实验要求

1. 全网互通
2. 路由器访问服务器ftp服务

AR1

[AR1]display current-configuration
[V200R003C00]
# 
sysname AR1
# 
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
# 
clock timezone China-Standard-Time minus 08:00:00
# 
portal local-server load portalpage.zip
# 
drop illegal-mac alarm
# 
set cpu-usage threshold 80 restore 75
# 
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$$K8m.Nt84DZ}e#<0`8bmE3Uw}%$$
local-user admin service-type http
# 
firewall zone Local
priority 15
# 
interface GigabitEthernet0/0/0
ip address 202.10.101.1 255.255.255.0
# 
interface GigabitEthernet0/0/1
ip address 202.10.100.1 255.255.255.0
# 
interface GigabitEthernet0/0/2
# 
interface NULL0
# 
user-interface con 0
authentication-mode password
idle-timeout 0 0
user-interface vty 0 4
user-interface vty 16 20
# 
wlan ac
# 
return

AR2

[AR2]display current-configuration
[V200R003C00]
# 
sysname AR2
# 
board add 0/2 1GEC
# 
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
# 
clock timezone China-Standard-Time minus 08:00:00
# 
portal local-server load portalpage.zip
# 
drop illegal-mac alarm
# 
set cpu-usage threshold 80 restore 75
# 
acl number 3000
rule 5 permit ip source 192.168.0.0 0.0.255.255
# 
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$$K8m.Nt84DZ}e#<0`8bmE3Uw}%$$
local-user admin service-type http
# 
firewall zone Local
priority 15
# 
nat alg ftp enable
# 
interface GigabitEthernet0/0/0
ip address 192.168.111.2 255.255.255.0
# 
interface GigabitEthernet0/0/1
ip address 192.168.112.2 255.255.255.0
# 
interface GigabitEthernet0/0/2
ip address 202.10.100.2 255.255.255.0
nat outbound 3000
# 
interface GigabitEthernet2/0/0
ip address 192.168.1.2 255.255.255.0
# 
interface NULL0
# 
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
# 
ospf 1 router-id 2.2.2.2
default-route-advertise
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.111.0 0.0.0.255
network 192.168.112.0 0.0.0.255
# 
ip route-static 0.0.0.0 0.0.0.0 202.10.100.1
# 
user-interface con 0
authentication-mode password
idle-timeout 0 0
user-interface vty 0 4
user-interface vty 16 20
# 
wlan ac
# 
return

AR3

[AR3]display current-configuration
[V200R003C00]
# 
sysname AR3
# 
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
# 
clock timezone China-Standard-Time minus 08:00:00
# 
portal local-server load portalpage.zip
# 
drop illegal-mac alarm
# 
set cpu-usage threshold 80 restore 75
# 
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$$K8m.Nt84DZ}e#<0`8bmE3Uw}%$$
local-user admin service-type http
# 
firewall zone Local
priority 15
# 
interface GigabitEthernet0/0/0
ip address 192.168.1.3 255.255.255.0
# 
interface GigabitEthernet0/0/1
ip address 192.168.2.3 255.255.255.0
# 
interface GigabitEthernet0/0/2
# 
interface NULL0
# 
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
# 
ospf 1 router-id 3.3.3.3
import-route rip 1 cost 100
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 192.168.1.0 0.0.0.255
# 
rip 1
undo summary
default-route originate
version 2
network 3.0.0.0
network 192.168.2.0
import-route ospf 1 cost 0
# 
user-interface con 0
authentication-mode password
idle-timeout 0 0
user-interface vty 0 4
user-interface vty 16 20
# 
wlan ac
# 
return

AR4

[AR4]display current-configuration
[V200R003C00]
# 
sysname AR4
# 
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
# 
clock timezone China-Standard-Time minus 08:00:00
# 
portal local-server load portalpage.zip
# 
drop illegal-mac alarm
# 
set cpu-usage threshold 80 restore 75
# 
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$$K8m.Nt84DZ}e#<0`8bmE3Uw}%$$
local-user admin service-type http
# 
firewall zone Local
priority 15
# 
interface GigabitEthernet0/0/0
ip address 192.168.2.4 255.255.255.0
# 
interface GigabitEthernet0/0/1
ip address 192.168.3.4 255.255.255.0
# 
interface GigabitEthernet0/0/2
# 
interface NULL0
# 
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
# 
rip 1
undo summary
version 2
network 4.0.0.0
network 192.168.2.0
network 192.168.3.0
# 
user-interface con 0
authentication-mode password
idle-timeout 0 0
user-interface vty 0 4
user-interface vty 16 20
# 
wlan ac
# 
return

AR5

[AR5]display current-configuration
[V200R003C00]
# 
sysname AR5
# 
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
# 
clock timezone China-Standard-Time minus 08:00:00
# 
portal local-server load portalpage.zip
# 
drop illegal-mac alarm
# 
set cpu-usage threshold 80 restore 75
# 
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$$K8m.Nt84DZ}e#<0`8bmE3Uw}%$$
local-user admin service-type http
# 
firewall zone Local
priority 15
# 
interface GigabitEthernet0/0/0
# 
interface GigabitEthernet0/0/0.1
dot1q termination vid 50
ip address 192.168.50.1 255.255.255.0
arp broadcast enable
# 
interface GigabitEthernet0/0/0.2
dot1q termination vid 60
ip address 192.168.60.1 255.255.255.0
arp broadcast enable
# 
interface GigabitEthernet0/0/1
ip address 192.168.3.5 255.255.255.0
# 
interface GigabitEthernet0/0/2
# 
interface NULL0
# 
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
# 
rip 1
undo summary
version 2
network 5.0.0.0
network 192.168.3.0
network 192.168.50.0
network 192.168.60.0
# 
user-interface con 0
authentication-mode password
idle-timeout 0 0
user-interface vty 0 4
user-interface vty 16 20
# 
wlan ac
# 
return

SW1

[SW1]display current-configuration
# 
sysname SW1
# 
vlan batch 10 20
# 
cluster enable
ntdp enable
ndp enable
# 
drop illegal-mac alarm
# 
diffserv domain default
# 
drop-profile default
# 
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
# 
interface Vlanif1
# 
interface MEth0/0/1
# 
interface Ethernet0/0/1
port link-type access
port default vlan 10
# 
interface Ethernet0/0/2
port link-type access
port default vlan 20
# 
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
# 
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
# 
interface NULL0
# 
user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
# 
return

SW2

[SW2]display current-configuration
# 
sysname SW2
# 
vlan batch 30 40
# 
cluster enable
ntdp enable
ndp enable
# 
drop illegal-mac alarm
# 
diffserv domain default
# 
drop-profile default
# 
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
# 
interface Vlanif1
# 
interface MEth0/0/1
# 
interface Ethernet0/0/1
port link-type access
port default vlan 30
# 
interface Ethernet0/0/2
port link-type access
port default vlan 40
# 
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
# 
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
# 
interface NULL0
# 
user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
# 
return

SW3

[SW3]display current-configuration
# 
sysname SW3
# 
vlan batch 50 60
# 
cluster enable
ntdp enable
ndp enable
# 
drop illegal-mac alarm
# 
diffserv domain default
# 
drop-profile default
# 
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
# 
interface Vlanif1
# 
interface MEth0/0/1
# 
interface Ethernet0/0/1
port link-type access
port default vlan 50
# 
interface Ethernet0/0/2
port link-type access
port default vlan 60
# 
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
# 
interface GigabitEthernet0/0/2
# 
interface NULL0
# 
user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
# 
return

SW4

不用配置

SW5

[SW5]display current-configuration
# 
sysname SW5
# 
vlan batch 10 20 30 40 111
# 
cluster enable
ntdp enable
ndp enable
# 
drop illegal-mac alarm
# 
diffserv domain default
# 
drop-profile default
# 
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
# 
interface Vlanif1
# 
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.10.254
vrrp vrid 1 priority 120
vrrp vrid 1 track interface GigabitEthernet0/0/1
vrrp vrid 1 track interface GigabitEthernet0/0/3
# 
interface Vlanif20
ip address 192.168.20.1 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.20.254
vrrp vrid 1 priority 120
vrrp vrid 1 track interface GigabitEthernet0/0/1
vrrp vrid 1 track interface GigabitEthernet0/0/3
# 
interface Vlanif30
ip address 192.168.30.1 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.30.254
vrrp vrid 2 priority 115
# 
interface Vlanif40
ip address 192.168.40.1 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.40.254
vrrp vrid 2 priority 115
# 
interface Vlanif111
ip address 192.168.111.1 255.255.255.0
# 
interface MEth0/0/1
# 
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
# 
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
# 
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
# 
interface GigabitEthernet0/0/3
port link-type access
port default vlan 111
# 
interface GigabitEthernet0/0/4
eth-trunk 1
# 
interface GigabitEthernet0/0/5
eth-trunk 1
# 
interface GigabitEthernet0/0/6
eth-trunk 1
# 
interfa ce NULL0
# 
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
# 
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.111.0 0.0.0.255
# 
user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
# 
return

SW6

[SW6]display current-configuration
# 
sysname SW6
# 
vlan batch 10 20 30 40 112
# 
cluster enable
ntdp enable
ndp enable
# 
drop illegal-mac alarm
# 
diffserv domain default
# 
drop-profile default
# 
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
# 
interface Vlanif1
# 
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.10.254
vrrp vrid 2 priority 115
# 
interface Vlanif20
ip address 192.168.20.1 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.20.254
vrrp vrid 2 priority 115
# 
interface Vlanif30
ip address 192.168.30.1 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.30.254
vrrp vrid 1 priority 120
vrrp vrid 1 track interface GigabitEthernet0/0/2
vrrp vrid 1 track interface GigabitEthernet0/0/3
# 
interface Vlanif40
ip address 192.168.40.1 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.40.254
vrrp vrid 1 priority 120
vrrp vrid 1 track interface GigabitEthernet0/0/2
vrrp vrid 1 track interface GigabitEthernet0/0/3
# 
interface Vlanif112
ip address 192.168.112.1 255.255.255.0
# 
interface MEth0/0/1
# 
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
# 
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
# 
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
# 
interface GigabitEthernet0/0/3
port link-type access
port default vlan 112
# 
interface GigabitEthernet0/0/4
eth-trunk 1
# 
interface GigabitEthernet0/0/5
eth-trunk 1
# 
interface GigabitEthernet0/0/6
eth-trunk 1
# 
interface NULL0
# 
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
# 
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 7.7.7.7 0.0.0.0
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.112.0 0.0.0.255
# 
user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
# 
return

 

实验总结

此实验包含，mstp-vrrp-ospf-rip-双向重分发-单臂路由-地址转换-默认路由-nat等。
四台交换机之间的区域可能会产生环路，建议先配置二层交换机的环境再配置三层交换机的。如果还是产生环路，则在配置好VLAN划分后要进行MSTP生成树协议消除环路。
配置好外网接内网后，要记得还要在重分发下发默认路由给其他邻居。