1、企業案例H3C大規模路由技術所在系別： 計算機技術系 所屬專業： 計算機網絡技術 指導教師： 董科鵬 專業負責人： 孫志成 中央美術學院網絡改造方案1、 項目來源中央美術學院網絡改造方案2、 項目主要內容學校計劃對出口設備改造，滿足整個校園網3萬用戶的上網需求；同時客戶校園網出口有6條千兆鏈路，需要在校園網出口實現負載均衡；學校希望實現整個校園網的大二層，便于維護管理。整個央美本院，采用有線、無線一體化組網。辦公樓以及籃球場采用的是面板式AP進行有線網絡的部署以及無線信號的覆蓋（此時有線終端與無線AP在同一網段）；其它場館無線采用室分的方式進行部署，有線采用原有設備保持不變（網段基本不變，詳見

2、IP地址規劃）。3、 項目知識點1、網絡設計原則 本方案將設計主干網負責各個子網和應用服務的連接，網絡協議采用TCP/IP協議，核心交換機采用三層交換機，能較好解決突發數據量和密集服務請求的實時響應問題，數據交換時交換引擎不會出現過載現象和數據包碰撞、丟失的現象。2、IP地址規劃IP地址空間分配，要與網絡拓撲層次結構相適應，既要有效地利用地址空間，又要體現出網絡的可擴展性和靈活性，同時能滿足路由協議的要求，以便于網絡中的路由聚類，減少路由器中路由表的長度，減少對路由器CPU、內存的消耗，提高路由算法的效率，加快路由變化的收斂速度，同時還要考慮到網絡地址的可管理性。3、無線規劃 無線終端的迅猛發

3、展，原有網絡設計無法滿足現有需求，此次網絡改造方案設計主要對體育中心進行無線覆蓋，包括行政樓、美術館、設計學院中心、石膏雕塑陳列館、綜合樓、圖書館等室內區域以及籃球場等的外部區域。 4、QOS 保證網絡的正常運行，對內網端口限速配置；對指定網段進行上網行為限定。4、 項目技能點1、 IP地址正確配置X X X X X網段規劃樓宇范圍IP規劃網關SSID接入密碼行政樓有線（舊有）綜合樓有線（新增）美術館有線圖書館無線LibraryYmcont1設計學院中心無線Design CenYmcont2其它無線ZJZXYmcont3籃球館無線BasYmcont42、DHCP配置3、QOS配置4、無線規劃及

4、AP配置5、 附錄：出口防火墻關鍵配置：# version 7.1.064, Ess 9311P02# sysname F1050# firewall packet-filter enable firewall packet-filter default permit# firewall statistic system enable# qos carl 1 source-ip-address range 192.168.20.1 to 192.168.20.254 per-address qos carl 2 destination-ip-address range 192.168.20.1

5、 to 192.168.20.254 per-address qos carl 3 source-ip-address range 10.0.1.1 to 10.0.1.254 per-address qos carl 4 destination-ip-address range 10.0.1.1 to 10.0.1.254 per-address qos carl 5 source-ip-address range 10.0.2.1 to 10.0.2.254 per-address qos carl 6 destination-ip-address range 10.0.2.1 to 10

6、.0.2.254 per-address#radius scheme system server-type extended#domain system#local-user admin password simple admin service-type telnet level 3#acl advanced 3000acl advanced 3001#interface Aux0 async mode flow#interface GigabitEthernet0/0#interface GigabitEthernet0/1 description to core qos car inbo

7、und carl 1 cir 3072000 cbs 3072000 ebs 0 green pass red discard qos car inbound carl 3 cir 3072000 cbs 3072000 ebs 0 green pass red discard qos car inbound carl 5 cir 3072000 cbs 3072000 ebs 0 green pass red discard qos car outbound carl 2 cir 3072000 cbs 3072000 ebs 0 green pass red discard qos car

8、 outbound carl 4 cir 3072000 cbs 3072000 ebs 0 green pass red discard qos car outbound carl 6 cir 3072000 cbs 3072000 ebs 0 green pass red discard#interface GigabitEthernet1/0#interface GigabitEthernet1/1 ip address 124.205.152.70 255.255.255.224 sub nat outbound 3000 address-group 1 qos car inbound

9、 carl 1 cir 3072000 cbs 3072000 ebs 0 green pass red discard qos car inbound carl 3 cir 3072000 cbs 3072000 ebs 0 green pass red discard qos car inbound carl 5 cir 3072000 cbs 3072000 ebs 0 green pass red discard qos car inbound acl 3001 cir 4096000 cbs 4096000 ebs 0 green pass red discard qos car o

10、utbound carl 2 cir 3072000 cbs 3072000 ebs 0 green pass red discard qos car outbound carl 6 cir 3072000 cbs 3072000 ebs 0 green pass red discard qos car outbound carl 4 cir 3072000 cbs 3072000 ebs 0 green pass red discard qos car outbound acl 3001 cir 4096000 cbs 4096000 ebs 0 green pass red discard

11、#interface Encrypt2/0#interface NULL0#security-zone name Trustimport interface GigabitEthernet0/1import interface GigabitEthernet1/0import interface GigabitEthernet1/1#zone-pair security source trust destination untrust packet-filter 3000# ip route-static 0.0.0.0 0.0.0.0 172.30.30.101 preference 60

12、ip route-static 10.0.0.0 255.0.0.0 192.168.10.2 preference 60 ip route-static 172.16.0.0 255.255.0.0 192.168.10.2 preference 60 ip route-static 192.168.2.0 255.255.255.0 192.168.10.2 preference 60 ip route-static 193.0.0.0 255.0.0.0 192.168.10.2 preference 60#user-interface con 0user-interface aux 0

13、user-interface vty 0 4#Return核心交換關鍵配置：# version 5.20, Release 2202P20# sysname core# irf mac-address persistent timer irf auto-update enable undo irf link-delay# domain default enable system# telnet server enable# undo ip ttl-expires# dhcp-snooping#vlan 1#vlan 10#vlan 20 description to gongyu#vlan 4

14、0 description gonggongquyu#vlan 999#vlan 4000 description to chukou#radius scheme system server-type extended primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain#domain system access-limit disable state active idle-cut disable self-service-url disa

15、ble#dhcp server ip-pool gonggong#dhcp server ip-pool gongyu#user-group system#local-user admin password simple admin authorization-attribute level 3 service-type telnet# stp instance 0 root primary#interface NULL0#interface Vlan-interface1#interface Vlan-interface10 ip address 192.168.2.254 255.255.

16、255.0#interface Vlan-interface20 description to gongyu#interface Vlan-interface40 description gonggong#interface Vlan-interface999#interface Vlan-interface4000 description to chukou#interface GigabitEthernet1/0/1 port access vlan 10#interface GigabitEthernet1/0/2 port access vlan 10#interface Gigabi

17、tEthernet1/0/3 port access vlan 10#interface GigabitEthernet1/0/4 port access vlan 10#interface GigabitEthernet1/0/5 port access vlan 10#interface GigabitEthernet1/0/6 port link-type trunk port trunk permit vlan 1 10 20 port trunk pvid vlan 10#interface GigabitEthernet1/0/7 port link-type trunk port

18、 trunk permit vlan 1 10 20 port trunk pvid vlan 10#interface GigabitEthernet1/0/8 port link-type trunk port trunk permit vlan 1 10 20 port trunk pvid vlan 10# interface GigabitEthernet1/0/9#interface GigabitEthernet1/0/10 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 20 d

19、hcp-snooping trust#interface GigabitEthernet1/0/11 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 20 dhcp-snooping trust#interface GigabitEthernet1/0/12 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 20 dhcp-snooping trust#interface GigabitEthern

20、et1/0/13 port link-type trunk port trunk permit vlan 1 10 20 port trunk pvid vlan 10#interface GigabitEthernet1/0/14 port access vlan 999#interface GigabitEthernet1/0/15 port link-type trunk port trunk permit vlan 1 10 20 port trunk pvid vlan 10#interface GigabitEthernet1/0/16 port link-type trunk p

21、ort trunk permit vlan 1 10 20 port trunk pvid vlan 10#interface GigabitEthernet1/0/17 port link-type trunk port trunk permit vlan 1 10 20 port trunk pvid vlan 10#interface GigabitEthernet1/0/18 port access vlan 10# interface GigabitEthernet1/0/19 port access vlan 10#interface GigabitEthernet1/0/20 d

22、escription to jiaxiao port access vlan 10#interface GigabitEthernet1/0/21#interface GigabitEthernet1/0/22 description to gongyu port access vlan 20 dhcp-snooping trust#interface GigabitEthernet1/0/23 description to chukou port access vlan 4000#interface GigabitEthernet1/0/24 description to AC port l

23、ink-type trunk undo port trunk permit vlan 1 port trunk permit vlan 20#interface GigabitEthernet1/0/25 shutdown#interface GigabitEthernet1/0/26 shutdown#interface GigabitEthernet1/0/27 shutdown#interface GigabitEthernet1/0/28 shutdown# dhcp enable#user-interface aux 0 8user-interface vty 0 4 authent

24、ication-mode scheme user privilege level 3#Return無線控制器關鍵配置：# version 5.20, Release 2609P30# sysname AC# domain default enable system# telnet server enable# port-security enable# sysnetid AC# password-recovery enable#vlan 1#vlan 20#vlan 100 description bangonglou#vlan 200 description gongyu#vlan 300

25、description gonggongquyu#domain system access-limit disable state active idle-cut disable self-service-url disable#dhcp server ip-pool gonggong#dhcp server ip-pool gongyu#dhcp server ip-pool office#user-group system group-attribute allow-guest#local-user admin password cipher $c$3$7l+ydIMHrQiN/SqGkU

26、B6L38Rpy6MTms6 authorization-attribute level 3 service-type telnet service-type web#wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54#wlan serv

27、ice-template 1 clear ssid office bind WLAN-ESS 1 client-rate-limit direction inbound mode static cir 3072 client-rate-limit direction outbound mode static cir 3072 service-template enable#wlan service-template 2 clear ssid Library bind WLAN-ESS 2 client-rate-limit direction inbound mode static cir 3

28、072 client-rate-limit direction outbound mode static cir 3972 service-template enable#wlan service-template 3 clear ssid Statue bind WLAN-ESS 3 client-rate-limit direction inbound mode static cir 3072 client-rate-limit direction outbound mode static cir 3072 service-template enable#interface NULL0#i

29、nterface Vlan-interface20#interface Vlan-interface100 description office#interface Vlan-interface200 description gongyu#interface Vlan-interface300 description ZJZX#interface GigabitEthernet1/0/1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 20#interface GigabitEthernet1/

30、0/2#interface GigabitEthernet1/0/3#interface GigabitEthernet1/0/4#interface GigabitEthernet1/0/5#interface GigabitEthernet1/0/6#interface GigabitEthernet1/0/7#interface GigabitEthernet1/0/8#interface M-GigabitEthernet1/0/0#interface Ten-GigabitEthernet1/0/9#interface Ten-GigabitEthernet1/0/10#interf

31、ace WLAN-ESS1 port access vlan 100#interface WLAN-ESS2 port access vlan 200#interface WLAN-ESS3 port access vlan 300#interface WLAN-ESS30#wlan ap-group default_group ap ap01 ap ap02 ap ap03 ap ap04 ap ap05 ap ap06 ap ap07 ap ap08 ap ap09 ap ap10dot11bg service-template 1 dot11bg service-template 2 d

32、ot11bg service-template 3 dot11bg radio enable#wlan ap ap01 model WA2610H-GN id 1 serial-id 219801A0FH914BQ01152 radio 1 service-template 1 service-template 2 radio enable#wlan ap ap02 model WA2610H-GN id 2 serial-id 219801A0FH914BQ01463 radio 1 service-template 1 service-template 2 service-template

33、 3 radio enable #wlan ap ap03 model WA2610H-GN id 3 serial-id 219801A0FH914BQ01128 radio 1 service-template 1 service-template 2 service-template 3 radio enable#wlan ap ap04 model WA2610H-GN id 4 serial-id 219801A0FH914BQ01197 radio 1 service-template 1 service-template 2 service-template 3 radio en

34、able#wlan ap ap05 model WA2610H-GN id 5 serial-id 219801A0FH914BQ01451 radio 1 service-template 1 service-template 2 service-template 3 radio enable#wlan ap ap06 model WA2610H-GN id 6 serial-id 219801A0FH914BQ01135 radio 1 service-template 1 service-template 2 service-template 3 radio enable#wlan ap

35、 ap07 model WA2610H-GN id 7 serial-id 219801A0FH914BQ01452 radio 1 service-template 1 service-template 2 service-template 3 radio enable#wlan ap ap08 model WA2610H-GN id 8 serial-id 219801A0FH914BQ01435 radio 1 service-template 1 service-template 2 service-template 3 radio enable#wlan ap ap09 model WA2610H-GN id 9 serial-id 2198