实验AR1200+S5700+S3700网络组网

admin

AR1200+S5700+S3700访问外网的例子,其实也是我们公司实际的网络拓扑网,只是公司的还没有进行配置,AR2220做为路由访问外网,一台S5700是核心交换机,两台S3700做为接入层交换机使用,为每台S3700划分一个vlan,在本例中,一个是vlan 2,一个是vlan 4,只要这两个会了,再增加交换机也就没有问题了,希望对初学者有些帮助.网络拓扑图如下:
& ~$ ^4 \% M) R2 X; t3 v3 [

---

- z! ~7 L) u, c3 M

画图水平不行, 凑活着看就行,下面配置主路由器AR1200,'号后面是备注信息,配置如下:

---

[Huawei]acl number 2000               
# J  @% ?5 B3 ~2 z: _[Huawei-acl-basic-2000]rule 5 permit source 192.168.0.0 0.0.255.255   '做个acl,可以根据自己需要配置IP,
. D' U4 Y6 ~* M[Huawei-acl-basic-2000]q
[Huawei]vlan 100
( L3 k  i) \  ~% t  ?9 C3 d' G4 Y[Huawei-vlan100]q
2 f2 X$ w& K/ q4 L0 d1 X[Huawei]interface giga 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.1.3 24  '配置外网IP地址,也就是联通呀,移动等运营商提供给你的IP址,24是掩码         
[Huawei-GigabitEthernet0/0/0]q
[Huawei]interface giga 0/0/1
3 f  @" a) G5 c! }[Huawei-GigabitEthernet0/0/1]ip address 1.1.1.1 24   
  p  I$ F' m3 H  g7 x[Huawei-GigabitEthernet0/0/1]q
[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1       '静态路由,使内网的所有外部访问都指向外网网关,网关是运营商提供的.
0 m- f2 e- h. Y9 ?+ v  d. ~[Huawei]ip route-static 192.168.2.0 255.255.255.0 1.1.1.3  '静态路由,所有访问192.168.2.X的请求指向1.1.1.3
9 I8 Q# q% O: _& }* ~[Huawei]ip route-static 192.168.4.0 255.255.255.0 1.1.1.4  '静态路由,所有访问192.168.4.X的请求指向1.1.1.4
0 @! h% {* W' U- g. p: G9 I( L. ?* o[Huawei]                                                                        '可以根据需要自己再增加
<Huawei>
& e5 z9 {$ u$ t3 O2 y2 f: e! F2 E刚开始搞不明白为什么路由器上的接口可以设置IP地址,交换机上的就不行,输入命令时经常搞错,所以遇到路由器就在接口上设置IP,交换机就在Vlanif接口上设置IP就行,也不知我的想法对不.

/ M4 g2 i) l6 r  N

接下来配置S5700核心交换机,配置如下:

---

[Huawei]undo info-center enable
0 v4 q; F, m" E) h6 DInfo: Information center is disabled.
[Huawei]vlan 100
[Huawei-vlan100]q
! I0 V" R& s0 Y3 q[Huawei]interface vlanif 100
( \2 w$ n& e: l; _[Huawei-Vlanif100]ip address 1.1.1.2 24
[Huawei-Vlanif100]q
0 v! T/ }! l8 O, r/ U$ U, Q7 \8 ^) ^[Huawei]interface giga 0/0/22
) Q/ _& `' o7 P$ f4 h  t- d[Huawei-GigabitEthernet0/0/22]port link-type trunk                      '交换机和交换机之间连接用trunk接口

[Huawei-GigabitEthernet0/0/22]port trunk allow-pass vlan 100 2     '允许通过vlan100和vlan2
" B9 H5 |! K& Z5 G& L: A8 a[Huawei-GigabitEthernet0/0/22]q
" w: y- L7 p# e/ R% b[Huawei]ip route-static 0.0.0.0 0.0.0.0 1.1.1.1
[Huawei]interface giga 0/0/24

[Huawei-GigabitEthernet0/0/24]port link-type access
[Huawei-GigabitEthernet0/0/24]port default vlan 100
& Q6 z0 x# |1 \, V- [[Huawei-GigabitEthernet0/0/24]q
  P+ @+ Z- |8 g" Q& R( f7 |& I[Huawei]interface giga 0/0/23
[Huawei-GigabitEthernet0/0/23]port link-type trunk                     '同上面22接口
[Huawei-GigabitEthernet0/0/23]port trunk allow-pass vlan 100 4    '允许通过vlan100和vlan4
9 Q5 c' Y3 z: E8 {) u( p9 a% g[Huawei-GigabitEthernet0/0/23]q

- H. b# l( @1 z4 @4 E
+ {/ D% o" k, V+ ^, u. E
3 M6 @$ d2 {4 h( L0 j下面配置S3700交换机,属于vlan2

---

[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]vlan 100
[Huawei-vlan100]q
[Huawei]interface eth 0/0/22
( U# y& J/ y8 P4 \3 N# _[Huawei-Ethernet0/0/22]ip address 1.1.1.3 24  '在这个地方出错了,不允许在接口上设置IP
                          ^
Error: Unrecognized command found at '^' position.
' b# ~3 T0 M3 k0 k& ^+ B[Huawei-Ethernet0/0/22]port link-type trunk
[Huawei-Ethernet0/0/22]port trunk allow-pass vlan 100 2
[Huawei-Ethernet0/0/22]q
[Huawei]interface vlanif 100
* m' d" U' V0 v4 N8 S% O[Huawei-Vlanif100]ip address 1.1.1.3 24
[Huawei-Vlanif100]q
[Huawei]vlan 2
7 D  q% ]" R4 o[Huawei-vlan2]q
[Huawei]interface vlanif 2
" M+ j: V9 ?" D[Huawei-Vlanif2]ip address 192.168.2.1 24
[Huawei-Vlanif2]q
[Huawei]ip route-static 0.0.0.0 0.0.0.0 1.1.1.1
[Huawei]interface eth 0/0/1
[Huawei-Ethernet0/0/1]port hybrid untagged vlan 2
" E- c- y- a2 q0 S

[Huawei-Ethernet0/0/1]port hybrid pvid vlan 2
" ?$ u  r/ b$ t; W' [

[Huawei-Ethernet0/0/1]port hybrid untagged vlan 100 2
) a3 v/ p, ?7 s+ b3 ^- w& Q[Huawei-Ethernet0/0/1]dis this         ' 查看一下接口信息
0 m1 o" G2 G( K$ f# j. S- `#
2 g- t4 D5 n2 j+ ]: t. Qinterface Ethernet0/0/1
" q! K2 U% T; S% A' N, h; s port hybrid pvid vlan 2
0 j; n% I. }2 f9 t( s port hybrid untagged vlan 2 100
7 x% g+ C8 g* l) ~5 U#
return
7 q3 G9 e* U4 H# @' u

下面配置S3700-2交换机,属于vlan4

---

[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]vlan 100
  _- @5 b* j( S( M9 e" L[Huawei-vlan100]q
8 J: O2 R/ O- a2 q1 ^- S; T, }[Huawei]interface vlanif 100
5 }% ^% O+ t9 a* I6 s[Huawei-Vlanif100]ip address 1.1.1.4 24
6 |! @* L+ P" e4 w3 D2 x[Huawei-Vlanif100]q
[Huawei]interface eth 0/0/22
[Huawei-Ethernet0/0/22]port link-type trunk
[Huawei-Ethernet0/0/22]port trunk allow-pass vlan 100 4
[Huawei-Ethernet0/0/22]dis this
9 S# B, d, p- q2 q8 w! Y#
6 g9 M5 M, e, Y: G* Rinterface Ethernet0/0/22
port link-type trunk
port trunk allow-pass vlan 4 100
#
return
[Huawei-Ethernet0/0/22]q
[Huawei]vlan 4
8 B& T, U7 `* i4 D6 Z/ r1 ][Huawei-vlan4]q

[Huawei]interface vlanif 4
! [# c) i  w4 ^( u( y- U[Huawei-Vlanif4]ip address 192.168.4.1 24
[Huawei-Vlanif4]q
3 W3 D5 _! K$ @6 J/ y, n[Huawei]ip route-static 0.0.0.0 0.0.0.0 1.1.1.1
[Huawei]ping 192.168.4.1
  PING 192.168.4.1: 56  data bytes, press CTRL_C to break
: c' e2 R# t) Q7 u/ [    Reply from 192.168.4.1: bytes=56 Sequence=1 ttl=255 time=20 ms
    Reply from 192.168.4.1: bytes=56 Sequence=2 ttl=255 time=10 ms
9 G; w3 ^2 a. z1 {6 Z; s% k    Reply from 192.168.4.1: bytes=56 Sequence=3 ttl=255 time=1 ms
    Reply from 192.168.4.1: bytes=56 Sequence=4 ttl=255 time=30 ms
    Reply from 192.168.4.1: bytes=56 Sequence=5 ttl=255 time=1 ms
  --- 192.168.4.1 ping statistics ---
& Y/ f4 d1 o- s& n) L    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 1/12/30 ms
3 ]& B; Q1 i, \- T[Huawei]interface eth 0/0/1
% \$ l4 {, x% v

[Huawei-Ethernet0/0/1]port hybrid untagged vlan 100 4
[Huawei-Ethernet0/0/1]port hybrid pvid vlan 4

[Huawei-Ethernet0/0/1]q
  X  ]: v/ J. n) O, k
5 O3 d# L" v7 z( P9 q/ O2 S

---

好了,交换机和路由器的设置就完成了,把两个PC客户端配置好IP地址就可以试试效果了,但由于是模拟器的原因,在长间没有使用时,有时候会有ping不通的情况,在我这里两个都能ping通外网,vlan2和vlan4之间也能互通.在真实的设备上我们可以启用web界面和telnet,然后通过1.1.1.1,1.1.1.2,1.1.1.3这些地址来访问和管理路由器和交换机了,端口隔离,mac黑洞之类的配置可以在web界面上操作,谁让咱会的太少了.下面是前两个例子的地址,从简到稍难

8 I9 B4 v% E' c

admin

首先配置AR2220,设置GE0接口IP为固定外网地址,设置GE1接口IP为1.1.1.1,然后做两条静态路由,创建vlan 100,红色文本是需要特别多看几眼的,代码如下:

---

[Huawei]vlan 100

[Huawei-vlan100]q

3 }: ]6 J) u" j2 E. z

[Huawei]acl number 2000

[Huawei-acl-basic-2000]rule 5 permit source 192.168.0.0 0.0.255.255

& [+ k/ G6 b1 X! W; B

[Huawei-acl-basic-2000]q

& U" I+ |* F, z

[Huawei]interface giga 0/0/0

[Huawei-GigabitEthernet0/0/0]ip address 192.168.1.3 255.255.255.0

3 |% v; [1 @9 i) n. ^

[Huawei-GigabitEthernet0/0/0]

7 t, Q" e& C( ]

Mar 13 2014 07:34:12-05:13 Huawei %IFNET/4/LINK_STATE(l)[1]:The line protocol

7 a) T; V. a, G4 Q' T! e

IP on the interface GigabitEthernet0/0/0 has entered the UP state.

[Huawei-GigabitEthernet0/0/0]q

[Huawei]interface giga 0/0/1

- X3 Z. D7 r1 O$ d7 q3 S" I& E3 D$ E

[Huawei-GigabitEthernet0/0/1]ip address 1.1.1.1 255.255.255.0

[Huawei-GigabitEthernet0/0/1]q

[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1

+ u$ V0 ~1 q8 E3 w" i# `/ \7 e

[Huawei]ip route-static 192.168.0.0 255.255.0.0 1.1.1.2

[Huawei]q

save

  The current configuration will be written to the device.

% u: X5 l7 ~6 `" d" }/ |

  Are you sure to continue? (y/n)[n]:y

  u. L/ ?% f9 [3 z# [2 s

  It will take several minutes to save configuration file, please wait..........

' s8 T, h! x! a) R; L8 b( m; A2 m  N- f

  Configuration file had been saved successfully

) W6 q1 o& y! ?9 m8 `; B

  Note: The configuration file will take effect after being activated

% w4 e6 D$ z: s5 ?: a, U

Mar 13 2014 07:37:25-05:13 Huawei ARP/4/ARP_IPCONFLICT_TRAP:OID 16777216.50331648

" X6 c) J+ i0 Q7 J' Y

.100663296.16777216.67108864.16777216.3674669056.83886080.419430400.2063597568.33

554432.100663296 ARP detects IP conflict. (IP address=201.1.168.192, Local interf

ace=GigabitEthernet0/0/0, Local MAC=4437-e68c-b212, Local vlan=0, Local CE vlan=0

, Receive interface=GigabitEthernet0/0/0, Receive MAC=1c1a-c00f-253f, Receive vla

8 x6 m, G) ~! a9 u5 U, u" C/ {

n=0, Receive CE vlan=0, IP conflict type=Remote IP conflict).

+ R' R7 U+ J; v6 J7 j

2 T7 H1 S+ f' n/ z: X4 y0 Q0 m  {/ _: ?

---

接下来配置S5700交换机,GE1接口IP为1.1.1.2,属于vlan100,GE2接口属于vlan1,GE3接口属于vlan2,代码如下

---

[Huawei]vlan batch 2 4 6 8 100

Info: This operation may take a few seconds. Please wait for a moment...done.

[Huawei]

/ y  k7 t- r$ ^4 H4 v' A

Mar 13 2014 10:38:34-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.

+ c! x+ ]& O7 n3 }7 ~3 k9 H

25.191.3.1 configurations have been changed. The current change number is 4, the

( ~% r4 p% N7 Y& W

change loop count is 0, and the maximum number of records is 4095.

[Huawei]interface vlanif 100

[Huawei-Vlanif100]ip address 1.1.1.2 255.255.255.0

[Huawei-Vlanif100]

+ L' }2 h' w% G% J

Mar 13 2014 10:40:14-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.

25.191.3.1 configurations have been changed. The current change number is 6, the

1 S, g( y+ Z8 x$ O1 H5 S. p, M

change loop count is 0, and the maximum number of records is 4095.

[Huawei-Vlanif100]q

[Huawei]interface giga 0/0/1

2 M( p3 ?0 P# ^4 ~3 r* {

[Huawei-GigabitEthernet0/0/1]port link-type access

[Huawei-GigabitEthernet0/0/1]port default vlan 100

[Huawei-GigabitEthernet0/0/1]q

  _0 D# Q) u6 E. P8 v2 L2 o! n/ J3 D

[Huawei]ip route-static 0.0.0.0 0.0.0.0 1.1.1.1

( ]' t! h1 K/ H# a

[Huawei]

  f0 e2 \) i( y: h1 d9 g2 t  s

Mar 13 2014 10:43:24-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.

25.191.3.1 configurations have been changed. The current change number is 9, the

2 E8 X" S% S' d% T3 e$ u

change loop count is 0, and the maximum number of records is 4095.

8 |9 V* Y! T* X7 Z# R. w

[Huawei]interface vlanif 1

% m3 d; c( z& X4 c1 U1 ?2 x" H$ L

[Huawei-Vlanif1]ip address 192.168.0.1 255.255.255.0

$ }& i' G9 {$ ]. l: e. _

[Huawei-Vlanif1]q

[Huawei]interface vlanif 2

[Huawei-Vlanif2]ip address 192.168.2.1 255.255.255.0

1 l% X$ b! V# B

[Huawei-Vlanif2]q

) t/ m4 x" t0 G

[Huawei]interface giga 0/0/3

7 I2 u  |0 v# F  I3 R. D+ g

[Huawei-GigabitEthernet0/0/3]port link-type access

9 s( P$ B3 T, L+ v: F3 x, r

[Huawei-GigabitEthernet0/0/3]port default vlan 2

[Huawei-GigabitEthernet0/0/3]

[Huawei]q

save

The current configuration will be written to the device.

. K9 i  k6 ~: v

Are you sure to continue?[Y/N]y

Now saving the current configuration to the slot 0.

/ `7 ^! ]" I, H0 ^% M

Mar 13 2014 11:02:44-08:00 Huawei %CFM/4/SAVE(l)[11]:The user chose Y when dec

7 m" W! R8 {3 c

iding whether to save the configuration to the device.

* n# w3 Z3 j+ _5 u" i4 W# q

Save the configuration successfully.

  d: |' Y  u% u4 F( U

---

然后设置PC1和PC2的IP地址,先ping 1.1.1.1,如果没有问题再ping 192.168.1.3,192.168.1.111,202.99.192.66,一路ping下来是不是感觉有点小成就感,如果PC2无法ping通,那么就像昨天一样,在自己的真实路由器上做个静态路由指向192.168.2.0便可以了.需要的可以下载附件导出配置文件看.