作者:BSXY_19计科_陈永跃
BSXY_信息学院
注:未经允许禁止转发任何内容
基于eNSP的高校/企业无线WLAN网络规划设计_综合实验/大作业
前言及技术/资源下载说明( 未经允许禁止转发任何内容 )
可根据以下所提供的设计与实现步骤过程一步一步自行实现(每一条命令都是关键的命令);但是如果有需要的也可以根据以下地址进行下载完整的topo图和完整的配置进行参考与借鉴**,如若拿到topo图可多display查看配置,查看相应的命令,配套资源获取如下,相应的内容如下图所示:
公众号(小猿网),回复“网络规划”即可
资源为收费资源,如不符合您的消费观,还请您见谅
(对应封面图及标题找到相应资源即可)
内容包含:
基于eNSP的高校/企业无线WLAN网络规划设
计-毕设或课设可参考一步步的所有配置命
令(ensp)+所有的配置命令+详细的地址规划
表+相应的测试文档和截图
由于公众号可能目前没有太大的曝光度,搜索时可能
不是置顶的公众号。这时可以多往下滑一下找到该公
众号,或者直接到文章结尾处获取公众号二维码即可
模拟器中防火墙用户名:admin 密码:admin@123
topo图也就是这样子的,相应的地址规划和路由规划大部分都在图中明确的标注了
该topo网络中用到的技术有vlan划分、eth-trunk链路捆绑、MSPT、VRRP、OSPF、ISIS、DHCP中继、无线WLAN、无线AC冗余、漫游、防火墙安全策略、NAT、ACL、双机热备等。该实验非常适合于想做有关无线WLAN毕设的小伙伴或想要练习无线综合实验的小伙伴。如果是对于想写无线WLAN方面的论文也比较好写。且对于毕设课设的小伙伴可以进行参考,进行自己的规划与设计。场景适用于毕业设计、校园网络规划、企业网络规划等场合,有什么问题可以在平台私信博主,博主看到都会第一时间回复的,最后说明该topo规划最后的作者权归于:BSXY_信息学院_19计科_陈永跃
一、设计topo图与设计要求
拓扑图1:
设计要求:
- 完成服务器、防火墙、路由器相应的接口地址的配置
- 核心交换机配置Eth-Trunk链路捆绑来提高链路的冗余
- 根据不同的地域划分多个不同的vlan,减小广播域大小,提高网络的可靠性和安全性
- 配置MSTP+VRRP,同时实现冗余,划分实例,让不同的vlan优先选择相应的交换机,并减少stp震荡
- 内网内运行OSPF路由
- 所有的AP和无线用户都能自动获取地址,且通过DHCP server分配
- 配置相应的安全策略并使得内网能访问外网
- 出口使用两台防火墙,且两台防火墙做双机热备
- 防火墙双机热备使用两个心跳线并做链路捆绑提高网络的可靠性
- 外网区域运行ISIS路由
- A B学院AP优先加入AC1,AC2作为备份;C D学院AP优先加入AC2,AC1作为备份,保证一个AP可由两个AC进行管理提高网络的可靠性
- 无线用户可以实现一个区域到另一个区域间的无线漫游
- 除vlan21用户外其余无线用户可以访问外网且可通过域名上网
- 配置ACL实现处于vlan21的用户不可以访问外网
- 路由从FW1出来的优先走YD_R1,DX_R2作为备份;路由从FW2出来的优先走DX_R2,YD_R1作为备份
二、相应地址规划表
地址规划表上传的时候有点模糊,这里没有做图片的一下优化处理,但是Excel里面的是可以编辑的或是可以更改的,像下图就比较清晰
三、基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)(可不看)
插曲部分:基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)) 如下图所示(但是并不在该篇文章中做详细介绍和说明,如查看可点击连接自行查看阅读):
设计要求:
- 完成服务器、防火墙、路由器相应的接口地址的配置
- 慧源楼配置Eth-Trunk链路捆绑来提高链路的冗余
- 根据不同的地域划分多个不同的vlan,减小广播域大小,提高网络的可靠性和安全性
- 在明诚楼配置MSTP+VRRP,同时实现冗余,划分实例,让不同的vlan优先选择相应的交换机,并减少stp震荡
- 明诚楼、慧源楼、德润楼的所有用户通过配置相应的DHCP中继能自动获取地址,且DHCP服务器为DHCPserver
- 配置相应的ospf,多区域区域0中OSPF激活MD5认证,SW1/SW2采用接口方式配置
- 区域0内的设备启用BFD快速检测链路故障
- 分校区用户也需要要自动获取地址,相应服务器为AR4,AR4配置相应的子接口为相应终端分配地址
- 配置端口安全,且接口能够自动学习MAC地址
- 配置端口隔离实现PC6,PC7同VLAN内不能互访
- 分校区/分部的无线用的地址和AP的地址都由SW8来分配
- FW2作为PPPoE客户端,AR5作为PPPoE服务端,进行相应的拨号上网
- R1,R2,R3部署ISIS Level-2,区域ID 49.0000
- 部署MPLS VPN,其中R1,R3作为PE设备,R2作为路由放射器
- FW1,FW2作为CE端与PE端建立eBGP邻居关系
- 运营商AS 100,总部/主校区在65430,分支都在AS65000
- FW1,FW2之间部署IPSec VPN 实现总部/主校区与分支之间通信
- 其中总部和分支之间通信优先使用MPLS VPN若MPLS VPN故障使用IPSec VPN实现通信
- 若FW1中NQA检测10.1.5.5不可达则停止下发缺省到内网
- NAT配置总部/主校区用户方位外网用地址池10.1.22.100~10.1.22.110
- 分支用户访问外网采用EASY-IP实现
- 外网用户访问内网WEB服务——用100.100.100.100来做相应的地址映射
- 财务部服务器只能由内网的vlan 10用户访问
- 配置DHCP Snooping防止DHCP欺骗与非法dhcp服务器的接入
- 内部的所有交换机都可以被telnet进行远程管理
- 主校区/总部用户可以通过域名(www.baidu.com)访问外网百度,无线用户也可以
- ipv6中对于AS100内互联地址采用link-local地址
- R1,R2,R3的lo0地址2001:10:1:X::X/128
- 激活ISISv6,并保障v4与v6的拓扑分离
- SW1 SW2新增Lo0接口地址为2001:192:168:X::X/128
- FW1,SW1,SW2部署OSPFv3区域0,其中互联地址采用Link-local地址
- 分支FW2与AR4部署OSPFv3,互联地址采用link-local地址
- FW1,FW2利用MPLS VPN网络建立6to4隧道
- 对于6to4隧道基础上部署BGP4+,实现总部与分支的IPv6互通
四、该网络规划全过程(顺着一步一步走)
1、eth-trunk
HX_SW1:
sys
un in en
sysname HX_SW1
int eth-trunk 1
mode lacp-static
trunkport g0/0/24
trunkport g0/0/23
qui
---------------------------
HX_SW2:
sys
un in en
sysname HX_SW2
int eth-trunk 1
mode lacp-static
trunkport g0/0/24
trunkport g0/0/23
qui
2、vlan划分
HJ_SW3:
sys
un in en
sysname HJ_SW3
vlan batch 10 11 20 21
int g0/0/1
port link-type trunk
port trunk allow-pass vlan 10 11 20 21
int g0/0/2
port link-type trunk
port trunk allow-pass vlan 10 11 20 21
int g0/0/3
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 11
int g0/0/4
port link-type trunk
port trunk pvid vlan 20
port trunk allow-pass vlan 20 21
qui
---------------------------
HJ_SW4:
sys
un in en
sysname HJ_SW4
vlan batch 30 31 40 41
int g0/0/1
port link-type trunk
port trunk allow-pass vlan 30 31 40 41
int g0/0/2
port link-type trunk
port trunk allow-pass vlan 30 31 40 41
int g0/0/3
port link-type trunk
port trunk pvid vlan 30
port trunk allow-pass vlan 30 31
int g0/0/4
port link-type trunk
port trunk pvid vlan 40
port trunk allow-pass vlan 40 41
qui
---------------------------
HJ_SW5:
sys
un in en
sysname HJ_SW5
vlan batch 50 51 60 61
int g0/0/1
port link-type trunk
port trunk allow-pass vlan 50 51 60 61
int g0/0/2
port link-type trunk
port trunk allow-pass vlan 50 51 60 61
int g0/0/3
port link-type trunk
port trunk pvid vlan 50
port trunk allow-pass vlan 50 51
int g0/0/4
port link-type trunk
port trunk pvid vlan 60
port trunk allow-pass vlan 60 61
qui
---------------------------
JR_SW6:
sys
un in en
sysname JR_SW6
vlan batch 200
p g g0/0/1 g0/0/2
port link-type trunk
port trunk allow-pass vlan 200
qui
p g g0/0/3 g0/0/4
port link acc
port default vlan 200
qui
---------------------------
HX_SW1:
vlan batch 10 11 20 21 30 31 40 41 50 51
vlan batch 60 61 200 6 8
int g0/0/1
port link acc
port default vlan 8
qui
p g g0/0/2 to g0/0/6
port link-type trunk
port trunk all vlan all
qui
int eth 1
port link trunk
port trunk all vlan all
qui
---------------------------
HX_SW2:
vlan batch 10 11 20 21 30 31 40 41 50 51
vlan batch 60 61 200 7 9
int g0/0/1
port link acc
port default vlan 9
qui
p g g0/0/2 to g0/0/6
port link trunk
port trunk all vlan all
qui
int eth 1
port link trunk
port trunk all vlan all
qui
3、MSTP
HX_SW1:
stp region-configuration
region-name MST
revision-level 1
instance 1 vlan 10 11 20 21 30 31 200
instance 2 vlan 40 41 50 51 60 61
active region-configuration
qui
stp instance 1 root primary
stp instance 2 root secondary
p g g0/0/3 to g0/0/6 eth 1
stp edged-port disable
qui
stp edged-port default
---------------------------
HX_SW2:
stp region-configuration
region-name MST
revision-level 1
instance 1 vlan 10 11 20 21 30 31 200
instance 2 vlan 40 41 50 51 60 61
active region-configuration
qui
stp instance 2 root primary
stp instance 1 root secondary
p g g0/0/3 to g0/0/6 eth 1
stp edged-port disable
qui
stp edged-port default
---------------------------
HJ_SW3:
stp region-configuration
region-name MST
revision-level 1
instance 1 vlan 10 11 20 21 30 31 200
instance 2 vlan 40 41 50 51 60 61
active region-configuration
qui
p g g0/0/1 g0/0/2
stp edged-port disable
stp loop-protection
qui
stp edged-port default
---------------------------
HJ_SW4:
stp region-configuration
region-name MST
revision-level 1
instance 1 vlan 10 11 20 21 30 31 200
instance 2 vlan 40 41 50 51 60 61
active region-configuration
qui
p g g0/0/1 g0/0/2
stp edged-port disable
stp loop-protection
qui
stp edged-port default
---------------------------
HJ_SW5:
stp region-configuration
region-name MST
revision-level 1
instance 1 vlan 10 11 20 21 30 31 200
instance 2 vlan 40 41 50 51 60 61
active region-configuration
qui
p g g0/0/1 g0/0/2
stp edged-port disable
stp loop-protection
qui
stp edged-port default
---------------------------
JR_SW6:
stp region-configuration
region-name MST
revision-level 1
instance 1 vlan 10 11 20 21 30 31 200
instance 2 vlan 40 41 50 51 60 61
active region-configuration
qui
p g g0/0/1 g0/0/2
stp edged-port disable
stp loop-protection
qui
stp edged-port default
4、VRRP
HX_SW1:
int vlan 6
ip add 192.168.6.6 24
int vlan 8
ip add 192.168.8.8 24
int vlan 10
ip add 192.168.10.254 24
vrrp vrid 10 virtual-ip 192.168.10.1
vrrp vrid 10 priority 101
vrrp vrid 10 track int g0/0/1
int vlan 11
ip add 192.168.11.254 24
vrrp vrid 11 virtual-ip 192.168.11.1
vrrp vrid 11 priority 101
vrrp vrid 11 track int g0/0/1
int vlan 20
ip add 192.168.20.254 24
vrrp vrid 20 virtual-ip 192.168.20.1
vrrp vrid 20 priority 101
vrrp vrid 20 track int g0/0/1
int vlan 21
ip add 192.168.21.254 24
vrrp vrid 21 virtual-ip 192.168.21.1
vrrp vrid 21 priority 101
vrrp vrid 21 track int g0/0/1
int vlan 30
ip add 192.168.30.254 24
vrrp vrid 30 virtual-ip 192.168.30.1
vrrp vrid 30 priority 101
vrrp vrid 30 track int g0/0/1
int vlan 31
ip add 192.168.31.254 24
vrrp vrid 31 virtual-ip 192.168.31.1
vrrp vrid 31 priority 101
vrrp vrid 31 track int g0/0/1
int vlan 200
ip add 192.168.200.254 24
vrrp vrid 200 virtual-ip 192.168.200.1
vrrp vrid 200 priority 101
vrrp vrid 200 track int g0/0/1
int vlan 40
ip add 192.168.40.254 24
vrrp vrid 40 virtual-ip 192.168.40.1
int vlan 41
ip add 192.168.41.254 24
vrrp vrid 41 virtual-ip 192.168.41.1
int vlan 50
ip add 192.168.50.254 24
vrrp vrid 50 virtual-ip 192.168.50.1
int vlan 51
ip add 192.168.51.254 24
vrrp vrid 51 virtual-ip 192.168.51.1
int vlan 60
ip add 192.168.60.254 24
vrrp vrid 60 virtual-ip 192.168.60.1
int vlan 61
ip add 192.168.61.254 24
vrrp vrid 61 virtual-ip 192.168.61.1
qui
---------------------------
HX_SW2:
int vlan 7
ip add 192.168.7.7 24
int vlan 9
ip add 192.168.9.9 24
int vlan 10
ip add 192.168.10.253 24
vrrp vrid 10 virtual-ip 192.168.10.1
int vlan 11
ip add 192.168.11.253 24
vrrp vrid 11 virtual-ip 192.168.11.1
int vlan 20
ip add 192.168.20.253 24
vrrp vrid 20 virtual-ip 192.168.20.1
int vlan 21
ip add 192.168.21.253 24
vrrp vrid 21 virtual-ip 192.168.21.1
int vlan 30
ip add 192.168.30.253 24
vrrp vrid 30 virtual-ip 192.168.30.1
int vlan 31
ip add 192.168.31.253 24
vrrp vrid 31 virtual-ip 192.168.31.1
int vlan 200
ip add 192.168.200.253 24
vrrp vrid 200 virtual-ip 192.168.200.1
int vlan 40
ip add 192.168.40.253 24
vrrp vrid 40 virtual-ip 192.168.40.1
vrrp vrid 40 priority 101
vrrp vrid 40 track int g0/0/1
int vlan 41
ip add 192.168.41.253 24
vrrp vrid 41 virtual-ip 192.168.41.1
vrrp vrid 41 priority 101
vrrp vrid 41 track int g0/0/1
int vlan 50
ip add 192.168.50.253 24
vrrp vrid 50 virtual-ip 192.168.50.1
vrrp vrid 50 priority 101
vrrp vrid 50 track int g0/0/1
int vlan 51
ip add 192.168.51.253 24
vrrp vrid 51 virtual-ip 192.168.51.1
vrrp vrid 51 priority 101
vrrp vrid 51 track int g0/0/1
int vlan 60
ip add 192.168.60.253 24
vrrp vrid 60 virtual-ip 192.168.60.1
vrrp vrid 60 priority 101
vrrp vrid 60 track int g0/0/1
int vlan 61
ip add 192.168.61.253 24
vrrp vrid 61 virtual-ip 192.168.61.1
vrrp vrid 61 priority 101
vrrp vrid 61 track int g0/0/1
qui
5、DHCP中继
HX_SW1:
dhcp enable
int vlan 10
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 11
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 20
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 21
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 30
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 31
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 40
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 41
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 50
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 51
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 60
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 61
dhcp select relay
dhcp relay server-ip 192.168.200.3
---------------------------
HX_SW2:
dhcp enable
int vlan 10
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 11
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 20
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 21
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 30
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 31
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 40
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 41
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 50
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 51
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 60
dhcp select relay
dhcp relay server-ip 192.168.200.3
int vlan 61
dhcp select relay
dhcp relay server-ip 192.168.200.3
---------------------------
DHCP:
sys
un in en
sysname DHCP
dhcp enable
int g0/0/0
ip add 192.168.200.3 24
dhcp select global
qui
ip pool vlan10
gateway-list 192.168.10.1
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.129 192.168.10.254
lease unlimited
option 43 sub-option 3 ascii 192.168.6.10,192.168.7.10
qui
ip pool vlan11
gateway-list 192.168.11.1
network 192.168.11.0 mask 24
excluded-ip-address 192.168.11.250 192.168.11.254
dns-list 192.168.200.2
lease unlimited
qui
ip pool vlan20
gateway-list 192.168.20.1
network 192.168.20.0 mask 255.255.255.0
excluded-ip-address 192.168.20.129 192.168.20.254
lease unlimited
option 43 sub-option 3 ascii 192.168.6.10,192.168.7.10
qui
ip pool vlan21
gateway-list 192.168.21.1
network 192.168.21.0 mask 24
excluded-ip-address 192.168.21.250 192.168.21.254
dns-list 192.168.200.2
lease unlimited
qui
ip pool vlan30
gateway-list 192.168.30.1
network 192.168.30.0 mask 255.255.255.0
excluded-ip-address 192.168.30.129 192.168.30.254
lease unlimited
option 43 sub-option 3 ascii 192.168.6.10,192.168.7.10
qui
ip pool vlan31
gateway-list 192.168.31.1
network 192.168.31.0 mask 24
excluded-ip-address 192.168.31.250 192.168.31.254
dns-list 192.168.200.2
lease unlimited
qui
ip pool vlan40
gateway-list 192.168.40.1
network 192.168.40.0 mask 255.255.255.0
excluded-ip-address 192.168.40.129 192.168.40.254
lease unlimited
option 43 sub-option 3 ascii 192.168.6.10,192.168.7.10
qui
ip pool vlan41
gateway-list 192.168.41.1
network 192.168.41.0 mask 24
excluded-ip-address 192.168.41.250 192.168.41.254
dns-list 192.168.200.2
lease unlimited
qui
ip pool vlan50
gateway-list 192.168.50.1
network 192.168.50.0 mask 255.255.255.0
excluded-ip-address 192.168.50.129 192.168.50.254
lease unlimited
option 43 sub-option 3 ascii 192.168.6.10,192.168.7.10
qui
ip pool vlan51
gateway-list 192.168.51.1
network 192.168.51.0 mask 24
excluded-ip-address 192.168.51.250 192.168.51.254
dns-list 192.168.200.2
lease unlimited
qui
ip pool vlan60
gateway-list 192.168.60.1
network 192.168.60.0 mask 255.255.255.0
excluded-ip-address 192.168.60.129 192.168.60.254
lease unlimited
option 43 sub-option 3 ascii 192.168.6.10,192.168.7.10
qui
ip pool vlan61
gateway-list 192.168.61.1
network 192.168.61.0 mask 24
excluded-ip-address 192.168.61.250 192.168.61.254
dns-list 192.168.200.2
lease unlimited
qui
ip route-static 0.0.0.0 0 192.168.200.1
6、OSPF
HX_SW1:
ospf
area 0
network 192.168.10.0 0.0.0.255
network 192.168.11.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.21.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.31.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.41.0 0.0.0.255
network 192.168.50.0 0.0.0.255
network 192.168.51.0 0.0.0.255
network 192.168.60.0 0.0.0.255
network 192.168.61.0 0.0.0.255
network 192.168.6.0 0.0.0.255
network 192.168.8.0 0.0.0.255
network 192.168.200.0 0.0.0.255
qui
silent-interface all
undo silent-interface Vlanif200
undo silent-interface Vlanif8
qui
---------------------------
HX_SW2:
ospf
area 0
network 192.168.10.0 0.0.0.255
network 192.168.11.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.21.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.31.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.41.0 0.0.0.255
network 192.168.50.0 0.0.0.255
network 192.168.51.0 0.0.0.255
network 192.168.60.0 0.0.0.255
network 192.168.61.0 0.0.0.255
network 192.168.7.0 0.0.0.255
network 192.168.9.0 0.0.0.255
network 192.168.200.0 0.0.0.255
qui
silent-interface all
undo silent-interface Vlanif200
undo silent-interface Vlanif9
qui
7、无线AC配置
AC1:
sys
un in en
sysname AC1
vlan 6
int vlan 6
ip add 192.168.6.10 24
qui
int g0/0/1
port link-type trunk
port trunk allow-pass vlan all
qui
ip route-static 0.0.0.0 0.0.0.0 192.168.6.6
capwap source interface vlanif6
wlan
ssid-profile name SSID_PRO
ssid huawei
qui
security-profile name SEC_PRO
security wpa2 psk pass-phrase huawei@123 aes
qui
ap-system-profile name AP1_PRO
primary-access ip-address 192.168.6.10
backup-access ip-address 192.168.7.10
qui
ap-system-profile name AP2_PRO
primary-access ip-address 192.168.6.10
backup-access ip-address 192.168.7.10
qui
ap-system-profile name AP3_PRO
primary-access ip-address 192.168.6.10
backup-access ip-address 192.168.7.10
qui
ap-system-profile name AP4_PRO
primary-access ip-address 192.168.7.10
backup-access ip-address 192.168.6.10
qui
ap-system-profile name AP5_PRO
primary-access ip-address 192.168.7.10
backup-access ip-address 192.168.6.10
qui
ap-system-profile name AP6_PRO
primary-access ip-address 192.168.7.10
backup-access ip-address 192.168.6.10
qui
vap-profile name VAP1_PRO
ssid-profile SSID_PRO
security-profile SEC_PRO
service-vlan vlan-id 11
qui
vap-profile name VAP2_PRO
ssid-profile SSID_PRO
security-profile SEC_PRO
service-vlan vlan-id 21
qui
vap-profile name VAP3_PRO
ssid-profile SSID_PRO
security-profile SEC_PRO
service-vlan vlan-id 31
qui
vap-profile name VAP4_PRO
ssid-profile SSID_PRO
security-profile SEC_PRO
service-vlan vlan-id 41
qui
vap-profile name VAP5_PRO
ssid-profile SSID_PRO
security-profile SEC_PRO
service-vlan vlan-id 51
qui
vap-profile name VAP6_PRO
ssid-profile SSID_PRO
security-profile SEC_PRO
service-vlan vlan-id 61
qui
ap-id 1 ap-mac 00E0-FC28-4B20
ap-id 2 ap-mac 00E0-FC52-0D10
ap-id 3 ap-mac 00E0-FC44-0F80
ap-id 4 ap-mac 00E0-FC38-47E0
ap-id 5 ap-mac 00E0-FC4F-2870
ap-id 6 ap-mac 00E0-FCAD-3F60
qui
ap-id 1
ap-name AREA_1
ap-system-profile AP1_PRO
vap-profile VAP1_PRO wlan 1 radio 0
vap-profile VAP1_PRO wlan 1 radio 1
qui
ap-id 2
ap-name AREA_2
ap-system-profile AP2_PRO
vap-profile VAP2_PRO wlan 1 radio 0
vap-profile VAP2_PRO wlan 1 radio 1
qui
ap-id 3
ap-name AREA_3
ap-system-profile AP3_PRO
vap-profile VAP3_PRO wlan 1 radio 0
vap-profile VAP3_PRO wlan 1 radio 1
qui
ap-id 4
ap-name AREA_4
ap-system-profile AP4_PRO
vap-profile VAP4_PRO wlan 1 radio 0
vap-profile VAP4_PRO wlan 1 radio 1
qui
ap-id 5
ap-name AREA_5
ap-system-profile AP5_PRO
vap-profile VAP5_PRO wlan 1 radio 0
vap-profile VAP5_PRO wlan 1 radio 1
qui
ap-id 6
ap-name AREA_6
ap-system-profile AP6_PRO
vap-profile VAP6_PRO wlan 1 radio 0
vap-profile VAP6_PRO wlan 1 radio 1
----------------------------------
AC2:
sys
un in en
sysname AC2
vlan 7
int vlan 7
ip add 192.168.7.10 24
qui
int g0/0/1
port link-type trunk
port trunk allow-pass vlan all
qui
ip route-static 0.0.0.0 0.0.0.0 192.168.7.7
capwap source interface vlanif7
wlan
ssid-profile name SSID_PRO
ssid huawei
qui
security-profile name SEC_PRO
security wpa2 psk pass-phrase huawei@123 aes
qui
ap-system-profile name AP1_PRO
primary-access ip-address 192.168.6.10
backup-access ip-address 192.168.7.10
qui
ap-system-profile name AP2_PRO
primary-access ip-address 192.168.6.10
backup-access ip-address 192.168.7.10
qui
ap-system-profile name AP3_PRO
primary-access ip-address 192.168.6.10
backup-access ip-address 192.168.7.10
qui
ap-system-profile name AP4_PRO
primary-access ip-address 192.168.7.10
backup-access ip-address 192.168.6.10
qui
ap-system-profile name AP5_PRO
primary-access ip-address 192.168.7.10
backup-access ip-address 192.168.6.10
qui
ap-system-profile name AP6_PRO
primary-access ip-address 192.168.7.10
backup-access ip-address 192.168.6.10
qui
vap-profile name VAP1_PRO
ssid-profile SSID_PRO
security-profile SEC_PRO
service-vlan vlan-id 11
qui
vap-profile name VAP2_PRO
ssid-profile SSID_PRO
security-profile SEC_PRO
service-vlan vlan-id 21
qui
vap-profile name VAP3_PRO
ssid-profile SSID_PRO
security-profile SEC_PRO
service-vlan vlan-id 31
qui
vap-profile name VAP4_PRO
ssid-profile SSID_PRO
security-profile SEC_PRO
service-vlan vlan-id 41
qui
vap-profile name VAP5_PRO
ssid-profile SSID_PRO
security-profile SEC_PRO
service-vlan vlan-id 51
qui
vap-profile name VAP6_PRO
ssid-profile SSID_PRO
security-profile SEC_PRO
service-vlan vlan-id 61
qui
ap-id 1 ap-mac 00E0-FC28-4B20
ap-id 2 ap-mac 00E0-FC52-0D10
ap-id 3 ap-mac 00E0-FC44-0F80
ap-id 4 ap-mac 00E0-FC38-47E0
ap-id 5 ap-mac 00E0-FC4F-2870
ap-id 6 ap-mac 00E0-FCAD-3F60
qui
ap-id 1
ap-name AREA_1
ap-system-profile AP1_PRO
vap-profile VAP1_PRO wlan 1 radio 0
vap-profile VAP1_PRO wlan 1 radio 1
qui
ap-id 2
ap-name AREA_2
ap-system-profile AP2_PRO
vap-profile VAP2_PRO wlan 1 radio 0
vap-profile VAP2_PRO wlan 1 radio 1
qui
ap-id 3
ap-name AREA_3
ap-system-profile AP3_PRO
vap-profile VAP3_PRO wlan 1 radio 0
vap-profile VAP3_PRO wlan 1 radio 1
qui
ap-id 4
ap-name AREA_4
ap-system-profile AP4_PRO
vap-profile VAP4_PRO wlan 1 radio 0
vap-profile VAP4_PRO wlan 1 radio 1
qui
ap-id 5
ap-name AREA_5
ap-system-profile AP5_PRO
vap-profile VAP5_PRO wlan 1 radio 0
vap-profile VAP5_PRO wlan 1 radio 1
qui
ap-id 6
ap-name AREA_6
ap-system-profile AP6_PRO
vap-profile VAP6_PRO wlan 1 radio 0
vap-profile VAP6_PRO wlan 1 radio 1
----------------------------------
重启一下AP
8、无线AC冗余
这一部分要不我就先不放在文章中,
配置的设备只有AC1和AC2,
配置AC1和AC2实现冗余即可
9、防火墙双击热备
这一部分要不我就先不放在文章中,
配置的设备只有FW1和FW2,
配置FW1和FW2的IP地址
和运行相应的ospf和双机热备
这一部分在文章中省了,但是如果是
自己确实是小白没法自己配置出来那
可能就没有办法了,下载资源的话需要
收取一些费用,那里的order命令是没有省略的
一条一条一步一步的命令都是有的,也都是全的。
10、安全策略&NAT策略
FW1:(只需在FW1上配置即可)
security-policy
rule name local_to_any
source-zone local
action permit
rule name in_to_out
source-zone trust
destination-zone untrust
source-address 192.168.0.0 mask 255.255.0.0
action permit
qui
qui
nat-policy
rule name in_to_out
source-zone trust
destination-zone untrust
source-address 192.168.0.0 mask 255.255.0.0
action source-nat easy-ip
qui
qui
11、ISIS配置
YD_R1:
sys
un in en
sysname R1
isis
net 49.0000.0000.0001.00
is-level level-2
cost-style wide
qui
int g0/0/1
ip add 100.1.1.1 24
isis en
int g0/0/2
ip add 200.1.2.1 24
isis en
int g0/0/0
ip add 100.1.13.1 24
isis en
int loo0
ip add 1.1.1.1 32
isis en
qui
DX_R2:
sys
un in en
sysname R2
isis
net 49.0000.0000.0002.00
is-level level-2
cost-style wide
qui
int g0/0/1
ip add 100.1.11.2 24
isis en
int g0/0/2
ip add 200.1.22.2 24
isis en
int g0/0/0
ip add 200.1.23.2 24
isis en
int loo0
ip add 2.2.2.2 32
isis en
qui
AR3:
sys
un in en
sysname AR3
isis
net 49.0000.0000.0003.00
is-level level-2
cost-style wide
qui
int g0/0/1
ip add 100.1.13.3 24
isis en
int g0/0/2
ip add 200.1.23.3 24
isis en
int g0/0/0
ip add 111.111.111.3 24
isis en
int loo0
ip add 3.3.3.3 32
isis en
qui
12、ACL策略
HX_SW1:
acl number 3001
rule 5 permit ip source 192.168.21.0 0.0.0.255 destination 192.168.0.0 0.0.255.255
rule 10 deny ip source 192.168.21.0 0.0.0.255
qui
int g0/0/1
traffic-filter outbound acl 3001
qui
--------------------------------------
HX_SW2:
acl number 3001
rule 5 permit ip source 192.168.21.0 0.0.0.255 destination 192.168.0.0 0.0.255.255
rule 10 deny ip source 192.168.21.0 0.0.0.255
qui
int g0/0/1
traffic-filter outbound acl 3001
qui
五、公众/名片所在地
关注公众号(小猿网),回复“网络规划”即可。
资源为收费资源,如不符合您的消费观,还请您见谅。
扫一扫
2844
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
