华为AR28-31单臂路由
XX市运管处新组网的环境,1台HuaWei AR28-31路由器,5台Huawei S5024G二层交换机。XX市运管处新组网的要求:
按部门划分vlan,vlan之间可以通讯,能上Internet网,固定主机内外网通信。
网络拓扑图如下:
路由器的配置信息如下:
<Router> display current-configuration
#
sysname Router
#
cpu-usage cycle 1min
#
dialer-rule 1 ip permit
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
local-user huawei
password simple huawei
service-type telnet
level 3
#
acl number 2001
rule 0 permit source 192.168.0.0 0.0.255.255
#
interface Aux0
async mode flow
#
interface Dialer1
link-protocol ppp
ppp pap local-user xx********@163 password simple 84480168
tcp mss 1024
ip address ppp-negotiate
dialer user adsl
dialer bundle 1
dialer-group 1
nat outbound 2001
#
interface Ethernet0/0
speed 100
ip address 192.168.200.200 255.255.255.0
#
interface Ethernet0/0.1
ip address 192.168.1.254 255.255.255.0
vlan-type dot1q vid 1
#
interface Ethernet0/0.2
ip address 192.168.2.254 255.255.255.0
vlan-type dot1q vid 2
#
interface Ethernet0/0.3
ip address 192.168.3.254 255.255.255.0
vlan-type dot1q vid 3
#
interface Ethernet0/0.4
ip address 192.168.4.254 255.255.255.0
vlan-type dot1q v
#
interface Ethernet0/0.5
ip address 192.168.5.254 255.255.255.0
vlan-type dot1q vid 5
#
interface Ethernet0/0.6
ip address 192.168.6.254 255.255.255.0
vlan-type dot1q vid 6
#
interface Ethernet0/0.7
ip address 192.168.7.254 255.255.255.0
vlan-type dot1q vid 7
#
interface Ethernet0/0.8
ip address 192.168.8.254 255.255.255.0
vlan-type dot1q vid 8
#
interface Ethernet0/0.9
ip address 192.168.9.254 255.255.255.0
vlan-type dot1q vid 9
#
interface Ethernet0/0.10
ip address 192.168.10.254 255.255.255.0
vlan-type dot1q vid 10
#
interface Ethernet0/0.11
ip address 192.168.11.254 255.255.255.0
vlan-type dot1q vid 11
#
interface Ethernet0/0.12
ip address 192.168.12.254 255.255.255.0
vlan-type dot1q vid 12
#
interface Ethernet0/0.14
ip address 192.168.100.254 255.255.255.0
vlan-type dot1q vid 100
#
interface Ethernet0/0.20
ip address 192.168.0.254 255.255.255.0
vlan-type dot1q vid 13
#
interface Ethernet0/1
pppoe-client dial-bundle-number 1
tcp mss 1024
#
interface NULL0
#
FTP server enable
#
telnet source-ip 192.168.200.200
#
ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
user privilege level 3
set authentication password simple 123456aA
#
return
(vlan100用于测试)
核心交换机Switch0的配置如下:
<Switch0>display current-configuration
#
sysname Switch0
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
domain system
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable
domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei
local-user huawei
password simple 123456aA
service-type telnet level 3
#
temperature-limit 0 20 80
#
am user-bind mac-addr 001b-7886-ba71 ip-addr 192.168.4.25 interface GigabitEthernet0/18
am user-bind mac-addr 001b-78b1-9f4d ip-addr 192.168.4.26 interface GigabitEthernet0/14
#
management-vlan 100
#
vlan 1
#
vlan 2
#
vlan 3
#
vlan 4
#
vlan 5
#
vlan 6
#
vlan 7
#
vlan 8
#
vlan 9
#
vlan 10
#
vlan 11
#
vlan 12
#
vlan 13
#
vlan 100
#
interface Vlan-interface100
ip address 192.168.100.100 255.255.255.0
#
interface Aux0/0
#
interface GigabitEthernet0/1
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet0/2
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet0/3
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet0/4
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet0/5
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet0/6
#
interface GigabitEthernet0/7
#
interface GigabitEthernet0/8
#
interface GigabitEthernet0/9
#
interface GigabitEthernet0/10
#
interface Gigabi tEthernet0/11
#
interface GigabitEthernet0/12
port access vlan 100
#
interface GigabitEthernet0/13
#
interface GigabitEthernet0/14
port access vlan 4
#
interface GigabitEthernet0/15
#
interface GigabitEthernet0/16
#
interface GigabitEthernet0/17
#
interface GigabitEthernet0/18
port access vlan 4
#
interface GigabitEthernet0/19
#
interface GigabitEthernet0/20
port access vlan 13
#
interface GigabitEthernet0/21
#
interface GigabitEthernet0/22
#
interface GigabitEthernet0/23
#
interface GigabitEthernet0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.100.254 preference 60
#
user-interface aux 0
user-interface vty 0 4
set authentication password simple 123456aA
#
return
接入交换机Switch1配置如下:
<Switch1>display current-configuration
#
sysname Switch1
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
domain system
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable
domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei
local-user huawei1
password simple 123456aA
service-type telnet level 3
#
temperature-limit 0 20 80
#
am user-bind mac-addr 001b-78b1-a3d6 ip-addr 192.168.2.104 interface GigabitEthernet0/8
am user-bind mac-addr 001c-c41e-831f ip-addr 192.168.2.107 interface GigabitEthernet0/10
am user-bind mac-addr 001c-c41e-831f ip-addr 192.168.2.107 interface GigabitEthernet0/16
am user-bind mac-addr 001b-7886-ba08 ip-addr 192.168.3.101 interface GigabitEthernet0/9
am user-bind mac-addr 001c-c41e-831f ip-addr 192.168.2.107 interface GigabitEthernet0/11
am user-bind mac-addr 001c-c41e-831f ip-addr 192.168.2.107 interface GigabitEthernet0/13
am user-bind mac-addr 001c-c41e-831f ip-addr 192.168.2.107 interface GigabitEthernet0/14
am user-bind mac-addr 001c-c41e-815d ip-addr 192.168.9.101 interface GigabitEthernet0/3
am user-bind mac-addr 001b-78b1-a3d6 ip-addr 192.168.2.104 interface GigabitEthernet0/1
am user-bind mac-addr 001c-c41e-831f ip-addr 192.168.2.107 interface GigabitEthernet0/18
am user-bind mac-addr 001b-78b1-9f43 ip-addr 192.168.2.2 interface GigabitEt hernet0/7
#
management-vlan 10
#
vlan 1
#
vlan 2
#
vlan 3
#
vlan 9
#
vlan 10
#
interface Vlan-interface10
ip address 192.168.10.1 255.255.255.0
#
interface Aux0/0
#
interface GigabitEthernet0/1
port access vlan 10
#
interface GigabitEthernet0/2
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet0/3
port access vlan 9
#
interface GigabitEthernet0/4
port access vlan 9
#
interface GigabitEthernet0/5
port access vlan 2
#
interface GigabitEthernet0/6
port access vlan 2
#
interface GigabitEthernet0/7
port access vlan 2
#
interface GigabitEthernet0/8
port access vlan 2
#
interface GigabitEthernet0/9
port access vlan 3
#
interface GigabitEthernet0/10
port access vlan 2
#
interface GigabitEthernet0/11
port access vlan 3
#
interface GigabitEthernet0/12
port access vlan 3
#
interface GigabitEthernet0/13
port access vlan 3
#
interface GigabitEthernet0/14
port access vlan 3
#
interface GigabitEthernet0/15
port access vlan 2
#
interface GigabitEthernet0/16
port access vlan 2
#
interface GigabitEthernet0/17
port access vlan 2
#
interface GigabitEthernet0/18
port access vlan 2
#
interface GigabitEthernet0/19
port access vlan 3
#
interface GigabitEthernet0/20
port access vlan 3
#
interface GigabitEthernet0/21
#
interface GigabitEthernet0/22
#
interface GigabitEthernet0/23
#
interface GigabitEthernet0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.10.254 preference 60
#
user-interface aux 0
user-interface vty 0 4
user privilege level 3
set authentication password simple 123456aA
接入交换机Switch2配置如下:
<Switch2>display current-configuration
#
sysname Switch2
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
domain system
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable
domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei
local-user huawei2
password simple 123456aA
service-type telnet level 3
#
temperature-limit 0 20 80
#
am user-bind mac-addr 001b-78b1-9ac8 ip-addr 192.168.4.101 interface GigabitEthernet0/15
am user-bind mac-addr 001b-7886-bce2 ip-addr 192.168.4.102 interface GigabitEthernet0/16
am user-bind mac-addr 001b-7886-b962 ip-addr 192.168.4.104 interface GigabitEthernet0/18
am user-bind mac-addr 001b-78b1-9d1e ip-addr 192.168.4.105 interface GigabitEthernet0/19
am user-bind mac-addr 001b-78b1-9f15 ip-addr 192.168.0.1 interface GigabitEthernet0/13
#
management-vlan 3
#
vlan 1
#
vlan 2
#
vlan 3
#
vlan 4
#
vlan 1
#
vlan 13
#
interface Vlan-interface3
ip address 192.168.3.1 255.255.255.0
#
interface Aux0/0
#
interface GigabitEthernet0/1
port access vlan 2
#
interface GigabitEthernet0/2
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet0/3
port access vlan 11
#
interface GigabitEthernet0/4
port access vlan 2
#
interface GigabitEthernet0/5
port access vlan 11
#
interface GigabitEthernet0/6
port access vlan 11
#
interface GigabitEthernet0/7
port access vlan 11
#
interface GigabitEthernet0/8
port acces
#
interface GigabitEthernet0/9
port access vlan 11
#
interface GigabitEthernet0/10
port access vlan 11
#
interface GigabitEthernet0/11
port access vlan 11
#
interface GigabitEthernet0/12
port access vlan 11
#
interface GigabitEthernet0/13
port access vlan 13
#
interface GigabitEthernet0/14
port access vlan 11
#
interface GigabitEthernet0/15
port access vlan 4
#
interface GigabitEthernet0/16
port access vlan 4
#
interface GigabitEthernet0/17
port access vlan 4
#
interface GigabitEthernet0/18
port access vlan 4
#
interface GigabitEthernet0/19
port access vlan 4
#
interface GigabitEthernet0/20
port access vlan 4
#
interface GigabitEthernet0/21
#
interface GigabitEthernet0/22
#
interface GigabitEthernet0/23
#
interface GigabitEthernet0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.3.254 preference 60
#
user-interface aux 0
user-interface vty 0 4
user privilege level 3
set authentication password simple 123456aA
#
return
接入交换机Switch3配置如下:
<Switch3>display current-configuration
#
sysname Switch3
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
domain system
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable
domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei
local-user huawei3
password simple 123456aA
service-type telnet level 3
#
temperature-limit 0 20 80
#
am user-bind mac-addr 001b-78b1-a23d ip-addr 192.168.5.101 interface GigabitEthernet0/1
am user-bind mac-addr 001b-78b1-a2dd ip-addr 192.168.5.102 interface GigabitEthernet0/3
am user-bind mac-addr 001b-7886-b62b ip-addr 192.168.5.104 interface GigabitEthernet0/5
am user-bind mac-addr 001b-78b1-9f4f ip-addr 192.168.5.105 interface GigabitEthernet0/6
am user-bind mac-addr 001b-78b1-a1aa ip-addr 192.168.5.106 interface GigabitEthernet0/7
am user-bind mac-addr 001b-7886-b815 ip-addr 192.168.6.101 interface GigabitEthernet0/9
am user-bind mac-addr 001b-78b1-9cdf ip-addr 192.168.6.102 interface GigabitEthernet0/10
am user-bind mac-addr 001b-7886-ba9f ip-addr 192.168.6.104 interface GigabitEthernet0/12
am user-bind mac-addr 001b-7886-b6d3 ip-addr 192.168.6.105 interface GigabitEthernet0/14
am user-bind mac-addr 001b-78b1-9fa1 ip-addr 192.168.7.101 interface GigabitEthernet0/13
am user-bind mac-addr 001b-78b1-a0a2 ip-addr 192.168.8.104 interface GigabitEthernet0/19
am user-bind mac-addr 001b-7886-becc ip-addr 192.168.6.103 interface GigabitEthernet0/11
am user-bind mac-addr 001b-7886-bdd5 ip-addr 192.168.7.106 interface GigabitEthernet0/17
#
management-vlan 5
#
vlan 1
#
vlan 5
#
vlan 6
#
vlan 7
#
vlan 8
#
interface Vlan-interface5
ip address 192.168.5.1 255.255.255.0
#
interface Aux0/0
#
interface GigabitEthernet0/1
port access vlan 5
#
interface GigabitEthernet0/2
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet0/3
port access vlan 5
#
interface GigabitEthernet0/4
port access vlan 5
#
interface GigabitEthernet0/5
port access vlan 5
#
interface GigabitEthernet0/6
port access vlan 5
#
interface GigabitEthernet0/7
port access vlan 5
#
interface GigabitEthernet0/8
port access vlan 5
#
interface GigabitEthernet0/9
port access vlan 6
#
interface GigabitEthernet0/10
port access vlan 6
#
interface GigabitEthernet0/11
port access vlan 6
#
interface GigabitEthernet0/12
port access vlan 6
#
interface GigabitEthernet0/13
port access vlan 7
#
interface GigabitEthernet0/14
port access vlan 6
#
interface GigabitEthernet0/15
port access vlan 7
#
interface GigabitEthernet0/16
port access vlan 7
#
interface GigabitEthernet0/17
port access vlan 7
#
interface GigabitEthernet0/18
port access vlan 7
#
interface GigabitEthernet0/19
port access vlan 8
#
interface GigabitEthernet0/20
port access vlan 8
#
interface GigabitEthernet0/21
#
interface GigabitEthernet0/22
#
interface GigabitEthernet0/23
#
interface GigabitEthernet0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.5.254 preference 60
#
user-interface aux 0
user-interface vty 0 4
user privilege level 3
set authentication password simple 123456aA
#
return
接入交换机Switch4配置如下:
<Switch4>display current-configuration
#
sysname Switch4
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
domain system
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable
domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei
local-user huawei4
password simple 123456aA
service-type telnet level 3
#
temperature-limit 0 20 80
#
am user-bind mac-addr 001b-78b1-9f44 ip-addr 192.168.8.10 interface GigabitEthernet0/1
am user-bind mac-addr 001b-7886-b5cc ip-addr 192.168.8.22 interface GigabitEthernet0/4
am user-bind mac-addr 001b-78b1-a1e7 ip-addr 192.168.9.90 interface GigabitEthernet0/20
am user-bind mac-addr 001b-78b1-9c35 ip-addr 192.168.10.101 interface GigabitEthernet0/13
am user-bind mac-addr 001b-7846-9e48 ip-addr 192.168.10.202 interface GigabitEthernet0/19
am user-bind mac-addr 001b-7886-b93a ip-addr 192.168.10.103 interface GigabitEthernet0/16
am user-bind mac-addr 001b-78b1-9bc8 ip-addr 192.168.9.99 interface GigabitEthernet0/17
am user-bind mac-addr 001c-c41e-80c2 ip-addr 192.168.12.20 interface GigabitEthernet0/8
am user-bind mac-addr 001b-78b1-9b58 ip-addr 192.168.9.209 interface GigabitEthernet0/18
#
management-vlan 8
#
vlan 1
#
vlan 8
#
vlan 9
#
vlan 10
#
vlan 12
#
interface Vlan-interface8
ip address 192.168.8.1 255.255.255.0
#
interface Aux0/0
#
interface GigabitEthernet0/1
port access vlan 8
#
interface GigabitEthernet0/2
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet0/3
port access vlan 12
#
interface GigabitEthernet0/4
port access vlan 8
#
interface GigabitEthernet0/5
port access vlan 12
#
interface GigabitEthernet0/6
port access vlan 12
#
interface GigabitEthernet0/7
port access vlan 12
#
interface GigabitEthernet0/8
port access vlan 12
#
interface GigabitEthernet0/9
#
interface GigabitEthernet0/10
port access vlan 12
#
interface GigabitEthernet0/11
#
interface GigabitEthernet0/12
#
interface GigabitEthernet0/13
port access vlan 10
#
interface GigabitEthernet0/14
#
interface GigabitEthernet0/15
port access vlan 10
#
interface GigabitEthernet0/16
port access vlan 10
#
interface GigabitEthernet0/17
port access vlan 9
#
interface GigabitEthernet0/18
port access vlan 9
#
interface GigabitEthernet0/19
port access vlan 10
#
interface GigabitEthernet0/20
port access vlan 9
#
interface GigabitEthernet0/21
#
interface GigabitEthernet0/22
#
interface GigabitEthernet0/23
#
interface GigabitEthernet0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.8.254 preference 60
#
user-interface aux 0
user-interface vty 0 4
user privilege level 3
set authentication password simple 123456aA
#
return
(配置要求很少,但是工作量很大)
转载于:https://blog.51cto.com/sunif/47927
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
