1.DCRS5980的配置
交换机基础配置
##########################################
enable
config
hostname 5980
vlan 10
exit
vlan 20
exit
vlan 30
exit
vlan 40
exit
inter e0/0/2-3
switchport mode trunk
switchport trunk allowed vlan all
exit
router ospf
router-id 192.168.2.2
network 192.168.2.0 0.0.0.255 area 0
network 192.168.20.0 0.0.0.255 area 0
network 192.168.30.0 0.0.0.255 area 0
network 192.168.40.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0
exit
ip route 0.0.0.0 0.0.0.0 192.168.2.1
inter vlan 1
ip address 192.168.2.2 255.255.255.0
inter vlan 10
ip address 192.168.10.1 255.255.255.0
inter vlan 20
ip address 192.168.20.1 255.255.255.0
inter vlan 30
ip address 192.168.30.1 255.255.255.0
inter vlan 40
ip address 192.168.40.1 255.255.255.0
exit
交换机mstp配置
##########################################
enable
config
spanning-tree
spanning-tree mst configuration
name mstp
instance 0 vlan 10,20
instance 1 vlan 30,40
exit
exit
write
2.4900-1的配置
交换机基础配置
##########################################
enable
config
hostname 4900-1
vlan 10
exit
vlan 20
exit
vlan 30
exit
vlan 40
exit
inter e0/0/1-3
switchport mode trunk
switchport trunk allowed vlan all
exit
interface ethernet 0/0/4-10
switchport access vlan 10
interface ethernet 0/0/11-15
switchport access vlan 20
interface ethernet 0/0/16-20
switchport access vlan 30
interface ethernet 0/0/21-24
switchport access vlan 40
exit
交换机mstp配置
##########################################
enable
config
spanning-tree
spanning-tree mst configuration
name mstp
instance 0 vlan 10,20
instance 1 vlan 30,40
exit
spanning-tree mst 1 priority 8192
spanning-tree mst 0 priority 4096
exit
write
3.4800-2的配置
交换机基础配置
##########################################
enable
config
hostname 4900-2
vlan 10;20;30;40
inter e0/0/1-3
switchport mode trunk
switchport trunk allowed vlan all
exit
interface ethernet 0/0/4-10
switchport access vlan 10
interface ethernet 0/0/11-15
switchport access vlan 20
interface ethernet 0/0/16-20
switchport access vlan 30
interface ethernet 0/0/21-24
switchport access vlan 40
exit
交换机mstp配置
##########################################
enable
config
spanning-tree
spanning-tree mst configuration
name mstp
instance 0 vlan 10,20
instance 1 vlan 30,40
exit
spanning-tree mst 0 priority 8192
spanning-tree mst 1 priority 4096
exit
write
4.防火墙1800的配置
重启防火墙
###################################################
configure
unset all
y
y
配置防火墙基础部分
##################################################
configure
interface ethernet0/1
zone "untrust"
ip address 192.168.2.1 255.255.255.0
manage ssh
manage telnet
manage ping
manage snmp
manage http
manage https
exit
interface ethernet0/2
zone "untrust"
ip address 1.1.1.1 255.255.255.0
manage ping
exit
interface ethernet0/3
zone "untrust"
ip address 2.2.2.1 255.255.255.0
manage ping
exit
policy from "trust" to "untrust"
rule id 1
action permit
src-addr "Any"
dst-addr "Any"
service "Any"
exit
exit
policy from "untrust" to "trust"
rule id 2
action permit
src-addr "Any"
dst-addr "Any"
service "Any"
exit
exit
ip vrouter trust-vr
router ospf
router-id 192.168.1.1
network 192.168.1.0/24 area 0
network 192.168.2.0/24 area 0
network 1.1.1.0/24 area 0
network 2.2.2.0/24 area 0
passive-interface ethernet0/2
passive-interface ethernet0/3
exit
exit
ip vrouter "trust-vr"
snatrule id 1 from "Any" to "Any" eif ethernet0/2 trans-to eif-ip mode dynamicport
snatrule id 2 from "Any" to "Any" eif ethernet0/3 trans-to eif-ip mode dynamicport
exit
save
y
y
配置防火墙负载均衡部分
##################################################
configure
ip vrouter "trust-vr"
ip route 0.0.0.0/0 1.1.1.2
ip route 0.0.0.0/0 2.2.2.2
exit
ecmp-route-select by-src-and-dst
track "track-for-eth0/2"
ip 1.1.1.2 interface ethernet0/2
exit
track "track-for-eth0/3"
ip 2.2.2.2 interface ethernet0/3
exit
interface ethernet0/2
monitor track "track-for-eth0/2"
exit
interface ethernet0/3
monitor track "track-for-eth0/3"
exit
save
y
y