1，搭建网络拓扑图

LSW1:三层交换机命令：

<Huawei>sys

[Huawei]undo info-center enable

Info: Information center is disabled.

[Huawei]vlan batch 10 20 30 40 100 101

[Huawei]int vlan 10

[Huawei-Vlanif10]ip add 192.168.10.254 24  给vlan10配置网关

[Huawei-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.252  虚拟网关

[Huawei-Vlanif10]vrrp vrid 10 priority 120  指定当前设备的 VRRP 优先级

[Huawei-Vlanif10]vrrp vrid 10 track interface g0/0/1  配置接口跟踪

[Huawei-Vlanif10]vrrp vrid 10 track interface g0/0/3

[Huawei-Vlanif10]quit

[Huawei]int vlan 20

[Huawei-Vlanif20]ip add 192.168.20.254 24

[Huawei-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.252

[Huawei-Vlanif20]vrrp vrid 20 priority 120

[Huawei-Vlanif20]vrrp vrid 20 track interface g0/0/1

[Huawei-Vlanif20]vrrp vrid 20 track interface g0/0/3

[Huawei]int vlan 30

[Huawei-Vlanif30]ip add 192.168.30.254 24

[Huawei-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.252

[Huawei-Vlanif30]vrrp vrid 30 track interface g0/0/1

[Huawei-Vlanif30]vrrp vrid 30 track interface g0/0/3

[Huawei]int vlan 40

[Huawei-Vlanif40]ip add 192.168.40.254 24

[Huawei-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.252

[Huawei-Vlanif40]vrrp vrid 40 track interface g0/0/1

[Huawei-Vlanif40]vrrp vrid 40 track interface g0/0/3

[Huawei-Vlanif40]int vlan 100

[Huawei-Vlanif100]ip add 192.168.100.254 24

[Huawei-Vlanif100]undo shutdown

Info: Interface Vlanif100 is not shutdown.

[Huawei-Vlanif100]qu

[Huawei]vlan batch 5 7   创建vlan5和vlan7应用于上面的5网段和7网段

[Huawei]int vlan 5

[Huawei-Vlanif5]ip add 192.168.5.2 24

[Huawei-Vlanif5]int vlan 7

[Huawei-Vlanif7]ip add 192.168.7.2 24

[Huawei]int g0/0/1

[Huawei-GigabitEthernet0/0/1]port link-type access

[Huawei-GigabitEthernet0/0/1]port default vlan 5

[Huawei-GigabitEthernet0/0/1]int g0/0/3

[Huawei-GigabitEthernet0/0/3]port link-type access

[Huawei-GigabitEthernet0/0/3]port default vlan 7

[Huawei-GigabitEthernet0/0/3]qu

[Huawei]int Eth-Trunk 1

[Huawei-Eth-Trunk1]port link-type trunk   设Eth-Trunk 1 上的端口为 Trunk 端口

[Huawei-Eth-Trunk1]port trunk allow-pass vlan all

[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/2

[Huawei-Eth-Trunk1]trunkport GigabitEthernet 0/0/7

[Huawei-Eth-Trunk1]dis this

#

interface Eth-Trunk1

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

#

return

[Huawei-Eth-Trunk1]qui

[Huawei]dis eth-trunk 1

Eth-Trunk1's state information is:

WorkingMode: NORMAL         Hash arithmetic: According to SIP-XOR-DIP        

Least Active-linknumber: 1  Max Bandwidth-affected-linknumber: 8             

Operate status: up          Number Of Up Port In Trunk: 2                    

--------------------------------------------------------------------------------

PortName                      Status      Weight

GigabitEthernet0/0/2          Up          1               确保都处于开启状态

GigabitEthernet0/0/7          Up          1     

以下命令是将此交换机上的其余端口都配置为trunk

[Huawei]interface GigabitEthernet 0/0/5

[Huawei-GigabitEthernet0/0/5]port link-type trunk

[Huawei-GigabitEthernet0/0/5]port trunk allow-pass vlan all

[Huawei-GigabitEthernet0/0/5]interface GigabitEthernet 0/0/6

[Huawei-GigabitEthernet0/0/6]port link-type trunk

[Huawei-GigabitEthernet0/0/6]port trunk allow-pass vlan all

[Huawei-GigabitEthernet0/0/6]interface GigabitEthernet 0/0/9

[Huawei-GigabitEthernet0/0/9]port link-type trunk

[Huawei-GigabitEthernet0/0/9]port trunk allow-pass vlan all

[Huawei-GigabitEthernet0/0/9]interface GigabitEthernet 0/0/12

[Huawei-GigabitEthernet0/0/12]port link-type trunk

[Huawei-GigabitEthernet0/0/12]port trunk allow-pass vlan all

[Huawei-GigabitEthernet0/0/12]interface GigabitEthernet 0/0/8

[Huawei-GigabitEthernet0/0/8]port link-type trunk

[Huawei-GigabitEthernet0/0/8]port trunk pvid vlan 101

[Huawei-GigabitEthernet0/0/8]port trunk allow-pass vlan all

[Huawei]stp enable

[Huawei]stp region-configuration

[Huawei-mst-region]region-name huawei   MST 区域设置一个名称huawei

[Huawei-mst-region]revision-level 5

[Huawei-mst-region]instance 1 vlan 10 20 100

[Huawei-mst-region]instance 2 vlan 30 40

[Huawei-mst-region]active region-configuration 启用

[Huawei]stp instance 1 root primary

[Huawei]stp instance 2 root secondary

undo info-center enable

是一条 Huawei 设备命令，用于关闭设备的信息中心功能。当 undo info-center enable 命令被执行时，信息中心功能将被关闭，设备将不再记录和输出任何日志信息。这条命令通常被用于调试和测试过程中，或者在不需要进行日志记录的情况下，关闭信息中心以减少设备的负载和消耗。

virtual-ip 192.168.10.252

表示设置 VRRP 虚拟 IP 地址为 192.168.10.252。VRRP 虚拟 IP 地址是一组 VRRP 路由器共享的 IP 地址，用于作为默认网关向外提供服务，客户端设备可以将该 IP 地址配置为其默认网关。

vrrp vrid 10 virtual-ip 192.168.10.252

命令的作用是将当前设备配置为一组 VRRP 路由器中的一员，虚拟路由器 ID 为 10，共享的虚拟 IP 地址为 192.168.10.252，并通过 VRRP 协议与其他 VRRP 路由器实现状态同步和故障转移。

vrrp vrid 10：

指定 VRRP 的虚拟路由器 ID，该 ID 必须在 1 到 255 的范围内。

priority 120：

指定当前设备的 VRRP 优先级。VRRP 的优先级越高，那么当前设备就越有可能成为虚拟路由器的主机。该参数的取值范围为 1 到 254，默认值为 100。

vrrp vrid 10：

指定 VRRP 的虚拟路由器 ID，该 ID 必须在 1 到 255 的范围内。

vrrp vrid 10 track interface g0/0/1

该命令的含义是将 g0/0/1 接口添加到 VRRP 跟踪列表中，如果该接口出现故障，那么当前设备的 VRRP 优先级将降低，从而减少其成为虚拟路由器主机的概率。

[Huawei-Vlanif100]undo shutdown

这条命令是华为交换机的命令，意思是取消对VLAN 100的禁用，使其启用。根据输出信息，命令执行成功，表示该接口已经被启用。

[Huawei-GigabitEthernet0/0/1]port link-type access

表示将 GigabitEthernet0/0/1 端口配置为接入端口，即连接的设备为终端设备，而非交换机、路由器等网络设备。在 access 模式下，该端口只能加入一个 VLAN，不能对数据进行 VLAN 标记。即使 GigabitEthernet0/0/1 端口上连接的是路由器，执行 port link-type access 命令也会将该端口配置为接入端口。在 access 模式下，该端口只能加入一个 VLAN，不能对数据进行 VLAN 标记。虽然路由器通常被认为是网络设备，但连接到交换机上的接口通常被配置为 access 模式，以便将其连接到特定的 VLAN。

[Huawei-GigabitEthernet0/0/1]port default vlan 5

表示将 GigabitEthernet0/0/1 端口的默认 VLAN ID 设置为 5。默认 VLAN ID 是指当该端口接收到的数据没有 VLAN 标记时所属的 VLAN ID，也称为 PVID（Port VLAN ID）。通过该命令可以将接入该端口的终端设备归属到 VLAN 5。

[Huawei]int Eth-Trunk 1

这条命令是进入交换机上的聚合接口 Eth-Trunk 1 的配置模式。聚合接口（或称汇聚接口）是将多个物理接口绑定为一个逻辑接口来实现增加带宽、提高可靠性和实现负载均衡的技术。通过聚合接口，可以将多个物理接口合成一个逻辑接口，使其能够承载更多的数据流量， Trunk的名字是可以自己定义的。

[Huawei-Eth-Trunk1]port link-type trunk

 设置 Eth-Trunk 1 上的端口为 Trunk 端口

[Huawei-Eth-Trunk1]port trunk allow-pass vlan all

该命令的作用是将所有的VLAN都允许通过Eth-Trunk1。

[Huawei]dis eth-trunk 1

这个命令输出的是华为交换机中Eth-Trunk 1的状态信息，其中包括工作模式，哈希算法，最小活跃链路数，最大带宽影响链路数，操作状态，当前聚合组中的端口数量，以及每个端口的状态、权重等信息。从输出结果可以看出，Eth-Trunk1目前的操作状态为“up”，当前聚合组中有两个端口（GigabitEthernet0/0/2和GigabitEthernet0/0/7），它们的状态都为“up”。

[Huawei-GigabitEthernet0/0/8]port trunk pvid vlan 101   

这条命令是将端口GigabitEthernet0/0/8的PVID（Port VLAN ID）设置为101，表示该端口接收和发送未打上VLAN标签的数据包都属于VLAN 101。如果该端口接收到打上VLAN标签的数据包，则会按照标签的VLAN ID进行处理。

[Huawei]stp enable 

该命令用于在交换机上启用STP (Spanning Tree Protocol)功能，STP可以防止网络中的环路，保证网络的可靠性和稳定性。当STP被启用后，交换机会进行选举，选出根交换机，然后建立树形拓扑结构，剩下的交换机将根据其距离根交换机的远近决定其在树形拓扑结构中的位置。

[Huawei]stp region-configuration

是在华为设备上用于配置区域参数的命令。在基于Spanning Tree协议的网络中，设备需要配置相同的区域参数才能相互通信。区域参数包括区域名称和区域优先级。使用此命令可以配置区域名称和区域优先级。

[Huawei-mst-region]revision-level 5

为 MST 区域设置一个修订级别，取值范围为 0 到 63，这里设置为 5。

instance 1 vlan 10 20 100：

配置 MST 区域的实例 1，以及属于实例 1 的 VLAN，这里设置为 VLAN 10、20、100。

MST 技术是一种可以将多个 VLAN 映射到一个或多个实例的 STP 实现，它允许对单个实例使用单一的根桥和拓扑，从而简化网络的维护和管理。在 MST 中，可以将多个 VLAN 分配到同一个实例，而不是像传统 STP 那样，每个 VLAN 都对应一个单独的 STP 实例。这些实例组成 MST 区域，并在 MST 区域内运行 MST 协议，用来计算网络中的冗余路径，确保网络的高可靠性和快速收敛。

stp instance 1 root primary

该命令将 STP 实例 1 的优先级设为最高，即优先级值为 0。这意味着该交换机将成为 STP 实例 1 的根交换机。

LSW2配置：

<Huawei>sys

[Huawei]undo inf enable

Info: Information center is disabled.

[Huawei]sys cor2

[cor2]vlan batch 10 20 30 40 100 101 6 8

[cor2]int vlan 10

[cor2-Vlanif10]ip add 192.168.10.254 24

[cor2-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.252

[cor2-Vlanif10]vrrp vrid 10 track interface g0/0/3

[cor2-Vlanif10]vrrp vrid 10 track interface g0/0/2

[cor2-Vlanif10]int vlan 20

[cor2-Vlanif20]ip add 192.168.20.254 24

[cor2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.252

[cor2-Vlanif20]vrrp vrid 20 track interface g0/0/3

[cor2-Vlanif20]vrrp vrid 20 track interface g0/0/2

[cor2-Vlanif20]int vlan 30

[cor2-Vlanif30]ip add 192.168.30.254 24

[cor2-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.252

[cor2-Vlanif30]vrrp vrid 30 track interface g0/0/2

[cor2-Vlanif30]vrrp vrid 30 track interface g0/0/3

[cor2-Vlanif30]vrrp vrid 30 priority 120

[cor2-Vlanif30]int vlan 40

[cor2-Vlanif40]ip add 192.168.40.254 24

[cor2-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.252

[cor2-Vlanif40]vrrp vrid 40 track interface g0/0/3

[cor2-Vlanif40]vrrp vrid 40 track interface g0/0/2

[cor2-Vlanif40]vrrp vrid 40 priority 120

[cor2-Vlanif30]int vl 6

[cor2-Vlanif6]ip add 192.168.6.2 24

[cor2-Vlanif6]int vl 8

[cor2-Vlanif8]ip add 192.168.8.2 24

[cor2-Vlanif8]qu

[cor2]int g0/0/2

[cor2-GigabitEthernet0/0/2]port link-type access

[cor2-GigabitEthernet0/0/2]port default vlan 8

[cor2-GigabitEthernet0/0/2]int g0/0/3

[cor2-GigabitEthernet0/0/3]port link-type access

[cor2-GigabitEthernet0/0/3]port default vlan 6

[cor2-GigabitEthernet0/0/3]qu

[cor2]int Eth-Trunk 1

[cor2-Eth-Trunk1]port link-type trunk

[cor2-Eth-Trunk1]port trunk allow-pass vlan all

[cor2-Eth-Trunk1]trunkport GigabitEthernet 0/0/1

[cor2-Eth-Trunk1]trunkport GigabitEthernet 0/0/7

[cor2-Eth-Trunk1]qu

[cor2]dis eth-trunk

Eth-Trunk1's state information is:

WorkingMode: NORMAL         Hash arithmetic: According to SIP-XOR-DIP        

Least Active-linknumber: 1  Max Bandwidth-affected-linknumber: 8             

Operate status: up          Number Of Up Port In Trunk: 2                    

---------------------------------------------------------------------------

PortName                      Status      Weight

GigabitEthernet0/0/1          Up          1     

GigabitEthernet0/0/7          Up          1     

[cor2]int g0/0/8

[cor2-GigabitEthernet0/0/8]port link-type trunk

[cor2-GigabitEthernet0/0/8]port trunk allow-pass vlan all

[cor2-GigabitEthernet0/0/8]int g0/0/9

[cor2-GigabitEthernet0/0/9]port link-type trunk

[cor2-GigabitEthernet0/0/9]port trunk allow-pass vlan all

[cor2-GigabitEthernet0/0/9]int g0/0/10

[cor2-GigabitEthernet0/0/10]port link-type trunk

[cor2-GigabitEthernet0/0/10]port trunk allow-pass vlan all

[cor2-GigabitEthernet0/0/10]int g0/0/4

[cor2-GigabitEthernet0/0/4]port link-type trunk

[cor2-GigabitEthernet0/0/4]port trunk allow-pass vlan all

[cor2-GigabitEthernet0/0/4]qu

[cor2]stp enable

[cor2]stp region-configuration

[cor2-mst-region]revision-level 5

[cor2-mst-region]instance 2 vlan 30 40

[cor2-mst-region]instance 1 vlan 10 20 100

[cor2-mst-region]active region-configuration

[cor2-mst-region]dis this

#

stp region-configuration

 revision-level 5

 instance 1 vlan 10 20 100

 instance 2 vlan 30 40

 active region-configuration

#

return

[cor2-mst-region]qu

[cor2]stp instance 1 root secondary  

[cor2]stp instance 2 root primary

LSW3配置

[Huawei]undo info-center enable

Info: Information center is disabled.

[Huawei]sysname lsw3

[lsw3]vlan batch 10 20 30 40 100 101

[lsw3]stp enable

[lsw3]stp region-configuration

[lsw3-mst-region]region-name huawei

[lsw3-mst-region]revision-level 5

[lsw3-mst-region]instance 1 vlan 10 20 100

[lsw3-mst-region]instance 2 vlan 30 40

[lsw3-mst-region]active region-configuration

[lsw3]int e0/0/3  

[lsw3-Ethernet0/0/3]port link-type access

[lsw3-Ethernet0/0/3]port default vlan 10

[lsw3-Ethernet0/0/3]int e0/0/4

[lsw3-Ethernet0/0/4]port link-type access

[lsw3-Ethernet0/0/4]port default vlan 10

[lsw3-Ethernet0/0/4]int e0/0/1

[lsw3-Ethernet0/0/1]port link-type trunk

[lsw3-Ethernet0/0/1]port trunk allow-pass vlan all

[lsw3-Ethernet0/0/1]int e0/0/2

[lsw3-Ethernet0/0/2]port link-type trunk

[lsw3-Ethernet0/0/2]port trunk allow-pass vlan all

[lsw3-GigabitEthernet0/0/1]qu

[lsw3]qu

<lsw3>save

The current configuration will be written to the device.

Are you sure to continue?[Y/N]y

Info: Please input the file name ( *.cfg, *.zip ) [vrpcfg.zip]:lcy3.zip

Now saving the current configuration to the slot 0.

Save the configuration successfully.

LSW4配置

<Huawei>sys

Enter system view, return user view with Ctrl+Z. 

[Huawei]undo info-center enable

Info: Information center is disabled.

[Huawei]sys lsw4

[lsw4]vlan batch 10 20 30 40 100 101

Info: This operation may take a few seconds. Please wait for a moment...done.

[lsw4]stp enable

[lsw4]stp region-configuration

[lsw4-mst-region]region-name huawei

[lsw4-mst-region]revision-level 5

[lsw4-mst-region]instance 1 vlan 10 20 100

[lsw4-mst-region]instance 2 vlan 30 40

[lsw4-mst-region]active region-configuration

[lsw4-mst-region]dis this

#

stp region-configuration

 region-name huawei

 revision-level 5

 instance 1 vlan 10 20 100

 instance 2 vlan 30 40

 active region-configuration

#

return

[lsw4-mst-region]int e0/0/1

[lsw4-Ethernet0/0/1]port link-type trunk

[lsw4-Ethernet0/0/1]port trunk allow-pass vlan all

[lsw4-Ethernet0/0/1]int e0/0/2

[lsw4-Ethernet0/0/2]port link-type trunk

[lsw4-Ethernet0/0/2]port trunk allow-pass vlan all

[lsw4-Ethernet0/0/2]int e0/0/3

[lsw4-Ethernet0/0/3]port link-type access

[lsw4-Ethernet0/0/3]port default vlan 20

[lsw4-Ethernet0/0/3]int e0/0/4

[lsw4-Ethernet0/0/4]port link-type access

[lsw4-Ethernet0/0/4]port default vlan 20

LSW5配置

<Huawei>sys

Enter system view, return user view with Ctrl+Z.

[Huawei]undo info-center enable

Info: Information center is disabled.

[Huawei]sys LSW5

[LSW5]vlan batch 10 20 30 40 100 101

Info: This operation may take a few seconds. Please wait for a moment...done.

[LSW5]stp enable

[LSW5]stp region-configuration

[LSW5-mst-region]region-name huawei

[LSW5-mst-region]revision-level 5

[LSW5-mst-region]instance 1 vlan 10 20 100

[LSW5-mst-region]instance 2 vlan 30 40

[LSW5-mst-region]active region-configuration

[LSW5-mst-region]int e0/0/1

[LSW5-Ethernet0/0/1]port link-type trunk

[LSW5-Ethernet0/0/1]port trunk allow-pass vlan all

[LSW5-Ethernet0/0/1]int e0/0/2

[LSW5-Ethernet0/0/2]port link-type trunk

[LSW5-Ethernet0/0/2]port trunk allow-pass vlan all

[LSW5-Ethernet0/0/2]int e0/0/3

[LSW5-Ethernet0/0/3]port link-type access

[LSW5-Ethernet0/0/3]port default vlan 30

[LSW5-Ethernet0/0/3]int e0/0/4

[LSW5-Ethernet0/0/4]port link-type access

[LSW5-Ethernet0/0/4]port default vlan 30

LSW6配置

<Huawei>sys

Enter system view, return user view with Ctrl+Z.

[Huawei]undo info-center enable

Info: Information center is disabled.

[Huawei]sys LSW6

[LSW6]vlan batch 10 20 30 40 100 101

Info: This operation may take a few seconds. Please wait for a moment...done.

[LSW6]stp enable

[LSW6]stp region-configuration

[LSW6-mst-region]region-name huawei

[LSW6-mst-region]revision-level 5

[LSW6-mst-region]instance 1 vlan 10 20 100

[LSW6-mst-region]instance 2 vlan 30 40

[LSW6-mst-region]active region-configuration

Info: This operation may take a few seconds. Please wait for a moment...done.

[LSW6-mst-region]int e0/0/1

[LSW6-Ethernet0/0/1]port link-type trunk

[LSW6-Ethernet0/0/1]port trunk allow-pass vlan all

[LSW6-Ethernet0/0/1]int e0/0/2

[LSW6-Ethernet0/0/2]port link-type trunk

[LSW6-Ethernet0/0/2]port trunk allow-pass vlan all

[LSW6-Ethernet0/0/2]int e0/0/3

[LSW6-Ethernet0/0/3]port link-type access

[LSW6-Ethernet0/0/3]port default vlan 40

[LSW6-Ethernet0/0/3]int e0/0/4

[LSW6-Ethernet0/0/4]port link-type access

[LSW6-Ethernet0/0/4]port default vlan 40

AC1配置

[AC1]vlan batch 100 101

[AC1]int vlan 100

[AC1-vlan100]ip add 192.168.100.1 24

Qu

Dhcp enable

Int vlan 100

Dhcp select global

Qu

Int vlan 101

Ip add 192.168.101.1 24

Dhcp select interface

Qu

Ip pool vlan100

­Gateway-list 192.168.100.254

Network 192.168.100.0

[AC1-ip-pool-vlan100]dns-list 192.168.200.4

[AC1-ip-pool-vlan100]excluded-ip-address 192.168.100.1

[AC1-ip-pool-vlan100]qu

[AC1-wlan-view]ap-group name huawei

[AC1-wlan-ap-group-huawei]qu

[AC1-wlan-view]regulatory-domain-profile name huawei-domain

[AC1-wlan-regulate-domain-huawei-domain]country-code cn

[AC1-wlan-regulate-domain-huawei-domain]qu

[AC1-wlan-view]ap-group name ap-huawei

[AC1-wlan-ap-group-ap-huawei]regulatory-domain-profile huawei-domain

Warning: Modifying the country code will clear channel, power and antenna gain c

onfigurations of the radio and reset the AP. Continue?[Y/N]:y

[AC1-wlan-ap-group-ap-huawei]qu

[AC1-wlan-view]qu

[AC1]capwap source interface Vlanif 101

[AC1]wlan 

[AC1-wlan-view]ap auth-mode mac-auth

[AC1-wlan-view]ap-id 0 ap-mac 00e0-fc12-6130 (AP1的mac)

[AC1-wlan-ap-0]ap-name area-1

[AC1-wlan-ap-0]ap-group ap-huawei

Warning: This operation may cause AP reset. If the country code changes, it will

 clear channel, power and antenna gain configurations of the radio, Whether to c

ontinue? [Y/N]:y

Info: This operation may take a few seconds. Please wait for a moment.. done.

[AC1-wlan-ap-0]qu

[AC1-wlan-view]qu

[AC1]dis ap all

Info: This operation may take a few seconds. Please wait for a moment.done.

Total AP information:

idle : idle            [1]

---------------------------------------------------------------------------

ID   MAC            Name   Group     IP Type            State STA Uptime

---------------------------------------------------------------------------

0    00e0-fc12-6130 area-1 ap-huawei -  -               idle  0   -

---------------------------------------------------------------------------

Total: 1

[AC1]int g0/0/1

[AC1-GigabitEthernet0/0/1]port link-type trunk   

[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan all

[AC1-GigabitEthernet0/0/1]qu

[AC1]dis ap all

 [AC1]wlan

[AC1-wlan-view]security-profile name sec

[AC1-wlan-sec-prof-sec]security wpa2 psk pass-phrase huawei@123 aes

[AC1-wlan-sec-prof-sec]qu

[AC1-wlan-view]ssid-profile  name ssid-1

[AC1-wlan-ssid-prof-ssid-1]ssid huawei

Info: This operation may take a few seconds, please wait.done.

[AC1-wlan-ssid-prof-ssid-1]qu

[AC1-wlan-view]vap-profile name vap-1

[AC1-wlan-vap-prof-vap-1]forward-mode tunnel

Info: This operation may take a few seconds, please wait.done.

[AC1-wlan-vap-prof-vap-1]service-vlan vlan-id 100

Info: This operation may take a few seconds, please wait.done.

[AC1-wlan-vap-prof-vap-1]security-profile sec

Info: This operation may take a few seconds, please wait.done.

[AC1-wlan-vap-prof-vap-1]ssid-profile ssid-1

Info: This operation may take a few seconds, please wait.done.

[AC1-wlan-vap-prof-vap-1]qu

[AC1-wlan-view]ap-group name ap-huawei

[AC1-wlan-ap-group-ap-huawei]vap-profile vap-1 wlan 1 radio 0

Info: This operation may take a few seconds, please wait...done.

[AC1-wlan-ap-group-ap-huawei]qu

[AC1-wlan-view]qu

[AC1]qu

<AC1>save

  The current configuration will be written to the device.

  Are you sure to continue? (y/n)[n]:y

  It will take several minutes to save configuration file, please wait........

  Configuration file has been saved successfully

  Note: The configuration file will take effect after being activated

AR2配置

<Huawei>sys

[Huawei]sys cor1

[cor1]undo info-center enable

Info: Information center is disabled.

[cor1]int g2/0/0

[cor1-GigabitEthernet2/0/0]ip add 192.168.5.1 24

[cor1-GigabitEthernet2/0/0]int g2/0/1

[cor1-GigabitEthernet2/0/1]ip add 192.168.6.1 24

[cor1-GigabitEthernet2/0/1]int g0/0/1

[cor1-GigabitEthernet0/0/1]ip add 192.168.4.1 24

[cor1-GigabitEthernet0/0/1]int g0/0/0

[cor1-GigabitEthernet0/0/0]ip add 192.168.2.2 24

AR4配置

<Huawei>sys

Enter system view, return user view with Ctrl+Z.

   

[Huawei]undo info-center enable

Info: Information center is disabled.

[Huawei]sys cor2

[cor2]int g0/0/0

[cor2-GigabitEthernet0/0/0]ip add 192.168.3.2 24

[cor2-GigabitEthernet0/0/0]int g0/0/1

[cor2-GigabitEthernet0/0/1]ip add 192.168.4.2 24

[cor2-GigabitEthernet2/0/0]int g2/0/1

[cor2-GigabitEthernet2/0/1]ip add 192.168.8.1 24

[cor2-GigabitEthernet2/0/1]int g2/0/0

[cor2-GigabitEthernet2/0/0]ip add 192.168.7.1 24

防火墙配置

初始用户名：admin

初始密码  ：Admin@123

新的密码  ：huawei@123

[USG6000V1]sys FW1

[FW1]undo inf en

[FW1]int g1/0/0

[FW1-GigabitEthernet1/0/0]ip add 192.168.2.1 24

[FW1-GigabitEthernet1/0/0]int g0/0/0

[FW1-GigabitEthernet0/0/0]ip add 192.168.3.1 24

[FW1-GigabitEthernet0/0/0]int g1/0/1

[FW1-GigabitEthernet1/0/1]ip add 192.168.200.1 24

[FW1-GigabitEthernet1/0/1]int g1/0/2

[FW1-GigabitEthernet1/0/2]ip add 200.10.10.1 30

[FW1-GigabitEthernet1/0/2]qu

[FW1]firewall zone trust

[FW1-zone-trust]add interface g0/0/0

[FW1-zone-trust]add interface g1/0/0

[FW1-zone-trust]qu

[FW1]firewall zone untrust

[FW1-zone-untrust]add interface g1/0/2

[FW1-zone-untrust]qu

[FW1]firewall zone dmz

[FW1-zone-dmz]add interface g1/0/1

[FW1-zone-dmz]qu

[FW1]security-policy

[FW1-policy-security]rule name tr-untr

[FW1-policy-security-rule-tr-untr]source-zone trust

[FW1-policy-security-rule-tr-untr]source-address 192.168.0.0 0.0.255.255

[FW1-policy-security-rule-tr-untr]destination-zone

Info: The schedule update of IPS-SDB is triggered.

[FW1-policy-security-rule-tr-untr]destination-zone untrust

Info: The schedule update of AV-SDB is triggered.

[FW1-policy-security-rule-tr-untr]action permit

[FW1]int g1/0/0

[FW1-GigabitEthernet1/0/0]service-manage all permit

[FW1-GigabitEthernet1/0/0]int g0/0/0 

[FW1-GigabitEthernet0/0/0]service-manage all permit

[FW1-GigabitEthernet0/0/0]int g1/0/1

[FW1-GigabitEthernet1/0/1]service-manage all permit

[FW1-GigabitEthernet1/0/1]int g1/0/2

[FW1-GigabitEthernet1/0/2]service-manage all permit

LSW1配置

[Huawei]sys lsw1

[lsw1]ospf 10

[lsw1-ospf-10]area 0

[lsw1-ospf-10-area-0.0.0.0]network 192.168.10.0 0.0.0.255

[lsw1-ospf-10-area-0.0.0.0]network 192.168.20.0 0.0.0.255

[lsw1-ospf-10-area-0.0.0.0]network 192.168.30.0 0.0.0.255

[lsw1-ospf-10-area-0.0.0.0]network 192.168.40.0 0.0.0.255

[lsw1-ospf-10-area-0.0.0.0]network 192.168.100.0 0.0.0.255

[lsw1-ospf-10-area-0.0.0.0]network 192.168.5.0 0.0.0.255

[lsw1-ospf-10-area-0.0.0.0]network 192.168.7.0 0.0.0.255

LSW2配置

[cor2]sys sw2

[sw2]ospf 20

[sw2-ospf-20]area 0

[sw2-ospf-20-area-0.0.0.0]network 192.168.10.0 0.0.0.255

[sw2-ospf-20-area-0.0.0.0]network 192.168.20.0 0.0.0.255

[sw2-ospf-20-area-0.0.0.0]network 192.168.30.0 0.0.0.255

[sw2-ospf-20-area-0.0.0.0]network 192.168.40.0 0.0.0.255

[sw2-ospf-20-area-0.0.0.0]network 192.168.6.0 0.0.0.255

[sw2-ospf-20-area-0.0.0.0]network 192.168.8.0 0.0.0.255

AR2配置

[cor1]ospf 30

[cor1-ospf-30]area 0

[cor1-ospf-30-area-0.0.0.0]network 192.168.5.0 0.0.0.255

[cor1-ospf-30-area-0.0.0.0]network 192.168.6.0 0.0.0.255

[cor1-ospf-30-area-0.0.0.0]network 192.168.4.0 0.0.0.255

[cor1-ospf-30-area-0.0.0.0]network 192.168.2.0 0.0.0.255

AR4配置

[cor2]ospf 40

[cor2-ospf-40]area 0

[cor2-ospf-40-area-0.0.0.0]network 192.168.7.0 0.0.0.255

[cor2-ospf-40-area-0.0.0.0]network 192.168.8.0 0.0.0.255

[cor2-ospf-40-area-0.0.0.0]network 192.168.3.0 0.0.0.255

[cor2-ospf-40-area-0.0.0.0]network 192.168.4.0 0.0.0.255

防火墙配置

<FW1>sys

Enter system view, return user view with Ctrl+Z.

[FW1]ospf 50

[FW1-ospf-50]area 0

[FW1-ospf-50-area-0.0.0.0]network 192.168.2.0 0.0.0.255

[FW1-ospf-50-area-0.0.0.0]network 192.168.3.0 0.0.0.255

[FW1-ospf-50-area-0.0.0.0]network 192.168.200.0 0.0.0.255

[FW1-ospf-50-area-0.0.0.0]qu

[FW1-ospf-50]default-route-advertise always

[FW1-ospf-50]qu

[FW1]ip route-static 0.0.0.0 0.0.0.0 200.10.10.2 

默认路由一般用在末稍网络，指只有一个唯一出口的网络。默认路由的配置方法为：# ip route 0.0.0.0 0.0.0.0 下一跳IP地址。

[FW1]nat-policy

[FW1-policy-nat]rule name easy-ip

[FW1-policy-nat-rule-easy-ip]source-address 192.168.0.0 0.0.255.255

[FW1-policy-nat-rule-easy-ip]source-zone trust

[FW1-policy-nat-rule-easy-ip]source-zone dmz

[FW1-policy-nat-rule-easy-ip]destination-zone untrust

[FW1-policy-nat-rule-easy-ip]action source-nat easy-ip     nat地址转换

<FW1>sa a

The current configuration will be written to the device.

Are you sure to continue?[Y/N]y

Now saving the current configuration to the slot 0..

Save the configuration successfully.

AR3配置

<Huawei>sys

Enter system view, return user view with Ctrl+Z.

[Huawei]sys name isp-r

[name isp-r]undo info en

Info: Information center is disabled.

[name isp-r]int g0/0/0

[name isp-r-GigabitEthernet0/0/0]ip add 200.10.10.2 30

[name isp-r-GigabitEthernet0/0/0]int g0/0/1

[name isp-r-GigabitEthernet0/0/1]ip add 200.10.20.1 28