1. 全栈程序员必看首页

校园网络拓扑图及配置_校园网防火墙

全栈程序员-用户IM 未分类

校园网络拓扑图及配置_校园网防火墙该设计topo图(三层:核心、汇聚、接入),并加所有的配置命令。文章中的综合运用设计技术的单个技术如vlan划分、静态路由、OSPF、单臂路由(trunk/access)、DHCP、无线WLAN、Snooping、MSTP、VRRP、防火墙、DNSserver、ACL等。该topo适合了解并熟知单个组网技术的小伙伴,并想学习将单个技术组合应用的小伙伴,使用场景适用于毕业设计、校园网络规划、企业网络规划等场合………………………

大家好,又见面了,我是你们的朋友全栈君。如果您正在找激活码,请点击查看最新教程,关注关注公众号 “全栈程序员社区” 获取激活教程,可能之前旧版本教程已经失效.最新Idea2022.1教程亲测有效,一键激活。

Jetbrains全系列IDE稳定放心使用


作者:BSXY_19计科_陈永跃


BSXY_信息学院


注:未经允许禁止转发任何内容

基于eNSP加防火墙的千人中型校园/企业网络规划与设计

前言及资源下载说明( 未经允许禁止转发任何内容

有什么问题可以在评论区说明自己遇到的情况,博主看到会第一时间回复,希望其他人也可以回复别人的问题,
可根据以下所提供的设计与实现步骤过程一步一步自行实现(每一条命令都是关键的命令);但是如果有需要的也可以根据以下地址进行下载完整的topo图和完整的配置进行参考与借鉴,如若拿到topo图可多display查看配置,查看相应的命令,配套资源连接如下:

基于eNSP加防火墙的千人中型校园/企业网络规划与设计topo图(有线+无线).rar + 所有配置命令(order.txt)

(注:order.txt, 以下加红色标记及注释的图片 是为了照顾一下拿到topo及配置不display查看topo配置的人加的(当然以上基于eNSP加防火墙的千人中型校园/企业网络规划与设计topo图及其配置是全的))在这里插入图片描述

一、设计topo图与设计要求(15个要求)

拓扑图1:
请添加图片描述
拓扑图2:
请添加图片描述
设计要求:

01、完成服务器、防火墙、路由器等接口地址的配置
02、配置Eth-Trunk 链路捆绑实现链路冗余
03、企业内部划分多个vlan,减小广播域大小,提高网络的可靠性
04、配置MSTP+VRRP实现流量负载分担,同时实现冗余,并配置相应的stp优化技术stp收敛,减少stp震荡
05、所有用户均为自动获取IP地址
06、配置相应的DHCP snooping隔绝非法DHCP server
07、配置OSPF和静态路由实现三层路由互通
08、防火墙配置安全策略,放行内网区域到dmz区的流量
09、防火墙配置NAT策略和安全策略,使得用户可以访问外网百度
10、防火墙配置服务器映射和安全策略,允许外网用户Client通过公网地址100.100.100.100访问web服务器
11、防火墙配置相应策略,允许外网用户Client通过公网http://100.100.100.100访问登录web服务器
12、用户能够通过域名(www.baidu.com)访问外网百度
13、内部财务服务器只允许vlan 50用户访问
14、LSW1-LSW12交换机都能被telnet(huawei 5555)
15、无线WLAN配置,且业务vlan 101 102也可以通过域名(www.baidu.com)访问外网百度

二、改造前topo无防火墙(插曲:可看可不看)

插曲部分:改造前的冗余型的网络设计,改造前基于eNSP的千人规模 冗余型 中型校园/企业网络设计与规划 如下图所示(但是并不在该篇文章中做详细介绍和说明,如查看可点击连接自行查看阅读):

请添加图片描述请添加图片描述

三、配置全过程

1、VLAN Trunk配置

	HX_SW1:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname HX_SW1
[HX_SW1]int Eth-Trunk 1
[HX_SW1-Eth-Trunk1]mode lacp-static 
[HX_SW1-Eth-Trunk1]trunkport  g0/0/7
[HX_SW1-Eth-Trunk1]trunkport g0/0/8
[HX_SW1-Eth-Trunk1]q
------------------------------------ 
HX_SW2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname HX_SW2
[HX_SW2]int Eth-Trunk 1
[HX_SW2-Eth-Trunk1]mode lacp-static 
[HX_SW2-Eth-Trunk1]trunkport g0/0/7
[HX_SW2-Eth-Trunk1]trunkport g0/0/8
[HX_SW2-Eth-Trunk1]q
------------------------------------
HJ_SW4:
<Huawei>sy
[Huawei]sysname HJ_SW4
[HJ_SW4]int Eth-Trunk 2
[HJ_SW4-Eth-Trunk2]mode lacp-static 	
[HJ_SW4-Eth-Trunk2]trunkport g0/0/4
[HJ_SW4-Eth-Trunk2]trunkport g0/0/5
[HJ_SW4-Eth-Trunk2]q
------------------------------------
JR_SW9:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname JR_SW9
[JR_SW9]int Eth-Trunk 2	
[JR_SW9-Eth-Trunk2]mode lacp-static 
[JR_SW9-Eth-Trunk2]trunkport g0/0/4
[JR_SW9-Eth-Trunk2]trunkport g0/0/5
[JR_SW9-Eth-Trunk2]dis eth-trunk//查看eth-trunk的配置

在这里插入图片描述

2、VLAN底层配置

	JR_SW6:
<Huawei>SY
[Huawei]un in en	
[Huawei]sysname JR_SW6
[JR_SW6]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW6]int g0/0/1
[JR_SW6-GigabitEthernet0/0/1]port link-type trunk 
[JR_SW6-GigabitEthernet0/0/1]port trunk allow-pass vlan 20 30 900
[JR_SW6-GigabitEthernet0/0/1]int g0/0/2
[JR_SW6-GigabitEthernet0/0/2]port link-type access 
[JR_SW6-GigabitEthernet0/0/2]port default vlan 20
[JR_SW6-GigabitEthernet0/0/2]int g0/0/3
[JR_SW6-GigabitEthernet0/0/3]port link-type access 	
[JR_SW6-GigabitEthernet0/0/3]port default vlan 30
[JR_SW6-GigabitEthernet0/0/3]
------------------------------------
JR_SW7:
<Huawei>SYS
[Huawei]un in en
[Huawei]sysname JR_SW7
[JR_SW7]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW7]int g0/0/1
[JR_SW7-GigabitEthernet0/0/1]port link-type trunk 
[JR_SW7-GigabitEthernet0/0/1]port trunk allow-pass vlan 40 900
[JR_SW7-GigabitEthernet0/0/1]int g0/0/2
[JR_SW7-GigabitEthernet0/0/2]port link-type access 
[JR_SW7-GigabitEthernet0/0/2]port default vlan 40
[JR_SW7-GigabitEthernet0/0/2]qui
------------------------------------
HJ_SW3:
<Huawei>system-view 
[Huawei]un in en
[Huawei]sysname HJ_SW3
[HJ_SW3]vlan batch 20 30 40 50 60 70 80 200 900
[HJ_SW3]int g0/0/1
[HJ_SW3-GigabitEthernet0/0/1]port link-type trunk 
[HJ_SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 20 30 40 900
[HJ_SW3-GigabitEthernet0/0/1]int g0/0/2
[HJ_SW3-GigabitEthernet0/0/2]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 20 30 40 900
[HJ_SW3-GigabitEthernet0/0/2]int g0/0/3
[HJ_SW3-GigabitEthernet0/0/3]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/3]port trunk allow-pass vlan 20 30 900
[HJ_SW3-GigabitEthernet0/0/3]int g0/0/4
[HJ_SW3-GigabitEthernet0/0/4]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/4]port trunk allow-pass vlan 40 900
------------------------------------
JR_SW8:
<Huawei>SYS
[Huawei]sys	
[Huawei]sysname JR_SW8
[JR_SW8]vlan batch 20 30 40 50 60 70 80  200 900
[JR_SW8]int g0/0/1
[JR_SW8-GigabitEthernet0/0/1]port link-type trunk 
[JR_SW8-GigabitEthernet0/0/1]port trunk allow-pass vlan 50 900
[JR_SW8-GigabitEthernet0/0/1]int g0/0/2
[JR_SW8-GigabitEthernet0/0/2]port link-type access 
[JR_SW8-GigabitEthernet0/0/2]port default vlan 50
------------------------------------
JR_SW9:
<JR_SW9>SYS
[JR_SW9]vlan batch 20 30 40 50 60 70 80  200 900
[JR_SW9]int g0/0/3
[JR_SW9-GigabitEthernet0/0/3]port link-type access 
[JR_SW9-GigabitEthernet0/0/3]port default vlan 60	
[JR_SW9-GigabitEthernet0/0/3]qui
[JR_SW9]int Eth-Trunk 2
[JR_SW9-Eth-Trunk2]port link-type trunk 
[JR_SW9-Eth-Trunk2]port trunk allow-pass vlan 60 900
[JR_SW9-Eth-Trunk2]qui
------------------------------------
HJ_SW4:
<HJ_SW4>sys
[HJ_SW4]vlan batch 20 30 40 50 60 70 80  200 900
[HJ_SW4]int g0/0/1	
[HJ_SW4-GigabitEthernet0/0/1]port link-type trunk 
[HJ_SW4-GigabitEthernet0/0/1]port trunk allow-pass vlan 50 60 900
[HJ_SW4-GigabitEthernet0/0/1]int g0/0/2
[HJ_SW4-GigabitEthernet0/0/2]port link-type trunk
[HJ_SW4-GigabitEthernet0/0/2]port trunk allow-pass vlan 50 60 900
[HJ_SW4-GigabitEthernet0/0/2]int g0/0/3
[HJ_SW4-GigabitEthernet0/0/3]port link-type trunk
[HJ_SW4-GigabitEthernet0/0/3]port trunk allow-pass vlan 50 900
[HJ_SW4-GigabitEthernet0/0/3]qui
[HJ_SW4]int Eth-Trunk 2
[HJ_SW4-Eth-Trunk2]port link-type trunk 
[HJ_SW4-Eth-Trunk2]port trunk allow-pass vlan 60 900
[HJ_SW4-Eth-Trunk2]qui
[HJ_SW4]
------------------------------------
JR_SW10:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname JR_SW10
[JR_SW10]vlan batch 20 30 40 50 60 70 80  200 900
[JR_SW10]int g0/0/1
[JR_SW10-GigabitEthernet0/0/1]port link-type trunk 
[JR_SW10-GigabitEthernet0/0/1]port trunk allow-pass vlan 70 900
[JR_SW10-GigabitEthernet0/0/1]int g0/0/2
[JR_SW10-GigabitEthernet0/0/2]port link-type access 
[JR_SW10-GigabitEthernet0/0/2]port default vlan 70
[JR_SW10-GigabitEthernet0/0/2]qui
------------------------------------
JR_SW11:
<JR_SW11>sys
[JR_SW11]vlan batch 20 30 40 50 60 70 80  200 900
[JR_SW11]int g0/0/1
[JR_SW11-GigabitEthernet0/0/1]port link-type trunk 
[JR_SW11-GigabitEthernet0/0/1]port trunk allow-pass vlan 80 900
[JR_SW11-GigabitEthernet0/0/1]int g0/0/2
[JR_SW11-GigabitEthernet0/0/2]port link-type access 
[JR_SW11-GigabitEthernet0/0/2]port default vlan 80
[JR_SW11-GigabitEthernet0/0/2]int g0/0/3
[JR_SW11-GigabitEthernet0/0/3]port link-type access
[JR_SW11-GigabitEthernet0/0/3]port default vlan 80
------------------------------------
HJ_SW5:
<Huawei>system-view
[Huawei]un in en
[Huawei]sysname HJ_SW5
[HJ_SW5]vlan batch 20 30 40 50 60 70 80  200 900
[HJ_SW5]int g0/0/1
[HJ_SW5-GigabitEthernet0/0/1]port link-type trunk 
[HJ_SW5-GigabitEthernet0/0/1]port trunk allow-pass vlan 70 80 900
[HJ_SW5-GigabitEthernet0/0/1]int g0/0/2
[HJ_SW5-GigabitEthernet0/0/2]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/2]port trunk allow-pass vlan 70 80 900
[HJ_SW5-GigabitEthernet0/0/2]int g0/0/3
[HJ_SW5-GigabitEthernet0/0/3]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/3]port trunk allow-pass vlan 70 900
[HJ_SW5-GigabitEthernet0/0/3]int g0/0/4
[HJ_SW5-GigabitEthernet0/0/4]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/4]port trunk allow-pass vlan 80 900
[HJ_SW5-GigabitEthernet0/0/4]qui
------------------------------------
JR_SW12:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname JR_SW12
[JR_SW12]vlan batch 20 30 40 50 60 70 80  200 900
[JR_SW12]int g0/0/1
[JR_SW12-GigabitEthernet0/0/1]port link-type trunk 
[JR_SW12-GigabitEthernet0/0/1]port trunk allow-pass vlan 200 900
[JR_SW12-GigabitEthernet0/0/1]int g0/0/2
[JR_SW12-GigabitEthernet0/0/2]port link-type trunk
[JR_SW12-GigabitEthernet0/0/2]port trunk allow-pass vlan 200 900
[JR_SW12-GigabitEthernet0/0/2]int g0/0/3
[JR_SW12-GigabitEthernet0/0/3]port link-type access 
[JR_SW12-GigabitEthernet0/0/3]port default vlan 200
[JR_SW12-GigabitEthernet0/0/3]int g0/0/4
[JR_SW12-GigabitEthernet0/0/4]port link-type access
[JR_SW12-GigabitEthernet0/0/4]port default vlan 200
[JR_SW12-GigabitEthernet0/0/4]qui
------------------------------------
XH_SW1:
<HX_SW1>SY
[HX_SW1]vlan batch 20 30 40 50 60 70 80 200 900 10
[HX_SW1]vlan batch 4
[HX_SW1]int g0/0/6
[HX_SW1-GigabitEthernet0/0/6]port link-type trunk 
[HX_SW1-GigabitEthernet0/0/6]port trunk  allow-pass vlan 200 900
[HX_SW1-GigabitEthernet0/0/6]int g0/0/1
[HX_SW1-GigabitEthernet0/0/1]port link-type access 
[HX_SW1-GigabitEthernet0/0/1]port default vlan 10
[HX_SW1-GigabitEthernet0/0/1]int g0/0/2
[HX_SW1-GigabitEthernet0/0/2]port link-type access
[HX_SW1-GigabitEthernet0/0/2]port default vlan 4
[HX_SW1-GigabitEthernet0/0/2]int g0/0/3
[HX_SW1-GigabitEthernet0/0/3]port link-type trunk 
[HX_SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 20 30 40 900
[HX_SW1-GigabitEthernet0/0/3]int g0/0/4
[HX_SW1-GigabitEthernet0/0/4]port link-type trunk 
[HX_SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 50 60 900
[HX_SW1-GigabitEthernet0/0/4]int g0/0/5
[HX_SW1-GigabitEthernet0/0/5]port link-type trunk
[HX_SW1-GigabitEthernet0/0/5]port trunk allow-pass vlan 70 80 900
[HX_SW1-GigabitEthernet0/0/5]qui
[HX_SW1]int Eth-Trunk 1
[HX_SW1-Eth-Trunk1]port link-type trunk 
[HX_SW1-Eth-Trunk1]port trunk allow-pass vlan 20 30 40 50 60 70 80 200 900
[HX_SW1-Eth-Trunk1]dis this
[HX_SW1-Eth-Trunk1]
------------------------------------
HX_SW2:
<HX_SW2>sys
[HX_SW2]vlan batch 20 30 40 50 60 70 80 200 900
[HX_SW2]vlan batch 2 5
[HX_SW2]int g0/0/1
[HX_SW2-GigabitEthernet0/0/1]port link-type access 
[HX_SW2-GigabitEthernet0/0/1]port default vlan 2
[HX_SW2-GigabitEthernet0/0/1]int g0/0/2
[HX_SW2-GigabitEthernet0/0/2]port link-type access 
[HX_SW2-GigabitEthernet0/0/2]port default vlan 5
[HX_SW2-GigabitEthernet0/0/2]int g0/0/3	
[HX_SW2-GigabitEthernet0/0/3]port link-type trunk 
[HX_SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 20 30 40 900
[HX_SW2-GigabitEthernet0/0/3]int g0/0/4
[HX_SW2-GigabitEthernet0/0/4]port link-type trunk
[HX_SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 50 60 900
[HX_SW2-GigabitEthernet0/0/4]int g0/0/5
[HX_SW2-GigabitEthernet0/0/5]port link-type trunk
[HX_SW2-GigabitEthernet0/0/5]port trunk allow-pass vlan 70 80 900
[HX_SW2-GigabitEthernet0/0/5]int g0/0/6
[HX_SW2-GigabitEthernet0/0/6]port link-type trunk
[HX_SW2-GigabitEthernet0/0/6]port trunk allow-pass vlan 200 900
[HX_SW2-GigabitEthernet0/0/6]qui
[HX_SW2]int Eth-Trunk 1
[HX_SW2-Eth-Trunk1]port link-type trunk 
[HX_SW2-Eth-Trunk1]port trunk allow-pass vlan 20 30 40 50 60 70 80 200 900
[HX_SW2-Eth-Trunk1]dis this

3、MSTP配置

	HX_SW1:
<HX_SW1>sy
[HX_SW1]stp region-configuration 
[HX_SW1-mst-region]instance 1 vlan 20 30 40 200
[HX_SW1-mst-region]region-name aa
[HX_SW1-mst-region]revision-level 1
[HX_SW1-mst-region]instance 2 vlan 50 60 70 80
[HX_SW1-mst-region]active region-configuration 
[HX_SW1-mst-region]dis this
/*#所有汇聚层交换机和服务器组交换机都需要配置以下命令 stp region-configuration region-name aa revision-level 1 instance 1 vlan 20 30 40 50 60 200 instance 2 vlan 70 80 active region-configuration #*/
[HX_SW1-mst-region]qui
[HX_SW1]stp instance 1 root primary 
[HX_SW1]stp instance 2 root secondary 
[HX_SW1]dis this //查看配置
------------------------------------
HX_SW2:
<HX_SW2>sys
[HX_SW2]stp region-configuration 
[HX_SW2-mst-region]region-name aa
[HX_SW2-mst-region]revision-level 1 
[HX_SW2-mst-region]instance 1 vlan 20 30 40  200
[HX_SW2-mst-region]instance 2 vlan 50 60 70 80 
[HX_SW2-mst-region]active region-configuration 
[HX_SW2-mst-region]qui
[HX_SW2]stp instance 2 root primary
[HX_SW2]stp instance 1 root secondary 
[HX_SW2]dis this
------------------------------------
JR_SW12:
<JR_SW12>sy
[JR_SW12]stp region-configuration
[JR_SW12-mst-region]region-name aa
[JR_SW12-mst-region]revision-level 1
[JR_SW12-mst-region]instance 1 vlan 20 30 40 200
[JR_SW12-mst-region]instance 2 vlan 50 60 70 80
[JR_SW12-mst-region]active region-configuration
[JR_SW12-mst-region]qui
------------------------------------
HJ_SW3:
[HJ_SW3]stp region-configuration
[HJ_SW3-mst-region]region-name aa
[HJ_SW3-mst-region]revision-level 1
[HJ_SW3-mst-region]instance 1 vlan 20 30 40 200
[HJ_SW3-mst-region]instance 2 vlan 50 60 70 80
[HJ_SW3-mst-region]active region-configuration
[HJ_SW3-mst-region]qui
[HJ_SW3]dis stp br
/* MSTID Port Role STP State Protection 0 GigabitEthernet0/0/1 ROOT FORWARDING NONE 0 GigabitEthernet0/0/2 ALTE DISCARDING NONE 发现这是g0/0/2处于堵塞状态即可 */
------------------------------------
HJ_SW4:
<HJ_SW4>sy
[HJ_SW4]stp region-configuration
[HJ_SW4-mst-region]region-name aa
[HJ_SW4-mst-region]revision-level 1
[HJ_SW4-mst-region]instance 1 vlan 20 30 40 200
[HJ_SW4-mst-region]instance 2 vlan 50 60 70 80
[HJ_SW4-mst-region]active region-configuration
[HJ_SW4-mst-region]qui
[HJ_SW4]dis stp br
/* MSTID Port Role STP State Protection 2 GigabitEthernet0/0/1 ALTE DISCARDING NONE 2 GigabitEthernet0/0/2 ROOT FORWARDING NONE 此时g0/0/1堵塞即可*/
------------------------------------
HJ_SW5:
[HJ_SW5]stp region-configuration
[HJ_SW5-mst-region] region-name aa
[HJ_SW5-mst-region] revision-level 1
[HJ_SW5-mst-region] instance 1 vlan 20 30 40 200
[HJ_SW5-mst-region] instance 2 vlan 50 60 70 80
[HJ_SW5-mst-region] active region-configuration
[HJ_SW5-mst-region]qui
[HJ_SW5]dis stp br
/*MSTID Port Role STP State Protection 1 GigabitEthernet0/0/2 ALTE DISCARDING NONE 1 GigabitEthernet0/0/1 ROOT FORWARDING NONE 此时g0/0/1堵塞即可*/

4、VRRP网关冗余

	HX_SW1:
[HX_SW1]int vlan 20
[HX_SW1-Vlanif20]ip add 192.168.20.254 24
[HX_SW1-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.1
[HX_SW1-Vlanif20]vrrp vrid 20 priority 105
[HX_SW1-Vlanif20]dis this
[HX_SW1-Vlanif20]qui
[HX_SW1]int vlan 30
[HX_SW1-Vlanif30]ip add 192.168.30.254 24
[HX_SW1-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.1
[HX_SW1-Vlanif30]vrrp vrid 30 priority 105
[HX_SW1-Vlanif30]qui
[HX_SW1]int vlan 40
[HX_SW1-Vlanif40]ip add 192.168.40.254 24
[HX_SW1-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.1
[HX_SW1-Vlanif40]vrrp vrid 40 priority 105
[HX_SW1-Vlanif40]int vlan 50
[HX_SW1-Vlanif50]ip add 192.168.50.254 24
[HX_SW1-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.1
[HX_SW1-Vlanif50]int vlan 60
[HX_SW1-Vlanif60]ip add 192.168.60.254 24
[HX_SW1-Vlanif60]vrrp vrid 60 virtual-ip 192.168.60.1
[HX_SW1-Vlanif60]int vlan 200
[HX_SW1-Vlanif200]ip add 192.168.200.254 24
[HX_SW1-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1
[HX_SW1-Vlanif200]vrrp vrid 200 priority 105
[HX_SW1-Vlanif200]int vlan 70
[HX_SW1-Vlanif70]ip add 192.168.70.254 24
[HX_SW1-Vlanif70]vrrp vrid 70 virtual-ip 192.168.70.1
[HX_SW1-Vlanif70]int vlan 80
[HX_SW1-Vlanif80]ip add 192.168.80.254 24
[HX_SW1-Vlanif80]vrrp vrid 80 virtual-ip 192.168.80.1
[HX_SW1-Vlanif80]int vlan 10
[HX_SW1-Vlanif10]ip add 192.168.10.2 24
[HX_SW1-Vlanif10]int vlan 4
[HX_SW1-Vlanif4]ip add 192.168.4.1 24
[HX_SW1-Vlanif4]qui
[HX_SW1]
------------------------------------
HX_SW2
[HX_SW2]int vlan 70
[HX_SW2-Vlanif70]ip add 192.168.70.253 24
[HX_SW2-Vlanif70]vrrp vrid 70 virtual-ip 192.168.70.1
[HX_SW2-Vlanif70]vrrp vrid 70 priority 105
[HX_SW2-Vlanif70]int vlan 80
[HX_SW2-Vlanif80]ip add 192.168.80.253 24
[HX_SW2-Vlanif80]vrrp vrid 80 virtual-ip 192.168.80.1
[HX_SW2-Vlanif80]vrrp vrid 80 priority 105
[HX_SW2-Vlanif80]int vlan 200
[HX_SW2-Vlanif200]ip add 192.168.200.253 24
[HX_SW2-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1
[HX_SW2-Vlanif200]int vlan 20
[HX_SW2-Vlanif20]ip add 192.168.20.253 24
[HX_SW2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.1
[HX_SW2-Vlanif20]int vlan 30
[HX_SW2-Vlanif30]ip add 192.168.30.253 24
[HX_SW2-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.1
[HX_SW2-Vlanif30]int vlan 40
[HX_SW2-Vlanif40]ip add 192.168.40.253 24
[HX_SW2-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.1
[HX_SW2-Vlanif40]int vlan 50
[HX_SW2-Vlanif50]ip add 192.168.50.253 24
[HX_SW2-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.1
[HX_SW2-Vlanif50]vrrp vrid 50 priority 105
[HX_SW2-Vlanif50]int vlan 60
[HX_SW2-Vlanif60]ip add 192.168.60.253 24
[HX_SW2-Vlanif60]vrrp vrid 60 virtual-ip 192.168.60.1
[HX_SW2-Vlanif60]vrrp vrid 60 priority 105
[HX_SW2-Vlanif60]int vlan 2
[HX_SW2-Vlanif2]ip add 192.168.2.2 24
[HX_SW2-Vlanif2]int vlan 5
[HX_SW2-Vlanif5]ip add 192.168.5.1 24
[HX_SW2-Vlanif5]qui

5、验证VRRP网关冗余

[HX_SW1]dis vrrp br
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
20    Master       Vlanif20                 Normal   192.168.20.1   
30    Master       Vlanif30                 Normal   192.168.30.1   
40    Master       Vlanif40                 Normal   192.168.40.1   
50    Backup       Vlanif50                 Normal   192.168.50.1   
60    Backup       Vlanif60                 Normal   192.168.60.1   
70    Backup       Vlanif70                 Normal   192.168.70.1   
80    Backup       Vlanif80                 Normal   192.168.80.1   
200   Master       Vlanif200                Normal   192.168.200.1  
[HX_SW1]
------------------------------------
<HX_SW2>dis vrrp br
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
20    Backup       Vlanif20                 Normal   192.168.20.1   
30    Backup       Vlanif30                 Normal   192.168.30.1   
40    Backup       Vlanif40                 Normal   192.168.40.1   
50    Master       Vlanif50                 Normal   192.168.50.1   
60    Master       Vlanif60                 Normal   192.168.60.1   
70    Master       Vlanif70                 Normal   192.168.70.1   
80    Master       Vlanif80                 Normal   192.168.80.1   
200   Backup       Vlanif200                Normal   192.168.200.1  
<HX_SW2>

6、测试PC通网关

/*手动给PC配置IP地址访问网关,如给vlan3下的PC配置 IP:192.168.30.3 GW:192.168.30.1 测试访问网关,ping 192.168.30.1通了即可*/
/*手动给PC配置IP地址访问网关,如给vlan3下的PC配置 IP:192.168.70.7 GW:192.168.70.1 测试访问网关,ping 192.168.70.1通了即可*/

在这里插入图片描述

7、BFD路由联动

[HX_SW1]bfd
[HX_SW1-bfd]qui //进去再退出来即可
[HX_SW1]int vlan 20
[HX_SW1-Vlanif20]vrrp vrid 20 track interface g0/0/1
[HX_SW1-Vlanif20]vrrp vrid 20 track interface g0/0/2
[HX_SW1-Vlanif20]int vlan 30
[HX_SW1-Vlanif30]vrrp vrid 30 track interface g0/0/1
[HX_SW1-Vlanif30]vrrp vrid 30 track interface g0/0/2
[HX_SW1-Vlanif30]int vlan 40
[HX_SW1-Vlanif40]vrrp vrid 40 track interface g0/0/1
[HX_SW1-Vlanif40]vrrp vrid 40 track interface g0/0/2
[HX_SW1-Vlanif40]int vlan 50
[HX_SW1-Vlanif50]vrrp vrid 50 track interface g0/0/1
[HX_SW1-Vlanif50]vrrp vrid 50 track interface g0/0/2
[HX_SW1-Vlanif50]int vlan 60
[HX_SW1-Vlanif60]vrrp vrid 60 track interface g0/0/1
[HX_SW1-Vlanif60]vrrp vrid 60 track interface g0/0/2
[HX_SW1-Vlanif60]int vlan 70
[HX_SW1-Vlanif70]vrrp vrid 70 track interface g0/0/1
[HX_SW1-Vlanif70]vrrp vrid 70 track interface g0/0/2
[HX_SW1-Vlanif70]int vlan 80
[HX_SW1-Vlanif80]vrrp vrid 80 track interface g0/0/1
[HX_SW1-Vlanif80]vrrp vrid 80 track interface g0/0/2
[HX_SW1-Vlanif80]int vlan 200
[HX_SW1-Vlanif200]vrrp vrid 200 track interface g0/0/1
[HX_SW1-Vlanif200]vrrp vrid 200 track interface g0/0/2
[HX_SW1-Vlanif200]dis this
------------------------------------
HX_SW2:
[HX_SW1]bfd
qui 
int vlan 20
vrrp vrid 20 track interface g0/0/1
vrrp vrid 20 track interface g0/0/2
int vlan 30
vrrp vrid 30 track interface g0/0/1
vrrp vrid 30 track interface g0/0/2
int vlan 40
vrrp vrid 40 track interface g0/0/1
vrrp vrid 40 track interface g0/0/2
int vlan 50
vrrp vrid 50 track interface g0/0/1
vrrp vrid 50 track interface g0/0/2
int vlan 60
vrrp vrid 60 track interface g0/0/1
vrrp vrid 60 track interface g0/0/2
int vlan 70
vrrp vrid 70 track interface g0/0/1
vrrp vrid 70 track interface g0/0/2
int vlan 80
vrrp vrid 80 track interface g0/0/1
vrrp vrid 80 track interface g0/0/2
int vlan 200
vrrp vrid 200 track interface g0/0/1
vrrp vrid 200 track interface g0/0/2
[HX_SW1-Vlanif200]dis this

8、核心层路由器地址配置

	R1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.6.1 24
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 192.168.10.1 24
[R1-GigabitEthernet0/0/1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip add 192.168.2.1 24
[R1-GigabitEthernet0/0/2]int g4/0/0
[R1-GigabitEthernet4/0/0]ip add 192.168.3.1 24
[R1-GigabitEthernet4/0/0]qui
[R1]
------------------------------------
R2:
<Huawei>sys
[Huawei]un in en	
[Huawei]sysname R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 192.168.7.1 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 192.168.4.2 24
[R2-GigabitEthernet0/0/1]int g0/0/2
[R2-GigabitEthernet0/0/2]ip add 192.168.5.2 24
[R2-GigabitEthernet0/0/2]int g4/0/0
[R2-GigabitEthernet4/0/0]ip add 192.168.3.2 24
[R2-GigabitEthernet4/0/0]qui
[R2]

9、防火墙基本配置

IP地址配置和区域划分

<USG6000V1>sys
[USG6000V1]un in en
[USG6000V1]sysname FW
[FW]int g1/0/0
[FW-GigabitEthernet1/0/0]ip add 192.168.8.1 30
[FW-GigabitEthernet1/0/0]service-manage all permit
[FW-GigabitEthernet1/0/0]int g1/0/1
[FW-GigabitEthernet1/0/1]ip add 192.168.6.2 24
[FW-GigabitEthernet1/0/1]service-manage all permit
[FW-GigabitEthernet1/0/1]int g1/0/2
[FW-GigabitEthernet1/0/2]ip add 192.168.7.2 24
[FW-GigabitEthernet1/0/2]service-manage all permit
[FW-GigabitEthernet1/0/2]int g1/0/3
[FW-GigabitEthernet1/0/3]ip add 192.168.111.1 24
[FW-GigabitEthernet1/0/3]service-manage all permit
[FW-GigabitEthernet1/0/3]quit	
[FW]firewall zone untrust 
[FW-zone-untrust]add int g1/0/0
[FW-zone-untrust]qui
[FW]firewall zone dmz
[FW-zone-dmz]add int g1/0/3
[FW-zone-dmz]quit 
[FW]firewall zone trust 
[FW-zone-trust]add int g1/0/1
[FW-zone-trust]add int g1/0/2
[FW-zone-trust]qui

10、OSPF配置

	HX_SW1:
[HX_SW1]ospf 1
[HX_SW1-ospf-1]area 0
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.4.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.10.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.20.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.30.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.40.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.50.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.60.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.70.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.80.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.200.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]qui
[HX_SW1-ospf-1]qui
[HX_SW1]
------------------------------------
HX_SW2:
[HX_SW2]ospf 1
[HX_SW2-ospf-1]area 0
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.5.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.20.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.30.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.40.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.50.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.60.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.70.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.80.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.200.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.100.0 0.0.0.255//无线管理vlan
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.101.0 0.0.0.255//无线业务vlan
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.102.0 0.0.0.255//无线业务vlan
[HX_SW2-ospf-1-area-0.0.0.0]qui
[HX_SW2-ospf-1]qui
[HX_SW2]
------------------------------------
R1:
[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]net 192.168.10.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]net 192.168.3.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]qui
[R1-ospf-1]qui
[R1]
------------------------------------ 
R2:
[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]net 192.168.5.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]net 192.168.3.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]net 192.168.4.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]quit
[R2-ospf-1]quit
[R2]

11、防火墙策略配置

//放行trust->dmz流量
[FW]security-policy 
[FW-policy-security]rule name trust_to_dmz	
[FW-policy-security-rule-trust_to_dmz]source-zone trust 
[FW-policy-security-rule-trust_to_dmz]destination-zone dmz
[FW-policy-security-rule-trust_to_dmz]action permit 
[FW-policy-security-rule-trust_to_dmz]qui
[FW-policy-security]qui
//防火墙可以访问任何区域 
[FW]security-policy 
[FW-policy-security]rule name local_to_any	
[FW-policy-security-rule-local_to_any]source-zone local 
[FW-policy-security-rule-local_to_any]destination-zone any 
[FW-policy-security-rule-local_to_any]action permit 
[FW-policy-security-rule-local_to_any]qui
[FW-policy-security]qui
//trust->untrust
[FW]security-policy
[FW-policy-security]rule name trust_to_untrust
[FW-policy-security-rule-trust_to_untrust]source-zone trust
[FW-policy-security-rule-trust_to_untrust]destination-zone untrust
[FW-policy-security-rule-trust_to_untrust]action permit
[FW-policy-security-rule-trust_to_untrust]quit
[FW-policy-security]quit
[FW]nat-policy
[FW-policy-nat]rule name trust_nat_untrsut
[FW-policy-nat-rule-trust_nat_untrsut]source-zone trust
[FW-policy-nat-rule-trust_nat_untrsut]destination-zone untrust
[FW-policy-nat-rule-trust_nat_untrsut]action source-nat easy-ip 
[FW-policy-nat-rule-trust_nat_untrsut]dis this
[FW-policy-nat-rule-trust_nat_untrsut]quit
//untrust->dmz
[FW-policy-security]rule name untrust_to_dmz
[FW-policy-security-rule-untrust_to_dmz]source-zone untrust
[FW-policy-security-rule-untrust_to_dmz]destination-zone dmz
[FW-policy-security-rule-untrust_to_dmz]action permit
[FW-policy-security-rule-untrust_to_dmz]qui
//dmz->untrust
[FW-policy-security]rule name dmz_to_untrust	
[FW-policy-security-rule-dmz_to_untrust]source-zone dmz 
[FW-policy-security-rule-dmz_to_untrust]destination-zone untrust 	
[FW-policy-security-rule-dmz_to_untrust]action permit 
[FW-policy-security-rule-dmz_to_untrust]qui
[FW-policy-security]

12、外网路由器基本配置

	ISP_R:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname ISP_R
[ISP_R]int g0/0/1
[ISP_R-GigabitEthernet0/0/1]ip add 192.168.8.2 30
[ISP_R-GigabitEthernet0/0/1]int g0/0/0
[ISP_R-GigabitEthernet0/0/0]ip add 10.10.10.1 24
[ISP_R-GigabitEthernet0/0/0]qui
[ISP_R]
------------------------------------

13、静态路由配置

	FW:
[FW]ip route-static 0.0.0.0 0 192.168.8.2
[FW]ip route-static 192.168.0.0 255.255.0.0 192.168.6.1	//默认优先级为60,越小越优先
[FW]ip route-static 192.168.0.0 255.255.0.0 192.168.7.1 preference 70
------------------------------------ 
R1:
[R1]ip route-static 0.0.0.0 0.0.0.0 192.168.6.2
[R1]ip route-static 0.0.0.0 0 192.168.3.2 preference 70
------------------------------------ 
R2:
[R2]ip route-static 0.0.0.0 0 192.168.7.2
[R2]ip route-static 0.0.0.0 0 192.168.3.1 preference 70
------------------------------------ 
HX_SW1:
[HX_SW1]ip route-static 0.0.0.0 0.0.0.0 192.168.10.1
[HX_SW1]ip route-static 0.0.0.0 0.0.0.0 192.168.4.2 preference 70
------------------------------------ 
HX_SW2:
[HX_SW2]ip route-static 0.0.0.0 0.0.0.0 192.168.5.2
[HX_SW2]ip route-static 0.0.0.0 0.0.0.0 192.168.2.1 preference 70
------------------------------------ 
ISP:
[ISP]ip route-static 0.0.0.0 0.0.0.0 192.168.8.1

14、Server地址映射

[FW]nat server untrust_dmz zone untrust protocol icmp global 100.100.100.100 inside 192.168.111.2 no-reverse //让外网可以通过ping 100.100.100.100访问web服务器
[FW]nat server untust_dmz_web protocol tcp global 100.100.100.100 80 inside 192.168.111.2 80 no-reverse //让外网用户可以通过http://100.100.100.100 登录我们的web服务器

15、DHCP中继

	DHCP:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname DHCP
[DHCP]dhcp enable 
[DHCP]ip pool vlan20
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan20]network 192.168.20.0 mask 24
[DHCP-ip-pool-vlan20]gateway-list 192.168.20.1
[DHCP-ip-pool-vlan20]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan20]excluded-ip-address 192.168.20.250 192.168.20.254
[DHCP-ip-pool-vlan20]q
[DHCP]ip pool vlan30
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan30]gateway-list 192.168.30.1
[DHCP-ip-pool-vlan30]network 192.168.30.0 mask 255.255.255.0
[DHCP-ip-pool-vlan30]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan30]excluded-ip-address 192.168.30.250 192.168.30.254
[DHCP-ip-pool-vlan30]q
[DHCP]ip pool vlan40
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan40]gateway-list 192.168.40.1
[DHCP-ip-pool-vlan40]network 192.168.40.0 mask 255.255.255.0
[DHCP-ip-pool-vlan40]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan40]excluded-ip-address 192.168.40.250 192.168.40.254
[DHCP-ip-pool-vlan40]q
[DHCP]ip pool vlan50
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan50]gateway-list 192.168.50.1
[DHCP-ip-pool-vlan50]network 192.168.50.0 mask 255.255.255.0
[DHCP-ip-pool-vlan50]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan50]excluded-ip-address 192.168.50.250 192.168.50.254
[DHCP-ip-pool-vlan50]q
[DHCP]ip pool vlan60
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan60]network 192.168.60.0 mask 24
[DHCP-ip-pool-vlan60]gateway-list 192.168.60.1
[DHCP-ip-pool-vlan60]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan60]excluded-ip-address 192.168.60.250 192.168.60.254
[DHCP-ip-pool-vlan60]q
[DHCP]ip pool vlan70
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan70]gateway-list 192.168.70.1
[DHCP-ip-pool-vlan70]network 192.168.70.0 mask 255.255.255.0
[DHCP-ip-pool-vlan70]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan70]excluded-ip-address 192.168.70.250 192.168.70.254
[DHCP-ip-pool-vlan70]q
[DHCP]ip pool vlan80
Info: It's successful to create an IP address pool.
[DHCP-ip-pool-vlan80]gateway-list 192.168.80.1
[DHCP-ip-pool-vlan80]network 192.168.80.0 mask 255.255.255.0
[DHCP-ip-pool-vlan80]dns-list 192.168.111.3 8.8.8.8
[DHCP-ip-pool-vlan80]excluded-ip-address 192.168.80.250 192.168.80.254
[DHCP-ip-pool-vlan80]q
[DHCP]int g0/0/0
[DHCP-GigabitEthernet0/0/0]ip add 192.168.200.3 24
[DHCP-GigabitEthernet0/0/0]dhcp select global 
[DHCP-GigabitEthernet0/0/0]qui
------------------------------------
HX_SW1:
<HX_SW1>sy
[HX_SW1]dhcp enable 
[HX_SW1]int vlanif20
[HX_SW1-Vlanif20]dhcp select relay 
[HX_SW1-Vlanif20]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif20]int vlanif30
[HX_SW1-Vlanif30]dhcp select relay 	
[HX_SW1-Vlanif30]dhcp select relay 
[HX_SW1-Vlanif30]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif30]int vlanif40
[HX_SW1-Vlanif40]dhcp select relay 
[HX_SW1-Vlanif40]dhcp relay server-ip 192.168.200.3
............
...........
[HX_SW1]
------------------------------------
HX_SW2:
<HX_SW2>SYS
[HX_SW2]dhcp enable 
[HX_SW2]int vlanif20
[HX_SW2-Vlanif20]dhcp select relay 
[HX_SW2-Vlanif20]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif20]dis this
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.1
vrrp vrid 20 priority 105
vrrp vrid 20 track interface GigabitEthernet0/0/1
vrrp vrid 20 track interface GigabitEthernet0/0/2
dhcp select relay
dhcp relay server-ip 192.168.200.3
#
return
[HX_SW2-Vlanif20]int vlanif30
[HX_SW2-Vlanif30]dhcp select relay 
[HX_SW2-Vlanif30]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif30]int vlanif40
[HX_SW2-Vlanif40]dhcp select relay 
[HX_SW2-Vlanif40]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif40]int vlanif50
[HX_SW2-Vlanif50]dhcp select relay
[HX_SW2-Vlanif50]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif50]int vlanif60
[HX_SW2-Vlanif60]dhcp select relay 
[HX_SW2-Vlanif60]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif60]int vlanif70
[HX_SW2-Vlanif70]dhcp select relay 
[HX_SW2-Vlanif70]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif70]int vlanif80
[HX_SW2-Vlanif80]dhcp select relay 
[HX_SW2-Vlanif80]dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif80]

16、Snooping配置

	JR_SW6:
[JR_SW6]dhcp enable 	
[JR_SW6]dhcp snooping enable 
[JR_SW6]vlan 20
[JR_SW6-vlan20]dhcp snooping en
[JR_SW6-vlan20]vlan 30
[JR_SW6-vlan30]dhcp snooping enable 
[JR_SW6-vlan30]qui
[JR_SW6]int g0/0/1
[JR_SW6-GigabitEthernet0/0/1]dhcp snooping trusted 
[JR_SW6-GigabitEthernet0/0/1]dis this
------------------------------------
JR_SW7:
<JR_SW7>sys
[JR_SW7]dhcp enable 	
[JR_SW7]dhcp snooping enable 
[JR_SW7]vlan 40
[JR_SW7-vlan40]dhcp snooping enable 
[JR_SW7-vlan40]qui
[JR_SW7]int g0/0/1
[JR_SW7-GigabitEthernet0/0/1]dhcp snooping trusted 
[JR_SW7-GigabitEthernet0/0/1]qui   
------------------------------------
JR_SW8:------------------------------------
JR_SW9:

在这里插入图片描述
能获取得到地址即可,这里PC1获取得到的地址应该是30.254(配图只是为了演示)

16、Telnet远程配置

	HX_SW1:
[HX_SW1]aaa
[HX_SW1-aaa]local-user huawei privilege level 3 password cipher 5555
[HX_SW1-aaa]local-user huawei service-type telnet 
[HX_SW1-aaa]quit 
[HX_SW1]user-interface vty 0 4
[HX_SW1-ui-vty0-4]authentication-mode aaa
[HX_SW1-ui-vty0-4]protocol inbound telnet 
[HX_SW1-ui-vty0-4]qui
[HX_SW1]int vlanif 900
[HX_SW1-Vlanif900]ip add 192.168.255.254 24
[HX_SW1-Vlanif900]vrrp vrid 255 virtual-ip 192.168.255.1  
[HX_SW1-Vlanif900]dis this
#
interface Vlanif900
ip address 192.168.255.254 255.255.255.0
vrrp vrid 255 virtual-ip 192.168.255.1
#
return
[HX_SW1-Vlanif900]q
------------------------------------
HX_SW2:
[HX_SW2]aaa
[HX_SW2-aaa]local-user huawei privilege level 3 password cipher 5555
Info: Add a new user.
[HX_SW2-aaa]local-user huawei service-type telnet 
[HX_SW2-aaa]quit 
[HX_SW2]user-interface vty 0 4
[HX_SW2-ui-vty0-4]authentication-mode aaa
[HX_SW2-ui-vty0-4]protocol inbound telnet 
[HX_SW2-ui-vty0-4]qui
[HX_SW2]int vlanif 900
[HX_SW2-Vlanif900]ip add 192.168.255.253 24
[HX_SW2-Vlanif900]vrrp vrid 255 virtual-ip 192.168.255.1  
[HX_SW2-Vlanif900]dis this
#
interface Vlanif900
ip address 192.168.255.253 255.255.255.0
vrrp vrid 255 virtual-ip 192.168.255.1
#
return
[HX_SW2-Vlanif900]q
------------------------------------
HJ_SW3:
[HJ_SW3]aaa
[HJ_SW3-aaa]local-user huawei privilege level 3 password cipher 5555
[HJ_SW3-aaa]local-user huawei service-type telnet 
[HJ_SW3-aaa]quit 
[HJ_SW3]user-interface vty 0 4
[HJ_SW3-ui-vty0-4]authentication-mode aaa
[HJ_SW3-ui-vty0-4]protocol inbound telnet 
[HJ_SW3-ui-vty0-4]qui
[HJ_SW3]int vlanif 900
[HJ_SW3-Vlanif900]ip add 192.168.255.3 24
[HJ_SW3-Vlanif900]q
[HJ_SW3]ip route-static 0.0.0.0 0 192.168.255.1
[HJ_SW3]
HJ_SW4:
[HJ_SW4]aaa
[HJ_SW4-aaa]local-user huawei privilege level 3 password cipher 5555
[HJ_SW4-aaa]local-user huawei service-type telnet 
[HJ_SW4-aaa]quit 
[HJ_SW4]user-interface vty 0 4
[HJ_SW4-ui-vty0-4]authentication-mode aaa
[HJ_SW4-ui-vty0-4]protocol inbound telnet 
[HJ_SW4-ui-vty0-4]qui
[HJ_SW4]int vlanif 900
[HJ_SW4-Vlanif900]ip add 192.168.255.4 24
[HJ_SW4-Vlanif900]q
[HJ_SW4]ip route-static 0.0.0.0 0 192.168.255.1
[HJ_SW4]qui
/*...................剩余的交换机也是一样的配置SW1-SW12*/
//这个时候接可以telnet了192.168.255.3-8 254 253、和相应的路由器接口地址
/*<PC>telnet 192.168.255.7 Trying 192.168.255.7 ... Press CTRL+K to abort Connected to 192.168.255.7 ... Username:huawei Password:5555 Info: The max number of VTY users is 5, and the number of current VTY users on line is 1. The current login time is 2022-04-19 17:27:13. <JR_SW7>*/

17、ACL策略

[HX_SW1]acl 3001
[HX_SW1-acl-adv-3001]rule permit ip source 192.168.50.0 0.0.0.255 destination 192.168.200.2 0
[HX_SW1-acl-adv-3001]rule deny ip source any destination 192.168.200.2 0
[HX_SW1-acl-adv-3001]dis this
#
acl number 3001
rule 5 permit ip source 192.168.50.0 0.0.0.255 destination 192.168.200.2 0
rule 10 deny ip destination 192.168.200.2 0
#
return
[HX_SW1-acl-adv-3001]qui
[HX_SW1]int g0/0/6
[HX_SW1-GigabitEthernet0/0/6]traffic-filter outbound acl 3001
[HX_SW1-GigabitEthernet0/0/6]qui
------------------------------------
HX_SW2:
[HX_SW2]acl 3001	
[HX_SW2-acl-adv-3001]rule permit ip source 192.168.50.0 0.0.0.255 destination 192.168.200.2 0
[HX_SW2-acl-adv-3001]rule deny ip source any destination 192.168.200.2 0
[HX_SW2-acl-adv-3001]dis this
#
acl number 3001
rule 5 permit ip source 192.168.50.0 0.0.0.255 destination 192.168.200.2 0
rule 10 deny ip destination 192.168.200.2 0
#
return
[HX_SW2-acl-adv-3001]qui
[HX_SW2]
[HX_SW2]int g0/0/6
[HX_SW2-GigabitEthernet0/0/6]traffic-filter outbound acl 3001
[HX_SW2-GigabitEthernet0/0/6]qui

18、无线WLAN配置

请添加图片描述

	HX_SW2:
<HX_SW2>sy
[HX_SW2]vlan batch 100 101 102
[HX_SW2]int g0/0/9
[HX_SW2-GigabitEthernet0/0/9]port link-type trunk
[HX_SW2-GigabitEthernet0/0/9]port trunk allow-pass vlan all
[HX_SW2-GigabitEthernet0/0/9]int g0/0/3
[HX_SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 101 102
[HX_SW2-GigabitEthernet0/0/3]int g0/0/5
[HX_SW2-GigabitEthernet0/0/5]port trunk allow-pass vlan 100 101 102
[HX_SW2-GigabitEthernet0/0/5]qui
[HX_SW2]int vlan 100
[HX_SW2-Vlanif100]ip add 192.168.100.1 24
[HX_SW2-Vlanif100]int vlan 101
[HX_SW2-Vlanif101]ip add 192.168.101.1 24
[HX_SW2-Vlanif101]int vlan 102
[HX_SW2-Vlanif102]ip add 192.168.102.1 24
[HX_SW2-Vlanif102]qui
[HX_SW2]dhcp enable
[HX_SW2]ip pool ap_pool
Info:It's successful to create an IP address pool.
[HX_SW2-ip-pool-ap_pool]gateway-list 192.168.100.1
[HX_SW2-ip-pool-ap_pool]network 192.168.100.0 mask 24
[HX_SW2-ip-pool-ap_pool]excluded-ip-address 192.168.100.100
[HX_SW2-ip-pool-ap_pool]dns-list 192.168.111.3
[HX_SW2-ip-pool-ap_pool]qui
[HX_SW2]ip pool hua_1
Info:It's successful to create an IP address pool.
[HX_SW2-ip-pool-hua_1]gateway-list 192.168.101.1
[HX_SW2-ip-pool-hua_1]network 192.168.101.0 mask 24
[HX_SW2-ip-pool-hua_1]dns-list 192.168.111.3
[HX_SW2-ip-pool-hua_1]qui
[HX_SW2]ip pool hua_2
Info:It's successful to create an IP address pool.
[HX_SW2-ip-pool-hua_2]gateway-list 192.168.102.1
[HX_SW2-ip-pool-hua_2]network 192.168.102.0 mask 24
[HX_SW2-ip-pool-hua_2]dns-list 192.168.111.3
[HX_SW2-ip-pool-hua_2]qui
[HX_SW2]int vlan 100
[HX_SW2-Vlanif100]dhcp select global 
[HX_SW2-Vlanif100]int vlan 101
[HX_SW2-Vlanif101]dhcp select global
[HX_SW2-Vlanif101]int vlan 102
[HX_SW2-Vlanif102]dhcp select global
[HX_SW2-Vlanif102]qui
[HX_SW2]qui
<HX_SW2>save
-------------------------------------
HJ_SW3:
<HJ_SW3>sy
[HJ_SW3]vlan batch 100 101 102
[HJ_SW3]int g0/0/2
[HJ_SW3-GigabitEthernet0/0/2]port trunk allow-pass  vlan 100 101 102
[HJ_SW3-GigabitEthernet0/0/2]int g0/0/5
[HJ_SW3-GigabitEthernet0/0/5]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/5]port trunk pvid vlan 100
[HJ_SW3-GigabitEthernet0/0/5]port trunk allow-pass vlan 100 101
[HJ_SW3-GigabitEthernet0/0/5]qui
[HJ_SW3]qui
---------------------------------
HJ_SW5:
[HJ_SW5]vlan batch 100 101 102
[HJ_SW5]int g0/0/2
[HJ_SW5-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101 102
[HJ_SW5-GigabitEthernet0/0/2]int g0/0/5
[HJ_SW5-GigabitEthernet0/0/5]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/5]port trunk pvid vlan 100	
[HJ_SW5-GigabitEthernet0/0/5]port trunk allow-pass vlan 100 102
[HJ_SW5-GigabitEthernet0/0/5]qui
[HJ_SW5]qu
---------------------------------
AC:
<AC6605>sy
[AC6605]un in en
[AC6605]sysname AC1
[AC1]vlan batch 100 to 103
[AC1]int g0/0/1
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC1-GigabitEthernet0/0/1]qui
[AC1]int vlan 100
[AC1-Vlanif100]ip add 192.168.100.100 24
[AC1-Vlanif100]qui
[AC1]capwap source int vlanif100
[AC1]wlan
[AC1-wlan-view]ap-group name CYY
[AC1-wlan-ap-group-CYY]q
[AC1-wlan-view]regulatory-domain-profile name domain1
[AC1-wlan-regulate-domain-domain1]country-code cn
[AC1-wlan-regulate-domain-domain1]q
[AC1-wlan-view]ap-group name CYY
[AC1-wlan-ap-group-CYY]regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC1-wlan-ap-group-CYY]qui
[AC1-wlan-view]qui
[AC1]wlan
[AC1-wlan-view]ap-group name YYC
[AC1-wlan-ap-group-YYC]q
[AC1-wlan-view]regulatory-domain-profile name domain2
[AC1-wlan-regulate-domain-domain2]country-code cn
Info: The current country code is same with the input country code.
[AC1-wlan-regulate-domain-domain2]q
[AC1-wlan-view]ap-group name YYC
[AC1-wlan-ap-group-YYC]regulatory-domain-profile domain2
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC1-wlan-ap-group-YYC]qui
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-id 0 ap-mac 00e0-fc82-0a90
[AC1-wlan-ap-0]ap-name area_0
[AC1-wlan-ap-0]ap-group CYY
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
[AC1-wlan-ap-0]qui
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-id 1 ap-mac 00e0-fc2d-1bd0
[AC1-wlan-ap-1]ap-name area_1
[AC1-wlan-ap-1]ap-group YYC
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC1-wlan-ap-1]qui
[AC1-wlan-view]qui
[AC1]wlan
[AC1-wlan-view]security-profile name A
[AC1-wlan-sec-prof-A]security wpa2 psk pass-phrase a1234567 aes
[AC1-wlan-sec-prof-A]q
[AC1-wlan-view]security-profile name X
[AC1-wlan-sec-prof-X]security wpa2 psk pass-phrase huawei@123 aes
[AC1-wlan-sec-prof-X]qui
[AC1-wlan-view]ssid-profile name B
[AC1-wlan-ssid-prof-B]ssid CYY-CY
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-ssid-prof-B]q
[AC1-wlan-view]ssid-profile name Y
[AC1-wlan-ssid-prof-Y]ssid YYC-YC
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-ssid-prof-Y]q
[AC1-wlan-view]vap-profile name C
[AC1-wlan-vap-prof-C]forward-mode tunnel
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-C]service-vlan vlan-id 101
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-C]security-profile A
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-C]ssid-profile B
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-C]qui
[AC1-wlan-view]vap-profile name Z
[AC1-wlan-vap-prof-Z]forward-mode tunnel
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-Z]service-vlan vlan-id 102
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-Z]security-profile X
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-Z]ssid-profile Y
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-Z]qui
[AC1-wlan-view]ap-group name CYY
[AC1-wlan-ap-group-CYY]vap-profile C wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
[AC1-wlan-ap-group-CYY]vap-profile C wlan 1 radio 1
Info: This operation may take a few seconds, please wait...done.
[AC1-wlan-ap-group-CYY]qui
[AC1-wlan-view]ap-group name YYC
[AC1-wlan-ap-group-YYC]vap-profile Z wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
[AC1-wlan-ap-group-YYC]vap-profile Z wlan 1 radio 1
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/188754.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(0)
全栈程序员-用户IM全栈程序员-用户IM
0 0
blank

相关推荐

  • js垃圾处理机制_java中垃圾回收有什么目的

    js垃圾处理机制_java中垃圾回收有什么目的

    js垃圾处理机制_java中垃圾回收有什么目的文章目录前置知识堆栈栈堆执行上下文与作用域链执行上下文作用域链一、JavaScript中怎么被定义为垃圾使用局部变量使用对象概括二、两种回收策略标记清理引用计数概括三、什么时候执行垃圾回收关于ChromeV8引擎的GC分代回收指针与活跃对象的区分回收的执行周期四、内存问题五、Es6WeakMap参考文章前置知识堆栈栈什么是栈栈其实是一种数据结构,有着先进后出,后进先出的特性,用生活中的事物来理解最形象的就是汉诺塔了。我们在栈中存储的数据就像汉诺塔的盘子一样,最先放进去在最下面,最后放入的盘.

    全栈程序员-用户IM 全栈程序员-用户IM
    2022年10月9日
  • strsep的作用

    strsep的作用

    strsep的作用在下面这个code中通过strsep将p表示的字符串一“,”分开,例如12,34,56.会先返回12,然后是34,最后是56while((id=strsep(&p,”,”)))我们看看strsep的实现char*strsep(char**s,constchar*ct){   char*sbegin=*s;   char*end;  

    全栈程序员-用户IM 全栈程序员-用户IM
    2022年10月30日
  • C语言中setjmp()函数和longjmp()函数

    C语言中setjmp()函数和longjmp()函数

    C语言中setjmp()函数和longjmp()函数

    全栈程序员-用户IM 全栈程序员-用户IM
    2021年8月23日
  • NHibernate详解

    NHibernate详解

    NHibernate详解什么是NHibernate:       NHibernate是一个基于.Net的针对关系型数据库的对象持久化类库。Nhibernate来源于非常优秀的基于Java的Hibernate关系型持久化工具。NHibernate从数据库底层来持久化你的.Net对象到关系型数据库。NHibernate为你处理这些,远胜于你不得不写SQL去从数据库存取对象。你的代码仅仅和对象关联,N

    全栈程序员-用户IM 全栈程序员-用户IM
    2022年7月26日
  • activiti工作流开发_flowable工作流

    activiti工作流开发_flowable工作流

    activiti工作流开发_flowable工作流深入理解Activiti工作流Activiti作为一个流行的开源工作流引擎,正在不断发展,其6.0版本以API形式提供服务,而之前版本基本都是要求我们的应用以JDK方式与其交互,只能将其携带到我们的应用中,而API方式则可以服务器独立运行方式,能够形成一个专网内工作流引擎资源共享的方式。Activiti执行的BPMN2.0,这个规范中有几个要素见下图:其实最经常使用的是开始结束事件和任务,本文就以…

    全栈程序员-用户IM 全栈程序员-用户IM
    2022年10月6日
  • ubuntu强制修改密码_debian修改密码命令

    ubuntu强制修改密码_debian修改密码命令

    ubuntu强制修改密码_debian修改密码命令年底需要修改一次密码,修改的时候遇到了问题,无法修改密码,经过baidu、google,找到了可能引起的原因,成功修改密码。以下内容来自于网络。Authenticationtokenmanipulationerror发生该错误原因是:1、分区没有空间导致。2、/etc/passwd和/etc/shadow不同步但是这次上面两条却行不通,通过df查看根分区还有40%剩余。1、尝试修改密码,出…

    全栈程序员-用户IM 全栈程序员-用户IM
    2022年9月3日

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号