复旦大学校园网主干网络及配置

1、仅供个人参考复旦大学校园网主干网络不得用于商业用途Catalyst 2820图例:逸夫楼atalyst 5500TransceiverHubriRHubTransceiverICatalyst 1924CCatalyst 1924C_二12芯单模光缆,-.4芯单模光缆；4芯多模光缆双绞线Catalyst 2820综合楼Catalyst 5500Catalyst 2820HubCatalyst 1924CTransceiver文科图书馆Catalyst 55iCatalyst 2820Catalyst 1924C复旦大学校园网是一个综合高效的教学和科研的校园计算环境。它不仅是一个大型 的网络通讯

2、平台，而且是一个基于宽带网络，集成多种应用，并具有强大的资源管理和 安全防范机制的综合服务体系。其主干网络采用光纤通讯介质，以622M ATM技术为基 础，融合155M ATM和光纤快速以太网等多种通讯技术基本覆盖了整个校园。在高层网络协议方面以Intranet模型为基本架构，多数上层应用完全基于 TCP/IP协议族实现。一网络结构1 .物理层：校园网物理拓扑采用分级网络构，即将校园骨干网分为核心网和分支网两部分。 核心网络层是整个系统的中心，它提供一个高速ATM的网络通信平台以及网络核心管理服务，由三个核心节点及一 11组12芯多模光纤、一组4芯单模光纤组成环 型网络。分支网络由核心节点向外

3、辐射到各院系大楼的4芯光缆和上行的节点设备组成。院系大楼的局域网则通过上行节点设备连入校园骨干网。现有分支网节点45个。分级网络的拓扑结构如下图所示。Catalyst 1924Clyst 1924CCatalyst 2820校园网分级网络拓扑结构示意图For pers onal use only in study and research; not for commercial use2.与ATM相关层次_校园网络以622M和155M ATM为基础通讯平台，采用 LANE和MPOA技术 实现与传统以太网和 TCP/IP协议的融合，支持 UNI 3.0/3.1UNI 4.0 IISP PNNI1

4、.0 等接口协议，支持SVC、PVC和线路冗余，支持LANE 1.0和MPOA 1.0，可实现 QoS （服务质量）控制。ATM网络拓扑结构示意图如下。仅供个人参考For pers onal use only in study and research; not for commercial useerver NetDept.ATM SwitchATM SwitchLANE SwitchATM SwitchDept.Server NetJ .绞 Dept. 忌】DeptZ fLANE SwitchLECS, LES, BUSATM SwitchServer NetLANE SwitchLANE

5、 SwitchSwitch iHubDept.不得用于商业用途WS-X5530-E1WS-U5533-FEFX-MMFWS-X5304-15WS-X5161WS-X5225RWAI-OC12-1SSWAI-0C12-1MMWAI-OC3-4MMWAI-ATM25-12PWATM-CAM-2P其中，各交换机配置略有不同,校园网ATM网络物理拓扑结构示意图For pers onal use only in study and research; not for commercial use3. Ethernet 和 TCP/IP 层提供符合IEEE 802.X标准的10M、100M双绞线和光纤以太

6、网接口，并且具备 千兆以太网的升级能力，系统支持基于MAC、Port、应用等多种VLAN的划分功能, 虚网间通讯通过三层交换实现，虚网间有基于地址和应用的安全控制策略。作为支 持路径选择和广播等功能的重要设备如 MPOA（LANE） Server支持冗余，发生故障时 可实现透明替换。.网络设备1.核心交换机：校园网的核心交换机为 Cisco Catalyst 5500模块配置如下:Catalyst 5000系列的主控模块（2/3宽）双口千兆以太网模块（1/3宽）路由交换模块（占两个插槽）双多模SC 口，622M的LANE模块（全宽）24个RJ45 口 10/100M自适应的以太网模块（全宽）6

7、22M的ATM模块，单口，单模 SC接口（半宽）622M的ATM模块，单口，多模 SC接口（半宽） 155M的ATM模块，4 口，多模 SC接口（半宽） 25M的ATM 模块，12 口（半宽）LightStream 1100，ATM 控制模块（全宽）基本都具有以上模块，但只有综合楼的Catalyst5500配置有路由交换模块。各交换机内部，都有一对多模光纤将一块 WAI-0C12-1MM 与 WS-X5161相连，解决 ATM 网络与LANE SERVER之间的连 接问题；有一根双绞线将 WS-X5225R的1号端口与 WATM-CAM-2P相连，便于通 过 Tel net 方式访问 Ligh

8、tStream 1100。仅供个人参考各核心交换机的软件主要配置如下：beginset password $1$zAMC$2LOVfCNiXBGB8SirgVHeD0 set enablepass $1$6IJa$u1GuPffajYwdanxTypoeQ0 set prompt 228.2 set length 24 default set logout 0set banner motd ACAC!#systemset system baud 9600 set system modem disable set system name 5500-2 set system location Sy

9、nthetics Building set system contact Ye Jiawei !#snmpset snmp community read-only public set snmp community read-write fudan set snmp community read-write-all root set snmp rmon enable set snmp trap enable module set snmp trap enable chassis set snmp trap enable bridge set snmp trap enable repeater

10、set snmp trap enable vtp set snmp trap enable auth set snmp trap enable ippermit set snmp trap enable vmps set snmp trap disable entity set snmp trap enable config set snmp trap enable stpx set snmp trap fudan !#ipset interface sc0 1set interface sc0 up set interface sl0 set interface sl0 up set arp

11、 agingtime 1200 set ip redirect enable set ip unreachable enable set ip fragmentation enable set ip route1set ip alias default#Command alias!#vmpsset vmps server primaryset vmps server retry 3set vmps server reconfirminterval 60set vmps tftpserver vmps-config-database.1 set vmps state disable #dnsse

12、t ip dns disable !#tacacs+set tacacs attempts 3set tacacs directedrequest disableset tacacs timeout 5set authentication login tacacs disable set authentication login local enable set authentication enable tacacs disable set authentication enable local enable !#bridgeset bridge ipx snaptoether 8023ra

13、wset bridge ipx 8022toether 8023 set bridge ipx 8023rawtofddi snap !#vtpset vtp domain fdunet set vtp mode server set vtp v2 enable set vtp pruning disable set vtp pruneeligible 2-1000 clear vtp pruneeligible 1001-1005set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 2

14、 name vlan2 type ethernet mtu 1500 said 100002 state active set vlan 79 name vlan79 type ethernet mtu 1500 said 100079 state active set vlan 80 name vlan80 type ethernet mtu 1500 said 100080 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name f

15、ddinet-default type fddinet mtu 1500 said 101004 state acti set vlan 1005 name trbrf-default type trbrf mtu 4472 said 101005 state active b set vlan 1003 name trcrf-default type trcrf mtu 4472 said 101003 state active p !#spantree#uplinkfast groupsset spantree uplinkfast disable#backbonefastset span

16、tree backbonefast disableset spantree enable all#vlan 1set spantree fwddelay 15 1仅供个人参考set spantree hello 2 1 set spantree maxage 20 1 set spantree priority 32768 1 #vlan 2set spantree fwddelay 15 2set spantree hello 2 2set spantree maxage 20 2set spantree priority 32768 2 #vlan 79set spantree fwdde

17、lay 15 79 set spantree hello 2 79 set spantree maxage 20 79 set spantree priority 32768 79 #vlan 80set spantree fwddelay 15 80 set spantree hello 2 80 set spantree maxage 20 80 set spantree priority 32768 80 #vlan 1003set spantree fwddelay 41003set spantree hello 21003set spantree maxage 10 1003 set

18、 spantree priority 32768 1003 set spantree portstate 1003 auto 1005 set spantree portcost 1003 62 set spantree portpri 1003 4 set spantree portfast 1003 disable #vlan 1005set spantree fwddelay 41005set spantree hello 21005set spantree maxage 10 1005 set spantree priority 32768 1005 set spantree mult

19、icast-address 1005 ieee !#cgmpset cgmp disable set cgmp leave disable !#syslogset logging console enable set logging server disable set logging level cdp 2 default set logging level mcast 2 default set logging level dtp 5 default set logging level dvlan 2 default set logging level earl 2 default set

20、 logging level fddi 2 default set logging level ip 2 default set logging level pruning 2 default set logging level snmp 2 default set logging level spantree 2 default不得用于商业用途仅供个人参考set logging level sys 5 default set logging level tac 2 default set logging level tcp 2 default set logging level telnet

21、 2 default set logging level tftp 2 default set logging level vtp 2 default set logging level vmps 2 default set logging level kernel 2 default set logging level filesys 2 default set logging level drip 2 default set logging level pagp 5 default set logging level mgmt 5 default set logging level mls

22、 5 default set logging level protfilt 2 default set logging level security 2 default #ntpset ntp broadcastclient disable set ntp broadcastdelay 3000 set ntp client disable clear timezone set summertime disable !#set boot commandset boot config-register 0x102set boot system flash bootflash:cat5000-su

23、p3.4-2-1.bin !#permit listset ip permit disable !#dripset tokenring reduction enable set tokenring distrib-crf disable !#igmpset igmp disable !#protocolfilterset protocolfilter disable !#mlsset mls enableset mls flow destinationset mls agingtime 256set mls agingtime fast 0 0 set mls nde disable#modu

24、le 1 : 2-port 1000BaseSX Supervisorset module name 1set vlan 1 1/1-21/1-21/1-2 normal1/1-2 fullset port enable set port level set port duplex 不得用于商业用途set port trap1/1-2 enableset port name1/1-2set port security 1/1-2 disable set port broadcast 1/1-2 100% set port membership 1/1-2 static set port pro

25、tocol 1/1-2 ip on set port protocol 1/1-2 ipx autoset port negotiation 1/1-2 enableset port flowcontrol send1/1-2 desiredset port flowcontrol receive 1/1-2 off set cdp enable 1/1-2set cdp interval 1/1-2 60 set trunk 1/1 auto negotiate 1-1005 set trunk 1/2 auto negotiate 1-1005 set spantree portfast

26、1/1-2 disable set spantree portcost 1/1-2 4 set spantree portpri 1/1-2 32 set spantree portvlanpri 1/1 0 set spantree portvlanpri 1/2 0 set spantree portvlancost 1/1 cost 3 set spantree portvlancost 1/2 cost 3 #module 2 : 12-port 100BaseFX MM Ethernet set module name 2 set module enable 2 set vlan 1

27、6 2/1 set vlan 29 2/2 set vlan 53 2/3 set vlan 55 2/4 set vlan 57 2/5 set vlan 59 2/6 set vlan 60 2/7 set vlan 62 2/8 set vlan 64 2/9 set vlan 68 2/10 set vlan 70 2/11 set vlan 73 2/12 set port channel 2/1-4 off set port channel 2/5-8 off set port channel 2/9-12 off set port channel 2/1-4 auto set p

28、ort channel 2/5-8 auto set port channel 2/9-12 autoset port enable2/1-12set port level2/1-12normalset port duplex2/1-12halfset port trap2/1-12enableset port name2/1-12set port security2/1-12disableset port broadcast2/1-12100%set port membership 2/1-12 static set port protocol 2/1-12 ip on set port p

29、rotocol 2/1-12 ipx auto 不得用于商业用途仅供个人参考set port negotiation 2/1-12 enable set port flowcontrol send2/1-12 offset port flowcontrol receive 2/1-12 on set cdp enable 2/1-12set cdp interval 2/1-12 60set trunk 2/1 off isl 1-1005 set trunk 2/2 off negotiate 1-1005set trunk 2/12 off negotiate 1-1005 set spa

30、ntree portfast 2/1-12 disable set spantree portcost 2/1-12 19 set spantree portpri 2/1-12 32 set spantree portvlanpri 2/1 0 set spantree portvlanpri 2/2 0set spantree portvlanpri 2/12 0set spantree portvlancost 2/1 cost 18set spantree portvlancost 2/2 cost 18set spantree portvlancost 2/12 cost 18 !#

31、module 3 : 24-port 10/100BaseTX Ethernet set module name 3set module enable 3set vlan 1set vlan 2set vlan 3set vlan 4set vlan 7set vlan 8set vlan 9set vlan 103/1,3/223/2-4,3/6-13,3/18-193/203/16-173/213/153/23-243/14set port channel 3/1-4 off set port channel 3/5-8 off set port channel 3/9-12 off se

32、t port channel 3/13-16 off set port channel 3/17-20 off set port channel 3/21-24 off set port channel 3/1-4 auto set port channel 3/5-8 auto set port channel 3/9-12 auto set port channel 3/13-16 auto set port channel 3/17-20 auto set port channel 3/21-24 autoset port enable3/1-24set port level3/1-24

33、normalset port speed3/1-24autoset port trap3/1-24enableset port name3/1-24set port security3/1-24disableset port broadcast3/1-24100%set port membership 3/1-24 static不得用于商业用途仅供个人参考set port protocol 3/1-24 ip on set port protocol 3/1-24 ipx auto set port negotiation 3/1-24 enable set port flowcontrol

34、send 3/1-24 off set port flowcontrol receive 3/1-24 on set cdp enable 3/1-24set cdp interval 3/1-24 60set trunk 3/1 auto negotiate 1-1005 set trunk 3/2 auto negotiate 1-1005 set trunk 3/15 auto negotiate 1-1005 set trunk 3/16 off negotiate 1-1005 set trunk 3/17 auto negotiate 1-1005 set trunk 3/21 a

35、uto negotiate 1-1005set trunk 3/22 on isl 1-1005 set trunk 3/23 off negotiate 1-1005 set trunk 3/24 auto negotiate 1-1005set spantree portfast set spantree portcost set spantree portcost set spantree portpri3/1-24 disable3/2,3/7-9,3/15,3/21 191003/1,3/3-6,3/10-14,3/16-20,3/22-243/1-24 32set spantree

36、 portvlanpri 3/1 0 set spantree portvlanpri 3/2 0 set spantree portvlanpri 3/23 0set spantree portvlanpri 3/24 0set spantree portvlancost 3/1 cost 99set spantree portvlancost 3/2 cost 18set spantree portvlancost 3/3 cost 99 set spantree portvlancost 3/6 cost 99set spantree portvlancost 3/7 cost 18se

37、t spantree portvlancost 3/8 cost 18set spantree portvlancost 3/9 cost 18set spantree portvlancost 3/10 cost 99 set spantree portvlancost 3/14 cost 99set spantree portvlancost 3/15 cost 18set spantree portvlancost 3/16 cost 99 set spantree portvlancost 3/20 cost 99set spantree portvlancost 3/21 cost

38、18set spantree portvlancost 3/22 cost 99set spantree portvlancost 3/23 cost 99set spantree portvlancost 3/24 cost 99 !#module 4 empty!#module 5 : 1-port Route Switchset module name 5set port level 5/1 normal 不得用于商业用途仅供个人参考set port trap set port name5/1 enable5/1不得用于商业用途set cdp enable 5/1set cdp inte

39、rval 5/1 60 set trunk 5/1 on isl 1-1005 set spantree portcost 5/1 5 set spantree portpri 5/1 32 set spantree portvlanpri 5/1 0 set spantree portvlancost 5/1 cost 4 !#module 6 empty!#module 7 empty !#module 8 : 2-port OC12 Dual PHY MMF set module name 8 set port level8/1 normalset port name8/1-2set c

40、dp enable 8/1 set cdp interval 8/1 60 set trunk 8/1 on LANE 1-1005 set spantree portcost 8/1 6 set spantree portpri 8/1 32 set spantree portvlanpri 8/1 0 set spantree portvlancost 8/1 cost 5 !#module 9 empty!#module 10 empty !#module 11 empty !#module 12 empty !#module 13 empty !#switch port analyze

41、rset span 2 3/5 both inpkts enable!set span enable !#camset cam agingtime 1-80,1003,1005 300 endLANE 模块：Using 20151 out of 523258 bytesversion 11.3no service password-encryption !hostname ATMvtp enable!LANE database fdunetname vlan2 server-atm-addressname vlan2 server-atm-addressname vlan3 server-at

42、m-addressname vlan3 server-atm-address name vlan79 server-atm-addressname vlan79 server-atm-addressname vlan80 server-atm-addressname vlan80 server-atm-addressname default server-atm-addressname default server-atm-address!interface ATM0atm preferred phy Aatm pvc 1 0 5 qsaalatm pvc 2 0 16 ilmiLANE co

43、nfig auto-config-atm-addressLANE config database fdunetLANE server-bus ethernet defaultLANE client ethernet 1 default!interface ATM0.2 multipointLANE server-bus ethernet vlan2LANE client ethernet 2 vlan2!interface ATM0.3 multipointLANE server-bus ethernet vlan3 LANE client ethernet 3 vlan3interface

44、ATM0.78 multipointLANE server-bus ethernet vlan78LANE client ethernet 78 vlan78 !interface ATM0.79 multipointLANE server-bus ethernet vlan79 !interface ATM0.80 multipointLANE server-bus ethernet vlan80 !line con 0line vty 0 4no login !endonUsing 1835 out of 126968 bytesversion 11.2no service padno s

45、ervice password-e ncrypti onno service udp-small-serversno service tcp-small-servers!host name atm-228.5!en able secret 5 $1$kA9e$s6KpEBSZIaFf9lgSEukfa. !atm lecs-address-default 1atm lecs-address-default 2atm addressatm router pnninode 1 level 56 lowest redistribute atm-staticin terface ATM9/0/0!in

46、 terface ATM9/0/1atm maxvp-nu mber 0atm maxvc -nu mber 1024 !in terface ATM9/0/2!in terface ATM9/0/3!in terface ATM9/1/0!in terface ATM9/1/1atm maxvp-nu mber 0atm maxvc -nu mber 1024 !in terface ATM9/1/2!in terface ATM9/1/3atm maxvp-nu mber 0atm maxvc -nu mber 1024 !in terface ATM10/0/0此插槽上为一块12-96p

47、in的25M ATM 模块 所以有12个in terface!in terface ATM10/0/1 in terface ATM10/1/11!in terface ATM11/0/0atm maxvp-nu mber 4atm maxvc -nu mber 4096interface ATM11/1/0!interface ATM11/1/1!interface ATM11/1/2!interface ATM11/1/3!interface ATM12/0/0!interface ATM12/1/0!interface ATM13/0/0ip address!no ip classles

48、ssnmp-server community public RO snmp-server community fudan RW snmp-server trap-authentication snmp-server system-shutdown snmp-server enable traps config snmp-server enable traps chassis-fail snmp-server enable traps chassis-change snmp-server enable traps atm-accounting snmp-server host fudan!lin

49、e con 0line aux 0line vty 0 4no login!end beginset password $1$astB$sKT.tdR1GCM5a4wryf0Q/. set enablepass $1$wJ/B$yhPcHHLBiv167f48DlIZP/ set prompt 228.3set length 24 defaultset logout 0set banner motd ACAC!#systemset system baud 9600set system modem disableset system name 5500-3set system location

50、Synthetics Buildingset system contact Ye Jiawei!& （与#ipset interface sc0 1set interface sc0 upset interface sl0set interface sl0 upset arp agingtime 1200set ip redirect enableset ip unreachable enableset ip fragmentation enableset ip route1set ip alias default !#Command alias !#vmpsset vmps server r

51、etry 3set vmps server reconfirminterval 60set vmps tftpserver vmps-config-database.1 set vmps state disable!* （内容与，不再详细列出）LANE 模块：Using 201 out of 523258 bytes !version 11.3no service password-encryption !hostname ATM vtp enable!interface ATM0atm preferred phy Aatm pvc 1 0 5 qsaalatm pvc 2 0 16 ilmi

52、!line con 0line vty 0 4no login!endonUsing 2001 out of 126968 bytes !version 11.2no service padno service password-encryption no service udp-small-servers no service tcp-small-servershostname atm-228.6!enable secret 5 $1$Yxs5$LN2rdlfchbsgyiHarp9lu0 !atm lecs-address-default 1atm lecs-address-default

53、 2atm addressatm router pnni node 1 level 56 lowest redistribute atm-static interface ATM9/0/0atm maxvp-number 0 atm maxvc-number 1024 !interface ATM9/0/1atm maxvp-number 0atm maxvc-number 1024 !interface ATM9/0/2atm maxvp-number 0atm maxvc-number 1024 !interface ATM9/0/3atm maxvp-number 0atm maxvc-

54、number 1024 !interface ATM9/1/0atm maxvp-number 0atm maxvc-number 1024 !interface ATM9/1/1atm maxvp-number 0atm maxvc-number 1024 !interface ATM9/1/2atm maxvp-number 0atm maxvc-number 1024 !interface ATM9/1/3atm maxvp-number 0atm maxvc-number 1024*与，不再重复）interface ATM13/0/0 no ip address atm maxvp-n

55、umber 0interface Ethernet13/0/0ip address!no ip classlesssnmp-server community public RO snmp-server community fudan RW snmp-server trap-authentication snmp-server system-shutdown snmp-server enable traps config snmp-server enable traps chassis-fail snmp-server enable traps chassis-change snmp-server enable traps atm-accounting snmp-server host fudan snmp-server host fudan!line con 0line aux 0 line vty 0 4 no login!endbeginset password $1$SIMh$mFRNKeFxt9A5r2D/gbKa2. set enablepass $1$Ja8O$FO6QCvSoyaFLdc1t4jtr7/ set prompt 228.4set length 24 defaultset logout 0set banner