sys
sysname jieruA
# 創建vlan
vlan batch 10 20 30 40
# 端口分配
int e0/0/1
port link-type access
port default vlan 10
int e0/0/2
port link-type access
port default vlan 20
int e0/0/3
port link-type trunk
port trunk allow-pass vlan all
int e0/0/4
port link-type trunk
port trunk allow-pass vlan all
# mstp
stp region-configuration
region-name wlgc
instance 1 vlan 10 30
instance 2 vlan 20 40
active region-configuration
jieruB
sys
sysname jieruB
# 創建vlan
vlan batch 10 20 30 40
# 端口分配
int e0/0/1
port link-type access
port default vlan 30
int e0/0/2
port link-type access
port default vlan 40
int e0/0/3
port link-type trunk
port trunk allow-pass vlan all
int e0/0/4
port link-type trunk
port trunk allow-pass vlan all
# mstp
stp region-configuration
region-name wlgc
instance 1 vlan 10 30
instance 2 vlan 20 40
active region-configuration
核心層
coreA
sys
sysname coreA
# 創建vlan
vlan batch 10 20 30 40 50
# 端口分配
int g0/0/2
port link-type access
port default vlan 50
int g0/0/3
port link-type trunk
port trunk allow-pass vlan all
int g0/0/4
port link-type trunk
port trunk allow-pass vlan all
# 鏈路聚合
int Eth-Trunk 1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
# 加入
int g0/0/23
eth-trunk 1
int g0/0/24
eth-trunk 1
# mstp
stp region-configuration
region-name wlgc
instance 1 vlan 10 30
instance 2 vlan 20 40
active region-configuration
quit
# mstp 根橋指定
stp instance 1 root primary
stp instance 2 root secondary
# vrrp配置
int vlan 10
ip address 192.168.10.252 24
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 110
# 配置上聯接口檢測,直連接口(配置的是本機的端口)檢測不通時,降級
vrrp vrid 10 track interface g0/0/2 reduced 50
int vlan 20
ip address 192.168.20.252 24
vrrp vrid 20 virtual-ip 192.168.20.254
# 配置上聯接口檢測,直連接口(配置的是本機的端口)檢測不通時,降級
vrrp vrid 20 track interface g0/0/2 reduced 50
int vlan 30
ip address 192.168.30.252 24
vrrp vrid 30 virtual-ip 192.168.30.254
vrrp vrid 30 priority 110
# 配置上聯接口檢測,直連接口(配置的是本機的端口)檢測不通時,降級
vrrp vrid 30 track interface g0/0/2 reduced 50
int vlan 40
ip address 192.168.40.252 24
vrrp vrid 40 virtual-ip 192.168.40.254
# 配置上聯接口檢測,直連接口(配置的是本機的端口)檢測不通時,降級
vrrp vrid 40 track interface g0/0/2 reduced 50
## 這裏配置完,建議display ip int brief
## 順帶驗證vlan pc間是否能夠通信
# 上聯接口vlan
int vlan 50
ip address 192.168.252.1 24
# 配置ospf
ospf 100 router-id 1.1.1.1
area 0
network 0.0.0.0 255.255.255.255
# dhcp,兩臺核心上都要配置
dhcp enable
ip pool dhcp10
dns-list 8.8.8.8
gateway-list 192.168.10.254
# 對應網段
network 192.168.10.0 mask 24
# 應用
int vlan 10
dhcp select global
ip pool dhcp20
dns-list 8.8.8.8
gateway-list 192.168.20.254
# 對應網段
network 192.168.20.0 mask 24
# 應用
int vlan 20
dhcp select global
coreB
sys
sysname coreB
# 創建vlan
vlan batch 10 20 30 40 60
# 端口分配
int g0/0/1
port link-type access
port default vlan 60
int g0/0/3
port link-type trunk
port trunk allow-pass vlan all
int g0/0/4
port link-type trunk
port trunk allow-pass vlan all
# 鏈路聚合
int Eth-Trunk 1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
# 加入
int g0/0/23
eth-trunk 1
int g0/0/24
eth-trunk 1
# mstp
stp region-configuration
region-name wlgc
instance 1 vlan 10 30
instance 2 vlan 20 40
active region-configuration
quit
# mstp 根橋指定
stp instance 2 root primary
stp instance 1 root secondary
# vrrp 配置
int vlan 10
ip address 192.168.10.253 24
vrrp vrid 10 virtual-ip 192.168.10.254
# 配置上聯接口檢測,直連接口(配置的是本機的端口)檢測不通時,降級
vrrp vrid 10 track interface g0/0/1 reduced 50
int vlan 20
ip address 192.168.20.253 24
vrrp vrid 20 virtual-ip 192.168.20.254
vrrp vrid 20 priority 110
# 配置上聯接口檢測,直連接口(配置的是本機的端口)檢測不通時,降級
vrrp vrid 20 track interface g0/0/1 reduced 50
int vlan 30
ip address 192.168.30.253 24
vrrp vrid 30 virtual-ip 192.168.30.254
# 配置上聯接口檢測,直連接口(配置的是本機的端口)檢測不通時,降級
vrrp vrid 30 track interface g0/0/1 reduced 50
int vlan 40
ip address 192.168.40.253 24
vrrp vrid 40 virtual-ip 192.168.40.254
vrrp vrid 40 priority 110
# 配置上聯接口檢測,直連接口(配置的是本機的端口)檢測不通時,降級
vrrp vrid 40 track interface g0/0/1 reduced 50
## 這裏配置完,建議display ip int brief,驗證vlan ip
## 順帶驗證vlan pc間是否能夠通信
# 上聯接口vlan
int vlan 60
ip address 192.168.253.1 24
# 配置ospf
ospf 100 router-id 2.2.2.2
area 0
network 0.0.0.0 255.255.255.255
# dhcp,兩臺核心上都要配置
dhcp enable
ip pool dhcp10
dns-list 8.8.8.8
gateway-list 192.168.10.254
# 對應網段
network 192.168.10.0 mask 24
# 應用
int vlan 10
dhcp select global
ip pool dhcp20
dns-list 8.8.8.8
gateway-list 192.168.20.254
# 對應網段
network 192.168.20.0 mask 24
# 應用
int vlan 20
dhcp select global
出口
ARA
sys
sysname ARA
int g0/0/2
ip address 192.168.252.2 24
int g0/0/1
ip address 23.1.1.1 24
int g0/0/0
ip address 120.36.2.1 24
# 默認路由
ip route-static 0.0.0.0 0.0.0.0 120.36.2.2
# ospf
ospf 100 router-id 3.3.3.3
# 默認路由重分佈
default-route-advertise
area 0
network 192.168.0.0 0.0.255.255
network 23.1.1.0 0.0.0.255
# nat ,配置nat後,可以測試pc和遠端設備通信情況
acl 3000
rule 5 permit ip source 192.168.0.0 0.0.255.255
int g0/0/0
nat outbound 3000
# pbr 配置,兩個路由上都要,在netx-hop、nqa配置中目的地址略有不同
acl 3100
rule 5 permit ip source 192.168.10.0 0.0.0.255
policy-based-route pbr permit node 5
if-match acl 3100
apply ip-address next-hop 120.36.2.2
acl 3200
rule 5 permit ip source 192.168.20.0 0.0.0.255
policy-based-route pbr permit node 10
if-match acl 3200
apply ip-address next-hop 23.1.1.2
ARB
sys
sysname ARB
int g0/0/2
ip address 59.56.101.1 24
int g1/0/0
ip address 23.1.1.2 24
int g0/0/1
ip address 192.168.253.2 24
# 默認路由
ip route-static 0.0.0.0 0.0.0.0 59.56.101.2
# ospf
ospf 100 router-id 3.3.3.3
# 默認路由重分佈
default-route-advertise
area 0
network 192.168.0.0 0.0.255.255
network 23.1.1.0 0.0.0.255
# nat ,配置nat後,可以測試pc和遠端設備通信情況
acl 3000
rule 5 permit ip source 192.168.0.0 0.0.255.255
int g0/0/2
nat outbound 3000
# pbr 配置,兩個路由上都要,在netx-hop略有不同
acl 3100
rule 5 permit ip source 192.168.10.0 0.0.0.255
policy-based-route pbr permit node 5
if-match acl 3100
apply ip-address next-hop 23.1.1.1
acl 3200
rule 5 permit ip source 192.168.20.0 0.0.0.255
policy-based-route pbr permit node 10
if-match acl 3200
apply ip-address next-hop 59.56.101.2
外網ISP
sys
sysname ISP
int g1/0/0
ip address 120.36.2.2 24
int g0/0/0
ip address 59.56.101.2 24
int g0/0/1
ip address 8.8.8.254 24
