基于eNSP的高校/企业无线WLAN网络规划设计

乌市泽哥  金牌会员 | 2024-6-19 14:40:14 | 显示全部楼层 | 阅读模式
打印 上一主题 下一主题
楼主

主题 693|帖子 693|积分 2079

     作者:BSXY_19计科_陈永跃       BSXY_信息学院       注:未经答应禁止转发任何内容   


  
媒介及技能/资源下载说明( 未经答应禁止转发任何内容

可根据以下所提供的设计与实现步调过程一步一步自行实现(每一条命令都是关键的命令);但是如果有需要的也可以根据以下地点举行下载完整的topo图和完整的配置举行参考与借鉴**,如若拿到topo图可多display查看配置,查看相应的命令,配套资源获取如下,相应的内容如下图所示

  1. 公众号(小猿网),回复“网络规划”即可
  3. 资源为收费资源,如不符合您的消费观,还请您见谅
  5. (对应封面图及标题找到相应资源即可)
  6. 内容包含:
  7. 基于eNSP的高校/企业无线WLAN网络规划设
  8. 计-毕设或课设可参考一步步的所有配置命
  9. 令(ensp)+所有的配置命令+详细的地址规划
  10. 表+相应的测试文档和截图
  12. 由于公众号可能目前没有太大的曝光度,搜索时可能
  13. 不是置顶的公众号。这时可以多往下滑一下找到该公
  14. 众号,或者直接到文章结尾处获取公众号二维码即可
复制代码
模仿器中防火墙用户名:admin 密码:admin@123


topo图也就是这样子的,相应的地点规划和路由规划大部分都在图中明确的标注了

该topo网络中用到的技能有vlan分别、eth-trunk链路捆绑、MSPT、VRRP、OSPF、ISIS、DHCP中继、无线WLAN、无线AC冗余、环游、防火墙安全策略、NAT、ACL、双机热备等。该实验非常适合于想做有关无线WLAN毕设的小搭档或想要训练无线综合实验的小搭档。如果是对于想写无线WLAN方面的论文也比较好写。且对于毕设课设的小搭档可以举行参考,举行本身的规划与设计。场景适用于毕业设计、校园网络规划、企业网络规划等场合,有什么问题可以在平台私信博主,博主看到都会第一时间回复的,最后说明该topo规划最后的作者权归于:BSXY_信息学院_19计科_陈永跃
一、设计topo图与设计要求

拓扑图1:

   设计要求:
  

  • 完成服务器、防火墙、路由器相应的接口地点的配置
  • 核心交换机配置Eth-Trunk链路捆绑来提高链路的冗余
  • 根据差别的地域分别多个差别的vlan,减小广播域大小,提高网络的可靠性和安全性
  • 配置MSTP+VRRP,同时实现冗余,分别实例,让差别的vlan优先选择相应的交换机,并减少stp震荡
  • 内网内运行OSPF路由
  • 全部的AP和无线用户都能自动获取地点,且通过DHCP server分配
  • 配置相应的安全策略并使得内网能访问外网
  • 出口使用两台防火墙,且两台防火墙做双机热备
  • 防火墙双机热备使用两个心跳线并做链路捆绑提高网络的可靠性
  • 外网区域运行ISIS路由
  • A B学院AP优先加入AC1,AC2作为备份;C D学院AP优先加入AC2,AC1作为备份,保证一个AP可由两个AC举行管理提高网络的可靠性
  • 无线用户可以实现一个区域到另一个区域间的无线环游
  • 除vlan21用户外别的无线用户可以访问外网且可通过域名上网
  • 配置ACL实现处于vlan21的用户不可以访问外网
  • 路由从FW1出来的优先走YD_R1,DX_R2作为备份;路由从FW2出来的优先走DX_R2,YD_R1作为备份
  二、相应地点规划表



地点规划表上传的时候有点模糊,这里没有做图片的一下优化处理,但是Excel里面的是可以编辑的或是可以更改的,像下图就比较清晰

三、基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)(可不看)

   插曲部分:基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)) 如下图所示(但是并不在该篇文章中做详细介绍和说明,如查看可点击连接自行查看阅读):

设计要求:
  

  • 完成服务器、防火墙、路由器相应的接口地点的配置
  • 慧源楼配置Eth-Trunk链路捆绑来提高链路的冗余
  • 根据差别的地域分别多个差别的vlan,减小广播域大小,提高网络的可靠性和安全性
  • 在明诚楼配置MSTP+VRRP,同时实现冗余,分别实例,让差别的vlan优先选择相应的交换机,并减少stp震荡
  • 明诚楼、慧源楼、德润楼的全部用户通过配置相应的DHCP中继能自动获取地点,且DHCP服务器为DHCPserver
  • 配置相应的ospf,多区域区域0中OSPF激活MD5认证,SW1/SW2采用接口方式配置
  • 区域0内的设备启用BFD快速检测链路故障
  • 分校区用户也需要要自动获取地点,相应服务器为AR4,AR4配置相应的子接口为相应终端分配地点
  • 配置端口安全,且接口能够自动学习MAC地点
  • 配置端口隔离实现PC6,PC7同VLAN内不能互访
  • 分校区/分部的无线用的地点和AP的地点都由SW8来分配
  • FW2作为PPPoE客户端,AR5作为PPPoE服务端,举行相应的拨号上网
  • R1,R2,R3摆设ISIS Level-2,区域ID 49.0000
  • 摆设MPLS VPN,其中R1,R3作为PE设备,R2作为路由放射器
  • FW1,FW2作为CE端与PE端建立eBGP邻人关系
  • 运营商AS 100,总部/主校区在65430,分支都在AS65000
  • FW1,FW2之间摆设IPSec VPN 实现总部/主校区与分支之间通信
  • 其中总部和分支之间通信优先使用MPLS VPN若MPLS VPN故障使用IPSec VPN实现通信
  • 若FW1中NQA检测10.1.5.5不可达则停止下发缺省到内网
  • NAT配置总部/主校区用户方位外网用地点池10.1.22.100~10.1.22.110
  • 分支用户访问外网采用EASY-IP实现
  • 外网用户访问内网WEB服务——用100.100.100.100来做相应的地点映射
  • 财务部服务器只能由内网的vlan 10用户访问
  • 配置DHCP Snooping防止DHCP欺骗与非法dhcp服务器的接入
  • 内部的全部交换机都可以被telnet举行长途管理
  • 主校区/总部用户可以通过域名(www.baidu.com)访问外网百度,无线用户也可以
  • ipv6中对于AS100内互联地点采用link-local地点
  • R1,R2,R3的lo0地点2001:10:1:X::X/128
  • 激活ISISv6,并保障v4与v6的拓扑分离
  • SW1 SW2新增Lo0接口地点为2001:192:168:X::X/128
  • FW1,SW1,SW2摆设OSPFv3区域0,其中互联地点采用Link-local地点
  • 分支FW2与AR4摆设OSPFv3,互联地点采用link-local地点
  • FW1,FW2利用MPLS VPN网络建立6to4隧道
  • 对于6to4隧道基础上摆设BGP4+,实现总部与分支的IPv6互通
  四、该网络规划全过程(顺着一步一步走

1、eth-trunk

  1.         HX_SW1:
  2. sys
  3. un in en
  4. sysname HX_SW1
  5. int eth-trunk 1
  6. mode lacp-static
  7. trunkport g0/0/24
  8. trunkport g0/0/23
  9. qui
  10. ---------------------------
  11.         HX_SW2:
  12. sys
  13. un in en
  14. sysname HX_SW2
  15. int eth-trunk 1
  16. mode lacp-static
  17. trunkport g0/0/24
  18. trunkport g0/0/23
  19. qui
复制代码
2、vlan分别

  1.         HJ_SW3:
  2. sys
  3. un in en
  4. sysname HJ_SW3
  5. vlan batch 10 11 20 21
  6. int g0/0/1
  7. port link-type trunk
  8. port trunk allow-pass vlan 10 11 20 21
  9. int g0/0/2
  10. port link-type trunk
  11. port trunk allow-pass vlan 10 11 20 21
  12. int g0/0/3
  13. port link-type trunk
  14. port trunk pvid vlan 10
  15. port trunk allow-pass vlan 10 11
  16. int g0/0/4
  17. port link-type trunk
  18. port trunk pvid vlan 20
  19. port trunk allow-pass vlan 20 21
  20. qui
  21. ---------------------------
  22.         HJ_SW4:
  23. sys
  24. un in en
  25. sysname HJ_SW4
  26. vlan batch 30 31 40 41
  27. int g0/0/1
  28. port link-type trunk
  29. port trunk allow-pass vlan 30 31 40 41
  30. int g0/0/2
  31. port link-type trunk
  32. port trunk allow-pass vlan 30 31 40 41
  33. int g0/0/3
  34. port link-type trunk
  35. port trunk pvid vlan 30
  36. port trunk allow-pass vlan 30 31
  37. int g0/0/4
  38. port link-type trunk
  39. port trunk pvid vlan 40
  40. port trunk allow-pass vlan 40 41
  41. qui
  42. ---------------------------
  43.         HJ_SW5:
  44. sys
  45. un in en
  46. sysname HJ_SW5
  47. vlan batch 50 51 60 61
  48. int g0/0/1
  49. port link-type trunk
  50. port trunk allow-pass vlan 50 51 60 61
  51. int g0/0/2
  52. port link-type trunk
  53. port trunk allow-pass vlan 50 51 60 61
  54. int g0/0/3
  55. port link-type trunk
  56. port trunk pvid vlan 50
  57. port trunk allow-pass vlan 50 51
  58. int g0/0/4
  59. port link-type trunk
  60. port trunk pvid vlan 60
  61. port trunk allow-pass vlan 60 61
  62. qui
  63. ---------------------------
  64.         JR_SW6:
  65. sys
  66. un in en
  67. sysname JR_SW6
  68. vlan batch 200
  69. p g g0/0/1 g0/0/2
  70. port link-type trunk
  71. port trunk allow-pass vlan 200
  72. qui
  73. p g g0/0/3 g0/0/4
  74. port link acc
  75. port default vlan 200
  76. qui
  77. ---------------------------
  78.         HX_SW1:
  79. vlan batch 10 11 20 21 30 31 40 41 50 51
  80. vlan batch 60 61 200 6 8
  81. int g0/0/1
  82. port link acc
  83. port default vlan 8
  84. qui
  85. p g g0/0/2 to g0/0/6
  86. port link-type trunk
  87. port trunk all vlan all
  88. qui
  89. int eth 1
  90. port link trunk
  91. port trunk all vlan all
  92. qui
  93. ---------------------------
  94.         HX_SW2:
  95. vlan batch 10 11 20 21 30 31 40 41 50 51
  96. vlan batch 60 61 200 7 9
  97. int g0/0/1
  98. port link acc
  99. port default vlan 9
  100. qui
  101. p g g0/0/2 to g0/0/6
  102. port link trunk
  103. port trunk all vlan all
  104. qui
  105. int eth 1
  106. port link trunk
  107. port trunk all vlan all
  108. qui
复制代码
3、MSTP

  1.         HX_SW1:
  2. stp region-configuration
  3. region-name MST
  4. revision-level 1
  5. instance 1 vlan 10 11 20 21 30 31 200
  6. instance 2 vlan 40 41 50 51 60 61
  7. active region-configuration
  8. qui
  9. stp instance 1 root primary
  10. stp instance 2 root secondary
  11. p g g0/0/3 to g0/0/6 eth 1
  12. stp edged-port disable
  13. qui
  14. stp edged-port default
  15. ---------------------------
  16.         HX_SW2:
  17. stp region-configuration
  18. region-name MST
  19. revision-level 1
  20. instance 1 vlan 10 11 20 21 30 31 200
  21. instance 2 vlan 40 41 50 51 60 61
  22. active region-configuration
  23. qui
  24. stp instance 2 root primary
  25. stp instance 1 root secondary
  26. p g g0/0/3 to g0/0/6 eth 1
  27. stp edged-port disable
  28. qui
  29. stp edged-port default
  30. ---------------------------
  31.         HJ_SW3:
  32. stp region-configuration
  33. region-name MST
  34. revision-level 1
  35. instance 1 vlan 10 11 20 21 30 31 200
  36. instance 2 vlan 40 41 50 51 60 61
  37. active region-configuration
  38. qui
  39. p g g0/0/1 g0/0/2
  40. stp edged-port disable
  41. stp loop-protection
  42. qui
  43. stp edged-port default
  44. ---------------------------
  45.         HJ_SW4:
  46. stp region-configuration
  47. region-name MST
  48. revision-level 1
  49. instance 1 vlan 10 11 20 21 30 31 200
  50. instance 2 vlan 40 41 50 51 60 61
  51. active region-configuration
  52. qui
  53. p g g0/0/1 g0/0/2
  54. stp edged-port disable
  55. stp loop-protection
  56. qui
  57. stp edged-port default
  58. ---------------------------
  59.         HJ_SW5:
  60. stp region-configuration
  61. region-name MST
  62. revision-level 1
  63. instance 1 vlan 10 11 20 21 30 31 200
  64. instance 2 vlan 40 41 50 51 60 61
  65. active region-configuration
  66. qui
  67. p g g0/0/1 g0/0/2
  68. stp edged-port disable
  69. stp loop-protection
  70. qui
  71. stp edged-port default
  72. ---------------------------
  73.         JR_SW6:
  74. stp region-configuration
  75. region-name MST
  76. revision-level 1
  77. instance 1 vlan 10 11 20 21 30 31 200
  78. instance 2 vlan 40 41 50 51 60 61
  79. active region-configuration
  80. qui
  81. p g g0/0/1 g0/0/2
  82. stp edged-port disable
  83. stp loop-protection
  84. qui
  85. stp edged-port default
复制代码
4、VRRP

  1.         HX_SW1:
  2. int vlan 6
  3. ip add 192.168.6.6 24
  4. int vlan 8
  5. ip add 192.168.8.8 24
  6. int vlan 10
  7. ip add 192.168.10.254 24
  8. vrrp vrid 10 virtual-ip 192.168.10.1
  9. vrrp vrid 10 priority 101
  10. vrrp vrid 10 track int g0/0/1
  11. int vlan 11
  12. ip add 192.168.11.254 24
  13. vrrp vrid 11 virtual-ip 192.168.11.1
  14. vrrp vrid 11 priority 101
  15. vrrp vrid 11 track int g0/0/1
  16. int vlan 20
  17. ip add 192.168.20.254 24
  18. vrrp vrid 20 virtual-ip 192.168.20.1
  19. vrrp vrid 20 priority 101
  20. vrrp vrid 20 track int g0/0/1
  21. int vlan 21
  22. ip add 192.168.21.254 24
  23. vrrp vrid 21 virtual-ip 192.168.21.1
  24. vrrp vrid 21 priority 101
  25. vrrp vrid 21 track int g0/0/1
  26. int vlan 30
  27. ip add 192.168.30.254 24
  28. vrrp vrid 30 virtual-ip 192.168.30.1
  29. vrrp vrid 30 priority 101
  30. vrrp vrid 30 track int g0/0/1
  31. int vlan 31
  32. ip add 192.168.31.254 24
  33. vrrp vrid 31 virtual-ip 192.168.31.1
  34. vrrp vrid 31 priority 101
  35. vrrp vrid 31 track int g0/0/1
  36. int vlan 200
  37. ip add 192.168.200.254 24
  38. vrrp vrid 200 virtual-ip 192.168.200.1
  39. vrrp vrid 200 priority 101
  40. vrrp vrid 200 track int g0/0/1
  41. int vlan 40
  42. ip add 192.168.40.254 24
  43. vrrp vrid 40 virtual-ip 192.168.40.1
  44. int vlan 41
  45. ip add 192.168.41.254 24
  46. vrrp vrid 41 virtual-ip 192.168.41.1
  47. int vlan 50
  48. ip add 192.168.50.254 24
  49. vrrp vrid 50 virtual-ip 192.168.50.1
  50. int vlan 51
  51. ip add 192.168.51.254 24
  52. vrrp vrid 51 virtual-ip 192.168.51.1
  53. int vlan 60
  54. ip add 192.168.60.254 24
  55. vrrp vrid 60 virtual-ip 192.168.60.1
  56. int vlan 61
  57. ip add 192.168.61.254 24
  58. vrrp vrid 61 virtual-ip 192.168.61.1
  59. qui
  60. ---------------------------
  61.         HX_SW2:
  62. int vlan 7
  63. ip add 192.168.7.7 24
  64. int vlan 9
  65. ip add 192.168.9.9 24
  66. int vlan 10
  67. ip add 192.168.10.253 24
  68. vrrp vrid 10 virtual-ip 192.168.10.1
  69. int vlan 11
  70. ip add 192.168.11.253 24
  71. vrrp vrid 11 virtual-ip 192.168.11.1
  72. int vlan 20
  73. ip add 192.168.20.253 24
  74. vrrp vrid 20 virtual-ip 192.168.20.1
  75. int vlan 21
  76. ip add 192.168.21.253 24
  77. vrrp vrid 21 virtual-ip 192.168.21.1
  78. int vlan 30
  79. ip add 192.168.30.253 24
  80. vrrp vrid 30 virtual-ip 192.168.30.1
  81. int vlan 31
  82. ip add 192.168.31.253 24
  83. vrrp vrid 31 virtual-ip 192.168.31.1
  84. int vlan 200
  85. ip add 192.168.200.253 24
  86. vrrp vrid 200 virtual-ip 192.168.200.1
  87. int vlan 40
  88. ip add 192.168.40.253 24
  89. vrrp vrid 40 virtual-ip 192.168.40.1
  90. vrrp vrid 40 priority 101
  91. vrrp vrid 40 track int g0/0/1
  92. int vlan 41
  93. ip add 192.168.41.253 24
  94. vrrp vrid 41 virtual-ip 192.168.41.1
  95. vrrp vrid 41 priority 101
  96. vrrp vrid 41 track int g0/0/1
  97. int vlan 50
  98. ip add 192.168.50.253 24
  99. vrrp vrid 50 virtual-ip 192.168.50.1
  100. vrrp vrid 50 priority 101
  101. vrrp vrid 50 track int g0/0/1
  102. int vlan 51
  103. ip add 192.168.51.253 24
  104. vrrp vrid 51 virtual-ip 192.168.51.1
  105. vrrp vrid 51 priority 101
  106. vrrp vrid 51 track int g0/0/1
  107. int vlan 60
  108. ip add 192.168.60.253 24
  109. vrrp vrid 60 virtual-ip 192.168.60.1
  110. vrrp vrid 60 priority 101
  111. vrrp vrid 60 track int g0/0/1
  112. int vlan 61
  113. ip add 192.168.61.253 24
  114. vrrp vrid 61 virtual-ip 192.168.61.1
  115. vrrp vrid 61 priority 101
  116. vrrp vrid 61 track int g0/0/1
  117. qui
复制代码
5、DHCP中继

  1.         HX_SW1:
  2. dhcp enable
  3. int vlan 10
  4. dhcp select relay
  5. dhcp relay server-ip 192.168.200.3
  6. int vlan 11
  7. dhcp select relay
  8. dhcp relay server-ip 192.168.200.3
  9. int vlan 20
  10. dhcp select relay
  11. dhcp relay server-ip 192.168.200.3
  12. int vlan 21
  13. dhcp select relay
  14. dhcp relay server-ip 192.168.200.3
  15. int vlan 30
  16. dhcp select relay
  17. dhcp relay server-ip 192.168.200.3
  18. int vlan 31
  19. dhcp select relay
  20. dhcp relay server-ip 192.168.200.3
  21. int vlan 40
  22. dhcp select relay
  23. dhcp relay server-ip 192.168.200.3
  24. int vlan 41
  25. dhcp select relay
  26. dhcp relay server-ip 192.168.200.3
  27. int vlan 50
  28. dhcp select relay
  29. dhcp relay server-ip 192.168.200.3
  30. int vlan 51
  31. dhcp select relay
  32. dhcp relay server-ip 192.168.200.3
  33. int vlan 60
  34. dhcp select relay
  35. dhcp relay server-ip 192.168.200.3
  36. int vlan 61
  37. dhcp select relay
  38. dhcp relay server-ip 192.168.200.3
  39. ---------------------------
  40.         HX_SW2:
  41. dhcp enable
  42. int vlan 10
  43. dhcp select relay
  44. dhcp relay server-ip 192.168.200.3
  45. int vlan 11
  46. dhcp select relay
  47. dhcp relay server-ip 192.168.200.3
  48. int vlan 20
  49. dhcp select relay
  50. dhcp relay server-ip 192.168.200.3
  51. int vlan 21
  52. dhcp select relay
  53. dhcp relay server-ip 192.168.200.3
  54. int vlan 30
  55. dhcp select relay
  56. dhcp relay server-ip 192.168.200.3
  57. int vlan 31
  58. dhcp select relay
  59. dhcp relay server-ip 192.168.200.3
  60. int vlan 40
  61. dhcp select relay
  62. dhcp relay server-ip 192.168.200.3
  63. int vlan 41
  64. dhcp select relay
  65. dhcp relay server-ip 192.168.200.3
  66. int vlan 50
  67. dhcp select relay
  68. dhcp relay server-ip 192.168.200.3
  69. int vlan 51
  70. dhcp select relay
  71. dhcp relay server-ip 192.168.200.3
  72. int vlan 60
  73. dhcp select relay
  74. dhcp relay server-ip 192.168.200.3
  75. int vlan 61
  76. dhcp select relay
  77. dhcp relay server-ip 192.168.200.3
  78. ---------------------------
  79.         DHCP:
  80. sys
  81. un in en
  82. sysname DHCP
  83. dhcp enable   
  84. int g0/0/0
  85. ip add 192.168.200.3 24
  86. dhcp select global
  87. qui
  88. ip pool vlan10
  89. gateway-list 192.168.10.1
  90. network 192.168.10.0 mask 255.255.255.0
  91. excluded-ip-address 192.168.10.129 192.168.10.254
  92. lease unlimited
  93. option 43 sub-option 3 ascii 192.168.6.10,192.168.7.10
  94. qui
  95. ip pool vlan11
  96. gateway-list 192.168.11.1
  97. network 192.168.11.0 mask 24
  98. excluded-ip-address 192.168.11.250 192.168.11.254
  99. dns-list 192.168.200.2
  100. lease unlimited
  101. qui
  102. ip pool vlan20
  103. gateway-list 192.168.20.1
  104. network 192.168.20.0 mask 255.255.255.0
  105. excluded-ip-address 192.168.20.129 192.168.20.254
  106. lease unlimited
  107. option 43 sub-option 3 ascii 192.168.6.10,192.168.7.10
  108. qui
  109. ip pool vlan21
  110. gateway-list 192.168.21.1
  111. network 192.168.21.0 mask 24
  112. excluded-ip-address 192.168.21.250 192.168.21.254
  113. dns-list 192.168.200.2
  114. lease unlimited
  115. qui
  116. ip pool vlan30
  117. gateway-list 192.168.30.1
  118. network 192.168.30.0 mask 255.255.255.0
  119. excluded-ip-address 192.168.30.129 192.168.30.254
  120. lease unlimited
  121. option 43 sub-option 3 ascii 192.168.6.10,192.168.7.10
  122. qui
  123. ip pool vlan31
  124. gateway-list 192.168.31.1
  125. network 192.168.31.0 mask 24
  126. excluded-ip-address 192.168.31.250 192.168.31.254
  127. dns-list 192.168.200.2
  128. lease unlimited
  129. qui
  130. ip pool vlan40
  131. gateway-list 192.168.40.1
  132. network 192.168.40.0 mask 255.255.255.0
  133. excluded-ip-address 192.168.40.129 192.168.40.254
  134. lease unlimited
  135. option 43 sub-option 3 ascii 192.168.6.10,192.168.7.10
  136. qui
  137. ip pool vlan41
  138. gateway-list 192.168.41.1
  139. network 192.168.41.0 mask 24
  140. excluded-ip-address 192.168.41.250 192.168.41.254
  141. dns-list 192.168.200.2
  142. lease unlimited
  143. qui
  144. ip pool vlan50
  145. gateway-list 192.168.50.1
  146. network 192.168.50.0 mask 255.255.255.0
  147. excluded-ip-address 192.168.50.129 192.168.50.254
  148. lease unlimited
  149. option 43 sub-option 3 ascii 192.168.6.10,192.168.7.10
  150. qui
  151. ip pool vlan51
  152. gateway-list 192.168.51.1
  153. network 192.168.51.0 mask 24
  154. excluded-ip-address 192.168.51.250 192.168.51.254
  155. dns-list 192.168.200.2
  156. lease unlimited
  157. qui
  158. ip pool vlan60
  159. gateway-list 192.168.60.1
  160. network 192.168.60.0 mask 255.255.255.0
  161. excluded-ip-address 192.168.60.129 192.168.60.254
  162. lease unlimited
  163. option 43 sub-option 3 ascii 192.168.6.10,192.168.7.10
  164. qui
  165. ip pool vlan61
  166. gateway-list 192.168.61.1
  167. network 192.168.61.0 mask 24
  168. excluded-ip-address 192.168.61.250 192.168.61.254
  169. dns-list 192.168.200.2
  170. lease unlimited
  171. qui
  172. ip route-static 0.0.0.0 0 192.168.200.1
复制代码
6、OSPF

  1.         HX_SW1:
  2. ospf
  3. area 0
  4. network 192.168.10.0 0.0.0.255
  5. network 192.168.11.0 0.0.0.255
  6. network 192.168.20.0 0.0.0.255
  7. network 192.168.21.0 0.0.0.255
  8. network 192.168.30.0 0.0.0.255
  9. network 192.168.31.0 0.0.0.255
  10. network 192.168.40.0 0.0.0.255
  11. network 192.168.41.0 0.0.0.255
  12. network 192.168.50.0 0.0.0.255
  13. network 192.168.51.0 0.0.0.255
  14. network 192.168.60.0 0.0.0.255
  15. network 192.168.61.0 0.0.0.255
  16. network 192.168.6.0 0.0.0.255
  17. network 192.168.8.0 0.0.0.255
  18. network 192.168.200.0 0.0.0.255
  19. qui
  20. silent-interface all
  21. undo silent-interface Vlanif200
  22. undo silent-interface Vlanif8
  23. qui
  24. ---------------------------
  25.         HX_SW2:
  26. ospf
  27. area 0
  28. network 192.168.10.0 0.0.0.255
  29. network 192.168.11.0 0.0.0.255
  30. network 192.168.20.0 0.0.0.255
  31. network 192.168.21.0 0.0.0.255
  32. network 192.168.30.0 0.0.0.255
  33. network 192.168.31.0 0.0.0.255
  34. network 192.168.40.0 0.0.0.255
  35. network 192.168.41.0 0.0.0.255
  36. network 192.168.50.0 0.0.0.255
  37. network 192.168.51.0 0.0.0.255
  38. network 192.168.60.0 0.0.0.255
  39. network 192.168.61.0 0.0.0.255
  40. network 192.168.7.0 0.0.0.255
  41. network 192.168.9.0 0.0.0.255
  42. network 192.168.200.0 0.0.0.255
  43. qui
  44. silent-interface all
  45. undo silent-interface Vlanif200
  46. undo silent-interface Vlanif9
  47. qui
复制代码
7、无线AC配置

  1.         AC1:
  2. sys
  3. un in en
  4. sysname AC1
  5. vlan 6
  6. int vlan 6
  7. ip add 192.168.6.10 24
  8. qui
  9. int g0/0/1
  10. port link-type trunk
  11. port trunk allow-pass vlan all
  12. qui
  13. ip route-static 0.0.0.0 0.0.0.0 192.168.6.6
  14. capwap source interface vlanif6
  15. wlan
  16. ssid-profile name SSID_PRO
  17. ssid huawei
  18. qui
  19. security-profile name SEC_PRO
  20. security wpa2 psk pass-phrase huawei@123 aes
  21. qui
  22. ap-system-profile name AP1_PRO
  23. primary-access ip-address 192.168.6.10
  24. backup-access ip-address 192.168.7.10
  25. qui
  26. ap-system-profile name AP2_PRO
  27. primary-access ip-address 192.168.6.10
  28. backup-access ip-address 192.168.7.10
  29. qui
  30. ap-system-profile name AP3_PRO
  31. primary-access ip-address 192.168.6.10
  32. backup-access ip-address 192.168.7.10
  33. qui
  34. ap-system-profile name AP4_PRO
  35. primary-access ip-address 192.168.7.10
  36. backup-access ip-address 192.168.6.10
  37. qui
  38. ap-system-profile name AP5_PRO
  39. primary-access ip-address 192.168.7.10
  40. backup-access ip-address 192.168.6.10
  41. qui
  42. ap-system-profile name AP6_PRO
  43. primary-access ip-address 192.168.7.10
  44. backup-access ip-address 192.168.6.10
  45. qui
  46. vap-profile name VAP1_PRO
  47. ssid-profile SSID_PRO
  48. security-profile SEC_PRO
  49. service-vlan vlan-id 11
  50. qui
  51. vap-profile name VAP2_PRO
  52. ssid-profile SSID_PRO
  53. security-profile SEC_PRO
  54. service-vlan vlan-id 21
  55. qui
  56. vap-profile name VAP3_PRO
  57. ssid-profile SSID_PRO
  58. security-profile SEC_PRO
  59. service-vlan vlan-id 31
  60. qui
  61. vap-profile name VAP4_PRO
  62. ssid-profile SSID_PRO
  63. security-profile SEC_PRO
  64. service-vlan vlan-id 41
  65. qui
  66. vap-profile name VAP5_PRO
  67. ssid-profile SSID_PRO
  68. security-profile SEC_PRO
  69. service-vlan vlan-id 51
  70. qui
  71. vap-profile name VAP6_PRO
  72. ssid-profile SSID_PRO
  73. security-profile SEC_PRO
  74. service-vlan vlan-id 61
  75. qui
  76. ap-id 1 ap-mac 00E0-FC28-4B20
  77. ap-id 2 ap-mac 00E0-FC52-0D10
  78. ap-id 3 ap-mac 00E0-FC44-0F80
  79. ap-id 4 ap-mac 00E0-FC38-47E0
  80. ap-id 5 ap-mac 00E0-FC4F-2870
  81. ap-id 6 ap-mac 00E0-FCAD-3F60
  82. qui
  83. ap-id 1
  84. ap-name AREA_1
  85. ap-system-profile AP1_PRO
  86. vap-profile VAP1_PRO wlan 1 radio 0
  87. vap-profile VAP1_PRO wlan 1 radio 1
  88. qui
  89. ap-id 2
  90. ap-name AREA_2
  91. ap-system-profile AP2_PRO
  92. vap-profile VAP2_PRO wlan 1 radio 0
  93. vap-profile VAP2_PRO wlan 1 radio 1
  94. qui
  95. ap-id 3
  96. ap-name AREA_3
  97. ap-system-profile AP3_PRO
  98. vap-profile VAP3_PRO wlan 1 radio 0
  99. vap-profile VAP3_PRO wlan 1 radio 1
  100. qui
  101. ap-id 4
  102. ap-name AREA_4
  103. ap-system-profile AP4_PRO
  104. vap-profile VAP4_PRO wlan 1 radio 0
  105. vap-profile VAP4_PRO wlan 1 radio 1
  106. qui
  107. ap-id 5
  108. ap-name AREA_5
  109. ap-system-profile AP5_PRO
  110. vap-profile VAP5_PRO wlan 1 radio 0
  111. vap-profile VAP5_PRO wlan 1 radio 1
  112. qui
  113. ap-id 6
  114. ap-name AREA_6
  115. ap-system-profile AP6_PRO
  116. vap-profile VAP6_PRO wlan 1 radio 0
  117. vap-profile VAP6_PRO wlan 1 radio 1
  118. ----------------------------------
  119.         AC2:
  120. sys
  121. un in en
  122. sysname AC2
  123. vlan 7
  124. int vlan 7
  125. ip add 192.168.7.10 24
  126. qui
  127. int g0/0/1
  128. port link-type trunk
  129. port trunk allow-pass vlan all
  130. qui
  131. ip route-static 0.0.0.0 0.0.0.0 192.168.7.7
  132. capwap source interface vlanif7
  133. wlan
  134. ssid-profile name SSID_PRO
  135. ssid huawei
  136. qui
  137. security-profile name SEC_PRO
  138. security wpa2 psk pass-phrase huawei@123 aes
  139. qui
  140. ap-system-profile name AP1_PRO
  141. primary-access ip-address 192.168.6.10
  142. backup-access ip-address 192.168.7.10
  143. qui
  144. ap-system-profile name AP2_PRO
  145. primary-access ip-address 192.168.6.10
  146. backup-access ip-address 192.168.7.10
  147. qui
  148. ap-system-profile name AP3_PRO
  149. primary-access ip-address 192.168.6.10
  150. backup-access ip-address 192.168.7.10
  151. qui
  152. ap-system-profile name AP4_PRO
  153. primary-access ip-address 192.168.7.10
  154. backup-access ip-address 192.168.6.10
  155. qui
  156. ap-system-profile name AP5_PRO
  157. primary-access ip-address 192.168.7.10
  158. backup-access ip-address 192.168.6.10
  159. qui
  160. ap-system-profile name AP6_PRO
  161. primary-access ip-address 192.168.7.10
  162. backup-access ip-address 192.168.6.10
  163. qui
  164. vap-profile name VAP1_PRO
  165. ssid-profile SSID_PRO
  166. security-profile SEC_PRO
  167. service-vlan vlan-id 11
  168. qui
  169. vap-profile name VAP2_PRO
  170. ssid-profile SSID_PRO
  171. security-profile SEC_PRO
  172. service-vlan vlan-id 21
  173. qui
  174. vap-profile name VAP3_PRO
  175. ssid-profile SSID_PRO
  176. security-profile SEC_PRO
  177. service-vlan vlan-id 31
  178. qui
  179. vap-profile name VAP4_PRO
  180. ssid-profile SSID_PRO
  181. security-profile SEC_PRO
  182. service-vlan vlan-id 41
  183. qui
  184. vap-profile name VAP5_PRO
  185. ssid-profile SSID_PRO
  186. security-profile SEC_PRO
  187. service-vlan vlan-id 51
  188. qui
  189. vap-profile name VAP6_PRO
  190. ssid-profile SSID_PRO
  191. security-profile SEC_PRO
  192. service-vlan vlan-id 61
  193. qui
  194. ap-id 1 ap-mac 00E0-FC28-4B20
  195. ap-id 2 ap-mac 00E0-FC52-0D10
  196. ap-id 3 ap-mac 00E0-FC44-0F80
  197. ap-id 4 ap-mac 00E0-FC38-47E0
  198. ap-id 5 ap-mac 00E0-FC4F-2870
  199. ap-id 6 ap-mac 00E0-FCAD-3F60
  200. qui
  201. ap-id 1
  202. ap-name AREA_1
  203. ap-system-profile AP1_PRO
  204. vap-profile VAP1_PRO wlan 1 radio 0
  205. vap-profile VAP1_PRO wlan 1 radio 1
  206. qui
  207. ap-id 2
  208. ap-name AREA_2
  209. ap-system-profile AP2_PRO
  210. vap-profile VAP2_PRO wlan 1 radio 0
  211. vap-profile VAP2_PRO wlan 1 radio 1
  212. qui
  213. ap-id 3
  214. ap-name AREA_3
  215. ap-system-profile AP3_PRO
  216. vap-profile VAP3_PRO wlan 1 radio 0
  217. vap-profile VAP3_PRO wlan 1 radio 1
  218. qui
  219. ap-id 4
  220. ap-name AREA_4
  221. ap-system-profile AP4_PRO
  222. vap-profile VAP4_PRO wlan 1 radio 0
  223. vap-profile VAP4_PRO wlan 1 radio 1
  224. qui
  225. ap-id 5
  226. ap-name AREA_5
  227. ap-system-profile AP5_PRO
  228. vap-profile VAP5_PRO wlan 1 radio 0
  229. vap-profile VAP5_PRO wlan 1 radio 1
  230. qui
  231. ap-id 6
  232. ap-name AREA_6
  233. ap-system-profile AP6_PRO
  234. vap-profile VAP6_PRO wlan 1 radio 0
  235. vap-profile VAP6_PRO wlan 1 radio 1
  236. ----------------------------------
  237. 重启一下AP
复制代码
8、无线AC冗余

  1. 这一部分要不我就先不放在文章中,
  2. 配置的设备只有AC1和AC2,
  3. 配置AC1和AC2实现冗余即可
复制代码
9、防火墙双击热备

  1. 这一部分要不我就先不放在文章中,
  2. 配置的设备只有FW1和FW2,
  3. 配置FW1和FW2的IP地址
  4. 和运行相应的ospf和双机热备
  6. 这一部分在文章中省了,但是如果是
  7. 自己确实是小白没法自己配置出来那
  8. 可能就没有办法了,下载资源的话需要
  9. 收取一些费用,那里的order命令是没有省略的
  10. 一条一条一步一步的命令都是有的,也都是全的。
复制代码

10、安全策略&NAT策略

  1.         FW1:(只需在FW1上配置即可)
  2. security-policy
  3. rule name local_to_any
  4. source-zone local
  5. action permit
  6. rule name in_to_out
  7. source-zone trust
  8. destination-zone untrust
  9. source-address 192.168.0.0 mask 255.255.0.0
  10. action permit
  11. qui
  12. qui
  13. nat-policy
  14. rule name in_to_out
  15. source-zone trust
  16. destination-zone untrust
  17. source-address 192.168.0.0 mask 255.255.0.0
  18. action source-nat easy-ip
  19. qui
  20. qui
复制代码
11、ISIS配置

  1.         YD_R1:
  2. sys
  3. un in en
  4. sysname R1
  5. isis
  6. net 49.0000.0000.0001.00
  7. is-level level-2
  8. cost-style wide
  9. qui
  10. int g0/0/1
  11. ip add 100.1.1.1 24
  12. isis en
  13. int g0/0/2
  14. ip add 200.1.2.1 24
  15. isis en
  16. int g0/0/0
  17. ip add 100.1.13.1 24
  18. isis en
  19. int loo0
  20. ip add 1.1.1.1 32
  21. isis en
  22. qui
  24.         DX_R2:
  25. sys
  26. un in en
  27. sysname R2
  28. isis
  29. net 49.0000.0000.0002.00
  30. is-level level-2
  31. cost-style wide
  32. qui
  33. int g0/0/1
  34. ip add 100.1.11.2 24
  35. isis en
  36. int g0/0/2
  37. ip add 200.1.22.2 24
  38. isis en
  39. int g0/0/0
  40. ip add 200.1.23.2 24
  41. isis en
  42. int loo0
  43. ip add 2.2.2.2 32
  44. isis en
  45. qui
  47.         AR3:
  48. sys
  49. un in en
  50. sysname AR3
  51. isis
  52. net 49.0000.0000.0003.00
  53. is-level level-2
  54. cost-style wide
  55. qui
  56. int g0/0/1
  57. ip add 100.1.13.3 24
  58. isis en
  59. int g0/0/2
  60. ip add 200.1.23.3 24
  61. isis en
  62. int g0/0/0
  63. ip add 111.111.111.3 24
  64. isis en
  65. int loo0
  66. ip add 3.3.3.3 32
  67. isis en
  68. qui
复制代码
12、ACL策略

  1.         HX_SW1:
  2. acl number 3001
  3. rule 5 permit ip source 192.168.21.0 0.0.0.255 destination 192.168.0.0 0.0.255.255
  4. rule 10 deny ip source 192.168.21.0 0.0.0.255
  5. qui
  6. int g0/0/1
  7. traffic-filter outbound acl 3001
  8. qui
  9. --------------------------------------
  10.         HX_SW2:
  11. acl number 3001
  12. rule 5 permit ip source 192.168.21.0 0.0.0.255 destination 192.168.0.0 0.0.255.255
  13. rule 10 deny ip source 192.168.21.0 0.0.0.255
  14. qui
  15. int g0/0/1
  16. traffic-filter outbound acl 3001
  17. qui
复制代码
五、公众/名片所在地


关注公众号(小猿网),回复“网络规划”即可。
资源为收费资源,如不符合您的斲丧观,还请您见谅。

免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

x
回复

使用道具 举报

0 个回复

正序浏览
返回列表

快速回复

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 or 立即注册

本版积分规则

乌市泽哥

金牌会员
这个人很懒什么都没写!

楼主热帖

标签云

挺好的 服务器
微信订阅号
微信服务号
微信客服
小程序
H5
关于我们 商务合作 网站地图
©Copyright 2022-2024 杭州祥升科技有限公司 版权所有 浙ICP备20004199号
快速回复 返回顶部 返回列表