

#

interface GigabitEthernet0/0/19

#

interface GigabitEthernet0/0/20

#

interface GigabitEthernet0/0/21

#

interface GigabitEthernet0/0/22

 eth-trunk 1

#

interface GigabitEthernet0/0/23

 eth-trunk 1

#

interface GigabitEthernet0/0/24

 eth-trunk 1

#

interface NULL0

#

ip route-static 100.1.1.0 255.255.255.0 10.1.14.1

ip route-static 100.1.12.0 255.255.255.0 10.1.14.1

#

user-interface con 0

user-interface vty 0 4

#

return

 

 

LSW3:

[S3]dis current-configuration

#

sysname S3

#

vlan batch 10 20

#

stp mode rstp

#

cluster enable

ntdp enable

ndp enable

#

drop illegal-mac alarm

#

diffserv domain default

#

drop-profile default

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password simple admin

 local-user admin service-type http

#

interface Vlanif1

#

interface MEth0/0/1

#

interface Ethernet0/0/1

 port link-type trunk

 undo port trunk allow-pass vlan 1

 port trunk allow-pass vlan 2 to 4094

#

interface Ethernet0/0/2

 port link-type trunk

 undo port trunk allow-pass vlan 1

 port trunk allow-pass vlan 2 to 4094

#

interface Ethernet0/0/3

 port link-type access

 port default vlan 10

 stp bpdu-filter enable

 stp edged-port enable

#

interface Ethernet0/0/4

 port link-type access

 port default vlan 20

 stp bpdu-filter enable

 stp edged-port enable

#

interface Ethernet0/0/5

#

interface Ethernet0/0/6

#

interface Ethernet0/0/7

#

interface Ethernet0/0/8

#

interface Ethernet0/0/9

#

interface Ethernet0/0/10

#

interface Ethernet0/0/11

#

interface Ethernet0/0/12

#

interface Ethernet0/0/13

#

interface Ethernet0/0/14

#

interface Ethernet0/0/15

#

interface Ethernet0/0/16

#

interface Ethernet0/0/17

#

interface Ethernet0/0/18

#

interface Ethernet0/0/19

#

interface Ethernet0/0/20

#

interface Ethernet0/0/21

#

interface Ethernet0/0/22

#

interface GigabitEthernet0/0/1

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

ip route-static 0.0.0.0 0.0.0.0 Ethernet0/0/1

ip route-static 10.1.13.1 255.255.255.255 Ethernet0/0/1

#

user-interface con 0

user-interface vty 0 4

#

return

 

 

LSW4:

dis current-configuration

#

sysname S4

#

vlan batch 10 20

#

stp mode rstp

#

cluster enable

ntdp enable

ndp enable

#

drop illegal-mac alarm

#

diffserv domain default

#

drop-profile default

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password simple admin

 local-user admin service-type http

#

interface Vlanif1

#

interface MEth0/0/1

#

interface Ethernet0/0/1

 port link-type trunk

 undo port trunk allow-pass vlan 1

 port trunk allow-pass vlan 2 to 4094

#

interface Ethernet0/0/2

 port link-type trunk

 undo port trunk allow-pass vlan 1

 port trunk allow-pass vlan 2 to 4094

#

interface Ethernet0/0/3

 port link-type access

 port default vlan 10

 stp bpdu-filter enable

 stp edged-port enable

#

interface Ethernet0/0/4

 port link-type access

 port default vlan 20

 stp bpdu-filter enable

 stp edged-port enable

#

interface Ethernet0/0/5

#

interface Ethernet0/0/6

#

interface Ethernet0/0/7

#

interface Ethernet0/0/8

#

interface Ethernet0/0/9

#

interface Ethernet0/0/10

#

interface Ethernet0/0/11

#

interface Ethernet0/0/12

#

interface Ethernet0/0/13

#

interface Ethernet0/0/14

#

interface Ethernet0/0/15

#

interface Ethernet0/0/16

#

interface Ethernet0/0/17

#

interface Ethernet0/0/18

#

interface Ethernet0/0/19

#

interface Ethernet0/0/20

#

interface Ethernet0/0/21

#

interface Ethernet0/0/22

#

interface GigabitEthernet0/0/1

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

user-interface con 0

user-interface vty 0 4

#

return

 

 

你可能感兴趣的:(湖南大学)