• 华三中小企业组网

    一、组网需求

    在中小园区中,S5130系列或S5130S系列以太网交换机通常部署在网络的接入层,S5560X系列或S6520X系列以太网交换机通常部署在网络的核心,出口路由器一般选用MSR系列路由器。

    • 核心交换机配置VRRP保证网络可靠性。
    • 园区网中不同的业务部门划分到不同的VLAN中,部门间的业务在核心交换机上通过VLAN接口三层互通。
    • 核心交换机作为DHCP服务器,为园区网用户分配IP地址。
    • 接入交换机上配置DHCP Snooping功能,防止内网用户私接小路由器分配IP地址;同时配置IP Source Guard功能,防止内网用户私自更改IP地址。
    • 在出口路由器上对双向流量配置基于IP的限速。

    二、配置思路与数据规划

    (1)     登录设备

    (2)     配置管理IP地址和Telnet功能

    (3)     配置网络互连互通

    (4)     配置核心交换机DHCP功能

    (5)     配置核心交换机OSPF功能

    (6)     配置核心交换可靠性功能

    (7)     配置限速

    配置数据表

    配置步骤

    配置项

    配置数据

    说明

    登录设备

    通过Console口登录

    设置传输速率等通信参数

    PC端通过终端仿真软件登录设备

    配置管理IP和telnet功能管理VLANVLAN 5

    交换机缺省VLAN为VLAN 1。一般不将其配置为管理VLAN

    本文将VLAN5配置为管理VLAN

    管理用以太网口或管理VLAN接口IP地址10.10.1.1/24

    此处以ACCSW1为例。

    有管理用以太网口的交换机,可为管理用以太网口M-GigabitEthernet0/0/0配置IP地址用于登录交换机。

    没有管理用以太网口的交换机,可为管理VLAN接口配置IP地址。

    配置接口和VLAN端口类型连接交换机的端口建议设置为trunk,连接PC的端口设置为access。

    trunk类型端口一般用于连接交换机。

    access类型端口一般用于连接PC。

    hybrid类型端口是通用端口,既可以用来连接交换机,也可用来连接PC。

    VLAN ID

    ACCSW1:VLAN 10、20

    CORESW1:VLAN 10、20、30、40、50、100、300

    为实现部门A和部门B二层隔离,将部门A划分到VLAN10中,部门B划分到VLAN20中。

    核心交换机1通过Vlan-int100连接出口路由器

    核心交换机上配置DHCP服务器功能DHCP ServerCORESW1、CORESW2在核心交换机1、核心交换机2上部署DHCPServer
    地址池

    VLAN 10:ip pool 10

    VLAN 20:ip pool 20

    部门A的终端从ip pool 10中获取IP地址

    部门B的终端从ip pool 20中获取IP地址

    地址分配方式基于全局地址池
    配置核心交换机路由IP地址

    以CORESW1为例:

    Vlan-int10:192.168.10.1/24

    Vlan-int20:192.168.20.1/24

    Vlan-int100:172.16.1.1/24

    Vlan-int300:172.16.3.1/24

    Vlan-int100用于核心交换机1与园区出口路由器对接。Vlan-int300用于核心交换机1与核心交换机2对接

    在核心交换机1上配置Vlan-int10、Vlan-int20的IP地址后,部门A与部门B之间可以通过核心交换机1互访

    配置出口路由器公网接口的IP地址GE0/0:202.101.100.2/30GE0/0为出口路由器连接Internet的接口,一般称为公网接口
    公网网关202.101.100.1/30该地址是与出口路由器对接的运营商设备的IP地址,出口路由器上需要配置一条缺省路由指向该地址,用于指导内网流量转发至Internet
    DNS地址202.101.100.199DNS服务器用于将域名解析成IP地址
    内网接口的IP地址

    GE0/1:172.16.1.2/24

    GE0/2:172.16.2.2/24

    		GE0/1、GE0/2为出口路由器连接内网的接口,GE0/1连接主设备,GE0/2连接备设备
    在接入交换机上配置DHCP Snooping和IP Source Guard信任接口

    GE1/0/1

    GE1/0/2

    		配置信任接口后,用户只会接收从信任接口进入的DHCP报文,防止内网私接小路由器为主机分配IP地址

    三、配置步骤

    3.1 配置接入交换机

    PS:接入交换机ACCSW1、ACCSW2、ACCSW3和ACCSW4的配置基本相同。本文以配置接入交换机ACCSW1为例说明配置方法。

    3.1.1 通过Console口首次登录设备

    # 将PC断电。

    因为PC的串口不支持热插拔,请不要在PC带电的情况下,将串口线插入或者拔出PC。

    # 使用产品随机附带的配置口电缆连接PC机和设备。请先将配置口电缆的DB-9(孔)插头插入PC机的9芯(针)串口中,再将RJ-45插头端插入设备的Console口中。

    将设备与PC通过配置口电缆进行连接。

    # 给PC上电。

    # 在PC上打开终端仿真程序,按照要求设置终端参数。

    终端参数设置:

    参数

    波特率

    9600

    数据位

    8

    停止位

    1

    奇偶校验

    流量控制

    # 给设备上电。

    在设备自检结束后,用户可键入回车进入命令交互界面。

    PS:缺省情况下,通过Console登录设备的认证方式为None,即不需要用户名、密码即可登录设备。首次登录后,建议修改通过Console口登录设备的认证方式以增强设备的安全性。

    3.1.2 配置IP地址和Telnet

    # 创建VLAN 5,并将接口Ten-GigabitEthernet1/0/10加入到VLAN 5中。假设连接网管的接口是Ten-GigabitEthernet1/0/10。

    1.  system-view
    2. System View: return to User View with Ctrl+Z.
    3. [Sysname] sysname ACCSW1
    4. [ACCSW1] vlan 5
    5. [ACCSW1-vlan5] port ten-gigabitethernet 1/0/10
    6. [ACCSW1-vlan5] quit

    # 创建VLAN接口5,并将接口IP地址配置为10.10.1.1/24。

    1. [ACCSW1] interface vlan-interface 5
    2. [ACCSW1-Vlan-interface5] ip address 10.10.1.1 24
    3. [ACCSW1-Vlan-interface5] quit

    # 开启Telnet服务  。

    [ACCSW1] telnet server enable

    # 配置Telnet登录使用scheme认证方式。

    1. [ACCSW1] line vty 0 63
    2. [ACCSW1-line-vty0-63] authentication-mode scheme
    3. [ACCSW1-line-vty0-63] quit

    # 创建本地用户,并配置本地用户的密码、用户角色和服务类型。本例中用户名和密码均为admin,服务类型为telnet,用户角色为network-admin。

    1. [ACCSW1] local-user admin
    2. New local user added.
    3. [ACCSW1-luser-manage-admin] password simple hello12345
    4. [ACCSW1-luser-manage-admin] authorization-attribute user-role network-admin
    5. [ACCSW1-luser-manage-admin] service-type telnet
    6. [ACCSW1-luser-manage-admin] quit

    # 在终端上通过Telnet登录到设备,输入正确的用户名和密码后,出现用户视图的命令行提示符表示登录成功。

    1. C:\Users\Administrator> telnet 10.10.1.1
    2. ****************************************************************************** 
    3. * Copyright (c) 2004-2019 New H3C Technologies Co., Ltd. All rights reserved.* 
    4. * Without the owner's prior written consent,                                 * 
    5. * no decompiling or reverse-engineering shall be allowed.                    * 
    6. ****************************************************************************** 
    7.                                                                                 
    8. login: admin                                                                   
    9. Password:                                                                      
    10. ...

    PS:上述终端输出信息是以S5560X-30C-PWR-EI设备(Release 1118P07版本)为例。

    3.1.3  配置接口与VLAN

    # 在接入交换机上创建VLAN 10和VLAN 20。

    [ACCSW1] vlan 10 20

    # 将连接PC1的接口GigabitEthernet1/0/1加入VLAN 10,并配置为边缘端口。

    1. [ACCSW1] interface gigabitethernet 1/0/1
    2. [ACCSW1-GigabitEthernet1/0/1] port link-type access
    3. [ACCSW1-GigabitEthernet1/0/1] port acess vlan 10
    4. [ACCSW1-GigabitEthernet1/0/1] stp edged-port
    5. [ACCSW1-GigabitEthernet1/0/1] quit

    # 将连接PC1的接口GigabitEthernet1/0/2加入VLAN 20,并配置为边缘端口。

    1. [ACCSW1] interface gigabitethernet 1/0/2
    2. [ACCSW1-GigabitEthernet1/0/2] port link-type access
    3. [ACCSW1-GigabitEthernet1/0/2] port acess vlan 20
    4. [ACCSW1-GigabitEthernet1/0/2] stp edged-port
    5. [ACCSW1-GigabitEthernet1/0/2] quit

    # 将接口GigabitEthernet1/0/3和GigabitEthernet1/0/4的链路类型配置为Trunk并允许VLAN 10和VLAN 20的报文通过。

    1. [ACCSW1] interface gigabitethernet 1/0/3
    2. [ACCSW1-GigabitEthernet1/0/3] port link-type trunk
    3. [ACCSW1-GigabitEthernet1/0/3] port trunk permit vlan 10 20
    4. [ACCSW1-GigabitEthernet1/0/3] quit
    5. [ACCSW1] interface gigabitethernet 1/0/4
    6. [ACCSW1-GigabitEthernet1/0/4] port link-type trunk
    7. [ACCSW1-GigabitEthernet1/0/4] port trunk permit vlan 10 20
    8. [ACCSW1-GigabitEthernet1/0/4] quit

    # 查看ACCSW1上VLAN 10和VLAN 20的配置信息。

    1. [ACCSW1] display vlan 10
    2.  VLAN ID: 10
    3.  VLAN type: Static
    4.  Route interface: Not configured
    5.  Description: VLAN 0010
    6.  Name: VLAN 0010
    7.  Tagged ports:
    8.     GigabitEthernet1/0/3
    9.     GigabitEthernet1/0/4
    10.  Untagged ports:
    11.     GigabitEthernet1/0/1
    12.  
    13. [ACCSW1] display vlan 20
    14.  VLAN ID: 20
    15.  VLAN type: Static
    16.  Route interface: Not configured
    17.  Description: VLAN 0020
    18.  Name: VLAN 0020
    19.  Tagged ports:
    20.     GigabitEthernet1/0/3
    21.     GigabitEthernet1/0/4
    22.  Untagged ports:
    23.     GigabitEthernet1/0/2

    3.1.4 配置BPDU保护功能

    [ACCSW1] stp bpdu-protection

    3.1.5 配置DHCP snooping

    # 开启DHCP Snooping功能。

    [ACCSW1] dhcp snooping enable

    # 指定GigabitEthernet1/0/3为DHCP Snooping功能的信任端口。

    1. [ACCSW1] interface gigabitethernet 1/0/3
    2.  
    3. [ACCSW1-GigabitEthernet1/0/3] dhcp snooping trust
    4.  
    5. [ACCSW1-GigabitEthernet1/0/3] quit

    3.1.6 配置IP Source Guard

    # 开启接口GigabitEthernet1/0/1、GigabitEthernet1/0/2的IPv4接口绑定功能,绑定源IP地址和MAC地址,并启用接口的DHCP Snooping 表项记录功能。

    1. [ACCSW1] interface gigabitethernet 1/0/1
    2. [ACCSW1-GigabitEthernet1/0/1] ip verify source ip-address mac-address
    3. [ACCSW1-GigabitEthernet1/0/1] dhcp snooping binding record
    4. [ACCSW1-GigabitEthernet1/0/1] quit
    5. [ACCSW1] interface gigabitethernet 1/0/2
    6. [ACCSW1-GigabitEthernet1/0/2] ip verify source ip-address mac-address
    7. [ACCSW1-GigabitEthernet1/0/2] dhcp snooping binding record
    8. [ACCSW1-GigabitEthernet1/0/2] quit

    3.1.7 保存配置

    # 保存接入交换机上的配置(以ACCSW1为例)。

    1. [ACCSW1] save
    2. The current configuration will be written to the device. Are you sure? [Y/N]:y
    3. Please input the file name(*.cfg)[flash:/startup.cfg]
    4. (To leave the existing filename unchanged, press the enter key):
    5. flash:/startup.cfg exists, overwrite? [Y/N]:y
    6. Validating file. Please wait...
    7. Saved the current configuration to mainboard device successfully.

    3.2 配置核心交换机

    PS:核心交换机CORESW1和CORESW2的配置基本相同。本文如无特殊说明,以配置核心交换机CORESW1为例说明配置方法。 

    3.2.1 配置接口与VLAN

    # 创建VLAN 10、VLAN 20、VLAN 30、VLAN 40、VLAN 50、VLAN 100和VLAN 300。

    1.  system-view
    2. [Sysname] sysname CORESW1
    3. [CORESW1] vlan 10 20 30 40 50 100 300

    # 配置接口GigabitEthernet1/0/1的链路类型为Trunk,并允许VLAN 10和20的报文通过。

    1. [CORESW1] interface gigabitethernet 1/0/1
    2. [CORESW1-GigabitEthernet1/0/1] port link-type trunk
    3. [CORESW1-GigabitEthernet1/0/1] port trunk permit vlan 10 20
    4. [CORESW1-GigabitEthernet1/0/1] quit

    # 配置接口GigabitEthernet1/0/5的链路类型为Trunk,并允许VLAN 300的报文通过。

    1. [CORESW1] interface gigabitethernet 1/0/5
    2. [CORESW1-GigabitEthernet1/0/5] port link-type trunk
    3. [CORESW1-GigabitEthernet1/0/5] port trunk permit vlan 300
    4. [CORESW1-GigabitEthernet1/0/5] quit

    # 配置其他接口的链路类型并允许对应的VLAN通过,具体配置过程略。

    3.2.2 配置VLAN接口

    # 创建VLAN接口10,并将接口的IP地址配置为192.168.10.1/24。

    1. [CORESW1] interface vlan-interface 10
    2. [CORESW1-Vlan-interface10] ip address 192.168.10.1 24
    3. [CORESW1-Vlan-interface10] quit

    # 创建VLAN接口20,并将接口的IP地址配置为192.168.20.1/24。

    1. [CORESW1] interface vlan-interface 20
    2. [CORESW1-Vlan-interface20] ip address 192.168.20.1 24
    3. [CORESW1-Vlan-interface20] quit

    # 创建VLAN接口100,并将接口的IP地址配置为172.16.1.1/24。

    1. [CORESW1] interface vlan-interface 100
    2. [CORESW1-Vlan-interface100] ip address 172.16.1.1 24
    3. [CORESW1-Vlan-interface100] quit

    # 创建VLAN接口300,并将接口的IP地址配置为172.16.3.1/24。

    1. [CORESW1] interface vlan-interface 300
    2. [CORESW1-Vlan-interface300] ip address 172.16.3.1 24
    3. [CORESW1-Vlan-interface300] quit

    # 创建其他VLAN接口,并配置IP地址,具体配置过程略。

    # 查看CORESW1上VLAN 10、VLAN 20、VLAN 100、VLAN 300的配置信息。

    1. [CORESW1] display vlan 10
    2.  VLAN ID: 10
    3.  VLAN type: Static
    4.  Route interface: Configured
    5.  IPv4 address: 192.168.10.1
    6.  IPv4 subnet mask: 255.255.255.0
    7.  Description: VLAN 0010
    8.  Name: VLAN 0010
    9.  Tagged ports:
    10.     GigabitEthernet1/0/1
    11.  Untagged ports:   None
    12.  
    13. [CORESW1] display vlan 20
    14.  VLAN ID: 20
    15.  VLAN type: Static
    16.  Route interface: Configured
    17.  IPv4 address: 192.168.20.1
    18.  IPv4 subnet mask: 255.255.255.0
    19.  Description: VLAN 0020
    20.  Name: VLAN 0020
    21.  Tagged ports:
    22.     GigabitEthernet1/0/2
    23.  Untagged ports:   None
    24.  
    25. [CORESW1] display vlan 100
    26.  VLAN ID: 100
    27.  VLAN type: Static
    28.  Route interface: Configured
    29.  IPv4 address: 172.16.1.1
    30.  IPv4 subnet mask: 255.255.255.0
    31.  Description: VLAN 0100
    32.  Name: VLAN 0100
    33.  Tagged ports:   None
    34.  Untagged ports:   None
    35.  
    36. [CORESW1] display vlan 300
    37.  VLAN ID: 300
    38.  VLAN type: Static
    39.  Route interface: Configured
    40.  IPv4 address: 172.16.3.1
    41.  IPv4 subnet mask: 255.255.255.0
    42.  Description: VLAN 0300
    43.  Name: VLAN 0300
    44.  Tagged ports:
    45.     GigabitEthernet1/0/5
    46.  Untagged ports:   None

    3.2.3 配置VRRP备份

    正常情况下内网用户流量都上送到CORESW1进行处理,只有当CORESW1或CORESW1的上行链路出故障之后,VRRP备份组切换CORESW2为主设备,内网用户流量上送到CORESW2。

    # 在CORESW1上配置VRRP备份组功能。

    # 创建VRRP备份组1,并配置VRRP备份组1的虚拟IP地址为172.16.3.10。

    1. [CORESW1] interface vlan-interface 300
    2. [CORESW1-Vlan-interface300] vrrp vrid 1 virtual-ip 172.16.3.10

    # 设置CORESW1在VRRP备份组1中的优先级为120,高于CORESW2的优先级100,以保证CORESW1成为Master负责转发流量。

    [CORESW1-Vlan-interface300] vrrp vrid 1 priority 120

    # 设置CORESW1工作在抢占方式,以保证CORESW1故障恢复后,能再次抢占成为Master,即只要CORESW1正常工作,就由CORESW1负责转发流量。为了避免频繁地进行状态切换,配置抢占延迟时间为5000厘秒。

    1. [CORESW1-Vlan-interface300] vrrp vrid 1 preempt-mode delay 5000
    2. [CORESW1-Vlan-interface300] quit

    # 创建和上行接口GigabitEthernet1/0/7物理状态关联的Track项1。如果Track项的状态为Negative,则说明CORESW1的上行接口出现故障。

    1. [CORESW1] track 1 interface gigabitethernet 1/0/7
    2. [CORESW1-track-1] quit

    # 设置监视Track项。

    1. [CORESW1] interface vlan-interface 300
    2. [CORESW1-Vlan-interface300] vrrp vrid 1 track 1 priority reduced 30

    # 在CORESW2上配置VRRP备份组功能。创建VRRP备份组1,并配置VRRP备份组1的虚拟IP地址为172.16.3.10。

    1.  system-view
    2. [Sysname] sysname CORESW2
    3. [CORESW2] interface vlan-interface 300
    4. [CORESW2-Vlan-interface300] vrrp vrid 1 virtual-ip 172.16.3.10

    # 配置CORESW2在VRRP备份组1中的优先级为100。

    [CORESW2-Vlan-interface300] vrrp vrid 1 priority 100

    # 配置CORESW2工作在抢占方式,抢占延迟时间为5000厘秒。

    1. [CORESW2-Vlan-interface300] vrrp vrid 1 preempt-mode delay 5000
    2. [CORESW2-Vlan-interface300] quit

    # 在CORESW1上使用display vrrp verbose命令查询VRRP备份组信息。

    1. [CORESW1] display vrrp verbose
    2. IPv4 Virtual Router Information:
    3.  Running mode : Standard
    4.  Total number of virtual routers : 1
    5.    Interface Vlan-interface300
    6.      VRID             : 1                   Adver Timer  : 100
    7.      Admin Status     : Up                  State        : Master
    8.      Config Pri       : 120                 Running Pri  : 120
    9.      Preempt Mode     : Yes                 Delay Time   : 5000
    10.      Auth Type        : None
    11.      Virtual IP       : 172.16.3.10
    12.      Virtual MAC      : 0000-5e00-0101
    13.      Master IP        : 172.16.3.1
    14.    VRRP Track Information:
    15.      Track Object   : 1                   State : Positive   Pri Reduced : 30

    # 在CORESW2上使用display vrrp verbose命令查询VRRP备份组信息。

    1. [CORESW2] display vrrp verbose
    2. IPv4 Virtual Router Information:
    3.  Running mode : Standard
    4.  Total number of virtual routers : 1
    5.    Interface Vlan-interface300
    6.      VRID             : 1                   Adver Timer  : 100
    7.      Admin Status     : Up                  State        : Backup
    8.      Config Pri       : 100                 Running Pri  : 100
    9.      Preempt Mode     : Yes                 Delay Time   : 5000
    10.      Become Master    : 27810ms left
    11.      Auth Type        : None
    12.      Virtual IP       : 172.16.3.10
    13.      Virtual MAC      : 0000-5e00-0101
    14.      Master IP        : 172.16.3.1

    # 由此可见,VRRP备份组创建成功,CORESW1为Master设备,CORESW2为Backup设备。

    3.2.4 配置DHCP服务器,并查看配置

    # 开启DHCP服务。

    [CORESW1] dhcp enable

    # 创建DHCP地址池1,用来为192.168.10.0/24网段内的客户端分配动态IP地址,并配置DNS服务器地址、出口网关、租期,为打印机配置固定的IP地址192.168.10.254。

    1. [CORESW1] dhcp server ip-pool 1
    2. [CORESW1-dhcp-pool-1] network 192.168.10.0 mask 255.255.255.0
    3. [CORESW1-dhcp-pool-1] gateway-list 192.168.10.1
    4. [CORESW1-dhcp-pool-1] dns-list 202.101.100.199
    5. [CORESW1-dhcp-pool-1] expired day 30
    6. [CORESW1-dhcp-pool-1] static-bind ip-address 192.168.10.254 24 client-identifier aabb-cccc-dd
    7. [CORESW1-dhcp-pool-1] quit

    # 创建DHCP地址池2,用来为192.168.20.0/24网段内的客户端分配动态IP地址,并配置DNS服务器地址、出口网关、租期。

    1. [CORESW1] dhcp server ip-pool 2
    2. [CORESW1-dhcp-pool-2] network 192.168.20.0 mask 255.255.255.0
    3. [CORESW1-dhcp-pool-2] gateway-list 192.168.20.1
    4. [CORESW1-dhcp-pool-2] dns-list 202.101.100.199
    5. [CORESW1-dhcp-pool-2] expired day 30
    6. [CORESW1-dhcp-pool-2] quit

    # 配置VLAN接口10和VLAN接口20工作在DHCP服务器模式。

    1. [CORESW1] interface vlan-interface 10
    2. [CORESW1-Vlan-interface10] dhcp select server
    3. [CORESW1-Vlan-interface10] quit
    4. [CORESW1 interface vlan-interface 20
    5. [CORESW1-Vlan-interface20] dhcp select server
    6. [CORESW1-Vlan-interface20] quit

    # 使用display dhcp server pool命令查看DHCP地址池的信息。

    1. [CORESW1] display dhcp server pool
    2. Pool name: 1
    3.   Network: 192.168.10.0 mask 255.255.255.0
    4.   expired 30 0 0 0
    5.   gateway-list 192.168.10.1
    6.   static bindings:
    7.     ip-address 192.168.10.254 mask 255.255.255.0
    8.       client-identifier aabb-cccc-dd
    9. Pool name: 2
    10.   Network: 192.168.20.0 mask 255.255.255.0
    11.   expired 30 0 0 0
    12.   gateway-list 192.168.20.1

     3.2.5 配置OSPF

    CORESW1的OSPF配置。

    1. [CORESW1] ospf 100 router-id 2.2.2.2
    2. [CORESW1-ospf-100] area 0
    3. [CORESW1-ospf-100-area-0.0.0.0] network 172.16.1.0 0.0.0.255
    4. [CORESW1-ospf-100-area-0.0.0.0] network 172.16.3.0 0.0.0.255
    5. [CORESW1-ospf-100-area-0.0.0.0] network 192.168.10.0 0.0.0.255
    6. [CORESW1-ospf-100-area-0.0.0.0] network 192.168.20.0 0.0.0.255
    7. [CORESW1-ospf-100-area-0.0.0.0] quit
    8. [CORESW1-ospf-100] quit

    CORESW2的OSPF配置。

    1. [CORESW2] ospf 100 router-id 3.3.3.3
    2. [CORESW2-ospf-100] area 0
    3. [CORESW2-ospf-100-area-0.0.0.0] network 172.16.2.0 0.0.0.255
    4. [CORESW2-ospf-100-area-0.0.0.0] network 172.16.3.0 0.0.0.255
    5. [CORESW2-ospf-100-area-0.0.0.0] network 192.168.10.0 0.0.0.255
    6. [CORESW2-ospf-100-area-0.0.0.0] network 192.168.20.0 0.0.0.255
    7. [CORESW2-ospf-100-area-0.0.0.0] quit
    8. [CORESW2-ospf-100] quit

    # 使用display ospf peer命令查看CORESW1上的OSPF邻居信息。

    1. [CORESW1] display ospf peer
    2.  
    3.          OSPF Process 100 with Router ID 2.2.2.2
    4.                Neighbor Brief Information
    5.  
    6.  Area: 0.0.0.0
    7.  Router ID       Address         Pri Dead-Time  State             Interface
    8.  3.3.3.3         172.16.3.2      1   33         Full/DR           Vlan300

    # 使用display ospf peer命令查看CORESW2上的OSPF邻居信息。

    1. [CORESW2] display ospf peer
    2.  
    3.          OSPF Process 100 with Router ID 3.3.3.3
    4.                Neighbor Brief Information
    5.  
    6.  Area: 0.0.0.0
    7.  Router ID       Address         Pri Dead-Time  State             Interface
    8.  2.2.2.2         172.16.3.1      1   36         Full/BDR          Vlan300

    3.2.6 保存配置

    # 保存核心交换机上的配置(以CORESW1为例)。

    1. [CORESW1] save
    2. The current configuration will be written to the device. Are you sure? [Y/N]:y
    3. Please input the file name(*.cfg)[flash:/startup.cfg]
    4. (To leave the existing filename unchanged, press the enter key):
    5. flash:/startup.cfg exists, overwrite? [Y/N]:y
    6. Validating file. Please wait...
    7. Saved the current configuration to mainboard device successfully.

    3.3 配置出口路由器

    3.3.1 配置内网接口和公网接口IP

    # 配置内网接口IP地址。

    1. [Router] interface GigabitEthernet 0/1
    2. [Router-GigabitEthernet0/1] ip address 172.16.1.2 24
    3. [Router-GigabitEthernet0/1] quit
    4. [Router] interface GigabitEthernet 0/2
    5. [Router-GigabitEthernet0/2] ip address 172.16.2.2 24
    6. [Router-GigabitEthernet0/2] quit

    # 配置公网接口IP地址。

    1. [Router] interface GigabitEthernet 0/0
    2. [Router-GigabitEthernet0/0] ip address 202.101.100.2 30
    3. [Router-GigabitEthernet0/0] quit

    3.3.2 配置允许上网的ACL

    # 配置ACL。

    1. [Router] acl basic 2000
    2. [Router-acl-ipv4-basic-2000] rule permit source 192.168.10.0 0.0.0.255
    3. [Router-acl-ipv4-basic-2000] rule permit source 192.168.20.0 0.0.0.255
    4. [Router-acl-ipv4-basic-2000] rule permit source 172.16.1.0 0.0.0.255
    5. [Router-acl-ipv4-basic-2000] rule permit source 172.16.2.0 0.0.0.255
    6. [Router-acl-ipv4-basic-2000] rule permit source 172.16.3.0 0.0.0.255
    7. [Router-acl-ipv4-basic-2000] quit

    # 配置报文过滤。

    1. [Router] interface gigabitethernet 0/1
    2. [Router-GigabitEthernet0/1] packet-filter 2000 inbound
    3. [Router-GigabitEthernet0/1] quit
    4. [Router] interface gigabitethernet 0/2
    5. [Router-GigabitEthernet0/2] packet-filter 2000 inbound
    6. [Router-GigabitEthernet0/2] quit
    7. [Router] packet-filter default deny

    # 使用display acl命令查看ACL的配置信息。

    1. [Router] display acl 200
    2. Basic IPv4 ACL 2000, 5 rules,
    3. ACL's step is 5, start ID is 0
    4.  rule 0 permit source 192.168.10.0 0.0.0.255
    5.  rule 5 permit source 192.168.20.0 0.0.0.255
    6.  rule 10 permit source 172.16.1.0 0.0.0.255
    7.  rule 15 permit source 172.16.2.0 0.0.0.255
    8.  rule 20 permit source 172.16.3.0 0.0.0.255

    # 使用display packet-filter命令查看ACL在报文过滤中的应用情况。

    1. [Router] display packet-filter interface gigabitethernet 0/1 inbound
    2. Interface: GigabitEthernet0/1
    3.  Inbound policy:
    4.   IPv4 ACL 2000
    5.  
    6. [Router] display packet-filter interface gigabitethernet 0/2 inbound
    7. Interface: GigabitEthernet0/2
    8.  Inbound policy:
    9.   IPv4 ACL 2000

    3.3.3 配置OSPF

    配置一条缺省路由指向运营商。

    [Router] ip route-static 0.0.0.0 0.0.0.0 202.101.100.1

    出口路由器的OSPF配置。在OSPF中引入缺省路由,从而连接内网和公网。

    1. [Router] ospf 10 router-id 1.1.1.1
    2. [Router-ospf-10] default-route-advertise always
    3. [Router-ospf-10] area 0
    4. [Router-ospf-10-area-0.0.0.0] network 172.16.1.0 0.0.0.255
    5. [Router-ospf-10-area-0.0.0.0] network 172.16.2.0 0.0.0.255
    6. [Router-ospf-10-area-0.0.0.0] quit
    7. [Router-ospf-10] quit

    # 使用display ospf peer命令查看Router上的OSPF邻居信息。

    1. [Router] display ospf peer
    2.  
    3.          OSPF Process 100 with Router ID 1.1.1.1
    4.                Neighbor Brief Information
    5.  
    6.  Area: 0.0.0.0
    7.  Router ID       Address         Pri Dead-Time  State             Interface
    8.  2.2.2.2         172.16.1.1      1   31         Full/DR           GE0/1
    9.  3.3.3.3         172.16.2.1      1   39         Full/BDR          GE0/2

    # 使用display ospf routing命令查看CORESW1上的OSPF路由表信息。

    1. [CORESW1] display ospf routing
    2.  
    3.          OSPF Process 100 with Router ID 2.2.2.2
    4.                   Routing Table
    5.  
    6.                 Topology base (MTID 0)
    7.  
    8.  Routing for network
    9.  Destination        Cost     Type    NextHop         AdvRouter       Area
    10.  172.16.1.0/24      1        Transit 0.0.0.0         2.2.2.2         0.0.0.0
    11.  172.16.2.0/24      2        Transit 172.16.3.2      1.1.1.1         0.0.0.0
    12.  172.16.2.0/24      2        Transit 172.16.1.2      1.1.1.1         0.0.0.0
    13.  172.16.3.0/24      1        Transit 0.0.0.0         3.3.3.3         0.0.0.0
    14.  
    15.  
    16.  Routing for ASEs
    17.  Destination        Cost     Type    Tag         NextHop         AdvRouter
    18.  0.0.0.0/0          1        Type2   1           172.16.1.2      1.1.1.1
    19.  
    20.  
    21.  Total nets: 5
    22.  Intra area: 4  Inter area: 0  ASE: 1  NSSA: 0

    # 使用display ospf routing命令查看CORESW2上的OSPF路由表信息。

    1. [CORESW2] display ospf routing
    2.  
    3.          OSPF Process 100 with Router ID 3.3.3.3
    4.                   Routing Table
    5.  
    6.                 Topology base (MTID 0)
    7.  
    8.  
    9.  Routing for network
    10.  Destination        Cost     Type    NextHop         AdvRouter       Area
    11.  172.16.1.0/24      2        Transit 172.16.3.1      2.2.2.2         0.0.0.0
    12.  172.16.1.0/24      2        Transit 172.16.2.2      2.2.2.2         0.0.0.0
    13.  172.16.2.0/24      1        Transit 0.0.0.0         1.1.1.1         0.0.0.0
    14.  172.16.3.0/24      1        Transit 0.0.0.0         3.3.3.3         0.0.0.0
    15.  
    16.  
    17.  Routing for ASEs
    18.  Destination        Cost     Type    Tag         NextHop         AdvRouter
    19.  0.0.0.0/0          1        Type2   1           172.16.2.2      1.1.1.1
    20.  
    21.  
    22.  Total nets: 5
    23.  Intra area: 4  Inter area: 0  ASE: 1  NSSA: 0

     3.3.4 配置DNS解析

    1. [Router] dns server 202.101.100.199
    2. [Router] dns proxy enable

    3.3.5 配置基于IP或IP网段的限速

    # 配置CAR列表。

    1. [Router] qos carl 1 source-ip-address range 192.168.10.1 to 192.168.10.254 per-address shared-bandwidth
    2. [Router] qos carl 2 source-ip-address range 192.168.20.1 to 192.168.20.254 per-address shared-bandwidth
    3. [Router] qos carl 3 destination-ip-address range 192.168.10.1 to 192.168.10.254 per-address shared-bandwidth
    4. [Router] qos carl 4 destination-ip-address range 192.168.20.1 to 192.168.20.254 per-address shared-bandwidth

    # 配置限速。

    1. [Router] interface gigabitethernet 0/1
    2. [Router-GigabitEthernet0/1] qos car inbound carl 1 cir 512
    3. [Router-GigabitEthernet0/1] qos car inbound carl 2 cir 512
    4. [Router-GigabitEthernet0/1] qos car outbound carl 3 cir 512
    5. [Router-GigabitEthernet0/1] qos car outbound carl 4 cir 512
    6. [Router-GigabitEthernet0/1] quit
    7. [Router] interface gigabitethernet 0/2
    8. [Router-GigabitEthernet0/2] qos car inbound carl 1 cir 512
    9. [Router-GigabitEthernet0/2] qos car inbound carl 2 cir 512
    10. [Router-GigabitEthernet0/2] qos car outbound carl 3 cir 512
    11. [Router-GigabitEthernet0/2] qos car outbound carl 4 cir 512
    12. [Router-GigabitEthernet0/2] quit

    # 使用display qos carl命令查看CAR列表。

    1. [Router] display qos carl
    2. List  Rules
    3. 1     source-ip-address range 192.168.10.1 to 192.168.10.254 per-address shared-bandwidth
    4. 2     source-ip-address range 192.168.20.1 to 192.168.20.254 per-address shared-bandwidth
    5. 3     destination-ip-address range 192.168.10.1 to 192.168.10.254 per-address shared-bandwidth
    6. 4     destination-ip-address range 192.168.20.1 to 192.168.20.254 per-address shared-bandwidth

    # 使用display qos car interface命令查看接口的流量监管配置情况和统计信息。

    1. [Router] display qos car interface gigabitethernet 0/1
    2. Interface: GigabitEthernet0/1
    3.  Direction: inbound
    4.   Rule: If-match carl 1
    5.    CIR 512 (kbps), CBS 32000 (Bytes), EBS 0 (Bytes)
    6.    Green action  : pass
    7.    Yellow action : pass
    8.    Red action    : discard
    9.    Green packets : 0 (Packets), 0 (Bytes)
    10.    Yellow packets: 0 (Packets), 0 (Bytes)
    11.    Red packets   : 0 (Packets), 0 (Bytes)
    12.   Rule: If-match carl 2
    13.    CIR 512 (kbps), CBS 32000 (Bytes), EBS 0 (Bytes)
    14.    Green action  : pass
    15.    Yellow action : pass
    16.    Red action    : discard
    17.    Green packets : 0 (Packets), 0 (Bytes)
    18.    Yellow packets: 0 (Packets), 0 (Bytes)
    19.    Red packets   : 0 (Packets), 0 (Bytes)
    20.  Direction: outbound
    21.   Rule: If-match carl 3
    22.    CIR 512 (kbps), CBS 32000 (Bytes), EBS 0 (Bytes)
    23.    Green action  : pass
    24.    Yellow action : pass
    25.    Red action    : discard
    26.    Green packets : 0 (Packets), 0 (Bytes)
    27.    Yellow packets: 0 (Packets), 0 (Bytes)
    28.    Red packets   : 0 (Packets), 0 (Bytes)
    29.   Rule: If-match carl 4
    30.    CIR 512 (kbps), CBS 32000 (Bytes), EBS 0 (Bytes)
    31.    Green action  : pass
    32.    Yellow action : pass
    33.    Red action    : discard
    34.    Green packets : 0 (Packets), 0 (Bytes)
    35.    Yellow packets: 0 (Packets), 0 (Bytes)
    36.    Red packets   : 0 (Packets), 0 (Bytes)
    37.  
    38. [Router] display qos car interface gigabitethernet 0/2
    39. Interface: GigabitEthernet0/2
    40.  Direction: inbound
    41.   Rule: If-match carl 1
    42.    CIR 512 (kbps), CBS 32000 (Bytes), EBS 0 (Bytes)
    43.    Green action  : pass
    44.    Yellow action : pass
    45.    Red action    : discard
    46.    Green packets : 0 (Packets), 0 (Bytes)
    47.    Yellow packets: 0 (Packets), 0 (Bytes)
    48.    Red packets   : 0 (Packets), 0 (Bytes)
    49.   Rule: If-match carl 2
    50.    CIR 512 (kbps), CBS 32000 (Bytes), EBS 0 (Bytes)
    51.    Green action  : pass
    52.    Yellow action : pass
    53.    Red action    : discard
    54.    Green packets : 0 (Packets), 0 (Bytes)
    55.    Yellow packets: 0 (Packets), 0 (Bytes)
    56.    Red packets   : 0 (Packets), 0 (Bytes)
    57.  Direction: outbound
    58.   Rule: If-match carl 3
    59.    CIR 512 (kbps), CBS 32000 (Bytes), EBS 0 (Bytes)
    60.    Green action  : pass
    61.    Yellow action : pass
    62.    Red action    : discard
    63.    Green packets : 0 (Packets), 0 (Bytes)
    64.    Yellow packets: 0 (Packets), 0 (Bytes)
    65.    Red packets   : 0 (Packets), 0 (Bytes)
    66.   Rule: If-match carl 4
    67.    CIR 512 (kbps), CBS 32000 (Bytes), EBS 0 (Bytes)
    68.    Green action  : pass
    69.    Yellow action : pass
    70.    Red action    : discard
    71.    Green packets : 0 (Packets), 0 (Bytes)
    72.    Yellow packets: 0 (Packets), 0 (Bytes)
    73.    Red packets   : 0 (Packets), 0 (Bytes)

    3.3.6 保存配置

    # 保存出口路由器Router上的配置。

    1. [Router] save
    2. The current configuration will be written to the device. Are you sure? [Y/N]:y
    3. Please input the file name(*.cfg)[flash:/startup.cfg]
    4. (To leave the existing filename unchanged, press the enter key):
    5. flash:/startup.cfg exists, overwrite? [Y/N]:y
    6. Validating file. Please wait...
    7. Saved the current configuration to mainboard device successfully.

    3.4  验证配置

    3.4.1 同一个部门内部两台PC间可以ping通。

    # 以VLAN 10所在的业务部门为例,PC间是通过ACCSW1实现二层互通的。如果用户间互ping测试正常,则说明二层互通正常。

    1.  ping 192.168.10.83
    2. Ping 192.168.10.83 (192.168.10.83): 56 data bytes, press CTRL+C to break
    3. 56 bytes from 192.168.10.83: icmp_seq=0 ttl=255 time=1.328 ms
    4. 56 bytes from 192.168.10.83: icmp_seq=1 ttl=255 time=0.808 ms
    5. 56 bytes from 192.168.10.83: icmp_seq=2 ttl=255 time=0.832 ms
    6. 56 bytes from 192.168.10.83: icmp_seq=3 ttl=255 time=0.904 ms
    7. 56 bytes from 192.168.10.83: icmp_seq=4 ttl=255 time=0.787 ms
    8.  
    9.  
    10. --- Ping statistics for 192.168.10.83 ---
    11. 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
    12. round-trip min/avg/max/std-dev = 0.787/0.932/1.328/0.202 ms

    3.4.2 两个不同部门内的PC可以ping通。

    # 部门间的通信是通过CORESW1或CORESW2实现的。如果用户之间互ping测试正常,则说明两个部门之间通过VLAN接口实现三层互通正常。

    1.  ping 192.168.20.5
    2. Ping 192.168.20.5 (192.168.20.5): 56 data bytes, press CTRL+C to break
    3. 56 bytes from 192.168.20.5: icmp_seq=0 ttl=255 time=69.146 ms
    4. 56 bytes from 192.168.20.5: icmp_seq=1 ttl=255 time=1.735 ms
    5. 56 bytes from 192.168.20.5: icmp_seq=2 ttl=255 time=1.356 ms
    6. 56 bytes from 192.168.20.5: icmp_seq=3 ttl=255 time=1.302 ms
    7. 56 bytes from 192.168.20.5: icmp_seq=4 ttl=255 time=1.379 ms
    8.  
    9.  
    10. --- Ping statistics for 192.168.20.5 ---
    11. 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
    12. round-trip min/avg/max/std-dev = 1.302/14.984/69.146/27.082 ms

    3.4.3 每个部门各选一台PC可以ping通外网。

    # 以VLAN 10所在的业务部门为例,通过在PC1上ping公网网关地址(即与出口路由器对接的运营商设备的IP地址)来验证是否可以访问外网,如果ping测试正常,则说明内网用户访问外网正常。测试方法与步骤1类似。

    3.5 配置文件

    3.5.1 接入交换机ACCSW1

    1. #
    2.  sysname ACCSW1
    3. #
    4.  telnet server enable
    5. #
    6.  dhcp snooping enable
    7. #
    8. vlan 5
    9. #
    10. vlan 10
    11. #
    12. vlan 20
    13. #
    14.  stp bpdu-protection
    15. #
    16. interface Vlan-interface5
    17.  ip address 10.10.1.1 255.255.255.0
    18. #
    19. interface GigabitEthernet1/0/1
    20.  port link-mode bridge
    21.  port access vlan 10
    22.  stp edged-port
    23.  ip verify source ip-address mac-address
    24.  dhcp snooping binding record
    25. #
    26. interface GigabitEthernet1/0/2
    27.  port link-mode bridge
    28.  port access vlan 20
    29.  stp edged-port
    30.  ip verify source ip-address mac-address
    31.  dhcp snooping binding record
    32. #
    33. interface GigabitEthernet1/0/3
    34.  port link-mode bridge
    35.  port link-type trunk
    36.  port trunk permit vlan 10 20
    37.  dhcp snooping trust
    38. #
    39. interface GigabitEthernet1/0/4
    40.  port link-mode bridge
    41.  port link-type trunk
    42.  port trunk permit vlan 10 20
    43. #
    44. interface Ten-GigabitEthernet1/0/10
    45.  port link-mode bridge
    46.  port access vlan 5
    47. #
    48. line vty 0 63
    49.  authentication-mode scheme
    50. #
    51. local-user admin class manage
    52.  password hash $h$6$ZJSf20ub4uEzjy2F$cXW3O3Jt5Ci21ECze7w2MdRpLebMaE4vXBo59frUrIZs+Knxw76oNBu+HiB0zqkTfrnw1Phe0rSRa5d+OSIIbg==
    53.  service-type telnet
    54.  authorization-attribute user-role network-admin
    55.  authorization-attribute user-role network-operator

    # 接入交换机ACCSW2、ACCSW3、ACCSW4:

    接入交换机ACCSW2、ACCSW3、ACCSW4除了VLAN ID、管理VLAN接口IP地址、接口编号与ACCSW1不同外,其他配置与ACCSW1相同,配置文件略。

    3.5.2 核心交换机CORESW1

    1. #
    2.  sysname CORESW1
    3. #
    4. track 1 interface GigabitEthernet1/0/7
    5. #
    6. ospf 100 router-id 3.3.3.3
    7.  area 0.0.0.0
    8.   network 172.16.1.0 0.0.0.255
    9.   network 172.16.3.0 0.0.0.255
    10.   network 192.168.10.0 0.0.0.255
    11.   network 192.168.20.0 0.0.0.255
    12. #
    13.  dhcp enable
    14. #
    15. vlan 10
    16. #
    17. vlan 20
    18. #
    19. vlan 30
    20. #
    21. vlan 40
    22. #
    23. vlan 50
    24. #
    25. vlan 100
    26. #
    27. vlan 300
    28. #
    29. ftth
    30. #
    31. dhcp server ip-pool 1
    32.  gateway-list 192.168.10.1
    33.  network 192.168.10.0 mask 255.255.255.0
    34.  dns-list 202.101.100.199
    35.  expired day 30
    36.  static-bind ip-address 192.168.10.254 mask 255.255.255.0 client-identifier aabb-cccc-dd
    37. #
    38. dhcp server ip-pool 2
    39.  gateway-list 192.168.20.1
    40.  network 192.168.20.0 mask 255.255.255.0
    41.  dns-list 202.101.100.199
    42.  expired day 30
    43. #
    44. interface Vlan-interface10
    45.  ip address 192.168.10.1 255.255.255.0
    46. #
    47. interface Vlan-interface20
    48.  ip address 192.168.20.1 255.255.255.0
    49. #
    50. interface Vlan-interface100
    51.  ip address 172.16.1.1 255.255.255.0
    52. #
    53. interface Vlan-interface30
    54.  ip address 172.16.3.1 255.255.255.0
    55.  vrrp vrid 1 virtual-ip 172.16.3.10
    56.  vrrp vrid 1 priority 120
    57.  vrrp vrid 1 preempt-mode delay 5000
    58.  vrrp vrid 1 track 1 priority reduced 30
    59. #
    60. interface GigabitEthernet1/0/1
    61.  port link-mode bridge
    62.  port link-type trunk
    63.  port trunk permit vlan 10
    64. #
    65. interface GigabitEthernet1/0/2
    66.  port link-mode bridge
    67.  port link-type trunk
    68.  port trunk permit vlan 20
    69. #
    70. interface GigabitEthernet1/0/5
    71.  port link-mode bridge
    72.  port link-type trunk
    73.  port trunk permit vlan 300
    74. #

    核心交换机CORESW2:

    核心交换机CORESW2除了VLAN ID、接口编号、OSPF的router-id、VRRP备份组1的优先级与CORESW1不同外,其他配置与CORESW1相同,配置文件略。

    3.5.3 出口路由器Router

    1. #
    2.  sysname Router
    3. #
    4.  packet-filter default deny
    5. #
    6.  qos carl 1 source-ip-address range 192.168.10.1 to 192.168.10.254 per-address shared-bandwidth
    7.  qos carl 2 source-ip-address range 192.168.20.1 to 192.168.20.254 per-address shared-bandwidth
    8.  qos carl 3 destination-ip-address range 192.168.10.1 to 192.168.10.254 per-address shared-bandwidth
    9.  qos carl 4 destination-ip-address range 192.168.20.1 to 192.168.20.254 per-address shared-bandwidth
    10. #
    11. ospf 10 router-id 1.1.1.1
    12.  default-route-advertise always
    13.  area 0.0.0.0
    14.   network 172.16.1.0 0.0.0.255
    15.   network 172.16.2.0 0.0.0.255
    16. #
    17.  dns proxy enable
    18.  dns server 202.101.100.199
    19. #
    20. interface GigabitEthernet0/1
    21.  port link-mode route
    22.  ip address 172.16.1.2 255.255.255.0
    23.  packet-filter 2000 inbound
    24.  qos car inbound carl 1 cir 512 cbs 32000 ebs 0 green pass red discard yellow pass
    25.  qos car inbound carl 2 cir 512 cbs 32000 ebs 0 green pass red discard yellow pass
    26.  qos car outbound carl 3 cir 512 cbs 32000 ebs 0 green pass red discard yellow pass
    27.  qos car outbound carl 4 cir 512 cbs 32000 ebs 0 green pass red discard yellow pass
    28. #
    29. interface GigabitEthernet0/2
    30.  port link-mode route
    31.  ip address 172.16.2.2 255.255.255.0
    32.  packet-filter 2000 inbound
    33.  qos car inbound carl 1 cir 512 cbs 32000 ebs 0 green pass red discard yellow pass
    34.  qos car inbound carl 2 cir 512 cbs 32000 ebs 0 green pass red discard yellow pass
    35.  qos car outbound carl 3 cir 512 cbs 32000 ebs 0 green pass red discard yellow pass
    36.  qos car outbound carl 4 cir 512 cbs 32000 ebs 0 green pass red discard yellow pass
    37. #
    38. interface GigabitEthernet0/0
    39.  port link-mode route
    40.  ip address 202.101.100.2 255.255.255.252
    41. #
    42.  ip route-static 0.0.0.0 0 202.101.100.1
    43. #
    44. acl basic 2000
    45.  rule 0 permit source 192.168.10.0 0.0.0.255
    46.  rule 5 permit source 192.168.20.0 0.0.0.255
    47.  rule 10 permit source 172.16.1.0 0.0.0.255
    48.  rule 15 permit source 172.16.2.0 0.0.0.255
    49.  rule 20 permit source 172.16.3.0 0.0.0.255
    50. #

  • 相关阅读:
    如何模拟自然界生态系统中的食物链
    Hadoop2.8 安装心得
    【JAVA案例】判断电话号码运营商
    Java基础38 面向对象三大特征之多态
    【测试联调】如何在前后端测试联调时优雅的构造异常场景
    networkx使用draw画图报错:TypeError: ‘_AxesStack‘ object is not callable
    OpenGL_Learn15(投光物)
    MATLAB命令
    提桶跑路前一天——整理组件
    Java项目:SSH企业人力资源管理系统
  • 原文地址:https://blog.csdn.net/weixin_49001495/article/details/139950854