企业网络项目-1000人网络冗余拓扑（大型企业网络拓扑）

企业网络项目-1000人网络冗余拓扑（大型企业网络拓扑）

之前在学习HCIP技术的时候，有个实验拓扑非常经典，现在分享给大家。

这个网络拓扑使用到非常多的网络技术，是一个综合实验。

1、实验总体拓扑

2、实验具体要求：

要求：

1、 配置vlan  trunk  两台核心之间配置链路捆绑。

2、 配置MSTP+VRRP 实现流量负载分担同时实现冗余，并配置相关stp优化技术加快stp收敛，并减少stp震荡。

3、 配置OSPF和静态实现三层路由，确保分支可以访问总部。

4、 所有用户采用动态获取ip地址，并配置相关dhcp安全技术。

5、 联通作为主出口 电信PPPOE作为备份出口。

6、 禁止vlan5 用户访问外网。

7、 将server 200.2 80端口映射成联通公网地址。

8、 所有交换机都可以被远程telnet （hcie 123）。

9、 出口链路正常时，vlan3 使用电信PPPOE上网。

3、实验使用的软件工具

1、华为ENSP

2、VirtualBox

4、完成网络拓扑实验思路

1、使用ensp，选择合适的接口，先搭建好网络拓扑（一般来说，接入层交换机型号较低，两个G电口或者光口都是作为上联口）

2、出口应该是防火墙兼并路由器功能，此次使用路由功能。

3、先把网络配置通畅，在考虑安全问题，配置安全技术措施。

4、最后做好远程管理vlan配置。

5、具体的配置步骤如下：

5.1、vlan trunk eth-trunk 配置

5.2、mstp配置、（这里的MSTP+VRRP可以替换为堆叠）

5.3、vrrp配置、（堆叠会让网络变得更加简单）

5.4、bfd配置

5.5、ospf、nat配置

5.6、dhcp中继配置

5.7、PPPoe配置

5.8、出口路由配置

5.9、nat server配置

5.10、acl配置

5.11、策略路由配置

5.12、telnet配置

6、分析网络组成

先看中心机房

可以看到SW1和SW2是双核心，R1为企业出口

SW8作为服务器集群的交换机，其中DHCP服务器在内。

我们来看看企业出口外部，可以看到有双链路冗余，（电信、联通）还有一个机构分支，使用专线链接。

企业的内部

汇聚层通过双链路连接到SW1和SW2，这里有两层楼，实际情况有很多台汇聚交换机。

其中右下角的R7充当一台PC电脑，远程telnet管理企业内部交换机。

接下来是MSTP和VRRP的设计了。

这里分了2个mstp实例，因为只有两个核心交换机的线路可以走。

VRRP根据网段，配置了2、3、4、5、200、999管理vlan网关主备。

链路根据配置MSTP实例进行端口阻塞，左边阻塞vlan 2 vlan 3，右边阻塞vlan 4 vlan 5。

好了，整体的网络拓扑介绍完毕。

如果在这里教大家如何配置网络，就不合宜了哈。

7、设备的配置信息

下面是各个设备配置

R1

# sysname R1# board add 0/1 1GEC board add 0/2 1GEC board add 0/3 1GEC board add 0/4 1GEC # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00#portal local-server load flash:/portalpage.zip# drop illegal-mac alarm# undo info-center enable# wlan ac-global carrier id other ac id 0# set cpu-usage threshold 80 restore 75#bfd#acl number 2000 rule 5 permit source 192.168.0.0 0.0.255.255 acl number 2001 rule 5 permit source 192.168.0.0 0.0.255.255 #acl number 3005 rule 5 permit ip source 192.168.5.0 0.0.0.255 destination 192.168.0.0 0.0.255.255 rule 10 deny ip source 192.168.5.0 0.0.0.255 acl number 3008 rule 5 deny ip source 192.168.3.0 0.0.0.255 destination 192.168.0.0 0.0.255.255 rule 10 permit ip source 192.168.3.0 0.0.0.255 #traffic classifier VLAN_3 operator or if-match acl 3008#traffic behavior VLAN_3 redirect ip-nexthop 13.1.1.2#traffic policy aa classifier VLAN_3 behavior VLAN_3#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user hcie password cipher %$%$RuJb@`:"_$1k,_$\~'~#BKs]%$%$ local-user hcie privilege level 3 local-user hcie service-type telnet local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type zone Local priority 15#interface Dialer1 link-protocol ppp ppp pap local-user 0531 password simple 123456 mtu 1492 ip address ppp-negotiate dialer user 0531 dialer bundle 2 nat outbound 2001#interface GigabitEthernet0/0/0 ip address 192.168.12.1 255.255.255.0 traffic-filter inbound acl 3005#interface GigabitEthernet0/0/1 ip address 192.168.23.1 255.255.255.0 traffic-filter inbound acl 3005#interface GigabitEthernet0/0/2 pppoe-client dial-bundle-number 2 #interface GigabitEthernet1/0/0 ip address 13.1.1.1 255.255.255.0 nat server protocol tcp global current-interface inside 192.168.200.2 nat outbound 2000#interface GigabitEthernet2/0/0 ip address 14.1.1.1 255.255.255.0 #interface GigabitEthernet3/0/0#interface GigabitEthernet4/0/0#interface NULL0#bfd bb bind peer-ip 192.168.12.2 source-ip 192.168.12.1 auto commit#bfd cc bind peer-ip 192.168.23.2 source-ip 192.168.23.1 auto commit#ospf 1 area 0.0.0.0 network 14.1.1.0 0.0.0.255 network 192.168.12.0 0.0.0.255 network 192.168.23.0 0.0.0.255 #ip route-static 0.0.0.0 0.0.0.0 Dialer1 preference 85 description TO_DianXinBoHaoip route-static 0.0.0.0 0.0.0.0 13.1.1.2#user-interface con 0 authentication-mode passworduser-interface vty 0 4 authentication-mode aaauser-interface vty 16 20#wlan ac#return

SW1

#sysname HX_sw1#undo info-center enable#vlan batch 2 to 5 200 800 999#stp instance 1 root primarystp instance 2 root secondary#cluster enablentdp enablendp enable#undo nap slave enable#drop illegal-mac alarm#dhcp enable#diffserv domain default#stp region-configuration region-name aa revision-level 1 instance 1 vlan 2 to 3 200 instance 2 vlan 4 to 5 active region-configuration#bfd#drop-profile default#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!! local-user hcie privilege level 3 local-user hcie service-type telnet local-user admin password simple admin local-user admin service-type Vlanif1#interface Vlanif2 ip address 192.168.2.254 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.2.1 vrrp vrid 2 priority 105 vrrp vrid 2 track interface GigabitEthernet0/0/1 vrrp vrid 2 track bfd-session session-name bb dhcp select relay dhcp relay server-ip 192.168.200.3#interface Vlanif3 ip address 192.168.3.254 255.255.255.0 vrrp vrid 3 virtual-ip 192.168.3.1 vrrp vrid 3 priority 105 vrrp vrid 3 track interface GigabitEthernet0/0/1 vrrp vrid 3 track bfd-session session-name bb dhcp select relay dhcp relay server-ip 192.168.200.3#interface Vlanif4 ip address 192.168.4.254 255.255.255.0 vrrp vrid 4 virtual-ip 192.168.4.1 ospf cost 4 dhcp select relay dhcp relay server-ip 192.168.200.3#interface Vlanif5 ip address 192.168.5.254 255.255.255.0 vrrp vrid 5 virtual-ip 192.168.5.1 ospf cost 4 dhcp select relay dhcp relay server-ip 192.168.200.3#interface Vlanif200 ip address 192.168.200.254 255.255.255.0 vrrp vrid 200 virtual-ip 192.168.200.1 vrrp vrid 200 priority 105 vrrp vrid 200 track interface GigabitEthernet0/0/1 vrrp vrid 200 track bfd-session session-name bb#interface Vlanif800 ip address 192.168.12.2 255.255.255.0#interface Vlanif999 ip address 192.168.255.254 255.255.255.0 vrrp vrid 255 virtual-ip 192.168.255.1#interface MEth0/0/1#interface Eth-Trunk2 port link-type trunk port trunk allow-pass vlan 2 to 5 200 999 stp instance 1 cost 10000 stp instance 2 cost 10000 mode lacp-static#interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 to 3 999#interface GigabitEthernet0/0/2 eth-trunk 2#interface GigabitEthernet0/0/3 eth-trunk 2#interface GigabitEthernet0/0/4 port link-type trunk port trunk allow-pass vlan 4 to 5 999#interface GigabitEthernet0/0/5 port link-type trunk port trunk allow-pass vlan 200 999#interface GigabitEthernet0/0/6 port link-type access port default vlan 800 stp disable#interface GigabitEthernet0/0/7#interface GigabitEthernet0/0/8#interface GigabitEthernet0/0/9#interface GigabitEthernet0/0/10#interface GigabitEthernet0/0/11#interface GigabitEthernet0/0/12#interface GigabitEthernet0/0/13#interface GigabitEthernet0/0/14#interface GigabitEthernet0/0/15#interface GigabitEthernet0/0/16#interface GigabitEthernet0/0/17#interface GigabitEthernet0/0/18#interface GigabitEthernet0/0/19#interface GigabitEthernet0/0/20#interface GigabitEthernet0/0/21#interface GigabitEthernet0/0/22#interface GigabitEthernet0/0/23#interface GigabitEthernet0/0/24#interface NULL0#bfd bb bind peer-ip 192.168.12.1 source-ip 192.168.12.2 auto commit#ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 192.168.3.0 0.0.0.255 network 192.168.4.0 0.0.0.255 network 192.168.5.0 0.0.0.255 network 192.168.200.0 0.0.0.255 network 192.168.12.0 0.0.0.255#ip route-static 0.0.0.0 0.0.0.0 192.168.12.1ip route-static 0.0.0.0 0.0.0.0 192.168.23.1 preference 65#user-interface con 0user-interface vty 0 4 authentication-mode aaa#return

SW2

#sysname HX_sw2#undo info-center enable#vlan batch 2 to 5 200 801 999#stp instance 1 root secondarystp instance 2 root primary#cluster enablentdp enablendp enable#undo nap slave enable#drop illegal-mac alarm#dhcp enable#diffserv domain default#stp region-configuration region-name aa revision-level 1 instance 1 vlan 2 to 3 200 instance 2 vlan 4 to 5 active region-configuration#bfd#drop-profile default#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!! local-user hcie privilege level 3 local-user hcie service-type telnet local-user admin password simple admin local-user admin service-type Vlanif1#interface Vlanif2 ip address 192.168.2.253 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.2.1 ospf cost 4 dhcp select relay dhcp relay server-ip 192.168.200.3#interface Vlanif3 ip address 192.168.3.253 255.255.255.0 vrrp vrid 3 virtual-ip 192.168.3.1 ospf cost 4 dhcp select relay dhcp relay server-ip 192.168.200.3#interface Vlanif4 ip address 192.168.4.253 255.255.255.0 vrrp vrid 4 virtual-ip 192.168.4.1 vrrp vrid 4 priority 105 vrrp vrid 4 track interface GigabitEthernet0/0/4 vrrp vrid 4 track bfd-session session-name cc dhcp select relay dhcp relay server-ip 192.168.200.3#interface Vlanif5 ip address 192.168.5.253 255.255.255.0 vrrp vrid 5 virtual-ip 192.168.5.1 vrrp vrid 5 priority 105 vrrp vrid 5 track interface GigabitEthernet0/0/4 vrrp vrid 5 track bfd-session session-name cc dhcp select relay dhcp relay server-ip 192.168.200.3#interface Vlanif200 ip address 192.168.200.253 255.255.255.0 vrrp vrid 200 virtual-ip 192.168.200.1 ospf cost 4#interface Vlanif801 ip address 192.168.23.2 255.255.255.0#interface Vlanif999 ip address 192.168.255.253 255.255.255.0 vrrp vrid 255 virtual-ip 192.168.255.1#interface MEth0/0/1#interface Eth-Trunk2 port link-type trunk port trunk allow-pass vlan 2 to 5 200 999 stp instance 1 cost 10000 stp instance 2 cost 10000 mode lacp-static#interface GigabitEthernet0/0/1 eth-trunk 2#interface GigabitEthernet0/0/2 eth-trunk 2#interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 200 999#interface GigabitEthernet0/0/4 port link-type trunk port trunk allow-pass vlan 4 to 5 999#interface GigabitEthernet0/0/5 port link-type trunk port trunk allow-pass vlan 2 to 3 999#interface GigabitEthernet0/0/6 port link-type access port default vlan 801 stp disable#interface GigabitEthernet0/0/7#interface GigabitEthernet0/0/8#interface GigabitEthernet0/0/9#interface GigabitEthernet0/0/10#interface GigabitEthernet0/0/11#interface GigabitEthernet0/0/12#interface GigabitEthernet0/0/13#interface GigabitEthernet0/0/14#interface GigabitEthernet0/0/15#interface GigabitEthernet0/0/16#interface GigabitEthernet0/0/17#interface GigabitEthernet0/0/18#interface GigabitEthernet0/0/19#interface GigabitEthernet0/0/20#interface GigabitEthernet0/0/21#interface GigabitEthernet0/0/22#interface GigabitEthernet0/0/23#interface GigabitEthernet0/0/24#interface NULL0#bfd cc bind peer-ip 192.168.23.1 source-ip 192.168.23.2 auto commit#ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 192.168.3.0 0.0.0.255 network 192.168.4.0 0.0.0.255 network 192.168.5.0 0.0.0.255 network 192.168.200.0 0.0.0.255 network 192.168.23.0 0.0.0.255#ip route-static 0.0.0.0 0.0.0.0 192.168.23.1ip route-static 0.0.0.0 0.0.0.0 192.168.12.1 preference 65#user-interface con 0user-interface vty 0 4 authentication-mode aaa#return

SW8

#sysname sw8#undo info-center enable#vlan batch 2 to 5 200 999#cluster enablentdp enablendp enable#undo nap slave enable#drop illegal-mac alarm#diffserv domain default#stp region-configuration region-name aa revision-level 1 instance 1 vlan 2 to 3 200 instance 2 vlan 4 to 5 active region-configuration#drop-profile default#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!! local-user hcie privilege level 3 local-user hcie service-type telnet local-user admin password simple admin local-user admin service-type Vlanif1#interface Vlanif999 ip address 192.168.255.8 255.255.255.0#interface MEth0/0/1#interface Ethernet0/0/1 port link-type trunk port trunk allow-pass vlan 200 999#interface Ethernet0/0/3 port link-type access port default vlan 200 stp edged-port enable#interface Ethernet0/0/4 port link-type access port default vlan 200 stp edged-port enable#interface Ethernet0/0/5#interface Ethernet0/0/6#interface Ethernet0/0/7#interface Ethernet0/0/8#interface Ethernet0/0/9#interface Ethernet0/0/10#interface Ethernet0/0/11#interface Ethernet0/0/12#interface Ethernet0/0/13#interface Ethernet0/0/14#interface Ethernet0/0/15#interface Ethernet0/0/16#interface Ethernet0/0/17#interface Ethernet0/0/18#interface Ethernet0/0/19#interface Ethernet0/0/20#interface Ethernet0/0/21#interface Ethernet0/0/22#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface NULL0#ip route-static 0.0.0.0 0.0.0.0 192.168.255.1#user-interface con 0user-interface vty 0 4 authentication-mode aaa#return

Server 3

DHCP Server

#sysname DHCP#undo info-center enable#dhcp enable#ip pool vlan2 gateway-list 192.168.2.1 network 192.168.2.0 mask 255.255.255.0 excluded-ip-address 192.168.2.249 192.168.2.254 dns-list 114.114.114.114 8.8.8.8#ip pool vlan3 gateway-list 192.168.3.1 network 192.168.3.0 mask 255.255.255.0 excluded-ip-address 192.168.3.249 192.168.3.254 dns-list 114.114.114.114 8.8.8.8#ip pool vlan4 gateway-list 192.168.4.1 network 192.168.4.0 mask 255.255.255.0 excluded-ip-address 192.168.4.249 192.168.4.254 dns-list 114.114.114.114 8.8.8.8#ip pool vlan5 gateway-list 192.168.5.1 network 192.168.5.0 mask 255.255.255.0 excluded-ip-address 192.168.5.249 192.168.5.254 dns-list 114.114.114.114 8.8.8.8#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher 7c:;61gxM:ani^>"qh^;2t_# local-user admin service-type zone Local priority 16#wlan#ip route-static 0.0.0.0 0.0.0.0 192.168.200.1#user-interface con 0user-interface vty 0 4user-interface vty 16 20#return

DX_R2

# sysname DX_R2# snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00#portal local-server load flash:/portalpage.zip# drop illegal-mac alarm# undo info-center enable# wlan ac-global carrier id other ac id 0# set cpu-usage threshold 80 restore 75#ip pool pool1 gateway-list 12.1.1.2 network 12.1.1.0 mask 255.255.255.0 #aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user 0531 password cipher %$%$yR4\Et2QEHbL;.2_q4D<~#uH%$%$ local-user 0531 service-type ppp local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type zone Local priority 15#interface Virtual-Template1 ppp authentication-mode pap remote address pool pool1 ip address 12.1.1.2 255.255.255.0 #interface GigabitEthernet0/0/0 pppoe-server bind Virtual-Template 1#interface GigabitEthernet0/0/1 ip address 25.1.1.2 255.255.255.0 #interface GigabitEthernet0/0/2#interface NULL0#rip 1 version 2 network 12.0.0.0 network 25.0.0.0#user-interface con 0 authentication-mode passworduser-interface vty 0 4user-interface vty 16 20#wlan ac#return

LT_R3

#sysname LT_R3#undo info-center enable#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher g8S/4<\E7A]@l3D+mKgUNt]# local-user admin service-type zone Local priority 16#wlan#rip 1 version 2 network 13.0.0.0 network 35.0.0.0#user-interface con 0user-interface vty 0 4user-interface vty 16 20#return

R5

#sysname R5#undo info-center enable#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher PsA-QOqpp/+/Y@:Y>Lw(zt^# local-user admin service-type zone Local priority 16#wlan#rip 1 version 2 network 25.0.0.0 network 35.0.0.0 network 5.0.0.0#user-interface con 0user-interface vty 0 4user-interface vty 16 20#return

baidu Server

FZ_R4

#sysname FZ_R4#undo info-center enable#undo nap slave enable#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user hcie password cipher wP_T$UyeuTbL^B&WSBiQUu0# local-user hcie privilege level 3 local-user hcie service-type telnet local-user admin password cipher qu>q0W8)\MbL^B&WSBiQUu0# local-user admin service-type zone Local priority 16#wlan#ospf 1 area 0.0.0.0 network 14.1.1.0 0.0.0.255 network 192.168.100.0 0.0.0.255#user-interface con 0user-interface vty 0 4 authentication-mode aaauser-interface vty 16 20#return

FZ_Server

HJ_SW3

#sysname HJ_sw3#undo info-center enable#vlan batch 2 to 5 200 999#cluster enablentdp enablendp enable#undo nap slave enable#drop illegal-mac alarm#diffserv domain default#stp region-configuration region-name aa revision-level 1 instance 1 vlan 2 to 3 200 instance 2 vlan 4 to 5 active region-configuration#drop-profile default#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!! local-user hcie privilege level 3 local-user hcie service-type telnet local-user admin password simple admin local-user admin service-type Vlanif1#interface Vlanif999 ip address 192.168.255.3 255.255.255.0#interface MEth0/0/1#interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 3 999 stp instance 1 cost 10000 stp instance 2 cost 10000 mode lacp-static#interface Ethernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 to 3 999#interface Ethernet0/0/2 port link-type trunk port trunk allow-pass vlan 2 to 3 999#interface Ethernet0/0/3 port link-type trunk port trunk allow-pass vlan 2 999#interface Ethernet0/0/4 eth-trunk 1#interface Ethernet0/0/5 eth-trunk 1#interface Ethernet0/0/6#interface Ethernet0/0/7#interface Ethernet0/0/8#interface Ethernet0/0/9#interface Ethernet0/0/10#interface Ethernet0/0/11#interface Ethernet0/0/12#interface Ethernet0/0/13#interface Ethernet0/0/14#interface Ethernet0/0/15#interface Ethernet0/0/16#interface Ethernet0/0/17#interface Ethernet0/0/18#interface Ethernet0/0/19#interface Ethernet0/0/20#interface Ethernet0/0/21#interface Ethernet0/0/22#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface NULL0#ip route-static 0.0.0.0 0.0.0.0 192.168.255.1#user-interface con 0user-interface vty 0 4 authentication-mode aaa#return

HJ_SW4

#sysname HJ_sw4#undo info-center enable#vlan batch 2 to 5 200 999#cluster enablentdp enablendp enable#undo nap slave enable#drop illegal-mac alarm#diffserv domain default#stp region-configuration region-name aa revision-level 1 instance 1 vlan 2 to 3 200 instance 2 vlan 4 to 5 active region-configuration#drop-profile default#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!! local-user hcie privilege level 3 local-user hcie service-type telnet local-user admin password simple admin local-user admin service-type Vlanif1#interface Vlanif999 ip address 192.168.255.4 255.255.255.0#interface MEth0/0/1#interface Ethernet0/0/2 port link-type trunk port trunk allow-pass vlan 4 to 5 999#interface Ethernet0/0/3 port link-type trunk port trunk allow-pass vlan 4 to 5 999#interface Ethernet0/0/4#interface Ethernet0/0/5#interface Ethernet0/0/6#interface Ethernet0/0/7#interface Ethernet0/0/8#interface Ethernet0/0/9#interface Ethernet0/0/10#interface Ethernet0/0/11#interface Ethernet0/0/12#interface Ethernet0/0/13#interface Ethernet0/0/14#interface Ethernet0/0/15#interface Ethernet0/0/16#interface Ethernet0/0/17#interface Ethernet0/0/18#interface Ethernet0/0/19#interface Ethernet0/0/20#interface Ethernet0/0/21#interface Ethernet0/0/22#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface NULL0#ip route-static 0.0.0.0 0.0.0.0 192.168.255.1#user-interface con 0user-interface vty 0 4 authentication-mode aaa#return

JR_SW5

#sysname JR_sw5#undo info-center enable#vlan batch 2 to 5 200 999#cluster enablentdp enablendp enable#undo nap slave enable#drop illegal-mac alarm#dhcp enable#dhcp snooping enable#diffserv domain default#drop-profile default#vlan 2 dhcp snooping enable#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!! local-user hcie privilege level 3 local-user hcie service-type telnet local-user admin password simple admin local-user admin service-type Vlanif1#interface Vlanif999 ip address 192.168.255.5 255.255.255.0#interface MEth0/0/1#interface Ethernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 999 dhcp snooping trusted#interface Ethernet0/0/2 port link-type access port default vlan 2 stp edged-port enable#interface Ethernet0/0/3#interface Ethernet0/0/4#interface Ethernet0/0/5#interface Ethernet0/0/6#interface Ethernet0/0/7#interface Ethernet0/0/8#interface Ethernet0/0/9#interface Ethernet0/0/10#interface Ethernet0/0/11#interface Ethernet0/0/12#interface Ethernet0/0/13#interface Ethernet0/0/14#interface Ethernet0/0/15#interface Ethernet0/0/16#interface Ethernet0/0/17#interface Ethernet0/0/18#interface Ethernet0/0/19#interface Ethernet0/0/20#interface Ethernet0/0/21#interface Ethernet0/0/22#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface NULL0#ip route-static 0.0.0.0 0.0.0.0 192.168.255.1#user-interface con 0user-interface vty 0 4 authentication-mode aaa#return

JR_SW6

#sysname JR_sw6#undo info-center enable#vlan batch 2 to 5 200 999#cluster enablentdp enablendp enable#undo nap slave enable#drop illegal-mac alarm#dhcp enable#dhcp snooping enable#diffserv domain default#drop-profile default#vlan 3 dhcp snooping enable#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!! local-user hcie privilege level 3 local-user hcie service-type telnet local-user admin password simple admin local-user admin service-type Vlanif1#interface Vlanif999 ip address 192.168.255.6 255.255.255.0#interface MEth0/0/1#interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 3 999 stp instance 0 cost 10000 mode lacp-static dhcp snooping trusted#interface Ethernet0/0/1 eth-trunk 1#interface Ethernet0/0/2 port link-type access port default vlan 3 stp edged-port enable#interface Ethernet0/0/3 eth-trunk 1#interface Ethernet0/0/4#interface Ethernet0/0/5#interface Ethernet0/0/6#interface Ethernet0/0/7#interface Ethernet0/0/8#interface Ethernet0/0/9#interface Ethernet0/0/10#interface Ethernet0/0/11#interface Ethernet0/0/12#interface Ethernet0/0/13#interface Ethernet0/0/14#interface Ethernet0/0/15#interface Ethernet0/0/16#interface Ethernet0/0/17#interface Ethernet0/0/18#interface Ethernet0/0/19#interface Ethernet0/0/20#interface Ethernet0/0/21#interface Ethernet0/0/22#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface NULL0#ip route-static 0.0.0.0 0.0.0.0 192.168.255.1#user-interface con 0user-interface vty 0 4 authentication-mode aaa#return

PC4、PC6、PC7

R7

#sysname PC#undo info-center enable#dhcp enable#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher >:{/T'yS94+/Y@:Y>Lw(`u## local-user admin service-type zone Local priority 16#wlan#user-interface con 0user-interface vty 0 4user-interface vty 16 20#return

实验拓扑完成，建议多完成几次，可加深对企业网络的了解。

如有问题，可留言联系。

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。