华为交换机的应用案例(小)
华为交换机的小场景应用案例
具体的要求与拓扑图如下:
LSW1:
<Huawei>sys
[Huawei]undo info-center enable //关闭消息通知
[Huawei]vlan batch 10
[Huawei]int Eth-Trunk 1
[Huawei-Eth-Trunk1]port link-type trunk
[Huawei-Eth-Trunk1]port trunk allow-pass vlan 10
[Huawei-Eth-Trunk1]mode lacp //配置Eth-Trunk1为LACP模式
[Huawei-Eth-Trunk1]q
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]eth-trunk 1 //将成员接口加入Eth-Trunk1
[Huawei-Ethernet0/0/1]int e0/0/5
[Huawei-Ethernet0/0/5]eth-trunk 1
[Huawei-Ethernet0/0/5]q
[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]port default vlan 10
[Huawei-Ethernet0/0/2]stp edged-port enable //将接口配置为边缘端口
[Huawei-Ethernet0/0/2]q
[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 10
[Huawei-Ethernet0/0/3]stp edged-port enable
[Huawei-Ethernet0/0/3]q
[Huawei]int e0/0/4
[Huawei-Ethernet0/0/4]port link-type access
[Huawei-Ethernet0/0/4]port default vlan 10
[Huawei-Ethernet0/0/4]stp edged-port enable
[Huawei-Ethernet0/0/4]q
[Huawei]stp bpdu-protection //配置BPDU保护功能,增强网络稳定性
<Huawei>sys
[Huawei]dhcp enable //开启DHCP功能
[Huawei]dhcp snooping enable //开启DHCP Snooping功能(防止有人在内网私接路由器并开启DHCP,导致合法用户获取私接路由分配的地址而不能正常上网。)
[Huawei]int Eth-Trunk 1
[Huawei-Eth-Trunk1]dhcp snooping enable
[Huawei-Eth-Trunk1]dhcp snooping trusted //配置为信任接口
[Huawei-Eth-Trunk1]q
[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]dhcp snooping enable
[Huawei-Ethernet0/0/2]int e0/0/3
[Huawei-Ethernet0/0/3]dhcp snooping enable
[Huawei-Ethernet0/0/3]int e0/0/4
[Huawei-Ethernet0/0/4]dhcp snooping enable
[Huawei-Ethernet0/0/4]q
[Huawei-vlan10]ip source check user-bind enable //开启IP报文检查功能
[Huawei-vlan10]q
LSW2:
<Huawei>sys
[Huawei]undo info-center enable
[Huawei]vlan batch 10
[Huawei]int Eth-Trunk 1
[Huawei-Eth-Trunk1]port link-type trunk
[Huawei-Eth-Trunk1]port trunk allow-pass vlan 10
[Huawei-Eth-Trunk1]mode lacp
[Huawei-Eth-Trunk1]q
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]eth-trunk 1
[Huawei-Ethernet0/0/1]int e0/0/5
[Huawei-Ethernet0/0/5]eth-trunk 1
[Huawei-Ethernet0/0/5]q
[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]port default vlan 10
[Huawei-Ethernet0/0/2]stp edged-port enable
[Huawei-Ethernet0/0/2]q
[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 10
[Huawei-Ethernet0/0/3]stp edged-port enable
[Huawei-Ethernet0/0/3]q
[Huawei]int e0/0/4
[Huawei-Ethernet0/0/4]port link-type access
[Huawei-Ethernet0/0/4]port default vlan 10
[Huawei-Ethernet0/0/4]stp edged-port enable
[Huawei-Ethernet0/0/4]q
[Huawei]stp bpdu-protection
<Huawei>sys
[Huawei]dhcp enable
[Huawei]dhcp snooping enable
[Huawei]int Eth-Trunk 1
[Huawei-Eth-Trunk1]dhcp snooping enable
[Huawei-Eth-Trunk1]dhcp snooping trusted
[Huawei-Eth-Trunk1]q
[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]dhcp snooping enable
[Huawei-Ethernet0/0/2]int e0/0/3
[Huawei-Ethernet0/0/3]dhcp snooping enable
[Huawei-Ethernet0/0/3]int e0/0/4
[Huawei-Ethernet0/0/4]dhcp snooping enable
[Huawei-Ethernet0/0/4]q
[Huawei]vlan 10
[Huawei-vlan10]ip source check user-bind enable
[Huawei-vlan10]q
LSW3:
<Huawei>sys
[Huawei]undo info-center enable
[Huawei]vlan batch 10 20 100
[Huawei]interface Eth-Trunk 1
[Huawei-Eth-Trunk1]port link-type trunk
[Huawei-Eth-Trunk1]port trunk allow-pass vlan 10
[Huawei-Eth-Trunk1]mode lacp
[Huawei-Eth-Trunk1]q
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]eth-trunk 1
[Huawei-GigabitEthernet0/0/2]int g0/0/4
[Huawei-GigabitEthernet0/0/4]eth-trunk 1
[Huawei-GigabitEthernet0/0/4]q
[Huawei]int Vlanif 10
[Huawei-Vlanif10]ip address 10.10.1.1 24
[Huawei-Vlanif10]int Vlanif 20
[Huawei-Vlanif20]ip address 10.10.2.1 24
[Huawei-Vlanif20]q
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 100
[Huawei-GigabitEthernet0/0/1]q
[Huawei]int Vlanif 100
[Huawei-Vlanif100]ip address 10.10.100.1 24
[Huawei-Vlanif100]q
[Huawei]dhcp enable
[Huawei]ip pool 10 //创建一个地址池名为10
[Huawei-ip-pool-10]network 10.10.1.0 mask 24 //配置可分配的地址池范围
[Huawei-ip-pool-10]gateway-list 10.10.1.1 //配置网关地址
[Huawei-ip-pool-10]static-bind ip-address 10.10.1.254 mac-address a-b-c //配置MAC地址为a-b-c分配固定的IP地址
[Huawei-ip-pool-10]q
[Huawei]int Vlanif 10
[Huawei-Vlanif10]dhcp select global //配置从全局地址池获取IP地址
[Huawei-Vlanif10]q
[Huawei]ip route-static 0.0.0.0 0 10.10.100.2 //配置静态地址
<Huawei>sys
[Huawei]int Eth-Trunk 2
[Huawei-Eth-Trunk2]port link-type trunk
[Huawei-Eth-Trunk2]port trunk allow-pass vlan 20
[Huawei-Eth-Trunk2]mode lacp
[Huawei-Eth-Trunk2]q
[Huawei]int g0/0/5
[Huawei-GigabitEthernet0/0/5]eth-trunk 2
[Huawei-GigabitEthernet0/0/5]int g0/0/3
[Huawei-GigabitEthernet0/0/3]eth-trunk 2
[Huawei-GigabitEthernet0/0/3]q
[Huawei]dhcp enable
[Huawei]ip pool 20
[Huawei-ip-pool-20]network 10.10.2.0 mask 24
[Huawei-ip-pool-20]gateway-list 10.10.2.1
[Huawei-ip-pool-20]static-bind ip-address 10.10.2.254 mac-address a-b-d
[Huawei-ip-pool-20]q
[Huawei]int Vlanif 20
[Huawei-Vlanif20]dhcp select global
[Huawei-Vlanif20]q
AR:
<Huawei>sys
[Huawei]undo info-center enable
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.1.1.11 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.10.100.2 24
[Huawei-GigabitEthernet0/0/1]q
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule permit source 10.10.0.0 0.0.0.255
[Huawei-acl-basic-2000]int g0/0/0
[Huawei-GigabitEthernet0/0/0]nat outbound 2000
[Huawei-GigabitEthernet0/0/0]q
[Huawei]ip route-static 10.10.1.0 255.255.255.0 10.10.100.1
[Huawei]ip route-static 10.10.2.0 255.255.255.0 10.10.100.1
[Huawei]ip route-static 0.0.0.0 0 1.1.1.1
[Huawei]dns resolve
[Huawei]dns server 8.8.8.8
[Huawei]dns proxy enable
[Huawei]dis ip routing-table
测试如下:
1.部门内部选两台PC进行ping测试,验证部门内部二层互通是否正常。以部门A为例, PC1和PC2是通过ACC1实现二层互通的。
如果PC1和PC2之间互ping测试正常则说明二层互通正常。
2.从两个部门内各选一台PC进行ping测试,验证部门之间通过VLANIF实现三层互通是否正常。部门A和部门B之间的用户是通过LSW3上的VLANIF实现三层互通的。
如果PC1和PC3之间互ping测试正常则说明两个部门之间通过VLANIF实现三层互通正常。ping测试命令与步骤1类似。
3.每个部门各选一台PC进行ping公网地址测试,验证公司内网用户访问Internet是否正常。以部门A为例,
一般可以通过在PC1上ping公网网关地址(即与出口路由器对接的运营商设备的IP地址)来验证是否可以访问Internet,
如果ping测试正常则说明内网用户访问Internet正常。ping测试命令与步骤1类似。
感谢大家,点赞,收藏,关注,评论!
