作者:BSXY_19计科_陈永跃 BSXY_信息学院_名片v位于结尾处 注:未经允许禁止转发任何内容
前言及资源下载说明( 未经允许禁止转发任何内容 )
有什么问题可以在评论区说明自己遇到的情况,博主看到会第一时间回复,希望其他人也可以回复别人的问题,。
可根据以下所提供的设计与实现步骤过程一步一步自行实现(每一条命令都是关键的命令);但是如果有需要的也可以根据以下地址进行下载完整的topo图和完整的配置进行参考与借鉴,如若拿到topo图可多display查看配置,查看相应的命令,配套资源连接如下:
基于eNSP防火墙千人中型校园(企业)网络规划与设计-ensp综合实验topo图(有线+无线).rar + 所有配置命令(order.txt)+可以拷贝的云笔记命令文档+测试文档1400字和测试截图_资源序号003
模拟器中的防火墙用户名:admin 密码:admin@123
一、设计topo图与设计要求(15个要求)
拓扑图1:
拓扑图2:
设计要求:
01、完成服务器、防火墙、路由器等接口地址的配置
02、配置Eth-Trunk 链路捆绑实现链路冗余
03、企业内部划分多个vlan,减小广播域大小,提高网络的可靠性
04、配置MSTP+VRRP实现流量负载分担,同时实现冗余,并配置相应的stp优化技术stp收敛,减少stp震荡
05、所有用户均为自动获取IP地址
06、配置相应的DHCP snooping隔绝非法DHCP server
07、配置OSPF和静态路由实现三层路由互通
08、防火墙配置安全策略,放行内网区域到dmz区的流量
09、防火墙配置NAT策略和安全策略,使得用户可以访问外网百度
10、防火墙配置服务器映射和安全策略,允许外网用户Client通过公网地址100.100.100.100访问web服务器
11、防火墙配置相应策略,允许外网用户Client通过公网http://100.100.100.100访问登录web服务器
12、用户能够通过域名(www.baidu.com)访问外网百度
13、内部财务服务器只允许vlan 50用户访问
14、LSW1-LSW12交换机都能被telnet(huawei 5555)
15、无线WLAN配置,且业务vlan 101 102也可以通过域名(www.baidu.com)访问外网百度 无线内网互通,无线与有线内部互通
二、相应地址规划表
三、改造前topo无防火墙(插曲:可看可不看)
插曲部分:改造前的冗余型的网络设计,改造前基于eNSP的千人规模 冗余型 中型校园/企业网络设计与规划 如下图所示(但是并不在该篇文章中做详细介绍和说明,如查看可点击连接自行查看阅读):
四、配置步骤与过程(一步一步顺着走)
1、VLAN Trunk配置
HX_SW1:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname HX_SW1
[HX_SW1]int Eth-Trunk 1
[HX_SW1-Eth-Trunk1]mode lacp-static
[HX_SW1-Eth-Trunk1]trunkport g0/0/7
[HX_SW1-Eth-Trunk1]trunkport g0/0/8
[HX_SW1-Eth-Trunk1]q
------------------------------------
HX_SW2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname HX_SW2
[HX_SW2]int Eth-Trunk 1
[HX_SW2-Eth-Trunk1]mode lacp-static
[HX_SW2-Eth-Trunk1]trunkport g0/0/7
[HX_SW2-Eth-Trunk1]trunkport g0/0/8
[HX_SW2-Eth-Trunk1]q
------------------------------------
HJ_SW4:
<Huawei>sy
[Huawei]sysname HJ_SW4
[HJ_SW4]int Eth-Trunk 2
[HJ_SW4-Eth-Trunk2]mode lacp-static
[HJ_SW4-Eth-Trunk2]trunkport g0/0/4
[HJ_SW4-Eth-Trunk2]trunkport g0/0/5
[HJ_SW4-Eth-Trunk2]q
------------------------------------
JR_SW9:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname JR_SW9
[JR_SW9]int Eth-Trunk 2
[JR_SW9-Eth-Trunk2]mode lacp-static
[JR_SW9-Eth-Trunk2]trunkport g0/0/4
[JR_SW9-Eth-Trunk2]trunkport g0/0/5
[JR_SW9-Eth-Trunk2]dis eth-trunk//查看eth-trunk的配置
2、VLAN底层配置
JR_SW6:
<Huawei>SY
[Huawei]un in en
[Huawei]sysname JR_SW6
[JR_SW6]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW6]int g0/0/1
[JR_SW6-GigabitEthernet0/0/1]port link-type trunk
[JR_SW6-GigabitEthernet0/0/1]port trunk allow-pass vlan 20 30 900
[JR_SW6-GigabitEthernet0/0/1]int g0/0/2
[JR_SW6-GigabitEthernet0/0/2]port link-type access
[JR_SW6-GigabitEthernet0/0/2]port default vlan 20
[JR_SW6-GigabitEthernet0/0/2]int g0/0/3
[JR_SW6-GigabitEthernet0/0/3]port link-type access
[JR_SW6-GigabitEthernet0/0/3]port default vlan 30
[JR_SW6-GigabitEthernet0/0/3]
------------------------------------
JR_SW7:
<Huawei>SYS
[Huawei]un in en
[Huawei]sysname JR_SW7
[JR_SW7]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW7]int g0/0/1
[JR_SW7-GigabitEthernet0/0/1]port link-type trunk
[JR_SW7-GigabitEthernet0/0/1]port trunk allow-pass vlan 40 900
[JR_SW7-GigabitEthernet0/0/1]int g0/0/2
[JR_SW7-GigabitEthernet0/0/2]port link-type access
[JR_SW7-GigabitEthernet0/0/2]port default vlan 40
[JR_SW7-GigabitEthernet0/0/2]qui
------------------------------------
HJ_SW3:
<Huawei>system-view
[Huawei]un in en
[Huawei]sysname HJ_SW3
[HJ_SW3]vlan batch 20 30 40 50 60 70 80 200 900
[HJ_SW3]int g0/0/1
[HJ_SW3-GigabitEthernet0/0/1]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 20 30 40 900
[HJ_SW3-GigabitEthernet0/0/1]int g0/0/2
[HJ_SW3-GigabitEthernet0/0/2]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 20 30 40 900
[HJ_SW3-GigabitEthernet0/0/2]int g0/0/3
[HJ_SW3-GigabitEthernet0/0/3]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/3]port trunk allow-pass vlan 20 30 900
[HJ_SW3-GigabitEthernet0/0/3]int g0/0/4
[HJ_SW3-GigabitEthernet0/0/4]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/4]port trunk allow-pass vlan 40 900
------------------------------------
JR_SW8:
<Huawei>SYS
[Huawei]sys
[Huawei]sysname JR_SW8
[JR_SW8]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW8]int g0/0/1
[JR_SW8-GigabitEthernet0/0/1]port link-type trunk
[JR_SW8-GigabitEthernet0/0/1]port trunk allow-pass vlan 50 900
[JR_SW8-GigabitEthernet0/0/1]int g0/0/2
[JR_SW8-GigabitEthernet0/0/2]port link-type access
[JR_SW8-GigabitEthernet0/0/2]port default vlan 50
------------------------------------
JR_SW9:
<JR_SW9>SYS
[JR_SW9]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW9]int g0/0/3
[JR_SW9-GigabitEthernet0/0/3]port link-type access
[JR_SW9-GigabitEthernet0/0/3]port default vlan 60
[JR_SW9-GigabitEthernet0/0/3]qui
[JR_SW9]int Eth-Trunk 2
[JR_SW9-Eth-Trunk2]port link-type trunk
[JR_SW9-Eth-Trunk2]port trunk allow-pass vlan 60 900
[JR_SW9-Eth-Trunk2]qui
------------------------------------
HJ_SW4:
<HJ_SW4>sys
[HJ_SW4]vlan batch 20 30 40 50 60 70 80 200 900
[HJ_SW4]int g0/0/1
[HJ_SW4-GigabitEthernet0/0/1]port link-type trunk
[HJ_SW4-GigabitEthernet0/0/1]port trunk allow-pass vlan 50 60 900
[HJ_SW4-GigabitEthernet0/0/1]int g0/0/2
[HJ_SW4-GigabitEthernet0/0/2]port link-type trunk
[HJ_SW4-GigabitEthernet0/0/2]port trunk allow-pass vlan 50 60 900
[HJ_SW4-GigabitEthernet0/0/2]int g0/0/3
[HJ_SW4-GigabitEthernet0/0/3]port link-type trunk
[HJ_SW4-GigabitEthernet0/0/3]port trunk allow-pass vlan 50 900
[HJ_SW4-GigabitEthernet0/0/3]qui
[HJ_SW4]int Eth-Trunk 2
[HJ_SW4-Eth-Trunk2]port link-type trunk
[HJ_SW4-Eth-Trunk2]port trunk allow-pass vlan 60 900
[HJ_SW4-Eth-Trunk2]qui
[HJ_SW4]
------------------------------------
JR_SW10:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname JR_SW10
[JR_SW10]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW10]int g0/0/1
[JR_SW10-GigabitEthernet0/0/1]port link-type trunk
[JR_SW10-GigabitEthernet0/0/1]port trunk allow-pass vlan 70 900
[JR_SW10-GigabitEthernet0/0/1]int g0/0/2
[JR_SW10-GigabitEthernet0/0/2]port link-type access
[JR_SW10-GigabitEthernet0/0/2]port default vlan 70
[JR_SW10-GigabitEthernet0/0/2]qui
------------------------------------
JR_SW11:
<JR_SW11>sys
[JR_SW11]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW11]int g0/0/1
[JR_SW11-GigabitEthernet0/0/1]port link-type trunk
[JR_SW11-GigabitEthernet0/0/1]port trunk allow-pass vlan 80 900
[JR_SW11-GigabitEthernet0/0/1]int g0/0/2
[JR_SW11-GigabitEthernet0/0/2]port link-type access
[JR_SW11-GigabitEthernet0/0/2]port default vlan 80
[JR_SW11-GigabitEthernet0/0/2]int g0/0/3
[JR_SW11-GigabitEthernet0/0/3]port link-type access
[JR_SW11-GigabitEthernet0/0/3]port default vlan 80
------------------------------------
HJ_SW5:
<Huawei>system-view
[Huawei]un in en
[Huawei]sysname HJ_SW5
[HJ_SW5]vlan batch 20 30 40 50 60 70 80 200 900
[HJ_SW5]int g0/0/1
[HJ_SW5-GigabitEthernet0/0/1]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/1]port trunk allow-pass vlan 70 80 900
[HJ_SW5-GigabitEthernet0/0/1]int g0/0/2
[HJ_SW5-GigabitEthernet0/0/2]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/2]port trunk allow-pass vlan 70 80 900
[HJ_SW5-GigabitEthernet0/0/2]int g0/0/3
[HJ_SW5-GigabitEthernet0/0/3]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/3]port trunk allow-pass vlan 70 900
[HJ_SW5-GigabitEthernet0/0/3]int g0/0/4
[HJ_SW5-GigabitEthernet0/0/4]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/4]port trunk allow-pass vlan 80 900
[HJ_SW5-GigabitEthernet0/0/4]qui
------------------------------------
JR_SW12:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname JR_SW12
[JR_SW12]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW12]int g0/0/1
[JR_SW12-GigabitEthernet0/0/1]port link-type trunk
[JR_SW12-GigabitEthernet0/0/1]port trunk allow-pass vlan 200 900
[JR_SW12-GigabitEthernet0/0/1]int g0/0/2
[JR_SW12-GigabitEthernet0/0/2]port link-type trunk
[JR_SW12-GigabitEthernet0/0/2]port trunk allow-pass vlan 200 900
[JR_SW12-GigabitEthernet0/0/2]int g0/0/3
[JR_SW12-GigabitEthernet0/0/3]port link-type access
[JR_SW12-GigabitEthernet0/0/3]port default vlan 200
[JR_SW12-GigabitEthernet0/0/3]int g0/0/4
[JR_SW12-GigabitEthernet0/0/4]port link-type access
[JR_SW12-GigabitEthernet0/0/4]port default vlan 200
[JR_SW12-GigabitEthernet0/0/4]qui
------------------------------------
XH_SW1:
<HX_SW1>SY
[HX_SW1]vlan batch 20 30 40 50 60 70 80 200 900 10
[HX_SW1]vlan batch 4
[HX_SW1]int g0/0/6
[HX_SW1-GigabitEthernet0/0/6]port link-type trunk
[HX_SW1-GigabitEthernet0/0/6]port trunk allow-pass vlan 200 900
[HX_SW1-GigabitEthernet0/0/6]int g0/0/1
[HX_SW1-GigabitEthernet0/0/1]port link-type access
[HX_SW1-GigabitEthernet0/0/1]port default vlan 10
[HX_SW1-GigabitEthernet0/0/1]int g0/0/2
[HX_SW1-GigabitEthernet0/0/2]port link-type access
[HX_SW1-GigabitEthernet0/0/2]port default vlan 4
[HX_SW1-GigabitEthernet0/0/2]int g0/0/3
[HX_SW1-GigabitEthernet0/0/3]port link-type trunk
[HX_SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 20 30 40 900
[HX_SW1-GigabitEthernet0/0/3]int g0/0/4
[HX_SW1-GigabitEthernet0/0/4]port link-type trunk
[HX_SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 50 60 900
[HX_SW1-GigabitEthernet0/0/4]int g0/0/5
[HX_SW1-GigabitEthernet0/0/5]port link-type trunk
[HX_SW1-GigabitEthernet0/0/5]port trunk allow-pass vlan 70 80 900
[HX_SW1-GigabitEthernet0/0/5]qui
[HX_SW1]int Eth-Trunk 1
[HX_SW1-Eth-Trunk1]port link-type trunk
[HX_SW1-Eth-Trunk1]port trunk allow-pass vlan 20 30 40 50 60 70 80 200 900
[HX_SW1-Eth-Trunk1]dis this
[HX_SW1-Eth-Trunk1]
------------------------------------
HX_SW2:
<HX_SW2>sys
[HX_SW2]vlan batch 20 30 40 50 60 70 80 200 900
[HX_SW2]vlan batch 2 5
[HX_SW2]int g0/0/1
[HX_SW2-GigabitEthernet0/0/1]port link-type access
[HX_SW2-GigabitEthernet0/0/1]port default vlan 2
[HX_SW2-GigabitEthernet0/0/1]int g0/0/2
[HX_SW2-GigabitEthernet0/0/2]port link-type access
[HX_SW2-GigabitEthernet0/0/2]port default vlan 5
[HX_SW2-GigabitEthernet0/0/2]int g0/0/3
[HX_SW2-GigabitEthernet0/0/3]port link-type trunk
[HX_SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 20 30 40 900
[HX_SW2-GigabitEthernet0/0/3]int g0/0/4
[HX_SW2-GigabitEthernet0/0/4]port link-type trunk
[HX_SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 50 60 900
[HX_SW2-GigabitEthernet0/0/4]int g0/0/5
[HX_SW2-GigabitEthernet0/0/5]port link-type trunk
[HX_SW2-GigabitEthernet0/0/5]port trunk allow-pass vlan 70 80 900
[HX_SW2-GigabitEthernet0/0/5]int g0/0/6
[HX_SW2-GigabitEthernet0/0/6]port link-type trunk
[HX_SW2-GigabitEthernet0/0/6]port trunk allow-pass vlan 200 900
[HX_SW2-GigabitEthernet0/0/6]qui
[HX_SW2]int Eth-Trunk 1
[HX_SW2-Eth-Trunk1]port link-type trunk
[HX_SW2-Eth-Trunk1]port trunk allow-pass vlan 20 30 40 50 60 70 80 200 900
[HX_SW2-Eth-Trunk1]dis this
3、MSTP配置
HX_SW1:
<HX_SW1>sy
[HX_SW1]stp region-configuration
[HX_SW1-mst-region]instance 1 vlan 20 30 40 200
[HX_SW1-mst-region]region-name aa
[HX_SW1-mst-region]revision-level 1
[HX_SW1-mst-region]instance 2 vlan 50 60 70 80
[HX_SW1-mst-region]active region-configuration
[HX_SW1-mst-region]dis this
/*#所有汇聚层交换机和服务器组交换机都需要配置以下命令
stp region-configuration
region-name aa
revision-level 1
instance 1 vlan 20 30 40 50 60 200
instance 2 vlan 70 80
active region-configuration
#*/
[HX_SW1-mst-region]qui
[HX_SW1]stp instance 1 root primary
[HX_SW1]stp instance 2 root secondary
[HX_SW1]dis this //查看配置
------------------------------------
HX_SW2:
<HX_SW2>sys
[HX_SW2]stp region-configuration
[HX_SW2-mst-region]region-name aa
[HX_SW2-mst-region]revision-level 1
[HX_SW2-mst-region]instance 1 vlan 20 30 40 200
[HX_SW2-mst-region]instance 2 vlan 50 60 70 80
[HX_SW2-mst-region]active region-configuration
[HX_SW2-mst-region]qui
[HX_SW2]stp instance 2 root primary
[HX_SW2]stp instance 1 root secondary
[HX_SW2]dis this
------------------------------------
JR_SW12:
<JR_SW12>sy
[JR_SW12]stp region-configuration
[JR_SW12-mst-region]region-name aa
[JR_SW12-mst-region]revision-level 1
[JR_SW12-mst-region]instance 1 vlan 20 30 40 200
[JR_SW12-mst-region]instance 2 vlan 50 60 70 80
[JR_SW12-mst-region]active region-configuration
[JR_SW12-mst-region]qui
------------------------------------
HJ_SW3:
[HJ_SW3]stp region-configuration
[HJ_SW3-mst-region]region-name aa
[HJ_SW3-mst-region]revision-level 1
[HJ_SW3-mst-region]instance 1 vlan 20 30 40 200
[HJ_SW3-mst-region]instance 2 vlan 50 60 70 80
[HJ_SW3-mst-region]active region-configuration
[HJ_SW3-mst-region]qui
[HJ_SW3]dis stp br
/* MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
0 GigabitEthernet0/0/2 ALTE DISCARDING NONE
发现这是g0/0/2处于堵塞状态即可
*/
------------------------------------
HJ_SW4:
<HJ_SW4>sy
[HJ_SW4]stp region-configuration
[HJ_SW4-mst-region]region-name aa
[HJ_SW4-mst-region]revision-level 1
[HJ_SW4-mst-region]instance 1 vlan 20 30 40 200
[HJ_SW4-mst-region]instance 2 vlan 50 60 70 80
[HJ_SW4-mst-region]active region-configuration
[HJ_SW4-mst-region]qui
[HJ_SW4]dis stp br
/* MSTID Port Role STP State Protection
2 GigabitEthernet0/0/1 ALTE DISCARDING NONE
2 GigabitEthernet0/0/2 ROOT FORWARDING NONE
此时g0/0/1堵塞即可*/
------------------------------------
HJ_SW5:
[HJ_SW5]stp region-configuration
[HJ_SW5-mst-region] region-name aa
[HJ_SW5-mst-region] revision-level 1
[HJ_SW5-mst-region] instance 1 vlan 20 30 40 200
[HJ_SW5-mst-region] instance 2 vlan 50 60 70 80
[HJ_SW5-mst-region] active region-configuration
[HJ_SW5-mst-region]qui
[HJ_SW5]dis stp br
/*MSTID Port Role STP State Protection
1 GigabitEthernet0/0/2 ALTE DISCARDING NONE
1 GigabitEthernet0/0/1 ROOT FORWARDING NONE
此时g0/0/1堵塞即可*/
4、VRRP网关冗余
HX_SW1:
[HX_SW1]int vlan 20
[HX_SW1-Vlanif20]ip add 192.168.20.254 24
[HX_SW1-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.1
[HX_SW1-Vlanif20]vrrp vrid 20 priority 105
[HX_SW1-Vlanif20]dis this
[HX_SW1-Vlanif20]qui
[HX_SW1]int vlan 30
[HX_SW1-Vlanif30]ip add 192.168.30.254 24
[HX_SW1-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.1
[HX_SW1-Vlanif30]vrrp vrid 30 priority 105
[HX_SW1-Vlanif30]qui
[HX_SW1]int vlan 40
[HX_SW1-Vlanif40]ip add 192.168.40.254 24
[HX_SW1-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.1
[HX_SW1-Vlanif40]vrrp vrid 40 priority 105
[HX_SW1-Vlanif40]int vlan 50
[HX_SW1-Vlanif50]ip add 192.168.50.254 24
[HX_SW1-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.1
[HX_SW1-Vlanif50]int vlan 60
[HX_SW1-Vlanif60]ip add 192.168.60.254 24
[HX_SW1-Vlanif60]vrrp vrid 60 virtual-ip 192.168.60.1
[HX_SW1-Vlanif60]int vlan 200
[HX_SW1-Vlanif200]ip add 192.168.200.254 24
[HX_SW1-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1
[HX_SW1-Vlanif200]vrrp vrid 200 priority 105
[HX_SW1-Vlanif200]int vlan 70
[HX_SW1-Vlanif70]ip add 192.168.70.254 24
[HX_SW1-Vlanif70]vrrp vrid 70 virtual-ip 192.168.70.1
[HX_SW1-Vlanif70]int vlan 80
[HX_SW1-Vlanif80]ip add 192.168.80.254 24
[HX_SW1-Vlanif80]vrrp vrid 80 virtual-ip 192.168.80.1
[HX_SW1-Vlanif80]int vlan 10
[HX_SW1-Vlanif10]ip add 192.168.10.2 24
[HX_SW1-Vlanif10]int vlan 4
[HX_SW1-Vlanif4]ip add 192.168.4.1 24
[HX_SW1-Vlanif4]qui
[HX_SW1]
------------------------------------
HX_SW2
[HX_SW2]int vlan 70
[HX_SW2-Vlanif70]ip add 192.168.70.253 24
[HX_SW2-Vlanif70]vrrp vrid 70 virtual-ip 192.168.70.1
[HX_SW2-Vlanif70]vrrp vrid 70 priority 105
[HX_SW2-Vlanif70]int vlan 80
[HX_SW2-Vlanif80]ip add 192.168.80.253 24
[HX_SW2-Vlanif80]vrrp vrid 80 virtual-ip 192.168.80.1
[HX_SW2-Vlanif80]vrrp vrid 80 priority 105
[HX_SW2-Vlanif80]int vlan 200
[HX_SW2-Vlanif200]ip add 192.168.200.253 24
[HX_SW2-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1
[HX_SW2-Vlanif200]int vlan 20
[HX_SW2-Vlanif20]ip add 192.168.20.253 24
[HX_SW2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.1
[HX_SW2-Vlanif20]int vlan 30
[HX_SW2-Vlanif30]ip add 192.168.30.253 24
[HX_SW2-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.1
[HX_SW2-Vlanif30]int vlan 40
[HX_SW2-Vlanif40]ip add 192.168.40.253 24
[HX_SW2-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.1
[HX_SW2-Vlanif40]int vlan 50
[HX_SW2-Vlanif50]ip add 192.168.50.253 24
[HX_SW2-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.1
[HX_SW2-Vlanif50]vrrp vrid 50 priority 105
[HX_SW2-Vlanif50]int vlan 60
[HX_SW2-Vlanif60]ip add 192.168.60.253 24
[HX_SW2-Vlanif60]vrrp vrid 60 virtual-ip 192.168.60.1
[HX_SW2-Vlanif60]vrrp vrid 60 priority 105
[HX_SW2-Vlanif60]int vlan 2
[HX_SW2-Vlanif2]ip add 192.168.2.2 24
[HX_SW2-Vlanif2]int vlan 5
[HX_SW2-Vlanif5]ip add 192.168.5.1 24
[HX_SW2-Vlanif5]qui
5、验证VRRP网关冗余
[HX_SW1]dis vrrp br
VRID State Interface Type Virtual IP
----------------------------------------------------------------
20 Master Vlanif20 Normal 192.168.20.1
30 Master Vlanif30 Normal 192.168.30.1
40 Master Vlanif40 Normal 192.168.40.1
50 Backup Vlanif50 Normal 192.168.50.1
60 Backup Vlanif60 Normal 192.168.60.1
70 Backup Vlanif70 Normal 192.168.70.1
80 Backup Vlanif80 Normal 192.168.80.1
200 Master Vlanif200 Normal 192.168.200.1
[HX_SW1]
------------------------------------
<HX_SW2>dis vrrp br
VRID State Interface Type Virtual IP
----------------------------------------------------------------
20 Backup Vlanif20 Normal 192.168.20.1
30 Backup Vlanif30 Normal 192.168.30.1
40 Backup Vlanif40 Normal 192.168.40.1
50 Master Vlanif50 Normal 192.168.50.1
60 Master Vlanif60 Normal 192.168.60.1
70 Master Vlanif70 Normal 192.168.70.1
80 Master Vlanif80 Normal 192.168.80.1
200 Backup Vlanif200 Normal 192.168.200.1
<HX_SW2>
6、测试PC通网关
/*手动给PC配置IP地址访问网关,如给vlan3下的PC配置
IP:192.168.30.3
GW:192.168.30.1 测试访问网关,ping 192.168.30.1通了即可*/
/*手动给PC配置IP地址访问网关,如给vlan3下的PC配置
IP:192.168.70.7
GW:192.168.70.1 测试访问网关,ping 192.168.70.1通了即可*/
7、vrrp接口故障追踪
[HX_SW1]int vlan 20
[HX_SW1-Vlanif20]vrrp vrid 20 track interface g0/0/1
[HX_SW1-Vlanif20]vrrp vrid 20 track interface g0/0/2
[HX_SW1-Vlanif20]int vlan 30
[HX_SW1-Vlanif30]vrrp vrid 30 track interface g0/0/1
[HX_SW1-Vlanif30]vrrp vrid 30 track interface g0/0/2
[HX_SW1-Vlanif30]int vlan 40
[HX_SW1-Vlanif40]vrrp vrid 40 track interface g0/0/1
[HX_SW1-Vlanif40]vrrp vrid 40 track interface g0/0/2
[HX_SW1-Vlanif80]int vlan 200
[HX_SW1-Vlanif200]vrrp vrid 200 track interface g0/0/1
[HX_SW1-Vlanif200]vrrp vrid 200 track interface g0/0/2
[HX_SW1-Vlanif200]dis this
------------------------------------
HX_SW2:
int vlan 50
vrrp vrid 50 track interface g0/0/1
vrrp vrid 50 track interface g0/0/2
int vlan 60
vrrp vrid 60 track interface g0/0/1
vrrp vrid 60 track interface g0/0/2
int vlan 70
vrrp vrid 70 track interface g0/0/1
vrrp vrid 70 track interface g0/0/2
int vlan 80
vrrp vrid 80 track interface g0/0/1
vrrp vrid 80 track interface g0/0/2
[HX_SW1-Vlanif80]dis this
8、DHCP中继
DHCP:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname DHCP
[DHCP]dhcp enable
[DHCP]ip pool vlan20
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan20]network 192.168.20.0 mask 24
[DHCP-ip-pool-vlan20]gateway-list 192.168.20.1
[DHCP-ip-pool-vlan20]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan20]excluded-ip-address 192.168.20.250 192.168.20.254
[DHCP-ip-pool-vlan20]q
[DHCP]ip pool vlan30
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan30]gateway-list 192.168.30.1
[DHCP-ip-pool-vlan30]network 192.168.30.0 mask 255.255.255.0
[DHCP-ip-pool-vlan30]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan30]excluded-ip-address 192.168.30.250 192.168.30.254
[DHCP-ip-pool-vlan30]q
[DHCP]ip pool vlan40
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan40]gateway-list 192.168.40.1
[DHCP-ip-pool-vlan40]network 192.168.40.0 mask 255.255.255.0
[DHCP-ip-pool-vlan40]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan40]excluded-ip-address 192.168.40.250 192.168.40.254
[DHCP-ip-pool-vlan40]q
[DHCP]ip pool vlan50
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan50]gateway-list 192.168.50.1
[DHCP-ip-pool-vlan50]network 192.168.50.0 mask 255.255.255.0
[DHCP-ip-pool-vlan50]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan50]excluded-ip-address 192.168.50.250 192.168.50.254
[DHCP-ip-pool-vlan50]q
[DHCP]ip pool vlan60
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan60]network 192.168.60.0 mask 24
[DHCP-ip-pool-vlan60]gateway-list 192.168.60.1
[DHCP-ip-pool-vlan60]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan60]excluded-ip-address 192.168.60.250 192.168.60.254
[DHCP-ip-pool-vlan60]q
[DHCP]ip pool vlan70
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan70]gateway-list 192.168.70.1
[DHCP-ip-pool-vlan70]network 192.168.70.0 mask 255.255.255.0
[DHCP-ip-pool-vlan70]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan70]excluded-ip-address 192.168.70.250 192.168.70.254
[DHCP-ip-pool-vlan70]q
[DHCP]ip pool vlan80
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan80]gateway-list 192.168.80.1
[DHCP-ip-pool-vlan80]network 192.168.80.0 mask 255.255.255.0
[DHCP-ip-pool-vlan80]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan80]excluded-ip-address 192.168.80.250 192.168.80.254
[DHCP-ip-pool-vlan80]q
[DHCP]int g0/0/0
[DHCP-GigabitEthernet0/0/0]ip add 192.168.200.3 24
[DHCP-GigabitEthernet0/0/0]dhcp select global
[DHCP-GigabitEthernet0/0/0]qui
[DHCP]ip route-static 0.0.0.0 0 192.168.200.1
------------------------------------
HX_SW1:
<HX_SW1>sy
[HX_SW1]dhcp enable
[HX_SW1]int vlanif20
[HX_SW1-Vlanif20]dhcp select relay
[HX_SW1-Vlanif20]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif20]int vlanif30
[HX_SW1-Vlanif30]dhcp select relay
[HX_SW1-Vlanif30]dhcp select relay
[HX_SW1-Vlanif30]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif30]int vlanif40
[HX_SW1-Vlanif40]dhcp select relay
[HX_SW1-Vlanif40]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif40]int vlanif50
[HX_SW1-Vlanif50]dhcp select relay
[HX_SW1-Vlanif50]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif50]int vlanif60
[HX_SW1-Vlanif60]dhcp select relay
[HX_SW1-Vlanif60]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif60]int vlanif70
[HX_SW1-Vlanif70]dhcp select relay
[HX_SW1-Vlanif70]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif70]int vlanif80
[HX_SW1-Vlanif80]dhcp select relay
[HX_SW1-Vlanif80]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif80]qui
[HX_SW1]
------------------------------------
HX_SW2:
<HX_SW2>SYS
[HX_SW2]dhcp enable
[HX_SW2]int vlanif20
[HX_SW2-Vlanif20]dhcp select relay
[HX_SW2-Vlanif20]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif20]dis this
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.1
vrrp vrid 20 priority 105
vrrp vrid 20 track interface GigabitEthernet0/0/1
vrrp vrid 20 track interface GigabitEthernet0/0/2
dhcp select relay
dhcp relay server-ip 192.168.200.3
#
return
[HX_SW2-Vlanif20]int vlanif30
[HX_SW2-Vlanif30]dhcp select relay
[HX_SW2-Vlanif30]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif30]int vlanif40
[HX_SW2-Vlanif40]dhcp select relay
[HX_SW2-Vlanif40]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif40]int vlanif50
[HX_SW2-Vlanif50]dhcp select relay
[HX_SW2-Vlanif50]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif50]int vlanif60
[HX_SW2-Vlanif60]dhcp select relay
[HX_SW2-Vlanif60]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif60]int vlanif70
[HX_SW2-Vlanif70]dhcp select relay
[HX_SW2-Vlanif70]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif70]int vlanif80
[HX_SW2-Vlanif80]dhcp select relay
[HX_SW2-Vlanif80]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif80]
此时用户就可以dhcp自动获取相应的地址了
9、核心层路由器地址配置
R1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.6.1 24
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 192.168.10.1 24
[R1-GigabitEthernet0/0/1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip add 192.168.2.1 24
[R1-GigabitEthernet0/0/2]int g4/0/0
[R1-GigabitEthernet4/0/0]ip add 192.168.3.1 24
[R1-GigabitEthernet4/0/0]qui
[R1]
------------------------------------
R2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 192.168.7.1 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 192.168.4.2 24
[R2-GigabitEthernet0/0/1]int g0/0/2
[R2-GigabitEthernet0/0/2]ip add 192.168.5.2 24
[R2-GigabitEthernet0/0/2]int g4/0/0
[R2-GigabitEthernet4/0/0]ip add 192.168.3.2 24
[R2-GigabitEthernet4/0/0]qui
[R2]
10、防火墙基本配置
IP地址配置和区域划分
<USG6000V1>sys
[USG6000V1]un in en
[USG6000V1]sysname FW
[FW]int g1/0/0
[FW-GigabitEthernet1/0/0]ip add 192.168.8.1 30
[FW-GigabitEthernet1/0/0]service-manage all permit
[FW-GigabitEthernet1/0/0]int g1/0/1
[FW-GigabitEthernet1/0/1]ip add 192.168.6.2 24
[FW-GigabitEthernet1/0/1]service-manage all permit
[FW-GigabitEthernet1/0/1]int g1/0/2
[FW-GigabitEthernet1/0/2]ip add 192.168.7.2 24
[FW-GigabitEthernet1/0/2]service-manage all permit
[FW-GigabitEthernet1/0/2]int g1/0/3
[FW-GigabitEthernet1/0/3]ip add 192.168.111.1 24
[FW-GigabitEthernet1/0/3]service-manage all permit
[FW-GigabitEthernet1/0/3]quit
[FW]firewall zone untrust
[FW-zone-untrust]add int g1/0/0
[FW-zone-untrust]qui
[FW]firewall zone dmz
[FW-zone-dmz]add int g1/0/3
[FW-zone-dmz]quit
[FW]firewall zone trust
[FW-zone-trust]add int g1/0/1
[FW-zone-trust]add int g1/0/2
[FW-zone-trust]qui
11、OSPF配置
HX_SW1:
[HX_SW1]ospf 1
[HX_SW1-ospf-1]silent-interface vlan 20
[HX_SW1-ospf-1]silent-interface vlan 30
[HX_SW1-ospf-1]silent-interface vlan 40
[HX_SW1-ospf-1]silent-interface vlan 50
[HX_SW1-ospf-1]silent-interface vlan 60
[HX_SW1-ospf-1]silent-interface vlan 70
[HX_SW1-ospf-1]silent-interface vlan 80
[HX_SW1-ospf-1]silent-interface vlan 200
[HX_SW1-ospf-1]area 0
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.4.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.10.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.20.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.30.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.40.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.50.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.60.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.70.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.80.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.200.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]qui
[HX_SW1-ospf-1]qui
[HX_SW1]
------------------------------------
HX_SW2:
[HX_SW2]ospf 1
[HX_SW2-ospf-1] silent-interface Vlanif20
[HX_SW2-ospf-1] silent-interface Vlanif30
[HX_SW2-ospf-1] silent-interface Vlanif40
[HX_SW2-ospf-1] silent-interface Vlanif50
[HX_SW2-ospf-1] silent-interface Vlanif60
[HX_SW2-ospf-1] silent-interface Vlanif70
[HX_SW2-ospf-1] silent-interface Vlanif80
[HX_SW2-ospf-1] silent-interface Vlanif200
[HX_SW2-ospf-1]area 0
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.5.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.20.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.30.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.40.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.50.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.60.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.70.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.80.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.200.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.100.0 0.0.0.255//无线管理vlan
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.101.0 0.0.0.255//无线业务vlan
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.102.0 0.0.0.255//无线业务vlan
[HX_SW2-ospf-1-area-0.0.0.0]qui
[HX_SW2-ospf-1]qui
[HX_SW2]
------------------------------------
R1:
[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]net 192.168.0.0 0.0.255.255
[R1-ospf-1-area-0.0.0.0]qui
[R1-ospf-1]qui
[R1]
------------------------------------
R2:
[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]net 192.168.0.0 0.0.255.255
[R2-ospf-1-area-0.0.0.0]quit
[R2-ospf-1]quit
[R2]
------------------------------------
FW:
[FW]ospf
[FW-ospf-1]default-route-advertise
[FW-ospf-1]area 0
[FW-ospf-1-area-0.0.0.0]net 192.168.6.0 0.0.0.255
[FW-ospf-1-area-0.0.0.0]net 192.168.7.0 0.0.0.255
[FW-ospf-1-area-0.0.0.0]qui
[FW-ospf-1]qui
[FW]
12、BFD链路故障检测
HX_SW1:
[HX_SW1]bfd
[HX_SW1-bfd]qui
[HX_SW1]int vlan 10
[HX_SW1-Vlanif10]ospf bfd enable
[HX_SW1-Vlanif10]int vlan 4
[HX_SW1-Vlanif4]ospf bfd enable
[HX_SW1-Vlanif4]qui
[HX_SW1]
-------------------------
HX_SW2:
[HX_SW2]bfd
[HX_SW2-bfd]qui
[HX_SW2]int vlan 5
[HX_SW2-Vlanif5]ospf bfd enable
[HX_SW2-Vlanif5]int vlan 2
[HX_SW2-Vlanif2]ospf bfd enable
[HX_SW2-Vlanif2]qui
[HX_SW2]
-------------------------
AR1:
[R1]bfd
[R1-bfd]qui
[R1]ospf
[R1-ospf-1]bfd all-interfaces enable
[R1-ospf-1]qui
-------------------------
AR2:
[R2]bfd
[R2-bfd]qui
[R2]ospf
[R2-ospf-1]bfd all-interfaces enable
[R2-ospf-1]qui
[R2]
-------------------------
FW:
[FW]bfd
[FW-bfd]qui
[FW]int g1/0/1
[FW-GigabitEthernet1/0/1]ospf bfd en
[FW-GigabitEthernet1/0/1]int g1/0/2
[FW-GigabitEthernet1/0/2]ospf bfd en
[FW-GigabitEthernet1/0/2]qui
[FW]dis ospf bfd session all
[FW]dis bfd session all
13、防火墙策略配置
这一部分要不我就先不放在文章中,配置
的设备只有FW1这里呢配置的技术呢
是这样的,也就是一些安全策略
这一部分在文章中要不省了吧,在可以下载资源order的查看
命令笔记和相应的记事本版本的命令没有省,都
一条条的有的全的
14、外网路由器基本配置
ISP_R:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname ISP_R
[ISP_R]int g0/0/1
[ISP_R-GigabitEthernet0/0/1]ip add 192.168.8.2 30
[ISP_R-GigabitEthernet0/0/1]int g0/0/0
[ISP_R-GigabitEthernet0/0/0]ip add 10.10.10.1 24
[ISP_R-GigabitEthernet0/0/0]qui
[ISP_R]
------------------------------------
15、静态路由配置
FW:
[FW]ip route-static 0.0.0.0 0 192.168.8.2
------------------------------------
ISP:
[ISP]ip route-static 0.0.0.0 0.0.0.0 192.168.8.1
16、Server地址映射
[FW]nat server untrust_dmz zone untrust protocol icmp global 100.100.100.100 inside 192.168.111.2 no-reverse //让外网可以通过ping 100.100.100.100访问web服务器
[FW]nat server untust_dmz_web protocol tcp global 100.100.100.100 80 inside 192.168.111.2 80 no-reverse //让外网用户可以通过http://100.100.100.100 登录我们的web服务器
17、Snooping配置
JR_SW6:
[JR_SW6]dhcp enable
[JR_SW6]dhcp snooping enable
[JR_SW6]vlan 20
[JR_SW6-vlan20]dhcp snooping en
[JR_SW6-vlan20]vlan 30
[JR_SW6-vlan30]dhcp snooping enable
[JR_SW6-vlan30]qui
[JR_SW6]int g0/0/1
[JR_SW6-GigabitEthernet0/0/1]dhcp snooping trusted
[JR_SW6-GigabitEthernet0/0/1]dis this
------------------------------------
JR_SW7:
<JR_SW7>sys
[JR_SW7]dhcp enable
[JR_SW7]dhcp snooping enable
[JR_SW7]vlan 40
[JR_SW7-vlan40]dhcp snooping enable
[JR_SW7-vlan40]qui
[JR_SW7]int g0/0/1
[JR_SW7-GigabitEthernet0/0/1]dhcp snooping trusted
[JR_SW7-GigabitEthernet0/0/1]qui
------------------------------------
JR_SW8:略
------------------------------------
JR_SW9:略
能获取得到地址即可,这里PC1获取得到的地址应该是30.254(配图只是为了演示)
18、Telnet远程配置
HX_SW1:
[HX_SW1]aaa
[HX_SW1-aaa]local-user huawei privilege level 3 password cipher 5555
[HX_SW1-aaa]local-user huawei service-type telnet
[HX_SW1-aaa]quit
[HX_SW1]user-interface vty 0 4
[HX_SW1-ui-vty0-4]authentication-mode aaa
[HX_SW1-ui-vty0-4]protocol inbound telnet
[HX_SW1-ui-vty0-4]qui
[HX_SW1]int vlanif 900
[HX_SW1-Vlanif900]ip add 192.168.255.254 24
[HX_SW1-Vlanif900]vrrp vrid 255 virtual-ip 192.168.255.1
[HX_SW1-Vlanif900]dis this
#
interface Vlanif900
ip address 192.168.255.254 255.255.255.0
vrrp vrid 255 virtual-ip 192.168.255.1
#
return
[HX_SW1-Vlanif900]q
------------------------------------
HX_SW2:
[HX_SW2]aaa
[HX_SW2-aaa]local-user huawei privilege level 3 password cipher 5555
Info: Add a new user.
[HX_SW2-aaa]local-user huawei service-type telnet
[HX_SW2-aaa]quit
[HX_SW2]user-interface vty 0 4
[HX_SW2-ui-vty0-4]authentication-mode aaa
[HX_SW2-ui-vty0-4]protocol inbound telnet
[HX_SW2-ui-vty0-4]qui
[HX_SW2]int vlanif 900
[HX_SW2-Vlanif900]ip add 192.168.255.253 24
[HX_SW2-Vlanif900]vrrp vrid 255 virtual-ip 192.168.255.1
[HX_SW2-Vlanif900]dis this
#
interface Vlanif900
ip address 192.168.255.253 255.255.255.0
vrrp vrid 255 virtual-ip 192.168.255.1
#
return
[HX_SW2-Vlanif900]q
------------------------------------
HJ_SW3:
[HJ_SW3]aaa
[HJ_SW3-aaa]local-user huawei privilege level 3 password cipher 5555
[HJ_SW3-aaa]local-user huawei service-type telnet
[HJ_SW3-aaa]quit
[HJ_SW3]user-interface vty 0 4
[HJ_SW3-ui-vty0-4]authentication-mode aaa
[HJ_SW3-ui-vty0-4]protocol inbound telnet
[HJ_SW3-ui-vty0-4]qui
[HJ_SW3]int vlanif 900
[HJ_SW3-Vlanif900]ip add 192.168.255.3 24
[HJ_SW3-Vlanif900]q
[HJ_SW3]ip route-static 0.0.0.0 0 192.168.255.1
[HJ_SW3]
HJ_SW4:
[HJ_SW4]aaa
[HJ_SW4-aaa]local-user huawei privilege level 3 password cipher 5555
[HJ_SW4-aaa]local-user huawei service-type telnet
[HJ_SW4-aaa]quit
[HJ_SW4]user-interface vty 0 4
[HJ_SW4-ui-vty0-4]authentication-mode aaa
[HJ_SW4-ui-vty0-4]protocol inbound telnet
[HJ_SW4-ui-vty0-4]qui
[HJ_SW4]int vlanif 900
[HJ_SW4-Vlanif900]ip add 192.168.255.4 24
[HJ_SW4-Vlanif900]q
[HJ_SW4]ip route-static 0.0.0.0 0 192.168.255.1
[HJ_SW4]qui
/*...................剩余的交换机也是一样的配置SW1-SW12*/
//这个时候接可以telnet了192.168.255.3-8 254 253、和相应的路由器接口地址
/*<PC>telnet 192.168.255.7
Trying 192.168.255.7 ...
Press CTRL+K to abort
Connected to 192.168.255.7 ...
Username:huawei
Password:5555
Info: The max number of VTY users is 5, and the number
of current VTY users on line is 1.
The current login time is 2022-04-19 17:27:13.
<JR_SW7>*/
19、ACL策略
[HX_SW1]acl 3001
[HX_SW1-acl-adv-3001]rule permit ip source 192.168.50.0 0.0.0.255 destination 192.168.200.2 0
[HX_SW1-acl-adv-3001]rule deny ip source any destination 192.168.200.2 0
[HX_SW1-acl-adv-3001]dis this
#
acl number 3001
rule 5 permit ip source 192.168.50.0 0.0.0.255 destination 192.168.200.2 0
rule 10 deny ip destination 192.168.200.2 0
#
return
[HX_SW1-acl-adv-3001]qui
[HX_SW1]int g0/0/6
[HX_SW1-GigabitEthernet0/0/6]traffic-filter outbound acl 3001
[HX_SW1-GigabitEthernet0/0/6]qui
------------------------------------
HX_SW2:
[HX_SW2]acl 3001
[HX_SW2-acl-adv-3001]rule permit ip source 192.168.50.0 0.0.0.255 destination 192.168.200.2 0
[HX_SW2-acl-adv-3001]rule deny ip source any destination 192.168.200.2 0
[HX_SW2-acl-adv-3001]dis this
#
acl number 3001
rule 5 permit ip source 192.168.50.0 0.0.0.255 destination 192.168.200.2 0
rule 10 deny ip destination 192.168.200.2 0
#
return
[HX_SW2-acl-adv-3001]qui
[HX_SW2]
[HX_SW2]int g0/0/6
[HX_SW2-GigabitEthernet0/0/6]traffic-filter outbound acl 3001
[HX_SW2-GigabitEthernet0/0/6]qui
20、无线WLAN配置
文章来源:https://www.toymoban.com/news/detail-444272.html
HX_SW2:
<HX_SW2>sy
[HX_SW2]vlan batch 100 101 102
[HX_SW2]int g0/0/9
[HX_SW2-GigabitEthernet0/0/9]port link-type trunk
[HX_SW2-GigabitEthernet0/0/9]port trunk allow-pass vlan all
[HX_SW2-GigabitEthernet0/0/9]int g0/0/3
[HX_SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 101 102
[HX_SW2-GigabitEthernet0/0/3]int g0/0/5
[HX_SW2-GigabitEthernet0/0/5]port trunk allow-pass vlan 100 101 102
[HX_SW2-GigabitEthernet0/0/5]qui
[HX_SW2]int vlan 100
[HX_SW2-Vlanif100]ip add 192.168.100.1 24
[HX_SW2-Vlanif100]int vlan 101
[HX_SW2-Vlanif101]ip add 192.168.101.1 24
[HX_SW2-Vlanif101]int vlan 102
[HX_SW2-Vlanif102]ip add 192.168.102.1 24
[HX_SW2-Vlanif102]qui
[HX_SW2]dhcp enable
[HX_SW2]ip pool ap_pool
Info:It's successful to create an IP address pool.
[HX_SW2-ip-pool-ap_pool]gateway-list 192.168.100.1
[HX_SW2-ip-pool-ap_pool]network 192.168.100.0 mask 24
[HX_SW2-ip-pool-ap_pool]excluded-ip-address 192.168.100.100
[HX_SW2-ip-pool-ap_pool]dns-list 192.168.111.3
[HX_SW2-ip-pool-ap_pool]qui
[HX_SW2]ip pool hua_1
Info:It's successful to create an IP address pool.
[HX_SW2-ip-pool-hua_1]gateway-list 192.168.101.1
[HX_SW2-ip-pool-hua_1]network 192.168.101.0 mask 24
[HX_SW2-ip-pool-hua_1]dns-list 192.168.111.3
[HX_SW2-ip-pool-hua_1]qui
[HX_SW2]ip pool hua_2
Info:It's successful to create an IP address pool.
[HX_SW2-ip-pool-hua_2]gateway-list 192.168.102.1
[HX_SW2-ip-pool-hua_2]network 192.168.102.0 mask 24
[HX_SW2-ip-pool-hua_2]dns-list 192.168.111.3
[HX_SW2-ip-pool-hua_2]qui
[HX_SW2]int vlan 100
[HX_SW2-Vlanif100]dhcp select global
[HX_SW2-Vlanif100]int vlan 101
[HX_SW2-Vlanif101]dhcp select global
[HX_SW2-Vlanif101]int vlan 102
[HX_SW2-Vlanif102]dhcp select global
[HX_SW2-Vlanif102]qui
[HX_SW2]qui
<HX_SW2>save
-------------------------------------
HJ_SW3:
<HJ_SW3>sy
[HJ_SW3]vlan batch 100 101 102
[HJ_SW3]int g0/0/2
[HJ_SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101 102
[HJ_SW3-GigabitEthernet0/0/2]int g0/0/5
[HJ_SW3-GigabitEthernet0/0/5]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/5]port trunk pvid vlan 100
[HJ_SW3-GigabitEthernet0/0/5]port trunk allow-pass vlan 100 101
[HJ_SW3-GigabitEthernet0/0/5]qui
[HJ_SW3]qui
---------------------------------
HJ_SW5:
[HJ_SW5]vlan batch 100 101 102
[HJ_SW5]int g0/0/2
[HJ_SW5-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101 102
[HJ_SW5-GigabitEthernet0/0/2]int g0/0/5
[HJ_SW5-GigabitEthernet0/0/5]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/5]port trunk pvid vlan 100
[HJ_SW5-GigabitEthernet0/0/5]port trunk allow-pass vlan 100 102
[HJ_SW5-GigabitEthernet0/0/5]qui
[HJ_SW5]qu
---------------------------------
AC:
<AC6605>sy
[AC6605]un in en
[AC6605]sysname AC1
[AC1]vlan batch 100 to 103
[AC1]int g0/0/1
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC1-GigabitEthernet0/0/1]qui
[AC1]int vlan 100
[AC1-Vlanif100]ip add 192.168.100.100 24
[AC1-Vlanif100]qui
[AC1]capwap source int vlanif100
[AC1]wlan
[AC1-wlan-view]ap-group name CYY
[AC1-wlan-ap-group-CYY]q
[AC1-wlan-view]regulatory-domain-profile name domain1
[AC1-wlan-regulate-domain-domain1]country-code cn
[AC1-wlan-regulate-domain-domain1]q
[AC1-wlan-view]ap-group name CYY
[AC1-wlan-ap-group-CYY]regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC1-wlan-ap-group-CYY]qui
[AC1-wlan-view]qui
[AC1]wlan
[AC1-wlan-view]ap-group name YYC
[AC1-wlan-ap-group-YYC]q
[AC1-wlan-view]regulatory-domain-profile name domain2
[AC1-wlan-regulate-domain-domain2]country-code cn
Info: The current country code is same with the input country code.
[AC1-wlan-regulate-domain-domain2]q
[AC1-wlan-view]ap-group name YYC
[AC1-wlan-ap-group-YYC]regulatory-domain-profile domain2
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC1-wlan-ap-group-YYC]qui
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-id 0 ap-mac 00e0-fc82-0a90
[AC1-wlan-ap-0]ap-name area_0
[AC1-wlan-ap-0]ap-group CYY
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
[AC1-wlan-ap-0]qui
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-id 1 ap-mac 00e0-fc2d-1bd0
[AC1-wlan-ap-1]ap-name area_1
[AC1-wlan-ap-1]ap-group YYC
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC1-wlan-ap-1]qui
[AC1-wlan-view]qui
[AC1]wlan
[AC1-wlan-view]security-profile name A
[AC1-wlan-sec-prof-A]security wpa2 psk pass-phrase a1234567 aes
[AC1-wlan-sec-prof-A]q
[AC1-wlan-view]security-profile name X
[AC1-wlan-sec-prof-X]security wpa2 psk pass-phrase huawei@123 aes
[AC1-wlan-sec-prof-X]qui
[AC1-wlan-view]ssid-profile name B
[AC1-wlan-ssid-prof-B]ssid CYY-CY
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-ssid-prof-B]q
[AC1-wlan-view]ssid-profile name Y
[AC1-wlan-ssid-prof-Y]ssid YYC-YC
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-ssid-prof-Y]q
[AC1-wlan-view]vap-profile name C
[AC1-wlan-vap-prof-C]forward-mode tunnel
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-C]service-vlan vlan-id 101
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-C]security-profile A
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-C]ssid-profile B
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-C]qui
[AC1-wlan-view]vap-profile name Z
[AC1-wlan-vap-prof-Z]forward-mode tunnel
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-Z]service-vlan vlan-id 102
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-Z]security-profile X
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-Z]ssid-profile Y
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-Z]qui
[AC1-wlan-view]ap-group name CYY
[AC1-wlan-ap-group-CYY]vap-profile C wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
[AC1-wlan-ap-group-CYY]vap-profile C wlan 1 radio 1
Info: This operation may take a few seconds, please wait...done.
[AC1-wlan-ap-group-CYY]qui
[AC1-wlan-view]ap-group name YYC
[AC1-wlan-ap-group-YYC]vap-profile Z wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
[AC1-wlan-ap-group-YYC]vap-profile Z wlan 1 radio 1
配置好无线之后需要更改一下MSPT这里的步骤放在资源中了
这里就不多说了吧
五、名片所在地
文章来源地址https://www.toymoban.com/news/detail-444272.html
到了这里,关于基于eNSP加防火墙的千人中型校园/企业网络规划与设计(一步一步走)的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
