基于华为Ensp的校园/企业网的网络设计
等不到释怀 2024-08-11 10:07:06 阅读 68
设计图(文章结尾附上细节图)
引言
这是我的设计图,(软件还是Ensp,只不过是换了图标),该图主攻适用于设计基于IPSec VPN技术的小伙伴,其运用到的技术还有VLAN划分、三层架构、MSTP+VRRP、链路聚合、DHCP、WLAN(无线局域网)、OSPF、双击热备、IPSec VPN、单臂路由、DHCP技术等一系列,对毕设课题进行参考,场景适用于毕业设计、校园网络规划和企业网络规划。由什么问题可以在平台私信博主,看到会回,有什么不对的地方见谅,本人也是刚接触不久。上配置!
该网络配置全过程
总部/总校区部分
1、接入SW1
<code><Huawei>system-view
[Huawei]sysname S1
[S1]undo info-center enable
[S1]vlan batch 10 120
[S1]interface Ethernet0/0/1
[S1-Ethernet0/0/1] port link-type access
[S1-Ethernet0/0/1] port default vlan 10
[S1-Ethernet0/0/1]interface Ethernet0/0/2
[S1-Ethernet0/0/2] port link-type trunk
[S1-Ethernet0/0/2] port trunk pvid vlan 120
[S1-Ethernet0/0/2] port trunk allow-pass vlan 10 120
[S1-Ethernet0/0/2]interface Ethernet0/0/3
[S1-Ethernet0/0/3] port link-type access
[S1-Ethernet0/0/3] port default vlan 10
[S1-GigabitEthernet0/0/1] port link-type trunk
[S1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 120
[S1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[S1-GigabitEthernet0/0/2] port link-type trunk
[S1-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 120
2、接入SW2
<Huawei>system-view
[Huawei]sysname S2
[S2]undo info-center enable
[S2]undo info-center enable
[S2]vlan batch 20 120
[S2]interface Ethernet0/0/1
[S2-Ethernet0/0/1] port link-type access
[S2-Ethernet0/0/1] port default vlan 20
[S2-Ethernet0/0/1]interface Ethernet0/0/2
[S2-Ethernet0/0/2] port link-type trunk
[S2-Ethernet0/0/2] port trunk pvid vlan 120
[S2-Ethernet0/0/2] port trunk allow-pass vlan 20 120
[S2-Ethernet0/0/2]interface Ethernet0/0/3
[S2-Ethernet0/0/3] port link-type access
[S2-Ethernet0/0/3] port default vlan 20
[S2-Ethernet0/0/3]interface GigabitEthernet0/0/1
[S2-GigabitEthernet0/0/1] port link-type trunk
[S2-GigabitEthernet0/0/1] port trunk allow-pass vlan 20 120
[S2-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[S2-GigabitEthernet0/0/2] port link-type trunk
[S2-GigabitEthernet0/0/2] port trunk allow-pass vlan 20 120
3、接入SW3
<Huawei>system-view
[Huawei]sysname S3
[S3]undo info-center enable
Info: Information center is disabled.
[S3]vlan batch 30 120
[S3]interface Ethernet0/0/1
[S3-Ethernet0/0/1] port link-type access
[S3-Ethernet0/0/1] port default vlan 30
[S3-Ethernet0/0/1]interface Ethernet0/0/2
[S3-Ethernet0/0/2] port link-type trunk
[S3-Ethernet0/0/2] port trunk pvid vlan 120
[S3-Ethernet0/0/2] port trunk allow-pass vlan 30 120
[S3-Ethernet0/0/2]interface Ethernet0/0/3
[S3-Ethernet0/0/3] port link-type access
[S3-Ethernet0/0/3] port default vlan 30
[S3-Ethernet0/0/3]interface GigabitEthernet0/0/1
[S3-GigabitEthernet0/0/1] port link-type trunk
[S3-GigabitEthernet0/0/1] port trunk allow-pass vlan 30 120
[S3-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[S3-GigabitEthernet0/0/2] port link-type trunk
[S3-GigabitEthernet0/0/2] port trunk allow-pass vlan 30 120
4、接入SW4
<Huawei>system-view
[Huawei]sysname S4
[S4]undo info-center enable
[s4]vlan batch 40
[s4]interface Ethernet0/0/1
[s4-Ethernet0/0/1] port link-type access
[s4-Ethernet0/0/1] port default vlan 40
[s4-Ethernet0/0/1]interface Ethernet0/0/2
[s4-Ethernet0/0/3] port link-type access
[s4-Ethernet0/0/3] port default vlan 40
[s4-Ethernet0/0/3]interface GigabitEthernet0/0/1
[s4-GigabitEthernet0/0/1] port link-type trunk
[s4-GigabitEthernet0/0/1] port trunk allow-pass vlan 40
[s4-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[s4-GigabitEthernet0/0/2] port link-type trunk
[s4-GigabitEthernet0/0/2] port trunk allow-pass vlan 40
5、接入SW5
<Huawei>system-view
[Huawei]sysname S5
[S5]undo info-center enable
[S5]vlan ba 50
[S5]interface Ethernet0/0/1
[S5-Ethernet0/0/1] port link-type access
[S5-Ethernet0/0/1] port default vlan 50
[S5-Ethernet0/0/1]interface Ethernet0/0/3
[S5-Ethernet0/0/3] port link-type access
[S5-Ethernet0/0/3] port default vlan 50
[S5-Ethernet0/0/3]interface GigabitEthernet0/0/1
[S5-GigabitEthernet0/0/1] port link-type trunk
[S5-GigabitEthernet0/0/1] port trunk allow-pass vlan 50
[S5-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[S5-GigabitEthernet0/0/2] port link-type trunk
[S5-GigabitEthernet0/0/2] port trunk allow-pass vlan 50
6、接入SW6
<Huawei>system-view
[Huawei]sysname S6
[S6]undo info-center enable
[S6]vlan batch 60
[S6]interface Ethernet0/0/1
[S6-Ethernet0/0/1] port link-type access
[S6-Ethernet0/0/1] port default vlan 60
[S6-Ethernet0/0/1]interface Ethernet0/0/3
[S6-Ethernet0/0/3] port link-type access
[S6-Ethernet0/0/3] port default vlan 60
[S6-Ethernet0/0/3]interface GigabitEthernet0/0/1
[S6-GigabitEthernet0/0/1] port link-type trunk
[S6-GigabitEthernet0/0/1] port trunk allow-pass vlan 60
[S6-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[S6-GigabitEthernet0/0/2] port link-type trunk
[S6-GigabitEthernet0/0/2] port trunk allow-pass vlan 60
7、接入SW7
<Huawei>system-view
[Huawei]sysname S7
[S7]undo info-center enable
[S7]vlan batch 70 120
[S7]interface Ethernet0/0/1
[S7-Ethernet0/0/1] port link-type access
[S7-Ethernet0/0/1] port default vlan 70
[S7-Ethernet0/0/1]interface Ethernet0/0/2
[S7-Ethernet0/0/2] port link-type trunk
[S7-Ethernet0/0/2] port trunk pvid vlan 120
[S7-Ethernet0/0/2] port trunk allow-pass vlan 70 120
[S7-Ethernet0/0/2]interface Ethernet0/0/3
[S7-Ethernet0/0/3] port link-type access
[S7-Ethernet0/0/3] port default vlan 70
[S7-Ethernet0/0/3]interface GigabitEthernet0/0/1
[S7-GigabitEthernet0/0/1] port link-type trunk
[S7-GigabitEthernet0/0/1] port trunk allow-pass vlan 70 120
[S7-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[S7-GigabitEthernet0/0/2] port link-type trunk
[S7-GigabitEthernet0/0/2] port trunk allow-pass vlan 70 120
8、接入SW8
<Huawei>system-view
[Huawei]sysname S8
[S8]undo info-center enable
[S8]vlan batch 80 120
[S8]interface Ethernet0/0/1
[S8-Ethernet0/0/1] port link-type access
[S8-Ethernet0/0/1] port default vlan 80
[S8-Ethernet0/0/1]interface Ethernet0/0/2
[S8-Ethernet0/0/2] port link-type trunk
[S8-Ethernet0/0/2] port trunk pvid vlan 120
[S8-Ethernet0/0/2] port trunk allow-pass vlan 80 120
[S8-Ethernet0/0/2]interface Ethernet0/0/3
[S8-Ethernet0/0/3] port link-type access
[S8-Ethernet0/0/3] port default vlan 80
[S8-Ethernet0/0/3]interface GigabitEthernet0/0/1
[S8-GigabitEthernet0/0/1] port link-type trunk
[S8-GigabitEthernet0/0/1] port trunk allow-pass vlan 80 120
[S8-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[S8-GigabitEthernet0/0/2] port link-type trunk
[S8-GigabitEthernet0/0/2] port trunk allow-pass vlan 80 120
9、接入SW9
<Huawei>system-view
[Huawei]sysname S9
[S9]undo info-center enable
[S9]vlan batch 90
[S9]interface Ethernet0/0/1
[S9-Ethernet0/0/1] port link-type access
[S9-Ethernet0/0/1] port default vlan 90
[S9-Ethernet0/0/1]interface Ethernet0/0/3
[S9-Ethernet0/0/3] port link-type access
[S9-Ethernet0/0/3] port default vlan 90
[S9-Ethernet0/0/3]interface GigabitEthernet0/0/1
[S9-GigabitEthernet0/0/1] port link-type trunk
[S9-GigabitEthernet0/0/1] port trunk allow-pass vlan 90
[S9-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[S9-GigabitEthernet0/0/2] port link-type trunk
[S9-GigabitEthernet0/0/2] port trunk allow-pass vlan 90
10、接入SW10
<Huawei>system-view
[Huawei]sysname S10
[S10]undo info-center enable
[S10]vlan batch 100 110
[S10]interface Ethernet0/0/1
[S10-Ethernet0/0/1] port link-type access
[S10-Ethernet0/0/1] port default vlan 100
[S10-Ethernet0/0/1]interface Ethernet0/0/3
[S10-Ethernet0/0/3] port link-type access
[S10-Ethernet0/0/3] port default vlan 100
[S10-Ethernet0/0/3]interface GigabitEthernet0/0/1
[S10-GigabitEthernet0/0/1] port link-type trunk
[S10-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[S10-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[S10-GigabitEthernet0/0/2] port link-type trunk
[S10-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
11、接入SW11
<Huawei>system-view
[Huawei]sysname S11
[S11]undo info-center enable
[S11]vlan batch 110
[S11]interface Ethernet0/0/1
[S11-Ethernet0/0/1] port link-type access
[S11-Ethernet0/0/1] port default vlan 110
[S11-Ethernet0/0/1]interface Ethernet0/0/3
[S11-Ethernet0/0/3] port link-type access
[S11-Ethernet0/0/3] port default vlan 110
[S11-Ethernet0/0/3]interface GigabitEthernet0/0/1
[S11-GigabitEthernet0/0/1] port link-type trunk
[S11-GigabitEthernet0/0/1] port trunk allow-pass vlan 110
[S11-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[S11-GigabitEthernet0/0/2] port link-type trunk
[S11-GigabitEthernet0/0/2] port trunk allow-pass vlan 110
12、汇聚LSW1
<Huawei>system-view
[Huawei]sysname SW1
[SW1]undo info-center enable
[SW1]vlan batch 10 20 30 40 50 60 70 80 90 100
[SW1]vlan batch 110 120 130 150
[SW1]dhcp enable
[SW1]stp region-configuration
[SW1-mst-region] region-name mstp
[SW1-mst-region] revision-level 10
[SW1-mst-region] instance 1 vlan 10 20 30 40 50 60
[SW1-mst-region] instance 2 vlan 70 80 90 100 110 120
[SW1-mst-region] instance 3 vlan 130
[SW1-mst-region] active region-configuration
[SW1-mst-region]interface GigabitEthernet0/0/1
[SW1-GigabitEthernet0/0/1] port link-type trunk
[SW1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 120
[SW1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[SW1-GigabitEthernet0/0/2] port link-type trunk
[SW1-GigabitEthernet0/0/2] port trunk allow-pass vlan 20 120
[SW1-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3
[SW1-GigabitEthernet0/0/3] port link-type trunk
[SW1-GigabitEthernet0/0/3] port trunk allow-pass vlan 30 120
[SW1-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4
[SW1-GigabitEthernet0/0/4] port link-type trunk
[SW1-GigabitEthernet0/0/4] port trunk allow-pass vlan 40 120
[SW1-GigabitEthernet0/0/4]interface GigabitEthernet0/0/5
[SW1-GigabitEthernet0/0/5] port link-type trunk
[SW1-GigabitEthernet0/0/5] port trunk allow-pass vlan 50 120
[SW1-GigabitEthernet0/0/5]interface GigabitEthernet0/0/6
[SW1-GigabitEthernet0/0/6] port link-type trunk
[SW1-GigabitEthernet0/0/6] port trunk allow-pass vlan 60 120
[SW1-GigabitEthernet0/0/6]interface GigabitEthernet0/0/7
[SW1-GigabitEthernet0/0/7] port link-type trunk
[SW1-GigabitEthernet0/0/7] port trunk allow-pass vlan 70 120
[SW1-GigabitEthernet0/0/7]interface GigabitEthernet0/0/8
[SW1-GigabitEthernet0/0/8] port link-type trunk
[SW1-GigabitEthernet0/0/8] port trunk allow-pass vlan 80 120
[SW1-GigabitEthernet0/0/8]interface GigabitEthernet0/0/9
[SW1-GigabitEthernet0/0/9] port link-type trunk
[SW1-GigabitEthernet0/0/9] port trunk allow-pass vlan 90 120
[SW1-GigabitEthernet0/0/9]interface GigabitEthernet0/0/10
[SW1-GigabitEthernet0/0/10] port link-type trunk
[SW1-GigabitEthernet0/0/10] port trunk allow-pass vlan 100 120
[SW1-GigabitEthernet0/0/10]interface GigabitEthernet0/0/11
[SW1-GigabitEthernet0/0/11] port link-type trunk
[SW1-GigabitEthernet0/0/11] port trunk allow-pass vlan 110 120
[SW1-GigabitEthernet0/0/11]interface GigabitEthernet0/0/12
[SW1-GigabitEthernet0/0/12] port link-type access
[SW1-GigabitEthernet0/0/12] port default vlan 130
[SW1-GigabitEthernet0/0/12]interface GigabitEthernet0/0/13
[SW1-GigabitEthernet0/0/13] port link-type access
[SW1-GigabitEthernet0/0/13] port default vlan 150
[SW1-GigabitEthernet0/0/13]quit
[SW1]interface Vlanif1
[SW1-Vlanif1] ip address 192.168.1.1 255.255.255.0
[SW1-Vlanif1]interface Vlanif10
[SW1-Vlanif10] ip address 192.168.8.2 255.255.248.0
[SW1-Vlanif10] vrrp vrid 10 virtual-ip 192.168.8.1
[SW1-Vlanif10] vrrp vrid 10 priority 120
[SW1-Vlanif10] dhcp select relay
[SW1-Vlanif10] dhcp relay server-ip 192.168.150.1
[SW1-Vlanif10]interface Vlanif20
[SW1-Vlanif20] ip address 192.168.16.2 255.255.255.0
[SW1-Vlanif20] vrrp vrid 20 virtual-ip 192.168.16.1
[SW1-Vlanif20] vrrp vrid 20 priority 120
[SW1-Vlanif20] dhcp select relay
[SW1-Vlanif20] dhcp relay server-ip 192.168.150.1
[SW1-Vlanif20]interface Vlanif30
[SW1-Vlanif30] ip address 192.168.17.2 255.255.255.0
[SW1-Vlanif30] vrrp vrid 30 virtual-ip 192.168.17.1
[SW1-Vlanif30] vrrp vrid 30 priority 120
[SW1-Vlanif30] dhcp select relay
[SW1-Vlanif30] dhcp relay server-ip 192.168.150.1
[SW1-Vlanif30]interface Vlanif40
[SW1-Vlanif40] ip address 192.168.20.2 255.255.252.0
[SW1-Vlanif40] vrrp vrid 40 virtual-ip 192.168.20.1
[SW1-Vlanif40] vrrp vrid 40 priority 120
[SW1-Vlanif40] dhcp select relay
[SW1-Vlanif40] dhcp relay server-ip 192.168.150.1
[SW1-Vlanif40]interface Vlanif50
[SW1-Vlanif50] ip address 192.168.24.2 255.255.255.0
[SW1-Vlanif50] vrrp vrid 50 virtual-ip 192.168.24.1
[SW1-Vlanif50] vrrp vrid 50 priority 120
[SW1-Vlanif50] dhcp select relay
[SW1-Vlanif50] dhcp relay server-ip 192.168.150.1
[SW1-Vlanif50]interface Vlanif60
[SW1-Vlanif60] ip address 192.168.25.2 255.255.255.0
[SW1-Vlanif60] vrrp vrid 60 virtual-ip 192.168.25.1
[SW1-Vlanif60] vrrp vrid 60 priority 120
[SW1-Vlanif60] dhcp select relay
[SW1-Vlanif60] dhcp relay server-ip 192.168.150.1
[SW1-Vlanif60]interface Vlanif70
[SW1-Vlanif70] ip address 192.168.32.2 255.255.248.0
[SW1-Vlanif70] vrrp vrid 70 virtual-ip 192.168.32.1
[SW1-Vlanif70] dhcp select relay
[SW1-Vlanif70] dhcp relay server-ip 192.168.150.1
[SW1-Vlanif70]interface Vlanif80
[SW1-Vlanif80] ip address 192.168.40.2 255.255.255.0
[SW1-Vlanif80] vrrp vrid 80 virtual-ip 192.168.40.1
[SW1-Vlanif80] dhcp select relay
[SW1-Vlanif80] dhcp relay server-ip 192.168.150.1
[SW1-Vlanif80]interface Vlanif90
[SW1-Vlanif90] ip address 192.168.44.2 255.255.252.0
[SW1-Vlanif90] vrrp vrid 90 virtual-ip 192.168.44.1
[SW1-Vlanif90] dhcp select relay
[SW1-Vlanif90] dhcp relay server-ip 192.168.150.1
[SW1-Vlanif90]interface Vlanif100
[SW1-Vlanif100] ip address 192.168.48.2 255.255.252.0
[SW1-Vlanif100] vrrp vrid 100 virtual-ip 192.168.48.1
[SW1-Vlanif100] dhcp select relay
[SW1-Vlanif100] dhcp relay server-ip 192.168.150.1
[SW1-Vlanif110] vrrp vrid 110 virtual-ip 192.168.52.1
[SW1-Vlanif110] dhcp select relay
[SW1-Vlanif110] dhcp relay server-ip 192.168.150.1
[SW1-Vlanif110]interface Vlanif120
[SW1-Vlanif120] ip address 192.168.53.2 255.255.255.0
[SW1-Vlanif120] vrrp vrid 120 virtual-ip 192.168.53.1
[SW1-Vlanif120] dhcp select relay
[SW1-Vlanif120] dhcp relay server-ip 192.168.150.1
[SW1-Vlanif120]interface Vlanif130
[SW1-Vlanif130] ip address 192.168.130.2 255.255.255.0
[SW1-Vlanif130]interface Vlanif150
[SW1-Vlanif150] ip address 192.168.150.2 255.255.255.0
[SW1-Vlanif150]ospf 1
[SW1-ospf-1] import-route direct
[SW1-ospf-1] area 0.0.0.0
[SW1-ospf-1-area-0.0.0.0] network 192.168.1.1 0.0.0.0
[SW1-ospf-1-area-0.0.0.0] network 192.168.8.2 0.0.0.0
[SW1-ospf-1-area-0.0.0.0] network 192.168.16.2 0.0.0.0
[SW1-ospf-1-area-0.0.0.0] network 192.168.17.2 0.0.0.0
[SW1-ospf-1-area-0.0.0.0] network 192.168.20.2 0.0.0.0
[SW1-ospf-1-area-0.0.0.0] network 192.168.24.2 0.0.0.0
[SW1-ospf-1-area-0.0.0.0] network 192.168.25.2 0.0.0.0
[SW1-ospf-1-area-0.0.0.0] network 192.168.32.2 0.0.0.0
[SW1-ospf-1-area-0.0.0.0] network 192.168.40.2 0.0.0.0
[SW1-ospf-1-area-0.0.0.0] network 192.168.44.2 0.0.0.0
[SW1-ospf-1-area-0.0.0.0] network 192.168.48.2 0.0.0.0
[SW1-ospf-1-area-0.0.0.0] network 192.168.52.2 0.0.0.0
[SW1-ospf-1-area-0.0.0.0] network 192.168.53.2 0.0.0.0
[SW1-ospf-1-area-0.0.0.0]stp instance 1 root primary
[SW1]stp instance 2 root secondary
[SW1]stp instance 3 root primary
13、汇聚LSW2
<Huawei>system-view
[Huawei]sysname SW2
[SW2]undo info-center enable
[SW2]vlan batch 10 20 30 40 50 60 70 80 90 100
[SW2]vlan batch 110 120
[SW2]dhcp enable
[SW2]stp region-configuration
[SW2-mst-region] region-name mstp
[SW2-mst-region] revision-level 10
[SW2-mst-region] instance 1 vlan 10 20 30 40 50 60
[SW2-mst-region] instance 2 vlan 70 80 90 100 110 120
[SW2-mst-region] instance 3 vlan 130
[SW2-mst-region] active region-configuration
[SW2-mst-region]interface GigabitEthernet0/0/1
[SW2-GigabitEthernet0/0/1] port link-type trunk
[SW2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 120
[SW2-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[SW2-GigabitEthernet0/0/2] port link-type trunk
[SW2-GigabitEthernet0/0/2] port trunk allow-pass vlan 20 120
[SW2-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3
[SW2-GigabitEthernet0/0/3] port link-type trunk
[SW2-GigabitEthernet0/0/3] port trunk allow-pass vlan 30 120
[SW2-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4
[SW2-GigabitEthernet0/0/4] port link-type trunk
[SW2-GigabitEthernet0/0/4] port trunk allow-pass vlan 40 120
[SW2-GigabitEthernet0/0/4]interface GigabitEthernet0/0/5
[SW2-GigabitEthernet0/0/5] port link-type trunk
[SW2-GigabitEthernet0/0/5] port trunk allow-pass vlan 50 120
[SW2-GigabitEthernet0/0/5]interface GigabitEthernet0/0/6
[SW2-GigabitEthernet0/0/6] port link-type trunk
[SW2-GigabitEthernet0/0/6] port trunk allow-pass vlan 60 120
[SW2-GigabitEthernet0/0/6]interface GigabitEthernet0/0/7
[SW2-GigabitEthernet0/0/7] port link-type trunk
[SW2-GigabitEthernet0/0/7] port trunk allow-pass vlan 70 120
[SW2-GigabitEthernet0/0/7]interface GigabitEthernet0/0/8
[SW2-GigabitEthernet0/0/8] port link-type trunk
[SW2-GigabitEthernet0/0/8] port trunk allow-pass vlan 80 120
[SW2-GigabitEthernet0/0/8]interface GigabitEthernet0/0/9
[SW2-GigabitEthernet0/0/9] port link-type trunk
[SW2-GigabitEthernet0/0/9] port trunk allow-pass vlan 90 120
[SW2-GigabitEthernet0/0/9]interface GigabitEthernet0/0/10
[SW2-GigabitEthernet0/0/10] port link-type trunk
[SW2-GigabitEthernet0/0/10] port trunk allow-pass vlan 100 120
[SW2-GigabitEthernet0/0/10]interface GigabitEthernet0/0/11
[SW2-GigabitEthernet0/0/11] port link-type trunk
[SW2-GigabitEthernet0/0/11] port trunk allow-pass vlan 110 120
[SW2-GigabitEthernet0/0/11]interface Eth-Trunk1
[SW2-Eth-Trunk1] port link-type trunk
[SW2-Eth-Trunk1] port trunk allow-pass vlan 10 20 30 40 50 60 70 80 90 100
[SW2-Eth-Trunk1] port trunk allow-pass vlan 110 120
[SW2-Eth-Trunk1] mode lacp-static
[SW2-Eth-Trunk1]interface Vlanif1
[SW2-Vlanif1] ip address 192.168.2.1 255.255.255.0
[SW2-Vlanif1]interface Vlanif10
[SW2-Vlanif10] ip address 192.168.8.3 255.255.248.0
[SW2-Vlanif10] vrrp vrid 10 virtual-ip 192.168.8.1
[SW2-Vlanif10] dhcp select relay
[SW2-Vlanif10] dhcp relay server-ip 192.168.150.1
[SW2-Vlanif10]interface Vlanif20
[SW2-Vlanif20] ip address 192.168.16.3 255.255.255.0
[SW2-Vlanif20] vrrp vrid 20 virtual-ip 192.168.16.1
[SW2-Vlanif20] dhcp select relay
[SW2-Vlanif20] dhcp relay server-ip 192.168.150.1
[SW2-Vlanif20]interface Vlanif30
[SW2-Vlanif30] ip address 192.168.17.3 255.255.255.0
[SW2-Vlanif30] vrrp vrid 30 virtual-ip 192.168.17.1
[SW2-Vlanif30] dhcp select relay
[SW2-Vlanif30] dhcp relay server-ip 192.168.150.1
[SW2-Vlanif30]interface Vlanif40
[SW2-Vlanif40] ip address 192.168.20.3 255.255.252.0
[SW2-Vlanif40] vrrp vrid 40 virtual-ip 192.168.20.1
[SW2-Vlanif40] dhcp select relay
[SW2-Vlanif40] dhcp relay server-ip 192.168.150.1
[SW2-Vlanif40]interface Vlanif50
[SW2-Vlanif50] ip address 192.168.24.3 255.255.255.0
[SW2-Vlanif50] vrrp vrid 50 virtual-ip 192.168.24.1
[SW2-Vlanif50] dhcp select relay
[SW2-Vlanif50] dhcp relay server-ip 192.168.150.1
[SW2-Vlanif50]interface Vlanif60
[SW2-Vlanif60] ip address 192.168.25.3 255.255.255.0
[SW2-Vlanif60] vrrp vrid 60 virtual-ip 192.168.25.1
[SW2-Vlanif60] dhcp select relay
[SW2-Vlanif60] dhcp relay server-ip 192.168.150.1
[SW2-Vlanif60]interface Vlanif70
[SW2-Vlanif70] ip address 192.168.32.3 255.255.248.0
[SW2-Vlanif70] vrrp vrid 70 virtual-ip 192.168.32.1
[SW2-Vlanif70] vrrp vrid 70 priority 120
[SW2-Vlanif70] dhcp select relay
[SW2-Vlanif70] dhcp relay server-ip 192.168.150.1
[SW2-Vlanif70]interface Vlanif80
[SW2-Vlanif80] ip address 192.168.40.3 255.255.255.0
[SW2-Vlanif80] vrrp vrid 80 virtual-ip 192.168.40.1
[SW2-Vlanif80] vrrp vrid 80 priority 120
[SW2-Vlanif80] dhcp select relay
[SW2-Vlanif80] dhcp relay server-ip 192.168.150.1
[SW2-Vlanif80]interface Vlanif90
[SW2-Vlanif90] ip address 192.168.44.3 255.255.252.0
[SW2-Vlanif90] vrrp vrid 90 virtual-ip 192.168.44.1
[SW2-Vlanif90] vrrp vrid 90 priority 120
[SW2-Vlanif90] dhcp relay server-ip 192.168.150.1
[SW2-Vlanif90]interface Vlanif100
[SW2-Vlanif100] ip address 192.168.48.3 255.255.252.0
[SW2-Vlanif100] vrrp vrid 100 virtual-ip 192.168.48.1
[SW2-Vlanif100] vrrp vrid 100 priority 120
[SW2-Vlanif100] dhcp select relay
[SW2-Vlanif100] dhcp relay server-ip 192.168.150.1
[SW2-Vlanif100]interface Vlanif110
[SW2-Vlanif110] ip address 192.168.52.3 255.255.255.0
[SW2-Vlanif110] vrrp vrid 110 virtual-ip 192.168.52.1
[SW2-Vlanif110] vrrp vrid 110 priority 120
[SW2-Vlanif110] dhcp select relay
[SW2-Vlanif110]ospf 1
[SW2-ospf-1] area 0.0.0.0
[SW2-ospf-1-area-0.0.0.0] network 192.168.2.1 0.0.0.0
[SW2-ospf-1-area-0.0.0.0] network 192.168.8.3 0.0.0.0
[SW2-ospf-1-area-0.0.0.0] network 192.168.16.3 0.0.0.0
[SW2-ospf-1-area-0.0.0.0] network 192.168.17.3 0.0.0.0
[SW2-ospf-1-area-0.0.0.0] network 192.168.20.3 0.0.0.0
[SW2-ospf-1-area-0.0.0.0] network 192.168.24.3 0.0.0.0
[SW2-ospf-1-area-0.0.0.0] network 192.168.25.3 0.0.0.0
[SW2-ospf-1-area-0.0.0.0] network 192.168.32.3 0.0.0.0
[SW2-ospf-1-area-0.0.0.0] network 192.168.40.3 0.0.0.0
[SW2-ospf-1-area-0.0.0.0] network 192.168.44.3 0.0.0.0
[SW2-ospf-1-area-0.0.0.0] network 192.168.48.3 0.0.0.0
[SW2-ospf-1-area-0.0.0.0] network 192.168.52.3 0.0.0.0
[SW2-ospf-1-area-0.0.0.0] network 192.168.53.3 0.0.0.0
[SW2-ospf-1-area-0.0.0.0]stp instance 1 root secondary
[SW2]stp instance 2 root primary
[SW2]stp instance 3 root secondary
14、无线AC
<AC6005>system-view
[AC6005]undo info-center enable
[AC6005] sysname AC1
[AC1]vlan batch 130
[AC1]vlan pool vlan10
[AC1-vlan-pool-vlan10] vlan 10
[AC1-vlan-pool-vlan10]vlan pool vlan20
[AC1-vlan-pool-vlan20] vlan 20
[AC1-vlan-pool-vlan20]vlan pool vlan30
[AC1-vlan-pool-vlan30] vlan 30
[AC1-vlan-pool-vlan30]vlan pool vlan70
[AC1-vlan-pool-vlan70] vlan 70
[AC1-vlan-pool-vlan70]vlan pool vlan80
[AC1-vlan-pool-vlan80] vlan 80
[AC1-vlan-pool-vlan80]quit
[AC1]interface Vlanif130
[AC1-Vlanif130] ip address 192.168.130.1 255.255.255.0
[AC1-Vlanif130]interface GigabitEthernet0/0/1
[AC1-GigabitEthernet0/0/1] port link-type access
[AC1-GigabitEthernet0/0/1] port default vlan 130
[AC1-GigabitEthernet0/0/1]quit
[AC1]ip route-static 0.0.0.0 0.0.0.0 192.168.130.2
[AC1]capwap source interface vlanif130
[AC1]wlan
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]regulatory-domain-profile name China
[AC1-wlan-regulate-domain-China]country-code CN
[AC1-wlan-regulate-domain-China]quit
[AC1-wlan-view]ap-id 1 type-id 69 ap-mac 00e0-fc8b-7c80
[AC1-wlan-ap-1]ap-name AP1
[AC1-wlan-ap-1]ap-group ap1
[AC1-wlan-ap-1]ap-id 2 type-id 69 ap-mac 00e0-fc5d-2640
[AC1-wlan-ap-2] ap-name AP2
[AC1-wlan-ap-2] ap-group ap2
[AC1-wlan-ap-2] ap-id 3 type-id 69 ap-mac 00e0-fc2e-5ad0
[AC1-wlan-ap-3]ap-name AP3
[AC1-wlan-ap-3]ap-group ap3
[AC1-wlan-ap-3]ap-id 4 type-id 69 ap-mac 00e0-fc3f-7770
[AC1-wlan-ap-4] ap-name AP4
[AC1-wlan-ap-4]ap-group ap4
[AC1-wlan-ap-4]ap-id 5 type-id 69 ap-mac 00e0-fcdc-0c70
[AC1-wlan-ap-5]ap-name AP5
[AC1-wlan-ap-5]ap-group ap5
[AC1-wlan-view] security-profile name xiaoyuan
[AC1-wlan-sec-prof-xiaoyuan]security wpa2 psk pass-phrase 123456789 aes
[AC1-wlan-sec-prof-xiaoyuan]quit
[AC1-wlan-view] ssid-profile name xiaoyuan
[AC1-wlan-ssid-prof-xiaoyuan]
[AC1-wlan-ssid-prof-xiaoyuan] ssid Campus Network
[AC1-wlan-ssid-prof-xiaoyuan]quit
[AC1-wlan-view] vap-profile name ap1
[AC1-wlan-vap-prof-ap1]service-vlan vlan-pool vlan10
[AC1-wlan-vap-prof-ap1]ssid-profile xiaoyuan
[AC1-wlan-vap-prof-ap1]security-profile xiaoyuan
[AC1-wlan-vap-prof-ap1]vap-profile name ap2
[AC1-wlan-vap-prof-ap2]service-vlan vlan-pool vlan20
[AC1-wlan-vap-prof-ap2]ssid-profile xiaoyuan
[AC1-wlan-vap-prof-ap2]security-profile xiaoyuan
[AC1-wlan-vap-prof-ap2]vap-profile name ap3
[AC1-wlan-vap-prof-ap3]service-vlan vlan-pool vlan30
[AC1-wlan-vap-prof-ap3]ssid-profile xiaoyuan
[AC1-wlan-vap-prof-ap3]security-profile xiaoyuan
[AC1-wlan-vap-prof-ap3]vap-profile name ap4
[AC1-wlan-vap-prof-ap4]service-vlan vlan-pool vlan70
[AC1-wlan-vap-prof-ap4]ssid-profile xiaoyuan
[AC1-wlan-vap-prof-ap4]security-profile xiaoyuan
[AC1-wlan-vap-prof-ap4]vap-profile name ap5
[AC1-wlan-vap-prof-ap5]service-vlan vlan-pool vlan80
[AC1-wlan-vap-prof-ap5]ssid-profile xiaoyuan
[AC1-wlan-vap-prof-ap5]security-profile xiaoyuan
[AC1-wlan-vap-prof-ap5]quit
[AC1-wlan-view]ap-group name ap1
[AC1-wlan-ap-group-ap1]regulatory-domain-profile China
[AC1-wlan-ap-group-ap1]vap-profile ap1 wlan 1 radio 0
[AC1-wlan-ap-group-ap1]vap-profile ap1 wlan 1 radio 1
[AC1-wlan-ap-group-ap1]quit
[AC1-wlan-view]ap-group name ap2
[AC1-wlan-ap-group-ap2]regulatory-domain-profile China
[AC1-wlan-ap-group-ap2]vap-profile ap2 wlan 1 radio 0
[AC1-wlan-ap-group-ap2]vap-profile ap2 wlan 1 radio 1
[AC1-wlan-ap-group-ap2]quit
[AC1-wlan-view]ap-group name ap3
[AC1-wlan-ap-group-ap3]regulatory-domain-profile China
[AC1-wlan-ap-group-ap3]vap-profile ap3 wlan 1 radio 0
[AC1-wlan-ap-group-ap3]vap-profile ap3 wlan 1 radio 1
[AC1-wlan-ap-group-ap3]quit
[AC1-wlan-view]ap-group name ap4
[AC1-wlan-ap-group-ap4]regulatory-domain-profile China
[AC1-wlan-ap-group-ap4]vap-profile ap4 wlan 1 radio 0
[AC1-wlan-ap-group-ap4]vap-profile ap4 wlan 1 radio 1
[AC1-wlan-ap-group-ap4]quit
[AC1-wlan-view]ap-group name ap5
[AC1-wlan-ap-group-ap5]regulatory-domain-profile China
[AC1-wlan-ap-group-ap5]vap-profile ap5 wlan 1 radio 0
[AC1-wlan-ap-group-ap5]vap-profile ap5 wlan 1 radio 1
[AC1-wlan-ap-group-ap5]quit
15、DHCP
这里使用一台路由器充当DHCP服务器
<Huawei>system-view
[Huawei]sysname DHCP
[DHCP]undo info-center enable
[DHCP]dhcp enable
[DHCP]interface GigabitEthernet0/0/0
[DHCP-GigabitEthernet0/0/0] ip address 192.168.150.1 255.255.255.0
[DHCP-GigabitEthernet0/0/0] dhcp select global
[DHCP-GigabitEthernet0/0/0]ip pool vlan10
[DHCP-ip-pool-vlan10] gateway-list 192.168.8.1
[DHCP-ip-pool-vlan10] network 192.168.8.0 mask 255.255.248.0
[DHCP-ip-pool-vlan10] excluded-ip-address 192.168.8.2 192.168.8.3
[DHCP-ip-pool-vlan10] dns-list 100.1.1.1
[DHCP-ip-pool-vlan10]ip pool vlan20
[DHCP-ip-pool-vlan20] gateway-list 192.168.16.1
[DHCP-ip-pool-vlan20] network 192.168.16.0 mask 255.255.255.0
[DHCP-ip-pool-vlan20] excluded-ip-address 192.168.16.2 192.168.16.3
[DHCP-ip-pool-vlan20] dns-list 100.1.1.1
[DHCP-ip-pool-vlan20]ip pool vlan30
[DHCP-ip-pool-vlan30] gateway-list 192.168.17.1
[DHCP-ip-pool-vlan30] network 192.168.17.0 mask 255.255.255.0
[DHCP-ip-pool-vlan30] excluded-ip-address 192.168.17.2 192.168.17.3
[DHCP-ip-pool-vlan30] dns-list 100.1.1.1
[DHCP-ip-pool-vlan30]ip pool vlan40
[DHCP-ip-pool-vlan40] gateway-list 192.168.20.1
[DHCP-ip-pool-vlan40] network 192.168.20.0 mask 255.255.252.0
[DHCP-ip-pool-vlan40] excluded-ip-address 192.168.20.2 192.168.20.3
[DHCP-ip-pool-vlan40] dns-list 100.1.1.1
[DHCP-ip-pool-vlan40]ip pool vlan50
[DHCP-ip-pool-vlan50] gateway-list 192.168.24.1
[DHCP-ip-pool-vlan50] network 192.168.24.0 mask 255.255.255.0
[DHCP-ip-pool-vlan50] excluded-ip-address 192.168.24.2 192.168.24.3
[DHCP-ip-pool-vlan50] dns-list 100.1.1.1
[DHCP-ip-pool-vlan50]ip pool vlan60
[DHCP-ip-pool-vlan60] gateway-list 192.168.25.1
[DHCP-ip-pool-vlan60] network 192.168.25.0 mask 255.255.255.0
[DHCP-ip-pool-vlan60] excluded-ip-address 192.168.25.2 192.168.25.3
[DHCP-ip-pool-vlan60] dns-list 100.1.1.1
[DHCP-ip-pool-vlan60]ip pool vlan70
[DHCP-ip-pool-vlan70] gateway-list 192.168.32.1
[DHCP-ip-pool-vlan70] network 192.168.32.0 mask 255.255.248.0
[DHCP-ip-pool-vlan70] excluded-ip-address 192.168.32.2 192.168.32.3
[DHCP-ip-pool-vlan70] dns-list 100.1.1.1
[DHCP-ip-pool-vlan70]ip pool vlan80
[DHCP-ip-pool-vlan80] gateway-list 192.168.40.1
[DHCP-ip-pool-vlan80] network 192.168.40.0 mask 255.255.255.0
[DHCP-ip-pool-vlan80] excluded-ip-address 192.168.40.2 192.168.40.3
[DHCP-ip-pool-vlan80] dns-list 100.1.1.1
[DHCP-ip-pool-vlan80]ip pool vlan90
[DHCP-ip-pool-vlan90] gateway-list 192.168.44.1
[DHCP-ip-pool-vlan90] network 192.168.44.0 mask 255.255.252.0
[DHCP-ip-pool-vlan90] excluded-ip-address 192.168.44.2 192.168.44.3
[DHCP-ip-pool-vlan90] dns-list 100.1.1.1
[DHCP-ip-pool-vlan90]ip pool vlan100
[DHCP-ip-pool-vlan100] gateway-list 192.168.48.1
[DHCP-ip-pool-vlan100] network 192.168.48.0 mask 255.255.252.0
[DHCP-ip-pool-vlan100] excluded-ip-address 192.168.48.2 192.168.48.3
[DHCP-ip-pool-vlan100] dns-list 100.1.1.1
[DHCP-ip-pool-vlan100]ip pool vlan110
[DHCP-ip-pool-vlan110] gateway-list 192.168.52.1
[DHCP-ip-pool-vlan110] network 192.168.52.0 mask 255.255.255.0
[DHCP-ip-pool-vlan110] excluded-ip-address 192.168.52.2 192.168.52.3
[DHCP-ip-pool-vlan110] dns-list 100.1.1.1
[DHCP-ip-pool-vlan110]ip pool vlan120
[DHCP-ip-pool-vlan120] gateway-list 192.168.53.1
[DHCP-ip-pool-vlan120] network 192.168.53.0 mask 255.255.255.0
[DHCP-ip-pool-vlan120] excluded-ip-address 192.168.53.2 192.168.53.3
[DHCP-ip-pool-vlan120] option 43 sub-option 3 ascii 192.168.130.1
[DHCP-ip-pool-vlan120]ip route-static 0.0.0.0 0.0.0.0 192.168.150.2
16、核心AR1
<Huawei>system-view
[Huawei]sysname R1
[R1]undo info-center enable
[R1]interface GigabitEthernet0/0/0
[R1-GigabitEthernet0/0/0] ip address 192.168.1.2 255.255.255.0
[R1-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1] ip address 10.1.111.1 255.255.255.0
[R1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[R1-GigabitEthernet0/0/2] ip address 10.1.121.2 255.255.255.0
[R1-GigabitEthernet0/0/2]ospf 1
[R1-ospf-1] area 0.0.0.0
[R1-ospf-1-area-0.0.0.0] network 10.1.111.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0] network 10.1.121.2 0.0.0.0
[R1-ospf-1-area-0.0.0.0] network 192.168.1.2 0.0.0.0
17、核心AR2
<Huawei>system-view
[Huawei]sysname S2
[S2]undo info-center enable
[S2]interface GigabitEthernet0/0/0
[S2-GigabitEthernet0/0/0] ip address 192.168.2.2 255.255.255.0
[S2-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1
[S2-GigabitEthernet0/0/1] ip address 10.1.111.2 255.255.255.0
[S2-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[S2-GigabitEthernet0/0/2] ip address 10.1.131.2 255.255.255.0
[S2-GigabitEthernet0/0/2]ospf 1
[S2-ospf-1]
[S2-ospf-1] area 0.0.0.0
[S2-ospf-1-area-0.0.0.0] network 10.1.111.2 0.0.0.0
[S2-ospf-1-area-0.0.0.0] network 10.1.131.2 0.0.0.0
[S2-ospf-1-area-0.0.0.0] network 192.168.2.2 0.0.0.0
18、防火墙FW1&FW2
FW1:
<USG6000V1>system-view
[USG6000V1]undo info-center enable
[USG6000V1]sysname FW1
[FW1]interface GigabitEthernet1/0/0
[FW1-GigabitEthernet1/0/0] ip address 10.1.1.21 255.255.255.0
[FW1-GigabitEthernet1/0/0] service-manage ping permit
[FW1-GigabitEthernet1/0/0]interface GigabitEthernet1/0/1
[FW1-GigabitEthernet1/0/1] undo shutdown
Info: Interface GigabitEthernet1/0/1 is not shutdown.
[FW1-GigabitEthernet1/0/1] ip address 10.1.121.1 255.255.255.0
[FW1-GigabitEthernet1/0/1] service-manage ping permit
[FW1-GigabitEthernet1/0/1]interface GigabitEthernet1/0/2
[FW1-GigabitEthernet1/0/2] ip address 8.8.8.21 255.255.255.0
[FW1-GigabitEthernet1/0/2] service-manage ping permit
[FW1-GigabitEthernet1/0/2]interface GigabitEthernet1/0/3
[FW1-GigabitEthernet1/0/3] ip address 100.1.1.252 255.255.255.0
[FW1-GigabitEthernet1/0/3] vrrp vrid 10 virtual-ip 100.1.1.254 active
[FW1-GigabitEthernet1/0/3] service-manage ping permit
[FW1-GigabitEthernet1/0/3]quit
[FW1]firewall zone trust
[FW1-zone-trust] add interface GigabitEthernet1/0/1
[FW1-zone-trust]firewall zone untrust
[FW1-zone-untrust] add interface GigabitEthernet1/0/0
[FW1-zone-untrust]firewall zone dmz
[FW1-zone-dmz] add interface GigabitEthernet1/0/2
[FW1-zone-dmz] add interface GigabitEthernet1/0/3
[FW1-zone-dmz]quit
[FW1]ospf 1
[FW1-ospf-1] area 0.0.0.0
[FW1-ospf-1-area-0.0.0.0]network 8.8.8.21 0.0.0.0
[FW1-ospf-1-area-0.0.0.0]network 10.1.1.21 0.0.0.0
[FW1-ospf-1-area-0.0.0.0]network 10.1.121.1 0.0.0.0
[FW1-ospf-1-area-0.0.0.0]network 100.1.1.252 0.0.0.0
[FW1-ospf-1-area-0.0.0.0]quit
[FW1-ospf-1]quit
FW2:
<USG6000V1>system-view
[USG6000V1]undo info-center enable
[USG6000V1]sysname FW2
[FW2]interface GigabitEthernet1/0/0
[FW2-GigabitEthernet1/0/0]ip address 20.1.1.22 255.255.255.0
[FW2-GigabitEthernet1/0/0]service-manage ping permit
[FW2-GigabitEthernet1/0/0]interface GigabitEthernet1/0/1
[FW2-GigabitEthernet1/0/1]ip address 10.1.131.1 255.255.255.0
[FW2-GigabitEthernet1/0/1]service-manage ping permit
[FW2-GigabitEthernet1/0/1]interface GigabitEthernet1/0/2
[FW2-GigabitEthernet1/0/2]ip address 8.8.8.22 255.255.255.0
[FW2-GigabitEthernet1/0/2]service-manage ping permit
[FW2-GigabitEthernet1/0/2]interface GigabitEthernet1/0/3
[FW2-GigabitEthernet1/0/3] ip address 100.1.1.253 255.255.255.0
[FW2-GigabitEthernet1/0/3]vrrp vrid 10 virtual-ip 100.1.1.254 standby
[FW2-GigabitEthernet1/0/3]service-manage ping permit
[FW2-GigabitEthernet1/0/3]quit
[FW2]firewall zone trust
[FW2-zone-trust] add interface GigabitEthernet1/0/1
[FW2-zone-trust]firewall zone untrust
[FW2-zone-untrust] add interface GigabitEthernet1/0/0
[FW2-zone-untrust]firewall zone dmz
[FW2-zone-dmz] add interface GigabitEthernet1/0/2
[FW2-zone-dmz] add interface GigabitEthernet1/0/3
[FW2-zone-dmz]quit
[FW2]ospf 1
[FW2-ospf-1]area 0.0.0.0
[FW2-ospf-1-area-0.0.0.0]network 8.8.8.22 0.0.0.0
[FW2-ospf-1-area-0.0.0.0]network 10.1.131.1 0.0.0.0
[FW2-ospf-1-area-0.0.0.0]network 20.1.1.22 0.0.0.0
[FW2-ospf-1-area-0.0.0.0]network 100.1.1.253 0.0.0.0
[FW2-ospf-1-area-0.0.0.0]quit
[FW2-ospf-1]quit
FW1防火墙双击热备我没有放,就先省略了,配置了FW1的策略,FW2的也就自然而然的自动备份上了,这里FW2是备份防火墙,配置完就可以实现IPSec VPN,需要拷贝的可以找我,拷贝的是全的,请谅解!
分部/分校区部分
19、接入SW12
<Huawei>system-view
[Huawei]sysname S12
[S12]undo info-center enable
[S12]vlan batch 10
[S12]interface Ethernet0/0/1
[S12-Ethernet0/0/1] port link-type access
[S12-Ethernet0/0/1] port default vlan 10
[S12-Ethernet0/0/1]interface Ethernet0/0/2
[S12-Ethernet0/0/2] port link-type access
[S12-Ethernet0/0/2] port default vlan 10
[S12-Ethernet0/0/2]interface GigabitEthernet0/0/1
[S12-GigabitEthernet0/0/1] port link-type trunk
[S12-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
20、接入SW13
<Huawei>system-view
[Huawei]sysname S13
[S13]undo info-center enable
[S13]interface Ethernet0/0/1
[S13-Ethernet0/0/1] port link-type access
[S13-Ethernet0/0/1] port default vlan 20
[S13-Ethernet0/0/1]interface Ethernet0/0/2
[S13-Ethernet0/0/2] port link-type access
[S13-Ethernet0/0/2] port default vlan 20
[S13-Ethernet0/0/2]interface GigabitEthernet0/0/1
[S13-GigabitEthernet0/0/1] port link-type trunk
[S13-GigabitEthernet0/0/1] port trunk allow-pass vlan 20
21、接入SW14
<Huawei>system-view
[Huawei]sysname S14
[S14]vlan batch 30
[S14]undo info-center enable
[S14]interface Ethernet0/0/1
[S14-Ethernet0/0/1] port link-type access
[S14-Ethernet0/0/1] port default vlan 30
[S14-Ethernet0/0/1]interface Ethernet0/0/2
[S14-Ethernet0/0/2] port link-type access
[S14-Ethernet0/0/2] port default vlan 30
[S14-Ethernet0/0/2]interface GigabitEthernet0/0/1
[S14-GigabitEthernet0/0/1] port link-type trunk
[S14-GigabitEthernet0/0/1] port trunk allow-pass vlan 30
22、汇聚 LSW3
<Huawei>system-view
[Huawei]sysname SW3
[SW3]undo info-center enable
[SW3]vlan batch 10 20 30
[SW3]interface GigabitEthernet0/0/1
[SW3-GigabitEthernet0/0/1] port link-type trunk
[SW3-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[SW3-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[SW3-GigabitEthernet0/0/2] port link-type trunk
[SW3-GigabitEthernet0/0/2] port trunk allow-pass vlan 20
[SW3-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3
[SW3-GigabitEthernet0/0/3] port link-type trunk
[SW3-GigabitEthernet0/0/3] port trunk allow-pass vlan 30
[SW3-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4
[SW3-GigabitEthernet0/0/4] port link-type trunk
[SW3-GigabitEthernet0/0/4] port trunk allow-pass vlan 10 20 30
23、核心AR3
[R3]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[R3]interface GigabitEthernet0/0/0.10
[R3-GigabitEthernet0/0/0.10] dot1q termination vid 10
[R3-GigabitEthernet0/0/0.10] ip address 172.16.10.254 255.255.255.0
[R3-GigabitEthernet0/0/0.10] arp broadcast enable
[R3-GigabitEthernet0/0/0.10] dhcp select interface
[R3-GigabitEthernet0/0/0.10] dhcp server dns-list 100.1.1.1
[R3-GigabitEthernet0/0/0.10]interface GigabitEthernet0/0/0.20
[R3-GigabitEthernet0/0/0.20] dot1q termination vid 20
[R3-GigabitEthernet0/0/0.20] ip address 172.16.20.254 255.255.255.0
[R3-GigabitEthernet0/0/0.20] arp broadcast enable
[R3-GigabitEthernet0/0/0.20] dhcp select interface
[R3-GigabitEthernet0/0/0.20] dhcp server dns-list 100.1.1.1
[R3-GigabitEthernet0/0/0.20]interface GigabitEthernet0/0/0.30
[R3-GigabitEthernet0/0/0.30] dot1q termination vid 30
[R3-GigabitEthernet0/0/0.30] ip address 172.16.30.254 255.255.255.0
[R3-GigabitEthernet0/0/0.30] arp broadcast enable
[R3-GigabitEthernet0/0/0.30] dhcp select interface
[R3-GigabitEthernet0/0/0.30] dhcp server dns-list 100.1.1.1
[R3-GigabitEthernet0/0/0.30]interface GigabitEthernet0/0/1
[R3-GigabitEthernet0/0/1] ip address 40.1.1.1 255.255.255.0
[R3-GigabitEthernet0/0/1]ospf 1
[R3-ospf-1]
[R3-ospf-1] area 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 40.1.1.1 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 172.16.10.254 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 172.16.20.254 0.0.0.0
[R3-ospf-1-area-0.0.0.0] network 172.16.30.254 0.0.0.0
24、防火墙FW3
<USG6000V1>system-view
[USG6000V1]undo info-center enable
[USG6000V1]sysname FW3
[FW3]interface GigabitEthernet1/0/0
[FW3-GigabitEthernet1/0/0]ip address 40.1.1.21 255.255.255.0
[FW3-GigabitEthernet1/0/0]service-manage ping permit
[FW3-GigabitEthernet1/0/0]interface GigabitEthernet1/0/1
[FW3-GigabitEthernet1/0/1]ip address 30.1.1.21 255.255.255.0
[FW3-GigabitEthernet1/0/1]service-manage ping permit
[FW3-GigabitEthernet1/0/1]quit
[FW3]firewall zone trust
[FW3-zone-trust] add interface GigabitEthernet1/0/0
[FW3-zone-trust]firewall zone untrust
[FW3-zone-untrust] add interface GigabitEthernet1/0/1
[FW3-zone-untrust]quit
[FW3]ospf 1
[FW3-ospf-1]area 0.0.0.0
[FW3-ospf-1-area-0.0.0.0]network 30.1.1.21 0.0.0.0
[FW3-ospf-1-area-0.0.0.0]network 40.1.1.21 0.0.0.0
[FW3-ospf-1-area-0.0.0.0]quit
[FW3-ospf-1]quit
[FW3]acl number 3000
[FW3-acl-adv-3000]rule 5 permit ip source 172.16.0.0 0.0.255.255 destination 19
2.168.0.0 0.0.255.255
[FW3-acl-adv-3000]quit
[FW3]ipsec proposal 10
[FW3-ipsec-proposal-10]esp authentication-algorithm sha2-256
[FW3-ipsec-proposal-10]esp encryption-algorithm aes-256
[FW3-ipsec-proposal-10]quit
[FW3]ike proposal 10
[FW3-ike-proposal-10]encryption-algorithm aes-256
[FW3-ike-proposal-10]dh group14
[FW3-ike-proposal-10]authentication-algorithm sha2-256
[FW3-ike-proposal-10]authentication-method pre-share
[FW3-ike-proposal-10]integrity-algorithm hmac-sha2-256
[FW3-ike-proposal-10]prf hmac-sha2-256
[FW3-ike-proposal-10]quit
[FW3]ike peer fw12
[FW3-ike-peer-fw12]pre-shared-key Hcie
[FW3-ike-peer-fw12]ike-proposal 10
[FW3-ike-peer-fw12]remote-address 10.1.1.21
[FW3-ike-peer-fw12]remote-address 20.1.1.22
[FW3-ike-peer-fw12]quit
[FW3]ipsec policy map 10 isakmp
[FW3-ipsec-policy-isakmp-map-10]security acl 3000
[FW3-ipsec-policy-isakmp-map-10]ike-peer fw12
[FW3-ipsec-policy-isakmp-map-10]proposal 10
[FW3-ipsec-policy-isakmp-map-10]quit
[FW3]interface GigabitEthernet1/0/1
[FW3-GigabitEthernet1/0/1]ipsec policy map
ISP配置
<Huawei>system-view
[Huawei]sysname ISP
[ISP]undo info-center enable
[ISP]interface GigabitEthernet0/0/0
[ISP-GigabitEthernet0/0/0] ip address 10.1.1.1 255.255.255.0
[ISP-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1
[ISP-GigabitEthernet0/0/1] ip address 20.1.1.1 255.255.255.0
[ISP-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[ISP-GigabitEthernet0/0/2] ip address 30.1.1.1 255.255.255.0
[ISP-GigabitEthernet0/0/2]ospf 1
[ISP-ospf-1] area 0.0.0.0
[ISP-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.0
[ISP-ospf-1-area-0.0.0.0] network 20.1.1.1 0.0.0.0
[ISP-ospf-1-area-0.0.0.0] network 30.1.1.1 0.0.0.0
附录
该拓扑图细节图
声明
本文内容仅代表作者观点,或转载于其他网站,本站不以此文作为商业用途
如有涉及侵权,请联系本站进行删除
转载本站原创文章,请注明来源及作者。