1、PC1、PC3在同一vlan,PC2、PC4在同一vlan,同vlan下网段相同
2、为了提高安全性,PC3、PC4做基于MAC的vlan
3、SW3-SW4之间做LACP模式的链路聚合,最大活动链路为两条,允许抢占。
4、接入层交换机为二层交换机。汇聚层为三层交换机,
vlan10的网关在SW3上,VLAN20的网关在SW4上。
5、为了保证可靠性,交换机之间互联链路允许所有vlan通行。
6、内网区域使用OSPF全互联。AR3为内网的Telnet服务器。
7、AR1-AR2之间做浮动路由。
8、AR2为NAT设备,使用NAPT访问外网。AR3作为内网Telnet服务器,需要映射到公网中,使公网设备能够访问内网的Telnet服务器
9、公网区域使用OSPF全互联。每台路由器都需创建一个loopback接口,(开启OSPF设备AR2、4、5、6、7)
接口编号为当前路由器的设备编号。公网区域loopback接口要求也能全互访。严禁公网路由进入私网。
10、AR7作为第二个私网的出口路由器,使用静态NAT提供访问公网的服务。仅允许PC5、6进行地址转换访问公网
11、PC5、6处于不同网段,要求使用单臂路由互通。
12、交换机7作为二层交换机,使用hybird接口,AR8能和AR7、AR9互访,但AR7和AR9无法通信。AR9作为Telnet内网服务器
13、在内网1中,禁止PC2、PC3远程登陆Telnet内网服务器。但是可以ping通Telnet服务器。
禁止PC1、PC4,ping通Telnet服务器,但可以远程登陆Telnet服务器
14、公网设备AR5上存在10.1.0.0/24网段–10.1.10.0/24网段(使用loopback接口创建该网段)
要求内网PC1、3设备仅能ping通AR5上的偶数网段,PC2、4仅能ping通AR5的奇数网段。
15、要求PC5、6访问AR2的G0/0/2接口时,流量路径仅为AR7-AR5-AR4。同一时刻之内,访问AR2的G0/0/2接口仅能出现一条路由。
16、要求PC1能ping通PC5,做NAT444,在AR7的NAT444中使用静态NAT
17、附加题,做Telnet的路由器使用3A认证的方式
18、注意,PC无法Telnet,可以使用其他三层设备Telnet
SW1
#
sysname SW1
#
undo info-center enable
#
vlan batch 10 20 30
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/8
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
SW2
#
sysname SW2
#
undo info-center enable
#
vlan batch 10 20
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
vlan 10
mac-vlan mac-address 5489-9875-3e78 ffff-ffff-0000 priority 0
vlan 20
mac-vlan mac-address 5489-989e-80e3 ffff-ffff-0000 priority 0
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/6
port hybrid untagged vlan 10
mac-vlan enable
#
interface GigabitEthernet0/0/7
port hybrid untagged vlan 20
mac-vlan enable
#
interface GigabitEthernet0/0/8
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
SW3
#
sysname SW3
#
undo info-center enable
#
vlan batch 10 20 100
#
lacp priority 0
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 192.168.1.254 255.255.255.0
#
interface Vlanif100
ip address 100.1.1.3 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 20
mode lacp-static
lacp preempt enable
max active-linknumber 2
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/4
eth-trunk 1
lacp priority 10
#
interface GigabitEthernet0/0/5
eth-trunk 1
#
interface GigabitEthernet0/0/6
eth-trunk 1
lacp priority 10
#
interface GigabitEthernet0/0/7
eth-trunk 1
#
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 100.1.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 100.1.1.10
#
user-interface con 0
user-interface vty 0 4
#
return
SW4
#
sysname SW4
#
undo info-center enable
#
vlan batch 10 20 200
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif20
ip address 192.168.2.254 255.255.255.0
#
interface Vlanif200
ip address 200.1.1.3 255.255.255.0
#
interface MEth0/0/1
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 20
mode lacp-static
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/4
eth-trunk 1
#
interface GigabitEthernet0/0/5
eth-trunk 1
#
interface GigabitEthernet0/0/6
eth-trunk 1
#
interface GigabitEthernet0/0/7
eth-trunk 1
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 200.1.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 200.1.1.10
#
user-interface con 0
user-interface vty 0 4
#
return
AR10
#
sysname AR10
#
board add 0/4 4GET
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
acl name canxun 3000
rule 5 deny tcp source 192.168.2.2 0 destination 103.1.1.3 0 destination-port e
q telnet
rule 10 deny tcp source 192.168.1.3 0 destination 103.1.1.3 0 destination-port
eq telnet
rule 15 deny icmp source 192.168.1.1 0 destination 103.1.1.3 0
rule 20 deny ip source 192.168.1.0 0.0.0.255 destination 10.1.1.0 0.0.254.255
rule 25 deny ip source 192.168.2.0 0.0.0.255 destination 10.1.0.0 0.0.254.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 110.1.1.10 255.255.255.0
traffic-filter outbound acl name canxun
#
interface GigabitEthernet0/0/1
ip address 100.1.1.10 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 200.1.1.10 255.255.255.0
#
interface GigabitEthernet4/0/0
ip address 103.1.1.10 255.255.255.0
traffic-filter outbound acl name canxun
#
interface GigabitEthernet4/0/1
#
interface GigabitEthernet4/0/2
#
interface GigabitEthernet4/0/3
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 100.1.1.0 0.0.0.255
network 103.1.1.0 0.0.0.255
network 110.1.1.0 0.0.0.255
network 200.1.1.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 110.1.1.1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
AR3
#
sysname AR3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user canxun password cipher %$%$[c'dAO[/N/'&I;Yk)J9"/2[<%$%$
local-user canxun privilege level 3
local-user canxun service-type telnet
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 103.1.1.3 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 103.1.1.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 103.1.1.10
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
authentication-mode aaa
user-interface vty 16 20
#
wlan ac
#
return
AR1
#
sysname AR1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 110.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 12.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 21.1.1.1 255.255.255.0
ospf cost 6000
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 12.1.1.0 0.0.0.255
network 21.1.1.0 0.0.0.255
network 110.1.1.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
AR2
#
sysname AR2
#
board add 0/4 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255
rule 10 permit source 192.168.2.0 0.0.0.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
nat address-group 1 24.1.1.10 24.1.1.20
#
interface Serial4/0/0
link-protocol ppp
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 21.1.1.2 255.255.255.0
ospf cost 6000
#
interface GigabitEthernet0/0/2
ip address 24.1.1.2 255.255.255.0
nat server protocol tcp global 24.1.1.5 telnet inside 103.1.1.3 telnet
nat outbound 2000 address-group 1
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 12.1.1.0 0.0.0.255
network 21.1.1.0 0.0.0.255
#
ospf 2 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 24.1.1.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 24.1.1.4
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
AR4
#
sysname AR4
#
board add 0/4 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Serial4/0/0
link-protocol ppp
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 24.1.1.4 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 46.1.1.4 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 45.1.1.4 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 24.1.1.0 0.0.0.255
network 45.1.1.0 0.0.0.255
network 46.1.1.0 0.0.0.255
#
ip route-static 192.168.5.0 255.255.255.0 45.1.1.5
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
AR5
#
sysname AR5
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 57.1.1.5 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 45.1.1.5 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
interface LoopBack1
description q
ip address 10.1.0.1 255.255.255.0
#
interface LoopBack2
ip address 10.1.1.1 255.255.255.0
#
interface LoopBack3
ip address 10.1.2.1 255.255.255.0
#
interface LoopBack4
ip address 10.1.3.1 255.255.255.0
#
interface LoopBack5
ip address 10.1.4.1 255.255.255.0
#
interface LoopBack6
ip address 10.1.5.1 255.255.255.0
#
interface LoopBack7
ip address 10.1.6.1 255.255.255.0
#
interface LoopBack8
ip address 10.1.7.1 255.255.255.0
#
interface LoopBack9
ip address 10.1.8.1 255.255.255.0
#
interface LoopBack10
ip address 10.1.9.1 255.255.255.0
#
interface LoopBack11
ip address 10.1.10.1 255.255.255.0
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 10.1.0.0 0.0.255.255
network 45.1.1.0 0.0.0.255
network 57.1.1.0 0.0.0.255
#
ip route-static 192.168.5.0 255.255.255.0 57.1.1.7
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
AR6
#
sysname AR6
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 46.1.1.6 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 67.1.1.6 255.255.255.0
ospf cost 6000
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 46.1.1.0 0.0.0.255
network 67.1.1.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
AR7
#
sysname AR7
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 67.1.1.7 255.255.255.0
ospf cost 6000
nat static global 67.1.1.55 inside 192.168.5.5 netmask 255.255.255.255
nat static global 67.1.1.66 inside 192.168.6.6 netmask 255.255.255.255
#
interface GigabitEthernet0/0/1
ip address 57.1.1.7 255.255.255.0
nat static global 57.1.1.55 inside 192.168.5.5 netmask 255.255.255.255
nat static global 57.1.1.66 inside 192.168.6.6 netmask 255.255.255.255
#
interface GigabitEthernet0/0/2
ip address 98.1.1.7 255.255.255.0
nat static global 98.1.1.88 inside 24.1.1.10 netmask 255.255.255.255
nat static global 98.1.1.89 inside 24.1.1.11 netmask 255.255.255.255
nat static global 98.1.1.90 inside 24.1.1.12 netmask 255.255.255.255
nat static global 98.1.1.91 inside 24.1.1.13 netmask 255.255.255.255
nat static global 98.1.1.92 inside 24.1.1.14 netmask 255.255.255.255
nat static global 98.1.1.93 inside 24.1.1.15 netmask 255.255.255.255
nat static global 98.1.1.94 inside 24.1.1.16 netmask 255.255.255.255
nat static global 98.1.1.95 inside 24.1.1.17 netmask 255.255.255.255
nat static global 98.1.1.96 inside 24.1.1.18 netmask 255.255.255.255
nat static global 98.1.1.97 inside 24.1.1.19 netmask 255.255.255.255
nat static global 98.1.1.98 inside 24.1.1.20 netmask 255.255.255.255
#
interface NULL0
#
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
#
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 7.7.7.7 0.0.0.0
network 57.1.1.0 0.0.0.255
network 67.1.1.0 0.0.0.255
#
ospf 2
area 0.0.0.0
network 98.1.1.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 57.1.1.5
ip route-static 192.168.5.0 255.255.255.0 98.1.1.8
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
AR9
#
sysname AR9
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user canxun password cipher %$%$&L_\!c`weHA-9H;]Lr1W/sVj%$%$
local-user canxun privilege level 3
local-user canxun service-type telnet
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 98.1.1.9 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 98.1.1.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
authentication-mode aaa
user-interface vty 16 20
#
wlan ac
#
return
SW7
#
sysname SW7
#
undo info-center enable
#
vlan batch 70 80 90
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 80
port hybrid untagged vlan 70 80 90
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 70
port hybrid untagged vlan 70 80
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 90
port hybrid untagged vlan 80 90
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
AR8
#
sysname AR8
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 98.1.1.8 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.50
dot1q termination vid 50
ip address 192.168.5.254 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.60
dot1q termination vid 60
ip address 192.168.6.254 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 98.1.1.0 0.0.0.255
network 192.168.0.0 0.0.255.255
#
ip route-static 0.0.0.0 0.0.0.0 98.1.1.7
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
SW6
sysname SW6
#
undo info-center enable
#
vlan batch 50 60
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 50
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 60
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 50 60
#
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
wu