基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)

这篇具有很好参考价值的文章主要介绍了基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

作者:BSXY_19计科_陈永跃 BSXY_信息学院_名片v位于结尾处 注:未经允许禁止转发任何内容

前言及技术/资源下载说明( 未经允许禁止转发任何内容 )

有什么问题可以在评论区说明自己遇到的情况,博主看到会第一时间回复,希望其他人也可以回复别人的问题
可根据以下所提供的设计与实现步骤过程一步一步自行实现(每一条命令都是关键的命令);但是如果有需要的也可以根据以下地址进行下载完整的topo图和完整的配置进行参考与借鉴
,如若拿到topo图可多display查看配置,查看相应的命令,配套资源连接如下,相应的内容如下图所示

网络规划-基于eNSP的IPv4加IPv6的企业/校园规划设计-毕设或课设可参考一步步的所有配置命令(ensp)+一步步可以直接刷的记事本命令可快速配置重复的工作+可以拷贝的命令笔记+详细的地址规划表+全程视频的配置+3000字的测试文档和截图_资源序号001
防火墙用户名:admin 密码:admin@123
基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)
需交流的时候本人一般都在线的,有什么问题我会的都会竭尽全力的为您解答好吧*,相应的测试命令和截图到哪一步可以实现什么效果说明和到哪一步完成配置后应该用什么命令测试结果等等的都放在下图资源中了,持续更新中…
基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)
基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)
topo图也就是这样子的,相应的地址规划和路由规划大部分都在图中明确的标注了
基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)
该topo网络中用到的技术有vlan划分、eth-trunk捆绑、MSTP、VRRP、、DHCP中继、OSPF、BFD故障检测、端口安全及隔离、无线WLAN、PPPoE、IS-IS、BGP、MPLS V*N、DHCPsnooping、NQA、NATserver地址映射、NAT(地址池、easyIP两种转换)、telnet、ACL、IPsec VPN、路由引入、默认路由、FW的安全策略规划、ISISv6、OSPFv3、DHCPv6、6to4隧道、BGP4+等。该实验非常适合于把相应的单个技术学完想把这些技术综合起来的小伙伴,且对于毕设课设的小伙伴可以进行参考,进行自己的规划与设计。场景适用于毕业设计、校园网络规划、企业网络规划等场合,有什么问题可以在平台私信博主,博主看到都会第一时间回复的,最后说明该topo规划最后的作者权归于:BSXY_信息学院_19计科_陈永跃
基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)

一、设计topo图与设计要求(简单列举35个)

拓扑图1:
基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)

设计要求:

  • 完成服务器、防火墙、路由器相应的接口地址的配置
  • 慧源楼配置Eth-Trunk链路捆绑来提高链路的冗余
  • 根据不同的地域划分多个不同的vlan,减小广播域大小,提高网络的可靠性和安全性
  • 在明诚楼配置MSTP+VRRP,同时实现冗余,划分实例,让不同的vlan优先选择相应的交换机,并减少stp震荡
  • 明诚楼、慧源楼、德润楼的所有用户通过配置相应的DHCP中继能自动获取地址,且DHCP服务器为DHCPserver
  • 配置相应的ospf,多区域区域0中OSPF激活MD5认证,SW1/SW2采用接口方式配置
  • 区域0内的设备启用BFD快速检测链路故障
  • 分校区用户也需要要自动获取地址,相应服务器为AR4,AR4配置相应的子接口为相应终端分配地址
  • 配置端口安全,且接口能够自动学习MAC地址
  • 配置端口隔离实现PC6,PC7同VLAN内不能互访
  • 分校区/分部的无线用的地址和AP的地址都由SW8来分配
  • FW2作为PPPoE客户端,AR5作为PPPoE服务端,进行相应的拨号上网
  • R1,R2,R3部署ISIS Level-2,区域ID 49.0000
  • 部署MPLS VPN,其中R1,R3作为PE设备,R2作为路由放射器
  • FW1,FW2作为CE端与PE端建立eBGP邻居关系
  • 运营商AS 100,总部/主校区在65430,分支都在AS65000
  • FW1,FW2之间部署IPSec VPN 实现总部/主校区与分支之间通信
  • 其中总部和分支之间通信优先使用MPLS VPN若MPLS VPN故障使用IPSec VPN实现通信
  • 若FW1中NQA检测10.1.5.5不可达则停止下发缺省到内网
  • NAT配置总部/主校区用户方位外网用地址池10.1.22.100~10.1.22.110
  • 分支用户访问外网采用EASY-IP实现
  • 外网用户访问内网WEB服务——用100.100.100.100来做相应的地址映射
  • 财务部服务器只能由内网的vlan 10用户访问
  • 配置DHCP Snooping防止DHCP欺骗与非法dhcp服务器的接入
  • 内部的所有交换机都可以被telnet进行远程管理
  • 主校区/总部用户可以通过域名(www.baidu.com)访问外网百度,无线用户也可以
  • ipv6中对于AS100内互联地址采用link-local地址
  • R1,R2,R3的lo0地址2001:10:1:X::X/128
  • 激活ISISv6,并保障v4与v6的拓扑分离
  • SW1 SW2新增Lo0接口地址为2001:192:168:X::X/128
  • FW1,SW1,SW2部署OSPFv3区域0,其中互联地址采用Link-local地址
  • 分支FW2与AR4部署OSPFv3,互联地址采用link-local地址
  • FW1,FW2利用MPLS VPN网络建立6to4隧道
  • 对于6to4隧道基础上部署BGP4+,实现总部与分支的IPv6互通

二、相应地址规划表

基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)
基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)
地址规划表上传的时候有点模糊,这里没有做图片的一下优化处理,但是Excel里面的是可以编辑的或是可以更改的,像下图就比较清晰
基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)

三、基于eNSP中大型校园/企业网络规划与设计_ensp综合大作业(可不看)

插曲部分:基于eNSP中大型校园/企业网络规划与设计_ensp综合大作业(ensp综合实验) 如下图所示(但是并不在该篇文章中做详细介绍和说明,如查看可点击连接自行查看阅读):
基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)
设计要求:

  • 完成服务器、防火墙、路由器相应的接口地址的配置
  • 慧源楼配置Eth-Trunk链路捆绑来提高链路的冗余
  • 根据不同的地域划分多个不同的vlan,减小广播域大小,提高网络的可靠性和安全性
  • 在慧源楼配置RSTP+VRRP,避免网络的回环且快速收敛
  • 在明诚楼配置MSTP+VRRP,同时实现冗余,划分实例,让不同的vlan优先选择相应的交换机,并减少stp震荡
  • 明诚楼、慧源楼、服务区的所有用户通过配置相应的DHCP中继能自动获取地址,且DHCP服务器为AR2
  • 分校区用户也需要要自动获取地址,相应服务器为AR13,AR13配置相应的子接口为相应终端分配地址
  • 慧源楼主要配置OSPF让其相应路由器能学到相应的路由表
  • 明诚楼应用RIP协议和OSPF协议,并将RIP和OSPF路由进行双向引入,让其能与慧源楼互通
  • 服务区配置相应的ftp、dns、web服务器,如有PC接入也能自动获取地址,这里的PC用于测试相应的DHCP
  • FW1和LSW4分别配置Vlink,让area3和area0之间能互通,学到相应的路由信息
  • FW1/FW2都配置相应的安全策略,且在FW1上放行trust到dmz的流量
  • FW1/FW2都配置相应的默认路由指向我们的运行商ISP
  • FW1/FW2配置相应的NAT策略,使得内网、dmz可以访问外网(百度)
  • FW1/FW2配置相应的IPsec VPN让模拟主校区与模拟分校区之间互通,允许互通的网段为172.16.X.X/16
  • 外网模拟ISP使用使用IS-IS路由让其互通
  • 主校区/分校区用户可以通过域名(www.baidu.com)访问外网百度,主校区可以通过域名(www.xyw.com)访问内网web服务器
  • 我们主校区用户的dns服务器就用我们内部的dns服务器,分校区的dns服务器用ISP的dns服务器

四、该网络规划全过程(顺着一步一步走)

1、eth-trunk配置

	HX_SW1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname HX_SW1
[HX_SW1]int eth-trunk 1
[HX_SW1-Eth-Trunk1]mode lacp-static
[HX_SW1-Eth-Trunk1]max active-linknumber 2
[HX_SW1-Eth-Trunk1]trunkport g0/0/24
[HX_SW1-Eth-Trunk1]trunkport g0/0/23
[HX_SW1-Eth-Trunk1]trunkport g0/0/22
[HX_SW1-Eth-Trunk1]lacp preempt enable
[HX_SW1-Eth-Trunk1]lacp preempt delay 10
[HX_SW1-Eth-Trunk1]qui
[HX_SW1]int g0/0/24
[HX_SW1-GigabitEthernet0/0/24]lacp priority 16384
[HX_SW1-GigabitEthernet0/0/24]qui
[HX_SW2]
----------------------------------
	HX_SW2
<Huawei>sys
[Huawei]un in en
[Huawei]sysname HX_SW2
[HX_SW2]int eth-trunk 1
[HX_SW2-Eth-Trunk1]mode lacp-static
[HX_SW2-Eth-Trunk1]max active-linknumber 2
[HX_SW2-Eth-Trunk1]trunkport g0/0/24
[HX_SW2-Eth-Trunk1]trunkport g0/0/23
[HX_SW2-Eth-Trunk1]trunkport g0/0/22
[HX_SW2-Eth-Trunk1]lacp preempt enable
[HX_SW2-Eth-Trunk1]lacp preempt delay 10
[HX_SW2-Eth-Trunk1]qui
[HX_SW2]int g0/0/24
[HX_SW2-GigabitEthernet0/0/24]lacp priority 16384
[HX_SW2-GigabitEthernet0/0/24]qui
[HX_SW2]

2、vlan底层划分

	JR_SW3:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname JR_SW3
[JR_SW3]vlan batch 10 20 100 101 900
[JR_SW3]int g0/0/3
[JR_SW3-GigabitEthernet0/0/3]port link-type access
[JR_SW3-GigabitEthernet0/0/3]port default vlan 10
[JR_SW3-GigabitEthernet0/0/3]int g0/0/4
[JR_SW3-GigabitEthernet0/0/4]port link-type access
[JR_SW3-GigabitEthernet0/0/4]port default vlan 20
[JR_SW3-GigabitEthernet0/0/4]qui
[JR_SW3]int g0/0/5
[JR_SW3-GigabitEthernet0/0/5]port link-type trunk
[JR_SW3-GigabitEthernet0/0/5]port trunk all vlan 100 101
[JR_SW3-GigabitEthernet0/0/5]port trunk pvid vlan 100
[JR_SW3]port-group g g0/0/1 g0/0/2
[JR_SW3-port-group]port link-type trunk
[JR_SW3-GigabitEthernet0/0/1]port link-type trunk
[JR_SW3-GigabitEthernet0/0/2]port link-type trunk
[JR_SW3-port-group]port trunk  allow-pass vlan 10 20 100 101 900
[JR_SW3-GigabitEthernet0/0/1]port trunk  allow-pass vlan 10 20 100 101 900
[JR_SW3-GigabitEthernet0/0/2]port trunk  allow-pass vlan 10 20 100 101 900
[JR_SW3-port-group]qui
[JR_SW3]
-------------------------------------
	JR_SW4:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname JR_SW4
[JR_SW4]vlan batch 30 40 100 102 900
[JR_SW4]int g0/0/3
[JR_SW4-GigabitEthernet0/0/3]port link-type access
[JR_SW4-GigabitEthernet0/0/3]port default vlan 30
[JR_SW4-GigabitEthernet0/0/3]int g0/0/4
[JR_SW4-GigabitEthernet0/0/4]port link-type access
[JR_SW4-GigabitEthernet0/0/4]port default vlan 40
[JR_SW4-GigabitEthernet0/0/4]qui
[JR_SW4]int g0/0/5
[JR_SW4-GigabitEthernet0/0/5]port link-type trunk
[JR_SW4-GigabitEthernet0/0/5]port trunk pvid vlan 100
[JR_SW4-GigabitEthernet0/0/5]port trunk allow-pass vlan 100 102
[JR_SW4-GigabitEthernet0/0/5]qui
[JR_SW4]port-group g g0/0/1 g0/0/2
[JR_SW4-port-group]port link-type trunk
[JR_SW4-GigabitEthernet0/0/1]port link-type trunk
[JR_SW4-GigabitEthernet0/0/2]port link-type trunk
[JR_SW4-port-group]port trunk  allow-pass vlan 30 40 100 102 900
[JR_SW4-GigabitEthernet0/0/1]port trunk  allow-pass vlan 30 40 100 102 900
[JR_SW4-GigabitEthernet0/0/2]port trunk  allow-pass vlan 30 40 100 102 900
[JR_SW4-port-group]qui
[JR_SW4]
------------------------------------
	JR_SW5:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname JR_SW5
[JR_SW5]vlan batch 50 100 103 900
[JR_SW5]port-group g g0/0/3 g0/0/4
[JR_SW5-port-group]port link-type access
[JR_SW5-GigabitEthernet0/0/3]port link-type access
[JR_SW5-GigabitEthernet0/0/4]port link-type access
[JR_SW5-port-group]port default vlan 50
[JR_SW5-GigabitEthernet0/0/3]port default vlan 50
[JR_SW5-GigabitEthernet0/0/4]port default vlan 50
[JR_SW5-port-group]qui
[JR_SW5]port-group g g0/0/1 g0/0/2
[JR_SW5-port-group]port link-type trunk
[JR_SW5-GigabitEthernet0/0/1]port link-type trunk
[JR_SW5-GigabitEthernet0/0/2]port link-type trunk
[JR_SW5-port-group]port trunk  allow-pass vlan 50 900
[JR_SW5-GigabitEthernet0/0/1]port trunk  allow-pass vlan 50 100 103 900
[JR_SW5-GigabitEthernet0/0/2]port trunk  allow-pass vlan 50 100 103 900
[JR_SW5-port-group]qui
[JR_SW5]int g0/0/5
[JR_SW5-GigabitEthernet0/0/5]port link-type trunk
[JR_SW5-GigabitEthernet0/0/5]port trunk pvid vlan 100
[JR_SW5-GigabitEthernet0/0/5]port trunk allow-pass vlan 100 103
[JR_SW5-GigabitEthernet0/0/5]qui
[JR_SW5]
--------------------------------
	JR_SW6:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname JR_SW6
[JR_SW6]vlan batch 200 900
[JR_SW6]port-group g g0/0/1 g0/0/2
[JR_SW6-port-group]port link-type trunk
[JR_SW6-GigabitEthernet0/0/1]port link-type trunk
[JR_SW6-GigabitEthernet0/0/2]port link-type trunk
[JR_SW6-port-group]port trunk allow-pass vlan 200 900
[JR_SW6-GigabitEthernet0/0/1]port trunk allow-pass vlan 200 900
[JR_SW6-GigabitEthernet0/0/2]port trunk allow-pass vlan 200 900
[JR_SW6-port-group]qui
[JR_SW6]port-group g g0/0/3 g0/0/4
[JR_SW6-port-group]port link-type access
[JR_SW6-GigabitEthernet0/0/3]port link-type access
[JR_SW6-GigabitEthernet0/0/4]port link-type access
[JR_SW6-port-group]port default vlan 200
[JR_SW6-GigabitEthernet0/0/3]port default vlan 200
[JR_SW6-GigabitEthernet0/0/4]port default vlan 200
[JR_SW6-port-group]qui
[JR_SW6]
-----------------------------------------
	HX_SW1:
[HX_SW1]vlan batch 10 11 20 30 40 50 100 101 102 103 200 900
[HX_SW1]int g0/0/1
[HX_SW1-GigabitEthernet0/0/1]port link-type access
[HX_SW1-GigabitEthernet0/0/1]port default vlan 11
[HX_SW1-GigabitEthernet0/0/1]int g0/0/2
[HX_SW1-GigabitEthernet0/0/2]port link-type trunk
[HX_SW1-GigabitEthernet0/0/2]port trunk  allow-pass vlan 200 900
[HX_SW1-GigabitEthernet0/0/2]int g0/0/3
[HX_SW1-GigabitEthernet0/0/3]port link-type trunk
[HX_SW1-GigabitEthernet0/0/3]port trunk  allow-pass vlan 10 20 100 101 900
[HX_SW1-GigabitEthernet0/0/3]int g0/0/4
[HX_SW1-GigabitEthernet0/0/4]port link-type trunk
[HX_SW1-GigabitEthernet0/0/4]port trunk  allow-pass vlan 30 40 100 102 900
[HX_SW1-GigabitEthernet0/0/4]int g0/0/5
[HX_SW1-GigabitEthernet0/0/5]port link-type trunk
[HX_SW1-GigabitEthernet0/0/5]port trunk  allow-pass vlan 50 100 103 900
[HX_SW1-GigabitEthernet0/0/5]int eth-trunk 1
[HX_SW1-Eth-Trunk1]port link-type trunk
[HX_SW1-Eth-Trunk1]port trunk  allow-pass vlan all
[HX_SW1-Eth-Trunk1]qui
[HX_SW1]
--------------------------------------
	HX_SW2:
[HX_SW2]vlan batch 10 12 20 30 40 50 100 101 102 103 200 900
[HX_SW2]int g0/0/1
[HX_SW2-GigabitEthernet0/0/1]port link-type access
[HX_SW2-GigabitEthernet0/0/1]port default vlan 12
[HX_SW2-GigabitEthernet0/0/1]int g0/0/2
[HX_SW2-GigabitEthernet0/0/2]port link-type trunk
[HX_SW2-GigabitEthernet0/0/2]port trunk  allow-pass vlan 200 900
[HX_SW2-GigabitEthernet0/0/2]int g0/0/3
[HX_SW2-GigabitEthernet0/0/3]port link-type trunk
[HX_SW2-GigabitEthernet0/0/3]port trunk  allow-pass vlan 10 20 100 101 900
[HX_SW2-GigabitEthernet0/0/3]int g0/0/4
[HX_SW2-GigabitEthernet0/0/4]port link-type trunk
[HX_SW2-GigabitEthernet0/0/4]port trunk  allow-pass vlan 30 40 100 102 900
[HX_SW2-GigabitEthernet0/0/4]int g0/0/5
[HX_SW2-GigabitEthernet0/0/5]port link-type trunk
[HX_SW2-GigabitEthernet0/0/5]port trunk  allow-pass vlan 50 100 103 900
[HX_SW2-GigabitEthernet0/0/5]int g0/0/6
[HX_SW2-GigabitEthernet0/0/6]port link-type trunk
[HX_SW2-GigabitEthernet0/0/6]port trunk  allow-pass vlan all
[HX_SW2-GigabitEthernet0/0/6]int eth-trunk 1
[HX_SW2-Eth-Trunk1]port link-type trunk
[HX_SW2-Eth-Trunk1]port trunk  allow-pass vlan all
[HX_SW2-Eth-Trunk1]qui
[HX_SW2]

3、MSTP

	HX_SW1:
[HX_SW1]stp region-configuration
[HX_SW1-mst-region]region-name huawei
[HX_SW1-mst-region]revision-level 1
[HX_SW1-mst-region]instance 1 vlan 10 20 100 101 200
[HX_SW1-mst-region]instance 2 vlan 30 40 50 102 103
[HX_SW1-mst-region]active region-configuration
[HX_SW1-mst-region]qui
[HX_SW1]stp instance 1 root primary
[HX_SW1]stp instance 2 root secondary
---------------------------
	HX_SW2:
[HX_SW2]stp region-configuration
[HX_SW2-mst-region]region-name huawei
[HX_SW2-mst-region]revision-level 1
[HX_SW2-mst-region]instance 1 vlan 10 20 100 101 200
[HX_SW2-mst-region]instance 2 vlan 30 40 50 102 103
[HX_SW2-mst-region]active region-configuration
[HX_SW2-mst-region]qui
[HX_SW2]stp instance 2 root primary
[HX_SW2]stp instance 1 root secondary
----------------------------
	JR_SW3:
[JR_SW3]stp region-configuration
[JR_SW3-mst-region]region-name huawei
[JR_SW3-mst-region]revision-level 1
[JR_SW3-mst-region]instance 1 vlan 10 20 100 101 200
[JR_SW3-mst-region]instance 2 vlan 30 40 50 102 103
[JR_SW3-mst-region]active region-configuration
[JR_SW3-mst-region]qui
[JR_SW3]
----------------------------
	JR_SW4:
[JR_SW4]stp region-configuration
[JR_SW4-mst-region]region-name huawei
[JR_SW4-mst-region]revision-level 1
[JR_SW4-mst-region]instance 1 vlan 10 20 100 101 200
[JR_SW4-mst-region]instance 2 vlan 30 40 50 102 103
[JR_SW4-mst-region]active region-configuration
[JR_SW4-mst-region]qui
[JR_SW4]
---------------------------
	JR_SW5:
[JR_SW5]stp region-configuration
[JR_SW5-mst-region]region-name huawei
[JR_SW5-mst-region]revision-level 1
[JR_SW5-mst-region]instance 1 vlan 10 20 100 101 200
[JR_SW5-mst-region]instance 2 vlan 30 40 50 102 103
[JR_SW5-mst-region]active region-configuration
[JR_SW5-mst-region]qui
[JR_SW5]
--------------------------
	JR_SW6:
[JR_SW6]stp region-configuration
[JR_SW6-mst-region]region-name huawei
[JR_SW6-mst-region]revision-level 1
[JR_SW6-mst-region]instance 1 vlan 10 20 100 101 200
[JR_SW6-mst-region]instance 2 vlan 30 40 50 102 103
[JR_SW6-mst-region]active region-configuration
[JR_SW6-mst-region]qui
[JR_SW6]

4、VRRP

	HX_SW1:
[HX_SW1]int vlan 10
[HX_SW1-Vlanif10]ip add 192.168.10.254 24
[HX_SW1-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.1
[HX_SW1-Vlanif10]vrrp vrid 10 priority 105
[HX_SW1-Vlanif10]vrrp vrid 10 track int g0/0/1
[HX_SW1-Vlanif10]int vlan 20
[HX_SW1-Vlanif20]ip add 192.168.20.254 24
[HX_SW1-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.1
[HX_SW1-Vlanif20]vrrp vrid 20 priority 105
[HX_SW1-Vlanif20]vrrp vrid 20 track int g0/0/1
[HX_SW1-Vlanif20]int vlan 100
[HX_SW1-Vlanif100]ip add 192.168.100.254 24
[HX_SW1-Vlanif100]vrrp vrid 100 virtual-ip 192.168.100.1
[HX_SW1-Vlanif100]vrrp vrid 100 priority 105
[HX_SW1-Vlanif100]vrrp vrid 100 track int g0/0/1
[HX_SW1-Vlanif100]int vlan 101
[HX_SW1-Vlanif101]ip add 192.168.101.254 24
[HX_SW1-Vlanif101]vrrp vrid 101 virtual-ip 192.168.101.1
[HX_SW1-Vlanif101]vrrp vrid 101 priority 105
[HX_SW1-Vlanif101]vrrp vrid 101 track int g0/0/1
[HX_SW1-Vlanif101]int vlan 200
[HX_SW1-Vlanif200]ip add 192.168.200.254 24
[HX_SW1-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1
[HX_SW1-Vlanif200]vrrp vrid 200 priority 105
[HX_SW1-Vlanif200]vrrp vrid 200 track int g0/0/1
[HX_SW1-Vlanif200]int vlan 30
[HX_SW1-Vlanif30]ip add 192.168.30.254 24
[HX_SW1-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.1
[HX_SW1-Vlanif30]int vlan 40
[HX_SW1-Vlanif40]ip add 192.168.40.254 24
[HX_SW1-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.1
[HX_SW1-Vlanif40]int vlan 50
[HX_SW1-Vlanif50]ip add 192.168.50.254 24
[HX_SW1-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.1
[HX_SW1-Vlanif50]int vlan 102
[HX_SW1-Vlanif102]ip add 192.168.102.254 24
[HX_SW1-Vlanif102]vrrp vrid 102 virtual-ip 192.168.102.1
[HX_SW1-Vlanif102]int vlan 103
[HX_SW1-Vlanif103]ip add 192.168.103.254 24
[HX_SW1-Vlanif103]vrrp vrid 103 virtual-ip 192.168.103.1
[HX_SW1-Vlanif103]int vlan 11
[HX_SW1-Vlanif11]ip add 192.168.11.1 24
[HX_SW1-Vlanif11]qui
[HX_SW1]
------------------------------
	HX_SW2:
[HX_SW2]int vlan 10
[HX_SW2-Vlanif10]ip add 192.168.10.253 24
[HX_SW2-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.1
[HX_SW2-Vlanif10]int vlan 20
[HX_SW2-Vlanif20]ip add 192.168.20.253 24
[HX_SW2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.1
[HX_SW2-Vlanif20]int vlan 100
[HX_SW2-Vlanif100]ip add 192.168.100.253 24
[HX_SW2-Vlanif100]vrrp vrid 100 virtual-ip 192.168.100.1
[HX_SW2-Vlanif100]int vlan 101
[HX_SW2-Vlanif101]ip add 192.168.101.253 24
[HX_SW2-Vlanif101]vrrp vrid 101 virtual-ip 192.168.101.1
[HX_SW2-Vlanif101]int vlan 200
[HX_SW2-Vlanif200]ip add 192.168.200.253 24
[HX_SW2-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1
[HX_SW2-Vlanif200]int vlan 30
[HX_SW2-Vlanif30]ip add 192.168.30.253 24
[HX_SW2-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.1
[HX_SW2-Vlanif30]vrrp vrid 30 priority 105
[HX_SW2-Vlanif30]vrrp vrid 30 track int g0/0/1
[HX_SW2-Vlanif30]int vlan 40
[HX_SW2-Vlanif40]ip add 192.168.40.253 24
[HX_SW2-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.1
[HX_SW2-Vlanif40]vrrp vrid 40 priority 105
[HX_SW2-Vlanif40]vrrp vrid 40 track int g0/0/1
[HX_SW2-Vlanif40]int vlan 50
[HX_SW2-Vlanif50]ip add 192.168.50.253 24
[HX_SW2-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.1
[HX_SW2-Vlanif50]vrrp vrid 50 priority 105
[HX_SW2-Vlanif50]vrrp vrid 50 track int g0/0/1
[HX_SW2-Vlanif50]int vlan 102
[HX_SW2-Vlanif102]ip add 192.168.102.253 24
[HX_SW2-Vlanif102]vrrp vrid 102 virtual-ip 192.168.102.1
[HX_SW2-Vlanif102]vrrp vrid 102 priority 105
[HX_SW2-Vlanif102]vrrp vrid 102 track int g0/0/1
[HX_SW2-Vlanif102]int vlan 103
[HX_SW2-Vlanif103]ip add 192.168.103.253 24
[HX_SW2-Vlanif103]vrrp vrid 103 virtual-ip 192.168.103.1
[HX_SW2-Vlanif103]vrrp vrid 103 priority 105
[HX_SW2-Vlanif103]vrrp vrid 103 track int g0/0/1
[HX_SW2-Vlanif103]int vlan 12
[HX_SW2-Vlanif12]ip add 192.168.12.2 24
[HX_SW2-Vlanif12]qui
[HX_SW2]

5、测试PC通网关

/*手动给PC配置IP地址访问网关,如给vlan10下的PC配置
    IP:192.168.10.3
    GW:192.168.10.1  测试访问网关,ping 192.168.10.1通了即可*/

/*手动给PC配置IP地址访问网关,如给vlan30下的PC配置
    IP:192.168.30.7
    GW:192.168.30.1  测试访问网关,ping 192.168.30.1通了即可*/

6、DHCP中继

<Huawei>sys
[Huawei]un in en
[Huawei]sysname DHCP
[DHCP]int g0/0/0
[DHCP-GigabitEthernet0/0/0]ip add 192.168.200.3 24
[DHCP-GigabitEthernet0/0/0]qui
[DHCP]dhcp enable
[DHCP]ip pool vlan10
[DHCP-ip-pool-vlan10]network 192.168.10.0 mask 24
[DHCP-ip-pool-vlan10]gateway-list 192.168.10.1
[DHCP-ip-pool-vlan10]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-vlan10]excluded-ip-address 192.168.10.250 192.168.10.254
[DHCP-ip-pool-vlan10]qui
[DHCP]ip pool vlan20
[DHCP-ip-pool-vlan20]network 192.168.20.0 mask 24
[DHCP-ip-pool-vlan20]gateway-list 192.168.20.1
[DHCP-ip-pool-vlan20]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-vlan20]excluded-ip-address 192.168.20.250 192.168.20.254
[DHCP-ip-pool-vlan20]qui
[DHCP]ip pool vlan30
[DHCP-ip-pool-vlan30]network 192.168.30.0 mask 24
[DHCP-ip-pool-vlan30]gateway-list 192.168.30.1
[DHCP-ip-pool-vlan30]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-vlan30]excluded-ip-address 192.168.30.250 192.168.30.254
[DHCP-ip-pool-vlan30]qui
[DHCP]ip pool vlan40
[DHCP-ip-pool-vlan40]network 192.168.40.0 mask 24
[DHCP-ip-pool-vlan40]gateway-list 192.168.40.1
[DHCP-ip-pool-vlan40]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-vlan40]excluded-ip-address 192.168.40.250 192.168.40.254
[DHCP-ip-pool-vlan40]qui
[DHCP]ip pool vlan50
[DHCP-ip-pool-vlan50]network 192.168.50.0 mask 24
[DHCP-ip-pool-vlan50]gateway-list 192.168.50.1
[DHCP-ip-pool-vlan50]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-vlan50]excluded-ip-address 192.168.50.250 192.168.50.254
[DHCP-ip-pool-vlan50]qui
[DHCP]ip pool ap_pool
[DHCP-ip-pool-ap_pool]network 192.168.100.0 mask 24
[DHCP-ip-pool-ap_pool]gateway-list 192.168.100.1
[DHCP-ip-pool-ap_pool]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-ap_pool]excluded-ip-address 192.168.100.250 192.168.100.254
[DHCP-ip-pool-ap_pool]qui
[DHCP]ip pool hua1
[DHCP-ip-pool-hua1]network 192.168.101.0 mask 24
[DHCP-ip-pool-hua1]gateway-list 192.168.101.1
[DHCP-ip-pool-hua1]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-hua1]excluded-ip-address 192.168.101.250 192.168.101.254
[DHCP-ip-pool-hua1]qui
[DHCP]ip pool hua2
[DHCP-ip-pool-hua2]network 192.168.102.0 mask 24
[DHCP-ip-pool-hua2]gateway-list 192.168.102.1
[DHCP-ip-pool-hua2]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-hua2]excluded-ip-address 192.168.102.250 192.168.102.254
[DHCP-ip-pool-hua2]qui
[DHCP]ip pool hua3
[DHCP-ip-pool-hua3]network 192.168.103.0 mask 24
[DHCP-ip-pool-hua3]gateway-list 192.168.103.1
[DHCP-ip-pool-hua3]dns-list 192.168.200.2 8.8.8.8
[DHCP-ip-pool-hua3]excluded-ip-address 192.168.103.250 192.168.103.254
[DHCP-ip-pool-hua3]qui
[DHCP]int g0/0/0
[DHCP-GigabitEthernet0/0/0]dhcp select global
[DHCP-GigabitEthernet0/0/0]qui
[DHCP]ip route-static 0.0.0.0 0 192.168.200.1
[DHCP]
-----------------------------------
	HX_SW1:
[HX_SW1]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[HX_SW1]int vlan 10
[HX_SW1-Vlanif10]dhcp select relay
[HX_SW1-Vlanif10]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif10]int vlan 20
[HX_SW1-Vlanif20]dhcp select relay
[HX_SW1-Vlanif20]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif20]int vlan 30
[HX_SW1-Vlanif30]dhcp select relay
[HX_SW1-Vlanif30]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif30]int vlan 40
[HX_SW1-Vlanif40]dhcp select relay
[HX_SW1-Vlanif40]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif40]int vlan 50
[HX_SW1-Vlanif50]dhcp select relay
[HX_SW1-Vlanif50]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif50]int vlan 100
[HX_SW1-Vlanif100]dhcp select relay
[HX_SW1-Vlanif100]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif100]int vlan 101
[HX_SW1-Vlanif101]dhcp select relay
[HX_SW1-Vlanif101]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif101]int vlan 102
[HX_SW1-Vlanif102]dhcp select relay
[HX_SW1-Vlanif102]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif102]int vlan 103
[HX_SW1-Vlanif103]dhcp select relay
[HX_SW1-Vlanif103]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif103]qui
[HX_SW1]
----------------------------
	HX_SW2:
[HX_SW2]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[HX_SW2]int vlan 10
[HX_SW2-Vlanif10]dhcp select relay
[HX_SW2-Vlanif10]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif10]int vlan 20
[HX_SW2-Vlanif20]dhcp select relay
[HX_SW2-Vlanif20]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif20]int vlan 30
[HX_SW2-Vlanif30]dhcp select relay
[HX_SW2-Vlanif30]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif30]int vlan 40
[HX_SW2-Vlanif40]dhcp select relay
[HX_SW2-Vlanif40]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif40]int vlan 50
[HX_SW2-Vlanif50]dhcp select relay
[HX_SW2-Vlanif50]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif50]int vlan 100
[HX_SW2-Vlanif100]dhcp select relay
[HX_SW2-Vlanif100]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif100]int vlan 101
[HX_SW2-Vlanif101]dhcp select relay
[HX_SW2-Vlanif101]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif101]int vlan 102
[HX_SW2-Vlanif102]dhcp select relay
[HX_SW2-Vlanif102]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif102]int vlan 103
[HX_SW2-Vlanif103]dhcp select relay
[HX_SW2-Vlanif103]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif103]qui
[HX_SW2]
-------------------------------------
	PC://目的只是模拟PC用于管理或测试telnet使用
<Huawei>sys
[Huawei]un in en
[Huawei]sysname PC
[PC]dhcp en
[PC]int g0/0/0
[PC-GigabitEthernet0/0/0]ip add dhcp-alloc 
[PC-GigabitEthernet0/0/0]qui
[PC]qui
<PC>sa

7、无线WLAN

<AC6605>sys
[AC6605]un in en
[AC6605]sysname AC1
[AC1]vlan 100
[AC1-vlan100]int vlan 100
[AC1-Vlanif100]ip add 192.168.100.100 24
[AC1-Vlanif100]qui
[AC1]int g0/0/1
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC1-GigabitEthernet0/0/1]qui
[AC1]ip route-static 0.0.0.0 0.0.0.0 192.168.100.253
[AC1]capwap source interface vlanif100
[AC1]wlan
[AC1-wlan-view]ssid-profile name SSID_PRO
[AC1-wlan-ssid-prof-SSID_PRO]ssid huawei
[AC1-wlan-ssid-prof-SSID_PRO]qui
[AC1-wlan-view]security-profile name SEC_PRO
[AC1-wlan-sec-prof-SEC_PRO]security wpa2 psk pass-phrase huawei@123 aes
[AC1-wlan-sec-prof-SEC_PRO]qui
[AC1-wlan-view]vap-profile name VAP1_PRO
[AC1-wlan-vap-prof-VAP1_PRO]ssid-profile SSID_PRO
[AC1-wlan-vap-prof-VAP1_PRO]security-profile SEC_PRO
[AC1-wlan-vap-prof-VAP1_PRO]service-vlan vlan-id 101
[AC1-wlan-vap-prof-VAP1_PRO]qui
[AC1-wlan-view]vap-profile name VAP2_PRO
[AC1-wlan-vap-prof-VAP2_PRO]ssid-profile SSID_PRO
[AC1-wlan-vap-prof-VAP2_PRO]security-profile SEC_PRO
[AC1-wlan-vap-prof-VAP2_PRO]service-vlan vlan-id 102
[AC1-wlan-vap-prof-VAP2_PRO]qui
[AC1-wlan-view]vap-profile name VAP3_PRO
[AC1-wlan-vap-prof-VAP3_PRO]ssid-profile SSID_PRO
[AC1-wlan-vap-prof-VAP3_PRO]security-profile SEC_PRO
[AC1-wlan-vap-prof-VAP3_PRO]service-vlan vlan-id 103
[AC1-wlan-vap-prof-VAP3_PRO]qui
[AC1-wlan-view]vap-profile name VAP4_PRO
[AC1-wlan-vap-prof-VAP4_PRO]ssid-profile SSID_PRO
[AC1-wlan-vap-prof-VAP4_PRO]security-profile SEC_PRO
[AC1-wlan-vap-prof-VAP4_PRO]service-vlan vlan-id 104
[AC1-wlan-vap-prof-VAP4_PRO]qui
[AC1-wlan-view]ap-id 1 ap-mac 00e0-fc41-4590
[AC1-wlan-ap-1]ap-id 2 ap-mac 00e0-fc63-1250
[AC1-wlan-ap-2]ap-id 3 ap-mac 00e0-fc1f-8060
[AC1-wlan-ap-3]ap-id 4 ap-mac 00e0-fc1f-76d0
[AC1-wlan-ap-4]qui
[AC1-wlan-view]ap-id 1
[AC1-wlan-ap-1]ap-name AREA_1
[AC1-wlan-ap-1]vap-profile VAP1_PRO wlan 1 radio 0
[AC1-wlan-ap-1]vap-profile VAP1_PRO wlan 1 radio 1
[AC1-wlan-ap-1]qui
[AC1-wlan-view]ap-id 2
[AC1-wlan-ap-2]ap-name AREA_2
[AC1-wlan-ap-2]vap-profile VAP2_PRO wlan 1 radio 0
[AC1-wlan-ap-2]vap-profile VAP2_PRO wlan 1 radio 1
[AC1-wlan-ap-2]qui
[AC1-wlan-view]ap-id 3
[AC1-wlan-ap-3]ap-name AREA_3
[AC1-wlan-ap-3]vap-profile VAP3_PRO wlan 1 radio 0
[AC1-wlan-ap-3]vap-profile VAP3_PRO wlan 1 radio 1
[AC1-wlan-ap-3]qui
[AC1-wlan-view]ap-id 4
[AC1-wlan-ap-4]ap-name AREA_4
[AC1-wlan-ap-4]vap-profile VAP4_PRO wlan 1 radio 0
[AC1-wlan-ap-4]vap-profile VAP4_PRO wlan 1 radio 1
[AC1-wlan-ap-4]qui
[AC1-wlan-view]qui
[AC1]qui
<AC1>sa

8、防火墙FW1配置

<USG6000V1>sys
[USG6000V1]un in en
[USG6000V1]sysname FW1
[FW1]int g1/0/1
[FW1-GigabitEthernet1/0/1]ip add 192.168.11.22 24
[FW1-GigabitEthernet1/0/1]service-manage all permit
[FW1-GigabitEthernet1/0/1]int g1/0/2
[FW1-GigabitEthernet1/0/2]ip add 192.168.12.22 24
[FW1-GigabitEthernet1/0/2]service-manage all permit
[FW1-GigabitEthernet1/0/2]int g1/0/0
[FW1-GigabitEthernet1/0/0]ip add 192.168.111.22 24
[FW1-GigabitEthernet1/0/0]service-manage all permit
[FW1-GigabitEthernet1/0/0]int g1/0/3
[FW1-GigabitEthernet1/0/3]ip add 10.1.122.22 24
[FW1-GigabitEthernet1/0/3]service-manage all permit
[FW1-GigabitEthernet1/0/3]int g1/0/4
[FW1-GigabitEthernet1/0/4]ip add 10.1.22.22 24
[FW1-GigabitEthernet1/0/4]service-manage all permit
[FW1-GigabitEthernet1/0/4]qui
[FW1]firewall zone trust
[FW1-zone-trust]add int g1/0/1
[FW1-zone-trust]add int g1/0/2
[FW1-zone-trust]qui
[FW1]firewall zone dmz
[FW1-zone-dmz]add int g1/0/0
[FW1-zone-dmz]qui
[FW1]firewall zone untrust
[FW1-zone-untrust]add int g1/0/3
[FW1-zone-untrust]add int g1/0/4
[FW1-zone-untrust]qui
[FW1]icmp ttl-exceeded send
[FW1]

9、OSPF&加认证

	FW1:
[FW1]ospf 1 router-id 10.1.4.4
[FW1-ospf-1]default-route-advertise
[FW1-ospf-1]area 0
[FW1-ospf-1-area-0.0.0.0]net 192.168.11.0 0.0.0.255
[FW1-ospf-1-area-0.0.0.0]net 192.168.12.0 0.0.0.255
[FW1-ospf-1-area-0.0.0.0]authentication-mode md5 1 plain huawei
[FW1-ospf-1-area-0.0.0.0]qui
[FW1-ospf-1]qui
[FW1]
--------------------------------
	HX_SW1:
[HX_SW1]ospf 1 router-id 10.1.5.5
[HX_SW1-ospf-1]area 1
[HX_SW1-ospf-1-area-0.0.0.1]network 192.168.10.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]network 192.168.20.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]network 192.168.30.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]network 192.168.40.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]network 192.168.50.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]network 192.168.100.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]network 192.168.101.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]network 192.168.102.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]network 192.168.103.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.1]qui
[HX_SW1-ospf-1]area 0
[HX_SW1-ospf-1-area-0.0.0.0]network 192.168.11.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]authentication-mode md5 1 plain huawei
[HX_SW1-ospf-1-area-0.0.0.0]qui
[HX_SW1-ospf-1]silent-interface vlan 10
[HX_SW1-ospf-1]silent-interface vlan 20
[HX_SW1-ospf-1]silent-interface vlan 30
[HX_SW1-ospf-1]silent-interface vlan 40
[HX_SW1-ospf-1]silent-interface vlan 50
[HX_SW1-ospf-1]silent-interface vlan 101
[HX_SW1-ospf-1]silent-interface vlan 102
[HX_SW1-ospf-1]silent-interface vlan 103
[HX_SW1-ospf-1]silent-interface vlan 200
[HX_SW1-ospf-1]qui
[HX_SW1]
------------------------------
	HX_SW2:
[HX_SW2]ospf 1 router-id 10.1.6.6
[HX_SW2-ospf-1]area 1
[HX_SW2-ospf-1-area-0.0.0.1]network 192.168.10.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]network 192.168.20.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]network 192.168.30.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]network 192.168.40.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]network 192.168.50.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]network 192.168.100.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]network 192.168.101.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]network 192.168.102.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]network 192.168.103.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.1]qui
[HX_SW2-ospf-1]area 0
[HX_SW2-ospf-1-area-0.0.0.0]network 192.168.12.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]authentication-mode md5 1 plain huawei
[HX_SW2-ospf-1-area-0.0.0.0]qui
[HX_SW2-ospf-1]silent-interface vlan 10
[HX_SW2-ospf-1]silent-interface vlan 20
[HX_SW2-ospf-1]silent-interface vlan 30
[HX_SW2-ospf-1]silent-interface vlan 40
[HX_SW2-ospf-1]silent-interface vlan 50
[HX_SW2-ospf-1]silent-interface vlan 101
[HX_SW2-ospf-1]silent-interface vlan 102
[HX_SW2-ospf-1]silent-interface vlan 103
[HX_SW1-ospf-1]silent-interface vlan 200
[HX_SW2-ospf-1]qui
[HX_SW2]

10、BFD故障检测

	FW1:
[FW1]bfd
[FW1-bfd]qui
[FW1]ospf
[FW1-ospf-1]bfd all-interfaces enable
[FW1-ospf-1]qui
[FW1]
------------------------------
	HX_SW1:
[HX_SW1]bfd
[HX_SW1-bfd]qui
[HX_SW1]int vlan 11
[HX_SW1-Vlanif11]ospf bfd enable
[HX_SW1-Vlanif11]qui
[HX_SW1]
-----------------------------
	HX_SW2:
[HX_SW2]bfd
[HX_SW2-bfd]qui
[HX_SW2]int vlan 12
[HX_SW2-Vlanif12]ospf bfd enable
[HX_SW2-Vlanif12]qui
[HX_SW2]

11、分部/分校DHCP配置

	AR4:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR4
[AR4]dhcp enable
[AR4]int g0/0/1
[AR4-GigabitEthernet0/0/1]ip add 172.16.60.4 24
[AR4-GigabitEthernet0/0/1]dhcp select int
[AR4-GigabitEthernet0/0/1]qui
[AR4]int g0/0/2
[AR4-GigabitEthernet0/0/2]ip add 172.16.48.4 24
[AR4-GigabitEthernet0/0/2]int g0/0/0
[AR4-GigabitEthernet0/0/0]ip add 172.16.134.4 24
[AR4-GigabitEthernet0/0/0]qui
[AR4]

12、端口安全和隔离

	SW7:
<Huawei>sys
[Huawei]un in en
[Huawei]sys SW7
[SW7]p g g0/0/2 g0/0/3
[SW7-port-group]port-security enable
[SW7-GigabitEthernet0/0/2]port-security enable
[SW7-GigabitEthernet0/0/3]port-security enable
[SW7-port-group]port-security mac-add sticky
[SW7-GigabitEthernet0/0/2]port-security mac-add sticky
[SW7-GigabitEthernet0/0/3]port-security mac-add sticky
[SW7-port-group]port-isolate enable
[SW7-GigabitEthernet0/0/2]port-isolate enable
[SW7-GigabitEthernet0/0/3]port-isolate enable
[SW7-port-group]qui
[SW7]dis port-isolate group all
  The ports in isolate group 1:
GigabitEthernet0/0/2     GigabitEthernet0/0/3     
[SW7]

13、分部/分校WLAN部分

	LSW8:
<Huawei>sys
[Huawei]un in en
[Huawei]sys LSW8
[LSW8]vlan batch 100 104 48
[LSW8]int g0/0/1
[LSW8-GigabitEthernet0/0/1]port link acc
[LSW8-GigabitEthernet0/0/1]port default vlan 48
[LSW8-GigabitEthernet0/0/1]int g0/0/2
[LSW8-GigabitEthernet0/0/2]port link trunk
[LSW8-GigabitEthernet0/0/2]port trunk all vlan 100 104
[LSW8-GigabitEthernet0/0/2]port trunk pvid vlan 100
[LSW8-GigabitEthernet0/0/2]qui
[LSW8]dhcp enable
[LSW8]ip pool ap_pool
[LSW8-ip-pool-ap_pool]gateway-list 172.16.100.1
[LSW8-ip-pool-ap_pool]network 172.16.100.0 mask 24 
[LSW8-ip-pool-ap_pool]excluded-ip-address 172.16.100.129 172.16.100.254 
[LSW8-ip-pool-ap_pool]lease unlimited
[LSW8-ip-pool-ap_pool]option 43 sub-option 3 ascii 192.168.100.100
[LSW8-ip-pool-ap_pool]qui
[LSW8]ip pool hua4
[LSW8-ip-pool-hua4]network 172.16.104.0 mask 24
[LSW8-ip-pool-hua4]gateway-list 172.16.104.1
[LSW8-ip-pool-hua4]dns-list 192.168.200.2 8.8.8.8
[LSW8-ip-pool-hua4]excluded-ip-address 172.16.104.250 172.16.104.254
[LSW8-ip-pool-hua4]qui
[LSW8]int vlan 48
[LSW8-Vlanif48]ip add 172.16.48.8 24
[LSW8-Vlanif48]int vlan 100
[LSW8-Vlanif100]ip add 172.16.100.1 24
[LSW8-Vlanif100]dhcp select global
[LSW8-Vlanif100]int vlan 104
[LSW8-Vlanif104]ip add 172.16.104.1 24
[LSW8-Vlanif104]dhcp select global
[LSW8-Vlanif104]qui
[LSW8]
//配置好后等待与总部/主校互通即可放射

14、分部/分校OSPF配置

	FW2:
<USG6000V1>sys
[USG6000V1]un in en
[USG6000V1]sys FW2
[FW2]int g1/0/1
[FW2-GigabitEthernet1/0/1]ip add 10.1.133.33 24
[FW2-GigabitEthernet1/0/1]service-manage all permit
[FW2-GigabitEthernet1/0/1]int g1/0/0
[FW2-GigabitEthernet1/0/0]ip add 172.16.134.33 24
[FW2-GigabitEthernet1/0/0]service-manage all permit
[FW2-GigabitEthernet1/0/2]int g1/0/2
[FW2-GigabitEthernet1/0/2]service-manage all permit
[FW2-GigabitEthernet1/0/2]qui
[FW2]firewall zone trust
[FW2-zone-trust]add int g1/0/0
[FW2-zone-trust]qui
[FW2]firewall zone untrust
[FW2-zone-untrust]add int g1/0/1
[FW2-zone-untrust]add int g1/0/2
[FW2-zone-untrust]qui
[FW2]icmp ttl send
[FW2]ospf
[FW2-ospf-1]default-route-advertise
[FW2-ospf-1]area 0
[FW2-ospf-1-area-0.0.0.0]net 172.16.134.0 0.0.0.255
[FW2-ospf-1-area-0.0.0.0]qui
[FW2-ospf-1]qui
[FW2]
-----------------------------
	AR4:
[AR4]OSPF
[AR4-ospf-1]area 0
[AR4-ospf-1-area-0.0.0.0]net 172.16.0.0 0.0.255.255
[AR4-ospf-1-area-0.0.0.0]qui
[AR4-ospf-1]qui
[AR4]
----------------------------
	LSW8:
[LSW8]ospf
[LSW8-ospf-1]area 0
[LSW8-ospf-1-area-0.0.0.0]net 172.16.0.0 0.0.255.255
[LSW8-ospf-1-area-0.0.0.0]qui
[LSW8-ospf-1]qui
[LSW8]

15、PPPoE拨号

	AR5:
<Huawei>sys
[Huawei]un in en
[Huawei]sys AR5
[AR5]int loo0
[AR5-LoopBack0]ip add 10.1.5.5 32
[AR5-LoopBack0]int g0/0/0
[AR5-GigabitEthernet0/0/0]ip add 10.1.22.5 24
[AR5-GigabitEthernet0/0/0]int g0/0/1
[AR5-GigabitEthernet0/0/1]ip add 10.1.33.5 24
[AR5-GigabitEthernet0/0/1]int g0/0/2
[AR5-GigabitEthernet0/0/2]ip add 10.10.10.9 24
[AR5-GigabitEthernet0/0/1]qui
[AR5]aaa
[AR5-aaa]local-user user password cipher huawei
[AR5-aaa]local-user user service-type ppp
[AR5-aaa]qui
[AR5]int virtual-template1
[AR5-Virtual-Template1]ip add unnumbered int g0/0/1
[AR5-Virtual-Template1]ppp authentication-mode chap
[AR5-Virtual-Template1]remote add 10.1.33.33
[AR5-Virtual-Template1]int g0/0/1
[AR5-GigabitEthernet0/0/1]pppoe-server bind virtual-template 1
[AR5-GigabitEthernet0/0/1]qui
[AR5]ip route-static 0.0.0.0 0 10.1.22.22
----------------------------
	FW2:
[FW2]int Dialer 1
[FW2-Dialer1]ip add ppp-negotiate
[FW2-Dialer1]ppp chap user user
[FW2-Dialer1]ppp chap password cipher huawei
[FW2-Dialer1]dialer user test1
[FW2-Dialer1]dialer bundle 1
[FW2-Dialer1]mtu 1492
[FW2-Dialer1]qui
[FW2]int g1/0/2
[FW2-GigabitEthernet1/0/2]pppoe-client dial-bundle-number 1
[FW2-GigabitEthernet1/0/2]qui
[FW2]firewall zone untrust
[FW2-zone-untrust]add int dialer 1
[FW2-zone-untrust]qui
[FW2]

16、公网互通

	AR1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR1
[AR1]int loo0
[AR1-LoopBack0]ip add 10.1.1.1 32
[AR1-LoopBack0]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip add 10.1.12.1 24
[AR1-GigabitEthernet0/0/1]qui
[AR1]isis 
[AR1-isis-1]net 49.0000.0000.0000.0001.00
[AR1-isis-1]is-level level-2
[AR1-isis-1]qui
[AR1]int loo0
[AR1-LoopBack0]isis en
[AR1-LoopBack0]int g0/0/1
[AR1-GigabitEthernet0/0/1]isis en
[AR1-GigabitEthernet0/0/1]qui
[AR1]
------------------------------
	AR2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR2
[AR2]int loo0
[AR2-LoopBack0]ip add 10.1.2.2 32
[AR2-LoopBack0]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip add 10.1.12.2 24
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]ip add 10.1.23.2 24
[AR2-GigabitEthernet0/0/1]qui
[AR2]isis
[AR2-isis-1]net 49.0000.0000.0000.0002.00
[AR2-isis-1]is-level level-2
[AR2-isis-1]qui
[AR2]int loo0
[AR2-LoopBack0]isis en
[AR2-LoopBack0]int g0/0/0
[AR2-GigabitEthernet0/0/0]isis en
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]isis en
[AR2-GigabitEthernet0/0/1]qui
[AR2]
----------------------------
	AR3:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR3
[AR3]int loo0
[AR3-LoopBack0]ip add 10.1.3.3 32
[AR3-LoopBack0]int g0/0/0
[AR3-GigabitEthernet0/0/0]ip add 10.1.23.3 24
[AR3-GigabitEthernet0/0/0]qui
[AR3]isis
[AR3-isis-1]net 49.0000.0000.0000.0003.00
[AR3-isis-1]is-level level-2
[AR3-isis-1]int loo0
[AR3-LoopBack0]isis en
[AR3-LoopBack0]int g0/0/0
[AR3-GigabitEthernet0/0/0]isis en
[AR3-GigabitEthernet0/0/0]qui
[AR3]

17、BGP建邻居

	AR1:
[AR1]bgp 100
[AR1-bgp]peer 10.1.2.2 as-n 100
[AR1-bgp]peer 10.1.2.2 con loo0
[AR1-bgp]ipv4 unicast
[AR1-bgp-af-ipv4]undo peer 10.1.2.2 en
[AR1-bgp-af-ipv4]qui
[AR1-bgp]ipv4 vpnv4
[AR1-bgp-af-vpnv4]peer 10.1.2.2 en
[AR1-bgp-af-vpnv4]qui
[AR1-bgp]qui
[AR1]
-----------------------
	AR2:
[AR2]bgp 100
[AR2-bgp]peer 10.1.1.1 as-n 100
[AR2-bgp]peer 10.1.1.1 con loo0
[AR2-bgp]peer 10.1.3.3 as-n 100
[AR2-bgp]peer 10.1.3.3 con loo0
[AR2-bgp]ipv4 unicast
[AR2-bgp-af-ipv4]undo peer 10.1.1.1 en
[AR2-bgp-af-ipv4]undo peer 10.1.3.3 en
[AR2-bgp-af-ipv4]qui
[AR2-bgp]ipv4 vpnv4
[AR2-bgp-af-vpnv4]peer 10.1.1.1 en
[AR2-bgp-af-vpnv4]peer 10.1.1.1 reflect-client
[AR2-bgp-af-vpnv4]peer 10.1.3.3 en
[AR2-bgp-af-vpnv4]peer 10.1.3.3 reflect-client
[AR2-bgp-af-vpnv4]undo policy vpn-target
[AR2-bgp-af-vpnv4]qui
[AR2-bgp]qui
[AR2]
---------------------------
	AR3:
[AR3]bgp 100
[AR3-bgp]peer 10.1.2.2 as-n 100
[AR3-bgp]peer 10.1.2.2 con loo0
[AR3-bgp]ipv4 unicast
[AR3-bgp-af-ipv4]undo peer 10.1.2.2 en
[AR3-bgp-af-ipv4]qui
[AR3-bgp]ipv4 vpnv4
[AR3-bgp-af-vpnv4]peer 10.1.2.2 en
[AR3-bgp-af-vpnv4]
[AR3-bgp-af-vpnv4]qui
[AR3-bgp]qui
[AR3]
---------------------------
	FW1:
[FW1]bgp 65430
[FW1-bgp]peer 10.1.122.1 as-n 100
[FW1-bgp]import-route ospf 1
[FW1-bgp]qui
[FW1]ospf 1
[FW1-ospf-1]import-route bgp
[FW1-ospf-1]qui
[FW1]
-------------------------
	FW2:
[FW2]bgp 65000
[FW2-bgp]peer 10.1.133.3 as-n 100
[FW2-bgp]import-route ospf 1
[FW2-bgp]qui
[FW2]ospf 1
[FW2-ospf-1]import-route bgp
[FW2-ospf-1]qui
[FW2]

18、MPLS

[AR1]mpls lsr-id 10.1.1.1
[AR1]mpls
[AR1-mpls]mpls ldp
[AR1-mpls-ldp]qui
[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]mpls
[AR1-GigabitEthernet0/0/1]mpls ldp
[AR1-GigabitEthernet0/0/1]qui
[AR1]
---------------
	AR2:
[AR2]mpls lsr-id 10.1.2.2
[AR2]mpls
[AR2-mpls]mpls ldp
[AR2-mpls-ldp]qui
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]mpls
[AR2-GigabitEthernet0/0/0]mpls ldp
[AR2-GigabitEthernet0/0/0]qui
[AR2]int g0/0/1
[AR2-GigabitEthernet0/0/1]mpls
[AR2-GigabitEthernet0/0/1]mpls ldp
[AR2-GigabitEthernet0/0/1]qui
[AR2]
------------------------
	AR3:
[AR3]mpls lsr-id 10.1.3.3
[AR3]mpls
[AR3-mpls]mpls ldp
[AR3-mpls-ldp]qui
[AR3]int g0/0/0
[AR3-GigabitEthernet0/0/0]mpls
[AR3-GigabitEthernet0/0/0]mpls ldp
[AR3-GigabitEthernet0/0/0]qui
[AR3]

19、VPN实例

	AR1:
[AR1]ip vpn-instance VPN_A
[AR1-vpn-instance-VPN_A]route-distinguisher 100:22
[AR1-vpn-instance-VPN_A-af-ipv4]vpn-target 100:22 export-extcommunity
[AR1-vpn-instance-VPN_A-af-ipv4]vpn-target 100:33 import-extcommunity
[AR1-vpn-instance-VPN_A-af-ipv4]qui
[AR1-vpn-instance-VPN_A]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip binding vpn-instance VPN_A
[AR1-GigabitEthernet0/0/0]ip add 10.1.122.1 24
[AR1-GigabitEthernet0/0/0]qui
[AR1]bgp 100
[AR1-bgp]ipv4 vpn-instance VPN_A
[AR1-bgp-VPN_A]peer 10.1.122.22 as-n 65430
[AR1-bgp-VPN_A]qui
[AR1-bgp]qui
[AR1]
----------------
	AR3:
[AR3]ip vpn-instance VPN_B
[AR3-vpn-instance-VPN_B]route-distinguisher 100:33
[AR3-vpn-instance-VPN_B-af-ipv4]vpn-target 100:33 export-extcommunity
[AR3-vpn-instance-VPN_B-af-ipv4]vpn-target 100:22 import-extcommunity
[AR3-vpn-instance-VPN_B-af-ipv4]qui
[AR3-vpn-instance-VPN_B]int g0/0/1
[AR3-GigabitEthernet0/0/1]ip binding vpn-instance VPN_B
[AR3-GigabitEthernet0/0/1]ip add 10.1.133.3 24
[AR3-GigabitEthernet0/0/1]qui
[AR3]bgp 100
[AR3-bgp]ipv4 vpn-instance VPN_B
[AR3-bgp-VPN_B]peer 10.1.133.33 as-n 65000
[AR3-bgp-VPN_B]qui
[AR3-bgp]qui
[AR3]

20、安全策略

这一部分要不我就先不放在文章中,
配置的设备只有FW1和FW2这里的配
置的技术是这样的,放行相应的安
全策略即可,放行相应的安全策略
这个时候总部/主校区和分支之间
就可以通过MPLSVPN实现互通

这一部分在文章中省了,但是在可以拷贝的
命令笔记和相应的记事本版本的命令都没有省,
一条一条的命令都是有的,也都是全的。

基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)

21、IPSec VPN

这一部分同样要不我就先不放在文章中,
配置的设备只有FW1和FW2,这里的配置
的技术是这样的,这里得和我们的需求
结合一下FW2的对端是FW1,指定相应的
对端地址,但是这FW1的对端是FW2没错,
但是这里没有对端地址,配置完相应的
IPsec之后在放行相应的安全策略即可。

这一部分在文章中省了,但是在可以拷贝的
命令笔记和相应的记事本版本的命令都没有省,
一条一条的命令都是有的,也都是全的。

基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)

22、DHCP snooping

[SW7]vlan batch 60
[SW7]p g g0/0/1 g0/0/2 g0/0/3
[SW7-port-group]port link-type acc
[SW7-GigabitEthernet0/0/1]port link-type acc
[SW7-GigabitEthernet0/0/2]port link-type acc
[SW7-GigabitEthernet0/0/3]port link-type acc
[SW7-port-group]port default vlan 60
[SW7-GigabitEthernet0/0/1]port default vlan 60
[SW7-GigabitEthernet0/0/2]port default vlan 60
[SW7-GigabitEthernet0/0/3]port default vlan 60
[SW7-port-group]qui
[SW7]dhcp en
[SW7]dhcp snooping en
[SW7]vlan 60
[SW7-vlan60]dhcp snooping enable
[SW7-vlan60]dhcp snooping check dhcp-chaddr enable
[SW7-vlan60]qui
[SW7]dhcp snooping user-bind autosave flash:/back.tbl
[SW7]int g0/0/1
[SW7-GigabitEthernet0/0/1]dhcp snooping trusted
[SW7-GigabitEthernet0/0/1]qui
[SW7]

23、NQA配置

[FW1]nqa test-instance ceshi icmp
[FW1-nqa-ceshi-icmp]test-type icmp
[FW1-nqa-ceshi-icmp]destination-add ipv4 10.1.5.5
[FW1-nqa-ceshi-icmp]frequency 15
[FW1-nqa-ceshi-icmp]timeout 2
[FW1-nqa-ceshi-icmp]records history 3
[FW1-nqa-ceshi-icmp]records result 1
[FW1-nqa-ceshi-icmp]start now
[FW1-nqa-ceshi-icmp]qui
[FW1]ip route-static 10.1.5.5 32 10.1.22.5
[FW1]ip route-static 0.0.0.0 0 10.1.22.5 track nqa cshi icmp

24、NAT配置

这一部分同样要不我就先不放在文章中,配置
的设备只有FW1和FW2,只需配置相应
的NAT策略即可

这一部分在文章中省了,但是在可以拷贝的
命令笔记和相应的记事本版本的命令都没有省,
一条一条的命令都是有的,也都是全的。

25、NATserver

[FW1]nat server protocol tcp global 100.100.100.100 80 inside 192.168.111.10 80
[FW1]sec
[FW1-policy-security]rule name out_to_dmz
[FW1-policy-security-rule-out_to_dmz]source-zone untrust
[FW1-policy-security-rule-out_to_dmz]destination-zone dmz
[FW1-policy-security-rule-out_to_dmz]destination-address 192.168.111.10 32
[FW1-policy-security-rule-out_to_dmz]action permit
[FW1-policy-security-rule-out_to_dmz]qui
[FW1-policy-security]

26、telnet

<HX_SW1>sy
[HX_SW1]aaa
[HX_SW1-aaa]local-user huawei privilege level 3 password cipher 5555
[HX_SW1-aaa]local-user huawei service-type telnet
[HX_SW1-aaa]qui
[HX_SW1]user-interface vty 0 4
[HX_SW1-ui-vty0-4]authentication-mode aaa
[HX_SW1-ui-vty0-4]protocol inbound telnet
[HX_SW1-ui-vty0-4]qui
[HX_SW1]int vlanif 900
[HX_SW1-Vlanif900]ip add 192.168.255.254 24
[HX_SW1-Vlanif900]vrrp vrid 255 virtual-ip 192.168.255.1
[HX_SW1-Vlanif900]qui
[HX_SW1]qui
-------------------------------------------
	HX_SW2:
[HX_SW2]aaa
[HX_SW2-aaa]local-user huawei privilege level 3 password cipher 5555
[HX_SW2-aaa]local-user huawei service-type telnet
[HX_SW2-aaa]qui
[HX_SW2]user-interface vty 0 4
[HX_SW2-ui-vty0-4]authentication-mode aaa
[HX_SW2-ui-vty0-4]protocol inbound telnet
[HX_SW2-ui-vty0-4]qui
[HX_SW2]int vlanif 900
[HX_SW2-Vlanif900]ip add 192.168.255.253 24
[HX_SW2-Vlanif900]vrrp vrid 255 virtual-ip 192.168.255.1
[HX_SW2-Vlanif900]qui
[HX_SW2]qui
-------------------------------------------
	JR_SW3:
[JR_SW3]aaa
[JR_SW3-aaa]local-user huawei privilege level 3 password cipher 5555
[JR_SW3-aaa]local-user huawei service-type telnet
[JR_SW3-aaa]qui
[JR_SW3]user-interface vty 0 4
[JR_SW3-ui-vty0-4]authentication-mode aaa
[JR_SW3-ui-vty0-4]protocol inbound telnet
[JR_SW3-ui-vty0-4]qui
[JR_SW3]int vlanif 900
[JR_SW3-Vlanif900]ip add 192.168.255.3 24
[JR_SW3-Vlanif900]qui
[JR_SW3]ip route-static 0.0.0.0 0 192.168.255.1
[JR_SW3]qui
-------------------------------------------
	JR_SW4:
[JR_SW4]aaa
[JR_SW4-aaa]local-user huawei privilege level 3 password cipher 5555
[JR_SW4-aaa]local-user huawei service-type telnet
[JR_SW4-aaa]qui
[JR_SW4]user-interface vty 0 4
[JR_SW4-ui-vty0-4]authentication-mode aaa
[JR_SW4-ui-vty0-4]protocol inbound telnet
[JR_SW4-ui-vty0-4]qui
[JR_SW4]int vlanif 900
[JR_SW4-Vlanif900]ip add 192.168.255.4 24
[JR_SW4-Vlanif900]qui
[JR_SW4]ip route-static 0.0.0.0 0 192.168.255.1
[JR_SW4]qui
-------------------------------------------
	JR_SW5:
[JR_SW5]aaa
[JR_SW5-aaa]local-user huawei privilege level 3 password cipher 5555
[JR_SW5-aaa]local-user huawei service-type telnet
[JR_SW5-aaa]qui
[JR_SW5]user-interface vty 0 4
[JR_SW5-ui-vty0-4]authentication-mode aaa
[JR_SW5-ui-vty0-4]protocol inbound telnet
[JR_SW5-ui-vty0-4]qui
[JR_SW5]int vlanif 900
[JR_SW5-Vlanif900]ip add 192.168.255.5 24
[JR_SW5-Vlanif900]qui
[JR_SW5]ip route-static 0.0.0.0 0 192.168.255.1
[JR_SW5]qui
-------------------------------------------
	JR_SW6:
[JR_SW6]aaa
[JR_SW6-aaa]local-user huawei privilege level 3 password cipher 5555
[JR_SW6-aaa]local-user huawei service-type telnet
[JR_SW6-aaa]qui
[JR_SW6]user-interface vty 0 4
[JR_SW6-ui-vty0-4]authentication-mode aaa
[JR_SW6-ui-vty0-4]protocol inbound telnet
[JR_SW6-ui-vty0-4]qui
[JR_SW6]int vlanif 900
[JR_SW6-Vlanif900]ip add 192.168.255.6 24
[JR_SW6-Vlanif900]qui
[JR_SW6]ip route-static 0.0.0.0 0 192.168.255.1
[JR_SW6]qui

27、ISISv6

	AR1:
[AR1]IPV6
[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]ipv en
[AR1-GigabitEthernet0/0/1]ipv add auto link-local
[AR1-GigabitEthernet0/0/1]qui
[AR1]int loo0
[AR1-LoopBack0]ipv en
[AR1-LoopBack0]ipv add 2001:10:1:1::1/128
[AR1-LoopBack0]qui
[AR1]isis
[AR1-isis-1]ipv6 en top ipv6
[AR1-isis-1]qui
[AR1]int loo0
[AR1-LoopBack0]isis ipv en
[AR1-LoopBack0]int g0/0/1
[AR1-GigabitEthernet0/0/1]isis ipv en
[AR1-GigabitEthernet0/0/1]qui
[AR1]
-------------------------
	AR2:
[AR2]ipv
[AR2]int loo0
[AR2-LoopBack0]ipv en
[AR2-LoopBack0]ipv add 2001:10:1:2::2/128
[AR2-LoopBack0]int g0/0/0
[AR2-GigabitEthernet0/0/0]ipv en
[AR2-GigabitEthernet0/0/0]ipv add auto link-local
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]ipv en
[AR2-GigabitEthernet0/0/1]ipV add auto link-local
[AR2-GigabitEthernet0/0/1]qui
[AR2]isis
[AR2-isis-1]ipv en top ipv6
[AR2-isis-1]qui
[AR2]int loo0
[AR2-LoopBack0]isis ipv en
[AR2-LoopBack0]int g0/0/0
[AR2-GigabitEthernet0/0/0]isis ipv en
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]isis ipv en
[AR2-GigabitEthernet0/0/1]qui
[AR2]
----------------------------
	AR3:
[AR3]IPV6
[AR3]int g0/0/0
[AR3-GigabitEthernet0/0/0]ipv en
[AR3-GigabitEthernet0/0/0]ipv add auto link-local
[AR3-GigabitEthernet0/0/0]int loo0
[AR3-LoopBack0]ipv en
[AR3-LoopBack0]ipv add 2001:10:1:3::3/128
[AR3-LoopBack0]qui
[AR3]isis
[AR3-isis-1]ipv en top ipv6
[AR3-isis-1]qui
[AR3]int loo0
[AR3-LoopBack0]isis ipv en
[AR3-LoopBack0]int g0/0/0
[AR3-GigabitEthernet0/0/0]isis ipv en
[AR3-GigabitEthernet0/0/0]qui
[AR3]

28、OSPFv3

	FW1:
[FW1]ipv6
[FW1]ospfv3 1
[FW1-ospfv3-1]router-id 10.1.22.22
[FW1-ospfv3-1]qui
[FW1]int g1/0/1
[FW1-GigabitEthernet1/0/1]ipv en
[FW1-GigabitEthernet1/0/1]ipv add auto link-local
[FW1-GigabitEthernet1/0/1]ospfv 1 area 0
[FW1-GigabitEthernet1/0/1]int g1/0/2
[FW1-GigabitEthernet1/0/2]ipv en
[FW1-GigabitEthernet1/0/2]ipv add auto link-local
[FW1-GigabitEthernet1/0/2]ospfv 1 area 0
[FW1-GigabitEthernet1/0/2]qui
[FW1]
--------------------------
	LSW1:
[HX_SW1]ipv6
[HX_SW1]int vlan 11
[HX_SW1-Vlanif11]ipv en
[HX_SW1-Vlanif11]ipv add auto link-local
[HX_SW1-Vlanif11]qui
[HX_SW1]int loo0
[HX_SW1-LoopBack0]ipv en
[HX_SW1-LoopBack0]ipv add 2001:192:168:11::11/128
[HX_SW1-LoopBack0]qui
[HX_SW1]ospfv 1
[HX_SW1-ospfv3-1]router-id 10.1.11.11
[HX_SW1-ospfv3-1]qui
[HX_SW1]int vlan 11
[HX_SW1-Vlanif11]ospfv 1 area 0
[HX_SW1-Vlanif11]int loo0
[HX_SW1-LoopBack0]ospfv 1 area 0
[HX_SW1-LoopBack0]qui
[HX_SW1]
-----------------------------
	LSW2:
[HX_SW2]ipv6
[HX_SW2]int vlan 12
[HX_SW2-Vlanif12]ipv en
[HX_SW2-Vlanif12]ipv add auto link-local
[HX_SW2-Vlanif12]int loo0
[HX_SW2-LoopBack0]ipv en
[HX_SW2-LoopBack0]ipv add 2001:192:168:12::12/128
[HX_SW2-LoopBack0]qui
[HX_SW2]ospfv3 1
[HX_SW2-ospfv3-1]router-id 10.1.12.12
[HX_SW2-ospfv3-1]qui
[HX_SW2]int vlan 12
[HX_SW2-Vlanif12]ospfv 1 area 0
[HX_SW2-Vlanif12]int loo0
[HX_SW2-LoopBack0]ospfv 1 area 0
[HX_SW2-LoopBack0]qui
[HX_SW2]
-------------------------
	FW2:
[FW2]ipv
[FW2]int g1/0/0
[FW2-GigabitEthernet1/0/0]ipv en
[FW2-GigabitEthernet1/0/0]ipv add auto link-local
[FW2-GigabitEthernet1/0/0]qui
[FW2]ospfv 1
[FW2-ospfv3-1]router-id 10.1.33.33
[FW2-ospfv3-1]qui
[FW2]int g1/0/0
[FW2-GigabitEthernet1/0/0]ospfv 1 area 0
[FW2-GigabitEthernet1/0/0]qui
[FW2]
-----------------------
	AR4:
[AR4]ospfv 1
[AR4-ospfv3-1]router-id 10.1.55.55
[AR4-ospfv3-1]qui
[AR4]int g0/0/0
[AR4-GigabitEthernet0/0/0]ipv en
[AR4-GigabitEthernet0/0/0]ipv add auto link-local
[AR4-GigabitEthernet0/0/0]ospfv 1 area 0
[AR4-GigabitEthernet0/0/0]qui
[AR4]int g0/0/1
[AR4-GigabitEthernet0/0/1]ipv en
[AR4-GigabitEthernet0/0/1]ipv add 2001:172:16:60::4/64
[AR4-GigabitEthernet0/0/1]ospfv 1 area 0
[AR4-GigabitEthernet0/0/1]qui
[AR4]

29、DHCPv6

[AR4]dhcpv6 pool pool_v6
[AR4-dhcpv6-pool-pool_v6]address prefix 2001:172:16:60::/64
[AR4-dhcpv6-pool-pool_v6]excluded-address 2001:172:16:60::4
[AR4-dhcpv6-pool-pool_v6]dns-server 2001:172:16:60::4
[AR4-dhcpv6-pool-pool_v6]qui
[AR4]int g0/0/1
[AR4-GigabitEthernet0/0/1]ipv nd autoconfig managed-address-flag
[AR4-GigabitEthernet0/0/1]ipv nd autoconfig other-flag
[AR4-GigabitEthernet0/0/1]undo ipv nd ra halt
[AR4-GigabitEthernet0/0/1]dhcpv6 server pool_v6
[AR4-GigabitEthernet0/0/1]qui
[AR4]

30、6to4隧道

[FW1]int loo0
[FW1-LoopBack0]ip add 10.0.22.22 32
[FW1-LoopBack0]qui
[FW1]bgp 65430
[FW1-bgp]network 10.0.22.22 32
[FW1-bgp]qui
[FW1]int t0
[FW1-Tunnel0]tunnel-protocol ipv6-ipv4 6to4
[FW1-Tunnel0]ipv en
[FW1-Tunnel0]ipv add 2002:0a00:1616::22/64
[FW1-Tunnel0]source loo0
[FW1-Tunnel0]service-manage ping permit
[FW1-Tunnel0]qui
[FW1]firewall zone dmz
[FW1-zone-dmz]add int t0
[FW1-zone-dmz]qui
[FW1]sec
[FW1-policy-security]rule name out_to_local
[FW1-policy-security-rule-out_to_local]service protocol 41
[FW1-policy-security-rule-out_to_local]qui
[FW1-policy-security]qui
[FW1]ipv route-static 2002:: 16 t0
[FW1]
--------------------------------
	FW2:
[FW2]int loo0
[FW2-LoopBack0]ip add 10.0.33.33 32
[FW2-LoopBack0]qui
[FW2]bgp 65000
[FW2-bgp]network 10.0.33.33 32
[FW2-bgp]qui
[FW2]int t0
[FW2-Tunnel0]tunnel-protocol ipv6-ipv4 6to4
[FW2-Tunnel0]ipv en
[FW2-Tunnel0]ipv6 add 2002:0a00:2121::33/64
[FW2-Tunnel0]source loo0
[FW2-Tunnel0]service-manage ping permit
[FW2-Tunnel0]qui
[FW2]firewall zone dmz
[FW2-zone-dmz]add int t0
[FW2-zone-dmz]qui
[FW2]sec
[FW2-policy-security]rule name out_to_local
[FW2-policy-security-rule-out_to_local]service protocol 41
[FW2-policy-security-rule-out_to_local]qui
[FW2-policy-security]qui
[FW2]ipv route-static 2002:: 16 t0
[FW2]

31、BGP4+

[FW1]bgp 65430
[FW1-bgp]peer 2002:0a00:2121::33 as-n 65000
[FW1-bgp]ipv6 unicast
[FW1-bgp-af-ipv6]peer 2002:0a00:2121::33 enable
[FW1-bgp-af-ipv6]import-route ospfv3 1
[FW1-bgp-af-ipv6]qui
[FW1-bgp]qui
[FW1]ospfv3 1
[FW1-ospfv3-1]import-route bgp permit-ibgp
[FW1-ospfv3-1]qui
[FW1]sec
[FW1-policy-security]rule name for_ipv6
[FW1-policy-security-rule-for_ipv6]service protocol icmpv6
[FW1-policy-security-rule-for_ipv6]action permit 
--------------------------------
	FW2:
[FW2]bgp 65000
[FW2-bgp]peer 2002:0a00:1616::22 as-n 65430
[FW2-bgp]ipv6 unicast
[FW2-bgp-af-ipv6]peer 2002:0a00:1616::22 enable
[FW2-bgp-af-ipv6]import-route ospv3 1
[FW2-bgp-af-ipv6]qui
[FW2-bgp]qui
[FW2]ospfv3 1
[FW2-ospfv3-1]import-route bgp permit-ibgp
[FW2-ospfv3-1]qui
[FW2]sec
[FW2-policy-security]rule name for_ipv6
[FW2-policy-security-rule-for_ipv6]service protocol icmpv6
[FW2-policy-security-rule-for_ipv6]action permit
[FW2-policy-security-rule-for_ipv6]qui
[FW2-policy-security]qui
[FW2]

五、名片所在地

基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)文章来源地址https://www.toymoban.com/news/detail-429682.html

到了这里,关于基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • 基于eNSP加防火墙的千人中型校园/企业网络规划与设计(一步一步走)

    有什么问题可以在评论区说明自己遇到的情况,博主看到会第一时间回复,希望其他人也可以回复别人的问题, 。 可根据以下所提供的设计与实现步骤过程一步一步自行实现(每一条命令都是关键的命令);但是如果有需要的也可以根据以下地址进行下载完整的topo图和完整

    2024年02月04日
    浏览(57)
  • 企业/校园网络规划设计 ensp企业校园 网络规划设计 网络工程毕业设计 拓扑+一万字论文

    完整文档和网络拓扑私信领取❤❤❤ 完整文档和网络拓扑私信领取❤❤❤ 目录 摘要 引言 第一章   网络设计与原则 1.1网络设计原则 1.2系统设计原则 1.3网络系统设计目标 第二章   需求分析 2.1用户需求 2.2 网络功能需求 2.3 网络拓扑需求 2.4 网络安全需求 第三章   网络规

    2024年03月14日
    浏览(60)
  • 华为ensp模拟校园网/企业网实例--中型企业无线网络的设计

    文章简介:本文做了一个中型企业无线网络的设计,课题重点突出无线网络和高安全性,除了基础的功能要通,还需要实现无线AP,防火墙功能,VLAN技术,ACL访问控制实现过滤,生成树协议,负载分担,NAT技术实现私有网络IP地址转换为公有网络IP地址,无线技术,加密技术。

    2023年04月08日
    浏览(49)
  • 基于ensp校园网络(完整文档+ensp拓扑图)

    大家好,我是小华学长,一名计算机领域的博主。经过多年的学习和实践,我积累了丰富的计算机知识和经验,在这里我想与大家分享我的学习心得和技巧,帮助你成为更好的程序员。 作为一名计算机博主,我一直专注于编程、算法、软件开发等领域,在这些方面积累了大量

    2024年02月04日
    浏览(48)
  • 专科毕业论文《基于ENSP校园网络的设计与规划》

    目    录 摘  要 :VRRP;VLAN;DHCP;防火墙;OSPF协议 第一章 绪论 1.1研究背景 1.2研究目的与意义 1.3论文结构 第二章 校园网络的设计与需求分析 2.1 三层组网结构 2.1.1 组网结构简介 2.1.2 接入层 2.1.3 汇聚层 2.4 用户需求 2.1.4 核心层 2.2 网络服务与冗余设计 2.2.1 三层组网

    2024年02月04日
    浏览(49)
  • 网络工程毕设-----基于华为ensp搭建校园网

    本实验用华为模拟器ensp搭建简单的校园网络,其中用到的技术有动态路由协议OSPF,静态路由配置,HTTP、DNS以及FTP服务器的配置,PNAT端口地址转换协议,MSTP多生成树协议,VLAN划分及配置IP地址划分及配置等! 选取设备型号如下: 1.AR1220 2.S5700 3.S3700 操作步骤如下: Core-SW1

    2024年02月11日
    浏览(41)
  • 基于Cisco packet tracer的双核心多结构企业网/校园网网络设计综合组网配置/作品演示【网络工程毕业设计】

    划分区域:主公司,分公司,外网,服务器,无线 设计技术动态 vlan ,nat,ospf ACL访问控制列表,HSRP备份冗余,服务器配置,动态主机配置协议(DHCP),FTP,email,IPhone,生成树协议(STP),链路聚合。 本视频的配置文件适用于多数毕业设计和课程设计!!! 网络拓扑结构

    2024年02月07日
    浏览(54)
  • 【计算机网络-网络层】IPv4 和 IPv6

    1.1 IP 数据报格式 IP 数据报的格式如下: 首部(发送在前) 数据部分 固定部分(20B)+ 可变部分 数据信息 IP 数据报首部的格式如下: IP 首部 的字段含义如下: 版本(4b) :IP 协议版本,广泛使用的版本号为 4。 首部长度(4b,单位 4B) :可表示的最小十进制为 5,最大十

    2023年04月16日
    浏览(49)
  • IPv4网络用户访问IPv6网络服务器

    NAT64静态映射为一对一的对应关系,通常应用在IPv4网络主动访问IPv6网络的场景中。  要求位于IPv4网络中的PC通过IPv4地址1.1.1.10能够直接访问位于IPv6网络中Server。 操作步骤 配置FW。 # 配置接口GigabitEthernet 0/0/1的IPv4地址。 # 开启IPv6报文转发功能。 # 配置接口GigabitEthernet 0/0/2的

    2024年02月06日
    浏览(49)
  • IPv4 与 IPv6:网络性能和带宽的比较

    网络连接已经成为我们生活中不可或缺的一部分,而IP地址是网络连接中最基本和最重要的部分。IPv4和IPv6是两种常用的IP地址协议,它们之间有着很大的差异。 首先,让我们了解一下IPv4和IPv6的基本概念。 IPv4是互联网上使用最广泛的IP地址协议,它使用32位地址来标识网络中

    2024年02月17日
    浏览(37)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包