防火墙、客户端、服务器、路由器典型拓扑,含配置与脚本
LSW3:
sy
sys LSW3
VLAN batch 2 to 906
interface G0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface G0/0/3
port link-type access
port default vlan 10
interface G0/0/4
port link-type access
port default vlan 20
interface G0/0/5
port link-type trunk
port trunk allow-pass vlan all
LSW6:
vlan batch 2 to 906
interface G0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface e0/0/2
port link-type access
port default vlan 33
LSW4:
sy
sys LSW4
vlan batch 2 to 906
interface G0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface G0/0/3
port link-type access
port default vlan 30
interface G0/0/5
port link-type access
port default vlan 40
interface G0/0/4
port link-type trunk
port trunk allow-pass vlan all
LSW1:
sy
sys LSW1
vlan batch 2 to 906
interface G0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface G0/0/5
port link-type access
port default vlan 50
interface G0/0/4
port link-type trunk
port trunk allow-pass vlan all
interface G0/0/6
port link-type access
port default vlan 33
interface Eth-Trunk1
mode lacp-sta
trunkport g0/0/2
trunkport g0/0/3
port link-type trunk
port trunk allow-pass vlan all
LSW2:
sy
sys LSW2
vlan batch 2 to 906
interface G0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface G0/0/5
port link-type trunk
port trunk allow-pass vlan all
interface G0/0/4
port link-type access
port default vlan 60
interface Eth-Trunk1
mode lacp-sta
trunkport g0/0/2
trunkport g0/0/3
port link-type trunk
port trunk allow-pass vlan all
二、IP地址
--------------------------------
LSW1:
int vlanif 33
ip add 192.168.33.254 24
int vlanif 50
ip add 192.168.50.1 30
LSW2:
int vlanif 60
ip add 192.168.60.1 30
AR1:
int g0/0/0
ip add 192.168.50.2 30
int g0/0/1
ip add 192.168.60.2 30
三、地址池
--------------------------------
LSW1:
ip pool tug
network 192.168.10.0 mask 24
gateway-list 192.168.10.254
ip pool jxl
network 192.168.20.0 mask 24
gateway-list 192.168.20.254
ip pool st
network 192.168.33.0 mask 24
gateway-list 192.168.33.254
LSW2:
ip pool nq
network 192.168.30.0 mask 24
gateway-list 192.168.30.254
ip pool vq
network 192.168.40.0 mask 24
gateway-list 192.168.40.254
四、VRRP
--------------------------------
LSW1:
DHCP enable
int vlanif 10
ip add 192.168.10.1 24
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 150
vrrp vrid 10 track interface g0/0/5 reduced 100
dhcp select global
q
int vlanif 20
ip add 192.168.20.1 24
vrrp vrid 20 virtual-ip 192.168.20.254
vrrp vrid 20 priority 150
vrrp vrid 20 track interface g0/0/5 reduced 100
dhcp select global
q
int vlanif 33
ip add 192.168.33.254 24
dhcp select global
int vlanif 30
ip add 192.168.30.1 24
vrrp vrid 30 virtual-ip 192.168.30.254
int vlanif 40
ip add 192.168.40.1 24
vrrp vrid 40 virtual-ip 192.168.40.254
LSW2:
dhcp enable
int vlanif 30
ip add 192.168.30.2 24
vrrp vrid 30 virtual-ip 192.168.30.254
vrrp vrid 30 priority 150
vrrp vrid 30 track interface g0/0/5 reduced 100
dhcp select global
q
int vlanif 40
ip add 192.168.40.2 24
vrrp vrid 40 virtual-ip 192.168.40.254
vrrp vrid 40 priority 150
vrrp vrid 40 track interface g0/0/5 reduced 100
dhcp select global
q
int vlanif 10
ip add 192.168.10.2 24
vrrp vrid 10 virtual-ip 192.168.10.254
int vlanif 20
ip add 192.168.20.2 24
vrrp vrid 20 virtual-ip 192.168.20.254
四、MSTP
--------------------------------
LSW3:
stp region-configuration
region-name 1
instance 1 vlan 10
instance 2 vlan 20
instance 3 vlan 30
instance 4 vlan 40
active region-configuration
LSW4:
stp region-configuration
region-name 1
instance 1 vlan 10
instance 2 vlan 20
instance 3 vlan 30
instance 4 vlan 40
active region-configuration
LSW1:
stp region-configuration
region-name 1
instance 1 vlan 10
instance 2 vlan 20
instance 3 vlan 30
instance 4 vlan 40
active region-configuration
stp instance 1 root primary
stp instance 2 root primary
stp instance 3 root secondary
stp instance 4 root secondary
LSW2:
stp region-configuration
region-name 1
instance 1 vlan 10
instance 2 vlan 20
instance 3 vlan 30
instance 4 vlan 40
active region-configuration
stp instance 3 root primary
stp instance 4 root primary
stp instance 1 root secondary
stp instance 2 root secondary
二、OSPF
--------------------------------
LSW1:
ospf 1
area 0.0.0.0
network 192.168.50.0 0.0.0.3
network 192.168.33.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
LSW2:
ospf 1
area 0.0.0.0
network 192.168.60.0 0.0.0.3
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
双机热备:
FW1
sy
sys FW1
int g1/0/1
ip add 192.168.100.1 24
int g1/0/0
ip add 10.3.0.1 24
int g1/0/2
ip add 10.10.0.1 24
q
firewall zone trust
add int g1/0/0
q
firewall zone untrust
add int g1/0/1
q
firewall zone dmz
add int g1/0/2
q
ospf 1
area 0
net 10.3.0.0 0.0.0.255
net 192.168.100.0 0.0.0.255
int g1/0/1
vrrp vrid 1 virtual-ip 192.168.100.254 24 active
hrp adjust ospf-cost enable
q
hrp interface g1/0/2 remote 10.10.0.2
hrp enable
security-policy
rule name 1
source-zone trust
destiNATion-zone untrust
service http ftp icmp
action permit
security-policy
rule name ospf
service protocol 89
action permit
q
FW2
sy
sys FW2
int g1/0/0
ip add 10.4.0.1 24
int g1/0/1
ip add 192.168.100.2 24
int g1/0/2
ip add 10.10.0.2 24
q
firewall zone trust
add int g1/0/0
firewall zone dmz
add int g1/0/2
q
firewall zone untrust
add int g1/0/1
q
ospf 1
area 0
net 10.4.0.0.0 0.0.0.255
net 192.168.100.0 0.0.0.255
int g1/0/1
vrrp vrid 1 virtual-ip 192.168.100.254 24 standby
q
hrp adjust ospf-cost enable
hrp interface g1/0/2 remote 10.4.0.1
hrp enable
AR1:
int g2/0/0
ip add 192.168.80.254 24
int g3/0/0
ip add 10.3.0.2 24
int g4/0/0
ip add 10.4.0.2 24
ospf 1
area 0
net 192.168.80.0 0.0.0.255
net 10.3.0.0 0.0.0.255
net 10.4.0.0 0.0.0.255
net 192.168.50.0 0.0.0.3
net 192.168.60.0 0.0.0.3
LSW8:
ospf 1
area 0
net 10.2.0.0 0.0.0.255
net 192.168.100.0 0.0.0.255
文章声明:以上内容(如有图片或视频亦包括在内)除非注明,否则均为Net3C原创文章,转载或复制请以超链接形式并注明出处。定制服务:需要定制服务请加V:Net3c_2022
还没有评论,来说两句吧...