1. Toy模板网首页
  2. > Toy博客

HCIA-Datacom园区网络项目实战 华为认证实验手册 ENSP配置

8月前 作者:网工教室 分类:Toy博客 阅读(38) 违法举报

这篇具有很好参考价值的文章主要介绍了HCIA-Datacom园区网络项目实战 华为认证实验手册 ENSP配置。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

HCIA-Datacom园区网络项目实战
HCIA-Datacom园区网络项目实战 华为认证实验手册 ENSP配置

配置步骤

一、 二层配置
背景信息:
• 有线网络VLAN划分:
▪ 一楼核心机房的接入交换机GE0/0/2~GE0/0/10连接服务器,属于同一个VLAN。
▪ 二楼除F2-ACC2连接总经理办公室外,其他交换机连接行政部,两个部门属于不同的VLAN。
▪ 三楼的F3-ACC1和F3-ACC3的E0/0/1E0/0/10属于市场部,E0/0/11E0/0/20属于研发部。
▪ F3-ACC2的E0/0/1~E0/0/19属于市场部。
• 无线网络VLAN划分:
▪ 各个楼层的无线终端需要属于不同的VLAN。
▪ 各个楼层的无线管理VLAN不同。
注:需要预留设备互联VLAN、设备管理VLAN等。
1.F1-ACC1二层配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F1-ACC1
[F1-ACC1]vlan batch 100 105 205
[F1-ACC1]port-group group-member GigabitEthernet 0/0/2 to GigabitEthernet 0/0/10
[F1-ACC1-port-group]port link-type access
[F1-ACC1-port-group]port default vlan 100
[F1-ACC1]interface GigabitEthernet 0/0/1
[F1-ACC1-GigabitEthernet0/0/1]port link-type trunk
[F1-ACC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 105 205
[F1-ACC1]interface GigabitEthernet 0/0/20
[F1-ACC1-GigabitEthernet0/0/20]port link-type trunk
[F1-ACC1-GigabitEthernet0/0/20]port trunk pvid vlan 205
[F1-ACC1-GigabitEthernet0/0/20]port trunk allow-pass vlan 105 205

2.F2-ACC1二层配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F2-ACC1
[F2-ACC1]vlan batch 2 102
[F2-ACC1]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/22
[F2-ACC1-port-group]port link-type access
[F2-ACC1-port-group]port default vlan 102
[F2-ACC1]interface GigabitEthernet 0/0/1
[F2-ACC1-GigabitEthernet0/0/1]port link-type trunk
[F2-ACC1-GigabitEthernet0/0/1]port trunk pvid vlan 2
[F2-ACC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 102

3.F2-ACC2二层配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F2-ACC2
[F2-ACC2]vlan batch 2 101 106 206
[F2-ACC2]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/19
[F2-ACC2-port-group]port link-type access
[F2-ACC2-port-group]port default vlan 101
[F2-ACC2]interface GigabitEthernet 0/0/1
[F2-ACC2-GigabitEthernet0/0/1]port link-type trunk
[F2-ACC2-GigabitEthernet0/0/1]port trunk pvid vlan 2
[F2-ACC2-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 101 106 206
[F2-ACC2]interface Ethernet 0/0/20
[F2-ACC2-Ethernet 0/0/20]port link-type trunk
[F2-ACC2-Ethernet 0/0/20]port trunk pvid vlan 206
[F2-ACC2-Ethernet 0/0/20]port trunk allow-pass vlan 106 206

4.F2-ACC3二层配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F2-ACC3
[F2-ACC3]vlan batch 2 102
[F2-ACC3]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/22
[F2-ACC3-port-group]port link-type access
[F2-ACC3-port-group]port default vlan 102
[F2-ACC3]interface GigabitEthernet 0/0/1
[F2-ACC3-GigabitEthernet0/0/1]port link-type trunk
[F2-ACC3-GigabitEthernet0/0/1]port trunk pvid vlan 2
[F2-ACC3-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 102

5.F3-ACC1二层配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F3-ACC1
[F3-ACC1]vlan batch 3 103 104
[F3-ACC1]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/10
[F3-ACC1-port-group]port link-type access
[F3-ACC1-port-group]port default vlan 103
[F3-ACC1]port-group group-member Ethernet 0/0/11 to Ethernet 0/0/20
[F3-ACC1-port-group]port link-type access
[F3-ACC1-port-group]port default vlan 104
[F3-ACC1]interface GigabitEthernet 0/0/1
[F3-ACC1-GigabitEthernet0/0/1]port link-type trunk
[F3-ACC1-GigabitEthernet0/0/1]port trunk pvid vlan 3
[F3-ACC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 3 103 104

6.F3-ACC2二层配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F3-ACC2
[F3-ACC2]vlan batch 3 103 107 207
[F3-ACC2]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/19
[F3-ACC2-port-group]port link-type access
[F3-ACC2-port-group]port default vlan 103
[F3-ACC2]interface GigabitEthernet 0/0/1
[F3-ACC2-GigabitEthernet0/0/1]port link-type trunk
[F3-ACC2-GigabitEthernet0/0/1]port trunk pvid vlan 3
[F3-ACC2-GigabitEthernet0/0/1]port trunk allow-pass vlan 3 103 107 207
[F3-ACC2]interface Ethernet 0/0/20
[F3-ACC2-Ethernet 0/0/20]port link-type trunk
[F3-ACC2-Ethernet 0/0/20]port trunk pvid vlan 207
[F3-ACC2-Ethernet 0/0/20]port trunk allow-pass vlan 107 207

7.F3-ACC3二层配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F3-ACC3
[F3-ACC3]vlan batch 3 103 104
[F3-ACC3]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/10
[F3-ACC3-port-group]port link-type access
[F3-ACC3-port-group]port default vlan 103
[F3-ACC3]port-group group-member Ethernet 0/0/11 to Ethernet 0/0/20
[F3-ACC3-port-group]port link-type access
[F3-ACC3-port-group]port default vlan 104
[F3-ACC3]interface GigabitEthernet 0/0/1
[F3-ACC3-GigabitEthernet0/0/1]port link-type trunk
[F3-ACC3-GigabitEthernet0/0/1]port trunk pvid vlan 3
[F3-ACC3-GigabitEthernet0/0/1]port trunk allow-pass vlan 3 103 104

8.F2-AGG1二层配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F2-AGG1
[F2-AGG1]vlan batch 2 101 102 106 206 201 203
[F2-AGG1]interface GigabitEthernet0/0/1
[F2-AGG1-GigabitEthernet0/0/1] port link-type access
[F2-AGG1-GigabitEthernet0/0/1] port default vlan 201
[F2-AGG1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[F2-AGG1-GigabitEthernet0/0/2] port link-type access
[F2-AGG1-GigabitEthernet0/0/2] port default vlan 203
[F2-AGG1-GigabitEthernet0/0/2]interface GigabitEthernet0/0/11
[F2-AGG1-GigabitEthernet0/0/11] port link-type trunk
[F2-AGG1-GigabitEthernet0/0/11] port trunk pvid vlan 2
[F2-AGG1-GigabitEthernet0/0/11] port trunk allow-pass vlan 2 102
[F2-AGG1-GigabitEthernet0/0/11]interface GigabitEthernet0/0/12
[F2-AGG1-GigabitEthernet0/0/12] port link-type trunk
[F2-AGG1-GigabitEthernet0/0/12] port trunk pvid vlan 2
[F2-AGG1-GigabitEthernet0/0/12] port trunk allow-pass vlan 2 101 106 206
[F2-AGG1-GigabitEthernet0/0/12]interface GigabitEthernet0/0/13
[F2-AGG1-GigabitEthernet0/0/13] port link-type trunk
[F2-AGG1-GigabitEthernet0/0/13] port trunk pvid vlan 2
[F2-AGG1-GigabitEthernet0/0/13] port trunk allow-pass vlan 2 102

9.F3-AGG1二层配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F3-AGG1
[F3-AGG1]vlan batch 3 103 to 104 107 202 to 203 207
[F3-AGG1]interface GigabitEthernet0/0/1
[F3-AGG1-GigabitEthernet0/0/1] port link-type access
[F3-AGG1-GigabitEthernet0/0/1] port default vlan 202
[F3-AGG1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[F3-AGG1-GigabitEthernet0/0/2] port link-type access
[F3-AGG1-GigabitEthernet0/0/2] port default vlan 203
[F3-AGG1-GigabitEthernet0/0/2]interface GigabitEthernet0/0/11
[F3-AGG1-GigabitEthernet0/0/11] port link-type trunk
[F3-AGG1-GigabitEthernet0/0/11] port trunk pvid vlan 3
[F3-AGG1-GigabitEthernet0/0/11] port trunk allow-pass vlan 3 103 to 104
[F3-AGG1-GigabitEthernet0/0/11]interface GigabitEthernet0/0/12
[F3-AGG1-GigabitEthernet0/0/12] port link-type trunk
[F3-AGG1-GigabitEthernet0/0/12] port trunk pvid vlan 3
[F3-AGG1-GigabitEthernet0/0/12] port trunk allow-pass vlan 3 103 107 207
[F3-AGG1-GigabitEthernet0/0/12]interface GigabitEthernet0/0/13
[F3-AGG1-GigabitEthernet0/0/13] port link-type trunk
[F3-AGG1-GigabitEthernet0/0/13] port trunk pvid vlan 3
[F3-AGG1-GigabitEthernet0/0/13] port trunk allow-pass vlan 3 103 to 104

10.CORE1二层配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname CORE1
[CORE1]vlan batch 100 105 201 to 202 204 to 205
[CORE1]interface GigabitEthernet0/0/1
[CORE1-GigabitEthernet0/0/1] port link-type trunk
[CORE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 105 205
[CORE1-GigabitEthernet0/0/1]#
[CORE1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[CORE1-GigabitEthernet0/0/2] port link-type access
[CORE1-GigabitEthernet0/0/2] port default vlan 201
[CORE1-GigabitEthernet0/0/2]#
[CORE1-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3
[CORE1-GigabitEthernet0/0/3] port link-type access
[CORE1-GigabitEthernet0/0/3] port default vlan 202
[CORE1-GigabitEthernet0/0/3]#
[CORE1-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4
[CORE1-GigabitEthernet0/0/4] port link-type access
[CORE1-GigabitEthernet0/0/4] port default vlan 205
[CORE1-GigabitEthernet0/0/4]#
[CORE1-GigabitEthernet0/0/4]interface GigabitEthernet0/0/5
[CORE1-GigabitEthernet0/0/5] port link-type access
[CORE1-GigabitEthernet0/0/5] port default vlan 204

11.AC二层配置
system-view
[AC6605]undo info-center enable
[AC6605] sysname AC
[AC]vlan 205
[AC]interface GigabitEthernet0/0/1
[AC-GigabitEthernet0/0/1] port link-type access
[AC-GigabitEthernet0/0/1] port default vlan 205
二、 三层配置
背景信息:
• 地址配置,采用192.168.0.0/16地址段,具体需求如下:
▪ 一楼:
▫ 服务器采用静态IP地址。无线客户端和无线AP由CORE1通过DHCP分配地址,网关均在CORE1上。
▫ 接入交换机管理IP采用静态地址配置,网关在CORE1上。
▪ 二楼和三楼:
▫ 所有有线终端、无线终端、无线AP的地址均由对应楼层汇聚交换机通过DHCP分配,网关在汇聚交换机上。
▫ 接入交换机管理IP采用静态地址配置,网关在各自楼层汇聚交换机上。
• 全网采用OSPF动态路由协议实现业务网段之间的互联互通,所有终端通过Router访问Internet。

(一)接口ip地址和静态配置:

  1. 一楼接入,静态配置,网关在CORE1上,默认路由指向CORE1
    [F1-ACC1]interface Vlanif1
    [F1-ACC1-Vlanif1] ip address 192.168.1.1 255.255.255.0

2.二楼接入,静态配置,网关在F2-AGG1上,默认路由指向F2-AGG1
[F2-ACC1]interface Vlanif2
[F2-ACC1-Vlanif2] ip address 192.168.2.1 255.255.255.0
[F2-ACC2]interface Vlanif2
[F2-ACC2-Vlanif2] ip address 192.168.2.2 255.255.255.0
[F2-ACC3]interface Vlanif2
[F2-ACC3-Vlanif2] ip address 192.168.2.3 255.255.255.0

3.三楼接入,静态配置,网关在F3-AGG1上,默认路由指向F3-AGG1
[F3-ACC1]interface Vlanif3
[F3-ACC1-Vlanif3] ip address 192.168.3.1 255.255.255.0
[F3-ACC2]interface Vlanif3
[F3-ACC2-Vlanif3] ip address 192.168.3.2 255.255.255.0
[F3-ACC3]interface Vlanif3
[F3-ACC3-Vlanif3] ip address 192.168.3.3 255.255.255.0

4.手动配置两个服务器的IP地址
server1:192.168.100.1/24 网关:192.168.100.254(网关在CORE1上的vlanif 100接口)
server2:192.168.100.2/24 网关:192.168.100.254(网关在CORE1上的vlanif 100接口)

5.核心交换机CORE1逻辑接口IP配置
[CORE1]interface Vlanif1
[CORE1-Vlanif1] ip address 192.168.1.254 255.255.255.0
[CORE1-Vlanif1]interface Vlanif100
[CORE1-Vlanif100] ip address 192.168.100.254 255.255.255.0
[CORE1-Vlanif100]interface Vlanif105
[CORE1-Vlanif105] ip address 192.168.105.254 255.255.255.0
[CORE1-Vlanif105]interface Vlanif201
[CORE1-Vlanif201] ip address 192.168.201.1 255.255.255.252
[CORE1-Vlanif201]interface Vlanif202
[CORE1-Vlanif202] ip address 192.168.202.1 255.255.255.252
[CORE1-Vlanif202]interface Vlanif204
[CORE1-Vlanif204] ip address 192.168.204.2 255.255.255.252
[CORE1-Vlanif204]interface Vlanif205
[CORE1-Vlanif205] ip address 192.168.205.254 255.255.255.0

6.二楼F2-AGG1逻辑接口配置
[F2-AGG1]interface Vlanif2
[F2-AGG1-Vlanif2] ip address 192.168.2.254 255.255.255.0
[F2-AGG1-Vlanif2]interface Vlanif101
[F2-AGG1-Vlanif101] ip address 192.168.101.254 255.255.255.0
[F2-AGG1-Vlanif101]interface Vlanif102
[F2-AGG1-Vlanif102] ip address 192.168.102.254 255.255.255.0
[F2-AGG1-Vlanif102]interface Vlanif106
[F2-AGG1-Vlanif106] ip address 192.168.106.254 255.255.255.0
[F2-AGG1-Vlanif106]interface Vlanif201
[F2-AGG1-Vlanif201] ip address 192.168.201.2 255.255.255.252
[F2-AGG1-Vlanif201]interface Vlanif203
[F2-AGG1-Vlanif203] ip address 192.168.203.1 255.255.255.252
[F2-AGG1-Vlanif203]interface Vlanif206
[F2-AGG1-Vlanif206] ip address 192.168.206.254 255.255.255.0

  1. 三楼F3-AGG1逻辑接口配置
    [F3-AGG1]interface Vlanif3
    [F3-AGG1-Vlanif3] ip address 192.168.3.254 255.255.255.0
    [F3-AGG1-Vlanif3]interface Vlanif103
    [F3-AGG1-Vlanif103] ip address 192.168.103.254 255.255.255.0
    [F3-AGG1-Vlanif103]interface Vlanif104
    [F3-AGG1-Vlanif104] ip address 192.168.104.254 255.255.255.0
    [F3-AGG1-Vlanif104]interface Vlanif107
    [F3-AGG1-Vlanif107] ip address 192.168.107.254 255.255.255.0
    [F3-AGG1-Vlanif107]interface Vlanif202
    [F3-AGG1-Vlanif202] ip address 192.168.202.2 255.255.255.252
    [F3-AGG1-Vlanif202]interface Vlanif203
    [F3-AGG1-Vlanif203] ip address 192.168.203.2 255.255.255.252
    [F3-AGG1-Vlanif203]interface Vlanif207
    [F3-AGG1-Vlanif207] ip address 192.168.207.254 255.255.255.0

8.路由器接口IP配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname Router
[Router-GigabitEthernet0/0/0] ip address 1.1.1.1 255.255.255.0
[Router-GigabitEthernet0/0/1] ip address 192.168.204.1 255.255.255.252

(二)路由配置
1.静态路由:
[F1-ACC1]ip route-static 0.0.0.0 0.0.0.0 192.168.1.254
[F2-ACC1]ip route-static 0.0.0.0 0.0.0.0 192.168.2.254
[F2-ACC2]ip route-static 0.0.0.0 0.0.0.0 192.168.2.254
[F2-ACC3]ip route-static 0.0.0.0 0.0.0.0 192.168.2.254
[F3-ACC1]ip route-static 0.0.0.0 0.0.0.0 192.168.3.254
[F3-ACC2]ip route-static 0.0.0.0 0.0.0.0 192.168.3.254
[F3-ACC3]ip route-static 0.0.0.0 0.0.0.0 192.168.3.254
[Router]ip route-static 0.0.0.0 0.0.0.0 1.1.1.254
[AC]ip route-static 0.0.0.0 0.0.0.0 192.168.205.2542.

2.动态路由OSPF:
路由器:
[Router]ospf 1
[Router-ospf-1] default-route-advertise always
[Router-ospf-1] area 0.0.0.0
[Router-ospf-1-area-0.0.0.0] network 192.168.204.0 0.0.0.3

核心交换机CORE1:
[CORE1]ospf 1
[CORE1-ospf-1] area 0.0.0.0
[CORE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[CORE1-ospf-1-area-0.0.0.0] network 192.168.100.0 0.0.0.255
[CORE1-ospf-1-area-0.0.0.0] network 192.168.105.0 0.0.0.255
[CORE1-ospf-1-area-0.0.0.0] network 192.168.205.0 0.0.0.255
[CORE1-ospf-1-area-0.0.0.0] network 192.168.201.0 0.0.0.3
[CORE1-ospf-1-area-0.0.0.0] network 192.168.202.0 0.0.0.3
[CORE1-ospf-1-area-0.0.0.0] network 192.168.204.0 0.0.0.3

二楼汇聚交换机F2-AGG1:
[F2-AGG1]ospf 1
[F2-AGG1-ospf-1] area 0.0.0.0
[F2-AGG1-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[F2-AGG1-ospf-1-area-0.0.0.0] network 192.168.101.0 0.0.0.255
[F2-AGG1-ospf-1-area-0.0.0.0] network 192.168.102.0 0.0.0.255
[F2-AGG1-ospf-1-area-0.0.0.0] network 192.168.106.0 0.0.0.255
[F2-AGG1-ospf-1-area-0.0.0.0] network 192.168.201.0 0.0.0.3
[F2-AGG1-ospf-1-area-0.0.0.0] network 192.168.203.0 0.0.0.3
[F2-AGG1-ospf-1-area-0.0.0.0] network 192.168.206.0 0.0.0.255

三楼汇聚交换机F3-AGG1:
[F3-AGG1]ospf 1
[F3-AGG1-ospf-1] area 0.0.0.0
[F3-AGG1-ospf-1-area-0.0.0.0] network 192.168.3.0 0.0.0.255
[F3-AGG1-ospf-1-area-0.0.0.0] network 192.168.103.0 0.0.0.255
[F3-AGG1-ospf-1-area-0.0.0.0] network 192.168.104.0 0.0.0.255
[F3-AGG1-ospf-1-area-0.0.0.0] network 192.168.107.0 0.0.0.255
[F3-AGG1-ospf-1-area-0.0.0.0] network 192.168.202.0 0.0.0.3
[F3-AGG1-ospf-1-area-0.0.0.0] network 192.168.203.0 0.0.0.3
[F3-AGG1-ospf-1-area-0.0.0.0] network 192.168.207.0 0.0.0.255

(三)DHCP配置
1.核心交换机CORE1为一楼的无线终端和管理vlan提供DHCP服务
[CORE1]dhcp enable
[CORE1]ip pool ap-f1
[CORE1-ip-pool-ap-f1] gateway-list 192.168.205.254
[CORE1-ip-pool-ap-f1] network 192.168.205.0 mask 255.255.255.0
[CORE1-ip-pool-ap-f1] excluded-ip-address 192.168.205.253
[CORE1-ip-pool-ap-f1]ip pool sta-f1
[CORE1-ip-pool-sta-f1] gateway-list 192.168.105.254
[CORE1-ip-pool-sta-f1] network 192.168.105.0 mask 255.255.255.0
[CORE1]interface Vlanif105
[CORE1-Vlanif105] dhcp select global
[CORE1]interface Vlanif205
[CORE1-Vlanif205] dhcp select global

2.汇聚交换机F2-AGG1为无线终端、无线管理vlan、总经理办公室、行政部提供DHCP服务
[F2-AGG1]dhcp enable
[F2-AGG1]ip pool admin
[F2-AGG1-ip-pool-admin] gateway-list 192.168.102.254
[F2-AGG1-ip-pool-admin] network 192.168.102.0 mask 255.255.255.0
[F2-AGG1-ip-pool-admin]ip pool ap-f2
[F2-AGG1-ip-pool-ap-f2] gateway-list 192.168.206.254
[F2-AGG1-ip-pool-ap-f2] network 192.168.206.0 mask 255.255.255.0
[F2-AGG1-ip-pool-ap-f2] option 43 sub-option 3 ascii 192.168.205.253
[F2-AGG1-ip-pool-ap-f2]ip pool manager
[F2-AGG1-ip-pool-manager] gateway-list 192.168.101.254
[F2-AGG1-ip-pool-manager] network 192.168.101.0 mask 255.255.255.0
[F2-AGG1-ip-pool-manager]ip pool sta-f2
[F2-AGG1-ip-pool-sta-f2] gateway-list 192.168.106.254
[F2-AGG1-ip-pool-sta-f2] network 192.168.106.0 mask 255.255.255.0
[F2-AGG1]interface Vlanif101
[F2-AGG1-Vlanif101] dhcp select global
[F2-AGG1-Vlanif101]interface Vlanif102
[F2-AGG1-Vlanif102] dhcp select global
[F2-AGG1-Vlanif102]interface Vlanif106
[F2-AGG1-Vlanif106] dhcp select global
[F2-AGG1]interface Vlanif206
[F2-AGG1-Vlanif206] dhcp select global

  1. 汇聚交换机F2-AGG1为无线终端、无线管理vlan、市场部、研发部提供DHCP服务

[F3-AGG1]dhcp enable
[F3-AGG1]ip pool ap-f3
[F3-AGG1-ip-pool-ap-f3] gateway-list 192.168.207.254
[F3-AGG1-ip-pool-ap-f3] network 192.168.207.0 mask 255.255.255.0
[F3-AGG1-ip-pool-ap-f3] option 43 sub-option 3 ascii 192.168.205.253
[F3-AGG1-ip-pool-ap-f3]ip pool marketing
[F3-AGG1-ip-pool-marketing] gateway-list 192.168.103.254
[F3-AGG1-ip-pool-marketing] network 192.168.103.0 mask 255.255.255.0
[F3-AGG1-ip-pool-marketing]ip pool rd
[F3-AGG1-ip-pool-rd] gateway-list 192.168.104.254
[F3-AGG1-ip-pool-rd] network 192.168.104.0 mask 255.255.255.0
[F3-AGG1-ip-pool-rd]ip pool sta-f3
[F3-AGG1-ip-pool-sta-f3] gateway-list 192.168.107.254
[F3-AGG1-ip-pool-sta-f3] network 192.168.107.0 mask 255.255.255.0

三、 WLAN配置

AC配置wlan配置
[AC]wlan
[AC-wlan-view]
[AC-wlan-view]security-profile name WLAN-F1
[AC-wlan-sec-prof-WLAN-F1] security wpa-wpa2 psk pass-phrase HCIA-Datacom aes
[AC-wlan-sec-prof-WLAN-F1] security-profile name WLAN-F2
[AC-wlan-sec-prof-WLAN-F2] security wpa-wpa2 psk pass-phrase HCIA-Datacom aes
[AC-wlan-sec-prof-WLAN-F2] security-profile name WLAN-F3
[AC-wlan-sec-prof-WLAN-F3] security wpa-wpa2 psk pass-phrase HCIA-Datacom aes
[AC-wlan-sec-prof-WLAN-F3]ssid-profile name WLAN-F1
[AC-wlan-ssid-prof-WLAN-F1] ssid WLAN-F1
[AC-wlan-ssid-prof-WLAN-F1] ssid-profile name WLAN-F2
[AC-wlan-ssid-prof-WLAN-F2] ssid WLAN-F2
[AC-wlan-ssid-prof-WLAN-F2] ssid-profile name WLAN-F3
[AC-wlan-ssid-prof-WLAN-F3] ssid WLAN-F3
[AC-wlan-ssid-prof-WLAN-F3] vap-profile name WLAN-F1
[AC-wlan-vap-prof-WLAN-F1] service-vlan vlan-id 105
[AC-wlan-vap-prof-WLAN-F1] ssid-profile WLAN-F1
[AC-wlan-vap-prof-WLAN-F1] security-profile WLAN-F1
[AC-wlan-vap-prof-WLAN-F1] vap-profile name WLAN-F2
[AC-wlan-vap-prof-WLAN-F2] service-vlan vlan-id 106
[AC-wlan-vap-prof-WLAN-F2] ssid-profile WLAN-F2
[AC-wlan-vap-prof-WLAN-F2] security-profile WLAN-F2
[AC-wlan-vap-prof-WLAN-F2] vap-profile name WLAN-F3
[AC-wlan-vap-prof-WLAN-F3] service-vlan vlan-id 107
[AC-wlan-vap-prof-WLAN-F3] ssid-profile WLAN-F3
[AC-wlan-vap-prof-WLAN-F3] security-profile WLAN-F3
[AC-wlan-vap-prof-WLAN-F3]ap-group name WLAN-F1
[AC-wlan-ap-group-WLAN-F1] radio 0
[AC-wlan-group-radio-WLAN-F1/0] vap-profile WLAN-F1 wlan 1
[AC-wlan-group-radio-WLAN-F1/0] radio 1
[AC-wlan-group-radio-WLAN-F1/1] vap-profile WLAN-F1 wlan 1
[AC-wlan-group-radio-WLAN-F1/1] radio 2
[AC-wlan-group-radio-WLAN-F1/2] vap-profile WLAN-F1 wlan 1
[AC-wlan-group-radio-WLAN-F1/2] ap-group name WLAN-F2
[AC-wlan-ap-group-WLAN-F2] radio 0
[AC-wlan-group-radio-WLAN-F2/0] vap-profile WLAN-F2 wlan 2
[AC-wlan-group-radio-WLAN-F2/0] radio 1
[AC-wlan-group-radio-WLAN-F2/1] vap-profile WLAN-F2 wlan 2
[AC-wlan-group-radio-WLAN-F2/1] radio 2
[AC-wlan-group-radio-WLAN-F2/2] vap-profile WLAN-F2 wlan 2
[AC-wlan-group-radio-WLAN-F2/2] ap-group name WLAN-F3
[AC-wlan-ap-group-WLAN-F3] radio 0
[AC-wlan-group-radio-WLAN-F3/0] vap-profile WLAN-F3 wlan 2
[AC-wlan-group-radio-WLAN-F3/0] radio 1
[AC-wlan-group-radio-WLAN-F3/1] vap-profile WLAN-F3 wlan 2
[AC-wlan-group-radio-WLAN-F3/1] radio 2
[AC-wlan-group-radio-WLAN-F3/2] vap-profile WLAN-F3 wlan 2
[AC-wlan-group-radio-WLAN-F3/2] ap-id 0 type-id 60 ap-mac 00e0-fcce-2ad0 ap-sn 2
10235448310E7552512
[AC-wlan-ap-0] ap-name F1-AP1
[AC-wlan-ap-0] ap-group WLAN-F1
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]: 输入Y,回车
[AC-wlan-ap-0] ap-id 1 type-id 60 ap-mac 00e0-fc2e-2d20 ap-sn 2102354483105404F7
54
[AC-wlan-ap-1] ap-name F2-AP1
[AC-wlan-ap-1] ap-group WLAN-F2
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]: 输入Y,回车
[AC-wlan-ap-1]ap-id 2 type-id 60 ap-mac 00e0-fcb1-7140 ap-sn 2102354483106439D86
5
[AC-wlan-ap-2] ap-name F3-AP1
[AC-wlan-ap-2] ap-group WLAN-F3
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]: 输入Y,回车

四、 安全及出口设计
背景信息:
• 禁止从一楼的访客SSID接入的用户访问公司内部网络。
• 仅无线终端可以访问Internet。
• Router采用静态IP地址方式接入互联网,运营商分配了1.1.1.1-1.1.1.10地址段(掩码长度为24),Router到达Internet的下一跳地址为1.1.1.254。
• 公司内部有一台Web服务器需要对外提供服务,其私网IP地址为192.168.100.1,端口号为80。为了保证服务器安全性,只提供Web服务的NAT映射。

1、 禁止从一楼的访客SSID接入的用户访问公司内部网络。
[CORE1]acl name F1ap-neibu 3000
[CORE1-acl-adv-F1ap-neibu]rule 5 deny ip source 192.168.105.0 0.0.0.255 destinat
ion 192.168.0.0 0.0.255.255
[CORE1-acl-adv-F1ap-neibu]rule 10 permit ip
[CORE1-GigabitEthernet0/0/1]traffic-filter inbound acl 3000

2、仅无线终端可以访问Internet。
• Router采用静态IP地址方式接入互联网,运营商分配了1.1.1.1-1.1.1.10地址段(掩码长度为24),Router到达Internet的下一跳地址为1.1.1.254。
[Router]nat address-group 1 1.1.1.2 1.1.1.10
[Router-acl-basic-ap-internet]rule 5 permit source 192.168.105.0 0.0.0.255
[Router-acl-basic-ap-internet]rule 10 permit source 192.168.106.0 0.0.0.255
[Router-acl-basic-ap-internet]rule 15 permit source 192.168.107.0 0.0.0.255
[Router-GigabitEthernet0/0/0]nat outbound 2000 address-group 1

3、公司内部有一台Web服务器需要对外提供服务,其私网IP地址为192.168.100.1,端口号为80。为了保证服务器安全性,只提供Web服务的NAT映射。
[Router-GigabitEthernet0/0/0]nat server protocol tcp global current-interface 80
80 inside 192.168.100.1 www文章来源地址https://www.toymoban.com/news/detail-474223.html

到了这里,关于HCIA-Datacom园区网络项目实战 华为认证实验手册 ENSP配置的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

分享到:
领支付宝红包 赞助服务器费用

相关文章

  • HCIA-Datacom实验指导手册:3、OSPF 路由协议基础实验

    开放式最短路径优先 OSPF(O

    2024年01月24日
    浏览(46)
  • HCIA-Datacom题库(自己整理分类的)_09_Telnet协议【14道题】

    HCIA-Datacom题库(自己整理分类的)_09_Telnet协议【14道题】

    1.某公司网络管理员希望能够远程管理分支机构的网络设备,则下面哪个协议会被用到? RSTP CIDR Telnet VLSM 2.以下哪种远程登录方式最安全? Telnet Stelnet v100 Stelnet v2 Stelnet v1 解析: Telnet 明文传输 Stelnet v100没有此版本 Stelnet v2比Stelnet v1更安全 3.Telnet协议默认使用的服务端口号是

    2024年02月01日
    浏览(57)
  • 华为ensp园区网络设计与实施

    华为ensp园区网络设计与实施

    目    录 1.企业背景 2.项目具体要求 3. 实验拓扑及规划 3.1 网络拓扑结构图 3.2 网络设备命名与设备连接表 3.3 IP地址规划 3.4 VLAN规划表 4. 开启telnet管理功能 4.1 开启路由器telnet: 4.2 开启交换机telnet: 5. 配置端口聚合 6. 配置网关冗余VRRP 6.1 配置VRRP与接口状态联动 7. 配置单臂

    2024年02月02日
    浏览(37)
  • hcia datacom课程学习(7):直连路由、静态路由

    hcia datacom课程学习(7):直连路由、静态路由

    直连路由 路由器接口上的网络(接口配置了IP地址并且开启) 静态路由 管理员手工添加的网络 动态路由 路由器之间动态学习形成的网络 每当给路由器的一个接口配置了ip,路由表中就会产生对应的直连路由 配置路由接口ip的命令: 命令可以简写,可以tab键补全,也可以一

    2024年04月27日
    浏览(48)
  • Linux云计算之网络基础9——园区网络架构项目

    Linux云计算之网络基础9——园区网络架构项目

    要求构建大型园区网络架构,方案如下: 园区A        园区c        公司B 要求: 1、A公司园区网络         一台汇聚层三层交换机,两台接入层二层交换机。 出口有一台路由器。 2、A园区有五台服务器。         分别为两台 WEB 服务器,域名为 www.ym1.com 和

    2024年04月13日
    浏览(55)
  • 华为HCIP—Datacom(821新增)

    华为HCIP—Datacom(821新增)

     1. 能够生成组播分发树的组播协议是?   A.IGMPv2 B.PIMv2 C.BGP   D.OSPF 答案:B 答案解析:PIM是专门用于在组播网络中,在单播路由的基础上,创建组播分发树的协议,所以选择“PIMv2”。 2.关于永久组播地址的描述,错误的是? A.所有运行OSPF协议的路由器都侦听224.0.0.5 B.网段

    2024年02月05日
    浏览(38)
  • 【华为Datacom 综合拓扑案例—分享篇】

    【华为Datacom 综合拓扑案例—分享篇】

    实验要求: 1、PC1PC2PC3PC4采用DHCP自动获取IP地址,SW5作为服务器,SW3和SW4作为中继 创建地址池ip pool huawei1和ip pool huawei2,租期都为2天 2、SW3与SW4做链路聚合,采用LACP模式。SW3作为主交换机,优先级为0 抢占延时时间为10秒 让G0/0/4接口成为非活跃链路,优先级为65000 3、在SW

    2024年02月13日
    浏览(30)
  • 园区参观路径 - 华为OD统一考试

    园区参观路径 - 华为OD统一考试

    OD统一考试(C卷) 分值: 100分 题解: Java / Python / C++ 园区某部门举办了Family Day,邀请员工及其家属参加; 将公司园区视为一个矩形,起始园区设置在左上角,终点园区设置在右下角; 家属参观园区时,只能向右和向下园区前进,求从起始园区到终点园区会有多少条。 输入

    2024年01月20日
    浏览(35)

  • 华为HCIP-DATACOM题库解析71-110(821)

    41.关于 OSPF 路由聚合的描述错误的是 A.OSPF 中任意一台路由器都可以进行路由聚合的操作 B.区域间路由聚合是指将相同前缀的路由信息聚合一起只发布一条路由到其他区域 C.OSPF 有两种路由聚合方式:ABR 聚合和 ASBR 聚合 D.通过路由聚合,可以减少路由信息,从而减少路由表的规

    2024年02月11日
    浏览(30)
  • 华为HCIP-DATACOM题库解析10-20(821)

    华为HCIP-DATACOM题库解析10-20(821)

    10.关于IGMP Snooping 工作机制地描述,正确的是 A.二层交换机通过不断监听IGMP报文,在二层建立和维护PIM路由表 B.在没有运行IGMP Snooping时,组播报文将在二层广播,运行IGMP Snooping后,报文将不再在二层广播,而是进行二层组播 C.如果主机发出IGMP离开报文时,交换机将该主机加

    2024年02月04日
    浏览(32)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包