华为ensp园区网络设计与实施

目** **录

园区网络设计与实施文档

1.企业背景

某集团经过业务发展，总公司在广州市体育中心附近，在海珠区和白云区有二个分公司，为了实现快捷的信息交流和资源共享，需要构建统一网络，整合公司所有相关业务流程。总公司采用双核心的网络架构模式，采用专线接入互联网，二个分公司分别租用二条专线光纤线路进行连接，特向ISP供应商取得如下公网IP地址：202.16.10.5~20/27，现要求组建网络，总体要求如下：

1. 保证整个网络的稳定性、可靠性。2. 各单位部门能通过地址转换连接上互联网。3. 各部门划分VLAN，只有经理室才能访问分公司。4. 要求集团各部门能通过FTP服务器进行文件传输。5. 内网和外网均能访问公司的主页。

2.项目具体要求

画出总的拓扑结构图
作出具体IP地址规划和VLAN规划
写出网络设备连接表
*给所有的设备进行命名，命令规则：姓名***01_部门简称设备名**编号
在所有设备上开启** telnet 管理功能，管理设备使用 cjnet做为用户名,口令为 telnet123**。
总部的交换网络中，在两台三层核心交换机通过端口聚合进行冗余备份，各交换机间采用MSTP，核心交换机作为根桥，并作流量均衡。
全网采用专门的DHCP服务器进行IP统一分配。
全公司均能访问FTP服务器和WEB服务器。
总公司各部门均能相互访问，分公司各部门亦能相互访问，但只有总公司的经理部能访问公司各部门的数据。
制作网络工程实施文档以供查阅与维护。

3. 实验拓扑及规划

3.1 网络拓扑结构图

根据项目要求绘制网络拓扑结构图，如图3.1所示：

图3.1 网络拓扑结构图

3.2 网络设备命名与设备连接表

根据网络拓扑结构图绘制网络设备命名与设备连接表，如表1所示：

表1 设备命名与设备连接表

部门名称

设备名称

互联接口

连接至

设备名称

互联接口

网络中心

LJY27_zb_LSW1

G0/0/1

→

LJY27_zb_AR1

G0/0/1

G0/0/2

→

LJY27_jlb_LSW3

G0/0/1

G0/0/3

→

LJY27_cwb_LSW4

G0/0/1

G0/0/4

→

LJY27_rsb_LSW5

G0/0/1

G0/0/5

→

LJY27_kfb_LSW6

G0/0/1

G0/0/21

→

LJY27_zb_LSW2

G0/0/21

G0/0/22

→

LJY27_zb_LSW2

G0/0/22

G0/0/23

→

LJY27_zb_LSW2

G0/0/23

G0/0/24

→

LJY27_zb_LSW2

G0/0/24

LJY27_zb_LSW2

G0/0/2

→

LJY27_zb_AR1

G0/0/2

G0/0/3

→

LJY27_jlb_LSW3

G0/0/2

G0/0/4

→

LJY27_cwb_LSW4

G0/0/2

G0/0/5

→

LJY27_rsb_LSW5

G0/0/2

G0/0/6

→

LJY27_kfb_LSW6

G0/0/2

G0/0/21

→

LJY27_zb_LSW1

G0/0/21

G0/0/22

→

LJY27_zb_LSW1

G0/0/22

G0/0/23

→

LJY27_zb_LSW1

G0/0/23

G0/0/24

→

LJY27_zb_LSW1

G0/0/24

LJY27_zb_AR1

S1/0/0

→

AR4

S1/0/0

G4/0/0

→

LJY27_fgs_AR2

G0/0/0

G4/0/1

→

LJY27_fgs2_AR3

G0/0/1

→

LJY27_zb_LSW1

G0/0/1

G0/0/2

→

LJY27_zb_LSW2

G0/0/2

G0/0/0

→

LJY27_fwq_LSW7

G0/0/1

LJY27_jlb_LSW3

G0/0/1

→

LJY27_zb_LSW1

G0/0/2

→

LJY27_zb_LSW2

G0/0/3

E0/0/1

→

LJY27_jlb_PC3

E0/0/1

LJY27_cwb_LSW4

G0/0/1

→

LJY27_zb_LSW1

G0/0/3

G0/0/2

→

LJY27_zb_LSW2

G0/0/4

E0/0/1

→

LJY27_cwb_PC4

E0/0/1

LJY27_rsb_LSW5

G0/0/1

→

LJY27_zb_LSW1

G0/0/4

G0/0/2

→

LJY27_zb_LSW2

G0/0/5

E0/0/1

→

LJY27_rsb_PC5

E0/0/1

LJY27_kfb_LSW6

G0/0/1

→

LJY27_zb_LSW1

G0/0/5

G0/0/2

→

LJY27_zb_LSW2

G0/0/6

E0/0/1

→

LJY27_kfb_PC6

E0/0/1

LJY27_fwq_LSW7

G0/0/4

→

LJY27_fwq_FTP

E0/0/0

G0/0/3

→

LJY27_fwq_HTTP

E0/0/0

G0/0/2

→

LJY27_fwq_DHCP

G0/0/0

G0/0/1

→

LJY27_zb_AR1

G0/0/0

LJY27_fgs_AR2

G0/0/0

→

LJY27_zb_AR1

G4/0/0

G0/0/1

→

LJY27_fgs_LSW9

G0/0/1

LJY27_fgs2_AR3

G0/0/1

→

LJY27_zb_AR1

G4/0/1

G0/0/2

→

LJY27_fgs2_LSW10

G0/0/2

LJY27_fgs_LSW9

G0/0/1

→

LJY27_fgs_AR2

G0/0/1

E0/0/1

→

LJY27_xsb_PC1

E0/0/1

E0/0/2

→

LJY27_glb_PC2

E0/0/1

LJY27_fgs2_LSW10

G0/0/2

→

LJY27_fgs2_AR3

G0/0/2

E0/0/1

→

LJY27_xsb2_PC7

E0/0/1

E0/0/2

→

LJY27_glb2_PC8

E0/0/1

外网

AR4

S1/0/0

→

LJY27_zb_AR1

S1/0/0

网络中心

LJY27_xsb_PC1

E0/0/1

→

LJY27_fgs_LSW9

E0/0/1

LJY27_glb_PC2

E0/0/1

→

LJY27_fgs_LSW9

E0/0/2

LJY27_jlb_PC3

E0/0/1

→

LJY27_jlb_LSW3

E0/0/1

LJY27__cwb_PC4

E0/0/1

→

LJY27_cwb_LSW4

E0/0/1

LJY27_rsb_PC5

E0/0/1

→

LJY27_rsb_LSW5

E0/0/1

LJY27_kfb_PC6

E0/0/1

→

LJY27_kfb_LSW6

E0/0/1

LJY27_fwq_DHCP

G0/0/0

→

LJY27_fwq_LSW7

G0/0/2

LJY27_fwq_HTTP

E0/0/0

→

LJY27_fwq_LSW7

G0/0/3

LJY27_fwq_FTP

E0/0/0

→

LJY27_fwq_LSW7

G0/0/4

LJY27_xsb2_PC7

E0/0/1

→

LJY27_fgs2_LSW10

E0/0/1

LJY27_glb2_PC8

E0/0/1

→

LJY27_fgs2_LSW10

E0/0/2

3.3 IP地址规划

根据网络拓扑结构图绘制IP地址规划表，如表2所示：

表2 设备IP地址规划表

部门名称

设备名称

接口

IP地址

子网掩码

总部

LJY27_zb_AR1

G4/0/0

10.10.20.2

G4/0/1

10.10.10.1

G0/0/1

10.10.30.1

G0/0/2

10.10.40.1

G0/0/0

10.10.50.1

S1/0/0

202.16.10.20

LJY27_zb_LSW1

G0/0/1

10.10.30.2

G0/0/2

192.27.10.252

G0/0/3

192.27.20.252

G0/0/4

192.27.30.253

G0/0/5

192.27.40.253

LJY27_zb_LSW2

G0/0/2

10.10.40.2

G0/0/3

192.27.10.253

G0/0/4

192.27.20.253

G0/0/5

192.27.30.252

G0/0/6

192.27.40.252

服务区

LJY27_fwq_LSW7

G0/0/1

10.10.50.2

G0/0/0/2-4

172.16.1.254

分公司1

LJY27_fgs_AR2

G0/0/0

10.10.20.1

G0/0/1.100

192.27.100.254

G0/0/1.110

192.27.110.254

分公司2

LJY27_fgs2_AR3

G0/0/1

10.10.10.2

G0/0/2.200

192.27.200.254

G0/0/2.210

192.27.210.254

外网

AR4

S1/0/0

202.16.10.1

3.4 VLAN规划表

根据项目要求制作VLAN规划表，如表3所示：

表3 Vlan规划表

序号

部门名称

VLAN编号

VLAN名称

IP地址

子网掩码

备注

经理部

Jingli

DHCP自动获取

255.255.255.0

网关：192.168.10.254

财务部

DHCP自动获取

255.255.255.0

192.168.20.254

人事部

DHCP自动获取

255.255.255.0

192.168.30.254

开发部

DHCP自动获取

255.255.255.0

192.168.40.254

管理部1

100

DHCP自动获取

255.255.255.0

192.168.100.254

销售部1

110

DHCP自动获取

255.255.255.0

192.168.110.254

管理部2

200

DHCP自动获取

255.255.255.0

192.168.200.254

销售部2

210

DHCP自动获取

255.255.255.0

192.168.210.254

分公司2AR3

10.10.10.2

255.255.255.252

分公司1AR2

10.10.20.1

255.255.255.252

zbAR1-SW1

10.10.30.2

255.255.255.252

zbAR1-SW2

10.10.40.2

255.255.255.252

服务器区

10.10.50.2

255.255.255.252

管理vlan

互联vlan

4. 开启telnet管理功能

开启设备的telnet管理功能，并为交换机配置管理IP（交换机使用vlan 1做管理vlan），实现远程登录控制网络设备。

配置过程：

4.1 开启路由器telnet：

LJY27_zb_AR1：

<LJY27_zb_AR1>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_zb_AR1]telnet server enable

Error: TELNET server has been enabled

[LJY27_zb_AR1]user-interface vty 0 4

[LJY27_zb_AR1-ui-vty0-4]authentication-mode aaa

[LJY27_zb_AR1-ui-vty0-4]aaa

[LJY27_zb_AR1-aaa]local-user cjnet password cipher telnet123

Info: Add a new user.

[LJY27_zb_AR1-aaa]user-interface vty 0 4

[LJY27_zb_AR1-ui-vty0-4]authentication-mode aaa

[LJY27_zb_AR1-ui-vty0-4]user privilege level 15 [LJY27_zb_AR1-ui-vty0-4]

LJY27_fgs_AR2：

<LJY27_fgs_AR2>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_fgs_AR2]telnet server enable

Error: TELNET server has been enabled

[LJY27_fgs_AR2]user-interface vty 0 4

[LJY27_fgs_AR2-ui-vty0-4]authentication-mode aaa

[LJY27_fgs_AR2-ui-vty0-4]aaa

[LJY27_fgs_AR2-aaa]local-user cjnet password cipher telnet123

Info: Add a new user.

[LJY27_fgs_AR2]user-interface vty 0 4

[LJY27_fgs_AR2-ui-vty0-4]user privilege level 15

[LJY27_fgs_AR2-ui-vty0-4]authentication-mode aaa

LJY27_fgs2_AR3：

<LJY27_fgs2_AR3>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_fgs2_AR3]telnet server enable

Error: TELNET server has been enabled

[LJY27_fgs2_AR3]user-interface vty 0 4

[LJY27_fgs2_AR3-ui-vty0-4]authentication-mode aaa

[LJY27_fgs2_AR3-ui-vty0-4]aaa

[LJY27_fgs2_AR3-aaa]local-user cjnet password cipher telnet123

Info: Add a new user.

[LJY27_fgs2_AR3-aaa]user-interface vty 0 4

[LJY27_fgs2_AR3-ui-vty0-4]user privilege level 15

[LJY27_fgs2_AR3-ui-vty0-4]authentication-mode aaa

[LJY27_fgs2_AR3-ui-vty0-4]

4.2 开启交换机telnet：

LJY27_zb_LSW1：

<LJY27_zb_LSW1>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_zb_LSW1]telnet server enable

Info: The Telnet server has been enabled.

[LJY27_zb_LSW1]user-interface vty 0 4

[LJY27_zb_LSW1-ui-vty0-4]protocol inbound telnet

[LJY27_zb_LSW1-ui-vty0-4]authentication-mode aaa

[LJY27_zb_LSW1-ui-vty0-4]aaa

[LJY27_zb_LSW1-aaa]local-user cjnet password cipher telnet123

Info: Add a new user.

[LJY27_zb_LSW1-aaa]local-user cjnet privilege level 15

[LJY27_zb_LSW1-aaa]local-user cjnet service-type telnet

LJY27_zb_LSW2：

<LJY27_zb_LSW2>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_zb_LSW2]telnet server enable

Info: The Telnet server has been enabled.

[LJY27_zb_LSW2]user-interface vty 0 4

[LJY27_zb_LSW2-ui-vty0-4]protocol inbound telnet

[LJY27_zb_LSW2-ui-vty0-4]authentication-mode aaa

[LJY27_zb_LSW2-ui-vty0-4]aaa

[LJY27_zb_LSW2-aaa]local-user cjnet password cipher telnet123

Info: Add a new user.

[LJY27_zb_LSW2-aaa]local-user cjnet privilege level 15

[LJY27_zb_LSW2-aaa]local-user cjnet service-type telnet

LJY27_fwq_LSW7：

<LJY27_fwq_LSW7>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_fwq_LSW7]telnet server enable

Info: The Telnet server has been enabled.

[LJY27_fwq_LSW7]user-interface vty 0 4

[LJY27_fwq_LSW7-ui-vty0-4]protocol inbound telnet

[LJY27_fwq_LSW7-ui-vty0-4]authentication-mode aaa

[LJY27_fwq_LSW7-ui-vty0-4]local-user cjnet password cipher telnet123

[LJY27_fwq_LSW7-ui-vty0-4]aaa

[LJY27_fwq_LSW7-aaa]local-user cjnet password cipher telnet123

Info: Add a new user.

[LJY27_fwq_LSW7-aaa]local-user cjnet privilege level 15

[LJY27_fwq_LSW7-aaa]local-user cjnet service-type telnet

5. 配置端口聚合

采用链路聚合技术可以在不进行硬件升级的条件下，通过将多个物理接口捆绑为一个逻辑接口，达到增加链路带宽的目的。在实现增大带宽目的的同时，链路聚合采用备份链路的机制，可以有效的提高设备之间链路的可靠性。

LJY27_zb_LSW1：

<LJY27_zb_LSW1>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_zb_LSW1]int Eth-Trunk 1

[LJY27_zb_LSW1-Eth-Trunk1]trunkport g0/0/21

Info: This operation may take a few seconds. Please wait for a moment...done.

[LJY27_zb_LSW1-Eth-Trunk1]trunkport g0/0/22

Info: This operation may take a few seconds. Please wait for a moment...done.

[LJY27_zb_LSW1-Eth-Trunk1]trunkport g0/0/23

Info: This operation may take a few seconds. Please wait for a moment...done.

[LJY27_zb_LSW1-Eth-Trunk1]trunkport g0/0/24

Info: This operation may take a few seconds. Please wait for a moment...done.

[LJY27_zb_LSW1-Eth-Trunk1]port link-type trunk

[LJY27_zb_LSW1-Eth-Trunk1]port trunk allow-pass vlan all

LJY27_zb_LSW2：

<LJY27_zb_LSW2>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_zb_LSW2]int Eth-Trunk 1

[LJY27_zb_LSW2-Eth-Trunk1]trunkport g0/0/21

Info: This operation may take a few seconds. Please wait for a moment...done.

[LJY27_zb_LSW2-Eth-Trunk1]trunkport g0/0/22

Info: This operation may take a few seconds. Please wait for a moment...done.

[LJY27_zb_LSW2-Eth-Trunk1]trunkport g0/0/23

Info: This operation may take a few seconds. Please wait for a moment...done.

[LJY27_zb_LSW2-Eth-Trunk1]trunkport g0/0/24

Info: This operation may take a few seconds. Please wait for a moment...done.

[LJY27_zb_LSW2-Eth-Trunk1]port link-type trunk

[LJY27_zb_LSW2-Eth-Trunk1]port trunk allow-pass vlan all

6 核心交换机冗余备份

Vrrp mstp在其他地方配置了

7. 配置单臂路由

分公司1

LJY27_fgs_AR2：

[LJY27_fgs_AR2]int g0/0/1.100

[LJY27_fgs_AR2-GigabitEtherne0/0/1.100]ip add 192.27.100.254 24

[LJY27_fgs_AR2-GigabitEtherne0/0/1.100]dot1q termination vid 100

[LJY27_fgs_AR2-GigabitEthernet0/0/1.100]arp broadcast enable

[LJY27_fgs_AR2-GigabitEthernet0/0/0.10]int g0/0/1.110

[LJY27_fgs_AR2-GigabitEthernet0/0/1.110]ip add 192.27.110.254 24

[LJY27_fgs_AR2-GigabitEthernet0/0/1.110]dot1q termination vid 110

[LJY27_fgs_AR2-GigabitEthernet0/0/1.110]arp broadcast enable

LJY27_fgs_LSW9：

[LJY27_fgs_LSW9]vlan 100

[LJY27_fgs_LSW9-vlan100]vlan 110

[LJY27_fgs_LSW9]int e0/0/1

[LJY27_fgs_LSW9-Ethernet0/0/1]port link-type access

[LJY27_fgs_LSW9-Ethernet0/0/1]port default vlan 100

[LJY27_fgs_LSW9]int e0/0/2

[LJY27_fgs_LSW9-Ethernet0/0/2]port link-type access

[LJY27_fgs_LSW9-Ethernet0/0/2]port default vlan 110

[LJY27_fgs_LSW9]int g0/0/3

[LJY27_fgs_LSW9-GigabitEthernet0/0/1]port link-type trunk

[LJY27_fgs_LSW9- GigabitEthernet0/0/1]port trunk allow-pass vlan 100 110

分公司2

LJY27_fgs2_AR3：

[LJY27_fgs2_AR3]int g0/0/2.200

[LJY27_fgs2_AR3-GigabitEtherne0/0/2.200]ip add 192.27.200.254 24

[LJY27_fgs2_AR3-GigabitEtherne0/0/2.200]dot1q termination vid 200

[LJY27_fgs2_AR3-GigabitEthernet0/0/2.200]arp broadcast enable

[LJY27_fgs2_AR3-GigabitEthernet0/0/2.210]int g0/0/2.210

[LJY27_fgs2_AR3-GigabitEthernet0/0/2.210]]ip add 192.27.210.254 24

[LJY27_fgs2_AR3-GigabitEthernet0/0/2.210]]dot1q termination vid 210

[LJY27_fgs2_AR3-GigabitEthernet0/0/2.210]]arp broadcast enable

LJY27_fgs2_LSW10：

[LJY27_fgs2_LSW10]vlan 200

[LJY27_fgs2_LSW10-vlan200]vlan 210

[LJY27_fgs2_LSW10]int e0/0/1

[LJY27_fgs2_LSW10-Ethernet0/0/1]port link-type access

[LJY27_fgs2_LSW10-Ethernet0/0/1]port default vlan 200

[LJY27_fgs2_LSW10]int e0/0/2

[LJY27_fgs2_LSW10-Ethernet0/0/2]port link-type access

[LJY27_fgs2_LSW10-Ethernet0/0/2]port default vlan 210

[LJY27_fgs2_LSW10]int g0/0/2

[LJY27_fgs2_LSW10-GigabitEthernet0/0/2]port link-type trunk

[LJY27_fgs2_LSW10- GigabitEthernet0/0/2]port trunk allow-pass vlan 200 210

8. 配置DHCP服务

LJY27_fwq_DHCP

配置分公司1

[LJY27_fwq_DHCP]dhcp enable

Info: The operation may take a few seconds. Please wait for a moment.done.

[LJY27_fwq_DHCP]ip pool fgs1

Info: It's successful to create an IP address pool.

[LJY27_fwq_DHCP-ip-pool-fgs1]network 192.27.100.0 mask 255.255.255.0

[LJY27_fwq_DHCP-ip-pool-fgs1]network 192.27.110.0 mask 255.255.255.0

Error:Please delete the network section first.

[LJY27_fwq_DHCP-ip-pool-fgs1]gateway-list 192.27.100.254

[LJY27_fwq_DHCP]ip pool fgs1glb1

Info: It's successful to create an IP address pool.

[LJY27_fwq_DHCP-ip-pool-fgs1glb1]network 192.27.110.0 mask 255.255.255.0

[LJY27_fwq_DHCP-ip-pool-fgs1glb1]gateway-list 192.27.110.254

配置分公司2：

<LJY27_fwq_DHCP>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_fwq_DHCP]ip pool fgs2xsb2

Info: It's successful to create an IP address pool.

[LJY27_fwq_DHCP-ip-pool-fgs2xsb2]network 192.27.200.0 mask 255.255.255.0

[LJY27_fwq_DHCP-ip-pool-fgs2xsb2]gateway-list 192.27.200.254

[LJY27_fwq_DHCP-ip-pool-fgs2xsb2]ip pool fgs2glb2

Info: It's successful to create an IP address pool.

[LJY27_fwq_DHCP-ip-pool-fgs2glb2]network 192.27.210.0 mask 255.255.255.0

[LJY27_fwq_DHCP-ip-pool-fgs2glb2]gateway-list 192.27.210.254

配置分公司1销售部1

<LJY27_fgs_AR2>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_fgs_AR2]dhcp en

[LJY27_fgs_AR2]dhcp enable

Info: The operation may take a few seconds. Please wait for a moment.done.

[LJY27_fgs_AR2]int g0/0/1.100

[LJY27_fgs_AR2-GigabitEthernet0/0/1.100]dhcp select relay

[LJY27_fgs_AR2-GigabitEthernet0/0/1.100]dhcp relay server-ip 172.16.1.1

分公司1管理部1

[LJY27_fgs_AR2]int g0/0/1.110

[LJY27_fgs_AR2-GigabitEthernet0/0/1.110]dhcp select relay

[LJY27_fgs_AR2-GigabitEthernet0/0/1.110]dhcp relay server-ip 172.16.1.1

配置分公司2

<LJY27_fgs2_AR3>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_fgs2_AR3]dhcp enable

Info: The operation may take a few seconds. Please wait for a moment.done.

[LJY27_fgs2_AR3]int g0/0/2.200

[LJY27_fgs2_AR3-GigabitEthernet0/0/2.200]dhcp select relay

[LJY27_fgs2_AR3-GigabitEthernet0/0/2.200]dhcp relay server-ip 172.16.1.1

[LJY27_fgs2_AR3-GigabitEthernet0/0/2.200]int g0/0/2.210

[LJY27_fgs2_AR3-GigabitEthernet0/0/2.210]dhcp select relay

[LJY27_fgs2_AR3-GigabitEthernet0/0/2.210]dhcp relay server-ip 172.16.1.1

配置总部

<LJY27_fwq_DHCP> sys

Enter system view, return user view with Ctrl+Z.

[LJY27_fwq_DHCP]dhcp enable

[LJY27_fwq_DHCP]ip pool zbjlb

Info: It's successful to create an IP address pool.

[LJY27_fwq_DHCP-ip-pool-zbjlb]network 192.27.10.0 mask 255.255.255.0

[LJY27_fwq_DHCP-ip-pool-zbjlb]gateway-list 192.27.10.254

[LJY27_fwq_DHCP-ip-pool-zbjlb]excluded-ip-address 192.27.10.252 192.27.10.253

[LJY27_fwq_DHCP]ip pool zbcwb

Info: It's successful to create an IP address pool.

[LJY27_fwq_DHCP-ip-pool-zbcwb]network 192.27.20.0 mask 255.255.255.0

[LJY27_fwq_DHCP-ip-pool-zbcwb]gateway-list 192.27.20.254

[LJY27_fwq_DHCP-ip-pool-zbcwb]excluded-ip-address 192.27.20.252 192.27.20.253

[LJY27_fwq_DHCP-ip-pool-zbcwb]ip pool zbrsb

Info: It's successful to create an IP address pool.

[LJY27_fwq_DHCP-ip-pool-zbrsb]network 192.27.30.0 mask 255.255.255.0

[LJY27_fwq_DHCP-ip-pool-zbrsb]gateway-list 192.27.30.254

[LJY27_fwq_DHCP-ip-pool-zbrsb]excluded-ip-address 192.27.30.252 192.27.30.253

[LJY27_fwq_DHCP-ip-pool-zbrsb]ip pool zbkfb

Info: It's successful to create an IP address pool.

[LJY27_fwq_DHCP-ip-pool-zbkfb]network 192.27.40.0 mask 255.255.255.0

[LJY27_fwq_DHCP-ip-pool-zbkfb]gateway-list 192.27.40.254

[LJY27_fwq_DHCP-ip-pool-zbkfb]excluded-ip-address 192.27.40.252 192.27.40.253

[LJY27_fwq_DHCP-ip-pool-zbkfb]int g0/0/0

[LJY27_fwq_DHCP-GigabitEthernet0/0/0]dhcp select global

VRRP:

LJY27_zb_LSW1

<LJY27_zb_LSW1>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_zb_LSW1]dhcp enable

Info: The operation may take a few seconds. Please wait for a moment.done.

[LJY27_zb_LSW1]int vlan10

[LJY27_zb_LSW1-Vlanif10]vrrp vrid 10 virtual-ip 192.27.10.254

[LJY27_zb_LSW1-Vlanif10]vrrp vrid 1 priority 120

[LJY27_zb_LSW1-Vlanif10]dhcp sel relay

[LJY27_zb_LSW1-Vlanif10]dhcp relay server-ip 172.16.1.1

[LJY27_zb_LSW1]int vlan 20

[LJY27_zb_LSW1-Vlanif20]vrrp vrid 20 virtual-ip 192.27.20.254

[LJY27_zb_LSW1-Vlanif20]vrrp vrid 1 priority 120

[LJY27_zb_LSW1-Vlanif20]dhcp select relay

[LJY27_zb_LSW1-Vlanif20]dhcp relay server-ip 172.16.1.1

[LJY27_zb_LSW1-Vlanif20]int vlan 30

[LJY27_zb_LSW1-Vlanif30]vrrp vrid 30 virtual-ip 192.27.30.254

[LJY27_zb_LSW1-Vlanif30]dhcp select relay

[LJY27_zb_LSW1-Vlanif30]dhcp relay server-ip 172.16.1.1

[LJY27_zb_LSW1-Vlanif30]int vlan 40

[LJY27_zb_LSW1-Vlanif40]vrrp vrid 40 virtual-ip 192.27.40.254

[LJY27_zb_LSW1-Vlanif40]dhcp select relay

[LJY27_zb_LSW1-Vlanif40]dhcp relay server-ip 172.16.1.1

LJY27_zb_LSW2

<LJY27_zb_LSW2>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_zb_LSW2]dhcp enable

Info: The operation may take a few seconds. Please wait for a moment.done.

[LJY27_zb_LSW2]int vlan 10

[LJY27_zb_LSW2-Vlanif10]vrrp vrid 10 virtual-ip 192.27.10.254

[LJY27_zb_LSW2-Vlanif10]dhcp select relay

[LJY27_zb_LSW2-Vlanif10]dhcp relay server-ip 172.16.1.1

[LJY27_zb_LSW2-Vlanif10]int vlan 20

[LJY27_zb_LSW2-Vlanif20]vrrp vrid 20 virtual-ip 192.27.20.254

[LJY27_zb_LSW2-Vlanif20]dhcp select relay

[LJY27_zb_LSW2-Vlanif20]dhcp relay server-ip 172.16.1.1

[LJY27_zb_LSW2-Vlanif20]int vlan 30

[LJY27_zb_LSW2-Vlanif30]vrrp vrid 30 virtual-ip 192.27.30.254

[LJY27_zb_LSW2-Vlanif30]vrrp vrid 1 priority 120

[LJY27_zb_LSW2-Vlanif30]dhcp select relay

[LJY27_zb_LSW2-Vlanif30]dhcp relay server-ip 172.16.1.1

[LJY27_zb_LSW2-Vlanif30]int vlan 40

[LJY27_zb_LSW2-Vlanif40]vrrp vrid 40 virtual-ip 192.27.40.254

[LJY27_zb_LSW2-Vlanif40]vrrp vrid 1 priority 120

[LJY27_zb_LSW2-Vlanif40]dhcp select relay

[LJY27_zb_LSW2-Vlanif40]dhcp relay server-ip 172.16.1.1

9. 配置生成树MSTP协议

LJY27_zb_LSW1

<LJY27_zb_LSW1>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_zb_LSW1]stp mode mstp

[LJY27_zb_LSW1]stp region-configuration

[LJY27_zb_LSW1-mst-region]region-name huawei

[LJY27_zb_LSW1-mst-region]revision-level 1

[LJY27_zb_LSW1-mst-region]instance 1 vlan 10

[LJY27_zb_LSW1-mst-region]instance 2 vlan 20

[LJY27_zb_LSW1-mst-region]instance 3 vlan 30

[LJY27_zb_LSW1-mst-region]instance 4 vlan 40

[LJY27_zb_LSW1-mst-region]active region-configuration

Info: This operation may take a few seconds. Please wait for a moment...done.

[LJY27_zb_LSW1-mst-region]q

[LJY27_zb_LSW1]stp instance 1 root primary

[LJY27_zb_LSW1]stp instance 2 root primary

[LJY27_zb_LSW1]stp instance 3 root secondary

[LJY27_zb_LSW1]stp instance 4 root secondary

LJY27_zb_LSW2

<LJY27_zb_LSW2>

<LJY27_zb_LSW2>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_zb_LSW2]stp mode mstp

[LJY27_zb_LSW2]stp region-configuration

[LJY27_zb_LSW2-mst-region]region-name huawei

[LJY27_zb_LSW2-mst-region]revision-level 1

[LJY27_zb_LSW2-mst-region]instance 1 vlan 10

[LJY27_zb_LSW2-mst-region]instance 2 vlan 20

[LJY27_zb_LSW2-mst-region]instance 3 vlan 30

[LJY27_zb_LSW2-mst-region]instance 4 vlan 40

[LJY27_zb_LSW2-mst-region]active region-configuration

Info: This operation may take a few seconds. Please wait for a moment...done.

[LJY27_zb_LSW2-mst-region]q

[LJY27_zb_LSW2]stp instance 1 root secondary

[LJY27_zb_LSW2]stp instance 2 root secondary

[LJY27_zb_LSW2]stp instance 3 root primary

[LJY27_zb_LSW2]stp instance 4 root primary

10. 配置OSPF

LJY27_fgs_AR2：

<LJY27_fgs_AR2>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_fgs_AR2]ospf 1

[LJY27_fgs_AR2-ospf-1]silent-interface g0/0/1.100

[LJY27_fgs_AR2-ospf-1]silent-interface g0/0/1.110

[LJY27_fgs_AR2-ospf-1]area 0

[LJY27_fgs_AR2-ospf-1-area-0.0.0.0]network 10.10.20.0 0.0.0.3

[LJY27_fgs_AR2-ospf-1-area-0.0.0.0]network 192.27.100.0 0.0.0.255

[LJY27_fgs_AR2-ospf-1-area-0.0.0.0]network 192.27.110.0 0.0.0.255

LJY27_zb_AR1：

<LJY27_zb_AR1>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_zb_AR1]ospf 1

[LJY27_zb_AR1-ospf-1]area 0

[LJY27_zb_AR1-ospf-1-area-0.0.0.0] network 10.10.20.0 0.0.0.3

[LJY27_zb_AR1-ospf-1-area-0.0.0.2] network 10.10.10.0 0.0.0.3

[LJY27_zb_AR1-ospf-1-area-0.0.0.0]network10.10.30.0 0.0.0.3

[LJY27_zb_AR1-ospf-1-area-0.0.0.0]network10.10.40.0 0.0.0.3

[LJY27_zb_AR1-ospf-1-area-0.0.0.0]network10.10.50.0 0.0.0.3

LJY27_zb_LSW1：

<LJY27_zb_LSW1> sys

Enter system view, return user view with Ctrl+Z.

[LJY27_zb_LSW1]ospf 1

[LJY27_zb_LSW1-ospf-1]silent-interface g0/0/2

[LJY27_zb_LSW1-ospf-1]silent-interface g0/0/3

[LJY27_zb_LSW1-ospf-1]silent-interface g0/0/4

[LJY27_zb_LSW1-ospf-1]silent-interface g0/0/5

[LJY27_zb_LSW1-ospf-1]area 0

[LJY27_zb_LSW1-ospf-1-area-0.0.0.0]network 10.10.30.0 0.0.0.3

[LJY27_zb_LSW1-ospf-1-area-0.0.0.0]network192.27.10.0 0.0.0.255

[LJY27_zb_LSW1-ospf-1-area-0.0.0.0]network 192.27.20.0 0.0.0.255

[LJY27_zb_LSW1-ospf-1-area-0.0.0.0]network 192.27.30.0 0.0.0.255

[LJY27_zb_LSW1-ospf-1-area-0.0.0.0]network 192.27.40.0 0.0.0.255

LJY27_zb_LSW2

<LJY27_zb_LSW2> sys

Enter system view, return user view with Ctrl+Z.

[LJY27_zb_LSW2]ospf 1

[LJY27_zb_LSW2-ospf-1]silent-interface g0/0/3

[LJY27_zb_LSW2-ospf-1]silent-interface g0/0/4

[LJY27_zb_LSW2-ospf-1]silent-interface g0/0/5

[LJY27_zb_LSW2-ospf-1]silent-interface g0/0/6

[LJY27_zb_LSW2-ospf-1]area 0

[LJY27_zb_LSW2-ospf-1-area-0.0.0.0]network 10.10.40.0 0.0.0.3

[LJY27_zb_LSW2-ospf-1-area-0.0.0.0]network 192.27.10.0 0.0.0.255

[LJY27_zb_LSW2-ospf-1-area-0.0.0.0]network 192.27.20.0 0.0.0.255

[LJY27_zb_LSW2-ospf-1-area-0.0.0.0]network 192.27.30.0 0.0.0.255

[LJY27_zb_LSW2-ospf-1-area-0.0.0.0]network 192.27.40.0 0.0.0.255

LJY27_fwq_LSW7：

<LJY27_fwq_LSW7> sys

Enter system view, return user view with Ctrl+Z.

[LJY27_fwq_LSW7]ospf 1

[LJY27_fwq_LSW7-ospf-1]area 0

[LJY27_fwq_LSW7-ospf-1-area-0.0.0.0]network10.10.50.0 0.0.0.3

[LJY27_fwq_LSW7-ospf-1-area-0.0.0.0]network172.16.1.0 0.0.0.255

LJY27_fwq_DHCP:

<LJY27_fwq_DHCP>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_fwq_DHCP]ospf 1

[LJY27_fwq_DHCP-ospf-1]area 0

[LJY27_fwq_DHCP-ospf-1-area-0.0.0.0]netw

[LJY27_fwq_DHCP-ospf-1-area-0.0.0.0]network 172.16.1.0 0.0.0.255

LJY27_fgs2_AR3:

<Huawei>sys

Enter system view, return user view with Ctrl+Z.

[Huawei]sysname LJY27_fgs2_AR3

[LJY27_fgs2_AR3]ospf 1

[LJY27_fgs2_AR3-ospf-1]silent-interface g0/0/2.200

[LJY27_fgs2_AR3-ospf-1]silent-interface g0/0/2.210

[LJY27_fgs2_AR3-ospf-1]area 2

[LJY27_fgs2_AR3-ospf-1-area-0.0.0.2] network 10.10.10.0 0.0.0.3

[LJY27_fgs2_AR3-ospf-1-area-0.0.0.2] network 192.27.200.0 0.0.0.255

[LJY27_fgs2_AR3-ospf-1-area-0.0.0.2] network 192.27.210.0 0.0.0.255

11. 配置默认路由

LJY27_fgs_AR2:

<LJY27_fgs_AR2>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_fgs_AR2]ip route-static 0.0.0.0 0.0.0.0 10.10.20.2

LJY27_fgs2_AR3:

<LJY27_fgs2_AR3>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_fgs2_AR3]ip route-static 0.0.0.0 0.0.0.0 10.10.10.1

LJY27_fwq_DHCP:

<LJY27_fwq_DHCP>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_fwq_DHCP]ip route-static 0.0.0.0 0.0.0.0 172.16.1.254

[LJY27_fwq_LSW7]ip route-static 202.16.10.1 27 10.10.50.1

LJY27_zb_AR1:

<LJY27_zb_AR1>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_zb_AR1]ip route-static 0.0.0.0 0.0.0.0 202.16.10.1

LJY27_zb_LSW1:

<LJY27_zb_LSW1>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_zb_LSW1]ip route-static 0.0.0.0 0.0.0.0 10.10.30.1

LJY27_zb_LSW2:

<LJY27_zb_LSW2>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_zb_LSW2]ip route-static 0.0.0.0 0.0.0.0 10.10.40.1

LJY27_fgs_AR2:

<LJY27_fgs_AR2>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_fgs_AR2]ip route-static 0.0.0.0 0.0.0.0 10.10.20.2

LJY27_fgs2_AR3

<LJY27_fgs2_AR3>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_fgs2_AR3]ip route-static 0.0.0.0 0.0.0.0 10.10.10.1

LJY27_fwq_LSW7:

<LJY27_fwq_LSW7>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_fwq_LSW7]ip route-static 0.0.0.0 0.0.0.0 10.10.50.1

AR4：

<Huawei>sys

[Huawei]ip route-static 172.16.1.0 255.255.255.0 202.16.10.5

12. 配置NAT

LJY27_zb_AR1:

<LJY27_zb_AR1>sys

Enter system view, return user view with Ctrl+Z.

[LJY27_zb_AR1]int s1/0/0

[LJY27_zb_AR1-Serial1/0/0]ip add 202.16.10.5 27

[LJY27_zb_AR1-Serial1/0/0]nat address-group 1 202.16.10.6 202.16.10.19

[LJY27_zb_AR1]acl 2001

[LJY27_zb_AR1-acl-basic-2001]rule 5 permit source 192.27.100.0 0.0.0.255

[LJY27_zb_AR1-acl-basic-2001]rule 10 permit source 192.27.110.0 0.0.0.255

[LJY27_zb_AR1-acl-basic-2001]rule 15 permit source 192.27.200.0 0.0.0.255

[LJY27_zb_AR1-acl-basic-2001]rule 20 permit source 192.27.210.0 0.0.0.255

[LJY27_zb_AR1-acl-basic-2001]rule 25 permit source 192.27.10.0 0.0.0.255

[LJY27_zb_AR1-acl-basic-2001]rule 30 permit source 192.27.20.0 0.0.0.255

[LJY27_zb_AR1-acl-basic-2001]rule 35 permit source 192.27.30.0 0.0.0.255

[LJY27_zb_AR1-acl-basic-2001]rule 40 permit source 192.27.40.0 0.0.0.25

[LJY27_zb_AR1-acl-basic-2001]rule 40 permit source 192.27.40.0 0.0.0.255

[LJY27_zb_AR1-acl-basic-2001]int s1/0/0

[LJY27_zb_AR1-Serial1/0/0]nat outbound 2001 address-group 1 no-pat

[LJY27_zb_AR1-Serial1/0/0]ip route-static 0.0.0.0 0.0.0.0 202.16.10.1

[LJY27_zb_AR1]int s1/0/0

[LJY27_zb_AR1-Serial1/0/0]nat server protocol tcp global 202.16.10.20 www inside 172.16.1.2 8080

13. 配置ACL访问控制列表

LJY27_zb_AR1

[LJY27_zb_AR1]acl 2000

[LJY27_zb_AR1-acl-basic-2000]rule 5 deny source 192.27.20.0 0.0.0.255

[LJY27_zb_AR1-acl-basic-2000]rule 10 deny source 192.27.30.0 0.0.0.255

[LJY27_zb_AR1-acl-basic-2000]rule 15 deny source 192.27.40.0 0.0.0.255

[LJY27_zb_AR1-acl-basic-2000]rule 20 permit source 192.27.10.0 0.0.0.255

[LJY27_zb_AR1-acl-basic-2000]int g4/0/0

[LJY27_zb_AR1-GigabitEthernet4/0/0]traffic-filter outbound acl 2000

[LJY27_zb_AR1-GigabitEthernet4/0/0]int g4/0/1

[LJY27_zb_AR1-GigabitEthernet4/0/1]traffic-filter outbound acl 2000

14. 各设备的运行配置列表

分公司1

LJY27_fgs_AR2

<LJY27_fgs_AR2>dis cu

[V200R003C00]

sysname LJY27_fgs_AR2

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

dhcp enable

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

local-user cjnet password cipher %$%$0[F_!Ib<';4!Rp>F[='$Q"M:%$%$

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.10.20.1 255.255.255.252

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/1.100

dot1q termination vid 100

ip address 192.27.100.254 255.255.255.0

arp broadcast enable

dhcp select relay

dhcp relay server-ip 172.16.1.1

interface GigabitEthernet0/0/1.110

dot1q termination vid 110

ip address 192.27.110.254 255.255.255.0

arp broadcast enable

dhcp select relay

dhcp relay server-ip 172.16.1.1

interface GigabitEthernet0/0/2

interface NULL0

ospf 1

silent-interface GigabitEthernet0/0/1.100

silent-interface GigabitEthernet0/0/1.110

area 0.0.0.1

network 10.10.20.0 0.0.0.3

network 192.27.100.0 0.0.0.255

network 192.27.110.0 0.0.0.255

ip route-static 0.0.0.0 0.0.0.0 10.10.20.2

user-interface con 0

authentication-mode password

user-interface vty 0 4

authentication-mode aaa

user privilege level 15

user-interface vty 16 20

wlan ac

return

LJY27_fgs_LSW9

<LJY27_fgs_LSW9>

<LJY27_fgs_LSW9>dis cu

sysname LJY27_fgs_LSW9

undo info-center enable

vlan batch 100 110

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

interface Vlanif1

interface MEth0/0/1

interface Ethernet0/0/1

port link-type access

port default vlan 100

interface Ethernet0/0/2

port link-type access

port default vlan 110

interface Ethernet0/0/3

interface Ethernet0/0/4

interface Ethernet0/0/5

interface Ethernet0/0/6

interface Ethernet0/0/7

interface Ethernet0/0/8

interface Ethernet0/0/9

interface Ethernet0/0/10

interface Ethernet0/0/11

interface Ethernet0/0/12

interface Ethernet0/0/13

interface Ethernet0/0/14

interface Ethernet0/0/15

interface Ethernet0/0/16

interface Ethernet0/0/17

interface Ethernet0/0/18

interface Ethernet0/0/19

interface Ethernet0/0/20

interface Ethernet0/0/21

interface Ethernet0/0/22

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 100 110

interface GigabitEthernet0/0/2

interface NULL0

user-interface con 0

user-interface vty 0 4

return

分公司2

LJY27_fgs2_AR3

<LJY27_fgs2_AR3>dis cu

[V200R003C00]

sysname LJY27_fgs2_AR3

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

dhcp enable

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

local-user cjnet password cipher %$%$[Umu:,[lPOwwxi)imKu-Q'8=%$%$

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

interface GigabitEthernet0/0/1

ip address 10.10.10.2 255.255.255.252

interface GigabitEthernet0/0/2

interface GigabitEthernet0/0/2.200

dot1q termination vid 200

ip address 192.27.200.254 255.255.255.0

arp broadcast enable

dhcp select relay

dhcp relay server-ip 172.16.1.1

interface GigabitEthernet0/0/2.210

dot1q termination vid 210

ip address 192.27.210.254 255.255.255.0

arp broadcast enable

dhcp select relay

dhcp relay server-ip 172.16.1.1

interface NULL0

ospf 1

silent-interface GigabitEthernet0/0/2.200

silent-interface GigabitEthernet0/0/2.210

area 0.0.0.2

network 10.10.10.0 0.0.0.3

network 192.27.200.0 0.0.0.255

network 192.27.210.0 0.0.0.255

ip route-static 0.0.0.0 0.0.0.0 10.10.10.1

user-interface con 0

authentication-mode password

user-interface vty 0 4

authentication-mode aaa

user privilege level 15

user-interface vty 16 20

wlan ac

return

LJY27_fgs2_LSW10

<LJY27_fgs2_LSW10>dis cu

sysname LJY27_fgs2_LSW10

undo info-center enable

vlan batch 200 210

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

interface Vlanif1

interface MEth0/0/1

interface Ethernet0/0/1

port link-type access

port default vlan 200

interface Ethernet0/0/2

port link-type access

port default vlan 210

interface Ethernet0/0/3

interface Ethernet0/0/4

interface Ethernet0/0/5

interface Ethernet0/0/6

interface Ethernet0/0/7

interface Ethernet0/0/8

interface Ethernet0/0/9

interface Ethernet0/0/10

interface Ethernet0/0/11

interface Ethernet0/0/12

interface Ethernet0/0/13

interface Ethernet0/0/14

interface Ethernet0/0/15

interface Ethernet0/0/16

interface Ethernet0/0/17

interface Ethernet0/0/18

interface Ethernet0/0/19

interface Ethernet0/0/20

interface Ethernet0/0/21

interface Ethernet0/0/22

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 200 210

interface NULL0

user-interface con 0

user-interface vty 0 4

return

总部

LJY27_zb_AR1

<LJY27_zb_AR1>dis cu

[V200R003C00]

sysname LJY27_zb_AR1

board add 0/1 2SA

board add 0/4 4GET

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

undo info-center enable

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

acl number 2000

rule 5 deny source 192.27.20.0 0.0.0.255

rule 10 deny source 192.27.30.0 0.0.0.255

rule 15 deny source 192.27.40.0 0.0.0.255

rule 20 permit source 192.27.10.0 0.0.0.255

acl number 2001

rule 5 permit source 192.27.100.0 0.0.0.255

rule 10 permit source 192.27.110.0 0.0.0.255

rule 15 permit source 192.27.200.0 0.0.0.255

rule 20 permit source 192.27.210.0 0.0.0.255

rule 25 permit source 192.27.10.0 0.0.0.255

rule 30 permit source 192.27.20.0 0.0.0.255

rule 35 permit source 192.27.30.0 0.0.0.255

rule 40 permit source 192.27.40.0 0.0.0.255

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

local-user cjnet password cipher %$%$1i3F4C4ho:YM4e<Y/8+7Q&4}%$%$

firewall zone Local

priority 15

nat address-group 1 202.16.10.6 202.16.10.19

interface Serial1/0/0

link-protocol ppp

ip address 202.16.10.5 255.255.255.224

nat server protocol tcp global 202.16.10.20 www inside 172.16.1.2 8080

nat outbound 2001 address-group 1 no-pat

interface Serial1/0/1

link-protocol ppp

interface GigabitEthernet0/0/0

ip address 10.10.50.1 255.255.255.252

interface GigabitEthernet0/0/1

ip address 10.10.30.1 255.255.255.252

interface GigabitEthernet0/0/2

ip address 10.10.40.1 255.255.255.252

interface GigabitEthernet4/0/0

ip address 10.10.20.2 255.255.255.252

traffic-filter outbound acl 2000

interface GigabitEthernet4/0/1

ip address 10.10.10.1 255.255.255.252

traffic-filter outbound acl 2000

interface GigabitEthernet4/0/2

interface GigabitEthernet4/0/3

interface NULL0

ospf 1

area 0.0.0.0

network 10.10.30.0 0.0.0.3

network 10.10.40.0 0.0.0.3

network 10.10.50.0 0.0.0.3

area 0.0.0.1

network 10.10.20.0 0.0.0.3

area 0.0.0.2

network 10.10.10.0 0.0.0.3

ip route-static 0.0.0.0 0.0.0.0 202.16.10.1

user-interface con 0

authentication-mode password

user-interface vty 0 4

authentication-mode aaa

user privilege level 15

user-interface vty 16 20

wlan ac

return

LJY27_zb_LSW1

<LJY27_zb_LSW1>dis cu

sysname LJY27_zb_LSW1

undo info-center enable

vlan batch 10 20 30 40 70

stp instance 1 root primary

stp instance 2 root primary

stp instance 3 root secondary

stp instance 4 root secondary

cluster enable

ntdp enable

ndp enable

undo nap slave enable

drop illegal-mac alarm

dhcp enable

diffserv domain default

stp region-configuration

region-name huawei

revision-level 1

instance 1 vlan 10

instance 2 vlan 20

instance 3 vlan 30

instance 4 vlan 40

active region-configuration

drop-profile default

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

local-user cjnet password cipher >:@7=5T:*&II>,Z,88J:Q!!

local-user cjnet privilege level 15

local-user cjnet service-type telnet

interface Vlanif1

interface Vlanif10

ip address 192.27.10.252 255.255.255.0

vrrp vrid 10 virtual-ip 192.27.10.254

dhcp select relay

dhcp relay server-ip 172.16.1.1

interface Vlanif20

ip address 192.27.20.252 255.255.255.0

vrrp vrid 20 virtual-ip 192.27.20.254

dhcp select relay

dhcp relay server-ip 172.16.1.1

interface Vlanif30

ip address 192.27.30.253 255.255.255.0

vrrp vrid 30 virtual-ip 192.27.30.254

dhcp select relay

dhcp relay server-ip 172.16.1.1

interface Vlanif40

ip address 192.27.40.253 255.255.255.0

vrrp vrid 40 virtual-ip 192.27.40.254

dhcp select relay

dhcp relay server-ip 172.16.1.1

interface Vlanif70

ip address 10.10.30.2 255.255.255.252

interface MEth0/0/1

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/1

port link-type access

port default vlan 70

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/3

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/4

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/5

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/6

interface GigabitEthernet0/0/7

interface GigabitEthernet0/0/8

interface GigabitEthernet0/0/9

interface GigabitEthernet0/0/10

interface GigabitEthernet0/0/11

interface GigabitEthernet0/0/12

interface GigabitEthernet0/0/13

interface GigabitEthernet0/0/14

interface GigabitEthernet0/0/15

interface GigabitEthernet0/0/16

interface GigabitEthernet0/0/17

interface GigabitEthernet0/0/18

interface GigabitEthernet0/0/19

interface GigabitEthernet0/0/20

interface GigabitEthernet0/0/21

eth-trunk 1

interface GigabitEthernet0/0/22

eth-trunk 1

interface GigabitEthernet0/0/23

eth-trunk 1

interface GigabitEthernet0/0/24

eth-trunk 1

interface NULL0

ospf 1

silent-interface GigabitEthernet0/0/2

silent-interface GigabitEthernet0/0/3

silent-interface GigabitEthernet0/0/4

silent-interface GigabitEthernet0/0/5

area 0.0.0.0

network 10.10.30.0 0.0.0.3

network 192.27.10.0 0.0.0.255

network 192.27.20.0 0.0.0.255

network 192.27.30.0 0.0.0.255

network 192.27.40.0 0.0.0.255

ip route-static 0.0.0.0 0.0.0.0 10.10.30.1

user-interface con 0

user-interface vty 0 4

authentication-mode aaa

return

LJY27_zb_LSW2

<LJY27_zb_LSW2>dis cu

sysname LJY27_zb_LSW2

undo info-center enable

vlan batch 10 20 30 40 80

stp instance 1 root secondary

stp instance 2 root secondary

stp instance 3 root primary

stp instance 4 root primary

cluster enable

ntdp enable

ndp enable

undo nap slave enable

drop illegal-mac alarm

dhcp enable

diffserv domain default

stp region-configuration

region-name huawei

revision-level 1

instance 1 vlan 10

instance 2 vlan 20

instance 3 vlan 30

instance 4 vlan 40

active region-configuration

drop-profile default

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

local-user cjnet password cipher >:@7=5T:*&II>,Z,88J:Q!!

local-user cjnet privilege level 15

local-user cjnet service-type telnet

interface Vlanif1

interface Vlanif10

ip address 192.27.10.253 255.255.255.0

vrrp vrid 10 virtual-ip 192.27.10.254

dhcp select relay

dhcp relay server-ip 172.16.1.1

interface Vlanif20

ip address 192.27.20.253 255.255.255.0

vrrp vrid 20 virtual-ip 192.27.20.254

dhcp select relay

dhcp relay server-ip 172.16.1.1

interface Vlanif30

ip address 192.27.30.252 255.255.255.0

vrrp vrid 30 virtual-ip 192.27.30.254

dhcp select relay

dhcp relay server-ip 172.16.1.1

interface Vlanif40

ip address 192.27.40.252 255.255.255.0

vrrp vrid 40 virtual-ip 192.27.40.254

dhcp select relay

dhcp relay server-ip 172.16.1.1

interface Vlanif80

ip address 10.10.40.2 255.255.255.252

interface MEth0/0/1

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

port link-type access

port default vlan 80

interface GigabitEthernet0/0/3

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/4

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/5

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/6

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/7

interface GigabitEthernet0/0/8

interface GigabitEthernet0/0/9

interface GigabitEthernet0/0/10

interface GigabitEthernet0/0/11

interface GigabitEthernet0/0/12

interface GigabitEthernet0/0/13

interface GigabitEthernet0/0/14

interface GigabitEthernet0/0/15

interface GigabitEthernet0/0/16

interface GigabitEthernet0/0/17

interface GigabitEthernet0/0/18

interface GigabitEthernet0/0/19

interface GigabitEthernet0/0/20

interface GigabitEthernet0/0/21

eth-trunk 1

interface GigabitEthernet0/0/22

eth-trunk 1

interface GigabitEthernet0/0/23

eth-trunk 1

interface GigabitEthernet0/0/24

eth-trunk 1

interface NULL0

ospf 1

silent-interface GigabitEthernet0/0/3

silent-interface GigabitEthernet0/0/4

silent-interface GigabitEthernet0/0/5

silent-interface GigabitEthernet0/0/6

area 0.0.0.0

network 10.10.40.0 0.0.0.3

network 192.27.10.0 0.0.0.255

network 192.27.20.0 0.0.0.255

network 192.27.30.0 0.0.0.255

network 192.27.40.0 0.0.0.255

ip route-static 0.0.0.0 0.0.0.0 10.10.40.1

user-interface con 0

user-interface vty 0 4

authentication-mode aaa

return

LJY27_jlb_LSW3

<LJY27_jlb_LSW3>dis cu

sysname LJY27_jlb_LSW3

undo info-center enable

vlan batch 10

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

interface Vlanif1

interface MEth0/0/1

interface Ethernet0/0/1

port link-type access

port default vlan 10

interface Ethernet0/0/2

interface Ethernet0/0/3

interface Ethernet0/0/4

interface Ethernet0/0/5

interface Ethernet0/0/6

interface Ethernet0/0/7

interface Ethernet0/0/8

interface Ethernet0/0/9

interface Ethernet0/0/10

interface Ethernet0/0/11

interface Ethernet0/0/12

interface Ethernet0/0/13

interface Ethernet0/0/14

interface Ethernet0/0/15

interface Ethernet0/0/16

interface Ethernet0/0/17

interface Ethernet0/0/18

interface Ethernet0/0/19

interface Ethernet0/0/20

interface Ethernet0/0/21

interface Ethernet0/0/22

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface NULL0

user-interface con 0

user-interface vty 0 4

return

LJY27_cwb_LSW4

<LJY27_cwb_LSW4>dis cu

sysname LJY27_cwb_LSW4

vlan batch 20

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

interface Vlanif1

interface MEth0/0/1

interface Ethernet0/0/1

port link-type access

port default vlan 20

interface Ethernet0/0/2

interface Ethernet0/0/3

interface Ethernet0/0/4

interface Ethernet0/0/5

interface Ethernet0/0/6

interface Ethernet0/0/7

interface Ethernet0/0/8

interface Ethernet0/0/9

interface Ethernet0/0/10

interface Ethernet0/0/11

interface Ethernet0/0/12

interface Ethernet0/0/13

interface Ethernet0/0/14

interface Ethernet0/0/15

interface Ethernet0/0/16

interface Ethernet0/0/17

interface Ethernet0/0/18

interface Ethernet0/0/19

interface Ethernet0/0/20

interface Ethernet0/0/21

interface Ethernet0/0/22

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface NULL0

user-interface con 0

user-interface vty 0 4

return

LJY27_rsb_LSW5

<LJY27_rsb_LSW5>dis cu

sysname LJY27_rsb_LSW5

undo info-center enable

vlan batch 30

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

interface Vlanif1

interface MEth0/0/1

interface Ethernet0/0/1

port link-type access

port default vlan 30

interface Ethernet0/0/2

interface Ethernet0/0/3

interface Ethernet0/0/4

interface Ethernet0/0/5

interface Ethernet0/0/6

interface Ethernet0/0/7

interface Ethernet0/0/8

interface Ethernet0/0/9

interface Ethernet0/0/10

interface Ethernet0/0/11

interface Ethernet0/0/12

interface Ethernet0/0/13

interface Ethernet0/0/14

interface Ethernet0/0/15

interface Ethernet0/0/16

interface Ethernet0/0/17

interface Ethernet0/0/18

interface Ethernet0/0/19

interface Ethernet0/0/20

interface Ethernet0/0/21

interface Ethernet0/0/22

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface NULL0

user-interface con 0

user-interface vty 0 4

return

LJY27_kfb_LSW6

<LJY27_kfb_LSW6>dis cu

sysname LJY27_kfb_LSW6

undo info-center enable

vlan batch 40

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

interface Vlanif1

interface MEth0/0/1

interface Ethernet0/0/1

port link-type access

port default vlan 40

interface Ethernet0/0/2

interface Ethernet0/0/3

interface Ethernet0/0/4

interface Ethernet0/0/5

interface Ethernet0/0/6

interface Ethernet0/0/7

interface Ethernet0/0/8

interface Ethernet0/0/9

interface Ethernet0/0/10

interface Ethernet0/0/11

interface Ethernet0/0/12

interface Ethernet0/0/13

interface Ethernet0/0/14

interface Ethernet0/0/15

interface Ethernet0/0/16

interface Ethernet0/0/17

interface Ethernet0/0/18

interface Ethernet0/0/19

interface Ethernet0/0/20

interface Ethernet0/0/21

interface Ethernet0/0/22

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface NULL0

user-interface con 0

user-interface vty 0 4

Return

服务器

LJY27_fwq_LSW7

<LJY27_fwq_LSW7>dis cu

sysname LJY27_fwq_LSW7

undo info-center enable

vlan batch 50 60

cluster enable

ntdp enable

ndp enable

undo nap slave enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

local-user cjnet password cipher >:@7=5T:*&II>,Z,88J:Q!!

local-user cjnet privilege level 15

local-user cjnet service-type telnet

interface Vlanif1

interface Vlanif50

ip address 10.10.50.2 255.255.255.252

interface Vlanif60

ip address 172.16.1.254 255.255.255.0

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type access

port default vlan 50

interface GigabitEthernet0/0/2

port link-type access

port default vlan 60

interface GigabitEthernet0/0/3

port link-type access

port default vlan 60

interface GigabitEthernet0/0/4

port link-type access

port default vlan 60

interface GigabitEthernet0/0/5

interface GigabitEthernet0/0/6

interface GigabitEthernet0/0/7

interface GigabitEthernet0/0/8

interface GigabitEthernet0/0/9

interface GigabitEthernet0/0/10

interface GigabitEthernet0/0/11

interface GigabitEthernet0/0/12

interface GigabitEthernet0/0/13

interface GigabitEthernet0/0/14

interface GigabitEthernet0/0/15

interface GigabitEthernet0/0/16

interface GigabitEthernet0/0/17

interface GigabitEthernet0/0/18

interface GigabitEthernet0/0/19

interface GigabitEthernet0/0/20

interface GigabitEthernet0/0/21

interface GigabitEthernet0/0/22

interface GigabitEthernet0/0/23

interface GigabitEthernet0/0/24

interface NULL0

ospf 1

area 0.0.0.0

network 10.10.50.0 0.0.0.3

network 172.16.1.0 0.0.0.255

ip route-static 0.0.0.0 0.0.0.0 10.10.50.1

ip route-static 202.16.10.0 255.255.255.224 10.10.50.1

user-interface con 0

user-interface vty 0 4

authentication-mode aaa

return

LJY27_fwq_DHCP

<LJY27_fwq_DHCP>dis cu

[V200R003C00]

sysname LJY27_fwq_DHCP

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

undo info-center enable

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

dhcp enable

ip pool fgs1

gateway-list 192.27.100.254

network 192.27.100.0 mask 255.255.255.0

ip pool fgs1glb1

gateway-list 192.27.110.254

network 192.27.110.0 mask 255.255.255.0

ip pool fgs2xsb2

gateway-list 192.27.200.254

network 192.27.200.0 mask 255.255.255.0

ip pool fgs2glb2

gateway-list 192.27.210.254

network 192.27.210.0 mask 255.255.255.0

ip pool zbjlb

gateway-list 192.27.10.254

network 192.27.10.0 mask 255.255.255.0

excluded-ip-address 192.27.10.252 192.27.10.253

ip pool zbcwb

gateway-list 192.27.20.254

network 192.27.20.0 mask 255.255.255.0

excluded-ip-address 192.27.20.252 192.27.20.253

ip pool zbrsb

gateway-list 192.27.30.254

network 192.27.30.0 mask 255.255.255.0

excluded-ip-address 192.27.30.252 192.27.30.253

ip pool zbkfb

gateway-list 192.27.40.254

network 192.27.40.0 mask 255.255.255.0

excluded-ip-address 192.27.40.252 192.27.40.253

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 172.16.1.1 255.255.255.0

dhcp select global

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

interface NULL0

ospf 1

area 0.0.0.0

network 172.16.1.0 0.0.0.255

ip route-static 0.0.0.0 0.0.0.0 172.16.1.254

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

wlan ac

return

单纯想公司内网全网通的配置步骤：

标签：网络华为信息与通信

本文转载自: https://blog.csdn.net/m0_64839527/article/details/128440581
版权归原作者啊玳所有，如有侵权，请联系我们删除。

华为ensp园区网络设计与实施

1.企业背景

2.项目具体要求

3. 实验拓扑及规划

3.1 网络拓扑结构图

3.2 网络设备命名与设备连接表

3.3 IP地址规划

3.4 VLAN规划表

4. 开启telnet管理功能

4.1 开启路由器telnet：

4.2 开启交换机telnet：

5. 配置端口聚合

6 核心交换机冗余备份

7. 配置单臂路由

8. 配置DHCP服务

9. 配置生成树MSTP协议

10. 配置OSPF

11. 配置默认路由

12. 配置NAT

13. 配置ACL访问控制列表

14. 各设备的运行配置列表

分公司1

分公司2

总部

服务器

发表评论

“华为ensp园区网络设计与实施”的评论:

关于作者

overfit同步小助手

相关阅读

文章导航