之前在学习HCIP技术的时候，有个实验拓扑非常经典，现在分享给大家。

这个网络拓扑使用到非常多的网络技术，是一个综合实验。

1、实验总体拓扑

2、实验具体要求：

要求：

1、 配置vlan  trunk  两台核心之间配置链路捆绑。

2、 配置MSTP+VRRP 实现流量负载分担同时实现冗余，并配置相关stp优化技术加快stp收敛，并减少stp震荡。

3、 配置OSPF和静态实现三层路由，确保分支可以访问总部。

4、 所有用户采用动态获取ip地址，并配置相关dhcp安全技术。

5、 联通作为主出口 电信PPPOE作为备份出口。

6、 禁止vlan5 用户访问外网。

7、 将server 200.2 80端口映射成联通公网地址。

8、 所有交换机都可以被远程telnet （hcie 123）。

9、 出口链路正常时，vlan3 使用电信PPPOE上网。

3、实验使用的软件工具

1、华为ENSP

2、VirtualBox

4、完成网络拓扑实验思路

1、使用ensp，选择合适的接口，先搭建好网络拓扑（一般来说，接入层交换机型号较低，两个G电口或者光口都是作为上联口）

2、出口应该是防火墙兼并路由器功能，此次使用路由功能。

3、先把网络配置通畅，在考虑安全问题，配置安全技术措施。

4、最后做好远程管理vlan配置。

5、具体的配置步骤如下：

5.1、vlan trunk eth-trunk 配置

5.2、mstp配置、（这里的MSTP+VRRP可以替换为堆叠）

5.3、vrrp配置、（堆叠会让网络变得更加简单）

5.4、bfd配置

5.5、ospf、nat配置

5.6、dhcp中继配置

5.7、PPPoe配置

5.8、出口路由配置

5.9、nat server配置

5.10、acl配置

5.11、策略路由配置

5.12、telnet配置

6、分析网络组成

先看中心机房

可以看到SW1和SW2是双核心，R1为企业出口

SW8作为服务器集群的交换机，其中DHCP服务器在内。

我们来看看企业出口外部，可以看到有双链路冗余，（电信、联通）还有一个机构分支，使用专线链接。

企业的内部

汇聚层通过双链路连接到SW1和SW2，这里有两层楼，实际情况有很多台汇聚交换机。

其中右下角的R7充当一台PC电脑，远程telnet管理企业内部交换机。

接下来是MSTP和VRRP的设计了。

这里分了2个mstp实例，因为只有两个核心交换机的线路可以走。

VRRP根据网段，配置了2、3、4、5、200、999管理vlan网关主备。

链路根据配置MSTP实例进行端口阻塞，左边阻塞vlan 2 vlan 3，右边阻塞vlan 4 vlan 5。

好了，整体的网络拓扑介绍完毕。

如果在这里教大家如何配置网络，就不合宜了哈。

7、设备的配置信息

下面是各个设备配置

R1

#
 sysname R1
#
 board add 0/1 1GEC 
 board add 0/2 1GEC 
 board add 0/3 1GEC 
 board add 0/4 1GEC 
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
bfd
#
acl number 2000  
 rule 5 permit source 192.168.0.0 0.0.255.255 
acl number 2001  
 rule 5 permit source 192.168.0.0 0.0.255.255 
#
acl number 3005  
 rule 5 permit ip source 192.168.5.0 0.0.0.255 destination 192.168.0.0 0.0.255.2
55 
 rule 10 deny ip source 192.168.5.0 0.0.0.255 
acl number 3008  
 rule 5 deny ip source 192.168.3.0 0.0.0.255 destination 192.168.0.0 0.0.255.255
 
 rule 10 permit ip source 192.168.3.0 0.0.0.255 
#
traffic classifier VLAN_3 operator or
 if-match acl 3008
#
traffic behavior VLAN_3
 redirect ip-nexthop 13.1.1.2
#
traffic policy aa
 classifier VLAN_3 behavior VLAN_3
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user hcie password cipher %$%$RuJb@`:"_$1k,_$\~'~#BKs]%$%$
 local-user hcie privilege level 3
 local-user hcie service-type telnet
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface Dialer1
 link-protocol ppp
 ppp pap local-user 0531 password simple 123456
 mtu 1492
 ip address ppp-negotiate
 dialer user 0531
 dialer bundle 2
 nat outbound 2001
#
interface GigabitEthernet0/0/0
 ip address 192.168.12.1 255.255.255.0 
 traffic-filter inbound acl 3005
#
interface GigabitEthernet0/0/1
 ip address 192.168.23.1 255.255.255.0 
 traffic-filter inbound acl 3005
#
interface GigabitEthernet0/0/2
 pppoe-client dial-bundle-number 2 
#
interface GigabitEthernet1/0/0
 ip address 13.1.1.1 255.255.255.0 
 nat server protocol tcp global current-interface www inside 192.168.200.2 www
 nat outbound 2000
#
interface GigabitEthernet2/0/0
 ip address 14.1.1.1 255.255.255.0 
#
interface GigabitEthernet3/0/0
#
interface GigabitEthernet4/0/0
#
interface NULL0
#
bfd bb bind peer-ip 192.168.12.2 source-ip 192.168.12.1 auto
 commit
#
bfd cc bind peer-ip 192.168.23.2 source-ip 192.168.23.1 auto
 commit
#
ospf 1 
 area 0.0.0.0 
  network 14.1.1.0 0.0.0.255 
  network 192.168.12.0 0.0.0.255 
  network 192.168.23.0 0.0.0.255 
#
ip route-static 0.0.0.0 0.0.0.0 Dialer1 preference 85 description TO_DianXinBoHa
o
ip route-static 0.0.0.0 0.0.0.0 13.1.1.2
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
 authentication-mode aaa
user-interface vty 16 20
#
wlan ac
#
return

SW1

#
sysname HX_sw1
#
undo info-center enable
#
vlan batch 2 to 5 200 800 999
#
stp instance 1 root primary
stp instance 2 root secondary
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
stp region-configuration
 region-name aa
 revision-level 1
 instance 1 vlan 2 to 3 200
 instance 2 vlan 4 to 5
 active region-configuration
#
bfd
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!!
 local-user hcie privilege level 3
 local-user hcie service-type telnet
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif2
 ip address 192.168.2.254 255.255.255.0
 vrrp vrid 2 virtual-ip 192.168.2.1
 vrrp vrid 2 priority 105
 vrrp vrid 2 track interface GigabitEthernet0/0/1
 vrrp vrid 2 track bfd-session session-name bb
 dhcp select relay
 dhcp relay server-ip 192.168.200.3
#
interface Vlanif3
 ip address 192.168.3.254 255.255.255.0
 vrrp vrid 3 virtual-ip 192.168.3.1
 vrrp vrid 3 priority 105
 vrrp vrid 3 track interface GigabitEthernet0/0/1
 vrrp vrid 3 track bfd-session session-name bb
 dhcp select relay
 dhcp relay server-ip 192.168.200.3
#
interface Vlanif4
 ip address 192.168.4.254 255.255.255.0
 vrrp vrid 4 virtual-ip 192.168.4.1
 ospf cost 4
 dhcp select relay
 dhcp relay server-ip 192.168.200.3
#
interface Vlanif5
 ip address 192.168.5.254 255.255.255.0
 vrrp vrid 5 virtual-ip 192.168.5.1
 ospf cost 4
 dhcp select relay
 dhcp relay server-ip 192.168.200.3
#
interface Vlanif200
 ip address 192.168.200.254 255.255.255.0
 vrrp vrid 200 virtual-ip 192.168.200.1
 vrrp vrid 200 priority 105
 vrrp vrid 200 track interface GigabitEthernet0/0/1
 vrrp vrid 200 track bfd-session session-name bb
#
interface Vlanif800
 ip address 192.168.12.2 255.255.255.0
#
interface Vlanif999
 ip address 192.168.255.254 255.255.255.0
 vrrp vrid 255 virtual-ip 192.168.255.1
#
interface MEth0/0/1
#
interface Eth-Trunk2
 port link-type trunk
 port trunk allow-pass vlan 2 to 5 200 999
 stp instance 1 cost 10000
 stp instance 2 cost 10000
 mode lacp-static
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 3 999
#
interface GigabitEthernet0/0/2
 eth-trunk 2
#
interface GigabitEthernet0/0/3
 eth-trunk 2
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 4 to 5 999
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 200 999
#
interface GigabitEthernet0/0/6
 port link-type access
 port default vlan 800
 stp disable
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
bfd bb bind peer-ip 192.168.12.1 source-ip 192.168.12.2 auto
 commit
#
ospf 1
 area 0.0.0.0
  network 192.168.2.0 0.0.0.255
  network 192.168.3.0 0.0.0.255
  network 192.168.4.0 0.0.0.255
  network 192.168.5.0 0.0.0.255
  network 192.168.200.0 0.0.0.255
  network 192.168.12.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 192.168.12.1
ip route-static 0.0.0.0 0.0.0.0 192.168.23.1 preference 65
#
user-interface con 0
user-interface vty 0 4
 authentication-mode aaa
#
return

SW2

#
sysname HX_sw2
#
undo info-center enable
#
vlan batch 2 to 5 200 801 999
#
stp instance 1 root secondary
stp instance 2 root primary
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
stp region-configuration
 region-name aa
 revision-level 1
 instance 1 vlan 2 to 3 200
 instance 2 vlan 4 to 5
 active region-configuration
#
bfd
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!!
 local-user hcie privilege level 3
 local-user hcie service-type telnet
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif2
 ip address 192.168.2.253 255.255.255.0
 vrrp vrid 2 virtual-ip 192.168.2.1
 ospf cost 4
 dhcp select relay
 dhcp relay server-ip 192.168.200.3
#
interface Vlanif3
 ip address 192.168.3.253 255.255.255.0
 vrrp vrid 3 virtual-ip 192.168.3.1
 ospf cost 4
 dhcp select relay
 dhcp relay server-ip 192.168.200.3
#
interface Vlanif4
 ip address 192.168.4.253 255.255.255.0
 vrrp vrid 4 virtual-ip 192.168.4.1
 vrrp vrid 4 priority 105
 vrrp vrid 4 track interface GigabitEthernet0/0/4
 vrrp vrid 4 track bfd-session session-name cc
 dhcp select relay
 dhcp relay server-ip 192.168.200.3
#
interface Vlanif5
 ip address 192.168.5.253 255.255.255.0
 vrrp vrid 5 virtual-ip 192.168.5.1
 vrrp vrid 5 priority 105
 vrrp vrid 5 track interface GigabitEthernet0/0/4
 vrrp vrid 5 track bfd-session session-name cc
 dhcp select relay
 dhcp relay server-ip 192.168.200.3
#
interface Vlanif200
 ip address 192.168.200.253 255.255.255.0
 vrrp vrid 200 virtual-ip 192.168.200.1
 ospf cost 4
#
interface Vlanif801
 ip address 192.168.23.2 255.255.255.0
#
interface Vlanif999
 ip address 192.168.255.253 255.255.255.0
 vrrp vrid 255 virtual-ip 192.168.255.1
#
interface MEth0/0/1
#
interface Eth-Trunk2
 port link-type trunk
 port trunk allow-pass vlan 2 to 5 200 999
 stp instance 1 cost 10000
 stp instance 2 cost 10000
 mode lacp-static
#
interface GigabitEthernet0/0/1
 eth-trunk 2
#
interface GigabitEthernet0/0/2
 eth-trunk 2
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 200 999
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 4 to 5 999
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 2 to 3 999
#
interface GigabitEthernet0/0/6
 port link-type access
 port default vlan 801
 stp disable
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
bfd cc bind peer-ip 192.168.23.1 source-ip 192.168.23.2 auto
 commit
#
ospf 1
 area 0.0.0.0
  network 192.168.2.0 0.0.0.255
  network 192.168.3.0 0.0.0.255
  network 192.168.4.0 0.0.0.255
  network 192.168.5.0 0.0.0.255
  network 192.168.200.0 0.0.0.255
  network 192.168.23.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 192.168.23.1
ip route-static 0.0.0.0 0.0.0.0 192.168.12.1 preference 65
#
user-interface con 0
user-interface vty 0 4
 authentication-mode aaa
#
return

SW8

#
sysname sw8
#
undo info-center enable
#
vlan batch 2 to 5 200 999
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
 region-name aa
 revision-level 1
 instance 1 vlan 2 to 3 200
 instance 2 vlan 4 to 5
 active region-configuration
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!!
 local-user hcie privilege level 3
 local-user hcie service-type telnet
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif999
 ip address 192.168.255.8 255.255.255.0
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 200 999
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 200
 stp edged-port enable
#
interface Ethernet0/0/4
 port link-type access
 port default vlan 200
 stp edged-port enable
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.255.1
#
user-interface con 0
user-interface vty 0 4
 authentication-mode aaa
#
return

Server 3

DHCP Server

#
sysname DHCP
#
undo info-center enable
#
dhcp enable
#
ip pool vlan2
 gateway-list 192.168.2.1
 network 192.168.2.0 mask 255.255.255.0
 excluded-ip-address 192.168.2.249 192.168.2.254
 dns-list 114.114.114.114 8.8.8.8
#
ip pool vlan3
 gateway-list 192.168.3.1
 network 192.168.3.0 mask 255.255.255.0
 excluded-ip-address 192.168.3.249 192.168.3.254
 dns-list 114.114.114.114 8.8.8.8
#
ip pool vlan4
 gateway-list 192.168.4.1
 network 192.168.4.0 mask 255.255.255.0
 excluded-ip-address 192.168.4.249 192.168.4.254
 dns-list 114.114.114.114 8.8.8.8
#
ip pool vlan5
 gateway-list 192.168.5.1
 network 192.168.5.0 mask 255.255.255.0
 excluded-ip-address 192.168.5.249 192.168.5.254
 dns-list 114.114.114.114 8.8.8.8
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher 7c:;61gxM:ani^>"qh^;2t_#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
wlan
#
ip route-static 0.0.0.0 0.0.0.0 192.168.200.1
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

DX_R2

#
 sysname DX_R2
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
ip pool pool1
 gateway-list 12.1.1.2 
 network 12.1.1.0 mask 255.255.255.0 
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user 0531 password cipher %$%$yR4\Et2QEHbL;.2_q4D<~#uH%$%$
 local-user 0531 service-type ppp
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface Virtual-Template1
 ppp authentication-mode pap 
 remote address pool pool1
 ip address 12.1.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/0
 pppoe-server bind Virtual-Template 1
#
interface GigabitEthernet0/0/1
 ip address 25.1.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
rip 1
 version 2
 network 12.0.0.0
 network 25.0.0.0
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

LT_R3

#
sysname LT_R3
#
undo info-center enable
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher g8S/4<\E7A]@l3D+mKgUNt]#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
wlan
#
rip 1
 version 2
 network 13.0.0.0
 network 35.0.0.0
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

R5

#
sysname R5
#
undo info-center enable
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher PsA-QOqpp/+/Y@:Y>Lw(zt^#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
wlan
#
rip 1
 version 2
 network 25.0.0.0
 network 35.0.0.0
 network 5.0.0.0
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

baidu Server

FZ_R4

#
sysname FZ_R4
#
undo info-center enable
#
undo nap slave enable
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user hcie password cipher wP_T$UyeuTbL^B&WSBiQUu0#
 local-user hcie privilege level 3
 local-user hcie service-type telnet
 local-user admin password cipher qu>q0W8)\MbL^B&WSBiQUu0#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
wlan
#
ospf 1
 area 0.0.0.0
  network 14.1.1.0 0.0.0.255
  network 192.168.100.0 0.0.0.255
#
user-interface con 0
user-interface vty 0 4
 authentication-mode aaa
user-interface vty 16 20
#
return

FZ_Server

HJ_SW3

#
sysname HJ_sw3
#
undo info-center enable
#
vlan batch 2 to 5 200 999
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
 region-name aa
 revision-level 1
 instance 1 vlan 2 to 3 200
 instance 2 vlan 4 to 5
 active region-configuration
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!!
 local-user hcie privilege level 3
 local-user hcie service-type telnet
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif999
 ip address 192.168.255.3 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 3 999
 stp instance 1 cost 10000
 stp instance 2 cost 10000
 mode lacp-static
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 3 999
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 3 999
#
interface Ethernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 999
#
interface Ethernet0/0/4
 eth-trunk 1
#
interface Ethernet0/0/5
 eth-trunk 1
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.255.1
#
user-interface con 0
user-interface vty 0 4
 authentication-mode aaa
#
return

HJ_SW4

#
sysname HJ_sw4
#
undo info-center enable
#
vlan batch 2 to 5 200 999
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
 region-name aa
 revision-level 1
 instance 1 vlan 2 to 3 200
 instance 2 vlan 4 to 5
 active region-configuration
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!!
 local-user hcie privilege level 3
 local-user hcie service-type telnet
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif999
 ip address 192.168.255.4 255.255.255.0
#
interface MEth0/0/1
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 4 to 5 999
#
interface Ethernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 4 to 5 999
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.255.1
#
user-interface con 0
user-interface vty 0 4
 authentication-mode aaa
#
return

JR_SW5

#
sysname JR_sw5
#
undo info-center enable
#
vlan batch 2 to 5 200 999
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
dhcp enable
#
dhcp snooping enable
#
diffserv domain default
#
drop-profile default
#
vlan 2
 dhcp snooping enable
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!!
 local-user hcie privilege level 3
 local-user hcie service-type telnet
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif999
 ip address 192.168.255.5 255.255.255.0
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 999
 dhcp snooping trusted
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 2
 stp edged-port enable
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.255.1
#
user-interface con 0
user-interface vty 0 4
 authentication-mode aaa
#
return

JR_SW6

#
sysname JR_sw6
#
undo info-center enable
#
vlan batch 2 to 5 200 999
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
dhcp enable
#
dhcp snooping enable
#
diffserv domain default
#
drop-profile default
#
vlan 3
 dhcp snooping enable
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!!
 local-user hcie privilege level 3
 local-user hcie service-type telnet
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif999
 ip address 192.168.255.6 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 3 999
 stp instance 0 cost 10000
 mode lacp-static
 dhcp snooping trusted
#
interface Ethernet0/0/1
 eth-trunk 1
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 3
 stp edged-port enable
#
interface Ethernet0/0/3
 eth-trunk 1
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.255.1
#
user-interface con 0
user-interface vty 0 4
 authentication-mode aaa
#
return

PC4、PC6、PC7

R7

#
sysname PC
#
undo info-center enable
#
dhcp enable
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher >:{/T'yS94+/Y@:Y>Lw(`u##
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
wlan
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

实验拓扑完成，建议多完成几次，可加深对企业网络的了解。

如有问题，可留言联系。