1. 项目概述1.1 项目背景为支持公司业务发展构建一个高性能、高可靠、易管理且安全的现代化办公室网络以满足200名员工日常办公、协同通信及业务系统访问需求。1.2 建设目标构建一个稳定可靠、有线无线一体化的网络基础环境。实现网络逻辑隔离与访问控制保障核心数据安全。提供无缝的无线网络覆盖确保关键网络服务如DHCP、网关的高可用性实现快速故障切换由于S5700无法进行dhcp和VRRP联动SW2未作DHCP优化网络路径消除环路并合理规划IP地址。2. 网络设计原则分层架构采用经典的核心-汇聚-接入三层模型实现功能分离、便于扩展与管理。冗余可靠在汇聚层及核心链路部署设备与链路冗余关键服务采用VRRP协议确保无单点故障。安全合规通过VLAN隔离、ACL策略及NAT技术实现网络边界防护与内部访问控制。易于管理通过合理的IP地址规划、VLAN划分及集中式的策略部署简化日常运维。有许多不足的地方慢慢学习和优化LSW3HuaweisysEnter system view, return user view with CtrlZ.[Huawei]undo info-center enableInfo: Information center is disabled.[Huawei]sysname LSW3[LSW3]vlan 10[LSW3-vlan10]q[LSW3]int eth0/0/1[LSW3-Ethernet0/0/1]port link-type access[LSW3-Ethernet0/0/1]port default vlan 10[LSW3-Ethernet0/0/1]int eth0/0/2[LSW3-Ethernet0/0/2]port link-type access[LSW3-Ethernet0/0/2]port default vlan 10[LSW3-Ethernet0/0/2]quit[LSW3]int g0/0/1[LSW3-GigabitEthernet0/0/1]port link-type trunk[LSW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 10[LSW3-GigabitEthernet0/0/1]int g0/0/2[LSW3-GigabitEthernet0/0/2]port link-type trunk[LSW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 10[LSW3-GigabitEthernet0/0/2]q[LSW3]stp mode mstp[LSW3]stp region-configuration[LSW3-mst-region]region-name myRegion[LSW3-mst-region]revision-level 1[LSW3-mst-region]instance 10 vlan 10[LSW3-mst-region]instance 20 vlan 20[LSW3-mst-region]active region-configurationInfo: This operation may take a few seconds. Please wait for a moment...done.[LSW3-mst-region]q[LSW3]stp enableLSW5[LSW5]vlan 20[LSW5-vlan20]q[LSW5]int eth0/0/1[LSW5-Ethernet0/0/1]port link-type access[LSW5-Ethernet0/0/1]port default vlan 20[LSW5-Ethernet0/0/1]int g0/0/1[LSW5-GigabitEthernet0/0/1]port link-type trunk[LSW5-GigabitEthernet0/0/1]port trunk allow-pass vlan 20[LSW5-GigabitEthernet0/0/1]int g0/0/2[LSW5-GigabitEthernet0/0/2]port link-type trunk[LSW5-GigabitEthernet0/0/2]port trunk allow-pass vlan 20[LSW5-GigabitEthernet0/0/2][LSW5]stp mode mstp[LSW5]stp region-configuration[LSW5-mst-region]region-name myRegion[LSW5-mst-region]revision-level 1[LSW5-mst-region]instance 10 vlan 10[LSW5-mst-region]instance 20 vlan 20[LSW5-mst-region]active region-configurationInfo: This operation may take a few seconds. Please wait for a moment...done.[LSW5-mst-region]q[LSW5]stp enableLSW6HuaweisysEnter system view, return user view with CtrlZ.[Huawei]undo info-center enaInfo: Information center is disabled.[Huawei]sysname LSW6[LSW6]vlan 100[LSW6-vlan100]q[LSW6]int eth0/0/1[LSW6-Ethernet0/0/1]port link-type access[LSW6-Ethernet0/0/1]port default vlan 100[LSW6-Ethernet0/0/1]int g0/0/1[LSW6-GigabitEthernet0/0/1]port link-type trunk[LSW6-GigabitEthernet0/0/1]port trunk allow-pass vlan 100LSW1HuaweisysEnter system view, return user view with CtrlZ.[Huawei]undo info-center enableInfo: Information center is disabled.[Huawei]sysname LSW1[LSW1]vlan batch 10 20 100Info: This operation may take a few seconds. Please wait for a moment...done.[LSW1]int g0/0/1[LSW1-GigabitEthernet0/0/1]port link-type trunk[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10[LSW1-GigabitEthernet0/0/1]int g0/0/2[LSW1-GigabitEthernet0/0/2]port link-type trunk[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 20[LSW1-GigabitEthernet0/0/2]int g0/0/3[LSW1-GigabitEthernet0/0/3]port link-type trunk[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 100[LSW1-GigabitEthernet0/0/3]quit[LSW1]int vlanif10[LSW1-Vlanif10]ip address 192.168.10.254 24[LSW1-Vlanif10]int vlanif20[LSW1-Vlanif20]ip address 192.168.20.253 24[LSW1-Vlanif20]int vlanif100[LSW1-Vlanif100]ip address 192.168.100.254 24[LSW1-Vlanif100][LSW1]int g0/0/4[LSW1-GigabitEthernet0/0/4]port link-type trunk[LSW1-GigabitEthernet0/0/4]port trunk allow-pass[LSW1-GigabitEthernet0/0/4]port trunk allow-pass vlan all[LSW1]vlan 80[LSW1]int vlanif80[LSW1-Vlanif80]ip address 192.168.80.252 24[LSW1]stp mode mstp[LSW1]stp region-configuration[LSW1-mst-region]region-name myRegion[LSW1-mst-region]revision-level 1[LSW1-mst-region]instance 10 vlan 10[LSW1-mst-region]instance 20 vlan 20[LSW1-mst-region]active region-configurationInfo: This operation may take a few seconds. Please wait for a moment...done.[LSW1-mst-region]quit[LSW1]stp instance 10 root primary[LSW1]stp instance 20 root secondary[LSW1]stp enable[LSW1]dhcp enableInfo: The operation may take a few seconds. Please wait for a moment.done.[LSW1]ip pool tangInfo:Its successful to create an IP address pool.[LSW1-ip-pool-tang]q[LSW1]int vlanif10[LSW1-Vlanif10]dhcp select global[LSW1-Vlanif10]q[LSW1]ip pool tang[LSW1-ip-pool-tang]gateway-list 192.168.10.254[LSW1-ip-pool-tang]network 192.168.10.0 mask 255.255.255.0[LSW1-ip-pool-tang]dns-list 8.8.8.8[LSW1-ip-pool-tang]excluded-ip-address 192.168.10.253[LSW1-ip-pool-tang]excluded-ip-address 192.168.10.254Error:Only idle or expired IP address can be disabled.[LSW1-ip-pool-tang]excluded-ip-address 192.168.10.252[LSW1-ip-pool-tang]excluded-ip-address 192.168.10.251[LSW1-ip-pool-tang]excluded-ip-address 192.168.10.250[LSW1-ip-pool-tang]lease day 1[LSW1-ip-pool-tang]quitinterface Vlanif10ip address 192.168.10.251 255.255.255.0[LSW1] User interface con0 is availablePlease Press ENTER.LSW1sysEnter system view, return user view with CtrlZ.[LSW1]int vlanif10[LSW1-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254[LSW1-Vlanif10]vrrp vrid 10 priority 120[LSW1-Vlanif10]vrrp vrid 10 preempt-mode timer delay 5[LSW1-Vlanif10]vrrp vrid 10 track interface GigabitEthernet 0/0/5 reduced 30[LSW1-Vlanif10]q[LSW1]int vlanif20[LSW1-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254[LSW1-Vlanif20]vrrp vrid 20 priority 100[LSW1-Vlanif20]vrrp vrid 20 preempt-mode timer delay 5[LSW1-Vlanif20]vrrp vrid 20 track interface g0/0/5 reduced 30[LSW1-GigabitEthernet0/0/2]int g0/0/5[LSW1-GigabitEthernet0/0/3]port link-type trunk[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 10LSW2HuaweisysEnter system view, return user view with CtrlZ.[Huawei]undo info-center enableInfo: Information center is disabled.[Huawei]vlan batch 10 20 100Info: This operation may take a few seconds. Please wait for a moment...done.[Huawei]int g0/0/1[Huawei-GigabitEthernet0/0/1]port link-type trunk[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan 10[Huawei-GigabitEthernet0/0/1]port link-type trunk[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan 20[Huawei-GigabitEthernet0/0/1]q[Huawei]int vlanif10[Huawei-Vlanif10]ip address 192.168.10.253 24[Huawei-Vlanif10]int vlanif20[Huawei-Vlanif20]ip address 192.168.20.254 24[LSW2]int vlanif100[LSW2-Vlanif100]ip address 192.168.100.253 24[Huawei]int g0/0/4[Huawei-GigabitEthernet0/0/4]port link-type trunk[Huawei-GigabitEthernet0/0/4]port trunk allow-pass vlan all[LSW2]vlan batch 70 80Info: This operation may take a few seconds. Please wait for a moment...done.[LSW2]int g0/0/3[LSW2-GigabitEthernet0/0/3]port link-type trunk[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 70 80[LSW2-GigabitEthernet0/0/3]int g0/0/5[LSW2-GigabitEthernet0/0/5]port link-type trunk[LSW2-GigabitEthernet0/0/5]port trunk pvid vlan 70[LSW2-GigabitEthernet0/0/5]port trunk allow-pass vlan 70 80[LSW2]int g0/0/3[LSW2-GigabitEthernet0/0/3]port link-type trunk[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan all[LSW2-GigabitEthernet0/0/3]quit[LSW2][LSW2]stp mode mstp[LSW2]stp region-configuration[LSW2-mst-region]region-name myRegion[LSW2-mst-region]revision-level 1[LSW2-mst-region]instance 10 vlan 10[LSW2-mst-region]instance 20 vlan 20[LSW2-mst-region]active region-configurationInfo: This operation may take a few seconds. Please wait for a moment...done.[LSW2-mst-region]quit[LSW2]stp instance 20 root primary[LSW2]stp instance 10 root secondary[LSW2]stp enableLSW2sysEnter system view, return user view with CtrlZ.[LSW2]int vlanif20[LSW2-Vlanif20]q[LSW2]dhcp enableInfo: The operation may take a few seconds. Please wait for a moment.done.[LSW2]int vlanif20[LSW2-Vlanif20]dhcp select global[LSW2-Vlanif20]q[LSW2]ip pool tang1Info:Its successful to create an IP address pool.[LSW2-ip-pool-tang1]gateway-list 192.168.20.254[LSW2-ip-pool-tang1]network 192.168.20.0 mask 255.255.255.0[LSW2-ip-pool-tang1]dns-list 8.8.8.8[LSW2-ip-pool-tang1]excluded-ip-address 192.168.20.254Error:Only idle or expired IP address can be disabled.[LSW2-ip-pool-tang1]excluded-ip-address 192.168.20.253[LSW2-ip-pool-tang1]excluded-ip-address 192.168.20.252[LSW2-ip-pool-tang1]excluded-ip-address 192.168.20.251[LSW2-ip-pool-tang1]excluded-ip-address 192.168.20.250[LSW2]int vlan10[LSW2-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254[LSW2-Vlanif10]vrrp vrid 10 priority 100[LSW2-Vlanif10]vrrp vrid 10 preempt-mode timer delay 5[LSW2-Vlanif10]vrrp vrid 10 track interface GigabitEthernet 0/0/6 reduced 30[LSW2-Vlanif10]q[LSW2]int vlanif20[LSW2-Vlanif20]ip address 192.168.20.251 24[LSW2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254[LSW2-Vlanif20]vrrp vrid 20 priority 120[LSW2-Vlanif20]vrrp vrid 20 preempt-mode timer delay 5[LSW2-Vlanif20]vrrp vrid 20 track interface g0/0/6 reduced 30[LSW2]int g0/0/6[LSW2-GigabitEthernet0/0/3]port link-type access[LSW2-GigabitEthernet0/0/3]port default allow-pass vlan 20AC1AC6005AC6005sysEnter system view, return user view with CtrlZ.[AC6005]undo info-center enableInfo: Information center is disabled.[ac1]sysname AC1[AC1]vlan batch 70 80Info: This operation may take a few seconds. Please wait for a moment...done.[AC1]int g0/0/1[AC1-GigabitEthernet0/0/1]port link-type trunk[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 70 80[AC1-GigabitEthernet0/0/1]quit[AC1]int vlanif70[AC1-Vlanif70]ip address 192.168.70.254 24[AC1-Vlanif70]int vlanif80[AC1-Vlanif80]ip address 192.168.80.254 24[AC1-Vlanif80]q[AC1]dhcp enableInfo: The operation may take a few seconds. Please wait for a moment.done.[AC1]ip pool 123Info: It is successful to create an IP address pool.[AC1-ip-pool-123]gateway-list 192.168.70.254[AC1-ip-pool-123]network 192.168.70.0 mask 255.255.255.0[AC1-ip-pool-123]quit[AC1]ip pool huaweiInfo: It is successful to create an IP address pool.[AC1-ip-pool-huawei]gateway-list 192.168.80.254[AC1-ip-pool-huawei]network 192.168.80.0 mask 255.255.255.0[AC1-ip-pool-huawei]excluded-ip-address 192.168.80.254Error: The gateway cannot be excluded.[AC1-ip-pool-huawei]excluded-ip-address 192.168.80.253[AC1-ip-pool-huawei]excluded-ip-address 192.168.80.252[AC1-ip-pool-huawei]excluded-ip-address 192.168.80.251[AC1-ip-pool-huawei]excluded-ip-address 192.168.80.250[AC1-ip-pool-huawei]dns-list 8.8.8.8[AC1-ip-pool-huawei]lease day 1[AC1-ip-pool-huawei]q[AC1]int vlan70[AC1-Vlanif70]dhcp select global[AC1-Vlanif70]int vlanif80[AC1-Vlanif80]dhcp select global[AC1]capwap source interface vlanif80[AC1]wlan[AC1-wlan-view]regulatory-domain-profile name default[AC1-wlan-regulate-domain-default]country-code CNInfo: The current country code is same with the input country code.[AC1-wlan-regulate-domain-default]q[AC1-wlan-view]security-profile name office-sec[AC1-wlan-sec-prof-office-sec]security wpa2 psk pass-phrase huawei123 aes[AC1-wlan-sec-prof-office-sec]quit[AC1-wlan-view]ssid-profile name office-ssid[AC1-wlan-ssid-prof-office-ssid]ssid office-wifiInfo: This operation may take a few seconds, please wait.done.AC1sysEnter system view, return user view with CtrlZ.[AC1]wlan[AC1-wlan-view]vap-profile name office-vap[AC1-wlan-vap-prof-office-vap]forward-mode tunnelInfo: This operation may take a few seconds, please wait.done.[AC1-wlan-vap-prof-office-vap]service-vlan vlan-id 80Info: This operation may take a few seconds, please wait.done.[AC1-wlan-vap-prof-office-vap]ssid-profile office-ssidInfo: This operation may take a few seconds, please wait.done.[AC1-wlan-vap-prof-office-vap]security-profile office-secInfo: This operation may take a few seconds, please wait.done.[AC1-wlan-vap-prof-office-vap]quit[AC1-wlan-view]quit[AC1]wlan[AC1-wlan-view]ap-group name office-groupInfo: This operation may take a few seconds. Please wait for a moment.done.[AC1-wlan-ap-group-office-group]regulatory-domain-profile defaultWarning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y[AC1-wlan-ap-group-office-group]vap-profile office-vap wlan 1 radio allInfo: This operation may take a few seconds, please wait...done.[AC1-wlan-ap-group-office-group]quit[AC1-wlan-view]ap auth-mode mac-auth[AC1-wlan-view]ap-id 1 ap-mac 00e0-fc1c-4cb0[AC1-wlan-ap-1]ap-name AP-office[AC1-wlan-ap-1]ap-name office-group[AC1-wlan-ap-1]quit[AC1-wlan-view]quit[AC6605]vlan batch 10 20Info: This operation may take a few seconds. Please wait for a moment...done.[AC6605]int vlan10[AC6605-Vlanif10]ip address 192.168.10.252 24[AC6605-Vlanif10]int vlanif20[AC6605-Vlanif20]ip address 192.168.20.252 24[AC6605-Vlanif20][AC6605]int g0/0/1[AC6605-GigabitEthernet0/0/1]port link-type trunk[AC6605-GigabitEthernet0/0/1]port trunk allow-pass vlan all[AC6605-GigabitEthernet0/0/1]quit[AC6605]ip route-static 192.168.137.0 24 192.168.20.251[AC6605]stp mode mstp[AC6605]stp region-configurationInfo: Please activate the stp region-configuration after it is modified.[AC6605-mst-region]region-name myRegion[AC6605-mst-region]revision-level 1[AC6605-mst-region]active region-configurationInfo: This operation may take a few seconds. Please wait for a moment...done.[AC6605-mst-region]q[AC6605]stp enable到目前实现了全网通信接着利用VRRP和MSTP协议AR1[Huawei]int g0/0/2[Huawei-GigabitEthernet0/0/1]ip address 192.168.137.2 24[Huawei]int g0/0/0[Huawei-GigabitEthernet0/0/0]ip address 192.168.10.250 24[Huawei]int g0/0/1[Huawei-GigabitEthernet0/0/1]ip address 192.168.20.250 24[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.137.1[Huawei]ip route-static 192.168.80.0 24 192.168.20.251[Huawei]acl 2000[Huawei-acl-basic-2000]rule 5 permit[Huawei-acl-basic-2000]q[Huawei]int g0/0/2[Huawei-GigabitEthernet0/0/2]nat outbound 2000通过查询验证
利用ENSP搭建一个三层网络架构
1. 项目概述1.1 项目背景为支持公司业务发展构建一个高性能、高可靠、易管理且安全的现代化办公室网络以满足200名员工日常办公、协同通信及业务系统访问需求。1.2 建设目标构建一个稳定可靠、有线无线一体化的网络基础环境。实现网络逻辑隔离与访问控制保障核心数据安全。提供无缝的无线网络覆盖确保关键网络服务如DHCP、网关的高可用性实现快速故障切换由于S5700无法进行dhcp和VRRP联动SW2未作DHCP优化网络路径消除环路并合理规划IP地址。2. 网络设计原则分层架构采用经典的核心-汇聚-接入三层模型实现功能分离、便于扩展与管理。冗余可靠在汇聚层及核心链路部署设备与链路冗余关键服务采用VRRP协议确保无单点故障。安全合规通过VLAN隔离、ACL策略及NAT技术实现网络边界防护与内部访问控制。易于管理通过合理的IP地址规划、VLAN划分及集中式的策略部署简化日常运维。有许多不足的地方慢慢学习和优化LSW3HuaweisysEnter system view, return user view with CtrlZ.[Huawei]undo info-center enableInfo: Information center is disabled.[Huawei]sysname LSW3[LSW3]vlan 10[LSW3-vlan10]q[LSW3]int eth0/0/1[LSW3-Ethernet0/0/1]port link-type access[LSW3-Ethernet0/0/1]port default vlan 10[LSW3-Ethernet0/0/1]int eth0/0/2[LSW3-Ethernet0/0/2]port link-type access[LSW3-Ethernet0/0/2]port default vlan 10[LSW3-Ethernet0/0/2]quit[LSW3]int g0/0/1[LSW3-GigabitEthernet0/0/1]port link-type trunk[LSW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 10[LSW3-GigabitEthernet0/0/1]int g0/0/2[LSW3-GigabitEthernet0/0/2]port link-type trunk[LSW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 10[LSW3-GigabitEthernet0/0/2]q[LSW3]stp mode mstp[LSW3]stp region-configuration[LSW3-mst-region]region-name myRegion[LSW3-mst-region]revision-level 1[LSW3-mst-region]instance 10 vlan 10[LSW3-mst-region]instance 20 vlan 20[LSW3-mst-region]active region-configurationInfo: This operation may take a few seconds. Please wait for a moment...done.[LSW3-mst-region]q[LSW3]stp enableLSW5[LSW5]vlan 20[LSW5-vlan20]q[LSW5]int eth0/0/1[LSW5-Ethernet0/0/1]port link-type access[LSW5-Ethernet0/0/1]port default vlan 20[LSW5-Ethernet0/0/1]int g0/0/1[LSW5-GigabitEthernet0/0/1]port link-type trunk[LSW5-GigabitEthernet0/0/1]port trunk allow-pass vlan 20[LSW5-GigabitEthernet0/0/1]int g0/0/2[LSW5-GigabitEthernet0/0/2]port link-type trunk[LSW5-GigabitEthernet0/0/2]port trunk allow-pass vlan 20[LSW5-GigabitEthernet0/0/2][LSW5]stp mode mstp[LSW5]stp region-configuration[LSW5-mst-region]region-name myRegion[LSW5-mst-region]revision-level 1[LSW5-mst-region]instance 10 vlan 10[LSW5-mst-region]instance 20 vlan 20[LSW5-mst-region]active region-configurationInfo: This operation may take a few seconds. Please wait for a moment...done.[LSW5-mst-region]q[LSW5]stp enableLSW6HuaweisysEnter system view, return user view with CtrlZ.[Huawei]undo info-center enaInfo: Information center is disabled.[Huawei]sysname LSW6[LSW6]vlan 100[LSW6-vlan100]q[LSW6]int eth0/0/1[LSW6-Ethernet0/0/1]port link-type access[LSW6-Ethernet0/0/1]port default vlan 100[LSW6-Ethernet0/0/1]int g0/0/1[LSW6-GigabitEthernet0/0/1]port link-type trunk[LSW6-GigabitEthernet0/0/1]port trunk allow-pass vlan 100LSW1HuaweisysEnter system view, return user view with CtrlZ.[Huawei]undo info-center enableInfo: Information center is disabled.[Huawei]sysname LSW1[LSW1]vlan batch 10 20 100Info: This operation may take a few seconds. Please wait for a moment...done.[LSW1]int g0/0/1[LSW1-GigabitEthernet0/0/1]port link-type trunk[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10[LSW1-GigabitEthernet0/0/1]int g0/0/2[LSW1-GigabitEthernet0/0/2]port link-type trunk[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 20[LSW1-GigabitEthernet0/0/2]int g0/0/3[LSW1-GigabitEthernet0/0/3]port link-type trunk[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 100[LSW1-GigabitEthernet0/0/3]quit[LSW1]int vlanif10[LSW1-Vlanif10]ip address 192.168.10.254 24[LSW1-Vlanif10]int vlanif20[LSW1-Vlanif20]ip address 192.168.20.253 24[LSW1-Vlanif20]int vlanif100[LSW1-Vlanif100]ip address 192.168.100.254 24[LSW1-Vlanif100][LSW1]int g0/0/4[LSW1-GigabitEthernet0/0/4]port link-type trunk[LSW1-GigabitEthernet0/0/4]port trunk allow-pass[LSW1-GigabitEthernet0/0/4]port trunk allow-pass vlan all[LSW1]vlan 80[LSW1]int vlanif80[LSW1-Vlanif80]ip address 192.168.80.252 24[LSW1]stp mode mstp[LSW1]stp region-configuration[LSW1-mst-region]region-name myRegion[LSW1-mst-region]revision-level 1[LSW1-mst-region]instance 10 vlan 10[LSW1-mst-region]instance 20 vlan 20[LSW1-mst-region]active region-configurationInfo: This operation may take a few seconds. Please wait for a moment...done.[LSW1-mst-region]quit[LSW1]stp instance 10 root primary[LSW1]stp instance 20 root secondary[LSW1]stp enable[LSW1]dhcp enableInfo: The operation may take a few seconds. Please wait for a moment.done.[LSW1]ip pool tangInfo:Its successful to create an IP address pool.[LSW1-ip-pool-tang]q[LSW1]int vlanif10[LSW1-Vlanif10]dhcp select global[LSW1-Vlanif10]q[LSW1]ip pool tang[LSW1-ip-pool-tang]gateway-list 192.168.10.254[LSW1-ip-pool-tang]network 192.168.10.0 mask 255.255.255.0[LSW1-ip-pool-tang]dns-list 8.8.8.8[LSW1-ip-pool-tang]excluded-ip-address 192.168.10.253[LSW1-ip-pool-tang]excluded-ip-address 192.168.10.254Error:Only idle or expired IP address can be disabled.[LSW1-ip-pool-tang]excluded-ip-address 192.168.10.252[LSW1-ip-pool-tang]excluded-ip-address 192.168.10.251[LSW1-ip-pool-tang]excluded-ip-address 192.168.10.250[LSW1-ip-pool-tang]lease day 1[LSW1-ip-pool-tang]quitinterface Vlanif10ip address 192.168.10.251 255.255.255.0[LSW1] User interface con0 is availablePlease Press ENTER.LSW1sysEnter system view, return user view with CtrlZ.[LSW1]int vlanif10[LSW1-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254[LSW1-Vlanif10]vrrp vrid 10 priority 120[LSW1-Vlanif10]vrrp vrid 10 preempt-mode timer delay 5[LSW1-Vlanif10]vrrp vrid 10 track interface GigabitEthernet 0/0/5 reduced 30[LSW1-Vlanif10]q[LSW1]int vlanif20[LSW1-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254[LSW1-Vlanif20]vrrp vrid 20 priority 100[LSW1-Vlanif20]vrrp vrid 20 preempt-mode timer delay 5[LSW1-Vlanif20]vrrp vrid 20 track interface g0/0/5 reduced 30[LSW1-GigabitEthernet0/0/2]int g0/0/5[LSW1-GigabitEthernet0/0/3]port link-type trunk[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 10LSW2HuaweisysEnter system view, return user view with CtrlZ.[Huawei]undo info-center enableInfo: Information center is disabled.[Huawei]vlan batch 10 20 100Info: This operation may take a few seconds. Please wait for a moment...done.[Huawei]int g0/0/1[Huawei-GigabitEthernet0/0/1]port link-type trunk[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan 10[Huawei-GigabitEthernet0/0/1]port link-type trunk[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan 20[Huawei-GigabitEthernet0/0/1]q[Huawei]int vlanif10[Huawei-Vlanif10]ip address 192.168.10.253 24[Huawei-Vlanif10]int vlanif20[Huawei-Vlanif20]ip address 192.168.20.254 24[LSW2]int vlanif100[LSW2-Vlanif100]ip address 192.168.100.253 24[Huawei]int g0/0/4[Huawei-GigabitEthernet0/0/4]port link-type trunk[Huawei-GigabitEthernet0/0/4]port trunk allow-pass vlan all[LSW2]vlan batch 70 80Info: This operation may take a few seconds. Please wait for a moment...done.[LSW2]int g0/0/3[LSW2-GigabitEthernet0/0/3]port link-type trunk[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 70 80[LSW2-GigabitEthernet0/0/3]int g0/0/5[LSW2-GigabitEthernet0/0/5]port link-type trunk[LSW2-GigabitEthernet0/0/5]port trunk pvid vlan 70[LSW2-GigabitEthernet0/0/5]port trunk allow-pass vlan 70 80[LSW2]int g0/0/3[LSW2-GigabitEthernet0/0/3]port link-type trunk[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan all[LSW2-GigabitEthernet0/0/3]quit[LSW2][LSW2]stp mode mstp[LSW2]stp region-configuration[LSW2-mst-region]region-name myRegion[LSW2-mst-region]revision-level 1[LSW2-mst-region]instance 10 vlan 10[LSW2-mst-region]instance 20 vlan 20[LSW2-mst-region]active region-configurationInfo: This operation may take a few seconds. Please wait for a moment...done.[LSW2-mst-region]quit[LSW2]stp instance 20 root primary[LSW2]stp instance 10 root secondary[LSW2]stp enableLSW2sysEnter system view, return user view with CtrlZ.[LSW2]int vlanif20[LSW2-Vlanif20]q[LSW2]dhcp enableInfo: The operation may take a few seconds. Please wait for a moment.done.[LSW2]int vlanif20[LSW2-Vlanif20]dhcp select global[LSW2-Vlanif20]q[LSW2]ip pool tang1Info:Its successful to create an IP address pool.[LSW2-ip-pool-tang1]gateway-list 192.168.20.254[LSW2-ip-pool-tang1]network 192.168.20.0 mask 255.255.255.0[LSW2-ip-pool-tang1]dns-list 8.8.8.8[LSW2-ip-pool-tang1]excluded-ip-address 192.168.20.254Error:Only idle or expired IP address can be disabled.[LSW2-ip-pool-tang1]excluded-ip-address 192.168.20.253[LSW2-ip-pool-tang1]excluded-ip-address 192.168.20.252[LSW2-ip-pool-tang1]excluded-ip-address 192.168.20.251[LSW2-ip-pool-tang1]excluded-ip-address 192.168.20.250[LSW2]int vlan10[LSW2-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254[LSW2-Vlanif10]vrrp vrid 10 priority 100[LSW2-Vlanif10]vrrp vrid 10 preempt-mode timer delay 5[LSW2-Vlanif10]vrrp vrid 10 track interface GigabitEthernet 0/0/6 reduced 30[LSW2-Vlanif10]q[LSW2]int vlanif20[LSW2-Vlanif20]ip address 192.168.20.251 24[LSW2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254[LSW2-Vlanif20]vrrp vrid 20 priority 120[LSW2-Vlanif20]vrrp vrid 20 preempt-mode timer delay 5[LSW2-Vlanif20]vrrp vrid 20 track interface g0/0/6 reduced 30[LSW2]int g0/0/6[LSW2-GigabitEthernet0/0/3]port link-type access[LSW2-GigabitEthernet0/0/3]port default allow-pass vlan 20AC1AC6005AC6005sysEnter system view, return user view with CtrlZ.[AC6005]undo info-center enableInfo: Information center is disabled.[ac1]sysname AC1[AC1]vlan batch 70 80Info: This operation may take a few seconds. Please wait for a moment...done.[AC1]int g0/0/1[AC1-GigabitEthernet0/0/1]port link-type trunk[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 70 80[AC1-GigabitEthernet0/0/1]quit[AC1]int vlanif70[AC1-Vlanif70]ip address 192.168.70.254 24[AC1-Vlanif70]int vlanif80[AC1-Vlanif80]ip address 192.168.80.254 24[AC1-Vlanif80]q[AC1]dhcp enableInfo: The operation may take a few seconds. Please wait for a moment.done.[AC1]ip pool 123Info: It is successful to create an IP address pool.[AC1-ip-pool-123]gateway-list 192.168.70.254[AC1-ip-pool-123]network 192.168.70.0 mask 255.255.255.0[AC1-ip-pool-123]quit[AC1]ip pool huaweiInfo: It is successful to create an IP address pool.[AC1-ip-pool-huawei]gateway-list 192.168.80.254[AC1-ip-pool-huawei]network 192.168.80.0 mask 255.255.255.0[AC1-ip-pool-huawei]excluded-ip-address 192.168.80.254Error: The gateway cannot be excluded.[AC1-ip-pool-huawei]excluded-ip-address 192.168.80.253[AC1-ip-pool-huawei]excluded-ip-address 192.168.80.252[AC1-ip-pool-huawei]excluded-ip-address 192.168.80.251[AC1-ip-pool-huawei]excluded-ip-address 192.168.80.250[AC1-ip-pool-huawei]dns-list 8.8.8.8[AC1-ip-pool-huawei]lease day 1[AC1-ip-pool-huawei]q[AC1]int vlan70[AC1-Vlanif70]dhcp select global[AC1-Vlanif70]int vlanif80[AC1-Vlanif80]dhcp select global[AC1]capwap source interface vlanif80[AC1]wlan[AC1-wlan-view]regulatory-domain-profile name default[AC1-wlan-regulate-domain-default]country-code CNInfo: The current country code is same with the input country code.[AC1-wlan-regulate-domain-default]q[AC1-wlan-view]security-profile name office-sec[AC1-wlan-sec-prof-office-sec]security wpa2 psk pass-phrase huawei123 aes[AC1-wlan-sec-prof-office-sec]quit[AC1-wlan-view]ssid-profile name office-ssid[AC1-wlan-ssid-prof-office-ssid]ssid office-wifiInfo: This operation may take a few seconds, please wait.done.AC1sysEnter system view, return user view with CtrlZ.[AC1]wlan[AC1-wlan-view]vap-profile name office-vap[AC1-wlan-vap-prof-office-vap]forward-mode tunnelInfo: This operation may take a few seconds, please wait.done.[AC1-wlan-vap-prof-office-vap]service-vlan vlan-id 80Info: This operation may take a few seconds, please wait.done.[AC1-wlan-vap-prof-office-vap]ssid-profile office-ssidInfo: This operation may take a few seconds, please wait.done.[AC1-wlan-vap-prof-office-vap]security-profile office-secInfo: This operation may take a few seconds, please wait.done.[AC1-wlan-vap-prof-office-vap]quit[AC1-wlan-view]quit[AC1]wlan[AC1-wlan-view]ap-group name office-groupInfo: This operation may take a few seconds. Please wait for a moment.done.[AC1-wlan-ap-group-office-group]regulatory-domain-profile defaultWarning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y[AC1-wlan-ap-group-office-group]vap-profile office-vap wlan 1 radio allInfo: This operation may take a few seconds, please wait...done.[AC1-wlan-ap-group-office-group]quit[AC1-wlan-view]ap auth-mode mac-auth[AC1-wlan-view]ap-id 1 ap-mac 00e0-fc1c-4cb0[AC1-wlan-ap-1]ap-name AP-office[AC1-wlan-ap-1]ap-name office-group[AC1-wlan-ap-1]quit[AC1-wlan-view]quit[AC6605]vlan batch 10 20Info: This operation may take a few seconds. Please wait for a moment...done.[AC6605]int vlan10[AC6605-Vlanif10]ip address 192.168.10.252 24[AC6605-Vlanif10]int vlanif20[AC6605-Vlanif20]ip address 192.168.20.252 24[AC6605-Vlanif20][AC6605]int g0/0/1[AC6605-GigabitEthernet0/0/1]port link-type trunk[AC6605-GigabitEthernet0/0/1]port trunk allow-pass vlan all[AC6605-GigabitEthernet0/0/1]quit[AC6605]ip route-static 192.168.137.0 24 192.168.20.251[AC6605]stp mode mstp[AC6605]stp region-configurationInfo: Please activate the stp region-configuration after it is modified.[AC6605-mst-region]region-name myRegion[AC6605-mst-region]revision-level 1[AC6605-mst-region]active region-configurationInfo: This operation may take a few seconds. Please wait for a moment...done.[AC6605-mst-region]q[AC6605]stp enable到目前实现了全网通信接着利用VRRP和MSTP协议AR1[Huawei]int g0/0/2[Huawei-GigabitEthernet0/0/1]ip address 192.168.137.2 24[Huawei]int g0/0/0[Huawei-GigabitEthernet0/0/0]ip address 192.168.10.250 24[Huawei]int g0/0/1[Huawei-GigabitEthernet0/0/1]ip address 192.168.20.250 24[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.137.1[Huawei]ip route-static 192.168.80.0 24 192.168.20.251[Huawei]acl 2000[Huawei-acl-basic-2000]rule 5 permit[Huawei-acl-basic-2000]q[Huawei]int g0/0/2[Huawei-GigabitEthernet0/0/2]nat outbound 2000通过查询验证
