实验4:大型企业网综合架构实例(作者:小蘑菇)

实验4:大型企业网综合架构实例
实验拓扑图如下:
实验需求:
项目需求:
1.不同的PC属于不同的 VLAN ,如图所示;
2.不同的 VLAN 的IP地址为: 192.168.XX.0/24 , XX 是 vlan 号;
3.不同的 VLAN 主机获得IP地址的方式为 DHCP (除特殊需求以外)
每个 VLAN 的主机的网关IP地址,均为: 192.168.XX.254/24;
4.vlan88 为 web-server 所在的服务器;网关在 SW5 上;
vlan66 为 dhcp-server所在的服务器;网关在 SW6 上;
5.其他 VLAN 的每个主机所用的网关都使用了高可用性技术,增强了网关
冗余性和稳定性。
6.交换机之间也使用了防环技术,并且能够针对每个 VLAN 实现流量负载
均衡的功能。同时,要求每个 VLAN 的主机,去往主机的网关时,所使用
的转发路径是最优的。
7.在公司内部运行 OSPF ,确保不同 VLAN 之间是互通的。
不同的 VLAN 属于不同的区域。
同时保护 web 和 dhcp 服务器所在的区域不受到外部链路以及其他区域
的不稳定的链路的影响。
8.公司的出口路由器为 R1 和 R2 ,但是永远将 R1 作为主出口,出现故障
后,出网流量才会自动的切换到 R2 。修复以后,会再次从 R1 转发。

9.内网大量主机都存在访问 Internet的需求,要求使用最节省IP地址的
方式实现内网主机上网,但是 vlan 40 属于机密部分,不能访问外网。

10.外网的用户(client-1),可以访问内部的 web 服务器。

11.外网的用户(SW9),可以远程控制内网的所有网络设备(不包括R1/R2),
远程访问密码均设置为 HCIE 。
(内网中每个设备的管理IP地址,属于管理 VLAN 199)

12.内网的用户中,只能由 vlan 20 中的 PC-2 远程登录管理内网所有设备
其他用户均不可以。
实验4:大型企业网综合架构实例(作者:小蘑菇)_第1张图片配置如下:
1、SW1上配置如下:
display current-configuration

sysname SW1

vlan batch 10 to 11 20 22 30 33 40 44 66 88 199

cluster enable
ntdp enable
ndp enable

lldp enable

drop illegal-mac alarm

diffserv domain default

stp region-configuration
region-name HCIE
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
instance 3 vlan 30
instance 4 vlan 40
active region-configuration

acl number 2000
rule 10 permit source 110.1.1.0 0.0.0.255
rule 20 permit source 192.168.20.1 0

drop-profile default

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http

interface Vlanif1

interface Vlanif199
ip address 192.168.199.1 255.255.255.0

interface MEth0/0/1

interface Ethernet0/0/1
port link-type access
port default vlan 10

interface Ethernet0/0/2
port link-type access
port default vlan 20

interface Ethernet0/0/3

interface Ethernet0/0/4

interface Ethernet0/0/5

interface Ethernet0/0/6

interface Ethernet0/0/7

interface Ethernet0/0/8

interface Ethernet0/0/9

interface Ethernet0/0/10

interface Ethernet0/0/11

interface Ethernet0/0/12

interface Ethernet0/0/13

interface Ethernet0/0/14

interface Ethernet0/0/15
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface Ethernet0/0/16
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface Ethernet0/0/17

interface Ethernet0/0/18

interface Ethernet0/0/19

interface Ethernet0/0/20

interface Ethernet0/0/21

interface Ethernet0/0/22

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

interface NULL0

ip route-static 0.0.0.0 0.0.0.0 192.168.199.254

user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
acl 2000 inbound
set authentication password simple HCIE

return

2、SW2上配置如下:
display current-configuration

sysname SW2

vlan batch 10 to 11 20 22 30 33 40 44 66 88 199

cluster enable
ntdp enable
ndp enable

lldp enable

drop illegal-mac alarm

diffserv domain default

stp region-configuration
region-name HCIE
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
instance 3 vlan 30
instance 4 vlan 40
active region-configuration

acl number 2000
rule 10 permit source 110.1.1.0 0.0.0.255
rule 20 permit source 192.168.20.1 0

drop-profile default

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http

interface Vlanif1

interface Vlanif199
ip address 192.168.199.2 255.255.255.0

interface MEth0/0/1

interface Ethernet0/0/1

interface Ethernet0/0/2

interface Ethernet0/0/3
port link-type access
port default vlan 10

interface Ethernet0/0/4
port link-type access
port default vlan 30

interface Ethernet0/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface Ethernet0/0/6
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface Ethernet0/0/7

interface Ethernet0/0/8

interface Ethernet0/0/9

interface Ethernet0/0/10

interface Ethernet0/0/11

interface Ethernet0/0/12

interface Ethernet0/0/13

interface Ethernet0/0/14

interface Ethernet0/0/15

interface Ethernet0/0/16

interface Ethernet0/0/17

interface Ethernet0/0/18

interface Ethernet0/0/19

interface Ethernet0/0/20

interface Ethernet0/0/21

interface Ethernet0/0/22

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

interface NULL0

ip route-static 0.0.0.0 0.0.0.0 192.168.199.254

user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
acl 2000 inbound
set authentication password simple HCIE

return

3、SW3上配置如下:
display cu
display current-configuration

sysname SW3

vlan batch 10 to 11 20 22 30 33 40 44 66 88 199

cluster enable
ntdp enable
ndp enable

lldp enable

drop illegal-mac alarm

diffserv domain default

stp region-configuration
region-name HCIE
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
instance 3 vlan 30
active region-configuration

acl number 2000
rule 10 permit source 110.1.1.0 0.0.0.255
rule 20 permit source 192.168.20.1 0

drop-profile default

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http

interface Vlanif1

interface Vlanif199
ip address 192.168.199.3 255.255.255.0

interface MEth0/0/1

interface Ethernet0/0/1

interface Ethernet0/0/2

interface Ethernet0/0/3

interface Ethernet0/0/4

interface Ethernet0/0/5
port link-type access
port default vlan 20

interface Ethernet0/0/6
port link-type access
port default vlan 40

interface Ethernet0/0/7

interface Ethernet0/0/8

interface Ethernet0/0/9

interface Ethernet0/0/10

interface Ethernet0/0/11

interface Ethernet0/0/12

interface Ethernet0/0/13
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface Ethernet0/0/14
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface Ethernet0/0/15

interface Ethernet0/0/16

interface Ethernet0/0/17

interface Ethernet0/0/18

interface Ethernet0/0/19

interface Ethernet0/0/20

interface Ethernet0/0/21

interface Ethernet0/0/22

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

interface NULL0

ip route-static 0.0.0.0 0.0.0.0 192.168.199.254

user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
acl 2000 inbound
set authentication password simple HCIE

return

4、SW4上配置如下:

display cu
display current-configuration

sysname SW4

vlan batch 10 to 11 20 22 30 33 40 44 66 88 199

cluster enable
ntdp enable
ndp enable

lldp enable

drop illegal-mac alarm

diffserv domain default

stp region-configuration
region-name HCIE
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
instance 3 vlan 30
active region-configuration

acl number 2000
rule 10 permit source 110.1.1.0 0.0.0.255
rule 20 permit source 192.168.20.1 0

drop-profile default

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http

interface Vlanif1

interface Vlanif199
ip address 192.168.199.4 255.255.255.0

interface MEth0/0/1

interface Ethernet0/0/1

interface Ethernet0/0/2

interface Ethernet0/0/3

interface Ethernet0/0/4

interface Ethernet0/0/5

interface Ethernet0/0/6

interface Ethernet0/0/7
port link-type access
port default vlan 40

interface Ethernet0/0/8
port link-type access
port default vlan 30

interface Ethernet0/0/9

interface Ethernet0/0/10

interface Ethernet0/0/11

interface Ethernet0/0/12

interface Ethernet0/0/13

interface Ethernet0/0/14

interface Ethernet0/0/15

interface Ethernet0/0/16

interface Ethernet0/0/17
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface Ethernet0/0/18
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface Ethernet0/0/19

interface Ethernet0/0/20

interface Ethernet0/0/21

interface Ethernet0/0/22

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

interface NULL0

ip route-static 0.0.0.0 0.0.0.0 192.168.199.254

user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
acl 2000 inbound
set authentication password simple HCIE

return

5、 SW5上配置如下:

display current-configuration

sysname SW5

vlan batch 10 to 11 20 22 30 33 40 44 66 88 199

stp instance 1 priority 0
stp instance 2 priority 0
stp instance 3 priority 4096
stp instance 4 priority 4096

cluster enable
ntdp enable
ndp enable

lldp enable

drop illegal-mac alarm

dhcp enable

diffserv domain default

stp region-configuration
region-name HCIE
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
instance 3 vlan 30
active region-configuration

acl number 2000
rule 10 permit source 110.1.1.0 0.0.0.255
rule 20 permit source 192.168.20.1 0

drop-profile default

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http

interface Vlanif1

interface Vlanif10
ip address 192.168.10.251 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 200
dhcp select relay
dhcp relay server-ip 192.168.66.1

interface Vlanif11
ip address 192.168.11.5 255.255.255.0

interface Vlanif20
ip address 192.168.20.251 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.254
vrrp vrid 20 priority 200
dhcp select relay
dhcp relay server-ip 192.168.66.1

interface Vlanif30
ip address 192.168.30.251 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.254
dhcp select relay
dhcp relay server-ip 192.168.66.1

interface Vlanif33
ip address 192.168.33.5 255.255.255.0

interface Vlanif40
ip address 192.168.40.251 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.254
dhcp select relay
dhcp relay server-ip 192.168.66.1

interface Vlanif66
ip address 192.168.66.251 255.255.255.0

interface Vlanif88
ip address 192.168.88.254 255.255.255.0

interface Vlanif199
ip address 192.168.199.5 255.255.255.0
vrrp vrid 199 virtual-ip 192.168.199.254
vrrp vrid 199 priority 200

interface MEth0/0/1

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/3

interface GigabitEthernet0/0/4

interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/6

interface GigabitEthernet0/0/7

interface GigabitEthernet0/0/8
port link-type access
port default vlan 88

interface GigabitEthernet0/0/9

interface GigabitEthernet0/0/10

interface GigabitEthernet0/0/11

interface GigabitEthernet0/0/12

interface GigabitEthernet0/0/13
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/14

interface GigabitEthernet0/0/15
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/16

interface GigabitEthernet0/0/17
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/18

interface GigabitEthernet0/0/19

interface GigabitEthernet0/0/20

interface GigabitEthernet0/0/21

interface GigabitEthernet0/0/22

interface GigabitEthernet0/0/23

interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface NULL0

ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 192.168.11.0 0.0.0.255
network 192.168.33.0 0.0.0.255
area 0.0.0.10
network 192.168.10.0 0.0.0.255
area 0.0.0.20
network 192.168.20.0 0.0.0.255
area 0.0.0.30
network 192.168.30.0 0.0.0.255
area 0.0.0.40
network 192.168.40.0 0.0.0.255
area 0.0.0.88
network 192.168.88.0 0.0.0.255
area 0.0.0.199
network 192.168.199.0 0.0.0.255

user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
acl 2000 inbound
set authentication password simple HCIE

return

6、SW6上配置如下:

display current-configuration

sysname SW6

vlan batch 10 to 11 20 22 30 33 40 44 66 88 199

stp instance 1 priority 4096
stp instance 2 priority 4096
stp instance 3 priority 0
stp instance 4 priority 0

cluster enable
ntdp enable
ndp enable

lldp enable

drop illegal-mac alarm

dhcp enable

diffserv domain default

stp region-configuration
region-name HCIE
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
instance 3 vlan 30
active region-configuration

acl number 2000
rule 10 permit source 110.1.1.0 0.0.0.255
rule 20 permit source 192.168.20.1 0

drop-profile default

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http

interface Vlanif1

interface Vlanif10
ip address 192.168.10.252 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
dhcp select relay
dhcp relay server-ip 192.168.66.1

interface Vlanif20
ip address 192.168.20.252 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.254
dhcp select relay
dhcp relay server-ip 192.168.66.1

interface Vlanif22
ip address 192.168.22.6 255.255.255.0

interface Vlanif30
ip address 192.168.30.252 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.254
vrrp vrid 30 priority 200
dhcp select relay
dhcp relay server-ip 192.168.66.1

interface Vlanif40
ip address 192.168.40.252 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.254
vrrp vrid 40 priority 200
dhcp select relay
dhcp relay server-ip 192.168.66.1

interface Vlanif44
ip address 192.168.44.6 255.255.255.0

interface Vlanif66
ip address 192.168.66.254 255.255.255.0

interface Vlanif199
ip address 192.168.199.6 255.255.255.0
vrrp vrid 199 virtual-ip 192.168.199.254

interface MEth0/0/1

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/5

interface GigabitEthernet0/0/6
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/7

interface GigabitEthernet0/0/8
port link-type access
port default vlan 66

interface GigabitEthernet0/0/9

interface GigabitEthernet0/0/10

interface GigabitEthernet0/0/11

interface GigabitEthernet0/0/12

interface GigabitEthernet0/0/13

interface GigabitEthernet0/0/14
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/15

interface GigabitEthernet0/0/16
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/17

interface GigabitEthernet0/0/18
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/19

interface GigabitEthernet0/0/20

interface GigabitEthernet0/0/21

interface GigabitEthernet0/0/22

interface GigabitEthernet0/0/23

interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface NULL0

ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 192.168.66.0 0.0.0.255
network 192.168.44.0 0.0.0.255
network 192.168.22.0 0.0.0.255
area 0.0.0.10
network 192.168.10.0 0.0.0.255
area 0.0.0.20
network 192.168.20.0 0.0.0.255
area 0.0.0.30
network 192.168.30.0 0.0.0.255
area 0.0.0.40
network 192.168.40.0 0.0.0.255
area 0.0.0.199
network 192.168.199.0 0.0.0.255

user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
acl 2000 inbound
set authentication password simple HCIE

return

7、SW7上配置如下:

display current-configuration

sysname SW7

vlan batch 10 to 11 20 22 30 33 40 44 66 88 199

stp instance 0 priority 0

cluster enable
ntdp enable
ndp enable

lldp enable

drop illegal-mac alarm

diffserv domain default

stp region-configuration
region-name HCIE
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
instance 3 vlan 30
active region-configuration

acl number 2000
rule 10 permit source 110.1.1.0 0.0.0.255
rule 20 permit source 192.168.20.1 0

drop-profile default

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http

interface Vlanif1

interface Vlanif199
ip address 192.168.199.7 255.255.255.0

interface MEth0/0/1

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/2
port link-type access
port default vlan 11

interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/4
port link-type access
port default vlan 33

interface GigabitEthernet0/0/5

interface GigabitEthernet0/0/6

interface GigabitEthernet0/0/7

interface GigabitEthernet0/0/8

interface GigabitEthernet0/0/9

interface GigabitEthernet0/0/10

interface GigabitEthernet0/0/11

interface GigabitEthernet0/0/12

interface GigabitEthernet0/0/13

interface GigabitEthernet0/0/14

interface GigabitEthernet0/0/15

interface GigabitEthernet0/0/16

interface GigabitEthernet0/0/17

interface GigabitEthernet0/0/18

interface GigabitEthernet0/0/19

interface GigabitEthernet0/0/20

interface GigabitEthernet0/0/21

interface GigabitEthernet0/0/22

interface GigabitEthernet0/0/23

interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface NULL0

ip route-static 0.0.0.0 0.0.0.0 192.168.199.254

user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
acl 2000 inbound
set authentication password simple HCIE

return

8、SW8上配置如下:

display cu

sysname SW8

vlan batch 10 to 11 20 22 30 33 40 44 66 88 199

stp instance 0 priority 4096

cluster enable
ntdp enable
ndp enable

lldp enable

drop illegal-mac alarm

diffserv domain default

stp region-configuration
region-name HCIE
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
instance 3 vlan 30
active region-configuration

acl number 2000
rule 10 permit source 110.1.1.0 0.0.0.255
rule 20 permit source 192.168.20.1 0

drop-profile default

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http

interface Vlanif1

interface Vlanif199
ip address 192.168.199.8 255.255.255.0

interface MEth0/0/1

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/3
port link-type access
port default vlan 22

interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/5
port link-type access
port default vlan 44

interface GigabitEthernet0/0/6

interface GigabitEthernet0/0/7

interface GigabitEthernet0/0/8

interface GigabitEthernet0/0/9

interface GigabitEthernet0/0/10

interface GigabitEthernet0/0/11

interface GigabitEthernet0/0/12

interface GigabitEthernet0/0/13

interface GigabitEthernet0/0/14

interface GigabitEthernet0/0/15

interface GigabitEthernet0/0/16

interface GigabitEthernet0/0/17

interface GigabitEthernet0/0/18

interface GigabitEthernet0/0/19

interface GigabitEthernet0/0/20

interface GigabitEthernet0/0/21

interface GigabitEthernet0/0/22

interface GigabitEthernet0/0/23

interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface NULL0

ip route-static 0.0.0.0 0.0.0.0 192.168.199.254

user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
acl 2000 inbound
set authentication password simple HCIE

return

9、SW9上配置如下:

display current-configuration

sysname SW9

vlan batch 110

cluster enable
ntdp enable
ndp enable

lldp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http

interface Vlanif1

interface Vlanif110
ip address 110.1.1.99 255.255.255.0

interface MEth0/0/1

interface GigabitEthernet0/0/1
port link-type access
port default vlan 110

interface GigabitEthernet0/0/2
port link-type access
port default vlan 110

interface GigabitEthernet0/0/3
port link-type access
port default vlan 110

interface GigabitEthernet0/0/4

interface GigabitEthernet0/0/5

interface GigabitEthernet0/0/6

interface GigabitEthernet0/0/7

interface GigabitEthernet0/0/8

interface GigabitEthernet0/0/9

interface GigabitEthernet0/0/10

interface GigabitEthernet0/0/11

interface GigabitEthernet0/0/12

interface GigabitEthernet0/0/13

interface GigabitEthernet0/0/14

interface GigabitEthernet0/0/15

interface GigabitEthernet0/0/16

interface GigabitEthernet0/0/17

interface GigabitEthernet0/0/18

interface GigabitEthernet0/0/19

interface GigabitEthernet0/0/20

interface GigabitEthernet0/0/21

interface GigabitEthernet0/0/22

interface GigabitEthernet0/0/23

interface GigabitEthernet0/0/24

interface NULL0

ip route-static 0.0.0.0 0.0.0.0 110.1.1.254

user-interface con 0
user-interface vty 0 4

return

10、AR1配置如下:

display current-configuration
[V200R003C00]

sysname R1

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

lldp enable

set cpu-usage threshold 80 restore 75

acl number 2000
rule 10 permit

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %
local-user admin service-type http

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 192.168.11.1 255.255.255.0

interface GigabitEthernet0/0/1
ip address 192.168.22.1 255.255.255.0
ospf cost 5

interface GigabitEthernet0/0/2
ip address 100.1.1.1 255.255.255.0
nat server protocol tcp global 100.1.1.10 2001 inside 192.168.199.1 telnet
nat server protocol tcp global 100.1.1.10 2002 inside 192.168.199.2 telnet
nat server protocol tcp global 100.1.1.10 2003 inside 192.168.199.3 telnet
nat server protocol tcp global 100.1.1.10 2004 inside 192.168.199.4 telnet
nat server protocol tcp global 100.1.1.10 2005 inside 192.168.199.5 telnet
nat server protocol tcp global 100.1.1.10 2006 inside 192.168.199.6 telnet
nat server protocol tcp global 100.1.1.10 2007 inside 192.168.199.7 telnet
nat server protocol tcp global 100.1.1.10 2008 inside 192.168.199.8 telnet
nat outbound 2000

interface NULL0

ospf 1 router-id 1.1.1.1
default-route-advertise type 1
area 0.0.0.0
network 192.168.11.0 0.0.0.255
network 192.168.22.0 0.0.0.255

ip route-static 0.0.0.0 0.0.0.0 100.1.1.254

user-interface con 0
authentication-mode password
idle-timeout 0 0
user-interface vty 0 4
user-interface vty 16 20

wlan ac

return

11、AR2配置如下:

display current-configuration
[V200R003C00]

sysname R2

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

lldp enable

set cpu-usage threshold 80 restore 75

acl number 2000
rule 10 deny source 192.168.40.0 0.0.0.255
rule 20 permit

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %
local-user admin service-type http

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 192.168.33.2 255.255.255.0

interface GigabitEthernet0/0/1
ip address 192.168.44.2 255.255.255.0
ospf cost 5

interface GigabitEthernet0/0/2
ip address 200.1.1.1 255.255.255.0
nat server protocol tcp global 200.1.1.10 2001 inside 192.168.199.1 telnet
nat server protocol tcp global 200.1.1.10 2002 inside 192.168.199.2 telnet
nat server protocol tcp global 200.1.1.10 2003 inside 192.168.199.3 telnet
nat server protocol tcp global 200.1.1.10 2004 inside 192.168.199.4 telnet
nat server protocol tcp global 200.1.1.10 2005 inside 192.168.199.5 telnet
nat server protocol tcp global 200.1.1.10 2006 inside 192.168.199.6 telnet
nat server protocol tcp global 200.1.1.10 2007 inside 192.168.199.7 telnet
nat server protocol tcp global 200.1.1.10 2008 inside 192.168.199.8 telnet
nat outbound 2000

interface NULL0

ospf 1 router-id 2.2.2.2
default-route-advertise
area 0.0.0.0
network 192.168.33.0 0.0.0.255
network 192.168.44.0 0.0.0.255

ip route-static 0.0.0.0 0.0.0.0 200.1.1.254

user-interface con 0
authentication-mode password
idle-timeout 0 0
user-interface vty 0 4
user-interface vty 16 20

wlan ac

return

12、DHCP服务器配置如下:

display current-configuration
[V200R003C00]

sysname DHCP-Server

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

lldp enable

set cpu-usage threshold 80 restore 75

dhcp enable

ip pool VLAN10
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.251 192.168.10.252
dns-list 8.8.8.8

ip pool VLAN20
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
excluded-ip-address 192.168.20.1
excluded-ip-address 192.168.20.251 192.168.20.252
dns-list 8.8.8.8

ip pool VLAN30
gateway-list 192.168.30.254
network 192.168.30.0 mask 255.255.255.0
excluded-ip-address 192.168.30.251 192.168.30.252
dns-list 8.8.8.8

ip pool VLAN40
gateway-list 192.168.40.254
network 192.168.40.0 mask 255.255.255.0
excluded-ip-address 192.168.40.251 192.168.40.252
dns-list 8.8.8.8

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %
local-user admin service-type http

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 192.168.66.1 255.255.255.0
dhcp select global

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

interface NULL0

ip route-static 0.0.0.0 0.0.0.0 192.168.66.254

user-interface con 0
authentication-mode password
idle-timeout 0 0
user-interface vty 0 4
user-interface vty 16 20

wlan ac

return

13、ISP运营商配置如下:

display current-configuration
[V200R003C00]

sysname ISP

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

lldp enable

set cpu-usage threshold 80 restore 75

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %
local-user admin service-type http

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
description Connect-to-R1
ip address 100.1.1.254 255.255.255.0

interface GigabitEthernet0/0/1
description Connect-to-R2
ip address 200.1.1.254 255.255.255.0

interface GigabitEthernet0/0/2
description Connect-to-PC9
ip address 110.1.1.254 255.255.255.0

interface NULL0

user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20

wlan ac

return

你可能感兴趣的:(网络运维,大型企业网架构,网络配置部署,华为大型企业网构建实例)