中小型园区网典型配置
经典中小型企业网
设备清单(H3C设备) 出口路由器 2台 核心交换机 2 台 接入交换机 2台 PC 2台(模拟不同网段办公用户)
双出口模拟移动 联通 双运营商 企业组网采用冗余备份思想,增强企业组网网络可靠性
采用技术 VRRP MSTP 链路聚合 OSPF 静态路由
企业组网架构
设备配置详解
#
version 7.1.075, Alpha 7571
#
sysname Route_1
#
ospf 1 router-id 1.1.1.1
# 下发默认路由并引入直连
default-route-advertise always
import-route direct
# 宣告互联网段
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.16.2.0 0.0.0.255
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 172.16.1.1 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
ip address 172.16.2.1 255.255.255.0
ospf cost 10
#
interface GigabitEthernet0/2
port link-mode route
combo enable copper
ip address 10.0.1.1 255.255.255.0
nat outbound
# 明细静态路由
ip route-static 6.6.6.6 32 10.0.1.2
ip route-static 8.8.8.8 32 172.16.2.2
ip route-static 10.0.2.0 24 172.16.2.2
#
return
#
version 7.1.075, Alpha 7571
#
sysname Route_2
#
ospf 1 router-id 3.3.3.3
default-route-advertise always
import-route direct
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.16.2.0 0.0.0.255
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 172.16.1.3 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
ip address 172.16.2.2 255.255.255.0
ospf cost 10
#
interface GigabitEthernet0/2
port link-mode route
combo enable copper
ip address 10.0.2.1 255.255.255.0
nat outbound
ip route-static 6.6.6.6 32 172.16.2.1
ip route-static 8.8.8.8 32 10.0.2.2
ip route-static 8.8.8.8 32 172.16.2.1
ip route-static 10.0.1.0 24 172.16.2.1
#
#
version 7.1.075, Alpha 7571
#
sysname CORE_A
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
#
lldp global enable
vlan 1
#
vlan 10
#
vlan 20
#
vlan 30
# 多域生成树MSTP
stp region-configuration
region-name h3c
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
stp instance 1 root primary
stp instance 2 root secondary
stp global enable
# 二层静态聚合
interface Bridge-Aggregation12
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20 30
#
interface NULL0
#
interface Vlan-interface10
ip address 192.168.10.1 255.255.255.0
vrrp version 2
vrrp vrid 10 virtual-ip 192.168.10.10
vrrp vrid 10 priority 120
#
interface Vlan-interface20
ip address 192.168.20.3 255.255.255.0
vrrp version 2
vrrp vrid 20 virtual-ip 192.168.20.20
#
interface Vlan-interface30
ip address 172.16.1.2 255.255.255.0
#
interface FortyGigE1/0/53
port link-mode bridge
#
interface FortyGigE1/0/54
port link-mode bridge
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 30
combo enable fiber
#
interface GigabitEthernet1/0/2
port link-mode bridge
combo enable fiber
#
interface GigabitEthernet1/0/3
port link-mode bridge
combo enable fiber
#
interface GigabitEthernet1/0/4
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20
combo enable fiber
#
interface GigabitEthernet1/0/5
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20
combo enable fiber
#
interface GigabitEthernet1/0/6
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20 30
combo enable fiber
port link-aggregation group 12
#
interface GigabitEthernet1/0/7
port link-mode bridge
combo enable fiber
#
interface GigabitEthernet1/0/8
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20 30
combo enable fiber
port link-aggregation group 12
#
ip route-static 0.0.0.0 0 172.16.1.1
return
#
version 7.1.075, Alpha 7571
#
sysname CORE_B
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
#
lldp global enable
#
system-working-mode standard
xbar load-single
password-recovery enable
lpu-type f-series
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan 30
#
stp region-configuration
region-name h3c
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
stp instance 1 root secondary
stp instance 2 root primary
stp global enable
#
interface Bridge-Aggregation12
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20 30
#
interface NULL0
#
interface Vlan-interface10
ip address 192.168.10.3 255.255.255.0
vrrp version 2
vrrp vrid 10 virtual-ip 192.168.10.10
#
interface Vlan-interface20
ip address 192.168.20.1 255.255.255.0
vrrp version 2
vrrp vrid 20 virtual-ip 192.168.20.20
vrrp vrid 20 priority 120
#
interface Vlan-interface30
ip address 172.16.1.4 255.255.255.0
#
interface FortyGigE1/0/53
port link-mode bridge
#
interface FortyGigE1/0/54
port link-mode bridge
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 30
combo enable fiber
#
interface GigabitEthernet1/0/2
port link-mode bridge
combo enable fiber
#
interface GigabitEthernet1/0/3
port link-mode bridge
combo enable fiber
#
interface GigabitEthernet1/0/4
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20
combo enable fiber
#
interface GigabitEthernet1/0/5
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20
combo enable fiber
#
interface GigabitEthernet1/0/6
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20 30
combo enable fiber
port link-aggregation group 12
#
interface GigabitEthernet1/0/7
port link-mode bridge
combo enable fiber
#
interface GigabitEthernet1/0/8
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20 30
combo enable fiber
port link-aggregation group 12
# ip route-static 0.0.0.0 0 8.8.8.8
ip route-static 0.0.0.0 0 172.16.1.3
#
radius scheme system
user-name-format without-domain
#
domain name system
#
#
version 7.1.075, Alpha 7571
#
sysname ACC_1
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
lldp global enable
#
system-working-mode standard
xbar load-single
password-recovery enable
lpu-type f-series
#
vlan 1
#
vlan 10
#
vlan 20
#
stp region-configuration
region-name h3c
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
stp global enable
#
interface NULL0
#
interface FortyGigE1/0/53
port link-mode bridge
#
interface FortyGigE1/0/54
port link-mode bridge
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20
combo enable fiber
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20
combo enable fiber
#
interface GigabitEthernet1/0/3
port link-mode bridge
port access vlan 10
combo enable fiber
#
return
#
version 7.1.075, Alpha 7571
#
sysname ACC_2
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
lldp global enable
#
system-working-mode standard
xbar load-single
password-recovery enable
lpu-type f-series
#
vlan 1
#
vlan 10
#
vlan 20
#
stp region-configuration
region-name h3c
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
stp global enable
#
interface NULL0
#
interface FortyGigE1/0/53
port link-mode bridge
#
interface FortyGigE1/0/54
port link-mode bridge
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20
combo enable fiber
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20
combo enable fiber
#
interface GigabitEthernet1/0/3
port link-mode bridge
port access vlan 20
combo enable fiber