之前在学习HCIP技术的时候,有个实验拓扑非常经典,现在分享给大家。
这个网络拓扑使用到非常多的网络技术,是一个综合实验。
1、实验总体拓扑
2、实验具体要求:
要求:
1、 配置vlan trunk 两台核心之间配置链路捆绑。
2、 配置MSTP+VRRP 实现流量负载分担同时实现冗余,并配置相关stp优化技术加快stp收敛,并减少stp震荡。
3、 配置OSPF和静态实现三层路由,确保分支可以访问总部。
4、 所有用户采用动态获取ip地址,并配置相关dhcp安全技术。
5、 联通作为主出口 电信PPPOE作为备份出口。
6、 禁止vlan5 用户访问外网。
7、 将server 200.2 80端口映射成联通公网地址。
8、 所有交换机都可以被远程telnet (hcie 123)。
9、 出口链路正常时,vlan3 使用电信PPPOE上网。
3、实验使用的软件工具
1、华为ENSP
2、VirtualBox
4、完成网络拓扑实验思路
1、使用ensp,选择合适的接口,先搭建好网络拓扑(一般来说,接入层交换机型号较低,两个G电口或者光口都是作为上联口)
2、出口应该是防火墙兼并路由器功能,此次使用路由功能。
3、先把网络配置通畅,在考虑安全问题,配置安全技术措施。
4、最后做好远程管理vlan配置。
5、具体的配置步骤如下:
5.1、vlan trunk eth-trunk 配置
5.2、mstp配置、(这里的MSTP+VRRP可以替换为堆叠)
5.3、vrrp配置、(堆叠会让网络变得更加简单)
5.4、bfd配置
5.5、ospf、nat配置
5.6、dhcp中继配置
5.7、PPPoe配置
5.8、出口路由配置
5.9、nat server配置
5.10、acl配置
5.11、策略路由配置
5.12、telnet配置
6、分析网络组成
先看中心机房
可以看到SW1和SW2是双核心,R1为企业出口
SW8作为服务器集群的交换机,其中DHCP服务器在内。
我们来看看企业出口外部,可以看到有双链路冗余,(电信、联通)还有一个机构分支,使用专线链接。
企业的内部
汇聚层通过双链路连接到SW1和SW2,这里有两层楼,实际情况有很多台汇聚交换机。
其中右下角的R7充当一台PC电脑,远程telnet管理企业内部交换机。
接下来是MSTP和VRRP的设计了。
这里分了2个mstp实例,因为只有两个核心交换机的线路可以走。
VRRP根据网段,配置了2、3、4、5、200、999管理vlan网关主备。
链路根据配置MSTP实例进行端口阻塞,左边阻塞vlan 2 vlan 3,右边阻塞vlan 4 vlan 5。
好了,整体的网络拓扑介绍完毕。
如果在这里教大家如何配置网络,就不合宜了哈。
7、设备的配置信息
下面是各个设备配置
R1
#
sysname R1
#
board add 0/1 1GEC
board add 0/2 1GEC
board add 0/3 1GEC
board add 0/4 1GEC
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
bfd
#
acl number 2000
rule 5 permit source 192.168.0.0 0.0.255.255
acl number 2001
rule 5 permit source 192.168.0.0 0.0.255.255
#
acl number 3005
rule 5 permit ip source 192.168.5.0 0.0.0.255 destination 192.168.0.0 0.0.255.2
55
rule 10 deny ip source 192.168.5.0 0.0.0.255
acl number 3008
rule 5 deny ip source 192.168.3.0 0.0.0.255 destination 192.168.0.0 0.0.255.255
rule 10 permit ip source 192.168.3.0 0.0.0.255
#
traffic classifier VLAN_3 operator or
if-match acl 3008
#
traffic behavior VLAN_3
redirect ip-nexthop 13.1.1.2
#
traffic policy aa
classifier VLAN_3 behavior VLAN_3
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user hcie password cipher %$%$RuJb@`:"_$1k,_$\~'~#BKs]%$%$
local-user hcie privilege level 3
local-user hcie service-type telnet
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Dialer1
link-protocol ppp
ppp pap local-user 0531 password simple 123456
mtu 1492
ip address ppp-negotiate
dialer user 0531
dialer bundle 2
nat outbound 2001
#
interface GigabitEthernet0/0/0
ip address 192.168.12.1 255.255.255.0
traffic-filter inbound acl 3005
#
interface GigabitEthernet0/0/1
ip address 192.168.23.1 255.255.255.0
traffic-filter inbound acl 3005
#
interface GigabitEthernet0/0/2
pppoe-client dial-bundle-number 2
#
interface GigabitEthernet1/0/0
ip address 13.1.1.1 255.255.255.0
nat server protocol tcp global current-interface www inside 192.168.200.2 www
nat outbound 2000
#
interface GigabitEthernet2/0/0
ip address 14.1.1.1 255.255.255.0
#
interface GigabitEthernet3/0/0
#
interface GigabitEthernet4/0/0
#
interface NULL0
#
bfd bb bind peer-ip 192.168.12.2 source-ip 192.168.12.1 auto
commit
#
bfd cc bind peer-ip 192.168.23.2 source-ip 192.168.23.1 auto
commit
#
ospf 1
area 0.0.0.0
network 14.1.1.0 0.0.0.255
network 192.168.12.0 0.0.0.255
network 192.168.23.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 Dialer1 preference 85 description TO_DianXinBoHa
o
ip route-static 0.0.0.0 0.0.0.0 13.1.1.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
authentication-mode aaa
user-interface vty 16 20
#
wlan ac
#
return
SW1
#
sysname HX_sw1
#
undo info-center enable
#
vlan batch 2 to 5 200 800 999
#
stp instance 1 root primary
stp instance 2 root secondary
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
stp region-configuration
region-name aa
revision-level 1
instance 1 vlan 2 to 3 200
instance 2 vlan 4 to 5
active region-configuration
#
bfd
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!!
local-user hcie privilege level 3
local-user hcie service-type telnet
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif2
ip address 192.168.2.254 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.2.1
vrrp vrid 2 priority 105
vrrp vrid 2 track interface GigabitEthernet0/0/1
vrrp vrid 2 track bfd-session session-name bb
dhcp select relay
dhcp relay server-ip 192.168.200.3
#
interface Vlanif3
ip address 192.168.3.254 255.255.255.0
vrrp vrid 3 virtual-ip 192.168.3.1
vrrp vrid 3 priority 105
vrrp vrid 3 track interface GigabitEthernet0/0/1
vrrp vrid 3 track bfd-session session-name bb
dhcp select relay
dhcp relay server-ip 192.168.200.3
#
interface Vlanif4
ip address 192.168.4.254 255.255.255.0
vrrp vrid 4 virtual-ip 192.168.4.1
ospf cost 4
dhcp select relay
dhcp relay server-ip 192.168.200.3
#
interface Vlanif5
ip address 192.168.5.254 255.255.255.0
vrrp vrid 5 virtual-ip 192.168.5.1
ospf cost 4
dhcp select relay
dhcp relay server-ip 192.168.200.3
#
interface Vlanif200
ip address 192.168.200.254 255.255.255.0
vrrp vrid 200 virtual-ip 192.168.200.1
vrrp vrid 200 priority 105
vrrp vrid 200 track interface GigabitEthernet0/0/1
vrrp vrid 200 track bfd-session session-name bb
#
interface Vlanif800
ip address 192.168.12.2 255.255.255.0
#
interface Vlanif999
ip address 192.168.255.254 255.255.255.0
vrrp vrid 255 virtual-ip 192.168.255.1
#
interface MEth0/0/1
#
interface Eth-Trunk2
port link-type trunk
port trunk allow-pass vlan 2 to 5 200 999
stp instance 1 cost 10000
stp instance 2 cost 10000
mode lacp-static
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3 999
#
interface GigabitEthernet0/0/2
eth-trunk 2
#
interface GigabitEthernet0/0/3
eth-trunk 2
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 4 to 5 999
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 200 999
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 800
stp disable
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
bfd bb bind peer-ip 192.168.12.1 source-ip 192.168.12.2 auto
commit
#
ospf 1
area 0.0.0.0
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
network 192.168.4.0 0.0.0.255
network 192.168.5.0 0.0.0.255
network 192.168.200.0 0.0.0.255
network 192.168.12.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 192.168.12.1
ip route-static 0.0.0.0 0.0.0.0 192.168.23.1 preference 65
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
SW2
#
sysname HX_sw2
#
undo info-center enable
#
vlan batch 2 to 5 200 801 999
#
stp instance 1 root secondary
stp instance 2 root primary
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
stp region-configuration
region-name aa
revision-level 1
instance 1 vlan 2 to 3 200
instance 2 vlan 4 to 5
active region-configuration
#
bfd
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!!
local-user hcie privilege level 3
local-user hcie service-type telnet
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif2
ip address 192.168.2.253 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.2.1
ospf cost 4
dhcp select relay
dhcp relay server-ip 192.168.200.3
#
interface Vlanif3
ip address 192.168.3.253 255.255.255.0
vrrp vrid 3 virtual-ip 192.168.3.1
ospf cost 4
dhcp select relay
dhcp relay server-ip 192.168.200.3
#
interface Vlanif4
ip address 192.168.4.253 255.255.255.0
vrrp vrid 4 virtual-ip 192.168.4.1
vrrp vrid 4 priority 105
vrrp vrid 4 track interface GigabitEthernet0/0/4
vrrp vrid 4 track bfd-session session-name cc
dhcp select relay
dhcp relay server-ip 192.168.200.3
#
interface Vlanif5
ip address 192.168.5.253 255.255.255.0
vrrp vrid 5 virtual-ip 192.168.5.1
vrrp vrid 5 priority 105
vrrp vrid 5 track interface GigabitEthernet0/0/4
vrrp vrid 5 track bfd-session session-name cc
dhcp select relay
dhcp relay server-ip 192.168.200.3
#
interface Vlanif200
ip address 192.168.200.253 255.255.255.0
vrrp vrid 200 virtual-ip 192.168.200.1
ospf cost 4
#
interface Vlanif801
ip address 192.168.23.2 255.255.255.0
#
interface Vlanif999
ip address 192.168.255.253 255.255.255.0
vrrp vrid 255 virtual-ip 192.168.255.1
#
interface MEth0/0/1
#
interface Eth-Trunk2
port link-type trunk
port trunk allow-pass vlan 2 to 5 200 999
stp instance 1 cost 10000
stp instance 2 cost 10000
mode lacp-static
#
interface GigabitEthernet0/0/1
eth-trunk 2
#
interface GigabitEthernet0/0/2
eth-trunk 2
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 200 999
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 4 to 5 999
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 3 999
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 801
stp disable
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
bfd cc bind peer-ip 192.168.23.1 source-ip 192.168.23.2 auto
commit
#
ospf 1
area 0.0.0.0
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
network 192.168.4.0 0.0.0.255
network 192.168.5.0 0.0.0.255
network 192.168.200.0 0.0.0.255
network 192.168.23.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 192.168.23.1
ip route-static 0.0.0.0 0.0.0.0 192.168.12.1 preference 65
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
SW8
#
sysname sw8
#
undo info-center enable
#
vlan batch 2 to 5 200 999
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
region-name aa
revision-level 1
instance 1 vlan 2 to 3 200
instance 2 vlan 4 to 5
active region-configuration
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!!
local-user hcie privilege level 3
local-user hcie service-type telnet
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif999
ip address 192.168.255.8 255.255.255.0
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 200 999
#
interface Ethernet0/0/3
port link-type access
port default vlan 200
stp edged-port enable
#
interface Ethernet0/0/4
port link-type access
port default vlan 200
stp edged-port enable
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.255.1
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
Server 3
DHCP Server
#
sysname DHCP
#
undo info-center enable
#
dhcp enable
#
ip pool vlan2
gateway-list 192.168.2.1
network 192.168.2.0 mask 255.255.255.0
excluded-ip-address 192.168.2.249 192.168.2.254
dns-list 114.114.114.114 8.8.8.8
#
ip pool vlan3
gateway-list 192.168.3.1
network 192.168.3.0 mask 255.255.255.0
excluded-ip-address 192.168.3.249 192.168.3.254
dns-list 114.114.114.114 8.8.8.8
#
ip pool vlan4
gateway-list 192.168.4.1
network 192.168.4.0 mask 255.255.255.0
excluded-ip-address 192.168.4.249 192.168.4.254
dns-list 114.114.114.114 8.8.8.8
#
ip pool vlan5
gateway-list 192.168.5.1
network 192.168.5.0 mask 255.255.255.0
excluded-ip-address 192.168.5.249 192.168.5.254
dns-list 114.114.114.114 8.8.8.8
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher 7c:;61gxM:ani^>"qh^;2t_#
local-user admin service-type http
#
firewall zone Local
priority 16
#
wlan
#
ip route-static 0.0.0.0 0.0.0.0 192.168.200.1
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
DX_R2
#
sysname DX_R2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
ip pool pool1
gateway-list 12.1.1.2
network 12.1.1.0 mask 255.255.255.0
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user 0531 password cipher %$%$yR4\Et2QEHbL;.2_q4D<~#uH%$%$
local-user 0531 service-type ppp
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Virtual-Template1
ppp authentication-mode pap
remote address pool pool1
ip address 12.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/0
pppoe-server bind Virtual-Template 1
#
interface GigabitEthernet0/0/1
ip address 25.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
rip 1
version 2
network 12.0.0.0
network 25.0.0.0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
LT_R3
#
sysname LT_R3
#
undo info-center enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher g8S/4<\E7A]@l3D+mKgUNt]#
local-user admin service-type http
#
firewall zone Local
priority 16
#
wlan
#
rip 1
version 2
network 13.0.0.0
network 35.0.0.0
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
R5
#
sysname R5
#
undo info-center enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher PsA-QOqpp/+/Y@:Y>Lw(zt^#
local-user admin service-type http
#
firewall zone Local
priority 16
#
wlan
#
rip 1
version 2
network 25.0.0.0
network 35.0.0.0
network 5.0.0.0
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
baidu Server
FZ_R4
#
sysname FZ_R4
#
undo info-center enable
#
undo nap slave enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user hcie password cipher wP_T$UyeuTbL^B&WSBiQUu0#
local-user hcie privilege level 3
local-user hcie service-type telnet
local-user admin password cipher qu>q0W8)\MbL^B&WSBiQUu0#
local-user admin service-type http
#
firewall zone Local
priority 16
#
wlan
#
ospf 1
area 0.0.0.0
network 14.1.1.0 0.0.0.255
network 192.168.100.0 0.0.0.255
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
user-interface vty 16 20
#
return
FZ_Server
HJ_SW3
#
sysname HJ_sw3
#
undo info-center enable
#
vlan batch 2 to 5 200 999
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
region-name aa
revision-level 1
instance 1 vlan 2 to 3 200
instance 2 vlan 4 to 5
active region-configuration
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!!
local-user hcie privilege level 3
local-user hcie service-type telnet
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif999
ip address 192.168.255.3 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 3 999
stp instance 1 cost 10000
stp instance 2 cost 10000
mode lacp-static
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3 999
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3 999
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 999
#
interface Ethernet0/0/4
eth-trunk 1
#
interface Ethernet0/0/5
eth-trunk 1
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.255.1
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
HJ_SW4
#
sysname HJ_sw4
#
undo info-center enable
#
vlan batch 2 to 5 200 999
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
region-name aa
revision-level 1
instance 1 vlan 2 to 3 200
instance 2 vlan 4 to 5
active region-configuration
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!!
local-user hcie privilege level 3
local-user hcie service-type telnet
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif999
ip address 192.168.255.4 255.255.255.0
#
interface MEth0/0/1
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 4 to 5 999
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 4 to 5 999
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.255.1
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
JR_SW5
#
sysname JR_sw5
#
undo info-center enable
#
vlan batch 2 to 5 200 999
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
dhcp enable
#
dhcp snooping enable
#
diffserv domain default
#
drop-profile default
#
vlan 2
dhcp snooping enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!!
local-user hcie privilege level 3
local-user hcie service-type telnet
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif999
ip address 192.168.255.5 255.255.255.0
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 999
dhcp snooping trusted
#
interface Ethernet0/0/2
port link-type access
port default vlan 2
stp edged-port enable
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.255.1
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
JR_SW6
#
sysname JR_sw6
#
undo info-center enable
#
vlan batch 2 to 5 200 999
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
dhcp enable
#
dhcp snooping enable
#
diffserv domain default
#
drop-profile default
#
vlan 3
dhcp snooping enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!!
local-user hcie privilege level 3
local-user hcie service-type telnet
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif999
ip address 192.168.255.6 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 3 999
stp instance 0 cost 10000
mode lacp-static
dhcp snooping trusted
#
interface Ethernet0/0/1
eth-trunk 1
#
interface Ethernet0/0/2
port link-type access
port default vlan 3
stp edged-port enable
#
interface Ethernet0/0/3
eth-trunk 1
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.255.1
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
PC4、PC6、PC7
R7
#
sysname PC
#
undo info-center enable
#
dhcp enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher >:{/T'yS94+/Y@:Y>Lw(`u##
local-user admin service-type http
#
firewall zone Local
priority 16
#
wlan
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
实验拓扑完成,建议多完成几次,可加深对企业网络的了解。
