eNSP综合拓扑
Posted SettleAB
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了eNSP综合拓扑相关的知识,希望对你有一定的参考价值。
致谢刘同学和林同学的帮助
L2S1
- 创建vlan
vlan batch 11 to 14
- 配置生成树,创建实例
stp mode mstp
stp en
stp region-config
region-name instance1
revision-level 1
instance 1 vlan 11 12
instance 2 vlan 13 14
active region-config
- 配置LSW1各端口类型
interface Ethernet0/0/1
port link-type access
port default vlan 11
interface Ethernet0/0/2
port link-type access
port default vlan 12
interface Ethernet0/0/3
port link-type access
port default vlan 13
interface Ethernet0/0/4
port link-type access
port default vlan 14
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan all
- 配置内网主机访问权限
source any / destination any 可以不写
time-range worktime 09:00 to 17:00 working-day
acl number 3000
rule permit tcp (source any) destination 192.168.15.100 0 destination-port eq ftp time-ran
ge worktime
rule permit tcp (source any) destination 192.168.15.100 0 destination-port eq www time-ra
nge worktime
rule deny tcp (source any destination any) destination-port eq ftp time-range worktime
rule deny tcp (source any destination any) destination-port eq www time-range worktime
rule permit ip (source any destination any)
- 不允许vlan11与vlan12互相访问,创建acl3001
acl number 3001
rule 5 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.12.0 0.0.0.255
- 加入对应访问控制列表
interface GigabitEthernet0/0/1
traffic-filter outbound acl 3000
interface GigabitEthernet0/0/2
traffic-filter outbound acl 3000
interface Ethernet0/0/1
traffic-filter inbound acl 3001
L3S1
- 创建vlan,并配置相应端口(23和24端口不用配置,一会要链路聚合)
vlan batch 11 to 15 21
interface GigabitEthernet0/0/1
port link-type access
port default vlan 21
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet0/0/10
port link-type access
port default vlan 15
- 配置链路聚合,模式为手动,负载均衡源目地
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan all
mode manual load-balance
load-balance src-dst-ip
interface GigabitEthernet0/0/23
eth-trunk 1
interface GigabitEthernet0/0/24
eth-trunk 1
- 配置DHCP
dhcp enable
ip pool lan11
gateway-list 192.168.11.254
network 192.168.11.0 24
excluded-ip-address 192.168.11.1 192.168.11.2
lease day 7 hour
dns-list 125.216.112.19
ip pool lan12
gateway-list 192.168.12.254
network 192.168.12.0 24
excluded-ip-address 192.168.12.1 192.168.12.2
lease day 7
dns-list 125.216.112.19
- 配置vrrp并追踪上行接口
VRRP (Virtual Router RedundancyProtocol-虚拟路由冗余协议),首先我们要知道VRRP是一种容错性协议,它是通过将多台设备虚拟化成一台设备,如果其中一台设备出现故障,那么另一台设备可以迅速接替其工作,已保证通讯的可靠性和连续性。
interface Vlanif21
ip address 192.168.21.254 24
interface Vlanif11
ip address 192.168.11.1 24
vrrp vrid 11 virtual-ip 192.168.11.254
vrrp vrid 11 priority 200
vrrp vrid 11 track interface Vlanif21 reduced 150
dhcp select global
interface Vlanif12
ip address 192.168.12.1 24
vrrp vrid 12 virtual-ip 192.168.12.254
vrrp vrid 12 priority 200
vrrp vrid 12 track interface Vlanif21 reduced 150
dhcp select global
interface Vlanif13
ip address 192.168.13.1 24
vrrp vrid 13 virtual-ip 192.168.13.254
interface Vlanif14
ip address 192.168.14.1 24
vrrp vrid 14 virtual-ip 192.168.14.254
interface Vlanif15
ip address 192.168.15.1 24
vrrp vrid 15 virtual-ip 192.168.15.254
- 配置多生成树(mstp),创建2个实例
stp mode mstp
stp enable
stp region-configuration
region-name instance1
revision-level 1
instance 1 vlan 11 12
instance 2 vlan 13 14
active region-configuration
- 配置主根桥
stp instance 1 root pri
stp instance 2 root sec
- 配置OSPF
ospf 1 router-id 1.1.1.1
area 0
network 192.168.11.0 0.0.0.255
network 192.168.12.0 0.0.0.255
network 192.168.13.0 0.0.0.255
network 192.168.14.0 0.0.0.255
network 192.168.15.0 0.0.0.255
network 192.168.21.0 0.0.0.255
L3S2
- 创建vlan,并配置相应端口(23和24不配,一会链路聚合)
vlan batch 11 to 14 22
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet0/0/2
port link-type access
port default vlan 22
- 配置链路聚合,手动模式,负载均衡源目地
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan all
mode manual load-balance
load-balance src-dst-ip
interface GigabitEthernet0/0/23
eth-trunk 1
interface GigabitEthernet0/0/24
eth-trunk 1
- 配置DHCP(关宣排租dns)
dhcp enable
ip pool lan13
gateway-list 192.168.13.254
network 192.168.13.0 24
excluded-ip-address 192.168.13.1 192.168.13.2
lease day 7
dns-list 125.216.112.19
ip pool lan14
gateway-list 192.168.14.254
network 192.168.14.0 24
excluded-ip-address 192.168.14.1 192.168.14.2
lease day 7
dns-list 125.216.112.19
配置vrrp,并追踪上行接口
interface Vlanif22
ip address 192.168.22.254 255.255.255.0
interface Vlanif11
ip address 192.168.11.2 24
vrrp vrid 11 virtual-ip 192.168.11.254
interface Vlanif12
ip address 192.168.12.2 24
vrrp vrid 12 virtual-ip 192.168.12.254
interface Vlanif13
ip address 192.168.13.2 24
vrrp vrid 13 virtual-ip 192.168.13.254
vrrp vrid 13 priority 200
vrrp vrid 13 track interface Vlanif22 reduced 150
dhcp select global
interface Vlanif14
ip address 192.168.14.2 24
vrrp vrid 14 virtual-ip 192.168.14.254
vrrp vrid 14 priority 200
vrrp vrid 14 track interface Vlanif22 reduced 150
dhcp select global
配置生成树为mstp,创建两个实例
stp enable
stp mode mstp
stp region-configuration
region-name instance1
revision-level 1
instance 1 vlan 11 to 12
instance 2 vlan 13 to 14
active region-configuration
- 配置主根桥
stp instance 1 root sec
stp instance 2 root pri
- OSPF
ospf 1 router-id 2.2.2.2
area 0
network 192.168.11.0 0.0.0.255
network 192.168.12.0 0.0.0.255
network 192.168.13.0 0.0.0.255
network 192.168.14.0 0.0.0.255
network 192.168.22.0 0.0.0.255
R1
配置各个端口,s1为ppp,s0为chap:
interface GigabitEthernet0/0/1
ip address 192.168.21.1 24
interface GigabitEthernet0/0/2
ip address 192.168.22.1 24
interface Serial0/0/0
link-protocol ppp
ppp authentication-mode chap
ip address 192.168.1.1 30
interface Serial0/0/1
link-protocol ppp
ip address 20.22.1.1 28
- 配置3a
aaa
local-user huawei password cipher wei privilege level 3
local-user huawei service-type ppp
- 配置默认路由
ip route-static 0.0.0.0 0.0.0.0 20.22.1.2
- 配置rip,先默认ospf再配置rip
ospf 1 router-id 3.3.3.3
default-route-advertise always
rip 1
undo summary
default-route originate
version 2
network 192.168.1.0
import-route ospf 1
- 配置OSPF:
ospf 1 router-id 3.3.3.3
import-route rip 1
area 0.0.0.0
network 192.168.21.0 0.0.0.255
network 192.168.22.0 0.0.0.255
- nat:
- (题)要让Internet的主机能访问内部WWW和FTP服务,外网访问的公网地址为20.22.1.14,内部服务器的地址为192.168.15.100。
NAT(Network Address Translation),是指网络地址转换,1994年提出的。当在专用网内部的一些主机本来已经分配到了本地IP地址(即仅在本专用网内使用的专用地址),但又想和因特网上的主机通信(并不需要加密)时,可使用NAT方法。
nat address-group 1 20.22.1.3 20.22.1.13
acl number 2000
rule permit source 192.168.11.0 0.0.0.255
rule permit source 192.168.12.0 0.0.0.255
rule permit source 192.168.13.0 0.0.0.255
rule permit source 192.168.14.0 0.0.0.255
rule permit source 192.168.15.0 0.0.0.255
interface Serial0/0/1
nat server protocol tcp global 20.22.1.14 www inside 192.168.15.100 www
nat server protocol tcp global 20.22.1.14 443(http) inside 192.168.15.100 443
nat server protocol tcp global 20.22.1.14 21(ftp) inside 192.168.15.100 21
nat server protocol tcp global 20.22.1.14 20(ftp-data)inside 192.168.15.100 20
nat server protocol udp global 20.22.1.14 53(dns) inside 192.168.15.100 53
nat server protocol tcp global 20.22.1.14 53(domain) inside 192.168.15.100 53
nat outbound 2000 address-group 1
[]
nat alg dns enable
nat alg ftp enable
R2
- 配置端口
interface GigabitEthernet0/0/1
ip address 10.1.1.254 24
- 配置ppp认证,模式为chap
interface Serial0/0/0
link-protocol ppp
ppp authentication-mode chap
ppp chap user huawei
ppp chap password cipher wei
ip address 192.168.1.2 30
- 配置RIP
rip 1
undo summary
version 2
network 10.1.1.0
network 192.168.1.0
ISP
interface Serial0/0/1
link-protocol ppp
ip address 20.22.1.2 28
考试没有SW
以上是关于eNSP综合拓扑的主要内容,如果未能解决你的问题,请参考以下文章