唯云OE

OSPF/静态-组网

OSPF完整组网

FW-外网:电信和联通两条专线,1号楼走电信,二号楼走联通,安全策略,NAT,服务器映射/静态NAT

核心-FW:核心堆叠,动态路由ospf(区域area0),管理地址10.0.101.1

核心-汇聚:链路聚合(可做二主一备,最大活跃链路为2),汇聚堆叠,网关下放至汇聚,DHCP,ACL,动态路由ospf(区域area1,area2)

接入:trunk链路,access链路,链路聚合

全局设备统一配置:telnet/console--aaa认证,配置10.0.101.0段的管理地址

ospf快速配置方式:

ospf 1

area 0

network 0.0.0.0 255.255.255.255

FW配置:

核心配置:

#

vlan batch 10 20 30 40 50 60 70 100 to 101

#

interface Vlanif1

#

interface Vlanif10

ip address 10.0.10.1 255.255.255.0

#

interface Vlanif40

ip address 10.0.40.1 255.255.255.0

#

interface Vlanif100

ip address 10.0.100.1 255.255.255.0

#

interface Vlanif101

ip address 10.0.101.1 255.255.255.0

#

interface MEth0/0/1

#

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 2 to 4094

mode lacp-static

#

interface Eth-Trunk2

port link-type trunk

port trunk allow-pass vlan 2 to 4094

mode lacp-static

#

interface GigabitEthernet0/0/1

port link-type access

port default vlan 100

#

interface GigabitEthernet0/0/2

#

interface GigabitEthernet0/0/3

#

interface GigabitEthernet0/0/4

eth-trunk 1

#

interface GigabitEthernet0/0/5

eth-trunk 1

#

interface GigabitEthernet0/0/6

eth-trunk 2

#

interface GigabitEthernet0/0/7

eth-trunk 2

#

ospf 1 router-id 10.0.101.1

area 0.0.0.0

network 10.0.100.0 0.0.0.255

network 10.0.101.1 0.0.0.0

area 0.0.0.1

network 10.0.10.0 0.0.0.255

area 0.0.0.2

network 10.0.40.0 0.0.0.255

#

汇聚1配置:

#

vlan batch 10 20 30 40 100 to 101

#

interface Vlanif1

#

interface Vlanif10

ip address 10.0.10.254 255.255.255.0

dhcp select interface

#

interface Vlanif20

ip address 10.0.20.254 255.255.255.0

dhcp select interface

#

interface Vlanif30

ip address 10.0.30.254 255.255.255.0

dhcp select interface

#

interface Vlanif100

ip address 10.0.100.2 255.255.255.0

#

interface Vlanif101

ip address 10.0.101.2 255.255.255.0

#

interface MEth0/0/1

#

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 2 to 4094

mode lacp-static

#

interface GigabitEthernet0/0/1

eth-trunk 1

#

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 2 to 4094

#

interface GigabitEthernet0/0/3

port link-type trunk

port trunk allow-pass vlan 2 to 4094

#

interface GigabitEthernet0/0/4

eth-trunk 1

#

interface GigabitEthernet0/0/5

port link-type trunk

port trunk allow-pass vlan 2 to 4094

#

ospf 1 router-id 10.0.101.2

area 0.0.0.1

network 10.0.10.0 0.0.0.255

network 10.0.20.0 0.0.0.255

network 10.0.30.0 0.0.0.255

network 10.0.101.2 0.0.0.0

#

port-group 1

group-member GigabitEthernet0/0/2

group-member GigabitEthernet0/0/5

group-member GigabitEthernet0/0/3

#

汇聚2配置:

#

vlan batch 40 50 60 100 to 101

#

interface Vlanif1

#

interface Vlanif40

ip address 10.0.40.254 255.255.255.0

dhcp select interface

#

interface Vlanif50

ip address 10.0.50.254 255.255.255.0

dhcp select interface

#

interface Vlanif60

ip address 10.0.60.254 255.255.255.0

dhcp select interface

#

interface Vlanif100

ip address 10.0.100.3 255.255.255.0

#

interface Vlanif101

ip address 10.0.101.3 255.255.255.0

#

interface MEth0/0/1

#

interface Eth-Trunk2

port link-type trunk

port trunk allow-pass vlan 2 to 4094

mode lacp-static

#

interface GigabitEthernet0/0/1

eth-trunk 2

#

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 2 to 4094

#

interface GigabitEthernet0/0/3

port link-type trunk

port trunk allow-pass vlan 2 to 4094

#

interface GigabitEthernet0/0/4

eth-trunk 2

#

interface GigabitEthernet0/0/5

port link-type trunk

port trunk allow-pass vlan 2 to 4094

#

ospf 1 router-id 10.0.101.3

area 0.0.0.2

network 10.0.40.0 0.0.0.255

network 10.0.50.0 0.0.0.255

network 10.0.60.0 0.0.0.255

network 10.0.101.3 0.0.0.0

#

port-group 1

group-member GigabitEthernet0/0/2

group-member GigabitEthernet0/0/3

group-member GigabitEthernet0/0/5

#

接入配置:

#

vlan batch 20 101

#

interface Vlanif1

#

interface Vlanif101

ip address 10.0.101.5 255.255.255.0

#

interface MEth0/0/1

#

interface Ethernet0/0/1

port link-type trunk

port trunk allow-pass vlan 2 to 4094

#

interface Ethernet0/0/2

port link-type access

port default vlan 20

#

全局设备统一配置:

#

aaa

local-user admin password cipher "DOHT=K8@>MNZPO3JBXBHA!!

local-user admin privilege level 15

local-user admin service-type telnet

#

user-interface con 0

authentication-mode aaa

user-interface vty 0 4

authentication-mode aaa

protocol inbound all

#

Q.E.D.

唯云OE

© 2025 唯云OE