Small and medium-sized enterprise campus network experiment
1. Network design:
- In the small enterprise network, Huawei s3700 is used for the access layer, S5700 is used for the core layer, and AR2220 is used for the egress gateway.
- Access layer and core layer, core layer and egress routing use link aggregation to increase link bandwidth and redundant backup;
- Each department is divided into different VLANs, and the departments communicate with each other through Layer 3 VLANIF between the core switches.
- The core layer acts as a DHCP SERVER to assign IP addresses to users;
- The intranet service is mapped to the public network as a NAT server;
- Core switches and egress routers use OSPF protocol;
2. Configuration:
1. Access layer switch
<sw2>display current-configuration
#
sysname sw2
#
vlan batch 10
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10
#
interface Ethernet0/0/1
eth-trunk 1
#
interface Ethernet0/0/2
eth-trunk 1
#
interface Ethernet0/0/3
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/4
port link-type access
port default vlan 10
stp edged-port enable
#
return
<sw2>
Second, the core switch
<sw1>display current-configuration
#
sysname sw1
#
vlan batch 10 20 30 100
#
stp instance 0 root primary
#
dhcp enable
#
ip pool vlan10
gateway-list 192.168.10.1
network 192.168.10.0 mask 255.255.255.0
dns-list 114.114.114.114 30.10.10.200
#
ip pool vlan20
gateway-list 192.168.20.1
network 192.168.20.0 mask 255.255.255.0
dns-list 114.114.114.114 30.10.10.200
#
ip pool vlan30
gateway-list 192.168.30.1
network 192.168.30.0 mask 255.255.255.0
dns-list 114.114.114.114
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
dhcp select global
#
interface Vlanif20
ip address 192.168.20.1 255.255.255.0
dhcp select global
#
interface Vlanif30
ip address 192.168.30.1 255.255.255.0
dhcp select global
#
interface Vlanif100
ip address 192.168.100.10 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10
#
interface Eth-Trunk2
port link-type trunk
port trunk allow-pass vlan 20
#
interface Eth-Trunk3
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/1
eth-trunk 3
#
interface GigabitEthernet0/0/2
eth-trunk 3
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface GigabitEthernet0/0/4
eth-trunk 1
#
interface GigabitEthernet0/0/5
eth-trunk 2
#
interface GigabitEthernet0/0/6
eth-trunk 2
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 30
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 192.168.100.10 0.0.0.0
network 192.168.10.1 0.0.0.0
network 192.168.20.1 0.0.0.0
network 192.168.30.1 0.0.0.0
#
user-interface con 0
user-interface vty 0 4
#
Three, export gateway
<r6>dis current-configuration
[V200R003C00]
#
sysname r6
#
dns resolve
dns server 114.114.114.114
dns proxy enable
#
acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
rule 10 permit source 192.168.20.0 0.0.0.255
rule 15 permit source 192.168.30.0 0.0.0.255
#
ip pool vlan20
dns-list 30.10.10.200
#
interface Eth-Trunk3
undo portswitch
ip address 192.168.100.100 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.10.5.200 255.255.255.0
nat server protocol tcp global 10.10.5.10 12345 inside 192.168.30.254 www
nat outbound 2000
#
interface GigabitEthernet0/0/1
eth-trunk 3
#
interface GigabitEthernet0/0/2
eth-trunk 3
#
interface NULL0
#
dialer-rule
#
ospf 1 router-id 1.1.1.1
default-route-advertise always
area 0.0.0.0
network 20.10.10.1 0.0.0.0
network 30.10.10.1 0.0.0.0
network 192.168.100.100 0.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 10.10.5.85
#
return
<r6>
Four: Verification: