当前位置：网站首页>基于ensp防火墙双击热备二层网络规划与设计

基于ensp防火墙双击热备二层网络规划与设计

2022-07-06 19:00:00 【小猿网】

作者：BSXY_19计科_陈永跃 BSXY_信息学院注：未经允许禁止转发任何内容

基于ensp防火墙双击热备二层网络规划与设计

前言及资源下载

前言及资源下载

有什么问题可以在评论区说明自己遇到的情况，博主看到会第一时间回复，希望其他人也可以回复别人的问题，。
可根据以下所提供的设计与实现步骤过程一步一步自行实现（每一条命令都是关键的命令）；但是如果有需要的也可以根据以下地址进行下载完整的topo图和完整的配置进行参考与借鉴，如若拿到topo图可多display查看配置，查看相应的命令，配套资源连接如下
基于ensp防火墙双击热备二层网络规划与设计(命令齐全)_参考文章_配置实验命令笔记
请添加图片描述

如果以上文章不方便查阅，可点击一下链接进行注册该笔记平台
(有一个记笔记真个是一个好的习惯)

第一步：先点击以下链接进行该笔记平台的注册
flowus笔记平台注册链接
第二步：点击以下即可参考该笔记
(笔记可以一键拷贝到自己的空间进行保存) (所有的命令都在了)

笔记分享查看&拷贝链接

防止链接失效，分享链接请尽快保存到自己的个人空间中
如果失效了的话，那就没办法了，将就该文章看吧

另外双击热备也是上下都是三层的，防火墙的出口一般直接就是路由器，所有近期可能会更改topo图，会在其他的文章中出现，请耐心等待

一、设计topo与要求(15个要求)

topo图01：
请添加图片描述
topo图02：

设计要求：

要求：
* 完成服务器、防火墙、路由器等接口地址的配置
* 配置Eth-Trunk 链路实现链路冗余
* 企业内部划分多个vlan，减少广播域大小，提高网络的可靠性
* 配置MSTP+VRRP实现流量负载分担，同时实现冗余，并配置相应的stp优化技术stp收敛，并减少stp震荡
* 为方便用户上网，所有用户均为自动获取IP地址
* 配置DHCP Snooing隔绝非法DHCP server
* 配置OSPF和静态路由实现三层路由互通
* 在运营商区域配置RIP使其能够用户能够访问相应客户端(10.10.10.10)
* 防火墙配置NAT策略和安全策略，使得用户可以访问外网
* 防火墙需要配置双击热备实现冗余
* 默认情况下访问左边(电信网络)
* 用户能够通过域名(www.baidu.com)访问外网百度
* LSW1-LSW12交换机都能被telnet(huawei 5555)
* 网络需要配置无线WLAN，且业务vlan 101 102 管理vlan 100
* 无线WLAN网络可以通过域名(www.baidu.com)访问外网百度

二、插曲:基于eNSP加防火墙的千人中型校园/企业网络规划与设计

插曲2：
以下topo是基于eNSP加防火墙的千人中型校园/企业网络规划与设计(附所有配置命令)，但是该文章中不做说明与介绍，如需要可点击此连接进行查阅，topo图与要求如下所示：

15个要求如下：
完成服务器、防火墙、路由器等接口地址的配置
配置Eth-Trunk 链路捆绑实现链路冗余
企业内部划分多个vlan,减小广播域大小，提高网络的可靠性
配置MSTP+VRRP实现流量负载分担，同时实现冗余，并配置相应的stp优化技术stp收敛，并减少stp震荡
所有用户均为自动获取IP地址
配置相应的DHCP snooping隔绝非法DHCP server
配置OSPF和静态路由实现三层路由互通
防火墙配置安全策略，放行内网区域到dmz区的流量
防火墙配置NAT策略和安全策略，使得用户可以访问外网百度
防火墙配置服务器映射和安全策略，允许外网用户Client通过公网地址100.100.100.100访问web服务器
防火墙配置相应策略，允许外网用户Client通过公网http://100.100.100.100访问登录web服务器
用户能够通过域名(www.baidu.com)访问外网百度
内部财务服务器只允许vlan 50用户访问
LSW1-LSW12交换机都能被telent(huawei 5555)
无线WLAN配置，且业务vlan 101 102也可以通过域名(www.baidu.com)访问外网百度

三、配置过程与相应命令

1、Eth-Trunk链路捆绑

	HX_SW1:
<Huawei>system-view 
[Huawei]un in en
[Huawei]sysname HX_SW1
[HX_SW1]int Eth-Trunk 1
[HX_SW1-Eth-Trunk1]mode lacp-static 
[HX_SW1-Eth-Trunk1]trunkport g0/0/13
[HX_SW1-Eth-Trunk1]trunkport g0/0/14
------------------------------------ 
    
    HX_SW2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname HX_SW2	
[HX_SW2]int Eth-Trunk 1
[HX_SW2-Eth-Trunk1]mode lacp-static 
[HX_SW2-Eth-Trunk1]trunkport g0/0/13
[HX_SW2-Eth-Trunk1]trunkport g0/0/14
[HX_SW2-Eth-Trunk1]qui

2、vlan 底层配置

[HX_SW1]vlan batch 10 20 30 40 2 4 200 900
[HX_SW1]int g0/0/3
[HX_SW1-GigabitEthernet0/0/3]port link-type trunk 
[HX_SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 900
[HX_SW1-GigabitEthernet0/0/3]int g0/0/4
[HX_SW1-GigabitEthernet0/0/4]port link-type trunk
[HX_SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 10 900
[HX_SW1-GigabitEthernet0/0/4]int g0/0/5
[HX_SW1-GigabitEthernet0/0/5]port link-type trunk
[HX_SW1-GigabitEthernet0/0/5]port trunk allow-pass vlan 20 900
[HX_SW1-GigabitEthernet0/0/5]int g0/0/6
[HX_SW1-GigabitEthernet0/0/6]port link-type trunk
[HX_SW1-GigabitEthernet0/0/6]port trunk allow-pass vlan 20 900
[HX_SW1-GigabitEthernet0/0/6]int g0/0/7
[HX_SW1-GigabitEthernet0/0/7]port link-type trunk
[HX_SW1-GigabitEthernet0/0/7]port trunk allow-pass vlan 30 900
[HX_SW1-GigabitEthernet0/0/7]int g0/0/8
[HX_SW1-GigabitEthernet0/0/8]port link-type trunk
[HX_SW1-GigabitEthernet0/0/8]port trunk allow-pass vlan 30 900
[HX_SW1-GigabitEthernet0/0/8]int g0/0/9
[HX_SW1-GigabitEthernet0/0/9]port link-type trunk
[HX_SW1-GigabitEthernet0/0/9]port trunk allow-pass vlan 40 900
[HX_SW1-GigabitEthernet0/0/9]int g0/0/10
[HX_SW1-GigabitEthernet0/0/10]port link-type trunk
[HX_SW1-GigabitEthernet0/0/10]port trunk allow-pass vlan 40 900
[HX_SW1-GigabitEthernet0/0/10]int g0/0/11
[HX_SW1-GigabitEthernet0/0/11]port link-type trunk
[HX_SW1-GigabitEthernet0/0/11]port trunk allow-pass vlan 200 900
[HX_SW1-GigabitEthernet0/0/11]int g0/0/1
[HX_SW1-GigabitEthernet0/0/1]port link-type access 
[HX_SW1-GigabitEthernet0/0/1]port default vlan 2
[HX_SW1-GigabitEthernet0/0/1]int g0/0/2
[HX_SW1-GigabitEthernet0/0/2]port link-type access
[HX_SW1-GigabitEthernet0/0/2]port default vlan 3
[HX_SW1-GigabitEthernet0/0/2]qui
[HX_SW1]int Eth-Trunk 1
[HX_SW1-Eth-Trunk1]port link-type trunk	
[HX_SW1-Eth-Trunk1]port trunk allow-pass vlan all 
[HX_SW1-Eth-Trunk1]qui
------------------------------------ 
    
    HX_SW2:
[HX_SW2]vlan batch 10 20 30 40 2 4 200 900
[HX_SW2]int g0/0/3
[HX_SW2-GigabitEthernet0/0/3]port link-type trunk 
[HX_SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 900
[HX_SW2-GigabitEthernet0/0/3]int g0/0/4
[HX_SW2-GigabitEthernet0/0/4]port link-type trunk
[HX_SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 10 900
[HX_SW2-GigabitEthernet0/0/4]int g0/0/5
[HX_SW2-GigabitEthernet0/0/5]port link-type trunk
[HX_SW2-GigabitEthernet0/0/5]port trunk allow-pass vlan 20 900
[HX_SW2-GigabitEthernet0/0/5]int g0/0/6
[HX_SW2-GigabitEthernet0/0/6]port link-type trunk
[HX_SW2-GigabitEthernet0/0/6]port trunk allow-pass vlan 20 900
[HX_SW2-GigabitEthernet0/0/6]int g0/0/7
[HX_SW2-GigabitEthernet0/0/7]port link-type trunk
[HX_SW2-GigabitEthernet0/0/7]port trunk allow-pass vlan 30 900
[HX_SW2-GigabitEthernet0/0/7]int g0/0/8
[HX_SW2-GigabitEthernet0/0/8]port link-type trunk
[HX_SW2-GigabitEthernet0/0/8]port trunk allow-pass vlan 30 900
[HX_SW2-GigabitEthernet0/0/8]int g0/0/9
[HX_SW2-GigabitEthernet0/0/9]port link-type trunk
[HX_SW2-GigabitEthernet0/0/9]port trunk allow-pass vlan 40 900
[HX_SW2-GigabitEthernet0/0/9]int g0/0/10
[HX_SW2-GigabitEthernet0/0/10]port link-type trunk
[HX_SW2-GigabitEthernet0/0/10]port trunk allow-pass vlan 40 900
[HX_SW2-GigabitEthernet0/0/10]int g0/0/11
[HX_SW2-GigabitEthernet0/0/11]port link-type trunk
[HX_SW2-GigabitEthernet0/0/11]port trunk allow-pass vlan 200 900
[HX_SW2-GigabitEthernet0/0/11]int g0/0/1
[HX_SW2-GigabitEthernet0/0/1]port link-type access 
[HX_SW2-GigabitEthernet0/0/1]port default vlan 7
[HX_SW2-GigabitEthernet0/0/1]int g0/0/2
[HX_SW2-GigabitEthernet0/0/2]port link-type access
[HX_SW2-GigabitEthernet0/0/2]port default vlan 4
[HX_SW2-GigabitEthernet0/0/2]qui
[HX_SW2]int Eth-Trunk 1
[HX_SW2-Eth-Trunk1]port link-type trunk	
[HX_SW2-Eth-Trunk1]port link-type trunk 
[HX_SW2-Eth-Trunk1]port trunk allow-pass vlan all 
[HX_SW2-Eth-Trunk1]qui
------------------------------------ 
    
    JR_SW3:
<Huawei>sy
[Huawei]un in en
[Huawei]sys	
[Huawei]sysname JR_SW2
[JR_SW3]vlan batch 10 20 30 40 900
[JR_SW3]int g0/0/1
[JR_SW3-GigabitEthernet0/0/1]port link-type trunk 
[JR_SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 900
[JR_SW3-GigabitEthernet0/0/1]int g0/0/2
[JR_SW3-GigabitEthernet0/0/2]port link-type trunk
[JR_SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 900
[JR_SW3-GigabitEthernet0/0/2]int g0/0/3
[JR_SW3-GigabitEthernet0/0/3]port link-type access 	
[JR_SW3-GigabitEthernet0/0/3]port default vlan 10
[JR_SW3-GigabitEthernet0/0/3]int g0/0/4
[JR_SW3-GigabitEthernet0/0/4]port link-type access
[JR_SW3-GigabitEthernet0/0/4]port default vlan 10
[JR_SW3-GigabitEthernet0/0/4]qui
[JR_SW3]qui
------------------------------------
    
    JR_SW4:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname JR_SW4
[JR_SW4]vlan batch 10 20 30 40 900
[JR_SW4]int g0/0/1
[JR_SW4-GigabitEthernet0/0/1]port link-type trunk 
[JR_SW4-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 900
[JR_SW4-GigabitEthernet0/0/1]int g0/0/2
[JR_SW4-GigabitEthernet0/0/2]port link-type trunk
[JR_SW4-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 900
[JR_SW4-GigabitEthernet0/0/2]int g0/0/3
[JR_SW4-GigabitEthernet0/0/3]port link-type access 
[JR_SW4-GigabitEthernet0/0/3]port default vlan 10
[JR_SW4-GigabitEthernet0/0/3]qui
------------------------------------
    
    JRS_SW5:
<Huawei>SY
[Huawei]un in en
[Huawei]sysname JR_SW5
[JR_SW5]vlan batch 10 20 30 40 900
[JR_SW5]int g0/0/1
[JR_SW5-GigabitEthernet0/0/1]port link-type trunk 
[JR_SW5-GigabitEthernet0/0/1]port trunk allow-pass vlan 20 900
[JR_SW5-GigabitEthernet0/0/1]int g0/0/2
[JR_SW5-GigabitEthernet0/0/2]port link-type trunk
[JR_SW5-GigabitEthernet0/0/2]port trunk allow-pass vlan 20 900
[JR_SW5-GigabitEthernet0/0/2]int g0/0/3
[JR_SW5-GigabitEthernet0/0/3]port link-type access 
[JR_SW5-GigabitEthernet0/0/3]port default vlan 20
[JR_SW5-GigabitEthernet0/0/3]qui
------------------------------------
    
    JR_SW6:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname JR_SW6
[JR_SW6]vlan batch 10 20 30 40 900
[JR_SW6]int g0/0/1
[JR_SW6-GigabitEthernet0/0/1]port link-type trunk 
[JR_SW6-GigabitEthernet0/0/1]port trunk allow-pass vlan 20 900
[JR_SW6-GigabitEthernet0/0/1]int g0/0/2
[JR_SW6-GigabitEthernet0/0/2]port link-type trunk
[JR_SW6-GigabitEthernet0/0/2]port trunk allow-pass vlan 20 900
[JR_SW6-GigabitEthernet0/0/2]int g0/0/3
[JR_SW6-GigabitEthernet0/0/3]port link-type access 
[JR_SW6-GigabitEthernet0/0/3]port default vlan 20
[JR_SW6-GigabitEthernet0/0/3]qui
------------------------------------
    
    JR_SW7:
<Huawei>SY
[Huawei]un in en
[Huawei]sysname JR_SW7
[JR_SW7]vlan batch 10 20 30 40 900
[JR_SW7]int g0/0/1
[JR_SW7-GigabitEthernet0/0/1]port link-type trunk 
[JR_SW7-GigabitEthernet0/0/1]port trunk allow-pass vlan 30 900
[JR_SW7-GigabitEthernet0/0/1]int g0/0/2
[JR_SW7-GigabitEthernet0/0/2]port link-type trunk
[JR_SW7-GigabitEthernet0/0/2]port trunk allow-pass vlan 30 900
[JR_SW7-GigabitEthernet0/0/2]int g0/0/3
[JR_SW7-GigabitEthernet0/0/3]port link-type access 
[JR_SW7-GigabitEthernet0/0/3]port default vlan 30
[JR_SW7-GigabitEthernet0/0/3]qui
------------------------------------
    JR_SW8:略
    JR_SW9:略
    JR_SW10:略
------------------------------------ 
    JR_11:
<Huawei>SY
[Huawei]un in en
[Huawei]sysname JR_SW11
[JR_SW11]vlan batch 10 20 30 40 200 900
[JR_SW11]int g0/0/1
[JR_SW11-GigabitEthernet0/0/1]port link-type trunk 
[JR_SW11-GigabitEthernet0/0/1]port trunk allow-pass vlan 200 900
[JR_SW11-GigabitEthernet0/0/1]int g0/0/2
[JR_SW11-GigabitEthernet0/0/2]port link-type trunk
[JR_SW11-GigabitEthernet0/0/2]port trunk allow-pass vlan 200 900
[JR_SW11-GigabitEthernet0/0/2]int g0/0/3
[JR_SW11-GigabitEthernet0/0/3]port link-type access 
[JR_SW11-GigabitEthernet0/0/3]port default vlan 200
[JR_SW11-GigabitEthernet0/0/3]int g0/0/4
[JR_SW11-GigabitEthernet0/0/4]port link-type access 
[JR_SW11-GigabitEthernet0/0/4]port default vlan 200
[JR_SW11-GigabitEthernet0/0/4]qui

3、MSTP多生成树

	HX_SW1:
<HX_SW1>sys
[HX_SW1]stp region-configuration 
[HX_SW1-mst-region]region-name aaa
[HX_SW1-mst-region]revision-level 1
[HX_SW1-mst-region]instance 1 vlan 10 20 200
[HX_SW1-mst-region]instance 2 vlan 30 40
[HX_SW1-mst-region]active region-configuration 
[HX_SW1-mst-region]dis this
#
stp region-configuration
 region-name aaa
 revision-level 1
 instance 1 vlan 10 20 200
 instance 2 vlan 30 40
 active region-configuration
#
return	
[HX_SW1-mst-region]qui
[HX_SW1]stp instance 1 root primary 
[HX_SW1]stp instance 2 root secondary 
------------------------------------
    
    HX_SW2:
[HX_SW2]stp region-configuration
[HX_SW2-mst-region]region-name aaa
[HX_SW2-mst-region]revision-level 1
[HX_SW2-mst-region]instance 1 vlan 10 20 200
[HX_SW2-mst-region]instance 2 vlan 30 40
[HX_SW2-mst-region]active region-configuration
[HX_SW2-mst-region]qui
[HX_SW2]stp instance 2 root primary 
[HX_SW2]stp instance 1 root secondary 
------------------------------------
    
    JR_SW3:
[JR_SW3]stp region-configuration
[JR_SW3-mst-region]region-name aaa
[JR_SW3-mst-region]revision-level 1
[JR_SW3-mst-region]instance 1 vlan 10 20 200
[JR_SW3-mst-region]instance 2 vlan 30 40
[JR_SW3-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[JR_SW3-mst-region]qui
[JR_SW3]dis stp br
 MSTID  Port                        Role  STP State     Protection
   1    GigabitEthernet0/0/1        ROOT  FORWARDING      NONE
   1    GigabitEthernet0/0/2        ALTE  DISCARDING      NONE
//发现g/0/2是堵塞(DISCARDING)的就可以了
------------------------------------
    JR_SW4:
[JR_SW4]stp region-configuration
[JR_SW4-mst-region]region-name aaa
[JR_SW4-mst-region]revision-level 1
[JR_SW4-mst-region]instance 1 vlan 10 20 200
[JR_SW4-mst-region]instance 2 vlan 30 40
[JR_SW4-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[JR_SW4-mst-region]qui
[JR_SW4]dis stp br
 MSTID  Port                        Role  STP State     Protection
   1    GigabitEthernet0/0/1        ROOT  FORWARDING      NONE
   1    GigabitEthernet0/0/2        ALTE  DISCARDING      NONE
//发现g/0/2是堵塞(DISCARDING)的就可以了
------------------------------------
    JR_SW5:略
    JR_SW6:略
    JR_SW7:略
    JR_SW8:略
    JR_SW9:略
    JR_SW10:略
------------------------------------
    JR_SW11:
[JR_SW11]stp region-configuration
[JR_SW11-mst-region]region-name aaa
[JR_SW11-mst-region]revision-level 1
[JR_SW11-mst-region]instance 1 vlan 10 20 200
[JR_SW11-mst-region]instance 2 vlan 30 40
[JR_SW11-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[JR_SW11-mst-region]qui
[JR_SW11]dis stp br
 MSTID  Port                        Role  STP State     Protection
   0    GigabitEthernet0/0/1        ALTE  DISCARDING      NONE
   0    GigabitEthernet0/0/2        ROOT  FORWARDING      NONE
   0    GigabitEthernet0/0/3        DESI  DISCARDING      NONE
   1    GigabitEthernet0/0/1        ROOT  FORWARDING      NONE
   1    GigabitEthernet0/0/2        ALTE  DISCARDING      NONE
   1    GigabitEthernet0/0/3        DESI  DISCARDING      NONE
发现g/0/2是堵塞(DISCARDING)的就可以了

4、VRRP网关配置

	HX_SW1:
[HX_SW1]int vlan 10
[HX_SW1-Vlanif10]ip add 192.168.10.254 24
[HX_SW1-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.1
[HX_SW1-Vlanif10]vrrp vrid 10 priority 105
[HX_SW1-Vlanif10]dis this
#
interface Vlanif10
 ip address 192.168.10.254 255.255.255.0
 vrrp vrid 10 virtual-ip 192.168.10.1
 vrrp vrid 10 priority 105
#
return
[HX_SW1-Vlanif10]qui
[HX_SW1]int vlan 20
[HX_SW1-Vlanif20]ip add 192.168.20.254 24
[HX_SW1-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.1
[HX_SW1-Vlanif20]vrrp vrid 20 priority 105
[HX_SW1-Vlanif20]qui
[HX_SW1]int vlan 200
[HX_SW1-Vlanif200]ip add 192.168.200.254 24
[HX_SW1-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1
[HX_SW1-Vlanif200]vrrp vrid 200 priority 105
[HX_SW1-Vlanif200]int vlan 30
[HX_SW1-Vlanif30]ip add 192.168.30.254 24
[HX_SW1-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.1
[HX_SW1-Vlanif30]int vlan 40
[HX_SW1-Vlanif40]ip add 192.168.40.254 24
[HX_SW1-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.1
------------------------------------
    
    HX_SW2:
[HX_SW2]int vlan 30
[HX_SW2-Vlanif30]ip add 192.168.30.253 24
[HX_SW2-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.1
[HX_SW2-Vlanif30]vrrp vrid 30 priority 105
[HX_SW2-Vlanif30]dis this
#
interface Vlanif30
 ip address 192.168.30.253 255.255.255.0
 vrrp vrid 30 virtual-ip 192.168.30.1
 vrrp vrid 30 priority 105
#
return
[HX_SW2-Vlanif30]qui
[HX_SW2]int vlan 40
[HX_SW2-Vlanif40]ip add 192.168.40.253 24
[HX_SW2-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.1
[HX_SW2-Vlanif40]vrrp vrid 40 priority 105
[HX_SW2-Vlanif40]qui
[HX_SW2]int vlan 200
[HX_SW2-Vlanif200]ip add 192.168.200.253 24
[HX_SW2-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1
[HX_SW2-Vlanif200]int vlan 10
[HX_SW2-Vlanif10]ip add 192.168.10.253 24
[HX_SW2-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.1
[HX_SW2-Vlanif10]int vlan 20
[HX_SW2-Vlanif20]ip add 192.168.20.253 24
[HX_SW2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.1
[HX_SW2-Vlanif20]qui

5、VRRP网络冗余验证

	HX_SW1:
<HX_SW1>dis vrrp br
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
10    Master       Vlanif10                 Normal   192.168.10.1   
20    Master       Vlanif20                 Normal   192.168.20.1   
30    Backup       Vlanif30                 Normal   192.168.30.1   
40    Backup       Vlanif40                 Normal   192.168.40.1   
200   Master       Vlanif200                Normal   192.168.200.1   
<HX_SW1>
------------------------------------
    
    HX_SW2:
<HX_SW2>dis vrrp br
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
10    Backup       Vlanif10                 Normal   192.168.10.1   
20    Backup       Vlanif20                 Normal   192.168.20.1   
30    Master       Vlanif30                 Normal   192.168.30.1   
40    Master       Vlanif40                 Normal   192.168.40.1   
200   Backup       Vlanif200                Normal   192.168.200.1    
<HX_SW2>

6、测试PC通网关

/*手动给PC配置IP地址访问网关，如给vlan3下的PC配置 IP：192.168.30.3 GW：192.168.30.1 测试访问网关，ping 192.168.30.1通了即可*/

/*手动给PC配置IP地址访问网关，如给vlan3下的PC配置 IP：192.168.70.7 GW：192.168.70.1 测试访问网关，ping 192.168.70.1通了即可*/

7、DHCP中继

	DHCP:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname DHCP
[DHCP]dhcp enable 
[DHCP]ip pool vlan10
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan10]network 192.168.10.0 mask 24
[DHCP-ip-pool-vlan10]gateway-list 192.168.10.1
[DHCP-ip-pool-vlan10]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-vlan10]excluded-ip-address 192.168.10.250 192.168.10.254
[DHCP-ip-pool-vlan10]q
[DHCP]ip pool vlan20
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan20]network 192.168.20.0 mask 24
[DHCP-ip-pool-vlan20]gateway-list 192.168.20.1
[DHCP-ip-pool-vlan20]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-vlan20]excluded-ip-address 192.168.20.250 192.168.20.254
[DHCP-ip-pool-vlan20]q
[DHCP]ip pool vlan30
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan30]gateway-list 192.168.30.1
[DHCP-ip-pool-vlan30]network 192.168.30.0 mask 255.255.255.0
[DHCP-ip-pool-vlan30]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-vlan30]excluded-ip-address 192.168.30.250 192.168.30.254
[DHCP-ip-pool-vlan30]q
[DHCP]ip pool vlan40
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan40]gateway-list 192.168.40.1
[DHCP-ip-pool-vlan40]network 192.168.40.0 mask 255.255.255.0
[DHCP-ip-pool-vlan40]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-vlan40]excluded-ip-address 192.168.40.250 192.168.40.254
[DHCP-ip-pool-vlan40]q
[DHCP]int g0/0/0
[DHCP-GigabitEthernet0/0/0]ip add 192.168.200.3 24
[DHCP-GigabitEthernet0/0/0]dhcp select global 
[DHCP-GigabitEthernet0/0/0]dis this
[DHCP-GigabitEthernet0/0/0]quit
[DHCP]ip route-static 0.0.0.0 0 192.168.200.1
------------------------------------
    
    HX_SW1:
<HX_SW1>sy
[HX_SW1]dhcp enable 
[HX_SW1]int vlanif10
[HX_SW1-Vlanif10]dhcp select relay
[HX_SW1-Vlanif10]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif10]int vlanif20
[HX_SW1-Vlanif20]dhcp select relay 
[HX_SW1-Vlanif20]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif20]int vlanif30
[HX_SW1-Vlanif30]dhcp select relay 	
[HX_SW1-Vlanif30]dhcp select relay 
[HX_SW1-Vlanif30]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif30]int vlanif40
[HX_SW1-Vlanif40]dhcp select relay 
[HX_SW1-Vlanif40]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif40]qui
[HX_SW1]qui
------------------------------------
    
    HX_SW2:
<HX_SW2>sy
[HX_SW2]dhcp enable 
[HX_SW2]int vlanif10
[HX_SW2-Vlanif10]dhcp select relay
[HX_SW2-Vlanif10]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif10]int vlanif20
[HX_SW2-Vlanif20]dhcp select relay 
[HX_SW2-Vlanif20]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif20]int vlanif30
[HX_SW2-Vlanif30]dhcp select relay 
[HX_SW2-Vlanif30]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif30]int vlanif40
[HX_SW2-Vlanif40]dhcp select relay 
[HX_SW2-Vlanif40]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif40]qui
[HX_SW2]qui

8、dhcp snooping配置

作用是隔绝非法的dhcp server，通过配置信任和非信端口；但是同时也会给PC获取IP地址的速度变慢

	JR_SW3:
[JR_SW3]dhcp enable 
[JR_SW3]dhcp snooping enable 
[JR_SW3]vlan 10
[JR_SW3-vlan10]dhcp snooping enable 
[JR_SW3-vlan10]qui
[JR_SW3]int g0/0/1
[JR_SW3-GigabitEthernet0/0/1]dhcp snooping trusted 
[JR_SW3-GigabitEthernet0/0/1]int g0/0/2	
[JR_SW3-GigabitEthernet0/0/2]dhcp snooping trusted 
[JR_SW3-GigabitEthernet0/0/2]dis this
------------------------------------
    
    JR_SW4:
[JR_SW4]dhcp enable 
[JR_SW4]dhcp snooping enable 
[JR_SW4]vlan 10
[JR_SW4-vlan10]dhcp snooping enable 
[JR_SW4-vlan10]qui
[JR_SW4]int g0/0/1
[JR_SW4-GigabitEthernet0/0/1]dhcp snooping trusted 
[JR_SW4-GigabitEthernet0/0/1]int g0/0/2	
[JR_SW4-GigabitEthernet0/0/2]dhcp snooping trusted 
[JR_SW4-GigabitEthernet0/0/2]dis this
------------------------------------
    
    JR_SW5:
[JR_SW5]dhcp enable 
[JR_SW5]dhcp snooping enable 
[JR_SW5]vlan 20
[JR_SW5-vlan20]dhcp snooping enable 
[JR_SW5-vlan20]qui
[JR_SW5]int g0/0/1
[JR_SW5-GigabitEthernet0/0/1]dhcp snooping trusted 
[JR_SW5-GigabitEthernet0/0/1]int g0/0/2	
[JR_SW5-GigabitEthernet0/0/2]dhcp snooping trusted 
[JR_SW5-GigabitEthernet0/0/2]dis this
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 20 900
 dhcp snooping trusted
#
return
[JR_SW5-GigabitEthernet0/0/2]qui
------------------------------------
    
    JR_SW6:略
    JR_SW7:略
    JR_SW8:略
    JR_SW9:略

------------------------------------
        
    JR_SW10:
[JR_SW10]dhcp enable 
[JR_SW10]dhcp snooping enable 
[JR_SW10]vlan 40
[JR_SW10-vlan40]dhcp snooping enable 
[JR_SW10-vlan40]qui
[JR_SW10]int g0/0/1
[JR_SW10-GigabitEthernet0/0/1]dhcp snooping trusted 
[JR_SW10-GigabitEthernet0/0/1]int g0/0/2	
[JR_SW10-GigabitEthernet0/0/2]dhcp snooping trusted 
[JR_SW10-GigabitEthernet0/0/2]dis this
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 20 900
 dhcp snooping trusted
#
return
[JR_SW5-GigabitEthernet0/0/2]qui

9、防火墙基础配置及双击热备

	FW1:
[FW1]un in en
[FW1]sysname FW1
[FW1]int g1/0/0
[FW1-GigabitEthernet1/0/0]ip add 192.168.6.1 24
[FW1-GigabitEthernet1/0/0]service-manage all permit 
[FW1-GigabitEthernet1/0/0]int g1/0/1
[FW1-GigabitEthernet1/0/1]ip add 192.168.2.1 24
[FW1-GigabitEthernet1/0/1]service-manage all permit 
[FW1-GigabitEthernet1/0/1]int g1/0/2
[FW1-GigabitEthernet1/0/2]ip add 192.168.4.1 24
[FW1-GigabitEthernet1/0/2]service-manage all permit 
[FW1-GigabitEthernet1/0/2]int g1/0/3
[FW1-GigabitEthernet1/0/3]ip add 192.168.7.1 24
[FW1-GigabitEthernet1/0/3]service-manage all permit
[FW1-GigabitEthernet1/0/3]int g1/0/6
[FW1-GigabitEthernet1/0/6]ip add 192.168.1.1 24
[FW1-GigabitEthernet1/0/6]service-manage all permit
[FW1-GigabitEthernet1/0/6]qui
[FW1]firewall zone untrust 
[FW1-zone-untrust]add int g1/0/0
[FW1-zone-untrust]add int g1/0/3
[FW1-zone-untrust]qui
[FW1]firewall zone trust 
[FW1-zone-trust]add int g1/0/1
[FW1-zone-trust]add int g1/0/2
[FW1-zone-trust]qui
[FW1]firewall zone dmz 
[FW1-zone-dmz]add int g1/0/6
[FW1-zone-dmz]qui
[FW1]ip route-static 0.0.0.0 0 192.168.6.3
[FW1]ip route-static 0.0.0.0 0 192.168.7.3 preference 70
[FW1]security-policy
[FW1-policy-security]rule name permit_heat
[FW1-policy-security-rule-permit_heat]source-zone local
[FW1-policy-security-rule-permit_heat]destination-zone dmz
[FW1-policy-security-rule-permit_heat]action permit
[FW1-policy-security-rule-permit_heat]q
[FW1-policy-security]rule name permit_trust_untrust
[FW1-policy-security-rule-permit_trust_untrust]source-zone trust
[FW1-policy-security-rule-permit_trust_untrust]destination-zone untrust
[FW1-policy-security-rule-permit_trust_untrust]action permit 
[FW1-policy-security-rule-permit_trust_untrust]q
[FW1-policy-security]q
[FW1]int g1/0/1
[FW1-GigabitEthernet1/0/1]vrrp vrid 2 virtual-ip 192.168.2.100 active
[FW1-GigabitEthernet1/0/1]qui
[FW1]int g1/0/0
[FW1-GigabitEthernet1/0/0]vrrp vrid 6 virtual-ip 192.168.6.100 active
[FW1-GigabitEthernet1/0/0]qui
[FW1]int g1/0/2
[FW1-GigabitEthernet1/0/2]vrrp vrid 4 virtual-ip 192.168.4.100 active
[FW1-GigabitEthernet1/0/2]qui
[FW1]int g1/0/3
[FW1-GigabitEthernet1/0/3]vrrp vrid 7 virtual-ip 192.168.7.100 active
[FW1-GigabitEthernet1/0/3]qui
[FW1]hrp interface g1/0/6 remote 192.168.1.2
[FW1]hrp en
HRP_S[FW1]hrp auto-sync 
HRP_S[FW1]dis hrp state
HRP_S[FW1]dis hrp int
------------------------------------
    
    FW2:
[FW2]un in en
[FW2]sysname FW2
[FW2]int g1/0/0
[FW2-GigabitEthernet1/0/0]ip add 192.168.6.2 24
[FW2-GigabitEthernet1/0/0]service-manage all permit 
[FW2-GigabitEthernet1/0/0]int g1/0/1
[FW2-GigabitEthernet1/0/1]ip add 192.168.2.4 24
[FW2-GigabitEthernet1/0/1]service-manage all permit 
[FW2-GigabitEthernet1/0/1]int g1/0/2
[FW2-GigabitEthernet1/0/2]ip add 192.168.4.4 24
[FW2-GigabitEthernet1/0/2]service-manage all permit 
[FW2-GigabitEthernet1/0/2]int g1/0/3
[FW2-GigabitEthernet1/0/3]ip add 192.168.7.2 24
[FW2-GigabitEthernet1/0/3]service-manage all permit 
[FW2-GigabitEthernet1/0/3]int g1/0/6
[FW2-GigabitEthernet1/0/6]ip add 192.168.1.2 24
[FW2-GigabitEthernet1/0/6]service-manage all permit
[FW2-GigabitEthernet1/0/6]qui
[FW2]firewall zone untrust 
[FW2-zone-untrust]add int g1/0/0
[FW2-zone-untrust]add int g1/0/3
[FW2-zone-untrust]qui
[FW2]firewall zone trust 
[FW2-zone-trust]add int g1/0/1
[FW2-zone-trust]add int g1/0/2
[FW2-zone-trust]qui
[FW2]firewall zone dmz 
[FW2-zone-dmz]add int g1/0/6
[FW2-zone-dmz]qui
[FW2]ip route-static 0.0.0.0 0 192.168.6.3
[FW2]ip route-static 0.0.0.0 0 192.168.7.3 preference 70
[FW2]security-policy 
[FW2-policy-security]rule name permit_heat
[FW2-policy-security-rule-permit_heat]source-zone local
[FW2-policy-security-rule-permit_heat]destination-zone dmz
[FW2-policy-security-rule-permit_heat]action permit
[FW2-policy-security-rule-permit_heat]q
[FW2-policy-security]rule name permit_trust_untrust
[FW2-policy-security-rule-permit_trust_untrust]source-zone trust
[FW2-policy-security-rule-permit_trust_untrust]destination-zone untrust
[FW2-policy-security-rule-permit_trust_untrust]action permit 
[FW2-policy-security-rule-permit_trust_untrust]q
[FW2-policy-security]q
[FW2]int g1/0/1
[FW2-GigabitEthernet1/0/1]vrrp vrid 2 virtual-ip 192.168.2.100 standby
[FW2-GigabitEthernet1/0/1]qui
[FW2]int g1/0/0
[FW2-GigabitEthernet1/0/0]vrrp vrid 6 virtual-ip 192.168.6.100 standby
[FW2-GigabitEthernet1/0/0]qui
[FW2]int g1/0/2
[FW2-GigabitEthernet1/0/2]vrrp vrid 4 virtual-ip 192.168.4.100 standby
[FW2-GigabitEthernet1/0/2]qui
[FW2]int g1/0/3
[FW2-GigabitEthernet1/0/3]vrrp vrid 7 virtual-ip 192.168.7.100 standby
[FW2-GigabitEthernet1/0/3]qui
[FW2]hrp interface g1/0/6 remote 192.168.1.1
[FW2]hrp en
HRP_S[FW2]hrp auto-sync 
HRP_S[FW2]dis hrp state
HRP_S[FW2]dis hrp int
------------------------------------
    
	AR1:
un in en
sysname AR1
int g0/0/1
ip add 192.168.6.3 24
int g0/0/0
ip add 192.168.8.1 24
qui
int loo 0
ip add 5.5.5.5 32
qui

qui
save
------------------------------------
    
	AR2:
un in en
sysname AR2
int g0/0/1
ip add 192.168.7.3 24
qui
int loo 0
ip add 9.9.9.9 32
qui

qui
save
------------------------------------
    
	HX_SW1:
int g0/0/1
port link-type access 
port default vlan 2
qui
int g0/0/2
port link-type access
port default vlan 4
qui
int vlan 2
ip add 192.168.2.2 24
qui
int vlan 4
ip add 192.168.4.3 24
qui
ip route-static 0.0.0.0 0 192.168.2.10
ip route-static 0.0.0.0 0 192.168.4.100 preference 70
qui
save
------------------------------------
    
	HX_SW2:
int g0/0/1
port link-type access 
port default vlan 2
qui
int g0/0/2
port link-type access
port default vlan 4
qui
int vlan 2
ip add 192.168.2.3 24
qui
int vlan 4
ip add 192.168.4.2 24
qui
ip route-static 0.0.0.0 0 192.168.2.10
ip route-static 0.0.0.0 0 192.168.4.100 preference 70
qui
save

10、OSPF配置

	HX_SW1:
[HX_SW1]ospf
[HX_SW1-ospf-1]area 0
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.10.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.20.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.30.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.40.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.200.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.4.0 0.0.0.255
    
    HX_SW2:
[HX_SW2]ospf
[HX_SW2-ospf-1]area 0
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.10.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.20.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.30.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.40.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.200.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.4.0 0.0.0.255
    
    FW1:
HRP_M[FW1]ospf
HRP_M[FW1-ospf-1]area 0
HRP_M[FW1-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255
HRP_M[FW1-ospf-1-area-0.0.0.0]net 192.168.4.0 0.0.0.255
    
    FW2:
HRP_S[FW2]ospf
HRP_S[FW2-ospf-1]area 0
HRP_S[FW2-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255
HRP_S[FW2-ospf-1-area-0.0.0.0]net 192.168.4.0 0.0.0.255

//现在PC就可以ping 5.5.5.5了，并可以ping通

11、RIP配置

	AR3:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR3
[AR3]int g0/0/0
[AR3-GigabitEthernet0/0/0]ip add 192.168.8.2 24
[AR3-GigabitEthernet0/0/0]int g0/0/1
[AR3-GigabitEthernet0/0/1]ip add 10.10.10.254 24
[AR3-GigabitEthernet0/0/1]qui
[AR3]rip
[AR3-rip-1]
[V200R003C00]version 2
[AR3-rip-1]net 192.168.8.0
[AR3-rip-1]net 10.0.0.0
[AR3-rip-1]qui
[AR3]
    
    AR1:
[AR1]rip
[AR1-rip-1]version 2
[AR1-rip-1]network 192.168.6.0
[AR1-rip-1]network 192.168.8.0
[AR1-rip-1]qui
[AR1]

12、防火墙NAT策略(前面忘记配置了)

因为已经开启了双机热备功能了所以现在只需要在主防火墙上配置即可(同步到备防火墙上)

HRP_M<FW1>sys
Enter system view, return user view with Ctrl+Z.
HRP_M[FW1]nat-p	
HRP_M[FW1]nat-policy  (+B)
HRP_M[FW1-policy-nat]rule name to_isp (+B)
HRP_M[FW1-policy-nat-rule-to_isp]source-zone trust (+B)
HRP_M[FW1-policy-nat-rule-to_isp]destination-zone untrust (+B)
HRP_M[FW1-policy-nat-rule-to_isp]source-address 192.168.10.0 24 (+B)
HRP_M[FW1-policy-nat-rule-to_isp]source-address 192.168.20.0 24 (+B)
HRP_M[FW1-policy-nat-rule-to_isp]source-address 192.168.30.0 24 (+B)
HRP_M[FW1-policy-nat-rule-to_isp]source-address 192.168.40.0 24 (+B)
HRP_M[FW1-policy-nat-rule-to_isp]source-address 192.168.100.0 24 (+B)
HRP_M[FW1-policy-nat-rule-to_isp]source-address 192.168.101.0 24 (+B)
HRP_M[FW1-policy-nat-rule-to_isp]source-address 192.168.102.0 24 (+B)
HRP_M[FW1-policy-nat-rule-to_isp]action source-nat easy-ip (+B)
HRP_M[FW1-policy-nat-rule-to_isp]qui
HRP_M[FW1-policy-nat]qui
HRP_M[FW1]qui
HRP_M<FW1>save

13、telnet远程管理配置

	HX_SW1:
[HX_SW1]aaa
[HX_SW1-aaa]local-user huawei privilege level 3 password cipher 5555
[HX_SW1-aaa]local-user huawei service-type telnet 
[HX_SW1-aaa]qui	
[HX_SW1]user-interface vty 0 4
[HX_SW1-ui-vty0-4]authentication-mode aaa
[HX_SW1-ui-vty0-4]protocol inbound telnet 
[HX_SW1-ui-vty0-4]qui
[HX_SW1]int vlanif 900
[HX_SW1-Vlanif900]ip add 192.168.255.254 24
[HX_SW1-Vlanif900]vrrp vrid 255 virtual-ip 192.168.255.1  
[HX_SW1-Vlanif900]dis this
#
interface Vlanif900
 ip address 192.168.255.254 255.255.255.0
 vrrp vrid 255 virtual-ip 192.168.255.1
#
return
[HX_SW1-Vlanif900]q
------------------------------------
    
    HX_SW2:
[HX_SW2]aaa
[HX_SW2-aaa]local-user huawei privilege level 3 password cipher 5555
[HX_SW2-aaa]local-user huawei service-type telnet
[HX_SW2-aaa]qui
[HX_SW2]user-interface vty 0 4
[HX_SW2-ui-vty0-4]authentication-mode aaa
[HX_SW2-ui-vty0-4]protocol inbound telnet
[HX_SW2-ui-vty0-4]qui
[HX_SW2]int vlanif 900
[HX_SW2-Vlanif900]ip add 192.168.255.253 24
[HX_SW2-Vlanif900]vrrp vrid 255 virtual-ip 192.168.255.1
[HX_SW2-Vlanif900]dis this
#
interface Vlanif900
 ip address 192.168.255.253 255.255.255.0
 vrrp vrid 255 virtual-ip 192.168.255.1
#
return
[HX_SW2-Vlanif900]q
------------------------------------
    
    HJ_SW3:
[JR_SW3]aaa
[JR_SW3-aaa]local-user huawei privilege level 3 password cipher 5555
[JR_SW3-aaa]local-user huawei service-type telnet
[JR_SW3-aaa]qui
[JR_SW3]user-interface vty 0 4
[JR_SW3-ui-vty0-4]authentication-mode aaa
[JR_SW3-ui-vty0-4]protocol inbound telnet
[JR_SW3-ui-vty0-4]qui
[JR_SW3]int vlanif 900
[JR_SW3-Vlanif900]ip add 192.168.255.3 24
[JR_SW3-Vlanif900]qui
[JR_SW3]ip route-s 0.0.0.0 0 192.168.255.1
------------------------------------
    
    JR_SW11:
<JR_SW11>sys
[JR_SW11]aaa
[JR_SW11-aaa]local-user huawei privilege level 3 password cipher 5555
[JR_SW11-aaa]local-user huawei service-type telnet
[JR_SW11-aaa]qui
[JR_SW11]user-interface vty 0 4
[JR_SW11-ui-vty0-4]authentication-mode aaa
[JR_SW11-ui-vty0-4]protocol inbound telnet
[JR_SW11-ui-vty0-4]qui
[JR_SW11]int vlanif 900
[JR_SW11-Vlanif900]ip add 192.168.255.11 24
[JR_SW11-Vlanif900]qui
[JR_SW11]ip route-s 0.0.0.0 0 192.168.255.1
[JR_SW11]qui
<JR_SW11>save
//其余的交换机都是一样的配置，就省略不配了
//现在就可以在模拟PC路由器的g0/0/0端口上开启自动获取地址，获取到地址后就可以通过telnet远程了
/*<PC>telnet 192.168.255.254 Press CTRL_] to quit telnet mode Trying 192.168.255.254 ... Connected to 192.168.255.254 ... Username:huawei Password: Info: The max number of VTY users is 5, and the number of current VTY users on line is 1. The current login time is 2022-06-29 18:56:26. <HX_SW1>*/

14、无线网络配置

请添加图片描述

	HX_SW2:
<HX_SW2>sys
[HX_SW2]vlan batch 100 101 102
[HX_SW2]int g0/0/12
[HX_SW2-GigabitEthernet0/0/12]port link-type trunk
[HX_SW2-GigabitEthernet0/0/12]port trunk allow-pass vlan all
[HX_SW2-GigabitEthernet0/0/12]int g0/0/4
[HX_SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 100 101 102
[HX_SW2-GigabitEthernet0/0/4]int g0/0/8
[HX_SW2-GigabitEthernet0/0/8]port trunk allow-pass vlan 100 101 102
[HX_SW2-GigabitEthernet0/0/8]qui
[HX_SW2]int vlan 100
[HX_SW2-Vlanif100]ip add 192.168.100.1 24
[HX_SW2-Vlanif100]int vlan 101
[HX_SW2-Vlanif101]ip add 192.168.101.1 24
[HX_SW2-Vlanif101]int vlan 102
[HX_SW2-Vlanif102]ip add 192.168.102.1 24
[HX_SW2-Vlanif102]qui
[HX_SW2]dhcp enable
[HX_SW2]ip pool ap_pool
Info:It's successful to create an IP address pool.
[HX_SW2-ip-pool-ap_pool]gateway-list 192.168.100.1
[HX_SW2-ip-pool-ap_pool]network 192.168.100.0 mask 24
[HX_SW2-ip-pool-ap_pool]excluded-ip-address 192.168.100.100
[HX_SW2-ip-pool-ap_pool]dns-list 192.168.200.2
[HX_SW2-ip-pool-ap_pool]qui
[HX_SW2]ip pool hua_1
Info:It's successful to create an IP address pool.
[HX_SW2-ip-pool-hua_1]gateway-list 192.168.101.1
[HX_SW2-ip-pool-hua_1]network 192.168.101.0 mask 24
[HX_SW2-ip-pool-hua_1]dns-list 192.168.200.2
[HX_SW2-ip-pool-hua_1]qui
[HX_SW2]ip pool hua_2
Info:It's successful to create an IP address pool.
[HX_SW2-ip-pool-hua_2]gateway-list 192.168.102.1
[HX_SW2-ip-pool-hua_2]network 192.168.102.0 mask 24
[HX_SW2-ip-pool-hua_2]dns-list 192.168.200.2
[HX_SW2-ip-pool-hua_2]qui
[HX_SW2]int vlan 100
[HX_SW2-Vlanif100]dhcp select global 
[HX_SW2-Vlanif100]int vlan 101
[HX_SW2-Vlanif101]dhcp select global
[HX_SW2-Vlanif101]int vlan 102
[HX_SW2-Vlanif102]dhcp select global
[HX_SW2-Vlanif102]qui
[HX_SW2]qui
<HX_SW2>save
------------------------------------
    
    JR_SW4:
<JR_SW4>sys
[JR_SW4]vlan batch 100 101 102
[JR_SW4]int g0/0/2
[JR_SW4-GigabitEthernet0/0/2]port trunk allow-pass  vlan 100 101 102
[JR_SW4-GigabitEthernet0/0/2]int g0/0/4
[JR_SW4-GigabitEthernet0/0/4]port link-type trunk
[JR_SW4-GigabitEthernet0/0/4]port trunk pvid vlan 100
[JR_SW4-GigabitEthernet0/0/4]port trunk allow-pass vlan 100 101
[JR_SW4-GigabitEthernet0/0/4]qui
[JR_SW4]qui
<JR_SW4>save
------------------------------------
    
    JR_SW8:
<JR_SW8>sys
[JR_SW8]vlan batch 100 101 102
[JR_SW8]int g0/0/2
[JR_SW8-GigabitEthernet0/0/2]port trunk allow-pass  vlan 100 101 102
[JR_SW8-GigabitEthernet0/0/2]int g0/0/4
[JR_SW8-GigabitEthernet0/0/4]port link-type trunk
[JR_SW8-GigabitEthernet0/0/4]port trunk pvid vlan 100
[JR_SW8-GigabitEthernet0/0/4]port trunk allow-pass vlan 100 102
[JR_SW8-GigabitEthernet0/0/4]qui
[JR_SW8]qui
<JR_SW8>SAVE
------------------------------------
    
    AC:
<AC6605>sys
[AC6605]un in en
[AC6605]sysname AC1
[AC1]vlan batch 100 to 102
[AC1]int g0/0/1
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC1-GigabitEthernet0/0/1]qui
[AC1]int vlan 100
[AC1-Vlanif100]ip add 192.168.100.100 24
[AC1-Vlanif100]qui
[AC1]capwap source int vlanif100
[AC1]wlan
[AC1-wlan-view]ap-group name CYY
[AC1-wlan-ap-group-CYY]qui
[AC1-wlan-view]regulatory-domain-profile name domain1
[AC1-wlan-regulate-domain-domain1]country-code cn
[AC1-wlan-regulate-domain-domain1]qui
[AC1-wlan-view]ap-group name CYY
[AC1-wlan-ap-group-CYY]regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC1-wlan-ap-group-CYY]qui
[AC1-wlan-view]qui
[AC1]wlan
[AC1-wlan-view]ap-group name YYC
[AC1-wlan-ap-group-YYC]qui
[AC1-wlan-view]regulatory-domain-profile name domain2
[AC1-wlan-regulate-domain-domain2]country-code cn
[AC1-wlan-regulate-domain-domain2]q
[AC1-wlan-view]ap-group name YYC
[AC1-wlan-ap-group-YYC]regulatory-domain-profile domain2
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC1-wlan-ap-group-YYC]qui
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-id 0 ap-mac 00e0-fc35-17d0
[AC1-wlan-ap-0]ap-name area_0
[AC1-wlan-ap-0]ap-group CYY
Warning: This operation may cause AP reset. If the country code changes, it will
 clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
[AC1-wlan-ap-0]qui
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-id 1 ap-mac 00e0-fc5f-17a0
[AC1-wlan-ap-1]ap-name area_1
[AC1-wlan-ap-1]ap-group YYC
Warning: This operation may cause AP reset. If the country code changes, it will
 clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
[AC1-wlan-ap-1]qui
[AC1-wlan-view]qui
[AC1]wlan
[AC1-wlan-view]security-profile name A
[AC1-wlan-sec-prof-A]security wpa2 psk pass-phrase a1234567 aes
[AC1-wlan-sec-prof-A]q
[AC1-wlan-view]security-profile name X
[AC1-wlan-sec-prof-X]security wpa2 psk pass-phrase huawei@123 aes
[AC1-wlan-sec-prof-X]qui
[AC1-wlan-view]ssid-profile name B
[AC1-wlan-ssid-prof-B]ssid CYY-CY
[AC1-wlan-ssid-prof-B]q
[AC1-wlan-view]ssid-profile name Y
[AC1-wlan-ssid-prof-Y]ssid YYC-YC
[AC1-wlan-ssid-prof-Y]q
[AC1-wlan-view]vap-profile name C
[AC1-wlan-vap-prof-C]forward-mode tunnel
[AC1-wlan-vap-prof-C]service-vlan vlan-id 101
[AC1-wlan-vap-prof-C]security-profile A
[AC1-wlan-vap-prof-C]ssid-profile B
[AC1-wlan-vap-prof-C]qui
[AC1-wlan-view]vap-profile name Z
[AC1-wlan-vap-prof-Z]forward-mode tunnel
[AC1-wlan-vap-prof-Z]service-vlan vlan-id 102
[AC1-wlan-vap-prof-Z]security-profile X
[AC1-wlan-vap-prof-Z]ssid-profile Y
[AC1-wlan-vap-prof-Z]qui
[AC1-wlan-view]ap-group name CYY
[AC1-wlan-ap-group-CYY]vap-profile C wlan 1 radio 0
[AC1-wlan-ap-group-CYY]vap-profile C wlan 1 radio 1
[AC1-wlan-ap-group-CYY]qui
[AC1-wlan-view]ap-group name YYC
[AC1-wlan-ap-group-YYC]vap-profile Z wlan 1 radio 0
[AC1-wlan-ap-group-YYC]vap-profile Z wlan 1 radio 1
[AC1-wlan-ap-group-YYC]qui
[AC1-wlan-view]qui
[AC1]qui
<AC1>save