这是整个项目的拓扑图,由两条isp提供服务,正常情况下走电信出入,当电信故障自动切换到联通出口
这是pc1的ip设置这是pc3的ip设置`
pc2 ip地址 192.168.10.2 255.255.255.0
网关 192.168.10.254
pc4 ip地址 192.168.20.2 255.255.255.0
网关 192.168.20.254
对sw3设置
sysname sw3
undo info-center enable
vlan batch 10 20
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
diffserv domain default
stp region-configuration
region-name huawei
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#创建生成树实例并配置,接着设置根桥、备份根桥
drop-profile default
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
interface MEth0/0/1
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
interface Ethernet0/0/2
port link-type access
port default vlan 10
interface Ethernet0/0/3
port link-type access
port default vlan 10
interface Ethernet0/0/4
interface Ethernet0/0/5
port link-type trunk
port trunk allow-pass vlan 10 20
interface Ethernet0/0/6
interface Ethernet0/0/7
interface Ethernet0/0/8
interface Ethernet0/0/9
interface Ethernet0/0/10
interface Ethernet0/0/11
interface Ethernet0/0/12
interface Ethernet0/0/13
interface Ethernet0/0/14
interface Ethernet0/0/15
interface Ethernet0/0/16
interface Ethernet0/0/17
interface Ethernet0/0/18
interface Ethernet0/0/19
interface Ethernet0/0/20
interface Ethernet0/0/21
interface Ethernet0/0/22
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface NULL0
user-interface con 0
user-interface vty 0 4`
对sw4设置
sysname sw4
undo info-center enable
vlan batch 10 20
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
diffserv domain default
stp region-configuration
region-name huawei
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#创建生成树实例并配置,接着设置根桥、备份根桥
drop-profile default
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
interface MEth0/0/1
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
interface Ethernet0/0/2
port link-type access
port default vlan 10
interface Ethernet0/0/3
port link-type access
port default vlan 10
interface Ethernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10 20
interface Ethernet0/0/5
interface Ethernet0/0/6
interface Ethernet0/0/7
interface Ethernet0/0/8
interface Ethernet0/0/9
interface Ethernet0/0/10
interface Ethernet0/0/11
interface Ethernet0/0/12
interface Ethernet0/0/13
interface Ethernet0/0/14
interface Ethernet0/0/15
interface Ethernet0/0/16
interface Ethernet0/0/17
interface Ethernet0/0/18
interface Ethernet0/0/19
interface Ethernet0/0/20
interface Ethernet0/0/21
interface Ethernet0/0/22
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface NULL0
user-interface con 0
user-interface vty 0 4
return
对sw1设置
sysname sw1
undo info-center enable
vlan batch 10 to 11 20 30
stp instance 1 root primary
stp instance 2 root secondary##为生成树实例1和实例2创建根桥和备份根桥
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
diffserv domain default
stp region-configuration
region-name huawei
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#创建生成树实例并配置,接着设置根桥、备份根桥
drop-profile default
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
interface Vlanif10
ip address 192.168.10.253 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.10.254
vrrp vrid 1 priority 150
vrrp vrid 1 preempt-mode timer delay 30
vrrp vrid 1 track interface GigabitEthernet0/0/2 reduced 100
#建立VRRP备份组,添加虚拟IP
interface Vlanif11
ip address 192.168.11.1 255.255.255.0
interface Vlanif20
ip address 192.168.20.252 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.20.254
interface Vlanif30
ip address 192.168.30.1 255.255.255.0
interface MEth0/0/1
interface Eth-Trunk1
port link-type trunk
port trunk pvid vlan 30
port trunk allow-pass vlan 10 20 30
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
interface GigabitEthernet0/0/2
port link-type access
port default vlan 11
interface GigabitEthernet0/0/3
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/5
interface GigabitEthernet0/0/6
interface GigabitEthernet0/0/7
interface GigabitEthernet0/0/8
interface GigabitEthernet0/0/9
interface GigabitEthernet0/0/10
interface GigabitEthernet0/0/11
interface GigabitEthernet0/0/12
interface GigabitEthernet0/0/13
interface GigabitEthernet0/0/14
interface GigabitEthernet0/0/15
interface GigabitEthernet0/0/16
interface GigabitEthernet0/0/17
interface GigabitEthernet0/0/18
interface GigabitEthernet0/0/19
interface GigabitEthernet0/0/20
interface GigabitEthernet0/0/21
interface GigabitEthernet0/0/22
interface GigabitEthernet0/0/23
eth-trunk 1##设置链路聚合
interface GigabitEthernet0/0/24
eth-trunk 1##设置链路聚合
interface NULL0
interface LoopBack0
ip address 10.10.10.10 255.255.255.255
ospf 1 router-id 10.10.10.10
area 0.0.0.0
network 192.168.0.0 0.0.255.255
network 10.10.10.10 0.0.0.0
user-interface con 0
user-interface vty 0 4
return
对sw2设置
sysname sw2
undo info-center enable
vlan batch 10 to 11 20 to 21 30
stp instance 1 root secondary
stp instance 2 root primary##为生成树实例1和实例2创建根桥和备份根桥
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
diffserv domain default
stp region-configuration
region-name huawei
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
drop-profile default
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
interface Vlanif10
ip address 192.168.10.252 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.10.254
interface Vlanif20
ip address 192.168.20.253 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.20.254
vrrp vrid 2 priority 150
vrrp vrid 2 preempt-mode timer delay 30
#建立VRRP备份组,添加虚拟IP
interface Vlanif21
ip address 192.168.21.2 255.255.255.0
interface Vlanif30
ip address 192.168.30.2 255.255.255.0
interface MEth0/0/1
interface Eth-Trunk1
port link-type trunk
port trunk pvid vlan 30
port trunk allow-pass vlan 10 20 30
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
interface GigabitEthernet0/0/2
port link-type access
port default vlan 11
interface GigabitEthernet0/0/3
interface GigabitEthernet0/0/4
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/6
interface GigabitEthernet0/0/7
interface GigabitEthernet0/0/8
interface GigabitEthernet0/0/9
interface GigabitEthernet0/0/10
interface GigabitEthernet0/0/11
interface GigabitEthernet0/0/12
interface GigabitEthernet0/0/13
interface GigabitEthernet0/0/14
interface GigabitEthernet0/0/15
interface GigabitEthernet0/0/16
interface GigabitEthernet0/0/17
interface GigabitEthernet0/0/18
interface GigabitEthernet0/0/19
interface GigabitEthernet0/0/20
interface GigabitEthernet0/0/21
interface GigabitEthernet0/0/22
interface GigabitEthernet0/0/23
eth-trunk 1##设置链路聚合
interface GigabitEthernet0/0/24
eth-trunk 1##设置链路聚合
interface NULL0
interface LoopBack0
ip address 20.20.20.20 255.255.255.255
ospf 1 router-id 10.10.10.10
area 0.0.0.0
network 192.168.0.0 0.0.255.255
network 20.20.20.20 0.0.0.0##将环回口作为Router-id发布自己的直连及环回地址
user-interface con 0
user-interface vty 0 4
return
对R4进行设置
sysname R4
undo info-center enable
acl number 2000
rule 1 permit source 192.168.10.0 0.0.0.255
rule 2 permit source 192.168.20.0 0.0.0.255
#接着我们在和运营商对接的路由设备上配置访问控制列表并允许源地址192.168.10.0、192.168.20.0网段的地址通过
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher 0MnL7meMt2ajUn1vMEIBry7#
local-user admin service-type http
firewall zone Local
priority 16
interface Ethernet0/0/0
interface Ethernet0/0/1
interface Serial0/0/0
link-protocol ppp
interface Serial0/0/1
link-protocol ppp
interface Serial0/0/2
link-protocol ppp
interface Serial0/0/3
link-protocol ppp
interface GigabitEthernet0/0/0
ip address 200.1.1.2 255.255.255.248
nat outbound 2000
interface GigabitEthernet0/0/1
ip address 192.168.34.4 255.255.255.0
interface GigabitEthernet0/0/2
ip address 192.168.21.4 255.255.255.0
interface GigabitEthernet0/0/3
wlan
interface NULL0
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
ospf 1 router-id 4.4.4.4
default-route-advertise always
area 0.0.0.0
network 192.168.34.0 0.0.0.255
network 192.168.21.0 0.0.0.255
network 4.4.4.4 0.0.0.0##将环回口作为Router-id发布自己的直连及环回地址
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
对R3进行设置
sysname R3
undo info-center enable
acl number 2000
rule 1 permit source 192.168.10.0 0.0.0.255
rule 2 permit source 192.168.20.0 0.0.0.255
#接着我们在和运营商对接的路由设备上配置访问控制列表并允许源地址192.168.10.0、192.168.20.0网段的地址通过
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher l"<Z"L^T@,ajUn1vMEIBGy7#
local-user admin service-type http
firewall zone Local
priority 16
interface Ethernet0/0/0
interface Ethernet0/0/1
interface Serial0/0/0
link-protocol ppp
interface Serial0/0/1
link-protocol ppp
interface Serial0/0/2
link-protocol ppp
interface Serial0/0/3
link-protocol ppp
interface GigabitEthernet0/0/0
ip address 100.1.1.2 255.255.255.248
nat outbound 2000
interface GigabitEthernet0/0/1
ip address 192.168.34.3 255.255.255.0
interface GigabitEthernet0/0/2
ip address 192.168.11.3 255.255.255.0
interface GigabitEthernet0/0/3
wlan
interface NULL0
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ospf 1 router-id 3.3.3.3
default-route-advertise always
area 0.0.0.0
network 192.168.34.0 0.0.0.255
network 192.168.11.0 0.0.0.255
network 3.3.3.3 0.0.0.0
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
return
对R1进行设置
sysname R1
undo info-center enable
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher 1ugG<TB!%@+/Y@:Y>Lw(N}M#
local-user admin service-type http
firewall zone Local
priority 16
interface Ethernet0/0/0
interface Ethernet0/0/1
interface Serial0/0/0
link-protocol ppp
interface Serial0/0/1
link-protocol ppp
interface Serial0/0/2
link-protocol ppp
interface Serial0/0/3
link-protocol ppp
interface GigabitEthernet0/0/0
ip address 100.1.1.3 255.255.255.248
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface GigabitEthernet0/0/3
wlan
interface NULL0
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
return
对R2进行设置
sysname R2
undo info-center enable
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher 1ugG<TB!%@+/Y@:Y>Lw(N}M#
local-user admin service-type http
firewall zone Local
priority 16
interface Ethernet0/0/0
interface Ethernet0/0/1
interface Serial0/0/0
link-protocol ppp
interface Serial0/0/1
link-protocol ppp
interface Serial0/0/2
link-protocol ppp
interface Serial0/0/3
link-protocol ppp
interface GigabitEthernet0/0/0
ip address 200.1.1.3 255.255.255.248
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface GigabitEthernet0/0/3
wlan
interface NULL0
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
return