# DHCP 配置
[SW]interface GigabitEthernet 0/0/1 | |
[SW-GigabitEthernet0/0/1]port link-type access | |
[SW-GigabitEthernet0/0/1]port default vlan 10 | |
[SW]interface GigabitEthernet 0/0/2 | |
[SW-GigabitEthernet0/0/2]port link-type access | |
[SW-GigabitEthernet0/0/2]port default vlan 20 | |
[SW]display ip routing-table | |
Route Flags: R - relay, D - download to fib | |
------------------------------------------------------------------------------ | |
Routing Tables: Public | |
Destinations : 6 Routes : 6 | |
Destination/Mask Proto Pre Cost Flags NextHop Interface | |
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 | |
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 | |
192.168.10.0/24 Direct 0 0 D 192.168.10.254 Vlanif10 | |
192.168.10.254/32 Direct 0 0 D 127.0.0.1 Vlanif10 | |
192.168.20.0/24 Direct 0 0 D 192.168.20.254 Vlanif20 | |
192.168.20.254/32 Direct 0 0 D 127.0.0.1 Vlanif20 |
[SW]dhcp enable | |
[SW]interface Vlanif 10 | |
[SW-Vlanif10]dhcp select interface | |
[SW-Vlanif10]dhcp server dns-list 8.8.8.8 | |
[SW-Vlanif10]dhcp server excluded-ip-address 192.168.10.101 192.168.10.253 | |
[SW-Vlanif10]dhcp server lease day 8 | |
[SW-Vlanif10]display this | |
# | |
interface Vlanif10 | |
ip address 192.168.10.254 255.255.255.0 | |
dhcp select interface | |
dhcp server excluded-ip-address 192.168.10.101 192.168.10.253 | |
dhcp server lease day 8 hour 0 minute 0 | |
dhcp server dns-list 8.8.8.8 | |
PC>ipconfig | |
Link local IPv6 address...........: fe80::5689:98ff:fef8:1467 | |
IPv6 address......................: :: / 128 | |
IPv6 gateway......................: :: | |
IPv4 address......................: 192.168.10.100 | |
Subnet mask.......................: 255.255.255.0 | |
Gateway...........................: 192.168.10.254 | |
Physical address..................: 54-89-98-F8-14-67 | |
DNS server........................: 8.8.8.8 | |
# | |
return | |
[SW]interface Vlanif 20 | |
[SW-Vlanif20]dhcp select global | |
[SW-Vlanif20]ip pool 20 | |
Info:It's successful to create an IP address pool. | |
[SW-ip-pool-20]network 192.168.20.0 mask 24 | |
[SW-ip-pool-20]gateway-list 192.168.20.254 | |
[SW-ip-pool-20]dns-list 8.8.8.8 | |
[SW-ip-pool-20]lease 10 | |
[SW-ip-pool-20]excluded-ip-address 192.168.20.151 192.168.20.253 | |
[SW-ip-pool-20]display this | |
# | |
ip pool 20 | |
gateway-list 192.168.20.254 | |
network 192.168.20.0 mask 255.255.255.0 | |
excluded-ip-address 192.168.20.151 192.168.20.253 | |
lease day 10 hour 0 minute 0 | |
dns-list 8.8.8.8 | |
# | |
return | |
[SW]display current-configuration | |
# | |
sysname SW | |
# | |
undo info-center enable | |
# | |
vlan batch 10 20 | |
# | |
cluster enable | |
ntdp enable | |
ndp enable | |
# | |
drop illegal-mac alarm | |
# | |
dhcp enable | |
# | |
diffserv domain default | |
# | |
drop-profile default | |
# | |
ip pool 20 | |
gateway-list 192.168.20.254 | |
network 192.168.20.0 mask 255.255.255.0 | |
excluded-ip-address 192.168.20.151 192.168.20.253 | |
lease day 10 hour 0 minute 0 | |
dns-list 8.8.8.8 | |
# | |
aaa | |
authentication-scheme default | |
authorization-scheme default | |
accounting-scheme default | |
domain default | |
domain default_admin | |
local-user admin password simple admin | |
local-user admin service-type http | |
# | |
interface Vlanif1 | |
# | |
interface Vlanif10 | |
ip address 192.168.10.254 255.255.255.0 | |
dhcp select interface | |
dhcp server excluded-ip-address 192.168.10.101 192.168.10.253 | |
dhcp server lease day 8 hour 0 minute 0 | |
dhcp server dns-list 8.8.8.8 | |
# | |
interface Vlanif20 | |
ip address 192.168.20.254 255.255.255.0 | |
dhcp select global | |
# | |
interface MEth0/0/1 | |
# | |
interface GigabitEthernet0/0/1 | |
port link-type access | |
port default vlan 10 | |
# | |
interface GigabitEthernet0/0/2 | |
port link-type access | |
port default vlan 20 | |
# | |
interface GigabitEthernet0/0/3 | |
# | |
interface GigabitEthernet0/0/4 | |
# | |
interface GigabitEthernet0/0/5 | |
# | |
interface GigabitEthernet0/0/6 | |
# | |
interface GigabitEthernet0/0/7 | |
# | |
interface GigabitEthernet0/0/8 | |
# | |
interface GigabitEthernet0/0/9 | |
# | |
interface GigabitEthernet0/0/10 | |
# | |
interface GigabitEthernet0/0/11 | |
# | |
interface GigabitEthernet0/0/12 | |
# | |
interface GigabitEthernet0/0/13 | |
# | |
interface GigabitEthernet0/0/14 | |
# | |
interface GigabitEthernet0/0/15 | |
# | |
interface GigabitEthernet0/0/16 | |
# | |
interface GigabitEthernet0/0/17 | |
# | |
interface GigabitEthernet0/0/18 | |
# | |
interface GigabitEthernet0/0/19 | |
# | |
interface GigabitEthernet0/0/20 | |
# | |
interface GigabitEthernet0/0/21 | |
# | |
interface GigabitEthernet0/0/22 | |
# | |
interface GigabitEthernet0/0/23 | |
# | |
interface GigabitEthernet0/0/24 | |
# | |
interface NULL0 | |
# | |
user-interface con 0 | |
user-interface vty 0 4 | |
# | |
return |
[SW-Vlanif10]dhcp select ? | |
global Local server | |
interface Interface server pool | |
relay DHCP relay | |
[SW]int Vlanif 10 | |
[SW-Vlanif10]ip pool 10 | |
[SW-ip-pool-10]option | |
[SW-ip-pool-10]option ? | |
INTEGER<1-254> Option code, except values 1, 3, 6, 15, 44, 46, 50, 51, 52, | |
53, 54, 55, 57, 58, 59, 60, 61, 82, 121 and 184. | |
[SW-GigabitEthernet0/0/1]dhcp snooping ? | |
alarm Alarm | |
check Check | |
disable Disable | |
enable Enable | |
max-user-number Max user number | |
sticky-mac DHCP snooping sticky mac | |
trusted Trusted interface |
# ACL 配置
#nat 配置
// 静态nat | |
[AR1]interface GigabitEthernet 0/0/1 | |
[AR1-GigabitEthernet0/0/1] ip address 12.1.1.2 24 | |
[AR1-GigabitEthernet0/0/1] nat static global 12.1.1.2 12.1.1.10 | |
[AR1-GigabitEthernet0/0/1] nat static enable | |
// 动态nat | |
[AR1]nat address-group 1 12.1.1.2 12.1.1.10 | |
[AR1]acl 2000 | |
[AR1-acl-basic-2000]rule 10 permit source 192.168.1.0 0.0.0.255 | |
[AR1-acl-basic-2000]quit | |
[AR1]interface GigabitEthernet 0/0/1 | |
[AR1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat | |
// 端口nat | |
[AR1]nat address-group 1 12.1.1.2 12.1.1.2 | |
[AR1]acl 2000 | |
[AR1-acl-basic-2000]quit | |
[AR1]interface g0/0/1 | |
[AR1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 | |
[AR1]display nat session all | |
// easy ip | |
[AR1]interface GigabitEthernet 0/0/1 | |
[AR1-GigabitEthernet0/0/1]nat outbound 2000 | |
// nat server | |
[AR1]interface GigabitEthernet0/0/1 | |
[AR1-GigabitEthernet0/0/1]nat server protocol tcp global 12.1.1.2 80 inside 192.168.1.2 80 |
#VRRP
// 接入交换机 | |
[acsw]interface GigabitEthernet 0/0/3 | |
[acsw-GigabitEthernet0/0/3]port link-type access | |
[acsw-GigabitEthernet0/0/3]vlan 10 | |
[acsw-vlan100]int g0/0/3 | |
[acsw-GigabitEthernet0/0/3]port default vlan 10 | |
[acsw-GigabitEthernet0/0/3]quit | |
[acsw]interface GigabitEthernet 0/0/1 | |
[acsw-GigabitEthernet0/0/1]port link-type trunk | |
[acsw-GigabitEthernet0/0/1]port trunk allow-pass vlan all | |
[acsw-GigabitEthernet0/0/1]interface g0/0/2 | |
[acsw-GigabitEthernet0/0/2]port link-type trunk | |
[acsw-GigabitEthernet0/0/2]port trunk allow-pass vlan all | |
// 核心交换机1 | |
[coresw1]interface GigabitEthernet 0/0/1 | |
[coresw1-GigabitEthernet0/0/1]port link-type trunk | |
[coresw1-GigabitEthernet0/0/1]port trunk allow-pass vlan all | |
[coresw1-GigabitEthernet0/0/1]quit | |
[coresw1]interface GigabitEthernet 0/0/3 | |
[coresw1-GigabitEthernet0/0/3]port link-type trunk | |
[coresw1-GigabitEthernet0/0/3]port trunk allow-pass vlan all | |
[coresw1-GigabitEthernet0/0/3]quit | |
[coresw1]vlan 10 | |
[coresw1-vlan10]quit | |
[coresw1]vlan 100 | |
[coresw1-vlan100]quit | |
[coresw1]interface GigabitEthernet 0/0/2 | |
[coresw1-GigabitEthernet0/0/2]port link-type access | |
[coresw1-GigabitEthernet0/0/2]port default vlan 100 | |
[coresw1-GigabitEthernet0/0/2]quit | |
[coresw1]interface Vlanif 10 | |
[coresw1-Vlanif10]ip address 192.168.10.252 24 | |
[coresw1-Vlanif10]quit | |
[coresw1]interface Vlanif 100 | |
[coresw1-Vlanif100]ip address 192.168.100.1 30 | |
[coresw1-Vlanif100]quit | |
[coresw1]interface Vlanif 10 | |
[coresw1-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254 | |
[coresw1-Vlanif10]vrrp vrid 10 priority 120 | |
[coresw1-Vlanif10]vrrp vrid 10 preempt-mode timer delay 20 | |
[coresw1-Vlanif10]quit | |
[coresw1-Vlanif10]vrrp vrid 10 track interface GigabitEthernet 0/0/2 reduced 30 | |
// 核心交换机2 | |
[coresw2]interface GigabitEthernet 0/0/1 | |
[coresw2-GigabitEthernet0/0/1]port link-type trunk | |
[coresw2-GigabitEthernet0/0/1]port trunk allow-pass vlan all | |
[coresw2-GigabitEthernet0/0/1]quit | |
[coresw2]interface GigabitEthernet 0/0/3 | |
[coresw2-GigabitEthernet0/0/3]port link-type trunk | |
[coresw2-GigabitEthernet0/0/3]port trunk allow-pass vlan all | |
[coresw2-GigabitEthernet0/0/3]quit | |
[coresw2]interface GigabitEthernet 0/0/3 | |
[coresw2-GigabitEthernet0/0/3]port link-type trunk | |
[coresw2-GigabitEthernet0/0/3]port trunk allow-pass vlan all | |
[coresw2-GigabitEthernet0/0/3]quit | |
[coresw2]vlan 10 | |
[coresw2-vlan10]quit | |
[coresw2]vlan 200 | |
[coresw2-vlan200]quit | |
[coresw2]interface GigabitEthernet 0/0/2 | |
[coresw2-GigabitEthernet0/0/2]port link-type access | |
[coresw2-GigabitEthernet0/0/2]port default vlan 200 | |
[coresw2-GigabitEthernet0/0/2]quit | |
[coresw2]interface Vlanif 10 | |
[coresw2-Vlanif10]ip address 192.168.10.253 24 | |
[coresw2-Vlanif10]quit | |
[coresw2]interface Vlanif 200 | |
[coresw2-Vlanif200]ip address 192.168.200.1 30 | |
[coresw2-Vlanif200]quit | |
[coresw2]interface Vlanif 10 | |
[coresw2-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254 | |
[coresw2-Vlanif10]vrrp vrid 10 priority 110 | |
// 路由器 | |
[AR1]interface GigabitEthernet 0/0/1 | |
[AR1-GigabitEthernet0/0/1]ip addre | |
[AR1-GigabitEthernet0/0/1]ip address 192.168.100.2 30 | |
[AR1-GigabitEthernet0/0/1]quit | |
[AR1]interface GigabitEthernet 0/0/2 | |
[AR1-GigabitEthernet0/0/2]ip address 192.168.200.2 30 | |
[AR1-GigabitEthernet0/0/2]quit | |
[AR1]interface GigabitEthernet 0/0/0 | |
[AR1-GigabitEthernet0/0/0]ip address 100.1.1.2 30 | |
[AR1-GigabitEthernet0/0/0]quit |
