往期内容:
一、拓扑图以及cloud的配置
拓扑图
cloud配置
二、配置FW1
[SRG]sysname FW1
[FW1]interface g
[FW1]interface GigabitEthernet 0/0/0
[FW1-GigabitEthernet0/0/0]ip address 192.168.2.1 24
[FW1-GigabitEthernet0/0/0]q
[FW1]interface GigabitEthernet 0/0/1
[FW1-GigabitEthernet0/0/1]ip address 192.168.3.1 24
[FW1]interface GigabitEthernet 0/0/2
[FW1-GigabitEthernet0/0/2]ip address 192.168.59.2 24
[FW1]firewall zone trust
[FW1-zone-trust]add interface GigabitEthernet 0/0/0
Info: The interface has been added to trust security zone.
[FW1-zone-trust]add interface GigabitEthernet 0/0/1
[FW1-zone-trust]q
[FW1]firewall zone untrust
[FW1-zone-untrust]add interface GigabitEthernet 0/0/2
[FW1-zone-untrust]q
[FW1]policy interzone trust untrust outbound
[FW1-policy-interzone-trust-untrust-outbound]policy 0
[FW1-policy-interzone-trust-untrust-outbound-0]action permit
[FW1-policy-interzone-trust-untrust-outbound-0]policy source 172.16.2.0 0.0.0.255
[FW1-policy-interzone-trust-untrust-outbound-0]policy source 172.16.7.0 0.0.0.255
[FW1-policy-interzone-trust-untrust-outbound-0]q
[FW1-policy-interzone-trust-untrust-outbound]q
[FW1]nat-policy interzone trust untrust outbound
[FW1-nat-policy-interzone-trust-untrust-outbound]policy 1
[FW1-nat-policy-interzone-trust-untrust-outbound-1]action source-nat
[FW1-nat-policy-interzone-trust-untrust-outbound-1]policy source 172.16.2.0 0.0.0.255
[FW1-nat-policy-interzone-trust-untrust-outbound-1]policy source 172.16.7.0 0.0.0.255
[FW1-nat-policy-interzone-trust-untrust-outbound-1]easy-ip GigabitEthernet 0/0/2
[FW1-nat-policy-interzone-trust-untrust-outbound-1]q
[FW1-nat-policy-interzone-trust-untrust-outbound]q
[FW1]ip route-static 0.0.0.0 0 192.168.59.1
[FW1]ospf 1
[FW1-ospf-1]default-route-advertise always cost 200 type 1
[FW1-ospf-1]area 0
[FW1-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[FW1-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
二、配置SW1
<Huawei>system-view
[Huawei]sysname SW1
[SW1]vlan batch 2 7 102 103
[SW1]interface Vlanif 102
[SW1-Vlanif102]ip address 192.168.2.2 24
[SW1-Vlanif102]quit
[SWl]interface GigabitEthernet 0/0/4
[SWl-GigabitEthernet0/0/4]port link-type access
[SWl-GigabitEthernet0/0/4]port default vlan 102
[SWl-GigabitEthernet0/0/4]quit
[SW1]interface GigabitEthernet 0/0/1
[SWl-GigabitEthernet0/0/1 ]port link-type trunk
[SWl-GigabitEthernet0/0/1 ]port trunk allow-pass vlan 2 7 102 103
[SWl-GigabitEthernet0/0/1 ]quit
[SWl]interface GigabitEthernet 0/0/3
[SWl-GigabitEthernet0/0/3 ]port link-type trunk
[SWl-GigabitEthernet0/0/3 ]port trunk allow-pass vlan 2 7 102 103
[SWl-GigabitEthernet0/0/3]quit
[SW1]interface Eth-Trunk 0
[SWl-Eth-Trunk0] port link-type trunk
[SW1-Eth-Trunk0]port trunk allow-pass vlan 2 7 102 to 103
[SW1-Eth-Trunk0]trunkport GigabitEthernet 0/0/2
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1-Eth-Trunk0]trunkport GigabitEthernet 0/0/5
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1-Eth-Trunk0]q
[SW1]interface Vlanif 2
[SW1-Vlanif2]ip address 172.16.2.253 24
[SW1-Vlanif2]vrrp vrid 1 virtual-ip 172.16.2.254
[SW1-Vlanif2]vrrp vrid 1 priority 120
[SW1-Vlanif2]vrrp vrid 1 track interface GigabitEthernet 0/0/4 reduced 15
[SW1-Vlanif2]vrrp vrid 1 track interface Eth-Trunk 0 reduced 15
[SW1-Vlanif2]q
[SW1]interface Vlanif 7
[SW1-Vlanif7]ip address 172.16.7.253 24
[SW1-Vlanif7]vrrp vrid 2 virtual-ip 172.16.7.254
[SW1-Vlanif7]q
[SW1]ip route-static 0.0.0.0 0 192.168.2.1
[SW1]stp region-configuration
[SW1-mst-region]region-name RG1
[SW1-mst-region]instance 1 vlan 2
[SW1-mst-region]instance 2 vlan 7
[SW1-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1-mst-region]q
[SW1]stp instance 1 root primary
[SW1]stp instance 2 root secondary
[SW1]stp pathcost-standard legacy
[SW1]stp enable
[SW1]ospf 1
[SW1-ospf-1]area 0
[SW1-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[SW1-ospf-1-area-0.0.0.0]network 172.16.2.0 0.0.0.255
[SW1-ospf-1-area-0.0.0.0]network 172.16.7.0 0.0.0.255
三、配置SW2
<Huawei>system-view
[Huawei]sysname SW2
[SW2]vlan batch 2 7 102 103
[SW2]interface GigabitEthernet 0/0/4
[SW2-GigabitEthernet0/0/4]port link-type access
[SW2-GigabitEthernet0/0/4]port default vlan 103
[SW2-GigabitEthernet0/0/4]quit
[SW2]interface GigabitEthernet 0/0/1
[SW2-GigabitEthernet0/0/1 ]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan2 7102 103
[SW2-GigabitEthernet0/0/1 ]quit
[SW2]interface GigabitEthernet 0/0/3
[SW2-GigabitEthernet0/0/3 ]port link-type trunk
[SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 7 102 103
[SW2-GigabitEthernet0/0/3]quit
[SW2]interface Eth-Trunk 0
[SW2-Eth-Trunk0]port link-type trunk
[SW2-Eth-TrunkO]port trunk allow-pass vlan 2 7 102 to 103
[SW2-Eth-Trunk0]trunkport GigabitEthernet 0/0/2
[SW2-Eth-Trunk0]trunkport GigabitEthernet 0/0/5
[SW2]interface Vlanif 103
[SW2-Vlanif103]ip address 192.168.3.2 24
[SW2-Vlanifl03]quit
[SW2]interface Vlanif 2
[SW2-Vlanif2]ip address 172.16.2.252 24
[SW2-Vlanif2]vrp vrid 1 virtual-ip 172.16.2.254
[SW2-Vlanif2]quit
[SW2]interface Vlanif 7
[SW2-Vlanif7]ip address 172.16.7.252 24
[SW2-Vlanif7]vrp vrid 2 virtual-ip 172.16.7.254
[SW2-Vlanif7]vrp vrid 2 priority 120
[SW2-Vlanif7]vrp vrid 2 track interface GigabitEthernet 0/0/4 reduced 15
[SW2-Vlanif7]vrrp vrid 2 track interface Eth-Trunk 0 reduced 15
[SW2-Vlanif7]quit
[SW2]ip route-static 0.0.0.0 0 192.168.3.1
[SW2]stp region-configuration
[SW2-mst-region]region-name RG1
[SW2-mst-region]instance 1 vlan 2
[SW2-mst-region]instance 2 vlan 7
[SW2-mst-region]active region-configuration
[SW2-mst-region]quit
[SW2]stp instance 1 root secondary
[SW2]stp instance 2 root primary
[SW2]stp pathcost-standard legacy
[SW2]stp enable
[SW2]ospf 1
[SW2-ospf-1]area 0
[SW2-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[SW2-ospf-l-area-0.0.0.0]network 172.16.2.0 0.0.0.255
[SW2-ospf-1-area-0.0.0.0]network 172.16.7.0 0.0.0.255
四、配置SW3
<Huawei>system-view
[Huawei]sysname SW3
[SW3]vlan batch 2 7 102 103
[SW3]interface GigabitEthernet 0/0/1
[SW3-GigabitEthernet0/0/1 ]port link-type trunk
[SW3-GigabitEthernet0/0/1 ]port trunk allow-pass vlan 2 7 102 103
[SW3-GigabitEthernet0/0/ l]quit
[SW3]interface GigabitEthernet 0/0/2
[SW3-GigabitEthernet0/0/2]port link-type trunk
[SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 7 102 103
[SW3-GigabitEthernet0/0/2]quit
[SW3]interface GigabitEthernet 0/0/3
[SW3-GigabitEthernet0/0/3]port link-type access
[SW3-GigabitEthernet0/0/3]port default vlan 2
[SW3-GigabitEthernet0/0/3]quit
[SW3]interface GigabitEthernet 0/0/4
[SW3-GigabitEthernet0/0/4]port link-type access
[SW3-GigabitEthernet0/0/4]port default vlan 7
[SW3-GigabitEthernet0/0/4]quit
[SW3]stp region-configuration
[SW3-mst-region]region-name RG1
[SW3-mst-region]instance 1 vlan 2
[SW3-mst-region]instance 2 vlan 7
[SW3-mst-region]active region-configuration
[SW3-mst-region]quit
[SW3]stp enable
五、配置SW4
<Huawei>system-view
[Huawei]sysname SW4
[SW4]vlan batch 2 7 102 103
[SW4]interface GigabitEthernet 0/0/1
[SW4-GigabitEthernet0/0/1]port link-type trunk
[SW4-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 7 102 103
[SW4-GigabitEthernet0/0/1]quit
[SW4]interface GigabitEthernet 0/0/2
[SW4-GigabitEthernet0/0/2]port link-type trunk
[SW4-GigabitEthernet0/0/2]port trunk allow-pass vlan2 7 102 103
[SW4-GigabitEthernet0/0/2]quit
[SW4]interface GigabitEthernet 0/0/3
[SW4-GigabitEthernet0/0/3]port link-type access
[SW4-GigabitEthernet0/0/3]port default vlan 2
[SW4-GigabitEthernet0/0/3]quit
[SW4]interface GigabitEthernet 0/0/4
[SW4-GigabitFEthernet0/0/4]port link-type access
[SW4-GigabitEthernet0/0/4]port default vlan 7
[SW4-GigabitEthernet0/0/4]quit
[SW4]stp region-configuration
[SW4-mst-region]region-name RG1
[SW4-mst-region]instance 1 vlan 2
[SW4-mst-region]instance 2 vlan 7
[SW4-mst-region]active region-configuration
[SW4-mst-region]quit
[SW4]stp enable
六、测试
配置PC机的网络,并尝试ping通外部网络映射IP
(1)PC1
(2)PC2
(3)PC3
(4)PC4
扫一扫
1987
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
