H3C交换机VRRP协议DHCP配置

| |

拓扑图如下:
拓扑

主上面配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
core_A
 version 7.1.045, Release 1109
 sysname CORE_A
 telnet server enable
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
 irf member 1 priority 1
 dhcp enable
 dhcp server forbidden-ip 172.24.10.1
 dhcp server forbidden-ip 172.24.10.2
 dhcp server forbidden-ip 172.24.10.3
 dhcp server forbidden-ip 172.24.10.4
 dhcp server forbidden-ip 172.24.10.5
 dhcp server forbidden-ip 172.24.10.6
 dhcp server forbidden-ip 172.24.10.7
 dhcp server forbidden-ip 172.24.10.8
 dhcp server forbidden-ip 172.24.10.9
 dhcp server forbidden-ip 172.24.10.10
 dhcp server forbidden-ip 172.24.10.254
 dhcp server forbidden-ip 172.24.10.253
 dhcp server forbidden-ip 172.24.20.1
 dhcp server forbidden-ip 172.24.20.2
 dhcp server forbidden-ip 172.24.20.3
 dhcp server forbidden-ip 172.24.20.4
 dhcp server forbidden-ip 172.24.20.5
 dhcp server forbidden-ip 172.24.20.6
 dhcp server forbidden-ip 172.24.20.7
 dhcp server forbidden-ip 172.24.20.8
 dhcp server forbidden-ip 172.24.20.9
 dhcp server forbidden-ip 172.24.20.10
 dhcp server forbidden-ip 172.24.20.253
 dhcp server forbidden-ip 172.24.20.254
 dhcp server forbidden-ip 172.24.30.254 
 dhcp server forbidden-ip 172.24.30.253
 dhcp server forbidden-ip 172.24.30.1
#
 lldp global enable
#
 password-recovery enable
#
vlan 1
#
vlan 10        
#              
vlan 20        
#              
vlan 30        
#              
vlan 40        
#              
 stp global enable
#              
dhcp server ip-pool vlan10
 gateway-list 172.24.10.150
 network 172.24.10.0 mask 255.255.255.0
 dns-list 114.114.114.114 202.98.96.68
#              
dhcp server ip-pool vlan20
 gateway-list 172.24.20.1
 network 172.24.20.0 mask 255.255.255.0
 dns-list 114.114.114.114 202.98.96.68
#              
dhcp server ip-pool vlan30
 gateway-list 172.24.30.1
 network 172.24.30.0 mask 255.255.255.0
 dns-list 114.114.114.114 202.98.96.68
#              
interface NULL0
#              
interface Vlan-interface1
 ip address 192.168.2.1 255.255.255.0
#              
interface Vlan-interface10
 ip address 172.24.10.253 255.255.255.0
 vrrp vrid 10 virtual-ip 172.24.10.150
 vrrp vrid 10 priority 110
 vrrp vrid 10 preempt-mode delay 3
 vrrp vrid 10 track 1 priority reduced 30
#              
interface Vlan-interface20
 ip address 172.24.20.253 255.255.255.0
 vrrp vrid 20 virtual-ip 172.24.20.1
 vrrp vrid 20 priority 110
 vrrp vrid 20 preempt-mode delay 3
 vrrp vrid 20 track 1 priority reduced 30
#              
interface Vlan-interface30
 ip address 172.24.30.253 255.255.255.0
 vrrp vrid 30 virtual-ip 172.24.30.1
 vrrp vrid 30 priority 110
 vrrp vrid 30 preempt-mode delay 3
 vrrp vrid 30 track 1 priority reduced 30
#              
interface Vlan-interface40
 ip address 172.24.240.2 255.255.255.248
#              
interface FortyGigE1/0/29
 port link-mode bridge
 port access vlan 10
#              
interface FortyGigE1/0/30
 port link-mode bridge
#              
interface GigabitEthernet1/0/1
 port link-mode bridge
#              
interface GigabitEthernet1/0/2
 port link-mode bridge
 port access vlan 10
#              
interface GigabitEthernet1/0/3
 port link-mode bridge
 port access vlan 10
#              
interface GigabitEthernet1/0/4
 port link-mode bridge
 port access vlan 10
#              
interface GigabitEthernet1/0/5
 port link-mode bridge
 port access vlan 20
#              
interface GigabitEthernet1/0/6
 port link-mode bridge
 port access vlan 20
#              
interface GigabitEthernet1/0/7
 port link-mode bridge
 port access vlan 20
#              
interface GigabitEthernet1/0/8
 port link-mode bridge
 port access vlan 20
#              
interface GigabitEthernet1/0/9
 port link-mode bridge
 port access vlan 30
#              
interface GigabitEthernet1/0/10
 port link-mode bridge
#              
interface GigabitEthernet1/0/11
 port link-mode bridge
#              
interface GigabitEthernet1/0/12
 port link-mode bridge
#              
interface GigabitEthernet1/0/13
 port link-mode bridge
#              
interface GigabitEthernet1/0/14
 port link-mode bridge
#              
interface GigabitEthernet1/0/15
 port link-mode bridge
#              
interface GigabitEthernet1/0/16
 port link-mode bridge
#              
interface GigabitEthernet1/0/17
 port link-mode bridge
#              
interface GigabitEthernet1/0/18
 port link-mode bridge
#              
interface GigabitEthernet1/0/19
 port link-mode bridge
#              
interface GigabitEthernet1/0/20
 port link-mode bridge
#              
interface GigabitEthernet1/0/21
 port link-mode bridge
 port access vlan 40
#              
interface GigabitEthernet1/0/22
 port link-mode bridge
#              
interface GigabitEthernet1/0/23

#              
interface GigabitEthernet1/0/24
 port link-mode bridge
#              
#              
interface M-GigabitEthernet0/0/1
#              
interface Ten-GigabitEthernet1/0/25
 port link-mode bridge
#              
interface Ten-GigabitEthernet1/0/26
 port link-mode bridge
#              
interface Ten-GigabitEthernet1/0/27
 port link-mode bridge
#              
interface Ten-GigabitEthernet1/0/28
 port link-mode bridge
 port access vlan 10
#              
 scheduler logfile size 16
#              
line class aux 
 user-role network-admin
#              
line class vty 
 authentication-mode scheme
 user-role level-15
#              
line aux 0     
 user-role network-admin
#              
line vty 0 4   
 authentication-mode scheme
 user-role level-15
 set authentication password hash $h$6$3wcV8HANe1daJFUi$M0KSjoASNgaLuNgfLOUTFYI7K0Y1T2KxZGrFMgjU4C/+BsBVkagZb/3ysldrH5BPNCV240SGbUYTLyo7P7JARw==
#              
line vty 5 63  
 user-role network-operator
#              
 ip route-static 0.0.0.0 0 172.24.240.1
#              
 undo info-center enable
#              
radius scheme system
 user-name-format without-domain
#              
domain system  
#              
 domain default enable system
#              
user-group system
#              
local-user admin class manage
 password hash $h$6$ZrAZEgNq74pcvgfQ$VCjiiAWqOQUqgLuxNB0wRHW/Unv5/V6m4HAAmCJwPiTZK7TG4RVYrEpY8xTj2fP7Ei3w1kq9GtWEZfg7FXXXRw==
 service-type telnet ssh http
 authorization-attribute user-role level-15
#              
 ip http enable
#              
 track 1 interface GigabitEthernet1/0/21

备配置 如下
#

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
 sysname CORE_B
#
 telnet server enable
#
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
 irf member 1 priority 1
#
 dhcp enable
 dhcp enable
 dhcp server forbidden-ip 172.24.10.1
 dhcp server forbidden-ip 172.24.10.2
 dhcp server forbidden-ip 172.24.10.3
 dhcp server forbidden-ip 172.24.10.4
 dhcp server forbidden-ip 172.24.10.5
 dhcp server forbidden-ip 172.24.10.6
 dhcp server forbidden-ip 172.24.10.7
 dhcp server forbidden-ip 172.24.10.8
 dhcp server forbidden-ip 172.24.10.9
 dhcp server forbidden-ip 172.24.10.10
 dhcp server forbidden-ip 172.24.10.254
 dhcp server forbidden-ip 172.24.10.253
 dhcp server forbidden-ip 172.24.20.1
 dhcp server forbidden-ip 172.24.20.2
 dhcp server forbidden-ip 172.24.20.3
 dhcp server forbidden-ip 172.24.20.4
 dhcp server forbidden-ip 172.24.20.5
 dhcp server forbidden-ip 172.24.20.6
 dhcp server forbidden-ip 172.24.20.7
 dhcp server forbidden-ip 172.24.20.8
 dhcp server forbidden-ip 172.24.20.9
 dhcp server forbidden-ip 172.24.20.10
 dhcp server forbidden-ip 172.24.20.253
 dhcp server forbidden-ip 172.24.20.254
 dhcp server forbidden-ip 172.24.30.254 
 dhcp server forbidden-ip 172.24.30.253
 dhcp server forbidden-ip 172.24.30.1
#
 lldp global enable
#
 password-recovery enable
#
vlan 1
#              
vlan 10        
#              
vlan 20        
#              
vlan 30        
#              
vlan 40        
#              
 stp global enable
#              
dhcp server ip-pool vlan10
 gateway-list 172.24.10.150
 network 172.24.10.0 mask 255.255.255.0
 dns-list 114.114.114.114 202.98.96.68
#              
dhcp server ip-pool vlan20
 gateway-list 172.24.20.1
 network 172.24.20.0 mask 255.255.255.0
 dns-list 114.114.114.114 202.98.96.68
#              
dhcp server ip-pool vlan30
 gateway-list 172.24.30.1
 network 172.24.30.0 mask 255.255.255.0
 dns-list 114.114.114.114 202.98.96.68
#              
interface NULL0
#              
interface Vlan-interface1
 ip address 192.168.1.1 255.255.255.0
#              
interface Vlan-interface10
 ip address 172.24.10.254 255.255.255.0
 vrrp vrid 10 virtual-ip 172.24.10.150
#              
interface Vlan-interface20
 ip address 172.24.20.254 255.255.255.0
 vrrp vrid 20 virtual-ip 172.24.20.1
#              
interface Vlan-interface30
 ip address 172.24.30.254 255.255.255.0
 vrrp vrid 30 virtual-ip 172.24.30.1
#              
interface Vlan-interface40
 ip address 172.24.230.2 255.255.255.248
#              
interface FortyGigE1/0/29
 port link-mode bridge
#              
interface FortyGigE1/0/30
 port link-mode bridge
#              
interface GigabitEthernet1/0/1
 port link-mode bridge
#              
interface GigabitEthernet1/0/2
 port link-mode bridge
 port access vlan 10
#              
interface GigabitEthernet1/0/3
 port link-mode bridge
 port access vlan 10
#              
interface GigabitEthernet1/0/4
 port link-mode bridge
 port access vlan 10
#              
interface GigabitEthernet1/0/5
 port link-mode bridge
 port access vlan 10
#              
interface GigabitEthernet1/0/6
 port link-mode bridge
 port access vlan 20
#              
interface GigabitEthernet1/0/7
 port link-mode bridge
 port access vlan 20
#              
interface GigabitEthernet1/0/8
 port link-mode bridge
 port access vlan 20
#              
interface GigabitEthernet1/0/9
 port link-mode bridge
 port access vlan 30
#              
interface GigabitEthernet1/0/10
 port link-mode bridge
#              
interface GigabitEthernet1/0/11
 port link-mode bridge
#              
interface GigabitEthernet1/0/12
 port link-mode bridge
#              
interface GigabitEthernet1/0/13
 port link-mode bridge
#              
interface GigabitEthernet1/0/14
 port link-mode bridge
#              
interface GigabitEthernet1/0/15
 port link-mode bridge
#              
interface GigabitEthernet1/0/16
 port link-mode bridge
#              
interface GigabitEthernet1/0/17
 port link-mode bridge
#              
interface GigabitEthernet1/0/18
 port link-mode bridge
#              
interface GigabitEthernet1/0/19
 port link-mode bridge
#              
interface GigabitEthernet1/0/20
 port link-mode bridge
#              
interface GigabitEthernet1/0/21
 port link-mode bridge
 port access vlan 40
#              
interface GigabitEthernet1/0/22
 port link-mode bridge
#              
interface GigabitEthernet1/0/23
 port link-mode bridge
#              
interface GigabitEthernet1/0/24
 port link-mode bridge
#              
interface M-GigabitEthernet0/0/0
#              
interface M-GigabitEthernet0/0/1
#              
interface Ten-GigabitEthernet1/0/25
 port link-mode bridge
#              
interface Ten-GigabitEthernet1/0/26
 port link-mode bridge
#              
interface Ten-GigabitEthernet1/0/27
 port link-mode bridge
#              
interface Ten-GigabitEthernet1/0/28
 port link-mode bridge
 port access vlan 10
#              
 scheduler logfile size 16
#              
line class aux 
 user-role network-admin
 set authentication password hash $h$6$t0Qh841z+DIlDxZ8$Nm/e98Knk0wXliib2CX2PxFA4OhFWbon9vi7pRgWkz31aUX5nPlcyE48/ZQHluIabJpt+qZAXsu4XZzhxWV03w==
#              
line class vty 
 user-role level-3
 user-role network-operator
#              
line aux 0     
 user-role network-admin
#              
line vty 0 4   
 authentication-mode scheme
 user-role level-15
#              
line vty 5 63  
 user-role network-operator
#              
 ip route-static 0.0.0.0 0 172.24.230.1
#              
 undo info-center enable
#              
radius scheme system
 user-name-format without-domain
#              
domain system  
#              
 domain default enable system
#              
role name level-0
 description Predefined level-0 role
#              
role name level-1
 description Predefined level-1 role
#              
role name level-2
 description Predefined level-2 role
#              
role name level-3
 description Predefined level-3 role
#              
role name level-4
 description Predefined level-4 role
#              
role name level-5
 description Predefined level-5 role
#              
role name level-6
 description Predefined level-6 role
#              
role name level-7
 description Predefined level-7 role
#              
role name level-8
 description Predefined level-8 role
#              
role name level-9
 description Predefined level-9 role
#              
role name level-10
 description Predefined level-10 role
#              
role name level-11
 description Predefined level-11 role
#              
role name level-12
 description Predefined level-12 role
#              
role name level-13
 description Predefined level-13 role
#              
role name level-14
 description Predefined level-14 role
#              
user-group system
#              
local-user admin class manage
 password hash $h$6$Yw07WO9EznTreQlL$9p/wFnZU6wy48V9rw9qcSlKo/89nQmoLqAchO31sDiUhWiHGUUTSavOOFUscE6t8hYxmyHKsu9aaBTcdmEvRPQ==
 service-type telnet http
 authorization-attribute user-role level-15
#              
 ip http enable