基于eNSP中大型校园企业网络规划与设计

已于 2025-04-13 13:52:13 修改
阅读量4k 收藏 102
点赞数 28
分类专栏: Ensp网络设计 文章标签: 网络 华为 毕业设计 课程设计
于 2024-10-12 22:36:03 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_73990724/article/details/142883405
版权

目录

前言介绍

一、设计思路

二、设计图

 三、IP地址及VLAN的划分

 四、配置步骤

1、慧源楼Eth-trunk配置

2、慧源/日新楼VLAN 划分

3、慧源楼RSTP配置

4、慧源楼VRRP配置

5、慧源/日新楼OSPF配置

6、慧源/日新楼DHCP中继

7、明诚楼VLAN划分

8、明诚楼MSTP配置

 9、明诚楼VRRP配置

10、明诚楼RIP配置

11、OSPF&路由引入

12、明诚楼DHCP中继

13、服务区vlan划分

14、服务区VRRP配置

15、服务区OSPF配置

16、OSPF&FW1配置

17、Vlink配置

18、服务区DHCP中继

19、ISP区ISIS配置

20、FW1中NAT配置

21、IPsec VPN配置

22、分校区单臂路由&DHCP

23、RIP&路由引入

前言介绍

该网络运用到的技术主要有vlan划分、eth-trunk捆绑、RSTP、MSTP、VRRP、OSPF、RIP、IS-IS、NAT(地址池、easyIP两种转换)、单臂路由、ACL、DHCP子接口分配、DHCP中继、Vlink、IPsec VPN、路由引入、默认路由、FW的安全策略、无线WLAN规划等等,非常适合学习各个技术的小伙伴使用,还可适用于毕设,课设,中大型园区网络的实现等等场景!

一、设计思路

完成服务器、防火墙、路由器相应的接口地址的配置。

慧源楼配置Eth-Trunk链路捆绑来提高链路的冗余。

根据不同的地域划分多个不同的vlan,减小广播域大小,提高网络的可靠性和安全性。

在慧源楼配置RSTP+VRRP,避免网络的回环且快速收敛。

在明诚楼配置MSTP+VRRP,同时实现冗余,划分实例,让不同的vlan优先选择相应的交换机,并减少stp震荡。

明诚楼、慧源楼、服务区的所有用户通过配置相应的DHCP中继能自动获取地址,且DHCP服务器为AR2。

分校区用户也需要要自动获取地址,相应服务器为AR13,AR13配置相应的子接口为相应终端分配地址。

慧源楼主要配置OSPF让其相应路由器能学到相应的路由表。

明诚楼应用RIP协议和OSPF协议,并将RIP和OSPF路由进行双向引入,让其能与慧源楼互通。

服务区配置相应的ftp、dns、web服务器,如有PC接入也能自动获取地址,这里的PC用于测试相应的DHCP。

FW1和LSW4分别配置Vlink,让area3和area0之间能互通,学到相应的路由信息。

FW1/FW2都配置相应的安全策略,且在FW1上放行trust到dmz的流量。

FW1/FW2都配置相应的默认路由指向我们的运行商ISP。

FW1/FW2配置相应的NAT策略,使得内网、dmz可以访问外网(百度)。

FW1/FW2配置相应的。IPsec VPN让模拟主校区与模拟分校区之间互通,允许互通的网段为172.16.X.X/16。

外网模拟ISP使用使用IS-IS路由让其互通。

主校区/分校区用户可以通过域名(www.baidu.com)访问外网百度,主校区可以通过域名(www.xyw.com)访问内网web服务器。

我们主校区用户的dns服务器就用我们内部的dns服务器,分校区的dns服务器用ISP的dns服务器。

二、设计图

       这个就是所搭建的设计图,查看设备代码可用dis cu进行配置代码的查看。

 三、IP地址及VLAN的划分

 四、配置步骤

1、慧源楼Eth-trunk配置
	LSW1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW1
[LSW1]int eth-trunk 1
[LSW1-Eth-Trunk1]mode lacp-static
[LSW1-Eth-Trunk1]trunkport g0/0/4
[LSW1-Eth-Trunk1]trunkport g0/0/5
[LSW1-Eth-Trunk1]qui
[LSW1]
-------------------------------------------
	LSW2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW2
[LSW2]int eth-trunk 1
[LSW2-Eth-Trunk1]mode lacp-static
[LSW2-Eth-Trunk1]trunkport g0/0/4
[LSW2-Eth-Trunk1]trunkport g0/0/5
[LSW2-Eth-Trunk1]qui
[LSW2]
2、慧源/日新楼VLAN 划分
	LSW1:
[LSW1]vlan batch 10 11 111
[LSW1]int g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type access
[LSW1-GigabitEthernet0/0/1]port default vlan 111
[LSW1-GigabitEthernet0/0/1]int g0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type trunk
[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 to 11
[LSW1-GigabitEthernet0/0/2]int g0/0/3
[LSW1-GigabitEthernet0/0/3]port link-type trunk
[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 to 11
[LSW1-GigabitEthernet0/0/3]qui
[LSW1]int Eth-Trunk 1
[LSW1-Eth-Trunk1]port link-type trunk
[LSW1-Eth-Trunk1]port trunk allow-pass vlan 10 to 11
[LSW1-Eth-Trunk1]qui
[LSW2]
-------------------------------------------
    LSW2:
[LSW2]vlan batch 10 11 122
[LSW2]int g0/0/1
[LSW2-GigabitEthernet0/0/1]port link-type access
[LSW2-GigabitEthernet0/0/1]port default vlan 122
[LSW2-GigabitEthernet0/0/1]int g0/0/2
[LSW2-GigabitEthernet0/0/2]port link-type trunk
[LSW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 to 11
[LSW2-GigabitEthernet0/0/2]int g0/0/3
[LSW2-GigabitEthernet0/0/3]port link-type trunk
[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 to 11
[LSW2-GigabitEthernet0/0/3]qui
[LSW2]int Eth-Trunk 1
[LSW2-Eth-Trunk1]port link-type trunk
[LSW2-Eth-Trunk1]port trunk allow-pass vlan 10 to 11
[LSW2-Eth-Trunk1]qui
[LSW2]
-------------------------------------------
    LSW3:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW3
[LSW3]vlan batch 12 133
[LSW3]int g0/0/1
[LSW3-GigabitEthernet0/0/1]port link-type access
[LSW3-GigabitEthernet0/0/1]port default vlan 133
[LSW3-GigabitEthernet0/0/1]int g0/0/2
[LSW3-GigabitEthernet0/0/2]port link-type access
[LSW3-GigabitEthernet0/0/2]port default vlan 12
[LSW3-GigabitEthernet0/0/2]qui
[LSW3]
-------------------------------------------
    SW1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname SW1
[SW1]vlan 10
[SW1-vlan10]qui
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 11
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 11
[SW1-GigabitEthernet0/0/2]int e0/0/1
[SW1-Ethernet0/0/1]port link-type access
[SW1-Ethernet0/0/1]port default vlan 10
[SW1-Ethernet0/0/1]qui
[SW1]
-------------------------------------------
    SW2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname SW2
[SW2]vlan 11
[SW2-vlan11]qui
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 11
[SW2-GigabitEthernet0/0/1]int g0/0/2
[SW2-GigabitEthernet0/0/2]port link-type trunk
[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 11
[SW2-GigabitEthernet0/0/2]int e0/0/1
[SW2-Ethernet0/0/1]port link-type access
[SW2-Ethernet0/0/1]port default vlan 11
[SW2-Ethernet0/0/1]qui
[SW2]
3、慧源楼RSTP配置
	LSW1:
[LSW1]stp mode rstp
[LSW1]stp priority 0
[LSW1]
-------------------------------------------
    LSW2:
[LSW2]stp mode rstp
[LSW2]stp priority 4096
[LSW2]
4、慧源楼VRRP配置
	LSW1:
[LSW1]int vlan 10
[LSW1-Vlanif10]ip address 172.16.10.254 24
[LSW1-Vlanif10]vrrp vrid 10 virtual-ip 172.16.10.1
[LSW1-Vlanif10]int vlan 11
[LSW1-Vlanif11]ip address 172.16.11.254 24
[LSW1-Vlanif11]vrrp vrid 11 virtual-ip 172.16.11.1
[LSW1-Vlanif11]qui
[LSW1]
-------------------------------------------
    LSW2:
[LSW2]int vlan 10
[LSW2-Vlanif10]ip address 172.16.10.253 24
[LSW2-Vlanif10]vrrp vrid 10 virtual-ip 172.16.10.1
[LSW2-Vlanif10]int vlan 11
[LSW2-Vlanif11]ip address 172.16.11.253 24
[LSW2-Vlanif11]vrrp vrid 11 virtual-ip 172.16.11.1
[LSW2-Vlanif11]qui
[LSW2]
5、慧源/日新楼OSPF配置
	LSW1:
[LSW1]int vlan 111
[LSW1-Vlanif111]ip add 192.168.111.11 24
[LSW1-Vlanif111]qui
[LSW1]ospf router-id 1.1.1.11
[LSW1-ospf-1]area 0
[LSW1-ospf-1-area-0.0.0.0]network 172.16.10.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0]network 172.16.11.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0]network 192.168.111.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0]qui
[LSW1-ospf-1]qui
[LSW1]
-------------------------------------------
    LSW2:
[LSW2]int vlan 122
[LSW2-Vlanif122]ip add 192.168.122.12 24
[LSW2-Vlanif122]qui
[LSW2]ospf router-id 1.1.1.12
[LSW2-ospf-1]area 0
[LSW2-ospf-1-area-0.0.0.0]network 172.16.10.0 0.0.0.255
[LSW2-ospf-1-area-0.0.0.0]network 172.16.11.0 0.0.0.255
[LSW2-ospf-1-area-0.0.0.0]network 192.168.122.0 0.0.0.255
[LSW2-ospf-1-area-0.0.0.0]qui
[LSW2-ospf-1]qui
[LSW2]
-------------------------------------------
    LSW3:
[LSW3]int vlan 133
[LSW3-Vlanif133]ip add 192.168.133.13 24
[LSW3-Vlanif133]int vlan 12
[LSW3-Vlanif12]ip add 172.16.12.1 24
[LSW3-Vlanif12]qui
[LSW3]ospf router-id 1.1.1.13
[LSW3-ospf-1]area 0
[LSW3-ospf-1-area-0.0.0.0]network 172.16.12.0 0.0.0.255
[LSW3-ospf-1-area-0.0.0.0]network 192.168.133.0 0.0.0.255
[LSW3-ospf-1-area-0.0.0.0]qui
[LSW3-ospf-1]qui
[LSW3]
-------------------------------------------
    AR1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR1
[AR1]int g2/0/0
[AR1-GigabitEthernet2/0/0]ip add 192.168.111.1 24
[AR1-GigabitEthernet2/0/0]int g2/0/1
[AR1-GigabitEthernet2/0/1]ip add 192.168.122.1 24
[AR1-GigabitEthernet2/0/1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 192.168.14.1 24
[AR1-GigabitEthernet0/0/0]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip add 192.168.15.1 24
[AR1-GigabitEthernet0/0/1]int loo0
[AR1-LoopBack0]ip add 10.1.1.1 32
[AR1-LoopBack0]qui
[AR1]ospf router-id 1.1.1.1
[AR1-ospf-1]area 0
[AR1-ospf-1-area-0.0.0.0]net 192.168.14.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]net 192.168.15.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]net 192.168.122.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]net 192.168.111.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]qui
[AR1-ospf-1]qui
[AR1]
-------------------------------------------
    AR2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR2
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip add 192.168.14.2 24
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]ip add 192.168.16.2 24
[AR2-GigabitEthernet0/0/1]int loo0
[AR2-LoopBack0]ip add 10.1.1.2 32
[AR2-LoopBack0]qui
[AR2]ospf router-id 1.1.1.2
[AR2-ospf-1]area 0
[AR2-ospf-1-area-0.0.0.0]net 192.168.14.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]net 192.168.16.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]qui
[AR2-ospf-1]qui
[AR2]
-------------------------------------------
    AR3:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR3
[AR3]int g0/0/0
[AR3-GigabitEthernet0/0/0]ip add 192.168.17.3 24
[AR3-GigabitEthernet0/0/0]int g0/0/1
[AR3-GigabitEthernet0/0/1]ip add 192.168.16.3 24
[AR3-GigabitEthernet0/0/1]int loo0
[AR3-LoopBack0]ip add 10.1.1.3 32
[AR3-LoopBack0]qui
[AR3]ospf router-id 1.1.1.3
[AR3-ospf-1]area 0
[AR3-ospf-1-area-0.0.0.0]net 192.168.17.0 0.0.0.255
[AR3-ospf-1-area-0.0.0.0]net 192.168.16.0 0.0.0.255
[AR3-ospf-1-area-0.0.0.0]qui
[AR3-ospf-1]qui
[AR3]
-------------------------------------------
    AR4:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR4
[AR4]int g0/0/0
[AR4-GigabitEthernet0/0/0]ip add 192.168.133.4 24
[AR4-GigabitEthernet0/0/0]int g0/0/1
[AR4-GigabitEthernet0/0/1]ip add 192.168.15.4 24
[AR4-GigabitEthernet0/0/1]int g2/0/0
[AR4-GigabitEthernet2/0/0]ip add 192.168.18.4 24
[AR4-GigabitEthernet2/0/0]int loo0
[AR4-LoopBack0]ip add 10.1.1.4 32
[AR4-LoopBack0]qui
[AR4]ospf router-id 1.1.1.4
[AR4-ospf-1]area 0
[AR4-ospf-1-area-0.0.0.0]net 192.168.18.0 0.0.0.255
[AR4-ospf-1-area-0.0.0.0]net 192.168.15.0 0.0.0.255
[AR4-ospf-1-area-0.0.0.0]net 192.168.133.0 0.0.0.255
[AR4-ospf-1-area-0.0.0.0]qui
[AR4-ospf-1]qui
[AR4]
-------------------------------------------
    AR5:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR5
[AR5]int g0/0/0
[AR5-GigabitEthernet0/0/0]ip add 192.168.19.5 24
[AR5-GigabitEthernet0/0/0]int g0/0/1
[AR5-GigabitEthernet0/0/1]ip add 192.168.17.5 24
[AR5-GigabitEthernet0/0/1]int g2/0/0
[AR5-GigabitEthernet2/0/0]ip add 192.168.18.5 24
[AR5-GigabitEthernet2/0/0]int loo0
[AR5-LoopBack0]ip add 10.1.1.5 32
[AR5-LoopBack0]qui
[AR5]ospf router-id 1.1.1.5
[AR5-ospf-1]area 0
[AR5-ospf-1-area-0.0.0.0]net 192.168.19.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]net 192.168.17.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]net 192.168.18.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]qui
[AR5-ospf-1]qui
[AR5]
6、慧源/日新楼DHCP中继
	LSW1:
[LSW1]dhcp enable
[LSW1]int vlan 10
[LSW1-Vlanif10]dhcp select relay
[LSW1-Vlanif10]dhcp relay server-ip 192.168.14.2
[LSW1-Vlanif10]dhcp relay server-ip 192.168.16.2
[LSW1-Vlanif10]int vlan 11
[LSW1-Vlanif11]dhcp select relay
[LSW1-Vlanif11]dhcp relay server-ip 192.168.14.2
[LSW1-Vlanif11]dhcp relay server-ip 192.168.16.2
[LSW1-Vlanif11]qui
[LSW1]
-------------------------------------------
    LSW2:
[LSW2]dhcp enable
[LSW2]int vlan 10
[LSW2-Vlanif10]dhcp select relay
[LSW2-Vlanif10]dhcp relay server-ip 192.168.14.2
[LSW2-Vlanif10]dhcp relay server-ip 192.168.16.2
[LSW2-Vlanif10]int vlan 11
[LSW2-Vlanif11]dhcp select relay
[LSW2-Vlanif11]dhcp relay server-ip 192.168.14.2
[LSW2-Vlanif11]dhcp relay server-ip 192.168.16.2
[LSW2-Vlanif11]qui
[LSW2]
-------------------------------------------
    LSW3:
[LSW3]dhcp enable
[LSW3]int vlan 12
[LSW3-Vlanif12]dhcp select relay
[LSW3-Vlanif12]dhcp relay server-ip 192.168.14.2
[LSW3-Vlanif12]dhcp relay server-ip 192.168.16.2
[LSW3-Vlanif12]
-------------------------------------------
    AR2:
[AR2]dhcp enable
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]dhcp select global
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]dhcp select global
[AR2-GigabitEthernet0/0/1]qui
[AR2]ip pool vlan10
[AR2-ip-pool-vlan10]network 172.16.10.0 mask 24
[AR2-ip-pool-vlan10]gateway-list 172.16.10.1
[AR2-ip-pool-vlan10]excluded-ip-address 172.16.10.250 172.16.10.254
[AR2-ip-pool-vlan10]dns-list 172.16.50.3 8.8.8.8 
[AR2-ip-pool-vlan10]lease unlimited
[AR2-ip-pool-vlan10]qui
[AR2]ip pool vlan11
[AR2-ip-pool-vlan11]network 172.16.11.0 mask 24
[AR2-ip-pool-vlan11]gateway-list 172.16.11.1
[AR2-ip-pool-vlan11]excluded-ip-address 172.16.11.250 172.16.11.254
[AR2-ip-pool-vlan11]dns-list 172.16.50.3 8.8.8.8 
[AR2-ip-pool-vlan11]lease unlimited
[AR2-ip-pool-vlan11]qui
[AR2]ip pool vlan12
[AR2-ip-pool-vlan12]gateway-list 172.16.12.1 
[AR2-ip-pool-vlan12]network 172.16.12.0 mask 255.255.255.0
[AR2-ip-pool-vlan12]excluded-ip-address 172.16.12.250 172.16.12.254
[AR2-ip-pool-vlan12]dns-list 172.16.50.3 8.8.8.8
[AR2-ip-pool-vlan12]lease unlimited
[AR2-ip-pool-vlan12]qui
[AR2]ip pool vlan13
[AR2-ip-pool-vlan13]gateway-list 172.16.13.1 
[AR2-ip-pool-vlan13]network 172.16.13.0 mask 255.255.255.0 
[AR2-ip-pool-vlan13]excluded-ip-address 172.16.13.250 172.16.13.254
[AR2-ip-pool-vlan13]dns-list 172.16.50.3 8.8.8.8
[AR2-ip-pool-vlan13]lease unlimited
[AR2-ip-pool-vlan13]qui
[AR2]ip pool vlan14
[AR2-ip-pool-vlan14]gateway-list 172.16.14.1 
[AR2-ip-pool-vlan14]network 172.16.14.0 mask 255.255.255.0
[AR2-ip-pool-vlan14]excluded-ip-address 172.16.14.250 172.16.14.254
[AR2-ip-pool-vlan14]dns-list 172.16.50.3 8.8.8.8
[AR2-ip-pool-vlan14]lease unlimited
[AR2-ip-pool-vlan14]qui
[AR2]ip pool vlan50
[AR2-ip-pool-vlan50]gateway-list 172.16.50.1 
[AR2-ip-pool-vlan50]network 172.16.50.0 mask 255.255.255.0
[AR2-ip-pool-vlan50]excluded-ip-address 172.16.50.250 172.16.50.254
[AR2-ip-pool-vlan50]dns-list 172.16.50.3 8.8.8.8
[AR2-ip-pool-vlan50]lease unlimited
[AR2-ip-pool-vlan50]qui
[AR2]
7、明诚楼VLAN划分
	LSW5-1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW5-1
[LSW5-1]vlan batch 13 14 110
[LSW5-1]int g0/0/1
[LSW5-1-GigabitEthernet0/0/1]port link-type access
[LSW5-1-GigabitEthernet0/0/1]port default vlan 110
[LSW5-1-GigabitEthernet0/0/1]int g0/0/2
[LSW5-1-GigabitEthernet0/0/2]port link-type trunk
[LSW5-1-GigabitEthernet0/0/2]port trunk allow-pass vlan 13 14
[LSW5-1-GigabitEthernet0/0/2]int g0/0/3
[LSW5-1-GigabitEthernet0/0/3]port link-type trunk
[LSW5-1-GigabitEthernet0/0/3]port trunk allow-pass vlan 13 14
[LSW5-1-GigabitEthernet0/0/3]qui
[LSW5-1]
-------------------------------------------
    LSW5-2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW5-2
[LSW5-2]vlan batch 13 14 109
[LSW5-2]int g0/0/1
[LSW5-2-GigabitEthernet0/0/1]port link-type access
[LSW5-2-GigabitEthernet0/0/1]port default vlan 109
[LSW5-2-GigabitEthernet0/0/1]int g0/0/2
[LSW5-2-GigabitEthernet0/0/2]port link-type trunk
[LSW5-2-GigabitEthernet0/0/2]port trunk allow-pass vlan 13 14
[LSW5-2-GigabitEthernet0/0/2]int g0/0/3
[LSW5-2-GigabitEthernet0/0/3]port link-type trunk
[LSW5-2-GigabitEthernet0/0/3]port trunk allow-pass vlan 13 14
[LSW5-2-GigabitEthernet0/0/3]qui
[LSW5-2]
-------------------------------------------
    LSW5:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW5
[LSW5]vlan batch 13 14
[LSW5]int e0/0/1
[LSW5-Ethernet0/0/1]port link-type access
[LSW5-Ethernet0/0/1]port default vlan 13
[LSW5-Ethernet0/0/1]int e0/0/2
[LSW5-Ethernet0/0/2]port link-type access
[LSW5-Ethernet0/0/2]port default vlan 14
[LSW5-Ethernet0/0/2]int g0/0/1
[LSW5-GigabitEthernet0/0/1]port link-type trunk
[LSW5-GigabitEthernet0/0/1]port trunk allow-pass vlan 13 14
[LSW5-GigabitEthernet0/0/1]int g0/0/2
[LSW5-GigabitEthernet0/0/2]port link-type trunk
[LSW5-GigabitEthernet0/0/2]port trunk allow-pass vlan 13 14
[LSW5-GigabitEthernet0/0/2]qui
[LSW5]
8、明诚楼MSTP配置
	LSW5-1:
[LSW5-1]stp region-configuration
[LSW5-1-mst-region]region-name mstp_name
[LSW5-1-mst-region]revision-level 1
[LSW5-1-mst-region]instance 13 vlan 13
[LSW5-1-mst-region]instance 14 vlan 14
[LSW5-1-mst-region]active region-configuration
[LSW5-1-mst-region]qui
[LSW5-1]stp instance 13 root primary
[LSW5-1]stp instance 14 root secondary
[LSW5-1]
-------------------------------------------
    LSW5-2:
[LSW5-2]stp region-configuration
[LSW5-2-mst-region]region-name mstp_name
[LSW5-2-mst-region]revision-level 1
[LSW5-2-mst-region]instance 13 vlan 13
[LSW5-2-mst-region]instance 14 vlan 14
[LSW5-2-mst-region]active region-configuration
[LSW5-2-mst-region]qui
[LSW5-2]stp instance 14 root  primary
[LSW5-2]stp instance 13 root secondary
[LSW5-2]
-------------------------------------------
    LSW5:
[LSW5]stp region-configuration
[LSW5-mst-region]region-name mstp_name
[LSW5-mst-region]revision-level 1
[LSW5-mst-region]instance 13 vlan 13
[LSW5-mst-region]instance 14 vlan 14
[LSW5-mst-region]active region-configuration
[LSW5-mst-region]qui
[LSW5]
 9、明诚楼VRRP配置
	LSW5-1:
[LSW5-1]int vlan 13
[LSW5-1-Vlanif13]ip address 172.16.13.254 24
[LSW5-1-Vlanif13]vrrp vrid 13 virtual-ip 172.16.13.1
[LSW5-1-Vlanif13]vrrp vrid 13 priority 105
[LSW5-1-Vlanif13]int vlan 14
[LSW5-1-Vlanif14]ip address 172.16.14.254 24
[LSW5-1-Vlanif14]vrrp vrid 14 virtual-ip 172.16.14.1
[LSW5-1-Vlanif14]qui
[LSW5-1]
-------------------------------------------
    LSW5-2:
[LSW5-2]int vlan 13
[LSW5-2-Vlanif13]ip address 172.16.13.253 24
[LSW5-2-Vlanif13]vrrp vrid 13 virtual-ip 172.16.13.1
[LSW5-2-Vlanif13]int vlan 14
[LSW5-2-Vlanif14]ip address 172.16.14.253 24
[LSW5-2-Vlanif14]vrrp vrid 14 virtual-ip 172.16.14.1
[LSW5-2-Vlanif14]vrrp vrid 14 priority 105
[LSW5-2-Vlanif14]qui
[LSW5-2]
10、明诚楼RIP配置
	LSW5-1:
[LSW5-1]int vlan 110
[LSW5-1-Vlanif110]ip add 192.168.110.1 24
[LSW5-1-Vlanif110]qui
[LSW5-1]rip 1
[LSW5-1-rip-1]version 2
[LSW5-1-rip-1]network 192.168.110.0
[LSW5-1-rip-1]network 172.16.0.0
[LSW5-1-rip-1]qui
[LSW5-1]
-------------------------------------------
    LSW5-2:
[LSW5-2]int vlan 109
[LSW5-2-Vlanif109]ip add 192.168.109.1 24
[LSW5-2-Vlanif109]qui
[LSW5-2]rip 1
[LSW5-2-rip-1]version 2
[LSW5-2-rip-1]network 192.168.109.0
[LSW5-2-rip-1]network 172.16.0.0
[LSW5-2-rip-1]qui
[LSW5-2]
-------------------------------------------
    AR6:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR6
[AR6]int g0/0/0
[AR6-GigabitEthernet0/0/0]ip add 192.168.100.6 24
[AR6-GigabitEthernet0/0/0]int g2/0/1
[AR6-GigabitEthernet2/0/1]ip add 192.168.110.6 24
[AR6-GigabitEthernet2/0/1]int g2/0/2
[AR6-GigabitEthernet2/0/2]ip add 192.168.109.6 24
[AR6-GigabitEthernet2/0/2]int loo0
[AR6-LoopBack0]ip add 10.1.1.6 32
[AR6-LoopBack0]qui
[AR6]rip
[AR6-rip-1]version 2
[AR6-rip-1]net 192.168.110.0
[AR6-rip-1]net 192.168.109.0
[AR6-rip-1]qui
[AR6]
11、OSPF&路由引入
	AR6:
[AR6]ospf router-id 1.1.1.6
[AR6-ospf-1]area 0.0.0.1
[AR6-ospf-1-area-0.0.0.1]network 192.168.100.0 0.0.0.255
[AR6-ospf-1-area-0.0.0.1]qui
[AR6-ospf-1]import-route rip 1
[AR6-ospf-1]qui
[AR6]rip
[AR6-rip-1]import-route ospf
[AR6-rip-1]qui
[AR6]
-------------------------------------------
    LSW4:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW4
[LSW4]vlan batch 100 19 120
[LSW4]int g0/0/1
[LSW4-GigabitEthernet0/0/1]port link-type access
[LSW4-GigabitEthernet0/0/1]port default vlan 120
[LSW4-GigabitEthernet0/0/1]int g0/0/2
[LSW4-GigabitEthernet0/0/2]port link-type access
[LSW4-GigabitEthernet0/0/2]port default vlan 100
[LSW4-GigabitEthernet0/0/2]int g0/0/3
[LSW4-GigabitEthernet0/0/3]port link-type access
[LSW4-GigabitEthernet0/0/3]port default vlan 19
[LSW4-GigabitEthernet0/0/3]qui
[LSW4]int vlan 120
[LSW4-Vlanif120]ip add 192.168.120.4 24
[LSW4-Vlanif120]int vlan 100
[LSW4-Vlanif100]ip add 192.168.100.4 24
[LSW4-Vlanif100]int vlan 19
[LSW4-Vlanif19]ip add 192.168.19.4 24
[LSW4-Vlanif19]qui
[LSW4]ospf router-id 1.1.1.14
[LSW4-ospf-1]area 0
[LSW4-ospf-1-area-0.0.0.0]net 192.168.19.0 0.0.0.255
[LSW4-ospf-1-area-0.0.0.0]qui
[LSW4-ospf-1]area 1
[LSW4-ospf-1-area-0.0.0.1]net 192.168.100.0 0.0.0.255
[LSW4-ospf-1-area-0.0.0.1]qui
[LSW4-ospf-1]area 2
[LSW4-ospf-1-area-0.0.0.2]net 192.168.120.0 0.0.0.255
[LSW4-ospf-1-area-0.0.0.2]qui
[LSW4-ospf-1]qui
[LSW4]
12、明诚楼DHCP中继
	LSW5-1:
[LSW5-1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LSW5-1]int vlan 13
[LSW5-1-Vlanif13]dhcp select relay
[LSW5-1-Vlanif13]dhcp relay server-ip 192.168.14.2
[LSW5-1-Vlanif13]dhcp relay server-ip 192.168.16.2
[LSW5-1-Vlanif13]int vlan 14
[LSW5-1-Vlanif14]dhcp select relay
[LSW5-1-Vlanif14]dhcp relay server-ip 192.168.14.2
[LSW5-1-Vlanif14]dhcp relay server-ip 192.168.16.2
[LSW5-1-Vlanif14]qui
[LSW5-1]
-------------------------------------------
    LSW5-2:
[LSW5-2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LSW5-2]int vlan 13
[LSW5-2-Vlanif13]dhcp select relay
[LSW5-2-Vlanif13]dhcp relay server-ip 192.168.14.2
[LSW5-2-Vlanif13]dhcp relay server-ip 192.168.16.2
[LSW5-2-Vlanif13]int vlan 14
[LSW5-2-Vlanif14]dhcp select relay
[LSW5-2-Vlanif14]dhcp relay server-ip 192.168.14.2
[LSW5-2-Vlanif14]dhcp relay server-ip 192.168.16.2
[LSW5-2-Vlanif14]qui
[LSW5-2]
13、服务区vlan划分
	SW3:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname SW3
[SW3]vlan 50
[SW3-vlan50]qui
[SW3]int e0/0/1
[SW3-Ethernet0/0/1]port link-type access
[SW3-Ethernet0/0/1]port default vlan 50
[SW3-Ethernet0/0/1]int e0/0/2
[SW3-Ethernet0/0/2]port link-type access
[SW3-Ethernet0/0/2]port default vlan 50
[SW3-Ethernet0/0/2]int e0/0/3
[SW3-Ethernet0/0/3]port link-type access
[SW3-Ethernet0/0/3]port default vlan 50
[SW3-Ethernet0/0/3]int g0/0/1
[SW3-GigabitEthernet0/0/1]port link-type trunk
[SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 50
[SW3-GigabitEthernet0/0/1]int g0/0/2
[SW3-GigabitEthernet0/0/2]port link-type trunk
[SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 50
[SW3-GigabitEthernet0/0/2]qui
[SW3]
-------------------------------------------
    LSW6-1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW6-1
[LSW6-1]vlan batch 50 128
[LSW6-1]int g0/0/1
[LSW6-1-GigabitEthernet0/0/1]port link-type access
[LSW6-1-GigabitEthernet0/0/1]port default vlan 128
[LSW6-1-GigabitEthernet0/0/1]int g0/0/2
[LSW6-1-GigabitEthernet0/0/2]port link-type trunk
[LSW6-1-GigabitEthernet0/0/2]port trunk allow-pass vlan 50
[LSW6-1-GigabitEthernet0/0/2]qui
[LSW6-1]
-------------------------------------------
    LSW6-2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW6-2
[LSW6-2]vlan batch 50 129
[LSW6-2]int g0/0/1
[LSW6-2-GigabitEthernet0/0/1]port link-type access
[LSW6-2-GigabitEthernet0/0/1]port default vlan 129
[LSW6-2-GigabitEthernet0/0/1]int g0/0/2
[LSW6-2-GigabitEthernet0/0/2]port link-type trunk
[LSW6-2-GigabitEthernet0/0/2]port trunk allow-pass vlan 50
[LSW6-2-GigabitEthernet0/0/2]qui
[LSW6-2]
14、服务区VRRP配置
	LSW6-1:
[LSW6-1]int vlan 50
[LSW6-1-Vlanif50]ip add 172.16.50.254 24
[LSW6-1-Vlanif50]vrrp vrid 50 virtual-ip 172.16.50.1
[LSW6-1-Vlanif50]vrrp vrid 50 priority 105
[LSW6-1-Vlanif50]qui
[LSW6-1]
-------------------------------------------
    LSW6-2:
[LSW6-2]int vlan 50
[LSW6-2-Vlanif50]ip add 172.16.50.253 24
[LSW6-2-Vlanif50]vrrp vrid 50 virtual-ip 172.16.50.1
[LSW6-2-Vlanif50]vrrp vrid 50 priority 105
[LSW6-2-Vlanif50]qui
[LSW6-2]
15、服务区OSPF配置
	LSW6-1:
[LSW6-1]int vlan 128
[LSW6-1-Vlanif128]ip add 192.168.128.1 24
[LSW6-1-Vlanif128]qui
[LSW6-1]ospf router-id 1.1.1.16
[LSW6-1-ospf-1]area 3
[LSW6-1-ospf-1-area-0.0.0.3]network 172.16.50.0 0.0.0.255
[LSW6-1-ospf-1-area-0.0.0.3]network 192.168.128.0 0.0.0.255
[LSW6-1-ospf-1-area-0.0.0.3]qui
[LSW6-1-ospf-1]qui
[LSW6-1]
-------------------------------------------
    LSW6-2:
[LSW6-2]int vlan 129
[LSW6-2-Vlanif129]ip add 192.168.129.1 24
[LSW6-2-Vlanif129]qui
[LSW6-2]ospf router-id 1.1.1.17
[LSW6-2-ospf-1]area 3
[LSW6-2-ospf-1-area-0.0.0.3]network 172.16.50.0 0.0.0.255
[LSW6-2-ospf-1-area-0.0.0.3]network 192.168.129.0 0.0.0.255
[LSW6-2-ospf-1-area-0.0.0.3]qui
[LSW6-2-ospf-1]qui
[LSW6-2]
-------------------------------------------
    AR9:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR9
[AR9]int g0/0/1
[AR9-GigabitEthernet0/0/1]ip add 192.168.140.9 24
[AR9-GigabitEthernet0/0/1]int g0/0/2
[AR9-GigabitEthernet0/0/2]ip add 192.168.128.9 24
[AR9-GigabitEthernet0/0/2]int g4/0/0
[AR9-GigabitEthernet4/0/0]ip add 192.168.129.9 24
[AR9-GigabitEthernet4/0/0]qui
[AR9]ospf router-id 1.1.1.9
[AR9-ospf-1]area 3
[AR9-ospf-1-area-0.0.0.3]net 192.168.128.0 0.0.0.255
[AR9-ospf-1-area-0.0.0.3]net 192.168.129.0 0.0.0.255
[AR9-ospf-1-area-0.0.0.3]net 192.168.140.0 0.0.0.255
[AR9-ospf-1-area-0.0.0.3]qui
[AR9-ospf-1]qui
[AR9]
16、OSPF&FW1配置
这里的配置就先不放了,具体的配置都放在下载链接里了!

17、Vlink配置
	FW1:
[FW1]ospf
[FW1-ospf-1]area 2
[FW1-ospf-1-area-0.0.0.2]vlink-peer 1.1.1.14
[FW1-ospf-1-area-0.0.0.2]qui
[FW1-ospf-1]qui
[FW1]
-------------------------------------------
    LSW4:
[LSW4]ospf
[LSW4-ospf-1]area 2
[LSW4-ospf-1-area-0.0.0.2]vlink-peer 1.1.1.18
[LSW4-ospf-1-area-0.0.0.2]qui
[LSW4-ospf-1]qui
[LSW4]
18、服务区DHCP中继
	LSW6-1:
[LSW6-1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LSW6-1]int vlan 50
[LSW6-1-Vlanif50]dhcp select relay
[LSW6-1-Vlanif50]dhcp relay server-ip 192.168.14.2
[LSW6-1-Vlanif50]dhcp relay server-ip 192.168.16.2
[LSW6-1-Vlanif50]qui
[LSW6-1]
-------------------------------------------
    LSW6-2:
[LSW6-2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LSW6-2]int vlan 50
[LSW6-2-Vlanif50]dhcp select relay
[LSW6-2-Vlanif50]dhcp relay server-ip 192.168.14.2
[LSW6-2-Vlanif50]dhcp relay server-ip 192.168.16.2
[LSW6-2-Vlanif50]qui
[LSW6-2]
19、ISP区ISIS配置
	AR10:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR10
[AR10]isis
[AR10-isis-1]net 49.0000.0000.0010.00
[AR10-isis-1]is-level level-2
[AR10-isis-1]cost-style wide
[AR10-isis-1]qui
[AR10]int g0/0/1
[AR10-GigabitEthernet0/0/1]ip add 20.1.1.10 24
[AR10-GigabitEthernet0/0/1]isis enable
[AR10-GigabitEthernet0/0/1]int g0/0/0
[AR10-GigabitEthernet0/0/0]ip add 30.1.1.10 24
[AR10-GigabitEthernet0/0/0]isis enable
[AR10-GigabitEthernet0/0/0]int g0/0/2
[AR10-GigabitEthernet0/0/2]ip add 40.1.1.10 24
[AR10-GigabitEthernet0/0/2]isis enable
[AR10-GigabitEthernet0/0/2]qui
[AR10]
-------------------------------------------
    AR11:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR11
[AR11]isis
[AR11-isis-1]net 49.0000.0000.0011.00
[AR11-isis-1]is-level level-2
[AR11-isis-1]cost-style wide
[AR11-isis-1]qui
[AR11]int g0/0/1
[AR11-GigabitEthernet0/0/1]ip add 50.1.1.11 24
[AR11-GigabitEthernet0/0/1]isis enable
[AR11-GigabitEthernet0/0/1]int g0/0/0
[AR11-GigabitEthernet0/0/0]ip add 30.1.1.11 24
[AR11-GigabitEthernet0/0/0]isis enable
[AR11-GigabitEthernet0/0/0]qui
[AR11]
-------------------------------------------
    AR12:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR12
[AR12]isis
[AR12-isis-1]net 49.0000.0000.0012.00
[AR12-isis-1]is-level level-2
[AR12-isis-1]cost-style wide
[AR12-isis-1]qui
[AR12]int g0/0/0
[AR12-GigabitEthernet0/0/0]ip add 40.1.1.12 24
[AR12-GigabitEthernet0/0/0]isis enable
[AR12-GigabitEthernet0/0/0]int g0/0/1
[AR12-GigabitEthernet0/0/1]ip add 20.1.5.12 24
[AR12-GigabitEthernet0/0/1]isis enable
[AR12-GigabitEthernet0/0/1]int g2/0/0
[AR12-GigabitEthernet2/0/0]ip add 20.1.6.12 24
[AR12-GigabitEthernet2/0/0]isis enable
[AR12-GigabitEthernet2/0/0]
[AR12-GigabitEthernet2/0/0]qui
[AR12]
20、FW1中NAT配置
	FW1:
[FW1]nat address-group nat_pool 0
[FW1-address-group-nat_pool]section 0 20.1.1.5 20.1.1.9
[FW1-address-group-nat_pool]qui
[FW1]nat-policy
[FW1-policy-nat]rule name nat_sys
[FW1-policy-nat-rule-nat_sys]source-zone trust
[FW1-policy-nat-rule-nat_sys]source-zone dmz
[FW1-policy-nat-rule-nat_sys]destination-zone untrust
[FW1-policy-nat-rule-nat_sys]action source-nat address-group nat_pool
[FW1-policy-nat-rule-nat_sys]qui
[FW1-policy-nat]qui
[FW1]
21、IPsec VPN配置
	FW1:
[FW1]ike proposal 10
[FW1-ike-proposal-10]authentication-method pre-share
[FW1-ike-proposal-10]dh group2
Warning: The security level of group1/group2/group5 is low.
[FW1-ike-proposal-10]encryption-algorithm 3des
 Warning: The security level of des/3des is low. 
[FW1-ike-proposal-10]authentication-algorithm sha1
Warning: The security level of md5/sha1 is low.
[FW1-ike-proposal-10]qui
[FW1]ike peer FW2
[FW1-ike-peer-FW2]pre-shared-key huawei
[FW1-ike-peer-FW2]remote-address 50.1.1.2
[FW1-ike-peer-FW2]ike-proposal 10
[FW1-ike-peer-FW2]qui
[FW1]acl 3000
[FW1-acl-adv-3000]rule 5 permit ip source 172.16.0.0 0.0.255.255 destination 172.16.0.0 0.0.255.255
[FW1-acl-adv-3000]qui
[FW1]ipsec proposal XNS
[FW1-ipsec-proposal-XNS]encapsulation-mode tunnel
[FW1-ipsec-proposal-XNS]esp encryption-algorithm 3des
Warning: The security level of des/3des this algorithm is low.
[FW1-ipsec-proposal-XNS]esp authentication-algorithm sha1
Warning: The security level of md5/sha1 is low.
[FW1-ipsec-proposal-XNS]qui
[FW1]ipsec policy XNS_MAP 10 isakmp
[FW1-ipsec-policy-isakmp-XNS_MAP-10]security acl 3000
[FW1-ipsec-policy-isakmp-XNS_MAP-10]proposal XNS
[FW1-ipsec-policy-isakmp-XNS_MAP-10]ike-peer FW2
[FW1-ipsec-policy-isakmp-XNS_MAP-10]qui
[FW1]int g1/0/2
[FW1-GigabitEthernet1/0/2]ipsec policy XNS_MAP
[FW1-GigabitEthernet1/0/2]qui
[FW1]security-policy 
[FW1-policy-security]rule name out_to_local
[FW1-policy-security-rule-out_to_local]source-zone untrust
[FW1-policy-security-rule-out_to_local]destination-zone local
[FW1-policy-security-rule-out_to_local]service protocol 50
[FW1-policy-security-rule-out_to_local]service protocol udp destination-port 500
[FW1-policy-security-rule-out_to_local]action permit
[FW1-policy-security-rule-out_to_local]qui
[FW1-policy-security]rule name out_to_in
[FW1-policy-security-rule-out_to_in]source-zone untrust
[FW1-policy-security-rule-out_to_in]destination-zone trust
[FW1-policy-security-rule-out_to_in]source-address 172.16.0.0 mask 255.255.0.0
[FW1-policy-security-rule-out_to_in]destination-address 172.16.0.0 mask 255.255.0.0
[FW1-policy-security-rule-out_to_in]action permit
[FW1-policy-security-rule-out_to_in]qui
[FW1-policy-security]qui
[FW1]nat-policy
[FW1-policy-nat]rule name nat_pass
[FW1-policy-nat-rule-nat_pass]source-zone trust
[FW1-policy-nat-rule-nat_pass]destination-zone untrust
[FW1-policy-nat-rule-nat_pass]source-address 172.16.0.0 16
[FW1-policy-nat-rule-nat_pass]destination-address 172.16.0.0 16
[FW1-policy-nat-rule-nat_pass]action no-nat
[FW1-policy-nat-rule-nat_pass]qui
[FW1-policy-nat]rule move nat_pass up
[FW1-policy-nat]qui
[FW1]
-------------------------------------------
    FW2:
<USG6000V1>sys
[USG6000V1]un in en
[USG6000V1]sysname FW2
[FW2]int g1/0/0
[FW2-GigabitEthernet1/0/0]ip add 50.1.1.2 24
[FW2-GigabitEthernet1/0/0]service-manage all permit
[FW2-GigabitEthernet1/0/0]int g1/0/1
[FW2-GigabitEthernet1/0/1]ip add 192.168.150.2 24
[FW2-GigabitEthernet1/0/1]service-manage all permit
[FW2-GigabitEthernet1/0/1]qui
[FW2]firewall zone untrust
[FW2-zone-untrust]add int g1/0/0
[FW2-zone-untrust]qui
[FW2]firewall zone trust
[FW2-zone-trust]add int g1/0/1
[FW2-zone-trust]qui
[FW2]ip route-static 0.0.0.0 0 50.1.1.11
[FW2]ike proposal 10
[FW2-ike-proposal-10]authentication-method pre-share
[FW2-ike-proposal-10]dh group2
Warning: The security level of group1/group2/group5 is low.
[FW2-ike-proposal-10]encryption-algorithm 3des
 Warning: The security level of des/3des is low. 
[FW2-ike-proposal-10]authentication-algorithm sha1
Warning: The security level of md5/sha1 is low.
[FW2-ike-proposal-10]qui
[FW2]ike peer FW1
[FW2-ike-peer-FW1]pre-shared-key huawei
[FW2-ike-peer-FW1]remote-address 20.1.1.1
[FW2-ike-peer-FW1]ike-proposal 10
[FW2-ike-peer-FW1]qui
[FW2]acl 3000
[FW2-acl-adv-3000]rule 5 permit ip source 172.16.0.0 0.0.255.255 destination 172.16.0.0 0.0.255.255
[FW2-acl-adv-3000]qui
[FW2]ipsec proposal XNS
[FW2-ipsec-proposal-XNS]encapsulation-mode tunnel
[FW2-ipsec-proposal-XNS]esp encryption-algorithm 3des
Warning: The security level of des/3des this algorithm is low.
[FW2-ipsec-proposal-XNS]esp authentication-algorithm sha1
Warning: The security level of md5/sha1 is low.
[FW2-ipsec-proposal-XNS]qui
[FW2]ipsec policy XNS_MAP 10 isakmp
[FW2-ipsec-policy-isakmp-XNS_MAP-10]security acl 3000
[FW2-ipsec-policy-isakmp-XNS_MAP-10]proposal XNS
[FW2-ipsec-policy-isakmp-XNS_MAP-10]ike-peer FW1
[FW2-ipsec-policy-isakmp-XNS_MAP-10]qui
[FW2]int g1/0/0
[FW2-GigabitEthernet1/0/0]ipsec policy XNS_MAP
[FW2-GigabitEthernet1/0/0]qui
[FW2]security-policy 
[FW2-policy-security]rule name out_to_local
[FW2-policy-security-rule-out_to_local]source-zone untrust
[FW2-policy-security-rule-out_to_local]destination-zone local
[FW2-policy-security-rule-out_to_local]service protocol 50
[FW2-policy-security-rule-out_to_local]service protocol udp destination-port 500
[FW2-policy-security-rule-out_to_local]action permit
[FW2-policy-security-rule-out_to_local]qui
[FW2-policy-security]rule name out_to_in
[FW2-policy-security-rule-out_to_in]source-zone untrust
[FW2-policy-security-rule-out_to_in]destination-zone trust
[FW2-policy-security-rule-out_to_in]source-address 172.16.0.0 16
[FW2-policy-security-rule-out_to_in]destination-address 172.16.0.0 16
[FW2-policy-security-rule-out_to_in]action permit
[FW2-policy-security-rule-out_to_in]qui
[FW2-policy-security]rule name in_to_out
[FW2-policy-security-rule-in_to_out]source-zone trust
[FW2-policy-security-rule-in_to_out]destination-zone untrust
[FW2-policy-security-rule-in_to_out]action permit
[FW2-policy-security-rule-in_to_out]qui
[FW2-policy-security]rule name local_to_any
[FW2-policy-security-rule-local_to_any]source-zone local
[FW2-policy-security-rule-local_to_any]action permit
[FW2-policy-security-rule-local_to_any]qui
[FW2-policy-security]qui
[FW2]nat-policy
[FW2-policy-nat]rule name nat_pass
[FW2-policy-nat-rule-nat_pass]source-zone trust
[FW2-policy-nat-rule-nat_pass]destination-zone untrust
[FW2-policy-nat-rule-nat_pass]source-address 172.16.16.0 16
[FW2-policy-nat-rule-nat_pass]destination-address 172.16.0.0 16
[FW2-policy-nat-rule-nat_pass]action no-nat
[FW2-policy-nat-rule-nat_pass]qui
[FW2-policy-nat]rule name easyip
[FW2-policy-nat-rule-easyip]source-zone trust
[FW2-policy-nat-rule-easyip]destination-zone untrust
[FW2-policy-nat-rule-easyip]source-address 172.16.0.0 16
[FW2-policy-nat-rule-easyip]action source-nat easy-ip
[FW2-policy-nat-rule-easyip]qui
[FW2-policy-nat]qui
[FW2]
22、分校区单臂路由&DHCP
	LSW7:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW7
[LSW7]vlan batch 16 17
[LSW7]int g0/0/1
[LSW7-GigabitEthernet0/0/1]port link-type access
[LSW7-GigabitEthernet0/0/1]port default vlan 16
[LSW7-GigabitEthernet0/0/1]int g0/0/2
[LSW7-GigabitEthernet0/0/2]port link-type access
[LSW7-GigabitEthernet0/0/2]port default vlan 17
[LSW7-GigabitEthernet0/0/2]int g0/0/3
[LSW7-GigabitEthernet0/0/3]port link-type trunk
[LSW7-GigabitEthernet0/0/3]port trunk allow-pass vlan 16 17
[LSW7-GigabitEthernet0/0/3]qui
[LSW7]
-------------------------------------------
    AR13:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR13
[AR13]int g0/0/1
[AR13-GigabitEthernet0/0/1]ip add 192.168.150.13 24
[AR13-GigabitEthernet0/0/1]int g0/0/0.16
[AR13-GigabitEthernet0/0/0.16]dot1q termination vid 16
[AR13-GigabitEthernet0/0/0.16]ip add 172.16.16.1 24
[AR13-GigabitEthernet0/0/0.16]arp broadcast en
[AR13-GigabitEthernet0/0/0.16]int g0/0/0.17
[AR13-GigabitEthernet0/0/0.17]dot1q termination vid 17
[AR13-GigabitEthernet0/0/0.17]ip add 172.16.17.1 24
[AR13-GigabitEthernet0/0/0.17]arp broadcast en
[AR13-GigabitEthernet0/0/0.17]qui
[AR13]dhcp enable
[AR13]ip pool sys_vlan16
[AR13-ip-pool-sys_vlan16]network 172.16.16.0 mask 24
[AR13-ip-pool-sys_vlan16]gateway-list 172.16.16.1
[AR13-ip-pool-sys_vlan16]dns-list 20.1.6.2 8.8.8.8
[AR13-ip-pool-sys_vlan16]qui
[AR13]ip pool sys_vlan17
[AR13-ip-pool-sys_vlan17]network 172.16.17.0 mask 24
[AR13-ip-pool-sys_vlan17]gateway-list 172.16.17.1
[AR13-ip-pool-sys_vlan17]dns-list 8.8.8.8 114.114.114.114
[AR13-ip-pool-sys_vlan17]qui
[AR13]int g0/0/0.16
[AR13-GigabitEthernet0/0/0.16]dhcp select global
[AR13-GigabitEthernet0/0/0.16]qui
[AR13]int g0/0/0.17
[AR13-GigabitEthernet0/0/0.17]dhcp select global
[AR13-GigabitEthernet0/0/0.17]qui
[AR13]
23、RIP&路由引入
    AR13:
[AR13]rip 1
[AR13-rip-1]version 2
[AR13-rip-1]network 192.168.150.0
[AR13-rip-1]import-route direct
[AR13-rip-1]qui
[AR13]
-------------------------------------------
    FW2:
[FW2]rip 1
[FW2-rip-1]default-route originate
[FW2-rip-1]version 2
[FW2-rip-1]network 192.168.150.0
[FW2-rip-1]qui
[FW2]

基于华为Ensp校园/企业网的网络设计
m0_73990724的博客
05-07 1万+
基于华为ENSP网络设计
华为eNSP企业网络规划设计--含防火墙和无线网络区域
qq_46089163的博客
12-01 6580
作为通信网综合实践课程设计的总结记录,本文将分享项目实践过程中的经验心得。由于项目在不断优化迭代,文中部分配置可能最终方案存在差异。欢迎读者在评论区提出宝贵意见,共同探讨交流。本文主要面向已具备eNSP基础知识的读者。该设计已经完全达到课设标准,如果想要做的更好可以根据配置自行更改需要完整项目和文档,请有偿私聊另外附win10,安装链接安装链接。
基于ensp校园设计
最新发布
2301_79360945的博客
04-03 1213
校园网拓扑 ensp
基于ENSP校园网/企业网的规划设计
m0_73990724的博客
11-30 2070
该场景适用于基于WLAN等技术毕业设计校园网络规划企业网络规划和园区网络规划等场合。
eNSP毕业设计2—基于ensp企业网络设计研究
数维网络的博客
09-04 6649
随着通讯技术的不断发展,通讯企业网络也在不断地演进和发展。传统的通讯企业网络主要采用集中式的架构,核心路由器集中管理所有的流量,这种方式存在单点故障的风险,并且扩展性受限。随着技术的发展,通讯企业网络逐渐采用分布式架构,将流量分散到多个交换机上,提高了网络的可靠性和扩展性。由于数字化的不断发展,通讯企业网络也向着数字化、智能化的方向发展。网络设备和终端设备之间的通讯变得更加智能化,网络设备可以自动感知网络拓扑和设备状态,从而更好地进行流量调度和管理。通讯企业网络的安全性越来越重要。网络安全威胁不断增加,通讯
eNSP校园设计实现
qq_63822856的博客
07-16 3957
设计完成了VLAN 划分、WLAN、OSPF、VRRP等基本配置,之后出于对企业top图的完整性和网络安全性的考虑,在此基础上引入了防火墙和防火墙双热备,并在防火墙上成功配置了OSPF、NAT、GRE VPN、IPsec VPN,成功完成了企业网的基本功能。
基于eNSP校园规划设计
热门推荐
m0_62909438的博客
07-06 3万+
本实验都是使用常用的网络协议进行配置,例如MSTP、OSPF、VVRP、DHCP、WLAN和防火墙等去搭建一个校园网,完成有线和无线的配置,目的是锻炼一下巩固自己所学的基础知识。
校园设计配置实例_ensp校园网络路由器配置,ensp校园规划设计(txt为微云链接)
07-17
校园设计配置实例:内容包括系统总体的设计,系统组成,VLAN,IP划分,服务器设计,系统测试等整套方案
校园规划设计
06-06
校园规划设计,合理符合实际情况,随着现代化教学活动的开展和国内外教学机构交往的增多,对通过Internet网络进行信息交流的需求越来越迫切,为促进教学、方便管理和进一步发挥学生的创造力,校园网络建设成为现代教育机构的必然选择。本校园网络是学校发展的重要基础设施,是提高学校教学和科研水平不可或缺的支撑环境。校园网一方面它为学校提供各种本地网络应用,另一方面它是沟通学校校园网内外部网络的桥梁。
基于eNSP的高校WLAN网络规划设计
qq_62555970的博客
06-09 2865
配置VRRP虚拟组,SW1作为VLAN10 、20、1000、2000的主网关,作为VLAN30、40、50的备网关;SW2作为VLAN30、40、50的主网关,作为VLAN10 、20、1000、2000的备网关。MSTP同VRRP一样,SW1作为VLAN10 、20、1000、2000的主根桥,作为VLAN30、40、50的备用根桥。无线采用AC+AP的方式,AC旁挂在核心层交换机上,VLAN200作为AC的管理VLAN,VLAN2000作为AP的业务网段,VLAN1000作为无线接入终端的业务网段。
校园网络系统设计方案
01-06
网络课程设计,校园网络系统设计方案,doc文档
eNSP 华为模拟器】小型校园网模拟环境的设计配置.rar
05-21
博客描述查看:https://blog.csdn.net/qq_43757282/article/details/106249098
校园设计配置实例_ensp校园网络路由器配置,ensp校园规划设计
05-12
校园设计配置实例:内容包括系统总体的设计,系统组成,VLAN,IP划分,服务器设计,系统测试等整套方案
基于华为eNSP校园设计和仿真模拟.zip
06-26
咳咳,我设置的应该是免费的,如果系统帮我改了,提醒我下,我去设置成免费
大型企业网络设计解决方案(全套)
10-12
大连新船重工网络安全方案(全套).doc
基于eNSP加防火墙的千人中型校园/企业网络规划设计(附所有配置命令)
06-04
文件中包含了基于eNSP加防火墙的千人中型校园/企业网络规划设计的topo图及其完整的配置(2份 区别就是第二个加了无线网络规划设计(WIFI))(三层架构,核心层、汇聚层、计入层),并加所有的配置命令(以txt形式在...
基于ensp的千人冗余型校园/企业网络规划设计
04-22
文件中包含了千人网络设计规划的topo图及其完整的配置(2份,区别就是第二个加了无线网络规划设计WiFi)该topo适合了解并熟知单个组网技术的小伙伴并想将学习的单个技术组合起来的应用的小伙伴。场景适用于毕设、校园/...
网络规划-基于eNSP中大型企业/校园规划设计-毕设或课设可参考
11-16
该文件中包含了该中大型企业/校园网络规划的完整的topo图和配置+来自ensp中粘贴出来完整的命令+可直接在ensp中粘贴的命令+命令笔记的拷贝链接+详细的网络规划地址表+实验的规划要求18个。可以说非常具有代表性。该...
基于ensp中大型校园/企业网络规划设计_ensp综合大作业(ensp综合实验)
09-16
ensp综合大作业是一项基于ensp企业网络模拟平台)的综合实验。这个实验的目标是通过规划设计一个中大型校园企业网络来提高学生对网络设计和管理的理解和实践能力。 在这个实验中,学生需要对一个具体的场景进行网络规划设计。这个场景可以是一个校园网,也可以是一个企业内部网络。学生需要考虑网络的规模、拓扑结构、设备布局、IP地址规划等方面的问题,以及网络的可靠性、可扩展性和安全性等方面的需求。 为了完成这个实验,学生需要使用ensp平台进行网络拓扑的设计和配置。他们需要使用ensp的工具和功能来创建虚拟网络设备,并进行相应的配置和连接操作,以实现所设计网络场景。 在实验过程中,学生需要按照实验指导书的要求,对网络设备进行配置,测试网络的连通性和功能,解决网络故障和故障恢复等问题。他们还需要分析和评估所设计网络的性能和可行性,并提出改进建议。 通过完成ensp综合大作业,学生可以提高他们的网络设计和管理能力。他们可以通过实践来加深对网络的理解,并了解到网络规划设计的重要性。此外,他们还可以学习如何使用ensp这个强大的模拟平台进行网络调试和故障排除。 总之,ensp综合大作业是一项对中大型校园/企业网络规划设计进行综合实践的任务。通过这个实验,学生可以加深对网络设计和管理的理解,并提高他们的实践能力。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值