基于ensp设计三层校园网络
拓扑图:
本实验使用动态主机配置协议(DHCP),生成树协议(STP),动态路由协议(OSPF),双机热备份协议(VRRP),网络地址转换协议(NAT),防火墙的配置,无线AC,AP 的配置,VLAN划分,IP地址划分协议技术完成校园网实验拓扑。
core-sw1:
<Huawei>sys
[Huawei]sys core-sw1(修改核心交换机名称)
[core-sw1]undo info en(关闭信息提示)
Info: Information center is disabled.
[core-sw1]vlan batch 5 7 10 20 30 40 50 60 100 to 101(创建vlan)
[sw1]int Vlan 10(进入vlan10)
[core-sw1-Vlanif10]ip ad 192.168.10.254 24(配置vlan10 IP地址)
[core-sw1-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.252(配置VRRP协议的虚拟IP地址)
[core-sw1-Vlanif10]vrrp vrid 10 priority 120(配置优先级,缺省值为100越大越优先)
[core-sw1-Vlanif10]vrrp vrid 10 track interface GigabitEthernet 0/0/1(创建监视端口实现快速主备切换)
[core-sw1-Vlanif10]vrrp vrid 10 track interface GigabitEthernet 0/0/2(创建监视端口实现快速主备切换)
[core-sw1-Vlanif10]q(退出)
[core-sw1]int Vlanif 20(进入vlan20)
[core-sw1-Vlanif20]ip address 192.168.20.254 24(配置vlan20 IP地址)
[core-sw1-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.252(配置虚拟IP)
[core-sw1-Vlanif20]vrrp vrid 20 priority 120(配置优先级)
[core-sw1-Vlanif20]vrrp vrid 20 track interface GigabitEthernet 0/0/1(创建监视端口实现快速主备切换)
[core-sw1-Vlanif20]vrrp vrid 20 track interface GigabitEthernet 0/0/2(创建监视端口实现快速主备切换)
[core-sw1-Vlanif20]q
[core-sw1]int Vlanif 30
[core-sw1-Vlanif30]ip ad 192.168.30.254 24
[core-sw1-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.252
[core-sw1-Vlanif30]vrrp vrid 30 priority 120
[core-sw1-Vlanif30]vrrp vrid 30 track interface GigabitEthernet 0/0/1(创建监视端口实现快速主备切换)
[core-sw1-Vlanif30]vrrp vrid 30 track interface GigabitEthernet 0/0/2(创建监视端口实现快速主备切换)
[core-sw1-Vlanif30]q
[core-sw1]int Vlanif 40
[core-sw1-Vlanif40]ip ad 192.168.40.254 24
[core-sw1-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.252
[core-sw1-Vlanif40]vrrp vrid 40 priority 120
[core-sw1-Vlanif40]vrrp vrid 40 track interface GigabitEthernet 0/0/1
[core-sw1-Vlanif40]vrrp vrid 40 track interface GigabitEthernet 0/0/2
[core-sw1-Vlanif40]q
[core-sw1]int Vlanif 50
[core-sw1-Vlanif50]ip ad 192.168.50.254 24
[core-sw1-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.252
[core-sw1-Vlanif50]vrrp vrid 50 track interface GigabitEthernet 0/0/1
[core-sw1-Vlanif50]vrrp vrid 50 track interface GigabitEthernet 0/0/2
[core-sw1-Vlanif50]q
[core-sw1]int Vlanif 60
[core-sw1-Vlanif60]ip ad 192.168.60.254 24
[core-sw1-Vlanif60]vrrp vrid 60 virtual-ip 192.168.60.252
[core-sw1-Vlanif60]vrrp vrid 60 track interface GigabitEthernet 0/0/1
[core-sw1-Vlanif60]vrrp vrid 60 track interface GigabitEthernet 0/0/2
[core-sw1-Vlanif60]q
[core-sw1]int Vlanif 5
[sw1-Vlanif5]ip ad 192.168.5.2 24
[core-sw1-Vlanif5]q
[core-sw1]int Vlanif 7
[core-sw1-Vlanif5]ip ad 192.168.7.2 24
[core-sw1]int GigabitEthernet 0/0/1
[core-sw1-GigabitEthernet0/0/1]port link-type access (配置接口类型为接入模式)
[core-sw1-GigabitEthernet0/0/1]port default vlan 5(允许通过vlan5)
[core-sw1-GigabitEthernet0/0/1]int g
[core-sw1-GigabitEthernet0/0/1]q
[core-sw1]int GigabitEthernet 0/0/2
[core-sw1-GigabitEthernet0/0/2]port link-type access
[core-sw1-GigabitEthernet0/0/2]port default vlan 7
[core-sw1-GigabitEthernet0/0/2]q
[core-sw1] User interface con0 is available
[core-sw1]int Eth-Trunk 1(创建链路聚合端口)
[core-sw1-Eth-Trunk1]port link-type trunk (改为通道模式)
[core-sw1-Eth-Trunk1]port trunk allow-pass vlan all (允许所有vlan通过)
[core-sw1-Eth-Trunk1]trunkport GigabitEthernet 0/0/3(将g0/0/3加入trunk口)
[core-sw1-Eth-Trunk1]trunkport GigabitEthernet 0/0/4(将g0/0/4加入trunk口)
[core-sw1-Eth-Trunk1]q
[core-sw1]int GigabitEthernet 0/0/5
[core-sw1-GigabitEthernet0/0/5]port link-type trunk
[core-sw1-GigabitEthernet0/0/5]port trunk allow-pass vlan all
[core-sw1-GigabitEthernet0/0/5]int GigabitEthernet 0/0/6
[core-sw1-GigabitEthernet0/0/6]port link-type trunk
[core-sw1-GigabitEthernet0/0/6]port trunk allow-pass vlan all
[core-sw1-GigabitEthernet0/0/6]int GigabitEthernet 0/0/7
[core-sw1-GigabitEthernet0/0/7]port link-type trunk
[core-sw1-GigabitEthernet0/0/7]port trunk allow-pass vlan all
[core-sw1-GigabitEthernet0/0/7]int GigabitEthernet 0/0/8
[core-sw1-GigabitEthernet0/0/8]port link-type trunk
[core-sw1-GigabitEthernet0/0/8]port trunk allow-pass vlan all
[core-sw1-GigabitEthernet0/0/8]int GigabitEthernet 0/0/9
[core-sw1-GigabitEthernet0/0/9]port link-type trunk
[core-sw1-GigabitEthernet0/0/9]port trunk allow-pass vlan all
[core-sw1-GigabitEthernet0/0/9]int GigabitEthernet 0/0/10
[core-sw1-GigabitEthernet0/0/10]port link-type trunk
[core-sw1-GigabitEthernet0/0/10]port trunk allow-pass vlan all
[core-sw1-GigabitEthernet0/0/10]int GigabitEthernet 0/0/11
[core-sw1-GigabitEthernet0/0/11]port link-type trunk
[core-sw1-GigabitEthernet0/0/11]port trunk pvid vlan 101
[core-sw1-GigabitEthernet0/0/11]port trunk allow-pass vlan all
[core-sw1-GigabitEthernet0/0/11]interface GigabitEthernet0/0/12
[core-sw1-GigabitEthernet0/0/12]port link-type trunk
[core-sw1-GigabitEthernet0/0/12]port trunk allow-pass vlan all
[core-sw1-GigabitEthernet0/0/12]q
(配置生成树)
[core-sw1]stp enable
[core-sw1]stp region-configuration进入生成树配置模式)
[core-sw1-mst-region]region-name huawei(更名为huawei)
[core-sw1-mst-region]revision-level 5(配置生成树的权限)
[core-sw1-mst-region]instance 1 vlan 10 20 30 100(把vlan划分到实例中)
[core-sw1-mst-region]instance 2 vlan 40 50 60
[core-sw1-mst-region]active region-configuration(激活实例)
[core-sw1]stp instance 1 root primary (配置实例的优先级的主次)
[core-sw1]stp instance 2 root secondary (配置实例的优先级的主次)
(使用ospf宣告路由)
[core-sw1]ospf 10
[core-sw1-ospf-10]area 0
[core-sw1-ospf-10-area-0.0.0.0]netw
[core-sw1-ospf-10-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[core-sw1-ospf-10-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[core-sw1-ospf-10-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[core-sw1-ospf-10-area-0.0.0.0]network 192.168.40.0 0.0.0.255
[core-sw1-ospf-10-area-0.0.0.0]network 192.168.50.0 0.0.0.255
[core-sw1-ospf-10-area-0.0.0.0]network 192.168.60.0 0.0.0.255
[core-sw1-ospf-10-area-0.0.0.0]network 192.168.100.0 0.0.0.255
[core-sw1-ospf-10-area-0.0.0.0]network 192.168.5.0 0.0.0.255
[core-sw1-ospf-10-area-0.0.0.0]network 192.168.7.0 0.0.0.255
[core-sw1-ospf-10-area-0.0.0.0]q
[core-sw1-ospf-10-area-0.0.0.0]q
(设置dhcp自动获取ip地址)
[core-sw1]ip pool vlan10
Info:It's successful to create an IP address pool.
[core-sw1-ip-pool-vlan10]network 192.168.10.0 mask 24
[core-sw1-ip-pool-vlan10]gateway-list 192.168.10.252
[core-sw1-ip-pool-vlan10]dns-list 114.114.114.114
[core-sw1-ip-pool-vlan10]excluded-ip-address 192.168.10.100 192.168.10.150
[core-sw1-ip-pool-vlan10]q
[core-sw1]int Vlanif 10
[core-sw1-Vlanif10]dhcp select global
[core-sw1-Vlanif10]q
[core-sw1]ip pool vlan20
Info:It's successful to create an IP address pool.
[core-sw1-ip-pool-vlan20]network 192.168.20.0 mask 24
[core-sw1-ip-pool-vlan20]gateway-list 192.168.20.252
[core-sw1-ip-pool-vlan20]dns-list 114.114.114.114
[core-sw1-ip-pool-vlan20]excluded-ip-address 192.168.20.100 192.168.20.150
[core-sw1-ip-pool-vlan20]q
[core-sw1]int Vlanif 20
[core-sw1-Vlanif20]dhcp select global
[core-sw1-Vlanif20]q
[core-sw1]ip pool vlan30
Info:It's successful to create an IP address pool.
[core-sw1-ip-pool-vlan30]network 192.168.30.0 mask 24
[core-sw1-ip-pool-vlan30]gateway-list 192.168.30.252
[core-sw1-ip-pool-vlan30]dns-list 114.114.114.114
[core-sw1-ip-pool-vlan30]excluded-ip-address 192.168.30.100 192.168.30.150
[core-sw1-ip-pool-vlan30]q
[core-sw1]int Vlanif 30
[core-sw1-Vlanif30]dhcp select global
[core-sw1-Vlanif30]q
[core-sw1]ip pool vlan40
Info:It's successful to create an IP address pool.
[core-sw1-ip-pool-vlan40]network 192.168.40.0 mask 24
[core-sw1-ip-pool-vlan40]dns-list 114.114.114.114
[core-sw1-ip-pool-vlan40]gateway-list 192.168.40.252
[core-sw1-ip-pool-vlan40]excluded-ip-address 192.168.40.100 192.168.40.150
[core-sw1-ip-pool-vlan40]q
[core-sw1]int Vlanif 40
[core-sw1-Vlanif40]dhcp select global
[core-sw1-Vlanif40]q
[core-sw1]ip pool vlan50
Info:It's successful to create an IP address pool.
[core-sw1-ip-pool-vlan50]network 192.168.50.0 mask 24
[core-sw1-ip-pool-vlan50]gateway-list 192.168.50.252
[core-sw1-ip-pool-vlan50]dns-list 114.114.114.114
[core-sw1-ip-pool-vlan50]excluded-ip-address 192.168.50.100 192.168.50.150
[core-sw1ip-pool-vlan50]q
[core-sw1]int Vlanif 50
[core-sw1-Vlanif50]dhcp select global
[core-sw1-Vlanif50]q
[core-sw1]ip pool vlan60
Info:It's successful to create an IP address pool.
[core-sw1-ip-pool-vlan60]network 192.168.60.0 mask 24
[core-sw1-ip-pool-vlan60]gateway-list 192.168.60.252
[core-sw1-ip-pool-vlan60]dns-list 114.114.114.114
[core-sw1-ip-pool-vlan60]excluded-ip-address 192.168.60.100 192.168.60.150
[core-sw1-ip-pool-vlan60]q
[core-sw1]int Vlanif 60
[core-sw1-Vlanif60]dhcp select global
[core-sw1-Vlanif60]q
core-sw2:
<Huawei>sys
[Huawei]sys core-sw2(修改核心交换机名称)
[core-sw2]undo info en(关闭信息提示)
Info: Information center is disabled.
[core-sw2]vlan batch 6 8 10 20 30 40 50 60 100 to 101(创建vlan)
[sw1]int Vlan 10(进入vlan10)
[core-sw2-Vlanif10]ip ad 192.168.10.253 24(配置vlan10 IP地址)
[core-sw2-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.252(配置VRRP协议的虚拟IP地址)
[core-sw2-Vlanif10]vrrp vrid 10 track interface GigabitEthernet 0/0/1(创建监视端口实现快速主备切换)
[core-sw2-Vlanif10]vrrp vrid 10 track interface GigabitEthernet 0/0/2(创建监视端口实现快速主备切换)
[core-sw2-Vlanif10]q(退出)
[core-sw2]int Vlanif 20(进入vlan20)
[core-sw2-Vlanif20]ip address 192.168.20.253 24(配置vlan20 IP地址)
[core-sw2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.252(配置虚拟IP)
[core-sw2-Vlanif20]vrrp vrid 20 track interface GigabitEthernet 0/0/1(创建监视端口实现快速主备切换)
[core-sw2-Vlanif20]vrrp vrid 20 track interface GigabitEthernet 0/0/2(创建监视端口实现快速主备切换)
[core-sw2-Vlanif20]q
[core-sw2]int Vlanif 30
[core-sw2-Vlanif30]ip ad 192.168.30.253 24
[core-sw2-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.252
[core-sw2-Vlanif30]vrrp vrid 30 track interface GigabitEthernet 0/0/1(创建监视端口实现快速主备切换)
[core-sw2-Vlanif30]vrrp vrid 30 track interface GigabitEthernet 0/0/2(创建监视端口实现快速主备切换)
[core-sw2-Vlanif30]q
[core-sw2]int Vlanif 40
[core-sw2-Vlanif40]ip ad 192.168.40.253 24
[core-sw2-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.252
[core-sw2-Vlanif40]vrrp vrid 40 track interface GigabitEthernet 0/0/1
[core-sw2-Vlanif40]vrrp vrid 40 track interface GigabitEthernet 0/0/2
[core-sw2-Vlanif40]q
[core-sw2]int Vlanif 50
[core-sw2-Vlanif50]ip ad 192.168.50.253 24
[core-sw2-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.252
[core-sw2-Vlanif50]vrrp vrid 50 track interface GigabitEthernet 0/0/1
[core-sw2-Vlanif50]vrrp vrid 50 track interface GigabitEthernet 0/0/2
[core-sw2-Vlanif50]q
[core-sw2]int Vlanif 60
[core-sw2-Vlanif60]ip ad 192.168.60.253 24
[core-sw2-Vlanif60]vrrp vrid 60 virtual-ip 192.168.60.252
[core-sw2-Vlanif60]vrrp vrid 60 track interface GigabitEthernet 0/0/1
[core-sw2-Vlanif60]vrrp vrid 60 track interface GigabitEthernet 0/0/2
[core-sw2-Vlanif60]q
[core-sw2]int Vlanif 6
[sw2-Vlanif6]ip ad 192.168.6.2 24
[core-sw2-Vlanif6]q
[core-sw2]int Vlanif 8
[core-sw2-Vlanif8]ip ad 192.168.8.2 24
[core-sw2]int GigabitEthernet 0/0/1
[core-sw2-GigabitEthernet0/0/1]port link-type access (配置接口类型为接入模式)
[core-sw2-GigabitEthernet0/0/1]port default vlan 6(允许通过vlan6)
[core-sw2-GigabitEthernet0/0/1]int g
[core-sw2-GigabitEthernet0/0/1]q
[core-sw2]int GigabitEthernet 0/0/2
[core-sw2-GigabitEthernet0/0/2]port link-type access
[core-sw2-GigabitEthernet0/0/2]port default vlan 8
[core-sw2-GigabitEthernet0/0/2]q
[core-sw2] User interface con0 is available
[core-sw2]int Eth-Trunk 1(创建链路聚合端口)
[core-sw2-Eth-Trunk1]port link-type trunk (改为通道模式)
[core-sw2-Eth-Trunk1]port trunk allow-pass vlan all (允许所有vlan通过)
[core-sw2-Eth-Trunk1]trunkport GigabitEthernet 0/0/3(将g0/0/3加入trunk口)
[core-sw2-Eth-Trunk1]trunkport GigabitEthernet 0/0/4(将g0/0/4加入trunk口)
[core-sw2-Eth-Trunk1]q
[core-sw2]int GigabitEthernet 0/0/5
[core-sw2-GigabitEthernet0/0/5]port link-type trunk
[core-sw2-GigabitEthernet0/0/5]port trunk allow-pass vlan all
[core-sw2-GigabitEthernet0/0/5]int GigabitEthernet 0/0/7
[core-sw2-GigabitEthernet0/0/7]port link-type trunk
[core-sw2-GigabitEthernet0/0/7]port trunk allow-pass vlan all
[core-sw2-GigabitEthernet0/0/7]int GigabitEthernet 0/0/8
[core-sw2-GigabitEthernet0/0/8]port link-type trunk
[core-sw2-GigabitEthernet0/0/8]port trunk allow-pass vlan all
[core-sw2-GigabitEthernet0/0/8]int GigabitEthernet 0/0/9
[core-sw2-GigabitEthernet0/0/9]port link-type trunk
[core-sw2-GigabitEthernet0/0/9]port trunk allow-pass vlan all
[core-sw2-GigabitEthernet0/0/9]int GigabitEthernet 0/0/10
[core-sw2-GigabitEthernet0/0/10]port link-type trunk
[core-sw2-GigabitEthernet0/0/10]port trunk allow-pass vlan all
[core-sw2-GigabitEthernet0/0/10]int GigabitEthernet 0/0/11
[core-sw2-GigabitEthernet0/0/11]port link-type trunk
[core-sw2-GigabitEthernet0/0/11]port trunk allow-pass vlan all
[core-sw2]stp enable (配置生成树)
[core-sw2]stp region-configuration进入生成树配置模式)
[core-sw2-mst-region]region-name huawei(更名为huawei)
[core-sw2-mst-region]revision-level 5(配置生成树的权限)
[core-sw2-mst-region]instance 1 vlan 10 20 30 100(把vlan划分到实例中)
[core-sw2-mst-region]instance 2 vlan 40 50 60 100
[core-sw2-mst-region]active region-configuration(激活实例)
[core-sw2]stp instance 2 root primary (配置实例的优先级的主次)
[core-sw2]stp instance 1 root secondary (配置实例的优先级的主次)
[core-sw2]ospf 20
[core-sw2-ospf-20]area 0
[core-sw2-ospf-20-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[core-sw2-ospf-20-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[core-sw2-ospf-20-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[core-sw2-ospf-20-area-0.0.0.0]network 192.168.40.0 0.0.0.255
[core-sw2-ospf-20-area-0.0.0.0]network 192.168.50.0 0.0.0.255
[core-sw2-ospf-20-area-0.0.0.0]network 192.168.60.0 0.0.0.255
[core-sw2-ospf-20-area-0.0.0.0]network 192.168.6.0 0.0.0.255
[core-sw2-ospf-20-area-0.0.0.0]network 192.168.8.0 0.0.0.255
(使用dhcp为主机分配地址)
<core-sw2>sys
Enter system view, return user view with Ctrl+Z.
[core-sw2]dhcp enable
[core-sw2]ip pool vlan10
Info:It's successful to create an IP address pool.
[core-sw2-ip-pool-vlan10]network 192.168.10.0 mask 24
[core-sw2-ip-pool-vlan10]gateway-list 192.168.10.252
[core-sw2-ip-pool-vlan10]dns-list 114.114.114.114
[core-sw2-ip-pool-vlan10]excluded-ip-address 192.168.10.100 192.168.10.150
[core-sw2-ip-pool-vlan10]q
[core-sw2]int Vlanif 10
[core-sw2-Vlanif10]dhcp select global
[core-sw2]ip pool vlan20
Info:It's successful to create an IP address pool.
[core-sw2-ip-pool-vlan20]network 192.168.20.0 mask 24
[core-sw2-ip-pool-vlan20]dns-list 114.114.114.114
[core-sw2-ip-pool-vlan20]gateway-list 192.168.20.252
[core-sw2-ip-pool-vlan20]excluded-ip-address 192.168.20.100 192.168.20.150
[core-sw2-ip-pool-vlan20]q
[core-sw2]int Vlanif 20
[core-sw2-Vlanif10]dhcp select global
[core-sw2]ip pool vlan30
Info:It's successful to create an IP address pool.
[core-sw2-ip-pool-vlan30]network 192.168.30.0 mask 24
[core-sw2-ip-pool-vlan30]dns-list 114.114.114.114
[core-sw2-ip-pool-vlan30]gateway-list 192.168.30.252
[core-sw2-ip-pool-vlan30]excluded-ip-address 192.168.30.100 192.168.30.150
[core-sw2-ip-pool-vlan30]q
[core-sw2]int v
[core-sw2]int Vlanif 30
[core-sw2-Vlanif30]dhcp select global
[core-sw2-Vlanif30]q
[core-sw2]ip pool vlan40
Info:It's successful to create an IP address pool.
[core-sw2-ip-pool-vlan40]network 192.168.40.0 mask 24
[core-sw2-ip-pool-vlan40]gateway-list 192.168.40.252
[core-sw2-ip-pool-vlan40]dns-list 114.114.114.114
[core-sw2-ip-pool-vlan40]excluded-ip-address 192.168.40.100 192.168.40.150
[core-sw2-ip-pool-vlan40]q
[core-sw2]int Vlanif 40
[core-sw2-Vlanif40]dhcp select global
[core-sw2-Vlanif40]q
[core-sw2]ip pool vlan50
Info:It's successful to create an IP address pool.
[core-sw2-ip-pool-vlan50]network 192.168.50.0 mask 24
[core-sw2-ip-pool-vlan50]gateway-list 192.168.50.252
[core-sw2-ip-pool-vlan50]dns-list 114.114.114.114
[core-sw2-ip-pool-vlan50]excluded-ip-address 192.168.50.100 192.168.50.150
[core-sw2-ip-pool-vlan50]q
[core-sw2]int v
[core-sw2]int Vlanif 50
[core-sw2-Vlanif50]dhcp select global
[core-sw2-Vlanif50]q
[core-sw2]ip pool vlan60
Info:It's successful to create an IP address pool.
[core-sw2-ip-pool-vlan60]network 192.168.60.0 mask 24
[core-sw2-ip-pool-vlan60]gateway-list 192.168.60.252
[core-sw2-ip-pool-vlan60]dns-list 114.114.114.114
[core-sw2-ip-pool-vlan60]excluded-ip-address 192.168.60.100 192.168.60.150
[core-sw2-ip-pool-vlan60]q
[core-sw2]int Vlanif 60
core-sw2-Vlanif60]dhcp select global
[core-sw2-Vlanif60]q
sw1:
[Huawei]sys sw1
[sw1]un in en
Info: Information center is disabled.
[sw1]vlan batch vlan 10 20 30 40 50 60 100 101
[sw1]stp enable
[sw1]stp region-configuration
[sw1-mst-region]region-name huawei
[sw1-mst-region]revision-level 5
[sw1-mst-region]instance 1 vlan 10 20 30 100
[sw1-mst-region]instance 2 vlan 40 50 60
[sw1-mst-region]active region-configuration
[sw1-mst-region]q
[sw1]int Ethernet 0/0/1
[sw1-Ethernet0/0/1]port link-type trunk
[sw1-Ethernet0/0/1]port trunk allow-pass vlan all
[sw1-Ethernet0/0/1]int e0/0/2
[sw1-Ethernet0/0/2]port link-type trunk
[sw1-Ethernet0/0/2]port trunk allow-pass vlan all
[sw1-Ethernet0/0/2]int e0/0/3
[sw1-Ethernet0/0/3]port link-type access
[sw1-Ethernet0/0/3]port default vlan 10
[sw1-Ethernet0/0/3]int e0/0/4
[sw1-Ethernet0/0/4]port link-type access
[sw1-Ethernet0/0/4]port default vlan 10
sw2:
[Huawei]sys sw2
[sw2]un in en
Info: Information center is disabled.
[sw2]vlan batch vlan 10 20 30 40 50 60 100 101
[sw2]stp enable
[sw2]stp region-configuration
[sw2-mst-region]region-name huawei
[sw2-mst-region]revision-level 5
[sw2-mst-region]instance 1 vlan 10 20 30 100
[sw2-mst-region]instance 2 vlan 40 50 60
[sw2-mst-region]active region-configuration
[sw2-mst-region]q
[sw2]int Ethernet 0/0/1
[sw2-Ethernet0/0/1]port link-type trunk
[sw2-Ethernet0/0/1]port trunk allow-pass vlan all
[sw2-Ethernet0/0/1]int e0/0/2
[sw2-Ethernet0/0/2]port link-type trunk
[sw2-Ethernet0/0/2]port trunk allow-pass vlan all
[sw2-Ethernet0/0/2]int e0/0/3
[sw2-Ethernet0/0/3]port link-type access
[sw2-Ethernet0/0/3]port default vlan 20
[sw2-Ethernet0/0/3]int e0/0/4
[sw2-Ethernet0/0/4]port link-type access
[sw2-Ethernet0/0/4]port default vlan 20sw3:
[Huawei]sys sw3
[sw3]un in en
Info: Information center is disabled.
[sw3]vlan batch vlan 10 20 30 40 50 60 100 101
[sw3]stp enable
[sw3]stp region-configuration
[sw3-mst-region]region-name huawei
[sw3-mst-region]revision-level 5
[sw3-mst-region]instance 1 vlan 10 20 30 100
[sw3-mst-region]instance 2 vlan 40 50 60
[sw3-mst-region]active region-configuration
[sw3-mst-region]q
[sw3]int Ethernet 0/0/1
[sw3-Ethernet0/0/1]port link-type trunk
[sw3-Ethernet0/0/1]port trunk allow-pass vlan all
[sw3-Ethernet0/0/1]int e0/0/2
[sw3-Ethernet0/0/2]port link-type trunk
[sw3-Ethernet0/0/2]port trunk allow-pass vlan all
[sw3-Ethernet0/0/2]int e0/0/3
[sw3-Ethernet0/0/3]port link-type access
[sw3-Ethernet0/0/3]port default vlan 30
[sw3-Ethernet0/0/3]int e0/0/4
[sw3-Ethernet0/0/4]port link-type access
[sw3-Ethernet0/0/4]port default vlan 30sw4:
[Huawei]sys sw4
[sw4]un in en
Info: Information center is disabled.
[sw4]vlan batch vlan 10 20 30 40 50 60 100 101
[sw4]stp enable
[sw4]stp region-configuration
[sw4-mst-region]region-name huawei
[sw4-mst-region]revision-level 5
[sw4-mst-region]instance 1 vlan 10 20 30 100
[sw4-mst-region]instance 2 vlan 40 50 60
[sw4-mst-region]active region-configuration
[sw4-mst-region]q
[sw4]int Ethernet 0/0/1
[sw4-Ethernet0/0/1]port link-type trunk
[sw4-Ethernet0/0/1]port trunk allow-pass vlan all
[sw4-Ethernet0/0/1]int e0/0/2
[sw4-Ethernet0/0/2]port link-type trunk
[sw4-Ethernet0/0/2]port trunk allow-pass vlan all
[sw4-Ethernet0/0/2]int e0/0/3
[sw4-Ethernet0/0/3]port link-type access
[sw4-Ethernet0/0/3]port default vlan 40
[sw4-Ethernet0/0/3]int e0/0/4
[sw4-Ethernet0/0/4]port link-type access
[sw4-Ethernet0/0/4]port default vlan 40
sw5:
[Huawei]sys sw5
[sw5]un in en
Info: Information center is disabled.
[sw5]vlan batch vlan 10 20 30 40 50 60 100 101
[sw5]stp enable
[sw5]stp region-configuration
[sw5-mst-region]region-name huawei
[sw5-mst-region]revision-level 5
[sw5-mst-region]instance 1 vlan 10 20 30 100
[sw5-mst-region]instance 2 vlan 40 50 60
[sw5-mst-region]active region-configuration
[sw5-mst-region]q
[sw5]int Ethernet 0/0/1
[sw5-Ethernet0/0/1]port link-type trunk
[sw5-Ethernet0/0/1]port trunk allow-pass vlan all
[sw5-Ethernet0/0/1]int e0/0/2
[sw5-Ethernet0/0/2]port link-type trunk
[sw5-Ethernet0/0/2]port trunk allow-pass vlan all
[sw5-Ethernet0/0/2]int e0/0/3
[sw5-Ethernet0/0/3]port link-type access
[sw5-Ethernet0/0/3]port default vlan 50
[sw5-Ethernet0/0/3]int e0/0/4
[sw5-Ethernet0/0/4]port link-type access
[sw5-Ethernet0/0/4]port default vlan 50
sw6:
[Huawei]sys sw6
[sw6]un in en
Info: Information center is disabled.
[sw6]vlan batch vlan 10 20 30 40 50 60 100 101
[sw6]stp enable
[sw6]stp region-configuration
[sw6-mst-region]region-name huawei
[sw6-mst-region]revision-level 5
[sw6-mst-region]instance 1 vlan 10 20 30 100
[sw6-mst-region]instance 2 vlan 40 50 60
[sw6-mst-region]active region-configuration
[sw6-mst-region]q
[sw6]int Ethernet 0/0/1
[sw6-Ethernet0/0/1]port link-type trunk
[sw6-Ethernet0/0/1]port trunk allow-pass vlan all
[sw6-Ethernet0/0/1]int e0/0/2
[sw6-Ethernet0/0/2]port link-type trunk
[sw6-Ethernet0/0/2]port trunk allow-pass vlan all
[sw6-Ethernet0/0/2]int e0/0/3
[sw6-Ethernet0/0/3]port link-type access
[sw6-Ethernet0/0/3]port default vlan 60
[sw6-Ethernet0/0/3]int e0/0/4
[sw6-Ethernet0/0/4]port link-type access
[sw6-Ethernet0/0/4]port default vlan 60
ac1:
<AC6605>sys
Enter system view, return user view with Ctrl+Z.
[AC6605]sys AC1
[AC1]vlan batch 100 101
Info: This operation may take a few seconds. Please wait for a moment...done.
[AC1]int Vlanif 100
[AC1-Vlanif100]ip ad 192.168.100.1 24
[AC1-Vlanif100]q
[AC1]dhcp enable (开启DHCP功能)
Info: The operation may take a few seconds. Please wait for a moment.done.
[AC1]int v
[AC1]int Vlanif 100(进入vlan100)
[AC1-Vlanif100]dhcp select global (DHCP配置指向全局)
[AC1-Vlanif100]q
[AC1]int Vlanif 101
[AC1-Vlanif101]ip ad 192.168.101.1 24(配置IP)
[AC1-Vlanif101]dhcp select interface (DHCP配置指向全局)
[AC1-Vlanif101]q
[AC1]ip pool vlan100(创建地址池)
Info: It is successful to create an IP address pool.
[AC1-ip-pool-vlan100]ga
[AC1-ip-pool-vlan100]gateway-list 192.168.100.254(配置网关)
[AC1-ip-pool-vlan100]netw
[AC1-ip-pool-vlan100]network 192.168.100.0(配置地址池网段)
[AC1-ip-pool-vlan100]dn
[AC1-ip-pool-vlan100]dns-list 192.168.200.4(配置DNS)
[AC1-ip-pool-vlan100]ex
[AC1-ip-pool-vlan100]excluded-ip-address 192.168.100.1(配置排除地址)
[AC1-ip-pool-vlan100]q
[AC1]wlan
[AC1-wlan-view]ap-group name ap-huawei(建立AP组创建名字ap-huawei)
Info: This operation may take a few seconds. Please wait for a moment.done.
[AC1-wlan-ap-group-ap-huawei]q
[AC1-wlan-view]regulatory-domain-profile name huawei-domin(指定域管理模块并设置域管理名)
[AC1-wlan-regulate-domain-huawei-domin]cou
[AC1-wlan-regulate-domain-huawei-domin]country-code cn (选择国家代码进行配置设定)
[AC1-wlan-regulate-domain-huawei-domin]country-code CN
Info: The current country code is same with the input country code.
[AC1-wlan-regulate-domain-huawei-domin]q
[AC1-wlan-view]ap-group name ap-huawei(创建ap组命名)
[AC1-wlan-ap-group-ap-huawei]re
[AC1-wlan-ap-group-ap-huawei]regulatory-domain-profile huawei-domin(将国家码的域模板绑定)
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC1-wlan-ap-group-ap-huawei]q
[AC1-wlan-view]q
[AC1]capwap source interface Vlanif 101(配置原接口或源地址与AP建隧道)
[AC1]w
[AC1]wlan
[AC1-wlan-view]ap-id 0 ap-mac 00e0-fce7-4fe0(ap接入控制,这里是mac认证)
[AC1-wlan-ap-0]ap-id 0 ap-mac 00e0-fce7-4fe0(配置AP认证模式:离线)
[AC1-wlan-ap-0]ap
[AC1-wlan-ap-0]ap-name area-1(创建AP的名字)
[AC1-wlan-ap-0]ap
[AC1-wlan-ap-0]ap-system-profile name huawei-domain
[AC1-wlan-ap-0]ap-group ap-huawei
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC1]int g
[AC1]int GigabitEthernet 0/0/1(进入接口1)
[AC1-GigabitEthernet0/0/1]port link-type trunk(配置为通道模式)
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan all (允许所有vlan通过)
[AC1-GigabitEthernet0/0/1]q
[AC1]wlan
[AC1-wlan-view]security-profile name sec(配置安全模板)
[AC1-wlan-sec-prof-sec]security wpa2 psk pass-phrase huawei@123 aes(配置安全模板的密码)
[AC1-wlan-sec-prof-sec]q
[AC1-wlan-view]ssid-profile name ssid-1(配置SSID模板名称)
[AC1-wlan-ssid-prof-ssid-1]ss
[AC1-wlan-ssid-prof-ssid-1]ssid huawei(配置SSID名称)
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-ssid-prof-ssid-1]q
[AC1-wlan-view]vap-profile name vap-1 (VAP名称)
[AC1-wlan-vap-prof-vap-1]forward-mode tunnel
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-vap-1]service-vlan vlan-id 100
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-vap-1]security-profile sec
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-vap-1]ssid-profile ssid-1
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-vap-1]q
[AC1-wlan-view]ap-group name ap-huawei(创建AP组名称)
[AC1-wlan-ap-group-ap-huawei]vap-profile vap-1 wlan 1 radio 0(VAP模板名称)
core-ar1:
[Huawei]undo in en
Info: Information center is disabled.
[Huawei]sys core-R1
[core-R1]int g
[core-R1]int GigabitEthernet 2/0/0
[core-R1-GigabitEthernet0/0/2]ip ad
[core-R1-GigabitEthernet0/0/2]ip address 192.168.5.1 24
[core-R1-GigabitEthernet0/0/2]int g2/0/1
[core-R1-GigabitEthernet2/0/1]ip address 192.168.6.1 24
[core-R1-GigabitEthernet2/0/1]int g
[core-R1-GigabitEthernet0/0/2]int g0/0/1
[core-R1-GigabitEthernet0/0/1]ip ad
[core-R1-GigabitEthernet0/0/1]ip address 192.168.4.1 24
[core-R1-GigabitEthernet0/0/1]int g0/0/0
[core-R1-GigabitEthernet0/0/0]ip ad
[core-R1-GigabitEthernet0/0/0]ip address 192.168.2.2 24
[core-R1-GigabitEthernet0/0/0]q
[core-R1]ospf 30(创建动态路由)
[core-R1-ospf-30]area 0(创建区域)
[core-R1-ospf-30-area-0.0.0.0]network 192.168.5.0 0.0.0.255(加入配置的IP网段)
[core-R1-ospf-30-area-0.0.0.0]network 192.168.6.0 0.0.0.255
[core-R1-ospf-30-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[core-R1-ospf-30-area-0.0.0.0]network 192.168.2.0 0.0.0.255core-ar2:
<Huawei>sys
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sys core-R2
[core-R2]int g
[core-R2]int GigabitEthernet 2/0/0
[core-R2-GigabitEthernet0/0/0]ip add 192.168.8.1 24
[core-R2-GigabitEthernet0/0/0]q
[core-R2]int g
[core-R2]int GigabitEthernet 2/0/0
[core-R2-GigabitEthernet1/0/0]ip ad
[core-R2-GigabitEthernet1/0/0]ip address 192.168.7.1 24
[core-R2-GigabitEthernet1/0/0]int g
[core-R2-GigabitEthernet1/0/0]int g0/0/0
[core-R2-GigabitEthernet0/0/0]ip ad
[core-R2-GigabitEthernet0/0/0]ip address 192.168.4.2 24
[core-R2-GigabitEthernet0/0/0]int g0/0/1
[core-R2-GigabitEthernet0/0/1]ip ad
[core-R2-GigabitEthernet0/0/1]ip address 192.168.3.2 24
[core-R2-GigabitEthernet0/0/1]q
[core-R2]ospf 40(创建动态路由)
[core-R2-ospf-40]area 0(创建区域)
[core-R2-ospf-40-area-0.0.0.0]network 192.168.8.0 0.0.0.255(加入配置的IP网段)
[core-R2-ospf-40-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[core-R2-ospf-40-area-0.0.0.0]network 192.168.7.0 0.0.0.255
[core-R2-ospf-40-area-0.0.0.0]network 192.168.3.0 0.0.0.255
fw1:
<USG6000V1>sys
Enter system view, return user view with Ctrl+Z.
[USG6000V1]sys
[FW1-GigabitEthernet1/0/0]int g1/0/1
[FW1-GigabitEthernet1/0/1]ip ad 192.168.3.1 24
[FW1-GigabitEthernet1/0/1]int g0/0/0
[FW1-GigabitEthernet0/0/0]ip ad 192.168.200.1 24
[FW1-GigabitEthernet0/0/0]int g1/0/2
[FW1-GigabitEthernet1/0/2]ip ad 200.10.10.1 30
[FW1-GigabitEthernet1/0/2]q
[FW1]firewall zone trust (配置策略:信任区域)
[FW1-zone-trust]add interface g1/0/0(加入接口)
[FW1-zone-trust]add interface g1/0/1
[FW1-zone-trust]q
[FW1]firewall zone untrust (创建不信任区域)
[FW1-zone-untrust]add interface g1/0/2(加入端口)
[FW1-zone-untrust]q
[FW1]firewall zone dmz (创建DMZ区域)
[FW1-zone-dmz]ad
[FW1-zone-dmz]add int g0/0/0(加入接口)
Error: The interface has been added to trust security zone.
[FW1-zone-dmz]q
[FW1]se
[FW1]security-policy(进入安全策略)
[FW1-policy-security-rule-tr-untr]source-zone trust
[FW1-policy-security-rule-tr-untr]source-address 192.168.0.0 0.0.255.255(加入源IP)
[FW1-policy-security-rule-tr-untr]destination-zone untrust (进入目的区域)
[FW1-policy-security-rule-tr-untr]action permit (运行允许)
[FW1-policy-security-rule-tr-untr]q
[FW1-policy-security]q
[FW1]int g1/0/0
[FW1-GigabitEthernet1/0/0]service-manage all permit (开启服务管理权限)
[FW1-GigabitEthernet1/0/0]int g
[FW1-GigabitEthernet1/0/0]int g1/0/1
[FW1-GigabitEthernet1/0/1]service-manage all permit
[FW1]int g0/0/0
[FW1-GigabitEthernet0/0/0]service-manage all permit
[FW1-GigabitEthernet0/0/0]q
[FW1]int g0/0/1
[FW1-GigabitEthernet0/0/1]service-manage all permit
[FW1-GigabitEthernet0/0/1]q
[FW1]ospf 50
[FW1-ospf-50]area 0
[FW1-ospf-50-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[FW1-ospf-50-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[FW1-ospf-50-area-0.0.0.0]network 192.168.200.0 0.0.0.255
[FW1-ospf-50]default-route-advertise always(发布缺省路由到整个普通OSPF区域)
[FW1-ospf-50]q
[FW1]ip route-static 0.0.0.0 0.0.0.0 200.10.10.2(配置静态IP)
[FW1-ospf-50]nat-policy(NAT地址转换策略)
[FW1-policy-nat]rule name easy-ip(命名easy-ip)
[FW1-policy-nat-rule-easy-ip]source-address 192.168.0.0 0.0.255.255(指定来源)
[FW1-policy-nat-rule-easy-ip]source-zone trust
[FW1-policy-nat-rule-easy-ip]source-zone dmz
[FW1-policy-nat-rule-easy-ip]destination-zone untrust
[FW1-policy-nat-rule-easy-ip]action source-nat easy-ip(配置出接口方式)
isp-r:
<Huawei>sys
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sys isp-r
[core-isp-r]int g
[core-isp-r]int GigabitEthernet 0/0/0
[core-isp-r-GigabitEthernet0/0/0]ip add 200.10.10.2 30
[core-isp-r]int g
[core-isp-r]int GigabitEthernet 0/0/1
[core-isp-r-GigabitEthernet0/0/1]ip add 200.10.20.1 28