{"id":1044,"date":"2025-04-17T18:09:06","date_gmt":"2025-04-17T10:09:06","guid":{"rendered":"http:\/\/192.168.5.24\/?p=1044"},"modified":"2025-04-17T18:16:03","modified_gmt":"2025-04-17T10:16:03","slug":"%e4%bd%bf%e7%94%a8%e5%8d%8e%e4%b8%baensp%e5%ae%9e%e7%8e%b0%e4%bc%81%e4%b8%9a%e6%80%bb%e9%83%a8%e4%b8%8e%e5%88%86%e9%83%a8%e7%bd%91%e7%bb%9c%e8%ae%be%e8%ae%a1%e4%bb%bf%e7%9c%9f%e6%af%95%e8%ae%be2","status":"publish","type":"post","link":"https:\/\/bigvip.dpdns.org\/?p=1044","title":{"rendered":"\u4f7f\u7528\u534e\u4e3aENSP\u5b9e\u73b0\u4f01\u4e1a\u603b\u90e8\u4e0e\u5206\u90e8\u7f51\u7edc\u8bbe\u8ba1\u4eff\u771f(\u6bd5\u8bbe2)"},"content":{"rendered":"\n

\u5b9e\u9a8c\u9700\u6c42\uff1a<\/strong><\/p>\n\n\n\n

\u67d0\u4f01\u4e1a\u6709\u603b\u90e8\u4e0e\u5206\u90e8\u4e24\u4e2a\u529e\u516c\u5730\u70b9\uff0c\u8981\u6c42\u5b8c\u6210\u7f51\u7edc\u8bbe\u8ba1\uff0c\u4e3b\u8981\u5b9e\u73b0\u4ee5\u4e0b\u9700\u6c42\uff1a1.\u603b\u516c\u53f8\u5185\u90e8\u5168\u90e8\u4f7f\u7528ospf\u534f\u8bae\u901a\u4fe1\uff0c\u5206\u516c\u53f8\u4f7f\u7528\u9759\u6001\u8def\u7531\u30022.\u4e3a\u4e86\u51cf\u5c11\u7f51\u7edc\u7ba1\u7406\u5458\u5de5\u4f5c\u91cf\uff0c\u65b9\u4fbf\u7ba1\u7406\uff0c\u9664\u670d\u52a1\u5668\u5916\uff0c\u603b\u90e8\u5176\u5b83\u6240\u6709\u90e8\u95e8\u91c7\u7528\u52a8\u6001\u83b7\u53d6IP\u5730\u5740 \uff0c\u603b\u90e8\u4f7f\u7528\u4e24\u53f0\u6838\u5fc3\u4ea4\u6362\u673a\u4f5c\u4e3aDHCP\u670d\u52a1\u5668\u5197\u4f59\u3002\u9664\u4e86\u8bbf\u5ba2\u65e0\u7ebf\u3001\u5206\u90e8\u4f7f\u7528\u57fa\u4e8e\u63a5\u53e3DHCP\u5916\uff0c\u5176\u4ed6\u6240\u6709\u7f51\u6bb5\u4f7f\u7528\u5168\u5c40DHCP\u30023.\u4f7f\u7528VRRP+MSTP\u8054\u52a8\u5b8c\u6210\u6545\u969c\u6beb\u79d2\u7ea7\u5207\u6362\u30024.\u65e0\u7ebf\u8981\u6c42\u5458\u5de5\u4e0e\u8bbf\u5ba2\u4e4b\u95f4\u5b8c\u6210\u9694\u79bb\u30025.\u4e3a\u4e86\u516c\u53f8\u4e1a\u52a1\u7684\u5b89\u5168\uff0c\u8981\u6c42\u8bbf\u5ba2\u65e0\u7ebf\u7f51\u7edc\u9664\u4e86\u8bbf\u95ee\u516c\u53f8\u670d\u52a1\u5668\u8d44\u6e90\u4e0e\u5916\u7f51\u5916\uff0c\u4e0d\u8bb8\u8bbf\u95ee\u4efb\u4f55\u90e8\u95e8\u30026.VPN\u5b9e\u73b0\uff1a\u603b\u90e8\u53ef\u4ee5\u4e0e\u5206\u516c\u53f8\u901a\u4fe1\u3002<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u603b\u90e8AC\u7684\u914d\u7f6e\uff1a<\/p>\n\n\n\n

<AC6605>dis current-configuration \n#\n#\ninterface Vlanif100\n ip address 192.168.90.37 255.255.255.252\n#\ninterface GigabitEthernet0\/0\/1\n port link-type access\n port default vlan 100\n#\nip route-static 0.0.0.0 0.0.0.0 192.168.90.38\n#\ncapwap source interface vlanif100\n#\nwlan\n  security-profile name secp\n  security wpa-wpa2 psk pass-phrase %^%#k<E#6$h%>0i(\"sA;6pTO1+Je\"il,cN(B]YN\\{qDI\n%^%# aes\n security-profile name secpg\n ssid-profile name ssidp\n  ssid guimei\n ssid-profile name ssidpg\n  ssid guest\n  vap-profile name vapp\n  service-vlan vlan-id 82\n  ssid-profile ssidp\n  security-profile secp\n vap-profile name vappg\n  service-vlan vlan-id 83\n  ssid-profile ssidpg\n  security-profile secpg\n regulatory-domain-profile name default\n ap auth-mode no-auth\n ap-group name apg\n  radio 0\n   vap-profile vapp wlan 1\n   vap-profile vappg wlan 2\n  radio 1\n   vap-profile vapp wlan 1\n   vap-profile vappg wlan 2\n  radio 2\n   vap-profile vapp wlan 1\n   vap-profile vappg wlan 2\n\n ap-id 0 type-id 45 ap-mac 00e0-fcab-4630 ap-sn 2102354483108F573269\n  ap-group apg\n provision-ap\n#\nreturn\n<AC6605>  <\/code><\/pre>\n\n\n\n
\u603b\u90e8\u6c47\u805a\u4ea4\u6362\u673a\u914d\u7f6e\uff1a<\/p>\n\n\n\n
<C_SW1>dis current-configuration \n#\nsysname Huawei\n#\nvlan batch 10 20 30 40 50 60 81 to 83 91 to 92\n#\nstp instance 1 priority 4096\nstp instance 2 priority 4096\nstp instance 3 priority 4096\nstp instance 4 priority 4096\n#\ncluster enable\nntdp enable\nndp enable\n#\ndrop illegal-mac alarm\n#\ndhcp enable\n#\ndiffserv domain default\n#\nstp region-configuration\n region-name abc\n instance 1 vlan 10\n instance 2 vlan 20\n instance 3 vlan 30\n instance 4 vlan 40\n instance 5 vlan 50\n instance 6 vlan 60\n instance 7 vlan 70\n instance 8 vlan 80\n instance 9 vlan 81\n instance 10 vlan 82\n instance 11 vlan 83\n active region-configuration\n#\ninterface Vlanif10\n ip address 192.168.10.252 255.255.255.0\n vrrp vrid 10 virtual-ip 192.168.10.254\n vrrp vrid 10 priority 110\n dhcp select relay\n dhcp relay server-ip 192.168.90.1\n dhcp relay server-ip 192.168.90.13\n#\ninterface Vlanif20\n ip address 192.168.20.252 255.255.255.0\n vrrp vrid 20 virtual-ip 192.168.20.254\n vrrp vrid 20 priority 110\n#\ninterface Vlanif30\n ip address 192.168.30.252 255.255.255.0\n vrrp vrid 30 virtual-ip 192.168.30.254\n vrrp vrid 30 priority 110\n#\ninterface Vlanif40\n ip address 192.168.40.252 255.255.255.0\n vrrp vrid 40 virtual-ip 192.168.40.254\n#\ninterface Vlanif50\n ip address 192.168.50.252 255.255.255.0\n vrrp vrid 50 virtual-ip 192.168.50.254\n#\ninterface Vlanif60\n ip address 192.168.60.252 255.255.255.0\n vrrp vrid 60 virtual-ip 192.168.60.254\n#\ninterface Vlanif81\n ip address 192.168.81.252 255.255.255.0\n vrrp vrid 81 virtual-ip 192.168.81.254\n dhcp select relay\n dhcp relay server-ip 192.168.90.1\n dhcp relay server-ip 192.168.90.13\n#\ninterface Vlanif82\n ip address 192.168.82.252 255.255.255.0\n vrrp vrid 82 virtual-ip 192.168.82.254\n dhcp select relay\n dhcp relay server-ip 192.168.90.1\n dhcp relay server-ip 192.168.90.13\n#\ninterface Vlanif83\n ip address 192.168.83.252 255.255.255.0\n vrrp vrid 83 virtual-ip 192.168.83.254\n dhcp select relay\n dhcp relay server-ip 192.168.90.1\n#\ninterface Vlanif91\n ip address 192.168.90.2 255.255.255.252\n#\ninterface Vlanif92\n ip address 192.168.90.6 255.255.255.252\n#\ninterface GigabitEthernet0\/0\/1\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\ninterface GigabitEthernet0\/0\/2\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\ninterface GigabitEthernet0\/0\/3\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\ninterface GigabitEthernet0\/0\/4\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\ninterface GigabitEthernet0\/0\/5\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\ninterface GigabitEthernet0\/0\/6\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\ninterface GigabitEthernet0\/0\/7\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\ninterface GigabitEthernet0\/0\/8\n port link-type access\n port default vlan 91\n#\ninterface GigabitEthernet0\/0\/9\n port link-type access\n port default vlan 92\n#\nospf 1\n area 0.0.0.0\n  network 192.168.90.0 0.0.0.3\n  network 192.168.90.4 0.0.0.3\n  network 192.168.10.0 0.0.0.255\n  network 192.168.20.0 0.0.0.255\n  network 192.168.30.0 0.0.0.255\n  network 192.168.40.0 0.0.0.255\n  network 192.168.50.0 0.0.0.255\n  network 192.168.60.0 0.0.0.255\n  network 192.168.81.0 0.0.0.255\n  network 192.168.82.0 0.0.0.255\n  network 192.168.83.0 0.0.0.255\n#\nreturn\n<C_SW1> <\/code><\/pre>\n\n\n\n
[C_SW2]dis current-configuration\n#\nsysname C_SW2\n#\nvlan batch 10 20 30 40 50 60 81 to 83 91 to 94\n#\nstp instance 5 priority 4096\nstp instance 6 priority 4096\nstp instance 9 priority 4096\nstp instance 10 priority 4096\nstp instance 11 priority 4096\n#\ndhcp enable\n#\nstp region-configuration\n region-name abc\n instance 1 vlan 10\n instance 2 vlan 20\n instance 3 vlan 30\n instance 4 vlan 40\n instance 5 vlan 50\n instance 6 vlan 60\n instance 7 vlan 70\n instance 8 vlan 80\n instance 9 vlan 81\n instance 10 vlan 82\n instance 11 vlan 83\n active region-configuration\n#\ninterface Vlanif10\n ip address 192.168.10.253 255.255.255.0\n vrrp vrid 10 virtual-ip 192.168.10.254\n dhcp select relay\n dhcp relay server-ip 192.168.90.1\n dhcp relay server-ip 192.168.90.13\n#\ninterface Vlanif20\n ip address 192.168.20.253 255.255.255.0\n vrrp vrid 20 virtual-ip 192.168.20.254\n#\ninterface Vlanif30\n ip address 192.168.30.253 255.255.255.0\n vrrp vrid 30 virtual-ip 192.168.30.254\n#\ninterface Vlanif40\n ip address 192.168.40.253 255.255.255.0\n vrrp vrid 40 virtual-ip 192.168.40.254\n vrrp vrid 40 priority 110\n#\ninterface Vlanif50\n ip address 192.168.50.253 255.255.255.0\n vrrp vrid 50 virtual-ip 192.168.50.254\n vrrp vrid 50 priority 110\n#\ninterface Vlanif60\n ip address 192.168.60.253 255.255.255.0\n vrrp vrid 60 virtual-ip 192.168.60.254\n vrrp vrid 60 priority 110\n#\ninterface Vlanif81\n ip address 192.168.81.253 255.255.255.0\n vrrp vrid 81 virtual-ip 192.168.81.254\n vrrp vrid 81 priority 110\n dhcp select relay\n dhcp relay server-ip 192.168.90.1\n dhcp relay server-ip 192.168.90.13\n#\ninterface Vlanif82\n ip address 192.168.82.253 255.255.255.0\n vrrp vrid 82 virtual-ip 192.168.82.254\n vrrp vrid 82 priority 110\n dhcp select relay\n dhcp relay server-ip 192.168.90.1\n dhcp relay server-ip 192.168.90.13\n#\ninterface Vlanif83\n ip address 192.168.83.253 255.255.255.0\n vrrp vrid 83 virtual-ip 192.168.83.254\n vrrp vrid 83 priority 110\n dhcp select relay\n dhcp relay server-ip 192.168.90.1\n#\ninterface Vlanif93\n ip address 192.168.90.10 255.255.255.252\n#\ninterface Vlanif94\n ip address 192.168.90.14 255.255.255.252\n#\ninterface GigabitEthernet0\/0\/1\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\ninterface GigabitEthernet0\/0\/2\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\ninterface GigabitEthernet0\/0\/3\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\ninterface GigabitEthernet0\/0\/4\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\ninterface GigabitEthernet0\/0\/5\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\ninterface GigabitEthernet0\/0\/6\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\ninterface GigabitEthernet0\/0\/7\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\ninterface GigabitEthernet0\/0\/8\n port link-type access\n port default vlan 94\n#\ninterface GigabitEthernet0\/0\/9\n port link-type access\n port default vlan 93\n#\nospf 1\n area 0.0.0.0\n  network 192.168.90.12 0.0.0.3\n  network 192.168.90.8 0.0.0.3\n  network 192.168.10.0 0.0.0.255\n  network 192.168.20.0 0.0.0.255\n  network 192.168.30.0 0.0.0.255\n  network 192.168.40.0 0.0.0.255\n  network 192.168.50.0 0.0.0.255\n  network 192.168.60.0 0.0.0.255\n  network 192.168.81.0 0.0.0.255\n  network 192.168.82.0 0.0.0.255\n  network 192.168.83.0 0.0.0.255\n#\nreturn\n[C_SW2] <\/code><\/pre>\n\n\n\n
\u603b\u90e8\u6838\u5fc3\u4ea4\u6362\u673a\u914d\u7f6e\uff1a<\/p>\n\n\n\n
<Core_SW1>dis current-configuration \n#\nsysname Core_SW1\n#\nvlan batch 83 91 93 95 98\n#\nstp instance 11 priority 4096\n#\n#\ndhcp enable\n#\nstp region-configuration\n region-name abc\n instance 11 vlan 91\n instance 12 vlan 95\n active region-configuration\n#\ndrop-profile default\n#\nip pool v10\n gateway-list 192.168.10.254\n network 192.168.10.0 mask 255.255.255.0\n excluded-ip-address 192.168.10.129 192.168.10.253\n#\nip pool v81\n gateway-list 192.168.81.254\n network 192.168.81.0 mask 255.255.255.0\n option 43 sub-option 3 ascii 192.168.90.37\n#\nip pool v82\n gateway-list 192.168.82.254\n network 192.168.82.0 mask 255.255.255.0\n#\nip pool v83\n gateway-list 192.168.83.254\n network 192.168.83.0 mask 255.255.255.0\n#\naaa\n authentication-scheme default\n authorization-scheme default\n accounting-scheme default\n domain default\n domain default_admin\n local-user admin password simple admin\n local-user admin service-type http\n#\ninterface Vlanif1\n#\ninterface Vlanif91\n ip address 192.168.90.1 255.255.255.252\n dhcp select global\n#\ninterface Vlanif93\n ip address 192.168.90.9 255.255.255.252\n#\ninterface Vlanif95\n ip address 192.168.90.18 255.255.255.252\n#\ninterface Vlanif98\n ip address 192.168.90.30 255.255.255.252\n#\ninterface MEth0\/0\/1\n#\ninterface GigabitEthernet0\/0\/1\n port link-type access\n port default vlan 91\n stp disable\n#\ninterface GigabitEthernet0\/0\/4\n port link-type access\n port default vlan 93\n stp disable\n#\ninterface GigabitEthernet0\/0\/5\n port link-type access\n port default vlan 98\n#\ninterface GigabitEthernet0\/0\/6\n port link-type access\n port default vlan 95\n stp disable\n#\nospf 1\n area 0.0.0.0\n  network 192.168.90.16 0.0.0.3\n  network 192.168.90.0 0.0.0.3\n  network 192.168.90.8 0.0.0.3\n  network 192.168.90.28 0.0.0.3\n#\nuser-interface con 0\nuser-interface vty 0 4\n#\nreturn\n<Core_SW1>  <\/code><\/pre>\n\n\n\n
[Core_SW2]dis current-configuration \n#\nsysname Core_SW2\n#\nvlan batch 83 92 94 96 99\n#\ndhcp enable\n#\nip pool v10\n gateway-list 192.168.10.254\n network 192.168.10.0 mask 255.255.255.0\n excluded-ip-address 192.168.10.1 192.168.10.128\n excluded-ip-address 192.168.10.252 192.168.10.253\n#\nip pool v81\n gateway-list 192.168.81.254\n network 192.168.81.0 mask 255.255.255.0\n option 43 sub-option 3 ascii 192.168.90.37\n#\nip pool v82\n gateway-list 192.168.82.254\n network 192.168.82.0 mask 255.255.255.0\n#\ninterface Vlanif92\n ip address 192.168.90.5 255.255.255.252\n#\ninterface Vlanif94\n ip address 192.168.90.13 255.255.255.252\n dhcp select global\n#\ninterface Vlanif96\n ip address 192.168.90.22 255.255.255.252\n#\ninterface Vlanif99\n ip address 192.168.90.34 255.255.255.252\n#\ninterface GigabitEthernet0\/0\/1\n port link-type access\n port default vlan 94\n stp disable\n#\ninterface GigabitEthernet0\/0\/2\n#\ninterface GigabitEthernet0\/0\/3\n#\ninterface GigabitEthernet0\/0\/4\n port link-type access\n port default vlan 92\n stp disable\n#\ninterface GigabitEthernet0\/0\/5\n port link-type access\n port default vlan 99\n#\ninterface GigabitEthernet0\/0\/6\n port link-type access\n port default vlan 96\n stp disable\n#\nospf 1\n area 0.0.0.0\n  network 192.168.90.12 0.0.0.3\n  network 192.168.90.20 0.0.0.3\n  network 192.168.90.4 0.0.0.3\n  network 192.168.90.32 0.0.0.3\n#\nuser-interface con 0\nuser-interface vty 0 4\n#\nreturn\n[Core_SW2]<\/code><\/pre>\n\n\n\n
\u603b\u90e8\u9632\u706b\u5899\u8bbe\u7f6e\uff1a<\/p>\n\n\n\n
[ZB_FW]dis current-configuration \n2025-04-17 04:19:59.200 \n!Software Version V500R005C10SPC300\n#\nsysname ZB_FW\n#\nacl number 3000\n rule 5 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.110.0 0.0.0.\n255\n rule 10 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.120.0 0.0.0\n.255\n rule 15 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.130.0 0.0.0\n.255\n rule 20 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.140.0 0.0.0\n.255\n rule 25 permit ip source 192.168.20.0 0.0.0.255 destination 192.168.110.0 0.0.0\n.255\n rule 30 permit ip source 192.168.20.0 0.0.0.255 destination 192.168.120.0 0.0.0\n.255\n rule 35 permit ip source 192.168.20.0 0.0.0.255 destination 192.168.130.0 0.0.0\n.255\n rule 40 permit ip source 192.168.20.0 0.0.0.255 destination 192.168.140.0 0.0.0\n.255\n rule 45 permit ip source 192.168.30.0 0.0.0.255 destination 192.168.110.0 0.0.0\n.255\n rule 50 permit ip source 192.168.30.0 0.0.0.255 destination 192.168.120.0 0.0.0\n.255\n rule 55 permit ip source 192.168.30.0 0.0.0.255 destination 192.168.130.0 0.0.0\n.255\n rule 60 permit ip source 192.168.30.0 0.0.0.255 destination 192.168.140.0 0.0.0\n.255\n rule 65 permit ip source 192.168.40.0 0.0.0.255 destination 192.168.110.0 0.0.0\n.255\n rule 70 permit ip source 192.168.40.0 0.0.0.255 destination 192.168.120.0 0.0.0\n.255\n rule 75 permit ip source 192.168.40.0 0.0.0.255 destination 192.168.130.0 0.0.0\n.255\n rule 80 permit ip source 192.168.40.0 0.0.0.255 destination 192.168.140.0 0.0.0\n.255\n rule 85 permit ip source 192.168.50.0 0.0.0.255 destination 192.168.110.0 0.0.0\n.255\n rule 90 permit ip source 192.168.50.0 0.0.0.255 destination 192.168.120.0 0.0.0\n.255\n rule 95 permit ip source 192.168.50.0 0.0.0.255 destination 192.168.130.0 0.0.0\n.255\n rule 100 permit ip source 192.168.50.0 0.0.0.255 destination 192.168.140.0 0.0.\n0.255\n rule 105 permit ip source 192.168.60.0 0.0.0.255 destination 192.168.110.0 0.0.\n0.255\n rule 110 permit ip source 192.168.60.0 0.0.0.255 destination 192.168.120.0 0.0.\n0.255\n rule 115 permit ip source 192.168.60.0 0.0.0.255 destination 192.168.130.0 0.0.\n0.255\n rule 120 permit ip source 192.168.60.0 0.0.0.255 destination 192.168.140.0 0.0.\n0.255\n rule 125 permit ip source 192.168.70.0 0.0.0.255 destination 192.168.110.0 0.0.\n0.255\n rule 130 permit ip source 192.168.70.0 0.0.0.255 destination 192.168.120.0 0.0.\n0.255\n rule 135 permit ip source 192.168.70.0 0.0.0.255 destination 192.168.130.0 0.0.\n0.255\n rule 140 permit ip source 192.168.70.0 0.0.0.255 destination 192.168.140.0 0.0.\n0.255\n rule 145 permit ip source 192.168.82.0 0.0.0.255 destination 192.168.110.0 0.0.\n0.255\n rule 150 permit ip source 192.168.82.0 0.0.0.255 destination 192.168.120.0 0.0.\n0.255\n rule 155 permit ip source 192.168.82.0 0.0.0.255 destination 192.168.130.0 0.0.\n0.255\n rule 160 permit ip source 192.168.82.0 0.0.0.255 destination 192.168.140.0 0.0.\n0.255\n#\nipsec proposal ipsecp\n esp authentication-algorithm sha1\n esp encryption-algorithm 3des\n#\nike proposal 1\n encryption-algorithm 3des\n dh group14\n authentication-algorithm sha2-256\n authentication-method pre-share\n integrity-algorithm hmac-sha2-256\n prf hmac-sha2-256\n#\nike peer fb\n pre-shared-key %^%#y!\"C*l^6_O1m;`\/#ug@!!_WsC=5W!=+:,3HNM}61%^%#\n ike-proposal 1\n remote-address 200.200.200.2\n#\nipsec policy ipsecp 1 isakmp\n security acl 3000\n ike-peer fb\n proposal ipsecp\n#\ninterface GigabitEthernet0\/0\/0\n undo shutdown\n ip binding vpn-instance default\n ip address 192.168.90.17 255.255.255.252\n alias GE0\/METH\n#\ninterface GigabitEthernet1\/0\/0\n undo shutdown\n ip address 192.168.90.21 255.255.255.252\n#\ninterface GigabitEthernet1\/0\/1\n undo shutdown\n ip address 192.168.90.25 255.255.255.252\n#\ninterface GigabitEthernet1\/0\/2\n undo shutdown\n ip address 100.100.100.2 255.255.255.252\n service-manage https permit\n service-manage ping permit\n ipsec policy ipsecp\n#\nfirewall zone local\n set priority 100\n#\nfirewall zone trust\n set priority 85\n add interface GigabitEthernet0\/0\/0\n add interface GigabitEthernet1\/0\/0\n#\nfirewall zone untrust\n set priority 5\n add interface GigabitEthernet1\/0\/2\n#\nfirewall zone dmz\n set priority 50\n add interface GigabitEthernet1\/0\/1\n#\nospf 1\n default-route-advertise always\n area 0.0.0.0\n  network 192.168.90.16 0.0.0.3\n  network 192.168.90.20 0.0.0.3\n  network 192.168.90.24 0.0.0.3\n#\nip route-static 0.0.0.0 0.0.0.0 100.100.100.1\n#\nsecurity-policy\n rule name 111\n  source-zone dmz\n  destination-zone untrust\n  action permit\n rule name 112\n  source-zone trust\n  destination-zone untrust\n  action permit\n rule name 113\n  source-zone trust\n  destination-zone dmz\n  action permit\n rule name 114\n  source-zone trust\n  destination-zone local\n  action permit\n rule name 115\n  source-zone local\n  destination-zone untrust\n  action permit\n rule name 116\n  source-zone untrust\n  destination-zone local\n  source-address 200.200.200.2 mask 255.255.255.255\n  action permit\n rule name 117\n  source-zone local\n  destination-zone trust\n  action permit\n rule name 118\n  source-zone local\n  destination-zone dmz\n  action permit\n rule name 119\n  source-zone untrust\n  destination-zone dmz\n  action permit\n rule name 120\n  source-zone untrust\n  destination-zone trust\n  source-address 192.168.0.0 mask 255.255.0.0\n  action permit\n#\n#\nnat-policy\n rule name 123\n  source-zone dmz\n  source-zone trust\n  destination-zone untrust\n  destination-address 123.123.123.123 mask 255.255.255.255\n  action source-nat easy-ip\n#\nreturn\n[ZB_FW]  <\/code><\/pre>\n\n\n\n
\u5206\u516c\u53f8\u9632\u706b\u5899\u914d\u7f6e\uff1a<\/p>\n\n\n\n
[FB_FW]dis current-configuration \n2025-04-17 04:23:17.850 \n!Software Version V500R005C10SPC300\n#\nsysname FB_FW\n#\nacl number 3000\n rule 5 permit ip source 192.168.110.0 0.0.0.255 destination 192.168.10.0 0.0.0.\n255\n rule 10 permit ip source 192.168.120.0 0.0.0.255 destination 192.168.10.0 0.0.0\n.255\n rule 15 permit ip source 192.168.130.0 0.0.0.255 destination 192.168.10.0 0.0.0\n.255\n rule 20 permit ip source 192.168.140.0 0.0.0.255 destination 192.168.10.0 0.0.0\n.255\n rule 25 permit ip source 192.168.110.0 0.0.0.255 destination 192.168.20.0 0.0.0\n.255\n rule 30 permit ip source 192.168.120.0 0.0.0.255 destination 192.168.20.0 0.0.0\n.255\n rule 35 permit ip source 192.168.130.0 0.0.0.255 destination 192.168.20.0 0.0.0\n.255\n rule 40 permit ip source 192.168.140.0 0.0.0.255 destination 192.168.20.0 0.0.0\n.255\n rule 45 permit ip source 192.168.110.0 0.0.0.255 destination 192.168.30.0 0.0.0\n.255\n rule 50 permit ip source 192.168.120.0 0.0.0.255 destination 192.168.30.0 0.0.0\n.255\n rule 55 permit ip source 192.168.130.0 0.0.0.255 destination 192.168.30.0 0.0.0\n.255\n rule 60 permit ip source 192.168.140.0 0.0.0.255 destination 192.168.30.0 0.0.0\n.255\n rule 65 permit ip source 192.168.110.0 0.0.0.255 destination 192.168.40.0 0.0.0\n.255\n rule 70 permit ip source 192.168.120.0 0.0.0.255 destination 192.168.40.0 0.0.0\n.255\n rule 75 permit ip source 192.168.130.0 0.0.0.255 destination 192.168.40.0 0.0.0\n.255\n rule 80 permit ip source 192.168.140.0 0.0.0.255 destination 192.168.40.0 0.0.0\n.255\n rule 85 permit ip source 192.168.110.0 0.0.0.255 destination 192.168.50.0 0.0.0\n.255\n rule 90 permit ip source 192.168.120.0 0.0.0.255 destination 192.168.50.0 0.0.0\n.255\n rule 95 permit ip source 192.168.130.0 0.0.0.255 destination 192.168.50.0 0.0.0\n.255\n rule 100 permit ip source 192.168.140.0 0.0.0.255 destination 192.168.50.0 0.0.\n0.255\n rule 105 permit ip source 192.168.110.0 0.0.0.255 destination 192.168.60.0 0.0.\n0.255\n rule 110 permit ip source 192.168.120.0 0.0.0.255 destination 192.168.60.0 0.0.\n0.255\n rule 115 permit ip source 192.168.130.0 0.0.0.255 destination 192.168.60.0 0.0.\n0.255\n rule 120 permit ip source 192.168.140.0 0.0.0.255 destination 192.168.60.0 0.0.\n0.255\n rule 125 permit ip source 192.168.110.0 0.0.0.255 destination 192.168.70.0 0.0.\n0.255\n rule 130 permit ip source 192.168.120.0 0.0.0.255 destination 192.168.70.0 0.0.\n0.255\n rule 135 permit ip source 192.168.130.0 0.0.0.255 destination 192.168.70.0 0.0.\n0.255\n rule 140 permit ip source 192.168.140.0 0.0.0.255 destination 192.168.70.0 0.0.\n0.255\n rule 145 permit ip source 192.168.110.0 0.0.0.255 destination 192.168.82.0 0.0.\n0.255\n rule 150 permit ip source 192.168.120.0 0.0.0.255 destination 192.168.82.0 0.0.\n0.255\n rule 155 permit ip source 192.168.130.0 0.0.0.255 destination 192.168.82.0 0.0.\n0.255\n rule 160 permit ip source 192.168.140.0 0.0.0.255 destination 192.168.82.0 0.0.\n0.255\n#\n#\nipsec proposal ipsecp\n esp authentication-algorithm sha1\n esp encryption-algorithm 3des\n#\nike proposal 1\n encryption-algorithm 3des\n dh group14\n authentication-algorithm sha2-256\n authentication-method pre-share\n integrity-algorithm hmac-sha2-256\n prf hmac-sha2-256\n#\nike peer zb\n pre-shared-key %^%#iwUwJ{gw!QV:O@T~CP[>|EtTEg]A\/VSz.0H6t}};%^%#\n ike-proposal 1\n remote-address 100.100.100.2\n#\nipsec policy ipsecp 1 isakmp\n security acl 3000\n ike-peer zb\n proposal ipsecp\n#\n role system-admin\n role device-admin\n role device-admin(monitor)\n role audit-admin\n bind manager-user audit-admin role audit-admin\n bind manager-user admin role system-admin\n#\nl2tp-group default-lns\n#\ninterface GigabitEthernet0\/0\/0\n undo shutdown\n ip binding vpn-instance default\n ip address 192.168.0.1 255.255.255.0\n alias GE0\/METH\n#\ninterface GigabitEthernet1\/0\/0\n undo shutdown\n ip address 192.168.100.1 255.255.255.252\n#\ninterface GigabitEthernet1\/0\/1\n undo shutdown\n ip address 200.200.200.2 255.255.255.252\n service-manage https permit\n service-manage ping permit\n ipsec policy ipsecp\n#\nfirewall zone trust\n set priority 85\n add interface GigabitEthernet0\/0\/0\n add interface GigabitEthernet1\/0\/0\n#\nfirewall zone untrust\n set priority 5\n add interface GigabitEthernet1\/0\/1\n#\nfirewall zone dmz\n set priority 50\n#\nip route-static 0.0.0.0 0.0.0.0 200.200.200.1\nip route-static 192.168.110.0 255.255.255.0 192.168.100.2\nip route-static 192.168.120.0 255.255.255.0 192.168.100.2\nip route-static 192.168.130.0 255.255.255.0 192.168.100.2\nip route-static 192.168.140.0 255.255.255.0 192.168.100.2\n#\nsecurity-policy\n rule name 111\n  source-zone trust\n  destination-zone untrust\n  action permit\n rule name 112\n  source-zone trust\n  destination-zone local\n  action permit\n rule name 113\n  source-zone local\n  destination-zone untrust\n  action permit\n rule name 114\n  source-zone untrust\n  destination-zone local\n  source-address 100.100.100.2 mask 255.255.255.255\n  action permit\n rule name 115\n  source-zone untrust\n  destination-zone trust\n  source-address 192.168.0.0 mask 255.255.0.0\n  action permit\n#\nnat-policy\n rule name 123\n  source-zone trust\n  destination-zone untrust\n  destination-address 123.123.123.123 mask 255.255.255.255\n  action source-nat easy-ip\n#\nreturn\n[FB_FW]<\/code><\/pre>\n\n\n\n
\u603b\u90e8\u63a5\u5165\u4ea4\u6362\u673a\u914d\u7f6e\uff1a<\/p>\n\n\n\n
[A_SW1]dis current-configuration \n#\nsysname A_SW1\n#\nvlan batch 10 81 to 83\n#\nstp region-configuration\n region-name abc\n instance 1 vlan 10\n instance 2 vlan 20\n instance 3 vlan 30\n instance 4 vlan 40\n instance 5 vlan 50\n instance 6 vlan 60\n instance 7 vlan 70\n instance 8 vlan 80\n instance 9 vlan 81\n instance 10 vlan 82\n instance 11 vlan 83\n active region-configuration\n#\ninterface Ethernet0\/0\/1\n port link-type access\n port default vlan 10\n#\ninterface Ethernet0\/0\/2\n port link-type trunk\n port trunk pvid vlan 81\n port trunk allow-pass vlan 2 to 4094\n#\ninterface Ethernet0\/0\/3\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\ninterface Ethernet0\/0\/4\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\nreturn\n[A_SW1]<\/code><\/pre>\n\n\n\n
AC\u4ea4\u6362\u673a\u914d\u7f6e\uff1a<\/p>\n\n\n\n
[AC_SW]dis current-configuration \n#\nsysname AC_SW\n#\nvlan batch 98 to 100\n#\ninterface Vlanif98\n ip address 192.168.90.29 255.255.255.252\n#\ninterface Vlanif99\n ip address 192.168.90.33 255.255.255.252\n#\ninterface Vlanif100\n ip address 192.168.90.38 255.255.255.252\n#\ninterface Ethernet0\/0\/1\n port link-type access\n port default vlan 98\n stp disable\n#\ninterface Ethernet0\/0\/2\n port link-type access\n port default vlan 99\n stp disable\n#\ninterface Ethernet0\/0\/3\n port link-type access\n port default vlan 100\n stp disable\n#\nospf 1\n area 0.0.0.0\n  network 192.168.90.36 0.0.0.3\n  network 192.168.90.32 0.0.0.3\n  network 192.168.90.28 0.0.0.3\n#\nreturn\n[AC_SW]<\/code><\/pre>\n\n\n\n
\u673a\u623f\u4ea4\u6362\u673a\u7684\u914d\u7f6e\uff1a<\/p>\n\n\n\n
[JF_SW]dis current-configuration \n#\nsysname JF_SW\n#\nvlan batch 70 97\n#\ninterface Vlanif70\n ip address 192.168.70.254 255.255.255.0\n#\ninterface Vlanif97\n ip address 192.168.90.26 255.255.255.252\n#\ninterface GigabitEthernet0\/0\/1\n port link-type access\n port default vlan 70\n#\ninterface GigabitEthernet0\/0\/2\n port link-type access\n port default vlan 70\n#\ninterface GigabitEthernet0\/0\/3\n port link-type access\n port default vlan 70\n#\ninterface GigabitEthernet0\/0\/4\n port link-type access\n port default vlan 97\n#\nospf 1\n area 0.0.0.0\n  network 192.168.90.24 0.0.0.3\n  network 192.168.70.0 0.0.0.255\n#\nreturn\n[JF_SW]<\/code><\/pre>\n\n\n\n
ISP\u8def\u7531\u5668\u7684\u914d\u7f6e\uff1a<\/p>\n\n\n\n
[ISP]dis current-configuration \n[V200R003C00]\n#\n sysname ISP\n#\ninterface GigabitEthernet0\/0\/0\n ip address 100.100.100.1 255.255.255.252 \n#\ninterface GigabitEthernet0\/0\/1\n ip address 200.200.200.1 255.255.255.252 \n#\ninterface LoopBack0\n ip address 123.123.123.123 255.255.255.255 \n#\nreturn\n[ISP]<\/code><\/pre>\n\n\n\n
\u5206\u90e8\u8def\u7531\u5668\u914d\u7f6e\uff1a<\/p>\n\n\n\n
[FB_R]dis current-configuration \n[V200R003C00]\n#\n sysname FB_R\n#\nvlan batch 110 120 130 140\n#\ndhcp enable\n#\ninterface Vlanif110\n ip address 192.168.110.254 255.255.255.0 \n dhcp select interface\n#\ninterface Ethernet4\/0\/0\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\ninterface Ethernet4\/0\/1\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\ninterface GigabitEthernet0\/0\/0\n ip address 192.168.100.2 255.255.255.252 \n#\nip route-static 0.0.0.0 0.0.0.0 192.168.100.1\n\nreturn\n[FB_R]<\/code><\/pre>\n\n\n\n
\u5206\u90e8\u6c47\u805a\u4ea4\u6362\u673a\u914d\u7f6e\uff1a<\/p>\n\n\n\n
[FB_A_SW1]dis current-configuration\n#\nsysname FB_A_SW1\n#\nvlan batch 110 120\n#\ninterface GigabitEthernet0\/0\/1\n port link-type access\n port default vlan 110\n#\ninterface GigabitEthernet0\/0\/2\n port link-type access\n port default vlan 120\n#\ninterface GigabitEthernet0\/0\/3\n port link-type trunk\n port trunk allow-pass vlan 2 to 4094\n#\nreturn\n[FB_A_SW1] <\/code><\/pre>\n\n\n\n
\u6ce8\u610f\uff1a<\/h3>\n\n\n\n
1\u3001\u6838\u5fc3\u5c42\u4e0d\u5b58\u5728\u4e8c\u5c42\u73af\u8def\u7684\u533a\u57df\u53ef\u4ee5\u5728\u76f8\u5e94\u7684\u63a5\u53e3\u4e0a\u9762\u5173\u95edSTP\u529f\u80fd\u3002<\/p>\n\n\n\n
2\u3001AC\u4e0eAP\u901a\u8fc7\u4e09\u5c42\u8fde\u63a5\u9700\u8981DHCP\u7ed9AP\u5206\u914dIP\u7684\u540c\u65f6\u901a\u8fc7option 43\u6307\u5b9aAC\u7684IP\u5730\u5740<\/p>\n\n\n\n
3\u3001STP\u57df\u8981\u6210\u7acb\u5fc5\u987b\u4fdd\u8bc1\u6240\u6709\u57df\u5185\u4ea4\u6362\u673a\u7684stp instance\u6570\u91cf\u53ca\u5185\u5bb9\u5fc5\u987b\u4e00\u81f4\u3002<\/p>\n\n\n\n
4\u3001DHCP\u670d\u52a1\u5668\u7ed9\u5ba2\u6237\u7aef\u5206\u914dIP\u5fc5\u987b\u4fdd\u8bc1\u4ed6\u4eec\u76f4\u63a5\u7684\u8def\u7531\u914d\u7f6e\u6b63\u786e\u3002<\/p>\n\n\n\n
5\u3001\u9632\u706b\u5899\u914d\u7f6evpn\u9700\u8981\u5f00\u542f\u76f8\u5e94\u7684\u6570\u636e\u8fdb\u5165\u7684\u6743\u9650\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u5b9e\u9a8c\u9700\u6c42\uff1a \u67d0\u4f01\u4e1a\u6709\u603b\u90e8\u4e0e\u5206\u90e8\u4e24\u4e2a\u529e\u516c\u5730\u70b9\uff0c\u8981\u6c42\u5b8c\u6210\u7f51\u7edc\u8bbe\u8ba1\uff0c\u4e3b\u8981\u5b9e\u73b0\u4ee5\u4e0b\u9700\u6c42\uff1a1.\u603b\u516c\u53f8\u5185\u90e8\u5168\u90e8\u4f7f\u7528ospf […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"aside","meta":{"footnotes":""},"categories":[7],"tags":[39],"class_list":["post-1044","post","type-post","status-publish","format-aside","hentry","category-7","tag-vpn","post_format-post-format-aside"],"_links":{"self":[{"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/posts\/1044","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1044"}],"version-history":[{"count":29,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/posts\/1044\/revisions"}],"predecessor-version":[{"id":1075,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/posts\/1044\/revisions\/1075"}],"wp:attachment":[{"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1044"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1044"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1044"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}