H3C设备组网详细配置步骤!

设备清单:设备名称产品型号数量配置单价价格核心路由器H3CMSR20-2012x100MWAN接口60006000核心三层交换机H3CS3600-28TP-SI124x100M+2x10/100/100M50005000核心二层交换机H3CS3100-26C-SI124x10/100M30003000服务器浪潮NF190D22E5405(2.00G)/12M/2GDDR2/73GSAS/1000M*2/单电源2003040060客户机浪潮日升S300PRSS300000062E22002.2G/1M/1G/160GSATA/集成显卡/17纯平37007400网络拓朴:配置步骤:1.端口设置及端口捆绑1.1在3L和2L上设置以下命令:（在三层交换机与二层交换机上配置）interfaceEthernet0/2toEthernet0/3speed100duplexfullportlink-typetrunkporttrunkpermitvlanall#link-aggregationEthernet0/2toEthernet0/3both2.GVRP配置2.1在3L上和2L上设置system-view#gvrp/设备开启gvrp功能#interfaceethernet0/2toethernet0/3gvrp/在trunk端口上开启gvrp3.VLAN设置3.1在3L上设置Vlan2市场部#Vlan3工程部#Vlan4服务器3.2在2L上设置interfaceEthernet0/8Portaccessvlan3#interfaceEthernet0/9Portaccessvlan2#interfaceethernet0/4toethernet0/5/3L上设置端口加服务器vlanPortaccessvlan44.三层交换实现Vlan互通4.1在3L上设置interfacevlan-interface1/网管Vlanipaddress192.168.1.1255.255.255.0undoshutdown#interfacevlan-interface2/市场Vlanipaddress192.168.2.1255.255.255.0undoshutdown#interfacevlan-interface3/工程vlanipaddress192.168.3.1255.255.255.0undoshutdown#interfacevlan-interface4/服务器vlanipaddress192.168.4.1255.255.255.0undoshutdown5.三层交换机和路由器互通5.1在3L上设置Interfacevlan-interface100Ipaddress192.168.0.2255.255.255.0Undoshutdown#Iproute-static0.0.0.00.0.0.0192.168.0.1/指向路由器的默认路由5.2在路由器上设置InterfaceEthernet0/0Ipaddress192.168.0.1255.255.255.0Undoshutdown#Iproute-static192.168.0.0255.255.0.0/超网路由,指向所有vlan的回程路由#Iproute-static0.0.0.00.0.0.0123.1.1.4/指向ISP的默认路由器6.ACL限制vlan2和vlan3互访6.1在三层交换机上设置aclnumber3000rule0denyipsource192.168.3.00.0.0.255destination192.168.2.00.0.0.255rule1permitip6.2在vlan2的三层接口上设置Interfacevlan-interface2packet-filterinboundip-group30007.三层交换机做DHCP服务器7.1在3L上设置dhcpserverip-poolvlan2network192.168.2.0mask255.255.255.0gateway-list192.168.2.1domain-namely-benet.netdns-list192.168.4.5dhcpserverforbidden-ip192.168.2.1#dhcpserverip-poolvlan3network192.168.3.0mask255.255.255.0gateway-list192.168.3.1domain-namely-benet.netdns-list192.168.4.5dhcpserverforbidden-ip192.168.3.17.2在3L的vlan2和vlan3三层接口上设置interfacevlan-interface2dhcpselectglobal#interfacevlan-interface3dhcpselectglobal8.STP设置8.1在3L上设置stprootprimary#interfaceethernet0/10toethernet0/24setroot-protenction/在指定端口启用根保护功能(根网桥上所有端口都是指定端口)8.2在2L上设置stpenable#interfaceethernet0/1toEthernet0/24stpdisable/在交换机连PC端口关闭stp功能9.路由器做NAT9.1在路由器上设置aclnumber2000/配置允许进行NAT转换的内网地址段/rule0permitsource192.168.0.00.0.255.255rule1deny#interfaceEthernet0/1/外网接口/ipaddress123.1.1.1255.255.255.248natoutbound2000#interfaceEthernet0/0ipaddress192.168.0.1255.255.255.0/内网网关/#10.发布内网服务器10.1在路由器上设置natserverprotocoltcpglobal123.1.1.2inside192.168.4.5natserverprotocoltcpglobal123.1.1.3inside192.168.4.611.网络设置telnet设置11.1在三层交换机和路由器上设置telnetuser-interfacevty0authentication-modepasswordsetauthenticationpasswordsimplely-benetuserprivilegelevel3protocolinboundtelnetidle-timeout611.2在2L上设置telnet和管理ip地址Interfacevlan-interface1Ipaddress192.168.1.2255.255.255.0Undoshutdown#user-interfacevty0authentication-modepasswordsetauthenticationpasswordsimplely-benetuserprivilegelevel3protocolinboundtelnetidle-timeout612.网络设备安全设置12.1关闭没有使用的端口InterfaceEthernet0/10toEthernet0/24Undoshutdwon12.2设置console口令user-interfaceaux0authentication-modepasswordsetauthenticationpasswordsimplely-benetuserprivilegelevel3idle-timeout512.3设置服务器IP,MAC和端口绑定System-viewAmuser-bindip-address192.168.4.5mac-address00e0-fcab-cd11interfacee0/4Amuser-bindip-address192.168.4.6mac-address0000-0cab-cd12interfacee0/5