华为eNSP中型企业局域网网络规划设计（下）

→b站传送门，感谢大佬←

→华为eNSP中型企业局域网网络规划设计（上）←

→拓扑图传送门，可以自己配置着玩←
在这里插入图片描述

配置ospf

AR3

[AR3]ospf 1 router-id 3.3.3.3
//出口默认路由
[AR3-ospf-1]default-route-advertise always
#area 0.0.0.0 network 100.1.11.3 0.0.0.0 network 100.1.33.3 0.0.0.0 network 192.168.13.3 0.0.0.0 network 192.168.23.3 0.0.0.0 
#

AR1

[AR1]ospf 1 router-id 1.1.1.1
#area 0.0.0.0 network 192.168.12.1 0.0.0.0 network 192.168.13.1 0.0.0.0 network 192.168.77.1 0.0.0.0 network 192.168.87.1 0.0.0.0 network 192.168.91.1 0.0.0.0 
#

AR2

[AR2]ospf 1 router-id 2.2.2.2
#area 0.0.0.0 network 192.168.12.2 0.0.0.0 network 192.168.23.2 0.0.0.0 network 192.168.78.2 0.0.0.0 network 192.168.88.2 0.0.0.0 network 192.168.92.2 0.0.0.0 
#

SW9

[SW9]ospf 1 router-id 9.9.9.9
#area 0.0.0.0network 192.168.91.254 0.0.0.0network 192.168.92.254 0.0.0.0
#area 0.0.0.200network 192.168.200.254 0.0.0.0
#area 0.0.0.201network 192.168.201.254 0.0.0.0
#

SW7

[SW7]ospf 1 router-id 7.7.7.7
#area 0.0.0.0network 192.168.10.7 0.0.0.0network 192.168.20.7 0.0.0.0network 192.168.30.7 0.0.0.0network 192.168.40.7 0.0.0.0network 192.168.50.7 0.0.0.0network 192.168.60.7 0.0.0.0network 192.168.77.7 0.0.0.0network 192.168.78.7 0.0.0.0
#

SW8

[SW8]ospf 1 router-id 8.8.8.8
#area 0.0.0.0network 192.168.10.8 0.0.0.0network 192.168.20.8 0.0.0.0network 192.168.30.8 0.0.0.0network 192.168.40.8 0.0.0.0network 192.168.50.8 0.0.0.0network 192.168.60.8 0.0.0.0network 192.168.87.8 0.0.0.0network 192.168.88.8 0.0.0.0
#

配置出口动态nat

AR3

//配置静态出口路由
[AR3]ip route-static 0.0.0.0 0 100.1.11.5 preference 70
[AR3]ip route-static 0.0.0.0 0 100.1.33.5//访问出口的流量
#
acl number 3000  rule 5 permit ip source 192.168.10.0 0.0.0.255 rule 10 permit ip source 192.168.20.0 0.0.0.255 rule 15 permit ip source 192.168.30.0 0.0.0.255 rule 20 permit ip source 192.168.40.0 0.0.0.255 rule 25 permit ip source 192.168.50.0 0.0.0.255 rule 30 permit ip source 192.168.60.0 0.0.0.255 
#
//配置动态nat
#
interface GigabitEthernet4/0/0ip address 100.1.33.3 255.255.255.0 nat outbound 3000
#
interface GigabitEthernet0/0/2ip address 100.1.11.3 255.255.255.0 nat outbound 3000
#

配置acl使各部门无法互访

SW1

#
acl number 3000rule 5 deny ip source 192.168.20.0 0.0.0.255rule 10 deny ip source 192.168.30.0 0.0.0.255rule 15 deny ip source 192.168.40.0 0.0.0.255rule 20 deny ip source 192.168.50.0 0.0.0.255rule 25 deny ip source 192.168.60.0 0.0.0.255
#[SW1-GigabitEthernet0/0/1]traffic-filter outbound acl 3000
//或者deny ip destination xxx，接口上inbound acl

SW2

#
acl number 3000rule 5 deny ip source 192.168.10.0 0.0.0.255rule 10 deny ip source 192.168.30.0 0.0.0.255rule 15 deny ip source 192.168.40.0 0.0.0.255rule 20 deny ip source 192.168.50.0 0.0.0.255rule 25 deny ip source 192.168.60.0 0.0.0.255
#[SW2-GigabitEthernet0/0/1]traffic-filter outbound acl 3000

SW3

#
acl number 3000rule 5 deny ip source 192.168.10.0 0.0.0.255rule 10 deny ip source 192.168.20.0 0.0.0.255rule 15 deny ip source 192.168.40.0 0.0.0.255rule 20 deny ip source 192.168.50.0 0.0.0.255rule 25 deny ip source 192.168.60.0 0.0.0.255
#[SW3-GigabitEthernet0/0/1]traffic-filter outbound acl 3000

SW4

#
acl number 3000rule 5 deny ip source 192.168.10.0 0.0.0.255rule 10 deny ip source 192.168.20.0 0.0.0.255rule 15 deny ip source 192.168.30.0 0.0.0.255rule 20 deny ip source 192.168.50.0 0.0.0.255rule 25 deny ip source 192.168.60.0 0.0.0.255
#[SW4-GigabitEthernet0/0/1]traffic-filter outbound acl 3000

SW5

#
acl number 3000rule 5 deny ip source 192.168.10.0 0.0.0.255rule 10 deny ip source 192.168.20.0 0.0.0.255rule 15 deny ip source 192.168.30.0 0.0.0.255rule 20 deny ip source 192.168.40.0 0.0.0.255rule 25 deny ip source 192.168.60.0 0.0.0.255
#[SW5-GigabitEthernet0/0/1]traffic-filter outbound acl 3000

SW6

#
acl number 3000rule 5 deny ip source 192.168.10.0 0.0.0.255rule 10 deny ip source 192.168.20.0 0.0.0.255rule 15 deny ip source 192.168.30.0 0.0.0.255rule 20 deny ip source 192.168.40.0 0.0.0.255rule 25 deny ip source 192.168.50.0 0.0.0.255
#[SW6-GigabitEthernet0/0/1]traffic-filter outbound acl 3000

优化网络架构

SW7、SW8增加cost 使ospf不绕路

SW7

[SW7]int vlan40
[SW7-Vlanif40]ospf cost 10
[SW7-Vlanif40]int vlan 50
[SW7-Vlanif50]ospf cost 10
[SW7-Vlanif50]int vlan 60
[SW7-Vlanif60]ospf cost 10

SW8

//增加cost 使ospf不绕路
[SW8]int vlan10
[SW8-Vlanif10]ospf cost 10
[SW8-Vlanif10]int vlan 20
[SW8-Vlanif20]ospf cost 10
[SW8-Vlanif20]int vlan 30
[SW8-Vlanif30]ospf cost 10

SW7、SW8配置根保护

SW7、SW8

[SW7]port-group trunk
[SW7-port-group-trunk]stp root-protection

SW1~6开启边缘端口保护

SW1~6
```
[SW1]stp bpdu-protection
```

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.mzph.cn/diannao/8298.shtml

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈email:809451989@qq.com，一经查实，立即删除！

华为eNSP中型企业局域网网络规划设计（下）

配置ospf

配置出口动态nat

配置acl使各部门无法互访

优化网络架构

相关文章

R语言数据探索与分析-中国GDP回归分析与预测

OpenAI 高管：一年后，你会觉得现在的 ChatGPT 像笑话一样糟糕｜TodayAI

三年软件测试经验遭遇求职困境？揭秘求职市场的隐藏陷阱

Zabbix+Grafana-常见报错及异常处理方式记录

社交媒体数据恢复：多闪

【每日刷题】Day34

Rust开发工具有哪些？

Unity如何使用adb工具安装APK

黄金投资怎么判断走势好坏？

分布式事务Seata使用

基于大模型（LLM）相互协商的情感分析

Vue.js【路由】

【how2j JQuery部分】课后题答案及相关笔记

力扣每日一题108：将有序数组转换为二叉搜索树

VS编辑器下使用MFC完成学生成绩统计分析系统

解锁AI的神秘力量：LangChain4j带你步入智能化实践之门

tr,cut,sort,uniq,seq命令的使用

Xshell7、XFtp无法安装报错问题

H5视频付费点播打赏影视系统程序全开源运营版

【竞技宝】欧冠：多特淘汰大巴黎进决赛，姆巴佩迷失