一、设计目的
利用华为HCNA网络技术设计经典网络实例,仿真实现日常生活中小型网络的基本需求。
二、设计原理
- 实验拓扑图
三、设计要求
1.链路聚合
2.VLAN
3.STP
4.IP地址规划
根据表格为设备配置IP地址以及网关。
注:所有VLAN内主机的网关都在SW1上。
5.PPP认证
6.DHCP服务
7.配置RIP协议
8.NAT技术
9.设备登陆控制
10.流量控制
四、设计步骤
1.链路聚合
(1)SW1和SW2之间配置三条链路的LACP模式的链路聚合,其中SW1为主动端,SW2为被动端
//配置二层Eth-Trunk接口
[S1]interface Eth-Trunk 1
[S2]interface Eth-Trunk 1
//配置链路聚合模式为LACP模式
LACP模式下,需手工创建Eth-Trunk,手工加入Eth-Trunk成员接口,但活动接口的选择是由LACP协商确定的,配置相对灵活。
[S1-Eth-Trunk1]mode lacp
[S2-Eth-Trunk1]mode lacp
//将成员接口加入聚合组
[S1-Eth-Trunk1]trunkport GigabitEthernet 0/0/22 to 0/0/24
[S2-Eth-Trunk1]trunkport GigabitEthernet 0/0/22 to 0/0/24
//在S1上配置优先级为100,使其成为LACP主动端
[S1]lacp priority 100
(2)LACP的最大活跃链路为3条
//在S1,S2上配置活动接口上限阈值为3
[S1]interface Eth-Trunk 1
[S1-Eth-Trunk1]max active-linknumber 3
[S2-Eth-Trunk1]max active-linknumber 3
//在S1上配置接口优先级确定活动链路
[S1-GigabitEthernet0/0/22]lacp priority 100
[S1-GigabitEthernet0/0/23]lacp priority 100
[S1-GigabitEthernet0/0/24]lacp priority 100
查看链路聚合配置结果:
2.VLAN
(1)按照拓扑要求将交换机连接PC和路由器的端口划分进相应VLAN。
//在S3上,将端口E0/0/3和E0/0/4分别加入到VLAN 10和VLAN 20。
[S3-Ethernet0/0/3]port link-type access
[S3-Ethernet0/0/4]port link-type access
[S3]vlan 10
[S3]vlan 20
[S3-vlan10]port Ethernet 0/0/3
[S3-vlan20]port Ethernet 0/0/4
//在S4上,将端口E0/0/3和E0/0/4分别加入VLAN 10和VLAN 20。
[S4-Ethernet0/0/3]port link-type access
[S4-Ethernet0/0/4]port link-type access
[S4-vlan10]port Ethernet 0/0/3
[S4-vlan20]port Ethernet 0/0/4
//在S1上,将端口G0/0/1加入VLAN 13。
[S1-GigabitEthernet0/0/1]port link-type access
[S1-vlan13]port GigabitEthernet 0/0/1
//在S2上,将端口G0/0/1加入VLAN 14。
[S2-GigabitEthernet0/0/1]port link-type access
[S2-vlan14]port GigabitEthernet 0/0/1
(2)交换机之间互联端口配置为TRUNK端口并允许除VLAN 1以外其他所有VLAN通过。
[S1-GigabitEthernet0/0/2]port link-type trunk
[S1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[S1-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1
[S1-GigabitEthernet0/0/2]int g0/0/3
[S1-GigabitEthernet0/0/3]port link-type trunk
[S1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[S1-GigabitEthernet0/0/3]undo port trunk allow-pass vlan 1
[S2-GigabitEthernet0/0/2]port link-type trunk
[S2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[S2-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1
[S2-GigabitEthernet0/0/2]int g0/0/3
[S2-GigabitEthernet0/0/3]port link-type trunk
[S2-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[S2-GigabitEthernet0/0/3]undo port trunk allow-pass vlan 1
[S3-Ethernet0/0/1]port link-type trunk
[S3-Ethernet0/0/1]port trunk allow-pass vlan all
[S3-Ethernet0/0/1]undo port trunk allow-pass vlan 1
[S3-Ethernet0/0/1]int e0/0/2
[S3-Ethernet0/0/2]port link-type trunk
[S3-Ethernet0/0/2]port trunk allow-pass vlan all
[S3-Ethernet0/0/2]undo port trunk allow-pass vlan 1
[S4]int e0/0/1
[S4-Ethernet0/0/1]port link-type trunk
[S4-Ethernet0/0/1]port trunk allow-pass vlan all
[S4-Ethernet0/0/1]undo port trunk allow-pass vlan 1
[S4-Ethernet0/0/1]int e0/0/2
[S4-Ethernet0/0/2]port link-type trunk
[S4-Ethernet0/0/2]port trunk allow-pass vlan all
[S4-Ethernet0/0/2]undo port trunk allow-pass vlan 1
查看VLAN配置结果:
3.STP
(1)所有交换机运行RSTP。
[S1]stp mode rstp
[S2]stp mode rstp
[S3]stp mode rstp
[S4]stp mode rstp
(2)指定SW1为根桥,SW2为备份根桥。
//配置根桥和备份根桥设备
[S1]stp root primary
[S2]stp root secondary
//全局使能RSTP
[S1]stp enable
[S2]stp enable
[S3]stp enable
[S4]stp enable
(3)交换机连接PC的端口配置为边缘端口,并在开启边缘端口的交换机开启BPDU保护
//S3,S4连接PC的端口配置为边缘端口,并开启BPDU保护
[S3]int e0/0/3
[S3-Ethernet0/0/3]stp edged-port enable
[S3-Ethernet0/0/3]stp bpdu-filter enable
[S3-Ethernet0/0/3]int e0/0/4
[S3-Ethernet0/0/4]stp edged-port enable
[S3-Ethernet0/0/4]stp bpdu-filter enable
[S4]int e0/0/3
[S4-Ethernet0/0/3]stp edged-port enable
[S4-Ethernet0/0/3]stp bpdu-filter enable
[S4-Ethernet0/0/3]int e0/0/4
[S4-Ethernet0/0/4]stp edged-port enable
[S4-Ethernet0/0/4]stp bpdu-filter enable
(4)在根桥的DP端口开启根保护功能。
//在根桥的DP端口开启根保护功能
[S1]int g0/0/2
[S1-GigabitEthernet0/0/2]stp root-protection
[S1-GigabitEthernet0/0/2]int g0/0/3
[S1-GigabitEthernet0/0/3]stp root-protection
[S1]int Eth-Trunk 1
[S1-Eth-Trunk1]stp root-protection
(5)在SW2的RP端口开启环路保护功能
//在SW2的RP端口开启环路保护功能
[S2]int Eth-Trunk 1
[S2-Eth-Trunk1]stp loop-protection
查看STP配置结果:
4.IP地址规划
[S1]vlan 10
[S1-vlan10]vlan 20
[S1-vlan20]vlan 14
[S1-Vlanif10]ip add 10.1.10.254 24
[S1-Vlanif20]ip add 10.1.20.254 24
[S1-Vlanif13]ip add 10.1.13.3 24
[S1-Vlanif14]ip add 10.1.14.4 24
[R1]int s1/0/0
[R1-Serial1/0/0]ip add 100.1.12.1 24
[R1-Serial1/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 10.1.13.1 24
[R1-GigabitEthernet0/0/1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip add 10.1.14.1 24
[R2]int s1/0/0
[R2-Serial1/0/0]ip add 100.1.12.2 24
[R2-Serial1/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 100.1.1.254 24
5.PPP
配置R1和R2之间PPP的CHAP认证,R1为认证方,R2为被认证方,认证用户名为user1,密码为huawei@123。
[R1]aaa
[R1-aaa]local-user user1 password cipher huawei@123
Info: Add a new user.
[R1-aaa]local-user user1 service-type ppp
[R1-aaa]int s1/0/0
[R1-Serial1/0/0]link-protocol ppp
[R1-Serial1/0/0]ppp authentication-mode chap
[R2]int s1/0/0
[R2-Serial1/0/0]link-protocol ppp
[R2-Serial1/0/0]ppp chap user user1
[R2-Serial1/0/0]ppp chap password cipher huawei@123
查看PPP配置结果:
6.DHCP
(1)在SW1上部署DHCP服务器,使用全局地址池,为VLAN 10和VLAN 20分配IP地址
//在S1上部署DHCP服务器,使用全局地址池
[S1]dhcp enable
[S1]ip pool vlan10 //创建一个全局地址池名为vlan10
[S1]ip pool vlan20 //创建一个全局地址池名为vlan20
(2)VLAN 10分配网段为10.1.10.0/24,VLAN 20分配10.1.20.0/24网段
[S1-ip-pool-vlan10]network 10.1.10.0 mask 255.255.255.0
[S1-ip-pool-vlan20]net 10.1.20.0 mask 255.255.255.0
(3)指定VLAN 10获取网关为10.1.10.254,VLAN 20获取网关为10.1.20.254
[S1-ip-pool-vlan10]gateway-list 10.1.10.254
[S1-ip-pool-vlan20]gateway-list 10.1.20.254
(4)指定PC1获得10.1.10.100的IP地址
//查看PC1的MAC地址为
static-bind ip-address 10.1.10.100 mac-address 5489-986B-5A1D
(5)地址分配租期为10 h
[S1-ip-pool-vlan10]lease day 0 hour 10
[S1-ip-pool-vlan20]lease day 0 hour 10
(6)保留10.1.10.200~10.1.10.210地址不能分配
[S1-ip-pool-vlan10]excluded-ip-address 10.1.10.200 10.1.10.210
[S1-Vlanif10]dhcp select global
[S1-Vlanif20]dhcp select global
查看DHCP配置结果:
PC1
PC2
PC3
PC4
7.RIP
(1)在R1和R2之间互联公网网段运行RIPv2,通告两台设备直连网段
[R1]rip
[R1-rip-1]network 100.0.0.0
[R1-rip-1]network 10.0.0.0
[R1-rip-1]version 2
[R2]rip
[R2-rip-1]network 100.1.0.0
[R2-rip-1]version 2
(2)在R1上将链接SW1和SW2的端口配置为静默端口
[R1]rip 1
[R1-rip-1]silent-interface GigabitEthernet 0/0/1
[R1-rip-1]silent-interface GigabitEthernet 0/0/2
(3)将R1和R2之间开销值配置为5跳。(注意来回一致)
[R1-Serial1/0/0]rip metricout 5
[R2-Serial1/0/0]rip metricout 5
查看RIP配置结果:
8.NAT
(1)在R1上部署地址池NAPT技术,使得内网只有10.1.10.0/24和10.1.20.0/24网段可以通过地址池访问外网服务器
(2)地址池范围为100.1.2.1~100.1.2.10
//在R1上配置NAT Outbound
[R1]nat address-group 1 100.1.2.1 100.1.2.10
[R1]acl 2000
[R1-acl-basic-2000]rule 5 permit source 10.1.10.0 0.0.0.255
[R1-acl-basic-2000]rule 10 permit source 10.1.20.0 0.0.0.255
[R1-Serial1/0/0]nat outbound 2000 address-group 1
(3)在SW1,SW2,R1合理配置静态路由使得内网可以通过NAT访问外网
[S1]ip route-static 100.1.1.0 24 10.1.13.1
[S1]ip route-static 100.1.12.0 24 10.1.13.1
[S2]ip route-static 100.1.1.0 24 10.1.14.1
[S2]ip route-static 100.1.12.0 24 10.1.14.1
[R1]ip route-static 10.1.10.0 24 10.1.13.3
[R1]ip route-static 10.1.20.0 24 10.1.13.3
[R2]ip route-static 100.1.2.0 24 100.1.12.1
查看NAT配置结果:
内网可以ping通外网
9.设备登录控制
(1)配置R1可以通过密码huawei@123进行Console登陆
[R1]user-interface console 0
[R1-ui-console0]authentication-mode aaa
[R1-ui-console0]user privilege level 15
[R1]aaa
[R1-aaa]local-user admin1234 password cipher huawei@123
Info: Add a new user.
[R1-aaa]local-user admin1234 privilege level 3
[R1-aaa]local-user admin1234 service-type terminal
(2)配置R2可以通过用户名user1以及密码huawei@123进行Telnet登陆,用户登陆后的权限为3级权限。配置完成后可以在R1上进行Telnet测试
[R2]aaa
[R2-aaa]local-user user1 password cipher huawei@123 privilege level 3
[R2-aaa]local-user user1 service-type telnet
[R2]user-interface vty 0 4
[R2-ui-vty0-4]authentication-mode aaa
查看登录控制配置结果:
10.流量控制
在R2的G0/0/1接口通过配置流量控制,只允许内网用户通过NAT访问HTTP-Server的HTTP流量和ICMP流量,其他流量不能通过该接口。
[R2]acl 3000
[R2-acl-adv-3000]rule 5 permit icmp source 100.1.0.0 0.0.255.255 destination 100.1.1.1 0.0.0.0
[R2-acl-adv-3000]rule 10 permit tcp source 100.1.0.0 0.0.255.255 destination 100.1.1.1 0.0.0.0
[R2-GigabitEthernet0/0/1]traffic-filter outbound acl 3000
查看流量控制配置结果:
五、配置
AR1:
密码:huawei@123
<R1>display current-configuration
[V200R003C00]
sysname R1
board add 0/1 2SA
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
acl number 2000
rule 5 permit source 10.1.10.0 0.0.0.255
rule 10 permit source 10.1.20.0 0.0.0.255
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user user1 password cipher %$%$u,nJS!4!kMJ1r^+FO-:J+lQn%$%$
local-user user1 service-type ppp
local-user admin1234 password cipher %$%$3gpcV_DG'Fa>t}0~oFZG/{C"%$%$
local-user admin1234 privilege level 3
local-user admin1234 service-type terminal
firewall zone Local
priority 15
nat address-group 1 100.1.2.1 100.1.2.10
interface Serial1/0/0
link-protocol ppp
ppp authentication-mode chap
ip address 100.1.12.1 255.255.255.0
rip metricout 5
nat outbound 2000 address-group 1
interface Serial1/0/1
link-protocol ppp
interface GigabitEthernet0/0/0
interface GigabitEthernet0/0/1
ip address 10.1.13.1 255.255.255.0
interface GigabitEthernet0/0/2
ip address 10.1.14.1 255.255.255.0
interface NULL0
rip 1
version 2
network 100.0.0.0
network 10.0.0.0
silent-interface GigabitEthernet0/0/1
silent-interface GigabitEthernet0/0/2
ip route-static 0.0.0.0 0.0.0.0 100.1.12.2
ip route-static 10.1.10.0 255.255.255.0 10.1.13.3
ip route-static 10.1.20.0 255.255.255.0 10.1.13.3
user-interface con 0
authentication-mode aaa
user-interface vty 0 4
user-interface vty 16 20
wlan ac
return
AR2:
<R2>display current-configuration
[V200R003C00]
sysname R2
board add 0/1 2SA
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
acl number 3000
rule 5 permit icmp source 100.1.0.0 0.0.255.255 destination 100.1.1.1 0
rule 10 permit tcp source 100.1.0.0 0.0.255.255 destination 100.1.1.1 0
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user user1 password cipher %$%$fFf3J'f)SJ+wwuP3(uTW/5U#%$%$
local-user user1 privilege level 3
local-user user1 service-type telnet
firewall zone Local
priority 15
interface Serial1/0/0
link-protocol ppp
ppp chap user user1
ppp chap password cipher %$%$j9yq@Tr&>4l:a`N%TV[:,"q,%$%$
ip address 100.1.12.2 255.255.255.0
rip metricout 5
interface Serial1/0/1
link-protocol ppp
interface GigabitEthernet0/0/0
interface GigabitEthernet0/0/1
ip address 100.1.1.254 255.255.255.0
traffic-filter outbound acl 3000
interface GigabitEthernet0/0/2
interface NULL0
rip 1
version 2
network 100.0.0.0
ip route-static 100.1.1.0 255.255.255.0 100.1.1.1
ip route-static 100.1.2.0 255.255.255.0 100.1.12.1
user-interface con 0
authentication-mode password
user-interface vty 0 4
authentication-mode aaa
user privilege level 3
user-interface vty 16 20
wlan ac
return
<R2>
LSW1:
<S1>display current-configuration
sysname S1
vlan batch 10 13 to 14 20
stp mode rstp
stp instance 0 root primary
lacp priority 100
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
dhcp enable
diffserv domain default
drop-profile default
ip pool vlan10
gateway-list 10.1.10.254
network 10.1.10.0 mask 255.255.255.0
static-bind ip-address 10.1.10.100 mac-address 5489-986b-5a1d
excluded-ip-address 10.1.10.200 10.1.10.210
lease day 0 hour 10 minute 0
ip pool vlan20
gateway-list 10.1.20.254
network 10.1.20.0 mask 255.255.255.0
lease day 0 hour 10 minute 0
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
interface Vlanif10
ip address 10.1.10.254 255.255.255.0
dhcp select global
interface Vlanif13
ip address 10.1.13.3 255.255.255.0
interface Vlanif14
ip address 10.1.14.4 255.255.255.0
interface Vlanif20
ip address 10.1.20.254 255.255.255.0
dhcp select global
interface MEth0/0/1
interface Eth-Trunk1
stp root-protection
mode lacp-static
max active-linknumber 3
interface GigabitEthernet0/0/1
port link-type access
port default vlan 13
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
stp root-protection
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
stp root-protection
interface GigabitEthernet0/0/4
interface GigabitEthernet0/0/5
interface GigabitEthernet0/0/6
interface GigabitEthernet0/0/7
interface GigabitEthernet0/0/8
interface GigabitEthernet0/0/9
interface GigabitEthernet0/0/10
interface GigabitEthernet0/0/11
interface GigabitEthernet0/0/12
interface GigabitEthernet0/0/13
interface GigabitEthernet0/0/14
interface GigabitEthernet0/0/15
interface GigabitEthernet0/0/16
interface GigabitEthernet0/0/17
interface GigabitEthernet0/0/18
interface GigabitEthernet0/0/19
interface GigabitEthernet0/0/20
interface GigabitEthernet0/0/21
interface GigabitEthernet0/0/22
eth-trunk 1
lacp priority 100
interface GigabitEthernet0/0/23
eth-trunk 1
lacp priority 100
interface GigabitEthernet0/0/24
eth-trunk 1
lacp priority 100
interface NULL0
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
ip route-static 10.1.13.1 255.255.255.255 GigabitEthernet0/0/1
ip route-static 100.1.1.0 255.255.255.0 10.1.13.1
ip route-static 100.1.12.0 255.255.255.0 10.1.13.1
user-interface con 0
user-interface vty 0 4
return
LSW2:
<S2>display current-configuration
sysname S2
vlan batch 10 13 to 14 20
stp mode rstp
stp instance 0 root secondary
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
diffserv domain default
drop-profile default
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
interface MEth0/0/1
interface Eth-Trunk1
stp loop-protection
mode lacp-static
max active-linknumber 3
interface GigabitEthernet0/0/1
port link-type access
port default vlan 14
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/4
interface GigabitEthernet0/0/5
interface GigabitEthernet0/0/6
interface GigabitEthernet0/0/7
interface GigabitEthernet0/0/8
interface GigabitEthernet0/0/9
interface GigabitEthernet0/0/10
interface GigabitEthernet0/0/11
interface GigabitEthernet0/0/12
interface GigabitEthernet0/0/13
interface GigabitEthernet0/0/14
interface GigabitEthernet0/0/15
interface GigabitEthernet0/0/16
interface GigabitEthernet0/0/17
interface GigabitEthernet0/0/18
interface GigabitEthernet0/0/19
interface GigabitEthernet0/0/20
interface GigabitEthernet0/0/21
interface GigabitEthernet0/0/22
eth-trunk 1
interface GigabitEthernet0/0/23
eth-trunk 1
interface GigabitEthernet0/0/24
eth-trunk 1
interface NULL0
ip route-static 100.1.1.0 255.255.255.0 10.1.14.1
ip route-static 100.1.12.0 255.255.255.0 10.1.14.1
user-interface con 0
user-interface vty 0 4
return
LSW3:
[S3]dis current-configuration
sysname S3
vlan batch 10 20
stp mode rstp
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
diffserv domain default
drop-profile default
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
interface MEth0/0/1
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
interface Ethernet0/0/3
port link-type access
port default vlan 10
stp bpdu-filter enable
stp edged-port enable
interface Ethernet0/0/4
port link-type access
port default vlan 20
stp bpdu-filter enable
stp edged-port enable
interface Ethernet0/0/5
interface Ethernet0/0/6
interface Ethernet0/0/7
interface Ethernet0/0/8
interface Ethernet0/0/9
interface Ethernet0/0/10
interface Ethernet0/0/11
interface Ethernet0/0/12
interface Ethernet0/0/13
interface Ethernet0/0/14
interface Ethernet0/0/15
interface Ethernet0/0/16
interface Ethernet0/0/17
interface Ethernet0/0/18
interface Ethernet0/0/19
interface Ethernet0/0/20
interface Ethernet0/0/21
interface Ethernet0/0/22
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface NULL0
ip route-static 0.0.0.0 0.0.0.0 Ethernet0/0/1
ip route-static 10.1.13.1 255.255.255.255 Ethernet0/0/1
user-interface con 0
user-interface vty 0 4
return
LSW4:
<S4>dis current-configuration
sysname S4
vlan batch 10 20
stp mode rstp
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
diffserv domain default
drop-profile default
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
interface MEth0/0/1
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
interface Ethernet0/0/3
port link-type access
port default vlan 10
stp bpdu-filter enable
stp edged-port enable
interface Ethernet0/0/4
port link-type access
port default vlan 20
stp bpdu-filter enable
stp edged-port enable
interface Ethernet0/0/5
interface Ethernet0/0/6
interface Ethernet0/0/7
interface Ethernet0/0/8
interface Ethernet0/0/9
interface Ethernet0/0/10
interface Ethernet0/0/11
interface Ethernet0/0/12
interface Ethernet0/0/13
interface Ethernet0/0/14
interface Ethernet0/0/15
interface Ethernet0/0/16
interface Ethernet0/0/17
interface Ethernet0/0/18
interface Ethernet0/0/19
interface Ethernet0/0/20
interface Ethernet0/0/21
interface Ethernet0/0/22
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface NULL0
user-interface con 0
user-interface vty 0 4
return
如有需要可以关注我的个人公众号【N小王日记】,里面有我个人联系方式。
