环境介绍
三层楼
12楼   4台二层交换机,4个摄像头,2个无线AP,一个门禁
11楼   一台路由器,一台三层交换机,四台二层交换机,4个摄像头,2个无线AP,一个门禁,4台服务器,两台光纤交换机,一台SAN存储,一台上网行为管理,
10楼    4台二层交换机,4个摄像头,2个无线AP,一个门禁
注:服务器 LENOVO ThinkServer RD440
       路由器 HUAWEI  S5700 V200R003C00SPC300
       交换机 HUAWEI  S5700 V200R003C00SPC300   24个千兆以太接口

目的
保证各自自动获取ip地址,并且实现广播隔离,内外网可以通讯

网络规划

1.网络拓扑


2.网段划分

楼层网段(12)           VLAN12     IP:     192.168.12.0/24
楼层网段(12)           VLAN11     IP:     192.168.11.0/24
楼层网段(12)           VLAN10     IP:     192.168.10.0/24

服务器网段                   VLAN18     IP :    192.168.18.0/24

虚拟桌面网段                VLAN16     IP:     192.168.16.0/24

网络设备网段                VLAN8       IP:     192.168.8.0/24

路由器段                       VLAN6       IP:     192.168.6.0/24

无线                              VLAN11     IP:     192.168.9.0/24

各网段网关均为192.168.*.254

每层第一个交换机的23,24配置为无线access模式、
                               19,20,21,22为摄像头为access模式
每个交换机的第一个接口配置为级联口                                

vlan1作为每个交换机的管理接口





3.网络配置

路由器配置











==================================================================================

三层交换机配置
基本用户配置
<>sys
[]sysname HX-Switch
[HX-Switch]user-interface vty 0 4
[HX-Switch-vty0-4]authencation-mode aaa
[HX-Switch-vty0-4]aaa
[HX-Switch-aaa]
[HX-Switch-aaa]local-user pxtadmin password cipher xxx
[HX-Switch-aaa]local-user pxtadmin privilege level 5
[HX-Switch-aaa]local-user pxtadmin service-type  telnet terminal ssh http
[HX-Switch-aaa]quit 
[HX-Switch]telnet server enable    开启telnet服务


ip管理
[HX-Switch]interface vlanf 1
[HX-Switch]ip address 192.168.16.253  255.255.255.0


划分及配置vlan网关及开启dhcp
[HX-Switch]interface vlanif6
                    ip address 192.168.6.254 255.255.255.0
                    dhcp select interface
                    dhcp server excluded-ip-address 192.168.6.180 192.168.6.253
                    dhcp server dns-list 192.168.8.1 192.168.18.2

[HX-Switch]interface vlanif8
                    ip address 192.168.8.254 255.255.255.0
                    dhcp select interface 
                    dhcp server excluded-ip-address 192.168.8.1 192.168.8.100
                    dhcp server excluded-ip-address 192.168.8.180 192.168.8.254
                    dhcp server dns-list 192.168.8.1 192.168.18.2

[HX-Switch]interface vlanif9
                    ip address 192.168.9.254 255.255.255.0
                    dhcp select interface
                    dhcp server excluded-ip-address 192.168.9.1240 192.168.9.254
                    dhcp server dns-list 192.168.8.1 192.168.18.2

[HX-Switch]interface vlanif10
                    ip address 192.168.6.254 255.255.255.0
                    dhcp select interface
                    dhcp server excluded-ip-address 192.168.10.240 192.168.10.253
                    dhcp server dns-list 192.168.8.1 192.168.18.2

[HX-Switch]interface vlanif11
                    ip address 192.168.11.254 255.255.255.0
                    dhcp select interface
                    dhcp server excluded-ip-address 192.168.11.240 192.168.11.248
                     dhcp server excluded-ip-address 192.168.11.250 192.168.11.253
                    dhcp server dns-list 192.168.8.1 192.168.18.2

[HX-Switch]interface vlanif12
                    ip address 192.168.12.254 255.255.255.0
                    dhcp select interface
                    dhcp server excluded-ip-address 192.168.12.240 192.168.12.248
                    dhcp server excluded-ip-address 192.168.12.250 192.168.12.253
                    dhcp server dns-list 192.168.8.1 192.168.18.2

[HX-Switch]interface vlanif18
                    ip address 192.168.18.254 255.255.255.0
   
[HX-Switch]interface vlanif110
                    ip address 192.168.110.254 255.255.255.0
                    dhcp select interface
                    dhcp server excluded-ip-address 192.168.110.240 192.168.110.248
                     dhcp server excluded-ip-address 192.168.110.250 192.168.6.253
                    dhcp server dns-list 202.96.134.133 8.8.8.8

interface MEth0/0/1


接口配置
interface GigabitEhternet0/0/1
port link-type access
port default vlan 6

interface GigabitEhternet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEhternet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEhternet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEhternet0/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEhternet0/0/6
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEhternet0/0/7
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEhternet0/0/8
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEhternet0/0/9
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEhternet0/0/10
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEhternet0/0/11
port link-type access
port default vlan 18

interface GigabitEhternet0/0/12
port link-type access
port default vlan 8

interface GigabitEhternet0/0/13
port link-type access
port default vlan 8

interface GigabitEhternet0/0/14
port link-type access
port default vlan 8

interface GigabitEhternet0/0/15
port link-type access
port default vlan 8

interface GigabitEhternet0/0/16
port link-type access
port default vlan 8

interface GigabitEhternet0/0/17
port link-type access
port default vlan 8

interface GigabitEhternet0/0/18
port link-type access
port default vlan 8

interface GigabitEhternet0/0/19
port link-type access
port default vlan 8

interface GigabitEhternet0/0/20
port link-type access
port default vlan 8

interface GigabitEhternet0/0/21
port link-type access
port default vlan 18

interface GigabitEhternet0/0/22
port link-type access
port default vlan 18

interface GigabitEhternet0/0/23
port link-type access
port default vlan 6

interface GigabitEhternet0/0/24
port link-type access
port default vlan 6


dhcp server group 12
gateway 192.168.12.254


  

interface vlanif1
ip address 192.168.6.254 255.255.255.0
dhcp select interface
dhcp server exclude-ip-address 192.168.6.180 192.168.6.253
dhcp server dns-list 192.168.18.2 192.168.8.1



=================================================================================================







二层交换机
12楼配置
S1201:
配置用户远程登陆密码及3A认证
<>sys     进入全局配置模式
[S1201]sysname xxx     给交换机命名
[S1201]user-interface vty 0 4   配置vty虚拟远程登陆端口
[S1201-ui-vty0-4] authentication-mode aaa  配置认证模式为3A认证
[S1201-ui-vty0-4] aaa      进入3A认证模式
[S1201-aaa] local-user pxtadmin password cipher  xxxxx     添加用户
[S1201-aaa]local-user pxtadmin privilege level 15  为用户设置权限等级
[S1201-aaa]local-user pxtadmin service-type telnet terminal ssh http 允许远程登陆的服务类型
[S1201-aaa]quit   推出aaa模式
[S1201]telnet server enable    开启telnet服务


配置管理ip
[S1201] interface vlanf 1    进入vlan 1 接口
[S1201]ip address 192.168.16.121  255.255.255.0

配置vlan
trunk模式(接交换机)
[S1201]interface g0/0/1    
[S1201-GigabitEthernet0/0/1]port link-type trunk    配置接口类型为trunk
[S1201-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 to 4094   允许vlan2到vlan4094通过

access模式(主机接入)
[S1201]vlan 12     添加vlan 12
[S1201-vlan10]quit
[S1201]interface g0/0/2
[S1201-GigabitEthernet0/0/2]port link-type access     接口模式为access
[S1201-GigabitEthernet0/0/2]port default vlan 12      接口加入到vlan10

wireless-user
[S1201]vlan 9  添加vlan 9
[S1201-vlan9] quit
[S1201]interface g0/0/23
[S1201-GigabitEthernet0/0/23]port link-type trunk 
[S1201-GigabitEthernet0/0/23]port trunk allow-pass vlan 2 to 4094

wireless-admin
[S1201]vlan 110  添加vlan110
[S1201-vlan110] quit
[S1201]interface g0/0/24
[S1201-GigabitEthernet0/0/24]port link-type trunk 
[S1201-GigabitEthernet0/0/24]port trunk allow-pass vlan 2 to 4094

monitor




配置静态路由
[S1201]ip route-static 0.0.0.0 0.0.0.0 192.168.16.253  配置默认路由