基于ensp的园区网络搭建综合实验

核心技术介绍

1、虚拟局域网(VLAN)

2、链路聚合(E-trunk)

3、多生成树协议(MSTP)

4、VLANIF三层逻辑接口

5、虚拟路由冗余协议(VRRP)

6、开放式最短路径优先(OSPF)

7、动态主机配置协议(DHCP)

8、无线局域网集中式管理(AC+AP)

9、防火墙安全策略(Firewall Security Policy)

10、网络地址转换协议(NAT)

        

网络拓扑规划

全局图

        

 核心层

汇聚层

 接入层

        

网络设备配置

规划VLAN

Switch3

<Huawei>system-view 
[Huawei]undo info-center enable 
[Huawei]vlan batch 10 20 30 40[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]port default vlan 10
[Huawei-Ethernet0/0/1]stp edged-port enable 
[Huawei-Ethernet0/0/1]quit[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 20
[Huawei-Ethernet0/0/3]stp edged-port enable
[Huawei-Ethernet0/0/3]quit[Huawei]port-group group-member e0/0/4 to e0/0/5
[Huawei-port-group]port link-type trunk
[Huawei-port-group]port trunk allow-pass vlan all
[Huawei-port-group]quit

Switch4

<Huawei>system-view 
[Huawei]undo info-center enable 
[Huawei]vlan batch 10 20 30 40[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]port default vlan 30
[Huawei-Ethernet0/0/1]stp edged-port enable 
[Huawei-Ethernet0/0/1]quit[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 40
[Huawei-Ethernet0/0/3]stp edged-port enable
[Huawei-Ethernet0/0/3]quit[Huawei]port-group group-member e0/0/4 to e0/0/5
[Huawei-port-group]port link-type trunk
[Huawei-port-group]port trunk allow-pass vlan all
[Huawei-port-group]quit

Switch1

<Huawei>system-view
[Huawei]undo info-center enable 
[Huawei]vlan batch 10 20 30 40[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/1]quit[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/2]quit

Switch2

<Huawei>system-view
[Huawei]vlan batch 10 20 30 40
[Huawei]undo info-center enable [Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/2]quit[Huawei]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type trunk 
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan all 
[Huawei-GigabitEthernet0/0/3]quit

链路聚合

Switch1

[Huawei]int Eth-Trunk 12
[Huawei-Eth-Trunk12]mode lacp-static 
[Huawei-Eth-Trunk12]trunkport g0/0/3
[Huawei-Eth-Trunk12]trunkport g0/0/4
[Huawei-Eth-Trunk12]port link-type trunk
[Huawei-Eth-Trunk12]port trunk allow-pass vlan all
[Huawei-Eth-Trunk12]display this
[Huawei-Eth-Trunk12]quit

Switch2

[Huawei]int Eth-Trunk 12
[Huawei-Eth-Trunk12]mode lacp-static 
[Huawei-Eth-Trunk12]trunkport g0/0/1
[Huawei-Eth-Trunk12]trunkport g0/0/5
[Huawei-Eth-Trunk12]port link-type trunk
[Huawei-Eth-Trunk12]port trunk allow-pass vlan all
[Huawei-Eth-Trunk12]display this
[Huawei-Eth-Trunk12]quit

部署MSTP

Switch1

[Huawei]stp mode mstp[Huawei]stp region-configuration 
[Huawei-mst-region]region-name yeslab
[Huawei-mst-region]revision-level 1
[Huawei-mst-region]instance 1 vlan 10 20
[Huawei-mst-region]instance 2 vlan 30 40
[Huawei-mst-region]active region-configuration
[Huawei-mst-region]quit[Huawei]stp instance 1 root primary 
[Huawei]stp instance 2 root secondary [Huawei]display stp region-configuration

Switch2

[Huawei]stp mode mstp [Huawei]stp region-configuration 
[Huawei-mst-region]region-name yeslab
[Huawei-mst-region] revision-level 1
[Huawei-mst-region] instance 1 vlan 10 20
[Huawei-mst-region] instance 2 vlan 30 40
[Huawei-mst-region] active region-configuration
[Huawei-mst-region]quit[Huawei]stp instance 1 root secondary 
[Huawei]stp instance 2 root primary [Huawei]display stp region-configuration

Switch3

[Huawei]stp mode mstp[Huawei]stp region-configuration 
[Huawei-mst-region]region-name yeslab
[Huawei-mst-region]revision-level 1
[Huawei-mst-region]instance 1 vlan 10 20
[Huawei-mst-region]instance 2 vlan 30 40
[Huawei-mst-region]active region-configuration 
[Huawei-mst-region]quit[Huawei]display stp instance 1 brief 
[Huawei]display stp instance 2 brief
[Huawei]display stp region-configuration

Switch4

[Huawei]stp mode mstp [Huawei]stp region-configuration 
[Huawei-mst-region]region-name yeslab
[Huawei-mst-region]revision-level 1
[Huawei-mst-region]instance 1 vlan 10 20
[Huawei-mst-region]instance 2 vlan 30 40
[Huawei-mst-region]active region-configuration
[Huawei-mst-region]quit[Huawei]display stp instance 1 brief 
[Huawei]display stp instance 2 brief
[Huawei]display stp region-configuration

配置VLANIF

Switch1

[Huawei]int vlanif 10
[Huawei-Vlanif10]ip address 192.168.10.251 24
[Huawei-Vlanif10]quit[Huawei]int vlanif 20
[Huawei-Vlanif20]ip address 192.168.20.251 24
[Huawei-Vlanif20]quit[Huawei]int vlanif 30
[Huawei-Vlanif30]ip address 192.168.30.251 24
[Huawei-Vlanif30]quit[Huawei]int vlanif 40
[Huawei-Vlanif40]ip address 192.168.40.251 24
[Huawei-Vlanif40]quit

Switch2

[Huawei]int vlanif 10
[Huawei-Vlanif10]ip address 192.168.10.252 24
[Huawei-Vlanif10]quit[Huawei]int vlanif 20
[Huawei-Vlanif20]ip address 192.168.20.252 24
[Huawei-Vlanif20]quit[Huawei]int vlanif 30
[Huawei-Vlanif30]ip address 192.168.30.252 24
[Huawei-Vlanif30]quit[Huawei]int vlanif 40
[Huawei-Vlanif40]ip address 192.168.40.252 24
[Huawei-Vlanif40]quit

配置VRRP

Switch1

[Huawei]int vlanif 10
[Huawei-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[Huawei-Vlanif10]vrrp vrid 10 priority 120
[Huawei-Vlanif10]quit[Huawei]int vlanif 20
[Huawei-Vlanif10]vrrp vrid 20 virtual-ip 192.168.20.254
[Huawei-Vlanif10]vrrp vrid 20 priority 120
[Huawei-Vlanif10]quit[Huawei]int vlanif 30
[Huawei-Vlanif10]vrrp vrid 30 virtual-ip 192.168.30.254
[Huawei-Vlanif10]vrrp vrid 30 priority 110
[Huawei-Vlanif10]quit[Huawei]int vlanif 40
[Huawei-Vlanif10]vrrp vrid 40 virtual-ip 192.168.40.254
[Huawei-Vlanif10]vrrp vrid 40 priority 110
[Huawei-Vlanif10]quit[Huawei]display vrrp brief

Switch2

[Huawei]int vlanif 10
[Huawei-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[Huawei-Vlanif10]vrrp vrid 10 priority 110
[Huawei-Vlanif10]quit[Huawei]int vlanif 20
[Huawei-Vlanif10]vrrp vrid 20 virtual-ip 192.168.20.254
[Huawei-Vlanif10]vrrp vrid 20 priority 110
[Huawei-Vlanif10]quit[Huawei]int vlanif 30
[Huawei-Vlanif10]vrrp vrid 30 virtual-ip 192.168.30.254
[Huawei-Vlanif10]vrrp vrid 30 priority 120
[Huawei-Vlanif10]quit[Huawei]int vlanif 40
[Huawei-Vlanif10]vrrp vrid 40 virtual-ip 192.168.40.254
[Huawei-Vlanif10]vrrp vrid 40 priority 120
[Huawei-Vlanif10]quit[Huawei]display vrrp brief

配置接口IP

Router1

<Huawei>system-view 
[Huawei]undo info-center enable[Huawei]int LoopBack 0
[Huawei-LoopBack0]ip address 10.1.1.1 32
[Huawei-LoopBack0]quit[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.101.1 24
[Huawei-GigabitEthernet0/0/0]quit[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.102.1 24
[Huawei-GigabitEthernet0/0/1]quit[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 10.1.12.1 24
[Huawei-GigabitEthernet0/0/2]quit[Huawei]int g2/0/0
[Huawei-GigabitEthernet2/0/0]ip address 10.1.15.1 24
[Huawei-GigabitEthernet2/0/0]quit[Huawei]int g2/0/1
[Huawei-GigabitEthernet2/0/1]ip address 10.1.11.1 24
[Huawei-GigabitEthernet2/0/1]quit[Huawei]int pos4/0/0
[Huawei-Pos4/0/0]ip address 10.1.13.1 24
[Huawei-Pos4/0/0]quit

Router2

<Huawei>system-view 
[Huawei]undo info-center enable [Huawei]int LoopBack 0
[Huawei-LoopBack0]ip address 10.1.2.2 32
[Huawei-LoopBack0]quit[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.12.2 24
[Huawei-GigabitEthernet0/0/0]quit[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.103.1 24
[Huawei-GigabitEthernet0/0/1]quit[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 10.1.104.1 24
[Huawei-GigabitEthernet0/0/2]quit[Huawei]int pos2/0/0
[Huawei-Pos2/0/0]ip address 10.1.14.1 24
[Huawei-Pos2/0/0]quit

Router3

<Huawei>system-view 
[Huawei]undo info-center enable [Huawei]int LoopBack 0
[Huawei-LoopBack0]ip address 200.200.200.200 32
[Huawei-LoopBack0]quit[Huawei]int pos4/0/0
[Huawei-Pos4/0/0]ip address 10.1.14.2 24
[Huawei-Pos4/0/0]quit[Huawei]int pos6/0/0
[Huawei-Pos6/0/0]ip address 10.1.13.2 24
[Huawei-Pos6/0/0]quit

Switch1

[Huawei]vlan batch 101 103[Huawei]int vlanif 101
[Huawei-Vlanif101]ip address 10.1.101.2 24
[Huawei-Vlanif101]quit[Huawei]int vlanif 103
[Huawei-Vlanif103]ip address 10.1.103.2 24
[Huawei-Vlanif103]quit[Huawei]int g0/0/5
[Huawei-GigabitEthernet0/0/5]port link-type access
[Huawei-GigabitEthernet0/0/5]port default vlan 101
[Huawei-GigabitEthernet0/0/5]quit[Huawei]int g0/0/6
[Huawei-GigabitEthernet0/0/6]port link-type access
[Huawei-GigabitEthernet0/0/6]port default vlan 103
[Huawei-GigabitEthernet0/0/6]quit

Switch2

[Huawei]vlan batch 102 104[Huawei]int vlanif 102
[Huawei-Vlanif102]ip address 10.1.102.2 24
[Huawei-Vlanif102]quit[Huawei]int vlanif 104
[Huawei-Vlanif104]ip address 10.1.104.2 24
[Huawei-Vlanif104]quit[Huawei]int g0/0/6
[Huawei-GigabitEthernet0/0/6]port link-type access 
[Huawei-GigabitEthernet0/0/6]port default vlan 102
[Huawei-GigabitEthernet0/0/6]quit[Huawei]int g0/0/7
[Huawei-GigabitEthernet0/0/7]port link-type access
[Huawei-GigabitEthernet0/0/7]port default vlan 104
[Huawei-GigabitEthernet0/0/7]quit

配置OSPF

Router1

[Huawei]ospf 1 router-id 1.1.1.1
[Huawei-ospf-1]area 0[Huawei-ospf-1-area-0.0.0.0]network 10.1.11.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.101.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.102.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.12.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.15.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.1.1 0.0.0.0[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[Huawei-ospf-1-area-0.0.0.0]dis ospf peer brief

Router2

[Huawei]ospf 1 router-id 2.2.2.2
[Huawei-ospf-1]area 0[Huawei-ospf-1-area-0.0.0.0]network 10.1.12.2 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.103.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.104.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.14.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.2.2 0.0.0.0[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[Huawei-ospf-1-area-0.0.0.0]dis ospf peer brief

Switch1

[Huawei]ospf 1 router-id 3.3.3.3
[Huawei-ospf-1]area 0[Huawei-ospf-1-area-0.0.0.0]network 192.168.10.251 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.20.251 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.30.251 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.40.251 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.101.2 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.103.2 0.0.0.0[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[Huawei-ospf-1-area-0.0.0.0]dis ospf peer brief

Switch2

[Huawei]ospf 1 router-id 4.4.4.4
[Huawei-ospf-1]area 0[Huawei-ospf-1-area-0.0.0.0]network 192.168.10.252 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.20.252 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.30.252 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.40.252 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.102.2 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.104.2 0.0.0.0[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[Huawei-ospf-1-area-0.0.0.0]dis ospf peer brief

 配置DHCP

DHCP服务器

<Huawei>system-view 
[Huawei]undo info-center enable [Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.11.2 24
[Huawei-GigabitEthernet0/0/0]quit[Huawei]dhcp enable [Huawei]ip pool VLAN10
[Huawei-ip-pool-VLAN10]network 192.168.10.0 mask 255.255.255.0
[Huawei-ip-pool-VLAN10]gateway-list 192.168.10.254
[Huawei-ip-pool-VLAN10]dns-list 114.114.114.114
[Huawei-ip-pool-VLAN10]domain-name yeslab.net
[Huawei-ip-pool-VLAN10]quit[Huawei]ip pool VLAN20
[Huawei-ip-pool-VLAN20]network 192.168.20.0 mask 255.255.255.0
[Huawei-ip-pool-VLAN20]gateway-list 192.168.20.254
[Huawei-ip-pool-VLAN20]dns-list 114.114.114.114
[Huawei-ip-pool-VLAN20]domain-name yeslab.net
[Huawei-ip-pool-VLAN20]quit[Huawei]ip pool VLAN30
[Huawei-ip-pool-VLAN30]network 192.168.30.0 mask 255.255.255.0
[Huawei-ip-pool-VLAN30]gateway-list 192.168.30.254
[Huawei-ip-pool-VLAN30]dns-list 114.114.114.114
[Huawei-ip-pool-VLAN30]domain-name yeslab.net
[Huawei-ip-pool-VLAN30]quit[Huawei]ip pool VLAN40
[Huawei-ip-pool-VLAN40]network 192.168.40.0 mask 255.255.255.0
[Huawei-ip-pool-VLAN40]gateway-list 192.168.40.254
[Huawei-ip-pool-VLAN40]dns-list 114.114.114.114
[Huawei-ip-pool-VLAN40]domain-name yeslab.net
[Huawei-ip-pool-VLAN40]quit[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]dhcp select global 
[Huawei-GigabitEthernet0/0/0]quit[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.1.11.1

Switch1

[Huawei]dhcp enable [Huawei]int vlanif 10
[Huawei-Vlanif10]dhcp select relay 
[Huawei-Vlanif10]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif10]quit[Huawei]int vlanif 20
[Huawei-Vlanif20]dhcp select relay 
[Huawei-Vlanif20]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif20]quit[Huawei]int vlanif 30
[Huawei-Vlanif30]dhcp select relay
[Huawei-Vlanif30]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif30]quit[Huawei]int vlanif 40
[Huawei-Vlanif40]dhcp select relay
[Huawei-Vlanif40]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif40]quit

Switch2

[Huawei]dhcp enable [Huawei]int vlanif 10
[Huawei-Vlanif10]dhcp select relay
[Huawei-Vlanif10]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif10]quit[Huawei]int vlanif 20
[Huawei-Vlanif20]dhcp select relay
[Huawei-Vlanif20]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif20]quit[Huawei]int vlanif 30
[Huawei-Vlanif30]dhcp select relay
[Huawei-Vlanif30]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif30]quit[Huawei]int vlanif 40
[Huawei-Vlanif40]dhcp select relay
[Huawei-Vlanif40]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif40]quit

到此实现了内网互联互通

配置WLAN

VLAN划分

Switch1

[Huawei]vlan 111
[Huawei-vlan101]quit

Switch2

[Huawei]vlan 111
[Huawei-vlan101]quit[Huawei]int g0/0/4
[Huawei-GigabitEthernet0/0/4]port link-type trunk
[Huawei-GigabitEthernet0/0/4]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/4]quit

Switch3

[Huawei]vlan 111
[Huawei-vlan101]quit[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type trunk 
[Huawei-Ethernet0/0/2]port trunk pvid vlan 111
[Huawei-Ethernet0/0/2]port trunk allow-pass vlan all
[Huawei-Ethernet0/0/2]quit

Switch4

[Huawei]vlan 111
[Huawei-vlan101]quit[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type trunk
[Huawei-Ethernet0/0/2]port trunk pvid vlan 111
[Huawei-Ethernet0/0/2]port trunk allow-pass vlan all
[Huawei-Ethernet0/0/2]quit

AC

<AC6605>system-view 
[AC6605]undo info-center enable[AC6605]vlan 111
[AC6605-vlan101]quit[AC6605]int g0/0/1
[AC6605-GigabitEthernet0/0/1]port link-type trunk 
[AC6605-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC6605-GigabitEthernet0/0/1]quit[AC6605]dhcp enable 
[AC6605]int vlanif 111
[AC6605-Vlanif111]ip address 192.168.111.254 24
[AC6605-Vlanif111]dhcp select interface

AP        [Huawei]display system-information 

AP上线

[AC6605]wlan
[AC6605-wlan-view]regulatory-domain-profile name default
[AC6605-wlan-regulate-domain-default]country-code CN
[AC6605-wlan-regulate-domain-default]quit[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]regulatory-domain-profile default
[AC6605-wlan-ap-group-ap-group1]quit
[AC6605-wlan-view]quit[AC6605]capwap source int Vlanif 101
[AC6605-wlan-view]ap auth-mode no-auth 
[AC6605-wlan-view]display ap all [AC6605-wlan-view]ap-id 0
[AC6605-wlan-ap-0]ap-name AP1
[AC6605-wlan-ap-0]ap-group ap-group1
[AC6605-wlan-ap-0]quit[AC6605-wlan-view]ap-id 1
[AC6605-wlan-ap-1]ap-name AP2
[AC6605-wlan-ap-1]ap-group ap-group1
[AC6605-wlan-ap-1]quit[AC6605-wlan-view]ap auth-mode mac-auth 
[AC6605-wlan-view]quit
[AC6605]display ap all

 加密

[AC6605]wlan
[AC6605-wlan-view]security-profile name wlan-net
[AC6605-wlan-sec-prof-wlan-net]security wpa-wpa2 psk pass-phrase a12345678 aes
[AC6605-wlan-sec-prof-wlan-net]quit[AC6605-wlan-view]ssid-profile name wlan-net
[AC6605-wlan-ssid-prof-wlan-net]ssid yeslab
[AC6605-wlan-ssid-prof-wlan-net]quit[AC6605-wlan-view]vap-profile name wlan-net
[AC6605-wlan-vap-prof-wlan-net]forward-mode direct-forward 
[AC6605-wlan-vap-prof-wlan-net]service-vlan vlan-pool yeslab
[AC6605-wlan-vap-prof-wlan-net]quit
[AC6605-wlan-view]quit[AC6605]vlan pool yeslab
[AC6605-vlan-pool-yeslab]vlan 10 20 30 40
[AC6605-vlan-pool-yeslab]quit[AC6605]wlan
[AC6605-wlan-view]vap-profile name wlan-net
[AC6605-wlan-vap-prof-wlan-net]service-vlan vlan-pool yeslab
[AC6605-wlan-vap-prof-wlan-net]security-profile wlan-net
[AC6605-wlan-vap-prof-wlan-net]quit
[AC6605-wlan-view]quit[AC6605]wlan 
[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]vap-profile wlan-net wlan 1 radio 0
[AC6605-wlan-ap-group-ap-group1]vap-profile wlan-net wlan 1 radio 1
[AC6605-wlan-ap-group-ap-group1]quit
[AC6605-wlan-view]quit

配置防火墙

 ISP

<Huawei>system-view
[Huawei]undo info-center enable [Huawei]int LoopBack 0
[Huawei-LoopBack0]ip address 114.114.114.114 32
[Huawei-LoopBack0]quit[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 202.1.10.2 24
[Huawei-GigabitEthernet0/0/0]quit

FireWall

配置IP
<USG6000V1>system-view 
[USG6000V1]undo info-center enable [USG6000V1]int g0/0/0
[USG6000V1-GigabitEthernet0/0/0]ip address 202.1.10.1 24
[USG6000V1-GigabitEthernet0/0/0]quit[USG6000V1]int g1/0/0
[USG6000V1-GigabitEthernet1/0/0]ip address 10.1.15.2 24
[USG6000V1-GigabitEthernet1/0/0]service-manage ping permit 
[USG6000V1-GigabitEthernet1/0/0]quit划分zone
[USG6000V1]firewall zone trust
[USG6000V1-zone-trust]add int g1/0/0
[USG6000V1-zone-trust]undo add int g0/0/0
[USG6000V1-zone-trust]quit[USG6000V1]firewall zone untrust 
[USG6000V1-zone-untrust]add int g0/0/0
[USG6000V1-zone-untrust]quit配置OSPF
[USG6000V1]ospf 1 router-id 6.6.6.6
[USG6000V1-ospf-1]area 0
[USG6000V1-ospf-1-area-0.0.0.0]network 10.1.15.2 0.0.0.0
[USG6000V1-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[USG6000V1-ospf-1-area-0.0.0.0]quit
[USG6000V1-ospf-1]quit[USG6000V1]display ospf peer brief     status处于ExStart,单播报文发不出去,需要放行流量
[USG6000V1]security-policy 
[USG6000V1-policy-security]rule name permit_local_trust_ospf
[USG6000V1-policy-security-rule-permit_local_trust_ospf]source-zone local 
[USG6000V1-policy-security-rule-permit_local_trust_ospf]destination-zone trust 
[USG6000V1-policy-security-rule-permit_local_trust_ospf]action permit 
[USG6000V1-policy-security-rule-permit_local_trust_ospf]quit
[USG6000V1-policy-security]quit
[USG6000V1]display ospf peer brief      status处于Full安全策略放行
[USG6000V1]ip route-static 0.0.0.0 0.0.0.0 202.1.10.2
[USG6000V1]ospf 1
[USG6000V1-ospf-1]default-route-advertise always 
[USG6000V1-ospf-1]quit[USG6000V1]security-policy 
[USG6000V1-policy-security]rule name permit_trust_untrust
[USG6000V1-policy-security-rule-permit_trust_untrust]source-zone trust 
[USG6000V1-policy-security-rule-permit_trust_untrust]destination-zone untrust 
[USG6000V1-policy-security-rule-permit_trust_untrust]action permit 配置nat
[USG6000V1]nat-policy 
[USG6000V1-policy-nat]rule name EASYIP
[USG6000V1-policy-nat-rule-EASYIP]source-zone trust 
[USG6000V1-policy-nat-rule-EASYIP]destination-zone untrust 
[USG6000V1-policy-nat-rule-EASYIP]action source-nat easy-ip

以上配置完成后,内外网还是不能互通,问题有待解决。。。

        

实验总结

完成效果

改进之处

1.防火墙配置存在问题,只能防火墙内部互联互通,外部与内部不能进行通信。


        

2.无线设备DHCP可能只能获取到DNS,不能获得IP

因为DHCP地址池没有排除被交换机占有的IP地址

排除IP地址:excluded-ip-address 192.168.10.10 192.168.10.254     

        

 3.边界路由器还未配置BGP

针对以上问题,后续有空会做进一步改进。。。

        

参考来源

中大型企业网实战课程_哔哩哔哩_bilibili

基于ensp的园区网络搭建综合实验

基于eNSP的千人中型校园/企业网络设计与规划

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/news/849103.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

灵动岛动效:打造沉浸式用户体验

灵动岛动效:打造沉浸式用户体验

灵动岛是专属于 iPhone 14 Pro 系列交互UI&#xff0c;通过通知消息的展示和状态的查看与硬件相结合&#xff0c;让 iPhone 14 Pro 系列的前置摄像头和传感器的“感叹号”&#xff0c;发生不同形状的变化。这样做的好处是让虚拟软件和硬件的交互变得更为流畅&#xff0c;以便让…
阅读更多...
手机建站介绍

手机建站介绍

随着科技的不断进步和移动互联网的普及&#xff0c;手机应用已经成为人们生活中最不可或缺的一部分。而手机建站作为一种新兴技术&#xff0c;在这一领域也有着广泛的应用。本文将为大家介绍手机建站的概念、优势和应用。 什么是手机建站&#xff1f; 手机建站是指将传统的网络…
阅读更多...
信息系统项目管理师0144:裁剪考虑因素(9项目范围管理—9.2项目范围管理过程—9.2.2裁剪考虑因素)

信息系统项目管理师0144:裁剪考虑因素(9项目范围管理—9.2项目范围管理过程—9.2.2裁剪考虑因素)

点击查看专栏目录 文章目录 9.2.2 裁剪考虑因素 9.2.2 裁剪考虑因素 因为每个项目都是独特的&#xff0c;所以项目经理可能根据需要裁剪项目范围管理过程。裁剪时应考虑的因素包括&#xff1a; 知识和需求管理&#xff1a;项目经理应建立哪些指南&#xff1f;为了在未来项目中…
阅读更多...
利用opencv-python实现图像全景拼接技术实现

利用opencv-python实现图像全景拼接技术实现

这个代码的主要功能是将多张图像拼接成一张全景图。它使用了OpenCV库中的SIFT特征提取、特征匹配和图像变换等技术来实现图像拼接。 一、预览效果 二、安装依赖 contourpy1.2.1 cycler0.12.1 fonttools4.53.0 importlib_resources6.4.0 kiwisolver1.4.5 matplotlib3.9.0 numpy…
阅读更多...
【数据结构】——线性表(顺序表)——内有代码详解

【数据结构】——线性表(顺序表)——内有代码详解

目录 一、引言 二、线性表 2.1 定义 2.2 特点 三、顺序表 3.1 顺序表的概念 3.2 顺序表的特点 3.3 顺序表的定义 3.3.1 静态定义 3.3.2 动态定义 3.4 顺序表的初始化 3.4.1 静态初始化 3.4.2 动态初始化 3.5 顺序表的销毁 3.6 顺序表元素的打印 3.7 顺序表的插入…
阅读更多...
Golang | Leetcode Golang题解之第135题分发糖果

Golang | Leetcode Golang题解之第135题分发糖果

题目&#xff1a; 题解&#xff1a; func candy(ratings []int) int {n : len(ratings)ans, inc, dec, pre : 1, 1, 0, 1for i : 1; i < n; i {if ratings[i] > ratings[i-1] {dec 0if ratings[i] ratings[i-1] {pre 1} else {pre}ans preinc pre} else {decif dec…
阅读更多...
前端面试项目细节重难点(已工作|做分享)想(八)

前端面试项目细节重难点(已工作|做分享)想(八)

面试官&#xff1a;请你讲讲你在该项目中遇到的印象深刻的问题是什么&#xff1f; 答&#xff1a;我的回答&#xff1a;该项目的实现过程中我确实遇到了问题&#xff1a;【我会给大家整理回答思路和角度&#xff0c;那那么遇到这样的问题也可借鉴这种思路进行阐述】 第一层面…
阅读更多...
JSONPath使用指南(掌握JSON数据提取)

JSONPath使用指南(掌握JSON数据提取)

大家好&#xff0c;在处理 JSON&#xff08;JavaScript Object Notation&#xff09;数据时&#xff0c;有时需要从复杂的结构中提取特定部分。JSONPath 就是一个非常有用的工具&#xff0c;它提供了一种简洁而强大的方式来定位和提取 JSON 数据中的元素。无论是在 Web 开发中处…
阅读更多...
Linux-桌面操作系统在服务器上未关闭休眠机制,使其开机半小时左右死机无法远程ssh连接

Linux-桌面操作系统在服务器上未关闭休眠机制,使其开机半小时左右死机无法远程ssh连接

故障表述 操作系统:ubuntu desktop 18.04 异常描述:开机半小时左右死机 1、登录iBMC查看硬件无异常 2、登录ubuntu desktop 18.04操作系统,导出日志文件syslog、dmesg、lastlog(路径:/var/log),操作系统在11月8号~11月9号之间出现异常 经分析操作系统日志文件,操作系…
阅读更多...
OpenStack云平台管理

OpenStack云平台管理

OpenStack云平台管理 文章目录 OpenStack云平台管理资源列表基础环境一、部署Openstack二、创建网络和路由2.1、删除默认的网络2.2、创建网络和路由2.2.1、创建外部网络2.2.2、创建内部网络 2.3、创建路由 三、创建实例3.1、配置实例3.2、配置NAT转换 四、绑定浮动IP地址五、添…
阅读更多...
【TB作品】MSP430F149 单片机 音乐喷泉

【TB作品】MSP430F149 单片机 音乐喷泉

功能 声音越大&#xff0c;亮的灯越多。 oled显示出当前的声音大小。 硬件接线 //OLED----MSP430 //VCC-----3.3V //GND-----GND //D0------P3.2 //D1------P3.0 //RES-----P2.0 //DC------P2.2 //CS------P8.1 led P4八个引脚 adc P6.0 部分代码 _EINT();while (1){adok…
阅读更多...
上位机图像处理和嵌入式模块部署(f407 mcu中的项目开发特点)

上位机图像处理和嵌入式模块部署(f407 mcu中的项目开发特点)

【 声明&#xff1a;版权所有&#xff0c;欢迎转载&#xff0c;请勿用于商业用途。 联系信箱&#xff1a;feixiaoxing 163.com】 和soc相比较&#xff0c;mcu的项目规模一般不算大。因为&#xff0c;soc项目中&#xff0c;从规划、硬件开发、驱动、应用端、服务器端到测试&…
阅读更多...
举个栗子!Quick BI 技巧(8):柱形图的制作及应用

举个栗子!Quick BI 技巧(8):柱形图的制作及应用

众所周知&#xff0c;在数据分析中&#xff0c;柱形图是利用率非常高的一种图&#xff0c;主要是用于比较各组数据之间的差别&#xff0c;并且可以显示一段时间内的数据变化情况。那么在 Quick BI 中要如何来制作柱形图呢&#xff1f; 今天的栗子&#xff0c;我们就来分享如何…
阅读更多...
DP:子序列模型

DP:子序列模型

子数组vs子数列 1、子数组&#xff08;n^2&#xff09; 子序列(2^n) 2、子数组是子序列的一个子集 3、子数组必须连续&#xff0c;子序列可以不连续 一、最长递增子序列 . - 力扣&#xff08;LeetCode&#xff09; 算法原理&#xff1a; 1、状态表示&#xff…
阅读更多...
数据管理积重难返?这有一个新药方丨直播预告

数据管理积重难返?这有一个新药方丨直播预告

大数据产业创新服务媒体 ——聚焦数据 改变商业 在数智化转型的浪潮中&#xff0c;数据管理领域正面临着前所未有的挑战和机遇。企业在数据管理过程中&#xff0c;普遍遭遇数据孤岛、数据质量不佳、存储和处理成本高昂、数据安全与隐私保护压力以及多源异构数据整合困难等诸多…
阅读更多...
【MMU】——MMU 页命中/缺页

【MMU】——MMU 页命中/缺页

文章目录 MMU 页命中/缺页MMU 命中MMU 缺页 MMU 页命中/缺页 MMU 命中 处理器产生一个虚拟地址。MMU生成 PTE 地址&#xff0c;并从高速缓存/主存请求得到它。高速缓存/主存向 MMU 返回 PTE。MMU 构造物理地址&#xff0c;并把它传送给高速缓存/主存。高速缓存/主存返回所请求…
阅读更多...
SpringBoot引入WebSocket依赖报ServerContainer no avaliable

SpringBoot引入WebSocket依赖报ServerContainer no avaliable

1、WebSocketConfig 文件报错 Configuration EnableWebSocket public class WebSocketConfig {Beanpublic ServerEndpointExporter serverEndpointExporter() {return new ServerEndpointExporter();}2、报错内容 Exception encountered during context initialization - canc…
阅读更多...
SpringBoot+Vue校园管理系统(前后端分离)

SpringBoot+Vue校园管理系统(前后端分离)

技术栈 JavaSpringBootMavenMyBatisMySQLVueElement-UIShiro 系统角色 管理员用户院系管理员 系统功能截图
阅读更多...
《互联网政务应用安全管理规定》电子邮件安全如何整改?

《互联网政务应用安全管理规定》电子邮件安全如何整改?

继上篇文章&#xff08;解读《互联网政务应用安全管理规定》网络和数据安全中的身份认证和审计合规&#xff09;之后&#xff0c;本篇文章继续解读第五章“电子邮件安全”&#xff0c;为党政机关事业单位提供电子邮件系统整改思路。 “电子邮件安全”内容从第三十一条到第三十…
阅读更多...
VirtualBox 虚拟机中的 centos7 系统拉取 docker 镜像常见报错及解决方法

VirtualBox 虚拟机中的 centos7 系统拉取 docker 镜像常见报错及解决方法

一、拉取镜像时报错&#xff1a;Error response from daemon: Get "https://registry-1.docker.io/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority 原因&#xff1a;&#xff08;文心一言给出的原因&#xff09; 这个错误…
阅读更多...
推荐文章
最新文章

Copyright @ 2022~2023