H3C公司网络拓扑图交换机路由器配置

网络拓扑图

配置如下:

一、VLAN建立及链路聚合

SW1配置

#

interface Bridge-Aggregation1

port link-type trunk

port trunk permit vlan all

link-aggregation mode dynamic

#

interface FortyGigE1/0/53

port link-aggregation group 1

#

interface FortyGigE1/0/54

port link-aggregation group 1

#

Dis link-aggregation verbose

Aggregate Interface: Bridge-Aggregation1

Creation Mode: Manual

Aggregation Mode: Dynamic

Loadsharing Type: Shar

Management VLANs: None

System ID: 0x8000, 6e6e-285f-0800

Local:

Port Status Priority Index Oper-Key Flag

FGE1/0/53 S 32768 1 1 {ACDEF}

FGE1/0/54 S 32768 2 1 {ACDEF}

Remote:

Actor Priority Index Oper-Key SystemID Flag

FGE1/0/53(R) 32768 54 1 0x8000, 6e67-29b1-0400 {ACDEF}

FGE1/0/54 32768 55 1 0x8000, 6e67-29b1-0400 {ACDEF}

Undo stp global enable

SW2配置

VLAN200

VLAN100

interface Bridge-Aggregation1

port link-type trunk

port trunk permit vlan all

link-aggregation mode dynamic

#

interface NULL0

#

interface FortyGigE1/0/53

port link-aggregation group 1

#

interface FortyGigE1/0/54

port link-aggregation group 1

interface GigabitEthernet1/0/4

e

port access vlan 200

stp edged-port

#

interface GigabitEthernet1/0/5

port access vlan 200

stp edged-port

W3配置

interface Ten-GigabitEthernet1/0/51

port link-type trunk

port trunk permit vlan 1

#

interface Ten-GigabitEthernet1/0/49

port link-type trunk

port trunk permit vlan 1 10 20 100

#

interface Ten-GigabitEthernet1/0/50

port link-type trunk

port trunk permit vlan 1 30 100

#

SW4配置

#

interface Ten-GigabitEthernet1/0/49

port link-type trunk

port trunk permit vlan 1 10 20 100

#

interface GigabitEthernet1/0/10

port link-mode bridge(默认)

port access vlan 10

#

interface GigabitEthernet1/0/11

port link-mode bridge(默认)

port access vlan 11

SW5配置

VLAN100

VLAN30

#

interface Ten-GigabitEthernet1/0/50

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 30 100

combo enable fiber

#

interface GigabitEthernet1/0/2

port link-type access

port access vlan 30

#

SW6:

VLAN100

VLAN40

#

interface Ten-GigabitEthernet1/0/49

port link-type trunk

port trunk permit vlan 1 40 100

#

interface Ten-GigabitEthernet1/0/52

port link-type trunk

port trunk permit vlan 1 40 100

#

SW7:

VLAN100

VLAN40

#

interface Ten-GigabitEthernet1/0/49

port link-type trunk

port trunk permit vlan 1 40 100

#

interface GigabitEthernet1/0/3

port access vlan 40

stp edged-port

#

SW8:

Vlan 50

Vlan 100

#

interface Ten-GigabitEthernet1/0/49

port link-type trunk

port trunk permit vlan 1 50 100

#

interface Ten-GigabitEthernet1/0/51

port link-type trunk

port trunk permit vlan 1 50 100

SW9:

Vlan 100

Vlan 50

#

interface Ten-GigabitEthernet1/0/49

port link-type trunk

port trunk permit vlan 1 50 100

#

interface GigabitEthernet1/0/4

port access vlan 50

stp edged-port

二、Svi 网关配置:

SW1核心交换机配置(dis cur)

interface Vlan-interface10

ip address 192.168.10.1 255.255.255.0

#

interface Vlan-interface20

ip address 192.168.20.1 255.255.255.0

#

interface Vlan-interface30

ip address 192.168.30.1 255.255.255.0

#

interface Vlan-interface40

ip address 192.168.40.1 255.255.255.0

#

interface Vlan-interface50

ip address 192.168.50.1 255.255.255.0

#

interface Vlan-interface200

ip address 192.168.200.1 255.255.255.0

dis int ip brief

Vlan10 up up 192.168.10.1 — —

Vlan20 up up 192.168.20.1 — —

Vlan30 up up 192.168.30.1 — —

Vlan40 up up 192.168.40.1 — —

Vlan50 up up 192.168.50.1 — —

Vlan200 up up 192.168.200.1 — —

三、DHCP 配置

SW1 (dis cur)

Dhcp enanle

#

dhcp enable

dhcp server forbidden-ip 192.168.10.1

dhcp server forbidden-ip 192.168.20.1

dhcp server forbidden-ip 192.168.30.1

dhcp server forbidden-ip 192.168.40.1

dhcp server forbidden-ip 192.168.50.1

#

#

dhcp server ip-pool vlan10

gateway-list 192.168.10.1

network 192.168.10.0 mask 255.255.255.0

dns-list 192.168.10.1

#

dhcp server ip-pool vlan20

gateway-list 192.168.20.1

network 192.168.20.0 mask 255.255.255.128

dns-list 192.168.20.1

#

dhcp server ip-pool vlan30

gateway-list 192.168.30.1

network 192.168.30.0 mask 255.255.255.0

dns-list 192.168.30.1

#

dhcp server ip-pool vlan40

gateway-list 192.168.40.1

network 192.168.40.0 mask 255.255.255.0

dns-list 192.168.40.1

#

dhcp server ip-pool vlan50

gateway-list 192.168.50.1

network 192.168.50.0 mask 255.255.255.0

dns-list 192.168.50.1

#

Dis dhcp server ip-in-use

IP address Client-identifier/ Lease expiration Type

Hardware address

192.168.10.2 0036-6536-362e-3232- Oct 21 11:35:24 2022 Auto(C)

6261-2e30-3330-362d-

4745-302f-302f-31

192.168.20.2 0036-6537-372e-3862- Oct 21 11:36:31 2022 Auto(C)

6362-2e30-6230-362d-

4745-302f-302f-31

192.168.30.2 0036-6537-372e-3935- Oct 21 11:35:43 2022 Auto(C)

3763-2e30-6330-362d-

4745-302f-302f-31

四、STP 配置

SW1

Stp priority 0

stp global enable 默认

SW4(与用户相连的端口配置边缘接口)

interface GigabitEthernet1/0/10

stp edged-port

interface GigabitEthernet1/0/11

stp edged-port

SW5

interface GigabitEthernet1/0/2

stp edged-port

五、OSPF 配置

SW1:

#

interface GigabitEthernet1/0/2

port link-mode route

ip address 192.168.100.1 255.255.255.0

#

Ospf 1

Area 0

Network 192.168.100.0 0.0.0.255

Network 192.168.200.0 0.0.0.255

Network 192.168.10.0 0.0.0.255

Network 192.168.20.0 0.0.0.255

Network 192.168.30.0 0.0.0.255

Network 192.168.40.0 0.0.0.255

Network 192.168.50.0 0.0.0.255

R1:

interface Serial1/0

ip address 14.1.1.1 255.255.255.0

interface GigabitEthernet0/0

port link-mode route

ip address 12.1.1.1 255.255.255.0

#

interface GigabitEthernet0/1

ip address 13.1.1.1 255.255.255.0

#interface GigabitEthernet0/2

ip address 192.168.100.2 255.255.255.0

#

Ospf 1

Area 0

Network 192.168.100.0 0.0.0.255

Network 14.1.1.0 0.0.0.255

R2:

interface GigabitEthernet0/1

ip address 192.168.80.1 255.255.255.0

#

interface Serial1/0

ip address 14.1.1.2 255.255.255.0

#

Ospf 1

Area 0

Network 192.168.80.0 0.0.0.255

Network 14.1.1.0 0.0.0.255

DHCP:

dhcp server ip-pool vlan80

gateway-list 192.168.80.1

network 192.168.80.0 mask 255.255.255.0

dns-list 192.168.80.1

六、Telnet 远程配置及console配置

SW1:

telnet server enable

Line vity 0 4

Authentication-mode scheme

local-user aa

Password simple abc1234567

authorization-attribute user-role network-admin

Service-type telnet

Console 配置

Line console 0

Authentication-mode password

Set authentication password simple abc1234567

SW2-10:

telnet server enable

Line vity 0 4

Authentication-mode scheme

local-user aa

Password simple 12345

authorization-attribute user-role network-admin

Service-type telnet

Console 配置

Line console 0

Authentication-mode password

Set authentication password simple 12345

七、ACL 控制列表

控制不同VLAN间不能访问,但都能访问服务器。

Acl num 3000

rule 0 deny ip source 192.168.30.0 0.0.0.255 (7 times matched) 地址不能ping通,也不能访问

rule 5 deny tcp source 192.168.20.0 0.0.0.255 地址能Ping通,但不能访问

packet-filter 3000 outbound 下发控制列表。

查看命令:

dis acl num

只允许200段的IP 远程telnet SW1和其他交换机,其他的ip段不能telnet SW1和其他交换机

rule 0 permit tcp source 192.168.200.20 0 destination-port eq telnet

rule 5 deny tcp destination-port eq telnet

interface Vlan-interface10

packet-filter 3001 inbound

nterface Vlan-interface10

packet-filter 3001 inbound

八、Net 功能 内网通过地址转换访问外网

1. 在核心交换机上做静态路由,指向路由器R1

# ip route-static 0.0.0.0 0 192.168.100.2

2. 在R1 上做静态路由,指向路由器R3和R4

# ip route-static 0.0.0.0 0 12.1.1.2

# ip route-static 0.0.0.0 0 13.1.1.3

3. 路由器R2出口方向建立ip地址

# ip add 12.1.1.1 24

# ip add 13.1.1.1 24

4. R3和R4端口做ospf

R3

#

Int loopback 0

Ip add 7.7.7.7 24

Published by

风君子

独自遨游何稽首 揭天掀地慰生平

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注