基于eNSP的MPLS VPN的企业/高校网络规划设计
时间:2024-04-01 13:20:49 来源:网络cs 作者:胡椒 栏目:卖家故事 阅读:
阅读本书更多章节>>>>
作者:BSXY_19计科_陈永跃 BSXY_信息学院_公众号于结尾处 注:未经允许禁止转发任何内容
注:资源说明,请看前言及资源下载说明
基于eNSP的MPLS VPN的企业/高校网络规划设计
前言及技术/资源下载说明( **未经允许禁止转发任何内容** )一、设计topo图与设计要求二、相应地址规划表三、基于MPLS VPN与IPsec VPN的双重保障规划设计(综合实验/大作业)(可不看)四、该网络规划全过程(**顺着一步一步走**)1、eth-trunk2、vlan 划分3、MSTP4、VRRP5、测试PC通网关6、OSPF7、DHCP中继8、无线WLAN9、防火墙基本配置10、BFD路由联动11、防火墙安全策略&NAT12、ISP互通13、配置MPLS14、建立BGP关系15、创建VPN实例16、后门链路sham-link17、镜像端口18、防火墙路由引入19、Telnet 五、公众/名片所在地
前言及技术/资源下载说明( 未经允许禁止转发任何内容 )
可根据以下所提供的设计与实现步骤过程一步一步自行实现(每一条命令都是关键的命令);但是如果有需要的也可以根据以下地址进行下载完整的topo图和完整的配置进行参考与借鉴,如若拿到topo图可多display查看配置,查看相应的命令,获取配套资源方式如下,相应的内容如下图所示:
公众号(小猿网),回复“网络规划”即可注:资源为收费资源,如不符合您的消费观,还请您见谅 内容包含:基于MPLS-VPN的企业/高校网络规划设计-毕设或课设可参考+所有的配置命令+详细的地址规划表+相应的测试文档和截图+需求分析由于公众号可能目前没有太大的曝光度,搜索时可能不是置顶的公众号。这时可以多往下滑一下找到该公众号,或者直接到文章结尾处获取公众号二维码即可模拟器中防火墙用户名:admin 密码:admin@123
topo图也就是这样子的,相应的地址规划和路由规划大部分都在图中明确的标注了
该topo网络中用到的技术有vlan划分、eth-trunk链路捆绑、MSTP、VRRP、OSPF、BFD路由联动、DHCP中继、无线WLAN、防火墙安全策略、NAT、BGP、MPLS VPN、端口镜像、sham-link、路由引入、telnet等。
该实验非常适合于想做有关MPLS VPN的企业或高校网络规划设计毕设的小伙伴或想要练习关于MPLS VPN综合实验的小伙伴。如果是对于想写MPLS VPN的企业或高校网络规划设计方面的论文也比较好写(该图的创新点)。
场景适用于毕业设计、校园网络规划、企业网络规划等场合,有什么问题可以在平台私信博主,博主看到都会第一时间回复的,最后说明该topo规划最后的作者权归于:BSXY_信息学院_19计科_陈永跃
一、设计topo图与设计要求
拓扑图1:
设计要求:
完成服务器、防火墙、路由器相应的接口地址的配置接入交换机和汇聚交换机、核心交换机完成相应的链路聚合,提高链路的冗余链路聚合时都有2条链路处于工作状态,如有三条链路则有一条链路处于备份状态为考验一下工作人工在核心交换机在链路聚合时候通过调节接口的优先级,是的23口处于备份状态根据不同的地域划分多个不同的vlan,减小广播域大小,提高网络的可靠性和安全性在核心层和汇聚层之间配置MSTP+VRRP,实现冗余,划分实例,让不同的vlan优先选择相应的交换机,并减少stp震荡访问互联网时,日新楼优先走HX_SW1,慧源楼和德润楼楼优先走HX_SW2主校区内所有用户通过配置相应的DHCP中继能自动获取地址,且DHCP服务器为DHCP server核心层和边缘出口FW1配置相应的OSPF,使的边缘出口一下的内网互通核心层和边缘出口FW1之间配置BFD,检测交换机的上行链路状态FW1配置相应的安全策略,且在FW1上放行trust到dmz/untrust区的流量FW1配置相应的安全策略,使得财务服务器只能办公楼的vlan10网段的用户可以访问FW1配置相应的NAT策略,使得内网、dmz可以访问外网(百度)外网模拟ISP使用使用IS-IS路由让其互通主校区用户可以通过域名(www.baidu.com)访问外网百度我们主校区用户的dns服务器就用我们内部的dns服务器我们的主校区和分校区的通信通过配置相应的MPLS VPN使其互通分校区的实训楼和新实训通信的流量都需要走MPLS实现互通,且流量被主校区进行监管主校区的出口处做相应的端口镜像,方便监控分校区与分校区通信的流量情况配置相应的sham-link作为备份链路,假设MPLS故障,分校区的通信就走备份链路实训楼和新实训楼通信过程中,优先走MPLS VPN,假设故障后才走备份链路在主校区中,所以可网管交换机配置telnet,方便相应管理员的远程操作维护管理无线用户也可以访问公网,也可以和分校区进行互通无线用户配置相应的DNS使得可以通过域名(www.baidu.com)访问外网百度
二、相应地址规划表
地址规划表上传的时候有点模糊,这里没有做图片的一下优化处理,但是Excel里面的是可以编辑的或是可以更改的,像下图就比较清晰
三、基于MPLS VPN与IPsec VPN的双重保障规划设计(综合实验/大作业)(可不看)
插曲部分:基于MPLS VPN与IPsec VPN的双重保障规划设计(综合实验/大作业) 如下图所示(但是并不在该篇文章中做详细介绍和说明,如查看可点击连接自行查看阅读):
完成服务器、防火墙、路由器相应的接口地址的配置慧源楼配置Eth-Trunk链路捆绑来提高链路的冗余根据不同的地域划分多个不同的vlan,减小广播域大小,提高网络的可靠性和安全性在明诚楼配置MSTP+VRRP,同时实现冗余,划分实例,让不同的vlan优先选择相应的交换机,并减少stp震荡明诚楼、慧源楼、德润楼的所有用户通过配置相应的DHCP中继能自动获取地址,且DHCP服务器为DHCPserver配置相应的ospf,多区域区域0中OSPF激活MD5认证,SW1/SW2采用接口方式配置区域0内的设备启用BFD快速检测链路故障分校区用户也需要要自动获取地址,相应服务器为AR4,AR4配置相应的子接口为相应终端分配地址配置端口安全,且接口能够自动学习MAC地址配置端口隔离实现PC6,PC7同VLAN内不能互访分校区/分部的无线用的地址和AP的地址都由SW8来分配FW2作为PPPoE客户端,AR5作为PPPoE服务端,进行相应的拨号上网R1,R2,R3部署ISIS Level-2,区域ID 49.0000部署MPLS VPN,其中R1,R3作为PE设备,R2作为路由放射器FW1,FW2作为CE端与PE端建立eBGP邻居关系运营商AS 100,总部/主校区在65430,分支都在AS65000FW1,FW2之间部署IPSec VPN 实现总部/主校区与分支之间通信其中总部和分支之间通信优先使用MPLS VPN若MPLS VPN故障使用IPSec VPN实现通信若FW1中NQA检测10.1.5.5不可达则停止下发缺省到内网NAT配置总部/主校区用户方位外网用地址池10.1.22.100~10.1.22.110分支用户访问外网采用EASY-IP实现外网用户访问内网WEB服务——用100.100.100.100来做相应的地址映射财务部服务器只能由内网的vlan 10用户访问配置DHCP Snooping防止DHCP欺骗与非法dhcp服务器的接入内部的所有交换机都可以被telnet进行远程管理主校区/总部用户可以通过域名(www.baidu.com)访问外网百度,无线用户也可以ipv6中对于AS100内互联地址采用link-local地址R1,R2,R3的lo0地址2001:10:1:X::X/128激活ISISv6,并保障v4与v6的拓扑分离SW1 SW2新增Lo0接口地址为2001:192:168:X::X/128FW1,SW1,SW2部署OSPFv3区域0,其中互联地址采用Link-local地址分支FW2与AR4部署OSPFv3,互联地址采用link-local地址FW1,FW2利用MPLS VPN网络建立6to4隧道对于6to4隧道基础上部署BGP4+,实现总部与分支的IPv6互通
设计要求:
四、该网络规划全过程(顺着一步一步走)
1、eth-trunk
HX_SW1:sysun in ensysname HX_SW1int eth-trunk 1mode lacp-staticmax active-linknumber 2trunkport g0/0/24trunkport g0/0/23trunkport g0/0/22lacp preempt enablelacp preempt delay 10quiint g0/0/24lacp priority 16384qui------------------------------HX_SW2:sysun in ensysname HX_SW2int eth-trunk 1mode lacp-staticmax active-linknumber 2trunkport g0/0/24trunkport g0/0/23trunkport g0/0/22lacp preempt enablelacp preempt delay 10quiint g0/0/24lacp priority 16384qui------------------------------HJ_SW3:sysun in ensysname HJ_SW3int eth-trunk 2mode lacp-statictrunkport g0/0/3trunkport g0/0/4qui------------------------------HJ_SW5:sysun in ensysname JR_SW5int eth-trunk 2mode lacp-statictrunkport g0/0/3trunkport g0/0/4qui2、vlan 划分
JR_SW5:vlan batch 10 20 900int g0/0/1port link-type accessport default vlan 10int g0/0/2port link-type accessport default vlan 20quiint eth 2port link-type trunkport trunk allow-pass vlan 10 20 900qui------------------------------JR_SW6:sysun in ensysname JR_SW6vlan batch 30 40 900int g0/0/3port link-type accessport default vlan 30int g0/0/4port link-type accessport default vlan 40quiint g0/0/1port link-type trunkport trunk allow-pass vlan 30 40 900qui------------------------------JR_SW7:sysun in ensysname JR_SW7vlan batch 50 900port-group g g0/0/3 g0/0/4port link-type accessport default vlan 50quiint g0/0/1port link-type trunkport trunk allow-pass vlan 50 900qui------------------------------HJ_SW3:vlan batch 10 20 900int eth 2port link-type trunkport trunk allow-pass vlan 10 20 900port-group g g0/0/1 g0/0/2port link-type trunkport trunk allow-pass vlan 10 20 900qui------------------------------HJ_SW4:sysun in ensysname HJ_SW4vlan batch 30 40 50 900port-group g g0/0/1 g0/0/2port link-type trunkport trunk allow-pass vlan 30 40 50 900quiint g0/0/3port link-type trunkport trunk allow-pass vlan 30 40 900int g0/0/4port link-type trunkport trunk allow-pass vlan 50 900qui------------------------------SW5:sysun in ensysname LSW5vlan batch 200 900port-group g g0/0/1 g0/0/2port link-type trunkport trunk allow-pass vlan 200 900quiport-group g e0/0/1 e0/0/2port link-type accessport default vlan 200qui------------------------------HX_SW1:vlan batch 10 11 20 30 40 50 200 900int g0/0/1port link-type accessport default vlan 11int g0/0/2port link-type trunkport trunk allow-pass vlan 200 900int g0/0/3port link-type trunkport trunk allow-pass vlan 10 20 900int g0/0/4port link-type trunkport trunk allow-pass vlan 30 40 50 900int eth-trunk 1port link-type trunkport trunk allow-pass vlan allqui------------------------------HX_SW2:vlan batch 10 12 20 30 40 50 200 900int g0/0/1port link-type accessport default vlan 12int g0/0/2port link-type trunkport trunk allow-pass vlan 200 900int g0/0/3port link-type trunkport trunk allow-pass vlan 10 20 900int g0/0/4port link-type trunkport trunk allow-pass vlan 30 40 50 900int eth-trunk 1port link-type trunkport trunk allow-pass vlan allqui3、MSTP
HX_SW1:stp region-configurationregion-name huaweirevision-level 1instance 1 vlan 10 20 200instance 2 vlan 30 40 50active region-configurationquistp instance 1 root primarystp instance 2 root secondary------------------------------------HX_SW2:stp region-configurationregion-name huaweirevision-level 1instance 1 vlan 10 20 200instance 2 vlan 30 40 50active region-configurationquistp instance 2 root primarystp instance 1 root secondary------------------------------------HJ_SW3:stp region-configurationregion-name huaweirevision-level 1instance 1 vlan 10 20 200instance 2 vlan 30 40 50active region-configurationqui------------------------------------HJ_SW4:stp region-configurationregion-name huaweirevision-level 1instance 1 vlan 10 20 200instance 2 vlan 30 40 50active region-configurationqui------------------------------------LSW5:stp region-configurationregion-name huaweirevision-level 1instance 1 vlan 10 20 200instance 2 vlan 30 40 50active region-configurationqui4、VRRP
HX_SW1:int vlan 10ip add 192.168.10.254 24vrrp vrid 10 virtual-ip 192.168.10.1vrrp vrid 10 priority 105int vlan 20ip add 192.168.20.254 24vrrp vrid 20 virtual-ip 192.168.20.1vrrp vrid 20 priority 105int vlan 200ip add 192.168.200.254 24vrrp vrid 200 virtual-ip 192.168.200.1vrrp vrid 200 priority 105int vlan 30ip add 192.168.30.254 24vrrp vrid 30 virtual-ip 192.168.30.1int vlan 40ip add 192.168.40.254 24vrrp vrid 40 virtual-ip 192.168.40.1int vlan 50ip add 192.168.50.254 24vrrp vrid 50 virtual-ip 192.168.50.1int vlan 11ip add 192.168.11.1 24qui------------------------------------HX_SW2:int vlan 10ip add 192.168.10.253 24vrrp vrid 10 virtual-ip 192.168.10.1int vlan 20ip add 192.168.20.253 24vrrp vrid 20 virtual-ip 192.168.20.1int vlan 200ip add 192.168.200.253 24vrrp vrid 200 virtual-ip 192.168.200.1int vlan 30ip add 192.168.30.253 24vrrp vrid 30 virtual-ip 192.168.30.1vrrp vrid 30 priority 105int vlan 40ip add 192.168.40.253 24vrrp vrid 40 virtual-ip 192.168.40.1vrrp vrid 40 priority 105int vlan 50ip add 192.168.50.253 24vrrp vrid 50 virtual-ip 192.168.50.1vrrp vrid 50 priority 105int vlan 12ip add 192.168.12.2 24qui5、测试PC通网关
手动给PC配置IP地址访问网关,如给vlan10下的PC配置 IP:192.168.10.3 GW:192.168.10.1 测试访问网关,ping 192.168.10.1通了即可手动给PC配置IP地址访问网关,如给vlan30下的PC配置 IP:192.168.30.7 GW:192.168.30.1 测试访问网关,ping 192.168.30.1通了即可6、OSPF
HX_SW1:ospf 1 router-id 10.1.5.5area 0network 192.168.0.0 0.0.255.255quiqui------------------------------------HX_SW2:ospf 1 router-id 10.1.6.6area 0network 192.168.0.0 0.0.255.255quiqui7、DHCP中继
DHCP:sysun in ensysname DHCPint g0/0/0ip add 192.168.200.3 24quidhcp enableip pool vlan10network 192.168.10.0 mask 24gateway-list 192.168.10.1dns-list 192.168.200.2 8.8.8.8excluded-ip-address 192.168.10.250 192.168.10.254quiip pool vlan20network 192.168.20.0 mask 24gateway-list 192.168.20.1dns-list 192.168.200.2 8.8.8.8excluded-ip-address 192.168.20.250 192.168.20.254quiip pool vlan30network 192.168.30.0 mask 24gateway-list 192.168.30.1dns-list 192.168.200.2 8.8.8.8excluded-ip-address 192.168.30.250 192.168.30.254quiip pool vlan40network 192.168.40.0 mask 24gateway-list 192.168.40.1dns-list 192.168.200.2 8.8.8.8excluded-ip-address 192.168.40.250 192.168.40.254quiip pool vlan50network 192.168.50.0 mask 24gateway-list 192.168.50.1dns-list 192.168.200.2 8.8.8.8excluded-ip-address 192.168.50.250 192.168.50.254quiint g0/0/0dhcp select globalquiip route-static 0.0.0.0 0 192.168.200.1------------------------------------------ HX_SW1:dhcp enable int vlan 10dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 20dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 30dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 40dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 50dhcp select relaydhcp relay server-ip 192.168.200.3---------------------------------------- HX_SW2:dhcp enable int vlan 10dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 20dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 30dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 40dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 50dhcp select relaydhcp relay server-ip 192.168.200.38、无线WLAN
HX_SW2:vlan batch 100 101 102int g0/0/6port link-type trunkport trunk allow-pass vlan allint g0/0/3port trunk allow-pass vlan 100 101 102int g0/0/4port trunk allow-pass vlan 100 101 102quiint vlan 100ip add 192.168.100.1 24int vlan 101ip add 192.168.101.1 24int vlan 102ip add 192.168.102.1 24quidhcp enableip pool ap_poolgateway-list 192.168.100.1network 192.168.100.0 mask 24excluded-ip-address 192.168.100.100dns-list 192.168.200.2quiip pool hua_1gateway-list 192.168.101.1network 192.168.101.0 mask 24dns-list 192.168.200.2quiip pool hua_2gateway-list 192.168.102.1network 192.168.102.0 mask 24dns-list 192.168.200.2quiint vlan 100dhcp select global int vlan 101dhcp select globalint vlan 102dhcp select globalquiqui-------------------------------------HJ_SW3:vlan batch 100 101 102int g0/0/2port trunk allow-pass vlan 100 101 102int eth 2port trunk allow-pass vlan 100 101 102qui------------------------------------- JR_SW5:vlan batch 100 101 102int eth 2port trunk allow-pass vlan 100 101 102int g0/0/5port link-type trunkport trunk pvid vlan 100port trunk allow-pass vlan 100 101qui--------------------------------- HJ_SW4:vlan batch 100 101 102int g0/0/2port trunk allow-pass vlan 100 101 102int g0/0/4port trunk allow-pass vlan 100 101 102qui--------------------------------- JR_SW7:vlan batch 100 101 102int g0/0/1port trunk allow-pass vlan 100 101 102int g0/0/5port link-type trunkport trunk pvid vlan 100 port trunk allow-pass vlan 100 102qui--------------------------------- AC:sysun in ensysname AC1vlan 100int vlan 100ip add 192.168.100.100 24quiint g0/0/1port link-type trunkport trunk allow-pass vlan allquiip route-static 0.0.0.0 0.0.0.0 192.168.100.253capwap source interface vlanif100wlanssid-profile name SSID_PROssid huaweiquisecurity-profile name SEC_PROsecurity wpa2 psk pass-phrase huawei@123 aesquivap-profile name VAP1_PROssid-profile SSID_PROsecurity-profile SEC_PROservice-vlan vlan-id 101quivap-profile name VAP2_PROssid-profile SSID_PROsecurity-profile SEC_PROservice-vlan vlan-id 102quiap-id 1 ap-mac 00E0-FCDC-6AC0ap-id 2 ap-mac 00E0-FC2F-7240quiap-id 1ap-name AREA_1vap-profile VAP1_PRO wlan 1 radio 0vap-profile VAP1_PRO wlan 1 radio 1quiap-id 2ap-name AREA_2vap-profile VAP2_PRO wlan 1 radio 0vap-profile VAP2_PRO wlan 1 radio 1qui9、防火墙基本配置
adminAdmin@123YAdmin@123admin@123admin@123sysuser-int con 0id 0 0qui //取消防火墙的屏保FW1:sysun in ensysname FW1int g1/0/1ip add 192.168.11.12 24service-manage all permitint g1/0/2ip add 192.168.12.12 24service-manage all permitint g1/0/0ip add 192.168.111.12 24service-manage all permitint g1/0/3service-manage all permitquifirewall zone trustadd int g1/0/1add int g1/0/2add int g1/0/5quifirewall zone dmzadd int g1/0/0quifirewall zone untrustadd int g1/0/3add int g1/0/4add int g1/0/6quiospf 1 router-id 10.1.4.4default-route-advertisearea 0net 192.168.11.0 0.0.0.255net 192.168.12.0 0.0.0.255quiquiip route-static 0.0.0.0 0.0.0.0 10.1.1.4icmp ttl-exceeded send10、BFD路由联动
HX_SW1:bfdquibfd test1 bind peer-ip 192.168.11.12 source-ip 192.168.11.1 autocommitquidis bfd session allint vlan 10vrrp vrid 10 track bfd-session session-name test1vrrp vrid 10 track int g0/0/1int vlan 20vrrp vrid 20 track bfd-session session-name test1vrrp vrid 20 track int g0/0/1int vlan 200vrrp vrid 200 track bfd-session session-name test1vrrp vrid 200 track int g0/0/1qui----------------------------------FW1:bfdquibfd test1 bind peer-ip 192.168.11.1 source-ip 192.168.11.12 autocommitquibfd test2 bind peer-ip 192.168.12.2 source-ip 192.168.12.12 autocommitqui----------------------------------HX_SW2:bfdquibfd test2 bind peer-ip 192.168.12.12 source-ip 192.168.12.2 autocommitquiint vlan 30vrrp vrid 30 track bfd-session session-name test2vrrp vrid 30 track int g0/0/1int vlan 40vrrp vrid 40 track bfd-session session-name test2vrrp vrid 40 track int g0/0/1int vlan 50vrrp vrid 50 track bfd-session session-name test2vrrp vrid 50 track int g0/0/1qui11、防火墙安全策略&NAT
FW1:security-policy rule name local_to_any source-zone local action permit rule name trust_to_untrust source-zone trust destination-zone untrust action permit rule name dmz_to_untrust source-zone dmz destination-zone untrust action permit rule name untrst_to_trust source-zone untrust destination-zone trust action permit rule name trust_to_dmz source-zone trust destination-zone dmz source-address 192.168.10.0 mask 255.255.255.0 destination-address 192.168.111.10 mask 255.255.255.255 action permit rule name trust_to_dmz_no source-zone trust destination-zone dmz source-address 192.168.0.0 mask 255.255.0.0 destination-address 192.168.111.10 mask 255.255.255.255 action deny rule name trust_to_dmz_yes source-zone trust destination-zone dmz action permit qui qui nat-policy rule name nat_easy source-zone trust destination-zone untrust source-address 192.168.0.0 mask 255.255.0.0 action source-nat easy-ip qui qui12、ISP互通
AR4:sysun in ensysname AR4int g0/0/2ip add 10.1.45.4 24in g4/0/0ip add 10.1.46.4 24int g4/0/3ip add 10.1.1.4 24int loo0ip add 4.4.4.4 32quiisis 1is-level level-1net 49.0001.0000.0000.0004.00cost-style widequiint g0/0/2isis enable 1int g4/0/0isis enable 1int loo0isis enable 1qui----------------------------------AR5:sysun in ensysname AR5int g0/0/0ip add 10.1.45.5 24int loo0ip add 5.5.5.5 32quiisis 1is-level level-1net 49.0001.0000.0000.0005.00cost-style widequiint g0/0/0isis enable 1int loo0isis enable 1qui----------------------------------AR6:sysun in ensysname AR6int g0/0/0ip add 10.1.46.6 24int loo0ip add 6.6.6.6 32quiisis 1is-level level-1net 49.0001.0000.0000.0006.00cost-style widequiint g0/0/0isis enable 1int loo0isis enable 1qui13、配置MPLS
AR5:mpls lsr-id 5.5.5.5mplsmpls ldpquiint g0/0/0mplsmpls ldpqui----------------------------------AR4:mpls lsr-id 4.4.4.4mplsmpls ldpquiint g0/0/2mplsmpls ldpint g4/0/0mplsmpls ldpqui----------------------------------AR6:mpls lsr-id 6.6.6.6mplsmpls ldpquiint g0/0/0mplsmpls ldpqui14、建立BGP关系
AR5:bgp 100peer 4.4.4.4 as 100peer 4.4.4.4 con loo0ipv4 vpnv4peer 4.4.4.4 enquiqui----------------------------------AR6:bgp 100peer 4.4.4.4 as 100peer 4.4.4.4 con loo0ipv4 vpnv4peer 4.4.4.4 enquiqui----------------------------------AR4:bgp 100peer 5.5.5.5 as 100peer 5.5.5.5 con loo0peer 6.6.6.6 as 100peer 6.6.6.6 con loo0ipv4 vpnv4peer 5.5.5.5 enpeer 6.6.6.6 enquiqui15、创建VPN实例
这一部分要不我就先不放在文章中,配置的设备主要是CE边界设备与ISP之间配置相应的VPN实例配置相应的实例运行OSPF,最后做路由引入这一部分在文章中省了,但是如果是自己确实是小白没法自己配置出来那可能就没有办法了,下载资源的话需要收取一些费用,那里的order命令是没有省略的一条一条一步一步的命令都是有的,也都是全的。http://www.small.org.cn/ (资源010)
16、后门链路sham-link
这一部分也和上面一样也省了吧17、镜像端口
FW1:int g1/0/5ip add 192.168.13.12 24quiobserving-port g1/0/5port-mirroring g1/0/3 both g1/0/5yport-mirroring g1/0/4 both g1/0/5yqui验证:pc6 ping pc7在视频监控设备的端口能收到数据报(抓包)18、防火墙路由引入
FW1:bgp 65430import-route ospf 1quiospf 1import-route bgpqui19、Telnet
HX_SW1:aaalocal-user huawei privilege level 3 password cipher 5555local-user huawei service-type telnet quiuser-interface vty 0 4authentication-mode aaaprotocol inbound telnet quiint vlanif 900ip add 192.168.255.254 24vrrp vrid 255 virtual-ip 192.168.255.1 q------------------------------ HX_SW2:aaalocal-user huawei privilege level 3 password cipher 5555local-user huawei service-type telnetquiuser-interface vty 0 4authentication-mode aaaprotocol inbound telnetquiint vlanif 900ip add 192.168.255.253 24vrrp vrid 255 virtual-ip 192.168.255.1q------------------------------ HJ_SW3:aaalocal-user huawei privilege level 3 password cipher 5555local-user huawei service-type telnetquiuser-interface vty 0 4authentication-mode aaaprotocol inbound telnetquiint vlanif 900ip add 192.168.255.3 24quiip route-s 0.0.0.0 0 192.168.255.1------------------------------ HJ_SW4:aaalocal-user huawei privilege level 3 password cipher 5555local-user huawei service-type telnetquiuser-interface vty 0 4authentication-mode aaaprotocol inbound telnetquiint vlanif 900ip add 192.168.255.4 24quiip route-s 0.0.0.0 0 192.168.255.1------------------------------ JR_SW5:aaalocal-user huawei privilege level 3 password cipher 5555local-user huawei service-type telnetquiuser-interface vty 0 4authentication-mode aaaprotocol inbound telnetquiint vlanif 900ip add 192.168.255.5 24quiip route-s 0.0.0.0 0 192.168.255.1------------------------------ HJ_SW6:aaalocal-user huawei privilege level 3 password cipher 5555local-user huawei service-type telnetquiuser-interface vty 0 4authentication-mode aaaprotocol inbound telnetquiint vlanif 900ip add 192.168.255.6 24quiip route-s 0.0.0.0 0 192.168.255.1------------------------------ HJ_SW7:aaalocal-user huawei privilege level 3 password cipher 5555local-user huawei service-type telnetquiuser-interface vty 0 4authentication-mode aaaprotocol inbound telnetquiint vlanif 900ip add 192.168.255.7 24quiip route-s 0.0.0.0 0 192.168.255.1------------------------------ LSW5:aaalocal-user huawei privilege level 3 password cipher 5555local-user huawei service-type telnetquiuser-interface vty 0 4authentication-mode aaaprotocol inbound telnetquiint vlanif 900ip add 192.168.255.55 24quiip route-s 0.0.0.0 0 192.168.255.1//测试://由于模拟器上不可以telnet所以就换成了路由器 PC路由器配置:自动获取IP地址[Huawei]sysname PC[PC]un in en[PC]dhcp enable[PC]int e0/0/0[PC-Ethernet0/0/0]ip add dhcp-alloc 之后就可以telnet了<PC>telnet 192.168.255.254五、公众/名片所在地
关注公众号(小猿网),回复“网络规划”即可。
资源为收费资源,如不符合您的消费观,还请您见谅
本文链接:https://www.kjpai.cn/gushi/2024-04-01/152029.html,文章来源:网络cs,作者:胡椒,版权归作者所有,如需转载请注明来源和作者,否则将追究法律责任!
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
上一篇:【网络安全】网络防护之旅 - 点燃网络安全战场的数字签名烟火
下一篇:返回列表