a.【华为交换机基础命令】

b.【华为设备DHCP中继】

c.【华为设备mstp+vrrp 配置】

d.【华为设备配置BDF链路冗余】

e.【300-500人网络规划与模拟配置】

f.【ospf &bgp&路由策略&策略路由】

g.【华为设备BGP配置】

500人网络规划

1.核心交换机配置

1.1.修改交换机为根桥

sys
un in en
sysn hexin-sw
stp root primary 

1.2.创建vlan

vlan batch 10 20 30 40 100 999

1.3.配置网关地址

int vlan 10
ip add 172.16.10.1 24
int vlan 20
ip add 172.16.20.1 24
int vlan 30
ip add 172.16.30.1 24
int vlan 40
ip add 172.16.40.1 24
int vlan 100
ip add 172.16.100.1 24
int vlan 999
ip add 192.168.99.1 24

1.4添加默认静态路由

ip route-static 0.0.0.0 0 172.16.100.254

1.5创建链路聚合

[hexin-sw-Eth-Trunk4]dis this
interface Eth-Trunk4
 port link-type trunk
 port trunk allow-pass vlan 100 999
 traffic-filter outbound acl 3000
 mode lacp-static

1.6 ACL访问控制

acl number 3000      ## vlan 30 可以访问100.3其它地址拒绝
 rule 5 permit ip source 172.16.30.0 0.0.0.255 destination 172.16.100.3 0
 rule 10 deny ip source 172.16.0.0 0.0.255.255 destination 172.16.100.3 0

1.7.配置链路聚合

1.7.1.配置lacp与SW1交换机对接

int Eth-Trunk 1
mode lacp-static
trunkport gi 0/0/1 to 0/0/2
port link-type trunk 
port trunk allow-pass vlan 10 20 999

1.7.2.配置lacp与SW2交换机对接

int Eth-Trunk 2
mode lacp-static
trunkport gi 0/0/3 to 0/0/4
port link-type trunk 
port trunk allow-pass vlan 30 999

1.7.3.配置lacp与SW3交换机对接

int Eth-Trunk 3
mode lacp-static
trunkport gi 0/0/5 to 0/0/6
port link-type trunk 
port trunk allow-pass vlan 40 999

1.7.4.配置lacp与SW4交换机对接

int Eth-Trunk 4
mode lacp-static
trunkport gi 0/0/7 to 0/0/8
port link-type trunk 
port trunk allow-pass vlan 100 999

2.出口路由器配置

2.1.lacp配置

int Eth-Trunk 5
mode lacp-static
undo portswitch
trunkport gi 0/0/9 to 0/0/10
port link-type access 
port default vlan 100 
int gi0/0/0
eth-trunk 5
int gi0/0/1
eth-trunk 5
int Eth-Trunk 5
ip add 172.16.100.254 24

2.2.NAT 配置

acl 2000
rule 5 permit source 172.16.0.0 0.0.255.255 
int gi0/0/2
nat outbound 2000

2.3.外网路由器配置

ip route-static 0.0.0.0 0 12.1.1.6
ip route-static 172.16.0.0 16 172.16.100.1 

3.接入交换机配置

3.1. 交换机SW1

sys
un in en
sysn sw1
vlan batch 10 20 999
port-group group-member ethe 0/0/1 to ethe 0/0/21
stp edged-port enable
port link-type acc 
port default vlan  10
quit
int  ethe 0/0/22
port link-type acc 
port default vlan  20
quit
int Eth-Trunk 1
mode lacp-static 
trunkport gi 0/0/1 to 0/0/2
port link-type trunk 
port trunk allow-pass vlan 10 20 999
quit
int vlan 999
ip add 192.168.99.254 24
quit
ip route-static 0.0.0.0 0 192.168.99.1

3.2. 交换机SW2

sys
un in en
sysn sw2
vlan batch 30 999
port-group group-member ethe 0/0/1 to ethe 0/0/22
stp edged-port enable
port link-type acc 
port default vlan  30
quit
int Eth-Trunk 2
mode lacp-static 
trunkport gi 0/0/1 to 0/0/2
port link-type trunk 
port trunk allow-pass vlan 30 999
quit
int vlan 999
ip add 192.168.99.253 24
quit
ip route-static 0.0.0.0 0 192.168.99.1

3.3. 交换机SW3

sys
un in en
sysn sw3
vlan batch 40 999
port-group group-member ethe 0/0/1 to ethe 0/0/22
stp edged-port enable
port link-type acc 
port default vlan  40 
quit
int Eth-Trunk 3
mode lacp-static 
trunkport gi 0/0/1 to 0/0/2
port link-type trunk 
port trunk allow-pass vlan 40 999
quit
int vlan 999
ip add 192.168.99.252 24
quit
ip route-static 0.0.0.0 0 192.168.99.1

3.4. 交换机SW4

sys
un in en
sysn sw4
vlan batch 100 999
port-group group-member ethe 0/0/1 to ethe 0/0/22
stp edged-port enable
port link-type acc 
port default vlan  100
quit
int Eth-Trunk 4
mode lacp-static 
trunkport gi 0/0/1 to 0/0/2
port link-type trunk 
port trunk allow-pass vlan 100 999
quit
int vlan 999
ip add 192.168.99.251 24
quit
ip route-static 0.0.0.0 0 192.168.99.1

4.核心交换机开启DHCP

4.1. 开启地址池并启用DHCP

enable dhcp
创建DHCP Ip地址池
ip pool vlan10-address
gateway-list 172.16.10.1
dns-list 114.114.114.114 8.8.8.8
network 172.16.10.0 mask 255.255.255.0

ip pool vlan20-address
gateway-list 172.16.20.1
dns-list 114.114.114.114 8.8.8.8
network 172.16.20.0 mask 255.255.255.0

ip pool vlan30-address
gateway-list 172.16.30.1
dns-list 114.114.114.114 8.8.8.8
network 172.16.30.0 mask 255.255.255.0

ip pool vlan40-address
gateway-list 172.16.40.1
dns-list 114.114.114.114 8.8.8.8
network 172.16.40.0 mask 255.255.255.0

4.2. 应用用对应的vlanfi接口

int vlan 10 
dhcp select global 
int vlan 20 
dhcp select global 
int vlan 30 
dhcp select global 
int vlan 40 
dhcp select global 

5.开启ssh访问

开启ssh (模拟器存储BUG做不了，可以做telnet)
stelnet server enable 
aaa
local-user zhangsan password cipher 123 privilege level 3
local-user zhangsan service-type ssh 
user-interface vty 0 4 
authentication-mode aaa
protocol inbound ssh     ## ssh服务访问
部分系统：（模拟器可以不敲）
 rsa local-key-pair create  
 ssh user zhangsan  
 ssh user zhangsan  authentication-type all  
 ssh user zhangsan  service-type a