基于ensp的园区网络搭建综合实验

核心技术介绍

1、虚拟局域网(VLAN)

2、链路聚合(E-trunk)

3、多生成树协议(MSTP)

4、VLANIF三层逻辑接口

5、虚拟路由冗余协议(VRRP)

6、开放式最短路径优先(OSPF)

7、动态主机配置协议(DHCP)

8、无线局域网集中式管理(AC+AP)

9、防火墙安全策略(Firewall Security Policy)

10、网络地址转换协议(NAT)

        

网络拓扑规划

全局图

        

 核心层

汇聚层

 接入层

        

网络设备配置

规划VLAN

Switch3

<Huawei>system-view 
[Huawei]undo info-center enable 
[Huawei]vlan batch 10 20 30 40

[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]port default vlan 10
[Huawei-Ethernet0/0/1]stp edged-port enable 
[Huawei-Ethernet0/0/1]quit

[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 20
[Huawei-Ethernet0/0/3]stp edged-port enable
[Huawei-Ethernet0/0/3]quit

[Huawei]port-group group-member e0/0/4 to e0/0/5
[Huawei-port-group]port link-type trunk
[Huawei-port-group]port trunk allow-pass vlan all
[Huawei-port-group]quit

Switch4

<Huawei>system-view 
[Huawei]undo info-center enable 
[Huawei]vlan batch 10 20 30 40

[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]port default vlan 30
[Huawei-Ethernet0/0/1]stp edged-port enable 
[Huawei-Ethernet0/0/1]quit

[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 40
[Huawei-Ethernet0/0/3]stp edged-port enable
[Huawei-Ethernet0/0/3]quit

[Huawei]port-group group-member e0/0/4 to e0/0/5
[Huawei-port-group]port link-type trunk
[Huawei-port-group]port trunk allow-pass vlan all
[Huawei-port-group]quit

Switch1

<Huawei>system-view
[Huawei]undo info-center enable 
[Huawei]vlan batch 10 20 30 40

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/1]quit

[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/2]quit

Switch2

<Huawei>system-view
[Huawei]vlan batch 10 20 30 40
[Huawei]undo info-center enable 

[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/2]quit

[Huawei]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type trunk 
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan all 
[Huawei-GigabitEthernet0/0/3]quit

链路聚合

Switch1

[Huawei]int Eth-Trunk 12
[Huawei-Eth-Trunk12]mode lacp-static 
[Huawei-Eth-Trunk12]trunkport g0/0/3
[Huawei-Eth-Trunk12]trunkport g0/0/4
[Huawei-Eth-Trunk12]port link-type trunk
[Huawei-Eth-Trunk12]port trunk allow-pass vlan all
[Huawei-Eth-Trunk12]display this
[Huawei-Eth-Trunk12]quit

Switch2

[Huawei]int Eth-Trunk 12
[Huawei-Eth-Trunk12]mode lacp-static 
[Huawei-Eth-Trunk12]trunkport g0/0/1
[Huawei-Eth-Trunk12]trunkport g0/0/5
[Huawei-Eth-Trunk12]port link-type trunk
[Huawei-Eth-Trunk12]port trunk allow-pass vlan all
[Huawei-Eth-Trunk12]display this
[Huawei-Eth-Trunk12]quit

部署MSTP

Switch1

[Huawei]stp mode mstp

[Huawei]stp region-configuration 
[Huawei-mst-region]region-name yeslab
[Huawei-mst-region]revision-level 1
[Huawei-mst-region]instance 1 vlan 10 20
[Huawei-mst-region]instance 2 vlan 30 40
[Huawei-mst-region]active region-configuration
[Huawei-mst-region]quit

[Huawei]stp instance 1 root primary 
[Huawei]stp instance 2 root secondary 

[Huawei]display stp region-configuration

Switch2

[Huawei]stp mode mstp 

[Huawei]stp region-configuration 
[Huawei-mst-region]region-name yeslab
[Huawei-mst-region] revision-level 1
[Huawei-mst-region] instance 1 vlan 10 20
[Huawei-mst-region] instance 2 vlan 30 40
[Huawei-mst-region] active region-configuration
[Huawei-mst-region]quit

[Huawei]stp instance 1 root secondary 
[Huawei]stp instance 2 root primary 

[Huawei]display stp region-configuration

Switch3

[Huawei]stp mode mstp

[Huawei]stp region-configuration 
[Huawei-mst-region]region-name yeslab
[Huawei-mst-region]revision-level 1
[Huawei-mst-region]instance 1 vlan 10 20
[Huawei-mst-region]instance 2 vlan 30 40
[Huawei-mst-region]active region-configuration 
[Huawei-mst-region]quit

[Huawei]display stp instance 1 brief 
[Huawei]display stp instance 2 brief
[Huawei]display stp region-configuration

Switch4

[Huawei]stp mode mstp 

[Huawei]stp region-configuration 
[Huawei-mst-region]region-name yeslab
[Huawei-mst-region]revision-level 1
[Huawei-mst-region]instance 1 vlan 10 20
[Huawei-mst-region]instance 2 vlan 30 40
[Huawei-mst-region]active region-configuration
[Huawei-mst-region]quit

[Huawei]display stp instance 1 brief 
[Huawei]display stp instance 2 brief
[Huawei]display stp region-configuration

配置VLANIF

Switch1

[Huawei]int vlanif 10
[Huawei-Vlanif10]ip address 192.168.10.251 24
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif20]ip address 192.168.20.251 24
[Huawei-Vlanif20]quit

[Huawei]int vlanif 30
[Huawei-Vlanif30]ip address 192.168.30.251 24
[Huawei-Vlanif30]quit

[Huawei]int vlanif 40
[Huawei-Vlanif40]ip address 192.168.40.251 24
[Huawei-Vlanif40]quit

Switch2

[Huawei]int vlanif 10
[Huawei-Vlanif10]ip address 192.168.10.252 24
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif20]ip address 192.168.20.252 24
[Huawei-Vlanif20]quit

[Huawei]int vlanif 30
[Huawei-Vlanif30]ip address 192.168.30.252 24
[Huawei-Vlanif30]quit

[Huawei]int vlanif 40
[Huawei-Vlanif40]ip address 192.168.40.252 24
[Huawei-Vlanif40]quit

配置VRRP

Switch1

[Huawei]int vlanif 10
[Huawei-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[Huawei-Vlanif10]vrrp vrid 10 priority 120
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif10]vrrp vrid 20 virtual-ip 192.168.20.254
[Huawei-Vlanif10]vrrp vrid 20 priority 120
[Huawei-Vlanif10]quit

[Huawei]int vlanif 30
[Huawei-Vlanif10]vrrp vrid 30 virtual-ip 192.168.30.254
[Huawei-Vlanif10]vrrp vrid 30 priority 110
[Huawei-Vlanif10]quit

[Huawei]int vlanif 40
[Huawei-Vlanif10]vrrp vrid 40 virtual-ip 192.168.40.254
[Huawei-Vlanif10]vrrp vrid 40 priority 110
[Huawei-Vlanif10]quit

[Huawei]display vrrp brief

Switch2

[Huawei]int vlanif 10
[Huawei-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[Huawei-Vlanif10]vrrp vrid 10 priority 110
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif10]vrrp vrid 20 virtual-ip 192.168.20.254
[Huawei-Vlanif10]vrrp vrid 20 priority 110
[Huawei-Vlanif10]quit

[Huawei]int vlanif 30
[Huawei-Vlanif10]vrrp vrid 30 virtual-ip 192.168.30.254
[Huawei-Vlanif10]vrrp vrid 30 priority 120
[Huawei-Vlanif10]quit

[Huawei]int vlanif 40
[Huawei-Vlanif10]vrrp vrid 40 virtual-ip 192.168.40.254
[Huawei-Vlanif10]vrrp vrid 40 priority 120
[Huawei-Vlanif10]quit

[Huawei]display vrrp brief

配置接口IP

Router1

<Huawei>system-view 
[Huawei]undo info-center enable

[Huawei]int LoopBack 0
[Huawei-LoopBack0]ip address 10.1.1.1 32
[Huawei-LoopBack0]quit

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.101.1 24
[Huawei-GigabitEthernet0/0/0]quit

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.102.1 24
[Huawei-GigabitEthernet0/0/1]quit

[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 10.1.12.1 24
[Huawei-GigabitEthernet0/0/2]quit

[Huawei]int g2/0/0
[Huawei-GigabitEthernet2/0/0]ip address 10.1.15.1 24
[Huawei-GigabitEthernet2/0/0]quit

[Huawei]int g2/0/1
[Huawei-GigabitEthernet2/0/1]ip address 10.1.11.1 24
[Huawei-GigabitEthernet2/0/1]quit

[Huawei]int pos4/0/0
[Huawei-Pos4/0/0]ip address 10.1.13.1 24
[Huawei-Pos4/0/0]quit

Router2

<Huawei>system-view 
[Huawei]undo info-center enable 

[Huawei]int LoopBack 0
[Huawei-LoopBack0]ip address 10.1.2.2 32
[Huawei-LoopBack0]quit

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.12.2 24
[Huawei-GigabitEthernet0/0/0]quit

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.103.1 24
[Huawei-GigabitEthernet0/0/1]quit

[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 10.1.104.1 24
[Huawei-GigabitEthernet0/0/2]quit

[Huawei]int pos2/0/0
[Huawei-Pos2/0/0]ip address 10.1.14.1 24
[Huawei-Pos2/0/0]quit

Router3

<Huawei>system-view 
[Huawei]undo info-center enable 

[Huawei]int LoopBack 0
[Huawei-LoopBack0]ip address 200.200.200.200 32
[Huawei-LoopBack0]quit

[Huawei]int pos4/0/0
[Huawei-Pos4/0/0]ip address 10.1.14.2 24
[Huawei-Pos4/0/0]quit

[Huawei]int pos6/0/0
[Huawei-Pos6/0/0]ip address 10.1.13.2 24
[Huawei-Pos6/0/0]quit

Switch1

[Huawei]vlan batch 101 103

[Huawei]int vlanif 101
[Huawei-Vlanif101]ip address 10.1.101.2 24
[Huawei-Vlanif101]quit

[Huawei]int vlanif 103
[Huawei-Vlanif103]ip address 10.1.103.2 24
[Huawei-Vlanif103]quit

[Huawei]int g0/0/5
[Huawei-GigabitEthernet0/0/5]port link-type access
[Huawei-GigabitEthernet0/0/5]port default vlan 101
[Huawei-GigabitEthernet0/0/5]quit

[Huawei]int g0/0/6
[Huawei-GigabitEthernet0/0/6]port link-type access
[Huawei-GigabitEthernet0/0/6]port default vlan 103
[Huawei-GigabitEthernet0/0/6]quit

Switch2

[Huawei]vlan batch 102 104

[Huawei]int vlanif 102
[Huawei-Vlanif102]ip address 10.1.102.2 24
[Huawei-Vlanif102]quit

[Huawei]int vlanif 104
[Huawei-Vlanif104]ip address 10.1.104.2 24
[Huawei-Vlanif104]quit

[Huawei]int g0/0/6
[Huawei-GigabitEthernet0/0/6]port link-type access 
[Huawei-GigabitEthernet0/0/6]port default vlan 102
[Huawei-GigabitEthernet0/0/6]quit

[Huawei]int g0/0/7
[Huawei-GigabitEthernet0/0/7]port link-type access
[Huawei-GigabitEthernet0/0/7]port default vlan 104
[Huawei-GigabitEthernet0/0/7]quit

配置OSPF

Router1

[Huawei]ospf 1 router-id 1.1.1.1
[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 10.1.11.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.101.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.102.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.12.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.15.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.1.1 0.0.0.0

[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[Huawei-ospf-1-area-0.0.0.0]dis ospf peer brief

Router2

[Huawei]ospf 1 router-id 2.2.2.2
[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 10.1.12.2 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.103.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.104.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.14.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.2.2 0.0.0.0

[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[Huawei-ospf-1-area-0.0.0.0]dis ospf peer brief

Switch1

[Huawei]ospf 1 router-id 3.3.3.3
[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 192.168.10.251 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.20.251 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.30.251 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.40.251 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.101.2 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.103.2 0.0.0.0

[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[Huawei-ospf-1-area-0.0.0.0]dis ospf peer brief

Switch2

[Huawei]ospf 1 router-id 4.4.4.4
[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 192.168.10.252 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.20.252 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.30.252 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.40.252 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.102.2 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.104.2 0.0.0.0

[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[Huawei-ospf-1-area-0.0.0.0]dis ospf peer brief

 配置DHCP

DHCP服务器

<Huawei>system-view 
[Huawei]undo info-center enable 

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.11.2 24
[Huawei-GigabitEthernet0/0/0]quit

[Huawei]dhcp enable 

[Huawei]ip pool VLAN10
[Huawei-ip-pool-VLAN10]network 192.168.10.0 mask 255.255.255.0
[Huawei-ip-pool-VLAN10]gateway-list 192.168.10.254
[Huawei-ip-pool-VLAN10]dns-list 114.114.114.114
[Huawei-ip-pool-VLAN10]domain-name yeslab.net
[Huawei-ip-pool-VLAN10]quit

[Huawei]ip pool VLAN20
[Huawei-ip-pool-VLAN20]network 192.168.20.0 mask 255.255.255.0
[Huawei-ip-pool-VLAN20]gateway-list 192.168.20.254
[Huawei-ip-pool-VLAN20]dns-list 114.114.114.114
[Huawei-ip-pool-VLAN20]domain-name yeslab.net
[Huawei-ip-pool-VLAN20]quit

[Huawei]ip pool VLAN30
[Huawei-ip-pool-VLAN30]network 192.168.30.0 mask 255.255.255.0
[Huawei-ip-pool-VLAN30]gateway-list 192.168.30.254
[Huawei-ip-pool-VLAN30]dns-list 114.114.114.114
[Huawei-ip-pool-VLAN30]domain-name yeslab.net
[Huawei-ip-pool-VLAN30]quit

[Huawei]ip pool VLAN40
[Huawei-ip-pool-VLAN40]network 192.168.40.0 mask 255.255.255.0
[Huawei-ip-pool-VLAN40]gateway-list 192.168.40.254
[Huawei-ip-pool-VLAN40]dns-list 114.114.114.114
[Huawei-ip-pool-VLAN40]domain-name yeslab.net
[Huawei-ip-pool-VLAN40]quit

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]dhcp select global 
[Huawei-GigabitEthernet0/0/0]quit

[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.1.11.1

Switch1

[Huawei]dhcp enable 

[Huawei]int vlanif 10
[Huawei-Vlanif10]dhcp select relay 
[Huawei-Vlanif10]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif20]dhcp select relay 
[Huawei-Vlanif20]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif20]quit

[Huawei]int vlanif 30
[Huawei-Vlanif30]dhcp select relay
[Huawei-Vlanif30]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif30]quit

[Huawei]int vlanif 40
[Huawei-Vlanif40]dhcp select relay
[Huawei-Vlanif40]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif40]quit

Switch2

[Huawei]dhcp enable 

[Huawei]int vlanif 10
[Huawei-Vlanif10]dhcp select relay
[Huawei-Vlanif10]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif20]dhcp select relay
[Huawei-Vlanif20]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif20]quit

[Huawei]int vlanif 30
[Huawei-Vlanif30]dhcp select relay
[Huawei-Vlanif30]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif30]quit

[Huawei]int vlanif 40
[Huawei-Vlanif40]dhcp select relay
[Huawei-Vlanif40]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif40]quit

到此实现了内网互联互通

配置WLAN

VLAN划分

Switch1

[Huawei]vlan 111
[Huawei-vlan101]quit

Switch2

[Huawei]vlan 111
[Huawei-vlan101]quit

[Huawei]int g0/0/4
[Huawei-GigabitEthernet0/0/4]port link-type trunk
[Huawei-GigabitEthernet0/0/4]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/4]quit

Switch3

[Huawei]vlan 111
[Huawei-vlan101]quit

[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type trunk 
[Huawei-Ethernet0/0/2]port trunk pvid vlan 111
[Huawei-Ethernet0/0/2]port trunk allow-pass vlan all
[Huawei-Ethernet0/0/2]quit

Switch4

[Huawei]vlan 111
[Huawei-vlan101]quit

[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type trunk
[Huawei-Ethernet0/0/2]port trunk pvid vlan 111
[Huawei-Ethernet0/0/2]port trunk allow-pass vlan all
[Huawei-Ethernet0/0/2]quit

AC

<AC6605>system-view 
[AC6605]undo info-center enable

[AC6605]vlan 111
[AC6605-vlan101]quit

[AC6605]int g0/0/1
[AC6605-GigabitEthernet0/0/1]port link-type trunk 
[AC6605-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC6605-GigabitEthernet0/0/1]quit

[AC6605]dhcp enable 
[AC6605]int vlanif 111
[AC6605-Vlanif111]ip address 192.168.111.254 24
[AC6605-Vlanif111]dhcp select interface

AP        [Huawei]display system-information 

AP上线

[AC6605]wlan
[AC6605-wlan-view]regulatory-domain-profile name default
[AC6605-wlan-regulate-domain-default]country-code CN
[AC6605-wlan-regulate-domain-default]quit

[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]regulatory-domain-profile default
[AC6605-wlan-ap-group-ap-group1]quit
[AC6605-wlan-view]quit

[AC6605]capwap source int Vlanif 101
[AC6605-wlan-view]ap auth-mode no-auth 
[AC6605-wlan-view]display ap all 

[AC6605-wlan-view]ap-id 0
[AC6605-wlan-ap-0]ap-name AP1
[AC6605-wlan-ap-0]ap-group ap-group1
[AC6605-wlan-ap-0]quit

[AC6605-wlan-view]ap-id 1
[AC6605-wlan-ap-1]ap-name AP2
[AC6605-wlan-ap-1]ap-group ap-group1
[AC6605-wlan-ap-1]quit

[AC6605-wlan-view]ap auth-mode mac-auth 
[AC6605-wlan-view]quit
[AC6605]display ap all

 加密

[AC6605]wlan
[AC6605-wlan-view]security-profile name wlan-net
[AC6605-wlan-sec-prof-wlan-net]security wpa-wpa2 psk pass-phrase a12345678 aes
[AC6605-wlan-sec-prof-wlan-net]quit

[AC6605-wlan-view]ssid-profile name wlan-net
[AC6605-wlan-ssid-prof-wlan-net]ssid yeslab
[AC6605-wlan-ssid-prof-wlan-net]quit

[AC6605-wlan-view]vap-profile name wlan-net
[AC6605-wlan-vap-prof-wlan-net]forward-mode direct-forward 
[AC6605-wlan-vap-prof-wlan-net]service-vlan vlan-pool yeslab
[AC6605-wlan-vap-prof-wlan-net]quit
[AC6605-wlan-view]quit

[AC6605]vlan pool yeslab
[AC6605-vlan-pool-yeslab]vlan 10 20 30 40
[AC6605-vlan-pool-yeslab]quit

[AC6605]wlan
[AC6605-wlan-view]vap-profile name wlan-net
[AC6605-wlan-vap-prof-wlan-net]service-vlan vlan-pool yeslab
[AC6605-wlan-vap-prof-wlan-net]security-profile wlan-net
[AC6605-wlan-vap-prof-wlan-net]quit
[AC6605-wlan-view]quit

[AC6605]wlan 
[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]vap-profile wlan-net wlan 1 radio 0
[AC6605-wlan-ap-group-ap-group1]vap-profile wlan-net wlan 1 radio 1
[AC6605-wlan-ap-group-ap-group1]quit
[AC6605-wlan-view]quit

配置防火墙

 ISP

<Huawei>system-view
[Huawei]undo info-center enable 

[Huawei]int LoopBack 0
[Huawei-LoopBack0]ip address 114.114.114.114 32
[Huawei-LoopBack0]quit

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 202.1.10.2 24
[Huawei-GigabitEthernet0/0/0]quit

FireWall

配置IP
<USG6000V1>system-view 
[USG6000V1]undo info-center enable 

[USG6000V1]int g0/0/0
[USG6000V1-GigabitEthernet0/0/0]ip address 202.1.10.1 24
[USG6000V1-GigabitEthernet0/0/0]quit

[USG6000V1]int g1/0/0
[USG6000V1-GigabitEthernet1/0/0]ip address 10.1.15.2 24
[USG6000V1-GigabitEthernet1/0/0]service-manage ping permit 
[USG6000V1-GigabitEthernet1/0/0]quit


划分zone
[USG6000V1]firewall zone trust
[USG6000V1-zone-trust]add int g1/0/0
[USG6000V1-zone-trust]undo add int g0/0/0
[USG6000V1-zone-trust]quit

[USG6000V1]firewall zone untrust 
[USG6000V1-zone-untrust]add int g0/0/0
[USG6000V1-zone-untrust]quit


配置OSPF
[USG6000V1]ospf 1 router-id 6.6.6.6
[USG6000V1-ospf-1]area 0
[USG6000V1-ospf-1-area-0.0.0.0]network 10.1.15.2 0.0.0.0
[USG6000V1-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[USG6000V1-ospf-1-area-0.0.0.0]quit
[USG6000V1-ospf-1]quit

[USG6000V1]display ospf peer brief     status处于ExStart,单播报文发不出去,需要放行流量
[USG6000V1]security-policy 
[USG6000V1-policy-security]rule name permit_local_trust_ospf
[USG6000V1-policy-security-rule-permit_local_trust_ospf]source-zone local 
[USG6000V1-policy-security-rule-permit_local_trust_ospf]destination-zone trust 
[USG6000V1-policy-security-rule-permit_local_trust_ospf]action permit 
[USG6000V1-policy-security-rule-permit_local_trust_ospf]quit
[USG6000V1-policy-security]quit
[USG6000V1]display ospf peer brief      status处于Full


安全策略放行
[USG6000V1]ip route-static 0.0.0.0 0.0.0.0 202.1.10.2
[USG6000V1]ospf 1
[USG6000V1-ospf-1]default-route-advertise always 
[USG6000V1-ospf-1]quit

[USG6000V1]security-policy 
[USG6000V1-policy-security]rule name permit_trust_untrust
[USG6000V1-policy-security-rule-permit_trust_untrust]source-zone trust 
[USG6000V1-policy-security-rule-permit_trust_untrust]destination-zone untrust 
[USG6000V1-policy-security-rule-permit_trust_untrust]action permit 


配置nat
[USG6000V1]nat-policy 
[USG6000V1-policy-nat]rule name EASYIP
[USG6000V1-policy-nat-rule-EASYIP]source-zone trust 
[USG6000V1-policy-nat-rule-EASYIP]destination-zone untrust 
[USG6000V1-policy-nat-rule-EASYIP]action source-nat easy-ip

以上配置完成后,内外网还是不能互通,问题有待解决。。。

        

实验总结

完成效果

改进之处

1.防火墙配置存在问题,只能防火墙内部互联互通,外部与内部不能进行通信。


        

2.无线设备DHCP可能只能获取到DNS,不能获得IP

因为DHCP地址池没有排除被交换机占有的IP地址

排除IP地址:excluded-ip-address 192.168.10.10 192.168.10.254     

        

 3.边界路由器还未配置BGP

针对以上问题,后续有空会做进一步改进。。。

        

参考来源

中大型企业网实战课程_哔哩哔哩_bilibili

基于ensp的园区网络搭建综合实验

基于eNSP的千人中型校园/企业网络设计与规划

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mfbz.cn/a/687331.html

如若内容造成侵权/违法违规/事实不符,请联系我们进行投诉反馈qq邮箱809451989@qq.com,一经查实,立即删除!

相关文章

【C++历练之路】C++11中的列表初始化声明新方法深入标准模板库的变革

【C++历练之路】C++11中的列表初始化声明新方法深入标准模板库的变革

W...Y的主页 &#x1f60a; 代码仓库分享&#x1f495; 目录 1. C11简介 2. 统一的列表初始化 2.1 &#xff5b;&#xff5d;初始化 2.2 std::initializer_list 3. 声明 3.1 auto 3.2 decltype 4.STL中一些变化 1. C11简介 在2003年C标准委员会曾经提交了一份技术勘误…
阅读更多...
响应式流规范解析

响应式流规范解析

在互联网应用构建过程中&#xff0c;我们知道可以采用异步非阻塞的编程模型来提高服务的响应能力。而为了实现异步非阻塞&#xff0c;我们可以引入数据流&#xff0c;并对数据的流量进行控制。我们来考虑一个场景&#xff0c;如果数据消费的速度跟不上数据发出的速度&#xff0…
阅读更多...
腺苷调节合成高密度脂蛋白用于三阴性乳腺癌的化学免疫治疗

腺苷调节合成高密度脂蛋白用于三阴性乳腺癌的化学免疫治疗

引用信息 文 章&#xff1a;Adenosine-modulating synthetic high-density lipoprotein for chemoimmunotherapy of triple-negative breast cancer 期 刊&#xff1a;Journal of Controlled Release&#xff08;影响因子&#xff1a;10.8&#xff09; 发表时间&am…
阅读更多...
webgl_effects_stereo

webgl_effects_stereo

ThreeJS 官方案例学习&#xff08;webgl_effects_stereo&#xff09; 1.效果图 2.源码 <template><div><div id"container"></div></div> </template> <script> import * as THREE from three; // 导入控制器 import { …
阅读更多...
【乐吾乐2D可视化组态编辑器】实时数据,数据绑定

【乐吾乐2D可视化组态编辑器】实时数据,数据绑定

什么是绑定变量&#xff1f; 绑定变量是指把图元的一个属性与设备数据点关联的一个过程。【注意】只是建立一个数据模型的关联&#xff0c;数据源后面设置。 乐吾乐2D可视化组态编辑器地址&#xff1a;https://2d.le5le.com/ 为什么不直接设置数据源&#xff1f; 方便批量…
阅读更多...
AWS-生产级微服务部署架构分享

AWS-生产级微服务部署架构分享

使用AWS搭建云上应用 名词解释 AWS ECR&#xff1a;AWS ECR 容器存储库&#xff0c;按项目名创建容器仓库&#xff0c;一个项目对应一个仓库&#xff0c;目前是由Jenkins构建镜像远程push到AWS ECR。 **AWS ECS&#xff1a;Amazon Elastic Container Service (ECS) &#xf…
阅读更多...
物理安全防护如何创新强化信息安全体系?

物理安全防护如何创新强化信息安全体系?

物理安全防护是信息安全体系的重要组成部分&#xff0c;它通过保护实体设施、设备和介质等&#xff0c;防止未授权访问、破坏、盗窃等行为&#xff0c;从而为信息系统提供基础的安全保障。要创新强化信息安全体系中的物理安全防护&#xff0c;可以从以下几个方面着手&#xff1…
阅读更多...
AI查重与降重:科研人员的新型助手

AI查重与降重:科研人员的新型助手

论文写作低效&#xff1f;试试这四款AI论文工具和降重技术&#xff01;-笔灵 副本 在科研领域&#xff0c;AI写作工具如同新一代的科研利器&#xff0c;它们能够极大提高文献查阅、思路整理和表达优化的效率&#xff0c;本质上促进了科研工作的进步。AI写作工具不仅快速获取并…
阅读更多...
k8s AIOps

k8s AIOps

k8s AIOps 主要介绍下k8sgpt 官站 github 介绍 k8sgpt 是一个用于扫描Kubernetes集群、诊断和分级问题的工具。它以简单的英语呈现问题&#xff0c;并将站点可靠性工程&#xff08;SRE&#xff09;的经验编码到其分析器中。通过AI丰富问题的解释&#xff0c;k8sgpt帮助提取最…
阅读更多...
面试题react03

面试题react03

React事件机制&#xff1a; React的事件机制可以分为两个部分&#xff1a;事件的触发和事件的处理。事件的触发&#xff1a;在React中&#xff0c;事件可以通过用户与组件进行交互而触发&#xff0c;如点击、鼠标移动、键盘输入等。当用户与组件进行交互时&#xff0c;浏览器会…
阅读更多...
mysql 8 linux7,8安装教程

mysql 8 linux7,8安装教程

选择自己对应的linux版本 cat /etc/os-release //查看自己linux系统版本 1.mysql下载地址 MySQL :: Download MySQL Community Server (Archived Versions) 拉到下面找到 选择自己linux指定的版本&#xff0c;否则会很麻烦 cat /etc/os-release //查看系统版本 2.查…
阅读更多...
为什么给网站安装SSL证书之后还是有被提示不安全?

为什么给网站安装SSL证书之后还是有被提示不安全?

分为两种情况一种是安装了付费证书之后还是显示无效&#xff0c;另一种是安装了免费SSL证书的。 付费SSL证书&#xff1a;直接找厂商帮助解决遇到的问题&#xff0c;一般都是有专业的客服来对接这些的。 免费SSL证书&#xff1a;出现这种情况的原因会有很多。因为免费SSL证书的…
阅读更多...
代码随想录-二叉树 | 101对称二叉树

代码随想录-二叉树 | 101对称二叉树

代码随想录-二叉树 | 101对称二叉树 LeetCode 101-对称二叉树解题思路代码难点总结 LeetCode 101-对称二叉树 题目链接 代码随想录 题目描述 给你一个二叉树的根节点 root &#xff0c; 检查它是否轴对称。 解题思路 判断&#xff1a; 同时遍历并比较根节点的左、右子树。…
阅读更多...
服务器数据恢复—强制上线raid5阵列离线硬盘导致raid不可用的数据恢复案例

服务器数据恢复—强制上线raid5阵列离线硬盘导致raid不可用的数据恢复案例

服务器数据恢复环境&#xff1a; 某品牌2850服务器中有一组由6块SCSI硬盘组建的raid5磁盘阵列&#xff0c;linux操作系统ext3文件系统。 服务器故障&#xff1a; 服务器运行过程中突然瘫痪。服务器管理员检查阵列后发现raid5阵列中有两块硬盘离线&#xff0c;将其中一块硬盘进行…
阅读更多...
3、前端本地环境搭建

3、前端本地环境搭建

前端本地环境搭建 安装node [node下载地址] https://nodejs.org/en/download/prebuilt-installer 选择LTS的版本进行下载 下载后直接双击点击&#xff0c;选择自己想要安装到的目录一直点下一步即可&#xff08;建议不要安装到c盘&#xff09; 安装完成后配置环境变量&am…
阅读更多...
JSON 无法序列化

JSON 无法序列化

JSON 无法序列化通常出现在尝试将某些类型的数据转换为 JSON 字符串时&#xff0c;这些数据类型可能包含不可序列化的内容。 JSON 序列化器通常无法处理特定类型的数据&#xff0c;例如日期时间对象、自定义类实例等。在将数据转换为 JSON 字符串之前&#xff0c;确保所有数据都…
阅读更多...
PHP线上文具商城设计与实现-计算机毕业设计源码65198

PHP线上文具商城设计与实现-计算机毕业设计源码65198

摘 要 信息化社会内需要与之针对性的信息获取途径&#xff0c;但是途径的扩展基本上为人们所努力的方向&#xff0c;由于站在的角度存在偏差&#xff0c;人们经常能够获得不同类型信息&#xff0c;这也是技术最为难以攻克的课题。针对线上文具商城 等问题&#xff0c;对线上文具…
阅读更多...
Python 和 Java 实现云计算的最终年项目

Python 和 Java 实现云计算的最终年项目

1、问题背景 目前&#xff0c;我正在进行我的最终年项目&#xff0c;计划用 Python 编写一个云计算系统&#xff0c;而云客户端将由我的团队成员使用 Java 来编写。这个云客户端将具有一个带有标签的界面&#xff0c;并提供文本编辑器、媒体播放器、几个基于 Java 的小游戏以及…
阅读更多...
20240607给Toybrick的TB-RK3588开发板在Buildroot下适配瑞芯微7.86寸QXGATFT-LCD EDP屏幕1536x2048

20240607给Toybrick的TB-RK3588开发板在Buildroot下适配瑞芯微7.86寸QXGATFT-LCD EDP屏幕1536x2048

20240607给Toybrick的TB-RK3588开发板在Buildroot下适配瑞芯微7.86寸QXGATFT-LCD EDP屏幕1536x2048 2024/6/7 13:59 1、背光部分&#xff1a;&backlight { pwms <&pwm2 0 25000 0>; status "okay"; }; &pwm2 { status "okay&…
阅读更多...
5、搭建前端项目

5、搭建前端项目

5.1 使用vite vue搭建 win r 打开终端 切换到你想要搭建的盘 npm init vitelatest跟着以下步骤取名即可 cd fullStackBlognpm installnpm run dev默认在 http://localhost:5173/ 下启动了 5.2 用vscode打开项目并安装需要的插件 1、删除多余的 HelloWorld.vue 文件 2、安装…
阅读更多...
最新文章

Copyright @ 2022~2023

友情链接: 我的编程经验分享 一条长河网 尧图网站开发 尧图建网站