云计算融合网络摆设实例

忿忿的泥巴坨  金牌会员 | 2024-6-14 21:10:55 | 显示全部楼层 | 阅读模式
打印 上一主题 下一主题
楼主

主题 647|帖子 647|积分 1941

这是我当年参加的网络比赛的练习标题,我将其分享出来。
模块一:云计算融合网络摆设

CII网络公司总部设有研发、市场、供应链、售后等4个部分,统一进行IP地址及业务资源的规划和分配。公司总部及亚太地域的网络拓扑结构如图所示。
其中两台S6000交换机(用S5750-E代替)编号为S4、S5,用于服务器高速接入;两台S5750编号为S2、S3,作为总部的核心交换机;两台RSR20路由器编号为R2、R3,作为总部的核心路由器,一台EG2000(用RSR20代替)编号为EG1,作为总部互联网出口网关1。一台S2910编号为S1,作为总部接入交换机;一台RSR20路由器编号为R1,作为分支机构路由器,一台EG2000(用RSR20代替)编号为EG2,作为分部互联网出口网关2。一台S5750编号为S6作为分部核心交换机,一台S2910编号为S7,作为分部接入交换机。3台AP520编号为AP1,AP2,AP3分别作为总部与分部的无线接入点。

请根据拓扑图及网络物理连接表完成装备的连线。
装备互联规范主要对各种网络装备的互联进行规范界说,在项目实行中,如用户无特殊要求,应根据规范要求进行各级网络装备的互联,统一现场装备互联界面,结合规范的线缆标签使用,使网络结构清晰明了,方便后续的维护。如下“表1-8 网络物理连接表”。
表1-8网络物理连接表
  1. 源设备名称        设备接口        接口描述        目标设备名称        设备接口
  2. S1        Gi0/1        Con_To_PC1        PC1         
  3. S1        Gi0/5        Con_To_PC2        PC2         
  4. S1        Gi0/21        Con_To_AP1        AP1         
  5. S1        Gi0/22        Con_To_AP2        AP2         
  6. S1        Gi0/23        Con_To_S2_Gi0/1        S2        Gi0/1
  7. S1        Gi0/24        Con_To_S3_Gi0/1        S3        Gi0/1
  8. S2        Gi0/1        Con_To_S1_Gi0/23        S1        Gi0/23
  9. S2        Gi0/2        Con_To_S3_Gi0/2        S3        Gi0/2
  10. S2        Gi0/3        Con_To_S3_Gi0/3        S3        Gi0/3
  11. S2        Gi0/4        Con_To_R2_Gi0/0        R2        Gi0/0
  12. S2        Gi0/5        Con_To_AC1_Gi0/1        AC1        Gi0/1
  13. S3        Gi0/1        Con_To_S1_Gi0/24        S1        Gi0/24
  14. S3        Gi0/2        Con_To_S2_Gi0/2        S2        Gi0/2
  15. S3        Gi0/3        Con_To_S2_Gi0/3        S2        Gi0/3
  16. S3        Gi0/4        Con_To_R3_Gi0/0        R3        Gi0/0
  17. S3        Gi0/5        Con_To_AC2_Gi0/1        AC2        Gi0/1
  18. R2        FA1/1        Con_To_S4_Gi0/1        S4        Gi0/1
  19. R2        Gi0/0        Con_To_S2_Gi0/4        S2        Gi0/4
  20. R2        Gi0/1        Con_To_EG1_Gi0/1        EG1        Gi0/0
  21. R2        S2/0        Con_To_R1_S2/0        R1        S2/0
  22. R2        S3/0        Con_To_R3_S3/0        R3        S3/0
  23. R3        FA1/1        Con_To_S5_Gi0/1        S5        Gi0/1
  24. R3        Gi0/0        Con_To_S3_Gi0/4        S3        Gi0/4
  25. R3        Gi0/1        Con_To_EG1_Gi0/1        EG1        Gi0/1
  26. R3        S2/0        Con_To_R1_S3/0        R1        S3/0
  27. R3        S3/0        Con_To_R2_S3/0        R2        S3/0
  28. S4        Gi0/1        Con_To_R2_FA1/1        R2        FA1/1
  29. S4        Gi0/2        Con_To_S5_Gi0/2        S5        Gi0/2
  30. S4        Gi0/5        Con_To_Cloud_M        云平台(主用)         
  31. S4        Gi0/23                 S5        Gi0/23
  32. S4        Gi0/24                 S5        Gi0/24
  33. S5        Gi0/1        Con_To_R3_FA1/1        R3        FA1/1
  34. S5        Gi0/2        Con_To_S4_Gi0/2        S4        Gi0/2
  35. S5        Gi0/5        Con_To_Cloud_B        云平台(备用)         
  36. S5        Gi0/23                 S4        Gi0/23
  37. S5        Gi0/24                 S4        Gi0/24
  38. R1        S2/0        Con_To_R2_S2/0        R2        S2/0
  39. R1        S3/0        Con_To_R3_S2/0        R3        S2/0
  40. R1        Gi0/0        Con_To_S6_Gi0/1        S6        Gi0/1
  41. R1        Gi0/1        Con_To_EG2_Gi0/0        EG2        Gi0/0
  42. S6        Gi0/1        Con_To_R1_Gi0/0        R1        Gi0/0
  43. S6        Gi0/2        Con_To_AP3_Gi0/0        AP3        Gi0/0
  44. S6        Gi0/3        Con_To_S7_Gi0/24        S7        Gi0/24
  45. S7        Gi0/1        Con_To_PC3        PC3         
  46. S7        Gi0/24        Con_To_S6_Gi0/3        S6        Gi0/3
  47. EG1        GI0/1        Con_To_R2_Gi0/1        R2        Gi0/1
  48. EG1        GI0/2        Con_To_R3_Gi0/1        R3        Gi0/1
  49. EG1        GI0/3        Con_To_EG2_Gi0/3        EG2        GI0/3
  50. EG2        GI0/1        Con_To_R1_Gi0/1        R1        Gi0/1
  51. EG2        GI0/3        Con_To_EG1_Gi0/3        EG1        GI0/3
复制代码
公司有4个不同业务部分和分部,彼此间必要互联互通,同时也必要对某些业务进行互访限制。别的,各业务对网络可靠性要求较高,要求网络核心地区发生故障时的停止时间尽可能短。另有,网络摆设时要考虑到网络的可管理性,并公道使用网络资源。

  • 虚拟局域网及IPv4地址摆设
    为了淘汰广播,必要规划并设置VLAN。具体要求如下:
    (1)设置公道,Trunk链路上不允许不必要VLAN的数据流畅过。
    (2)为节省IP资源,隔离广播风暴、病毒攻击,控制端口二层互访,在分部S6、S7交换机使用Private Vlan。
    (3)为隔离网络中部分终端用户间的二层互访,在交换机S1上使用端口保护。
    (4)根据上述信息及表1-9、表1-10,在各装备上完成VLAN设置和端口分配以及IPv4地址。
表1-9网络装备名称表
  1. 拓扑图中设备名称        配置主机名(hostname名)
  2. S1        ZB-S2910-01
  3. S2        ZB-S5750-01
  4. S3        ZB-S5750-02
  5. S4        ZB-VSU-S6000
  6. S5        ZB-VSU-S6000
  7. S6        FB-S5750-01
  8. S7        FB-2910-01
  9. R1        FB-RSR20-01
  10. R2        ZB-RSR20-01
  11. R3        ZB-RSR20-02
  12. AC1        ZB-WS6008-01
  13. AC2        ZB-WS6008-02
  14. EG1        ZB-EG2000-01
  15. EG2        FB-EG2000-01
  16. AP1        ZB-AP520-01
  17. AP2        ZB-AP520-02
  18. AP3        FB-AP520-01
复制代码
表1-10 IPv4地址分配表
  1. 设备        接口或VLAN        VLAN名称        二层或三层规划(XX代表工位号)        说明
  2. S1        VLAN10        Res        Gi0/1至Gi0/4        研发
  3.         VLAN20        Sales        Gi0/5至Gi0/8        市场
  4.         VLAN30        Supply        Gi0/9至Gi0/12        供应链
  5.         VLAN40        Service        Gi0/13至Gi0/16        售后
  6.         VLAN50        AP        Gi0/21至Gi0/22        无线AP
  7.         VLAN100        Manage        192.XX.100.4/24        设备管理VLAN
  8. S2        VLAN10        Res        192.XX.10.252/24        研发
  9.         VLAN20        Sales        192.XX.20.252/24        市场
  10.         VLAN30        Supply        192.XX.30.252/24        供应链
  11.         VLAN40        Service        192.XX.40.252/24        售后
  12.         VLAN50        AP        192.XX.50.252/24        无线AP
  13.         VLAN100        Manage        192.XX.100.252/24        设备管理VLAN
  14.         Gi0/4                 10.XX.0.1/30         
  15.         Gi0/5                 TRUNK        互联AC
  16.         LoopBack 0                 11.XX.0.202/32         
  17. S3        VLAN10        Res        192.XX.10.253/24        研发
  18.         VLAN20        Sales        192.XX.20.253/24        市场
  19.         VLAN30        Supply        192.XX.30.253/24        供应链
  20.         VLAN40        Service        192.XX.40.253/24        售后
  21.         VLAN50        AP        192.XX.50.253/24        无线AP
  22.         VLAN100        Manage        192.XX.100.253/24        设备管理VLAN
  23.         Gi0/4                 10.XX.0.5/30         
  24.         Gi0/5                 TRUNK        互联AC
  25.         LoopBack 0                 11.XX.0.203/32         
  26. AC1        LoopBack 0                 11.XX.0.204/32         
  27.         VLAN60        Wiressless        192.XX.60.252/24        无线用户
  28.         Vlan100        Manage        192.XX.100.2/24        管理与互联VLAN
  29. AC2        LoopBack 0                 11.XX.0.205/32         
  30.         VLAN60        Wiressless        192.XX.60.253/24        无线用户
  31.         Vlan100        Manage        192.XX.100.3/24        管理与互联VLAN
  32. S4        VLAN100        Con_To_Cloud        193.XX.0.1/30        互联云平台
  33.         Gi0/1                 10.XX.0.9/30         
  34.         LoopBack 0                 11.XX.0.45/32         
  35. S5        VLAN100        Con_To_Cloud        193.XX.0.1/30        互联云平台(备用)
  36.         Gi0/1                 10.XX.0.13/30         
  37.         LoopBack 0                 11.XX.0.45/32         
  38. EG1        GI0/2                 195.XX.0.1/24        与EG2互联
  39.         GI0/0                 10.XX.0.34/30         
  40.         GI0/1                 10.XX.0.38/30         
  41.         LoopBack 0                 11.XX.0.11/32         
  42. EG2        GI0/2                 195.XX.0.2/24        与EG1互联
  43.         GI0/0                 10.XX.0.42/30         
  44.         LoopBack 0                 11.XX.0.12/32         
  45. R1        S2/0                 10.XX.0.17/30         
  46.         S2/1                 10.XX.0.21/30         
  47.         Gi0/0                 10.XX.0.25/30         
  48.         Gi0/1                 10.XX.0.41/30         
  49.         LoopBack 0                 11.XX.0.1/32         
  50. R2        Gi0/0                 10.XX.0.2/30         
  51.         FA1/1(vlan100)                 10.XX.0.10/30        SVI接口互联
  52.         Gi0/1                 10.XX.0.33/30         
  53.         S2/0                 10.XX.0.18/30         
  54.         S3/0                 10.XX.0.29/30         
  55.         LoopBack 0                 11.XX.0.2/32         
  56. R3        Gi0/0                 10.XX.0.6/30         
  57.         FA1/1(vlan100)                 10.XX.0.14/30        SVI接口互联
  58.         Gi0/1                 10.XX.0.37/30         
  59.         S2/0                 10.XX.0.22/30         
  60.         S3/0                 10.XX.0.30/30         
  61.         LoopBack 0                 11.XX.0.3/32         
  62. S6        Gi0/1                 10.XX.0.26/30         
  63.         VLAN10        Pvlan        194.XX.10.254/24        分部有线用户
  64.         VLAN20        Wireless_user        194.XX.20.254/24        分部无线用户
  65.         VLAN30        AP        194.XX.30.254/24        分部无线AP
  66.         VLAN100        Manage        194.XX.100.254/24        设备管理VLAN
  67.         LoopBack 0                 11.XX.0.6/32         
  68. S7        VLAN10        Pvlan                 Primaty vlan
  69.         VLAN11        Community_vlan        Gi0/1至Gi0/4        community vlan
  70.         VLAN12        Isolated_vlan        Gi0/5至Gi0/8        isolated vlan
  71.         VLAN100        Manage        194.XX.100.1/24        设备管理VLAN
  72. PC机        PC1                 自动获取         
  73.         PC2                 192.XX.20.2/24         
  74.         PC3                 194.XX.10.2/24         
复制代码

  • MSTP及VRRP摆设
    在总部交换机S2、S3上设置MSTP防止二层环路;要求所有数据流颠末S2转发,S2失效时颠末S3转发。所设置的参数要求如下:
    (1)region-name为ruijie;
    (2)revision版本为1;
    (3)实例值为1;
    (4)S2作为实例中的主根, S3作为实例中的从根。
    (5)在S2和S3上设置VRRP,实现主机的网关冗余。所设置的参数要求如表1-11。
表1-11 S2和S3的VRRP参数表
  1. VLAN        VRRP备份组号(VRID)        VRRP虚拟IP
  2. VLAN10        10        192.xx.10.254
  3. VLAN20        20        192.xx.20.254
  4. VLAN30        30        192.xx.30.254
  5. VLAN40        40        192.xx.40.254
  6. VLAN50        50        192.xx.50.254
  7. VLAN100(交换机间)        100        192.xx.100.254
复制代码
(6)S2作为所有主机的实际网关,S3作为所有主机的备份网关;其中各VRRP组中高优先级设置为150,低优先级设置为120。

  • DHCP中继与安全
    在交换机S2、S3上设置DHCP中继,对VLAN10以内的用户进行中继,使得总部PC1用户使用DHCP Relay方式获取IP地址。具体要求如下:
    (1)DHCP服务器搭建于R2上;
    (2)为了防止DHCP服务器诱骗及用户私设静态IP地址,在S1交换机摆设DHCP Snooping功能。
  • 网络装备虚拟化
    两台核心交换机通过VSU虚拟化为一台装备进行管理,从而实现高可靠性。当恣意交换机或板卡故障时,都能保障能够实现装备、链路切换,保护客户业务。
    (1)规划S4和S5间的Gi0/23-24端口作为VSL链路,使用VSU技能实现网络装备虚拟化。其中S4为主,S5为备;
    (2)规划S4和S5间的Gi0/2端口作为双主机检测链路,设置基于BFD的双主机检,当VSL的所有物理链路都异常断开时,备机会切换成主机,从而保障网络正常;
    (3)主装备:Domain id:1,switch id:1,priority 200, description:S2910-24GT4XS-E-1;
    (4)备装备:Domain id:1,switch id:2,priority 150, description:S2910-24GT4XS-E-2。
  • 路由协议摆设
    因历史缘故原由,总部使用静态路由、OSPF多协议组网。其中S2、S3、S4、S5、R2、R3使用OSPF协议,R2、R3与总部出口网关及分部R1间使用静态路由协议,分部使用静态路由协议。要求网络具有安全性、稳定性。具体要求如下:
    (1)OSPF历程号为10,规划多地区0(S2、S3、R2、R3)、地区1(S4、S5、R2、R3);
    (2)R2、R3互联链路规划入地区0;
    (3)要求业务网段中不出现协议报文;
    (4)要求所有路由协议都发布具体网段;
    (5)为了管理方便,必要发布Loopback地址;
    (6)优化OSPF相干设置,以只管加速OSPF收敛;
    (7)重发布路由进OSPF中使用类型1;
    (8)采用浮动静态路由,主静态路由优先级为10,备份静态路由优先级为100。
    注意:(S4/S5必要重发布云平台(172.16.0.0/22)静态路由至总部内网)。
  • 广域网链路设置与安全摆设
    总部路由器与分部路由器间属于广域网链路,其中R1-R2间所租用线路带宽为2M,R1-R3间所租用线路带宽为1M。R2-R3间线路带宽为2M。总部路由器与分部路由器间属于广域网链路。必要使用PPP进行安全保护。PPP的具体要求如下:
    (1)使用CHAP协议;
    (2)单向认证,用户名+验证口令方式,R1为认证客户端,R2、R3为认证服务端;
    (3)用户名和暗码均为ruijie。
  • 路由选路摆设
    考虑到从分部到总部有两条广域网线路,且其带宽不一样。以是规划R1-R2间为主线路,R1-R3间为备线路。别的总部局域网到互联网数据,经规划R2-EG1为主线路,R3-EG1为备线路。根据以上需求,在路由器上进行公道的路由协议设置。具体要求如下:
    (1)修改链路或接口开销COST值,且其值必须为5或10;
    (2)总部用户区与互联网互通主路径规划为:S1-S2-R2-EG1;
    (3)总部与分部互通主路径为:S1-S2-R2-R1或(S4/S5)-R2-R1;
    (4)主链路故障可无缝切换到备用链路上;
    (5)要求来回数据流同等。
  • PBR设置与摆设
    考虑到分部到总部间有2条广域网线路,为公道使用带宽,规划从分部去往总部的SSH数据通过R1-R2的线路转发,从分部去往总部的WEB数据通过R1-R3的线路转发。为到达上述目标,采用PBR来实现。具体要求如下:
    (1)Route-map计谋名为fenliu;
    (2)分部去往总部的SSH数据由ACL101来界说;
    (3)分部去往总部的WEB数据由ACL102来界说。
  • QoS摆设
    为了防止大量用户不停突发的数据导致网络拥挤,必须对接入的用户流量加以限制。所设置的参数要求如下
    (1)总部装备S1的Gi0/1至Gi0/16接口处方向设置接口限速,限速10M/S;
    (2)分部装备R1做流量整形,G0/0接口对接收的报文进行流量控制,下行报文流量不能凌驾1Mbps,如果凌驾流量限制则将违规报文抛弃。
模块二:移动互联网络组建与优化

为满足“互联网+”时代下,员工移动办公的发展趋势,公司总部与分部均必要规划和摆设移动互联无线网络,同时为保证无线用户安全、可靠的访问互联网,我们必要进行无线网络安全及性能优化设置,确保员工有良好的上网体验。

  • 无线网络基础摆设
    (1)使用AC为总部无线用户DHCP 服务器,使用(S2/S3)为总部AP的DHCP 服务器,S2分配地址范围为其网段的1至100,S3分配地址为其网段的101至200。使用S6为分部无线用户与AP DHCP服务器,为其终端主动分配地址;
    (2)创建总部 SSID 为 Ruijie-ZB_XX(XX代表工位号),AP-Group为ZB,总部无线用户关联SSID后可主动获取地址;
    (3)创建分部 SSID 为 Ruijie-FB_XX(XX代表工位号),AP-Group为FB,分部无线用户关联SSID后可主动获取地址;
    (4)调解信道使得总部AP间信道不冲突。
  • AC热备摆设
    AC1为主用,AC2为备用。AP与AC1、AC2均创建隧道,当AP与AC1失去连接时能无缝切换至AC2并提供服务。
  • 无线安全摆设
    具体设置参数如下:
    (1)无线用户接入无线网络时必要采用基于 WPA2 加密方式,其口令为 XXX(现场提供);
    (2)为制止无线网络被非法用户通过SSID搜索到,并创建非法连接,必要禁用AP广播SSID,隐蔽无线SSID;
    (3)为了防御无线局域网ARP诱骗影响用户上网体验,设置无线环境ARP诱骗防御功能。
  • 无线性能优化
    (1)关闭低速率(1M,6M)应用接入;
    (2)装备总部无线用户启用会合转发模式,各分公司无线用户启用本地转发模式。
模块三:网络空间安全摆设

公司总部与分部无线用户必要通过独立的互联网线路访问外网资源,同时针对访问资源进行用户身份认证与信息审计监督,别的满足出差在外的员工可以访问总部内部服务器资源,需针对出口用户提供长途VPN功能。

  • 出口NAT摆设
    具体设置参数如下:
    (1)总部与分部出口网关上设置访问控制列表ACL 110,仅允许无线用户与研发部分在周一到周五的上班时间通过NAPT访问互联网,NAPT映射到互联网接口上;
    (2)在总部EG上设置,使公司总部核心交换R2(11.XX.0.2)(XX代表工位号)装备的SSH服务可以通过互联网被访问,从互联网访问的地址是195.XX.0.20(XX代表工位号)。
  • VPN摆设
    分部R1至R2、R3两条专线均发生故障时确保分部可正常访问总部服务器区,要求在总部与分部EG上启用IPSEC VPN创建IPSEC隧道,实现总部与分部有线用户数据互通及加密处理。VPN必要采用隧道模式、预共享暗码为 123456,加密认证方式为 ESP-DES、ESP-HASH-MD5 ,DH使用组1,与此同时总部关闭WEB认证功能。
  • 装备与网络管理摆设
    (1)为路由器开启SSH服务端功能,用户名和暗码为admin,暗码为明文类型;
    (2)为交换机开启Telnet功能,对所有Telnet用户采用本地认证的方式。创建本地用户,设定用户名和暗码为admin,暗码为明文类型。
具体摆设实行

方法:同时在每台装备上使用show running-config命令,查看对应装备的设置信息。
S1

  1. hostname S1
  3. redundancy
  4. auto-sync time-period 3600
  5. auto-sync standard
  6. switchover timeout 4000
  8. vlan 1
  9. vlan 10
  10. vlan 20
  11. vlan 30
  12. vlan 40
  13. vlan 50
  14. vlan 100
  16. username admin password admin
  17. no service password-encryption
  19. ip dhcp snooping
  20.        
  21. spanning-tree mst configuration
  22. revision 1
  23. name ruijie
  24. instance 0 vlan 1-9, 11-19, 21-29, 31-39, 41-49, 51-99, 101-4094
  25. instance 1 vlan 10, 20, 30, 40, 50, 100
  26. spanning-tree
  27. interface GigabitEthernet 0/1
  28. switchport access vlan 10
  29. ip verify source port-security
  30. arp-check
  31. rate-limit input 10000 1024
  32. rate-limit output 10000 1024
  34. interface GigabitEthernet 0/2
  35. switchport access vlan 10
  36. rate-limit input 10000 1024
  37. rate-limit output 10000 1024
  39. interface GigabitEthernet 0/3
  40. switchport access vlan 10
  41. rate-limit input 10000 1024
  42. rate-limit output 10000 1024
  44. interface GigabitEthernet 0/4
  45. switchport access vlan 10
  46. rate-limit input 10000 1024
  47. rate-limit output 10000 1024
  49. interface GigabitEthernet 0/5
  50. switchport access vlan 20
  51. rate-limit input 10000 1024
  52. rate-limit output 10000 1024
  54. interface GigabitEthernet 0/6
  55. switchport access vlan 20
  56. rate-limit input 10000 1024
  57. rate-limit output 10000 1024
  59. interface GigabitEthernet 0/7
  60. switchport access vlan 20
  61. rate-limit input 10000 1024
  62. rate-limit output 10000 1024
  64. interface GigabitEthernet 0/8
  65. switchport access vlan 20
  66. rate-limit input 10000 1024
  67. rate-limit output 10000 1024
  69. interface GigabitEthernet 0/9
  70. switchport access vlan 30
  71. rate-limit input 10000 1024
  72. rate-limit output 10000 1024
  74. interface GigabitEthernet 0/10
  75. switchport access vlan 30
  76. rate-limit input 10000 1024
  77. rate-limit output 10000 1024
  79. interface GigabitEthernet 0/11
  80. switchport access vlan 30
  81. rate-limit input 10000 1024
  82. rate-limit output 10000 1024
  84. interface GigabitEthernet 0/12
  85. switchport access vlan 30
  86. rate-limit input 10000 1024
  87. rate-limit output 10000 1024
  89. interface GigabitEthernet 0/13
  90. switchport access vlan 40
  91. rate-limit input 10000 1024
  92. rate-limit output 10000 1024
  94. interface GigabitEthernet 0/14
  95. switchport access vlan 40
  96. rate-limit input 10000 1024
  97. rate-limit output 10000 1024
  99. interface GigabitEthernet 0/15
  100. switchport access vlan 40
  101. rate-limit input 10000 1024
  102. rate-limit output 10000 1024
  104. interface GigabitEthernet 0/16
  105. switchport access vlan 40
  106. rate-limit input 10000 1024
  107. rate-limit output 10000 1024
  109. interface GigabitEthernet 0/17
  111. interface GigabitEthernet 0/18
  113. interface GigabitEthernet 0/19
  115. interface GigabitEthernet 0/20
  117. interface GigabitEthernet 0/21
  118. switchport access vlan 50
  120. interface GigabitEthernet 0/22
  121. switchport access vlan 50
  123. interface GigabitEthernet 0/23
  124. switchport mode trunk
  125. ip dhcp snooping trust
  127. interface GigabitEthernet 0/24
  128. switchport mode trunk
  129. ip dhcp snooping trust
  131. interface VLAN 100
  132. no ip proxy-arp
  133. ip address 192.26.100.4 255.255.255.0
  135. line con 0
  136. line vty 0 4
  137. login local
  139. end
复制代码
S2

  1. hostname S2
  3. redundancy
  4. auto-sync time-period 3600
  5. auto-sync standard
  6. switchover timeout 4000
  8. vlan 1
  10. vlan 10
  12. vlan 20
  14. vlan 30
  16. vlan 40
  18. vlan 50
  20. vlan 100
  22. username admin password admin
  23. no service password-encryption
  24. service dhcp
  25. ip helper-address 10.168.0.2
  27. ip dhcp excluded-address 192.168.50.101 192.168.50.254
  29. ip dhcp pool appool
  30. option 138 ip 11.168.0.204
  31. network 192.168.50.0 255.255.255.0
  32. default-router 192.168.50.254
  34. spanning-tree mst configuration
  35. revision 1
  36. name ruijie
  37. instance 0 vlan 1-9, 11-19, 21-29, 31-39, 41-49, 51-99, 101-4094
  38. instance 1 vlan 10, 20, 30, 40, 50, 100
  39. spanning-tree mst 1 priority 4096
  40. spanning-tree
  41. interface GigabitEthernet 0/1
  42. switchport mode trunk
  44. interface GigabitEthernet 0/2
  45. port-group 1
  47. interface GigabitEthernet 0/3
  48. port-group 1
  50. interface GigabitEthernet 0/4
  51. no switchport
  52. ip ospf network point-to-point
  53. ip ospf cost 5
  54. no ip proxy-arp
  55. ip address 10.168.0.1 255.255.255.252
  57. interface GigabitEthernet 0/5
  58. switchport mode trunk
  60. interface GigabitEthernet 0/6
  62. interface GigabitEthernet 0/7
  64. interface GigabitEthernet 0/8
  66. interface GigabitEthernet 0/9
  68. interface GigabitEthernet 0/10
  70. interface GigabitEthernet 0/11
  72. interface GigabitEthernet 0/12
  74. interface GigabitEthernet 0/13
  76. interface GigabitEthernet 0/14
  78. interface GigabitEthernet 0/15
  80. interface GigabitEthernet 0/16
  82. interface GigabitEthernet 0/17
  84. interface GigabitEthernet 0/18
  86. interface GigabitEthernet 0/19
  88. interface GigabitEthernet 0/20
  90. interface GigabitEthernet 0/21
  92. interface GigabitEthernet 0/22
  94. interface GigabitEthernet 0/23
  96. interface GigabitEthernet 0/24
  98. interface AggregatePort 1
  99. switchport mode trunk
  101. interface Loopback 0
  102. ip address 11.168.0.202 255.255.255.255
  104. interface VLAN 10
  105. no ip proxy-arp
  106. ip address 192.168.10.252 255.255.255.0
  107. vrrp 10 priority 150
  108. vrrp 10 ip 192.168.10.254
  110. interface VLAN 20
  111. no ip proxy-arp
  112. ip address 192.168.20.252 255.255.255.0
  113. vrrp 20 priority 150
  114. vrrp 20 ip 192.168.20.254
  116. interface VLAN 30
  117. no ip proxy-arp
  118. ip address 192.168.30.252 255.255.255.0
  119. vrrp 30 priority 150
  120. vrrp 30 ip 192.168.30.254
  122. interface VLAN 40
  123. no ip proxy-arp
  124. ip address 192.168.40.252 255.255.255.0
  125. vrrp 40 priority 150
  126. vrrp 40 ip 192.168.40.254
  128. interface VLAN 50
  129. no ip proxy-arp
  130. ip address 192.168.50.252 255.255.255.0
  131. vrrp 50 priority 150
  132. vrrp 50 ip 192.168.50.254
  134. interface VLAN 100
  135. no ip proxy-arp
  136. ip address 192.168.100.252 255.255.255.0
  137. vrrp 100 priority 150
  138. vrrp 100 ip 192.168.100.254
  141. router ospf 10
  142. passive-interface VLAN 10
  143. passive-interface VLAN 20
  144. passive-interface VLAN 30
  145. passive-interface VLAN 40
  146. passive-interface VLAN 50
  147. passive-interface VLAN 100
  148. network 10.168.0.0 0.0.0.3 area 0
  149. network 11.168.0.202 0.0.0.0 area 0
  150. network 192.168.10.0 0.0.0.255 area 0
  151. network 192.168.20.0 0.0.0.255 area 0
  152. network 192.168.30.0 0.0.0.255 area 0
  153. network 192.168.40.0 0.0.0.255 area 0
  154. network 192.168.50.0 0.0.0.255 area 0
  155. network 192.168.100.0 0.0.0.255 area 0
  158. ip route 10.168.0.16 255.255.255.252 10.168.0.2
  159. ip route 10.168.0.36 255.255.255.252 10.168.0.2
  160. ip route 11.168.0.204 255.255.255.255 192.168.100.2
  161. ip route 11.168.0.205 255.255.255.255 192.168.100.253
  162. ip route 194.168.30.0 255.255.255.0 10.168.0.2
  164. line con 0
  165. line vty 0 4
  166. login local
  168. end
复制代码
S3

  1. hostname S3
  3. redundancy
  4. auto-sync time-period 3600
  5. auto-sync standard
  6. switchover timeout 4000
  8. vlan 1
  10. vlan 10
  11. name Res
  13. vlan 20
  14. name Sales
  16. vlan 30
  17. name Supply
  19. vlan 40
  20. name Service
  22. vlan 50
  23. name Ap
  25. vlan 100
  26. name Manage
  28. no service password-encryption
  29. service dhcp
  30. ip helper-address 10.168.0.2
  32. ip dhcp excluded-address 192.168.50.1
  33. ip dhcp excluded-address 192.168.50.1 192.168.50.100
  34. ip dhcp excluded-address 192.168.50.201 192.168.50.255
  37. ip dhcp pool S3
  38. option 138 ip 11.168.0.204
  39. network 192.168.50.0 255.255.255.0
  40. default-router 192.168.50.254
  42. spanning-tree mst configuration
  43. revision 1
  44. name ruijie
  45. instance 0 vlan 1-9, 11-19, 21-29, 31-39, 41-49, 51-99, 101-4094
  46. instance 1 vlan 10, 20, 30, 40, 50, 100
  47. spanning-tree mst 1 priority 8192
  48. spanning-tree
  49. interface GigabitEthernet 0/1
  50. switchport mode trunk
  52. interface GigabitEthernet 0/2
  53. port-group 1
  54.          
  55. interface GigabitEthernet 0/3
  56. port-group 1
  58. interface GigabitEthernet 0/4
  59. no switch
  60. ip ospf network point-to-point
  61. ip ospf cost 10
  62. no ip proxy-arp
  63. ip address 10.168.0.5 255.255.255.252
  65. interface GigabitEthernet 0/5
  66. switchport mode trunk
  68. interface GigabitEthernet 0/6
  70. interface GigabitEthernet 0/7
  72. interface GigabitEthernet 0/8
  74. interface GigabitEthernet 0/9
  76. interface GigabitEthernet 0/10
  78. interface GigabitEthernet 0/11
  80. interface GigabitEthernet 0/12
  82. interface GigabitEthernet 0/13
  83.          
  84. interface GigabitEthernet 0/14
  86. interface GigabitEthernet 0/15
  88. interface GigabitEthernet 0/16
  90. interface GigabitEthernet 0/17
  92. interface GigabitEthernet 0/18
  94. interface GigabitEthernet 0/19
  96. interface GigabitEthernet 0/20
  98. interface GigabitEthernet 0/21
  100. interface GigabitEthernet 0/22
  102. interface GigabitEthernet 0/23
  104. interface GigabitEthernet 0/24
  106. interface AggregatePort 1
  107. switchport mode trunk
  109. interface Loopback 0
  110. ip address 11.168.0.203 255.255.255.255
  112. interface VLAN 10
  113. no ip proxy-arp
  114. ip address 192.168.10.253 255.255.255.0
  115. vrrp 10 priority 120
  116. vrrp 10 ip 192.168.10.254
  118. interface VLAN 20
  119. no ip proxy-arp
  120. ip address 192.168.20.253 255.255.255.0
  121. vrrp 20 priority 120
  122. vrrp 20 ip 192.168.20.254
  124. interface VLAN 30
  125. no ip proxy-arp
  126. ip address 192.168.30.253 255.255.255.0
  127. vrrp 30 priority 120
  128. vrrp 30 ip 192.168.30.254
  130. interface VLAN 40
  131. no ip proxy-arp
  132. ip address 192.168.40.253 255.255.255.0
  133. vrrp 40 priority 120
  134. vrrp 40 ip 192.168.40.254
  136. interface VLAN 50
  137. no ip proxy-arp
  138. ip address 192.168.50.253 255.255.255.0
  139. vrrp 50 priority 120
  140. vrrp 50 ip 192.168.50.254
  142. interface VLAN 100
  143. no ip proxy-arp
  144. ip address 192.168.100.253 255.255.255.0
  145. vrrp 100 priority 120
  146. vrrp 100 ip 192.168.100.254
  148. router ospf 10
  149. passive-interface VLAN 10
  150. passive-interface VLAN 20
  151. passive-interface VLAN 30
  152. passive-interface VLAN 40
  153. passive-interface VLAN 50
  154. passive-interface VLAN 100
  155. network 10.128.0.4 0.0.0.3 area 0
  156. network 11.128.0.203 0.0.0.0 area 0
  157. network 192.168.10.0 0.0.0.255 area 0
  158. network 192.168.20.0 0.0.0.255 area 0
  159. network 192.168.30.0 0.0.0.255 area 0
  160. network 192.168.40.0 0.0.0.255 area 0
  161. network 192.168.50.0 0.0.0.255 area 0
  162. network 192.168.100.0 0.0.0.255 area 0
  164. ip route 11.168.0.204 255.255.255.255 192.168.100.252
  166. line con 0
  167. line vty 0 4
  168. login
  170. end
复制代码
S4/S5(做的堆叠,两台当一台用)

  1. hostname VSU
  3. redundancy
  4. auto-sync time-period 3600
  5. auto-sync standard
  6. switchover timeout 4000
  8. vlan 1
  10. vlan 100
  11.   
  12. no service password-encryption
  14. interface GigabitEthernet 1/0/1
  15. no switchport
  16. ip ospf network point-to-point
  17. no ip proxy-arp
  18. ip address 10.168.0.9 255.255.255.252
  20. interface GigabitEthernet 1/0/2
  21. no switchport
  22. no ip proxy-arp
  23. no lldp enable
  25. interface GigabitEthernet 1/0/3
  27. interface GigabitEthernet 1/0/4
  28.          
  29. interface GigabitEthernet 1/0/5
  31. interface GigabitEthernet 1/0/6
  33. interface GigabitEthernet 1/0/7
  35. interface GigabitEthernet 1/0/8
  37. interface GigabitEthernet 1/0/9
  39. interface GigabitEthernet 1/0/10
  41. interface GigabitEthernet 1/0/11
  43. interface GigabitEthernet 1/0/12
  45. interface GigabitEthernet 1/0/13
  47. interface GigabitEthernet 1/0/14
  49. interface GigabitEthernet 1/0/15
  51. interface GigabitEthernet 1/0/16
  52.          
  53. interface GigabitEthernet 1/0/17
  55. interface GigabitEthernet 1/0/18
  57. interface GigabitEthernet 1/0/19
  59. interface GigabitEthernet 1/0/20
  61. interface GigabitEthernet 1/0/21
  63. interface GigabitEthernet 1/0/22
  65. interface GigabitEthernet 1/0/23
  67. interface GigabitEthernet 1/0/24
  69. interface GigabitEthernet 2/0/1
  70. no switchport
  71. ip ospf network point-to-point
  72. no ip proxy-arp
  73. ip address 10.168.0.13 255.255.255.252
  75. interface GigabitEthernet 2/0/2
  76. no switchport
  77. no ip proxy-arp
  78. no lldp enable
  80. interface GigabitEthernet 2/0/3
  82. interface GigabitEthernet 2/0/4
  84. interface GigabitEthernet 2/0/5
  86. interface GigabitEthernet 2/0/6
  88. interface GigabitEthernet 2/0/7
  90. interface GigabitEthernet 2/0/8
  92. interface GigabitEthernet 2/0/9
  94. interface GigabitEthernet 2/0/10
  96. interface GigabitEthernet 2/0/11
  98. interface GigabitEthernet 2/0/12
  100. interface GigabitEthernet 2/0/13
  102. interface GigabitEthernet 2/0/14
  104. interface GigabitEthernet 2/0/15
  106. interface GigabitEthernet 2/0/16
  108. interface GigabitEthernet 2/0/17
  110. interface GigabitEthernet 2/0/18
  112. interface GigabitEthernet 2/0/19
  114. interface GigabitEthernet 2/0/20
  116. interface GigabitEthernet 2/0/21
  118. interface GigabitEthernet 2/0/22
  120. interface GigabitEthernet 2/0/23
  122. interface GigabitEthernet 2/0/24
  124. interface Loopback 0
  125. ip address 11.168.0.45 255.255.255.255
  127. interface Loopback 1
  128. ip address 172.16.0.1 255.255.252.0
  130. interface VLAN 100
  131. no ip proxy-arp
  132. ip address 193.168.0.1 255.255.255.252
  134. switch virtual domain 1
  135. dual-active detection bfd
  136. dual-active bfd interface GigabitEthernet 1/0/2
  137. dual-active bfd interface GigabitEthernet 2/0/2
  139. router ospf 10
  140. network 10.168.0.8 0.0.0.3 area 1
  141. network 10.168.0.12 0.0.0.3 area 1
  142. network 11.168.0.45 0.0.0.0 area 1
  144. ip route 10.168.0.16 255.255.255.252 10.168.0.10
  145. ip route 10.168.0.20 255.255.255.252 10.168.0.14
  147. line con 0
  148. line vty 0 4
  149. login
  151. end
复制代码
S6

  1. hostname S6
  3. redundancy
  4. auto-sync time-period 3600
  5. auto-sync standard
  6. switchover timeout 4000
  8. diagnostic bootup level bypass
  10. vlan 1
  12. vlan 10
  13. name Pvlan
  14. private-vlan primary
  15. private-vlan association add 11-12
  17. vlan 11
  18. private-vlan community
  20. vlan 12
  21. private-vlan isolated
  23. vlan 20
  24. name Wirelessuser
  26. vlan 30
  27. name AP
  29. vlan 100
  30. name Manage
  32. username admin password admin
  33. no service password-encryption
  34. service dhcp
  36. ip dhcp pool client
  37. network 194.168.20.0 255.255.255.0
  38. default-router 194.168.20.254
  40. ip dhcp pool Wireless
  41. option 138 ip 11.26.0.204
  42. network 194.168.30.0 255.255.255.0
  43. default-router 194.168.30.254
  45. interface GigabitEthernet 0/1
  46. no switchport
  47. no ip proxy-arp
  48. ip address 10.168.0.26 255.255.255.252
  50. interface GigabitEthernet 0/2
  51. switchport mode trunk
  52. switchport trunk native vlan 30
  54. interface GigabitEthernet 0/3
  55. switchport mode trunk
  57. interface GigabitEthernet 0/4
  59. interface GigabitEthernet 0/5
  61. interface GigabitEthernet 0/6
  63. interface GigabitEthernet 0/7
  65. interface GigabitEthernet 0/8
  67. interface GigabitEthernet 0/9
  69. interface GigabitEthernet 0/10
  71. interface GigabitEthernet 0/11
  73. interface GigabitEthernet 0/12
  75. interface GigabitEthernet 0/13
  77. interface GigabitEthernet 0/14
  79. interface GigabitEthernet 0/15
  81. interface GigabitEthernet 0/16
  83. interface GigabitEthernet 0/17
  85. interface GigabitEthernet 0/18
  87. interface GigabitEthernet 0/19
  89. interface GigabitEthernet 0/20
  91. interface GigabitEthernet 0/21
  93. interface GigabitEthernet 0/22
  95. interface GigabitEthernet 0/23
  96. switchport mode trunk
  98. interface GigabitEthernet 0/24
  100. interface Loopback 0
  101. ip address 11.168.0.6 255.255.255.255
  103. interface VLAN 10
  104. no ip proxy-arp
  105. ip address 194.168.10.254 255.255.255.0
  106. private-vlan mapping add 11-12
  108. interface VLAN 20
  109. no ip proxy-arp
  110. ip address 194.168.20.254 255.255.255.0
  112. interface VLAN 30
  113. no ip proxy-arp
  114. ip address 194.168.30.254 255.255.255.0
  116. interface VLAN 100
  117. no ip proxy-arp
  118. ip address 194.168.100.254 255.255.255.0
  120. ip route 0.0.0.0 0.0.0.0 10.168.0.25
  122. line con 0
  123. line vty 0 4
  124. login local
  126. end
复制代码
R1

  1. hostname R1
  2. webmaster level 0 username admin password 7 04361c0b370d
  4. diffserv domain default
  6. no cwmp
  8. route-map fenliu permit 10
  9. match ip address 101
  10. set ip next-hop 10.168.0.18
  12. route-map fenliu permit 20
  13. match ip address 102
  14. set ip next-hop 10.168.0.22
  16. route-map fenliu permit 30
  18. vlan 1
  20. username admin password admin
  21. no service password-encryption
  23. control-plane
  25. control-plane protocol
  26. acpp bw-rate 1250 bw-burst-rate 2500
  28. control-plane manage
  29. port-filter
  30. arp-car 5
  31. acpp bw-rate 1250 bw-burst-rate 2500
  33. control-plane data
  34. glean-car 5
  35. acpp bw-rate 1250 bw-burst-rate 2500
  37. web-auth mac-check enable
  39. enable service ssh-server
  40. enable service web-server http
  41. enable service web-server https
  43. interface Serial 2/0
  44. encapsulation PPP
  45. ppp chap hostname ruijie
  46. ppp chap password ruijie
  47. ip address 10.168.0.17 255.255.255.252
  48. clock rate 64000
  50. interface Serial 2/1
  51. encapsulation PPP
  52. ppp chap hostname ruijie
  53. ppp chap password ruijie
  54. ip address 10.168.0.21 255.255.255.252
  56. interface GigabitEthernet 0/0
  57. ip address 10.168.0.25 255.255.255.252
  58. duplex auto
  59. speed auto
  61. interface GigabitEthernet 0/1
  62. ip address 10.168.0.41 255.255.255.252
  63. duplex auto
  64. speed auto
  66. interface GigabitEthernet 0/2
  67. duplex auto
  68. speed auto
  70. interface GigabitEthernet 0/3
  71. duplex auto
  72. speed auto
  74. interface GigabitEthernet 1/0
  76. interface GigabitEthernet 1/1
  77.          
  78. interface GigabitEthernet 1/2
  80. interface GigabitEthernet 1/3
  82. interface GigabitEthernet 1/4
  84. interface GigabitEthernet 1/5
  86. interface GigabitEthernet 1/6
  88. interface GigabitEthernet 1/7
  90. interface GigabitEthernet 1/8
  92. interface GigabitEthernet 1/9
  94. interface GigabitEthernet 1/10
  96. interface GigabitEthernet 1/11
  98. interface GigabitEthernet 1/12
  100. interface GigabitEthernet 1/13
  101.          
  102. interface GigabitEthernet 1/14
  104. interface GigabitEthernet 1/15
  106. interface GigabitEthernet 1/16
  108. interface GigabitEthernet 1/17
  110. interface GigabitEthernet 1/18
  112. interface GigabitEthernet 1/19
  114. interface GigabitEthernet 1/20
  116. interface GigabitEthernet 1/21
  118. interface GigabitEthernet 1/22
  120. interface GigabitEthernet 1/23
  122. interface Loopback 0
  123. ip address 11.168.0.1 255.255.255.255
  125. interface VLAN 1
  126. ip address 192.168.1.1 255.255.255.0
  128. ip route 10.168.0.0 255.255.255.252 10.168.0.18
  129. ip route 10.168.0.4 255.255.255.252 10.168.0.18
  130. ip route 11.168.0.204 255.255.255.255 10.168.0.18 10
  131. ip route 11.168.0.204 255.255.255.255 10.168.0.22 100
  132. ip route 11.168.0.205 255.255.255.255 10.168.0.18 10
  133. ip route 11.168.0.205 255.255.255.255 10.168.0.22 100
  134. ip route 172.16.0.0 255.255.252.0 10.168.0.18 10
  135. ip route 172.16.0.0 255.255.252.0 10.168.0.22 100
  136. ip route 192.168.10.0 255.255.255.0 10.168.0.18 10
  137. ip route 192.168.10.0 255.255.255.0 10.168.0.22 100
  138. ip route 192.168.20.0 255.255.255.0 10.168.0.18 10
  139. ip route 192.168.20.0 255.255.255.0 10.168.0.22 100
  140. ip route 192.168.30.0 255.255.255.0 10.168.0.18 10
  141. ip route 192.168.30.0 255.255.255.0 10.168.0.22 100
  142. ip route 192.168.40.0 255.255.255.0 10.168.0.18 10
  143. ip route 192.168.40.0 255.255.255.0 10.168.0.22 100
  144. ip route 192.168.60.0 255.255.255.0 10.168.0.18 10
  145. ip route 192.168.60.0 255.255.255.0 10.168.0.22 100
  146. ip route 193.168.0.0 255.255.255.252 10.168.0.18 10
  147. ip route 193.168.0.0 255.255.255.252 10.168.0.22 100
  148. ip route 194.168.0.0 255.255.0.0 10.168.0.26
  149. ip route 194.168.10.0 255.255.255.0 10.168.0.26
  150. ip route 195.168.0.0 255.255.255.0 10.168.0.42
  152. ref parameter 75 100
  153. line con 0
  154. line vty 0 4
  155. transport input ssh
  156. login local
  159. end
复制代码
R2

  1. hostname R2
  2. webmaster level 0 username admin password 7 073f07221c1c
  3. vlan 1
  5. vlan 100
  7. username admin password admin
  8. username ruijie password ruijie
  9. no service password-encryption
  10. service dhcp
  12. ip dhcp pool vlan10
  13. network 192.168.10.0 255.255.255.0
  14. default-router 192.168.10.254
  16. control-plane
  18. control-plane protocol
  19. no acpp
  21. control-plane manage
  22. no port-filter
  23. no arp-car
  24. no acpp
  26. control-plane data
  27. no glean-car
  28. no acpp  
  30. enable service ssh-server
  31. enable service web-server http
  32. enable service web-server https
  34. interface Serial 2/0
  35. encapsulation PPP
  36. ppp authentication chap
  37. ip address 10.168.0.18 255.255.255.252
  39. interface Serial 3/0
  40. encapsulation PPP
  41. ip ospf network point-to-point
  42. ip address 10.168.0.29 255.255.255.252
  44. interface FastEthernet 1/0
  46. interface FastEthernet 1/1
  47. switchport access vlan 100
  49. interface FastEthernet 1/2
  51. interface FastEthernet 1/3
  53. interface FastEthernet 1/4
  55. interface FastEthernet 1/5
  57. interface FastEthernet 1/6
  59. interface FastEthernet 1/7
  61. interface FastEthernet 1/8
  63. interface FastEthernet 1/9
  65. interface FastEthernet 1/10
  67. interface FastEthernet 1/11
  69. interface FastEthernet 1/12
  71. interface FastEthernet 1/13
  73. interface FastEthernet 1/14
  75. interface FastEthernet 1/15
  77. interface FastEthernet 1/16
  79. interface FastEthernet 1/17
  81. interface FastEthernet 1/18
  83. interface FastEthernet 1/19
  85. interface FastEthernet 1/20
  87. interface FastEthernet 1/21
  89. interface FastEthernet 1/22
  91. interface FastEthernet 1/23
  93. interface GigabitEthernet 0/0
  94. ip ospf network point-to-point
  95. ip ospf cost 5
  96. ip address 10.168.0.2 255.255.255.252
  97. duplex auto
  98. speed auto
  100. interface GigabitEthernet 0/1
  101. ip address 10.168.0.33 255.255.255.252
  102. duplex auto
  103. speed auto
  105. interface Loopback 0
  106. ip address 11.168.0.2 255.255.255.255
  107.          
  108. interface VLAN 100
  109. ip address 10.168.0.10 255.255.255.252
  111. router ospf 10
  112. redistribute static metric-type 1 subnets
  113. network 10.168.0.0 0.0.0.3 area 0
  114. network 10.168.0.8 0.0.0.3 area 1
  115. network 10.168.0.28 0.0.0.3 area 0
  116. network 11.168.0.2 0.0.0.0 area 0
  118. ip route 10.168.0.24 255.255.255.252 10.168.0.17
  119. ip route 11.168.0.1 255.255.255.255 10.168.0.17
  120. ip route 11.168.0.204 255.255.255.255 10.168.0.1
  121. ip route 11.168.0.205 255.255.255.255 10.168.0.1
  122. ip route 172.16.0.0 255.255.252.0 10.168.0.9
  123. ip route 194.168.10.0 255.255.255.0 10.168.0.34
  124. ip route 194.168.30.0 255.255.255.0 10.168.0.17
  125. ip route 195.168.0.0 255.255.255.0 10.168.0.34
  127. ref parameter 75 140
  128. line con 0
  129. line aux 0
  130. line vty 0 4
  131. transport input ssh
  132. login local
  134. end
复制代码
R3

  1. hostname R3
  3. vlan 1
  5. vlan 100
  8. username admin password admin
  9. username ruijie password ruijie
  10. no service password-encryption
  12. control-plane
  14. control-plane protocol
  15. no acpp
  17. control-plane manage
  18. no port-filter
  19. no arp-car
  20. no acpp
  22. control-plane data
  23. no glean-car
  24. no acpp
  26. enable service ssh-server
  27. enable service web-server http
  28. enable service web-server https
  30. interface Serial 2/0
  31. encapsulation PPP
  32. ppp authentication chap
  33. ip address 10.168.0.22 255.255.255.252
  34. clock rate 64000
  36. interface Serial 3/0
  37. encapsulation PPP
  38. ip ospf network point-to-point
  39. ip address 10.168.0.30 255.255.255.252
  40. clock rate 64000
  42. interface FastEthernet 1/0
  44. interface FastEthernet 1/1
  45. switchport access vlan 100
  47. interface FastEthernet 1/2
  49. interface FastEthernet 1/3
  51. interface FastEthernet 1/4
  53. interface FastEthernet 1/5
  55. interface FastEthernet 1/6
  57. interface FastEthernet 1/7
  59. interface FastEthernet 1/8
  60.          
  61. interface FastEthernet 1/9
  63. interface FastEthernet 1/10
  65. interface FastEthernet 1/11
  67. interface FastEthernet 1/12
  69. interface FastEthernet 1/13
  71. interface FastEthernet 1/14
  73. interface FastEthernet 1/15
  75. interface FastEthernet 1/16
  77. interface FastEthernet 1/17
  79. interface FastEthernet 1/18
  81. interface FastEthernet 1/19
  83. interface FastEthernet 1/20
  84.          
  85. interface FastEthernet 1/21
  87. interface FastEthernet 1/22
  89. interface FastEthernet 1/23
  91. interface GigabitEthernet 0/0
  92. ip ospf network point-to-point
  93. ip ospf cost 10
  94. ip address 10.168.0.6 255.255.255.252
  95. duplex auto
  96. speed auto
  98. interface GigabitEthernet 0/1
  99. ip address 10.168.0.37 255.255.255.252
  100. duplex auto
  101. speed auto
  103. interface Loopback 0
  104. ip address 11.168.0.3 255.255.255.255
  106. interface VLAN 100
  107. ip address 10.168.0.14 255.255.255.252
  109. router ospf 10
  110. redistribute static metric-type 1 subnets
  111. network 10.168.0.4 0.0.0.3 area 0
  112. network 10.168.0.12 0.0.0.3 area 1
  113. network 10.168.0.28 0.0.0.3 area 0
  114. network 11.168.0.3 0.0.0.0 area 0
  116. ip route 10.168.0.24 255.255.255.252 10.168.0.17
  117. ip route 10.168.0.24 255.255.255.252 10.168.0.21
  118. ip route 11.168.0.1 255.255.255.255 10.168.0.21
  119. ip route 11.168.0.204 255.255.255.255 10.168.0.5
  120. ip route 11.168.0.205 255.255.255.255 10.168.0.5
  121. ip route 172.16.0.0 255.255.252.0 10.168.0.13
  122. ip route 194.168.10.0 255.255.255.0 10.168.0.38
  123. ip route 194.168.30.0 255.255.255.0 10.168.0.21
  124. ip route 195.168.0.0 255.255.255.0 10.168.0.38
  126. ref parameter 75 140
  127. line con 0
  128. line aux 0
  129. line vty 0 4
  130. transport input ssh
  131. login local
  133. end
复制代码
AC1

  1. hostname AC1
  3. wlan-config 1 Ruijie-ZB_176
  4. ssid-code utf-8
  5. no enable-broad-ssid
  7. wlan-config 2 Ruijie-FB_176
  8. ssid-code utf-8
  9. no enable-broad-ssid
  10. tunnel local
  12. ap-group FB
  13. interface-mapping 2 20 ap-wlan-id 1
  15. ap-group ZB
  16. interface-mapping 1 60 ap-wlan-id 1
  18. ap-group default
  20. ap-config all
  22. ac-controller
  23. country CN
  24. 802.11g network rate 1 disabled
  25. 802.11g network rate 2 disabled
  26. 802.11g network rate 5 disabled
  27. 802.11g network rate 6 disabled
  28. 802.11g network rate 9 supported
  29. 802.11g network rate 11 mandatory
  30. 802.11g network rate 12 supported
  31. 802.11g network rate 18 supported
  32. 802.11g network rate 24 supported
  33. 802.11g network rate 36 supported
  34. 802.11g network rate 48 supported
  35. 802.11g network rate 54 supported
  36. 802.11b network rate 1 disabled
  37. 802.11b network rate 2 disabled
  38. 802.11b network rate 5 disabled
  39. 802.11b network rate 11 mandatory
  40. 802.11a network rate 6 disabled
  41. 802.11a network rate 9 supported
  42. 802.11a network rate 12 mandatory
  43. 802.11a network rate 18 supported
  44. 802.11a network rate 24 mandatory
  45. 802.11a network rate 36 supported
  46. 802.11a network rate 48 supported
  47. 802.11a network rate 54 supported
  49. ip dhcp snooping
  51. no identify-application enable
  53. no cwmp
  55. service dhcp
  57. ip dhcp pool Wireless
  58. network 192.168.60.0 255.255.255.0
  59. default-router 192.168.60.254
  61. install 0 WS6008
  63. sysmac c470.abe7.386b
  65. enable service web-server http
  66. enable service web-server https
  67. webmaster level 0 username admin password 7 06073a0e261b
  68. no service password-encryption
  70. redundancy
  72. link-check disable
  74. nfpp
  76. wids
  78. frn
  80. vlan 1
  82. vlan 60
  83. name Wireless
  85. vlan 100
  86. name Manage
  88. interface GigabitEthernet 0/1
  89. switchport mode trunk
  90. ip dhcp snooping trust
  92. interface GigabitEthernet 0/2
  94. interface GigabitEthernet 0/3
  96. interface GigabitEthernet 0/4
  98. interface GigabitEthernet 0/5
  100. interface GigabitEthernet 0/6
  102. interface GigabitEthernet 0/7
  104. interface GigabitEthernet 0/8
  106. interface Loopback 0
  107. ip address 11.168.0.204 255.255.255.255
  109. interface VLAN 1
  111. interface VLAN 60
  112. ip address 192.168.60.252 255.255.255.0
  113. vrrp 1 ip 192.168.60.254
  114. vrrp 1 priority 150
  116. interface VLAN 100
  117. ip address 192.168.100.2 255.255.255.0
  119. wlan hot-backup 11.168.0.205
  121. context 1
  122.   priority level 1
  123.   
  124. wlan hot-backup enable
  126. wlansec 1
  127. security rsn enable
  128. security rsn ciphers aes enable
  129. security rsn akm psk enable
  130. security rsn akm psk set-key ascii 12345678
  131. arp-check
  132. ip verify source port-security
  134. ip route 0.0.0.0 0.0.0.0 192.168.100.252
  136. line console 0
  137. line vty 0 4
  138. login
  140. end
复制代码
EG1

  1. interface GigabitEthernet 0/0
  2. ip address 192.168.1.1 255.255.255.0
  3. ip nat inside
  5. interface GigabitEthernet 0/1
  6. ip address 10.168.0.34 255.255.255.252
  7. ip nat inside
  9. interface GigabitEthernet 0/2
  10. ip address 10.168.0.38 255.255.255.252
  11. ip nat inside
  13. interface GigabitEthernet 0/3
  14. ip address 195.168.0.1 255.255.255.0
  15. crypto map mymap
  17. interface GigabitEthernet 0/4
  19. interface GigabitEthernet 0/5
  21. interface GigabitEthernet 0/6
  23. interface GigabitEthernet 0/7
  24.          
  25. interface GigabitEthernet 0/8
  27. interface GigabitEthernet 0/9
  29. interface Loopback 0
  30. ip address 11.168.0.11 255.255.255.255
  32. interface SSLVPN 0
  34. interface SSLVPN 1
  36. app route switch
  37. app route mode new-flow
  39. ip nat pool ssh prefix-length 24
  40. address 195.168.0.20 195.168.0.20 match interface GigabitEthernet 0/1
  42. ip nat outside source list 111 pool ssh
  43. ip nat inside source list 1 pool nat_pool overload
  44. ip nat inside source list 110 interface GigabitEthernet 0/3 overload
  46. ip route 10.168.0.0 255.255.255.252 10.168.0.33
  47. ip route 192.168.10.0 255.255.255.0 10.168.0.33 10
  48. ip route 192.168.10.0 255.255.255.0 10.168.0.37 100
  49. ip route 192.168.20.0 255.255.255.0 10.168.0.33 10
  50. ip route 192.168.20.0 255.255.255.0 10.168.0.37 100
  51. ip route 192.168.30.0 255.255.255.0 10.168.0.33 10
  52. ip route 192.168.30.0 255.255.255.0 10.168.0.37 100
  53. ip route 192.168.40.0 255.255.255.0 10.168.0.33 10
  54. ip route 192.168.40.0 255.255.255.0 10.168.0.37 100
  55. ip route 192.168.60.0 255.255.255.0 10.168.0.33 10
  56. ip route 192.168.60.0 255.255.255.0 10.168.0.37 100
  57. ip route 194.168.10.0 255.255.255.0 195.168.0.2
  59. line console 0
  60. line vty 0 4
  61. login
  63. end
复制代码
EG2

  1. hostname EG2
  2. vlan 1
  4. no service password-encryption
  6. ip access-list extended 110
  7. 10 permit ip 194.168.20.0 0.0.0.255 195.168.0.0 0.0.0.255 time-range working_time
  9. ip access-list extended 112
  10. 10 permit ip 194.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
  12. control-plane
  14. control-plane protocol
  15. no acpp
  17. control-plane manage
  18. no port-filter
  19. no arp-car
  20. no acpp
  22. control-plane data
  23. no glean-car
  24. no acpp
  26. enable service web-server http
  27. enable service web-server https
  29. crypto isakmp policy 1
  30. encryption 3des
  31. authentication pre-share
  32. hash md5
  33.   
  34. crypto isakmp key 7 151b5f72467e7a address 195.168.0.1
  35. crypto ipsec transform-set myset esp-3des esp-md5-hmac
  37. crypto map mymap 1 ipsec-isakmp
  38. set peer 195.168.0.1   
  39. set transform-set myset
  40. match address 112
  42. interface FastEthernet 1/0
  44. interface FastEthernet 1/1
  46. interface FastEthernet 1/2
  48. interface FastEthernet 1/3
  50. interface FastEthernet 1/4
  52. interface FastEthernet 1/5
  54. interface FastEthernet 1/6
  56. interface FastEthernet 1/7
  58. interface FastEthernet 1/8
  60. interface FastEthernet 1/9
  62. interface FastEthernet 1/10
  64. interface FastEthernet 1/11
  66. interface FastEthernet 1/12
  68. interface FastEthernet 1/13
  70. interface FastEthernet 1/14
  72. interface FastEthernet 1/15
  74. interface FastEthernet 1/16
  76. interface FastEthernet 1/17
  78. interface FastEthernet 1/18
  80. interface FastEthernet 1/19
  82. interface FastEthernet 1/20
  84. interface FastEthernet 1/21
  86. interface FastEthernet 1/22
  88. interface FastEthernet 1/23
  90. interface GigabitEthernet 0/0
  91. ip nat outside
  92. ip address 195.168.0.2 255.255.255.0
  93. crypto map mymap
  94. duplex auto
  95. speed auto
  97. interface GigabitEthernet 0/1
  98. ip nat inside
  99. ip address 10.168.0.42 255.255.255.252
  100. duplex auto
  101. speed auto
  103. interface Loopback 0
  104. ip address 11.168.0.12 255.255.255.255
  106. ip nat inside source list 110 interface GigabitEthernet 0/0 overload
  108. ip route 10.168.0.24 255.255.255.252 10.168.0.41
  109. ip route 192.168.20.0 255.255.255.0 195.168.0.1
  110. ip route 194.168.10.0 255.255.255.0 10.168.0.41
  111. ip route 194.168.20.0 255.255.255.0 10.168.0.41
  113. ref parameter 75 140
  114. line con 0
  115. line aux 0
  116. line vty 0 4
  117. login
  119. End
复制代码
终极路由情况





免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

x
回复

使用道具 举报

0 个回复

倒序浏览
返回列表

快速回复

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 or 立即注册

本版积分规则

忿忿的泥巴坨

金牌会员
这个人很懒什么都没写!

楼主热帖

标签云

挺好的 服务器
微信订阅号
微信服务号
微信客服
小程序
H5
关于我们 商务合作 网站地图
©Copyright 2022-2024 杭州祥升科技有限公司 版权所有 浙ICP备20004199号
快速回复 返回顶部 返回列表