作者:BSXY_19计科_陈永跃
BSXY_信息学院_名片v位于结尾处
注:未经允许禁止转发任何内容
前言及技术/资源下载说明( 未经允许禁止转发任何内容 )
有什么问题可以在评论区说明自己遇到的情况,博主看到会第一时间回复,希望其他人也可以回复别人的问题。
可根据以下所提供的设计与实现步骤过程一步一步自行实现(每一条命令都是关键的命令);但是如果有需要的也可以根据以下地址进行下载完整的topo图和完整的配置进行参考与借鉴,如若拿到topo图可多display查看配置,查看相应的命令,配套资源连接如下,相应的内容如下图所示:
网络规划-基于eNSP的IPv4加IPv6的企业/校园规划设计-毕设或课设可参考一步步的所有配置命令(ensp)+一步步可以直接刷的记事本命令可快速配置重复的工作+可以拷贝的命令笔记+详细的地址规划表+全程视频的配置+3000字的测试文档和截图_资源序号001
防火墙用户名:admin 密码:admin@123
需交流的时候本人一般都在线的,有什么问题我会的都会竭尽全力的为您解答好吧*,相应的测试命令和截图,到哪一步可以实现什么效果说明和到哪一步完成配置后应该用什么命令测试结果等等的都放在下图资源中了,持续更新中…
topo图也就是这样子的,相应的地址规划和路由规划大部分都在图中明确的标注了
该topo网络中用到的技术有vlan划分、eth-trunk捆绑、MSTP、VRRP、、DHCP中继、OSPF、BFD故障检测、端口安全及隔离、无线WLAN、PPPoE、IS-IS、BGP、MPLS V*N、DHCPsnooping、NQA、NATserver地址映射、NAT(地址池、easyIP两种转换)、tel***、ACL、IPsec VPN、路由引入、默认路由、FW的安全策略规划、ISISv6、OSPFv3、DHCPv6、6to4隧道、BGP4+等。该实验非常适合于把相应的单个技术学完想把这些技术综合起来的小伙伴,且对于毕设课设的小伙伴可以进行参考,进行自己的规划与设计。场景适用于毕业设计、校园网络规划、企业网络规划等场合,有什么问题可以在平台私信博主,博主看到都会第一时间回复的,最后说明该topo规划最后的作者权归于:BSXY_信息学院_19计科_陈永跃
一、设计topo图与设计要求(简单列举35个)
拓扑图1:
设计要求:
- 完成服务器、防火墙、路由器相应的接口地址的配置
- 慧源楼配置Eth-Trunk链路捆绑来提高链路的冗余
- 根据不同的地域划分多个不同的vlan,减小广播域大小,提高网络的可靠性和安全性
- 在明诚楼配置MSTP+VRRP,同时实现冗余,划分实例,让不同的vlan优先选择相应的交换机,并减少stp震荡
- 明诚楼、慧源楼、德润楼的所有用户通过配置相应的DHCP中继能自动获取地址,且DHCP服务器为DHCPserver
- 配置相应的ospf,多区域区域0中OSPF激活MD5认证,SW1/SW2采用接口方式配置
- 区域0内的设备启用BFD快速检测链路故障
- 分校区用户也需要要自动获取地址,相应服务器为AR4,AR4配置相应的子接口为相应终端分配地址
- 配置端口安全,且接口能够自动学习MAC地址
- 配置端口隔离实现PC6,PC7同VLAN内不能互访
- 分校区/分部的无线用的地址和AP的地址都由SW8来分配
- FW2作为PPPoE客户端,AR5作为PPPoE服务端,进行相应的拨号上网
- R1,R2,R3部署ISIS Level-2,区域ID 49.0000
- 部署MPLS VPN,其中R1,R3作为PE设备,R2作为路由放射器
- FW1,FW2作为CE端与PE端建立eBGP邻居关系
- 运营商AS 100,总部/主校区在65430,分支都在AS65000
- FW1,FW2之间部署IPSec VPN 实现总部/主校区与分支之间通信
- 其中总部和分支之间通信优先使用MPLS VPN若MPLS VPN故障使用IPSec VPN实现通信
- 若FW1中NQA检测10.1.5.5不可达则停止下发缺省到内网
- NAT配置总部/主校区用户方位外网用地址池10.1.22.100~10.1.22.110
- 分支用户访问外网采用EASY-IP实现
- 外网用户访问内网WEB服务——用100.100.100.100来做相应的地址映射
- 财务部服务器只能由内网的vlan 10用户访问
- 配置DHCP Snooping防止DHCP欺骗与非法dhcp服务器的接入
- 内部的所有交换机都可以被tel***进行远程管理
- 主校区/总部用户可以通过域名(www.baidu.***)访问外网百度,无线用户也可以
- ipv6中对于AS100内互联地址采用link-local地址
- R1,R2,R3的lo0地址2001:10:1:X::X/128
- 激活ISISv6,并保障v4与v6的拓扑分离
- SW1 SW2新增Lo0接口地址为2001:192:168:X::X/128
- FW1,SW1,SW2部署OSPFv3区域0,其中互联地址采用Link-local地址
- 分支FW2与AR4部署OSPFv3,互联地址采用link-local地址
- FW1,FW2利用MPLS VPN网络建立6to4隧道
- 对于6to4隧道基础上部署BGP4+,实现总部与分支的IPv6互通
二、相应地址规划表
地址规划表上传的时候有点模糊,这里没有做图片的一下优化处理,但是Excel里面的是可以编辑的或是可以更改的,像下图就比较清晰
三、基于eNSP中大型校园/企业网络规划与设计_ensp综合大作业(可不看)
插曲部分:基于eNSP中大型校园/企业网络规划与设计_ensp综合大作业(ensp综合实验) 如下图所示(但是并不在该篇文章中做详细介绍和说明,如查看可点击连接自行查看阅读):
设计要求:
- 完成服务器、防火墙、路由器相应的接口地址的配置
- 慧源楼配置Eth-Trunk链路捆绑来提高链路的冗余
- 根据不同的地域划分多个不同的vlan,减小广播域大小,提高网络的可靠性和安全性
- 在慧源楼配置RSTP+VRRP,避免网络的回环且快速收敛
- 在明诚楼配置MSTP+VRRP,同时实现冗余,划分实例,让不同的vlan优先选择相应的交换机,并减少stp震荡
- 明诚楼、慧源楼、服务区的所有用户通过配置相应的DHCP中继能自动获取地址,且DHCP服务器为AR2
- 分校区用户也需要要自动获取地址,相应服务器为AR13,AR13配置相应的子接口为相应终端分配地址
- 慧源楼主要配置OSPF让其相应路由器能学到相应的路由表
- 明诚楼应用RIP协议和OSPF协议,并将RIP和OSPF路由进行双向引入,让其能与慧源楼互通
- 服务区配置相应的ftp、dns、web服务器,如有PC接入也能自动获取地址,这里的PC用于测试相应的DHCP
- FW1和LSW4分别配置Vlink,让area3和area0之间能互通,学到相应的路由信息
- FW1/FW2都配置相应的安全策略,且在FW1上放行trust到dmz的流量
- FW1/FW2都配置相应的默认路由指向我们的运行商ISP
- FW1/FW2配置相应的NAT策略,使得内网、dmz可以访问外网(百度)
- FW1/FW2配置相应的IPsec VPN让模拟主校区与模拟分校区之间互通,允许互通的网段为172.16.X.X/16
- 外网模拟ISP使用使用IS-IS路由让其互通
- 主校区/分校区用户可以通过域名(www.baidu.***)访问外网百度,主校区可以通过域名(www.xyw.***)访问内网web服务器
- 我们主校区用户的dns服务器就用我们内部的dns服务器,分校区的dns服务器用ISP的dns服务器
四、该网络规划全过程(顺着一步一步走)
1、eth-trunk配置
HX_SW1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname HX_SW1
[HX_SW1]int eth-trunk 1
[HX_SW1-Eth-Trunk1]mode lacp-static
[HX_SW1-Eth-Trunk1]max active-linknumber 2
[HX_SW1-Eth-Trunk1]trunkport g0/0/24
[HX_SW1-Eth-Trunk1]trunkport g0/0/23
[HX_SW1-Eth-Trunk1]trunkport g0/0/22
[HX_SW1-Eth-Trunk1]lacp preempt enable
[HX_SW1-Eth-Trunk1]lacp preempt delay 10
[HX_SW1-Eth-Trunk1]qui
[HX_SW1]int g0/0/24
[HX_SW1-GigabitEther***0/0/24]lacp priority 16384
[HX_SW1-GigabitEther***0/0/24]qui
[HX_SW2]
----------------------------------
HX_SW2
<Huawei>sys
[Huawei]un in en
[Huawei]sysname HX_SW2
[HX_SW2]int eth-trunk 1
[HX_SW2-Eth-Trunk1]mode lacp-static
[HX_SW2-Eth-Trunk1]max active-linknumber 2
[HX_SW2-Eth-Trunk1]trunkport g0/0/24
[HX_SW2-Eth-Trunk1]trunkport g0/0/23
[HX_SW2-Eth-Trunk1]trunkport g0/0/22
[HX_SW2-Eth-Trunk1]lacp preempt enable
[HX_SW2-Eth-Trunk1]lacp preempt delay 10
[HX_SW2-Eth-Trunk1]qui
[HX_SW2]int g0/0/24
[HX_SW2-GigabitEther***0/0/24]lacp priority 16384
[HX_SW2-GigabitEther***0/0/24]qui
[HX_SW2]
2、vlan底层划分
JR_SW3:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname JR_SW3
[JR_SW3]vlan batch 10 20 100 101 900
[JR_SW3]int g0/0/3
[JR_SW3-GigabitEther***0/0/3]port link-type a***ess
[JR_SW3-GigabitEther***0/0/3]port default vlan 10
[JR_SW3-GigabitEther***0/0/3]int g0/0/4
[JR_SW3-GigabitEther***0/0/4]port link-type a***ess
[JR_SW3-GigabitEther***0/0/4]port default vlan 20
[JR_SW3-GigabitEther***0/0/4]qui
[JR_SW3]int g0/0/5
[JR_SW3-GigabitEther***0/0/5]port link-type trunk
[JR_SW3-GigabitEther***0/0/5]port trunk all vlan 100 101
[JR_SW3-GigabitEther***0/0/5]port trunk pvid vlan 100
[JR_SW3]port-group g g0/0/1 g0/0/2
[JR_SW3-port-group]port link-type trunk
[JR_SW3-GigabitEther***0/0/1]port link-type trunk
[JR_SW3-GigabitEther***0/0/2]port link-type trunk
[JR_SW3-port-group]port trunk allow-pass vlan 10 20 100 101 900
[JR_SW3-GigabitEther***0/0/1]port trunk allow-pass vlan 10 20 100 101 900
[JR_SW3-GigabitEther***0/0/2]port trunk allow-pass vlan 10 20 100 101 900
[JR_SW3-port-group]qui
[JR_SW3]
-------------------------------------
JR_SW4:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname JR_SW4
[JR_SW4]vlan batch 30 40 100 102 900
[JR_SW4]int g0/0/3
[JR_SW4-GigabitEther***0/0/3]port link-type a***ess
[JR_SW4-GigabitEther***0/0/3]port default vlan 30
[JR_SW4-GigabitEther***0/0/3]int g0/0/4
[JR_SW4-GigabitEther***0/0/4]port link-type a***ess
[JR_SW4-GigabitEther***0/0/4]port default vlan 40
[JR_SW4-GigabitEther***0/0/4]qui
[JR_SW4]int g0/0/5
[JR_SW4-GigabitEther***0/0/5]port link-type trunk
[JR_SW4-GigabitEther***0/0/5]port trunk pvid vlan 100
[JR_SW4-GigabitEther***0/0/5]port trunk allow-pass vlan 100 102
[JR_SW4-GigabitEther***0/0/5]qui
[JR_SW4]port-group g g0/0/1 g0/0/2
[JR_SW4-port-group]port link-type trunk
[JR_SW4-GigabitEther***0/0/1]port link-type trunk
[JR_SW4-GigabitEther***0/0/2]port link-type trunk
[JR_SW4-port-group]port trunk allow-pass vlan 30 40 100 102 900
[JR_SW4-GigabitEther***0/0/1]port trunk allow-pass vlan 30 40 100 102 900
[JR_SW4-GigabitEther***0/0/2]port trunk allow-pass vlan 30 40 100 102 900
[JR_SW4-port-group]qui
[JR_SW4]
------------------------------------
JR_SW5:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname JR_SW5
[JR_SW5]vlan batch 50 100 103 900
[JR_SW5]port-group g g0/0/3 g0/0/4
[JR_SW5-port-group]port link-type a***ess
[JR_SW5-GigabitEther***0/0/3]port link-type a***ess
[JR_SW5-GigabitEther***0/0/4]port link-type a***ess
[JR_SW5-port-group]port default vlan 50
[JR_SW5-GigabitEther***0/0/3]port default vlan 50
[JR_SW5-GigabitEther***0/0/4]port default vlan 50
[JR_SW5-port-group]qui
[JR_SW5]port-group g g0/0/1 g0/0/2
[JR_SW5-port-group]port link-type trunk
[JR_SW5-GigabitEther***0/0/1]port link-type trunk
[JR_SW5-GigabitEther***0/0/2]port link-type trunk
[JR_SW5-port-group]port trunk allow-pass vlan 50 900
[JR_SW5-GigabitEther***0/0/1]port trunk allow-pass vlan 50 100 103 900
[JR_SW5-GigabitEther***0/0/2]port trunk allow-pass vlan 50 100 103 900
[JR_SW5-port-group]qui
[JR_SW5]int g0/0/5
[JR_SW5-GigabitEther***0/0/5]port link-type trunk
[JR_SW5-GigabitEther***0/0/5]port trunk pvid vlan 100
[JR_SW5-GigabitEther***0/0/5]port trunk allow-pass vlan 100 103
[JR_SW5-GigabitEther***0/0/5]qui
[JR_SW5]
--------------------------------
JR_SW6:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname JR_SW6
[JR_SW6]vlan batch 200 900
[JR_SW6]port-group g g0/0/1 g0/0/2
[JR_SW6-port-group]port link-type trunk
[JR_SW6-GigabitEther***0/0/1]port link-type trunk
[JR_SW6-GigabitEther***0/0/2]port link-type trunk
[JR_SW6-port-group]port trunk allow-pass vlan 200 900
[JR_SW6-GigabitEther***0/0/1]port trunk allow-pass vlan 200 900
[JR_SW6-GigabitEther***0/0/2]port trunk allow-pass vlan 200 900
[JR_SW6-port-group]qui
[JR_SW6]port-group g g0/0/3 g0/0/4
[JR_SW6-port-group]port link-type a***ess
[JR_SW6-GigabitEther***0/0/3]port link-type a***ess
[JR_SW6-GigabitEther***0/0/4]port link-type a***ess
[JR_SW6-port-group]port default vlan 200
[JR_SW6-GigabitEther***0/0/3]port default vlan 200
[JR_SW6-GigabitEther***0/0/4]port default vlan 200
[JR_SW6-port-group]qui
[JR_SW6]
-----------------------------------------
HX_SW1:
[HX_SW1]vlan batch 10 11 20 30 40 50 100 101 102 103 200 900
[HX_SW1]int g0/0/1
[HX_SW1-GigabitEther***0/0/1]port link-type a***ess
[HX_SW1-GigabitEther***0/0/1]port default vlan 11
[HX_SW1-GigabitEther***0/0/1]int g0/0/2
[HX_SW1-GigabitEther***0/0/2]port link-type trunk
[HX_SW1-GigabitEther***0/0/2]port trunk allow-pass vlan 200 900
[HX_SW1-GigabitEther***0/0/2]int g0/0/3
[HX_SW1-GigabitEther***0/0/3]port link-type trunk
[HX_SW1-GigabitEther***0/0/3]port trunk allow-pass vlan 10 20 100 101 900
[HX_SW1-GigabitEther***0/0/3]int g0/0/4
[HX_SW1-GigabitEther***0/0/4]port link-type trunk
[HX_SW1-GigabitEther***0/0/4]port trunk allow-pass vlan 30 40 100 102 900
[HX_SW1-GigabitEther***0/0/4]int g0/0/5
[HX_SW1-GigabitEther***0/0/5]port link-type trunk
[HX_SW1-GigabitEther***0/0/5]port trunk allow-pass vlan 50 100 103 900
[HX_SW1-GigabitEther***0/0/5]int eth-trunk 1
[HX_SW1-Eth-Trunk1]port link-type trunk
[HX_SW1-Eth-Trunk1]port trunk allow-pass vlan all
[HX_SW1-Eth-Trunk1]qui
[HX_SW1]
--------------------------------------
HX_SW2:
[HX_SW2]vlan batch 10 12 20 30 40 50 100 101 102 103 200 900
[HX_SW2]int g0/0/1
[HX_SW2-GigabitEther***0/0/1]port link-type a***ess
[HX_SW2-GigabitEther***0/0/1]port default vlan 12
[HX_SW2-GigabitEther***0/0/1]int g0/0/2
[HX_SW2-GigabitEther***0/0/2]port link-type trunk
[HX_SW2-GigabitEther***0/0/2]port trunk allow-pass vlan 200 900
[HX_SW2-GigabitEther***0/0/2]int g0/0/3
[HX_SW2-GigabitEther***0/0/3]port link-type trunk
[HX_SW2-GigabitEther***0/0/3]port trunk allow-pass vlan 10 20 100 101 900
[HX_SW2-GigabitEther***0/0/3]int g0/0/4
[HX_SW2-GigabitEther***0/0/4]port link-type trunk
[HX_SW2-GigabitEther***0/0/4]port trunk allow-pass vlan 30 40 100 102 900
[HX_SW2-GigabitEther***0/0/4]int g0/0/5
[HX_SW2-GigabitEther***0/0/5]port link-type trunk
[HX_SW2-GigabitEther***0/0/5]port trunk allow-pass vlan 50 100 103 900
[HX_SW2-GigabitEther***0/0/5]int g0/0/6
[HX_SW2-GigabitEther***0/0/6]port link-type trunk
[HX_SW2-GigabitEther***0/0/6]port trunk allow-pass vlan all
[HX_SW2-GigabitEther***0/0/6]int eth-trunk 1
[HX_SW2-Eth-Trunk1]port link-type trunk
[HX_SW2-Eth-Trunk1]port trunk allow-pass vlan all
[HX_SW2-Eth-Trunk1]qui
[HX_SW2]
3、MSTP
HX_SW1:
[HX_SW1]stp region-configuration
[HX_SW1-mst-region]region-name huawei
[HX_SW1-mst-region]revision-level 1
[HX_SW1-mst-region]instance 1 vlan 10 20 100 101 200
[HX_SW1-mst-region]instance 2 vlan 30 40 50 102 103
[HX_SW1-mst-region]active region-configuration
[HX_SW1-mst-region]qui
[HX_SW1]stp instance 1 root primary
[HX_SW1]stp instance 2 root secondary
---------------------------
HX_SW2:
[HX_SW2]stp region-configuration
[HX_SW2-mst-region]region-name huawei
[HX_SW2-mst-region]revision-level 1
[HX_SW2-mst-region]instance 1 vlan 10 20 100 101 200
[HX_SW2-mst-region]instance 2 vlan 30 40 50 102 103
[HX_SW2-mst-region]active region-configuration
[HX_SW2-mst-region]qui
[HX_SW2]stp instance 2 root primary
[HX_SW2]stp instance 1 root secondary
----------------------------
JR_SW3:
[JR_SW3]stp region-configuration
[JR_SW3-mst-region]region-name huawei
[JR_SW3-mst-region]revision-level 1
[JR_SW3-mst-region]instance 1 vlan 10 20 100 101 200
[JR_SW3-mst-region]instance 2 vlan 30 40 50 102 103
[JR_SW3-mst-region]active region-configuration
[JR_SW3-mst-region]qui
[JR_SW3]
----------------------------
JR_SW4:
[JR_SW4]stp region-configuration
[JR_SW4-mst-region]region-name huawei
[JR_SW4-mst-region]revision-level 1
[JR_SW4-mst-region]instance 1 vlan 10 20 100 101 200
[JR_SW4-mst-region]instance 2 vlan 30 40 50 102 103
[JR_SW4-mst-region]active region-configuration
[JR_SW4-mst-region]qui
[JR_SW4]
---------------------------
JR_SW5:
[JR_SW5]stp region-configuration
[JR_SW5-mst-region]region-name huawei
[JR_SW5-mst-region]revision-level 1
[JR_SW5-mst-region]instance 1 vlan 10 20 100 101 200
[JR_SW5-mst-region]instance 2 vlan 30 40 50 102 103
[JR_SW5-mst-region]active region-configuration
[JR_SW5-mst-region]qui
[JR_SW5]
--------------------------
JR_SW6:
[JR_SW6]stp region-configuration
[JR_SW6-mst-region]region-name huawei
[JR_SW6-mst-region]revision-level 1
[JR_SW6-mst-region]instance 1 vlan 10 20 100 101 200
[JR_SW6-mst-region]instance 2 vlan 30 40 50 102 103
[JR_SW6-mst-region]active region-configuration
[JR_SW6-mst-region]qui
[JR_SW6]
4、VRRP
HX_SW1:
[HX_SW1]int vlan 10
[HX_SW1-Vlanif10]ip add 192.168.10.254 24
[HX_SW1-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.1
[HX_SW1-Vlanif10]vrrp vrid 10 priority 105
[HX_SW1-Vlanif10]vrrp vrid 10 track int g0/0/1
[HX_SW1-Vlanif10]int vlan 20
[HX_SW1-Vlanif20]ip add 192.168.20.254 24
[HX_SW1-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.1
[HX_SW1-Vlanif20]vrrp vrid 20 priority 105
[HX_SW1-Vlanif20]vrrp vrid 20 track int g0/0/1
[HX_SW1-Vlanif20]int vlan 100
[HX_SW1-Vlanif100]ip add 192.168.100.254 24
[HX_SW1-Vlanif100]vrrp vrid 100 virtual-ip 192.168.100.1
[HX_SW1-Vlanif100]vrrp vrid 100 priority 105
[HX_SW1-Vlanif100]vrrp vrid 100 track int g0/0/1
[HX_SW1-Vlanif100]int vlan 101
[HX_SW1-Vlanif101]ip add 192.168.101.254 24
[HX_SW1-Vlanif101]vrrp vrid 101 virtual-ip 192.168.101.1
[HX_SW1-Vlanif101]vrrp vrid 101 priority 105
[HX_SW1-Vlanif101]vrrp vrid 101 track int g0/0/1
[HX_SW1-Vlanif101]int vlan 200
[HX_SW1-Vlanif200]ip add 192.168.200.254 24
[HX_SW1-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1
[HX_SW1-Vlanif200]vrrp vrid 200 priority 105
[HX_SW1-Vlanif200]vrrp vrid 200 track int g0/0/1
[HX_SW1-Vlanif200]int vlan 30
[HX_SW1-Vlanif30]ip add 192.168.30.254 24
[HX_SW1-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.1
[HX_SW1-Vlanif30]int vlan 40
[HX_SW1-Vlanif40]ip add 192.168.40.254 24
[HX_SW1-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.1
[HX_SW1-Vlanif40]int vlan 50
[HX_SW1-Vlanif50]ip add 192.168.50.254 24
[HX_SW1-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.1
[HX_SW1-Vlanif50]int vlan 102
[HX_SW1-Vlanif102]ip add 192.168.102.254 24
[HX_SW1-Vlanif102]vrrp vrid 102 virtual-ip 192.168.102.1
[HX_SW1-Vlanif102]int vlan 103
[HX_SW1-Vlanif103]ip add 192.168.103.254 24
[HX_SW1-Vlanif103]vrrp vrid 103 virtual-ip 192.168.103.1
[HX_SW1-Vlanif103]int vlan 11
[HX_SW1-Vlanif11]ip add 192.168.11.1 24
[HX_SW1-Vlanif11]qui
[HX_SW1]
------------------------------
HX_SW2:
[HX_SW2]int vlan 10
[HX_SW2-Vlanif10]ip add 192.168.10.253 24
[HX_SW2-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.1
[HX_SW2-Vlanif10]int vlan 20
[HX_SW2-Vlanif20]ip add 192.168.20.253 24
[HX_SW2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.1
[HX_SW2-Vlanif20]int vlan 100
[HX_SW2-Vlanif100]ip add 192.168.100.253 24
[HX_SW2-Vlanif100]vrrp vrid 100 virtual-ip 192.168.100.1
[HX_SW2-Vlanif100]int vlan 101
[HX_SW2-Vlanif101]ip add 192.168.101.253 24
[HX_SW2-Vlanif101]vrrp vrid 101 virtual-ip 192.168.101.1
[HX_SW2-Vlanif101]int vlan 200
[HX_SW2-Vlanif200]ip add 192.168.200.253 24
[HX_SW2-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1
[HX_SW2-Vlanif200]int vlan 30
[HX_SW2-Vlanif30]ip add 192.168.30.253 24
[HX_SW2-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.1
[HX_SW2-Vlanif30]vrrp vrid 30 priority 105
[HX_SW2-Vlanif30]vrrp vrid 30 track int g0/0/1
[HX_SW2-Vlanif30]int vlan 40
[HX_SW2-Vlanif40]ip add 192.168.40.253 24
[HX_SW2-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.1
[HX_SW2-Vlanif40]vrrp vrid 40 priority 105
[HX_SW2-Vlanif40]vrrp vrid 40 track int g0/0/1
[HX_SW2-Vlanif40]int vlan 50
[HX_SW2-Vlanif50]ip add 192.168.50.253 24
[HX_SW2-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.1
[HX_SW2-Vlanif50]vrrp vrid 50 priority 105
[HX_SW2-Vlanif50]vrrp vrid 50 track int g0/0/1
[HX_SW2-Vlanif50]int vlan 102
[HX_SW2-Vlanif102]ip add 192.168.102.253 24
[HX_SW2-Vlanif102]vrrp vrid 102 virtual-ip 192.168.102.1
[HX_SW2-Vlanif102]vrrp vrid 102 priority 105
[HX_SW2-Vlanif102]vrrp vrid 102 track int g0/0/1
[HX_SW2-Vlanif102]int vlan 103
[HX_SW2-Vlanif103]ip add 192.168.103.253 24
[HX_SW2-Vlanif103]vrrp vrid 103 virtual-ip 192.168.103.1
[HX_SW2-Vlanif103]vrrp vrid 103 priority 105
[HX_SW2-Vlanif103]vrrp vrid 103 track int g0/0/1
[HX_SW2-Vlanif103]int vlan 12
[HX_SW2-Vlanif12]ip add 192.168.12.2 24
[HX_SW2-Vlanif12]qui
[HX_SW2]
5、测试PC通网关
/*手动给PC配置IP地址访问网关,如给vlan10下的PC配置
IP:192.168.10.3
GW:192.168.10.1 测试访问网关,ping 192.168.10.1通了即可*/
/*手动给PC配置IP地址访问网关,如给vlan30下的PC配置
IP:192.168.30.7
GW:192.168.30.1 测试访问网关,ping 192.168.30.1通了即可*/
6、DHCP中继
<Huawei>sys
[Huawei]un in en
[Huawei]sysname DHCP
[DHCP]int g0/0/0
[DHCP-GigabitEther***0/0/0]ip add 192.168.200.3 24
[DHCP-GigabitEther***0/0/0]qui
[DHCP]dhcp enable
[DHCP]ip pool vlan10
[DHCP-ip-pool-vlan10]***work 192.168.10.0 mask 24
[DHCP-ip-pool-vlan10]gateway-list 192.168.10.1
[DHCP-ip-pool-vlan10]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-vlan10]excluded-ip-address 192.168.10.250 192.168.10.254
[DHCP-ip-pool-vlan10]qui
[DHCP]ip pool vlan20
[DHCP-ip-pool-vlan20]***work 192.168.20.0 mask 24
[DHCP-ip-pool-vlan20]gateway-list 192.168.20.1
[DHCP-ip-pool-vlan20]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-vlan20]excluded-ip-address 192.168.20.250 192.168.20.254
[DHCP-ip-pool-vlan20]qui
[DHCP]ip pool vlan30
[DHCP-ip-pool-vlan30]***work 192.168.30.0 mask 24
[DHCP-ip-pool-vlan30]gateway-list 192.168.30.1
[DHCP-ip-pool-vlan30]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-vlan30]excluded-ip-address 192.168.30.250 192.168.30.254
[DHCP-ip-pool-vlan30]qui
[DHCP]ip pool vlan40
[DHCP-ip-pool-vlan40]***work 192.168.40.0 mask 24
[DHCP-ip-pool-vlan40]gateway-list 192.168.40.1
[DHCP-ip-pool-vlan40]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-vlan40]excluded-ip-address 192.168.40.250 192.168.40.254
[DHCP-ip-pool-vlan40]qui
[DHCP]ip pool vlan50
[DHCP-ip-pool-vlan50]***work 192.168.50.0 mask 24
[DHCP-ip-pool-vlan50]gateway-list 192.168.50.1
[DHCP-ip-pool-vlan50]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-vlan50]excluded-ip-address 192.168.50.250 192.168.50.254
[DHCP-ip-pool-vlan50]qui
[DHCP]ip pool ap_pool
[DHCP-ip-pool-ap_pool]***work 192.168.100.0 mask 24
[DHCP-ip-pool-ap_pool]gateway-list 192.168.100.1
[DHCP-ip-pool-ap_pool]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-ap_pool]excluded-ip-address 192.168.100.250 192.168.100.254
[DHCP-ip-pool-ap_pool]qui
[DHCP]ip pool hua1
[DHCP-ip-pool-hua1]***work 192.168.101.0 mask 24
[DHCP-ip-pool-hua1]gateway-list 192.168.101.1
[DHCP-ip-pool-hua1]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-hua1]excluded-ip-address 192.168.101.250 192.168.101.254
[DHCP-ip-pool-hua1]qui
[DHCP]ip pool hua2
[DHCP-ip-pool-hua2]***work 192.168.102.0 mask 24
[DHCP-ip-pool-hua2]gateway-list 192.168.102.1
[DHCP-ip-pool-hua2]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-hua2]excluded-ip-address 192.168.102.250 192.168.102.254
[DHCP-ip-pool-hua2]qui
[DHCP]ip pool hua3
[DHCP-ip-pool-hua3]***work 192.168.103.0 mask 24
[DHCP-ip-pool-hua3]gateway-list 192.168.103.1
[DHCP-ip-pool-hua3]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-hua3]excluded-ip-address 192.168.103.250 192.168.103.254
[DHCP-ip-pool-hua3]qui
[DHCP]int g0/0/0
[DHCP-GigabitEther***0/0/0]dhcp select global
[DHCP-GigabitEther***0/0/0]qui
[DHCP]ip route-static 0.0.0.0 0 192.168.200.1
[DHCP]
-----------------------------------
HX_SW1:
[HX_SW1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[HX_SW1]int vlan 10
[HX_SW1-Vlanif10]dhcp select relay
[HX_SW1-Vlanif10]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif10]int vlan 20
[HX_SW1-Vlanif20]dhcp select relay
[HX_SW1-Vlanif20]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif20]int vlan 30
[HX_SW1-Vlanif30]dhcp select relay
[HX_SW1-Vlanif30]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif30]int vlan 40
[HX_SW1-Vlanif40]dhcp select relay
[HX_SW1-Vlanif40]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif40]int vlan 50
[HX_SW1-Vlanif50]dhcp select relay
[HX_SW1-Vlanif50]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif50]int vlan 100
[HX_SW1-Vlanif100]dhcp select relay
[HX_SW1-Vlanif100]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif100]int vlan 101
[HX_SW1-Vlanif101]dhcp select relay
[HX_SW1-Vlanif101]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif101]int vlan 102
[HX_SW1-Vlanif102]dhcp select relay
[HX_SW1-Vlanif102]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif102]int vlan 103
[HX_SW1-Vlanif103]dhcp select relay
[HX_SW1-Vlanif103]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif103]qui
[HX_SW1]
----------------------------
HX_SW2:
[HX_SW2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[HX_SW2]int vlan 10
[HX_SW2-Vlanif10]dhcp select relay
[HX_SW2-Vlanif10]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif10]int vlan 20
[HX_SW2-Vlanif20]dhcp select relay
[HX_SW2-Vlanif20]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif20]int vlan 30
[HX_SW2-Vlanif30]dhcp select relay
[HX_SW2-Vlanif30]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif30]int vlan 40
[HX_SW2-Vlanif40]dhcp select relay
[HX_SW2-Vlanif40]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif40]int vlan 50
[HX_SW2-Vlanif50]dhcp select relay
[HX_SW2-Vlanif50]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif50]int vlan 100
[HX_SW2-Vlanif100]dhcp select relay
[HX_SW2-Vlanif100]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif100]int vlan 101
[HX_SW2-Vlanif101]dhcp select relay
[HX_SW2-Vlanif101]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif101]int vlan 102
[HX_SW2-Vlanif102]dhcp select relay
[HX_SW2-Vlanif102]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif102]int vlan 103
[HX_SW2-Vlanif103]dhcp select relay
[HX_SW2-Vlanif103]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif103]qui
[HX_SW2]
-------------------------------------
PC://目的只是模拟PC用于管理或测试tel***使用
<Huawei>sys
[Huawei]un in en
[Huawei]sysname PC
[PC]dhcp en
[PC]int g0/0/0
[PC-GigabitEther***0/0/0]ip add dhcp-alloc
[PC-GigabitEther***0/0/0]qui
[PC]qui
<PC>sa
7、无线WLAN
<AC6605>sys
[AC6605]un in en
[AC6605]sysname AC1
[AC1]vlan 100
[AC1-vlan100]int vlan 100
[AC1-Vlanif100]ip add 192.168.100.100 24
[AC1-Vlanif100]qui
[AC1]int g0/0/1
[AC1-GigabitEther***0/0/1]port link-type trunk
[AC1-GigabitEther***0/0/1]port trunk allow-pass vlan all
[AC1-GigabitEther***0/0/1]qui
[AC1]ip route-static 0.0.0.0 0.0.0.0 192.168.100.253
[AC1]capwap source interface vlanif100
[AC1]wlan
[AC1-wlan-view]ssid-profile name SSID_PRO
[AC1-wlan-ssid-prof-SSID_PRO]ssid huawei
[AC1-wlan-ssid-prof-SSID_PRO]qui
[AC1-wlan-view]security-profile name SEC_PRO
[AC1-wlan-sec-prof-SEC_PRO]security wpa2 psk pass-phrase huawei@123 aes
[AC1-wlan-sec-prof-SEC_PRO]qui
[AC1-wlan-view]vap-profile name VAP1_PRO
[AC1-wlan-vap-prof-VAP1_PRO]ssid-profile SSID_PRO
[AC1-wlan-vap-prof-VAP1_PRO]security-profile SEC_PRO
[AC1-wlan-vap-prof-VAP1_PRO]service-vlan vlan-id 101
[AC1-wlan-vap-prof-VAP1_PRO]qui
[AC1-wlan-view]vap-profile name VAP2_PRO
[AC1-wlan-vap-prof-VAP2_PRO]ssid-profile SSID_PRO
[AC1-wlan-vap-prof-VAP2_PRO]security-profile SEC_PRO
[AC1-wlan-vap-prof-VAP2_PRO]service-vlan vlan-id 102
[AC1-wlan-vap-prof-VAP2_PRO]qui
[AC1-wlan-view]vap-profile name VAP3_PRO
[AC1-wlan-vap-prof-VAP3_PRO]ssid-profile SSID_PRO
[AC1-wlan-vap-prof-VAP3_PRO]security-profile SEC_PRO
[AC1-wlan-vap-prof-VAP3_PRO]service-vlan vlan-id 103
[AC1-wlan-vap-prof-VAP3_PRO]qui
[AC1-wlan-view]vap-profile name VAP4_PRO
[AC1-wlan-vap-prof-VAP4_PRO]ssid-profile SSID_PRO
[AC1-wlan-vap-prof-VAP4_PRO]security-profile SEC_PRO
[AC1-wlan-vap-prof-VAP4_PRO]service-vlan vlan-id 104
[AC1-wlan-vap-prof-VAP4_PRO]qui
[AC1-wlan-view]ap-id 1 ap-mac 00e0-fc41-4590
[AC1-wlan-ap-1]ap-id 2 ap-mac 00e0-fc63-1250
[AC1-wlan-ap-2]ap-id 3 ap-mac 00e0-fc1f-8060
[AC1-wlan-ap-3]ap-id 4 ap-mac 00e0-fc1f-76d0
[AC1-wlan-ap-4]qui
[AC1-wlan-view]ap-id 1
[AC1-wlan-ap-1]ap-name AREA_1
[AC1-wlan-ap-1]vap-profile VAP1_PRO wlan 1 radio 0
[AC1-wlan-ap-1]vap-profile VAP1_PRO wlan 1 radio 1
[AC1-wlan-ap-1]qui
[AC1-wlan-view]ap-id 2
[AC1-wlan-ap-2]ap-name AREA_2
[AC1-wlan-ap-2]vap-profile VAP2_PRO wlan 1 radio 0
[AC1-wlan-ap-2]vap-profile VAP2_PRO wlan 1 radio 1
[AC1-wlan-ap-2]qui
[AC1-wlan-view]ap-id 3
[AC1-wlan-ap-3]ap-name AREA_3
[AC1-wlan-ap-3]vap-profile VAP3_PRO wlan 1 radio 0
[AC1-wlan-ap-3]vap-profile VAP3_PRO wlan 1 radio 1
[AC1-wlan-ap-3]qui
[AC1-wlan-view]ap-id 4
[AC1-wlan-ap-4]ap-name AREA_4
[AC1-wlan-ap-4]vap-profile VAP4_PRO wlan 1 radio 0
[AC1-wlan-ap-4]vap-profile VAP4_PRO wlan 1 radio 1
[AC1-wlan-ap-4]qui
[AC1-wlan-view]qui
[AC1]qui
<AC1>sa
8、防火墙FW1配置
<USG6000V1>sys
[USG6000V1]un in en
[USG6000V1]sysname FW1
[FW1]int g1/0/1
[FW1-GigabitEther***1/0/1]ip add 192.168.11.22 24
[FW1-GigabitEther***1/0/1]service-manage all permit
[FW1-GigabitEther***1/0/1]int g1/0/2
[FW1-GigabitEther***1/0/2]ip add 192.168.12.22 24
[FW1-GigabitEther***1/0/2]service-manage all permit
[FW1-GigabitEther***1/0/2]int g1/0/0
[FW1-GigabitEther***1/0/0]ip add 192.168.111.22 24
[FW1-GigabitEther***1/0/0]service-manage all permit
[FW1-GigabitEther***1/0/0]int g1/0/3
[FW1-GigabitEther***1/0/3]ip add 10.1.122.22 24
[FW1-GigabitEther***1/0/3]service-manage all permit
[FW1-GigabitEther***1/0/3]int g1/0/4
[FW1-GigabitEther***1/0/4]ip add 10.1.22.22 24
[FW1-GigabitEther***1/0/4]service-manage all permit
[FW1-GigabitEther***1/0/4]qui
[FW1]firewall zone trust
[FW1-zone-trust]add int g1/0/1
[FW1-zone-trust]add int g1/0/2
[FW1-zone-trust]qui
[FW1]firewall zone dmz
[FW1-zone-dmz]add int g1/0/0
[FW1-zone-dmz]qui
[FW1]firewall zone untrust
[FW1-zone-untrust]add int g1/0/3
[FW1-zone-untrust]add int g1/0/4
[FW1-zone-untrust]qui
[FW1]icmp ttl-exceeded send
[FW1]
9、OSPF&加认证
FW1:
[FW1]ospf 1 router-id 10.1.4.4
[FW1-ospf-1]default-route-advertise
[FW1-ospf-1]area 0
[FW1-ospf-1-area-0.0.0.0]*** 192.168.11.0 0.0.0.255
[FW1-ospf-1-area-0.0.0.0]*** 192.168.12.0 0.0.0.255
[FW1-ospf-1-area-0.0.0.0]authentication-mode md5 1 plain huawei
[FW1-ospf-1-area-0.0.0.0]qui
[FW1-ospf-1]qui
[FW1]
--------------------------------
HX_SW1:
[HX_SW1]ospf 1 router-id 10.1.5.5
[HX_SW1-ospf-1]area 1
[HX_SW1-ospf-1-area-0.0.0.1]***work 192.168.10.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]***work 192.168.20.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]***work 192.168.30.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]***work 192.168.40.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]***work 192.168.50.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]***work 192.168.100.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]***work 192.168.101.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]***work 192.168.102.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]***work 192.168.103.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]qui
[HX_SW1-ospf-1]area 0
[HX_SW1-ospf-1-area-0.0.0.0]***work 192.168.11.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]authentication-mode md5 1 plain huawei
[HX_SW1-ospf-1-area-0.0.0.0]qui
[HX_SW1-ospf-1]silent-interface vlan 10
[HX_SW1-ospf-1]silent-interface vlan 20
[HX_SW1-ospf-1]silent-interface vlan 30
[HX_SW1-ospf-1]silent-interface vlan 40
[HX_SW1-ospf-1]silent-interface vlan 50
[HX_SW1-ospf-1]silent-interface vlan 101
[HX_SW1-ospf-1]silent-interface vlan 102
[HX_SW1-ospf-1]silent-interface vlan 103
[HX_SW1-ospf-1]silent-interface vlan 200
[HX_SW1-ospf-1]qui
[HX_SW1]
------------------------------
HX_SW2:
[HX_SW2]ospf 1 router-id 10.1.6.6
[HX_SW2-ospf-1]area 1
[HX_SW2-ospf-1-area-0.0.0.1]***work 192.168.10.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]***work 192.168.20.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]***work 192.168.30.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]***work 192.168.40.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]***work 192.168.50.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]***work 192.168.100.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]***work 192.168.101.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]***work 192.168.102.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]***work 192.168.103.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]qui
[HX_SW2-ospf-1]area 0
[HX_SW2-ospf-1-area-0.0.0.0]***work 192.168.12.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]authentication-mode md5 1 plain huawei
[HX_SW2-ospf-1-area-0.0.0.0]qui
[HX_SW2-ospf-1]silent-interface vlan 10
[HX_SW2-ospf-1]silent-interface vlan 20
[HX_SW2-ospf-1]silent-interface vlan 30
[HX_SW2-ospf-1]silent-interface vlan 40
[HX_SW2-ospf-1]silent-interface vlan 50
[HX_SW2-ospf-1]silent-interface vlan 101
[HX_SW2-ospf-1]silent-interface vlan 102
[HX_SW2-ospf-1]silent-interface vlan 103
[HX_SW1-ospf-1]silent-interface vlan 200
[HX_SW2-ospf-1]qui
[HX_SW2]
10、BFD故障检测
FW1:
[FW1]bfd
[FW1-bfd]qui
[FW1]ospf
[FW1-ospf-1]bfd all-interfaces enable
[FW1-ospf-1]qui
[FW1]
------------------------------
HX_SW1:
[HX_SW1]bfd
[HX_SW1-bfd]qui
[HX_SW1]int vlan 11
[HX_SW1-Vlanif11]ospf bfd enable
[HX_SW1-Vlanif11]qui
[HX_SW1]
-----------------------------
HX_SW2:
[HX_SW2]bfd
[HX_SW2-bfd]qui
[HX_SW2]int vlan 12
[HX_SW2-Vlanif12]ospf bfd enable
[HX_SW2-Vlanif12]qui
[HX_SW2]
11、分部/分校DHCP配置
AR4:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR4
[AR4]dhcp enable
[AR4]int g0/0/1
[AR4-GigabitEther***0/0/1]ip add 172.16.60.4 24
[AR4-GigabitEther***0/0/1]dhcp select int
[AR4-GigabitEther***0/0/1]qui
[AR4]int g0/0/2
[AR4-GigabitEther***0/0/2]ip add 172.16.48.4 24
[AR4-GigabitEther***0/0/2]int g0/0/0
[AR4-GigabitEther***0/0/0]ip add 172.16.134.4 24
[AR4-GigabitEther***0/0/0]qui
[AR4]
12、端口安全和隔离
SW7:
<Huawei>sys
[Huawei]un in en
[Huawei]sys SW7
[SW7]p g g0/0/2 g0/0/3
[SW7-port-group]port-security enable
[SW7-GigabitEther***0/0/2]port-security enable
[SW7-GigabitEther***0/0/3]port-security enable
[SW7-port-group]port-security mac-add sticky
[SW7-GigabitEther***0/0/2]port-security mac-add sticky
[SW7-GigabitEther***0/0/3]port-security mac-add sticky
[SW7-port-group]port-isolate enable
[SW7-GigabitEther***0/0/2]port-isolate enable
[SW7-GigabitEther***0/0/3]port-isolate enable
[SW7-port-group]qui
[SW7]dis port-isolate group all
The ports in isolate group 1:
GigabitEther***0/0/2 GigabitEther***0/0/3
[SW7]
13、分部/分校WLAN部分
LSW8:
<Huawei>sys
[Huawei]un in en
[Huawei]sys LSW8
[LSW8]vlan batch 100 104 48
[LSW8]int g0/0/1
[LSW8-GigabitEther***0/0/1]port link a***
[LSW8-GigabitEther***0/0/1]port default vlan 48
[LSW8-GigabitEther***0/0/1]int g0/0/2
[LSW8-GigabitEther***0/0/2]port link trunk
[LSW8-GigabitEther***0/0/2]port trunk all vlan 100 104
[LSW8-GigabitEther***0/0/2]port trunk pvid vlan 100
[LSW8-GigabitEther***0/0/2]qui
[LSW8]dhcp enable
[LSW8]ip pool ap_pool
[LSW8-ip-pool-ap_pool]gateway-list 172.16.100.1
[LSW8-ip-pool-ap_pool]***work 172.16.100.0 mask 24
[LSW8-ip-pool-ap_pool]excluded-ip-address 172.16.100.129 172.16.100.254
[LSW8-ip-pool-ap_pool]lease unlimited
[LSW8-ip-pool-ap_pool]option 43 sub-option 3 ascii 192.168.100.100
[LSW8-ip-pool-ap_pool]qui
[LSW8]ip pool hua4
[LSW8-ip-pool-hua4]***work 172.16.104.0 mask 24
[LSW8-ip-pool-hua4]gateway-list 172.16.104.1
[LSW8-ip-pool-hua4]dns-list 192.168.200.2 8.8.8.8
[LSW8-ip-pool-hua4]excluded-ip-address 172.16.104.250 172.16.104.254
[LSW8-ip-pool-hua4]qui
[LSW8]int vlan 48
[LSW8-Vlanif48]ip add 172.16.48.8 24
[LSW8-Vlanif48]int vlan 100
[LSW8-Vlanif100]ip add 172.16.100.1 24
[LSW8-Vlanif100]dhcp select global
[LSW8-Vlanif100]int vlan 104
[LSW8-Vlanif104]ip add 172.16.104.1 24
[LSW8-Vlanif104]dhcp select global
[LSW8-Vlanif104]qui
[LSW8]
//配置好后等待与总部/主校互通即可放射
14、分部/分校OSPF配置
FW2:
<USG6000V1>sys
[USG6000V1]un in en
[USG6000V1]sys FW2
[FW2]int g1/0/1
[FW2-GigabitEther***1/0/1]ip add 10.1.133.33 24
[FW2-GigabitEther***1/0/1]service-manage all permit
[FW2-GigabitEther***1/0/1]int g1/0/0
[FW2-GigabitEther***1/0/0]ip add 172.16.134.33 24
[FW2-GigabitEther***1/0/0]service-manage all permit
[FW2-GigabitEther***1/0/2]int g1/0/2
[FW2-GigabitEther***1/0/2]service-manage all permit
[FW2-GigabitEther***1/0/2]qui
[FW2]firewall zone trust
[FW2-zone-trust]add int g1/0/0
[FW2-zone-trust]qui
[FW2]firewall zone untrust
[FW2-zone-untrust]add int g1/0/1
[FW2-zone-untrust]add int g1/0/2
[FW2-zone-untrust]qui
[FW2]icmp ttl send
[FW2]ospf
[FW2-ospf-1]default-route-advertise
[FW2-ospf-1]area 0
[FW2-ospf-1-area-0.0.0.0]*** 172.16.134.0 0.0.0.255
[FW2-ospf-1-area-0.0.0.0]qui
[FW2-ospf-1]qui
[FW2]
-----------------------------
AR4:
[AR4]OSPF
[AR4-ospf-1]area 0
[AR4-ospf-1-area-0.0.0.0]*** 172.16.0.0 0.0.255.255
[AR4-ospf-1-area-0.0.0.0]qui
[AR4-ospf-1]qui
[AR4]
----------------------------
LSW8:
[LSW8]ospf
[LSW8-ospf-1]area 0
[LSW8-ospf-1-area-0.0.0.0]*** 172.16.0.0 0.0.255.255
[LSW8-ospf-1-area-0.0.0.0]qui
[LSW8-ospf-1]qui
[LSW8]
15、PPPoE拨号
AR5:
<Huawei>sys
[Huawei]un in en
[Huawei]sys AR5
[AR5]int loo0
[AR5-LoopBack0]ip add 10.1.5.5 32
[AR5-LoopBack0]int g0/0/0
[AR5-GigabitEther***0/0/0]ip add 10.1.22.5 24
[AR5-GigabitEther***0/0/0]int g0/0/1
[AR5-GigabitEther***0/0/1]ip add 10.1.33.5 24
[AR5-GigabitEther***0/0/1]int g0/0/2
[AR5-GigabitEther***0/0/2]ip add 10.10.10.9 24
[AR5-GigabitEther***0/0/1]qui
[AR5]aaa
[AR5-aaa]local-user user password cipher huawei
[AR5-aaa]local-user user service-type ppp
[AR5-aaa]qui
[AR5]int virtual-template1
[AR5-Virtual-Template1]ip add unnumbered int g0/0/1
[AR5-Virtual-Template1]ppp authentication-mode chap
[AR5-Virtual-Template1]remote add 10.1.33.33
[AR5-Virtual-Template1]int g0/0/1
[AR5-GigabitEther***0/0/1]pppoe-server bind virtual-template 1
[AR5-GigabitEther***0/0/1]qui
[AR5]ip route-static 0.0.0.0 0 10.1.22.22
----------------------------
FW2:
[FW2]int Dialer 1
[FW2-Dialer1]ip add ppp-negotiate
[FW2-Dialer1]ppp chap user user
[FW2-Dialer1]ppp chap password cipher huawei
[FW2-Dialer1]dialer user test1
[FW2-Dialer1]dialer bundle 1
[FW2-Dialer1]mtu 1492
[FW2-Dialer1]qui
[FW2]int g1/0/2
[FW2-GigabitEther***1/0/2]pppoe-client dial-bundle-number 1
[FW2-GigabitEther***1/0/2]qui
[FW2]firewall zone untrust
[FW2-zone-untrust]add int dialer 1
[FW2-zone-untrust]qui
[FW2]
16、公网互通
AR1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR1
[AR1]int loo0
[AR1-LoopBack0]ip add 10.1.1.1 32
[AR1-LoopBack0]int g0/0/1
[AR1-GigabitEther***0/0/1]ip add 10.1.12.1 24
[AR1-GigabitEther***0/0/1]qui
[AR1]isis
[AR1-isis-1]*** 49.0000.0000.0000.0001.00
[AR1-isis-1]is-level level-2
[AR1-isis-1]qui
[AR1]int loo0
[AR1-LoopBack0]isis en
[AR1-LoopBack0]int g0/0/1
[AR1-GigabitEther***0/0/1]isis en
[AR1-GigabitEther***0/0/1]qui
[AR1]
------------------------------
AR2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR2
[AR2]int loo0
[AR2-LoopBack0]ip add 10.1.2.2 32
[AR2-LoopBack0]int g0/0/0
[AR2-GigabitEther***0/0/0]ip add 10.1.12.2 24
[AR2-GigabitEther***0/0/0]int g0/0/1
[AR2-GigabitEther***0/0/1]ip add 10.1.23.2 24
[AR2-GigabitEther***0/0/1]qui
[AR2]isis
[AR2-isis-1]*** 49.0000.0000.0000.0002.00
[AR2-isis-1]is-level level-2
[AR2-isis-1]qui
[AR2]int loo0
[AR2-LoopBack0]isis en
[AR2-LoopBack0]int g0/0/0
[AR2-GigabitEther***0/0/0]isis en
[AR2-GigabitEther***0/0/0]int g0/0/1
[AR2-GigabitEther***0/0/1]isis en
[AR2-GigabitEther***0/0/1]qui
[AR2]
----------------------------
AR3:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR3
[AR3]int loo0
[AR3-LoopBack0]ip add 10.1.3.3 32
[AR3-LoopBack0]int g0/0/0
[AR3-GigabitEther***0/0/0]ip add 10.1.23.3 24
[AR3-GigabitEther***0/0/0]qui
[AR3]isis
[AR3-isis-1]*** 49.0000.0000.0000.0003.00
[AR3-isis-1]is-level level-2
[AR3-isis-1]int loo0
[AR3-LoopBack0]isis en
[AR3-LoopBack0]int g0/0/0
[AR3-GigabitEther***0/0/0]isis en
[AR3-GigabitEther***0/0/0]qui
[AR3]
17、BGP建邻居
AR1:
[AR1]bgp 100
[AR1-bgp]peer 10.1.2.2 as-n 100
[AR1-bgp]peer 10.1.2.2 con loo0
[AR1-bgp]ipv4 unicast
[AR1-bgp-af-ipv4]undo peer 10.1.2.2 en
[AR1-bgp-af-ipv4]qui
[AR1-bgp]ipv4 vpnv4
[AR1-bgp-af-vpnv4]peer 10.1.2.2 en
[AR1-bgp-af-vpnv4]qui
[AR1-bgp]qui
[AR1]
-----------------------
AR2:
[AR2]bgp 100
[AR2-bgp]peer 10.1.1.1 as-n 100
[AR2-bgp]peer 10.1.1.1 con loo0
[AR2-bgp]peer 10.1.3.3 as-n 100
[AR2-bgp]peer 10.1.3.3 con loo0
[AR2-bgp]ipv4 unicast
[AR2-bgp-af-ipv4]undo peer 10.1.1.1 en
[AR2-bgp-af-ipv4]undo peer 10.1.3.3 en
[AR2-bgp-af-ipv4]qui
[AR2-bgp]ipv4 vpnv4
[AR2-bgp-af-vpnv4]peer 10.1.1.1 en
[AR2-bgp-af-vpnv4]peer 10.1.1.1 reflect-client
[AR2-bgp-af-vpnv4]peer 10.1.3.3 en
[AR2-bgp-af-vpnv4]peer 10.1.3.3 reflect-client
[AR2-bgp-af-vpnv4]undo policy vpn-target
[AR2-bgp-af-vpnv4]qui
[AR2-bgp]qui
[AR2]
---------------------------
AR3:
[AR3]bgp 100
[AR3-bgp]peer 10.1.2.2 as-n 100
[AR3-bgp]peer 10.1.2.2 con loo0
[AR3-bgp]ipv4 unicast
[AR3-bgp-af-ipv4]undo peer 10.1.2.2 en
[AR3-bgp-af-ipv4]qui
[AR3-bgp]ipv4 vpnv4
[AR3-bgp-af-vpnv4]peer 10.1.2.2 en
[AR3-bgp-af-vpnv4]
[AR3-bgp-af-vpnv4]qui
[AR3-bgp]qui
[AR3]
---------------------------
FW1:
[FW1]bgp 65430
[FW1-bgp]peer 10.1.122.1 as-n 100
[FW1-bgp]import-route ospf 1
[FW1-bgp]qui
[FW1]ospf 1
[FW1-ospf-1]import-route bgp
[FW1-ospf-1]qui
[FW1]
-------------------------
FW2:
[FW2]bgp 65000
[FW2-bgp]peer 10.1.133.3 as-n 100
[FW2-bgp]import-route ospf 1
[FW2-bgp]qui
[FW2]ospf 1
[FW2-ospf-1]import-route bgp
[FW2-ospf-1]qui
[FW2]
18、MPLS
[AR1]mpls lsr-id 10.1.1.1
[AR1]mpls
[AR1-mpls]mpls ldp
[AR1-mpls-ldp]qui
[AR1]int g0/0/1
[AR1-GigabitEther***0/0/1]mpls
[AR1-GigabitEther***0/0/1]mpls ldp
[AR1-GigabitEther***0/0/1]qui
[AR1]
---------------
AR2:
[AR2]mpls lsr-id 10.1.2.2
[AR2]mpls
[AR2-mpls]mpls ldp
[AR2-mpls-ldp]qui
[AR2]int g0/0/0
[AR2-GigabitEther***0/0/0]mpls
[AR2-GigabitEther***0/0/0]mpls ldp
[AR2-GigabitEther***0/0/0]qui
[AR2]int g0/0/1
[AR2-GigabitEther***0/0/1]mpls
[AR2-GigabitEther***0/0/1]mpls ldp
[AR2-GigabitEther***0/0/1]qui
[AR2]
------------------------
AR3:
[AR3]mpls lsr-id 10.1.3.3
[AR3]mpls
[AR3-mpls]mpls ldp
[AR3-mpls-ldp]qui
[AR3]int g0/0/0
[AR3-GigabitEther***0/0/0]mpls
[AR3-GigabitEther***0/0/0]mpls ldp
[AR3-GigabitEther***0/0/0]qui
[AR3]
19、VPN实例
AR1:
[AR1]ip vpn-instance VPN_A
[AR1-vpn-instance-VPN_A]route-distinguisher 100:22
[AR1-vpn-instance-VPN_A-af-ipv4]vpn-target 100:22 export-ext***munity
[AR1-vpn-instance-VPN_A-af-ipv4]vpn-target 100:33 import-ext***munity
[AR1-vpn-instance-VPN_A-af-ipv4]qui
[AR1-vpn-instance-VPN_A]int g0/0/0
[AR1-GigabitEther***0/0/0]ip binding vpn-instance VPN_A
[AR1-GigabitEther***0/0/0]ip add 10.1.122.1 24
[AR1-GigabitEther***0/0/0]qui
[AR1]bgp 100
[AR1-bgp]ipv4 vpn-instance VPN_A
[AR1-bgp-VPN_A]peer 10.1.122.22 as-n 65430
[AR1-bgp-VPN_A]qui
[AR1-bgp]qui
[AR1]
----------------
AR3:
[AR3]ip vpn-instance VPN_B
[AR3-vpn-instance-VPN_B]route-distinguisher 100:33
[AR3-vpn-instance-VPN_B-af-ipv4]vpn-target 100:33 export-ext***munity
[AR3-vpn-instance-VPN_B-af-ipv4]vpn-target 100:22 import-ext***munity
[AR3-vpn-instance-VPN_B-af-ipv4]qui
[AR3-vpn-instance-VPN_B]int g0/0/1
[AR3-GigabitEther***0/0/1]ip binding vpn-instance VPN_B
[AR3-GigabitEther***0/0/1]ip add 10.1.133.3 24
[AR3-GigabitEther***0/0/1]qui
[AR3]bgp 100
[AR3-bgp]ipv4 vpn-instance VPN_B
[AR3-bgp-VPN_B]peer 10.1.133.33 as-n 65000
[AR3-bgp-VPN_B]qui
[AR3-bgp]qui
[AR3]
20、安全策略
这一部分要不我就先不放在文章中,
配置的设备只有FW1和FW2这里的配
置的技术是这样的,放行相应的安
全策略即可,放行相应的安全策略
这个时候总部/主校区和分支之间
就可以通过MPLSVPN实现互通
这一部分在文章中省了,但是在可以拷贝的
命令笔记和相应的记事本版本的命令都没有省,
一条一条的命令都是有的,也都是全的。
21、IPSec VPN
这一部分同样要不我就先不放在文章中,
配置的设备只有FW1和FW2,这里的配置
的技术是这样的,这里得和我们的需求
结合一下FW2的对端是FW1,指定相应的
对端地址,但是这FW1的对端是FW2没错,
但是这里没有对端地址,配置完相应的
IPsec之后在放行相应的安全策略即可。
这一部分在文章中省了,但是在可以拷贝的
命令笔记和相应的记事本版本的命令都没有省,
一条一条的命令都是有的,也都是全的。
22、DHCP snooping
[SW7]vlan batch 60
[SW7]p g g0/0/1 g0/0/2 g0/0/3
[SW7-port-group]port link-type a***
[SW7-GigabitEther***0/0/1]port link-type a***
[SW7-GigabitEther***0/0/2]port link-type a***
[SW7-GigabitEther***0/0/3]port link-type a***
[SW7-port-group]port default vlan 60
[SW7-GigabitEther***0/0/1]port default vlan 60
[SW7-GigabitEther***0/0/2]port default vlan 60
[SW7-GigabitEther***0/0/3]port default vlan 60
[SW7-port-group]qui
[SW7]dhcp en
[SW7]dhcp snooping en
[SW7]vlan 60
[SW7-vlan60]dhcp snooping enable
[SW7-vlan60]dhcp snooping check dhcp-chaddr enable
[SW7-vlan60]qui
[SW7]dhcp snooping user-bind autosave flash:/back.tbl
[SW7]int g0/0/1
[SW7-GigabitEther***0/0/1]dhcp snooping trusted
[SW7-GigabitEther***0/0/1]qui
[SW7]
23、NQA配置
[FW1]nqa test-instance ceshi icmp
[FW1-nqa-ceshi-icmp]test-type icmp
[FW1-nqa-ceshi-icmp]destination-add ipv4 10.1.5.5
[FW1-nqa-ceshi-icmp]frequency 15
[FW1-nqa-ceshi-icmp]timeout 2
[FW1-nqa-ceshi-icmp]records history 3
[FW1-nqa-ceshi-icmp]records result 1
[FW1-nqa-ceshi-icmp]start now
[FW1-nqa-ceshi-icmp]qui
[FW1]ip route-static 10.1.5.5 32 10.1.22.5
[FW1]ip route-static 0.0.0.0 0 10.1.22.5 track nqa cshi icmp
24、NAT配置
这一部分同样要不我就先不放在文章中,配置
的设备只有FW1和FW2,只需配置相应
的NAT策略即可
这一部分在文章中省了,但是在可以拷贝的
命令笔记和相应的记事本版本的命令都没有省,
一条一条的命令都是有的,也都是全的。
25、NATserver
[FW1]nat server protocol tcp global 100.100.100.100 80 inside 192.168.111.10 80
[FW1]sec
[FW1-policy-security]rule name out_to_dmz
[FW1-policy-security-rule-out_to_dmz]source-zone untrust
[FW1-policy-security-rule-out_to_dmz]destination-zone dmz
[FW1-policy-security-rule-out_to_dmz]destination-address 192.168.111.10 32
[FW1-policy-security-rule-out_to_dmz]action permit
[FW1-policy-security-rule-out_to_dmz]qui
[FW1-policy-security]
26、tel***
<HX_SW1>sy
[HX_SW1]aaa
[HX_SW1-aaa]local-user huawei privilege level 3 password cipher 5555
[HX_SW1-aaa]local-user huawei service-type tel***
[HX_SW1-aaa]qui
[HX_SW1]user-interface vty 0 4
[HX_SW1-ui-vty0-4]authentication-mode aaa
[HX_SW1-ui-vty0-4]protocol inbound tel***
[HX_SW1-ui-vty0-4]qui
[HX_SW1]int vlanif 900
[HX_SW1-Vlanif900]ip add 192.168.255.254 24
[HX_SW1-Vlanif900]vrrp vrid 255 virtual-ip 192.168.255.1
[HX_SW1-Vlanif900]qui
[HX_SW1]qui
-------------------------------------------
HX_SW2:
[HX_SW2]aaa
[HX_SW2-aaa]local-user huawei privilege level 3 password cipher 5555
[HX_SW2-aaa]local-user huawei service-type tel***
[HX_SW2-aaa]qui
[HX_SW2]user-interface vty 0 4
[HX_SW2-ui-vty0-4]authentication-mode aaa
[HX_SW2-ui-vty0-4]protocol inbound tel***
[HX_SW2-ui-vty0-4]qui
[HX_SW2]int vlanif 900
[HX_SW2-Vlanif900]ip add 192.168.255.253 24
[HX_SW2-Vlanif900]vrrp vrid 255 virtual-ip 192.168.255.1
[HX_SW2-Vlanif900]qui
[HX_SW2]qui
-------------------------------------------
JR_SW3:
[JR_SW3]aaa
[JR_SW3-aaa]local-user huawei privilege level 3 password cipher 5555
[JR_SW3-aaa]local-user huawei service-type tel***
[JR_SW3-aaa]qui
[JR_SW3]user-interface vty 0 4
[JR_SW3-ui-vty0-4]authentication-mode aaa
[JR_SW3-ui-vty0-4]protocol inbound tel***
[JR_SW3-ui-vty0-4]qui
[JR_SW3]int vlanif 900
[JR_SW3-Vlanif900]ip add 192.168.255.3 24
[JR_SW3-Vlanif900]qui
[JR_SW3]ip route-static 0.0.0.0 0 192.168.255.1
[JR_SW3]qui
-------------------------------------------
JR_SW4:
[JR_SW4]aaa
[JR_SW4-aaa]local-user huawei privilege level 3 password cipher 5555
[JR_SW4-aaa]local-user huawei service-type tel***
[JR_SW4-aaa]qui
[JR_SW4]user-interface vty 0 4
[JR_SW4-ui-vty0-4]authentication-mode aaa
[JR_SW4-ui-vty0-4]protocol inbound tel***
[JR_SW4-ui-vty0-4]qui
[JR_SW4]int vlanif 900
[JR_SW4-Vlanif900]ip add 192.168.255.4 24
[JR_SW4-Vlanif900]qui
[JR_SW4]ip route-static 0.0.0.0 0 192.168.255.1
[JR_SW4]qui
-------------------------------------------
JR_SW5:
[JR_SW5]aaa
[JR_SW5-aaa]local-user huawei privilege level 3 password cipher 5555
[JR_SW5-aaa]local-user huawei service-type tel***
[JR_SW5-aaa]qui
[JR_SW5]user-interface vty 0 4
[JR_SW5-ui-vty0-4]authentication-mode aaa
[JR_SW5-ui-vty0-4]protocol inbound tel***
[JR_SW5-ui-vty0-4]qui
[JR_SW5]int vlanif 900
[JR_SW5-Vlanif900]ip add 192.168.255.5 24
[JR_SW5-Vlanif900]qui
[JR_SW5]ip route-static 0.0.0.0 0 192.168.255.1
[JR_SW5]qui
-------------------------------------------
JR_SW6:
[JR_SW6]aaa
[JR_SW6-aaa]local-user huawei privilege level 3 password cipher 5555
[JR_SW6-aaa]local-user huawei service-type tel***
[JR_SW6-aaa]qui
[JR_SW6]user-interface vty 0 4
[JR_SW6-ui-vty0-4]authentication-mode aaa
[JR_SW6-ui-vty0-4]protocol inbound tel***
[JR_SW6-ui-vty0-4]qui
[JR_SW6]int vlanif 900
[JR_SW6-Vlanif900]ip add 192.168.255.6 24
[JR_SW6-Vlanif900]qui
[JR_SW6]ip route-static 0.0.0.0 0 192.168.255.1
[JR_SW6]qui
27、ISISv6
AR1:
[AR1]IPV6
[AR1]int g0/0/1
[AR1-GigabitEther***0/0/1]ipv en
[AR1-GigabitEther***0/0/1]ipv add auto link-local
[AR1-GigabitEther***0/0/1]qui
[AR1]int loo0
[AR1-LoopBack0]ipv en
[AR1-LoopBack0]ipv add 2001:10:1:1::1/128
[AR1-LoopBack0]qui
[AR1]isis
[AR1-isis-1]ipv6 en top ipv6
[AR1-isis-1]qui
[AR1]int loo0
[AR1-LoopBack0]isis ipv en
[AR1-LoopBack0]int g0/0/1
[AR1-GigabitEther***0/0/1]isis ipv en
[AR1-GigabitEther***0/0/1]qui
[AR1]
-------------------------
AR2:
[AR2]ipv
[AR2]int loo0
[AR2-LoopBack0]ipv en
[AR2-LoopBack0]ipv add 2001:10:1:2::2/128
[AR2-LoopBack0]int g0/0/0
[AR2-GigabitEther***0/0/0]ipv en
[AR2-GigabitEther***0/0/0]ipv add auto link-local
[AR2-GigabitEther***0/0/0]int g0/0/1
[AR2-GigabitEther***0/0/1]ipv en
[AR2-GigabitEther***0/0/1]ipV add auto link-local
[AR2-GigabitEther***0/0/1]qui
[AR2]isis
[AR2-isis-1]ipv en top ipv6
[AR2-isis-1]qui
[AR2]int loo0
[AR2-LoopBack0]isis ipv en
[AR2-LoopBack0]int g0/0/0
[AR2-GigabitEther***0/0/0]isis ipv en
[AR2-GigabitEther***0/0/0]int g0/0/1
[AR2-GigabitEther***0/0/1]isis ipv en
[AR2-GigabitEther***0/0/1]qui
[AR2]
----------------------------
AR3:
[AR3]IPV6
[AR3]int g0/0/0
[AR3-GigabitEther***0/0/0]ipv en
[AR3-GigabitEther***0/0/0]ipv add auto link-local
[AR3-GigabitEther***0/0/0]int loo0
[AR3-LoopBack0]ipv en
[AR3-LoopBack0]ipv add 2001:10:1:3::3/128
[AR3-LoopBack0]qui
[AR3]isis
[AR3-isis-1]ipv en top ipv6
[AR3-isis-1]qui
[AR3]int loo0
[AR3-LoopBack0]isis ipv en
[AR3-LoopBack0]int g0/0/0
[AR3-GigabitEther***0/0/0]isis ipv en
[AR3-GigabitEther***0/0/0]qui
[AR3]
28、OSPFv3
FW1:
[FW1]ipv6
[FW1]ospfv3 1
[FW1-ospfv3-1]router-id 10.1.22.22
[FW1-ospfv3-1]qui
[FW1]int g1/0/1
[FW1-GigabitEther***1/0/1]ipv en
[FW1-GigabitEther***1/0/1]ipv add auto link-local
[FW1-GigabitEther***1/0/1]ospfv 1 area 0
[FW1-GigabitEther***1/0/1]int g1/0/2
[FW1-GigabitEther***1/0/2]ipv en
[FW1-GigabitEther***1/0/2]ipv add auto link-local
[FW1-GigabitEther***1/0/2]ospfv 1 area 0
[FW1-GigabitEther***1/0/2]qui
[FW1]
--------------------------
LSW1:
[HX_SW1]ipv6
[HX_SW1]int vlan 11
[HX_SW1-Vlanif11]ipv en
[HX_SW1-Vlanif11]ipv add auto link-local
[HX_SW1-Vlanif11]qui
[HX_SW1]int loo0
[HX_SW1-LoopBack0]ipv en
[HX_SW1-LoopBack0]ipv add 2001:192:168:11::11/128
[HX_SW1-LoopBack0]qui
[HX_SW1]ospfv 1
[HX_SW1-ospfv3-1]router-id 10.1.11.11
[HX_SW1-ospfv3-1]qui
[HX_SW1]int vlan 11
[HX_SW1-Vlanif11]ospfv 1 area 0
[HX_SW1-Vlanif11]int loo0
[HX_SW1-LoopBack0]ospfv 1 area 0
[HX_SW1-LoopBack0]qui
[HX_SW1]
-----------------------------
LSW2:
[HX_SW2]ipv6
[HX_SW2]int vlan 12
[HX_SW2-Vlanif12]ipv en
[HX_SW2-Vlanif12]ipv add auto link-local
[HX_SW2-Vlanif12]int loo0
[HX_SW2-LoopBack0]ipv en
[HX_SW2-LoopBack0]ipv add 2001:192:168:12::12/128
[HX_SW2-LoopBack0]qui
[HX_SW2]ospfv3 1
[HX_SW2-ospfv3-1]router-id 10.1.12.12
[HX_SW2-ospfv3-1]qui
[HX_SW2]int vlan 12
[HX_SW2-Vlanif12]ospfv 1 area 0
[HX_SW2-Vlanif12]int loo0
[HX_SW2-LoopBack0]ospfv 1 area 0
[HX_SW2-LoopBack0]qui
[HX_SW2]
-------------------------
FW2:
[FW2]ipv
[FW2]int g1/0/0
[FW2-GigabitEther***1/0/0]ipv en
[FW2-GigabitEther***1/0/0]ipv add auto link-local
[FW2-GigabitEther***1/0/0]qui
[FW2]ospfv 1
[FW2-ospfv3-1]router-id 10.1.33.33
[FW2-ospfv3-1]qui
[FW2]int g1/0/0
[FW2-GigabitEther***1/0/0]ospfv 1 area 0
[FW2-GigabitEther***1/0/0]qui
[FW2]
-----------------------
AR4:
[AR4]ospfv 1
[AR4-ospfv3-1]router-id 10.1.55.55
[AR4-ospfv3-1]qui
[AR4]int g0/0/0
[AR4-GigabitEther***0/0/0]ipv en
[AR4-GigabitEther***0/0/0]ipv add auto link-local
[AR4-GigabitEther***0/0/0]ospfv 1 area 0
[AR4-GigabitEther***0/0/0]qui
[AR4]int g0/0/1
[AR4-GigabitEther***0/0/1]ipv en
[AR4-GigabitEther***0/0/1]ipv add 2001:172:16:60::4/64
[AR4-GigabitEther***0/0/1]ospfv 1 area 0
[AR4-GigabitEther***0/0/1]qui
[AR4]
29、DHCPv6
[AR4]dhcpv6 pool pool_v6
[AR4-dhcpv6-pool-pool_v6]address prefix 2001:172:16:60::/64
[AR4-dhcpv6-pool-pool_v6]excluded-address 2001:172:16:60::4
[AR4-dhcpv6-pool-pool_v6]dns-server 2001:172:16:60::4
[AR4-dhcpv6-pool-pool_v6]qui
[AR4]int g0/0/1
[AR4-GigabitEther***0/0/1]ipv nd autoconfig managed-address-flag
[AR4-GigabitEther***0/0/1]ipv nd autoconfig other-flag
[AR4-GigabitEther***0/0/1]undo ipv nd ra halt
[AR4-GigabitEther***0/0/1]dhcpv6 server pool_v6
[AR4-GigabitEther***0/0/1]qui
[AR4]
30、6to4隧道
[FW1]int loo0
[FW1-LoopBack0]ip add 10.0.22.22 32
[FW1-LoopBack0]qui
[FW1]bgp 65430
[FW1-bgp]***work 10.0.22.22 32
[FW1-bgp]qui
[FW1]int t0
[FW1-Tunnel0]tunnel-protocol ipv6-ipv4 6to4
[FW1-Tunnel0]ipv en
[FW1-Tunnel0]ipv add 2002:0a00:1616::22/64
[FW1-Tunnel0]source loo0
[FW1-Tunnel0]service-manage ping permit
[FW1-Tunnel0]qui
[FW1]firewall zone dmz
[FW1-zone-dmz]add int t0
[FW1-zone-dmz]qui
[FW1]sec
[FW1-policy-security]rule name out_to_local
[FW1-policy-security-rule-out_to_local]service protocol 41
[FW1-policy-security-rule-out_to_local]qui
[FW1-policy-security]qui
[FW1]ipv route-static 2002:: 16 t0
[FW1]
--------------------------------
FW2:
[FW2]int loo0
[FW2-LoopBack0]ip add 10.0.33.33 32
[FW2-LoopBack0]qui
[FW2]bgp 65000
[FW2-bgp]***work 10.0.33.33 32
[FW2-bgp]qui
[FW2]int t0
[FW2-Tunnel0]tunnel-protocol ipv6-ipv4 6to4
[FW2-Tunnel0]ipv en
[FW2-Tunnel0]ipv6 add 2002:0a00:2121::33/64
[FW2-Tunnel0]source loo0
[FW2-Tunnel0]service-manage ping permit
[FW2-Tunnel0]qui
[FW2]firewall zone dmz
[FW2-zone-dmz]add int t0
[FW2-zone-dmz]qui
[FW2]sec
[FW2-policy-security]rule name out_to_local
[FW2-policy-security-rule-out_to_local]service protocol 41
[FW2-policy-security-rule-out_to_local]qui
[FW2-policy-security]qui
[FW2]ipv route-static 2002:: 16 t0
[FW2]
31、BGP4+
[FW1]bgp 65430
[FW1-bgp]peer 2002:0a00:2121::33 as-n 65000
[FW1-bgp]ipv6 unicast
[FW1-bgp-af-ipv6]peer 2002:0a00:2121::33 enable
[FW1-bgp-af-ipv6]import-route ospfv3 1
[FW1-bgp-af-ipv6]qui
[FW1-bgp]qui
[FW1]ospfv3 1
[FW1-ospfv3-1]import-route bgp permit-ibgp
[FW1-ospfv3-1]qui
[FW1]sec
[FW1-policy-security]rule name for_ipv6
[FW1-policy-security-rule-for_ipv6]service protocol icmpv6
[FW1-policy-security-rule-for_ipv6]action permit
--------------------------------
FW2:
[FW2]bgp 65000
[FW2-bgp]peer 2002:0a00:1616::22 as-n 65430
[FW2-bgp]ipv6 unicast
[FW2-bgp-af-ipv6]peer 2002:0a00:1616::22 enable
[FW2-bgp-af-ipv6]import-route ospv3 1
[FW2-bgp-af-ipv6]qui
[FW2-bgp]qui
[FW2]ospfv3 1
[FW2-ospfv3-1]import-route bgp permit-ibgp
[FW2-ospfv3-1]qui
[FW2]sec
[FW2-policy-security]rule name for_ipv6
[FW2-policy-security-rule-for_ipv6]service protocol icmpv6
[FW2-policy-security-rule-for_ipv6]action permit
[FW2-policy-security-rule-for_ipv6]qui
[FW2-policy-security]qui
[FW2]