一.给设备重命名

同理可得，所有交换机和路由器都用一下命令配置

<Huawei>sys
[Huawei]sysn LSW1

 

二.配置VLAN

LSW1：

[LSW1]vlan batch 10 20

[LSW1]int e0/0/1
[LSW1-Ethernet0/0/1]port link-type access
[LSW1-Ethernet0/0/1]port default vlan 10
[LSW1-Ethernet0/0/1]int e0/0/2
[LSW1-Ethernet0/0/2]port link-type access
[LSW1-Ethernet0/0/2]port default vlan 20
[LSW1-Ethernet0/0/2]int e0/0/3
[LSW1-Ethernet0/0/3]port link-type trunk
[LSW1-Ethernet0/0/3]port trunk allow-pass vlan 10 20
[LSW1-Ethernet0/0/3]undo port trunk allow-pass vlan 1
[LSW1-Ethernet0/0/3]int e0/0/4 
[LSW1-Ethernet0/0/4]port link-type trunk
[LSW1-Ethernet0/0/4]port trunk allow-pass vlan 10 20
[LSW1-Ethernet0/0/4]undo port trunk allow-pass vlan 1
[LSW1-Ethernet0/0/4]dis port vlan

LSW2：

[LSW2]vlan batch 10 20 101
[LSW2]int g0/0/1
[LSW2-GigabitEthernet0/0/1]port link-type trunk
[LSW2-GigabitEthernet0/0/1]port trunk all vlan 10 20
[LSW2-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1

[LSW2-GigabitEthernet0/0/1]port trunk pvid vlan 10
[LSW2-GigabitEthernet0/0/1]int g0/0/3
[LSW2-GigabitEthernet0/0/3]port link-type trunk
[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20
[LSW2-GigabitEthernet0/0/3]undo port trunk allow-pass vlan 1
[LSW2-GigabitEthernet0/0/3]int g0/0/2 
[LSW2-GigabitEthernet0/0/2]port link-type access
[LSW2-GigabitEthernet0/0/2]port default vlan 101

LSW3

[LSW3]vlan b 10 20 102
[LSW3]int g0/0/1
[LSW3-GigabitEthernet0/0/1]port link-type trunk
[LSW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[LSW3-GigabitEthernet0/0/1]undo port trunk all vlan 1
[LSW3-GigabitEthernet0/0/1]int g0/0/2 
[LSW3-GigabitEthernet0/0/2]port link-type access
[LSW3-GigabitEthernet0/0/2]port de vlan 102
[LSW3-GigabitEthernet0/0/2]int g0/0/3
[LSW3-GigabitEthernet0/0/3]port link-type trunk
[LSW3-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20
[LSW3-GigabitEthernet0/0/3]undo port trunk all vlan 1

LSW4

[LSW4]vlan 10
[LSW4-vlan10]q
[LSW4]int e0/0/1
[LSW4-Ethernet0/0/1]port link-t access
[LSW4-Ethernet0/0/1]port de vlan 10
[LSW4-Ethernet0/0/1]int e0/0/2
[LSW4-Ethernet0/0/2]port link-t access
[LSW4-Ethernet0/0/2]port de vlan 10
[LSW4-Ethernet0/0/2]int e0/0/3
[LSW4-Ethernet0/0/3]port link-t access
[LSW4-Ethernet0/0/3]port de vlan 10

三.配置IP地址

AR1

[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 21.0.0.2 24
[AR1-GigabitEthernet0/0/0]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip add 31.0.0.2 24
[AR1-GigabitEthernet0/0/1]int g0/0/2
[AR1-GigabitEthernet0/0/2]ip add 14.0.0.1 24
[AR1-GigabitEthernet0/0/2]int loo0
[AR1-LoopBack0]ip add 10.1.1.1 32

AR2

[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip add 22.0.0.2 24
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]ip add 21.0.0.1 24
[AR2-GigabitEthernet0/0/1]int loo0
[AR2-LoopBack0]ip add 10.1.2.2 32

AR3

[AR3]int g0/0/0
[AR3-GigabitEthernet0/0/0]ip add 33.0.0.2 24
[AR3-GigabitEthernet0/0/0]int g0/0/1
[AR3-GigabitEthernet0/0/1]ip add 31.0.0.1 24
[AR3-GigabitEthernet0/0/1]int loo0
[AR3-LoopBack0]ip add 10.1.3.3 32

AR4

[AR4]int g0/0/0
[AR4-GigabitEthernet0/0/0]ip add 14.0.0.2 24
[AR4-GigabitEthernet0/0/0]int g0/0/1
[AR4-GigabitEthernet0/0/1]ip add 45.0.0.1 24
[AR4-GigabitEthernet0/0/1]int g0/0/2
[AR4-GigabitEthernet0/0/2]ip add 47.0.0.1 24
[AR4-GigabitEthernet0/0/2]int loo0
[AR4-LoopBack0]ip add 10.1.4.4 32

AR5

[AR5]int g0/0/0
[AR5-GigabitEthernet0/0/0]ip add 45.0.0.2 24
[AR5-GigabitEthernet0/0/0]int g0/0/1
[AR5-GigabitEthernet0/0/1]ip add 57.4.0.1 24

AR6

[AR6]int g0/0/1
[AR6-GigabitEthernet0/0/1]ip add 57.4.0.2 24
[AR6-GigabitEthernet0/0/1]int g0/0/2
[AR6-GigabitEthernet0/0/2]ip add 47.0.0.2 24
[AR6-GigabitEthernet0/0/2]

LSW2

[LSW2]int vlan10
[LSW2-Vlanif10]ip add 192.168.10.100 24
[LSW2-Vlanif10]int vlan 20
[LSW2-Vlanif20]ip add 192.168.20.100 24
[LSW2-Vlanif20]int vlan 101
[LSW2-Vlanif101]ip add 22.0.0.1 24
[LSW2-Vlanif101]int loo0
[LSW2-LoopBack0]ip add 10.1.5.5 32

LSW3

[LSW3]int vlan 10
[LSW3-Vlanif10]ip add 192.168.10.101 24
[LSW3-Vlanif10]int vlan 20
[LSW3-Vlanif20]ip add 192.168.20.101 24
[LSW3-Vlanif20]int vlan 102
[LSW3-Vlanif102]ip add 33.0.0.1 24
[LSW3-Vlanif102]int loo0
[LSW3-LoopBack0]ip add 10.1.6.6 32]

LSW1

[LSW1]int loo0
[LSW1-LoopBack0]ip add 10.1.7.7 32

四.配置 RSTP

LSW1、LSW2、LSW3 改成 RSTP 模式。LSW2 为根桥，LSW3 为备份根桥 用stp root pri /se。
交换机与 PC 端所连接接口要配置成边缘端口

LSW1

[LSW1]stp mode rstp

[LSW1]int e0/0/1 
[LSW1-Ethernet0/0/1]stp edged-port enable
[LSW1-Ethernet0/0/1]int e0/0/2
[LSW1-Ethernet0/0/2]stp edged-port enable

LSW2

[LSW2]stp mode rstp

[LSW2]stp root primary

LSW3

[LSW3]stp mode rstp

[LSW3]stp root secondary

五.VRRP

在 LSW2、LSW3 VLANIF10 VLANIF20 接口里面配置VRRP
LSW2:
VLANIF10 VRID 为1 虚拟地址: 192.168.10.254 修改优先级为 120

VLANIF20 VRID 为2 虚拟地址为: 192.168.20.254 修改优先级为120

LSW3:
VLANIF10 VRID 为1 虚拟地址: 192.168.10.254

VLANIF20 VRID 为2虚拟地址为: 192.168.20.254配置

VRRP 抢占延时时间为 30s

LSW2

[LSW2]int vlan 10
[LSW2-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.254
[LSW2-Vlanif10]vrrp vrid 1 priority 120
[LSW2-Vlanif10]int vlan 20
[LSW2-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.254
[LSW2-Vlanif20]vrrp vrid 2 priority 120

[LSW2-Vlanif20]vrrp vrid 2 preempt-mode timer delay 30

[LSW2-Vlanif20]int vlan 10
[LSW2-Vlanif10]vrrp vrid 1 preempt-mode timer delay 30

LSW3

[LSW3]int vlan 10
[LSW3-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.254
[LSW3-Vlanif10]int vlan 20
[LSW3-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.254

[LSW3-Vlanif20]vrrp vrid 2 preempt-mode timer delay 30

[LSW3-Vlanif20]int vlan 10
[LSW3-Vlanif10]vrrp vrid 1 preempt-mode timer delay 30

六.OSPF的配置

在 LSW2、LSW3、AR1、AR2、AR3、AR4 设备上配置OSPF 1 进程号router-id 与 Loopback,地址一致，loopback 地址宣告进骨干区域。LSW2、LSW3 里面的 VLANIF10 宣告在 area1 里面 VLANIF20 宣告在area2 里面，其余地址宣告到 area0。
AR4 的 GO/0/1 和 G0/0/2 接口的IP 地址不用宣告。
比如Area 0 所有网段采用 Network 宣告采用 24 位拖码。比如：192.168.10.0 0.0.0.255
为了 OSPF 的安全需要配置 MD5 模式的密钥 密号为 1密码为:huawei

AR1
[AR1]ospf 1 router-id 10.1.1.1
[AR1-ospf-1]area 0
[AR1-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[AR1-ospf-1-area-0.0.0.0]network 21.0.0.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]network 31.0.0.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]network 14.0.0.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]network 10.1.1.1 0.0.0.0

AR2

[AR2]ospf 1 router-id 10.1.2.2
[AR2-ospf-1]area 0
[AR2-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[AR2-ospf-1-area-0.0.0.0]network 22.0.0.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]network 21.0.0.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]network 10.1.2.2 0.0.0.0

AR3

[AR3]ospf 1 router-id 10.1.3.3
[AR3-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[AR3-ospf-1-area-0.0.0.0]network 33.0.0.0 0.0.0.255
[AR3-ospf-1-area-0.0.0.0]network 31.0.0.0 0.0.0.255
[AR3-ospf-1-area-0.0.0.0]network 10.1.3.3 0.0.0.0

AR4

[AR4]ospf 1 router-id 10.1.4.
[AR4-ospf-1]area 0
[AR4-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[AR4-ospf-1-area-0.0.0.0]network 14.0.0.0 0.0.0.255
[AR4-ospf-1-area-0.0.0.0]network 10.1.4.4 0.0.0.0

LSW2
[LSW2]ospf 1 router-id 10.1.5.5
[LSW2-ospf-1]area 0
[LSW2-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[LSW2-ospf-1-area-0.0.0.0]network 22.0.0.0 0.0.0.255
[LSW2-ospf-1-area-0.0.0.0]network 10.1.5.5 0.0.0.0
[LSW2-ospf-1-area-0.0.0.0]q
[LSW2-ospf-1]q
[LSW2]ospf 1
[LSW2-ospf-1]area 1
[LSW2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher huawei
[LSW2-ospf-1-area-0.0.0.1]network 192.168.10.0 0.0.0.255
[LSW2-ospf-1-area-0.0.0.1]q
[LSW2-ospf-1]area 2
[LSW2-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher huawei
[LSW2-ospf-1-area-0.0.0.2]network 192.168.20.0 0.0.0.255

LSW3

[LSW3]ospf 1 router-id 10.1.6.6
[LSW3-ospf-1]aut    
[LSW3-ospf-1]area 0
[LSW3-ospf-1-area-0.0.0.0]net    
[LSW3-ospf-1-area-0.0.0.0]aur    
[LSW3-ospf-1-area-0.0.0.0]aut    
[LSW3-ospf-1-area-0.0.0.0]authentication-mode m    
[LSW3-ospf-1-area-0.0.0.0]authentication-mode md5 1 c    
[LSW3-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[LSW3-ospf-1-area-0.0.0.0]net    
[LSW3-ospf-1-area-0.0.0.0]network 33.0.0.0 0.0.0.255
[LSW3-ospf-1-area-0.0.0.0]net    
[LSW3-ospf-1-area-0.0.0.0]network 10.1.6.6 0.0.0.0

七.出口设计

在 AR4 设备里，2个出口端口配置各一条缺省路由，通往 Server1

在 AR5、AR7 中配置一条缺省路由下一跳都是在 AR4 上面

在 AR4 上用 ACL 2000 运用在的两个出接口中,要求内网 192.168.10.0网段做 easylP 地址转换
 

AR4

[AR4]ip route-static 0.0.0.0 0.0.0.0 45.0.0.2
[AR4]ip route-static 0.0.0.0 0.0.0.0 47.0.0.2

AR5

[AR5]ip route-static 0.0.0.0 0.0.0.0 45.0.0.1

AR6

[AR6]ip route-static 0.0.0.0 0.0.0.0 47.0.0.1

AR4

[AR4]acl 2000   
[AR4-acl-basic-2000]rule permit source 192.168.10.0 0.0.0.255
[AR4-acl-basic-2000]q
[AR4]int g0/0/1
[AR4-GigabitEthernet0/0/1]nat outbound 2000
[AR4-GigabitEthernet0/0/1]q
[AR4]int g0/0/2
[AR4-GigabitEthernet0/0/2]nat outbound 2000

八.DHCP 服务器

AR1 上做 DHCP 服务器，两个 PC 采用全局地址池，vlanif10,vlanif20。排除192.168.X.1-192.168.X.101 不能使用。租用时间为 1天 1小时中继服务器地址选用 GEO/0/ 接口 IP

AR1

[AR1]ip pool vlanif10
[AR1-ip-pool-vlanif10]network 192.168.10.0 mask 255.255.255.0
[AR1-ip-pool-vlanif10]gateway-list 192.168.10.254
[AR1-ip-pool-vlanif10]excluded-ip-address 192.168.10.1 192.168.10.101
[AR1-ip-pool-vlanif10]lease day 1 hour 1
[AR1-ip-pool-vlanif10]q
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]dhcp select global
[AR1-GigabitEthernet0/0/0]q
[AR1]ip pool vlanif20
[AR1-ip-pool-vlanif20]network 192.168.20.0 mask 255.255.255.0
[AR1-ip-pool-vlanif20]gateway-list 192.168.20.254
[AR1-ip-pool-vlanif20]excluded-ip-address 192.168.20.1 192.168.20.101
[AR1-ip-pool-vlanif20]q
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]dhcp select global

AR2

[AR2]dhcp enable

LSW2

[LSW2]dhcp enable

[LSW2]int vlan 10
[LSW2-Vlanif10]dhcp select relay
[LSW2-Vlanif10]dhcp relay server-ip 21.0.0.2

AR3

[AR2]dhcp enable

LSW3

[LSW3]dhcp enable
[LSW3]int vlan 10
[LSW3-Vlanif10]dhcp select relay
[LSW3-Vlanif10]dhcp relay server-ip 21.0.0.2

九.路由引入

在 AR1 上的 OSPF 引入静态路由

AR4

[AR4]ospf 1
[AR4-ospf-1]import-route static
[AR4-ospf-1]default-route-advertise always