神州数码具体配置步骤

 

 

 

1.DCRS5980的配置

交换机基础配置
##########################################
enable
config
  hostname 5980
  vlan 10
    exit
  vlan 20
    exit
  vlan 30
    exit
  vlan 40
    exit
inter e0/0/2-3
    switchport mode trunk
    switchport trunk allowed vlan all
  exit
    router ospf
      router-id 192.168.2.2
      network 192.168.2.0 0.0.0.255 area 0
      network 192.168.20.0 0.0.0.255 area 0
      network 192.168.30.0 0.0.0.255 area 0
      network 192.168.40.0 0.0.0.255 area 0
      network 192.168.10.0 0.0.0.255 area 0
      exit
   ip route 0.0.0.0 0.0.0.0 192.168.2.1
   inter vlan 1
    ip address 192.168.2.2 255.255.255.0
  inter vlan 10
    ip address 192.168.10.1 255.255.255.0
  inter vlan 20
    ip address 192.168.20.1 255.255.255.0
  inter vlan 30
    ip address 192.168.30.1 255.255.255.0
  inter vlan 40
    ip address 192.168.40.1 255.255.255.0
    exit
交换机mstp配置
##########################################
   enable
   config
  spanning-tree
   spanning-tree mst configuration
     name mstp
     instance 0 vlan 10,20
     instance 1 vlan 30,40
     exit
  exit
  write

2.4900-1的配置

交换机基础配置
##########################################
enable
config
  hostname 4900-1
  vlan 10
    exit
  vlan 20
    exit
  vlan 30
    exit
  vlan 40
    exit
inter e0/0/1-3
    switchport mode trunk
    switchport trunk allowed vlan all
  exit
  interface ethernet 0/0/4-10
    switchport access vlan 10
    interface ethernet 0/0/11-15
    switchport access vlan 20
    interface ethernet 0/0/16-20
    switchport access vlan 30
    interface ethernet 0/0/21-24
    switchport access vlan 40
    exit
交换机mstp配置
##########################################
   enable
   config
   spanning-tree
   spanning-tree mst configuration
     name mstp
     instance 0 vlan 10,20
     instance 1 vlan 30,40
     exit
   spanning-tree mst 1 priority 8192
   spanning-tree mst 0 priority 4096
   exit
   write

3.4800-2的配置

交换机基础配置
##########################################
enable
config
  hostname 4900-2
  vlan 10;20;30;40
  inter e0/0/1-3
    switchport mode trunk
    switchport trunk allowed vlan all
  exit
  interface ethernet 0/0/4-10
    switchport access vlan 10
    interface ethernet 0/0/11-15
    switchport access vlan 20
    interface ethernet 0/0/16-20
    switchport access vlan 30
    interface ethernet 0/0/21-24
    switchport access vlan 40
    exit
交换机mstp配置
##########################################
   enable
   config
   spanning-tree
   spanning-tree mst configuration
     name mstp
     instance 0 vlan 10,20
     instance 1 vlan 30,40
     exit
   spanning-tree mst 0 priority 8192
   spanning-tree mst 1 priority 4096
   exit
  write
 

4.防火墙1800的配置

重启防火墙
###################################################
configure
unset all
y
y

配置防火墙基础部分
##################################################
configure
interface ethernet0/1
  zone  "untrust"
  ip address 192.168.2.1 255.255.255.0
  manage ssh
  manage telnet
  manage ping
  manage snmp
  manage http
  manage https
exit
interface ethernet0/2
  zone  "untrust"
  ip address 1.1.1.1 255.255.255.0
  manage ping
exit
interface ethernet0/3
  zone  "untrust"
  ip address 2.2.2.1 255.255.255.0
  manage ping
exit
policy from "trust" to "untrust"
  rule id 1
    action permit
    src-addr "Any"
    dst-addr "Any"
    service "Any"
  exit
  exit
policy from "untrust" to "trust"
  rule id 2
    action permit
    src-addr "Any"
    dst-addr "Any"
    service "Any"
  exit
exit
ip vrouter trust-vr
   router ospf
     router-id 192.168.1.1
     network 192.168.1.0/24 area 0
     network 192.168.2.0/24 area 0
     network 1.1.1.0/24 area 0
     network 2.2.2.0/24 area 0
     passive-interface ethernet0/2
     passive-interface ethernet0/3
     exit
   exit
ip vrouter "trust-vr"
  snatrule id 1 from "Any" to "Any" eif ethernet0/2 trans-to eif-ip mode dynamicport
  snatrule id 2 from "Any" to "Any" eif ethernet0/3 trans-to eif-ip mode dynamicport
exit
save
y
y

配置防火墙负载均衡部分
##################################################
configure
ip vrouter "trust-vr"
  ip route 0.0.0.0/0 1.1.1.2
  ip route 0.0.0.0/0 2.2.2.2
exit
ecmp-route-select by-src-and-dst
track "track-for-eth0/2"
ip 1.1.1.2 interface ethernet0/2
exit
track "track-for-eth0/3"
ip 2.2.2.2 interface ethernet0/3
exit
interface ethernet0/2
monitor track "track-for-eth0/2"
exit
interface ethernet0/3
monitor track "track-for-eth0/3"
exit
save
y
y