# sysname SW1Yjh37 vlan batch 10 20 interface Ethernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 to 4094 interface Ethernet0/0/2 port link-type trunk port trunk allow-pass vlan 2 to 4094 interface Ethernet0/0/3 port link-type access port default vlan 10 interface Ethernet0/0/4 port link-type access port default vlan 20 stp region-configuration region-name yjh instance 1 vlan 10 instance 2 vlan 20 active region-configuration # # sysname SW2Yjh37 vlan batch 10 20 100 stp instance 1 root primary stp instance 2 root secondary stp region-configuration region-name yjh instance 1 vlan 10 instance 2 vlan 20 active region-configuration interface Vlanif10 ip address 192.168.10.254 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.10.1 vrrp vrid 1 priority 200 vrrp vrid 1 track interface GigabitEthernet0/0/3 reduced 150 interface Vlanif20 ip address 192.168.20.254 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.20.1 vrrp vrid 2 priority 150 interface Vlanif100 ip address 192.168.37.9 255.255.255.252 interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 to 4094 interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 2 to 4094 interface GigabitEthernet0/0/3 port link-type access port default vlan 100 ospf 1 router-id 2.2.2.2 silent-interface Vlanif10 silent-interface Vlanif20 area 0.0.0.0 network 192.168.37.9 0.0.0.0 network 192.168.10.0 0.0.0.255 network 192.168.20.0 0.0.0.255 # # sysname SW3Yjh37 vlan batch 10 20 200 stp instance 1 root secondary stp instance 2 root primary stp region-configuration region-name yjh instance 1 vlan 10 instance 2 vlan 20 active region-configuration interface Vlanif10 ip address 192.168.10.253 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.10.1 vrrp vrid 1 priority 150 interface Vlanif20 ip address 192.168.20.253 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.20.1 vrrp vrid 2 priority 200 vrrp vrid 2 track interface GigabitEthernet0/0/3 reduced 150 interface Vlanif200 ip address 192.168.37.13 255.255.255.252 interface MEth0/0/1 interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 to 4094 interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 2 to 4094 interface GigabitEthernet0/0/3 port link-type access port default vlan 200 ospf 1 router-id 3.3.3.3 silent-interface Vlanif10 silent-interface Vlanif20 area 0.0.0.0 network 192.168.37.13 0.0.0.0 area 0.0.0.20 network 192.168.10.0 0.0.0.255 network 192.168.20.0 0.0.0.255 # # sysname R1Yjh37 interface GigabitEthernet0/0/0 ip address 192.168.37.10 255.255.255.252 interface GigabitEthernet0/0/1 ip address 192.168.37.21 255.255.255.252 interface GigabitEthernet0/0/2 ip address 192.168.37.14 255.255.255.252 ospf 1 router-id 1.1.1.1 area 0.0.0.0 network 192.168.37.10 0.0.0.0 network 192.168.37.14 0.0.0.0 network 192.168.37.21 0.0.0.0 # #FW sysname Yjh37_FW interface GigabitEthernet0/0/1 ip address 37.0.0.1 255.255.255.0 nat enable interface GigabitEthernet0/0/2 ip address 37.37.0.1 255.255.255.0 nat enable interface GigabitEthernet0/0/3 ip address 192.168.37.22 255.255.255.252 interface GigabitEthernet0/0/4 ip address 192.168.30.254 255.255.255.0 firewall zone trust set priority 85 add interface GigabitEthernet0/0/0 add interface GigabitEthernet0/0/3 firewall zone untrust set priority 5 add interface GigabitEthernet0/0/1 add interface GigabitEthernet0/0/2 firewall zone dmz set priority 50 add interface GigabitEthernet0/0/4 ospf 1 router-id 1.1.1.2 import-route static area 0.0.0.0 network 192.168.37.22 0.0.0.0 network 192.168.30.0 0.0.0.255 ip route-static 8.8.8.0 255.255.255.0 37.0.0.2 ip route-static 9.9.9.0 255.255.255.0 37.37.0.2 nat address-group 1 37.0.0.10 37.0.0.20 nat address-group 2 37.37.0.10 37.37.0.20 nat server 0 global 37.0.0.8 inside 192.168.30.1 no-reverse nat server 1 global 37.37.0.8 inside 192.168.30.1 no-reverse firewall packet-filter default permit interzone trust untrust direction outbound y firewall packet-filter default permit interzone dmz untrust direction inbound y firewall packet-filter default permit interzone trust dmz direction outbound y policy interzone dmz untrust inbound policy 1 action permit policy destination 192.168.30.0 0.0.0.255 policy interzone trust untrust outbound policy 1 action permit policy destination 192.168.0.0 0.0.255.255 nat-policy interzone trust untrust outbound policy 1 action source-nat policy source 192.168.0.0 0.0.255.255 address-group 1 policy 2 action source-nat policy source 192.168.0.0 0.0.255.255 address-group 2 # #AR2 interface GigabitEthernet0/0/0 ip address 37.0.0.2 255.255.255.0 interface GigabitEthernet0/0/1 ip address 8.8.8.1 255.255.255.0 # #AR3 interface GigabitEthernet0/0/0 ip address 37.37.0.2 255.255.255.0 interface GigabitEthernet0/0/1 ip address 9.9.9.1 255.255.255.0 #