基于ensp的园区网络搭建综合实验

news2024/10/5 13:42:40

核心技术介绍

1、虚拟局域网(VLAN)

2、链路聚合(E-trunk)

3、多生成树协议(MSTP)

4、VLANIF三层逻辑接口

5、虚拟路由冗余协议(VRRP)

6、开放式最短路径优先(OSPF)

7、动态主机配置协议(DHCP)

8、无线局域网集中式管理(AC+AP)

9、防火墙安全策略(Firewall Security Policy)

10、网络地址转换协议(NAT)

        

网络拓扑规划

全局图

        

 核心层

汇聚层

 接入层

        

网络设备配置

规划VLAN

Switch3

<Huawei>system-view 
[Huawei]undo info-center enable 
[Huawei]vlan batch 10 20 30 40

[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]port default vlan 10
[Huawei-Ethernet0/0/1]stp edged-port enable 
[Huawei-Ethernet0/0/1]quit

[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 20
[Huawei-Ethernet0/0/3]stp edged-port enable
[Huawei-Ethernet0/0/3]quit

[Huawei]port-group group-member e0/0/4 to e0/0/5
[Huawei-port-group]port link-type trunk
[Huawei-port-group]port trunk allow-pass vlan all
[Huawei-port-group]quit

Switch4

<Huawei>system-view 
[Huawei]undo info-center enable 
[Huawei]vlan batch 10 20 30 40

[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]port default vlan 30
[Huawei-Ethernet0/0/1]stp edged-port enable 
[Huawei-Ethernet0/0/1]quit

[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 40
[Huawei-Ethernet0/0/3]stp edged-port enable
[Huawei-Ethernet0/0/3]quit

[Huawei]port-group group-member e0/0/4 to e0/0/5
[Huawei-port-group]port link-type trunk
[Huawei-port-group]port trunk allow-pass vlan all
[Huawei-port-group]quit

Switch1

<Huawei>system-view
[Huawei]undo info-center enable 
[Huawei]vlan batch 10 20 30 40

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/1]quit

[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/2]quit

Switch2

<Huawei>system-view
[Huawei]vlan batch 10 20 30 40
[Huawei]undo info-center enable 

[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/2]quit

[Huawei]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type trunk 
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan all 
[Huawei-GigabitEthernet0/0/3]quit

链路聚合

Switch1

[Huawei]int Eth-Trunk 12
[Huawei-Eth-Trunk12]mode lacp-static 
[Huawei-Eth-Trunk12]trunkport g0/0/3
[Huawei-Eth-Trunk12]trunkport g0/0/4
[Huawei-Eth-Trunk12]port link-type trunk
[Huawei-Eth-Trunk12]port trunk allow-pass vlan all
[Huawei-Eth-Trunk12]display this
[Huawei-Eth-Trunk12]quit

Switch2

[Huawei]int Eth-Trunk 12
[Huawei-Eth-Trunk12]mode lacp-static 
[Huawei-Eth-Trunk12]trunkport g0/0/1
[Huawei-Eth-Trunk12]trunkport g0/0/5
[Huawei-Eth-Trunk12]port link-type trunk
[Huawei-Eth-Trunk12]port trunk allow-pass vlan all
[Huawei-Eth-Trunk12]display this
[Huawei-Eth-Trunk12]quit

部署MSTP

Switch1

[Huawei]stp mode mstp

[Huawei]stp region-configuration 
[Huawei-mst-region]region-name yeslab
[Huawei-mst-region]revision-level 1
[Huawei-mst-region]instance 1 vlan 10 20
[Huawei-mst-region]instance 2 vlan 30 40
[Huawei-mst-region]active region-configuration
[Huawei-mst-region]quit

[Huawei]stp instance 1 root primary 
[Huawei]stp instance 2 root secondary 

[Huawei]display stp region-configuration

Switch2

[Huawei]stp mode mstp 

[Huawei]stp region-configuration 
[Huawei-mst-region]region-name yeslab
[Huawei-mst-region] revision-level 1
[Huawei-mst-region] instance 1 vlan 10 20
[Huawei-mst-region] instance 2 vlan 30 40
[Huawei-mst-region] active region-configuration
[Huawei-mst-region]quit

[Huawei]stp instance 1 root secondary 
[Huawei]stp instance 2 root primary 

[Huawei]display stp region-configuration

Switch3

[Huawei]stp mode mstp

[Huawei]stp region-configuration 
[Huawei-mst-region]region-name yeslab
[Huawei-mst-region]revision-level 1
[Huawei-mst-region]instance 1 vlan 10 20
[Huawei-mst-region]instance 2 vlan 30 40
[Huawei-mst-region]active region-configuration 
[Huawei-mst-region]quit

[Huawei]display stp instance 1 brief 
[Huawei]display stp instance 2 brief
[Huawei]display stp region-configuration

Switch4

[Huawei]stp mode mstp 

[Huawei]stp region-configuration 
[Huawei-mst-region]region-name yeslab
[Huawei-mst-region]revision-level 1
[Huawei-mst-region]instance 1 vlan 10 20
[Huawei-mst-region]instance 2 vlan 30 40
[Huawei-mst-region]active region-configuration
[Huawei-mst-region]quit

[Huawei]display stp instance 1 brief 
[Huawei]display stp instance 2 brief
[Huawei]display stp region-configuration

配置VLANIF

Switch1

[Huawei]int vlanif 10
[Huawei-Vlanif10]ip address 192.168.10.251 24
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif20]ip address 192.168.20.251 24
[Huawei-Vlanif20]quit

[Huawei]int vlanif 30
[Huawei-Vlanif30]ip address 192.168.30.251 24
[Huawei-Vlanif30]quit

[Huawei]int vlanif 40
[Huawei-Vlanif40]ip address 192.168.40.251 24
[Huawei-Vlanif40]quit

Switch2

[Huawei]int vlanif 10
[Huawei-Vlanif10]ip address 192.168.10.252 24
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif20]ip address 192.168.20.252 24
[Huawei-Vlanif20]quit

[Huawei]int vlanif 30
[Huawei-Vlanif30]ip address 192.168.30.252 24
[Huawei-Vlanif30]quit

[Huawei]int vlanif 40
[Huawei-Vlanif40]ip address 192.168.40.252 24
[Huawei-Vlanif40]quit

配置VRRP

Switch1

[Huawei]int vlanif 10
[Huawei-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[Huawei-Vlanif10]vrrp vrid 10 priority 120
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif10]vrrp vrid 20 virtual-ip 192.168.20.254
[Huawei-Vlanif10]vrrp vrid 20 priority 120
[Huawei-Vlanif10]quit

[Huawei]int vlanif 30
[Huawei-Vlanif10]vrrp vrid 30 virtual-ip 192.168.30.254
[Huawei-Vlanif10]vrrp vrid 30 priority 110
[Huawei-Vlanif10]quit

[Huawei]int vlanif 40
[Huawei-Vlanif10]vrrp vrid 40 virtual-ip 192.168.40.254
[Huawei-Vlanif10]vrrp vrid 40 priority 110
[Huawei-Vlanif10]quit

[Huawei]display vrrp brief

Switch2

[Huawei]int vlanif 10
[Huawei-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[Huawei-Vlanif10]vrrp vrid 10 priority 110
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif10]vrrp vrid 20 virtual-ip 192.168.20.254
[Huawei-Vlanif10]vrrp vrid 20 priority 110
[Huawei-Vlanif10]quit

[Huawei]int vlanif 30
[Huawei-Vlanif10]vrrp vrid 30 virtual-ip 192.168.30.254
[Huawei-Vlanif10]vrrp vrid 30 priority 120
[Huawei-Vlanif10]quit

[Huawei]int vlanif 40
[Huawei-Vlanif10]vrrp vrid 40 virtual-ip 192.168.40.254
[Huawei-Vlanif10]vrrp vrid 40 priority 120
[Huawei-Vlanif10]quit

[Huawei]display vrrp brief

配置接口IP

Router1

<Huawei>system-view 
[Huawei]undo info-center enable

[Huawei]int LoopBack 0
[Huawei-LoopBack0]ip address 10.1.1.1 32
[Huawei-LoopBack0]quit

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.101.1 24
[Huawei-GigabitEthernet0/0/0]quit

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.102.1 24
[Huawei-GigabitEthernet0/0/1]quit

[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 10.1.12.1 24
[Huawei-GigabitEthernet0/0/2]quit

[Huawei]int g2/0/0
[Huawei-GigabitEthernet2/0/0]ip address 10.1.15.1 24
[Huawei-GigabitEthernet2/0/0]quit

[Huawei]int g2/0/1
[Huawei-GigabitEthernet2/0/1]ip address 10.1.11.1 24
[Huawei-GigabitEthernet2/0/1]quit

[Huawei]int pos4/0/0
[Huawei-Pos4/0/0]ip address 10.1.13.1 24
[Huawei-Pos4/0/0]quit

Router2

<Huawei>system-view 
[Huawei]undo info-center enable 

[Huawei]int LoopBack 0
[Huawei-LoopBack0]ip address 10.1.2.2 32
[Huawei-LoopBack0]quit

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.12.2 24
[Huawei-GigabitEthernet0/0/0]quit

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.103.1 24
[Huawei-GigabitEthernet0/0/1]quit

[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 10.1.104.1 24
[Huawei-GigabitEthernet0/0/2]quit

[Huawei]int pos2/0/0
[Huawei-Pos2/0/0]ip address 10.1.14.1 24
[Huawei-Pos2/0/0]quit

Router3

<Huawei>system-view 
[Huawei]undo info-center enable 

[Huawei]int LoopBack 0
[Huawei-LoopBack0]ip address 200.200.200.200 32
[Huawei-LoopBack0]quit

[Huawei]int pos4/0/0
[Huawei-Pos4/0/0]ip address 10.1.14.2 24
[Huawei-Pos4/0/0]quit

[Huawei]int pos6/0/0
[Huawei-Pos6/0/0]ip address 10.1.13.2 24
[Huawei-Pos6/0/0]quit

Switch1

[Huawei]vlan batch 101 103

[Huawei]int vlanif 101
[Huawei-Vlanif101]ip address 10.1.101.2 24
[Huawei-Vlanif101]quit

[Huawei]int vlanif 103
[Huawei-Vlanif103]ip address 10.1.103.2 24
[Huawei-Vlanif103]quit

[Huawei]int g0/0/5
[Huawei-GigabitEthernet0/0/5]port link-type access
[Huawei-GigabitEthernet0/0/5]port default vlan 101
[Huawei-GigabitEthernet0/0/5]quit

[Huawei]int g0/0/6
[Huawei-GigabitEthernet0/0/6]port link-type access
[Huawei-GigabitEthernet0/0/6]port default vlan 103
[Huawei-GigabitEthernet0/0/6]quit

Switch2

[Huawei]vlan batch 102 104

[Huawei]int vlanif 102
[Huawei-Vlanif102]ip address 10.1.102.2 24
[Huawei-Vlanif102]quit

[Huawei]int vlanif 104
[Huawei-Vlanif104]ip address 10.1.104.2 24
[Huawei-Vlanif104]quit

[Huawei]int g0/0/6
[Huawei-GigabitEthernet0/0/6]port link-type access 
[Huawei-GigabitEthernet0/0/6]port default vlan 102
[Huawei-GigabitEthernet0/0/6]quit

[Huawei]int g0/0/7
[Huawei-GigabitEthernet0/0/7]port link-type access
[Huawei-GigabitEthernet0/0/7]port default vlan 104
[Huawei-GigabitEthernet0/0/7]quit

配置OSPF

Router1

[Huawei]ospf 1 router-id 1.1.1.1
[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 10.1.11.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.101.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.102.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.12.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.15.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.1.1 0.0.0.0

[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[Huawei-ospf-1-area-0.0.0.0]dis ospf peer brief

Router2

[Huawei]ospf 1 router-id 2.2.2.2
[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 10.1.12.2 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.103.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.104.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.14.1 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.2.2 0.0.0.0

[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[Huawei-ospf-1-area-0.0.0.0]dis ospf peer brief

Switch1

[Huawei]ospf 1 router-id 3.3.3.3
[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 192.168.10.251 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.20.251 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.30.251 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.40.251 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.101.2 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.103.2 0.0.0.0

[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[Huawei-ospf-1-area-0.0.0.0]dis ospf peer brief

Switch2

[Huawei]ospf 1 router-id 4.4.4.4
[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 192.168.10.252 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.20.252 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.30.252 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.40.252 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.102.2 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.104.2 0.0.0.0

[Huawei-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[Huawei-ospf-1-area-0.0.0.0]dis ospf peer brief

 配置DHCP

DHCP服务器

<Huawei>system-view 
[Huawei]undo info-center enable 

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.11.2 24
[Huawei-GigabitEthernet0/0/0]quit

[Huawei]dhcp enable 

[Huawei]ip pool VLAN10
[Huawei-ip-pool-VLAN10]network 192.168.10.0 mask 255.255.255.0
[Huawei-ip-pool-VLAN10]gateway-list 192.168.10.254
[Huawei-ip-pool-VLAN10]dns-list 114.114.114.114
[Huawei-ip-pool-VLAN10]domain-name yeslab.net
[Huawei-ip-pool-VLAN10]quit

[Huawei]ip pool VLAN20
[Huawei-ip-pool-VLAN20]network 192.168.20.0 mask 255.255.255.0
[Huawei-ip-pool-VLAN20]gateway-list 192.168.20.254
[Huawei-ip-pool-VLAN20]dns-list 114.114.114.114
[Huawei-ip-pool-VLAN20]domain-name yeslab.net
[Huawei-ip-pool-VLAN20]quit

[Huawei]ip pool VLAN30
[Huawei-ip-pool-VLAN30]network 192.168.30.0 mask 255.255.255.0
[Huawei-ip-pool-VLAN30]gateway-list 192.168.30.254
[Huawei-ip-pool-VLAN30]dns-list 114.114.114.114
[Huawei-ip-pool-VLAN30]domain-name yeslab.net
[Huawei-ip-pool-VLAN30]quit

[Huawei]ip pool VLAN40
[Huawei-ip-pool-VLAN40]network 192.168.40.0 mask 255.255.255.0
[Huawei-ip-pool-VLAN40]gateway-list 192.168.40.254
[Huawei-ip-pool-VLAN40]dns-list 114.114.114.114
[Huawei-ip-pool-VLAN40]domain-name yeslab.net
[Huawei-ip-pool-VLAN40]quit

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]dhcp select global 
[Huawei-GigabitEthernet0/0/0]quit

[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.1.11.1

Switch1

[Huawei]dhcp enable 

[Huawei]int vlanif 10
[Huawei-Vlanif10]dhcp select relay 
[Huawei-Vlanif10]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif20]dhcp select relay 
[Huawei-Vlanif20]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif20]quit

[Huawei]int vlanif 30
[Huawei-Vlanif30]dhcp select relay
[Huawei-Vlanif30]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif30]quit

[Huawei]int vlanif 40
[Huawei-Vlanif40]dhcp select relay
[Huawei-Vlanif40]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif40]quit

Switch2

[Huawei]dhcp enable 

[Huawei]int vlanif 10
[Huawei-Vlanif10]dhcp select relay
[Huawei-Vlanif10]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif10]quit

[Huawei]int vlanif 20
[Huawei-Vlanif20]dhcp select relay
[Huawei-Vlanif20]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif20]quit

[Huawei]int vlanif 30
[Huawei-Vlanif30]dhcp select relay
[Huawei-Vlanif30]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif30]quit

[Huawei]int vlanif 40
[Huawei-Vlanif40]dhcp select relay
[Huawei-Vlanif40]dhcp relay server-ip 10.1.11.2
[Huawei-Vlanif40]quit

到此实现了内网互联互通

配置WLAN

VLAN划分

Switch1

[Huawei]vlan 111
[Huawei-vlan101]quit

Switch2

[Huawei]vlan 111
[Huawei-vlan101]quit

[Huawei]int g0/0/4
[Huawei-GigabitEthernet0/0/4]port link-type trunk
[Huawei-GigabitEthernet0/0/4]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/4]quit

Switch3

[Huawei]vlan 111
[Huawei-vlan101]quit

[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type trunk 
[Huawei-Ethernet0/0/2]port trunk pvid vlan 111
[Huawei-Ethernet0/0/2]port trunk allow-pass vlan all
[Huawei-Ethernet0/0/2]quit

Switch4

[Huawei]vlan 111
[Huawei-vlan101]quit

[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type trunk
[Huawei-Ethernet0/0/2]port trunk pvid vlan 111
[Huawei-Ethernet0/0/2]port trunk allow-pass vlan all
[Huawei-Ethernet0/0/2]quit

AC

<AC6605>system-view 
[AC6605]undo info-center enable

[AC6605]vlan 111
[AC6605-vlan101]quit

[AC6605]int g0/0/1
[AC6605-GigabitEthernet0/0/1]port link-type trunk 
[AC6605-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC6605-GigabitEthernet0/0/1]quit

[AC6605]dhcp enable 
[AC6605]int vlanif 111
[AC6605-Vlanif111]ip address 192.168.111.254 24
[AC6605-Vlanif111]dhcp select interface

AP        [Huawei]display system-information 

AP上线

[AC6605]wlan
[AC6605-wlan-view]regulatory-domain-profile name default
[AC6605-wlan-regulate-domain-default]country-code CN
[AC6605-wlan-regulate-domain-default]quit

[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]regulatory-domain-profile default
[AC6605-wlan-ap-group-ap-group1]quit
[AC6605-wlan-view]quit

[AC6605]capwap source int Vlanif 101
[AC6605-wlan-view]ap auth-mode no-auth 
[AC6605-wlan-view]display ap all 

[AC6605-wlan-view]ap-id 0
[AC6605-wlan-ap-0]ap-name AP1
[AC6605-wlan-ap-0]ap-group ap-group1
[AC6605-wlan-ap-0]quit

[AC6605-wlan-view]ap-id 1
[AC6605-wlan-ap-1]ap-name AP2
[AC6605-wlan-ap-1]ap-group ap-group1
[AC6605-wlan-ap-1]quit

[AC6605-wlan-view]ap auth-mode mac-auth 
[AC6605-wlan-view]quit
[AC6605]display ap all

 加密

[AC6605]wlan
[AC6605-wlan-view]security-profile name wlan-net
[AC6605-wlan-sec-prof-wlan-net]security wpa-wpa2 psk pass-phrase a12345678 aes
[AC6605-wlan-sec-prof-wlan-net]quit

[AC6605-wlan-view]ssid-profile name wlan-net
[AC6605-wlan-ssid-prof-wlan-net]ssid yeslab
[AC6605-wlan-ssid-prof-wlan-net]quit

[AC6605-wlan-view]vap-profile name wlan-net
[AC6605-wlan-vap-prof-wlan-net]forward-mode direct-forward 
[AC6605-wlan-vap-prof-wlan-net]service-vlan vlan-pool yeslab
[AC6605-wlan-vap-prof-wlan-net]quit
[AC6605-wlan-view]quit

[AC6605]vlan pool yeslab
[AC6605-vlan-pool-yeslab]vlan 10 20 30 40
[AC6605-vlan-pool-yeslab]quit

[AC6605]wlan
[AC6605-wlan-view]vap-profile name wlan-net
[AC6605-wlan-vap-prof-wlan-net]service-vlan vlan-pool yeslab
[AC6605-wlan-vap-prof-wlan-net]security-profile wlan-net
[AC6605-wlan-vap-prof-wlan-net]quit
[AC6605-wlan-view]quit

[AC6605]wlan 
[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]vap-profile wlan-net wlan 1 radio 0
[AC6605-wlan-ap-group-ap-group1]vap-profile wlan-net wlan 1 radio 1
[AC6605-wlan-ap-group-ap-group1]quit
[AC6605-wlan-view]quit

配置防火墙

 ISP

<Huawei>system-view
[Huawei]undo info-center enable 

[Huawei]int LoopBack 0
[Huawei-LoopBack0]ip address 114.114.114.114 32
[Huawei-LoopBack0]quit

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 202.1.10.2 24
[Huawei-GigabitEthernet0/0/0]quit

FireWall

配置IP
<USG6000V1>system-view 
[USG6000V1]undo info-center enable 

[USG6000V1]int g0/0/0
[USG6000V1-GigabitEthernet0/0/0]ip address 202.1.10.1 24
[USG6000V1-GigabitEthernet0/0/0]quit

[USG6000V1]int g1/0/0
[USG6000V1-GigabitEthernet1/0/0]ip address 10.1.15.2 24
[USG6000V1-GigabitEthernet1/0/0]service-manage ping permit 
[USG6000V1-GigabitEthernet1/0/0]quit


划分zone
[USG6000V1]firewall zone trust
[USG6000V1-zone-trust]add int g1/0/0
[USG6000V1-zone-trust]undo add int g0/0/0
[USG6000V1-zone-trust]quit

[USG6000V1]firewall zone untrust 
[USG6000V1-zone-untrust]add int g0/0/0
[USG6000V1-zone-untrust]quit


配置OSPF
[USG6000V1]ospf 1 router-id 6.6.6.6
[USG6000V1-ospf-1]area 0
[USG6000V1-ospf-1-area-0.0.0.0]network 10.1.15.2 0.0.0.0
[USG6000V1-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher Huawei@123
[USG6000V1-ospf-1-area-0.0.0.0]quit
[USG6000V1-ospf-1]quit

[USG6000V1]display ospf peer brief     status处于ExStart,单播报文发不出去,需要放行流量
[USG6000V1]security-policy 
[USG6000V1-policy-security]rule name permit_local_trust_ospf
[USG6000V1-policy-security-rule-permit_local_trust_ospf]source-zone local 
[USG6000V1-policy-security-rule-permit_local_trust_ospf]destination-zone trust 
[USG6000V1-policy-security-rule-permit_local_trust_ospf]action permit 
[USG6000V1-policy-security-rule-permit_local_trust_ospf]quit
[USG6000V1-policy-security]quit
[USG6000V1]display ospf peer brief      status处于Full


安全策略放行
[USG6000V1]ip route-static 0.0.0.0 0.0.0.0 202.1.10.2
[USG6000V1]ospf 1
[USG6000V1-ospf-1]default-route-advertise always 
[USG6000V1-ospf-1]quit

[USG6000V1]security-policy 
[USG6000V1-policy-security]rule name permit_trust_untrust
[USG6000V1-policy-security-rule-permit_trust_untrust]source-zone trust 
[USG6000V1-policy-security-rule-permit_trust_untrust]destination-zone untrust 
[USG6000V1-policy-security-rule-permit_trust_untrust]action permit 


配置nat
[USG6000V1]nat-policy 
[USG6000V1-policy-nat]rule name EASYIP
[USG6000V1-policy-nat-rule-EASYIP]source-zone trust 
[USG6000V1-policy-nat-rule-EASYIP]destination-zone untrust 
[USG6000V1-policy-nat-rule-EASYIP]action source-nat easy-ip

以上配置完成后,内外网还是不能互通,问题有待解决。。。

        

实验总结

完成效果

改进之处

1.防火墙配置存在问题,只能防火墙内部互联互通,外部与内部不能进行通信。


        

2.无线设备DHCP可能只能获取到DNS,不能获得IP

因为DHCP地址池没有排除被交换机占有的IP地址

排除IP地址:excluded-ip-address 192.168.10.10 192.168.10.254     

        

 3.边界路由器还未配置BGP

针对以上问题,后续有空会做进一步改进。。。

        

参考来源

中大型企业网实战课程_哔哩哔哩_bilibili

基于ensp的园区网络搭建综合实验

基于eNSP的千人中型校园/企业网络设计与规划

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/1810085.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

C语言:(动态内存管理)

C语言:(动态内存管理)

目录 动态内存有什么用呢 malloc函数 开辟失败示范 free函数 calloc函数 realloc函数 当然realooc也可以开辟空间 常⻅的动态内存的错误 对NULL指针的解引⽤操作 对动态内存开辟的空间越界访问 对⾮动态开辟内存使⽤free释放 使⽤free释放⼀块动态开辟内存的⼀部分 …
阅读更多...
G盘文件系统损坏:全面解析与应对策略

G盘文件系统损坏:全面解析与应对策略

在数字时代&#xff0c;数据的重要性不言而喻。然而&#xff0c;G盘文件系统损坏却时常给我们的数据安全带来威胁。当G盘文件系统受损时&#xff0c;可能导致文件丢失、数据无法访问等严重后果。本文将深入探讨G盘文件系统损坏的现象、原因、恢复方案以及预防措施&#xff0c;帮…
阅读更多...
Java学习-JDBC(四)

Java学习-JDBC(四)

连接池 现有问题 每次操作数据库都需要重新获取新连接&#xff0c;使用完毕后需close释放&#xff0c;频繁的创建和销毁造成资源浪费连接的数量无法把控&#xff0c;对服务器造成巨大压力 连接池 连接池是数据库连接对象的缓冲区&#xff0c;通过配置&#xff0c;由连接池负…
阅读更多...
刷机维修进阶教程-----红米k30 nv损坏故障 修复实例教程步骤解析

刷机维修进阶教程-----红米k30 nv损坏故障 修复实例教程步骤解析

小米红米系列机型在米8起始就有了串码校验。不得随意更改参数限制。不同于其他机型,可以任意刷入同芯片的基带qcn来修复基带和串码丢失。米系列刷入同芯片基带qcn会提示nv损坏故障。是因为有串码校验。一般在于格机或者全檫除分区后写新参数出现的故障。 这种解决方法通常有两…
阅读更多...
OpenAI与核聚变公司寻求合作,白宫拨款1.8亿美元用于核聚变商业化研究

OpenAI与核聚变公司寻求合作,白宫拨款1.8亿美元用于核聚变商业化研究

在当下&#xff0c;由 AI 引发的新一轮能源危机已经不再是一个小概率的「黑天鹅」事件&#xff0c;而是一头正在向我们猛冲而来的「灰犀牛」。 Helion Energy&#xff0c;是一家总部位于美国华盛顿州埃弗雷特的能源创业公司。 3.5研究测试&#xff1a;hujiaoai.cn 4研究测试&am…
阅读更多...
Pytorch 实现目标检测三(Pytorch 25)

Pytorch 实现目标检测三(Pytorch 25)

一 目标检测数据集 目标检测领域没有像MNIST和Fashion‐MNIST那样的小数据集。为了快速测试目标检测模型&#xff0c;我们收集并标记了一个小型数据集。首先&#xff0c;我们拍摄了一组香蕉的照片&#xff0c;并生成了1000张不同角度和大小的香蕉图像。然 后&#xff0c;我们在…
阅读更多...
基于STM32开发的智能空气质量监控系统

基于STM32开发的智能空气质量监控系统

⬇帮大家整理了单片机的资料 包括stm32的项目合集【源码开发文档】 点击下方蓝字即可领取&#xff0c;感谢支持&#xff01;⬇ 点击领取更多嵌入式详细资料 问题讨论&#xff0c;stm32的资料领取可以私信&#xff01; 目录 引言环境准备智能空气质量监控系统基础代码实现&…
阅读更多...
Kafka的分区副本机制

Kafka的分区副本机制

目录 生产者的分区写入策略 轮询策略 随机策略 按key分配策略 乱序分区 自定义分区策略 实现步骤&#xff1a; 消费者组Rebalance机制 Rebalance触发时机 Rebalance的不良影响 消费者分区分配策略 Range范围分配策略 RoundRobin轮询策略 Stricky粘性分配策略 生产…
阅读更多...
冯喜运:6.11#现货黄金#美原油#行情趋势分析及操作建议

冯喜运:6.11#现货黄金#美原油#行情趋势分析及操作建议

【黄金消息面分析】&#xff1a;随着全球经济的波动&#xff0c;黄金作为传统的避险资产&#xff0c;其价格走势一直备受投资者关注。上周五&#xff0c;美国非农就业报告的强劲表现给美联储降息预期泼了冷水&#xff0c;同时&#xff0c;中国5月份未增持黄金&#xff0c;结束了…
阅读更多...
Unity ShaderGraph 扭曲

Unity ShaderGraph 扭曲

需要注意的是&#xff1a; HDRP ShaderGraph中 你不能扭曲UI&#xff0c;所以假如你要扭曲视频&#xff0c;请把视频在材质上渲染 播放&#xff0c;这样就可以扭曲视频了喔&#xff0c; ShaderGraph扭曲
阅读更多...
3、线性代数

3、线性代数

1、矩阵转置 A[i,j]A[j,i] 2、对称矩阵 &#xff1a;A转置A [0,2,3] [2 1 5] [3,5,1] 3、三维矩阵 求和 axis0 两个矩阵相加 axis1 两个向量相加 &#xff0c;axis2 向量内部相加 keepdimsTrue 求和后维度保持不变 4、cumsum累加求和 5、torch.mm() 或 torch.bmm() 【矩…
阅读更多...
CleanMyMac2024最新免费电脑Mac系统优化工具

CleanMyMac2024最新免费电脑Mac系统优化工具

大家好&#xff0c;我是你们的好朋友——软件评测专家&#xff0c;同时也是一名技术博主。今天我要给大家种草一个超级实用的Mac优化工具——CleanMyMac&#xff01; 作为一个长期使用macOS的用户&#xff0c;我深知系统运行时间长了&#xff0c;缓存文件、日志、临时文件等都会…
阅读更多...
【高校科研前沿】广西大学博士生冯德东为一作在Habitat Int发文:区域乡村性与贫困治理变化的时空格局及相关效应——以滇桂黔石漠化地区为例

【高校科研前沿】广西大学博士生冯德东为一作在Habitat Int发文:区域乡村性与贫困治理变化的时空格局及相关效应——以滇桂黔石漠化地区为例

1.文章简介 论文名称&#xff1a;Spatio-temporal patterns and correlation effects of regional rurality and poverty governance change: A case study of the rocky desertification area of Yunnan-Guangxi-Guizhou, China&#xff08;区域乡村性与贫困治理变化的时空格…
阅读更多...
Magnet pro for mac v2.14.0中文激活版:高效窗口管理工具

Magnet pro for mac v2.14.0中文激活版:高效窗口管理工具

Magnet for Mac是一款专为Mac用户设计的窗口管理工具&#xff0c;旨在帮助用户更高效地管理和布局多个应用程序窗口&#xff0c;提升工作效率。 Magnet pro for mac v2.14.0中文激活版下载 这款软件拥有直观易用的界面和丰富的功能&#xff0c;支持用户将屏幕分割成多个区域&a…
阅读更多...
【Linux】用户和组的管理、综合实训

【Linux】用户和组的管理、综合实训

目录 实训1&#xff1a;用户的管理 实训2:组的管理 实训3:综合实训 实训1&#xff1a;用户的管理 (1)创建一个新用户userl&#xff0c;设置其主目录为/home/user 1。 (2)查看/etc/passwd 文件的最后一行&#xff0c;看看是如何记录的。 (3)查看文件/etc/shadow文件的最后一…
阅读更多...
QT 使用资源文件的注意点

QT 使用资源文件的注意点

不要存放没有使用的资源文件 即使在代码中没有使用到的资源文件&#xff0c;也会编译到执行文件或者DLL里面去这样会增大它的体积。如下 在代码没有使用这个资源文件(10.4M的2k图片)&#xff0c;但是编译出来的程序有 12M左右的大小 1 假设我们有一个比较复杂的项目&#…
阅读更多...
渗透测试模拟实战(二)-BlueCMS平台

渗透测试模拟实战(二)-BlueCMS平台

渗透测试 渗透测试是维护网络安全的重要组成部分&#xff0c;可以帮助组织识别并修复潜在的安全漏洞&#xff0c;减少被恶意攻击的风险。然而&#xff0c;进行渗透测试时必须遵守法律和道德规范&#xff0c;确保所有活动都在授权范围内进行。 环境部署&#xff1a; study2016、…
阅读更多...
Java:集合框架

Java:集合框架

1.Collection接口 collection接口是Java最基本的集合接口&#xff0c;它定义了一组允许重复的对象。它虽然不能直接创建实例&#xff0c;但是它派生了两个字接口List和Set&#xff0c;可以使用子接口的实现类创建实例。Collection 接口是抽取List接口和Set接口共同的存储特点和…
阅读更多...
面试官:Spring如何解析配置类

面试官:Spring如何解析配置类

你好&#xff0c;我是柳岸花开。 大家好&#xff0c;今天我们来深入探讨一下Spring框架中的配置类解析与扫描过程的源码。Spring作为Java开发中最为广泛使用的框架之一&#xff0c;其核心机制一直是开发者关注的焦点。本文将带领大家从源码角度&#xff0c;详细剖析Spring配置类…
阅读更多...
构建高效的数据存储系统:Python dbm 模块的应用与实践

构建高效的数据存储系统:Python dbm 模块的应用与实践

&#x1f340; 前言 博客地址&#xff1a; CSDN&#xff1a;https://blog.csdn.net/powerbiubiu &#x1f44b; 简介 dbm&#xff08;Database Manager&#xff09;是Python中的一个模块&#xff0c;用于创建和管理简单的键值对数据库。它提供了一种简单而有效的方式来存储和…
阅读更多...
推荐文章
最新文章

Copyright @ 2022~2023