某二级支行网络的设计与实现——配置脚本(1)
作者:互联网
本文承接博客:https://qiuhualin.blog.csdn.net/article/details/117417773
某二级支行网络的设计与实现——配置脚本(1)
运行维护区
S7700-运维区:
sysname yunwei-SW
#
undo info-center enable
#
vlan batch 10 100 200 300
#
stp region-configuration
region-name core
instance 1 vlan 10 20 30 32 40 42 50
instance 2 vlan 21 31 33 41 43 51
instance 3 vlan 52 60 62 81 88
instance 4 vlan 53 61 63 71 82
active region-configuration
#
acl number 3000
rule 5 deny icmp destination 192.168.10.0 0.0.0.255
rule 10 deny icmp destination 192.168.20.0 0.0.0.255
rule 15 deny icmp destination 192.168.30.0 0.0.0.255
#
interface Vlanif10
ip address 172.16.10.2 255.255.255.252
#
interface Vlanif100
ip address 192.168.10.254 255.255.255.0
#
interface Vlanif200
ip address 192.168.20.254 255.255.255.0
#
interface Vlanif300
ip address 192.168.30.254 255.255.255.0
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
traffic-filter inbound acl 3000
#
interface Ethernet0/0/2
port link-type access
port default vlan 100
#
interface Ethernet0/0/3
port link-type access
port default vlan 200
#
interface Ethernet0/0/4
port link-type access
port default vlan 300
ospf 1 router-id 11.11.11.11
area 0.0.0.0
network 172.16.10.2 0.0.0.0
area 0.0.0.10
network 192.168.10.254 0.0.0.0
network 192.168.20.254 0.0.0.0
network 192.168.30.254 0.0.0.0
楼层接入区
S5700-接入-1:
sysname S5700-L2-1
#
undo info-center enable
#
vlan batch 400
#
interface Ethernet0/0/1
port link-type access
port default vlan 400
#
interface Ethernet0/0/2
port link-type access
port default vlan 400
#
interface Ethernet0/0/3
port link-type access
port default vlan 400
stp edged-port enable
S5700-接入-2:
sysname S5700-L2-2
#
undo info-center enable
#
vlan batch 500
#
interface Ethernet0/0/1
port link-type access
port default vlan 500
#
interface Ethernet0/0/2
port link-type access
port default vlan 500
#
interface Ethernet0/0/3
port link-type access
port default vlan 500
stp edged-port enable
S5700-接入-3:
sysname S5700-L2-3
#
undo info-center enable
#
vlan batch 600
#
interface Ethernet0/0/1
port link-type access
port default vlan 600
#
interface Ethernet0/0/2
port link-type access
port default vlan 600
#
interface Ethernet0/0/3
port link-type access
port default vlan 600
stp edged-port enable
S7700-楼层汇聚-1:
sysname jieru-S7700-1
#
undo info-center enable
#
vlan batch 20 22 400 500 600
#
stp instance 0 priority 8192
#
dhcp enable
#
stp region-configuration
region-name core
instance 1 vlan 10 20 30 32 40 42 50
instance 2 vlan 21 31 33 41 43 51
instance 3 vlan 52 60 62 81 88
instance 4 vlan 53 61 63 71 82
active region-configuration
#
ip pool a
gateway-list 192.168.40.254
network 192.168.40.0 mask 255.255.255.0
lease day 2 hour 0 minute 0
dns-list 8.8.8.8
#
ip pool b
gateway-list 192.168.50.254
network 192.168.50.0 mask 255.255.255.0
lease day 2 hour 0 minute 0
dns-list 8.8.8.8
#
ip pool c
gateway-list 192.168.60.254
network 192.168.60.0 mask 255.255.255.0
lease day 2 hour 0 minute 0
dns-list 8.8.8.8
#
interface Vlanif20
ip address 172.16.20.2 255.255.255.252
#
interface Vlanif22
ip address 20.0.0.1 255.255.255.252
#
interface Vlanif400
ip address 192.168.40.251 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.40.254
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 15
vrrp vrid 1 track interface Vlanif20 reduced 30
dhcp select global
#
interface Vlanif500
ip address 192.168.50.251 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.50.254
vrrp vrid 2 priority 120
vrrp vrid 2 preempt-mode timer delay 15
vrrp vrid 2 track interface Vlanif20 reduced 30
dhcp select global
#
interface Vlanif600
ip address 192.168.60.251 255.255.255.0
vrrp vrid 3 virtual-ip 192.168.60.254
dhcp select global
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 400
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 500
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 600
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 22
#
ospf 1 router-id 21.21.21.21
area 0.0.0.0
network 172.16.20.2 0.0.0.0
network 20.0.0.1 0.0.0.0
area 0.0.0.20
network 192.168.40.0 0.0.0.255
network 192.168.50.0 0.0.0.255
network 192.168.60.0 0.0.0.255
#
return
S7700-楼层汇聚-2:
sysname jieru-S7700-2
#
undo info-center enable
#
vlan batch 21 to 22 400 500 600
#
stp instance 0 priority 8192
#
dhcp enable
#
stp region-configuration
region-name core
instance 1 vlan 10 20 30 32 40 42 50
instance 2 vlan 21 31 33 41 43 51
instance 3 vlan 52 60 62 81 88
instance 4 vlan 53 61 63 71 82
active region-configuration
#
ip pool a
gateway-list 192.168.40.254
network 192.168.40.0 mask 255.255.255.0
lease day 2 hour 0 minute 0
dns-list 8.8.8.8
#
ip pool b
gateway-list 192.168.50.254
network 192.168.50.0 mask 255.255.255.0
lease day 2 hour 0 minute 0
dns-list 8.8.8.8
#
ip pool c
gateway-list 192.168.60.254
network 192.168.60.0 mask 255.255.255.0
lease day 2 hour 0 minute 0
dns-list 8.8.8.8
#
interface Vlanif21
ip address 172.16.21.2 255.255.255.252
#
interface Vlanif22
ip address 20.0.0.2 255.255.255.252
#
interface Vlanif400
ip address 192.168.40.252 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.40.254
dhcp select global
#
interface Vlanif500
ip address 192.168.50.252 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.50.254
dhcp select global
#
interface Vlanif600
ip address 192.168.60.252 255.255.255.0
vrrp vrid 3 virtual-ip 192.168.60.254
vrrp vrid 3 priority 120
vrrp vrid 3 preempt-mode timer delay 15
vrrp vrid 3 track interface Vlanif21 reduced 30
dhcp select global
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 500
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 600
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 400
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 21
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 22
#
ospf 1 router-id 22.22.22.22
area 0.0.0.0
network 172.16.21.2 0.0.0.0
network 20.0.0.2 0.0.0.0
area 0.0.0.20
network 192.168.40.0 0.0.0.255
network 192.168.50.0 0.0.0.255
network 192.168.60.0 0.0.0.255
#
前置服务区
S5700 L2-前置-1:
sysname qianzhi-S5700-1
#
undo info-center enable
#
interface Ethernet0/0/1
port link-type access
port default vlan 700
#
interface Ethernet0/0/2
port link-type access
port default vlan 700
#
interface Ethernet0/0/3
port link-type access
port default vlan 700
S5700 L2-前置-2:
sysname qianzhiS5700-2
#
undo info-center enable
#
vlan batch 800
#
interface Ethernet0/0/1
port link-type access
port default vlan 800
stp edged-port enable
#
interface Ethernet0/0/2
port link-type access
port default vlan 800
#
interface Ethernet0/0/3
port link-type access
port default vlan 800
#
return
S7700-前置-1:
sysname qianzhi-S7700-1
#
undo info-center enable
#
vlan batch 30 to 31 34 700 800
#
stp instance 0 priority 8192
#
stp region-configuration
region-name core
instance 1 vlan 10 20 30 32 40 42 50
instance 2 vlan 21 31 33 41 43 51
instance 3 vlan 52 60 62 81 88
instance 4 vlan 53 61 63 71 82
active region-configuration
#
interface Vlanif30
ip address 172.16.30.2 255.255.255.252
#
interface Vlanif31
ip address 172.16.31.2 255.255.255.252
#
interface Vlanif34
ip address 30.0.0.1 255.255.255.252
#
interface Vlanif700
ip address 192.168.70.251 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.70.254
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 15
vrrp vrid 1 track interface Vlanif30 reduced 30
vrrp vrid 1 track interface Vlanif31 reduced 30
#
interface Vlanif800
ip address 192.168.80.251 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.80.254
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 700
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 34
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 30
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 31
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 800
#
ospf 1 router-id 31.31.31.31
area 0.0.0.0
network 172.16.30.2 0.0.0.0
network 172.16.31.2 0.0.0.0
network 30.0.0.1 0.0.0.0
area 0.0.0.30
network 192.168.70.0 0.0.0.255
network 192.168.80.0 0.0.0.255
S7700-前置-2:
sysname qianzhi-S7700-2
#
undo info-center enable
#
vlan batch 32 to 34 700 800
#
stp instance 0 priority 8192
#
stp region-configuration
region-name core
instance 1 vlan 10 20 30 32 40 42 50
instance 2 vlan 21 31 33 41 43 51
instance 3 vlan 52 60 62 81 88
instance 4 vlan 53 61 63 71 82
active region-configuration
#
interface Vlanif32
ip address 172.16.32.2 255.255.255.252
#
interface Vlanif33
ip address 172.16.33.2 255.255.255.252
#
interface Vlanif34
ip address 30.0.0.2 255.255.255.252
#
interface Vlanif700
ip address 192.168.70.252 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.70.254
#
interface Vlanif800
vrrp vrid 2 virtual-ip 192.168.80.254
vrrp vrid 2 priority 120
vrrp vrid 2 preempt-mode timer delay 15
vrrp vrid 2 track interface Vlanif32 reduced 30
vrrp vrid 2 track interface Vlanif33 reduced 30
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 700
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 34
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 32
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 33
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 800
#
ospf 1 router-id 32.32.32.32
area 0.0.0.0
network 172.16.32.2 0.0.0.0
network 172.16.33.2 0.0.0.0
network 30.0.0.2 0.0.0.0
area 0.0.0.30
network 192.168.70.0 0.0.0.255
network 192.168.80.0 0.0.0.255
#
核心交换区
S12708-核心-1:
sysname core-1
#
vlan batch 10 20 30 32 40 42 50 52 60 62
vlan batch 71 81 88
#
stp instance 1 root primary
stp instance 2 root secondary
stp instance 3 root primary
stp instance 4 root secondary
#
lacp priority 0
#
stp region-configuration
region-name core
instance 1 vlan 10 20 30 32 40 42 50
instance 2 vlan 21 31 33 41 43 51
instance 3 vlan 52 60 62 81 88
instance 4 vlan 53 61 63 71 82
active region-configuration
#
interface Vlanif10
ip address 172.16.10.1 255.255.255.252
#
interface Vlanif20
ip address 172.16.20.1 255.255.255.252
#
interface Vlanif30
ip address 172.16.30.1 255.255.255.252
#
interface Vlanif32
ip address 172.16.32.1 255.255.255.252
#
interface Vlanif40
ip address 172.16.40.1 255.255.255.252
#
interface Vlanif42
ip address 172.16.42.1 255.255.255.252
#
interface Vlanif50
ip address 172.16.50.1 255.255.255.252
#
interface Vlanif52
ip address 172.16.52.1 255.255.255.252
#
interface Vlanif60
ip address 172.16.60.1 255.255.255.252
#
interface Vlanif62
ip address 172.16.62.1 255.255.255.252
#
interface Vlanif71
ip address 172.16.71.1 255.255.255.252
#
interface Vlanif81
ip address 172.16.81.1 255.255.255.252
#
interface Vlanif88
ip address 10.0.0.1 255.255.255.252
#
interface Eth-Trunk1
port link-type access
port default vlan 88
mode lacp-static
lacp preempt enable
max active-linknumber 2
lacp preempt delay 15
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
eth-trunk 1
lacp priority 60000
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 81
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 30
#
interface GigabitEthernet0/0/8
port link-type access
port default vlan 32
#
interface GigabitEthernet0/0/9
port link-type access
port default vlan 40
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 42
#
interface GigabitEthernet0/0/11
port link-type access
port default vlan 50
#
interface GigabitEthernet0/0/12
port link-type access
port default vlan 52
#
interface GigabitEthernet0/0/13
port link-type access
port default vlan 60
#
interface GigabitEthernet0/0/14
port link-type access
port default vlan 62
#
interface GigabitEthernet0/0/15
port link-type access
port default vlan 71
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 10.0.0.1 0.0.0.0
network 172.16.71.1 0.0.0.0
network 172.16.62.1 0.0.0.0
network 172.16.60.1 0.0.0.0
network 172.16.52.1 0.0.0.0
network 172.16.50.1 0.0.0.0
network 172.16.42.1 0.0.0.0
network 172.16.40.1 0.0.0.0
network 172.16.32.1 0.0.0.0
network 172.16.30.1 0.0.0.0
network 172.16.20.1 0.0.0.0
network 172.16.10.1 0.0.0.0
network 172.16.81.1 0.0.0.0
#
S12708-核心-2:
sysname core-2
#
undo info-center enable
#
vlan batch 10 20 to 21 30 to 31 33 40 to 41 43
50 to 51 53 60 to 61 63
vlan batch 70 72 80 82 88
#
stp instance 1 root secondary
stp instance 2 root primary
stp instance 3 root secondary
stp instance 4 root primary
#
stp region-configuration
region-name core
instance 1 vlan 10 20 30 32 40 42 50
instance 2 vlan 21 31 33 41 43 51
instance 3 vlan 52 60 62 81 88
instance 4 vlan 53 61 63 71 82
active region-configuration
#
interface Vlanif21
ip address 172.16.21.1 255.255.255.252
#
interface Vlanif31
ip address 172.16.31.1 255.255.255.252
#
interface Vlanif33
ip address 172.16.33.1 255.255.255.252
#
interface Vlanif41
ip address 172.16.41.1 255.255.255.252
#
interface Vlanif43
ip address 172.16.43.1 255.255.255.252
#
interface Vlanif51
ip address 172.16.51.1 255.255.255.252
#
interface Vlanif53
ip address 172.16.53.1 255.255.255.252
#
interface Vlanif61
ip address 172.16.61.1 255.255.255.252
#
interface Vlanif63
ip address 172.16.63.1 255.255.255.252
#
interface Vlanif72
ip address 172.16.72.1 255.255.255.252
#
interface Vlanif82
ip address 172.16.82.1 255.255.255.252
#
interface Vlanif88
ip address 10.0.0.2 255.255.255.252
#
interface Eth-Trunk1
port link-type access
port default vlan 88
mode lacp-static
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 82
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 31
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 33
#
interface GigabitEthernet0/0/8
port link-type access
port default vlan 43
#
interface GigabitEthernet0/0/9
port link-type access
port default vlan 41
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 51
#
interface GigabitEthernet0/0/11
port link-type access
port default vlan 53
#
interface GigabitEthernet0/0/12
port link-type access
port default vlan 63
#
interface GigabitEthernet0/0/13
port link-type access
port default vlan 61
#
interface GigabitEthernet0/0/14
port link-type access
port default vlan 72
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 10.0.0.2 0.0.0.0
network 172.16.21.1 0.0.0.0
network 172.16.31.1 0.0.0.0
network 172.16.33.1 0.0.0.0
network 172.16.41.1 0.0.0.0
network 172.16.43.1 0.0.0.0
network 172.16.51.1 0.0.0.0
network 172.16.53.1 0.0.0.0
network 172.16.61.1 0.0.0.0
network 172.16.63.1 0.0.0.0
network 172.16.72.1 0.0.0.0
network 172.16.82.1 0.0.0.0
#
广域网接入区
外部路由器:
sysname outside
#
undo info-center enable
#
interface Ethernet0/0/0
ip address 202.101.97.2 255.255.255.0
#
interface LoopBack0
ip address 192.168.200.1 255.255.255.0
#
bgp 65005
peer 202.101.97.1 as-number 65001
#
ipv4-family unicast
undo synchronization
network 192.168.200.0
peer 202.101.97.1 enable
#
ip route-static 0.0.0.0 0.0.0.0 202.101.97.1
#
S5700-下联:
sysname xialian-S5700
#
undo info-center enable
#
vlan batch 1000
#
interface Ethernet0/0/1
port link-type access
port default vlan 1000
#
interface Ethernet0/0/2
port link-type access
port default vlan 1000
#
interface Ethernet0/0/3
port link-type access
port default vlan 1000
#
NE40-X3-下联-1:
sysname xialian-NE40-X3-1
#
acl number 3000
rule 5 permit icmp destination 192.168.70.0 0.0.0.255
rule 6 permit icmp destination 192.168.40.0 0.0.0.255
rule 7 permit icmp destination 172.16.10.2 0.0.0.0
rule 10 permit icmp destination 192.168.80.0 0.0.0.255
rule 15 deny icmp
#
interface GigabitEthernet0/0/0
ip address 192.168.183.11 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.183.1
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 15
vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 30
vrrp vrid 1 track interface GigabitEthernet0/0/2 reduced 30
traffic-filter inbound acl 3000
#
interface GigabitEthernet0/0/1
ip address 172.16.60.2 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 172.16.61.2 255.255.255.252
#
ospf 1 router-id 61.61.61.61
area 0.0.0.0
network 172.16.60.2 0.0.0.0
network 172.16.61.2 0.0.0.0
area 0.0.0.60
network 192.168.183.0 0.0.0.255
nssa no-summary
#
NE40-X3-下联-2:
sysname xialian-NE40-X3-2
#
acl number 3000
rule 5 permit icmp destination 192.168.70.0 0.0.0.255
rule 6 permit icmp destination 192.168.40.0 0.0.0.255
rule 10 permit icmp destination 192.168.80.0 0.0.0.255
rule 15 deny icmp
#
interface GigabitEthernet0/0/0
ip address 192.168.183.22 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.183.1
traffic-filter inbound acl 3000
#
interface GigabitEthernet0/0/1
ip address 172.16.63.2 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 172.16.62.2 255.255.255.252
#
interface NULL0
#
ospf 1 router-id 62.62.62.62
area 0.0.0.0
network 172.16.62.2 0.0.0.0
network 172.16.63.2 0.0.0.0
area 0.0.0.60
network 192.168.183.0 0.0.0.255
nssa no-summary
#
NE40-X3-下联-3:
sysname xialian-NE40-X3-3
#
undo info-center enable
#
acl number 2000
rule 5 permit source 192.168.200.0 0.0.0.255
#
interface Ethernet0/0/0
ip address 192.168.183.2 255.255.255.0
#
interface Ethernet0/0/1
ip address 202.101.97.1 255.255.255.0
#
bgp 65001
peer 202.101.97.2 as-number 65005
#
ipv4-family unicast
undo synchronization
peer 202.101.97.2 enable
#
ospf 1 router-id 63.63.63.63
import-route bgp route-policy xialian
area 0.0.0.60
network 192.168.183.0 0.0.0.255
nssa
#
route-policy xialian permit node 10
if-match acl 2000
#
标签:脚本,二级,支行,172.16,0.0,vlan,ip,interface,port 来源: https://blog.csdn.net/qq_37633855/article/details/117603255