基于eNSP中大型校园/企业网络规划与设计_综合大作业

news2024/11/15 12:28:19

作者:BSXY_19计科_陈永跃
BSXY_信息学院
注:未经允许禁止转发任何内容

基于eNSP中大型校园/企业网络规划与设计_综合大作业

  • 前言及技术/资源下载说明( **未经允许禁止转发任何内容** )
    • 一、设计topo图与设计要求(简单列举18个)
    • 二、相应地址规划表
    • 三、单防火墙冗余网络规划设计(可不看)
    • 四、该网络规划全过程(**顺着一步一步走**)
      • 1、慧源楼Eth-trunk配置
      • 2、慧源/日新楼VLAN 划分
      • 3、慧源楼RSTP配置
      • 4、慧源楼VRRP配置
      • 5、慧源/日新楼OSPF配置
      • 6、慧源/日新楼DHCP中继
      • 7、明诚楼VLAN划分
      • 8、明诚楼MSTP配置
      • 9、明诚楼VRRP配置
      • 10、明诚楼RIP配置
      • 11、OSPF&路由引入
      • 12、明诚楼DHCP中继
      • 13、服务区vlan划分
      • 14、服务区VRRP配置
      • 15、服务区OSPF配置
      • 16、OSPF&FW1配置
      • 17、Vlink配置
      • 18、服务区DHCP中继
      • 19、ISP区ISIS配置
      • 20、FW1中NAT配置
      • 21、IPsec VPN
      • 22、分校区单臂路由&DHCP
      • 23、RIP&路由引入

前言及技术/资源下载说明( 未经允许禁止转发任何内容

有什么问题可以在评论区说明自己遇到的情况,博主看到会第一时间回复,希望其他人也可以回复别人的问题
可根据以下所提供的设计与实现步骤过程一步一步自行实现(每一条命令都是关键的命令);但是如果有需要的也可以根据以下地址进行下载完整的topo图和完整的配置进行参考与借鉴
,如若拿到topo图可多display查看配置,查看相应的命令,配套资源连接如下,相应的内容如下图所示

基于eNSP中大型校园/企业网络规划与设计_综合大作业topo和完整配置+一步步的所有配置命令(ensp)+一步步可以直接刷的记事本命令可快速配置重复的工作+可以拷贝的命令笔记+详细的地址规划表

由于挂载的是收费资源可能会动态的调价,可能会超出资源的物价,如果觉得高了可以V:ych520cyy 进行交流(49~66即可,不诚勿加可以去其他地方找找看验证消息为:网络规划) 交流的时候本人一般都在线的,有什么问题我会的都会竭尽全力的为您解答好吧,视频的话慢慢的过一久弄一下吧,相应的测试命令和截图等等,我都放在下图的可以拷贝的连接中吧到哪一步可以实现什么效果说明和到哪一步完成配置后应该用什么命令测试结果等等的都放在里面了吧,持续更新中…
在这里插入图片描述topo图也就是这样样子的,相应的地址规划和路由规划大部分都在图中明确的标注了在这里插入图片描述
该topo网络中用到的技术有vlan划分、eth-trunk捆绑、RSTP、MSTP、VRRP、OSPF、RIP、IS-IS、NAT(地址池、easyIP两种转换)、单臂路由、ACL、DHCP子接口分配、DHCP中继、Vlink、IPsec VPN、路由引入、默认路由、FW的安全策略规划、dns/web/ftp服务等。该实验非常适合于把相应的单个技术学完想把这些技术综合起来的小伙伴,且对于毕设课设的小伙伴可以进行参考,进行自己的规划与设计,最后对于软考网络工程师/网络规划设计的小伙伴来说个人建议是有必要抽个时间好好的做一下这个实验的,最后说明该topo规划最后的作者权归于:BSXY_信息学院_19计科_陈永跃
在这里插入图片描述

一、设计topo图与设计要求(简单列举18个)

拓扑图1:
在这里插入图片描述

设计要求:

  • 完成服务器、防火墙、路由器相应的接口地址的配置
  • 慧源楼配置Eth-Trunk链路捆绑来提高链路的冗余
  • 根据不同的地域划分多个不同的vlan,减小广播域大小,提高网络的可靠性和安全性
  • 在慧源楼配置RSTP+VRRP,避免网络的回环且快速收敛
  • 在明诚楼配置MSTP+VRRP,同时实现冗余,划分实例,让不同的vlan优先选择相应的交换机,并减少stp震荡
  • 明诚楼、慧源楼、服务区的所有用户通过配置相应的DHCP中继能自动获取地址,且DHCP服务器为AR2
  • 分校区用户也需要要自动获取地址,相应服务器为AR13,AR13配置相应的子接口为相应终端分配地址
  • 慧源楼主要配置OSPF让其相应路由器能学到相应的路由表
  • 明诚楼应用RIP协议和OSPF协议,并将RIP和OSPF路由进行双向引入,让其能与慧源楼互通
  • 服务区配置相应的ftp、dns、web服务器,如有PC接入也能自动获取地址,这里的PC用于测试相应的DHCP
  • FW1和LSW4分别配置Vlink,让area3和area0之间能互通,学到相应的路由信息
  • FW1/FW2都配置相应的安全策略,且在FW1上放行trust到dmz的流量
  • FW1/FW2都配置相应的默认路由指向我们的运行商ISP
  • FW1/FW2配置相应的NAT策略,使得内网、dmz可以访问外网(百度)
  • FW1/FW2配置相应的IPsec VPN让模拟主校区与模拟分校区之间互通,允许互通的网段为172.16.X.X/16
  • 外网模拟ISP使用使用IS-IS路由让其互通
  • 主校区/分校区用户可以通过域名(www.baidu.com)访问外网百度,主校区可以通过域名(www.xyw.com)访问内网web服务器
  • 我们主校区用户的dns服务器就用我们内部的dns服务器,分校区的dns服务器用ISP的dns服务器

二、相应地址规划表

在这里插入图片描述

三、单防火墙冗余网络规划设计(可不看)

插曲部分:基于eNSP加防火墙的千人中型校园/企业网络规划与设计 如下图所示(但是并不在该篇文章中做详细介绍和说明,如查看可点击连接自行查看阅读):
请添加图片描述
设计要求:
01、完成服务器、防火墙、路由器等接口地址的配置
02、配置Eth-Trunk 链路捆绑实现链路冗余
03、企业内部划分多个vlan,减小广播域大小,提高网络的可靠性
04、配置MSTP+VRRP实现流量负载分担,同时实现冗余,并配置相应的stp优化技术stp收敛,减少stp震荡
05、所有用户均为自动获取IP地址
06、配置相应的DHCP snooping隔绝非法DHCP server
07、配置OSPF和静态路由实现三层路由互通
08、防火墙配置安全策略,放行内网区域到dmz区的流量
09、防火墙配置NAT策略和安全策略,使得用户可以访问外网百度
10、防火墙配置服务器映射和安全策略,允许外网用户Client通过公网地址100.100.100.100访问web服务器
11、防火墙配置相应策略,允许外网用户Client通过公网http://100.100.100.100访问登录web服务器
12、用户能够通过域名(www.baidu.com)访问外网百度
13、内部财务服务器只允许vlan 50用户访问
14、LSW1-LSW12交换机都能被telnet(huawei 5555)
15、无线WLAN配置,且业务vlan 101 102也可以通过域名(www.baidu.com)访问外网百度

四、该网络规划全过程(顺着一步一步走

1、慧源楼Eth-trunk配置

	LSW1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW1
[LSW1]int eth-trunk 1
[LSW1-Eth-Trunk1]mode lacp-static
[LSW1-Eth-Trunk1]trunkport g0/0/4
[LSW1-Eth-Trunk1]trunkport g0/0/5
[LSW1-Eth-Trunk1]qui
[LSW1]
-------------------------------------------
	LSW2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW2
[LSW2]int eth-trunk 1
[LSW2-Eth-Trunk1]mode lacp-static
[LSW2-Eth-Trunk1]trunkport g0/0/4
[LSW2-Eth-Trunk1]trunkport g0/0/5
[LSW2-Eth-Trunk1]qui
[LSW2]

2、慧源/日新楼VLAN 划分

	LSW1:
[LSW1]vlan batch 10 11 111
[LSW1]int g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type access
[LSW1-GigabitEthernet0/0/1]port default vlan 111
[LSW1-GigabitEthernet0/0/1]int g0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type trunk
[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 to 11
[LSW1-GigabitEthernet0/0/2]int g0/0/3
[LSW1-GigabitEthernet0/0/3]port link-type trunk
[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 to 11
[LSW1-GigabitEthernet0/0/3]qui
[LSW1]int Eth-Trunk 1
[LSW1-Eth-Trunk1]port link-type trunk
[LSW1-Eth-Trunk1]port trunk allow-pass vlan 10 to 11
[LSW1-Eth-Trunk1]qui
[LSW2]
-------------------------------------------
    LSW2:
[LSW2]vlan batch 10 11 122
[LSW2]int g0/0/1
[LSW2-GigabitEthernet0/0/1]port link-type access
[LSW2-GigabitEthernet0/0/1]port default vlan 122
[LSW2-GigabitEthernet0/0/1]int g0/0/2
[LSW2-GigabitEthernet0/0/2]port link-type trunk
[LSW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 to 11
[LSW2-GigabitEthernet0/0/2]int g0/0/3
[LSW2-GigabitEthernet0/0/3]port link-type trunk
[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 to 11
[LSW2-GigabitEthernet0/0/3]qui
[LSW2]int Eth-Trunk 1
[LSW2-Eth-Trunk1]port link-type trunk
[LSW2-Eth-Trunk1]port trunk allow-pass vlan 10 to 11
[LSW2-Eth-Trunk1]qui
[LSW2]
-------------------------------------------
    LSW3:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW3
[LSW3]vlan batch 12 133
[LSW3]int g0/0/1
[LSW3-GigabitEthernet0/0/1]port link-type access
[LSW3-GigabitEthernet0/0/1]port default vlan 133
[LSW3-GigabitEthernet0/0/1]int g0/0/2
[LSW3-GigabitEthernet0/0/2]port link-type access
[LSW3-GigabitEthernet0/0/2]port default vlan 12
[LSW3-GigabitEthernet0/0/2]qui
[LSW3]
-------------------------------------------
    SW1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname SW1
[SW1]vlan 10
[SW1-vlan10]qui
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 11
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 11
[SW1-GigabitEthernet0/0/2]int e0/0/1
[SW1-Ethernet0/0/1]port link-type access
[SW1-Ethernet0/0/1]port default vlan 10
[SW1-Ethernet0/0/1]qui
[SW1]
-------------------------------------------
    SW2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname SW2
[SW2]vlan 11
[SW2-vlan11]qui
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 11
[SW2-GigabitEthernet0/0/1]int g0/0/2
[SW2-GigabitEthernet0/0/2]port link-type trunk
[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 11
[SW2-GigabitEthernet0/0/2]int e0/0/1
[SW2-Ethernet0/0/1]port link-type access
[SW2-Ethernet0/0/1]port default vlan 11
[SW2-Ethernet0/0/1]qui
[SW2]

3、慧源楼RSTP配置

	LSW1:
[LSW1]stp mode rstp
[LSW1]stp priority 0
[LSW1]
-------------------------------------------
    LSW2:
[LSW2]stp mode rstp
[LSW2]stp priority 4096
[LSW2]

4、慧源楼VRRP配置

	LSW1:
[LSW1]int vlan 10
[LSW1-Vlanif10]ip address 172.16.10.254 24
[LSW1-Vlanif10]vrrp vrid 10 virtual-ip 172.16.10.1
[LSW1-Vlanif10]int vlan 11
[LSW1-Vlanif11]ip address 172.16.11.254 24
[LSW1-Vlanif11]vrrp vrid 11 virtual-ip 172.16.11.1
[LSW1-Vlanif11]qui
[LSW1]
-------------------------------------------
    LSW2:
[LSW2]int vlan 10
[LSW2-Vlanif10]ip address 172.16.10.253 24
[LSW2-Vlanif10]vrrp vrid 10 virtual-ip 172.16.10.1
[LSW2-Vlanif10]int vlan 11
[LSW2-Vlanif11]ip address 172.16.11.253 24
[LSW2-Vlanif11]vrrp vrid 11 virtual-ip 172.16.11.1
[LSW2-Vlanif11]qui
[LSW2]

5、慧源/日新楼OSPF配置

	LSW1:
[LSW1]int vlan 111
[LSW1-Vlanif111]ip add 192.168.111.11 24
[LSW1-Vlanif111]qui
[LSW1]ospf router-id 1.1.1.11
[LSW1-ospf-1]area 0
[LSW1-ospf-1-area-0.0.0.0]network 172.16.10.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0]network 172.16.11.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0]network 192.168.111.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0]qui
[LSW1-ospf-1]qui
[LSW1]
-------------------------------------------
    LSW2:
[LSW2]int vlan 122
[LSW2-Vlanif122]ip add 192.168.122.12 24
[LSW2-Vlanif122]qui
[LSW2]ospf router-id 1.1.1.12
[LSW2-ospf-1]area 0
[LSW2-ospf-1-area-0.0.0.0]network 172.16.10.0 0.0.0.255
[LSW2-ospf-1-area-0.0.0.0]network 172.16.11.0 0.0.0.255
[LSW2-ospf-1-area-0.0.0.0]network 192.168.122.0 0.0.0.255
[LSW2-ospf-1-area-0.0.0.0]qui
[LSW2-ospf-1]qui
[LSW2]
-------------------------------------------
    LSW3:
[LSW3]int vlan 133
[LSW3-Vlanif133]ip add 192.168.133.13 24
[LSW3-Vlanif133]int vlan 12
[LSW3-Vlanif12]ip add 172.16.12.1 24
[LSW3-Vlanif12]qui
[LSW3]ospf router-id 1.1.1.13
[LSW3-ospf-1]area 0
[LSW3-ospf-1-area-0.0.0.0]network 172.16.12.0 0.0.0.255
[LSW3-ospf-1-area-0.0.0.0]network 192.168.133.0 0.0.0.255
[LSW3-ospf-1-area-0.0.0.0]qui
[LSW3-ospf-1]qui
[LSW3]
-------------------------------------------
    AR1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR1
[AR1]int g2/0/0
[AR1-GigabitEthernet2/0/0]ip add 192.168.111.1 24
[AR1-GigabitEthernet2/0/0]int g2/0/1
[AR1-GigabitEthernet2/0/1]ip add 192.168.122.1 24
[AR1-GigabitEthernet2/0/1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 192.168.14.1 24
[AR1-GigabitEthernet0/0/0]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip add 192.168.15.1 24
[AR1-GigabitEthernet0/0/1]int loo0
[AR1-LoopBack0]ip add 10.1.1.1 32
[AR1-LoopBack0]qui
[AR1]ospf router-id 1.1.1.1
[AR1-ospf-1]area 0
[AR1-ospf-1-area-0.0.0.0]net 192.168.14.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]net 192.168.15.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]net 192.168.122.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]net 192.168.111.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]qui
[AR1-ospf-1]qui
[AR1]
-------------------------------------------
    AR2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR2
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip add 192.168.14.2 24
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]ip add 192.168.16.2 24
[AR2-GigabitEthernet0/0/1]int loo0
[AR2-LoopBack0]ip add 10.1.1.2 32
[AR2-LoopBack0]qui
[AR2]ospf router-id 1.1.1.2
[AR2-ospf-1]area 0
[AR2-ospf-1-area-0.0.0.0]net 192.168.14.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]net 192.168.16.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]qui
[AR2-ospf-1]qui
[AR2]
-------------------------------------------
    AR3:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR3
[AR3]int g0/0/0
[AR3-GigabitEthernet0/0/0]ip add 192.168.17.3 24
[AR3-GigabitEthernet0/0/0]int g0/0/1
[AR3-GigabitEthernet0/0/1]ip add 192.168.16.3 24
[AR3-GigabitEthernet0/0/1]int loo0
[AR3-LoopBack0]ip add 10.1.1.3 32
[AR3-LoopBack0]qui
[AR3]ospf router-id 1.1.1.3
[AR3-ospf-1]area 0
[AR3-ospf-1-area-0.0.0.0]net 192.168.17.0 0.0.0.255
[AR3-ospf-1-area-0.0.0.0]net 192.168.16.0 0.0.0.255
[AR3-ospf-1-area-0.0.0.0]qui
[AR3-ospf-1]qui
[AR3]
-------------------------------------------
    AR4:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR4
[AR4]int g0/0/0
[AR4-GigabitEthernet0/0/0]ip add 192.168.133.4 24
[AR4-GigabitEthernet0/0/0]int g0/0/1
[AR4-GigabitEthernet0/0/1]ip add 192.168.15.4 24
[AR4-GigabitEthernet0/0/1]int g2/0/0
[AR4-GigabitEthernet2/0/0]ip add 192.168.18.4 24
[AR4-GigabitEthernet2/0/0]int loo0
[AR4-LoopBack0]ip add 10.1.1.4 32
[AR4-LoopBack0]qui
[AR4]ospf router-id 1.1.1.4
[AR4-ospf-1]area 0
[AR4-ospf-1-area-0.0.0.0]net 192.168.18.0 0.0.0.255
[AR4-ospf-1-area-0.0.0.0]net 192.168.15.0 0.0.0.255
[AR4-ospf-1-area-0.0.0.0]net 192.168.133.0 0.0.0.255
[AR4-ospf-1-area-0.0.0.0]qui
[AR4-ospf-1]qui
[AR4]
-------------------------------------------
    AR5:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR5
[AR5]int g0/0/0
[AR5-GigabitEthernet0/0/0]ip add 192.168.19.5 24
[AR5-GigabitEthernet0/0/0]int g0/0/1
[AR5-GigabitEthernet0/0/1]ip add 192.168.17.5 24
[AR5-GigabitEthernet0/0/1]int g2/0/0
[AR5-GigabitEthernet2/0/0]ip add 192.168.18.5 24
[AR5-GigabitEthernet2/0/0]int loo0
[AR5-LoopBack0]ip add 10.1.1.5 32
[AR5-LoopBack0]qui
[AR5]ospf router-id 1.1.1.5
[AR5-ospf-1]area 0
[AR5-ospf-1-area-0.0.0.0]net 192.168.19.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]net 192.168.17.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]net 192.168.18.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]qui
[AR5-ospf-1]qui
[AR5]

6、慧源/日新楼DHCP中继

	LSW1:
[LSW1]dhcp enable
[LSW1]int vlan 10
[LSW1-Vlanif10]dhcp select relay
[LSW1-Vlanif10]dhcp relay server-ip 192.168.14.2
[LSW1-Vlanif10]dhcp relay server-ip 192.168.16.2
[LSW1-Vlanif10]int vlan 11
[LSW1-Vlanif11]dhcp select relay
[LSW1-Vlanif11]dhcp relay server-ip 192.168.14.2
[LSW1-Vlanif11]dhcp relay server-ip 192.168.16.2
[LSW1-Vlanif11]qui
[LSW1]
-------------------------------------------
    LSW2:
[LSW2]dhcp enable
[LSW2]int vlan 10
[LSW2-Vlanif10]dhcp select relay
[LSW2-Vlanif10]dhcp relay server-ip 192.168.14.2
[LSW2-Vlanif10]dhcp relay server-ip 192.168.16.2
[LSW2-Vlanif10]int vlan 11
[LSW2-Vlanif11]dhcp select relay
[LSW2-Vlanif11]dhcp relay server-ip 192.168.14.2
[LSW2-Vlanif11]dhcp relay server-ip 192.168.16.2
[LSW2-Vlanif11]qui
[LSW2]
-------------------------------------------
    LSW3:
[LSW3]dhcp enable
[LSW3]int vlan 12
[LSW3-Vlanif12]dhcp select relay
[LSW3-Vlanif12]dhcp relay server-ip 192.168.14.2
[LSW3-Vlanif12]dhcp relay server-ip 192.168.16.2
[LSW3-Vlanif12]
-------------------------------------------
    AR2:
[AR2]dhcp enable
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]dhcp select global
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]dhcp select global
[AR2-GigabitEthernet0/0/1]qui
[AR2]ip pool vlan10
[AR2-ip-pool-vlan10]network 172.16.10.0 mask 24
[AR2-ip-pool-vlan10]gateway-list 172.16.10.1
[AR2-ip-pool-vlan10]excluded-ip-address 172.16.10.250 172.16.10.254
[AR2-ip-pool-vlan10]dns-list 172.16.50.3 8.8.8.8 
[AR2-ip-pool-vlan10]lease unlimited
[AR2-ip-pool-vlan10]qui
[AR2]ip pool vlan11
[AR2-ip-pool-vlan11]network 172.16.11.0 mask 24
[AR2-ip-pool-vlan11]gateway-list 172.16.11.1
[AR2-ip-pool-vlan11]excluded-ip-address 172.16.11.250 172.16.11.254
[AR2-ip-pool-vlan11]dns-list 172.16.50.3 8.8.8.8 
[AR2-ip-pool-vlan11]lease unlimited
[AR2-ip-pool-vlan11]qui
[AR2]ip pool vlan12
[AR2-ip-pool-vlan12]gateway-list 172.16.12.1 
[AR2-ip-pool-vlan12]network 172.16.12.0 mask 255.255.255.0
[AR2-ip-pool-vlan12]excluded-ip-address 172.16.12.250 172.16.12.254
[AR2-ip-pool-vlan12]dns-list 172.16.50.3 8.8.8.8
[AR2-ip-pool-vlan12]lease unlimited
[AR2-ip-pool-vlan12]qui
[AR2]ip pool vlan13
[AR2-ip-pool-vlan13]gateway-list 172.16.13.1 
[AR2-ip-pool-vlan13]network 172.16.13.0 mask 255.255.255.0 
[AR2-ip-pool-vlan13]excluded-ip-address 172.16.13.250 172.16.13.254
[AR2-ip-pool-vlan13]dns-list 172.16.50.3 8.8.8.8
[AR2-ip-pool-vlan13]lease unlimited
[AR2-ip-pool-vlan13]qui
[AR2]ip pool vlan14
[AR2-ip-pool-vlan14]gateway-list 172.16.14.1 
[AR2-ip-pool-vlan14]network 172.16.14.0 mask 255.255.255.0
[AR2-ip-pool-vlan14]excluded-ip-address 172.16.14.250 172.16.14.254
[AR2-ip-pool-vlan14]dns-list 172.16.50.3 8.8.8.8
[AR2-ip-pool-vlan14]lease unlimited
[AR2-ip-pool-vlan14]qui
[AR2]ip pool vlan50
[AR2-ip-pool-vlan50]gateway-list 172.16.50.1 
[AR2-ip-pool-vlan50]network 172.16.50.0 mask 255.255.255.0
[AR2-ip-pool-vlan50]excluded-ip-address 172.16.50.250 172.16.50.254
[AR2-ip-pool-vlan50]dns-list 172.16.50.3 8.8.8.8
[AR2-ip-pool-vlan50]lease unlimited
[AR2-ip-pool-vlan50]qui
[AR2]

7、明诚楼VLAN划分

	LSW5-1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW5-1
[LSW5-1]vlan batch 13 14 110
[LSW5-1]int g0/0/1
[LSW5-1-GigabitEthernet0/0/1]port link-type access
[LSW5-1-GigabitEthernet0/0/1]port default vlan 110
[LSW5-1-GigabitEthernet0/0/1]int g0/0/2
[LSW5-1-GigabitEthernet0/0/2]port link-type trunk
[LSW5-1-GigabitEthernet0/0/2]port trunk allow-pass vlan 13 14
[LSW5-1-GigabitEthernet0/0/2]int g0/0/3
[LSW5-1-GigabitEthernet0/0/3]port link-type trunk
[LSW5-1-GigabitEthernet0/0/3]port trunk allow-pass vlan 13 14
[LSW5-1-GigabitEthernet0/0/3]qui
[LSW5-1]
-------------------------------------------
    LSW5-2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW5-2
[LSW5-2]vlan batch 13 14 109
[LSW5-2]int g0/0/1
[LSW5-2-GigabitEthernet0/0/1]port link-type access
[LSW5-2-GigabitEthernet0/0/1]port default vlan 109
[LSW5-2-GigabitEthernet0/0/1]int g0/0/2
[LSW5-2-GigabitEthernet0/0/2]port link-type trunk
[LSW5-2-GigabitEthernet0/0/2]port trunk allow-pass vlan 13 14
[LSW5-2-GigabitEthernet0/0/2]int g0/0/3
[LSW5-2-GigabitEthernet0/0/3]port link-type trunk
[LSW5-2-GigabitEthernet0/0/3]port trunk allow-pass vlan 13 14
[LSW5-2-GigabitEthernet0/0/3]qui
[LSW5-2]
-------------------------------------------
    LSW5:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW5
[LSW5]vlan batch 13 14
[LSW5]int e0/0/1
[LSW5-Ethernet0/0/1]port link-type access
[LSW5-Ethernet0/0/1]port default vlan 13
[LSW5-Ethernet0/0/1]int e0/0/2
[LSW5-Ethernet0/0/2]port link-type access
[LSW5-Ethernet0/0/2]port default vlan 14
[LSW5-Ethernet0/0/2]int g0/0/1
[LSW5-GigabitEthernet0/0/1]port link-type trunk
[LSW5-GigabitEthernet0/0/1]port trunk allow-pass vlan 13 14
[LSW5-GigabitEthernet0/0/1]int g0/0/2
[LSW5-GigabitEthernet0/0/2]port link-type trunk
[LSW5-GigabitEthernet0/0/2]port trunk allow-pass vlan 13 14
[LSW5-GigabitEthernet0/0/2]qui
[LSW5]

8、明诚楼MSTP配置

	LSW5-1:
[LSW5-1]stp region-configuration
[LSW5-1-mst-region]region-name mstp_name
[LSW5-1-mst-region]revision-level 1
[LSW5-1-mst-region]instance 13 vlan 13
[LSW5-1-mst-region]instance 14 vlan 14
[LSW5-1-mst-region]active region-configuration
[LSW5-1-mst-region]qui
[LSW5-1]stp instance 13 root primary
[LSW5-1]stp instance 14 root secondary
[LSW5-1]
-------------------------------------------
    LSW5-2:
[LSW5-2]stp region-configuration
[LSW5-2-mst-region]region-name mstp_name
[LSW5-2-mst-region]revision-level 1
[LSW5-2-mst-region]instance 13 vlan 13
[LSW5-2-mst-region]instance 14 vlan 14
[LSW5-2-mst-region]active region-configuration
[LSW5-2-mst-region]qui
[LSW5-2]stp instance 14 root  primary
[LSW5-2]stp instance 13 root secondary
[LSW5-2]
-------------------------------------------
    LSW5:
[LSW5]stp region-configuration
[LSW5-mst-region]region-name mstp_name
[LSW5-mst-region]revision-level 1
[LSW5-mst-region]instance 13 vlan 13
[LSW5-mst-region]instance 14 vlan 14
[LSW5-mst-region]active region-configuration
[LSW5-mst-region]qui
[LSW5]

9、明诚楼VRRP配置

	LSW5-1:
[LSW5-1]int vlan 13
[LSW5-1-Vlanif13]ip address 172.16.13.254 24
[LSW5-1-Vlanif13]vrrp vrid 13 virtual-ip 172.16.13.1
[LSW5-1-Vlanif13]vrrp vrid 13 priority 105
[LSW5-1-Vlanif13]int vlan 14
[LSW5-1-Vlanif14]ip address 172.16.14.254 24
[LSW5-1-Vlanif14]vrrp vrid 14 virtual-ip 172.16.14.1
[LSW5-1-Vlanif14]qui
[LSW5-1]
-------------------------------------------
    LSW5-2:
[LSW5-2]int vlan 13
[LSW5-2-Vlanif13]ip address 172.16.13.253 24
[LSW5-2-Vlanif13]vrrp vrid 13 virtual-ip 172.16.13.1
[LSW5-2-Vlanif13]int vlan 14
[LSW5-2-Vlanif14]ip address 172.16.14.253 24
[LSW5-2-Vlanif14]vrrp vrid 14 virtual-ip 172.16.14.1
[LSW5-2-Vlanif14]vrrp vrid 14 priority 105
[LSW5-2-Vlanif14]qui
[LSW5-2]

10、明诚楼RIP配置

	LSW5-1:
[LSW5-1]int vlan 110
[LSW5-1-Vlanif110]ip add 192.168.110.1 24
[LSW5-1-Vlanif110]qui
[LSW5-1]rip 1
[LSW5-1-rip-1]version 2
[LSW5-1-rip-1]network 192.168.110.0
[LSW5-1-rip-1]network 172.16.0.0
[LSW5-1-rip-1]qui
[LSW5-1]
-------------------------------------------
    LSW5-2:
[LSW5-2]int vlan 109
[LSW5-2-Vlanif109]ip add 192.168.109.1 24
[LSW5-2-Vlanif109]qui
[LSW5-2]rip 1
[LSW5-2-rip-1]version 2
[LSW5-2-rip-1]network 192.168.109.0
[LSW5-2-rip-1]network 172.16.0.0
[LSW5-2-rip-1]qui
[LSW5-2]
-------------------------------------------
    AR6:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR6
[AR6]int g0/0/0
[AR6-GigabitEthernet0/0/0]ip add 192.168.100.6 24
[AR6-GigabitEthernet0/0/0]int g2/0/1
[AR6-GigabitEthernet2/0/1]ip add 192.168.110.6 24
[AR6-GigabitEthernet2/0/1]int g2/0/2
[AR6-GigabitEthernet2/0/2]ip add 192.168.109.6 24
[AR6-GigabitEthernet2/0/2]int loo0
[AR6-LoopBack0]ip add 10.1.1.6 32
[AR6-LoopBack0]qui
[AR6]rip
[AR6-rip-1]version 2
[AR6-rip-1]net 192.168.110.0
[AR6-rip-1]net 192.168.109.0
[AR6-rip-1]qui
[AR6]

11、OSPF&路由引入

	AR6:
[AR6]ospf router-id 1.1.1.6
[AR6-ospf-1]area 0.0.0.1
[AR6-ospf-1-area-0.0.0.1]network 192.168.100.0 0.0.0.255
[AR6-ospf-1-area-0.0.0.1]qui
[AR6-ospf-1]import-route rip 1
[AR6-ospf-1]qui
[AR6]rip
[AR6-rip-1]import-route ospf
[AR6-rip-1]qui
[AR6]
-------------------------------------------
    LSW4:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW4
[LSW4]vlan batch 100 19 120
[LSW4]int g0/0/1
[LSW4-GigabitEthernet0/0/1]port link-type access
[LSW4-GigabitEthernet0/0/1]port default vlan 120
[LSW4-GigabitEthernet0/0/1]int g0/0/2
[LSW4-GigabitEthernet0/0/2]port link-type access
[LSW4-GigabitEthernet0/0/2]port default vlan 100
[LSW4-GigabitEthernet0/0/2]int g0/0/3
[LSW4-GigabitEthernet0/0/3]port link-type access
[LSW4-GigabitEthernet0/0/3]port default vlan 19
[LSW4-GigabitEthernet0/0/3]qui
[LSW4]int vlan 120
[LSW4-Vlanif120]ip add 192.168.120.4 24
[LSW4-Vlanif120]int vlan 100
[LSW4-Vlanif100]ip add 192.168.100.4 24
[LSW4-Vlanif100]int vlan 19
[LSW4-Vlanif19]ip add 192.168.19.4 24
[LSW4-Vlanif19]qui
[LSW4]ospf router-id 1.1.1.14
[LSW4-ospf-1]area 0
[LSW4-ospf-1-area-0.0.0.0]net 192.168.19.0 0.0.0.255
[LSW4-ospf-1-area-0.0.0.0]qui
[LSW4-ospf-1]area 1
[LSW4-ospf-1-area-0.0.0.1]net 192.168.100.0 0.0.0.255
[LSW4-ospf-1-area-0.0.0.1]qui
[LSW4-ospf-1]area 2
[LSW4-ospf-1-area-0.0.0.2]net 192.168.120.0 0.0.0.255
[LSW4-ospf-1-area-0.0.0.2]qui
[LSW4-ospf-1]qui
[LSW4]

12、明诚楼DHCP中继

	LSW5-1:
[LSW5-1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LSW5-1]int vlan 13
[LSW5-1-Vlanif13]dhcp select relay
[LSW5-1-Vlanif13]dhcp relay server-ip 192.168.14.2
[LSW5-1-Vlanif13]dhcp relay server-ip 192.168.16.2
[LSW5-1-Vlanif13]int vlan 14
[LSW5-1-Vlanif14]dhcp select relay
[LSW5-1-Vlanif14]dhcp relay server-ip 192.168.14.2
[LSW5-1-Vlanif14]dhcp relay server-ip 192.168.16.2
[LSW5-1-Vlanif14]qui
[LSW5-1]
-------------------------------------------
    LSW5-2:
[LSW5-2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LSW5-2]int vlan 13
[LSW5-2-Vlanif13]dhcp select relay
[LSW5-2-Vlanif13]dhcp relay server-ip 192.168.14.2
[LSW5-2-Vlanif13]dhcp relay server-ip 192.168.16.2
[LSW5-2-Vlanif13]int vlan 14
[LSW5-2-Vlanif14]dhcp select relay
[LSW5-2-Vlanif14]dhcp relay server-ip 192.168.14.2
[LSW5-2-Vlanif14]dhcp relay server-ip 192.168.16.2
[LSW5-2-Vlanif14]qui
[LSW5-2]

13、服务区vlan划分

	SW3:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname SW3
[SW3]vlan 50
[SW3-vlan50]qui
[SW3]int e0/0/1
[SW3-Ethernet0/0/1]port link-type access
[SW3-Ethernet0/0/1]port default vlan 50
[SW3-Ethernet0/0/1]int e0/0/2
[SW3-Ethernet0/0/2]port link-type access
[SW3-Ethernet0/0/2]port default vlan 50
[SW3-Ethernet0/0/2]int e0/0/3
[SW3-Ethernet0/0/3]port link-type access
[SW3-Ethernet0/0/3]port default vlan 50
[SW3-Ethernet0/0/3]int g0/0/1
[SW3-GigabitEthernet0/0/1]port link-type trunk
[SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 50
[SW3-GigabitEthernet0/0/1]int g0/0/2
[SW3-GigabitEthernet0/0/2]port link-type trunk
[SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 50
[SW3-GigabitEthernet0/0/2]qui
[SW3]
-------------------------------------------
    LSW6-1:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW6-1
[LSW6-1]vlan batch 50 128
[LSW6-1]int g0/0/1
[LSW6-1-GigabitEthernet0/0/1]port link-type access
[LSW6-1-GigabitEthernet0/0/1]port default vlan 128
[LSW6-1-GigabitEthernet0/0/1]int g0/0/2
[LSW6-1-GigabitEthernet0/0/2]port link-type trunk
[LSW6-1-GigabitEthernet0/0/2]port trunk allow-pass vlan 50
[LSW6-1-GigabitEthernet0/0/2]qui
[LSW6-1]
-------------------------------------------
    LSW6-2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW6-2
[LSW6-2]vlan batch 50 129
[LSW6-2]int g0/0/1
[LSW6-2-GigabitEthernet0/0/1]port link-type access
[LSW6-2-GigabitEthernet0/0/1]port default vlan 129
[LSW6-2-GigabitEthernet0/0/1]int g0/0/2
[LSW6-2-GigabitEthernet0/0/2]port link-type trunk
[LSW6-2-GigabitEthernet0/0/2]port trunk allow-pass vlan 50
[LSW6-2-GigabitEthernet0/0/2]qui
[LSW6-2]

14、服务区VRRP配置

	LSW6-1:
[LSW6-1]int vlan 50
[LSW6-1-Vlanif50]ip add 172.16.50.254 24
[LSW6-1-Vlanif50]vrrp vrid 50 virtual-ip 172.16.50.1
[LSW6-1-Vlanif50]vrrp vrid 50 priority 105
[LSW6-1-Vlanif50]qui
[LSW6-1]
-------------------------------------------
    LSW6-2:
[LSW6-2]int vlan 50
[LSW6-2-Vlanif50]ip add 172.16.50.253 24
[LSW6-2-Vlanif50]vrrp vrid 50 virtual-ip 172.16.50.1
[LSW6-2-Vlanif50]vrrp vrid 50 priority 105
[LSW6-2-Vlanif50]qui
[LSW6-2]

15、服务区OSPF配置

	LSW6-1:
[LSW6-1]int vlan 128
[LSW6-1-Vlanif128]ip add 192.168.128.1 24
[LSW6-1-Vlanif128]qui
[LSW6-1]ospf router-id 1.1.1.16
[LSW6-1-ospf-1]area 3
[LSW6-1-ospf-1-area-0.0.0.3]network 172.16.50.0 0.0.0.255
[LSW6-1-ospf-1-area-0.0.0.3]network 192.168.128.0 0.0.0.255
[LSW6-1-ospf-1-area-0.0.0.3]qui
[LSW6-1-ospf-1]qui
[LSW6-1]
-------------------------------------------
    LSW6-2:
[LSW6-2]int vlan 129
[LSW6-2-Vlanif129]ip add 192.168.129.1 24
[LSW6-2-Vlanif129]qui
[LSW6-2]ospf router-id 1.1.1.17
[LSW6-2-ospf-1]area 3
[LSW6-2-ospf-1-area-0.0.0.3]network 172.16.50.0 0.0.0.255
[LSW6-2-ospf-1-area-0.0.0.3]network 192.168.129.0 0.0.0.255
[LSW6-2-ospf-1-area-0.0.0.3]qui
[LSW6-2-ospf-1]qui
[LSW6-2]
-------------------------------------------
    AR9:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR9
[AR9]int g0/0/1
[AR9-GigabitEthernet0/0/1]ip add 192.168.140.9 24
[AR9-GigabitEthernet0/0/1]int g0/0/2
[AR9-GigabitEthernet0/0/2]ip add 192.168.128.9 24
[AR9-GigabitEthernet0/0/2]int g4/0/0
[AR9-GigabitEthernet4/0/0]ip add 192.168.129.9 24
[AR9-GigabitEthernet4/0/0]qui
[AR9]ospf router-id 1.1.1.9
[AR9-ospf-1]area 3
[AR9-ospf-1-area-0.0.0.3]net 192.168.128.0 0.0.0.255
[AR9-ospf-1-area-0.0.0.3]net 192.168.129.0 0.0.0.255
[AR9-ospf-1-area-0.0.0.3]net 192.168.140.0 0.0.0.255
[AR9-ospf-1-area-0.0.0.3]qui
[AR9-ospf-1]qui
[AR9]

16、OSPF&FW1配置

这一部分要不我就先不放在文章中,配置
的设备只有AR7FW1这里呢配置的技术呢
是这样的,AR7只用完成相应的OSPF配置,
而我们的FW1需要配置接口地址,划分我
们的区域,trust/dmz/untrust,然后我们
配置相应的ospf且在OSPF中发布默认路由,
最后配置我们的安全策略即可相应的安全策
略需要我们的内网通dm和外网,DMZ区域能够
通外网,防火墙可以通往任何区域,dmz区域
对外开放相应的服务端口。

这一部分在文章中要不省了吧,在可以拷贝的
命令笔记和相应的记事本版本的命令没有省,都
一条条的有的全的

在这里插入图片描述

17、Vlink配置

	FW1:
[FW1]ospf
[FW1-ospf-1]area 2
[FW1-ospf-1-area-0.0.0.2]vlink-peer 1.1.1.14
[FW1-ospf-1-area-0.0.0.2]qui
[FW1-ospf-1]qui
[FW1]
-------------------------------------------
    LSW4:
[LSW4]ospf
[LSW4-ospf-1]area 2
[LSW4-ospf-1-area-0.0.0.2]vlink-peer 1.1.1.18
[LSW4-ospf-1-area-0.0.0.2]qui
[LSW4-ospf-1]qui
[LSW4]

18、服务区DHCP中继

	LSW6-1:
[LSW6-1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LSW6-1]int vlan 50
[LSW6-1-Vlanif50]dhcp select relay
[LSW6-1-Vlanif50]dhcp relay server-ip 192.168.14.2
[LSW6-1-Vlanif50]dhcp relay server-ip 192.168.16.2
[LSW6-1-Vlanif50]qui
[LSW6-1]
-------------------------------------------
    LSW6-2:
[LSW6-2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LSW6-2]int vlan 50
[LSW6-2-Vlanif50]dhcp select relay
[LSW6-2-Vlanif50]dhcp relay server-ip 192.168.14.2
[LSW6-2-Vlanif50]dhcp relay server-ip 192.168.16.2
[LSW6-2-Vlanif50]qui
[LSW6-2]

19、ISP区ISIS配置

	AR10:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR10
[AR10]isis
[AR10-isis-1]net 49.0000.0000.0010.00
[AR10-isis-1]is-level level-2
[AR10-isis-1]cost-style wide
[AR10-isis-1]qui
[AR10]int g0/0/1
[AR10-GigabitEthernet0/0/1]ip add 20.1.1.10 24
[AR10-GigabitEthernet0/0/1]isis enable
[AR10-GigabitEthernet0/0/1]int g0/0/0
[AR10-GigabitEthernet0/0/0]ip add 30.1.1.10 24
[AR10-GigabitEthernet0/0/0]isis enable
[AR10-GigabitEthernet0/0/0]int g0/0/2
[AR10-GigabitEthernet0/0/2]ip add 40.1.1.10 24
[AR10-GigabitEthernet0/0/2]isis enable
[AR10-GigabitEthernet0/0/2]qui
[AR10]
-------------------------------------------
    AR11:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR11
[AR11]isis
[AR11-isis-1]net 49.0000.0000.0011.00
[AR11-isis-1]is-level level-2
[AR11-isis-1]cost-style wide
[AR11-isis-1]qui
[AR11]int g0/0/1
[AR11-GigabitEthernet0/0/1]ip add 50.1.1.11 24
[AR11-GigabitEthernet0/0/1]isis enable
[AR11-GigabitEthernet0/0/1]int g0/0/0
[AR11-GigabitEthernet0/0/0]ip add 30.1.1.11 24
[AR11-GigabitEthernet0/0/0]isis enable
[AR11-GigabitEthernet0/0/0]qui
[AR11]
-------------------------------------------
    AR12:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR12
[AR12]isis
[AR12-isis-1]net 49.0000.0000.0012.00
[AR12-isis-1]is-level level-2
[AR12-isis-1]cost-style wide
[AR12-isis-1]qui
[AR12]int g0/0/0
[AR12-GigabitEthernet0/0/0]ip add 40.1.1.12 24
[AR12-GigabitEthernet0/0/0]isis enable
[AR12-GigabitEthernet0/0/0]int g0/0/1
[AR12-GigabitEthernet0/0/1]ip add 20.1.5.12 24
[AR12-GigabitEthernet0/0/1]isis enable
[AR12-GigabitEthernet0/0/1]int g2/0/0
[AR12-GigabitEthernet2/0/0]ip add 20.1.6.12 24
[AR12-GigabitEthernet2/0/0]isis enable
[AR12-GigabitEthernet2/0/0]
[AR12-GigabitEthernet2/0/0]qui
[AR12]

20、FW1中NAT配置

	FW1:
[FW1]nat address-group nat_pool 0
[FW1-address-group-nat_pool]section 0 20.1.1.5 20.1.1.9
[FW1-address-group-nat_pool]qui
[FW1]nat-policy
[FW1-policy-nat]rule name nat_sys
[FW1-policy-nat-rule-nat_sys]source-zone trust
[FW1-policy-nat-rule-nat_sys]source-zone dmz
[FW1-policy-nat-rule-nat_sys]destination-zone untrust
[FW1-policy-nat-rule-nat_sys]action source-nat address-group nat_pool
[FW1-policy-nat-rule-nat_sys]qui
[FW1-policy-nat]qui
[FW1]

21、IPsec VPN

	FW1:
[FW1]ike proposal 10
[FW1-ike-proposal-10]authentication-method pre-share
[FW1-ike-proposal-10]dh group2
Warning: The security level of group1/group2/group5 is low.
[FW1-ike-proposal-10]encryption-algorithm 3des
 Warning: The security level of des/3des is low. 
[FW1-ike-proposal-10]authentication-algorithm sha1
Warning: The security level of md5/sha1 is low.
[FW1-ike-proposal-10]qui
[FW1]ike peer FW2
[FW1-ike-peer-FW2]pre-shared-key huawei
[FW1-ike-peer-FW2]remote-address 50.1.1.2
[FW1-ike-peer-FW2]ike-proposal 10
[FW1-ike-peer-FW2]qui
[FW1]acl 3000
[FW1-acl-adv-3000]rule 5 permit ip source 172.16.0.0 0.0.255.255 destination 172.16.0.0 0.0.255.255
[FW1-acl-adv-3000]qui
[FW1]ipsec proposal XNS
[FW1-ipsec-proposal-XNS]encapsulation-mode tunnel
[FW1-ipsec-proposal-XNS]esp encryption-algorithm 3des
Warning: The security level of des/3des this algorithm is low.
[FW1-ipsec-proposal-XNS]esp authentication-algorithm sha1
Warning: The security level of md5/sha1 is low.
[FW1-ipsec-proposal-XNS]qui
[FW1]ipsec policy XNS_MAP 10 isakmp
[FW1-ipsec-policy-isakmp-XNS_MAP-10]security acl 3000
[FW1-ipsec-policy-isakmp-XNS_MAP-10]proposal XNS
[FW1-ipsec-policy-isakmp-XNS_MAP-10]ike-peer FW2
[FW1-ipsec-policy-isakmp-XNS_MAP-10]qui
[FW1]int g1/0/2
[FW1-GigabitEthernet1/0/2]ipsec policy XNS_MAP
[FW1-GigabitEthernet1/0/2]qui
[FW1]security-policy 
[FW1-policy-security]rule name out_to_local
[FW1-policy-security-rule-out_to_local]source-zone untrust
[FW1-policy-security-rule-out_to_local]destination-zone local
[FW1-policy-security-rule-out_to_local]service protocol 50
[FW1-policy-security-rule-out_to_local]service protocol udp destination-port 500
[FW1-policy-security-rule-out_to_local]action permit
[FW1-policy-security-rule-out_to_local]qui
[FW1-policy-security]rule name out_to_in
[FW1-policy-security-rule-out_to_in]source-zone untrust
[FW1-policy-security-rule-out_to_in]destination-zone trust
[FW1-policy-security-rule-out_to_in]source-address 172.16.0.0 mask 255.255.0.0
[FW1-policy-security-rule-out_to_in]destination-address 172.16.0.0 mask 255.255.0.0
[FW1-policy-security-rule-out_to_in]action permit
[FW1-policy-security-rule-out_to_in]qui
[FW1-policy-security]qui
[FW1]nat-policy
[FW1-policy-nat]rule name nat_pass
[FW1-policy-nat-rule-nat_pass]source-zone trust
[FW1-policy-nat-rule-nat_pass]destination-zone untrust
[FW1-policy-nat-rule-nat_pass]source-address 172.16.0.0 16
[FW1-policy-nat-rule-nat_pass]destination-address 172.16.0.0 16
[FW1-policy-nat-rule-nat_pass]action no-nat
[FW1-policy-nat-rule-nat_pass]qui
[FW1-policy-nat]rule move nat_pass up
[FW1-policy-nat]qui
[FW1]
-------------------------------------------
    FW2:
<USG6000V1>sys
[USG6000V1]un in en
[USG6000V1]sysname FW2
[FW2]int g1/0/0
[FW2-GigabitEthernet1/0/0]ip add 50.1.1.2 24
[FW2-GigabitEthernet1/0/0]service-manage all permit
[FW2-GigabitEthernet1/0/0]int g1/0/1
[FW2-GigabitEthernet1/0/1]ip add 192.168.150.2 24
[FW2-GigabitEthernet1/0/1]service-manage all permit
[FW2-GigabitEthernet1/0/1]qui
[FW2]firewall zone untrust
[FW2-zone-untrust]add int g1/0/0
[FW2-zone-untrust]qui
[FW2]firewall zone trust
[FW2-zone-trust]add int g1/0/1
[FW2-zone-trust]qui
[FW2]ip route-static 0.0.0.0 0 50.1.1.11
[FW2]ike proposal 10
[FW2-ike-proposal-10]authentication-method pre-share
[FW2-ike-proposal-10]dh group2
Warning: The security level of group1/group2/group5 is low.
[FW2-ike-proposal-10]encryption-algorithm 3des
 Warning: The security level of des/3des is low. 
[FW2-ike-proposal-10]authentication-algorithm sha1
Warning: The security level of md5/sha1 is low.
[FW2-ike-proposal-10]qui
[FW2]ike peer FW1
[FW2-ike-peer-FW1]pre-shared-key huawei
[FW2-ike-peer-FW1]remote-address 20.1.1.1
[FW2-ike-peer-FW1]ike-proposal 10
[FW2-ike-peer-FW1]qui
[FW2]acl 3000
[FW2-acl-adv-3000]rule 5 permit ip source 172.16.0.0 0.0.255.255 destination 172.16.0.0 0.0.255.255
[FW2-acl-adv-3000]qui
[FW2]ipsec proposal XNS
[FW2-ipsec-proposal-XNS]encapsulation-mode tunnel
[FW2-ipsec-proposal-XNS]esp encryption-algorithm 3des
Warning: The security level of des/3des this algorithm is low.
[FW2-ipsec-proposal-XNS]esp authentication-algorithm sha1
Warning: The security level of md5/sha1 is low.
[FW2-ipsec-proposal-XNS]qui
[FW2]ipsec policy XNS_MAP 10 isakmp
[FW2-ipsec-policy-isakmp-XNS_MAP-10]security acl 3000
[FW2-ipsec-policy-isakmp-XNS_MAP-10]proposal XNS
[FW2-ipsec-policy-isakmp-XNS_MAP-10]ike-peer FW1
[FW2-ipsec-policy-isakmp-XNS_MAP-10]qui
[FW2]int g1/0/0
[FW2-GigabitEthernet1/0/0]ipsec policy XNS_MAP
[FW2-GigabitEthernet1/0/0]qui
[FW2]security-policy 
[FW2-policy-security]rule name out_to_local
[FW2-policy-security-rule-out_to_local]source-zone untrust
[FW2-policy-security-rule-out_to_local]destination-zone local
[FW2-policy-security-rule-out_to_local]service protocol 50
[FW2-policy-security-rule-out_to_local]service protocol udp destination-port 500
[FW2-policy-security-rule-out_to_local]action permit
[FW2-policy-security-rule-out_to_local]qui
[FW2-policy-security]rule name out_to_in
[FW2-policy-security-rule-out_to_in]source-zone untrust
[FW2-policy-security-rule-out_to_in]destination-zone trust
[FW2-policy-security-rule-out_to_in]source-address 172.16.0.0 16
[FW2-policy-security-rule-out_to_in]destination-address 172.16.0.0 16
[FW2-policy-security-rule-out_to_in]action permit
[FW2-policy-security-rule-out_to_in]qui
[FW2-policy-security]rule name in_to_out
[FW2-policy-security-rule-in_to_out]source-zone trust
[FW2-policy-security-rule-in_to_out]destination-zone untrust
[FW2-policy-security-rule-in_to_out]action permit
[FW2-policy-security-rule-in_to_out]qui
[FW2-policy-security]rule name local_to_any
[FW2-policy-security-rule-local_to_any]source-zone local
[FW2-policy-security-rule-local_to_any]action permit
[FW2-policy-security-rule-local_to_any]qui
[FW2-policy-security]qui
[FW2]nat-policy
[FW2-policy-nat]rule name nat_pass
[FW2-policy-nat-rule-nat_pass]source-zone trust
[FW2-policy-nat-rule-nat_pass]destination-zone untrust
[FW2-policy-nat-rule-nat_pass]source-address 172.16.16.0 16
[FW2-policy-nat-rule-nat_pass]destination-address 172.16.0.0 16
[FW2-policy-nat-rule-nat_pass]action no-nat
[FW2-policy-nat-rule-nat_pass]qui
[FW2-policy-nat]rule name easyip
[FW2-policy-nat-rule-easyip]source-zone trust
[FW2-policy-nat-rule-easyip]destination-zone untrust
[FW2-policy-nat-rule-easyip]source-address 172.16.0.0 16
[FW2-policy-nat-rule-easyip]action source-nat easy-ip
[FW2-policy-nat-rule-easyip]qui
[FW2-policy-nat]qui
[FW2]

22、分校区单臂路由&DHCP

	LSW7:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname LSW7
[LSW7]vlan batch 16 17
[LSW7]int g0/0/1
[LSW7-GigabitEthernet0/0/1]port link-type access
[LSW7-GigabitEthernet0/0/1]port default vlan 16
[LSW7-GigabitEthernet0/0/1]int g0/0/2
[LSW7-GigabitEthernet0/0/2]port link-type access
[LSW7-GigabitEthernet0/0/2]port default vlan 17
[LSW7-GigabitEthernet0/0/2]int g0/0/3
[LSW7-GigabitEthernet0/0/3]port link-type trunk
[LSW7-GigabitEthernet0/0/3]port trunk allow-pass vlan 16 17
[LSW7-GigabitEthernet0/0/3]qui
[LSW7]
-------------------------------------------
    AR13:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname AR13
[AR13]int g0/0/1
[AR13-GigabitEthernet0/0/1]ip add 192.168.150.13 24
[AR13-GigabitEthernet0/0/1]int g0/0/0.16
[AR13-GigabitEthernet0/0/0.16]dot1q termination vid 16
[AR13-GigabitEthernet0/0/0.16]ip add 172.16.16.1 24
[AR13-GigabitEthernet0/0/0.16]arp broadcast en
[AR13-GigabitEthernet0/0/0.16]int g0/0/0.17
[AR13-GigabitEthernet0/0/0.17]dot1q termination vid 17
[AR13-GigabitEthernet0/0/0.17]ip add 172.16.17.1 24
[AR13-GigabitEthernet0/0/0.17]arp broadcast en
[AR13-GigabitEthernet0/0/0.17]qui
[AR13]dhcp enable
[AR13]ip pool sys_vlan16
[AR13-ip-pool-sys_vlan16]network 172.16.16.0 mask 24
[AR13-ip-pool-sys_vlan16]gateway-list 172.16.16.1
[AR13-ip-pool-sys_vlan16]dns-list 20.1.6.2 8.8.8.8
[AR13-ip-pool-sys_vlan16]qui
[AR13]ip pool sys_vlan17
[AR13-ip-pool-sys_vlan17]network 172.16.17.0 mask 24
[AR13-ip-pool-sys_vlan17]gateway-list 172.16.17.1
[AR13-ip-pool-sys_vlan17]dns-list 8.8.8.8 114.114.114.114
[AR13-ip-pool-sys_vlan17]qui
[AR13]int g0/0/0.16
[AR13-GigabitEthernet0/0/0.16]dhcp select global
[AR13-GigabitEthernet0/0/0.16]qui
[AR13]int g0/0/0.17
[AR13-GigabitEthernet0/0/0.17]dhcp select global
[AR13-GigabitEthernet0/0/0.17]qui
[AR13]

23、RIP&路由引入

	AR13:
[AR13]rip 1
[AR13-rip-1]version 2
[AR13-rip-1]network 192.168.150.0
[AR13-rip-1]import-route direct
[AR13-rip-1]qui
[AR13]
-------------------------------------------
    FW2:
[FW2]rip 1
[FW2-rip-1]default-route originate
[FW2-rip-1]version 2
[FW2-rip-1]network 192.168.150.0
[FW2-rip-1]qui
[FW2]

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/12752.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

漏洞深度分析|Apache Airflow example_bash_operator DAG 远程代码执行漏洞

项目介绍 Airflow 是一个使用 python 语言编写的 data pipeline 调度和监控工作流的平台。 Airflow 是通过 DAG&#xff08;Directed acyclic graph 有向无环图&#xff09;来管理任务流程的任务调度工具&#xff0c; 不需要知道业务数据的具体内容&#xff0c;设置任务的依赖…

Vue实现搜索关键字标红高亮加粗

博主介绍 &#x1f4e2;点击下列内容可跳转对应的界面&#xff0c;查看更多精彩内容&#xff01; &#x1f34e;主页&#xff1a;水香木鱼 &#x1f34d;专栏&#xff1a;后台管理系统 文章目录 简介&#xff1a;这是一篇有关【Vue实现搜索关键字标红高亮加粗】的文章&#xf…

光流法draw_flow()函数报错

光流法draw_flow()函数报错 1 import cv22 from scipy import *3 4 5 def draw_flow(im, flow, step16):6 """ Plot optical flow at sample points7 spaced step pixels apart. """8 h, w im.shape[:2]9 y, x mgrid[step / 2…

苹果电脑pd工具箱Parallels Toolbox中文

ParallelsToolbox中文版是一款体积小巧、功能齐全的电脑系统工具箱&#xff0c;Parallels Toolbox将所有的功能均非常直观的展现出来了&#xff0c;在这里可以轻松实现驱动器清理、视频转换、桌面隐藏、锁定屏幕、音频录制等一系列操作。 专为创意人士、学生、小企业主、长期多…

这些基本语法规则你还不知道?那你的Python还没入门...

官方对Python的介绍如下&#xff1a;Python是一款易于学习且功能强大的编程语言。它具有高效率的数据结构&#xff0c;能够简单又有效地实现面向对象编程。 Python有着非广泛的应用&#xff0c;几乎所有大中型互联网公司都在使用Python&#xff0c;例如国外的Google、Youtube、…

AutoDL算力租用,Mobaxterm+Pycharm+VScode通过SSH连接远程服务器AutoDL

上干货&#xff1a; 一 、AutoDL算力租用平台使用 https://www.autodl.com/register?codef8e175e4-67c3-4cca-b120-09b11caaf2e6 第一步先注册&#xff0c;新注册的有免费十块代金劵&#xff0c;提供免费体验一下&#xff0c;本想白嫖&#xff0c;一体验&#xff0c;直接上车…

重塑感知,荣耀金洋!金洋奖两项用户体验奖项公布

11月17日&#xff0c;银行APP用户体验外滩峰会圆满落幕。其间&#xff0c;金洋奖用户体验APP Top20、金洋奖适老化及无障碍体验APP Top10两项用户体验类奖项重磅颁出&#xff0c;聚焦用户体验&#xff0c;发现和挖掘业内用户体验优秀实践案例&#xff0c;助力行业提升APP用户体…

已有项目与git建立连接、老项目搭建git管理

最近接手了一个已经上线很久的项目&#xff0c;原来都是ftp进行修改&#xff0c;所以谁改的改了什么都没有记录&#xff0c;决定给这个项目加上git。 首先由于项目在线上服务器我没有直接在线上进行git远程库的上传&#xff0c;所以ftp把整个项目都拉到本地之后进行的操作。 一…

prometheus安装和oracle告警配置

一、安装Prometheus 通过git下载新版本promethus mv prometheus-2.40.1.linux-amd64.tar.gz /usr/local/ cd /usr/local tar zxvf prometheus-2.40.1.linux-amd64.tar.gz cd /usr/local/prometheus-2.40.1.linux-amd64 vim prometheus.yml global:scrape_interval: 15s # S…

BDD - SpecFlow Driver Pattern 驱动模式

BDD - SpecFlow Driver Pattern 驱动模式引言Driver Pattern 的优势举例不用 Driver Pattern运用 Driver Pattern引言 前面 《 BDD - SpecFlow Page Object Model POM 》介绍了 POM 模式&#xff0c;用于提取 Web UI 元素封装成 Page Object 类&#xff0c;今天介绍另外一种 D…

电子统计台账:处理时间与名称所在行有交错的流水账格式

目录 1 新建项目 2 水平过滤模板 3 垂直过滤模板是重点 实际工作中&#xff0c;各种千奇百怪的事情都能遇上。本来普通格式的流水账可以处理了还挺高兴&#xff0c;一下子又来了这样的数据格式&#xff0c;居然名称前面根本没有日期这样的流水账&#xff1a; 这种情况还是需…

【LeetCode每日一题】——462.最小操作次数使数组元素相等 II

文章目录一【题目类别】二【题目难度】三【题目编号】四【题目描述】五【题目示例】六【解题思路】七【题目提示】八【时间频度】九【代码实现】十【提交结果】一【题目类别】 排序 二【题目难度】 中等 三【题目编号】 462.最小操作次数使数组元素相等 II 四【题目描述】…

2022NUSTCTF--web

ezProtocol web基础 POST / HTTP/1.1 Host: 43.143.7.97:28520 Pragma: no-cache Cache-Control: no-cache Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Acc…

Linux信号

目录注意信号概念用kill -l命令可以查看系统定义的信号列表信号处理常见方式概览产生信号1. 通过终端按键产生信号Core Dump2. 调用系统函数向进程发信号3. 由软件条件产生信号4. 硬件异常产生信号信号捕捉模拟一下野指针异常总结阻塞信号1. 信号其他相关常见概念2. 在内核中的…

Jest单测实践篇

快照测试 快照测试在你要确保你的UI没有发生改变的时候非常有用。jest的快照测试为文本测试&#xff0c;第一次执行时存储本次的快照&#xff0c;然后在之后的测试过程中进行文本比对。 toMatchSnapshot() 方法 import React from react; import Link from ../Link.react; i…

Python编程 列表的常用方法

作者简介&#xff1a;一名在校计算机学生、每天分享Python的学习经验、和学习笔记。 座右铭&#xff1a;低头赶路&#xff0c;敬事如仪 个人主页&#xff1a;网络豆的主页​​​​​​ 目录 前言 一.字符串(str) 1.字符串常见操作(熟悉) 2.L.append(object) 3.L.exten…

前端开发环境搭建

1.安装git 去官网下载git安装包https://gitforwindows.org/ 2.配置ssh公钥这样再操作git 的时候就不用输入密码了 1、鼠标右键&#xff0c;点击 ‘git bash here’ 2、配置一下name 、eamil git config --global user.name 用户名 git config --global user.email 邮箱 3…

Spring 6面向切面编程aop详解

面向切面编程十五、面向切面编程AOP15.1 AOP介绍15.2 AOP的七大术语15.3 切点表达式15.4 使用Spring的AOP15.4.1 准备工作15.4.2 基于AspectJ的AOP注解式开发实现步骤通知类型切面的先后顺序优化使用切点表达式全注解式开发AOP15.4.3 基于XML配置方式的AOP&#xff08;了解&…

Windows 10下部署Java环境——jdk1.8.0_301版本

文章目录JDK安装JDK的环境配置验证JDK配置成功JDK安装 JDK1.8.0_301版本资源&#xff1a;https://download.csdn.net/download/qq_43408367/87061076?spm1001.2014.3001.5503 安装步骤参考&#xff1a;Windows 10下部署Java环境——JDK 11.0.2版本 JDK的环境配置 “我的电…

配置静态ip,主机名,centos安装jdk,hadoop等

切换到root用户操作 su root配置ip地址和ip地址的配置&#xff0c;网关&#xff0c;域名解析 vim /etc/sysconfig/network-scripts/ifcfg-ens33linux⾥的bootproto的none,static,dhcp有什么区别这个是⽹络配置参数&#xff1a; BOOTPROTOstatic 静态IP BOOTPROTOdhcp 动态IP…