博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
企业网络搭建
阅读量:4692 次
发布时间:2019-06-09

本文共 30661 字,大约阅读时间需要 102 分钟。

企业在多个地方有工厂,工厂之间采用移动专线,将各工厂核心交换机连接

每个企业多有各自的企业宽带接入,下面是2个企业的配置。

# version 7.1.064, Release 5208P03# sysname H3C# telnet server enable# irf mac-address persistent timer irf auto-update enable irf auto-merge enable irf member 1 priority 1# password-recovery enable#vlan 1#vlan 10#vlan 17#irf-port 1#wlan service-template 1 ssid HDAP-11 vlan 10 akm mode psk preshared-key pass-phrase cipher $c$3$/4QXimQ+9XcPSTS6gLu/XOC9sb2tUWi0ntBN cipher-suite ccmp cipher-suite tkip security-ie rsn security-ie wpa client-security authentication-mode mac service-template enable#wlan service-template vlan17 ssid HDAP-12 vlan 17 akm mode psk preshared-key pass-phrase cipher $c$3$FW4K9QhD2iWX/Pm0S7aYsxR2+VQmOwzlt5Ru cipher-suite ccmp cipher-suite tkip security-ie rsn security-ie wpa service-template enable#interface NULL0#interface Vlan-interface1#interface Vlan-interface10 ip address 10.3.10.253 255.255.255.0#interface GigabitEthernet1/0/1#interface GigabitEthernet1/0/2#interface GigabitEthernet1/0/3#interface GigabitEthernet1/0/4#interface GigabitEthernet1/0/5 port access vlan 10#interface GigabitEthernet1/0/6#interface GigabitEthernet1/0/7#interface GigabitEthernet1/0/8 port link-type trunk port trunk permit vlan all# scheduler logfile size 16#line class console user-role network-admin#line class vty user-role network-operator#line con 0 user-role network-admin#line vty 0 31 authentication-mode scheme user-role network-operator# ip route-static 10.2.0.0 16 10.3.10.1 ip route-static 192.168.0.0 16 10.3.10.1# undo info-center logfile enable#domain system# domain default enable system#role name level-0 description Predefined level-0 role#role name level-1 description Predefined level-1 role#role name level-2 description Predefined level-2 role#role name level-3 description Predefined level-3 role#role name level-4 description Predefined level-4 role#role name level-5 description Predefined level-5 role#role name level-6 description Predefined level-6 role#role name level-7 description Predefined level-7 role#role name level-8 description Predefined level-8 role#role name level-9 description Predefined level-9 role#role name level-10 description Predefined level-10 role#role name level-11 description Predefined level-11 role#role name level-12 description Predefined level-12 role#role name level-13 description Predefined level-13 role#role name level-14 description Predefined level-14 role#user-group system#local-user admin class manage password hash $h$6$F7zT+JzP5uvVTv2H$l97zZX4RWHXIF9Z93D+cHK13K88AtLoc/WHW41vhbWop7Xa8FL6gk/fTwWCi9gRPTv93Yh22q148tgqD+QynhQ== service-type telnet http https authorization-attribute user-role network-admin#local-user 30d16be12867 class network password cipher $c$3$noXzA+sExAlZldCz/LdxxV5OqXa09Jyhc+e7z6U8NA== service-type lan-access authorization-attribute user-role network-operator#local-user 9c2ea121d7b2 class network password cipher $c$3$c8cFMgCR3TmQXOZdo/B22ZwurbVow6bauU7iRxGZJQ== service-type lan-access authorization-attribute user-role network-operator#local-user d05349ee81bc class network password cipher $c$3$4WlLk+VL+n3nmb1ereQLAC4mUas5nzZFIT43BdIr2Q== service-type lan-access authorization-attribute user-role network-operator# ip http enable ip https enable# wlan auto-ap enable wlan auto-persistent enable#wlan global-configuration#wlan ap-group default-group vlan 1 ap-model WA4320i-ACN  radio 1   radio enable   service-template 1   service-template vlan17  radio 2   radio enable   service-template 1   service-template vlan17  gigabitethernet 1  gigabitethernet 2#wlan ap 210235a1gqc163000319 model WA4320i-ACN  serial-id 210235A1GQC163000319 region-code CN vlan 1 radio 1 radio 2 gigabitethernet 1 gigabitethernet 2#wlan ap 210235a1gqc172001734 model WA4320i-ACN  serial-id 210235A1GQC172001734 region-code CN vlan 1 radio 1 radio 2 gigabitethernet 1 gigabitethernet 2#return
View Code 
# version 7.1.070, Release 1118P01# sysname TZ-HDQX-CORE-5560# clock timezone Beijing add 08:00:00 clock protocol none# telnet server enable# irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1# dhcp enable dhcp server forbidden-ip 10.3.10.253 dhcp server forbidden-ip 10.3.11.2 10.3.11.5 dhcp server forbidden-ip 10.3.16.100 dhcp server forbidden-ip 10.3.16.101 dhcp server forbidden-ip 10.3.20.102# lldp global enable# fan prefer-direction slot 1 power-to-port  password-recovery enable#vlan 1#vlan 2 to 20#vlan 995 to 1000# stp global enable#dhcp server ip-pool 3#dhcp server ip-pool vlan1 gateway-list 10.3.1.1 network 10.3.1.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 expired day 0 hour 12#dhcp server ip-pool vlan2 gateway-list 10.3.2.1 network 10.3.2.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan3 gateway-list 10.3.3.1 network 10.3.3.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan4 gateway-list 10.3.4.1 network 10.3.4.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan5 gateway-list 10.3.5.1 network 10.3.5.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan6 gateway-list 10.3.6.1 network 10.3.6.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan7 gateway-list 10.3.7.1 network 10.3.7.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan8 gateway-list 10.3.8.1 network 10.3.8.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan9 gateway-list 10.3.9.1 network 10.3.9.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan10 gateway-list 10.3.10.1 network 10.3.10.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan11 gateway-list 10.3.11.1 network 10.3.11.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan12 gateway-list 10.3.12.1 network 10.3.12.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan13 gateway-list 10.3.13.1 network 10.3.13.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan14 gateway-list 10.3.14.1 network 10.3.14.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan15 gateway-list 10.3.15.1 network 10.3.15.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan16 gateway-list 10.3.16.1 network 10.3.16.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan17 gateway-list 10.3.17.1 network 10.3.17.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan18 gateway-list 10.3.18.1 network 10.3.18.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan19 gateway-list 10.3.19.1 network 10.3.19.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#dhcp server ip-pool vlan20 gateway-list 10.3.20.1 network 10.3.20.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196#interface NULL0#interface Vlan-interface1 ip address 10.3.1.1 255.255.255.0#interface Vlan-interface2 ip address 10.3.2.1 255.255.255.0#interface Vlan-interface3 ip address 10.3.3.1 255.255.255.0#interface Vlan-interface4 ip address 10.3.4.1 255.255.255.0#interface Vlan-interface5 ip address 10.3.5.1 255.255.255.0#interface Vlan-interface6 ip address 10.3.6.1 255.255.255.0#interface Vlan-interface7 ip address 10.3.7.1 255.255.255.0#interface Vlan-interface8 ip address 10.3.8.1 255.255.255.0#interface Vlan-interface9 ip address 10.3.9.1 255.255.255.0#interface Vlan-interface10 ip address 10.3.10.1 255.255.255.0#interface Vlan-interface11 ip address 10.3.11.1 255.255.255.0#interface Vlan-interface12 ip address 10.3.12.1 255.255.255.0#interface Vlan-interface13 ip address 10.3.13.1 255.255.255.0#interface Vlan-interface14 ip address 10.3.14.1 255.255.255.0#interface Vlan-interface15 ip address 10.3.15.1 255.255.255.0#interface Vlan-interface16 ip address 10.3.16.1 255.255.255.0#interface Vlan-interface17 ip address 10.3.17.1 255.255.255.0#interface Vlan-interface18 ip address 10.3.18.1 255.255.255.0#interface Vlan-interface19 ip address 10.3.19.1 255.255.255.0#interface Vlan-interface20 ip address 10.3.20.1 255.255.255.0#interface Vlan-interface995 ip address 10.30.30.30 255.255.255.0#interface Vlan-interface999 ip address 10.20.20.251 255.255.255.0#interface Vlan-interface1000 ip address 10.40.40.40 255.255.255.0#interface GigabitEthernet1/0/1 port link-mode bridge#interface GigabitEthernet1/0/2 port link-mode bridge port access vlan 2#interface GigabitEthernet1/0/3 port link-mode bridge port access vlan 3#interface GigabitEthernet1/0/4 port link-mode bridge port access vlan 4#interface GigabitEthernet1/0/5 port link-mode bridge port access vlan 5#interface GigabitEthernet1/0/6 port link-mode bridge port access vlan 6#interface GigabitEthernet1/0/7 port link-mode bridge port access vlan 7#interface GigabitEthernet1/0/8 port link-mode bridge port link-type trunk port trunk permit vlan all#interface GigabitEthernet1/0/9 port link-mode bridge port access vlan 9#interface GigabitEthernet1/0/10 port link-mode bridge port access vlan 10#interface GigabitEthernet1/0/11 port link-mode bridge port access vlan 11#interface GigabitEthernet1/0/12 port link-mode bridge port link-type trunk port trunk permit vlan all#interface GigabitEthernet1/0/13 port link-mode bridge port access vlan 20#interface GigabitEthernet1/0/14 port link-mode bridge port access vlan 20#interface GigabitEthernet1/0/15 port link-mode bridge port access vlan 20#interface GigabitEthernet1/0/16 port link-mode bridge port access vlan 20#interface GigabitEthernet1/0/17 port link-mode bridge port access vlan 20 combo enable fiber#interface GigabitEthernet1/0/18 port link-mode bridge port access vlan 20 combo enable fiber#interface GigabitEthernet1/0/19 port link-mode bridge port access vlan 20 combo enable fiber#interface GigabitEthernet1/0/20 port link-mode bridge description xin-chang port access vlan 20 combo enable fiber#interface GigabitEthernet1/0/21 port link-mode bridge port access vlan 995 combo enable copper#interface GigabitEthernet1/0/22 port link-mode bridge port access vlan 996 combo enable copper#interface GigabitEthernet1/0/23 port link-mode bridge port access vlan 999 combo enable copper#interface GigabitEthernet1/0/24 port link-mode bridge port access vlan 1000 combo enable copper#interface M-GigabitEthernet0/0/0#interface Ten-GigabitEthernet1/0/25 port link-mode bridge#interface Ten-GigabitEthernet1/0/26 port link-mode bridge#interface Ten-GigabitEthernet1/0/27 port link-mode bridge#interface Ten-GigabitEthernet1/0/28 port link-mode bridge# scheduler logfile size 16#line class aux user-role network-admin#line class usb user-role network-admin#line class vty user-role network-operator#line aux 0 user-role network-admin#line vty 0 4 authentication-mode scheme user-role network-admin user-role network-operator#line vty 5 63 user-role network-operator# ip route-static 0.0.0.0 0 10.40.40.1 ip route-static 10.2.0.0 16 10.20.20.254 ip route-static 192.168.0.0 16 10.20.20.254#radius scheme system user-name-format without-domain#domain system# domain default enable system#role name level-0 description Predefined level-0 role#role name level-1 description Predefined level-1 role#role name level-2 description Predefined level-2 role#role name level-3 description Predefined level-3 role#role name level-4 description Predefined level-4 role#role name level-5 description Predefined level-5 role#role name level-6 description Predefined level-6 role#role name level-7 description Predefined level-7 role#role name level-8 description Predefined level-8 role#role name level-9 description Predefined level-9 role#role name level-10 description Predefined level-10 role#role name level-11 description Predefined level-11 role#role name level-12 description Predefined level-12 role#role name level-13 description Predefined level-13 role#role name level-14 description Predefined level-14 role#user-group system#local-user admin class manage password hash $h$6$snDWQATrpWeCQrrQ$e/sG16TGFpeRMGxU47EU8dI+N7GorTPSg5wSu4rCjluvI9/TNgVNTjaY1Qm/xypSgFWbyulKXjF9ISipX336EA== service-type ftp service-type telnet http https authorization-attribute user-role level-15 authorization-attribute user-role network-admin authorization-attribute user-role network-operator# ftp server enable# ip http enable#return
View Code 
# version 7.1.064, Release 5205P02# sysname TXHD-WX3510H# telnet server enable# irf mac-address persistent timer irf auto-update enable irf auto-merge enable irf member 1 priority 1# port-security enable# dhcp enable# password-recovery enable#vlan 1#vlan 2 to 200#irf-port 1#dhcp server ip-pool vlan100 gateway-list 192.168.100.254 network 192.168.100.0 mask 255.255.255.0#wlan service-template 1 ssid HD-AP11 akm mode psk preshared-key pass-phrase cipher $c$3$7BwN4wwensofKd+M6xz/cj+IgkizgmXnYz1A cipher-suite ccmp security-ie rsn service-template enable#interface NULL0#interface Vlan-interface1 ip address 10.2.1.253 255.255.255.0 sub#interface Vlan-interface100 ip address 192.168.100.254 255.255.255.0#interface GigabitEthernet1/0/1#interface GigabitEthernet1/0/2#interface GigabitEthernet1/0/3#interface GigabitEthernet1/0/4#interface GigabitEthernet1/0/5 port link-type trunk port trunk permit vlan all#interface GigabitEthernet1/0/6 port link-type trunk port trunk permit vlan all#interface GigabitEthernet1/0/7 port link-type trunk port trunk permit vlan all#interface GigabitEthernet1/0/8 port access vlan 100# scheduler logfile size 16#line class console user-role network-admin#line class vty user-role network-operator#line con 0 user-role network-admin#line vty 0 15 user-role level-15 user-role network-admin set authentication password hash $h$6$xP586skcKIv95W0Y$8MQOZ+dB1dgIXfIwJUVLsoLAQ9TlxQloc/hKlJOEltBYxPRSfr42M9ya9PkkStp8Az91+MzvJxMqFDj9o/CDyQ==#line vty 16 31 authentication-mode scheme user-role network-operator# ip route-static 0.0.0.0 0 10.2.1.1# undo info-center logfile enable#domain system# domain default enable system#role name level-0 description Predefined level-0 role#role name level-1 description Predefined level-1 role#role name level-2 description Predefined level-2 role#role name level-3 description Predefined level-3 role#role name level-4 description Predefined level-4 role#role name level-5 description Predefined level-5 role#role name level-6 description Predefined level-6 role#role name level-7 description Predefined level-7 role#role name level-8 description Predefined level-8 role#role name level-9 description Predefined level-9 role#role name level-10 description Predefined level-10 role#role name level-11 description Predefined level-11 role#role name level-12 description Predefined level-12 role#role name level-13 description Predefined level-13 role#role name level-14 description Predefined level-14 role#user-group system#local-user admin class manage password hash $h$6$3NgALkpc9amDFcrO$yPMgajm2qxBPMcnmUqK3Wh2v9DL2vHcsKdpffaKX259As1YhqL4SgeK7f0Uk5uxArc7X49h35vujaYtC2GYTuQ== service-type telnet http https authorization-attribute user-role level-15 authorization-attribute user-role network-admin#local-user dddddd class network password cipher $c$3$XKX5rQBFAwdC32mJGPilk7h/zMo7ywg= service-type lan-access authorization-attribute user-role network-operator#local-user lxj class network password cipher $c$3$t2zcOzSd+m/FlUXoO9odGhmwvtXS5Q== service-type lan-access authorization-attribute user-role network-operator# ip http enable ip https enable# wlan auto-ap enable wlan auto-persistent enable#wlan global-configuration control-address disable#wlan ap-group default-group vlan 1 ap-model WA4320i-ACN  radio 1   radio enable   service-template 1  radio 2   radio enable   service-template 1  gigabitethernet 1  gigabitethernet 2#wlan ap ap1-1 model WA4320i-ACN  serial-id 210235A1GQC163000334 vlan 1 radio 1  radio enable  service-template 1 radio 2  radio enable  service-template 1 gigabitethernet 1 gigabitethernet 2#wlan ap ap1-2 model WA4320i-ACN  serial-id 210235A1GQC163000375 vlan 1 radio 1  radio enable  service-template 1 radio 2  radio enable  service-template 1 gigabitethernet 1 gigabitethernet 2#wlan ap ap1-3 model WA4320i-ACN  serial-id 210235A1GQC163000947 vlan 1 radio 1  radio enable  service-template 1 radio 2  radio enable  service-template 1 gigabitethernet 1 gigabitethernet 2#wlan ap ap1-4 model WA4320i-ACN  serial-id 210235A1GQC163000970 vlan 1 radio 1  radio enable  service-template 1 radio 2  radio enable  service-template 1 gigabitethernet 1 gigabitethernet 2#wlan ap ap2-1 model WA4320i-ACN  serial-id 210235A1GQC163000290 vlan 1 radio 1  radio enable  service-template 1 radio 2  radio enable  service-template 1 gigabitethernet 1 gigabitethernet 2#wlan ap ap2-2 model WA4320i-ACN  serial-id 210235A1GQC163000173 vlan 1 radio 1  radio enable  service-template 1 radio 2  radio enable  service-template 1 gigabitethernet 1 gigabitethernet 2#wlan ap ap2-3 model WA4320i-ACN  serial-id 210235A1GQC163000319 vlan 1 radio 1  radio enable  service-template 1 radio 2  radio enable  service-template 1 gigabitethernet 1 gigabitethernet 2#wlan ap ap2-4 model WA4320i-ACN  serial-id 210235A1GQC163000284 vlan 1 radio 1  radio enable  service-template 1 radio 2  radio enable  service-template 1 gigabitethernet 1 gigabitethernet 2#wlan ap ap3-1 model WA4320i-ACN  serial-id 210235A1GQC163000943 vlan 1 radio 1  radio enable  service-template 1 radio 2  radio enable  service-template 1 gigabitethernet 1 gigabitethernet 2#wlan ap ap3-2 model WA4320i-ACN  serial-id 210235A1GQC163000942 vlan 1 radio 1  radio enable  service-template 1 radio 2  radio enable  service-template 1 gigabitethernet 1 gigabitethernet 2#wlan ap ap3-3 model WA4320i-ACN  serial-id 210235A1GQC163000107 vlan 1 radio 1  radio enable  service-template 1 radio 2  radio enable  service-template 1 gigabitethernet 1 gigabitethernet 2#wlan ap ap3-4 model WA4320i-ACN  serial-id 210235A1GQC163000377 vlan 1 radio 1  radio enable  service-template 1 radio 2  radio enable  service-template 1 gigabitethernet 1 gigabitethernet 2#wlan ap ap4-1 model WA4320i-ACN  serial-id 210235A1GQC163000836 vlan 1 radio 1  radio enable  service-template 1 radio 2  radio enable  service-template 1 gigabitethernet 1 gigabitethernet 2#wlan ap ap4-2 model WA4320i-ACN  serial-id 210235A1GQC172001383 vlan 1 radio 1  radio enable  service-template 1 radio 2  radio enable  service-template 1 gigabitethernet 1 gigabitethernet 2#wlan ap ap4-3 model WA4320i-ACN  serial-id 210235A1GQC172001734 vlan 1 radio 1  radio enable  service-template 1 radio 2  radio enable  service-template 1 gigabitethernet 1 gigabitethernet 2#wlan ap ap5-1 model WA4320i-ACN  serial-id 210235A1GQC172001457 vlan 1 radio 1  radio enable  service-template 1 radio 2  radio enable  service-template 1 gigabitethernet 1 gigabitethernet 2#return
View Code 
# sysname TZ-HD-CORE-5560 # clock timezone Lisbon add 00:00:00 clock protocol none # telnet server enable # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # dhcp enable dhcp server forbidden-ip 10.2.10.220 10.2.10.250 # lldp global enable # password-recovery enable # vlan 1 # vlan 2 to 20 # vlan 100 # vlan 999 to 1000 # stp global enable # dhcp server ip-pool vlan1 gateway-list 10.2.1.1 network 10.2.1.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 expired day 0 hour 12 static-bind ip-address 10.2.1.4 mask 255.255.255.0 hardware-address d053-49ee-81bc static-bind ip-address 10.2.1.40 mask 255.255.255.0 hardware-address 30d1-6be1-2867 # dhcp server ip-pool vlan2 gateway-list 10.2.2.1 network 10.2.2.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan3 gateway-list 10.2.3.1 network 10.2.3.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan4 gateway-list 10.2.4.1 network 10.2.4.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan5 gateway-list 10.2.5.1 network 10.2.5.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan6 gateway-list 10.2.6.1 network 10.2.6.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan7 gateway-list 10.2.7.1 network 10.2.7.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan8 gateway-list 10.2.8.1 network 10.2.8.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan9 gateway-list 10.2.9.1 network 10.2.9.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan10 gateway-list 10.2.10.1 network 10.2.10.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan11 gateway-list 10.2.11.1 network 10.2.11.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan12 gateway-list 10.2.12.1 network 10.2.12.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan13 gateway-list 10.2.13.1 network 10.2.13.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan14 gateway-list 10.2.14.1 network 10.2.14.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan15 gateway-list 10.2.15.1 network 10.2.15.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan16 gateway-list 10.2.16.1 network 10.2.16.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan17 gateway-list 10.2.17.1 network 10.2.17.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan18 gateway-list 10.2.18.1 network 10.2.18.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan19 gateway-list 10.2.19.1 network 10.2.19.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # dhcp server ip-pool vlan20 gateway-list 10.2.20.1 network 10.2.20.0 mask 255.255.255.0 dns-list 60.191.134.206 60.191.134.196 # interface NULL0 # interface Vlan-interface1 ip address 10.2.1.1 255.255.255.0 # interface Vlan-interface2 ip address 10.2.2.1 255.255.255.0 # interface Vlan-interface3 ip address 10.2.3.1 255.255.255.0 # interface Vlan-interface4 ip address 10.2.4.1 255.255.255.0 # interface Vlan-interface5 ip address 10.2.5.1 255.255.255.0 # interface Vlan-interface6 ip address 10.2.6.1 255.255.255.0 # interface Vlan-interface7 ip address 10.2.7.1 255.255.255.0 # interface Vlan-interface8 ip address 10.2.8.1 255.255.255.0 # interface Vlan-interface9 ip address 10.2.9.1 255.255.255.0 # interface Vlan-interface10 ip address 10.2.10.1 255.255.255.0 # interface Vlan-interface11 ip address 10.2.11.1 255.255.255.0 # interface Vlan-interface12 ip address 10.2.12.1 255.255.255.0 # interface Vlan-interface13 ip address 10.2.13.1 255.255.255.0 # interface Vlan-interface14 ip address 10.2.14.1 255.255.255.0 # interface Vlan-interface15 ip address 10.2.15.1 255.255.255.0 # interface Vlan-interface16 ip address 10.2.16.1 255.255.255.0 # interface Vlan-interface17 ip address 10.2.17.1 255.255.255.0 # interface Vlan-interface18 ip address 10.2.18.1 255.255.255.0 # interface Vlan-interface19 ip address 10.2.19.1 255.255.255.0 # interface Vlan-interface20 ip address 10.2.20.1 255.255.255.0 # interface Vlan-interface100 ip address 192.168.1.1 255.255.0.0 packet-filter 3000 inbound # interface Vlan-interface999 ip address 10.20.20.254 255.255.255.0 # interface Vlan-interface1000 ip address 10.10.10.254 255.255.255.0 packet-filter 3004 outbound # interface GigabitEthernet1/0/1 port link-mode bridge # interface GigabitEthernet1/0/2 port link-mode bridge port access vlan 2 # interface GigabitEthernet1/0/3 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/4 port link-mode bridge port access vlan 4 # interface GigabitEthernet1/0/5 port link-mode bridge port access vlan 5 # interface GigabitEthernet1/0/6 port link-mode bridge port access vlan 6 # interface GigabitEthernet1/0/7 port link-mode bridge port access vlan 7 # interface GigabitEthernet1/0/8 port link-mode bridge port access vlan 8 # interface GigabitEthernet1/0/9 port link-mode bridge port access vlan 9 # interface GigabitEthernet1/0/10 port link-mode bridge port access vlan 10 # interface GigabitEthernet1/0/11 port link-mode bridge port access vlan 11 # interface GigabitEthernet1/0/12 port link-mode bridge port access vlan 12 # interface GigabitEthernet1/0/13 port link-mode bridge port access vlan 13 # interface GigabitEthernet1/0/14 port link-mode bridge port access vlan 14 # interface GigabitEthernet1/0/15 port link-mode bridge port access vlan 15 # interface GigabitEthernet1/0/16 port link-mode bridge port access vlan 16 # interface GigabitEthernet1/0/17 port link-mode bridge port access vlan 17 # interface GigabitEthernet1/0/18 port link-mode bridge port access vlan 18 # interface GigabitEthernet1/0/19 port link-mode bridge port access vlan 19 # interface GigabitEthernet1/0/20 port link-mode bridge port access vlan 999 # interface GigabitEthernet1/0/21 port link-mode bridge port access vlan 100 combo enable copper # interface GigabitEthernet1/0/22 port link-mode bridge port access vlan 100 combo enable copper # interface GigabitEthernet1/0/23 port link-mode bridge port access vlan 100 combo enable copper # interface GigabitEthernet1/0/24 port link-mode bridge port access vlan 100 combo enable copper # interface GigabitEthernet1/0/25 port link-mode bridge combo enable copper # interface GigabitEthernet1/0/26 port link-mode bridge description con-cixi-haorun port access vlan 999 combo enable copper # interface GigabitEthernet1/0/27 port link-mode bridge combo enable copper # interface GigabitEthernet1/0/28 port link-mode bridge port access vlan 1000 combo enable copper # interface M-GigabitEthernet0/0/0 # interface M-GigabitEthernet0/0/1 # interface Ten-GigabitEthernet1/0/29 port link-mode bridge # interface Ten-GigabitEthernet1/0/30 port link-mode bridge # interface Ten-GigabitEthernet1/0/31 port link-mode bridge port access vlan 100 # interface Ten-GigabitEthernet1/0/32 port link-mode bridge port access vlan 17 # scheduler logfile size 16 # line class aux user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line vty 0 4 user-role level-15 user-role network-operator set authentication password hash $h$6$nU+AkipUP9u9B8+5$3hi6djXQS1kjEaFUj7Umk4yAZrDOgc2nQPlosh/RcZCdYwX6W+7Ll/CI3IIb5xkkEg3QDzDpo69L1hOKHJYvrg== # line vty 5 63 user-role network-operator # ip route-static 0.0.0.0 0 10.10.10.1 ip route-static 10.1.0.0 16 10.20.20.253 ip route-static 10.3.0.0 16 10.20.20.251 ip route-static 172.16.0.0 16 Vlan-interface999 10.20.20.253 # snmp-agent snmp-agent local-engineid 800063A2801CAB349776BC00000001 snmp-agent community write public snmp-agent sys-info version all snmp-agent trap enable arp snmp-agent trap enable radius # time-range a1 00:00 to 23:59 daily # acl number 3000 rule 0 deny ip source 192.168.115.155 0 rule 5 deny ip source 192.168.2.71 0 rule 10 deny ip source 192.168.24.20 0 rule 15 deny ip source 192.168.23.22 0 # acl number 3003 rule 0 permit ip destination 10.86.87.185 0 rule 5 permit ip destination 218.75.72.116 0 rule 10 permit ip destination 218.75.72.114 0 rule 15 deny ip source 10.2.1.0 0.0.0.255 rule 20 deny ip source 10.2.17.0 0.0.0.255 rule 25 deny ip source 10.2.18.0 0.0.0.255 rule 30 deny ip source 10.2.19.0 0.0.0.255 # acl number 3004 rule 0 permit ip source 10.2.1.4 0 rule 5 permit ip source 10.2.1.40 0 rule 15 deny ip source 10.2.1.0 0.0.0.255 rule 20 deny ip source 10.2.17.0 0.0.0.255 rule 25 deny ip source 10.2.18.0 0.0.0.255 rule 30 deny ip source 10.2.19.0 0.0.0.255 rule 35 deny ip source 10.2.16.0 0.0.0.255 # acl number 4000 # acl number 4001 # radius scheme system user-name-format without-domain # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$snDWQATrpWeCQrrQ$e/sG16TGFpeRMGxU47EU8dI+N7GorTPSg5wSu4rCjluvI9/TNgVNTjaY1Qm/xypSgFWbyulKXjF9ISipX336EA== service-type ftp service-type telnet http authorization-attribute user-role level-15 authorization-attribute user-role network-operator # ftp server enable # ip http enable # return
View Code

 

 

# 进入系统视图,并开启Telnet服务,默认开启。

<H3C> system-view

[H3C] telnet server enable

# 配置VTY接口认证模式为scheme模式(用户名+密码认证)。

[H3C] line vty 0 4

[H3C-ui-vty0-4] authentication-mode scheme  //另两种认证模式为None(无密码)和Password(单密码)

[H3C-ui-vty0-4] user-role network-admin

[H3C-ui-vty0-4] quit

# 创建本地账号abc,密码为123456,权限级别为network-admin。

[H3C] local-user abc

[H3C-luser-abc] password simple 123456

[H3C-luser-abc] service-type telnet

[H3C-luser-abc] authorization-attribute user-role network-admin

[H3C-luser-abc] quit

# 保存配置。

[H3C] save force

风扇修改风向命令

[h3c]fan prefer-direction slot 1 port-to-power (slot后面的数字根据具体的槽位配置)

 

轻轻松松配置产品案例链接:

轻轻松松配交换:

轻轻松松配路由:

轻轻松松配安全:

轻轻松松配无线:

 

 

说明

vlan 2 to 20

配置一个vlan interface 
只有配置了vlan interface 后,
笔记本插入核心的对应于AC的 vlan 访问口,才可以访问到
 
网络连接
----------
下面SW指核心交换机
加入路由
  1. ip route-static 0.0.0.0 0 10.3.15.1 后,可以笔记本插任意核心端口多可以访问到AC控制器  --- 这条作废
  2. 笔记本连SW13 口, AC与SW 8口trunk相连,只要 AC上配置 Vlan-interface13 的 ip address后就可以访问了,跟上面的ip route-static无关
  3.  SW-AC  8口trunk ,  poe_sw1 连 AC  3口  ,AC3口做port access vlan 3,  SW 4口连 poe_sw2
  4.  AP1连 poe_sw1, AP2连poe_sw2 ,结果发现2个AP都能自动被发现 (需要在AC上配置一个 vlan-interface 4 的ip address)
     
 
 
 
AP的设置。
---------------------
AP区分 fat 与fit 
 
进到AP里使用 ap-mode fit   ,普通试图下面
 
使用核心的dhcp 服务时,看AP是否获取IP地址,可以在核心上使用下面命令
display dhcp server ip-in-use
 
-------------------------------
Radious服务器在外网的情况下
需呀保证在AC上能访问到 Radious服务器, 需要做 ip route-static 路由
Radius 需要在ISP的System域中把 授权的-不授权勾打上
 
--------------
路由规则,第一条匹配是就不会匹配第二条
在内网要ping 192.168.1.94 是需要
将 ip route-static 192.168.0.0 16 10.3.10.1  注意10.3.10.1是允许访问外网的网段101
 
 

转载于:https://www.cnblogs.com/wdfrog/p/9642462.html

你可能感兴趣的文章
postgressql数据库中limit offset使用
查看>>
测试思想-集成测试 关于接口测试 Part 2
查看>>
windows下mysql密码忘了怎么办?【转】
查看>>
php生成器使用总结
查看>>
T-SQL中的indexof函数
查看>>
javascript基础之数组(Array)对象
查看>>
mysql DML DDL DCL
查看>>
RAMPS1.4 3d打印控制板接线与测试1
查看>>
python with语句中的变量有作用域吗?
查看>>
24@Servlet_day03
查看>>
初级ant的学习
查看>>
redis数据结构--String
查看>>
POJ 3279 Fliptile (二进制枚举)
查看>>
memcached 细究(三)
查看>>
future
查看>>
关于main函数传参数的问题
查看>>
getTickCount()函数 VS GetTickCount()函数
查看>>
嵌入式jetty
查看>>
2017~回顾分享
查看>>
使用svn——项目的目录布局
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2024-10-23 02:52:02   当前IP: 18.118.142.129   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我