基于ensp搭建的园区网

已于 2024-07-02 19:17:44 修改
阅读量1.2k 收藏 33
点赞数 8
分类专栏: 网工基础 文章标签: 网络
于 2024-06-06 23:32:37 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_65150735/article/details/139218841
版权

核心技术介绍

1、虚拟局域网(VLAN)

2、链路聚合(E-trunk)

3、多生成树协议(MSTP)

4、VLANIF三层逻辑接口

5、虚拟路由冗余协议(VRRP)

6、开放式最短路径优先(OSPF)

7、动态主机配置协议(DHCP)

8、无线局域网集中式管理(AC+AP)

9、防火墙安全策略(Firewall Security Policy)

10、网络地址转换协议(NAT)

        

网络拓扑规划

全局图

        

 核心层

汇聚层

 接入层

        

网络设备配置

规划VLAN

Switch3

<Huawei>system-view 
[Huawei]undo info-center enable 
[Huawei]vlan batch 10 20 30 40

[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]port default vlan 10
[Huawei-Ethernet0/0/1]stp edged-port enable 
[Huawei-Ethernet0/0/1]quit

[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 20
[Huawei-Ethernet0/0/3]stp edged-port enable
[Huawei-Ethernet0/0/3]quit

[Huawei]port-group group-member e0/0/4 to e0/0/5
[Huawei-port-group]port link-type trunk
[Huawei-port-group]port trunk allow-pass vlan all
[Huawei-port-group]quit

Switch4

<Huawei>system-view 
[Huawei]undo info-center enable 
[Huawei]vlan batch 10 20 30 40

[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]port default vlan 30
[Huawei-Ethernet0/0/1]stp edged-port enable 
[Huawei-Ethernet0/0/1]quit

[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 40
[Huawei-Ethernet0/0/3]stp edged-port enable
[Huawei-Ethernet0/0/3]quit

[Huawei]port-group group-member e0/0/4 to e0/0/5
[Huawei-port-group]port link-type trunk
[Huawei-port-group]port trunk allow-pass vlan all
[Huawei-port-group]quit

Switch1

<Huawei>system-view
[Huawei]undo info-center enable 
[Huawei]vlan batch 10 20 30 40

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/1]quit

[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/2]quit

Switch2

<Huawei>system-view
[Huawei]vlan batch 10 20 30 40
[Huawei]undo info-center enable 

[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/2]quit

[Huawei]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type trunk 
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan all 
[Huawei-GigabitEthernet0/0/3]quit

链路聚合

Switch1

[Huawei]int Eth-Trunk 12
[Huawei-Eth-Trunk12]mode lacp-static 
[Huawei-Eth-Trunk12]trunkport g0/0/3
[Huawei-Eth-Trunk12]trunkport g0/0/4
[Huawei-Eth-Trunk12]port link-type trunk
[Huawei-Eth-Trunk12]port trunk allow-pass vlan all
[Huawei-Eth-Trunk12]display this
[Huawei-Eth-Trunk12]quit

Switch2

[Huawei]int Eth-Trunk 12
[Huawei-Eth-Trunk12]mode lacp-static 
[Huawei-Eth-Trunk12]trunkport g0/0/1
[Huawei-Eth-Trunk12]trunkport g0/0/5
[Huawei-Eth-Trunk12]port link-type trunk
[Huawei-Eth-Trunk12]port trunk allow-pass vlan all
[Huawei-Eth-Trunk12]display this
[Huawei-Eth-Trunk12]quit

部署MSTP

Switch1

[Huawei]stp mode mstp

[Huawei]stp region-configuration 
[Huawei-mst-region]region-name yeslab
[Huawei-mst-region]revision-level 1
[Huawei-mst-region]instance 1 vlan 10 20
[Huawei-mst-region]instance 2 vlan 30 40
[Huawei-mst-region]active region-configuration
[Huawei-mst-region]quit

[Huawei]stp instance 1 root primary 
[Huawei]stp instance 2 root secondary 

[Huawei]display stp region-configuration

Switch2

[Huawei]stp mode mstp 

[Huawei]stp region-configuration 
[Huawei-mst-region]region-name yeslab
[Huawei-mst-region] revision-level 1
[Huawei-mst-region] instance 1 vlan 10 20
[Huawei-mst-region] instance 2 vlan 30 40
[Huawei-mst-region] active region-configuration
[Huawei-mst-region]quit

[Huawei]stp instance 1 root secondary 
[Huawei]stp instance 2 root primary 

[Huawei]display stp region-configuration

Switch3

[Huawei]stp mode mstp

[Huawei]stp region-configuration 
[Huawei-mst-region]region-name yeslab
[Huawei-mst-region]revision-level 1
[Huawei-mst-region]instance 1 vlan 10 20
[Huawei-mst-region]instance 2 vlan 30 40
[Huawei-mst-region]active region-configuration 
[Huawei-mst-region]quit

[Huawei]display stp instance 1 brief 
[Huawei]display stp instance 2 brief
[Huawei]display stp region-configuration

Switch4

[Huawei]stp mode mstp 

[Huawei]stp region-configuration 
[Huawei-mst-region]region-name yeslab
[Huawei-mst-region]revision-level 1
[Huawei-mst-region]instance 1 vlan 10 20
[Huawei-mst-region]instance 2 vlan 30 40
[Huawei-mst-region]active region-configuration
[Huawei-mst-region]quit

[Huawei]display stp instance 1 brief 
[Huawei]display stp instance 2 brief
[Huawei]display stp region-configuration

配置VLANIF

Switch1

[Huawei]int vlanif 10
[Huawei-Vlanif10]ip address 192.168.10.251 24
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif20]ip address 192.168.20.251 24
[Huawei-Vlanif20]quit

[Huawei]int vlanif 30
[Huawei-Vlanif30]ip address 192.168.30.251 24
[Huawei-Vlanif30]quit

[Huawei]int vlanif 40
[Huawei-Vlanif40]ip address 192.168.40.251 24
[Huawei-Vlanif40]quit

Switch2

[Huawei]int vlanif 10
[Huawei-Vlanif10]ip address 192.168.10.252 24
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif20]ip address 192.168.20.252 24
[Huawei-Vlanif20]quit

[Huawei]int vlanif 30
[Huawei-Vlanif30]ip address 192.168.30.252 24
[Huawei-Vlanif30]quit

[Huawei]int vlanif 40
[Huawei-Vlanif40]ip address 192.168.40.252 24
[Huawei-Vlanif40]quit

配置VRRP

Switch1

[Huawei]int vlanif 10
[Huawei-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[Huawei-Vlanif10]vrrp vrid 10 priority 120
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif10]vrrp vrid 20 virtual-ip 192.168.20.254
[Huawei-Vlanif10]vrrp vrid 20 priority 120
[Huawei-Vlanif10]quit

[Huawei]int vlanif 30
[Huawei-Vlanif10]vrrp vrid 30 virtual-ip 192.168.30.254
[Huawei-Vlanif10]vrrp vrid 30 priority 110
[Huawei-Vlanif10]quit

[Huawei]int vlanif 40
[Huawei-Vlanif10]vrrp vrid 40 virtual-ip 192.168.40.254
[Huawei-Vlanif10]vrrp vrid 40 priority 110
[Huawei-Vlanif10]quit

[Huawei]display vrrp brief

Switch2

[Huawei]int vlanif 10
[Huawei-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[Huawei-Vlanif10]vrrp vrid 10 priority 110
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif10]vrrp vrid 20 virtual-ip 192.168.20.254
[Huawei-Vlanif10]vrrp vrid 20 priority 110
[Huawei-Vlanif10]quit

[Huawei]int vlanif 30
[Huawei-Vlanif10]vrrp vrid 30 virtual-ip 192.168.30.254
[Huawei-Vlanif10]vrrp vrid 30 priority 120
[Huawei-Vlanif10]quit

[Huawei]int vlanif 40
[Huawei-Vlanif10]vrrp vrid 40 virtual-ip 192.168.40.254
[Huawei-Vlanif10]vrrp vrid 40 priority 120
[Huawei-Vlanif10]quit

[Huawei]display vrrp brief

配置接口IP

Router1

<Huawei>system-view 
[Huawei]undo info-center enable

[Huawei]int LoopBack 0
[Huawei-LoopBack0]ip address 10.1.1.1 32
[Huawei-LoopBack0]quit

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.101.1 24
[Huawei-GigabitEthernet0/0/0]quit

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.102.1 24
[Huawei-GigabitEthernet0/0/1]quit

[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 10.1.12.1 24
[Huawei-GigabitEthernet0/0/2]quit

[Huawei]int g2/0/0
[Huawei-GigabitEthernet2/0/0]ip address 10.1.15.1 24
[Huawei-GigabitEthernet2/0/0]quit

[Huawei]int g2/0/1
[Huawei-GigabitEthernet2/0/1]ip address 10.1.11.1 24
[Huawei-GigabitEthernet2/0/1]quit

[Huawei]int pos4/0/0
[Huawei-Pos4/0/0]ip address 10.1.13.1 24
[Huawei-Pos4/0/0]quit

Router2

<Huawei>system-view 
[Huawei]undo info-center enable 

[Huawei]int LoopBack 0
[Huawei-LoopBack0]ip address 10.1.2.2 32
[Huawei-LoopBack0]quit

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.12.2 24
[Huawei-GigabitEthernet0/0/0]quit

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.103.1 24
[Huawei-GigabitEthernet0/0/1]quit

[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 10.1.104.1 24
[Huawei-GigabitEthernet0/0/2]quit

[Huawei]int pos2/0/0
[Huawei-Pos2/0/0]ip address 10.1.14.1 24
[Huawei-Pos2/0/0]quit

Router3

<Huawei>system-view 
[Huawei]undo info-center enable 

[Huawei]int LoopBack 0
[Huawei-LoopBack0]ip address 200.200.200.200 32
[Huawei-LoopBack0]quit

[Huawei]int pos4/0/0
[Huawei-Pos4/0/0]ip address 10.1.14.2 24
[Huawei-Pos4/0/0]quit

[Huawei]int pos6/0/0
[Huawei-Pos6/0/0]ip address 10.1.13.2 24
[Huawei-Pos6/0/0]quit

Switch1

[Huawei]vlan batch 101 103

[Huawei]int vlanif 101
[Huawei-Vlanif101]ip address 10.1.101.2 24
[Huawei-Vlanif101]quit

[Huawei]int vlanif 103
[Huawei-Vlanif103]ip address 10.1.103.2 24
[Huawei-Vlanif103]quit

[Huawei]int g0/0/5
[Huawei-GigabitEthernet0/0/5]port link-type access
[Huawei-GigabitEthernet0/0/5]port default vlan 101
[Huawei-GigabitEthernet0/0/5]quit

[Huawei]int g0/0/6
[Huawei-GigabitEthernet0/0/6]port link-type access
[Huawei-GigabitEthernet0/0/6]port default vlan 103
[Huawei-GigabitEthernet0/0/6]quit

Switch2

[Huawei]vlan batch 102 104

[Huawei]int vlanif 102
[Huawei-Vlanif102]ip address 10.1.102.2 24
[Huawei-Vlanif102]quit

[Huawei]int vlanif 104
[Huawei-Vlanif104]ip address 10.1.104.2 24
[Huawei-Vlanif104]quit

[Huawei]int g0/0/6
[Huawei-GigabitEthernet0/0/6]port link-type access 
[Huawei-GigabitEthernet0/0/6]port default vlan 102
[Huawei-GigabitEthernet0/0/6]quit

[Huawei]int g0/0/7
[Huawei-GigabitEthernet0/0/7]port link-type access
[Huawei-GigabitEthernet0/0/7]port default vlan 104
[Huawei-GigabitEthernet0/0/7]quit

配置OSPF

Router1

[Huawei]ospf 1 router-id 1.1.1.1
[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 10.1.11.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.101.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.102.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.12.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.15.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.1.1 0.0.0.0

[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[Huawei-ospf-1-area-0.0.0.0]dis ospf peer brief

Router2

[Huawei]ospf 1 router-id 2.2.2.2
[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 10.1.12.2 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.103.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.104.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.14.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.2.2 0.0.0.0

[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[Huawei-ospf-1-area-0.0.0.0]dis ospf peer brief

Switch1

[Huawei]ospf 1 router-id 3.3.3.3
[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 192.168.10.251 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.20.251 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.30.251 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.40.251 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.101.2 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.103.2 0.0.0.0

[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[Huawei-ospf-1-area-0.0.0.0]dis ospf peer brief

Switch2

[Huawei]ospf 1 router-id 4.4.4.4
[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 192.168.10.252 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.20.252 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.30.252 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.40.252 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.102.2 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.104.2 0.0.0.0

[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[Huawei-ospf-1-area-0.0.0.0]dis ospf peer brief

 配置DHCP

DHCP服务器

<Huawei>system-view 
[Huawei]undo info-center enable 

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.11.2 24
[Huawei-GigabitEthernet0/0/0]quit

[Huawei]dhcp enable 

[Huawei]ip pool VLAN10
[Huawei-ip-pool-VLAN10]network 192.168.10.0 mask 255.255.255.0
[Huawei-ip-pool-VLAN10]gateway-list 192.168.10.254
[Huawei-ip-pool-VLAN10]dns-list 114.114.114.114
[Huawei-ip-pool-VLAN10]excluded-ip-address 192.168.10.251 192.168.10.253
[Huawei-ip-pool-VLAN10]domain-name yeslab.net
[Huawei-ip-pool-VLAN10]quit

[Huawei]ip pool VLAN20
[Huawei-ip-pool-VLAN20]network 192.168.20.0 mask 255.255.255.0
[Huawei-ip-pool-VLAN20]gateway-list 192.168.20.254
[Huawei-ip-pool-VLAN20]dns-list 114.114.114.114
[Huawei-ip-pool-VLAN20]excluded-ip-address 192.168.20.251 192.168.20.253
[Huawei-ip-pool-VLAN20]domain-name yeslab.net
[Huawei-ip-pool-VLAN20]quit

[Huawei]ip pool VLAN30
[Huawei-ip-pool-VLAN30]network 192.168.30.0 mask 255.255.255.0
[Huawei-ip-pool-VLAN30]gateway-list 192.168.30.254
[Huawei-ip-pool-VLAN30]dns-list 114.114.114.114
[Huawei-ip-pool-VLAN30]excluded-ip-address 192.168.30.251 192.168.30.253
[Huawei-ip-pool-VLAN30]domain-name yeslab.net
[Huawei-ip-pool-VLAN30]quit

[Huawei]ip pool VLAN40
[Huawei-ip-pool-VLAN40]network 192.168.40.0 mask 255.255.255.0
[Huawei-ip-pool-VLAN40]gateway-list 192.168.40.254
[Huawei-ip-pool-VLAN40]dns-list 114.114.114.114
[Huawei-ip-pool-VLAN40]excluded-ip-address 192.168.40.251 192.168.40.253
[Huawei-ip-pool-VLAN40]domain-name yeslab.net
[Huawei-ip-pool-VLAN40]quit

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]dhcp select global 
[Huawei-GigabitEthernet0/0/0]quit

[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.1.11.1

Switch1

[Huawei]dhcp enable 

[Huawei]int vlanif 10
[Huawei-Vlanif10]dhcp select relay 
[Huawei-Vlanif10]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif20]dhcp select relay 
[Huawei-Vlanif20]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif20]quit

[Huawei]int vlanif 30
[Huawei-Vlanif30]dhcp select relay
[Huawei-Vlanif30]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif30]quit

[Huawei]int vlanif 40
[Huawei-Vlanif40]dhcp select relay
[Huawei-Vlanif40]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif40]quit

Switch2

[Huawei]dhcp enable 

[Huawei]int vlanif 10
[Huawei-Vlanif10]dhcp select relay
[Huawei-Vlanif10]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif20]dhcp select relay
[Huawei-Vlanif20]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif20]quit

[Huawei]int vlanif 30
[Huawei-Vlanif30]dhcp select relay
[Huawei-Vlanif30]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif30]quit

[Huawei]int vlanif 40
[Huawei-Vlanif40]dhcp select relay
[Huawei-Vlanif40]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif40]quit

到此实现了内网互联互通

配置WLAN

VLAN划分

Switch1

[Huawei]vlan 111
[Huawei-vlan101]quit

Switch2

[Huawei]vlan 111
[Huawei-vlan101]quit

[Huawei]int g0/0/4
[Huawei-GigabitEthernet0/0/4]port link-type trunk
[Huawei-GigabitEthernet0/0/4]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/4]quit

Switch3

[Huawei]vlan 111
[Huawei-vlan101]quit

[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type trunk 
[Huawei-Ethernet0/0/2]port trunk pvid vlan 111
[Huawei-Ethernet0/0/2]port trunk allow-pass vlan all
[Huawei-Ethernet0/0/2]quit

Switch4

[Huawei]vlan 111
[Huawei-vlan101]quit

[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type trunk
[Huawei-Ethernet0/0/2]port trunk pvid vlan 111
[Huawei-Ethernet0/0/2]port trunk allow-pass vlan all
[Huawei-Ethernet0/0/2]quit

AC

<AC6605>system-view 
[AC6605]undo info-center enable

[AC6605]vlan 111
[AC6605-vlan101]quit

[AC6605]int g0/0/1
[AC6605-GigabitEthernet0/0/1]port link-type trunk 
[AC6605-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC6605-GigabitEthernet0/0/1]quit

[AC6605]dhcp enable 
[AC6605]int vlanif 111
[AC6605-Vlanif111]ip address 192.168.111.254 24
[AC6605-Vlanif111]dhcp select interface

AP        [Huawei]display system-information 

AP上线

[AC6605]wlan
[AC6605-wlan-view]regulatory-domain-profile name default
[AC6605-wlan-regulate-domain-default]country-code CN
[AC6605-wlan-regulate-domain-default]quit

[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]regulatory-domain-profile default
[AC6605-wlan-ap-group-ap-group1]quit
[AC6605-wlan-view]quit

[AC6605]capwap source int Vlanif 111

[AC6605]wlan
[AC6605-wlan-view]ap auth-mode no-auth 
[AC6605-wlan-view]display ap all 

[AC6605-wlan-view]ap-id 0
[AC6605-wlan-ap-0]ap-name AP1
[AC6605-wlan-ap-0]ap-group ap-group1
[AC6605-wlan-ap-0]quit

[AC6605-wlan-view]ap-id 1
[AC6605-wlan-ap-1]ap-name AP2
[AC6605-wlan-ap-1]ap-group ap-group1
[AC6605-wlan-ap-1]quit

[AC6605-wlan-view]ap auth-mode mac-auth 
[AC6605-wlan-view]quit
[AC6605]display ap all

 加密

[AC6605]wlan
[AC6605-wlan-view]security-profile name wlan-net
[AC6605-wlan-sec-prof-wlan-net]security wpa-wpa2 psk pass-phrase a12345678 aes
[AC6605-wlan-sec-prof-wlan-net]quit

[AC6605-wlan-view]ssid-profile name wlan-net
[AC6605-wlan-ssid-prof-wlan-net]ssid yeslab
[AC6605-wlan-ssid-prof-wlan-net]quit

[AC6605-wlan-view]vap-profile name wlan-net
[AC6605-wlan-vap-prof-wlan-net]forward-mode direct-forward 
[AC6605-wlan-vap-prof-wlan-net]service-vlan vlan-pool yeslab
[AC6605-wlan-vap-prof-wlan-net]quit
[AC6605-wlan-view]quit

[AC6605]vlan pool yeslab
[AC6605-vlan-pool-yeslab]vlan 10 20 30 40
[AC6605-vlan-pool-yeslab]quit

[AC6605]wlan
[AC6605-wlan-view]vap-profile name wlan-net
[AC6605-wlan-vap-prof-wlan-net]service-vlan vlan-pool yeslab
[AC6605-wlan-vap-prof-wlan-net]security-profile wlan-net
[AC6605-wlan-vap-prof-wlan-net]quit
[AC6605-wlan-view]quit

[AC6605]wlan 
[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]vap-profile wlan-net wlan 1 radio 0
[AC6605-wlan-ap-group-ap-group1]vap-profile wlan-net wlan 1 radio 1
[AC6605-wlan-ap-group-ap-group1]quit
[AC6605-wlan-view]quit

配置防火墙

 ISP

<Huawei>system-view
[Huawei]undo info-center enable 

[Huawei]int LoopBack 0
[Huawei-LoopBack0]ip address 114.114.114.114 32
[Huawei-LoopBack0]quit

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 202.1.10.2 24
[Huawei-GigabitEthernet0/0/0]quit

FireWall

配置IP
<USG6000V1>system-view 
[USG6000V1]undo info-center enable 

[USG6000V1]int g0/0/0
[USG6000V1-GigabitEthernet0/0/0]ip address 202.1.10.1 24
[USG6000V1-GigabitEthernet0/0/0]quit

[USG6000V1]int g1/0/0
[USG6000V1-GigabitEthernet1/0/0]ip address 10.1.15.2 24
[USG6000V1-GigabitEthernet1/0/0]service-manage ping permit 
[USG6000V1-GigabitEthernet1/0/0]quit


划分zone
[USG6000V1]firewall zone trust
[USG6000V1-zone-trust]add int g1/0/0
[USG6000V1-zone-trust]undo add int g0/0/0
[USG6000V1-zone-trust]quit

[USG6000V1]firewall zone untrust 
[USG6000V1-zone-untrust]add int g0/0/0
[USG6000V1-zone-untrust]quit


配置OSPF
[USG6000V1]ospf 1 router-id 6.6.6.6
[USG6000V1-ospf-1]area 0
[USG6000V1-ospf-1-area-0.0.0.0]network 10.1.15.2 0.0.0.0
[USG6000V1-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[USG6000V1-ospf-1-area-0.0.0.0]quit
[USG6000V1-ospf-1]quit

[USG6000V1]display ospf peer brief     status处于ExStart,单播报文发不出去,需要放行流量
[USG6000V1]security-policy 
[USG6000V1-policy-security]rule name permit_local_trust_ospf
[USG6000V1-policy-security-rule-permit_local_trust_ospf]source-zone local 
[USG6000V1-policy-security-rule-permit_local_trust_ospf]destination-zone trust 
[USG6000V1-policy-security-rule-permit_local_trust_ospf]action permit 
[USG6000V1-policy-security-rule-permit_local_trust_ospf]quit
[USG6000V1-policy-security]quit
[USG6000V1]display ospf peer brief      status处于Full


安全策略放行
[USG6000V1]ip route-static 0.0.0.0 0.0.0.0 202.1.10.2
[USG6000V1]ospf 1
[USG6000V1-ospf-1]default-route-advertise always 
[USG6000V1-ospf-1]quit

[USG6000V1]security-policy 
[USG6000V1-policy-security]rule name permit_trust_untrust
[USG6000V1-policy-security-rule-permit_trust_untrust]source-zone trust 
[USG6000V1-policy-security-rule-permit_trust_untrust]destination-zone untrust 
[USG6000V1-policy-security-rule-permit_trust_untrust]action permit 


配置nat
[USG6000V1]nat-policy 
[USG6000V1-policy-nat]rule name EASYIP
[USG6000V1-policy-nat-rule-EASYIP]source-zone trust 
[USG6000V1-policy-nat-rule-EASYIP]destination-zone untrust 
[USG6000V1-policy-nat-rule-EASYIP]action source-nat easy-ip

以上配置完成后,内外网还是不能互通,问题有待解决。。。

        

实验总结

完成效果

改进之处

1.防火墙配置存在问题,只能防火墙内部互联互通,外部与内部不能进行通信。


        

2.边界路由器还未配置BGP

针对以上问题,后续有空会做进一步改进。。。

        

参考来源

中大型企业网实战课程_哔哩哔哩_bilibili

基于ensp的园区网络搭建综合实验

基于eNSP的千人中型校园/企业网络设计与规划

无泡汽水
关注
  • 8
    点赞
  • 33
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
ensp期末综合实验_期末考试渡劫建议(理)
weixin_32767301的博客
01-13 1833
§1 期末考试概述1. 形式与内容高三年级期末考试是由海淀区统一命题的大型考试,考试形式与期中考试相同。本次考试后会公布区排名及北清线。各科考试范围如下为:语文,数学,英语,化学,生物与高考相同,物理为除了热光原子以外的高考内容。2. 考试作用及意义本次期末考试是检验同学们一轮复习效果的考试,同时因为期末考试考查内容更加全面,本次考试后的校排名及区排名会更有参考价值。对于很多科目本次期末...
园区综合实训.docx
12-17
小型的局域搭建过程,综合实验
防火墙期末设计大作业(ensp)
08-09
企业可通过IPsec VPN在公上为三个甚至三个异地私有网络提供安全通信通道,通过加密通道保证连接的安全性,此时内部的服务器仅对认可的用户开放服务,大大的提高了网络的扩展性、便捷性与安全性。 北京总部部署web服务器向外界提供web服务,使得外用户也能访问内中的服务器资源。 使用点到点的IPSec VPN,实现总部和各分部,分部和分部安全数据传输。
XX学校园区网络设计方案
01-07
XX学校园区网络设计方案
华为eNSP搭建综合实验+实验报告
07-26
综合实验,技术包括MGRE、OSPF、RIP、BGP等内容,全可达
华为ensp搭建小型园区网络规划
l765692971的博客
11-12 4504
以太链路聚合(Eth-Trunk)生成树(stp)虚拟局域(VLAN)网络地址转换(NAT)域名系统(DNS)安全相关配置(IPSG-DHCP Snooping-ACL)
基于ensp园区网络搭建综合实验
HinsCoder的博客
10-09 7579
运用到的技术有:1、虚拟局域(VLAN)2、开放式最短路径优先(OSPF)3、访问控制列表(ACL)4、网络地址转换协议(NAT)5、链路聚合(E-trunk)6、生成树协议(STP)7、多业务传送平台协议(MSTP)8、虚拟路由冗余协议(VRRP)
基于华为eNSP的中小企业办公园区网络规划与设计
热门推荐
小宇y的博客
12-31 4万+
企业拟建设一个信息化的企业园区网络信息系统,运用现代计算机网络技术实现一个高可靠性、高效率性、高安全性的网络结构,要求网络技术先进且成熟,另外为了适应企业信息化的发展,同时也要满足未来日益增长的业务要求,这对于提高企业园区的工作、管理效率和执行效率是必要的,并且可以通过网络降低企业的日常管理成本和交易成本,借此还可以获得更多的利润和长期收益。该网络信息系统搭建后,企业内部可实现资源的高度共享,可为企业的生产、办公、管理提供服务,其基本要求是办公自动化,能够提高园区内的工作效率和管理水平,能高效、及时、可靠
eNSP中小型园区网络拓扑搭建(下)
qq_38292936的博客
05-11 1237
出口配置动态nat,访客部、市场部、行政部可访问internet。
华为eNSP综合实验学习记录
zhyue77yuyi的博客
05-07 2385
【代码】华为eNSP综合实验学习记录。
基于华为eNSP的中小企业办公园区/校园网络规划与设计
10-18
本文通过在华为eNSP部署路由器、交换机以及防火墙等网络设备以及运用多种计算机网络协议和技术。在设计原则以及设计需求的前提下,对企业办公园区进行网络规划设计,其中分为两大部分,一部分是进行网络拓扑结构搭建,其中包括对设备及端口进行了相应的配置;另一部分是对整体、部分的网络功能进行相关的网络仿真测试和分析。在网络拓扑结构搭建中,将计算机网络技术的基本概念和特点、应用和网络结构的拓扑图相有机地结合起来,其中包括了由模块化到整体化的网络设计理念。网络测试即在完整性地使整个网络结构的运行的前提下,对整个拓扑结构中存在的潜在问题进行项目分析和进行详细的相关测试操作。该企业包括六个部门:行政、财务、产品开发、营销、生产和人事。通过建设一个高速、高安全性、高可靠性、可扩展的网络结构,使整个办公园区网络系统通过一张连接在一起,实现企业内部信息的共享,以及在工作协助中更高效、迅速地传递至相关部门,同时也便于管理层管理,能对当前企业的生产、销售额、财务、人事调动各方面情况及时地了解,并对潜在的问题及时发现处理。且企业采用防火墙技术来提高网络安全性,监控网络信息存取和传递以符合相关的安全策略。
eNSP-campus-network-用eNSP建立园区
02-02
ensp 园区网络就是我们在工作与生活的园区内使用的网络园区网络一直处在网络的战略核心位置。园区包括工厂、政府机关、商场、写字楼、校园、公园等,可以说,在一个城市中,除了马路和家庭住所之外,都是园区。本实验以园区网络数字化转型为切入点,以架构一个大中型企业园区网络为主轴,通过学习关键技术,逐步动手进行架构与实践。实践平台采用华为的eNSP,实践的关键技术包含交换技术和路由技术,具体包括:交换机基础配置;虚拟局域VLAN;静态路由;动态路由协议OSPF;访问控制列表ACL;网络地址转换NAT。
中小型园区网络设计方案
06-29
详细网络方案设计 详细配置设计 综合布线设计 费用分析和工程预算
使用eNSP搭建小型园区
06-20
一、项目:使用eNSP搭建小型园区 使用交换机、路由交换机(三层交换机)、路由器构建园区,并通过部署DHCP服务器为用户主机自动分配IP地址。 二、知识储备: 1.交换机及其工作原理。 2.VLAN的基本概念、划分方法...
基于eNSP中小型企业搭建
最新发布
07-06
2.内使用私IP,为每个部门分配一个24位掩码长度的私段,实现上。 3.部门主机采用DHCP自动获取地址,减少管理员手动分配的任务量,方便管理与维护。 4.运行OSPF协议,提高收敛速度。而且OSPF可以适应拓扑变化...
基于eNSP的简单企业网络规划与设计
05-24
目 录 摘要 1 1 需求分析 2 1.1 项目背景 2 1.2 项目需求 2 1.3 设计目标 2 2 拓扑结构设计 3 2.1 整体概况 3 2.2 接入层 4 2.3 汇聚层 4 2.4 核心层 5 3 IP地址及端口规划设计 5 3.1 网络设备选型 5 ...参考文献 24
ensp典型三层架构校园网络搭建(文档+拓扑)
04-15
网络是一个典型的校园网络架构,采用华为ensp模拟器搭建。该压缩包中包含网络工程拓扑文件和项目报告文档,报告文档包含设计思路、网络规划、配置步骤及代码、网络功能测试等。该项目中涉及的技术包括,VLAN、链路...
基于Ensp企业的无线组建与实验的仿真设计
WANGMH13的博客
08-02 7973
基于Ensp企业的无线组建与实验的仿真设计
基于ensp的bgp大型综合实验
09-29
基于eNSP的BGP大型综合实验主要涉及以下几个方面: 1. BGP的基本配置:实验通过eNSP模拟器进行,包括配置iBGP和eBGP的对等关系、AS号、路由器ID等。 2. BGP路由的选路分析:通过对BGP路由表进行分析,探究BGP路由的选择过程以及路由选择算法。 3. BGP报文类型的抓包分析:实验中通过抓包工具观察并分析BGP报文类型,包括Open、Update、Keepalive和Notification报文。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值