当前位置:首页 » 《随便一记》 » 正文

基于华为Ensp的校园/企业网的网络设计

8 人参与  2024年09月22日 08:40  分类 : 《随便一记》  评论

点击全文阅读


 设计图(文章结尾附上细节图)

引言

这是我的设计图,(软件还是Ensp,只不过是换了图标),该图主攻适用于设计基于IPSec  VPN技术的小伙伴,其运用到的技术还有VLAN划分、三层架构、MSTP+VRRP、链路聚合、DHCP、WLAN(无线局域网)、OSPF、双击热备、IPSec  VPN、单臂路由、DHCP技术等一系列,对毕设课题进行参考,场景适用于毕业设计、校园网络规划和企业网络规划。由什么问题可以在平台私信博主,看到会回,有什么不对的地方见谅,本人也是刚接触不久。上配置!

该网络配置全过程

总部/总校区部分

1、接入SW1

<Huawei>system-view[Huawei]sysname S1[S1]undo info-center enable [S1]vlan batch 10 120[S1]interface Ethernet0/0/1[S1-Ethernet0/0/1] port link-type access[S1-Ethernet0/0/1] port default vlan 10[S1-Ethernet0/0/1]interface Ethernet0/0/2[S1-Ethernet0/0/2] port link-type trunk[S1-Ethernet0/0/2] port trunk pvid vlan 120[S1-Ethernet0/0/2] port trunk allow-pass vlan 10 120[S1-Ethernet0/0/2]interface Ethernet0/0/3[S1-Ethernet0/0/3] port link-type access[S1-Ethernet0/0/3] port default vlan 10[S1-GigabitEthernet0/0/1] port link-type trunk[S1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 120[S1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2[S1-GigabitEthernet0/0/2] port link-type trunk[S1-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 120

2、接入SW2

<Huawei>system-view[Huawei]sysname S2[S2]undo info-center enable[S2]undo info-center enable [S2]vlan batch 20 120[S2]interface Ethernet0/0/1[S2-Ethernet0/0/1] port link-type access[S2-Ethernet0/0/1] port default vlan 20[S2-Ethernet0/0/1]interface Ethernet0/0/2[S2-Ethernet0/0/2] port link-type trunk[S2-Ethernet0/0/2] port trunk pvid vlan 120[S2-Ethernet0/0/2] port trunk allow-pass vlan 20 120[S2-Ethernet0/0/2]interface Ethernet0/0/3[S2-Ethernet0/0/3] port link-type access[S2-Ethernet0/0/3] port default vlan 20[S2-Ethernet0/0/3]interface GigabitEthernet0/0/1[S2-GigabitEthernet0/0/1] port link-type trunk[S2-GigabitEthernet0/0/1] port trunk allow-pass vlan 20 120[S2-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2[S2-GigabitEthernet0/0/2] port link-type trunk[S2-GigabitEthernet0/0/2] port trunk allow-pass vlan 20 120

3、接入SW3

<Huawei>system-view [Huawei]sysname S3[S3]undo info-center enable Info: Information center is disabled.[S3]vlan batch 30 120[S3]interface Ethernet0/0/1[S3-Ethernet0/0/1] port link-type access[S3-Ethernet0/0/1] port default vlan 30[S3-Ethernet0/0/1]interface Ethernet0/0/2[S3-Ethernet0/0/2] port link-type trunk[S3-Ethernet0/0/2] port trunk pvid vlan 120[S3-Ethernet0/0/2] port trunk allow-pass vlan 30 120[S3-Ethernet0/0/2]interface Ethernet0/0/3[S3-Ethernet0/0/3] port link-type access[S3-Ethernet0/0/3] port default vlan 30[S3-Ethernet0/0/3]interface GigabitEthernet0/0/1[S3-GigabitEthernet0/0/1] port link-type trunk[S3-GigabitEthernet0/0/1] port trunk allow-pass vlan 30 120[S3-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2[S3-GigabitEthernet0/0/2] port link-type trunk[S3-GigabitEthernet0/0/2] port trunk allow-pass vlan 30 120

4、接入SW4 

<Huawei>system-view [Huawei]sysname S4[S4]undo info-center enable [s4]vlan batch 40[s4]interface Ethernet0/0/1[s4-Ethernet0/0/1] port link-type access[s4-Ethernet0/0/1] port default vlan 40[s4-Ethernet0/0/1]interface Ethernet0/0/2[s4-Ethernet0/0/3] port link-type access[s4-Ethernet0/0/3] port default vlan 40[s4-Ethernet0/0/3]interface GigabitEthernet0/0/1[s4-GigabitEthernet0/0/1] port link-type trunk[s4-GigabitEthernet0/0/1] port trunk allow-pass vlan 40[s4-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2[s4-GigabitEthernet0/0/2] port link-type trunk[s4-GigabitEthernet0/0/2] port trunk allow-pass vlan 40

5、接入SW5

<Huawei>system-view [Huawei]sysname S5[S5]undo info-center enable [S5]vlan ba 50[S5]interface Ethernet0/0/1[S5-Ethernet0/0/1] port link-type access[S5-Ethernet0/0/1] port default vlan 50[S5-Ethernet0/0/1]interface Ethernet0/0/3[S5-Ethernet0/0/3] port link-type access[S5-Ethernet0/0/3] port default vlan 50[S5-Ethernet0/0/3]interface GigabitEthernet0/0/1[S5-GigabitEthernet0/0/1] port link-type trunk[S5-GigabitEthernet0/0/1] port trunk allow-pass vlan 50[S5-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2[S5-GigabitEthernet0/0/2] port link-type trunk[S5-GigabitEthernet0/0/2] port trunk allow-pass vlan 50

6、接入SW6

<Huawei>system-view [Huawei]sysname S6[S6]undo info-center enable [S6]vlan batch 60[S6]interface Ethernet0/0/1[S6-Ethernet0/0/1] port link-type access[S6-Ethernet0/0/1] port default vlan 60[S6-Ethernet0/0/1]interface Ethernet0/0/3[S6-Ethernet0/0/3] port link-type access[S6-Ethernet0/0/3] port default vlan 60[S6-Ethernet0/0/3]interface GigabitEthernet0/0/1[S6-GigabitEthernet0/0/1] port link-type trunk[S6-GigabitEthernet0/0/1] port trunk allow-pass vlan 60[S6-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2[S6-GigabitEthernet0/0/2] port link-type trunk[S6-GigabitEthernet0/0/2] port trunk allow-pass vlan 60

7、接入SW7

<Huawei>system-view [Huawei]sysname S7[S7]undo info-center enable [S7]vlan batch 70 120[S7]interface Ethernet0/0/1[S7-Ethernet0/0/1] port link-type access[S7-Ethernet0/0/1] port default vlan 70[S7-Ethernet0/0/1]interface Ethernet0/0/2[S7-Ethernet0/0/2] port link-type trunk[S7-Ethernet0/0/2] port trunk pvid vlan 120[S7-Ethernet0/0/2] port trunk allow-pass vlan 70 120[S7-Ethernet0/0/2]interface Ethernet0/0/3[S7-Ethernet0/0/3] port link-type access[S7-Ethernet0/0/3] port default vlan 70[S7-Ethernet0/0/3]interface GigabitEthernet0/0/1[S7-GigabitEthernet0/0/1] port link-type trunk[S7-GigabitEthernet0/0/1] port trunk allow-pass vlan 70 120[S7-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2[S7-GigabitEthernet0/0/2] port link-type trunk[S7-GigabitEthernet0/0/2] port trunk allow-pass vlan 70 120

8、接入SW8

<Huawei>system-view [Huawei]sysname S8[S8]undo info-center enable [S8]vlan batch 80 120[S8]interface Ethernet0/0/1[S8-Ethernet0/0/1] port link-type access[S8-Ethernet0/0/1] port default vlan 80[S8-Ethernet0/0/1]interface Ethernet0/0/2[S8-Ethernet0/0/2] port link-type trunk[S8-Ethernet0/0/2] port trunk pvid vlan 120[S8-Ethernet0/0/2] port trunk allow-pass vlan 80 120[S8-Ethernet0/0/2]interface Ethernet0/0/3[S8-Ethernet0/0/3] port link-type access[S8-Ethernet0/0/3] port default vlan 80[S8-Ethernet0/0/3]interface GigabitEthernet0/0/1[S8-GigabitEthernet0/0/1] port link-type trunk[S8-GigabitEthernet0/0/1] port trunk allow-pass vlan 80 120[S8-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2[S8-GigabitEthernet0/0/2] port link-type trunk[S8-GigabitEthernet0/0/2] port trunk allow-pass vlan 80 120

9、接入SW9

<Huawei>system-view [Huawei]sysname S9[S9]undo info-center enable [S9]vlan batch 90[S9]interface Ethernet0/0/1[S9-Ethernet0/0/1] port link-type access[S9-Ethernet0/0/1] port default vlan 90[S9-Ethernet0/0/1]interface Ethernet0/0/3[S9-Ethernet0/0/3] port link-type access[S9-Ethernet0/0/3] port default vlan 90[S9-Ethernet0/0/3]interface GigabitEthernet0/0/1[S9-GigabitEthernet0/0/1] port link-type trunk[S9-GigabitEthernet0/0/1] port trunk allow-pass vlan 90[S9-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2[S9-GigabitEthernet0/0/2] port link-type trunk[S9-GigabitEthernet0/0/2] port trunk allow-pass vlan 90

10、接入SW10

<Huawei>system-view [Huawei]sysname S10[S10]undo info-center enable [S10]vlan batch 100 110[S10]interface Ethernet0/0/1[S10-Ethernet0/0/1] port link-type access[S10-Ethernet0/0/1] port default vlan 100[S10-Ethernet0/0/1]interface Ethernet0/0/3[S10-Ethernet0/0/3] port link-type access[S10-Ethernet0/0/3] port default vlan 100[S10-Ethernet0/0/3]interface GigabitEthernet0/0/1[S10-GigabitEthernet0/0/1] port link-type trunk[S10-GigabitEthernet0/0/1] port trunk allow-pass vlan 100[S10-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2[S10-GigabitEthernet0/0/2] port link-type trunk[S10-GigabitEthernet0/0/2] port trunk allow-pass vlan 100

11、接入SW11

<Huawei>system-view [Huawei]sysname S11[S11]undo info-center enable [S11]vlan batch 110[S11]interface Ethernet0/0/1[S11-Ethernet0/0/1] port link-type access[S11-Ethernet0/0/1] port default vlan 110[S11-Ethernet0/0/1]interface Ethernet0/0/3[S11-Ethernet0/0/3] port link-type access[S11-Ethernet0/0/3] port default vlan 110[S11-Ethernet0/0/3]interface GigabitEthernet0/0/1[S11-GigabitEthernet0/0/1] port link-type trunk[S11-GigabitEthernet0/0/1] port trunk allow-pass vlan 110[S11-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2[S11-GigabitEthernet0/0/2] port link-type trunk[S11-GigabitEthernet0/0/2] port trunk allow-pass vlan 110

 12、汇聚LSW1

<Huawei>system-view[Huawei]sysname SW1[SW1]undo info-center enable[SW1]vlan batch 10 20 30 40 50 60 70 80 90 100[SW1]vlan batch 110 120 130 150[SW1]dhcp enable[SW1]stp region-configuration[SW1-mst-region] region-name mstp[SW1-mst-region] revision-level 10[SW1-mst-region] instance 1 vlan 10 20 30 40 50 60 [SW1-mst-region] instance 2 vlan 70 80 90 100 110 120 [SW1-mst-region] instance 3 vlan 130 [SW1-mst-region] active region-configuration[SW1-mst-region]interface GigabitEthernet0/0/1[SW1-GigabitEthernet0/0/1] port link-type trunk[SW1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 120[SW1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2[SW1-GigabitEthernet0/0/2] port link-type trunk[SW1-GigabitEthernet0/0/2] port trunk allow-pass vlan 20 120[SW1-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3[SW1-GigabitEthernet0/0/3] port link-type trunk[SW1-GigabitEthernet0/0/3] port trunk allow-pass vlan 30 120[SW1-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4[SW1-GigabitEthernet0/0/4] port link-type trunk[SW1-GigabitEthernet0/0/4] port trunk allow-pass vlan 40 120[SW1-GigabitEthernet0/0/4]interface GigabitEthernet0/0/5[SW1-GigabitEthernet0/0/5] port link-type trunk[SW1-GigabitEthernet0/0/5] port trunk allow-pass vlan 50 120[SW1-GigabitEthernet0/0/5]interface GigabitEthernet0/0/6[SW1-GigabitEthernet0/0/6] port link-type trunk[SW1-GigabitEthernet0/0/6] port trunk allow-pass vlan 60 120[SW1-GigabitEthernet0/0/6]interface GigabitEthernet0/0/7[SW1-GigabitEthernet0/0/7] port link-type trunk[SW1-GigabitEthernet0/0/7] port trunk allow-pass vlan 70 120[SW1-GigabitEthernet0/0/7]interface GigabitEthernet0/0/8[SW1-GigabitEthernet0/0/8] port link-type trunk[SW1-GigabitEthernet0/0/8] port trunk allow-pass vlan 80 120[SW1-GigabitEthernet0/0/8]interface GigabitEthernet0/0/9[SW1-GigabitEthernet0/0/9] port link-type trunk[SW1-GigabitEthernet0/0/9] port trunk allow-pass vlan 90 120[SW1-GigabitEthernet0/0/9]interface GigabitEthernet0/0/10[SW1-GigabitEthernet0/0/10] port link-type trunk[SW1-GigabitEthernet0/0/10] port trunk allow-pass vlan 100 120[SW1-GigabitEthernet0/0/10]interface GigabitEthernet0/0/11[SW1-GigabitEthernet0/0/11] port link-type trunk[SW1-GigabitEthernet0/0/11] port trunk allow-pass vlan 110 120[SW1-GigabitEthernet0/0/11]interface GigabitEthernet0/0/12[SW1-GigabitEthernet0/0/12] port link-type access[SW1-GigabitEthernet0/0/12] port default vlan 130[SW1-GigabitEthernet0/0/12]interface GigabitEthernet0/0/13[SW1-GigabitEthernet0/0/13] port link-type access[SW1-GigabitEthernet0/0/13] port default vlan 150[SW1-GigabitEthernet0/0/13]quit[SW1]interface Vlanif1[SW1-Vlanif1] ip address 192.168.1.1 255.255.255.0 [SW1-Vlanif1]interface Vlanif10[SW1-Vlanif10] ip address 192.168.8.2 255.255.248.0 [SW1-Vlanif10] vrrp vrid 10 virtual-ip 192.168.8.1[SW1-Vlanif10] vrrp vrid 10 priority 120[SW1-Vlanif10] dhcp select relay[SW1-Vlanif10] dhcp relay server-ip 192.168.150.1[SW1-Vlanif10]interface Vlanif20[SW1-Vlanif20] ip address 192.168.16.2 255.255.255.0 [SW1-Vlanif20] vrrp vrid 20 virtual-ip 192.168.16.1[SW1-Vlanif20] vrrp vrid 20 priority 120[SW1-Vlanif20] dhcp select relay[SW1-Vlanif20] dhcp relay server-ip 192.168.150.1[SW1-Vlanif20]interface Vlanif30[SW1-Vlanif30] ip address 192.168.17.2 255.255.255.0 [SW1-Vlanif30] vrrp vrid 30 virtual-ip 192.168.17.1[SW1-Vlanif30] vrrp vrid 30 priority 120[SW1-Vlanif30] dhcp select relay[SW1-Vlanif30] dhcp relay server-ip 192.168.150.1[SW1-Vlanif30]interface Vlanif40[SW1-Vlanif40] ip address 192.168.20.2 255.255.252.0 [SW1-Vlanif40] vrrp vrid 40 virtual-ip 192.168.20.1[SW1-Vlanif40] vrrp vrid 40 priority 120[SW1-Vlanif40] dhcp select relay[SW1-Vlanif40] dhcp relay server-ip 192.168.150.1[SW1-Vlanif40]interface Vlanif50[SW1-Vlanif50] ip address 192.168.24.2 255.255.255.0 [SW1-Vlanif50] vrrp vrid 50 virtual-ip 192.168.24.1[SW1-Vlanif50] vrrp vrid 50 priority 120[SW1-Vlanif50] dhcp select relay[SW1-Vlanif50] dhcp relay server-ip 192.168.150.1[SW1-Vlanif50]interface Vlanif60[SW1-Vlanif60] ip address 192.168.25.2 255.255.255.0 [SW1-Vlanif60] vrrp vrid 60 virtual-ip 192.168.25.1[SW1-Vlanif60] vrrp vrid 60 priority 120[SW1-Vlanif60] dhcp select relay[SW1-Vlanif60] dhcp relay server-ip 192.168.150.1[SW1-Vlanif60]interface Vlanif70[SW1-Vlanif70] ip address 192.168.32.2 255.255.248.0 [SW1-Vlanif70] vrrp vrid 70 virtual-ip 192.168.32.1[SW1-Vlanif70] dhcp select relay[SW1-Vlanif70] dhcp relay server-ip 192.168.150.1[SW1-Vlanif70]interface Vlanif80[SW1-Vlanif80] ip address 192.168.40.2 255.255.255.0 [SW1-Vlanif80] vrrp vrid 80 virtual-ip 192.168.40.1[SW1-Vlanif80] dhcp select relay[SW1-Vlanif80] dhcp relay server-ip 192.168.150.1[SW1-Vlanif80]interface Vlanif90[SW1-Vlanif90] ip address 192.168.44.2 255.255.252.0 [SW1-Vlanif90] vrrp vrid 90 virtual-ip 192.168.44.1[SW1-Vlanif90] dhcp select relay[SW1-Vlanif90] dhcp relay server-ip 192.168.150.1[SW1-Vlanif90]interface Vlanif100[SW1-Vlanif100] ip address 192.168.48.2 255.255.252.0  [SW1-Vlanif100] vrrp vrid 100 virtual-ip 192.168.48.1[SW1-Vlanif100] dhcp select relay[SW1-Vlanif100] dhcp relay server-ip 192.168.150.1[SW1-Vlanif110] vrrp vrid 110 virtual-ip 192.168.52.1[SW1-Vlanif110] dhcp select relay[SW1-Vlanif110] dhcp relay server-ip 192.168.150.1[SW1-Vlanif110]interface Vlanif120[SW1-Vlanif120] ip address 192.168.53.2 255.255.255.0 [SW1-Vlanif120] vrrp vrid 120 virtual-ip 192.168.53.1[SW1-Vlanif120] dhcp select relay[SW1-Vlanif120] dhcp relay server-ip 192.168.150.1[SW1-Vlanif120]interface Vlanif130[SW1-Vlanif130] ip address 192.168.130.2 255.255.255.0 [SW1-Vlanif130]interface Vlanif150[SW1-Vlanif150] ip address 192.168.150.2 255.255.255.0[SW1-Vlanif150]ospf 1 [SW1-ospf-1] import-route direct[SW1-ospf-1] area 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]  network 192.168.1.1 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]  network 192.168.8.2 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]  network 192.168.16.2 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]  network 192.168.17.2 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]  network 192.168.20.2 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]  network 192.168.24.2 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]  network 192.168.25.2 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]  network 192.168.32.2 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]  network 192.168.40.2 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]  network 192.168.44.2 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]  network 192.168.48.2 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]  network 192.168.52.2 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]  network 192.168.53.2 0.0.0.0[SW1-ospf-1-area-0.0.0.0]stp instance 1 root primary[SW1]stp instance 2 root secondary[SW1]stp instance 3 root primary

 13、汇聚LSW2

<Huawei>system-view[Huawei]sysname SW2[SW2]undo info-center enable[SW2]vlan batch 10 20 30 40 50 60 70 80 90 100[SW2]vlan batch 110 120[SW2]dhcp enable[SW2]stp region-configuration[SW2-mst-region] region-name mstp[SW2-mst-region] revision-level 10[SW2-mst-region] instance 1 vlan 10 20 30 40 50 60 [SW2-mst-region] instance 2 vlan 70 80 90 100 110 120 [SW2-mst-region] instance 3 vlan 130 [SW2-mst-region] active region-configuration[SW2-mst-region]interface GigabitEthernet0/0/1[SW2-GigabitEthernet0/0/1] port link-type trunk[SW2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 120[SW2-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2[SW2-GigabitEthernet0/0/2] port link-type trunk[SW2-GigabitEthernet0/0/2] port trunk allow-pass vlan 20 120[SW2-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3[SW2-GigabitEthernet0/0/3] port link-type trunk[SW2-GigabitEthernet0/0/3] port trunk allow-pass vlan 30 120[SW2-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4[SW2-GigabitEthernet0/0/4] port link-type trunk[SW2-GigabitEthernet0/0/4] port trunk allow-pass vlan 40 120[SW2-GigabitEthernet0/0/4]interface GigabitEthernet0/0/5[SW2-GigabitEthernet0/0/5] port link-type trunk[SW2-GigabitEthernet0/0/5] port trunk allow-pass vlan 50 120[SW2-GigabitEthernet0/0/5]interface GigabitEthernet0/0/6[SW2-GigabitEthernet0/0/6] port link-type trunk[SW2-GigabitEthernet0/0/6] port trunk allow-pass vlan 60 120[SW2-GigabitEthernet0/0/6]interface GigabitEthernet0/0/7[SW2-GigabitEthernet0/0/7] port link-type trunk[SW2-GigabitEthernet0/0/7] port trunk allow-pass vlan 70 120[SW2-GigabitEthernet0/0/7]interface GigabitEthernet0/0/8[SW2-GigabitEthernet0/0/8] port link-type trunk[SW2-GigabitEthernet0/0/8] port trunk allow-pass vlan 80 120[SW2-GigabitEthernet0/0/8]interface GigabitEthernet0/0/9[SW2-GigabitEthernet0/0/9] port link-type trunk[SW2-GigabitEthernet0/0/9] port trunk allow-pass vlan 90 120[SW2-GigabitEthernet0/0/9]interface GigabitEthernet0/0/10[SW2-GigabitEthernet0/0/10] port link-type trunk[SW2-GigabitEthernet0/0/10] port trunk allow-pass vlan 100 120[SW2-GigabitEthernet0/0/10]interface GigabitEthernet0/0/11[SW2-GigabitEthernet0/0/11] port link-type trunk[SW2-GigabitEthernet0/0/11] port trunk allow-pass vlan 110 120[SW2-GigabitEthernet0/0/11]interface Eth-Trunk1[SW2-Eth-Trunk1] port link-type trunk[SW2-Eth-Trunk1] port trunk allow-pass vlan 10 20 30 40 50 60 70 80 90 100[SW2-Eth-Trunk1] port trunk allow-pass vlan 110 120[SW2-Eth-Trunk1] mode lacp-static[SW2-Eth-Trunk1]interface Vlanif1[SW2-Vlanif1] ip address 192.168.2.1 255.255.255.0 [SW2-Vlanif1]interface Vlanif10[SW2-Vlanif10] ip address 192.168.8.3 255.255.248.0 [SW2-Vlanif10] vrrp vrid 10 virtual-ip 192.168.8.1[SW2-Vlanif10] dhcp select relay[SW2-Vlanif10] dhcp relay server-ip 192.168.150.1[SW2-Vlanif10]interface Vlanif20[SW2-Vlanif20] ip address 192.168.16.3 255.255.255.0 [SW2-Vlanif20] vrrp vrid 20 virtual-ip 192.168.16.1[SW2-Vlanif20] dhcp select relay[SW2-Vlanif20] dhcp relay server-ip 192.168.150.1[SW2-Vlanif20]interface Vlanif30[SW2-Vlanif30] ip address 192.168.17.3 255.255.255.0 [SW2-Vlanif30] vrrp vrid 30 virtual-ip 192.168.17.1[SW2-Vlanif30] dhcp select relay[SW2-Vlanif30] dhcp relay server-ip 192.168.150.1[SW2-Vlanif30]interface Vlanif40[SW2-Vlanif40] ip address 192.168.20.3 255.255.252.0 [SW2-Vlanif40] vrrp vrid 40 virtual-ip 192.168.20.1[SW2-Vlanif40] dhcp select relay[SW2-Vlanif40] dhcp relay server-ip 192.168.150.1[SW2-Vlanif40]interface Vlanif50[SW2-Vlanif50] ip address 192.168.24.3 255.255.255.0 [SW2-Vlanif50] vrrp vrid 50 virtual-ip 192.168.24.1[SW2-Vlanif50] dhcp select relay[SW2-Vlanif50] dhcp relay server-ip 192.168.150.1[SW2-Vlanif50]interface Vlanif60[SW2-Vlanif60] ip address 192.168.25.3 255.255.255.0 [SW2-Vlanif60] vrrp vrid 60 virtual-ip 192.168.25.1[SW2-Vlanif60] dhcp select relay[SW2-Vlanif60] dhcp relay server-ip 192.168.150.1[SW2-Vlanif60]interface Vlanif70[SW2-Vlanif70] ip address 192.168.32.3 255.255.248.0 [SW2-Vlanif70] vrrp vrid 70 virtual-ip 192.168.32.1[SW2-Vlanif70] vrrp vrid 70 priority 120[SW2-Vlanif70] dhcp select relay[SW2-Vlanif70] dhcp relay server-ip 192.168.150.1[SW2-Vlanif70]interface Vlanif80[SW2-Vlanif80] ip address 192.168.40.3 255.255.255.0 [SW2-Vlanif80] vrrp vrid 80 virtual-ip 192.168.40.1[SW2-Vlanif80] vrrp vrid 80 priority 120[SW2-Vlanif80] dhcp select relay[SW2-Vlanif80] dhcp relay server-ip 192.168.150.1[SW2-Vlanif80]interface Vlanif90[SW2-Vlanif90] ip address 192.168.44.3 255.255.252.0 [SW2-Vlanif90] vrrp vrid 90 virtual-ip 192.168.44.1[SW2-Vlanif90] vrrp vrid 90 priority 120[SW2-Vlanif90] dhcp relay server-ip 192.168.150.1[SW2-Vlanif90]interface Vlanif100[SW2-Vlanif100] ip address 192.168.48.3 255.255.252.0 [SW2-Vlanif100] vrrp vrid 100 virtual-ip 192.168.48.1[SW2-Vlanif100] vrrp vrid 100 priority 120[SW2-Vlanif100] dhcp select relay[SW2-Vlanif100] dhcp relay server-ip 192.168.150.1[SW2-Vlanif100]interface Vlanif110[SW2-Vlanif110] ip address 192.168.52.3 255.255.255.0 [SW2-Vlanif110] vrrp vrid 110 virtual-ip 192.168.52.1[SW2-Vlanif110] vrrp vrid 110 priority 120[SW2-Vlanif110] dhcp select relay[SW2-Vlanif110]ospf 1 [SW2-ospf-1] area 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]  network 192.168.2.1 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]  network 192.168.8.3 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]  network 192.168.16.3 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]  network 192.168.17.3 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]  network 192.168.20.3 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]  network 192.168.24.3 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]  network 192.168.25.3 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]  network 192.168.32.3 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]  network 192.168.40.3 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]  network 192.168.44.3 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]  network 192.168.48.3 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]  network 192.168.52.3 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]  network 192.168.53.3 0.0.0.0[SW2-ospf-1-area-0.0.0.0]stp instance 1 root secondary[SW2]stp instance 2 root primary[SW2]stp instance 3 root secondary

 14、无线AC

<AC6005>system-view [AC6005]undo info-center enable [AC6005] sysname AC1[AC1]vlan batch 130[AC1]vlan pool vlan10[AC1-vlan-pool-vlan10] vlan 10[AC1-vlan-pool-vlan10]vlan pool vlan20[AC1-vlan-pool-vlan20] vlan 20[AC1-vlan-pool-vlan20]vlan pool vlan30[AC1-vlan-pool-vlan30] vlan 30[AC1-vlan-pool-vlan30]vlan pool vlan70[AC1-vlan-pool-vlan70] vlan 70[AC1-vlan-pool-vlan70]vlan pool vlan80[AC1-vlan-pool-vlan80] vlan 80[AC1-vlan-pool-vlan80]quit[AC1]interface Vlanif130[AC1-Vlanif130] ip address 192.168.130.1 255.255.255.0[AC1-Vlanif130]interface GigabitEthernet0/0/1[AC1-GigabitEthernet0/0/1] port link-type access[AC1-GigabitEthernet0/0/1] port default vlan 130[AC1-GigabitEthernet0/0/1]quit[AC1]ip route-static 0.0.0.0 0.0.0.0 192.168.130.2[AC1]capwap source interface vlanif130[AC1]wlan[AC1-wlan-view]ap auth-mode mac-auth [AC1-wlan-view]regulatory-domain-profile name China[AC1-wlan-regulate-domain-China]country-code CN [AC1-wlan-regulate-domain-China]quit[AC1-wlan-view]ap-id 1 type-id 69 ap-mac 00e0-fc8b-7c80[AC1-wlan-ap-1]ap-name AP1[AC1-wlan-ap-1]ap-group ap1[AC1-wlan-ap-1]ap-id 2 type-id 69 ap-mac 00e0-fc5d-2640 [AC1-wlan-ap-2] ap-name AP2[AC1-wlan-ap-2] ap-group ap2[AC1-wlan-ap-2] ap-id 3 type-id 69 ap-mac 00e0-fc2e-5ad0 [AC1-wlan-ap-3]ap-name AP3[AC1-wlan-ap-3]ap-group ap3[AC1-wlan-ap-3]ap-id 4 type-id 69 ap-mac 00e0-fc3f-7770 [AC1-wlan-ap-4] ap-name AP4[AC1-wlan-ap-4]ap-group ap4[AC1-wlan-ap-4]ap-id 5 type-id 69 ap-mac 00e0-fcdc-0c70 [AC1-wlan-ap-5]ap-name AP5[AC1-wlan-ap-5]ap-group ap5[AC1-wlan-view] security-profile name xiaoyuan[AC1-wlan-sec-prof-xiaoyuan]security wpa2 psk pass-phrase 123456789 aes[AC1-wlan-sec-prof-xiaoyuan]quit[AC1-wlan-view] ssid-profile name xiaoyuan[AC1-wlan-ssid-prof-xiaoyuan][AC1-wlan-ssid-prof-xiaoyuan]  ssid Campus Network[AC1-wlan-ssid-prof-xiaoyuan]quit[AC1-wlan-view] vap-profile name ap1[AC1-wlan-vap-prof-ap1]service-vlan vlan-pool vlan10[AC1-wlan-vap-prof-ap1]ssid-profile xiaoyuan[AC1-wlan-vap-prof-ap1]security-profile xiaoyuan[AC1-wlan-vap-prof-ap1]vap-profile name ap2[AC1-wlan-vap-prof-ap2]service-vlan vlan-pool vlan20[AC1-wlan-vap-prof-ap2]ssid-profile xiaoyuan[AC1-wlan-vap-prof-ap2]security-profile xiaoyuan[AC1-wlan-vap-prof-ap2]vap-profile name ap3[AC1-wlan-vap-prof-ap3]service-vlan vlan-pool vlan30[AC1-wlan-vap-prof-ap3]ssid-profile xiaoyuan[AC1-wlan-vap-prof-ap3]security-profile xiaoyuan[AC1-wlan-vap-prof-ap3]vap-profile name ap4[AC1-wlan-vap-prof-ap4]service-vlan vlan-pool vlan70[AC1-wlan-vap-prof-ap4]ssid-profile xiaoyuan[AC1-wlan-vap-prof-ap4]security-profile xiaoyuan[AC1-wlan-vap-prof-ap4]vap-profile name ap5[AC1-wlan-vap-prof-ap5]service-vlan vlan-pool vlan80[AC1-wlan-vap-prof-ap5]ssid-profile xiaoyuan[AC1-wlan-vap-prof-ap5]security-profile xiaoyuan[AC1-wlan-vap-prof-ap5]quit[AC1-wlan-view]ap-group name ap1[AC1-wlan-ap-group-ap1]regulatory-domain-profile China[AC1-wlan-ap-group-ap1]vap-profile ap1 wlan 1  radio 0[AC1-wlan-ap-group-ap1]vap-profile ap1 wlan 1 radio 1[AC1-wlan-ap-group-ap1]quit[AC1-wlan-view]ap-group name ap2[AC1-wlan-ap-group-ap2]regulatory-domain-profile China[AC1-wlan-ap-group-ap2]vap-profile ap2 wlan 1  radio 0[AC1-wlan-ap-group-ap2]vap-profile ap2 wlan 1 radio 1[AC1-wlan-ap-group-ap2]quit[AC1-wlan-view]ap-group name ap3[AC1-wlan-ap-group-ap3]regulatory-domain-profile China[AC1-wlan-ap-group-ap3]vap-profile ap3 wlan 1  radio 0[AC1-wlan-ap-group-ap3]vap-profile ap3 wlan 1 radio 1[AC1-wlan-ap-group-ap3]quit[AC1-wlan-view]ap-group name ap4[AC1-wlan-ap-group-ap4]regulatory-domain-profile China[AC1-wlan-ap-group-ap4]vap-profile ap4 wlan 1  radio 0[AC1-wlan-ap-group-ap4]vap-profile ap4 wlan 1 radio 1[AC1-wlan-ap-group-ap4]quit[AC1-wlan-view]ap-group name ap5[AC1-wlan-ap-group-ap5]regulatory-domain-profile China[AC1-wlan-ap-group-ap5]vap-profile ap5 wlan 1  radio 0[AC1-wlan-ap-group-ap5]vap-profile ap5 wlan 1 radio 1[AC1-wlan-ap-group-ap5]quit

15、DHCP

这里使用一台路由器充当DHCP服务器

<Huawei>system-view[Huawei]sysname DHCP[DHCP]undo info-center enable[DHCP]dhcp enable[DHCP]interface GigabitEthernet0/0/0[DHCP-GigabitEthernet0/0/0] ip address 192.168.150.1 255.255.255.0[DHCP-GigabitEthernet0/0/0] dhcp select global[DHCP-GigabitEthernet0/0/0]ip pool vlan10[DHCP-ip-pool-vlan10] gateway-list 192.168.8.1[DHCP-ip-pool-vlan10] network 192.168.8.0 mask 255.255.248.0[DHCP-ip-pool-vlan10] excluded-ip-address 192.168.8.2 192.168.8.3[DHCP-ip-pool-vlan10] dns-list 100.1.1.1[DHCP-ip-pool-vlan10]ip pool vlan20[DHCP-ip-pool-vlan20] gateway-list 192.168.16.1[DHCP-ip-pool-vlan20] network 192.168.16.0 mask 255.255.255.0[DHCP-ip-pool-vlan20] excluded-ip-address 192.168.16.2 192.168.16.3[DHCP-ip-pool-vlan20] dns-list 100.1.1.1[DHCP-ip-pool-vlan20]ip pool vlan30[DHCP-ip-pool-vlan30] gateway-list 192.168.17.1[DHCP-ip-pool-vlan30] network 192.168.17.0 mask 255.255.255.0[DHCP-ip-pool-vlan30] excluded-ip-address 192.168.17.2 192.168.17.3[DHCP-ip-pool-vlan30] dns-list 100.1.1.1[DHCP-ip-pool-vlan30]ip pool vlan40[DHCP-ip-pool-vlan40] gateway-list 192.168.20.1[DHCP-ip-pool-vlan40] network 192.168.20.0 mask 255.255.252.0[DHCP-ip-pool-vlan40] excluded-ip-address 192.168.20.2 192.168.20.3[DHCP-ip-pool-vlan40] dns-list 100.1.1.1[DHCP-ip-pool-vlan40]ip pool vlan50[DHCP-ip-pool-vlan50] gateway-list 192.168.24.1[DHCP-ip-pool-vlan50] network 192.168.24.0 mask 255.255.255.0[DHCP-ip-pool-vlan50] excluded-ip-address 192.168.24.2 192.168.24.3[DHCP-ip-pool-vlan50] dns-list 100.1.1.1[DHCP-ip-pool-vlan50]ip pool vlan60[DHCP-ip-pool-vlan60] gateway-list 192.168.25.1[DHCP-ip-pool-vlan60] network 192.168.25.0 mask 255.255.255.0[DHCP-ip-pool-vlan60] excluded-ip-address 192.168.25.2 192.168.25.3[DHCP-ip-pool-vlan60] dns-list 100.1.1.1[DHCP-ip-pool-vlan60]ip pool vlan70[DHCP-ip-pool-vlan70] gateway-list 192.168.32.1[DHCP-ip-pool-vlan70] network 192.168.32.0 mask 255.255.248.0[DHCP-ip-pool-vlan70] excluded-ip-address 192.168.32.2 192.168.32.3[DHCP-ip-pool-vlan70] dns-list 100.1.1.1[DHCP-ip-pool-vlan70]ip pool vlan80[DHCP-ip-pool-vlan80] gateway-list 192.168.40.1 [DHCP-ip-pool-vlan80] network 192.168.40.0 mask 255.255.255.0 [DHCP-ip-pool-vlan80] excluded-ip-address 192.168.40.2 192.168.40.3 [DHCP-ip-pool-vlan80] dns-list 100.1.1.1 [DHCP-ip-pool-vlan80]ip pool vlan90[DHCP-ip-pool-vlan90] gateway-list 192.168.44.1 [DHCP-ip-pool-vlan90] network 192.168.44.0 mask 255.255.252.0 [DHCP-ip-pool-vlan90] excluded-ip-address 192.168.44.2 192.168.44.3 [DHCP-ip-pool-vlan90] dns-list 100.1.1.1 [DHCP-ip-pool-vlan90]ip pool vlan100[DHCP-ip-pool-vlan100] gateway-list 192.168.48.1 [DHCP-ip-pool-vlan100] network 192.168.48.0 mask 255.255.252.0 [DHCP-ip-pool-vlan100] excluded-ip-address 192.168.48.2 192.168.48.3 [DHCP-ip-pool-vlan100] dns-list 100.1.1.1 [DHCP-ip-pool-vlan100]ip pool vlan110[DHCP-ip-pool-vlan110] gateway-list 192.168.52.1 [DHCP-ip-pool-vlan110] network 192.168.52.0 mask 255.255.255.0 [DHCP-ip-pool-vlan110] excluded-ip-address 192.168.52.2 192.168.52.3 [DHCP-ip-pool-vlan110] dns-list 100.1.1.1 [DHCP-ip-pool-vlan110]ip pool vlan120[DHCP-ip-pool-vlan120] gateway-list 192.168.53.1 [DHCP-ip-pool-vlan120] network 192.168.53.0 mask 255.255.255.0 [DHCP-ip-pool-vlan120] excluded-ip-address 192.168.53.2 192.168.53.3 [DHCP-ip-pool-vlan120] option 43 sub-option 3 ascii 192.168.130.1[DHCP-ip-pool-vlan120]ip route-static 0.0.0.0 0.0.0.0 192.168.150.2

 16、核心AR1

<Huawei>system-view[Huawei]sysname R1[R1]undo info-center enable[R1]interface GigabitEthernet0/0/0[R1-GigabitEthernet0/0/0] ip address 192.168.1.2 255.255.255.0 [R1-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1[R1-GigabitEthernet0/0/1] ip address 10.1.111.1 255.255.255.0 [R1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2[R1-GigabitEthernet0/0/2] ip address 10.1.121.2 255.255.255.0 [R1-GigabitEthernet0/0/2]ospf 1 [R1-ospf-1] area 0.0.0.0 [R1-ospf-1-area-0.0.0.0]  network 10.1.111.1 0.0.0.0 [R1-ospf-1-area-0.0.0.0]  network 10.1.121.2 0.0.0.0 [R1-ospf-1-area-0.0.0.0]  network 192.168.1.2 0.0.0.0

 17、核心AR2

<Huawei>system-view[Huawei]sysname S2[S2]undo  info-center enable[S2]interface GigabitEthernet0/0/0[S2-GigabitEthernet0/0/0] ip address 192.168.2.2 255.255.255.0 [S2-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1[S2-GigabitEthernet0/0/1] ip address 10.1.111.2 255.255.255.0 [S2-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2[S2-GigabitEthernet0/0/2] ip address 10.1.131.2 255.255.255.0 [S2-GigabitEthernet0/0/2]ospf 1 [S2-ospf-1][S2-ospf-1] area 0.0.0.0 [S2-ospf-1-area-0.0.0.0]  network 10.1.111.2 0.0.0.0 [S2-ospf-1-area-0.0.0.0]  network 10.1.131.2 0.0.0.0 [S2-ospf-1-area-0.0.0.0]  network 192.168.2.2 0.0.0.0

 18、防火墙FW1&FW2

FW1:<USG6000V1>system-view [USG6000V1]undo info-center enable [USG6000V1]sysname FW1[FW1]interface GigabitEthernet1/0/0[FW1-GigabitEthernet1/0/0] ip address 10.1.1.21 255.255.255.0[FW1-GigabitEthernet1/0/0] service-manage ping permit[FW1-GigabitEthernet1/0/0]interface GigabitEthernet1/0/1[FW1-GigabitEthernet1/0/1] undo shutdownInfo: Interface GigabitEthernet1/0/1 is not shutdown.[FW1-GigabitEthernet1/0/1] ip address 10.1.121.1 255.255.255.0[FW1-GigabitEthernet1/0/1] service-manage ping permit[FW1-GigabitEthernet1/0/1]interface GigabitEthernet1/0/2[FW1-GigabitEthernet1/0/2] ip address 8.8.8.21 255.255.255.0[FW1-GigabitEthernet1/0/2] service-manage ping permit[FW1-GigabitEthernet1/0/2]interface GigabitEthernet1/0/3[FW1-GigabitEthernet1/0/3] ip address 100.1.1.252 255.255.255.0[FW1-GigabitEthernet1/0/3] vrrp vrid 10 virtual-ip 100.1.1.254 active[FW1-GigabitEthernet1/0/3] service-manage ping permit[FW1-GigabitEthernet1/0/3]quit[FW1]firewall zone trust[FW1-zone-trust] add interface GigabitEthernet1/0/1[FW1-zone-trust]firewall zone untrust[FW1-zone-untrust] add interface GigabitEthernet1/0/0[FW1-zone-untrust]firewall zone dmz[FW1-zone-dmz] add interface GigabitEthernet1/0/2[FW1-zone-dmz] add interface GigabitEthernet1/0/3[FW1-zone-dmz]quit[FW1]ospf 1[FW1-ospf-1] area 0.0.0.0[FW1-ospf-1-area-0.0.0.0]network 8.8.8.21 0.0.0.0[FW1-ospf-1-area-0.0.0.0]network 10.1.1.21 0.0.0.0[FW1-ospf-1-area-0.0.0.0]network 10.1.121.1 0.0.0.0[FW1-ospf-1-area-0.0.0.0]network 100.1.1.252 0.0.0.0[FW1-ospf-1-area-0.0.0.0]quit[FW1-ospf-1]quitFW2:<USG6000V1>system-view [USG6000V1]undo info-center enable [USG6000V1]sysname FW2[FW2]interface GigabitEthernet1/0/0[FW2-GigabitEthernet1/0/0]ip address 20.1.1.22 255.255.255.0[FW2-GigabitEthernet1/0/0]service-manage ping permit[FW2-GigabitEthernet1/0/0]interface GigabitEthernet1/0/1[FW2-GigabitEthernet1/0/1]ip address 10.1.131.1 255.255.255.0[FW2-GigabitEthernet1/0/1]service-manage ping permit[FW2-GigabitEthernet1/0/1]interface GigabitEthernet1/0/2[FW2-GigabitEthernet1/0/2]ip address 8.8.8.22 255.255.255.0[FW2-GigabitEthernet1/0/2]service-manage ping permit[FW2-GigabitEthernet1/0/2]interface GigabitEthernet1/0/3[FW2-GigabitEthernet1/0/3] ip address 100.1.1.253 255.255.255.0[FW2-GigabitEthernet1/0/3]vrrp vrid 10 virtual-ip 100.1.1.254 standby[FW2-GigabitEthernet1/0/3]service-manage ping permit[FW2-GigabitEthernet1/0/3]quit[FW2]firewall zone trust[FW2-zone-trust] add interface GigabitEthernet1/0/1[FW2-zone-trust]firewall zone untrust[FW2-zone-untrust] add interface GigabitEthernet1/0/0[FW2-zone-untrust]firewall zone dmz[FW2-zone-dmz] add interface GigabitEthernet1/0/2[FW2-zone-dmz] add interface GigabitEthernet1/0/3[FW2-zone-dmz]quit[FW2]ospf 1[FW2-ospf-1]area 0.0.0.0[FW2-ospf-1-area-0.0.0.0]network 8.8.8.22 0.0.0.0[FW2-ospf-1-area-0.0.0.0]network 10.1.131.1 0.0.0.0[FW2-ospf-1-area-0.0.0.0]network 20.1.1.22 0.0.0.0[FW2-ospf-1-area-0.0.0.0]network 100.1.1.253 0.0.0.0[FW2-ospf-1-area-0.0.0.0]quit[FW2-ospf-1]quitFW1防火墙双击热备我没有放,就先省略了,配置了FW1的策略,FW2的也就自然而然的自动备份上了,这里FW2是备份防火墙,配置完就可以实现IPSec VPN,需要拷贝的可以找我,拷贝的是全的,请谅解!

分部/分校区部分 

19、接入SW12

<Huawei>system-view [Huawei]sysname S12[S12]undo info-center enable [S12]vlan batch 10[S12]interface Ethernet0/0/1[S12-Ethernet0/0/1] port link-type access[S12-Ethernet0/0/1] port default vlan 10[S12-Ethernet0/0/1]interface Ethernet0/0/2[S12-Ethernet0/0/2] port link-type access[S12-Ethernet0/0/2] port default vlan 10[S12-Ethernet0/0/2]interface GigabitEthernet0/0/1[S12-GigabitEthernet0/0/1] port link-type trunk[S12-GigabitEthernet0/0/1] port trunk allow-pass vlan 10

20、接入SW13

<Huawei>system-view [Huawei]sysname S13[S13]undo info-center enable [S13]interface Ethernet0/0/1[S13-Ethernet0/0/1] port link-type access[S13-Ethernet0/0/1] port default vlan 20[S13-Ethernet0/0/1]interface Ethernet0/0/2[S13-Ethernet0/0/2] port link-type access[S13-Ethernet0/0/2] port default vlan 20[S13-Ethernet0/0/2]interface GigabitEthernet0/0/1[S13-GigabitEthernet0/0/1] port link-type trunk[S13-GigabitEthernet0/0/1] port trunk allow-pass vlan 20

21、接入SW14

<Huawei>system-view [Huawei]sysname S14[S14]vlan batch 30[S14]undo info-center enable [S14]interface Ethernet0/0/1[S14-Ethernet0/0/1] port link-type access[S14-Ethernet0/0/1] port default vlan 30[S14-Ethernet0/0/1]interface Ethernet0/0/2[S14-Ethernet0/0/2] port link-type access[S14-Ethernet0/0/2] port default vlan 30[S14-Ethernet0/0/2]interface GigabitEthernet0/0/1[S14-GigabitEthernet0/0/1] port link-type trunk[S14-GigabitEthernet0/0/1] port trunk allow-pass vlan 30

22、汇聚 LSW3

<Huawei>system-view[Huawei]sysname SW3[SW3]undo info-center enable[SW3]vlan batch 10 20 30[SW3]interface GigabitEthernet0/0/1[SW3-GigabitEthernet0/0/1] port link-type trunk[SW3-GigabitEthernet0/0/1] port trunk allow-pass vlan 10[SW3-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2[SW3-GigabitEthernet0/0/2] port link-type trunk[SW3-GigabitEthernet0/0/2] port trunk allow-pass vlan 20[SW3-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3[SW3-GigabitEthernet0/0/3] port link-type trunk[SW3-GigabitEthernet0/0/3] port trunk allow-pass vlan 30[SW3-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4[SW3-GigabitEthernet0/0/4] port link-type trunk[SW3-GigabitEthernet0/0/4] port trunk allow-pass vlan 10 20 30

23、核心AR3

[R3]dhcp enableInfo: The operation may take a few seconds. Please wait for a moment.done.[R3]interface GigabitEthernet0/0/0.10[R3-GigabitEthernet0/0/0.10] dot1q termination vid 10[R3-GigabitEthernet0/0/0.10] ip address 172.16.10.254 255.255.255.0 [R3-GigabitEthernet0/0/0.10] arp broadcast enable[R3-GigabitEthernet0/0/0.10] dhcp select interface[R3-GigabitEthernet0/0/0.10] dhcp server dns-list 100.1.1.1 [R3-GigabitEthernet0/0/0.10]interface GigabitEthernet0/0/0.20[R3-GigabitEthernet0/0/0.20] dot1q termination vid 20[R3-GigabitEthernet0/0/0.20] ip address 172.16.20.254 255.255.255.0 [R3-GigabitEthernet0/0/0.20] arp broadcast enable[R3-GigabitEthernet0/0/0.20] dhcp select interface[R3-GigabitEthernet0/0/0.20] dhcp server dns-list 100.1.1.1 [R3-GigabitEthernet0/0/0.20]interface GigabitEthernet0/0/0.30[R3-GigabitEthernet0/0/0.30] dot1q termination vid 30[R3-GigabitEthernet0/0/0.30] ip address 172.16.30.254 255.255.255.0 [R3-GigabitEthernet0/0/0.30] arp broadcast enable[R3-GigabitEthernet0/0/0.30] dhcp select interface[R3-GigabitEthernet0/0/0.30] dhcp server dns-list 100.1.1.1 [R3-GigabitEthernet0/0/0.30]interface GigabitEthernet0/0/1[R3-GigabitEthernet0/0/1] ip address 40.1.1.1 255.255.255.0 [R3-GigabitEthernet0/0/1]ospf 1 [R3-ospf-1][R3-ospf-1] area 0.0.0.0 [R3-ospf-1-area-0.0.0.0]  network 40.1.1.1 0.0.0.0 [R3-ospf-1-area-0.0.0.0]  network 172.16.10.254 0.0.0.0 [R3-ospf-1-area-0.0.0.0]  network 172.16.20.254 0.0.0.0 [R3-ospf-1-area-0.0.0.0]  network 172.16.30.254 0.0.0.0

 24、防火墙FW3

<USG6000V1>system-view [USG6000V1]undo info-center enable [USG6000V1]sysname FW3[FW3]interface GigabitEthernet1/0/0[FW3-GigabitEthernet1/0/0]ip address 40.1.1.21 255.255.255.0[FW3-GigabitEthernet1/0/0]service-manage ping permit[FW3-GigabitEthernet1/0/0]interface GigabitEthernet1/0/1[FW3-GigabitEthernet1/0/1]ip address 30.1.1.21 255.255.255.0[FW3-GigabitEthernet1/0/1]service-manage ping permit[FW3-GigabitEthernet1/0/1]quit[FW3]firewall zone trust[FW3-zone-trust] add interface GigabitEthernet1/0/0[FW3-zone-trust]firewall zone untrust[FW3-zone-untrust] add interface GigabitEthernet1/0/1[FW3-zone-untrust]quit[FW3]ospf 1[FW3-ospf-1]area 0.0.0.0[FW3-ospf-1-area-0.0.0.0]network 30.1.1.21 0.0.0.0[FW3-ospf-1-area-0.0.0.0]network 40.1.1.21 0.0.0.0[FW3-ospf-1-area-0.0.0.0]quit[FW3-ospf-1]quit[FW3]acl number 3000[FW3-acl-adv-3000]rule 5 permit ip source 172.16.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255 [FW3-acl-adv-3000]quit[FW3]ipsec proposal 10[FW3-ipsec-proposal-10]esp authentication-algorithm sha2-256 [FW3-ipsec-proposal-10]esp encryption-algorithm aes-256 [FW3-ipsec-proposal-10]quit[FW3]ike proposal 10[FW3-ike-proposal-10]encryption-algorithm aes-256 [FW3-ike-proposal-10]dh group14 [FW3-ike-proposal-10]authentication-algorithm sha2-256 [FW3-ike-proposal-10]authentication-method pre-share[FW3-ike-proposal-10]integrity-algorithm hmac-sha2-256 [FW3-ike-proposal-10]prf hmac-sha2-256 [FW3-ike-proposal-10]quit[FW3]ike peer fw12[FW3-ike-peer-fw12]pre-shared-key Hcie[FW3-ike-peer-fw12]ike-proposal 10[FW3-ike-peer-fw12]remote-address 10.1.1.21 [FW3-ike-peer-fw12]remote-address 20.1.1.22 [FW3-ike-peer-fw12]quit[FW3]ipsec policy map 10 isakmp[FW3-ipsec-policy-isakmp-map-10]security acl 3000[FW3-ipsec-policy-isakmp-map-10]ike-peer fw12[FW3-ipsec-policy-isakmp-map-10]proposal 10[FW3-ipsec-policy-isakmp-map-10]quit[FW3]interface GigabitEthernet1/0/1[FW3-GigabitEthernet1/0/1]ipsec policy map

ISP配置

<Huawei>system-view[Huawei]sysname ISP[ISP]undo info-center enable[ISP]interface GigabitEthernet0/0/0[ISP-GigabitEthernet0/0/0] ip address 10.1.1.1 255.255.255.0 [ISP-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1[ISP-GigabitEthernet0/0/1] ip address 20.1.1.1 255.255.255.0 [ISP-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2[ISP-GigabitEthernet0/0/2] ip address 30.1.1.1 255.255.255.0 [ISP-GigabitEthernet0/0/2]ospf 1 [ISP-ospf-1] area 0.0.0.0 [ISP-ospf-1-area-0.0.0.0]  network 10.1.1.1 0.0.0.0 [ISP-ospf-1-area-0.0.0.0]  network 20.1.1.1 0.0.0.0 [ISP-ospf-1-area-0.0.0.0]  network 30.1.1.1 0.0.0.0

附录

该拓扑图细节图

 


点击全文阅读


本文链接:http://zhangshiyu.com/post/162987.html

<< 上一篇 下一篇 >>

  • 评论(0)
  • 赞助本站

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

最新文章

  • 刺激!当不成你老婆就当你奶奶最新章节,刺激!当不成你老婆就当你奶奶章节在线阅读
  • Python+Django框架在线鲜花水果商城网站计算机毕业设计论文作品和开题报告参考
  • 现代 c++ 一:c++11 ~ c++23 新特性汇总
  • 【学习C++篇】 继承
  • 【Linux系统编程】第三十二弹---动态库实战指南:从零构建与高效集成的奥秘
  • Ubuntu搭建FTP服务器
  • 生成对抗网络在AI艺术展览中的创新与挑战【附保姆级代码】
  • 轻松部署自己的AI聊天助手LocalGPT并实现无公网IP远程交互
  • 逆天改命,从照顾寡嫂开始周毅小说大结局免费试读
  • 若是月亮还没来青梅菲菲周扬李安宁小说在线章节目录阅读最新章节
  • 《逆天改命,从照顾寡嫂开始》小说章节在线试读,《逆天改命,从照顾寡嫂开始》最新章节目录
  • 哪里能找到嫁给太子后,蛇蝎美人她温柔似水小说的最新更新和免费章节?

    关于我们 | 我要投稿 | 免责申明

    Copyright © 2020-2022 ZhangShiYu.com Rights Reserved.豫ICP备2022013469号-1