一、拓扑图
简介:这是一个实际项目的拓扑图,只是缺少一些安全设备,但是对于我们利用模拟器来实现其重要功能已经足够。显示项目中是利用华为AR2240作为核心路由,两台HuaWei S9300作为核心交换机,其他就是接入交换机。现具体的配置如下。
二、具体配置
1、核心路由配置
#
sysname HXR
#
undo info-center enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher Fq2|@at%N!ajUn1vMEIBN#7#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
ip address 202.102.224.4 255.255.255.0 ##模拟公网IP地址
#
interface Ethernet0/0/1
description WAN
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1 ##连接HXA
ip address 10.0.0.1 255.255.255.0
#
interface GigabitEthernet0/0/2 ####连接HXB
ip address 10.0.1.1 255.255.255.0
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
ip route-static 172.16.2.0 255.255.255.0 10.0.0.2 ##回还路由
ip route-static 172.16.2.0 255.255.255.0 10.0.1.2 ##回还路由
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
2、HXA(核心交换机A的配置)
HXA>dis cu
#
sysname HXA
#
undo info-center enable
#
vlan batch 2 to 5 100
#
stp instance 0 root primary ##MSTP的配置
stp instance 1 root secondary ##MSTP的配置
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
dhcp server database enable
#
diffserv domain default
#
stp region-configuration ##MSTP的配置
instance 1 vlan 4 to 5
active region-configuration
#
drop-profile default
#
vlan 100
description hulian
#DHCP配置
ip pool vlan2
gateway-list 172.16.2.1
network 172.16.2.0 mask 255.255.255.0
excluded-ip-address 172.16.2.254
#
ip pool vlan3
gateway-list 172.16.3.1
network 172.16.3.0 mask 255.255.255.0
excluded-ip-address 172.16.3.254
#
ip pool vlan4
gateway-list 172.16.4.1
network 172.16.4.0 mask 255.255.255.0
excluded-ip-address 172.16.4.254
#
ip pool vlan5
gateway-list 172.16.5.1
network 172.16.5.0 mask 255.255.255.0
excluded-ip-address 172.16.5.254
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif2
ip address 172.16.2.254 255.255.255.0
vrrp vrid 1 virtual-ip 172.16.2.1
vrrp vrid 1 priority 200
dhcp select global
#
interface Vlanif3
ip address 172.16.3.254 255.255.255.0
vrrp vrid 2 virtual-ip 172.16.3.1
vrrp vrid 2 priority 200
dhcp select global
#
interface Vlanif4
ip address 172.16.4.254 255.255.255.0
vrrp vrid 3 virtual-ip 172.16.4.1
dhcp select global
#
interface Vlanif5
ip address 172.16.5.254 255.255.255.0
vrrp vrid 4 virtual-ip 172.16.5.1
dhcp select global
#
interface Vlanif100 ##两核心的心跳VLAN IP地址
ip address 10.0.0.2 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk0
##创建端口汇聚
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type access
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21 ##与接入交换机相连
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/22##与接入交换机相连
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/23##心跳端口
eth-trunk 0
#
interface GigabitEthernet0/0/24##心跳端口
eth-trunk 0
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.0.0.1
ip route-static 0.0.0.0 0.0.0.0 10.0.1.1
#
user-interface con 0
user-interface vty 0 4
#
return
3、HXB(核心B的配置)
#
sysname HXB
#
undo info-center enable
#
vlan batch 2 to 5 101
#
stp instance 0 root secondary
stp instance 1 root primary
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
dhcp server database enable
#
diffserv domain default
#
drop-profile default
#
vlan 101
description hulian
#
ip pool vlan2
gateway-list 172.16.2.1
network 172.16.2.0 mask 255.255.255.0
excluded-ip-address 172.16.2.254
#
ip pool vlan3
gateway-list 172.16.3.1
network 172.16.3.0 mask 255.255.255.0
excluded-ip-address 172.16.3.254
#
ip pool vlan4
gateway-list 172.16.4.1
network 172.16.4.0 mask 255.255.255.0
excluded-ip-address 172.16.4.254
#
ip pool vlan5
gateway-list 172.16.5.1
network 172.16.5.0 mask 255.255.255.0
excluded-ip-address 172.16.5.254
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif2
ip address 172.16.2.253 255.255.255.0
vrrp vrid 1 virtual-ip 172.16.2.1
dhcp select global
#
interface Vlanif3
ip address 172.16.3.253 255.255.255.0
vrrp vrid 2 virtual-ip 172.16.3.1
dhcp select global
#
interface Vlanif4
ip address 172.16.4.253 255.255.255.0
vrrp vrid 3 virtual-ip 172.16.4.1
vrrp vrid 3 priority 200
dhcp select global
#
interface Vlanif5
ip address 172.16.5.253 255.255.255.0
vrrp vrid 4 virtual-ip 172.16.5.1
vrrp vrid 4 priority 200
dhcp select global
#
interface Vlanif101
ip address 10.0.1.2 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk0
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 101
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/22
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/23
eth-trunk 0
#
interface GigabitEthernet0/0/24
eth-trunk 0
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.0.1.1
ip route-static 0.0.0.0 0.0.0.0 10.0.0.1
#
user-interface con 0
user-interface vty 0 4
#
return
4、JR01(接入交换机01的配置)
#
sysname JR01
#
undo info-center enable
#
vlan batch 2 to 5
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 2
#
interface Ethernet0/0/2
port link-type access
port default vlan 4
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
5、JR02(接入交换机02的配置)
#
sysname JR02
#
undo info-center enable
#
vlan batch 2 to 5
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp server database enable
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 5
#
interface Ethernet0/0/2
port link-type access
port default vlan 3
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return