华为AR28-31通过单臂路由实现vlan间路由以及介入Internet 
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://junfs.blog.51cto.com/209036/47927 |
华为AR28-31单臂路由XX市运管处新组网的环境,1台HuaWei AR28-31路由器,5台Huawei S5024G二层交换机。XX市运管处新组网的要求: 按部门划分vlan,vlan之间可以通讯,能上Internet网,固定主机内外网通信。 网络拓扑图如下:  路由器的配置信息如下: <Router>display current-configuration # sysname Router # cpu-usage cycle 1min # dialer-rule 1 ip permit # radius scheme system # domain system # local-user admin password cipher .]@USE=B,53Q=^Q`MAF4<1!! service-type telnet terminal level 3 service-type ftp local-user huawei password simple huawei service-type telnet level 3 # acl number 2001 rule 0 permit source 192.168.0.0 0.0.255.255 # interface Aux0 async mode flow # interface Dialer1 link-protocol ppp ppp pap local-user xx********@163 password simple 84480168 tcp mss 1024 ip address ppp-negotiate dialer user adsl dialer bundle 1 dialer-group 1 nat outbound 2001 # interface Ethernet0/0 speed 100 ip address 192.168.200.200 255.255.255.0 # interface Ethernet0/0.1 ip address 192.168.1.254 255.255.255.0 vlan-type dot1q vid 1 # interface Ethernet0/0.2 ip address 192.168.2.254 255.255.255.0 vlan-type dot1q vid 2 # interface Ethernet0/0.3 ip address 192.168.3.254 255.255.255.0 vlan-type dot1q vid 3 # interface Ethernet0/0.4 ip address 192.168.4.254 255.255.255.0 vlan-type dot1q v # interface Ethernet0/0.5 ip address 192.168.5.254 255.255.255.0 vlan-type dot1q vid 5 # interface Ethernet0/0.6 ip address 192.168.6.254 255.255.255.0 vlan-type dot1q vid 6 # interface Ethernet0/0.7 ip address 192.168.7.254 255.255.255.0 vlan-type dot1q vid 7 # interface Ethernet0/0.8 ip address 192.168.8.254 255.255.255.0 vlan-type dot1q vid 8 # interface Ethernet0/0.9 ip address 192.168.9.254 255.255.255.0 vlan-type dot1q vid 9 # interface Ethernet0/0.10 ip address 192.168.10.254 255.255.255.0 vlan-type dot1q vid 10 # interface Ethernet0/0.11 ip address 192.168.11.254 255.255.255.0 vlan-type dot1q vid 11 # interface Ethernet0/0.12 ip address 192.168.12.254 255.255.255.0 vlan-type dot1q vid 12 # interface Ethernet0/0.14 ip address 192.168.100.254 255.255.255.0 vlan-type dot1q vid 100 # interface Ethernet0/0.20 ip address 192.168.0.254 255.255.255.0 vlan-type dot1q vid 13 # interface Ethernet0/1 pppoe-client dial-bundle-number 1 tcp mss 1024 # interface NULL0 # FTP server enable # telnet source-ip 192.168.200.200 # ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60 # user-interface con 0 user-interface aux 0 user-interface vty 0 4 user privilege level 3 set authentication password simple 123456aA # return (vlan100用于测试) 核心交换机Switch0的配置如下: <Switch0>display current-configuration # sysname Switch0 # radius scheme system server-type huawei primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain domain system radius-scheme system access-limit disable state active vlan-assignment-mode integer idle-cut disable self-service-url disable messenger time disable domain default enable system # local-server nas-ip 127.0.0.1 key huawei local-user huawei password simple 123456aA service-type telnet level 3 # temperature-limit 0 20 80 # am user-bind mac-addr 001b-7886-ba71 ip-addr 192.168.4.25 interface GigabitEthernet0/18 am user-bind mac-addr 001b-78b1-9f4d ip-addr 192.168.4.26 interface GigabitEthernet0/14 # management-vlan 100 # vlan 1 # vlan 2 # vlan 3 # vlan 4 # vlan 5 # vlan 6 # vlan 7 # vlan 8 # vlan 9 # vlan 10 # vlan 11 # vlan 12 # vlan 13 # vlan 100 # interface Vlan-interface100 ip address 192.168.100.100 255.255.255.0 # interface Aux0/0 # interface GigabitEthernet0/1 port link-type trunk port trunk permit vlan all # interface GigabitEthernet0/2 port link-type trunk port trunk permit vlan all # interface GigabitEthernet0/3 port link-type trunk port trunk permit vlan all # interface GigabitEthernet0/4 port link-type trunk port trunk permit vlan all # interface GigabitEthernet0/5 port link-type trunk port trunk permit vlan all # interface GigabitEthernet0/6 # interface GigabitEthernet0/7 # interface GigabitEthernet0/8 # interface GigabitEthernet0/9 # interface GigabitEthernet0/10 # interface GigabitEthernet0/11 # interface GigabitEthernet0/12 port access vlan 100 # interface GigabitEthernet0/13 # interface GigabitEthernet0/14 port access vlan 4 # interface GigabitEthernet0/15 # interface GigabitEthernet0/16 # interface GigabitEthernet0/17 # interface GigabitEthernet0/18 port access vlan 4 # interface GigabitEthernet0/19 # interface GigabitEthernet0/20 port access vlan 13 # interface GigabitEthernet0/21 # interface GigabitEthernet0/22 # interface GigabitEthernet0/23 # interface GigabitEthernet0/24 # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 192.168.100.254 preference 60 # user-interface aux 0 user-interface vty 0 4 set authentication password simple 123456aA # return 接入交换机Switch1配置如下: <Switch1>display current-configuration # sysname Switch1 # radius scheme system server-type huawei primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain domain system radius-scheme system access-limit disable state active vlan-assignment-mode integer idle-cut disable self-service-url disable messenger time disable domain default enable system # local-server nas-ip 127.0.0.1 key huawei local-user huawei1 password simple 123456aA service-type telnet level 3 # temperature-limit 0 20 80 # am user-bind mac-addr 001b-78b1-a3d6 ip-addr 192.168.2.104 interface GigabitEthernet0/8 am user-bind mac-addr 001c-c41e-831f ip-addr 192.168.2.107 interface GigabitEthernet0/10 am user-bind mac-addr 001c-c41e-831f ip-addr 192.168.2.107 interface GigabitEthernet0/16 am user-bind mac-addr 001b-7886-ba08 ip-addr 192.168.3.101 interface GigabitEthernet0/9 am user-bind mac-addr 001c-c41e-831f ip-addr 192.168.2.107 interface GigabitEthernet0/11 am user-bind mac-addr 001c-c41e-831f ip-addr 192.168.2.107 interface GigabitEthernet0/13 am user-bind mac-addr 001c-c41e-831f ip-addr 192.168.2.107 interface GigabitEthernet0/14 am user-bind mac-addr 001c-c41e-815d ip-addr 192.168.9.101 interface GigabitEthernet0/3 am user-bind mac-addr 001b-78b1-a3d6 ip-addr 192.168.2.104 interface GigabitEthernet0/1 am user-bind mac-addr 001c-c41e-831f ip-addr 192.168.2.107 interface GigabitEthernet0/18 am user-bind mac-addr 001b-78b1-9f43 ip-addr 192.168.2.2 interface GigabitEthernet0/7 # management-vlan 10 # vlan 1 # vlan 2 # vlan 3 # vlan 9 # vlan 10 # interface Vlan-interface10 ip address 192.168.10.1 255.255.255.0 # interface Aux0/0 # interface GigabitEthernet0/1 port access vlan 10 # interface GigabitEthernet0/2 port link-type trunk port trunk permit vlan all # interface GigabitEthernet0/3 port access vlan 9 # interface GigabitEthernet0/4 port access vlan 9 # interface GigabitEthernet0/5 port access vlan 2 # interface GigabitEthernet0/6 port access vlan 2 # interface GigabitEthernet0/7 port access vlan 2 # interface GigabitEthernet0/8 port access vlan 2 # interface GigabitEthernet0/9 port access vlan 3 # interface GigabitEthernet0/10 port access vlan 2 # interface GigabitEthernet0/11 port access vlan 3 # interface GigabitEthernet0/12 port access vlan 3 # interface GigabitEthernet0/13 port access vlan 3 # interface GigabitEthernet0/14 port access vlan 3 # interface GigabitEthernet0/15 port access vlan 2 # interface GigabitEthernet0/16 port access vlan 2 # interface GigabitEthernet0/17 port access vlan 2 # interface GigabitEthernet0/18 port access vlan 2 # interface GigabitEthernet0/19 port access vlan 3 # interface GigabitEthernet0/20 port access vlan 3 # interface GigabitEthernet0/21 # interface GigabitEthernet0/22 # interface GigabitEthernet0/23 # interface GigabitEthernet0/24 # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 192.168.10.254 preference 60 # user-interface aux 0 user-interface vty 0 4 user privilege level 3 set authentication password simple 123456aA 接入交换机Switch2配置如下: <Switch2>display current-configuration # sysname Switch2 # radius scheme system server-type huawei primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain domain system radius-scheme system access-limit disable state active vlan-assignment-mode integer idle-cut disable self-service-url disable messenger time disable domain default enable system # local-server nas-ip 127.0.0.1 key huawei local-user huawei2 password simple 123456aA service-type telnet level 3 # temperature-limit 0 20 80 # am user-bind mac-addr 001b-78b1-9ac8 ip-addr 192.168.4.101 interface GigabitEthernet0/15 am user-bind mac-addr 001b-7886-bce2 ip-addr 192.168.4.102 interface GigabitEthernet0/16 am user-bind mac-addr 001b-7886-b962 ip-addr 192.168.4.104 interface GigabitEthernet0/18 am user-bind mac-addr 001b-78b1-9d1e ip-addr 192.168.4.105 interface GigabitEthernet0/19 am user-bind mac-addr 001b-78b1-9f15 ip-addr 192.168.0.1 interface GigabitEthernet0/13 # management-vlan 3 # vlan 1 # vlan 2 # vlan 3 # vlan 4 # vlan 1 # vlan 13 # interface Vlan-interface3 ip address 192.168.3.1 255.255.255.0 # interface Aux0/0 # interface GigabitEthernet0/1 port access vlan 2 # interface GigabitEthernet0/2 port link-type trunk port trunk permit vlan all # interface GigabitEthernet0/3 port access vlan 11 # interface GigabitEthernet0/4 port access vlan 2 # interface GigabitEthernet0/5 port access vlan 11 # interface GigabitEthernet0/6 port access vlan 11 # interface GigabitEthernet0/7 port access vlan 11 # interface GigabitEthernet0/8 port acces # interface GigabitEthernet0/9 port access vlan 11 # interface GigabitEthernet0/10 port access vlan 11 # interface GigabitEthernet0/11 port access vlan 11 # interface GigabitEthernet0/12 port access vlan 11 # interface GigabitEthernet0/13 port access vlan 13 # interface GigabitEthernet0/14 port access vlan 11 # interface GigabitEthernet0/15 port access vlan 4 # interface GigabitEthernet0/16 port access vlan 4 # interface GigabitEthernet0/17 port access vlan 4 # interface GigabitEthernet0/18 port access vlan 4 # interface GigabitEthernet0/19 port access vlan 4 # interface GigabitEthernet0/20 port access vlan 4 # interface GigabitEthernet0/21 # interface GigabitEthernet0/22 # interface GigabitEthernet0/23 # interface GigabitEthernet0/24 # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 192.168.3.254 preference 60 # user-interface aux 0 user-interface vty 0 4 user privilege level 3 set authentication password simple 123456aA # return 接入交换机Switch3配置如下: <Switch3>display current-configuration # sysname Switch3 # radius scheme system server-type huawei primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain domain system radius-scheme system access-limit disable state active vlan-assignment-mode integer idle-cut disable self-service-url disable messenger time disable domain default enable system # local-server nas-ip 127.0.0.1 key huawei local-user huawei3 password simple 123456aA service-type telnet level 3 # temperature-limit 0 20 80 # am user-bind mac-addr 001b-78b1-a23d ip-addr 192.168.5.101 interface GigabitEthernet0/1 am user-bind mac-addr 001b-78b1-a2dd ip-addr 192.168.5.102 interface GigabitEthernet0/3 am user-bind mac-addr 001b-7886-b62b ip-addr 192.168.5.104 interface GigabitEthernet0/5 am user-bind mac-addr 001b-78b1-9f4f ip-addr 192.168.5.105 interface GigabitEthernet0/6 am user-bind mac-addr 001b-78b1-a1aa ip-addr 192.168.5.106 interface GigabitEthernet0/7 am user-bind mac-addr 001b-7886-b815 ip-addr 192.168.6.101 interface GigabitEthernet0/9 am user-bind mac-addr 001b-78b1-9cdf ip-addr 192.168.6.102 interface GigabitEthernet0/10 am user-bind mac-addr 001b-7886-ba9f ip-addr 192.168.6.104 interface GigabitEthernet0/12 am user-bind mac-addr 001b-7886-b6d3 ip-addr 192.168.6.105 interface GigabitEthernet0/14 am user-bind mac-addr 001b-78b1-9fa1 ip-addr 192.168.7.101 interface GigabitEthernet0/13 am user-bind mac-addr 001b-78b1-a0a2 ip-addr 192.168.8.104 interface GigabitEthernet0/19 am user-bind mac-addr 001b-7886-becc ip-addr 192.168.6.103 interface GigabitEthernet0/11 am user-bind mac-addr 001b-7886-bdd5 ip-addr 192.168.7.106 interface GigabitEthernet0/17 # management-vlan 5 # vlan 1 # vlan 5 # vlan 6 # vlan 7 # vlan 8 # interface Vlan-interface5 ip address 192.168.5.1 255.255.255.0 # interface Aux0/0 # interface GigabitEthernet0/1 port access vlan 5 # interface GigabitEthernet0/2 port link-type trunk port trunk permit vlan all # interface GigabitEthernet0/3 port access vlan 5 # interface GigabitEthernet0/4 port access vlan 5 # interface GigabitEthernet0/5 port access vlan 5 # interface GigabitEthernet0/6 port access vlan 5 # interface GigabitEthernet0/7 port access vlan 5 # interface GigabitEthernet0/8 port access vlan 5 # interface GigabitEthernet0/9 port access vlan 6 # interface GigabitEthernet0/10 port access vlan 6 # interface GigabitEthernet0/11 port access vlan 6 # interface GigabitEthernet0/12 port access vlan 6 # interface GigabitEthernet0/13 port access vlan 7 # interface GigabitEthernet0/14 port access vlan 6 # interface GigabitEthernet0/15 port access vlan 7 # interface GigabitEthernet0/16 port access vlan 7 # interface GigabitEthernet0/17 port access vlan 7 # interface GigabitEthernet0/18 port access vlan 7 # interface GigabitEthernet0/19 port access vlan 8 # interface GigabitEthernet0/20 port access vlan 8 # interface GigabitEthernet0/21 # interface GigabitEthernet0/22 # interface GigabitEthernet0/23 # interface GigabitEthernet0/24 # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 192.168.5.254 preference 60 # user-interface aux 0 user-interface vty 0 4 user privilege level 3 set authentication password simple 123456aA # return 接入交换机Switch4配置如下: <Switch4>display current-configuration # sysname Switch4 # radius scheme system server-type huawei primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain domain system radius-scheme system access-limit disable state active vlan-assignment-mode integer idle-cut disable self-service-url disable messenger time disable domain default enable system # local-server nas-ip 127.0.0.1 key huawei local-user huawei4 password simple 123456aA service-type telnet level 3 # temperature-limit 0 20 80 # am user-bind mac-addr 001b-78b1-9f44 ip-addr 192.168.8.10 interface GigabitEthernet0/1 am user-bind mac-addr 001b-7886-b5cc ip-addr 192.168.8.22 interface GigabitEthernet0/4 am user-bind mac-addr 001b-78b1-a1e7 ip-addr 192.168.9.90 interface GigabitEthernet0/20 am user-bind mac-addr 001b-78b1-9c35 ip-addr 192.168.10.101 interface GigabitEthernet0/13 am user-bind mac-addr 001b-7846-9e48 ip-addr 192.168.10.202 interface GigabitEthernet0/19 am user-bind mac-addr 001b-7886-b93a ip-addr 192.168.10.103 interface GigabitEthernet0/16 am user-bind mac-addr 001b-78b1-9bc8 ip-addr 192.168.9.99 interface GigabitEthernet0/17 am user-bind mac-addr 001c-c41e-80c2 ip-addr 192.168.12.20 interface GigabitEthernet0/8 am user-bind mac-addr 001b-78b1-9b58 ip-addr 192.168.9.209 interface GigabitEthernet0/18 # management-vlan 8 # vlan 1 # vlan 8 # vlan 9 # vlan 10 # vlan 12 # interface Vlan-interface8 ip address 192.168.8.1 255.255.255.0 # interface Aux0/0 # interface GigabitEthernet0/1 port access vlan 8 # interface GigabitEthernet0/2 port link-type trunk port trunk permit vlan all # interface GigabitEthernet0/3 port access vlan 12 # interface GigabitEthernet0/4 port access vlan 8 # interface GigabitEthernet0/5 port access vlan 12 # interface GigabitEthernet0/6 port access vlan 12 # interface GigabitEthernet0/7 port access vlan 12 # interface GigabitEthernet0/8 port access vlan 12 # interface GigabitEthernet0/9 # interface GigabitEthernet0/10 port access vlan 12 # interface GigabitEthernet0/11 # interface GigabitEthernet0/12 # interface GigabitEthernet0/13 port access vlan 10 # interface GigabitEthernet0/14 # interface GigabitEthernet0/15 port access vlan 10 # interface GigabitEthernet0/16 port access vlan 10 # interface GigabitEthernet0/17 port access vlan 9 # interface GigabitEthernet0/18 port access vlan 9 # interface GigabitEthernet0/19 port access vlan 10 # interface GigabitEthernet0/20 port access vlan 9 # interface GigabitEthernet0/21 # interface GigabitEthernet0/22 # interface GigabitEthernet0/23 # interface GigabitEthernet0/24 # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 192.168.8.254 preference 60 # user-interface aux 0 user-interface vty 0 4 user privilege level 3 set authentication password simple 123456aA # return (配置要求很少,但是工作量很大) 本文出自 “极限空间” 博客,请务必保留此出处http://junfs.blog.51cto.com/209036/47927 本文出自 51CTO.COM技术博客 |
junfs
博客统计信息
热门文章
最新评论
友情链接
