一、设计目的
利用华为HCNA网络技术设计经典网络实例,仿真实现日常生活中小型网络的基本需求。
二、设计原理
- 实验拓扑图
三、设计要求
1.链路聚合
2.VLAN
3.STP
4.IP地址规划
根据表格为设备配置IP地址以及网关。
| 设备/端口 |
IP地址 |
网关 |
| PC1 |
自动获取 |
|
| PC2 |
自动获取 |
|
| PC3 |
自动获取 |
|
| PC4 |
自动获取 |
|
| HTTP-Server |
100.1.1.1/24 |
|
| SW1-VLANIF 10 |
10.1.10.254/24 |
|
| SW1-VLANIF 20 |
10.1.20.254/24 |
|
| SW1-VLANIF 13 |
10.1.13.3/24 |
|
| SW2-VLANIF 14 |
10.1.14.4/24 |
|
| AR1-G0/0/0 |
100.1.12.1/24 |
|
| AR1-G0/0/1 |
10.1.13.1/24 |
|
| AR1-G0/0/2 |
10.1.14.1/24 |
|
| AR2-G0/0/0 |
100.1.12.2/24 |
|
| AR2-G0/0/1 |
100.1.1.254/24 |
|
注:所有VLAN内主机的网关都在SW1上。
5.PPP认证
6.DHCP服务
7.配置RIP协议
8.NAT技术
9.设备登陆控制
10.流量控制
四、设计步骤
1.链路聚合
(1)SW1和SW2之间配置三条链路的LACP模式的链路聚合,其中SW1为主动端,SW2为被动端
//配置二层Eth-Trunk接口
[S1]interface Eth-Trunk 1
[S2]interface Eth-Trunk 1
//配置链路聚合模式为LACP模式
LACP模式下,需手工创建Eth-Trunk,手工加入Eth-Trunk成员接口,但活动接口的选择是由LACP协商确定的,配置相对灵活。
[S1-Eth-Trunk1]mode lacp
[S2-Eth-Trunk1]mode lacp
//将成员接口加入聚合组
[S1-Eth-Trunk1]trunkport GigabitEthernet 0/0/22 to 0/0/24
[S2-Eth-Trunk1]trunkport GigabitEthernet 0/0/22 to 0/0/24
//在S1上配置优先级为100,使其成为LACP主动端
[S1]lacp priority 100
(2)LACP的最大活跃链路为3条
//在S1,S2上配置活动接口上限阈值为3
[S1]interface Eth-Trunk 1
[S1-Eth-Trunk1]max active-linknumber 3
[S2-Eth-Trunk1]max active-linknumber 3
//在S1上配置接口优先级确定活动链路
[S1-GigabitEthernet0/0/22]lacp priority 100
[S1-GigabitEthernet0/0/23]lacp priority 100
[S1-GigabitEthernet0/0/24]lacp priority 100
查看链路聚合配置结果:
2.VLAN
(1)按照拓扑要求将交换机连接PC和路由器的端口划分进相应VLAN。
//在S3上,将端口E0/0/3和E0/0/4分别加入到VLAN 10和VLAN 20。
[S3-Ethernet0/0/3]port link-type access
[S3-Ethernet0/0/4]port link-type access
[S3]vlan 10
[S3]vlan 20
[S3-vlan10]port Ethernet 0/0/3
[S3-vlan20]port Ethernet 0/0/4
//在S4上,将端口E0/0/3和E0/0/4分别加入VLAN 10和VLAN 20。
[S4-Ethernet0/0/3]port link-type access
[S4-Ethernet0/0/4]port link-type access
[S4-vlan10]port Ethernet 0/0/3
[S4-vlan20]port Ethernet 0/0/4
//在S1上,将端口G0/0/1加入VLAN 13。
[S1-GigabitEthernet0/0/1]port link-type access
[S1-vlan13]port GigabitEthernet 0/0/1
//在S2上,将端口G0/0/1加入VLAN 14。
[S2-GigabitEthernet0/0/1]port link-type access
[S2-vlan14]port GigabitEthernet 0/0/1
(2)交换机之间互联端口配置为TRUNK端口并允许除VLAN 1以外其他所有VLAN通过。
[S1-GigabitEthernet0/0/2]port link-type trunk
[S1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[S1-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1
[S1-GigabitEthernet0/0/2]int g0/0/3
[S1-GigabitEthernet0/0/3]port link-type trunk
[S1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[S1-GigabitEthernet0/0/3]undo port trunk allow-pass vlan 1
[S2-GigabitEthernet0/0/2]port link-type trunk
[S2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[S2-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1
[S2-GigabitEthernet0/0/2]int g0/0/3
[S2-GigabitEthernet0/0/3]port link-type trunk
[S2-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[S2-GigabitEthernet0/0/3]undo port trunk allow-pass vlan 1
[S3-Ethernet0/0/1]port link-type trunk
[S3-Ethernet0/0/1]port trunk allow-pass vlan all
[S3-Ethernet0/0/1]undo port trunk allow-pass vlan 1
[S3-Ethernet0/0/1]int e0/0/2
[S3-Ethernet0/0/2]port link-type trunk
[S3-Ethernet0/0/2]port trunk allow-pass vlan all
[S3-Ethernet0/0/2]undo port trunk allow-pass vlan 1
[S4]int e0/0/1
[S4-Ethernet0/0/1]port link-type trunk
[S4-Ethernet0/0/1]port trunk allow-pass vlan all
[S4-Ethernet0/0/1]undo port trunk allow-pass vlan 1
[S4-Ethernet0/0/1]int e0/0/2
[S4-Ethernet0/0/2]port link-type trunk
[S4-Ethernet0/0/2]port trunk allow-pass vlan all
[S4-Ethernet0/0/2]undo port trunk allow-pass vlan 1
查看VLAN配置结果:
3.STP
(1)所有交换机运行RSTP。
[S1]stp mode rstp
[S2]stp mode rstp
[S3]stp mode rstp
[S4]stp mode rstp
(2)指定SW1为根桥,SW2为备份根桥。
//配置根桥和备份根桥设备
[S1]stp root primary
[S2]stp root secondary
//全局使能RSTP
[S1]stp enable
[S2]stp enable
[S3]stp enable
[S4]stp enable
(3)交换机连接PC的端口配置为边缘端口,并在开启边缘端口的交换机开启BPDU保护
//S3,S4连接PC的端口配置为边缘端口,并开启BPDU保护
[S3]int e0/0/3
[S3-Ethernet0/0/3]stp edged-port enable
[S3-Ethernet0/0/3]stp bpdu-filter enable
[S3-Ethernet0/0/3]int e0/0/4
[S3-Ethernet0/0/4]stp edged-port enable
[S3-Ethernet0/0/4]stp bpdu-filter enable
[S4]int e0/0/3
[S4-Ethernet0/0/3]stp edged-port enable
[S4-Ethernet0/0/3]stp bpdu-filter enable
[S4-Ethernet0/0/3]int e0/0/4
[S4-Ethernet0/0/4]stp edged-port enable
[S4-Ethernet0/0/4]stp bpdu-filter enable
(4)在根桥的DP端口开启根保护功能。
//在根桥的DP端口开启根保护功能
[S1]int g0/0/2
[S1-GigabitEthernet0/0/2]stp root-protection
[S1-GigabitEthernet0/0/2]int g0/0/3
[S1-GigabitEthernet0/0/3]stp root-protection
[S1]int Eth-Trunk 1
[S1-Eth-Trunk1]stp root-protection
(5)在SW2的RP端口开启环路保护功能
//在SW2的RP端口开启环路保护功能
[S2]int Eth-Trunk 1
[S2-Eth-Trunk1]stp loop-protection
查看STP配置结果:
4.IP地址规划
| 设备/端口 |
IP地址 |
设备/端口 |
IP地址 |
| PC1 |
自动获取 |
SW1-VLANIF 13 |
10.1.13.3/24 |
| PC2 |
自动获取 |
SW2-VLANIF 14 |
10.1.14.4/24 |
| PC3 |
自动获取 |
AR1-S1/0/0 |
100.1.12.1/24 |
| PC4 |
自动获取 |
AR1-G0/0/1 |
10.1.13.1/24 |
| HTTP-Server |
100.1.1.1/24 |
AR1-G0/0/2 |
10.1.14.1/24 |
| SW1-VLANIF 10 |
10.1.10.254/24 |
AR2-S1/0/0 |
100.1.12.2/24 |
| SW1-VLANIF 20 |
10.1.20.254/24 |
AR2-G0/0/1 |
100.1.1.254/24 |
[S1]vlan 10
[S1-vlan10]vlan 20
[S1-vlan20]vlan 14
[S1-Vlanif10]ip add 10.1.10.254 24
[S1-Vlanif20]ip add 10.1.20.254 24
[S1-Vlanif13]ip add 10.1.13.3 24
[S1-Vlanif14]ip add 10.1.14.4 24
[R1]int s1/0/0
[R1-Serial1/0/0]ip add 100.1.12.1 24
[R1-Serial1/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 10.1.13.1 24
[R1-GigabitEthernet0/0/1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip add 10.1.14.1 24
[R2]int s1/0/0
[R2-Serial1/0/0]ip add 100.1.12.2 24
[R2-Serial1/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 100.1.1.254 24
5.PPP
配置R1和R2之间PPP的CHAP认证,R1为认证方,R2为被认证方,认证用户名为user1,密码为huawei@123。
[R1]aaa
[R1-aaa]local-user user1 password cipher huawei@123
Info: Add a new user.
[R1-aaa]local-user user1 service-type ppp
[R1-aaa]int s1/0/0
[R1-Serial1/0/0]link-protocol ppp
[R1-Serial1/0/0]ppp authentication-mode chap
[R2]int s1/0/0
[R2-Serial1/0/0]link-protocol ppp
[R2-Serial1/0/0]ppp chap user user1
[R2-Serial1/0/0]ppp chap password cipher huawei@123
查看PPP配置结果:
6.DHCP
(1)在SW1上部署DHCP服务器,使用全局地址池,为VLAN 10和VLAN 20分配IP地址
//在S1上部署DHCP服务器,使用全局地址池
[S1]dhcp enable
[S1]ip pool vlan10 //创建一个全局地址池名为vlan10
[S1]ip pool vlan20 //创建一个全局地址池名为vlan20
(2)VLAN 10分配网段为10.1.10.0/24,VLAN 20分配10.1.20.0/24网段
[S1-ip-pool-vlan10]network 10.1.10.0 mask 255.255.255.0
[S1-ip-pool-vlan20]net 10.1.20.0 mask 255.255.255.0
(3)指定VLAN 10获取网关为10.1.10.254,VLAN 20获取网关为10.1.20.254
[S1-ip-pool-vlan10]gateway-list 10.1.10.254
[S1-ip-pool-vlan20]gateway-list 10.1.20.254
(4)指定PC1获得10.1.10.100的IP地址
//查看PC1的MAC地址为
static-bind ip-address 10.1.10.100 mac-address 5489-986B-5A1D
(5)地址分配租期为10 h
[S1-ip-pool-vlan10]lease day 0 hour 10
[S1-ip-pool-vlan20]lease day 0 hour 10
(6)保留10.1.10.200~10.1.10.210地址不能分配
[S1-ip-pool-vlan10]excluded-ip-address 10.1.10.200 10.1.10.210
[S1-Vlanif10]dhcp select global
[S1-Vlanif20]dhcp select global
查看DHCP配置结果:
PC1
PC2
PC3
PC4
7.RIP
(1)在R1和R2之间互联公网网段运行RIPv2,通告两台设备直连网段
[R1]rip
[R1-rip-1]network 100.0.0.0
[R1-rip-1]network 10.0.0.0
[R1-rip-1]version 2
[R2]rip
[R2-rip-1]network 100.1.0.0
[R2-rip-1]version 2
(2)在R1上将链接SW1和SW2的端口配置为静默端口
[R1]rip 1
[R1-rip-1]silent-interface GigabitEthernet 0/0/1
[R1-rip-1]silent-interface GigabitEthernet 0/0/2
(3)将R1和R2之间开销值配置为5跳。(注意来回一致)
[R1-Serial1/0/0]rip metricout 5
[R2-Serial1/0/0]rip metricout 5
查看RIP配置结果:
8.NAT
(1)在R1上部署地址池NAPT技术,使得内网只有10.1.10.0/24和10.1.20.0/24网段可以通过地址池访问外网服务器
(2)地址池范围为100.1.2.1~100.1.2.10
//在R1上配置NAT Outbound
[R1]nat address-group 1 100.1.2.1 100.1.2.10
[R1]acl 2000
[R1-acl-basic-2000]rule 5 permit source 10.1.10.0 0.0.0.255
[R1-acl-basic-2000]rule 10 permit source 10.1.20.0 0.0.0.255
[R1-Serial1/0/0]nat outbound 2000 address-group 1
(3)在SW1,SW2,R1合理配置静态路由使得内网可以通过NAT访问外网
[S1]ip route-static 100.1.1.0 24 10.1.13.1
[S1]ip route-static 100.1.12.0 24 10.1.13.1
[S2]ip route-static 100.1.1.0 24 10.1.14.1
[S2]ip route-static 100.1.12.0 24 10.1.14.1
[R1]ip route-static 10.1.10.0 24 10.1.13.3
[R1]ip route-static 10.1.20.0 24 10.1.13.3
[R2]ip route-static 100.1.2.0 24 100.1.12.1
查看NAT配置结果:
内网可以ping通外网
9.设备登录控制
(1)配置R1可以通过密码huawei@123进行Console登陆
[R1]user-interface console 0
[R1-ui-console0]authentication-mode aaa
[R1-ui-console0]user privilege level 15
[R1]aaa
[R1-aaa]local-user admin1234 password cipher huawei@123
Info: Add a new user.
[R1-aaa]local-user admin1234 privilege level 3
[R1-aaa]local-user admin1234 service-type terminal
(2)配置R2可以通过用户名user1以及密码huawei@123进行Telnet登陆,用户登陆后的权限为3级权限。配置完成后可以在R1上进行Telnet测试
[R2]aaa
[R2-aaa]local-user user1 password cipher huawei@123 privilege level 3
[R2-aaa]local-user user1 service-type telnet
[R2]user-interface vty 0 4
[R2-ui-vty0-4]authentication-mode aaa
查看登录控制配置结果:
10.流量控制
在R2的G0/0/1接口通过配置流量控制,只允许内网用户通过NAT访问HTTP-Server的HTTP流量和ICMP流量,其他流量不能通过该接口。
[R2]acl 3000
[R2-acl-adv-3000]rule 5 permit icmp source 100.1.0.0 0.0.255.255 destination 100.1.1.1 0.0.0.0
[R2-acl-adv-3000]rule 10 permit tcp source 100.1.0.0 0.0.255.255 destination 100.1.1.1 0.0.0.0
[R2-GigabitEthernet0/0/1]traffic-filter outbound acl 3000
查看流量控制配置结果:
五、配置
AR1:
密码:huawei@123
<R1>display current-configuration
[V200R003C00]
#
sysname R1
#
board add 0/1 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 permit source 10.1.10.0 0.0.0.255
rule 10 permit source 10.1.20.0 0.0.0.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user user1 password cipher %$%$u,nJS!4!kMJ1r^+FO-:J+lQn%$%$
local-user user1 service-type ppp
local-user admin1234 password cipher %$%$3gpcV_DG'Fa>t}0~oFZG/{C"%$%$
local-user admin1234 privilege level 3
local-user admin1234 service-type terminal
#
firewall zone Local
priority 15
#
nat address-group 1 100.1.2.1 100.1.2.10
#
interface Serial1/0/0
link-protocol ppp
ppp authentication-mode chap
ip address 100.1.12.1 255.255.255.0
rip metricout 5
nat outbound 2000 address-group 1
#
interface Serial1/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip address 10.1.13.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 10.1.14.1 255.255.255.0
#
interface NULL0
#
rip 1
version 2
network 100.0.0.0
network 10.0.0.0
silent-interface GigabitEthernet0/0/1
silent-interface GigabitEthernet0/0/2
#
ip route-static 0.0.0.0 0.0.0.0 100.1.12.2
ip route-static 10.1.10.0 255.255.255.0 10.1.13.3
ip route-static 10.1.20.0 255.255.255.0 10.1.13.3
#
user-interface con 0
authentication-mode aaa
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
AR2:
<R2>display current-configuration
[V200R003C00]
#
sysname R2
#
board add 0/1 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 3000
rule 5 permit icmp source 100.1.0.0 0.0.255.255 destination 100.1.1.1 0
rule 10 permit tcp source 100.1.0.0 0.0.255.255 destination 100.1.1.1 0
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user user1 password cipher %$%$fFf3J'f)SJ+wwuP3(uTW/5U#%$%$
local-user user1 privilege level 3
local-user user1 service-type telnet
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
ppp chap user user1
ppp chap password cipher %$%$j9yq@Tr&>4l:a`N%TV[:,"q,%$%$
ip address 100.1.12.2 255.255.255.0
rip metricout 5
#
interface Serial1/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip address 100.1.1.254 255.255.255.0
traffic-filter outbound acl 3000
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
rip 1
version 2
network 100.0.0.0
#
ip route-static 100.1.1.0 255.255.255.0 100.1.1.1
ip route-static 100.1.2.0 255.255.255.0 100.1.12.1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
authentication-mode aaa
user privilege level 3
user-interface vty 16 20
#
wlan ac
#
return
<R2>
LSW1:
<S1>display current-configuration
#
sysname S1
#
vlan batch 10 13 to 14 20
#
stp mode rstp
stp instance 0 root primary
#
lacp priority 100
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
drop-profile default
#
ip pool vlan10
gateway-list 10.1.10.254
network 10.1.10.0 mask 255.255.255.0
static-bind ip-address 10.1.10.100 mac-address 5489-986b-5a1d
excluded-ip-address 10.1.10.200 10.1.10.210
lease day 0 hour 10 minute 0
#
ip pool vlan20
gateway-list 10.1.20.254
network 10.1.20.0 mask 255.255.255.0
lease day 0 hour 10 minute 0
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 10.1.10.254 255.255.255.0
dhcp select global
#
interface Vlanif13
ip address 10.1.13.3 255.255.255.0
#
interface Vlanif14
ip address 10.1.14.4 255.255.255.0
#
interface Vlanif20
ip address 10.1.20.254 255.255.255.0
dhcp select global
#
interface MEth0/0/1
#
interface Eth-Trunk1
stp root-protection
mode lacp-static
max active-linknumber 3
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 13
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
stp root-protection
#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
stp root-protection
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
eth-trunk 1
lacp priority 100
#
interface GigabitEthernet0/0/23
eth-trunk 1
lacp priority 100
#
interface GigabitEthernet0/0/24
eth-trunk 1
lacp priority 100
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
ip route-static 10.1.13.1 255.255.255.255 GigabitEthernet0/0/1
ip route-static 100.1.1.0 255.255.255.0 10.1.13.1
ip route-static 100.1.12.0 255.255.255.0 10.1.13.1
#
user-interface con 0
user-interface vty 0 4
#
return
LSW2:
<S2>display current-configuration
#
sysname S2
#
vlan batch 10 13 to 14 20
#
stp mode rstp
stp instance 0 root secondary
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Eth-Trunk1
stp loop-protection
mode lacp-static
max active-linknumber 3
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 14
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
eth-trunk 1
#
interface GigabitEthernet0/0/23
eth-trunk 1
#
interface GigabitEthernet0/0/24
eth-trunk 1
#
interface NULL0
#
ip route-static 100.1.1.0 255.255.255.0 10.1.14.1
ip route-static 100.1.12.0 255.255.255.0 10.1.14.1
#
user-interface con 0
user-interface vty 0 4
#
return
LSW3:
[S3]dis current-configuration
#
sysname S3
#
vlan batch 10 20
#
stp mode rstp
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/3
port link-type access
port default vlan 10
stp bpdu-filter enable
stp edged-port enable
#
interface Ethernet0/0/4
port link-type access
port default vlan 20
stp bpdu-filter enable
stp edged-port enable
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 Ethernet0/0/1
ip route-static 10.1.13.1 255.255.255.255 Ethernet0/0/1
#
user-interface con 0
user-interface vty 0 4
#
return
LSW4:
<S4>dis current-configuration
#
sysname S4
#
vlan batch 10 20
#
stp mode rstp
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/3
port link-type access
port default vlan 10
stp bpdu-filter enable
stp edged-port enable
#
interface Ethernet0/0/4
port link-type access
port default vlan 20
stp bpdu-filter enable
stp edged-port enable
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return