欢迎光临
我还在努力中···

爱快酒店多业务网络配置案例

场景说明:
1.      业务流量包括酒店内部办公网络、WiFi、视频监控、VoIP语音、客房IPTV;2.      所有不同业务流量使用不同VLAN区分;
3.      所有网络设备使用单独的VLAN和网段进行管理;
4.      单独LAN2口镜像WAN口所有流量用于对接网监设备;
5.      使用DHCP SNOOPING防止非法DHCP服务器影响;
6.      客房使用W6双频面板AP,前面板有线接口连接电视机用于播放IPTV;
7.      IPTV直播业务使用组播流;
8.      前台WiFi使用不同SSID和VLAN ID来区分客人和办公网络;
9.      核心交换机做三层转发,客户端通过核心交换机DHCP relay功能获取由爱快路由分配的IP地址。

爱快路由相关配置

华为核心交换机配置

!Software Version V200R010C00SPC600
#
sysname hexin-SW
#
vlan batch 10 30 50 80 110 255
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name multi_authen_profile
#
igmp-snooping enable
#
telnet server enable
#
lldp enable
#
dhcp enable
#
radius-server template default
#
pki realm default
certificate-check none                  
#
acl number 2000
rule 5 permit source 239.3.3.1 0
rule 10 permit source 239.3.3.20
rule 15 permit source 239.3.3.30
rule 20 permit source 239.3.3.40
rule 25 permit source 239.3.3.50
rule 30 permit source 239.3.3.60
rule 35 permit source 239.3.3.70
rule 40 permit source 239.3.3.80
rule 45 permit source 239.3.3.90
rule 50 permit source 239.3.3.100
rule 55 permit source 239.3.3.110
rule 60 permit source 239.3.3.120
rule 65 permit source 239.3.3.130
rule 70 permit source 239.3.3.140
rule 75 permit source 239.3.3.150
rule 80 permit source 239.3.3.160
rule 85 permit source 239.3.3.170
rule 90 permit source 239.3.3.180
rule 95 permit source 239.3.3.190
rule 100 permit source239.3.3.20 0
rule 105 permit source239.3.3.21 0
rule 110 permit source239.3.3.22 0
rule 115 permit source239.3.3.23 0
rule 120 permit source239.3.3.24 0
rule 125 permit source239.3.3.25 0
rule 130 permit source239.3.3.26 0
rule 135 permit source239.3.3.27 0
rule 140 permit source239.3.3.28 0
rule 145 permit source239.3.3.29 0
rule 150 permit source239.3.3.30 0
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
vlan 10
description public
vlan 30
description insider
vlan 50
name TEL
vlan 80
name IPTV
multicast drop-unknown
igmp-snooping enable
igmp-snooping version 3                  
igmp-snooping querier enable
igmp-snooping group-policy 2000
vlan 110
name CAM
vlan 255
description Mange
#
aaa
authentication-scheme default
authentication-scheme radius
  authentication-mode radius
authorization-scheme default
accounting-scheme default
local-aaa-user password policyadministrator
  password expire 0
domain default                           
  authentication-scheme radius
  radius-server default
domain default_admin
  authentication-scheme default
local-user admin passwordirreversible-cipher$1a$84>b@LFZ<#$d]<_83dOTFC$XA~V=Qh3--p.$J\i@Yy1%$22*:_@$
local-user admin privilege level15
local-user admin service-typetelnet terminal ssh ftp x25-pad http
#
interface Vlanif1
#
interface Vlanif10
ip address 10.10.1.254255.255.254.0
dhcp select relay
dhcp relay server-ip 10.255.0.1
#
interface Vlanif30
ip address 10.30.0.254255.255.255.0
dhcp select relay
dhcp relay server-ip 10.255.0.1
#
interface Vlanif50
ip address 192.168.5.1255.255.255.0
#
interface Vlanif80                        
ip address 10.8.8.1255.255.255.0
dhcp select relay
dhcp relay server-ip 10.255.0.1
#
interface Vlanif110
ip address 192.168.110.1255.255.255.0
dhcp select relay
dhcp relay server-ip 10.255.0.1
#
interface Vlanif255
ip address 10.255.0.2255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 80
port hybrid untagged vlan 80
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to4094
stp edged-port enable
#                                         
interface GigabitEthernet0/0/3
port default vlan 30
stp edged-port enable
#
interface GigabitEthernet0/0/4
port default vlan 30
stp edged-port enable
#
interface GigabitEthernet0/0/5
port default vlan 30
stp edged-port enable
#
interface GigabitEthernet0/0/6
port default vlan 30
stp edged-port enable
#
interface GigabitEthernet0/0/7
port default vlan 110
stp edged-port enable
#
interface GigabitEthernet0/0/8
port default vlan 110
stp edged-port enable
#                                         
interface GigabitEthernet0/0/9
port default vlan 110
stp edged-port enable
#
interface GigabitEthernet0/0/10
port default vlan 50
stp edged-port enable
#
interface GigabitEthernet0/0/11
port default vlan 50
stp edged-port enable
#
interface GigabitEthernet0/0/12shwo
port default vlan 50
stp edged-port enable
#
interface GigabitEthernet0/0/13
port link-type access
port default vlan 50
#
interface GigabitEthernet0/0/14
port link-type access
port default vlan 50
stp edged-port enable                    
#
interface GigabitEthernet0/0/15
port link-type access
port default vlan 50
#
interface GigabitEthernet0/0/16
port link-type access
port default vlan 50
#
interface GigabitEthernet0/0/17
port link-type trunk
port trunk allow-pass vlan 2 to4094
#
interface GigabitEthernet0/0/18
port link-type trunk
port trunk allow-pass vlan 2 to4094
#
interface GigabitEthernet0/0/19
port link-type trunk
port trunk allow-pass vlan 2 to4094
#
interface GigabitEthernet0/0/20
port link-type trunk                     
port trunk allow-pass vlan 2 to4094
#
interface GigabitEthernet0/0/21
port link-type trunk
port trunk allow-pass vlan 2 to4094
#
interface GigabitEthernet0/0/22
port link-type trunk
port trunk allow-pass vlan 2 to4094
#
interface GigabitEthernet0/0/23
port link-type trunk
port trunk allow-pass vlan 2 to4094
#
interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan 2 to4094
#
interface GigabitEthernet0/0/25
port link-type trunk
port trunk allow-pass vlan 2 to4094
#
interface GigabitEthernet0/0/26
#                                         
interface GigabitEthernet0/0/27
port default vlan 110
#
interface GigabitEthernet0/0/28
port default vlan 110
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.255.0.1
#
snmp-agent
snmp-agent local-engineid 800007DB037858603EC7F0
snmp-agent community read cipher%^%#s.uh"^_4#O2/jHCNyzb<yrQ0&E@V#DurOIAOONh%$vFR/Xp1=/<(66Hl.6e>xL{tYaTp@L:sk|"6U=jF%^%#
snmp-agent sys-info version v2c
undo snmp-agent sys-info version v3
#
user-interface con 0
authentication-mode aaa
user-interface vty 0 4
authentication-mode aaa
protocol inbound telnet
user-interface vty 16 20
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
Return

IK-J35 POE交换机配置

#
versionPS5024-PWR-EIR005
#
sysnameJ35-1
#
lldp enable
#
dhcp-snooping
#
ip route0.0.0.0 0.0.0.0 10.255.0.1 metric 60
#
stp domain-configuration
stp instance0 vlan 1 to 4094
activatedomain-configuration
#
radius scheme system
#
domain system
#
local-user admin
passwordcipher TGT7O'\G->R30M7YYP^Q4!!!
service-typeweb
#
igmp-snooping
version 3
drop-unknown
#
vlan 1
#
vlan 10
#
vlan 30
#
vlan 80
igmp-snooping enable
#
vlan 255
#
port-group-vlan 1
#
interface vlan-interface 255
ip address10.255.0.11 255.255.255.0
#
interface GigabitEthernet1/0/1
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#            
interface GigabitEthernet1/0/2
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/3
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/4
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/5
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poeenable   
#
interface GigabitEthernet1/0/6
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/7
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/8
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/9
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/10
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/11
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/12
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/13
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/14
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/15
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/16
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/17
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/18
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/19
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/20
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/21
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/22
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
port trunkpvid vlan 255
poe enable
#
interface GigabitEthernet1/0/23
port link-type trunk
port trunkpermit vlan 1 10 30 80 255
dhcp-snooping trust
#
interface GigabitEthernet1/0/24
portlink-type trunk
port trunkpermit vlan 1 10 30 80 255
dhcp-snooping trust
#
interface GigabitEthernet1/0/25
#
interface GigabitEthernet1/0/26
#
interface GigabitEthernet1/0/27
#
interface GigabitEthernet1/0/28
#
user-interface aux 0
user-interface vty 0
setauthentication password cipher TGT7O'\G->R30M7YYP^Q4!!!
user-interface vty 1
setauthentication password cipher TGT7O'\G->R30M7YYP^Q4!!!
#
return
赞(1) 打赏
未经允许不得转载:Coffee丶Mr » 爱快酒店多业务网络配置案例

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏