拓扑图
实验核心技术清单
- 基础配置:设备重命名、提示消息关闭
- 链路与拓扑:Eth-trunk 链路聚合、VLAN 划分、端口隔离
- 冗余与可靠性:MSTP(多生成树协议)、VRRP(虚拟路由冗余协议)
- 路由协议:OSPF(开放式最短路径优先)、RIP(路由信息协议)、默认路由、静态路由
- 地址分配:DHCP(动态主机配置协议)、DHCP 中继、DHCP snooping
- 安全与访问控制:ACL(访问控制列表)、IPsec VPN、GRE over IPsec、防火墙信任域、双机热备
- 网络互通:NAT(网络地址转换)、NAT Server、服务器负载均衡(轮询)
- 无线网络:WLAN(AC+AP 架构)、CAPWAP 隧道
- 其他:PPPoE、端口映射、NAT 策略、安全策略
资源获取
下面我会提供拓扑图以及详细的配置命令,因为接口也是做了很多规划的,所以用我提供的拓扑对照我提供的命令实施对小白更友好一些。
链接: https://pan.baidu.com/s/1tAsOgnyrV9BdrJySBEHRRg?pwd=7878 提取码: 7878
如有需要成品的,也可以评论区联系我获取(含实验报告,答辩PPT)
下面配置命令的前半部分我会提示大家在哪个机器上配置,大家配置的时候注意我提供的命令前的设备名称,防止敲错。
配置命令
内网-修改设备名称
这个图内的区域就属于内网区域也是主公司的区域
#先修改这几个交换机,配置命令列举一个
sys
sysname JR-SW01
#例如
<Huawei>sys
[Huawei]sysname HJ-SW01
[HJ-SW01]undo info-center enable #提示消息关闭命令
内网-链路聚合
# HJ-SW01配置
[HJ-SW01]int Eth-Trunk 1
[HJ-SW01-Eth-Trunk1]port link-type trunk
[HJ-SW01-Eth-Trunk1]port trunk allow-pass vlan all
[HJ-SW01-Eth-Trunk1]mode lacp-static
[HJ-SW01-Eth-Trunk1]mode lacp
[HJ-SW01-Eth-Trunk1]q
[HJ-SW01]int g0/0/23
[HJ-SW01-GigabitEthernet0/0/23]eth-trunk 1
[HJ-SW01-GigabitEthernet0/0/23]int g0/0/24
[HJ-SW01-GigabitEthernet0/0/24]eth-trunk 1
[HJ-SW01-GigabitEthernet0/0/24]q
# HJ-SW02配置
[HJ-SW02]int Eth-Trunk 1
[HJ-SW02-Eth-Trunk1]port link-type trunk
[HJ-SW02-Eth-Trunk1]port trunk allow-pass vlan all
[HJ-SW02-Eth-Trunk1]mode lacp
[HJ-SW02-Eth-Trunk1]q
[HJ-SW02]int g0/0/23
[HJ-SW02-GigabitEthernet0/0/23]eth-trunk 1
[HJ-SW02-GigabitEthernet0/0/23]int g0/0/24
[HJ-SW02-GigabitEthernet0/0/24]eth-trunk 1
[HJ-SW02-GigabitEthernet0/0/24]q
# HJ-SW03配置
[HJ-SW03]int Eth-Trunk 1
[HJ-SW03-Eth-Trunk1]port link-type trunk
[HJ-SW03-Eth-Trunk1]port trunk allow-pass vlan all
[HJ-SW03-Eth-Trunk1]mode lacp
[HJ-SW03-Eth-Trunk1]q
[HJ-SW03]int g0/0/23
[HJ-SW03-GigabitEthernet0/0/23]eth-trunk 1
[HJ-SW03-GigabitEthernet0/0/23]int g0/0/24
[HJ-SW03-GigabitEthernet0/0/24]eth-trunk 1
[HJ-SW03-GigabitEthernet0/0/24]q
。
# HJ-SW04配置
[HJ-SW04]int Eth-Trunk 1
[HJ-SW04-Eth-Trunk1]port link-type trunk
[HJ-SW04-Eth-Trunk1]port trunk allow-pass vlan all
[HJ-SW04-Eth-Trunk1]mode lacp
[HJ-SW04-Eth-Trunk1]q
[HJ-SW04]int g0/0/23
[HJ-SW04-GigabitEthernet0/0/23]eth-trunk 1
[HJ-SW04-GigabitEthernet0/0/23]int g0/0/24
[HJ-SW04-GigabitEthernet0/0/24]eth-trunk 1
[HJ-SW04-GigabitEthernet0/0/24]q
# HX-SW01配置
[HX-SW01]int Eth-Trunk 1
[HX-SW01-Eth-Trunk1]port link-type trunk
[HX-SW01-Eth-Trunk1]port trunk allow-pass vlan all
[HX-SW01-Eth-Trunk1]mode lacp
[HX-SW01-Eth-Trunk1]q
[HX-SW01]int g0/0/23
[HX-SW01-GigabitEthernet0/0/23]eth-trunk 1
[HX-SW01-GigabitEthernet0/0/23]int g0/0/24
[HX-SW01-GigabitEthernet0/0/24]eth-trunk 1
[HX-SW01-GigabitEthernet0/0/24]q
[HX-SW01]
# HX-SW02配置
[HX-SW02]int Eth-Trunk 1
[HX-SW02-Eth-Trunk1]port link-type trunk
[HX-SW02-Eth-Trunk1]port trunk allow-pass vlan all
[HX-SW02-Eth-Trunk1]mode lacp
[HX-SW02-Eth-Trunk1]q
[HX-SW02]int g0/0/23
[HX-SW02-GigabitEthernet0/0/23]eth-trunk 1
[HX-SW02-GigabitEthernet0/0/23]int g0/0/24
[HX-SW02-GigabitEthernet0/0/24]eth-trunk 1
[HX-SW02-GigabitEthernet0/0/24]q
[HX-SW02]
内网-vlan接入
给上面几个交换机都敲这个命令(添加vlan)
vlan batch 10 20 30 40 50 60 70 80 100
然后开始配置
# JR-SW01配置
[JR-SW01]vlan batch 10 100
[JR-SW01]int Ethernet 0/0/3
[JR-SW01-Ethernet0/0/3]port link-type access
[JR-SW01-Ethernet0/0/3]port default vlan 10
[JR-SW01-Ethernet0/0/3]
[JR-SW01]int Ethernet 0/0/1
[JR-SW01-Ethernet0/0/1]port link-type trunk
[JR-SW01-Ethernet0/0/1]port trunk allow-pass vlan all
[JR-SW01-Ethernet0/0/1]int Ethernet 0/0/2
[JR-SW01-Ethernet0/0/2]port link-type trunk
[JR-SW01-Ethernet0/0/2]port trunk allow-pass vlan all
[JR-SW01-Ethernet0/0/2]
# JR-SW02配置
[JR-SW02]vlan batch 20 100
[JR-SW02]int Ethernet 0/0/3
[JR-SW02-Ethernet0/0/3]port link-type access
[JR-SW02-Ethernet0/0/3]port default vlan 20
[JR-SW02]int Ethernet 0/0/1
[JR-SW02-Ethernet0/0/1]port link-type trunk
[JR-SW02-Ethernet0/0/1]port trunk allow-pass vlan all
[JR-SW02-Ethernet0/0/1]int Ethernet 0/0/2
[JR-SW02-Ethernet0/0/2]port link-type trunk
[JR-SW02-Ethernet0/0/2]port trunk allow-pass vlan all
# JR-SW03配置
[JR-SW03]vlan batch 30 100
[JR-SW03]int Ethernet 0/0/3
[JR-SW03-Ethernet0/0/3]port link-type access
[JR-SW03-Ethernet0/0/3]port default vlan 30
[JR-SW03-Ethernet0/0/3]
[JR-SW03]int Ethernet 0/0/1
[JR-SW03-Ethernet0/0/1]port link-type trunk
[JR-SW03-Ethernet0/0/1]port trunk allow-pass vlan all
[JR-SW03-Ethernet0/0/1]int Ethernet 0/0/2
[JR-SW03-Ethernet0/0/2]port link-type trunk
[JR-SW03-Ethernet0/0/2]port trunk allow-pass vlan all
[JR-SW03-Ethernet0/0/2]
# JR-SW04配置
[JR-SW04]vlan batch 40 100
[JR-SW04]int Ethernet 0/0/3
[JR-SW04-Ethernet0/0/3]port link-type access
[JR-SW04-Ethernet0/0/3]port default vlan 40
[JR-SW04]int Ethernet 0/0/1
[JR-SW04-Ethernet0/0/1]port link-type trunk
[JR-SW04-Ethernet0/0/1]port trunk allow-pass vlan all
[JR-SW04-Ethernet0/0/1]int Ethernet 0/0/2
[JR-SW04-Ethernet0/0/2]port link-type trunk
[JR-SW04-Ethernet0/0/2]port trunk allow-pass vlan all
[JR-SW04-Ethernet0/0/2]
# JR-SW05配置
[JR-SW05]vlan batch 50 100
[JR-SW05]int Ethernet 0/0/3
[JR-SW05-Ethernet0/0/3]port link-type access
[JR-SW05-Ethernet0/0/3]port default vlan 50
[JR-SW05]int Ethernet 0/0/1
[JR-SW05-Ethernet0/0/1]port link-type trunk
[JR-SW05-Ethernet0/0/1]port trunk allow-pass vlan all
[JR-SW05-Ethernet0/0/1]int Ethernet 0/0/2
[JR-SW05-Ethernet0/0/2]port link-type trunk
[JR-SW05-Ethernet0/0/2]port trunk allow-pass vlan all
[JR-SW05-Ethernet0/0/2]
# JR-SW06配置
[JR-SW06]vlan batch 60 100
[JR-SW06]int Ethernet 0/0/3
[JR-SW06-Ethernet0/0/3]port link-type access
[JR-SW06-Ethernet0/0/3]port default vlan 60
[JR-SW06-Ethernet0/0/3]
[JR-SW06]int Ethernet 0/0/1
[JR-SW06-Ethernet0/0/1]port link-type trunk
[JR-SW06-Ethernet0/0/1]port trunk allow-pass vlan all
[JR-SW06-Ethernet0/0/1]int Ethernet 0/0/2
[JR-SW06-Ethernet0/0/2]port link-type trunk
[JR-SW06-Ethernet0/0/2]port trunk allow-pass vlan all
[JR-SW06-Ethernet0/0/2]
# JR-SW07配置
[JR-SW07]vlan batch 70 100
[JR-SW07]int Ethernet 0/0/3
[JR-SW07-Ethernet0/0/3]port link-type access
[JR-SW07-Ethernet0/0/3]port default vlan 70
[JR-SW07]int Ethernet 0/0/1
[JR-SW07-Ethernet0/0/1]port link-type trunk
[JR-SW07-Ethernet0/0/1]port trunk allow-pass vlan all
[JR-SW07-Ethernet0/0/1]int Ethernet 0/0/2
[JR-SW07-Ethernet0/0/2]port link-type trunk
[JR-SW07-Ethernet0/0/2]port trunk allow-pass vlan all
[JR-SW07-Ethernet0/0/2]
# JR-SW08配置
[JR-SW08]vlan batch 80 100
[JR-SW08]int Ethernet 0/0/3
[JR-SW08-Ethernet0/0/3]port link-type access
[JR-SW08-Ethernet0/0/3]port default vlan 80
[JR-SW08]int Ethernet 0/0/1
[JR-SW08-Ethernet0/0/1]port link-type trunk
[JR-SW08-Ethernet0/0/1]port trunk allow-pass vlan all
[JR-SW08-Ethernet0/0/1]int Ethernet 0/0/2
[JR-SW08-Ethernet0/0/2]port link-type trunk
[JR-SW08-Ethernet0/0/2]port trunk allow-pass vlan all
[JR-SW08-Ethernet0/0/2]
# HJ-SW01配置
[HJ-SW01]port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/6
[HJ-SW01-port-group]port link-type trunk
[HJ-SW01-port-group]port trunk allow-pass vlan all
[HJ-SW01-port-group]
# HJ-SW02配置
[HJ-SW02]port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/6
[HJ-SW02-port-group]port link-type trunk
[HJ-SW02-port-group]port trunk allow-pass vlan all
# HJ-SW03配置
[HJ-SW03]port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/6
[HJ-SW03-port-group]port link-type trunk
[HJ-SW03-port-group]port trunk allow-pass vlan all
[HJ-SW03-port-group]
# HJ-SW04配置
[HJ-SW04]port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/6
[HJ-SW04-port-group]port link-type trunk
[HJ-SW04-port-group]port trunk allow-pass vlan all
# HX-SW01配置
[HX-SW01]port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/4
[HX-SW01-port-group]port link-type trunk
[HX-SW01-port-group]port trunk allow-pass vlan all
# HX-SW02配置
[HX-SW02]port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/4
[HX-SW02-port-group]port link-type trunk
[HX-SW02-port-group]port trunk allow-pass vlan all
内网-MSTP
给上述框出来的交换机配置
stp region-configuration
region-name dxm
revision-level 10
instance 1 vlan 10 20 30 40 100
instance 2 vlan 50 60 70 80 101
active region-configuration
# 例如:
[HX-SW01]stp region-configuration
[HX-SW01-mst-region]region-name dxm
[HX-SW01-mst-region]revision-level 10
[HX-SW01-mst-region]instance 1 vlan 10 20 30 40 100
[HX-SW01-mst-region]instance 2 vlan 50 60 70 80 101
[HX-SW01-mst-region]active region-configuration
[HX-SW01-mst-region]
配置主副根桥
# HX-SW01配置
[HX-SW01]stp instance 1 root secondary
[HX-SW01]stp instance 2 root secondary
# HX-SW02配置
[HX-SW02]stp instance 1 root secondary
[HX-SW02]stp instance 2 root primary
内网-VRRP
# HX-SW01配置
[HX-SW01]interface Vlanif 10
[HX-SW01-Vlanif10]ip add 192.168.10.254 24
[HX-SW01-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.254
[HX-SW01-Vlanif10]vrrp vrid 1 priority 130
[HX-SW01-Vlanif10]interface Vlanif 20
[HX-SW01-Vlanif20]ip add 192.168.20.254 24
[HX-SW01-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.254
[HX-SW01-Vlanif20]vrrp vrid 2 priority 130
[HX-SW01-Vlanif20]interface Vlanif 30
[HX-SW01-Vlanif30]ip add 192.168.30.254 24
[HX-SW01-Vlanif30]vrrp vrid 3 virtual-ip 192.168.30.254
[HX-SW01-Vlanif30]vrrp vrid 3 priority 130
[HX-SW01-Vlanif30]interface Vlanif 40
[HX-SW01-Vlanif40]ip add 192.168.40.254 24
[HX-SW01-Vlanif40]vrrp vrid 4 virtual-ip 192.168.40.254
[HX-SW01-Vlanif40]vrrp vrid 4 priority 130
[HX-SW01-Vlanif40]interface Vlanif 50
[HX-SW01-Vlanif50]ip add 192.168.50.253 24
[HX-SW01-Vlanif50]vrrp vrid 5 virtual-ip 192.168.50.254
[HX-SW01-Vlanif50]interface Vlanif 60
[HX-SW01-Vlanif60]ip add 192.168.60.253 24
[HX-SW01-Vlanif60]vrrp vrid 6 virtual-ip 192.168.60.254
[HX-SW01-Vlanif60]interface Vlanif 70
[HX-SW01-Vlanif70]ip add 192.168.70.253 24
[HX-SW01-Vlanif70]vrrp vrid 7 virtual-ip 192.168.70.254
[HX-SW01-Vlanif70]interface Vlanif 80
[HX-SW01-Vlanif80]ip add 192.168.80.253 24
[HX-SW01-Vlanif80]vrrp vrid 8 virtual-ip 192.168.80.254
# HX-SW02配置
[HX-SW02]interface Vlanif 50
[HX-SW02-Vlanif50]ip add 192.168.50.254 24
[HX-SW02-Vlanif50]vrrp vrid 5 virtual-ip 192.168.50.254
[HX-SW02-Vlanif50]vrrp vrid 5 priority 130
[HX-SW02-Vlanif50]interface Vlanif 60
[HX-SW02-Vlanif60]ip add 192.168.60.254 24
[HX-SW02-Vlanif60]vrrp vrid 6 virtual-ip 192.168.60.254
[HX-SW02-Vlanif60]vrrp vrid 6 priority 130
[HX-SW02-Vlanif60]interface Vlanif 70
[HX-SW02-Vlanif70]ip add 192.168.70.254 24
[HX-SW02-Vlanif70]vrrp vrid 7 virtual-ip 192.168.70.254
[HX-SW02-Vlanif70]vrrp vrid 7 priority 130
[HX-SW02-Vlanif70]interface Vlanif 80
[HX-SW02-Vlanif80]ip add 192.168.80.254 24
[HX-SW02-Vlanif80]vrrp vrid 8 virtual-ip 192.168.80.254
[HX-SW02-Vlanif80]vrrp vrid 8 priority 130
[HX-SW02-Vlanif80]interface Vlanif 10
[HX-SW02-Vlanif10]ip add 192.168.10.253 24
[HX-SW02-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.254
[HX-SW02-Vlanif10]interface Vlanif 20
[HX-SW02-Vlanif20]ip add 192.168.20.253 24
[HX-SW02-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.254
[HX-SW02-Vlanif20]interface Vlanif 30
[HX-SW02-Vlanif30]ip add 192.168.30.253 24
[HX-SW02-Vlanif30]vrrp vrid 3 virtual-ip 192.168.30.254
[HX-SW02-Vlanif30]interface Vlanif 40
[HX-SW02-Vlanif40]ip add 192.168.40.253 24
[HX-SW02-Vlanif40]vrrp vrid 4 virtual-ip 192.168.40.254
[HX-SW02-Vlanif40]
这里结束后ping一下其他网关的PC,正常结果是都可以互通的,反之及时排错
内网-DHCP
从这里开始不在强调设备名字,注意配置前看设备名
[HX-SW01]vlan batch 101
[HX-SW01]interface Vlanif 101
[HX-SW01-Vlanif101]ip address 192.168.101.253 24
[HX-SW02]vlan batch 101
[HX-SW02]interface Vlanif 101
[HX-SW02-Vlanif101]ip add 192.168.101.254 24
[HX-SW02-Vlanif101]
[HX-SW02]interface GigabitEthernet 0/0/22
[HX-SW02-GigabitEthernet0/0/22]port link-type access
[HX-SW02-GigabitEthernet0/0/22]port default vlan 101
[HX-SW02-GigabitEthernet0/0/22]
# 启动DHCP-server并改名
<Huawei>sys
[Huawei]undo info-center enable
[Huawei]sysname DHCP-Server
[DHCP-Server]
[DHCP-Server]dhcp enable
[DHCP-Server]interface GigabitEthernet 0/0/0
[DHCP-Server-GigabitEthernet0/0/0]ip add 192.168.101.1 24
[DHCP-Server-GigabitEthernet0/0/0]q
[DHCP-Server]ip pool vlan10
[DHCP-Server-ip-pool-vlan10]network 192.168.10.0 mask 255.255.255.0
[DHCP-Server-ip-pool-vlan10]gateway-list 192.168.10.254
[DHCP-Server-ip-pool-vlan10]dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan10]lease day 1
[DHCP-Server-ip-pool-vlan10]excluded-ip-address 192.168.10.254
[DHCP-Server-ip-pool-vlan10]excluded-ip-address 192.168.10.253
[DHCP-Server-ip-pool-vlan10]excluded-ip-address 192.168.10.1
[DHCP-Server-ip-pool-vlan10]q
--------------------------------------------------------------------
!!!!
[DHCP-Server-ip-pool-vlan10]excluded-ip-address 192.168.10.254
[DHCP-Server-ip-pool-vlan10]excluded-ip-address 192.168.10.253
这两条命令在不同的vlan中会报错一条,因为DHCP地址池会自动排除网关IP,所以这是正常现象,下面我就不清除提示信息了,方便观察
!!!!
---------------------------------------------------------------------
[DHCP-Server]ip pool vlan20
Info: It's successful to create an IP address pool.
[DHCP-Server-ip-pool-vlan20]
[DHCP-Server-ip-pool-vlan20]network 192.168.20.0 mask 255.255.255.0
[DHCP-Server-ip-pool-vlan20]
[DHCP-Server-ip-pool-vlan20]gateway-list 192.168.20.254
[DHCP-Server-ip-pool-vlan20]
[DHCP-Server-ip-pool-vlan20]dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan20]
[DHCP-Server-ip-pool-vlan20]lease day 1
[DHCP-Server-ip-pool-vlan20]
[DHCP-Server-ip-pool-vlan20]excluded-ip-address 192.168.20.254
Error:Only idle or expired IP address can be disabled.
[DHCP-Server-ip-pool-vlan20]
[DHCP-Server-ip-pool-vlan20]excluded-ip-address 192.168.20.253
[DHCP-Server-ip-pool-vlan20]
[DHCP-Server-ip-pool-vlan20]excluded-ip-address 192.168.20.1
[DHCP-Server-ip-pool-vlan20]q
[DHCP-Server]ip pool vlan30
Info: It's successful to create an IP address pool.
[DHCP-Server-ip-pool-vlan30]
[DHCP-Server-ip-pool-vlan30]network 192.168.30.0 mask 255.255.255.0
[DHCP-Server-ip-pool-vlan30]
[DHCP-Server-ip-pool-vlan30]gateway-list 192.168.30.254
[DHCP-Server-ip-pool-vlan30]
[DHCP-Server-ip-pool-vlan30]dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan30]
[DHCP-Server-ip-pool-vlan30]lease day 1
[DHCP-Server-ip-pool-vlan30]
[DHCP-Server-ip-pool-vlan30]excluded-ip-address 192.168.30.254
Error:Only idle or expired IP address can be disabled.
[DHCP-Server-ip-pool-vlan30]
[DHCP-Server-ip-pool-vlan30]excluded-ip-address 192.168.30.253
[DHCP-Server-ip-pool-vlan30]
[DHCP-Server-ip-pool-vlan30]excluded-ip-address 192.168.30.1
[DHCP-Server-ip-pool-vlan30]ip pool vlan40
Info: It's successful to create an IP address pool.
[DHCP-Server-ip-pool-vlan40]
[DHCP-Server-ip-pool-vlan40]network 192.168.40.0 mask 255.255.255.0
[DHCP-Server-ip-pool-vlan40]
[DHCP-Server-ip-pool-vlan40]gateway-list 192.168.40.254
[DHCP-Server-ip-pool-vlan40]
[DHCP-Server-ip-pool-vlan40]dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan40]
[DHCP-Server-ip-pool-vlan40]lease day 1
[DHCP-Server-ip-pool-vlan40]
[DHCP-Server-ip-pool-vlan40]excluded-ip-address 192.168.40.254
Error:Only idle or expired IP address can be disabled.
[DHCP-Server-ip-pool-vlan40]
[DHCP-Server-ip-pool-vlan40]excluded-ip-address 192.168.40.253
[DHCP-Server-ip-pool-vlan40]
[DHCP-Server-ip-pool-vlan40]excluded-ip-address 192.168.40.1
[DHCP-Server-ip-pool-vlan40]ip pool vlan50
Info: It's successful to create an IP address pool.
[DHCP-Server-ip-pool-vlan50]
[DHCP-Server-ip-pool-vlan50]network 192.168.50.0 mask 255.255.255.0
[DHCP-Server-ip-pool-vlan50]
[DHCP-Server-ip-pool-vlan50]gateway-list 192.168.50.254
[DHCP-Server-ip-pool-vlan50]
[DHCP-Server-ip-pool-vlan50]dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan50]
[DHCP-Server-ip-pool-vlan50]lease day 1
[DHCP-Server-ip-pool-vlan50]
[DHCP-Server-ip-pool-vlan50]excluded-ip-address 192.168.50.254
Error:Only idle or expired IP address can be disabled.
[DHCP-Server-ip-pool-vlan50]
[DHCP-Server-ip-pool-vlan50]excluded-ip-address 192.168.50.253
[DHCP-Server-ip-pool-vlan50]
[DHCP-Server-ip-pool-vlan50]excluded-ip-address 192.168.50.1
[DHCP-Server-ip-pool-vlan50]ip pool vlan60
Info: It's successful to create an IP address pool.
[DHCP-Server-ip-pool-vlan60]
[DHCP-Server-ip-pool-vlan60]network 192.168.60.0 mask 255.255.255.0
[DHCP-Server-ip-pool-vlan60]
[DHCP-Server-ip-pool-vlan60]gateway-list 192.168.60.254
[DHCP-Server-ip-pool-vlan60]
[DHCP-Server-ip-pool-vlan60]dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan60]
[DHCP-Server-ip-pool-vlan60]lease day 1
[DHCP-Server-ip-pool-vlan60]
[DHCP-Server-ip-pool-vlan60]excluded-ip-address 192.168.60.254
Error:Only idle or expired IP address can be disabled.
[DHCP-Server-ip-pool-vlan60]
[DHCP-Server-ip-pool-vlan60]excluded-ip-address 192.168.60.253
[DHCP-Server-ip-pool-vlan60]
[DHCP-Server-ip-pool-vlan60]excluded-ip-address 192.168.60.1
[DHCP-Server-ip-pool-vlan60]ip pool vlan70
Info: It's successful to create an IP address pool.
[DHCP-Server-ip-pool-vlan70]
[DHCP-Server-ip-pool-vlan70]network 192.168.70.0 mask 255.255.255.0
[DHCP-Server-ip-pool-vlan70]
[DHCP-Server-ip-pool-vlan70]gateway-list 192.168.70.254
[DHCP-Server-ip-pool-vlan70]
[DHCP-Server-ip-pool-vlan70]dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan70]
[DHCP-Server-ip-pool-vlan70]lease day 1
[DHCP-Server-ip-pool-vlan70]
[DHCP-Server-ip-pool-vlan70]excluded-ip-address 192.168.70.254
Error:Only idle or expired IP address can be disabled.
[DHCP-Server-ip-pool-vlan70]
[DHCP-Server-ip-pool-vlan70]excluded-ip-address 192.168.70.253
[DHCP-Server-ip-pool-vlan70]
[DHCP-Server-ip-pool-vlan70]excluded-ip-address 192.168.70.1
[DHCP-Server-ip-pool-vlan70]ip pool vlan80
Info: It's successful to create an IP address pool.
[DHCP-Server-ip-pool-vlan80]
[DHCP-Server-ip-pool-vlan80]network 192.168.80.0 mask 255.255.255.0
[DHCP-Server-ip-pool-vlan80]
[DHCP-Server-ip-pool-vlan80]gateway-list 192.168.80.254
[DHCP-Server-ip-pool-vlan80]
[DHCP-Server-ip-pool-vlan80]dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan80]
[DHCP-Server-ip-pool-vlan80]lease day 1
[DHCP-Server-ip-pool-vlan80]
[DHCP-Server-ip-pool-vlan80]excluded-ip-address 192.168.80.254
Error:Only idle or expired IP address can be disabled.
[DHCP-Server-ip-pool-vlan80]
[DHCP-Server-ip-pool-vlan80]excluded-ip-address 192.168.80.253
[DHCP-Server-ip-pool-vlan80]
[DHCP-Server-ip-pool-vlan80]excluded-ip-address 192.168.80.1
[DHCP-Server-ip-pool-vlan80]q
[DHCP-Server]interface GigabitEthernet 0/0/0
[DHCP-Server-GigabitEthernet0/0/0]dhcp select global
[DHCP-Server-GigabitEthernet0/0/0]q
[DHCP-Server]ip route-static 0.0.0.0 0.0.0.0 192.168.101.253
[DHCP-Server]ip route-static 0.0.0.0 0.0.0.0 192.168.101.254
内网-DHCP中继
[HX-SW01]dhcp enable
[HX-SW02]dhcp enable
[HX-SW01]interface Vlanif 10
[HX-SW01-Vlanif10]dhcp select relay
[HX-SW01-Vlanif10]dhcp relay server-ip 192.168.101.1
[HX-SW01-Vlanif10]interface Vlanif 20
[HX-SW01-Vlanif20]dhcp select relay
[HX-SW01-Vlanif20]dhcp relay server-ip 192.168.101.1
[HX-SW01-Vlanif20]interface Vlanif 30
[HX-SW01-Vlanif30]dhcp select relay
[HX-SW01-Vlanif30]dhcp relay server-ip 192.168.101.1
[HX-SW01-Vlanif30]interface Vlanif 40
[HX-SW01-Vlanif40]dhcp select relay
[HX-SW01-Vlanif40]dhcp relay server-ip 192.168.101.1
[HX-SW01-Vlanif40]interface Vlanif 50
[HX-SW01-Vlanif50]dhcp select relay
[HX-SW01-Vlanif50]dhcp relay server-ip 192.168.101.1
[HX-SW01-Vlanif50]interface Vlanif 60
[HX-SW01-Vlanif60]dhcp select relay
[HX-SW01-Vlanif60]dhcp relay server-ip 192.168.101.1
[HX-SW01-Vlanif60]interface Vlanif 70
[HX-SW01-Vlanif70]dhcp select relay
[HX-SW01-Vlanif70]dhcp relay server-ip 192.168.101.1
[HX-SW01-Vlanif70]interface Vlanif 80
[HX-SW01-Vlanif80]dhcp select relay
[HX-SW01-Vlanif80]dhcp relay server-ip 192.168.101.1
[HX-SW01-Vlanif80]
[HX-SW02]interface Vlanif 10
[HX-SW02-Vlanif10]dhcp select relay
[HX-SW02-Vlanif10]dhcp relay server-ip 192.168.101.1
[HX-SW02-Vlanif10]interface Vlanif 20
[HX-SW02-Vlanif20]dhcp select relay
[HX-SW02-Vlanif20]dhcp relay server-ip 192.168.101.1
[HX-SW02-Vlanif20]interface Vlanif 30
[HX-SW02-Vlanif30]dhcp select relay
[HX-SW02-Vlanif30]dhcp relay server-ip 192.168.101.1
[HX-SW02-Vlanif30]interface Vlanif 40
[HX-SW02-Vlanif40]dhcp select relay
[HX-SW02-Vlanif40]dhcp relay server-ip 192.168.101.1
[HX-SW02-Vlanif40]interface Vlanif 50
[HX-SW02-Vlanif50]dhcp select relay
[HX-SW02-Vlanif50]dhcp relay server-ip 192.168.101.1
[HX-SW02-Vlanif50]interface Vlanif 60
[HX-SW02-Vlanif60]dhcp select relay
[HX-SW02-Vlanif60]dhcp relay server-ip 192.168.101.1
[HX-SW02-Vlanif60]interface Vlanif 70
[HX-SW02-Vlanif70]dhcp select relay
[HX-SW02-Vlanif70]dhcp relay server-ip 192.168.101.1
[HX-SW02-Vlanif70]interface Vlanif 80
[HX-SW02-Vlanif80]dhcp select relay
[HX-SW02-Vlanif80]dhcp relay server-ip 192.168.101.1
[HX-SW02-Vlanif80]
内网-OSPF
[HX-SW01]interface Vlanif 100
[HX-SW01-Vlanif100]ip add 192.168.100.1 24
[HX-SW01]interface LoopBack 0
[HX-SW01-LoopBack0]ip add 1.1.1.1 32
[HX-SW01-LoopBack0]
[HX-SW02]int Vlanif 100
[HX-SW02-Vlanif100]ip add 192.168.100.2 24
[HX-SW02-Vlanif100]q
[HX-SW02]interface LoopBack 0
[HX-SW02-LoopBack0]ip add 2.2.2.2 32
[HX-SW02-LoopBack0]
[HJ-SW01]int Vlanif 100
[HJ-SW01-Vlanif100]ip add 192.168.100.3 24
[HJ-SW01-Vlanif100]q
[HJ-SW01]int LoopBack 0
[HJ-SW01-LoopBack0]ip add 3.3.3.3 32
[HJ-SW01-LoopBack0]
[HJ-SW02]int Vlanif 100
[HJ-SW02-Vlanif100]ip add 192.168.100.4 24
[HJ-SW02-Vlanif100]q
[HJ-SW02]int LoopBack 0
[HJ-SW02-LoopBack0]ip add 4.4.4.4 32
[HJ-SW02-LoopBack0]
[HJ-SW03]int Vlanif 100
[HJ-SW03-Vlanif100]ip add 192.168.100.5 24
[HJ-SW03-Vlanif100]q
[HJ-SW03]int LoopBack 0
[HJ-SW03-LoopBack0]ip add 5.5.5.5 32
[HJ-SW03-LoopBack0]
[HJ-SW04]int Vlanif 100
[HJ-SW04-Vlanif100]ip add 192.168.100.6 24
[HJ-SW04-Vlanif100]q
[HJ-SW04]int LoopBack 0
[HJ-SW04-LoopBack0]ip add 6.6.6.6 32
[HJ-SW04-LoopBack0]
[HX-SW01]ospf 1 router-id 1.1.1.1
[HX-SW01-ospf-1]area 0
[HX-SW01-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[HX-SW01-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[HX-SW01-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[HX-SW01-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[HX-SW01-ospf-1-area-0.0.0.0]network 192.168.40.0 0.0.0.255
[HX-SW01-ospf-1-area-0.0.0.0]network 192.168.50.0 0.0.0.255
[HX-SW01-ospf-1-area-0.0.0.0]network 192.168.60.0 0.0.0.255
[HX-SW01-ospf-1-area-0.0.0.0]network 192.168.70.0 0.0.0.255
[HX-SW01-ospf-1-area-0.0.0.0]network 192.168.80.0 0.0.0.255
[HX-SW01-ospf-1-area-0.0.0.0]network 192.168.100.0 0.0.0.255
[HX-SW01-ospf-1-area-0.0.0.0]network 192.168.101.0 0.0.0.255
[HX-SW01-ospf-1-area-0.0.0.0]
[HX-SW02]ospf 1 router-id 2.2.2.2
[HX-SW02-ospf-1]area 0.0.0.0
[HX-SW02-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[HX-SW02-ospf-1-area-0.0.0.0] network 192.168.10.0 0.0.0.255
[HX-SW02-ospf-1-area-0.0.0.0] network 192.168.20.0 0.0.0.255
[HX-SW02-ospf-1-area-0.0.0.0] network 192.168.30.0 0.0.0.255
[HX-SW02-ospf-1-area-0.0.0.0] network 192.168.40.0 0.0.0.255
[HX-SW02-ospf-1-area-0.0.0.0] network 192.168.50.0 0.0.0.255
[HX-SW02-ospf-1-area-0.0.0.0] network 192.168.60.0 0.0.0.255
[HX-SW02-ospf-1-area-0.0.0.0] network 192.168.70.0 0.0.0.255
[HX-SW02-ospf-1-area-0.0.0.0] network 192.168.80.0 0.0.0.255
[HX-SW02-ospf-1-area-0.0.0.0] network 192.168.100.0 0.0.0.255
[HX-SW02-ospf-1-area-0.0.0.0] network 192.168.101.0 0.0.0.255
[HX-SW02-ospf-1-area-0.0.0.0]
[HJ-SW01]ospf 1 router-id 3.3.3.3
[HJ-SW01-ospf-1]area 0.0.0.0
[HJ-SW01-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[HJ-SW01-ospf-1-area-0.0.0.0] network 192.168.100.0 0.0.0.255
[HJ-SW01-ospf-1-area-0.0.0.0]
[HJ-SW02]ospf 1 router-id 4.4.4.4
[HJ-SW02]ospf 1 router-id 4.4.4.4
[HJ-SW02-ospf-1]area 0.0.0.0
[HJ-SW02-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[HJ-SW02-ospf-1-area-0.0.0.0] network 192.168.100.0 0.0.0.255
[HJ-SW02-ospf-1-area-0.0.0.0]
[HJ-SW03]ospf 1 router-id 5.5.5.5
[HJ-SW03-ospf-1]area 0.0.0.0
[HJ-SW03-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0
[HJ-SW03-ospf-1-area-0.0.0.0] network 192.168.100.0 0.0.0.255
[HJ-SW04]ospf 1 router-id 6.6.6.6
[HJ-SW04-ospf-1]area 0
[HJ-SW04-ospf-1-area-0.0.0.0] network 6.6.6.6 0.0.0.0
[HJ-SW04-ospf-1-area-0.0.0.0] network 192.168.100.0 0.0.0.255
至此内网互通,下面针对ospf做一个优化配置
内网-ospf设定DR
[HX-SW01]int Vlanif 10
[HX-SW01-Vlanif10]ospf dr-priority 100
[HX-SW01-Vlanif10]int Vlanif 20
[HX-SW01-Vlanif20]ospf dr-priority 100
[HX-SW01-Vlanif20]int Vlanif 30
[HX-SW01-Vlanif30]ospf dr-priority 100
[HX-SW01-Vlanif30]int Vlanif 40
[HX-SW01-Vlanif40]ospf dr-priority 100
[HX-SW01-Vlanif40]int Vlanif 100
[HX-SW01-Vlanif100]ospf dr-priority 100
[HX-SW01-Vlanif100]int Vlanif 50
[HX-SW01-Vlanif50]ospf dr-priority 50
[HX-SW01-Vlanif50]int Vlanif 60
[HX-SW01-Vlanif60]ospf dr-priority 50
[HX-SW01-Vlanif60]int Vlanif 70
[HX-SW01-Vlanif70]ospf dr-priority 50
[HX-SW01-Vlanif70]int Vlanif 80
[HX-SW01-Vlanif80]ospf dr-priority 50
[HX-SW01-Vlanif80]int Vlanif 101
[HX-SW01-Vlanif101]ospf dr-priority 50
[HX-SW01-Vlanif101]
[HX-SW02]int Vlanif 10
[HX-SW02-Vlanif10]ospf dr-priority 50
[HX-SW02-Vlanif10]int Vlanif 20
[HX-SW02-Vlanif20]ospf dr-priority 50
[HX-SW02-Vlanif20]int Vlanif 30
[HX-SW02-Vlanif30]ospf dr-priority 50
[HX-SW02-Vlanif30]int Vlanif 40
[HX-SW02-Vlanif40]ospf dr-priority 50
[HX-SW02-Vlanif40]int Vlanif 100
[HX-SW02-Vlanif100]ospf dr-priority 50
[HX-SW02-Vlanif100]int Vlanif 50
[HX-SW02-Vlanif50]ospf dr-priority 100
[HX-SW02-Vlanif50]int Vlanif 60
[HX-SW02-Vlanif60]ospf dr-priority 100
[HX-SW02-Vlanif60]int Vlanif 70
[HX-SW02-Vlanif70]ospf dr-priority 100
[HX-SW02-Vlanif70]int Vlanif 80
[HX-SW02-Vlanif80]ospf dr-priority 100
[HX-SW02-Vlanif80]int Vlanif 101
[HX-SW02-Vlanif101]ospf dr-priority 100
[HX-SW02-Vlanif101]
内网-ospf增加收敛速度
[HJ-SW01]interface Vlanif 100
[HJ-SW01-Vlanif100]ospf timer hello 4
[HJ-SW01-Vlanif100]
[HJ-SW02]interface Vlanif 100
[HJ-SW02-Vlanif100]ospf timer hello 4
[HJ-SW03]interface Vlanif 100
[HJ-SW03-Vlanif100]ospf timer hello 4
[HJ-SW04]interface Vlanif 100
[HJ-SW04-Vlanif100]ospf timer hello 4
[HX-SW01]interface Vlanif 10
[HX-SW01-Vlanif10]ospf timer hello 4
[HX-SW01-Vlanif10]interface Vlanif 20
[HX-SW01-Vlanif20]ospf timer hello 4
[HX-SW01-Vlanif20]interface Vlanif 30
[HX-SW01-Vlanif30]ospf timer hello 4
[HX-SW01-Vlanif30]interface Vlanif 40
[HX-SW01-Vlanif40]ospf timer hello 4
[HX-SW01-Vlanif40]interface Vlanif 50
[HX-SW01-Vlanif50]ospf timer hello 4
[HX-SW01-Vlanif50]interface Vlanif 60
[HX-SW01-Vlanif60]ospf timer hello 4
[HX-SW01-Vlanif60]interface Vlanif 70
[HX-SW01-Vlanif70]ospf timer hello 4
[HX-SW01-Vlanif70]interface Vlanif 80
[HX-SW01-Vlanif80]ospf timer hello 4
[HX-SW01-Vlanif80]interface Vlanif 100
[HX-SW01-Vlanif100]ospf timer hello 4
[HX-SW01-Vlanif100]interface Vlanif 101
[HX-SW01-Vlanif101]ospf timer hello 4
[HX-SW01-Vlanif101]
[HX-SW02]interface Vlanif 10
[HX-SW02-Vlanif10]ospf timer hello 4
[HX-SW02-Vlanif10]interface Vlanif 20
[HX-SW02-Vlanif20]ospf timer hello 4
[HX-SW02-Vlanif20]interface Vlanif 30
[HX-SW02-Vlanif30]ospf timer hello 4
[HX-SW02-Vlanif30]interface Vlanif 40
[HX-SW02-Vlanif40]ospf timer hello 4
[HX-SW02-Vlanif40]interface Vlanif 50
[HX-SW02-Vlanif50]ospf timer hello 4
[HX-SW02-Vlanif50]interface Vlanif 60
[HX-SW02-Vlanif60]ospf timer hello 4
[HX-SW02-Vlanif60]interface Vlanif 70
[HX-SW02-Vlanif70]ospf timer hello 4
[HX-SW02-Vlanif70]interface Vlanif 80
[HX-SW02-Vlanif80]ospf timer hello 4
[HX-SW02-Vlanif80]interface Vlanif 100
[HX-SW02-Vlanif100]ospf timer hello 4
[HX-SW02-Vlanif100]interface Vlanif 101
[HX-SW02-Vlanif101]ospf timer hello 4
[HX-SW02-Vlanif101]
内网-OSPF区域认证
[HX-SW01]ospf 1
[HX-SW01-ospf-1]area 0
[HX-SW01-ospf-1-area-0.0.0.0]authentication-mode simple plain 123456
[HX-SW02]ospf 1
[HX-SW02-ospf-1]area 0
[HX-SW02-ospf-1-area-0.0.0.0]authentication-mode simple plain 123456
[HX-SW02-ospf-1-area-0.0.0.0]
[HJ-SW01]ospf 1
[HJ-SW01-ospf-1]area 0
[HJ-SW01-ospf-1-area-0.0.0.0]authentication-mode simple plain 123456
[HJ-SW01-ospf-1-area-0.0.0.0]
[HJ-SW02]ospf 1
[HJ-SW02-ospf-1]area 0
[HJ-SW02-ospf-1-area-0.0.0.0]authentication-mode simple plain 123456
[HJ-SW02-ospf-1-area-0.0.0.0]
[HJ-SW02-ospf-1-area-0.0.0.0]
[HJ-SW03]ospf 1
[HJ-SW03-ospf-1]area 0
[HJ-SW03-ospf-1-area-0.0.0.0]authentication-mode simple plain 123456
[HJ-SW03-ospf-1-area-0.0.0.0]
[HJ-SW03-ospf-1-area-0.0.0.0]
[HJ-SW04]ospf 1
[HJ-SW04-ospf-1]area 0
[HJ-SW04-ospf-1-area-0.0.0.0]authentication-mode simple plain 123456
[HJ-SW04-ospf-1-area-0.0.0.0]
[HJ-SW04-ospf-1-area-0.0.0.0]
WLAN搭建-AP上线
第一步:vlan划分
给上述框出来的交换机配置
vlan 200
q
stp region-configuration
region-name dxm
revision-level 10
instance 1 vlan 10 20 30 40 100 200
instance 2 vlan 50 60 70 80 101
active region-configuration
# 例如:
[HJ-SW01]vlan 200
[HJ-SW01-vlan200]q
[HJ-SW01]stp region-configuration
[HJ-SW01-mst-region]region-name dxm
[HJ-SW01-mst-region]revision-level 10
[HJ-SW01-mst-region]instance 1 vlan 10 20 30 40 100 200
[HJ-SW01-mst-region]instance 2 vlan 50 60 70 80 101
[HJ-SW01-mst-region]active region-configuration
AC6605配置
<AC6605>sys
[AC6605]undo info-center enable
[AC6605]vlan 200
[AC6605-vlan200]q
[AC6605]int GigabitEthernet 0/0/1
[AC6605-GigabitEthernet0/0/1]port link-type access
[AC6605-GigabitEthernet0/0/1]port default vlan 200
[AC6605-GigabitEthernet0/0/1]q
[AC6605]int Vlanif 200
[AC6605-Vlanif200]ip add 192.168.200.10 24
[HX-SW01]int Vlanif 200
[HX-SW01-Vlanif200]ip add 192.168.200.254 24
[HX-SW02]int Vlanif 200
[HX-SW02-Vlanif200]ip add 192.168.200.253 24
[HX-SW01]ospf 1
[HX-SW01-ospf-1]area 0
[HX-SW01-ospf-1-area-0.0.0.0]network 192.168.200.0 0.0.0.255
[HX-SW01-ospf-1-area-0.0.0.0]q
[HX-SW01-ospf-1]q
[HX-SW01]int Vlanif 200
[HX-SW01-Vlanif200]ospf timer hello 4
[HX-SW01-Vlanif200]ospf dr-priority 100
[HX-SW02]ospf 1
[HX-SW02-ospf-1]area 0
[HX-SW02-ospf-1-area-0.0.0.0]network 192.168.200.0 0.0.0.255
[HX-SW02-ospf-1-area-0.0.0.0]q
[HX-SW02-ospf-1]q
[HX-SW02]int Vlanif 200
[HX-SW02-Vlanif200]ospf timer hello 4
[HX-SW02-Vlanif200]ospf dr-priority 50
[HX-SW02-Vlanif200]
# 在核心1和AP的接入交换机上配置trunk接口类型,并配置pvid
[HX-SW01]interface GigabitEthernet 0/0/22
[HX-SW01-GigabitEthernet0/0/22]port link-type trunk
[HX-SW01-GigabitEthernet0/0/22]port trunk allow-pass vlan all
[HX-SW01-GigabitEthernet0/0/22]port trunk pvid vlan 200
[JR-SW01]int Ethernet 0/0/4
[JR-SW01-Ethernet0/0/4]port link-type trunk
[JR-SW01-Ethernet0/0/4]port trunk allow-pass vlan all
[JR-SW01-Ethernet0/0/4]port trunk pvid vlan 10
[JR-SW03]int Ethernet 0/0/4
[JR-SW03-Ethernet0/0/4]port link-type trunk
[JR-SW03-Ethernet0/0/4]port trunk allow-pass vlan all
[JR-SW03-Ethernet0/0/4]port trunk pvid vlan 30
[JR-SW03-Ethernet0/0/4]
[JR-SW05]int Ethernet 0/0/4
[JR-SW05-Ethernet0/0/4]port link-type trunk
[JR-SW05-Ethernet0/0/4]port trunk allow-pass vlan all
[JR-SW05-Ethernet0/0/4]port trunk pvid vlan 50
[JR-SW05-Ethernet0/0/4]
[JR-SW07]int Ethernet 0/0/4
[JR-SW07-Ethernet0/0/4]port link-type trunk
[JR-SW07-Ethernet0/0/4]port trunk allow-pass vlan all
[JR-SW07-Ethernet0/0/4]port trunk pvid vlan 70
[JR-SW07-Ethernet0/0/4]
第二步,AC通过DHCP服务获取IP地址
[DHCP-Server]ip pool vlan10
[DHCP-Server-ip-pool-vlan10]option 43 sub-option 1 ip-address 192.168.200.10
[DHCP-Server-ip-pool-vlan10]ip pool vlan30
[DHCP-Server-ip-pool-vlan30]option 43 sub-option 1 ip-address 192.168.200.10
[DHCP-Server-ip-pool-vlan30]
[DHCP-Server-ip-pool-vlan30]ip pool vlan50
[DHCP-Server-ip-pool-vlan50]option 43 sub-option 1 ip-address 192.168.200.10
[DHCP-Server-ip-pool-vlan50]ip pool vlan70
[DHCP-Server-ip-pool-vlan70]option 43 sub-option 1 ip-address 192.168.200.10
[DHCP-Server-ip-pool-vlan70]
[AC6605]ip route-static 0.0.0.0 0.0.0.0 192.168.200.254
[AC6605]ip route-static 0.0.0.0 0.0.0.0 192.168.200.253
第三步:在AC与AP之间建立capwap隧道
[AC6605]capwap source ip-address 192.168.200.10
第四步:在AC中,通过离线的方式,录入AC的MAC地址
[AC6605]wlan
[AC6605-wlan-view]ap-id 1 ap-mac 00e0-fc4b-5170
[AC6605-wlan-ap-1]q
[AC6605-wlan-view]ap-id 2 ap-mac 00e0-fcda-28a0
[AC6605-wlan-ap-2]q
[AC6605-wlan-view]
[AC6605-wlan-view]ap-id 3 ap-mac 00e0-fc30-0b40
[AC6605-wlan-ap-3]q
[AC6605-wlan-view]ap-id 4 ap-mac 00e0-fc88-58e0
[AC6605-wlan-ap-4]q
[AC6605-wlan-view]
WLAN搭建-AC下发配置
第一步:创建域管理模板–绑定国家码
[AC6605]wlan
[AC6605-wlan-view]regulatory-domain-profile name dxm_regulatory-domain-profile
[AC6605-wlan-regulate-domain-dxm_regulatory-domain-profile]country-code cn
[AC6605-wlan-regulate-domain-dxm_regulatory-domain-profile]q
第二步:创建AP组–绑定域管理模板
[AC6605-wlan-view]ap-group name dxm_ap-group-01
Info: This operation may take a few seconds. Please wait for a moment.done.
[AC6605-wlan-ap-group-dxm_ap-group-01]regulatory-domain-profile dxm_regulatory-domain-profile
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC6605-wlan-ap-group-dxm_ap-group-01]q
第三步:在AP组里添加物理AP设备
[AC6605-wlan-view]ap-id 1
[AC6605-wlan-ap-1]ap-name ap01
[AC6605-wlan-ap-1]ap-group dxm_ap-group-01
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC6605-wlan-ap-1]ap-id 2
[AC6605-wlan-ap-2]ap-name ap02
[AC6605-wlan-ap-2]ap-group dxm_ap-group-01
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC6605-wlan-ap-2]ap-id 3
[AC6605-wlan-ap-3]ap-name ap03
[AC6605-wlan-ap-3]ap-group dxm_ap-group-01
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC6605-wlan-ap-3]ap-id 4
[AC6605-wlan-ap-4]ap-name ap04
[AC6605-wlan-ap-4]ap-group dxm_ap-group-01
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
第四步:创建SSOD模板–定义无线网络名
[AC6605-wlan-view]ssid-profile name ap-ssid-01
[AC6605-wlan-ssid-prof-ap-ssid-01]ssid dxm_wlan
第五步:创建安全模板–定义无线网络安全策略
[AC6605-wlan-view]security-profile name security-profile-01
[AC6605-wlan-sec-prof-security-profile-01]security wpa2 psk pass-phrase a12345678 aes
[AC6605-wlan-sec-prof-security-profile-01]q
第六步:创建vlan池子
[AC6605]vlan pool wlan_pool
[AC6605-vlan-pool-wlan_pool]vlan 200
第七步:创建VAP模板
[AC6605]wlan
[AC6605-wlan-view]vap-profile name vap01
[AC6605-wlan-vap-prof-vap01]ssid-profile ap-ssid-01
[AC6605-wlan-vap-prof-vap01]security-profile security-profile-01
[AC6605-wlan-vap-prof-vap01]service-vlan vlan-pool wlan_pool
第八步:将vap模板绑定到AP组,把配置下发给AP组的物理设备,并配置射频频段
[AC6605-wlan-view]ap-group name dxm_ap-group-01
[AC6605-wlan-ap-group-dxm_ap-group-01]vap-profile vap01 wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
[AC6605-wlan-ap-group-dxm_ap-group-01]vap-profile vap01 wlan 1 radio 1
Info: This operation may take a few seconds, please wait...done.
第九步:在DHCP服务器上增加vlan200地址池
[DHCP-Server]ip pool vlan200
[DHCP-Server-ip-pool-vlan200]network 192.168.200.0 mask 255.255.255.0
[DHCP-Server-ip-pool-vlan200]gateway-list 192.168.200.254
[DHCP-Server-ip-pool-vlan200]dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan200]excluded-ip-address 192.168.200.1 192.168.200.10
[DHCP-Server-ip-pool-vlan200]excluded-ip-address 192.168.200.253
第十步:补齐配置
[HX-SW01]int Vlanif 200
[HX-SW01-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.254
Warning: The priority of this VRRP backup group has changed to 255 and will not
change.
[HX-SW01-Vlanif200]vrrp vrid 200 priority 130
[HX-SW01-Vlanif200]
[HX-SW01-Vlanif200]dhcp select relay
[HX-SW01-Vlanif200]dhcp relay server-ip 192.168.101.1
[HX-SW02]int Vlanif 200
[HX-SW02-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.254
[HX-SW02-Vlanif200]dhcp select relay
[HX-SW02-Vlanif200]dhcp relay server-ip 192.168.101.1
[HX-SW02-Vlanif200]
外网-ISP分配IP
注意起名序号
<Huawei>SYS
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname ISP-01
<Huawei>SYS
Enter system view, return user view with Ctrl+Z.
[Huawei]UNDO info-center enable
Info: Information center is disabled.
[Huawei]SYSNAME ISP-02
<Huawei>SYS
Enter system view, return user view with Ctrl+Z.
[Huawei]UNDO info-center enable
Info: Information center is disabled.
[Huawei]SYSNAME ISP-03
<Huawei>SYS
Enter system view, return user view with Ctrl+Z.
[Huawei]UNDO info-center enable
Info: Information center is disabled.
[Huawei]SYSNAME ISP-04
外网搭建-RIP基础配置
[ISP-01]interface GigabitEthernet 0/0/0
[ISP-01-GigabitEthernet0/0/0]ip add 202.113.110.17 29
[ISP-01-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/1
[ISP-01-GigabitEthernet0/0/1]ip add 202.113.112.17 30
[ISP-01-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2
[ISP-01-GigabitEthernet0/0/2]ip add 202.113.113.17 30
[ISP-01-GigabitEthernet0/0/2]
[ISP-02]interface GigabitEthernet 0/0/0
[ISP-02-GigabitEthernet0/0/0]ip add 202.113.112.18 30
[ISP-02-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/1
[ISP-02-GigabitEthernet0/0/1]ip add 202.113.114.17 30
[ISP-02-GigabitEthernet0/0/1]
[ISP-03]interface GigabitEthernet 0/0/0
[ISP-03-GigabitEthernet0/0/0]ip add 202.113.113.18 30
[ISP-03-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/1
[ISP-03-GigabitEthernet0/0/1]ip add 202.113.115.17 30
[ISP-03-GigabitEthernet0/0/1]
[ISP-04]interface GigabitEthernet 0/0/0
[ISP-04-GigabitEthernet0/0/0]ip add 202.113.114.18 30
[ISP-04-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/1
[ISP-04-GigabitEthernet0/0/1]ip add 202.113.115.18 30
[ISP-04-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2
[ISP-04-GigabitEthernet0/0/2]ip add 202.113.111.17 30
[ISP-04-GigabitEthernet0/0/2]
[ISP-01]rip 1
[ISP-01-rip-1]verify-source
[ISP-01-rip-1]version 2
[ISP-01-rip-1]undo summary
[ISP-01-rip-1]network 202.113.110.0
[ISP-01-rip-1]network 202.113.112.0
[ISP-01-rip-1]network 202.113.113.0
[ISP-01-rip-1]
[ISP-02]rip 1
[ISP-02-rip-1]verify-source
[ISP-02-rip-1]version 2
[ISP-02-rip-1]undo summary
[ISP-02-rip-1]network 202.113.112.0
[ISP-02-rip-1]network 202.113.114.0
[ISP-03]rip 1
[ISP-03-rip-1]version 2
[ISP-03-rip-1]undo summary
[ISP-03-rip-1]network 202.113.113.0
[ISP-03-rip-1]network 202.113.115.0
[ISP-04]rip 1
[ISP-04-rip-1]version 2
[ISP-04-rip-1]undo summary
[ISP-04-rip-1]network 202.113.114.0
[ISP-04-rip-1]network 202.113.115.0
[ISP-04-rip-1]network 202.113.111.0
[ISP-04-rip-1]
外网搭建-RIP配置静默接口
[ISP-01]rip 1
[ISP-01-rip-1]silent-interface GigabitEthernet 0/0/0
[ISP-04]rip 1
[ISP-04-rip-1]silent-interface GigabitEthernet 0/0/2
外网搭建-RIP身份认证
[ISP-01]interface GigabitEthernet 0/0/0
[ISP-01-GigabitEthernet0/0/0]rip authentication-mode simple plain a12345678
[ISP-01-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/1
[ISP-01-GigabitEthernet0/0/1]rip authentication-mode simple plain a12345678
[ISP-01-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2
[ISP-01-GigabitEthernet0/0/2]rip authentication-mode simple plain a12345678
[ISP-01-GigabitEthernet0/0/2]
[ISP-02]interface GigabitEthernet 0/0/0
[ISP-02-GigabitEthernet0/0/0]rip authentication-mode simple plain a12345678
[ISP-02-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/1
[ISP-02-GigabitEthernet0/0/1]rip authentication-mode simple plain a12345678
[ISP-02-GigabitEthernet0/0/1]
[ISP-03]interface GigabitEthernet 0/0/0
[ISP-03-GigabitEthernet0/0/0]rip authentication-mode simple plain a12345678
[ISP-03-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/1
[ISP-03-GigabitEthernet0/0/1]rip authentication-mode simple plain a12345678
[ISP-03-GigabitEthernet0/0/1]
[ISP-04]interface GigabitEthernet 0/0/0
[ISP-04-GigabitEthernet0/0/0]rip authentication-mode simple plain a12345678
[ISP-04-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/1
[ISP-04-GigabitEthernet0/0/1]rip authentication-mode simple plain a12345678
[ISP-04-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2
[ISP-04-GigabitEthernet0/0/2]rip authentication-mode simple plain a12345678
[ISP-04-GigabitEthernet0/0/2]
分部搭建
第一步:根据图上给每个设备改名字
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname HX-FBSE01
[HX-FBSE01]
<Huawei>sys
[Huawei]UNDO info-center enable
[Huawei]sysname HX-FBSE02
[HX-FBSE02]
<Huawei>sys
[Huawei]UNDO info-center enable
[Huawei]SYSNAME HJ-FBSW01
[HJ-FBSW01]
<Huawei>sys
[Huawei]UNDO info-center enable
Info: Information center is disabled.
[Huawei]SYSNAME HJ-FBSW02
[HJ-FBSW02]
第二步:创建vlan,给四个交换机都创建
[HX-FBSE01]vlan batch 90 102
[HX-FBSE02]vlan batch 90 102
[HJ-FBSW01]vlan batch 90 102
[HJ-FBSW02]vlan batch 90 102
第三步:链路聚合
[HX-FBSE01]int Eth-Trunk 1
[HX-FBSE01-Eth-Trunk1]port link-type trunk
[HX-FBSE01-Eth-Trunk1]port trunk allow-pass vlan all
[HX-FBSE01-Eth-Trunk1]mode lacp
[HX-FBSE01-Eth-Trunk1]q
[HX-FBSE01]
[HX-FBSE01]int g0/0/23
[HX-FBSE01-GigabitEthernet0/0/23]eth-trunk 1
[HX-FBSE01-GigabitEthernet0/0/23]int g0/0/24
[HX-FBSE01-GigabitEthernet0/0/24]eth-trunk 1
[HX-FBSE01-GigabitEthernet0/0/24]q
[HX-FBSE01]
[HX-FBSE02]int Eth-Trunk 1
[HX-FBSE02-Eth-Trunk1]port link-type trunk
[HX-FBSE02-Eth-Trunk1]port trunk allow-pass vlan all
[HX-FBSE02-Eth-Trunk1]mode lacp
[HX-FBSE02-Eth-Trunk1]q
[HX-FBSE02]
[HX-FBSE02]int g0/0/23
[HX-FBSE02-GigabitEthernet0/0/23]eth-trunk 1
[HX-FBSE02-GigabitEthernet0/0/23]int g0/0/24
[HX-FBSE02-GigabitEthernet0/0/24]eth-trunk 1
[HX-FBSE02-GigabitEthernet0/0/24]q
[HX-FBSE02]
第四步:Vlan接入
[HJ-FBSE01]interface GigabitEthernet 0/0/2
[HJ-FBSE01-GigabitEthernet0/0/2]port link-type access
[HJ-FBSE01-GigabitEthernet0/0/2]port default vlan 90
[HJ-FBSE01-GigabitEthernet0/0/2]
[HJ-FBSW01-GigabitEthernet0/0/2]interface GigabitEthernet 0/0/1
[HJ-FBSW01-GigabitEthernet0/0/1]port link-type trunk
[HJ-FBSW01-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[HJ-FBSW01-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/3
[HJ-FBSW01-GigabitEthernet0/0/3]port link-type trunk
[HJ-FBSW01-GigabitEthernet0/0/3]port link-type trunk
[HJ-FBSW01-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[HJ-FBSW02]interface GigabitEthernet 0/0/2
[HJ-FBSW02-GigabitEthernet0/0/2]port link-type access
[HJ-FBSW02-GigabitEthernet0/0/2]port default vlan 90
[HJ-FBSW02-GigabitEthernet0/0/2]
[HJ-FBSW02-GigabitEthernet0/0/2]interface GigabitEthernet 0/0/1
[HJ-FBSW02-GigabitEthernet0/0/1]port link-type trunk
[HJ-FBSW02-GigabitEthernet0/0/1]port link-type trunk
[HJ-FBSW02-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[HJ-FBSW02-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/3
[HJ-FBSW02-GigabitEthernet0/0/3]port link-type trunk
[HJ-FBSW02-GigabitEthernet0/0/3]port link-type trunk
[HJ-FBSW02-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[HX-FBSE01]interface GigabitEthernet 0/0/2
[HX-FBSE01-GigabitEthernet0/0/2]port link-type trunk
[HX-FBSE01-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[HX-FBSE01-GigabitEthernet0/0/2]
[HX-FBSE02]interface GigabitEthernet 0/0/2
[HX-FBSE02-GigabitEthernet0/0/2]port link-type trunk
[HX-FBSE02-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[HX-FBSE02-GigabitEthernet0/0/2]
第五步:配置MSTP
给图上框起来的交换机配置
stp region-configuration
region-name dxm
revision-level 10
instance 1 vlan 90 102
active region-configuration
配置结束后设置主副根桥
[HX-FBSE01]stp instance 1 root primary
[HX-FBSE02]stp instance 1 root secondary
第六步:配置vrrp
[HX-FBSE01]int Vlanif 90
[HX-FBSE01-Vlanif90]ip add 192.168.90.254 24
[HX-FBSE01-Vlanif90]vrrp vrid 9 virtual-ip 192.168.90.254
[HX-FBSE01-Vlanif90]vrrp vrid 9 priority 130
[HX-FBSE02]int Vlanif 90
[HX-FBSE02-Vlanif90]ip add 192.168.90.253 24
[HX-FBSE02-Vlanif90]vrrp vrid 9 virtual-ip 192.168.90.254
[HX-FBSE02-Vlanif90]
第七步:配置ospf
# 配置IP
[HX-FBSE01]interface LoopBack 0
[HX-FBSE01-LoopBack0]ip add 7.7.7.7 32
[HX-FBSE01-LoopBack0]q
HX-FBSE01]int Vlanif 102
[HX-FBSE01-Vlanif102]ip add 192.168.102.7 24
[HX-FBSE01-Vlanif102]
[HX-FBSE02]interface LoopBack 0
[HX-FBSE02-LoopBack0]ip add 8.8.8.8 32
[HX-FBSE02-LoopBack0]q
[HX-FBSE02]int Vlanif 102
[HX-FBSE02-Vlanif102]ip add 192.168.102.8 24
[HX-FBSE02-Vlanif102]q
# 配置ospf
[HX-FBSE01]ospf 1 router-id 7.7.7.7
[HX-FBSE01-ospf-1]a 0
[HX-FBSE01-ospf-1-area-0.0.0.0]network 7.7.7.7 0.0.0.0
[HX-FBSE01-ospf-1-area-0.0.0.0]network 192.168.102.0 0.0.0.255
[HX-FBSE01-ospf-1-area-0.0.0.0]authentication-mode simple plain 123456
[HX-FBSE01-ospf-1-area-0.0.0.0]q
[HX-FBSE01-ospf-1]q
[HX-FBSE02]ospf 1 router-id 8.8.8.8
[HX-FBSE02-ospf-1]a 0
[HX-FBSE02-ospf-1-area-0.0.0.0]network 8.8.8.8 0.0.0.0
[HX-FBSE02-ospf-1-area-0.0.0.0]network 192.168.102.0 0.0.0.255
[HX-FBSE02-ospf-1-area-0.0.0.0]authentication-mode simple plain 123456
[HX-FBSE02-ospf-1-area-0.0.0.0]q
[HX-FBSE02-ospf-1]q
[HX-FBSE02]
[HX-FBSE01]int Vlanif 102
[HX-FBSE01-Vlanif102]ospf dr-priority 50
[HX-FBSE01-Vlanif102]ospf timer hello 4
[HX-FBSE01-Vlanif102]
[HX-FBSE02]int Vlanif 102
[HX-FBSE02-Vlanif102]
[HX-FBSE02-Vlanif102]ospf dr-priority 50
[HX-FBSE02-Vlanif102]ospf timer hello 4
防火墙配置
配置IP和信任域
第一次进入防火墙会强制修改密码 防火墙默认密码 admin Admin@123 修改为Huawei@123
# 修改名字
[USG6000V1]sysname ZB-FW01
[ZB-FW01]
<USG6000V1>sys
Enter system view, return user view with Ctrl+Z.
[USG6000V1]sysname HX-FW01
<USG6000V1>sys
Enter system view, return user view with Ctrl+Z.
[USG6000V1]sysname FB-FW01
[FB-FW01]
# 配置IP
[ZB-FW01]interface GigabitEthernet 1/0/1
[ZB-FW01-GigabitEthernet1/0/1]ip add 202.113.110.18 29
[ZB-FW01-GigabitEthernet1/0/1]interface GigabitEthernet 1/0/6
[ZB-FW01-GigabitEthernet1/0/6]ip add 192.168.66.1 24
[ZB-FW01-GigabitEthernet1/0/6]interface GigabitEthernet 1/0/0
[ZB-FW01-GigabitEthernet1/0/0]ip add 192.168.103.1 24
[ZB-FW01-GigabitEthernet1/0/0]
[HX-FW01]interface GigabitEthernet 1/0/1
[HX-FW01-GigabitEthernet1/0/1]ip add 202.113.110.19 29
[HX-FW01-GigabitEthernet1/0/1]interface GigabitEthernet 1/0/6
[HX-FW01-GigabitEthernet1/0/6]ip add 192.168.66.2 24
[HX-FW01-GigabitEthernet1/0/6]interface GigabitEthernet 1/0/0
[HX-FW01-GigabitEthernet1/0/0]ip add 192.168.103.2 24
[FB-FW01]interface GigabitEthernet 1/0/2
[FB-FW01-GigabitEthernet1/0/2]ip add 202.113.111.18 30
[FB-FW01-GigabitEthernet1/0/2]interface GigabitEthernet 1/0/0
[FB-FW01-GigabitEthernet1/0/0]ip add 192.168.104.1 24
[FB-FW01-GigabitEthernet1/0/0]interface GigabitEthernet 1/0/1
[FB-FW01-GigabitEthernet1/0/1]ip add 192.168.105.1 24
[FB-FW01-GigabitEthernet1/0/1]
# 配置防火墙信任域
[FB-FW01]firewall zone trust
[FB-FW01-zone-trust]add interface GigabitEthernet 1/0/0
[FB-FW01-zone-trust]add interface GigabitEthernet 1/0/1
[FB-FW01-zone-trust]q
[FB-FW01]firewall zone untrust
[FB-FW01-zone-untrust]add interface GigabitEthernet 1/0/2
[FB-FW01-zone-untrust]
[HX-FW01]firewall zone trust
[HX-FW01-zone-trust]add interface GigabitEthernet 1/0/0
[HX-FW01-zone-trust]add interface GigabitEthernet 1/0/6
[HX-FW01-zone-trust]q
[HX-FW01]firewall zone untrust
[HX-FW01-zone-untrust]add interface GigabitEthernet 1/0/1
[HX-FW01-zone-untrust]
[ZB-FW01]firewall zone trust
[ZB-FW01-zone-trust]add interface GigabitEthernet 1/0/0
[ZB-FW01-zone-trust]add interface GigabitEthernet 1/0/6
[ZB-FW01-zone-trust]q
[ZB-FW01]firewall zone untrust
[ZB-FW01-zone-untrust]add interface GigabitEthernet 1/0/1
[ZB-FW01-zone-untrust]
# 配置交换机vlan103
[HX-SW01]vlan 103
[HX-SW01-vlan103]q
[HX-SW01]int Vlanif 103
[HX-SW01-Vlanif103]ip add 192.168.103.3 24
[HX-SW01-Vlanif103]ospf dr-priority 50
[HX-SW01-Vlanif103]ospf timer hello 4
[HX-SW01-Vlanif103]
[HX-SW02]vlan 103
[HX-SW02-vlan103]q
[HX-SW02]int Vlanif 103
[HX-SW02-Vlanif103]ip add 192.168.103.4 24
[HX-SW02-Vlanif103]ospf timer hello 4
[HX-SW02-Vlanif103]
[HX-SW01]interface GigabitEthernet 0/0/5
[HX-SW01-GigabitEthernet0/0/5]port link-type access
[HX-SW01-GigabitEthernet0/0/5]port default vlan 103
[HX-SW01-GigabitEthernet0/0/5]
[HX-SW02]interface GigabitEthernet 0/0/5
[HX-SW02-GigabitEthernet0/0/5]port link-type access
[HX-SW02-GigabitEthernet0/0/5]port default vlan 103
[HX-SW02-GigabitEthernet0/0/5]
# 防火墙开启ping服务
[ZB-FW01]int g1/0/0
[ZB-FW01-GigabitEthernet1/0/0]service-manage ping permit
[ZB-FW01-GigabitEthernet1/0/0]int g1/0/6
[ZB-FW01-GigabitEthernet1/0/6]service-manage ping permit
[ZB-FW01-GigabitEthernet1/0/6]q
[ZB-FW01]int g1/0/1
[ZB-FW01-GigabitEthernet1/0/1]service-manage ping permit
[HX-FW01]int g1/0/0
[HX-FW01-GigabitEthernet1/0/0]service-manage ping permit
[HX-FW01-GigabitEthernet1/0/0]int g1/0/6
[HX-FW01-GigabitEthernet1/0/6]service-manage ping permit
[HX-FW01-GigabitEthernet1/0/6]q
[HX-FW01]int g1/0/1
[HX-FW01-GigabitEthernet1/0/1]service-manage ping permit
[FB-FW01]interface GigabitEthernet 1/0/2
[FB-FW01-GigabitEthernet1/0/2]service-manage ping permit
[FB-FW01-GigabitEthernet1/0/2]interface GigabitEthernet 1/0/0
[FB-FW01-GigabitEthernet1/0/0]service-manage ping permit
[FB-FW01-GigabitEthernet1/0/0]interface GigabitEthernet 1/0/1
[FB-FW01-GigabitEthernet1/0/1]service-manage ping permit
[FB-FW01-GigabitEthernet1/0/1]
# 分部vlan划分
[HX-FBSE01]vlan 104
[HX-FBSE01-vlan104]q
[HX-FBSE01]int Vlanif 104
[HX-FBSE01-Vlanif104]ip add 192.168.104.2 24
[HX-FBSE01-Vlanif104]q
[HX-FBSE01]int g0/0/1
[HX-FBSE01-GigabitEthernet0/0/1]port link-type access
[HX-FBSE01-GigabitEthernet0/0/1]port default vlan 104
[HX-FBSE02]vlan 105
[HX-FBSE02-vlan105]q
[HX-FBSE02]int vlan 105
[HX-FBSE02-Vlanif105]ip add 192.168.105.2 24
[HX-FBSE02-Vlanif105]q
[HX-FBSE02]int g0/0/1
[HX-FBSE02-GigabitEthernet0/0/1]port link-type access
[HX-FBSE02-GigabitEthernet0/0/1]port default vlan 105Web访问防火墙
这一步可能根据每个人的虚拟网卡的不同略有差异,但是影响不大,例如我使用的是192.168.74.0网段,如果你是其他网段修改74这个网段数字就行。
功能就是因为配置防火墙的命令多又复杂容易出错,所以使用web图形化界面操作更简单也不容易出错。
配置Cloud1
[ZB-FW01]int GigabitEthernet 0/0/0
[ZB-FW01-GigabitEthernet0/0/0]ip add 192.168.74.10 24
[ZB-FW01-GigabitEthernet0/0/0]service-manage all permit
[HX-FW01]int g0/0/0
[HX-FW01-GigabitEthernet0/0/0]ip add 192.168.74.11 24
[HX-FW01-GigabitEthernet0/0/0]service-manage all permit
[FB-FW01]int g0/0/0
[FB-FW01-GigabitEthernet0/0/0]ip add 192.168.74.12 24
[FB-FW01-GigabitEthernet0/0/0]service-manage all permit
配置结束后可以使用浏览器分别访问防火墙Web界面,访问方式为IP:8443
VRRP配置
[ZB-FW01]int g1/0/1
[ZB-FW01-GigabitEthernet1/0/1]vrrp vrid 110 virtual-ip 202.113.110.20 active
[HX-FW01]int g1/0/1
[HX-FW01-GigabitEthernet1/0/1]vrrp vrid 110 virtual-ip 202.113.110.20 standby
[ZB-FW01-GigabitEthernet1/0/1]int g1/0/0
[ZB-FW01-GigabitEthernet1/0/0]vrrp vrid 103 virtual-ip 192.168.103.5 active
[HX-FW01-GigabitEthernet1/0/1]int g1/0/0
[HX-FW01-GigabitEthernet1/0/0]vrrp vrid 103 virtual-ip 192.168.103.5 standby
# 验证
dis vrrp brief
观察到Backup为2即可
默认路由
进入ZB-FW01和HX-FW01的防火墙web界面,操作相同,都如下图
OSPF配置
[HX-SW01]ospf 1
[HX-SW01-ospf-1]a 0
[HX-SW01-ospf-1-area-0.0.0.0]network 192.168.103.0 0.0.0.255
[HX-SW01-ospf-1-area-0.0.0.0]
[HX-SW01-ospf-1-area-0.0.0.0]q
[HX-SW01-ospf-1]q
[HX-SW01]int Vlanif 103
[HX-SW01-Vlanif103]ospf dr-priority 100
[HX-SW01-Vlanif103]ospf timer hello 4
[HX-SW02]ospf 1
[HX-SW02-ospf-1]a 0
[HX-SW02-ospf-1-area-0.0.0.0]network 192.168.103.0 0.0.0.255
[ZB-FW01]ospf 1 router-id 9.9.9.9
[ZB-FW01-ospf-1]a 0
[ZB-FW01-ospf-1-area-0.0.0.0]network 192.168.24.0 0.0.0.255
[ZB-FW01-ospf-1-area-0.0.0.0]network 192.168.103.0 0.0.0.255
[ZB-FW01-ospf-1-area-0.0.0.0]network 192.168.66.0 0.0.0.255
[ZB-FW01-ospf-1-area-0.0.0.0]q
[ZB-FW01-ospf-1]default-route-advertise
[ZB-FW01-ospf-1]a 0
[ZB-FW01-ospf-1-area-0.0.0.0]authentication-mode simple plain 123456
[ZB-FW01]int g0/0/0
[ZB-FW01-GigabitEthernet0/0/0]ospf timer hello 4
[ZB-FW01-GigabitEthernet0/0/0]int g1/0/0
[ZB-FW01-GigabitEthernet1/0/0]ospf timer hello 4
[ZB-FW01-GigabitEthernet1/0/0]int g1/0/6
[ZB-FW01-GigabitEthernet1/0/6]ospf timer hello 4
[HX-FW01]ospf 1 router-id 10.10.10.10
[HX-FW01-ospf-1]a 0
[HX-FW01-ospf-1-area-0.0.0.0]network 192.168.24.0 0.0.0.255
[HX-FW01-ospf-1-area-0.0.0.0]network 192.168.103.0 0.0.0.255
[HX-FW01-ospf-1-area-0.0.0.0]network 192.168.66.0 0.0.0.255
[HX-FW01-ospf-1-area-0.0.0.0]q
[HX-FW01-ospf-1]default-route-advertise
[HX-FW01-ospf-1]a 0
[HX-FW01-ospf-1]a 0
[HX-FW01-ospf-1-area-0.0.0.0]authentication-mode simple plain 123456
[HX-FW01]int g0/0/0
[HX-FW01-GigabitEthernet0/0/0]ospf timer hello 4
[HX-FW01-GigabitEthernet0/0/0]int g1/0/0
[HX-FW01-GigabitEthernet1/0/0]ospf timer hello 4
[HX-FW01-GigabitEthernet1/0/0]int g1/0/6
[HX-FW01-GigabitEthernet1/0/6]ospf timer hello 4
NAT基础配置
第一步:临时修改防火墙安全策略为允许
进入ZB-FW01和HX-FW01的防火墙web界面,操作相同,都如下图
第二步:配置地址池
进入ZB-FW01和HX-FW01的防火墙web界面,操作相同,都如下图
第三步:配置NAT策略
进入ZB-FW01和HX-FW01的防火墙web界面,操作相同,都如下图
配置完成后可以使用内网的PC1ping外网 202.113.114.17的IP发现内网通过NAT地址转换成功访问外网
配置双机热备
ZB-FW01配置
HX-FW01配置
配置结束后可以刷新查看状态是否一主一备
分部防火墙配置
默认路由配置
OSPF配置
[HX-FBSE01]ospf 1
[HX-FBSE01-ospf-1]a 0
[HX-FBSE01-ospf-1-area-0.0.0.0]network 192.168.90.0 0.0.0.255
[HX-FBSE01-ospf-1-area-0.0.0.0]network 192.168.104.0 0.0.0.255
[HX-FBSE01]int Vlanif 90
[HX-FBSE01-Vlanif90]ospf dr-priority 50
[HX-FBSE01-Vlanif90]ospf timer hello 4
[HX-FBSE01-Vlanif90]int Vlanif 104
[HX-FBSE01-Vlanif104]ospf dr-priority 50
[HX-FBSE01-Vlanif104]ospf timer hello 4
[HX-FBSE01-Vlanif104]
[HX-FBSE02]ospf 1
[HX-FBSE02-ospf-1]a 0
[HX-FBSE02-ospf-1-area-0.0.0.0]network 192.168.90.0 0.0.0.255
[HX-FBSE02-ospf-1-area-0.0.0.0]network 192.168.105.0 0.0.0.255
[HX-FBSE02]int Vlanif 90
[HX-FBSE02-Vlanif90]ospf timer hello 4
[HX-FBSE02-Vlanif90]int Vlanif 105
[HX-FBSE02-Vlanif105]ospf timer hello 4
[HX-FBSE02-Vlanif105]
[FB-FW01]ospf 1 router-id 11.11.11.11
[FB-FW01-ospf-1]a 0
[FB-FW01-ospf-1-area-0.0.0.0]authentication-mode simple plain 123456
[FB-FW01-ospf-1-area-0.0.0.0]network 192.168.24.0 0.0.0.255
[FB-FW01-ospf-1-area-0.0.0.0]network 192.168.104.0 0.0.0.255
[FB-FW01-ospf-1-area-0.0.0.0]network 192.168.105.0 0.0.0.255
[FB-FW01-ospf-1-area-0.0.0.0]q
[FB-FW01-ospf-1]default-route-advertise
[FB-FW01]int g0/0/0
[FB-FW01-GigabitEthernet0/0/0]ospf timer hello 4
[FB-FW01-GigabitEthernet0/0/0]int g1/0/0
[FB-FW01-GigabitEthernet1/0/0]ospf timer hello 4
[FB-FW01-GigabitEthernet1/0/0]int g1/0/1
[FB-FW01-GigabitEthernet1/0/1]ospf timer hello 4
[FB-FW01-GigabitEthernet1/0/1]int g1/0/2
[FB-FW01-GigabitEthernet1/0/2]ospf timer hello 4
[FB-FW01-GigabitEthernet1/0/2]
# 配置结束后可以检查路由表,及时排错,例如:
[HX-FBSE01]dis ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 3 Routes : 6
OSPF routing table status : <Active>
Destinations : 3 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 O_ASE 150 1 D 192.168.104.1 Vlanif104
8.8.8.8/32 OSPF 10 1 D 192.168.102.8 Vlanif102
OSPF 10 1 D 192.168.90.253 Vlanif90
192.168.105.0/24 OSPF 10 2 D 192.168.102.8 Vlanif102
OSPF 10 2 D 192.168.90.253 Vlanif90
OSPF 10 2 D 192.168.104.1 Vlanif104
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
NAT配置
第一步:修改安全策略
第二步:添加地址池
第三步:NAT策略配置
第四步:测试外网连通性
ping 202.113.114.18
结果是可以通的,如果使用抓包工具可以发现是通过NAT转换地址来访问外网的。
IPsec VPN配置
第一步:ZB-FW01和FB-FW01配置地址组(配置相同)
第二步:ZB-FW01配置IPSec列表
第三步:FB-FW01配置IPSec列表
第四步:验证配置
再去HX-FW01验证一下双击热备,会发现ZB-FW01的IPSec列表同步到了HX-FW01
GRE隧道配置
第一步:ZB-FW01配置GRE
第二步:FB-FW01配置GRE
第三步:ZB-FW01和FB-FW01在IPSec列表新建加密数据流
第四步:在OSPF中宣告网段
[FB-FW01]ospf 1
[FB-FW01-ospf-1]a 0
[FB-FW01-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
[FB-FW01-ospf-1-area-0.0.0.0]q
[FB-FW01-ospf-1]q
[FB-FW01]int Tunnel 0
[FB-FW01-Tunnel0]ospf timer hello 4
HRP_M[ZB-FW01]ospf 1
HRP_M[ZB-FW01-ospf-1]a 0
HRP_M[ZB-FW01-ospf-1-area-0.0.0.0]network 192.168.0.0 0.0.0.255
HRP_M[ZB-FW01-ospf-1-area-0.0.0.0]q
HRP_M[ZB-FW01-ospf-1]q
HRP_M[ZB-FW01]int Tunnel 0
HRP_M[ZB-FW01-Tunnel0]ospf dr-priority 100
HRP_M[ZB-FW01-Tunnel0]ospf timer hello 4第五步:验证
ping 192.168.90.1 总部和分部可通
服务器配置
客户端接入以及IP配置
第一步:客户端配置(这里只列举一个,其他的也是一样的)
第二步:终端接入配置
# ========== JR-SW02 配置 - E0/0/4接口VLAN ==========
int Ethernet 0/0/4
port link-type access
port default vlan 20
# ========== JR-SW04 配置 - E0/0/4接口VLAN ==========
int Ethernet 0/0/4
port link-type access
port default vlan 40
# ========== JR-SW06 配置 - E0/0/4接口VLAN ==========
int Ethernet 0/0/4
port link-type access
port default vlan 60
第三步:配置服务器IP
第四步:在核心交换机上宣告OSPF
# ========== HX-SW01 配置 - VLAN106及OSPF ==========
[HX-SW01]vlan 106
[HX-SW01-vlan106]q
[HX-SW01]int g0/0/6
[HX-SW01-GigabitEthernet0/0/6]port link-type access
[HX-SW01-GigabitEthernet0/0/6]port default vlan 106
[HX-SW01-GigabitEthernet0/0/6]q
[HX-SW01]int Vlanif 106
[HX-SW01-Vlanif106]ip add 10.1.106.2 24
[HX-SW01-Vlanif106]ospf dr-priority 100
[HX-SW01-Vlanif106]ospf timer hello 4
[HX-SW01]ospf 1
[HX-SW01-ospf-1]a 0
[HX-SW01-ospf-1-area-0.0.0.0]network 10.1.106.0 0.0.0.255
第五步:防火墙配置IP,信任域,宣告OSPF
防火墙基础配置
# 进入FW4防火墙进行配置
# 默认的修改密码操作
<USG6000V1>sys
[USG6000V1]sysname FW4
[FW4]undo info-center enable
[Fw4]int g0/0/0
[Fw4-GigabitEthernet0/0/0]ip add 192.168.74.13 24
[Fw4-GigabitEthernet0/0/0]service-manage all permit
访问防火墙WEB界面配置接口IP
修改安全策略
宣告OSPF
[Fw4]ospf 1 router-id 12.12.12.12
[Fw4-ospf-1]a 0
[Fw4-ospf-1-area-0.0.0.0]authentication-mode simple plain 123456
[Fw4-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
[Fw4-ospf-1-area-0.0.0.0]network 10.1.106.0 0.0.0.255
[Fw4-ospf-1-area-0.0.0.0]q
[Fw4-ospf-1]q
[Fw4]int g1/0/0
[Fw4-GigabitEthernet1/0/0]ospf timer hello 4
验证
可以访问防火墙的Web界面或在命令行模式查看路由表,发现已经学习到了其他网段
DHCP修改DNS与排除地址
[DHCP-Server]ip pool vlan10
[DHCP-Server-ip-pool-vlan10]excluded-ip-address 192.168.10.2
[DHCP-Server-ip-pool-vlan10]undo dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan10]dns-list 10.1.106.200
[DHCP-Server-ip-pool-vlan10]dns-list 114.114.114.114
[DHCP-Server-ip-pool-vlan10]
[DHCP-Server-ip-pool-vlan10]ip pool vlan20
[DHCP-Server-ip-pool-vlan20]
[DHCP-Server-ip-pool-vlan20]excluded-ip-address 192.168.20.2
[DHCP-Server-ip-pool-vlan20]
[DHCP-Server-ip-pool-vlan20]undo dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan20]
[DHCP-Server-ip-pool-vlan20]dns-list 10.1.106.200
[DHCP-Server-ip-pool-vlan20]
[DHCP-Server-ip-pool-vlan20]dns-list 114.114.114.114
[DHCP-Server-ip-pool-vlan20]
[DHCP-Server-ip-pool-vlan20]ip pool vlan30
[DHCP-Server-ip-pool-vlan30]
[DHCP-Server-ip-pool-vlan30]excluded-ip-address 192.168.30.2
[DHCP-Server-ip-pool-vlan30]
[DHCP-Server-ip-pool-vlan30]undo dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan30]
[DHCP-Server-ip-pool-vlan30]dns-list 10.1.106.200
[DHCP-Server-ip-pool-vlan30]
[DHCP-Server-ip-pool-vlan30]dns-list 114.114.114.114
[DHCP-Server-ip-pool-vlan30]
[DHCP-Server-ip-pool-vlan30]ip pool vlan40
[DHCP-Server-ip-pool-vlan40]
[DHCP-Server-ip-pool-vlan40]excluded-ip-address 192.168.40.2
[DHCP-Server-ip-pool-vlan40]
[DHCP-Server-ip-pool-vlan40]undo dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan40]
[DHCP-Server-ip-pool-vlan40]dns-list 10.1.106.200
[DHCP-Server-ip-pool-vlan40]
[DHCP-Server-ip-pool-vlan40]dns-list 114.114.114.114
[DHCP-Server-ip-pool-vlan40]
[DHCP-Server-ip-pool-vlan40]ip pool vlan50
[DHCP-Server-ip-pool-vlan50]
[DHCP-Server-ip-pool-vlan50]excluded-ip-address 192.168.50.2
[DHCP-Server-ip-pool-vlan50]
[DHCP-Server-ip-pool-vlan50]undo dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan50]
[DHCP-Server-ip-pool-vlan50]dns-list 10.1.106.200
[DHCP-Server-ip-pool-vlan50]
[DHCP-Server-ip-pool-vlan50]dns-list 114.114.114.114
[DHCP-Server-ip-pool-vlan50]ip pool vlan60
[DHCP-Server-ip-pool-vlan60]
[DHCP-Server-ip-pool-vlan60]excluded-ip-address 192.168.60.2
[DHCP-Server-ip-pool-vlan60]
[DHCP-Server-ip-pool-vlan60]undo dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan60]
[DHCP-Server-ip-pool-vlan60]dns-list 10.1.106.200
[DHCP-Server-ip-pool-vlan60]
[DHCP-Server-ip-pool-vlan60]dns-list 114.114.114.114
[DHCP-Server-ip-pool-vlan60]ip pool vlan70
[DHCP-Server-ip-pool-vlan70]
[DHCP-Server-ip-pool-vlan70]excluded-ip-address 192.168.70.2
[DHCP-Server-ip-pool-vlan70]
[DHCP-Server-ip-pool-vlan70]undo dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan70]
[DHCP-Server-ip-pool-vlan70]dns-list 10.1.106.200
[DHCP-Server-ip-pool-vlan70]
[DHCP-Server-ip-pool-vlan70]dns-list 114.114.114.114
[DHCP-Server-ip-pool-vlan70]
[DHCP-Server-ip-pool-vlan70]ip pool vlan80
[DHCP-Server-ip-pool-vlan80]
[DHCP-Server-ip-pool-vlan80]excluded-ip-address 192.168.80.2
[DHCP-Server-ip-pool-vlan80]
[DHCP-Server-ip-pool-vlan80]undo dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan80]
[DHCP-Server-ip-pool-vlan80]dns-list 10.1.106.200
[DHCP-Server-ip-pool-vlan80]
[DHCP-Server-ip-pool-vlan80]dns-list 114.114.114.114
[DHCP-Server-ip-pool-vlan80]ip pool vlan90
Info: It's successful to create an IP address pool.
[DHCP-Server-ip-pool-vlan90]
[DHCP-Server-ip-pool-vlan90]excluded-ip-address 192.168.90.2
Error:The IP address is not in the pool.
[DHCP-Server-ip-pool-vlan90]
[DHCP-Server-ip-pool-vlan90]undo dns-list 8.8.8.8
Error:The server does not exist.
[DHCP-Server-ip-pool-vlan90]
[DHCP-Server-ip-pool-vlan90]dns-list 10.1.106.200
[DHCP-Server-ip-pool-vlan90]
[DHCP-Server-ip-pool-vlan90]dns-list 114.114.114.114
[DHCP-Server-ip-pool-vlan90]ip pool vlan200
[DHCP-Server-ip-pool-vlan200]
[DHCP-Server-ip-pool-vlan200]excluded-ip-address 192.168.200.2
Error:Only idle or expired IP address can be disabled.
[DHCP-Server-ip-pool-vlan200]
[DHCP-Server-ip-pool-vlan200]undo dns-list 8.8.8.8
[DHCP-Server-ip-pool-vlan200]
[DHCP-Server-ip-pool-vlan200]dns-list 10.1.106.200
[DHCP-Server-ip-pool-vlan200]dns-list 114.114.114.114
[DHCP-Server-ip-pool-vlan200]
验证:重启一下终端,例如重启PC1后,输入ipconfig查看TCP/IP配置,观察DNS是否获取成功并与我们的配置一致
服务器—启动HTTP和DNS服务
启动HTTP服务
server1和2作为Web服务器配置相同如下
启动DNS服务
server3和4作为DNS服务器配置相同如下
启动服务器轮询功能
进入FW4防火墙Web页面,配置服务器组
配置虚拟服务
测试
配置NAT Server
进入ZB-FW01防火墙Web界面
然后点击诊断可以确认是否联通
全网互通测试
PC1-8 PING PC9
PC1-8互相PING
PC1-8 PING 202.113.110.20
PC1-9 PING 10.1.106.1
你想Ping哪就Ping哪
