华为交换机网络规划案例.docx
《华为交换机网络规划案例.docx》由会员分享,可在线阅读,更多相关《华为交换机网络规划案例.docx(57页珍藏版)》请在冰豆网上搜索。
华为交换机网络规划案例
某
企
业
网
络
规
划
一、网络VLAN地址规划
VLAN号
说明
IP地址段
网关
10
互联网有线用户段
192.168.10.0/24
192.168.10.254
20
监控网络段
192.168.20.0/23
192.168.20.254
30
无线用户段
192.168.30.0/24
192.168.30.254
40
无线AP地址段
192.168.40.0/24
192.168.40.254
50
保留
192.168.50.0/24
192.168.50.254
60
与防火墙互联网段
192.168.60.0/24
192.168.60.254
1000
设备管理段
10.10.10.0/24
10.10.10.254
二、网络设备IP地址规划
设备名称
设备型号
设备地址
登录密码
防火墙
USG2250
192.168.60.
PASS:
admin123
核心交换机-WW
S7706
10.10.10.254
admin123
核心交换机-JK
S7706
10.10.10.253
admin123
无线控制器
AC6605
10.10.10.100
Admin123
接入交换机01
S5700-28P-PWR-LI-AC
10.10.10.11
admin123
接入交换机02
S5700-28P-PWR-LI-AC
10.10.10.12
admin123
接入交换机03
S5700-28P-PWR-LI-AC
10.10.10.13
admin123
接入交换机04
S5700-28P-PWR-LI-AC
10.10.10.14
admin123
接入交换机05
S5700-28P-LI-AC
10.10.10.15
admin123
接入交换机06
S5700-28P-LI-AC
10.10.10.16
admin123
接入交换机07
S5700-28P-LI-AC
10.10.10.17
admin123
接入交换机08
S5700-28P-LI-AC
10.10.10.18
admin123
接入交换机09
S5700-28P-LI-AC
10.10.10.19
admin123
接入交换机10
S5700-28P-LI-AC
10.10.10.20
admin123
admin123
三、网络拓扑如下
图例1:
互联网网络拓扑
图例2:
监控网络拓扑
四、核心交换机接口配置
互联网核心交换机
0
2
4
6
0
2
4
6
8
10
12
14
16
18
20
22
接防火墙
VLAN
10
VLAN
10
TRUNK
X
X
X
X
TRUNK
TRUNK
TRUNK
TRUNK
TRUNK
TRUNK
TRUNK
TRUNK
1
3
5
7
1
3
5
7
9
11
13
15
17
19
21
23
接AC
VLAN
10
VLAN
10
TRUNK
X
X
X
X
TRUNK
TRUNK
TRUNK
TRUNK
TRUNK
TRUNK
TRUNK
TRUNK
说明:
VLAN10---接PC机上网。
TRUNK---接接入交换机。
X---光电复用接口。
监控交换机
0
2
4
6
0
2
4
6
8
10
12
14
16
18
20
22
VLAN
20
VLAN
20
VLAN
10
TRUNK
X
X
X
X
TRUNK
TRUNK
TRUNK
TRUNK
TRUNK
TRUNK
TRUNK
TRUNK
1
3
5
7
1
3
5
7
9
11
13
15
17
19
21
23
VLAN
20
VLAN
20
VLAN
20
TRUNK
X
X
X
X
TRUNK
TRUNK
TRUNK
TRUNK
TRUNK
TRUNK
TRUNK
TRUNK
说明:
VLAN20---接监控PC或终端。
TRUNK---接接入交换机。
五、网管平台配置
IP地址
型号
密码
网管平台密码
192.168.10.253
HPDL360eGen8
Administrator
admin/@1234
拓扑管理:
六、网络设备参数设置
(1)外网核心交换机配置
displaycurrent-configuration
!
SoftwareVersionV200R003C00SPC500
#
sysnameTYG-WW-Core
#
dnsserver218.2.135.1
#
vlanbatch1020304050601000
#
observe-port1interfaceGigabitEthernet3/0/4
#
lldpenable
#
undonapslaveenable
#
dba-profiledefault0type3assure40000max80000
#
dhcpenable
#
dhcpsnoopingenable
#
diffservdomaindefault
#
line-profiledefault0
#
service-profiledefault0
#
vlan10
descriptionNW-net
vlan20
descriptionjiankong-net
vlan30
descriptionNW-AP-client
vlan40
descriptionNW-AP
vlan50
descriptionto_tplink
vlan60
descriptionto_FW
vlan1000
descriptionmanagement
#
aaa
authentication-schemedefault
authorization-schemedefault
accounting-schemedefault
domaindefault
domaindefault_admin
local-useradminpasswordcipher%@%@5d~9:
M^ipCfL\iB)EQd>3Uwe%@%@
local-useradminservice-typehttp
#
interfaceVlanif10
descriptionNW-net
ipaddress192.168.10.254255.255.255.0
dhcpselectinterface
dhcpserverexcluded-ip-address192.168.10.253
dhcpserverdns-list218.2.135.161.147.37.1
#
interfaceVlanif20
descriptionjiankong-net
ipaddress192.168.20.254255.255.255.0
#
interfaceVlanif30
descriptionNW-AP-client
ipaddress192.168.30.254255.255.254.0
dhcpselectinterface
dhcpserverleaseday0hour6minute0
dhcpserverdns-list218.2.135.161.147.37.1
#
interfaceVlanif40
descriptionNW-AP
ipaddress192.168.40.254255.255.255.0
#
interfaceVlanif50
descriptionto_tplink
#
interfaceVlanif60
descriptionto_FW
ipaddress192.168.60.254255.255.255.0
#
interfaceVlanif1000
descriptionmanagement
ipaddress10.10.10.254255.255.255.0
#
interfaceEthernet0/0/0
#
interfaceGigabitEthernet3/0/0
descriptionto_FW
portlink-typeaccess
portdefaultvlan60
#
interfaceGigabitEthernet3/0/1
descriptionto_AC6605
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/2
portlink-typeaccess
portdefaultvlan10
#
interfaceGigabitEthernet3/0/3
portlink-typeaccess
portdefaultvlan10
dhcpsnoopingenable
#
interfaceGigabitEthernet3/0/4
portlink-typeaccess
portdefaultvlan10
dhcpsnoopingenable
#
interfaceGigabitEthernet3/0/5
portlink-typeaccess
portdefaultvlan10
#
interfaceGigabitEthernet3/0/6
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/7
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/8
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/9
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/10
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/11
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/12
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/13
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/14
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/15
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/16
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/17
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/18
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/19
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/20
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/21
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/22
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet3/0/23
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceNULL0
#
iproute-static0.0.0.00.0.0.0192.168.60.1
#
snmp-agent
snmp-agentlocal-engineid800007DB03D46AA880E600
snmp-agentcommunityreadcipher%$%$T'&>Legw4'c8h]-Y.|!
8;Xrp(TP(+e#2C$/)e4,8B:
+&Xrs;5+o-@feDqC$8Z4A6t$TNr|;X%$%$mib-viewiso-view
snmp-agentcommunitywritecipher%$%$fgbYX@V!
\,O/)x*mGHz$;Ko-Z6l-UA_Ul*['`gV(moKGKo0;!
gLuG:
sugKBtx>(\yroQo9;K%$%$mib-viewiso-view
snmp-agentsys-infoversionall
snmp-agenttarget-hosttrapaddressudp-domain192.168.10.253paramssecuritynamecipher%@%@m>mV:
Q:
`v8ciq0Y~C/U0;Kp8%@%@v2c
snmp-agentmib-viewincludediso-viewiso
snmp-agenttrapsourceVlanif1000
#
user-interfacecon0
authentication-modepassword
setauthenticationpasswordcipher%@%@W^Jp(2C;L;B_lSU41o+~,#DE,v{@~U6%)EXj&XIOM%GJ#DH,%@%@
user-interfacevty04
authentication-modepassword
userprivilegelevel15
setauthenticationpasswordcipher%@%@dz`e*2MdUX+WX9.[~^,M=Xa7I@y6U/<-]-PT}J7XhTO7Xa:
=%@%@
user-interfacevty1620
#
port-group1
group-memberGigabitEthernet3/0/0
group-memberGigabitEthernet3/0/1
group-memberGigabitEthernet3/0/2
group-memberGigabitEthernet3/0/3
group-memberGigabitEthernet3/0/4
group-memberGigabitEthernet3/0/5
group-memberGigabitEthernet3/0/6
group-memberGigabitEthernet3/0/7
group-memberGigabitEthernet3/0/8
group-memberGigabitEthernet3/0/9
group-memberGigabitEthernet3/0/10
group-memberGigabitEthernet3/0/11
group-memberGigabitEthernet3/0/12
group-memberGigabitEthernet3/0/13
group-memberGigabitEthernet3/0/14
group-memberGigabitEthernet3/0/15
group-memberGigabitEthernet3/0/16
group-memberGigabitEthernet3/0/17
group-memberGigabitEthernet3/0/18
group-memberGigabitEthernet3/0/19
group-memberGigabitEthernet3/0/20
group-memberGigabitEthernet3/0/21
group-memberGigabitEthernet3/0/22
group-memberGigabitEthernet3/0/23
#
return
disintbri
PHY:
Physical
*down:
administrativelydown
^down:
standby
(l):
loopback
(s):
spoofing
(E):
E-Trunkdown
(b):
BFDdown
(e):
ETHOAMdown
(dl):
DLDPdown
(d):
DampeningSuppressed
InUti/OutUti:
inpututility/outpututility
InterfacePHYProtocolInUtiOutUtiinErrorsoutErrors
GigabitEthernet3/0/0upup1.42%0.50%00
GigabitEthernet3/0/1upup0.04%0.44%00
GigabitEthernet3/0/2upup2.31%1.82%00
GigabitEthernet3/0/3upup0%0%00
GigabitEthernet3/0/4downdown0%0%00
GigabitEthernet3/0/5downdown0%0%00
GigabitEthernet3/0/6downdown0%0%00
GigabitEthernet3/0/7downdown0%0%00
GigabitEthernet3/0/8downdown0%0%00
GigabitEthernet3/0/9downdown0%0%00
GigabitEthernet3/0/10downdown0%0%00
GigabitEthernet3/0/11downdown0%0%00
GigabitEthernet3/0/12downdown0%0%00
GigabitEthernet3/0/13downdown0%0%00
GigabitEthernet3/0/14upup0.01%0.12%00
GigabitEthernet3/0/15downdown0%0%00
GigabitEthernet3/0/16upup0%0%00
GigabitEthernet3/0/17downdown0%0%00
GigabitEthernet3/0/18upup0%0%00
GigabitEthernet3/0/19downdown0%0%00
GigabitEthernet3/0/20upup0.23%0.68%00
GigabitEthernet3/0/21downdown0%0%00
GigabitEthernet3/0/22upup0%0%00
GigabitEthernet3/0/23downdown0%0%00
NULL0upup(s)0%0%00
Vlanif10upup----00
Vlanif20upup----00
Vlanif30upup----00
Vlanif40upup----00
Vlanif50updown----00
Vlanif60upup----00
Vlanif1000upup----00
disipintb
*down:
administrativelydown
!
down:
FIBoverloaddown
^down:
standby
(l):
loopback
(s):
spoofing
(d):
DampeningSuppressed
(E):
E-Trunkdown
ThenumberofinterfacethatisUPinPhysicalis8
Thenumberofinterfacethati