基于eNSP加防火墙的千人中型校园/企业网络规划与设计(附所有配置命令)
Posted 小猿网
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了基于eNSP加防火墙的千人中型校园/企业网络规划与设计(附所有配置命令)相关的知识,希望对你有一定的参考价值。
作者:BSXY_19计科_陈永跃
BSXY_信息学院
注:未经允许禁止转发任何内容
基于eNSP加防火墙的千人中型校园/企业网络规划与设计
前言及资源下载说明( 未经允许禁止转发任何内容 )
有什么问题可以在评论区说明自己遇到的情况,博主看到会第一时间回复,希望其他人也可以回复别人的问题,。
可根据以下所提供的设计与实现步骤过程一步一步自行实现(每一条命令都是关键的命令);但是如果有需要的也可以根据以下地址进行下载完整的topo图和完整的配置进行参考与借鉴,如若拿到topo图可多display查看配置,查看相应的命令,配套资源连接如下:
基于eNSP加防火墙的千人中型校园/企业网络规划与设计topo图(有线+无线).rar + 所有配置命令(order.txt)
(注:order.txt, 以下加红色标记及注释的图片 是为了照顾一下拿到topo及配置不display查看topo配置的人加的(当然以上基于eNSP加防火墙的千人中型校园/企业网络规划与设计topo图及其配置是全的))
一、设计topo图与设计要求(15个要求)
拓扑图1:
拓扑图2:
设计要求:
01、完成服务器、防火墙、路由器等接口地址的配置
02、配置Eth-Trunk 链路捆绑实现链路冗余
03、企业内部划分多个vlan,减小广播域大小,提高网络的可靠性
04、配置MSTP+VRRP实现流量负载分担,同时实现冗余,并配置相应的stp优化技术stp收敛,减少stp震荡
05、所有用户均为自动获取IP地址
06、配置相应的DHCP snooping隔绝非法DHCP server
07、配置OSPF和静态路由实现三层路由互通
08、防火墙配置安全策略,放行内网区域到dmz区的流量
09、防火墙配置NAT策略和安全策略,使得用户可以访问外网百度
10、防火墙配置服务器映射和安全策略,允许外网用户Client通过公网地址100.100.100.100访问web服务器
11、防火墙配置相应策略,允许外网用户Client通过公网http://100.100.100.100访问登录web服务器
12、用户能够通过域名(www.baidu.com)访问外网百度
13、内部财务服务器只允许vlan 50用户访问
14、LSW1-LSW12交换机都能被telnet(huawei 5555)
15、无线WLAN配置,且业务vlan 101 102也可以通过域名(www.baidu.com)访问外网百度
二、改造前topo无防火墙(插曲:可看可不看)
插曲部分:改造前的冗余型的网络设计,改造前基于eNSP的千人规模 冗余型 中型校园/企业网络设计与规划 如下图所示(但是并不在该篇文章中做详细介绍和说明,如查看可点击连接自行查看阅读):
三、配置全过程
1、VLAN Trunk配置
HX_SW1:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname HX_SW1
[HX_SW1]int Eth-Trunk 1
[HX_SW1-Eth-Trunk1]mode lacp-static
[HX_SW1-Eth-Trunk1]trunkport g0/0/7
[HX_SW1-Eth-Trunk1]trunkport g0/0/8
[HX_SW1-Eth-Trunk1]q
------------------------------------
HX_SW2:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname HX_SW2
[HX_SW2]int Eth-Trunk 1
[HX_SW2-Eth-Trunk1]mode lacp-static
[HX_SW2-Eth-Trunk1]trunkport g0/0/7
[HX_SW2-Eth-Trunk1]trunkport g0/0/8
[HX_SW2-Eth-Trunk1]q
------------------------------------
HJ_SW4:
<Huawei>sy
[Huawei]sysname HJ_SW4
[HJ_SW4]int Eth-Trunk 2
[HJ_SW4-Eth-Trunk2]mode lacp-static
[HJ_SW4-Eth-Trunk2]trunkport g0/0/4
[HJ_SW4-Eth-Trunk2]trunkport g0/0/5
[HJ_SW4-Eth-Trunk2]q
------------------------------------
JR_SW9:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname JR_SW9
[JR_SW9]int Eth-Trunk 2
[JR_SW9-Eth-Trunk2]mode lacp-static
[JR_SW9-Eth-Trunk2]trunkport g0/0/4
[JR_SW9-Eth-Trunk2]trunkport g0/0/5
[JR_SW9-Eth-Trunk2]dis eth-trunk//查看eth-trunk的配置
2、VLAN底层配置
JR_SW6:
<Huawei>SY
[Huawei]un in en
[Huawei]sysname JR_SW6
[JR_SW6]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW6]int g0/0/1
[JR_SW6-GigabitEthernet0/0/1]port link-type trunk
[JR_SW6-GigabitEthernet0/0/1]port trunk allow-pass vlan 20 30 900
[JR_SW6-GigabitEthernet0/0/1]int g0/0/2
[JR_SW6-GigabitEthernet0/0/2]port link-type access
[JR_SW6-GigabitEthernet0/0/2]port default vlan 20
[JR_SW6-GigabitEthernet0/0/2]int g0/0/3
[JR_SW6-GigabitEthernet0/0/3]port link-type access
[JR_SW6-GigabitEthernet0/0/3]port default vlan 30
[JR_SW6-GigabitEthernet0/0/3]
------------------------------------
JR_SW7:
<Huawei>SYS
[Huawei]un in en
[Huawei]sysname JR_SW7
[JR_SW7]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW7]int g0/0/1
[JR_SW7-GigabitEthernet0/0/1]port link-type trunk
[JR_SW7-GigabitEthernet0/0/1]port trunk allow-pass vlan 40 900
[JR_SW7-GigabitEthernet0/0/1]int g0/0/2
[JR_SW7-GigabitEthernet0/0/2]port link-type access
[JR_SW7-GigabitEthernet0/0/2]port default vlan 40
[JR_SW7-GigabitEthernet0/0/2]qui
------------------------------------
HJ_SW3:
<Huawei>system-view
[Huawei]un in en
[Huawei]sysname HJ_SW3
[HJ_SW3]vlan batch 20 30 40 50 60 70 80 200 900
[HJ_SW3]int g0/0/1
[HJ_SW3-GigabitEthernet0/0/1]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 20 30 40 900
[HJ_SW3-GigabitEthernet0/0/1]int g0/0/2
[HJ_SW3-GigabitEthernet0/0/2]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 20 30 40 900
[HJ_SW3-GigabitEthernet0/0/2]int g0/0/3
[HJ_SW3-GigabitEthernet0/0/3]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/3]port trunk allow-pass vlan 20 30 900
[HJ_SW3-GigabitEthernet0/0/3]int g0/0/4
[HJ_SW3-GigabitEthernet0/0/4]port link-type trunk
[HJ_SW3-GigabitEthernet0/0/4]port trunk allow-pass vlan 40 900
------------------------------------
JR_SW8:
<Huawei>SYS
[Huawei]sys
[Huawei]sysname JR_SW8
[JR_SW8]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW8]int g0/0/1
[JR_SW8-GigabitEthernet0/0/1]port link-type trunk
[JR_SW8-GigabitEthernet0/0/1]port trunk allow-pass vlan 50 900
[JR_SW8-GigabitEthernet0/0/1]int g0/0/2
[JR_SW8-GigabitEthernet0/0/2]port link-type access
[JR_SW8-GigabitEthernet0/0/2]port default vlan 50
------------------------------------
JR_SW9:
<JR_SW9>SYS
[JR_SW9]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW9]int g0/0/3
[JR_SW9-GigabitEthernet0/0/3]port link-type access
[JR_SW9-GigabitEthernet0/0/3]port default vlan 60
[JR_SW9-GigabitEthernet0/0/3]qui
[JR_SW9]int Eth-Trunk 2
[JR_SW9-Eth-Trunk2]port link-type trunk
[JR_SW9-Eth-Trunk2]port trunk allow-pass vlan 60 900
[JR_SW9-Eth-Trunk2]qui
------------------------------------
HJ_SW4:
<HJ_SW4>sys
[HJ_SW4]vlan batch 20 30 40 50 60 70 80 200 900
[HJ_SW4]int g0/0/1
[HJ_SW4-GigabitEthernet0/0/1]port link-type trunk
[HJ_SW4-GigabitEthernet0/0/1]port trunk allow-pass vlan 50 60 900
[HJ_SW4-GigabitEthernet0/0/1]int g0/0/2
[HJ_SW4-GigabitEthernet0/0/2]port link-type trunk
[HJ_SW4-GigabitEthernet0/0/2]port trunk allow-pass vlan 50 60 900
[HJ_SW4-GigabitEthernet0/0/2]int g0/0/3
[HJ_SW4-GigabitEthernet0/0/3]port link-type trunk
[HJ_SW4-GigabitEthernet0/0/3]port trunk allow-pass vlan 50 900
[HJ_SW4-GigabitEthernet0/0/3]qui
[HJ_SW4]int Eth-Trunk 2
[HJ_SW4-Eth-Trunk2]port link-type trunk
[HJ_SW4-Eth-Trunk2]port trunk allow-pass vlan 60 900
[HJ_SW4-Eth-Trunk2]qui
[HJ_SW4]
------------------------------------
JR_SW10:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname JR_SW10
[JR_SW10]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW10]int g0/0/1
[JR_SW10-GigabitEthernet0/0/1]port link-type trunk
[JR_SW10-GigabitEthernet0/0/1]port trunk allow-pass vlan 70 900
[JR_SW10-GigabitEthernet0/0/1]int g0/0/2
[JR_SW10-GigabitEthernet0/0/2]port link-type access
[JR_SW10-GigabitEthernet0/0/2]port default vlan 70
[JR_SW10-GigabitEthernet0/0/2]qui
------------------------------------
JR_SW11:
<JR_SW11>sys
[JR_SW11]vlan batch 20 30 40 50 60 70 80 200 900
[JR_SW11]int g0/0/1
[JR_SW11-GigabitEthernet0/0/1]port link-type trunk
[JR_SW11-GigabitEthernet0/0/1]port trunk allow-pass vlan 80 900
[JR_SW11-GigabitEthernet0/0/1]int g0/0/2
[JR_SW11-GigabitEthernet0/0/2]port link-type access
[JR_SW11-GigabitEthernet0/0/2]port default vlan 80
[JR_SW11-GigabitEthernet0/0/2]int g0/0/3
[JR_SW11-GigabitEthernet0/0/3]port link-type access
[JR_SW11-GigabitEthernet0/0/3]port default vlan 80
------------------------------------
HJ_SW5:
<Huawei>system-view
[Huawei]un in en
[Huawei]sysname HJ_SW5
[HJ_SW5]vlan batch 20 30 40 50 60 70 80 200 900
[HJ_SW5]int g0/0/1
[HJ_SW5-GigabitEthernet0/0/1]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/1]port trunk allow-pass vlan 70 80 900
[HJ_SW5-GigabitEthernet0/0/1]int g0/0/2
[HJ_SW5-GigabitEthernet0/0/2]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/2]port trunk allow-pass vlan 70 80 900
[HJ_SW5-GigabitEthernet0/0/2]int g0/0/3
[HJ_SW5-GigabitEthernet0/0/3]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/3]port trunk allow-pass vlan 70 900
[HJ_SW5-GigabitEthernet0/0/3]int g0/0/4
[HJ_SW5-GigabitEthernet0/0/4]port link-type trunk
[HJ_SW5-GigabitEthernet0/0/4]port trunk allow-pass vlan 80 900
[HJ_SW5-GigabitEthernet0/0/4]qui
------------------------------------
JR_SW12:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname JR_SW12
基于eNSP的千人中型校园/企业网络设计与规划(可以自己按步骤实现)
基于eNSP的千人中型校园/企业网络设计与规划(可以自己按步骤实现)
基于eNSP的千人中型校园/企业网络设计与规划(可以自己按步骤实现)