企业网的规划与设计（eNSP）

linic811

已于 2022-06-15 19:06:27 修改

阅读量9.1k

点赞数 9

文章标签：网络网络协议

于 2022-06-15 18:48:54 首次发布

本文链接：https://blog.csdn.net/linic811/article/details/125302600

版权

本设计应用到的网络技术有：Vlan、链路聚合、VRRP+MSTP、VlanIf、DHCP、OSPF、NAT Service等，应用到的网络安全技术有：DHCP Snooping、ACL访问控制等.

整个网络拓扑图如下图所示：

网络架构采用的是熟知的三层架构：接入层、汇聚层、核心层.在这三层的基础上进行相应的网络技术拓展.

接入层的交换机分别命名为：JR-SW1——JR-SW5

汇聚层的交换机分别命名为：HJ-SW1——HJ-SW5

核心层的为：HX-SW1、HX-SW2

每一层进行不同的配置，下面核心代码的展示：

接入层交换机的部分代码展示：

#
sysname JR-SW1
#
vlan batch 10 20 30 40 50 100 200
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 10
#
interface Ethernet0/0/10
 port link-type trunk
 port trunk allow-pass vlan 10 100

汇聚层的部分代码展示：

#
sysname HJ-SW1
#
vlan batch 10 20 30 40 50 100 200
#
stp region-configuration
 region-name neibuwang
 revision-level 1
 instance 1 vlan 10 20 200 
 instance 2 vlan 30 40 50 
 active region-configuration
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 20 30 100
#
interface Ethernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 10 20 30 100
#
interface Ethernet0/0/10
 port link-type trunk
 port trunk allow-pass vlan 10 100

核心层交换机的代码展示：

#
sysname HX-SW1
#
vlan batch 10 20 30 40 50 100 200 300
#
stp instance 1 root primary
stp instance 2 root secondary
#
interface Vlanif10
 ip address 192.168.10.254 255.255.255.0 
 vrrp vrid 10 virtual-ip 192.168.10.1
 vrrp vrid 10 priority 105
 vrrp vrid 10 track interface GigabitEthernet0/0/1
 vrrp vrid 10 track bfd-session session-name 1
 dhcp select relay
 dhcp relay server-ip 192.168.200.3
#
interface Vlanif20
 ip address 192.168.20.254 255.255.255.0 
 vrrp vrid 20 virtual-ip 192.168.20.1
 vrrp vrid 20 priority 105
 vrrp vrid 20 track interface GigabitEthernet0/0/2
 vrrp vrid 20 track bfd-session session-name 1
 dhcp select relay
 dhcp relay server-ip 192.168.200.3
#
interface Vlanif30
 ip address 192.168.30.254 255.255.255.0 
 vrrp vrid 30 virtual-ip 192.168.30.1
 ospf cost 4
 dhcp select relay
 dhcp relay server-ip 192.168.200.3
#
interface Vlanif40
 ip address 192.168.40.254 255.255.255.0 
 vrrp vrid 40 virtual-ip 192.168.40.1
 ospf cost 4
 dhcp select relay
 dhcp relay server-ip 192.168.200.3
#
interface Vlanif50
 ip address 192.168.50.254 255.255.255.0 
 vrrp vrid 50 virtual-ip 192.168.50.1
 ospf cost 4
 dhcp select relay
 dhcp relay server-ip 192.168.200.3
#
interface Vlanif200
 ip address 192.168.200.254 255.255.255.0 
 vrrp vrid 200 virtual-ip 192.168.200.1
 vrrp vrid 200 priority 105
 vrrp vrid 200 track interface GigabitEthernet0/0/7
 vrrp vrid 200 track bfd-session session-name 1
#
interface Vlanif300
 ip address 192.168.12.2 255.255.255.0 
#
interface MEth0/0/1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 10 20 30 40 50 100 200
 mode lacp-static
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 100
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 20 100
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 30 100
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 40 100
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 50 100
#
interface GigabitEthernet0/0/6
 port link-type access
 port default vlan 300
#
interface GigabitEthernet0/0/7
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
interface GigabitEthernet0/0/10
 eth-trunk 1
#
interface GigabitEthernet0/0/11
 eth-trunk 1
#
bfd 1 bind peer-ip 192.168.12.1 source-ip 192.168.12.2 auto
 commit
#
ospf 1 
 area 0.0.0.0 
  network 192.168.10.0 0.0.0.255 
  network 192.168.20.0 0.0.0.255 
  network 192.168.30.0 0.0.0.255 
  network 192.168.40.0 0.0.0.255 
  network 192.168.50.0 0.0.0.255 
  network 192.168.200.0 0.0.0.255 
  network 192.168.12.0 0.0.0.255 
#
ip route-static 0.0.0.0 0.0.0.0 192.168.12.1
ip route-static 0.0.0.0 0.0.0.0 192.168.23.1 preference 65

路由器R1的部分代码配置：

#
 sysname R1
#
bfd
#
acl number 2000  
 rule 5 permit 
 rule 10 permit source 192.168.0.0 0.0.255.255 
acl number 2001  
 rule 5 permit source 192.168.0.0 0.0.255.255 
#
acl number 3005  
 rule 5 permit ip source 192.168.20.0 0.0.0.255 destination 192.168.0.0 0.0.255.255 
 rule 10 deny ip source 192.168.20.0 0.0.0.255 
#
interface Dialer1
 link-protocol ppp
 ppp pap local-user 2022 password simple 20220620
 mtu 1492
 ip address ppp-negotiate
 dialer user 2022
 dialer bundle 2
 nat outbound 2001
#
interface GigabitEthernet0/0/0
 ip address 192.168.12.1 255.255.255.0 
 traffic-filter inbound acl 3005
#
interface GigabitEthernet0/0/1
 ip address 192.168.23.1 255.255.255.0 
 traffic-filter inbound acl 3005
#
interface GigabitEthernet0/0/2
 ip address 14.1.1.1 255.255.255.0 
#
interface GigabitEthernet2/0/0
 ip address 15.1.1.1 255.255.255.0 
#
interface GigabitEthernet3/0/0
 pppoe-client dial-bundle-number 2 
#
interface GigabitEthernet4/0/0
 ip address 13.1.1.1 255.255.255.0 
 nat server protocol tcp global current-interface www inside 192.168.200.2 www
 nat outbound 2000
#
interface NULL0
#
bfd 1 bind peer-ip 192.168.12.2 source-ip 192.168.12.1 auto
 commit
#
bfd 2 bind peer-ip 192.168.23.2 source-ip 192.168.23.1 auto
 commit
#
ospf 1 
 area 0.0.0.0 
  network 14.1.1.0 0.0.0.255 
  network 15.1.1.0 0.0.0.255 
  network 192.168.12.0 0.0.0.255 
  network 192.168.23.0 0.0.0.255 
#
ip route-static 0.0.0.0 0.0.0.0 13.1.1.2
ip route-static 0.0.0.0 0.0.0.0 Dialer1 preference 86