华为交换机网络规划-案例.doc

。某企业网络规划目录一、网络VLAN地址规划3二、网络设备IP地址规划3三、网络拓扑如下4四、核心交换机接口配置5五、网管平台配置6六、网络设备参数设置7（1）外网核心交换机配置7（2）防火墙配置16（3）AC6605-无线控制器配置24（4）接入交换机配置38一、 网络VLAN地址规划VLAN号说明IP地址段网关10互联网有线用户段/245420监控网络段/235430无线用户段/245440无线AP地址段/245450保留/245460与防火墙互联网段/24541000设备管理段/2454二、 网络设备IP地址规划设备名称设备型号设备地址登录密码防火墙USG2250192.168.60.PASS:admin123核心交换机-WWS770654admin123核心交换机-JKS770653admin123无线控制器AC660500Admin123接入交换机01S5700-28P-PWR-LI-AC1admin123接入交换机02S5700-28P-PWR-LI-AC2admin123接入交换机03S5700-28P-PWR-LI-AC3admin123接入交换机04S5700-28P-PWR-LI-AC4admin123接入交换机05S5700-28P-LI-AC5admin123接入交换机06S5700-28P-LI-AC6admin123接入交换机07S5700-28P-LI-AC7admin123接入交换机08S5700-28P-LI-AC8admin123接入交换机09S5700-28P-LI-AC9admin123接入交换机10S5700-28P-LI-AC0admin123admin123三、 网络拓扑如下图例1：互联网网络拓扑图例2：监控网络拓扑四、 核心交换机接口配置互联网核心交换机02460246810121416182022接防火墙VLAN10VLAN10TRUNKXXXXTRUNKTRUNKTRUNKTRUNKTRUNKTRUNKTRUNKTRUNK13571357911131517192123接ACVLAN10VLAN10TRUNKXXXXTRUNKTRUNKTRUNKTRUNKTRUNKTRUNKTRUNKTRUNK说明:VLAN10-接PC机上网。 TRUNK-接接入交换机。X-光电复用接口。监控交换机02460246810121416182022VLAN20VLAN20VLAN10TRUNKXXXXTRUNKTRUNKTRUNKTRUNKTRUNKTRUNKTRUNKTRUNK13571357911131517192123VLAN20VLAN20VLAN20TRUNKXXXXTRUNKTRUNKTRUNKTRUNKTRUNKTRUNKTRUNKTRUNK说明：VLAN20-接监控PC或终端。TRUNK-接接入交换机。五、 网管平台配置IP地址型号密码网管平台密码53HP DL360eGen8Administratoradmin/1234拓扑管理:六、 网络设备参数设置（1） 外网核心交换机配置display current-configuration!Software Version V200R003C00SPC500#sysname TYG-WW-Core#dns server #vlan batch 10 20 30 40 50 60 1000#observe-port 1 interface GigabitEthernet3/0/4#lldp enable#undo nap slave enable# dba-profile default0 type3 assure 40000 max 80000#dhcp enable#dhcp snooping enable#diffserv domain default# line-profile default0# service-profile default0 #vlan 10 description NW-netvlan 20 description jiankong-netvlan 30 description NW-AP-clientvlan 40 description NW-APvlan 50 description to_tplinkvlan 60 description to_FWvlan 1000 description management#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %5d9:MipCfLiB)EQd3Uwe% local-user admin service-type http #interface Vlanif10 description NW-net ip address 54 dhcp select interface dhcp server excluded-ip-address 53 dhcp server dns-list #interface Vlanif20 description jiankong-net ip address 54 #interface Vlanif30 description NW-AP-client ip address 54 dhcp select interface dhcp server lease day 0 hour 6 minute 0 dhcp server dns-list #interface Vlanif40 description NW-AP ip address 54 #interface Vlanif50 description to_tplink#interface Vlanif60 description to_FW ip address 54 #interface Vlanif1000 description management ip address 54 #interface Ethernet0/0/0#interface GigabitEthernet3/0/0 description to_FW port link-type access port default vlan 60#interface GigabitEthernet3/0/1 description to_AC6605 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet3/0/2 port link-type access port default vlan 10#interface GigabitEthernet3/0/3 port link-type access port default vlan 10 dhcp snooping enable#interface GigabitEthernet3/0/4 port link-type access port default vlan 10 dhcp snooping enable#interface GigabitEthernet3/0/5 port link-type access port default vlan 10#interface GigabitEthernet3/0/6 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet3/0/7 port link-type trunk port trunk allow-pass vlan 2 to 4094# interface GigabitEthernet3/0/8 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet3/0/9 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet3/0/10 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet3/0/11 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet3/0/12 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet3/0/13 port link-type trunk port trunk allow-pass vlan 2 to 4094# interface GigabitEthernet3/0/14 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet3/0/15 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet3/0/16 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet3/0/17 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet3/0/18 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet3/0/19 port link-type trunk port trunk allow-pass vlan 2 to 4094# interface GigabitEthernet3/0/20 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet3/0/21 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet3/0/22 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet3/0/23 port link-type trunk port trunk allow-pass vlan 2 to 4094#interface NULL0#ip route-static #snmp-agentsnmp-agent local-engineid 800007DB03D46AA880E600snmp-agent community read cipher %$%$T&Legw4c8h-Y.|!8;Xrp(TP(+e#2C$/)e4,8B:+&Xrs;5+o-feDqC$8Z4A6t$TNr|;X%$%$ mib-view iso-viewsnmp-agent community write cipher %$%$fgbYXV!,O/)x*mGHz$;Ko-Z6l-UA_Ul*gV(moKGKo0;!gLuG:sugKBtx(yroQo9;K%$%$ mib-view iso-viewsnmp-agent sys-info version allsnmp-agent target-host trap address udp-domain 53 params securityname cipher %mmV:Q:v8ciq0YC/U0;Kp8% v2csnmp-agent mib-view included iso-view isosnmp-agent trap source Vlanif1000#user-interface con 0 authentication-mode password set authentication password cipher %WJp(2C;L;B_lSU41o+,#DE,vU6%)EXj&XIOM%GJ#DH,%user-interface vty 0 4 authentication-mode password user privilege level 15 set authentication password cipher %dze*2MdUX+WX9.,M=Xa7Iy6U/-PTJ7XhTO7Xa:=%user-interface vty 16 20#port-group 1 group-member GigabitEthernet3/0/0 group-member GigabitEthernet3/0/1 group-member GigabitEthernet3/0/2 group-member GigabitEthernet3/0/3 group-member GigabitEthernet3/0/4 group-member GigabitEthernet3/0/5 group-member GigabitEthernet3/0/6 group-member GigabitEthernet3/0/7 group-member GigabitEthernet3/0/8 group-member GigabitEthernet3/0/9 group-member GigabitEthernet3/0/10 group-member GigabitEthernet3/0/11 group-member GigabitEthernet3/0/12 group-member GigabitEthernet3/0/13 group-member GigabitEthernet3/0/14 group-member GigabitEthernet3/0/15 group-member GigabitEthernet3/0/16 group-member GigabitEthernet3/0/17 group-member GigabitEthernet3/0/18 group-member GigabitEthernet3/0/19 group-member GigabitEthernet3/0/20 group-member GigabitEthernet3/0/21 group-member GigabitEthernet3/0/22 group-member GigabitEthernet3/0/23#return dis int briPHY: Physical*down: administratively downdown: standby(l): loopback(s): spoofing(E): E-Trunk down(b): BFD down(e): ETHOAM down(dl): DLDP down(d): Dampening SuppressedInUti/OutUti: input utility/output utilityInterface PHY Protocol InUti OutUti inErrors outErrorsGigabitEthernet3/0/0 up up 1.42% 0.50% 0 0GigabitEthernet3/0/1 up up 0.04% 0.44% 0 0GigabitEthernet3/0/2 up up 2.31% 1.82% 0 0GigabitEthernet3/0/3 up up 0% 0% 0 0GigabitEthernet3/0/4 down down 0% 0% 0 0GigabitEthernet3/0/5 down down 0% 0% 0 0GigabitEthernet3/0/6 down down 0% 0% 0 0GigabitEthernet3/0/7 down down 0% 0% 0 0GigabitEthernet3/0/8 down down 0% 0% 0 0GigabitEthernet3/0/9 down down 0% 0% 0 0GigabitEthernet3/0/10 down down 0% 0% 0 0GigabitEthernet3/0/11 down down 0% 0% 0 0GigabitEthernet3/0/12 down down 0% 0% 0 0GigabitEthernet3/0/13 down down 0% 0% 0 0GigabitEthernet3/0/14 up up 0.01% 0.12% 0 0GigabitEthernet3/0/15 down down 0% 0% 0 0GigabitEthernet3/0/16 up up 0% 0% 0 0GigabitEthernet3/0/17 down down 0% 0% 0 0GigabitEthernet3/0/18 up up 0% 0% 0 0GigabitEthernet3/0/19 down down 0% 0% 0 0GigabitEthernet3/0/20 up up 0.23% 0.68% 0 0GigabitEthernet3/0/21 down down 0% 0% 0 0GigabitEthernet3/0/22 up up 0% 0% 0 0GigabitEthernet3/0/23 down down 0% 0% 0 0NULL0 up up(s) 0% 0% 0 0Vlanif10 up up - - 0 0Vlanif20 up up - - 0 0Vlanif30 up up - - 0 0Vlanif40 up up - - 0 0Vlanif50 up down - - 0 0Vlanif60 up up - - 0 0Vlanif1000 up up - - 0 0 dis ip int b*down: administratively down!down: FIB overload downdown: standby(l): loopback(s): spoofing(d): Dampening Suppressed(E): E-Trunk downThe number of interface that is UP in Physical is 8The number of interface that is DOWN in Physical is 1The number of interface that is UP in Protocol is 7The number of interface that is DOWN in Protocol is 2Interface IP Address/Mask Physical Protocol Ethernet0/0/0 unassigned down down NULL0 unassigned up up(s) Vlanif10 54/24 up up Vlanif20 54/24 up up Vlanif30 54/23 up up Vlanif40 54/24 up up Vlanif50 unassigned up down Vlanif60 54/24 up up Vlanif1000 54/24 up up dis ip rouRoute Flags: R - relay, D - download to fib-Routing Tables: Public Destinations : 15 Routes : 15 Destination/Mask Proto Pre Cost Flags NextHop Interface /0 Static 60 0 RD Vlanif60 /24 Direct 0 0 D 54 Vlanif1000 54/32 Direct 0 0 D Vlanif1000 /8 Direct 0 0 D InLoopBack0 /32 Direct 0 0 D InLoopBack0 /24 Direct 0 0 D 54 Vlanif10 54/32 Direct 0 0 D Vlanif10 /24 Direct 0 0 D 54 Vlanif20 54/32 Direct 0 0 D Vlanif20 /23 Direct 0 0 D 54 Vlanif30 54/32 Direct 0 0 D Vlanif30 /24 Direct 0 0 D 54 Vlanif40 54/32 Direct 0 0 D Vlanif40 /24 Direct 0 0 D 54 Vlanif60 54/32 Direct 0 0 D Vlanif60dis versHuawei Versatile Routing Platform SoftwareVRP (R) software, Version 5.130 (S7700 V200R003C00SPC500)Copyright (C) 2000-2013 HUAWEI TECH CO., LTDQuidway S7706 Terabit Routing Switch uptime is 0 week, 2 days, 4 hours, 5 minutesBKP 0 version information:1. PCB Version : LE02BAKI VER.A2. Support PoE : No3. Board Type : ES0B007706004. MPU Slot Quantity : 25. LPU Slot Quantity : 6MPU 7(Master) : uptime is 0 week, 2 days, 4 hours, 4 minutesSDRAM Memory Size : 1024 M bytesFlash Memory Size : 64 M bytesNVRAM Memory Size : 512 K bytesCF Card1 Memory Size : 488 M bytesMPU version information : 1. PCB Version : LE02SRUA VER.D2. MAB Version : 83. Board Type : ES0D00SRUA004. CPLD0 Version : 1015. BootROM Version : 1716. BootLoad Version : 0203.007aLPU 3 : uptime is 0 week, 2 days, 4 hours, 4 minutesSDRAM Memory Size : 256 M bytesFlash Memory Size : 16 M bytesLPU version information : 1. PCB Version : LE02G24C VER.D2. MAB Version : 03. Board Type : ES0D0G24CA004. CPLD0 Version : 1035. BootROM Version : 1716. BootLoad Version : 0203.00a1CMU 9(Master) : uptime is 0 week, 2 days, 4 hours, 4 minutesCMU version information : 1. PCB Version : LE02CMUA VER.B2. MAB Version : 03. Board Type : LE0DCMUA0000（2） 防火墙配置display current-configuration15:08:49 2014/08/14#sysname USG2250# l2tp enablel2tp domain suffix-separator #firewall packet-filter default permit interzone local trust direction inboundfirewall packet-filter default permit interzone local trust direction outboundfirewall packet-filter default permit interzone local untrust direction outboundfirewall packet-filter default permit interzone local dmz direction outboundfirewall packet-filter default permit interzone trust untrust direction outbound#ip df-unreachables enable#firewall ipv6 session link-state checkfirewall ipv6 statistic system enable#dns resolvedns server unnumbered interface Dialer0#firewall defend udp-short-header enablefirewall defend http-flood enablefirewall defend port-scan enablefirewall defend ip-sweep enable firewall defend teardrop enablefirewall defend ip-fragment enablefirewall defend tcp-flag enablefirewall defend winnuke enablefirewall defend fraggle enablefirewall defend ping-of-death enablefirewall defend icmp-flood enablefirewall defend udp-flood enablefirewall defend syn-flood enablefirewall defend smurf enablefirewall defend land enablefirewall defend ip-spoofing enablefirewall defend arp-flood enablefirewall defend arp-spoofing enablefirewall defend udp-flood base-session max-rate 1000firewall defend icmp-flood base-session max-rate 255#firewall statistic system enable#pki certificate access-control-policy default permit#dns proxy enable# ddns client enable#license-server domain # lldp enable#web-manager enableweb-manager security enable port 8443undo web-manager config-guide enable#user-manage web-authentication security port 8888#interface Dialer0 link-protocol ppp ppp chap user 0251 ppp chap password cipher %$%$om.kH.-J&:zO-ibUR14+%$%