1、拓扑设计一网络需求IP地址规划
172.16.0.0/16
172.16.0.0/24 骨干172.16.0.0/30 172.16.0.4/30
172.16.1.0/24 valn 1172.16.1.0/25 172.16.1.128/25
2、实施
1)拓扑搭建
2)配置
1)交換部分的拓扑配置
2)ip地址
3)路由
4) 策略
5)测试
6)排错
3.维护
4.升级
配置思路
交换部分
eht- trunk 创建vlan 划入 vlan trunk干道 STP SVI VRRP DHCP
LSW1
[Huawei]dis current-configuration
sysname Huawei
vlan batch 2 100
stp instance 1 root primary
stp instance 2 root secondary
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
dhcp enable
diffserv domain default
stp region-configuration
region-name a
instance 1 vlan 1
instance 2 vlan 2
active region-configuration
acl number 2000
drop-profile default
ip pool v1
gateway-list 172.16.1.126
network 172.16.1.0 mask 255.255.255.128
dns-list 114.114.114.114 8.8.8.8
ip pool v2
gateway-list 172.16.1.254
network 172.16.1.128 mask 255.255.255.128
dns-list 114.114.114.114 8.8.8.8
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
ip address 172.16.1.1 255.255.255.128
vrrp vrid 1 virtual-ip 172.16.1.126
vrrp vrid 1 priority 105
vrrp vrid 1 track interface Ethernet0/0/22
dhcp select global
interface Vlanif2
ip address 172.16.1.129 255.255.255.128
vrrp vrid 1 virtual-ip 172.16.1.254
dhcp select global
interface Vlanif100
ip address 172.16.0.2 255.255.255.252
interface MEth0/0/1
interface Eth-Trunk0
port link-type trunk
port trunk allow-pass vlan 2
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2
interface Ethernet0/0/22
port link-type access
port default vlan 100
interface GigabitEthernet0/0/1
eth-trunk 0
interface GigabitEthernet0/0/2
eth-trunk 0
interface NULL0
ospf 1
silent-interface all
undo silent-interface Vlanif100
undo silent-interface Vlanif1
undo silent-interface Eth-Trunk0
area 0.0.0.0
network 172.16.0.0 0.0.255.255
LSW2
[Huawei]dis current-configuration
sysname Huawei
vlan batch 2 100
stp instance 1 root secondary
stp instance 2 root primary
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
dhcp enable
diffserv domain default
stp region-configuration
region-name a
instance 1 vlan 1
instance 2 vlan 2
active region-configuration
drop-profile default
ip pool v1
gateway-list 172.16.1.126
network 172.16.1.0 mask 255.255.255.128
dns-list 114.114.114.114 8.8.8.8
ip pool v2
gateway-list 172.16.1.254
network 172.16.1.128 mask 255.255.255.128
dns-list 114.114.114.114 8.8.8.8
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
ip address 172.16.1.2 255.255.255.128
vrrp vrid 1 virtual-ip 172.16.1.126
dhcp select global
interface Vlanif2
ip address 172.16.1.130 255.255.255.128
vrrp vrid 1 virtual-ip 172.16.1.254
vrrp vrid 1 priority 105
vrrp vrid 1 track interface Ethernet0/0/22
dhcp select global
interface Vlanif100
ip address 172.16.0.6 255.255.255.252
interface MEth0/0/1
interface Eth-Trunk0
port link-type trunk
port trunk allow-pass vlan 2
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2
interface Ethernet0/0/22
port link-type access
port default vlan 100
interface GigabitEthernet0/0/1
eth-trunk 0
interface GigabitEthernet0/0/2
eth-trunk 0
interface NULL0
ospf 1
silent-interface all
undo silent-interface Vlanif100
undo silent-interface Vlanif1
undo silent-interface Eth-Trunk0
area 0.0.0.0
network 172.16.0.0 0.0.255.255
LSW3
[Huawei]dis current-configuration
sysname Huawei
vlan batch 2
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
diffserv domain default
stp region-configuration
region-name a
instance 1 vlan 1
instance 2 vlan 2
active region-configuration
drop-profile default
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
interface MEth0/0/1
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2
interface Ethernet0/0/3
stp edged-port enable
interface Ethernet0/0/4
port link-type access
port default vlan 2
stp edged-port enable
LSW4
[Huawei]dis current-configuration
sysname Huawei
vlan batch 2
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
diffserv domain default
stp region-configuration
region-name a
instance 1 vlan 1
instance 2 vlan 2
active region-configuration
drop-profile default
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
interface MEth0/0/1
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2
interface Ethernet0/0/3
stp edged-port enable
interface Ethernet0/0/4
port link-type access
port default vlan 2
stp edged-port enable
路由部分
AR1
acl number 2000
rule 5 permit source 172.16.0.0 0.0.255.255
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %
%
K8m.Nt84DZ}e#<0`8bmE3Uw}%
%
local-user admin service-type http
firewall zone Local
priority 15
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.0
nat outbound 2000
interface GigabitEthernet0/0/1
ip address 172.16.0.1 255.255.255.252
interface GigabitEthernet0/0/2
ip address 172.16.0.5 255.255.255.252
interface NULL0
ospf 1 router-id 11.11.11.11
default-route-advertise
area 0.0.0.0
network 172.16.0.0 0.0.255.255
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
AR2
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface LoopBack0
ip address 1.1.1.1 255.255.255.0
测试
自动获取IP
上网
当其中某一台设备发生故障
四台电脑仍能上网