注
本篇博文内容来自于书籍《网络运维管理从基础到实战》,笔者仅参照书籍中的项目跟做实验及部分笔记,感兴趣的朋友们若觉得内容合适,敬请支持正版。
《网络运维管理从基础到实战》(许成刚 阮晓龙 杜宇飞 刘海滨 刘明哲 编著)【简介_书评_在线阅读】 - 当当图书
“本书共设计10个工程项目。从构建有线/无线混合园区网到接入互联网,从园区网设备的远程统一管理及基础网络服务管理到构建覆盖全网的运维监控系统,从网络安全管理的实现到基于防火墙的用户上网认证及上网行为分析。
项目一,构建综合园区网,基于eNSP仿真环境构建有线/无线混合园区网,将该项目作为本书后续各项目的基础。
项目二,接入互联网。重点掌握NAT技术的应用,并且将已经建成的园区网通过NAT方式接入互联网。
项目三,园区网设备的集中管理。通过Telnet和SSH方式,实现对园区网内部各网络设备的集中远程管理。
项目四~项目六,构建网络运维管理基础服务,包括域名管理(DNS)、时间服务管理(NTP)、IP地址管理(DHCP)
项目七,建设覆盖全网的运维监控系统。分别通过Cacti和Zabbix构建覆盖整个园区网的监控体系,实现对所有网络服务、网络设备的监控和运行分析。
项目八,网络安全。利用防火墙加强园区网访问及管理服务。
项目九,用户行为管理。基于防火墙实现用户上网认证以及用户上网行为分析。
项目十,通过VPN访问园区网内部资源。通过VPN方式,使位于互联网上的指定用户能够安全地访问园区网内部资源。”
另,笔者仅在自身薄弱知识处做笔记、配置以及额外查找资料补充,此外的问题敬请朋友们自行研究书本内容。
在eNSP中部署网络
设备选型:
交换机:S5700、S3700
路由器:AR2220(出口路由器需额外增添一块4GEW-T板卡以增添接口)
无线AC:AC6605
无线AP:AP3030
地址规划:
Server-1(用PC替代Server,仅为测试连通性):172.16.64.10 /24 Gateway:172.16.64.254
Server-2(同上):172.16.65.10 /24 Gateway:172.16.65.254
A-C-1:192.168.64.10 /24 Gateway:192.168.64.254
A-C-2:192.168.65.10 /24 Gateway:192.168.65.254
B-C-1:192.168.68.10 /24 Gateway:192.168.68.254
B-C-2:192.168.68.10 /24 Gateway:192.168.68.254
Cloud1、2:以太网(有线网卡)192.168.1.1.100
其他设置请查看各设备配置
各设备配置:
A-SW-1(接入交换机)
sysname A-SW-1
#
undo info-center enable
#
vlan batch 21 to 22 200 to 202
#
interface Ethernet0/0/1
port link-type access
port default vlan 21
#
interface Ethernet0/0/2
port link-type access
port default vlan 22
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 21 to 22 200 to 202
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 200
port trunk allow-pass vlan 200 to 202B-SW-1(接入交换机)
sysname B-SW-1
#
undo info-center enable
#
vlan batch 23 to 24 200 to 202
#
interface Ethernet0/0/1
port link-type access
port default vlan 23
#
interface Ethernet0/0/2
port link-type access
port default vlan 24
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 23 to 24 200 to 202
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 200
port trunk allow-pass vlan 200 to 202A-RS-1(汇聚交换机,终结二层)
sysname A-RS-1
#
undo info-center enable
#
vlan batch 21 to 22 100 to 101 200 to 202
#
dhcp enable
#
interface Vlanif21
ip address 192.168.64.254 255.255.255.0
#
interface Vlanif22
ip address 192.168.65.254 255.255.255.0
#
interface Vlanif100
ip address 10.0.1.2 255.255.255.252
#
interface Vlanif101
ip address 10.0.1.10 255.255.255.252
#
interface Vlanif200
ip address 10.0.200.14 255.255.255.240
dhcp select relay
dhcp relay server-ip 10.0.200.254
#
interface Vlanif201
ip address 192.168.66.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.0.200.254
#
interface Vlanif202
ip address 192.168.67.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.0.200.254
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 21 to 22 200 to 202
#
interface GigabitEthernet0/0/23
port link-type access
port default vlan 101
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 100
#
ospf 1
area 0.0.0.1
network 192.168.64.0 0.0.0.255
network 192.168.65.0 0.0.0.255
network 10.0.1.0 0.0.0.3
network 10.0.1.8 0.0.0.3
network 192.168.66.0 0.0.0.255
network 192.168.67.0 0.0.0.255
network 10.0.200.0 0.0.0.15B-RS-1:
sysname B-RS-1
#
undo info-center enable
#
vlan batch 23 to 24 100 to 101 200 to 202
#
dhcp enable
#
interface Vlanif23
ip address 192.168.68.254 255.255.255.0
#
interface Vlanif24
ip address 192.168.69.254 255.255.255.0
#
interface Vlanif100
ip address 10.0.1.14 255.255.255.252
#
interface Vlanif101
ip address 10.0.1.6 255.255.255.252
#
interface Vlanif200
ip address 10.0.200.30 255.255.255.240
dhcp select relay
dhcp relay server-ip 10.0.200.254
#
interface Vlanif201
ip address 192.168.70.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.0.200.254
#
interface Vlanif202
ip address 192.168.71.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.0.200.254
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 23 to 24 200 to 202
#
interface GigabitEthernet0/0/23
port link-type access
port default vlan 101
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 100
#
ospf 1
area 0.0.0.1
network 10.0.1.4 0.0.0.3
network 10.0.1.12 0.0.0.3
network 192.168.68.0 0.0.0.255
network 192.168.69.0 0.0.0.255
network 10.0.200.16 0.0.0.15
network 192.168.70.0 0.0.0.255
network 192.168.71.0 0.0.0.255O-R-1:
sysname O-R-1
#
undo info-center enable
#
acl number 2000
rule 5 permit source 192.168.64.0 0.0.7.255
rule 10 permit source 172.16.64.0 0.0.1.255
#
interface GigabitEthernet0/0/0
ip address 10.0.1.1 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 10.0.1.5 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 10.0.0.1 255.255.255.252
#
interface GigabitEthernet2/0/0
ip address 192.168.1.200 255.255.255.0
nat outbound 2000
#
ospf 1
default-route-advertise always
area 0.0.0.0
network 10.0.0.0 0.0.0.3
area 0.0.0.1
network 10.0.1.0 0.0.0.3
network 10.0.1.4 0.0.0.3
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1O-R-2:
sysname O-R-2
#
undo info-center enable
#
acl number 2000
rule 5 permit source 192.168.64.0 0.0.7.255
rule 10 permit source 172.16.64.0 0.0.1.255
#
interface GigabitEthernet0/0/0
ip address 10.0.1.13 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 10.0.1.9 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 10.0.0.5 255.255.255.252
#
interface GigabitEthernet2/0/0
ip address 192.168.1.201 255.255.255.0
nat outbound 2000
#
ospf 1
default-route-advertise always
area 0.0.0.0
network 10.0.0.4 0.0.0.3
area 0.0.0.1
network 10.0.1.8 0.0.0.3
network 10.0.1.12 0.0.0.3
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1S-RS-1:
sysname S-RS-1
#
undo info-center enable
#
vlan batch 100 to 102
#
interface Vlanif100
ip address 10.0.0.2 255.255.255.252
#
interface Vlanif101
ip address 10.0.2.1 255.255.255.252
#
interface Vlanif102
ip address 10.0.2.5 255.255.255.252
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 101
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 102
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 100
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.0.0.3
area 0.0.0.2
network 10.0.2.0 0.0.0.3
network 10.0.2.4 0.0.0.3S-RS-2:
sysname S-RS-2
#
undo info-center enable
#
vlan batch 100 to 102
#
interface Vlanif100
ip address 10.0.0.6 255.255.255.252
#
interface Vlanif101
ip address 10.0.2.13 255.255.255.252
#
interface Vlanif102
ip address 10.0.2.9 255.255.255.252
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 101
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 102
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 100
#
ospf 1
area 0.0.0.0
network 10.0.0.4 0.0.0.3
area 0.0.0.2
network 10.0.2.8 0.0.0.3
network 10.0.2.12 0.0.0.3S-RS-3:
sysname S-RS-3
#
undo info-center enable
#
vlan batch 11 101 to 102 200
#
interface Vlanif11
ip address 172.16.64.254 255.255.255.0
#
interface Vlanif101
ip address 10.0.2.2 255.255.255.252
#
interface Vlanif102
ip address 10.0.2.10 255.255.255.252
#
interface Vlanif200
ip address 10.0.200.253 255.255.255.252
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 11
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/22
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/23
port link-type access
port default vlan 102
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 101
#
ospf 1
area 0.0.0.2
network 10.0.2.0 0.0.0.3
network 10.0.2.8 0.0.0.3
network 172.16.64.0 0.0.0.255
network 10.0.200.252 0.0.0.3S-RS-4:
sysname S-RS-4
#
undo info-center enable
#
vlan batch 12 101 to 102
#
interface Vlanif12
ip address 172.16.65.254 255.255.255.0
#
interface Vlanif101
ip address 10.0.2.14 255.255.255.252
#
interface Vlanif102
ip address 10.0.2.6 255.255.255.252
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 12
#
interface GigabitEthernet0/0/23
port link-type access
port default vlan 102
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 101
#
ospf 1
area 0.0.0.2
network 10.0.2.4 0.0.0.3
network 10.0.2.12 0.0.0.3
network 172.16.65.0 0.0.0.255AC-1:
sysname AC-1
#
vlan batch 200
#
dhcp enable
#
ip pool pool-A-vlan200
gateway-list 10.0.200.14
network 10.0.200.0 mask 255.255.255.240
option 43 sub-option 2 ip-address 10.0.200.254
#
ip pool pool-A-vlan201
gateway-list 192.168.66.254
network 192.168.66.0 mask 255.255.255.0
#
ip pool pool-A-vlan202
gateway-list 192.168.67.254
network 192.168.67.0 mask 255.255.255.0
#
ip pool pool-B-vlan200
gateway-list 10.0.200.30
network 10.0.200.16 mask 255.255.255.240
option 43 sub-option 2 ip-address 10.0.200.254
#
ip pool pool-B-vlan201
gateway-list 192.168.70.254
network 192.168.70.0 mask 255.255.255.0
#
ip pool pool-B-vlan202
gateway-list 192.168.71.254
network 192.168.71.0 mask 255.255.255.0
#
interface Vlanif200
ip address 10.0.200.254 255.255.255.252
dhcp select global
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 200
#
undo info-center enable
#
ip route-static 10.0.200.0 255.255.255.224 10.0.200.253
ip route-static 192.168.66.0 255.255.254.0 10.0.200.253
ip route-static 192.168.70.0 255.255.254.0 10.0.200.253
#
capwap source interface vlanif200
#
wlan
security-profile name sec-cfg
security wpa-wpa2 psk pass-phrase %^%#25Ar5cH!wD<8w+N|Jwr>]'_jM+!fT&&@#5LCP.TU
%^%# aes
ssid-profile name ssid-cfg-1
ssid wifi-2.4G
ssid-profile name ssid-cfg-2
ssid wifi-5G
vap-profile name vap-cfg-1
service-vlan vlan-id 201
ssid-profile ssid-cfg-1
security-profile sec-cfg
vap-profile name vap-cfg-2
service-vlan vlan-id 202
ssid-profile ssid-cfg-2
security-profile sec-cfg
regulatory-domain-profile name domain-cfg
ap-group name ap-group-cfg
regulatory-domain-profile domain-cfg
radio 0
vap-profile vap-cfg-1 wlan 1
radio 1
vap-profile vap-cfg-2 wlan 1
ap-id 1 type-id 45 ap-mac 00e0-fc78-2050 ap-sn 2102354483106C3AB011
ap-name A-AP-1
ap-group ap-group-cfg
ap-id 2 type-id 45 ap-mac 00e0-fca5-4990 ap-sn 2102354483108E4D4E74
ap-name B-AP-1
ap-group ap-group-cfg
provision-ap总结:
如上配置后,能够实现园区网络内的互通(无线与有线接入)以及互联网的接入(Cloud模拟)
3321
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
