ENSP企业网络

ENSP企业网络

ENSP企业网络_第1张图片

网络对应表

HJ-SW1 g0/0/1	Core-SW1 g0/0/5
HJ-SW1 g0/0/2	Core-SW2 g0/0/5
HJ-SW1 g0/0/3	JR-SW1 e0/0/1
HJ-SW1 g0/0/4	JR-SW2 e0/0/1
HJ-SW2 g0/0/1	Core-SW1 g0/0/6
HJ-SW2 g0/0/2	Core-SW2 g0/0/6
HJ-SW2 g0/0/3	JR-SW3 e0/0/1
HJ-SW2 g0/0/4	JR-SW4 e0/0/1
HJ-SW3 g0/0/1	Core-SW1 g0/0/7
HJ-SW3 g0/0/2	Core-SW2 g0/0/7
HJ-SW3 g0/0/3	JR-SW5 e0/0/1
HJ-SW3 g0/0/4	JR-SW6 e0/0/1
HJ-SW3 g0/0/5	AP1 g0/0/0
JR-SW1 e0/0/2	PC1 e0/0/1
JR-SW1 e0/0/3	Client1 e0/0/0
JR-SW2 e0/0/2	PC2 e0/0/1
JR-SW2 e0/0/3	Client2 e0/0/0
JR-SW3 e0/0/2	PC3 e0/0/1
JR-SW3 e0/0/3	Client3 e0/0/0
JR-SW4 e0/0/2	PC4 e0/0/1
JR-SW4 e0/0/3	Client4 e0/0/0
JR-SW5 e0/0/2	PC5 e0/0/1
JR-SW5 e0/0/3	Client5 e0/0/0
JR-SW6 e0/0/2	PC6 e0/0/1
JR-SW6 e0/0/3	Client6 e0/0/0
CoreSW1 g0/0/1	Core-R1 g0/0/2
CoreSW1 g0/0/2	Core-R2 g4/0/0
CoreSW1 g0/0/3	CoreSW2 g0/0/3
CoreSW1 g0/0/4	CoreSW2 g0/0/4
CoreSW2 g0/0/1	Core-R1 g4/0/0
CoreSW2 g0/0/2	Core-R2 g0/0/2
CoreR1 g0/0/0	FW1 g1/0/2
CoreR1 g0/0/1	CoreR2 g0/0/1
CoreR2 g0/0/0	FW1 g1/0/3
FW1 g1/0/0		ISP g0/0/1
FW1 g1/0/1		LSW12 e0/0/4
LSW12 e0/0/1	DNS e0/0/0
LSW12 e0/0/2	HTTP e0/0/0
LSW12 e0/0/3	FTP e0/0/0
ISP g0/0/0		LSW13 e0/0/1
LSW13 e0/0/2	互联网客户端 e0/0/0
LSW13 e0/0/3	互联网PC e0/0/1
LSW13 e0/0/4	www.baidu.com e0/0/0

网络架构

接入层

接入层是最靠近用户的一层,它负责将各种用户设备如电脑、手机以及其他终端设备连接到网络,并提供用户接入接口。这一层交换机起到关键作用,执行本地流量处理,同时也提供用户接入、认证、安全策略等功能。

配置JR-SW1
sys
sys JR-SW1
undo inf en
vlan ba 10 20 30 40 50 60 100 101
int e0/0/1
port link-type trunk
port trunk allow-pass vlan all
int e0/0/2
port link-type access
port default vlan 10
int e0/0/3
port link-type access
port default vlan 10
配置JR-SW2
sys
sys JR-SW2
undo inf en
vlan ba 10 20 30 40 50 60 100 101
int e0/0/1
port link-type trunk
port trunk allow-pass vlan all
int e0/0/2
port link-type access
port default vlan 20
int e0/0/3
port link-type access
port default vlan 20
配置JR-SW3
sys
sys JR-SW3
undo inf en
vlan ba 10 20 30 40 50 60 100 101
int e0/0/1
port link-type trunk
port trunk allow-pass vlan all
int e0/0/2
port link-type access
port default vlan 30
int e0/0/3
port link-type access
port default vlan 30
配置JR-SW4
sys
sys JR-SW4
undo inf en
vlan ba 10 20 30 40 50 60 100 101
int e0/0/1
port link-type trunk
port trunk allow-pass vlan all
int e0/0/2
port link-type access
port default vlan 40
int e0/0/3
port link-type access
port default vlan 40
配置JR-SW5
sys
sys JR-SW5
undo inf en
vlan ba 10 20 30 40 50 60 100 101
int e0/0/1
port link-type trunk
port trunk allow-pass vlan all
int e0/0/2
port link-type access
port default vlan 50
int e0/0/3
port link-type access
port default vlan 50
配置JR-SW6
sys
sys JR-SW6
undo inf en
vlan ba 10 20 30 40 50 60 100 101
int e0/0/1
port link-type trunk
port trunk allow-pass vlan all
int e0/0/2
port link-type access
port default vlan 60
int e0/0/3
port link-type access
port default vlan 60
配置PC2-PC6 DHCP
配置Client1-Client6
Client1
192.168.10.2 本机地址
255.255.255.0 子网掩码
192.168.10.252 网关
192.168.90.1 域名服务器
Client2
192.168.20.1
255.255.255.0
192.168.20.252
192.168.90.1
Client3
192.168.30.1
255.255.255.0
192.168.30.252
192.168.90.1
Client4
192.168.40.1
255.255.255.0
192.168.40.252
192.168.90.1
Client5
192.168.50.1
255.255.255.0
192.168.50.252
192.168.90.1
Client6
192.168.60.1
255.255.255.0
192.168.60.252
192.168.90.1

汇聚层

汇聚层,也被称为分布层或中介层,它是连接接入层和核心层的桥梁。汇聚层交换机负责将多个接入层的数据流量聚合后转发到核心层,以减轻核心层设备的负荷。此外,汇聚层还具有实施策略、安全、工作组接入、虚拟局域网(VLAN)之间的路由、源地址或目的地址过滤等多种功能。在汇聚层中,通常采用支持三层交换技术和VLAN的交换机,以达到网络隔离和分段的目的。

配置HJ-SW1
sys
sys HJ-SW1
undo inf en
vlan ba 10 20 30 40 50 60 100 101

int g0/0/1
port link-type trunk
port trunk allow-pass vlan all
int g0/0/2
port link-type trunk
port trunk allow-pass vlan all
int g0/0/3
port link-type trunk
port trunk allow-pass vlan all
int g0/0/4
port link-type trunk
port trunk allow-pass vlan all

stp enable
stp region-configuration
region-name huawei
revision-level 5
instance 1 vlan 10 20 30
instance 2 vlan 40 50 60
active region-configuration
display this
配置HJ-SW2
sys
sys HJ-SW2
undo inf en
vlan ba 10 20 30 40 50 60 100 101

int g0/0/1
port link-type trunk
port trunk allow-pass vlan all
int g0/0/2
port link-type trunk
port trunk allow-pass vlan all
int g0/0/3
port link-type trunk
port trunk allow-pass vlan all
int g0/0/4
port link-type trunk
port trunk allow-pass vlan all

stp enable
stp region-configuration
region-name huawei
revision-level 5
instance 1 vlan 10 20 30
instance 2 vlan 40 50 60
active region-configuration
display this
配置HJ-SW3
sys
sys HJ-SW3
undo inf en
vlan ba 10 20 30 40 50 60 100 101
 
int g0/0/1
port link-type trunk
port trunk allow-pass vlan all
int g0/0/2
port link-type trunk
port trunk allow-pass vlan all
int g0/0/3
port link-type trunk
port trunk allow-pass vlan all
int g0/0/4
port link-type trunk
port trunk allow-pass vlan all

stp enable
stp region-configuration
region-name huawei
revision-level 5
instance 1 vlan 10 20 30
instance 2 vlan 40 50 60
active region-configuration
display this

int g0/0/5
port link-type trunk 
port trunk pvid vlan 101 
port trunk allow-pass vlan all
#原生vlan设置为101

核心层

核心层是网络的主干部分,主要承担高速转发通信的任务,提供快速、可靠的骨干传输结构。核心层交换机的主要目的在于通过高速转发通信,提供快速、可靠的骨干传输结构,因此需要具备高可靠性、高效性、冗余性、容错性、可管理性、适应性以及低延时性等特性。基于IP地址和协议进行交换的第三层交换机普遍应用于网络的核心层。这样的设计能够将一个复杂的大而全的网络分成三个层次进行有序的管理。

配置Core-SW1
sys
sys Core-SW1
undo inf en
vlan ba 10 20 30 40 50 60 5 9 100 101
int vlan 10
ip address 192.168.10.254 24
int vlan 20
ip address 192.168.20.254 24
int vlan 30
ip address 192.168.30.254 24
int vlan 40
ip address 192.168.40.254 24
int vlan 50
ip address 192.168.50.254 24
int vlan 60
ip address 192.168.60.254 24
int vlan 5
ip address 192.168.80.5 30
int vlan 9
ip address 192.168.80.9 30

int vlan 10
vrrp vrid 10 virtual-ip 192.168.10.252
vrrp vrid 10 priority 101
vrrp vrid 10 track interface g0/0/1                    
vrrp vrid 10 track interface g0/0/2

int vlan 20
vrrp vrid 20 virtual-ip 192.168.20.252
vrrp vrid 20 priority 101
vrrp vrid 20 track interface g0/0/1                  
vrrp vrid 20 track interface g0/0/2

int vlan 30
vrrp vrid 30 virtual-ip 192.168.30.252
vrrp vrid 30 priority 101
vrrp vrid 30 track interface g0/0/1                  
vrrp vrid 30 track interface g0/0/2

int vlan 40
vrrp vrid 40 virtual-ip 192.168.40.252
vrrp vrid 40 track interface g0/0/1                  
vrrp vrid 40 track interface g0/0/2

int vlan 50
vrrp vrid 50 virtual-ip 192.168.50.252
vrrp vrid 50 track interface g0/0/1                  
vrrp vrid 50 track interface g0/0/2

int vlan 60
vrrp vrid 60 virtual-ip 192.168.60.252
vrrp vrid 60 track interface g0/0/1                  
vrrp vrid 60 track interface g0/0/2

int g0/0/1
port link-type access
port default vlan 5
int g0/0/2
port link-type access
port default vlan 9
quit
interface Eth-Trunk 1
trunkport GigabitEthernet 0/0/3
trunkport GigabitEthernet 0/0/4
port link-type trunk
port trunk allow-pass vlan all
quit
int g0/0/5
port link-type trunk
port trunk allow-pass vlan all
int g0/0/6
port link-type trunk
port trunk allow-pass vlan all
int g0/0/7
port link-type trunk
port trunk allow-pass vlan all

stp enable
stp region-configuration
region-name huawei
revision-level 5
instance 1 vlan 10 20 30
instance 2 vlan 40 50 60
active region-configuration
display this
stp instance 1 root primary
stp instance 2 root secondary

dhcp enable
int vlan 10
dhcp select interface
int vlan 20
dhcp select interface
int vlan 30
dhcp select interface
int vlan 40
dhcp select interface
int vlan 50
dhcp select interface
int vlan 60
dhcp select interface

ospf 10
ar 0
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.50.0 0.0.0.255
network 192.168.60.0 0.0.0.255
network 192.168.80.4 0.0.0.3 
network 192.168.80.8 0.0.0.3
配置Core-SW2
sys
sys Core-SW2
undo inf en
vlan ba 10 20 30 40 50 60 11 13 100 101 
int vlan 10
ip address 192.168.10.253 24
int vlan 20
ip address 192.168.20.253 24
int vlan 30
ip address 192.168.30.253 24
int vlan 40
ip address 192.168.40.253 24
int vlan 50
ip address 192.168.50.253 24
int vlan 60
ip address 192.168.60.253 24
int vlan 11
ip address 192.168.80.1 30
int vlan 13
ip address 192.168.80.13 30

int vlan 10
vrrp vrid 10 virtual-ip 192.168.10.252
vrrp vrid 10 track interface g0/0/1                   
vrrp vrid 10 track interface g0/0/2

int vlan 20
vrrp vrid 20 virtual-ip 192.168.20.252
vrrp vrid 20 track interface g0/0/1                  
vrrp vrid 20 track interface g0/0/2

int vlan 30
vrrp vrid 30 virtual-ip 192.168.30.252
vrrp vrid 30 track interface g0/0/1                  
vrrp vrid 30 track interface g0/0/2

int vlan 40
vrrp vrid 40 virtual-ip 192.168.40.252
vrrp vrid 40 priority 101
vrrp vrid 40 track interface g0/0/1                  
vrrp vrid 40 track interface g0/0/2

int vlan 50
vrrp vrid 50 virtual-ip 192.168.50.252
vrrp vrid 50 priority 101
vrrp vrid 50 track interface g0/0/1                  
vrrp vrid 50 track interface g0/0/2

int vlan 60
vrrp vrid 60 virtual-ip 192.168.60.252
vrrp vrid 60 priority 101
vrrp vrid 60 track interface g0/0/1                  
vrrp vrid 60 track interface g0/0/2

int vlan 100
ip address 192.168.100.254 24
int g0/0/8
port link-type trunk
port trunk allow-pass vlan all

interface Eth-Trunk 1
trunkport GigabitEthernet 0/0/3
trunkport GigabitEthernet 0/0/4
port link-type trunk
port trunk allow-pass vlan all
int g0/0/5
port link-type trunk
port trunk allow-pass vlan all
int g0/0/6
port link-type trunk
port trunk allow-pass vlan all
int g0/0/7
port link-type trunk
port trunk allow-pass vlan all

stp enable
stp region-configuration
region-name huawei
revision-level 5
instance 1 vlan 10 20 30
instance 2 vlan 40 50 60
active region-configuration
display this
stp instance 2 root primary
stp instance 1 root secondary

dhcp enable
int vlan 10
dhcp select interface
int vlan 20
dhcp select interface
int vlan 30
dhcp select interface
int vlan 40
dhcp select interface
int vlan 50
dhcp select interface
int vlan 60
dhcp select interface

int g0/0/1
port link-type access
port default vlan 13
int g0/0/2
port link-type access
port default vlan 11

ospf 20
ar 0
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.50.0 0.0.0.255
network 192.168.60.0 0.0.0.255
network 192.168.80.0 0.0.0.3 
network 192.168.80.12 0.0.0.3
network 192.168.100.12 0.0.0.255
配置Core-R1
sys
undo inf en
sys Core-R1
int g0/0/2
ip address 192.168.80.6 30
int g4/0/0
ip address 192.168.80.14 30
int g0/0/1
ip address 192.168.80.17 30
int g0/0/0
ip address 192.168.80.21 30
quit
ospf 30
ar 0
network 192.168.80.4 0.0.0.3
network 192.168.80.12 0.0.0.3
network 192.168.80.16 0.0.0.3
network 192.168.80.20 0.0.0.3
配置Core-R2
sys
undo inf en
sys Core-R2
int g0/0/2
ip address 192.168.80.2 30
int g0/0/1
ip address 192.168.80.18 30
int g4/0/0
ip address 192.168.80.10 30
int g0/0/0
ip address 192.168.80.125 30
quit
ospf 40
ar 0
network 192.168.80.0 0.0.0.3
network 192.168.80.8 0.0.0.3
network 192.168.80.16 0.0.0.3
network 192.168.80.24 0.0.0.3

无线网络区域

配置AC1
sys
sys AC1
vlan batch 100 101
int g0/0/1
port link-type trunk
port trunk allow-pass vlan all
quit

ip pool vlan100
gateway-list 192.168.100.254
network 192.168.100.0 mask 24
excluded-ip-address 192.168.100.201 192.168.100.253
dns-list 192.168.90.1

dhcp enable 
int vlan 100
ip address 192.168.100.3 255.255.255.0 
dhcp select global
int vlan 101
ip address 192.168.101.1 24
dhcp select interface

wlan
ap-group name ap
regulatory-domain-profile name domain1
country-code CN
quit
ap-group name ap
regulatory-domain-profile domain1
quit
quit
capwap source interface Vlanif 101
wlan
ap auth-mode mac-auth
ap-id 0 ap-mac 00-E0-FC-41-7A-E0
ap-name area1
ap-group ap
quit
security-profile name sec
security wpa2 psk pass-phrase 密码 aes
quit
ssid-profile name ssid
ssid Huawei
vap-profile name vap
forward-mode tunnel
service-vlan vlan-id 100
security-profile sec
ssid-profile ssid
quit
ap-group name ap
vap-profile vap wlan 1 radio all

服务器集群

配置DNS服务器
192.168.90.1 本机地址
255.255.255.0 子网掩码
192.168.90.254 网关

DNS服务器添加域名 
www.qiye.com
192.168.90.2
www.baidu.com
94.65.28.4

配置HTTP服务器
192.168.90.2
255.255.255.0
192.168.90.254

配置FTP服务器
192.168.90.3
255.255.255.0
192.168.90.254
HTTP、FTP运行需要选择一个根目录

互联网区域

互联网客户端
94.65.28.2 本机地址
255.255.255.240 子网掩码
94.65.28.1 网关

互联网PC
94.65.28.3
255.255.255.240
94.65.28.1

www.baidu.com
94.65.28.4
255.255.255.240
94.65.28.1
配置防火墙
初始用户名:admin
初始用户密码:Admin@123
修改后密码:Huawei@123

sys
sys FW1
undo inf en
int g1/0/1 
ip address 192.168.90.254 24
service-manage all permit
int g1/0/3
ip address 192.168.80.26 30
service-manage all permit
int g1/0/2
ip address 192.168.80.22 30
service-manage all permit
int g1/0/0
ip address 46.35.88.1 28
service-manage all permit
quit
firewall zone untrust
add interface g1/0/0
quit
firewall zone dmz
add interface g1/0/1
firewall zone trust
add interface g1/0/2
add interface g1/0/3

security-policy
rule name tr-untr
source-zone trust
source-address 192.168.0.0 0.0.255.255
destination-zone untrust
action permit
quit
rule name tr-dmz
source-zone trust
destination-zone dmz
source-address 192.168.0.0 0.0.255.255
destination-address 192.168.90.0 0.0.0.255
action permit
quit
rule name lo-untr
source-zone local 
destination-zone untrust
action permit
quit
rule name lo-dmz
source-zone local
destination-zone dmz
action permit
quit
rule name lo-tr
source-zone local
destination-zone trust
action permit
quit
rule name untr-tr
source-zone untrust
destination-zone trust
action permit
quit
rule name untr-lo
source-zone untrust
destination-zone local
action permit
quit
rule name tr-dmz
source-zone trust
destination-zone dmz
action permit
quit
rule name tr-lo
source-zone trust
destination-zone local
action permit
quit
rule name dmz-untr
source-zone dmz
destination-zone untrust
action permit

ospf 50
ar 0
network 192.168.90.00 0.0.0.255
network 192.168.80.24 0.0.0.3
network 192.168.80.20 0.0.0.3
quit

default-route-advertise always
quit
ip route-static 0.0.0.0 0 46.35.88.2
#display nat-policy rule all
nat-policy
rule name easy-ip
source-zone trust
source-address 192.168.0.0 0.0.255.255
action source-nat easy-ip

nat-policy
rule name dmztoun
source-zone dmz
source-address 192.168.90.0 0.0.0.255
action source-nat easy-ip
quit
quit
sava a
y
#undo rule name dmztoun
配置ISP
sys
undo inf en
sys ISP
int g0/0/0
ip address 94.65.28.1 28
int g0/0/1
ip address 46.35.88.2 28
quit
save a
PC1 ping 192.168.10.252

你可能感兴趣的:(网络)