目录

1、项目背景
2、网络建设目标
3、拓扑规划
4、LAN规划（各部门局域网规划）
5、网络设备选型和命名
6、路由规划
7、配置

1、项目背景

XX公司总部位于北京，在上海和深圳分别设有研究所与办事处，通过组建网络将三地连接起来：北京总部有员工100人，一级部门四个（划分Vlan，IP地址规划），服务器2台，服务器与交换机做链路聚合，总部路由协议使用ospf；深圳办事处有员工30人，上海研究所有员工40人，办事处与研究所不分部门,采用DHCP分配IP地址；总部与分支机构之间使用SDH线路连接，其中总部与深圳之间使用2M线路（ppp+chap），总部与上海之间使用2条2M线路（帧中继+路由备份）。

2、网络建设目标

网络带宽升级，达到千兆骨干，百兆到桌面
增强网络的可靠性及可用性
网络要易于管理、升级和扩展
确保内网安全及同办事处之间交互数据的安全

3、拓扑规划

4、LAN规划（各部门局域网规划）

总部按部门划分VLAN
人事行政及财务/商务划为一个VLAN：VLAN 10
产品研发部划为一个VLAN：VLAN 20
技术支持部划为一个VLAN：VLAN 30
服务器区划为一个VLAN：VLAN 40
分支机构不划分VLAN
每个分支机构单独使用一个C类地址
254作为网关
总部及分支机构全部使用DHCP分配IP地址

5、网络设备选型和命名

① 北京总部：

核心交换机 选型：S5700-28C-HI 命名：BJ-S5700-LSW1
服务器区交换机 选型：S3700-26C-HI 命名：BJ-S3700-LSW2
接入交换机 选型：S3700-26C-HI 命名：BJ-S3700-LSW3、LSW4、LSW5
互连及出口路由器 选型：AR2240 命名：BJ-AR2240-AR1

② 深圳办事处：

互连路由器 选型：AR1220 命名：SZ-AR1220-AR2
接入交换机 选型：S3700-26C-HI 命名：SZ-S3700-LSW6

③ 上海研究所：

互连路由器 选型：AR1220 命名：SH-AR1220-AR3
接入交换机 选型：S3700-26C-HI 命名：SH-S3700-LSW7

6、路由规划

7、配置

首先给交换机和路由器配置命名（这里以LSW1为例）：

具体配置：
分别将LSW1和LSW2的g0/0/1和g0/0/2配置为一个链路聚合口：
\========================================================
[BJ-S5700-LSW1]interface Eth-Trunk 12
[BJ-S5700-LSW1-Eth-Trunk12]trunkport g0/0/1
[BJ-S5700-LSW1-Eth-Trunk12]trunkport g0/0/2
\========================================================
[BJ-S3700-LSW2]interface Eth-Trunk 12
[BJ-S3700-LSW2-Eth-Trunk12]trunkport g0/0/1
[BJ-S3700-LSW2-Eth-Trunk12]trunkport g0/0/2
\========================================================

在三层交换机LSW1上划分vlan，并给相应的vlanif虚拟口配置ip地址：
\========================================================
\========================================================
//////// 划分端口VLAN，配置VLANIF的IP地址（即网关）
[BJ-S5700-LSW1]vlan batch 10 20 30 40
Info: This operation may take a few seconds. Please wait for a moment…done.
[BJ-S5700-LSW1]int g0/0/3
[BJ-S5700-LSW1-GigabitEthernet0/0/3]port link-type access
[BJ-S5700-LSW1-GigabitEthernet0/0/3]port default vlan 10
[BJ-S5700-LSW1-GigabitEthernet0/0/3]int g0/0/4
[BJ-S5700-LSW1-GigabitEthernet0/0/4]port link-type access
[BJ-S5700-LSW1-GigabitEthernet0/0/4]port default vlan 20
[BJ-S5700-LSW1-GigabitEthernet0/0/4]int g0/0/5
[BJ-S5700-LSW1-GigabitEthernet0/0/5]port link-type access
[BJ-S5700-LSW1-GigabitEthernet0/0/5]port default vlan 30
[BJ-S5700-LSW1-GigabitEthernet0/0/5]int Eth-Trunk12
[BJ-S5700-LSW1-Eth-Trunk12]port link-type access
[BJ-S5700-LSW1-Eth-Trunk12]port default vlan 40
[BJ-S5700-LSW1-Eth-Trunk12]int vlanif10
[BJ-S5700-LSW1-Vlanif10]ip add 192.168.10.254 24
[BJ-S5700-LSW1-Vlanif10]int vlanif20
[BJ-S5700-LSW1-Vlanif20]ip add 192.168.20.254 24
[BJ-S5700-LSW1-Vlanif20]int vlanif30
[BJ-S5700-LSW1-Vlanif30]ip add 192.168.30.254 24
[BJ-S5700-LSW1-Vlanif30]int vlanif40
[BJ-S5700-LSW1-Vlanif40]ip add 192.168.40.254 24
[BJ-S5700-LSW1-Vlanif40]display ip interface brief //////// 查看已有Vlanif及其地址
\========================================================
[BJ-S5700-LSW1]vlan 99 //////// LSW1配置g0/0/24端口
[BJ-S5700-LSW1-vlan99]int g0/0/24
[BJ-S5700-LSW1-GigabitEthernet0/0/24]port link-type access
[BJ-S5700-LSW1-GigabitEthernet0/0/24]port default vlan 99
[BJ-S5700-LSW1-GigabitEthernet0/0/24]int vlanif99
[BJ-S5700-LSW1-Vlanif99]ip add 192.168.1.2 24
\========================================================
\========================================================
//////// 配置DHCP、静态路由和IP地址池
[BJ-AR2240-AR1]dhcp enable
[BJ-AR2240-AR1]int g0/0/0
[BJ-AR2240-AR1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[BJ-AR2240-AR1-GigabitEthernet0/0/0]dhcp select global
[BJ-AR2240-AR1-GigabitEthernet0/0/0]q
[BJ-AR2240-AR1]ip route-static 192.168.10.0 255.255.255.0 192.168.1.2
[BJ-AR2240-AR1]ip route-static 192.168.20.0 255.255.255.0 192.168.1.2
[BJ-AR2240-AR1]ip route-static 192.168.30.0 255.255.255.0 192.168.1.2
[BJ-AR2240-AR1]ip route-static 192.168.40.0 255.255.255.0 192.168.1.2
[BJ-AR2240-AR1]ip pool vlan10
Info: It’s successful to create an IP address pool.
[BJ-AR2240-AR1-ip-pool-vlan10]gateway-list 192.168.10.254
[BJ-AR2240-AR1-ip-pool-vlan10]network 192.168.10.0 mask 255.255.255.0
[BJ-AR2240-AR1-ip-pool-vlan10]excluded-ip-address 192.168.10.100 192.168.10.253
[BJ-AR2240-AR1-ip-pool-vlan10]dns-list 114.114.114.114
[BJ-AR2240-AR1-ip-pool-vlan10]q
[BJ-AR2240-AR1]ip pool vlan20
Info: It’s successful to create an IP address pool.
[BJ-AR2240-AR1-ip-pool-vlan20]gateway-list 192.168.20.254
[BJ-AR2240-AR1-ip-pool-vlan20]network 192.168.20.0 mask 255.255.255.0
[BJ-AR2240-AR1-ip-pool-vlan20]excluded-ip-address 192.168.20.100 192.168.20.253
[BJ-AR2240-AR1-ip-pool-vlan20]dns-list 114.114.114.114
[BJ-AR2240-AR1-ip-pool-vlan20]q
[BJ-AR2240-AR1]ip pool vlan30
Info: It’s successful to create an IP address pool.
[BJ-AR2240-AR1-ip-pool-vlan30]gateway-list 192.168.30.254
[BJ-AR2240-AR1-ip-pool-vlan30]network 192.168.30.0 mask 255.255.255.0
[BJ-AR2240-AR1-ip-pool-vlan30]excluded-ip-address 192.168.30.100 192.168.30.253
[BJ-AR2240-AR1-ip-pool-vlan30]dns-list 114.114.114.114
[BJ-AR2240-AR1-ip-pool-vlan30]q
[BJ-AR2240-AR1]dis ip pool
\========================================================
//////////////////配置DHCP中继
[BJ-S5700-LSW1]
[BJ-S5700-LSW1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[BJ-S5700-LSW1]int vlanif10
[BJ-S5700-LSW1-Vlanif10]dhcp select relay
[BJ-S5700-LSW1-Vlanif10]dhcp relay server-ip 192.168.1.1
[BJ-S5700-LSW1-Vlanif10]q
[BJ-S5700-LSW1]int vlanif20
[BJ-S5700-LSW1-Vlanif20]dhcp select relay
[BJ-S5700-LSW1-Vlanif20]dhcp relay server-ip 192.168.1.1
[BJ-S5700-LSW1-Vlanif20]q
[BJ-S5700-LSW1]int vlanif30
[BJ-S5700-LSW1-Vlanif30]dhcp select relay
[BJ-S5700-LSW1-Vlanif30]dhcp relay server-ip 192.168.1.1
\========================================================
\========================================================
////////////////// AR2配置DHCP
[SZ-AR1220-AR2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[SZ-AR1220-AR2]int g0/0/0
[SZ-AR1220-AR2-GigabitEthernet0/0/0]ip add 192.168.50.254 24
[SZ-AR1220-AR2-GigabitEthernet0/0/0]dhcp select global
[SZ-AR1220-AR2-GigabitEthernet0/0/0]q
[SZ-AR1220-AR2]ip pool net50
Info: It’s successful to create an IP address pool.
[SZ-AR1220-AR2-ip-pool-net50]gateway-list 192.168.50.254
[SZ-AR1220-AR2-ip-pool-net50]network 192.168.50.0 mask 24
[SZ-AR1220-AR2-ip-pool-net50]excluded-ip-address 192.168.50.201 192.168.50.253
[SZ-AR1220-AR2-ip-pool-net50]dns-list 114.114.114.114
\========================================================
////////////////// AR3配置DHCP
[SH-AR1220-AR3]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[SH-AR1220-AR3]int g0/0/0
[SH-AR1220-AR3-GigabitEthernet0/0/0]ip add 192.168.60.254 24
[SH-AR1220-AR3-GigabitEthernet0/0/0]dhcp select global
[SH-AR1220-AR3-GigabitEthernet0/0/0]q
[SH-AR1220-AR3]ip pool net60
Info: It’s successful to create an IP address pool.
[SH-AR1220-AR3-ip-pool-net60]gateway-list 192.168.60.254
[SH-AR1220-AR3-ip-pool-net60]network 192.168.60.0 mask 24
[SH-AR1220-AR3-ip-pool-net60]excluded-ip-address 192.168.60.201 192.168.60.253
[SH-AR1220-AR3-ip-pool-net60]dns-list 114.114.114.114
\========================================================
\========================================================
////////////////// 配置AR1ppp-CHAP认证
[BJ-AR2240-AR1]int s1/0/0
[BJ-AR2240-AR1-Serial1/0/0]ip add 192.168.2.1 24
[BJ-AR2240-AR1-Serial1/0/0]q
[BJ-AR2240-AR1]ip route-static 192.168.50.0 255.255.255.0 192.168.2.2
[BJ-AR2240-AR1]aaa
[BJ-AR2240-AR1-aaa]local-user ar1 password cipher hello
Info: Add a new user.
[BJ-AR2240-AR1-aaa]local-user ar1 service-type ppp
[BJ-AR2240-AR1-aaa]int s1/0/0
[BJ-AR2240-AR1-Serial1/0/0]link-protocol ppp
[BJ-AR2240-AR1-Serial1/0/0]ppp authentication-mode chap
[BJ-AR2240-AR1-Serial1/0/0]shutdown
[BJ-AR2240-AR1-Serial1/0/0]undo shutdown
\========================================================
////////////////// 配置AR2ppp-CHAP认证
[SZ-AR1220-AR2]int s1/0/0
[SZ-AR1220-AR2-Serial1/0/0]ip add 192.168.2.2 24
[SZ-AR1220-AR2-Serial1/0/0]q
[SZ-AR1220-AR2]ip route-static 192.168.1.0 255.255.255.0 192.168.2.1
[SZ-AR1220-AR2]int s1/0/0
[SZ-AR1220-AR2-Serial1/0/0]link-protocol ppp
[SZ-AR1220-AR2-Serial1/0/0]ppp chap user ar1
[SZ-AR1220-AR2-Serial1/0/0]ppp chap password cipher hello
[SZ-AR1220-AR2-Serial1/0/0]shutdown
[SZ-AR1220-AR2-Serial1/0/0]undo shutdown
[SZ-AR1220-AR2-Serial1/0/0]display this
\========================================================
\========================================================
////////////////// 配置AR1路由备份
[BJ-AR2240-AR1]int s2/0/0
[BJ-AR2240-AR1-Serial2/0/0]ip add 192.168.3.1 24
[BJ-AR2240-AR1-Serial2/0/0]int s2/0/1
[BJ-AR2240-AR1-Serial2/0/1]ip add 192.168.4.1 24
[BJ-AR2240-AR1-Serial2/0/1]q
[BJ-AR2240-AR1]ip route-static 192.168.60.0 255.255.255.0 192.168.3.2 //默认60
[BJ-AR2240-AR1]ip route-static 192.168.60.0 255.255.255.0 192.168.4.2 preference 100
\========================================================
////////////////// 配置AR3路由备份
[SH-AR1220-AR3]int s2/0/0
[SH-AR1220-AR3-Serial2/0/0]ip add 192.168.3.2 24
[SH-AR1220-AR3-Serial2/0/0]int s2/0/1
[SH-AR1220-AR3-Serial2/0/1]ip add 192.168.4.2 24
[SH-AR1220-AR3-Serial2/0/1]q
[SH-AR1220-AR3]ip route-static 192.168.1.0 255.255.255.0 192.168.3.1 //默认60
[SH-AR1220-AR3]ip route-static 192.168.1.0 255.255.255.0 192.168.4.1 preference 100
\========================================================
\========================================================
////////////////// AR1配置帧中继
[BJ-AR2240-AR1]int s2/0/0
[BJ-AR2240-AR1-Serial2/0/0]link-protocol fr
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
[BJ-AR2240-AR1-Serial2/0/0]fr interface-type dce //////网络侧
[BJ-AR2240-AR1-Serial2/0/0]fr dlci 100
[BJ-AR2240-AR1-fr-dlci-Serial2/0/0-100]int s2/0/1
[BJ-AR2240-AR1-Serial2/0/1]link-protocol fr
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
[BJ-AR2240-AR1-Serial2/0/1]fr interface-type dce
[BJ-AR2240-AR1-Serial2/0/1]fr dlci 100
[BJ-AR2240-AR1-fr-dlci-Serial2/0/1-100]q
\========================================================
////////////////// AR3配置帧中继
[SH-AR1220-AR3]int s2/0/0
[SH-AR1220-AR3-Serial2/0/0]link-protocol fr
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
[SH-AR1220-AR3-Serial2/0/0]fr interface-type dte //////用户侧
[SH-AR1220-AR3-Serial2/0/0]fr dlci 100
[SH-AR1220-AR3-fr-dlci-Serial2/0/0-100]q
[SH-AR1220-AR3-Serial2/0/0]int s2/0/1
[SH-AR1220-AR3-Serial2/0/1]link-protocol fr
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
[SH-AR1220-AR3-Serial2/0/1]fr interface-type dte
[SH-AR1220-AR3-Serial2/0/1]fr dlci 100
[SH-AR1220-AR3-fr-dlci-Serial2/0/1-100]q
\========================================================
\========================================================
////////////////// 配置AR1的OSPF
[BJ-AR2240-AR1]int loopback0
[BJ-AR2240-AR1-LoopBack0]ip add 1.1.1.1 32
[BJ-AR2240-AR1-LoopBack0]q
[BJ-AR2240-AR1]ospf 100 router-id 1.1.1.1
[BJ-AR2240-AR1-ospf-100]area 0
[BJ-AR2240-AR1-ospf-100-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[BJ-AR2240-AR1-ospf-100-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[BJ-AR2240-AR1-ospf-100-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[BJ-AR2240-AR1-ospf-100-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[BJ-AR2240-AR1-ospf-100-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[BJ-AR2240-AR1-ospf-100-area-0.0.0.0]area 1
[BJ-AR2240-AR1-ospf-100-area-0.0.0.1]authentication-mode md5 1 cipher hw123
[BJ-AR2240-AR1-ospf-100-area-0.0.0.1]network 192.168.1.0 0.0.0.255
[BJ-AR2240-AR1-ospf-100-area-0.0.0.1]q
[BJ-AR2240-AR1-ospf-100]import-route static //OSPF引入静态路由
[BJ-AR2240-AR1-ospf-100]peer 192.168.3.2 //手动指定邻居的接口，建立邻居关系。因为帧中继默认无法运行OSPF协议
[BJ-AR2240-AR1-ospf-100]peer 192.168.4.2
[BJ-AR2240-AR1-ospf-100]int g0/0/0
\========================================================
////////////////// 配置AR2的OSPF
[SZ-AR1220-AR2]int loopback0
[SZ-AR1220-AR2-LoopBack0]ip add 2.2.2.2 32
[SZ-AR1220-AR2-LoopBack0]q
[SZ-AR1220-AR2]ospf 100 router-id 2.2.2.2
[SZ-AR1220-AR2-ospf-100]area 0
[SZ-AR1220-AR2-ospf-100-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[SZ-AR1220-AR2-ospf-100-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[SZ-AR1220-AR2-ospf-100-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[SZ-AR1220-AR2-ospf-100-area-0.0.0.0]area 2
[SZ-AR1220-AR2-ospf-100-area-0.0.0.2]network 192.168.50.0 0.0.0.255
[SZ-AR1220-AR2-ospf-100-area-0.0.0.2]q
[SZ-AR1220-AR2-ospf-100]import-route static
\========================================================
////////////////// 配置AR3的OSPF
[SH-AR1220-AR3]int loopback0
[SH-AR1220-AR3-LoopBack0]ip add 3.3.3.3 32
[SH-AR1220-AR3-LoopBack0]q
[SH-AR1220-AR3]ospf 100 router-id 3.3.3.3
[SH-AR1220-AR3-ospf-100]area 0
[SH-AR1220-AR3-ospf-100-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[SH-AR1220-AR3-ospf-100-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[SH-AR1220-AR3-ospf-100-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[SH-AR1220-AR3-ospf-100-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[SH-AR1220-AR3-ospf-100-area-0.0.0.0]area 3
[SH-AR1220-AR3-ospf-100-area-0.0.0.3]network 192.168.60.0 0.0.0.255
[SH-AR1220-AR3-ospf-100-area-0.0.0.3]q
[SH-AR1220-AR3-ospf-100]import-route static
[SH-AR1220-AR3-ospf-100]peer 192.168.3.1
[SH-AR1220-AR3-ospf-100]peer 192.168.4.1
[SH-AR1220-AR3-ospf-100]int s2/0/0
[SH-AR1220-AR3-Serial2/0/0]ospf dr-priority 0 //OSPF优先级置零，使其不参与DR/BDR的选举（默认DR是1）
[SH-AR1220-AR3-Serial2/0/0]int s2/0/1
[SH-AR1220-AR3-Serial2/0/1]ospf dr-priority 0 //OSPF优先级置零，使其不参与DR/BDR的选举
\========================================================
////////////////// 配置LSW1的OSPF
[BJ-S5700-LSW1]int loopback0
[BJ-S5700-LSW1-LoopBack0]ip add 4.4.4.4 32
[BJ-S5700-LSW1-LoopBack0]q
[BJ-S5700-LSW1]ospf 100 router-id 4.4.4.4
[BJ-S5700-LSW1-ospf-100]area 1
[BJ-S5700-LSW1-ospf-100-area-0.0.0.1]authentication-mode md5 1 cipher hw123
[BJ-S5700-LSW1-ospf-100-area-0.0.0.1]network 192.168.1.0 0.0.0.255
[BJ-S5700-LSW1-ospf-100-area-0.0.0.1]network 4.4.4.4 0.0.0.0
[BJ-S5700-LSW1-ospf-100-area-0.0.0.1]q
[BJ-S5700-LSW1-ospf-100]import-route static
[BJ-S5700-LSW1-ospf-100]int vlan99
[BJ-S5700-LSW1-Vlanif99]ospf dr-priority 0 //OSPF优先级置零，使其不参与DR/BDR选举
\========================================================
\========================================================

THE END.