核心技术介绍
1、虚拟局域网(VLAN)
2、链路聚合(E-trunk)
3、多生成树协议(MSTP)
4、VLANIF三层逻辑接口
5、虚拟路由冗余协议(VRRP)
6、开放式最短路径优先(OSPF)
7、动态主机配置协议(DHCP)
8、无线局域网集中式管理(AC+AP)
9、防火墙安全策略(Firewall Security Policy)
10、网络地址转换协议(NAT)
网络拓扑规划
全局图
核心层
汇聚层
接入层
网络设备配置
规划VLAN
Switch3
<Huawei>system-view [Huawei]undo info-center enable [Huawei]vlan batch 10 20 30 40[Huawei]int e0/0/1 [Huawei-Ethernet0/0/1]port link-type access [Huawei-Ethernet0/0/1]port default vlan 10 [Huawei-Ethernet0/0/1]stp edged-port enable [Huawei-Ethernet0/0/1]quit[Huawei]int e0/0/3 [Huawei-Ethernet0/0/3]port link-type access [Huawei-Ethernet0/0/3]port default vlan 20 [Huawei-Ethernet0/0/3]stp edged-port enable [Huawei-Ethernet0/0/3]quit[Huawei]port-group group-member e0/0/4 to e0/0/5 [Huawei-port-group]port link-type trunk [Huawei-port-group]port trunk allow-pass vlan all [Huawei-port-group]quitSwitch4
<Huawei>system-view [Huawei]undo info-center enable [Huawei]vlan batch 10 20 30 40[Huawei]int e0/0/1 [Huawei-Ethernet0/0/1]port link-type access [Huawei-Ethernet0/0/1]port default vlan 30 [Huawei-Ethernet0/0/1]stp edged-port enable [Huawei-Ethernet0/0/1]quit[Huawei]int e0/0/3 [Huawei-Ethernet0/0/3]port link-type access [Huawei-Ethernet0/0/3]port default vlan 40 [Huawei-Ethernet0/0/3]stp edged-port enable [Huawei-Ethernet0/0/3]quit[Huawei]port-group group-member e0/0/4 to e0/0/5 [Huawei-port-group]port link-type trunk [Huawei-port-group]port trunk allow-pass vlan all [Huawei-port-group]quitSwitch1
<Huawei>system-view [Huawei]undo info-center enable [Huawei]vlan batch 10 20 30 40[Huawei]int g0/0/1 [Huawei-GigabitEthernet0/0/1]port link-type trunk [Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all [Huawei-GigabitEthernet0/0/1]quit[Huawei]int g0/0/2 [Huawei-GigabitEthernet0/0/2]port link-type trunk [Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all [Huawei-GigabitEthernet0/0/2]quitSwitch2
<Huawei>system-view [Huawei]vlan batch 10 20 30 40 [Huawei]undo info-center enable [Huawei]int g0/0/2 [Huawei-GigabitEthernet0/0/2]port link-type trunk [Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all [Huawei-GigabitEthernet0/0/2]quit[Huawei]int g0/0/3 [Huawei-GigabitEthernet0/0/3]port link-type trunk [Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan all [Huawei-GigabitEthernet0/0/3]quit
链路聚合
Switch1
[Huawei]int Eth-Trunk 12 [Huawei-Eth-Trunk12]mode lacp-static [Huawei-Eth-Trunk12]trunkport g0/0/3 [Huawei-Eth-Trunk12]trunkport g0/0/4 [Huawei-Eth-Trunk12]port link-type trunk [Huawei-Eth-Trunk12]port trunk allow-pass vlan all [Huawei-Eth-Trunk12]display this [Huawei-Eth-Trunk12]quitSwitch2
[Huawei]int Eth-Trunk 12 [Huawei-Eth-Trunk12]mode lacp-static [Huawei-Eth-Trunk12]trunkport g0/0/1 [Huawei-Eth-Trunk12]trunkport g0/0/5 [Huawei-Eth-Trunk12]port link-type trunk [Huawei-Eth-Trunk12]port trunk allow-pass vlan all [Huawei-Eth-Trunk12]display this [Huawei-Eth-Trunk12]quit
部署MSTP
Switch1
[Huawei]stp mode mstp[Huawei]stp region-configuration [Huawei-mst-region]region-name yeslab [Huawei-mst-region]revision-level 1 [Huawei-mst-region]instance 1 vlan 10 20 [Huawei-mst-region]instance 2 vlan 30 40 [Huawei-mst-region]active region-configuration [Huawei-mst-region]quit[Huawei]stp instance 1 root primary [Huawei]stp instance 2 root secondary [Huawei]display stp region-configurationSwitch2
[Huawei]stp mode mstp [Huawei]stp region-configuration [Huawei-mst-region]region-name yeslab [Huawei-mst-region] revision-level 1 [Huawei-mst-region] instance 1 vlan 10 20 [Huawei-mst-region] instance 2 vlan 30 40 [Huawei-mst-region] active region-configuration [Huawei-mst-region]quit[Huawei]stp instance 1 root secondary [Huawei]stp instance 2 root primary [Huawei]display stp region-configurationSwitch3
[Huawei]stp mode mstp[Huawei]stp region-configuration [Huawei-mst-region]region-name yeslab [Huawei-mst-region]revision-level 1 [Huawei-mst-region]instance 1 vlan 10 20 [Huawei-mst-region]instance 2 vlan 30 40 [Huawei-mst-region]active region-configuration [Huawei-mst-region]quit[Huawei]display stp instance 1 brief [Huawei]display stp instance 2 brief [Huawei]display stp region-configurationSwitch4
[Huawei]stp mode mstp [Huawei]stp region-configuration [Huawei-mst-region]region-name yeslab [Huawei-mst-region]revision-level 1 [Huawei-mst-region]instance 1 vlan 10 20 [Huawei-mst-region]instance 2 vlan 30 40 [Huawei-mst-region]active region-configuration [Huawei-mst-region]quit[Huawei]display stp instance 1 brief [Huawei]display stp instance 2 brief [Huawei]display stp region-configuration
配置VLANIF
Switch1
[Huawei]int vlanif 10 [Huawei-Vlanif10]ip address 192.168.10.251 24 [Huawei-Vlanif10]quit[Huawei]int vlanif 20 [Huawei-Vlanif20]ip address 192.168.20.251 24 [Huawei-Vlanif20]quit[Huawei]int vlanif 30 [Huawei-Vlanif30]ip address 192.168.30.251 24 [Huawei-Vlanif30]quit[Huawei]int vlanif 40 [Huawei-Vlanif40]ip address 192.168.40.251 24 [Huawei-Vlanif40]quitSwitch2
[Huawei]int vlanif 10 [Huawei-Vlanif10]ip address 192.168.10.252 24 [Huawei-Vlanif10]quit[Huawei]int vlanif 20 [Huawei-Vlanif20]ip address 192.168.20.252 24 [Huawei-Vlanif20]quit[Huawei]int vlanif 30 [Huawei-Vlanif30]ip address 192.168.30.252 24 [Huawei-Vlanif30]quit[Huawei]int vlanif 40 [Huawei-Vlanif40]ip address 192.168.40.252 24 [Huawei-Vlanif40]quit
配置VRRP
Switch1
[Huawei]int vlanif 10 [Huawei-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254 [Huawei-Vlanif10]vrrp vrid 10 priority 120 [Huawei-Vlanif10]quit[Huawei]int vlanif 20 [Huawei-Vlanif10]vrrp vrid 20 virtual-ip 192.168.20.254 [Huawei-Vlanif10]vrrp vrid 20 priority 120 [Huawei-Vlanif10]quit[Huawei]int vlanif 30 [Huawei-Vlanif10]vrrp vrid 30 virtual-ip 192.168.30.254 [Huawei-Vlanif10]vrrp vrid 30 priority 110 [Huawei-Vlanif10]quit[Huawei]int vlanif 40 [Huawei-Vlanif10]vrrp vrid 40 virtual-ip 192.168.40.254 [Huawei-Vlanif10]vrrp vrid 40 priority 110 [Huawei-Vlanif10]quit[Huawei]display vrrp briefSwitch2
[Huawei]int vlanif 10 [Huawei-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254 [Huawei-Vlanif10]vrrp vrid 10 priority 110 [Huawei-Vlanif10]quit[Huawei]int vlanif 20 [Huawei-Vlanif10]vrrp vrid 20 virtual-ip 192.168.20.254 [Huawei-Vlanif10]vrrp vrid 20 priority 110 [Huawei-Vlanif10]quit[Huawei]int vlanif 30 [Huawei-Vlanif10]vrrp vrid 30 virtual-ip 192.168.30.254 [Huawei-Vlanif10]vrrp vrid 30 priority 120 [Huawei-Vlanif10]quit[Huawei]int vlanif 40 [Huawei-Vlanif10]vrrp vrid 40 virtual-ip 192.168.40.254 [Huawei-Vlanif10]vrrp vrid 40 priority 120 [Huawei-Vlanif10]quit[Huawei]display vrrp brief
配置接口IP
Router1
<Huawei>system-view [Huawei]undo info-center enable[Huawei]int LoopBack 0 [Huawei-LoopBack0]ip address 10.1.1.1 32 [Huawei-LoopBack0]quit[Huawei]int g0/0/0 [Huawei-GigabitEthernet0/0/0]ip address 10.1.101.1 24 [Huawei-GigabitEthernet0/0/0]quit[Huawei]int g0/0/1 [Huawei-GigabitEthernet0/0/1]ip address 10.1.102.1 24 [Huawei-GigabitEthernet0/0/1]quit[Huawei]int g0/0/2 [Huawei-GigabitEthernet0/0/2]ip address 10.1.12.1 24 [Huawei-GigabitEthernet0/0/2]quit[Huawei]int g2/0/0 [Huawei-GigabitEthernet2/0/0]ip address 10.1.15.1 24 [Huawei-GigabitEthernet2/0/0]quit[Huawei]int g2/0/1 [Huawei-GigabitEthernet2/0/1]ip address 10.1.11.1 24 [Huawei-GigabitEthernet2/0/1]quit[Huawei]int pos4/0/0 [Huawei-Pos4/0/0]ip address 10.1.13.1 24 [Huawei-Pos4/0/0]quitRouter2
<Huawei>system-view [Huawei]undo info-center enable [Huawei]int LoopBack 0 [Huawei-LoopBack0]ip address 10.1.2.2 32 [Huawei-LoopBack0]quit[Huawei]int g0/0/0 [Huawei-GigabitEthernet0/0/0]ip address 10.1.12.2 24 [Huawei-GigabitEthernet0/0/0]quit[Huawei]int g0/0/1 [Huawei-GigabitEthernet0/0/1]ip address 10.1.103.1 24 [Huawei-GigabitEthernet0/0/1]quit[Huawei]int g0/0/2 [Huawei-GigabitEthernet0/0/2]ip address 10.1.104.1 24 [Huawei-GigabitEthernet0/0/2]quit[Huawei]int pos2/0/0 [Huawei-Pos2/0/0]ip address 10.1.14.1 24 [Huawei-Pos2/0/0]quitRouter3
<Huawei>system-view [Huawei]undo info-center enable [Huawei]int LoopBack 0 [Huawei-LoopBack0]ip address 200.200.200.200 32 [Huawei-LoopBack0]quit[Huawei]int pos4/0/0 [Huawei-Pos4/0/0]ip address 10.1.14.2 24 [Huawei-Pos4/0/0]quit[Huawei]int pos6/0/0 [Huawei-Pos6/0/0]ip address 10.1.13.2 24 [Huawei-Pos6/0/0]quitSwitch1
[Huawei]vlan batch 101 103[Huawei]int vlanif 101 [Huawei-Vlanif101]ip address 10.1.101.2 24 [Huawei-Vlanif101]quit[Huawei]int vlanif 103 [Huawei-Vlanif103]ip address 10.1.103.2 24 [Huawei-Vlanif103]quit[Huawei]int g0/0/5 [Huawei-GigabitEthernet0/0/5]port link-type access [Huawei-GigabitEthernet0/0/5]port default vlan 101 [Huawei-GigabitEthernet0/0/5]quit[Huawei]int g0/0/6 [Huawei-GigabitEthernet0/0/6]port link-type access [Huawei-GigabitEthernet0/0/6]port default vlan 103 [Huawei-GigabitEthernet0/0/6]quitSwitch2
[Huawei]vlan batch 102 104[Huawei]int vlanif 102 [Huawei-Vlanif102]ip address 10.1.102.2 24 [Huawei-Vlanif102]quit[Huawei]int vlanif 104 [Huawei-Vlanif104]ip address 10.1.104.2 24 [Huawei-Vlanif104]quit[Huawei]int g0/0/6 [Huawei-GigabitEthernet0/0/6]port link-type access [Huawei-GigabitEthernet0/0/6]port default vlan 102 [Huawei-GigabitEthernet0/0/6]quit[Huawei]int g0/0/7 [Huawei-GigabitEthernet0/0/7]port link-type access [Huawei-GigabitEthernet0/0/7]port default vlan 104 [Huawei-GigabitEthernet0/0/7]quit
配置OSPF
Router1
[Huawei]ospf 1 router-id 1.1.1.1 [Huawei-ospf-1]area 0[Huawei-ospf-1-area-0.0.0.0]network 10.1.11.1 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 10.1.101.1 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 10.1.102.1 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 10.1.12.1 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 10.1.15.1 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 10.1.1.1 0.0.0.0[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123 [Huawei-ospf-1-area-0.0.0.0]dis ospf peer briefRouter2
[Huawei]ospf 1 router-id 2.2.2.2 [Huawei-ospf-1]area 0[Huawei-ospf-1-area-0.0.0.0]network 10.1.12.2 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 10.1.103.1 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 10.1.104.1 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 10.1.14.1 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 10.1.2.2 0.0.0.0[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123 [Huawei-ospf-1-area-0.0.0.0]dis ospf peer briefSwitch1
[Huawei]ospf 1 router-id 3.3.3.3 [Huawei-ospf-1]area 0[Huawei-ospf-1-area-0.0.0.0]network 192.168.10.251 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 192.168.20.251 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 192.168.30.251 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 192.168.40.251 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 10.1.101.2 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 10.1.103.2 0.0.0.0[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123 [Huawei-ospf-1-area-0.0.0.0]dis ospf peer briefSwitch2
[Huawei]ospf 1 router-id 4.4.4.4 [Huawei-ospf-1]area 0[Huawei-ospf-1-area-0.0.0.0]network 192.168.10.252 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 192.168.20.252 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 192.168.30.252 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 192.168.40.252 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 10.1.102.2 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 10.1.104.2 0.0.0.0[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123 [Huawei-ospf-1-area-0.0.0.0]dis ospf peer brief
配置DHCP
DHCP服务器
<Huawei>system-view [Huawei]undo info-center enable [Huawei]int g0/0/0 [Huawei-GigabitEthernet0/0/0]ip address 10.1.11.2 24 [Huawei-GigabitEthernet0/0/0]quit[Huawei]dhcp enable [Huawei]ip pool VLAN10 [Huawei-ip-pool-VLAN10]network 192.168.10.0 mask 255.255.255.0 [Huawei-ip-pool-VLAN10]gateway-list 192.168.10.254 [Huawei-ip-pool-VLAN10]dns-list 114.114.114.114 [Huawei-ip-pool-VLAN10]domain-name yeslab.net [Huawei-ip-pool-VLAN10]quit[Huawei]ip pool VLAN20 [Huawei-ip-pool-VLAN20]network 192.168.20.0 mask 255.255.255.0 [Huawei-ip-pool-VLAN20]gateway-list 192.168.20.254 [Huawei-ip-pool-VLAN20]dns-list 114.114.114.114 [Huawei-ip-pool-VLAN20]domain-name yeslab.net [Huawei-ip-pool-VLAN20]quit[Huawei]ip pool VLAN30 [Huawei-ip-pool-VLAN30]network 192.168.30.0 mask 255.255.255.0 [Huawei-ip-pool-VLAN30]gateway-list 192.168.30.254 [Huawei-ip-pool-VLAN30]dns-list 114.114.114.114 [Huawei-ip-pool-VLAN30]domain-name yeslab.net [Huawei-ip-pool-VLAN30]quit[Huawei]ip pool VLAN40 [Huawei-ip-pool-VLAN40]network 192.168.40.0 mask 255.255.255.0 [Huawei-ip-pool-VLAN40]gateway-list 192.168.40.254 [Huawei-ip-pool-VLAN40]dns-list 114.114.114.114 [Huawei-ip-pool-VLAN40]domain-name yeslab.net [Huawei-ip-pool-VLAN40]quit[Huawei]int g0/0/0 [Huawei-GigabitEthernet0/0/0]dhcp select global [Huawei-GigabitEthernet0/0/0]quit[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.1.11.1Switch1
[Huawei]dhcp enable [Huawei]int vlanif 10 [Huawei-Vlanif10]dhcp select relay [Huawei-Vlanif10]dhcp relay server-ip 10.1.11.2 [Huawei-Vlanif10]quit[Huawei]int vlanif 20 [Huawei-Vlanif20]dhcp select relay [Huawei-Vlanif20]dhcp relay server-ip 10.1.11.2 [Huawei-Vlanif20]quit[Huawei]int vlanif 30 [Huawei-Vlanif30]dhcp select relay [Huawei-Vlanif30]dhcp relay server-ip 10.1.11.2 [Huawei-Vlanif30]quit[Huawei]int vlanif 40 [Huawei-Vlanif40]dhcp select relay [Huawei-Vlanif40]dhcp relay server-ip 10.1.11.2 [Huawei-Vlanif40]quitSwitch2
[Huawei]dhcp enable [Huawei]int vlanif 10 [Huawei-Vlanif10]dhcp select relay [Huawei-Vlanif10]dhcp relay server-ip 10.1.11.2 [Huawei-Vlanif10]quit[Huawei]int vlanif 20 [Huawei-Vlanif20]dhcp select relay [Huawei-Vlanif20]dhcp relay server-ip 10.1.11.2 [Huawei-Vlanif20]quit[Huawei]int vlanif 30 [Huawei-Vlanif30]dhcp select relay [Huawei-Vlanif30]dhcp relay server-ip 10.1.11.2 [Huawei-Vlanif30]quit[Huawei]int vlanif 40 [Huawei-Vlanif40]dhcp select relay [Huawei-Vlanif40]dhcp relay server-ip 10.1.11.2 [Huawei-Vlanif40]quit
到此实现了内网互联互通
配置WLAN
VLAN划分
Switch1
[Huawei]vlan 111 [Huawei-vlan101]quitSwitch2
[Huawei]vlan 111 [Huawei-vlan101]quit[Huawei]int g0/0/4 [Huawei-GigabitEthernet0/0/4]port link-type trunk [Huawei-GigabitEthernet0/0/4]port trunk allow-pass vlan all [Huawei-GigabitEthernet0/0/4]quitSwitch3
[Huawei]vlan 111 [Huawei-vlan101]quit[Huawei]int e0/0/2 [Huawei-Ethernet0/0/2]port link-type trunk [Huawei-Ethernet0/0/2]port trunk pvid vlan 111 [Huawei-Ethernet0/0/2]port trunk allow-pass vlan all [Huawei-Ethernet0/0/2]quitSwitch4
[Huawei]vlan 111 [Huawei-vlan101]quit[Huawei]int e0/0/2 [Huawei-Ethernet0/0/2]port link-type trunk [Huawei-Ethernet0/0/2]port trunk pvid vlan 111 [Huawei-Ethernet0/0/2]port trunk allow-pass vlan all [Huawei-Ethernet0/0/2]quitAC
<AC6605>system-view [AC6605]undo info-center enable[AC6605]vlan 111 [AC6605-vlan101]quit[AC6605]int g0/0/1 [AC6605-GigabitEthernet0/0/1]port link-type trunk [AC6605-GigabitEthernet0/0/1]port trunk allow-pass vlan all [AC6605-GigabitEthernet0/0/1]quit[AC6605]dhcp enable [AC6605]int vlanif 111 [AC6605-Vlanif111]ip address 192.168.111.254 24 [AC6605-Vlanif111]dhcp select interfaceAP [Huawei]display system-information
AP上线
[AC6605]wlan [AC6605-wlan-view]regulatory-domain-profile name default [AC6605-wlan-regulate-domain-default]country-code CN [AC6605-wlan-regulate-domain-default]quit[AC6605-wlan-view]ap-group name ap-group1 [AC6605-wlan-ap-group-ap-group1]regulatory-domain-profile default [AC6605-wlan-ap-group-ap-group1]quit [AC6605-wlan-view]quit[AC6605]capwap source int Vlanif 101 [AC6605-wlan-view]ap auth-mode no-auth [AC6605-wlan-view]display ap all [AC6605-wlan-view]ap-id 0 [AC6605-wlan-ap-0]ap-name AP1 [AC6605-wlan-ap-0]ap-group ap-group1 [AC6605-wlan-ap-0]quit[AC6605-wlan-view]ap-id 1 [AC6605-wlan-ap-1]ap-name AP2 [AC6605-wlan-ap-1]ap-group ap-group1 [AC6605-wlan-ap-1]quit[AC6605-wlan-view]ap auth-mode mac-auth [AC6605-wlan-view]quit [AC6605]display ap all
加密
[AC6605]wlan [AC6605-wlan-view]security-profile name wlan-net [AC6605-wlan-sec-prof-wlan-net]security wpa-wpa2 psk pass-phrase a12345678 aes [AC6605-wlan-sec-prof-wlan-net]quit[AC6605-wlan-view]ssid-profile name wlan-net [AC6605-wlan-ssid-prof-wlan-net]ssid yeslab [AC6605-wlan-ssid-prof-wlan-net]quit[AC6605-wlan-view]vap-profile name wlan-net [AC6605-wlan-vap-prof-wlan-net]forward-mode direct-forward [AC6605-wlan-vap-prof-wlan-net]service-vlan vlan-pool yeslab [AC6605-wlan-vap-prof-wlan-net]quit [AC6605-wlan-view]quit[AC6605]vlan pool yeslab [AC6605-vlan-pool-yeslab]vlan 10 20 30 40 [AC6605-vlan-pool-yeslab]quit[AC6605]wlan [AC6605-wlan-view]vap-profile name wlan-net [AC6605-wlan-vap-prof-wlan-net]service-vlan vlan-pool yeslab [AC6605-wlan-vap-prof-wlan-net]security-profile wlan-net [AC6605-wlan-vap-prof-wlan-net]quit [AC6605-wlan-view]quit[AC6605]wlan [AC6605-wlan-view]ap-group name ap-group1 [AC6605-wlan-ap-group-ap-group1]vap-profile wlan-net wlan 1 radio 0 [AC6605-wlan-ap-group-ap-group1]vap-profile wlan-net wlan 1 radio 1 [AC6605-wlan-ap-group-ap-group1]quit [AC6605-wlan-view]quit
配置防火墙
ISP
<Huawei>system-view [Huawei]undo info-center enable [Huawei]int LoopBack 0 [Huawei-LoopBack0]ip address 114.114.114.114 32 [Huawei-LoopBack0]quit[Huawei]int g0/0/0 [Huawei-GigabitEthernet0/0/0]ip address 202.1.10.2 24 [Huawei-GigabitEthernet0/0/0]quitFireWall
配置IP <USG6000V1>system-view [USG6000V1]undo info-center enable [USG6000V1]int g0/0/0 [USG6000V1-GigabitEthernet0/0/0]ip address 202.1.10.1 24 [USG6000V1-GigabitEthernet0/0/0]quit[USG6000V1]int g1/0/0 [USG6000V1-GigabitEthernet1/0/0]ip address 10.1.15.2 24 [USG6000V1-GigabitEthernet1/0/0]service-manage ping permit [USG6000V1-GigabitEthernet1/0/0]quit划分zone [USG6000V1]firewall zone trust [USG6000V1-zone-trust]add int g1/0/0 [USG6000V1-zone-trust]undo add int g0/0/0 [USG6000V1-zone-trust]quit[USG6000V1]firewall zone untrust [USG6000V1-zone-untrust]add int g0/0/0 [USG6000V1-zone-untrust]quit配置OSPF [USG6000V1]ospf 1 router-id 6.6.6.6 [USG6000V1-ospf-1]area 0 [USG6000V1-ospf-1-area-0.0.0.0]network 10.1.15.2 0.0.0.0 [USG6000V1-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123 [USG6000V1-ospf-1-area-0.0.0.0]quit [USG6000V1-ospf-1]quit[USG6000V1]display ospf peer brief status处于ExStart,单播报文发不出去,需要放行流量 [USG6000V1]security-policy [USG6000V1-policy-security]rule name permit_local_trust_ospf [USG6000V1-policy-security-rule-permit_local_trust_ospf]source-zone local [USG6000V1-policy-security-rule-permit_local_trust_ospf]destination-zone trust [USG6000V1-policy-security-rule-permit_local_trust_ospf]action permit [USG6000V1-policy-security-rule-permit_local_trust_ospf]quit [USG6000V1-policy-security]quit [USG6000V1]display ospf peer brief status处于Full安全策略放行 [USG6000V1]ip route-static 0.0.0.0 0.0.0.0 202.1.10.2 [USG6000V1]ospf 1 [USG6000V1-ospf-1]default-route-advertise always [USG6000V1-ospf-1]quit[USG6000V1]security-policy [USG6000V1-policy-security]rule name permit_trust_untrust [USG6000V1-policy-security-rule-permit_trust_untrust]source-zone trust [USG6000V1-policy-security-rule-permit_trust_untrust]destination-zone untrust [USG6000V1-policy-security-rule-permit_trust_untrust]action permit 配置nat [USG6000V1]nat-policy [USG6000V1-policy-nat]rule name EASYIP [USG6000V1-policy-nat-rule-EASYIP]source-zone trust [USG6000V1-policy-nat-rule-EASYIP]destination-zone untrust [USG6000V1-policy-nat-rule-EASYIP]action source-nat easy-ip以上配置完成后,内外网还是不能互通,问题有待解决。。。
实验总结
完成效果
改进之处
1.防火墙配置存在问题,只能防火墙内部互联互通,外部与内部不能进行通信。
2.无线设备DHCP可能只能获取到DNS,不能获得IP
因为DHCP地址池没有排除被交换机占有的IP地址
排除IP地址:excluded-ip-address 192.168.10.10 192.168.10.254
3.边界路由器还未配置BGP
针对以上问题,后续有空会做进一步改进。。。
参考来源
中大型企业网实战课程_哔哩哔哩_bilibili
基于ensp的园区网络搭建综合实验
基于eNSP的千人中型校园/企业网络设计与规划
)
——内有代码详解)
想(八))
)
⭐⭐)
)