H3C-2023全国职业院校技能大赛网络系统管理解析及验证

已于 2024-06-20 20:46:53 修改
阅读量1.5k 收藏 26
点赞数 17
文章标签: 网络 服务器 运维
于 2024-06-20 20:05:36 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_45744971/article/details/134521273
版权

作者信息:苗浩15515026488微信同号

本文摘抄自全国职业院校技能大赛官网发布赛题,如有侵权,请及时联系作者删除文章。

本文由H3C模拟器H3C Cloud Lab完成,不涉及SDN/认证/运维/无线地勘部分。

企业交流Group:535935227

拓扑图

地址规划表

设备

接口/VLAN

接口/VLAN描述

二层/三层规划

说明

S1

G 0/24

Connect_To_R2

10.1.0.1/30

2001:10:1::1/64

级联R2

VLAN11

SC1-Connect

10.1.1.1/30

生产1VPN互联

VLAN12

BG1-Connect

10.1.2.1/30

办公1VPN互联

VLAN13

GL1-Connect

10.1.3.1/30

管理1VPN互联

VLAN14

IPv6-Connect

2001:10:1:4::1/64

IPv6互联

LoopBack 0

\

10.0.0.1/32

 OSPF 10
Router-id

LoopBack11

\

10.1.4.1/32

生产1 OSPF 11 Router-id

LoopBack12

\

10.1.4.2/32

办公1 OSPF 12 Router-id

LoopBack13

\

10.1.4.3/32

管理1 OSPF 13 Router-id

S3

VLAN11

SC1-Connect

10.1.1.2/30

生产1VPN互联

VLAN12

BG1-Connect

10.1.2.2/30

办公1VPN互联

VLAN13

GL1-Connect

10.1.3.2/30

管理1VPN互联

VLAN14

IPv6-Connect

2001:10:1:4::2/64

IPv6互联

VLAN10

SC1-Terminal

10.1.10.254/24

生产终端

VLAN20

BG1-Terminal

10.1.20.254/24

办公终端

VLAN30

GL1-Terminal

10.1.30.254/24

G 0/21(AP)

VLAN40

IPv6-Terminal

2001:10:1:40::254/64

IPv6终端

LoopBack11

\

10.1.4.4/32

生产1 OSPF 11 Router-id

LoopBack12

\

10.1.4.5/32

办公1 OSPF 12 Router-id

LoopBack13

\

10.1.4.6/32

管理1 OSPF 13 Router-id

LoopBack14

\

10.1.4.7/32

IPv6 OSPF 14 Router-id

S2

G 0/24

Connect_To_R2

10.2.0.1/30

2001:10:2::1/64

级联R2

VLAN11

SC2-Connect

10.2.1.1/30

生产2VPN互联

VLAN12

BG2-Connect

10.2.2.1/30

办公2VPN互联

VLAN13

GL2-Connect

10.2.3.1/30

管理2VPN互联

VLAN14

IPv6-Connect

2001:10:2:4::1/64

IPv6互联

LoopBack 0

\

10.0.0.2/32

OSPF 10
Router-id

S2

LoopBack11

\

10.2.4.1/32

生产2 OSPF 11 Router-id

LoopBack12

\

10.2.4.2/32

办公2 OSPF 12 Router-id

LoopBack13

\

10.2.4.3/32

管理2 OSPF 13 Router-id

S4

VLAN11

SC2-Connect

10.2.1.2/30

生产2VPN互联

VLAN12

BG2-Connect

10.2.2.2/30

办公2VPN互联

VLAN13

GL2-Connect

10.2.3.2/30

管理2VPN互联

VLAN14

IPv6-Connect

2001:10:2:4::2/64

IPv6互联

VLAN10

SC2-Terminal

10.2.10.254/24

生产终端

VLAN20

BG2-Terminal

10.2.20.254/24

办公终端

VLAN30

GL2-Terminal

10.2.30.254/24

G 0/21(AP)

VLAN40

IPv6-Terminal

2001:10:2:40::254/64

IPv6终端

LoopBack11

\

10.2.4.4/32

生产2 OSPF 11 Router-id

LoopBack12

\

10.2.4.5/32

办公2 OSPF 12 Router-id

LoopBack13

\

10.2.4.6/32

管理2 OSPF 13 Router-id

LoopBack14

\

10.2.4.7/32

IPv6 OSPF 14 Router-id

R2

G 0/1

Connect_To_S1

10.1.0.2/30

2001:10:1::2/64

G 0/2

Connect_To_S1

10.2.0.2/30

2001:10:2::2/64

G 0/0

Connect_To_R1

12.1.1.2/29

对接各业务中心

G 0/0.21

Connect_To_R1

21.1.1.2/29

对接Internet

LoopBack 0

\

10.0.0.22/32

LoopBack 1

\

172.16.0.2/24

L2TP隧道

Tunnel 0

\

172.17.0.2/24

GRE隧道

LoopBack13

\

10.1.4.22/32

运维管理使用

R1

G 0/1

Connect_To_R2

12.1.1.1/29

G 0/1.21

Connect_To_R2

21.1.1.1/29

G 0/2

Connect_To_R3

13.1.1.1/29

G 0/0

Connect_To_S7

17.1.1.1/29

LoopBack 20

\

20.0.0.1/32

模拟IPv4公网

资源

LoopBack 30

\

30.0.0.1/32

R3

G 0/1

Connect_To_R1

13.1.1.2/29

G 0/2

Connect_To_S5

10.3.0.1/30

LoopBack 0

\

10.3.1.3/32

OSPF 20

Router id

Tunnel 0

\

172.17.0.3/24

GRE隧道

S5

G 0/24

Connect_To_R3

10.3.0.2/30

AG1

Connect_To_VAC

10.3.0.10/30

G 0/1

G 0/2

LoopBack 0

\

10.3.1.5/32

OSPF 20

Router id

G 0/21

Connect_To_IOM

192.1.100.254/24

运维系统

G 0/22

Connect_To_AAA

194.1.100.254/24

认证系统

VAC

AG1

Connect_To_S5

10.3.0.9/30

G 1/0/2

G 2/0/2

LoopBack 0

\

10.3.1.12/32

OSPF 20

Router id

GW1

G 0/0

Connect_To_R1

17.1.1.2/29

G 0/1.10

SC1-Terminal

10.4.10.254/24

生产1终端

G 0/1.11

SC2-Terminal

10.4.11.254/24

生产2终端

G 0/1.20

AP-Manage

10.4.20.254/24

AP管理

G 0/1.30

Net-Manage

10.4.30.254/24

设备管理

LoopBack 0

\

10.4.1.1/32

Virtual-ppp

172.16.0.3/24

L2tp隧道

GW2

G 0/0

Connect_To_R1

17.1.1.3/29

G 0/1.10

SC1-Terminal

10.4.10.253/24

生产1终端

G 0/1.11

SC2-Terminal

10.4.11.253/24

生产2终端

G 0/1.20

AP-Manage

10.4.20.253/24

AP管理

G 0/1.30

Net-Manage

10.4.30.253/24

设备管理

LoopBack 0

\

10.4.1.2/32

Virtual-ppp

\

172.16.0.4/24

L2tp隧道

S6

G 0/21

Connect_To_SDN

192.168.1.6/24

SDN控制器

VLAN10

SC1-Terminal

\

VLAN11

SC2-Terminal

\

VLAN20

AP-Manage

\

G 0/11(AP)

VLAN30

Net-Manage

10.4.30.1/24

设备管理

S7

VLAN1

HUB

17.1.1.4/29

测试运维使用

 注:交换设备、安全设备、无线设备的接口编号G 0/x与G1/0/x一致。

设备编号表 

编号

H3C硬件型号(HCL Cloud Lab)

S1

H3C S5560X(S5820V2-54QS-GE)

S2

H3C S5560X(S5820V2-54QS-GE)

S3

H3C S5560X(S5820V2-54QS-GE)

S4

H3C S5560X(S5820V2-54QS-GE)

S5

H3C S5560X(S5820V2-54QS-GE)

S6

H3C S5130S(S5820V2-54QS-GE)

S7

H3C S5130S(S5820V2-54QS-GE)

GW1

H3C SecPath F1010(F1060)

GW2

H3C SecPath F1010(F1060)

R1

H3C MSR3600(MSR36-20)

R2

H3C MSR3600(MSR36-20)

R3

H3C MSR3600(MSR36-20)

AC1

H3C WX3510(AC)

AC2

H3C WX3510(AC)

AP1

H3C WA6320(AP)

AP2

H3C WA6320(AP)

AP3

H3C WA6320(AP)

任务清单

(一)基础配置

前置配置:AC虚拟化/链路聚合

由于模拟器的原因,VAC与S5之间的互联地址使用vlan1

解法:

AC堆叠

#AC1手工关闭堆叠物理口
[H3C]interface range Ten-GigabitEthernet 1/0/24 to Ten-GigabitEthernet 1/0/25
[H3C-if-range]shutdown

#AC1配置IRF描述/优先级
[H3C]irf member 1 description AC-1
[H3C]irf member 1 priority 32

#AC1创建堆叠口irf-port 1/1,并加入物理口 F1/0/53 和 F1/0/54 口
[H3C]irf-port 1/1
[H3C-irf-port1/1]port group interface Ten-GigabitEthernet 1/0/24
[H3C-irf-port1/1]port group interface Ten-GigabitEthernet 1/0/25

#AC1手动开启关闭的物理口
[H3C]interface range Ten-GigabitEthernet 1/0/24 to Ten-GigabitEthernet 1/0/25
[H3C-if-range]undo shutdown

#AC1保存配置
<H3C>save 

#AC1激活IRF配置
[H3C]irf-port-configuration active

#AC2修改设备编号,修改过后保存重启
[H3C]irf member 1 renumber 2
Renumbering the member ID may result in configuration change or loss. Continue?[Y/N]:y
<H3C>save 
<H3C>reboot

#AC2配置IRF描述
[H3C]irf member 2 description AC-2

#AC2上手工关闭堆叠物理口
[H3C]interface range Ten-GigabitEthernet 2/0/24 to Ten-GigabitEthernet 2/0/25
[H3C-if-range]shutdown

#AC2创建堆叠口irf-port 2/2
[H3C]irf-port 2/2
[H3C-irf-port2/2]port group interface Ten-GigabitEthernet 2/0/24
[H3C-irf-port2/2]port group interface Ten-GigabitEthernet 2/0/25

#AC2手动开启关闭的物理口
[H3C]interface range Ten-GigabitEthernet 2/0/24 to Ten-GigabitEthernet 2/0/25
[H3C-if-range]undo shutdown

#AC2保存配置
<H3C>save 

#AC2上激活IRF配置
[H3C]irf-port-configuration active 


链路聚合
VAC
[VAC]interface Bridge-Aggregation 1
[VAC-Bridge-Aggregation1]link-aggregation mode dynamic 
[VAC]interface GigabitEthernet 1/0/2
[VAC-GigabitEthernet1/0/2]port link-aggregation group 1
[VAC]interface GigabitEthernet 2/0/2
[VAC-GigabitEthernet1/0/2]port link-aggregation group 1

S5
[S5]interface Bridge-Aggregation 1
[S5-Bridge-Aggregation1]link-aggregation mode dynamic
[S5]interface GigabitEthernet 1/0/1
[S5-GigabitEthernet1/0/1]port link-aggregation group 1
[S5]interface GigabitEthernet 1/0/2
[S5-GigabitEthernet1/0/1]port link-aggregation group 1

验证:

1. 根据附录1拓扑图、附录2地址规划表、附录3设备编号表,配置设备接口及主机名信息。

解法:

#VAC
<H3C>system-view 
[H3C]sysname VAC
[VAC]interface Bridge-Aggregation 1
[VAC-Bridge-Aggregation1]port link-type trunk 
[VAC-Bridge-Aggregation1]description Connect_To_S5_VLAN1
[VAC]interface Vlan-interface 1
[VAC-Vlan-interface1]ip address 10.3.0.9 30
[VAC]interface LoopBack 0
[VAC-LoopBack0]ip address 10.3.1.12 32

#S5
<H3C>system-view 
[H3C]sysname S5
[S5]interface GigabitEthernet 1/0/24
[S5-GigabitEthernet1/0/24]port link-mode route
[S5-GigabitEthernet1/0/24]description Connect_To_R3
[S5-GigabitEthernet1/0/24]ip address 10.3.0.2 30
[S5]interface Bridge-Aggregation 1
[S5-Bridge-Aggregation1]port link-type trunk 
[S5-Bridge-Aggregation1]description Connect_To_VAC_VLAN1
[S5]interface Vlan-interface 1
[S5-Vlan-interface1]ip address 10.3.0.10 30
[S5]interface LoopBack 0
[S5-LoopBack0]ip address 10.3.1.5 32
[S5]interface GigabitEthernet 1/0/21
[S5-GigabitEthernet1/0/21]port link-mode route
[S5-GigabitEthernet1/0/21]description Connect_To_IOM
[S5-GigabitEthernet1/0/21]ip address 192.1.100.254 24
[S5]interface GigabitEthernet 1/0/22
[S5-GigabitEthernet1/0/22]port link-mode route
[S5-GigabitEthernet1/0/22]description Connect_To_AAA
[S5-GigabitEthernet1/0/22]ip address 194.1.100.254 24

#R3
<H3C>system-view 
[H3C]sysname R3
[R3]interface GigabitEthernet 0/1
[R3-GigabitEthernet0/1]description Connect_To_R1
[R3-GigabitEthernet0/1]ip address 13.1.1.2 29
[R3]interface GigabitEthernet 0/2
[R3-GigabitEthernet0/2]description Connect_To_S5
[R3-GigabitEthernet0/2]ip address 10.3.0.1 30
[R3]interface LoopBack 0
[R3-LoopBack0]ip address 10.3.1.3 32
[R3]interface Tunnel 0 mode gre
[R3-Tunnel0]ip address 172.17.0.3 24

#R1
<H3C>system-view 
[H3C]sysname R1
[R1]interface GigabitEthernet 0/1
[R1-GigabitEthernet0/1]description Connect_To_R2
[R1-GigabitEthernet0/1]ip address 12.1.1.1 29
[R1]interface GigabitEthernet 0/1.21
[R1-GigabitEthernet0/1.21]vlan-type dot1q vid 21
[R1-GigabitEthernet0/1.21]description Connect_To_R2
[R1-GigabitEthernet0/1.21]ip address 21.1.1.1 29
[R1]interface GigabitEthernet 0/2
[R1-GigabitEthernet0/2]description Connect_To_R3
[R1-GigabitEthernet0/2]ip address 13.1.1.1 29
[R1]interface GigabitEthernet 0/0
[R1-GigabitEthernet0/0]description Connect_To_S7
[R1-GigabitEthernet0/0]ip address 17.1.1.1 29
[R1]interface LoopBack 20
[R1-LoopBack20]ip address 20.0.0.1 32
[R1]interface LoopBack 30
[R1-LoopBack30]ip address 30.0.0.1 32

#R2
<H3C>system-view 
[H3C]sysname R2
[R2]interface GigabitEthernet 0/1
[R2-GigabitEthernet0/1]description Connect_To_S1
[R2-GigabitEthernet0/1]ip address 10.1.0.2 30
[R2-GigabitEthernet0/1]ipv6 address 2001:10:1::2 64
[R2]interface GigabitEthernet 0/2
[R2-GigabitEthernet0/2]description Connect_To_S2
[R2-GigabitEthernet0/2]ip address 10.2.0.2 30
[R2-GigabitEthernet0/2]ipv6 address 2001:10:2::2 64
[R2]interface GigabitEthernet 0/0
[R2-GigabitEthernet0/0]description Connect_To_R1
[R2-GigabitEthernet0/0]ip address 12.1.1.2 29
[R2]interface GigabitEthernet 0/0.21
[R2-GigabitEthernet0/0.21]vlan-type dot1q vid 21
[R2-GigabitEthernet0/0.21]description Connect_To_R1
[R2-GigabitEthernet0/0.21]ip address 21.1.1.2 24
[R2]interface LoopBack 0
[R2-LoopBack0]ip address 10.0.0.22 32
[R2]interface LoopBack 1
[R2-LoopBack1]ip address 172.16.0.2 24
[R2]interface Tunnel 0 mode gre
[R2-Tunnel0]ip address 172.17.0.2 24
[R2]interface LoopBack 13
[R2-LoopBack13]ip address 10.1.4.22 32

#S1
<H3C>system-view 
[H3C]sysname S1
[S1]interface GigabitEthernet 1/0/24
[S1-GigabitEthernet1/0/24]port link-mode route
[S1-GigabitEthernet1/0/24]description Connect_To_R2
[S1-GigabitEthernet1/0/24]ip address 10.1.0.1 30
[S1-GigabitEthernet1/0/24]ipv6 address 2001:10:1::1 64
[S1]vlan 11 to 14
[S1]interface Vlan-interface 11
[S1-Vlan-interface11]description SC1-Connect
[S1-Vlan-interface11]ip address 10.1.1.1 30
[S1]interface Vlan-interface 12
[S1-Vlan-interface12]description BG1-Connect
[S1-Vlan-interface12]ip address 10.1.2.1 30
[S1]interface Vlan-interface 13
[S1-Vlan-interface13]description GL1-Connect
[S1-Vlan-interface13]ip address 10.1.3.1 30
[S1]interface Vlan-interface 14
[S1-Vlan-interface14]description IPv6-Connect
[S1-Vlan-interface14]ipv6 address 2001:10:1:4::1 64
[S1]interface LoopBack 0
[S1-LoopBack0]ip address 10.0.0.1 32
[S1]interface LoopBack 11
[S1-LoopBack11]ip address 10.1.4.1 32
[S1]interface LoopBack 12
[S1-LoopBack12]ip address 10.1.4.2 32
[S1]interface LoopBack 13
[S1-LoopBack13]ip address 10.1.4.3 32

#S2
<H3C>system-view 
[H3C]sysname S2
[S2]interface GigabitEthernet 1/0/24
[S2-GigabitEthernet1/0/24]port link-mode route
[S2-GigabitEthernet1/0/24]description Connect_To_R2
[S2-GigabitEthernet1/0/24]ip address 10.2.0.1 30
[S2-GigabitEthernet1/0/24]ipv6 address 2001:10:2::1 64
[S2]vlan 11 to 14
[S2]interface Vlan-interface 11
[S2-Vlan-interface11]description SC2-Connect
[S2-Vlan-interface11]ip address 10.2.1.1 30
[S2]interface Vlan-interface 12
[S2-Vlan-interface12]description BG2-Connect
[S2-Vlan-interface12]ip address 10.2.2.1 30
[S2]interface Vlan-interface 13
[S2-Vlan-interface13]description GL2-Connect
[S2-Vlan-interface13]ip address 10.2.3.1 30
[S2]interface Vlan-interface 14
[S2-Vlan-interface14]description IPv6-Connect
[S2-Vlan-interface14]ipv6 address 2001:10:2:4::1 64
[S2]interface LoopBack 0
[S2-LoopBack0]ip address 10.0.0.2 32
[S2]interface LoopBack 11
[S2-LoopBack11]ip address 10.2.4.1 32
[S2]interface LoopBack 12
[S2-LoopBack12]ip address 10.2.4.2 32
[S2]interface LoopBack 13
[S2-LoopBack13]ip address 10.2.4.3 32

#S3
<H3C>system-view 
[H3C]sysname S3
[S3]vlan 10 to 14
[S3]vlan 20
[S3]vlan 30
[S3]vlan 40
[S3]interface Vlan-interface 11
[S3-Vlan-interface11]description SC1-Connect
[S3-Vlan-interface11]ip address 10.1.1.2 30
[S3]interface Vlan-interface 12
[S3-Vlan-interface12]description BG1-Connect
[S3-Vlan-interface12]ip address 10.1.2.2 30
[S3]interface Vlan-interface 13
[S3-Vlan-interface13]description GL1-Connect
[S3-Vlan-interface13]ip address 10.1.3.2 30
[S3]interface Vlan-interface 14
[S3-Vlan-interface14]description IPv6-Connect
[S3-Vlan-interface14]ipv6 address 2001:10:1:4::2 64
[S3]interface Vlan-interface 10
[S3-Vlan-interface10]description SC1-Terminal
[S3-Vlan-interface10]ip address 10.1.10.254 24
[S3]interface Vlan-interface 20
[S3-Vlan-interface20]description BG1-Terminal
[S3-Vlan-interface20]ip address 10.1.20.254 24
[S3]interface Vlan-interface 30
[S3-Vlan-interface30]description GL1-Terminal
[S3-Vlan-interface30]ip address 10.1.30.254 24
[S3]interface Vlan-interface 40
[S3-Vlan-interface40]description IPv6-Terminal
[S3-Vlan-interface40]ipv6 address 2001:10:1:40::254 64
[S3]interface LoopBack 11
[S3-LoopBack11]ip address 10.1.4.4 32
[S3]interface LoopBack 12
[S3-LoopBack12]ip address 10.1.4.5 32
[S3]interface LoopBack 13
[S3-LoopBack13]ip address 10.1.4.6 32
[S3]interface LoopBack 14
[S3-LoopBack14]ip address 10.1.4.7 32

#S4
<H3C>system-view 
[H3C]sysname S4
[S4]vlan 10 to 14
[S4]vlan 20
[S4]vlan 30
[S4]vlan 40
[S4]interface Vlan-interface 11
[S4-Vlan-interface11]description SC2-Connect
[S4-Vlan-interface11]ip address 10.2.1.2 30
[S4]interface Vlan-interface 12
[S4-Vlan-interface12]description BG2-Connect
[S4-Vlan-interface12]ip address 10.2.2.2 30
[S4]interface Vlan-interface 13
[S4-Vlan-interface13]description GL2-Connect
[S4-Vlan-interface13]ip address 10.2.3.2 30
[S4]interface Vlan-interface 14
[S4-Vlan-interface14]description IPv6-Connect
[S4-Vlan-interface14]ipv6 address 2001:10:2:4::2 64
[S4]interface Vlan-interface 10
[S4-Vlan-interface10]description SC2-Terminal
[S4-Vlan-interface10]ip address 10.2.10.254 24
[S4]interface Vlan-interface 20
[S4-Vlan-interface20]description BG2-Terminal
[S4-Vlan-interface20]ip address 10.2.20.254 24
[S4]interface Vlan-interface 30
[S4-Vlan-interface30]description GL2-Terminal
[S4-Vlan-interface30]ip address 10.2.30.254 24
[S4]interface Vlan-interface 40
[S4-Vlan-interface40]description IPv6-Terminal
[S4-Vlan-interface40]ipv6 address 2001:10:2:40::254 64
[S4]interface LoopBack 11
[S4-LoopBack11]ip address 10.2.4.4 32
[S4]interface LoopBack 12
[S4-LoopBack12]ip address 10.2.4.5 32
[S4]interface LoopBack 13
[S4-LoopBack13]ip address 10.2.4.6 32
[S4]interface LoopBack 14
[S4-LoopBack14]ip address 10.2.4.7 32

#GW1
<H3C>system-view 
[H3C]sysname GW1
[GW1]interface GigabitEthernet 1/0/0
[GW1-GigabitEthernet1/0/0]description Connect_To_R1
[GW1-GigabitEthernet1/0/0]ip address 17.1.1.2 29
[GW1]interface GigabitEthernet 1/0/1.10
[GW1-GigabitEthernet1/0/1.10]vlan-type dot1q vid 10
[GW1-GigabitEthernet1/0/1.10]description SC1-Terminal
[GW1-GigabitEthernet1/0/1.10]ip address 10.4.10.254 24
[GW1]interface GigabitEthernet 1/0/1.11
[GW1-GigabitEthernet1/0/1.11]vlan-type dot1q vid 11
[GW1-GigabitEthernet1/0/1.11]description SC2-Terminal
[GW1-GigabitEthernet1/0/1.11]ip address 10.4.11.254 24
[GW1]interface GigabitEthernet 1/0/1.20
[GW1-GigabitEthernet1/0/1.20]vlan-type dot1q vid 20
[GW1-GigabitEthernet1/0/1.20]description AP-Manage
[GW1-GigabitEthernet1/0/1.20]ip address 10.4.20.254 24
[GW1]interface GigabitEthernet 1/0/1.30
[GW1-GigabitEthernet1/0/1.30]vlan-type dot1q vid 30
[GW1-GigabitEthernet1/0/1.30]description Net-Manage
[GW1-GigabitEthernet1/0/1.30]ip address 10.4.30.254 24
[GW1]interface LoopBack 0
[GW1-LoopBack0]ip address 10.4.1.1 32
[GW1]interface Virtual-Template 1
[GW1-Virtual-Template1]ip address 172.16.0.3 24

#GW2
<H3C>system-view 
[H3C]sysname GW2
[GW2]interface GigabitEthernet 1/0/0
[GW2-GigabitEthernet1/0/0]description Connect_To_R1
[GW2-GigabitEthernet1/0/0]ip address 17.1.1.3 29
[GW2]interface GigabitEthernet 1/0/1.10
[GW2-GigabitEthernet1/0/1.10]vlan-type dot1q vid 10
[GW2-GigabitEthernet1/0/1.10]description SC1-Terminal
[GW2-GigabitEthernet1/0/1.10]ip address 10.4.10.253 24
[GW2]interface GigabitEthernet 1/0/1.11
[GW2-GigabitEthernet1/0/1.11]vlan-type dot1q vid 11
[GW2-GigabitEthernet1/0/1.11]description SC2-Terminal
[GW2-GigabitEthernet1/0/1.11]ip address 10.4.11.253 24
[GW2]interface GigabitEthernet 1/0/1.20
[GW2-GigabitEthernet1/0/1.20]vlan-type dot1q vid 20
[GW2-GigabitEthernet1/0/1.20]description AP-Manage
[GW2-GigabitEthernet1/0/1.20]ip address 10.4.20.253 24
[GW2]interface GigabitEthernet 1/0/1.30
[GW2-GigabitEthernet1/0/1.30]vlan-type dot1q vid 30
[GW2-GigabitEthernet1/0/1.30]description Net-Manage
[GW2-GigabitEthernet1/0/1.30]ip address 10.4.30.253 24
[GW2]interface LoopBack 0
[GW2-LoopBack0]ip address 10.4.1.2 32
[GW2]interface Virtual-Template 1
[GW2-Virtual-Template1]ip address 172.16.0.4 24

#S6
<H3C>system-view 
[H3C]sysname S6
[S6]interface GigabitEthernet 1/0/21
[S6-GigabitEthernet1/0/21]port link-mode route 
[S6-GigabitEthernet1/0/21]description Connect_To_SDN
[S6-GigabitEthernet1/0/21]ip address 192.168.1.6 24
[S6]vlan 10
[S6]vlan 11
[S6]vlan 20
[S6]vlan 30
[S6]interface Vlan-interface 10
[S6-Vlan-interface10]description SC1-Terminal
[S6]interface Vlan-interface 11
[S6-Vlan-interface11]description SC2-Terminal
[S6]interface Vlan-interface 20
[S6-Vlan-interface20]description AP-Manage
[S6]interface Vlan-interface 30
[S6-Vlan-interface30]description Net-Manage
[S6-Vlan-interface30]ip address 10.4.30.1 24

#S7
<H3C>system-view 
[H3C]sysname S7
[S7]interface Vlan-interface 1
[S7-Vlan-interface1]description HUB
[S7-Vlan-interface1]ip address 17.1.1.4 29

2. 在网络设备上均开启SSH服务端功能。其中用户名和密码为admin/Test@123456。密码为明文类型。特权密码为Test@123456。

解法:

#网络设备(以S7为例)
[S7]ssh server enable 
[S7]public-key local create rsa
[S7]local-user admin class manage
[S7-luser-network-admin]password simple Test@123456
[S7-luser-network-admin]authorization-attribute user-role level-15
[S7-luser-manage-admin]service-type ssh terminal
[S7]user-interface vty 0 4
[S7-line-vty0-4]authentication-mode scheme

验证:

3. 在网络设备上均部署SNMP功能,配置所有设备SNMP消息,向主机192.1.100.100发送Trap消息。版本采用V2C,读写的Community为“Test@123”。

解法:

#网络设备(以S7为例)
[S7]snmp-agent 
[S7]snmp-agent community read Test@123
[S7]snmp-agent community write Test@123
[S7]undo snmp-agent sys-info version v3
[S7]snmp-agent sys-info version v2c
[S7]snmp-agent target-host trap address udp 192.1.100.100 params securityname Test@123 v2c
[S7]snmp-agent trap enable

验证:模拟器读写团体字无法配置成一样的

(二)有线网络配置

1. 在全网Trunk链路上做VLAN修剪。

解法:

#S1
[S1]interface GigabitEthernet 1/0/1
[S1-GigabitEthernet1/0/1]port link-type trunk 
[S1-GigabitEthernet1/0/1]undo port trunk permit vlan 1
[S1-GigabitEthernet1/0/1]port trunk permit vlan 11 to 14

#S2
[S2]interface GigabitEthernet 1/0/1
[S2-GigabitEthernet1/0/1]port link-type trunk 
[S2-GigabitEthernet1/0/1]undo port trunk permit vlan 1
[S2-GigabitEthernet1/0/1]port trunk permit vlan 11 to 14

#S3
[S3]interface GigabitEthernet 1/0/24
[S3-GigabitEthernet1/0/24]port link-type trunk 
[S3-GigabitEthernet1/0/24]undo port trunk permit vlan 1
[S3-GigabitEthernet1/0/24]port trunk permit vlan 11 to 14
[S3]interface GigabitEthernet 1/0/21
[S3-GigabitEthernet1/0/21]port link-type trunk 
[S3-GigabitEthernet1/0/21]undo port trunk permit vlan 1
[S3-GigabitEthernet1/0/21]port trunk permit vlan 10 20 30 40
[S3-GigabitEthernet1/0/21]port trunk pvid vlan 30

#S4
[S4]interface GigabitEthernet 1/0/24
[S4-GigabitEthernet1/0/24]port link-type trunk 
[S4-GigabitEthernet1/0/24]undo port trunk permit vlan 1
[S4-GigabitEthernet1/0/24]port trunk permit vlan 11 to 14
[S4]interface GigabitEthernet 1/0/21
[S4-GigabitEthernet1/0/21]port link-type trunk 
[S4-GigabitEthernet1/0/21]undo port trunk permit vlan 1
[S4-GigabitEthernet1/0/21]port trunk permit vlan 10 20 30 40
[S4-GigabitEthernet1/0/21]port trunk pvid vlan 30

#S6
[S6]interface GigabitEthernet 1/0/11
[S6-GigabitEthernet1/0/11]port link-type trunk 
[S6-GigabitEthernet1/0/11]undo port trunk permit vlan 1
[S6-GigabitEthernet1/0/11]port trunk permit vlan 20
[S6-GigabitEthernet1/0/11]port trunk pvid vlan 20
[S6]interface range GigabitEthernet 1/0/23 to GigabitEthernet 1/0/24
[S6-if-range]port link-type trunk 
[S6-if-range]undo port trunk permit vlan 1
[S6-if-range]port trunk permit vlan 10 11 20 30

验证:

2. 在S3、S4开启边缘端口和BPDU防护功能;检测到环路后处理方式为关闭端口。如果端口检测进入禁用状态,设置200秒后会自动恢复。

解法:

#S3
[S3]interface GigabitEthernet 1/0/21
[S3-GigabitEthernet1/0/21]stp edged-port 
[S3-GigabitEthernet1/0/21]loopback-detection enable vlan all 
[S3-GigabitEthernet1/0/21]loopback-detection action block 
[S3]shutdown-interval 200 

#S4
[S4]interface GigabitEthernet 1/0/21
[S4-GigabitEthernet1/0/21]stp edged-port 
[S4-GigabitEthernet1/0/21]loopback-detection enable vlan all 
[S4-GigabitEthernet1/0/21]loopback-detection action block 
[S4]shutdown-interval 200

验证: 

3. DHCP服务器搭建于S3、S4、GW1、GW2设备上,为局域网终端动态分配IP地址。

#S3
[S3]dhcp enable 
[S3]dhcp server ip-pool SC
[S3-dhcp-pool-SC]network 10.1.10.0 mask 255.255.255.0
[S3-dhcp-pool-SC]gateway-list 10.1.10.254
[S3]dhcp server ip-pool BG
[S3-dhcp-pool-BG]network 10.1.20.0 mask 255.255.255.0
[S3-dhcp-pool-BG]gateway-list 10.1.20.254
[S3]dhcp server ip-pool GL
[S3-dhcp-pool-GL]network 10.1.30.0 mask 255.255.255.0
[S3-dhcp-pool-GL]gateway-list 10.1.30.254
[S3-dhcp-pool-GL]option 43 hex 80070000010A03010C

#S4
[S4]dhcp enable 
[S4]dhcp server ip-pool SC
[S4-dhcp-pool-SC]network 10.2.10.0 mask 255.255.255.0
[S4-dhcp-pool-SC]gateway-list 10.2.10.254
[S4]dhcp server ip-pool BG
[S4-dhcp-pool-BG]network 10.2.20.0 mask 255.255.255.0
[S4-dhcp-pool-BG]gateway-list 10.2.20.254
[S4]dhcp server ip-pool GL
[S4-dhcp-pool-GL]network 10.2.30.0 mask 255.255.255.0
[S4-dhcp-pool-GL]gateway-list 10.2.30.254
[S4-dhcp-pool-GL]option 43 hex 80070000010A03010C

#GW1
[GW1]security-zone name Trust
[GW1-security-zone-Trust]import interface GigabitEthernet 1/0/1.10
[GW1-security-zone-Trust]import interface GigabitEthernet 1/0/1.11
[GW1-security-zone-Trust]import interface GigabitEthernet 1/0/1.20
[GW1-security-zone-Trust]import interface GigabitEthernet 1/0/1.30
[GW1]security-zone name Untrust
[GW1-security-zone-Untrust]import interface GigabitEthernet 1/0/0
[GW1-security-zone-Untrust]import interface Virtual-PPP 1
[GW1]security-policy ip
[GW1-security-policy-ip]rule name pass
[GW1-security-policy-ip-0-pass]action pass 
[GW1]dhcp enable 
[GW1]dhcp server ip-pool SC1
[GW1-dhcp-pool-sc1]network 10.4.10.0 mask 255.255.255.0
[GW1-dhcp-pool-sc1]gateway-list 10.4.10.254
[GW1]dhcp server ip-pool SC2
[GW1-dhcp-pool-sc2]network 10.4.11.0 mask 255.255.255.0
[GW1-dhcp-pool-sc2]gateway-list 10.4.11.254
[GW1]dhcp server ip-pool AP
[GW1-dhcp-pool-ap]network 10.4.20.0 mask 255.255.255.0
[GW1-dhcp-pool-ap]gateway-list 10.4.20.254
[GW1-dhcp-pool-ap]option 43 hex 80070000010A03010C
[GW1]dhcp server ip-pool Net
[GW1-dhcp-pool-net]network 10.4.30.0 mask 255.255.255.0
[GW1-dhcp-pool-net]gateway-list 10.4.30.254

#GW2
[GW2]security-zone name Trust
[GW2-security-zone-Trust]import interface GigabitEthernet 1/0/1.10
[GW2-security-zone-Trust]import interface GigabitEthernet 1/0/1.11
[GW2-security-zone-Trust]import interface GigabitEthernet 1/0/1.20
[GW2-security-zone-Trust]import interface GigabitEthernet 1/0/1.30
[GW2]security-zone name Untrust
[GW2-security-zone-Untrust]import interface GigabitEthernet 1/0/0
[GW2-security-zone-Untrust]import interface Virtual-PPP 1
[GW2]security-policy ip
[GW2-security-policy-ip]rule name pass
[GW2-security-policy-ip-0-pass]action pass 
[GW2]dhcp enable 
[GW2]dhcp server ip-pool SC1
[GW2-dhcp-pool-sc1]network 10.4.10.0 mask 255.255.255.0
[GW2-dhcp-pool-sc1]gateway-list 10.4.10.254
[GW2]dhcp server ip-pool SC2
[GW2-dhcp-pool-sc2]network 10.4.11.0 mask 255.255.255.0
[GW2-dhcp-pool-sc2]gateway-list 10.4.11.254
[GW2]dhcp server ip-pool AP
[GW2-dhcp-pool-ap]network 10.4.20.0 mask 255.255.255.0
[GW2-dhcp-pool-ap]gateway-list 10.4.20.254
[GW2-dhcp-pool-ap]option 43 hex 80070000010A03010C
[GW2]dhcp server ip-pool Net
[GW2-dhcp-pool-net]network 10.4.30.0 mask 255.255.255.0
[GW2-dhcp-pool-net]gateway-list 10.4.30.254


option43格式简要说明:
80 07 00 00 01 0a 17 0a fd
80:固定值,不用改变;
07:长度字段,其后面所跟数据的字节长度;
00 00:固定值,不用改变;
01:表示后面的IP地址的个数,此处为一个IP地址;
0A 03 01 0C:为16进制的IP地址,转换成十进制为10.3.1.12

验证:

4. S5的2条互联链路(G 0/1、G 0/2)启用链路聚合,采取LACP动态聚合模式。

    #前置配置已配置 

5. 北京综合服务中心R2、S1、S2间运行OSPF,归属区域0,进程号10;S1、S3间及S2、S4间分别运行OSPF,归属区域0,基于生产、办公、管理业务分别定义进程号为11、12、13。

解法:

注意:结合后续题意,应在此规划好VPN实例
#R2
[R2]interface GigabitEthernet 0/0.21
[R2-GigabitEthernet0/0.21]ip binding vpn-instance BG
[R2-GigabitEthernet0/0.21]ip address 21.1.1.2 24
[R2]ospf 10 router-id 10.0.0.22 
[R2-ospf-10]area 0
[R2-ospf-10]default-route-advertise type 1
[R2-ospf-10-area-0.0.0.0]network 10.1.0.2 0.0.0.0
[R2-ospf-10-area-0.0.0.0]network 10.2.0.2 0.0.0.0
[R2-ospf-10-area-0.0.0.0]network 10.0.0.22 0.0.0.0

#S1
[S1]interface LoopBack 11
[S1-LoopBack11]ip binding vpn-instance SC
[S1-LoopBack11]ip address 10.1.4.1 255.255.255.255
[S1]interface LoopBack 12
[S1-LoopBack12]ip binding vpn-instance BG
[S1-LoopBack12]ip address 10.1.4.2 255.255.255.255
[S1]interface LoopBack 13
[S1-LoopBack13]ip binding vpn-instance GL
[S1-LoopBack13]ip address 10.1.4.3 255.255.255.255
[S1]interface Vlan-interface 11
[S1-Vlan-interface11]ip binding vpn-instance SC
[S1-Vlan-interface11]ip address 10.1.1.1 255.255.255.252
[S1]interface Vlan-interface 12
[S1-Vlan-interface12]ip binding vpn-instance BG
[S1-Vlan-interface12]ip address 10.1.2.1 255.255.255.252
[S1]interface Vlan-interface 13
[S1-Vlan-interface13]ip binding vpn-instance GL
[S1-Vlan-interface13]ip address 10.1.3.1 255.255.255.252
[S1]ospf 10 router-id 10.0.0.1 
[S1-ospf-10]area 0
[S1-ospf-10-area-0.0.0.0]network 10.1.0.1 0.0.0.0 
[S1-ospf-10-area-0.0.0.0]network 10.0.0.1 0.0.0.0
[S1]ospf 11 router-id 10.1.4.1 vpn-instance SC
[S1-ospf-11]area 0
[S1-ospf-11-area-0.0.0.0]network 10.1.4.1 0.0.0.0
[S1-ospf-11-area-0.0.0.0]network 10.1.1.1 0.0.0.0
[S1]ospf 12 router-id 10.1.4.2 vpn-instance BG
[S1-ospf-12]area 0
[S1-ospf-12-area-0.0.0.0]network 10.1.4.2 0.0.0.0
[S1-ospf-12-area-0.0.0.0]network 10.1.2.1 0.0.0.0
[S1]ospf 13 router-id 10.1.4.3 vpn-instance GL
[S1-ospf-13]area 0
[S1-ospf-13-area-0.0.0.0]network 10.1.4.3 0.0.0.0
[S1-ospf-13-area-0.0.0.0]network 10.1.3.1 0.0.0.0

#S2
[S2]interface LoopBack 0
[S2-LoopBack0]ip address 10.0.0.2 255.255.255.255
[S2]interface LoopBack 11
[S2-LoopBack11]ip binding vpn-instance SC
[S2-LoopBack11]ip address 10.2.4.1 255.255.255.255
[S2]interface LoopBack 12
[S2-LoopBack12]ip binding vpn-instance BG
[S2-LoopBack12]ip address 10.2.4.2 255.255.255.255
[S2]interface LoopBack 13
[S2-LoopBack13]ip binding vpn-instance GL
[S2-LoopBack13]ip address 10.2.4.3 255.255.255.255
[S2]interface Vlan-interface 11
[S2-Vlan-interface11]ip binding vpn-instance SC
[S2-Vlan-interface11]ip address 10.2.1.1 255.255.255.252
[S2]interface Vlan-interface 12
[S2-Vlan-interface12]ip binding vpn-instance BG
[S2-Vlan-interface12]ip address 10.2.2.1 30
[S2]interface Vlan-interface 13
[S2-Vlan-interface13]ip binding vpn-instance GL
[S2-Vlan-interface13]ip address 10.2.3.1 255.255.255.252
[S2]ospf 10 router-id 10.0.0.2 
[S2-ospf-10]area 0
[S2-ospf-10-area-0.0.0.0]network 10.2.0.1 0.0.0.0
[S2-ospf-10-area-0.0.0.0]network 10.0.0.2 0.0.0.0
[S2]ospf 11 router-id 10.2.4.1 vpn-instance SC
[S2-ospf-11]area 0
[S2-ospf-11-area-0.0.0.0]network 10.2.4.1 0.0.0.0
[S2-ospf-11-area-0.0.0.0]network 10.2.1.1 0.0.0.0
[S2]ospf 12 router-id 10.2.4.2 vpn-instance BG
[S2-ospf-12]area 0
[S2-ospf-12-area-0.0.0.0]network 10.2.4.2 0.0.0.0
[S2-ospf-12-area-0.0.0.0]network 10.2.2.1 0.0.0.0
[S2]ospf 13 router-id 10.2.4.3 vpn-instance GL
[S2-ospf-13]area 0
[S2-ospf-13-area-0.0.0.0]network 10.2.4.3 0.0.0.0
[S2-ospf-13-area-0.0.0.0]network 10.2.3.1 0.0.0.0

#S3
[S3]ospf 11 router-id 10.1.4.4
[S3-ospf-11]area 0
[S3-ospf-11-area-0.0.0.0]network 10.1.4.4 0.0.0.0
[S3-ospf-11-area-0.0.0.0]network 10.1.10.254 0.0.0.0
[S3-ospf-11-area-0.0.0.0]network 10.1.1.2 0.0.0.0
[S3]ospf 12 router-id 10.1.4.5
[S3-ospf-12]area 0
[S3-ospf-12-area-0.0.0.0]network 10.1.4.5 0.0.0.0
[S3-ospf-12-area-0.0.0.0]network 10.1.20.254 0.0.0.0
[S3-ospf-12-area-0.0.0.0]network 10.1.1.2 0.0.0.0
[S3-ospf-12-area-0.0.0.0]network 10.1.2.2 0.0.0.0
[S3]ospf 13 router-id 10.1.4.6
[S3-ospf-13]area 0
[S3-ospf-13-area-0.0.0.0]network 10.1.4.6 0.0.0.0
[S3-ospf-13-area-0.0.0.0]network 10.1.30.254 0.0.0.0
[S3-ospf-13-area-0.0.0.0]network 10.1.3.2 0.0.0.0

#S4
[S4]ospf 11 router-id 10.2.4.4
[S4-ospf-11]area 0
[S4-ospf-11-area-0.0.0.0]network 10.2.4.4 0.0.0.0
[S4-ospf-11-area-0.0.0.0]network 10.2.10.254 0.0.0.0
[S4-ospf-11-area-0.0.0.0]network 10.2.1.2 0.0.0.0
[S4]ospf 12 router-id 10.2.4.5
[S4-ospf-12]area 0
[S4-ospf-12-area-0.0.0.0]network 10.2.4.5 0.0.0.0
[S4-ospf-12-area-0.0.0.0]network 10.2.20.254 0.0.0.0
[S4-ospf-12-area-0.0.0.0]network 10.2.2.2 0.0.0.0
[S4]ospf 13 router-id 10.2.4.6
[S4-ospf-13]area 0
[S4-ospf-13-area-0.0.0.0]network 10.2.4.6 0.0.0.0
[S4-ospf-13-area-0.0.0.0]network 10.2.30.254 0.0.0.0
[S4-ospf-13-area-0.0.0.0]network 10.2.3.2 0.0.0.0

验证:

 

6. 上海管理中心R3、S5间运行OSPF,归属区域0,进程号20。AC1、AC2与S5间运行静态路由协议。

解法:

#R3
[R3]ospf 20 router-id 10.3.1.3
[R3-ospf-20]area 0
[R3-ospf-20]default-route-advertise type 1
[R3-ospf-20-area-0.0.0.0]network 10.3.1.3 0.0.0.0
[R3-ospf-20-area-0.0.0.0]network 10.3.0.1 0.0.0.0

#S5
[S5]ospf 20 router-id 10.3.1.5
[S5-ospf-20]area 0
[S5-ospf-20-area-0.0.0.0]network 10.3.1.5 0.0.0.0
[S5-ospf-20-area-0.0.0.0]network 192.1.100.254 0.0.0.0
[S5-ospf-20-area-0.0.0.0]network 194.1.100.254 0.0.0.0
[S5-ospf-20-area-0.0.0.0]network 10.3.0.2 0.0.0.0
[S5-ospf-20]import-route static type 1
[S5]ip route-static 10.3.1.12 32 10.3.0.9

#VAC
[VAC]ip route-static 0.0.0.0 0 10.3.0.10

验证:

7. 各中心出口设备至互联网使用静态路由协议。

解法:

#R3
[R3]ip route-static 0.0.0.0 0 13.1.1.1

#R2
[R2]ip route-static 0.0.0.0 0 12.1.1.1
[R2]ip route-static vpn-instance BG 0.0.0.0 0 21.1.1.1

#GW1
[GW1]ip route-static 0.0.0.0 0 17.1.1.1

#GW2
[GW2]ip route-static 0.0.0.0 0 17.1.1.1

8. R2、S1、S2间部署IBGP,AS号为100;定义R2为路由反射器RR,使用Loopback 0接口建立BGP邻居关系。

解法:

#R2
[R2]bgp 100
[R2-bgp-default]router-id 10.0.0.22
[R2-bgp-default]peer 10.0.0.1 as-number 100
[R2-bgp-default]peer 10.0.0.2 connect-interface LoopBack 0
[R2-bgp-default]peer 10.0.0.2 as-number 100
[R2-bgp-default]peer 10.0.0.2 connect-interface LoopBack 0
[R2-bgp-default]address-family vpnv4
[R2-bgp-default-vpnv4]peer 10.0.0.1 enable 
[R2-bgp-default-vpnv4]peer 10.0.0.2 enable 
[R2-bgp-default-vpnv4]peer 10.0.0.1 reflect-client
[R2-bgp-default-vpnv4]peer 10.0.0.2 reflect-client
[R2-bgp-default-vpnv4]undo policy vpn-target

#S1
[S1]bgp 100
[S1-bgp-default]router-id 10.0.0.1
[S1-bgp-default]peer 10.0.0.22 as-number 100
[S1-bgp-default]peer 10.0.0.22 connect-interface LoopBack 0
[S1-bgp-default]address-family vpnv4
[S1-bgp-default-vpnv4]peer 10.0.0.22 enable 

#S2
[S2]bgp 100
[S2-bgp-default]router-id 10.0.0.2
[S2-bgp-default]peer 10.0.0.22 as-number 100
[S2-bgp-default]peer 10.0.0.22 connect-interface LoopBack 0
[S2-bgp-default]address-family vpnv4
[S2-bgp-default-vpnv4]peer 10.0.0.22 enable

验证:

9. 北京综合服务中心局域网间通过MPLS VPN技术实现各业务安全隔离。R2、S1、S2开启MPLS报文转发及LDP标签转发协议。

解法:

#R2
[R2]mpls lsr-id 10.0.0.22
[R2]mpls ldp
[R2]interface GigabitEthernet 0/1
[R2-GigabitEthernet0/1]mpls enable 
[R2-GigabitEthernet0/1]mpls ldp enable 
[R2]interface GigabitEthernet 0/2
[R2-GigabitEthernet0/2]mpls enable
[R2-GigabitEthernet0/2]mpls ldp enable

#S1
[S1]mpls lsr-id 10.0.0.1
[S1]mpls ldp
[S1]interface GigabitEthernet 1/0/24
[S1-GigabitEthernet1/0/24]mpls enable 
[S1-GigabitEthernet1/0/24]mpls ldp enable 

#S2
[S2]mpls lsr-id 10.0.0.2
[S2]mpls ldp
[S2]interface GigabitEthernet 1/0/24
[S2-GigabitEthernet1/0/24]mpls enable 
[S2-GigabitEthernet1/0/24]mpls ldp enable

验证:

10. 生产VRF名称为SC,RD值为100:1、RT值自定义;办公VRF名称为BG,RD值为100:2、RT值自定义;管理VRF名称为GL,RD值为100:3、RT值自定义。

 解法:

#S1
[S1]ip vpn-instance SC
[S1-vpn-instance-SC]route-distinguisher 100:1
[S1-vpn-instance-SC]vpn-target 100:1 export-extcommunity 
[S1-vpn-instance-SC]vpn-target 100:1 import-extcommunity 
[S1]ip vpn-instance BG
[S1-vpn-instance-BG]route-distinguisher 100:2
[S1-vpn-instance-BG]vpn-target 100:2 export-extcommunity 
[S1-vpn-instance-BG]vpn-target 100:2 import-extcommunity 
[S1]ip vpn-instance GL
[S1-vpn-instance-GL]route-distinguisher 100:3
[S1-vpn-instance-GL]vpn-target 100:3 export-extcommunity 
[S1-vpn-instance-GL]vpn-target 100:3 import-extcommunity 

#S2
[S2]ip vpn-instance SC
[S2-vpn-instance-SC]route-distinguisher 100:1
[S2-vpn-instance-SC]vpn-target 100:1 export-extcommunity 
[S2-vpn-instance-SC]vpn-target 100:1 import-extcommunity 
[S2]ip vpn-instance BG
[S2-vpn-instance-BG]route-distinguisher 100:2
[S2-vpn-instance-BG]vpn-target 100:2 export-extcommunity 
[S2-vpn-instance-BG]vpn-target 100:2 import-extcommunity 
[S2]ip vpn-instance GL
[S2-vpn-instance-GL]route-distinguisher 100:3
[S2-vpn-instance-GL]vpn-target 100:3 export-extcommunity 
[S2-vpn-instance-GL]vpn-target 100:3 import-extcommunity 

#R2
[R2]ip vpn-instance SC
[R2-vpn-instance-SC]route-distinguisher 100:1
[R2-vpn-instance-SC]vpn-target 100:1 export-extcommunity 
[R2-vpn-instance-SC]vpn-target 100:3 import-extcommunity 
[R2]ip vpn-instance BG
[R2-vpn-instance-BG]route-distinguisher 100:2
[R2-vpn-instance-BG]vpn-target 100:2 export-extcommunity 
[R2-vpn-instance-BG]vpn-target 100:3 import-extcommunity 
[R2]ip vpn-instance GL
[R2-vpn-instance-GL]route-distinguisher 100:3
[R2-vpn-instance-GL]vpn-target 100:3 export-extcommunity 
[R2-vpn-instance-GL]vpn-target 100:1 100:2 100:3 import-extcommunity

11. 通过MPLS VPN技术实现同VPN终端间互访,生产与办公不同VPN间禁止互访,管理VPN可与生产及办公VPN互通。北京综合服务中心办公VPN终端用户可访问互联网。

解法:

#S1
[S1]bgp 100
[S1-bgp-default]ip vpn-instance SC
[S1-bgp-default-SC]address-family ipv4
[S1-bgp-default-ipv4-SC]import-route ospf 11
[S1-bgp-default-BG]address-family ipv4
[S1-bgp-default-ipv4-BG]import-route ospf 12
[S1-bgp-default]ip vpn-instance GL
[S1-bgp-default-GL]address-family ipv4
[S1-bgp-default-ipv4-GL]import-route ospf 13
[S1]ospf 11
[S1-ospf-11]import-route bgp type 1
[S1]ospf 12
[S1-ospf-12]import-route bgp type 1 
[S1]ospf 13
[S1-ospf-13]import-route bgp type 1

#S2
[S2]bgp 100
[S2-bgp-default]ip vpn-instance SC
[S2-bgp-default-SC]address-family ipv4
[S2-bgp-default-ipv4-SC]import-route ospf 11
[S2-bgp-default]ip vpn-instance BG
[S2-bgp-default-BG]address-family ipv4
[S2-bgp-default-ipv4-BG]import-route ospf 12
[S2-bgp-default]ip vpn-instance GL
[S2-bgp-default-GL]address-family ipv4
[S2-bgp-default-ipv4-GL]import-route ospf 13
[S2]ospf 11
[S2-ospf-11]import-route bgp type 1
[S2]ospf 12
[S2-ospf-12]import-route bgp type 1
[S2]ospf 13
[S2-ospf-13]import-route bgp type 1

验证:

 

12. 北京综合服务中心内网部署IPv6网络,内网启用OSPF V3路由协议,进程号14。R2、S1、S2间归属区域0,S1、S3间归属区域1,S2、S4间归属区域2。VLAN40业务终端可通过无状态自动从网关S3、S4处获取地址。

#R2
[R2]ospfv3 14
[R2-ospfv3-14]router-id 10.0.0.22
[R2]interface GigabitEthernet 0/1
[R2-GigabitEthernet0/1]ospfv3 14 area 0
[R2]interface GigabitEthernet 0/2
[R2-GigabitEthernet0/2]ospfv3 14 area 0

#S1
[S1]ospfv3 14
[S1-ospfv3-14]router-id 10.0.0.1
[S1]interface GigabitEthernet 1/0/24
[S1-GigabitEthernet1/0/24]ospfv3 14 area 0
[S1]interface Vlan-interface 14
[S1-Vlan-interface14]ospfv3 14 area 1

#S3
[S3]ospfv3 14
[S3-ospfv3-14]router-id 10.1.4.7
[S3]interface Vlan-interface 14
[S3-Vlan-interface14]ospfv3 14 area 1
[S3]interface Vlan-interface 40
[S3-Vlan-interface40]ospfv3 14 area 1
[S3-Vlan-interface40]undo ipv6 nd ra halt

#S2
[S2]ospfv3 14
[S2-ospfv3-14]router-id 10.0.0.2
[S2]interface GigabitEthernet 1/0/24
[S2-GigabitEthernet1/0/24]ospfv3 14 area 0
[S2]interface Vlan-interface 14
[S2-Vlan-interface14]ospfv3 14 area 2

#S4
[S4]ospfv3 14
[S4-ospfv3-14]router-id 10.2.4.7
[S4]interface Vlan-interface 14
[S4-Vlan-interface14]ospfv3 14 area 2
[S4]interface Vlan-interface 40
[S4-Vlan-interface40]ospfv3 14 area 2
[S4-Vlan-interface40]undo ipv6 nd ra halt

 验证截图:

13. 北京综合服务中心内网VLAN40 IPv6终端有访问广域网30.0.0.1地址需求,为此在R2路由器部署NAT-PT实现IPv6地址的动态转换,具体规划内网IPv6地址转换地址池为12.1.1.3-12.1.1.5,30.0.0.1转换为2001:21:1::2。

!!模拟器无法支持

#R2
[R2-GigabitEthernet0/0]
[R2-GigabitEthernet0/0]natpt enable
[R2-GigabitEthernet0/1]
[R2-GigabitEthernet0/1]natpt enable
[R2-GigabitEthernet0/2]
[R2-GigabitEthernet0/2]natpt enable
[R2]natpt prefix 2001:21:1::
[R2]natpt v4bound static 30.0.0.1 2001:21:1::2
[R2]natpt v6bound static 2001:10:1:40:: 12.1.1.3 12.1.1.5
[R2]natpt v6bound static 2001:10:2:40:: 12.1.1.3 12.1.1.5

//大体配置如上,有真机的小伙伴可以尝试以下

14. 要求终端网段中不出现OSPF协议报文;减少非必须OSPF协商报文;所有路由协议都发布具体网段;需要发布Loopback地址;优化OSPF相关配置,加快OSPF收敛;外部路由引入采用第一类外部路由模式。

#S5
[S5]ospf 20
[S5-ospf-20]silent-interface GigabitEthernet 1/0/21
[S5-ospf-20]silent-interface GigabitEthernet 1/0/22
[S5]interface GigabitEthernet 1/0/24
[S5-GigabitEthernet1/0/24]ospf network-type p2p

#R3
[R3]interface GigabitEthernet 0/2
[R3-GigabitEthernet0/2]ospf network-type p2p

#R2
[R2]interface range GigabitEthernet 0/1 to GigabitEthernet 0/2
[R2-if-range]ospf network-type p2p
[R2-if-range]ospfv3 network-type p2p

#S1
[S1]interface GigabitEthernet 1/0/24
[S1-GigabitEthernet1/0/24]ospf network-type p2p
[S1-GigabitEthernet1/0/24]ospfv3 network-type p2p
[S1]interface range Vlan-interface 11 to Vlan-interface 13
[S1-if-range]ospf network-type p2p
[S1]interface Vlan-interface 14
[S1-Vlan-interface14]ospfv3 network-type p2p

#S2
[S2]interface GigabitEthernet 1/0/24
[S2-GigabitEthernet1/0/24]ospf network-type p2p
[S2-GigabitEthernet1/0/24]ospfv3 network-type p2p
[S2]interface range Vlan-interface 11 to Vlan-interface 13
[S2-if-range]ospf network-type p2p
[S2]interface Vlan-interface 14
[S2-Vlan-interface14]ospfv3 network-type p2p

#S3
[S3]interface range Vlan-interface 11 to Vlan-interface 13
[S3-if-range]ospf network-type p2p
[S3]interface Vlan-interface 14
[S3-Vlan-interface14]ospfv3 network-type p2p
[S3]ospf 11
[S3-ospf-11]silent-interface Vlan-interface 10
[S3]ospf 12
[S3-ospf-12]silent-interface Vlan-interface 20
[S3]ospf 13
[S3-ospf-13]silent-interface Vlan-interface 30
[S3]ospfv3 14
[S3-ospfv3-14]silent-interface Vlan-interface 40

#S4
[S4]interface range Vlan-interface 11 to Vlan-interface 13
[S4-if-range]ospf network-type p2p
[S4]interface Vlan-interface 14
[S4-Vlan-interface14]ospfv3 network-type p2p
[S4]ospf 11
[S4-ospf-11]silent-interface Vlan-interface 10
[S4]ospf 12
[S4-ospf-12]silent-interface Vlan-interface 20
[S4]ospf 13
[S4-ospf-13]silent-interface Vlan-interface 30
[S4]ospfv3 14
[S4-ospfv3-14]silent-interface Vlan-interface 40

验证截图:

(三)无线网络配置

1. 配置两台AC设备,使用虚拟化方案组合成1台虚拟AC。

2. AC1和AC2之间的G 0/3-4端口作为虚拟交换链路。配置AC1为主,AC2为备。主设备 description为AC-1,备用设备description为AC-2。

//第一题和第二题已在基础配置完成

3. 无线网络采用FIT AP+AC方案,所有AP都关联到上海管理中心AC进行管理。

!!在此首先完成GRE OSPF配置/L2TP配置
GRE OSPF
#R3
[R3]interface Tunnel0
[R3-Tunnel0]source 13.1.1.2
[R3-Tunnel0]destination 12.1.1.2
[R3]ospf 1
[R3-ospf-1-area-0.0.0.0]network 172.17.0.3 0.0.0.0
[R3-ospf-1]import-route ospf 20 type 1
[R3]ospf 20
[R3-ospf-20]import-route ospf 1 type 1

#R2
[R2]interface Tunnel0
[R2-Tunnel0]ip binding vpn-instance GL
[R2-Tunnel0]ip address 172.17.0.2 255.255.255.0
[R2-Tunnel0]source 12.1.1.2
[R2-Tunnel0]destination 13.1.1.2
[R2]ospf 1 vpn-instance GL
[R2-ospf-1]import-route bgp type 1
[R2-ospf-1-area-0.0.0.0]network 172.17.0.2 0.0.0.0
[R2]bgp 100
[R2-bgp-default]ip vpn-instance GL
[R2-bgp-default-GL]address-family ipv4
[R2-bgp-default-ipv4-GL]import-route ospf 1


L2TP OSPF
#R2
[R2]interface LoopBack 1
[R2-LoopBack1]ip binding vpn-instance SC
[R2-LoopBack1]ip address 172.16.0.2 24
[R2]ospf 2 vpn-instance SC
[R2-ospf-2]import-route bgp type 1
[R2-ospf-2]area 0
[R2-ospf-2-area-0.0.0.0]network 172.16.0.2 0.0.0.0
[R2]bgp 100
[R2-bgp-default]ip vpn-instance SC
[R2-bgp-default-SC]address-family ipv4
[R2-bgp-default-ipv4-SC]import-route ospf 2

[R2]ip pool l2tp 172.16.0.1 172.16.0.254
[R2]ip pool l2tp gateway 172.16.0.254

[R2]local-user Test123 class network
[R2-luser-network-Test123]password simple Test123
[R2-luser-network-Test123]service-type ppp

[R2]domain system
[R2-isp-system]authentication ppp local

[R2]interface Virtual-Template 1
[R2-Virtual-Template1]ip binding vpn-instance SC
[R2-Virtual-Template1]ip address unnumbered interface LoopBack 1
[R2-Virtual-Template1]ppp authentication-mode chap
[R2-Virtual-Template1]remote address pool l2tp

[R2]l2tp enable
[R2]l2tp-group 1 mode lns
[R2-l2tp1]allow l2tp virtual-template 1 remote GW1
[R2-l2tp1]tunnel name R2
[R2-l2tp1]tunnel authentication
[R2-l2tp1]tunnel password simple Test123

[R2]l2tp enable
[R2]l2tp-group 2 mode lns
[R2-l2tp2]allow l2tp virtual-template 1 remote GW2
[R2-l2tp2]tunnel name R2
[R2-l2tp2]tunnel authentication
[R2-l2tp2]tunnel password simple Test123


#GW1
[GW1]l2tp enable
[GW1]l2tp-group 1 mode lac
[GW1-l2tp1]tunnel name GW1
[GW1-l2tp1]lns-ip 12.1.1.2
[GW1-l2tp1]tunnel authentication
[GW1-l2tp1]tunnel password simple Test123
[GW1]interface Virtual-PPP 1
[GW1-Virtual-PPP1]ppp chap user Test123
[GW1-Virtual-PPP1]ppp chap password simple Test123
[GW1-Virtual-PPP1]l2tp-auto-client l2tp-group 1

[GW1]ospf 2 router-id 10.4.1.1
[GW1-ospf-2]silent-interface GigabitEthernet 1/0/1.10
[GW1-ospf-2]silent-interface GigabitEthernet 1/0/1.11
[GW1-ospf-2]silent-interface GigabitEthernet 1/0/1.20
[GW1-ospf-2]silent-interface GigabitEthernet 1/0/1.30
[GW1-ospf-2]area 0
[GW1-ospf-2-area-0.0.0.0]network 10.4.1.1 0.0.0.0
[GW1-ospf-2-area-0.0.0.0]network 172.16.0.3 0.0.0.0
[GW1-ospf-2-area-0.0.0.0]network 10.4.10.254 0.0.0.0
[GW1-ospf-2-area-0.0.0.0]network 10.4.11.254 0.0.0.0
[GW1-ospf-2-area-0.0.0.0]network 10.4.20.254 0.0.0.0
[GW1-ospf-2-area-0.0.0.0]network 10.4.30.254 0.0.0.0

#GW2
[GW2]l2tp enable
[GW2]l2tp-group 1 mode lac
[GW2-l2tp1]tunnel name GW2
[GW2-l2tp1]lns-ip 12.1.1.2
[GW2-l2tp1]tunnel authentication
[GW2-l2tp1]tunnel password simple Test123
[GW2]interface Virtual-PPP 1
[GW2-Virtual-PPP1]ppp chap user Test123
[GW2-Virtual-PPP1]ppp chap password simple Test123
[GW2-Virtual-PPP1]l2tp-auto-client l2tp-group 1

[GW2]ospf 2 router-id 10.4.1.2
[GW2-ospf-2]silent-interface GigabitEthernet 1/0/1.10
[GW2-ospf-2]silent-interface GigabitEthernet 1/0/1.11
[GW2-ospf-2]silent-interface GigabitEthernet 1/0/1.20
[GW2-ospf-2]silent-interface GigabitEthernet 1/0/1.30
[GW2-ospf-2]area 0
[GW2-ospf-2-area-0.0.0.0]network 10.4.1.2 0.0.0.0
[GW2-ospf-2-area-0.0.0.0]network 172.16.0.4 0.0.0.0
[GW2-ospf-2-area-0.0.0.0]network 10.4.10.254 0.0.0.0
[GW2-ospf-2-area-0.0.0.0]network 10.4.11.254 0.0.0.0
[GW2-ospf-2-area-0.0.0.0]network 10.4.20.254 0.0.0.0
[GW2-ospf-2-area-0.0.0.0]network 10.4.30.254 0.0.0.0


#VAC
[VAC]wlan ap-group Admin_BJ
[VAC]wlan ap-group Admin_GZ

验证:

 

4. 北京综合服务中心使用S3交换机作为无线生产1用户(VLAN 10)、办公1用户(VLAN 20)和无线FIT AP1(VLAN 30)的DHCP服务器。使用S4交换机作为无线生产2用户(VLAN 10)、办公2用户(VLAN 20)和无线FIT AP2(VLAN 30)的DHCP服务器。

//DHCP已配置

5. 北京综合服务中心无线网络部署中,创建SSID为BJ_SC_DOT1X_XX;WLANID为1;AP-GROUP为Admin_BJ;无线用户(认证用户名user1、密码为YY)关联SSID后使用802.1X认证方式,可自动获取VLAN10地址(XX、YY现场提供)。

#VAC
[VAC]wlan service-template 1
[VAC-wlan-st-1]ssid BJ_SC_DOT1X_01
[VAC-wlan-st-1]akm mode psk
[VAC-wlan-st-1]preshared-key pass-phrase simple H3C@2023
[VAC-wlan-st-1]cipher-suite ccmp
[VAC-wlan-st-1]security-ie rsn
[VAC-wlan-st-1]vlan 10
[VAC-wlan-st-1]service-template enable

[VAC]wlan ap AP1 model WA6320-HCL
[VAC-wlan-ap-AP1]serial-id H3C_5a-4e-b2-c3-0f-00
[VAC-wlan-ap-AP1]radio 1
[VAC-wlan-ap-AP1-radio-1]service-template 1
[VAC-wlan-ap-AP1-radio-1]radio enable
[VAC-wlan-ap-AP1]radio 2
[VAC-wlan-ap-AP1-radio-2]service-template 1
[VAC-wlan-ap-AP1-radio-2]radio enable

[VAC]wlan ap-group admin_bj
[VAC-wlan-ap-group-admin_bj]ap AP1

6. 北京综合服务中心无线网络部署中,创建SSID为BJ_BG_WEB_XX;WLANID为2;AP-GROUP为Admin_BJ;无线用户(认证用户名user2、密码为YY)关联SSID后使用WEB认证方式,可自动获取VLAN20地址(XX、YY现场提供)。

#VAC
[VAC]wlan service-template 2
[VAC-wlan-st-2]ssid BJ_BG_WEB_01
[VAC-wlan-st-2]akm mode psk
[VAC-wlan-st-2]preshared-key pass-phrase simple H3C@2023
[VAC-wlan-st-2]cipher-suite ccmp
[VAC-wlan-st-2]security-ie rsn
[VAC-wlan-st-2]vlan 10
[VAC-wlan-st-2]service-template enable

[VAC]wlan ap AP2 model WA6320-HCL
[VAC-wlan-ap-AP2]serial-id H3C_5A-4E-D8-16-10-00
[VAC-wlan-ap-AP2]radio 1
[VAC-wlan-ap-AP2-radio-1]service-template 2
[VAC-wlan-ap-AP2-radio-1]radio enable
[VAC-wlan-ap-AP2]radio 2
[VAC-wlan-ap-AP2-radio-2]service-template 2
[VAC-wlan-ap-AP2-radio-2]radio enable

[VAC]wlan ap-group admin_bj
[VAC-wlan-ap-group-admin_bj]ap AP2

7. 广州生产中心使用GW1/GW2作为无线生产1用户(VLAN 10)、生产2用户(VLAN 11)和无线FIT AP3(VLAN 20)的DHCP服务器。

//DHCP已配置

8. 广州生产中心无线网络部署中,创建SSID为GZ_SC_DOT1X_XX;WLANID为3;AP-GROUP为Admin_GZ;无线用户(认证用户名user11、密码为YY)关联SSID后使用802.1X认证方式,可自动获取VLAN10地址(XX、YY现场提供)。

#VAC
[VAC]wlan service-template 3
[VAC-wlan-st-3]ssid GZ_SC_DOT1X_01
[VAC-wlan-st-3]akm mode psk
[VAC-wlan-st-3]preshared-key pass-phrase simple H3C@2023
[VAC-wlan-st-3]cipher-suite ccmp
[VAC-wlan-st-3]security-ie rsn
[VAC-wlan-st-3]vlan 10
[VAC-wlan-st-3]service-template enable

[VAC]wlan ap AP3 model WA6320-HCL
[VAC-wlan-ap-AP3]serial-id H3C_5A-4E-D8-16-10-00
[VAC-wlan-ap-AP3]radio 1
[VAC-wlan-ap-AP3-radio-1]service-template 3
[VAC-wlan-ap-AP3-radio-1]radio enable

[VAC]wlan ap-group admin_gz
[VAC-wlan ap-group admin_gz]ap AP3

9. 广州生产中心无线网络部署中,创建SSID为:GZ_SC_WEB_XX;WLANID为4;AP-GROUP为Admin_GZ;无线用户(认证用户名user12、密码为YY)关联SSID后使用WEB认证方式,可自动获取VLAN11地址(XX、YY现场提供)。

#VAC
[VAC]wlan service-template 4
[VAC-wlan-st-4]ssid GZ_SC_WEB_01
[VAC-wlan-st-4]akm mode psk
[VAC-wlan-st-4]preshared-key pass-phrase simple H3C@2023
[VAC-wlan-st-4]cipher-suite ccmp
[VAC-wlan-st-4]security-ie rsn
[VAC-wlan-st-4]vlan 11
[VAC-wlan-st-4]service-template enable

[VAC]wlan ap AP3 model WA6320-HCL
[VAC-wlan-ap-AP3]radio 2
[VAC-wlan-ap-AP3-radio-2]service-template 4
[VAC-wlan-ap-AP3-radio-2]radio enable

10. 认证平台考试现场提供登陆用户名密码信息。

11. 所有AP均通过VAC的loopback 0接口建立隧道。

12. 无线用户的下行平均速率为1000KB/s,突发速率为1600KB/s。

#VAC
[VAC]wlan service-template 1
[VAC-wlan-st-1]client-rate-limit outbound mode static cir 1000
[VAC]wlan service-template 2
[VAC-wlan-st-2]client-rate-limit outbound mode static cir 1000
[VAC]wlan service-template 3
[VAC-wlan-st-3]client-rate-limit outbound mode static cir 1000
[VAC]wlan service-template 4
[VAC-wlan-st-4]client-rate-limit outbound mode static cir 1000

13. 每AP最大带点人数为25人。

#VAC
[VAC]wlan service-template 1
[VAC-wlan-st-1]client max-count 25
[VAC]wlan service-template 2
[VAC-wlan-st-2]client max-count 25
[VAC]wlan service-template 3
[VAC-wlan-st-3]client max-count 25
[VAC]wlan service-template 4
[VAC-wlan-st-4]client max-count 25

(四)出口网络配置

1. 北京综合服务中心办公终端可通过出口路由器R2 G 0/0.21子接口的NAPT方式访问互联网。

#R2
[R2]acl basic 2000
[R2-acl-ipv4-basic-2000]rule permit source 10.1.20.0 0.0.0.255
[R2-acl-ipv4-basic-2000]rule permit source 10.2.20.0 0.0.0.255

[R2]nat address-group 1
[R2-address-group-1]address 21.1.1.2 21.1.1.2

[R2]interface GigabitEthernet 0/0.21
[R2-GigabitEthernet0/0.21]nat outbound 2000 address-group 1

[R2]bgp 100
[R2-bgp-default]ip vpn-instance BG
[R2-bgp-default-BG]address-family ipv4
[R2-bgp-default-ipv4-BG]default-route imported

#S1
[S1]ospf 12
[S1-ospf-12]default-route-advertise always type 1

#S2
[S2]ospf 12
[S2-ospf-12]default-route-advertise always type 1

2. 上海管理中心局域网管理终端可通过出口路由器R3 NAPT方式访问互联网。

#R3
[R3]nat address-group 1
[R3-address-group-1]address 13.1.1.2 13.1.1.2

[R3]acl basic 2000
[R3-acl-ipv4-basic-2000]rule permit source 192.1.100.0 0.0.0.255
[R3-acl-ipv4-basic-2000]rule permit source 194.1.100.0 0.0.0.255

[R3]interface GigabitEthernet 0/1
[R3-GigabitEthernet0/1]nat outbound 2000 address-group 1

3. 广州生产中心局域网生产终端可通过出口网关GW1/GW2 NAPT方式访问互联网。

#GW1
[GW1]nat address-group 1
[GW1-address-group-1]address 17.1.1.2 17.1.1.2

[GW1]acl basic 2000
[GW1-acl-ipv4-basic-2000]rule permit source 10.4.10.0 0.0.0.255
[GW1-acl-ipv4-basic-2000]rule permit source 10.4.11.0 0.0.0.255

[GW1]interface GigabitEthernet 1/0/0
[GW1-GigabitEthernet1/0/0]nat outbound 2000 address-group 1

#GW2
[GW2]nat address-group 1
[GW2-address-group-1]address 17.1.1.2 17.1.1.2

[GW2]acl basic 2000
[GW2-acl-ipv4-basic-2000]rule permit source 10.4.10.0 0.0.0.255
[GW2-acl-ipv4-basic-2000]rule permit source 10.4.11.0 0.0.0.255

[GW2]interface GigabitEthernet 1/0/0
[GW2-GigabitEthernet1/0/0]nat outbound 2000 address-group 1

验证:

4. 广州生产中心出口网关内网启用VRRP功能,其中GW1为生产1、AP管理、网络设备管理网段的主设备,优先级255;GW2为生产2的主设备,优先级255;两者互为备份,在其中一台宕机的情况下终端流量可以无缝切换到另一台设备,达到网关冗余备份的目的。

VRRP

#GW1
[GW1]interface GigabitEthernet 1/0/1.10
[GW1-GigabitEthernet1/0/1.10]vrrp vrid 10 virtual-ip 10.4.10.254
[GW1]interface GigabitEthernet 1/0/1.11
[GW1-GigabitEthernet1/0/1.11]vrrp vrid 11 virtual-ip 10.4.11.253
[GW1]interface GigabitEthernet 1/0/1.20
[GW1-GigabitEthernet1/0/1.20]vrrp vrid 20 virtual-ip 10.4.20.254
[GW1]interface GigabitEthernet 1/0/1.30
[GW1-GigabitEthernet1/0/1.30]vrrp vrid 30 virtual-ip 10.4.30.254

#GW2
[GW2]interface GigabitEthernet 1/0/1.10
[GW2-GigabitEthernet1/0/1.10]vrrp vrid 10 virtual-ip 10.4.10.254
[GW2]interface GigabitEthernet 1/0/1.11
[GW2-GigabitEthernet1/0/1.11]vrrp vrid 11 virtual-ip 10.4.11.253
[GW2]interface GigabitEthernet 1/0/1.20
[GW2-GigabitEthernet1/0/1.20]vrrp vrid 20 virtual-ip 10.4.20.254
[GW2]interface GigabitEthernet 1/0/1.30
[GW2-GigabitEthernet1/0/1.30]vrrp vrid 30 virtual-ip 10.4.30.254

验证:

 

5. 在R3与R2间启用GRE隧道,隧道内承载OSPF协议,使上海管理中心与北京综合服务中心内网连通(访问规则遵循MPLS VPN规划)。

//配置WLAN时已配置

验证:

6. GW1/GW2与R2间启用L2TP隧道,隧道内承载OSPF协议,使广州生产中心与北京综合服务中心内网连通(访问规则遵循MPLS VPN规划)。两者互为备份,在其中一台宕机的情况下业务流量可自动切换到另一条L2TP隧道进行转发。

7. L2TP隧道验证用户名及密码均为Test@123,L2TP隧道密码为Test@123。L2TP用户地址池为172.16.0.1—172.16.0.254,服务端L2TP隧道接口引用本地loopback 1接口地址。

//6、7配置WLAN时已配置

验证:

8. IPsecVPN针对GRE及L2TP隧道内数据进行加密,其中isakmp策略定义加密算法采用3des。散列算法采用md5,预共享密码为Test@123。DH使用组2。此外,转换集myset定义加密验证方式为esp-des esp-md5-hmac。加密图定义为mymap。

9. 出口网关GW1上,设置黑名单禁止局域网用户通过浏览器访问www.exam.com网址。

2023全国职业院校技能大赛网络系统管理 网络模块 出口配置
qq1324434947的博客
12-26 1001
全国职业院校技能大赛网络系统管理网络模块 出口配置
2023全国职业院校技能大赛网络系统管理赛项Windows 环境题解与解析(样题节选)
2301_77192876的博客
05-08 1538
2023全国职业院校技能大赛网络系统管理赛项Windows 环境题解与解析(样题节选)
H3C-H3CNE 华三网络工程师从入门到精通 自学视频课程[肖哥]
02-20
本课程涉及计算机网络基础知识、企业网常用技术介绍、H3C路由器和交换机配置网络运维,常用工具介绍、H3C模拟器介绍、H3C资料和手册。全国职业院校技能大赛-高职组计算机网络应用赛项讲解。
2023全国职业院校技能大赛网络系统管理网络模块运维平台解析
YYANG3的博客
05-09 848
2023全国职业院校技能大赛网络系统管理网络模块运维平台解析
全国职业院校技能大赛 网络系统管理赛项样题(2023
12-26
全国职业院校技能大赛 网络系统管理赛项样题(2022),包含2022年网络模块,Linux,windows的十套样题
H3CNE-2-全国职业院校技能大赛介绍
最新发布
更多内容查看博客描述。
05-19 454
H3C全国职业院校技能大赛H3C National Vocational College Skills Competition)是中国国内针对职业院校学生的一项重要技能竞赛。该比赛旨在提高学生的信息技术水平,促进职业教育的发展,并为行业输送更多高素质的技术人才。
2022—2023年度全国职业院校技能大赛网络系统管理赛项(网络构建部分四)
LBQ020325的博客
01-04 1293
全国职业院校技能大赛网络系统管理赛项,网络构建部分的出口网络配置。
2024年广东省网络系统管理样题第1套网络搭建部分
Geek极安云科-致力于网络安全事业
04-13 1074
专注职业教育技能竞赛培训4年,包含及。本团队基于赛项知识点,提供完整全面的系统性理论教学与技能培训,成立至今持续优化教学资源与讲师结构,拥有丰富的职业教育经验,提供CTF赛事承办、理论讲解、技能教学等多种服务,通过校企合作、产教融合为院校与经济社会发展培养更多高素质应用型技能人才,推进学校高质量建设。团队讲师由等专业人才组成。截止年已帮助各大院校竞赛团队取得,CTF赛事承办方案获各省市院校一致好评与认可。
2023全国职业院校技能大赛——网络系统管理:Windows & Linux 服务部署“评分标准“
君逍遥o
11-17 4254
2023全国职业院校技能大赛——网络系统管理:Windows & Linux 服务部署"评分标准"
2023全国职业院校技能大赛GZ073网络系统管理赛项模块A:网络构建卷II——赛题解析+命令配置
君逍遥o
01-11 2059
13.北京综合服务中心内网VLAN40 IPv6终端有访问广域网30.0.0.1地址需求,为此在R2路由器部署NAT-PT实现IPv6地址的动态转换,具体规划内网IPv6地址转换地址池为12.1.1.3-12.1.1.5,30.0.0.1转换为2001:21:1::2。无线用户(认证用户名user1、密码为YY)关联SSID后使用802.1X认证方式,可自动获取VLAN10地址(XX、YY现场提供)。R2、S1、S2间归属区域0,S1、S3间归属区域1,S2、S4间归属区域2。配置AC1为主,AC2为备。
2023全国职业院校技能大赛GZ073网络系统管理赛项模块A:网络构建题解
qq1324434947的博客
01-01 3516
2023全国职业院校技能大赛GZ073网络系统管理赛项模块A:网络构建题解
2022年全国职业院校技能大赛网络系统管理赛项模块C:Linux部署
weixin_42221934的博客
10-14 2788
2022年网络系统管理赛项模块C:Linux样题部署解析
2022全国职业技能大赛-网络系统管理-Windows模块评分标准
君逍遥o
05-06 843
2022全国职业技能大赛-网络系统管理-Windows模块评分标准
2023全国职业院校技能大赛网络系统管理网络模块 无线网络配置
qq1324434947的博客
12-26 2241
无线用户(认证用户名user1、密码为YY)关联SSID后使用802.1X认证方式,可自动获取VLAN10地址(XX、YY现场提供)。12.广州生产中心无线网络部署中,创建SSID为:GZ_SC_WEB_XX;无线用户(认证用户名user2、密码为YY)关联SSID后使用WEB认证方式,可自动获取VLAN20地址(XX、YY现场提供)。10.广州生产中心使用GW1/GW2作为无线生产1用户(VLAN 10)、生产2用户(VLAN 11)和无线FIT AP3(VLAN 20)的DHCP服务器
2023年江西省职业院校技能大赛 高职组 “工业网络智能控制与维护”赛项(教师赛)
君逍遥o
11-15 1924
本比赛项目通过物理平台达成赛项考核目标,该平台有多个部分构成:工业网络、控制、检测、执行和信息管理等单元,每个单元均配有通信接口,通过组 网能够实现对整个钢珠罐装生产线系统的工业网络智能控制与维护。 工业网络单元利用以太网通信接口实现整个生产线系统的网络通信,能够实 现与其它单元的网络通信与数据传输。 控制单元包括PLC、伺服控制器、远程I/O等电气部件,用于接收来自检测单元的传感数据,发送控制指令,实现执行单元的动作执行,以及和信息管理单 元实现数据可视化、信息化管理等功能。
【题目】【网络系统管理】2022 年全国职业院校技能大赛 网络系统管理赛项 模块 A:网络构建
Geek极安云科-致力于网络安全事业
03-22 1295
创建上海分部内网 SSID 为 Test-SH_XX(XX 现场提供),WLAN ID 为 2,AP-Group 为 SH;本团队基于赛项知识点,提供完整全面的系统性理论教学与技能培训,成立至今持续优化教学资源与讲师结构,拥有丰富的职业教育经验,提供CTF赛事承办、理论讲解、技能教学等多种服务,通过校企合作、产教融合为院校与经济社会发展培养更多高素质应用型技能人才,推进学校高质量建设。19.网络异常时业务连通路径要求:EG1 宕机情况,总部访问互联网的路径切换为:S1-S2-EG2-S6-S5;
华三交换机irf堆叠配置方法
apple_63798201的博客
02-13 2286
一、 配置IRF 配置设备编号 # 设备 A保留缺省编号为1,不需要进行配置。同时,在设备 B上将设备的成员编号修改为2。 system-view [设备B] irf member 1 renumber 2 Warning: Renumbering the switch number may result inconfiguration change or loss. Continue? [Y/N]:y
华为端口隔离 互通_交换机怎么节省VLAN,端口隔离是怎么回事,一分钟了解下...
weixin_39814393的博客
11-20 690
一、端口隔离简介为了实现端口间的二层隔离,可以将不同的端口加入不同的 VLAN,但 VLAN 资源有限。采用端口隔离特性,用户只需要将端口加入到隔离组中,就可以实现隔离组内端口之间二层隔离,而不关心这些端口所属 VLAN,从而节省 VLAN 资源。隔离组内的端口与未加入隔离组的端口之间二层流量双向互通。1、配置隔离组设备支持多个隔离组,用户可以手工配置。隔离组内可以加入的端口数量没有限制。2、端口...
华三交换机ospf宣告IPv6
11-24
华三交换机可以通过以下步骤来宣告IPv6的OSPF路由: 1. 配置IPv6地址和启用OSPFv3协议: ```shell interface GigabitEthernet 0/0/1 ipv6 address 2001:db8:1::1/64 ospfv3 1 ipv6 area 0 ``` 2. 配置OSPFv3进程ID和Router ID: ```shell ospfv3 1 router-id 1.1.1.1 ``` 3. 配置OSPFv3区域: ```shell ospfv3 1 area 0 ``` 4. 配置OSPFv3网络类型: ```shell interface GigabitEthernet 0/0/1 ospfv3 1 ipv6 network-type broadcast ``` 5. 配置OSPFv3接口传输成本: ```shell interface GigabitEthernet 0/0/1 ospfv3 1 ipv6 cost 10 ``` 6. 配置OSPFv3默认路由: ```shell ipv6 route ::/0 GigabitEthernet 0/0/1 ``` 注意:以上仅为示例配置,实际配置需要根据网络拓扑和需求进行调整。
评论 8
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

机房保安

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值