拓扑结构:
运用技术及重点:
svi.vlanif,E-thunk,stp,nat,acl(sw1为组1的根,为组2的备份根,sw2相反),由于HW不支持三层接口,则定义一个vlanif,将其划入vlan100。
sw1
sysname sw1
#
undo info-center enable
#
vlan batch 2 100
#
stp instance 1 root primary
stp instance 2 root secondary
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
stp region-configuration
region-name a
instance 1 vlan 1
instance 2 vlan 2
active region-configuration
#
drop-profile default
#
ip pool vlan1
gateway-list 172.16.1.126
network 172.16.1.0 mask 255.255.255.128
dns-list 114.114.114.114 8.8.8.8
#
ip pool vlan2
gateway-list 172.16.1.254
network 172.16.1.128 mask 255.255.255.128
dns-list 114.114.114.114 8.8.8.8
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
ip address 172.16.1.1 255.255.255.128
vrrp vrid 1 virtual-ip 172.16.1.126
vrrp vrid 1 priority 101
vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 2
dhcp select global
#
interface Vlanif2
ip address 172.16.1.129 255.255.255.128
vrrp vrid 1 virtual-ip 172.16.1.254
dhcp select global
#
interface Vlanif100
ip address 172.16.0.1 255.255.255.252
#
interface MEth0/0/1
#
interface Eth-Trunk0
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
stp edged-port enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
eth-trunk 0
#
interface GigabitEthernet0/0/4
eth-trunk 0
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 4094
# sw2
sysname sw2
#
undo info-center enable
#
vlan batch 2 100
#
stp instance 1 root secondary
stp instance 2 root primary
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
stp region-configuration
region-name a
instance 1 vlan 1
instance 2 vlan 2
active region-configuration
#
drop-profile default
#
ip pool vlan1
gateway-list 172.16.1.126
network 172.16.1.0 mask 255.255.255.128
dns-list 114.114.114.114 8.8.8.8
#
ip pool vlan2
gateway-list 172.16.1.254
network 172.16.1.128 mask 255.255.255.128
dns-list 114.114.114.114 8.8.8.8
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
ip address 172.16.1.2 255.255.255.128
vrrp vrid 1 virtual-ip 172.16.1.126
dhcp select global
#
interface Vlanif2
ip address 172.16.1.130 255.255.255.128
vrrp vrid 1 virtual-ip 172.16.1.254
vrrp vrid 1 priority 101
vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 2
dhcp select global
#
interface Vlanif100
ip address 172.16.0.5 255.255.255.252
#
interface MEth0/0/1
#
interface Eth-Trunk0
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
stp edged-port enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
eth-trunk 0
#
interface GigabitEthernet0/0/4
eth-trunk 0
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 40sw3
sysname sw3
#
undo info-center enable
#
vlan batch 2
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
region-name a
instance 1 vlan 1
instance 2 vlan 2
active region-configuration
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
stp edged-port enable
#
interface Ethernet0/0/4
port link-type access
port default vlan 2
stp edged-port enable
# sw4
sysname sw4
#
undo info-center enable
#
vlan batch 2
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
region-name a
instance 1 vlan 1
instance 2 vlan 2
active region-configuration
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
stp edged-port enable
#
interface Ethernet0/0/4
port link-type access
port default vlan 2
stp edged-port enable
# r1
acl number 2000
rule 1 permit source 172.16.0.0 0.0.255.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 172.16.0.2 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 172.16.0.6 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 12.1.1.1 255.255.255.0
nat outbound 2000
#
interface NULL0
#
ospf 1 router-id 1.1.1.1
default-route-advertise always
area 0.0.0.0
network 172.16.0.0 0.0.255.255
#
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
# r2
#
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.0 测试(一个交换机坏,网络仍通):
扫一扫
1115
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
