做一个千人集团组网实验耗时3个夜晚美好时光,终于完工心情非常喜悦,这个实验非常贴近日常项目需求,所以内容稍微多点,大家阅读起来有点费劲,做实验设备选型核心5700系列,出口路由器AR3200系列,实际设备型号根据项目需求选择,设备的配置命令也会有差别,现将命令发出来供大家指导参考,命令里面把段落的“井号”换成了“连续的点”。valn900是用来管理所有设备的一个网段。
核心交换机
....
sysname HX SW1
....
undo info-center enable
...
vlan batch 10 20 30 40 200 800 900
...
cluster enable
ntdp enable
ndp enable
...
drop illegal-mac alarm
....
dhcp enable
...
diffserv domain default
...
acl number 3000
rule 5 permit ip source 192.168.40.0 0.0.0.255 destination 192.168.200.20 0
rule 10 deny ip destination 192.168.200.20 0
...
drop-profile default
...
ip pool jxl vlan30
gateway-list 192.168.30.1
network 192.168.30.0 mask 255.255.255.0
dns-list 114.114.114.114 8.8.8.8
...
ip pool syl vlan10
gateway-list 192.168.10.1
network 192.168.10.0 mask 255.255.255.0
dns-list 114.114.114.114 8.8.8.8
...
ip pool syl vlan20
gateway-list 192.168.20.1
network 192.168.20.0 mask 255.255.255.0
dns-list 114.114.114.114 8.8.8.8
...
ip pool xzl vlan40
gateway-list 192.168.40.1
network 192.168.40.0 mask 255.255.255.0
dns-list 114.114.114.114 8.8.8.8
...
aaa
local-user lbq password cipher 123
local-user lbq privilege level 3
local-user lbq service-type telnet
...
interface Vlanif1
...
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
dhcp select global
...
interface Vlanif20
ip address 192.168.20.1 255.255.255.0
dhcp select global
...
interface Vlanif30
ip address 192.168.30.1 255.255.255.0
dhcp select global
...
interface Vlanif40
ip address 192.168.40.1 255.255.255.0
dhcp select global
...
interface Vlanif200
ip address 192.168.200.1 255.255.255.0
....
interface Vlanif800
ip address 192.168.254.2 255.255.255.0
...
interface Vlanif900
ip address 192.168.255.1 255.255.255.0
....
interface MEth0/0/1
...
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 200 900
traffic-filter outbound acl 3000
mode lacp-static
...
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 900
...
interface GigabitEthernet0/0/2
eth-trunk 1
....
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30 900
...
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 40 900
...
interface GigabitEthernet0/0/5
eth-trunk 1
...
interface GigabitEthernet0/0/24
port link-type access
port default vlan 800
...
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 192.168.200.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.254.0 0.0.0.255
...
ip route-static 0.0.0.0 0.0.0.0 192.168.254.1
....
snmp-agent
snmp-agent community write 123
snmp-agent community read 456
snmp-agent sys-info version all
...
user-interface vty 0 4
authentication-mode aaa
....
出口路由器配置
sysname R1
...
board add 0/1 1GEC
board add 0/2 1GEC
board add 0/3 1GEC
board add 0/4 1GEC
...
snmp-agent
snmp-agent community write 123
snmp-agent community read 456
...
clock timezone China-Standard-Time minus 08:00:00
...
undo info-center enable
....
wlan ac-global carrier id other ac id 0
...
set cpu-usage threshold 80 restore 75
...
acl number 2000
rule 5 permit source 192.168.0.0 0.0.255.255
....
acl number 3001
rule 5 permit ip destination 192.168.0.0 0.0.255.255
rule 10 deny ip source 192.168.20.0 0.0.0.255
....
aaa
local-user lbq password cipher 123
local-user lbq privilege level 3
local-user lbq service-type telnet
...
firewall zone Local
priority 15
...
interface GigabitEthernet0/0/0
....
interface GigabitEthernet0/0/1
ip address 13.1.1.1 255.255.255.248
nat outbound 2000
...
interface GigabitEthernet0/0/2
...
interface GigabitEthernet1/0/0
ip address 192.168.104.1 255.255.255.252
nat server protocol tcp global current-interface 80 inside 192.168.200.10 80
....
interface GigabitEthernet2/0/0
ip address 192.168.105.1 255.255.255.252
....
interface GigabitEthernet3/0/0
ip address 12.1.1.1 255.255.255.248
nat server protocol tcp global current-interface 80 inside 192.168.200.10 80
nat outbound 2000
...
interface GigabitEthernet4/0/0
ip address 192.168.254.1 255.255.255.0
traffic-filter inbound acl 3000
....
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 192.168.104.1 0.0.0.0
network 192.168.105.1 0.0.0.0
network 192.168.254.0 0.0.0.255
...
ip route-static 0.0.0.0 0.0.0.0 12.1.1.6
ip route-static 0.0.0.0 0.0.0.0 13.1.1.6 preference 70
...
user-interface vty 0 4
authentication-mode aaa
....
wlan ac
...
新校区1路由器配置
sysname XXQ1 R4
...
undo info-center enable
...
aaa
local-user lbq password cipher 123
local-user lbq privilege level 3
local-user lbq service-type telnet
...
interface Ethernet0/0/0
ip address 192.168.100.1 255.255.255.0
...
interface Ethernet0/0/1
ip address 192.168.104.2 255.255.255.252
...
interface GigabitEthernet0/0/0
...
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 192.168.104.2 0.0.0.0
network 192.168.100.1 0.0.0.0
...
snmp-agent
snmp-agent community write 123
snmp-agent community read 456
snmp-agent sys-info version all
...
user-interface vty 0 4
authentication-mode aaa
...
新校区2路由器配置
sysname XXQ2 R5
...
undo info-center enable
...
aaa
local-user lbq password cipher 123
local-user lbq privilege level 3
local-user lbq service-type telnet
...
interface Ethernet0/0/0
ip address 192.168.105.2 255.255.255.252
...
interface Ethernet0/0/1
ip address 192.168.150.1 255.255.255.0
...
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 192.168.105.2 0.0.0.0
network 192.168.150.1 0.0.0.0
...
snmp-agent
snmp-agent community write 123
snmp-agent community read 456
snmp-agent sys-info version all
...
user-interface vty 0 4
authentication-mode aaa
user-interface vty 16 20
...
信息中心接入交换机
sysname JRSW8
...
undo info-center enable
...
vlan batch 200 900
...
cluster enable
ntdp enable
ndp enable
...
undo nap slave enable
...
drop illegal-mac alarm
...
diffserv domain default
...
drop-profile default
...
aaa
local-user lbq password cipher 123
local-user lbq privilege level 3
local-user lbq service-type telnet
...
interface Vlanif1
...
interface Vlanif900
ip address 192.168.255.8 255.255.255.0
...
interface MEth0/0/1
...
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 200 900
mode lacp-static
...
interface Ethernet0/0/1
...
interface Ethernet0/0/2
port link-type access
port default vlan 200
...
interface Ethernet0/0/3
port link-type access
port default vlan 200
...
interface Ethernet0/0/4
...
interface GigabitEthernet0/0/1
eth-trunk 1
...
interface GigabitEthernet0/0/2
eth-trunk 1
....
ip route-static 0.0.0.0 0.0.0.0 192.168.255.1
...
snmp-agent
snmp-agent community write 123
snmp-agent community read 456
snmp-agent sys-info version all
....
user-interface vty 0 4
authentication-mode aaa
....
汇聚交换机2,及3,4配置方法都差不多,就不发出来
sysname HJ SW2
...
undo info-center enable
....
vlan batch 10 20 900
...
cluster enable
ntdp enable
ndp enable
...
undo nap slave enable
....
drop illegal-mac alarm
..
diffserv domain default
...
drop-profile default
...
aaa
local-user lbq password cipher 123
local-user lbq privilege level 3
local-user lbq service-type telnet
...
interface Vlanif1
.....
interface Vlanif900
ip address 192.168.255.2 255.255.255.0
...
interface MEth0/0/1
...
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 900
...
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 900
..
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 20 900
..
ip route-static 0.0.0.0 0.0.0.0 192.168.255.1
...
snmp-agent
snmp-agent community write 123
snmp-agent community read 456
snmp-agent sys-info version all
....
user-interface vty 0 4
authentication-mode aaa
....
接入交换机5配置,后面的6,7,9号接入交换机配置也差不多,就不一一发。
sysname JRSW5
...
undo info-center enable
...
vlan batch 10 20 900
...
cluster enable
ntdp enable
ndp enable
...
undo nap slave enable
...
drop illegal-mac alarm
...
diffserv domain default
...
drop-profile default
...
aaa
local-user lbq password cipher 123
local-user lbq privilege level 3
local-user lbq service-type telnet
...
interface Vlanif1
...
interface Vlanif900
ip address 192.168.255.5 255.255.255.0
...
interface MEth0/0/1
....
interface Ethernet0/0/1
....
interface Ethernet0/0/2
port link-type access
port default vlan 10
....
interface Ethernet0/0/3
port link-type access
port default vlan 10
...
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 900
...
interface GigabitEthernet0/0/2
....
interface NULL0
....
ip route-static 0.0.0.0 0.0.0.0 192.168.255.1
...
snmp-agent
snmp-agent community write 123
snmp-agent community read 456
snmp-agent sys-info version all
#
user-interface vty 0 4
authentication-mode aaa
#
本文暂时没有评论,来添加一个吧(●'◡'●)