实验1

需求

市场部属于VLAN10，财务部属于VLAN20，技术部属于VLAN30，生产部属于VLAN40，接待中心属于VLAN50，数据中心属于VLAN60。
SW1与SW2之间的带宽要求为2G。
通过STP的配置阻塞SW3的E0/0/4，阻塞SW4的E0/0/3。
通过DHCP让市场部、财务部、技术部、生产部获得IP地址，IP地址规划如下：

部门	网关	DHCP服务器	DHCP的类型
市场部	192.168.10.1	SW1	基于全局
财务部	192.168.20.1	SW1	基于全局
技术部	192.168.30.1	SW2	基于接口
生产部	192.168.40.1	SW2	基于接口

接待中心通过AC1下发配置给AP1让客户可以通过无线上网。
把数据中心的服务器搭建好，可以为用户提供服务。
AR1通过拨号上网。

vlan的创建划分

SW1

sys
sysname SW1
undo info-center enable
vlan batch 10 20 30 40 50 60 70 2048
port-group group-number g0/0/1 g0/0/4		//将1口和4口划分到同一个端口组方便vlan通信的配置
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70
quit

SW2

sys
sysname SW2
undo info-center enable
vlan batch 10 20 30 40 50 60 70 2048
port-group group-number g0/0/1 g0/0/4
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70
quit
int g0/0/5
port link-type trunk
port trunk allow-pass vlan 50 70

SW3

sys
sysname SW3
undo info-center enable
vlan batch 10 20 30 40 50 60 70
port-group group-number e0/0/3 e0/0/4
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70
int e0/0/1
port link-type access
port default vlan 10
int e0/0/2
port link-type access
port default vlan 20

SW4

sys
sysname SW4
undo info-center enable
vlan batch 10 20 30 40 50 60 70
port-group group-number e0/0/3 e0/0/4
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70
int e0/0/1
port link-type access
port default vlan 30
int e0/0/2
port link-type access
port default vlan 40
int e0/0/5
port link-type access
port default vlan 70

AC1

sys
sysname AC1
vlan batch 50 70
int g0/0/1
port link-type trunk
port trunk allow-pass vlan 50 70
quit

配置链路聚合

SW1

int eth-trunk 1
mode lacp-static
trunkport g0/0/2
trunkport g0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 2048
quit
int vlan 2048
ip add 10.1.12.1 30
quit

SW2

int eth-trunk 1
mode lacp-static
trunkport g0/0/2
trunkport g0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 2048
quit
int vlan 2048
ip add 10.1.12.2 30
quit

配置STP

SW1

1	stp root primary

SW2

1	stp root secondary

配置DHCP

SW1

ip pool vlan10
network 192.168.10.0 mask 24
gateway-list 192.168.10.1
dns-list 114.114.114.114
lease day 2
quit
ip pool vlan20
network 192.168.20.0 mask 24
gateway-list 192.168.20.1
dns-list 114.114.114.114
lease day 2
quit
dhcp enable
int vlanif 10
ip add 192.168.10.1 24
dhcp select global
int vlanif 20
ip add 192.168.20.1 24
dhcp select global

SW2

dhcp enable
int vlanif 30
ip add 192.168.30.1 24
dhcp select interface
dhcp server lease day 3
dhcp server dns-list 114.114.114.114
int vlanif 40
ip add 192.168.40.1 24
dhcp select interface
dhcp server lease day 3
dhcp server dns-list 114.114.114.114

配置WLAN

AP上线

AC1

dhcp enable
int vlan 70
ip add 192.168.70.1 24
dhcp select interface
quit
capwap source interface vlanif 70
wlan
ap-group name APgroup1
quit
ap-id 1 ap-mac 00e0-fc6a-38b0
ap-name AP1
ap-group APgroup1
quit
quit
dis ap all

AP1

1	dis int vlan1 //mac地址是00e0-fc6a-38b0

配置无线参数

AC1

wlan
ssid-profile name Service
ssid Service
quit

security-profile name Service
security wpa-wpa2 psk pass-phrase service@123 aes
quit

vap-profile name Service
ssid-profile Service
security-profile Service
forward-mode tunnel
service-vlan vlan-id 50
quit

调用无线参数

AC1

1 2	ap-group name APgroup1 vap-profile Service wlan 1 radio all

网关设备配置DHCP

SW2

int vlan 50
ip add 192.168.50.1 24
dhcp select interface
quit

无线设备获取到IP地址

配置数据中心

SW5

vlan 60
quit
port-group group-number g0/0/1 g0/0/2
port link-type access
port default vlan 60
quit
int g0/0/3
port link-type access
port default vlan 60
quit

SW1

int g0/0/6
port link-type access
port default vlan 60
quit
int vlan 60
ip add 192.168.60.1 24
//dhcp select interface

AR1拨号上网

SW1

//创建一个互连vlan与AR1通信
vlan batch 1024
int vlan 1024
ip add 10.0.12.2 24
int g0/0/5
port link-type access
port default vlan 1024
quit

AR1

sys
sysname AR1
int g0/0/1
ip add 10.0.12.1 24
quit

ISP

sys
sysname ISP
ip pool ISP
network 12.1.1.0 mask 24
gateway-list 12.1.1.1
dns-list 114.114.114.114
quit
aaa
local-user huawei password cipher huawei@123
local-user huawei service-type ppp
quit
int virtual-template 0
ip add 12.1.1.1 24
ppp authentication-mode chap
remote address pool ISP
quit
int g0/0/0
pppoe-server bind virtual-template 0
quit

AR1

int Dialer 0
ppp chap user huawei
ppp chap password cipher huawei@123
ip add ppp-negotiate
dialer user huawei
dialer bundle 1
int g0/0/0
pppoe-client dial-bundle-number 1
ip route-static 0.0.0.0 0 dialer 0

配置OSPF实现设备间的通信

SW1

ospf 1
area 0
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.60.0 0.0.0.255
network 10.0.12.0 0.0.0.255
network 10.1.12.1 0.0.0.0
quit
quit

SW2

ospf 1
area 0
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.50.0 0.0.0.255
network 10.1.12.2 0.0.0.0
quit
quit

AR1

ospf 1
area 0
network 10.0.12.0 0.0.0.255
quit
quit

配置NAT

vlan10、40、50可访问外网。

AR1配置

acl 2000
rule permit source 192.168.10.0 0.0.0.255
rule permit source 192.168.40.0 0.0.0.255
rule permit source 192.168.50.0 0.0.0.255
rule deny source any
int dialer 0
nat outbound 2000
//OSPF下发缺省路由
ospf 1
default-route-advertise