《h3com企业型方案(华为)》由会员分享,可在线阅读,更多相关《h3com企业型方案(华为)(9页珍藏版)》请在金锄头文库上搜索。
1、编号:时间:2021年x月x日书山有路勤为径,学海无涯苦作舟页码:第1页 共1页中小企业型方案要求:某企业,专线接入,有华为路由器一台,三层交换机一台,二层交换机若干;1、要求划几个VLAN,为不同部门。2、所有主机能够通过路由器上网。设计思路:1、路由器配置比较简单,主要做NAT转换和ACL控制哪些主机能上外网;2、三层交换机,划分VLAN,实现内部VLAN间路由,可直接接终端或二层交换机3、二层交换相接终端。设计时,关于防病毒ACL列表、VLAN间互联隔离技术等问题此处未讨论。感兴趣的朋友,我们可以另起篇章进行讨论。本设计以华为产品为例,思科产品配置原理相同,只是命令行不同而已。欢迎有志之
2、士把它翻译成思科的配置。基实也可以不要三层交换机,直接在路由器上做单臂也可以。只是不适合复杂的网络和发展。配置:一、路由器配置version 5.20, Release 1205P02, Basic#给路由器命名sysname HUAWE-ROUTE#domain default enable system#vlan 1#radius scheme systemserver-type extendedprimary authentication 127.0.0.1 1645primary accounting 127.0.0.1 1646user-name-format without-dom
3、ain#domain systemaccess-limit disablestate activeidle-cut disableself-service-url disable#定义ACL列表,允许所有IP访问外网,这里你可以指定允许某些或禁止某些主机上网。acl number 2000rule 0 permit#interface Aux0 async mode flowlink-protocol ppp#接专线的接口,配置运营商分配的IPinterface Ethernet0/0nat outbound 2000duplex fullspeed 100ip address 218.22.
4、3.126 255.255.255.252#接局域网三层交换机的地址interface Ethernet0/1DESC TOSWitchduplex fullspeed 100ip address 192.168.8.1 255.255.255.252#interface NULL0#至公网默认路由ip route-static 0.0.0.0 0.0.0.0 218.22.3.125至三层交换机回程路由ip route-static 192.168.0.0 255.255.0.0 192.168.8.2#user-interface con 0user-interface aux 0未设置T
5、ELNET登陆密码,这样外网的人登陆不了,当然你也登陆不了。哈安全吧。(如果想TELNET,需要设置密码和ACL禁止外网的人登陆)user-interface vty 0 4# Return二、三层交换配置#给交换机命名 sysname hwswich#设备SUPER密码super password level 3 cipher ;1$VGEA)N2C+1!#radius scheme systemserver-type huaweiprimary authentication 127.0.0.1 1645primary accounting 127.0.0.1 1646user-name-f
6、ormat without-domaindomain systemradius-scheme systemaccess-limit disablestate activevlan-assignment-mode integeridle-cut disableself-service-url disablemessenger time disabledomain default enable system#local-server nas-ip 127.0.0.1 key huawei 建立业务VLAN及与路由器互联口VLANvlan 5desc to-router#vlan 10desc bu
7、men1#vlan 20 desc bumen2#分别给SVI接口设计IP地址,即所属VLAN PC终端的网关#interface Vlan-interface 5DESC to-routerip address 192.168.8.2 255.255.255.252interface Vlan-interface 10ip address 192.168.1.1 255.255.255.0#interface Vlan-interface 20ip address 192.168.2.1 255.255.255.0#与二层交换机互联接口interface Ethernet0/1duplex
8、full speed 100port link-type trunkport trunk permit vlan 10 20#接普通终端的接口interface Ethernet0/2port access vlan 10#interface Ethernet0/3port access vlan 20 #interface Ethernet0/4shutdown#interface Ethernet0/5#interface Ethernet0/6shutdown# interface Ethernet0/7shutdown#interface Ethernet0/8shutdown#int
9、erface Ethernet0/9shutdown#interface Ethernet0/10shutdown#interface Ethernet0/11shutdown#interface Ethernet0/12shutdown#interface Ethernet0/13shutdown#interface Ethernet0/14 shutdown#interface Ethernet0/15shutdown#interface Ethernet0/16shutdown#interface Ethernet0/17shutdown#interface Ethernet0/18sh
10、utdown#interface Ethernet0/19shutdown#interface Ethernet0/20shutdown#interface Ethernet0/21shutdown #interface Ethernet0/22shutdown#interface Ethernet0/23shutdown#与路由器互联接口interface Ethernet0/24desc to-router duplex full speed 100port access vlan 5#SNMP网关配置,可以不要snmp-agentsnmp-agent local-engineid 800
11、007DB000FE23F864D6877snmp-agent community read publicsnmp-agent sys-info contact HuaWei_Hotline 4008302118or8008302118snmp-agent sys-info location BeiJing Chinasnmp-agent sys-info version all#设置默认路由ip route-static 0.0.0.0 0.0.0.0 192.168.8.1user-interface aux 0设置TELNET登陆密码user-interface vty 0 4authe
12、ntication-mode password set authentication password cipher CZP5O+PV9=FQ!#return三、二层交换机配置#sysname L1-1#radius scheme systemserver-type huaweiprimary authentication 127.0.0.1 1645primary accounting 127.0.0.1 1646user-name-format without-domaindomain systemradius-scheme systemaccess-limit disablestate
13、activeidle-cut disableself-service-url disablemessenger time disabledomain default enable system#local-server nas-ip 127.0.0.1 key huawei#interface Aux0/0#vlan 1#vlan 10#vlan 20#interface Ethernet0/1port access vlan 10#interface Ethernet0/2port access vlan 10#interface Ethernet0/3 port access vlan 10#interface Ethernet0/4port access vlan 10#interface Ethernet0/5port access vlan 10#interface Ethernet0/6port access vlan 10#interface Ethernet0/7port access vlan 10#interface Ethernet0/8port acce
