作者:BSXY_19计科_陈永跃 BSXY_信息学院 注:未经允许禁止转发任何内容

基于ensp防火墙双击热备二层网络规划与设计

  • 前言及资源下载
    • 一、设计topo与要求(15个要求)
    • 二、插曲:基于eNSP加防火墙的千人中型校园/企业网络规划与设计
    • 三、配置过程与相应命令
      • 1、Eth-Trunk链路捆绑
      • 2、vlan 底层配置
      • 3、MSTP多生成树
      • 4、VRRP网关配置
      • 5、VRRP网络冗余验证
      • 6、测试PC通网关
      • 7、DHCP中继
      • 8、dhcp snooping配置
      • 9、防火墙基础配置及双击热备
      • 10、OSPF配置
      • 11、RIP配置
      • 12、防火墙NAT策略(前面忘记配置了)
      • 13、telnet远程管理配置
      • 14、无线网络配置

前言及资源下载

有什么问题可以在评论区说明自己遇到的情况,博主看到会第一时间回复,希望其他人也可以回复别人的问题,
可根据以下所提供的设计与实现步骤过程一步一步自行实现(每一条命令都是关键的命令);但是如果有需要的也可以根据以下地址进行下载完整的topo图和完整的配置进行参考与借鉴
,如若拿到topo图可多display查看配置,查看相应的命令,配套资源连接如下
基于ensp防火墙双击热备二层网络规划与设计(命令齐全)_参考文章_配置实验命令笔记

如果以上文章不方便查阅,可点击一下链接进行注册该笔记平台
(有一个记笔记真个是一个好的习惯)

第一步:先点击以下链接进行该笔记平台的注册
flowus笔记平台注册链接
第二步:点击以下即可参考该笔记
(笔记可以一键拷贝到自己的空间进行保存) (所有的命令都在了)

笔记分享查看&拷贝链接

防止链接失效,分享链接请尽快保存到自己的个人空间中
如果失效了的话,那就没办法了,将就该文章看吧

另外双击热备也是上下都是三层的,防火墙的出口一般直接就是路由器,所有近期可能会更改topo图,会在其他的文章中出现,请耐心等待

一、设计topo与要求(15个要求)

topo图01:

topo图02:

设计要求:

要求:* 完成服务器、防火墙、路由器等接口地址的配置* 配置Eth-Trunk 链路实现链路冗余* 企业内部划分多个vlan,减少广播域大小,提高网络的可靠性* 配置MSTP+VRRP实现流量负载分担,同时实现冗余,并配置相应的stp优化技术stp收敛,并减少stp震荡* 为方便用户上网,所有用户均为自动获取IP地址* 配置DHCP Snooing隔绝非法DHCP server* 配置OSPF和静态路由实现三层路由互通* 在运营商区域配置RIP使其能够用户能够访问相应客户端(10.10.10.10)* 防火墙配置NAT策略和安全策略,使得用户可以访问外网* 防火墙需要配置双击热备实现冗余* 默认情况下访问左边(电信网络)* 用户能够通过域名(www.baidu.com)访问外网百度* LSW1-LSW12交换机都能被telnet(huawei 5555)* 网络需要配置无线WLAN,且业务vlan 101 102 管理vlan 100* 无线WLAN网络可以通过域名(www.baidu.com)访问外网百度

二、插曲:基于eNSP加防火墙的千人中型校园/企业网络规划与设计

插曲2:
以下topo是基于eNSP加防火墙的千人中型校园/企业网络规划与设计(附所有配置命令),但是该文章中不做说明与介绍,如需要可点击此连接进行查阅,topo图与要求如下所示:

15个要求如下:

  • 完成服务器、防火墙、路由器等接口地址的配置
  • 配置Eth-Trunk 链路捆绑实现链路冗余
  • 企业内部划分多个vlan,减小广播域大小,提高网络的可靠性
  • 配置MSTP+VRRP实现流量负载分担,同时实现冗余,并配置相应的stp优化技术stp收敛,并减少stp震荡
  • 所有用户均为自动获取IP地址
  • 配置相应的DHCP snooping隔绝非法DHCP server
  • 配置OSPF和静态路由实现三层路由互通
  • 防火墙配置安全策略,放行内网区域到dmz区的流量
  • 防火墙配置NAT策略和安全策略,使得用户可以访问外网百度
  • 防火墙配置服务器映射和安全策略,允许外网用户Client通过公网地址100.100.100.100访问web服务器
  • 防火墙配置相应策略,允许外网用户Client通过公网http://100.100.100.100访问登录web服务器
  • 用户能够通过域名(www.baidu.com)访问外网百度
  • 内部财务服务器只允许vlan 50用户访问
  • LSW1-LSW12交换机都能被telent(huawei 5555)
  • 无线WLAN配置,且业务vlan 101 102也可以通过域名(www.baidu.com)访问外网百度

三、配置过程与相应命令

1、Eth-Trunk链路捆绑

HX_SW1:<Huawei>system-view [Huawei]un in en[Huawei]sysname HX_SW1[HX_SW1]int Eth-Trunk 1[HX_SW1-Eth-Trunk1]mode lacp-static [HX_SW1-Eth-Trunk1]trunkport g0/0/13[HX_SW1-Eth-Trunk1]trunkport g0/0/14------------------------------------ HX_SW2:<Huawei>sys[Huawei]un in en[Huawei]sysname HX_SW2[HX_SW2]int Eth-Trunk 1[HX_SW2-Eth-Trunk1]mode lacp-static [HX_SW2-Eth-Trunk1]trunkport g0/0/13[HX_SW2-Eth-Trunk1]trunkport g0/0/14[HX_SW2-Eth-Trunk1]qui

2、vlan 底层配置

[HX_SW1]vlan batch 10 20 30 40 2 4 200 900[HX_SW1]int g0/0/3[HX_SW1-GigabitEthernet0/0/3]port link-type trunk [HX_SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 900[HX_SW1-GigabitEthernet0/0/3]int g0/0/4[HX_SW1-GigabitEthernet0/0/4]port link-type trunk[HX_SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 10 900[HX_SW1-GigabitEthernet0/0/4]int g0/0/5[HX_SW1-GigabitEthernet0/0/5]port link-type trunk[HX_SW1-GigabitEthernet0/0/5]port trunk allow-pass vlan 20 900[HX_SW1-GigabitEthernet0/0/5]int g0/0/6[HX_SW1-GigabitEthernet0/0/6]port link-type trunk[HX_SW1-GigabitEthernet0/0/6]port trunk allow-pass vlan 20 900[HX_SW1-GigabitEthernet0/0/6]int g0/0/7[HX_SW1-GigabitEthernet0/0/7]port link-type trunk[HX_SW1-GigabitEthernet0/0/7]port trunk allow-pass vlan 30 900[HX_SW1-GigabitEthernet0/0/7]int g0/0/8[HX_SW1-GigabitEthernet0/0/8]port link-type trunk[HX_SW1-GigabitEthernet0/0/8]port trunk allow-pass vlan 30 900[HX_SW1-GigabitEthernet0/0/8]int g0/0/9[HX_SW1-GigabitEthernet0/0/9]port link-type trunk[HX_SW1-GigabitEthernet0/0/9]port trunk allow-pass vlan 40 900[HX_SW1-GigabitEthernet0/0/9]int g0/0/10[HX_SW1-GigabitEthernet0/0/10]port link-type trunk[HX_SW1-GigabitEthernet0/0/10]port trunk allow-pass vlan 40 900[HX_SW1-GigabitEthernet0/0/10]int g0/0/11[HX_SW1-GigabitEthernet0/0/11]port link-type trunk[HX_SW1-GigabitEthernet0/0/11]port trunk allow-pass vlan 200 900[HX_SW1-GigabitEthernet0/0/11]int g0/0/1[HX_SW1-GigabitEthernet0/0/1]port link-type access [HX_SW1-GigabitEthernet0/0/1]port default vlan 2[HX_SW1-GigabitEthernet0/0/1]int g0/0/2[HX_SW1-GigabitEthernet0/0/2]port link-type access[HX_SW1-GigabitEthernet0/0/2]port default vlan 3[HX_SW1-GigabitEthernet0/0/2]qui[HX_SW1]int Eth-Trunk 1[HX_SW1-Eth-Trunk1]port link-type trunk[HX_SW1-Eth-Trunk1]port trunk allow-pass vlan all [HX_SW1-Eth-Trunk1]qui------------------------------------ HX_SW2:[HX_SW2]vlan batch 10 20 30 40 2 4 200 900[HX_SW2]int g0/0/3[HX_SW2-GigabitEthernet0/0/3]port link-type trunk [HX_SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 900[HX_SW2-GigabitEthernet0/0/3]int g0/0/4[HX_SW2-GigabitEthernet0/0/4]port link-type trunk[HX_SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 10 900[HX_SW2-GigabitEthernet0/0/4]int g0/0/5[HX_SW2-GigabitEthernet0/0/5]port link-type trunk[HX_SW2-GigabitEthernet0/0/5]port trunk allow-pass vlan 20 900[HX_SW2-GigabitEthernet0/0/5]int g0/0/6[HX_SW2-GigabitEthernet0/0/6]port link-type trunk[HX_SW2-GigabitEthernet0/0/6]port trunk allow-pass vlan 20 900[HX_SW2-GigabitEthernet0/0/6]int g0/0/7[HX_SW2-GigabitEthernet0/0/7]port link-type trunk[HX_SW2-GigabitEthernet0/0/7]port trunk allow-pass vlan 30 900[HX_SW2-GigabitEthernet0/0/7]int g0/0/8[HX_SW2-GigabitEthernet0/0/8]port link-type trunk[HX_SW2-GigabitEthernet0/0/8]port trunk allow-pass vlan 30 900[HX_SW2-GigabitEthernet0/0/8]int g0/0/9[HX_SW2-GigabitEthernet0/0/9]port link-type trunk[HX_SW2-GigabitEthernet0/0/9]port trunk allow-pass vlan 40 900[HX_SW2-GigabitEthernet0/0/9]int g0/0/10[HX_SW2-GigabitEthernet0/0/10]port link-type trunk[HX_SW2-GigabitEthernet0/0/10]port trunk allow-pass vlan 40 900[HX_SW2-GigabitEthernet0/0/10]int g0/0/11[HX_SW2-GigabitEthernet0/0/11]port link-type trunk[HX_SW2-GigabitEthernet0/0/11]port trunk allow-pass vlan 200 900[HX_SW2-GigabitEthernet0/0/11]int g0/0/1[HX_SW2-GigabitEthernet0/0/1]port link-type access [HX_SW2-GigabitEthernet0/0/1]port default vlan 7[HX_SW2-GigabitEthernet0/0/1]int g0/0/2[HX_SW2-GigabitEthernet0/0/2]port link-type access[HX_SW2-GigabitEthernet0/0/2]port default vlan 4[HX_SW2-GigabitEthernet0/0/2]qui[HX_SW2]int Eth-Trunk 1[HX_SW2-Eth-Trunk1]port link-type trunk[HX_SW2-Eth-Trunk1]port link-type trunk [HX_SW2-Eth-Trunk1]port trunk allow-pass vlan all [HX_SW2-Eth-Trunk1]qui------------------------------------ JR_SW3:<Huawei>sy[Huawei]un in en[Huawei]sys[Huawei]sysname JR_SW2[JR_SW3]vlan batch 10 20 30 40 900[JR_SW3]int g0/0/1[JR_SW3-GigabitEthernet0/0/1]port link-type trunk [JR_SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 900[JR_SW3-GigabitEthernet0/0/1]int g0/0/2[JR_SW3-GigabitEthernet0/0/2]port link-type trunk[JR_SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 900[JR_SW3-GigabitEthernet0/0/2]int g0/0/3[JR_SW3-GigabitEthernet0/0/3]port link-type access [JR_SW3-GigabitEthernet0/0/3]port default vlan 10[JR_SW3-GigabitEthernet0/0/3]int g0/0/4[JR_SW3-GigabitEthernet0/0/4]port link-type access[JR_SW3-GigabitEthernet0/0/4]port default vlan 10[JR_SW3-GigabitEthernet0/0/4]qui[JR_SW3]qui------------------------------------JR_SW4:<Huawei>sy[Huawei]un in en[Huawei]sysname JR_SW4[JR_SW4]vlan batch 10 20 30 40 900[JR_SW4]int g0/0/1[JR_SW4-GigabitEthernet0/0/1]port link-type trunk [JR_SW4-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 900[JR_SW4-GigabitEthernet0/0/1]int g0/0/2[JR_SW4-GigabitEthernet0/0/2]port link-type trunk[JR_SW4-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 900[JR_SW4-GigabitEthernet0/0/2]int g0/0/3[JR_SW4-GigabitEthernet0/0/3]port link-type access [JR_SW4-GigabitEthernet0/0/3]port default vlan 10[JR_SW4-GigabitEthernet0/0/3]qui------------------------------------JRS_SW5:<Huawei>SY[Huawei]un in en[Huawei]sysname JR_SW5[JR_SW5]vlan batch 10 20 30 40 900[JR_SW5]int g0/0/1[JR_SW5-GigabitEthernet0/0/1]port link-type trunk [JR_SW5-GigabitEthernet0/0/1]port trunk allow-pass vlan 20 900[JR_SW5-GigabitEthernet0/0/1]int g0/0/2[JR_SW5-GigabitEthernet0/0/2]port link-type trunk[JR_SW5-GigabitEthernet0/0/2]port trunk allow-pass vlan 20 900[JR_SW5-GigabitEthernet0/0/2]int g0/0/3[JR_SW5-GigabitEthernet0/0/3]port link-type access [JR_SW5-GigabitEthernet0/0/3]port default vlan 20[JR_SW5-GigabitEthernet0/0/3]qui------------------------------------JR_SW6:<Huawei>sys[Huawei]un in en[Huawei]sysname JR_SW6[JR_SW6]vlan batch 10 20 30 40 900[JR_SW6]int g0/0/1[JR_SW6-GigabitEthernet0/0/1]port link-type trunk [JR_SW6-GigabitEthernet0/0/1]port trunk allow-pass vlan 20 900[JR_SW6-GigabitEthernet0/0/1]int g0/0/2[JR_SW6-GigabitEthernet0/0/2]port link-type trunk[JR_SW6-GigabitEthernet0/0/2]port trunk allow-pass vlan 20 900[JR_SW6-GigabitEthernet0/0/2]int g0/0/3[JR_SW6-GigabitEthernet0/0/3]port link-type access [JR_SW6-GigabitEthernet0/0/3]port default vlan 20[JR_SW6-GigabitEthernet0/0/3]qui------------------------------------JR_SW7:<Huawei>SY[Huawei]un in en[Huawei]sysname JR_SW7[JR_SW7]vlan batch 10 20 30 40 900[JR_SW7]int g0/0/1[JR_SW7-GigabitEthernet0/0/1]port link-type trunk [JR_SW7-GigabitEthernet0/0/1]port trunk allow-pass vlan 30 900[JR_SW7-GigabitEthernet0/0/1]int g0/0/2[JR_SW7-GigabitEthernet0/0/2]port link-type trunk[JR_SW7-GigabitEthernet0/0/2]port trunk allow-pass vlan 30 900[JR_SW7-GigabitEthernet0/0/2]int g0/0/3[JR_SW7-GigabitEthernet0/0/3]port link-type access [JR_SW7-GigabitEthernet0/0/3]port default vlan 30[JR_SW7-GigabitEthernet0/0/3]qui------------------------------------JR_SW8:略JR_SW9:略JR_SW10:------------------------------------ JR_11:<Huawei>SY[Huawei]un in en[Huawei]sysname JR_SW11[JR_SW11]vlan batch 10 20 30 40 200 900[JR_SW11]int g0/0/1[JR_SW11-GigabitEthernet0/0/1]port link-type trunk [JR_SW11-GigabitEthernet0/0/1]port trunk allow-pass vlan 200 900[JR_SW11-GigabitEthernet0/0/1]int g0/0/2[JR_SW11-GigabitEthernet0/0/2]port link-type trunk[JR_SW11-GigabitEthernet0/0/2]port trunk allow-pass vlan 200 900[JR_SW11-GigabitEthernet0/0/2]int g0/0/3[JR_SW11-GigabitEthernet0/0/3]port link-type access [JR_SW11-GigabitEthernet0/0/3]port default vlan 200[JR_SW11-GigabitEthernet0/0/3]int g0/0/4[JR_SW11-GigabitEthernet0/0/4]port link-type access [JR_SW11-GigabitEthernet0/0/4]port default vlan 200[JR_SW11-GigabitEthernet0/0/4]qui

3、MSTP多生成树

HX_SW1:<HX_SW1>sys[HX_SW1]stp region-configuration [HX_SW1-mst-region]region-name aaa[HX_SW1-mst-region]revision-level 1[HX_SW1-mst-region]instance 1 vlan 10 20 200[HX_SW1-mst-region]instance 2 vlan 30 40[HX_SW1-mst-region]active region-configuration [HX_SW1-mst-region]dis this#stp region-configuration region-name aaa revision-level 1 instance 1 vlan 10 20 200 instance 2 vlan 30 40 active region-configuration#return[HX_SW1-mst-region]qui[HX_SW1]stp instance 1 root primary [HX_SW1]stp instance 2 root secondary ------------------------------------HX_SW2:[HX_SW2]stp region-configuration[HX_SW2-mst-region]region-name aaa[HX_SW2-mst-region]revision-level 1[HX_SW2-mst-region]instance 1 vlan 10 20 200[HX_SW2-mst-region]instance 2 vlan 30 40[HX_SW2-mst-region]active region-configuration[HX_SW2-mst-region]qui[HX_SW2]stp instance 2 root primary [HX_SW2]stp instance 1 root secondary ------------------------------------JR_SW3:[JR_SW3]stp region-configuration[JR_SW3-mst-region]region-name aaa[JR_SW3-mst-region]revision-level 1[JR_SW3-mst-region]instance 1 vlan 10 20 200[JR_SW3-mst-region]instance 2 vlan 30 40[JR_SW3-mst-region]active region-configurationInfo: This operation may take a few seconds. Please wait for a moment...done.[JR_SW3-mst-region]qui[JR_SW3]dis stp br MSTIDPortRoleSTP State Protection 1GigabitEthernet0/0/1ROOTFORWARDINGNONE 1GigabitEthernet0/0/2ALTEDISCARDINGNONE//发现g/0/2是堵塞(DISCARDING)的就可以了------------------------------------JR_SW4:[JR_SW4]stp region-configuration[JR_SW4-mst-region]region-name aaa[JR_SW4-mst-region]revision-level 1[JR_SW4-mst-region]instance 1 vlan 10 20 200[JR_SW4-mst-region]instance 2 vlan 30 40[JR_SW4-mst-region]active region-configurationInfo: This operation may take a few seconds. Please wait for a moment...done.[JR_SW4-mst-region]qui[JR_SW4]dis stp br MSTIDPortRoleSTP State Protection 1GigabitEthernet0/0/1ROOTFORWARDINGNONE 1GigabitEthernet0/0/2ALTEDISCARDINGNONE//发现g/0/2是堵塞(DISCARDING)的就可以了------------------------------------JR_SW5:略JR_SW6:略JR_SW7:略JR_SW8:略JR_SW9:略JR_SW10:------------------------------------JR_SW11:[JR_SW11]stp region-configuration[JR_SW11-mst-region]region-name aaa[JR_SW11-mst-region]revision-level 1[JR_SW11-mst-region]instance 1 vlan 10 20 200[JR_SW11-mst-region]instance 2 vlan 30 40[JR_SW11-mst-region]active region-configurationInfo: This operation may take a few seconds. Please wait for a moment...done.[JR_SW11-mst-region]qui[JR_SW11]dis stp br MSTIDPortRoleSTP State Protection 0GigabitEthernet0/0/1ALTEDISCARDINGNONE 0GigabitEthernet0/0/2ROOTFORWARDINGNONE 0GigabitEthernet0/0/3DESIDISCARDINGNONE 1GigabitEthernet0/0/1ROOTFORWARDINGNONE 1GigabitEthernet0/0/2ALTEDISCARDINGNONE 1GigabitEthernet0/0/3DESIDISCARDINGNONE发现g/0/2是堵塞(DISCARDING)的就可以了

4、VRRP网关配置

HX_SW1:[HX_SW1]int vlan 10[HX_SW1-Vlanif10]ip add 192.168.10.254 24[HX_SW1-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.1[HX_SW1-Vlanif10]vrrp vrid 10 priority 105[HX_SW1-Vlanif10]dis this#interface Vlanif10 ip address 192.168.10.254 255.255.255.0 vrrp vrid 10 virtual-ip 192.168.10.1 vrrp vrid 10 priority 105#return[HX_SW1-Vlanif10]qui[HX_SW1]int vlan 20[HX_SW1-Vlanif20]ip add 192.168.20.254 24[HX_SW1-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.1[HX_SW1-Vlanif20]vrrp vrid 20 priority 105[HX_SW1-Vlanif20]qui[HX_SW1]int vlan 200[HX_SW1-Vlanif200]ip add 192.168.200.254 24[HX_SW1-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1[HX_SW1-Vlanif200]vrrp vrid 200 priority 105[HX_SW1-Vlanif200]int vlan 30[HX_SW1-Vlanif30]ip add 192.168.30.254 24[HX_SW1-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.1[HX_SW1-Vlanif30]int vlan 40[HX_SW1-Vlanif40]ip add 192.168.40.254 24[HX_SW1-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.1------------------------------------HX_SW2:[HX_SW2]int vlan 30[HX_SW2-Vlanif30]ip add 192.168.30.253 24[HX_SW2-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.1[HX_SW2-Vlanif30]vrrp vrid 30 priority 105[HX_SW2-Vlanif30]dis this#interface Vlanif30 ip address 192.168.30.253 255.255.255.0 vrrp vrid 30 virtual-ip 192.168.30.1 vrrp vrid 30 priority 105#return[HX_SW2-Vlanif30]qui[HX_SW2]int vlan 40[HX_SW2-Vlanif40]ip add 192.168.40.253 24[HX_SW2-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.1[HX_SW2-Vlanif40]vrrp vrid 40 priority 105[HX_SW2-Vlanif40]qui[HX_SW2]int vlan 200[HX_SW2-Vlanif200]ip add 192.168.200.253 24[HX_SW2-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1[HX_SW2-Vlanif200]int vlan 10[HX_SW2-Vlanif10]ip add 192.168.10.253 24[HX_SW2-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.1[HX_SW2-Vlanif10]int vlan 20[HX_SW2-Vlanif20]ip add 192.168.20.253 24[HX_SW2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.1[HX_SW2-Vlanif20]qui

5、VRRP网络冗余验证

HX_SW1:<HX_SW1>dis vrrp brVRIDStateInterfaceType Virtual IP ----------------------------------------------------------------10Master Vlanif10 Normal 192.168.10.1 20Master Vlanif20 Normal 192.168.20.1 30Backup Vlanif30 Normal 192.168.30.1 40Backup Vlanif40 Normal 192.168.40.1 200 Master Vlanif200Normal 192.168.200.1 <HX_SW1>------------------------------------HX_SW2:<HX_SW2>dis vrrp brVRIDStateInterfaceType Virtual IP ----------------------------------------------------------------10Backup Vlanif10 Normal 192.168.10.1 20Backup Vlanif20 Normal 192.168.20.1 30Master Vlanif30 Normal 192.168.30.1 40Master Vlanif40 Normal 192.168.40.1 200 Backup Vlanif200Normal 192.168.200.1<HX_SW2>

6、测试PC通网关

/*手动给PC配置IP地址访问网关,如给vlan3下的PC配置IP:192.168.30.3GW:192.168.30.1测试访问网关,ping 192.168.30.1通了即可*//*手动给PC配置IP地址访问网关,如给vlan3下的PC配置IP:192.168.70.7GW:192.168.70.1测试访问网关,ping 192.168.70.1通了即可*/

7、DHCP中继

DHCP:<Huawei>sys[Huawei]un in en[Huawei]sysname DHCP[DHCP]dhcp enable [DHCP]ip pool vlan10Info: It's successful to create an IP address pool.[DHCP-ip-pool-vlan10]network 192.168.10.0 mask 24[DHCP-ip-pool-vlan10]gateway-list 192.168.10.1[DHCP-ip-pool-vlan10]dns-list 192.168.200.2 8.8.8.8[DHCP-ip-pool-vlan10]excluded-ip-address 192.168.10.250 192.168.10.254[DHCP-ip-pool-vlan10]q[DHCP]ip pool vlan20Info: It's successful to create an IP address pool.[DHCP-ip-pool-vlan20]network 192.168.20.0 mask 24[DHCP-ip-pool-vlan20]gateway-list 192.168.20.1[DHCP-ip-pool-vlan20]dns-list 192.168.200.2 8.8.8.8[DHCP-ip-pool-vlan20]excluded-ip-address 192.168.20.250 192.168.20.254[DHCP-ip-pool-vlan20]q[DHCP]ip pool vlan30Info: It's successful to create an IP address pool.[DHCP-ip-pool-vlan30]gateway-list 192.168.30.1[DHCP-ip-pool-vlan30]network 192.168.30.0 mask 255.255.255.0[DHCP-ip-pool-vlan30]dns-list 192.168.200.2 8.8.8.8[DHCP-ip-pool-vlan30]excluded-ip-address 192.168.30.250 192.168.30.254[DHCP-ip-pool-vlan30]q[DHCP]ip pool vlan40Info: It's successful to create an IP address pool.[DHCP-ip-pool-vlan40]gateway-list 192.168.40.1[DHCP-ip-pool-vlan40]network 192.168.40.0 mask 255.255.255.0[DHCP-ip-pool-vlan40]dns-list 192.168.200.2 8.8.8.8[DHCP-ip-pool-vlan40]excluded-ip-address 192.168.40.250 192.168.40.254[DHCP-ip-pool-vlan40]q[DHCP]int g0/0/0[DHCP-GigabitEthernet0/0/0]ip add 192.168.200.3 24[DHCP-GigabitEthernet0/0/0]dhcp select global [DHCP-GigabitEthernet0/0/0]dis this[DHCP-GigabitEthernet0/0/0]quit[DHCP]ip route-static 0.0.0.0 0 192.168.200.1------------------------------------HX_SW1:<HX_SW1>sy[HX_SW1]dhcp enable [HX_SW1]int vlanif10[HX_SW1-Vlanif10]dhcp select relay[HX_SW1-Vlanif10]dhcp relay server-ip 192.168.200.3[HX_SW1-Vlanif10]int vlanif20[HX_SW1-Vlanif20]dhcp select relay [HX_SW1-Vlanif20]dhcp relay server-ip 192.168.200.3[HX_SW1-Vlanif20]int vlanif30[HX_SW1-Vlanif30]dhcp select relay [HX_SW1-Vlanif30]dhcp select relay [HX_SW1-Vlanif30]dhcp relay server-ip 192.168.200.3[HX_SW1-Vlanif30]int vlanif40[HX_SW1-Vlanif40]dhcp select relay [HX_SW1-Vlanif40]dhcp relay server-ip 192.168.200.3[HX_SW1-Vlanif40]qui[HX_SW1]qui------------------------------------HX_SW2:<HX_SW2>sy[HX_SW2]dhcp enable [HX_SW2]int vlanif10[HX_SW2-Vlanif10]dhcp select relay[HX_SW2-Vlanif10]dhcp relay server-ip 192.168.200.3[HX_SW2-Vlanif10]int vlanif20[HX_SW2-Vlanif20]dhcp select relay [HX_SW2-Vlanif20]dhcp relay server-ip 192.168.200.3[HX_SW2-Vlanif20]int vlanif30[HX_SW2-Vlanif30]dhcp select relay [HX_SW2-Vlanif30]dhcp relay server-ip 192.168.200.3[HX_SW2-Vlanif30]int vlanif40[HX_SW2-Vlanif40]dhcp select relay [HX_SW2-Vlanif40]dhcp relay server-ip 192.168.200.3[HX_SW2-Vlanif40]qui[HX_SW2]qui

8、dhcp snooping配置

作用是隔绝非法的dhcp server,通过配置信任和非信端口;但是同时也会给PC获取IP地址的速度变慢

JR_SW3:[JR_SW3]dhcp enable [JR_SW3]dhcp snooping enable [JR_SW3]vlan 10[JR_SW3-vlan10]dhcp snooping enable [JR_SW3-vlan10]qui[JR_SW3]int g0/0/1[JR_SW3-GigabitEthernet0/0/1]dhcp snooping trusted [JR_SW3-GigabitEthernet0/0/1]int g0/0/2[JR_SW3-GigabitEthernet0/0/2]dhcp snooping trusted [JR_SW3-GigabitEthernet0/0/2]dis this------------------------------------JR_SW4:[JR_SW4]dhcp enable [JR_SW4]dhcp snooping enable [JR_SW4]vlan 10[JR_SW4-vlan10]dhcp snooping enable [JR_SW4-vlan10]qui[JR_SW4]int g0/0/1[JR_SW4-GigabitEthernet0/0/1]dhcp snooping trusted [JR_SW4-GigabitEthernet0/0/1]int g0/0/2[JR_SW4-GigabitEthernet0/0/2]dhcp snooping trusted [JR_SW4-GigabitEthernet0/0/2]dis this------------------------------------JR_SW5:[JR_SW5]dhcp enable [JR_SW5]dhcp snooping enable [JR_SW5]vlan 20[JR_SW5-vlan20]dhcp snooping enable [JR_SW5-vlan20]qui[JR_SW5]int g0/0/1[JR_SW5-GigabitEthernet0/0/1]dhcp snooping trusted [JR_SW5-GigabitEthernet0/0/1]int g0/0/2[JR_SW5-GigabitEthernet0/0/2]dhcp snooping trusted [JR_SW5-GigabitEthernet0/0/2]dis this#interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 20 900 dhcp snooping trusted#return[JR_SW5-GigabitEthernet0/0/2]qui------------------------------------JR_SW6:略JR_SW7:略JR_SW8:略JR_SW9:------------------------------------JR_SW10:[JR_SW10]dhcp enable [JR_SW10]dhcp snooping enable [JR_SW10]vlan 40[JR_SW10-vlan40]dhcp snooping enable [JR_SW10-vlan40]qui[JR_SW10]int g0/0/1[JR_SW10-GigabitEthernet0/0/1]dhcp snooping trusted [JR_SW10-GigabitEthernet0/0/1]int g0/0/2[JR_SW10-GigabitEthernet0/0/2]dhcp snooping trusted [JR_SW10-GigabitEthernet0/0/2]dis this#interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 20 900 dhcp snooping trusted#return[JR_SW5-GigabitEthernet0/0/2]qui

9、防火墙基础配置及双击热备

FW1:[FW1]un in en[FW1]sysname FW1[FW1]int g1/0/0[FW1-GigabitEthernet1/0/0]ip add 192.168.6.1 24[FW1-GigabitEthernet1/0/0]service-manage all permit [FW1-GigabitEthernet1/0/0]int g1/0/1[FW1-GigabitEthernet1/0/1]ip add 192.168.2.1 24[FW1-GigabitEthernet1/0/1]service-manage all permit [FW1-GigabitEthernet1/0/1]int g1/0/2[FW1-GigabitEthernet1/0/2]ip add 192.168.4.1 24[FW1-GigabitEthernet1/0/2]service-manage all permit [FW1-GigabitEthernet1/0/2]int g1/0/3[FW1-GigabitEthernet1/0/3]ip add 192.168.7.1 24[FW1-GigabitEthernet1/0/3]service-manage all permit[FW1-GigabitEthernet1/0/3]int g1/0/6[FW1-GigabitEthernet1/0/6]ip add 192.168.1.1 24[FW1-GigabitEthernet1/0/6]service-manage all permit[FW1-GigabitEthernet1/0/6]qui[FW1]firewall zone untrust [FW1-zone-untrust]add int g1/0/0[FW1-zone-untrust]add int g1/0/3[FW1-zone-untrust]qui[FW1]firewall zone trust [FW1-zone-trust]add int g1/0/1[FW1-zone-trust]add int g1/0/2[FW1-zone-trust]qui[FW1]firewall zone dmz [FW1-zone-dmz]add int g1/0/6[FW1-zone-dmz]qui[FW1]ip route-static 0.0.0.0 0 192.168.6.3[FW1]ip route-static 0.0.0.0 0 192.168.7.3 preference 70[FW1]security-policy[FW1-policy-security]rule name permit_heat[FW1-policy-security-rule-permit_heat]source-zone local[FW1-policy-security-rule-permit_heat]destination-zone dmz[FW1-policy-security-rule-permit_heat]action permit[FW1-policy-security-rule-permit_heat]q[FW1-policy-security]rule name permit_trust_untrust[FW1-policy-security-rule-permit_trust_untrust]source-zone trust[FW1-policy-security-rule-permit_trust_untrust]destination-zone untrust[FW1-policy-security-rule-permit_trust_untrust]action permit [FW1-policy-security-rule-permit_trust_untrust]q[FW1-policy-security]q[FW1]int g1/0/1[FW1-GigabitEthernet1/0/1]vrrp vrid 2 virtual-ip 192.168.2.100 active[FW1-GigabitEthernet1/0/1]qui[FW1]int g1/0/0[FW1-GigabitEthernet1/0/0]vrrp vrid 6 virtual-ip 192.168.6.100 active[FW1-GigabitEthernet1/0/0]qui[FW1]int g1/0/2[FW1-GigabitEthernet1/0/2]vrrp vrid 4 virtual-ip 192.168.4.100 active[FW1-GigabitEthernet1/0/2]qui[FW1]int g1/0/3[FW1-GigabitEthernet1/0/3]vrrp vrid 7 virtual-ip 192.168.7.100 active[FW1-GigabitEthernet1/0/3]qui[FW1]hrp interface g1/0/6 remote 192.168.1.2[FW1]hrp enHRP_S[FW1]hrp auto-sync HRP_S[FW1]dis hrp stateHRP_S[FW1]dis hrp int------------------------------------FW2:[FW2]un in en[FW2]sysname FW2[FW2]int g1/0/0[FW2-GigabitEthernet1/0/0]ip add 192.168.6.2 24[FW2-GigabitEthernet1/0/0]service-manage all permit [FW2-GigabitEthernet1/0/0]int g1/0/1[FW2-GigabitEthernet1/0/1]ip add 192.168.2.4 24[FW2-GigabitEthernet1/0/1]service-manage all permit [FW2-GigabitEthernet1/0/1]int g1/0/2[FW2-GigabitEthernet1/0/2]ip add 192.168.4.4 24[FW2-GigabitEthernet1/0/2]service-manage all permit [FW2-GigabitEthernet1/0/2]int g1/0/3[FW2-GigabitEthernet1/0/3]ip add 192.168.7.2 24[FW2-GigabitEthernet1/0/3]service-manage all permit [FW2-GigabitEthernet1/0/3]int g1/0/6[FW2-GigabitEthernet1/0/6]ip add 192.168.1.2 24[FW2-GigabitEthernet1/0/6]service-manage all permit[FW2-GigabitEthernet1/0/6]qui[FW2]firewall zone untrust [FW2-zone-untrust]add int g1/0/0[FW2-zone-untrust]add int g1/0/3[FW2-zone-untrust]qui[FW2]firewall zone trust [FW2-zone-trust]add int g1/0/1[FW2-zone-trust]add int g1/0/2[FW2-zone-trust]qui[FW2]firewall zone dmz [FW2-zone-dmz]add int g1/0/6[FW2-zone-dmz]qui[FW2]ip route-static 0.0.0.0 0 192.168.6.3[FW2]ip route-static 0.0.0.0 0 192.168.7.3 preference 70[FW2]security-policy [FW2-policy-security]rule name permit_heat[FW2-policy-security-rule-permit_heat]source-zone local[FW2-policy-security-rule-permit_heat]destination-zone dmz[FW2-policy-security-rule-permit_heat]action permit[FW2-policy-security-rule-permit_heat]q[FW2-policy-security]rule name permit_trust_untrust[FW2-policy-security-rule-permit_trust_untrust]source-zone trust[FW2-policy-security-rule-permit_trust_untrust]destination-zone untrust[FW2-policy-security-rule-permit_trust_untrust]action permit [FW2-policy-security-rule-permit_trust_untrust]q[FW2-policy-security]q[FW2]int g1/0/1[FW2-GigabitEthernet1/0/1]vrrp vrid 2 virtual-ip 192.168.2.100 standby[FW2-GigabitEthernet1/0/1]qui[FW2]int g1/0/0[FW2-GigabitEthernet1/0/0]vrrp vrid 6 virtual-ip 192.168.6.100 standby[FW2-GigabitEthernet1/0/0]qui[FW2]int g1/0/2[FW2-GigabitEthernet1/0/2]vrrp vrid 4 virtual-ip 192.168.4.100 standby[FW2-GigabitEthernet1/0/2]qui[FW2]int g1/0/3[FW2-GigabitEthernet1/0/3]vrrp vrid 7 virtual-ip 192.168.7.100 standby[FW2-GigabitEthernet1/0/3]qui[FW2]hrp interface g1/0/6 remote 192.168.1.1[FW2]hrp enHRP_S[FW2]hrp auto-sync HRP_S[FW2]dis hrp stateHRP_S[FW2]dis hrp int------------------------------------AR1:un in ensysname AR1int g0/0/1ip add 192.168.6.3 24int g0/0/0ip add 192.168.8.1 24quiint loo 0ip add 5.5.5.5 32quiquisave------------------------------------AR2:un in ensysname AR2int g0/0/1ip add 192.168.7.3 24quiint loo 0ip add 9.9.9.9 32quiquisave------------------------------------HX_SW1:int g0/0/1port link-type access port default vlan 2quiint g0/0/2port link-type accessport default vlan 4quiint vlan 2ip add 192.168.2.2 24quiint vlan 4ip add 192.168.4.3 24quiip route-static 0.0.0.0 0 192.168.2.10ip route-static 0.0.0.0 0 192.168.4.100 preference 70quisave------------------------------------HX_SW2:int g0/0/1port link-type access port default vlan 2quiint g0/0/2port link-type accessport default vlan 4quiint vlan 2ip add 192.168.2.3 24quiint vlan 4ip add 192.168.4.2 24quiip route-static 0.0.0.0 0 192.168.2.10ip route-static 0.0.0.0 0 192.168.4.100 preference 70quisave

10、OSPF配置

HX_SW1:[HX_SW1]ospf[HX_SW1-ospf-1]area 0[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.10.0 0.0.0.255[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.20.0 0.0.0.255[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.30.0 0.0.0.255[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.40.0 0.0.0.255[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.200.0 0.0.0.255[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.4.0 0.0.0.255HX_SW2:[HX_SW2]ospf[HX_SW2-ospf-1]area 0[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.10.0 0.0.0.255[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.20.0 0.0.0.255[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.30.0 0.0.0.255[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.40.0 0.0.0.255[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.200.0 0.0.0.255[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.4.0 0.0.0.255FW1:HRP_M[FW1]ospfHRP_M[FW1-ospf-1]area 0HRP_M[FW1-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255HRP_M[FW1-ospf-1-area-0.0.0.0]net 192.168.4.0 0.0.0.255FW2:HRP_S[FW2]ospfHRP_S[FW2-ospf-1]area 0HRP_S[FW2-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255HRP_S[FW2-ospf-1-area-0.0.0.0]net 192.168.4.0 0.0.0.255//现在PC就可以ping 5.5.5.5了,并可以ping通

11、RIP配置

AR3:<Huawei>sys[Huawei]un in en[Huawei]sysname AR3[AR3]int g0/0/0[AR3-GigabitEthernet0/0/0]ip add 192.168.8.2 24[AR3-GigabitEthernet0/0/0]int g0/0/1[AR3-GigabitEthernet0/0/1]ip add 10.10.10.254 24[AR3-GigabitEthernet0/0/1]qui[AR3]rip[AR3-rip-1][V200R003C00]version 2[AR3-rip-1]net 192.168.8.0[AR3-rip-1]net 10.0.0.0[AR3-rip-1]qui[AR3]AR1:[AR1]rip[AR1-rip-1]version 2[AR1-rip-1]network 192.168.6.0[AR1-rip-1]network 192.168.8.0[AR1-rip-1]qui[AR1]

12、防火墙NAT策略(前面忘记配置了)

因为已经开启了双机热备功能了所以现在只需要在主防火墙上配置即可(同步到备防火墙上)

HRP_M<FW1>sysEnter system view, return user view with Ctrl+Z.HRP_M[FW1]nat-pHRP_M[FW1]nat-policy(+B)HRP_M[FW1-policy-nat]rule name to_isp (+B)HRP_M[FW1-policy-nat-rule-to_isp]source-zone trust (+B)HRP_M[FW1-policy-nat-rule-to_isp]destination-zone untrust (+B)HRP_M[FW1-policy-nat-rule-to_isp]source-address 192.168.10.0 24 (+B)HRP_M[FW1-policy-nat-rule-to_isp]source-address 192.168.20.0 24 (+B)HRP_M[FW1-policy-nat-rule-to_isp]source-address 192.168.30.0 24 (+B)HRP_M[FW1-policy-nat-rule-to_isp]source-address 192.168.40.0 24 (+B)HRP_M[FW1-policy-nat-rule-to_isp]source-address 192.168.100.0 24 (+B)HRP_M[FW1-policy-nat-rule-to_isp]source-address 192.168.101.0 24 (+B)HRP_M[FW1-policy-nat-rule-to_isp]source-address 192.168.102.0 24 (+B)HRP_M[FW1-policy-nat-rule-to_isp]action source-nat easy-ip (+B)HRP_M[FW1-policy-nat-rule-to_isp]quiHRP_M[FW1-policy-nat]quiHRP_M[FW1]quiHRP_M<FW1>save

13、telnet远程管理配置

HX_SW1:[HX_SW1]aaa[HX_SW1-aaa]local-user huawei privilege level 3 password cipher 5555[HX_SW1-aaa]local-user huawei service-type telnet [HX_SW1-aaa]qui[HX_SW1]user-interface vty 0 4[HX_SW1-ui-vty0-4]authentication-mode aaa[HX_SW1-ui-vty0-4]protocol inbound telnet [HX_SW1-ui-vty0-4]qui[HX_SW1]int vlanif 900[HX_SW1-Vlanif900]ip add 192.168.255.254 24[HX_SW1-Vlanif900]vrrp vrid 255 virtual-ip 192.168.255.1[HX_SW1-Vlanif900]dis this#interface Vlanif900 ip address 192.168.255.254 255.255.255.0 vrrp vrid 255 virtual-ip 192.168.255.1#return[HX_SW1-Vlanif900]q------------------------------------HX_SW2:[HX_SW2]aaa[HX_SW2-aaa]local-user huawei privilege level 3 password cipher 5555[HX_SW2-aaa]local-user huawei service-type telnet[HX_SW2-aaa]qui[HX_SW2]user-interface vty 0 4[HX_SW2-ui-vty0-4]authentication-mode aaa[HX_SW2-ui-vty0-4]protocol inbound telnet[HX_SW2-ui-vty0-4]qui[HX_SW2]int vlanif 900[HX_SW2-Vlanif900]ip add 192.168.255.253 24[HX_SW2-Vlanif900]vrrp vrid 255 virtual-ip 192.168.255.1[HX_SW2-Vlanif900]dis this#interface Vlanif900 ip address 192.168.255.253 255.255.255.0 vrrp vrid 255 virtual-ip 192.168.255.1#return[HX_SW2-Vlanif900]q------------------------------------HJ_SW3:[JR_SW3]aaa[JR_SW3-aaa]local-user huawei privilege level 3 password cipher 5555[JR_SW3-aaa]local-user huawei service-type telnet[JR_SW3-aaa]qui[JR_SW3]user-interface vty 0 4[JR_SW3-ui-vty0-4]authentication-mode aaa[JR_SW3-ui-vty0-4]protocol inbound telnet[JR_SW3-ui-vty0-4]qui[JR_SW3]int vlanif 900[JR_SW3-Vlanif900]ip add 192.168.255.3 24[JR_SW3-Vlanif900]qui[JR_SW3]ip route-s 0.0.0.0 0 192.168.255.1------------------------------------JR_SW11:<JR_SW11>sys[JR_SW11]aaa[JR_SW11-aaa]local-user huawei privilege level 3 password cipher 5555[JR_SW11-aaa]local-user huawei service-type telnet[JR_SW11-aaa]qui[JR_SW11]user-interface vty 0 4[JR_SW11-ui-vty0-4]authentication-mode aaa[JR_SW11-ui-vty0-4]protocol inbound telnet[JR_SW11-ui-vty0-4]qui[JR_SW11]int vlanif 900[JR_SW11-Vlanif900]ip add 192.168.255.11 24[JR_SW11-Vlanif900]qui[JR_SW11]ip route-s 0.0.0.0 0 192.168.255.1[JR_SW11]qui<JR_SW11>save//其余的交换机都是一样的配置,就省略不配了//现在就可以在模拟PC路由器的g0/0/0端口上开启自动获取地址,获取到地址后就可以通过telnet远程了/*telnet 192.168.255.254Press CTRL_] to quit telnet modeTrying 192.168.255.254 ...Connected to 192.168.255.254 ...Username:huaweiPassword:Info: The max number of VTY users is 5, and the numberof current VTY users on line is 1.The current login time is 2022-06-29 18:56:26.*/

14、无线网络配置

HX_SW2:<HX_SW2>sys[HX_SW2]vlan batch 100 101 102[HX_SW2]int g0/0/12[HX_SW2-GigabitEthernet0/0/12]port link-type trunk[HX_SW2-GigabitEthernet0/0/12]port trunk allow-pass vlan all[HX_SW2-GigabitEthernet0/0/12]int g0/0/4[HX_SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 100 101 102[HX_SW2-GigabitEthernet0/0/4]int g0/0/8[HX_SW2-GigabitEthernet0/0/8]port trunk allow-pass vlan 100 101 102[HX_SW2-GigabitEthernet0/0/8]qui[HX_SW2]int vlan 100[HX_SW2-Vlanif100]ip add 192.168.100.1 24[HX_SW2-Vlanif100]int vlan 101[HX_SW2-Vlanif101]ip add 192.168.101.1 24[HX_SW2-Vlanif101]int vlan 102[HX_SW2-Vlanif102]ip add 192.168.102.1 24[HX_SW2-Vlanif102]qui[HX_SW2]dhcp enable[HX_SW2]ip pool ap_poolInfo:It's successful to create an IP address pool.[HX_SW2-ip-pool-ap_pool]gateway-list 192.168.100.1[HX_SW2-ip-pool-ap_pool]network 192.168.100.0 mask 24[HX_SW2-ip-pool-ap_pool]excluded-ip-address 192.168.100.100[HX_SW2-ip-pool-ap_pool]dns-list 192.168.200.2[HX_SW2-ip-pool-ap_pool]qui[HX_SW2]ip pool hua_1Info:It's successful to create an IP address pool.[HX_SW2-ip-pool-hua_1]gateway-list 192.168.101.1[HX_SW2-ip-pool-hua_1]network 192.168.101.0 mask 24[HX_SW2-ip-pool-hua_1]dns-list 192.168.200.2[HX_SW2-ip-pool-hua_1]qui[HX_SW2]ip pool hua_2Info:It's successful to create an IP address pool.[HX_SW2-ip-pool-hua_2]gateway-list 192.168.102.1[HX_SW2-ip-pool-hua_2]network 192.168.102.0 mask 24[HX_SW2-ip-pool-hua_2]dns-list 192.168.200.2[HX_SW2-ip-pool-hua_2]qui[HX_SW2]int vlan 100[HX_SW2-Vlanif100]dhcp select global [HX_SW2-Vlanif100]int vlan 101[HX_SW2-Vlanif101]dhcp select global[HX_SW2-Vlanif101]int vlan 102[HX_SW2-Vlanif102]dhcp select global[HX_SW2-Vlanif102]qui[HX_SW2]qui<HX_SW2>save------------------------------------JR_SW4:<JR_SW4>sys[JR_SW4]vlan batch 100 101 102[JR_SW4]int g0/0/2[JR_SW4-GigabitEthernet0/0/2]port trunk allow-passvlan 100 101 102[JR_SW4-GigabitEthernet0/0/2]int g0/0/4[JR_SW4-GigabitEthernet0/0/4]port link-type trunk[JR_SW4-GigabitEthernet0/0/4]port trunk pvid vlan 100[JR_SW4-GigabitEthernet0/0/4]port trunk allow-pass vlan 100 101[JR_SW4-GigabitEthernet0/0/4]qui[JR_SW4]qui<JR_SW4>save------------------------------------JR_SW8:<JR_SW8>sys[JR_SW8]vlan batch 100 101 102[JR_SW8]int g0/0/2[JR_SW8-GigabitEthernet0/0/2]port trunk allow-passvlan 100 101 102[JR_SW8-GigabitEthernet0/0/2]int g0/0/4[JR_SW8-GigabitEthernet0/0/4]port link-type trunk[JR_SW8-GigabitEthernet0/0/4]port trunk pvid vlan 100[JR_SW8-GigabitEthernet0/0/4]port trunk allow-pass vlan 100 102[JR_SW8-GigabitEthernet0/0/4]qui[JR_SW8]qui<JR_SW8>SAVE------------------------------------AC:<AC6605>sys[AC6605]un in en[AC6605]sysname AC1[AC1]vlan batch 100 to 102[AC1]int g0/0/1[AC1-GigabitEthernet0/0/1]port link-type trunk[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan all[AC1-GigabitEthernet0/0/1]qui[AC1]int vlan 100[AC1-Vlanif100]ip add 192.168.100.100 24[AC1-Vlanif100]qui[AC1]capwap source int vlanif100[AC1]wlan[AC1-wlan-view]ap-group name CYY[AC1-wlan-ap-group-CYY]qui[AC1-wlan-view]regulatory-domain-profile name domain1[AC1-wlan-regulate-domain-domain1]country-code cn[AC1-wlan-regulate-domain-domain1]qui[AC1-wlan-view]ap-group name CYY[AC1-wlan-ap-group-CYY]regulatory-domain-profile domain1Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue" />[Y/N]:y[AC1-wlan-ap-group-CYY]qui[AC1-wlan-view]qui[AC1]wlan[AC1-wlan-view]ap-group name YYC[AC1-wlan-ap-group-YYC]qui[AC1-wlan-view]regulatory-domain-profile name domain2[AC1-wlan-regulate-domain-domain2]country-code cn[AC1-wlan-regulate-domain-domain2]q[AC1-wlan-view]ap-group name YYC[AC1-wlan-ap-group-YYC]regulatory-domain-profile domain2Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y[AC1-wlan-ap-group-YYC]qui[AC1-wlan-view]ap auth-mode mac-auth[AC1-wlan-view]ap-id 0 ap-mac 00e0-fc35-17d0[AC1-wlan-ap-0]ap-name area_0[AC1-wlan-ap-0]ap-group CYYWarning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y[AC1-wlan-ap-0]qui[AC1-wlan-view]ap auth-mode mac-auth[AC1-wlan-view]ap-id 1 ap-mac 00e0-fc5f-17a0[AC1-wlan-ap-1]ap-name area_1[AC1-wlan-ap-1]ap-group YYCWarning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y[AC1-wlan-ap-1]qui[AC1-wlan-view]qui[AC1]wlan[AC1-wlan-view]security-profile name A[AC1-wlan-sec-prof-A]security wpa2 psk pass-phrase a1234567 aes[AC1-wlan-sec-prof-A]q[AC1-wlan-view]security-profile name X[AC1-wlan-sec-prof-X]security wpa2 psk pass-phrase huawei@123 aes[AC1-wlan-sec-prof-X]qui[AC1-wlan-view]ssid-profile name B[AC1-wlan-ssid-prof-B]ssid CYY-CY[AC1-wlan-ssid-prof-B]q[AC1-wlan-view]ssid-profile name Y[AC1-wlan-ssid-prof-Y]ssid YYC-YC[AC1-wlan-ssid-prof-Y]q[AC1-wlan-view]vap-profile name C[AC1-wlan-vap-prof-C]forward-mode tunnel[AC1-wlan-vap-prof-C]service-vlan vlan-id 101[AC1-wlan-vap-prof-C]security-profile A[AC1-wlan-vap-prof-C]ssid-profile B[AC1-wlan-vap-prof-C]qui[AC1-wlan-view]vap-profile name Z[AC1-wlan-vap-prof-Z]forward-mode tunnel[AC1-wlan-vap-prof-Z]service-vlan vlan-id 102[AC1-wlan-vap-prof-Z]security-profile X[AC1-wlan-vap-prof-Z]ssid-profile Y[AC1-wlan-vap-prof-Z]qui[AC1-wlan-view]ap-group name CYY[AC1-wlan-ap-group-CYY]vap-profile C wlan 1 radio 0[AC1-wlan-ap-group-CYY]vap-profile C wlan 1 radio 1[AC1-wlan-ap-group-CYY]qui[AC1-wlan-view]ap-group name YYC[AC1-wlan-ap-group-YYC]vap-profile Z wlan 1 radio 0[AC1-wlan-ap-group-YYC]vap-profile Z wlan 1 radio 1[AC1-wlan-ap-group-YYC]qui[AC1-wlan-view]qui[AC1]qui<AC1>save