在这里插入代码片1000人校园区网设计
1、配置Eth-trunk实现链路冗余 vlan 900 管理WLAN
#接入SW8 操作：sys
undo in en
sysname JR-SW8
int Eth-Trunk 1
mode lacp-static
trunkport g0/0/1 0/0/2
port link-type trunk 
port trunk allow-pass vlan 200 900
qu
vlan batch 200  900port-g g eth 0/0/2 eth 0/0/3  #批量操作
port link-type access 
port default vlan 200 #核心 SW1
sys
sysname HX_SW1
int Eth-Trunk 1
trunkport g 0/0/2  0/0/5
port link-type trunk
port trunk allow-pass vlan 200 900
qu
vlan batch 10 20 30 40 200 900#接入 SW5
sys
sysname JR_SW5
vlan batch 10 900
port group g e0/0/2 e0/0/3  #批量配置
port link-type access
port default vlan 10#上联口
int g 0/0/1 
port link-type trunk
port trunk allow-pass vlan 10 900
q#接入SW6
sys
sysname JR_SW6
vlan batch 20 900
int e0/0/1
port link-type access
port default vlan20
q
int g0/0/1
port link-type trunk
port trunk allow-pass vlan 20 900#汇聚SW2
sys
sysname HJ_SW2
vlan batch 10 20 900
int g0/0/2
port link-type trunk
port trunk allow-pass vlan  10 900int g0/0/3
port-type trunk
port trunk allow-pass vlan 20 900int g0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 900#接入SW7
sys
sysname JR_SW7
undo in en
vlan batch 30 900
port-g g e0/0/1 to e0/0/22
port link-type access
port default vlan 30 int g0/0/1
port link-type trunk
port trunk allow-pass vlan 30 900#汇聚SW3
sys
sysname HJ_SW3
undo in en
vlan batch 30 900
qu
port-g g g0/0/1 g0/0/2
port link-type trunk
port trunk allow-pass vlan 30 900
qu#接入SW9
sys
sysname JR_SW9
undo  in en
vlan batch 40 900
int e0/0/2
port link-type access
port default vlan 40
int g0/0/1   #上联口
port link-type trunk
port trunk allow-pass vlan 40 900
#汇聚SW4
sys
sysname HJ_SW4
vlan batch 40 900
port-g g g0/0/1 g0/0/2
port link-type trunk
port trunk allow-pass vlan 20 900
qu#核心 SW1
vlan 800
int g0/0/0 
port link-type trunk
port trunk allow-pass vlan 10 20 900int g0/0/3
port link-type trunk
port trunk allow-pass vlan 30 900int g0/0/4
port link-type trunk 
port trunk allow-pass vlan 40 900int g0/0/24
port link-type access
port default vlan 800
qu#网关SIV配置
#核心SW1
int vlan 10
ip add 192.168.10.1 24
1000人校园区网设计
1、配置Eth-trunk实现链路冗余 vlan 900 管理WLAN
#接入SW8 操作：sys
undo in en
sysname JR-SW8
int Eth-Trunk 1
mode lacp-static
trunkport g0/0/1 g/0/2
port link-type trunk vlan 
port trunk allow-pass vlan 200 900
qu
vlan batch 200  900port-g g eth 0/0/2 eth 0/0/3  #批量操作
port link-type access 
port default vlan 200 #核心 SW1
sys
sysname HX_SW1
int Eth-Trunk 1
trunkport g0/0/2 g0/0/5
port link-type trunk
port trunk allow-pass vlan 200 900
qu
vlan batch 10 20 30 40 200 900#接入 SW5
sys
sysname JR_SW5
vlan batch 10 900
port group g e0/0/2 e0/0/3  #批量配置
port link-type access
port default vlan 10#上联口
int g 0/0/1 
port link-type trunk
port trunk allow-pass vlan 10 900
q#接入SW6
sys
sysname JR_SW6
vlan batch 20 900
int g0/0/1
port link-type access
port default vlan20
q
int g0/0/1
port link-type trunk
port trunk allow-pass vlan 20 900#汇聚SW2
sys
sysname HJ_SW2
vlan batch 10 20 900
int g0/0/2
port link-type trunk
port allow-pass vlan  10 900int g0/0/3
port-type trunk
port trunk allow-pass vlan 20 900int g0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 900#接入SW7
sys
sysname JR_SW7
undo in en
vlan batch 30 900
port-g g e0/0/1 to e0/0/22
port link-type access
port default vlan 30 int g0/0/1
port link-type trunk
port trunk allow-pass vlan 30 900#汇聚SW3
sys
sysname HJ_SW3
undo in en
vlan batch 30 900
qu
port-g g g0/0/1 g0/0/2
port link-type trunk
port trunk allow-pass vlan 30 900
qu#接入SW9
sys
sysname JR_SW9
undo  in en
vlan batch 40 900
int e0/0/2
port link-type access
port default vlan 40
int g0/0/1   #上联口
port link-type trunk
port trunk allow-pass vlan 40 900
#汇聚SW4
sys
sysname HJ_SW4
vlan batch 40 900
port-g g g0/0/1 g0/0/2
port link-type trunk
port trunk allow-pass vlan 20 900
qu#核心 SW1
vlan 800
int g0/0/0 
port link-type trunk
port trunk allow-pass vlan 10 20 900int g0/0/3
port link-type trunk
port trunk allow-pass vlan 30 900int g0/0/4
port link-type trunk 
port trunk allow-pass vlan 40 900int g0/0/24
port link-type access
port default vlan 800
qu#网关SIV配置
#核心SW1
int vlan 10
ip add 192.168.10.1 24
int vlan 20
ip add 192.168.20.1 24
int vlan 30
ip add 192.168.30.1 24
int vlan 40
ip add 192.168.40.1 24
int vlan 200
ip add 192.168.200.1 24
int vlan 800
ip add 192.168.254.2 24#DHP配置
#核心SW1
DHCP enable
ip pool SYL_vlan10  #SYL_vlan10地址池名
network 192.168.10.0 mask 24
gateway-list 192.168.10.1
dns-list 114.114.114.114  8.8.8.8ip pool SYL_vlan20  #SYL_vlan20地址池名
network 192.168.20.0 mask 24
gateway-list 192.168.20.1
dns-list 114.114.114.114  8.8.8.8ip pool JXL_vlan30  #SYL_vlan10地址池名
network 192.168.30.0 mask 24
gateway-list 192.168.30.1
dns-list 114.114.114.114  8.8.8.8ip pool XZL_vlan40  #SYL_vlan10地址池名
network 192.168.40.0 mask 24
gateway-list 192.168.40.1
dns-list 114.114.114.114  8.8.8.8#配置select
int vlan 10
dhcp select globalint vlan 20
dhcp select globalint vlan 30
dhcp select globalint vlan 40
dhcp select global#OSPF配置，先配置接口地址
#出口AR1配置
int g4/0/0
ip add 192.168.254.1 24int g3/0/0
ip add 12.1.1.1 29int g0/0/1
ip add 13.1.1.1 29int g1/0/0
ip add 192.168.104.1 30int g2/0/0
ip add 192.168.105.1 30
qu#移动R6
sysname YD_R2
int e0/0/0
ip add 12.1.1.6 29
int loo 0
ip add 9.9.9.9 24
description baidu #描述
#联通
sysname LT_R3
int e0/0/0
ip add 13.1.1.6 29
int loo  0
ip add 9.9.9.9 24
#新校区1
sysname XXQ1_R4
int e0/0/1
ip add 192.168.104.2 30
int e0/0/0
ip add 192.168.100.1 24#新校区2
sysname XXQ2_R5
int e0/0/0
ip add 192.168.105.2 30
int e0/0/1
ip add 192.168.150.1 24#核心SW1
sys
ospf 1 route-id 1.1.1.1  # route 随便起
#宣告网段
area 0
network 192.168.200.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.254.0 0.0.0.255#AR2 宣告网段
sys
ospf 1 route-id 2.2.2.2
area 0
network 192.168.254.0 0.0.0.255
network 192.168.104.1 0.0.0.0
network 192.168.105.1 0.0.0.0#新校区1R4宣告
sys
ospf 1 route-id 4.4.4.4
area 0
network 192.168.104.2 0.0.0.0
network 192.168.100.1 0.0.0.0#新校区2R5宣告
sys
ospf 1 route-id 5.5.5.5
area 0
network 192.168.105.2 0.0.0.0
network 192.168.150.1 0.0.0.0#广域网出口选择
#核心SW1写个缺省路由
ip route-static 0.0.0.0 0 192.168.254.1
#出口AR1上配置
sys
ip route-static 0.0.0.0 0 12.1.1.6  #移动
ip route-static 0.0.0.0 0 13.1.1.6 preference 70  #优先级默认60改70，数值越小优先级越高 联通#NAT配置，出口AR1上配置
acl 2000
rule 5 permit source 192.168.0.0 0.0.255.255
qu
int g3/0/0
nat server protocol tcp global curretn-intface www inside 192.168.200.10 www 
nat outbound 2000
int g0/0/1
nat server protocol tcp global curretn-intface www inside 192.168.200.10 www
nat outbound 2000#telnet 配置
#规划管理
#管理vlan 900，管理IP 192.168.255.x/24
#核心255.1，汇聚SW2 255.2 汇聚SW3 255.3 汇聚SW4 255.4 
#接入SW5 255.5 接入SW6 255.6 接入SW7 255.7 接入SW8 255.8  #核心SW1
sys
aaa 
local-user aa privilege level 3 password cipher 123  #设置本地用户aa， privilege level权限级别 3 
local-user aa service-type telnet  #服务类型为telnet
qu
user-interface vty 0 4   #同时允许5个人登录
protocol inbound telnet  #物理机运行telnet进来
telnet server enable
authentication-mode aaa  # 从aaa拿用户认证
int vlan 900
ip add 192.168.255.1 24
#汇聚SW8
sys
aaa 
local-user aa privilege level 3 password cipher 123  #设置本地用户aa， privilege level权限级别 3 
local-user aa service-type telnet  #服务类型为telnet
qu
user-interface vty 0 4   #同时允许5个人登录
protocol inbound telnet  #物理机运行telnet进来
telnet server enable
authentication-mode aaa  # 从aaa拿用户认证
int vlan 900
ip add 192.168.255.8 24
qu
ip route-static 0.0.0.0 192.168.255.1  #让管理流量拿来之后能够回去，所有的汇聚和接入必须做#
#ACL访问控制链表
#财务服务器192.168.200.20
#核心SW1配置访问控制链表
acl 3000
rule 5 permit ip source 192.168.40.0 0.0.0.255 destination 192.168.200.20 0
rule 10 deny ip source any destination 192.168.200.20 0
int   Eth-Trunk1
traffic-filter outbound acl 3000#禁止vlan20的员工访问外网
#出口AR1上配置
sys
acl 3001
rule permit ip destination 192.168.0.0 0.0.255.255
rule deny ip source 192.168.20.0 0.0.0.255
# 配置入方向口上
int g4/0/0
traffic-filter inbound acl 3001#开启SNMP监控
snmp-agent sys-info version allo
snmp-agent community write 123
snmp-agent community read 456#DHP配置
#核心SW1
DHCP enable
ip pool SYL_vlan10  #SYL_vlan10地址池名
network 192.168.10.0 mask 24
gateway-list 192.168.10.1
dns-list 114.114.114.114  8.8.8.8ip pool SYL_vlan20  #SYL_vlan20地址池名
network 192.168.20.0 mask 24
gateway-list 192.168.20.1
dns-list 114.114.114.114  8.8.8.8ip pool JXL_vlan30  #SYL_vlan10地址池名
network 192.168.30.0 mask 24
gateway-list 192.168.30.1
dns-list 114.114.114.114  8.8.8.8ip pool XZL_vlan40  #SYL_vlan10地址池名
network 192.168.40.0 mask 24
gateway-list 192.168.40.1
dns-list 114.114.114.114  8.8.8.8#配置select
int vlan 10
dhcp select globalint vlan 20
dhcp select globalint vlan 30
dhcp select globalint vlan 40
dhcp select global#OSPF配置，先配置接口地址
#出口AR1配置
int g4/0/0
ip add 192.168.254.1 24int g3/0/0
ip add 12.1.1.1 29int g0/0/1
ip add 13.1.1.1 29int g1/0/0
ip add 192.168.104.1 30int g2/0/0
ip add 192.168.105.1 30
qu#移动
sysname YD_R2
int e0/0/0
ip add 12.1.1.6 29
int loo 0
ip add 9.9.9.9 24
description baidu #描述
#联通
sysname LT_R3
int e0/0/0
ip add 13.1.1.6 29
loo  0
ip add 9.9.9.9 24
#新校区1
sysname XXQ1_R4
int e0/0/1
ip add 192.168.104.2 30
int e0/0/0
ip add 192.168.100.1 24#新校区2
sysname XXQ2_R5
int e0/0/0
ip add 192.168.105.2 30
int e0/0/1
ip add 192.168.105.1 24#核心SW1
sys
ospf 1 route-id 1.1.1.1  # route 随便起
#宣告网段
area 0
network 192.168.200.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.254.0 0.0.0.255#AR2 宣告网段
sys
ospf 1 route-id 2.2.2.2
area 0
network 192.168.254.0 0.0.0.255
network 192.168.104.1 0.0.0.0
network 192.168.105.1 0.0.0.0#新校区1R4宣告
sys
ospf 1 route-id 4.4.4.4
area 0
network 192.168.104.2 0.0.0.0
network 192.168.100.1 0.0.0.0#新校区2R5宣告
sys
ospf 1 route-id 5.5.5.5
area 0
network 192.168.105.2 0.0.0.0
network 192.168.150.1 0.0.0.0#广域网出口选择
#核心SW1写个缺省路由
sys
ip route-static 0.0.0.0 0 12.1.1.6  #移动
ip route-static 0.0.0.0 0 13.1.1.6 preference 70  #优先级默认60改70，数值越小优先级越高 联通#NAT配置，出口AR1上配置
acl 2000
rule 5 permit source 192.168.0.0 0.0.255.255
qu
int g3/0/0
nat outbound 2000
int g 0/0/1p
int g3/0/0
nat server protocol tcp global curretn-intface www inside 192.168.200.10 www 
nat outbound 2000
int g0/0/1
nat server protocol tcp global curretn-intface www inside 192.168.200.10 www 
nat outbound 2000#telnet 配置
#规划管理
#管理vlan 900，管理IP 192.168.255.x/24
#核心255.1，汇聚SW2 255.2 汇聚SW3 255.3 汇聚SW4 255.4 
#接入SW5 255.5 接入SW6 255.6 接入SW7 255.7 接入SW8 255.8  #核心SW1
sys
aaa 
local-user aa privilege level 3 password cipher 123  #设置本地用户aa， privilege level权限级别 3 
local-user aa service-type telnet  #服务类型为telnet
qu
user-interface vty 0 4   #同时允许5个人登录
protocol inbound telnet  #物理机运行telnet进来
authentication-mode aaa 
q
telnet server enable
# 从aaa拿用户认证
int vlan 900
ip add 192.168.255.1 24
#汇聚SW8   #所有汇聚和接入都做
sys
aaa 
local-user aa privilege level 3 password cipher 123  #设置本地用户aa， privilege level权限级别 3 
local-user aa service-type telnet  #服务类型为telnet
qu
user-interface vty 0 4   #同时允许5个人登录
protocol inbound telnet  #物理机运行telnet进来authentication-mode aaa  # 从aaa拿用户认证
int vlan 900
ip add 192.168.255.8 24
qu
telnet server enable
ip route-static 0.0.0.0 0 192.168.255.1  #让管理流量拿来之后能够回去，所有的汇聚和接入必须做#
#ACL访问控制链表
#财务服务器192.168.200.20
#核心SW1配置访问控制链表
acl 3000
rule 5 permit ip source 192.168.40.0 0.0.0.255 destination 192.168.200.20 0
rule 10 deny ip source any destination 192.168.200.20 0
int   Eth-Trunk1
traffic-filter outbound acl 3000#禁止vlan20的员工访问外网
#出口AR1上配置
sys
acl 3001
rule permit ip destination 192.168.0.0 0.0.255.255
rule deny ip source 192.168.20.0 0.0.0.255
# 配置入方向口上
int g4/0/0
traffic-filter inbound acl 3001#开启SNMP监控
snmp-agent sys-info version allo
snmp-agent community write 123
snmp-agent community read 456