基于eNSP加防火墙的千人中型校园/企业网络规划与设计(一步一步走)
2024-04-09 05:23:15
作者:BSXY_19计科_陈永跃 BSXY_信息学院_名片v位于结尾处 注:未经允许禁止转发任何内容
基于eNSP加防火墙的千人中型校园/企业网络规划与设计
- 前言及资源下载说明( **未经允许禁止转发任何内容** )
- 一、设计topo图与设计要求(15个要求)
- 二、相应地址规划表
- 三、改造前topo无防火墙(插曲:可看可不看)
- 四、配置步骤与过程(一步一步顺着走)
- 1、VLAN Trunk配置
- 2、VLAN底层配置
- 3、MSTP配置
- 4、VRRP网关冗余
- 5、验证VRRP网关冗余
- 6、测试PC通网关
- 7、vrrp接口故障追踪
- 8、DHCP中继
- 9、核心层路由器地址配置
- 10、防火墙基本配置
- 11、OSPF配置
- 12、BFD链路故障检测
- 13、防火墙策略配置
- 14、外网路由器基本配置
- 15、静态路由配置
- 16、Server地址映射
- 17、Snooping配置
- 18、Telnet远程配置
- 19、ACL策略
- 20、无线WLAN配置
- 五、名片所在地
前言及资源下载说明( 未经允许禁止转发任何内容 )
有什么问题可以在评论区说明自己遇到的情况,博主看到会第一时间回复,希望其他人也可以回复别人的问题,。
可根据以下所提供的设计与实现步骤过程一步一步自行实现(每一条命令都是关键的命令);但是如果有需要的也可以根据以下地址进行下载完整的topo图和完整的配置进行参考与借鉴,如若拿到topo图可多display查看配置,查看相应的命令,配套资源连接如下:
基于eNSP防火墙千人中型校园(企业)网络规划与设计-ensp综合实验topo图(有线+无线).rar + 所有配置命令(order.txt)+测试文档1400字和测试截图
模拟器中的防火墙用户名:admin 密码:admin@123
一、设计topo图与设计要求(15个要求)
拓扑图1:
拓扑图2:
设计要求:
01、完成服务器、防火墙、路由器等接口地址的配置
02、配置Eth-Trunk 链路捆绑实现链路冗余
03、企业内部划分多个vlan,减小广播域大小,提高网络的可靠性
04、配置MSTP+VRRP实现流量负载分担,同时实现冗余,并配置相应的stp优化技术stp收敛,减少stp震荡
05、所有用户均为自动获取IP地址
06、配置相应的DHCP snooping隔绝非法DHCP server
07、配置OSPF和静态路由实现三层路由互通
08、防火墙配置安全策略,放行内网区域到dmz区的流量
09、防火墙配置NAT策略和安全策略,使得用户可以访问外网百度
10、防火墙配置服务器映射和安全策略,允许外网用户Client通过公网地址100.100.100.100访问web服务器
11、防火墙配置相应策略,允许外网用户Client通过公网http://100.100.100.100访问登录web服务器
12、用户能够通过域名(www.baidu.com)访问外网百度
13、内部财务服务器只允许vlan 50用户访问
14、LSW1-LSW12交换机都能被telnet(huawei 5555)
15、无线WLAN配置,且业务vlan 101 102也可以通过域名(www.baidu.com)访问外网百度 无线内网互通,无线与有线内部互通
二、相应地址规划表
三、改造前topo无防火墙(插曲:可看可不看)
插曲部分:改造前的冗余型的网络设计,改造前基于eNSP的千人规模 冗余型 中型校园/企业网络设计与规划 如下图所示(但是并不在该篇文章中做详细介绍和说明,如查看可点击连接自行查看阅读):
四、配置步骤与过程(一步一步顺着走)
1、VLAN Trunk配置
HX_SW1:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname HX_SW1
[HX_SW1]int Eth-Trunk 1
[HX_SW1-Eth-Trunk1]mode lacp-static
[HX_SW1-Eth-Trunk1]trunkport g0/0/7
[HX_SW1-Eth-Trunk1]trunkport g0/0/8
[HX_SW1-Eth-Trunk1]q
------------------------------------ HX_SW2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname HX_SW2
[HX_SW2]int Eth-Trunk 1
[HX_SW2-Eth-Trunk1]mode lacp-static
[HX_SW2-Eth-Trunk1]trunkport g0/0/7
[HX_SW2-Eth-Trunk1]trunkport g0/0/8
[HX_SW2-Eth-Trunk1]q
------------------------------------HJ_SW4:
<Huawei>sy
[Huawei]sysname HJ_SW4
[HJ_SW4]int Eth-Trunk 2
[HJ_SW4-Eth-Trunk2]mode lacp-static
[HJ_SW4-Eth-Trunk2]trunkport g0/0/4
[HJ_SW4-Eth-Trunk2]trunkport g0/0/5
[HJ_SW4-Eth-Trunk2]q
------------------------------------JR_SW9:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname JR_SW9
[JR_SW9]int Eth-Trunk 2
[JR_SW9-Eth-Trunk2]mode lacp-static
[JR_SW9-Eth-Trunk2]trunkport g0/0/4
[JR_SW9-Eth-Trunk2]trunkport g0/0/5
[JR_SW9-Eth-Trunk2]dis eth-trunk//查看eth-trunk的配置
2、VLAN底层配置
JR_SW6:
<Huawei>SY
[Huawei]un in en
[Huawei]sysname JR_SW6
[JR_SW6]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW6]int g0/0/1
[JR_SW6-GigabitEthernet0/0/1]port link-type trunk
[JR_SW6-GigabitEthernet0/0/1]port trunk allow-pass vlan 20 30 900
[JR_SW6-GigabitEthernet0/0/1]int g0/0/2
[JR_SW6-GigabitEthernet0/0/2]port link-type access
[JR_SW6-GigabitEthernet0/0/2]port default vlan 20
[JR_SW6-GigabitEthernet0/0/2]int g0/0/3
[JR_SW6-GigabitEthernet0/0/3]port link-type access
[JR_SW6-GigabitEthernet0/0/3]port default vlan 30
[JR_SW6-GigabitEthernet0/0/3]
------------------------------------JR_SW7:
<Huawei>SYS
[Huawei]un in en
[Huawei]sysname JR_SW7
[JR_SW7]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW7]int g0/0/1
[JR_SW7-GigabitEthernet0/0/1]port link-type trunk
[JR_SW7-GigabitEthernet0/0/1]port trunk allow-pass vlan 40 900
[JR_SW7-GigabitEthernet0/0/1]int g0/0/2
[JR_SW7-GigabitEthernet0/0/2]port link-type access
[JR_SW7-GigabitEthernet0/0/2]port default vlan 40
[JR_SW7-GigabitEthernet0/0/2]qui
------------------------------------HJ_SW3:
<Huawei>system-view
[Huawei]un in en
[Huawei]sysname HJ_SW3
[HJ_SW3]vlan batch 20 30 40 50 60 70 80 200 900
[HJ_SW3]int g0/0/1
[HJ_SW3-GigabitEthernet0/0/1]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 20 30 40 900
[HJ_SW3-GigabitEthernet0/0/1]int g0/0/2
[HJ_SW3-GigabitEthernet0/0/2]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 20 30 40 900
[HJ_SW3-GigabitEthernet0/0/2]int g0/0/3
[HJ_SW3-GigabitEthernet0/0/3]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/3]port trunk allow-pass vlan 20 30 900
[HJ_SW3-GigabitEthernet0/0/3]int g0/0/4
[HJ_SW3-GigabitEthernet0/0/4]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/4]port trunk allow-pass vlan 40 900
------------------------------------JR_SW8:
<Huawei>SYS
[Huawei]sys
[Huawei]sysname JR_SW8
[JR_SW8]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW8]int g0/0/1
[JR_SW8-GigabitEthernet0/0/1]port link-type trunk
[JR_SW8-GigabitEthernet0/0/1]port trunk allow-pass vlan 50 900
[JR_SW8-GigabitEthernet0/0/1]int g0/0/2
[JR_SW8-GigabitEthernet0/0/2]port link-type access
[JR_SW8-GigabitEthernet0/0/2]port default vlan 50
------------------------------------JR_SW9:
<JR_SW9>SYS
[JR_SW9]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW9]int g0/0/3
[JR_SW9-GigabitEthernet0/0/3]port link-type access
[JR_SW9-GigabitEthernet0/0/3]port default vlan 60
[JR_SW9-GigabitEthernet0/0/3]qui
[JR_SW9]int Eth-Trunk 2
[JR_SW9-Eth-Trunk2]port link-type trunk
[JR_SW9-Eth-Trunk2]port trunk allow-pass vlan 60 900
[JR_SW9-Eth-Trunk2]qui
------------------------------------HJ_SW4:
<HJ_SW4>sys
[HJ_SW4]vlan batch 20 30 40 50 60 70 80 200 900
[HJ_SW4]int g0/0/1
[HJ_SW4-GigabitEthernet0/0/1]port link-type trunk
[HJ_SW4-GigabitEthernet0/0/1]port trunk allow-pass vlan 50 60 900
[HJ_SW4-GigabitEthernet0/0/1]int g0/0/2
[HJ_SW4-GigabitEthernet0/0/2]port link-type trunk
[HJ_SW4-GigabitEthernet0/0/2]port trunk allow-pass vlan 50 60 900
[HJ_SW4-GigabitEthernet0/0/2]int g0/0/3
[HJ_SW4-GigabitEthernet0/0/3]port link-type trunk
[HJ_SW4-GigabitEthernet0/0/3]port trunk allow-pass vlan 50 900
[HJ_SW4-GigabitEthernet0/0/3]qui
[HJ_SW4]int Eth-Trunk 2
[HJ_SW4-Eth-Trunk2]port link-type trunk
[HJ_SW4-Eth-Trunk2]port trunk allow-pass vlan 60 900
[HJ_SW4-Eth-Trunk2]qui
[HJ_SW4]
------------------------------------JR_SW10:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname JR_SW10
[JR_SW10]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW10]int g0/0/1
[JR_SW10-GigabitEthernet0/0/1]port link-type trunk
[JR_SW10-GigabitEthernet0/0/1]port trunk allow-pass vlan 70 900
[JR_SW10-GigabitEthernet0/0/1]int g0/0/2
[JR_SW10-GigabitEthernet0/0/2]port link-type access
[JR_SW10-GigabitEthernet0/0/2]port default vlan 70
[JR_SW10-GigabitEthernet0/0/2]qui
------------------------------------JR_SW11:
<JR_SW11>sys
[JR_SW11]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW11]int g0/0/1
[JR_SW11-GigabitEthernet0/0/1]port link-type trunk
[JR_SW11-GigabitEthernet0/0/1]port trunk allow-pass vlan 80 900
[JR_SW11-GigabitEthernet0/0/1]int g0/0/2
[JR_SW11-GigabitEthernet0/0/2]port link-type access
[JR_SW11-GigabitEthernet0/0/2]port default vlan 80
[JR_SW11-GigabitEthernet0/0/2]int g0/0/3
[JR_SW11-GigabitEthernet0/0/3]port link-type access
[JR_SW11-GigabitEthernet0/0/3]port default vlan 80
------------------------------------HJ_SW5:
<Huawei>system-view
[Huawei]un in en
[Huawei]sysname HJ_SW5
[HJ_SW5]vlan batch 20 30 40 50 60 70 80 200 900
[HJ_SW5]int g0/0/1
[HJ_SW5-GigabitEthernet0/0/1]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/1]port trunk allow-pass vlan 70 80 900
[HJ_SW5-GigabitEthernet0/0/1]int g0/0/2
[HJ_SW5-GigabitEthernet0/0/2]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/2]port trunk allow-pass vlan 70 80 900
[HJ_SW5-GigabitEthernet0/0/2]int g0/0/3
[HJ_SW5-GigabitEthernet0/0/3]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/3]port trunk allow-pass vlan 70 900
[HJ_SW5-GigabitEthernet0/0/3]int g0/0/4
[HJ_SW5-GigabitEthernet0/0/4]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/4]port trunk allow-pass vlan 80 900
[HJ_SW5-GigabitEthernet0/0/4]qui
------------------------------------JR_SW12:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname JR_SW12
[JR_SW12]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW12]int g0/0/1
[JR_SW12-GigabitEthernet0/0/1]port link-type trunk
[JR_SW12-GigabitEthernet0/0/1]port trunk allow-pass vlan 200 900
[JR_SW12-GigabitEthernet0/0/1]int g0/0/2
[JR_SW12-GigabitEthernet0/0/2]port link-type trunk
[JR_SW12-GigabitEthernet0/0/2]port trunk allow-pass vlan 200 900
[JR_SW12-GigabitEthernet0/0/2]int g0/0/3
[JR_SW12-GigabitEthernet0/0/3]port link-type access
[JR_SW12-GigabitEthernet0/0/3]port default vlan 200
[JR_SW12-GigabitEthernet0/0/3]int g0/0/4
[JR_SW12-GigabitEthernet0/0/4]port link-type access
[JR_SW12-GigabitEthernet0/0/4]port default vlan 200
[JR_SW12-GigabitEthernet0/0/4]qui
------------------------------------XH_SW1:
<HX_SW1>SY
[HX_SW1]vlan batch 20 30 40 50 60 70 80 200 900 10
[HX_SW1]vlan batch 4
[HX_SW1]int g0/0/6
[HX_SW1-GigabitEthernet0/0/6]port link-type trunk
[HX_SW1-GigabitEthernet0/0/6]port trunk allow-pass vlan 200 900
[HX_SW1-GigabitEthernet0/0/6]int g0/0/1
[HX_SW1-GigabitEthernet0/0/1]port link-type access
[HX_SW1-GigabitEthernet0/0/1]port default vlan 10
[HX_SW1-GigabitEthernet0/0/1]int g0/0/2
[HX_SW1-GigabitEthernet0/0/2]port link-type access
[HX_SW1-GigabitEthernet0/0/2]port default vlan 4
[HX_SW1-GigabitEthernet0/0/2]int g0/0/3
[HX_SW1-GigabitEthernet0/0/3]port link-type trunk
[HX_SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 20 30 40 900
[HX_SW1-GigabitEthernet0/0/3]int g0/0/4
[HX_SW1-GigabitEthernet0/0/4]port link-type trunk
[HX_SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 50 60 900
[HX_SW1-GigabitEthernet0/0/4]int g0/0/5
[HX_SW1-GigabitEthernet0/0/5]port link-type trunk
[HX_SW1-GigabitEthernet0/0/5]port trunk allow-pass vlan 70 80 900
[HX_SW1-GigabitEthernet0/0/5]qui
[HX_SW1]int Eth-Trunk 1
[HX_SW1-Eth-Trunk1]port link-type trunk
[HX_SW1-Eth-Trunk1]port trunk allow-pass vlan 20 30 40 50 60 70 80 200 900
[HX_SW1-Eth-Trunk1]dis this
[HX_SW1-Eth-Trunk1]
------------------------------------HX_SW2:
<HX_SW2>sys
[HX_SW2]vlan batch 20 30 40 50 60 70 80 200 900
[HX_SW2]vlan batch 2 5
[HX_SW2]int g0/0/1
[HX_SW2-GigabitEthernet0/0/1]port link-type access
[HX_SW2-GigabitEthernet0/0/1]port default vlan 2
[HX_SW2-GigabitEthernet0/0/1]int g0/0/2
[HX_SW2-GigabitEthernet0/0/2]port link-type access
[HX_SW2-GigabitEthernet0/0/2]port default vlan 5
[HX_SW2-GigabitEthernet0/0/2]int g0/0/3
[HX_SW2-GigabitEthernet0/0/3]port link-type trunk
[HX_SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 20 30 40 900
[HX_SW2-GigabitEthernet0/0/3]int g0/0/4
[HX_SW2-GigabitEthernet0/0/4]port link-type trunk
[HX_SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 50 60 900
[HX_SW2-GigabitEthernet0/0/4]int g0/0/5
[HX_SW2-GigabitEthernet0/0/5]port link-type trunk
[HX_SW2-GigabitEthernet0/0/5]port trunk allow-pass vlan 70 80 900
[HX_SW2-GigabitEthernet0/0/5]int g0/0/6
[HX_SW2-GigabitEthernet0/0/6]port link-type trunk
[HX_SW2-GigabitEthernet0/0/6]port trunk allow-pass vlan 200 900
[HX_SW2-GigabitEthernet0/0/6]qui
[HX_SW2]int Eth-Trunk 1
[HX_SW2-Eth-Trunk1]port link-type trunk
[HX_SW2-Eth-Trunk1]port trunk allow-pass vlan 20 30 40 50 60 70 80 200 900
[HX_SW2-Eth-Trunk1]dis this
3、MSTP配置
HX_SW1:
<HX_SW1>sy
[HX_SW1]stp region-configuration
[HX_SW1-mst-region]instance 1 vlan 20 30 40 200
[HX_SW1-mst-region]region-name aa
[HX_SW1-mst-region]revision-level 1
[HX_SW1-mst-region]instance 2 vlan 50 60 70 80
[HX_SW1-mst-region]active region-configuration
[HX_SW1-mst-region]dis this
/*#所有汇聚层交换机和服务器组交换机都需要配置以下命令
stp region-configurationregion-name aarevision-level 1instance 1 vlan 20 30 40 50 60 200instance 2 vlan 70 80active region-configuration
#*/
[HX_SW1-mst-region]qui
[HX_SW1]stp instance 1 root primary
[HX_SW1]stp instance 2 root secondary
[HX_SW1]dis this //查看配置
------------------------------------HX_SW2:
<HX_SW2>sys
[HX_SW2]stp region-configuration
[HX_SW2-mst-region]region-name aa
[HX_SW2-mst-region]revision-level 1
[HX_SW2-mst-region]instance 1 vlan 20 30 40 200
[HX_SW2-mst-region]instance 2 vlan 50 60 70 80
[HX_SW2-mst-region]active region-configuration
[HX_SW2-mst-region]qui
[HX_SW2]stp instance 2 root primary
[HX_SW2]stp instance 1 root secondary
[HX_SW2]dis this
------------------------------------JR_SW12:
<JR_SW12>sy
[JR_SW12]stp region-configuration
[JR_SW12-mst-region]region-name aa
[JR_SW12-mst-region]revision-level 1
[JR_SW12-mst-region]instance 1 vlan 20 30 40 200
[JR_SW12-mst-region]instance 2 vlan 50 60 70 80
[JR_SW12-mst-region]active region-configuration
[JR_SW12-mst-region]qui
------------------------------------HJ_SW3:
[HJ_SW3]stp region-configuration
[HJ_SW3-mst-region]region-name aa
[HJ_SW3-mst-region]revision-level 1
[HJ_SW3-mst-region]instance 1 vlan 20 30 40 200
[HJ_SW3-mst-region]instance 2 vlan 50 60 70 80
[HJ_SW3-mst-region]active region-configuration
[HJ_SW3-mst-region]qui
[HJ_SW3]dis stp br/* MSTID Port Role STP State Protection0 GigabitEthernet0/0/1 ROOT FORWARDING NONE0 GigabitEthernet0/0/2 ALTE DISCARDING NONE
发现这是g0/0/2处于堵塞状态即可*/
------------------------------------HJ_SW4:
<HJ_SW4>sy
[HJ_SW4]stp region-configuration
[HJ_SW4-mst-region]region-name aa
[HJ_SW4-mst-region]revision-level 1
[HJ_SW4-mst-region]instance 1 vlan 20 30 40 200
[HJ_SW4-mst-region]instance 2 vlan 50 60 70 80
[HJ_SW4-mst-region]active region-configuration
[HJ_SW4-mst-region]qui
[HJ_SW4]dis stp br
/* MSTID Port Role STP State Protection2 GigabitEthernet0/0/1 ALTE DISCARDING NONE2 GigabitEthernet0/0/2 ROOT FORWARDING NONE此时g0/0/1堵塞即可*/
------------------------------------HJ_SW5:
[HJ_SW5]stp region-configuration
[HJ_SW5-mst-region] region-name aa
[HJ_SW5-mst-region] revision-level 1
[HJ_SW5-mst-region] instance 1 vlan 20 30 40 200
[HJ_SW5-mst-region] instance 2 vlan 50 60 70 80
[HJ_SW5-mst-region] active region-configuration
[HJ_SW5-mst-region]qui
[HJ_SW5]dis stp br/*MSTID Port Role STP State Protection1 GigabitEthernet0/0/2 ALTE DISCARDING NONE1 GigabitEthernet0/0/1 ROOT FORWARDING NONE此时g0/0/1堵塞即可*/
4、VRRP网关冗余
HX_SW1:
[HX_SW1]int vlan 20
[HX_SW1-Vlanif20]ip add 192.168.20.254 24
[HX_SW1-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.1
[HX_SW1-Vlanif20]vrrp vrid 20 priority 105
[HX_SW1-Vlanif20]dis this
[HX_SW1-Vlanif20]qui
[HX_SW1]int vlan 30
[HX_SW1-Vlanif30]ip add 192.168.30.254 24
[HX_SW1-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.1
[HX_SW1-Vlanif30]vrrp vrid 30 priority 105
[HX_SW1-Vlanif30]qui
[HX_SW1]int vlan 40
[HX_SW1-Vlanif40]ip add 192.168.40.254 24
[HX_SW1-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.1
[HX_SW1-Vlanif40]vrrp vrid 40 priority 105
[HX_SW1-Vlanif40]int vlan 50
[HX_SW1-Vlanif50]ip add 192.168.50.254 24
[HX_SW1-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.1
[HX_SW1-Vlanif50]int vlan 60
[HX_SW1-Vlanif60]ip add 192.168.60.254 24
[HX_SW1-Vlanif60]vrrp vrid 60 virtual-ip 192.168.60.1
[HX_SW1-Vlanif60]int vlan 200
[HX_SW1-Vlanif200]ip add 192.168.200.254 24
[HX_SW1-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1
[HX_SW1-Vlanif200]vrrp vrid 200 priority 105
[HX_SW1-Vlanif200]int vlan 70
[HX_SW1-Vlanif70]ip add 192.168.70.254 24
[HX_SW1-Vlanif70]vrrp vrid 70 virtual-ip 192.168.70.1
[HX_SW1-Vlanif70]int vlan 80
[HX_SW1-Vlanif80]ip add 192.168.80.254 24
[HX_SW1-Vlanif80]vrrp vrid 80 virtual-ip 192.168.80.1
[HX_SW1-Vlanif80]int vlan 10
[HX_SW1-Vlanif10]ip add 192.168.10.2 24
[HX_SW1-Vlanif10]int vlan 4
[HX_SW1-Vlanif4]ip add 192.168.4.1 24
[HX_SW1-Vlanif4]qui
[HX_SW1]
------------------------------------HX_SW2
[HX_SW2]int vlan 70
[HX_SW2-Vlanif70]ip add 192.168.70.253 24
[HX_SW2-Vlanif70]vrrp vrid 70 virtual-ip 192.168.70.1
[HX_SW2-Vlanif70]vrrp vrid 70 priority 105
[HX_SW2-Vlanif70]int vlan 80
[HX_SW2-Vlanif80]ip add 192.168.80.253 24
[HX_SW2-Vlanif80]vrrp vrid 80 virtual-ip 192.168.80.1
[HX_SW2-Vlanif80]vrrp vrid 80 priority 105
[HX_SW2-Vlanif80]int vlan 200
[HX_SW2-Vlanif200]ip add 192.168.200.253 24
[HX_SW2-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1
[HX_SW2-Vlanif200]int vlan 20
[HX_SW2-Vlanif20]ip add 192.168.20.253 24
[HX_SW2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.1
[HX_SW2-Vlanif20]int vlan 30
[HX_SW2-Vlanif30]ip add 192.168.30.253 24
[HX_SW2-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.1
[HX_SW2-Vlanif30]int vlan 40
[HX_SW2-Vlanif40]ip add 192.168.40.253 24
[HX_SW2-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.1
[HX_SW2-Vlanif40]int vlan 50
[HX_SW2-Vlanif50]ip add 192.168.50.253 24
[HX_SW2-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.1
[HX_SW2-Vlanif50]vrrp vrid 50 priority 105
[HX_SW2-Vlanif50]int vlan 60
[HX_SW2-Vlanif60]ip add 192.168.60.253 24
[HX_SW2-Vlanif60]vrrp vrid 60 virtual-ip 192.168.60.1
[HX_SW2-Vlanif60]vrrp vrid 60 priority 105
[HX_SW2-Vlanif60]int vlan 2
[HX_SW2-Vlanif2]ip add 192.168.2.2 24
[HX_SW2-Vlanif2]int vlan 5
[HX_SW2-Vlanif5]ip add 192.168.5.1 24
[HX_SW2-Vlanif5]qui
5、验证VRRP网关冗余
[HX_SW1]dis vrrp br
VRID State Interface Type Virtual IP
----------------------------------------------------------------
20 Master Vlanif20 Normal 192.168.20.1
30 Master Vlanif30 Normal 192.168.30.1
40 Master Vlanif40 Normal 192.168.40.1
50 Backup Vlanif50 Normal 192.168.50.1
60 Backup Vlanif60 Normal 192.168.60.1
70 Backup Vlanif70 Normal 192.168.70.1
80 Backup Vlanif80 Normal 192.168.80.1
200 Master Vlanif200 Normal 192.168.200.1
[HX_SW1]
------------------------------------<HX_SW2>dis vrrp br
VRID State Interface Type Virtual IP
----------------------------------------------------------------
20 Backup Vlanif20 Normal 192.168.20.1
30 Backup Vlanif30 Normal 192.168.30.1
40 Backup Vlanif40 Normal 192.168.40.1
50 Master Vlanif50 Normal 192.168.50.1
60 Master Vlanif60 Normal 192.168.60.1
70 Master Vlanif70 Normal 192.168.70.1
80 Master Vlanif80 Normal 192.168.80.1
200 Backup Vlanif200 Normal 192.168.200.1
<HX_SW2>
6、测试PC通网关
/*手动给PC配置IP地址访问网关,如给vlan3下的PC配置IP:192.168.30.3GW:192.168.30.1 测试访问网关,ping 192.168.30.1通了即可*//*手动给PC配置IP地址访问网关,如给vlan3下的PC配置IP:192.168.70.7GW:192.168.70.1 测试访问网关,ping 192.168.70.1通了即可*/
7、vrrp接口故障追踪
[HX_SW1]int vlan 20
[HX_SW1-Vlanif20]vrrp vrid 20 track interface g0/0/1
[HX_SW1-Vlanif20]vrrp vrid 20 track interface g0/0/2
[HX_SW1-Vlanif20]int vlan 30
[HX_SW1-Vlanif30]vrrp vrid 30 track interface g0/0/1
[HX_SW1-Vlanif30]vrrp vrid 30 track interface g0/0/2
[HX_SW1-Vlanif30]int vlan 40
[HX_SW1-Vlanif40]vrrp vrid 40 track interface g0/0/1
[HX_SW1-Vlanif40]vrrp vrid 40 track interface g0/0/2
[HX_SW1-Vlanif80]int vlan 200
[HX_SW1-Vlanif200]vrrp vrid 200 track interface g0/0/1
[HX_SW1-Vlanif200]vrrp vrid 200 track interface g0/0/2
[HX_SW1-Vlanif200]dis this
------------------------------------HX_SW2:
int vlan 50
vrrp vrid 50 track interface g0/0/1
vrrp vrid 50 track interface g0/0/2
int vlan 60
vrrp vrid 60 track interface g0/0/1
vrrp vrid 60 track interface g0/0/2
int vlan 70
vrrp vrid 70 track interface g0/0/1
vrrp vrid 70 track interface g0/0/2
int vlan 80
vrrp vrid 80 track interface g0/0/1
vrrp vrid 80 track interface g0/0/2
[HX_SW1-Vlanif80]dis this
8、DHCP中继
DHCP:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname DHCP
[DHCP]dhcp enable
[DHCP]ip pool vlan20
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan20]network 192.168.20.0 mask 24
[DHCP-ip-pool-vlan20]gateway-list 192.168.20.1
[DHCP-ip-pool-vlan20]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan20]excluded-ip-address 192.168.20.250 192.168.20.254
[DHCP-ip-pool-vlan20]q
[DHCP]ip pool vlan30
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan30]gateway-list 192.168.30.1
[DHCP-ip-pool-vlan30]network 192.168.30.0 mask 255.255.255.0
[DHCP-ip-pool-vlan30]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan30]excluded-ip-address 192.168.30.250 192.168.30.254
[DHCP-ip-pool-vlan30]q
[DHCP]ip pool vlan40
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan40]gateway-list 192.168.40.1
[DHCP-ip-pool-vlan40]network 192.168.40.0 mask 255.255.255.0
[DHCP-ip-pool-vlan40]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan40]excluded-ip-address 192.168.40.250 192.168.40.254
[DHCP-ip-pool-vlan40]q
[DHCP]ip pool vlan50
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan50]gateway-list 192.168.50.1
[DHCP-ip-pool-vlan50]network 192.168.50.0 mask 255.255.255.0
[DHCP-ip-pool-vlan50]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan50]excluded-ip-address 192.168.50.250 192.168.50.254
[DHCP-ip-pool-vlan50]q
[DHCP]ip pool vlan60
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan60]network 192.168.60.0 mask 24
[DHCP-ip-pool-vlan60]gateway-list 192.168.60.1
[DHCP-ip-pool-vlan60]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan60]excluded-ip-address 192.168.60.250 192.168.60.254
[DHCP-ip-pool-vlan60]q
[DHCP]ip pool vlan70
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan70]gateway-list 192.168.70.1
[DHCP-ip-pool-vlan70]network 192.168.70.0 mask 255.255.255.0
[DHCP-ip-pool-vlan70]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan70]excluded-ip-address 192.168.70.250 192.168.70.254
[DHCP-ip-pool-vlan70]q
[DHCP]ip pool vlan80
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan80]gateway-list 192.168.80.1
[DHCP-ip-pool-vlan80]network 192.168.80.0 mask 255.255.255.0
[DHCP-ip-pool-vlan80]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan80]excluded-ip-address 192.168.80.250 192.168.80.254
[DHCP-ip-pool-vlan80]q
[DHCP]int g0/0/0
[DHCP-GigabitEthernet0/0/0]ip add 192.168.200.3 24
[DHCP-GigabitEthernet0/0/0]dhcp select global
[DHCP-GigabitEthernet0/0/0]qui
[DHCP]ip route-static 0.0.0.0 0 192.168.200.1
------------------------------------HX_SW1:
<HX_SW1>sy
[HX_SW1]dhcp enable
[HX_SW1]int vlanif20
[HX_SW1-Vlanif20]dhcp select relay
[HX_SW1-Vlanif20]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif20]int vlanif30
[HX_SW1-Vlanif30]dhcp select relay
[HX_SW1-Vlanif30]dhcp select relay
[HX_SW1-Vlanif30]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif30]int vlanif40
[HX_SW1-Vlanif40]dhcp select relay
[HX_SW1-Vlanif40]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif40]int vlanif50
[HX_SW1-Vlanif50]dhcp select relay
[HX_SW1-Vlanif50]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif50]int vlanif60
[HX_SW1-Vlanif60]dhcp select relay
[HX_SW1-Vlanif60]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif60]int vlanif70
[HX_SW1-Vlanif70]dhcp select relay
[HX_SW1-Vlanif70]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif70]int vlanif80
[HX_SW1-Vlanif80]dhcp select relay
[HX_SW1-Vlanif80]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif80]qui
[HX_SW1]
------------------------------------HX_SW2:
<HX_SW2>SYS
[HX_SW2]dhcp enable
[HX_SW2]int vlanif20
[HX_SW2-Vlanif20]dhcp select relay
[HX_SW2-Vlanif20]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif20]dis this
#
interface Vlanif20ip address 192.168.20.254 255.255.255.0vrrp vrid 20 virtual-ip 192.168.20.1vrrp vrid 20 priority 105vrrp vrid 20 track interface GigabitEthernet0/0/1vrrp vrid 20 track interface GigabitEthernet0/0/2dhcp select relaydhcp relay server-ip 192.168.200.3
#
return
[HX_SW2-Vlanif20]int vlanif30
[HX_SW2-Vlanif30]dhcp select relay
[HX_SW2-Vlanif30]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif30]int vlanif40
[HX_SW2-Vlanif40]dhcp select relay
[HX_SW2-Vlanif40]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif40]int vlanif50
[HX_SW2-Vlanif50]dhcp select relay
[HX_SW2-Vlanif50]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif50]int vlanif60
[HX_SW2-Vlanif60]dhcp select relay
[HX_SW2-Vlanif60]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif60]int vlanif70
[HX_SW2-Vlanif70]dhcp select relay
[HX_SW2-Vlanif70]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif70]int vlanif80
[HX_SW2-Vlanif80]dhcp select relay
[HX_SW2-Vlanif80]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif80]
此时用户就可以dhcp自动获取相应的地址了
9、核心层路由器地址配置
R1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.6.1 24
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 192.168.10.1 24
[R1-GigabitEthernet0/0/1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip add 192.168.2.1 24
[R1-GigabitEthernet0/0/2]int g4/0/0
[R1-GigabitEthernet4/0/0]ip add 192.168.3.1 24
[R1-GigabitEthernet4/0/0]qui
[R1]
------------------------------------R2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 192.168.7.1 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 192.168.4.2 24
[R2-GigabitEthernet0/0/1]int g0/0/2
[R2-GigabitEthernet0/0/2]ip add 192.168.5.2 24
[R2-GigabitEthernet0/0/2]int g4/0/0
[R2-GigabitEthernet4/0/0]ip add 192.168.3.2 24
[R2-GigabitEthernet4/0/0]qui
[R2]
10、防火墙基本配置
IP地址配置和区域划分
<USG6000V1>sys
[USG6000V1]un in en
[USG6000V1]sysname FW
[FW]int g1/0/0
[FW-GigabitEthernet1/0/0]ip add 192.168.8.1 30
[FW-GigabitEthernet1/0/0]service-manage all permit
[FW-GigabitEthernet1/0/0]int g1/0/1
[FW-GigabitEthernet1/0/1]ip add 192.168.6.2 24
[FW-GigabitEthernet1/0/1]service-manage all permit
[FW-GigabitEthernet1/0/1]int g1/0/2
[FW-GigabitEthernet1/0/2]ip add 192.168.7.2 24
[FW-GigabitEthernet1/0/2]service-manage all permit
[FW-GigabitEthernet1/0/2]int g1/0/3
[FW-GigabitEthernet1/0/3]ip add 192.168.111.1 24
[FW-GigabitEthernet1/0/3]service-manage all permit
[FW-GigabitEthernet1/0/3]quit
[FW]firewall zone untrust
[FW-zone-untrust]add int g1/0/0
[FW-zone-untrust]qui
[FW]firewall zone dmz
[FW-zone-dmz]add int g1/0/3
[FW-zone-dmz]quit
[FW]firewall zone trust
[FW-zone-trust]add int g1/0/1
[FW-zone-trust]add int g1/0/2
[FW-zone-trust]qui
11、OSPF配置
HX_SW1:
[HX_SW1]ospf 1
[HX_SW1-ospf-1]silent-interface vlan 20
[HX_SW1-ospf-1]silent-interface vlan 30
[HX_SW1-ospf-1]silent-interface vlan 40
[HX_SW1-ospf-1]silent-interface vlan 50
[HX_SW1-ospf-1]silent-interface vlan 60
[HX_SW1-ospf-1]silent-interface vlan 70
[HX_SW1-ospf-1]silent-interface vlan 80
[HX_SW1-ospf-1]silent-interface vlan 200
[HX_SW1-ospf-1]area 0
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.4.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.10.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.20.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.30.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.40.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.50.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.60.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.70.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.80.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.200.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]qui
[HX_SW1-ospf-1]qui
[HX_SW1]
------------------------------------HX_SW2:
[HX_SW2]ospf 1
[HX_SW2-ospf-1] silent-interface Vlanif20
[HX_SW2-ospf-1] silent-interface Vlanif30
[HX_SW2-ospf-1] silent-interface Vlanif40
[HX_SW2-ospf-1] silent-interface Vlanif50
[HX_SW2-ospf-1] silent-interface Vlanif60
[HX_SW2-ospf-1] silent-interface Vlanif70
[HX_SW2-ospf-1] silent-interface Vlanif80
[HX_SW2-ospf-1] silent-interface Vlanif200
[HX_SW2-ospf-1]area 0
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.5.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.20.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.30.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.40.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.50.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.60.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.70.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.80.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.200.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.100.0 0.0.0.255//无线管理vlan
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.101.0 0.0.0.255//无线业务vlan
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.102.0 0.0.0.255//无线业务vlan
[HX_SW2-ospf-1-area-0.0.0.0]qui
[HX_SW2-ospf-1]qui
[HX_SW2]
------------------------------------R1:
[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]net 192.168.0.0 0.0.255.255
[R1-ospf-1-area-0.0.0.0]qui
[R1-ospf-1]qui
[R1]
------------------------------------ R2:
[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]net 192.168.0.0 0.0.255.255
[R2-ospf-1-area-0.0.0.0]quit
[R2-ospf-1]quit
[R2]
------------------------------------FW:
[FW]ospf
[FW-ospf-1]default-route-advertise
[FW-ospf-1]area 0
[FW-ospf-1-area-0.0.0.0]net 192.168.6.0 0.0.0.255
[FW-ospf-1-area-0.0.0.0]net 192.168.7.0 0.0.0.255
[FW-ospf-1-area-0.0.0.0]qui
[FW-ospf-1]qui
[FW]
12、BFD链路故障检测
HX_SW1:
[HX_SW1]bfd
[HX_SW1-bfd]qui
[HX_SW1]int vlan 10
[HX_SW1-Vlanif10]ospf bfd enable
[HX_SW1-Vlanif10]int vlan 4
[HX_SW1-Vlanif4]ospf bfd enable
[HX_SW1-Vlanif4]qui
[HX_SW1]
-------------------------HX_SW2:
[HX_SW2]bfd
[HX_SW2-bfd]qui
[HX_SW2]int vlan 5
[HX_SW2-Vlanif5]ospf bfd enable
[HX_SW2-Vlanif5]int vlan 2
[HX_SW2-Vlanif2]ospf bfd enable
[HX_SW2-Vlanif2]qui
[HX_SW2]
-------------------------AR1:
[R1]bfd
[R1-bfd]qui
[R1]ospf
[R1-ospf-1]bfd all-interfaces enable
[R1-ospf-1]qui
-------------------------AR2:
[R2]bfd
[R2-bfd]qui
[R2]ospf
[R2-ospf-1]bfd all-interfaces enable
[R2-ospf-1]qui
[R2]
-------------------------FW:
[FW]bfd
[FW-bfd]qui
[FW]int g1/0/1
[FW-GigabitEthernet1/0/1]ospf bfd en
[FW-GigabitEthernet1/0/1]int g1/0/2
[FW-GigabitEthernet1/0/2]ospf bfd en
[FW-GigabitEthernet1/0/2]qui
[FW]dis ospf bfd session all
[FW]dis bfd session all
13、防火墙策略配置
这一部分要不我就先不放在文章中,配置
的设备只有FW1这里呢配置的技术呢
是这样的,也就是一些安全策略这一部分在文章中要不省了吧,在可以下载资源order的查看
命令笔记和相应的记事本版本的命令没有省,都
一条条的有的全的
14、外网路由器基本配置
ISP_R:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname ISP_R
[ISP_R]int g0/0/1
[ISP_R-GigabitEthernet0/0/1]ip add 192.168.8.2 30
[ISP_R-GigabitEthernet0/0/1]int g0/0/0
[ISP_R-GigabitEthernet0/0/0]ip add 10.10.10.1 24
[ISP_R-GigabitEthernet0/0/0]qui
[ISP_R]
------------------------------------
15、静态路由配置
FW:
[FW]ip route-static 0.0.0.0 0 192.168.8.2
------------------------------------ ISP:
[ISP]ip route-static 0.0.0.0 0.0.0.0 192.168.8.1
16、Server地址映射
[FW]nat server untrust_dmz zone untrust protocol icmp global 100.100.100.100 inside 192.168.111.2 no-reverse //让外网可以通过ping 100.100.100.100访问web服务器
[FW]nat server untust_dmz_web protocol tcp global 100.100.100.100 80 inside 192.168.111.2 80 no-reverse //让外网用户可以通过http://100.100.100.100 登录我们的web服务器
17、Snooping配置
JR_SW6:
[JR_SW6]dhcp enable
[JR_SW6]dhcp snooping enable
[JR_SW6]vlan 20
[JR_SW6-vlan20]dhcp snooping en
[JR_SW6-vlan20]vlan 30
[JR_SW6-vlan30]dhcp snooping enable
[JR_SW6-vlan30]qui
[JR_SW6]int g0/0/1
[JR_SW6-GigabitEthernet0/0/1]dhcp snooping trusted
[JR_SW6-GigabitEthernet0/0/1]dis this
------------------------------------JR_SW7:
<JR_SW7>sys
[JR_SW7]dhcp enable
[JR_SW7]dhcp snooping enable
[JR_SW7]vlan 40
[JR_SW7-vlan40]dhcp snooping enable
[JR_SW7-vlan40]qui
[JR_SW7]int g0/0/1
[JR_SW7-GigabitEthernet0/0/1]dhcp snooping trusted
[JR_SW7-GigabitEthernet0/0/1]qui
------------------------------------JR_SW8:略
------------------------------------JR_SW9:略
能获取得到地址即可,这里PC1获取得到的地址应该是30.254(配图只是为了演示)
18、Telnet远程配置
HX_SW1:
[HX_SW1]aaa
[HX_SW1-aaa]local-user huawei privilege level 3 password cipher 5555
[HX_SW1-aaa]local-user huawei service-type telnet
[HX_SW1-aaa]quit
[HX_SW1]user-interface vty 0 4
[HX_SW1-ui-vty0-4]authentication-mode aaa
[HX_SW1-ui-vty0-4]protocol inbound telnet
[HX_SW1-ui-vty0-4]qui
[HX_SW1]int vlanif 900
[HX_SW1-Vlanif900]ip add 192.168.255.254 24
[HX_SW1-Vlanif900]vrrp vrid 255 virtual-ip 192.168.255.1
[HX_SW1-Vlanif900]dis this
#
interface Vlanif900ip address 192.168.255.254 255.255.255.0vrrp vrid 255 virtual-ip 192.168.255.1
#
return
[HX_SW1-Vlanif900]q
------------------------------------HX_SW2:
[HX_SW2]aaa
[HX_SW2-aaa]local-user huawei privilege level 3 password cipher 5555
Info: Add a new user.
[HX_SW2-aaa]local-user huawei service-type telnet
[HX_SW2-aaa]quit
[HX_SW2]user-interface vty 0 4
[HX_SW2-ui-vty0-4]authentication-mode aaa
[HX_SW2-ui-vty0-4]protocol inbound telnet
[HX_SW2-ui-vty0-4]qui
[HX_SW2]int vlanif 900
[HX_SW2-Vlanif900]ip add 192.168.255.253 24
[HX_SW2-Vlanif900]vrrp vrid 255 virtual-ip 192.168.255.1
[HX_SW2-Vlanif900]dis this
#
interface Vlanif900ip address 192.168.255.253 255.255.255.0vrrp vrid 255 virtual-ip 192.168.255.1
#
return
[HX_SW2-Vlanif900]q
------------------------------------HJ_SW3:
[HJ_SW3]aaa
[HJ_SW3-aaa]local-user huawei privilege level 3 password cipher 5555
[HJ_SW3-aaa]local-user huawei service-type telnet
[HJ_SW3-aaa]quit
[HJ_SW3]user-interface vty 0 4
[HJ_SW3-ui-vty0-4]authentication-mode aaa
[HJ_SW3-ui-vty0-4]protocol inbound telnet
[HJ_SW3-ui-vty0-4]qui
[HJ_SW3]int vlanif 900
[HJ_SW3-Vlanif900]ip add 192.168.255.3 24
[HJ_SW3-Vlanif900]q
[HJ_SW3]ip route-static 0.0.0.0 0 192.168.255.1
[HJ_SW3]HJ_SW4:
[HJ_SW4]aaa
[HJ_SW4-aaa]local-user huawei privilege level 3 password cipher 5555
[HJ_SW4-aaa]local-user huawei service-type telnet
[HJ_SW4-aaa]quit
[HJ_SW4]user-interface vty 0 4
[HJ_SW4-ui-vty0-4]authentication-mode aaa
[HJ_SW4-ui-vty0-4]protocol inbound telnet
[HJ_SW4-ui-vty0-4]qui
[HJ_SW4]int vlanif 900
[HJ_SW4-Vlanif900]ip add 192.168.255.4 24
[HJ_SW4-Vlanif900]q
[HJ_SW4]ip route-static 0.0.0.0 0 192.168.255.1
[HJ_SW4]qui
/*...................剩余的交换机也是一样的配置SW1-SW12*///这个时候接可以telnet了192.168.255.3-8 254 253、和相应的路由器接口地址
/*<PC>telnet 192.168.255.7
Trying 192.168.255.7 ...
Press CTRL+K to abort
Connected to 192.168.255.7 ...Username:huawei
Password:5555
Info: The max number of VTY users is 5, and the numberof current VTY users on line is 1.The current login time is 2022-04-19 17:27:13.
<JR_SW7>*/
19、ACL策略
[HX_SW1]acl 3001
[HX_SW1-acl-adv-3001]rule permit ip source 192.168.50.0 0.0.0.255 destination 192.168.200.2 0
[HX_SW1-acl-adv-3001]rule deny ip source any destination 192.168.200.2 0
[HX_SW1-acl-adv-3001]dis this
#
acl number 3001rule 5 permit ip source 192.168.50.0 0.0.0.255 destination 192.168.200.2 0rule 10 deny ip destination 192.168.200.2 0
#
return
[HX_SW1-acl-adv-3001]qui
[HX_SW1]int g0/0/6
[HX_SW1-GigabitEthernet0/0/6]traffic-filter outbound acl 3001
[HX_SW1-GigabitEthernet0/0/6]qui
------------------------------------HX_SW2:
[HX_SW2]acl 3001
[HX_SW2-acl-adv-3001]rule permit ip source 192.168.50.0 0.0.0.255 destination 192.168.200.2 0
[HX_SW2-acl-adv-3001]rule deny ip source any destination 192.168.200.2 0
[HX_SW2-acl-adv-3001]dis this
#
acl number 3001rule 5 permit ip source 192.168.50.0 0.0.0.255 destination 192.168.200.2 0rule 10 deny ip destination 192.168.200.2 0
#
return
[HX_SW2-acl-adv-3001]qui
[HX_SW2]
[HX_SW2]int g0/0/6
[HX_SW2-GigabitEthernet0/0/6]traffic-filter outbound acl 3001
[HX_SW2-GigabitEthernet0/0/6]qui
20、无线WLAN配置
HX_SW2:
<HX_SW2>sy
[HX_SW2]vlan batch 100 101 102
[HX_SW2]int g0/0/9
[HX_SW2-GigabitEthernet0/0/9]port link-type trunk
[HX_SW2-GigabitEthernet0/0/9]port trunk allow-pass vlan all
[HX_SW2-GigabitEthernet0/0/9]int g0/0/3
[HX_SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 101 102
[HX_SW2-GigabitEthernet0/0/3]int g0/0/5
[HX_SW2-GigabitEthernet0/0/5]port trunk allow-pass vlan 100 101 102
[HX_SW2-GigabitEthernet0/0/5]qui
[HX_SW2]int vlan 100
[HX_SW2-Vlanif100]ip add 192.168.100.1 24
[HX_SW2-Vlanif100]int vlan 101
[HX_SW2-Vlanif101]ip add 192.168.101.1 24
[HX_SW2-Vlanif101]int vlan 102
[HX_SW2-Vlanif102]ip add 192.168.102.1 24
[HX_SW2-Vlanif102]qui
[HX_SW2]dhcp enable
[HX_SW2]ip pool ap_pool
Info:It's successful to create an IP address pool.
[HX_SW2-ip-pool-ap_pool]gateway-list 192.168.100.1
[HX_SW2-ip-pool-ap_pool]network 192.168.100.0 mask 24
[HX_SW2-ip-pool-ap_pool]excluded-ip-address 192.168.100.100
[HX_SW2-ip-pool-ap_pool]dns-list 192.168.111.3
[HX_SW2-ip-pool-ap_pool]qui
[HX_SW2]ip pool hua_1
Info:It's successful to create an IP address pool.
[HX_SW2-ip-pool-hua_1]gateway-list 192.168.101.1
[HX_SW2-ip-pool-hua_1]network 192.168.101.0 mask 24
[HX_SW2-ip-pool-hua_1]dns-list 192.168.111.3
[HX_SW2-ip-pool-hua_1]qui
[HX_SW2]ip pool hua_2
Info:It's successful to create an IP address pool.
[HX_SW2-ip-pool-hua_2]gateway-list 192.168.102.1
[HX_SW2-ip-pool-hua_2]network 192.168.102.0 mask 24
[HX_SW2-ip-pool-hua_2]dns-list 192.168.111.3
[HX_SW2-ip-pool-hua_2]qui
[HX_SW2]int vlan 100
[HX_SW2-Vlanif100]dhcp select global
[HX_SW2-Vlanif100]int vlan 101
[HX_SW2-Vlanif101]dhcp select global
[HX_SW2-Vlanif101]int vlan 102
[HX_SW2-Vlanif102]dhcp select global
[HX_SW2-Vlanif102]qui
[HX_SW2]qui
<HX_SW2>save
-------------------------------------HJ_SW3:
<HJ_SW3>sy
[HJ_SW3]vlan batch 100 101 102
[HJ_SW3]int g0/0/2
[HJ_SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101 102
[HJ_SW3-GigabitEthernet0/0/2]int g0/0/5
[HJ_SW3-GigabitEthernet0/0/5]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/5]port trunk pvid vlan 100
[HJ_SW3-GigabitEthernet0/0/5]port trunk allow-pass vlan 100 101
[HJ_SW3-GigabitEthernet0/0/5]qui
[HJ_SW3]qui
---------------------------------HJ_SW5:
[HJ_SW5]vlan batch 100 101 102
[HJ_SW5]int g0/0/2
[HJ_SW5-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101 102
[HJ_SW5-GigabitEthernet0/0/2]int g0/0/5
[HJ_SW5-GigabitEthernet0/0/5]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/5]port trunk pvid vlan 100
[HJ_SW5-GigabitEthernet0/0/5]port trunk allow-pass vlan 100 102
[HJ_SW5-GigabitEthernet0/0/5]qui
[HJ_SW5]qu
---------------------------------AC:
<AC6605>sy
[AC6605]un in en
[AC6605]sysname AC1
[AC1]vlan batch 100 to 103
[AC1]int g0/0/1
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC1-GigabitEthernet0/0/1]qui
[AC1]int vlan 100
[AC1-Vlanif100]ip add 192.168.100.100 24
[AC1-Vlanif100]qui
[AC1]capwap source int vlanif100
[AC1]wlan
[AC1-wlan-view]ap-group name CYY
[AC1-wlan-ap-group-CYY]q
[AC1-wlan-view]regulatory-domain-profile name domain1
[AC1-wlan-regulate-domain-domain1]country-code cn
[AC1-wlan-regulate-domain-domain1]q
[AC1-wlan-view]ap-group name CYY
[AC1-wlan-ap-group-CYY]regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC1-wlan-ap-group-CYY]qui
[AC1-wlan-view]qui
[AC1]wlan
[AC1-wlan-view]ap-group name YYC
[AC1-wlan-ap-group-YYC]q
[AC1-wlan-view]regulatory-domain-profile name domain2
[AC1-wlan-regulate-domain-domain2]country-code cn
Info: The current country code is same with the input country code.
[AC1-wlan-regulate-domain-domain2]q
[AC1-wlan-view]ap-group name YYC
[AC1-wlan-ap-group-YYC]regulatory-domain-profile domain2
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC1-wlan-ap-group-YYC]qui
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-id 0 ap-mac 00e0-fc82-0a90
[AC1-wlan-ap-0]ap-name area_0
[AC1-wlan-ap-0]ap-group CYY
Warning: This operation may cause AP reset. If the country code changes, it willclear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
[AC1-wlan-ap-0]qui
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-id 1 ap-mac 00e0-fc2d-1bd0
[AC1-wlan-ap-1]ap-name area_1
[AC1-wlan-ap-1]ap-group YYC
Warning: This operation may cause AP reset. If the country code changes, it willclear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC1-wlan-ap-1]qui
[AC1-wlan-view]qui
[AC1]wlan
[AC1-wlan-view]security-profile name A
[AC1-wlan-sec-prof-A]security wpa2 psk pass-phrase a1234567 aes
[AC1-wlan-sec-prof-A]q
[AC1-wlan-view]security-profile name X
[AC1-wlan-sec-prof-X]security wpa2 psk pass-phrase huawei@123 aes
[AC1-wlan-sec-prof-X]qui
[AC1-wlan-view]ssid-profile name B
[AC1-wlan-ssid-prof-B]ssid CYY-CY
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-ssid-prof-B]q
[AC1-wlan-view]ssid-profile name Y
[AC1-wlan-ssid-prof-Y]ssid YYC-YC
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-ssid-prof-Y]q
[AC1-wlan-view]vap-profile name C
[AC1-wlan-vap-prof-C]forward-mode tunnel
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-C]service-vlan vlan-id 101
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-C]security-profile A
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-C]ssid-profile B
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-C]qui
[AC1-wlan-view]vap-profile name Z
[AC1-wlan-vap-prof-Z]forward-mode tunnel
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-Z]service-vlan vlan-id 102
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-Z]security-profile X
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-Z]ssid-profile Y
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-Z]qui
[AC1-wlan-view]ap-group name CYY
[AC1-wlan-ap-group-CYY]vap-profile C wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
[AC1-wlan-ap-group-CYY]vap-profile C wlan 1 radio 1
Info: This operation may take a few seconds, please wait...done.
[AC1-wlan-ap-group-CYY]qui
[AC1-wlan-view]ap-group name YYC
[AC1-wlan-ap-group-YYC]vap-profile Z wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
[AC1-wlan-ap-group-YYC]vap-profile Z wlan 1 radio 1配置好无线之后需要更改一下MSPT这里的步骤放在资源中了
这里就不多说了吧
五、名片所在地
基于eNSP加防火墙的千人中型校园/企业网络规划与设计(一步一步走)相关推荐
- 基于eNSP中大型校园/企业网络规划与设计_ensp综合大作业(ensp综合实验)
作者:BSXY_19计科_陈永跃 BSXY_信息学院 注:未经允许禁止转发任何内容 基于eNSP中大型校园/企业网络规划与设计_综合大作业(ensp综合实验) 前言及技术/资源下载说明( **未经允许 ...
- 基于MPLS-V**多分部互访的ensp企业网络规划与设计_ensp综合实验
作者:BSXY_19计科_陈永跃 BSXY_信息学院 注:未经允许禁止转发任何内容 基于MPLS-V**多分部互访的ensp企业网络规划与设计_ensp综合实验 前言及技术/资源下载说明( **未经允 ...
- 基于Java Web的传智播客crm企业管理系统的设计与实现
项目描述 临近学期结束,还是毕业设计,你还在做java程序网络编程,期末作业,老师的作业要求觉得大了吗?不知道毕业设计该怎么办?网页功能的数量是否太多?没有合适的类型或系统?等等.这里根据疫情当下,你 ...
- 解读千人千面,企业如何做好个性化体验?
专注于数字化营销的公司--Dot Digital曾做过一项调查,发现49%的客户会因为出色的个性化体验而产生"买买买"的冲动.由此可见,企业想要吸引更多客户,个性化的客户体验不可或 ...
- 基于ensp防火墙双击热备二层网络规划与设计
作者:BSXY_19计科_陈永跃 BSXY_信息学院 注:未经允许禁止转发任何内容 基于ensp防火墙双击热备二层网络规划与设计 前言及资源下载 一.设计topo与要求(15个要求) 二.插曲:基于e ...
- 千人千面、用户画像的设计、技术选型与架构实现
用户画像的目的是为产品筛选出目标客户 目前,越来越多的企业,在大数据应用上,都会选择用户画像这一主题,为什么呢?因为用户画像相对于做推荐以及机器学习等简单容易的多,做画像,更多是就是对用户数据的整合, ...
- HTML网页期末作业:基于Html+Css+javascript的网页制作(化妆品企业官网设计20页)...
- HTML网页期末作业:基于Html+Css+javascript的网页制作(化妆品企业官网设计20页)
- 基于eNSP的IPv6校园网络规划与设计_综合实验
作者:BSXY_19计科_陈永跃 BSXY_信息学院 注:未经允许禁止转发任何内容 基于eNSP的IPv6校园网络规划与设计(综合实验) 前言及技术/资源下载说明( **未经允许禁止转发任何内容** ...
最新文章
- poj1226 Substrings
- Sharepoint学习笔记—ECMAScript对象模型系列-- 9、组与用户操作(二)
- iSCSI存储技术全攻略
- 【Android CPU 优化】Android CPU 调优 ( Trace 文件分析 | Android Profiler 工具 | CPU Profiler 工具 )
- java 基础api实现上传,上传文件到7牛云存储的java api一个简单的demo实现
- Openjudge-NOI题库-和为给定数
- 7款免费原型设计工具
- CVPR 2020 算法竞赛大盘点
- pytorch: where、gather函数
- Spring的AOP面向切面编程
- pb 导出文件 日期格式_「案例分享」ERP系统导出数据注意事项
- 中国联通沃支付echop支付插件
- 反向题在测试问卷信效度_关于调查问卷的信度和效度检验
- iphone 竖屏的视频转换为横屏
- 传奇架设好后,在登录游戏账号界面黑屏,并且中间有个小砖块,是什么情况?
- AR涂涂乐⭐三、 C#实现识别图进入扫描框显示绿色,未进入为红色功能
- 新版阿里云官网Maven中央仓库地址
- 发现微创软件在我心目中排全国第一的一个理由
- Python之Rabbitmq发送消息
- win32窗口机制之CreateWindowEX