基于eNSP中大型校园/企业网络规划与设计_ensp综合大作业(ensp综合实验)

这篇具有很好参考价值的文章主要介绍了基于eNSP中大型校园/企业网络规划与设计_ensp综合大作业(ensp综合实验)。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

作者:BSXY_19计科_陈永跃 BSXY_信息学院 注:未经允许禁止转发任何内容

前言及技术/资源下载说明( 未经允许禁止转发任何内容 )

有什么问题可以在评论区说明自己遇到的情况,博主看到会第一时间回复,希望其他人也可以回复别人的问题
可根据以下所提供的设计与实现步骤过程一步一步自行实现(每一条命令都是关键的命令);但是如果有需要的也可以根据以下地址进行下载完整的topo图和完整的配置进行参考与借鉴
,如若拿到topo图可多display查看配置,查看相应的命令,配套资源连接如下,相应的内容如下图所示

基于eNSP中大型校园/企业网络规划与设计_综合大作业topo和完整配置+一步步的所有配置命令(ensp)+一步步可以直接刷的记事本命令可快速配置重复的工作+可以拷贝的命令笔记+详细的地址规划表_资源序号002

交流的时候本人一般都在线的,有什么问题我会的都会竭尽全力的为您解答好吧,视频的话慢慢的过一久弄一下吧,相应的测试命令和截图等等,我都放在下图的可以拷贝的连接中吧到哪一步可以实现什么效果说明和到哪一步完成配置后应该用什么命令测试结果等等的都放在里面了吧,持续更新中…
基于eNSP中大型校园/企业网络规划与设计_ensp综合大作业(ensp综合实验)topo图也就是这样样子的,相应的地址规划和路由规划大部分都在图中明确的标注了基于eNSP中大型校园/企业网络规划与设计_ensp综合大作业(ensp综合实验)
该topo网络中用到的技术有vlan划分、eth-trunk捆绑、RSTP、MSTP、VRRP、OSPF、RIP、IS-IS、NAT(地址池、easyIP两种转换)、单臂路由、ACL、DHCP子接口分配、DHCP中继、Vlink、IPsec VPN、路由引入、默认路由、FW的安全策略规划、dns/web/ftp服务等。该实验非常适合于把相应的单个技术学完想把这些技术综合起来的小伙伴,且对于毕设课设的小伙伴可以进行参考,进行自己的规划与设计,最后对于软考网络工程师/网络规划设计的小伙伴来说个人建议是有必要抽个时间好好的做一下这个实验的,最后说明该topo规划最后的作者权归于:BSXY_信息学院_19计科_陈永跃
基于eNSP中大型校园/企业网络规划与设计_ensp综合大作业(ensp综合实验)

一、设计topo图与设计要求(简单列举18个)

拓扑图1:
基于eNSP中大型校园/企业网络规划与设计_ensp综合大作业(ensp综合实验)

设计要求:

  • 完成服务器、防火墙、路由器相应的接口地址的配置
  • 慧源楼配置Eth-Trunk链路捆绑来提高链路的冗余
  • 根据不同的地域划分多个不同的vlan,减小广播域大小,提高网络的可靠性和安全性
  • 在慧源楼配置RSTP+VRRP,避免网络的回环且快速收敛
  • 在明诚楼配置MSTP+VRRP,同时实现冗余,划分实例,让不同的vlan优先选择相应的交换机,并减少stp震荡
  • 明诚楼、慧源楼、服务区的所有用户通过配置相应的DHCP中继能自动获取地址,且DHCP服务器为AR2
  • 分校区用户也需要要自动获取地址,相应服务器为AR13,AR13配置相应的子接口为相应终端分配地址
  • 慧源楼主要配置OSPF让其相应路由器能学到相应的路由表
  • 明诚楼应用RIP协议和OSPF协议,并将RIP和OSPF路由进行双向引入,让其能与慧源楼互通
  • 服务区配置相应的ftp、dns、web服务器,如有PC接入也能自动获取地址,这里的PC用于测试相应的DHCP
  • FW1和LSW4分别配置Vlink,让area3和area0之间能互通,学到相应的路由信息
  • FW1/FW2都配置相应的安全策略,且在FW1上放行trust到dmz的流量
  • FW1/FW2都配置相应的默认路由指向我们的运行商ISP
  • FW1/FW2配置相应的NAT策略,使得内网、dmz可以访问外网(百度)
  • FW1/FW2配置相应的IPsec VPN让模拟主校区与模拟分校区之间互通,允许互通的网段为172.16.X.X/16
  • 外网模拟ISP使用使用IS-IS路由让其互通
  • 主校区/分校区用户可以通过域名(www.baidu.com)访问外网百度,主校区可以通过域名(www.xyw.com)访问内网web服务器
  • 我们主校区用户的dns服务器就用我们内部的dns服务器,分校区的dns服务器用ISP的dns服务器

二、相应地址规划表

基于eNSP中大型校园/企业网络规划与设计_ensp综合大作业(ensp综合实验)

三、单防火墙冗余网络规划设计(可不看)

插曲部分:基于eNSP加防火墙的千人中型校园/企业网络规划与设计 如下图所示(但是并不在该篇文章中做详细介绍和说明,如查看可点击连接自行查看阅读):
基于eNSP中大型校园/企业网络规划与设计_ensp综合大作业(ensp综合实验)
设计要求:
01、完成服务器、防火墙、路由器等接口地址的配置
02、配置Eth-Trunk 链路捆绑实现链路冗余
03、企业内部划分多个vlan,减小广播域大小,提高网络的可靠性
04、配置MSTP+VRRP实现流量负载分担,同时实现冗余,并配置相应的stp优化技术stp收敛,减少stp震荡
05、所有用户均为自动获取IP地址
06、配置相应的DHCP snooping隔绝非法DHCP server
07、配置OSPF和静态路由实现三层路由互通
08、防火墙配置安全策略,放行内网区域到dmz区的流量
09、防火墙配置NAT策略和安全策略,使得用户可以访问外网百度
10、防火墙配置服务器映射和安全策略,允许外网用户Client通过公网地址100.100.100.100访问web服务器
11、防火墙配置相应策略,允许外网用户Client通过公网http://100.100.100.100访问登录web服务器
12、用户能够通过域名(www.baidu.com)访问外网百度
13、内部财务服务器只允许vlan 50用户访问
14、LSW1-LSW12交换机都能被telnet(huawei 5555)
15、无线WLAN配置,且业务vlan 101 102也可以通过域名(www.baidu.com)访问外网百度

四、该网络规划全过程(顺着一步一步走)

1、慧源楼Eth-trunk配置

	LSW1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW1
[LSW1]int eth-trunk 1
[LSW1-Eth-Trunk1]mode lacp-static
[LSW1-Eth-Trunk1]trunkport g0/0/4
[LSW1-Eth-Trunk1]trunkport g0/0/5
[LSW1-Eth-Trunk1]qui
[LSW1]
-------------------------------------------
	LSW2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW2
[LSW2]int eth-trunk 1
[LSW2-Eth-Trunk1]mode lacp-static
[LSW2-Eth-Trunk1]trunkport g0/0/4
[LSW2-Eth-Trunk1]trunkport g0/0/5
[LSW2-Eth-Trunk1]qui
[LSW2]

2、慧源/日新楼VLAN 划分

	LSW1:
[LSW1]vlan batch 10 11 111
[LSW1]int g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type access
[LSW1-GigabitEthernet0/0/1]port default vlan 111
[LSW1-GigabitEthernet0/0/1]int g0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type trunk
[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 to 11
[LSW1-GigabitEthernet0/0/2]int g0/0/3
[LSW1-GigabitEthernet0/0/3]port link-type trunk
[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 to 11
[LSW1-GigabitEthernet0/0/3]qui
[LSW1]int Eth-Trunk 1
[LSW1-Eth-Trunk1]port link-type trunk
[LSW1-Eth-Trunk1]port trunk allow-pass vlan 10 to 11
[LSW1-Eth-Trunk1]qui
[LSW2]
-------------------------------------------
    LSW2:
[LSW2]vlan batch 10 11 122
[LSW2]int g0/0/1
[LSW2-GigabitEthernet0/0/1]port link-type access
[LSW2-GigabitEthernet0/0/1]port default vlan 122
[LSW2-GigabitEthernet0/0/1]int g0/0/2
[LSW2-GigabitEthernet0/0/2]port link-type trunk
[LSW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 to 11
[LSW2-GigabitEthernet0/0/2]int g0/0/3
[LSW2-GigabitEthernet0/0/3]port link-type trunk
[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 to 11
[LSW2-GigabitEthernet0/0/3]qui
[LSW2]int Eth-Trunk 1
[LSW2-Eth-Trunk1]port link-type trunk
[LSW2-Eth-Trunk1]port trunk allow-pass vlan 10 to 11
[LSW2-Eth-Trunk1]qui
[LSW2]
-------------------------------------------
    LSW3:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW3
[LSW3]vlan batch 12 133
[LSW3]int g0/0/1
[LSW3-GigabitEthernet0/0/1]port link-type access
[LSW3-GigabitEthernet0/0/1]port default vlan 133
[LSW3-GigabitEthernet0/0/1]int g0/0/2
[LSW3-GigabitEthernet0/0/2]port link-type access
[LSW3-GigabitEthernet0/0/2]port default vlan 12
[LSW3-GigabitEthernet0/0/2]qui
[LSW3]
-------------------------------------------
    SW1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname SW1
[SW1]vlan 10
[SW1-vlan10]qui
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 11
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 11
[SW1-GigabitEthernet0/0/2]int e0/0/1
[SW1-Ethernet0/0/1]port link-type access
[SW1-Ethernet0/0/1]port default vlan 10
[SW1-Ethernet0/0/1]qui
[SW1]
-------------------------------------------
    SW2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname SW2
[SW2]vlan 11
[SW2-vlan11]qui
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 11
[SW2-GigabitEthernet0/0/1]int g0/0/2
[SW2-GigabitEthernet0/0/2]port link-type trunk
[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 11
[SW2-GigabitEthernet0/0/2]int e0/0/1
[SW2-Ethernet0/0/1]port link-type access
[SW2-Ethernet0/0/1]port default vlan 11
[SW2-Ethernet0/0/1]qui
[SW2]

3、慧源楼RSTP配置

	LSW1:
[LSW1]stp mode rstp
[LSW1]stp priority 0
[LSW1]
-------------------------------------------
    LSW2:
[LSW2]stp mode rstp
[LSW2]stp priority 4096
[LSW2]

4、慧源楼VRRP配置

	LSW1:
[LSW1]int vlan 10
[LSW1-Vlanif10]ip address 172.16.10.254 24
[LSW1-Vlanif10]vrrp vrid 10 virtual-ip 172.16.10.1
[LSW1-Vlanif10]int vlan 11
[LSW1-Vlanif11]ip address 172.16.11.254 24
[LSW1-Vlanif11]vrrp vrid 11 virtual-ip 172.16.11.1
[LSW1-Vlanif11]qui
[LSW1]
-------------------------------------------
    LSW2:
[LSW2]int vlan 10
[LSW2-Vlanif10]ip address 172.16.10.253 24
[LSW2-Vlanif10]vrrp vrid 10 virtual-ip 172.16.10.1
[LSW2-Vlanif10]int vlan 11
[LSW2-Vlanif11]ip address 172.16.11.253 24
[LSW2-Vlanif11]vrrp vrid 11 virtual-ip 172.16.11.1
[LSW2-Vlanif11]qui
[LSW2]

5、慧源/日新楼OSPF配置

	LSW1:
[LSW1]int vlan 111
[LSW1-Vlanif111]ip add 192.168.111.11 24
[LSW1-Vlanif111]qui
[LSW1]ospf router-id 1.1.1.11
[LSW1-ospf-1]area 0
[LSW1-ospf-1-area-0.0.0.0]network 172.16.10.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0]network 172.16.11.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0]network 192.168.111.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0]qui
[LSW1-ospf-1]qui
[LSW1]
-------------------------------------------
    LSW2:
[LSW2]int vlan 122
[LSW2-Vlanif122]ip add 192.168.122.12 24
[LSW2-Vlanif122]qui
[LSW2]ospf router-id 1.1.1.12
[LSW2-ospf-1]area 0
[LSW2-ospf-1-area-0.0.0.0]network 172.16.10.0 0.0.0.255
[LSW2-ospf-1-area-0.0.0.0]network 172.16.11.0 0.0.0.255
[LSW2-ospf-1-area-0.0.0.0]network 192.168.122.0 0.0.0.255
[LSW2-ospf-1-area-0.0.0.0]qui
[LSW2-ospf-1]qui
[LSW2]
-------------------------------------------
    LSW3:
[LSW3]int vlan 133
[LSW3-Vlanif133]ip add 192.168.133.13 24
[LSW3-Vlanif133]int vlan 12
[LSW3-Vlanif12]ip add 172.16.12.1 24
[LSW3-Vlanif12]qui
[LSW3]ospf router-id 1.1.1.13
[LSW3-ospf-1]area 0
[LSW3-ospf-1-area-0.0.0.0]network 172.16.12.0 0.0.0.255
[LSW3-ospf-1-area-0.0.0.0]network 192.168.133.0 0.0.0.255
[LSW3-ospf-1-area-0.0.0.0]qui
[LSW3-ospf-1]qui
[LSW3]
-------------------------------------------
    AR1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR1
[AR1]int g2/0/0
[AR1-GigabitEthernet2/0/0]ip add 192.168.111.1 24
[AR1-GigabitEthernet2/0/0]int g2/0/1
[AR1-GigabitEthernet2/0/1]ip add 192.168.122.1 24
[AR1-GigabitEthernet2/0/1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 192.168.14.1 24
[AR1-GigabitEthernet0/0/0]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip add 192.168.15.1 24
[AR1-GigabitEthernet0/0/1]int loo0
[AR1-LoopBack0]ip add 10.1.1.1 32
[AR1-LoopBack0]qui
[AR1]ospf router-id 1.1.1.1
[AR1-ospf-1]area 0
[AR1-ospf-1-area-0.0.0.0]net 192.168.14.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]net 192.168.15.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]net 192.168.122.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]net 192.168.111.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]qui
[AR1-ospf-1]qui
[AR1]
-------------------------------------------
    AR2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR2
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip add 192.168.14.2 24
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]ip add 192.168.16.2 24
[AR2-GigabitEthernet0/0/1]int loo0
[AR2-LoopBack0]ip add 10.1.1.2 32
[AR2-LoopBack0]qui
[AR2]ospf router-id 1.1.1.2
[AR2-ospf-1]area 0
[AR2-ospf-1-area-0.0.0.0]net 192.168.14.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]net 192.168.16.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]qui
[AR2-ospf-1]qui
[AR2]
-------------------------------------------
    AR3:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR3
[AR3]int g0/0/0
[AR3-GigabitEthernet0/0/0]ip add 192.168.17.3 24
[AR3-GigabitEthernet0/0/0]int g0/0/1
[AR3-GigabitEthernet0/0/1]ip add 192.168.16.3 24
[AR3-GigabitEthernet0/0/1]int loo0
[AR3-LoopBack0]ip add 10.1.1.3 32
[AR3-LoopBack0]qui
[AR3]ospf router-id 1.1.1.3
[AR3-ospf-1]area 0
[AR3-ospf-1-area-0.0.0.0]net 192.168.17.0 0.0.0.255
[AR3-ospf-1-area-0.0.0.0]net 192.168.16.0 0.0.0.255
[AR3-ospf-1-area-0.0.0.0]qui
[AR3-ospf-1]qui
[AR3]
-------------------------------------------
    AR4:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR4
[AR4]int g0/0/0
[AR4-GigabitEthernet0/0/0]ip add 192.168.133.4 24
[AR4-GigabitEthernet0/0/0]int g0/0/1
[AR4-GigabitEthernet0/0/1]ip add 192.168.15.4 24
[AR4-GigabitEthernet0/0/1]int g2/0/0
[AR4-GigabitEthernet2/0/0]ip add 192.168.18.4 24
[AR4-GigabitEthernet2/0/0]int loo0
[AR4-LoopBack0]ip add 10.1.1.4 32
[AR4-LoopBack0]qui
[AR4]ospf router-id 1.1.1.4
[AR4-ospf-1]area 0
[AR4-ospf-1-area-0.0.0.0]net 192.168.18.0 0.0.0.255
[AR4-ospf-1-area-0.0.0.0]net 192.168.15.0 0.0.0.255
[AR4-ospf-1-area-0.0.0.0]net 192.168.133.0 0.0.0.255
[AR4-ospf-1-area-0.0.0.0]qui
[AR4-ospf-1]qui
[AR4]
-------------------------------------------
    AR5:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR5
[AR5]int g0/0/0
[AR5-GigabitEthernet0/0/0]ip add 192.168.19.5 24
[AR5-GigabitEthernet0/0/0]int g0/0/1
[AR5-GigabitEthernet0/0/1]ip add 192.168.17.5 24
[AR5-GigabitEthernet0/0/1]int g2/0/0
[AR5-GigabitEthernet2/0/0]ip add 192.168.18.5 24
[AR5-GigabitEthernet2/0/0]int loo0
[AR5-LoopBack0]ip add 10.1.1.5 32
[AR5-LoopBack0]qui
[AR5]ospf router-id 1.1.1.5
[AR5-ospf-1]area 0
[AR5-ospf-1-area-0.0.0.0]net 192.168.19.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]net 192.168.17.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]net 192.168.18.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]qui
[AR5-ospf-1]qui
[AR5]

6、慧源/日新楼DHCP中继

	LSW1:
[LSW1]dhcp enable
[LSW1]int vlan 10
[LSW1-Vlanif10]dhcp select relay
[LSW1-Vlanif10]dhcp relay server-ip 192.168.14.2
[LSW1-Vlanif10]dhcp relay server-ip 192.168.16.2
[LSW1-Vlanif10]int vlan 11
[LSW1-Vlanif11]dhcp select relay
[LSW1-Vlanif11]dhcp relay server-ip 192.168.14.2
[LSW1-Vlanif11]dhcp relay server-ip 192.168.16.2
[LSW1-Vlanif11]qui
[LSW1]
-------------------------------------------
    LSW2:
[LSW2]dhcp enable
[LSW2]int vlan 10
[LSW2-Vlanif10]dhcp select relay
[LSW2-Vlanif10]dhcp relay server-ip 192.168.14.2
[LSW2-Vlanif10]dhcp relay server-ip 192.168.16.2
[LSW2-Vlanif10]int vlan 11
[LSW2-Vlanif11]dhcp select relay
[LSW2-Vlanif11]dhcp relay server-ip 192.168.14.2
[LSW2-Vlanif11]dhcp relay server-ip 192.168.16.2
[LSW2-Vlanif11]qui
[LSW2]
-------------------------------------------
    LSW3:
[LSW3]dhcp enable
[LSW3]int vlan 12
[LSW3-Vlanif12]dhcp select relay
[LSW3-Vlanif12]dhcp relay server-ip 192.168.14.2
[LSW3-Vlanif12]dhcp relay server-ip 192.168.16.2
[LSW3-Vlanif12]
-------------------------------------------
    AR2:
[AR2]dhcp enable
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]dhcp select global
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]dhcp select global
[AR2-GigabitEthernet0/0/1]qui
[AR2]ip pool vlan10
[AR2-ip-pool-vlan10]network 172.16.10.0 mask 24
[AR2-ip-pool-vlan10]gateway-list 172.16.10.1
[AR2-ip-pool-vlan10]excluded-ip-address 172.16.10.250 172.16.10.254
[AR2-ip-pool-vlan10]dns-list 172.16.50.3 8.8.8.8 
[AR2-ip-pool-vlan10]lease unlimited
[AR2-ip-pool-vlan10]qui
[AR2]ip pool vlan11
[AR2-ip-pool-vlan11]network 172.16.11.0 mask 24
[AR2-ip-pool-vlan11]gateway-list 172.16.11.1
[AR2-ip-pool-vlan11]excluded-ip-address 172.16.11.250 172.16.11.254
[AR2-ip-pool-vlan11]dns-list 172.16.50.3 8.8.8.8 
[AR2-ip-pool-vlan11]lease unlimited
[AR2-ip-pool-vlan11]qui
[AR2]ip pool vlan12
[AR2-ip-pool-vlan12]gateway-list 172.16.12.1 
[AR2-ip-pool-vlan12]network 172.16.12.0 mask 255.255.255.0
[AR2-ip-pool-vlan12]excluded-ip-address 172.16.12.250 172.16.12.254
[AR2-ip-pool-vlan12]dns-list 172.16.50.3 8.8.8.8
[AR2-ip-pool-vlan12]lease unlimited
[AR2-ip-pool-vlan12]qui
[AR2]ip pool vlan13
[AR2-ip-pool-vlan13]gateway-list 172.16.13.1 
[AR2-ip-pool-vlan13]network 172.16.13.0 mask 255.255.255.0 
[AR2-ip-pool-vlan13]excluded-ip-address 172.16.13.250 172.16.13.254
[AR2-ip-pool-vlan13]dns-list 172.16.50.3 8.8.8.8
[AR2-ip-pool-vlan13]lease unlimited
[AR2-ip-pool-vlan13]qui
[AR2]ip pool vlan14
[AR2-ip-pool-vlan14]gateway-list 172.16.14.1 
[AR2-ip-pool-vlan14]network 172.16.14.0 mask 255.255.255.0
[AR2-ip-pool-vlan14]excluded-ip-address 172.16.14.250 172.16.14.254
[AR2-ip-pool-vlan14]dns-list 172.16.50.3 8.8.8.8
[AR2-ip-pool-vlan14]lease unlimited
[AR2-ip-pool-vlan14]qui
[AR2]ip pool vlan50
[AR2-ip-pool-vlan50]gateway-list 172.16.50.1 
[AR2-ip-pool-vlan50]network 172.16.50.0 mask 255.255.255.0
[AR2-ip-pool-vlan50]excluded-ip-address 172.16.50.250 172.16.50.254
[AR2-ip-pool-vlan50]dns-list 172.16.50.3 8.8.8.8
[AR2-ip-pool-vlan50]lease unlimited
[AR2-ip-pool-vlan50]qui
[AR2]

7、明诚楼VLAN划分

	LSW5-1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW5-1
[LSW5-1]vlan batch 13 14 110
[LSW5-1]int g0/0/1
[LSW5-1-GigabitEthernet0/0/1]port link-type access
[LSW5-1-GigabitEthernet0/0/1]port default vlan 110
[LSW5-1-GigabitEthernet0/0/1]int g0/0/2
[LSW5-1-GigabitEthernet0/0/2]port link-type trunk
[LSW5-1-GigabitEthernet0/0/2]port trunk allow-pass vlan 13 14
[LSW5-1-GigabitEthernet0/0/2]int g0/0/3
[LSW5-1-GigabitEthernet0/0/3]port link-type trunk
[LSW5-1-GigabitEthernet0/0/3]port trunk allow-pass vlan 13 14
[LSW5-1-GigabitEthernet0/0/3]qui
[LSW5-1]
-------------------------------------------
    LSW5-2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW5-2
[LSW5-2]vlan batch 13 14 109
[LSW5-2]int g0/0/1
[LSW5-2-GigabitEthernet0/0/1]port link-type access
[LSW5-2-GigabitEthernet0/0/1]port default vlan 109
[LSW5-2-GigabitEthernet0/0/1]int g0/0/2
[LSW5-2-GigabitEthernet0/0/2]port link-type trunk
[LSW5-2-GigabitEthernet0/0/2]port trunk allow-pass vlan 13 14
[LSW5-2-GigabitEthernet0/0/2]int g0/0/3
[LSW5-2-GigabitEthernet0/0/3]port link-type trunk
[LSW5-2-GigabitEthernet0/0/3]port trunk allow-pass vlan 13 14
[LSW5-2-GigabitEthernet0/0/3]qui
[LSW5-2]
-------------------------------------------
    LSW5:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW5
[LSW5]vlan batch 13 14
[LSW5]int e0/0/1
[LSW5-Ethernet0/0/1]port link-type access
[LSW5-Ethernet0/0/1]port default vlan 13
[LSW5-Ethernet0/0/1]int e0/0/2
[LSW5-Ethernet0/0/2]port link-type access
[LSW5-Ethernet0/0/2]port default vlan 14
[LSW5-Ethernet0/0/2]int g0/0/1
[LSW5-GigabitEthernet0/0/1]port link-type trunk
[LSW5-GigabitEthernet0/0/1]port trunk allow-pass vlan 13 14
[LSW5-GigabitEthernet0/0/1]int g0/0/2
[LSW5-GigabitEthernet0/0/2]port link-type trunk
[LSW5-GigabitEthernet0/0/2]port trunk allow-pass vlan 13 14
[LSW5-GigabitEthernet0/0/2]qui
[LSW5]

8、明诚楼MSTP配置

	LSW5-1:
[LSW5-1]stp region-configuration
[LSW5-1-mst-region]region-name mstp_name
[LSW5-1-mst-region]revision-level 1
[LSW5-1-mst-region]instance 13 vlan 13
[LSW5-1-mst-region]instance 14 vlan 14
[LSW5-1-mst-region]active region-configuration
[LSW5-1-mst-region]qui
[LSW5-1]stp instance 13 root primary
[LSW5-1]stp instance 14 root secondary
[LSW5-1]
-------------------------------------------
    LSW5-2:
[LSW5-2]stp region-configuration
[LSW5-2-mst-region]region-name mstp_name
[LSW5-2-mst-region]revision-level 1
[LSW5-2-mst-region]instance 13 vlan 13
[LSW5-2-mst-region]instance 14 vlan 14
[LSW5-2-mst-region]active region-configuration
[LSW5-2-mst-region]qui
[LSW5-2]stp instance 14 root  primary
[LSW5-2]stp instance 13 root secondary
[LSW5-2]
-------------------------------------------
    LSW5:
[LSW5]stp region-configuration
[LSW5-mst-region]region-name mstp_name
[LSW5-mst-region]revision-level 1
[LSW5-mst-region]instance 13 vlan 13
[LSW5-mst-region]instance 14 vlan 14
[LSW5-mst-region]active region-configuration
[LSW5-mst-region]qui
[LSW5]

9、明诚楼VRRP配置

	LSW5-1:
[LSW5-1]int vlan 13
[LSW5-1-Vlanif13]ip address 172.16.13.254 24
[LSW5-1-Vlanif13]vrrp vrid 13 virtual-ip 172.16.13.1
[LSW5-1-Vlanif13]vrrp vrid 13 priority 105
[LSW5-1-Vlanif13]int vlan 14
[LSW5-1-Vlanif14]ip address 172.16.14.254 24
[LSW5-1-Vlanif14]vrrp vrid 14 virtual-ip 172.16.14.1
[LSW5-1-Vlanif14]qui
[LSW5-1]
-------------------------------------------
    LSW5-2:
[LSW5-2]int vlan 13
[LSW5-2-Vlanif13]ip address 172.16.13.253 24
[LSW5-2-Vlanif13]vrrp vrid 13 virtual-ip 172.16.13.1
[LSW5-2-Vlanif13]int vlan 14
[LSW5-2-Vlanif14]ip address 172.16.14.253 24
[LSW5-2-Vlanif14]vrrp vrid 14 virtual-ip 172.16.14.1
[LSW5-2-Vlanif14]vrrp vrid 14 priority 105
[LSW5-2-Vlanif14]qui
[LSW5-2]

10、明诚楼RIP配置

	LSW5-1:
[LSW5-1]int vlan 110
[LSW5-1-Vlanif110]ip add 192.168.110.1 24
[LSW5-1-Vlanif110]qui
[LSW5-1]rip 1
[LSW5-1-rip-1]version 2
[LSW5-1-rip-1]network 192.168.110.0
[LSW5-1-rip-1]network 172.16.0.0
[LSW5-1-rip-1]qui
[LSW5-1]
-------------------------------------------
    LSW5-2:
[LSW5-2]int vlan 109
[LSW5-2-Vlanif109]ip add 192.168.109.1 24
[LSW5-2-Vlanif109]qui
[LSW5-2]rip 1
[LSW5-2-rip-1]version 2
[LSW5-2-rip-1]network 192.168.109.0
[LSW5-2-rip-1]network 172.16.0.0
[LSW5-2-rip-1]qui
[LSW5-2]
-------------------------------------------
    AR6:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR6
[AR6]int g0/0/0
[AR6-GigabitEthernet0/0/0]ip add 192.168.100.6 24
[AR6-GigabitEthernet0/0/0]int g2/0/1
[AR6-GigabitEthernet2/0/1]ip add 192.168.110.6 24
[AR6-GigabitEthernet2/0/1]int g2/0/2
[AR6-GigabitEthernet2/0/2]ip add 192.168.109.6 24
[AR6-GigabitEthernet2/0/2]int loo0
[AR6-LoopBack0]ip add 10.1.1.6 32
[AR6-LoopBack0]qui
[AR6]rip
[AR6-rip-1]version 2
[AR6-rip-1]net 192.168.110.0
[AR6-rip-1]net 192.168.109.0
[AR6-rip-1]qui
[AR6]

11、OSPF&路由引入

	AR6:
[AR6]ospf router-id 1.1.1.6
[AR6-ospf-1]area 0.0.0.1
[AR6-ospf-1-area-0.0.0.1]network 192.168.100.0 0.0.0.255
[AR6-ospf-1-area-0.0.0.1]qui
[AR6-ospf-1]import-route rip 1
[AR6-ospf-1]qui
[AR6]rip
[AR6-rip-1]import-route ospf
[AR6-rip-1]qui
[AR6]
-------------------------------------------
    LSW4:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW4
[LSW4]vlan batch 100 19 120
[LSW4]int g0/0/1
[LSW4-GigabitEthernet0/0/1]port link-type access
[LSW4-GigabitEthernet0/0/1]port default vlan 120
[LSW4-GigabitEthernet0/0/1]int g0/0/2
[LSW4-GigabitEthernet0/0/2]port link-type access
[LSW4-GigabitEthernet0/0/2]port default vlan 100
[LSW4-GigabitEthernet0/0/2]int g0/0/3
[LSW4-GigabitEthernet0/0/3]port link-type access
[LSW4-GigabitEthernet0/0/3]port default vlan 19
[LSW4-GigabitEthernet0/0/3]qui
[LSW4]int vlan 120
[LSW4-Vlanif120]ip add 192.168.120.4 24
[LSW4-Vlanif120]int vlan 100
[LSW4-Vlanif100]ip add 192.168.100.4 24
[LSW4-Vlanif100]int vlan 19
[LSW4-Vlanif19]ip add 192.168.19.4 24
[LSW4-Vlanif19]qui
[LSW4]ospf router-id 1.1.1.14
[LSW4-ospf-1]area 0
[LSW4-ospf-1-area-0.0.0.0]net 192.168.19.0 0.0.0.255
[LSW4-ospf-1-area-0.0.0.0]qui
[LSW4-ospf-1]area 1
[LSW4-ospf-1-area-0.0.0.1]net 192.168.100.0 0.0.0.255
[LSW4-ospf-1-area-0.0.0.1]qui
[LSW4-ospf-1]area 2
[LSW4-ospf-1-area-0.0.0.2]net 192.168.120.0 0.0.0.255
[LSW4-ospf-1-area-0.0.0.2]qui
[LSW4-ospf-1]qui
[LSW4]

12、明诚楼DHCP中继

	LSW5-1:
[LSW5-1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LSW5-1]int vlan 13
[LSW5-1-Vlanif13]dhcp select relay
[LSW5-1-Vlanif13]dhcp relay server-ip 192.168.14.2
[LSW5-1-Vlanif13]dhcp relay server-ip 192.168.16.2
[LSW5-1-Vlanif13]int vlan 14
[LSW5-1-Vlanif14]dhcp select relay
[LSW5-1-Vlanif14]dhcp relay server-ip 192.168.14.2
[LSW5-1-Vlanif14]dhcp relay server-ip 192.168.16.2
[LSW5-1-Vlanif14]qui
[LSW5-1]
-------------------------------------------
    LSW5-2:
[LSW5-2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LSW5-2]int vlan 13
[LSW5-2-Vlanif13]dhcp select relay
[LSW5-2-Vlanif13]dhcp relay server-ip 192.168.14.2
[LSW5-2-Vlanif13]dhcp relay server-ip 192.168.16.2
[LSW5-2-Vlanif13]int vlan 14
[LSW5-2-Vlanif14]dhcp select relay
[LSW5-2-Vlanif14]dhcp relay server-ip 192.168.14.2
[LSW5-2-Vlanif14]dhcp relay server-ip 192.168.16.2
[LSW5-2-Vlanif14]qui
[LSW5-2]

13、服务区vlan划分

	SW3:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname SW3
[SW3]vlan 50
[SW3-vlan50]qui
[SW3]int e0/0/1
[SW3-Ethernet0/0/1]port link-type access
[SW3-Ethernet0/0/1]port default vlan 50
[SW3-Ethernet0/0/1]int e0/0/2
[SW3-Ethernet0/0/2]port link-type access
[SW3-Ethernet0/0/2]port default vlan 50
[SW3-Ethernet0/0/2]int e0/0/3
[SW3-Ethernet0/0/3]port link-type access
[SW3-Ethernet0/0/3]port default vlan 50
[SW3-Ethernet0/0/3]int g0/0/1
[SW3-GigabitEthernet0/0/1]port link-type trunk
[SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 50
[SW3-GigabitEthernet0/0/1]int g0/0/2
[SW3-GigabitEthernet0/0/2]port link-type trunk
[SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 50
[SW3-GigabitEthernet0/0/2]qui
[SW3]
-------------------------------------------
    LSW6-1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW6-1
[LSW6-1]vlan batch 50 128
[LSW6-1]int g0/0/1
[LSW6-1-GigabitEthernet0/0/1]port link-type access
[LSW6-1-GigabitEthernet0/0/1]port default vlan 128
[LSW6-1-GigabitEthernet0/0/1]int g0/0/2
[LSW6-1-GigabitEthernet0/0/2]port link-type trunk
[LSW6-1-GigabitEthernet0/0/2]port trunk allow-pass vlan 50
[LSW6-1-GigabitEthernet0/0/2]qui
[LSW6-1]
-------------------------------------------
    LSW6-2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW6-2
[LSW6-2]vlan batch 50 129
[LSW6-2]int g0/0/1
[LSW6-2-GigabitEthernet0/0/1]port link-type access
[LSW6-2-GigabitEthernet0/0/1]port default vlan 129
[LSW6-2-GigabitEthernet0/0/1]int g0/0/2
[LSW6-2-GigabitEthernet0/0/2]port link-type trunk
[LSW6-2-GigabitEthernet0/0/2]port trunk allow-pass vlan 50
[LSW6-2-GigabitEthernet0/0/2]qui
[LSW6-2]

14、服务区VRRP配置

	LSW6-1:
[LSW6-1]int vlan 50
[LSW6-1-Vlanif50]ip add 172.16.50.254 24
[LSW6-1-Vlanif50]vrrp vrid 50 virtual-ip 172.16.50.1
[LSW6-1-Vlanif50]vrrp vrid 50 priority 105
[LSW6-1-Vlanif50]qui
[LSW6-1]
-------------------------------------------
    LSW6-2:
[LSW6-2]int vlan 50
[LSW6-2-Vlanif50]ip add 172.16.50.253 24
[LSW6-2-Vlanif50]vrrp vrid 50 virtual-ip 172.16.50.1
[LSW6-2-Vlanif50]vrrp vrid 50 priority 105
[LSW6-2-Vlanif50]qui
[LSW6-2]

15、服务区OSPF配置

	LSW6-1:
[LSW6-1]int vlan 128
[LSW6-1-Vlanif128]ip add 192.168.128.1 24
[LSW6-1-Vlanif128]qui
[LSW6-1]ospf router-id 1.1.1.16
[LSW6-1-ospf-1]area 3
[LSW6-1-ospf-1-area-0.0.0.3]network 172.16.50.0 0.0.0.255
[LSW6-1-ospf-1-area-0.0.0.3]network 192.168.128.0 0.0.0.255
[LSW6-1-ospf-1-area-0.0.0.3]qui
[LSW6-1-ospf-1]qui
[LSW6-1]
-------------------------------------------
    LSW6-2:
[LSW6-2]int vlan 129
[LSW6-2-Vlanif129]ip add 192.168.129.1 24
[LSW6-2-Vlanif129]qui
[LSW6-2]ospf router-id 1.1.1.17
[LSW6-2-ospf-1]area 3
[LSW6-2-ospf-1-area-0.0.0.3]network 172.16.50.0 0.0.0.255
[LSW6-2-ospf-1-area-0.0.0.3]network 192.168.129.0 0.0.0.255
[LSW6-2-ospf-1-area-0.0.0.3]qui
[LSW6-2-ospf-1]qui
[LSW6-2]
-------------------------------------------
    AR9:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR9
[AR9]int g0/0/1
[AR9-GigabitEthernet0/0/1]ip add 192.168.140.9 24
[AR9-GigabitEthernet0/0/1]int g0/0/2
[AR9-GigabitEthernet0/0/2]ip add 192.168.128.9 24
[AR9-GigabitEthernet0/0/2]int g4/0/0
[AR9-GigabitEthernet4/0/0]ip add 192.168.129.9 24
[AR9-GigabitEthernet4/0/0]qui
[AR9]ospf router-id 1.1.1.9
[AR9-ospf-1]area 3
[AR9-ospf-1-area-0.0.0.3]net 192.168.128.0 0.0.0.255
[AR9-ospf-1-area-0.0.0.3]net 192.168.129.0 0.0.0.255
[AR9-ospf-1-area-0.0.0.3]net 192.168.140.0 0.0.0.255
[AR9-ospf-1-area-0.0.0.3]qui
[AR9-ospf-1]qui
[AR9]

16、OSPF&FW1配置

这一部分要不我就先不放在文章中,配置
的设备只有AR7FW1这里呢配置的技术呢
是这样的,AR7只用完成相应的OSPF配置,
而我们的FW1需要配置接口地址,划分我
们的区域,trust/dmz/untrust,然后我们
配置相应的ospf且在OSPF中发布默认路由,
最后配置我们的安全策略即可相应的安全策
略需要我们的内网通dm和外网,DMZ区域能够
通外网,防火墙可以通往任何区域,dmz区域
对外开放相应的服务端口。

这一部分在文章中要不省了吧,在可以拷贝的
命令笔记和相应的记事本版本的命令没有省,都
一条条的有的全的

基于eNSP中大型校园/企业网络规划与设计_ensp综合大作业(ensp综合实验)文章来源地址https://www.toymoban.com/news/detail-413796.html

17、Vlink配置

	FW1:
[FW1]ospf
[FW1-ospf-1]area 2
[FW1-ospf-1-area-0.0.0.2]vlink-peer 1.1.1.14
[FW1-ospf-1-area-0.0.0.2]qui
[FW1-ospf-1]qui
[FW1]
-------------------------------------------
    LSW4:
[LSW4]ospf
[LSW4-ospf-1]area 2
[LSW4-ospf-1-area-0.0.0.2]vlink-peer 1.1.1.18
[LSW4-ospf-1-area-0.0.0.2]qui
[LSW4-ospf-1]qui
[LSW4]

18、服务区DHCP中继

	LSW6-1:
[LSW6-1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LSW6-1]int vlan 50
[LSW6-1-Vlanif50]dhcp select relay
[LSW6-1-Vlanif50]dhcp relay server-ip 192.168.14.2
[LSW6-1-Vlanif50]dhcp relay server-ip 192.168.16.2
[LSW6-1-Vlanif50]qui
[LSW6-1]
-------------------------------------------
    LSW6-2:
[LSW6-2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LSW6-2]int vlan 50
[LSW6-2-Vlanif50]dhcp select relay
[LSW6-2-Vlanif50]dhcp relay server-ip 192.168.14.2
[LSW6-2-Vlanif50]dhcp relay server-ip 192.168.16.2
[LSW6-2-Vlanif50]qui
[LSW6-2]

19、ISP区ISIS配置

	AR10:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR10
[AR10]isis
[AR10-isis-1]net 49.0000.0000.0010.00
[AR10-isis-1]is-level level-2
[AR10-isis-1]cost-style wide
[AR10-isis-1]qui
[AR10]int g0/0/1
[AR10-GigabitEthernet0/0/1]ip add 20.1.1.10 24
[AR10-GigabitEthernet0/0/1]isis enable
[AR10-GigabitEthernet0/0/1]int g0/0/0
[AR10-GigabitEthernet0/0/0]ip add 30.1.1.10 24
[AR10-GigabitEthernet0/0/0]isis enable
[AR10-GigabitEthernet0/0/0]int g0/0/2
[AR10-GigabitEthernet0/0/2]ip add 40.1.1.10 24
[AR10-GigabitEthernet0/0/2]isis enable
[AR10-GigabitEthernet0/0/2]qui
[AR10]
-------------------------------------------
    AR11:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR11
[AR11]isis
[AR11-isis-1]net 49.0000.0000.0011.00
[AR11-isis-1]is-level level-2
[AR11-isis-1]cost-style wide
[AR11-isis-1]qui
[AR11]int g0/0/1
[AR11-GigabitEthernet0/0/1]ip add 50.1.1.11 24
[AR11-GigabitEthernet0/0/1]isis enable
[AR11-GigabitEthernet0/0/1]int g0/0/0
[AR11-GigabitEthernet0/0/0]ip add 30.1.1.11 24
[AR11-GigabitEthernet0/0/0]isis enable
[AR11-GigabitEthernet0/0/0]qui
[AR11]
-------------------------------------------
    AR12:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR12
[AR12]isis
[AR12-isis-1]net 49.0000.0000.0012.00
[AR12-isis-1]is-level level-2
[AR12-isis-1]cost-style wide
[AR12-isis-1]qui
[AR12]int g0/0/0
[AR12-GigabitEthernet0/0/0]ip add 40.1.1.12 24
[AR12-GigabitEthernet0/0/0]isis enable
[AR12-GigabitEthernet0/0/0]int g0/0/1
[AR12-GigabitEthernet0/0/1]ip add 20.1.5.12 24
[AR12-GigabitEthernet0/0/1]isis enable
[AR12-GigabitEthernet0/0/1]int g2/0/0
[AR12-GigabitEthernet2/0/0]ip add 20.1.6.12 24
[AR12-GigabitEthernet2/0/0]isis enable
[AR12-GigabitEthernet2/0/0]
[AR12-GigabitEthernet2/0/0]qui
[AR12]

20、FW1中NAT配置

	FW1:
[FW1]nat address-group nat_pool 0
[FW1-address-group-nat_pool]section 0 20.1.1.5 20.1.1.9
[FW1-address-group-nat_pool]qui
[FW1]nat-policy
[FW1-policy-nat]rule name nat_sys
[FW1-policy-nat-rule-nat_sys]source-zone trust
[FW1-policy-nat-rule-nat_sys]source-zone dmz
[FW1-policy-nat-rule-nat_sys]destination-zone untrust
[FW1-policy-nat-rule-nat_sys]action source-nat address-group nat_pool
[FW1-policy-nat-rule-nat_sys]qui
[FW1-policy-nat]qui
[FW1]

21、IPsec VPN

	FW1:
[FW1]ike proposal 10
[FW1-ike-proposal-10]authentication-method pre-share
[FW1-ike-proposal-10]dh group2
Warning: The security level of group1/group2/group5 is low.
[FW1-ike-proposal-10]encryption-algorithm 3des
 Warning: The security level of des/3des is low. 
[FW1-ike-proposal-10]authentication-algorithm sha1
Warning: The security level of md5/sha1 is low.
[FW1-ike-proposal-10]qui
[FW1]ike peer FW2
[FW1-ike-peer-FW2]pre-shared-key huawei
[FW1-ike-peer-FW2]remote-address 50.1.1.2
[FW1-ike-peer-FW2]ike-proposal 10
[FW1-ike-peer-FW2]qui
[FW1]acl 3000
[FW1-acl-adv-3000]rule 5 permit ip source 172.16.0.0 0.0.255.255 destination 172.16.0.0 0.0.255.255
[FW1-acl-adv-3000]qui
[FW1]ipsec proposal XNS
[FW1-ipsec-proposal-XNS]encapsulation-mode tunnel
[FW1-ipsec-proposal-XNS]esp encryption-algorithm 3des
Warning: The security level of des/3des this algorithm is low.
[FW1-ipsec-proposal-XNS]esp authentication-algorithm sha1
Warning: The security level of md5/sha1 is low.
[FW1-ipsec-proposal-XNS]qui
[FW1]ipsec policy XNS_MAP 10 isakmp
[FW1-ipsec-policy-isakmp-XNS_MAP-10]security acl 3000
[FW1-ipsec-policy-isakmp-XNS_MAP-10]proposal XNS
[FW1-ipsec-policy-isakmp-XNS_MAP-10]ike-peer FW2
[FW1-ipsec-policy-isakmp-XNS_MAP-10]qui
[FW1]int g1/0/2
[FW1-GigabitEthernet1/0/2]ipsec policy XNS_MAP
[FW1-GigabitEthernet1/0/2]qui
[FW1]security-policy 
[FW1-policy-security]rule name out_to_local
[FW1-policy-security-rule-out_to_local]source-zone untrust
[FW1-policy-security-rule-out_to_local]destination-zone local
[FW1-policy-security-rule-out_to_local]service protocol 50
[FW1-policy-security-rule-out_to_local]service protocol udp destination-port 500
[FW1-policy-security-rule-out_to_local]action permit
[FW1-policy-security-rule-out_to_local]qui
[FW1-policy-security]rule name out_to_in
[FW1-policy-security-rule-out_to_in]source-zone untrust
[FW1-policy-security-rule-out_to_in]destination-zone trust
[FW1-policy-security-rule-out_to_in]source-address 172.16.0.0 mask 255.255.0.0
[FW1-policy-security-rule-out_to_in]destination-address 172.16.0.0 mask 255.255.0.0
[FW1-policy-security-rule-out_to_in]action permit
[FW1-policy-security-rule-out_to_in]qui
[FW1-policy-security]qui
[FW1]nat-policy
[FW1-policy-nat]rule name nat_pass
[FW1-policy-nat-rule-nat_pass]source-zone trust
[FW1-policy-nat-rule-nat_pass]destination-zone untrust
[FW1-policy-nat-rule-nat_pass]source-address 172.16.0.0 16
[FW1-policy-nat-rule-nat_pass]destination-address 172.16.0.0 16
[FW1-policy-nat-rule-nat_pass]action no-nat
[FW1-policy-nat-rule-nat_pass]qui
[FW1-policy-nat]rule move nat_pass up
[FW1-policy-nat]qui
[FW1]
-------------------------------------------
    FW2:
<USG6000V1>sys
[USG6000V1]un in en
[USG6000V1]sysname FW2
[FW2]int g1/0/0
[FW2-GigabitEthernet1/0/0]ip add 50.1.1.2 24
[FW2-GigabitEthernet1/0/0]service-manage all permit
[FW2-GigabitEthernet1/0/0]int g1/0/1
[FW2-GigabitEthernet1/0/1]ip add 192.168.150.2 24
[FW2-GigabitEthernet1/0/1]service-manage all permit
[FW2-GigabitEthernet1/0/1]qui
[FW2]firewall zone untrust
[FW2-zone-untrust]add int g1/0/0
[FW2-zone-untrust]qui
[FW2]firewall zone trust
[FW2-zone-trust]add int g1/0/1
[FW2-zone-trust]qui
[FW2]ip route-static 0.0.0.0 0 50.1.1.11
[FW2]ike proposal 10
[FW2-ike-proposal-10]authentication-method pre-share
[FW2-ike-proposal-10]dh group2
Warning: The security level of group1/group2/group5 is low.
[FW2-ike-proposal-10]encryption-algorithm 3des
 Warning: The security level of des/3des is low. 
[FW2-ike-proposal-10]authentication-algorithm sha1
Warning: The security level of md5/sha1 is low.
[FW2-ike-proposal-10]qui
[FW2]ike peer FW1
[FW2-ike-peer-FW1]pre-shared-key huawei
[FW2-ike-peer-FW1]remote-address 20.1.1.1
[FW2-ike-peer-FW1]ike-proposal 10
[FW2-ike-peer-FW1]qui
[FW2]acl 3000
[FW2-acl-adv-3000]rule 5 permit ip source 172.16.0.0 0.0.255.255 destination 172.16.0.0 0.0.255.255
[FW2-acl-adv-3000]qui
[FW2]ipsec proposal XNS
[FW2-ipsec-proposal-XNS]encapsulation-mode tunnel
[FW2-ipsec-proposal-XNS]esp encryption-algorithm 3des
Warning: The security level of des/3des this algorithm is low.
[FW2-ipsec-proposal-XNS]esp authentication-algorithm sha1
Warning: The security level of md5/sha1 is low.
[FW2-ipsec-proposal-XNS]qui
[FW2]ipsec policy XNS_MAP 10 isakmp
[FW2-ipsec-policy-isakmp-XNS_MAP-10]security acl 3000
[FW2-ipsec-policy-isakmp-XNS_MAP-10]proposal XNS
[FW2-ipsec-policy-isakmp-XNS_MAP-10]ike-peer FW1
[FW2-ipsec-policy-isakmp-XNS_MAP-10]qui
[FW2]int g1/0/0
[FW2-GigabitEthernet1/0/0]ipsec policy XNS_MAP
[FW2-GigabitEthernet1/0/0]qui
[FW2]security-policy 
[FW2-policy-security]rule name out_to_local
[FW2-policy-security-rule-out_to_local]source-zone untrust
[FW2-policy-security-rule-out_to_local]destination-zone local
[FW2-policy-security-rule-out_to_local]service protocol 50
[FW2-policy-security-rule-out_to_local]service protocol udp destination-port 500
[FW2-policy-security-rule-out_to_local]action permit
[FW2-policy-security-rule-out_to_local]qui
[FW2-policy-security]rule name out_to_in
[FW2-policy-security-rule-out_to_in]source-zone untrust
[FW2-policy-security-rule-out_to_in]destination-zone trust
[FW2-policy-security-rule-out_to_in]source-address 172.16.0.0 16
[FW2-policy-security-rule-out_to_in]destination-address 172.16.0.0 16
[FW2-policy-security-rule-out_to_in]action permit
[FW2-policy-security-rule-out_to_in]qui
[FW2-policy-security]rule name in_to_out
[FW2-policy-security-rule-in_to_out]source-zone trust
[FW2-policy-security-rule-in_to_out]destination-zone untrust
[FW2-policy-security-rule-in_to_out]action permit
[FW2-policy-security-rule-in_to_out]qui
[FW2-policy-security]rule name local_to_any
[FW2-policy-security-rule-local_to_any]source-zone local
[FW2-policy-security-rule-local_to_any]action permit
[FW2-policy-security-rule-local_to_any]qui
[FW2-policy-security]qui
[FW2]nat-policy
[FW2-policy-nat]rule name nat_pass
[FW2-policy-nat-rule-nat_pass]source-zone trust
[FW2-policy-nat-rule-nat_pass]destination-zone untrust
[FW2-policy-nat-rule-nat_pass]source-address 172.16.16.0 16
[FW2-policy-nat-rule-nat_pass]destination-address 172.16.0.0 16
[FW2-policy-nat-rule-nat_pass]action no-nat
[FW2-policy-nat-rule-nat_pass]qui
[FW2-policy-nat]rule name easyip
[FW2-policy-nat-rule-easyip]source-zone trust
[FW2-policy-nat-rule-easyip]destination-zone untrust
[FW2-policy-nat-rule-easyip]source-address 172.16.0.0 16
[FW2-policy-nat-rule-easyip]action source-nat easy-ip
[FW2-policy-nat-rule-easyip]qui
[FW2-policy-nat]qui
[FW2]

22、分校区单臂路由&DHCP

	LSW7:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW7
[LSW7]vlan batch 16 17
[LSW7]int g0/0/1
[LSW7-GigabitEthernet0/0/1]port link-type access
[LSW7-GigabitEthernet0/0/1]port default vlan 16
[LSW7-GigabitEthernet0/0/1]int g0/0/2
[LSW7-GigabitEthernet0/0/2]port link-type access
[LSW7-GigabitEthernet0/0/2]port default vlan 17
[LSW7-GigabitEthernet0/0/2]int g0/0/3
[LSW7-GigabitEthernet0/0/3]port link-type trunk
[LSW7-GigabitEthernet0/0/3]port trunk allow-pass vlan 16 17
[LSW7-GigabitEthernet0/0/3]qui
[LSW7]
-------------------------------------------
    AR13:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR13
[AR13]int g0/0/1
[AR13-GigabitEthernet0/0/1]ip add 192.168.150.13 24
[AR13-GigabitEthernet0/0/1]int g0/0/0.16
[AR13-GigabitEthernet0/0/0.16]dot1q termination vid 16
[AR13-GigabitEthernet0/0/0.16]ip add 172.16.16.1 24
[AR13-GigabitEthernet0/0/0.16]arp broadcast en
[AR13-GigabitEthernet0/0/0.16]int g0/0/0.17
[AR13-GigabitEthernet0/0/0.17]dot1q termination vid 17
[AR13-GigabitEthernet0/0/0.17]ip add 172.16.17.1 24
[AR13-GigabitEthernet0/0/0.17]arp broadcast en
[AR13-GigabitEthernet0/0/0.17]qui
[AR13]dhcp enable
[AR13]ip pool sys_vlan16
[AR13-ip-pool-sys_vlan16]network 172.16.16.0 mask 24
[AR13-ip-pool-sys_vlan16]gateway-list 172.16.16.1
[AR13-ip-pool-sys_vlan16]dns-list 20.1.6.2 8.8.8.8
[AR13-ip-pool-sys_vlan16]qui
[AR13]ip pool sys_vlan17
[AR13-ip-pool-sys_vlan17]network 172.16.17.0 mask 24
[AR13-ip-pool-sys_vlan17]gateway-list 172.16.17.1
[AR13-ip-pool-sys_vlan17]dns-list 8.8.8.8 114.114.114.114
[AR13-ip-pool-sys_vlan17]qui
[AR13]int g0/0/0.16
[AR13-GigabitEthernet0/0/0.16]dhcp select global
[AR13-GigabitEthernet0/0/0.16]qui
[AR13]int g0/0/0.17
[AR13-GigabitEthernet0/0/0.17]dhcp select global
[AR13-GigabitEthernet0/0/0.17]qui
[AR13]

23、RIP&路由引入

	AR13:
[AR13]rip 1
[AR13-rip-1]version 2
[AR13-rip-1]network 192.168.150.0
[AR13-rip-1]import-route direct
[AR13-rip-1]qui
[AR13]
-------------------------------------------
    FW2:
[FW2]rip 1
[FW2-rip-1]default-route originate
[FW2-rip-1]version 2
[FW2-rip-1]network 192.168.150.0
[FW2-rip-1]qui
[FW2]

到了这里,关于基于eNSP中大型校园/企业网络规划与设计_ensp综合大作业(ensp综合实验)的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • 专科毕业论文《基于ENSP校园网络的设计与规划》

    目    录 摘  要 :VRRP;VLAN;DHCP;防火墙;OSPF协议 第一章 绪论 1.1研究背景 1.2研究目的与意义 1.3论文结构 第二章 校园网络的设计与需求分析 2.1 三层组网结构 2.1.1 组网结构简介 2.1.2 接入层 2.1.3 汇聚层 2.4 用户需求 2.1.4 核心层 2.2 网络服务与冗余设计 2.2.1 三层组网

    2024年02月04日
    浏览(49)
  • 基于eNSP的IPv6校园网络规划与设计_综合实验

    有什么问题可以在评论区说明自己遇到的情况,博主看到会第一时间回复,希望其他人也可以回复别人的问题 。 可根据以下所提供的设计与实现步骤过程一步一步自行实现(每一条命令都是关键的命令);但是如果有需要的也可以根据以下地址进行下载完整的topo图和完整的

    2024年02月03日
    浏览(57)
  • 基于华为eNSP的多结构企业网/校园网网络设计综合组网配置/作品演示

    XX中学校园的主干层次结构采用核心,汇聚,接入的三层模型。核心层处理整体网络的数据流动,实现各节点间数据的高速处理,增加安全措施和访问权限等等。汇聚夹于两层之间,任务包括线路的整合汇聚,向信息点传递流量数据和策略协议的流动实施。接入层分配带宽,

    2024年02月09日
    浏览(47)
  • 基于华为eNSP的双核心企业网/校园网网络设计综合组网配置/作品演示【网络工程毕业设计】

    XX中学校园 的主干层次结构采用核心,汇聚,接入的三层模型。核心层处理整体网络的数据流动,实现各节点间数据的高速处理,增加安全措施和访问权限等等。汇聚夹于两层之间,任务包括线路的整合汇聚,向信息点传递流量数据和策略协议的流动实施。接入层分配带宽,

    2024年02月08日
    浏览(46)
  • 华为ensp模拟校园网/企业网实例--中型企业无线网络的设计

    文章简介:本文做了一个中型企业无线网络的设计,课题重点突出无线网络和高安全性,除了基础的功能要通,还需要实现无线AP,防火墙功能,VLAN技术,ACL访问控制实现过滤,生成树协议,负载分担,NAT技术实现私有网络IP地址转换为公有网络IP地址,无线技术,加密技术。

    2023年04月08日
    浏览(48)
  • 基于ensp校园网络(完整文档+ensp拓扑图)

    大家好,我是小华学长,一名计算机领域的博主。经过多年的学习和实践,我积累了丰富的计算机知识和经验,在这里我想与大家分享我的学习心得和技巧,帮助你成为更好的程序员。 作为一名计算机博主,我一直专注于编程、算法、软件开发等领域,在这些方面积累了大量

    2024年02月04日
    浏览(47)
  • 防火墙在企业园区出口安全方案中的应用(ENSP实现)_基于ensp的大型企业双路由出口与双防火墙,以及两台三层交换机作为汇聚接入设备的(1)

    7 NAT规划 源地址 地址池 总部、分部内网可访问Internet的网段 1.1.1.6 ~ 1.1.1.10、2.2.2.6 ~ 2.2.2.10 8 NAT Server Source-IP Source-Port Global-IP Global-Port 10.1.60.100 80 1.1.1.4(FW_A) 8080 10.1.60.101 21 1.1.1.5(FW_A) 21 10.1.60.100 80 2.2.2.4(FW_B) 8080 10.1.60.101 21 2.2.2.5(FW_B) 21 9 OSPF 本端设备 对端设备 进程

    2024年04月27日
    浏览(43)
  • 网络工程毕设-----基于华为ensp搭建校园网

    本实验用华为模拟器ensp搭建简单的校园网络,其中用到的技术有动态路由协议OSPF,静态路由配置,HTTP、DNS以及FTP服务器的配置,PNAT端口地址转换协议,MSTP多生成树协议,VLAN划分及配置IP地址划分及配置等! 选取设备型号如下: 1.AR1220 2.S5700 3.S3700 操作步骤如下: Core-SW1

    2024年02月11日
    浏览(40)
  • Cisco Packet Trancer中小型校园网/企业网/园区网网络设计规划/无线网络

     有需求,见评论私信交流!!! 项目演示视频: Cisco PT软件模拟实现双核心中型企业/校园网 网络架构拓扑设计、论文,毕设_哔哩哔哩_bilibili 例1:       目录 摘要 一、 绪论 (一)项目背景分析 (二) 企业园区网发展现状 二、系统需求分析 (一)项目背景分析 (二)

    2024年02月09日
    浏览(55)
  • 基于OSPF技术的某企业网络设计(完整文档+ENSP拓扑图)

    大家好,我是小华学长,一名计算机领域的博主。经过多年的学习和实践,我积累了丰富的计算机知识和经验,在这里我想与大家分享我的学习心得和技巧,帮助你成为更好的程序员。 作为一名计算机博主,我一直专注于编程、算法、软件开发等领域,在这些方面积累了大量

    2024年02月04日
    浏览(47)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包