526互联

案例1:路由交换无冗余线路设计1

发布时间 2023-06-13 15:31:27作者: 雨夜清风

JR-SW1:

undo terminal monitor

system-view

sysname JR-SW1

 

user-interface con 0

 idle-timeout 0 0

 quit

 

undo info-center enable

 

vlan batch 11 to 12 100 200

 

interface Ethernet0/0/1

 port link-type access

 port default vlan 11

 

interface Ethernet0/0/2

 port link-type access

 port default vlan 12

 

interface GigabitEthernet0/0/1

 port link-type trunk

port trunk allow-pass vlan 11 to 12 100 200

 

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk pvid vlan 200

 port trunk allow-pass vlan 11 to 12 200

JR-SW2:

undo terminal monitor

system-view

sysname JR-SW2

 

user-interface con 0

 idle-timeout 0 0

 quit

 

undo info-center enable

 

vlan batch 13 to 14 100 200

 

interface Ethernet0/0/1

 port link-type access

 port default vlan 13

 

interface Ethernet0/0/2

 port link-type access

 port default vlan 14

 

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 13 to 14 100 200

 

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk pvid vlan 200

 port trunk allow-pass vlan 11 to 12 200

JR-SW3:

undo terminal monitor

system-view

sysname JR-SW3

 

user-interface con 0

 idle-timeout 0 0

 quit

 

undo info-center enable

 

vlan batch 15 to 16 100 200

 

interface Ethernet0/0/1

 port link-type access

 port default vlan 15

 

interface Ethernet0/0/2

 port link-type access

 port default vlan 16

 

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 15 to 16 100 200

 

interface GigabitEthernet0/0/2

 port link-type trunk

port trunk pvid vlan 200

 port trunk allow-pass vlan 15 to 16 200

JR_SW4:

undo terminal monitor

system-view

sysname JR_SW4

 

user-interface con 0

 idle-timeout 0 0

 quit

 

undo info-center enable

 

vlan batch 17 to 18 100 200

 

interface Ethernet0/0/1

 port link-type access

 port default vlan 17

 

interface Ethernet0/0/2

 port link-type access

 port default vlan 18

 

interface GigabitEthernet0/0/1

 port link-type trunk

port trunk allow-pass vlan 17 to 18 100 200

 

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk pvid vlan 200

 port trunk allow-pass vlan 11 to 12 200

HJ_SW1:

undo terminal monitor

system-view

 

user-interface con 0

 idle-timeout 0 0

 quit

 

undo info-center enable

 

sysname HJ_SW1

 

vlan batch 11 to 12 100 200

dhcp enable

 

interface Vlanif11

 ip address 192.168.64.254 255.255.255.0

 

interface Vlanif12

 ip address 192.168.65.254 255.255.255.0

 

interface Vlanif100

 ip address 10.0.1.2 255.255.255.252

 

interface Vlanif200

 ip address 10.0.10.14 255.255.255.240

dhcp select relay

 dhcp relay server-ip 10.0.10.253

 

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 100

 

interface GigabitEthernet0/0/24

 port link-type trunk

 port trunk allow-pass vlan 11 to 12 100 200

 

ospf 1

 area 0.0.0.1

  network 192.168.64.0 0.0.0.255

  network 192.168.65.0 0.0.0.255

  network 10.0.1.0 0.0.0.3

  network 10.0.10.0 0.0.0.15

HJ_SW2:

undo terminal monitor

system-view

 

user-interface con 0

 idle-timeout 0 0

 quit

 

undo info-center enable

 

sysname HJ-SW2

 

vlan batch 13 to 14 100 200

dhcp enable

 

interface Vlanif13

 ip address 192.168.66.254 255.255.255.0

 

interface Vlanif14

 ip address 192.168.67.254 255.255.255.0

 

interface Vlanif100

 ip address 10.0.2.2 255.255.255.252

 

interface Vlanif200

 ip address 10.0.10.30 255.255.255.240

dhcp select relay

 dhcp relay server-ip 10.0.10.253

 

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 100

 

interface GigabitEthernet0/0/24

 port link-type trunk

 port trunk allow-pass vlan 13 to 14 100 200

 

ospf 1

 area 0.0.0.1

  network 192.168.66.0 0.0.0.255

  network 192.168.67.0 0.0.0.255

  network 10.0.2.0 0.0.0.3

  network 10.0.10.16 0.0.0.15

HJ_SW3:

undo terminal monitor

system-view

 

user-interface con 0

 idle-timeout 0 0

 quit

 

undo info-center enable

sysname HJ_SW3

 

undo info-center enable

 

vlan batch 15 to 16 100 200

dhcp enable

 

interface Vlanif15

 ip address 192.168.68.254 255.255.255.0

 

interface Vlanif16

 ip address 192.168.69.254 255.255.255.0

#

interface Vlanif100

 ip address 10.0.3.2 255.255.255.252

#

interface Vlanif200

 ip address 10.0.10.46 255.255.255.240

 dhcp select relay

 dhcp relay server-ip 10.0.10.253

 

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 100

 

interface GigabitEthernet0/0/24

 port link-type trunk

 port trunk allow-pass vlan 15 to 16 200

 

ospf 1

 area 0.0.0.2

  network 10.0.10.32 0.0.0.15

  network 10.0.3.0 0.0.0.3

  network 192.168.68.0 0.0.0.255

  network 192.168.69.0 0.0.0.255

HJ_SW4:

undo terminal monitor

system-view

 

user-interface con 0

 idle-timeout 0 0

 quit

 

undo info-center enable

sysname HJ_SW4

 

undo info-center enable

 

vlan batch 17 to 18 100 200

dhcp enable

 

interface Vlanif17

 ip address 192.168.70.254 255.255.255.0

 

interface Vlanif18

 ip address 192.168.71.254 255.255.255.0

 

interface Vlanif100

 ip address 10.0.4.2 255.255.255.252

 

interface Vlanif200

 ip address 10.0.10.62 255.255.255.240

 dhcp select relay

 dhcp relay server-ip 10.0.10.253

 

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 100

 

interface GigabitEthernet0/0/24

 port link-type trunk

 port trunk allow-pass vlan 17 to 18 200

 

ospf 1

 area 0.0.0.2

  network 10.0.10.48 0.0.0.15

  network 192.168.70.0 0.0.0.255

  network 192.168.71.0 0.0.0.255

  network 10.0.4.0 0.0.0.3

RS-5:

undo terminal monitor

system-view

user-interface con 0

 idle-timeout 0 0

 quit

 

sysname RS-5

 

undo info-center enable

 

vlan batch 100 200

interface Vlanif100

 ip address 10.0.5.2 255.255.255.252

 

interface Vlanif200

 ip address 10.0.10.254 255.255.255.252

 

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 100

 

interface GigabitEthernet0/0/3

 port link-type access

 port default vlan 200

 

ospf 1

 area 0.0.0.3

  network 10.0.10.252 0.0.0.3

  network 10.0.5.0 0.0.0.3

R1:

 

sysname R1

interface GigabitEthernet0/0/0

 ip address 10.0.0.1 255.255.255.252

 

interface GigabitEthernet0/0/1

 ip address 10.0.0.9 255.255.255.252

 

interface GigabitEthernet0/0/2

 ip address 10.0.1.1 255.255.255.252

 

interface GigabitEthernet1/0/0

 ip address 10.0.2.1 255.255.255.252

 

ospf 1

 area 0.0.0.0

  network 10.0.0.0 0.0.0.3

  network 10.0.0.8 0.0.0.3

 area 0.0.0.1

  network 10.0.1.0 0.0.0.3

  network 10.0.2.0 0.0.0.3

R2:

sysname R2

undo info-center enable

 

interface GigabitEthernet0/0/0

 ip address 10.0.0.2 255.255.255.252

 

interface GigabitEthernet0/0/1

 ip address 10.0.0.6 255.255.255.252

 

interface GigabitEthernet0/0/2

 ip address 10.0.5.1 255.255.255.252

 

ospf 1

 area 0.0.0.0

  network 10.0.0.0 0.0.0.3

  network 10.0.0.4 0.0.0.3

 area 0.0.0.3

  network 10.0.5.0 0.0.0.3

R3:

sysname R3

undo info-center enable

 

interface GigabitEthernet0/0/0

 ip address 10.0.0.5 255.255.255.252

 

interface GigabitEthernet0/0/1

 ip address 10.0.0.10 255.255.255.252

 

interface GigabitEthernet0/0/2

 ip address 10.0.3.1 255.255.255.252

 

interface GigabitEthernet1/0/0

 ip address 10.0.4.1 255.255.255.252

 

ospf 1

 area 0.0.0.0

  network 10.0.0.4 0.0.0.3

  network 10.0.0.8 0.0.0.3

 area 0.0.0.2

  network 10.0.3.0 0.0.0.3

  network 10.0.4.0 0.0.0.3

AC1:

sysname AC-1

undo info-center enable

user-interface con 0

 idle-timeout 0 0

 

vlan batch 100 200

dhcp enable

 

interface Vlanif100

 ip address 10.0.0.2 255.255.255.252

 dhcp select global

 

interface Vlanif200

 ip address 10.0.10.253 255.255.255.252

 dhcp select global

 

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 200

 

 

 

 

ip pool pool-rs-1

 gateway-list 10.0.10.14

 network 10.0.10.0 mask 28

 dns-list 8.8.8.8 114.114.114.114

 option 43 sub-option 3 ascii 10.0.10.253

 quit

 

ip pool pool-rs-2

 gateway-list 10.0.10.30

 network 10.0.10.16 mask 28

 dns-list 8.8.8.8 114.114.114.114

 option 43 sub-option 3 ascii 10.0.10.253

 quit

 

ip pool pool-rs-3

 gateway-list 10.0.10.46

 network 10.0.10.32 mask 28

 dns-list 8.8.8.8 114.114.114.114

 option 43 sub-option 3 ascii 10.0.10.253

 quit

 

ip pool pool-rs-4

 gateway-list 10.0.10.62

 network 10.0.10.48 mask 28

 dns-list 8.8.8.8 114.114.114.114

 option 43 sub-option 3 ascii 10.0.10.253

 quit

 

ip route-static 10.0.10.0 26 10.0.10.254

capwap source interface vlanif 200

 

进入wlan视图,创建名称为domain-cfg-1的域管理模版,配置国家代码cn

wlan

 regulatory-domain-profile name domain-cfg-1

 country-code cn

 quit

 

绑定mac地址和模版

ap auth-mode mac-auth

ap-id 1 ap-mac 00E0-FCDC-0EA0

ap-name AP-1

regulatory-domain-profile domain-cfg-1

 

ap-id 2 ap-mac 00E0-FC3C-6430

ap-name AP-2

regulatory-domain-profile domain-cfg-1

 

ap-id 3 ap-mac 00E0-FCC3-51E0

ap-name AP-3

regulatory-domain-profile domain-cfg-1

 

ap-id 4 ap-mac 00E0-FC50-07E0

ap-name AP-4

regulatory-domain-profile domain-cfg-1

 

dis ap all

--------------------------------------------------------------------------------

ID   MAC            Name Group   IP         Type            State STA Uptime

--------------------------------------------------------------------------------

1    00e0-fcdc-0ea0 AP-1 default 10.0.10.12 AP3030DN        nor   0   6M:30S

2    00e0-fc3c-6430 AP-2 default 10.0.10.19 AP3030DN        nor   0   1M:45S

3    00e0-fcc3-51e0 AP-3 default 10.0.10.45 AP3030DN        nor   0   1M:5S

4    00e0-fc50-07e0 AP-4 default 10.0.10.57 AP3030DN        nor   0   9S

 

配置业务参数:

创建安全模版sec-cfg-1,并配置安全策略

wlan

 regulatory-domain-profile name domain-cfg-1

 country-code cn

 quit

 

security-profile name sec-cfg-1

 security wpa-wpa2 psk pass-phrase abcd1111 aes

 quit

 

ssid-profile name ssid-cfg-1

 ssid wifi-1

 quit

 

ssid-profile name ssid-cfg-2

 ssid wifi-2

 quit

创建模版vap-cfg-1模版对应2.4g

vap-profile name vap-cfg-1

 forward-mode direct-forward

 service-vlan vlan-id 11

 security-profile sec-cfg-1

 ssid-profile ssid-cfg-1

 quit

 

 

创建模版vap-cfg-2模版对应5g

vap-profile name vap-cfg-2

 forward-mode direct-forward

 service-vlan vlan-id 12

 security-profile sec-cfg-1

 ssid-profile ssid-cfg-2

 quit

 

 

根据wlan规划,各AP创建vap模版

ap-1、vap-cfg-1-1、vapcfg-1-2

ap-2、vap-cfg-2-1、vapcfg-2-2

ap-3、vap-cfg-3-1、vapcfg-3-2

ap-4、vap-cfg-4-1、vapcfg-4-2

 

vap-profile name vap-cfg-1-1

 forward-mode direct-forward

 service-vlan vlan-id 11

 security-profile sec-cfg-1

 ssid-profile ssid-cfg-1

 quit

 

vap-profile name vap-cfg-1-2

 forward-mode direct-forward

 service-vlan vlan-id 12

 security-profile sec-cfg-1

 ssid-profile ssid-cfg-2

 quit

 

vap-profile name vap-cfg-2-1

 forward-mode direct-forward

 service-vlan vlan-id 13

 security-profile sec-cfg-1

 ssid-profile ssid-cfg-1

 quit

 

vap-profile name vap-cfg-2-2

 forward-mode direct-forward

 service-vlan vlan-id 14

 security-profile sec-cfg-1

 ssid-profile ssid-cfg-2

 quit

 

vap-profile name vap-cfg-3-1

 forward-mode direct-forward

 service-vlan vlan-id 15

 security-profile sec-cfg-1

 ssid-profile ssid-cfg-1

 quit

 

vap-profile name vap-cfg-3-2

 forward-mode direct-forward

 service-vlan vlan-id 16

 security-profile sec-cfg-1

 ssid-profile ssid-cfg-2

 quit

 

vap-profile name vap-cfg-4-1

 forward-mode direct-forward

 service-vlan vlan-id 17

 security-profile sec-cfg-1

 ssid-profile ssid-cfg-1

 quit

 

vap-profile name vap-cfg-4-2

 forward-mode direct-forward

 service-vlan vlan-id 18

 security-profile sec-cfg-1

 ssid-profile ssid-cfg-2

 quit

 

在无线控制器AC-1上,通过AP组ap-group-cfg-1配置组中的AP(AP-1~AP-4),配置射频0引用vap-cfg-1模版,射频1引用vap-cfg-2模版

 

ap-group name ap-group-cfg-1

 vap-profile vap-cfg-1 wlan 1 radio 0

 vap-profile vap-cfg-2 wlan 1 radio 1