园区网络设计与实施文档
1.企业背景
某集团经过业务发展,总公司在广州市体育中心附近,在海珠区和白云区有二个分公司,为了实现快捷的信息交流和资源共享,需要构建统一网络,整合公司所有相关业务流程。总公司采用双核心的网络架构模式,采用专线接入互联网,二个分公司分别租用二条专线光纤线路进行连接,特向ISP供应商取得如下公网IP地址:202.16.10.5~20/24,现要求组建网络,总体要求如下:
· 保证整个网络的稳定性、可靠性。
· 各单位部门能通过地址转换连接上互联网。
· 各部门划分VLAN,只有经理室才能访问分公司。
· 要求集团各部门能通过FTP服务器进行文件传输。
· 内网和外网均能访问公司的主页。
2.项目具体要求
· 画出总的拓扑结构图
· 作出具体IP地址规划和VLAN规划
· 写出网络设备连接表
· 给所有的设备进行命名,命令规则:姓名拼音_部门简称_设备名_编号
· 在所有设备上开启 telnet 管理功能,管理设备使用 cjnet做为用户名,口令为 telnet123。
· 总部的交换网络中,在两台三层核心交换机通过端口聚合进行冗余备份,各交换机间采用MSTP,核心交换机作为根桥,并作流量均衡。
· 全网采用专门的DHCP服务器进行IP统一分配。
· 全公司均能访问FTP服务器和WEB服务器。
· 总公司各部门均能相互访问,分公司各部门亦能相互访问,但只有总公司的经理部能访问公司各部门的数据。
· 制作网络工程实施文档以供查阅与维护。
3. 实验拓扑及规划
3.1 网络拓扑结构图
3.2 网络设备命名与设备连接表
根据网络拓扑结构图绘制网络设备命名与设备连接表,如表3.2所示:
3.3 IP地址规划
根据网络拓扑结构图绘制IP地址规划表,如表3.3所示:
3.4 VLAN规划表
根据项目要求制作VLAN规划表,如表3.4所示:
4.开启Telnet管理功能
4.1开启路由器Telnet
4.1.1配置设备WTQ38_fgs1_R_2
<WTQ38_fgs1_R_2>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_fgs1_R_2]user-i
[WTQ38_fgs1_R_2]user-interface vty 0 4
[WTQ38_fgs1_R_2-ui-vty0-4]authentication-mode aaa
[WTQ38_fgs1_R_2-ui-vty0-4]
[WTQ38_fgs1_R_2]aaa
[WTQ38_fgs1_R_2-aaa]local-user cjnet password cipher telnet123 privilege level 3
Info: Add a new user.
[WTQ38_fgs1_R_2-aaa]local-user cjnet service-type telnet
[WTQ38_fgs1_R_2-aaa]quit
[WTQ38_fgs1_R_2-aaa]
4.1.2配置设备WTQ38_ZB_R_1
<WTQ38_ZB_R_1>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_R_1]user-interface vty 0 4
[WTQ38_ZB_R_1-ui-vty0-4]authentication-mode aaa
[WTQ38_ZB_R_1-ui-vty0-4]quit
[WTQ38_ZB_R_1]aaa
[WTQ38_ZB_R_1-aaa]local-user cjnet password cipher telnet123 privilege level 3
Info: Add a new user.
[WTQ38_ZB_R_1-aaa]local-user cjnet service-type telnet
[WTQ38_ZB_R_1-aaa]quit
[WTQ38_ZB_R_1]
4.1.3配置设备WTQ38_fgs2_R_3
<WTQ38_fgs2_R_3>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_fgs2_R_3]user-interface vty 0 4
[WTQ38_fgs2_R_3-ui-vty0-4]authentication-mode aaa
[WTQ38_fgs2_R_3-ui-vty0-4]quit
[WTQ38_fgs2_R_3]aaa
[WTQ38_fgs2_R_3-aaa]local-user cjnet password cipher telnet123 privilege level 3
Info: Add a new user.
[WTQ38_fgs2_R_3-aaa]local-user cjnet service-type telnet
[WTQ38_fgs2_R_3-aaa]quit
[WTQ38_fgs2_R_3]
4.2开启三层交换机Telnet
4.2.1配置设备WTQ38_ZB_SW_1
<WTQ38_ZB_SW_1>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_SW_1]user-interface vty 0 4
[WTQ38_ZB_SW_1-ui-vty0-4]authentication-mode aaa
[WTQ38_ZB_SW_1]aaa
[WTQ38_ZB_SW_1-aaa]local-user cjnet password cipher telnet123 privilege level 3
Info: Add a new user.
[WTQ38_ZB_SW_1-aaa]local-user cjnet service-type telnet
[WTQ38_ZB_SW_1-aaa]quit
[WTQ38_ZB_SW_1]
4.2.2配置设备WTQ38_ZB_SW_2
<WTQ38_ZB_SW_2>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_SW_2]user-interface vty 0 4
[WTQ38_ZB_SW_2-ui-vty0-4]authentication-mode aaa
[WTQ38_ZB_SW_2-ui-vty0-4]quit
[WTQ38_ZB_SW_2]aaa
[WTQ38_ZB_SW_2-aaa]local-user cjnet password cipher telnet123 privilege level 3
Info: Add a new user.
[WTQ38_ZB_SW_2-aaa]local-user cjnet service-type telnet
[WTQ38_ZB_SW_2-aaa]quit
[WTQ38_ZB_SW_2]
5.配置端口聚合
5.1配置设备WTQ38_ZB_SW_1
<WTQ38_ZB_SW_1>sy
<WTQ38_ZB_SW_1>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_SW_1]interface Eth-Trunk 1
[WTQ38_ZB_SW_1-Eth-Trunk1]mode lacp-static
[WTQ38_ZB_SW_1-Eth-Trunk1]quit
[WTQ38_ZB_SW_1]
[WTQ38_ZB_SW_1]lacp priority 100
[WTQ38_ZB_SW_1]interface Eth-Trunk 1
[WTQ38_ZB_SW_1-Eth-Trunk1]max active-linknumber 3 [WTQ38_ZB_SW_1-Eth-Trunk1]quit
[WTQ38_ZB_SW_1]interface GigabitEthernet 0/0/22
[WTQ38_ZB_SW_1-GigabitEthernet0/0/22]eth-trunk 1
[WTQ38_ZB_SW_1-GigabitEthernet0/0/22]lacp priority 100
[WTQ38_ZB_SW_1-GigabitEthernet0/0/22]quit
[WTQ38_ZB_SW_1]interface GigabitEthernet 0/0/22
[WTQ38_ZB_SW_1-GigabitEthernet0/0/22]eth-trunk 1
[WTQ38_ZB_SW_1-GigabitEthernet0/0/22]lacp priority 100
[WTQ38_ZB_SW_1-GigabitEthernet0/0/22]quit
[WTQ38_ZB_SW_1]interface GigabitEthernet 0/0/23
[WTQ38_ZB_SW_1-GigabitEthernet0/0/23]eth-trunk 1
[WTQ38_ZB_SW_1-GigabitEthernet0/0/23]lacp priority 100
[WTQ38_ZB_SW_1-GigabitEthernet0/0/23]quit
[WTQ38_ZB_SW_1]interface GigabitEthernet 0/0/24
[WTQ38_ZB_SW_1-GigabitEthernet0/0/24]eth-trunk 1
[WTQ38_ZB_SW_1-GigabitEthernet0/0/24]quit
5.2配置设备WTQ38_ZB_SW_2
<WTQ38_ZB_SW_2>sy
<WTQ38_ZB_SW_2>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_SW_2]interface Eth-Trunk 1
[WTQ38_ZB_SW_2-Eth-Trunk1]mode lacp-static
[WTQ38_ZB_SW_2-Eth-Trunk1]quit
[WTQ38_ZB_SW_2]
[WTQ38_ZB_SW_2]lacp priority 100
[WTQ38_ZB_SW_2]interface Eth-Trunk 1
[WTQ38_ZB_SW_2-Eth-Trunk1]max active-linknumber 3 [WTQ38_ZB_SW_2-Eth-Trunk1]quit
[WTQ38_ZB_SW_2]interface GigabitEthernet 0/0/22
[WTQ38_ZB_SW_2-GigabitEthernet0/0/22]eth-trunk 1
[WTQ38_ZB_SW_2-GigabitEthernet0/0/22]lacp priority 100
[WTQ38_ZB_SW_2-GigabitEthernet0/0/22]quit
[WTQ38_ZB_SW_2]interface GigabitEthernet 0/0/22
[WTQ38_ZB_SW_2-GigabitEthernet0/0/22]eth-trunk 1
[WTQ38_ZB_SW_2-GigabitEthernet0/0/22]lacp priority 100
[WTQ38_ZB_SW_2-GigabitEthernet0/0/22]quit
[WTQ38_ZB_SW_2]interface GigabitEthernet 0/0/23
[WTQ38_ZB_SW_2-GigabitEthernet0/0/23]eth-trunk 1
[WTQ38_ZB_SW_2-GigabitEthernet0/0/23]lacp priority 100
[WTQ38_ZB_SW_2-GigabitEthernet0/0/23]quit
[WTQ38_ZB_SW_2]interface GigabitEthernet 0/0/24
[WTQ38_ZB_SW_2-GigabitEthernet0/0/24]eth-trunk 1
[WTQ38_ZB_SW_2-GigabitEthernet0/0/24]quit
6.配置网关冗余VRRP
6.1配置VRRP与接口状态联动
6.1.1配置设备WTQ38_ZB_SW_1
<WTQ38_ZB_SW_1>SY
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_SW_1]interface Vlanif 10
[WTQ38_ZB_SW_1-Vlanif10]vrrp vrid 1 virtual-ip 192.38.10.254
[WTQ38_ZB_SW_1-Vlanif10]vrrp vrid 1 priority 120
[WTQ38_ZB_SW_1-Vlanif10]quit
[WTQ38_ZB_SW_1]interface Vlanif 20
[WTQ38_ZB_SW_1-Vlanif20]vrrp vrid 1 virtual-ip 192.38.20.254
[WTQ38_ZB_SW_1-Vlanif20]vrrp vrid 1 priority 120
[WTQ38_ZB_SW_1-Vlanif20]quit
[WTQ38_ZB_SW_1]interface Vlanif 30
[WTQ38_ZB_SW_1-Vlanif30]vrrp vrid 1 virtual-ip 192.38.30.254
[WTQ38_ZB_SW_1-Vlanif30]quit
[WTQ38_ZB_SW_1]interface Vlanif 40
[WTQ38_ZB_SW_1-Vlanif40]vrrp vrid 1 virtual-ip 192.38.40.254
[WTQ38_ZB_SW_1-Vlanif40]quit
6.1.2配置设备WTQ38_ZB_SW_2
<WTQ38_ZB_SW_2>SY
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_SW_2]interface Vlanif 10
[WTQ38_ZB_SW_2-Vlanif10]vrrp vrid 1 virtual-ip 192.38.10.254
[WTQ38_ZB_SW_2-Vlanif10]quit
[WTQ38_ZB_SW_2]interface Vlanif 20
[WTQ38_ZB_SW_2-Vlanif20]vrrp vrid 1 virtual-ip 192.38.20.254
[WTQ38_ZB_SW_2-Vlanif20]quit
[WTQ38_ZB_SW_2]interface Vlanif 30
[WTQ38_ZB_SW_2-Vlanif30]vrrp vrid 1 virtual-ip 192.38.30.254
[WTQ38_ZB_SW_2-Vlanif30]vrrp vrid 1 priority 120
[WTQ38_ZB_SW_2-Vlanif30]quit
[WTQ38_ZB_SW_2]interface Vlanif 40
[WTQ38_ZB_SW_2-Vlanif40]vrrp vrid 1 virtual-ip 192.38.40.254
[WTQ38_ZB_SW_2-Vlanif40]vrrp vrid 1 priority 120
[WTQ38_ZB_SW_2-Vlanif40]quit
7.配置单臂路由
7.1配置设备WTQ38_fgs1_SW_3的vlan划分
<WTQ38_fgs1_SW_3>
<WTQ38_fgs1_SW_3>sy
<WTQ38_fgs1_SW_3>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_fgs1_SW_3]vlan 100
[WTQ38_fgs1_SW_3-vlan100]vlan 110
[WTQ38_fgs1_SW_3-vlan110]quit
[WTQ38_fgs1_SW_3]interface GigabitEthernet 0/0/1
[WTQ38_fgs1_SW_3-GigabitEthernet0/0/1]port link-type trunk
[WTQ38_fgs1_SW_3-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 110
[WTQ38_fgs1_SW_3-GigabitEthernet0/0/1]quit
[WTQ38_fgs1_SW_3]interface Eth0/0/1
[WTQ38_fgs1_SW_3-Ethernet0/0/1]port link-type access
[WTQ38_fgs1_SW_3-Ethernet0/0/1]port default valn 100
[WTQ38_fgs1_SW_3-Ethernet0/0/1]quit
[WTQ38_fgs1_SW_3]interface Eth0/0/2
[WTQ38_fgs1_SW_3-Ethernet0/0/2]port link-type access
[WTQ38_fgs1_SW_3-Ethernet0/0/2]port default valn 110
[WTQ38_fgs1_SW_3-Ethernet0/0/2]quit
[WTQ38_fgs1_SW_3]
7.2配置设备WTQ38_jlb_SW_4的vlan划分
<WTQ38_jlb_SW_4>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_jlb_SW_4]vlan 10
[WTQ38_jlb_SW_4-vlan10]quit
[WTQ38_jlb_SW_4]interface GigabitEthernet 0/0/1
[WTQ38_jlb_SW_4-GigabitEthernet0/0/1]port link-type trunk
[WTQ38_jlb_SW_4-GigabitEthernet0/0/1]port trunk allow-pass vlan 10
[WTQ38_jlb_SW_4-GigabitEthernet0/0/1]quit
[WTQ38_jlb_SW_4]interface GigabitEthernet 0/0/2
[WTQ38_jlb_SW_4-GigabitEthernet0/0/2]port link-type trunk
[WTQ38_jlb_SW_4-GigabitEthernet0/0/2]port trunk allow-pass vlan 10
[WTQ38_jlb_SW_4-GigabitEthernet0/0/2]quit
[WTQ38_jlb_SW_4]interface Eth0/0/1
[WTQ38_jlb_SW_4-Ethernet0/0/1]port link-type access
[WTQ38_jlb_SW_4-Ethernet0/0/1]port default vlan 10
[WTQ38_jlb_SW_4-Ethernet0/0/1]quit
[WTQ38_jlb_SW_4]
7.3配置设备WTQ38_cwb_SW_5的vlan划分
<WTQ38_cwb_SW_5>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_cwb_SW_5]vlan 20
[WTQ38_cwb_SW_5-vlan20]quit
[WTQ38_cwb_SW_5]interface GigabitEthernet 0/0/1
[WTQ38_cwb_SW_5-GigabitEthernet0/0/1]port link-type trunk
[WTQ38_cwb_SW_5-GigabitEthernet0/0/1]port trunk allow-pass vlan 20
[WTQ38_cwb_SW_5-GigabitEthernet0/0/1]quit
[WTQ38_cwb_SW_5]interface GigabitEthernet 0/0/2
[WTQ38_cwb_SW_5-GigabitEthernet0/0/2]port link-type trunk
[WTQ38_cwb_SW_5-GigabitEthernet0/0/2]port trunk allow-pass vlan 20
[WTQ38_cwb_SW_5-GigabitEthernet0/0/2]quit
[WTQ38_cwb_SW_5]interface Eth0/0/1
[WTQ38_cwb_SW_5-Ethernet0/0/1]port link-type access
[WTQ38_cwb_SW_5-Ethernet0/0/1]port default vlan 20
[WTQ38_cwb_SW_5-Ethernet0/0/1]quit
[WTQ38_cwb_SW_5]
7.4配置设备WTQ38_rsb_SW_6的vlan划分
<WTQ38_rsb_SW_6>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_rsb_SW_6]vlan 30
[WTQ38_rsb_SW_6-vlan30]quit
[WTQ38_rsb_SW_6]interface GigabitEthernet 0/0/1
[WTQ38_rsb_SW_6-GigabitEthernet0/0/1]port link-type trunk
[WTQ38_rsb_SW_6-GigabitEthernet0/0/1]port trunk allow-pass vlan 30
[WTQ38_rsb_SW_6-GigabitEthernet0/0/1]quit
[WTQ38_rsb_SW_6]interface GigabitEthernet 0/0/2
[WTQ38_rsb_SW_6-GigabitEthernet0/0/2]port link-type trunk
[WTQ38_rsb_SW_6-GigabitEthernet0/0/2]port trunk allow-pass vlan 30
[WTQ38_rsb_SW_6-GigabitEthernet0/0/2]quit
[WTQ38_rsb_SW_6]interface Eth0/0/1
[WTQ38_rsb_SW_6-Ethernet0/0/1]port link-type access
[WTQ38_rsb_SW_6-Ethernet0/0/1]port default vlan 30
[WTQ38_rsb_SW_6-Ethernet0/0/1]quit
[WTQ38_rsb_SW_6]
7.5配置设备WTQ38_kfb_SW_7的vlan划分
<WTQ38_kfb_SW_7>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_kfb_SW_7]vlan 30
[WTQ38_kfb_SW_7-vlan30]quit
[WTQ38_kfb_SW_7]interface GigabitEthernet 0/0/1
[WTQ38_kfb_SW_7-GigabitEthernet0/0/1]port link-type trunk
[WTQ38_kfb_SW_7-GigabitEthernet0/0/1]port trunk allow-pass vlan 40
[WTQ38_kfb_SW_7-GigabitEthernet0/0/1]quit
[WTQ38_kfb_SW_7]interface GigabitEthernet 0/0/2
[WTQ38_kfb_SW_7-GigabitEthernet0/0/2]port link-type trunk
[WTQ38_kfb_SW_7-GigabitEthernet0/0/2]port trunk allow-pass vlan 40
[WTQ38_kfb_SW_7-GigabitEthernet0/0/2]quit
[WTQ38_kfb_SW_7]interface Eth0/0/1
[WTQ38_kfb_SW_7-Ethernet0/0/1]port link-type access
[WTQ38_kfb_SW_7-Ethernet0/0/1]port default vlan 40
[WTQ38_kfb_SW_7-Ethernet0/0/1]quit
[WTQ38_kfb_SW_7]
7.6配置设备WTQ38_fgs2_SW_8的vlan划分
<WTQ38_fgs2_SW_8>
<WTQ38_fgs2_SW_8>sy
<WTQ38_fgs2_SW_8>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_fgs2_SW_8]vlan 200
[WTQ38_fgs2_SW_8-vlan200]vlan 210
[WTQ38_fgs2_SW_8-vlan210]quit
[WTQ38_fgs2_SW_8]interface GigabitEthernet 0/0/2
[WTQ38_fgs2_SW_8-GigabitEthernet0/0/1]port link-type trunk
[WTQ38_fgs2_SW_8-GigabitEthernet0/0/1]port trunk allow-pass vlan 200 210
[WTQ38_fgs2_SW_8-GigabitEthernet0/0/1]quit
[WTQ38_fgs2_SW_8]interface Eth0/0/1
[WTQ38_fgs2_SW_8-Ethernet0/0/1]port link-type access
[WTQ38_fgs2_SW_8-Ethernet0/0/1]port default valn 200
[WTQ38_fgs2_SW_8-Ethernet0/0/1]quit
[WTQ38_fgs2_SW_8]interface Eth0/0/2
[WTQ38_fgs2_SW_8-Ethernet0/0/2]port link-type access
[WTQ38_fgs2_SW_8-Ethernet0/0/2]port default valn 210
[WTQ38_fgs2_SW_8-Ethernet0/0/2]quit
[WTQ38_fgs2_SW_8]
7.7配置设备WTQ38_fgs1_R_2
<WTQ38_fgs1_R_2>sy
Enter system view, return user view with Ctrl+Z.
[WTQ38_fgs1_R_2]interface GigabitEthernet 0/0/1.100
[WTQ38_fgs1_R_2-GigabitEthernet0/0/1.100]ip address 192.38.100.254 24
[WTQ38_fgs1_R_2-GigabitEthernet0/0/1.100]dot1q termination vid 100
[WTQ38_fgs1_R_2-GigabitEthernet0/0/1.100]arp broadcast enable
[WTQ38_fgs1_R_2-GigabitEthernet0/0/1.100]quit
[WTQ38_fgs1_R_2]interface GigabitEthernet 0/0/1.110
[WTQ38_fgs1_R_2-GigabitEthernet0/0/1.110]ip address 192.38.110.254 24
[WTQ38_fgs1_R_2-GigabitEthernet0/0/1.110]dot1q termination vid 110
[WTQ38_fgs1_R_2-GigabitEthernet0/0/1.110]arp broadcast enable
[WTQ38_fgs1_R_2-GigabitEthernet0/0/1.110]quit
7.8配置设备WTQ38_fgs1_R_3
<WTQ38_fgs1_R_3>sy
Enter system view, return user view with Ctrl+Z.
[WTQ38_fgs1_R_3]interface GigabitEthernet 0/0/1.100
[WTQ38_fgs1_R_3-GigabitEthernet0/0/1.200]ip address 192.38.200.254 24
[WTQ38_fgs1_R_3-GigabitEthernet0/0/1.200]dot1q termination vid 200
[WTQ38_fgs1_R_3-GigabitEthernet0/0/1.200]arp broadcast enable
[WTQ38_fgs1_R_3-GigabitEthernet0/0/1.200]quit
[WTQ38_fgs1_R_3]interface GigabitEthernet 0/0/1.110
[WTQ38_fgs1_R_3-GigabitEthernet0/0/1.210]ip address 192.38.110.254 24
[WTQ38_fgs1_R_3-GigabitEthernet0/0/1.210]dot1q termination vid 210
[WTQ38_fgs1_R_3-GigabitEthernet0/0/1.210]arp broadcast enable
[WTQ38_fgs1_R_3-GigabitEthernet0/0/1.210]quit
7.9配置设备WTQ_ZB_SW_1
<WTQ38_ZB_SW_1>sy
<WTQ38_ZB_SW_1>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_SW_1]vlan 10
[WTQ38_ZB_SW_1-vlan10]vlan 20
[WTQ38_ZB_SW_1-vlan20]vlan 30
[WTQ38_ZB_SW_1-vlan30]vlan 40
[WTQ38_ZB_SW_1-vlan40]quit
[WTQ38_ZB_SW_1]interface Vlanif 10
[WTQ38_ZB_SW_1-Vlanif10]ip address 192.38.10.254 24
[WTQ38_ZB_SW_1-Vlanif10]quit
[WTQ38_ZB_SW_1]interface Vlanif 20
[WTQ38_ZB_SW_1-Vlanif20]ip address 192.38.20.254 24
[WTQ38_ZB_SW_1-Vlanif20]quit
[WTQ38_ZB_SW_1]interface Vlanif 30
[WTQ38_ZB_SW_1-Vlanif30]ip address 192.38.30.254 24
[WTQ38_ZB_SW_1-Vlanif30]quit
[WTQ38_ZB_SW_1]interface Vlanif 30
[WTQ38_ZB_SW_1-Vlanif40]ip address 192.38.40.254 24
[WTQ38_ZB_SW_1-Vlanif40]quit
7.10配置设备WTQ_ZB_SW_1
<WTQ38_ZB_SW_2>sy
<WTQ38_ZB_SW_2>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_SW_2]vlan 10
[WTQ38_ZB_SW_2-vlan10]vlan 20
[WTQ38_ZB_SW_2-vlan20]vlan 30
[WTQ38_ZB_SW_2-vlan30]vlan 40
[WTQ38_ZB_SW_2-vlan40]quit
[WTQ38_ZB_SW_2]interface Vlanif 10
[WTQ38_ZB_SW_2-Vlanif10]ip address 192.38.10.254 24
[WTQ38_ZB_SW_2-Vlanif10]quit
[WTQ38_ZB_SW_2]interface Vlanif 20
[WTQ38_ZB_SW_2-Vlanif20]ip address 192.38.20.254 24
[WTQ38_ZB_SW_2-Vlanif20]quit
[WTQ38_ZB_SW_2]interface Vlanif 30
[WTQ38_ZB_SW_2-Vlanif30]ip address 192.38.30.254 24
[WTQ38_ZB_SW_2-Vlanif30]quit
[WTQ38_ZB_SW_2]interface Vlanif 30
[WTQ38_ZB_SW_2-Vlanif40]ip address 192.38.40.254 24
[WTQ38_ZB_SW_2-Vlanif40]quit
8.配置DHCP服务
8.1配置DHCP全局地址池
8.1.1配置设备WTQ38_fuq_R_5
[WTQ38_fuq_R_5]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[WTQ38_fuq_R_5]ip pool dhcp-pool1
Info: It's successful to create an IP address pool.
[WTQ38_fuq_R_5-ip-pool-dhcp-pool1]network 192.38.10.0 mask 255.255.255.0
[WTQ38_fuq_R_5-ip-pool-dhcp-pool1]gateway-list 192.38.10.254
[WTQ38_fuq_R_5-ip-pool-dhcp-pool1]quit
[WTQ38_fuq_R_5]ip pool dhcp-pool2
Info: It's successful to create an IP address pool.
[WTQ38_fuq_R_5-ip-pool-dhcp-pool2]network 192.38.20.0 mask 255.255.255.0
[WTQ38_fuq_R_5-ip-pool-dhcp-pool2]gateway-list 192.38.20.254
[WTQ38_fuq_R_5-ip-pool-dhcp-pool2]quit
[WTQ38_fuq_R_5]ip pool dhcp-pool3
Info: It's successful to create an IP address pool.
[WTQ38_fuq_R_5-ip-pool-dhcp-pool3]network 192.38.30.0 mask 255.255.255.0
[WTQ38_fuq_R_5-ip-pool-dhcp-pool3]gateway-list 192.38.30.254
[WTQ38_fuq_R_5-ip-pool-dhcp-pool3]quit
[WTQ38_fuq_R_5]ip pool dhcp-pool4
Info: It's successful to create an IP address pool.
[WTQ38_fuq_R_5-ip-pool-dhcp-pool4]network 192.38.40.0 mask 255.255.255.0
[WTQ38_fuq_R_5-ip-pool-dhcp-pool4]gateway-list 192.38.40.254
[WTQ38_fuq_R_5-ip-pool-dhcp-pool4]quit
[WTQ38_fuq_R_5]ip pool dhcp-pool5
Info: It's successful to create an IP address pool.
[WTQ38_fuq_R_5-ip-pool-dhcp-pool5]network 192.38.100.0 mask 255.255.255.0
[WTQ38_fuq_R_5-ip-pool-dhcp-pool5]gateway-list 192.38.100.254
[WTQ38_fuq_R_5-ip-pool-dhcp-pool5]quit
[Huawei]ip pool dhcp-pool6
Info: It's successful to create an IP address pool.
[WTQ38_fuq_R_5-ip-pool-dhcp-pool6]network 192.38.110.0 mask 255.255.255.0
[WTQ38_fuq_R_5-ip-pool-dhcp-pool6]gateway-list 192.38.110.254
[WTQ38_fuq_R_5-ip-pool-dhcp-pool6]quit
[WTQ38_fuq_R_5]ip pool dhcp-pool7
Info: It's successful to create an IP address pool.
[WTQ38_fuq_R_5-ip-pool-dhcp-pool7]network 192.38.200.0 mask 255.255.255.0
[WTQ38_fuq_R_5-ip-pool-dhcp-pool7]gateway-list 192.38.200.254
[WTQ38_fuq_R_5-ip-pool-dhcp-pool7]quit
[WTQ38_fuq_R_5]ip pool dhcp-pool8
Info: It's successful to create an IP address pool.
[WTQ38_fuq_R_5-ip-pool-dhcp-pool8]network 192.38.210.0 mask 255.255.255.0
[WTQ38_fuq_R_5-ip-pool-dhcp-pool8]gateway-list 192.38.210.254
[WTQ38_fuq_R_5-ip-pool-dhcp-pool8]quit
[WTQ38_fuq_R_5]interface GigabitEthernet 0/0/0
[WTQ38_fuq_R_5-GigabitEthernet0/0/0]dhcp select global
[WTQ38_fuq_R_5-GigabitEthernet0/0/0]quit
[WTQ38_fuq_R_5]
8.2配置DHCP中继
8.2.1配置设备WTQ38_fgs2_R_3
<WTQ38_fgs2_R_3>sy
Enter system view, return user view with Ctrl+Z.
[WTQ38_fgs2_R_3]interface GigabitEthernet 0/0/2.200
[WTQ38_fgs2_R_3-GigabitEthernet0/0/2.200]dhcp select relay
[WTQ38_fgs2_R_3-GigabitEthernet0/0/2.200]dhcp relay server-ip 172.16.1.1
[WTQ38_fgs2_R_3-GigabitEthernet0/0/2.200]quit
[WTQ38_fgs2_R_3]interface GigabitEthernet 0/0/2.210
[WTQ38_fgs2_R_3-GigabitEthernet0/0/2.210]dhcp select relay
[WTQ38_fgs2_R_3-GigabitEthernet0/0/2.210]dhcp relay server-ip 172.16.1.1
[WTQ38_fgs2_R_3-GigabitEthernet0/0/2.210]quit
[WTQ38_fgs2_R_3]
8.2.2配置设备WTQ38_fgs1_R_2
<WTQ38_fgs1_R_2>sy
Enter system view, return user view with Ctrl+Z.
[WTQ38_fgs1_R_2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[WTQ38_fgs1_R_2]interface GigabitEthernet 0/0/1.100
[WTQ38_fgs1_R_2-GigabitEthernet0/0/1.100]dhcp select relay
[WTQ38_fgs1_R_2-GigabitEthernet0/0/1.100]dhcp relay server-ip 172.16.1.1
[WTQ38_fgs1_R_2-GigabitEthernet0/0/1.100]interface GigabitEthernet 0/0/1.110
[WTQ38_fgs1_R_2-GigabitEthernet0/0/1.110]dhcp select relay
[WTQ38_fgs1_R_2-GigabitEthernet0/0/1.110]dhcp relay server-ip 172.16.1.1
[WTQ38_fgs1_R_2-GigabitEthernet0/0/1.110]quit
[WTQ38_fgs1_R_2]
8.2.3配置设备WTQ38_ZB_SW_1
<WTQ38_ZB_SW_1>sy
<WTQ38_ZB_SW_1>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[WTQ38_ZB_SW_1]interface Vlanif 10
[WTQ38_ZB_SW_1-Vlanif10]dhcp select relay
[WTQ38_ZB_SW_1-Vlanif10]dhcp relay server-ip 172.16.1.1
[WTQ38_ZB_SW_1-Vlanif10]quit
[WTQ38_ZB_SW_1]interface Vlanif 20
[WTQ38_ZB_SW_1-Vlanif20]dhcp select relay
[WTQ38_ZB_SW_1-Vlanif20]dhcp relay server-ip 172.16.1.1
[WTQ38_ZB_SW_1-Vlanif20]quit
[WTQ38_ZB_SW_1]interface Vlanif 30
[WTQ38_ZB_SW_1-Vlanif30]dhcp select relay
[WTQ38_ZB_SW_1-Vlanif30]dhcp relay server-ip 172.16.1.1
[WTQ38_ZB_SW_1-Vlanif30]quit
[WTQ38_ZB_SW_1]interface Vlanif 40
[WTQ38_ZB_SW_1-Vlanif40]dhcp select relay
[WTQ38_ZB_SW_1-Vlanif40]dhcp relay server-ip 172.16.1.1
[WTQ38_ZB_SW_1-Vlanif40]quit
8.2.4配置设备WTQ38_ZB_SW_2
<WTQ38_ZB_SW_2>sy
<WTQ38_ZB_SW_2>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_SW_2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[WTQ38_ZB_SW_2]interface Vlanif 10
[WTQ38_ZB_SW_2-Vlanif10]dhcp select relay
[WTQ38_ZB_SW_2-Vlanif10]dhcp relay server-ip 172.16.1.1
[WTQ38_ZB_SW_2-Vlanif10]quit
[WTQ38_ZB_SW_2]interface Vlanif 20
[WTQ38_ZB_SW_2-Vlanif20]dhcp select relay
[WTQ38_ZB_SW_2-Vlanif20]dhcp relay server-ip 172.16.1.1
[WTQ38_ZB_SW_2-Vlanif20]quit
[WTQ38_ZB_SW_2]interface Vlanif 30
[WTQ38_ZB_SW_2-Vlanif30]dhcp select relay
[WTQ38_ZB_SW_2-Vlanif30]dhcp relay server-ip 172.16.1.1
[WTQ38_ZB_SW_2-Vlanif30]quit
[WTQ38_ZB_SW_2]interface Vlanif 40
[WTQ38_ZB_SW_2-Vlanif40]dhcp select relay
[WTQ38_ZB_SW_2-Vlanif40]dhcp relay server-ip 172.16.1.1
[WTQ38_ZB_SW_2-Vlanif40]quit
[WTQ38_ZB_SW_2]
9.配置生成树MSTP协议
9.1网络优化
9.1.1配置设备WTQ_ZB_SW_1
<WTQ38_ZB_SW_1>sy
<WTQ38_ZB_SW_1>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_SW_1]stp region-configuration
[WTQ38_ZB_SW_1-mst-region]region-name huawei
[WTQ38_ZB_SW_1-mst-region]revision-level 1
[WTQ38_ZB_SW_1-mst-region]instance 1 vlan 10 20
[WTQ38_ZB_SW_1-mst-region]instance 2 vlan 30 40
[WTQ38_ZB_SW_1-mst-region]active region-configuration
[WTQ38_ZB_SW_1-mst-region]quit
[WTQ38_ZB_SW_1]stp instance 1 priority 0
9.1.2配置设备WTQ_ZB_SW_2
<WTQ38_ZB_SW_2>sy
<WTQ38_ZB_SW_2>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_SW_2]stp region-configuration
[WTQ38_ZB_SW_2-mst-region]region-name huawei
[WTQ38_ZB_SW_2-mst-region]revision-level 1
[WTQ38_ZB_SW_2-mst-region]instance 1 vlan 10 20
[WTQ38_ZB_SW_2-mst-region]instance 2 vlan 30 40
[WTQ38_ZB_SW_2-mst-region]active region-configuration
[WTQ38_ZB_SW_2-mst-region]quit
[WTQ38_ZB_SW_2]stp instance 2 priority 0
9.1.3配置设备WTQ38_jib_SW_4
<WTQ38_jlb_SW_4>sy
<WTQ38_jlb_SW_4>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_jlb_SW_4]stp region-configuration
[WTQ38_jlb_SW_4-mst-region]region-name huawei
[WTQ38_jlb_SW_4-mst-region]revision-level 1
[WTQ38_jlb_SW_4-mst-region]instance 1 vlan 10 20
[WTQ38_jlb_SW_4-mst-region]instance 2 vlan 30 40
[WTQ38_jlb_SW_4-mst-region]active region-configuration
[WTQ38_jlb_SW_4-mst-region]quit
[WTQ38_jlb_SW_4]stp instance 1 priority 0
9.1.4配置设备WTQ38_cwd_SW_5
<WTQ38_cwb_SW_5>sy
<WTQ38_cwb_SW_5>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_cwb_SW_5]stp region-configuration
[WTQ38_cwb_SW_5-mst-region]region-name huawei
[WTQ38_cwb_SW_5-mst-region]revision-level 1
[WTQ38_cwb_SW_5-mst-region]instance 1 vlan 10 20
[WTQ38_cwb_SW_5-mst-region]instance 2 vlan 30 40
[WTQ38_cwb_SW_5-mst-region]active region-configuration
[WTQ38_cwb_SW_5-mst-region]quit
[WTQ38_cwb_SW_5]stp instance 1 priority 0
9.1.5配置设备WTQ38_rsb_SW_6
<WTQ38_rsb_SW_6>sy
<WTQ38_rsb_SW_6>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_rsb_SW_6]stp region-configuration
[WTQ38_rsb_SW_6-mst-region]region-name huawei
[WTQ38_rsb_SW_6-mst-region]revision-level 1
[WTQ38_rsb_SW_6-mst-region]instance 1 vlan 10 20
[WTQ38_rsb_SW_6-mst-region]instance 2 vlan 30 40
[WTQ38_rsb_SW_6-mst-region]active region-configuration
[WTQ38_rsb_SW_6-mst-region]quit
[WTQ38_rsb_SW_6]stp instance 2 priority 0
9.1.6配置设备WTQ38_kfb_SW_7
<WTQ38_kfb_SW_7>sy
<WTQ38_kfb_SW_7>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_kfb_SW_7]stp region-configuration
[WTQ38_kfb_SW_7-mst-region]region-name huawei
[WTQ38_kfb_SW_7-mst-region]revision-level 1
[WTQ38_kfb_SW_7-mst-region]instance 1 vlan 10 20
[WTQ38_kfb_SW_7-mst-region]instance 2 vlan 30 40
[WTQ38_kfb_SW_7-mst-region]active region-configuration
[WTQ38_kfb_SW_7-mst-region]quit
[WTQ38_kfb_SW_7]stp instance 2 priority 0
10.配置OSPF
10.1配置OSPF边缘端口地址
10.1.1配置设备WTQ38_fgs1_R_2
<WTQ38_fgs1_R_2>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_fgs1_R_2]interface GigabitEthernet 0/0/0
[WTQ38_fgs1_R_2-GigabitEthernet0/0/0]ip address 10.10.20.1 30
[WTQ38_fgs1_R_2-GigabitEthernet0/0/0]quit
[WTQ38_fgs1_R_2]
10.1.2配置设备WTQ38_ZB_R_1
<WTQ38_ZB_R_1>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_R_1]interface GigabitEthernet4/0/0 [WTQ38_ZB_R_1-GigabitEthernet4/0/0]ip address 10.10.20.2 30
[WTQ38_ZB_R_1-GigabitEthernet4/0/0]quit
[WTQ38_ZB_R_1]interface GigabitEthernet4/0/1 [WTQ38_ZB_R_1-GigabitEthernet4/0/1]ip address 10.10.10.2 30
[WTQ38_ZB_R_1-GigabitEthernet4/0/1]quit
[WTQ38_ZB_R_1]interface GigabitEthernet0/0/1 [WTQ38_ZB_R_1-GigabitEthernet0/0/1]ip address 10.10.30.1 30
[WTQ38_ZB_R_1-GigabitEthernet0/0/1]quit
[WTQ38_ZB_R_1]interface GigabitEthernet0/0/2 [WTQ38_ZB_R_1-GigabitEthernet0/0/2]ip address 10.10.40.1 30
[WTQ38_ZB_R_1-GigabitEthernet0/0/2]quit
[WTQ38_ZB_R_1]interface GigabitEthernet0/0/0 [WTQ38_ZB_R_1-GigabitEthernet0/0/0]ip address 172.16.10.254 24
[WTQ38_ZB_R_1-GigabitEthernet0/0/0]quit
[WTQ38_ZB_R_1]interface GigabitEthernet4/0/2 [WTQ38_ZB_R_1-GigabitEthernet4/0/2]ip address 202.16.10.5 24
[WTQ38_ZB_R_1-GigabitEthernet4/0/2]quit
10.1.3配置设备WTQ38_fgs2_R_3
<WTQ38_fgs2_R_3>system-view
Enter system view, return user view with Ctrl+Z. [WTQ38_fgs2_R_3]interface GigabitEthernet 0/0/1
[WTQ38_fgs2_R_3-GigabitEthernet0/0/1]ip address 10.10.10.1 30
[WTQ38_fgs2_R_3-GigabitEthernet0/0/1]quit
[WTQ38_fgs2_R_3]
10.2配置设备ospf协议
10.2.1配置设备WTQ38_ZB_R_ 1
<WTQ38_ZB_R_1>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_R_1]ospf 1
[WTQ38_ZB_R_1-ospf-1]area 0
[WTQ38_ZB_R_1-ospf-1-area-0.0.0.0]net
[WTQ38_ZB_R_1-ospf-1-area-0.0.0.0]network 10.10.10.0 0.0.0.3
[WTQ38_ZB_R_1-ospf-1-area-0.0.0.0]network 10.10.20.0 0.0.0.3
[WTQ38_ZB_R_1-ospf-1-area-0.0.0.0]network 10.10.30.0 0.0.0.3
[WTQ38_ZB_R_1-ospf-1-area-0.0.0.0]network 10.10.40.0 0.0.0.3
[WTQ38_ZB_R_1-ospf-1-area-0.0.0.0]network 172.16.1.0 0.0.0.255
[WTQ38_ZB_R_1-ospf-1-area-0.0.0.0]quit
[WTQ38_ZB_R_1-ospf-1]quit
[WTQ38_ZB_R_1]
10.2.2配置设备WTQ38_ZB_fgs1_R_2
<WTQ38_fgs1_R_2>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_fgs1_R_2]ospf 1
[WTQ38_fgs1_R_2-ospf-1]area 0
[WTQ38_fgs1_R_2-ospf-1-area-0.0.0.0]network 10.10.20.0 0.0.0.3
[WTQ38_fgs1_R_2-ospf-1-area-0.0.0.0]network 192.38.100.0 0.0.0.255
[WTQ38_fgs1_R_2-ospf-1-area-0.0.0.0]network 192.38.110.0 0.0.0.255
[WTQ38_fgs1_R_2-ospf-1-area-0.0.0.0]quit
[WTQ38_fgs1_R_2-ospf-1]quit
[WTQ38_fgs1_R_2]
10.2.3配置设备WTQ_fgs2_R_3
<WTQ38_fgs2_R_3>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_fgs2_R_3]ospf 1
[WTQ38_fgs2_R_3-ospf-1]area 0
[WTQ38_fgs2_R_3-ospf-1-area-0.0.0.0]network 10.10.10.0 0.0.0.3
[WTQ38_fgs2_R_3-ospf-1-area-0.0.0.0]network 192.38.200.0 0.0.0.255
[WTQ38_fgs2_R_3-ospf-1-area-0.0.0.0]network 192.38.210.0 0.0.0.255
[WTQ38_fgs2_R_3-ospf-1-area-0.0.0.0]quit
[WTQ38_fgs2_R_3-ospf-1]quit
[WTQ38_fgs2_R_3]
10.2.4配置设备WTQ38_ZB_SW_1
<WTQ38_ZB_SW_1>sy
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_SW_1]ospf 1
[WTQ38_ZB_SW_1-ospf-1]area 0
[WTQ38_ZB_SW_1-ospf-1-area-0.0.0.0]network 10.10.30.0 0.0.0.3
[WTQ38_ZB_SW_1-ospf-1-area-0.0.0.0]network 192.38.10.0 0.0.0.255
[WTQ38_ZB_SW_1-ospf-1-area-0.0.0.0]network 192.38.20.0 0.0.0.255
[WTQ38_ZB_SW_1-ospf-1-area-0.0.0.0]network 192.38.30.0 0.0.0.255
[WTQ38_ZB_SW_1-ospf-1-area-0.0.0.0]network 192.38.40.0 0.0.0.255
[WTQ38_ZB_SW_1-ospf-1-area-0.0.0.0]quit
[WTQ38_ZB_SW_1-ospf-1]quit
[WTQ38_ZB_SW_1]
10.2.5配置设备WTQ38_ZB_SW_2
<WTQ38_ZB_SW_2>sy
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_SW_2]ospf 1
[WTQ38_ZB_SW_2-ospf-1]area 0
[WTQ38_ZB_SW_2-ospf-1-area-0.0.0.0]network 10.10.40.0 0.0.0.3
[WTQ38_ZB_SW_2-ospf-1-area-0.0.0.0]network 192.38.10.0 0.0.0.255
[WTQ38_ZB_SW_2-ospf-1-area-0.0.0.0]network 192.38.20.0 0.0.0.255
[WTQ38_ZB_SW_2-ospf-1-area-0.0.0.0]network 192.38.30.0 0.0.0.255
[WTQ38_ZB_SW_2-ospf-1-area-0.0.0.0]network 192.38.40.0 0.0.0.255
[WTQ38_ZB_SW_2-ospf-1-area-0.0.0.0]quit
[WTQ38_ZB_SW_2-ospf-1]quit
[WTQ38_ZB_SW_2]
10.2.6配置设备WTQ38_fuq_R_5
<WTQ38_fuq_R_5>sy
Enter system view, return user view with Ctrl+Z.
[WTQ38_fuq_R_5]ospf 1
[WTQ38_fuq_R_5-ospf-1]area 0
[WTQ38_fuq_R_5-ospf-1-area-0.0.0.0]network 172.16.1.0 0.0.0.255
[WTQ38_fuq_R_5-ospf-1-area-0.0.0.0]quit
[WTQ38_fuq_R_5-ospf-1]quit
[WTQ38_fuq_R_5]
11.配置默认路由
11.1配置设备WTQ38_fgs1_R_2
<WTQ38_fgs1_R_2>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_fgs1_R_2]ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
[WTQ38_fgs1_R_2]
11.2配置设备WTQ38_fgs1_R_3
<WTQ38_fgs2_R_3>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_fgs2_R_3]ip route-static 0.0.0.0 0.0.0.0 10.10.10.2
[WTQ38_fgs2_R_3]
11.3配置设备WTQ38_ZB_SW_1
<WTQ38_ZB_SW_1>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_SW_1]ip route-static 0.0.0.0 0.0.0.0 10.10.30.1=
[WTQ38_ZB_SW_1]
11.4配置设备WTQ38_ZB_SW_2
<WTQ38_ZB_SW_2>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_SW_2]ip route-static 0.0.0.0 0.0.0.0 10.10.40.1
[WTQ38_ZB_SW_2]
11.5配置设备WTQ38_ZB_R_1
<WTQ38_ZB_R_1>sy
<WTQ38_ZB_R_1>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_R_1]ip route-static 0.0.0.0 0.0.0.0 202.16.10.1
[WTQ38_ZB_R_1]
12.配置NAT
12.1动态地址转换
<WTQ38_ZB_R_1>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_R_1]
Error:Incomplete command found at '^' position.
[WTQ38_ZB_R_1]nat address-group 1 202.16.10.6 202.16.10.19
[WTQ38_ZB_R_1]acl 2000
[WTQ38_ZB_R_1-acl-basic-2000]rule 5 permit source 172.16.1.0 0.0.0.255
[WTQ38_ZB_R_1-acl-basic-2000]rule 10 permit source 192.38.0.0 0.0.255.255
[WTQ38_ZB_R_1-acl-basic-2000]quit
[WTQ38_ZB_R_1]interface GigabitEthernet 4/0/2
[WTQ38_ZB_R_1-GigabitEthernet4/0/2]nat outbound 2000 address-group 1 no-pat
[WTQ38_ZB_R_1-GigabitEthernet4/0/2]quit
[WTQ38_ZB_R_1]
12.2 NAT Server
<WTQ38_ZB_R_1>sy
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_R_1]interface GigabitEthernet 0/0/0
[WTQ38_ZB_R_1-GigabitEthernet0/0/0]nat server protocol tcp global 202.16.10.20 www inside 172.16.1.2 80
[WTQ38_ZB_R_1-GigabitEthernet0/0/0]nat static enable
[WTQ38_ZB_R_1-GigabitEthernet0/0/0]quit
[WTQ38_ZB_R_1]
13.配置ACL访问控制列表
13.1配置设备WTQ38_ZB_R_1
<WTQ38_ZB_R_1>system-view
Enter system view, return user view with Ctrl+Z.
[WTQ38_ZB_R_1]acl 2000
[WTQ38_ZB_R_1-acl-basic-2000]rule 5 deny source 192.38.20.0 0.0.0.255
[WTQ38_ZB_R_1-acl-basic-2000]rule 7 deny source 192.38.30.0 0.0.0.255
[WTQ38_ZB_R_1-acl-basic-2000]rule 10 deny source 192.38.40.0 0.0.0.255
[WTQ38_ZB_R_1-acl-basic-2000]rule 15 permit source any
[WTQ38_ZB_R_1-acl-basic-2000]quit
[WTQ38_ZB_R_1]interface GigabitEthernet 4/0/0
[WTQ38_ZB_R_1-GigabitEthernet4/0/0]traffic-filter outbound acl 2000
[WTQ38_ZB_R_1-GigabitEthernet4/0/0]quit
[WTQ38_ZB_R_1]interface GigabitEthernet 4/0/1
[WTQ38_ZB_R_1-GigabitEthernet4/0/1]traffic-filter outbound acl 2000
[WTQ38_ZB_R_1-GigabitEth14.