0
0

基于华为Ensp的校园/企业网的网络设计

设计图(文章结尾附上细节图)

引言

这是我的设计图,(软件还是Ensp,只不过是换了图标),该图主攻适用于设计基于IPSec VPN技术的小伙伴,其运用到的技术还有VLAN划分、三层架构、MSTP+VRRP、链路聚合、DHCP、WLAN(无线局域网)、OSPF、双击热备、IPSec VPN、单臂路由、DHCP技术等一系列,对毕设课题进行参考,场景适用于毕业设计、校园网络规划和企业网络规划。由什么问题可以在平台私信博主,看到会回,有什么不对的地方见谅,本人也是刚接触不久。上配置!

该网络配置全过程

总部/总校区部分

1、接入SW1

  1. <Huawei>system-view
  2. [Huawei]sysname S1
  3. [S1]undo info-center enable 
  4. [S1]vlan batch 10 120
  5. [S1]interface Ethernet0/0/1
  6. [S1-Ethernet0/0/1] port link-type access
  7. [S1-Ethernet0/0/1] port default vlan 10
  8. [S1-Ethernet0/0/1]interface Ethernet0/0/2
  9. [S1-Ethernet0/0/2] port link-type trunk
  10. [S1-Ethernet0/0/2] port trunk pvid vlan 120
  11. [S1-Ethernet0/0/2] port trunk allow-pass vlan 10 120
  12. [S1-Ethernet0/0/2]interface Ethernet0/0/3
  13. [S1-Ethernet0/0/3] port link-type access
  14. [S1-Ethernet0/0/3] port default vlan 10
  15. [S1-GigabitEthernet0/0/1] port link-type trunk
  16. [S1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 120
  17. [S1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
  18. [S1-GigabitEthernet0/0/2] port link-type trunk
  19. [S1-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 120

2、接入SW2

  1. <Huawei>system-view
  2. [Huawei]sysname S2
  3. [S2]undo info-center enable
  4. [S2]undo info-center enable 
  5. [S2]vlan batch 20 120
  6. [S2]interface Ethernet0/0/1
  7. [S2-Ethernet0/0/1] port link-type access
  8. [S2-Ethernet0/0/1] port default vlan 20
  9. [S2-Ethernet0/0/1]interface Ethernet0/0/2
  10. [S2-Ethernet0/0/2] port link-type trunk
  11. [S2-Ethernet0/0/2] port trunk pvid vlan 120
  12. [S2-Ethernet0/0/2] port trunk allow-pass vlan 20 120
  13. [S2-Ethernet0/0/2]interface Ethernet0/0/3
  14. [S2-Ethernet0/0/3] port link-type access
  15. [S2-Ethernet0/0/3] port default vlan 20
  16. [S2-Ethernet0/0/3]interface GigabitEthernet0/0/1
  17. [S2-GigabitEthernet0/0/1] port link-type trunk
  18. [S2-GigabitEthernet0/0/1] port trunk allow-pass vlan 20 120
  19. [S2-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
  20. [S2-GigabitEthernet0/0/2] port link-type trunk
  21. [S2-GigabitEthernet0/0/2] port trunk allow-pass vlan 20 120

3、接入SW3

  1. <Huawei>system-view 
  2. [Huawei]sysname S3    
  3. [S3]undo info-center enable 
  4. Info: Information center is disabled.
  5. [S3]vlan batch 30 120
  6. [S3]interface Ethernet0/0/1
  7. [S3-Ethernet0/0/1] port link-type access
  8. [S3-Ethernet0/0/1] port default vlan 30
  9. [S3-Ethernet0/0/1]interface Ethernet0/0/2
  10. [S3-Ethernet0/0/2] port link-type trunk
  11. [S3-Ethernet0/0/2] port trunk pvid vlan 120
  12. [S3-Ethernet0/0/2] port trunk allow-pass vlan 30 120
  13. [S3-Ethernet0/0/2]interface Ethernet0/0/3
  14. [S3-Ethernet0/0/3] port link-type access
  15. [S3-Ethernet0/0/3] port default vlan 30
  16. [S3-Ethernet0/0/3]interface GigabitEthernet0/0/1
  17. [S3-GigabitEthernet0/0/1] port link-type trunk
  18. [S3-GigabitEthernet0/0/1] port trunk allow-pass vlan 30 120
  19. [S3-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
  20. [S3-GigabitEthernet0/0/2] port link-type trunk
  21. [S3-GigabitEthernet0/0/2] port trunk allow-pass vlan 30 120

4、接入SW4

  1. <Huawei>system-view 
  2. [Huawei]sysname S4    
  3. [S4]undo info-center enable 
  4. [s4]vlan batch 40
  5. [s4]interface Ethernet0/0/1
  6. [s4-Ethernet0/0/1] port link-type access
  7. [s4-Ethernet0/0/1] port default vlan 40
  8. [s4-Ethernet0/0/1]interface Ethernet0/0/2
  9. [s4-Ethernet0/0/3] port link-type access
  10. [s4-Ethernet0/0/3] port default vlan 40
  11. [s4-Ethernet0/0/3]interface GigabitEthernet0/0/1
  12. [s4-GigabitEthernet0/0/1] port link-type trunk
  13. [s4-GigabitEthernet0/0/1] port trunk allow-pass vlan 40
  14. [s4-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
  15. [s4-GigabitEthernet0/0/2] port link-type trunk
  16. [s4-GigabitEthernet0/0/2] port trunk allow-pass vlan 40

5、接入SW5

  1. <Huawei>system-view 
  2. [Huawei]sysname S5    
  3. [S5]undo info-center enable 
  4. [S5]vlan ba 50
  5. [S5]interface Ethernet0/0/1
  6. [S5-Ethernet0/0/1] port link-type access
  7. [S5-Ethernet0/0/1] port default vlan 50
  8. [S5-Ethernet0/0/1]interface Ethernet0/0/3
  9. [S5-Ethernet0/0/3] port link-type access
  10. [S5-Ethernet0/0/3] port default vlan 50
  11. [S5-Ethernet0/0/3]interface GigabitEthernet0/0/1
  12. [S5-GigabitEthernet0/0/1] port link-type trunk
  13. [S5-GigabitEthernet0/0/1] port trunk allow-pass vlan 50
  14. [S5-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
  15. [S5-GigabitEthernet0/0/2] port link-type trunk
  16. [S5-GigabitEthernet0/0/2] port trunk allow-pass vlan 50

6、接入SW6

  1. <Huawei>system-view 
  2. [Huawei]sysname S6    
  3. [S6]undo info-center enable 
  4. [S6]vlan batch 60
  5. [S6]interface Ethernet0/0/1
  6. [S6-Ethernet0/0/1] port link-type access
  7. [S6-Ethernet0/0/1] port default vlan 60
  8. [S6-Ethernet0/0/1]interface Ethernet0/0/3
  9. [S6-Ethernet0/0/3] port link-type access
  10. [S6-Ethernet0/0/3] port default vlan 60
  11. [S6-Ethernet0/0/3]interface GigabitEthernet0/0/1
  12. [S6-GigabitEthernet0/0/1] port link-type trunk
  13. [S6-GigabitEthernet0/0/1] port trunk allow-pass vlan 60
  14. [S6-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
  15. [S6-GigabitEthernet0/0/2] port link-type trunk
  16. [S6-GigabitEthernet0/0/2] port trunk allow-pass vlan 60

7、接入SW7

  1. <Huawei>system-view 
  2. [Huawei]sysname S7    
  3. [S7]undo info-center enable 
  4. [S7]vlan batch 70 120
  5. [S7]interface Ethernet0/0/1
  6. [S7-Ethernet0/0/1] port link-type access
  7. [S7-Ethernet0/0/1] port default vlan 70
  8. [S7-Ethernet0/0/1]interface Ethernet0/0/2
  9. [S7-Ethernet0/0/2] port link-type trunk
  10. [S7-Ethernet0/0/2] port trunk pvid vlan 120
  11. [S7-Ethernet0/0/2] port trunk allow-pass vlan 70 120
  12. [S7-Ethernet0/0/2]interface Ethernet0/0/3
  13. [S7-Ethernet0/0/3] port link-type access
  14. [S7-Ethernet0/0/3] port default vlan 70
  15. [S7-Ethernet0/0/3]interface GigabitEthernet0/0/1
  16. [S7-GigabitEthernet0/0/1] port link-type trunk
  17. [S7-GigabitEthernet0/0/1] port trunk allow-pass vlan 70 120
  18. [S7-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
  19. [S7-GigabitEthernet0/0/2] port link-type trunk
  20. [S7-GigabitEthernet0/0/2] port trunk allow-pass vlan 70 120

8、接入SW8

  1. <Huawei>system-view 
  2. [Huawei]sysname S8    
  3. [S8]undo info-center enable 
  4. [S8]vlan batch 80 120
  5. [S8]interface Ethernet0/0/1
  6. [S8-Ethernet0/0/1] port link-type access
  7. [S8-Ethernet0/0/1] port default vlan 80
  8. [S8-Ethernet0/0/1]interface Ethernet0/0/2
  9. [S8-Ethernet0/0/2] port link-type trunk
  10. [S8-Ethernet0/0/2] port trunk pvid vlan 120
  11. [S8-Ethernet0/0/2] port trunk allow-pass vlan 80 120
  12. [S8-Ethernet0/0/2]interface Ethernet0/0/3
  13. [S8-Ethernet0/0/3] port link-type access
  14. [S8-Ethernet0/0/3] port default vlan 80
  15. [S8-Ethernet0/0/3]interface GigabitEthernet0/0/1
  16. [S8-GigabitEthernet0/0/1] port link-type trunk
  17. [S8-GigabitEthernet0/0/1] port trunk allow-pass vlan 80 120
  18. [S8-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
  19. [S8-GigabitEthernet0/0/2] port link-type trunk
  20. [S8-GigabitEthernet0/0/2] port trunk allow-pass vlan 80 120

9、接入SW9

  1. <Huawei>system-view 
  2. [Huawei]sysname S9    
  3. [S9]undo info-center enable 
  4. [S9]vlan batch 90
  5. [S9]interface Ethernet0/0/1
  6. [S9-Ethernet0/0/1] port link-type access
  7. [S9-Ethernet0/0/1] port default vlan 90
  8. [S9-Ethernet0/0/1]interface Ethernet0/0/3
  9. [S9-Ethernet0/0/3] port link-type access
  10. [S9-Ethernet0/0/3] port default vlan 90
  11. [S9-Ethernet0/0/3]interface GigabitEthernet0/0/1
  12. [S9-GigabitEthernet0/0/1] port link-type trunk
  13. [S9-GigabitEthernet0/0/1] port trunk allow-pass vlan 90
  14. [S9-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
  15. [S9-GigabitEthernet0/0/2] port link-type trunk
  16. [S9-GigabitEthernet0/0/2] port trunk allow-pass vlan 90

10、接入SW10

  1. <Huawei>system-view 
  2. [Huawei]sysname S10    
  3. [S10]undo info-center enable 
  4. [S10]vlan batch 100 110
  5. [S10]interface Ethernet0/0/1
  6. [S10-Ethernet0/0/1] port link-type access
  7. [S10-Ethernet0/0/1] port default vlan 100
  8. [S10-Ethernet0/0/1]interface Ethernet0/0/3
  9. [S10-Ethernet0/0/3] port link-type access
  10. [S10-Ethernet0/0/3] port default vlan 100
  11. [S10-Ethernet0/0/3]interface GigabitEthernet0/0/1
  12. [S10-GigabitEthernet0/0/1] port link-type trunk
  13. [S10-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
  14. [S10-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
  15. [S10-GigabitEthernet0/0/2] port link-type trunk
  16. [S10-GigabitEthernet0/0/2] port trunk allow-pass vlan 100

11、接入SW11

  1. <Huawei>system-view 
  2. [Huawei]sysname S11    
  3. [S11]undo info-center enable 
  4. [S11]vlan batch 110
  5. [S11]interface Ethernet0/0/1
  6. [S11-Ethernet0/0/1] port link-type access
  7. [S11-Ethernet0/0/1] port default vlan 110
  8. [S11-Ethernet0/0/1]interface Ethernet0/0/3
  9. [S11-Ethernet0/0/3] port link-type access
  10. [S11-Ethernet0/0/3] port default vlan 110
  11. [S11-Ethernet0/0/3]interface GigabitEthernet0/0/1
  12. [S11-GigabitEthernet0/0/1] port link-type trunk
  13. [S11-GigabitEthernet0/0/1] port trunk allow-pass vlan 110
  14. [S11-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
  15. [S11-GigabitEthernet0/0/2] port link-type trunk
  16. [S11-GigabitEthernet0/0/2] port trunk allow-pass vlan 110

12、汇聚LSW1

  1. <Huawei>system-view
  2. [Huawei]sysname SW1
  3. [SW1]undo info-center enable
  4. [SW1]vlan batch 10 20 30 40 50 60 70 80 90 100
  5. [SW1]vlan batch 110 120 130 150
  6. [SW1]dhcp enable
  7. [SW1]stp region-configuration
  8. [SW1-mst-region] region-name mstp
  9. [SW1-mst-region] revision-level 10
  10. [SW1-mst-region] instance 1 vlan 10 20 30 40 50 60 
  11. [SW1-mst-region] instance 2 vlan 70 80 90 100 110 120 
  12. [SW1-mst-region] instance 3 vlan 130 
  13. [SW1-mst-region] active region-configuration
  14. [SW1-mst-region]interface GigabitEthernet0/0/1
  15. [SW1-GigabitEthernet0/0/1] port link-type trunk
  16. [SW1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 120
  17. [SW1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
  18. [SW1-GigabitEthernet0/0/2] port link-type trunk
  19. [SW1-GigabitEthernet0/0/2] port trunk allow-pass vlan 20 120
  20. [SW1-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3
  21. [SW1-GigabitEthernet0/0/3] port link-type trunk
  22. [SW1-GigabitEthernet0/0/3] port trunk allow-pass vlan 30 120
  23. [SW1-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4
  24. [SW1-GigabitEthernet0/0/4] port link-type trunk
  25. [SW1-GigabitEthernet0/0/4] port trunk allow-pass vlan 40 120
  26. [SW1-GigabitEthernet0/0/4]interface GigabitEthernet0/0/5
  27. [SW1-GigabitEthernet0/0/5] port link-type trunk
  28. [SW1-GigabitEthernet0/0/5] port trunk allow-pass vlan 50 120
  29. [SW1-GigabitEthernet0/0/5]interface GigabitEthernet0/0/6
  30. [SW1-GigabitEthernet0/0/6] port link-type trunk
  31. [SW1-GigabitEthernet0/0/6] port trunk allow-pass vlan 60 120
  32. [SW1-GigabitEthernet0/0/6]interface GigabitEthernet0/0/7
  33. [SW1-GigabitEthernet0/0/7] port link-type trunk
  34. [SW1-GigabitEthernet0/0/7] port trunk allow-pass vlan 70 120
  35. [SW1-GigabitEthernet0/0/7]interface GigabitEthernet0/0/8
  36. [SW1-GigabitEthernet0/0/8] port link-type trunk
  37. [SW1-GigabitEthernet0/0/8] port trunk allow-pass vlan 80 120
  38. [SW1-GigabitEthernet0/0/8]interface GigabitEthernet0/0/9
  39. [SW1-GigabitEthernet0/0/9] port link-type trunk
  40. [SW1-GigabitEthernet0/0/9] port trunk allow-pass vlan 90 120
  41. [SW1-GigabitEthernet0/0/9]interface GigabitEthernet0/0/10
  42. [SW1-GigabitEthernet0/0/10] port link-type trunk
  43. [SW1-GigabitEthernet0/0/10] port trunk allow-pass vlan 100 120
  44. [SW1-GigabitEthernet0/0/10]interface GigabitEthernet0/0/11
  45. [SW1-GigabitEthernet0/0/11] port link-type trunk
  46. [SW1-GigabitEthernet0/0/11] port trunk allow-pass vlan 110 120
  47. [SW1-GigabitEthernet0/0/11]interface GigabitEthernet0/0/12
  48. [SW1-GigabitEthernet0/0/12] port link-type access
  49. [SW1-GigabitEthernet0/0/12] port default vlan 130
  50. [SW1-GigabitEthernet0/0/12]interface GigabitEthernet0/0/13
  51. [SW1-GigabitEthernet0/0/13] port link-type access
  52. [SW1-GigabitEthernet0/0/13] port default vlan 150
  53. [SW1-GigabitEthernet0/0/13]quit
  54. [SW1]interface Vlanif1
  55. [SW1-Vlanif1] ip address 192.168.1.1 255.255.255.0 
  56. [SW1-Vlanif1]interface Vlanif10
  57. [SW1-Vlanif10] ip address 192.168.8.2 255.255.248.0 
  58. [SW1-Vlanif10] vrrp vrid 10 virtual-ip 192.168.8.1
  59. [SW1-Vlanif10] vrrp vrid 10 priority 120
  60. [SW1-Vlanif10] dhcp select relay
  61. [SW1-Vlanif10] dhcp relay server-ip 192.168.150.1
  62. [SW1-Vlanif10]interface Vlanif20
  63. [SW1-Vlanif20] ip address 192.168.16.2 255.255.255.0 
  64. [SW1-Vlanif20] vrrp vrid 20 virtual-ip 192.168.16.1
  65. [SW1-Vlanif20] vrrp vrid 20 priority 120
  66. [SW1-Vlanif20] dhcp select relay
  67. [SW1-Vlanif20] dhcp relay server-ip 192.168.150.1
  68. [SW1-Vlanif20]interface Vlanif30
  69. [SW1-Vlanif30] ip address 192.168.17.2 255.255.255.0 
  70. [SW1-Vlanif30] vrrp vrid 30 virtual-ip 192.168.17.1
  71. [SW1-Vlanif30] vrrp vrid 30 priority 120
  72. [SW1-Vlanif30] dhcp select relay
  73. [SW1-Vlanif30] dhcp relay server-ip 192.168.150.1
  74. [SW1-Vlanif30]interface Vlanif40
  75. [SW1-Vlanif40] ip address 192.168.20.2 255.255.252.0 
  76. [SW1-Vlanif40] vrrp vrid 40 virtual-ip 192.168.20.1
  77. [SW1-Vlanif40] vrrp vrid 40 priority 120
  78. [SW1-Vlanif40] dhcp select relay
  79. [SW1-Vlanif40] dhcp relay server-ip 192.168.150.1
  80. [SW1-Vlanif40]interface Vlanif50
  81. [SW1-Vlanif50] ip address 192.168.24.2 255.255.255.0 
  82. [SW1-Vlanif50] vrrp vrid 50 virtual-ip 192.168.24.1
  83. [SW1-Vlanif50] vrrp vrid 50 priority 120
  84. [SW1-Vlanif50] dhcp select relay
  85. [SW1-Vlanif50] dhcp relay server-ip 192.168.150.1
  86. [SW1-Vlanif50]interface Vlanif60
  87. [SW1-Vlanif60] ip address 192.168.25.2 255.255.255.0 
  88. [SW1-Vlanif60] vrrp vrid 60 virtual-ip 192.168.25.1
  89. [SW1-Vlanif60] vrrp vrid 60 priority 120
  90. [SW1-Vlanif60] dhcp select relay
  91. [SW1-Vlanif60] dhcp relay server-ip 192.168.150.1
  92. [SW1-Vlanif60]interface Vlanif70
  93. [SW1-Vlanif70] ip address 192.168.32.2 255.255.248.0 
  94. [SW1-Vlanif70] vrrp vrid 70 virtual-ip 192.168.32.1
  95. [SW1-Vlanif70] dhcp select relay
  96. [SW1-Vlanif70] dhcp relay server-ip 192.168.150.1
  97. [SW1-Vlanif70]interface Vlanif80
  98. [SW1-Vlanif80] ip address 192.168.40.2 255.255.255.0 
  99. [SW1-Vlanif80] vrrp vrid 80 virtual-ip 192.168.40.1
  100. [SW1-Vlanif80] dhcp select relay
  101. [SW1-Vlanif80] dhcp relay server-ip 192.168.150.1
  102. [SW1-Vlanif80]interface Vlanif90
  103. [SW1-Vlanif90] ip address 192.168.44.2 255.255.252.0 
  104. [SW1-Vlanif90] vrrp vrid 90 virtual-ip 192.168.44.1
  105. [SW1-Vlanif90] dhcp select relay
  106. [SW1-Vlanif90] dhcp relay server-ip 192.168.150.1
  107. [SW1-Vlanif90]interface Vlanif100
  108. [SW1-Vlanif100] ip address 192.168.48.2 255.255.252.0 
  109.  
  110. [SW1-Vlanif100] vrrp vrid 100 virtual-ip 192.168.48.1
  111. [SW1-Vlanif100] dhcp select relay
  112. [SW1-Vlanif100] dhcp relay server-ip 192.168.150.1
  113. [SW1-Vlanif110] vrrp vrid 110 virtual-ip 192.168.52.1
  114. [SW1-Vlanif110] dhcp select relay
  115. [SW1-Vlanif110] dhcp relay server-ip 192.168.150.1
  116. [SW1-Vlanif110]interface Vlanif120
  117. [SW1-Vlanif120] ip address 192.168.53.2 255.255.255.0 
  118. [SW1-Vlanif120] vrrp vrid 120 virtual-ip 192.168.53.1
  119. [SW1-Vlanif120] dhcp select relay
  120. [SW1-Vlanif120] dhcp relay server-ip 192.168.150.1
  121. [SW1-Vlanif120]interface Vlanif130
  122. [SW1-Vlanif130] ip address 192.168.130.2 255.255.255.0 
  123. [SW1-Vlanif130]interface Vlanif150
  124. [SW1-Vlanif150] ip address 192.168.150.2 255.255.255.0
  125. [SW1-Vlanif150]ospf 1 
  126. [SW1-ospf-1] import-route direct
  127. [SW1-ospf-1] area 0.0.0.0 
  128. [SW1-ospf-1-area-0.0.0.0]  network 192.168.1.1 0.0.0.0 
  129. [SW1-ospf-1-area-0.0.0.0]  network 192.168.8.2 0.0.0.0 
  130. [SW1-ospf-1-area-0.0.0.0]  network 192.168.16.2 0.0.0.0 
  131. [SW1-ospf-1-area-0.0.0.0]  network 192.168.17.2 0.0.0.0 
  132. [SW1-ospf-1-area-0.0.0.0]  network 192.168.20.2 0.0.0.0 
  133. [SW1-ospf-1-area-0.0.0.0]  network 192.168.24.2 0.0.0.0 
  134. [SW1-ospf-1-area-0.0.0.0]  network 192.168.25.2 0.0.0.0 
  135. [SW1-ospf-1-area-0.0.0.0]  network 192.168.32.2 0.0.0.0 
  136. [SW1-ospf-1-area-0.0.0.0]  network 192.168.40.2 0.0.0.0 
  137. [SW1-ospf-1-area-0.0.0.0]  network 192.168.44.2 0.0.0.0 
  138. [SW1-ospf-1-area-0.0.0.0]  network 192.168.48.2 0.0.0.0 
  139. [SW1-ospf-1-area-0.0.0.0]  network 192.168.52.2 0.0.0.0 
  140. [SW1-ospf-1-area-0.0.0.0]  network 192.168.53.2 0.0.0.0
  141. [SW1-ospf-1-area-0.0.0.0]stp instance 1 root primary
  142. [SW1]stp instance 2 root secondary
  143. [SW1]stp instance 3 root primary

13、汇聚LSW2

  1. <Huawei>system-view
  2. [Huawei]sysname SW2
  3. [SW2]undo info-center enable
  4. [SW2]vlan batch 10 20 30 40 50 60 70 80 90 100
  5. [SW2]vlan batch 110 120
  6. [SW2]dhcp enable
  7. [SW2]stp region-configuration
  8. [SW2-mst-region] region-name mstp
  9. [SW2-mst-region] revision-level 10
  10. [SW2-mst-region] instance 1 vlan 10 20 30 40 50 60 
  11. [SW2-mst-region] instance 2 vlan 70 80 90 100 110 120 
  12. [SW2-mst-region] instance 3 vlan 130 
  13. [SW2-mst-region] active region-configuration
  14. [SW2-mst-region]interface GigabitEthernet0/0/1
  15. [SW2-GigabitEthernet0/0/1] port link-type trunk
  16. [SW2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 120
  17. [SW2-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
  18. [SW2-GigabitEthernet0/0/2] port link-type trunk
  19. [SW2-GigabitEthernet0/0/2] port trunk allow-pass vlan 20 120
  20. [SW2-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3
  21. [SW2-GigabitEthernet0/0/3] port link-type trunk
  22. [SW2-GigabitEthernet0/0/3] port trunk allow-pass vlan 30 120
  23. [SW2-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4
  24. [SW2-GigabitEthernet0/0/4] port link-type trunk
  25. [SW2-GigabitEthernet0/0/4] port trunk allow-pass vlan 40 120
  26. [SW2-GigabitEthernet0/0/4]interface GigabitEthernet0/0/5
  27. [SW2-GigabitEthernet0/0/5] port link-type trunk
  28. [SW2-GigabitEthernet0/0/5] port trunk allow-pass vlan 50 120
  29. [SW2-GigabitEthernet0/0/5]interface GigabitEthernet0/0/6
  30. [SW2-GigabitEthernet0/0/6] port link-type trunk
  31. [SW2-GigabitEthernet0/0/6] port trunk allow-pass vlan 60 120
  32. [SW2-GigabitEthernet0/0/6]interface GigabitEthernet0/0/7
  33. [SW2-GigabitEthernet0/0/7] port link-type trunk
  34. [SW2-GigabitEthernet0/0/7] port trunk allow-pass vlan 70 120
  35. [SW2-GigabitEthernet0/0/7]interface GigabitEthernet0/0/8
  36. [SW2-GigabitEthernet0/0/8] port link-type trunk
  37. [SW2-GigabitEthernet0/0/8] port trunk allow-pass vlan 80 120
  38. [SW2-GigabitEthernet0/0/8]interface GigabitEthernet0/0/9
  39. [SW2-GigabitEthernet0/0/9] port link-type trunk
  40. [SW2-GigabitEthernet0/0/9] port trunk allow-pass vlan 90 120
  41. [SW2-GigabitEthernet0/0/9]interface GigabitEthernet0/0/10
  42. [SW2-GigabitEthernet0/0/10] port link-type trunk
  43. [SW2-GigabitEthernet0/0/10] port trunk allow-pass vlan 100 120
  44. [SW2-GigabitEthernet0/0/10]interface GigabitEthernet0/0/11
  45. [SW2-GigabitEthernet0/0/11] port link-type trunk
  46. [SW2-GigabitEthernet0/0/11] port trunk allow-pass vlan 110 120
  47. [SW2-GigabitEthernet0/0/11]interface Eth-Trunk1
  48. [SW2-Eth-Trunk1] port link-type trunk
  49. [SW2-Eth-Trunk1] port trunk allow-pass vlan 10 20 30 40 50 60 70 80 90 100
  50. [SW2-Eth-Trunk1] port trunk allow-pass vlan 110 120
  51. [SW2-Eth-Trunk1] mode lacp-static
  52. [SW2-Eth-Trunk1]interface Vlanif1
  53. [SW2-Vlanif1] ip address 192.168.2.1 255.255.255.0 
  54. [SW2-Vlanif1]interface Vlanif10
  55. [SW2-Vlanif10] ip address 192.168.8.3 255.255.248.0 
  56. [SW2-Vlanif10] vrrp vrid 10 virtual-ip 192.168.8.1
  57. [SW2-Vlanif10] dhcp select relay
  58. [SW2-Vlanif10] dhcp relay server-ip 192.168.150.1
  59. [SW2-Vlanif10]interface Vlanif20
  60. [SW2-Vlanif20] ip address 192.168.16.3 255.255.255.0 
  61. [SW2-Vlanif20] vrrp vrid 20 virtual-ip 192.168.16.1
  62. [SW2-Vlanif20] dhcp select relay
  63. [SW2-Vlanif20] dhcp relay server-ip 192.168.150.1
  64. [SW2-Vlanif20]interface Vlanif30
  65. [SW2-Vlanif30] ip address 192.168.17.3 255.255.255.0 
  66. [SW2-Vlanif30] vrrp vrid 30 virtual-ip 192.168.17.1
  67. [SW2-Vlanif30] dhcp select relay
  68. [SW2-Vlanif30] dhcp relay server-ip 192.168.150.1
  69. [SW2-Vlanif30]interface Vlanif40
  70. [SW2-Vlanif40] ip address 192.168.20.3 255.255.252.0 
  71. [SW2-Vlanif40] vrrp vrid 40 virtual-ip 192.168.20.1
  72. [SW2-Vlanif40] dhcp select relay
  73. [SW2-Vlanif40] dhcp relay server-ip 192.168.150.1
  74. [SW2-Vlanif40]interface Vlanif50
  75. [SW2-Vlanif50] ip address 192.168.24.3 255.255.255.0 
  76. [SW2-Vlanif50] vrrp vrid 50 virtual-ip 192.168.24.1
  77. [SW2-Vlanif50] dhcp select relay
  78. [SW2-Vlanif50] dhcp relay server-ip 192.168.150.1
  79. [SW2-Vlanif50]interface Vlanif60
  80. [SW2-Vlanif60] ip address 192.168.25.3 255.255.255.0 
  81. [SW2-Vlanif60] vrrp vrid 60 virtual-ip 192.168.25.1
  82. [SW2-Vlanif60] dhcp select relay
  83. [SW2-Vlanif60] dhcp relay server-ip 192.168.150.1
  84. [SW2-Vlanif60]interface Vlanif70
  85. [SW2-Vlanif70] ip address 192.168.32.3 255.255.248.0 
  86. [SW2-Vlanif70] vrrp vrid 70 virtual-ip 192.168.32.1
  87. [SW2-Vlanif70] vrrp vrid 70 priority 120
  88. [SW2-Vlanif70] dhcp select relay
  89. [SW2-Vlanif70] dhcp relay server-ip 192.168.150.1
  90. [SW2-Vlanif70]interface Vlanif80
  91. [SW2-Vlanif80] ip address 192.168.40.3 255.255.255.0 
  92. [SW2-Vlanif80] vrrp vrid 80 virtual-ip 192.168.40.1
  93. [SW2-Vlanif80] vrrp vrid 80 priority 120
  94. [SW2-Vlanif80] dhcp select relay
  95. [SW2-Vlanif80] dhcp relay server-ip 192.168.150.1
  96. [SW2-Vlanif80]interface Vlanif90
  97. [SW2-Vlanif90] ip address 192.168.44.3 255.255.252.0 
  98. [SW2-Vlanif90] vrrp vrid 90 virtual-ip 192.168.44.1
  99. [SW2-Vlanif90] vrrp vrid 90 priority 120
  100. [SW2-Vlanif90] dhcp relay server-ip 192.168.150.1
  101. [SW2-Vlanif90]interface Vlanif100
  102. [SW2-Vlanif100] ip address 192.168.48.3 255.255.252.0 
  103. [SW2-Vlanif100] vrrp vrid 100 virtual-ip 192.168.48.1
  104. [SW2-Vlanif100] vrrp vrid 100 priority 120
  105. [SW2-Vlanif100] dhcp select relay
  106. [SW2-Vlanif100] dhcp relay server-ip 192.168.150.1
  107. [SW2-Vlanif100]interface Vlanif110
  108. [SW2-Vlanif110] ip address 192.168.52.3 255.255.255.0 
  109. [SW2-Vlanif110] vrrp vrid 110 virtual-ip 192.168.52.1
  110. [SW2-Vlanif110] vrrp vrid 110 priority 120
  111. [SW2-Vlanif110] dhcp select relay
  112. [SW2-Vlanif110]ospf 1 
  113. [SW2-ospf-1] area 0.0.0.0 
  114. [SW2-ospf-1-area-0.0.0.0]  network 192.168.2.1 0.0.0.0 
  115. [SW2-ospf-1-area-0.0.0.0]  network 192.168.8.3 0.0.0.0 
  116. [SW2-ospf-1-area-0.0.0.0]  network 192.168.16.3 0.0.0.0 
  117. [SW2-ospf-1-area-0.0.0.0]  network 192.168.17.3 0.0.0.0 
  118. [SW2-ospf-1-area-0.0.0.0]  network 192.168.20.3 0.0.0.0 
  119. [SW2-ospf-1-area-0.0.0.0]  network 192.168.24.3 0.0.0.0 
  120. [SW2-ospf-1-area-0.0.0.0]  network 192.168.25.3 0.0.0.0 
  121. [SW2-ospf-1-area-0.0.0.0]  network 192.168.32.3 0.0.0.0 
  122. [SW2-ospf-1-area-0.0.0.0]  network 192.168.40.3 0.0.0.0 
  123. [SW2-ospf-1-area-0.0.0.0]  network 192.168.44.3 0.0.0.0 
  124. [SW2-ospf-1-area-0.0.0.0]  network 192.168.48.3 0.0.0.0 
  125. [SW2-ospf-1-area-0.0.0.0]  network 192.168.52.3 0.0.0.0 
  126. [SW2-ospf-1-area-0.0.0.0]  network 192.168.53.3 0.0.0.0
  127. [SW2-ospf-1-area-0.0.0.0]stp instance 1 root secondary
  128. [SW2]stp instance 2 root primary
  129. [SW2]stp instance 3 root secondary

14、无线AC

  1. <AC6005>system-view 
  2. [AC6005]undo info-center enable 
  3. [AC6005] sysname AC1
  4. [AC1]vlan batch 130
  5. [AC1]vlan pool vlan10
  6. [AC1-vlan-pool-vlan10] vlan 10
  7. [AC1-vlan-pool-vlan10]vlan pool vlan20
  8. [AC1-vlan-pool-vlan20] vlan 20
  9. [AC1-vlan-pool-vlan20]vlan pool vlan30
  10. [AC1-vlan-pool-vlan30] vlan 30
  11. [AC1-vlan-pool-vlan30]vlan pool vlan70
  12. [AC1-vlan-pool-vlan70] vlan 70
  13. [AC1-vlan-pool-vlan70]vlan pool vlan80
  14. [AC1-vlan-pool-vlan80] vlan 80
  15. [AC1-vlan-pool-vlan80]quit
  16. [AC1]interface Vlanif130
  17. [AC1-Vlanif130] ip address 192.168.130.1 255.255.255.0
  18. [AC1-Vlanif130]interface GigabitEthernet0/0/1
  19. [AC1-GigabitEthernet0/0/1] port link-type access
  20. [AC1-GigabitEthernet0/0/1] port default vlan 130
  21. [AC1-GigabitEthernet0/0/1]quit
  22. [AC1]ip route-static 0.0.0.0 0.0.0.0 192.168.130.2
  23. [AC1]capwap source interface vlanif130
  24. [AC1]wlan    
  25. [AC1-wlan-view]ap auth-mode mac-auth 
  26. [AC1-wlan-view]regulatory-domain-profile name China
  27. [AC1-wlan-regulate-domain-China]country-code CN 
  28. [AC1-wlan-regulate-domain-China]quit
  29. [AC1-wlan-view]ap-id 1 type-id 69 ap-mac 00e0-fc8b-7c80
  30. [AC1-wlan-ap-1]ap-name AP1
  31. [AC1-wlan-ap-1]ap-group ap1
  32. [AC1-wlan-ap-1]ap-id 2 type-id 69 ap-mac 00e0-fc5d-2640 
  33. [AC1-wlan-ap-2] ap-name AP2
  34. [AC1-wlan-ap-2] ap-group ap2
  35. [AC1-wlan-ap-2] ap-id 3 type-id 69 ap-mac 00e0-fc2e-5ad0 
  36. [AC1-wlan-ap-3]ap-name AP3
  37. [AC1-wlan-ap-3]ap-group ap3
  38. [AC1-wlan-ap-3]ap-id 4 type-id 69 ap-mac 00e0-fc3f-7770 
  39. [AC1-wlan-ap-4] ap-name AP4
  40. [AC1-wlan-ap-4]ap-group ap4
  41. [AC1-wlan-ap-4]ap-id 5 type-id 69 ap-mac 00e0-fcdc-0c70 
  42. [AC1-wlan-ap-5]ap-name AP5
  43. [AC1-wlan-ap-5]ap-group ap5
  44. [AC1-wlan-view] security-profile name xiaoyuan
  45. [AC1-wlan-sec-prof-xiaoyuan]security wpa2 psk pass-phrase 123456789 aes
  46. [AC1-wlan-sec-prof-xiaoyuan]quit
  47. [AC1-wlan-view] ssid-profile name xiaoyuan
  48. [AC1-wlan-ssid-prof-xiaoyuan]
  49. [AC1-wlan-ssid-prof-xiaoyuan]  ssid Campus Network
  50. [AC1-wlan-ssid-prof-xiaoyuan]quit
  51. [AC1-wlan-view] vap-profile name ap1
  52. [AC1-wlan-vap-prof-ap1]service-vlan vlan-pool vlan10
  53. [AC1-wlan-vap-prof-ap1]ssid-profile xiaoyuan
  54. [AC1-wlan-vap-prof-ap1]security-profile xiaoyuan
  55. [AC1-wlan-vap-prof-ap1]vap-profile name ap2
  56. [AC1-wlan-vap-prof-ap2]service-vlan vlan-pool vlan20
  57. [AC1-wlan-vap-prof-ap2]ssid-profile xiaoyuan
  58. [AC1-wlan-vap-prof-ap2]security-profile xiaoyuan
  59. [AC1-wlan-vap-prof-ap2]vap-profile name ap3
  60. [AC1-wlan-vap-prof-ap3]service-vlan vlan-pool vlan30
  61. [AC1-wlan-vap-prof-ap3]ssid-profile xiaoyuan
  62. [AC1-wlan-vap-prof-ap3]security-profile xiaoyuan
  63. [AC1-wlan-vap-prof-ap3]vap-profile name ap4
  64. [AC1-wlan-vap-prof-ap4]service-vlan vlan-pool vlan70
  65. [AC1-wlan-vap-prof-ap4]ssid-profile xiaoyuan
  66. [AC1-wlan-vap-prof-ap4]security-profile xiaoyuan
  67. [AC1-wlan-vap-prof-ap4]vap-profile name ap5
  68. [AC1-wlan-vap-prof-ap5]service-vlan vlan-pool vlan80
  69. [AC1-wlan-vap-prof-ap5]ssid-profile xiaoyuan
  70. [AC1-wlan-vap-prof-ap5]security-profile xiaoyuan
  71. [AC1-wlan-vap-prof-ap5]quit
  72. [AC1-wlan-view]ap-group name ap1
  73. [AC1-wlan-ap-group-ap1]regulatory-domain-profile China
  74. [AC1-wlan-ap-group-ap1]vap-profile ap1 wlan 1  radio 0    
  75. [AC1-wlan-ap-group-ap1]vap-profile ap1 wlan 1 radio 1
  76. [AC1-wlan-ap-group-ap1]quit
  77. [AC1-wlan-view]ap-group name ap2
  78. [AC1-wlan-ap-group-ap2]regulatory-domain-profile China
  79. [AC1-wlan-ap-group-ap2]vap-profile ap2 wlan 1  radio 0    
  80. [AC1-wlan-ap-group-ap2]vap-profile ap2 wlan 1 radio 1
  81. [AC1-wlan-ap-group-ap2]quit
  82. [AC1-wlan-view]ap-group name ap3
  83. [AC1-wlan-ap-group-ap3]regulatory-domain-profile China
  84. [AC1-wlan-ap-group-ap3]vap-profile ap3 wlan 1  radio 0    
  85. [AC1-wlan-ap-group-ap3]vap-profile ap3 wlan 1 radio 1
  86. [AC1-wlan-ap-group-ap3]quit
  87. [AC1-wlan-view]ap-group name ap4
  88. [AC1-wlan-ap-group-ap4]regulatory-domain-profile China
  89. [AC1-wlan-ap-group-ap4]vap-profile ap4 wlan 1  radio 0    
  90. [AC1-wlan-ap-group-ap4]vap-profile ap4 wlan 1 radio 1
  91. [AC1-wlan-ap-group-ap4]quit
  92. [AC1-wlan-view]ap-group name ap5
  93. [AC1-wlan-ap-group-ap5]regulatory-domain-profile China
  94. [AC1-wlan-ap-group-ap5]vap-profile ap5 wlan 1  radio 0    
  95. [AC1-wlan-ap-group-ap5]vap-profile ap5 wlan 1 radio 1
  96. [AC1-wlan-ap-group-ap5]quit

15、DHCP

这里使用一台路由器充当DHCP服务器

  1. <Huawei>system-view
  2. [Huawei]sysname DHCP
  3. [DHCP]undo info-center enable
  4. [DHCP]dhcp enable
  5. [DHCP]interface GigabitEthernet0/0/0
  6. [DHCP-GigabitEthernet0/0/0] ip address 192.168.150.1 255.255.255.0
  7. [DHCP-GigabitEthernet0/0/0] dhcp select global
  8. [DHCP-GigabitEthernet0/0/0]ip pool vlan10
  9. [DHCP-ip-pool-vlan10] gateway-list 192.168.8.1
  10. [DHCP-ip-pool-vlan10] network 192.168.8.0 mask 255.255.248.0
  11. [DHCP-ip-pool-vlan10] excluded-ip-address 192.168.8.2 192.168.8.3
  12. [DHCP-ip-pool-vlan10] dns-list 100.1.1.1
  13. [DHCP-ip-pool-vlan10]ip pool vlan20
  14. [DHCP-ip-pool-vlan20] gateway-list 192.168.16.1
  15. [DHCP-ip-pool-vlan20] network 192.168.16.0 mask 255.255.255.0
  16. [DHCP-ip-pool-vlan20] excluded-ip-address 192.168.16.2 192.168.16.3
  17. [DHCP-ip-pool-vlan20] dns-list 100.1.1.1
  18. [DHCP-ip-pool-vlan20]ip pool vlan30
  19. [DHCP-ip-pool-vlan30] gateway-list 192.168.17.1
  20. [DHCP-ip-pool-vlan30] network 192.168.17.0 mask 255.255.255.0
  21. [DHCP-ip-pool-vlan30] excluded-ip-address 192.168.17.2 192.168.17.3
  22. [DHCP-ip-pool-vlan30] dns-list 100.1.1.1
  23. [DHCP-ip-pool-vlan30]ip pool vlan40
  24. [DHCP-ip-pool-vlan40] gateway-list 192.168.20.1
  25. [DHCP-ip-pool-vlan40] network 192.168.20.0 mask 255.255.252.0
  26. [DHCP-ip-pool-vlan40] excluded-ip-address 192.168.20.2 192.168.20.3
  27. [DHCP-ip-pool-vlan40] dns-list 100.1.1.1
  28. [DHCP-ip-pool-vlan40]ip pool vlan50
  29. [DHCP-ip-pool-vlan50] gateway-list 192.168.24.1
  30. [DHCP-ip-pool-vlan50] network 192.168.24.0 mask 255.255.255.0
  31. [DHCP-ip-pool-vlan50] excluded-ip-address 192.168.24.2 192.168.24.3
  32. [DHCP-ip-pool-vlan50] dns-list 100.1.1.1
  33. [DHCP-ip-pool-vlan50]ip pool vlan60
  34. [DHCP-ip-pool-vlan60] gateway-list 192.168.25.1
  35. [DHCP-ip-pool-vlan60] network 192.168.25.0 mask 255.255.255.0
  36. [DHCP-ip-pool-vlan60] excluded-ip-address 192.168.25.2 192.168.25.3
  37. [DHCP-ip-pool-vlan60] dns-list 100.1.1.1
  38. [DHCP-ip-pool-vlan60]ip pool vlan70
  39. [DHCP-ip-pool-vlan70] gateway-list 192.168.32.1
  40. [DHCP-ip-pool-vlan70] network 192.168.32.0 mask 255.255.248.0
  41. [DHCP-ip-pool-vlan70] excluded-ip-address 192.168.32.2 192.168.32.3
  42. [DHCP-ip-pool-vlan70] dns-list 100.1.1.1
  43. [DHCP-ip-pool-vlan70]ip pool vlan80
  44. [DHCP-ip-pool-vlan80] gateway-list 192.168.40.1 
  45. [DHCP-ip-pool-vlan80] network 192.168.40.0 mask 255.255.255.0 
  46. [DHCP-ip-pool-vlan80] excluded-ip-address 192.168.40.2 192.168.40.3 
  47. [DHCP-ip-pool-vlan80] dns-list 100.1.1.1 
  48. [DHCP-ip-pool-vlan80]ip pool vlan90
  49. [DHCP-ip-pool-vlan90] gateway-list 192.168.44.1 
  50. [DHCP-ip-pool-vlan90] network 192.168.44.0 mask 255.255.252.0 
  51. [DHCP-ip-pool-vlan90] excluded-ip-address 192.168.44.2 192.168.44.3 
  52. [DHCP-ip-pool-vlan90] dns-list 100.1.1.1 
  53. [DHCP-ip-pool-vlan90]ip pool vlan100
  54. [DHCP-ip-pool-vlan100] gateway-list 192.168.48.1 
  55. [DHCP-ip-pool-vlan100] network 192.168.48.0 mask 255.255.252.0 
  56. [DHCP-ip-pool-vlan100] excluded-ip-address 192.168.48.2 192.168.48.3 
  57. [DHCP-ip-pool-vlan100] dns-list 100.1.1.1 
  58. [DHCP-ip-pool-vlan100]ip pool vlan110
  59. [DHCP-ip-pool-vlan110] gateway-list 192.168.52.1 
  60. [DHCP-ip-pool-vlan110] network 192.168.52.0 mask 255.255.255.0 
  61. [DHCP-ip-pool-vlan110] excluded-ip-address 192.168.52.2 192.168.52.3 
  62. [DHCP-ip-pool-vlan110] dns-list 100.1.1.1 
  63. [DHCP-ip-pool-vlan110]ip pool vlan120
  64. [DHCP-ip-pool-vlan120] gateway-list 192.168.53.1 
  65. [DHCP-ip-pool-vlan120] network 192.168.53.0 mask 255.255.255.0 
  66. [DHCP-ip-pool-vlan120] excluded-ip-address 192.168.53.2 192.168.53.3 
  67. [DHCP-ip-pool-vlan120] option 43 sub-option 3 ascii 192.168.130.1
  68. [DHCP-ip-pool-vlan120]ip route-static 0.0.0.0 0.0.0.0 192.168.150.2

16、核心AR1

  1. <Huawei>system-view
  2. [Huawei]sysname R1
  3. [R1]undo info-center enable
  4. [R1]interface GigabitEthernet0/0/0
  5. [R1-GigabitEthernet0/0/0] ip address 192.168.1.2 255.255.255.0 
  6. [R1-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1
  7. [R1-GigabitEthernet0/0/1] ip address 10.1.111.1 255.255.255.0 
  8. [R1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
  9. [R1-GigabitEthernet0/0/2] ip address 10.1.121.2 255.255.255.0 
  10. [R1-GigabitEthernet0/0/2]ospf 1 
  11. [R1-ospf-1] area 0.0.0.0 
  12. [R1-ospf-1-area-0.0.0.0]  network 10.1.111.1 0.0.0.0 
  13. [R1-ospf-1-area-0.0.0.0]  network 10.1.121.2 0.0.0.0 
  14. [R1-ospf-1-area-0.0.0.0]  network 192.168.1.2 0.0.0.0

17、核心AR2

  1. <Huawei>system-view
  2. [Huawei]sysname S2
  3. [S2]undo  info-center enable
  4. [S2]interface GigabitEthernet0/0/0
  5. [S2-GigabitEthernet0/0/0] ip address 192.168.2.2 255.255.255.0 
  6. [S2-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1
  7. [S2-GigabitEthernet0/0/1] ip address 10.1.111.2 255.255.255.0 
  8. [S2-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
  9. [S2-GigabitEthernet0/0/2] ip address 10.1.131.2 255.255.255.0 
  10. [S2-GigabitEthernet0/0/2]ospf 1 
  11. [S2-ospf-1]
  12. [S2-ospf-1] area 0.0.0.0 
  13. [S2-ospf-1-area-0.0.0.0]  network 10.1.111.2 0.0.0.0 
  14. [S2-ospf-1-area-0.0.0.0]  network 10.1.131.2 0.0.0.0 
  15. [S2-ospf-1-area-0.0.0.0]  network 192.168.2.2 0.0.0.0

18、防火墙FW1&FW2

  1. FW1
  2. <USG6000V1>system-view     
  3. [USG6000V1]undo info-center enable 
  4. [USG6000V1]sysname FW1
  5. [FW1]interface GigabitEthernet1/0/0
  6. [FW1-GigabitEthernet1/0/0] ip address 10.1.1.21 255.255.255.0
  7. [FW1-GigabitEthernet1/0/0] service-manage ping permit
  8. [FW1-GigabitEthernet1/0/0]interface GigabitEthernet1/0/1
  9. [FW1-GigabitEthernet1/0/1] undo shutdown
  10. Info: Interface GigabitEthernet1/0/1 is not shutdown.
  11. [FW1-GigabitEthernet1/0/1] ip address 10.1.121.1 255.255.255.0
  12. [FW1-GigabitEthernet1/0/1] service-manage ping permit
  13. [FW1-GigabitEthernet1/0/1]interface GigabitEthernet1/0/2
  14. [FW1-GigabitEthernet1/0/2] ip address 8.8.8.21 255.255.255.0
  15. [FW1-GigabitEthernet1/0/2] service-manage ping permit
  16. [FW1-GigabitEthernet1/0/2]interface GigabitEthernet1/0/3
  17. [FW1-GigabitEthernet1/0/3] ip address 100.1.1.252 255.255.255.0
  18. [FW1-GigabitEthernet1/0/3] vrrp vrid 10 virtual-ip 100.1.1.254 active
  19. [FW1-GigabitEthernet1/0/3] service-manage ping permit
  20. [FW1-GigabitEthernet1/0/3]quit
  21. [FW1]firewall zone trust
  22. [FW1-zone-trust] add interface GigabitEthernet1/0/1
  23. [FW1-zone-trust]firewall zone untrust
  24. [FW1-zone-untrust] add interface GigabitEthernet1/0/0
  25. [FW1-zone-untrust]firewall zone dmz
  26. [FW1-zone-dmz] add interface GigabitEthernet1/0/2
  27. [FW1-zone-dmz] add interface GigabitEthernet1/0/3
  28. [FW1-zone-dmz]quit
  29. [FW1]ospf 1
  30. [FW1-ospf-1] area 0.0.0.0
  31. [FW1-ospf-1-area-0.0.0.0]network 8.8.8.21 0.0.0.0
  32. [FW1-ospf-1-area-0.0.0.0]network 10.1.1.21 0.0.0.0
  33. [FW1-ospf-1-area-0.0.0.0]network 10.1.121.1 0.0.0.0
  34. [FW1-ospf-1-area-0.0.0.0]network 100.1.1.252 0.0.0.0
  35. [FW1-ospf-1-area-0.0.0.0]quit
  36. [FW1-ospf-1]quit
  38. FW2
  39. <USG6000V1>system-view 
  40. [USG6000V1]undo info-center enable 
  41. [USG6000V1]sysname FW2
  42. [FW2]interface GigabitEthernet1/0/0
  43. [FW2-GigabitEthernet1/0/0]ip address 20.1.1.22 255.255.255.0
  44. [FW2-GigabitEthernet1/0/0]service-manage ping permit
  45. [FW2-GigabitEthernet1/0/0]interface GigabitEthernet1/0/1
  46. [FW2-GigabitEthernet1/0/1]ip address 10.1.131.1 255.255.255.0
  47. [FW2-GigabitEthernet1/0/1]service-manage ping permit
  48. [FW2-GigabitEthernet1/0/1]interface GigabitEthernet1/0/2
  49. [FW2-GigabitEthernet1/0/2]ip address 8.8.8.22 255.255.255.0
  50. [FW2-GigabitEthernet1/0/2]service-manage ping permit
  51. [FW2-GigabitEthernet1/0/2]interface GigabitEthernet1/0/3
  52. [FW2-GigabitEthernet1/0/3] ip address 100.1.1.253 255.255.255.0
  53. [FW2-GigabitEthernet1/0/3]vrrp vrid 10 virtual-ip 100.1.1.254 standby
  54. [FW2-GigabitEthernet1/0/3]service-manage ping permit
  55. [FW2-GigabitEthernet1/0/3]quit
  56. [FW2]firewall zone trust
  57. [FW2-zone-trust] add interface GigabitEthernet1/0/1
  58. [FW2-zone-trust]firewall zone untrust
  59. [FW2-zone-untrust] add interface GigabitEthernet1/0/0
  60. [FW2-zone-untrust]firewall zone dmz
  61. [FW2-zone-dmz] add interface GigabitEthernet1/0/2
  62. [FW2-zone-dmz] add interface GigabitEthernet1/0/3
  63. [FW2-zone-dmz]quit
  64. [FW2]ospf 1
  65. [FW2-ospf-1]area 0.0.0.0
  66. [FW2-ospf-1-area-0.0.0.0]network 8.8.8.22 0.0.0.0
  67. [FW2-ospf-1-area-0.0.0.0]network 10.1.131.1 0.0.0.0
  68. [FW2-ospf-1-area-0.0.0.0]network 20.1.1.22 0.0.0.0
  69. [FW2-ospf-1-area-0.0.0.0]network 100.1.1.253 0.0.0.0
  70. [FW2-ospf-1-area-0.0.0.0]quit
  71. [FW2-ospf-1]quit
  73. FW1防火墙双击热备我没有放,就先省略了,配置了FW1的策略,FW2的也就自然而然的自动备份上了,这里FW2是备份防火墙,配置完就可以实现IPSec VPN,需要拷贝的可以找我,拷贝的是全的,请谅解!

分部/分校区部分

19、接入SW12

  1. <Huawei>system-view 
  2. [Huawei]sysname S12    
  3. [S12]undo info-center enable 
  4. [S12]vlan batch 10
  5. [S12]interface Ethernet0/0/1
  6. [S12-Ethernet0/0/1] port link-type access
  7. [S12-Ethernet0/0/1] port default vlan 10
  8. [S12-Ethernet0/0/1]interface Ethernet0/0/2
  9. [S12-Ethernet0/0/2] port link-type access
  10. [S12-Ethernet0/0/2] port default vlan 10
  11. [S12-Ethernet0/0/2]interface GigabitEthernet0/0/1
  12. [S12-GigabitEthernet0/0/1] port link-type trunk
  13. [S12-GigabitEthernet0/0/1] port trunk allow-pass vlan 10

20、接入SW13

  1. <Huawei>system-view 
  2. [Huawei]sysname S13    
  3. [S13]undo info-center enable 
  4. [S13]interface Ethernet0/0/1
  5. [S13-Ethernet0/0/1] port link-type access
  6. [S13-Ethernet0/0/1] port default vlan 20
  7. [S13-Ethernet0/0/1]interface Ethernet0/0/2
  8. [S13-Ethernet0/0/2] port link-type access
  9. [S13-Ethernet0/0/2] port default vlan 20
  10. [S13-Ethernet0/0/2]interface GigabitEthernet0/0/1
  11. [S13-GigabitEthernet0/0/1] port link-type trunk
  12. [S13-GigabitEthernet0/0/1] port trunk allow-pass vlan 20

21、接入SW14

  1. <Huawei>system-view 
  2. [Huawei]sysname S14    
  3. [S14]vlan batch 30
  4. [S14]undo info-center enable 
  5. [S14]interface Ethernet0/0/1
  6. [S14-Ethernet0/0/1] port link-type access
  7. [S14-Ethernet0/0/1] port default vlan 30
  8. [S14-Ethernet0/0/1]interface Ethernet0/0/2
  9. [S14-Ethernet0/0/2] port link-type access
  10. [S14-Ethernet0/0/2] port default vlan 30
  11. [S14-Ethernet0/0/2]interface GigabitEthernet0/0/1
  12. [S14-GigabitEthernet0/0/1] port link-type trunk
  13. [S14-GigabitEthernet0/0/1] port trunk allow-pass vlan 30

22、汇聚 LSW3

  1. <Huawei>system-view
  2. [Huawei]sysname SW3
  3. [SW3]undo info-center enable
  4. [SW3]vlan batch 10 20 30
  5. [SW3]interface GigabitEthernet0/0/1
  6. [SW3-GigabitEthernet0/0/1] port link-type trunk
  7. [SW3-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
  8. [SW3-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
  9. [SW3-GigabitEthernet0/0/2] port link-type trunk
  10. [SW3-GigabitEthernet0/0/2] port trunk allow-pass vlan 20
  11. [SW3-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3
  12. [SW3-GigabitEthernet0/0/3] port link-type trunk
  13. [SW3-GigabitEthernet0/0/3] port trunk allow-pass vlan 30
  14. [SW3-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4
  15. [SW3-GigabitEthernet0/0/4] port link-type trunk
  16. [SW3-GigabitEthernet0/0/4] port trunk allow-pass vlan 10 20 30

23、核心AR3

  1. [R3]dhcp enable
  2. Info: The operation may take a few seconds. Please wait for a moment.done.
  3. [R3]interface GigabitEthernet0/0/0.10
  4. [R3-GigabitEthernet0/0/0.10] dot1q termination vid 10
  5. [R3-GigabitEthernet0/0/0.10] ip address 172.16.10.254 255.255.255.0 
  6. [R3-GigabitEthernet0/0/0.10] arp broadcast enable
  7. [R3-GigabitEthernet0/0/0.10] dhcp select interface
  8. [R3-GigabitEthernet0/0/0.10] dhcp server dns-list 100.1.1.1 
  9. [R3-GigabitEthernet0/0/0.10]interface GigabitEthernet0/0/0.20
  10. [R3-GigabitEthernet0/0/0.20] dot1q termination vid 20
  11. [R3-GigabitEthernet0/0/0.20] ip address 172.16.20.254 255.255.255.0 
  12. [R3-GigabitEthernet0/0/0.20] arp broadcast enable
  13. [R3-GigabitEthernet0/0/0.20] dhcp select interface
  14. [R3-GigabitEthernet0/0/0.20] dhcp server dns-list 100.1.1.1 
  15. [R3-GigabitEthernet0/0/0.20]interface GigabitEthernet0/0/0.30
  16. [R3-GigabitEthernet0/0/0.30] dot1q termination vid 30
  17. [R3-GigabitEthernet0/0/0.30] ip address 172.16.30.254 255.255.255.0 
  18. [R3-GigabitEthernet0/0/0.30] arp broadcast enable
  19. [R3-GigabitEthernet0/0/0.30] dhcp select interface
  20. [R3-GigabitEthernet0/0/0.30] dhcp server dns-list 100.1.1.1 
  21. [R3-GigabitEthernet0/0/0.30]interface GigabitEthernet0/0/1
  22. [R3-GigabitEthernet0/0/1] ip address 40.1.1.1 255.255.255.0 
  23. [R3-GigabitEthernet0/0/1]ospf 1 
  24. [R3-ospf-1]
  25. [R3-ospf-1] area 0.0.0.0 
  26. [R3-ospf-1-area-0.0.0.0]  network 40.1.1.1 0.0.0.0 
  27. [R3-ospf-1-area-0.0.0.0]  network 172.16.10.254 0.0.0.0 
  28. [R3-ospf-1-area-0.0.0.0]  network 172.16.20.254 0.0.0.0 
  29. [R3-ospf-1-area-0.0.0.0]  network 172.16.30.254 0.0.0.0

24、防火墙FW3

  1. <USG6000V1>system-view     
  2. [USG6000V1]undo info-center enable 
  3. [USG6000V1]sysname FW3
  4. [FW3]interface GigabitEthernet1/0/0
  5. [FW3-GigabitEthernet1/0/0]ip address 40.1.1.21 255.255.255.0
  6. [FW3-GigabitEthernet1/0/0]service-manage ping permit
  7. [FW3-GigabitEthernet1/0/0]interface GigabitEthernet1/0/1
  8. [FW3-GigabitEthernet1/0/1]ip address 30.1.1.21 255.255.255.0
  9. [FW3-GigabitEthernet1/0/1]service-manage ping permit
  10. [FW3-GigabitEthernet1/0/1]quit
  11. [FW3]firewall zone trust
  12. [FW3-zone-trust] add interface GigabitEthernet1/0/0
  13. [FW3-zone-trust]firewall zone untrust
  14. [FW3-zone-untrust] add interface GigabitEthernet1/0/1
  15. [FW3-zone-untrust]quit
  16. [FW3]ospf 1
  17. [FW3-ospf-1]area 0.0.0.0
  18. [FW3-ospf-1-area-0.0.0.0]network 30.1.1.21 0.0.0.0
  19. [FW3-ospf-1-area-0.0.0.0]network 40.1.1.21 0.0.0.0
  20. [FW3-ospf-1-area-0.0.0.0]quit
  21. [FW3-ospf-1]quit
  22. [FW3]acl number 3000
  23. [FW3-acl-adv-3000]rule 5 permit ip source 172.16.0.0 0.0.255.255 destination 19
  24. 2.168.0.0 0.0.255.255 
  25. [FW3-acl-adv-3000]quit
  26. [FW3]ipsec proposal 10
  27. [FW3-ipsec-proposal-10]esp authentication-algorithm sha2-256 
  28. [FW3-ipsec-proposal-10]esp encryption-algorithm aes-256 
  29. [FW3-ipsec-proposal-10]quit
  30. [FW3]ike proposal 10
  31. [FW3-ike-proposal-10]encryption-algorithm aes-256 
  32. [FW3-ike-proposal-10]dh group14 
  33. [FW3-ike-proposal-10]authentication-algorithm sha2-256 
  34. [FW3-ike-proposal-10]authentication-method pre-share
  35. [FW3-ike-proposal-10]integrity-algorithm hmac-sha2-256 
  36. [FW3-ike-proposal-10]prf hmac-sha2-256 
  37. [FW3-ike-proposal-10]quit
  38. [FW3]ike peer fw12
  39. [FW3-ike-peer-fw12]pre-shared-key Hcie
  40. [FW3-ike-peer-fw12]ike-proposal 10
  41. [FW3-ike-peer-fw12]remote-address 10.1.1.21 
  42. [FW3-ike-peer-fw12]remote-address 20.1.1.22 
  43. [FW3-ike-peer-fw12]quit
  44. [FW3]ipsec policy map 10 isakmp
  45. [FW3-ipsec-policy-isakmp-map-10]security acl 3000
  46. [FW3-ipsec-policy-isakmp-map-10]ike-peer fw12
  47. [FW3-ipsec-policy-isakmp-map-10]proposal 10
  48. [FW3-ipsec-policy-isakmp-map-10]quit
  49. [FW3]interface GigabitEthernet1/0/1
  50. [FW3-GigabitEthernet1/0/1]ipsec policy map

ISP配置

  1. <Huawei>system-view
  2. [Huawei]sysname ISP
  3. [ISP]undo info-center enable
  4. [ISP]interface GigabitEthernet0/0/0
  5. [ISP-GigabitEthernet0/0/0] ip address 10.1.1.1 255.255.255.0 
  6. [ISP-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1
  7. [ISP-GigabitEthernet0/0/1] ip address 20.1.1.1 255.255.255.0 
  8. [ISP-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
  9. [ISP-GigabitEthernet0/0/2] ip address 30.1.1.1 255.255.255.0 
  10. [ISP-GigabitEthernet0/0/2]ospf 1 
  11. [ISP-ospf-1] area 0.0.0.0 
  12. [ISP-ospf-1-area-0.0.0.0]  network 10.1.1.1 0.0.0.0 
  13. [ISP-ospf-1-area-0.0.0.0]  network 20.1.1.1 0.0.0.0 
  14. [ISP-ospf-1-area-0.0.0.0]  network 30.1.1.1 0.0.0.0

附录

该拓扑图细节图

标签: 华为 网络 毕业设计
本文转载自: https://blog.csdn.net/m0_73990724/article/details/130751601
版权归原作者 等不到释怀 所有, 如有侵权,请联系我们删除。
登录后发布评论

“基于华为Ensp的校园/企业网的网络设计”的评论:

还没有评论
关于作者
...
overfit同步小助手
文章同步
相关阅读

网络安全法-网络运行安全

使用selenium/drissionpage时如何阻止chrome自动跳转http到https

docker desktop 里部署的Open WebUI 管理员密码忘记了的处理方法

在ubuntu20.04中搭建onsite比赛运行环境

利用开源的低代码表单设计器FcDesigner高效管理和渲染复杂表单结构

Kafka学习笔记

【前端】浏览器输入url到页面呈现发生了什么?