第一部分 網絡系統架構調整
1.1、網絡系統拓撲圖
第二部分 網絡IP地址規劃
2.1、網絡設備IP地址規劃表
Vlan編號 | 是否DHCP | Vlan網關 | 子網 | 子網掩碼 |
10 | 否 | 192.168.10.254 | 192.168.10.0 | 24 |
20 | 否 | 192.168.20.254 | 192.168.20.0 | 24 |
30 | 否 | 192.168.30.254 | 192.168.30.0 | 24 |
40 | 否 | 192.168.40.254 | 192.168.40.0 | 24 |
50 | 否 | 192.168.50.254 | 192.168.50.0 | 24 |
99 | 否 | 172.16.99.1 | 172.16.99.0 | 24 |
100 | 否 | 172.16.98.1 | 172.16.98.0 | 24 |
第三部分 交換機配置文件
3.1 核心交換機1配置
<hexin01>sy
System View: return to User View withCtrl+Z.
[hexin01]dis cu
#
version 5.20, Release 2202
#
sysname hexin01
#
irfmac-address persistent timer
irfauto-update enable
undoirf link-delay
#
domain default enable system
#
telnet server enable
#
undoip ttl-expires
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan 30
#
vlan 40
#
vlan 50
#
vlan 99 to 100
#
radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool vlan10
network 192.168.10.0 mask 255.255.255.0
gateway-list 192.168.10.254
dns-list 61.232.206.103
#
dhcp server ip-pool vlan50
network 192.168.50.0 mask 255.255.255.0
gateway-list 192.168.50.254
dns-list 61.232.206.103
#
user-group system
#
#
interface NULL0
#
interface Vlan-interface1
ipaddress 172.16.1.1 255.255.255.0
#
interface Vlan-interface10
ipaddress 192.168.10.250 255.255.255.0
vrrpvrid 1 virtual-ip 192.168.10.254
vrrpvrid 1 priority 110
vrrpvrid 1 preempt-mode timer delay 5
vrrpvrid 1 track interface Vlan-interface99 reduced 30
#
interface Vlan-interface20
ipaddress 192.168.20.250 255.255.255.0
#
interface Vlan-interface30
ipaddress 192.168.30.250 255.255.255.0
#
interface Vlan-interface40
ipaddress 192.168.40.250 255.255.255.0
vrrpvrid 4 virtual-ip 192.168.40.254
vrrpvrid 4 preempt-mode timer delay 5
#
interface Vlan-interface50
ipaddress 192.168.50.250 255.255.255.0
vrrpvrid 5 virtual-ip 192.168.50.254
vrrpvrid 5 preempt-mode timer delay 5
#
interface Vlan-interface99
ipaddress 172.16.99.1 255.255.255.0
#
interface Vlan-interface100
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
portlink-type trunk
porttrunk permit vlan 1 to 98 100 to 4094
#
interface GigabitEthernet1/0/24
portaccess vlan 99
#
interface GigabitEthernet1/0/25
shutdown
#
interface GigabitEthernet1/0/26
shutdown
#
interface GigabitEthernet1/0/27
shutdown
#
interface GigabitEthernet1/0/28
shutdown
#
iproute-static 0.0.0.0 0.0.0.0 172.16.99.2
#
dhcpserver forbidden-ip 192.168.10.250 192.168.10.254
dhcpserver forbidden-ip 192.168.50.250 192.168.50.254
dhcpserver forbidden-ip 192.168.50.1
dhcpserver forbidden-ip 192.168.10.1
dhcpserver forbidden-ip 192.168.10.251
dhcpserver forbidden-ip 192.168.50.251
#
dhcpenable
#
user-interface aux 0 8
return
[hexin01]
3.2 核心交換機2配置
[hexin02]dis cu
#
version 5.20, Release 2202
#
sysname hexin02
#
irfmac-address persistent timer
irfauto-update enable
undoirf link-delay
#
domain default enable system
#
telnet server enable
#
undoip ttl-expires
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan 30
#
vlan 40
#
vlan 50
#
vlan 99 to 100
#
radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool vlan10
network 192.168.10.0 mask 255.255.255.0
gateway-list 192.168.10.254
dns-list 61.232.206.103
#
dhcp server ip-pool vlan50
network 192.168.50.0 mask 255.255.255.0
gateway-list 192.168.50.254
dns-list61.232.206.103
#
user-group system
#
#
interface NULL0
#
interface Vlan-interface1
ipaddress 172.16.1.2 255.255.255.0
#
interface Vlan-interface10
ipaddress 192.168.10.251 255.255.255.0
vrrpvrid 1 virtual-ip 192.168.10.254
vrrpvrid 1 preempt-mode timer delay 5
#
interface Vlan-interface20
ipaddress 192.168.20.251 255.255.255.0
#
interface Vlan-interface30
ipaddress 192.168.30.251 255.255.255.0
#
interface Vlan-interface40
ipaddress 192.168.40.251 255.255.255.0
vrrpvrid 4 virtual-ip 192.168.40.254
vrrpvrid 4 priority 110
vrrpvrid 4 preempt-mode timer delay 5
vrrpvrid 4 track interface Vlan-interface99 reduced 30
#
interface Vlan-interface50
ipaddress 192.168.50.251 255.255.255.0
vrrpvrid 5 virtual-ip 192.168.50.254
vrrpvrid 5 priority 110
vrrpvrid 5 preempt-mode timer delay 5
vrrpvrid 5 track interface Vlan-interface99 reduced 30
#
interface Vlan-interface99
ipaddress 172.16.98.1 255.255.255.0
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
portlink-type trunk
porttrunk permit vlan all
#
interface GigabitEthernet1/0/23
portlink-type trunk
porttrunk permit vlan 1 to 98 100 to 4094
#
interface GigabitEthernet1/0/24
portaccess vlan 99
#
interface GigabitEthernet1/0/25
shutdown
#
interface GigabitEthernet1/0/26
shutdown
#
interface GigabitEthernet1/0/27
shutdown
#
interface GigabitEthernet1/0/28
shutdown
#
iproute-static 0.0.0.0 0.0.0.0 172.16.98.2
#
dhcpserver forbidden-ip 192.168.10.250 192.168.10.254
dhcpserver forbidden-ip 192.168.50.250 192.168.50.254
dhcpserver forbidden-ip 192.168.50.1
dhcpserver forbidden-ip 192.168.10.1
dhcpserver forbidden-ip 192.168.50.251
dhcpserver forbidden-ip 192.168.10.251
#
return
[hexin02]
3.3 機房接入交換機配置
<H3C-SW>sy
System View: return to User View withCtrl+Z.
[hexin01]dis cu
#
version 5.20, Release 2202
#
sysname hexin01
#
irfmac-address persistent timer
irfauto-update enable
undoirf link-delay
#
domain default enable system
#
telnet server enable
#
undoip ttl-expires
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan 30
#
vlan 40
#
vlan 50
#
vlan 99 to 100
#
radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
interface Vlan-interface99
ipaddress 172.16.99.2 255.255.255.0
#
interface Vlan-interface100
#
interface GigabitEthernet1/0/1
port link-type access
port access vlan 50
#
interface GigabitEthernet1/0/2
port link-type access
port access vlan 50
#
interface GigabitEthernet1/0/3
port link-type access
port access vlan 50
#
interface GigabitEthernet1/0/4
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/5
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/6
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/7
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/8
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/9
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/10
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/11
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/12
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/13
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/14
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/15
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/16
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/17
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/18
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/19
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/20
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/21
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/22
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/23
portlink-type trunk
porttrunk permit vlan 1 to 98 100 to 4094
#
interface GigabitEthernet1/0/24
#
interface GigabitEthernet1/0/25
shutdown
#
interface GigabitEthernet1/0/26
shutdown
#
interface GigabitEthernet1/0/27
shutdown
#
interface GigabitEthernet1/0/28
shutdown
#
iproute-static 0.0.0.0 0.0.0.0 172.16.99.1
#
dhcpenable
#
user-interface aux 0 8
user-interface vty 0 4
authentication-mode none
userprivilege level 3
setauthentication password simple fhgj
#
return
3.4 辦公區接入交換機1
<bangong-1>sy
System View: return to User View withCtrl+Z.
[hexin01]dis cu
#
version 5.20, Release 2202
#
sysname hexin01
#
irfmac-address persistent timer
irfauto-update enable
undoirf link-delay
#
domain default enable system
#
telnet server enable
#
undoip ttl-expires
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan 30
#
vlan 40
#
vlan 50
#
vlan 99 to 100
#
radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
interface Vlan-interface99
ipaddress 172.16.99.3 255.255.255.0
#
interface Vlan-interface100
#
interface GigabitEthernet1/0/1
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/2
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/3
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/4
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/5
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/6
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/7
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/8
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/9
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/10
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/11
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/12
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/13
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/14
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/15
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/16
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/17
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/18
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/19
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/20
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/21
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/22
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/23
portlink-type trunk
porttrunk permit vlan 1 to 98 100 to 4094
#
interface GigabitEthernet1/0/24
portlink-type trunk
porttrunk permit vlan 1 to 98 100 to 4094
#
interface GigabitEthernet1/0/25
shutdown
#
interface GigabitEthernet1/0/26
shutdown
#
interface GigabitEthernet1/0/27
shutdown
#
interface GigabitEthernet1/0/28
shutdown
#
iproute-static 0.0.0.0 0.0.0.0 172.16.99.1
#
dhcpenable
#
user-interface aux 0 8
user-interface vty 0 4
authentication-mode none
userprivilege level 3
setauthentication password simple fhgj
#
Return
3.5 辦公區接入交換機2
<bangong-2>sy
System View: return to User View withCtrl+Z.
[hexin01]dis cu
#
version 5.20, Release 2202
#
sysname hexin01
#
irfmac-address persistent timer
irfauto-update enable
undoirf link-delay
#
domain default enable system
#
telnetserver enable
#
undoip ttl-expires
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan 30
#
vlan 40
#
vlan 50
#
vlan 99 to 100
#
radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
interface Vlan-interface99
ipaddress 172.16.99.4 255.255.255.0
#
interface Vlan-interface100
#
interface GigabitEthernet1/0/1
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/2
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/3
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/4
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/5
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/6
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/7
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/8
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/9
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/10
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/11
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/12
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/13
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/14
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/15
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/16
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/17
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/18
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/19
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/20
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/21
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/22
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/23
portlink-type trunk
porttrunk permit vlan 1 to 98 100 to 4094
#
interface GigabitEthernet1/0/24
portlink-type trunk
porttrunk permit vlan 1 to 98 100 to 4094
#
interface GigabitEthernet1/0/25
shutdown
#
interface GigabitEthernet1/0/26
shutdown
#
interface GigabitEthernet1/0/27
shutdown
#
interface GigabitEthernet1/0/28
shutdown
#
iproute-static 0.0.0.0 0.0.0.0 172.16.99.1
#
dhcpenable
#
user-interface aux 0 8
user-interface vty 0 4
authentication-mode none
userprivilege level 3
setauthentication password simple fhgj
#
Return
3.6 辦公區接入交換機3
<bangong-3>sy
System View: return to User View withCtrl+Z.
[hexin01]dis cu
#
version 5.20, Release 2202
#
sysname hexin01
#
irfmac-address persistent timer
irfauto-update enable
undoirf link-delay
#
domain default enable system
#
telnet server enable
#
undoip ttl-expires
#
vlan 1
#
vlan 10
#
vlan 99 to 100
#
radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-urldisable
#
interface Vlan-interface99
ipaddress 172.16.99.5 255.255.255.0
#
interface Vlan-interface100
#
interface GigabitEthernet1/0/1
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/2
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/3
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/4
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/5
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/6
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/7
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/8
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/9
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/10
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/11
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/12
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/13
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/14
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/15
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/16
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/17
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/18
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/19
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/20
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/21
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/22
port link-type access
port access vlan 10
#
interface GigabitEthernet1/0/23
portlink-type trunk
porttrunk permit vlan 1 to 98 100 to 4094
#
interface GigabitEthernet1/0/24
portlink-type trunk
porttrunk permit vlan 1 to 98 100 to 4094
#
interface GigabitEthernet1/0/25
shutdown
#
interface GigabitEthernet1/0/26
shutdown
#
interface GigabitEthernet1/0/27
shutdown
#
interface GigabitEthernet1/0/28
shutdown
#