ToB企服应用市场:ToB评测及商务社交产业平台

标题: 云计算融合网络摆设实例 [打印本页]

---

作者: 忿忿的泥巴坨    时间: 2024-6-14 21:10
标题: 云计算融合网络摆设实例
这是我当年参加的网络比赛的练习标题，我将其分享出来。
模块一：云计算融合网络摆设

CII网络公司总部设有研发、市场、供应链、售后等4个部分，统一进行IP地址及业务资源的规划和分配。公司总部及亚太地域的网络拓扑结构如图所示。
其中两台S6000交换机(用S5750-E代替)编号为S4、S5，用于服务器高速接入；两台S5750编号为S2、S3，作为总部的核心交换机；两台RSR20路由器编号为R2、R3，作为总部的核心路由器，一台EG2000（用RSR20代替）编号为EG1，作为总部互联网出口网关1。一台S2910编号为S1，作为总部接入交换机；一台RSR20路由器编号为R1，作为分支机构路由器，一台EG2000（用RSR20代替）编号为EG2，作为分部互联网出口网关2。一台S5750编号为S6作为分部核心交换机，一台S2910编号为S7，作为分部接入交换机。3台AP520编号为AP1，AP2，AP3分别作为总部与分部的无线接入点。

请根据拓扑图及网络物理连接表完成装备的连线。
装备互联规范主要对各种网络装备的互联进行规范界说，在项目实行中，如用户无特殊要求，应根据规范要求进行各级网络装备的互联，统一现场装备互联界面，结合规范的线缆标签使用，使网络结构清晰明了，方便后续的维护。如下“表1-8 网络物理连接表”。
表1-8网络物理连接表

1. 源设备名称        设备接口        接口描述        目标设备名称        设备接口
2. S1        Gi0/1        Con_To_PC1        PC1        　
3. S1        Gi0/5        Con_To_PC2        PC2        　
4. S1        Gi0/21        Con_To_AP1        AP1        　
5. S1        Gi0/22        Con_To_AP2        AP2        　
6. S1        Gi0/23        Con_To_S2_Gi0/1        S2        Gi0/1
7. S1        Gi0/24        Con_To_S3_Gi0/1        S3        Gi0/1
8. S2        Gi0/1        Con_To_S1_Gi0/23        S1        Gi0/23
9. S2        Gi0/2        Con_To_S3_Gi0/2        S3        Gi0/2
10. S2        Gi0/3        Con_To_S3_Gi0/3        S3        Gi0/3
11. S2        Gi0/4        Con_To_R2_Gi0/0        R2        Gi0/0
12. S2        Gi0/5        Con_To_AC1_Gi0/1        AC1        Gi0/1
13. S3        Gi0/1        Con_To_S1_Gi0/24        S1        Gi0/24
14. S3        Gi0/2        Con_To_S2_Gi0/2        S2        Gi0/2
15. S3        Gi0/3        Con_To_S2_Gi0/3        S2        Gi0/3
16. S3        Gi0/4        Con_To_R3_Gi0/0        R3        Gi0/0
17. S3        Gi0/5        Con_To_AC2_Gi0/1        AC2        Gi0/1
18. R2        FA1/1        Con_To_S4_Gi0/1        S4        Gi0/1
19. R2        Gi0/0        Con_To_S2_Gi0/4        S2        Gi0/4
20. R2        Gi0/1        Con_To_EG1_Gi0/1        EG1        Gi0/0
21. R2        S2/0        Con_To_R1_S2/0        R1        S2/0
22. R2        S3/0        Con_To_R3_S3/0        R3        S3/0
23. R3        FA1/1        Con_To_S5_Gi0/1        S5        Gi0/1
24. R3        Gi0/0        Con_To_S3_Gi0/4        S3        Gi0/4
25. R3        Gi0/1        Con_To_EG1_Gi0/1        EG1        Gi0/1
26. R3        S2/0        Con_To_R1_S3/0        R1        S3/0
27. R3        S3/0        Con_To_R2_S3/0        R2        S3/0
28. S4        Gi0/1        Con_To_R2_FA1/1        R2        FA1/1
29. S4        Gi0/2        Con_To_S5_Gi0/2        S5        Gi0/2
30. S4        Gi0/5        Con_To_Cloud_M        云平台(主用)        　
31. S4        Gi0/23        　        S5        Gi0/23
32. S4        Gi0/24        　        S5        Gi0/24
33. S5        Gi0/1        Con_To_R3_FA1/1        R3        FA1/1
34. S5        Gi0/2        Con_To_S4_Gi0/2        S4        Gi0/2
35. S5        Gi0/5        Con_To_Cloud_B        云平台（备用）        　
36. S5        Gi0/23        　        S4        Gi0/23
37. S5        Gi0/24        　        S4        Gi0/24
38. R1        S2/0        Con_To_R2_S2/0        R2        S2/0
39. R1        S3/0        Con_To_R3_S2/0        R3        S2/0
40. R1        Gi0/0        Con_To_S6_Gi0/1        S6        Gi0/1
41. R1        Gi0/1        Con_To_EG2_Gi0/0        EG2        Gi0/0
42. S6        Gi0/1        Con_To_R1_Gi0/0        R1        Gi0/0
43. S6        Gi0/2        Con_To_AP3_Gi0/0        AP3        Gi0/0
44. S6        Gi0/3        Con_To_S7_Gi0/24        S7        Gi0/24
45. S7        Gi0/1        Con_To_PC3        PC3        　
46. S7        Gi0/24        Con_To_S6_Gi0/3        S6        Gi0/3
47. EG1        GI0/1        Con_To_R2_Gi0/1        R2        Gi0/1
48. EG1        GI0/2        Con_To_R3_Gi0/1        R3        Gi0/1
49. EG1        GI0/3        Con_To_EG2_Gi0/3        EG2        GI0/3
50. EG2        GI0/1        Con_To_R1_Gi0/1        R1        Gi0/1
51. EG2        GI0/3        Con_To_EG1_Gi0/3        EG1        GI0/3

复制代码

公司有4个不同业务部分和分部，彼此间必要互联互通，同时也必要对某些业务进行互访限制。别的，各业务对网络可靠性要求较高，要求网络核心地区发生故障时的停止时间尽可能短。另有，网络摆设时要考虑到网络的可管理性，并公道使用网络资源。

• 虚拟局域网及IPv4地址摆设
  为了淘汰广播，必要规划并设置VLAN。具体要求如下：
  （1）设置公道，Trunk链路上不允许不必要VLAN的数据流畅过。
  （2）为节省IP资源，隔离广播风暴、病毒攻击，控制端口二层互访，在分部S6、S7交换机使用Private Vlan。
  （3）为隔离网络中部分终端用户间的二层互访，在交换机S1上使用端口保护。
  （4）根据上述信息及表1-9、表1-10，在各装备上完成VLAN设置和端口分配以及IPv4地址。
  

表1-9网络装备名称表

1. 拓扑图中设备名称        配置主机名（hostname名）
2. S1        ZB-S2910-01
3. S2        ZB-S5750-01
4. S3        ZB-S5750-02
5. S4        ZB-VSU-S6000
6. S5        ZB-VSU-S6000
7. S6        FB-S5750-01
8. S7        FB-2910-01
9. R1        FB-RSR20-01
10. R2        ZB-RSR20-01
11. R3        ZB-RSR20-02
12. AC1        ZB-WS6008-01
13. AC2        ZB-WS6008-02
14. EG1        ZB-EG2000-01
15. EG2        FB-EG2000-01
16. AP1        ZB-AP520-01
17. AP2        ZB-AP520-02
18. AP3        FB-AP520-01

复制代码

表1-10 IPv4地址分配表

1. 设备        接口或VLAN        VLAN名称        二层或三层规划(XX代表工位号)        说明
2. S1        VLAN10        Res        Gi0/1至Gi0/4        研发
3.         VLAN20        Sales        Gi0/5至Gi0/8        市场
4.         VLAN30        Supply        Gi0/9至Gi0/12        供应链
5.         VLAN40        Service        Gi0/13至Gi0/16        售后
6.         VLAN50        AP        Gi0/21至Gi0/22        无线AP
7.         VLAN100        Manage        192.XX.100.4/24        设备管理VLAN
8. S2        VLAN10        Res        192.XX.10.252/24        研发
9.         VLAN20        Sales        192.XX.20.252/24        市场
10.         VLAN30        Supply        192.XX.30.252/24        供应链
11.         VLAN40        Service        192.XX.40.252/24        售后
12.         VLAN50        AP        192.XX.50.252/24        无线AP
13.         VLAN100        Manage        192.XX.100.252/24        设备管理VLAN
14.         Gi0/4        　        10.XX.0.1/30        　
15.         Gi0/5        　        TRUNK        互联AC
16.         LoopBack 0        　        11.XX.0.202/32        　
17. S3        VLAN10        Res        192.XX.10.253/24        研发
18.         VLAN20        Sales        192.XX.20.253/24        市场
19.         VLAN30        Supply        192.XX.30.253/24        供应链
20.         VLAN40        Service        192.XX.40.253/24        售后
21.         VLAN50        AP        192.XX.50.253/24        无线AP
22.         VLAN100        Manage        192.XX.100.253/24        设备管理VLAN
23.         Gi0/4        　        10.XX.0.5/30        　
24.         Gi0/5        　        TRUNK        互联AC
25.         LoopBack 0        　        11.XX.0.203/32        　
26. AC1        LoopBack 0        　        11.XX.0.204/32        　
27.         VLAN60        Wiressless        192.XX.60.252/24        无线用户
28.         Vlan100        Manage        192.XX.100.2/24        管理与互联VLAN
29. AC2        LoopBack 0        　        11.XX.0.205/32        　
30.         VLAN60        Wiressless        192.XX.60.253/24        无线用户
31.         Vlan100        Manage        192.XX.100.3/24        管理与互联VLAN
32. S4        VLAN100        Con_To_Cloud        193.XX.0.1/30        互联云平台
33.         Gi0/1        　        10.XX.0.9/30        　
34.         LoopBack 0        　        11.XX.0.45/32        　
35. S5        VLAN100        Con_To_Cloud        193.XX.0.1/30        互联云平台(备用)
36.         Gi0/1        　        10.XX.0.13/30        　
37.         LoopBack 0        　        11.XX.0.45/32        　
38. EG1        GI0/2        　        195.XX.0.1/24        与EG2互联
39.         GI0/0        　        10.XX.0.34/30        　
40.         GI0/1        　        10.XX.0.38/30        　
41.         LoopBack 0        　        11.XX.0.11/32        　
42. EG2        GI0/2        　        195.XX.0.2/24        与EG1互联
43.         GI0/0        　        10.XX.0.42/30        　
44.         LoopBack 0        　        11.XX.0.12/32        　
45. R1        S2/0        　        10.XX.0.17/30        　
46.         S2/1        　        10.XX.0.21/30        　
47.         Gi0/0        　        10.XX.0.25/30        　
48.         Gi0/1        　        10.XX.0.41/30        　
49.         LoopBack 0        　        11.XX.0.1/32        　
50. R2        Gi0/0        　        10.XX.0.2/30        　
51.         FA1/1(vlan100)        　        10.XX.0.10/30        SVI接口互联
52.         Gi0/1        　        10.XX.0.33/30        　
53.         S2/0        　        10.XX.0.18/30        　
54.         S3/0        　        10.XX.0.29/30        　
55.         LoopBack 0        　        11.XX.0.2/32        　
56. R3        Gi0/0        　        10.XX.0.6/30        　
57.         FA1/1(vlan100)        　        10.XX.0.14/30        SVI接口互联
58.         Gi0/1        　        10.XX.0.37/30        　
59.         S2/0        　        10.XX.0.22/30        　
60.         S3/0        　        10.XX.0.30/30        　
61.         LoopBack 0        　        11.XX.0.3/32        　
62. S6        Gi0/1        　        10.XX.0.26/30        　
63.         VLAN10        Pvlan        194.XX.10.254/24        分部有线用户
64.         VLAN20        Wireless_user        194.XX.20.254/24        分部无线用户
65.         VLAN30        AP        194.XX.30.254/24        分部无线AP
66.         VLAN100        Manage        194.XX.100.254/24        设备管理VLAN
67.         LoopBack 0        　        11.XX.0.6/32        　
68. S7        VLAN10        Pvlan        　        Primaty vlan
69.         VLAN11        Community_vlan        Gi0/1至Gi0/4        community vlan
70.         VLAN12        Isolated_vlan        Gi0/5至Gi0/8        isolated vlan
71.         VLAN100        Manage        194.XX.100.1/24        设备管理VLAN
72. PC机        PC1        　        自动获取        　
73.         PC2        　        192.XX.20.2/24        　
74.         PC3        　        194.XX.10.2/24        　

复制代码

• MSTP及VRRP摆设
  在总部交换机S2、S3上设置MSTP防止二层环路；要求所有数据流颠末S2转发，S2失效时颠末S3转发。所设置的参数要求如下：
  （1）region-name为ruijie；
  （2）revision版本为1；
  （3）实例值为1；
  （4）S2作为实例中的主根， S3作为实例中的从根。
  （5）在S2和S3上设置VRRP，实现主机的网关冗余。所设置的参数要求如表1-11。
  

表1-11 S2和S3的VRRP参数表

1. VLAN        VRRP备份组号（VRID）        VRRP虚拟IP
2. VLAN10        10        192.xx.10.254
3. VLAN20        20        192.xx.20.254
4. VLAN30        30        192.xx.30.254
5. VLAN40        40        192.xx.40.254
6. VLAN50        50        192.xx.50.254
7. VLAN100(交换机间)        100        192.xx.100.254

复制代码

（6）S2作为所有主机的实际网关，S3作为所有主机的备份网关；其中各VRRP组中高优先级设置为150，低优先级设置为120。

• DHCP中继与安全
  在交换机S2、S3上设置DHCP中继，对VLAN10以内的用户进行中继，使得总部PC1用户使用DHCP Relay方式获取IP地址。具体要求如下：
  （1）DHCP服务器搭建于R2上；
  （2）为了防止DHCP服务器诱骗及用户私设静态IP地址，在S1交换机摆设DHCP Snooping功能。
  
• 网络装备虚拟化
  两台核心交换机通过VSU虚拟化为一台装备进行管理，从而实现高可靠性。当恣意交换机或板卡故障时，都能保障能够实现装备、链路切换，保护客户业务。
  （1）规划S4和S5间的Gi0/23-24端口作为VSL链路，使用VSU技能实现网络装备虚拟化。其中S4为主，S5为备；
  （2）规划S4和S5间的Gi0/2端口作为双主机检测链路，设置基于BFD的双主机检，当VSL的所有物理链路都异常断开时，备机会切换成主机，从而保障网络正常；
  （3）主装备：Domain id：1,switch id:1,priority 200, description:S2910-24GT4XS-E-1;
  （4）备装备：Domain id：1,switch id:2,priority 150, description:S2910-24GT4XS-E-2。
  
• 路由协议摆设
  因历史缘故原由，总部使用静态路由、OSPF多协议组网。其中S2、S3、S4、S5、R2、R3使用OSPF协议，R2、R3与总部出口网关及分部R1间使用静态路由协议，分部使用静态路由协议。要求网络具有安全性、稳定性。具体要求如下：
  （1）OSPF历程号为10，规划多地区0（S2、S3、R2、R3）、地区1（S4、S5、R2、R3）；
  （2）R2、R3互联链路规划入地区0；
  （3）要求业务网段中不出现协议报文；
  （4）要求所有路由协议都发布具体网段；
  （5）为了管理方便，必要发布Loopback地址;
  （6）优化OSPF相干设置，以只管加速OSPF收敛；
  （7）重发布路由进OSPF中使用类型1；
  （8）采用浮动静态路由，主静态路由优先级为10，备份静态路由优先级为100。
  注意：(S4/S5必要重发布云平台（172.16.0.0/22）静态路由至总部内网)。
  
• 广域网链路设置与安全摆设
  总部路由器与分部路由器间属于广域网链路，其中R1-R2间所租用线路带宽为2M，R1-R3间所租用线路带宽为1M。R2-R3间线路带宽为2M。总部路由器与分部路由器间属于广域网链路。必要使用PPP进行安全保护。PPP的具体要求如下：
  （1）使用CHAP协议；
  （2）单向认证，用户名+验证口令方式，R1为认证客户端，R2、R3为认证服务端；
  （3）用户名和暗码均为ruijie。
  
• 路由选路摆设
  考虑到从分部到总部有两条广域网线路，且其带宽不一样。以是规划R1-R2间为主线路，R1-R3间为备线路。别的总部局域网到互联网数据，经规划R2-EG1为主线路，R3-EG1为备线路。根据以上需求，在路由器上进行公道的路由协议设置。具体要求如下：
  （1）修改链路或接口开销COST值，且其值必须为5或10；
  （2）总部用户区与互联网互通主路径规划为：S1-S2-R2-EG1;
  （3）总部与分部互通主路径为：S1-S2-R2-R1或（S4/S5）-R2-R1；
  （4）主链路故障可无缝切换到备用链路上；
  （5）要求来回数据流同等。
  
• PBR设置与摆设
  考虑到分部到总部间有2条广域网线路，为公道使用带宽，规划从分部去往总部的SSH数据通过R1-R2的线路转发，从分部去往总部的WEB数据通过R1-R3的线路转发。为到达上述目标，采用PBR来实现。具体要求如下：
  （1）Route-map计谋名为fenliu；
  （2）分部去往总部的SSH数据由ACL101来界说；
  （3）分部去往总部的WEB数据由ACL102来界说。
  
• QoS摆设
  为了防止大量用户不停突发的数据导致网络拥挤，必须对接入的用户流量加以限制。所设置的参数要求如下
  （1）总部装备S1的Gi0/1至Gi0/16接口处方向设置接口限速，限速10M/S；
  （2）分部装备R1做流量整形，G0/0接口对接收的报文进行流量控制，下行报文流量不能凌驾1Mbps，如果凌驾流量限制则将违规报文抛弃。
  

模块二：移动互联网络组建与优化

为满足“互联网+”时代下，员工移动办公的发展趋势，公司总部与分部均必要规划和摆设移动互联无线网络，同时为保证无线用户安全、可靠的访问互联网，我们必要进行无线网络安全及性能优化设置，确保员工有良好的上网体验。

• 无线网络基础摆设
  （1）使用AC为总部无线用户DHCP 服务器，使用（S2/S3）为总部AP的DHCP 服务器,S2分配地址范围为其网段的1至100，S3分配地址为其网段的101至200。使用S6为分部无线用户与AP DHCP服务器，为其终端主动分配地址；
  （2）创建总部 SSID 为 Ruijie-ZB_XX(XX代表工位号)，AP-Group为ZB，总部无线用户关联SSID后可主动获取地址；
  （3）创建分部 SSID 为 Ruijie-FB_XX(XX代表工位号)，AP-Group为FB,分部无线用户关联SSID后可主动获取地址；
  （4）调解信道使得总部AP间信道不冲突。
  
• AC热备摆设
  AC1为主用，AC2为备用。AP与AC1、AC2均创建隧道，当AP与AC1失去连接时能无缝切换至AC2并提供服务。
  
• 无线安全摆设
  具体设置参数如下：
  （1）无线用户接入无线网络时必要采用基于 WPA2 加密方式，其口令为 XXX(现场提供)；
  （2）为制止无线网络被非法用户通过SSID搜索到，并创建非法连接，必要禁用AP广播SSID，隐蔽无线SSID；
  （3）为了防御无线局域网ARP诱骗影响用户上网体验，设置无线环境ARP诱骗防御功能。
  
• 无线性能优化
  （1）关闭低速率（1M,6M）应用接入；
  （2）装备总部无线用户启用会合转发模式，各分公司无线用户启用本地转发模式。
  

模块三：网络空间安全摆设

公司总部与分部无线用户必要通过独立的互联网线路访问外网资源，同时针对访问资源进行用户身份认证与信息审计监督，别的满足出差在外的员工可以访问总部内部服务器资源，需针对出口用户提供长途VPN功能。

• 出口NAT摆设
  具体设置参数如下：
  （1）总部与分部出口网关上设置访问控制列表ACL 110，仅允许无线用户与研发部分在周一到周五的上班时间通过NAPT访问互联网，NAPT映射到互联网接口上；
  （2）在总部EG上设置，使公司总部核心交换R2（11.XX.0.2）(XX代表工位号)装备的SSH服务可以通过互联网被访问，从互联网访问的地址是195.XX.0.20(XX代表工位号)。
  
• VPN摆设
  分部R1至R2、R3两条专线均发生故障时确保分部可正常访问总部服务器区，要求在总部与分部EG上启用IPSEC VPN创建IPSEC隧道，实现总部与分部有线用户数据互通及加密处理。VPN必要采用隧道模式、预共享暗码为 123456，加密认证方式为 ESP-DES、ESP-HASH-MD5 ，DH使用组1，与此同时总部关闭WEB认证功能。
  
• 装备与网络管理摆设
  （1）为路由器开启SSH服务端功能，用户名和暗码为admin，暗码为明文类型；
  （2）为交换机开启Telnet功能，对所有Telnet用户采用本地认证的方式。创建本地用户，设定用户名和暗码为admin，暗码为明文类型。
  

具体摆设实行

方法：同时在每台装备上使用show running-config命令，查看对应装备的设置信息。
S1

1. hostname S1
3. redundancy
4. auto-sync time-period 3600
5. auto-sync standard
6. switchover timeout 4000
8. vlan 1
9. vlan 10
10. vlan 20
11. vlan 30
12. vlan 40
13. vlan 50
14. vlan 100
16. username admin password admin
17. no service password-encryption
19. ip dhcp snooping
20.        
21. spanning-tree mst configuration
22. revision 1
23. name ruijie
24. instance 0 vlan 1-9, 11-19, 21-29, 31-39, 41-49, 51-99, 101-4094
25. instance 1 vlan 10, 20, 30, 40, 50, 100
26. spanning-tree
27. interface GigabitEthernet 0/1
28. switchport access vlan 10
29. ip verify source port-security
30. arp-check
31. rate-limit input 10000 1024
32. rate-limit output 10000 1024
34. interface GigabitEthernet 0/2
35. switchport access vlan 10
36. rate-limit input 10000 1024
37. rate-limit output 10000 1024
39. interface GigabitEthernet 0/3
40. switchport access vlan 10
41. rate-limit input 10000 1024
42. rate-limit output 10000 1024
44. interface GigabitEthernet 0/4
45. switchport access vlan 10
46. rate-limit input 10000 1024
47. rate-limit output 10000 1024
49. interface GigabitEthernet 0/5
50. switchport access vlan 20
51. rate-limit input 10000 1024
52. rate-limit output 10000 1024
54. interface GigabitEthernet 0/6
55. switchport access vlan 20
56. rate-limit input 10000 1024
57. rate-limit output 10000 1024
59. interface GigabitEthernet 0/7
60. switchport access vlan 20
61. rate-limit input 10000 1024
62. rate-limit output 10000 1024
64. interface GigabitEthernet 0/8
65. switchport access vlan 20
66. rate-limit input 10000 1024
67. rate-limit output 10000 1024
69. interface GigabitEthernet 0/9
70. switchport access vlan 30
71. rate-limit input 10000 1024
72. rate-limit output 10000 1024
74. interface GigabitEthernet 0/10
75. switchport access vlan 30
76. rate-limit input 10000 1024
77. rate-limit output 10000 1024
79. interface GigabitEthernet 0/11
80. switchport access vlan 30
81. rate-limit input 10000 1024
82. rate-limit output 10000 1024
84. interface GigabitEthernet 0/12
85. switchport access vlan 30
86. rate-limit input 10000 1024
87. rate-limit output 10000 1024
89. interface GigabitEthernet 0/13
90. switchport access vlan 40
91. rate-limit input 10000 1024
92. rate-limit output 10000 1024
94. interface GigabitEthernet 0/14
95. switchport access vlan 40
96. rate-limit input 10000 1024
97. rate-limit output 10000 1024
99. interface GigabitEthernet 0/15
100. switchport access vlan 40
101. rate-limit input 10000 1024
102. rate-limit output 10000 1024
104. interface GigabitEthernet 0/16
105. switchport access vlan 40
106. rate-limit input 10000 1024
107. rate-limit output 10000 1024
109. interface GigabitEthernet 0/17
111. interface GigabitEthernet 0/18
113. interface GigabitEthernet 0/19
115. interface GigabitEthernet 0/20
117. interface GigabitEthernet 0/21
118. switchport access vlan 50
120. interface GigabitEthernet 0/22
121. switchport access vlan 50
123. interface GigabitEthernet 0/23
124. switchport mode trunk
125. ip dhcp snooping trust
127. interface GigabitEthernet 0/24
128. switchport mode trunk
129. ip dhcp snooping trust
131. interface VLAN 100
132. no ip proxy-arp
133. ip address 192.26.100.4 255.255.255.0
135. line con 0
136. line vty 0 4
137. login local
139. end

复制代码

S2

1. hostname S2
3. redundancy
4. auto-sync time-period 3600
5. auto-sync standard
6. switchover timeout 4000
8. vlan 1
10. vlan 10
12. vlan 20
14. vlan 30
16. vlan 40
18. vlan 50
20. vlan 100
22. username admin password admin
23. no service password-encryption
24. service dhcp
25. ip helper-address 10.168.0.2
27. ip dhcp excluded-address 192.168.50.101 192.168.50.254
29. ip dhcp pool appool
30. option 138 ip 11.168.0.204
31. network 192.168.50.0 255.255.255.0
32. default-router 192.168.50.254
34. spanning-tree mst configuration
35. revision 1
36. name ruijie
37. instance 0 vlan 1-9, 11-19, 21-29, 31-39, 41-49, 51-99, 101-4094
38. instance 1 vlan 10, 20, 30, 40, 50, 100
39. spanning-tree mst 1 priority 4096
40. spanning-tree
41. interface GigabitEthernet 0/1
42. switchport mode trunk
44. interface GigabitEthernet 0/2
45. port-group 1
47. interface GigabitEthernet 0/3
48. port-group 1
50. interface GigabitEthernet 0/4
51. no switchport
52. ip ospf network point-to-point
53. ip ospf cost 5
54. no ip proxy-arp
55. ip address 10.168.0.1 255.255.255.252
57. interface GigabitEthernet 0/5
58. switchport mode trunk
60. interface GigabitEthernet 0/6
62. interface GigabitEthernet 0/7
64. interface GigabitEthernet 0/8
66. interface GigabitEthernet 0/9
68. interface GigabitEthernet 0/10
70. interface GigabitEthernet 0/11
72. interface GigabitEthernet 0/12
74. interface GigabitEthernet 0/13
76. interface GigabitEthernet 0/14
78. interface GigabitEthernet 0/15
80. interface GigabitEthernet 0/16
82. interface GigabitEthernet 0/17
84. interface GigabitEthernet 0/18
86. interface GigabitEthernet 0/19
88. interface GigabitEthernet 0/20
90. interface GigabitEthernet 0/21
92. interface GigabitEthernet 0/22
94. interface GigabitEthernet 0/23
96. interface GigabitEthernet 0/24
98. interface AggregatePort 1
99. switchport mode trunk
101. interface Loopback 0
102. ip address 11.168.0.202 255.255.255.255
104. interface VLAN 10
105. no ip proxy-arp
106. ip address 192.168.10.252 255.255.255.0
107. vrrp 10 priority 150
108. vrrp 10 ip 192.168.10.254
110. interface VLAN 20
111. no ip proxy-arp
112. ip address 192.168.20.252 255.255.255.0
113. vrrp 20 priority 150
114. vrrp 20 ip 192.168.20.254
116. interface VLAN 30
117. no ip proxy-arp
118. ip address 192.168.30.252 255.255.255.0
119. vrrp 30 priority 150
120. vrrp 30 ip 192.168.30.254
122. interface VLAN 40
123. no ip proxy-arp
124. ip address 192.168.40.252 255.255.255.0
125. vrrp 40 priority 150
126. vrrp 40 ip 192.168.40.254
128. interface VLAN 50
129. no ip proxy-arp
130. ip address 192.168.50.252 255.255.255.0
131. vrrp 50 priority 150
132. vrrp 50 ip 192.168.50.254
134. interface VLAN 100
135. no ip proxy-arp
136. ip address 192.168.100.252 255.255.255.0
137. vrrp 100 priority 150
138. vrrp 100 ip 192.168.100.254
141. router ospf 10
142. passive-interface VLAN 10
143. passive-interface VLAN 20
144. passive-interface VLAN 30
145. passive-interface VLAN 40
146. passive-interface VLAN 50
147. passive-interface VLAN 100
148. network 10.168.0.0 0.0.0.3 area 0
149. network 11.168.0.202 0.0.0.0 area 0
150. network 192.168.10.0 0.0.0.255 area 0
151. network 192.168.20.0 0.0.0.255 area 0
152. network 192.168.30.0 0.0.0.255 area 0
153. network 192.168.40.0 0.0.0.255 area 0
154. network 192.168.50.0 0.0.0.255 area 0
155. network 192.168.100.0 0.0.0.255 area 0
158. ip route 10.168.0.16 255.255.255.252 10.168.0.2
159. ip route 10.168.0.36 255.255.255.252 10.168.0.2
160. ip route 11.168.0.204 255.255.255.255 192.168.100.2
161. ip route 11.168.0.205 255.255.255.255 192.168.100.253
162. ip route 194.168.30.0 255.255.255.0 10.168.0.2
164. line con 0
165. line vty 0 4
166. login local
168. end

复制代码

S3

1. hostname S3
3. redundancy
4. auto-sync time-period 3600
5. auto-sync standard
6. switchover timeout 4000
8. vlan 1
10. vlan 10
11. name Res
13. vlan 20
14. name Sales
16. vlan 30
17. name Supply
19. vlan 40
20. name Service
22. vlan 50
23. name Ap
25. vlan 100
26. name Manage
28. no service password-encryption
29. service dhcp
30. ip helper-address 10.168.0.2
32. ip dhcp excluded-address 192.168.50.1
33. ip dhcp excluded-address 192.168.50.1 192.168.50.100
34. ip dhcp excluded-address 192.168.50.201 192.168.50.255
37. ip dhcp pool S3
38. option 138 ip 11.168.0.204
39. network 192.168.50.0 255.255.255.0
40. default-router 192.168.50.254
42. spanning-tree mst configuration
43. revision 1
44. name ruijie
45. instance 0 vlan 1-9, 11-19, 21-29, 31-39, 41-49, 51-99, 101-4094
46. instance 1 vlan 10, 20, 30, 40, 50, 100
47. spanning-tree mst 1 priority 8192
48. spanning-tree
49. interface GigabitEthernet 0/1
50. switchport mode trunk
52. interface GigabitEthernet 0/2
53. port-group 1
54.          
55. interface GigabitEthernet 0/3
56. port-group 1
58. interface GigabitEthernet 0/4
59. no switch
60. ip ospf network point-to-point
61. ip ospf cost 10
62. no ip proxy-arp
63. ip address 10.168.0.5 255.255.255.252
65. interface GigabitEthernet 0/5
66. switchport mode trunk
68. interface GigabitEthernet 0/6
70. interface GigabitEthernet 0/7
72. interface GigabitEthernet 0/8
74. interface GigabitEthernet 0/9
76. interface GigabitEthernet 0/10
78. interface GigabitEthernet 0/11
80. interface GigabitEthernet 0/12
82. interface GigabitEthernet 0/13
83.          
84. interface GigabitEthernet 0/14
86. interface GigabitEthernet 0/15
88. interface GigabitEthernet 0/16
90. interface GigabitEthernet 0/17
92. interface GigabitEthernet 0/18
94. interface GigabitEthernet 0/19
96. interface GigabitEthernet 0/20
98. interface GigabitEthernet 0/21
100. interface GigabitEthernet 0/22
102. interface GigabitEthernet 0/23
104. interface GigabitEthernet 0/24
106. interface AggregatePort 1
107. switchport mode trunk
109. interface Loopback 0
110. ip address 11.168.0.203 255.255.255.255
112. interface VLAN 10
113. no ip proxy-arp
114. ip address 192.168.10.253 255.255.255.0
115. vrrp 10 priority 120
116. vrrp 10 ip 192.168.10.254
118. interface VLAN 20
119. no ip proxy-arp
120. ip address 192.168.20.253 255.255.255.0
121. vrrp 20 priority 120
122. vrrp 20 ip 192.168.20.254
124. interface VLAN 30
125. no ip proxy-arp
126. ip address 192.168.30.253 255.255.255.0
127. vrrp 30 priority 120
128. vrrp 30 ip 192.168.30.254
130. interface VLAN 40
131. no ip proxy-arp
132. ip address 192.168.40.253 255.255.255.0
133. vrrp 40 priority 120
134. vrrp 40 ip 192.168.40.254
136. interface VLAN 50
137. no ip proxy-arp
138. ip address 192.168.50.253 255.255.255.0
139. vrrp 50 priority 120
140. vrrp 50 ip 192.168.50.254
142. interface VLAN 100
143. no ip proxy-arp
144. ip address 192.168.100.253 255.255.255.0
145. vrrp 100 priority 120
146. vrrp 100 ip 192.168.100.254
148. router ospf 10
149. passive-interface VLAN 10
150. passive-interface VLAN 20
151. passive-interface VLAN 30
152. passive-interface VLAN 40
153. passive-interface VLAN 50
154. passive-interface VLAN 100
155. network 10.128.0.4 0.0.0.3 area 0
156. network 11.128.0.203 0.0.0.0 area 0
157. network 192.168.10.0 0.0.0.255 area 0
158. network 192.168.20.0 0.0.0.255 area 0
159. network 192.168.30.0 0.0.0.255 area 0
160. network 192.168.40.0 0.0.0.255 area 0
161. network 192.168.50.0 0.0.0.255 area 0
162. network 192.168.100.0 0.0.0.255 area 0
164. ip route 11.168.0.204 255.255.255.255 192.168.100.252
166. line con 0
167. line vty 0 4
168. login
170. end

复制代码

S4/S5（做的堆叠，两台当一台用）

1. hostname VSU
3. redundancy
4. auto-sync time-period 3600
5. auto-sync standard
6. switchover timeout 4000
8. vlan 1
10. vlan 100
11.   
12. no service password-encryption
14. interface GigabitEthernet 1/0/1
15. no switchport
16. ip ospf network point-to-point
17. no ip proxy-arp
18. ip address 10.168.0.9 255.255.255.252
20. interface GigabitEthernet 1/0/2
21. no switchport
22. no ip proxy-arp
23. no lldp enable
25. interface GigabitEthernet 1/0/3
27. interface GigabitEthernet 1/0/4
28.          
29. interface GigabitEthernet 1/0/5
31. interface GigabitEthernet 1/0/6
33. interface GigabitEthernet 1/0/7
35. interface GigabitEthernet 1/0/8
37. interface GigabitEthernet 1/0/9
39. interface GigabitEthernet 1/0/10
41. interface GigabitEthernet 1/0/11
43. interface GigabitEthernet 1/0/12
45. interface GigabitEthernet 1/0/13
47. interface GigabitEthernet 1/0/14
49. interface GigabitEthernet 1/0/15
51. interface GigabitEthernet 1/0/16
52.          
53. interface GigabitEthernet 1/0/17
55. interface GigabitEthernet 1/0/18
57. interface GigabitEthernet 1/0/19
59. interface GigabitEthernet 1/0/20
61. interface GigabitEthernet 1/0/21
63. interface GigabitEthernet 1/0/22
65. interface GigabitEthernet 1/0/23
67. interface GigabitEthernet 1/0/24
69. interface GigabitEthernet 2/0/1
70. no switchport
71. ip ospf network point-to-point
72. no ip proxy-arp
73. ip address 10.168.0.13 255.255.255.252
75. interface GigabitEthernet 2/0/2
76. no switchport
77. no ip proxy-arp
78. no lldp enable
80. interface GigabitEthernet 2/0/3
82. interface GigabitEthernet 2/0/4
84. interface GigabitEthernet 2/0/5
86. interface GigabitEthernet 2/0/6
88. interface GigabitEthernet 2/0/7
90. interface GigabitEthernet 2/0/8
92. interface GigabitEthernet 2/0/9
94. interface GigabitEthernet 2/0/10
96. interface GigabitEthernet 2/0/11
98. interface GigabitEthernet 2/0/12
100. interface GigabitEthernet 2/0/13
102. interface GigabitEthernet 2/0/14
104. interface GigabitEthernet 2/0/15
106. interface GigabitEthernet 2/0/16
108. interface GigabitEthernet 2/0/17
110. interface GigabitEthernet 2/0/18
112. interface GigabitEthernet 2/0/19
114. interface GigabitEthernet 2/0/20
116. interface GigabitEthernet 2/0/21
118. interface GigabitEthernet 2/0/22
120. interface GigabitEthernet 2/0/23
122. interface GigabitEthernet 2/0/24
124. interface Loopback 0
125. ip address 11.168.0.45 255.255.255.255
127. interface Loopback 1
128. ip address 172.16.0.1 255.255.252.0
130. interface VLAN 100
131. no ip proxy-arp
132. ip address 193.168.0.1 255.255.255.252
134. switch virtual domain 1
135. dual-active detection bfd
136. dual-active bfd interface GigabitEthernet 1/0/2
137. dual-active bfd interface GigabitEthernet 2/0/2
139. router ospf 10
140. network 10.168.0.8 0.0.0.3 area 1
141. network 10.168.0.12 0.0.0.3 area 1
142. network 11.168.0.45 0.0.0.0 area 1
144. ip route 10.168.0.16 255.255.255.252 10.168.0.10
145. ip route 10.168.0.20 255.255.255.252 10.168.0.14
147. line con 0
148. line vty 0 4
149. login
151. end

复制代码

S6

1. hostname S6
3. redundancy
4. auto-sync time-period 3600
5. auto-sync standard
6. switchover timeout 4000
8. diagnostic bootup level bypass
10. vlan 1
12. vlan 10
13. name Pvlan
14. private-vlan primary
15. private-vlan association add 11-12
17. vlan 11
18. private-vlan community
20. vlan 12
21. private-vlan isolated
23. vlan 20
24. name Wirelessuser
26. vlan 30
27. name AP
29. vlan 100
30. name Manage
32. username admin password admin
33. no service password-encryption
34. service dhcp
36. ip dhcp pool client
37. network 194.168.20.0 255.255.255.0
38. default-router 194.168.20.254
40. ip dhcp pool Wireless
41. option 138 ip 11.26.0.204
42. network 194.168.30.0 255.255.255.0
43. default-router 194.168.30.254
45. interface GigabitEthernet 0/1
46. no switchport
47. no ip proxy-arp
48. ip address 10.168.0.26 255.255.255.252
50. interface GigabitEthernet 0/2
51. switchport mode trunk
52. switchport trunk native vlan 30
54. interface GigabitEthernet 0/3
55. switchport mode trunk
57. interface GigabitEthernet 0/4
59. interface GigabitEthernet 0/5
61. interface GigabitEthernet 0/6
63. interface GigabitEthernet 0/7
65. interface GigabitEthernet 0/8
67. interface GigabitEthernet 0/9
69. interface GigabitEthernet 0/10
71. interface GigabitEthernet 0/11
73. interface GigabitEthernet 0/12
75. interface GigabitEthernet 0/13
77. interface GigabitEthernet 0/14
79. interface GigabitEthernet 0/15
81. interface GigabitEthernet 0/16
83. interface GigabitEthernet 0/17
85. interface GigabitEthernet 0/18
87. interface GigabitEthernet 0/19
89. interface GigabitEthernet 0/20
91. interface GigabitEthernet 0/21
93. interface GigabitEthernet 0/22
95. interface GigabitEthernet 0/23
96. switchport mode trunk
98. interface GigabitEthernet 0/24
100. interface Loopback 0
101. ip address 11.168.0.6 255.255.255.255
103. interface VLAN 10
104. no ip proxy-arp
105. ip address 194.168.10.254 255.255.255.0
106. private-vlan mapping add 11-12
108. interface VLAN 20
109. no ip proxy-arp
110. ip address 194.168.20.254 255.255.255.0
112. interface VLAN 30
113. no ip proxy-arp
114. ip address 194.168.30.254 255.255.255.0
116. interface VLAN 100
117. no ip proxy-arp
118. ip address 194.168.100.254 255.255.255.0
120. ip route 0.0.0.0 0.0.0.0 10.168.0.25
122. line con 0
123. line vty 0 4
124. login local
126. end

复制代码

R1

1. hostname R1
2. webmaster level 0 username admin password 7 04361c0b370d
4. diffserv domain default
6. no cwmp
8. route-map fenliu permit 10
9. match ip address 101
10. set ip next-hop 10.168.0.18
12. route-map fenliu permit 20
13. match ip address 102
14. set ip next-hop 10.168.0.22
16. route-map fenliu permit 30
18. vlan 1
20. username admin password admin
21. no service password-encryption
23. control-plane
25. control-plane protocol
26. acpp bw-rate 1250 bw-burst-rate 2500
28. control-plane manage
29. port-filter
30. arp-car 5
31. acpp bw-rate 1250 bw-burst-rate 2500
33. control-plane data
34. glean-car 5
35. acpp bw-rate 1250 bw-burst-rate 2500
37. web-auth mac-check enable
39. enable service ssh-server
40. enable service web-server http
41. enable service web-server https
43. interface Serial 2/0
44. encapsulation PPP
45. ppp chap hostname ruijie
46. ppp chap password ruijie
47. ip address 10.168.0.17 255.255.255.252
48. clock rate 64000
50. interface Serial 2/1
51. encapsulation PPP
52. ppp chap hostname ruijie
53. ppp chap password ruijie
54. ip address 10.168.0.21 255.255.255.252
56. interface GigabitEthernet 0/0
57. ip address 10.168.0.25 255.255.255.252
58. duplex auto
59. speed auto
61. interface GigabitEthernet 0/1
62. ip address 10.168.0.41 255.255.255.252
63. duplex auto
64. speed auto
66. interface GigabitEthernet 0/2
67. duplex auto
68. speed auto
70. interface GigabitEthernet 0/3
71. duplex auto
72. speed auto
74. interface GigabitEthernet 1/0
76. interface GigabitEthernet 1/1
77.          
78. interface GigabitEthernet 1/2
80. interface GigabitEthernet 1/3
82. interface GigabitEthernet 1/4
84. interface GigabitEthernet 1/5
86. interface GigabitEthernet 1/6
88. interface GigabitEthernet 1/7
90. interface GigabitEthernet 1/8
92. interface GigabitEthernet 1/9
94. interface GigabitEthernet 1/10
96. interface GigabitEthernet 1/11
98. interface GigabitEthernet 1/12
100. interface GigabitEthernet 1/13
101.          
102. interface GigabitEthernet 1/14
104. interface GigabitEthernet 1/15
106. interface GigabitEthernet 1/16
108. interface GigabitEthernet 1/17
110. interface GigabitEthernet 1/18
112. interface GigabitEthernet 1/19
114. interface GigabitEthernet 1/20
116. interface GigabitEthernet 1/21
118. interface GigabitEthernet 1/22
120. interface GigabitEthernet 1/23
122. interface Loopback 0
123. ip address 11.168.0.1 255.255.255.255
125. interface VLAN 1
126. ip address 192.168.1.1 255.255.255.0
128. ip route 10.168.0.0 255.255.255.252 10.168.0.18
129. ip route 10.168.0.4 255.255.255.252 10.168.0.18
130. ip route 11.168.0.204 255.255.255.255 10.168.0.18 10
131. ip route 11.168.0.204 255.255.255.255 10.168.0.22 100
132. ip route 11.168.0.205 255.255.255.255 10.168.0.18 10
133. ip route 11.168.0.205 255.255.255.255 10.168.0.22 100
134. ip route 172.16.0.0 255.255.252.0 10.168.0.18 10
135. ip route 172.16.0.0 255.255.252.0 10.168.0.22 100
136. ip route 192.168.10.0 255.255.255.0 10.168.0.18 10
137. ip route 192.168.10.0 255.255.255.0 10.168.0.22 100
138. ip route 192.168.20.0 255.255.255.0 10.168.0.18 10
139. ip route 192.168.20.0 255.255.255.0 10.168.0.22 100
140. ip route 192.168.30.0 255.255.255.0 10.168.0.18 10
141. ip route 192.168.30.0 255.255.255.0 10.168.0.22 100
142. ip route 192.168.40.0 255.255.255.0 10.168.0.18 10
143. ip route 192.168.40.0 255.255.255.0 10.168.0.22 100
144. ip route 192.168.60.0 255.255.255.0 10.168.0.18 10
145. ip route 192.168.60.0 255.255.255.0 10.168.0.22 100
146. ip route 193.168.0.0 255.255.255.252 10.168.0.18 10
147. ip route 193.168.0.0 255.255.255.252 10.168.0.22 100
148. ip route 194.168.0.0 255.255.0.0 10.168.0.26
149. ip route 194.168.10.0 255.255.255.0 10.168.0.26
150. ip route 195.168.0.0 255.255.255.0 10.168.0.42
152. ref parameter 75 100
153. line con 0
154. line vty 0 4
155. transport input ssh
156. login local
159. end

复制代码

R2

1. hostname R2
2. webmaster level 0 username admin password 7 073f07221c1c
3. vlan 1
5. vlan 100
7. username admin password admin
8. username ruijie password ruijie
9. no service password-encryption
10. service dhcp
12. ip dhcp pool vlan10
13. network 192.168.10.0 255.255.255.0
14. default-router 192.168.10.254
16. control-plane
18. control-plane protocol
19. no acpp
21. control-plane manage
22. no port-filter
23. no arp-car
24. no acpp
26. control-plane data
27. no glean-car
28. no acpp  
30. enable service ssh-server
31. enable service web-server http
32. enable service web-server https
34. interface Serial 2/0
35. encapsulation PPP
36. ppp authentication chap
37. ip address 10.168.0.18 255.255.255.252
39. interface Serial 3/0
40. encapsulation PPP
41. ip ospf network point-to-point
42. ip address 10.168.0.29 255.255.255.252
44. interface FastEthernet 1/0
46. interface FastEthernet 1/1
47. switchport access vlan 100
49. interface FastEthernet 1/2
51. interface FastEthernet 1/3
53. interface FastEthernet 1/4
55. interface FastEthernet 1/5
57. interface FastEthernet 1/6
59. interface FastEthernet 1/7
61. interface FastEthernet 1/8
63. interface FastEthernet 1/9
65. interface FastEthernet 1/10
67. interface FastEthernet 1/11
69. interface FastEthernet 1/12
71. interface FastEthernet 1/13
73. interface FastEthernet 1/14
75. interface FastEthernet 1/15
77. interface FastEthernet 1/16
79. interface FastEthernet 1/17
81. interface FastEthernet 1/18
83. interface FastEthernet 1/19
85. interface FastEthernet 1/20
87. interface FastEthernet 1/21
89. interface FastEthernet 1/22
91. interface FastEthernet 1/23
93. interface GigabitEthernet 0/0
94. ip ospf network point-to-point
95. ip ospf cost 5
96. ip address 10.168.0.2 255.255.255.252
97. duplex auto
98. speed auto
100. interface GigabitEthernet 0/1
101. ip address 10.168.0.33 255.255.255.252
102. duplex auto
103. speed auto
105. interface Loopback 0
106. ip address 11.168.0.2 255.255.255.255
107.          
108. interface VLAN 100
109. ip address 10.168.0.10 255.255.255.252
111. router ospf 10
112. redistribute static metric-type 1 subnets
113. network 10.168.0.0 0.0.0.3 area 0
114. network 10.168.0.8 0.0.0.3 area 1
115. network 10.168.0.28 0.0.0.3 area 0
116. network 11.168.0.2 0.0.0.0 area 0
118. ip route 10.168.0.24 255.255.255.252 10.168.0.17
119. ip route 11.168.0.1 255.255.255.255 10.168.0.17
120. ip route 11.168.0.204 255.255.255.255 10.168.0.1
121. ip route 11.168.0.205 255.255.255.255 10.168.0.1
122. ip route 172.16.0.0 255.255.252.0 10.168.0.9
123. ip route 194.168.10.0 255.255.255.0 10.168.0.34
124. ip route 194.168.30.0 255.255.255.0 10.168.0.17
125. ip route 195.168.0.0 255.255.255.0 10.168.0.34
127. ref parameter 75 140
128. line con 0
129. line aux 0
130. line vty 0 4
131. transport input ssh
132. login local
134. end

复制代码

R3

1. hostname R3
3. vlan 1
5. vlan 100
8. username admin password admin
9. username ruijie password ruijie
10. no service password-encryption
12. control-plane
14. control-plane protocol
15. no acpp
17. control-plane manage
18. no port-filter
19. no arp-car
20. no acpp
22. control-plane data
23. no glean-car
24. no acpp
26. enable service ssh-server
27. enable service web-server http
28. enable service web-server https
30. interface Serial 2/0
31. encapsulation PPP
32. ppp authentication chap
33. ip address 10.168.0.22 255.255.255.252
34. clock rate 64000
36. interface Serial 3/0
37. encapsulation PPP
38. ip ospf network point-to-point
39. ip address 10.168.0.30 255.255.255.252
40. clock rate 64000
42. interface FastEthernet 1/0
44. interface FastEthernet 1/1
45. switchport access vlan 100
47. interface FastEthernet 1/2
49. interface FastEthernet 1/3
51. interface FastEthernet 1/4
53. interface FastEthernet 1/5
55. interface FastEthernet 1/6
57. interface FastEthernet 1/7
59. interface FastEthernet 1/8
60.          
61. interface FastEthernet 1/9
63. interface FastEthernet 1/10
65. interface FastEthernet 1/11
67. interface FastEthernet 1/12
69. interface FastEthernet 1/13
71. interface FastEthernet 1/14
73. interface FastEthernet 1/15
75. interface FastEthernet 1/16
77. interface FastEthernet 1/17
79. interface FastEthernet 1/18
81. interface FastEthernet 1/19
83. interface FastEthernet 1/20
84.          
85. interface FastEthernet 1/21
87. interface FastEthernet 1/22
89. interface FastEthernet 1/23
91. interface GigabitEthernet 0/0
92. ip ospf network point-to-point
93. ip ospf cost 10
94. ip address 10.168.0.6 255.255.255.252
95. duplex auto
96. speed auto
98. interface GigabitEthernet 0/1
99. ip address 10.168.0.37 255.255.255.252
100. duplex auto
101. speed auto
103. interface Loopback 0
104. ip address 11.168.0.3 255.255.255.255
106. interface VLAN 100
107. ip address 10.168.0.14 255.255.255.252
109. router ospf 10
110. redistribute static metric-type 1 subnets
111. network 10.168.0.4 0.0.0.3 area 0
112. network 10.168.0.12 0.0.0.3 area 1
113. network 10.168.0.28 0.0.0.3 area 0
114. network 11.168.0.3 0.0.0.0 area 0
116. ip route 10.168.0.24 255.255.255.252 10.168.0.17
117. ip route 10.168.0.24 255.255.255.252 10.168.0.21
118. ip route 11.168.0.1 255.255.255.255 10.168.0.21
119. ip route 11.168.0.204 255.255.255.255 10.168.0.5
120. ip route 11.168.0.205 255.255.255.255 10.168.0.5
121. ip route 172.16.0.0 255.255.252.0 10.168.0.13
122. ip route 194.168.10.0 255.255.255.0 10.168.0.38
123. ip route 194.168.30.0 255.255.255.0 10.168.0.21
124. ip route 195.168.0.0 255.255.255.0 10.168.0.38
126. ref parameter 75 140
127. line con 0
128. line aux 0
129. line vty 0 4
130. transport input ssh
131. login local
133. end

复制代码

AC1

1. hostname AC1
3. wlan-config 1 Ruijie-ZB_176
4. ssid-code utf-8
5. no enable-broad-ssid
7. wlan-config 2 Ruijie-FB_176
8. ssid-code utf-8
9. no enable-broad-ssid
10. tunnel local
12. ap-group FB
13. interface-mapping 2 20 ap-wlan-id 1
15. ap-group ZB
16. interface-mapping 1 60 ap-wlan-id 1
18. ap-group default
20. ap-config all
22. ac-controller
23. country CN
24. 802.11g network rate 1 disabled
25. 802.11g network rate 2 disabled
26. 802.11g network rate 5 disabled
27. 802.11g network rate 6 disabled
28. 802.11g network rate 9 supported
29. 802.11g network rate 11 mandatory
30. 802.11g network rate 12 supported
31. 802.11g network rate 18 supported
32. 802.11g network rate 24 supported
33. 802.11g network rate 36 supported
34. 802.11g network rate 48 supported
35. 802.11g network rate 54 supported
36. 802.11b network rate 1 disabled
37. 802.11b network rate 2 disabled
38. 802.11b network rate 5 disabled
39. 802.11b network rate 11 mandatory
40. 802.11a network rate 6 disabled
41. 802.11a network rate 9 supported
42. 802.11a network rate 12 mandatory
43. 802.11a network rate 18 supported
44. 802.11a network rate 24 mandatory
45. 802.11a network rate 36 supported
46. 802.11a network rate 48 supported
47. 802.11a network rate 54 supported
49. ip dhcp snooping
51. no identify-application enable
53. no cwmp
55. service dhcp
57. ip dhcp pool Wireless
58. network 192.168.60.0 255.255.255.0
59. default-router 192.168.60.254
61. install 0 WS6008
63. sysmac c470.abe7.386b
65. enable service web-server http
66. enable service web-server https
67. webmaster level 0 username admin password 7 06073a0e261b
68. no service password-encryption
70. redundancy
72. link-check disable
74. nfpp
76. wids
78. frn
80. vlan 1
82. vlan 60
83. name Wireless
85. vlan 100
86. name Manage
88. interface GigabitEthernet 0/1
89. switchport mode trunk
90. ip dhcp snooping trust
92. interface GigabitEthernet 0/2
94. interface GigabitEthernet 0/3
96. interface GigabitEthernet 0/4
98. interface GigabitEthernet 0/5
100. interface GigabitEthernet 0/6
102. interface GigabitEthernet 0/7
104. interface GigabitEthernet 0/8
106. interface Loopback 0
107. ip address 11.168.0.204 255.255.255.255
109. interface VLAN 1
111. interface VLAN 60
112. ip address 192.168.60.252 255.255.255.0
113. vrrp 1 ip 192.168.60.254
114. vrrp 1 priority 150
116. interface VLAN 100
117. ip address 192.168.100.2 255.255.255.0
119. wlan hot-backup 11.168.0.205
121. context 1
122.   priority level 1
123.   
124. wlan hot-backup enable
126. wlansec 1
127. security rsn enable
128. security rsn ciphers aes enable
129. security rsn akm psk enable
130. security rsn akm psk set-key ascii 12345678
131. arp-check
132. ip verify source port-security
134. ip route 0.0.0.0 0.0.0.0 192.168.100.252
136. line console 0
137. line vty 0 4
138. login
140. end

复制代码

EG1

1. interface GigabitEthernet 0/0
2. ip address 192.168.1.1 255.255.255.0
3. ip nat inside
5. interface GigabitEthernet 0/1
6. ip address 10.168.0.34 255.255.255.252
7. ip nat inside
9. interface GigabitEthernet 0/2
10. ip address 10.168.0.38 255.255.255.252
11. ip nat inside
13. interface GigabitEthernet 0/3
14. ip address 195.168.0.1 255.255.255.0
15. crypto map mymap
17. interface GigabitEthernet 0/4
19. interface GigabitEthernet 0/5
21. interface GigabitEthernet 0/6
23. interface GigabitEthernet 0/7
24.          
25. interface GigabitEthernet 0/8
27. interface GigabitEthernet 0/9
29. interface Loopback 0
30. ip address 11.168.0.11 255.255.255.255
32. interface SSLVPN 0
34. interface SSLVPN 1
36. app route switch
37. app route mode new-flow
39. ip nat pool ssh prefix-length 24
40. address 195.168.0.20 195.168.0.20 match interface GigabitEthernet 0/1
42. ip nat outside source list 111 pool ssh
43. ip nat inside source list 1 pool nat_pool overload
44. ip nat inside source list 110 interface GigabitEthernet 0/3 overload
46. ip route 10.168.0.0 255.255.255.252 10.168.0.33
47. ip route 192.168.10.0 255.255.255.0 10.168.0.33 10
48. ip route 192.168.10.0 255.255.255.0 10.168.0.37 100
49. ip route 192.168.20.0 255.255.255.0 10.168.0.33 10
50. ip route 192.168.20.0 255.255.255.0 10.168.0.37 100
51. ip route 192.168.30.0 255.255.255.0 10.168.0.33 10
52. ip route 192.168.30.0 255.255.255.0 10.168.0.37 100
53. ip route 192.168.40.0 255.255.255.0 10.168.0.33 10
54. ip route 192.168.40.0 255.255.255.0 10.168.0.37 100
55. ip route 192.168.60.0 255.255.255.0 10.168.0.33 10
56. ip route 192.168.60.0 255.255.255.0 10.168.0.37 100
57. ip route 194.168.10.0 255.255.255.0 195.168.0.2
59. line console 0
60. line vty 0 4
61. login
63. end

复制代码

EG2

1. hostname EG2
2. vlan 1
4. no service password-encryption
6. ip access-list extended 110
7. 10 permit ip 194.168.20.0 0.0.0.255 195.168.0.0 0.0.0.255 time-range working_time
9. ip access-list extended 112
10. 10 permit ip 194.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
12. control-plane
14. control-plane protocol
15. no acpp
17. control-plane manage
18. no port-filter
19. no arp-car
20. no acpp
22. control-plane data
23. no glean-car
24. no acpp
26. enable service web-server http
27. enable service web-server https
29. crypto isakmp policy 1
30. encryption 3des
31. authentication pre-share
32. hash md5
33.   
34. crypto isakmp key 7 151b5f72467e7a address 195.168.0.1
35. crypto ipsec transform-set myset esp-3des esp-md5-hmac
37. crypto map mymap 1 ipsec-isakmp
38. set peer 195.168.0.1   
39. set transform-set myset
40. match address 112
42. interface FastEthernet 1/0
44. interface FastEthernet 1/1
46. interface FastEthernet 1/2
48. interface FastEthernet 1/3
50. interface FastEthernet 1/4
52. interface FastEthernet 1/5
54. interface FastEthernet 1/6
56. interface FastEthernet 1/7
58. interface FastEthernet 1/8
60. interface FastEthernet 1/9
62. interface FastEthernet 1/10
64. interface FastEthernet 1/11
66. interface FastEthernet 1/12
68. interface FastEthernet 1/13
70. interface FastEthernet 1/14
72. interface FastEthernet 1/15
74. interface FastEthernet 1/16
76. interface FastEthernet 1/17
78. interface FastEthernet 1/18
80. interface FastEthernet 1/19
82. interface FastEthernet 1/20
84. interface FastEthernet 1/21
86. interface FastEthernet 1/22
88. interface FastEthernet 1/23
90. interface GigabitEthernet 0/0
91. ip nat outside
92. ip address 195.168.0.2 255.255.255.0
93. crypto map mymap
94. duplex auto
95. speed auto
97. interface GigabitEthernet 0/1
98. ip nat inside
99. ip address 10.168.0.42 255.255.255.252
100. duplex auto
101. speed auto
103. interface Loopback 0
104. ip address 11.168.0.12 255.255.255.255
106. ip nat inside source list 110 interface GigabitEthernet 0/0 overload
108. ip route 10.168.0.24 255.255.255.252 10.168.0.41
109. ip route 192.168.20.0 255.255.255.0 195.168.0.1
110. ip route 194.168.10.0 255.255.255.0 10.168.0.41
111. ip route 194.168.20.0 255.255.255.0 10.168.0.41
113. ref parameter 75 140
114. line con 0
115. line aux 0
116. line vty 0 4
117. login
119. End

复制代码

终极路由情况

免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！更多信息从访问主页：qidao123.com:ToB企服之家，中国第一个企服评测及商务社交产业平台。

---

欢迎光临 ToB企服应用市场:ToB评测及商务社交产业平台 (https://dis.qidao123.com/)

Powered by Discuz! X3.4