一、设计要求
整个园区网由三台路由器,两台S5700交换机作为LSW1核心交换机和LSW2备份交换机,一台路由器做为出口,两台路由器作为AR2主路由器和AR3备份路由器。每栋楼作为一个局域网,每栋楼部署一台S3700(LSW3,LSW4.LSW5)交换机,连接到LSW1核心交换机和LSW2备份交换机。核心交换机和备份交换机通过VLAN来和路由器进行连接。在出口AR1路由器上配置NAT,通过NAT技术进行上网。
二、设计图展示
这是我的设计图,该图其运用到的技术还有VLAN划分、三层架构、MSTP、VRRP、链路聚合、DHCP、WLAN(无线局域网)、OSPF、安全策略、NAT技术等一系列,对毕设课题进行参考,场景适用于毕业设计、校园网络规划和企业网络规划。由什么问题可以在平台私信博主,看到会回,有什么不对的地方见谅,本人也是刚接触不久。
注;图上的DHCP是没有配置的
三、VLAN划分
| vlan名称 | 有效IP段 | 子网掩码 | 缺省网关 |
| Vlan 10 | 192.168.10.1~251 | 255.255.255.0 | 192.168.10.252 |
| Vlan 20 | 192.168.20.1~251 | 255.255.255.0 | 192.168.20.252 |
| Vlan 30 | 192.168.30.1~251 | 255.255.255.0 | 192.168.30.252 |
| Vlan 40 | 192.168.40.1~251 | 255.255.255.0 | 192.168.40.252 |
| Vlan 50 | 192.168.50.1~251 | 255.255.255.0 | 192.168.50.252 |
| Vlan 60 | 192.168.60.1~251 | 255.255.255.0 | 192.168.60.252 |
| Vlan 5 | 192.168.5.1~251 | 255.255.255.0 | |
| Vlan 6 | 192.168.6.1~251 | 255.255.255.0 | |
| Vlan 7 | 192.168.7.1~251 | 255.255.255.0 | |
| Vlan 8 | 192.168.8.1~251 | 255.255.255.0 | |
| Vlan 100 | 192.168.100.1~251 | 255.255.255.0 | 192.168.100.252 |
| Vlan 101 | 192.168.101.1~251 | 255.255.255.0 |
四、配置步骤(跟着一步一步走)
1、vlan底层配置
Core-LSW1:
<Huawei>undo ter monitor //关闭泛洪信息,关闭终端显示信息中心发送信息的功能
<Huawei>sys
<Huawei>undo info-center enable
[Huawei]sysname Core-LSW1
[Core-LSW1]vlan batch 10 20 30 40 50 60 100 101
[Core-LSW1]int Vlanif 10
[Core-LSW1-Vlanif10]ip address 192.168.10.254 24
[Core-LSW1]int Vlanif 20
[Core-LSW1-Vlanif20]ip address 192.168.20.254 24
[Core-LSW1]int Vlanif 30
[Core-LSW1-Vlanif30]ip address 192.168.30.254 24
[Core-LSW1]int Vlanif 40
[Core-LSW1-Vlanif40]ip address 192.168.40.254 24
[Core-LSW1]int Vlanif 50
[Core-LSW1-Vlanif50]ip address 192.168.50.254 24
[Core-LSW1]int Vlanif 60
[Core-LSW1-Vlanif60]ip address 192.168.60.254 24
[Core-LSW1]int Vlanif 100
[Core-LSW1-Vlanif100]ip address 192.168.100.254 24
[Core-LSW1-Vlanif100]undo shutdown
[Core-LSW1]vlan batch 5 7
[Core-LSW1]int Vlanif 5
[Core-LSW1-Vlanif5]ip address 192.168.5.2 24
[Core-LSW1-Vlanif5]int Vlanif 7
[Core-LSW1-Vlanif7]ip address 192.168.7.2 24
[Core-LSW1-Vlanif7]quit
[Core-LSW1]int g0/0/1
[Core-LSW1-GigabitEthernet0/0/1]port link-type access
[Core-LSW1-GigabitEthernet0/0/1]port default vlan 5
[Core-LSW1-GigabitEthernet0/0/1]int g0/0/2
[Core-LSW1-GigabitEthernet0/0/2]port link-type access
[Core-LSW1-GigabitEthernet0/0/2]port default vlan 7
[Core-LSW1-GigabitEthernet0/0/2]quit
[Core-LSW1]interface GigabitEthernet 0/0/5
[Core-LSW1-GigabitEthernet0/0/5]port link-type trunk
[Core-LSW1-GigabitEthernet0/0/5]port trunk allow-pass vlan all
[Core-LSW1-GigabitEthernet0/0/5]q
[Core-LSW1]interface GigabitEthernet 0/0/6
[Core-LSW1-GigabitEthernet0/0/6]port link-type trunk
[Core-LSW1-GigabitEthernet0/0/6]port trunk allow-pass vlan all
[Core-LSW1-GigabitEthernet0/0/6]q
[Core-LSW1]interface GigabitEthernet 0/0/7
[Core-LSW1-GigabitEthernet0/0/7]port link-type trunk
[Core-LSW1-GigabitEthernet0/0/7]port trunk allow-pass vlan all
[Core-LSW1-GigabitEthernet0/0/7]q
[Core-LSW1]interface GigabitEthernet 0/0/8
[Core-LSW1-GigabitEthernet0/0/8]port link-type trunk
[Core-LSW1-GigabitEthernet0/0/8]port trunk allow-pass vlan all
[Core-LSW1-GigabitEthernet0/0/8]q
[Core-LSW1]interface GigabitEthernet 0/0/9
[Core-LSW1-GigabitEthernet0/0/9]port link-type trunk
[Core-LSW1-GigabitEthernet0/0/9]port trunk allow-pass vlan all
[Core-LSW1-GigabitEthernet0/0/9]q
[Core-LSW1]interface GigabitEthernet 0/0/10
[Core-LSW1-GigabitEthernet0/0/10]port link-type trunk
[Core-LSW1-GigabitEthernet0/0/10]port trunk allow-pass vlan all
[Core-LSW1-GigabitEthernet0/0/10]q
[Core-LSW1]interface GigabitEthernet 0/0/12
[Core-LSW1-GigabitEthernet0/0/12]port link-type trunk
[Core-LSW1-GigabitEthernet0/0/12]port trunk allow-pass vlan all
[Core-LSW1-GigabitEthernet0/0/12]q
[Core-LSW1]interface GigabitEthernet 0/0/13
[Core-LSW1-GigabitEthernet0/0/13]port link-type trunk
[Core-LSW1-GigabitEthernet0/0/13]port trunk pvid vlan 101
[Core-LSW1-GigabitEthernet0/0/13]port trunk allow-pass vlan all
[Core-LSW1-GigabitEthernet0/0/13]quit
---------------------------
Core-LSW2:
<Huawei>sys
<Huawei>undo info-center enable
[Huawei]sysname Core-LSW2
[Core-LSW2]vlan batch 10 20 30 40 50 60 100 101 6 8
[Core-LSW2]int Vlanif 10
[Core-LSW2-Vlanif10]ip address 192.168.10.253 24
[Core-LSW2]int Vlanif 20
[Core-LSW2-Vlanif20]ip address 192.168.20.253 24
[Core-LSW2]int Vlanif 30
[Core-LSW2-Vlanif30]ip address 192.168.30.253 24
[Core-LSW2]int Vlanif 40
[Core-LSW2-Vlanif40]ip address 192.168.40.253 24
[Core-LSW2]int Vlanif 50
[Core-LSW2-Vlanif50]ip address 192.168.50.253 24
[Core-LSW2]int Vlanif 60
[Core-LSW2-Vlanif60]ip address 192.168.60.253 24
[Core-LSW2]int g0/0/1
[Core-LSW2-GigabitEthernet0/0/1]port link-type access
[Core-LSW2-GigabitEthernet0/0/1]port default vlan 8
[Core-LSW2-GigabitEthernet0/0/1]int g0/0/2
[Core-LSW2-GigabitEthernet0/0/2]port link-type access
[Core-LSW2-GigabitEthernet0/0/2]port default vlan 6
[Core-LSW2]int g0/0/5
[Core-LSW2-GigabitEthernet0/0/5]port link-type trunk
[Core-LSW2-GigabitEthernet0/0/5]port trunk allow-pass vlan all
[Core-LSW2-GigabitEthernet0/0/5]int g0/0/6
[Core-LSW2-GigabitEthernet0/0/6]port link-type trunk
[Core-LSW2-GigabitEthernet0/0/6]port trunk allow-pass vlan all
[Core-LSW2-GigabitEthernet0/0/6]int g0/0/7
[Core-LSW2-GigabitEthernet0/0/7]port link-type trunk
[Core-LSW2-GigabitEthernet0/0/7]port trunk allow-pass vlan all
[Core-LSW2-GigabitEthernet0/0/7]int g0/0/8
[Core-LSW2-GigabitEthernet0/0/8]port link-type trunk
[Core-LSW2-GigabitEthernet0/0/8]port trunk allow-pass vlan all
[Core-LSW2-GigabitEthernet0/0/8]int g0/0/9
[Core-LSW2-GigabitEthernet0/0/9]port link-type trunk
[Core-LSW2-GigabitEthernet0/0/9]port trunk allow-pass vlan all
[Core-LSW2-GigabitEthernet0/0/9]int g0/0/10
[Core-LSW2-GigabitEthernet0/0/10]port link-type trunk
[Core-LSW2-GigabitEthernet0/0/10]port trunk allow-pass vlan all
[Core-LSW2-GigabitEthernet0/0/10]quit
---------------------------
SW1:
<Huawei>sys
<Huawei>undo info-center enable
[Huawei]sysname LSW1
[LSW1]vlan batch 10 20 30 40 50 60 100 101
[LSW1]int e0/0/1
[LSW1-Ethernet0/0/1]port link-type trunk
[LSW1-Ethernet0/0/1]port trunk allow-pass vlan all
[LSW1-Ethernet0/0/1]int e0/0/2
[LSW1-Ethernet0/0/2]port link-type trunk
[LSW1-Ethernet0/0/2]port trunk allow-pass vlan all
[LSW1-Ethernet0/0/2]int e0/0/3
[LSW1-Ethernet0/0/3]port link-type access
[LSW1-Ethernet0/0/3]port default vlan 10
[LSW1-Ethernet0/0/3]int e0/0/4
[LSW1-Ethernet0/0/4]port link-type access
[LSW1-Ethernet0/0/4]port default vlan 10
---------------------------
SW2:
<Huawei>sys
<Huawei>undo info-center enable
[Huawei]sysname LSW2
[LSW2]vlan batch 10 20 30 40 50 60 100 101
[LSW2]int e0/0/1
[LSW2-Ethernet0/0/1]port link-type trunk
[LSW2-Ethernet0/0/1]port trunk allow-pass vlan all
[LSW2-Ethernet0/0/1]int e0/0/2
[LSW2-Ethernet0/0/2]port link-type trunk
[LSW2-Ethernet0/0/2]port trunk allow-pass vlan all
[LSW2-Ethernet0/0/2]int e0/0/3
[LSW2-Ethernet0/0/3]port link-type access
[LSW2-Ethernet0/0/3]port default vlan 20
[LSW2-Ethernet0/0/3]int e0/0/4
[LSW2-Ethernet0/0/4]port link-type access
[LSW2-Ethernet0/0/4]port default vlan 20
----------------------------
SW3:
<Huawei>sys
<Huawei>undo info-center enable
[Huawei]sysname LSW3
[LSW3]vlan batch 10 20 30 40 50 60 100 101
[LSW3]int e0/0/1
[LSW3-Ethernet0/0/1]port link-type trunk
[LSW3-Ethernet0/0/1]port trunk allow-pass vlan all
[LSW3-Ethernet0/0/1]int e0/0/2
[LSW3-Ethernet0/0/2]port link-type trunk
[LSW3-Ethernet0/0/2]port trunk allow-pass vlan all
[LSW3-Ethernet0/0/2]int e0/0/3
[LSW3-Ethernet0/0/3]port link-type access
[LSW3-Ethernet0/0/3]port default vlan 30
[LSW3-Ethernet0/0/3]int e0/0/4
[LSW3-Ethernet0/0/4]port link-type access
[LSW3-Ethernet0/0/4]port default vlan 30
-----------------------------
SW4:
<Huawei>sys
<Huawei>undo info-center enable
[Huawei]sysname LSW4
[LSW4]vlan batch 10 20 30 40 50 60 100 101
[LSW4]int e0/0/1
[LSW4-Ethernet0/0/1]port link-type trunk
[LSW4-Ethernet0/0/1]port trunk allow-pass vlan all
[LSW4-Ethernet0/0/1]int e0/0/2
[LSW4-Ethernet0/0/2]port link-type trunk
[LSW4-Ethernet0/0/2]port trunk allow-pass vlan all
[LSW4-Ethernet0/0/2]int e0/0/3
[LSW4-Ethernet0/0/3]port link-type access
[LSW4-Ethernet0/0/3]port default vlan 40
[LSW4-Ethernet0/0/3]int e0/0/4
[LSW4-Ethernet0/0/4]port link-type access
[LSW4-Ethernet0/0/4]port default vlan 40
-----------------------------
SW5:
<Huawei>sys
<Huawei>undo info-center enable
[Huawei]sysname LSW5
[LSW5]vlan batch 10 20 30 40 50 60 100 101
[LSW5]int e0/0/1
[LSW5-Ethernet0/0/1]port link-type trunk
[LSW5-Ethernet0/0/1]port trunk allow-pass vlan all
[LSW5-Ethernet0/0/1]int e0/0/2
[LSW5-Ethernet0/0/2]port link-type trunk
[LSW5-Ethernet0/0/2]port trunk allow-pass vlan all
[LSW5-Ethernet0/0/2]int e0/0/3
[LSW5-Ethernet0/0/3]port link-type access
[LSW5-Ethernet0/0/3]port default vlan 50
[LSW5-Ethernet0/0/3]int e0/0/4
[LSW5-Ethernet0/0/4]port link-type access
[LSW5-Ethernet0/0/4]port default vlan 50
-----------------------------
SW6:
<Huawei>sys
<Huawei>undo info-center enable
[Huawei]sysname LSW6
[LSW6]vlan batch 10 20 30 40 50 60 100 101
[LSW6]int e0/0/1
[LSW6-Ethernet0/0/1]port link-type trunk
[LSW6-Ethernet0/0/1]port trunk allow-pass vlan all
[LSW6-Ethernet0/0/1]int e0/0/2
[LSW6-Ethernet0/0/2]port link-type trunk
[LSW6-Ethernet0/0/2]port trunk allow-pass vlan all
[LSW6-Ethernet0/0/2]int e0/0/3
[LSW6-Ethernet0/0/3]port link-type access
[LSW6-Ethernet0/0/3]port default vlan 60
[LSW6-Ethernet0/0/3]int e0/0/4
[LSW6-Ethernet0/0/4]port link-type access
[LSW6-Ethernet0/0/4]port default vlan 60
---------------------------2、Eth-trunk链路聚合
Core-LSW1:
[Core-LSW1]int Eth-Trunk 1
[Core-LSW1-Eth-Trunk1]port link-type trunk
[Core-LSW1-Eth-Trunk1]port trunk allow-pass vlan all
[Core-LSW1-Eth-Trunk1]trunkport GigabitEthernet 0/0/3
[Core-LSW1-Eth-Trunk1]trunkport GigabitEthernet 0/0/4
[Core-LSW1-Eth-Trunk1]display this
-------------------------
Core-LSW2:
[Core-LSW2]int Eth-Trunk 1
[Core-LSW2-Eth-Trunk1]port link-type trunk
[Core-LSW2-Eth-Trunk1]port trunk allow-pass vlan all
[Core-LSW2-Eth-Trunk1]trunkport GigabitEthernet 0/0/3
[Core-LSW2-Eth-Trunk1]trunkport GigabitEthernet 0/0/4
[Core-LSW2]q
------------------------3、VRRP冗余
Core-LSW1:
[Core-LSW1]int vlanif10
[Core-LSW1-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.252
[Core-LSW1-Vlanif10]vrrp vrid 10 priority 120
[Core-LSW1-Vlanif10]vrrp vrid 10 track interface g0/0/1
[Core-LSW1-Vlanif10]vrrp vrid 10 track interface g0/0/2
[Core-LSW1-Vlanif10]int vlanif20
[Core-LSW1-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.252
[Core-LSW1-Vlanif20]vrrp vrid 20 priority 120
[Core-LSW1-Vlanif20]vrrp vrid 20 track interface g0/0/1
[Core-LSW1-Vlanif20]vrrp vrid 20 track interface g0/0/2
[Core-LSW1-Vlanif20]int vlanif30
[Core-LSW1-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.252
[Core-LSW1-Vlanif30]vrrp vrid 30 priority 120
[Core-LSW1-Vlanif30]vrrp vrid 30 track interface g0/0/1
[Core-LSW1-Vlanif30]vrrp vrid 30 track interface g0/0/2
[Core-LSW1-Vlanif30]int vlanif40
[Core-LSW1-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.252
[Core-LSW1-Vlanif40]vrrp vrid 40 track interface g0/0/1
[Core-LSW1-Vlanif40]vrrp vrid 40 track interface g0/0/2
[Core-LSW1-Vlanif40]int vlanif50
[Core-LSW1-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.252
[Core-LSW1-Vlanif50]vrrp vrid 50 track interface g0/0/1
[Core-LSW1-Vlanif50]vrrp vrid 50 track interface g0/0/2
[Core-LSW1-Vlanif50]int vlanif60
[Core-LSW1-Vlanif60]vrrp vrid 60 virtual-ip 192.168.60.252
[Core-LSW1-Vlanif60]vrrp vrid 60 track interface g0/0/1
[Core-LSW1-Vlanif60]vrrp vrid 60 track interface g0/0/2
[Core-LSW1-Vlanif60]q
-------------------------------
Core-LSW2:
[Core-LSW2]int vlanif10
[Core-LSW2-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.252
[Core-LSW2-Vlanif10]vrrp vrid 10 track interface g0/0/1
[Core-LSW2-Vlanif10]vrrp vrid 10 track interface g0/0/2
[Core-LSW2-Vlanif10]int vlanif20
[Core-LSW2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.252
[Core-LSW2-Vlanif20]vrrp vrid 20 track interface g0/0/1
[Core-LSW2-Vlanif20]vrrp vrid 20 track interface g0/0/2
[Core-LSW2-Vlanif20]int vlanif30
[Core-LSW2-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.252
[Core-LSW2-Vlanif30]vrrp vrid 30 track interface g0/0/1
[Core-LSW2-Vlanif30]vrrp vrid 30 track interface g0/0/2
[Core-LSW2-Vlanif30]int vlanif40
[Core-LSW2-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.252
[Core-LSW2-Vlanif40]vrrp vrid 40 priority 120
[Core-LSW2-Vlanif40]vrrp vrid 40 track interface g0/0/1
[Core-LSW2-Vlanif40]vrrp vrid 40 track interface g0/0/2
[Core-LSW2-Vlanif40]int vlanif50
[Core-LSW2-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.252
[Core-LSW2-Vlanif50]vrrp vrid 50 priority 120
[Core-LSW2-Vlanif50]vrrp vrid 50 track interface g0/0/1
[Core-LSW2-Vlanif50]vrrp vrid 50 track interface g0/0/2
[Core-LSW2-Vlanif50]int vlanif60
[Core-LSW2-Vlanif60]vrrp vrid 60 virtual-ip 192.168.60.252
[Core-LSW2-Vlanif60]vrrp vrid 60 priority 120
[Core-LSW2-Vlanif60]vrrp vrid 60 track interface g0/0/1
[Core-LSW2-Vlanif60]vrrp vrid 60 track interface g0/0/2
[Core-LSW2-Vlanif60]q
--------------------------
4、MSTP生成树
Core-LSW1:
[Core-LSW1]stp enable
[Core-LSW1]stp region-configuration
[Core-LSW1-mst-region]region-name huawei
[Core-LSW1-mst-region]revision-level 5
[Core-LSW1-mst-region]instance 1 vlan 10 20 30 100
[Core-LSW1-mst-region]instance 2 vlan 40 50 60
[Core-LSW1-mst-region]active region-configuration
[Core-LSW1-mst-region]quit
[Core-LSW1]stp instance 1 root primary
[Core-LSW1]stp instance 2 root secondary
[Core-LSW1-mst-region]dis th
[Core-LSW1]quit
----------------------------
Core-LSW2:
[Core-LSW2]stp enable
[Core-LSW2]stp region-configuration
[Core-LSW2-mst-region]region-name huawei
[Core-LSW2-mst-region]revision-level 5
[Core-LSW2-mst-region]instance 1 vlan 10 20 30 100
[Core-LSW2-mst-region]instance 2 vlan 40 50 60
[Core-LSW2-mst-region]active region-configuration
[Core-LSW2-mst-region]quit
[Core-LSW2]stp instance 1 root secondary
[Core-LSW2]stp instance 2 root primary
[Core-LSW2]q
--------------------------
SW1:
[LSW1]stp enable
[LSW1]stp region-configuration
[LSW1-mst-region]region-name huawei
[LSW1-mst-region]revision-level 5
[LSW1-mst-region]instance 1 vlan 10 20 30 100
[LSW1-mst-region]instance 2 vlan 40 50 60
[LSW1-mst-region]active region-configuration
[LSW1-mst-region]quit
---------------------------
SW2:
[LSW2]stp enable
[LSW2]stp region-configuration
[LSW2-mst-region]region-name huawei
[LSW2-mst-region]revision-level 5
[LSW2-mst-region]instance 1 vlan 10 20 30 100
[LSW2-mst-region]instance 2 vlan 40 50 60
[LSW2-mst-region]active region-configuration
[LSW2-mst-region]quit
---------------------------
SW3:
[LSW3]stp enable
[LSW3]stp region-configuration
[LSW3-mst-region]region-name huawei
[LSW3-mst-region]revision-level 5
[LSW3-mst-region]instance 1 vlan 10 20 30 100
[LSW3-mst-region]instance 2 vlan 40 50 60
[LSW3-mst-region]active region-configuration
[LSW3-mst-region]quit
----------------------------
SW4:
[LSW4]stp enable
[LSW4]stp region-configuration
[LSW4-mst-region]region-name huawei
[LSW4-mst-region]revision-level 5
[LSW4-mst-region]instance 1 vlan 10 20 30 100
[LSW4-mst-region]instance 2 vlan 40 50 60
[LSW4-mst-region]active region-configuration
[LSW4-mst-region]quit
---------------------------
SW5:
[LSW5]stp enable
[LSW5]stp region-configuration
[LSW5-mst-region]region-name huawei
[LSW5-mst-region]revision-level 5
[LSW5-mst-region]instance 1 vlan 10 20 30 100
[LSW5-mst-region]instance 2 vlan 40 50 60
[LSW5-mst-region]active region-configuration
[LSW5-mst-region]quit
-----------------------------
SW6:
[LSW6]stp enable
[LSW6]stp region-configuration
[LSW6-mst-region]region-name huawei
[LSW6-mst-region]revision-level 5
[LSW6-mst-region]instance 1 vlan 10 20 30 100
[LSW6-mst-region]instance 2 vlan 40 50 60
[LSW6-mst-region]active region-configuration
[LSW6-mst-region]quit
-----------------------------5、OSPF
Core-LSW1:
[Core-LSW1]ospf 10
[Core-LSW1-ospf-10]area 0
[Core-LSW1-ospf-10-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[Core-LSW1-ospf-10-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[Core-LSW1-ospf-10-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[Core-LSW1-ospf-10-area-0.0.0.0]network 192.168.40.0 0.0.0.255
[Core-LSW1-ospf-10-area-0.0.0.0]network 192.168.50.0 0.0.0.255
[Core-LSW1-ospf-10-area-0.0.0.0]network 192.168.60.0 0.0.0.255
[Core-LSW1-ospf-10-area-0.0.0.0]network 192.168.100.0 0.0.0.255
[Core-LSW1-ospf-10-area-0.0.0.0]network 192.168.5.0 0.0.0.255
[Core-LSW1-ospf-10-area-0.0.0.0]network 192.168.7.0 0.0.0.255
[Core-LSW1-ospf-10-area-0.0.0.0]quit
----------------------------
Core-LSW2:
[Core-LSW2]ospf 20
[Core-LSW2-ospf-20]area 0
[Core-LSW2-ospf-20-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[Core-LSW2-ospf-20-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[Core-LSW2-ospf-20-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[Core-LSW2-ospf-20-area-0.0.0.0]network 192.168.40.0 0.0.0.255
[Core-LSW2-ospf-20-area-0.0.0.0]network 192.168.50.0 0.0.0.255
[Core-LSW2-ospf-20-area-0.0.0.0]network 192.168.60.0 0.0.0.255
[Core-LSW2-ospf-20-area-0.0.0.0]network 192.168.6.0 0.0.0.255
[Core-LSW2-ospf-20-area-0.0.0.0]network 192.168.8.0 0.0.0.255
-----------------------------
Core-R1:
[Core-R1]ospf 30
[Core-R1-ospf-30]area 0
[Core-R1-ospf-30-area-0.0.0.0]network 192.168.5.0 0.0.0.255
[Core-R1-ospf-30-area-0.0.0.0]network 192.168.6.0 0.0.0.255
[Core-R1-ospf-30-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[Core-R1-ospf-30-area-0.0.0.0]network 192.168.2.0 0.0.0.255
-----------------------------
Core-R2:
[Core-R2]ospf 40
[Core-R2-ospf-40]area 0
[Core-R2-ospf-40-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[Core-R2-ospf-40-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[Core-R2-ospf-40-area-0.0.0.0]network 192.168.7.0 0.0.0.255
[Core-R2-ospf-40-area-0.0.0.0]network 192.168.8.0 0.0.0.255
-----------------------------
FW1:
[FW1]ospf 50
[FW1-ospf-50]area 0
[FW1-ospf-50-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[FW1-ospf-50-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[FW1-ospf-50-area-0.0.0.0]network 192.168.200.0 0.0.0.255
[FW1-ospf-50-area-0.0.0.0]quit
[FW1-ospf-50]default-route-advertise always
[FW1-ospf-50]quit
[FW1]ip route-static 0.0.0.0 0.0.0.0 200.10.10.2
-----------------------------6、无线AC
AC1:
<AC6605>sys
[AC6605]undo info-center enable
[AC6605]sysname AC1
[AC1]vlan batch 100 101
[AC1]int Vlanif 100
[AC1-Vlanif100]ip address 192.168.100.1 24
[AC1-Vlanif100]quit
[AC1]dhcp enable
[AC1]int Vlanif 100
[AC1-Vlanif100]dhcp select global
[AC1-Vlanif100]quit
[AC1]int Vlanif 101
[AC1-Vlanif200]ip address 192.168.101.1 24
[AC1-Vlanif200]dhcp select interface
[AC1-Vlanif200]quit
[AC1]ip pool vlan100
[AC1-ip-pool-vlan100]gateway-list 192.168.100.254
[AC1-ip-pool-vlan100]network 192.168.100.0
[AC1-ip-pool-vlan100]dns-list 192.168.200.4
[AC1-ip-pool-vlan100]excluded-ip-address 192.168.100.1
[AC1-ip-pool-vlan100]q
//创建AP组
[AC1]wlan
[AC1-wlan-view]ap-group name ap-huawei
[AC1-wlan-ap-group-ap-huawei]quit
[AC1-wlan-view]regulatory-domain-profile name huawei-domain
[AC1-wlan-regulate-domain-huawei-domain]country-code CN
[AC1-wlan-regulate-domain-huawei-domain]quit
[AC1-wlan-view]ap-group name ap-huawei
[AC1-wlan-ap-group-ap-huawei]regulatory-domain-profile huawei-domain
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:Y
[AC1-wlan-ap-group-ap-huawei]quit
[AC1-wlan-view]q
[AC1]capwap source interface Vlanif 101
[AC1]wlan
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-id 0 ap-mac 00e0-fc41-78C0
[AC1-wlan-ap-0]ap-name area-1
[AC1-wlan-ap-0]ap-group ap-huawei
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:Y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC1-wlan-ap-0]q
[AC1-wlan-view]q
[AC1]dis ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
idle : idle [1]
--------------------------------------------------------------------------------
---
ID MAC Name Group IP Type State STA Uptime
--------------------------------------------------------------------------------
---
0 00e0-fc41-78c0 area-1 ap-huawei - - idle 0 -
--------------------------------------------------------------------------------
---
Total: 1
[AC1]int g0/0/1
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC1]dis ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor : normal [1]
--------------------------------------------------------------------------------
--------------
ID MAC Name Group IP Type State STA Upt
ime
--------------------------------------------------------------------------------
--------------
0 00e0-fc41-78c0 area-1 ap-huawei 192.168.200.3 AP6050DN nor 0 1M:
52S
--------------------------------------------------------------------------------
--------------
Total: 1
//AC1配置无线局域网
[AC1]wlan
[AC1-wlan-view]security-profile name sec
[AC1-wlan-sec-prof-sec]security wpa2 psk pass-phrase huawei@123 aes
[AC1-wlan-sec-prof-sec]quit
[AC1-wlan-view]ssid-profile name ssid-1
[AC1-wlan-ssid-prof-ssid-1]ssid huawei
[AC1-wlan-ssid-prof-ssid-1]quit
//配置虚拟AP,可以有很多个点接入
[AC1-wlan-view]vap-profile name vap-1
[AC1-wlan-vap-prof-vap-1]forward-mode tunnel
[AC1-wlan-vap-prof-vap-1]service-vlan vlan-id 100
[AC1-wlan-vap-prof-vap-1]security-profile sec
[AC1-wlan-vap-prof-vap-1]ssid-profile ssid-1
[AC1-wlan-vap-prof-vap-1]quit
[AC1-wlan-view]ap-group name ap-huawei
[AC1-wlan-ap-group-ap-huawei]vap-profile vap-1 wlan 1 radio 0
[AC1-wlan-ap-group-ap-huawei]q
----------------------------7、路由端口IP配置
Core-R1:
<Huawei>sys
<Huawei>undo info-center enable
[Huawei]sysname Core-R1
[Core-R1]int g2/0/0
[Core-R1-GigabitEthernet2/0/0]ip address 192.168.5.1 24
[Core-R1-GigabitEthernet2/0/0]int g2/0/1
[Core-R1-GigabitEthernet2/0/1]ip address 192.168.6.1 24
[Core-R1-GigabitEthernet2/0/1]int g0/0/1
[Core-R1-GigabitEthernet0/0/1]ip address 192.168.4.1 24
[Core-R1-GigabitEthernet0/0/1]int g0/0/0
[Core-R1-GigabitEthernet0/0/0]ip address 192.168.2.2 24
[Core-R1-GigabitEthernet0/0/0]quit
--------------------------
Core-R2:
<Huawei>sys
<Huawei>undo info-center enable
[Huawei]sysname Core-R2
[Core-R2]int g2/0/0
[Core-R2-GigabitEthernet2/0/0]ip address 192.168.8.1 24
[Core-R2-GigabitEthernet2/0/0]int g2/0/1
[Core-R2-GigabitEthernet2/0/1]ip address 192.168.7.1 24
[Core-R2-GigabitEthernet2/0/1]int g0/0/0
[Core-R2-GigabitEthernet0/0/0]ip address 192.168.4.2 24
[Core-R2-GigabitEthernet0/0/0]int g0/0/1
[Core-R2-GigabitEthernet0/0/1]ip address 192.168.3.2 24
[Core-R2-GigabitEthernet0/0/1]quit
----------------------------
FW1:
<USG6000V1>sys
[USG6000V1]undo info-center enable
[USG6000V1]sysname FW1
[FW1]int g1/0/0
[FW1-GigabitEthernet1/0/0]ip address 192.168.2.1 24
[FW1-GigabitEthernet1/0/0]int g1/0/1
[FW1-GigabitEthernet1/0/1]ip address 192.168.3.1 24
[FW1-GigabitEthernet1/0/1]int g1/0/3
[FW1-GigabitEthernet1/0/3]ip address 192.168.200.1 24
[FW1-GigabitEthernet1/0/3]int g1/0/2
[FW1-GigabitEthernet1/0/2]ip address 200.10.10.1 30
[FW1-GigabitEthernet1/0/2]quit
-----------------------------8、安全策略
FW1:
//划分trust区域
[FW1]firewall zone trust
[FW1-zone-trust]add interface g1/0/0
[FW1-zone-trust]add interface g1/0/1
[FW1-zone-trust]quit
//划分untrust区域
[FW1]firewall zone untrust
[FW1-zone-untrust]add interface g1/0/2
[FW1-zone-untrust]quit
//划分dmz区域
[FW1]firewall zone dmz
[FW1-zone-dmz]add interface g1/0/3
[FW1-zone-dmz]quit
//配置安全放行策略
[FW1]security-policy
[FW1-policy-security]rule name tr-untr
[FW1-policy-security-rule-tr-untr]source-zone trust
[FW1-policy-security-rule-tr-untr]source-address 192.168.0.0 0.0.255.255
[FW1-policy-security-rule-tr-untr]destination-zone untrust
[FW1-policy-security-rule-tr-untr]action permit
[FW1-policy-security-rule-tr-untr]quit
[FW1-policy-security]quit
[FW1]security-policy
[FW1-policy-security]rule name trust-dmz
[FW1-policy-security-rule-trust-dmz]source-zone trust
[FW1-policy-security-rule-trust-dmz]source-address 192.168.0.0 0.0.255.255
[FW1-policy-security-rule-trust-dmz]destination-zone dmz
[FW1-policy-security-rule-trust-dmz]action permit
[FW1-policy-security-rule-trust-dmz]quit
[FW1-policy-security]rule name dmz-to-trust
[FW1-policy-security-rule-dmz-to-trust]source-zone dmz
[FW1-policy-security-rule-dmz-to-trust]source-address 192.168.0.0 0.0.255.255
[FW1-policy-security-rule-dmz-to-trust]destination-zone trust
[FW1-policy-security-rule-dmz-to-trust]action permit
[FW1-policy-security-rule-dmz-to-trust]quit
[FW1-policy-security]rule name dmz-to-local
[FW1-policy-security-rule-dmz-to-local]source-zone dmz
[FW1-policy-security-rule-dmz-to-local]source-zone local
[FW1-policy-security-rule-dmz-to-local]destination-zone dmz
[FW1-policy-security-rule-dmz-to-local]destination-zone local
[FW1-policy-security-rule-dmz-to-local]action permit
[FW1-policy-security-rule-dmz-to-local]quit
[FW1-policy-security]quit
//进入四个接口,允许所有的协议通过
[FW1]int g1/0/0
[FW1-GigabitEthernet1/0/0]service-manage all permit
[FW1-GigabitEthernet1/0/0]int g1/0/1
[FW1-GigabitEthernet1/0/1]service-manage all permit
[FW1-GigabitEthernet1/0/1]int g1/0/2
[FW1-GigabitEthernet1/0/2]service-manage all permit
[FW1-GigabitEthernet1/0/2]int g1/0/3
[FW1-GigabitEthernet1/0/3]service-manage all permit
[FW1-GigabitEthernet1/0/3]quit
--------------------------9、NAT转换
FW1:
[FW1]nat-policy
[FW1-policy-nat]rule name easy-ip
[FW1-policy-nat-rule-easy-ip]source-address 192.168.0.0 0.0.255.255
[FW1-policy-nat-rule-easy-ip]source-zone trust
[FW1-policy-nat-rule-easy-ip]source-zone dmz
[FW1-policy-nat-rule-easy-ip]destination-zone untrust
[FW1-policy-nat-rule-easy-ip]action source-nat easy-ip
[FW1-policy-nat-rule-easy-ip]q
-------------------------
10、ISP
ISP-R:
<Huawei>sys
[Huawei]undo info-center enable
[Huawei]sysname ISP-R
[ISP-R]int g0/0/0
[ISP-R-GigabitEthernet0/0/0]ip address 200.10.10.2 30
[ISP-R-GigabitEthernet0/0/0]int g0/0/1
[ISP-R-GigabitEthernet0/0/1]ip address 200.10.20.1 28
[ISP-R-GigabitEthernet0/0/0]quit
---------------------------五、测试部分
需要你联系作者获取资源!
4万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
