h3com企业型方案(华为)

整理文档很辛苦,赏杯茶钱您下走!

免费阅读已结束,点击下载阅读编辑剩下 ...

阅读已结束,您可以下载文档离线阅读编辑

资源描述

中小企业型方案要求:某企业,专线接入,有华为路由器一台,三层交换机一台,二层交换机若干;1、要求划几个VLAN,为不同部门。2、所有主机能够通过路由器上网。设计思路:1、路由器配置比较简单,主要做NAT转换和ACL控制哪些主机能上外网;2、三层交换机,划分VLAN,实现内部VLAN间路由,可直接接终端或二层交换机3、二层交换相接终端。。设计时,关于防病毒ACL列表、VLAN间互联隔离技术等问题此处未讨论。感兴趣的朋友,我们可以另起篇章进行讨论。本设计以华为产品为例,思科产品配置原理相同,只是命令行不同而已。欢迎有志之士把它翻译成思科的配置。基实也可以不要三层交换机,直接在路由器上做单臂也可以。。只是不适合复杂的网络和发展。。配置:一、路由器配置version5.20,Release1205P02,Basic#给路由器命名sysnameHUAWE-ROUTE#domaindefaultenablesystem#vlan1#radiusschemesystemserver-typeextendedprimaryauthentication127.0.0.11645primaryaccounting127.0.0.11646user-name-formatwithout-domain#domainsystemaccess-limitdisablestateactiveidle-cutdisableself-service-urldisable#定义ACL列表,允许所有IP访问外网,这里你可以指定允许某些或禁止某些主机上网。aclnumber2000rule0permit#interfaceAux0asyncmodeflowlink-protocolppp#接专线的接口,配置运营商分配的IPinterfaceEthernet0/0natoutbound2000duplexfullspeed100ipaddress218.22.3.126255.255.255.252#接局域网三层交换机的地址interfaceEthernet0/1DESCTO—SWitchduplexfullspeed100ipaddress192.168.8.1255.255.255.252#interfaceNULL0#至公网默认路由iproute-static0.0.0.00.0.0.0218.22.3.125至三层交换机回程路由iproute-static192.168.0.0255.255.0.0192.168.8.2#user-interfacecon0user-interfaceaux0未设置TELNET登陆密码,这样外网的人登陆不了,当然你也登陆不了。哈安全吧。(如果想TELNET,需要设置密码和ACL禁止外网的人登陆)user-interfacevty04#Return二、三层交换配置#给交换机命名sysnamehwswich#设备SUPER密码superpasswordlevel3cipher;1$VGEA)N2C+1!!#radiusschemesystemserver-typehuaweiprimaryauthentication127.0.0.11645primaryaccounting127.0.0.11646user-name-formatwithout-domaindomainsystemradius-schemesystemaccess-limitdisablestateactivevlan-assignment-modeintegeridle-cutdisableself-service-urldisablemessengertimedisabledomaindefaultenablesystem#local-servernas-ip127.0.0.1keyhuawei建立业务VLAN及与路由器互联口VLANvlan5descto-router#vlan10descbumen1#vlan20descbumen2#分别给SVI接口设计IP地址,即所属VLANPC终端的网关#interfaceVlan-interface5DESCto-routeripaddress192.168.8.2255.255.255.252interfaceVlan-interface10ipaddress192.168.1.1255.255.255.0#interfaceVlan-interface20ipaddress192.168.2.1255.255.255.0#与二层交换机互联接口interfaceEthernet0/1duplexfullspeed100portlink-typetrunkporttrunkpermitvlan1020#接普通终端的接口interfaceEthernet0/2portaccessvlan10#interfaceEthernet0/3portaccessvlan20#interfaceEthernet0/4shutdown#interfaceEthernet0/5#interfaceEthernet0/6shutdown#interfaceEthernet0/7shutdown#interfaceEthernet0/8shutdown#interfaceEthernet0/9shutdown#interfaceEthernet0/10shutdown#interfaceEthernet0/11shutdown#interfaceEthernet0/12shutdown#interfaceEthernet0/13shutdown#interfaceEthernet0/14shutdown#interfaceEthernet0/15shutdown#interfaceEthernet0/16shutdown#interfaceEthernet0/17shutdown#interfaceEthernet0/18shutdown#interfaceEthernet0/19shutdown#interfaceEthernet0/20shutdown#interfaceEthernet0/21shutdown#interfaceEthernet0/22shutdown#interfaceEthernet0/23shutdown#与路由器互联接口interfaceEthernet0/24descto-routerduplexfullspeed100portaccessvlan5#SNMP网关配置,可以不要snmp-agentsnmp-agentlocal-engineid800007DB000FE23F864D6877snmp-agentcommunityreadpublicsnmp-agentsys-infocontactHuaWei_Hotline4008302118or8008302118snmp-agentsys-infolocationBeiJingChinasnmp-agentsys-infoversionall#设置默认路由iproute-static0.0.0.00.0.0.0192.168.8.1user-interfaceaux0设置TELNET登陆密码user-interfacevty04authentication-modepasswordsetauthenticationpasswordcipherCZP'5O+PV9=FQ!!#return三、二层交换机配置#sysnameL1-1##radiusschemesystemserver-typehuaweiprimaryauthentication127.0.0.11645primaryaccounting127.0.0.11646user-name-formatwithout-domaindomainsystemradius-schemesystemaccess-limitdisablestateactiveidle-cutdisableself-service-urldisablemessengertimedisabledomaindefaultenablesystem#local-servernas-ip127.0.0.1keyhuawei#interfaceAux0/0#vlan1#vlan10#vlan20##interfaceEthernet0/1portaccessvlan10#interfaceEthernet0/2portaccessvlan10#interfaceEthernet0/3portaccessvlan10#interfaceEthernet0/4portaccessvlan10#interfaceEthernet0/5portaccessvlan10#interfaceEthernet0/6portaccessvlan10#interfaceEthernet0/7portaccessvlan10#interfaceEthernet0/8portaccessvlan10#interfaceEthernet0/9portaccessvlan10#interfaceEthernet0/10portaccessvlan10#interfaceEthernet0/11portaccessvlan10#interfaceEthernet0/12portaccessvlan20#interfaceEthernet0/13portaccessvlan20#interfaceEthernet0/14portaccessvlan20#interfaceEthernet0/15portaccessvlan20#interfaceEthernet0/16portaccessvlan20#interfaceEthernet0/17portaccessvlan20#interfaceEthernet0/18portaccessvlan20#interfaceEthernet0/19portaccessvlan20#interfaceEthernet0/20portaccessvlan20#interfaceEthernet0/21portaccessvlan20#interfaceEthernet0/22portaccessvlan20#interfaceEthernet0/23portaccessvlan20#interfaceEthernet0/24duplexfullspeed100portlink-typetrunkporttrunkpermitvlan1020#user-interfaceaux0user-interfacevty04#return

1 / 8
下载文档,编辑使用

©2015-2020 m.777doc.com 三七文档.

备案号:鲁ICP备2024069028号-1 客服联系 QQ:2149211541

×
保存成功